Change-Id: I8cb9f7860bb7b3cfc8ee291910c2f219309606dd
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485224
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70662}

Bug: v8:11037
Change-Id: I39c790bc435ab2c9fde7f17c8c6fa42a920e16d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485509Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70661}

It is a little shorter and cheaper[1] than the equivalent
"mov sp,bp; pop bp".

Also remove support for the 'enter' instruction, since
- it is unused,
- it is neither shorter nor cheaper than the corresponding
  push and mov (in fact more expensive[1]), and
- our disassembler doesn't support it.

[1] See https://www.agner.org/optimize/instruction_tables.pdf

Change-Id: I6c99c2f3e53081aea55445a54e18eaf45baa79c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482822
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70660}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/ad8a5e9940..0e7319c015

Bug: v8:7834
Change-Id: If9bb92b37e6dac0b1f14b5813e56a4ed478d9b06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486222Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70659}

This reverts commit fbfa9bf4.

Reason for revert: Seems to break arm64 sim CFI build (please see DeoptExitSizeIfFixed) - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/2808

Original change's description:
> Reland "[deoptimizer] Change deopt entries into builtins"
>
> This is a reland of 7f58ced7
>
> It fixes the different exit size emitted on x64/Atom CPUs due to
> performance tuning in TurboAssembler::Call. Additionally, add
> cctests to verify the fixed size exits.
>
> Original change's description:
> > [deoptimizer] Change deopt entries into builtins
> >
> > While the overall goal of this commit is to change deoptimization
> > entries into builtins, there are multiple related things happening:
> >
> > - Deoptimization entries, formerly stubs (i.e. Code objects generated
> >   at runtime, guaranteed to be immovable), have been converted into
> >   builtins. The major restriction is that we now need to preserve the
> >   kRootRegister, which was formerly used on most architectures to pass
> >   the deoptimization id. The solution differs based on platform.
> > - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
> > - Removed heap/ support for immovable Code generation.
> > - Removed the DeserializerData class (no longer needed).
> > - arm64: to preserve 4-byte deopt exits, introduced a new optimization
> >   in which the final jump to the deoptimization entry is generated
> >   once per Code object, and deopt exits can continue to emit a
> >   near-call.
> > - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
> >   sizes by 4/8, 5, and 5 bytes, respectively.
> >
> > On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
> > by using the same strategy as on arm64 (recalc deopt id from return
> > address). Before:
> >
> >  e300a002       movw r10, <id>
> >  e59fc024       ldr ip, [pc, <entry offset>]
> >  e12fff3c       blx ip
> >
> > After:
> >
> >  e59acb35       ldr ip, [r10, <entry offset>]
> >  e12fff3c       blx ip
> >
> > On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
> > with CFI). Additionally, up to 4 builtin jumps are emitted per Code
> > object (max 32 bytes added overhead per Code object). Before:
> >
> >  9401cdae       bl <entry offset>
> >
> > After:
> >
> >  # eager deoptimization entry jump.
> >  f95b1f50       ldr x16, [x26, <eager entry offset>]
> >  d61f0200       br x16
> >  # lazy deoptimization entry jump.
> >  f95b2b50       ldr x16, [x26, <lazy entry offset>]
> >  d61f0200       br x16
> >  # the deopt exit.
> >  97fffffc       bl <eager deoptimization entry jump offset>
> >
> > On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
> >
> >  bb00000000     mov ebx,<id>
> >  e825f5372b     call <entry>
> >
> > After:
> >
> >  e8ea2256ba     call <entry>
> >
> > On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
> >
> >  49c7c511000000 REX.W movq r13,<id>
> >  e8ea2f0700     call <entry>
> >
> > After:
> >
> >  41ff9560360000 call [r13+<entry offset>]
> >
> > Bug: v8:8661,v8:8768
> > Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#70597}
>
> Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
> Bug: v8:8661,v8:8768,chromium:1140165
> Change-Id: Ibcd5c39c58a70bf2b2ac221aa375fc68d495e144
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485506
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70655}

TBR=ulan@chromium.org,rmcilroy@chromium.org,jgruber@chromium.org,tebbi@chromium.org

Change-Id: I4739a3475bfd8ee0cfbe4b9a20382f91a6ef1bf0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8661
Bug: v8:8768
Bug: chromium:1140165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485223Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70658}

This reverts commit 403390ec.

