This is a very minor cleanup, which makes the output of
--trace-wasm-compiler more compact.

R=mstarzinger@chromium.org

Change-Id: I6b941f32e2ec6c3963e14dd376f8a1d65cf46ec6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815254Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63925}

This loads the call builtin from the Isolate root instead of embedding
it into the instruction stream. This can be more efficient, but more
importantly it fixes an issue with tracing and eventually allows for
background compilation of these wrappers.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-crbug-1006631
BUG=chromium:1006631

Change-Id: Ife1bc513340d233a3c01789c7b56126fe3b87f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815245Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63924}

This reverts commit ad83fa92.

Reason for revert: Crashes odroid: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/11234

Original change's description:
> [wasm] Fix TODO and skip test on win32
> 
> In the {Fixed} variant, the {GrowingVsFixedModule} test first reserves
> 1GB of memory, then allocates another 1GB to add it to the module as
> code. This uses too much memory on win32, making the test fail.
> Before this CL, the {NativeModule} only reserved 128kB upfront (in
> contrast to the actual expectation of the test).
> 
> Since all other aspects of this test are already covered by other
> tests, we just skip this test on win32.
> This allows us to resolve the TODO.
> 
> Drive-by: Clean up the unittests status file a bit.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: I575dd1a3f486e1805e0256e8ee6071246f2c24c4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816505
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63921}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: Ia9d9b9e311ff8b7524938aeb02543bf2c01bdd27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815250Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63923}

This tnodifies CodeStubAssembler::Float64ToUint8Clamped and
Int32ToUint8Clamped.

Bug: v8:6949
Change-Id: I79c8cd45dc4c8333f268cf0a62234d75369f89b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813024
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63922}

In the {Fixed} variant, the {GrowingVsFixedModule} test first reserves
1GB of memory, then allocates another 1GB to add it to the module as
code. This uses too much memory on win32, making the test fail.
Before this CL, the {NativeModule} only reserved 128kB upfront (in
contrast to the actual expectation of the test).

Since all other aspects of this test are already covered by other
tests, we just skip this test on win32.
This allows us to resolve the TODO.

Drive-by: Clean up the unittests status file a bit.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: I575dd1a3f486e1805e0256e8ee6071246f2c24c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816505Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63921}

Change Parser::AllowsLazyParsingWithoutUnresolvedVariables to return
false if it may be parsing an arrow function.

Bug: v8:9758, v8:8510
Change-Id: Ic5d213d4358ff954a169c03e449197c3f050880c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816510Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63920}

Change-Id: I140b530fcb6332c08d45ef10445619e24987e3ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1817997Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63919}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5742923..c05af3e

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/82ae4b4..7cb60e8

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/d2e7b20..235f673

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I1432b0b73744d87f669811f253ddb9fa4e34d7b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1817562Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63918}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2a85930..5742923

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/d4d1ba4..82ae4b4

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I44564080c86c20b9cf3200191b18ed35e3366a6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1817560Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63917}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9417d7b..2a85930

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/535cd16..fa002e6

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/7735f52..d4d1ba4

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/b6e35ab..d2e7b20

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I276eb908a02e912bdaa9ae79f999314dc10d670d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1817557Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63916}

This reverts commit 0d6aa842.

Reason for revert: Suspected to be triggering many test flakes - https://crbug.com/1005723

Original change's description:
> [Heap] Allocate descriptor array in young
>
> This hopefully fix the regression test from c693e005
>
> Bug: v8:1004766
> Change-Id: If3c554070af6b795e4b3f99cd592a62453028874
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809363
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#63858}

TBR=ulan@chromium.org,victorgomes@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1004766, chromium:1005723
Change-Id: I763036ea6873b4b95783981e9e9f4e79782e7a4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816515
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63915}

Add a new test SimdLoadStoreLoadMemargOffset to test this, without this fix
this test would have failed.

Bug: v8:9753
Change-Id: I119adda8e3c6c7adb0ad4023298bbce9c0c64a01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811457
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63914}

doc: https://docs.google.com/document/d/1Y9uF3hS2aUrwKU56vGxlvEs_IiGgmWSzau8097Y-XBM/edit

Bug: v8:7427
Change-Id: Iedd36c146cefff7e6687fdad48d263889c5c8347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778902
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63913}

Global Objects now use the Smi handler StoreSlow() to perform
StoreGlobalIC_Slow.

