Subtracting RSP to allocate stack space is not safe on Windows, where we could subtract several pages away and the value could not be committed yet in memory yielding a segfault. We use the macro assembler AllocateStackSpace instead.

Change-Id: I69ac9d96c57af57276b480a33c7cefa81fc018a7
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2166169
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67442}

RegExpMacroAssembler::GetCode returns a Handle<Object>. However, that
Handle is almost immediately dereferenced, and is stored as a bare
Object in both RegExpCompiler::CompilationResult and RegExpCompileData.

This makes SpiderMonkey's rooting hazard analysis somewhat
antsy. While RegExpCompileData is alive on the stack, the hazard
analysis will not allow any calls that might GC, because it isn't
smart enough to prove that the code field can't be clobbered by a GC.

As far as I can tell, there is no real hazard here, but storing a
Handle in RegExpCompileData instead of a bare Object will simplify SM
and prevent a future patch from accidentally breaking something.

Bug: v8:10406
Change-Id: I9642dd05c591bfd23b340a89df2f2bf5c9fcac2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161578Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67441}

When RO_SPACE is to be shared, this constructs SharedReadOnlySpace
object (via ReadOnlySpace::DetachPagesAndAddToArtifacts) that contains
the shared artifacts and the original ReadOnlySpace is destroyed. This
is mostly a conceptual change and SharedReadOnlySpace behaves
identically to ReadOnlySpace (and subclasses it).

Also adds ReadOnlyArtifacts that contains the shared artifacts and which
is stored as a std::weak_ptr in a global so it can be destroyed when all
std::shared_ptrs to it are destroyed. Since this allows the ReadOnlyHeap
to be reconstructed when all Isolates are destroyed,
ReadOnlyHeap::ClearSharedHeapForTest is removed along with all uses
since that is now done automatically.

The ReadOnlyArtifacts class now owns all the shared artifacts and is
responsible for deleting them on exit (mostly via unique_ptr).

Bug: v8:10454
Change-Id: I2fe7110a4ab9cf8719dd198bafc1d083bee641b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154204
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67440}

Make sure to set the right page flags on pages merged from off-thread
LO space have the right flags set -- in particular, the marking bit.

Bug: chromium:1011762
Change-Id: I595a3afb5e40d92b8d4c26c7671a43ea8e9e94d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169096
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67439}

Change-Id: I4d6ea687d78516d2bac2abc82230e0fe8379d4b9
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2113378
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67438}

... by making sure we deopt when the buffer is detached.

Bug: chromium:1074736
Change-Id: I86e4e63014767766d7c079c3a3e38d947c76ef10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168874
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67437}

This reverts commit 6a0e7224.

Reason for revert: Fails noi18n: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/31513

Original change's description:
> [regexp] Limit the size of inlined choice nodes
> 
> Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge
> code objects. This effect can be further magnified through inlining,
> leading to exponential code growth in the size of the pattern.
> 
> This CL is a (fairly hacky) way to avoid exponential growth. We
> recognize choice nodes with 'many' choices and disable inlining for
> them. In the future we should fix this properly, either by using the
> code size budget correctly, or by improving codegen for property
> escapes.
> 
> Bug: v8:10441
> Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67433}

TBR=yangguo@chromium.org,jgruber@chromium.org

Change-Id: I503b8b2be539468d86e4ec1ac13074cd1c06a5cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10441
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169101Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67436}

Bug: v8:10404, v8:7793
Change-Id: I7ed5fc790bd97af0dd3671669779e416101731ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162877
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67435}

Port 97a4b795
https://crrev.com/c/2162366

Port f8be9948
https://crrev.com/c/2166959

Change-Id: Id0cebfe0761ff75fb95c9ceacf95e53fee12eb73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168978Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#67434}

Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge
code objects. This effect can be further magnified through inlining,
leading to exponential code growth in the size of the pattern.

This CL is a (fairly hacky) way to avoid exponential growth. We
recognize choice nodes with 'many' choices and disable inlining for
them. In the future we should fix this properly, either by using the
code size budget correctly, or by improving codegen for property
escapes.

Bug: v8:10441
Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67433}

This enables comparing single runs from the direct command line ouptut
generated by --runtime-call-stats

No-Try: true
No-Presubmit: true
Change-Id: Ieac06bbd95c2a73f8064af161fe35f6fb083648f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170093
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67432}

This reverts commit 43b885a8.

