Reland: [builtins] Patch self-references in constants table

Original CL: https://crrev.com/c/1018468 During code generation, we generate self-references (i.e. references to the Code object currently being generated) as references to a temporary handle. When the final Code object has been allocated, the handle's location is fixed up and RelocInfo iteration fixes up all references embedded in the generated code. This adds support for this mechanism to the builtins constants table builder. CodeObject() is now a new handle pointing to a dedicated self-reference marker in order to distinguish between self-references and references to undefined. In Factory::NewCode, we patch up the constants table. TBR=yangguo@chromium.org,mlippautz@chromium.org Bug: v8:6666 Change-Id: I3fa422c57de99c9851dc7a86394a8387c7c2b397 Reviewed-on: https://chromium-review.googlesource.com/1039366 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52916}

Reland: [builtins] Patch self-references in constants table
Original CL: https://crrev.com/c/1018468 During code generation, we generate self-references (i.e. references to the Code object currently being generated) as references to a temporary handle. When the final Code object has been allocated, the handle's location is fixed up and RelocInfo iteration fixes up all references embedded in the generated code. This adds support for this mechanism to the builtins constants table builder. CodeObject() is now a new handle pointing to a dedicated self-reference marker in order to distinguish between self-references and references to undefined. In Factory::NewCode, we patch up the constants table. TBR=yangguo@chromium.org,mlippautz@chromium.org Bug: v8:6666 Change-Id: I3fa422c57de99c9851dc7a86394a8387c7c2b397 Reviewed-on: https://chromium-review.googlesource.com/1039366 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52916}
ab9e0124 · jgruber · Commit Bot · c2a2e4c3 · ab9e0124 · ab9e0124
Commit ab9e0124 authored 6 years ago by jgruber Committed by Commit Bot 6 years ago
24 changed files
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -32,14 +32,24 @@ namespace internal {

 MacroAssembler::MacroAssembler(Isolate* isolate, void* buffer, int size,
                               CodeObjectRequired create_code_object)
-    : TurboAssembler(isolate, buffer, size, create_code_object) {}
+    : TurboAssembler(isolate, buffer, size, create_code_object) {
+  if (create_code_object == CodeObjectRequired::kYes) {
+    // Unlike TurboAssembler, which can be used off the main thread and may not
+    // allocate, macro assembler creates its own copy of the self-reference
+    // marker in order to disambiguate between self-references during nested
+    // code generation (e.g.: codegen of the current object triggers stub
+    // compilation through CodeStub::GetCode()).
+    code_object_ = Handle<HeapObject>::New(
+        *isolate->factory()->NewSelfReferenceMarker(), isolate);
+  }
+}

 TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
                               CodeObjectRequired create_code_object)
    : Assembler(isolate, buffer, buffer_size), isolate_(isolate) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }

@@ -130,11 +140,6 @@ void TurboAssembler::LookupConstant(Register destination,
  CHECK(isolate()->ShouldLoadConstantsFromRootList());
  CHECK(root_array_available_);

-  // TODO(jgruber, v8:6666): Support self-references. Currently, we'd end up
-  // adding the temporary code object to the constants list, before creating the
-  // final object in Factory::CopyCode.
-  CHECK(code_object_.is_null() || !object.equals(code_object_));
-
  // Ensure the given object is in the builtins constants table and fetch its
  // index.
  BuiltinsConstantsTableBuilder* builder =
@@ -357,8 +362,7 @@ void TurboAssembler::Move(Register dst, Smi* smi) { mov(dst, Operand(smi)); }

 void TurboAssembler::Move(Register dst, Handle<HeapObject> value) {
 #ifdef V8_EMBEDDED_BUILTINS
-  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList() &&
-      !value.equals(CodeObject())) {
+  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList()) {
    Heap::RootListIndex root_index;
    if (!isolate()->heap()->IsRootHandle(value, &root_index)) {
      LookupConstant(dst, value);

--- a/src/arm/macro-assembler-arm.h
+++ b/src/arm/macro-assembler-arm.h
@@ -551,12 +551,14 @@ class TurboAssembler : public Assembler {
  bool root_array_available() const { return root_array_available_; }
  void set_root_array_available(bool v) { root_array_available_ = v; }

+ protected:
+  // This handle will be patched with the code object on installation.
+  Handle<HeapObject> code_object_;
+
 private:
  bool has_frame_ = false;
  bool root_array_available_ = true;
  Isolate* const isolate_;
-  // This handle will be patched with the code object on installation.
-  Handle<HeapObject> code_object_;

