Bug: chromium:1253650
Change-Id: I289dae157408ab68d76fb168aadf7924c3a65c09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302798Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78102}

SIMD tests moved from the proposal directory to the main spec test
directory. Test expectations needed to be adjusted therefore.

Change-Id: I02225da1f55ba173bbda22257edf45a3e987ba0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302795
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78101}

This reverts commit d1538091.

Reason for revert: https://ci.chromium.org/ui/p/chromium/builders/try/android-marshmallow-arm64-rel/1022301/overview

Original change's description:
> cppgc: Add temporary CHECK for diagnosing issue
>
> Bug: chromium:1253650
> Change-Id: I634501d5f092263ebd0f96826c79655c49ddce3b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302792
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78096}

Bug: chromium:1253650
Change-Id: I2e8ff73e8bac5379a86985f19558dbfa5caae94f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302796
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78100}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/d6ba952..680d3fd

Add clang-tidy check (#1290) (dominc8)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/680d3fd

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I1152e7dc79d41011a93a74e96711a62a9f6f2b78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303154
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78099}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/44b802e..26881c1

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/038090f..f51a154

Rolling v8/third_party/aemu-linux-x64: R6v-hxhOQyZL9y_avAvE80v7II7utrI5Px4EUlMdtrAC..vRCm89BzABss-_H8vC-tLjcSf6uusZA9IBSSYtdw4_kC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5d7ccbf..75423c3

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/afb82b2..2ffa1bd

Rolling v8/tools/luci-go: git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098..git_revision:03f7c59feeac59c211e5b06fbbbc7405861b482e

Rolling v8/tools/luci-go: git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098..git_revision:03f7c59feeac59c211e5b06fbbbc7405861b482e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I16dd56334c813d03cdb2bf66f996e00966b47680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303151
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78098}

PTHREAD_STACK_MIN is an alias for __sysconf(__SC_THREAD_STACK_MIN_VALUE)
in glibc 2.34.

__sysconf() returns long, causing a -Werror,-Wsign-compare error build
error.

Change-Id: I15da8e7ee57a6979682ff7166990698965481586
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301464
Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78097}

Bug: chromium:1253650
Change-Id: I634501d5f092263ebd0f96826c79655c49ddce3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302792Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78096}

After https://crrev.com/c/3301477 compilation with gcc could
fail with the following errors:
```
error: reference to 'MarkingType' is ambiguous
error: reference to 'SweepingType' is ambiguous
```

Change-Id: Idb0f52853d377ec0c0f373f2e908e6c7fa0da914
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302850Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78095}

Change-Id: Ie2815722ae1507cc5e2e7d510148063df3ebbf32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302848Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78094}

ShouldVisit() uses obj.Size() to increment the live bytes counter after
the object was successfully marked grey. However, this re-reads the
length field which could have already been overwritten by a
concurrent left-trimming operation on the main thread. Fix this by
calculating the object size later with the length field we read before
marking that object black. That value is guaranteed to be a SMI.

Bug: chromium:1273352
Change-Id: I47e5a2df3eef61b4ef07af943f30123e5c2f7f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302793
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78093}

This is a reland of 6747144c

Original change's description:
> cppgc: Parallel marking in atomic pause
>
> Bug: v8:12424
> Change-Id: I0633e1bd8c890c14ce2c5519253a5e6eb7592f04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295580
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78081}

Bug: v8:12424
Change-Id: I66a030b4e66647a76bbe3d114785d3052358b403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301477Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78092}

The bytecode can be flushed and/or the function can be
compiled and installed before the interruption to install
the new batch of compiled baseline code.

Bug: v8:12415, v8:12054
Change-Id: I092c8e0f31735119e6b2c6c46ce97ba8a4cdc91e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302788Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78091}

Bug: v8:12432
Change-Id: Ib082a390f7f71cc5e5bc4cdeb2a90596d9c16638
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302283Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78090}

This reverts commit 6747144c.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/17679/test-results

Original change's description:
> cppgc: Parallel marking in atomic pause
>
> Bug: v8:12424
> Change-Id: I0633e1bd8c890c14ce2c5519253a5e6eb7592f04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295580
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78081}

Bug: v8:12424
Change-Id: I8cd6ad8bb72906329bf820a8c1df06e8fa8d89a2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301469
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78089}

Some of the JumpIf Bytecode Handlers will load the jump offset from
bytecode array or constant pool before checking whether the condition is
matched, and this jump offset is unused if the jump not actually happens.

This CL move the Load operations to the branch on which the condition is
matched.

Bug: v8:12431
Change-Id: I3cb2fa7447ee2a9cb514148efb605617f95b1b68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300994
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78088}

Snapshot decompression for new isolates or new context is roughly 10%
of the time. Unlike on mobile, we don't need to compress the snapshot
on desktop where we can live with a 400KiB regression.

