utils.h itself is fairly large and contains lots of unrelated functions
as well as having a fair number of dependencies itself, so this splits
bounds checking and bit field operations into their own headers in base
and replaces uses of utils.h with the more appropriate header where
possible. (Also fixes some cases where other headers were previously
brought in transitively).

Bug: v8:9810, v8:8912
Change-Id: I76c53f953848a57e2c5bfad6ce45abcd6d2a4f1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916604Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64983}

This helps reduce the number of false positives encountered by
the dead variable analysis in gcmole.

TBR=jgruber@chromium.org, verwaest@chromium.org, yangguo@chromium.org

Bug: v8:9810
Change-Id: I1a34ccaab340e6abc37832b4ce1a0cabc56fa438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917146
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64981}

Bug: v8:4153, chromium:1024099
Change-Id: Ia7a53c710ad2e2abcfa6fbc4ea1b2229b8690308
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914564
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64969}

This makes sure that the {WasmGraphBuilder} properly detects the
presence of Simd128 loads and store opcodes and triggers then scalar
lowering of the graph on architectures that don't support Simd128.

R=clemensb@chromium.org
TEST=mjsunit/wasm/exceptions-simd
BUG=v8:9973

Change-Id: I118f72135ddc9011efa3f75aaf120bb67e708d8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916605Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64964}

Removes the include/v8.h from utils.h since it doesn't seem to need it.
To make this work, add v8.h to a couple of files that really do need it.

Bug: v8:9810
Change-Id: I9640a0df45cd7192f59d1fd8a722234f0d501a08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916601Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64954}

This is a reland of 837556be

Original change's description:
> [wasm] Improve test coverage of s128 exception handling.
>
> This adds test coverage for the encoding and decoding of s128 values as
> part of an exception package. The encoding within an exception package
> is not specified (and not observable), but the full bit-pattern needs to
> survive an encoding/decoding round trip.
>
> R=clemensb@chromium.org
> TEST=mjsunit/wasm/exceptions-simd
> BUG=v8:8091
>
> Change-Id: I4cf6c1f00c64757512f66d068640a7e772eb0127
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905769
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64932}

Bug: v8:8091,v8:9973
Change-Id: I7daf17a0cbc6904e7130ec4e50b12a829b1b1d34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916203
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64951}

This patch excludes brand symbols from the result of
JSReceiver::GetPrivateEntries so that the brands do not show up
when the instances are inspected from the DevTools (e.g. via
`Runtime.getProperties()`).

To implement this, we use a bit in the Symbols to denote whether
it's a brand symbol. A brand symbol is also a private name
symbol so that we can just reuse the IC for accessing private
names and do not need to jump through extra ORs.

Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit

Bug: v8:8671, v8:9839, v8:8330
Change-Id: I24346aeedce3602395289052d1e1350ae9390354
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909757Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#64899}

... even with ptr-compr.

Although full uintptr-sized TypedArrays are not supported yet
we may already start using uint32-sized typed arrays as we no
longer rely on TypedArray length to be a Smi.

Bug: v8:4153
Change-Id: If179541ad4f02c4ec7de9d1f3836138fe526d8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905847
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64897}

There already exists a optional boolean flag 'replMode' for the
'Runtime.evaluate' command. This CL ferries the flag from the inspector
to DebugEvaluate::Global.

The existing DebugEvaluate::GlobalREPL is removed in favor of a
the REPLMOde enum to reduce code duplication.

Bug: chromium:1018158
Change-Id: Iafb43a3015b6876a02ac0db6cdfcac2cfa388862
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881149
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64801}

... in an uintptr friendly way.

Drive-by-fix:
1) IsForceSlowPath() check is integrated into Cast<FastJSArray>
2) disable tests incompatible with --force-slow-path in "slow_path" variant

Bug: v8:8906, v8:4153
Change-Id: I427f117073bc295120aa52fb3fe023ee04d58302
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899988
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64799}

Design doc: bit.ly/v8-repl-mode

This CL adds a new REPL mode that can be used via
DebugEvaluate::GlobalREPL. REPL mode only implements re-declaration
of 'let' bindings at the moment. Example:

REPL Input 1: let x = 21;
REPL Input 2: let x = 42;

This would normally throw a SyntaxError, but works in REPL mode.

