Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I5686fa0c1ed73b17f592a012b00c08c575ae5387
Reviewed-on: https://chromium-review.googlesource.com/1234234Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56062}

This is a reland of 15d6d7b4.

Original change's description:
> [wasm] Increase code space limit to 1024 MB
>
> Liftoff increases code size, and people start deploying bigger modules.
> Increase the wasm code space limit from 512 MB to 1024 MB to account
> for this.
>
> R=titzer@chromium.org
>
> Bug: chromium:883639, chromium:872684
> Change-Id: I3a2ca29d456635f7f3aa1daef5fa2b0249dc1645
> Reviewed-on: https://chromium-review.googlesource.com/1226971
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56003}

TBR=titzer@chromium.org

Bug: chromium:883639, chromium:872684
Change-Id: I54461d2a5f32eeaf90c71768eb9f37223dd5ebb6
Reviewed-on: https://chromium-review.googlesource.com/1233256Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56025}

This reverts commit 15d6d7b4.

Reason for revert: speculative revert for this failure: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8934981003100286416/+/steps/Check/0/logs/Fixed/0

Original change's description:
> [wasm] Increase code space limit to 1024 MB
> 
> Liftoff increases code size, and people start deploying bigger modules.
> Increase the wasm code space limit from 512 MB to 1024 MB to account
> for this.
> 
> R=​titzer@chromium.org
> 
> Bug: chromium:883639, chromium:872684
> Change-Id: I3a2ca29d456635f7f3aa1daef5fa2b0249dc1645
> Reviewed-on: https://chromium-review.googlesource.com/1226971
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56003}

TBR=titzer@chromium.org,clemensh@chromium.org

Change-Id: I77b3eb694edef122fb3467ca1938c5aff833911d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:883639, chromium:872684
Reviewed-on: https://chromium-review.googlesource.com/1232958Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56014}

Liftoff increases code size, and people start deploying bigger modules.
Increase the wasm code space limit from 512 MB to 1024 MB to account
for this.

R=titzer@chromium.org

Bug: chromium:883639, chromium:872684
Change-Id: I3a2ca29d456635f7f3aa1daef5fa2b0249dc1645
Reviewed-on: https://chromium-review.googlesource.com/1226971
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56003}

Since trampolines and long branches are now PIC, these instructions
are not used anymore. Hence 256 MB alignment requirement can be
removed.

Change-Id: Ibdc51631a8c5efc97f058f09b809d3dc13a9f933
Reviewed-on: https://chromium-review.googlesource.com/1219022
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55852}

BUG=v8:5402,v8:8015

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I14613a05f9b71308858afdd8d2b212ae9786abb3
Reviewed-on: https://chromium-review.googlesource.com/1215169
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55822}

We had an optimization in Crankshaft where we would call into the
megamorphic handler stub directly if an inline cache was already
found to be megamorphic when it hit the optimizing compiler. This
way we could avoid the dispatch overhead when we know that there's
no point in checking for the other states anyways. However we somehow
missed to port this optimization to TurboFan.

Now this change introduces support to call into LoadIC_Megamorphic and
KeyedLoadIC_Megamorphic directly (plus the trampoline versions), which
saves quite a lot of overhead for the cases where the map/name pair is
found in the megamorphic stub cache, and it's quite a simple change. We
can later extend this to also handle the StoreIC and KeyedStoreIC cases
if that turns out to be beneficial.

This improves the score on the Octane/TypeScript test by around ~2%
and the TypeScript test in the web-tooling-benchmark by around ~4%. On
the ARES-6 Air test the steady state mean improves by 2-4%, and on the
ARES-6 ML test the steady state mean seems to also improve by 1-2%, but
that might be within noise.

On a micro-benchmark that just runs `o.x` in a hot loop on a set of 9
different objects, which all have `x` as the first property and are
all in fast mode, we improve by around ~30%, and are now almost on par
with JavaScriptCore.

