Bug: chromium:1228233
Change-Id: I7868cefd2123261f144d61e322a233ed460100ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026717
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75732}

TBR=hablich@chromium.org, vahl@chromium.org

Change-Id: Ibf751a42269f4bc5febc12ac4e0e3d03ade260a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3029086Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75731}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2d99938..a0ffb5c

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/6803464..bb27865

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/a5feaf6..333cca2

Rolling v8/third_party/aemu-linux-x64: m4sM10idq7LeFHXpoLKLBtaOZsQzuj63Usa3Cl9af1YC..LVzqlcQA3SZ_in57BIRK96jsF2AlRnyVHndAywtOCA8C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2814ff3..f61fac0

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/4ae2535..9a8087b

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/9d0a403..9ae36fe

Rolling v8/tools/luci-go: git_revision:8b8a9a6040ca6debd30694a71a99a1eac97d72fd..git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f

Rolling v8/tools/luci-go: git_revision:8b8a9a6040ca6debd30694a71a99a1eac97d72fd..git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f

Rolling v8/tools/luci-go: git_revision:8b8a9a6040ca6debd30694a71a99a1eac97d72fd..git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ic5336234ae14fd3dcab93b94f433ba1cf1ee76a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027047Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75730}

Change-Id: I9b0f746e68924d22bdd2c0f693a9b0e8b078a4f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026035Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#75729}

This test is only testing a d8-specific feature, so there's no need to
test it under a wide variety of conditions. And at the moment its
flakiness in the arm64/debug/simulator config are blocking the v8 roll.

Change-Id: I35456989f7875331a415ca3ff478c67a8e7e79bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027743
Commit-Queue: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75728}

Bug: v8:11985
Change-Id: I2d9cd602d9ef2491f0a757773bd4b110b03a064d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3028381
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75727}

Change-Id: I25ac85bdc6a72b8527fa84770bce70cfc390c047
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027222Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75726}

This reverts commit 0b091e9b.

Reason for revert: Causes Web Platform Test failures, blocking roll
E.g., https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/12616/overview

Original change's description:
> [wasm][eh] Rename Exception to Tag in the JS API
>
> See:
> https://github.com/WebAssembly/exception-handling/issues/159
>
> This change only does the rename where it's observable. This should also
> be renamed throughout the codebase for consistency and will be done
> separately.
>
> R=​ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75718}

Bug: v8:8091
Change-Id: Id2067e1cdc33fa657ef738ef5fafad84057f7209
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027261
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75725}

Previously we had passed kOnEntryBreakpointPosition as a marker through
the regular SetBreakPointForScript() logic and handled that specially in
WasmScript, however this instrumentation breakpoint is special and gets
in the way of returning more information about a regular breakpoint in
case of crbug.com/700516, so I decided to just isolate that into it's
own method, especially since the only user already special-cases Wasm
anyways.

Bug: chromium:1162229, chromium:700516
Change-Id: Ie7966c1701365a4b03710d6dc32cc8278577ee3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026711
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75724}

This CL includes the following changes:
- Avoid using `UniqueRegister` as much as possible
- Try to group opcodes under Binary or Unary when possible

Separate selectors are added to use `UniqueRegister` when necessary
mainly when `Temp` registers are used. This is to make sure temp, dst
and src registers are allocated differently and cannot be overwritten
during codegen.

Some codegen ops had to also be modified to avoid using `Temp`
registers.

Change-Id: I4d5bdec58cb4874e7c3d344091cde8c8a9a4d01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024149Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75723}

If the debugger is disabled for an isolate, we first remove all
breakpoints for that isolate, and then tier up the module (if there is
no other isolate that keeps it tiered down).
During the first step, functions might get recompiled since the
set breakpoints change. This is not needed in case we will tier-up the
module afterwards anyway. It also triggers a DCHECK if we reinstall
debugging code even though the module is already marked "tiered up".

