Instead of cmov + unconditional store, do a conditional store. At least
on Intel CPUs, this turns out to be significantly faster.

R=jkummerow@chromium.org

Bug: v8:13063
Change-Id: Ib5a89b9b9dbc88ca408a4bafc152d91407bf8d1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776675Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81900}

Bug: v8:11880
Change-Id: I62e3d309721f3de50c15c0a6e39b82831dd46337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780532Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81894}

This CL adds Uint8Array as supported arguments for fast API calls.
It introduces a kUint8 variant to CTypeInfo for use with TypedArrays
only.

Bug: v8:13080
Change-Id: Ie65206078a18acabaafa9c95793f400b8e95373d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767098
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81886}

Change-Id: Idb4f93cb40c6210ce1b8527d2ed0d0d942e15ca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780523
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81877}

This CL fixes macro-asm to take in scratch registers as arguments.

Change-Id: Ib6070c9a9df050ce201d36027a0be44c77a54ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773875
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81832}

... in order to avoid expensive computation of cage_base for Code
objects and in order to avoid issues with wrong cage base values
computed from Code objects in external code space.
Drive-by: cage-bas'ify some accessors in JSFunction and Code.

This is a step towards Code-less embedded builtins.

Bug: v8:11880
Change-Id: I95dd8bcd4680e09c7463e1bc7d72dcbf9f2e5c1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769831Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81788}

... in particular:
 * safepoint table accessors,
 * constant pool accessors,
 * handler table accessors.

This is a step towards Code-less embedded builtins.

Bug: v8:11880
Change-Id: I50c21000a821d0895295e4003ab321ddd8856546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764349Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81779}

This CL refactors simd load/store to accept a scratch register
which will be used in macro-asm.

LE enforced versions of them is also introduced.

Change-Id: I97f4f4870d7889204b1d42cf50de85e234ecae36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3765514Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81757}

Assembler::CheckBuffer() was defined inline in a header file but without
inline linkage, causing an undefined symbol link error on arm64 macOS.

Fixes: https://github.com/nodejs/node-v8/issues/233
Bug: v8:13055
Change-Id: Ifb638705e95de72b2e8d472e7092e88d77cf8ba8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749583
Auto-Submit: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81749}

This CL adds a new vector scratch reg to PPC (v15)
and uses it during Simd swap operations.

Functions are also changed to accept scratch registers
as input.

Change-Id: I0220504ddf154148d2b83207b42ab2b7a794698c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763863Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81733}

Avoid materializing a compressed value into a register if that value is
only used for a compare afterward. Instead, emit it directly as an
immediate on the cml. We can only do this for the Cmp(Register,...)
overload, not Cmp(Operand,...), since the latter already has the lhs as
a complex operand.

Change-Id: I99f192c9919e401164d31d2e2e1c3a0c21a6aaf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762577
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81721}

PPC Simd regs are already using separate set of register banks
on ppc, more details can be found here:
https://crrev.com/c/2718472

Here we are making use of this CL https://crrev.com/c/3005768
(fcd3ef48) and fully separating Simd regs during register allocation.

Member function `toSimd()` is also introduced which will be used
to cast FP regs to Simd regs in liftoff.

Change-Id: Ic5551fb04f37de7fc9501a2f1aba8fb44f622d95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3755213
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81707}

Implements an initial prototype of the Wasm Trace proposal. A custom
section containing offsets to functions is decoded into trace
instructions that are inserted into the function. In Liftoff, these
are directly inserted. In TurboFan, these are added as StackEffect's,
this is a work in progress.

Traces will only be decoded and added when a flag is given to V8,
currently "--experimental-wasm-instruction-tracing". If a trace is ever
not valid or an error occurs, it is safe to just throw them away.

Code Metadata Tool Convention:
https://github.com/WebAssembly/tool-conventions/blob/main/CodeMetadata.md

Design Doc:
https://docs.google.com/document/d/1739a_LXbavBnek7pa0uqhHOCz8IJ56mn2C2Yvbssvkg/edit?usp=sharing

Wasm Trace Proposal:
https://github.com/WebAssembly/instrument-tracing

Bug: chromium:1090122, chromium:1252113
Change-Id: Id4690d8deca482ff0e863761668ffabca159bd29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386604
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81699}

Avoid loading objects with 64-bit movq when they are only being used to
compare against another object with a 32-bit cmp_tagged under pointer
compression.

Change-Id: Ib8ccd093fb49caea3bf1b923b83825626ba0bffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3760447Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81689}

The fast path of Array#toSpliced currently does not correctly initialize
the elements range in the copy's FixedArray elements that will hold the
inserted items. A GC can occur between the initial allocation of the
elements before the inserted items are copied into it, which will fail
heap verification.

