deps: V8: backport 22014de00115

Original commit message:

    Reland "[snapshot] rehash JSMap and JSSet during deserialization"

    This is a reland of 8374feed55a5b3010f2e9593560a2d84f9f6725f.

    Fixed rehashing of global proxy keys by creating its identity hash
    early, before the deserialization of the context snapshot.

    Original change's description:
    > [snapshot] rehash JSMap and JSSet during deserialization
    >
    > To rehash JSMap and JSSet, we simply replace the backing store
    > with a new one created with the new hash.
    >
    > Bug: v8:9187
    > Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
    > Commit-Queue: Joyee Cheung <joyee@igalia.com>
    > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#67663}

    Bug: v8:9187, v8:10523
    Change-Id: I7a0319b1d10ff07644de902fec43e7c2b1dd8da9
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2212085
    Reviewed-by: Leszek Swirski <leszeks@chromium.org>
    Reviewed-by: Camillo Bruni <cbruni@chromium.org>
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Commit-Queue: Joyee Cheung <joyee@igalia.com>
    Cr-Commit-Position: refs/heads/master@{#67999}

Refs: v8/v8@22014de

Backport-PR-URL: #34356
PR-URL: #33300
Refs: v8/v8@ea0719b
Refs: v8/v8@bb9f0c2
Refs: #17058
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>

common.gypi

@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.9',
+    'v8_embedder_string': '-node.10',
 
     ##### V8 defaults for Node.js #####
 

deps/v8/src/heap/factory.cc

@@ -2772,8 +2772,12 @@ Handle<JSGlobalProxy> Factory::NewUninitializedJSGlobalProxy(int size) {
   map->set_is_access_check_needed(true);
   map->set_may_have_interesting_symbols(true);
   LOG(isolate(), MapDetails(*map));
-  return Handle<JSGlobalProxy>::cast(
+  Handle<JSGlobalProxy> proxy = Handle<JSGlobalProxy>::cast(
       NewJSObjectFromMap(map, AllocationType::kYoung));
+  // Create identity hash early in case there is any JS collection containing
+  // a global proxy key and needs to be rehashed after deserialization.
+  proxy->GetOrCreateIdentityHash(isolate());
+  return proxy;
 }
 
 void Factory::ReinitializeJSGlobalProxy(Handle<JSGlobalProxy> object,

deps/v8/src/objects/heap-object.h

@@ -191,7 +191,7 @@ class HeapObject : public Object {
   bool CanBeRehashed() const;
 
   // Rehash the object based on the layout inferred from its map.
-  void RehashBasedOnMap(ReadOnlyRoots root);
+  void RehashBasedOnMap(Isolate* isolate);
 
   // Layout description.
 #define HEAP_OBJECT_FIELDS(V) \

deps/v8/src/objects/js-collection.h

@@ -30,6 +30,7 @@ class JSSet : public TorqueGeneratedJSSet<JSSet, JSCollection> {
  public:
   static void Initialize(Handle<JSSet> set, Isolate* isolate);
   static void Clear(Isolate* isolate, Handle<JSSet> set);
+  void Rehash(Isolate* isolate);
 
   // Dispatched behavior.
   DECL_PRINTER(JSSet)
@@ -56,6 +57,7 @@ class JSMap : public TorqueGeneratedJSMap<JSMap, JSCollection> {
  public:
   static void Initialize(Handle<JSMap> map, Isolate* isolate);
   static void Clear(Isolate* isolate, Handle<JSMap> map);
+  void Rehash(Isolate* isolate);
 
   // Dispatched behavior.
   DECL_PRINTER(JSMap)