Reason for revert: Seems to break noi18n build - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/34316

Original change's description:
> [ia32] Remove arguments adaptor frame
>
> Change-Id: Id66d2c57fc92c00b033bc53231313f477cceca75
> Bug: v8:10201
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448463
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70652}

TBR=neis@chromium.org,ishell@chromium.org,victorgomes@chromium.org

Change-Id: Ia87c887260571e2c6461700eb10ca792bc83e254
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487129Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70657}

Bug: v8:10799
Change-Id: Id912520b6a27e439e204bac47c0723a8f613be4b
Fixed: v8:10799
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2472000
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70656}

This is a reland of 7f58ced7

It fixes the different exit size emitted on x64/Atom CPUs due to
performance tuning in TurboAssembler::Call. Additionally, add
cctests to verify the fixed size exits.

Original change's description:
> [deoptimizer] Change deopt entries into builtins
>
> While the overall goal of this commit is to change deoptimization
> entries into builtins, there are multiple related things happening:
>
> - Deoptimization entries, formerly stubs (i.e. Code objects generated
>   at runtime, guaranteed to be immovable), have been converted into
>   builtins. The major restriction is that we now need to preserve the
>   kRootRegister, which was formerly used on most architectures to pass
>   the deoptimization id. The solution differs based on platform.
> - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
> - Removed heap/ support for immovable Code generation.
> - Removed the DeserializerData class (no longer needed).
> - arm64: to preserve 4-byte deopt exits, introduced a new optimization
>   in which the final jump to the deoptimization entry is generated
>   once per Code object, and deopt exits can continue to emit a
>   near-call.
> - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
>   sizes by 4/8, 5, and 5 bytes, respectively.
>
> On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
> by using the same strategy as on arm64 (recalc deopt id from return
> address). Before:
>
>  e300a002       movw r10, <id>
>  e59fc024       ldr ip, [pc, <entry offset>]
>  e12fff3c       blx ip
>
> After:
>
>  e59acb35       ldr ip, [r10, <entry offset>]
>  e12fff3c       blx ip
>
> On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
> with CFI). Additionally, up to 4 builtin jumps are emitted per Code
> object (max 32 bytes added overhead per Code object). Before:
>
>  9401cdae       bl <entry offset>
>
> After:
>
>  # eager deoptimization entry jump.
>  f95b1f50       ldr x16, [x26, <eager entry offset>]
>  d61f0200       br x16
>  # lazy deoptimization entry jump.
>  f95b2b50       ldr x16, [x26, <lazy entry offset>]
>  d61f0200       br x16
>  # the deopt exit.
>  97fffffc       bl <eager deoptimization entry jump offset>
>
> On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
>
>  bb00000000     mov ebx,<id>
>  e825f5372b     call <entry>
>
> After:
>
>  e8ea2256ba     call <entry>
>
> On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
>
>  49c7c511000000 REX.W movq r13,<id>
>  e8ea2f0700     call <entry>
>
> After:
>
>  41ff9560360000 call [r13+<entry offset>]
>
> Bug: v8:8661,v8:8768
> Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70597}

Tbr: ulan@chromium.org, tebbi@chromium.org, rmcilroy@chromium.org
Bug: v8:8661,v8:8768,chromium:1140165
Change-Id: Ibcd5c39c58a70bf2b2ac221aa375fc68d495e144
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485506Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70655}

Gracefully handle hugely nested JSBoundFunctions by checking against
the local isolate's stack limit in relevant recursive functions.

This is based on d734bb4c (which was
reverted).

In order to get access to the local isolate, the CL replaces the heap
broker's LocalHeap pointer with a LocalIsolate pointer.

