Rename the enum value to avoid variable shadowing.

R=clemensb@chromium.org

Bug: v8:12244
Change-Id: I96a3bee7615b44692bb9edfedf82c6020a803d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181529Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77050}

This adds a few DCHECKs to ensure that the process-wide memory
protection key is not writable (per thread) in a few strategic places:
- Before switching it to writable (which implicitly checks the initial
    state),
- when entering compiled code, and
- in the explicit unit test.

R=jkummerow@chromium.org
CC=mpdenton@chromium.org

Bug: v8:11974
Change-Id: I6037f599afe9009d5e48794eb382eb1979f3ce9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3165060Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76953}

We already have some logic to try to get a reasonable name for the
function when logging code. It looks up the name custom section, and
falls back to the function index. Extract this into a helper, and call
it when disassembly the code.

Bug: v8:12098
Change-Id: Ieebe6594bc3184fa655f878faa0cb67c248d7f56
Fixed: v8:12098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3125355Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76769}

This adds some basic tests for WebAssembly code protection, in four
different configurations:
- no protection
- mprotect-based protection
- PKU-based protection
- PKU with fallback to mprotect

If PKU is not supported by the OS or hardware, then PKU is identical to
no protection, and PKU with fallback is identical to mprotect. We always
execute all four configurations anyway.
If protection is effective, we expect code to be writable within a
{CodeSpaceWriteScope}, and not writable otherwise. When trying to write
to non-writable code, we expect a crash of the process (checked via
{ASSERT_DEATH_IF_SUPPORTED}).

R=jkummerow@chromium.org
CC=​mpdenton@chromium.org

Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Change-Id: I4ec0ce9426f70ff41a292b9ea25be1e8956a670e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3138210
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76726}

We use BuildCCall over CallBuiltin. This improves the performance of
array.copy by up to 2x for small arrays.

Bug: v8:7748
Change-Id: Ibbd6a69267edb229beda1f6de4ff1c48eb38b729
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135580
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76661}

This CL does the following for x64:

- Add seq cst TSAN helpers.

- Refactors codegen's handling of TSAN helpers to also support
  seq cst accesses.

- Perform stores only once instead twice under TSAN, since
  duplicating stores is unsound. Previously this was "fine"
  because all duplicated stores were relaxed. SeqCst stores
  are used for synchronization, however, and duplicating them
  breaks the synchronization.

Bug: v8:7790, v8:11600, v8:11995
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: I43071b0ed516cb0917a10f3b2b9861d74edca041
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103308
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76612}

We snapshot all the code first, then log it without holding the lock.

Change-Id: I8c18b2db56678a9320ea6b63cd06290453c0a66a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097472
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76354}

The combination of --wasm-write-protect-code-memory and MAP_JIT was not
handled correctly. We were trying to unnecessarily switch permissions,
and a DCHECK was failing because the writers count was not increased
previously (because the {CodeSpaceWriteScope} uses a separate
implementation if MAP_JIT is available).

This CL fixes the issues by explicitly setting
{WasmCodeAllocator::protect_code_memory_} to false if MAP_JIT is being
used.

R=jkummerow@chromium.org

Bug: v8:12070
Change-Id: Ifb05ba01f8e2e7781d7c29fe80d1144a3d65543b
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089159Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76233}

On Windows, the overhead of {SetPermissions} (which maps to a
{VirtualAlloc} call) heavily depends on the amount of memory on which
permissions are switched. Hence this CL changes permission switching
to only switch the code regions that are actually needed. This will
increase the number of system calls, but reduce the total size of
switched memory.

On a Unity benchmark, this reduced the lazy compilation time on Windows
from 13.7 seconds to 3.6 seconds (3.0 seconds without write protection).
On Linux, there is no measurable effect, but permission switching
generally seems to have way less overhead on Linux.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I46dd4ae9997587226b3d81166cf2e1128383ab34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077144
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76163}

This is a reland of dcdaf42f. It adds
CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.

Bug: v8:11611
Change-Id: I813fc8de36d1445c6a887abf496ec10e1a803815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953296Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75715}

This is a reland of dacce720

Original change's description:
> [wasm] Fix fallback from PKU to mprotect
>
> The {WasmCodeManager::SetThreadWritable} method would return true if
> called in a nested scope, even if PKU is not available. The caller
> cannot tell then whether permission switching happened or not.
>
> This CL refactors the code to do an explicit check for PKU support, and
> removes the boolean return value from {SetThreadWritable}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11959, v8:11974
> Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75699}

Bug: v8:11959, v8:11974
Change-Id: I7086aa3f1cd12615e6f12bbd061084ecd325eb11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021180Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75707}

This reverts commit dacce720.

