Bug: v8:7700
Change-Id: I117f0ed7df60eff145b0ecd509ffa7debc137038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494239Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79315}

gcc builds seem to have troubles with this:

 error: call to non-constexpr function

Remove the UNREACHABLE() calls for now but keep a TODO to
potentially re-enable them again once we've figured this out.

Bug: v8:7700,v8:12667
Change-Id: I9628a1326c1c4200b90aad25cd2eabfeb06608fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494237
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79314}

1) add relaxed version of Code::main_cage_base accessors and use them
   from in those cases where they can be called from backround thread,
2) pass the main cage base value to IsCode() predicate to avoid
   accessing non-acomic Heap pointer value in page headers from
   background compilation thread.

Drive-by cleanup: use MarkingVerifier::cage_base() instead of
Code::main_cage_base().

Bug: v8:11880, v8:12611
Change-Id: I9fd28c1a3babb862d08fec09f6cfc369beaad231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494238Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79313}

Change-Id: I55fa83f403464522ee8cebb8dd79e9aecdcc23a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492398
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79312}

Don't expose the line end table logic to V8DebuggerScript, but instead
use the existing Script::GetPositionInfo() logic to resolve end line and
column numbers for scripts. This also avoids having to copy (the
potentially huge) line ends tables to std::vector's twice per script.

Bug: chromium:1162229
Change-Id: I03365d42c320d462360bacc444f7fa97904a9748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494240
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79311}

LiftoffAssembler::RecordSpillsInSafepoint

use Safepoint will be mistaken for v8::internal::Safepoint,
which cause build failure on riscv64, change it to use
SafepointTableBuilder::Safepoint

Bug: v8:12665
Change-Id: I597ea04b0c8b466c2f5a322d22ed989d00bedc5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492397Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79310}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/19909af..27d089d

Rolling v8/buildtools/linux64: git_revision:0725d7827575b239594fbc8fd5192873a1d62f44..git_revision:e3f114f46537152cfbdb553015518d1db1b812fd

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/666eff9..2cfdaa8

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6b28c1d..2bad9f0

Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/5e0b0d0..7c9c220

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/5de4327..aa5ea60

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/55aa202..3a67a50

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I51ce67dd1f61d7585c1e107ea24ae80b16a23b07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3496123
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79309}

The following histograms have been deprecated, as they are superseded
by V8.GC.Cycle.*.Young or not needed anymore (next to each, the
corresponding isolate counter):

- V8.GCScavenger (gc_scavenger)
- V8.GCScavengerBackground (gc_scavenger_background)
- V8.GCScavengeReason (scavenge_reason)
- V8.GCScavengerForeground (gc_scavenger_foreground)
- V8.GCBackgroundScavenger (background_scavenger)
- V8.GCMarkCompactor (gc_mark_compactor)

This CL removes the corresponding instrumentation in the code and the
isolate counters.

Bug: chromium:1154636
Bug: chromium:1299555
Change-Id: I62d28ff60ef47a058fe148c7855af8e2c1cc0aed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487548Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79308}

Change-Id: I0938fa9cf52334cbf84a0b38b8e80b88431dff0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494439Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79307}

inspector tests are not yet enabled as a few issues need to be
solved related to endianness and IBM lane numbering.

Change-Id: I3c5c87af45037033d4a112cb7e1da8b7923ce0f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489244Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79306}

Maglev is currently enabled only on x64; BUILD.gn knows about this
through v8_enable_maglev, but v8_check_header_includes doesn't. It
thus tries to compile maglev files on platforms that don't have maglev
support yet.

Add an explicit maglev exclude rule until we support other platforms.

Bug: v8:7700
Change-Id: Iac991741c7d630dc4ed9f9fbf6df7656853cc743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494536
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79305}

This was originally introduced to address http://crbug.com/794941,
to make the disassembly generation for WebAssembly modules lazy.
Nowadays we no longer generate a text representation for the Wasm
disassembly in V8, and this method always returns `false`.

Bug: chromium:794941, chromium:1162229
Change-Id: I8b67e451a3657bf732615585577525aeea2b2f55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494236
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79304}

Bug: chromium:957519
Change-Id: I33377e652f31e5dc54b8941a6b49ea8c76690597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492522Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Stephan Hartmann <stha09@googlemail.com>
Cr-Commit-Position: refs/heads/main@{#79303}

Otherwise std::allocator is used and there is no conversion.

Bug: chromium:819294
Change-Id: Ic93e75a3facef96dc901dda29a6be3b4539b68e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492523Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Stephan Hartmann <stha09@googlemail.com>
Cr-Commit-Position: refs/heads/main@{#79302}

Nowadays these methods allocate a single handle, so there's no point in
having a dedicated handle scope just to close it immediately and escape
the single allocated handle.

