Bug: v8:12868
Change-Id: I717326b27ce783710ffd141370648dde7e0d74a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695561
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81035}

This configuration allows testing the V8 sandbox by exposing the memory
corruption API (which emulates typical V8 exploit primitives) and
(through a d8 command line flag) enabling the sandbox crash filter which
filters out "harmless" crashes (those that don't break the sandbox's
security guarantees).

Bug: v8:12878
Change-Id: Iad3ee2a8c20b9056766c5c654018b41920fe8703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695581Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81034}

Bug: v8:12868
Change-Id: I13b32086e736490c54b583a514ac3592179adf7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695381
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81033}

The flag is causing build failures in some environments (when it is not
defined) and it is not actually needed since the behaviour of these FDs
across fork/exec isn't defined and this code is only used for testing.

Bug: chromium:1218005
Change-Id: If2bf6835705318079af56d920017accedaf769dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695583
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81032}

This CL introduces a new `status` enum returned by setScriptSource.
We'll use the information in the DevTools frontend to show more
meaningful error messages as well as disambiguate compilation errors
from failed live edits.

Drive-by: Deprecate the sync and async stack traces in the result.
Currently `setScriptSource` is guaranteed to stay paused so there
is no need to send along the same information from the
preceeding `Debugger.paused` event.
In the future we will restart the top-most frame once we allow
the top-most frame to be edited. In that case the inspector
fires Debugger.resumed + Debugger.paused events following the
live edit also making the info returned here superfluous.

R=jarin@chromium.org

Bug: chromium:1334484
Change-Id: I4226491caed72013a00927273c523213d797a766
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691850
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81031}

After flags are frozen, this will not work any more. It's also not
required, as flags cannot be accessed after teardown anyway.
This CL changes that to only release the memory of dynamically allocated
string flags, which is something we still need to do after
write-protecting the flags anyway.

R=tebbi@chromium.org

Bug: v8:12887
Change-Id: Iff0e3845cbd91fb59878b2ed36a44d6df00572f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695379Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81030}

The getters and setters were not using the correct types for the casts
of {valptr_} and {defptr_}. It was mostly fine though, because
{FlagValue<T>} just wraps a {T}, so accessing a {FlagValue<T>*} as a
{T*} just works.

This CL fixes the casts of {valptr_} to use proper {FlagValue<T>*}, and
changes the definition of the default values to use plain {T} instead of
{FlagValue<T>}.

R=tebbi@chromium.org

Bug: v8:12887
Change-Id: I3a38ba466df95a4c7b45e83fbd5d37c9a4785a13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695558Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81029}

Change-Id: I2ab701b6d1da8c0284ff9cc7d9d912feaaed33e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695965
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81028}

The CL does the following:
1) Globalizes CagedHeap for all HeapBases;
2) Adds the global variable representing the cage base;
3) Changes all write-barriers to use this global variable for value/slot
   checks;
4) Removes no longer needed functionality introduced in previous CLs.

Bug: v8:12231
Change-Id: I281a7b0bf67e349c988486fc2d43ec6d703fd292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688050
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81027}

... which required unnecessarily big alignment for the base on Windows.

Drive-by: adapt hint usage in VirtualMemoryCage::InitReservation() for
non-zero kReservedCodeRangePages and hint values provided by
CodeRangeAddressHint::GetAddressHint() which might be the start address
of the previously reserved region which in turn already includes the
kReservedCodeRangePages pages.

Bug: v8:11880, v8:12942
Change-Id: Ieee44ed2bdfc77aa8efaef449221caaae1f0f08f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695382Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81026}

This reverts commit 7787ed20.

Reason for revert: Seems to break the archive bot (https://ci.chromium.org/ui/p/chromium/builders/ci/linux-archive-dbg/b8811978830853167601/overview)

Original change's description:
> Build cctest while building V8
>
> I noticed in a recent build that C++ files from cctest didn't start
> compiling until after several slow non-parallel tasks such as running
> mksnapshot and linking v8_for_testing. I don't see any reason that
> cctest sources should wait for those tasks, so in this change I propose
> adjusting the build dependencies for more parallelism.
>
> Change-Id: I2472117c8555ac397fa1232954c8b699d6429d38
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3690170
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80976}

Change-Id: I1d22362080962b424c21232f63e8896a2cbe2bb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695357
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81025}

We will not be able to modify flags after initializing V8 (soon).
The {SingleThreadedDefaultPlatformTest} was resetting flags during
teardown for no reason, as we do not support running multiple tests in a
row anyway. Thus remove that use of {SaveFlags} and just set the
--single-threaded flag before initializing V8.

