Port ed60adb5

R=machenbach@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Bug: v8:11134
Change-Id: I02d0899df33633c15a5911b055a7e34961d8982f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739647Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73245}

Port: c2a1d633

Bug: v8:9198
Change-Id: I5b448fec800b0db2860f415dd3ddcfe98728b501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2738791
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#73244}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1d395a4..426f691

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/fe29ae7..47a0930

Rolling v8/third_party/aemu-linux-x64: 4yn313S199CgJrH0XVuCHKiXUdTRA6xvUirpQa02vu0C..bA9tqm_KjeEA4nnfJ882IxW2o2pJSsODi2wo4fvcXz4C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/cdacb3b..4f82770

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/3f58a79..4ec3fd3

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/791d56c..630ab8a

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I1969cd666f1a013195b0e251fb77cff1149a0f79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739537Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73243}

- Renames StackParameterCount to ParameterSlotCount, to avoid
  confusion between slots and parameters, which are not in general
  equivalent.
- Similarly, renames StackReturnCount to ReturnSlotCount.
- Adjusts the result of GetFirstUnusedStackSlot to return one more
  than the last slot of the argument area, not including padding.
- Renames GetFirstUnusedStackSlot to GetOffsetToFirstUnusedStackSlot
  to reflect that the result is an offset from callee to caller
  frames.
- GetReturnsOffset is a little clearer, with adjustment for the
  different semantics of GetFirstUnusedStackSlot.
- Renames 'optional_padding_slot' and 'first_unused_stack_slot'
  variables in Tailcall codegen to reflect that these are offsets.

Bug: v8:9198

Change-Id: Ib73c52710dc1f3ead640d488a6fdeb605b7b665e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2700099
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73242}

This is a (manual) reland of ba87518e071a75fb951b490d3f75a87ca715cc23

It is unchanged, except to rebase around a merge conflict.
TBR=neis@chromium.org, jgruber@chromium.org

Bug: v8:9198

> [codegen][frames] Generalize argument padding slot code
>
> - Removes kPadArguments boolean.
> - Changes ShouldPadArguments to ArgumentPaddingSlots to reflect
>   that on some architectures more than 1 padding slot may be needed.
> - Adds AddArgumentPaddingSlots and ShouldPadArguments convenience
>   functions.
>
> Bug: v8:9198
>
> Change-Id: Iba87518e071a75fb951b490d3f75a87ca715cc23
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679109
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72605}

Change-Id: I2a9022964d3bafe68c5c1e7de0ae7e837dd5c2e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2740457Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73241}

Using hack mentioned in https://unicode-org.atlassian.net/browse/ICU-20710
to address the short coming in the ICU IntervalFormat

Bug: v8:11411
Change-Id: I38e54d3617f24afbd9dc4355f946850d7a506116
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713573
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73240}

This is a reland of b18bc221

It is unchanged, so:
TBR=jgruber@chromium.org, georgia.kouveli@arm.com

Original change's description:
> [compiler][linkage] No allocation of slots after aligning a frame
>
> - Adds DCHECKs to make sure no stack slots are allocated after
>   aligning a frame.
> - Changes Arm64 CodeGenerator::FinishFrame to align the frame after
>   allocating callee-saved registers, and relaxes the constraints on
>   the number of callee-saved registers.
>
> Bug: v8:9198
> Change-Id: Iacb0518b57fa3ea2ff801eda69719f4c32733850
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2694104
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72781}

Bug: v8:9198
Change-Id: I0b809fab67586ac188c39ef1569c0b2ceb60d3b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2738957Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73239}

This is a reland of 352b9ecb

The test/fix CL has been merged in, as the fixes to return slot
accounting are needed to fix Arm64 issues turned up by the fuzzers:

https://chromium-review.googlesource.com/c/v8/v8/+/2644139

The reverted fix for Wasm return slot allocation is added in
patchset #2, to avoid fuzzer issues that it fixed:

