Reland "cppgc-js: Add snapshot for C++ objects"

This reverts commit fba14bde.

Reland fixes:
- const vector<const string> -> const vector<string>

Original message:
The following implements a snapshotting algorithm for C++ objects that
also filters strongly-connected components (SCCs) of only "hidden"
objects that are not (transitively) referencing any non-hidden
objects.

C++ objects come in two versions.
a. Named objects that have been assigned a name through NameProvider.
b. Unnamed objects, that are potentially hidden if the build
   configuration requires Oilpan to hide such names. Hidden objects have
   their name set to NameProvider::kHiddenName.

The main challenge for the algorithm is to avoid blowing up the final
object graph with hidden nodes that do not carry information. For that
reason, the algorithm filters SCCs of only hidden objects, e.g.:
  ...  -> (object) -> (object) -> (hidden) -> (hidden)
In this case the (hidden) objects are filtered from the graph. The
trickiest part is maintaining visibility state for objects referencing
other objects that are currently being processed.

Main algorithm idea (two passes):
1. First pass marks all non-hidden objects and those that transitively
   reach non-hidden objects as visible. Details:
   - Iterate over all objects.
   - If object is non-hidden mark it as visible and also mark parent
     as visible if needed.
   - If object is hidden, traverse children as DFS to find non-hidden
     objects. Post-order process the objects and mark those objects as
     visible that have child nodes that are visible themselves.
   - Maintain an epoch counter (StateStorage::state_count_) to allow
     deferring the visibility decision to other objects in the same
     SCC. This is similar to the "lowlink" value in Tarjan's algorithm
     for SCC.
   - After the first pass it is guaranteed that all deferred
     visibility decisions can be resolved.
2. Second pass adds nodes and edges for all visible objects.
   - Upon first checking the visibility state of an object, all deferred
     visibility states are resolved.

For practical reasons, the recursion is transformed into an iteration.
We do not use plain Tarjan's algorithm to avoid another pass over
all nodes to create SCCs.

Follow ups:
1. Adding wrapper nodes for cpp objects that are wrappables for V8
   wrappers.
2. Adding detachedness information.

Bug: chromium:1056170
Change-Id: Ib47df5c912c57d644d052f209276e9d926cece0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480362
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70577}

BUILD.gn

@@ -2593,6 +2593,8 @@ v8_source_set("v8_base_without_compiler") {
     "src/heap/concurrent-marking.h",
     "src/heap/cppgc-js/cpp-heap.cc",
     "src/heap/cppgc-js/cpp-heap.h",
+    "src/heap/cppgc-js/cpp-snapshot.cc",
+    "src/heap/cppgc-js/cpp-snapshot.h",
     "src/heap/cppgc-js/unified-heap-marking-state.h",
     "src/heap/cppgc-js/unified-heap-marking-visitor.cc",
     "src/heap/cppgc-js/unified-heap-marking-visitor.h",

src/heap/cppgc-js/cpp-heap.cc

@@ -12,6 +12,7 @@
 #include "src/execution/isolate.h"
 #include "src/flags/flags.h"
 #include "src/heap/base/stack.h"
+#include "src/heap/cppgc-js/cpp-snapshot.h"
 #include "src/heap/cppgc-js/unified-heap-marking-state.h"
 #include "src/heap/cppgc-js/unified-heap-marking-visitor.h"
 #include "src/heap/cppgc/concurrent-marker.h"
@@ -28,6 +29,7 @@
 #include "src/heap/marking-worklist.h"
 #include "src/heap/sweeper.h"
 #include "src/init/v8.h"
+#include "src/profiler/heap-profiler.h"
 
 namespace v8 {
 namespace internal {
@@ -146,6 +148,13 @@ CppHeap::CppHeap(
                                     kSupportsConservativeStackScan),
       isolate_(*reinterpret_cast<Isolate*>(isolate)) {
   CHECK(!FLAG_incremental_marking_wrappers);
+  isolate_.heap_profiler()->AddBuildEmbedderGraphCallback(&CppGraphBuilder::Run,
+                                                          this);
+}
+
+CppHeap::~CppHeap() {
+  isolate_.heap_profiler()->RemoveBuildEmbedderGraphCallback(
+      &CppGraphBuilder::Run, this);
 }
 
 void CppHeap::RegisterV8References(

src/heap/cppgc-js/cpp-heap.h

@@ -22,6 +22,7 @@ class V8_EXPORT_PRIVATE CppHeap final : public cppgc::internal::HeapBase,
   CppHeap(v8::Isolate* isolate,
           const std::vector<std::unique_ptr<cppgc::CustomSpaceBase>>&
               custom_spaces);
+  ~CppHeap() final;
 
