This replaces ebx usage in several more interface descriptors.

- IC descriptors already passed most arguments on the stack (updated
  their Register accessors to reflect that).
- The allocation site argument appears to be unused in the
  ConstructStub descriptor. It can probably be removed in a follow-up.

Drive-by: Rename ArgumentAdaptorDescriptor to
ArgumentsAdaptorDescriptor to match the builtin name.

Bug: v8:6666
Change-Id: I4cdf1775a5b4b74491d6d303c49a8af9b6cd3c03
Reviewed-on: https://chromium-review.googlesource.com/1195367
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55495}

These two builtins are a special case in that their calling convention
must be kept in-sync since they are both generated from
Generate_CallOrConstructVarargs.

ConstructVarargs in particular used all available registers. In order
to free ebx, the calling convention is changed to pass the last
argument on the stack.

As part of this change, the order of the last two arguments is swapped
since the stack parameter must be tagged.

Bug: v8:6666
Change-Id: If1ad14fc09693c36dd63ffebb6f34fcd3f012896
Reviewed-on: https://chromium-review.googlesource.com/1193444Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55458}

Change-Id: I0870a13fd257e014a3b6dca8ee7ccb3aa5485066
Reviewed-on: https://chromium-review.googlesource.com/1183525Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55359}

This change writes a magic number into the root register,
and checks that we have the number still in at StackChecks.

Change-Id: Ib00d2a7ede651997ae9459cf4bdcc6be3952353b
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1186402
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55353}

R=sigurds@chromium.org

Change-Id: Ib024d099946d4351bfce9de8eb61be1dba5e1ce5
Reviewed-on: https://chromium-review.googlesource.com/1186415
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55351}

This adds a kRuntimeCallArgvRegister definition in platform-specific
macro assemblers and unifies interface descriptor initialization.

Bug: v8:6666
Change-Id: I6fd98bf9ac46083dd2e557ab558d0a5117dd7b94
Reviewed-on: https://chromium-review.googlesource.com/1185003Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55310}

Some builtins, so-called wasm runtime stubs, are copied off-heap to
ensure reachability through near jumps. These builtins must be
individually position-independent. In particular, they may not contain
pc-relative calls to other builtins.

Drive-by: Set hard_abort mode for all wasm runtime stubs to avoid Abort
calls.

Bug: v8:6666
Change-Id: Ie5bc9fc539d6a043dcf7dff66c3b4643baec69ab
Reviewed-on: https://chromium-review.googlesource.com/1183236
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55296}

This reverts commit ad5b7365.

Reason for revert: https://crbug.com/875678

Original change's description:
> [x64] Apply rip-relative call/jump for OFF_HEAP_TARGET
>
> Merge rip-relative loading and call/jump into one instruction for
> OFF_HEAP_TARGET call/jump. For example,
>
>   REX.W movq r10,[rip+#disp]
>   call r10
>
> turns into:
>
>   call [rip+#disp]
>
> Change-Id: I17e115d054b4b352bdaf8eba2e6ac4054bbedaca
> Reviewed-on: https://chromium-review.googlesource.com/1172152
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55150}

TBR=sigurds@chromium.org,jgruber@chromium.org,shiyu.zhang@intel.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:875678
Change-Id: I5a9dd6e29cc53566d681864f7e275a70ccdcb0cb
Reviewed-on: https://chromium-review.googlesource.com/1183164
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55255}

This moves write-barrier for writes into code to heap-write-barrier.h
and adds four new functions:
- WriteBarrierForCode(host, rinfo, object) - combined generational
  and marking write barrier.
- WriteBarrierForCode(host) - combined write barrier that rescans
  all pointers in the host (former RecordWritesIntoCode).
- GenerationalWriteBarrierForCode.
- MarkingWriteBarrierForCode.

