This CL introduces a test runner flag to detect if webassembly has been
disabled. Since all tests that require wasm are alrady skipped in
lite mode, we introduce a has_webassembly flag for the test runner which
checks for v8_enable_webassembly=true and v8_enable_lite_mode=false.
As a drive-by, we also do not set the V8_ENABLE_WEBASSEMBLY
preprocessor flag if lite mode is enabled.

The status files are updated by splitting wasm tests from the
"lite_mode" section and checking for "not has_webassembly" instead.

Note that the v8_enable_webassembly=false configuration is not tested
on any bot currently, but I will make sure that all tests keep passing
on further changes in this configuration.

R=machenbach@chromium.org

Bug: v8:11238
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Change-Id: I1841eb1f1633cb47e0c079f4a4a4d769ca3a9cbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710425Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72898}

Whenever we destroy an object that contains a
(Weak)(CrossThread)Persistent, we call the Persistent's dtor which frees
the relevant PersistentNode. To get the PersistentRegion for the node,
we get the value, then get the the relevant page which holds a reference
to the heap which holds the regions.

During a termination GC there is no marking and no weak callback
processing. That means that, when destroying a Persistent, the page on
which the object referenced by the Persistent resides may have already
been swept and destroyed. Then when we try to get the page we cleared or
unallocated memory and crash.
This issue presented as a sweeper crash in the web tests and
content_browsertests.

This issue affects only Weak(CrossThread)Persistent since the region for
their strong counterparts are already cleared at the start of a
termination GC.
This is not an issue in the Blink impl because (1) Blink finds the
elevant regions through ThreadState without going through pages, and
(2) Blink runs a  full GC on termination that includes executing weak
callbacks.

Alternatively we could trace the Weak(CrossThread)Persistent region
which will run the weakness callbacks and clear all WeakPersistents.
The cost and outcome is equivalent.

Bug: chromium:1056170
Change-Id: I3db5b01424500eb695f9876247ef0c787d0d9ef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708645
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72897}

Backends do not care about the concrete type, they only need to know the
"kind" (e.g. "ref" or "i32").
In order to prepare Liftoff to use the value kind instead of the
value type for all stored data, this CL moves the kind out of the
ValueType and makes it a top-level enum.

R=manoskouk@chromium.org

Bug: v8:11477
Change-Id: I489d6c5207e6ff1b66e2afbe78a156d66df27eb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707169
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72896}

Change-Id: I39e97298bd1b802bd011214e820babc69f6e7d00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682639Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72895}

Constant reloading of the null reference impacted some wasm-gc
benchmarks. This CL speeds some benchmarks by >5%.
Note: This solution is not ideal as it technically generates invalid
turbofan graphs. It is temporary until a proper optimization eliminating
excessive loads is implemented.

Change-Id: I7afa6fb8857f5dba3dde715bd30fe868ad06d92c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704668
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72894}

The criteria is:
    1) Regular method before Unsafe one
    2) int index before non-int index
    3) TNode<Object> before TNode<Smi>

Bug: v8:6949, v8:11384
Change-Id: I499c835b956f6c92df26882ea37cb48e8fe737c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690592Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72893}

Removed the ones for types:
 * Symbol
 * Object
 * WordT
 * Int32T
 * HeapNumber

Bug: v8:6949, v8:11384
Change-Id: Id09de31fe23d2a74d771100b293e45362c36a469
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707171Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72892}

If a StackOverflow is caught, reload the pc and the limit from the
catching frame, not from the target.

R=clemensb@chromium.org

Bug: chromium:1180339
Change-Id: I41bf94e6c7525106e990306913e446f2c4269df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710436Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72891}

Bug: v8:7748
Change-Id: I32c87d4e3b98ab44699c1b7bf952aedef3e27002
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704667
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72890}

- Remove try-catch for better debugging in DevTools

Change-Id: Icfa1fcb21af45b785d570f226cd9e016a8371062
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685162Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72889}

On 64-bit platforms we reserve the maximum size of a WebAssembly memory.
Thereby the memory can grow in-place. On 32-bit platforms, however, we
allocate only the initial size, and grow the memory by reallocating the
memory. Due to memory fragmentation the memory therefore cannot grow
big. With this CL we allow to reserve 1GB of memory even on 32-bit
platforms. Thereby the memory can grow to at least 1GB.

R=gdeepti@chromium.org
CC=ulan@chromium.org

Bug: chromium:1175564
Change-Id: Iba44bb64ffa47322a205e8da3b7088e3edfeee62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707163Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72888}

Besides, implement i64x2 signed compares in liftoff.

