[Complier] Only optimize a function marked for tier-up if it is compiled.

When mark-shared-funtion-for-tier-up is enabled, a function could be marked for
optimization, then the baseline (FCG) code is flushed by the GC. The next time
the function is executed, we shouldn't optimize the code if there isn't
baseline code.

BUG=chromium:673242

Review-Url: https://codereview.chromium.org/2575333003
Cr-Commit-Position: refs/heads/master@{#41751}
This commit is contained in:
rmcilroy 2016-12-16 02:44:50 -08:00 committed by Commit bot
parent d4a7c4bf66
commit cb9d0fe7f4
2 changed files with 33 additions and 1 deletions

View File

@ -897,7 +897,8 @@ MaybeHandle<Code> GetLazyCode(Handle<JSFunction> function) {
return cached_code;
}
if (function->shared()->marked_for_tier_up()) {
if (function->shared()->is_compiled() &&
function->shared()->marked_for_tier_up()) {
DCHECK(FLAG_mark_shared_functions_for_tier_up);
function->shared()->set_marked_for_tier_up(false);

View File

@ -0,0 +1,31 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --mark-shared-functions-for-tier-up --allow-natives-syntax --expose-gc
function foo() {
function bar() {
}
return bar;
}
// Mark bar's shared function info for tier-up
// (but don't optimize).
var bar = foo();
%OptimizeFunctionOnNextCall(bar);
// Avoid flushing foo (and thereby making bar's shared function info
// dead) by marking it to be optimized.
%OptimizeFunctionOnNextCall(foo);
// Throw away the JSFunction we have for bar and GC until its code has
// been flushed.
bar = null;
for (var i = 0; i < 6; i++) {
gc();
}
// Now create a new JSFunction from bar's shared function info and call it,
// we should not optimize without recompiling the baseline code.
foo()();