ref.test, ref.cast, and br_on_cast instructions all need to type check
a value against an rtt. With new classification functions on the
horizon, the wasm-compiler code needed to be refactored to avoid
excessive code duplication.
This CL factors out a function TypeCheck that takes as arguments a set
of three callbacks functions: a conditional success, a conditional
failure, and a negated conditional failure. Each of RefTest, RefCast,
and BrOnCast call TypeCheck with a different set of callbacks.

Bug: v8:7748
Change-Id: I1dd8893fc26d5b0228f85587c9250706d0ce16cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647262
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72362}

--log-regexp was removed in
https://codereview.chromium.org/2422593003. This commit removes
references to that flag in src/logging/log.h.

Change-Id: Idc965f06dd1f85370b5391c495ae113306655b75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2646246Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#72361}

Bug: chromium:1154636
Change-Id: I69fb396d5ed5d4fd2823bfb0db1d994517aead91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650212Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72360}

The API allows for querying
- IsAllocationAllowed: Certain GC phases prohibit allocation which can
  be queried; Should be mostly used for debugging checks.
- IsMarking: Allows for querying whether the garbage collector is
  currently marking.

Bug: chromium:1056170
Change-Id: I20ba5fb5be9de6694e8418fa885920eb04bd75ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649257
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72359}

According to the new wasm-gc spec, ref.cast should forward a null input
without trapping.

Bug: v8:7748
Change-Id: Ifee17f02a572e7028c14482bc94f0e1c7fc82a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647261
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72358}

This reverts commit 0938188f.

Reason for revert: new test times out on tsan: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/35152/overview

Original change's description:
> [wasm][debug] Garbage-collect stepping code
>
> All wasm code has an initial ref count of 1, in the expectation that it
> will be added to the code table. When the code is removed from that
> table, the ref count will be decremented.
> Stepping code (and also other code under special circumstances) will not
> be added to the code table though. Hence the ref count will never be
> decremented below 1, and the code will never be garbage-collected.
>
> This CL fixes this, by decrementing the ref count if the code is not
> added to the code table.
> Note that the code will only be collected if no isolate is currently
> using it, so it won't be collected while still in use for stepping.
>
> R=​thibaudm@chromium.org
>
> Bug: chromium:1168564
> Change-Id: I3047753591cbc52689ca019e9548ec58c237b835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649040
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72354}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: I84f84324d2c4a3cae2ae6b97f469e3f22b0e3b3f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1168564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2652485Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72357}

This change was made in one file as a prototype to see if we should
do it elsewhere. Backing the change out as we aren't planning to
continue the work into the other builders.

Change-Id: I10f24a897d86b86d3c53288006cf41fb3255f1b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642376Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72356}

This is a reland of b77deeca

Changes compared to original: Add explicit narrowing casts in tests
for MSVC.

Original change's description:
> [wasm-gc] Remove abstract rtts
>
> In the latest wasm-gc spec, rtts of abstract types are no longer
> allowed. Consequently, canonical rtts of concrete types always have
> a depth of 0.
>
> Changes:
> - Change the immediate argument of rtts to a type index over a heap
>   type. Abstract it with TypeIndexImmediate in function body decoding.
>   This affects:
>   value_type.h, read_value_type(), decoding of relevant opcodes,
>   wasm subtyping, WasmInitExpr, consume_init_expr(), and
>   wasm-module-builder.cc.
> - In function-body-decoder-impl.h, update rtt.canon to always produce
>   an rtt of depth 0.
> - Pass a unit32_t type index over a HeapType to all rtt-related
>   utilities.
> - Remove infrastructure for abstract-type rtts from the wasm compilers,
>   setup-heap-internal.cc, roots.h, and module-instantiate.cc.
> - Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
>   from ref.test, ref.cast and br_on_cast implementations in the wasm
>   compilers.
> - Remove unused 'parent' field from WasmTypeInfo.
> - Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
>   and CreateArrayMap.
> - Use more convenient arguments in IsHeapSubtypeOf.
> - Update tests.
>
> Bug: v8:7748
> Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72321}

Bug: v8:7748
Change-Id: I22b204b486fd185077cd6c7f15d492f5143f48fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650207
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72355}

All wasm code has an initial ref count of 1, in the expectation that it
will be added to the code table. When the code is removed from that
table, the ref count will be decremented.
Stepping code (and also other code under special circumstances) will not
be added to the code table though. Hence the ref count will never be
decremented below 1, and the code will never be garbage-collected.

