This removes custom object iteration in MarkingVerifier.

Change-Id: I2e597dab6014ff4443faa60cd3d4be20a2dc1b56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438067Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70250}

Background threads use a new mechanism to request a GC from the main
thread. Previously they used MemoryPressureNotification to request the
collection. However this conflicts with the embedder's usage of
MemoryPressureNotification.

Bug: v8:10315
Change-Id: Ib25a13a43e1f6a8785bb0d421dd056ae06a4a350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429270Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70249}

Rename it to Symbolizer because it does exactly that.

Change the SymbolizeTickSample method to return the symbolized state
rather than pass it on to the ProfilesCollection. This makes it easier
to test as now it only relies on the CodeMap provided to it.

Make EntryForVMState a free-floating function as it doesn't rely on
state and then we can avoid importing the StateTag definition in the
header.

Remove the UNREACHABLE from EntryForVMState as the compiler got smarter
and doesn't need it anymore.

Pass the CpuProfilesCollection to SamplingEventsProcessor instead,
as it is now responsible for putting the symbolized samples into the
collection to be sorted into the appropriate profiles.

Change-Id: I104290eff22b7d94a1bd34ba904036badccf4e13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440522
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70248}

AST reindexing has to skip visiting fields that are already in the
member initializer, as they will have already been visited when
visiting said initializer. This is the case for private fields and
fields with computed names.

However, the reindexer was incorrectly assuming that all properties
with a FunctionLiteral value are methods (and thus not fields, and
can safely be visited). This is not the case for fields with
function expression values.

Now, we correctly use the class property's "kind" when making this
visitation decision.

Fixed: chromium:1132111
Change-Id: Ia53d1fe713453e361b818dfb0b5f88a90cecdf21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440519
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70247}

Decoding of gc/reference type instructions assumed that popping a value
from the stack would either throw an error or return a value of the
expected type. This is not true in unreachable contexts, where a
bottom-typed value can be returned.
This CL fixes this problem, adds tests which expose it, and improves
AddFunction() in the infrastructure of
function-body-decoder-unittest.cc.

Bug: v8:7748
Change-Id: I7e9d0caa9ba1687b68a5cdad7b99c054285d9f0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440577
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70246}

This reverts commit 1110ccf6.

Reason for revert: Various failures, e.g. https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8867662180901819968/+/steps/Check_-_ODROID/0/logs/simd_f32x4_pmin_pmax/0

Original change's description:
> [wasm] Update spec tests
>
> The change is auto-generated by v8/tools/wasm/update-wasm-spec-tests.sh.
>
> R=​manoskouk@chromium.org
>
> Change-Id: I1ebe8c3e56754e1242d279124a07f74edaab89c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436456
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70244}

TBR=ahaas@chromium.org,manoskouk@chromium.org

Change-Id: Ifafa7ed7e7deb7d94e12e2aee9e79b207199b618
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440594Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70245}

The change is auto-generated by v8/tools/wasm/update-wasm-spec-tests.sh.

R=manoskouk@chromium.org

Change-Id: I1ebe8c3e56754e1242d279124a07f74edaab89c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436456Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70244}

Additional change: Add ValueType::is_bottom()

Change-Id: I8e294c6318b6e51efac0a07ac0ec059ea9dc5654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440515
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70243}

Replaces ItemParallelJob by std::vector to hold work items.
IndexGenerator is used to iterate over evacuation items.

Change-Id: I63ea246f267d8cbe140c47c022b95b3873bc957a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2425339
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70242}

Remove 8 NEON rounding opcodes, merging them into the existing float
rounding opcodes, since the instruction used is the same, only the
register format is different, and can be determined at codegen time.

Bug: v8:10930
Change-Id: Ice19c1e2a31f6913c748976fe3a021035a752d88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436617Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70241}

This CL has started using new vector instructions introduced
in Power 9, which includes:

- Move To VSR Double Doubleword
- Vector Extract

Change-Id: Ieda677b33f4aae059afb3ab94d18f044001887a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438956Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70240}

It was incorrectly using int64 test arguments, it should be using
double. After changing the test, it was failing for values outside of
int64 range (UB), so check and skip those values, see
https://source.chromium.org/chromium/chromium/src/+/master:v8/test/cctest/wasm/test-run-wasm-64.cc;l=762-767;drc=0c918bd8418b92a095885dc98ef5a939febf4069

Change-Id: I2f97c3f78e197b39cbf320468daefc339844d515
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436639
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70239}

