And apply a minor change: the {end_offset} is currently always >= 1, and
we sometimes use {end_offset - 1}. Change this to compute the
{end_offset} to be one less than before, and use {Uint32LessThan}
instead of {Uint32LessThanOrEqual}.
This matches the documentation I added and makes reasoning about the
correctness of the checks easier (at least for me).

R=titzer@chromium.org

Change-Id: I9a18ad5c72895cbadb6593cb74d6edc24f9ab032
Reviewed-on: https://chromium-review.googlesource.com/852145
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50411}

TEST=cctest/test-code-generator/FuzzAssembleMoveAndSwap

Bug: 
Change-Id: I36d0b7df56f3c895a7fd4017e5e9a7cfd0053b2a
Reviewed-on: https://chromium-review.googlesource.com/850399Reviewed-by: Miran Karić <miran.karic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50410}

For simplicity, we currently use the approach to do all computations
and bounds checks on 32 bit values, and only convert to pointer size
right before using the value as memory offset.
Unfortunately, there are still cases left where we use 32-bit values
for 64-bit operations, which can lead to subtle bugs.
This CL hopefully fixes the last of these bugs.

R=titzer@chromium.org

Bug: v8:7257

Change-Id: I8d340f83ad17925c0d18d4e788350ef6101786ea
Reviewed-on: https://chromium-review.googlesource.com/852299
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50409}

Change-Id: I668a4ac9ce80daa1952b05fdee754db190f3fb3c
Reviewed-on: https://chromium-review.googlesource.com/853866Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50408}

This prints nicer error messages for checks like
"DCHECK_EQ(reg1, reg2)", and also splits cache state tracing into
one method for printing the overall state, one for printing each slot,
and one for printing the register.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I36e83ba2542986dd8ad17dbfe7cbb8df54a56755
Reviewed-on: https://chromium-review.googlesource.com/853495
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50407}

Added simple system tests for different progress indicators.

Bug: v8:6917
Change-Id: I906ddfd06e82cc19d3b2210e09457456be00309b
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/852495
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50406}

R=clemensh@chromium.org

Change-Id: I53b9de78d6070d04b7535c828fd72225fd93afde
Reviewed-on: https://chromium-review.googlesource.com/829375Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50405}

When generating code, store the vector of protected instruction data
as unique_ptr. It only becomes a shared_ptr once ownership has been
transferred to the NativeModule, because it can be shared between
different instances of the same function.

Drive-by: Remove dead accessor in PipelineData.

R=ahaas@chromium.org

Change-Id: I7571b32bf89f3c816683c5a77ac08fe8c22eb968
Reviewed-on: https://chromium-review.googlesource.com/853496Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50404}

This is needed to ensure that code can be interrupted. It will be
covered by a test once we support if-constructs in Liftoff.

Drive-by: Separate handling of blocks and loops, as there is only one
line in common.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Ic22ca5e65c8d03a5d504289ec2a9e30cb97dc220
Reviewed-on: https://chromium-review.googlesource.com/853858
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50403}

The tests generated by --wasm-fuzzer-gen-test did not encode the locals
of functions yet. This CL fixes that.
A bit of care has to be taken to ensure that the locals are generated
in exactly the same order as in the module generated by the fuzzer.
This requires calling {addLocals} several times.

R=ahaas@chromium.org

Change-Id: I95237b0baef0731b6c164fddc8f12fa6f478e220
Reviewed-on: https://chromium-review.googlesource.com/848832
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50402}

This ensure that once features are added for other platform, we don't
forget to implement all platform specific methods that are then being
used.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I4cc948da280fdb63da1938edc6b391d180b88cad
Reviewed-on: https://chromium-review.googlesource.com/853494
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50401}

Test case generation produced unusable output if the module contains
more than one function. Also, it was unnecessarily scattered around
several places in the code.
This CL consolidates test case generation in one method in the fuzzer,
and supports multiple functions with different signatures.

R=ahaas@chromium.org

Change-Id: I8bea71b0d69bb69d8bbe50002c6c7616a0a1941b
Reviewed-on: https://chromium-review.googlesource.com/847515
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50400}

Test processors can be enabled with --infra-staging flag.

Rerunning tests, execution and verbose progress indicator already
work as test processors.

Bug: v8:6917
Change-Id: I40fc42db94dbc8629e8000a3d363030045532fe3
Reviewed-on: https://chromium-review.googlesource.com/850398
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50399}

Bug: chromium:783124
Change-Id: Ie420be3ad05583d8ad999ab1e13e89ada4774028
Reviewed-on: https://chromium-review.googlesource.com/850674Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50398}

Also, remove {FunctionBodyForTesting}, which is only being used once.
Use the constructor directly instead.

