[TypeFeedbackVector] Root literal arrays in function literals slots

src/debug/liveedit.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/debug/liveedit.h"
 
 #include "src/ast/scopes.h"
 #include "src/code-stubs.h"
 #include "src/compilation-cache.h"
 #include "src/compiler.h"
@@ skipping 805 matching lines @@
 
 // Patch function literals.
 // Name 'literals' is a misnomer. Rather it's a cache for complex object
 // boilerplates and for a native context. We must clean cached values.
 // Additionally we may need to allocate a new array if number of literals
 // changed.
 class LiteralFixer {
  public:
   static void PatchLiterals(FunctionInfoWrapper* compile_info_wrapper,
                             Handle<SharedFunctionInfo> shared_info,
-                            bool feedback_metadata_changed, Isolate* isolate) {
+                            Isolate* isolate) {
     int new_literal_count = compile_info_wrapper->GetLiteralCount();
-    int old_literal_count = shared_info->num_literals();
 
-    if (old_literal_count == new_literal_count && !feedback_metadata_changed) {
-      // If literal count didn't change, simply go over all functions
-      // and clear literal arrays.
-      ClearValuesVisitor visitor;
-      IterateJSFunctions(shared_info, &visitor);
-    } else {
-      // When literal count changes, we have to create new array instances.
-      // Since we cannot create instances when iterating heap, we should first
-      // collect all functions and fix their literal arrays.
-      Handle<FixedArray> function_instances =
-          CollectJSFunctions(shared_info, isolate);
-      Handle<TypeFeedbackMetadata> feedback_metadata(
-          shared_info->feedback_metadata());
+    // Recreate the literal array and type feedback vector.
+    // Since the feedback vector roots literal arrays for nested functions,
+    // we can't simply leave it in place because those nested literal
+    // array and feedback vectors may have changed structure.
+    Handle<FixedArray> function_instances =
+        CollectJSFunctions(shared_info, isolate);
+    Handle<TypeFeedbackMetadata> feedback_metadata(
+        shared_info->feedback_metadata());
 
-      for (int i = 0; i < function_instances->length(); i++) {
-        Handle<JSFunction> fun(JSFunction::cast(function_instances->get(i)));
-        Handle<TypeFeedbackVector> vector =
-            TypeFeedbackVector::New(isolate, feedback_metadata);
-        Handle<LiteralsArray> new_literals =
-            LiteralsArray::New(isolate, vector, new_literal_count);
-        fun->set_literals(*new_literals);
-      }
+    for (int i = 0; i < function_instances->length(); i++) {
+      Handle<JSFunction> fun(JSFunction::cast(function_instances->get(i)));
+      Handle<TypeFeedbackVector> vector =
+          TypeFeedbackVector::New(isolate, feedback_metadata);
+      Handle<LiteralsArray> new_literals =
+          LiteralsArray::New(isolate, vector, new_literal_count);
+      Handle<LiteralsArray> old_literals(fun->literals(), isolate);
+      fun->set_literals(*new_literals);
 
-      shared_info->set_num_literals(new_literal_count);
+      // The literals are rooted in a containing feedback vector.
+      // Replace them there, so new closures have the correct literals.
+      ReplaceRoots(old_literals, new_literals);
     }
+
+    shared_info->set_num_literals(new_literal_count);
   }
 
  private:
   // Iterates all function instances in the HEAP that refers to the
   // provided shared_info.
   template<typename Visitor>
   static void IterateJSFunctions(Handle<SharedFunctionInfo> shared_info,
                                  Visitor* visitor) {
     HeapIterator iterator(shared_info->GetHeap());
     for (HeapObject* obj = iterator.next(); obj != NULL;
         obj = iterator.next()) {
       if (obj->IsJSFunction()) {
         JSFunction* function = JSFunction::cast(obj);
         if (function->shared() == *shared_info) {
           visitor->visit(function);
         }
       }
     }
   }
 
