Adds the following CB type RISC-V instructions to the assembler:
c.beqz, c.bnez, c.andi, c.srai, c.srli. Also removes sext_xlen
from RVC instructions c.xor, c.or, c.and.

Change-Id: I96ce4693019c28235ccd4f85d0a68ca89a3f4096
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912922Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#74801}

Change-Id: Ib86c4d6237251308fb16cef73e22f2efaa8ecbdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919308Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74800}

People change their names and email addresses for many reasons. Adding
a `.mailmap` ensures that e.g. `git log` and `git blame` respect
people’s choices.

Bug: chromium:1213438
Change-Id: I03fcacff90d996d423283c345ddfc4ed9fccf98e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919671Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74799}

Change-Id: Id90dbf6dca8c3c06221922b6f65b2d72f5ac981a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2920747
Commit-Queue: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Auto-Submit: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74798}

This is a reland of 916eb869

Change compared to original:
Remove ternary operator from lambda, as this triggers a gcc bug.

Original change's description:
> Reland "[wasm][bug] Fix a couple of bugs in validation of unreachable code"
>
> This is a reland of 4a037f87
>
> Changes compared to original change: None. This seems not to create
> problems after all.
>
> Original change's description:
> > [wasm][bug] Fix a couple of bugs in validation of unreachable code
> >
> > Changes:
> > - SetBlockType now instantiates the block's start merge with values of
> >   the correct type in unreachable code.
> > - EnsureStackArguments now keeps the existing stack values and moves
> >   them over the new bottom values.
> > - Drop stack size validation in Drop().
> > - Add new tests in unreachable-validation.js.
> >
> > Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74650}
>
> Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74677}

Bug: v8:11819
Change-Id: I9b8d915547ec9aee7cb5233937089d431db54c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919833
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74797}

Bug: v8:11804
Change-Id: I6eddf2d836c3916622768ef2a7d878157e89e4c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772980Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74796}

They check for AVX and uses the AVX instruction if available. This is a
follow-up CL to https://crrev.com/c/v8/v8/+/2912778

Change-Id: Ib53f06f03ac1067366b76b9193d8db98c394ce50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919853
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74795}

Build with single generation mode failed because
new_space_allocation_top() and new_space_allocation_limit() both return
nullptr now without a new space. Previously the DCHECK succeeded because
both methods would call the NewSpace methods with null as this pointer.

Bug: v8:11708
Change-Id: I74babded2c790642e74722ed53794aecebec4344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917604Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74794}

When BranchElimination has to find the common prefix of a set of
BranchConditions in a Merge, it has to traverse a number of linked lists
of individual conditions, which is inefficient.
This CL improves its performance by grouping conditions between an
IfTrue/IfFalse and a Merge in a single entry of BranchConditions.
Additional change: Improve documentation of FunctionalList.

Change-Id: I93a58886151f6831cafb483aafb48e8e6c2433e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917600
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74793}

The verbose output shown on bots didn't print the first failing result
of a flaky test before. Now the result line shows all results and
the details in the end show the output of the first failure.

Previously it was confusing as it seemed that the json results and
the test runner output differed.

We now print PASS in all caps like the other statuses. A test for
this case already existed and the output is now updated.

Bug: v8:8434
Change-Id: I473ec392e0028bf64b3da53d4b37446ffcd17277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919670
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74792}

Without the explicit constexpr keyword, Clang seems to be able to treat
these methods as constexpr, whereas MSVC will not.

Bug: v8:11760
Change-Id: I9f6492f38fb50dcaf7a4f09da0bd79c0da6a50eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912916Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74791}

The new functionality is hidden behind the --wasm-gc-js-interop flag.

Bug: v8:11804
Change-Id: I9dd779efe3dbf3c773948b6fd8872e3aea8cd7a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912784
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74790}

Change-Id: I55a80003a148c80f2b7a1f644c127d81963f8ac7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918141Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74789}

Bug: v8:11367
Change-Id: I2d21d3deea73a9930acb3bf2efd3268ec1fd64b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919830Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74788}

This fixes a compile error in no-wasm / jitless builds introduced in
https://crrev.com/c/2912779.

