Change-Id: Icd3e991d1b00c6846e7fa7330e39f62d16ef2028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3083081Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76199}

This cannot be defined in v8config.h because target architecture
detection is not done in that file.
This CL moves the logic to set V8_HAS_PTHREAD_JIT_WRITE_PROTECT to
src/base/build_config.h, which also defines the V8_TARGET_ARCH* macros.

R=jkummerow@chromium.org, mlippautz@chromium.org

Bug: chromium:1238029
Change-Id: I2a688dad32b83df1d26bf23b15bf4485d78c8cc6
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085271
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76198}

The behavior here depends on the platform and may also differ between
fast and slow paths [0]. Crash to let the fuzzer know there's nothing
interesting here.

[0] The reason for the fast-slow-path difference is that sometimes we
may trigger different compile jobs on these paths. One example is
`split`, which creates a new regexp instance on the slow path, but
reuses an existing instance on the fast path.

Bug: chromium:1236845
Change-Id: I87d9eb2601b235440014530d98df0e938b717650
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080577
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76197}

Upon starting a new full garbage collection the global epoch is
incremented. Since EmbedderHeapTracer::TraceEpilogue is called within
the marking phase, it is too late to finalize sweeping there as it
would use the previous cppgc epoch.

This makes metric computation crash as a single V8 full GC epoch
contains two different cppgc epochs (finalizing sweeping, new GC
cycle).

This CL avoids introducing a new EmbedderHeapTracer API and instead
makes use of the fact that cppgc is known to V8's heap.

Bug: chromium:1211795
Change-Id: I69837b083c4ee1edcad9d8c1a223278f992e5758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085264Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76196}

Prior to this CL, TraverseTransitionTree was a recursive post-order
visitor. This led to stack overflows for deep transition trees.

This CL changes to an iterative DFS algorithm instead. Since no user
seems to rely on the visitation order, it was changed from postorder to
preorder for ease of implementation.

Bug: chromium:1224935
Change-Id: Ibda199422fb20fb4470c5c68947e0afbd9a5e596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084366
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76195}

The following API methods are removed:
- v8::Module::SetSyntheticModuleExport(...)
- v8::StreamedSource::StreamedSource(...)
- v8::ConsueCodeCacheTask::StartStreamingScript(...)
- v8::Isolate::CreateParams::supported_import_assertions
- v8::Isolate::MeasureMemory(...)
- v8::Isolate::SetModifyCodeGenerationFromStringsCallback(...)
- v8::V8::TryHandleSignal(...)
- v8::V8::SetIsCrossOriginIsolated(...)

Bug: v8:11165
Change-Id: I3d232b375825de6b6469a5589c398835158b8850
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084364Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76194}

This reverts commit 9287befe.

Reason for revert: Invalid syntax at line 39

Original change's description:
> [watchlist] Add cbruni@ to api watchlist
>
> - Remove unused ia32 watchlist group
> - Add api watchlist group
>
> Change-Id: Ia64d2368de54a846ce548a66eef7e96ee5579a3a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084365
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76189}

Change-Id: Ib53139c5b72d5715348f61397cd4e8427397fdef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085261
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76193}

This test depends on the profiler which runs in a separate thread and
there is not incentive to control exact timing here to get the same
predictable results on every run.

Bug: v8:12066
Change-Id: I2da8eac97f3e8bf5f2158063f14063a0e321e891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084371Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76192}

We add support for struct.get operation to the fuzzed module.
struct_get alternative is added to Generators
(i32, i64, f32, f64).

Bug: v8:11954
Change-Id: I85c03bb6ba896bff399eb1382fa42b0795ef65ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081613Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#76191}

Some tests want to invalidate part of the VM state after an optimization
has consumed the old state but before the code is installed.

The existing mechanism for this is --block-concurrent-recompilation
and %UnblockConcurrentRecompilation(). The former suspends optimization
right after PrepareJob, before the background ExecuteJob phase. The
intrinsic can then be used to unblock it again.

This was good enough so far because the main "consume" work used to
happen on the main thread. With concurrent inlining this is no longer
true and we need something else.

