The one we currently using is now marked as internal and to be removed
for 68. Migrating to the style which already avaiable in ICU 67-1.

Bug: v8:11031
Change-Id: I668382a2e1b8602ddca02bf231c5008a6c92bf2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477751Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70638}

Port 7f58ced7

Original Commit Message:

    While the overall goal of this commit is to change deoptimization
    entries into builtins, there are multiple related things happening:

    - Deoptimization entries, formerly stubs (i.e. Code objects generated
      at runtime, guaranteed to be immovable), have been converted into
      builtins. The major restriction is that we now need to preserve the
      kRootRegister, which was formerly used on most architectures to pass
      the deoptimization id. The solution differs based on platform.
    - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
    - Removed heap/ support for immovable Code generation.
    - Removed the DeserializerData class (no longer needed).
    - arm64: to preserve 4-byte deopt exits, introduced a new optimization
      in which the final jump to the deoptimization entry is generated
      once per Code object, and deopt exits can continue to emit a
      near-call.
    - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
      sizes by 4/8, 5, and 5 bytes, respectively.

    On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
    by using the same strategy as on arm64 (recalc deopt id from return
    address). Before:

     e300a002       movw r10, <id>
     e59fc024       ldr ip, [pc, <entry offset>]
     e12fff3c       blx ip

    After:

     e59acb35       ldr ip, [r10, <entry offset>]
     e12fff3c       blx ip

    On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
    with CFI). Additionally, up to 4 builtin jumps are emitted per Code
    object (max 32 bytes added overhead per Code object). Before:

     9401cdae       bl <entry offset>

    After:

     # eager deoptimization entry jump.
     f95b1f50       ldr x16, [x26, <eager entry offset>]
     d61f0200       br x16
     # lazy deoptimization entry jump.
     f95b2b50       ldr x16, [x26, <lazy entry offset>]
     d61f0200       br x16
     # the deopt exit.
     97fffffc       bl <eager deoptimization entry jump offset>

    On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:

     bb00000000     mov ebx,<id>
     e825f5372b     call <entry>

    After:

     e8ea2256ba     call <entry>

    On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:

     49c7c511000000 REX.W movq r13,<id>
     e8ea2f0700     call <entry>

    After:

     41ff9560360000 call [r13+<entry offset>]

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, miladfar@ca.ibm.com
BUG=
LOG=N

Change-Id: I49e4c92759043e46beb3c76c97823285b16feeef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486225Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70637}

All these opcodes have a simple lowering into a single x64 instruction.
We can perform a similar optimization when AVX is supported to not force
dst == src1.

Bug: v8:10116
Change-Id: I4ad2975b6f241d8209025682202b476c08b3491b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486383Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70636}

We don't need separate Load32Zero and Load64Zero instructions, since the
implementation is movss and movsd, which we already have.

Bug: v8:10713
Change-Id: I5d02e946f3bf9fe08f943a811f2d3cc8aec81ea8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486233Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70635}

Prototype these two instructions on ia32. They are movss and movsd
respectively, so the implementation is pretty simple, as we support
these instructions already.

Bug: v8:11038
Change-Id: Iebf4afab2bf1edfb4b14a4855d5036677f999ca9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486232Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70634}

I happened to notice while stepping through the StackUnwindingWin64 test
that it never actually encounters a runtime-compiled function despite
using %OptimizeFunctionOnNextCall. V8 compiles the function on the
subsequent call as requested, but the compiled function isn't very good
because there was no feedback data, and it immediately deopts. To fix,
we can call the function once between %PrepareFunctionForOptimization
and %OptimizeFunctionOnNextCall.

Change-Id: Icb25f16d43a60c36a1f85d15e2ce4535e08d1076
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2472780Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70633}

First CL with initial changes:
https://crrev.com/c/2468618

This CL adds the same set to the wasm interpreter.
We also need to make sure "negation" as well as
"std::abs" are excluded from this fix as they can reverse
the sign bit intentionally.

Change-Id: I115649f55b5290d2529dda3d5592feaff3363b76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485246Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70632}

This reverts commit eb6b4ce1.