Reason for revert: Still fails on UBSan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10873

Original change's description:
> Reland "[turbofan][csa] optimize Smi untagging better"
> 
> This is a reland of ff22ae80
> 
> Original change's description:
> > [turbofan][csa] optimize Smi untagging better
> > 
> > - Introduce new operator variants for signed right-shifts with the
> >   additional information that they always shift out zeros.
> > - Use these new operators for Smi untagging.
> > - Merge left-shifts with a preceding Smi-untagging shift.
> > - Optimize comparisons of Smi-untagging shifts to operate on the
> >   unshifted word.
> > - Optimize 64bit comparisons of values expanded from 32bit to use
> >   a 32bit comparison instead.
> > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> >   right-shift to enable better address computations for Smi indices.
> > 
> > Bug: v8:9962
> > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67378}
> 
> Bug: v8:9962
> Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67430}

TBR=neis@chromium.org,tebbi@chromium.org

Change-Id: I49e19811ebcecb846f61291bc0c4a0d8b0bc4cff
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168876Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67431}

This is a reland of ff22ae80

Original change's description:
> [turbofan][csa] optimize Smi untagging better
> 
> - Introduce new operator variants for signed right-shifts with the
>   additional information that they always shift out zeros.
> - Use these new operators for Smi untagging.
> - Merge left-shifts with a preceding Smi-untagging shift.
> - Optimize comparisons of Smi-untagging shifts to operate on the
>   unshifted word.
> - Optimize 64bit comparisons of values expanded from 32bit to use
>   a 32bit comparison instead.
> - Change CodeStubAssembler::UntagSmi to first sign-extend and then
>   right-shift to enable better address computations for Smi indices.
> 
> Bug: v8:9962
> Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67378}

Bug: v8:9962
Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67430}

SFI::DisableOptimization can only be called on certain function kinds.
Update %NeverOptimizeFunction to crash/do nothing if these conditions
are not fulfilled in normal/fuzzing configurations.

Bug: chromium:1074689
Change-Id: I371dd539e27447ede48c69d0480a3d224071b304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169926Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67429}

Implement move semantics for the LocalAllocationBuffer as noted in
the comments. Also moved Close() invocation out of the assignment
operator and renamed it to CloseWithFiller().

Bug: v8:10315
Change-Id: Idc36fb7923e1f8857c05ec5d5110fa16087b07e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170087Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67428}

This removes the {RedirectToWasmInterpreter} runtime function and the
respective method from {WasmDebugInfo}.
Some tests test specifically the interaction between compiled code and
the interpreter. They are irrelevant now and are deleted.

R=thibaudm@chromium.org

Bug: v8:10389
Change-Id: I38330fcb523f7c65968fdf03abc60af3392bdcc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164793
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67427}

This is a reland of ad5b005e

Original change's description:
> [snapshot] Expose the serializer through %SerializeDeserializeNow
>
> ... in order to exercise the snapshot/ component from mjsunit tests
> and fuzzers.
>
> * Since the serializer and deserializer can now be called at any time
> instead of only in a tightly controlled environment, several
> assumptions (such as an empty execution stack, no microtasks, no
> handles) no longer hold and had to be made configurable through
> SerializerFlags.
>
> * Root iteration now skips more root categories which were previously
> guaranteed to be empty (e.g. the stack, microtask queue, handles).
>
> * The %SerializeDeserializeNow runtime function triggers
> serialization, deserialization, and heap verification on the current
> isolate and native context.
>
> Support is not yet complete and will be extended in future work. Once
> all mjsunit tests successfully run, we can add a new test mode to
> stress serialization.
>
> Bug: v8:10416
> Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67423}

Tbr: delphick@chromium.org,ulan@chromium.org
Bug: v8:10416
Change-Id: Ibed04c0f0b72fabcf811d8b18a1479391a11568b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170090Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67426}

This adds the following:
1) Heap object structure classes: RawHeap, BaseArena and BasePage.
   - freelist
   - linear allocation block
2) ObjectAllocator, a class responsible for object (and page) allocation.

The design doc with UML design: https://bit.ly/2VVTcqc

User defined arenas are followup.

Bug: chromium:1056170
Change-Id: I69a82974bd08e3cf3da90041b1628297cc890891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167392
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67425}

This reverts commit ad5b005e.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/36070?

Original change's description:
> [snapshot] Expose the serializer through %SerializeDeserializeNow
> 
> ... in order to exercise the snapshot/ component from mjsunit tests
> and fuzzers.
> 
> * Since the serializer and deserializer can now be called at any time
> instead of only in a tightly controlled environment, several
> assumptions (such as an empty execution stack, no microtasks, no
> handles) no longer hold and had to be made configurable through
> SerializerFlags.
> 
> * Root iteration now skips more root categories which were previously
> guaranteed to be empty (e.g. the stack, microtask queue, handles).
> 
> * The %SerializeDeserializeNow runtime function triggers
> serialization, deserialization, and heap verification on the current
> isolate and native context.
> 
> Support is not yet complete and will be extended in future work. Once
> all mjsunit tests successfully run, we can add a new test mode to
> stress serialization.
> 
> Bug: v8:10416
> Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67423}

TBR=ulan@chromium.org,jgruber@chromium.org,delphick@chromium.org

Change-Id: Ie30b94c9ec6e4463bed6cc87dd6525f469fdf84a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170089Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67424}

... in order to exercise the snapshot/ component from mjsunit tests
and fuzzers.

