Change-Id: Id7b756cb216d034108c08374c89bffc7a0c3aaa8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2736514Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73196}

This is a reland of 94283811

Patchset #2 fixes the Arm bug. A vpush is used to push the slot,
so subtract kSimd128Size from the stack decrement to get padding.

Original change's description:
> [wasm][liftoff] Respect CallDescriptor linkage
>
> - Adds the actual stack slot location to LiftoffStackSlots::Slot.
> - Adds SortInPushedOrder method for architectures that push
>   parameters.
> - Changes the LiftoffStackSlots::Construct signature to take the
>   number of parameter slots in total, and changes implementations
>   to insert padding when slots aren't contiguous.
> - Changes Arm MacroAssembler::AllocateStackSpace to check the
>   immediate value, and to be a nop when it's zero.
>
> Bug: v8:9198
> Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73191}

Bug: v8:9198
Change-Id: Iae4930e28dd7fc634e3709a5726379c6b37e5195
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735984Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73195}

Now that Goma is part of depot_tools (and any stale standalone
checkouts in ~/goma are dysfunctional), update gm.py's detection
logic.
Note: this only affects new args.gn files created by gm.py. On
machines where the build is already set up, this has no effect.

Fixed: v8:11160
No-Try: true
Change-Id: I19f475a51d4345d803d49d3ad2720a0f4f6f84bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735637Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73194}

This refactors the way the function-body-decoder maintains
its value stack: it now always calls the respective instruction's
interface function before updating its value stack (by dropping
input values and pushing results). The benefit is that interface
functions still see the original values in the decoder.

No change in observable behavior is intended.

Change-Id: I7618d11ff16675ef29ccb246371ac4fc85733955
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732019
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73193}

This reverts commit 94283811.

Reason for revert: Breaks arm simulator - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim/27651/overview

Original change's description:
> [wasm][liftoff] Respect CallDescriptor linkage
>
> - Adds the actual stack slot location to LiftoffStackSlots::Slot.
> - Adds SortInPushedOrder method for architectures that push
>   parameters.
> - Changes the LiftoffStackSlots::Construct signature to take the
>   number of parameter slots in total, and changes implementations
>   to insert padding when slots aren't contiguous.
> - Changes Arm MacroAssembler::AllocateStackSpace to check the
>   immediate value, and to be a nop when it's zero.
>
> Bug: v8:9198
> Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73191}

Bug: v8:9198
Change-Id: I59b4e84b5a54bcda65a9e96f75e5682713adbfd8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735639
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73192}

- Adds the actual stack slot location to LiftoffStackSlots::Slot.
- Adds SortInPushedOrder method for architectures that push
  parameters.
- Changes the LiftoffStackSlots::Construct signature to take the
  number of parameter slots in total, and changes implementations
  to insert padding when slots aren't contiguous.
- Changes Arm MacroAssembler::AllocateStackSpace to check the
  immediate value, and to be a nop when it's zero.

Bug: v8:9198
Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73191}

When disposing the compilation jobs, we have to update some fields
on JSFunction. Though the current implementation is safe given we only
dispose the compilation jobs when main thread is blocked, it is still
cleaner and safer to dispose of these jobs only on the main thread.
That also unifies the way we handle flushing the queues when we want
to block waiting for the pending tasks to finish or not

Basically this cl flushes the input queue before waiting for any
pending tasks to finish. This would avoid the special handling on the
background threads that dispose of these jobs when we are in the
flushing mode. This also means we don't need to keep track of
the mode anymore.

Change-Id: Icd3adbe998612159e796b2bc90486d38c420f9e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2726502Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73190}

This removes many wasm-specific code paths from codegen, such that
includes from src/wasm can be removed. After src/wasm is fully excluded
from no-wasm builds, we can also clean up unused enum values, but for
now they are still being referenced.

R=mslekova@chromium.org

Bug: v8:11238
Change-Id: I526ac931f023a57f70b5248befa2733ad10ce9ce
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73189}

This is a reland of fab754ff.
The lock-order inversion is fixed by putting the old code into the
surrounding WasmCodeRefScope such that it gets deleted only after
releasing the mutex.

Original change's description:
> [wasm][debug] Cache debugging code
>
> This adds a little cache for debugging code, including stepping code.
> Especially in stepping, we are currently repeatedly recompiling the same
> function, because whenever we pause (after every step) we clear
> stepping, only to reinstantiate it if the user continues stepping.
> Especially in source-level stepping this is wasteful, because stepping
> over a single line of C++ code can execute hundreds or thousands of
> steps in wasm.
>
> R=thibaudm@chromium.org
>
> Bug: chromium:1172299
> Change-Id: Id59a26cc67a5bf4a2d3cf6b1e8f14a8b1c73712c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732015
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73162}

Bug: chromium:1172299
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Ic2f92e2758e78dc4912021cd17267a4da563c0a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732675Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73188}

This reverts commit a8b61ef5.

