Similar approach as Call (from RegisterList).

Bug: v8:7700
Change-Id: Ifc94e2bf53f40a8f556d30d85c2354f8d3a2af1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616502
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80275}

The CL introduces a new option --cppgc-young-generation. This option
can't be enabled statically, because V8 options are parsed after heap
initialization. The CL changes minor GC so that it can be enabled
dynamically. The way it works is as follows:
- the user calls YoungGenerationEnabler::Enable();
- a heap checks in the next atomic pause whether the flag was enabled;
- if so, the heap enables young generation for itself.

To avoid barrier regressions without young-generation enabled, the CL changes the meaning of the global flag is-any-incremental-or-concurrent-marking to is-barrier-enabled.

The runtime option would enable us to test young generation on try-
and performance-bots.

Bug: chromium:1029379
Change-Id: I664cccdcd208225ffcbf9901f1284b56d088c5c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607993
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80274}

This reverts commit 445190bf.

Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/38224/overview

Original change's description:
> [heap] Fix bogus object size computation
>
> The map of an object may be gone by the time we try to compute its
> size for accounting purposes.
>
> Bug: chromium:1319217
> Change-Id: I93cca766a8cedebf4ed30a3a65fd6eff5bc72bcf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605817
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80271}

Bug: chromium:1319217
Change-Id: I04139a4b469649a7f689643f949b106cd97dc94b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616503
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80273}

Doc: https://bit.ly/revive-restart-frame

This CL adds the V8 debugger part of the restart frame logic as well
as some bits for the inspector.

The CL is centered around two key pieces: When the user requests a
restart, we stash the stack frame ID (aka the stack pointer) and
optionally the inlined frame index for optimized frames, and then
continue execution. Once execution bubbles back into JS land,
we throw a termination exception when a frame restart was requested.

Note that the CL doesn't hook up the logic yet to CDP and the CL
also does not the actual handling of the termination exception
in the unwinder.

R=bmeurer@chromium.org, kimanh@chromium.org

Bug: chromium:1303521
Change-Id: I12cfb408c66072dd19f8180e530f84c987d1374d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613383Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80272}

The map of an object may be gone by the time we try to compute its
size for accounting purposes.

Bug: chromium:1319217
Change-Id: I93cca766a8cedebf4ed30a3a65fd6eff5bc72bcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605817Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80271}

array_buffer is not used by https://chromium-review.googlesource.com/c/v8/v8/+/3605611 ,so should delete USE(array_buffer).
And riscv64: Enable atomic ops in TF bultins

Change-Id: Ie8ffd3009bfacdbe67a8fe1e417388add70fc296
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616169Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80270}

Change-Id: I23376b2ad0dc8616048f8c9c7122d5bf38fa70d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3615013
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80269}

- Rely on GCCallbacksScope to avoid nesting callbacks.
- Use a single entrypoint consistently for all callsites.

Change-Id: I6be1f749a2d6bfc9d5db4c84c753e9176472bce2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605821Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80268}

This reverts commit a3f66927.

Reason for revert: test failures on TSAN/no-concurrent-marking bot:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/8549/overview

Original change's description:
> [heap] Refactor atomic marking phase
>
> The atomic marking phase was organized in many distinct smaller
> phases. In particular, before http://crrev.com/c/3584115 the marking
> phase split into two large separate phases.
>
> This CL reorganizes marking into two phases that perform regular V8
> heap marking, Oilpan, and ephemerons:
> - A parallel phase that likely drains all marking worklists;
> - A single-threaded final phase to catch any left overs;
>
> This avoids artificial splitting in phases and also avoids repeated
> starting and joining of jobs.
>
> Change-Id: I5cccfc5777837d9ece10d8f4925781bf2d07d9da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602507
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80265}

Change-Id: I4838e9316bd30f8a0b78fa6a27820d3457e1e579
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3614972
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80267}

Change-Id: Iae749161f5a6f2347a64f45579d9bd9d5e0ccaf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613387Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80266}

The atomic marking phase was organized in many distinct smaller
phases. In particular, before http://crrev.com/c/3584115 the marking
phase split into two large separate phases.

