Bug: chromium:913887
Change-Id: I3b3040acc919990fa39f54add989c5caf325864a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735316Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63077}

This reverts commit 779bdef3.

Reason for revert: Speculative revert for win breakage (https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8905967677942963904/+/steps/Check/0/logs/Fixed/0)

Original change's description:
> [wasm] Prepare for multiple jump tables
> 
> This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
> code spaces with separate jump tables. {WasmCodeAllocator} calls back
> to the {NativeModule} for each code space it allocates, and
> {NativeModule} stores data (especially the jump table) for each code
> space.
> A jump table is currently only created for the first code space added,
> so nothing changes there yet.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63069}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I57af88872c1335d547f83e524c8f06938b5c817b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735320
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63076}

This reverts commit a3218aa7.

Reason for revert: Needed for another revert (https://chromium-review.googlesource.com/c/v8/v8/+/1735320)

Original change's description:
> [wasm] Add support to allocate in a specific code region
> 
> For multiple code spaces with multiple jump tables, we need to allocate
> the space for the jump tables within specific regions (the new code
> spaces) so they are within reachable distance.
> This CL adds support for that, and uses it for the first jump table.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63074}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I4b1d1e670d5b25fa40205754d9572b2b809c93ea
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735321Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63075}

For multiple code spaces with multiple jump tables, we need to allocate
the space for the jump tables within specific regions (the new code
spaces) so they are within reachable distance.
This CL adds support for that, and uses it for the first jump table.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63074}

This reverts commit 9499ec0d.

Reason for revert: Breaks lots of stuff, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064%20-%20future/9401

Original change's description:
> [TurboFan] Brokerize remaining feedback vector slots
> 
> This CL adds new ProcessedFeedback subclasses, corresponding to various IC
> types:
> 
> * ForIn
> * Comparison ops
> * Binary/Unary ops
> * InstanceOf
> * Calls
> 
> The feedback is gathered at serialization time and used in several places,
> namely:
> 
> * Bytecode graph building,
> * and its helper class JSTypeHintLowering (with its "early lowering")
> * Native context specialization
> * JSCallReducer
> 
> Design doc: https://docs.google.com/document/d/1JLG0VFV8xmsAIJexU19xzlbNyP51ONqfo_Gf_2DcPC8/edit?usp=sharing
> 
> Bug: v8:7790
> Change-Id: I53c3d7a17f844384f38c4ee0f0b082c114217a02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710663
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63028}

TBR=mvstanton@chromium.org,neis@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7790
Change-Id: Id0c4d6651611fc3964010f7615d0ad0485169ebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735315Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63073}

This is a reland of 3fc96631

The private method on_event in timeout proc is now renamed to be truly
private.

Original change's description:
> [test] Print hanging tests on linux on test-runner termination
>
> This will print the list of processes still running before and after
> joining workers during termination. This will help debugging hanging
> tests during flake-bisect or with num-fuzzer, which both terminate
> on total timeout and currently still sometimes hang without printing
> processes.
>
> Bug: v8:8292
> Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63065}

Bug: v8:8292
Change-Id: Ibad1172666d6f4d2c07884a54edfe9d6499b57fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735318Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63072}

This CL changes the way AccessorPairs are collected for instantiation
when debug break trampolines are installed.
Instead of walking the heap and looking at AccessorPairs directly, we
look at all JSObjects and collect AccessorPairs via each objects
descriptor array. This way, we can associate the correct native
context with each collected AccessorPair.

The current native context is not always the correct context to instantiate
the getter and setter JSFunctions for an AccessorPair.

Bug: chromium:986063
Change-Id: I124a0802f4938b95f1ad75efc65eb05b66bcfc67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735310
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63071}

When a fast path was added for Math.hypot, the algorithm was also
simplified. This simplification turns out to be incorrect in some rare
edge cases. This cl reverts back to the original algorithm and converts it to torque.