This CL avoids the installation of debugging if the module is not tiered
down, and also slightly modified the condition for installing new code
when tiered-up (to allow overwriting debugging code with non-debugging
code even if it's the same tier).

R=thibaudm@chromium.org

Bug: chromium:1228628
Change-Id: I83828d4186e299f779a858006eafa3dbc7966c35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026707Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75722}

Port of https://chromium-review.googlesource.com/c/v8/v8/+/3024146 to arm.

Adds DCHECKs after emitting any code on the heap.

Bug: v8:11872
Change-Id: Ia8186143e3caca17a25f8fb23c378e64cc248095
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024158Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75721}

JSHeapBroker::ReadFeedbackForCall() - it may be that the JSFunction
we read in the feedback vector hasn't been store-ordered and is
therefore unsafe to read. Therefore, we need to call the gc
predicate to ensure safety.

JSFunctionRef::feedback_vector() & raw_feedback_cell() - I was able
to remove the TODO warning about uninitialized data visible from
a direct read of these fields from the background. This is because
we either store-order into those fields, or rely on a prior
store-ordering. Additionally, FeedbackVectorRef and FeedbackCellRef
are never-serialized objects, so their first encounter on the
background thread is fine (we don't need to have seen and
serialized them on the main thread first).

Bug: v8:7790
Change-Id: I9cd19999e70fadcf62778dac2b0f679966a4a53f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026708Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75720}

.. and the corresponding map cache.

This cache was only used for CreateArray reductions, thus we mostly
expect to see unmodified JSArray initial maps. These are already
accessible from the native context and don't need to be cached
separately.

We may also see initial maps for custom JSArray subclasses. New map
allocation may be necessary in this case if the requested elements
kind differs from that of the current given initial map. Since we
can't (easily) allocate on the background thread, we skip the
optimization starting with this CL.

Bug: v8:7790
Change-Id: Ib8d81094e1572f49eda18e9ec485d317cec62473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021175Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75719}

See:
https://github.com/WebAssembly/exception-handling/issues/159

This change only does the rename where it's observable. This should also
be renamed throughout the codebase for consistency and will be done
separately.

R=ahaas@chromium.org

Bug: v8:8091
Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75718}

Also, copying hints can be removed from literals. Shallow
copying wasn't used for some time, because of the
way we treat mutable heap numbers.

Change-Id: Ieeba44a9f8e80c4183af8f4751f68dd3a542532e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009230Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75717}

This avoids a DCHECK failure if we continue using the Assembler after
code generation abortion. Even though it might not be the best style to
still call methods on the Assembler after abortion, it's not a problem
apart from the firing DCHECK, so we apply this simple fix instead of
making sure to really abort everything immediately.

R=leszeks@chromium.org

Bug: chromium:1228720, chromium:1217074
Change-Id: Iac3a652f21e34534dd28fb1ab580ab2ee6df06dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024157Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75716}

This is a reland of dcdaf42f. It adds
CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.

Bug: v8:11611
Change-Id: I813fc8de36d1445c6a887abf496ec10e1a803815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953296Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75715}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9c63d2e..2d99938

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/cb34896..6803464

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/e7ac0f8..a5feaf6

Rolling v8/third_party/aemu-linux-x64: QunhZeUueNJF63FP9uXIb-TVJNazpdKD5TQAi_D7ZLEC..m4sM10idq7LeFHXpoLKLBtaOZsQzuj63Usa3Cl9af1YC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4a3ec12..2814ff3

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/f376b41..dfbc590

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/aca9f71..9d0a403

Rolling v8/tools/luci-go: git_revision:01aa19ce019f7bf94712f3dd2538cf72a2a3451b..git_revision:8b8a9a6040ca6debd30694a71a99a1eac97d72fd

Rolling v8/tools/luci-go: git_revision:01aa19ce019f7bf94712f3dd2538cf72a2a3451b..git_revision:8b8a9a6040ca6debd30694a71a99a1eac97d72fd

