Fixed: chromium:1362431

Bug: chromium:1362431
Change-Id: Iaef432459dc39aa8f6bef5b74687af172d065574
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890991Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83128}

Make the flush-baseline-code tests use --no-maglev in addition to
--no-turbofan.

Bug: v8:7700
Change-Id: I12145735e7a88f156d30e15621a9fe12e18abecf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890990
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83127}

During verification all LABs are iterable. For PagedNewSpace we can
therefore use the property that all new space pages are iterable.

Bug: v8:12612
Change-Id: I71ec079fde3c0b719ccf91b431b0b29a8a9c5a2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888019Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83126}

Bug: v8:7700
Change-Id: I9554ee1a569cea6a04694c7e0a5b84a45196080c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876370Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83125}

Not passing null object but passing undefined while calling
ToTemporalDate()

Bug: v8:11544
Change-Id: I9376c32f306b000980d37bf233ffef3e83baf706
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885352
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83124}

Add TimeHourMinuteBasicFormatNotAmbiguousWithMonthDay
TimeZoneNumericUTCOffsetNotAmbiguousWithDayOfMonth
TimeZoneNumericUTCOffsetNotAmbiguousWithMonth
TimeZoneIdentifier, UnpaddedHour, TimeZoneIANALegacyName productions.

Sync the spec of TemporalInstantString, TemporalTimeString
TimeZone, TimeZoneBracketedAnnotation, TemporalTimeZoneString,
ToTemporalTimeZone, TimeZoneIANAName productions.

Fix bug in ScanCalendarDateTimeTimeRequired, ToTemporalTimeZone

Change name from Handle<String> to Handle<Object> to hold undefined

Update parser tests accordingly.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-iso8601grammar
https://tc39.es/proposal-temporal/#sec-temporal-totemporaltimezone


Related PR changes:
https://github.com/tc39/proposal-temporal/pull/2284
https://github.com/tc39/proposal-temporal/pull/2287
https://github.com/tc39/proposal-temporal/pull/2345


Bug: v8:11544
Change-Id: I6f1a5e5dedba461db9f36abe76fa97119c1f8c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822342Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83123}

Port commit 6f9e71fa

Change-Id: Id5226e0892f67573cea289040c2d5aa85f159478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886478
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83122}

This reverts commit 0a1f0e33.

Reason for revert: JetStream regressions: https://bugs.chromium.org/p/chromium/issues/detail?id=1362212

Original change's description:
> [strings] Fix raw hash lookup for forwarded strings
>
> Raw hashes may need to be looked up via the forwarding table when
> internalized strings are forwarded to external resources. Notably, the
> megamorphic ICs were not correctly fetching the raw hash.
>
> Bug: v8:12007
> Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83115}

Bug: v8:12007
Change-Id: I64853d55ea32b04b3325377c0c1affd0c1a27c6e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887949
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83121}

Port commit b2576418


Bug: v8:13146
Change-Id: Ie3727e873614f6e3e0749cb8cc10b287cd9643c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885380Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83120}

With everything related to map transitions, RAB/GSAB typed array
elements kinds should behave exactly like non-RAB/GSAB typed array
elements kinds.

Bug: chromium:1360736, v8:11111
Change-Id: Ie5cef928a25856f0c476653275066b49dfee6e41
Fixed: chromium:1360736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879497Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83119}

Bug: v8:12547
Change-Id: I6e48ac252361b3f3b495d2feaa5ad4e708e78eb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888379
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83118}

This is a testing function used by d8 to test string externalization.

Bug: v8:12007
Change-Id: Ic19f28a42e1f9681ab08c00106788c569639fe7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888378
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83117}

Drive-by improve some tracing too.

Bug: v8:7700
Change-Id: I52546a19c15ad1a6bbac1b15cdf8fba33dab1cb7
Fixed: chromium:1361345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886873
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83116}

Raw hashes may need to be looked up via the forwarding table when
internalized strings are forwarded to external resources. Notably, the
megamorphic ICs were not correctly fetching the raw hash.

Bug: v8:12007
Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83115}

Bug: v8:13269
Change-Id: Icb8b83b5f4695a9739d10d15936f4fead3b35ad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886865Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83114}

This allows (de)optimizing it in TF.

Bug: v8:13091
Change-Id: Iba64df02379dbf3ac07c96e10facb728e7d10501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886869
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83113}

Port 6f9e71fa

Original Commit Message:

    - Fix tracing of reference return values. StoreTaggedPointer should not
      use the write barrier since we are writing to the stack.
    - Avoid re-allocating a slot for the return value when it is already
      spilled.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I5b16259b1c6e8c019f6b17e8efb7947776e4ee24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886398Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83112}

This reverts commit 49c59678.

Reason for revert: The change is suspected to be breaking chromium's determinism test: https://ci.chromium.org/ui/p/chromium/builders/ci/Deterministic%20Linux/35003/overview

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I515ba771aa21f58b752a3a5b36b4deb2abc5f9c0
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886870
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83111}

Storing with E64 when SEW=32 has EMUL=2, which copies |n| 64 bit wide
data to the result double array already. Besides, accessing v1 when
EMUL=2 is reserved.