The implementation is done by:
  - Setting a 'repl mode' bit on {Script}, {ScopeInfo}, {ParseInfo}
    and script {Scope}.
  - Each global let declaration still gets a slot reserved in the
    respective {ScriptContext}.
  - When a new REPL mode {ScriptContext} is created, name clashes
    for let bindings are not reported as errors.
  - Declarations, loads and stores for global let in REPL mode are
    now "load/store global" instead of accessing their respective
    context slot directly. This causes a lookup in the ScriptContextTable
    where the found slot for each name is guaranteed to be the same
    (the first one).

Bug: chromium:1004193, chromium:1018158
Change-Id: Ia6ab526b9f696400dbb8bfb611a4d43606119a47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876061
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64793}

Bug: v8:7864
Change-Id: Iaeca4ab9d098edc73b2191dc260dd37a6114f3bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893732
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64760}

This reverts commit b8ac4eb4.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1020533

Original change's description:
> [runtime] Correctly handle global stores when global object has proxies
> 
> When global object has proxies we should first call hasProperty and
> then call SetProperty if has property returns true. This cl fixes both
> StoreGlobal and StoreLookupGlobal to correctly handle these cases.
> 
> Bug: chromium:1018871
> Change-Id: I140514e2119c6bab2125abcdc1b19d46526be5ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889885
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64687}

TBR=mythria@chromium.org,verwaest@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1018871
Change-Id: I5abbf9275cba17576e1b1e492abd36d6bc1ca1bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893194Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64714}

A window is a Blink concept. This API marks the context as backing
a detached window. This doesn't necessarily mean that the context is
detached.

Every time a JS function is called within a context that has a non-zero
DetachedWindowReason, Runtime::kReportDetachedWindowAccess is invoked,
which will report this call to Blink via a callback, which in turn can
report number of such calls via UKM metrics.

Bug: chromium:1018156
Change-Id: I67c89fef459f4efcb912229eed8a4f3ea3b60f54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862829
Auto-Submit: Bartek Nowierski <bartekn@chromium.org>
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64707}

When global object has proxies we should first call hasProperty and
then call SetProperty if has property returns true. This cl fixes both
StoreGlobal and StoreLookupGlobal to correctly handle these cases.

Bug: chromium:1018871
Change-Id: I140514e2119c6bab2125abcdc1b19d46526be5ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889885
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64687}

With lazy feedback allocation we always miss to runtime for LdaGlobal till
the feedback vector is allocated. This cl adds and uses a new builtin to
handle some of the common cases in builtins instead of missing to runtime.

Bug: chromium:988402
Change-Id: I5fe0a157234007d8771501df9f2a5ea3a9116862
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1841354
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64671}

Change-Id: I2a1ad1835b751237b350e56d64e3475459bfb7a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873715
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64636}

This is a reland of 4a16305b

The original CL adjust only one part of the stack check, namely the
comparison of the stack pointer against the stack limit in generated code.
There is a second part: Runtime::kStackGuard repeats this check to
distinguish between a stack overflow and an interrupt request.

This second part in runtime must apply the offset just like in generated
code. It is implemented in this reland by the StackCheckOffset operator
and a new StackGuardWithGap runtime function.

Original change's description:
> [compiler] Optionally apply an offset to stack checks
>
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
>
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
>
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
>
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
>
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}

Bug: v8:9534, chromium:1000887
Change-Id: I71771c281afd7d57c09aa48ea1b182d01e6dee2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822037Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64634}

The `capture_ix` refers to all captures while `capture_count` only
refers to named captures. Clarified by renaming `capture_count` to
`named_capture_count` and removing the incorrect part of the DCHECK.

The `>= 1` part of the condition must still hold since named captures
can only refer to explicit capture groups, which start at index 1.

Tbr: petermarshall@chromium.org
Bug: chromium:1018592
Change-Id: If8a26f6661ba0483d585f74270b3b4a3853e2ca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886810Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64629}

When inlined allocations are disabled, the space->limit() does not point to the
end of the current page. Instead, it points to the current allocation pointer so
is the same as space->top().

See how the limit is computed, if heap()->inline_allocation_disabled(), then the
limit will be the same as the requested allocation area:

```
Address SpaceWithLinearArea::ComputeLimit(Address start, Address end,
                                          size_t min_size) {
  DCHECK_GE(end - start, min_size);

  if (heap()->inline_allocation_disabled()) {
    // Fit the requested area exactly.
    return start + min_size;
  } else if (SupportsInlineAllocation() && AllocationObserversActive()) {
    // ...
  } else {
    // The entire node can be used as the linear allocation area.
    return end;
  }
}
```

If we want to simulate filling up a whole page in the new space, we can instead
look at the ToSpace's page_high() which will be the end of the current page in
which we're allocating.

