PPC features on V8 are currently only enabled by checking the cpu
type (i.e if >= powerX then set a feature as available).
This CL bypasses the feature list and simply checks if the cpu
type is >= a specific type required by certain instructions.

Specific feature checks (such as FPU) can always be added back to the
list if needed.

Change-Id: Ic7d1f1375c28da507f96f93f879859ef3dbfe512
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048971
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75923}

Adds Integer and FP Sub and Mull.

Change-Id: Ide2cfdbdc308d18011ba5cc6a61cd326c13c09b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048789Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75922}

This reverts commit 0f79565b.

Reason for revert: Still breaking gc-stress...
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/34581/overview

Original change's description:
> Reland "[sparkplug] Enable sparkplug by default on desktop"
>
> This is a reland of 85e6c4b6
> GC-stress issue was flushing, fixed with https://crrev.com/c/3048172.
> Relanding without changes.
>
> TBR=verwaest@chromium.org
>
> Original change's description:
> > [sparkplug] Enable sparkplug by default on desktop
> >
> > Bug: v8:11420
> > Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418
> > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75868}
>
> Bug: v8:11420
> Change-Id: I44ac0e4a5df07db79fa50db3134cdae3af41c88c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053588
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75916}

Bug: v8:11420
Change-Id: I5f96a76392c4ea0d1c9192e697d954de086aa4f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054113
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75921}

  When buid with "is_component_build=true" will failed.
  Add lib atomic into lib in v8_libplatform.
  Move func body into cc file

Bug: v8:11975
Change-Id: Ifb844a82360310aba444504f7012fa0c543a49e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046980
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#75919}

This is a reland of e24fa913
It fixes the heap verification errors by going back to using MakeThin
instead of manually creating a filler (that then makes the verifier
think that this was array left-trimming).

Original change's description:
> [offthread] Template deserializer on Isolate
>
> Make the deserializer class templated on Isolate/LocalIsolate. This
> allows the ObjectSerializer to be split into a main-thread and offthread
> variant, with the latter taking a LocalIsolate.
>
> Eventually, we probably want to anyway split off the code-cache de/serializer
> to a separate implementation (for various reasons), and this the only one that
> wants off-thread finalization, and at this point the deserializer can revert
> back to being un-templated, used only for bootstrapping. However, this is the
> simplest way, for now, to enable off-thread deserialization.
>
> Bug: chromium:1075999
> Change-Id: I49c0d2c5409f0aa58183673785296756c3714f22
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562254
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75834}

Bug: chromium:1075999
Change-Id: I1d81fad2550a2a9f04dd0f9d8e66422d28faf378
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043960Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75918}

This is a reland of 04ae4904,
after the discovered bug has been fixed in a separate CL.

Original change's description:
> [compiler] Enable --turbo-optimize-apply by default
>
> Bug: v8:9974
> Change-Id: I801f55687808bb5bd0c1ad19f37cd97264889962
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035087
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75792}

Tbr: mvstanton@chromium.org
Bug: v8:9974
Change-Id: I2130a648008f9424983762447fbd204bdd767d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054110Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75917}

This is a reland of 85e6c4b6
GC-stress issue was flushing, fixed with https://crrev.com/c/3048172.
Relanding without changes.

TBR=verwaest@chromium.org

Original change's description:
> [sparkplug] Enable sparkplug by default on desktop
>
> Bug: v8:11420
> Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75868}

Bug: v8:11420
Change-Id: I44ac0e4a5df07db79fa50db3134cdae3af41c88c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053588
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75916}

(No new tests since this is covered by existing tests.)

Bug: v8:11111
Change-Id: I274c54faec24d414e7c99199b32a1a3b88d63aa2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053587Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75915}

Bug: v8:11111
Change-Id: I7ff82d1699701dfa38af1da447f0b40a2a2c97b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053586Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75914}

The WebAssembly.Exception constructor creates a WasmExceptionPackage,
which represents an exception thrown from wasm. The first argument is a
WebAssembly.Tag, and the rest are the values to encode in the exception.

R=jkummerow@chromium.org

Bug: v8:11992
Change-Id: I1327b2e4545159397ffe73a061aa577608167b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049074Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75912}

Bug: v8:7790
Change-Id: I066e24482b94d7747c5bdc46a43db98e6bddf097
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035094
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75911}

Bug: v8:7790
Change-Id: I7633711033c66964549cdf03255ac667569e3aee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035092
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75910}

R=jgruber@chromium.org

Bug: v8:12010
Change-Id: Idb64bd673dd28dd3ef9103efea902413b4de7f67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051611Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75909}

FindFrameStateBefore can return a FrameState or Dead.

Bug: chromium:1232668
Change-Id: I2a21a1cd4dce9053250c1940177834ce6d2cb55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053582
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75907}

The stability dependency should be taken on the primitive wrapper map,
not the primitive map (which is guaranteed to remain stable).

Note that the primitive wrapper map itself *also* stays stable; but
changing the position of the call here avoids having to think deeply
about this at all in the future.

