Bug: v8:12173
Change-Id: I2983be9133f8ff4d1740e8eba05a3c29d603dfc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168270
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76939}

No-Try: true
Bug: v8:11006
Change-Id: Ie2758849fcb8b19ae34289d3e762094b062f2a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168644Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76938}

See the issue for details.

Bug: chromium:1237821
Change-Id: I847229c3d0a5435f956c97a621991915aafdd4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171156Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76937}

Bug: chromium:1250660, v8:7790
Change-Id: If96ab8879f54549b3b3d92ef2b1c13344dca17b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171154
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76936}

We add table.copy operation to the fuzzed module.

Bug: v8:11954
Change-Id: I7f584335b977ae9bf46f13cb8ddacdcce0824291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168275Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/main@{#76935}

Make GetValueType to generate only function signatures
to avoid default values in new_object.

Bug: v8:11954
Change-Id: Ia6ebdde0a9c10c56afef29d6db3b3266816210e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158222Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/main@{#76934}

When loading the code object entry, we can do a little bit of strength
reduction to avoid a sign extend, `tst` and `lsl` instruction,
especially given Code::IsOffHeapTrampoline::kMask is a single-bit mask
we can use `tbz`.

Change-Id: I89fcd64cb517bf1ba8b43c05e9a784a9237889d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168274Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#76933}

... and move methods that use XXX::cast() there.
This will untangle the include cycle that'll happen in a follow-up CLs.

Bug: v8:11880
Change-Id: Iba46bc9b0e0df9530197f57d0469456eb9006e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164456Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76932}

We add support for array.get, array.set and array.len operation to the fuzzed module.

Bug: v8:11954
Change-Id: Ic8fd89ec7f7f31e70a40bad831567e50ae49f668
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168624Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#76931}

Change-Id: Ie07e626900f8fc8218944be2b33da6fc109adf92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168273
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76930}

This is a reland of b7355768
Issue was fixed with https://crrev.com/c/3165058

Original change's description:
> [x64][ia32] Activate Argument Count Consistency
>
> Activate argument count consistency (receiver is always included in
> JS argument count) for x64 and ia32.
>
> Bug: v8:11112
> Change-Id: If60000b6566846c84f1042473d25d79bf5c86a9d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160198
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76838}

Bug: v8:11112
Change-Id: I7968525dce2d36f94b7c8d066b0729969c55c6fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171151Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76929}

This means we don't need to copy over properties, and accessors stay in
place similar to when we deserialize a custom snapshot.

This slightly changes the semantics of Context::New, so let's see
whether someone depends on this behaviour. We may need to revert if so
(hopefully until we can update the embedder).


Bug: v8:12113
Change-Id: I8325480a00bab5b2bb6ea42274e295b0d4dfc85c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162143
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76928}

Bug: v8:7748
Change-Id: I5b6d8bf0b6dbf88c4762f4d61fb468c3e2898201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168621Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76927}

This is a reland of db95e20b

Changes compared to original:
Only invoke std::memcpy if source is not null.

Original change's description:
> [wasm] Introduce CallInfo in WasmGraphBuildingInterface
>
> The DoCall and DoReturnCall functions implement function calls in
> WasmGraphBuilderInterface. These functions need different arguments
> based on if the call is direct, indirect or call_ref. Right now, these
> arguments are misnamed in some cases, and callers have to pass default
> values for unused arguments.
> This CL tidies up the arguments of these functions by introducing a
> CallInfo class which provides different constructors based on the type
> of the call, where only the required arguments need to be passed.
>
> Change-Id: Ie03de6d3cf253a9baa0369f569589bb91d0b1866
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162606
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76910}

Change-Id: I85cb5479f013e6625adce421d011c0b2ae073260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168626Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76926}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/28f08ad..ae8cb5d

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I1e7b57b7120906e6a1c789a428e199944a0be7dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168365Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76925}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/67d9786..28f08ad

Rolling v8/third_party/aemu-linux-x64: 4_W8oYEfH2jwjpXXJX32HUtITINfNQfevdEMi6HVUm8C..17S2VQDv3RUfAsW4s0c53HyKMVsd-i_1DocJS0aHWu4C

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I39375c01a3ce17bc1d03c0a9563dd6efa27ffb0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168363Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76924}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/48f708c..67d9786