This CL reorganizes marking into two phases that perform regular V8
heap marking, Oilpan, and ephemerons:
- A parallel phase that likely drains all marking worklists;
- A single-threaded final phase to catch any left overs;

This avoids artificial splitting in phases and also avoids repeated
starting and joining of jobs.

Change-Id: I5cccfc5777837d9ece10d8f4925781bf2d07d9da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602507Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80265}

Port b0118171

Original Commit Message:

    This CL adds a new builtin called "RestartFrameTrampoline". This
    trampoline is relatively simple: It leaves the current frame and
    re-invokes the function. This essentially restarts the function and
    is one of the key components required to bring back the "Restart
    frame" DevTools debugging feature.

    The builtin is closely related to the "FrameDropperTrampoline"
    removed in the CL https://crrev.com/c/2854750. The key difference
    is that the "FrameDropperTrampoline" dropped to an "arbitrary"
    frame pointer before restarting the function (arbitrary in the
    sense that it was provided as an argument). This caused issues
    as the feature was implemented in a way that the frame pointer
    wasn't necessarily valid anymore.

    In comparison, the "RestartFrameTrampoline" relies on the V8
    unwinder to drop it in the correct frame first and is then
    invoked via either the CEntry stub or the deoptimizer
    (see design doc for details).

R=szuend@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Id742eeaa59a540ec206a92308fb72bb50413e267
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613391Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80264}

StoreField wasn't emitting a write barrier after performing the store,
leading to the usual set of hard-to-debug issues. Now it does.

The write barrier requires some of its registers to be in fixed
locations, and others to be clobberable. Thsi patch extends the
temporaries mechanism to allow requesting a specific temporary, in this
case for the slot address scratch register.

Bug: v8:7700
Change-Id: I506856071e0f44feafb98c2685ef1b3362b0e41e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613388
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80263}

This is a reland of commit 5d235def

The previous version of this CL got reverted because the cached
size of an invalidated object wasn't up-to-date when performing a GC.

Not all size changes go through NotifyObjectLayoutChange, so
https://crrev.com/c/3607992 introduced NotifyObjectSizeChange as a
bottleneck for object size changes/right-trimming. This method is
now used to update the size of invalidated objects.

Original change's description:
> [heap] Store size with invalidated object
>
> When updating pointers during a full GC, a page might not be swept
> already. In such cases there might be invalid objects and slots recorded
> in free memory. Updating tagged slots in free memory is fine even though
> it is superfluous work.
>
> However, the GC also needs to calculate the size of potentially dead
> invalid objects in order to be able to check whether a slot is within
> that object. But since that object is dead, its map might be dead as
> well which makes size calculation impossible on such objects. The CL
> changes this to cache the size of invalid objects. A follow-up CL will
> also check the marking bit of invalid objects.
>
> Bug: v8:12578, chromium:1316289
> Change-Id: Ie773d0862a565982957e0dc409630d76552d1a32
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599482
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80169}

Bug: v8:12578, chromium:1316289
Change-Id: I1f7c6070b8e7d116aeb1a8d03d4f87927ab40872
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608632Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80262}

We should just call the builtin while we don't have inlined
allocations.

Bug: v8:7700
Change-Id: I6da605cc756b0f44fb1366e90e6c0dac60ae9beb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613326
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80261}

Avoid calculating the checksum on every snapshot deserialization.

- Desktop: by default only in release
- Android: once per process

Most snapshot corruptions happen on android devices but there we also
have the highest overhead from calculating the checksum.

Findings doc: https://docs.google.com/document/d/e/2PACX-1vQWdJjrZpTL5VjbP_LHH-qQj-9vcmuLez93WPZhoacJT2bTXfCAdJpbexfJWP9jrAI5ek_416uZE6_W/pub

Bug: v8:12195
Change-Id: Ic7f2f45a9e8ade31c3774a7b659d9c30769e2b44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3583983Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80260}

This is a reland of commit 9d31f866
There were issues with --future flag implications on M1.