This CL also refactors CSA's FillFixedArrayWithSmiZero method to support
only zeroing a portion of a FixedArray instead of the entire thing.

Bug: v8:13035
Change-Id: I1bdb77d3b27f682620b45caa5a9c10ea0072a6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3750321Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81665}

This CL does the following:
- It enables (i.e. allocates and initializes) the per-Isolate
  ExternalPointerTable when the sandbox is enabled.
- It refactors the list of external pointer tags to mark them as
  "sandboxed" or "unsandboxed". An unsandboxed external pointer has a
  null tag.
- It changes V8_SANDBOXED_EXTERNAL_POINTERS to now essentially just
  enable sandboxing for all available tags.
- It modifies all low-level external pointer accessors to perform the
  ExternalPointerLookup only if the tag is non-zero and otherwise treat
  the slot as containing a raw pointer.

This now allows rolling out external pointer sandboxing incrementally
(separately for each external pointer type), which will in turn allow
for more precise performance measurements of the impact of the sandbox.

Note: when an external pointer tag is now marked as sandboxed (and
V8_SANDBOXED_EXTERNAL_POINTERS is not enabled), the underlying slots are
still 64-bits in size. This simplifies the implementation as we would
otherwise need to deal with variably-sized external pointer slots. Local
benchmarking suggests that the benefits from 32-bit external pointer
slots are insignificant on typical benchmarks, so this should be ok.

Drive-by: rename kExternalPointerSize to kExternalPointerSlotSize to
make it more clear what it refers to (the on-heap storage size). Also
delete CodeStubAssembler::InitializeExternalPointerField as it is not
currently used and the implementation is fairly inefficient.

Bug: v8:10391
Change-Id: I7c38729c7e9048d737a1a8ced84749f5b1f7feab
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736447Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81636}

Change-Id: I9cc2df6108b08aacf0b017f85128a9475022cedf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754286
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81625}

Port commit 0ed101e0

Bug: v8:13006
Change-Id: I4e0cba2e9a6cbef6ce01fbc81ce1b1ee71303474
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754284
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#81624}

Mostly src/codegen, src/compiler, src/interpreter, src/libplatform.

Drive-by: Remove some unreachable code.

Bug: v8:13006
Change-Id: I1a9467f7e42531c545f660d35416c388e8ef9d3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749193
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81613}

Port 1f16e67b

Original Commit Message:

    Mostly src/codegen, src/compiler, src/snapshot, src/utils.

R=manoskouk@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I8d3c2296aa82332e854ba6c3c8f99346d9561168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749827
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81586}

Refactor register saving (both general and double registers) as using a
PushAll helper taking a RegList.

Change-Id: I0ccdec091f60988cbdb6893eb9cdda11efd8e1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749176
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81580}

Mostly src/codegen, src/compiler, src/snapshot, src/utils.

Bug: v8:13006
Change-Id: I2fb31acc749a7376e6f2a7424ed2e67ff479d971
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749178
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81575}

Maglev groups all its tagged spill slots together, and the number of
them doesn't change. This means that the generality of the existing
safepoint mechanism is massive overkill for maglev code.

This patch adds a maglev-specific safepoint table, which is the
safepoint of a code object if-and-only-if that code object has maglev
code. This safepoint stores the number of tagged and untagged slots
once, globally, and individual entries are just used for deopts and for
storing the state of pushed registers (this is currently unused, but
will be used in the future for pushing registers in deferred calls).

Bug: v8:7700
Change-Id: I15f84a6e957357825e84e33238f8a36f2e0b3012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747858
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81564}

Change-Id: I7996f49f5358d8be684a39b64020bc6bef82b7bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3739228
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81560}

Atomics.load, Atomics.store, and Atomics.exchange now accept shared
array objects as their 1st argument.

Currently these are implemented in C++ and not yet in CSA.

Bug: v8:12547
Change-Id: I54ed8816a696a4f45dda964739b1cfd917d39dc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723974Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81537}

This is a reland of commit 84e078c6. It fixes an undefined behaviour and guards against NaNs in d8-test.cc.