Reason for revert: Might need rebaseline:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/7519

Original change's description:
> [runtime] Use Isolate::ThrowAt with MessageLocation
>
> Fix various missing source positions when reporting parse and compile
> errors. Namely this fixes missing source positions when having invalid
> module imports.
>
> - Use Isolate::ThrowAt with valid MessageLocation objects
> - Change public Isolate::Throw to no longer accept MessageLocation to
>   avoid misues
> - Introduce private Isolate::ThrowInternal that accepts MessageLocation
>
> Bug: v8:6513
> Change-Id: I3ee633c9fff8c9d361bddb37f56e28a50c280ec1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467839
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70623}

TBR=marja@chromium.org,cbruni@chromium.org,ishell@chromium.org

Change-Id: Ifa16ef8b6e5e411712fbad2e2a58fd700da12a69
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6513
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485498Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70631}

Not sure why I originally chose to name it LoadMem32Zero instead of
Load32Zero like the proposal. This fixes it.

Bug: v8:10713
Change-Id: If05603f743213bc6b7aea0ce22c80ae4b3023ccf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481824Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70630}

The feedback vector can be retrieved from the callee's frame, and the
actual_map can be read from the actual_value, so avoid passing these
explicitly to the DynamicMapChecks builtin. This reduces the size of
each DynamicMapCheck codegen by around 20 bytes on x64.

BUG=v8:9684

Change-Id: I31cf9b8cf085284ac051ebafc86f3e26105f3046
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485813
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70629}

For splats, we can make use of vshufps to avoid a movss. Without
AVX, specific dst to be same as src in the instruction selector.

For extract lane, we can use vshufps to extract a float into a dst xmm,
and leave junk in the higher bits.

On the meshopt_decoder.js benchmark in linked bug, it removes about 7
movss instructions that did nothing. Hardware can do register renaming,
but let's not rely on that :)

R=bbudge@chromium.org

Bug: v8:10116
Change-Id: I4d68c10536a79659de673060d537d58113308477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481473
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70628}

Change-Id: I29a6d91f542dc78a8ec532a4e4a74ccc792308a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485811
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70627}

LoadKind is not longer just for load, we use it for stores as well
(starting with https://crrev.com/c/2473383). Rename it to something more
generic.

Bug: v8:10975,v8:10933
Change-Id: I5e5406ea475e06a83eb2eefe22d4824a99029944
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481822
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70626}

IsRunning is the v8 equivalent of operator bool, but is confusing
with IsCompleted. IsValid (to match base:: operator bool) should be more
clear.

Change-Id: I2529bea21c7cb7613bd5057c66715fb5ea450396
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461840Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70625}

Also known as multiply long, this multiplies the top or bottom half of
the input operands, the result is twice as wide as the input.

This implements arm64 and interpreter.

Bug: v8:11008
Change-Id: Iad693007066dd1a9bc529b282e88812a081c3a01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469156Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70624}

Fix various missing source positions when reporting parse and compile
errors. Namely this fixes missing source positions when having invalid
module imports.

- Use Isolate::ThrowAt with valid MessageLocation objects
- Change public Isolate::Throw to no longer accept MessageLocation to
  avoid misues
- Introduce private Isolate::ThrowInternal that accepts MessageLocation

Bug: v8:6513
Change-Id: I3ee633c9fff8c9d361bddb37f56e28a50c280ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467839
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70623}

Parse the AssertEntries in an import assertion clause, storing them in
a map.  Plumb them through the parser to the appropriate
SourceTextModuleDescriptor methods.

The next change will plumb them into the SourceTextModuleDescriptor's
ModuleRequestMap and through to SourceTextModuleInfo::New.

Bug: v8:10958
Change-Id: I19c31090520f14f94d014e760f5fe372bf773fc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482326Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70622}

Since JS arguments are always reversed now
(https://crrev.com/c/2466116), the logic for skipping the arguments
adapter is dead. Hence this CL removes the dead enum value and all code
handling it.

R=victorgomes@chromium.org

Bug: v8:10201
Change-Id: Ie225d14f4ef4e698b76a69cb97fd3eef616e9222
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485074Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70621}

Migrate wrapper compilation from the tasks API to the job API. This
avoids querying the platform for the number of available threads, and
makes the code much more idiomatic.

