This is a mostly mechanical change that updates the JSTypedArray::length
field to have uintptr_t storage. It doesn't change the allowed ranges
for this field yet, that will be done separately later on.

Bug: v8:4153, v8:7881
Change-Id: Ia4b6f5455bd97b82a4b980d77bda0b09cfa845f5
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607647
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61485}

When using the fast-properties optimization for `delete` with constant
fields we don't properly invalidate the constness on the original map
and might thereby just follow the same transition again later with the
same object, effectively violating the constness of that field. This
disables the fast-properties optimization for `delete` in case of a
field marked as "const" as a quick-fix. We might still want to change
the logic to properly invalidate the "const" bit later.

Bug: chromium:962588, v8:9233
Change-Id: I1d0a8649d117731a0cd5ebdb4b6d0b22a900f33d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609796Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61484}

The missing check that runtime function parameters have to be tagged
lead to a bug: https://chromium-review.googlesource.com/c/v8/v8/+/1604071

drive-by-fix: Remove obsolete verbose mode. It hasn't been maintained
since the very early Torque versions, and the remaining printf's are
rather useless.

Bug: v8:7793
Change-Id: I59adf4c6c5d92a8838cdc638afb2ab7a41550b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609910
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61483}

This is a reland of 2c0b1f6e

This fixes two bugs:
- Unreachable might have value uses even after being connected
to Throw, so the solution is to just not replace them with the Dead node
anymore.
- We didn't trigger initial visitation of the new Throw node.
  Re-visiting the changed End node takes care of this.


Original change's description:
> [turbofan] re-wire Unreachable to the graph end at EffectPhi's
>
> This avoids the EffectControlLinearizer stumbling upon unreachable
> code.
>
> Bug: chromium:958718
> Change-Id: I135c17813741e48e878a4624370eee1e06081031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605737
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61434}

Bug: chromium:958718 chromium:962475 chromium:962474
Change-Id: I388a59912e6260a221cccc76102e0c4b00bff93e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609791Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61482}

When receiver is null or undefined we should not look into key. Calling
ToName on key is observable. This cl fixes the GenericKeyedLoadIC to
miss into runtime when the receiver is null or undefined.

Bug: v8:8394
Change-Id: Iaed07cd1b77b63e550284108777e165141af57a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605948Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61481}

Bug: v8:7581
Change-Id: I7ec9a7dbfb57cd6b5d985a7dc664ca3c0965969c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605726Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61480}

and replace it with forward declarations of all occuring classes.

R=tebbi@chromium.org

Bug: v8:7793
Change-Id: I337b069ef10d52e7e42332c977284b4d2ae8fafb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609836Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61479}

test-sampler-api.cc calls {Simulator::get_pc} and
{Simulator::get_register}, hence these methods need to be exported.

R=ahaas@chromium.org

Change-Id: I5ba48d877f7101d1e8527c8138fa2e930ba686ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611678Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61478}

We landed two mitigations for the bug, and crash data shows that it is
indeed fixed. It is still not clear whether this is a compiler bug,
wrong use of inline assembly, or LTO. The original fix to move the call
to {FlushInstructionCache} should not be needed any more though.
This CL thus reverts https://crrev.com/c/1571619 and uses V8_NOINLINE
instead of the noinline attribute.
If this reintroduces any crashes, please revert. We are far enough away
from the branch to detect this on canary without too much trouble.

R=jkummerow@chromium.org

Bug: chromium:952759
Change-Id: I76f9850d8d6a8af0926b88e961f89df41b662ae7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611677Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61477}

... in order to make it optimizable for enabled pointer compression.

Bug: v8:9183
Change-Id: I8b92e48cc43dcc823eefb5a8a4a29de7a8ba0e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609545
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61476}

When looking up toJSON function presence on the BigInt prototype,
we must pass the original primitive value as the receiver to any
getter calls. Thanks to the magic of the LookupIterator, this is
actually easier than the alternative.

