For better Turbofan debugging.

Change-Id: I79010632b1355e2a4c1a017d64db5ccbb97fa776
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252539
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#68469}

Adjust atomics.wait, atomics.notify semantics for when they are used
with non-shared Wasm memory to mirror the spec change introduced
in: https://github.com/WebAssembly/threads/pull/147. This does not
need to be gated by the flag here, as this will only decode if
the flag is enabled.

Bug: v8:9921
Change-Id: I7f2e018fed6bd131ad4c386def1e838626c28a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256863Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68468}

Bug: v8:9909
Change-Id: Icb4dd53f02bcd3b38511bb028768d276e3bfebaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2251041
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68467}

Change-Id: Id2192cb62d6e0920420a3e988593759f5892a0b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2254026
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68466}

Let's see if this is still flaky after almost 5 years.

Bug: v8:4573
Change-Id: I4cd2779b2c4aefc7bb20597db2fccc0e7e7c39c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255467Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68465}

This changes black/white list to block/allow list.

Bug: v8:10619
Change-Id: Id55d72f90891670ca57b62dfeb6b3251025927dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257228Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68464}

Bug: v8:10445
Change-Id: I4d08b77466029d248cae5cfae4a113842129675b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2254027
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68463}

There is a case where a TransitionArray shrinks during insertion. If
that's the case, we need to compute the index to insert again. However,
we can use the knowledge that already didn't appear in the array, and
after shrinking it shouldn't appear.

Change-Id: I3a742c5d37659064f143db1c4f345b0df35d0d42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238029Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68462}

This addresses a review comment from
https://github.com/WebAssembly/spec/pull/1214.

R=ahaas@chromium.org

Change-Id: Icd473aa16bbf35839556b052271489a2889fe0fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257229Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68461}

No-Try: true
Bug: v8:10619
Change-Id: I5c428bf47f2f6923aa88a8407d62d9480aa954fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257222
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68460}

Intent to Ship thread on blink-dev:
https://groups.google.com/a/chromium.org/g/blink-dev/c/K4-P5rq7FbY

Spec repository:
https://github.com/WebAssembly/multi-value/

WebAssembly multi-value is ready to ship. The proposal is now merged
into the core WebAssembly spec, and is implemented in both TurboFan and
Liftoff.

R=ecmziegler@chromium.org

Bug: chromium:1097717
Change-Id: Id53ee318cacae1bc9dd9d9611f9223de594a99b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257225Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68459}

... when jitless is enabled to fix fuzzers that pass random flag
combinations.

Bug: chromium:1096168,v8:7777
Change-Id: Ia78c4d9e1256e44c10df2200ecc32067a617d777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257220
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68458}

This allows the implementation of different stack scanning mechanisms in
V8 (e.g. conservative scanning) while re-using the stack walking API.

Change-Id: I9b9c3b8ffe5d527ca3f7105776821776b509b187
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238194
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68457}

We already have specialized logic for unops and binops, and the generic
{BuildSimpleOperator} implementation (based on a signature) was
reimplementing these two cases.
This CL avoids the switch since we only need to handle exactly two
cases, and redirects to the existing methods for implementing them.

R=thibaudm@chromium.org

Bug: v8:10576
Change-Id: I8eb5c768f0fa59e48503c108498b334a0ae9037a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249859Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68456}

Mutable references are allowed by the style guide and the linter has
been adjusted.

Bug: v8:10624, chromium:1056170
Change-Id: I8a7dc06da5758f5c714a5e61d75378c2a13ffb9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252192
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68455}

Add nullptr guard for the return value of AllocateBasicChunk.

Bug: chromium:1097502
Change-Id: Ia4642151a119ccabe58d7084077808aac93e5d1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257221Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68454}

R=adamk@chromium.org

Bug: v8:7741
Change-Id: Icf7247825bd10048cd198b910b8bd976a0a0b3d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241516
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68453}

Change-Id: I23a0a4811d8c42f09bbbc5460902ee7138f9b1ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255469
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68452}

This is a follow-up to https://crrev.com/c/2249928. The arguments for
{SubVector} are {from, to}, not {from, size}.

R=jkummerow@chromium.org

Bug: chromium:1097442
Change-Id: I3c5571ff7f0c6b8e235ecf4164591630dbd05739
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255465Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68451}

Bug: v8:9993
Change-Id: I06428edd7f01805d08927718e4711298c731d2e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253844
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68450}

As of May 2020 the Google C++ Style Guide suggests using references
for out paramters. Adjust V8's presubmit checks to allow mutable
reference parameters.

Bug: v8:10624
Change-Id: Idcd027892916a14f91ca3bfcb5eba48757cab523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252185Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68449}

In native context independent code we cannot embed the (native context
dependent) feedback vector as a constant. Instead, we will load it
from the JSFunction once and pass it to all users. This CL makes this
change for all unary operators. All other {binary,compare} operators
will need similar work in the future.

