The flag will be used to upload changes towards the removal of
arguments adaptor frame, by reversing the JS arguments in the stack.

Change-Id: Ia41f740d9fac51a072487733d387390e69574cfb
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230525
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68176}

Fix arguments order when a call to a CPP builtin is inlined.
When V8_REVERSE_JSARGS is set, the arguments should be reversed and the extra builtin parameters should be pushed last, that is, the input nodes should be located before the function arguments.

Change-Id: Icfcee15bf9e596b236bfd2615a73ce101c87857d
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218289
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68175}

Under some circumstances, Wasm is trying to log code for which the
wire bytes are not fully loaded yet. This can happen during streaming
compilation when a few functions are already fully compiled but the
engine is still streaming the remaining functions.

If the profiler now kicks in, it will attempt to log these freshly
compiled functions. As these functions will not be executed before
the module is fully compiled, we can simply defer the logging in this
case.

R=clemensb@chromium.org

Bug: chromium:1085852
Change-Id: Idb1061cafcba7a2a654a207402dca520f79a3bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219938Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68174}

Introduce ParkedMutexGuard which is similar to base::MutexGuard but also
parks the LocalHeap while the thread is blocked.

Bug: v8:10315
Change-Id: I149673511df013881ed2fbb42cf22d3f9b17b92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230518
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68173}

Introduce --stress-concurrent-allocation flag. With this flag, V8 will
run periodically start an allocation background task, which allocates
objects. Will be used for testing background allocation.

Bug: v8:10315
Change-Id: Iddb7ff34601a492bc2f26f41cc56a2a899807cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228889Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68172}

Change-Id: Iba745cae7f5b90654839abefb42b21fd9c49064f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228650
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68171}

Bug: v8:7703
Change-Id: I06c9e04b1c8ab3c6461468db2f7a035a12ccf7d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230522
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68170}

This reverts commit b8f91666.

Reason for revert: Fails gc-stress (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/28341).

Original change's description:
> [flags] warn about contradictory flags
> 
> Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> 
> Bug: v8:10577
> Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68168}

TBR=machenbach@chromium.org,neis@chromium.org,clemensb@chromium.org,tebbi@chromium.org,tmrts@chromium.org

Change-Id: Ia1e3373fbb4c369594ceb98eb560e3ccf2cb8780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230523Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68169}

Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/

Bug: v8:10577
Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68168}

We use StoreOwnIC to initialize the object after creating a new object
with CreateObjectLiteral. CreateObjectLiteral stores kHoleNaNInt64
to indicate an uninitialized double field. When we actually try
to store a NaN value into that field later using StoreOwnIC, IC avoids
actually storing the new value since the existing value is "same as"
the value we try to write. The float comparison treats all NaNs as
equal. In this particular case, we should actually store the new value
since kHoleNaNInt64 value is used to represent an uninitialized field.

This cl just stores the new value even when the existing value is same
as the new value for double fields. The check is still required to
correctly track const fields.

Bug: chromium:1082293
Change-Id: Ib37061802f2403545cffa6d6fef08be074b0825d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228886Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68167}

Change-Id: I29c1339fa75aa26bd18b7e007a0e88de15096a43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219934Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68166}

This reverts commit 3b1d24cf.

Reason for revert: The problem is fixed

Original change's description:
> Revert "[Intl] Use new getDefaultHourCycle to replace old hack"
> 
> This reverts commit 611e4127.
> 
> Reason for revert: https://crbug.com/1080367
> 
> Original change's description:
> > [Intl] Use new getDefaultHourCycle to replace old hack
> > 
> > Use the ICU 67.1 new API DateTimePatternGenerator::getDefaultHourCycle
> > to replace a hack which get the pattern of "jjmm" to find out the
> > default hour cycle of a locale
> > Bump the required API version from 65 to 67
> > 
> > Bug: v8:10225
> > Change-Id: I3378edacb6dfb8400357ac0bf3d5d50b9fe008bd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173875
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Frank Tang <ftang@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67549}
> 
> TBR=jkummerow@chromium.org,ftang@chromium.org
> 
> # Not skipping CQ checks because original CL landed > 1 day ago.
> 
> Bug: v8:10225
> Change-Id: I8bdfbdfc6c906814e5a7525cbde79c9cac854bd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208811
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67929}