Rolling v8/tools/luci-go: git_revision:01aa19ce019f7bf94712f3dd2538cf72a2a3451b..git_revision:8b8a9a6040ca6debd30694a71a99a1eac97d72fd

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8d18f4d2bb3a1da82d754a730a67045d2ceaffe4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3023891Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75714}

Change-Id: I5682c2b1ac80e0f8cbdff5f841e61f08a99ca6bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3022316Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75713}

Bug: chromium:1228407
Change-Id: I20941e8aaa4a1d82b035a5387cdd1b08b8994c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024153
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75712}

Drive-by: clean up SubS64/AddS64 macroassembler
Change-Id: I31a15b1f3f3825122f6857861845c8961ece3649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024152
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75711}

Bug: v8:11745
Change-Id: Icacc3ff58d50bdf02f00a41643c9b6ef54e74d50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024145
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75710}

For CopyAndConvertArrayToCppBuffer<T, type_info>(src, dst, length),
type `T` can be deducible from `dst`, but `type_info` cannot be
deducible so it's better to rewrite it as
CopyAndConvertArrayToCppBuffer<type_info, T>(src, dst, length).

Bug: v8:11739
Change-Id: Ic3a28671cf7576672dad2f21bf6acf87807c3b48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3023006Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75709}

Constant pool doc: shorturl.at/txS08

Bug: v8:11872
Change-Id: Idd36b4c1ef0dc634a7411f530cdfc50681d7e875
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024146
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75708}

This is a reland of dacce720

Original change's description:
> [wasm] Fix fallback from PKU to mprotect
>
> The {WasmCodeManager::SetThreadWritable} method would return true if
> called in a nested scope, even if PKU is not available. The caller
> cannot tell then whether permission switching happened or not.
>
> This CL refactors the code to do an explicit check for PKU support, and
> removes the boolean return value from {SetThreadWritable}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11959, v8:11974
> Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75699}

Bug: v8:11959, v8:11974
Change-Id: I7086aa3f1cd12615e6f12bbd061084ecd325eb11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021180Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75707}

Added a parameter to Object::FitsRepresentation() to disallow coercion.
Normally, when we ask if a Smi can "fit" into a Double representation
we'd answer yes, because the Smi can be converted to a HeapNumber.
However, from the compilers perspective, the object is found in a
field with a particular representation. In this case, finding a
Smi in a field with representation Double means something is awry.
Therefore, it's useful for the compiler to be able to ask if
the object fits the field without coercion.

Bug: chromium:1227324, v8:7790
Change-Id: I12033736030d904ef9c29516c07999600a5f508a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015570
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75706}

Mark --turbo-fast-api-calls flag as incompatible with stress_snapshot
variant to avoid listing all related tests in the status file.

Change-Id: If130780461e50e72ea6a43d750b2f7ad7764db2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024147
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75705}

When there are multiple entries into a deferred block region, ensure
that we freeze the set of deferred spill virtual registers when we have
processed the first entry point to that deferred block. This ensures
that we don't add another vreg into the set of deferred spills, and
then specify that that deferred spill slot is live across the whole
deferred block, when it is only live from certain entry points.

BUG=chromium:1227568,v8:9684

Change-Id: I647851be9a00fba262768e4f1a7846669b585a2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021178Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75704}

Bug: v8:7790
Change-Id: I7a658215ba2dbb12e90b651bce7ff08109b03b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2987831
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75703}

Bug: v8:7790
Change-Id: Ia31d2fb11b60f94ec1a67331e4395dbc57678c03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2985241
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75702}

Bug: v8:7790
Change-Id: I1fbf64a2b26154b9c6108920f4e7263eb583e074
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983213
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75701}

This reverts commit dacce720.

Reason for revert: Needs a fix.