Bug: v8:7790
Change-Id: I9b79b9df0d8d49f0c6249c6cd906142bda1ff5cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053578Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75906}

The implicit ToObject operation should only be done on the receiver.
The remaining prototype chain is already guaranteed to not contain
primitives (besides null).

Bug: v8:7790
Change-Id: I6706c7648e201e8f99a1f27f98989db96a359c4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041672Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75905}

With baseline code flushing we also need to hold baseline
data in IsCompiledScope. IsCompiledScope is used in places where we
don't want bytecode / baseline code to be flushed.

Change-Id: I692cdc5fc433dedeabcfc412d9f96d76148ddbe3
BUG: v8:12009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048172
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75903}

This is a reland of b99fe75c.
The test is now skipped on non-SIMD hardware.

Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
>           the register. This is a bit cleaner, and I first thought that
>           this would be the bug.
>
> R=jkummerow@chromium.org
> CC=​thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}

TBR=zhin@chromium.org
CC=jkummerow@chromium.org, thibaudm@chromium.org

Bug: chromium:1231950, v8:12018
Change-Id: I662b62fafe99389be7a6c23b970fdf3768f866cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051610Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75901}

This reverts commit b99fe75c.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/43105

Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
>           the register. This is a bit cleaner, and I first thought that
>           this would be the bug.
>
> R=​jkummerow@chromium.org
> CC=​​thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}

Bug: chromium:1231950, v8:12018
Change-Id: I4e7a9d6fa6809b7c4d9be919cd5698737d784849
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049085
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75900}

Change-Id: I8d3b2e1bc5d3e5f437bc8f1bc50299459fbc7ad9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049084Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75899}

This extends https://crrev.com/c/2917612 also for SIMD, which
(sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
As part of this CL, that method is renamed to {GetEffectiveAddress}
which IMO is a better name. Also, it just returns a register to make the
semantic of that function obvious in the signature.

Drive-by: When sign extending to 32 bit, only write to the W portion of
          the register. This is a bit cleaner, and I first thought that
          this would be the bug.

R=jkummerow@chromium.org
CC=​thibaudm@chromium.org

Bug: chromium:1231950, v8:12018
Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75898}

Handle large frames by doing an explicit check to see if there is enough
remaining stack space before the stack limit.
The bailout which can be removed then is being triggered on more than 1
percent of all functions, so this is expected to improve compile time by
several percent, because we avoid the costly TurboFan compilation for
those >1%.

R=ahaas@chromium.org

Bug: v8:11235
Change-Id: I935998f7676647572598b52c989f7d41cc5239a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046180
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75897}

This is a reland of 1f0b0ed0

No actual code has changed in the relands.

The change was reverted due to triggering flaky failures in
WebMediaPlayerImplTest which was not set up properly. The test setup
has been fixed in https://crrev.com/c/3025796.

Original change's description:
> Reland "heap: Fix initial GC configuration for C++-only heaps"
>
> This is a reland of 7ef67b2e
>
> Manually checked that the CL was not the culprit breaking
>   media_blink_unittests --gtest_filter=WebMediaPlayerImplTest.MemDumpReporting
>
> Original change's description:
> > heap: Fix initial GC configuration for C++-only heaps
> >
> > Heaps in V8 start with a large limit that is shrunk upon young
> > generation GCs, based on some liveness estimate. This provides best
> > throughput during startup while at the same time finding a reasonable
> > first limit.
> >
> > For C++ (embedder memory) there is no estimate which is why it was
> > piggy-backing on V8. This breaks in scenarios where no JS memory is
> > allocated.
> >
> > In this fix we start a memory reducer after embedder memory has hit
> > the activation threshold if no GC happened so far. As soon as a single
> > Scavenger has happened, we leave it up to the JS estimate to figure
> > out a limit. Memory reducing GCs will then find a regular limit based
> > on the initial live size.
> >
> > Drive-by: Give embedders the same activiation threshold of 8MB as JS.
> >
> > Bug: chromium:1217076
> > Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75012}
>
> Bug: chromium:1217076
> Change-Id: I482d8525379e33095834d5b41be8bb49bdd8a5d4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949094
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75048}

Bug: chromium:1217076
Change-Id: If920d6b2c54a0c9d67e55e276421e4694eb1414e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960218Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75894}

This CL adds support for classes with methods.

More specifically:
- A new ValueSerializer is added and classes are serialized separetely
from functions, although the common parts are handled in the same way
and abstracted away.
- The function prototype is serialized as an object and any missing
information is set up again during deserialization.
- FunctionFlagsToFunctionKinds() is updated to allow for more function
kinds.
- Context serialization is updated to support serializing BlockContexts
and creating ScopeInfos of type CLASS_SCOPE.
- Map serialization is updated to support properties with custom
attributes.

Bug: v8:11525, v8:11706
Change-Id: I16ca7cbc17b1811721081cda05124ce36073f9be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3006416
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75893}

Change-Id: Ibc2756484717804f67658156b750d9bbd18266fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049352Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75892}

Change the folded interrupt check to be on JumpLoop only, to avoid
calling it from Return. The call from Return could cause spurious stack
overflows, which interacted poorly with async functions that had already
resolved their promise.