Bug: v8:6344, v8:6936
Change-Id: Iaa4c6e34c37e78da217ee75f32f6acc95a834250
Reviewed-on: https://chromium-review.googlesource.com/1215623Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55803}

- Rename Runtime_SetProperty to Runtime_SetKeyedProperty
- Create Runtime_SetNamedProperty and use it for SetNamed property
  in one-shot code.
- Rename Object::StoreFromKeyed enum to StoreOrigin

Bug: v8:8072, chromium:876839
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I22132380ca4b6ce1e0a14a38cca849814559cdcf
Reviewed-on: https://chromium-review.googlesource.com/1207870Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55790}

The macro has been deprecated since 2016, and it keeps confusing me, so
let's just remove it completely from the code base.

R=leszeks@chromium.org
TBR=mstarzinger@chromium.org, verwaest@chromium.org, jgruber@chromium.org

Bug: v8:8015
Change-Id: Ibe1122fd9d2624bc94873d9c51dc8499c54a04fd
Reviewed-on: https://chromium-review.googlesource.com/1209322Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55779}

Move everything defined in the v8::internal namespace from include/v8.h
into a separate header that can be included by globals.h/checks.h
instead of the whole v8.h.

Also moves V8_EXPORT into v8config.h (so it can be use in the new
v8-internal.h).

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I22cdc2728d91a94b309a3d030ed06c0f8a06c723
Reviewed-on: https://chromium-review.googlesource.com/1210102Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55707}

Previously explicit calls to external memory adjustment could yield in lowering
the limit below the initial default limit. The consequence is repeated useless
garbage collections when e.g. passing around ArrayBuffers.

Bug: chromium:880036
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I429f5adcd9ae523e5ac7621cf7976686b0dec71b
Reviewed-on: https://chromium-review.googlesource.com/1209784Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55694}

BUG: v8:6532, chromium:874809
Change-Id: I55c00e8563741908cf0daf263152ce927ae18e7c
Reviewed-on: https://chromium-review.googlesource.com/1205812
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55666}

TBR=yangguo@chromium.org

Change-Id: Iadeb5828daf4db341c58534ff2b23141f241dfb9
Reviewed-on: https://chromium-review.googlesource.com/1184841
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55314}

BUG=v8:7308

Change-Id: Id05fe2480d7cda8038740aaae949cc707686171f
Reviewed-on: https://chromium-review.googlesource.com/1174439Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55123}

On all architectures except for arm64 (which has a limit of 128 MB), we
increase the maximum wasm code space from 256 MB to 512 MB. This
generally allows for bigger WebAssembly modules and tolerates the code
size increase because of Liftoff.

R=titzer@chromium.org

Bug: chromium:840292, v8:6600
Change-Id: I999cc0c96740ad3da15cc70114d7835354d67fbf
Reviewed-on: https://chromium-review.googlesource.com/1160702Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54890}

Move write barrier essentials into heap/heap-write-barrier-inl.h. Avoid
including further heap inline headers by relying on constant to load
flags from.

Bug: v8:7490
Change-Id: I2891299f1b1ca2c3e2031cb9c63b583b1665e3f9
Reviewed-on: https://chromium-review.googlesource.com/1148448
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54710}

Change-Id: I02c117ef66480eb73eb9cc1d4f80bbc64e9d3624
Reviewed-on: https://chromium-review.googlesource.com/1146655
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54649}

Bug: chromium:852420
Change-Id: Ibb8cd735036368c5bda83fe60b12b427e8e7ce7f
Reviewed-on: https://chromium-review.googlesource.com/1127887Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54296}

Bug: v8:7887
Change-Id: I3904981f06efcb1fb83e863d0be6a16ebaaf17f2
Reviewed-on: https://chromium-review.googlesource.com/1113930Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54189}

Bug: chromium:852420
Change-Id: I44d0bde25283ac8c00155344f879eb1143b43bc9
Reviewed-on: https://chromium-review.googlesource.com/1119688Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54130}

This reverts commit fdf69d53.

