[runtime] Ensure JSMessageObject has source positions

Under certain conditions GC could flush bytecode array from
SharedFunctionInfos. This CL ensures that the bytecode array is always
available for reconstructing source positions.

Bug: chromium:1265570
Change-Id: I2ce7eb04201f69121687ab0aaa2af42adb2caae0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275569
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77877}

src/codegen/compiler.cc

@@ -1811,7 +1811,8 @@ bool Compiler::CollectSourcePositions(Isolate* isolate,
 // static
 bool Compiler::Compile(Isolate* isolate, Handle<SharedFunctionInfo> shared_info,
                        ClearExceptionFlag flag,
-                       IsCompiledScope* is_compiled_scope) {
+                       IsCompiledScope* is_compiled_scope,
+                       CreateSourcePositions create_source_positions_flag) {
   // We should never reach here if the function is already compiled.
   DCHECK(!shared_info->is_compiled());
   DCHECK(!is_compiled_scope->is_compiled());
@@ -1832,6 +1833,9 @@ bool Compiler::Compile(Isolate* isolate, Handle<SharedFunctionInfo> shared_info,
   // Set up parse info.
   UnoptimizedCompileFlags flags =
       UnoptimizedCompileFlags::ForFunctionCompile(isolate, *shared_info);
+  if (create_source_positions_flag == CreateSourcePositions::kYes) {
+    flags.set_collect_source_positions(true);
+  }
 
   UnoptimizedCompileState compile_state(isolate);
   ParseInfo parse_info(isolate, flags, &compile_state);

src/codegen/compiler.h

@@ -70,7 +70,9 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
 
   static bool Compile(Isolate* isolate, Handle<SharedFunctionInfo> shared,
                       ClearExceptionFlag flag,
-                      IsCompiledScope* is_compiled_scope);
+                      IsCompiledScope* is_compiled_scope,
+                      CreateSourcePositions create_source_positions_flag =
+                          CreateSourcePositions::kNo);
   static bool Compile(Isolate* isolate, Handle<JSFunction> function,
                       ClearExceptionFlag flag,
                       IsCompiledScope* is_compiled_scope);

src/debug/debug.cc

@@ -1810,7 +1810,7 @@ bool Debug::EnsureBreakInfo(Handle<SharedFunctionInfo> shared) {
   IsCompiledScope is_compiled_scope = shared->is_compiled_scope(isolate_);
   if (!is_compiled_scope.is_compiled() &&
       !Compiler::Compile(isolate_, shared, Compiler::CLEAR_EXCEPTION,
-                         &is_compiled_scope)) {
+                         &is_compiled_scope, CreateSourcePositions::kYes)) {
     return false;
   }
   CreateBreakInfo(shared);

src/objects/js-objects.cc

@@ -5443,6 +5443,9 @@ void JSMessageObject::EnsureSourcePositionsAvailable(
     DCHECK_GE(message->bytecode_offset().value(), kFunctionEntryBytecodeOffset);
     Handle<SharedFunctionInfo> shared_info(
         SharedFunctionInfo::cast(message->shared_info()), isolate);
+    IsCompiledScope is_compiled_scope;
+    SharedFunctionInfo::EnsureBytecodeArrayAvailable(
+        isolate, shared_info, &is_compiled_scope, CreateSourcePositions::kYes);
     SharedFunctionInfo::EnsureSourcePositionsAvailable(isolate, shared_info);
     DCHECK(shared_info->HasBytecodeArray());
     int position = shared_info->abstract_code(isolate).SourcePosition(

src/objects/shared-function-info.cc

@@ -700,6 +700,19 @@ void SharedFunctionInfo::SetPosition(int start_position, int end_position) {
   }
 }
 
+// static
+void SharedFunctionInfo::EnsureBytecodeArrayAvailable(
+    Isolate* isolate, Handle<SharedFunctionInfo> shared_info,
+    IsCompiledScope* is_compiled_scope, CreateSourcePositions flag) {
+  if (!shared_info->HasBytecodeArray()) {
+    if (!Compiler::Compile(isolate, shared_info, Compiler::CLEAR_EXCEPTION,
+                           is_compiled_scope, flag)) {
+      FATAL("Failed to compile shared info that was already compiled before");
+    }
+    DCHECK(shared_info->GetBytecodeArray(isolate).HasSourcePositionTable());
+  }
+}
+
 // static
 void SharedFunctionInfo::EnsureSourcePositionsAvailable(
     Isolate* isolate, Handle<SharedFunctionInfo> shared_info) {

src/objects/shared-function-info.h

@@ -49,6 +49,10 @@ using FunctionSig = Signature<ValueType>;
 
 #include "torque-generated/src/objects/shared-function-info-tq.inc"
 
+// Defines whether the source positions should be created during function
+// compilation.
+enum class CreateSourcePositions { kNo, kYes };
+
 // Data collected by the pre-parser storing information about scopes and inner
 // functions.
 //
@@ -572,6 +576,11 @@ class SharedFunctionInfo
   void SetFunctionTokenPosition(int function_token_position,
                                 int start_position);
 
+  static void EnsureBytecodeArrayAvailable(
+      Isolate* isolate, Handle<SharedFunctionInfo> shared_info,
+      IsCompiledScope* is_compiled,
+      CreateSourcePositions flag = CreateSourcePositions::kNo);
+
   inline bool CanCollectSourcePosition(Isolate* isolate);
   static void EnsureSourcePositionsAvailable(
       Isolate* isolate, Handle<SharedFunctionInfo> shared_info);

test/message/regress/fail/regress-crbug-1265570.js

@@ -0,0 +1,14 @@
+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-gc --stress-flush-code
+
+let err = {};
+(function boom() {
+  Error.captureStackTrace(err);
+})();
+Promise.reject(err);
+
+let stack = err.stack;
+gc();

test/message/regress/fail/regress-crbug-1265570.out

@@ -0,0 +1,12 @@
+# Copyright 2021 the V8 project authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+*%(basename)s:9: [object Object]
+  Error.captureStackTrace(err);
+        ^
+Error
+    at boom (*%(basename)s:9:9)
+    at *%(basename)s:10:3
+
+1 pending unhandled Promise rejection(s) detected.