deps: backport rehash strings after deserialization

Original commit messages:
v8/v8@a2ab135
  [snapshot] Rehash strings after deserialization.

  See https://goo.gl/6aN8xA

  Bug: v8:6593
  Change-Id: Ic8b0b57195d01d41591397d5d45de3f0f3ebc3d9
  Reviewed-on: https://chromium-review.googlesource.com/574527
  Reviewed-by: Camillo Bruni <[email protected]>
  Reviewed-by: Jakob Gruber <[email protected]>
  Reviewed-by: Ulan Degenbaev <[email protected]>
  Commit-Queue: Yang Guo <[email protected]>
  Cr-Commit-Position: refs/heads/master@{#46732}

v8/v8@182caaf
  Do not track transitions for built-in objects.

  Objects created during bootstrapping do not need
  a transition tree except for elements kind transitions.

  Bug: v8:6596
  Change-Id: I237b8b2792f201336e1c9731c815095dd06bc182
  Reviewed-on: https://chromium-review.googlesource.com/571750
  Reviewed-by: Igor Sheludko <[email protected]>
  Commit-Queue: Yang Guo <[email protected]>
  Cr-Commit-Position: refs/heads/master@{#46693}

Fixes: #14171
Refs: #14345

Backport-PR-URL: #14574
Backport-Reviewed-By: Anna Henningsen <[email protected]>
Backport-Reviewed-By: Refael Ackermann <[email protected]>

PR-URL: #14004
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>

Author: hashseed

deps/v8/src/api.cc

@@ -660,6 +660,9 @@ StartupData SnapshotCreator::CreateBlob(
     isolate->heap()->SetSerializedGlobalProxySizes(*global_proxy_sizes);
   }
 
+  // We might rehash strings and re-sort descriptors. Clear the lookup cache.
+  isolate->descriptor_lookup_cache()->Clear();
+
   // If we don't do this then we end up with a stray root pointing at the
   // context even after we have disposed of the context.
   isolate->heap()->CollectAllAvailableGarbage(
@@ -701,22 +704,28 @@ StartupData SnapshotCreator::CreateBlob(
   // Serialize each context with a new partial serializer.
   i::List<i::SnapshotData*> context_snapshots(num_additional_contexts + 1);
 
+  // TODO(6593): generalize rehashing, and remove this flag.
+  bool can_be_rehashed = true;
+
   {
     // The default snapshot does not support embedder fields.
     i::PartialSerializer partial_serializer(
         isolate, &startup_serializer, v8::SerializeInternalFieldsCallback());
     partial_serializer.Serialize(&default_context, false);
+    can_be_rehashed = can_be_rehashed && partial_serializer.can_be_rehashed();
     context_snapshots.Add(new i::SnapshotData(&partial_serializer));
   }
 
   for (int i = 0; i < num_additional_contexts; i++) {
     i::PartialSerializer partial_serializer(
         isolate, &startup_serializer, data->embedder_fields_serializers_[i]);
     partial_serializer.Serialize(&contexts[i], true);
+    can_be_rehashed = can_be_rehashed && partial_serializer.can_be_rehashed();
     context_snapshots.Add(new i::SnapshotData(&partial_serializer));
   }
 
   startup_serializer.SerializeWeakReferencesAndDeferred();
+  can_be_rehashed = can_be_rehashed && startup_serializer.can_be_rehashed();
 
 #ifdef DEBUG
   if (i::FLAG_external_reference_stats) {
@@ -725,8 +734,8 @@ StartupData SnapshotCreator::CreateBlob(
 #endif  // DEBUG
 
   i::SnapshotData startup_snapshot(&startup_serializer);
-  StartupData result =
-      i::Snapshot::CreateSnapshotBlob(&startup_snapshot, &context_snapshots);
+  StartupData result = i::Snapshot::CreateSnapshotBlob(
+      &startup_snapshot, &context_snapshots, can_be_rehashed);
 
   // Delete heap-allocated context snapshot instances.
   for (const auto& context_snapshot : context_snapshots) {

deps/v8/src/bootstrapper.cc

@@ -652,6 +652,8 @@ Handle<JSFunction> Genesis::GetThrowTypeErrorIntrinsic(
     DCHECK(false);
   }
 
+  JSObject::MigrateSlowToFast(function, 0, "Bootstrapping");
+
   return function;
 }
 