Reason for revert: Speculative revert for broken GPU bots:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29/1638
https://ci.chromium.org/p/v8/builders/luci.v8.ci/Mac%20V8%20FYI%20Release%20%28Intel%29/1624

Original change's description:
> [heap] Adds a young generation large object space
> 
> This CL adds the young generation lage object spaces and a flag
> --young-generation-large-objects that by default allocates all
> large objects in this space. This is a preparation CL. The space
> is not fully functional.
> 
> Bug: chromium:852420
> Change-Id: Ib66d26fa52cda89bf04787084826aeb84b6ec1ac
> Reviewed-on: https://chromium-review.googlesource.com/1099164
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54056}

TBR=ulan@chromium.org,yangguo@chromium.org,hpayer@chromium.org

Change-Id: I175514f806a19c7837022795210625ca40e3c318
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1118038Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54072}

This CL adds the young generation lage object spaces and a flag
--young-generation-large-objects that by default allocates all
large objects in this space. This is a preparation CL. The space
is not fully functional.

Bug: chromium:852420
Change-Id: Ib66d26fa52cda89bf04787084826aeb84b6ec1ac
Reviewed-on: https://chromium-review.googlesource.com/1099164
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54056}

Replace all uses of Deoptimizer::BailoutType and CodeEventListener::DeoptKind
with DeoptimizeKind from src/globals.h.

Change-Id: I5b9002583a69bc43d995cacc7619b018e5a70727
Reviewed-on: https://chromium-review.googlesource.com/1097331
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53695}

This avoids embedding {RelocInfo::CODE_TARGET} addresses into WasmCode
by calling a WebAssembly runtime stub instead. The stubs themselves are
not yet independent of the Isolate, but will be made so soon.

Note that this also introduces a proper {compiler::TrapId} to avoid
accidental parameter type confusion with {TrapIf} and {TrapUnless}
operators.

R=clemensh@chromium.org
BUG=v8:7424

Change-Id: I32ef5a1253f336fc739d2192247826e9458456df
Reviewed-on: https://chromium-review.googlesource.com/1086937Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53557}

This CL introduces a new gn argument: v8_enable_pointer_compression which is
false by default. All the changes done in this CL are made under this flag.

Upper half-word of a Smi word must be properly sign-extended according to the
sign of the lower-half containing the actual Smi value.

Bug: v8:7703
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b52ab49cd18c7c613130705de445fef44c30ac5
Reviewed-on: https://chromium-review.googlesource.com/1061175Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53519}

see crbug.com/841460 , we recently hit some build issues when using
Goma + jumbo builds because of a conflict on the definition of CONST,
v8 defines it in globals.h and including windows.h also defines it. It
should be possible to fix this by adding a bunch of #undef CONST but it
seems a little bit hacky and might not always work (this could only fix
the problem temporary if the jumbo merge limit changes and cause some
include files to get included in a different order).

Renaming the v8 definition of CONST to kConst, this follows the
style guide guidelines: "there is no reason to change old code to use
constant-style names, unless the old names are actually causing a
compile-time problem"
(https://google.github.io/styleguide/cppguide.html#Enumerator_Names)

I also had to turn the PropertyConstness enum into an enum class to
avoid some conflicts (both PropertyConstness and VariableMode define
kConst).


Bug: chromium:841460
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b70b9095374e88a5ae364cc557b39f20a3ab60f
Reviewed-on: https://chromium-review.googlesource.com/1064197Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sébastien Marchand <sebmarchand@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53413}

This requires changing the way stubs and builtins are encoded in tags, as for
arm64 we only have 26 bits to encode a PC-relative offset. With the previous
encoding scheme the builtin ids were shifted by 16 bits and ended up exceeding
this range.

Change-Id: I0f396390a622ea67b890d2dd47ca12e00092e204
Reviewed-on: https://chromium-review.googlesource.com/1059209
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53262}

- Make FeedbackVector backing store a WeakFixedArray.
- "feedback" is always strong but "extra" might be weak.
- Whenever the handler stored in FeedbackVector is a WeakCell to a transition
  Map, replace it with an in-place weak reference.
For a more detailed description of the changes, see the design doc

https://docs.google.com/document/d/1P8cIme2wKszdYt64ObAiuh6pXgLnrrn80Hpl1ejJbOU/edit#heading=h.ijx1oculrikp

BUG=v8:7308

Change-Id: I72c5cf6597ef24d4c22a1fe8e25b67ca196d4ec8
Reviewed-on: https://chromium-review.googlesource.com/1027855
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53051}

Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).

