If we can read an object's Map pointer but not any data from the Map
itself, we may still be able to accurately describe the object's type if
the Map pointer matches one of the known Maps from the snapshot.
GetObjectProperties uses that data in one of two ways:
- If it is sure that the Map pointer matches a known Map, then it uses
  the type from that Map and continues as if it read the type normally.
- If the Map pointer is at the right offset within a heap page to match
  a known Map, but the caller didn't provide the addresses of the first
  pages in Map space or read-only space, then the type of that Map is
  just a guess and gets returned in a separate array. This gives the
  caller the opportunity to present guessed types to the user, and
  perhaps call again using the guessed type as the type hint.

Bug: v8:9376
Change-Id: I187f67b77e76699863a14534a9d635b79f654124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787986
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63908}

After https://crrev.com/c/1800575 and https://crrev.com/c/1803343,
which tried to fix this on occuring compile errors, this CL
systematically adds the <memory> include to each header that uses
{std::unique_ptr}.

R=sigurds@chromium.org
TBR=mlippautz@chromium.org,alph@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org

Bug: v8:9396
Change-Id: If7f9c3140842f9543135dddd7344c0f357999da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803349Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63767}

Tbr: yangguo@chromium.org
Change-Id: I9e774efdbff94be909470ab848c75e5120bb520e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803343
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63762}

This enables using TNode types without including code-assembler.h,
which is useful when generating CallInterfaceDescriptors.

As a drive-by, this moves TNode from v8::internal::compiler to
v8::internal. It's only used outside of the compiler anyway.

Change-Id: I3d938c22366a3570315041683094f77b0d1096a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798425
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63721}

Since we switched to C++14 now, we can use {std::make_unique} instead
of our own {base::make_unique} from {template-utils.h}.

R=mstarzinger@chromium.org, yangguo@chromium.org

Bug: v8:9687
No-Try: true
Change-Id: I660eb30038bbb079cee93c7861cd87ccd134f01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1789300
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63642}

I removed the padding field because I couldn't see a reason why we would
want to pad to system pointer size. I'm guessing that the intent was to
pad to tagged pointer size, which was once relevant but isn't anymore
since one of the int32 fields got removed.

Bug: v8:8952
Change-Id: Ic191d783efd8d686f6920e6e7ce2d3dacba883c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776847Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63556}

This change provides a quick way to see string contents in postmortem
debugging sessions, without digging through a (possibly very large, in
the case of ConsString) tree of properties. As well as being convenient
for inspecting String objects, this functionality will also be necessary
for displaying property names on JSReceiver objects. In order to support
custom behaviors for specific classes, this change extends the existing
generated debug reader classes with a visitor pattern.

Bug: v8:9376
Change-Id: I70eab9ea4e74ca0fab39bf5998d6a602716a4202
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771939Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63485}

This CL adds a LocationReference specifically for slices to Torque. This allows us to safely reference arrays in objects and pass around such references. For an array of T-typed elements, referencing yields a Slice<T>. In addition, the traditional element access syntax ('o.array[i]') now internally produces a slice, indexes it at 'i' and dereferences the resulting HeapReference.

Bug: v8:7793
Change-Id: I4af58e4d2feac547c55a1f6f9350a6c510383df2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771782
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63479}

This patch is mostly mechanical. A few changes in
implementation-visitor.cc might be worth mentioning:
- Don't generate both field offset macros and class definitions for the
  same class. This was mostly just to keep me from forgetting to remove
  the DEFINE_FIELD_OFFSET_CONSTANTS part when converting classes, but
  also helpfully flagged that FixedArrayBase wasn't using the generated
  class that it requested.
- Generate forward declarations for all tq-defined classes in
  internal-class-definitions-tq.h. This is helpful for making things
  compile when classes have fields of other class types.
- When generating accessors for union types, use the nearest class type
  that contains the entire union rather than plain Object. This is
  important for compile-time type safety. It also required a few minor
  fixes elsewhere (isolate.cc, modules.cc, scope-info.cc,
  source-text-module.cc, and a correction of the field types in
  CallHandlerInfo to match how they're set in api.cc).