@@ -1397,6 +1399,8 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     sloppy_function_map_writable_prototype_->SetConstructor(*function_fun);
     strict_function_map_writable_prototype_->SetConstructor(*function_fun);
     class_function_map_->SetConstructor(*function_fun);
+
+    JSObject::MigrateSlowToFast(function_fun, 0, "Bootstrapping");
   }
 
   {
@@ -2221,6 +2225,8 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       info->set_length(1);
       native_context()->set_promise_reject_shared_fun(*info);
     }
+
+    JSObject::MigrateSlowToFast(promise_fun, 0, "Bootstrapping");
   }
 
   {  // -- R e g E x p

deps/v8/src/flag-definitions.h

@@ -1002,6 +1002,8 @@ DEFINE_BOOL(abort_on_stack_overflow, false,
 DEFINE_BOOL(randomize_hashes, true,
             "randomize hashes to avoid predictable hash collisions "
             "(with snapshots this option cannot override the baked-in seed)")
+DEFINE_BOOL(rehash_snapshot, true,
+            "rehash strings from the snapshot to override the baked-in seed")
 DEFINE_INT(hash_seed, 0,
            "Fixed seed to use to hash property keys (0 means random)"
            "(with snapshots this option cannot override the baked-in seed)")

deps/v8/src/heap/heap.cc

@@ -5679,14 +5679,7 @@ bool Heap::SetUp() {
 
   // Set up the seed that is used to randomize the string hash function.
   DCHECK(hash_seed() == 0);
-  if (FLAG_randomize_hashes) {
-    if (FLAG_hash_seed == 0) {
-      int rnd = isolate()->random_number_generator()->NextInt();
-      set_hash_seed(Smi::FromInt(rnd & Name::kHashBitMask));
-    } else {
-      set_hash_seed(Smi::FromInt(FLAG_hash_seed));
-    }
-  }
+  if (FLAG_randomize_hashes) InitializeHashSeed();
 
   for (int i = 0; i < static_cast<int>(v8::Isolate::kUseCounterFeatureCount);
        i++) {
@@ -5731,6 +5724,14 @@ bool Heap::SetUp() {
   return true;
 }
 
+void Heap::InitializeHashSeed() {
+  if (FLAG_hash_seed == 0) {
+    int rnd = isolate()->random_number_generator()->NextInt();
+    set_hash_seed(Smi::FromInt(rnd & Name::kHashBitMask));
+  } else {
+    set_hash_seed(Smi::FromInt(FLAG_hash_seed));
+  }
+}
 
 bool Heap::CreateHeapObjects() {
   // Create initial maps.

deps/v8/src/heap/heap.h

@@ -1000,6 +1000,9 @@ class Heap {
   // without actually creating any objects.
   bool SetUp();
 
+  // (Re-)Initialize hash seed from flag or RNG.
+  void InitializeHashSeed();
+
   // Bootstraps the object heap with the core set of objects required to run.
   // Returns whether it succeeded.
   bool CreateHeapObjects();

deps/v8/src/js/array.js

@@ -1282,6 +1282,8 @@ var unscopables = {
   keys: true,
 };
 
+%ToFastProperties(unscopables);
+
 %AddNamedProperty(GlobalArray.prototype, unscopablesSymbol, unscopables,
                   DONT_ENUM | READ_ONLY);
 

deps/v8/src/objects.cc

@@ -8860,7 +8860,13 @@ void Map::TraceAllTransitions(Map* map) {
 
 void Map::ConnectTransition(Handle<Map> parent, Handle<Map> child,
                             Handle<Name> name, SimpleTransitionFlag flag) {
-  if (!parent->GetBackPointer()->IsUndefined(parent->GetIsolate())) {
+  Isolate* isolate = parent->GetIsolate();
+  // Do not track transitions during bootstrap except for element transitions.
+  if (isolate->bootstrapper()->IsActive() &&
+      !name.is_identical_to(isolate->factory()->elements_transition_symbol())) {
+    return;
+  }
+  if (!parent->GetBackPointer()->IsUndefined(isolate)) {
     parent->set_owns_descriptors(false);
   } else {
     // |parent| is initial map and it must keep the ownership, there must be no
@@ -16712,6 +16718,9 @@ template class Dictionary<UnseededNumberDictionary,
                           UnseededNumberDictionaryShape,
                           uint32_t>;
 