My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.

This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.

TBR=mlippautz@chromium.org

Bug: v8:6666
Change-Id: I4cd63477f19a330ec70bbf20e2af8a42fb05fabb
Reviewed-on: https://chromium-review.googlesource.com/1044245Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53027}

Bug: chromium:840329
Change-Id: If45a98c7f8a97f2482ac1bed7f7dda7d6e62b6b9
Reviewed-on: https://chromium-review.googlesource.com/1046658Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53025}

Bug: chromium:800348, chromium:827627, chromium:839750
Change-Id: I112e20b83eb1937476ebb4f30cf5679113759c0c
Reviewed-on: https://chromium-review.googlesource.com/1044195Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52996}

This includes the following changes:
- Limit code space to 128 MB.
- Use direct branches wherever possible.
- Where not possible, continue using load literal followed by an indirect
  branch.
- Sort RelocInfo by target_address_address for the serializer, since mixing
  load literal instructions and branch instructions messes up that order.
- Ensure we always wipe out targets in the serializer (not just for the
  snapshot) in order to be able to distinguish between constant pool entries
  and branch instructions.

Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790
Reviewed-on: https://chromium-review.googlesource.com/939175Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52885}

The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.

With that in place, we also remove the array masking approach based
on arithmetic.

Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.

Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.

Bug: chromium:798964

Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}

Bug: v8:7679
Change-Id: If8b6d9ad4f93eb2b98878c916625b7a344e5900c
Reviewed-on: https://chromium-review.googlesource.com/1021532Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52756}

This is a reland of 6c68efac

Updated Heap::CommittedMemory and related functions to iterate over all
spaces rather than including them manually which can lead to a space
being overlooked. Also adds a test to ensure this the case.

Original change's description:
> Revert "Reland "[heap] Move initial objects into RO_SPACE""
>
> This reverts commit 6c68efac.
>
> Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668
>
> Original change's description:
> > Reland "[heap] Move initial objects into RO_SPACE"
> >
> > This is a reland of f8ae62fe
> >
> > Original change's description:
> > > [heap] Move initial objects into RO_SPACE
> > >
> > > This moves:
> > > * the main oddballs (null, undefined, hole, true, false) as well as
> > > their supporting maps (also adds hole as an internalized string to make
> > > this work).
> > > * most of the internalized strings
> > > * the struct maps
> > > * empty array
> > > * empty enum cache
> > > * the contents of the initial string table
> > > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
> > > value avoid writing to it during run-time)
> > >
> > > The StartupSerializer stats change as follows:
> > >
> > >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> > > old         0          0     270264       32608      12144         0
> > > new     21776          0     253168       32608       8184         0
> > > Overall memory usage has increased by 720 bytes due to the eager
> > > initialization of the Map weak cell caches.
> > >
> > > Also extends --serialization-statistics to print out separate instance
> > > type stats for objects in RO_SPACE as shown here:
> > >
> > >   Read Only Instance types (count and bytes):
> > >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
> > >          2         32  HEAP_NUMBER_TYPE
> > >          5        240  ODDBALL_TYPE
> > >         45       3960  MAP_TYPE
> > >          1         16  BYTE_ARRAY_TYPE
> > >          1         24  TUPLE2_TYPE
> > >          1         16  FIXED_ARRAY_TYPE
> > >          1         32  DESCRIPTOR_ARRAY_TYPE
> > >         45        720  WEAK_CELL_TYPE
> > >
> > > Bug: v8:7464
> > > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
> > > Reviewed-on: https://chromium-review.googlesource.com/973722
> > > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#52435}
> >
> > Bug: v8:7464
> > Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
> > Reviewed-on: https://chromium-review.googlesource.com/999654
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52638}
>
> TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: v8:7464,v8:7668
> Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb
> Reviewed-on: https://chromium-review.googlesource.com/1016600
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52667}

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If4b7490c8c4d31612de8ec132de334955a319b11
Bug: v8:7464, v8:7668
Reviewed-on: https://chromium-review.googlesource.com/1019020Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52689}

This reverts commit 6c68efac.

Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668

Original change's description:
> Reland "[heap] Move initial objects into RO_SPACE"
>
> This is a reland of f8ae62fe
>
> Original change's description:
> > [heap] Move initial objects into RO_SPACE
> >
> > This moves:
> > * the main oddballs (null, undefined, hole, true, false) as well as
> > their supporting maps (also adds hole as an internalized string to make
> > this work).
> > * most of the internalized strings
> > * the struct maps
> > * empty array
> > * empty enum cache
> > * the contents of the initial string table
> > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
> > value avoid writing to it during run-time)
> >
> > The StartupSerializer stats change as follows:
> >
> >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> > old         0          0     270264       32608      12144         0
> > new     21776          0     253168       32608       8184         0
> > Overall memory usage has increased by 720 bytes due to the eager
> > initialization of the Map weak cell caches.
> >
> > Also extends --serialization-statistics to print out separate instance
> > type stats for objects in RO_SPACE as shown here:
> >
> >   Read Only Instance types (count and bytes):
> >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
> >          2         32  HEAP_NUMBER_TYPE
> >          5        240  ODDBALL_TYPE
> >         45       3960  MAP_TYPE
> >          1         16  BYTE_ARRAY_TYPE
> >          1         24  TUPLE2_TYPE
> >          1         16  FIXED_ARRAY_TYPE
> >          1         32  DESCRIPTOR_ARRAY_TYPE
> >         45        720  WEAK_CELL_TYPE
> >
> > Bug: v8:7464
> > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
> > Reviewed-on: https://chromium-review.googlesource.com/973722
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52435}
>
> Bug: v8:7464
> Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
> Reviewed-on: https://chromium-review.googlesource.com/999654
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52638}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7464,v8:7668
Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb
Reviewed-on: https://chromium-review.googlesource.com/1016600
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52667}

This is a reland of f8ae62fe

Original change's description:
> [heap] Move initial objects into RO_SPACE
> 
> This moves:
> * the main oddballs (null, undefined, hole, true, false) as well as
> their supporting maps (also adds hole as an internalized string to make
> this work).
> * most of the internalized strings
> * the struct maps
> * empty array
> * empty enum cache
> * the contents of the initial string table
> * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
> value avoid writing to it during run-time)
> 
> The StartupSerializer stats change as follows:
> 
>      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> old         0          0     270264       32608      12144         0
> new     21776          0     253168       32608       8184         0
> Overall memory usage has increased by 720 bytes due to the eager
> initialization of the Map weak cell caches.
> 
> Also extends --serialization-statistics to print out separate instance
> type stats for objects in RO_SPACE as shown here:
> 
>   Read Only Instance types (count and bytes):
>        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
>          2         32  HEAP_NUMBER_TYPE
>          5        240  ODDBALL_TYPE
>         45       3960  MAP_TYPE
>          1         16  BYTE_ARRAY_TYPE
>          1         24  TUPLE2_TYPE
>          1         16  FIXED_ARRAY_TYPE
>          1         32  DESCRIPTOR_ARRAY_TYPE
>         45        720  WEAK_CELL_TYPE
> 
> Bug: v8:7464
> Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
> Reviewed-on: https://chromium-review.googlesource.com/973722
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52435}

Bug: v8:7464
Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
Reviewed-on: https://chromium-review.googlesource.com/999654
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52638}

The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}

Bug: chromium:831981
Change-Id: Ie0e4bb6ca585f76829e0100202e01d02c521ac51
Reviewed-on: https://chromium-review.googlesource.com/1009902Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52566}

Replace all uses by the existing RoundUp function.

R=ulan@chromium.org

Bug: v8:7570
Change-Id: I7ff5e76ebea7b429ff4e4f3a8157ee831e7891ae
Reviewed-on: https://chromium-review.googlesource.com/1004898Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52525}