This is a reland of 92f815a8
Safe to reland as-is with task id lifetime fix in
https://chromium-review.googlesource.com/c/v8/v8/+/2437005

Original change's description:
> Reland "[Heap] ScavengerCollector use Jobs."
>
> This is a reland of 9e8c54f8
> Safe to reland as-is with fix in AcquireTaskId
> https://chromium-review.googlesource.com/c/v8/v8/+/2401964
>
> Additional changes are made in the reland:
> -TRACE_GC is be split for background/foreground scope.
> -New IndexGenerator is used for dynamic work assignement.
>
> Original change's description:
> > [Heap] ScavengerCollector use Jobs.
> >
> > No yielding is necessary since the main thread Join()s.
> >
> > max concurrency is determined based on either
> > remaining_memory_chunks_ or global pool size
> > (copied_list_ + promotion_list_)
> >
> > Change-Id: Ie30fa86c44d3224b04df5d79569bce126ce7d96b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354390
> > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#69746}
>
> Change-Id: Id9d7a5bf3b2337ae4cf1e76770f4b14ebb8ca256
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2399041
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70135}

Change-Id: Id0451b6eca9a125c7695d251d1a7d813e0664dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432071
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70238}

This enables correctness fuzzing.

Bug: v8:9237
Change-Id: I9b8e5506cf22a482cf39e92d3d67629382ac4b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436539Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70237}

CallHandleInfos are observed for optimizing API calls in TurboFan.
The place to be careful is on allocation and installation of these
objects in a FunctionTemplate. As long as store order is preserved there,
we can safely directly access the class members.

Bug: v8:7790
Change-Id: I6acb318d01c19d97725c7218e913765c33e0d8b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435096
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70236}

All instantiations of the function body decoder (validation, Liftoff,
TurboFan) currently generate precise error messages. For Liftoff though,
the error message and location is never used. Thus we can save some
binary size and performance by only keeping a flag whether an error
occured or not. In the error case, the TurboFan compiler will execute
right afterwards anyway, generating a proper error message.

As as follow-up, we can avoid storing the pc in {ValueBase} and
{ControlBase}, because that's only used for error reporting.

R=thibaudm@chromium.org

Bug: v8:10969
Change-Id: I65c46cb9d8b654f9476f2c34ca9a8dd45d6bbbc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436347
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70235}

CodeKind::OPTIMIZED_CODE -> TURBOFAN

Kinds are now more fine-grained and distinguish between TF, TP, NCI.

CodeKind::STUB -> DEOPT_ENTRIES_OR_FOR_TESTING

Code stubs (like builtins, but generated at runtime) were removed from
the codebase years ago, this is the last remnant. This kind is used
only for deopt entries (which should be converted into builtins) and
for tests.

Change-Id: I67beb15377cb60f395e9b051b25f3e5764982e93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440335
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70234}

Array.prototype.pop() must throw a TypeError whenever the array's
length is readonly; there is no exception to that when the length
is 0. This patch moves the length==0 special case after the read-
only length check in both fast paths (CSA and C++).

Fixed: v8:10908
Change-Id: I4a77439478cffeaf11022ff8beb78b0a907290d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440576
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70233}

Sorting a TypedArray with a custom compare function requires us to
copy the array's contents to a FixedArray. When the TypedArray is
larger than FixedArray::kMaxLength, we should throw a RangeError
rather than crashing with an OOM message.

Fixed: v8:10931
Change-Id: I8a27cc0ac80a9172bc5e8e154fdf4ccce5974317
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440575
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70232}

This reverts commit 5d7a29c9.

Reason for revert: UBSan -- https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/13100

