Since the equality operator uses the whole encoded bitfield, also the
hash value should use that. Otherwise get get unnecessary hash
collisions, resulting in bad hash table performance (e.g. in the
signature map).

R=manoskouk@chromium.org

Bug: v8:12593
Change-Id: I6f9b8ed1789ee937c90ece15d78b2bf5a3c357a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435189Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78921}

The methods in explicit_management.h should be called via the public
variants in the subtle namespace. Calling the variants in the internal
namespace directly skips asserts and required size coversions. Doing so
may cause misuse of the api that may break GC inernals

Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78920}

- Heap-stats was trying to load the map without explicitly passing in
  the PtrComprBase causing failures with Code objects in external code
  space
- Extend the debugPrint.js tests to run with some more debugging and
  testing flags to prevent future regressions

Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78919}

This makes the bulk memory operations respect the memory type, i.e.
using i64 values for memory offsets if memory64 is enabled.

The called C functions now expect memory offsets to be passed as
{uintptr_t}, such that we can address any memory on all systems. For
64-bit memories on 32-bit systems, the upper half of the 64-bit value is
checked in compiled code before passing the lower half to the C
function.

Liftoff support turned out to be a bit harder than expected, because we
cannot hold three 64-bit values in registers on ia32 (not enough
registers...). Thus implement that in a follow-up CL.

R=thibaudm@chromium.org

Bug: v8:10949, chromium:1281995
Change-Id: Ie77636145f94cc579d479c4e7c346ba3c682679d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427206Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78918}

Each GC thread needs their own instance of ConcurrentAllocator for
allocation. The LAB is always considered thread-local.

Bug: v8:12582, v8:11708
Change-Id: I39200202ec9fd07fa33b3ababa88e84a1a270778
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429294Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78917}

The {WasmCodeManager::Decommit} method is called for ranges that do not
contain any live code any more. Instead of setting permissions to
{kNoAccess} and discarding the pages, do actually decommit them. The
difference is subtle, but decommitting tries harder to actually free the
underlying physical pages (whereas discarding is more a hint to the
operating system).

After both operations, the memory is not accessible afterwards, so any
further access results in a signal, and thus a crash of the process.

R=jkummerow@chromium.org, mlippautz@chromium.org

Change-Id: Iddeda5c4ed864682c4df589b6ea6e359bf03847a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427459Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78916}

* Map may be forwarded here, so use IsMapOrForwardedMap in DCHECK
* Code didn't expect a slot in the map word.

Bug: v8:12578
Change-Id: I8dd9cd57fb1336e0014812b7a2e35dc209f78a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429292Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78915}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/14eee07..1ee7bee

Use Win32 API only for Win32 apps (#1333) (batortaller)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/1ee7bee

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I9d7480c5ede64550b4e8434d62fcc8c29ae038b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435329
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78914}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a0549e2..5ba6fa4

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/d0ad43c..659c7d9

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/60206c4..fa5989b

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/4517697..25ad42a

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/cb91247..853a56c

Rolling v8/tools/luci-go: git_revision:d46a9c7ad4e38935bbacb01602fc1d09a162884b..git_revision:462d0a9cdbe947cd652fcd0c54f64ebc712858a5

Rolling v8/tools/luci-go: git_revision:d46a9c7ad4e38935bbacb01602fc1d09a162884b..git_revision:462d0a9cdbe947cd652fcd0c54f64ebc712858a5

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8442c5410c92fd1029cc13bc89dbd75b08fe4f43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435325
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78913}

This CL adds invalidations for slots that reside in promptly freed or
shrunk storage.

Bug: chromium:1029379
Change-Id: I05e0ede55c202c952b26f452053b8777d1a2ffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431488Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78912}

Conceptually, a full GC cycle completes when the sweeping phase is
finished. As sweeping is performed concurrently, this happens after
Heap::CollectGarbage has returned and, at the latest, before the next
full GC cycle begins. However, an arbitrary number of young GC cycles
may happen in the meantime. Tracing information for the sweeping phase
must be added to the corresponding full GC cycle event. Until now, this
was not done correctly: this information was added to the GCTracer's
current event and could thus be attributed to a subsequent young or full
GC cycle.