Bug: chromium:1125145
Change-Id: I15d6265c7dfcd8a70af4ab4ce6f30149a886be00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480682
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70654}

- Fix State timerange adjustment for multiple timelines
- Fix grid layout for detail panels
- Style panels consistently
- Simplify file-reader html

Bug: v8:10644
Change-Id: I277d88e2deb2bf71b0204034f6e63ea35f85a791
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485812
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70653}

Change-Id: Id66d2c57fc92c00b033bc53231313f477cceca75
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448463Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70652}

This is a reland of 8358ab49

Original change's description:
> [heap] Introduce new state in CollectionBarrier
>
> Introduce new state kCollectionStarted in CollectionBarrier. This state
> is used during Heap::PerformGarbageCollection. It stops threads from
> requesting GC when the GC was already started. This happens because a
> background thread only requests the GC after it parked itself - the GC
> could be started in-between those two events.
>
> Bug: v8:10315
> Change-Id: I59cf3d4ea41c7a2c37ffce89c5b057221a2499e0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474858
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70572}

Bug: v8:10315
Change-Id: I9da463c847cb0badde58ce767a6e3a24be7672f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480564Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70651}

Eventually this should be used to prevent OS stack overflow
on background threads.

Drive-by change: make more things const.

Bug: v8:10974
Change-Id: Ie659e53992f58c7c08920985d54175d61c5ee796
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474117Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70650}

This reverts commit 7f58ced7.

Reason for revert: Segfaults on Atom_x64 https://ci.chromium.org/p/v8-internal/builders/ci/v8_linux64_atom_perf/5686?

Original change's description:
> [deoptimizer] Change deopt entries into builtins
>
> While the overall goal of this commit is to change deoptimization
> entries into builtins, there are multiple related things happening:
>
> - Deoptimization entries, formerly stubs (i.e. Code objects generated
>   at runtime, guaranteed to be immovable), have been converted into
>   builtins. The major restriction is that we now need to preserve the
>   kRootRegister, which was formerly used on most architectures to pass
>   the deoptimization id. The solution differs based on platform.
> - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
> - Removed heap/ support for immovable Code generation.
> - Removed the DeserializerData class (no longer needed).
> - arm64: to preserve 4-byte deopt exits, introduced a new optimization
>   in which the final jump to the deoptimization entry is generated
>   once per Code object, and deopt exits can continue to emit a
>   near-call.
> - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
>   sizes by 4/8, 5, and 5 bytes, respectively.
>
> On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
> by using the same strategy as on arm64 (recalc deopt id from return
> address). Before:
>
>  e300a002       movw r10, <id>
>  e59fc024       ldr ip, [pc, <entry offset>]
>  e12fff3c       blx ip
>
> After:
>
>  e59acb35       ldr ip, [r10, <entry offset>]
>  e12fff3c       blx ip
>
> On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
> with CFI). Additionally, up to 4 builtin jumps are emitted per Code
> object (max 32 bytes added overhead per Code object). Before:
>
>  9401cdae       bl <entry offset>
>
> After:
>
>  # eager deoptimization entry jump.
>  f95b1f50       ldr x16, [x26, <eager entry offset>]
>  d61f0200       br x16
>  # lazy deoptimization entry jump.
>  f95b2b50       ldr x16, [x26, <lazy entry offset>]
>  d61f0200       br x16
>  # the deopt exit.
>  97fffffc       bl <eager deoptimization entry jump offset>
>
> On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
>
>  bb00000000     mov ebx,<id>
>  e825f5372b     call <entry>
>
> After:
>
>  e8ea2256ba     call <entry>
>
> On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
>
>  49c7c511000000 REX.W movq r13,<id>
>  e8ea2f0700     call <entry>
>
> After:
>
>  41ff9560360000 call [r13+<entry offset>]
>
> Bug: v8:8661,v8:8768
> Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70597}

TBR=ulan@chromium.org,rmcilroy@chromium.org,jgruber@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8661,v8:8768,chromium:1140165
Change-Id: I3df02ab42f6e02233d9f6fb80e8bb18f76870d91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485504Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70649}

See: https://github.com/nodejs/node/pull/35415#issuecomment-707828213Co-authored-by: Richard Townsend <richard.townsend@arm.com>
Change-Id: I440644f55dc8c8ec3108e5015ebbce2829dd8207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479602Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jiawen Geng <technicalcute@gmail.com>
Cr-Commit-Position: refs/heads/master@{#70648}

With non-super loads (receiver == lookup_start_object), we don't hit
the code in AccessorAssembler::GenericPropertyLoad calling
CSA::TryGetOwnProperty if the receiver (the lookup_start_object) is a
SMI.

But with super property loads, if we set up lookup_start_object the
right way, we will hit this code.