  // Compare single values and then load the fpscr flags to a register.
  void VFPCompareAndLoadFlags(const SwVfpRegister src1,

--- a/src/arm64/macro-assembler-arm64.cc
+++ b/src/arm64/macro-assembler-arm64.cc
@@ -30,7 +30,17 @@ namespace internal {
 MacroAssembler::MacroAssembler(Isolate* isolate, byte* buffer,
                               unsigned buffer_size,
                               CodeObjectRequired create_code_object)
-    : TurboAssembler(isolate, buffer, buffer_size, create_code_object) {}
+    : TurboAssembler(isolate, buffer, buffer_size, create_code_object) {
+  if (create_code_object == CodeObjectRequired::kYes) {
+    // Unlike TurboAssembler, which can be used off the main thread and may not
+    // allocate, macro assembler creates its own copy of the self-reference
+    // marker in order to disambiguate between self-references during nested
+    // code generation (e.g.: codegen of the current object triggers stub
+    // compilation through CodeStub::GetCode()).
+    code_object_ = Handle<HeapObject>::New(
+        *isolate->factory()->NewSelfReferenceMarker(), isolate);
+  }
+}

 CPURegList TurboAssembler::DefaultTmpList() { return CPURegList(ip0, ip1); }

@@ -49,8 +59,8 @@ TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
      fptmp_list_(DefaultFPTmpList()),
      use_real_aborts_(true) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }

@@ -1580,8 +1590,7 @@ void TurboAssembler::Move(Register dst, Register src) { Mov(dst, src); }

 void TurboAssembler::Move(Register dst, Handle<HeapObject> x) {
 #ifdef V8_EMBEDDED_BUILTINS
-  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList() &&
-      !x.equals(CodeObject())) {
+  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList()) {
    LookupConstant(dst, x);
    return;
  }
@@ -1885,11 +1894,6 @@ void TurboAssembler::LookupConstant(Register destination,
  CHECK(isolate()->ShouldLoadConstantsFromRootList());
  CHECK(root_array_available_);

-  // TODO(jgruber, v8:6666): Support self-references. Currently, we'd end up
-  // adding the temporary code object to the constants list, before creating the
-  // final object in Factory::CopyCode.
-  CHECK(code_object_.is_null() || !object.equals(code_object_));
-
  // Ensure the given object is in the builtins constants table and fetch its
  // index.
  BuiltinsConstantsTableBuilder* builder =

--- a/src/arm64/macro-assembler-arm64.h
+++ b/src/arm64/macro-assembler-arm64.h
@@ -1255,6 +1255,9 @@ class TurboAssembler : public Assembler {
  // have mixed types. The format string (x0) should not be included.
  void CallPrintf(int arg_count = 0, const CPURegister* args = nullptr);

+  // This handle will be patched with the code object on installation.
+  Handle<HeapObject> code_object_;
+
 private:
  bool has_frame_ = false;
  bool root_array_available_ = true;
@@ -1266,8 +1269,6 @@ class TurboAssembler : public Assembler {
  bool allow_macro_instructions_;
 #endif

-  // This handle will be patched with the code object on installation.
-  Handle<HeapObject> code_object_;

  // Scratch registers available for use by the MacroAssembler.
  CPURegList tmp_list_;

--- a/src/builtins/constants-table-builder.cc
+++ b/src/builtins/constants-table-builder.cc
@@ -46,6 +46,36 @@ uint32_t BuiltinsConstantsTableBuilder::AddObject(Handle<Object> object) {
  }
 }

+void BuiltinsConstantsTableBuilder::PatchSelfReference(
+    Handle<Object> self_reference, Handle<Code> code_object) {
+#ifdef DEBUG
+  // Roots must not be inserted into the constants table as they are already
+  // accessibly from the root list.
+  Heap::RootListIndex root_list_index;
+  DCHECK(!isolate_->heap()->IsRootHandle(code_object, &root_list_index));
+
+  // Not yet finalized.
+  DCHECK_EQ(isolate_->heap()->empty_fixed_array(),
+            isolate_->heap()->builtins_constants_table());
+
+  DCHECK(isolate_->serializer_enabled());
+
+  DCHECK(self_reference->IsOddball());
+  DCHECK(Oddball::cast(*self_reference)->kind() ==
+         Oddball::kSelfReferenceMarker);
+
+  // During indirection generation, we always create a distinct marker for each
+  // macro assembler. The canonical marker is only used when not generating a
+  // snapshot.
+  DCHECK(*self_reference != isolate_->heap()->self_reference_marker());
+#endif
+
+  uint32_t key;
+  if (map_.Delete(self_reference, &key)) {
+    map_.Set(code_object, key);
+  }
+}
+
 void BuiltinsConstantsTableBuilder::Finalize() {
  HandleScope handle_scope(isolate_);