Bug: v8:8054,v8:7490
Change-Id: Ib1e07cfa1d5998fca2fa44e2ad08c52305f1373f
Reviewed-on: https://chromium-review.googlesource.com/1174436Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55185}

Change-Id: I55d15fd15cc714732139e4bf12bd75f21f922048
Reviewed-on: https://chromium-review.googlesource.com/1174013Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55174}

Merge rip-relative loading and call/jump into one instruction for
OFF_HEAP_TARGET call/jump. For example,

  REX.W movq r10,[rip+#disp]
  call r10

turns into:

  call [rip+#disp]

Change-Id: I17e115d054b4b352bdaf8eba2e6ac4054bbedaca
Reviewed-on: https://chromium-review.googlesource.com/1172152
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55150}

This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).

This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.

Bug: chromium:225811
Change-Id: I7c1ec826faf46a144a5a9068f8f815a5fd040997
Reviewed-on: https://chromium-review.googlesource.com/1174252Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55111}

This reverts commit c46915b9.

Reason for revert: Disasm failures https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/21727 

Original change's description:
> [turbofan] Further optimize DataView accesses.
> 
> This adds support for unaligned load/store access to the DataView
> backing store and uses byteswap operations to fix up the endianess
> when necessary. This changes the Word32ReverseBytes operator to be
> a required operator and adds the missing support on the Intel and
> ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
> is also mandatory now).
> 
> This further improves the performance on the dataviewperf.js test
> mentioned in the tracking bug by up to 40%, and at the same time
> reduces the code complexity in the EffectControlLinearizer.
> 
> Bug: chromium:225811
> Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
> Reviewed-on: https://chromium-review.googlesource.com/1172777
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55099}

TBR=sigurds@chromium.org,bmeurer@chromium.org

Change-Id: If7a62e3a1a4ad26823fcbd2ab6eb4c053ad11c49
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:225811
Reviewed-on: https://chromium-review.googlesource.com/1174171Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55107}

This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).

This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.

Bug: chromium:225811
Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
Reviewed-on: https://chromium-review.googlesource.com/1172777
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55099}

This fills the padding between builtins in the embedded blob with a
sequence of int3 instructions (ia32,x64).

Drive-by: Unify code zapping. We can add better support for other
architectures later.

Bug: v8:6666
Change-Id: Ibcb120ec18a8062d7527e0c6fe5ca86869c0dad8
Reviewed-on: https://chromium-review.googlesource.com/1167050
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54976}

R=sigurds@chromium.org

Change-Id: I1ca0e215da36400a8817bc8c8912ccfde8eca613
Reviewed-on: https://chromium-review.googlesource.com/1166911Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54973}

We instantiate the JumpTableAssembler in patching mode (i.e. directly on
existing code without an intermittent buffer). In this mode it is not
possible to record reloc information. This makes sure we no longer just
blindly write into the non-existing buffer.

R=clemensh@chromium.org
BUG=v8:8028

Change-Id: I4abb8f06cf819fef608e901c4740263f0cecd08a
Reviewed-on: https://chromium-review.googlesource.com/1166834
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54966}

R=sigurds@chromium.org

Change-Id: I2f8210a386fa39030c7ffe4c7d0f25bd845c612a
Reviewed-on: https://chromium-review.googlesource.com/1166908
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54964}

Partial constant pool aims at reducing code size and only takes effect for shareable constants.
Different from ARM’s constant pool, partial constant pool does not emit constant pools at the end of each code object. Instead, it keeps the first shareable constant inlined in the instructions and uses rip-relative memory loadings for the same constants in subsequent instructions. These rip-relative memory loadings will target at the position of the first inlined constant. For example:

  REX.W movq r10,0x7f9f75a32c20	  ; 10 bytes
  …
  REX.W movq r10,0x7f9f75a32c20	  ; 10 bytes
  …
turns into

  REX.W movq r10,0x7f9f75a32c20	  ; 10 bytes
  …
  REX.W movq r10,[rip+0xffffff96] ; 7 bytes
  …


Change-Id: I25a417f6d82da96024989bddf0451d7df9340c00
Reviewed-on: https://chromium-review.googlesource.com/1082231Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#54963}

Trampolines to off-heap targets may get inlined. In this case, it is hard
to tell where the trampoline is going to; this CL adds code comments which
identify the target builtin by name.