R=ahaas@chromium.org

Change-Id: Ieceac41bf62ec2accf1bb39d8334563557c0dbbd
Reviewed-on: https://chromium-review.googlesource.com/847514
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50397}

R=ahaas@chromium.org

Change-Id: Id21608780e345448398ad4066ad307bef7358801
Reviewed-on: https://chromium-review.googlesource.com/849832Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50396}

Bug: v8:7217
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I97b067254355eb91e12b92eba92631cbc3ce8000
Reviewed-on: https://chromium-review.googlesource.com/839280
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50395}

Bug: v8:7245
Change-Id: Ia8931037021b935e776230a6a50c580ad82efba8
Reviewed-on: https://chromium-review.googlesource.com/844065
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50394}

As noted in the attached bug, accurately counting this would require
significant changes to the parser and is thus infeasible.

Bug: v8:7211
Change-Id: I61f14c948f50e0f97e596a9696d72a3570ad588a
Reviewed-on: https://chromium-review.googlesource.com/853214Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50393}

This reverts commit 9c79b37a.

Reason for revert: breaks TSAN

https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_TSAN%2F18959%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Finstance-gc%2F0

Original change's description:
> [wasm] use allocation tracker to track reserved address space
> 
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
> 
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}

TBR=bbudge@chromium.org,gdeepti@chromium.org,eholk@chromium.org,eholk@google.com

Change-Id: I207b9466377ba50be17794e71407b0ebc8eb88e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853140Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50392}

These tests are gone from upstream.

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie69be268d493a52e0d64b7bb216f3135dd111188
Reviewed-on: https://chromium-review.googlesource.com/853195Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50391}

This is a step towards falling back on bounds checks when there are too many
guarded Wasm memories.

Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
Reviewed-on: https://chromium-review.googlesource.com/832944
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50390}

Turns out gclient calls download_from_google_storage, which needs to be
included in PATH.

TBR=machenbach@chromium.org

Bug: v8:6105
Change-Id: I15d44d67152f6fa0d20ae7bc7e44bc5e0393b519
Reviewed-on: https://chromium-review.googlesource.com/852616Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50389}

Fixes nits found by @clemensh after
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670
was committed. That is, the code uses static asserts instead of
assert.

Bug: v8:7226
Change-Id: I5488ec4609d1bee3aafa61a3ff2505f71b06d80d
Reviewed-on: https://chromium-review.googlesource.com/847687Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50388}

Bug: v8:5367
Change-Id: Ieb7b04f47bbad575c22a3a16ec7bd7cb9e8ba0c9
Reviewed-on: https://chromium-review.googlesource.com/851425Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50387}

This reverts commit 86bc1517.

Reason for revert: breaks gcc bot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/17209

Original change's description:
> [wasm] remove kExecuteSimdLowered mode from wasm cctest
> 
> R=​clemensh@chromium.org,titzer@chromium.org,bbudge@chromium.org,gdeepti@chromium.org
> BUG=v8:7028
> 
> Change-Id: Ie0b984ebd18e267cdaf7aaff9f17fb4328d8e5fa
> Reviewed-on: https://chromium-review.googlesource.com/849638
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50385}

TBR=bbudge@chromium.org,titzer@chromium.org,gdeepti@chromium.org,aseemgarg@chromium.org,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I890b8810ea802fe2b9273def07c9056d4b904a4e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7028
Reviewed-on: https://chromium-review.googlesource.com/852712Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50386}

R=clemensh@chromium.org,titzer@chromium.org,bbudge@chromium.org,gdeepti@chromium.org
BUG=v8:7028

Change-Id: Ie0b984ebd18e267cdaf7aaff9f17fb4328d8e5fa
Reviewed-on: https://chromium-review.googlesource.com/849638
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50385}

Otherwise dynamic linking with dlopen, as is the case with Node.js
addons, would not work.

R=fhinkel@chromium.org

Bug: v8:6105
Change-Id: I5a884afc003fdfdb9de7e9b0c736f1894ba0019a
Reviewed-on: https://chromium-review.googlesource.com/850112
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50384}

This CL removes some magic numbers used to convert floating values into
integer values, and the corresponding comments describing how they were
computed. It replaces these tests with template function is_inbounds()
that makes the compiler automatically generate the appropriate constants
and tests.

