Very similar to the recent ArrayPrototypeForEach port, this moves the
Reduce reduction, which previously operated directly on the graph, to
graph assembler.

Nothing too interesting here, but it's becoming clearer that we will
need more flexible Branch (multiple merge values) and If (a `break`
mechanism) handling in the future.

Bug: v8:9972
Change-Id: Ic48c85305ba721a9a43c67f7ad13c60da310487e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934329
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65233}

Reverting https://chromium-review.googlesource.com/c/v8/v8/+/1741660

This fixed one bug but caused a lot of others and on balance I think
reverting it is the lesser evil.

This also fixed generator-relocation.js because
(function*(){}).constructor is the function constructor and we try to
set a breakpoint on line 3.

Bug: chromium:109362, chromium:1028689
Fixes: v8:9721
Change-Id: I1bfe6ec57ce77ea7292df91266311f5c0194947e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940259
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65232}

If V8_SHARED_RO_HEAP is set, then GetSharedMemoryStatistics now reports
the size of RO_SPACE. Additionally size values for RO_SPACE are zeroed
in the per-isolate Heap and Space stats.

Bug: v8:7464
Change-Id: I2d6843c001b55974460d1df034f08d1ed5b0d8da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900459
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65231}

https://chromium-review.googlesource.com/c/v8/v8/+/1937147 removed the
DCHECK in ProcessNamedPropertyAccess but forgot to remove the one in
ProcessKeyedPropertAccess too.

Tbr: mvstanton@chromium.org
Bug: v8:7790, chromium:1029198
Change-Id: Ia313c92969fe7d5e559e34995b39834267e6b3fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940258Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65230}

R=tebbi@chromium.org
BUG=v8:10021

Change-Id: I39052fa22ea90b392a36e7841f8586c19c8ca9cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940156
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65229}

We implement exponential growing of the native allocations by always
growing at least by the old size. This speeds up use cases that grow a
table incrementally (e.g. by 1).

R=mstarzinger@chromium.org
CC=ecmziegler@chromium.org

Bug: v8:10018
Change-Id: I580ecf1ac87f793ff4a34ba45a86ae599eb3e6f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939452Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65228}

Even though they don't generate any code, it breaks some pattern
matching when these nodes are present (e.g comparisons with compressed
heap objects).

Bug: v8:7703
Change-Id: I9670c2b4e85b1635061b16d4b125de9ff51fd403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940153Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65227}

Those fields are incorrect in FreeBSD.
Upstreaming local FreeBSD patches.

Change-Id: I28cf6dbec1d5e4d26e62dd9a0d78d039c3e36cdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906374Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65226}

This removes the aforementioned untyped method and switches all users to
the typed TNode<> version. Those versions now contain proper checks to
compare the static information against the return count and types stored
in the call descriptor.

R=leszeks@chromium.org
BUG=v8:10021

Change-Id: I393ea6211babc100e007fb1678877d36efa7bbf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939753Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65225}

This CL adds a prototype_chain_enum_cache to cache the enumeration of a
prototype and its entire chain on the PrototypeInfo. It can improve for-in
performance via simply merging the receiver enumeration with this cache.

It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook.

Contributed by tao.pan@intel.com

Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65224}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5fafe92..eeb227e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fec12b8..fa0def7

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/34267f8..f31cb80

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/8c512f2..4dca59c

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/4d65f00..05979d8

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Id69c231e8af78181690ec92abeb1159f21e9da70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941369Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65223}

This reverts commit bd9efe1f.

Reason for revert: clusterfuzz
Bug: chromium:1029174

Original change's description:
> [regexp] Stage match indices.
> 
> Bug: v8:9548
> Change-Id: Id6be43433b12733e39db712559715ba30e681059
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1935207
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65218}

TBR=adamk@chromium.org,jgruber@chromium.org,joshualitt@chromium.org

Change-Id: I098385e2dcebc7bfacd91312bcebfdb889b3d0ca
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9548
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941137Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65222}

First this plumbs RuntimeCallStats from the OptimizingCompileDispatcher
down through to PipelineCompilationJob which stashes the
RuntimeCallStats on the PipelineData.

Adds new RCS thread-specific counters: OptimizeAssembleCode and
OptimizeBackgroundAssembleCode which are used in
PipelineImpl::AssembleCode.

Bug: v8:10006
Change-Id: Ieef6d32afddf4b0760e204010b09a85dfec92cf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926030
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65221}

The serializer was missing the opportunity to process calls later
constructed by JSNativeContextSpecialization::InlinePropertySetterCall
and InlinePropertyGetterCall. Added a test to ensure we're not missing
the data anymore.