Reason for revert: Needs a fix.

Original change's description:
> [wasm] Fix fallback from PKU to mprotect
>
> The {WasmCodeManager::SetThreadWritable} method would return true if
> called in a nested scope, even if PKU is not available. The caller
> cannot tell then whether permission switching happened or not.
>
> This CL refactors the code to do an explicit check for PKU support, and
> removes the boolean return value from {SetThreadWritable}.
>
> R=​jkummerow@chromium.org
>
> Bug: v8:11959, v8:11974
> Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75699}

Bug: v8:11959, v8:11974
Change-Id: I199cf6dd6e12a209649fcf86f922e2500b50bbde
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021179
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75700}

The {WasmCodeManager::SetThreadWritable} method would return true if
called in a nested scope, even if PKU is not available. The caller
cannot tell then whether permission switching happened or not.

This CL refactors the code to do an explicit check for PKU support, and
removes the boolean return value from {SetThreadWritable}.

R=jkummerow@chromium.org

Bug: v8:11959, v8:11974
Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75699}

Since PKU-based switching always switches the permissions for all wasm
code memory in the process, the method should not be on the
{NativeModule} or {WasmCodeAllocator}, but instead on the process-wide
{WasmCodeManager}.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I75a82e51401b2572977c134077e1669cf5077049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021382
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75694}

This is a three-state field now: kTrapHandler, kExplicitBoundsChecks,
kNoBoundsChecks. It is set once based on the flags
(--wasm-bounds-checks and --wasm-enforce-bounds-checks) and depending on
whether the signal handler for wasm trap handling was installed. All
compilation then only uses the field value, and does not need to check
any flags any more.

R=ahaas@chromium.org

Bug: v8:11926
Change-Id: I2c0eb5ecb742ee65d1c10e4dceff7204119dab7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996191
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75558}

Instead, make the array-allocating builtin initialize the object.
This speeds up later stages of Turbofan graph processing, in particular
live range computation.

Bug: v8:7748
Change-Id: Iba0d682922b444b1d6151eeaee8d939821ebc980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983457
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75367}

There is only one global wasm engine, so we do not need to store the
pointer in the NativeModule. We just use {GetWasmEngine()} instead,
which reads the global pointer.

R=jkummerow@chromium.org

Bug: v8:11879
Change-Id: I66dedd571755774d96621b8d20ff23bdfef8134f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983208Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75366}

This is a reland of 0f90a2aa.
The issue was inverted destructor order between WasmCodeManager and
WasmEngine. WasmEngine has to be destructed first, because it contains
a barrier to ensure that background compile threads finished before
global state is being destructed.

Original change's description:
> [wasm] Provide a global WasmCodeManager
>
> The WasmCodeManager was part of the WasmEngine so far, but there is only
> exactly one WasmEngine. Hence we can pull it out, and also remove the
> pointer in the WasmCodeAllocator.
>
> The argument passed from the single constructor call is now inlined in
> the constructor itself.
>
> Drive-by: Replace "GetPlatformPageAllocator()->CommitPageSize()" by just
> "CommitPageSize()".
>
> R=jkummerow@chromium.org
>
> Bug: v8:11879
> Change-Id: I6c0e74cea308f5806d1aa479945d90b6ef8d1613
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972909
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75270}

Bug: v8:11879
Change-Id: I0eaa2395f5c1e30f3f7303c5f3df70c227b74d3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2975859
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75289}

This reverts commit 0f90a2aa.

Reason for revert: Breaks MSAN, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/38941/overview

Original change's description:
> [wasm] Provide a global WasmCodeManager
>
> The WasmCodeManager was part of the WasmEngine so far, but there is only
> exactly one WasmEngine. Hence we can pull it out, and also remove the
> pointer in the WasmCodeAllocator.
>
> The argument passed from the single constructor call is now inlined in
> the constructor itself.
>
> Drive-by: Replace "GetPlatformPageAllocator()->CommitPageSize()" by just
> "CommitPageSize()".
>
> R=​jkummerow@chromium.org
>
> Bug: v8:11879
> Change-Id: I6c0e74cea308f5806d1aa479945d90b6ef8d1613
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972909
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75270}

Bug: v8:11879
Change-Id: I110eec313762d73073f530aec7cf0be82c4db344
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972921
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75274}

Merges `NativeModuleModificationScope` (with an implementation using
Intel PKU, if available, and mprotect otherwise) and
`CodeSpaceWriteScope` (for Apple Silicon, where switching to RWX with
mprotect is disallowed anyway, so MAP_JIT and thread-local switching
must be used).

