Reland "Prevent stack overflow in the serializer/deserializer."

src/snapshot/serialize.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/api.h"
 #include "src/base/platform/platform.h"
 #include "src/bootstrapper.h"
@@ skipping 542 matching lines @@
   Initialize(isolate);
   if (!ReserveSpace()) V8::FatalProcessOutOfMemory("deserializing context");
   // No active threads.
   DCHECK_NULL(isolate_->thread_manager()->FirstThreadStateInUse());
   // No active handles.
   DCHECK(isolate_->handle_scope_implementer()->blocks()->is_empty());
   isolate_->heap()->IterateSmiRoots(this);
   isolate_->heap()->IterateStrongRoots(this, VISIT_ONLY_STRONG);
   isolate_->heap()->RepairFreeListsAfterDeserialization();
   isolate_->heap()->IterateWeakRoots(this, VISIT_ALL);
+  DeserializeDeferredObjects();
 
   isolate_->heap()->set_native_contexts_list(
       isolate_->heap()->undefined_value());
 
   // The allocation site list is build during root iteration, but if no sites
   // were encountered then it needs to be initialized to undefined.
   if (isolate_->heap()->allocation_sites_list() == Smi::FromInt(0)) {
     isolate_->heap()->set_allocation_sites_list(
         isolate_->heap()->undefined_value());
   }
@@ skipping 29 matching lines @@
 
   DisallowHeapAllocation no_gc;
   // Keep track of the code space start and end pointers in case new
   // code objects were unserialized
   OldSpace* code_space = isolate_->heap()->code_space();
   Address start_address = code_space->top();
   Object* root;
   Object* outdated_contexts;
   VisitPointer(&root);
   VisitPointer(&outdated_contexts);
+  DeserializeDeferredObjects();
 
   // There's no code deserialized here. If this assert fires
   // then that's changed and logging should be added to notify
   // the profiler et al of the new code.
   CHECK_EQ(start_address, code_space->top());
   CHECK(outdated_contexts->IsFixedArray());
   *outdated_contexts_out =
       Handle<FixedArray>(FixedArray::cast(outdated_contexts), isolate);
   return Handle<Object>(root, isolate);
 }
 
 
 MaybeHandle<SharedFunctionInfo> Deserializer::DeserializeCode(
     Isolate* isolate) {
   Initialize(isolate);
   if (!ReserveSpace()) {
     return Handle<SharedFunctionInfo>();
   } else {
     deserializing_user_code_ = true;
     DisallowHeapAllocation no_gc;
     Object* root;
     VisitPointer(&root);
+    DeserializeDeferredObjects();
     return Handle<SharedFunctionInfo>(SharedFunctionInfo::cast(root));
   }
 }
 
 
 Deserializer::~Deserializer() {
   // TODO(svenpanne) Re-enable this assertion when v8 initialization is fixed.
   // DCHECK(source_.AtEOF());
   attached_objects_.Dispose();
 }
 
 
 // This is called on the roots.  It is the driver of the deserialization
 // process.  It is also called on the body of each function.
 void Deserializer::VisitPointers(Object** start, Object** end) {
   // The space must be new space.  Any other space would cause ReadChunk to try
   // to update the remembered using NULL as the address.
   ReadData(start, end, NEW_SPACE, NULL);
 }
 
 
-void Deserializer::RelinkAllocationSite(AllocationSite* site) {
-  if (isolate_->heap()->allocation_sites_list() == Smi::FromInt(0)) {
-    site->set_weak_next(isolate_->heap()->undefined_value());
-  } else {
-    site->set_weak_next(isolate_->heap()->allocation_sites_list());
+void Deserializer::DeserializeDeferredObjects() {
+  for (int code = source_.Get(); code != kSynchronize; code = source_.Get()) {
+    int space = code & kSpaceMask;
+    DCHECK(space <= kNumberOfSpaces);
+    DCHECK(code - space == kNewObject);
+    HeapObject* object = GetBackReferencedObject(space);
+    int size = source_.GetInt() << kPointerSizeLog2;
+    Address obj_address = object->address();
+    Object** start = reinterpret_cast<Object**>(obj_address + kPointerSize);
+    Object** end = reinterpret_cast<Object**>(obj_address + size);
+    bool filled = ReadData(start, end, space, obj_address);
+    CHECK(filled);
+    if (object->IsAllocationSite()) {
+      RelinkAllocationSite(AllocationSite::cast(object));
+    }
   }
-  isolate_->heap()->set_allocation_sites_list(site);
 }
 