Change-Id: I3b9280e30779ce57fb9f3629eecfec898e26d708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774976Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63458}

Changes in the reland: Rebased and added a check that JavaScript-linkage
builtins use JSAny in parameters and return type, plus the necessary
cleanups for this test to pass.

Design Doc: https://docs.google.com/document/d/1z6j0pWHnNIfId0v00uWN2HBrGRDJxJfYuCr5K7Kr1xA

This reverts commit 4418a7b9.

Original change's description:
> Revert "[torque] introduce JSAny type for user-accessible JavaScript values"
>
> This reverts commit 79b00555.
>
> Reason for revert: needs more discussion
>
> Original change's description:
> > [torque] introduce JSAny type for user-accessible JavaScript values
> >
> > This CL introduces a JSAny type for user-exposed JavaScript values and
> > a few new types to define it. Especially, it splits Symbol into
> > PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> > symbols).
> >
> > The change is mostly mechanical, but a few things are interesting:
> > - PropertyKey and JSPrimitive were designed to coincide with the spec
> >   notions of IsPropertyKey() and primitive value, respectively.
> > - Since Name is an open type, we define AnyName to be the known
> >   subtypes of Name. This is not too elegant, but by using AnyName
> >   instead of Name, typeswitch can properly conclude something if a
> >   subtype of Name is excluded.
> >
> > Small drive-by changes, which were necessary:
> > - Allow subtyping on label parameters.
> > - Fix the formatting of typeswitch, it was broken with union types
> >   in case types.
> >
> > Bug: v8:7793
> > Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#63114}
>
> TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org
>
> Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7793
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63115}

TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7793
Change-Id: Icca34e3824f55009b984d9348fd21884400f0081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769316
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63395}

The generation of TFJ declarations for non-vararg JavaScript-linkage
builtins was very broken. Now it works as it should: the explicit
parameters correspond to normal JavaScript parameters.

Bug: v8:7793
Change-Id: I9fa0bdd45f8c4b678d4f0436af3e9b53cba69475
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1769317
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63394}

This change adds the indexed field for the characters in the definition
of sequential string types, and introduces support for recognizing the
various specific string types in v8_debug_helper. In an attempt to
avoid duplicating info about string instance types, it also refactors
String::Get so that StringShape (a simple class usable by postmortem
tools) can dispatch using a class that defines behaviors for each
concrete type.

Bug: v8:9376
Change-Id: Id0653040f6decddc004c73f8fe93d2187828c2c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735795
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63352}

Forge (Google3) can only run 64-bit executables. As Torque runs as part
of the build process, we need a 32-bit "cross-compile" mode when
we target 32-bit architectures. Note that this flag won't be needed
in Chromium/V8 land, since we build V8 with the same bit width as
the target architecture.

This CL adds a new runtime flag to torque "-m32". When enabled, the
flag forces 32-bit word sizes for various pointer/word sizes. By
default, the host system sizes from {src/commons/globals.h}
are used.

R=tebbi@chromium.org

Bug: v8:9641
Change-Id: I8701eec45e3fb59dc65049b0a679d34589c4127f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763540
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63334}

This CL consists of several preparatory steps for slices in Torque. Above all, it introduces a user-defined struct, torque_internal::Slice<T>, that performs bounds checking and returns references to elements in arrays. To enable this, several smaller changes were also made:

- Constructors of internal classes such as torque_internal::Reference<T> now require a special 'Unsafe' argument, making it clear that there be dragons.
- Struct methods are now declared during finalization. This allows instances of generic structs to have methods referring to the same struct. Previously, methods would be declared before the instance had been fully registered, leading to errors during type resolution. Furthermore, such methods were declared in a temporary namespace, that would then erroneously escape and lead to use-after-free issues.
- Instances of TypeArgumentInference were not running in the correct (Torque) scopes, leading to type resolution errors.
- The chain of ContextualVariable::Scope for any given ContextualVariable (such as CurrentScope) can now be walked, simplifying debugging.

