Bug: v8:11771
Tbr: machenbach@chromium.org
Change-Id: Ib0e64e84c930c791023d8743fe0b0373ab626071
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904216Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74651}

Changes:
- SetBlockType now instantiates the block's start merge with values of
  the correct type in unreachable code.
- EnsureStackArguments now keeps the existing stack values and moves
  them over the new bottom values.
- Drop stack size validation in Drop().
- Add new tests in unreachable-validation.js.

Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74650}

We used to verify its index as if it was a function index.

Bug: chromium:1210447

Change-Id: I5e015b1b11b22b6b7e7e13dac4945f8eb6f3d846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903153Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74649}

Since debug-interface.h and isolate.h only uses
v8_inspector::V8Inspector as a pointer type, this removes the #includes
and forward declares the type.

Bug: v8:11384
Change-Id: Ia361fc3a028a9abf5ee42ecb3b2575bc84a81e35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903159
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74648}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/30196c5..4036cf1

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a68a003..c1e1d55

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1fc595b..6b0a611

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/298d9e6..5b8d433

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/701e2be..a38f01b

Rolling v8/tools/luci-go: git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2..git_revision:22d464e2f8f3bd2bd33f69fe819326d63f881008

Rolling v8/tools/luci-go: git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2..git_revision:22d464e2f8f3bd2bd33f69fe819326d63f881008

Rolling v8/tools/luci-go: git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2..git_revision:22d464e2f8f3bd2bd33f69fe819326d63f881008

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Id08b26af423f65f67a64289c03a5e2eba5c6bfa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904925Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74647}

Marking holds the process wide mutex for synchronizing CrossThread*
references. In addition, marking may also create temporary copies of
Member references for concurrent tracing (snapshot).

Provide HeapRegistry with its own mutex to avoid a deadlock with
Member checking during marking.

Bug: chromium:1056170
Change-Id: I31d922ec1a476942e29d8d4fa7d864a015f428cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904211
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74646}

Change-Id: I8ecf009aa560144f572bd954a1aa8bde8732ffa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904267Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74645}

Drive-by fix: The file name for WATCHLISTS in the OWNERS file rule was
wrong, so fixing that too so that it's possible to modify WATCHLISTS
without eng reviewers approval in the future.

Change-Id: I0e24c5d459aab2bb346aca64125eabe0ceac8274
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903154Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74644}

In order to support Fast API calls with overloads, store a FixedArray
of c-function addresses and a FixedArray of the corresponding
FunctionInfo*. For now keep using only the first function in the array.

Bug: v8:11739
Change-Id: If23381aa9d04c5cd830043951da9c53836a36328
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876592Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74643}

Using `thread_local` on AIX causes the following error during linking:
```
ld: 0711-317 ERROR: Undefined symbol: TLS init function for ...
```
To avoid the issue we can use the __thread keyword.

More on this gcc bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100641

Bug: v8:11755
Change-Id: Ic9738e8dfb7110b550328c5d9929f4453e545b0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903586Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74642}

This was only relevant for the br_on_exn instruction, which doesn't
exist anymore.

R=clemensb@chromium.org

Change-Id: I03f85a316a8265ad1c5e1c15862d7ae98b784977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902734Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74641}

The early/late graph trimming phases remove dead nodes from the graph,
however these dead nodes don't have significant impact on the quality of
the codegen or the performance of the rest of the pipeline.

BUG=v8:9684

Change-Id: I1e797b520accc19ea59f2a430433e5b489c10e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897889Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74640}

The test relies on deterministic GC behavior.

Bug: v8:11771
Change-Id: I4c04f683ca51e0849e11736c97a2f2342977cc36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902735
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74639}

This is the second reland of 4683d6fe

Initial CL:   crrev.com/c/2874663
First reland: crrev.com/c/2886861

The first reland fixes Ref construction failures in:
- MapRef::instance_descriptors
- NativeContext reads (see also crrev.com/c/2891575)

The second reland (this CL):
- Adds required infrastructure (e.g. kAssumeMemoryFence) but
  without enabling the IsPendingAllocation check. Enabling the check
  will be done separately to avoid further revert chains.