Reason for revert: Looks like it breaks GC stress bot - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/35880/overview

Original change's description:
> [sparkplug] Change bytecode offset mapping and introduce iterator.
>
> Previously, we recorded pairs of (bytecode offset, sparkplug pc) to
> create a mapping of bytecode offset <-> sparkplug pc.
> These pairs were only recorded after builtin/runtime calls.
> In preparation for deoptimizing to Sparkplug, we need a more precise
> mapping.
> With this CL, we record positions for every bytecode. Instead of storing
> a pair of (bytecode offset, sparkplug pc), we store only the pc,
> calculating the bytecode offset from the index in the mapping table.
> For easier use an iterator to access the mapping is introduced.
>
> Drive-by: Reduce sampling interval in cpu-profiler cctest to get rid of
> flaky failures.
>
> Bug: v8:11420, v8:11429
> Change-Id: I36a9171f43a574eb67880cbca6cf9ff7ab291e60
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720189
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73186}

Bug: v8:11420
Bug: v8:11429
Change-Id: Ie71e7ce234e7b9ab9a2ec99a983e9900f35baa44
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735397
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73187}

Previously, we recorded pairs of (bytecode offset, sparkplug pc) to
create a mapping of bytecode offset <-> sparkplug pc.
These pairs were only recorded after builtin/runtime calls.
In preparation for deoptimizing to Sparkplug, we need a more precise
mapping.
With this CL, we record positions for every bytecode. Instead of storing
a pair of (bytecode offset, sparkplug pc), we store only the pc,
calculating the bytecode offset from the index in the mapping table.
For easier use an iterator to access the mapping is introduced.

Drive-by: Reduce sampling interval in cpu-profiler cctest to get rid of
flaky failures.

Bug: v8:11420, v8:11429
Change-Id: I36a9171f43a574eb67880cbca6cf9ff7ab291e60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720189Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73186}

Fixes an issue with tracing empty ephemeron values of mixin types.

Bug: chromium:1056170
Change-Id: I0089df29943ba7670ec4bdfa5592a01b0ec6de04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732025Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73185}

This is a reland of 6e234e9d
Fix CFI by adding a BTI instruction at the start of the handler.

Original change's description:
> [wasm][liftoff][eh] Implement catch_all
>
> Inline a catch handler after each potentially throwing call. The handler
> just merges values into the actual catch environment and then jumps to
> the catch body.
>
> This automatically adds support for unwind, which also uses the
> "CatchAll" interface method.
>
> Many tests can be written either with "catch" or with "catch_all".
> Duplicate them to get coverage for both.
>
> R=clemensb@chromium.org
>
> Bug: v8:11453
> Change-Id: I789ad44b8d1e496f026157d5c37a12004a8b37e3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2726497
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73129}

Bug: v8:11453
Change-Id: I84d90877e6227a1966b6347877a9c18e213d9419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732023
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73184}

This reverts commit 3ba9e866.

Reason for revert: Breaks libfuzzer

Original change's description:
> [api] Advance API deprecation
>
> Bug: v8:11165
> Change-Id: Id1c7abec73d5dd4824c0d84c9789a8b4ea4911ac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2726513
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73156}

Bug: v8:11165
Change-Id: Ia193be7aba6fc303a9f1d6853d373787118e39e3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732024
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73183}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/122de42..d98aad9

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/b60d41f..781cef0

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/6918862..8f03866

Rolling v8/third_party/aemu-linux-x64: xxaIXDIq8jINlzwdt2TTV0PFwnzlgMri76ohrXyvF-wC..utMThAHCm2co_NtVTIgysmvQlZ4OLWTUAedi23ThU2MC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6da8f82..1f50378

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/bf0766c..e0a2e12

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/6a9fd91..1ab4fae

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: If4bb8bdedb6b9edf1a7f7716a7227c30137a2459
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2734009Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73182}

This reverts commit 77838343.

Reason for revert: Mysterious win32 test262 failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win32%20-%20debug/30119/overview

Original change's description:
> [wasm-simd] Remove add horiz instructions
>
> Bug: v8:6020
> Change-Id: I0605798d03f2e9f9c3c07c49141289889a10a3b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727204
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73180}

Bug: v8:6020
Change-Id: Id1a58d7689d506b17ed04a7df67fec4003bc523d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733662
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73181}

Bug: v8:6020
Change-Id: I0605798d03f2e9f9c3c07c49141289889a10a3b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727204Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73180}

This reverts commit fe00fbd9.