@@ -76,6 +106,7 @@ void BuiltinsConstantsTableBuilder::Finalize() {
  for (int i = 0; i < map_.size(); i++) {
    DCHECK(table->get(i)->IsHeapObject());
    DCHECK_NE(isolate_->heap()->undefined_value(), table->get(i));
+    DCHECK_NE(isolate_->heap()->self_reference_marker(), table->get(i));
  }
 #endif


--- a/src/builtins/constants-table-builder.h
+++ b/src/builtins/constants-table-builder.h
@@ -28,6 +28,12 @@ class BuiltinsConstantsTableBuilder final {
  // object, possibly adding the object to the table. Objects are deduplicated.
  uint32_t AddObject(Handle<Object> object);

+  // Self-references during code generation start out by referencing a handle
+  // with a temporary dummy object. Once the final Code object exists, such
+  // entries in the constants map must be patched up.
+  void PatchSelfReference(Handle<Object> self_reference,
+                          Handle<Code> code_object);
+
  // Should be called after all affected code (e.g. builtins and bytecode
  // handlers) has been generated.
  void Finalize();

--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -10,6 +10,7 @@
 #include "src/ast/ast.h"
 #include "src/base/bits.h"
 #include "src/bootstrapper.h"
+#include "src/builtins/constants-table-builder.h"
 #include "src/compiler.h"
 #include "src/conversions.h"
 #include "src/interpreter/interpreter.h"
@@ -191,6 +192,12 @@ Handle<Oddball> Factory::NewOddball(Handle<Map> map, const char* to_string,
  return oddball;
 }

+Handle<Oddball> Factory::NewSelfReferenceMarker() {
+  return NewOddball(self_reference_marker_map(), "self_reference_marker",
+                    handle(Smi::FromInt(-1), isolate()), "undefined",
+                    Oddball::kSelfReferenceMarker);
+}
+
 Handle<PropertyArray> Factory::NewPropertyArray(int length,
                                                PretenureFlag pretenure) {
  DCHECK_LE(0, length);
@@ -2491,7 +2498,15 @@ Handle<Code> Factory::NewCode(

  // Allow self references to created code object by patching the handle to
  // point to the newly allocated Code object.
-  if (!self_ref.is_null()) *(self_ref.location()) = *code;
+  if (!self_ref.is_null()) {
+    DCHECK(self_ref->IsOddball());
+    DCHECK(Oddball::cast(*self_ref)->kind() == Oddball::kSelfReferenceMarker);
+#ifdef V8_EMBEDDED_BUILTINS
+    auto builder = isolate()->builtins_constants_table_builder();
+    if (builder != nullptr) builder->PatchSelfReference(self_ref, code);
+#endif  // V8_EMBEDDED_BUILTINS
+    *(self_ref.location()) = *code;
+  }

  // Migrate generated code.
  // The generated code can contain Object** values (typically from handles)

--- a/src/heap/factory.h
+++ b/src/heap/factory.h
@@ -88,6 +88,9 @@ class V8_EXPORT_PRIVATE Factory {
                             Handle<Object> to_number, const char* type_of,
                             byte kind);

+  // Marks self references within code generation.
+  Handle<Oddball> NewSelfReferenceMarker();
+
  // Allocates a fixed array-like object with given map and initialized with
  // undefined values.
  template <typename T = FixedArray>

--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -194,6 +194,7 @@ using v8::MemoryPressureLevel;
  V(Map, termination_exception_map, TerminationExceptionMap)                   \
  V(Map, optimized_out_map, OptimizedOutMap)                                   \
  V(Map, stale_register_map, StaleRegisterMap)                                 \
+  V(Map, self_reference_marker_map, SelfReferenceMarkerMap)                    \
  /* Canonical empty values */                                                 \
  V(EnumCache, empty_enum_cache, EmptyEnumCache)                               \
  V(PropertyArray, empty_property_array, EmptyPropertyArray)                   \
@@ -247,6 +248,8 @@ using v8::MemoryPressureLevel;
  V(HeapNumber, infinity_value, InfinityValue)                                 \
  V(HeapNumber, minus_zero_value, MinusZeroValue)                              \
  V(HeapNumber, minus_infinity_value, MinusInfinityValue)                      \
+  /* Marker for self-references during code-generation */                      \
+  V(HeapObject, self_reference_marker, SelfReferenceMarker)                    \
  /* Caches */                                                                 \
  V(FixedArray, number_string_cache, NumberStringCache)                        \
  V(FixedArray, single_character_string_cache, SingleCharacterStringCache)     \
@@ -389,6 +392,7 @@ using v8::MemoryPressureLevel;
  V(ScopeInfoMap)                       \
  V(ScriptContextMap)                   \
  V(ScriptContextTableMap)              \
+  V(SelfReferenceMarker)                \
  V(SharedFunctionInfoMap)              \
  V(SimpleNumberDictionaryMap)          \
  V(SloppyArgumentsElementsMap)         \