* Since the serializer and deserializer can now be called at any time
instead of only in a tightly controlled environment, several
assumptions (such as an empty execution stack, no microtasks, no
handles) no longer hold and had to be made configurable through
SerializerFlags.

* Root iteration now skips more root categories which were previously
guaranteed to be empty (e.g. the stack, microtask queue, handles).

* The %SerializeDeserializeNow runtime function triggers
serialization, deserialization, and heap verification on the current
isolate and native context.

Support is not yet complete and will be extended in future work. Once
all mjsunit tests successfully run, we can add a new test mode to
stress serialization.

Bug: v8:10416
Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67423}

Upon receiving a memory pressure signal V8 performs one GC and also
schedules three follow-up GCs. This may be problematic for performance
if the memory pressure signals are generated periodically.

This patch makes V8's memory pressure handler more lightweight by doing
only one GC.

Bug: chromium:1072746
Change-Id: I242534bd2c27a68188bb5e3a6b4092118c1b486c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169930Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67422}

The blink use counter callback requires a current native context to
exist, and will crash if that is not the case. We can fix this V8 by
deferring the count. A cleaner (future) fix would be to either pass
the native context to the callback, or remove the requirement in
blink.

Bug: v8:9496,v8:10460
Change-Id: I8832d02088ba422c3a27638cee4dacbaaf6f39b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167394Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67421}

For a zero-length BackingStore allocation, it is valid for the
underlying memory to be a null pointer. However, some cleanup
is still necessary, since the BackingStore may hold a reference
to the allocator itself, which needs to be released when destroying
the `BackingStore` instance.

Change-Id: I1f168079d39e4592d2fde31fbe5f705586690e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169646Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67420}

The interpreter will be moved to be test-only, hence
--wasm-interpret-all also needs to be removed.

Since we don't have any non-compiling tier any more, we also remove the
implication from --jitless to --wasm-lazy-compilation. Instead, we add
another CHECK that we can't be in jitless mode if we trigger any wasm
compilation.

All tests that just ran other tests and additionally passed
--wasm-interpret-all become redundant and are deleted. Also all
regression tests that explicitly specify --wasm-interpret-all are not
needed any more.

R=thibaudm@chromium.org

Bug: v8:10389
Change-Id: I5ddf20a842117a6c05e277a5308f5cfe42e6bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164792
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67419}

This CL removes all debugging capabilities from the API provided by
WasmDebugInfo:
- setting and removing breakpoints
- stepping
- stack inspection

The WasmDebugInfo is still kept, since it's used from tests to
instantiate the interpreter.

R=thibaudm@chromium.org, bmeurer@chromium.org

Bug: v8:10389
Change-Id: I297bfc8df2104dae8b9f9f9b13078026c47698da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164791Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67418}

Bug: v8:8179, chromium:1074621
Change-Id: I26e2e2cef7ae2b1e43526c4cfc2592cc0f6d688f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169412
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67417}

PerformPromiseAll doesn't set iteratorRecord.[[Done]] to true if
Promise.resolve is not callable. This makes Promise.all call
IteratorClose.

BUG=v8:10452

Change-Id: Icbe17416a733f68ef09f1c610d715f544c2a3b8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164789Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67416}

This reverts the changes made in

https://chromium-review.googlesource.com/c/v8/v8/+/1695465
https://chromium-review.googlesource.com/c/v8/v8/+/1776078

We originally moved this protector to the native context to avoid
cross-native-context pollution of protector state. Ideally,
invalidating a protector in one NC should not affect any other NC.

But as it turns out, having the protector on the NC causes more
problems than it solves since all affected callers now need to find
the correct native context to check. Sometimes (e.g. in CSA regexp
builtins) it is possible to blindly check the current NC, but the
reasoning behind this optimization is tricky to understand.
Sometimes, fetching the correct NC is not possible due to access
restrictions. These implementation complexities outweigh the (unknown)
potential performance benefits.

In the future we should attempt to move away from the protector
concept for these kinds of checks.

Bug: chromium:1069964,v8:9463
Change-Id: I2cbb2ec7266282165dae5e4a6c8bdbda520c50a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157382Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67415}

Bug: v8:9909
Change-Id: Ic6c26558c58630f0600ddf82e973d97f5414792b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2166959Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/master@{#67414}

Due to lack of testing environment before, there are some bugs in the
implementations of wasm-simd on mips64 platform, this CL fix them
according to the test on Loongson 3A4000.