Bug: v8:9906
Change-Id: I81113d151bc083cd22d17ea1a4fbae7fef9dff6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886914Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#64612}

When global object has proxies we should first call hasProperty and
then call GetProperty according to spec. This cl fixes both
LoadGlobal and LoadLookupGlobal to correctly handle these cases.

Also fixes tests that didn't expect hasProperty to be called.

Change-Id: I3a45df7ae24be74dd46cf04cafbf8c2d7018b3af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876059
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64580}

This makes sure that functions constructed via {WebAssembly.Function}
can be properly stored in globals of type "funcref". For now it is not
possible to call functions in such globals, but values can be loaded and
stored.

R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection-with-anyref
BUG=v8:7742

Change-Id: I88ad1b5a57fd50e28723430803c528e674a94321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876815Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64539}

Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}

TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org

Bug: v8:9744
Change-Id: I8700ed2fa62c89e86c39bb16ac3167f38ea8d63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873695
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64477}

This CL removes the V8_EMBEDDED_BUILTINS define,
FLAG_embedded_builtins, and all code for supporting
non-embedded-builtin builds.

Bug: v8:6666,v8:8519
Change-Id: I2ad7bd6614c7cd404b83d3d2bf5ff91d7b55ff2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866569
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64461}

This reverts commit 392a1217.

Reason for revert: Several failures on mac64 gc stress: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/9747

Original change's description:
> Reland "Reland "[runtime] Remove extension slots from context objects""
> 
> This is a reland of c48096d4
> 
> Original change's description:
> > Reland "[runtime] Remove extension slots from context objects"
> >
> > This is a reland of c07c02e1
> >
> > Original change's description:
> > > [runtime] Remove extension slots from context objects
> > >
> > > Context objects have an extension slot, which contains further
> > > additional data that depends on the type of the context.
> > >
> > > This CL removes the extension slot from contexts that don't need
> > > them, hence reducing memory.
> > >
> > > The following contexts will still have an extension slot: native,
> > > module, await, block and with contexts. See objects/contexts.h for
> > > what the slot is used for.
> > > The following contexts will not have an extension slot anymore (they
> > > were not used before): script, catch and builtin contexts.
> > > Eval and function contexts only have the extension slot if they
> > > contain a sloppy eval.
> > >
> > > Bug: v8:9744
> > > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > > Cr-Commit-Position: refs/heads/master@{#64372}
> >
> > TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
> >
> > Bug: v8:9744
> > Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64380}
> 
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
> 
> Bug: v8:9744
> Change-Id: I621ffe98722f8c4defaf277b8d1666484ba2963f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872400
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64451}

TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com

Change-Id: I99a71180c6a00a87478867a8210ff9ceb46cb3ee
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872405Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64453}

This is a reland of c48096d4

Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
>
> This is a reland of c07c02e1
>
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
>
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
>
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}

TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org

Bug: v8:9744
Change-Id: I621ffe98722f8c4defaf277b8d1666484ba2963f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872400Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64451}

The natives blob was deprecated in V8 7.8. This CL removes all related
functionality, including:

- Build system support, i.e.: generation of natives_blob.bin and the
v8_extra_library_files gn flag.
- Related scripts (js2c.py, concatenate-files.py).
- Related API functions (SetNativesDataBlob,
InitializeExternalStartupData).
- Natives bootstrapping logic.
- The InternalArray type (previously exposed through natives).
- Other natives-exposed builtins.
- Inlining of these builtins.
- The dedicated 'uncached external one byte string' type.

Step 1 landed in https://crrev.com/c/1824944.
Step 2 landed in https://crrev.com/c/1835536.
Step 3 (this CL) removes these all functionality related to natives
support in V8.

Bug: v8:7624
Change-Id: Ice6c2662781efe8417231805276476d32bc5a625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844771
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64446}

This reverts commit c48096d4.

Reason for revert: Flaky bot failures (https://bugs.chromium.org/p/v8/issues/detail?id=9744#c9)

Original change's description:
> Reland "[runtime] Remove extension slots from context objects"
> 
> This is a reland of c07c02e1
> 
> Original change's description:
> > [runtime] Remove extension slots from context objects
> >
> > Context objects have an extension slot, which contains further
> > additional data that depends on the type of the context.
> >
> > This CL removes the extension slot from contexts that don't need
> > them, hence reducing memory.
> >
> > The following contexts will still have an extension slot: native,
> > module, await, block and with contexts. See objects/contexts.h for
> > what the slot is used for.
> > The following contexts will not have an extension slot anymore (they
> > were not used before): script, catch and builtin contexts.
> > Eval and function contexts only have the extension slot if they
> > contain a sloppy eval.
> >
> > Bug: v8:9744
> > Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#64372}
> 
> TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
> 
> Bug: v8:9744
> Change-Id: I0749cc2d8f59940c25841736634a70047116d647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64380}

TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9744
Change-Id: Ia58067b41f1eb5880a52b36ead754d7190ff7f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871922Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64424}

V8 uses a backtracking regexp engine, which has the caveat that some
regexp patterns can have exponential runtime behavior when excessive
backtracking is involved.