Original change's description:
> [serializer] Allocate during deserialization
>
> This patch removes the concept of reservations and a specialized
> deserializer allocator, and instead makes the deserializer allocate
> directly with the Heap's Allocate method.
>
> The major consequence of this is that the GC can now run during
> deserialization, which means that:
>
>   a) Deserialized objects are visible to the GC, and
>   b) Objects that the deserializer/deserialized objects point to can
>      move.
>
> Point a) is mostly not a problem due to previous work in making
> deserialized objects "GC valid", i.e. making sure that they have a valid
> size before any subsequent allocation/safepoint. We now additionally
> have to initialize the allocated space with a valid tagged value -- this
> is a magic Smi value to keep "uninitialized" checks simple.
>
> Point b) is solved by Handlifying the deserializer. This involves
> changing any vectors of objects into vectors of Handles, and any object
> keyed map into an IdentityMap (we can't use Handles as keys because
> the object's address is no longer a stable hash).
>
> Back-references can no longer be direct chunk offsets, so instead the
> deserializer stores a Handle to each deserialized object, and the
> backreference is an index into this handle array. This encoding could
> be optimized in the future with e.g. a second pass over the serialized
> array which emits a different bytecode for objects that are and aren't
> back-referenced.
>
> Additionally, the slot-walk over objects to initialize them can no
> longer use absolute slot offsets, as again an object may move and its
> slot address would become invalid. Now, slots are walked as relative
> offsets to a Handle to the object, or as absolute slots for the case of
> root pointers. A concept of "slot accessor" is introduced to share the
> code between these two modes, and writing the slot (including write
> barriers) is abstracted into this accessor.
>
> Finally, the Code body walk is modified to deserialize all objects
> referred to by RelocInfos before doing the RelocInfo walk itself. This
> is because RelocInfoIterator uses raw pointers, so we cannot allocate
> during a RelocInfo walk.
>
> As a drive-by, the VariableRawData bytecode is tweaked to use tagged
> size rather than byte size -- the size is expected to be tagged-aligned
> anyway, so now we get an extra few bits in the size encoding.
>
> Bug: chromium:1075999
> Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70229}

TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org

Change-Id: I2bd792a24861e8f54897e51522769b50f8f814e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1075999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440827
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70231}

This is some general cleanup for the experimental regexp implementation.
DeferredLabels have been merged into Labels, label APIs more closely
resemble other parts of V8, and instruction codegen has been moved into
its own class.

Bug: v8:10765
Change-Id: I139c0a0df30e539ee39eae70fc206e6406d898b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2433058Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Gus Caplan <snek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70230}

This patch removes the concept of reservations and a specialized
deserializer allocator, and instead makes the deserializer allocate
directly with the Heap's Allocate method.

The major consequence of this is that the GC can now run during
deserialization, which means that:

  a) Deserialized objects are visible to the GC, and
  b) Objects that the deserializer/deserialized objects point to can
     move.

Point a) is mostly not a problem due to previous work in making
deserialized objects "GC valid", i.e. making sure that they have a valid
size before any subsequent allocation/safepoint. We now additionally
have to initialize the allocated space with a valid tagged value -- this
is a magic Smi value to keep "uninitialized" checks simple.

Point b) is solved by Handlifying the deserializer. This involves
changing any vectors of objects into vectors of Handles, and any object
keyed map into an IdentityMap (we can't use Handles as keys because
the object's address is no longer a stable hash).

Back-references can no longer be direct chunk offsets, so instead the
deserializer stores a Handle to each deserialized object, and the
backreference is an index into this handle array. This encoding could
be optimized in the future with e.g. a second pass over the serialized
array which emits a different bytecode for objects that are and aren't
back-referenced.

Additionally, the slot-walk over objects to initialize them can no
longer use absolute slot offsets, as again an object may move and its
slot address would become invalid. Now, slots are walked as relative
offsets to a Handle to the object, or as absolute slots for the case of
root pointers. A concept of "slot accessor" is introduced to share the
code between these two modes, and writing the slot (including write
barriers) is abstracted into this accessor.

Finally, the Code body walk is modified to deserialize all objects
referred to by RelocInfos before doing the RelocInfo walk itself. This
is because RelocInfoIterator uses raw pointers, so we cannot allocate
during a RelocInfo walk.

As a drive-by, the VariableRawData bytecode is tweaked to use tagged
size rather than byte size -- the size is expected to be tagged-aligned
anyway, so now we get an extra few bits in the size encoding.

Bug: chromium:1075999
Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70229}

The infrastructure will soon start using the canonical build output
location out/build. New flake bisect jobs will then be started with
--outdir=out/build.

This change picks the current out/Release or out/Debug as an
alternative output location to be compatible with the future value
of the flag.

This code will be removed when the property change happens.

This prepares:
https://crrev.com/c/2426643

Bug: chromium:1132088
Change-Id: I1fe3bcb239b05d069a1006646bc9306a16a3cecd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440336Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70228}

Previously, unhandled promise rejections weren't reset between REPRL
executions, leading to incorrect exit statuses being reported. This CL
fixes the issue and adds further tests to verify the correct behaviour.

Change-Id: Ied47d9359b0fbc05ebb211667687a0a4041ef767
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431205Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#70227}

When building the error message for a TypeError when e.g.
a non-callable is called, we should avoid running into the
max string length. Printing many megabytes there isn't going
to be useful anyway.