This CL introduces three intrinsics:

%DisableOptimizationFinalization turns off automatic finalization of
background optimizations.

%FinalizeOptimization() can then be called at an appropriate time to
manually finalize (and thus install) the code and reenable automatic
finalization.

In case one wants to perform some action on the main thread after the
concurrent optimization has finished but before it is finalized, one can
do so with the help of %WaitForBackgroundOptimization() (see tests).

In a followup CL I'm removing the old mechanism since it now seems
redundant.

Bug: v8:12041, v8:7790
Change-Id: Ib7195789105922eb7e4bff86dc5bc11e96a4f97b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071400
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76190}

- Remove unused ia32 watchlist group
- Add api watchlist group

Change-Id: Ia64d2368de54a846ce548a66eef7e96ee5579a3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084365Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76189}

- Show commit hash
- Show V8 version number
- Update to py3

Bug: v8:11165
Change-Id: I170000a77532dfb54b0261fc5de06a556f0de30c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081612Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76188}

Following up on https://crrev.com/c/3067319 (V8 call site) and
https://crrev.com/c/3080920 (Blink override), we can now safely remove
the formatAccessorsAsProperties() predicate in the inspector API. V8 now
consistently applies the logic to all "inherited", native accessor
properties (which means both Blink IDL attributes and V8 builtins).

Bug: chromium:1076820, chromium:1199247
Change-Id: I156ee43eb87ffd7b1ba69900fe11283f37241dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080568
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76187}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1b13158..8e6db3e

Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/b291e88..e98c753

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c71b1c7..b35ee49

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e989bf9..8550570

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/2d924d7..aefb454

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I629d32d26de6f28da83d219696e0c91ada274153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3083390Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76186}

1. Adds EmbeddedObjectMatches
   Port 6bf0b704
2. Fallback to handle references on heap compilation
   Port 642a4673
3. Remove initial relocation when compiling on heap
   Port 7ac3b55a
4. Retry compiling on-heap when growing buffer
   Port fb4f89ae
5. 208854bb
   Port 208854bb

Bug: v8:11872
Change-Id: I43118c3acea1d174d2b826e5ed2823ec5388569c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081606Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76185}

This reverts commit 1c0cca0f.

Reason for revert: this made tree closed. (https://crbug.com/1238174)

Original change's description:
> Reland: [wasm] Check correctness of thread-local write protection
>
> The fix landed as a separate CL: https://crrev.com/c/3081522
> This is an unmodified reland.
>
> Original description:
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=​jkummerow@chromium.org
>
> Bug: v8:11974
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
> Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
> Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76177}

Bug: v8:11974, 1238174
Change-Id: I74d8723344e4b9015d956ebfe3fda492280356b6
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084041
Auto-Submit: Minoru Chikamune <chikamune@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76184}

This reverts commit c1f45d81.

Reason for revert: Not the true culprit

Original change's description:
> Revert "[wasm] fix float to/from int reinterpretation tests"
>
> This reverts commit e6f7a347.
>
> Reason for revert: This appears to be causing failures on linux and arm. E.g., https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8839349751927275456/+/u/Check/bound-functions-serialize and https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5605/overview
>
>
> Original change's description:
> > [wasm] fix float to/from int reinterpretation tests
> >
> > F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
> > floating point values involved during testing and only use
> > integers.
> >
> > This CL adds FP values as well as fixes the test names to match
> > their operation.
> >
> > Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
> > Reviewed-by: Zhi An Ng <zhin@chromium.org>
> > Commit-Queue: Milad Fa <mfarazma@redhat.com>
> > Cr-Commit-Position: refs/heads/master@{#76181}
>
> Change-Id: Ie333028bdc7b11f982ac1464bcd8ce1c1ca41657
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082747
> Auto-Submit: Francis McCabe <fgm@chromium.org>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#76182}

Change-Id: I15f3e8727c600ed517f7fa3e09f57dd23f89b384
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082751
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76183}

This reverts commit e6f7a347.

