The 2GB cage caused new OOMs on M106. While those issues are being
investigated, this CL returns the 4GB back. The pointer compression is
still enabled.

Bug: chromium:1325007, chromium:1354660
Change-Id: I4fa4fabece2910ca84913d8df201acfbdf4b26e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865004Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82834}

This reverts commit ddafb7a3.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/43620/overview

Original change's description:
> [heap] Verify client heaps during shared GC
>
> With --verify-heap verify all client heaps before and after a shared
> GC. This ensures that the OLD_TO_SHARED remembered set is properly
> filled for each client isolate.
>
> Bug: v8:11708
> Change-Id: I1506a419c7a91c5baa87ce251da9861d8ad9e066
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857559
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82829}

Bug: v8:11708
Change-Id: I421bce59211fe420b0893aaa9d35750ecaf23570
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863282
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82833}

With --verify-heap verify all client heaps before and after a shared
GC. This ensures that the OLD_TO_SHARED remembered set is properly
filled for each client isolate.

Bug: v8:11708
Change-Id: I1506a419c7a91c5baa87ce251da9861d8ad9e066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857559Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82829}

This class is only used for heap verification and doesn't need to be
public.

Bug: v8:11708
Change-Id: I9d1750a6f701ed0d9a106f8d93ab3ff82bbf4f3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862208Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82814}

Methods are now defined in heap-verifier.h in the HeapVerifier class.

Bug: v8:11708
Change-Id: I13e7f1760598f3659ad6aa31082840caf2e44038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857558Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82810}

Add a flag for disabling FastForwardSchedule() during incremental
marking.

This CL disables "schedule fast forwarding" by default to experiment
with this setup for a few days and to see whether this causes
performance regressions.

Bug: v8:12775
Change-Id: Id2c0a62f4b67b3a2379816581800cfb62361b40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865003
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82806}

Bug: v8:13235
Change-Id: Ic6509a74bb808de320734043a42c2da867c150a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858301Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82799}

- Unify AIX and Starboard wrapping code.
- Move all wrapping code into `platform/memory.h`

Change-Id: I42c04dd1e982edff2db7bbfa9eecdbdd67f40714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858226Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82794}

Read of size 2 at 0x7eef001a3666 by main thread (mutexes: write M0):
 0: LoadEncoded
 1: IsMarked<(cppgc::internal::AccessMode)0>
 2: operator()
 3: DrainWorklistWithPredicate
 4: DrainWorklistWithBytesAndTimeDeadline

Previous atomic write of size 2 at 0x7eef001a3666 by thread T8:

 0: __cxx_atomic_compare_exchange_strong<unsigned short>
 1: compare_exchange_strong
 2: TryMarkAtomic
 3: MarkNoPush

Change-Id: I0708516382ea860c877ff76ee02216f6f27c9d04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858239
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82776}

... so that the offset fits into the maximum offset for load byte
instruction for arm/arm64 (Ldrb) in order to produce smaller code.

Update code generation so that the loading of the flag value is
combined with the comparison operation where possible.

Additionally, this CL moves the Isolate::is_profiling flag to the
IsolateData so that it can be loaded directly via roots register which
removes one indirection.

The fields moved in the IsolateData:
 - is_marking_flag and is_minor_marking_flag (checked by write barriers)
 - is_profiling (checked on API callbacks/getter calls)
 - stack_is_iterable (not super hot, checked during deoptimization).

Drive-by: this CL defines the bool fields as uint8_t in order to make
the field size expectations clear.

Bug: v8:11880
Change-Id: I80c292c6ec919861684152b6062225aa0fda2d3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856580Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82771}

This CL only moves method definitions from heap.cc into the new file
heap-verifier.cc. Apart from this code is not changed.

Bug: v8:11708
Change-Id: Ice7e5f12c6370bc05b82b3a7bd15f94292c4235f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856260Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82761}

Currently the ability to create shared isolates is partially exposed to
API. Instead of fully exposing it, this CL makes shared isolate and
shared heap handling transparent to the embedder.

