Introduce new state kCollectionStarted in CollectionBarrier. This state
is used during Heap::PerformGarbageCollection. It stops threads from
requesting GC when the GC was already started. This happens because a
background thread only requests the GC after it parked itself - the GC
could be started in-between those two events.

Bug: v8:10315
Change-Id: I59cf3d4ea41c7a2c37ffce89c5b057221a2499e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474858
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70572}

This reverts commit 02849fd9.

Reason for revert: Breaks Win64 MSVC bot and closes the tree - https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15416

Original change's description:
> cppgc-js: Add snapshot for C++ objects
>
> The following implements a snapshotting algorithm for C++ objects that
> also filters strongly-connected components (SCCs) of only "hidden"
> objects that are not (transitively) referencing any non-hidden
> objects.
>
> C++ objects come in two versions.
> a. Named objects that have been assigned a name through NameProvider.
> b. Unnamed objects, that are potentially hidden if the build
>    configuration requires Oilpan to hide such names. Hidden objects have
>    their name set to NameProvider::kHiddenName.
>
> The main challenge for the algorithm is to avoid blowing up the final
> object graph with hidden nodes that do not carry information. For that
> reason, the algorithm filters SCCs of only hidden objects, e.g.:
>   ...  -> (object) -> (object) -> (hidden) -> (hidden)
> In this case the (hidden) objects are filtered from the graph. The
> trickiest part is maintaining visibility state for objects referencing
> other objects that are currently being processed.
>
> Main algorithm idea (two passes):
> 1. First pass marks all non-hidden objects and those that transitively
>    reach non-hidden objects as visible. Details:
>    - Iterate over all objects.
>    - If object is non-hidden mark it as visible and also mark parent
>      as visible if needed.
>    - If object is hidden, traverse children as DFS to find non-hidden
>      objects. Post-order process the objects and mark those objects as
>      visible that have child nodes that are visible themselves.
>    - Maintain an epoch counter (StateStorage::state_count_) to allow
>      deferring the visibility decision to other objects in the same
>      SCC. This is similar to the "lowlink" value in Tarjan's algorithm
>      for SCC.
>    - After the first pass it is guaranteed that all deferred
>      visibility decisions can be resolved.
> 2. Second pass adds nodes and edges for all visible objects.
>    - Upon first checking the visibility state of an object, all deferred
>      visibility states are resolved.
>
> For practical reasons, the recursion is transformed into an iteration.
> We do not use plain Tarjan's algorithm to avoid another pass over
> all nodes to create SCCs.
>
> Follow ups:
> 1. Adding wrapper nodes for cpp objects that are wrappables for V8
>    wrappers.
> 2. Adding detachedness information.
>
> Change-Id: I6e127d2c6d65e77defe08e39295a2594f463b962
> Bug: chromium:1056170
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467854
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70567}

TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org

Change-Id: I64a2cf2259bdaed81f6e0f92bdcc7a1f0df4d197
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479471Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70571}

... and add respective regression tests.

This CL also adds similar regression tests for TransitionArray but it
doesn't have the same issue as DescriptorArray.

Bug: chromium:1133527
Change-Id: I668a90f126d76af0a39816ce8697cb29bc65d01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465833Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70570}

Executable V8 pages include 3 reserved OS pages: one for the writable
header and two as guards. On systems with 64k OS pages, the amount of
allocatable space left for objects can then be quite smaller than the
page size, only 64k for each 256k page.

This means regular code objects cannot be larger than 64k, while the
maximum regular object size is fixed to 128k, half of the page size. As
a result code object never reach this limit and we can end up filling
regular pages with few large code objects.

To fix this, we change the maximum code object size to be runtime value,
set to half of the allocatable space per page. On systems with 64k OS
pages, the limit will be 32k.

Alternatively, we could increase the V8 page size to 512k on Arm64 linux
so we wouldn't waste code space. However, systems with 4k OS pages are
more common, and those with 64k pages tend to have more memory available
so we should be able to live with it.

Bug: v8:10808
Change-Id: I5d807e7a3df89f1e9c648899e9ba2f8e2648264c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460809Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#70569}

This is a reland of ff61743f

Original change's description:
> [heap] Refactor marking weak object worklists
>
> This CL extracts weak object worklist related code into separate files
> and uses a macro to specify all weak object worklists in a generic way.
>
> The motivation of the refactoring is twofold:
> 1) We can now enforce that each weak object worklist is updated after
>    Scavenge. (Forgetting to define the update function causes a link
>    time error.)
> 2) The reduced boilerplate will be useful for transitioning to the
>    new ::heap::base::Worklist.
>
> Change-Id: Ic80a7ccca010c09370d6525f43d78de24192f8ea
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442624
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70308}

Change-Id: I8a9f39e53ef4123dd28a1da6f7992cdff341f694
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461741Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70568}

The following implements a snapshotting algorithm for C++ objects that
also filters strongly-connected components (SCCs) of only "hidden"
objects that are not (transitively) referencing any non-hidden
objects.