+template void
+HashTable<GlobalDictionary, GlobalDictionaryShape, Handle<Name> >::Rehash(Handle<Name> key);
+
 template Handle<SeededNumberDictionary>
 Dictionary<SeededNumberDictionary, SeededNumberDictionaryShape, uint32_t>::New(
     Isolate*, int at_least_space_for, PretenureFlag pretenure,

deps/v8/src/snapshot/deserializer.cc

@@ -125,6 +125,7 @@ void Deserializer::Deserialize(Isolate* isolate) {
   LOG_CODE_EVENT(isolate_, LogCompiledFunctions());
 
   isolate_->builtins()->MarkInitialized();
+  if (FLAG_rehash_snapshot && can_rehash_) Rehash();
 }
 
 MaybeHandle<Object> Deserializer::DeserializePartial(
@@ -155,6 +156,9 @@ MaybeHandle<Object> Deserializer::DeserializePartial(
   // changed and logging should be added to notify the profiler et al of the
   // new code, which also has to be flushed from instruction cache.
   CHECK_EQ(start_address, code_space->top());
+
+  if (FLAG_rehash_snapshot && can_rehash_) RehashContext(Context::cast(root));
+
   return Handle<Object>(root, isolate);
 }
 
@@ -181,6 +185,63 @@ MaybeHandle<HeapObject> Deserializer::DeserializeObject(Isolate* isolate) {
   }
 }
 
+// We only really just need HashForObject here.
+class StringRehashKey : public HashTableKey {
+ public:
+  uint32_t HashForObject(Object* other) override {
+    return String::cast(other)->Hash();
+  }
+
+  static uint32_t StringHash(Object* obj) {
+    UNREACHABLE();
+    return String::cast(obj)->Hash();
+  }
+
+  bool IsMatch(Object* string) override {
+    UNREACHABLE();
+    return false;
+  }
+
+  uint32_t Hash() override {
+    UNREACHABLE();
+    return 0;
+  }
+
+  Handle<Object> AsHandle(Isolate* isolate) override {
+    UNREACHABLE();
+    return isolate->factory()->empty_string();
+  }
+};
+
+void Deserializer::Rehash() {
+  DCHECK(can_rehash_);
+  isolate_->heap()->InitializeHashSeed();
+  if (FLAG_profile_deserialization) {
+    PrintF("Re-initializing hash seed to %x\n",
+           isolate_->heap()->hash_seed()->value());
+  }
+  StringRehashKey string_rehash_key;
+  isolate_->heap()->string_table()->Rehash(&string_rehash_key);
+  SortMapDescriptors();
+}
+
+void Deserializer::RehashContext(Context* context) {
+  DCHECK(can_rehash_);
+  for (const auto& array : transition_arrays_) array->Sort();
+  Handle<Name> dummy = isolate_->factory()->empty_string();
+  context->global_object()->global_dictionary()->Rehash(dummy);
+  SortMapDescriptors();
+}
+
+void Deserializer::SortMapDescriptors() {
+  for (const auto& address : allocated_maps_) {
+    Map* map = Map::cast(HeapObject::FromAddress(address));
+    if (map->instance_descriptors()->number_of_descriptors() > 1) {
+      map->instance_descriptors()->Sort();
+    }
+  }
+}
+
 Deserializer::~Deserializer() {
 #ifdef DEBUG
   // Do not perform checks if we aborted deserialization.
@@ -371,6 +432,16 @@ HeapObject* Deserializer::PostProcessNewObject(HeapObject* obj, int space) {
             string->resource()));
     isolate_->heap()->RegisterExternalString(string);
   }
+  if (FLAG_rehash_snapshot && can_rehash_ && !deserializing_user_code()) {
+    if (obj->IsString()) {
+      // Uninitialize hash field as we are going to reinitialize the hash seed.
+      String* string = String::cast(obj);
+      string->set_hash_field(String::kEmptyHashField);
+    } else if (obj->IsTransitionArray() &&
+               TransitionArray::cast(obj)->number_of_entries() > 1) {
+      transition_arrays_.Add(TransitionArray::cast(obj));
+    }
+  }
   // Check alignment.
   DCHECK_EQ(0, Heap::GetFillToAlign(obj->address(), obj->RequiredAlignment()));
   return obj;

deps/v8/src/snapshot/deserializer.h

@@ -39,7 +39,8 @@ class Deserializer : public SerializerDeserializer {
         external_reference_table_(NULL),
         deserialized_large_objects_(0),
         deserializing_user_code_(deserializing_user_code),
-        next_alignment_(kWordAligned) {
+        next_alignment_(kWordAligned),
+        can_rehash_(false) {
     DecodeReservation(data->Reservations());
   }
 
@@ -62,6 +63,8 @@ class Deserializer : public SerializerDeserializer {
     attached_objects_.Add(attached_object);
   }
 