Bug: v8:12195, chromium:1270752
Change-Id: Ie4b307125f5df3d94374d5295b06c457ab6e8c24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275554
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78087}

Bug: v8:11256, chromium:1271807
Change-Id: Ifcef3d4cce0bda8dd18723b9b0ac22ad73c86773
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3296287
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78086}

Change-Id: I60734c6aa33298fad43d37b78cba8a7af2cc3cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300131Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78085}

Between the loop entry and the Dequeue call, another
thread might exhaust the queue itens and the Dequeue
call will return false without setting the job.

Bug: chromium:1272009
Change-Id: Ia254d97de36395676f069c100f46747b41483783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300130
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78084}

Not all infra members are common owners, but own several parts of the
tools directory.

No-Try: true
Change-Id: I48ab2e95b67d13a01a88fef34b86e992da4b9fba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301462
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78083}

Change-Id: Ifcc666d4eb5674a57e59f52cb86792e51516dedd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300993
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78082}

Bug: v8:12424
Change-Id: I0633e1bd8c890c14ce2c5519253a5e6eb7592f04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295580
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78081}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/ce92bbf..d6ba952

compare.py: compute and print 'OVERALL GEOMEAN' aggregate (#1289) (Roman Lebedev)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/d6ba952

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I3afb27fd3e86a25300a7129578967d695e15f679
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300813
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78080}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/91d63ae..44b802e

Rolling v8/buildtools/linux64: git_revision:4aa9bdfa05b688c58d3d7d3e496f3f18cbb3d89e..git_revision:b79031308cc878488202beb99883ec1f2efd9a6d

Rolling v8/third_party/aemu-linux-x64: V5Pz7_TfKoS_JMMlyA_dmnc33kG1ksWSC71zCysnq7UC..R6v-hxhOQyZL9y_avAvE80v7II7utrI5Px4EUlMdtrAC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/606d87e..5d7ccbf

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b23a88a..afb82b2

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/994ccaf..ace6575

Rolling v8/tools/luci-go: git_revision:2dfe2f218f0395673f336d17b841edf629907ae3..git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098

Rolling v8/tools/luci-go: git_revision:2dfe2f218f0395673f336d17b841edf629907ae3..git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8535e9020fb49262445946f2790e4acaa87a4280
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300810
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78079}

Bug: v8:11976

Change-Id: Ifdce8e668c4b0fe20180c8d28b9c1d4abe705a67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297354
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78078}

The DCHECK must use atomic accessors as well.

Change-Id: I94983c1e38bc9d436f1577509788fc21e3d4e374
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300143
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78077}

Liftoff is also fixed to make sure r0/ip don't get used as
scratch as they might be already used as offset registers.

Change-Id: I8b5636b805acdb7df12af4a7a2f2868bf5889cd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3298254Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78076}

In addition, make the code less confusing and more future proof:
- initialize the JSArrayBufferView bit_field to 0 (not only zeroing the
relevant bits)
- serialize it as uint32, since it's an uint32.

Bug: v8:11111
Change-Id: Iffbbb27cc8c821587f992668bfbcf2448a776f15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300132Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78075}

This reverts commit ce76b91a.

Reason for revert: failing simd tests on bots

Original change's description:
> [wasm] Update spec tests
>
> The newly-failing tests are due to the renaming of "anyfunc" to
> "funcref".
>
> R=​ecmziegler@chromium.org
>
> Change-Id: I801b330e386c45e62a1cbc6e308a981b3b0244e5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300133
> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78070}

Change-Id: I44dc3fcbf32092d7fe7e54039de269b39ce4e458
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300141
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78074}

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Iccf759fa1397d819f97a34482643e26239f1c8b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300139Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78073}

This fixes an oversight in crrev.com/c/3277878.

Bug: v8:11510
Change-Id: I91b55682fd27c55ef556e919d7f04a9dbbecadea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300137Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78072}

This reverts commit 47501f90.

Reason for revert: bug is fixed

Original change's description:
> Skip failing test until bug is fixed
>
> Bug: v8:12185
> Change-Id: If5f07f6f7aa2d63d09bcf069fce57b124cbc9c76
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263974
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77787}

Bug: v8:12185
Change-Id: I11d98d4f9e12eb22a18fa8f96c3d60e351c133a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300136
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78071}

The newly-failing tests are due to the renaming of "anyfunc" to
"funcref".

R=ecmziegler@chromium.org

Change-Id: I801b330e386c45e62a1cbc6e308a981b3b0244e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300133Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78070}

The main changes of this CL are:

It should no longer be assumed that an empty ArrayBuffer has a nullptr
backing store. This is in preparation for the move to caged pointers,
which cannot represent nullptr, and will instead likely provide a
EmptyBackingStore constant pointing inside the virtual memory cage. For
that reason, a new JSArrayBuffer::IsEmpty() helper is introduced, which
should be used instead of checking against nullptr.