Bug: v8:6666
Change-Id: Ib085ad118ad64551af2522f9187b4faaad6ce315
Reviewed-on: https://chromium-review.googlesource.com/1160536
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54874}

When disassembling code (in particular embedded builtins), try to
print better information about root-relative accesses. For example:

 REX.W movq rdx,[r13+0x548]
 REX.W movq rax,[r13+0x10a8]

turns into

 REX.W movq rdx,[r13+0x548] (root (0x1ff420d0ccd9 <FixedArray[1672]>))
 REX.W movq rax,[r13+0x10a8] (external reference (check_object_type))

This is a band-aid solution until we come up with something better. It
does not understand multi-instruction sequences (such as loads from
the builtins constants table), assumes every kRootRegister-relative
access is actually root-relative (i.e. the register is not initialized
to some other value), and is limited to a particular instruction
pattern.

Bug: v8:6666,v8:7969
Change-Id: I35af92e8233c9bb0f2ad6ba0e86bd0ab69177205
Reviewed-on: https://chromium-review.googlesource.com/1146806
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54777}

This ensures that tests actually abort on unimplemented opcodes instead
of just printing them as "Unimplemented Instruction". If used to
disassemble a code region though, we want to ignore unimplemented
opcodes to keep printing remaining valid instructions.

The tests were previously fixed by Deepti in
8fa509d3, but this got partly reverted
on the "Address" refactoring in
2459046c.

R=titzer@chromium.org

Change-Id: I802dda2b0f45ee77c4f9b244ed984b1c4679bac3
Reviewed-on: https://chromium-review.googlesource.com/1146649
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54726}

Move write barrier essentials into heap/heap-write-barrier-inl.h. Avoid
including further heap inline headers by relying on constant to load
flags from.

Bug: v8:7490
Change-Id: I2891299f1b1ca2c3e2031cb9c63b583b1665e3f9
Reviewed-on: https://chromium-review.googlesource.com/1148448
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54710}

This is a reland of a462a785

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}

For reproducible snapshots, we need to wipe target addresses.

Bug: v8:6666
Change-Id: Id30c3f92c342ae85e9dce677439a6f05182482cd
Reviewed-on: https://chromium-review.googlesource.com/1146653
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54626}

This moves the static handle() helper function to handles-inl.h as
it ultimately depends on handles-inl.h anyway. To make this
possible, also move some other code to -inl.h files and split up
some header files into a -inl.h part.

Bug: v8:7490
Change-Id: I0f68e0728ba082b87ffa911aaf205d9b1523d2c9
Reviewed-on: https://chromium-review.googlesource.com/1146723Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54617}

This reverts commit a462a785.

Reason for revert: Breaks a TurboAssembler test:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm/7726

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I60c011cfe262ccebbb9abf32699a9fe17e72a3c8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:863799
Reviewed-on: https://chromium-review.googlesource.com/1145431
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54597}

For checks and assertions (mostly for debug code, like stack alignment
or zero extension), we had two modes: Emit a call to the {Abort}
runtime function (the default), and emit a debug break (used for
testing, enabled via --trap-on-abort).
In wasm, where we cannot just call a runtime function because code must
be isolate independent, we always used the trap-on-abort behaviour.
This causes problems for our fuzzers, which do not catch SIGTRAP, and
hence do not detect debug code failures.

This CL introduces a third mode ("hard abort"), which calls a C
function via {ExternalReference}. The C function still outputs the
abort reason, but does not print the stack trace. It then aborts via
"OS::Abort", just like the runtime function.
This will allow fuzzers to detect the crash and even find a nice error
message.

Even though this looks like a lot of code churn, it is actually not.
Most added lines are new tests, and other changes are minimal.