+  void SetRehashability(bool v) { can_rehash_ = v; }
+
  private:
   void VisitRootPointers(Root root, Object** start, Object** end) override;
 
@@ -115,6 +118,15 @@ class Deserializer : public SerializerDeserializer {
   // snapshot by chunk index and offset.
   HeapObject* GetBackReferencedObject(int space);
 
+  // Rehash after deserializing an isolate.
+  void Rehash();
+
+  // Rehash after deserializing a context.
+  void RehashContext(Context* context);
+
+  // Sort descriptors of deserialized maps using new string hashes.
+  void SortMapDescriptors();
+
   // Cached current isolate.
   Isolate* isolate_;
 
@@ -142,11 +154,15 @@ class Deserializer : public SerializerDeserializer {
   List<AccessorInfo*> accessor_infos_;
   List<Handle<String> > new_internalized_strings_;
   List<Handle<Script> > new_scripts_;
+  List<TransitionArray*> transition_arrays_;
 
   bool deserializing_user_code_;
 
   AllocationAlignment next_alignment_;
 
+  // TODO(6593): generalize rehashing, and remove this flag.
+  bool can_rehash_;
+
   DISALLOW_COPY_AND_ASSIGN(Deserializer);
 };
 

deps/v8/src/snapshot/partial-serializer.cc

@@ -15,7 +15,9 @@ PartialSerializer::PartialSerializer(
     v8::SerializeEmbedderFieldsCallback callback)
     : Serializer(isolate),
       startup_serializer_(startup_serializer),
-      serialize_embedder_fields_(callback) {
+      serialize_embedder_fields_(callback),
+      rehashable_global_dictionary_(nullptr),
+      can_be_rehashed_(true) {
   InitializeCodeAddressMap();
 }
 
@@ -24,22 +26,26 @@ PartialSerializer::~PartialSerializer() {
 }
 
 void PartialSerializer::Serialize(Object** o, bool include_global_proxy) {
-  if ((*o)->IsContext()) {
+  if ((*o)->IsNativeContext()) {
     Context* context = Context::cast(*o);
     reference_map()->AddAttachedReference(context->global_proxy());
     // The bootstrap snapshot has a code-stub context. When serializing the
     // partial snapshot, it is chained into the weak context list on the isolate
     // and it's next context pointer may point to the code-stub context.  Clear
     // it before serializing, it will get re-added to the context list
     // explicitly when it's loaded.
-    if (context->IsNativeContext()) {
-      context->set(Context::NEXT_CONTEXT_LINK,
-                   isolate_->heap()->undefined_value());
-      DCHECK(!context->global_object()->IsUndefined(context->GetIsolate()));
-      // Reset math random cache to get fresh random numbers.
-      context->set_math_random_index(Smi::kZero);
-      context->set_math_random_cache(isolate_->heap()->undefined_value());
-    }
+    context->set(Context::NEXT_CONTEXT_LINK,
+                 isolate_->heap()->undefined_value());
+    DCHECK(!context->global_object()->IsUndefined(context->GetIsolate()));
+    // Reset math random cache to get fresh random numbers.
+    context->set_math_random_index(Smi::kZero);
+    context->set_math_random_cache(isolate_->heap()->undefined_value());
+    DCHECK_NULL(rehashable_global_dictionary_);
+    rehashable_global_dictionary_ =
+        context->global_object()->global_dictionary();
+  } else {
+    // We only do rehashing for native contexts.
+    can_be_rehashed_ = false;
   }
   VisitRootPointer(Root::kPartialSnapshotCache, o);
   SerializeDeferredObjects();
@@ -104,6 +110,8 @@ void PartialSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
     }
   }
 
+  if (obj->IsHashTable()) CheckRehashability(obj);
+
   // Object has not yet been serialized.  Serialize it here.
   ObjectSerializer serializer(this, obj, &sink_, how_to_code, where_to_point);
   serializer.Serialize();
@@ -152,5 +160,14 @@ void PartialSerializer::SerializeEmbedderFields() {
   sink_.Put(kSynchronize, "Finished with embedder fields data");
 }
 
+void PartialSerializer::CheckRehashability(HeapObject* table) {
+  DCHECK(table->IsHashTable());
+  if (!can_be_rehashed_) return;
+  // We can only correctly rehash if the global dictionary is the only hash
+  // table that we deserialize.
+  if (table == rehashable_global_dictionary_) return;
+  can_be_rehashed_ = false;
+}
+
 }  // namespace internal
 }  // namespace v8