This drops the "Missing data" warnings when running ARES-6 from 1044
to only 12.

Bug: v8:7790
Change-Id: Ic4b8a4cb2ac3927371b75f22de011b9957502319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937147Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65220}

New revision: 7a44a37f66b58358dd8ab85ccde1998fafa95e53

Upstream review:
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1899564

Previously, we used a wrapper library, v8-inspector-protocol-encoding.h
to inject the string<->number conversion into the cbor parser. This
meant that the unittests, in
third_party/inspector_protocol/crdtp/json_test.cc inadvertently did
not run with the same string<->number conversion code. Thus, we missed
that the production implementation would return INF for out of range
double literals, as opposed to rejecting the incoming JSON.
When switching the library to the build dependency on json_platform_v8.cc
as it's in this change, the test immediately failed which made it
trivial to fix the implementation.

Old implementation:
https://chromium-review.googlesource.com/c/v8/v8/+/1913424/6/src/inspector/v8-inspector-protocol-encoding.cc

New implementation (checks std::isfinite):
https://chromium-review.googlesource.com/c/v8/v8/+/1913424/6/third_party/inspector_protocol/crdtp/json_platform_v8.cc

Change-Id: Ia48fe1f4e359eea47d0ede9ceadea1fd635292e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1913424Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65219}

Bug: v8:9548
Change-Id: Id6be43433b12733e39db712559715ba30e681059
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1935207
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65218}

... in line with VirtualContext and VirtualBoundFunction.

Bug: v8:7790
Change-Id: I454048ab4ddc192780a09017b8b47caf60386098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940247
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65217}

This reverts commit 48c9ca44.

Reason for revert: Possible clusterfuzz issues
Bug: chromium:1028952

Original change's description:
> [names] Fix some test262 name tests to conform with spec changes
>
> In order to reflect web reality, TC39 has made some slight changes to
> name descriptors, see https://github.com/tc39/ecma262/pull/1490 for
> details. V8 was mostly already in compliance with these changes, but
> ThrowTypeError and anonymous classes needed some slight changes.
>
> Bug: v8:9646
> Change-Id: I163238954938f0c005e3adbc61b90498e01436da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1764622
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63373}

TBR=gsathya@chromium.org,joshualitt@chromium.org

Bug: v8:9646
Change-Id: I06dd5527d30052d9c9dfc45a2862be930274aba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939948Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65216}

port edd50ad2 https://crrev.com/c/1924355

Original Commit Message:

  In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
  instead of change nodes for Smi Tagging, when we are using 31 bit
  smis in 64 bit architectures with pointer compression enabled.

  In ChangeIntPtrToSmi we can ignore the truncation as well.

  Updated DecompressionOptimizer to match the new pattern.

Change-Id: I309e6c7ba671499f721149e1ea1c8e153fe3b2ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939028
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65215}

Bug: chromium:1028475
Change-Id: I0101930e01d41b0f29fa28a257e3dc720069faff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936835Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65214}

Adaptation coming from the ports for upstream purposes.

Change-Id: Ia1d0d6dabfd10d5840084bb90814c33ea9fb6aa8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906373Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65213}

This removes the marking worklist draining loop from IncrementalMarking
and makes it use the one of MarkCompactCollector.

Bug: chromium:973627
Change-Id: I226b4b45be7d542a82bba20162ad210dfb419c39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940250
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65212}

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1ef02be..fec12b8

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/341d41b..34267f8

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/b627b3e..8c512f2

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Iebb343ff9117ecf7377b7c4db9073807f44b6779
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939745Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65211}

In order to implement {dlsym} like functionality, toolchains might
generate code that grows the table by one element at a time (e.g.
Emscripten currently does that). To improve performance in such a case,
we over-allocate the backing store of the {WasmTableObject}. Whenever
the backing store grows, it grows at least by the old size of the table.
This ensures exponentially growth, avoiding too many re-allocations.

R=mstarzinger@chromium.org
CC=​ecmziegler@chromium.org

Bug: v8:10018
Change-Id: I502d590a89f7804363938a157b7ed2189283227a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939051Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65210}

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I0b0ab62625b69c3baa88d0b9850f946b901f31d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939456
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65209}

BUG: v8:7463

Change-Id: I75e81aa78ce2cd75ab4e393ffaec614da6e2bf7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939708
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65208}

Bug: chromium:1028669
Change-Id: I3f690508f09a98b6b6b0f3808033fac4fae40700
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940248
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65207}

ObjectRefs either use the serialized data or access the heap depending
on whether broker mode is disabled or not. This cl changes it to use
the mode of the data and accesses heap for UnserializedHeapObject. This
allows us to access heap for some of the objects (ex: readonly object)
instead of serializing them.

