... intrinsic.

This CL also adds stack arguments support in CallBuiltin.

Bug: v8:7700
Change-Id: I59d900414585f724c48f1557ba606f5b61cfb6da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813073Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#82355}

Bug: v8:12612
Change-Id: Ibd20ba65e81b86239e254b945c4c6c9c6137b714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822687
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82354}

Port commit 00746406

Change-Id: I9bd985b882ca2e39b24131bd6e0609920b826398
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823859Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#82353}

... which will be necessary once builtins become Code-less.

Bug: v8:11880
Change-Id: If48739c3a058e6baf3c2e062d8eaace062c27592
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822686Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82352}

ML-TF tiering remains very similar to Ignition-TF tiering:

- When the interrupt budget is exhausted, enter the TieringManager
  which potentially decides to tier up and sets the appropriate
  TieringState on the FeedbackVector.
- The prologue on ML function entry recognizes the TieringState (and
  also available cached TF code) and starts compilation and/or jumps
  into optimized code.

TODOs:

- ML-to-TF OSR is not yet supported.
- ML code is no longer cached on the FeedbackVector.
- Tracing is rudimentary.
- The generated function-entry prologue is fairly large and must be
  either minimized or extracted into a builtin.
- Tiering involving Sparkplug is not entirely robust yet (Sparkplug
  code may be installed with unexpected timing).

Bug: v8:7700
Change-Id: I86b0692477f51b9967f318a4093bc874344120b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629149Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82351}

- Add explicit --turbo-profiling-output and --turbo-profiling-input
- Rename --turbo-profiling-log-file to --turbo-profiling-input
- No longer log PGO data to v8.log
- Add runtime %GetAndResetTurboProfilingData helper function for
  more controlled logging within chrome
- Rewrite generate.py script to use more python3

Bug: v8:10470
Change-Id: Ib817b5c3793a0a7ae77103075ea2d6f6d0282150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820381Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82350}

This adds a new {base::OS::SetDataReadOnly} method, which is similar to
{SetPermissions(kRead)}, but using another system call on Windows such
that it works on pages in the data segment.
{VirtualAlloc} will fail if called on a page of the data section,
whereas {VirtualProtect} succeeds. For the general {SetPermissions}
API we still want to use {VirtualAlloc} though, as it also changes the "committed" state of the pages.

Note that we do not add a platform API for this, as the memory was
never allocated through the platform. We just directly protect it in
V8.

R=mlippautz@chromium.org

Bug: v8:12887
Change-Id: If83bf6e5c500cc5cf08c76d04dfac5e2b4d35a2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820482Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82349}

This reverts https://crrev.com/c/3778717, and also switches "Promise"
to a boolean enum.
The underlying clang crash is fixed, see linked issue.

R=thibaudm@chromium.org

Bug: chromium:1344641
Change-Id: I7fac50eb4f1155aca1c101f01892df78cdde46e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823128Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82348}

Bug: v8:7700
Change-Id: I036ac71324e0c1c96a4da4aacdb5a6718726db31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3821203Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#82347}

Bug: v8:7700
Change-Id: I92596898718a57ea9d8fbd002306aa45a8e9a549
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3821206Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#82346}

Bug: v8:11525
Change-Id: I69c08f3cc4ee6b391e462a5d49de750f34bbc8cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3815487Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#82345}

Port c3ca8158

Original Commit Message:

    In release builds, FLAG_debug_code is statically false. Without LTO,
    this information is not available to callers of the various Assert
    functions though.
    This CL defines the methods as empty if V8_ENABLE_DEBUG_CODE is not set.
    This removes some calls from non-LTO builds, and might even slightly
    improve LTO builds if we enable more optimizations earlier in the
    pipeline.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I5c82eed38db6a2f49e833410554231bc61518b18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820068Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82344}

Introduce common bottleneck for all incremental marking step
invocations from a task context. This will later be used to move
code out of IncrementalMarking::Step.

Bug: v8:11708
Change-Id: Iba2dc2402083f8b4152ded56eaf0e13d473442a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822682Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82343}

This is a reland of commit 6953b555

The reland fixes tests that retrieved the stack start from a
non-inlined frame's fp. This does not work in certain configurations
as the resulting marker is too low to consider the first local
variables in subsequent calls.

The fix uses an inline frame address for the tests to get an upper
bound of stack addresses to consider.

Original change's description:
> [handles] Remove precise on-stack representation of global handles
>
> Since https://crrev.com/c/3806439 on-stack traced handles are marked
> conservatively when being used in combination with CppHeap.
>
> This change removes the precise on-stack representation of the
> internal traced nodes as they nodes would anyways be marked
> conservatively. The effects are:
> - cheaper representation (just a single node space);
> - uniform handling: no checks to distinguish on-stack vs on-heap;
> - no brittleness around cleaning on-stack handles when the event loop
>  is empty;
>
> Change-Id: Id859623bfed77a66bdd064ea8065536264515eae
> Bug: v8:13141
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82306}

Bug: v8:13141
Change-Id: I53ece36220e99d02be6df18f83c18450e5d5037b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820585Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82342}

Growing Wasm memory is allowed to fail nondeterministically.
I checked locally that this is indeed what is making this test fail in
--verify-predictable mode.