R=thibaudm@chromium.org
CC=etiennep@chromium.org

Bug: chromium:1101340
Change-Id: I2d84176fe729c065348fd479fe8fd1a0d2f19a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2471379
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70620}

Finally blocks that unconditionally result in an abrupt completion
immediately are currently incorrectly returning the existing completion
value instead of undefined.

Bug: v8:10978
Change-Id: Ida2e27d9cc9711236a1fb30368bfc7213d0f7140
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473382Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70619}

This is a reland of 5afa3add

Original change's description:
> [cleanup] Create virtual FrameWithJSLinkages
>
> - CommonFrameWithJSLinkage
> - TypedFrameWithJSLinkage
>
> Change-Id: Ib70967c6b8bc9129d7562ec5587076e66312ca25
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480562
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70609}

Change-Id: I6e952cdeb8ec37c02f16ad854e8366ef742072b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2483845Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70618}

This adds a getter for ordered property dictionaries of maps

Bug: v8:7569
Change-Id: I7e8668ec707734b97f41f1a85c70b00b3b10c981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465824
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70617}

Replace the "PublishCompilationResults" event by "AddCompiledCode" and
"PublishCode". The former will be parallel, while the latter will not
be. This was a bit misleading before, since in the
"PublishCompilationResults" event we didn't always publish.

R=ahaas@chromium.org

Change-Id: Ia114d6edda77ebf128416af9be998d54bc8aaa12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479470
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70616}

Port 0403beb4

Original Commit Message:

    This is a reland of cdc8d9a5

    Skipped tests on gc_stress and fixed CONSTEXPR_DCHECK for gcc.

    Original change's description:
    > [TurboProp] Avoid marking the output of a call live in its catch handler
    >
    > The output of a call won't be live if an exception is thrown while the
    > call is on the stack and we unwind to a catch handler.
    >
    > BUG=chromium:1138075,v8:9684
    >
    > Change-Id: I95bf535bac388940869eb213e25565d64fe96df1
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317
    > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#70562}

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ie2d0bc87824afa2555b0dd7021a24e965587ee42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2483629Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70615}

Port dcf467a8

Original Commit Message:

    - Use kNoBuiltinId instead of literal -1.
    - Remove support for non-embedded builtins.
    - Update Code object layout comment.

R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ie0101d883c8116a6076a7b9ef8b82dbcd1960dbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2483628Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70614}

If the main thread (or multiple main threads, or different isolates)
executes compilation units, it uses task id 0. This id will also be used
by the first worker thread. Avoid this by shifting the ids of worker
threads by one.

R=thibaudm@chromium.org
CC=etiennep@chromium.org

Bug: v8:11005
Change-Id: I3beb8a5716112d9466c5b0296ab4ed1f2cf20519
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2471378Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70613}

This reverts commit 5afa3add.

Reason for revert: Seems to break CFI, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/26994

Original change's description:
> [cleanup] Create virtual FrameWithJSLinkages
>
> - CommonFrameWithJSLinkage
> - TypedFrameWithJSLinkage
>
> Change-Id: Ib70967c6b8bc9129d7562ec5587076e66312ca25
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480562
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70609}

TBR=ishell@chromium.org,victorgomes@chromium.org

Change-Id: I5d3a16a3010e41896448cb9462d7cc2a0813ca63
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484705Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70612}

Port 2bc52ff7

Original Commit Message:

    Implement i32x4.dot_i16x8_s for Liftoff on on ia32 and x64.
    ARM implementation will come later.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I2cc3afe63802aa00b8e5e7dcfb710c49d1486a90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484337Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70611}

Change-Id: Idc91485e873dabd2cd304f2347e2565753342abd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2472001
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70610}

- CommonFrameWithJSLinkage
- TypedFrameWithJSLinkage

Change-Id: Ib70967c6b8bc9129d7562ec5587076e66312ca25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480562
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70609}

Drive-by-fix:
- fix legend formatting
- Fix color from type retrieval
- Partially fix file location parsing in Processor

Bug: v8:10644
Change-Id: I8d9ecc4923c9772de66da74e9440b293fcecc5e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465831
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70608}

- Avoid private fields (using _xyz instead of #xyz)
- Avoid static fields on classes

These are temporary changes that eventually will be reverted
once FireFox and Safari support it.