 
 // Used to insert a deserialized internalized string into the string table.
 class StringTableInsertionKey : public HashTableKey {
  public:
   explicit StringTableInsertionKey(String* string)
       : string_(string), hash_(HashForObject(string)) {
     DCHECK(string->IsInternalizedString());
   }
@@ skipping 14 matching lines @@
 
   MUST_USE_RESULT virtual Handle<Object> AsHandle(Isolate* isolate) override {
     return handle(string_, isolate);
   }
 
   String* string_;
   uint32_t hash_;
 };
 
 
-HeapObject* Deserializer::ProcessNewObjectFromSerializedCode(HeapObject* obj) {
+HeapObject* Deserializer::PostProcessNewObject(HeapObject* obj) {
+  DCHECK(deserializing_user_code());
   if (obj->IsString()) {
     String* string = String::cast(obj);
     // Uninitialize hash field as the hash seed may have changed.
     string->set_hash_field(String::kEmptyHashField);
     if (string->IsInternalizedString()) {
       DisallowHeapAllocation no_gc;
       HandleScope scope(isolate_);
       StringTableInsertionKey key(string);
       String* canonical = *StringTable::LookupKey(isolate_, &key);
       string->SetForwardedInternalizedString(canonical);
       return canonical;
     }
   } else if (obj->IsScript()) {
     Script::cast(obj)->set_id(isolate_->heap()->NextScriptId());
+  } else {
+    DCHECK(CanBeDeferred(obj));
   }
   return obj;
 }
 
 
+void Deserializer::RelinkAllocationSite(AllocationSite* obj) {
+  DCHECK(obj->IsAllocationSite());
+  // Allocation sites are present in the snapshot, and must be linked into
+  // a list at deserialization time.
+  AllocationSite* site = AllocationSite::cast(obj);
+  // TODO(mvstanton): consider treating the heap()->allocation_sites_list()
+  // as a (weak) root. If this root is relocated correctly,
+  // RelinkAllocationSite() isn't necessary.
+  if (isolate_->heap()->allocation_sites_list() == Smi::FromInt(0)) {
+    site->set_weak_next(isolate_->heap()->undefined_value());
+  } else {
+    site->set_weak_next(isolate_->heap()->allocation_sites_list());
+  }
+  isolate_->heap()->set_allocation_sites_list(site);
+}
+
+
 HeapObject* Deserializer::GetBackReferencedObject(int space) {
   HeapObject* obj;
   BackReference back_reference(source_.GetInt());
   if (space == LO_SPACE) {
     CHECK(back_reference.chunk_index() == 0);
     uint32_t index = back_reference.large_object_index();
     obj = deserialized_large_objects_[index];
   } else {
     DCHECK(space < kNumberOfPreallocatedSpaces);
     uint32_t chunk_index = back_reference.chunk_index();
@@ skipping 35 matching lines @@
     obj = isolate_->heap()->DoubleAlignForDeserialization(obj, reserved_size);
     address = obj->address();
   }
 
   isolate_->heap()->OnAllocationEvent(obj, size);
   Object** current = reinterpret_cast<Object**>(address);
   Object** limit = current + (size >> kPointerSizeLog2);
   if (FLAG_log_snapshot_positions) {
     LOG(isolate_, SnapshotPositionEvent(address, source_.position()));
   }
-  ReadData(current, limit, space_number, address);
 
-  // TODO(mvstanton): consider treating the heap()->allocation_sites_list()
-  // as a (weak) root. If this root is relocated correctly,
-  // RelinkAllocationSite() isn't necessary.
-  if (obj->IsAllocationSite()) RelinkAllocationSite(AllocationSite::cast(obj));
+  if (ReadData(current, limit, space_number, address)) {
+    // Only post process if object content has not been deferred.
+    if (obj->IsAllocationSite()) {
+      RelinkAllocationSite(AllocationSite::cast(obj));
+    }
 