The code was assuming receiver is a HeapObject, which is too
restrictive. The receiver is only used for the accessor call, so
it's ok to make the type more generic.

Bug: v8:9237, chromium:1139786
Change-Id: I3167ccfb54a49ac1c401040a6f02fc1f3b98d9d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484366Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70647}

The logic for ensuring regular publishing in worker threads was broken
by growing the number of queues dynamically
(https://crrev.com/c/2467844). The first task(s) would assume a too
small number of worker threads, thus would publish to late (or never
before running out of units). This creates a large backlog of
to-be-published results when all threads eventually finish execution.

This CL fixes this by updating the per-task limit of results to process
before publishing. The updated value is read atomically using relaxed
memory ordering to ensure minimal impact on performance.

R=thibaudm@chromium.org

Bug: chromium:1138784, v8:11005
Change-Id: I2d00e50148e64db67a6b1a9f219ba60a1f4432ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484365Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70646}

This is a reland of c5379162

The reland fixes Code::clear_padding to correctly clear trailing
padding.

Original change's description:
> [code] Move the unwinding info into metadata area
>
> Semantically, the unwinding info is a variable-size metadata table
> with untagged (i.e. no relocation needed) contents, packed inside Code
> objects. This is just like other metadata tables (safepoint table,
> handler table, constant pool, code comments); but for historical
> reasons it's been treated differently so far. Unlike these other
> tables, the unwinding info was located *after* InstructionEnd, and its
> size was written to the first 8 bytes after InstructionEnd.
>
> This CL makes unwinding info handling more consistent with other
> metadata tables by writing its offset into a dedicated
> kUnwindingInfoOffsetOffset header slot, and by moving the actual data
> inside the [InstructionStart,InstructionEnd[ area. In follow-up CLs,
> this area will be split into dedicated instruction- and metadata
> areas.
>
> A picture is worth 1000 words, before:
>
>  +--------------------------+  <-- raw_instruction_start()
>  |       instructions       |
>  |           ...            |
>  +--------------------------+
>  |     embedded metadata    |  <-- safepoint_table_offset()
>  |           ...            |  <-- handler_table_offset()
>  |                          |  <-- constant_pool_offset()
>  |                          |  <-- code_comments_offset()
>  |    padding to the next   |
>  |  8-byte aligned address  |
>  +--------------------------+  <-- raw_instruction_end()
>  |   [unwinding_info_size]  |
>  |        as uint64_t       |
>  +--------------------------+  <-- unwinding_info_start()
>  |       unwinding info     |
>  |            ...           |
>  +--------------------------+  <-- unwinding_info_end()
>
> After:
>
>  +--------------------------+  <-- raw_instruction_start()
>  |       instructions       |
>  |           ...            |
>  +--------------------------+
>  |     embedded metadata    |  <-- safepoint_table_offset()
>  |           ...            |  <-- handler_table_offset()
>  |                          |  <-- constant_pool_offset()
>  |                          |  <-- code_comments_offset()
>  |                          |  <-- unwinding_info_offset()
>  |                          |
>  +--------------------------+  <-- raw_instruction_end()
>
> Bug: v8:11036
> Change-Id: I649708821acc5365186ca2c9cff2669fc3e91fd3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484795
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70640}

Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
Tbr: leszeks@chromium.org
Bug: v8:11036
Change-Id: I2ea056fe2a53217e0b5ae25661b92f5ddec6fca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485501
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70645}

This reverts commit 9417dae4.

Bug: v8:10765,v8:11021
Change-Id: I138d794cc3339ed58a343f8150730af5a1f3e511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485791Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Cr-Commit-Position: refs/heads/master@{#70644}

This is a reland of 8f7e9158

Original change's description:
> [debugger] Try to trigger pause-on-oom flakes with an extra printf
>
> We have an issue that we can't repro locally. Enable back the
> pause-on-oom tests with an extra printf with DEBUG. We will be able to
> better assess the failures when they appear on the bot.
>
> Bug: v8:10876
> Change-Id: I066539c4b5865ecb6f2e589e9543e8c9ebd4830b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474782
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70558}

Bug: v8:10876
Change-Id: Ice31c9455830da320ab057293c341f69e1f0c510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484799Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70643}

Switch the current bool* parameter to a structure that contains
the boolean fallback flag and is forward compatible, if we decide
to add more options to the fallback call.