R=jkummerow@chromium.org

Bug: v8:13167
Change-Id: I91d21c91481ac692a9f6000be45d43d517e76cd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822684Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82341}

Tail call the StringAdd_CheckNone builtin. This also avoids the need to
create a frame.

X64 code before:
     0  55                   push rbp
     1  4889e5               REX.W movq rbp,rsp
     4  6a20                 push 0x20
     6  488b5500             REX.W movq rdx,[rbp+0x0]
     a  488b52f0             REX.W movq rdx,[rdx-0x10]
     e  8bb2c7000000         movl rsi,[rdx+0xc7]
    14  4903f6               REX.W addq rsi,r14
    17  e8a402f3ff           call 0x7f2effeb5a80 (StringAdd_CheckNone)
    1c  488be5               REX.W movq rsp,rbp
    1f  5d                   pop rbp
    20  c3                   retl

X64 code after:
     0  488bd5               REX.W movq rdx,rbp
     3  488b52f0             REX.W movq rdx,[rdx-0x10]
     7  8bb2c7000000         movl rsi,[rdx+0xc7]
     d  4903f6               REX.W addq rsi,r14
    10  e9ab02f3ff           jmp 0x7fed7feb5a80 (StringAdd_CheckNone)

R=jkummerow@chromium.org

Bug: v8:12868
Change-Id: Ie722fb57abcd649d2586aad2c4aca55ff218fe43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823127Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82340}

This is a reland of commit b67385d2

The fix landed in https://chromium-review.googlesource.com/c/v8/v8/+/3819643

Original change's description:
> [wasm] Enable lazy compilation on --future
>
> This should increase test coverage of lazy compilation.
>
> R=clemensb@chromium.org
>
> Bug: v8:12852
> Change-Id: I205f4b642576add07db5851126370becdad52fb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784597
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82291}

Bug: v8:12852
Change-Id: I97c0aa7962b79e04dd778520e4c3108e20b83c10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819641
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82339}

Bug: v8:7748
Change-Id: I90c24cbddee7744fba779a0c25f5e4dd860137a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823125
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82338}

This CL adds a small inspector test to verify that Runtime.evaluate
with silent on/off can be interleaved while replMode is true for all
evaluations.

This is to check that the interaction between console and live
expressions works as expected when the user enables
"Pause on exceptions".

R=bmeurer@chromium.org

Bug: chromium:1335439
Change-Id: Iebd3f9f207312dc6dcd3d0b9a8483ef09608528f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822685Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82337}

Bug: v8:7700
Change-Id: I7dfc1e87b57455cc5b4622a67ac7c27df216c195
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823126Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82336}

The original CL triggered a fail in a test that was actually broken.
This broken test has now been disabled.

Original CL description:

> In a subsequent CL, I'll need to do String allocations in Turbofan (in
> the background), where only a LocalFactory is available. By moving
> those string allocation functions to FactoryBase, they will also be
> available in the LocalFactory.
>
> Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82262}

Change-Id: I89108038bd7b3d1e99ad16837fd730b7703d3c9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816669Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82335}

as part of --instruction-stats.

Change-Id: I4504514fa291a28bc04dec31d8a444b316e7d7b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823123Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82334}

Bug: v8:7700
Change-Id: I951d87ad737e67e570f521f5fec24ec9de821b02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823122Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82333}

Since targets might not yet exist, we skip them.

Bug: v8:7700
Change-Id: I6ae8a4fd7cbba3ead1f1a13865841d631796090d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823121
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82332}

In order to support a larger heap cage (8GB, 16GB), the cage offset
will take up more than 32 bits. As a consequence, for 8GB cages, the
least significant bit of the cage offset will overlap with the most
significant bit of the tagged offset. To avoid this, allocations need
to be aligned to 8 bytes to free up one bit from the offset.

All changes are deactivated behind the build flag
`v8_enable_pointer_compression_8gb`. Allocation folding is not yet
supported.

Bug: v8:13070
Change-Id: I602c71232e98eac4e2701b0922704a7adc31a662
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817741
Commit-Queue: Teo Dutu <teodutu@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82331}

... which affect how builtin calls are generated.

This CL replaces the following boolean options
 - builtin_calls_as_table_load,
 - inline_offheap_trampolines,
 - short_builtin_calls,
 - use_pc_relative_calls_and_jumps,

with an enum BuiltinCallJumpMode and a boolean option
use_pc_relative_calls_and_jumps_for_mksnapshot.

Bug: v8:11880, v8:11527
Change-Id: Ia842b1d126c99dbe83e5b4f6118dcd44082ed168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820063Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82330}

Bug: v8:10470
Change-Id: I5208f4ae69fec1e76acacd8463d2238f34a0a770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820484
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82329}

Bug: chromium:1351511
Change-Id: I4ff4babda6082ba7fe11d8c1d4201679ce1d8af8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822681
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82328}

This CL includes:
1) Using 1 full GC instead of 2 young GCs to force object promotion.
2) A couple of needed bailouts.
3) Using manual evacuation candidates in old space to ensure an object
   is evacuted (moved to a different address)  instead of relying on
   Scavenger.
And some other minor tweaks

Bug: v8:12612
Change-Id: Idfd925ccdf30215998ab6e7cc632ce750fa2077a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816661Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82327}

Change-Id: I1944a179131af2027bd69a4e39e0c4e0eafb1a65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820582
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82326}

{memory-protection-unittest} assumes that code objects exist after
compilation. This is not true with lazy compilation. Therefore this
CL disables lazy compilation in the test.

