Add .exe to the produced executable for the protoc compiler.

Use include_dirs instead of -isystem. Remove some more warnings that
that causes.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Ia6b0df63107470ec78f8038834205a0e4fe34b21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632069
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61893}

There were some cases that were not yet contemplated on machine graph
verifier.

Also, there is some work to be done to create a Compressed HeapConstant.
Until that happens, we have to ignore HeapConstants for
DecompressionElimination's reductions.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: I9de8dd4272866830807a8d88e625e863fb5f1d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632209
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61892}

Due to bug chromium:893437, Torque has ASAN disabled on Windows, which
makes it impossible to run unittests for Torque with ASAN being enabled
in the unittests. To fix this, this skips Torque unittests in the
unsupported configuration.

Bug: chromium:893437
Change-Id: I6c8eee1448c63223af4d7336954190e649d125e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632214Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61891}

R=bmeurer@chromium.org

Bug: v8:9299
Change-Id: I77e8b201bd5fd1c544cced301c8805571c4c1167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632212Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#61890}

Just use standard C++ syntax to define structs and enums instead.

R=ahaas@chromium.org

Bug: v8:9183
Change-Id: Ibae1643bd1dc74267cdd14ec45a36fc65bf0ab4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631410Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61889}

Bug: v8:4153
Change-Id: I0aa5a3947fbeb9b4f186cff459518d95512ec5a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632151
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61888}

Reduces compressions of constants, going from
     Constant <- Compress <- Child
to
     Compressed_Constant <- Child

This pattern commonly appeared when the Constant was being used as a
Store value (e.g StoreElement's value).

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I2e71f79ddd2a6fba42cdfe782cc89fff3a8d5ac1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627988
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61887}

The instruction is the same as the existing {select} instruction with
type. Both inputs must be in a sub-type relationship with the type
specified in the type instruction.

R=clemensh@chromium.org

Bug: v8:7581
Change-Id: Ibead6cd0253210828c8114336ea0942e6cbd6126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631413
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61886}

In a new test suite: "wasm-api-tests", using a new binary "wasm_api_tests",
powered by gtest/gmock (like unittests).
Also fix a bunch of issues that these tests uncovered, mostly to ensure
that the stack is walkable.

Change-Id: I1d5604eea85da078ebecd4ebb7383647595f16ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627539
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61885}

see https://crrev.com/c/1627548
that CL remove this functions declaration in the header file, but did not
drop function definition in the cpp file.

Bug: v8:9183
Change-Id: I98bba3664510c0a6a6a047a8b9c7c43bcc4c3962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631812
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61884}

The DecompressionElimination reducer can handle that case with the
comparison of Decompress vs HeapConstant. There is no need to do extra
work.

Reverts parts of https://chromium-review.googlesource.com/c/v8/v8/+/1518182.
The rest of that CL was reverted in a previous CL where the AccessBuilders
were updated.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I871577e49f9ccd95864af54bdd61884d34b7f223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628792Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61883}

We currently have three different compresses that we thought it could be
a good idea to merge into only one. Merging them would make sense since
they all end up with the same code being generated. However, we would be
losing knowing the MachineRepresentation in the cases of CompressSigned
and Pointer.

For example, in machine-graph-verifier everything will have to be
MachineRepresentation::kCompressed
https://cs.chromium.org/chromium/src/v8/src/compiler/machine-graph-verifier.cc?l=226

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I244e2e61cab2bb87830bc0aabdbe5e43f243b424
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624798Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61882}

Change-Id: I94ad60d487e64fa72cd3123c85a1b8460ea1007b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630671
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61881}

- Fix a non-observable bug in the typer.
- Add some CHECKs where we rely on not receiving None types.
- Remove an explicit handling of None types where it's redundant and
  misleading (later ToNumeric conversions can again introduce None).