If a flag that requires the shared heap is true (currently
--shared-string-table and --harmony-struct), the first isolate created
in the process will create and attach to a process-wide shared isolate.
Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted.

Bug: v8:12547
Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82756}

This CL fixes a data race that was found using TSAN.

Bug: v8:13012
Change-Id: Ic29620edce116effea097a9f1d58532ba93b2224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857424Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82738}

- Move StringForwardingTable implementation to own compilation unit.
- Refactoring preparing for layout change (Introduce explicit record
  class to make transition from contiguous Tagged_t fields to a
  heterogeneous record layout easier).
- Replace RootVisitor pattern for transitioning/cleanup during GC with
  callback.
- Minor cleanups.

Bug: v8:12957
Change-Id: Iae343393f470130eac0c54148a1303b67fb95aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845635Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82730}

ThinStrings are not transitioned to other string representations, so we
shouldn't need the snapshotting protocol for them.

Change-Id: I17cee1a4171b10c441a005ac29bd232a0a065207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852489Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82727}

Resident set size may be smaller than the recorded size in
StatsCollector due to discarded memory.

Change-Id: I7e052fc4412afc64dc1ed5be6ed7dc9271e6f9d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855204
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82709}

This CL adds a soft limit (via AllocationObserver) to run
incremental marking for MinorMC.

Once the soft limit is triggered, roots are marked.
This a stepping stone for concurrent marking
(YoungGenerationConcurrentMarkingVisitor, go/YGCMV) integration.

Bug: v8:13012
Change-Id: I5bc9aeb80511159561845deb494023ade3fb7365
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824339Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82695}

Objects in the from page could be promoted into the shared heap as
well. While this shouldn't happen for references into evacuation
candidates, I think it's easier to understand when there is a single
conditional branch at the end.

Bug: v8:13227, v8:11708
Change-Id: I999f10228ed5fdd70675a6d9c1e178eb152f39f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854502Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82694}

This is a reland of commit 2115ba50.

Adds flags to allow overriding marking support. This adds
compatibility with EmbedderHeapTracer which allows for disabling
incremental marking support with `--no-incremental-marking-wrappers`.

The corresponding CppHeap flags are
* `--cppheap-incremental-marking`
* `--cppheap-concurrent-marking`

This allows embedders that use types that do not support incremental
and concurrent marking to switch from EmbedderHeapTracer to CppHeap.

Bug: v8:13207
Change-Id: I43a47d7d035bff5d4b437c5bf01336a895b61217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3851543Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82693}

The StructProxy::Create() used the static type information to inspect
the value. However, for abstract references like anyref, dataref, ...
this does not contain the required struct_index.
To fix this the WasmTypeInfo stores the type_index for structs and
arrays.

Bug: v8:7748
Change-Id: I6e1af054711ada5e12c08949c125007e8185e486
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850296
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82691}

Users should rely on CppHeap which is the only supported way of using
v8::TracedReference in going forward.

Bug: v8:13207
Change-Id: Idd03f458167c74b06f285bb568e5c77ad46003fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849037Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82681}

This CL introduces new FixedArray subclasses that behave like
fixed-sized arrays of integers. Under the hood, these are just
ByteArrays with integer element accessors.

These new classes will be used in follow-up CLs which moves various
integer arrays from the native heap onto the V8 heap.

Bug: chromium:1335046
Change-Id: Ie7497b4464c1a037e4eaf49e8bf7ac4da62512de
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838775Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82678}

No-Try: true
Change-Id: Ica1a6a3d432392df8acee9acf7fc460d71ba8b10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3851542Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82673}

This reverts commit 2115ba50.

Reason for revert: Breaking Blink tests.