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6b072fa..fa2350f

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9cba73f..cf9d643

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/0faacf9..eb740e9

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c8d8b3e..6f44cf5

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9bcc20f2e6a23805d50d85a667a3c537ce6774b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3170131Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76923}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/66a3c3aa..650e7ad

Bug: v8:7834, v8:12168
Change-Id: I6555baf3a4ec317ee5bca1e159d0ed215d1ef110
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3167031Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76922}

Bug: v8:11589
Change-Id: Id1c068edb2bf0849ad99ecdcd42ce97bcba013d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163281Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76921}

No algorithmic changes, just cleaning up.

Bug: v8:11515
Change-Id: Ib173713a1191d443faf2aebbcc31ff7608823436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151957Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76920}

The recent change in the delegate semantics was incorrectly implemented
in the interpreter. It only checked that the first opcode of the target
block is a 'try': we also need to skip try blocks when we are already in
their 'catch' or 'catch_all' sub-block.
Use the exception_stack instead, since it already only contains indices
of try blocks that haven't reached their handlers yet.

R=clemensb@chromium.org

Bug: chromium:1249306
Change-Id: I15746b4bfabf3dcf04cfe0f2ad438c573cce65e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168622
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76919}

SIMD is now shipped, so we don't need to pass the experimental wasm simd
flag.

Change-Id: I54090cec575da5eecfd2bf9a455ac5d0ef3f146e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169313Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76918}

When the input to F64x2PromoteLowF32x4 is a S128Load64Zero, we can skip
the load + promote, and promote directly with a memory operand. The
tricky bit here is that on systems that rely on OOB trap handling, the
load is not eliminatable, so we always visit the S128Load64Zero, even
though after instruction-selector pattern-matching, it is unused. We
mark it as defined to skip visiting it, only if we matched it.

Bug: v8:12189
Change-Id: I0a805a3fce65c56ec52082b3625e1712ea1ee7cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3154347Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76917}

This is a reland of b06f3832

s/DEFINE_READONLY_BOOL/DEFINE_BOOL_READONLY/

Original change's description:
> [flag] Disable W^X behind --future
>
> Measure the impact of W^X on --future bots
>
> Change-Id: I6f60cc835471fa62ec0871101eca5d3022ece519
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168277
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76908}

Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng,v8_mac_arm64_compile_dbg
Change-Id: Iae6da3a64d19d3c03d565cc94f765bc41e36bfb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168620
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76916}

With this CL it is guaranteed that every time after AllocatedStackSpace
allocates a full page, this page also gets touched.

Background:

On Windows it is required to touch every new memory page on the stack
before adding another memory page. This is implemented in
{AllocateStackSpace}. This was implemented so far by repeatedly
allocating a new page, followed by touching the new page. The last
allocation, which may has up to the size of a page, did not get touched
anymore, with the assumption that allocated stack space will be used
before new stack space gets allocated. However, this assumption is
wrong. In Liftoff, the whole stack space that is needed for a function
gets allocated in the beginning of the function. This stack space may
only be used for spills though, and the spilling may only happen after
the first function call in the function. In this case the callee
function will write to its own stack frame before the stack frame of the
caller gets used.

As written above, the last allocation does not get touched anymore. In
the case that this is a full memory page, this can mean that a full
memory page gets skipped without getting touched. With this CL it is
guaranteed that the last allocation is always smaller than one page, and
therefore it is impossible to skip a full page without touching it as
long as there are no two calls to {AllocateStackSpace} without a {push}
in between.


Bug: v8:12063
Change-Id: If0bb41212e882beb926aac538001b02f179fc03e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168276
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76915}

Change-Id: I8edbc9f3acada00d40b8007c880dfb3d14491744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168356
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76914}

Change base::Optional to an alias of absl::optional. Eventually we
should remove it entirely.

Bug: v8:11006
Change-Id: I687d44cc7e7cd0a49a84bcc207231eb6808eef2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476318
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76913}

Bug: v8:7748
Change-Id: Ic25e7be11cb1a06b160c1abe6d004a4c74b88b49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3167493
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76912}

This reverts commit db95e20b.