Now the bytecode budget interrupt function is split into two functions,
one which does the stack check and one which doesn't. The former is
still called from JumpLoop, the latter is called from Return.

Bug: chromium:1231952, chromium:1232105
Change-Id: I8c4e2937f64b5f8fdbd6c1fcb2a76ec5f090ae3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049076Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75891}

Starting with Simd Add ops which are ported to liftoff.

Change-Id: I2128303accf9bc47812560f5aa38b5ccfc2e3e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049070Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75890}

Change-Id: I04a950d196070ce8661e95b3e2b00802a5000870
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042044Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75888}

Enabling --turbo-optimize-apply breaks tests because we are
passing the wrong receiver;
in JSCallReducer::ReduceCallOrConstructWithArrayLikeOrSpread
we create a Call node with the wrong ConvertReceiverMode, we
pass kNullOrUndefined while it should be kAny. This may break
calls to API or in general calls to functions that use the
receiver.

Bug: chromium:1231108, v8:9974
Change-Id: Ib35a1bf8746ad254b6d63274f3ae11b12aa83de8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043690
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75886}

The AsyncStackTrace had some magical self-healing where it'd try to not
stitch together async stack traces when the instrumentation seemed to be
broken. This silent self-healing however seems to be broken itself, and
instead of papering over the problem we should fix instrumentation bugs
when they are observed.

Fixed: chromium:1231064
Change-Id: I2bcc85679abdbe6f4df4866cb951c5f6cefb4f67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048181
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75885}

Change-Id: Ic4cb7a6c626426ec40b26adcf70ec2c7efc7b4ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041619Reviewed-by: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75884}

Change-Id: I00da20528553e4135681790998c03126931bca9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042719
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75883}

This reverts commit a5fd60e1.

Reason for revert: As per crbug/1213374 this is not applied consistently. E.g. wrapping object into an array will bypass access checks. With the crrev/c/3041424 however, only accessible properties are shown in console, so logging a restricted object is no longer unsafe.

Original change's description:
> Calls to {console} require an access check for the provided arguments
>
> This CL adds an access check for the arguments to all calls to
> {console} like {console.log}. This is needed since the DevTools
> protocol notificiation event does not contain the context in which
> the {console.log} call occurred. Only the context of the argument.
> When DevTools then reads properties for the preview of the argument,
> it uses arguments context, instead of the calling context, potentially
> leaking objects/exceptions into the calling context.
>
> Bug: chromium:987502, chromium:986393
> Change-Id: I6f7682f7bee94a28ac61994bad259bd003511c39
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741664
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63122}

Bug: chromium:987502, chromium:986393, chromium:1213374
Change-Id: I92a8bb7663ff97de8831ddeb2c8560fb9fa1c12e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046189Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75881}

Now that we have advanced division algorithms, we can implement
a divide-and-conquer strategy for toString-conversions, to make
their complexity sub-quadratic.
For example, this speeds up `(2n ** (2n ** 21n)).toString().length`
from 9400 ms to 200 ms on my laptop.

Bug: v8:11515
Change-Id: Id20f7f2928dc7308609f4c1688f32b252e04f433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017805Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75880}

As an optimization, RegisterWeakReferenceIfNeeded checks whether the
target object is marked, and only registers it if it's not marked.
The target object may still be under construction, in which case
checking the mark bit will race with allocating the object.

Bug: chromium:1056170, chromium:1232339
Change-Id: I0a41afba7f48f288f708441176f89509a81ebb09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048171
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75879}

Bug: v8:11111
Change-Id: I41a318d3858e48035ae67e937420e2963a13d871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035091
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75878}

This is a reland of 84d5b027

It removes support for 8-byte types which were causing
unaligned reads.

Original change's description:
> [fastcall] Implement support for TypedArray arguments
>
> This CL adds TypedArrays as supported arguments for fast API calls.
> It implements "exact type" matching, i.e. if Float32Array is expected
> and e.g. Int32Array is passed instead, the generated code bails to the
> slow callback.
>
> Bug: chromium:1052746, chromium:1018624
> Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75756}

Bug: chromium:1052746, chromium:1018624
Change-Id: I872716d95bde8c340cf04990a3e4ae8ec8cd74a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035090Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75877}

This properly threads through the `executionContextId` to the request
reported to the DevTools front-end, similarly to how we already report
the `executionContextId` as part of `Runtime.bindingCalled`.

Bug: chromium:1231521
Change-Id: I0a003041aedd8ec661d1b07cdddbcd1f2866a99f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046187
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75875}

devtools

Bug: chromium:1213374
Change-Id: Ie064873e8a3998aad01120022e39e93dba0cb729
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041424
Commit-Queue: Danil Somsikov <dsv@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75874}

Replaces includes of v8.h with more fine-grained includes and moves the
deoptimizer.h include to the places that actually need it.

Bug: v8:11879
Change-Id: Ifc2e89caf455ddcf559fdb449d0fed7ad0d046d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045706Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75873}