This CL fixes this, by decrementing the ref count if the code is not
added to the code table.
Note that the code will only be collected if no isolate is currently
using it, so it won't be collected while still in use for stepping.

R=thibaudm@chromium.org

Bug: chromium:1168564
Change-Id: I3047753591cbc52689ca019e9548ec58c237b835
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649040
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72354}

... per code space. This avoids redudant work, including potentially
locking the NativeModule.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I34d5aa9aaff5a487042889613676d2a8d96497e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644948
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72353}

Start nodes for JS functions have the following Parameter node value
outputs:

 closure, ...args_including_receiver, new_target, argc, context

This CL adds helper functions for these. There's two interesting
gotcha's:

- Each Parameter node is associated with an index, starting at -1.
Value output indices obviously start at 0, so there's an off-by-one
between the value output of the Parameter node, and the Parameter
node's associated index.
- CSA/Torque graphs use different Start node layouts, yet these are
not reflected in compiler logic. There's potential for confusion here.
The two layouts should be unified or made explicit.

Finally, tests create Start nodes with arbitrary layouts. This blocks
removal of methods marked _MaybeNonStandardLayout.

In an ideal world, the parameter index would equal the start node
output index, and the layout of all Start nodes would be equal. Future
work..

Change-Id: I908909880817979062d459b7a80ed4fede40e2ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649035
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72352}

Port: 9db3cb75

Port: 22e06c7b

Change-Id: Ib42f9729220365f1803cfbc634e3f37f5209e142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650045
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72351}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/32fd3b2..fcaf1b1

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/450b6b6..71044df

Rolling v8/buildtools/linux64: git_revision:d62642c920e6a0d1756316d225a90fd6faa9e21e..git_revision:55ad154c961d8326315b1c8147f4e504cd95e9e6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/957dfea..f8d79d2

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1076f38..6d0c0ff

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/94a96af..eb5ab41

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ic3d42a67d8590ee5f1d0c7cc7d6df3848372b337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2651163Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72350}

If a lazy compilation happens in between 2 Wasm calls, we need to save
the full Simd register, since we can have live v128 values.

Port: 3b302d5c

Bug: chromium:1161555
Change-Id: Id79c609cc01e896f48aff39fdcbf4aa76ae6996e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649260Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72349}

Use external references to hold splat values.

Bug: v8:11349,v8:11086
Change-Id: I829d136ae7c7f8e28de991d06f6a321551402ae1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2648972Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72348}

Bug: v8:11215
Change-Id: I311729509f40ff6e03fc93ef4abdf3b3ce3a65e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650766Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72347}

WeakMember references are used in ephemerons which uses the ordinary
LivenessBroker for determining whether an object is dead or not.

Bug: chromium:1056170
Change-Id: I7f25da22637fba24603bccb76e266357b0371525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649042
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72346}

Add reporting of C++ memory to V8's heap growing strategy via
existing EmbedderHeapTracer interface.

In addition, introduce API-level NoGarbageCollectionScope which
allows to temporarily avoid scheduling GC finalizations. Replace
internal NoGCScope with NoGarbageCollectionScope and remove
NoGCScope.

Bug: chromium:1056170
Change-Id: I0ad3dfd67eb81f09f48e2ab87f9bbece7491ed71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650210
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72345}

This reverts commit 3a405b01.