Bug: chromium:965911
Change-Id: I4bb84422de3f9297131e7304216b86884f04ed49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630679
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61880}

This removes a special case from JSObject::WriteToField() where we
didn't store anything in case of initializing a double field with
the uninitialized sentinel. Instead we now store the hole NaN pattern
there, as in other places. This makes it possible to do stricter
checking in the TurboFan frontend when it comes to detecting bit
patterns.

Drive-by-fix: Refactor the related code in MigrateFastToFast() to
make it easier to follow the control flow.

Bug: v8:9299
Change-Id: Ic35d05c69fbbb136d422d29ce6abf2b09ebe22a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631606Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61879}

These two calls used Tagged, which may not match the field in question
and thus might leak a MutableHeapNumber.  Since the result was used in a
very limited way, this was not a correctness bug but it should be fixed
anyways.

Bug: chromium:966229
Change-Id: Id237729b60d980ded154f70d03e98375f5edc4cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630681
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61878}

This is a quick fix for the recent bailout-on-uninitialized feature of
the serializer, which does not work with resumables. For now, simply
treat the ResumeGenerator bytecode as if it was an exception handler
entry point. I want to revisit this later because the proper fix might
be to teach the serializer about the SwitchOnGeneratorState bytecode.

Bug: chromium:966560, v8:7790
Change-Id: I48bc6ba7299faa29802159cc7c36f4629667b5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630670Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61877}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/97564df..4cebfa3

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/6884242..0218c0f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4d346fb..a7b3312

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/181e44c..26af0d3

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/9d46446..fe8ba88

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I956064690ecd2aded8da168065711f8d0ca4e210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1629851Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61876}

..to the case where the intermediary add is unused.

Bug: chromium:967186
Change-Id: I8ff95e71fbad88b9b1544f375303eb5400377631
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632071Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61875}

Otherwise, we may execute the checkpoint more often which may change
timing on GCs unnecessarily as this code path is dependen on global
memory scheduling.

Bug: chromium:967573, chromium:948807
Change-Id: I8d5812dc752638801c6729b9b0c5640c3da945d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631608
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61874}

Change-Id: Ie4e12c8b65430a62f7ec045a28417f42e35a4c99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632070Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61873}

Especially for function types, this increases readability significantly.
Also the style guide recommends for 'using' over 'typedef'.

R=mstarzinger@chromium.org

Bug: v8:9183
Change-Id: If2d17863de39383f5a35e089298d37408791ce4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631415
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61872}

In BuildLoadNativeContextField(), we have access to the native context
as a constant. Use it directly, rather than loading from the current
context.

Change-Id: I60cd97586bbe5f8336f809967a3df556d0d43049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630682Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61871}

Now heap checks for the --inline-new flag immediately after setup
before creating the initial objects.

Disabled inline allocation also disables allocation folding.

Additionally, the memory optimizer is changed to not update the
linear allocation area if allocation folding is disabled.

Change-Id: Ie43fe2d1b92c8e86204ee72a273dcf42ac89da59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624803
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61870}

R=bmeurer@chromium.org

Change-Id: I88f3300d34b185e88f8b6f391346630a7c22ecb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631422Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#61869}

Drive-by fix: For JSON, it's illegal to have an \' escape sequence in a
double quote (") string literal.

Bug: v8:8880
Change-Id: I16de0ee731e93f5ea0db8f743c9b363a6bf50a43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631599
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61868}

Win64 unwind data can specify a language-specific handler function which is
called as part of the search for an exception handler, as described in
https://docs.microsoft.com/en-us/cpp/build/exception-handling-x64?view=vs-2019.
This is used for example by Crashpad to register its own exception handler for
exceptions in V8-generated code.
There is a problem in the code that may cause a freeze on abort: in file
\deps\v8\src\unwinding-info-win64.cc in function CRASH_HANDLER_FUNCTION_NAME the
line:
    return EXCEPTION_CONTINUE_SEARCH;
should be
    return ExceptionContinueSearch;

These constants are both used in the context of Win32 exception handlers, but
they have different semantics and unfortunately different values:
EXCEPTION_CONTINUE_SEARCH (=0) should be returned by an exception filter
while a language-specific handler should return an EXCEPTION_DISPOSITION value,
and more precisely ExceptionContinueSearch (=1) in this case.