Original cl: https://chromium-review.googlesource.com/c/v8/v8/+/1684178

Bug: v8:9546
Change-Id: If4e21504732f46081a8de823f50f499917f1a20c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725200
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63070}

This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
code spaces with separate jump tables. {WasmCodeAllocator} calls back
to the {NativeModule} for each code space it allocates, and
{NativeModule} stores data (especially the jump table) for each code
space.
A jump table is currently only created for the first code space added,
so nothing changes there yet.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63069}

Instead of exposing a {kNext} constant to be used to construct the next
bitfield, expose a templatized {Next} type alias. This ensures that the
storage type is the same for all bitfields created this way. It's also
shorter.

Apart from the expected changes in the code base, the AST node classes
are changed to expose a {NextBitField} templated type alias instead of
a {kNextBitFieldIndex} constant. They thus follow the same pattern as
{BitField} itself.

R=jkummerow@chromium.org, mstarzinger@chromium.org, verwaest@chromium.org

Bug: v8:9396
Change-Id: I70a1b0bd71cde694ec53444de0ca55e4cf0a3836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728615Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63068}

This reverts commit a82ffb17.

Reason for revert: dependency for reverting 9499ec0d

Original change's description:
> [turbofan] Introduce Hints::SingleConstant helper
> 
> Bug: v8:7790
> Change-Id: I499e74f45a3997d32e75c962f0c59ce5c6819c5f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730989
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63030}

TBR=neis@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7790
Change-Id: I7b264cf913935219adf11022231cb5002175500d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735314Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63067}

This reverts commit 3fc96631.

Reason for revert: _on_event clashes with a the same function in timeout proc.

Original change's description:
> [test] Print hanging tests on linux on test-runner termination
> 
> This will print the list of processes still running before and after
> joining workers during termination. This will help debugging hanging
> tests during flake-bisect or with num-fuzzer, which both terminate
> on total timeout and currently still sometimes hang without printing
> processes.
> 
> Bug: v8:8292
> Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63065}

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ic29013e92c77a9905e06ee13a2449e033285eb36
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735317Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63066}

This will print the list of processes still running before and after
joining workers during termination. This will help debugging hanging
tests during flake-bisect or with num-fuzzer, which both terminate
on total timeout and currently still sometimes hang without printing
processes.

Bug: v8:8292
Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63065}

This reverts commit 6d313607.

Reason for revert: dependency for reverting 9499ec0d

Original change's description:
> [turbofan] Introduce SerializationPolicy enum
> 
> This improves overall readability by replacing bool arguments.
> 
> Bug: v8:7790
> Change-Id: I02f8f43088497c9503f253788ee5e0015c7edc2d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730991
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63032}

TBR=neis@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7790
Change-Id: If6fc192bd8ad9c75fde2cc4aac69922217bfb8f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735313Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63064}

This CL changes {CreateApiFunction} to take an explicit native context
to set on the newly created JSFunction. The CL also adds a new variant
of {ApiNatives::InstatiateFunction}, that takes a native context and passes
it through to {CreateApiFunction}.

This is a refactoring in preparation for a bugfix.
AccessorPairs can be instantiated lazily. At the time of
lazy instantiation, the current context does not necessarily match
the creation context of the holder of an AccessorPair.

Bug: chromium:986063, chromium:989909
Change-Id: Idea4b5052f2baff5c3d916f5ab8ed5017b60699b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735308
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63063}

Building cctest has linking error when gn's args has "is_component_build = true".
This CL make the visibility of "MemOperand" and "UseScratchRegisterScope" from
"hidden" to "default" to solve this problem.

Change-Id: I3ebfaa25d598b4f2d626861b947c93d111d95456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731213
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63062}

Change-Id: I2e0632756ac92b18d2d9a30b03b698b533b34862
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1722564Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#63061}

Increasing the number of scavenging tasks in the previous CL
https://chromium-review.googlesource.com/c/v8/v8/+/1697245
has helped with GC performance but increased memory usage.

This CL ensures that there are at least two scavenging tasks if the
new space size is larger than one MB.