C++ objects come in two versions.
a. Named objects that have been assigned a name through NameProvider.
b. Unnamed objects, that are potentially hidden if the build
   configuration requires Oilpan to hide such names. Hidden objects have
   their name set to NameProvider::kHiddenName.

The main challenge for the algorithm is to avoid blowing up the final
object graph with hidden nodes that do not carry information. For that
reason, the algorithm filters SCCs of only hidden objects, e.g.:
  ...  -> (object) -> (object) -> (hidden) -> (hidden)
In this case the (hidden) objects are filtered from the graph. The
trickiest part is maintaining visibility state for objects referencing
other objects that are currently being processed.

Main algorithm idea (two passes):
1. First pass marks all non-hidden objects and those that transitively
   reach non-hidden objects as visible. Details:
   - Iterate over all objects.
   - If object is non-hidden mark it as visible and also mark parent
     as visible if needed.
   - If object is hidden, traverse children as DFS to find non-hidden
     objects. Post-order process the objects and mark those objects as
     visible that have child nodes that are visible themselves.
   - Maintain an epoch counter (StateStorage::state_count_) to allow
     deferring the visibility decision to other objects in the same
     SCC. This is similar to the "lowlink" value in Tarjan's algorithm
     for SCC.
   - After the first pass it is guaranteed that all deferred
     visibility decisions can be resolved.
2. Second pass adds nodes and edges for all visible objects.
   - Upon first checking the visibility state of an object, all deferred
     visibility states are resolved.

For practical reasons, the recursion is transformed into an iteration.
We do not use plain Tarjan's algorithm to avoid another pass over
all nodes to create SCCs.

Follow ups:
1. Adding wrapper nodes for cpp objects that are wrappables for V8
   wrappers.
2. Adding detachedness information.

Change-Id: I6e127d2c6d65e77defe08e39295a2594f463b962
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467854
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70567}

Fuzzers might randomly call OS methods to create or remove
directories. This leads to spurious results when doing differential
fuzzing, but it could be potentially harmful to the system during
normal fuzzing.

This drops OS methods in d8 on fuzzers.

Bug: chromium:1138594
Change-Id: Ia3a8c4e3d06c76ccdc50ead1d361338e13ddf1bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474790Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70566}

Change-Id: Ic54046824d4f3c98caa8381d2ece46c9985a2b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475734Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70565}

This reverts commit cdc8d9a5.

Reason for revert: The regression test is too slow:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/30454

Also gcc failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug/9528

Original change's description:
> [TurboProp] Avoid marking the output of a call live in its catch handler
>
> The output of a call won't be live if an exception is thrown while the
> call is on the stack and we unwind to a catch handler.
>
> BUG=chromium:1138075,v8:9684
>
> Change-Id: I95bf535bac388940869eb213e25565d64fe96df1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70562}

TBR=rmcilroy@chromium.org,neis@chromium.org

Change-Id: I0f6b9378d516a70401fc429fb3612bbf962b0fb2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1138075
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479007Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70564}

The sp register's value should be modified to drop all the args
from the stack.

Change-Id: I7410d325523427d765eb0640e14acede5589284f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479222Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70563}

The output of a call won't be live if an exception is thrown while the
call is on the stack and we unwind to a catch handler.

BUG=chromium:1138075,v8:9684

Change-Id: I95bf535bac388940869eb213e25565d64fe96df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70562}

Align the library with the current blink implementation.
TraceStrongly takes a WeakMember and strongifies it so that the
referenced objects is retained.
This is used in blink during tracing of some weak collections.