Bug: v8:9295
Change-Id: I1a3aaabf357e52a909611814f1ea013cf652ae06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1629795Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61867}

Plan to flip to ship in early June (after m76 branch) for chrome m77.
Spec: https://tc39.github.io/proposal-unified-intl-numberformat/
Design Doc: https://goo.gl/ZAtL1f
I2I: https://groups.google.com/a/chromium.org/forum/?fromgroups#!searchin/blink-dev/Intl%7Csort:date/blink-dev/q3U7sPOG1uo/M7XZU7fxAwAJ

Tests:
intl/number-format/unified/*
test262/intl402/NumberFormat/* (tests with Intl.NumberFormat-unified)

Bug: v8:8515
Change-Id: Ica4108d6ffcc8819940cb6cecb15d852ae7cdf14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1629407Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61866}

Instead of generating one CodeStubAssembler-like class per namespace,
Torque-generated macros are now free-standing functions not included
from CSA code, and explicitly exported macros become part of the new
TorqueGeneratedExportedMacrosAssembler, which CodeStubAssembler
inherits from, thus making them available to all CSA code.

Structs are now defined in a new header csa-types-tq.h as free-standing
types with the prefix "TorqueStruct".

This is a preparation for generating per Torque-file instead of per
namespace.

Change-Id: I60fadc493a63f85d1d340768ec6f11ae47be0cb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628787
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61865}

This is a reland of 4b86fea5 with
copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed
(bug led to holes in new space, which was crashing reproducibly
on the ia32 bot).

Original change's description:
> [typedarray] Move external/data pointer to JSTypedArray.
>
> As the next step in supporting huge typed arrays in V8, this moves the
> external/data pointer from the FixedTypedArrayBase backing store to the
> JSTypedArray instance itself, and replaces the special backing stores
> with a plain ByteArray (removing all the code for the FixedTypedArrayBase
> class hierarchy). By doing so, we can drastically simplify the system
> around typed arrays.
>
> Note: Several places in the code base used to check the instance type
> of the elements backing store of a JSTypedArray instead of checking the
> elements kind on the JSTypedArray map directly. Those had to be fixed,
> since the backing store is now always a ByteArray.
>
> Drive-by-fix: Move all the typed elements access related code into the
> elements.cc file to properly encapsulate the accesses.
>
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
> Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
> Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61855}

Tbr: petermarshall@chromium.org
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810
Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61864}

The code that copies code bytes from a MacroAssembler into a buffer in a
CodeRangeUnwindingRecord struct (used to store stack unwinding data) has an
error: it copies the whole MacroAssembler buffer size, not just the size of the
compiled instructions into an "exception thunk" array.
This has no real bad effects, because a CodeRangeUnwindingRecord is stored at
the beginning of a page reserved at the beginning of an isolate code range, but
it is quite bad and we need to fix it.

Bug: v8:3598
Change-Id: I0df0cf0173561cc939e6431bc0f01ef040fc189e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1629310Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61863}

Improve micro-benchmark by ~5x
Before:
ApplySpreadLiteral
ApplySpreadLiteral-Numbers(Score): 279
SpreadCallSpreadLiteral
SpreadCallSpreadLiteral-Numbers(Score): 285

After:
ApplySpreadLiteral
ApplySpreadLiteral-Numbers(Score): 1074
SpreadCallSpreadLiteral
SpreadCallSpreadLiteral-Numbers(Score): 1009


Bug: v8:6831
Change-Id: Ifd676ca13d5b7e86afc1578636fdd4dc2733c474
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628244
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61862}

Consider embedder allocation rate when scheduling full garbage
collections.