Bug: chromium:982663,chromium:985731
Change-Id: I6edff8b90beb2740a5b75a51cf25f48aa5442482
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733074Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63060}

Relands 64bit atomic wait with ubsan fix, previously reviewed at:
https://chromium-review.googlesource.com/c/v8/v8/+/1728260

This reverts commit 2a383f4c.

Bug: v8:8100, v8:9576
Change-Id: Ibeec86c8a796bfbef9884cdb836892e902030bf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733389
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63059}

Fix the issue involving inconsistent whitespace in BUILD.gn which broke
Node's GN scraper.

Refs: https://github.com/nodejs/node-v8/issues/113
Bug: v8:9579
Change-Id: I5313cd652634b393fb3eab13f0f2bd483a3c6a97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1734946
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63058}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/afb3374..d57f70e

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ib9125d2ace76afc466b898e362dceb5aa9efbe86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735187Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63057}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b2d6a40..afb3374

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I25440be508ac8ae6605e2bfbb099c4a524a90436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735186Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63056}

Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/d0793a0..5e4fce1

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7e9c87e..b2d6a40

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ec6ed57..93ee550

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/59bb8cc..921f6a1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/8215b08..cd2137f

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Id9283dede4d0e54a263c0dbc848f6e03f61d4792
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731381Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63055}

When the --initial-heap-size flag is set V8's heap will grow to that
value without full GCs. Additionally, full GCs will be skipped
if the heap size drops below that value.

This patch also adds a comment for the initial_heap_size_in_bytes
parameter of ResourceConstraints:ConfigureDefaultsFromHeapSize

Change-Id: I85fda14bc6422af7bf2193d530efbc9b0bd0553d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728622
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63054}

Also add a IsExtreme(double) overload.
This wasn't causing issues because there was no codepath
which exercised it (only approx operations did).

Change-Id: If7583fb567137c428d16c0d2cdfc37e086f7f3fd
Bug: v8:8460
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726675Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63053}

4th attempt to reland this after this revert:
https://chromium-review.googlesource.com/c/v8/v8/+/1680553

Required fixes for default values in arrow function parameters and for
eval scopes:
https://chromium-review.googlesource.com/c/v8/v8/+/1710671
https://chromium-review.googlesource.com/c/v8/v8/+/1733077

Original change's description:
> Enable lazy source positions by default
>
> Also adds a compile time flag which allows the default to be configured
> so node can disable it since it hangs the node cpu profiler tests.

Bug: v8:8510
Change-Id: I20fd82f636527e405d73fd5941b1b4c2f134b666
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733078
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63052}

For variable proxies in a function inside an eval scope that point to
a dynamic variable in the eval scope, the current scope resolution will
find this variable only when the function is eagerly compiled, as the
eval scope only exists during top-level eval compilation. This causes
a mismatch between lazy- and eager- compiled functions.

With this patch, we skip these dynamic variables during lookup, so that
the lookup for the variable proxy always finds a kDynamicLocal or
kDynamicGlobal, both when compiled lazily and eagerly. This is a minor
pessimisation of performance (as we know that the lookup has to be
dynamic), but unblocks other improvements which require idempotent
bytecode generation (such as lazy source positions).

Note that the alternative, of simply not tracking dynamic variables on
the eval scope at all, is not viable due to needing this information
during conflict detection.

Bug: v8:8510
Bug: v8:9511
Change-Id: Ifa72ec05e9a97b7be418912340081b9656765fd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733077
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63051}

MIPS64 has a user space of 2^40 bytes on most processors, address
space limits needs to be smaller. 256G is ok, but it will cause
many wasm tests get a OOM error.

This patch also skip some tests which need correct IEEE-745 2008
NaN bit patterns on mips.

Change-Id: I52968df3934e8748b2c42a0abf19db1540441d2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1712929Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#63050}

This makes sure the "parameters" and "results" properties of the passed
FunctionType object can be arbitrary iterable objects, not just plain
JavaScript arrays.