Note: This CL only changes the WASM interpreter to use is_inbounds(). Tests
have not yet been updated to guarantee that this change did not break anything.

Note: This change was initialed by a comment by @clemensh in
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670.

Bug: v8:7226
Change-Id: I14c0962eb6ae20cf6647787c006924a208f7ce4a
Reviewed-on: https://chromium-review.googlesource.com/846280
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50383}

TBR=jgruber@chromium.org
NOTRY=true

Bug: v8:7120
Change-Id: Ib8375e6ad811d9299c9a477ed39c6bc76c0c90dd
Reviewed-on: https://chromium-review.googlesource.com/852232
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50382}

NOTRY=true

Bug: chromium:798982
Change-Id: I0aa2bee5bf33884fa9bfc15da3053d817e1a1b49
Reviewed-on: https://chromium-review.googlesource.com/852212Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50381}

This adds the gn flag 'v8_untrusted_code_mitigations', which defaults to
true. If false, the DISABLE_UNTRUSTED_CODE_MITIGATIONS preprocessor
macro will be defined, which sets the default for the
--untrusted-code-mitigations runtime flag to false.

R=machenbach@chromium.org, hablich@chromium.org
CC=​bmeurer@chromium.org

Bug: chromium:798964
Change-Id: Ief037e194dc9eeb7fe224b5d414a4ea8e69beb20
Reviewed-on: https://chromium-review.googlesource.com/852074
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50380}

Bug: chromium:799263
Change-Id: I656d6b621234f2f0a7f379866a114b8cb66eca25
Reviewed-on: https://chromium-review.googlesource.com/852072Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50379}

Bug: chromium:798982
Change-Id: I096e2df5a5f8d038c980bc9f575857256f0a01df
Reviewed-on: https://chromium-review.googlesource.com/852073Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50378}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9f00b2f..1a03e2d

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/a2e9bc7..7d781b3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/035dfdb..95f3b4d

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/07e0150..ac1e5f7

Rolling v8/tools/luci-go: https://chromium.googlesource.com/chromium/src/tools/luci-go/+log/564ab65..d882048

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ib122ca284f689874dae7790a359cbe4052b37280
Bug: 
Reviewed-on: https://chromium-review.googlesource.com/851572
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50377}

Flags can be passed as "--any_flag" or "--any-flag". It seems that
people generally prefer the second form, but our help outputs the first
one. Avoid confusion by outputting the second form.

R=bmeurer@chromium.org

Change-Id: I21e07a7d2484ae78ccd27736f8373d53eb312818
Reviewed-on: https://chromium-review.googlesource.com/850692Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50376}

Even though kSpecMaxWasmMemoryPages == WasmModule::kPageSize, the
computation {wasm::kV8MaxWasmMemoryPages *
wasm::kSpecMaxWasmMemoryPages} is semantically wrong.

R=titzer@chromium.org

Change-Id: If4a875c714f1ca3c1fc928ec79b8be8aab62e8d0
Reviewed-on: https://chromium-review.googlesource.com/850072Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50375}

This makes the bitcasts that change pointerness effectful so that
they are not accidentally reordered with memory allocation.

Change-Id: I70e820fc0de1adb2a81b52a43bce4d47f2c304b9
Reviewed-on: https://chromium-review.googlesource.com/852052Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50374}

Remove the --extra-masking and --mask-array-index flags. Instead, use
--untrusted-code-mitigations directly.
This also changes the default for these flags: There were off by
default so far, but --untrusted_code_mitigations is on by default.

Store the value of the untrusted_code_mitigations flag in the
CompilationInfo in order to ensure that it stays consistent during the
compilation of one function.

R=jarin@chromium.org, bmeurer@chromium.org, hablich@chromium.org
CC=rmcilroy@chromium.org

Bug: chromium:798964
Change-Id: I15a919e741f0628afa6a6ea1e8274ad0c4399929
Reviewed-on: https://chromium-review.googlesource.com/850412
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50373}

Previously the Promise builtins would always use a runtime function to
schedule a new microtask, which is unnecessarily expensive. Since the
runtime function only adds the microtask to a FixedArray (potentially
growing that array) and increments the number of pending microtasks, it
is fairly straight-forward to do this in CSA land instead.

This change improves the Bluebird benchmarks by 2-4% on average.

Bug: v8:7253
Change-Id: I77e96b9e5afbb4bdbe129b6bb289d9905ed581bf
Reviewed-on: https://chromium-review.googlesource.com/851972
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50372}