Bug: v8:9048
Change-Id: I72e144dbfa2862df479fd4deee40acd5dd468243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611538Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61475}

Introduce FastJSArrayForRead to include sealed, frozen elements kind objects and apply for related builtins

In micro-benchmark, it shows ~10x improvement.
Before:
ArrayIndexOf
ArrayIndexOf-Numbers(Score): 0.0780
ArrayIncludes
ArrayIncludes-Numbers(Score): 0.0773
After:
ArrayIndexOf
ArrayIndexOf-Numbers(Score): 0.621
ArrayIncludes
ArrayIncludes-Numbers(Score): 0.608


Bug: v8:6831
Change-Id: Ic79c0ba7e85c40625ecb42faed16816fa066b1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1604322Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61474}

After introducing explicit compress and decompress nodes for each load
and store we are left with many nodes that are redundant.

This CL aims to eliminate redundant decompressions and compressions in the
"direct decompression & compression" category.

Also added tests to test the new reducer.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I93e024d13af34d484086b7983f379265d16ac154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602702Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61473}

R=jarin@google.com, tebbi@google.com

Change-Id: I23b92df275ce294d62c906a0b94dcb9b15f6be39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609803
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61472}

v8_Default_embedded_blob_size from the generated file gen/embedded.S
Before: 4984544
 After: 4979200

This gives a 0.1% size decrease to the embedded builtins.

Change-Id: Ie21c4360bd520380c779fc417185a1e4049c60ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601253Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61471}

Use the GeneratedCode construct in the EmbeddedObj test to ensure
clang with cfi support is happy.

Bug: v8:7703
Change-Id: Ib80add62127049ee5a763c6a4320add11682395d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611537Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61470}

Change-Id: Idaa8776eea68fd264785c06355842daa6bfa30e0
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585849
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61469}

This work-around got lost in the recent refactorings.

Bug: v8:8193
Change-Id: I81d22e0702666d1d8ef954cd3d074e22c89378cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609806
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61468}

Previously we would attribute some frames of inline stacks to the wrong
line number.

For inlined frames, the source position table contains the line number
of the most-inlined frame (innermost). It's quite possible that this
function is within another script though, in which case the line number
will be wrong. Fix that here by taking the script from the
InliningStack, rather than assuming it is the same script as the
original code entry.

Bug: v8:7203, chromium:953309
Change-Id: Ia8795dbdd97d2f24f4bc685565d1e3a94e6067b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1403114
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61467}

Previously, processing second pass callbacks could have been called
recursively, and depending on the source of the GC, either with the
ability to call into JS or not.

Make the behaviour consistent by a) no iterating over the second pass
callback list when we are already doing so and b) explicitly allowing
JS execution.

Refs: https://github.com/nodejs/node/issues/27577
Change-Id: Ia13f775b323df4e49e28429ca88cf7d3a77883e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607762
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61466}

For keyed stores to JSArrays we can generally allow the receiver to grow
to the necessary size by bumping the magical length property. This works
for regular Arrays, but not in the case the prototype chain contains a
TypedArray, as that is going to swallow all stores that are considered
out-of-bounds for it.

We don't wanna deal with that kind of complexity in the IC handlers, so
we just refuse to handle that case (also giving TurboFan the signal that
it shouldn't attempt to handle growing stores in that case).

