This CL renames a number of things related to the V8 sandbox.
Mainly, what used to be under V8_HEAP_SANDBOX is now under
V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
is now simply the V8 Sandbox:

V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
V8VirtualMemoryCage => Sandbox
CagedPointer => SandboxedPointer
fake cage => partially reserved sandbox
src/security => src/sandbox

This naming scheme should simplify things: the sandbox is now the large
region of virtual address space inside which V8 mainly operates and
which should be considered untrusted. Mechanisms like sandboxed pointers
are then used to attempt to prevent escapes from the sandbox (i.e.
corruption of memory outside of it). Furthermore, the new naming scheme
avoids the confusion with the various other "cages" in V8, in
particular, the VirtualMemoryCage class, by dropping that name entirely.

Future sandbox features are developed under their own V8_SANDBOX_X flag,
and will, once final, be merged into V8_SANDBOX. Current future features
are sandboxed external pointers (using the external pointer table), and
sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
because they are encoded as offsets). This CL then also introduces a new
build flag, v8_enable_sandbox_future, which enables all future features.

Bug: v8:10391
Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78384}

Bug: v8:11111
Change-Id: I5cdd26070eb6ddf264e46763a71097e9fb716bf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333924Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78383}

This is the final change list in the list of refactorings to split off
the implementations of v8::StackFrame and CallSite objects (as used by
the V8 JavaScript stack API). See https://bit.ly/v8-stack-frame for the
whole story.

This CL adds the v8::internal::StackFrameInfo class as new backing
implementation of v8::StackFrame, and puts it into debug-objects.tq
to indicate that it's used for the debugger API only. This new class
is lightweight and only holds on to static information about the
stack frame, and is thus usable for the V8 inspector to implement
async stack traces in a cheaper manner going forward.

Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278650
Fixed: chromium:1278647
Change-Id: I4dbf2d850f47797263af225895129499169aad02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302794
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78382}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/b000672..3b3de69

Fix `-DBENCHMARK_ENABLE_INSTALL=OFF` (Fixes #1275) (#1305) (Roman Lebedev)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/3b3de69

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: Iec9f6588bbcd31c949418b0bdd213d114e3d0b92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3339106
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78381}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/864a567..568d316

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1ba82f6..563885e

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2777fd9..9e5809e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I18c84f9c76a4a251a0464eae80d27c6b76cd4b97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3340273
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78380}

This ship one method in Intl
Intl.supportedValuesOf which is a Stage 3 TC39 proposal

Design Doc: https://docs.google.com/document/d/1lbj_YVW-xhzYNMQeHB-qDjVkf4SA-eTHYpYXx3Oaud8
API Owner LGTMs: miketaylr@chromium.org, chrishtr@chromium.org, tkent@chromium.org

Spec: https://tc39.es/proposal-intl-enumeration/
https: //chromestatus.com/guide/edit/5649454590853120
I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/Txtf_rSqGH8/m/e27FY33JAQAJ
R2T: https://groups.google.com/a/chromium.org/g/blink-dev/c/IaTkvH_9DAY/m/1rDxe8lvAAAJ
I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/I0Y4FrRMNSY/m/XIN_fgA5DAAJ
Bug: v8:10743
Change-Id: I1e4c80e93ef903347a0e6da73b1e8514863bde09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315228Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78379}

DD: https://docs.google.com/document/d/1OwEsvs8VQwvR-ug01xLyIwpgcvUfaP24u9owc7aBKJ4/
Status: https://www.chromestatus.com/feature/5566859262820352
R2T: https://groups.google.com/a/chromium.org/g/blink-dev/c/5spmAncbooE/m/NdwZGjLpAgAJ
I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/4ZMt5ukQNRs/m/0flHnuaBBgAJ
API Owners LGTMs: chrishtr@chromium.org, miketaylr@chromium.org, tkent@chromium.org

Bug: v8:11638
Change-Id: Ief40b7d545a268723e5fbe654cdc86dcb9523300
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315223Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78378}

This CL migrates the following objects' APIs to CodeT:
* WasmFunctionData,
* WasmInternalFunction.