Bug: chromium:1162229
Change-Id: I695d8c5577db43b8974b28bdfa6e0600eb41cce9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494156
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79301}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ed3b0ef..19909af

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I1afde2c861ba619fdbbbe403e2899ad09d6adb24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492580
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79300}

Change-Id: I0ecd8450fce35925dc00f5db65a1132deb813b59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483696Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79299}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/f8bb978..ed3b0ef

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0713351c5a01ff0c13fad1ae6ccf1640f4a6af41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492286
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79298}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9e7c4ed..f8bb978

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/8cd7191..2ea265b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/57a228b..666eff9

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/27dbe48..5de4327

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3730026..55aa202

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Id61492b5fe22779aec5c516eeb879a2ea8494bfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3491482
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79297}

The CL gets rid of the assumption that WeakCallbackItem::parameter
always points to an object with a custom callback, which might not be
the case for weak containers. This fixes failures in cppgc-non-default
bot.

Bug: chromium:1029379
Change-Id: I9ab6cb357153801efaa0d902c9eedff07d12ffe7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490932Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79296}

This CL assures scratch registers are passed where needed
and cleans up Simd functions shared between TF and LO.

Change-Id: Ib7633e0d51f3aa92d2bcdfc69d0efe779062af62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489239Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79295}

This reverts commit 679c373e.

Reason for revert: DCHECK failures in post_job.cc when running Chromium gtests, blocking V8 roll into Chromium.
See https://ci.chromium.org/ui/p/chromium/builders/try/mac-rel/928210/overview for example failures/stacks.

Original change's description:
> Reland "heap: Force incremental marking in C++ only workloads"
>
> This is a reland of 4fde3328
>
> Another Blink-related test fix landed, see chromium:1300492.
>
> Original change's description:
> > heap: Force incremental marking in C++ only workloads
> >
> > ... when above a certain minimum threshold. This is to guard against
> > memory running away in scenarios where the JS heap is empty and
> > there's only high throughput C++ allocations that don't allow for a
> > memory reducer GC to kick in.
> >
> > This logic should be revisited after Oilpan's young generation
> > collector is implemented which may allow switching to a more efficient
> > shrinking strategy for initial heap setup.
> >
> > Bug: chromium:1029379, chromium:1300028, chromium:1300492
> > Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#79255}
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: Ida66e0c944094472b4856d5fecef2d199d29549b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487991
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79281}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: Ifbdcf996a91cbdb5cce3b07059c333a7f1a9444a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3491187
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79294}

Bootstrap ShadowRealm.prototype.evaluate, WrappedFunction
and WrappedFunction.[[Call]].

Bug: v8:11989
Change-Id: Id380acb71cd5719e783c8f5d741cc4ccf2a93e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432729Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79293}

The main change is the section name, which is now 'metadata.code.branch_hint'.
The binary format has also a couple of minor changes.
Semantics remain unchanged.

Change-Id: I056c9f672ae494979e8ea55266fa766139b71d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487788Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79292}

Defer reg->reg moves at end-of-block Phi resolution, and resolve them as
parallel moves using a recursive algorithm with cycle detection.

Bug: v8:7700
Change-Id: I74b9e451775595e6ec3bf1ca2f50e483b876f204
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487992
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79291}

After https://crrev.com/c/3484317, passing {nullptr} to the
{CodeSpaceWriteScope} won't work any more. Since the tests do not have a
{NativeModule} to pass instead, make them use
{pthread_jit_write_protect_np} directly.

The jump-table assembler tests have dedicated threads for writing and
executing the code, so we just switch once per thread. The icache test
switches between writing and executing, so we use a little struct for
switching.

R=jkummerow@chromium.org, tebbi@chromium.org

Bug: v8:12644, v8:11974
Change-Id: I116f3ad75454f749cdc4635802a4617ff91548b2
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487995Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79290}

Instead of storing a single register, store the entire RegList. This
simplifies a lot of things. We will use RegLists for free registers etc
too later.

Bug: v8:7700
Change-Id: I32146023c7b9bc9e553e3db98fe034e8cef7d09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487994Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79289}

When we can eliminate a branch-on-type instruction based on statically
available type information and replace it with an unconditional branch,
we have to mark the rest of the current block as unreachable.

Change-Id: I9b8cc2f8e76da0b1b7cdf72b150ec675e9aae1a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490931Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79288}

{Invoke} is the central bottleneck for calling into generated code.
Check that at this point, no {CodeSpaceWriteScope} is open, otherwise
the JS code could write to the code space once it gains access to an
arbitrary-write gadget.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: Ie323cea442a5ea355a1c975b300a1cc5a6edf433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487787Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79287}

In very rare cases we open CodeSpaceWriteScopes for multiple native
modules at the same time, e.g. for tier down (debugging) via

  ExecuteCompilationUnits
--> PublishCompilationResults
--> OnFinishedUnits
--> TriggerCallbacks
--> AsyncCompileJob::CompilationStateCallback::call
--> WasmEngine::UpdateNativeModuleCache
--> RecompileNativeModule [for tier down]
--> InitializeRecompilation
--> FindFunctionsToRecompile
--> CodeSpaceWriteScope

Fixing this would be difficult because we actually want to keep the
CodeSpaceWriteScope open during subsequent publishing. So instead,
remove the assumption that scopes are always only open for one module at
a time.
In order to do this, we remove the {code_space_write_nesting_level_}
counter and instead use the {current_native_module_} field in all
configurations to check whether a scope is currently open, and for which
module.