Original change's description:
> [rwx][mac] Support fast W^X permission switching on Apple Silicon (M1)
>
> ... for V8 code space. The feature is currently disabled.
>
> In order to use fast W^X permission switching we must allocate
> executable pages with readable writable executable permissions (RWX).
> However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
> permission changing of RWX memory pages. This means that the code page
> headers must be allocated with RWX permissions too because otherwise
> it wouldn't be possible to allocate a large code page over the freed
> regular code page and vice versa.
>
> When enabled, the new machinery works as follows:
>
> 1) when memory region is reserved for allocating executable pages, the
>    whole region is committed with RWX permissions and then decommitted,
> 2) since reconfiguration of RWX page permissions is not allowed on
>    MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
>    to change them,
> 3) the request to set RWX permissions in the executable page region
>    just recommits the pages without changing permissions (see (1), they
>    were already allocated as RWX and then discarded),
> 4) in order to make executable pages inaccessible one must use
>    OS::DiscardSystemPages() instead of OS::DecommitPages() or
>    setting permissions to kNoAccess because the latter two are not
>    allowed by the MacOS (see (2)).
> 5) since code space page headers are allocated as RWX pages it's also
>    necessary to switch between W^X modes when updating the data in the
>    page headers (i.e. when marking, updating stats, wiring pages in
>    lists, etc.). The new CodePageHeaderModificationScope class is used
>    in the respective places. On unrelated configurations it's a no-op.
>
> The fast permission switching can't be used for V8 configuration with
> enabled pointer compression and disabled external code space because
> a) the pointer compression cage has to be reserved with MAP_JIT flag
>    which is too expensive,
> b) in case of shared pointer compression cage if the code range will
>    be deleted while the cage is still alive then attempt to configure
>    permissions of pages that were previously set to RWX will fail.
>
> This also CL extends the unmapper unit tests with permissions tracking
> for discarded pages.
>
> Bug: v8:12797
> Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80238}

Bug: v8:12797
Change-Id: I0fe86666f31bad37d7074e217555c95900d2afba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610433Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80259}

There are three ways to parse /proc/self/maps in platform-linux.cc,
remove one to use common code. In the process, add a unit test, and fix
some issues in the latest iteration of /proc/self/maps parsing.

Change-Id: I4701ea49fe8cce53aea0179e194dc48fbebb2ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605226
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80258}

For some reason the compiler was optimizing away the reference to the
object in WeakContainerTest.ConservativeGCTracesWeakContainer and thus
not finding it conservatively.
This CL revises the tests such that the compiler is no longer able to
optimize references away.

Bug: v8:12824
Change-Id: Ie598a1cf1124c2983a6c61fd4e990734d36f5832
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610627Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80257}

Change-Id: Ide8935a02cb64134c3bdeb8b3e38e9a6e043e13c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610432Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80256}

- Supports Float64 Add for SmiAdd bytecode
- Adds a Float64Constant and ChangeInt32ToFloat64 nodes
- Converts floats to tagged in Phi node inputs
- Fixes spill double representation
- Fixes materialisation during a deopt of a double in the stack

Bug: v8:7700
Change-Id: I9217a64313b4bd5d0015f935c23771ecf9a2c7ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610426
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80255}

Doc: https://bit.ly/revive-restart-frame
Context: https://crrev.com/c/3582395 (jumbo CL with the whole feature)

This CL adds a new builtin called "RestartFrameTrampoline". This
trampoline is relatively simple: It leaves the current frame and
re-invokes the function. This essentially restarts the function and
is one of the key components required to bring back the "Restart
frame" DevTools debugging feature.

The builtin is closely related to the "FrameDropperTrampoline"
removed in the CL https://crrev.com/c/2854750. The key difference
is that the "FrameDropperTrampoline" dropped to an "arbitrary"
frame pointer before restarting the function (arbitrary in the
sense that it was provided as an argument). This caused issues
as the feature was implemented in a way that the frame pointer
wasn't necessarily valid anymore.

In comparison, the "RestartFrameTrampoline" relies on the V8
unwinder to drop it in the correct frame first and is then
invoked via either the CEntry stub or the deoptimizer
(see design doc for details).

Bug: chromium:1303521
Change-Id: I7bd46620808f8694c2c776b8bcd267e525d5b581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585944
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80254}

The test is very resource intensive and is therefore not reliable on
weaker systems. The limits are the same for all configurations, so it's
not a problem if we disable the test for some configurations.