Fly-by refactoring: moved V8_ENABLE_FP_PARAMS_IN_C_LINKAGE out of
a public V8 header file.

Bug: chromium:1052746
Change-Id: I844db24cc687c58b3c3bbd84b4d61bb4759bcfc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474775
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70642}

This reverts commit c5379162.

Reason for revert: Seems to cause MSAN failure - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/34931

Original change's description:
> [code] Move the unwinding info into metadata area
>
> Semantically, the unwinding info is a variable-size metadata table
> with untagged (i.e. no relocation needed) contents, packed inside Code
> objects. This is just like other metadata tables (safepoint table,
> handler table, constant pool, code comments); but for historical
> reasons it's been treated differently so far. Unlike these other
> tables, the unwinding info was located *after* InstructionEnd, and its
> size was written to the first 8 bytes after InstructionEnd.
>
> This CL makes unwinding info handling more consistent with other
> metadata tables by writing its offset into a dedicated
> kUnwindingInfoOffsetOffset header slot, and by moving the actual data
> inside the [InstructionStart,InstructionEnd[ area. In follow-up CLs,
> this area will be split into dedicated instruction- and metadata
> areas.
>
> A picture is worth 1000 words, before:
>
>  +--------------------------+  <-- raw_instruction_start()
>  |       instructions       |
>  |           ...            |
>  +--------------------------+
>  |     embedded metadata    |  <-- safepoint_table_offset()
>  |           ...            |  <-- handler_table_offset()
>  |                          |  <-- constant_pool_offset()
>  |                          |  <-- code_comments_offset()
>  |    padding to the next   |
>  |  8-byte aligned address  |
>  +--------------------------+  <-- raw_instruction_end()
>  |   [unwinding_info_size]  |
>  |        as uint64_t       |
>  +--------------------------+  <-- unwinding_info_start()
>  |       unwinding info     |
>  |            ...           |
>  +--------------------------+  <-- unwinding_info_end()
>
> After:
>
>  +--------------------------+  <-- raw_instruction_start()
>  |       instructions       |
>  |           ...            |
>  +--------------------------+
>  |     embedded metadata    |  <-- safepoint_table_offset()
>  |           ...            |  <-- handler_table_offset()
>  |                          |  <-- constant_pool_offset()
>  |                          |  <-- code_comments_offset()
>  |                          |  <-- unwinding_info_offset()
>  |                          |
>  +--------------------------+  <-- raw_instruction_end()
>
> Bug: v8:11036
> Change-Id: I649708821acc5365186ca2c9cff2669fc3e91fd3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484795
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70640}

TBR=jgruber@chromium.org,leszeks@chromium.org,dinfuehr@chromium.org

Change-Id: If8417f88f4c55771e455ec85f5efdc6343671ad3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485500Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70641}

Semantically, the unwinding info is a variable-size metadata table
with untagged (i.e. no relocation needed) contents, packed inside Code
objects. This is just like other metadata tables (safepoint table,
handler table, constant pool, code comments); but for historical
reasons it's been treated differently so far. Unlike these other
tables, the unwinding info was located *after* InstructionEnd, and its
size was written to the first 8 bytes after InstructionEnd.

This CL makes unwinding info handling more consistent with other
metadata tables by writing its offset into a dedicated
kUnwindingInfoOffsetOffset header slot, and by moving the actual data
inside the [InstructionStart,InstructionEnd[ area. In follow-up CLs,
this area will be split into dedicated instruction- and metadata
areas.

A picture is worth 1000 words, before:

 +--------------------------+  <-- raw_instruction_start()
 |       instructions       |
 |           ...            |
 +--------------------------+
 |     embedded metadata    |  <-- safepoint_table_offset()
 |           ...            |  <-- handler_table_offset()
 |                          |  <-- constant_pool_offset()
 |                          |  <-- code_comments_offset()
 |    padding to the next   |
 |  8-byte aligned address  |
 +--------------------------+  <-- raw_instruction_end()
 |   [unwinding_info_size]  |
 |        as uint64_t       |
 +--------------------------+  <-- unwinding_info_start()
 |       unwinding info     |
 |            ...           |
 +--------------------------+  <-- unwinding_info_end()