R=mstarzinger@chromium.org

Bug: chromium:863799
Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
Reviewed-on: https://chromium-review.googlesource.com/1142163
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54592}

R=mstarzinger@chromium.org

Bug: v8:7754
Change-Id: I470813e241ace22b2e39b7bb9ff26dd824b50426
Reviewed-on: https://chromium-review.googlesource.com/1142162Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54555}

This CL uses pc-relative jumps and calls (B/BL) for calls from embedded
builtins to embedded builtins. To make this work, the code range size is
limited to 32MB on arm during mksnapshot, which ensures that all builtin
to builtin offsets for jumps/calls fit into the B/BL immediate. At code
generation time, we put a placeholder into the instruction offset which
we resolve to the right code object when the code is copied to the heap.
We use a new relocation mode RELATIVE_CODE_TARGET for these relative jumps.
The relocation mode RELATIVE_CODE_TARGET should never appear after
generating the snapshot.

We modify the target_address/set_target_address methods of RelocInfo
such that they return the absolute target addresses for pc-relative B/BL
instructions. This ensures that the GC can treat RELATIVE_CODE_TARGET in
the same way as code targets. This, however, only matters during
snapshot creation time, and production code never contains
RELATIVE_CODE_TARGET relocations.

Bug: v8:6666
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If7eab83ad588859ca87c654a5ddc3e37caea884c
Reviewed-on: https://chromium-review.googlesource.com/1117181Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54320}

This CL surfaces AssemblerOptions to CodeAssembler::GenerateCode and
to pipeline methods. To allow forward declaring AssemblerOptions,
AssemblerBase::Options was moved out of the AssemblerBase class.

Bug: v8:6666
Change-Id: If9fc50d3d4767bb5dd39a0c3b6e094021f4cae2b
Reviewed-on: https://chromium-review.googlesource.com/1127039
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54286}

The code target vector is used by backends whenever initial code
creation uses immediates that cannot hold a code pointer: An index into
the vector is used instead, and the vector contains the corresponding
code object. This CL makes the code target vector available on all
platforms.

Bug: v8:6666
Change-Id: I2026acd6a77a3465fe2285b84d47866c3b794855
Reviewed-on: https://chromium-review.googlesource.com/1118885
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54236}

This CL replaces most uses of the V8_EMBEDDED_BUILTIN define
by a new read-only runtime flag called FLAG_embedded_builtins.

The flag is true iff V8_EMBEDDED_BUILTINS is defined.

Bug: v8:6666
Change-Id: Ifcc909dc9b028a2c967f8a0e45029df5e71072df
Reviewed-on: https://chromium-review.googlesource.com/1122401
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54156}

For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.

Bug: chromium:856095
Change-Id: I0227f4ccbc6c61c8f5f7669a266ef7a64c6a9a43
Reviewed-on: https://chromium-review.googlesource.com/1117922Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54149}

This is a reland of f0bcbc90.
A few casts were still wrong.

Original change's description:
> Reland "Introduce MutableHeapNumber class."
>
> This is a reland of 40ac6b18, which
> was incorrect due to a bad merge.
>
> Original change's description:
> > Introduce MutableHeapNumber class.
> >
> > V8 knows heap numbers and mutable heap numbers. They have
> > difference instance types, but in C++ code we've used the
> > same class for both (HeapNumber). Confusingly, however,
> > IsHeapNumber would return false for mutable heap numbers,
> > while HeapNumber::cast would succeed.
> >
> > This CL adds a separate class MutableHeapNumber and
> > eliminates the confusing behavior.
> >
[...]
> TBR=bmeurer@chromium.org
> TBR=ulan@chromium.org
>
> Change-Id: I3af1014c949821dfac0754a3e48c65ce1bad1ad1
> Reviewed-on: https://chromium-review.googlesource.com/1114539
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54022}

Change-Id: I19a33da4b6abcd445b528a84d4f56ba1964d337b
Reviewed-on: https://chromium-review.googlesource.com/1114100
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54027}

R=clemensh@chromium.org

Change-Id: Id8a0849d3456be1062a065a23f51bac250de4f7d
Reviewed-on: https://chromium-review.googlesource.com/1107936Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54026}

This reverts commit f0bcbc90.