Change-Id: If9c40df514c8346e21f6ba63eeca976acce4d122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631423Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61861}

Bug: chromium:948807
Change-Id: If863b552657daf39b76c6f8ba9e7e623eb86f858
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631425Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61860}

On newer compilers the {operator delete} with explicit {size_t}
argument would be instantiated for {CompilationState} and used in the
destructor of {std::unique_ptr<CompilationState>}. The {size_t}
argument is wrong though, since the pointer actually points to a
{CompilationStateImpl} object.
Hence avoid this operator from being created by explicitly providing an
{operator delete}.

R=ulan@chromium.org

Change-Id: I54fef07179b3106f3154ddd43df040fe8e3cdde8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631426Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61859}

This seems like a very specific flag which is rarely used. It not only
adds local overhead, but also requires an additional parameter at
{BuildGraphForWasmFunction}.
Thus this CL removes it completely. Interested parties can still measure
timing locally.

R=titzer@chromium.org

Bug: v8:9183
Change-Id: I5f152cdb9456d1001ed38722d44c71cf5ae44ae3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631420Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61858}

Add test harness so that we can avoid all this boilerplate for common
tests in the future. Use it for the existing perfetto tracing test.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Iddc716aade3eef2431bcc7eaa8b8b6502edaaa00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631418
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61857}

This reverts commit 4b86fea5.

Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045

Original change's description:
> [typedarray] Move external/data pointer to JSTypedArray.
> 
> As the next step in supporting huge typed arrays in V8, this moves the
> external/data pointer from the FixedTypedArrayBase backing store to the
> JSTypedArray instance itself, and replaces the special backing stores
> with a plain ByteArray (removing all the code for the FixedTypedArrayBase
> class hierarchy). By doing so, we can drastically simplify the system
> around typed arrays.
> 
> Note: Several places in the code base used to check the instance type
> of the elements backing store of a JSTypedArray instead of checking the
> elements kind on the JSTypedArray map directly. Those had to be fixed,
> since the backing store is now always a ByteArray.
> 
> Drive-by-fix: Move all the typed elements access related code into the
> elements.cc file to properly encapsulate the accesses.
> 
> Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
> Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
> Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
> Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61855}

TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org

Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61856}

As the next step in supporting huge typed arrays in V8, this moves the
external/data pointer from the FixedTypedArrayBase backing store to the
JSTypedArray instance itself, and replaces the special backing stores
with a plain ByteArray (removing all the code for the FixedTypedArrayBase
class hierarchy). By doing so, we can drastically simplify the system
around typed arrays.

Note: Several places in the code base used to check the instance type
of the elements backing store of a JSTypedArray instead of checking the
elements kind on the JSTypedArray map directly. Those had to be fixed,
since the backing store is now always a ByteArray.

Drive-by-fix: Move all the typed elements access related code into the
elements.cc file to properly encapsulate the accesses.

Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183
Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61855}

Add a new abstract class TraceEventListener which is just an interface
for consuming trace events. This separates the V8-specific stuff that
an actual perfetto consumer needs to do e.g. handling the has_more flag
and signalling back to the controller with a semaphore.

This is a change from the previous plan of making the PerfettoConsumer
class sub-classable to implement custom consumption of trace events.
This will be difficult when the consumer is created outside of the
PerfettoTracingController as we can't hook up the
consumer_finished_semaphore_ that belongs to the controller.

Now the PerfettoTracingController is responsible for the Consumer life-
cycle and hides it entirely from callers. We add the
AddTraceEventListener() method to allow callers to register a listener
either for testing or a JSON listener for real tracing.

This lets us write tests that can store all the trace events in memory
without first converting them to JSON, letting us write test more
easily. There's an example test add to test-tracing - more tests using
this style will follow.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I2d2b0f408b1c7bed954144163e1968f40d772c1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628789
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61854}