R=jgruber@chromium.org, tebbi@chromium.org

Bug: v8:7793
Change-Id: I36f808f63cc3ce441062dfc56f511f24f1e3121e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758322
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63314}

Extend the order-independent annotation parsing logic to include the
following forms:
  @foo                // bare annotation (already supported)
  @foo(0x70)          // decimal literal
  @foo(HI)            // identifier
  @foo("hello there") // quoted string
This is obviously still pretty far from annotations in other languages,
which usually support arbitrary expressions and multiple parameters, but
I think it's sufficient to cover a pretty good variety of usages. The
existing class-field annotations @if and @ifnot are reimplemented in the
new style, meaning they could now appear in any order relative to other
annotations on the same field (and can be repeated, though I doubt it
would be of much use to anybody).

Change-Id: I97b7c0c9a541ca3126b5ae3a2484688b04dda9f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1754947
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63285}

This reverts commit 79b00555.

Reason for revert: needs more discussion

Original change's description:
> [torque] introduce JSAny type for user-accessible JavaScript values
> 
> This CL introduces a JSAny type for user-exposed JavaScript values and
> a few new types to define it. Especially, it splits Symbol into
> PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> symbols).
> 
> The change is mostly mechanical, but a few things are interesting:
> - PropertyKey and JSPrimitive were designed to coincide with the spec
>   notions of IsPropertyKey() and primitive value, respectively.
> - Since Name is an open type, we define AnyName to be the known
>   subtypes of Name. This is not too elegant, but by using AnyName
>   instead of Name, typeswitch can properly conclude something if a
>   subtype of Name is excluded.
> 
> Small drive-by changes, which were necessary:
> - Allow subtyping on label parameters.
> - Fix the formatting of typeswitch, it was broken with union types
>   in case types.
> 
> Bug: v8:7793
> Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63114}

TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org

Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63115}

This CL introduces a JSAny type for user-exposed JavaScript values and
a few new types to define it. Especially, it splits Symbol into
PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
symbols).

The change is mostly mechanical, but a few things are interesting:
- PropertyKey and JSPrimitive were designed to coincide with the spec
  notions of IsPropertyKey() and primitive value, respectively.
- Since Name is an open type, we define AnyName to be the known
  subtypes of Name. This is not too elegant, but by using AnyName
  instead of Name, typeswitch can properly conclude something if a
  subtype of Name is excluded.

Small drive-by changes, which were necessary:
- Allow subtyping on label parameters.
- Fix the formatting of typeswitch, it was broken with union types
  in case types.

Bug: v8:7793
Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63114}

Bug: v8:7793
Change-Id: I5f5461e4e3d31c6d3c2c1fba4ce48a4eb5db5d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725625
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63098}

Now that we can short-circuit control flow in the optimizing compiler,
there is no more need for BranchIf... macros in CSA/Torque.
Thus removing support for them in Torque and rewriting Torque macros to
use bool return values instead.

Bug: v8:7793
Change-Id: Ie4b7522aa5558be038fe821d8b5d02859d522ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724211
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63079}

Previously when creating a new generic struct, one had to explicitly provide all type arguments, e.g., for the generic struct

  struct Box<T: type> {
    const value: T;
  }

one would initialize a new box using

  const aSmi: Smi = ...;
  const box = Box<Smi> { value: aSmi };

With the additions in this CL the explicit type argument can be omitted. Type inference proceeds analogously to specialization of generic callables.

Additionally, this CL slightly refactors class and struct initialization, and make type inference more permissive in the presence of unsupported type constructors (concretely, union types and function types).

R=jgruber@chromium.org, tebbi@chromium.org

Change-Id: I529be5831a85d317d8caa6cb3a0ce398ad578c86
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728617
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63036}

This is a reland of 517ab73f

Updates since original: now compressed pointers passed to the function
GetObjectProperties are required to be sign-extended. Previously, the
function allowed zero-extended values, but that led to ambiguity on
pointers like 0x88044919: is it compressed or is the heap range actually
centered on 0x100000000?