deps/v8/src/objects/objects.cc

@@ -2306,9 +2306,8 @@ bool HeapObject::NeedsRehashing() const {
     case TRANSITION_ARRAY_TYPE:
       return TransitionArray::cast(*this).number_of_entries() > 1;
     case ORDERED_HASH_MAP_TYPE:
-      return OrderedHashMap::cast(*this).NumberOfElements() > 0;
     case ORDERED_HASH_SET_TYPE:
-      return OrderedHashSet::cast(*this).NumberOfElements() > 0;
+      return false;  // We'll rehash from the JSMap or JSSet referencing them.
     case NAME_DICTIONARY_TYPE:
     case GLOBAL_DICTIONARY_TYPE:
     case NUMBER_DICTIONARY_TYPE:
@@ -2318,6 +2317,8 @@ bool HeapObject::NeedsRehashing() const {
     case SMALL_ORDERED_HASH_MAP_TYPE:
     case SMALL_ORDERED_HASH_SET_TYPE:
     case SMALL_ORDERED_NAME_DICTIONARY_TYPE:
+    case JS_MAP_TYPE:
+    case JS_SET_TYPE:
       return true;
     default:
       return false;
@@ -2327,10 +2328,13 @@ bool HeapObject::NeedsRehashing() const {
 bool HeapObject::CanBeRehashed() const {
   DCHECK(NeedsRehashing());
   switch (map().instance_type()) {
+    case JS_MAP_TYPE:
+    case JS_SET_TYPE:
+      return true;
     case ORDERED_HASH_MAP_TYPE:
     case ORDERED_HASH_SET_TYPE:
+      UNREACHABLE();  // We'll rehash from the JSMap or JSSet referencing them.
     case ORDERED_NAME_DICTIONARY_TYPE:
-      // TODO(yangguo): actually support rehashing OrderedHash{Map,Set}.
       return false;
     case NAME_DICTIONARY_TYPE:
     case GLOBAL_DICTIONARY_TYPE:
@@ -2354,7 +2358,8 @@ bool HeapObject::CanBeRehashed() const {
   return false;
 }
 
-void HeapObject::RehashBasedOnMap(ReadOnlyRoots roots) {
+void HeapObject::RehashBasedOnMap(Isolate* isolate) {
+  ReadOnlyRoots roots = ReadOnlyRoots(isolate);
   switch (map().instance_type()) {
     case HASH_TABLE_TYPE:
       UNREACHABLE();
@@ -2386,6 +2391,17 @@ void HeapObject::RehashBasedOnMap(ReadOnlyRoots roots) {
     case SMALL_ORDERED_HASH_SET_TYPE:
       DCHECK_EQ(0, SmallOrderedHashSet::cast(*this).NumberOfElements());
       break;
+    case ORDERED_HASH_MAP_TYPE:
+    case ORDERED_HASH_SET_TYPE:
+      UNREACHABLE();  // We'll rehash from the JSMap or JSSet referencing them.
+    case JS_MAP_TYPE: {
+      JSMap::cast(*this).Rehash(isolate);
+      break;
+    }
+    case JS_SET_TYPE: {
+      JSSet::cast(*this).Rehash(isolate);
+      break;
+    }
     case SMALL_ORDERED_NAME_DICTIONARY_TYPE:
       DCHECK_EQ(0, SmallOrderedNameDictionary::cast(*this).NumberOfElements());
       break;
@@ -7852,6 +7868,13 @@ void JSSet::Clear(Isolate* isolate, Handle<JSSet> set) {
   set->set_table(*table);
 }
 
+void JSSet::Rehash(Isolate* isolate) {
+  Handle<OrderedHashSet> table_handle(OrderedHashSet::cast(table()), isolate);
+  Handle<OrderedHashSet> new_table =
+      OrderedHashSet::Rehash(isolate, table_handle).ToHandleChecked();
+  set_table(*new_table);
+}
+
 void JSMap::Initialize(Handle<JSMap> map, Isolate* isolate) {
   Handle<OrderedHashMap> table = isolate->factory()->NewOrderedHashMap();
   map->set_table(*table);
@@ -7863,6 +7886,13 @@ void JSMap::Clear(Isolate* isolate, Handle<JSMap> map) {
   map->set_table(*table);
 }
 
+void JSMap::Rehash(Isolate* isolate) {
+  Handle<OrderedHashMap> table_handle(OrderedHashMap::cast(table()), isolate);
+  Handle<OrderedHashMap> new_table =
+      OrderedHashMap::Rehash(isolate, table_handle).ToHandleChecked();
+  set_table(*new_table);
+}
+
 void JSWeakCollection::Initialize(Handle<JSWeakCollection> weak_collection,
                                   Isolate* isolate) {
   Handle<EphemeronHashTable> table = EphemeronHashTable::New(isolate, 0);

deps/v8/src/objects/ordered-hash-table.cc

@@ -194,6 +194,13 @@ HeapObject OrderedHashMap::GetEmpty(ReadOnlyRoots ro_roots) {
   return ro_roots.empty_ordered_hash_map();
 }
 