-  // Fix up strings from serialized user code.
-  if (deserializing_user_code()) obj = ProcessNewObjectFromSerializedCode(obj);
+    if (deserializing_user_code()) obj = PostProcessNewObject(obj);
+  }
 
   Object* write_back_obj = obj;
   UnalignedCopy(write_back, &write_back_obj);
 #ifdef DEBUG
   if (obj->IsCode()) {
     DCHECK(space_number == CODE_SPACE || space_number == LO_SPACE);
-#ifdef VERIFY_HEAP
-    obj->ObjectVerify();
-#endif  // VERIFY_HEAP
   } else {
     DCHECK(space_number != CODE_SPACE);
   }
 #endif  // DEBUG
 }
 
 
 // We know the space requirements before deserialization and can
 // pre-allocate that reserved space. During deserialization, all we need
 // to do is to bump up the pointer for each space in the reserved
@@ skipping 23 matching lines @@
     // Assert that the current reserved chunk is still big enough.
     const Heap::Reservation& reservation = reservations_[space_index];
     int chunk_index = current_chunk_[space_index];
     CHECK_LE(high_water_[space_index], reservation[chunk_index].end);
 #endif
     return address;
   }
 }
 
 
-void Deserializer::ReadData(Object** current, Object** limit, int source_space,
+bool Deserializer::ReadData(Object** current, Object** limit, int source_space,
                             Address current_object_address) {
   Isolate* const isolate = isolate_;
   // Write barrier support costs around 1% in startup time.  In fact there
   // are no new space objects in current boot snapshots, so it's not needed,
   // but that may change.
   bool write_barrier_needed =
       (current_object_address != NULL && source_space != NEW_SPACE &&
        source_space != CODE_SPACE);
   while (current < limit) {
     byte data = source_.Get();
@@ skipping 236 matching lines @@
         const Heap::Reservation& reservation = reservations_[space];
         // Make sure the current chunk is indeed exhausted.
         CHECK_EQ(reservation[chunk_index].end, high_water_[space]);
         // Move to next reserved chunk.
         chunk_index = ++current_chunk_[space];
         CHECK_LT(chunk_index, reservation.length());
         high_water_[space] = reservation[chunk_index].start;
         break;
       }
 
+      case kDeferred: {
+        // Deferred can only occur right after the heap object header.
+        DCHECK(current == reinterpret_cast<Object**>(current_object_address +
+                                                     kPointerSize));
+        HeapObject* obj = HeapObject::FromAddress(current_object_address);
+        // If the deferred object is a map, its instance type may be used
+        // during deserialization. Initialize it with a temporary value.
+        if (obj->IsMap()) Map::cast(obj)->set_instance_type(FILLER_TYPE);
+        current = limit;
+        return false;
+      }
+
       case kSynchronize:
         // If we get here then that indicates that you have a mismatch between
         // the number of GC roots when serializing and deserializing.
         CHECK(false);
         break;
 
       case kNativesStringResource: {
         DCHECK(!isolate_->heap()->deserialization_complete());
         int index = source_.Get();
         Vector<const char> source_vector = Natives::GetScriptSource(index);
@@ skipping 86 matching lines @@
       }
 
 #undef SIXTEEN_CASES
 #undef FOUR_CASES
 
       default:
         CHECK(false);
     }
   }
   CHECK_EQ(limit, current);
+  return true;
 }
 
 
 Serializer::Serializer(Isolate* isolate, SnapshotByteSink* sink)
     : isolate_(isolate),
       sink_(sink),
       external_reference_encoder_(isolate),
       root_index_map_(isolate),
+      recursion_depth_(0),
       code_address_map_(NULL),
       large_objects_total_size_(0),
       seen_large_objects_index_(0) {
   // The serializer is meant to be used only to generate initial heap images
   // from a context in which there is only one isolate.
   for (int i = 0; i < kNumberOfPreallocatedSpaces; i++) {
     pending_chunk_[i] = 0;
     max_chunk_size_[i] = static_cast<uint32_t>(
         MemoryAllocator::PageAreaSize(static_cast<AllocationSpace>(i)));
   }
@@ skipping 55 matching lines @@
     PrintF("%10d %10" V8_PTR_PREFIX "d  %s\n", instance_type_count_[Name], \
            instance_type_size_[Name], #Name);                              \
   }
   INSTANCE_TYPE_LIST(PRINT_INSTANCE_TYPE)
 #undef PRINT_INSTANCE_TYPE
   PrintF("\n");
 #endif  // OBJECT_PRINT
 }
 