R=machenbach@chromium.org

Fixes: v8:12836
Change-Id: If187bd3d5d352b1685d3a6e43a76860a263f53de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608631Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80253}

* Prefix all isolate variables with i_ for i::Isolate and
  v8_ for v8::Isolate
* Change _DO_NOT_USE macro suffix to _INTERNAL

Change-Id: I005efbe0192cf202741448c63a4263e6a4b1fa1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80252}

Since Sparkplug compiles pretty quickly and it might impact loading
time, there is an argument that we should actually use high priority
threads for CSP.

This adds a flag so that we create a finch experiment to test this
hypothesis.

Change-Id: Ib8965fbea015ddaeb25503bd92873bfff5daa1ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605245
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80251}

... from ArgumentsAdaptorFrame to InlinedExtraArguments.

Change-Id: I772e0546dd50282a4cd14723625fd5bf774f424c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3609968Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80250}

Bug: chromium:1320126
Change-Id: Ieab14e0793e64c607ffee656eed66efe31be65f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610434Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80249}

Bug: v8:7700
Change-Id: Ia601631de4cbc8099a87be0bda4a68ddffa8de74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610428Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80248}

Please revert this commit if anything breaks!

Bug: v8:11111
Change-Id: Ieaf8a57846df011abc245109c22a5cabe627a087
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610430Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80247}

Previously building `//:noicu/mksnapshot` on M1 macs produced this
linker error:

```
Undefined symbols for architecture arm64:
  "v8::internal::trap_handler::TryHandleSignal(int, __siginfo*, void*)", referenced from:
      v8::TryHandleWebAssemblyTrapPosix(int, __siginfo*, void*) in libv8_libshared_noicu.lo(api.o)
  "v8::internal::trap_handler::RegisterDefaultTrapHandler()", referenced from:
      v8::internal::trap_handler::EnableTrapHandler(bool) in libv8_libshared_noicu.lo(handler-outside.o)
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
```

Because this branch that enabled the trap handler:

```
// Arm64 (non-simulator) on Mac.
 #elif V8_TARGET_ARCH_ARM64 && V8_HOST_ARCH_ARM64 && V8_OS_DARWIN
```

Wasn't handled in the build, so the file was excluded.

Change-Id: Ie2ed9d3aeab849b1479cad5d4f9ca48e6eb51bf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3589296
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80246}

It is expected that changing page permissions can fail due to the system
running out of memory. However, any other failure is unexpected and
likely indicates a bug in the caller, such as changing the permissions
of an invalid memory region. To allow distinguishing between these
unexpected failures and expected OOM failures, this CL adds CHECKs into
the low-level memory management routines to abort when an unexpected
failure occurs.

Similar logic could later be added to other low-level memory management
routines that can legitimately fail due to OOM as well.

Bug: chromium:1320126
Change-Id: I3de6f4b2aed8962c91770b81382df34384584501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610445
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80245}

Bug: v8:11111
Change-Id: I3c350dd98b3da995b52c8366876d66b87fc47c28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605611
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80244}

Remove the common base class of MarkCompactCollector and
MinorCompactCollector as a cleanup.

Change-Id: Ib6a931b2bd397ac7c9425b0e268b847a38125a57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610424Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80243}

Change-Id: Ib145fcc89ff15d06de8205e67280798ed8f36aac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3612667Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#80242}

The SIMD proposal has been merged into the main spec, it is not
necessary anymore to execute the SIMD proposal tests additionally.

R=gdeepti@chromium.org

Change-Id: I1c5847a1bfba2d0c956cf353816fd71417506a1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3609848Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80241}

Also add AOs: ToTemporalDateTime, ParseTemporalDateTimeString,
InterpretTemporalDateTimeFields

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.from
https://tc39.es/proposal-temporal/#sec-temporal-totemporaldatetime
https://tc39.es/proposal-temporal/#sec-temporal-parsetemporaldatetimestring
https://tc39.es/proposal-temporal/#sec-temporal-interprettemporaldatetimefields

Bug: v8:11544
Change-Id: I3cf5c7c0f876dd8f384d62a47d7b24d8780bf03f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538667Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80240}

This reverts commit 9d31f866.