R=ahaas@chromium.org

Bug: v8:12887
Change-Id: Ia89d442cf4b2fe2e12e258da5c0c9f1f871ded12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695378Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81024}

Users can just use std::vector<Global<T>>.

Bug: v8:12915
Change-Id: I59fc8458e336df0dfaa3524f1197d4423482530e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695578Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81023}

Bug: v8:12901
Change-Id: I14c326981a7cbdf664c8c9ce2fac5486b846b98c
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695556
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81022}

Some temp register slots are only used in a short range at the begining
of a statement or expression. They can be released earlier to save a
slot for later use. After the change, we can see frame size reduced in
the switch, class literal and ForOf tests.

Bug: v8:12940
Change-Id: I17b412d89353206fc01248cb3eefd2c678bc4ebb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688565Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Cr-Commit-Position: refs/heads/main@{#81021}

The error message held in {CompilationResult} was not null-terminated,
leading to ASan complaints. Just store it in a {std::string} and use
{c_str()} to get a properly null-terminated C-string.

Drive-by: Enable execution of the fuzzer tests.

R=ahaas@chromium.org

Bug: chromium:1334548, v8:12922
Change-Id: Iafcfd5ce77e49e2aa1ff0910d8718bcd51f83662
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695356
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81020}

Change-Id: I164d1debe2734e1dabf01e048deb4102e4903147
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3697472Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81019}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/108ca84..920fa14

fix some build warnings on type conversions (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/920fa14

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: Ib4b588f343dca80474e2c7b7e3ed3f59a826324e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695963
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81018}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a568526..a789781

Rolling v8/buildtools/linux64: git_revision:37baefb026b199605affa7bcb24810d1724ce373..git_revision:fd6cae41bd7d5d255dc2fb96004a8bf74ac9d972

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/c30c515..11395e5

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/86ab9dd..1644d07

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/3a2e446..8a8c0b9

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/13c50b4..b3579d4

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220531.3.1..version:8.20220608.4.1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/4e79fda..2f657cf

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I39b7245d9f2abc5c603049674f6599158eed159d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695962
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81017}

Port commit e50d19cb

Original Commit Message:

    https://crrev.com/c/3471854 already disabled the RecordWrite builtin
    specifically for incremental marking. Since this didn't regress performance as expected, we can now remove those versions of the
    builtin.

    This will simplify the barrier implementation a bit, but is also
    required for the shared heap write barrier. Unlike the generational barrier, the shared heap barrier can't be elided for map values.


Change-Id: Ie84c77c0d633a5835580a976b3f11736a68cde62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3696492Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81016}

Add a simple, linear-time scheduler to check whether two nodes can be
scheduled to a same basic block without actually building basic blocks.

Bug: v8:12716
Change-Id: I20506f28a9126f881b7e4748f54b12551967ba76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3388910Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81015}

Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: Ib7542c8cf63563d29f23fb03f86974c319ed88c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3697456Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81014}

The test should now be self-skipping without extra work

Bug: v8:12547
Change-Id: I0adf5d8745e19b17d2644587e416eb16063b210d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3694455Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81013}

This saves one indirection when fetching the supertype array for
type checks.

Bug: v8:7748
Change-Id: I41ec5a190c1ccdd9112869c7cdf1748bef4b359a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688405Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81012}

Earlier, we had to introduce some temporary workarounds in Turbofan to
enable optimizations for common wasm-gc patterns. These are now not
required, since these optimizations are applied in WasmTyper and WasmGCOperatorReducer.

Bug: v8:7748
Change-Id: I3a7bc4bd2a8023a438ee4620934ff3fcb8bcfc6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693999
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81011}

This wraps CagedHeap in #if defined(CPPGC_CAGED_HEAP)

Bug: v8:12231
Change-Id: I8407abdd88c6a96b6c79c08e7039b5eb6f8175f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695384Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81010}

Rename array grouping methods according to the consensus on TC39 June
meeting.

Bug: v8:12499
Change-Id: I89cb3a49b0de45b74131877bb70d38b49233f275
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3692436
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81009}

This is a reland of commit abcb6bb8.
The data race is fixed by using atomic operations.

Original change's description:
> [heap] Avoid dynamic updates of FLAG_gc_interval
>
> Flags will be protected from updates after V8 initialization (in the
> future). This CL avoids any updates of the --gc-interval flag during
> runtime, and instead updates a static field on the HeapAllocator
> directly.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80998}

Bug: v8:12887
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ib5b537500413a627d9b2509354d20906e0474d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695380Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81008}

This is a reland of commit c443858f

The original version included an operation which could left-shift
signed values, which is undefined behavior; the updated version masks
the value first to avoid the problem.