Bug: v8:10644
Change-Id: I3d757251eaedef92751970d866882c3d912c7e3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464924
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70607}

- Use *LogEntry in more places to avoid confusion with HTML Events
- Move Processor.kProperties to IcLogEntry.getPropertyNames
- Move timeline-track legend "All" entry to the end

Bug: v8:10644
Change-Id: I5a9e833ad0570c39d3106955fa2ba00af53b7062
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463241
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70606}

The problem was that a raw regexp value was handlified to account for
gc, but then afterwards we used the initial regexp value again instead
of the handle.  This resulted in memory violations if the gc decided to
move the regexp object.

Bug: chrome:1139304,v8:10765,v8:11021
Change-Id: Ib1c31ae4a960523c9939619bcca9606dbb507c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484771Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Cr-Commit-Position: refs/heads/master@{#70605}

This changes OrderedHashMap, OrderedHashSet, and OrderedNameDictionary
as follows:
- Create a dedicated allocation function AllocateEmpty to create zero-
  element instances of these classes
- Fix bugs resulting from using these zero-element versions

Further, this CL
- provides a canonical empty versions of OrderedNameDictionary
- changes the types of the canonical ordered hash table and hash set
  from FixedArray to the actual subclasses

Bug: v8:7569
Change-Id: I0fe1215e7d164617afa777c8b3208a0857ab6edd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476315
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70604}

Preparing for tail call is usually done by emitting the gap moves and
then moving the stack pointer to its new position. An optimization
consists in moving the stack pointer first and transforming some of the
moves into pushes. In the attached case it looks like this (arm):

138  add sp, sp, #40
13c  str r6, [sp, #-4]!
140  str r6, [sp, #-4]!
144  str r6, [sp, #-4]!
148  str r6, [sp, #-4]!
14c  str r6, [sp, #-4]!
...
160  vldr d1, [sp - 4*3]

The last line is a gap reload, but because the stack pointer was already
moved, the slot is now below the stack pointer. This is invalid and
triggers this DCHECK:

Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402
Debug check failed: 0 <= offset (0 vs. -12).

A comment already explains that we skip the optimization if the gap
contains stack moves to prevent this, but the code only checks for
non-FP slots. This is fixed by replacing "source.IsStackSlot()" with
"source.IsAnyStackSlot()":

108  vldr d1, [sp + 4*2]
...
118  str r0, [sp, #+36]
11c  str r0, [sp, #+32]
120  str r0, [sp, #+28]
124  str r0, [sp, #+24]
128  str r0, [sp, #+20]
...
134  add sp, sp, #20

R=jgruber@chromium.org

Bug: chromium:1137608
Change-Id: If2b85dde49bf31a6bd3f5e0255407f9390727f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474784Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70603}

- Use backticks to create cross-refs (https://chromium.googlesource.com/chromium/src/+/master/styleguide/c++/c++-dos-and-donts.md#comment-style)
- More API docs

Change-Id: Ia90641a532aa84c51bbf4cf96d9ab1c6c1505de5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484403Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70602}

This fixes a bug that made a test fail in mjsunit/wasm/return-call.js
(the CFI bot does not run the tests with --variants=extra, hence why
it didn't catch it).
It also introduces --sim-abort-on-bad-auth, a debug flag for the arm64
simulator that stops a program as soon as an authentication error
appears, to make debugging easier.

Change-Id: Ibee731ab788aff45301d268ef05256b82f5e4613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473833
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70601}

The flaky failure is three years old, let's see how it behaves today.

Bug: v8:5920
Change-Id: Idaa71d274f937e3c6997b49e0acfe7cc88e64956
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484571
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70600}

Bug: chromium:1056170
Change-Id: I010ab2ff2c55ce54b5dcc2df6fb7bbcd14b03e2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480568Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70599}