 
+void Serializer::SerializeDeferredObjects() {
+  while (deferred_objects_.length() > 0) {
+    HeapObject* obj = deferred_objects_.RemoveLast();
+    ObjectSerializer obj_serializer(this, obj, sink_, kPlain, kStartOfObject);
+    obj_serializer.SerializeDeferred();
+  }
+  sink_->Put(kSynchronize, "Finished with deferred objects");
+}
+
+
 void StartupSerializer::SerializeStrongReferences() {
   Isolate* isolate = this->isolate();
   // No active threads.
   CHECK_NULL(isolate->thread_manager()->FirstThreadStateInUse());
   // No active or weak handles.
   CHECK(isolate->handle_scope_implementer()->blocks()->is_empty());
   CHECK_EQ(0, isolate->global_handles()->NumberOfWeakHandles());
   CHECK_EQ(0, isolate->eternal_handles()->NumberOfHandles());
   // We don't support serializing installed extensions.
   CHECK(!isolate->has_installed_extensions());
@@ skipping 24 matching lines @@
 
 
 void PartialSerializer::Serialize(Object** o) {
   if ((*o)->IsContext()) {
     Context* context = Context::cast(*o);
     global_object_ = context->global_object();
     back_reference_map()->AddGlobalProxy(context->global_proxy());
   }
   VisitPointer(o);
   SerializeOutdatedContextsAsFixedArray();
+  SerializeDeferredObjects();
   Pad();
 }
 
 
 void PartialSerializer::SerializeOutdatedContextsAsFixedArray() {
   int length = outdated_contexts_.length();
   if (length == 0) {
     FixedArray* empty = isolate_->heap()->empty_fixed_array();
     SerializeObject(empty, kPlain, kStartOfObject, 0);
   } else {
     // Serialize an imaginary fixed array containing outdated contexts.
     int size = FixedArray::SizeFor(length);
     Allocate(NEW_SPACE, size);
     sink_->Put(kNewObject + NEW_SPACE, "emulated FixedArray");
     sink_->PutInt(size >> kObjectAlignmentBits, "FixedArray size in words");
     Map* map = isolate_->heap()->fixed_array_map();
     SerializeObject(map, kPlain, kStartOfObject, 0);
     Smi* length_smi = Smi::FromInt(length);
     sink_->Put(kOnePointerRawData, "Smi");
     for (int i = 0; i < kPointerSize; i++) {
       sink_->Put(reinterpret_cast<byte*>(&length_smi)[i], "Byte");
     }
     for (int i = 0; i < length; i++) {
-      BackReference back_ref = outdated_contexts_[i];
-      DCHECK(BackReferenceIsAlreadyAllocated(back_ref));
-      sink_->Put(kBackref + back_ref.space(), "BackRef");
-      sink_->PutInt(back_ref.reference(), "BackRefValue");
+      Context* context = outdated_contexts_[i];
+      BackReference back_reference = back_reference_map_.Lookup(context);
+      sink_->Put(kBackref + back_reference.space(), "BackRef");
+      PutBackReference(context, back_reference);
     }
   }
 }
 
 
 bool Serializer::ShouldBeSkipped(Object** current) {
   Object** roots = isolate()->heap()->roots_array_start();
   return current == &roots[Heap::kStoreBufferTopRootIndex]
       || current == &roots[Heap::kStackLimitRootIndex]
       || current == &roots[Heap::kRealStackLimitRootIndex];
@@ skipping 142 matching lines @@
       }
 