Fixed: v8:10963
Change-Id: Ief89800f660bdd48585f84c3e3d4ece21b02b760
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438068Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70226}

Bug: v8:10965
Change-Id: Iba23cfcfaed44b52fe38851713e2ffedd118430f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437172Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70225}

As a preparation to add a "boolean validation" mode, rename the existing
flags. This removes many unrelated changes from the follow-up change and
makes it easier to review.

R=thibaudm@chromium.org

Bug: v8:10969
Change-Id: I5f71405b525a7caa91be46c035e31d4d960e4e4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440036Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70224}

This breaks looking for build output after finding valid output.
Otherwise build output with lower precedence can overwrite output
with higher precedence.

This also moves a static method.

Bug: chromium:1132088
Change-Id: I1824028243f964ab0956e54ca24921e6f32f2ca3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440337
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70223}

Bug: chromium:1132640
Change-Id: I40e8aecc98d9fc20bbe1df6e31be127af8710723
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436334Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70222}

The invocation count is part of call feedback, and is used during
tier-up to determine inlining candidates. For bytecode, it is updated
by the InterpreterEntryTrampoline, which can be seen as a global
prologue for all bytecode functions.

Since NCI tiers up, it must also track the invocation count. This CL
adds it to the NCI prologue sequence (emitted as part of every NCI
code object).

Bug: v8:8888
Change-Id: I04b33c9c8b0bdd975aceb97145f159798e18b97b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436340
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70221}

Change-Id: I33294dc5b93d5842a3a51779bfec30f20bf4f23f
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436345Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70220}

Change-Id: I624b16162dd859dc88b5f26cfc7d1a4a15089095
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438455
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70219}

Ensure that a valid off-heap trampoline is created for the
GenericJSToWasmWrapper builtin by adding it to the list of executable
builtins.

R=ahaas@chromium.org
CC=​evih@chromium.org

Bug: v8:10701
Change-Id: I49b8144237aca20f5f663c7b32810a16f715ad5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438415
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70218}

This CL extends fast-path transformations of JavaScript parameters
when calling an exported WebAssembly function from JavaScript
to support heap numbers for types kF32 and kF64.

Bug: v8:10943
Change-Id: Ifbb745cb7bee3ef34bb40b7c01597703fde340bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435366
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70217}

Since the inspector/debugger/wasm-scope-info* tests need simd128,
but not all mips cpus support it, we skip the tests on mips
platforms without simd support.

Change-Id: Iebefa5d6b33d80d707ad0077be7d4f25e3e52b4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2439769
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70216}

Changes:
- Implement WasmExportedFunction::MatchesSignature.
- Use it over comparison with == in ResolveWasmImportCall.
- Add a test which exposes the existing bug.
- Add a few reminder TODOs.

Bug: v8:9495
Change-Id: Ibbe31dbf550be212dbf2170ab8cdab9b4b6de734
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438060
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70215}

Float32/64 abs operation should only clear the sign bit, but abs.s
and abs.d instructions of mips64r2 would convert nan to canonical
nan.

Change-Id: Ibbd05cdb3a73acfe0e532030d1815d262c3ac433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2439768
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70214}

Turboprop-generated Code objects will now have the dedicated
TURBOPROP code kind instead of OPTIMIZED_FUNCTION. When possible,
the code kind is used as the source of truth instead of
FLAG_turboprop. This is the initial step towards implementing
tier-up from Turboprop to Turbofan.

Future work: Rename OPTIMIZED_FUNCTION to TURBOFAN, rename STUB to
DEOPT_ENTRIES_OR_FOR_TESTING, implement TP tier-up.

No-Try: true
Bug: v8:9684
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Change-Id: I3c9308718d7e9a2b7e6796e7ea94f17e5ff84c0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424140
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70213}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/38a49c1..3ede101

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/3ff4f50..4be464e

Rolling v8/third_party/aemu-linux-x64: FfxmX7LQ9OID3pVAmcemr6u9lK3xjXzAXxvqzEcclMwC..oJeWXQJJ1lVY6P7l39pBV-mrbeWlw0swPZQuNmcix5AC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/18d69fb..0f6ed71

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1099c11..991ead1

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/3c52ccd..6ba978c

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/4668fea..26211a5

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3017eda..bd8e096

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Icb156ce2fe693cd4838c7e11b31cb96282125c92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2439341Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70212}

Change-Id: Ib5728e22815339096dec72cc3a6d8732da436062
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437514Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#70211}