TBR=jkummerow@chromium.org,zhin@chromium.org,ftang@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:10225
Change-Id: I386cf0347a0fa5403fb196bb46ac77f48c9c0a0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229470Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68165}

This reflects the latest changes in the Promise.any proposal.

Bug: v8:9808
Change-Id: I0f8ea2e95f430479963bf9d9597f243024de8c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222344Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68164}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c523c20..bdb409c

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/7a0ebcc..1b066f0

Rolling v8/third_party/aemu-linux-x64: V4ZGjQxGJ00ndsSZd9X90QJnY3N7-ZbuPq57Yk7yv74C..t4ELE6VgcCM5v-3W7_Dv8jFHkyeEu69AW5lwrtqWBOwC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1ec2986..15d5f65

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9904485..e65444f

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/011959a..cb44c86

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/f5eca0d..a68151f

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/8b9091f..59c0072

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Iafe4f3edc0019eb4c061fb1f12c41047c4c411c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229939Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68163}

Port 3406cba8
https://crrev.com/c/2099451

Change-Id: I7217e333f468aa24f25231d24e31c321a2c209b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224595Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#68162}

This is a reland of c342ba82

Original change's description:
> Set .name of anonymous functions on the RHS of logical assignment.
> 
> https://github.com/tc39/proposal-logical-assignment/pull/24 reached
> consensus in June TC39.
> 
> Drive-by refactoring of testing for logical assignment ops using
> IsInRange.
> 
> Bug: v8:10579
> Change-Id: I5a203ba552a905cd28f75c5d223998431a1966ce
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225809
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68101}

Bug: v8:10579
Change-Id: I321cf0e29515a146844abc05250e9b50ad651caf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227255
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68161}

The fix is in 630b884f84 not f2223961.

This reverts commit 464ee4b7.

Reason for revert: roll to 67.1 after the landing of the fix

Original change's description:
> Revert "Roll ICU from 65.1 to 67.1 (f2223961) & correct tests"
>
> This reverts commit e270b6d6.
>
> Reason for revert: V8 DEPS roll stuck https://crbug.com/v8/10567#c1
>
> Original change's description:
> > Roll ICU from 65.1 to 67.1 (f2223961) & correct tests
> >
> > Rolling to chrome/src is in
> > https://chromium-review.googlesource.com/c/chromium/src/+/2155530
> >
> > Since auto rolling stop after 3/24/2020 and the rolling will cause
> > change of test status, I get this cl ready (but not running trybot due
> > to 1074260) and plan to hand roll after the submission of 2155530.
> >
> > Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> > Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
> > Auto-Submit: Frank Tang <ftang@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67493}
>
> TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,ftang@chromium.org,syg@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> Change-Id: I3f4233815ed7414f2cde3d4d996696575b5f6e3a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219334
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68051}

TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,zhin@chromium.org,ftang@chromium.org,syg@chromium.org

# Not skipping CQ checks because this is a reland.

Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I1de5eb36eff420482a12205682b153a2493d5249
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220781Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68160}

This relands commit 76debfda.

This fix here is to convert the original mjsunit test into a
cctest, where we check for SIMD support, and skip the test.
We don't have lowering for I64x2 yet, so this is the
workaround.