--- a/src/heap/setup-heap-internal.cc
+++ b/src/heap/setup-heap-internal.cc
@@ -376,6 +376,7 @@ bool Heap::CreateInitialMaps() {
    ALLOCATE_MAP(ODDBALL_TYPE, Oddball::kSize, termination_exception);
    ALLOCATE_MAP(ODDBALL_TYPE, Oddball::kSize, optimized_out);
    ALLOCATE_MAP(ODDBALL_TYPE, Oddball::kSize, stale_register);
+    ALLOCATE_MAP(ODDBALL_TYPE, Oddball::kSize, self_reference_marker);
    ALLOCATE_VARSIZE_MAP(BIGINT_TYPE, bigint);

    for (unsigned i = 0; i < arraysize(string_type_table); i++) {
@@ -649,6 +650,9 @@ void Heap::CreateInitialObjects() {
                           handle(Smi::FromInt(-7), isolate()), "undefined",
                           Oddball::kStaleRegister));

+  // Initialize the self-reference marker.
+  set_self_reference_marker(*factory->NewSelfReferenceMarker());
+
  // Create the code_stubs dictionary. The initial size is set to avoid
  // expanding the dictionary during bootstrapping.
  set_code_stubs(*SimpleNumberDictionary::New(isolate(), 128));

--- a/src/ia32/macro-assembler-ia32.cc
+++ b/src/ia32/macro-assembler-ia32.cc
@@ -28,14 +28,24 @@ namespace internal {

 MacroAssembler::MacroAssembler(Isolate* isolate, void* buffer, int size,
                               CodeObjectRequired create_code_object)
-    : TurboAssembler(isolate, buffer, size, create_code_object) {}
+    : TurboAssembler(isolate, buffer, size, create_code_object) {
+  if (create_code_object == CodeObjectRequired::kYes) {
+    // Unlike TurboAssembler, which can be used off the main thread and may not
+    // allocate, macro assembler creates its own copy of the self-reference
+    // marker in order to disambiguate between self-references during nested
+    // code generation (e.g.: codegen of the current object triggers stub
+    // compilation through CodeStub::GetCode()).
+    code_object_ = Handle<HeapObject>::New(
+        *isolate->factory()->NewSelfReferenceMarker(), isolate);
+  }
+}

 TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
                               CodeObjectRequired create_code_object)
    : Assembler(isolate, buffer, buffer_size), isolate_(isolate) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }


--- a/src/ia32/macro-assembler-ia32.h
+++ b/src/ia32/macro-assembler-ia32.h
@@ -360,12 +360,14 @@ class TurboAssembler : public Assembler {
  bool root_array_available() const { return root_array_available_; }
  void set_root_array_available(bool v) { root_array_available_ = v; }

+ protected:
+  // This handle will be patched with the code object on installation.
+  Handle<HeapObject> code_object_;
+
 private:
  bool has_frame_ = false;
  bool root_array_available_ = false;
  Isolate* const isolate_;
-  // This handle will be patched with the code object on installation.
-  Handle<HeapObject> code_object_;
 };

 // MacroAssembler implements a collection of frequently used macros.

--- a/src/mips/macro-assembler-mips.cc
+++ b/src/mips/macro-assembler-mips.cc
@@ -27,7 +27,17 @@ namespace internal {

 MacroAssembler::MacroAssembler(Isolate* isolate, void* buffer, int size,
                               CodeObjectRequired create_code_object)
-    : TurboAssembler(isolate, buffer, size, create_code_object) {}
+    : TurboAssembler(isolate, buffer, size, create_code_object) {
+  if (create_code_object == CodeObjectRequired::kYes) {
+    // Unlike TurboAssembler, which can be used off the main thread and may not
+    // allocate, macro assembler creates its own copy of the self-reference
+    // marker in order to disambiguate between self-references during nested
+    // code generation (e.g.: codegen of the current object triggers stub
+    // compilation through CodeStub::GetCode()).
+    code_object_ = Handle<HeapObject>::New(
+        *isolate->factory()->NewSelfReferenceMarker(), isolate);
+  }
+}

 TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
                               CodeObjectRequired create_code_object)
@@ -35,8 +45,8 @@ TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
      isolate_(isolate),
      has_double_zero_reg_set_(false) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }

@@ -1323,8 +1333,7 @@ void TurboAssembler::Sc(Register rd, const MemOperand& rs) {

 void TurboAssembler::li(Register dst, Handle<HeapObject> value, LiFlags mode) {
 #ifdef V8_EMBEDDED_BUILTINS
-  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList() &&
-      !value.equals(CodeObject())) {
+  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList()) {
    LookupConstant(dst, value);
    return;
  }
@@ -3605,11 +3614,6 @@ void TurboAssembler::LookupConstant(Register destination,
  CHECK(isolate()->ShouldLoadConstantsFromRootList());
  CHECK(root_array_available_);

-  // TODO(jgruber, v8:6666): Support self-references. Currently, we'd end up
-  // adding the temporary code object to the constants list, before creating the
-  // final object in Factory::CopyCode.
-  CHECK(code_object_.is_null() || !object.equals(code_object_));
-
  // Ensure the given object is in the builtins constants table and fetch its
  // index.
  BuiltinsConstantsTableBuilder* builder =

--- a/src/mips/macro-assembler-mips.h
+++ b/src/mips/macro-assembler-mips.h
@@ -855,12 +855,13 @@ class TurboAssembler : public Assembler {

  inline int32_t GetOffset(int32_t offset, Label* L, OffsetSize bits);

+  // This handle will be patched with the code object on installation.
+  Handle<HeapObject> code_object_;
+
 private:
  bool has_frame_ = false;
  bool root_array_available_ = true;
  Isolate* const isolate_;
-  // This handle will be patched with the code object on installation.
-  Handle<HeapObject> code_object_;
  bool has_double_zero_reg_set_;

  void CallCFunctionHelper(Register function_base, int16_t function_offset,

--- a/src/mips64/macro-assembler-mips64.cc
+++ b/src/mips64/macro-assembler-mips64.cc
@@ -27,7 +27,17 @@ namespace internal {

 MacroAssembler::MacroAssembler(Isolate* isolate, void* buffer, int size,
                               CodeObjectRequired create_code_object)
-    : TurboAssembler(isolate, buffer, size, create_code_object) {}
+    : TurboAssembler(isolate, buffer, size, create_code_object) {
+  if (create_code_object == CodeObjectRequired::kYes) {
+    // Unlike TurboAssembler, which can be used off the main thread and may not
+    // allocate, macro assembler creates its own copy of the self-reference
+    // marker in order to disambiguate between self-references during nested
+    // code generation (e.g.: codegen of the current object triggers stub
+    // compilation through CodeStub::GetCode()).
+    code_object_ = Handle<HeapObject>::New(
+        *isolate->factory()->NewSelfReferenceMarker(), isolate);
+  }
+}

 TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
                               CodeObjectRequired create_code_object)
@@ -35,8 +45,8 @@ TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
      isolate_(isolate),
      has_double_zero_reg_set_(false) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }

@@ -1562,8 +1572,7 @@ void TurboAssembler::Scd(Register rd, const MemOperand& rs) {

 void TurboAssembler::li(Register dst, Handle<HeapObject> value, LiFlags mode) {
 #ifdef V8_EMBEDDED_BUILTINS
-  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList() &&
-      !value.equals(CodeObject())) {
+  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList()) {
    LookupConstant(dst, value);
    return;
  }
@@ -4114,11 +4123,6 @@ void TurboAssembler::LookupConstant(Register destination,
  CHECK(isolate()->ShouldLoadConstantsFromRootList());
  CHECK(root_array_available_);

-  // TODO(jgruber, v8:6666): Support self-references. Currently, we'd end up
-  // adding the temporary code object to the constants list, before creating the
-  // final object in Factory::CopyCode.
-  CHECK(code_object_.is_null() || !object.equals(code_object_));
-
  // Ensure the given object is in the builtins constants table and fetch its
  // index.
  BuiltinsConstantsTableBuilder* builder =

--- a/src/mips64/macro-assembler-mips64.h
+++ b/src/mips64/macro-assembler-mips64.h
@@ -878,12 +878,13 @@ class TurboAssembler : public Assembler {
  inline Register GetRtAsRegisterHelper(const Operand& rt, Register scratch);
  inline int32_t GetOffset(int32_t offset, Label* L, OffsetSize bits);