After:

 +--------------------------+  <-- raw_instruction_start()
 |       instructions       |
 |           ...            |
 +--------------------------+
 |     embedded metadata    |  <-- safepoint_table_offset()
 |           ...            |  <-- handler_table_offset()
 |                          |  <-- constant_pool_offset()
 |                          |  <-- code_comments_offset()
 |                          |  <-- unwinding_info_offset()
 |                          |
 +--------------------------+  <-- raw_instruction_end()

Bug: v8:11036
Change-Id: I649708821acc5365186ca2c9cff2669fc3e91fd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484795Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70640}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/198585c..d68ca6a

Rolling v8/third_party/aemu-linux-x64: kj9nh6CkrdEq-ctobPV7CtPMwpdU4VrQx_JgZCmejxQC..Dg0s5PKnfzzCVjDNe8EuKAnOGVVpKvB-dKqia-IpGkgC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/89eeef5..d384f36

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/958dc62..792630c

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3a982ad..4135c06

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I2ce24ab2ca6189cc614a978255f83812c263960c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485720Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70639}

The one we currently using is now marked as internal and to be removed
for 68. Migrating to the style which already avaiable in ICU 67-1.

Bug: v8:11031
Change-Id: I668382a2e1b8602ddca02bf231c5008a6c92bf2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477751Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70638}

Port 7f58ced7

Original Commit Message:

    While the overall goal of this commit is to change deoptimization
    entries into builtins, there are multiple related things happening:

    - Deoptimization entries, formerly stubs (i.e. Code objects generated
      at runtime, guaranteed to be immovable), have been converted into
      builtins. The major restriction is that we now need to preserve the
      kRootRegister, which was formerly used on most architectures to pass
      the deoptimization id. The solution differs based on platform.
    - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
    - Removed heap/ support for immovable Code generation.
    - Removed the DeserializerData class (no longer needed).
    - arm64: to preserve 4-byte deopt exits, introduced a new optimization
      in which the final jump to the deoptimization entry is generated
      once per Code object, and deopt exits can continue to emit a
      near-call.
    - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
      sizes by 4/8, 5, and 5 bytes, respectively.

    On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
    by using the same strategy as on arm64 (recalc deopt id from return
    address). Before:

     e300a002       movw r10, <id>
     e59fc024       ldr ip, [pc, <entry offset>]
     e12fff3c       blx ip

    After:

     e59acb35       ldr ip, [r10, <entry offset>]
     e12fff3c       blx ip

    On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
    with CFI). Additionally, up to 4 builtin jumps are emitted per Code
    object (max 32 bytes added overhead per Code object). Before:

     9401cdae       bl <entry offset>

    After:

     # eager deoptimization entry jump.
     f95b1f50       ldr x16, [x26, <eager entry offset>]
     d61f0200       br x16
     # lazy deoptimization entry jump.
     f95b2b50       ldr x16, [x26, <lazy entry offset>]
     d61f0200       br x16
     # the deopt exit.
     97fffffc       bl <eager deoptimization entry jump offset>

    On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:

     bb00000000     mov ebx,<id>
     e825f5372b     call <entry>

    After:

     e8ea2256ba     call <entry>

    On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:

     49c7c511000000 REX.W movq r13,<id>
     e8ea2f0700     call <entry>

    After:

     41ff9560360000 call [r13+<entry offset>]

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, miladfar@ca.ibm.com
BUG=
LOG=N

Change-Id: I49e4c92759043e46beb3c76c97823285b16feeef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486225Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70637}

All these opcodes have a simple lowering into a single x64 instruction.
We can perform a similar optimization when AVX is supported to not force
dst == src1.

Bug: v8:10116
Change-Id: I4ad2975b6f241d8209025682202b476c08b3491b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486383Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70636}

We don't need separate Load32Zero and Load64Zero instructions, since the
implementation is movss and movsd, which we already have.

Bug: v8:10713
Change-Id: I5d02e946f3bf9fe08f943a811f2d3cc8aec81ea8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486233Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70635}

Prototype these two instructions on ia32. They are movss and movsd
respectively, so the implementation is pretty simple, as we support
these instructions already.