Bug: chromium:1056170
Change-Id: I306f84fc37a856d309bccc7f544750abb2bdc7c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479003
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70561}

This is a reland of 44708a5b

Original change's description:
> [compiler, heap] Create LocalHeap outside of ExecuteJob
>
> Create LocalHeap directly in the Task or in GetOptimizedCodeNow and
> pass its reference as argument to ExecuteJob. This allows us to create
> LocalHeap differently for the main and background thread, e.g. by
> passing an additional argument to the constructor in the future.
> It will be required in the future anyways when the main thread will
> have its own LocalHeap/LocalIsolate.
>
> Extending the scope of LocalHeap, also made
> HandleBase::IsDereferenceAllowed more precise and uncovered two
> potential issues: heap accesses in
> OptimizingCompileDispatcher::CompileNext and PipelineImpl::AssembleCode
> with --code-comments.
>
> LocalHeap can now be created in the parked state. Also fixed a data
> race with LocalHeap's destructor publishing write barrier entries
> without holding the lock.
>
> Bug: v8:10315
> Change-Id: I9226972601a07b87108cd66efbbb6a0d118af58d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460818
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70521}

Bug: v8:10315
Change-Id: I4c459fd6dfb98d47fc9941c0dc6864bf5a1d2d3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474788Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70560}

This reverts commit 8f7e9158.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20node.js%20integration%20ng/10707?

Original change's description:
> [debugger] Try to trigger pause-on-oom flakes with an extra printf
>
> We have an issue that we can't repro locally. Enable back the
> pause-on-oom tests with an extra printf with DEBUG. We will be able to
> better assess the failures when they appear on the bot.
>
> Bug: v8:10876
> Change-Id: I066539c4b5865ecb6f2e589e9543e8c9ebd4830b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474782
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70558}

TBR=rmcilroy@chromium.org,petermarshall@chromium.org,solanes@chromium.org

Change-Id: I1b8a146d9496e889957636456b383f8d496658dc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10876
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479004Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70559}

We have an issue that we can't repro locally. Enable back the
pause-on-oom tests with an extra printf with DEBUG. We will be able to
better assess the failures when they appear on the bot.

Bug: v8:10876
Change-Id: I066539c4b5865ecb6f2e589e9543e8c9ebd4830b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474782Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70558}

- Use kNoBuiltinId instead of literal -1.
- Remove support for non-embedded builtins.
- Update Code object layout comment.

Bug: v8:10933
Change-Id: Ie75c6ccc0a0f19348ae214249a8fc81f7e91df0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474115
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70557}

The UMA sampling profiler prefers unique symbol addresses, otherwise
disambiguation is fairly arbitrary (lexicographic).

To this end, introduce a dedicated symbol v8_code_start_for_profiler_
at a unique address (i.e. no other symbol is located at this address).

Bug: v8:6666
Change-Id: Iec13ccac64efc7ac3f63e29632ee8f6300bcb76b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464926
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70556}

Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/ea3ab7b..eb94f1c

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d6e2fed..53ad43e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b7c1c3f..957c117

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6e970e5..39d870e

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/26211a5..8cd0fc1

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Icf10ea4c489ca2eab5f810cfd2788abdf1b02945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476866Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70555}

Bug: v8:10993
Change-Id: I678db8916ddc36f6325534b6d467f35038241e4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2453458Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70554}

https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
     Revised predictions for Morocco's changes starting in 2023.
     Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
     Macquarie Island has stayed in sync with Tasmania since 2011.
     Casey, Antarctica is at +08 in winter and +11 in summer.
     zic no longer supports -y, nor the TYPE field of Rules.


Bug: chromium:1137864, chromium:1138117
Change-Id: I6076a993fcd755074ddcfa5321b78aa5f043337b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476681
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70553}

This is merged into the proposal, move it out of post-mvp flags, and
remove any ifdefs guarding it.

Bug: v8:10993
Change-Id: I4c82e3fc17c97735d5417fa4a5d85d7f091fbb8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2453457Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70552}

read_prefixed_byte is used mostly to read an entire prefixed opcode, it
writes the number of bytes of the opcode index (without prefix byte) to
the out param length. Change it so it writes the total number of bytes
(including the prefix byte), as that is what most callers want (they add
1 after calling read_prefixed_byte).

Bug: v8:10810
Change-Id: I914190ecae62e3547652accdc05d1cef3686fff4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476678Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70551}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4af5c07..d6e2fed

Rolling v8/third_party/aemu-linux-x64: 7vSUW_nuKSjSwu_SJlXmDCOkdOAMe1nyjgN02vO04jEC..ZGsmd0k3ijPxG9j-pwQg-yGF3zXYYOUD1L40GuIoAjEC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/01898ca..b7c1c3f

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/aba3f0d..84fb34e

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I0f8a89cc765cc1998d76ad764d81c08680dbb0e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473661Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70550}

Rename AddSaturate and SubSaturate to the shorter version, AddSat and
SubSat, following the spec.

Bug: v8:10946,v8:10933
Change-Id: Idf74b3a1eb2e2f6d4e37d2b8e5fa6d96ea090db4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436615Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70549}

This should hopefully fix V8 DEPS upgrade.