+  // This handle will be patched with the code object on installation.
+  Handle<HeapObject> code_object_;
+
 private:
  bool has_frame_ = false;
  bool root_array_available_ = true;
  Isolate* const isolate_;
-  // This handle will be patched with the code object on installation.
-  Handle<HeapObject> code_object_;
  bool has_double_zero_reg_set_;

  void CompareF(SecondaryField sizeField, FPUCondition cc, FPURegister cmp1,

--- a/src/objects-debug.cc
+++ b/src/objects-debug.cc
@@ -986,6 +986,9 @@ void Oddball::OddballVerify() {
    CHECK(this == heap->optimized_out());
  } else if (map() == heap->stale_register_map()) {
    CHECK(this == heap->stale_register());
+  } else if (map() == heap->self_reference_marker_map()) {
+    // Multiple instances of this oddball may exist at once.
+    CHECK_EQ(kind(), Oddball::kSelfReferenceMarker);
  } else {
    UNREACHABLE();
  }

--- a/src/objects.h
+++ b/src/objects.h
@@ -4060,6 +4060,7 @@ class Oddball: public HeapObject {
  static const byte kException = 8;
  static const byte kOptimizedOut = 9;
  static const byte kStaleRegister = 10;
+  static const byte kSelfReferenceMarker = 10;

  typedef FixedBodyDescriptor<kToStringOffset, kTypeOfOffset + kPointerSize,
                              kSize> BodyDescriptor;

--- a/src/ppc/macro-assembler-ppc.cc
+++ b/src/ppc/macro-assembler-ppc.cc
@@ -34,8 +34,8 @@ TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
                               CodeObjectRequired create_code_object)
    : Assembler(isolate, buffer, buffer_size), isolate_(isolate) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }


--- a/src/x64/macro-assembler-x64.cc
+++ b/src/x64/macro-assembler-x64.cc
@@ -65,14 +65,24 @@ StackArgumentsAccessor::StackArgumentsAccessor(

 MacroAssembler::MacroAssembler(Isolate* isolate, void* buffer, int size,
                               CodeObjectRequired create_code_object)
-    : TurboAssembler(isolate, buffer, size, create_code_object) {}
+    : TurboAssembler(isolate, buffer, size, create_code_object) {
+  if (create_code_object == CodeObjectRequired::kYes) {
+    // Unlike TurboAssembler, which can be used off the main thread and may not
+    // allocate, macro assembler creates its own copy of the self-reference
+    // marker in order to disambiguate between self-references during nested
+    // code generation (e.g.: codegen of the current object triggers stub
+    // compilation through CodeStub::GetCode()).
+    code_object_ = Handle<HeapObject>::New(
+        *isolate->factory()->NewSelfReferenceMarker(), isolate);
+  }
+}

 TurboAssembler::TurboAssembler(Isolate* isolate, void* buffer, int buffer_size,
                               CodeObjectRequired create_code_object)
    : Assembler(isolate, buffer, buffer_size), isolate_(isolate) {
  if (create_code_object == CodeObjectRequired::kYes) {
-    code_object_ =
-        Handle<HeapObject>::New(isolate->heap()->undefined_value(), isolate);
+    code_object_ = Handle<HeapObject>::New(
+        isolate->heap()->self_reference_marker(), isolate);
  }
 }

@@ -148,11 +158,6 @@ void TurboAssembler::LookupConstant(Register destination,
  CHECK(isolate()->ShouldLoadConstantsFromRootList());
  CHECK(root_array_available_);

-  // TODO(jgruber, v8:6666): Support self-references. Currently, we'd end up
-  // adding the temporary code object to the constants list, before creating the
-  // final object in Factory::CopyCode.
-  CHECK(code_object_.is_null() || !object.equals(code_object_));
-
  // Ensure the given object is in the builtins constants table and fetch its
  // index.
  BuiltinsConstantsTableBuilder* builder =
@@ -1393,8 +1398,7 @@ void TurboAssembler::Push(Handle<HeapObject> source) {
 void TurboAssembler::Move(Register result, Handle<HeapObject> object,
                          RelocInfo::Mode rmode) {
 #ifdef V8_EMBEDDED_BUILTINS
-  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList() &&
-      !object.equals(CodeObject())) {
+  if (root_array_available_ && isolate()->ShouldLoadConstantsFromRootList()) {
    Heap::RootListIndex root_index;
    if (!isolate()->heap()->IsRootHandle(object, &root_index)) {
      LookupConstant(result, object);