Bug: chromium:1004037
Change-Id: I365ab918383525278590ca4369a4b1b0d9636d29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1812657Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63912}

Bug: v8:4653
Change-Id: I2b2e0e12dc7c3734dd554aa6dd5ed71c90a77758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806796Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63911}

Produces output similar to:

Remembered set in chunk 0x29d0cd40000
  <empty>
Remembered set in chunk 0x891f200000
  <empty>
Remembered set in chunk 0x2fb14780000
  bucket 0x1ff381b09d0:
    0x2fb14780128 -> 0x6d7e080119
    0x2fb14780130 -> 0x6d7e080129
    0x2fb14780138 -> 0x6d7e080139
    0x2fb14780140 -> 0x6d7e080149
    0x2fb14780148 -> 0x6d7e080159
    0x2fb14780150 -> 0x6d7e080169
    0x2fb14780158 -> 0x6d7e080179
    0x2fb14780160 -> 0x6d7e080189
    0x2fb14780168 -> 0x6d7e080199
    0x2fb14780170 -> 0x6d7e0801a9
  10 remembered pointers in chunk 0x2fb14780000
Remembered set in chunk 0x5360700000
  <empty>

0: 000> !rs
Change-Id: I783322a2648ccba8a27aae72a459c742357e8e11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801253
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63910}

This cl adds support for top level await to d8, but still
does not allow top level await through parsing.
Unfortunately, due to that restriction this cl has no automated
tests, but I added a 'top-level-await' variant and manually
confirmed it passes locally.

Bug: v8:9344
Change-Id: I3528442768107f5ad1ed1e9e947cfceae91c0cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808483
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63909}

If we can read an object's Map pointer but not any data from the Map
itself, we may still be able to accurately describe the object's type if
the Map pointer matches one of the known Maps from the snapshot.
GetObjectProperties uses that data in one of two ways:
- If it is sure that the Map pointer matches a known Map, then it uses
  the type from that Map and continues as if it read the type normally.
- If the Map pointer is at the right offset within a heap page to match
  a known Map, but the caller didn't provide the addresses of the first
  pages in Map space or read-only space, then the type of that Map is
  just a guess and gets returned in a separate array. This gives the
  caller the opportunity to present guessed types to the user, and
  perhaps call again using the guessed type as the type hint.

Bug: v8:9376
Change-Id: I187f67b77e76699863a14534a9d635b79f654124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787986
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63908}

This reverts commit d7b67ce2.

Reason for revert: broke tsan https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8901789268326050304/+/steps/Check/0/logs/enumeration-order/0

Original change's description:
> [Context] Add a bit flag to indicate if extension might exist
> 
> Checking the bit flag instead of comparing pointers should improve performance.
> This will also allow us to remove the extension slot in Context and save memory.
> 
> Bug: v8:9744
> Change-Id: I7ab9feeadfb934955798d877d13bc0e1d78a191c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814918
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63906}

TBR=ulan@chromium.org,leszeks@chromium.org,victorgomes@google.com

Change-Id: I3d2261e24c9c7da5f5a1d49803361bc6f0770330
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816514Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63907}

Checking the bit flag instead of comparing pointers should improve performance.
This will also allow us to remove the extension slot in Context and save memory.

Bug: v8:9744
Change-Id: I7ab9feeadfb934955798d877d13bc0e1d78a191c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814918
Commit-Queue: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63906}

This CL enables regexp interpreter and tier-up to the compiler after one
execution by setting the --regexp-tier-up flag to true by default. The
number of times a regexp is interpreted before tiering-up is controlled
by the --regexp-tier-up-ticks flag which is already set to 1 by default.

Change-Id: I79ff7fcd159f50f2f5351b339d8ffb21af039a86
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816501Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#63905}

The predictable platform can make tasks deadlock if the spawning task
is holding a lock that the spawn task also wants to take. This is
because the spawned task is just executed immediately within the
"context" of the spawning task.