R=jkummerow@chromium.org

Bug: v8:12644, v8:11974
Change-Id: Idd24c87f5938c43e867c41fa1cd3879def6f3873
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484317Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79286}

The per-Isolate Symbol tables are implemented using NameDictionary
before, which has additional property details overhead
And NameDictionary is limited to 2^23, which limits the Symbol
tables to be a maximum of 2^23.

- replace NameDictionary with SymbolTable in isolate

Bug: v8:12575
Change-Id: Ica4f05aac3494f7dfa3a074c240d4ba25df814e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3476897Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79285}

The helper function removes a register from the list and returns it

Bug: v8:7700
Change-Id: I3f9fe9d30113b9e6c7362dc8443e39ae3d1adf07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488372Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79284}

When checking whether to merge a region with its surrounding regions in
{InsertIntoWritableRegions}, we did not check first whether the
determined {insert_pos} is within the vector. We were thus accessing
(reading) after the end of the vector.

The bug only happened on MSVC builds, suggesting that clang
deterministically read a value which is never equal to the end of the
new region, whereas for MSVC it sometimes happened that we read exactly
the {region.end()} value, and we tried to merge regions.

R=jkummerow@chromium.org

Bug: v8:12643
Change-Id: If30d910ed6e996f7b0e1d8c5b439c3d842a498f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487988Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79283}

R=manoskouk@chromium.org

Change-Id: I6db42a8d851ccccf262be05feb0a7d90369cb78c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487990Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79282}

This is a reland of 4fde3328

Another Blink-related test fix landed, see chromium:1300492.

Original change's description:
> heap: Force incremental marking in C++ only workloads
>
> ... when above a certain minimum threshold. This is to guard against
> memory running away in scenarios where the JS heap is empty and
> there's only high throughput C++ allocations that don't allow for a
> memory reducer GC to kick in.
>
> This logic should be revisited after Oilpan's young generation
> collector is implemented which may allow switching to a more efficient
> shrinking strategy for initial heap setup.
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79255}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: Ida66e0c944094472b4856d5fecef2d199d29549b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487991
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79281}

The {index} argument to {Peek} is unused. Other {Peek} methods use it to
generate the error message, but {Peek} without expected type does not
type check anything so it stays unused.

R=manoskouk@chromium.org

Change-Id: I979063f707f7305987220d6c192db7e679d930ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490930Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79280}

- Avoid handle derefs where possible
- Split off PostProcessNewJSReceiver to avoid additional instance-type
  checks
- Precompute should_rehash_ to avoid additional branches in
  PostProcessNewObject

Bug: v8:12195
Change-Id: Ib80e711ced48b9b43072ada4e7ed72eb11ab0b8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270537Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79279}

Instead of scanning the array of registers, keep an explicit list of
free registers. Stack slots are equally changed to use an std::vector of
free slots instead of a linked list. Now we only need to scan
- the list of free registers when we want to allocate a specific
  register,
- and scan the list of allocated registers to see if the free value is
  already in a different register,
- scan the list of allocated registers to free some register if we don't
  have enough registers (for input, output, or temp).

Bug: v8:7700
Change-Id: Iff41b06aae656b59e4ed25e9066671a21660a73e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489487Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79278}

This reverts commit fe822dc9.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/13306/overview

Original change's description:
> Reland "heap: Force incremental marking in C++ only workloads"
>
> This is a reland of 4fde3328
>
> Two issues in Blink tests have been fixed before this reland.
>
> Original change's description:
> > heap: Force incremental marking in C++ only workloads
> >
> > ... when above a certain minimum threshold. This is to guard against
> > memory running away in scenarios where the JS heap is empty and
> > there's only high throughput C++ allocations that don't allow for a
> > memory reducer GC to kick in.
> >
> > This logic should be revisited after Oilpan's young generation
> > collector is implemented which may allow switching to a more efficient
> > shrinking strategy for initial heap setup.
> >
> > Bug: chromium:1029379, chromium:1300028, chromium:1300492
> > Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#79255}
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I6cd4a4d358bc1a78f2f001ed50dd9bb3f376f49e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488370
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79274}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: If325d40455f433b7910b68b24bb1cf84337f177a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488373
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79277}

Instead of returning false and failing in the caller, do fail inside the
PageAllocator directly. Failure to free pages should never happen, and
handling this case in the PageAllocator directly gives us better options
to surface more detailed information in follow-up patches.

R=mlippautz@chromium.org

Bug: v8:12656, chromium:1299735
Change-Id: I6d2aa3a5613c0f1102210fccbccc6ad0e522a6ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484323Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79276}