https://chromium-review.googlesource.com/c/v8/v8/+/2683024

TBR=neis@chromium.org

Original change's description:
> Reland "Reland "[compiler][wasm] Align Frame slots to value size""
>
> This is a reland of 1694925c
>
> Minor fix to linkage for constexpr.
>
> TBR=ahaas@chromium.org,neis@chromium.org
>
> Original change's description:
> > Reland "[compiler][wasm] Align Frame slots to value size"
> >
> > This is a reland of cddaf66c
> >
> > Original change's description:
> > > [compiler][wasm] Align Frame slots to value size
> > >
> > > - Adds an AlignedSlotAllocator class and tests, to unify slot
> > >   allocation. This attempts to use alignment holes for smaller
> > >   values.
> > > - Reworks Frame to use the new allocator for stack slots.
> > > - Reworks LinkageAllocator to use the new allocator for stack
> > >   slots and for ARMv7 FP register aliasing.
> > > - Fixes the RegisterAllocator to align spill slots.
> > > - Fixes InstructionSelector to align spill slots.
> > >
> > > Bug: v8:9198
> > >
> > > Change-Id: Ida148db428be89ef95de748ec5fc0e7b0358f523
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512840
> > > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > > Reviewed-by: Georg Neis <neis@chromium.org>
> > > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#71644}
> >
> > Bug: v8:9198
> > Change-Id: Ib91fa6746370c38496706341e12d05c7bf999389
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2633390
> > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#72195}
>
> Bug: v8:9198
> Change-Id: I91e02b823af8ec925dacf075388fb22e3eeb3384
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640890
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72209}

Bug: v8:9198
Change-Id: Ia5cf63af4e5991bc7cf42da9972ffd044fc829f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733177
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73238}

Bug: v8:11511,v8:6020
Change-Id: I07b87b2a3a2ea08def9be2d0da808c013dd6fc2a
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728245
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73237}

This moves all wasm-related runtime functions from runtime-test.cc to
runtime-test-wasm.cc, which makes it easier to fully exclude them later.

R=ahaas@chromium.org

Bug: v8:11238
Change-Id: I3bc1c175b8db8837097308ed09aab69725dcf5aa
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739648
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73236}

This is a reland of 36a7cba2

Unchanged, so:

tbr=clemensb@chromium.org

Original change's description:
> Reland "[wasm][liftoff] Respect CallDescriptor linkage"
>
> This is a reland of 94283811
>
> Patchset #2 fixes the Arm bug. A vpush is used to push the slot,
> so subtract kSimd128Size from the stack decrement to get padding.
>
> Original change's description:
> > [wasm][liftoff] Respect CallDescriptor linkage
> >
> > - Adds the actual stack slot location to LiftoffStackSlots::Slot.
> > - Adds SortInPushedOrder method for architectures that push
> >   parameters.
> > - Changes the LiftoffStackSlots::Construct signature to take the
> >   number of parameter slots in total, and changes implementations
> >   to insert padding when slots aren't contiguous.
> > - Changes Arm MacroAssembler::AllocateStackSpace to check the
> >   immediate value, and to be a nop when it's zero.
> >
> > Bug: v8:9198
> > Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73191}
>
> Bug: v8:9198
> Change-Id: Iae4930e28dd7fc634e3709a5726379c6b37e5195
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735984
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73195}

Bug: v8:9198
Change-Id: I45c2b6fc8c38ef864a0bd7a7be5b431c7b8855a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739737
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73235}

This CL removes wasm-js.cc from compilation if
v8_enable_webassembly=false. In order to do so, an alternative
implementation of {v8::WasmStreaming} has to be provided, because the
public API should stay unchanged. The only path to obtain a
{v8::WasmStreaming} object is via {v8::WasmStreaming::Unpack}, which
will always fail if WebAssembly is not supported. Hence all methods in
{WasmStreamingImpl} are unreachable.

As a drive-by, this CL removes all includes from src/wasm in src/init
(bootstrapper.cc would have been done anyway, and v8.cc is just a few
 changes).

R=jkummerow@chromium.org

Bug: v8:11238
Change-Id: Ic0638eb5cda91ec29c1c07ef400bc670c91630fb
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737300Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73234}

Bump wasm-spec-tests version since the opcodes have also changed.

Also add missing opcodes to wasm-module-builder.js.

Bug: v8:6020
Change-Id: I60dcf1b300a5278aab5e1814c9ebf4ee85c60053
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728432Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73233}

0x7b is the encoding for SIMD v128 types, so it will become valid when
we turn SIMD on by default. Use kWasmStmt (0x40) instead, it is not a
valid in the function signature position (which requires a value type).

Bug: v8:11511
Change-Id: Ife152e81d831a059a0122f9255897d97b5dc4fc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739054
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73232}

Bug: chromium:1056170
Change-Id: Ic6e40d5e5e9bcca28a8c344adfab06f4e88701aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737302
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73231}

This removes the {wasm_engine_} field from the isolate if
v8_enable_webassembly=false. This avoids any includes from src/wasm in
isolate.{h,cc}.
Unconditional access to the wasm engine in other parts are also #if'ed
out to avoid nullptr accesses.
Long-term, the {Isolate::wasm_engine()} method will be fully removed,
but this can only be done once src/wasm is excluded from compilation.

R=jkummerow@chromium.org, petermarshall@chromium.org

Bug: v8:11238
Change-Id: Ie3738884ec17ccc0a3027b91a2415c2c633ca774
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737298Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73230}

This fixes a compile error after https://crrev.com/c/2715193.