The wasm async compile tests deadlock because the
{BackgroundCompileTask}s hold the shared {BackgroundCompileToken}
(reader lock) while spawning new tasks via {OnBackgroundTaskStopped} ->
{RestartBackgroundTasks}. The new tasks might want to cancel
compilation via {BackgroundCompileToken::Cancel}, which takes the
writer lock and hence deadlocks.
This can not happen on any other platform, since tasks are not nested
that way.

R=ahaas@chromium.org

Bug: v8:9760
No-Try: true
Change-Id: I9fc34d5de386aa5c6fdd64a1570fddcff872ec95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816502Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63904}

With --wasm-far-jump-table, it will be possible to create 10k (and
more) modules in one process. So far, we hit the virtual address space
limit around 1k modules, because each module makes a reservation of
{kMaxWasmCodeMemory} upfront. After this change, each module will only
reserve the estimated needed code size (if --wasm-far-jump-table is
set).

The test is carefully optimized to not execute too much code in the
loop, so it can still run in simulators in reasonable time. Note that
the time for actually compiling the module is spent in C++, which is
fast in simulator builds.

R=mstarzinger@chromium.org

Bug: v8:9477, v8:9651
Change-Id: If74a825d272a65b82ca5433cb648b6a2271872e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811038
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63903}

The CPURegister class has an additional "type" field to represent an invalid
register while the cross-platform RegisterBase class uses -1 as a register code.

For consistency and to avoid potential bugs from confusing x0 and
`CPURegister::no_reg()`, use -1 as a register code as well in CPURegister.

Change-Id: I1a36230091433bc854a5966f36e3c25e33a406c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813746Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#63902}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/050608e..9417d7b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2ad5356..535cd16

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/c6be56e..7735f52

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ie3a7b8566ff031dc64dbd774ef3bd81947eb86ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814282Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63901}

This makes it possible to plumb string representation of stack trace id
across various channels, e.g. for network requests.

Drive-by: extracted class V8DebuggerId, which encapsulates operations
with pair<int64_t, int64_t>.

Bug: chromium:988842
Change-Id: I348c91390a85bf07c746d1b1c4a7775f44c7d769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725193
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63900}

1. Add StringListFromIterable based on
https://tc39.es/proposal-intl-list-format/#sec-createstringlistfromiterable
2. Adjust other parts to sync with the new version.

Bug: v8:9747
Change-Id: I14202f2963463e6a3e9816209f087bfe8e73cb91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809902
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63899}

This is a reland of 6f9b2bd4

We must load JSTypedArray::base_pointer in TurboFan as tagged value otherwise
this value may become stale pointer after GC.

Original change's description:
> [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly
>
> On-heap typed arrays contain HeapObject value in |base_pointer| field
> and an offset in |external_pointer| field. When pointer compression is
> enabled we want to combine decompression with the offset addition.
> In order to do that we add an isolate root to the external_pointer value
> and therefore the data pointer computation can is a simple addition of
> a (potentially sign-extended) |base_pointer| loaded as Tagged_t value
> and an |external_pointer| value.
>
> Bug: v8:9706
> Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63874}

Bug: v8:9706, chromium:1005599
Cq-Include-Trybots: luci.chromium.try:gpu-fyi-try-win10-nvidia-rel-64
Change-Id: I7bbd2a439306cdd11f2bb0dab5863498624d9740
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813744Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63898}

- Check validity of node id in Node constructor.
- Turn overflow check in NextNodeId() into debug check only, since that
  is not checking the interesting overflow anyway.
- Increase width of Use::InlineCountField to use all available bits.

Bug: chromium:1003286
Change-Id: I59af68e29a466e151f7048e1f15bd56d3fa58e5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813019
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63897}

The {code_table_} only contains entries for the declared functions, and
is indexed by a slot index. The {PatchJumpTableLocked} and
{PatchJumpTablesLocked} functions on the other hand expected a function
index (offset by the number of imported functions). From that it
computes the slot index again.
This translation was missing in one place. This CL fixes this by
directly passing the slot index instead of the function index to these
methods. In all locations, we computed the slot index anyway for
addressing the code table.

Drive-by: Use more unique_ptr for managing the {code_table_}. This
avoids ever having to store raw pointers.