R=clemensh@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: Icba18c418e549deba9fff1855be4956813b1a953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733071
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63049}

This CL adds regression tests for two bugs where the wrong native
context is used when lazy accessors are instantiated.

The first bug injects an object created in context 1, into another
context 2. The object has an accessor pair installed via
FunctionTemplate. In context 2, the property descriptor of this
accessor is retrieved, causing the JSFunction to be instantiated
with the current context (context 2) instead of the creation
context of the object (context 1).

The second bug is similar. When breakpoints are set, the whole heap
is walked and all lazy accessor pairs are instantiated. This again
uses the current context instead of using the context from which
a AccessorPair originates.

Bug: chromium:986063, chromium:989909
Change-Id: Iaaea6e81f1b9f6b55fc7583b260aa9aea035a8d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730999Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63048}

It's too slow and flakes on "V8 Linux - full debug"

Change-Id: I2a83a7a2de6a3865d230edb847a658b1b8b23bec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733076
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63047}

This reverts commit 6a87a478.

Reason for revert: breaks ubsan

Original change's description:
> [atomics] Wire up 64 bit atomic Wait in JS
> 
> Bug: v8:8100
> Change-Id: Ia93319493352e81e727596582cbb23e6e7d604fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728260
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63040}

TBR=jkummerow@chromium.org,joshualitt@chromium.org

Change-Id: Iac014af8238d4eef8fc95128b4603b8118ed3dc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8100
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733387
Auto-Submit: Joshua Litt <joshualitt@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63046}

JSBoundFunctionRef::serialized() and JSFunctionRef::serialized() should
tolerate being called when the heap broker is disabled, because these
methods are now called in the JSCallReducer (in order to log whether
information was missing at serialization time).

Bug: v8:7790
Change-Id: Iac8e68178422bd9bb4ebe2acb412ff42ac87cf4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733075Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63045}

Previously we were also taking into account the machine type

Change-Id: Ic76aad578f00ef24cf17b349d94cdade8f9ee29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733072Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63044}

This is a reland of f5611402

Original change's description:
> [ptr-compr][arm64] Temporarily enable pointer compression on arm64
>
> ... and make sure that the arm64 ptr-compr bots proceed testing V8 without
> pointer compression in order to keep testing the other config.
>
> Commented out the 'extra' variant since it was crashing. Opened a bug
> regarding that: https://bugs.chromium.org/p/v8/issues/detail?id=9568
>
> Similar to x64's https://chromium-review.googlesource.com/c/v8/v8/+/1607654
>
> Bug: v8:7703
> Change-Id: Ifd46b029bab34524f9f536dcdbd1574f2ddcbf37
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724216
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63019}

Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Bug: v8:7703
Change-Id: I1a82b87bf6db4e6d100aeffc29dae60ba73d8119
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730998
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63043}

Trying to use double_registers for fetching single precision fp values creates
four different implementations of this method depending on the architecture, hence
separating them out into their respective folder.


Change-Id: Ide61fe2e7a95bd8427b377959b262633d8c57e61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730663Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63042}

This is a reland of bc33f5ae

Contributed by titzer@chromium.org

Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.

TBR=yangguo@chromium.org

BUG=v8:9380,v8:9221,chromium:986318

Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63041}

Bug: v8:8100
Change-Id: Ia93319493352e81e727596582cbb23e6e7d604fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728260
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63040}

During date parsing, a FixedArray is allocated to store intermediate values,
which is slow. This CL holds the values on stack instead to save time.

This increases the score of JetStream2 Date-format-tofte-SP case by ~2%
on WhiskeyLake Chromebook.

Contributed by hao.a.xu@intel.com

Change-Id: I0d7a20a3ad9c57e3a225fff03efc2e434b20fbbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726744
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63039}

Before this change, the tagged pointer that was loaded was not decompressed.
This makes LoadTaggedPointerFromInstance match the x64 implementation.

Bug: v8:9568
Change-Id: I8fd6d3e8dd13514ae3ef423d1c417f72e1396e4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730993
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63038}