Reason for revert: Broke on noavx https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug/36175/overview

Original change's description:
> [wasm-simd][liftoff] Compile double precision conversions
>
> I missed actually handling these instructions in liftoff-compiler, so
> even though the assembler functions were implemented for all archs, we
> weren't running them.
>
> This properly handles the instructions and a couple of fixes:
>
> - for arm64, typos in using signed instructions for unsigned Wasm ops
> - for arm, handle the case where dst == src, which leads to us
> overwriting src and then reading junk from the overwritten portions to
> convert
>
> Bug: v8:11265
> Change-Id: I7919280bdf395137e95075deb30ed815100df222
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728382
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73178}

Bug: v8:11265
Change-Id: I9bce3418c5321ded38e339cd96a9e7e399190c96
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733660
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73179}

I missed actually handling these instructions in liftoff-compiler, so
even though the assembler functions were implemented for all archs, we
weren't running them.

This properly handles the instructions and a couple of fixes:

- for arm64, typos in using signed instructions for unsigned Wasm ops
- for arm, handle the case where dst == src, which leads to us
overwriting src and then reading junk from the overwritten portions to
convert

Bug: v8:11265
Change-Id: I7919280bdf395137e95075deb30ed815100df222
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728382Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73178}

We don't need DefineSameAsFirst for AVX, this can save some moves.

Bug: v8:11190
Change-Id: I301896527cbeab62636b4af744ab0d3b42094ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727152Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73177}

We don't need DefineSameAsFirst for AVX, this can save some moves.

Bug: v8:9561
Change-Id: Ie30334d4a8f82d171d8048c2e02792c60b0106a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727151Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73176}

Change-Id: Ic6d25a2fbb22a1c658bcfa9dedae0c7b5dd13794
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733072Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73175}

Also introduced a new generic macro to decode vx instructions.

Change-Id: I52477213555381b401022434de2946f91558a0b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732609Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73174}

Bug: v8:11508
Change-Id: I27c01b9069de283247cfae4f5e5bfc42ebb998a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720017Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73173}

Add a couple of missing dependencies to the build rules for
torque-generated files. Also add a allow_circular_includes_from
declaration to v8_initializers, so that its files can be accessed by
torque_generated_initializers which cannot depend on v8_initializers
without introducing a cycle.

This reduces the number of gn check errors with --check-generated from
10512 to 33.

Bug: v8:7330
Change-Id: I324295c639094c258b3e8e674aef6edc043fe505
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732014
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73172}

This is similar to the x64 optimization for i8x16.swizzle.

Use external refs to load the masks neded for i8x16.swizzle. Before it
would need 3 instructions (2 moves + 1 pshufd), now it requires 2 moves.
Also on AVX we can relax the dst == src requirement, which can
potentially save a move too.

Extract the code sequence into a macro-assembler function for sharing
between Liftoff and TurboFan.

Bug: v8:11346
Change-Id: Id0ec5e891595f0b0fc2922e932fc6c501eca8dc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727150Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73171}

Changes:
- Add wasm-specific opcodes to MemoryOptimizer::CanAllocate.
- Instantiate PipelineData::{simplified_, javascript_, jsgraph_} in the
  wasm pipeline.
- In pipeline.cc, move WasmHeapStubCompilationJob below
  MemoryOptimizationPhase.
- Introduce WasmBaseOptimizationPhase, use it in the wasm pipeline.
- Add allow_singalling_nan argument to CsaEarlyOptimizationPhase and
  CsaOptimizationPhase.

Bug: v8:11510
Change-Id: I6d886a352ce0be612415f51d29860aeb6c0efcf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2726503Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73170}

This CL is the first in a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL does the following:

a) In PropertyAccessInfo::Kind, rename kDataConstant and
kAccessorConstant to kFastDataConstant and kFastAccessorConstant,
respectively, to indicate that these kinds are used for fast mode
holders.

b) In PropertyAccessInfo::Kind, add kDictionaryProtoDataConstant and
kDictionaryProtoAccessorConstant, which will be used for dictionary
mode holders (which must also be prototypes, as stated  above).

c) Add a member dictionary_index_ to PropertyAccessInfo, which is
used by the kinds mentioned in b)

Bug: v8:11248
Change-Id: Id1c10215aab287066a9765756f112c8035141013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718228
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73169}

This reverts commit fab754ff.