Bug: chromium:1137662,chromium:1080854
Change-Id: If069e4ea567a023006472371177ff7b32737153a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476654
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70548}

Bug: v8:10933
Change-Id: I3a0526e4744b7a36d03d2bfd182616969b9db12b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2466377
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70547}

Some of the tests were incorrectly using DCHECK for assertions, we want
these checks to run in all configurations, not only in DEBUG.

Change-Id: I41ab7c7f1aa9fe3947255fc107437fa48f304e5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473579Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70546}

This is the first change in the process of implementing import
assertions per https://tc39.es/proposal-import-assertions/.

This CR adds support for the empty form of the AssertClause.

Also added is a --harmony-import-assertions flag to enable/disable
import assertions.  For now, the feature is off by default.

The next change will enable the parser to handle a non-empty list
of AssertEntries.

Bug: v8:10958
Change-Id: I0832d89effc27225aa4430605a51690461daf7ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2468623Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70545}

Prefixed opcodes have a 1 byte prefix, followed by LEB-encoded u32. This
changes all prefixed opcodes (gc, numeric, atomic), to that. (Simd was
already so.)

We can clean up read_prefix_opcode to return the total number of bytes,
1 byte prefix + leb encoded, that will be in a future patch.

Bug: v8:10810,v8:10994
Change-Id: Ia74604acc059c1336b87e9f477598732de219ca9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465057Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70544}

Bug: chromium:1138117
Change-Id: I7b4f5de864ede23672b9c5032556e71a85e09d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476533Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70543}

Instead of decoding in each branch, move the decoding up in scope, since
all branches do the same decoding.

Bug: v8:10933
Change-Id: I99ef03e4271cc111428f9a243f61b26af6f85780
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2472758Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70542}

- Shortcut return when argc < param_count
- Simplify return code due to PopAndReturn invariant

Change-Id: Ie41d559cdbe0ba2cc4fdbfbbb622b0aec8429f03
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474777
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70541}

"std/stw" must always store to a memory address.
Destination cannot be another register.

Change-Id: I424bd535033937b3876f58ca5a4530aeac43e182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476064Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70540}

This reverts commit 6227c95e.

Reason for revert: Breaks Mac64 GC stress - https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8866365194967638384/+/steps/Check_-_d8/0/logs/call-ref/0

Original change's description:
> [wasm-gc] Implement call_ref on WasmJSFunction
>
> Changes:
> - Introduce turbofan builtin WasmAllocatePair.
> - Implement call_ref for WasmJSFunction in wasm-compiler.cc.
> - Remove WasmJSFunction trap.
> - Improve and extend call-ref.js test.
>
> Bug: v8:9495
> Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70535}

TBR=clemensb@chromium.org,manoskouk@chromium.org

Change-Id: Ifad2cd8185df5e8d6766cefbcd3f28234a157dfb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9495
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475735Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70539}

Expressions like `foo() = 42` are specified as syntax errors but due to
web compat must be kept as runtime errors.

Bug: v8:10976
Change-Id: If2b549a3a1c35248c46319fa0e898872d40789a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2471979
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70538}

test-heap-profiler/AllocationSitesAreVisible was disabled unnecessarily
for quite some time. With a minor fix, it's possible to validate that
an AllocationSite can be seen through the heap profiler interface.

Change-Id: I0ac6c218da12ab268bd08c65926149f5c00e5b06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474778
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70537}

In certain situations a phi might not be used by later code, and so
is neither spilled nor has a register allocated to it. Handle this
by removing the incorrect DCHECK.

BUG=chromium:1137979,v8:9684

Change-Id: I702dc05dba22e23dac5c1a366a770f18bac45c52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2471998
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70536}

Changes:
- Introduce turbofan builtin WasmAllocatePair.
- Implement call_ref for WasmJSFunction in wasm-compiler.cc.
- Remove WasmJSFunction trap.
- Improve and extend call-ref.js test.

Bug: v8:9495
Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70535}

When merging blocks in the mid-tier register allocator, try to avoid
spilling registers if we can instead introduce a gap move to move the
register choosen to hold a virtual register to the register that is
holding that virtual register in the successor block. This gives
around 1.5% speedup on Octane.

BUG=v8:9684

Change-Id: I352d1e0e2c3b89ab6bd203d76339b93ef474028f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2466117
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70534}

Bug: v8:11023
Change-Id: I0722338c6d82b665120f9ef8c7076e0c4983b4c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474773Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Cr-Commit-Position: refs/heads/master@{#70533}