Original change's description:
> Add postmortem debugging helper library
>
> This change begins to implement the functionality described in
> https://docs.google.com/document/d/1evHnb1uLlSbvHAAsmOXyc25x3uh1DjgNa8u1RHvwVhk/edit#
> for investigating V8 state in crash dumps.
>
> This change adds a new library, v8_debug_helper, for providing platform-
> agnostic assistance with postmortem debugging. This library can be used
> by extensions built for debuggers such as WinDbg or lldb. Its public API
> is described by debug-helper.h; currently the only method it exposes is
> GetObjectProperties, but we'd like to add more functionality over time.
> The API surface is restricted to plain C-style structs and pointers, so
> that it's easy to link from a debugger extension built with a different
> toolchain.
>
> This change also adds a new cctest file to exercise some basic
> interaction with the new library.
>
> The API function GetObjectProperties takes an object pointer (which
> could be compressed, or weak, or a SMI), and returns a string
> description of the object and a list of properties the object contains.
> For now, the list of properties is entirely based on Torque object
> definitions, but we expect to add custom properties in future updates so
> that it can be easier to make sense of complex data structures such as
> dictionaries.
>
> GetObjectProperties does several things that are intended to generate
> somewhat useful results even in cases where memory may be corrupt or
> unavailable:
> - The caller may optionally provide a type string which will be used if
>   the memory for the object's Map is inaccessible.
> - All object pointers are compared against the list of known objects
>   generated by mkgrokdump. The caller may optionally provide the
>   pointers for the first pages of various heap spaces, to avoid spurious
>   matches. If those pointers are not provided, then any matches are
>   prefixed with "maybe" in the resulting description string, such as
>   "maybe UndefinedValue (0x4288000341 <Oddball>)".
>
> Bug: v8:9376
>
> Change-Id: Iebf3cc2dea3133c7811bcefcdf38d9458b02fded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628012
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62882}

Bug: v8:9376
Change-Id: I866a1cc9d4c34bfe10c7b98462451fe69763cf3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1717090Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63008}

With the arrival of generic structs (https://chromium-review.googlesource.com/c/v8/v8/+/1714868) the existing type inference procedure for generic calls became incomplete, since it could not infer types that were only constrained as part of generic types. For instance, given

  struct Box<T: Type> { ... }

  macro unbox<T: type>(box: Box<T>): T

the type argument (Smi) at the following call site

  const box: Box<Smi> = ...;
  unbox(box);

could not be inferred.

This CL re-implements the inference procedure and documents the semantics of type argument inference in Torque a bit more clearly.

R=tebbi@chromium.org

Change-Id: I868f16afbd9864b9c810ac49bc1639b467df939c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1720812
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63005}

This CL removes the built-in reference type in favor of a Torque-implemented generic struct, i.e., internal::Reference<T>. It also adds various infrastructure for getting and creating new generic struct instances, as well as matching against them.

R=tebbi@chromium.org

Change-Id: I1e3d6afe355a0603fa9c3ad789c6b8a97d1b3c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1718148
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62939}

Bug: v8:7793
Change-Id: I36daa0ef26cc7c274c64cfdba7e3a196677a7bc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1718156Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62916}

This reverts commit 517ab73f.

Reason for revert: Test failures https://bugs.chromium.org/p/v8/issues/detail?id=9538

Original change's description:
> Add postmortem debugging helper library
> 
> This change begins to implement the functionality described in
> https://docs.google.com/document/d/1evHnb1uLlSbvHAAsmOXyc25x3uh1DjgNa8u1RHvwVhk/edit#
> for investigating V8 state in crash dumps.
> 
> This change adds a new library, v8_debug_helper, for providing platform-
> agnostic assistance with postmortem debugging. This library can be used
> by extensions built for debuggers such as WinDbg or lldb. Its public API
> is described by debug-helper.h; currently the only method it exposes is
> GetObjectProperties, but we'd like to add more functionality over time.
> The API surface is restricted to plain C-style structs and pointers, so
> that it's easy to link from a debugger extension built with a different
> toolchain.
> 
> This change also adds a new cctest file to exercise some basic
> interaction with the new library.
> 
> The API function GetObjectProperties takes an object pointer (which
> could be compressed, or weak, or a SMI), and returns a string
> description of the object and a list of properties the object contains.
> For now, the list of properties is entirely based on Torque object
> definitions, but we expect to add custom properties in future updates so
> that it can be easier to make sense of complex data structures such as
> dictionaries.
> 
> GetObjectProperties does several things that are intended to generate
> somewhat useful results even in cases where memory may be corrupt or
> unavailable:
> - The caller may optionally provide a type string which will be used if
>   the memory for the object's Map is inaccessible.
> - All object pointers are compared against the list of known objects
>   generated by mkgrokdump. The caller may optionally provide the
>   pointers for the first pages of various heap spaces, to avoid spurious
>   matches. If those pointers are not provided, then any matches are
>   prefixed with "maybe" in the resulting description string, such as
>   "maybe UndefinedValue (0x4288000341 <Oddball>)".
> 
> Bug: v8:9376
> 
> Change-Id: Iebf3cc2dea3133c7811bcefcdf38d9458b02fded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628012
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62882}