--- a/src/x64/macro-assembler-x64.h
+++ b/src/x64/macro-assembler-x64.h
@@ -535,10 +535,11 @@ class TurboAssembler : public Assembler {
  // modified. It may be the "smi 1 constant" register.
  Register GetSmiConstant(Smi* value);

- private:
-  bool has_frame_ = false;
  // This handle will be patched with the code object on installation.
  Handle<HeapObject> code_object_;
+
+ private:
+  bool has_frame_ = false;
  Isolate* const isolate_;
 };


--- a/test/cctest/heap/test-heap.cc
+++ b/test/cctest/heap/test-heap.cc
@@ -3866,9 +3866,8 @@ static Handle<Code> DummyOptimizedCode(Isolate* isolate) {
  masm.Push(isolate->factory()->undefined_value());
  masm.Drop(2);
  masm.GetCode(isolate, &desc);
-  Handle<Object> undefined(isolate->heap()->undefined_value(), isolate);
-  Handle<Code> code =
-      isolate->factory()->NewCode(desc, Code::OPTIMIZED_FUNCTION, undefined);
+  Handle<Code> code = isolate->factory()->NewCode(
+      desc, Code::OPTIMIZED_FUNCTION, masm.CodeObject());
  CHECK(code->IsCode());
  return code;
 }

--- a/test/cctest/test-assembler-arm.cc
+++ b/test/cctest/test-assembler-arm.cc
@@ -2782,7 +2782,8 @@ TEST(code_relative_offset) {
  Isolate* isolate = CcTest::i_isolate();
  HandleScope scope(isolate);
  // Initialize a code object that will contain the code.
-  Handle<HeapObject> code_object(isolate->heap()->undefined_value(), isolate);
+  Handle<HeapObject> code_object(isolate->heap()->self_reference_marker(),
+                                 isolate);

  Assembler assm(isolate, nullptr, 0);