Port: a38039a7
Port: b57a0d19

Bug: v8:11415
Change-Id: I18e9bdbf346daacbb53595e504f14a32aedcfc07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2711725Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72887}

This patch fixes a segmentation fault which occurs when using `--prof` flag on a Darwin ARM64 architecture.
See https://github.com/nodejs/node/issues/36656

Change-Id: Idc3ce6c8fd8a24f76f1b356f629e37340045b51e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2609413Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72886}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/be4bea4..d6803e2

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: If28b7b4a648236a6c0509d54d8b9577244810777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710770Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72885}

code to keep the RSB balanced

Besides, extract common code to
MaybeOptimizeCodeOrTailCallOptimizedCode
and cache the instance in a register,

Port: af3c5307
Port: 89ea44bf
Port: adf035fb
Change-Id: I3fde5b0995ea8aa51faeb3fd743cebef748ba745
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710212
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72884}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6bdef69..be4bea4

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/ec94d9f..5e0cf72

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I5b1bd5569a251c594018544175e9bea45717415c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2709725Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72883}

Besides, fix extra arguments when restarting frame.

Port: 15f3392a
Port: 94b294b3

Change-Id: Iaf6b1d6b3eda0ea90ed651b22bb9bd871a5edb36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710207Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72882}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d9000c9..6bdef69

Rolling v8/third_party/aemu-linux-x64: SesU5Vh9_5Zm4yE0Qtuyv2VQ8UhCuhRMW3IkFgT7n0sC..GzdPpQtyS5ZFre4nU7kS8n0fu_RX5NV9C2PkWL0tWEYC

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/f362f6f..011cc41

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/1b0cdaa..ec94d9f

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I89453affc98266f4abeb3a4015d10d3cbe100baf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2709547Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72881}

This reverts commit ed225df7.

Reason for revert: Blocks the roll, causing compile failures in Chromium:
https://ci.chromium.org/p/chromium/builders/try/win_chromium_compile_dbg_ng/800868?

Original change's description:
> [objects] Cache the ExternalString's data in its resource
>
> For external uncached strings (also called "Small External Strings")
> with cacheable resources, we can cache its resource's data at the
> string's creation time. This allows us to safely read the data from the
> background as we wouldn't trigger a data() callback.
>
> For more information regarding the investigation and possible proposals
> see
> https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing
>
> Bug: v8:7790, v8:11463
> Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72862}

Bug: v8:7790
Bug: v8:11463
Change-Id: I1d14c2f9872d156d43d5d95c8a032a37ba9379cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708824
Auto-Submit: Bill Budge <bbudge@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72880}

Use a slightly different instruction sequence for AVX, these
instructions issue to different ports, resulting in less resource
pressure. Full details in the bug.

Bug: v8:11464
Change-Id: Ie915a532f7453bab5c458038e8da725aa0e5d55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2703451Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72879}

v8::internal::JSDateTimeFormat::New

Bug: chromium:1177812, chromium:1177623
Change-Id: I91e6babd796c6735e96e3cd1541d8aba51aaefee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2706353
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72878}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/fd27d1f5..f6034ebe

Bug: v8:7834
Change-Id: Ia2d8f77e0140b213e65b63cda9a6e99370f59601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707327
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72877}

Port b57a0d19

Original Commit Message:

    Extract code sequence into macro-assembler for reuse between Liftoff and
    TurboFan.

    There is a bit of register-aliasing checking due to the rather strict
    requirements for the code sequence depending on the CpuFetures that are
    supported.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ia7c8adf67ea04eda43966effe71919334da10b58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2705157Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72876}

Extract code sequence into macro-assembler for reuse between Liftoff and
TurboFan.

There is a bit of register-aliasing checking due to the rather strict
requirements for the code sequence depending on the CpuFetures that are
supported.

Bug: v8:11415
Change-Id: Idbc0ca43475db5650d1747c8a741e9f11b80d8e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2698063Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72875}

We always built a new Phi node for the delegate merge, which is
incorrect when the target block's exception is already a Phi. Use
CreateOrMergeIntoPhi instead.

R=clemensb@chromium.org

Bug: v8:11472
Change-Id: I8af3ab07d536ddfe247ace04cc844207d32adb99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707167Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72874}

Forced GCs are used in testing configurations and under memory
pressure. Use atomic sweeping for C++ in those scenarios as testing
GCs require that destructors are immediately invoked after the GC
call.

Bug: chromium:1056170
Change-Id: I03c13fa7a30cf74076807834c5e6d0c1fe52bb87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704543
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72873}

We had an off-by-one in the arm64 frame fill code due to double counting
the register already pushed by the prologue.

Bug: v8:11420
Change-Id: I9b4a3bcdc913886f0ba7a316f23f41eed3fc9311
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707168
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72872}

This is the first part of exception handling support in Liftoff. For
now, the only supported instruction is throw, and only with empty
payload or only i32 values.

R=thibaudm@chromium.org

Bug: v8:11453
Change-Id: I9fdf1328ef46655674a05186fb93216518886d03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704659Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72871}

Functions are easier to maintain and to debug than macros, hence
transform the macro into a function.