+template <class Derived, int entrysize>
+MaybeHandle<Derived> OrderedHashTable<Derived, entrysize>::Rehash(
+    Isolate* isolate, Handle<Derived> table) {
+  return OrderedHashTable<Derived, entrysize>::Rehash(isolate, table,
+                                                      table->Capacity());
+}
+
 template <class Derived, int entrysize>
 MaybeHandle<Derived> OrderedHashTable<Derived, entrysize>::Rehash(
     Isolate* isolate, Handle<Derived> table, int new_capacity) {
@@ -250,6 +257,20 @@ MaybeHandle<OrderedHashSet> OrderedHashSet::Rehash(Isolate* isolate,
                                                      new_capacity);
 }
 
+MaybeHandle<OrderedHashSet> OrderedHashSet::Rehash(
+    Isolate* isolate, Handle<OrderedHashSet> table) {
+  return OrderedHashTable<
+      OrderedHashSet, OrderedHashSet::kEntrySizeWithoutChain>::Rehash(isolate,
+                                                                      table);
+}
+
+MaybeHandle<OrderedHashMap> OrderedHashMap::Rehash(
+    Isolate* isolate, Handle<OrderedHashMap> table) {
+  return OrderedHashTable<
+      OrderedHashMap, OrderedHashMap::kEntrySizeWithoutChain>::Rehash(isolate,
+                                                                      table);
+}
+
 MaybeHandle<OrderedHashMap> OrderedHashMap::Rehash(Isolate* isolate,
                                                    Handle<OrderedHashMap> table,
                                                    int new_capacity) {

deps/v8/src/objects/ordered-hash-table.h

@@ -138,6 +138,7 @@ class OrderedHashTable : public FixedArray {
 
   // The extra +1 is for linking the bucket chains together.
   static const int kEntrySize = entrysize + 1;
+  static const int kEntrySizeWithoutChain = entrysize;
   static const int kChainOffset = entrysize;
 
   static const int kNotFound = -1;
@@ -200,6 +201,8 @@ class OrderedHashTable : public FixedArray {
   static MaybeHandle<Derived> Allocate(
       Isolate* isolate, int capacity,
       AllocationType allocation = AllocationType::kYoung);
+
+  static MaybeHandle<Derived> Rehash(Isolate* isolate, Handle<Derived> table);
   static MaybeHandle<Derived> Rehash(Isolate* isolate, Handle<Derived> table,
                                      int new_capacity);
 
@@ -244,6 +247,8 @@ class V8_EXPORT_PRIVATE OrderedHashSet
   static MaybeHandle<OrderedHashSet> Rehash(Isolate* isolate,
                                             Handle<OrderedHashSet> table,
                                             int new_capacity);
+  static MaybeHandle<OrderedHashSet> Rehash(Isolate* isolate,
+                                            Handle<OrderedHashSet> table);
   static MaybeHandle<OrderedHashSet> Allocate(
       Isolate* isolate, int capacity,
       AllocationType allocation = AllocationType::kYoung);
@@ -273,6 +278,8 @@ class V8_EXPORT_PRIVATE OrderedHashMap
   static MaybeHandle<OrderedHashMap> Rehash(Isolate* isolate,
                                             Handle<OrderedHashMap> table,
                                             int new_capacity);
+  static MaybeHandle<OrderedHashMap> Rehash(Isolate* isolate,
+                                            Handle<OrderedHashMap> table);
   Object ValueAt(int entry);
 
   // This takes and returns raw Address values containing tagged Object

deps/v8/src/snapshot/context-deserializer.cc

@@ -59,12 +59,12 @@ MaybeHandle<Object> ContextDeserializer::Deserialize(
     // new code, which also has to be flushed from instruction cache.
     CHECK_EQ(start_address, code_space->top());
 
-    if (FLAG_rehash_snapshot && can_rehash()) Rehash();
     LogNewMapEvents();
 
     result = handle(root, isolate);
   }
 
+  if (FLAG_rehash_snapshot && can_rehash()) Rehash();
   SetupOffHeapArrayBufferBackingStores();
 
   return result;

deps/v8/src/snapshot/deserializer.cc

@@ -82,7 +82,7 @@ void Deserializer::Initialize(Isolate* isolate) {
 void Deserializer::Rehash() {
   DCHECK(can_rehash() || deserializing_user_code());
   for (HeapObject item : to_rehash_) {
-    item.RehashBasedOnMap(ReadOnlyRoots(isolate_));
+    item.RehashBasedOnMap(isolate_);
   }
 }
 