Reason for revert: thread-sanitizer failures on Linux64 TSAN bot:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/35141/overview

Original change's description:
> [cpu-profiler] Implement weak phantom finalizers for CodeMap entries
>
> Listen to code deletion events by registering finalizers on code
> objects, a first stab at non-leaky long-lived code entries.
>
> Bug: v8:11054
> Change-Id: Ieaaa5b63508263bd261e8385f5bf5dd3baedf9c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2628587
> Commit-Queue: Andrew Comminos <acomminos@fb.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72342}

TBR=ulan@chromium.org,petermarshall@chromium.org,acomminos@fb.com

Change-Id: If22a893af469c9d4d3e00fb124c42cdc52b9a19b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649156Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72344}

Bug: chromium:1056170
Change-Id: I00511c69e9681a80993bcb8ddb370030fc3d208c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649030
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72343}

Listen to code deletion events by registering finalizers on code
objects, a first stab at non-leaky long-lived code entries.

Bug: v8:11054
Change-Id: Ieaaa5b63508263bd261e8385f5bf5dd3baedf9c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2628587
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72342}

Port 906b9644

Original Commit Message:

    This is merged into the proposal:
    https://github.com/WebAssembly/simd/issues/419#issuecomment-765675472.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I801c4337e2ea4671ef82cb1244b8da251d56fc2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650242Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72341}

Multi byte values get stored on native host order when
arrays are being constructed, however as Wasm is LE enforced,
they get reversed on BE machines during simd load. This causes
incorrect values loaded into vector registers.

This CL will force mask elements to be saved in byte sizes
to eliminate endianness issues.

Change-Id: I7f2e5017664234e01fc8b51a95cdd852a418b651
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645586Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72340}

Bug: v8:10975
Change-Id: I40b0c2c36553b44a510f8519b53195ab97f6f5a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645474
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72339}

Bug: v8:10975
Change-Id: I7d69b533fda8be369afe949699eea5abddda9a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645469
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72338}

Change-Id: I96abe7c2b2a2c988867dda3cf823f11c00ddec87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650234Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72337}

movups is slower on older hardware (core2) than movaps, even if the
operand is aligned. (Not an issue on modern hardware).

Also move i8x16.splat(0x0F) to an external reference so we can load the
mask directly.

Bug: v8:11002
Change-Id: I0b01c27a142024d50b9faaa9e7bd6a1fe169e141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643242Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72336}

Bug: chromium:1161555
Change-Id: I449c10984a55bb43b7221d66b195552835af21a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650352Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72335}

Factor out the v128.load32_lane code sequence into macro-assembler functions
to be reused by Liftoff.

Bug: v8:10975
Change-Id: I9f53b5d98dfd610c4feafb087f00e6fc6dfca8d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645467
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72334}

This is merged into the proposal:
https://github.com/WebAssembly/simd/issues/419#issuecomment-765675472.

Bug: v8:11215
Change-Id: Ibe37c4f8a977ab9af1cc2dd083f1ebb88b27acfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647986Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72333}

Since publishing is sequential anyway, we can as well publish all
available units in one go. This avoids repeated locking in both the
queue and the NativeModule.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: Ie4b8914caaafd8d1e3330cb30f427aee6e571e9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644947
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72332}

(Initially copied from nicohartmann@ CL
https://chromium-review.googlesource.com/c/v8/v8/+/2135631)

This CL adds a new intrinsic %ObserveNode(expr) which has noop semantics
but triggers the new NodeObserver set on the OptimizedCompilationInfo
when the node generated for expr is created or changed in any phase
(until EffectControlLinearization).

This provides the infrastructure to write reasonable unit tests that
check for the construction of or lowering to specific nodes (e.g.
depending on feedback).

When %ObserveNode(expr) is used an object of class ObserveNodeManager is
registered to every Reducer/GraphReducer and is notified by the Reducer
with all node changes. The same logic is added to classes
SimplifiedLowering/RepresentationSelector, which do not inherit from
class Reducer.

Observed Node modifications currently are:
 * The Node Operator
 * The Node type
 * Node replacements

A first use case (cctest/test-sloppy-equality.cc) is included in this CL.