Original change's description:
> [cppgc-js] Allow overriding marking support
>
> Adds flags to allow overriding marking support. This adds
> compatibility with EmbedderHeapTracer which allows for disabling
> incremental marking support with `--no-incremental-marking-wrappers`.
>
> The corresponding CppHeap flags are
> * `--cppheap-incremental-marking`
> * `--cppheap-concurrent-marking`
>
> This allows embedders that use types that do not support incremental
> and concurrent marking to switch from EmbedderHeapTracer to CppHeap.
>
> Bug: v8:13207
> Change-Id: I74bdf8ef4be3f6aed8d4d587ea4399546ba2fda4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840939
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82652}

Bug: v8:13207
Change-Id: I9e0de0cacfab8489902fef1c371e36c2d45b80ec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850723
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82671}

... when the code range is created. This key should be more helpful
than the existing kCodeSpaceFirstPageAddress crash key, especially
for the cases when snapshot does not contain Code objects and thus
the code space is not created during Isolate initialization.

The mid-term plan is to remove the latter in favour of the former
since the default configuration does not imply creation of the code
space.

Bug: v8:11880
Change-Id: Icdea38723c7ed73605c2df6589ec01193571d55c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849038Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82667}

IsRunning() and IsMarking() are now equivalent. So IsRunning() can be
removed in favor of IsMarking().

IsComplete() is also renamed to IsMarkingComplete().

Bug: v8:12775
Change-Id: Ife88be4d674af055590ba5178ec1e410f8fa89d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849833Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82665}

Delayed tasks were never used, so remove support for it. The only
supported task type is therefore "normal", immediately scheduled tasks.

Bug: v8:12775
Change-Id: Ifd659deae2b98f424d889e4253f79d9b031a82d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849831Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82659}

This CL adjusts MarkingBarrier for MinorMC incremental marking.
The MarkingBarrier will be activated in a follow-up CL that schedules
MinorMC on a soft limit.

Bug: v8:13012
Change-Id: I525f6f158c2d55074d66f51925a1d8220cd4e9b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3787874
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82655}

This is a reland of commit c3a5c5b1

The previous CL was writing into the wrong sets when invoking
CollectSlots<OLD_TO_SHARED>(). Also move the NULL checks out of
that condition to also check this for chunks in the young generation.

Original change's description:
> [heap] Ensure all old-to-shared slots are recorded
>
> This CL adds verification of the old-to-shared remembered set to
> --verify-heap. During shared GCs client heaps will be scanned for
> references into the shared heap, this CL will CHECK that every found
> slot is contained in the old-to-shared remembered set. After this
> gets a bit more stable, the full heap iteration can be dropped and we
> can fully rely on the remembered set instead.
>
> Bug: v8:11708
> Change-Id: I0b5c4edfe3271306e4e7af7394472534113e1953
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792605
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82578}

Bug: v8:11708
Change-Id: I24b7787977f06708efb7a017dd1ec72f78d0ea13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841570Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82653}

Adds flags to allow overriding marking support. This adds
compatibility with EmbedderHeapTracer which allows for disabling
incremental marking support with `--no-incremental-marking-wrappers`.

The corresponding CppHeap flags are
* `--cppheap-incremental-marking`
* `--cppheap-concurrent-marking`

This allows embedders that use types that do not support incremental
and concurrent marking to switch from EmbedderHeapTracer to CppHeap.

Bug: v8:13207
Change-Id: I74bdf8ef4be3f6aed8d4d587ea4399546ba2fda4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840939Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82652}

Publish all local worklists and don't ignore the one corresponding to
the current context.

Bug: chromium:1355679
Change-Id: I1944acd6258178d509610d3806c5aca047bbbbf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849651
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82651}

- Swap() was not necessary as all uses merely required Merge()
- Remove unused empty Local ctor
- Use refrence for backref as it's always supposed to be non-null

Bug: v8:13193
Change-Id: Ide0a0de15185a67d028890371ae30528fd55a058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846863Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82648}

FastForwardSchedule() was the only operation left which need the
StepResult. However, we can also invoke that method from
AdvanceOnAllocation(). That way we can remove all uses of StepResult.

Bug: v8:12775
Change-Id: If91d76906f0f75342abce1456ea7d4a6fe089bee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843142
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82639}

Per-context mode marking segregates worklists per context. Upon doing
so, Worklist::Local's move ctor was invoked which cleared the back
pointer to worklist. This break switching to that context which
happens in rare secnarios.