Reason for revert: Still failing bots.

Original change's description:
> Reland "Introduce MutableHeapNumber class."
> 
> This is a reland of 40ac6b18, which
> was incorrect due to a bad merge.
> 
> Original change's description:
> > Introduce MutableHeapNumber class.
> >
> > V8 knows heap numbers and mutable heap numbers. They have
> > difference instance types, but in C++ code we've used the
> > same class for both (HeapNumber). Confusingly, however,
> > IsHeapNumber would return false for mutable heap numbers,
> > while HeapNumber::cast would succeed.
> >
> > This CL adds a separate class MutableHeapNumber and
> > eliminates the confusing behavior.
> >
> > TBR=bmeurer@chromium.org
> >
> > Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
> > Reviewed-on: https://chromium-review.googlesource.com/1113544
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54012}
> 
> TBR=bmeurer@chromium.org
> TBR=ulanchromium.org
> 
> Change-Id: I3af1014c949821dfac0754a3e48c65ce1bad1ad1
> Reviewed-on: https://chromium-review.googlesource.com/1114539
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54022}

TBR=ulan@chromium.org,jarin@chromium.org,neis@chromium.org,bmeurer@chromium.org

Change-Id: I99c226e95dfb0b913903cc83193f6e51de8c1b47
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1114099Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54024}

We had a kRootRegisterBias on x64 before. This CL ports the feature to
all other platforms as well. The root register bias is helpful to adjust
the value of the root register, which allows to better utilize signed
immediate offset constants in load instructions.

We currently use a separate add instruction to add kRootRegisterBias
in the code that initializes the root register. This could be improved
by adding a custom relocation mode ensuring that instead of the root
address, the root address plus the bias is inserted (and in this way
the add instruction can be omitted).

Bug: v8:6666
Change-Id: I55cf02ab85d11e3c6d0d83a8f7905dbf924890f1
Reviewed-on: https://chromium-review.googlesource.com/1113539
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54023}

This is a reland of 40ac6b18, which
was incorrect due to a bad merge.

Original change's description:
> Introduce MutableHeapNumber class.
>
> V8 knows heap numbers and mutable heap numbers. They have
> difference instance types, but in C++ code we've used the
> same class for both (HeapNumber). Confusingly, however,
> IsHeapNumber would return false for mutable heap numbers,
> while HeapNumber::cast would succeed.
>
> This CL adds a separate class MutableHeapNumber and
> eliminates the confusing behavior.
>
> TBR=bmeurer@chromium.org
>
> Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
> Reviewed-on: https://chromium-review.googlesource.com/1113544
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54012}

TBR=bmeurer@chromium.org
TBR=ulanchromium.org

Change-Id: I3af1014c949821dfac0754a3e48c65ce1bad1ad1
Reviewed-on: https://chromium-review.googlesource.com/1114539Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54022}

This reverts commit 40ac6b18.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/21009

Original change's description:
> Introduce MutableHeapNumber class.
> 
> V8 knows heap numbers and mutable heap numbers. They have
> difference instance types, but in C++ code we've used the
> same class for both (HeapNumber). Confusingly, however,
> IsHeapNumber would return false for mutable heap numbers,
> while HeapNumber::cast would succeed.
> 
> This CL adds a separate class MutableHeapNumber and
> eliminates the confusing behavior.
> 
> TBR=bmeurer@chromium.org
> 
> Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
> Reviewed-on: https://chromium-review.googlesource.com/1113544
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54012}

TBR=ulan@chromium.org,jarin@chromium.org,neis@chromium.org,bmeurer@chromium.org

Change-Id: I358a822f20b9110def968e69463a753a2a32c68c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1114538Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54013}