Bug: v8:8888
Change-Id: I4d49a6e0effc84dcdf3599814e5c2708b16bcc44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246576Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68448}

This check skips inserting a breakpoint into the BreakPointInfo if
it has already been inserted before.

Change-Id: Ic773fe1d6b2351bf6069fa0ff002737bd0b03293
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253851Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68447}

Change-Id: I70fa23a2491186d2bf94b26a292163efa1c23d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255503Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68446}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3591130..2dc7c7a

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4ac015d..95c1f42

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2410c84..35c6274

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/eaf99a4..02daed1

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ia2219c9b1aeaff06fb06c29e2d08089d22c63ed4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255501Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68445}

This implements I32x4DotI16x8S for ia32.

Also fixes instruction-selector for SIMD ops, they should all set operand1 to be a register, since we do not have memory alignment yet.

Bug: v8:10583
Change-Id: Id273816efd5eea128580f3f7bde533a8e1b2435d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231031
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68444}

Bug: v8:7748
Change-Id: I9af885e4c33541a8e065082ae7f07804bd11807a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252190
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68443}

Refer to "Advanced SIMD two registers misc", ARM DDI 0487F.b F4-4228.

Also moved the method down to the section with all the NEON
instructions, matching where the declaration in assembler-arm.h is.

Bug: v8:10553
Change-Id: I450edbfc3eafead4aad419299c93e43bd9d83133
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252764Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68442}

Bug: v8:10445
Change-Id: I45b142bd1f4330dc07d06f89dc9daf7db127aaaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253958Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68441}

Replace by "consistency check", or "validity check", or more specific
wording as appropriate.

R=ecmziegler@chromium.org

Bug: v8:10619
Change-Id: Ifd7852d8f703d5b784d53671b82d65db15722ede
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253855Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68440}

Bug: chromium:1091698
Change-Id: Ida82d262f409c54e59640bcaa026879d18ff178d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252184
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68439}

Port c6642b51

Original Commit Message:

    We rely on Liftoff for debugging, hence enable it everywhere by default.
    This follows a chromium finch experiment and a CL to enable it
    everywhere in chrome: https://crrev.com/c/2252100

R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I1a8e7a4acb9a5ce5a6d0ba96b105ba32e53f1b69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253464Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68438}

Formerly, we zapped a transition array when we replaced it with a
larger one, but this is no longer necessary. Leaving those arrays in
peace makes life easier for concurrent (racy) access from a background
compilation thread.

Design doc with more info about racy access to transition arrays
between the main JavaScript thread and a background compilation thread
here:
https://docs.google.com/document/d/1ax2qyENdr50Qu9yur1qNu6_zRK0m6K2l7BLM_QDBFJM/edit?usp=sharing

Change-Id: I4c2757945266d43d82ec157e0ff2b9208a8e4c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253840Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68437}

Avoid possible use-after-free.

Fixed: v8:10210
Change-Id: Id8bdf70804448b5b793d9d593374f4b588fe3e87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253841
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68436}

Change-Id: I37e241d9c62f1a7fed438ee8717f02f5b4f51bea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253846
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68435}

This CL migrates the bots v8_mac64_gc_stress_dbg
and v8_mac64_asan_rel to the new format.

Bug: v8:10445
Change-Id: I7520985499c91c6571ba93e1515223f57f0d38ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253839Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68434}

Until now the breakpointIdToDebuggerBreakpointIds was cleared on page
reload. It keeps a map from breakpointIds to debuggerBreakpointIds,
with the latter being necessary for removing breakpoints.

If a breakpoint is set and we trigger a page reload, the
information about that breakpoint will be removed from the map,
even if it still exists. If we later want to remove the breakpoint
we look into the map, but the meta data is no longer existing.

Thus, reloading the page again will lead to hitting the breakpoint,
even if we removed it in the front-end.

This change keeps the map alive on page reset, so that we still
keep track of set breakpoints after a page reload.

Bug: chromium:1073071
Change-Id: I82192777bac7afc406245a5a1cff0620e8174499
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253842Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68433}

evaluate() bypassed CSP for unsafe-eval by default. This is a useful
option for debugging clients, but is not always what we want.

e.g. in the devtools console we want to match the page's CSP settings
to make debugging CSP issues on the page easier.

Add a toggle that keeps the current behavior by default.

Bug: chromium:1084558
Change-Id: Ia01142d5be00f8ef5f65e5eeba17549efc6f9120
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250245
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68432}

We rely on Liftoff for debugging, hence enable it everywhere by default.
This follows a chromium finch experiment and a CL to enable it
everywhere in chrome: https://crrev.com/c/2252100

R=ecmziegler@chromium.org

Bug: chromium:1040030
Change-Id: I3abbf915515883e6eb1f37501466290def57862d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252196Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68431}

Bug: v8:10009
Change-Id: Iccc42a9b5f9f7340851542185473ac49683c838c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253843Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68430}