R=thibaudm@chromium.org

Bug: v8:11384
Change-Id: I6a5a836e14c33dc3c2240b6b06edcb05c6514710
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704074
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72870}

Code objects are exposed through JSFunction and SharedFunctionInfo.
If they are builtins, we don't have to worry about background threads
seeing partially initialized code objects. If they are optimized code
objects, we may. Background threads read the code fields with
AcquireLoad semantics. The fields are set on the main thread with
ReleaseStore semantics when appropriate.

Special care is taken when setting an optimized code object in a closure
in the interpreter entry stub. Since the MacroAssembler doesn't support
ReleaseStore semantics, this CL ensures that the optimized code object
is stored with those semantics in the feedback vector, where the
interpreter entry stub finds it.

Bug: v8:7790
Change-Id: I41ecedfe0e9d1ad5091cbe9a97f66c66ca9e07dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676633
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72869}

This fixes a build failure when compiling swiss-hash-table-helpers.h
on an SSE platform for a non-SSE target.

Change-Id: Ifc9bfc6b31d84d0e5dcc544a8eee8d6ea6e0cd12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704675Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#72868}

We can remove some of the method definitions, as well as the
sloppy-ness from the method.

Bug: v8:6949, v8:11384
Change-Id: I04880daa3fcce097b79009f12bd24128a47c2c80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690591Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72867}

The interface descriptor can be looked by via the builtins name, hence
we do not need the template parameter. This also removes redundancy (and
potential errors) for passing the builtin name twice, via the template
parameter and a function parameter.

R=thibaudm@chromium.org

Bug: v8:11384, v8:11453
Change-Id: Id4184a371e8ab8a66ff0b4eb65b4bd87f285149e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704172Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72866}

Allocate an array big enough to store label data for each byte in the
bytecode array. Use a linked list to store linked labels, and combine
the list with a pointer for an unlinked label.

Bug: v8:11429
Change-Id: Iadf00801f6ddd4460f7e0e1b53eee7be333f66e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704542
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72865}

In {MergeFullStackWith}, we were accidentally looking at the cached
instance in the current {cache_state_} instead of the state passed as
{source}. This could lead to missing reload of the instance after a
conditional branch.

R=thibaudm@chromium.org

Bug: chromium:1179182
Change-Id: Ida3c06491f7973a183c43745159abbf6aa8a058b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704081Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72864}

Change the frame fill to unconditionally subtract already pushed
registers from register count. This ensures that the decision to add a
push loop is dependent on the _remaining_ registers, not the _total_
registers.

Bug: v8:11420
Change-Id: Ide763654e66f0a8c827a00fca1b4a77be2052f76
Fixed: chromium:1179595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704672
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72863}

For external uncached strings (also called "Small External Strings")
with cacheable resources, we can cache its resource's data at the
string's creation time. This allows us to safely read the data from the
background as we wouldn't trigger a data() callback.

For more information regarding the investigation and possible proposals
see
https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing

Bug: v8:7790, v8:11463
Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72862}

Bug: v8:11420
Change-Id: I41eda774ba31a25b7f199ffea7f97fca9c44835e
Fixed: chromium:1179650
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704670
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72861}

This reverts commit 76a2ab06.

Reason for revert: A few issues, e.g.
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8854931126653780144/+/u/Check__flakes_/ArrayWithCowElements

Original change's description:
> [compiler] Direct heap reads for JSArrayRef
>
> There are two aspects to the non-JSObject parts of JSArrayRef:
>
> - JSArrayRef::length. Relevant only in two spots, 1. when reading
> (immutable) array boilerplates and 2. for GetOwnCowElement.
>
> - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing
> store. Relies on the invariant that cow backing stores are immutable.
>
> This CL renames the length accessor to length_unsafe to make the
> danger explicit at callsites.
>
> For GetOwnCowElement the refactor is slightly larger, since we now
> need to read into the backing store while keeping full control of
> object reads (e.g. JSArray::length and JSArray::elements_kind). We
> make all reads explicit at the call site by requiring that elements,
> elements kind, and length are passed in as arguments to
> GetOwnCowElement. Inside GetOwnCowElement, consistency between these
> is *not* guaranteed due to concurrency. At runtime, consistency *is*
> guaranteed through the reference-equality check on the elements seen
> during compilation. The actual elements read is implemented in
> ConcurrentLookupIterator::GetOwnCowElement.
>
> Bug: v8:7790
> Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72834}

Bug: v8:7790, chromium:1180012
Change-Id: I50e72380c544b2b78e1e3dc87a8249281b710912
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704666
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72860}

Bug: v8:11429
Change-Id: I9472898ccc07e400fb4c61d80e208bae23223a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2704665Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72859}