Reland "[turbofan] Serialize missing objects"

This is a reland of d82600ec Added missing builtin serializations that were breaking Clusterfuzz, layout tests and Speedometer. Original change's description: > [turbofan] Serialize missing objects > > Added a few objects to the standard objects list, as well as specific > builtins when the corresponding runtime calls are detected in the > serializer. Now JSHeapCopyReducer is needed only when concurrent > inlining is disabled. > > Bug: v8:7790 > Change-Id: I91d933611b0352df8ede4fded665f13669591fef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63509} Bug: v8:7790, chromium:1000136 Change-Id: I4775014bfe8100fb76f60e4088f1bdf2a8da64a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781681 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63525}

Reland "[turbofan] Serialize missing objects"
This is a reland of d82600ec Added missing builtin serializations that were breaking Clusterfuzz, layout tests and Speedometer. Original change's description: > [turbofan] Serialize missing objects > > Added a few objects to the standard objects list, as well as specific > builtins when the corresponding runtime calls are detected in the > serializer. Now JSHeapCopyReducer is needed only when concurrent > inlining is disabled. > > Bug: v8:7790 > Change-Id: I91d933611b0352df8ede4fded665f13669591fef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63509} Bug: v8:7790, chromium:1000136 Change-Id: I4775014bfe8100fb76f60e4088f1bdf2a8da64a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781681 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63525}
8864510e · Maya Lekova · Commit Bot · a98616e6 · 8864510e · 8864510e
Commit 8864510e authored Sep 03, 2019 by Maya Lekova Committed by Commit Bot Sep 03, 2019
3 changed files
--- a/src/compiler/js-heap-broker.cc
+++ b/src/compiler/js-heap-broker.cc
@@ -2342,13 +2342,23 @@ void JSHeapBroker::InitializeRefsMap() {
        Builtins::kAllocateRegularInOldGeneration,
        Builtins::kArgumentsAdaptorTrampoline,
        Builtins::kArrayConstructorImpl,
+        Builtins::kArrayIncludesHoleyDoubles,
+        Builtins::kArrayIncludesPackedDoubles,
+        Builtins::kArrayIncludesSmiOrObject,
+        Builtins::kArrayIndexOfHoleyDoubles,
+        Builtins::kArrayIndexOfPackedDoubles,
+        Builtins::kArrayIndexOfSmiOrObject,
+        Builtins::kCallApiCallback,
        Builtins::kCallFunctionForwardVarargs,
        Builtins::kCallFunction_ReceiverIsAny,
        Builtins::kCallFunction_ReceiverIsNotNullOrUndefined,
        Builtins::kCallFunction_ReceiverIsNullOrUndefined,
+        Builtins::kCloneFastJSArray,
        Builtins::kCompileLazy,
        Builtins::kConstructFunctionForwardVarargs,
        Builtins::kForInFilter,
+        Builtins::kGetProperty,
+        Builtins::kIncBlockCounter,
        Builtins::kJSBuiltinsConstructStub,
        Builtins::kJSConstructStubGeneric,
        Builtins::kStringAdd_CheckNone,
@@ -2482,6 +2492,8 @@ void JSHeapBroker::InitializeAndStartSerializing(
  GetOrCreateData(f->optimized_out());
  GetOrCreateData(f->optimized_out_map());
  GetOrCreateData(f->property_array_map());
+  GetOrCreateData(f->ReflectHas_string());
+  GetOrCreateData(f->ReflectGet_string());
  GetOrCreateData(f->sloppy_arguments_elements_map());
  GetOrCreateData(f->stale_register());
  GetOrCreateData(f->stale_register_map());
@@ -3627,6 +3639,10 @@ ObjectRef::ObjectRef(JSHeapBroker* broker, Handle<Object> object,
    case JSHeapBroker::kRetired:
      UNREACHABLE();
  }
+  if (!data_) {  // TODO(mslekova): Remove once we're on the background thread.
+    AllowHandleDereference handle_dereference;
+    object->Print();
+  }
  CHECK_WITH_MSG(data_ != nullptr, "Object is not known to the heap broker");
 }


--- a/src/compiler/js-heap-copy-reducer.cc
+++ b/src/compiler/js-heap-copy-reducer.cc
@@ -27,8 +27,8 @@ JSHeapBroker* JSHeapCopyReducer::broker() { return broker_; }
 Reduction JSHeapCopyReducer::Reduce(Node* node) {
  switch (node->opcode()) {
    case IrOpcode::kHeapConstant: {
-      ObjectRef object(broker(), HeapConstantOf(node->op()));
      if (!FLAG_concurrent_inlining) {
+        ObjectRef object(broker(), HeapConstantOf(node->op()));
        if (object.IsJSFunction()) object.AsJSFunction().Serialize();
        if (object.IsJSObject()) {
          object.AsJSObject().SerializeObjectCreateMap();