R=neis@chromium.org
CC=manoskouk@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: Ia256679dba5093b30821859376aba81b4900efed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919829Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74787}

This is no longer supported and currently fails later when V8 is
executed if taken, so remove it and fail early during initialization.

BUG=chromium:1208472

Change-Id: I0a1fe947facef0128c6695a4091c5fe8d4c56cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919668
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74786}

ThinStrings are essentially a pointer to an InternalizedString. Read
them concurrently in places where we read InternalizedStrings.

Bug: v8:7790, v8:11791
Change-Id: I3be4dd27336f58706c9c57d5042f96cb8f56bcaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905608
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74785}

Also change:
- {NormalPageSpace, LargePageSpace}::From()
- ObjectAllocator::*

Bug: v8:11822
Change-Id: I78a1a5379e16fc1e1c95136d7aa8cc34caed0413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917042
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74784}

This CL adds support for testing web snapshots through mjsunit tests.
To allow for taking and using web snapshots from JavaScript, two
methods, Realm.takeWebSnapshot() and Realm.useWebSnapshot(), are
introduced in d8.

Both of these methods accept a Realm as a parameter, allowing for
mjsunit tests to create and use the snapshot in different realms.

To return the snapshot data, Realm.takeWebSnapshot() creates and
returns a snapshot object with the snapshot data stored as an embedder
field.

Bug: v8:11525, v8:11706
Change-Id: I6e514e10eabf5bdb96d81e2697d4ddc49d92de73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905610Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74783}

Port ec4fd32c

Change-Id: Ia952dc6f7478b90dc61ceb029f10feb79243d01d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918988
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#74782}

Inline the SaveFPMode flag directly into the TSANRelaxedStore stubs:
 - Saves one register for input arguments
 - Avoid branches in the TSANRelaxedStore stubs

Bug: v8:7790, v8:11600
Change-Id: Ib1083f8c1a7e856028ff606ba8c2a93efb10db69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917037Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74781}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d3e8244..74f9de2

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/b9af93e..fba2905

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/767de31..da3e6cb

Rolling v8/third_party/aemu-linux-x64: uDQJbkoDWGwLYtnDu3A7LnRVwsKkaFQkUWtChrVO_hYC..Hf11zqHzrfja2miAIic8j5jVjfs3rcuSFj8vUK-AVYAC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7da48e9..3caaaaa

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/51e3708..72bc20e

Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/efa4658..1ea7a15

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/23ef295..a3460d1

Rolling v8/third_party/jinja2: https://chromium.googlesource.com/chromium/src/third_party/jinja2/+log/11b6b3e..6906af9

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/5b8d433..e4c7c48

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a38f01b..d663c27

Rolling v8/tools/luci-go: git_revision:9cd9603def7a649cd3e29517180d6622be2fa898..git_revision:03ab00ce4982877f2d4a0b0db48cd355e5ca65ab

Rolling v8/tools/luci-go: git_revision:9cd9603def7a649cd3e29517180d6622be2fa898..git_revision:03ab00ce4982877f2d4a0b0db48cd355e5ca65ab

Rolling v8/tools/luci-go: git_revision:9cd9603def7a649cd3e29517180d6622be2fa898..git_revision:03ab00ce4982877f2d4a0b0db48cd355e5ca65ab

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I619a7c566f37c879da74e36601542519cc46c632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918435Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74780}

BranchElimination and CsaLoadElimination interracted badly and created
quadratic behavior when run together. This happened when
CsaLoadElimination kept updating arguments of a Merge, and
BranchElimination kept going through all of them to find the common
prefix of all path conditions. Therefore, we separate BranchElimination
and CsaLoadElimination in the csa and wasm optimization pipelines.

Additional changes:
- Split WasmOptimizationPhase from CsaOptimizationPhase.
- Remove now-redundant argument from CsaOptimizationPhase::Run.
- Fine-grain how statistics are measured in the wasm pipeline.