This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
cycle (still allowing for full GC cycles to be interrupted by young GC
cycles). These methods are different from (Start|Stop)ObservablePause,
which delimit the observable pause of each GC. The events of "pending"
full GC cycles are kept until they are properly amended and reported,
when the sweeping phase is finished.

This is a reland of 4ad20bff
which was reviewed here: https://crrev.com/3404733

Bug: v8:12503
Bug: chromium:1154636
Change-Id: Icc315b53cff1f3b19b8efe49db34340a5608bcd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432211Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78911}

Change-Id: I251df1abd2f7facc1ee5adad7a7dbf70c1554d22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432985Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78910}

Bug: v8:12494
Change-Id: Iba2684173296aa236f1a1c73a5606c21472eff06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3426634Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Gus Caplan <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78909}

This reverts commit 4ad20bff.

Reason for revert: New test seems to be failing on TSAN/incremental marking stress (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6346/overview)

Original change's description:
> heap: Fix the tracing of GC cycles
>
> Conceptually, a full GC cycle completes when the sweeping phase is
> finished. As sweeping is performed concurrently, this happens after
> Heap::CollectGarbage has returned and, at the latest, before the next
> full GC cycle begins. However, an arbitrary number of young GC cycles
> may happen in the meantime. Tracing information for the sweeping phase
> must be added to the corresponding full GC cycle event. Until now, this
> was not done correctly: this information was added to the GCTracer's
> current event and could thus be attributed to a subsequent young or full
> GC cycle.
>
> This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
> cycle (still allowing for full GC cycles to be interrupted by young GC
> cycles). These methods are different from (Start|Stop)ObservablePause,
> which delimit the observable pause of each GC. The events of "pending"
> full GC cycles are kept until they are properly amended and reported,
> when the sweeping phase is finished.
>
> Bug: chromium:1154636
> Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78905}

Bug: chromium:1154636
Change-Id: Id6688cfe982f9d8159c66d715b7079782a371bed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431489
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78908}

I32x4UConvertF32x4 is also slightly optimized by removing 2
instructions.

Change-Id: Ie61fbd34628beb2410ae3ef916de7c3119c7ad9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429463Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78907}

This is the second step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.

Bug: chromium:1270316, chromium:1271078
Change-Id: Ib4f996024b5200cded155bd8a564d01d36856400
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431485
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78906}

Conceptually, a full GC cycle completes when the sweeping phase is
finished. As sweeping is performed concurrently, this happens after
Heap::CollectGarbage has returned and, at the latest, before the next
full GC cycle begins. However, an arbitrary number of young GC cycles
may happen in the meantime. Tracing information for the sweeping phase
must be added to the corresponding full GC cycle event. Until now, this
was not done correctly: this information was added to the GCTracer's
current event and could thus be attributed to a subsequent young or full
GC cycle.

This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
cycle (still allowing for full GC cycles to be interrupted by young GC
cycles). These methods are different from (Start|Stop)ObservablePause,
which delimit the observable pause of each GC. The events of "pending"
full GC cycles are kept until they are properly amended and reported,
when the sweeping phase is finished.

Bug: chromium:1154636
Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78905}

UpdateDispatchTables is the hottest function during Wasm instantiation,
thus dehandlify it, as it does not allocate on the JS heap anyway. This
saves ~20% of instantiation time locally.

R=manoskouk@chromium.org

Bug: v8:12593
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Change-Id: Ifdd3f8fcd2e31950b591b179a62a0d397c41c339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429205Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78904}

Some of the numeric opcodes have a variadic signature, e.g. table.grow
or table.fill, and soon also the bulk memory opcodes because their
consumed types depend on the memory type.

For those opcodes, remove the signature definition from the opcode macro
lists, because using it might result in bugs.