Reason for revert: TSan failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/13875/overview

Original change's description:
> [wasm][debug] Cache debugging code
>
> This adds a little cache for debugging code, including stepping code.
> Especially in stepping, we are currently repeatedly recompiling the same
> function, because whenever we pause (after every step) we clear
> stepping, only to reinstantiate it if the user continues stepping.
> Especially in source-level stepping this is wasteful, because stepping
> over a single line of C++ code can execute hundreds or thousands of
> steps in wasm.
>
> R=​thibaudm@chromium.org
>
> Bug: chromium:1172299
> Change-Id: Id59a26cc67a5bf4a2d3cf6b1e8f14a8b1c73712c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732015
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73162}

Bug: chromium:1172299
Change-Id: I8fac7701e6f58012c8e17322c22f29692ee8932b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732020
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73168}

This was missing in CppHeap which means the used_bytes counter in
EmbedderTracing was reset to 0 after every GC.

Bug: chromium:1056170
Change-Id: Iddb0aa1eff9cc354622653376c6623364e015c5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732668
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73167}

The first pass in loop-unrolling aims to process stack check and loop
exit nodes. These nodes are all connected in a known fashion to the loop
header, so there is no need to traverse the whole loop.

Bug: v8:11298
Change-Id: I8336290ce7dddc8967f3fe05d3064b681c1e5c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732007Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73166}

The implementation was added in the various assembler but not actually
handled in liftoff-compiler.

Bug: v8:11348
Change-Id: Ie05bb5e607498a5e5cd283402f9d1eb08ce81661
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2726548Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73165}

This is similar to the optimization for f32x4 dup + mul in
https://crrev.com/c/2719083. Refactor the pattern-matching code into a
helper function that returns a struct with all the necessary fields to
emit the optimized fmul by element instruction.

Add similar unittests and a negative test as well.

Bug: v8:11257
Change-Id: I79ab0bc783f43397191a54bf6fa736dd4dc8d807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728428Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73164}

When retrieving an API accessor function (i.e. either the getter or the
setter) for which the lazy accessor mechanism is used (i.e. where the
actual JSFunction is created lazily and only the FunctionTemplateInfo)
is around, we thus far created a fresh JSFunction every time the
accessor function is requested, but that's observably wrong behavior,
since the accessors are JavaScript objects with identity. We currently
rely on the instantiation cache to guarantee identity, but there's no
reason why we couldn't instead just put the instantiated JSFunction into
the AccessorPair.

Fixing this to only instantiate the lazy accessor pair only once, upon
first time it's requested, coincidentally also simplifies (and fixes)
the API accessor breakpoint machinery. This was previously lacking
support for walking dictionary prototype objects and forcibly
instantiating the lazy accessor pairs with break points. However, all
this magic in the debugger is no longer necessary when we ensure that
the lazy accessor pair component is generally only instantiated once.

Bug: v8:178, v8:7596, chromium:986063, chromium:496666
Change-Id: I41d28378010716c96c8ecf7c3f1247765f8bc669
Fixed: chromium:1163547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731527Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73163}

This adds a little cache for debugging code, including stepping code.
Especially in stepping, we are currently repeatedly recompiling the same
function, because whenever we pause (after every step) we clear
stepping, only to reinstantiate it if the user continues stepping.
Especially in source-level stepping this is wasteful, because stepping
over a single line of C++ code can execute hundreds or thousands of
steps in wasm.

R=thibaudm@chromium.org

Bug: chromium:1172299
Change-Id: Id59a26cc67a5bf4a2d3cf6b1e8f14a8b1c73712c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732015Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73162}

Bug: chromium:1153363, v8:10047
Change-Id: I1ee305ee25c8fab64756ba2b0cf38a3c6b004d30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732667Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73161}

Now that all individual methods are being performed concurrently, we can
move DescriptorArray to skip serialization.

Bug: v8:7790
Change-Id: I4bda72e6302b0f2e224f9fa2e4e97877e42a3c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720280
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73160}

Handles are notorious for preventing compiler optimizations. We should
avoid them for simple const functions.

- Mark more API functions const
- Mark more String functions const

Bug: v8:11195, chromium:808503, v8:11263
Change-Id: I9940e85600bc7d19027039d807b3313e2dcccdc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575065Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73159}

Bug: v8:11298
Change-Id: I99d36812aabd99fd92a20f743705aee193914381
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731530Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73158}

- Add private NewStructInternal
- Dehandlify JSObject initializers

Bug: v8:11263
Change-Id: I62d77ef32747c2042de707ba10fad20327af0930
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2729342Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73157}