R=yahan@iscas.ac.cn

Change-Id: I0870d53c36b642529cab753409f52016d79219b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878442
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83110}

32-bit values are held in a sign-extended format in 64-bit registers. Which
the vaule 0x856AF894 becomes 0xFFFFFFFF856AF894 and failed equality comparison
with lwu's result 0x00000000856AF894. XOR the result with 0xFFFFFFFF00000000
before comparison.

R=yahan@iscas.ac.cn

Change-Id: I4d225ff653070022023ac7f10257ad0c30c24e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3881601
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83109}

When externalizing a string, the external pointer slots need to be
initialized before the new Map is installed. Otherwise, a GC marking
thread may see the new Map before the slots are valid. In that case, it
would attempt to mark invalid ExternalPointerTable entries as alive,
leading to a crash.

Bug: chromium:1361557
Change-Id: I47f19e6d9576fab0809dca36388cdfa9c28113e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885891Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83108}

This is a reland of commit 72d6dc6d

Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}

Bug: v8:12612
Change-Id: I2075c8a509265a16a133b309f98eefad7b011212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885889
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83107}

In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.

gni/v8.cmx is retained temporarily until out-of-tree consumers have been
updated.

Bug: v8:12589
Change-Id: If08cfcbf579696482e7cd60a8b8b80bcc4c7dab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885881
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83106}

This CL cancels concurrent workers instead of joining them in
MarkLiveObjects. Joining could trigger another costly run.

Bug: v8:13012
Change-Id: I873db6e9d612e219060de0fa2447f6c7c0e9de3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885876Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83105}

This CL reschedules minor concurrent marking in MinorMCTaskObserver.
This allows to make continuous concurrent marking progress.

Bug: v8:13012
Change-Id: I5cc4e02a60993dd5ce970244274d4d5f99b4a550
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885885Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83104}

Currently, compilation may fail in some configurations.

Change-Id: I2fd6a71c4f43c66416429a9d3dbbf9970c68aeaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885886Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83103}

- Fix tracing of reference return values. StoreTaggedPointer should not
  use the write barrier since we are writing to the stack.
- Avoid re-allocating a slot for the return value when it is already
  spilled.

R=manoskouk@chromium.org

Change-Id: I6418c48332964a1c3d407abafaf466b0e789be69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882971
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83102}

On termination of the worker pool in the main process, a SIGTERM is
sent from pool to worker. It was meant to terminate long-running
tests in the worker process. The signal handler on the worker side,
however, was only registered during test execution. During the
remaining logic (<1% of the time probably) the default system
behavior for SIGTERM would be used (which will likely just kill
the process). The ungracefully killed process might be killed while
writing to the results queue, which then remains with corrupted data.
Later when the main process cleans up the queue, it hangs.

We now register a default handler in the worker process that catches
the SIGTERM and also gracefully stops the processing loop. Like
that, the SIGTERM signal will always be handled in workers and never
fall back to SIGKILL.

However, a small time window exists when the SIGTERM was caught
right when starting a test process, but when the test-abort handler
was not registered yet. We keep fixing this as a TODO. Worst case,
the main process will block until the last test run is done.

Bug: v8:13113
Change-Id: Ib60f82c6a1569da042c9f44f7b516e2f40a46f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882972Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83101}

This reverts commit 72d6dc6d.

Reason for revert: UBSan failure in PagedNewSpace: 
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/23130/overview

Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}

Bug: v8:12612
Change-Id: Ife4a41fa835e61a6d9f0f1c254900288b805f41f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885884
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83100}

Bug: v8:12445
Change-Id: Iec07b49986a6ceff3842b55af24d375149930a91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885877
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83099}

Bug: v8:13269
Change-Id: I0f35101bd4b8a91ed5aa596cb5d27a5dbb5f764e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882976Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83098}

When testing for "has" rather than loading, we can immediately return
true when there is an accessor (this is already what the LoadHandler
path does but was missed in the inlined case).

Fixed: chromium:1361434
Fixed: chromium:1361560
Fixed: chromium:1361566
Fixed: chromium:1361654
Fixed: chromium:1361830
Change-Id: I69073eccbb39b08da597297fa597f53f260b242e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885879
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83097}

In case the free list fast path fails, do a precise search through the
precise category for the current allocation.

Bug: v8:12612
Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83096}

Port commit c0f420ef

Change-Id: I061da980f39888f0f43e2746c8c37d683b200a95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885381
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#83095}

Bug: chromium:1350125
Change-Id: Ia89d01420e93e110a5da22f104f5b8afbdd2f558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882973
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83094}

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/bbdc7d8..20f8ac6

Make references to //third_party/icu relative (Filip Filmar)
https://chromium.googlesource.com/chromium/deps/icu/+/20f8ac6

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I87063f9ec7b4ef8491c43ad8e1902e2741dd0e49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886397
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83093}

Bug: v8:11544
Change-Id: I23435db7f625ee35f560fd84ee98d481081fb5ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868513
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83092}

Bug: v8:12716
Change-Id: I0a1e807f7b0c64afa7d259361c47314e9c9e30db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867140Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83091}

This is a reland of commit a165e82e

The reason of revert is  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22   which is the line
"nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);"
where seconds_mv is a double and nanoseconds_mv is a int32_t
In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error.


Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double and int32_t instead of int64_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}

Bug: v8:11544
Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83090}

When the sandbox is disabled, object layouts are now different as
ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit
(ExternalPointerHandles).

Bug: v8:10391
Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83089}