Rework Local marking worklists avoiding the move ctor which is also
removed.

Bug: chromium:1355545
Change-Id: If0e8c7f08df564b2a1e27e4a3fc5a6a40e46ee46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845630
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82636}

The generational barrier isn't supported on the background thread at the
moment. Make sure it isn't used on such threads by accident.

Bug: v8:13203
Change-Id: I5577f3802c1aba246955519c8c778fa741d56d96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840300
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82635}

The concurrent marker needs an override for JSObject subclasses with
their own visitor id and body descriptor. Implement the missing
VisitJSSynchronizationPrimitive.

Bug: v8:13214
Change-Id: Ie4f64e2b4e9b211f9661da75bf8d2d012f8d16ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846320Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82634}

Namely:
 - AccessorInfo::getter and AccessorInfo::js_getter,
 - CallHandlerInfo::callback and CallHandlerInfo::js_callback.

The redirected/non-redirected callback distinction is required only
for simulated builds but we wasted memory also for all native builds.

Now we store these fields in "redirected" form which allows us to call
them directly from builtins or generated code. In case it's necessary
to call a callback from C++ code the C function address is read from
the redirection. This additional indirection makes the callback calls
from C++ code in simulated builds slower but saves memory for native
builds.

This CL should recover a part of memory regression caused by inlining
Foreign fields into AccessorInfo and CallHandlerInfo.

Bug: v8:12949, chromium:1336105, chromium:1335930
Change-Id: I38470ed21ee23b281247c11a9531542c7e4acca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835686Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82631}

We used to treat Heap::ReportExternalMemoryPressure just like
allocation observer marking steps. Which means that we advance
incremental marking but never finalize here immediately. This is
now problematic without a separate COMPLETE phase when we don't reach
the stack guard because we are stuck in C++ for awhile. In such cases
we might perform way more marking work than we used to.

We can fix this by finalizing marking immediately at this point when
the stack guard was already armed. Otherwise we prefer to finalize
marking in a task where we don't have a stack at all.

For this we add a new method
IncrementalMarking::AdvanceAndFinalizeIfNecessary. AdvanceFromTask
is renamed to AdvanceAndFinalizeIfComplete to make the difference
between those methods more clear.

Bug: v8:12775, chromium:1354911
Change-Id: If57bedb1a5f87923ccb8ad3fe2b60952e3843975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845082
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82626}

This is a reland of commit 9b0d5cb1

The newly added check does not allow comparisons with stale or
invalid pointers because attempt to access the page header might
crash.

Original change's description:
> [ext-code-space] Fix Code vs non-Code comparisons
>
> When external code space is enabled comparing Code and non-Code objects
> by looking at compressed values is not always correct. Such an approach
> works only for comparing Code vs Code objects or non-Code vs non-Code
> objects.
>
> This CL instroduces SLOW_DCHECK into Object comparison operators to
> ensure that such a comparison is allowed. Also, this CL instroduces
> an Object::SafeEquals() method which compares uncompressed values
> and thus is safe to be used for comparing Code with non-Code objects.
>
> Bug: v8:11880
> Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82611}

Bug: v8:11880
Change-Id: Iab3c8fe49cb954b2dc9171b3fc4b189e84763e73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842932Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82624}

This reverts commit 9b0d5cb1.

Reason for revert: Seems to fail on gc-stress bots (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/43472/overview)

Original change's description:
> [ext-code-space] Fix Code vs non-Code comparisons
>
> When external code space is enabled comparing Code and non-Code objects
> by looking at compressed values is not always correct. Such an approach
> works only for comparing Code vs Code objects or non-Code vs non-Code
> objects.
>
> This CL instroduces SLOW_DCHECK into Object comparison operators to
> ensure that such a comparison is allowed. Also, this CL instroduces
> an Object::SafeEquals() method which compares uncompressed values
> and thus is safe to be used for comparing Code with non-Code objects.
>
> Bug: v8:11880
> Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82611}

Bug: v8:11880
Change-Id: Ie34af0135625eff2975f78f4d2901a76b8517eb7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842930
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82616}