R=clemensb@chromium.org

Bug: v8:12852
Change-Id: I66039319fdfe4354afb32064e3e9105d334f5b07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819643Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82325}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/664331e..93068bf

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/1453422..b11e87a

Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/de32b18..04b3350

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/5a9c565..22963c3

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ib29e7bf1f76cd478649042b72b1ef206253be05d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822343
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82324}

Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/75bbec9..fe1bc75

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/c38cbd4..a097a1a

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4755386..743fa6c

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220808.1.1..version:9.20220809.0.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie2465a278282d628e045424bcb333a4428d6023e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822341
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82323}

form"

This is a reland of commit 6ca3adb9

Fix build failed with V8_MAP_PACKING.

Original change's description:
> [ptr-compr][x64][compiler] Support load map in compressed form
>
> ...to allow pointer decompression at use-site.
>
> Bug: v8:13056, v8:7703
> Change-Id: If369286814c76340a945cc2a9fd863888a813080
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811737
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
> Cr-Commit-Position: refs/heads/main@{#82242}

Bug: v8:13056, v8:7703
Change-Id: Ic753558058f70f6ee7850019aac9235b87d0e56a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3815779
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82322}

Black allocation is already enabled when starting incremental marking.

Bug: v8:12775
Change-Id: I492c3ab89a3a3251ab005d2f3fc4ee46f28f5615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820067
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82321}

This reverts commit 97d1ab6c.

Reason for revert: simplified lowering verifier crashes on GPU bots:
https://ci.chromium.org/ui/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/20848/overview

Original change's description:
> Reland "[turbofan] Support Phi nodes in SL Verifier"
>
> This reverts commit 82a876b0.
>
> Bug: v8:13086, v8:12619
> Change-Id: Idcc42f36b642fefb3ed706214e7385cccc89effc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779687
> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82285}

Bug: v8:13086, v8:12619
Change-Id: I7a2fb19eb752403337d45de0a7ca02a5d8842766
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820904
Auto-Submit: Adam Klein <adamk@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82320}

This CL tries to improve readability of TryMarkingComplete() by
splitting it up into multiple smaller methods.

It also removes StepResult::kWaitingForFinalization since this was
only used in one test which could easily be rewritten to not need this
value. This makes CombineStepResult() and Step()s return value simpler
to understand.

Bug: v8:12775
Change-Id: I981bc7b736246ab53058d1e61e3c67db0d1130b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816668Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82319}

Port e5524920

Original Commit Message:

    This might or might not give clang-tidy a hint that the reported case
    (see issue) cannot happen. It might also generate slightly better code
    by giving hints to the compiler.
    Note that V8_ASSUME is actually a DCHECK in DEBUG builds, so we do not
    loose any checks here.

    Some DCHECKs were removed because they are redundant
    (RegisterBase::code() assumes to be only called on valid registers).

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I653d398eb4b6b10fa769de62a9900edda95dd5db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820583
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82318}

Port 1067c6ac

Original Commit Message:

    ... - a code range size agnostic version of InterpreterEntryTrampoline
    builtin. The new builtin is fully compatible with the default version
    and used as a template for creating interpreter entry trampoline
    Code objects when --interpreted-frames-native-stack is enabled.

    This CL introduces a new assembler option "position_independent_code"
    which affects the way builtin calls are generated.
    This mode is enabled only for InterpreterEntryTrampolineForProfiling.

    Motivation:

    * InterpreterEntryTrampoline uses RelocInfo::CODE_TARGET for calling
      other builtins which requires the code range to be small enough to
      allow PC-relative jumps/calls between Code objects. This is the
      reason why --interpreted-frames-native-stack was not supported on
      arm and might not work on arm64 because the code range is bigger
      than the max PC-relative distance for call/jump instructions.
      The new builtin calls other builtins via builtins entry table which
      makes the code fully relocatable and usable for any code range size.

    * RelocInfo::CODE_TARGET requires a target code to be materialized
      as a Code object which contradicts the Code-less builtins goal.

    * The --interpreted-frames-native-stack is rarely used in the wild but
      we have to pay the price of deserializing InterpreterEntryTrampoline
      builtin as a Code object which consumes address space in the code
      range and thus limits the number of V8 isolates that can be created
      because of code range exhaustion. Now the pointer compression cage
      becomes the limiting factor instead of the code range.

    * We can remove complicated logic of Factory::CopyCode() and respective
      support on GC side.

R=ishell@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I2ed5edbffc5c33717f4becf8370369f7a4d000fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816765Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82317}

Change-Id: I18190e902929d5b513b0a897faaddb8750f9b27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820066
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82316}