   CppHeap(const CppHeap&) = delete;
   CppHeap& operator=(const CppHeap&) = delete;

src/heap/cppgc-js/cpp-snapshot.h

+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_HEAP_CPPGC_JS_CPP_SNAPSHOT_H_
+#define V8_HEAP_CPPGC_JS_CPP_SNAPSHOT_H_
+
+#include "src/base/macros.h"
+
+namespace v8 {
+
+class Isolate;
+class EmbedderGraph;
+
+namespace internal {
+
+class V8_EXPORT_PRIVATE CppGraphBuilder final {
+ public:
+  // Add the C++ snapshot to the existing |graph|. See CppGraphBuilderImpl for
+  // algorithm internals.
+  static void Run(v8::Isolate* isolate, v8::EmbedderGraph* graph, void* data);
+
+  CppGraphBuilder() = delete;
+};
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_HEAP_CPPGC_JS_CPP_SNAPSHOT_H_

src/profiler/heap-snapshot-generator.cc

@@ -103,8 +103,8 @@ void HeapEntry::SetNamedAutoIndexReference(HeapGraphEdge::Type type,
   SetNamedReference(type, name, child);
 }
 
-void HeapEntry::Print(
-    const char* prefix, const char* edge_name, int max_depth, int indent) {
+void HeapEntry::Print(const char* prefix, const char* edge_name, int max_depth,
+                      int indent) const {
   STATIC_ASSERT(sizeof(unsigned) == sizeof(id()));
   base::OS::Print("%6zu @%6u %*c %s%s: ", self_size(), id(), indent, ' ',
                   prefix, edge_name);
@@ -162,7 +162,7 @@ void HeapEntry::Print(
   }
 }
 
-const char* HeapEntry::TypeAsString() {
+const char* HeapEntry::TypeAsString() const {
   switch (type()) {
     case kHidden: return "/hidden/";
     case kObject: return "/object/";

src/profiler/heap-snapshot-generator.h

@@ -151,12 +151,12 @@ class HeapEntry {
                                   StringsStorage* strings);
 
   V8_EXPORT_PRIVATE void Print(const char* prefix, const char* edge_name,
-                               int max_depth, int indent);
+                               int max_depth, int indent) const;
 
  private:
   V8_INLINE std::vector<HeapGraphEdge*>::iterator children_begin() const;
   V8_INLINE std::vector<HeapGraphEdge*>::iterator children_end() const;
-  const char* TypeAsString();
+  const char* TypeAsString() const;
 
   unsigned type_: 4;
   unsigned index_ : 28;  // Supports up to ~250M objects.
@@ -196,7 +196,9 @@ class HeapSnapshot {
     return gc_subroot_entries_[static_cast<int>(root)];
   }
   std::deque<HeapEntry>& entries() { return entries_; }
+  const std::deque<HeapEntry>& entries() const { return entries_; }
   std::deque<HeapGraphEdge>& edges() { return edges_; }
+  const std::deque<HeapGraphEdge>& edges() const { return edges_; }
   std::vector<HeapGraphEdge*>& children() { return children_; }
   const std::vector<SourceLocation>& locations() const { return locations_; }
   void RememberLastJSObjectId();

test/unittests/BUILD.gn

@@ -297,6 +297,7 @@ v8_source_set("unittests_sources") {
     "heap/safepoint-unittest.cc",
     "heap/slot-set-unittest.cc",
     "heap/spaces-unittest.cc",
+    "heap/unified-heap-snapshot-unittest.cc",
     "heap/unified-heap-unittest.cc",
     "heap/unmapper-unittest.cc",
     "heap/worklist-unittest.cc",