R=ahaas@chromium.org

Bug: v8:9477
Change-Id: I81caa53b74da010aee5854879e98e82b7773098b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813742
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63896}

Allocation observers used to set allocation limits with the intention
to statistically sample allocations that crossed those points. Those
limits had random alignment, but since object allocations are always
kTaggedSize-aligned, there is no benefit to having the limit be finer
grained. This patch makes sure that the limit is always aligned, which
in turn implies that the available space in a linear allocation area
is always a multiple of kTaggedSize.

Bug: v8:9700
Change-Id: Ib2980b4b8e792cf516cb734b451862c9e2a98029
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813026
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63895}

... in object literals.

Bug: chromium:997056
Change-Id: Ifc210ff53b751c6ef26f16b73c9ac52426a845fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813021Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63894}

Other array allocation methods in the factory already do the same anyway.

Bug: chromium:1003679
Change-Id: I05201dd5d124b530eb6b578abb1486e65d076cc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806683Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63893}

This CL allows us to distinguish between the host- and target OS. The
host OS is defined by V8_OS_ macros (e.g. V8_OS_WIN). The target OS is
defined by V8_TARGET_OS_ macros (e.g. V8_TARGET_OS_WIN).

V8_TARGET_OS_ macros are defined by gn, based on the `target_os` gn
variable. If a V8_TARGET_OS_ is set, we also define V8_HAVE_TARGET_OS
(this determines fall-back behavior in V8; if it is not defined, we set
V8_TARGET_OS_ to equal the equivalent V8_OS_ define).

Besides adding the defines, this CL also adds logic to consider the
target OS in codegen. Specifically, x64 builds now look at the
V8_TARGET_OS_WIN define instead of V8_OS_WIN or _WIN64. This
effectively makes cross-compilation to x64 Windows in mksnapshot
possible.

In future work, we could add similar support for cross-compiling to
other platforms such as ia32 Windows.

Bug: v8:9736,chromium:803591
Change-Id: I689f3de8c206b743c4bef703f5ade0bba32ce995
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809374Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63892}

This reverts commit ac3c4fcf.

Reason for revert: Tested this CL for backport.

Original change's description:
> [heap] Disable old-to-new invalidation
> 
> Disable invalidation of old-to-new slots for now. Invalidation doesn't
> match behavior of clearing slots directly in the remembered set.
> 
> Bug: chromium:1004365
> Change-Id: Ib6a21457827faafa75be88720c214e5ec483c71b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813028
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63890}

TBR=ulan@chromium.org,dinfuehr@chromium.org

Change-Id: Id3d210cd970ea7b8e28571b7801b7a395e4f0af3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1004365
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813745Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63891}

Disable invalidation of old-to-new slots for now. Invalidation doesn't
match behavior of clearing slots directly in the remembered set.

Bug: chromium:1004365
Change-Id: Ib6a21457827faafa75be88720c214e5ec483c71b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813028Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63890}

This complements [Shared]ArrayBuffer::GetBackingStore and allows the
embedder to transfer (shared) array buffers using only BackingStores.

Bug: v8:9380
Change-Id: I4714a27e06d5be43aef06dc633f11f2d43e4ee75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811037
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63889}

BUG=v8:6949,v8:9396,chromium:1005400

Change-Id: I18f50fc385dd83c8f1c551d1a3dc32714122eb00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813022
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63888}

It's now set by default if is_msan is set.

Bug: v8:9715
Change-Id: I84e05ff9a495b666292891a12a3ebe485e4a768a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1810558
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63887}

This reverts commit 6f9b2bd4.

Reason for revert: Fails on nvidia bots, blocking LKGR: https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5005

Original change's description:
> [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly
> 
> On-heap typed arrays contain HeapObject value in |base_pointer| field
> and an offset in |external_pointer| field. When pointer compression is
> enabled we want to combine decompression with the offset addition.
> In order to do that we add an isolate root to the external_pointer value
> and therefore the data pointer computation can is a simple addition of
> a (potentially sign-extended) |base_pointer| loaded as Tagged_t value
> and an |external_pointer| value.
> 
> Bug: v8:9706
> Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63874}

TBR=ulan@chromium.org,neis@chromium.org,jgruber@chromium.org,ishell@chromium.org,verwaest@chromium.org

Change-Id: I901280dd191e78d02969600f775c4f0da796921f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9706
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813027Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63886}