Reason for revert: crashes on Mac/arm64 bots:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/5923/overview

Original change's description:
> [rwx][mac] Support fast W^X permission switching on Apple Silicon (M1)
>
> ... for V8 code space. The feature is currently disabled.
>
> In order to use fast W^X permission switching we must allocate
> executable pages with readable writable executable permissions (RWX).
> However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
> permission changing of RWX memory pages. This means that the code page
> headers must be allocated with RWX permissions too because otherwise
> it wouldn't be possible to allocate a large code page over the freed
> regular code page and vice versa.
>
> When enabled, the new machinery works as follows:
>
> 1) when memory region is reserved for allocating executable pages, the
>    whole region is committed with RWX permissions and then decommitted,
> 2) since reconfiguration of RWX page permissions is not allowed on
>    MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
>    to change them,
> 3) the request to set RWX permissions in the executable page region
>    just recommits the pages without changing permissions (see (1), they
>    were already allocated as RWX and then discarded),
> 4) in order to make executable pages inaccessible one must use
>    OS::DiscardSystemPages() instead of OS::DecommitPages() or
>    setting permissions to kNoAccess because the latter two are not
>    allowed by the MacOS (see (2)).
> 5) since code space page headers are allocated as RWX pages it's also
>    necessary to switch between W^X modes when updating the data in the
>    page headers (i.e. when marking, updating stats, wiring pages in
>    lists, etc.). The new CodePageHeaderModificationScope class is used
>    in the respective places. On unrelated configurations it's a no-op.
>
> The fast permission switching can't be used for V8 configuration with
> enabled pointer compression and disabled external code space because
> a) the pointer compression cage has to be reserved with MAP_JIT flag
>    which is too expensive,
> b) in case of shared pointer compression cage if the code range will
>    be deleted while the cage is still alive then attempt to configure
>    permissions of pages that were previously set to RWX will fail.
>
> This also CL extends the unmapper unit tests with permissions tracking
> for discarded pages.
>
> Bug: v8:12797
> Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80238}

Bug: v8:12797
Change-Id: Ic07948e036db36326d464a2a901d052aa060a406
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3611665
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80239}

... for V8 code space. The feature is currently disabled.

In order to use fast W^X permission switching we must allocate
executable pages with readable writable executable permissions (RWX).
However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
permission changing of RWX memory pages. This means that the code page
headers must be allocated with RWX permissions too because otherwise
it wouldn't be possible to allocate a large code page over the freed
regular code page and vice versa.

When enabled, the new machinery works as follows:

1) when memory region is reserved for allocating executable pages, the
   whole region is committed with RWX permissions and then decommitted,
2) since reconfiguration of RWX page permissions is not allowed on
   MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
   to change them,
3) the request to set RWX permissions in the executable page region
   just recommits the pages without changing permissions (see (1), they
   were already allocated as RWX and then discarded),
4) in order to make executable pages inaccessible one must use
   OS::DiscardSystemPages() instead of OS::DecommitPages() or
   setting permissions to kNoAccess because the latter two are not
   allowed by the MacOS (see (2)).
5) since code space page headers are allocated as RWX pages it's also
   necessary to switch between W^X modes when updating the data in the
   page headers (i.e. when marking, updating stats, wiring pages in
   lists, etc.). The new CodePageHeaderModificationScope class is used
   in the respective places. On unrelated configurations it's a no-op.

The fast permission switching can't be used for V8 configuration with
enabled pointer compression and disabled external code space because
a) the pointer compression cage has to be reserved with MAP_JIT flag
   which is too expensive,
b) in case of shared pointer compression cage if the code range will
   be deleted while the cage is still alive then attempt to configure
   permissions of pages that were previously set to RWX will fail.

This also CL extends the unmapper unit tests with permissions tracking
for discarded pages.

Bug: v8:12797
Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80238}

Runtime and Builtin function should always return the exception object
as a marker if there is a pending_exception on the current isolate.

Change-Id: I7c255aa501800384c288664a9ca6578afbe0a103
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610449Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80237}

Change-Id: Iec93e286c8067453cc1f9a978fa09b8734999f83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596159Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80236}