Bug: v8:11038
Change-Id: Iebf4afab2bf1edfb4b14a4855d5036677f999ca9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486232Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70634}

I happened to notice while stepping through the StackUnwindingWin64 test
that it never actually encounters a runtime-compiled function despite
using %OptimizeFunctionOnNextCall. V8 compiles the function on the
subsequent call as requested, but the compiled function isn't very good
because there was no feedback data, and it immediately deopts. To fix,
we can call the function once between %PrepareFunctionForOptimization
and %OptimizeFunctionOnNextCall.

Change-Id: Icb25f16d43a60c36a1f85d15e2ce4535e08d1076
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2472780Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70633}

First CL with initial changes:
https://crrev.com/c/2468618

This CL adds the same set to the wasm interpreter.
We also need to make sure "negation" as well as
"std::abs" are excluded from this fix as they can reverse
the sign bit intentionally.

Change-Id: I115649f55b5290d2529dda3d5592feaff3363b76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485246Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70632}

This reverts commit eb6b4ce1.

Reason for revert: Might need rebaseline:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/7519

Original change's description:
> [runtime] Use Isolate::ThrowAt with MessageLocation
>
> Fix various missing source positions when reporting parse and compile
> errors. Namely this fixes missing source positions when having invalid
> module imports.
>
> - Use Isolate::ThrowAt with valid MessageLocation objects
> - Change public Isolate::Throw to no longer accept MessageLocation to
>   avoid misues
> - Introduce private Isolate::ThrowInternal that accepts MessageLocation
>
> Bug: v8:6513
> Change-Id: I3ee633c9fff8c9d361bddb37f56e28a50c280ec1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467839
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70623}

TBR=marja@chromium.org,cbruni@chromium.org,ishell@chromium.org

Change-Id: Ifa16ef8b6e5e411712fbad2e2a58fd700da12a69
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6513
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485498Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70631}

Not sure why I originally chose to name it LoadMem32Zero instead of
Load32Zero like the proposal. This fixes it.

Bug: v8:10713
Change-Id: If05603f743213bc6b7aea0ce22c80ae4b3023ccf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481824Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70630}

The feedback vector can be retrieved from the callee's frame, and the
actual_map can be read from the actual_value, so avoid passing these
explicitly to the DynamicMapChecks builtin. This reduces the size of
each DynamicMapCheck codegen by around 20 bytes on x64.

BUG=v8:9684

Change-Id: I31cf9b8cf085284ac051ebafc86f3e26105f3046
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485813
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70629}

For splats, we can make use of vshufps to avoid a movss. Without
AVX, specific dst to be same as src in the instruction selector.

For extract lane, we can use vshufps to extract a float into a dst xmm,
and leave junk in the higher bits.

On the meshopt_decoder.js benchmark in linked bug, it removes about 7
movss instructions that did nothing. Hardware can do register renaming,
but let's not rely on that :)

R=bbudge@chromium.org

Bug: v8:10116
Change-Id: I4d68c10536a79659de673060d537d58113308477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481473
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70628}

Change-Id: I29a6d91f542dc78a8ec532a4e4a74ccc792308a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485811
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70627}

LoadKind is not longer just for load, we use it for stores as well
(starting with https://crrev.com/c/2473383). Rename it to something more
generic.

Bug: v8:10975,v8:10933
Change-Id: I5e5406ea475e06a83eb2eefe22d4824a99029944
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481822
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70626}

IsRunning is the v8 equivalent of operator bool, but is confusing
with IsCompleted. IsValid (to match base:: operator bool) should be more
clear.

Change-Id: I2529bea21c7cb7613bd5057c66715fb5ea450396
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461840Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70625}

Also known as multiply long, this multiplies the top or bottom half of
the input operands, the result is twice as wide as the input.

This implements arm64 and interpreter.

Bug: v8:11008
Change-Id: Iad693007066dd1a9bc529b282e88812a081c3a01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469156Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70624}

Fix various missing source positions when reporting parse and compile
errors. Namely this fixes missing source positions when having invalid
module imports.

- Use Isolate::ThrowAt with valid MessageLocation objects
- Change public Isolate::Throw to no longer accept MessageLocation to
  avoid misues
- Introduce private Isolate::ThrowInternal that accepts MessageLocation

Bug: v8:6513
Change-Id: I3ee633c9fff8c9d361bddb37f56e28a50c280ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467839
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70623}