Bug: chromium:960134, chromium:961709
Change-Id: Ia886de590c32ae51ed4ebe38fc237ed975a635aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609790Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61465}

This is a preparation for doing a similar change to JSTypedArrays to
be able to finally access huge ArrayBuffers with TypedArrays. This CL
itself improves the performance of DataViews, sometimes to be even
faster than TypedArrays now. On the test case[1] we go from

  testDataViewGetUint8: 711 ms.
  testUint8Array: 654 ms.
  testDataViewGetUint16: 801 ms.
  testUint16Array: 649 ms.
  testDataViewGetInt32: 699 ms.
  testInt32Array: 648 ms.
  testDataViewGetFloat64: 701 ms.
  testFloat64Array: 650 ms.

to

  testDataViewGetUint8: 622 ms.
  testUint8Array: 656 ms.
  testDataViewGetUint16: 634 ms.
  testUint16Array: 656 ms.
  testDataViewGetInt32: 629 ms.
  testInt32Array: 655 ms.
  testDataViewGetFloat64: 631 ms.
  testFloat64Array: 661 ms.

so the performance improves by up to **20%**.

[1] https://github.com/bmeurer/js-micro-benchmarks/blob/master/bench-dataview.js

Tbr: ulan@chromium.org
Bug: chromium:225811, v8:4153, v8:8383
Change-Id: Ie4409e2fe96e5085ddcf5eb3f24f3cacfb3afe02
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601144
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61464}

Instead of using sequential search for each string type,
this CL partition the search space into two groups.

In arm64, observed about 10% speedup in the benchmark posted in bug7326.

Bug: v8:7326
Change-Id: I42d4580eddf7bde7b9eb2225b08c8e26989f14e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605355Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61463}

The language server needs Torque compilation artifacts like
declarables for more advanced features. This CL moves the GlobalContext
into the LanguageServerData class when Torque compilation finishes, to
preserve all the compiler data.

Additionally, all declarables are split up by source id. This makes
providing all symbols of a file easier.

R=tebbi@chromium.org

Bug: v8:8880
Change-Id: I424d1ddc04fcd18934f76a736900bc5d08261c07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601132
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61462}

Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/5f240d1..022589c

[test] More tests for overlong LEB128 (#1016) (Wanming Lin)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/022589c

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4744f72e2daa93a8c4383403e6a77f584afdd028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611338Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61461}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0fdfe63..ebde73c

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/d5c58b8..1f329a6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ff39537..95764ff

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cd862e3..6a9b00e

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/3a162e7..e3d32ff

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ia7c4da169e2a200d09e7d8432e81216369af8532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611337Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61460}

Added null check when printing the brand with --print-ast.

Bug: chromium:961507, chromium:961508

Original change's description:
> [class] implement private method declarations
>
> This patch implements the declarations of private methods, the access
> of private methods would be left to a future patch.
> When a private methods declaration is encountered, we now:
>
> - Create a brand symbol during class evaluation and store it in the
>   context.
> - Create the closures for the private methods
> - Load the brand from the context and store it in the instance in the
>   constructor.
>
> Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#
>
> Bug: v8:8330
> Change-Id: I2d695cbdc8a7367ddc7620d627b318f779d36150
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568708
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61387}

Change-Id: I3bf465f70c27914c9ec19f3f59ae018b28c9a866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605521
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61459}

This reverts commit a0fc5d72.

Reason for revert: This now breaks other bot *shrug*.

Original change's description:
> Revert "[torque] Add ClassFlag(s) enum"
> 
> This reverts commit 5343d789.
> 
> Reason for revert: breaks roll: https://chromium-review.googlesource.com/c/chromium/src/+/1610023
> 
> Original change's description:
> > [torque] Add ClassFlag(s) enum
> > 
> > This removes the need for passing ever more boolean flags
> > to the class constructor.
> > 
> > Change-Id: I0271e1b96585252183dcf070eb440ebdaf2a270f
> > Bug: v8:7793
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607760
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#61444}
> 
> TBR=danno@chromium.org,sigurds@chromium.org,tebbi@chromium.org
> 
> Change-Id: I38566d8f4203f9cf1e759a3e915cafa86460e6e4
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7793
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609807
> Reviewed-by: Michael Hablich <hablich@chromium.org>
> Commit-Queue: Michael Hablich <hablich@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61456}

TBR=danno@chromium.org,sigurds@chromium.org,hablich@chromium.org,tebbi@chromium.org

Change-Id: I9edb9a95cd30b6f4c9fd7502eb3a1124e3e8d977
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609808Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61458}

Bug: v8:9093, chromium:959824
Change-Id: I4c22149044d82d909454ec563203a0a2690e2251
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609797
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61457}

This reverts commit 5343d789.