R=thibaudm@chromium.org

Bug: v8:10949, chromium:1281995
Change-Id: I350e75db7197d97a561f8219cedba5fe85b5c9c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424494Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78903}

This is a reland of 7ddacd68

- Allocate JSObject only after the properties are fully deserialized

Original change's description:
> [web snapshot] Dehandlify more parts of the deserializer
>
> - Use Heap::AddGCEpilogueCallback to update often accessed FixedArrays
>   in the WebSnapshotDeserializer.
> - ReadValue returns now a raw value to avoid handle creation in more
>   cases
> - Drop representation support for now in ReadValue
> - Avoid a few more handles when setting up objects
>
> Bug v8:11525
>
> Change-Id: I6955b56887834bc655bdaa9c390016d9a17db82d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416242
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78862}

Change-Id: I2b64e59df02d4d723f76e157aad045f94a22d2b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427202
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78902}

The CL does following:
1) Makes sure young generation works and tests pass;
2) Provides CollectGarbageInYoungGenerationForTesting() that is needed
   to support remaining tests in Blink;
3) Moved cppgc_enable_young_generation GN flag to v8.gni to refer to it
   from Blink;
4) Bails out from marking TracedReferences in UnifiedHeapMarkingState;
5) Disables (temporarily) prompt freeing for young generation;
6) Fixes remembered set visitation for nullptr|kSentinel slots.

Bug: chromium:1029379
Change-Id: I5165fa22c8a0eaa708ef7a35a9978cb12e1cb13e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429202Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78901}

RecordWrite uses callee saved registers, so only the clobbered registers
need to be saved by the caller.
This change gives us a 1% reduction in embedded blob size for arm64.
No change is seen for arm as the STM instruction can store and load
multiple registers.

Change-Id: I8e41da43851e96d3454a01c7093d76f2e0378214
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406744Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#78900}

Bug: chromium:1206289
Change-Id: Ib0cc2a0d159b763efa4fe33502b0a6562973b430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429501Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78899}

... instead of obj.IsCode() because it's not safe to use the latter
during GC which might have already moved the object.

Bug: v8:11880, chromium:1292688
Change-Id: Idbe973c0b1919a79c6aa66a8f490d952266aa66d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429209
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78898}

Bug: v8:12563
Change-Id: I564c973d5d03c198bffc8edba8d9a3b7ec66c8e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423581
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78897}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6b20164..a0549e2

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/df43e1b..5b0a8cf

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1c33cd6..1e084a5

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9c2e78d..60206c4

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/28e1da2..4517697

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/b9ea102..cb91247

Rolling v8/tools/luci-go: git_revision:ce8e2e60bf68fb270355d04aaa7ce5e644a049b6..git_revision:d46a9c7ad4e38935bbacb01602fc1d09a162884b

Rolling v8/tools/luci-go: git_revision:ce8e2e60bf68fb270355d04aaa7ce5e644a049b6..git_revision:d46a9c7ad4e38935bbacb01602fc1d09a162884b

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I15d6d2055909af6e855251d4624a229451e79e8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427830
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78896}

Change-Id: I89ddf2895619b27e87ee9c808e6f9104a153ebb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429291Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78895}

Fix build breakage of
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20riscv64%20-%20sim%20-%20builder/7023
and
Mark some test SKIP on arm64 for
https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20N5X/17069

Bug: v8:10776
Change-Id: Ia24d7b7397bd48599a63b3a674312b09d1f65ee6
Cq-Include-Trybots: luci.v8.try:v8_linux64_riscv64_rel_ng,v8_android_arm64_n5x_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427297Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78894}

This reverts commit f942f656.

Reason for revert: Breaks gc-stress

Original change's description:
> Reland "[wasm] Resume suspender on resolved promise"
>
> This is a reland of a865d16b
>
> Changes:
> - Make the next ID atomic
> - Leave more space for runtime calls in debug mode
>
> Original change's description:
> > [wasm] Resume suspender on resolved promise
> >
> > Implement the WasmResume builtin, which resumes a wasm suspender
> > when the corresponding JS promise resolves.
> >
> > Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
> > Drive-by 2: Add a stack ID for better tracing.
> >
> > R=ahaas@chromium.org
> > CC=​fgm@chromium.org
> >
> > Bug: v8:12191
> > Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78842}
>
> Bug: v8:12191
> Change-Id: I3c231690b27be79a0c00e13043342bb4a3628886
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427203
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78890}