TBR=bmeurer@chromium.org

Bug: v8:11238
Change-Id: I0b063fab4c00263b05af057534a9093ad0ddbf7d
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739635Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Eric Leese <leese@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73229}

If we use code from the cache, we have to re-install it in the
NativeModule. Otherwise it won't be hit on calls.

R=thibaudm@chromium.org

Bug: v8:11516
Change-Id: Ie5f035e490d6525147a05b1fda1038b030e25d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739644Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73228}

R=thibaudm@chromium.org

Bug: v8:7581
Change-Id: Ifd10d1ce6129021ebb16dd85e6213210e4cc2e36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739636Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73227}

Change-Id: Ia1f970cf997f12f21c1553e20fb836194f3b1a1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739638Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73226}

The TryInfo is allocated in the zone and its destructor is never
called, so the catch_label allocated on the heap is never freed.
Add the Label as a non-pointer field of the TryInfo instead.

R=clemensb@chromium.org

Bug: chromium:1184925
Change-Id: Ic0246d15a6474c56a78f167eba51caca9ec5b453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739645
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73225}

This CL is part of a series that makes SwissNameDictionary available
as a new property backing store. Currently, the flag
v8_dict_mode_prototypes allows selecting between NameDictionary and
OrderedNameDictionary as the backing store used for all dictionary
mode objects. This series of CLs changes this such that enabling the
flag causes SwissNameDictionary being used instead of
OrderedNameDictionary. The behavior for when the flag is not set
remains unchanged (= use NameDictionary).

This particular CL just collects many small changes.

Note that the changes this CL makes to literal-objects.cc do not
fix the problems with the enumeration order of computed property
names in classes that currently exist when using OrderedNameDictionary.
This will be fixed separately.

Bug: v8:11388
Change-Id: I6b98f61c395b4f2788407d6a34363ef8863cce9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735834
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73224}

WasmJs::Install uses command line flags for feature detection, because
the context is not yet available to detect origin trial flags.

Exception handling is available via an origin trial, so make sure that
the exception constructor is installed regardless of the command line
flag.

R=ahaas@chromium.org

Bug: chromium:1183026
Change-Id: Ie0950ce19adeafea6e46892098c9485d6f9da792
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732022Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73223}

No-Try: true
Bug: chromium:1156547
Change-Id: Idb7e43732da6100ee9ff28ad03785a4dc8972c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739640
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73222}

This CL generalized the previous check that a FunctionTemplateInfo
instance is not changed after being instantiated to a check for
immutability after being published. A FTI is considered published once
it is instantiated (set in a SharedFunctionInfo) or set as an accessor
on a JSObject. The published state is tracked in the flags field.
TurboFan relies on this immutabilty for concurrent access.

The immutability requirement was already met before this CL, but this
change enforces this by adding necessary checks.

Change-Id: I4d214e7aed8e04339072c2870caef1c28c772ed5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718147Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73221}

... to different attributes or different property kind.

Bug: chromium:1161847, v8:9233
Change-Id: I5a6e1e012c6afcf09ed9da6bbf9f33c1007c3d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727272Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73220}

Leftovers from https://chromium-review.googlesource.com/c/v8/v8/+/1254123

Change-Id: I1fde604cbaff636307c8e5c9a7c69bf61bd37d20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735635Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73219}

Adjust also the TurboFan implementation to match the style of other
instructions like table.copy and table.fill.


R=thibaudm@chromium.org

Bug: v8:7581
Change-Id: Icad042055fc321855d7ffba6cd2245b016dbc013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735636
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73218}

- Make explicit that Code::bytecode_offset_table is only used with
  sparkplug code.
- Add more DCHECKs on CodeBuilder setter
- Code::source_position_table is always a ByteArray

Bug: v8:11429
Change-Id: I27f84f0d6e325ca5b616412084227b9a7198d367
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2721769Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73217}

R=thibaudm@chromium.org

Bug: v8:7581
Change-Id: I023d7f9be1d7e2211c400cc5c774c0a681c4c190
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735634Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73216}

This adds the possibility to define non-nullable function tables of heap
types kFunc and user-defined functions. When such table is defined, it
is obligatory to provide an initializer expression after its limits.
Currently, this can only be a function reference.

Changes:
- Change WasmTableObject::raw_type to encode the whole entry type.
- Restructure call_indirect to load the signature only if needed, and
  do null checks only if needed.
- Add the requirement to provide an initializer expression for
  non-nullable tables in module-decoder.
- Rename "global initializer" -> "initializer expression" everywhere.
- Add table initialization in module-instantiate.
- Edit both the C++ and JS WasmModuleBuilder.
- Add and slightly improve tests.
- Format wasm-module-builder.js.