Reason for revert: This appears to be causing failures on linux and arm. E.g., https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8839349751927275456/+/u/Check/bound-functions-serialize and https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5605/overview


Original change's description:
> [wasm] fix float to/from int reinterpretation tests
>
> F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
> floating point values involved during testing and only use
> integers.
>
> This CL adds FP values as well as fixes the test names to match
> their operation.
>
> Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Milad Fa <mfarazma@redhat.com>
> Cr-Commit-Position: refs/heads/master@{#76181}

Change-Id: Ie333028bdc7b11f982ac1464bcd8ce1c1ca41657
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082747
Auto-Submit: Francis McCabe <fgm@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76182}

F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
floating point values involved during testing and only use
integers.

This CL adds FP values as well as fixes the test names to match
their operation.

Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76181}

This is a reland of fffcbaea

Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests

Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8:           |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback):    |-+...+-|    self-time: 2 units (ignored)
> 3. Re-enter V8:             |---|      self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
>   histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
>   This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
>   and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}

Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}

In gdbbjit's event handler, we return early if code_type is not
JIT_CODE. Unfortunately, in all CodeLinePosInfo event, we memset the
struct, so code_type is always BYTE_CODE, so no line information was
getting saved.

Drive-by clean up to aggregate initialize JitCodeEvent. Since the
initializer list is empty, all members are value-initialized, and in
this case, zero-initialized.

Bug: v8:12035
Change-Id: I67df2688f13fafbb0806546568eb2574ac8d5e2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071909Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76179}

Since array.new_with_rtt implicitly introduces a loop, we should mark
any loop including this instruction as non-innermost.

Bug: chromium:1236958
Change-Id: I2d92b5fdba748df0e4ac1d6cbc524428b1042578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080574
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76178}

The fix landed as a separate CL: https://crrev.com/c/3081522
This is an unmodified reland.

Original description:
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.

This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.

R=jkummerow@chromium.org

Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76177}

We currently print reference type indices as unsigned LEB. This will not
work properly for large indices (>=64), as they will be interpreted as
negative indices when read back. They may also alias with builtin types.
In this CL, we fix this by defining builtin types as negative numbers.
We add positive byte constants that can be used in function bodies.
We adapt wasm-module-builder and tests to the above changes.

Bug: v8:7748
Change-Id: I4dfaa65d4cbf77a6731ca2283148bd842ea5c56b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080569
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76176}

Check that the tag argument matches the exception's own tag, and throw a
type error if not.

R=jkummerow@chromium.org

Bug: chromium:1237751, v8:11992
Change-Id: Ia404b83c202a247791583f0252833c36801e9ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081523Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76175}

Code freeing can happen at any point in time where a GC might be
triggered. Hence it's difficult to ensure that no other
{CodeSpaceWriteScope} is already open at that point. The way these scope
objects are implemented forbids multiple scopes for different modules
though.
To solve this, this CL just avoids the code zapping in
{WasmCodeAllocator::FreeCode}, which is the only place that actually
writes to the code space. Without this, we do not need the
{CodeSpaceWriteScope} in {NativeModule::FreeCode} any more.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I1f01979e1eaea6c311c9ad568d605aabeef3bfc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081522
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76174}

On OSes other than Windows and Fuchsia the write barrier assumes that
the caged heap is allocated below the stack.
Add CHECK that the assumption holds.

Bug: chromium:1056170
Change-Id: I64c790e61b4cfa2adb8274ed74111f0433e9aefb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080570
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76173}

This is a partial fix to mitigate immediate issues. The code needs some
overhaul to match the recent spec changes.

Drive-by-fix: Partially update comments to match spec

Bug: v8:11949
Change-Id: I6b03d38c758176e29e8951af21c43d030bbb684d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075360
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76172}

Excluded keys should not be performed with GetOwnPropertyDescriptor on
source object in CopyDataProperties.

The key values fetch in CopyDataProperties might be arbitrary kind. It
may be smi, string, and symbol. Yet the proxy keys collected by
KeyAccumulator are not expected types for numeric keys. Those keys
should be converted to expected types.