@@ -142,6 +142,14 @@ void Deserializer::DeserializeDeferredObjects() {
       }
     }
   }
+
+  // When the deserialization of maps are deferred, they will be created
+  // as filler maps, and we postpone the post processing until the maps
+  // are also deserialized.
+  for (const auto& pair : fillers_to_post_process_) {
+    DCHECK(!pair.first.IsFiller());
+    PostProcessNewObject(pair.first, pair.second);
+  }
 }
 
 void Deserializer::LogNewObjectEvents() {
@@ -213,7 +221,11 @@ HeapObject Deserializer::PostProcessNewObject(HeapObject obj,
   DisallowHeapAllocation no_gc;
 
   if ((FLAG_rehash_snapshot && can_rehash_) || deserializing_user_code()) {
-    if (obj.IsString()) {
+    if (obj.IsFiller()) {
+      DCHECK_EQ(fillers_to_post_process_.find(obj),
+                fillers_to_post_process_.end());
+      fillers_to_post_process_.insert({obj, space});
+    } else if (obj.IsString()) {
       // Uninitialize hash field as we need to recompute the hash.
       String string = String::cast(obj);
       string.set_hash_field(String::kEmptyHashField);

deps/v8/src/snapshot/deserializer.h

@@ -197,6 +197,11 @@ class V8_EXPORT_PRIVATE Deserializer : public SerializerDeserializer {
   // TODO(6593): generalize rehashing, and remove this flag.
   bool can_rehash_;
   std::vector<HeapObject> to_rehash_;
+  // Store the objects whose maps are deferred and thus initialized as filler
+  // maps during deserialization, so that they can be processed later when the
+  // maps become available.
+  std::unordered_map<HeapObject, SnapshotSpace, Object::Hasher>
+      fillers_to_post_process_;
 
 #ifdef DEBUG
   uint32_t num_api_references_;

deps/v8/src/snapshot/object-deserializer.cc

@@ -47,9 +47,9 @@ MaybeHandle<HeapObject> ObjectDeserializer::Deserialize(Isolate* isolate) {
     LinkAllocationSites();
     LogNewMapEvents();
     result = handle(HeapObject::cast(root), isolate);
-    Rehash();
     allocator()->RegisterDeserializedObjectsForBlackAllocation();
   }
+  Rehash();
   CommitPostProcessedObjects();
   return scope.CloseAndEscape(result);
 }

deps/v8/test/cctest/test-serialize.cc

@@ -3755,7 +3755,7 @@ UNINITIALIZED_TEST(SnapshotCreatorIncludeGlobalProxy) {
   FreeCurrentEmbeddedBlob();
 }
 
-UNINITIALIZED_TEST(ReinitializeHashSeedNotRehashable) {
+UNINITIALIZED_TEST(ReinitializeHashSeedJSCollectionRehashable) {
   DisableAlwaysOpt();
   i::FLAG_rehash_snapshot = true;
   i::FLAG_hash_seed = 42;
@@ -3773,13 +3773,18 @@ UNINITIALIZED_TEST(ReinitializeHashSeedNotRehashable) {
       CompileRun(
           "var m = new Map();"
           "m.set('a', 1);"
-          "m.set('b', 2);");
+          "m.set('b', 2);"
+          "var s = new Set();"
+          "s.add(1);"
+          "s.add(globalThis);");
       ExpectInt32("m.get('b')", 2);
+      ExpectTrue("s.has(1)");
+      ExpectTrue("s.has(globalThis)");
       creator.SetDefaultContext(context);
     }
     blob =
         creator.CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kClear);
-    CHECK(!blob.CanBeRehashed());
+    CHECK(blob.CanBeRehashed());
   }
 
   i::FLAG_hash_seed = 1337;
@@ -3788,15 +3793,17 @@ UNINITIALIZED_TEST(ReinitializeHashSeedNotRehashable) {
   create_params.snapshot_blob = &blob;
   v8::Isolate* isolate = v8::Isolate::New(create_params);
   {
-    // Check that no rehashing has been performed.
-    CHECK_EQ(static_cast<uint64_t>(42),
+    // Check that rehashing has been performed.
+    CHECK_EQ(static_cast<uint64_t>(1337),
              HashSeed(reinterpret_cast<i::Isolate*>(isolate)));
     v8::Isolate::Scope isolate_scope(isolate);
     v8::HandleScope handle_scope(isolate);
     v8::Local<v8::Context> context = v8::Context::New(isolate);
     CHECK(!context.IsEmpty());
     v8::Context::Scope context_scope(context);
     ExpectInt32("m.get('b')", 2);
+    ExpectTrue("s.has(1)");
+    ExpectTrue("s.has(globalThis)");
   }
   isolate->Dispose();
   delete[] blob.data;