This CL replaces most uses of the V8_EMBEDDED_BUILTIN define
by a new read-only runtime flag called FLAG_embedded_builtins.

The flag is true iff V8_EMBEDDED_BUILTINS is defined.

Bug: v8:6666
Change-Id: Ifcc909dc9b028a2c967f8a0e45029df5e71072df
Reviewed-on: https://chromium-review.googlesource.com/1122401
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54156}

Embed a hash of the embedded blob at serialization-time, and verify it
when loading the blob.

Drive-by: Keep the size of the blob trimmed, and only page-align for
dynamic page allocation and freeing during mksnapshot.

Bug: v8:6666
Change-Id: I10b6064f4f2847d4cc400f6f1bd6961194985b8f
Reviewed-on: https://chromium-review.googlesource.com/1019144
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52707}

The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}

Access to the constant pool of off-heap builtins must use
Instruction{Start,Size} instead of the raw instruction_{start,size}
accessors, and we need to copy the constant_pool_offset field when
creating trampolines.

This in turn required access to the embedded blob without an
associated isolate, which is now implemented by global variable set by
each isolate. Both writes and reads are relaxed, as races do not
matter since each isolate will attempt to set the same value of the
blob and its size.

Drive-by: Support off-heap code disassembly.

Bug: v8:6666,v8:7575
Change-Id: I4f203acd4dc128339cf2dd54b3253d9552616649
Reviewed-on: https://chromium-review.googlesource.com/973442
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52209}

This is a reland of f1b1ec70

Original change's description:
> [builtins] Remove off-heap builtins from the snapshot
>
> This CL is the final major step towards shipping off-heap-safe builtins
> embedded into the binary.
>
> Prior to snapshot serialization, we now:
> * create the embedded blob containing off-heap instruction streams,
> * use that to generate embedded.cc (containing embedded binary data),
> * replace off-heap-safe builtins with trampolines,
> * and serialize those into the final snapshot.
>
> The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
> targets on deserialization.
>
> Bug: v8:6666
> Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
> Reviewed-on: https://chromium-review.googlesource.com/950775
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51960}

TBR=yangguo@chromium.org,mstarzinger@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_mac64_dbg,v8_mac64_rel
Bug: v8:6666
Change-Id: Id9954af3c8195754ff3658c4603858904fcf88c4
Reviewed-on: https://chromium-review.googlesource.com/964481
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52006}

This reverts commit f1b1ec70.

Reason for revert: Tentative revert for https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8.fyi%2FV8-Blink_Mac%2F13696%2F%2B%2Frecipes%2Fsteps%2Fwebkit_unit_tests%2F0%2Fstdout

Original change's description:
> [builtins] Remove off-heap builtins from the snapshot
> 
> This CL is the final major step towards shipping off-heap-safe builtins
> embedded into the binary.
> 
> Prior to snapshot serialization, we now:
> * create the embedded blob containing off-heap instruction streams,
> * use that to generate embedded.cc (containing embedded binary data),
> * replace off-heap-safe builtins with trampolines,
> * and serialize those into the final snapshot.
> 
> The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
> targets on deserialization.
> 
> Bug: v8:6666
> Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
> Reviewed-on: https://chromium-review.googlesource.com/950775
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51960}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org

Change-Id: I58dd4bf9a99d37416855b48807150e1dd9ecd9e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/964363Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51962}

This CL is the final major step towards shipping off-heap-safe builtins
embedded into the binary.

Prior to snapshot serialization, we now:
* create the embedded blob containing off-heap instruction streams,
* use that to generate embedded.cc (containing embedded binary data),
* replace off-heap-safe builtins with trampolines,
* and serialize those into the final snapshot.

The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
targets on deserialization.

Bug: v8:6666
Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
Reviewed-on: https://chromium-review.googlesource.com/950775
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51960}

It turns out that with the help of Code::Instruction{Start,End,Size}
helpers, we don't need custom profiler methods.

InstructionStream is now all-static.

Bug: v8:6666
Change-Id: I59e1d2d2cb72c128725a1ed03f11506d40e76224
Reviewed-on: https://chromium-review.googlesource.com/947973
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51837}

This is a reland of 6afd25ff

Original change's description:
> [builtins] Execute binary-embedded builtin code
>
> This CL creates trampolines into binary-embedded builtins on
> isolate-creation, if --stress-off-heap-code is passed.
>
> Note that this still overwrites existing code objects with the
> off-heap trampoline, and that off-heap builtins still exist both in
> the snapshot and the binary. Addressing these points are the next
> steps.
>
> Drive-by-change: More efficient off-heap code lookups now that the
> off-heap memory area has a contiguous and static layout.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
> Bug: v8:6666
> Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86
> Reviewed-on: https://chromium-review.googlesource.com/947969
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51809}

TBR=mstarzinger@chromium.org

Bug: v8:6666
Change-Id: I4e0684de90733e5f18f6f0ea4832e327d03dfbf7
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/955595Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51835}

This reverts commit 6afd25ff.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20-%20fyi/builds/1437

Original change's description:
> [builtins] Execute binary-embedded builtin code
> 
> This CL creates trampolines into binary-embedded builtins on
> isolate-creation, if --stress-off-heap-code is passed.
> 
> Note that this still overwrites existing code objects with the
> off-heap trampoline, and that off-heap builtins still exist both in
> the snapshot and the binary. Addressing these points are the next
> steps.
> 
> Drive-by-change: More efficient off-heap code lookups now that the
> off-heap memory area has a contiguous and static layout.
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
> Bug: v8:6666
> Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86
> Reviewed-on: https://chromium-review.googlesource.com/947969
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51809}

TBR=mstarzinger@chromium.org,jgruber@chromium.org

Change-Id: I18276541b468b9d2b2a1366ccd287822e96b6df7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/956042Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51816}

This CL creates trampolines into binary-embedded builtins on
isolate-creation, if --stress-off-heap-code is passed.

Note that this still overwrites existing code objects with the
off-heap trampoline, and that off-heap builtins still exist both in
the snapshot and the binary. Addressing these points are the next
steps.

Drive-by-change: More efficient off-heap code lookups now that the
off-heap memory area has a contiguous and static layout.

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:6666
Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86
Reviewed-on: https://chromium-review.googlesource.com/947969
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51809}

These helpers support off-heap code objects, for which they return
start, end, and size of the off-heap instruction stream.

Bug: v8:6666
Change-Id: Ib5e819d976eee3073b0354b8d8ce324b691f1b15
Reviewed-on: https://chromium-review.googlesource.com/937281
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51572}

Off-heap code may have pc values that are not within
[instruction_start, instruction_end]. Handle these kinds of objects in
heap Code lookup functions.

Bug: v8:6666
Change-Id: Ib7a58f962ef6311c48234e506a35485fd5966814
Reviewed-on: https://chromium-review.googlesource.com/934184
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51518}

If enabled, this mode moves code for isolate-independent builtins off
the JS heap at Isolate creation. The Code object itself is rewritten
to tail-call the off-heap instruction stream.

Drive-by-fix: Support lazy deserialization in asm-wasm instantiation.

Bug: v8:6666
Change-Id: Ic109527ff478cfc6e8942e924413fc7532da6eaf
Reviewed-on: https://chromium-review.googlesource.com/888562Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51015}