Change-Id: I59ab6315987fc94a06cf0bf23754f5c593879532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162416
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67413}

This changelist makes the GDB-stub actually execute GDB-remote commands, by
accessing the Wasm engine state. More precisely:
- class GdbServer registers DebugDelegates that receive debug notifications when
  a new Wasm module is loaded, when execution suspends at a breakpoint or for an
  unhandled exception.
- Since the GDB-remote commands arrive on a separate thread, all
  queries from the debugger are transformed into Task objects, that are posted
  into a TaskRunner that runs in the Isolate thread.
- class WasmModuleDebug contains the logic to retrieve the value of globals, locals, memory ranges from the
  Wasm engine and to add/remove breakpoints.

Build with: v8_enable_wasm_gdb_remote_debugging = true
Run with: --wasm-gdb-remote
Test with: python tools\run-tests.py --outdir=out\debug_x64 debugging -j 1

Bug: chromium:1010467
Change-Id: I9703894620a027d3c920926db92e2ff809d84ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941139Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#67412}

Bug: v8:9909
Change-Id: I066621f12ce594280f6f43bc526988e55729eefa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162366Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#67411}

Port ab547021

Original Commit Message:

    - Adds kFPReturnRegister0 for all platforms.
    - Reworks linkage.cc to assign return registers to the proper
      register type, using the new FP return register.

R=bbudge@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I549f408ff1d0eed604c7bd38518f31dadb5d01f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168356Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67410}

This is a reland of 7ae30cb7

Original change's description:
> [heap] Skip memory reducer on AdjustAmountOfExternalAllocateMemory
>
> V8 performs GC based on external memory limit. Additionally triggering
> memory reducing GCs may be problematic for large heaps and increases
> the chances of multiple V8 isolates performing GCs after
> IsolateInBackgroundNotification.
>
> Bug: chromium:1072746
>
> Change-Id: I7649a176504803ba666e6367b008593bbcfe6312
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159488
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67398}

Bug: chromium:1072746
Tbr: mlippautz@chromium.org,hpayer@chromium.org
Change-Id: Ieccd77c868a8b5d5613e6c4b7e70fdb4bcff3044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165763Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67409}

Extend the flag parameter with a bit that decides if the input should
be converted (-0 to 0, and a string to the array index it represents).
Instruct redundancy elimination to never replace x with CheckBounds(x)
when this CheckBounds is of the converting kind.

Bug: chromium:1070892, chromium:1071743
Change-Id: I3125a6e267d56dae6bf6cb2f5f52d27ef65d7c79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157365
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67408}

Bug: v8:9909
Change-Id: I4bb2250125a1686295460813979196175c43c3b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165874
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67407}

This relands commit 1a38573f.

The original change used a sequence of instruction in the test that
could not be scalar lowered properly.

Original change's description:
> [arm] Change fp_fixed registers to be allocatable registers
>
> fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
> need to be allocatable, so that they can be correctly marked as fixed
> and spilled as required. The previous value of fp_fixed2, d29, is not in
> the list of allocatable double registers, and not marked as fixed
> appropriately.
>
> One fix could be to extend the list of allocatable double registers, but
> there is a comment there saying that the list is kept even-length to
> make stack alignment easier. So rather than messing with that, we
> instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
> the only user, this is a simpler change.
>
> Bug: chromium:1070078
> Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67372}

Bug: chromium:1070078
Change-Id: I02bb4b3ad03817318cbd0ee706c5ef4f20c845ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165867Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67406}

This patch has the following improvement on v8.browsing_mobile:
- total-main-thread:duration improved by 1.7%
- js:duration improved by 1.3%

Change-Id: I1cdf2c181bfd991b67f31c5c2f32e3c2f909c67e
Bug: v8:9684, v8:10431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149433
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67405}

Rolling v8/third_party/depot_tools:
https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2b2aec6..dd2f620

The roller is blocked since a few weeks, but we need this roll now to
fix a depot_tools version mismatch between the presubmit bots on CQ and
on the waterfall.

R=zhin@chromium.org
TBR=machenbach@chromium.org,tmrts@chromium.org
NOTREECHECKS=true

Bug: chromium:1075618
Change-Id: Ib3e4b2ad4d79a1b35db1b320c7f7aa682b1eab90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2166198
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67404}

The category name changed in https://crrev.com/c/2159690 (in
depot_tools), hence presubmit tests start failing whenever someone
touches a file which still refers to the old category.

R=zhin@chromium.org
TBR=machenbach@chromium.org

No-Try: true
No-Tree-Checks: true
Change-Id: I62813a42d63e512d421c4fe94229d04a56056978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165760Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67403}