Reason for revert: UBSan failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/18300/overview

Original change's description:
> [wasm] Introduce CallInfo in WasmGraphBuildingInterface
>
> The DoCall and DoReturnCall functions implement function calls in
> WasmGraphBuilderInterface. These functions need different arguments
> based on if the call is direct, indirect or call_ref. Right now, these
> arguments are misnamed in some cases, and callers have to pass default
> values for unused arguments.
> This CL tidies up the arguments of these functions by introducing a
> CallInfo class which provides different constructors based on the type
> of the call, where only the required arguments need to be passed.
>
> Change-Id: Ie03de6d3cf253a9baa0369f569589bb91d0b1866
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162606
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76910}

Change-Id: Ie0b288b3cbb66de4858fb7fbf1bc992518e637d0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168284
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76911}

The DoCall and DoReturnCall functions implement function calls in
WasmGraphBuilderInterface. These functions need different arguments
based on if the call is direct, indirect or call_ref. Right now, these
arguments are misnamed in some cases, and callers have to pass default
values for unused arguments.
This CL tidies up the arguments of these functions by introducing a
CallInfo class which provides different constructors based on the type
of the call, where only the required arguments need to be passed.

Change-Id: Ie03de6d3cf253a9baa0369f569589bb91d0b1866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162606Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76910}

This reverts commit b06f3832.

Reason for revert: Typo in mac arm64 config

Original change's description:
> [flag] Disable W^X behind --future
>
> Measure the impact of W^X on --future bots
>
> Change-Id: I6f60cc835471fa62ec0871101eca5d3022ece519
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168277
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76908}

Change-Id: Ia6084a838bc507bc4c988d13d1a991c7604e4653
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168619
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76909}

Measure the impact of W^X on --future bots

Change-Id: I6f60cc835471fa62ec0871101eca5d3022ece519
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168277
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76908}

This fixes the first part of a failing spec test, the other WebAssembly
objects will follow in other CLs.

R=jkummerow@chromium.org

Bug: v8:12227
Change-Id: I7b57b0c518671f0614a88f0477b64e2507435aba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168272
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76907}

The barrier checks whether an object has already been marked and
strongifies all values in case it was. This means that DescriptorArray
elements will not be reclaimed within the current garbage collection
cycle in case a write barrier triggers for the array.

Bug: v8:12133
Change-Id: I33df2f75d75527034a040275b6c55ac0aed94321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158325Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76906}

An initial value for Table.grow is supported by the core spec and does
not depend on a proposal, see [1].

[1] https://webassembly.github.io/spec/js-api/index.html#tables

R=thibaudm@chromium.org

Bug: v8:12227
Change-Id: Ia4f16adc76a0422b2211c069614929a1a70afa76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164979Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76905}

When checking for operand interference, if both operands are slots and
one of them is 128 bit wide, check that the slot ranges don't intersect.

R=nicohartmann@chromium.org

Bug: chromium:1248817
Change-Id: Ib18b6e596dbb23427508b7cc07947a0ab4665e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162141Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76904}

Change-Id: I501d81c461f16ea483d4d2246fceb8b40cae261e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3167310Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76903}

This ports the trap handler implementation for the arm64 simulator
from POSIX to Windows. Apart from different registers being used
for passing parameters, and different access to these register
values in the signal handler, the implementation is exactly the same.

The new logic is being used for sanitizer builds which automatically
target arm64 via the simulator, or if manually compiling an arm64
simulator build on x64. I manually tested the latter.

Also, the existing unit test is enabled for Mac (which was missing)
and Windows now.

R=ahaas@chromium.org, mseaborn@chromium.org

Bug: v8:11955
Cq-Include-Trybots: luci.v8.try:v8_win64_asan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_asan_rel_ng
Change-Id: Ia62405b28808a3cc9f199e3f43a45ffc4bda491b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163256
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76902}

Bug: v8:7790
Change-Id: I7c091ad3fd5e7d9a8c4b306d8559654f3fb06868
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168271
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76901}

Instead of explicitely splitting the cage into two separate regions, we
now just create a single BoundedPageAllocator to manage the entire
address range of the cage, then allocate the first 4GB for the pointer
compression cage.

Bug: chromium:1218005
Change-Id: I02c53ca8b6dda9074ae6caccc74c32bd6271d4d2
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162044Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76900}