Reason for revert: breaks roll: https://chromium-review.googlesource.com/c/chromium/src/+/1610023

Original change's description:
> [torque] Add ClassFlag(s) enum
> 
> This removes the need for passing ever more boolean flags
> to the class constructor.
> 
> Change-Id: I0271e1b96585252183dcf070eb440ebdaf2a270f
> Bug: v8:7793
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607760
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Daniel Clifford <danno@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61444}

TBR=danno@chromium.org,sigurds@chromium.org,tebbi@chromium.org

Change-Id: I38566d8f4203f9cf1e759a3e915cafa86460e6e4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609807Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61456}

Bug: v8:9241
Change-Id: I0e2b73e3f98b1863e790a7d28a716fe9e3478103
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610437Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61455}

This increases the kInstructionSize to give the nosnap Isolate
more space to initialize itself.

This is a reland of 29809611

Original change's description:
> [heap] Add tests to CodeBuilder Build and TryBuild
>
> Bug: chromium:957934
> Change-Id: Ia1ce5f6150b7f862b38f4c135236b154a1b02d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594564
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#61391}

Bug: chromium:957934
Change-Id: Ib7458f7c18063dbc8bc685ddbb9f22f781c52aa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609477
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61454}

It's no longer needed.

Bug: chromium:947060
Change-Id: Id06b691fa99572f7a763176a21705c5afa7ab2d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609957
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61453}

TBR=tebbi@chromium.org

Bug: v8:9239
Change-Id: I9634001a4b6a46680175b9dd04075a313788514c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609544Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61452}

Fixed by 6644f2b8
(https://chromium-review.googlesource.com/c/v8/v8/+/1605728)

This is a reland of 652e32f9

Original change's description:
> [heap] Make trampoline CodeDataContainers immutable and deduplicate them
>
> Moves all trampoline CodeDataContainers to read-only space, making them
> immutable. Containers with no 'kind specific flags' set or 'promise
> rejection' flag are deduplicated by replacing them with the new canonical
> CodeDataContainers roots.
>
> This saves around 36KB from the snapshot.
>
>     RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> old    32048          0     225944      149280      20240         0
> new    32120          0     189344      149280      20240         0
>
> Bug: v8:7464
> Change-Id: Iedd538a86311ef501cd88c90ec75e1308195762f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601257
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61378}

Bug: v8:7464
Change-Id: Ib98577d7d6c8c1205c94bf8c57d9cb38f51fdad3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609539
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61451}

{CommitPageSize()} can be smaller than {AllocatePageSize()} (on win64,
it's 4kb vs 64kb), thus use the commit size where appropriate.

R=titzer@chromium.org

Change-Id: Ic9a009158d788aa0c53e15790ea089f01ade0d0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605940Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61450}

If the gc foreground task is running, we don't expect any wasm code to
be live on the stack.
This CL adds a SLOW_DCHECK for this assumption.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I0c221f6acaebd8c622d0f55ff85f69105482942f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609541Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61449}

Bug: v8:8394
Change-Id: I593393f30eaa6e87cef52d8b8883010e229cb12a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609540
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61448}

Bug: v8:8394
Change-Id: If551ad07c5f6d06f70fa7fb32b09886e1a8fdc54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609800
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61447}

TurboFan truncated null to +0 even in contexts such as -0 == null
because it was not handling the TypeCheck correctly. This restricts
the type conversion case to not apply truncation in this case (see
comment in patch).

Change-Id: Ia38ace9608800c8d61988de402a31dd863d9160a
Bug: chromium:961237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609538Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61446}