[snapshot] Fix clearing compiled code from JSFunction pt. 2

Optimized code that is marked for deoptimization is not considered 'attached' or 'available', but we still want to discard it prior to serialization. Change JSFunction::CanDiscardCompiled to explicitly check for this case. Bug: v8:10881, v8:10869 Change-Id: Id573c21e331afdae28be4ab434d522249d1ac9be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409275 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69868}
2020-09-14 09:06:16 +02:00 · 2020-09-14 09:06:16 +02:00 · 9dc89efa50
commit 9dc89efa50
parent c9224589cf
1 changed files with 4 additions and 0 deletions
--- a/src/objects/js-function.cc
+++ b/src/objects/js-function.cc
@ -157,8 +157,12 @@ bool JSFunction::CanDiscardCompiled() const {
  // from JS code? We can currently tell only indirectly, by looking at
  // available code kinds. If any JS code kind exists, we can discard.
  //
+  // Attached optimized code that is marked for deoptimization will not show up
+  // in the list of available code kinds, thus we must check for it manually.
+  //
  // Note that when the function has not yet been compiled we also return
  // false; that's fine, since nothing must be discarded in that case.
+  if (code().kind() == CodeKind::OPTIMIZED_FUNCTION) return true;
  CodeKinds result = GetAvailableCodeKinds();
  return (result & kJSFunctionCodeKindsMask) != 0;
 }