Also updates a typo in comments of
BytecodeGenerator::BuildDestructuringObjectAssignment. The elements in
rest_runtime_callargs should be [value, ...excluded_properties].

Refs: https://tc39.es/ecma262/#sec-copydataproperties
Bug: v8:11532
Change-Id: If71bfedf8272ce8405e8566a016fae66b3007dd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060275Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76171}

This is a reland of e5d568f4

Original change's description:
> heap: Implement DiscardSystemPages for Fuchsia
>
> Bug: v8:12050
> Change-Id: I9fa5c0d38f277e363befbdaecaaedd4ee55bfb07
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071208
> Reviewed-by: Wez <wez@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76160}

Bug: v8:12050
Change-Id: I8ca9a578bc36e9f85634dfa3fba0baef6bb82579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081521Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76170}

The previous CL https://crrev.com/c/3069152 only did a pointer equality
check for host defined options. This broke code caching for chrome.

This CL extends the check to use a shallow strict equals check on the
host defined options elements.

Bug: v8:10284, chromium:1237242
Change-Id: Ie0ab17a5f5abe024061b6c3d3d68367d9e92b78b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081607
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76169}

No-Try: true
Bug: v8:11234
Change-Id: I2035107dfc1865ab17a6eb654a9a0967d6cac357
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080575
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76168}

This is no longer useful since the SerializeForBackgroundCompilation is
gone.

Bug: v8:7790
Change-Id: Icb4858a5863daca740fc13c52b7ee0bb7ec0f155
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081608Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76167}

<utility> is needed for std::forward.

Bug: chromium:1237252
Change-Id: I5c0c8c9a16c133bf54c360f32730f08bd2f158b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081602
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76166}

Design doc: https://bit.ly/36MfD6Y, section "Improving Computational
Complexity of CSALoadElimination".

We optimize CsaLoadElimination::AbstractState::KillField() by
fine-graining AbstractState. We now represent it with 6 maps
corresponding to (object kind, offset kind) pairs. This makes it
possible for KillField() to manipulate the state faster. For more
information consult the above design doc.

Bug: v8:11510
Change-Id: I7d991cd47f946edb20e746bc7e6792ae3c70004f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038521
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76165}

The getter and setter members may be set after initialization; in that
case, use acquire-release semantics.

Bug: v8:7790, chromium:1236965
Change-Id: Ia28c89b664787ff92a56a2f6dcc4d76655df5ff3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080567Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76164}

On Windows, the overhead of {SetPermissions} (which maps to a
{VirtualAlloc} call) heavily depends on the amount of memory on which
permissions are switched. Hence this CL changes permission switching
to only switch the code regions that are actually needed. This will
increase the number of system calls, but reduce the total size of
switched memory.

On a Unity benchmark, this reduced the lazy compilation time on Windows
from 13.7 seconds to 3.6 seconds (3.0 seconds without write protection).
On Linux, there is no measurable effect, but permission switching
generally seems to have way less overhead on Linux.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I46dd4ae9997587226b3d81166cf2e1128383ab34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077144
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76163}

Rather than depending on slow signature checks, receiver type checks are
performed using fast numeric instance type checks.

This CL adds a instance type range for embedders to assign values and
uses these to perform type checks.

Bug: v8:11476
Change-Id: Ie8236ae47ca0ba93ae76a7e690b81aa0a2b0f3e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883623Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76162}

This reverts commit e5d568f4.

Reason for revert: Compile error: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Fuchsia%20-%20builder/9825/overview

Original change's description:
> heap: Implement DiscardSystemPages for Fuchsia
>
> Bug: v8:12050
> Change-Id: I9fa5c0d38f277e363befbdaecaaedd4ee55bfb07
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071208
> Reviewed-by: Wez <wez@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76160}

Bug: v8:12050
Change-Id: I2abdadc4b47656074aa49323f9896695ab5642df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080576
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76161}

Bug: v8:12050
Change-Id: I9fa5c0d38f277e363befbdaecaaedd4ee55bfb07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071208Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76160}