--- a/tools/v8heapconst.py
+++ b/tools/v8heapconst.py
@@ -264,36 +264,37 @@ KNOWN_MAPS = {
  ("RO_SPACE", 0x04d99): (147, "FixedUint8ClampedArrayMap"),
  ("RO_SPACE", 0x04e01): (149, "FixedBigUint64ArrayMap"),
  ("RO_SPACE", 0x04e69): (148, "FixedBigInt64ArrayMap"),
-  ("RO_SPACE", 0x04ee9): (173, "Tuple2Map"),
-  ("RO_SPACE", 0x04f61): (171, "ScriptMap"),
-  ("RO_SPACE", 0x04fc9): (163, "InterceptorInfoMap"),
-  ("RO_SPACE", 0x08e91): (154, "AccessorInfoMap"),
-  ("RO_SPACE", 0x090a1): (153, "AccessCheckInfoMap"),
-  ("RO_SPACE", 0x09109): (155, "AccessorPairMap"),
-  ("RO_SPACE", 0x09171): (156, "AliasedArgumentsEntryMap"),
-  ("RO_SPACE", 0x091d9): (157, "AllocationMementoMap"),
-  ("RO_SPACE", 0x09241): (158, "AllocationSiteMap"),
-  ("RO_SPACE", 0x092a9): (159, "AsyncGeneratorRequestMap"),
-  ("RO_SPACE", 0x09311): (160, "ContextExtensionMap"),
-  ("RO_SPACE", 0x09379): (161, "DebugInfoMap"),
-  ("RO_SPACE", 0x093e1): (162, "FunctionTemplateInfoMap"),
-  ("RO_SPACE", 0x09449): (164, "InterpreterDataMap"),
-  ("RO_SPACE", 0x094b1): (165, "ModuleInfoEntryMap"),
-  ("RO_SPACE", 0x09519): (166, "ModuleMap"),
-  ("RO_SPACE", 0x09581): (167, "ObjectTemplateInfoMap"),
-  ("RO_SPACE", 0x095e9): (168, "PromiseCapabilityMap"),
-  ("RO_SPACE", 0x09651): (169, "PromiseReactionMap"),
-  ("RO_SPACE", 0x096b9): (170, "PrototypeInfoMap"),
-  ("RO_SPACE", 0x09721): (172, "StackFrameInfoMap"),
-  ("RO_SPACE", 0x09789): (174, "Tuple3Map"),
-  ("RO_SPACE", 0x097f1): (175, "WasmCompiledModuleMap"),
-  ("RO_SPACE", 0x09859): (176, "WasmDebugInfoMap"),
-  ("RO_SPACE", 0x098c1): (177, "WasmSharedModuleDataMap"),
-  ("RO_SPACE", 0x09929): (178, "CallableTaskMap"),
-  ("RO_SPACE", 0x09991): (179, "CallbackTaskMap"),
-  ("RO_SPACE", 0x099f9): (180, "PromiseFulfillReactionJobTaskMap"),
-  ("RO_SPACE", 0x09a61): (181, "PromiseRejectReactionJobTaskMap"),
-  ("RO_SPACE", 0x09ac9): (182, "PromiseResolveThenableJobTaskMap"),
+  ("RO_SPACE", 0x04ed1): (131, "SelfReferenceMarkerMap"),
+  ("RO_SPACE", 0x04f51): (173, "Tuple2Map"),
+  ("RO_SPACE", 0x04fc9): (171, "ScriptMap"),
+  ("RO_SPACE", 0x05031): (163, "InterceptorInfoMap"),
+  ("RO_SPACE", 0x08f29): (154, "AccessorInfoMap"),
+  ("RO_SPACE", 0x09139): (153, "AccessCheckInfoMap"),
+  ("RO_SPACE", 0x091a1): (155, "AccessorPairMap"),
+  ("RO_SPACE", 0x09209): (156, "AliasedArgumentsEntryMap"),
+  ("RO_SPACE", 0x09271): (157, "AllocationMementoMap"),
+  ("RO_SPACE", 0x092d9): (158, "AllocationSiteMap"),
+  ("RO_SPACE", 0x09341): (159, "AsyncGeneratorRequestMap"),
+  ("RO_SPACE", 0x093a9): (160, "ContextExtensionMap"),
+  ("RO_SPACE", 0x09411): (161, "DebugInfoMap"),
+  ("RO_SPACE", 0x09479): (162, "FunctionTemplateInfoMap"),
+  ("RO_SPACE", 0x094e1): (164, "InterpreterDataMap"),
+  ("RO_SPACE", 0x09549): (165, "ModuleInfoEntryMap"),
+  ("RO_SPACE", 0x095b1): (166, "ModuleMap"),
+  ("RO_SPACE", 0x09619): (167, "ObjectTemplateInfoMap"),
+  ("RO_SPACE", 0x09681): (168, "PromiseCapabilityMap"),
+  ("RO_SPACE", 0x096e9): (169, "PromiseReactionMap"),
+  ("RO_SPACE", 0x09751): (170, "PrototypeInfoMap"),
+  ("RO_SPACE", 0x097b9): (172, "StackFrameInfoMap"),
+  ("RO_SPACE", 0x09821): (174, "Tuple3Map"),
+  ("RO_SPACE", 0x09889): (175, "WasmCompiledModuleMap"),
+  ("RO_SPACE", 0x098f1): (176, "WasmDebugInfoMap"),
+  ("RO_SPACE", 0x09959): (177, "WasmSharedModuleDataMap"),
+  ("RO_SPACE", 0x099c1): (178, "CallableTaskMap"),
+  ("RO_SPACE", 0x09a29): (179, "CallbackTaskMap"),
+  ("RO_SPACE", 0x09a91): (180, "PromiseFulfillReactionJobTaskMap"),
+  ("RO_SPACE", 0x09af9): (181, "PromiseRejectReactionJobTaskMap"),
+  ("RO_SPACE", 0x09b61): (182, "PromiseResolveThenableJobTaskMap"),
  ("MAP_SPACE", 0x02201): (1057, "ExternalMap"),
  ("MAP_SPACE", 0x02259): (1072, "JSMessageObjectMap"),
 }
@@ -310,7 +311,7 @@ KNOWN_OBJECTS = {
  ("RO_SPACE", 0x02899): "TrueValue",
  ("RO_SPACE", 0x02971): "FalseValue",
  ("RO_SPACE", 0x029c1): "empty_string",
-  ("RO_SPACE", 0x04f51): "EmptyByteArray",
+  ("RO_SPACE", 0x04fb9): "EmptyByteArray",
  ("OLD_SPACE", 0x02201): "UninitializedValue",
  ("OLD_SPACE", 0x02231): "EmptyScopeInfo",
  ("OLD_SPACE", 0x02241): "ArgumentsMarker",
@@ -346,6 +347,7 @@ KNOWN_OBJECTS = {
  ("OLD_SPACE", 0x02851): "InfinityValue",
  ("OLD_SPACE", 0x02861): "MinusZeroValue",
  ("OLD_SPACE", 0x02871): "MinusInfinityValue",
+  ("OLD_SPACE", 0x02881): "SelfReferenceMarker",
 }

 # List of known V8 Frame Markers.