--- a/src/compiler/serializer-for-background-compilation.cc
+++ b/src/compiler/serializer-for-background-compilation.cc
@@ -1130,16 +1130,82 @@ void SerializerForBackgroundCompilation::VisitInvokeIntrinsic(
  Runtime::FunctionId functionId = iterator->GetIntrinsicIdOperand(0);
  // For JSNativeContextSpecialization::ReduceJSAsyncFunctionResolve and
  // JSNativeContextSpecialization::ReduceJSResolvePromise.
-  if (functionId == Runtime::kInlineAsyncFunctionResolve) {
-    interpreter::Register first_reg = iterator->GetRegisterOperand(1);
-    size_t reg_count = iterator->GetRegisterCountOperand(2);
-    CHECK_EQ(reg_count, 3);
-    HintsVector arguments(zone());
-    environment()->ExportRegisterHints(first_reg, reg_count, &arguments);
-    Hints const& resolution_hints = arguments[1];  // The resolution object.
-    ProcessHintsForPromiseResolve(resolution_hints);
-    environment()->accumulator_hints().Clear();
-    return;
+  switch (functionId) {
+    case Runtime::kInlineAsyncFunctionResolve: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncFunctionResolve));
+      interpreter::Register first_reg = iterator->GetRegisterOperand(1);
+      size_t reg_count = iterator->GetRegisterCountOperand(2);
+      CHECK_EQ(reg_count, 3);
+      HintsVector arguments(zone());
+      environment()->ExportRegisterHints(first_reg, reg_count, &arguments);
+      Hints const& resolution_hints = arguments[1];  // The resolution object.
+      ProcessHintsForPromiseResolve(resolution_hints);
+      environment()->accumulator_hints().Clear();
+      return;
+    }
+    case Runtime::kInlineAsyncGeneratorReject:
+    case Runtime::kAsyncGeneratorReject: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncGeneratorReject));
+      break;
+    }
+    case Runtime::kInlineAsyncGeneratorResolve:
+    case Runtime::kAsyncGeneratorResolve: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncGeneratorResolve));
+      break;
+    }
+    case Runtime::kInlineAsyncGeneratorYield:
+    case Runtime::kAsyncGeneratorYield: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncGeneratorYield));
+      break;
+    }
+    case Runtime::kInlineAsyncGeneratorAwaitUncaught:
+    case Runtime::kAsyncGeneratorAwaitUncaught: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncGeneratorAwaitUncaught));
+      break;
+    }
+    case Runtime::kInlineAsyncGeneratorAwaitCaught:
+    case Runtime::kAsyncGeneratorAwaitCaught: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncGeneratorAwaitCaught));
+      break;
+    }
+    case Runtime::kInlineAsyncFunctionAwaitUncaught:
+    case Runtime::kAsyncFunctionAwaitUncaught: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncFunctionAwaitUncaught));
+      break;
+    }
+    case Runtime::kInlineAsyncFunctionAwaitCaught:
+    case Runtime::kAsyncFunctionAwaitCaught: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncFunctionAwaitCaught));
+      break;
+    }
+    case Runtime::kInlineAsyncFunctionReject:
+    case Runtime::kAsyncFunctionReject: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncFunctionReject));
+      break;
+    }
+    case Runtime::kAsyncFunctionResolve: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kAsyncFunctionResolve));
+      break;
+    }
+    case Runtime::kInlineCopyDataProperties:
+    case Runtime::kCopyDataProperties: {
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kCopyDataProperties));
+      break;
+    }
+    default: {
+      break;
+    }
  }
  environment()->ClearEphemeralHints();
 }
@@ -1787,6 +1853,16 @@ void SerializerForBackgroundCompilation::ProcessCallVarArgs(

 void SerializerForBackgroundCompilation::ProcessApiCall(
    Handle<SharedFunctionInfo> target, const HintsVector& arguments) {
+  ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                          Builtins::kCallFunctionTemplate_CheckAccess));
+  ObjectRef(broker(),
+            broker()->isolate()->builtins()->builtin_handle(
+                Builtins::kCallFunctionTemplate_CheckCompatibleReceiver));
+  ObjectRef(
+      broker(),
+      broker()->isolate()->builtins()->builtin_handle(
+          Builtins::kCallFunctionTemplate_CheckAccessAndCompatibleReceiver));
+
  FunctionTemplateInfoRef target_template_info(
      broker(), handle(target->function_data(), broker()->isolate()));
  if (!target_template_info.has_call_code()) return;
@@ -1977,6 +2053,18 @@ void SerializerForBackgroundCompilation::ProcessBuiltinCall(
        ProcessHintsForObjectGetPrototype(arguments[0]);
      }
      break;
+    case Builtins::kMapIteratorPrototypeNext:
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kOrderedHashTableHealIndex));
+      ObjectRef(broker(),
+                broker()->isolate()->factory()->empty_ordered_hash_map());
+      break;
+    case Builtins::kSetIteratorPrototypeNext:
+      ObjectRef(broker(), broker()->isolate()->builtins()->builtin_handle(
+                              Builtins::kOrderedHashTableHealIndex));
+      ObjectRef(broker(),
+                broker()->isolate()->factory()->empty_ordered_hash_set());
+      break;
    default:
      break;
  }