Change-Id: Id166f4f7d1ea69a1a7b7ca108af4ffedbcda8abb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912779
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74779}

Note that Arm32 is already saving the full register in
https://source.chromium.org/chromium/chromium/src/+/main:v8/src/codegen/arm/macro-assembler-arm.cc;l=2250;drc=ec4fd32cf7f945923fa6bb332c061ecbdaaaa405

Change-Id: I1f5fe60ca350583fb4cb877ccad74f5e260c3665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912778
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74778}

.. when concurrent-inlining, use direct reads instead.

Two fields were changed to have a non-atomic getter and acq-rel
accessors:

- Map::prototype_info
- PrototypeInfo::object_create_map

Bug: v8:7790
Change-Id: I05e888240d73ab6e961b1048a25713ec45fb0305
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876852Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74777}

For memory accesses that are statically known to be in bounds, avoid the
out-of-line code for the trap handler. This makes trap handler metadata
smaller, reduces code size (by avoiding OOL code), and enables more
optimizations at later phases, because unprotected memory loads can be
reordered and reused.

Drive-by: Use {GetMemoryAccessKind} consistently.

R=ahaas@chromium.org

Bug: v8:11802
Change-Id: Ia824d3355a95f446a796c5b06f69ecaa1500709b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912585Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74776}

This is a reland of 6d99f933

No changes since revert.

Original change's description:
> [compiler] Replace EnsureElementsTenured by IsElementsTenured
>
> We can't mutate heap state from the compiler thread; turn this into a
> predicate and emit generic code if it returns false.
>
> Bug: v8:7790
> Change-Id: I6186a87e178d0c0206b6e7659fa2a41bf65fd835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876845
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74596}

Tbr: neis@chromium.org
Bug: v8:7790
Change-Id: I9cfdcf9929870a8314486292bab91e83cb448410
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917605Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74775}

This is a reland of 5258364e

No changes since revert.

Original change's description:
> [compiler] Make NativeContextRef never-serialized
>
> Most NativeContext elements are immutable after initialization;
> additionally, we now use acquire-release semantics to load/store
> elements when possible. Reading and constructing Refs for elements
> is thus possible from the background.
>
> A few notes:
>
> - A few elements are not immutable; if read from the background
> thread, these must use acquire-release semantics.
> - Elements can be stored from generated code; these are not compatible
> with bg-thread accesses.
> - While elements can be read safely from the native context, the
> elements themselves may still require serialization; this is done in
> NativeContextRef::Serialize.
>
> Bug: v8:7790
> Change-Id: I12e9611a292e7dd912438c712390731a5422407d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897254
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74604}

Tbr: neis@chromium.org
Bug: v8:7790
Change-Id: Ica736a4afda2be7276508fe2f734293d0b9eeaf1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917606Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74774}

This changes the test runner to automatically treat cases in which
both a flag and its negation are present as a flag contradiction.
Example: "--foo --no-foo".

With this change it's no longer necessary to explicitly specify these
trivial contraditions in variants.py.

Note: since negations are created through simple string operations,
bogus constructions are possible ("--nobodys-perfect" ->
"--bodys-perfect"). We accept these as unlikely-to-cause-problems.

Bug: v8:10577
Change-Id: Ic52a92ed1e884b495ee4136f6e2f3257cca243c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904218Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74773}

... to get better error messages.

Bug: v8:7790
Change-Id: I2296e78804e243177a7e984a0284561cd41c61bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917602
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74772}

This reverts commit 916eb869.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20gcc/11805/overview

Original change's description:
> Reland "[wasm][bug] Fix a couple of bugs in validation of unreachable code"
>
> This is a reland of 4a037f87
>
> Changes compared to original change: None. This seems not to create
> problems after all.
>
> Original change's description:
> > [wasm][bug] Fix a couple of bugs in validation of unreachable code
> >
> > Changes:
> > - SetBlockType now instantiates the block's start merge with values of
> >   the correct type in unreachable code.
> > - EnsureStackArguments now keeps the existing stack values and moves
> >   them over the new bottom values.
> > - Drop stack size validation in Drop().
> > - Add new tests in unreachable-validation.js.
> >
> > Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74650}
>
> Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74677}

Tbr: manoskouk@chromium.org
Change-Id: Ia24aa453735464bdd3aafca4617beabb0cbf8823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917601
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74771}

In commit 4a5adb43, mips may allocate a
bit more memory than actually needed, and move the beginning of the
StackSlot in order to have it aligned.