TBR=yangguo@chromium.org,mvstanton@chromium.org,jgruber@chromium.org,tebbi@chromium.org,seth.brenith@microsoft.com

Change-Id: Ia078f2e8d101d2375b5db88021b2d65d28f1b075
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1716033Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62899}

This change begins to implement the functionality described in
https://docs.google.com/document/d/1evHnb1uLlSbvHAAsmOXyc25x3uh1DjgNa8u1RHvwVhk/edit#
for investigating V8 state in crash dumps.

This change adds a new library, v8_debug_helper, for providing platform-
agnostic assistance with postmortem debugging. This library can be used
by extensions built for debuggers such as WinDbg or lldb. Its public API
is described by debug-helper.h; currently the only method it exposes is
GetObjectProperties, but we'd like to add more functionality over time.
The API surface is restricted to plain C-style structs and pointers, so
that it's easy to link from a debugger extension built with a different
toolchain.

This change also adds a new cctest file to exercise some basic
interaction with the new library.

The API function GetObjectProperties takes an object pointer (which
could be compressed, or weak, or a SMI), and returns a string
description of the object and a list of properties the object contains.
For now, the list of properties is entirely based on Torque object
definitions, but we expect to add custom properties in future updates so
that it can be easier to make sense of complex data structures such as
dictionaries.

GetObjectProperties does several things that are intended to generate
somewhat useful results even in cases where memory may be corrupt or
unavailable:
- The caller may optionally provide a type string which will be used if
  the memory for the object's Map is inaccessible.
- All object pointers are compared against the list of known objects
  generated by mkgrokdump. The caller may optionally provide the
  pointers for the first pages of various heap spaces, to avoid spurious
  matches. If those pointers are not provided, then any matches are
  prefixed with "maybe" in the resulting description string, such as
  "maybe UndefinedValue (0x4288000341 <Oddball>)".

Bug: v8:9376

Change-Id: Iebf3cc2dea3133c7811bcefcdf38d9458b02fded
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628012
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62882}

This CL introduces generic Torque structs. Generics are grounded early in the Torque compilation pipeline, meaning that every instantiation of a generic struct with concrete types will be turned into a distinct StructType.

As an example, consider a Tuple of types T1, T2:

  struct Tuple<T1: type, T2: type> {
    const fst: T1;
    const snd: T2;
  }

which can be manipulated using generic macros, such as

  macro Swap<T1: type, T2: type>(tuple: Tuple<T1, T2>): Tuple<T2, T1> {
    return Tuple<T2, T1>{fst: tuple.snd, snd: tuple.fst};
  }

Currently there is no type inference for struct instantiation sites, so type arguments have to be provided explicitly:

  const intptrAndSmi = Tuple<intptr, Smi>{fst: 1, snd: 2};

R=sigurds@chromium.org, tebbi@chromium.org

Change-Id: I43111561cbe53144db473dc844a478045644ef6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1714868
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62878}