CodeStubAssembler::GetTypedArrayBuffer now checks for on-heap
TypedArrays instead of comparing the backing store pointer to nullptr.
This is consistent with the implementation in JSTypedArray::GetBuffer.

v8::ArrayBufferView::CopyContents now uses JSTypedArray::DataPtr instead
of relying on nullptr backing stores to handle on-heap TypedArrays.

The serializer and deserializer now check for IsEmpty() and use the
kEmptyBackingStoreRefSentinel value to serialize empty backing stores.

Empty ArrayBuffers allocated for on-heap TypedArrays now have a
byte_length of zero. This allows removing the allocation_length() (and
allocation_buffer()) methods, which were only (incorrectly, as they
don't account for GSABs) used for memory measurements.

Bug: chromium:1218005
Change-Id: Ib889ccf855f68525f7a614f3963e46ea56865fa3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297709Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78069}

Design doc: bit.ly/3jEVgzz

We separate the internal representation of function references in Wasm
from their JSFunction-based (external) representation. This improves
performance of call_ref by requiring less indirections to load the
context and call target from a function reference. In the boundary
between wasm and JS/the C API, we add transformations between the two
representations.

Detailed changes:
- Introduce WasmInternalFunction, containing fields required by
  call_ref, as well as a reference to the corresponding
  WasmExternalFunction. Add a reference to the WasmInternalFunction in
  WasmFunctionData. The {WasmInternalFunction::FromExternal} helper
  extracts the internal out of an external function.
- Change {WasmInstanceObject::external_functions()} to internal
  functions.
- Change wasm function tables to contain internal functions.
- Change the following code to use internal functions:
  - call_ref in liftoff and Turbofan
  - function type checks in liftoff and Turbofan
  - CallRefIC and GenericJSToWasmWrapper builtins
  - {InitExprInterface::RefFunc}
  - module-compiler.cc in {ProcessTypeFeedback}
  - In module-instantiate.cc, in function-rtt creation.
- Add transformations between internal and external functions in:
  - WasmWrapperGraphBuilder::{ToJS, BuildUnpackObjectWrapper, FromJS,
    BuildJSToJSWrapper}.
  - debug-wasm-objects.cc in {FunctionProxy::Get},
    {WasmValueObject::New} and {AddWasmTableObjectInternalProperties}.
  - runtime-wasm.cc in ReplaceWrapper
  - the C and JS APIs
  - module-instantiate.cc, in import and export processing, as well as
    {InitializeIndirectFunctionTables}
  - WasmTableObject::{IsValidElement, SetFunctionTableEntry}
  - {WasmGlobalObject::SetFuncRef}
- Simplify body descriptors of WasmExternalFunction variants.
- Adjust tests.

Bug: v8:11510

Change-Id: I8377f46f55c3771391ae1c5c8201a83854ee7878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277878Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78068}

Bug: v8:12185
Change-Id: I7d5fbf624fff262b7777e443b12cb7a72d6165e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293404
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78067}

The CL converts uses of v8::internal::Worklist to heap::base::Worklist
which does not require to know the number of tasks working with the
work list upfront. heap::base::Worklist is the common implementation
for V8's heap and cppgc and should be used/optimized going forward.

Bug: v8:12426
Change-Id: I35713938ff80f43a763470f8bdf7e242439080f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297903
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78066}

In the final version, we might parse the parameters when deserializing
instead, but this approach is more suitable for prototyping.

Bug: v8:11525
Change-Id: I000869877b03fd1909acf602ab5190951b1939e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295456Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78065}

R=jkummerow@chromium.org

Bug: v8:12281
Change-Id: I94191b592350cfc8d06cf6fbadca6eaa8d37569f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297897Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78064}

This is a reland of d7c3f1cd. It fixes
a build failure on native arm64.

Original change's description:
> Reland "[fastcall] Enable float support on arm64 simulator"
>
> This is a reland of b9ddcbc8
>
> The original CL was reverted due to an MSAN issue, that is fixed by
> moving the signature mapping onto the Isolate (instead of having
> per-thread storage, which got invalid on multithreaded compilation).
>
> This CL also contains fixes for the Bazel config and for a data race
> when obtaining the PerIsolateSimulatorData.
>
> Original change's description:
> > [fastcall] Enable float support on arm64 simulator
> >
> > This CL adds support for handling calls to C functions with arbitrary
> > signatures on the arm64 simulator. It adds infrastructure for
> > encoding the signature data from CallDescriptor and FunctionInfo
> > classes into a compact representation, stored in the simulator and
> > called EncodedCSignature.
> >
> > Design doc:
> > https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
> >
> > This CL is a follow up on the native support added in
> > https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> > and is partially based on the previous attempt:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2343072
> >
> > Bug: chromium:1052746
> > Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> > Commit-Queue: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77744}
>
> Bug: chromium:1052746, chromium:1267854
> Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78018}

Bug: chromium:1052746, chromium:1267854
Change-Id: Ib495573569a6c930b8f9e5f1fe7ff46eb57a0aa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295461
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78063}