Original change's description:
> [wasm] Fix fallback from PKU to mprotect
>
> The {WasmCodeManager::SetThreadWritable} method would return true if
> called in a nested scope, even if PKU is not available. The caller
> cannot tell then whether permission switching happened or not.
>
> This CL refactors the code to do an explicit check for PKU support, and
> removes the boolean return value from {SetThreadWritable}.
>
> R=​jkummerow@chromium.org
>
> Bug: v8:11959, v8:11974
> Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75699}

Bug: v8:11959, v8:11974
Change-Id: I199cf6dd6e12a209649fcf86f922e2500b50bbde
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021179
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75700}

The {WasmCodeManager::SetThreadWritable} method would return true if
called in a nested scope, even if PKU is not available. The caller
cannot tell then whether permission switching happened or not.

This CL refactors the code to do an explicit check for PKU support, and
removes the boolean return value from {SetThreadWritable}.

R=jkummerow@chromium.org

Bug: v8:11959, v8:11974
Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75699}

A human-readable name is in Blink only available for C++ types with
JS wrapper objects and for manually annotated types that are interesting
for the snapshot. Return the proper C++ shallow size of the object in
this case. (Merge nodes will have their JS+C++ sizes added.)

Bug: chromium:1228411, chromium:1056170
Change-Id: Ib2b1b7b9dec80e5cccccb1aad8c4c035715612ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021169Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75698}

This CL cleans up the trap handler code on POSIX before making additions
for arm64 simulator support.
In particular,
  - it extends a comment about restoring the signal mask
    before restoring the "thread in wasm" flag, and fixes the code to
    actually implement that again;
  - it renames "SigUnmaskStack" to "UnmaskOobSignalScope", to make the
    intent clear, and it moves the signal masking code to the
    constructor of that class;
  - it replaces a call to "IsThreadInWasm" by just reading
    "g_thread_in_wasm_code" to make it more transparent what is
    happening (note that the next instruction will just write to that
    flag);
  - it replaces an if block by another early exit for consistency; and
    lastly
  - it avoids curly braces for single-line conditions, to increase
    readability and to match the rest of V8.

R=ahaas@chromium.org, mseaborn@chromium.org

Bug: v8:11955
Change-Id: I023381f8b8e4640e2b21ac617fe301ec9f130783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015562
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75697}

To enable all V8 debugging features, compile with:
bazel build --config=debug :d8

No-Try: true
Bug: v8:11234
Change-Id: I83209b1b4ceff95cc25a26488a55fb026cb5bc04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3018082
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75696}

Reporting an event requires virtual calls. Frequent incremental events
seem to cause performance regression. Mitigate by batching events
reporting.

See usage in crrev.com/c/2992193

Bug: chromium:1214693
Change-Id: Iff212d0e9f90a2716956458c6e828fbe87a7b780
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992712
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75695}

Since PKU-based switching always switches the permissions for all wasm
code memory in the process, the method should not be on the
{NativeModule} or {WasmCodeAllocator}, but instead on the process-wide
{WasmCodeManager}.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I75a82e51401b2572977c134077e1669cf5077049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021382
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75694}

This refactors the {GetMemOp} function once again:
Instead of computing (mem_start + (offset_reg + offset_imm)), do compute
((mem_start + offset_imm) + offset_reg). This avoids an overflow in
(offset_reg + offset_imm) when using 32-bit computations, which hides
OOB memory accesses when relying on the trap handler.

As a nice side-effect, this change makes the whole method a lot nicer to
read.

We also need to change {StoreTaggedPointer} now, which was relying on the
inner working of {GetMemOp}. The new version makes the semantics more
transparent at the cost of repeating some logic from (the previous version
of) {GetMemOp}.

R=jkummerow@chromium.org

Bug: v8:11955, chromium:1227465, v8:11951
Change-Id: Ia068ca7c4f7db89b81529edd3438b0e4eee7d23d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015566
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75693}