This change is mostly mechanical, but it's worth mentioning a few
slightly interesting cases:
- A couple of field definitions didn't match the signedness of their
  corresponding accessors.
- The generated accessors for Smi data use Smi values directly, but
  usually we want C++ accessors to use ints instead. I added a macro
  that hides the generated Smi accessors and exposes int accessors,
  but we might consider generating int accessors directly.
- The data held in some fields is described in comments next to the
  accessor definition for those fields. With automatically generated
  accessors, those comments need a new home. In this change I put them
  in the Torque object definition, but I'm open to other suggestions.
- gen-postmortem-metadata couldn't find updated class definitions after
  they got split across multiple lines, so I changed its matching
  logic. (Ideally debug-support.cc should be a Torque compiler output
  rather than something that involves parsing C++ with regexes, but
  this makes it correctly report subclass relationships for now.)
- The end offsets generated by Torque were off by one from the values
  that would be generated by DEFINE_FIELD_OFFSET_CONSTANTS.

Change-Id: I3df4fcd27997b46c41ca879065b9d97f6c939f07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692192Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62719}

This CL changes non-const reference arguments to either a const
reference, or pass-by-value combined with std::move.

Bug: v8:9429
Change-Id: Iabace132f855462612ac31922fbd8b456d8ae20d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690827Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62583}

Cpplint usually checks for non-const reference arguments. They are
forbidden in the style guide, and v8 does not explicitly make an
exception here.
This CL re-enables that warning, and fixes all current violations by
adding an explicit "NOLINT(runtime/references)" comment. In follow-up
CLs, we should aim to remove as many of them as possible.

TBR=mlippautz@chromium.org

Bug: v8:9429
Change-Id: If7054d0b366138b731972ed5d4e304b5ac8423bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687891Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62551}

The latter is better because it takes field type into account when
decompressing field value.

Drive-by: use [DECL_]ACCESSOR macros for some fields.

Bug: v8:9353
Change-Id: I3d7f07d11b1e379e3e6cf0310d836af6b48c1338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1680539
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62444}

Rework the implementation of non-external Torque classes to use
Struct machinery rather than FixedArray machinery. This allows
Torque-only defined 'internal' classes to the automatically generate
class verifiers and printers.

As part of this change, generate C++ boilerplate accessors for
internal Torque classes, since this is a pre-requisite for the
verifiers, printers and other Struct-based functionality.

Moreover, augment the header-generating functionality in Torque
to create separate header files for field offset definitions,
internal class C++ definitions and instance types.

Bug: v8:7793
Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62317}

This disallows using CSA macros from Torque that have a Node* return
type instead of TNode<>. By enforcing CSA types at the boundary between
CSA and Torque, we can ensure that the Torque types and the CSA types
match.

As a drive-by, this CL adds a bit more of CSA typing where it made sense.

Bug: v8:7793, v8:6949

Change-Id: I12ea0337c628105ea3c420be747ae50d3a172547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660481
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62293}

For every @noVerifier in base.tq, this change either removes it or
ensures that it has some annotation explaining why it can't be removed.
The @noVerifier usages that can't be removed fall into the following
categories:
1. Classes that don't have their own instance types and therefore have
   no meaningful way to do an Is...() check
2. Fields that might not exist
3. Fields that are waiting for MaybeObject support in Torque

Bug: v8:9311
Change-Id: Id452d4151ec07347ae96a9b5f3b26e2ac8065d31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659134Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62263}

This change removes the special case in the Torque compiler for types
that descend from JSObject: they will no longer get implicit
"| Undefined" appended to their types for verification purposes. It
removes any additional custom verification steps in objects-debug that
are made redundant by that change.

In order to do so safely, I categorized all cases where we were
implicitly adding "| Undefined" to the field type, as follows:

1. Classes that aren't using the generated verifier function (we should
   probably revisit these, but for now we at least know they're safe):
   - JSGlobalObject
   - JSFinalizationGroup
   - JSFinalizationGroupCleanupIterator

2. Classes where the existing verifier is already at least as strict as
   what we would get after removing the implicit "| Undefined":
   - JSDate
   - JSPromise
   - JSRegExp
   - JSRegExpStringIterator
   - WasmMemoryObject
   - JSWeakRef
   - JSStringIterator
   - WasmExceptionObject
   - JSListFormat (fixed in part 1)
   - JSPluralRules (fixed in part 1)
   - JSRelativeTimeFormat (fixed in part 1)
   - JSSegmenter (fixed in part 1)
   - JSArrayBufferView (fixed in part 1)
   - JSTypedArray (fixed in part 1)