       AllocationSpace space = back_reference.space();
       if (skip == 0) {
         sink_->Put(kBackref + how_to_code + where_to_point + space, "BackRef");
       } else {
         sink_->Put(kBackrefWithSkip + how_to_code + where_to_point + space,
                    "BackRefWithSkip");
         sink_->PutInt(skip, "BackRefSkipDistance");
       }
-      DCHECK(BackReferenceIsAlreadyAllocated(back_reference));
-      sink_->PutInt(back_reference.reference(), "BackRefValue");
-
-      hot_objects_.Add(obj);
+      PutBackReference(obj, back_reference);
     }
     return true;
   }
   return false;
 }
 
 
 void StartupSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
                                         WhereToPoint where_to_point, int skip) {
   DCHECK(!obj->IsJSFunction());
@@ skipping 15 matching lines @@
 
   FlushSkip(skip);
 
   // Object has not yet been serialized.  Serialize it here.
   ObjectSerializer object_serializer(this, obj, sink_, how_to_code,
                                      where_to_point);
   object_serializer.Serialize();
 }
 
 
-void StartupSerializer::SerializeWeakReferences() {
+void StartupSerializer::SerializeWeakReferencesAndDeferred() {
   // This phase comes right after the serialization (of the snapshot).
   // After we have done the partial serialization the partial snapshot cache
   // will contain some references needed to decode the partial snapshot.  We
   // add one entry with 'undefined' which is the sentinel that the deserializer
   // uses to know it is done deserializing the array.
   Object* undefined = isolate()->heap()->undefined_value();
   VisitPointer(&undefined);
   isolate()->heap()->IterateWeakRoots(this, VISIT_ALL);
+  SerializeDeferredObjects();
   Pad();
 }
 
 
 void Serializer::PutRoot(int root_index,
                          HeapObject* object,
                          SerializerDeserializer::HowToCode how_to_code,
                          SerializerDeserializer::WhereToPoint where_to_point,
                          int skip) {
   if (FLAG_trace_serializer) {
@@ skipping 12 matching lines @@
       sink_->PutInt(skip, "SkipInPutRoot");
     }
   } else {
     FlushSkip(skip);
     sink_->Put(kRootArray + how_to_code + where_to_point, "RootSerialization");
     sink_->PutInt(root_index, "root_index");
   }
 }
 
 
+void Serializer::PutBackReference(HeapObject* object, BackReference reference) {
+  DCHECK(BackReferenceIsAlreadyAllocated(reference));
+  sink_->PutInt(reference.reference(), "BackRefValue");
+  hot_objects_.Add(object);
+}
+
+
 void PartialSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
                                         WhereToPoint where_to_point, int skip) {
   if (obj->IsMap()) {
     // The code-caches link to context-specific code objects, which
     // the startup and context serializes cannot currently handle.
     DCHECK(Map::cast(obj)->code_cache() == obj->GetHeap()->empty_fixed_array());
   }
 
   // Replace typed arrays by undefined.
   if (obj->IsJSTypedArray()) obj = isolate_->heap()->undefined_value();
@@ skipping 33 matching lines @@
   }
 
   // Object has not yet been serialized.  Serialize it here.
   ObjectSerializer serializer(this, obj, sink_, how_to_code, where_to_point);
   serializer.Serialize();
 
   if (obj->IsContext() &&
       Context::cast(obj)->global_object() == global_object_) {
     // Context refers to the current global object. This reference will
     // become outdated after deserialization.
-    BackReference back_reference = back_reference_map_.Lookup(obj);
-    DCHECK(back_reference.is_valid());
-    outdated_contexts_.Add(back_reference);
+    outdated_contexts_.Add(Context::cast(obj));
   }
 }
 
 
 void Serializer::ObjectSerializer::SerializePrologue(AllocationSpace space,
                                                      int size, Map* map) {
   if (serializer_->code_address_map_) {
     const char* code_name =
         serializer_->code_address_map_->Lookup(object_->address());
     LOG(serializer_->isolate_,
@@ skipping 109 matching lines @@
 void Serializer::ObjectSerializer::Serialize() {
   if (FLAG_trace_serializer) {
     PrintF(" Encoding heap object: ");
     object_->ShortPrint();
     PrintF("\n");
   }
 