Bug: v8:9495
Change-Id: I7453ee7d567afd5b5fe48a4f1653513787cfe99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732673
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73215}

This CL implements table.fill in Liftoff. For that I also changed the
TurboFan implementation to call the runtime through a builtin instead of
calling the runtime function directly. This has the advantage that we
don't have to convert the parameters to Smi in the generated code.

R=thibaudm@chromium.org

Bug: v8:7581
Change-Id: I26793509f8d44582d6a46d25d0c2fc933068f4fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735314Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73214}

This CL is part of a series that makes SwissNameDictionary available
as a new property backing store. Currently, the flag
v8_dict_mode_prototypes allows selecting between NameDictionary and
OrderedNameDictionary as the backing store used for all dictionary
mode objects. This series of CLs changes this such that enabling the
flag causes SwissNameDictionary being used instead of
OrderedNameDictionary. The behavior for when the flag is not set
remains unchanged (= use NameDictionary).

This particular CL
a) moves two operations from ordered-hash-table.cc to
swiss-name-dictionary.cc (which were itself just copies of existing
functions, see the existing TODOs about cleaning this up).

b) adds a new getter for the SwissNameDictionary backing store,
called JSReceiver::property_dictionary_swiss.

c) contains a first wave of replacing usages of
OrderedNameDictionary with SwissNameDictionary.

Bug: v8:11388
Change-Id: Ie6b45571aee3646c0c0d3937b3c25f0f033810dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732676Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73213}

This adds support for WasmGC objects (structs/arrays) to the
inspector backend. For prettier printing, it also adds support
for reading the "type" and "field" subsections of the "name"
section in Wasm modules.

This patch includes a revert of most of commit
crrev.com/987a7f4a because
types are more complicated now.

Bug: v8:7748, chromium:1177784
Change-Id: Icec52cbbb32291b0e773b40be6771a678c6ec79b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2715193
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73212}

Now that double unboxing is removed, the concurrent marker can directly
visit all JSObjects without snapshotting them first.

Bug: v8:11422
Change-Id: Ib5cb4d0b39fd2654f4e417a09c9497d134fea1ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732009
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73211}

For example, there is no need to do UncheckedCast<Object>(obj), if obj
is already of type Object.

Bug: v8:6949
Change-Id: I44278a023cb8741ead7b554569c66f412f01ffee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737294Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73210}

Port: 430407cd

Bug: v8:6020
Change-Id: I9e4e3f21a1adc87f83ff7ebf6c157f9c453353e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2738894
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#73209}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d98aad9..1d395a4

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/781cef0..523462a

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/8f03866..fe29ae7

Rolling v8/third_party/aemu-linux-x64: utMThAHCm2co_NtVTIgysmvQlZ4OLWTUAedi23ThU2MC..4yn313S199CgJrH0XVuCHKiXUdTRA6xvUirpQa02vu0C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1f50378..cdacb3b

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e0a2e12..3f58a79

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/1ab4fae..791d56c

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I37bd514f8990f340f170912eab13bd87fdbc0922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2738675Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73208}

This is a reland of 0c63aa9e

Fixes the correctness fuzzing BUILD.gn breakage.

Original change's description:
> [ptr-cage] Reserve base registers on x64 (r14) and arm64 (x28)
>
> Also add a V8_COMPRESS_POINTERS_IN_SHARED_CAGE define when pointer
> compression is enabled.
>
> This CL is to get performance numbers for reserving an extra register.
> There is no actual pointer cage yet, and the base register will always
> have the same value as the root register. The pointer decompression code
> is switched to using the base register instead of the root register.
>
> Bug: v8:11460
> Change-Id: I40bae556c2098608fb6fc193a52694e3f54754bd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716075
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73204}

TBR=rmcilroy@chromium.org,jkummerow@chromium.org,leszeks@chromium.org

Bug: v8:11460
Change-Id: Iecf6b783392a384b40ab33e0f4ce13538a8f81ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737681Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73207}

This is a reland of fe00fbd9

Original change's description:
> [wasm-simd][liftoff] Compile double precision conversions
>
> I missed actually handling these instructions in liftoff-compiler, so
> even though the assembler functions were implemented for all archs, we
> weren't running them.
>
> This properly handles the instructions and a couple of fixes:
>
> - for arm64, typos in using signed instructions for unsigned Wasm ops
> - for arm, handle the case where dst == src, which leads to us
> overwriting src and then reading junk from the overwritten portions to
> convert
>
> Bug: v8:11265
> Change-Id: I7919280bdf395137e95075deb30ed815100df222
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728382
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73178}

Bug: v8:11265
Change-Id: Ib854b526e74710f03e83d5007e3a3f501363ce86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733661Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73206}