Because `CodeSpaceWriteScope` sounded better (and is shorter), we kept
its name (which unfortunately makes the diff a bit harder to read).

R=clemensb@chromium.org
CC=jkummerow@chromium.org

Bug: v8:11714

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Change-Id: Ib2a7d18e72797a725ed34b904c70769166d811dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972911Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#75272}

The WasmCodeManager was part of the WasmEngine so far, but there is only
exactly one WasmEngine. Hence we can pull it out, and also remove the
pointer in the WasmCodeAllocator.

The argument passed from the single constructor call is now inlined in
the constructor itself.

Drive-by: Replace "GetPlatformPageAllocator()->CommitPageSize()" by just
"CommitPageSize()".

R=jkummerow@chromium.org

Bug: v8:11879
Change-Id: I6c0e74cea308f5806d1aa479945d90b6ef8d1613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972909
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75270}

In an effort to merge `CODE_SPACE_WRITE_SCOPE` and
`NativeModuleModificationScope`, this CL moves the interface and
implementation of the latter into code-space-access.{h,cc}, where the
former already lives. No other changes to the code itself.

R=clemensb@chromium.org
CC=jkummerow@chromium.org

Bug: v8:11714

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Change-Id: I1aabce26f2033430523a7a3a0a4864e7267bee21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972803Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#75267}

The {WasmCodeManager::CanRegisterUnwindInfoForNonABICompliantCodeRange}
method does not access any information on the {WasmCodeManager} object,
hence make it static.

R=jkummerow@chromium.org

Bug: v8:11879
Change-Id: I9a06ec556825bc7709970b65f22156952fa7f191
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972726
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75246}

The adding of base:: was mostly prepared using git grep and sed:
git grep -l <pattern> | grep -v base/vector.h | \
  xargs sed -i 's/\b<pattern>\b/base::<pattern>/
with lots of manual clean-ups due to the resulting
v8::internal::base::Vectors.

#includes were fixed using:
git grep -l "src/utils/vector.h" | \
  axargs sed -i 's!src/utils/vector.h!src/base/vector.h!'

Bug: v8:11879
Change-Id: I3e6d622987fee4478089c40539724c19735bd625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968412Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75243}

When we pass function arguments on the stack, untagged parameters
"come first", i.e. are put to lower addresses / can be popped off
first. So when a function instructs the stack walker to visit its
parameters (belonging to its caller's frame), it must skip past
any untagged parameters at the top of the caller's frame.

Change-Id: I5a42e4850b0808237ae937c90b0cec930df8571b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964394
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75180}

In the same vein we did tagged stores, we can do tagged loads.

As a drive-by, move GetTSANRelaxedStoreStub to CodeFactory.

Bug: v8:7790, v8:11600
Change-Id: Ic1ef3245623756538eab64c3358047e3797195c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953162
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75145}

M1 hardware uses the CodeSpaceWriteScope (which uses MAP_JIT under the
hood), hence all other memory protection mechanisms should be disabled
there.
Trying to protect code space allocated with MAP_JIT would fail
otherwise, resulting in a CHECK failure.

R=jkummerow@chromium.org
CC=​dlehmann@chromium.org

Bug: chromium:1218782
Change-Id: I626990575c2180168c2e421a93b9f0b035382f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75123}

This is the last CL of the code generated stores.

Bug: v8:7790, v8:11600
Change-Id: If8bbabb422027f938c7acc0bdc12a233dfed580e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950760
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75121}

- Add new Builtin enum
- Move Builtins::Name:kXXX to Builtin::kXXX
- Update existing code

Follow CLs will unify the mix of using int builtin-ids and
Builtins::Name to only use the new Builtin enum and changing it to
an enum class.

Change-Id: Ib39aa45a25696acdf147f46392901b1e051deaa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905592
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74995}

Introduce EmitTSANStoreOOLIfNeeded methods which make it easier on the
eyes in code-generator.cc.

Also pass along the size, which lays the groundwork for the other
instructions e.g. kX64Movq since we don't require the store to be a
Tagged one. This creates new builtins (since we now have a version with
32 bits and another one for 64 bits stores). We can extract the common
code in builtins-internal-gen.cc to de-duplicate the common code.