   // We cannot serialize typed array objects correctly.
   DCHECK(!object_->IsJSTypedArray());
 
+  // We don't expect fillers.
+  DCHECK(!object_->IsFiller());
+
   if (object_->IsPrototypeInfo()) {
     Object* prototype_users = PrototypeInfo::cast(object_)->prototype_users();
     if (prototype_users->IsWeakFixedArray()) {
       WeakFixedArray::cast(prototype_users)->Compact();
     }
   }
 
   if (object_->IsScript()) {
     // Clear cached line ends.
     Object* undefined = serializer_->isolate()->heap()->undefined_value();
@@ skipping 17 matching lines @@
   int size = object_->Size();
   Map* map = object_->map();
   AllocationSpace space =
       MemoryChunk::FromAddress(object_->address())->owner()->identity();
   SerializePrologue(space, size, map);
 
   // Serialize the rest of the object.
   CHECK_EQ(0, bytes_processed_so_far_);
   bytes_processed_so_far_ = kPointerSize;
 
+  RecursionScope recursion(serializer_);
+  // Objects that are immediately post processed during deserialization
+  // cannot be deferred, since post processing requires the object content.
+  if (recursion.ExceedsMaximum() && CanBeDeferred(object_)) {
+    serializer_->QueueDeferredObject(object_);
+    sink_->Put(kDeferred, "Deferring object content");
+    return;
+  }
+
   object_->IterateBody(map->instance_type(), size, this);
   OutputRawData(object_->address() + size);
 }
+
+
+void Serializer::ObjectSerializer::SerializeDeferred() {
+  if (FLAG_trace_serializer) {
+    PrintF(" Encoding deferred heap object: ");
+    object_->ShortPrint();
+    PrintF("\n");
+  }
+
+  int size = object_->Size();
+  Map* map = object_->map();
+  BackReference reference = serializer_->back_reference_map()->Lookup(object_);
+
+  // Serialize the rest of the object.
+  CHECK_EQ(0, bytes_processed_so_far_);
+  bytes_processed_so_far_ = kPointerSize;
+
+  sink_->Put(kNewObject + reference.space(), "deferred object");
+  serializer_->PutBackReference(object_, reference);
+  sink_->PutInt(size >> kPointerSizeLog2, "deferred object size");
+
+  object_->IterateBody(map->instance_type(), size, this);
+  OutputRawData(object_->address() + size);
+}
 
 
 void Serializer::ObjectSerializer::VisitPointers(Object** start,
                                                  Object** end) {
   Object** current = start;
   while (current < end) {
     while (current < end && (*current)->IsSmi()) current++;
     if (current < end) OutputRawData(reinterpret_cast<Address>(current));
 
     while (current < end && !(*current)->IsSmi()) {
@@ skipping 301 matching lines @@
     if (script->IsScript()) Script::cast(script)->name()->ShortPrint();
     PrintF("]\n");
   }
 
   // Serialize code object.
   SnapshotByteSink sink(info->code()->CodeSize() * 2);
   CodeSerializer cs(isolate, &sink, *source, info->code());
   DisallowHeapAllocation no_gc;
   Object** location = Handle<Object>::cast(info).location();
   cs.VisitPointer(location);
+  cs.SerializeDeferredObjects();
   cs.Pad();
 
   SerializedCodeData data(sink.data(), cs);
   ScriptData* script_data = data.GetScriptData();
 
   if (FLAG_profile_deserialization) {
     double ms = timer.Elapsed().InMillisecondsF();
     int length = script_data->length();
     PrintF("[Serializing to %d bytes took %0.3f ms]\n", length, ms);
   }
@@ skipping 445 matching lines @@
   DisallowHeapAllocation no_gc;
   SerializedCodeData* scd = new SerializedCodeData(cached_data);
   SanityCheckResult r = scd->SanityCheck(isolate, source);
   if (r == CHECK_SUCCESS) return scd;
   cached_data->Reject();
   source->GetIsolate()->counters()->code_cache_reject_reason()->AddSample(r);
   delete scd;
   return NULL;
 }
 } }  // namespace v8::internal