Change-Id: Idc5a5e38af8b1d9a2ec5021bf821c4e4e1406220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555219
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72331}

This is a reland of 5a0938e5

The fix is in instruction-selector-x64.cc, the OpParameter is a
uint8_t, I typo-ed a int8_t.

Drive-by fix to maro-assembler-x64.cc to use movaps instead of movapd.

Original change's description:
> [wasm-simd][x64] Prototype i32x4.widen_i8x16_{s,u}
>
> This prototypes i32x4.widen_i8x16_s and i32x4.widen_i8x16_u for x64. It
> uses some masks and pshufb for the widening.  These masks (3 for each
> instruction) are stored as external references.
>
> Bug: v8:11297
> Change-Id: I6c8f55426bbb44b16ed552f393762c34c2524b55
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617389
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72301}

Bug: v8:11297
Change-Id: Ie1df32bd4ef3c71532cab6f82a515f619b6a2b67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2648967Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72330}

Recompilation for tier down should not be triggered if the module had a
compile error. This CL ensures that by moving the recompilation a bit
later in the async compilation, to a place where a compile error would
have been detected already. An added DCHECK would catch similar bugs
earlier (crashing instead of timing out).

R=ahaas@chromium.org

Bug: chromium:1160031
Change-Id: I7eb3d2921db0f28bb39e9ec6150fd98fd4b99089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649028
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72329}

The number of old-to-new slots was used as a heuristic in
GetMaxConcurrency() to control the number of background jobs. The
calculation already caused a bug that was fixed in
https://crrev.com/c/2593247 and isn't used in a major mark-compact.
Reduce complexity by removing that heuristic.

Change-Id: I88989974a94230b7d6f59846f5b0cce14b4118ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649039Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72328}

Due to some unusual build failures on some trybots,
v8_generate_external_defines_header was reverted to false. This turns it
back on but changes the behaviour so that defines are added to the
command line as well as to the header. Because the generated header
checks that flags that should be unset are actually unset and flags that
should be set are either unset or set to 1, this will cause build
failures on many types of mismatches, although it will not detect where a
flag is not set on the command line when it is set by the header.

If no further failures show up with this, the hybrid part can be removed
and the v8-gn.h header can stand on its own.

Bug: v8:11292, v8:11341
Change-Id: I1deeeebec58f79607e68a28f808649e884810923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649041
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72327}

Writing out the number of functions in the module is unnecessary. That
number is only used for validation when reading back the value, but only
validating that number is pretty arbitrary and does not protect against
bugs or attacks. Hence skip these two header fields.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I083075e2c8959f99690fd1478d0950a25eb7311f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644946
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72326}

Holding an unordered set is surprisingly inefficient for large sets.
Switching to just a vector makes e.g. deserialization of large modules
30% faster. We pay in terms of memory usage though, so if there is ever
a use case where we are storing the same code objects multiple times, we
might want do add a deduplication algorithm which cleans up the vector
every now and then.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I3983ee7f6f04ea7678b8da49fb5cec369693dbc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647260
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72325}

The GC requires all slots in a stack frame that store a reference to be
aligned. This alignment was not provided for spill slots in OOL code.

R=thibaudm@chromium.org

Change-Id: I17492362318623aecc4c54635407d0c8badf3d36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649025Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72324}

The contract between V8 and Blink is that embedder fields belong to
Blink, at least when the object has two or more of them. Now we had 2-3
embedder fields used by the debug proxies and that was confusing Blink,
since it expects the first slot to hold an aligned pointer in that case
and we had a HeapObject reference stored there.

This is a quickfix, which avoids internal fields completely for the
context extension proxy (using interceptors on the prototype instead)
and changes the named proxies to store the name table under a private
symbol instead of using a second internal field.

A proper but way more involved fix is to introduce a proper instance
type here and use space in the header instead of misusing embedder
fields.

Fixed: chromium:1170283
Bug: chromium:1159402
Change-Id: I6c4bbe2fe88fef29a6b9946708588245efbbe72b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649033
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72323}