Bug: v8:7790, v8:11600
Change-Id: I81d80b852ec96b94d170a20f6d61621743b74b32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933664Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74971}

This instruction is a non-standard V8-only experiment for now,
hidden behind the --experimental-wasm-gc-experiments flag.
The motivation is to provide a way to set up non-canonicalized
RTT hierarchies, to enable expressing the type system of Java-like
languages in terms of WasmGC constructs.

Bug: v8:7748
Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74920}

Similar to https://crrev.com/c/2912786, this fixes a high number of
page permission switches (incuring mprotect syscall and lock contention
overhead) by pulling a {NativeModuleModificationScope} outside of a
loop (and across a function boundary).

R=clemensb@chromium.org
CC=​​​jkummerow@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:11663, chromium:932033
Change-Id: I2ec47f3eeeb2ab9624d2eaea9b4e776738871c97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928504Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74906}

Changes:
- Add --experimental-wasm-gc-experiments flag.
- Add array.copy opcode. Implement it in decoding and code generation
  behind the new flag.
- Add WasmCodeBuilder::BoundsCheckArrayCopy. Move BoundsCheckArray to
  the private section.
- Add WasmArrayCopy and WasmArrayCopyWithChecks builtin.
- Add WasmArrayCopy runtime function.
- Add WasmArray::ElementSlot.
- Always print two hex digits in CHECK_PROTOTYPE_OPCODE.
- In test-gc, print the thrown-error message if the function should not
  throw.
- In test-gc, add GetResultObject with one argument.

Bug: v8:7748
Change-Id: I58f4d37e254154596cdef5e78482b55260dd3782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912729
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74806}

Inline the SaveFPMode flag directly into the TSANRelaxedStore stubs:
 - Saves one register for input arguments
 - Avoid branches in the TSANRelaxedStore stubs

Bug: v8:7790, v8:11600
Change-Id: Ib1083f8c1a7e856028ff606ba8c2a93efb10db69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917037Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74781}

This is a reland of 50cbeca9

Relanding as-is, only rebase-related changes. Reason for reland: was
speculatively reverted.

Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}

Bug: v8:7790, v8:11600
Change-Id: Ide78ca82f38ee84bb7d24f5da2b4e8a8bd26621a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914877Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74751}

gcc may throw the following compilation error if UNREACHABLE
is used within a constexpr function:
```
error: call to non-'constexpr' function
                  'void V8_Fatal(const char*, ...)'
```

Bug: v8:11420
Change-Id: I7f8237d00ba1a5d9bd778d45eb833b89cbe8eb24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2906032
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74688}

Inline the RememberedSetAction and SaveFPMode flags directly into the
RecordWrite stubs:
- Save two register for input arguments
- Avoid branches in the RecordWrite stubs

We end up with 2 stubs for the EphemeronKeyBarrier and 4 stubs for
RecordWrite. Due to more inlined calls we have roughly 1KiB more
builtins code for RecordWrite currently. We will address this in the
future by splitting out common code into a separate stub. There is
no additional code size overhead for EphemeronKeyBarrier.

This saves 4 to 8 bytes on x64 per RecordWrite call and 2.5% sparkplug
code size reduction on d3.min.js.

Bug: v8:11420
Change-Id: Ib7170265dd6dd4b3aaf8275083f096e76fae8251
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902731Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74661}

This reverts commit 50cbeca9.

Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3824/overview

Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}

Bug: v8:7790
Bug: v8:11600
Change-Id: I3a4c57a29346fe6c84ec11404d8ff64cfac51a70
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902926
Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74622}

Instead of calling the C function directly from codegen, we call a
builtin that calls the C function. This is done to encapsulate the
push/pop registers in the code in the builtin.

Bug: v8:7790, v8:11600
Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74599}

This is the second CL in a line of two to implement PKU-based
WebAssembly code space write protection. The first CL added two
low-level PKU functions; this CL uses them to grant/withdraw writable
permissions, local to each thread that wants to modify the code space.

In particular, when {--wasm-memory-protection-keys} is enabled, we first
associate a memory protection key with all code pages, which by
default does not allow any write access. Then, before each location that
needs to modify the code space, we open
{NativeModuleModificationScope}s (which are already present for
mprotect-based write protection). When the PKU flag is given, this then
first tries to set permissions of a memory protection key (which is
fast), and otherwise when {--wasm-write-protect-code-memory} is enabled,
falls back to mprotect-based write protection (which is much more
expensive and also not thread-local, but for the whole process).

R=clemensb@chromium.org

Bug: v8:11714
Change-Id: I3527906a8d9f776ed44c8d5db52539e78e1c52fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882800
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74501}