Original change's description:
> [wasm-simd][liftoff] Fix I64x2Mul
>
> The I64x2Mul overwrote the lhs/rhs if they are the same as dst. So when
> deciding if we need temporaries, we should not only check the
> cache_state, but whether they alias dst or not.
>
> Bug: chromium:1088273
> Change-Id: I82efa9b45e0a3d321a06efde60971ce95b21490f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225796
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68114}

Bug: chromium:1088273
Change-Id: Ia3fd251998159d9beb581a6af3414921fe968e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227068
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68159}

Change-Id: I8962c08329c57367ff82d4669880c7efb1db8875
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229304Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68158}

vroundps assembly is incorrect:
- the signature was wrong, vroundps takes 2 operands and 1 immediate
- when calling vinstr, should always pass xmm0, this wasn't causing
issues because our test cases were restricted enough that it was always
xmm0 anyway
- the macro assembler should use AVX_OP_SSE4_1, since roundps requires
SSE4_1
- drive-by fix for roundss and roundsd to be AVX_OP_SSE4_1
- add disasm for roundps and vroundps, and test them

Bug: v8:10553
Change-Id: I4046eb81a9f18d5af7137bbd46bfa0478e5a9ab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227252Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68157}

This CL repurposes the v8.wasm trace event category, and introduces
additionally the v8.wasm.detailed category.

The v8.wasm category is enabled by default and captures core wasm events
like validation, compilation, instantiation, and important operations
like grow-memory and tier-up timings.

The v8.wasm.detailed category is disabled by default. It captures all
events the previous v8.wasm category captured, like compilation of
single functions, time needed for register allocation, ...

This CL splits these categories to allow enabling the v8.wasm category
in telemetry benchmarks to calculate compile time and other metrics
from traces of telemetry runs.

R=ecmziegler@chromium.org

Bug: chromium:1084929
Change-Id: Ida58b8f344b0ccb6ee1210e259c3e0e993eff497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210230
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68156}

This adds s128 not, and, andnot, or, xor, and select.

Bug: v8:10180
Change-Id: Id7f05f7fdc9f082bee1182babbb4a5e4b55d7d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225604Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68155}

Change-Id: I395471a93b6df55ae8d45b7627b23067ae208f54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226552
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68154}

Bug: chromium:1081735
Change-Id: Iab58b303ec718a15653ba80fefbb873ef93df003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218284
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68153}

All subtyping has been removed from the reference-types proposal. This
CL implements this proposal change now in V8.

R=manoskouk@chromium.org

Bug: v8:10556
Change-Id: I08ef064952278e03ea655461fa9f0c96426157c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222345
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68152}

We already track register usage, so we can stop as soon as all registers
are spilled. Also iterate the stack backwards, since the bottom of the
stack is more likely to be already spilled.

R=clemensb@chromium.org

Bug: v8:10576
Change-Id: I06fe8efe257dd5b8bcb426b4e79a8815a8cb5c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228494
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68151}

This ports HeapStatsCollector (former ThreadHeapStatsCollector) from
Blink. The CL only ports accounting of allocated object size which is
needed for a simple growing strategy in a follow up.

HeapStatsCollector is a global dependency for most sub components as
it provides infrastructure for measuring time (through trace scopes)
and space.

The general idea of HeapStatsCollector is to act as sink where all sub
components push time and space information. This information is then
gathered and made available via an event that is implemented as POD.
Time-dependent info is available through regular getters (pull) and
observers (push).

Change-Id: I40b4d76e1a40c56e5df1a7353622318cde730e26
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225902
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68150}

This CL makes it so that we revisit nodes in the revisit queue as soon
as possible in RETYPE and PROPAGATE. This is done to revisit loops
related to backedges before moving onto other nodes.

Bug: v8:10424
Change-Id: I432c6551805903072b3f9fbc867adca82b263325
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157373Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68149}

Even in unreachable code, the targets of br_table have to have matching
types.

R=thibaudm@chromium.org

Bug: v8:10556
Change-Id: I2e85df3cb92f7910a6bcb5ac03927c424194660d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218062
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68148}

Add some abstractions to make it easier to define more tests.