Bug: v8:11880
Change-Id: Ib3f0eb41894cbd3c6b30430c4e5616eb45fbbaec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338701Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78377}

On some branches of the search tree for a binary-search switch, the
input value is sufficiently constrained that we could unconditionally
jump to the last possible case rather than checking for value equality.
This shortens some builtins by a few instructions and might speed things
up, though I expect the effect to be small.

Change-Id: I2313f26976e6d3c182f03bd927b338c8175b3af3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335437Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78376}

Multiple threads can modify async_wraps_ in parallel, which is not ok.

Drive-by-fix:
- Use normal constructor/destructor for AsyncHooksWrap
- Use unique_ptr for storing AsyncHooksWrap

Bug: chromium:1278276
Change-Id: I667980151c775be29e603790e589b1de76fae05a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338257Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78375}

This decouples the stack trace visitation logic from the creation
of actual stack frame objects, in preparation to introduce a
second kind of stack frame object (`v8::internal::StackFrameInfo`
as part of http://crrev.com/c/3302794) in addition to the existing
`v8::internal::CallSiteInfo`.

Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278647, chromium:1278650
Change-Id: I398933653e29cc2fe5c222526d9dd686ef8239b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3334781
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78374}

This reverts commit 69564827.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux%20MSAN%20no%20origins/25955/overview

Original change's description:
> [counters] Improve v8.execute histogram timer
>
> - Mark uncommon timer-paths as V8_NOINLINE
> - Add explicit LongTaskNestedTimedHistogramScope class
> - Use explicit LongTaskRecordMode enum
> - Mark a few more isolate methods as const
> - Add more timer scopes:
>   - Accessors::ArrayLengthSetter
>   - v8::NewContext
>
> Bug: v8:12498, chromium:1275056
> Change-Id: I7896ee341c3c3a1fd5acf8f3f59347ff01dda9c0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338258
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Auto-Submit: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78372}

Bug: v8:12498, chromium:1275056
Change-Id: I0147c57085f114201e1d5fa293282d38c81d0148
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338699
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78373}

- Mark uncommon timer-paths as V8_NOINLINE
- Add explicit LongTaskNestedTimedHistogramScope class
- Use explicit LongTaskRecordMode enum
- Mark a few more isolate methods as const
- Add more timer scopes:
  - Accessors::ArrayLengthSetter
  - v8::NewContext

Bug: v8:12498, chromium:1275056
Change-Id: I7896ee341c3c3a1fd5acf8f3f59347ff01dda9c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338258Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78372}

R=jkummerow@chromium.org

Bug: v8:12281
Change-Id: If00f34053bb970a71a1826010050b79557dbb381
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338259Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78371}

We probably expect a binary-search switch to take log(n) time in all
cases, but there is currently a possibility of that expectation being
broken. I'm not aware of any place where this actually happens, but if
the default handler immediately follows the switch dispatch block in
assembly order, then unconditional jump instructions for that handler
would be omitted. This omission could cause linear execution time, where
every case is checked before falling through to the default handler.

This change introduces a new function to emit an unconditional jump
instruction regardless of whether the target is the following block, and
uses that new function when generating a binary-search switch to ensure
consistently log(n) behavior.

Change-Id: I5cab86fd66386762519035410e3b532dc6fd764c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335222Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78370}

With dynamic tiering, the "serialize" function provided by the c-api
does not work anymore, and it is unclear how it should work.

R=jkummerow@chromium.org

Bug: v8:12281
Change-Id: Ib70bf118ba42b0752eb5dab5f43893da0404931e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338657Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78369}

An asm-js module has all wasm feature flags disabled, despite the global
flag configuration. Therefore, in WasmExportedFunction::New, we should
retrieve the enabled features from the NativeModule instead of the
flags.

Bug: chromium:1279151
Change-Id: Ic44fe535baa7cb851644457cce533c24d4c9824e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338256Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78368}

This CL
* migrates FeedbackVector::optimized_code to CodeT,
* migrates OSROptimizedCodeCache to CodeT.