Original change's description:
> [fastcall] Support EnforceRange annotation
>
> This CL implements checks in case EnforceRange is requested for a
> given parameter by using TryTruncate* operators. It implements 2 such
> truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
> TryTruncateFloat64ToUint32.
>
> Bug: chromium:1052746
> Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81512}

Bug: chromium:1052746, chromium:1341851, chromium:1341891
Change-Id: I21e0e452c92cc93f8b06985a335f409855be0546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743518Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81529}

This reverts commit 84e078c6.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/22000/overview

Original change's description:
> [fastcall] Support EnforceRange annotation
>
> This CL implements checks in case EnforceRange is requested for a
> given parameter by using TryTruncate* operators. It implements 2 such
> truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
> TryTruncateFloat64ToUint32.
>
> Bug: chromium:1052746
> Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81512}

Bug: chromium:1052746
Change-Id: I2218681c7cb5d05dea6d8ac5347b19bc0070c1a6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743514
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81513}

This CL implements checks in case EnforceRange is requested for a
given parameter by using TryTruncate* operators. It implements 2 such
truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
TryTruncateFloat64ToUint32.

Bug: chromium:1052746
Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81512}

The optimization was initially designed to support only the case where
the receiver is the holder, so make this explicit:

Cached properties were implemented before super property access and
Reflect.get, or at least around the same time, not realising it
conflicted. Cached properties are optimizations for known accessors
globalThis.window and globalThis.document. They store the result of
calling those accessors. The result of calling those accessors depends
on the receiver passed to the call, so we shouldn't simply read the
cached property off of the _holder_ of the accessor, but only do so if
the holder is the same as the receiver.

Bug: chromium:1305302
Change-Id: Iea6f4437e09d5a293798041adcb310469589d00f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738744Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81498}

This is a partial reland of https://crrev.com/c/3597106

With this change, an existing Script from the compilation cache can be
reused after its top-level SharedFunctionInfo was discarded, but only if
the new script is parsed on the main thread (not deserialized from code
cache data, and not parsed on a background thread).

Bug: v8:12808
Change-Id: I1edaee2095306a89e2c3b91f2fd01ac053f3c770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689348Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81472}

The set of registers used for Pop/PushCallerSaved is a superset of the
ABI caller-saved registers. In the past it may have been the case that
these extra registers had to be saved, but at this point
Pop/PushCallerSaved is only used for fast C calls from JS, so we can
rely on the C-compiled functions saving callee-saved registers
correctly, and only save ABI-required registers ourselves.

Change-Id: I2a172bdbb381a1485654e54e3561d695b6672ed0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735130
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81467}

On old iPhones, jscvt is not availale. This CL diables jscvt on iOS in
general.

R=tebbi@chromium.org

Bug: v8:13004
Change-Id: Ib2651d7fa43892c06dc8c36e497a8c76344b5051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726297Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81462}

This change is only to get the API in place; the newly added functions
don't yet do anything.

Bug: v8:12808
Change-Id: Ic6a697d4f62c2b61761b2545dae6fcdf37653bbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3681880Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81418}

Defer the branch to load receiver's map from a Smi because it is less
likely to be used as a receiver, especially when the path to handle
Smi receiver is already deferred.

Change-Id: I2b55c146e36e548129a6c5460b55fef32df2c2f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719959Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81346}

If the returned promise rejects, we switch to the suspender's stack and
throw the value.
Re-purpose the WasmOnFulfilled data to also represent the rejecting
case and rename it to WasmResumeData.

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I91a301c3c6d9d243efbfabe7263555e11f0d9277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706606Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81325}

To be able to share external strings, we need to share the external
pointer table in sandbox builds.
To avoid branches at runtime all pointers for external strings are
stored in the shared external pointer table.

Bug: v8:12957
Change-Id: Iaa6be7839a2f5e50f80fd58c5b33fb9c6af61057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695263Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81324}

Change-Id: Ib606da34b76b28fd55811225de47e407a1ebd8ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717551Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81319}

Initial implementation for concurrent shared arrays. Current implementation exposes a `SharedArray` constructor, but its syntax might
change in the future.

Shared arrays can be shared across Isolates, have a fixed size, have no
prototype, have no constructor, and can only store primitives, shared structs and other shared arrays. With this CL shared structs are also allowed to store shared arrays.

The Backing storage for the SharedArrays is a `FixedArrayBase`. This CL introdces a new ElementKind: `SHARED_ARRAY_ELEMENTS`. The new kind should match the overall functionality of the `PACKED_SEALED_ELEMENTS` kind, but having it as standalone kind allows for easier branching in CSA and turbofan code.

Bug: v8:12547
Change-Id: I054a04624d4cf1f37bc26ae4b92b6fe33408538a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585353Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81285}

This is likely just an issue in non-PGO builds, but it might skew
the results locally. JetStream2 seems to profit from this CL.

Change-Id: Id70030074dbabf2669fd42fb5fd9399e8692bed6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716475
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81278}

Change-Id: Ia651b26af419a2187217b8b0f2941ff61a17d247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712913
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81257}