Original change's description:
> Allow lookup of matching scripts in Isolate compilation cache
>
> Currently, if the same script text is compiled multiple times with
> differing details (such as name, line number, or host-defined options),
> then multiple copies of that script are added to the Isolate's
> compilation cache. However, any attempt to look up those scripts can
> find only the first instance. This change makes the script compilation
> cache behave more consistently by checking the details while searching
> the hash table for a match, rather than after a potential match has been
> found.
>
> Bug: v8:12808
> Change-Id: Ic9da0bf74f359d4f1c88af89d585404f173056ee
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3671615
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80919}

Bug: v8:12808
Change-Id: I494c3c9cc520b79f34247aab6618c40c854b9edc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687070Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81007}

Current implementation doesn't cache the result, however.

Bug: v8:12868
Change-Id: Idd5eb7bbb49d018fec82a80bffb5288c0b6ee0f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695377
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81006}

The CL is a prerequisite for the shared cage. Instead of storing
state variables (is_incremental_marking_in_progress,
is_young_generation_enabled) in the cage metadata, the CL moves them to
HeapHandle. The HeapHandle pointer is now retrieved from page-headers.

To make sure that the write-barrier code is better optimized, the
HeapHandle definition is moved to internal/ headers. The part of
BasePage that contains HeapBase (i.e. HeapHandle) pointer is also
extracted and moved to the headers.

Bug: v8:12231
Change-Id: I44bf65d99a621d9548e4250386cf87476ca186ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689730
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81005}

We previously missed out on turning ConsString objects into ThinStrings
due to the flattening step in StringTable::LookupString.

  // Example input string:
  string = cons("A", cons"B", "C"))
  // After flatten:
  string == cons("ABC", "")
  // OLD: After internalising and thinning:
  string == cons(#"ABC", "")

The new behaviour yields a thin string after internalising:

  // NEW: After internalising and thinning:
  string == thin(#"ABC")

Change-Id: I99bbebd52fa02ecfeb2289cb85b69f3e01175cdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667080
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81004}

Current method is passing no_reg as scratch and causes failure.
This CL copies the necessary parts from under ASSEMBLE_STORE_INTEGER
and passes r0 as scratch.

Change-Id: Iaa8477bed6ee73ad85514a390ceff4847d2c8c27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695957Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81003}

This reverts commit abcb6bb8.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/20029/overview

Original change's description:
> [heap] Avoid dynamic updates of FLAG_gc_interval
>
> Flags will be protected from updates after V8 initialization (in the
> future). This CL avoids any updates of the --gc-interval flag during
> runtime, and instead updates a static field on the HeapAllocator
> directly.
>
> R=​mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80998}

Bug: v8:12887
Change-Id: I18310a3f515506d617f42be7a208013957625eaf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695559Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81002}

Anyone using CopyablePersistentTraits should be using v8::Global, so
deprecate it and fix the uses in V8.

Bug: v8:12915
Change-Id: I25e6f2a03e070db9e9af9bbd9ea8cbc0f838c5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669254Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81001}

NOTRY=true

Bug: v8:12358
Change-Id: I89a880b9e187b8b149b670d38320aa46be0424dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695374
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81000}

If enabled, a signal handler is installed which intercepts memory access
violations (e.g. SIGSEGV) and checks whether they occurred inside the
sandbox address space, in which case the process is terminated cleanly
as this does not represent a (security) issue with the sandbox. However,
if the access violation occurred outside the sandbox, the access
violation is forwarded to the original signal handler.

The filter can be enabled in d8 by specifying
--enable-sandbox-crash-filter.

Bug: v8:12878
Change-Id: If9d76267e90ee79ee81ab793d7774afed6226b7c
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688408Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80999}

Flags will be protected from updates after V8 initialization (in the
future). This CL avoids any updates of the --gc-interval flag during
runtime, and instead updates a static field on the HeapAllocator
directly.

R=mlippautz@chromium.org

Bug: v8:12887
Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80998}

Context: https://github.com/WebAssembly/exception-handling/pull/197

This change removes the wasm exception -> JS Error inheritance.

R=jkummerow@chromium.org

Bug: v8:8091
Change-Id: I479f16fe03d4d77d2ecd8409e96f9a3c063912b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688401
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80997}

No functional change.

Bug: v8:12868
Change-Id: I5f09861e2b5beb400dcc1656f80230404cf544b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693704Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80996}