Especially when regexp patterns are user-controlled, it would be useful
to be able to set an upper limit for a single regexp execution. This CL
takes an initial step in that direction by adding a backtracking limit
(intended to approximate execution time):

- The limit is stored in the JSRegExp's data array.
- A limit can currently only be set through the %NewRegExpWithLimit
runtime function.
- The limit is applied during interpreter execution. When exceeded, the
interpreter stops execution and returns FAILURE (even if continued
execution would at some later point have resulted in SUCCESS).

In follow-up CLs, this mechanism will be extended to work in jitted
regexp code, and exposed through the V8 API.

Bug: v8:9695
Change-Id: Iadb5c100052f4a63b26f1ec49cf97c6713a66b9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864934
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64417}

This is a reland of c07c02e1

Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}

TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org

Bug: v8:9744
Change-Id: I0749cc2d8f59940c25841736634a70047116d647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64380}

This reverts commit c07c02e1.

Reason for revert: MSAN failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/29251

Original change's description:
> [runtime] Remove extension slots from context objects
> 
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
> 
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
> 
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
> 
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}

TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com

Change-Id: I98dee04ab4d3ae977053982ec884b738d2f6f623
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868611Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64373}

Context objects have an extension slot, which contains further
additional data that depends on the type of the context.

This CL removes the extension slot from contexts that don't need
them, hence reducing memory.

The following contexts will still have an extension slot: native,
module, await, block and with contexts. See objects/contexts.h for
what the slot is used for.
The following contexts will not have an extension slot anymore (they
were not used before): script, catch and builtin contexts.
Eval and function contexts only have the extension slot if they
contain a sloppy eval.

Bug: v8:9744
Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
Commit-Queue: Victor Gomes <victorgomes@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64372}

DefineClass uses the ClassBoilerplate to directly construct the
property descriptor array or dictionary for defining the class
constructor and prototype, skipping use of the LookupIterator and the
encapsulated protector update logic. This patch adds manual calls
to UpdateProtector(), which is in particular relevant for the
isConcatSpreadable protector.

Bug: v8:9837
Change-Id: I7b9d8105d41f5f0f826ca2ce35d6bf3d1aeee6e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863644
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64368}

With the recent removal of the --wasm-shared-code flag, it became
effectively impossible to turn off this flag. Hence its functionality
became mandatory and the ability to turn off sharing of {WasmEngine}
process-wide has to be removed as well.

R=clemensb@chromium.org

Change-Id: I7c25e909e49134a226d6a9fe9c42f0ecd9d02a69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864935
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64322}

for "entries", i.e. indices into the backing store (as opposed to
"public indices" going into the hash function).
This improves consistency and compiler-enforced type safety; no change
in behavior is intended.

Change-Id: I25e57e3ddcf18a406e2dfbd66786b6980c4e9615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852768
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64317}

... for the case we haven't seen any elements on the entire prototype chain.

Contributed by tao.pan@intel.com

Change-Id: Ied7d1a918b545e71d94ab1521bf0d233ea15cfce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848960Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#64261}

This is for consistency and compiler-enforced type safety. No change
in behavior intended.

Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64244}

R=mslekova@chromium.org
BUG=v8:9810

Change-Id: Ia671189b25d4f212887e41a7b2d6a5b028f3c51c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852771Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64233}

This moves the weak list of instances from {WasmModuleObject} to the
corresponding {Script} object. The list is used solely for breakpoints
which are intended to affect all instances belonging to a given script,
hence the new placement of the list is a preparation to fully support
per-script breakpoints.

R=clemensb@chromium.org
BUG=v8:6847,chromium:893069

Change-Id: I52315e0ba1e5e5021f55bf05d8cb0f01bf9f0fbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847359
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64191}

Removes CodeStubAssembler::GotoIfDebugExecutionModeChecksSideEffects and
associated test as well as the PerformSideEffectCheckForObject runtime
function.

Bug: v8:9396
Change-Id: Id7748be8fbf1d633f759fef8751ddca13a21748c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824937Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64130}