3. Classes where, to the best of my knowledge based on code inspection,
   we already initialize the object correctly to pass the new stricter
   generated verifier:
   - JSFunction
   - JSArrayIterator
   - JSMessageObject
   - JSBoundFunction
   - JSAsyncFromSyncIterator
   - WasmModuleObject
   - JSAsyncFunctionObject

4. Classes that needed some adjustment to their initialization order to
   avoid exposing uninitialized state to the GC:
   - JSArray (only in Factory::NewJSArray; Runtime_NewArray and
              CodeStubAssembler::AllocateJSArray already behave fine)
   - WasmTableObject
   - JSDateTimeFormat
   - JSNumberFormat
   - JSCollator
   - JSV8BreakIterator
   - JSLocale
   - JSSegmentIterator
   - JSModuleNamespace

5. Classes that had incorrect type definitions in Torque:
   - WasmGlobalObject (category 4 after correction)

6. Classes that weren't fully initialized due to bugs:
   - JSGeneratorObject
   - JSAsyncGeneratorObject

Bug: v8:9311
Change-Id: I99ab303d3352423f50a3d0abb6eb0c9b463e7552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1654980
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62228}

This is a reland of 6eff6cc9

Original change's description:
> [torque] introduce separate implicit parameters for JavaScript calling convention
>
> Implicit parameters for builtins with JavaScript linkage are now separate, using
> the keyword "js-implicit". They have to be one of:
> - context: Context
> - receiver: Object (this in JS)
> - target: JSFunction (arguments.callee in JS)
> - newTarget: Object (new.target in JS)
>
> Bug: v8:9120 v8:7793
>
> Change-Id: I916f60971bb53d5046b6006725d0ce39291ca55e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658159
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62174}

TBR=tmrts@chromium.org

Bug: v8:9120 v8:7793
Change-Id: Idb25d316d9d87e345ab74c2df583ff2648da012c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660483
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62182}

This reverts commit 6eff6cc9.

Reason for revert: Presubmit failure.

Original change's description:
> [torque] introduce separate implicit parameters for JavaScript calling convention
> 
> Implicit parameters for builtins with JavaScript linkage are now separate, using
> the keyword "js-implicit". They have to be one of:
> - context: Context
> - receiver: Object (this in JS)
> - target: JSFunction (arguments.callee in JS)
> - newTarget: Object (new.target in JS)
> 
> Bug: v8:9120 v8:7793
> 
> Change-Id: I916f60971bb53d5046b6006725d0ce39291ca55e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658159
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62174}

TBR=sigurds@chromium.org,tebbi@chromium.org,tmrts@chromium.org,szuend@chromium.org

Change-Id: Ide206788745bd15677bd60fe32d2476321967069
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9120 v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660482Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62175}

Implicit parameters for builtins with JavaScript linkage are now separate, using
the keyword "js-implicit". They have to be one of:
- context: Context
- receiver: Object (this in JS)
- target: JSFunction (arguments.callee in JS)
- newTarget: Object (new.target in JS)

Bug: v8:9120 v8:7793

Change-Id: I916f60971bb53d5046b6006725d0ce39291ca55e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658159Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62174}

This CL adds lint errors for unused Torque macros. To prevent lots of
noisy warnings, the check is rather narrow. Macros declared as "extern"
or marked with "@export" are ignored. Also macros starting with "Convert",
"Cast" or "FromConstexpr" are not checked.

Drive-by: Removing some unused macros.

Bug: v8:7793
Change-Id: Ie0d2e445f8882a9b0ebbda45876b342abf341248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645312
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62092}

This CL adds a lint error for variables that are unnecessarily bound
with 'let' when they could be bound using 'const. This test is skipped
for struct types. For struct types, the "constness" also depends on
the struct methods called and whether these methods write to the struct
or not. This is not straight-forward to detect.

Drive-by: Fix all the newly introduced lint errors.

Bug: v8:7793
Change-Id: I0522ffcc4321350eef2e9573b8430bc78200ddce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645322
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62085}