Bug: v8:7748
Change-Id: Ia5605aa10963228eb4bfba37e2b412fc5af860d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224212
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68147}

1) Rename remembered-set-inl.h back to remembered-set.h
2) Introduce a new remembered-set-inl.h and move the
function definition that depends on ptr-compr-inl.h.

Change-Id: I0e16e1e428937184ff255471937c70e6bb65a11e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2223816
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68146}

When tiering down (or up), we first get a list of all native modules
(under a lock), then tier them down/up without holding the lock. Since
we don't hold (shared) ownership of the native module, it could die
in-between.
This CL fixes this by keeping weak pointers to the native modules, and
re-gaining a shared pointer before putting the module in the list of
modules to be tiered down/up.

R=thibaudm@chromium.org

Bug: v8:10588
Change-Id: I2891c3729f42f26d4026f3e2448e124863b95122
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228515
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68145}

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Change-Id: I0f8d0a4e79fa3a526151efe3317546862aff70bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228333
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68144}

Added return value display when tracing function calls in wasm.
The new types handled are I32, I64, F32 and F64.
Only single return value is handled.

R=clemensb@chromium.org

Bug: v8:10559
Change-Id: I726d08fcfdc8bf2c3e43a25ec1932412ff74387b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225024Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Arnaud Robin <arobin@google.com>
Cr-Commit-Position: refs/heads/master@{#68143}

This is a followup of the cl [1] that fixes a bug where bytecode was
getting flushed when allocating feedback vector. The fix added
IsCompiledScope before allocating a new feedback vector. We now pass
IsCompiledScope to JSFunction::EnsureFeedbackVector. This makes it
explicit that EnsureFeedbackVector expects a function that is compiled
and the bytecode shouldn't be flushed during the allocation.Also adds
a test.


[1] https://chromium-review.googlesource.com/c/v8/v8/+/2218066

Bug: v8:10560
Change-Id: I552c449a57555dffa625b2e4efa04c2c276fc0b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222347
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68142}

With recent changes to the anyref proposal, null refs now have a type
immediate which declares the type of a null ref constant. Likewise,
the RefIsNull instruction is type aware now. This CL addresses these
proposal changes now.

R=jkummerow@chromium.org

Bug: v8:10556
Change-Id: I810dfa3a4ab4389afc9639f897cee5d43e9b62cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215172
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68141}

Now ReadOnlySpace is not a Space, it cannot be upcasted to it, so cast
to BaseSpace as well.

Fixes ubsan failure introduced by
https://chromium-review.googlesource.com/c/v8/v8/+/2209060.

Bug: v8:10454
Change-Id: I2936bfd8349377b441be4a6eedf580d91f1c4ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228723
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68140}

Bug: chromium:1056170
Change-Id: I7cb19e19de63a74e5407665c28f1b5c0f23d7d0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226563
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68139}

Port aa5bcc09
https://crrev.com/c/2225090

Change-Id: Ib3b159ebcee0d4da5ce003b08d02cd36b7218016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228097Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#68138}

This changes ReadOnlySpace to no longer be a PagedSpace but instead it
is now a BaseSpace. BasicSpace is a new base class that Space inherits
from and which has no allocation methods and does not dictate how the
pages should be held.

ReadOnlySpace unlike Space holds its pages as a
std::vector<ReadOnlyPage>, where ReadOnlyPage directly subclasses
BasicMemoryChunk, meaning they do not have prev_ and next_ pointers and
cannot be held in a heap::List. This is desirable since with pointer
compression we would like to remap these pages to different memory
addresses which would be impossible with a heap::List.

Since ReadOnlySpace no longer uses most of the code from the other
Spaces it makes sense to simplify its memory allocation to use a simple
bump pointer and always allocate a new page whenever an allocation
exceeds the remaining space on the final page.

Change-Id: Iee6d9f96cfb174b4026ee671ee4f897909b38418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209060
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68137}