After commit e639eafe, we allocated
the memory that was actually needed, so we do not need extra alignment
anymore.

Change-Id: I4c4c01794ed1d2cc5b8c89196eae6834f0da0b6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917578Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#74770}

This CL assures builds with "v8_enable_webassembly = false"
compile successfully.

It is an addition on top of this original port:
e73c7b21

Change-Id: Ic27b3006087e4d4de6fe599a9f469d1f80cf8a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918136Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74769}

Change-Id: Ia709a1c578d05d722690c57ae44019bda4eb8d5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918213
Auto-Submit: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74768}

Implementation copied from d8. Gated behind a build-time flag.
Can be useful for debugging issues.

Change-Id: I444d625242b1fb8fe9139472a06cb1a90269401a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2906233Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74767}

Change-Id: I795d45a02f49e3a0cc62ce5d87b75a1af7b2dcc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917913
Commit-Queue: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Auto-Submit: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74766}

Change-Id: Idb38b9f97b5a507abd6f65f0d6c126255069f979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917914Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74765}

Fixes an issue with tests mjsunit/compiler/call-with-arraylike-or-spread*
that fail when run with the fuzzer.

Bug: v8:11821
Change-Id: I6b75c065397d66062a7f552198ca92d151d89a4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917814Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74764}

For mprotect-based write protection of WebAssembly code memory, we open
{NativeModuleModificationScope}s each time a thread needs write-access
to the code space. While fine-grained switching is good for security
(the permission should only be granted for as short as possible,
especially since it is process-wide), this can degrade performance
considerably for two reasons (we measured up to 10x slower Liftoff
compilation time cf. having no write protection):

1. Switching permissions with mprotect() (and likely with similar
functions on non-POSIX platforms) is just inherently expensive due to
the syscall, modifying page tables, and potentially subsequent TLB
flushes. For a simple benchmark (compiling Unity with --liftoff-only)
--wasm-write-protect-code-memory increases the number of mprotect
syscalls from ~2.6-2.8k to 6-8k (!).

2. Modifying the permissions in {SetWritable()} is synchronized
across threads via the {NativeModule::allocator_mutex_}. With many fine-
grained permission switching requests, lock contention on this mutex
incurs a very high number of futex syscalls (measured on Linux only,
but the problem is likely a general one). For the same simple benchmark
as above (compiling Unity), --wasm-write-protect-code-memory increases
the number of futex syscalls from ~1k to 20-40k (!).

Both problems are fixed in the CL here, following this simple recipe
(in case we get more of these issues in the future):
1. Identify the hot syscall either via sampling-based profiling with
`sudo perf record -g -F10000 d8 ...` (needs sudo for kernel stacks) and
then looking into the record or a flamegraph, or with event-based
profiling with `sudo perf stat -g -e 'syscalls:sys_enter*' d8 ...`.
In particular, if {NativeModuleModificationScope}s are repeatedly
opened (behind a function) in a loop, this can be a problem.
2. Add a scope object outside of the loop, potentially to a function
upwards in the call hierarchy of the hot loop/function.
3. Remove the scope object in the innermost function/hot loop.
4. Check all callers of the hot function (which now no longer has a
scope object), whether additional scopes need to be added there for
correctness.

The following two offenders were especially visible in the profile:
- Most of the mprotect calls were coming from {PatchJumpTablesLocked}.
Pulled the scope object up into {PublishCode}.
- Most of the lock contention was caused by {AddCodeWithCodeSpace}.
There already was a scope object up the call chain in {AddCompiledCode}.
- Fixed scope inside the loop in {FreeCode} for good measure as well.

R=clemensb@chromium.org
CC=​​​jkummerow@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng

Bug: v8:11663, chromium:932033
Change-Id: I89e4a1f0998f06e4d4b5e360e0bf81836d4240f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912786
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74763}

Bug: v8:11804
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: I81ba1408fb2701450a82c4abc29d2422746af78e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917041
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74762}