Original change's description:
> [compiler] Consider IsPendingAllocation in Ref construction
>
> The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
> of the object are safe to read. In particular, the instance type
> must be readable for the chain of `Is##Name()` type checks.
>
> This is guaranteed if
>
>  - a global memory fence happened after object initialization and
>    prior to the read by the compiler; or
>  - the object was published through a release store and read through
>    an acquire read.
>
> The former is protected by the new call to ObjectMayBeUninitialized
> (which internally calls IsPendingAllocation) in TryGetOrCreateData.
>
> The latter must be marked explicitly by calling the new
> MakeRefAssumeMemoryFence variant.
>
> Note that support in this CL is expected to be incomplete and will
> have to be extended in the future as more cases show up in which
> MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
> TryMakeRef.
>
> Bug: v8:7790,v8:11711
> Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74474}

Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679
Change-Id: I123b2962df724a13dd2c7334ae949234bc3bf27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902738Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74638}

We compile with Sparkplug when we allocate the feedback vector with lazy
feedback vector allocation.
With --no-lazy-feedback-allocation, it doesn't make sense to run
baseline tests.

Change-Id: Ib71e8624531ba927680e83c2e813c0886c460da4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903148
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74637}

No-try: true
Bug: v8:11784
Change-Id: I7d40cbead84d27a7783d3e05eeedcc8ea7597bc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903151
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74636}

Different runs of the correctness fuzzer might flush the bytecode
of the function passed to d8.test.verifySourcePositions, resulting
in spurious errors. Therefore don't expose verifySourcePositions
for correctness fuzzing.

Bug: chromium:1209242
Change-Id: I0395afcd5a5e109779d7b79d9f6939899eaaf99c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903144
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74635}

The cycle mentioned in the comment has disappeared but we still need
to set the native context Ref twice, once when the broker mode is
kDisabled, and once when it's kSerializing (the earlier Ref is
invalid by that time).

Bug: v8:7790
Change-Id: I5778814a20c2706ca088557176aaa9ccfc3a39df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902741
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74634}

This header file is not used by the torque compiler but by the
torque-generated headers. (Fixes 1 gn check error currently suppressed
due to gn check exclusions).

Bug: v8:7330
Change-Id: I23c05bac814c1e9c373dadcb3f69ea76ff7c2358
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902737
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74633}

No-Tree-Checks: true
Bug: v8:11784
Change-Id: I5dc72339fa7d72022cdfaad028297f572df2e907
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902739
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74632}

Side-Effect-free debug evaluate is available through the CDP Runtime
domain as well, besides the Debugger domain, and does not require
debugging to be active.

Change-Id: I84af194af65cbac311d208e35af7338cb675eb36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902729
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74631}

The marking verifier already traverses the whole heap using page
iteration. Add an option to allow checking that the verifier pass
finds the same amount of live bytes as the marker traversal.

Bug: chromium:1056170
Change-Id: I1dc4cd0c04147b8cd3e3eb7678276b665336e615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902724
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74630}

Conceptually, Oilpan uses tri-color marking even though the
implementatin only uses a single mark bit. The difference between gray
and black is represented by the fact that an objet is contained within
a worklist.

Live bytes are accounted on gray->black transition and must only
happen once. This is generally implemented when retrieving an object
from the work list and processing it.

For weak containers this CL fixes the following issues:

1. Weak containers that are strongified during stack scanning were
   double accounted as they were just added to the marking worklist.
   Instead, directly process them during stack scanning.
2. Accounting was missing in case of purely weak collections without
   ephemeron tracing. In such a case, the backing store would not be
   added to a worklist and be considered as black immediately. The fix
   is to directly account the marked bytes in such a scenario.

Bug: chromium:1056170
Change-Id: I350ae1b90ad1753d024a3ce33fc3ec3126a2095d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900661Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74629}

Most of the Map's fields are being read directly from the heap so
there's no need to serialize them with concurrent inlining on.

As an extra step, read NextFreePropertyIndex directly.

Bug: v8:7790
Change-Id: Ia0c46a3bbb673f9fdea9b4700908f00a43c28e28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892665
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74628}

This reverts commit 2c096b53.

Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3838/overview

Original change's description:
> [codegen] Add TSAN support for tagged stores in generated code
>
> Mimics the kArchStoreWithWriteBarrier store in generated code by having
> a relaxed store to the same address, with the same value. This is done
> in order for TSAN to see these stores from generated code.
>
> Since it is done only for kArchStoreWithWriteBarrier TSAN will see
> tagged stores only.
>
> Bug: v8:7790, v8:11600
>
> Change-Id: I275dd46f5556b3a095c416adc03f2f0ac5bde41c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848470
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74568}

Bug: v8:7790
Bug: v8:11600
Change-Id: Ib0c7917af2b4ba43b81a8afebd687324cd78b228
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902930
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74627}

Bug: v8:11767
Change-Id: Ie697921bf9d4247d1032015bddcbcc892223efdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902341Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74626}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c81ea93..30196c5

Rolling v8/third_party/aemu-linux-x64: WNXEl7yxDUmMN9Rkovz3EfBwNd26BEXmanIIz_jO2DgC..-Sz2gSN_5yVSHDlitjxUlmZpHuz-F2kFDW6TnmggCZoC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a532699..a68a003

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cd15203..1fc595b

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/5ce08a7..298d9e6

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f6e0cbe..701e2be

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ib55178cdcd99a94e5e38f552c990e38118fafe9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901251Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74625}

Reverts part of the change https://chromium-review.googlesource.com/c/v8/v8/+/2892664
to avoid using bitfields for Truncation since it causes older versions of gcc
to report a warning.

BUG=v8:9684

Change-Id: Ia807d6dbbb5ae1baae73bf5816c336b9b80ae83d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900660
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74624}

Change-Id: I0fb3a4738c8e9b4b4328b8a1e142eefed61ec998
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881494
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74623}

This reverts commit 50cbeca9.

Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3824/overview

Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}

Bug: v8:7790
Bug: v8:11600
Change-Id: I3a4c57a29346fe6c84ec11404d8ff64cfac51a70
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902926
Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74622}

This reverts commit 4683d6fe.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview


Original change's description:
> Reland "[compiler] Consider IsPendingAllocation in Ref construction"
>
> This is a reland of 5f0ac36c
>
> Fixes Ref construction failures in:
> - MapRef::instance_descriptors
> - NativeContext reads (see also crrev.com/c/2891575)
>
> Original change's description:
> > [compiler] Consider IsPendingAllocation in Ref construction
> >
> > The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
> > of the object are safe to read. In particular, the instance type
> > must be readable for the chain of `Is##Name()` type checks.
> >
> > This is guaranteed if
> >
> >  - a global memory fence happened after object initialization and
> >    prior to the read by the compiler; or
> >  - the object was published through a release store and read through
> >    an acquire read.
> >
> > The former is protected by the new call to ObjectMayBeUninitialized
> > (which internally calls IsPendingAllocation) in TryGetOrCreateData.
> >
> > The latter must be marked explicitly by calling the new
> > MakeRefAssumeMemoryFence variant.
> >
> > Note that support in this CL is expected to be incomplete and will
> > have to be extended in the future as more cases show up in which
> > MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
> > TryMakeRef.
> >
> > Bug: v8:7790,v8:11711
> > Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74474}
>
> Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679
> Change-Id: Ib3dbf59909e6982a3230dd6a67c9fb7d6ffb9ab4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886861
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74587}

Bug: v8:7790
Bug: v8:11711
Bug: chromium:1207680
Bug: chromium:1207679
Change-Id: I8cd45ac006b7b5f3d668d0df272bcba880c75926
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901990Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74621}

This reverts commit 0a661a9a.

Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this)
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview



Original change's description:
> Revert "[compiler] Temporarily change ContextRef back to kSerialized"
>
> This reverts commit 445f0f74.
>
> Reason for revert: TryMakeRef is again ready for this.
>
> Original change's description:
> > [compiler] Temporarily change ContextRef back to kSerialized
> >
> > This can be reverted once TryMakeRef checks the heap predicate.
> > I'm not reverting the previous CL because newer changes already depend
> > on it.
> >
> > Tbr: jgruber@chromium.org
> > Bug: v8:11765, v8:7790
> > Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Auto-Submit: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74531}
>
> Bug: v8:11765
> Bug: v8:7790
> Change-Id: I0b38791255182f1f8d0a5cf79f18d86568172487
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897101
> Commit-Queue: Georg Neis <neis@chromium.org>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74591}

Bug: v8:11765
Bug: v8:7790
Change-Id: I462b9b098781101549ebd6c185697d4b235c2888
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901989
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74620}

Bug: v8:11719
Change-Id: Ib9064e09a77b03adc1234e2f1739983cdab24113
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2898778
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74619}

This reverts commit 59bb4325.

Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this)
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview


Original change's description:
> [compiler] Remove one ObjectRef constructor
>
> Remove the handle-taking ObjectRef constructor in favor of
> (Try)MakeRef as bottleneck.
>
> Bug: v8:7790
> Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74593}

Bug: v8:7790
Change-Id: Ifdecf93a3a8c09a3da7118a269fc66c2ae0f1a09
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901988Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74618}

This reverts commit 6d99f933.

Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this)
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview

Original change's description:
> [compiler] Replace EnsureElementsTenured by IsElementsTenured
>
> We can't mutate heap state from the compiler thread; turn this into a
> predicate and emit generic code if it returns false.
>
> Bug: v8:7790
> Change-Id: I6186a87e178d0c0206b6e7659fa2a41bf65fd835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876845
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74596}

Bug: v8:7790
Change-Id: Ic32921a2f7d870560cd596933d6308a04d757e22
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901986Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74617}

This reverts commit 5258364e.

Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this)
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview

Original change's description:
> [compiler] Make NativeContextRef never-serialized
>
> Most NativeContext elements are immutable after initialization;
> additionally, we now use acquire-release semantics to load/store
> elements when possible. Reading and constructing Refs for elements
> is thus possible from the background.
>
> A few notes:
>
> - A few elements are not immutable; if read from the background
> thread, these must use acquire-release semantics.
> - Elements can be stored from generated code; these are not compatible
> with bg-thread accesses.
> - While elements can be read safely from the native context, the
> elements themselves may still require serialization; this is done in
> NativeContextRef::Serialize.
>
> Bug: v8:7790
> Change-Id: I12e9611a292e7dd912438c712390731a5422407d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897254
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74604}

Bug: v8:7790
Change-Id: I5c26b476a25a9af0ff4e56e51b5aa35d87cf35c1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901985
Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74616}

This reverts commit 03fcd892.

Reason for revert: breaks linux64 https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64/42874/overview

Original change's description:
> [compiler] Skip IsPendingAllocation check in Ref construction
>
> This temporarily reverts the key part of
> https://chromium-review.googlesource.com/c/v8/v8/+/2886861
> in order to unblock the roll.
>
> Bug: v8:7790, chromium:1209798
> Change-Id: I10a02bdb2f1a0e0a2b1238481dc39a1d975ee5b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2896983
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74611}

Bug: v8:7790
Bug: chromium:1209798
Change-Id: I79fae981acb3f2ddfc1d7d9a49a73d1741d19e71
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901984
Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74615}

Bug: v8:11718
Change-Id: If903f5e336729fa55bec03acef40025ce20d6ce7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2898176Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74614}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/70bc32e..6d353a

Bug: v8:7834, v8:10958
Change-Id: Ifa497643d8de2f8dc0f01af2d14c79f5aa84d7d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900879Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74613}

tldr: This adds an on-demand comparison with x64 when a difference to
a non-x64 build is detected.

Normally foozzie compares the baseline build (just ignition), with
two secondary builds. One, the default, always uses the shipping
configuration, the second passes additional flags. Both can use a
different architecture than the baseline build as well.

Differences between ignition and turbofan are then often detected
independent of the architectures used, but reported several times
(for each compared architecture).

This makes the reporting more specific, by running another build on
demand that uses the baseline architecture, but otherwise the same
configuration that showed a difference. If it shows the difference as
well, the baseline architecture is used for the report.

As a result only pure architecture differences will be reported with
an architecture other than x64.

This also adds some minor refactorings to reduce the code complexity
when looping over comparisons.

For testing this, the fake-d8s are extended with different behavior
for different flags passed. We add two test cases for testing:
x64 vs. ia32 with difference in x64 and ia32
x64 vs. ia32 with difference only in ia32

Bug: chromium:1196633
No-Try: true
Test: tools/clusterfuzz/v8_foozzie_test.py
Change-Id: Ic470ae8f0b37fb1628b32e4fafc0c39377e16f8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897099Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74612}