+  template <typename Visitor>
+  static void IterateAllJSFunctions(Heap* heap, Visitor* visitor) {
+    HeapIterator iterator(heap);
+    for (HeapObject* obj = iterator.next(); obj != NULL;
+         obj = iterator.next()) {
+      if (obj->IsJSFunction()) {
+        JSFunction* function = JSFunction::cast(obj);
+        visitor->visit(function);
+      }
+    }
+  }
+
+  class ReplaceRootsVisitor {
+   public:
+    ReplaceRootsVisitor(Handle<LiteralsArray> old_literals,
+                        Handle<LiteralsArray> new_literals)
+        : old_literals_(old_literals), new_literals_(new_literals) {}
+
+    void visit(JSFunction* fun) {
+      if (!fun->shared()->is_compiled()) return;
+
+      // Look in the type feedback vector for a copy of literals.
+      TypeFeedbackVector* vector = fun->feedback_vector();
+      // Note: it's important to get the feedback metadata from the
+      // type feedback vector, because there may be a new metadata
+      // object in the SharedFunctionInfo (with a different slot
+      // configuration).
+      TypeFeedbackMetadataIterator iter(vector->metadata());
+      while (iter.HasNext()) {
+        FeedbackVectorSlot slot = iter.Next();
+        FeedbackVectorSlotKind kind = iter.kind();
+        if (kind == FeedbackVectorSlotKind::CREATE_CLOSURE) {
+          Object* obj = vector->Get(slot);
+          if (obj == *old_literals_) {
+            vector->Set(slot, *new_literals_);
+          }
+        }
+      }
+    }
+
+    Handle<LiteralsArray> old_literals_;
+    Handle<LiteralsArray> new_literals_;
+  };
+
+  static void ReplaceRoots(Handle<LiteralsArray> old_literals,
+                           Handle<LiteralsArray> new_literals) {
+    ReplaceRootsVisitor replace_visitor(old_literals, new_literals);
+    IterateAllJSFunctions(old_literals->GetHeap(), &replace_visitor);
+  }
+
   // Finds all instances of JSFunction that refers to the provided shared_info
   // and returns array with them.
   static Handle<FixedArray> CollectJSFunctions(
       Handle<SharedFunctionInfo> shared_info, Isolate* isolate) {
     CountVisitor count_visitor;
     count_visitor.count = 0;
     IterateJSFunctions(shared_info, &count_visitor);
     int size = count_visitor.count;
 
     Handle<FixedArray> result = isolate->factory()->NewFixedArray(size);
@@ skipping 80 matching lines @@
     Handle<JSArray> new_compile_info_array,
     Handle<JSArray> shared_info_array) {
   Isolate* isolate = new_compile_info_array->GetIsolate();
 
   FunctionInfoWrapper compile_info_wrapper(new_compile_info_array);
   SharedInfoWrapper shared_info_wrapper(shared_info_array);
 
   Handle<SharedFunctionInfo> shared_info = shared_info_wrapper.GetInfo();
   Handle<SharedFunctionInfo> new_shared_info =
       compile_info_wrapper.GetSharedFunctionInfo();
-  bool feedback_metadata_changed = false;
 
   if (shared_info->is_compiled()) {
     // Take whatever code we can get from the new shared function info. We
     // expect activations of neither the old bytecode nor old FCG code, since
     // the lowest activation is going to be restarted.
     Handle<Code> old_code(shared_info->code());
     Handle<Code> new_code(new_shared_info->code());
     // Clear old bytecode. This will trigger self-healing if we do not install
     // new bytecode.
     shared_info->ClearBytecodeArray();
@@ skipping 26 matching lines @@
       // Existing break points will be re-applied. Reset the debug info here.
       isolate->debug()->RemoveDebugInfoAndClearFromShared(
           handle(shared_info->GetDebugInfo()));
     }
     shared_info->set_scope_info(new_shared_info->scope_info());
     shared_info->set_outer_scope_info(new_shared_info->outer_scope_info());
     shared_info->DisableOptimization(kLiveEdit);
     // Update the type feedback vector, if needed.
     Handle<TypeFeedbackMetadata> new_feedback_metadata(
         new_shared_info->feedback_metadata());
-    feedback_metadata_changed =
-        new_feedback_metadata->DiffersFrom(shared_info->feedback_metadata());
     shared_info->set_feedback_metadata(*new_feedback_metadata);
   }
 
   int start_position = compile_info_wrapper.GetStartPosition();
   int end_position = compile_info_wrapper.GetEndPosition();
   shared_info->set_start_position(start_position);
   shared_info->set_end_position(end_position);
 
-  LiteralFixer::PatchLiterals(&compile_info_wrapper, shared_info,
-                              feedback_metadata_changed, isolate);
+  LiteralFixer::PatchLiterals(&compile_info_wrapper, shared_info, isolate);
 
   DeoptimizeDependentFunctions(*shared_info);
   isolate->compilation_cache()->Remove(shared_info);
 }
 
 void LiveEdit::FunctionSourceUpdated(Handle<JSArray> shared_info_array,
                                      int new_function_literal_id) {
   SharedInfoWrapper shared_info_wrapper(shared_info_array);
   Handle<SharedFunctionInfo> shared_info = shared_info_wrapper.GetInfo();
 
@@ skipping 891 matching lines @@
     scope_info_length++;
 
     current_scope = current_scope->outer_scope();
   }
 
   return scope_info_list;
 }
 
 }  // namespace internal
 }  // namespace v8