This change shouldn't change any behaviour. In a followup cl, we will
mark readonly objects as UnserializedHeapObjects even when broker mode
is serialized.

Bug: v8:9684
Change-Id: I8775e60ed480957b485c39df254827dd69c655a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937148Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65206}

This reverts commit 347092ac.

Not a clean revert, since other changes got baked on top, but rather
a manual removal of LoadLazyICParameters.

Reason for revert: Seems to actually regress bindings perf tests (see
bugs and https://chromeperf.appspot.com/group_report?rev=62539), doesn't
seem to improve performance elsewhere, and increases complexity.

Original change's description:
> [ic] Load name/context lazily in LdaNamedProperty
>
> Introduces LazyLoadICParameters which allow a LazyNode for context and
> name. These aren't used on the fast path, so we want to avoid reading
> them for both performance and register pressure reasons.
>
> Change-Id: Ifb637cf4782ce984feee9af503998e7539beb823
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1686665
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62539}

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:981797
Bug: chromium:982630
Change-Id: I88af764d17afb76d6e64b95a3d1e4aaa1c6c8978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934327
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65205}

Deprecated in 79.

Change-Id: If0e2b95b4b66328858b33a533454a469c80fad63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940147
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65204}

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I24ea5db016039f916a07f7c9361442b00d44a6c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939454
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65203}

Enabling concurrent inlining builds the graph on background thread
reducing the time spent on main thread.

Bug: v8:9684
Change-Id: Iee00aa991ab8e14fad76b0d9c0b0fd9f8d1eecde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937149Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65202}

https://v8.dev/blog/tags/release is the new ChangeLog!

No-Try: true
Bug: v8:10010
Change-Id: I6a0a8a893dfa29607ba2431daeea8ad1b11e2405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940148Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65201}

We want to grow the table entries exponentially, so the entries length
will not reflect the actual size of the table any more. Hence, introduce
another field on {WasmTableObject} to store the actual length.

R=mstarzinger@chromium.org
CC=ecmziegler@chromium.org

Bug: v8:10018
Change-Id: Ie8252f33fddda3ae60dd24bd8db148fd67262226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939050
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65200}

To indicate that the Isolate* in getters might not be a "real" isolate,
but rather a calculated one from GetIsolateForPtrCompr only used for
calculating the isolate root, make that function return a const Isolate*
and change field getters, Object::IsFoo predicates, and related
functions to all take a const Isolate* instead of an Isolate*

With this change, we can slightly more confidently use Objects that are
in OffThreadSpace, without having to worry too much about having an
Isolate* floating around that could accidentally be used.

This is a slight abuse of const semantics, but it allows implicit
conversion from Isolate* arguments to the const Isolate* parameter.

Bug: v8:7703
Bug: chromium:1011762
Change-Id: I54d4a65d2299477195f4d754cabe64ce34fdaa4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939455
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65199}

This was added in 2d889aa9 but all consumers of it have since been
removed.

Bug: v8:10021
Change-Id: I13aa12853e1720b2f919ca8b29737fedb96bc145
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1938462
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65198}

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I2dfffdbcb2052880c57a02f7b67cd7f8a4da706f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939453
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65197}

This enum defined three modes of doing inlining:
kGeneralInlining, kRestrictedInlining, kStressInlining.
kStressInlining was unused. kRestrictedInlining meant
that JSInliningHeuristic::Reduce would return NoChange,
but only after wasting some time inspecting calls. This
is now replaced by simply not installing JSInliningHeuristic
as a reducer when inlining is disabled.

Note: There is still a --stress-inline flag, which sets
(through flag implications) a bunch of parameters that affect
inlining.

Change-Id: I05bafbe3f1f35610d7035a2c71c5ac17bdb80758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1936473
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65196}

Bug: v8:9861
Change-Id: I7bcd8059145cf8be12d59b30745e79f56b896ef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932369
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65195}

All builtins are now guaranteed to be in the embedded blob. Setup of
the builtins entry table can be simplified to directly fetch
instruction starts from the embedded blob.

Additionally, this CL adds a sanity check for the builtin Code
object's builtin_index (to verify the Code object is uncorrupted). The
CHECK can be removed or changed to a DCHECK once the linked bug is
resolved.

Bug: chromium:1020986
Change-Id: I38832790132e284c7fc23251a5dc2eefb8456de6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939048
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65194}