Bug: v8:12191
Change-Id: I5037419b6cee7a3bb49c1649e5a5d11a935a9b28
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Auto-submit: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429500
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78893}

Change-Id: I62ddb8cfbaa558f4b84288bed5ead2d61456d723
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429211
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78892}

Threshold analysis:
https://docs.google.com/document/d/19xRt6UeRQ-ml0rwDRdY3LED0G2fpi1p4Rh-FH6_YzmU

Bug: v8:12315, chromium:1292983
Change-Id: I00478e16e7c971e0963d750417e7ff06547fada3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429210
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78891}

This is a reland of a865d16b

Changes:
- Make the next ID atomic
- Leave more space for runtime calls in debug mode

Original change's description:
> [wasm] Resume suspender on resolved promise
>
> Implement the WasmResume builtin, which resumes a wasm suspender
> when the corresponding JS promise resolves.
>
> Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
> Drive-by 2: Add a stack ID for better tracing.
>
> R=ahaas@chromium.org
> CC=​fgm@chromium.org
>
> Bug: v8:12191
> Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78842}

Bug: v8:12191
Change-Id: I3c231690b27be79a0c00e13043342bb4a3628886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427203Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78890}

Port 276355cb

Original Commit Message:

    The 32-bit value is zero-extended to pointer size, which is a no-op on
    32-bit systems. The operation changes nothing about the signedness of
    the value, so the old name was a bit misleading.

    We also provide one unified no-op implementation for all 32-bit systems.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ica443175725f12e44e69ad22e5fe347c56ea6c13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429208Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78889}

We often allocate many of them (six digit numbers), and allocating them
in new space causes a lot of GCs.
This CL makes table initialization more than 30% faster for Photoshop,
which again makes each Wasm instantiation ~20% faster.

R=manoskouk@chromium.org

Bug: v8:12593
Change-Id: Ia913079b6412fa718b55c62681ba23751f3934e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429204Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78888}

Previously, when accessing SandboxedPointer fields with the sandbox
disabled, we would always do a ReadUnalignedValue/WriteUnalignedValue.
However, that is only necessary when pointer compression is enabled.
Otherwise, the field will be properly aligned.

This CL also factors out the logic to determine when to use an unaligned
or aligned read/write for a field into two new helper functions.

Bug: chromium:1292669
Change-Id: I2c1af187c5b2699101c3fee9cc551be788d3a845
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429200Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78887}

- Adds a GN flag to enable the feature
- Adds facets to manifest used by d8/unittests
- Adds some DCHECKS
- Uses zx_handle_t type to avoid global initialization/destructor

Bug: v8:11232
Change-Id: Ibd7766abefbf8c213393cf6365c34f9ff4e6ed7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420828Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78886}

This explicitly passes along the break reason when requesting a pause
that is handled via an interrupt. Pushing the break reason is not
enough (as done before), as the reason may be used and consumed on
another pause call that triggers a setPauseOnNextCall.

Fixed: chromium:1292519
Change-Id: If8635c9397a7b9a1e6757be8048c9edc613c27f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427208Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78885}

The ctors dispatch between atomic and non-atomic writes; there's no
need for a default initializer.

Bug: chromium:1292728
Change-Id: I2b4c3341ee2d2682ba0113c8366456147ebc717e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429201Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78884}

This is the 2. CL in a series of CollectGarbage refactoring CLs.

It moves two kinds of callbacks to the epilogue of CollectGarbage:
- Weak second pass phantom callbacks
- GCEpilogueCallbacks

As the prologue callbacks have also been moved outside the GC cycle,
with this CL the need for nesting tracers is eliminated. DCHECKs are
put in place to ensure this.

Bug: v8:12503
Change-Id: I0bc2c0fa0de1b0ffc32b5c648a612c0b3e0e1f3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427199Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78883}

Bug: none
Change-Id: I00903b3d709106b0aa6493bec916c70fa522b529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429199
Auto-Submit: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78882}