Bug: v8:11880
Change-Id: I2082412fb9fdf90e7ed90f4454ecf55f4f3d53d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3330468Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78367}

This is a non-functional refactoring to make naming of stack traces more
consistent, and thus easier to reason about whether the "simple stack
trace" (stack trace API) or the "detailed stack trace" (inspector API)
is meant. Granted, these names aren't great by themselves, but at least
we should be consistent.

This also adds a new `Isolate::GetSimpleStackTrace()` and uses that
directly to implement the Wasm C-API, avoiding the roundtrip via the
`JSMessageObject`, which actually carries a detailed stack trace (which
by chance worked out so far).

Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278647, chromium:1278650
Change-Id: I29e1a956ed156d6eeceb50150a28afaa2f11b9c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3334780
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78366}

This CL migrates JSFunction's code accessors to CodeT.

Bug: v8:11880
Change-Id: I8cf367eb79cc1d59548dd4f3e18c010f76f101cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3330466Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78365}

Fixed: chromium:1279383
Change-Id: I0fb6e15d47698b90c51cc27e18a526ba6d0fc1d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338656
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78364}

EmbedderState is forward declared in public header for
EmbedderStateScope. Default std::unique_ptr's destructor needs a fully
defined class. Defining default destructor in implementation file fixes
this.

Bug: chromium:1263871
Change-Id: I8ccc58f56a758927dc5d7a39387188185e7d3827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338697
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78363}

Use build_flags_ with @if/@ifnot in torque for the following flags:
- V8_ENABLE_JAVASCRIPT_PROMISE_HOOKS
- V8_ENABLE_SWISS_NAME_DICTIONARY

- Make sure Torque and CSA code actually respect
  V8_ENABLE_JAVASCRIPT_PROMISE_HOOKS.
- Rename V8_ALLOW_JAVASCRIPT_IN_PROMISE_HOOKS to
  V8_ENABLE_JAVASCRIPT_PROMISE_HOOKS
- Rename gn/bazel arg v8_allow_javascript_in_promise_hooks to
  v8_enable_javascript_promise_hooks
- Unship context promise hooks in chrome and enable them only in d8
  for testing purposes
- Make sure d8 and the API throw when using promise hooks without
  the compile time feature enabled

Bug: chromium:1265186, v8:11025
Change-Id: I69834d44d683a36d0d7be3c3d68888321be0fd7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301474Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78362}

This is the second step in the refactoring to make v8::StackFrame
more lightweight and usable for (long time storage) by the V8
inspector (see https://bit.ly/v8-stack-frame for an overview).

This is a purely mechanical change without any functional aspects.
The intention is to make the use case for the CallSiteInfo objects
clear, namely to serve as the backing store for the CallSite objects
exposed via the Error.prepareStackTrace() API and used under the
hood to implement the error.stack accessor.

Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278647, chromium:1278650
Change-Id: I39dffd1f1a8e5158ddc56f2a0a2b1b28321f487a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300138Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78361}

Drive-by: fix TSAN issue.

Bug: v8:11880
Change-Id: I8a31391c6a1855a20a243eb740e4e3e1223ecbbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333930Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78360}

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/edf883a..fbc6faf

Add display names for languages and regions for Android (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/fbc6faf

Update OWNERS (Maksim Ivanov)
https://chromium.googlesource.com/chromium/deps/icu/+/fe915d8

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I02a5e611d648dc2393e96f2b108e15121eee210d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3336700
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78359}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/47daaa3..864a567

Rolling v8/buildtools/linux64: git_revision:fc295f3ac7ca4fe7acc6cb5fb052d22909ef3a8f..git_revision:2e56c317bd8e2bf152cfa2ead6ac5fa476fe28b4

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/58799ca..603d9d1

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/45fc896..1ba82f6

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ecc14aa..2777fd9

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/7fd4168..dc7eff9

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ic4bdb58338f40da8a26572d54ba949d27777a973
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3336699
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78358}

Some embedders might want to process console.info and console.log
differently. So inspector needs to return a different level for
these console log messages.

Change-Id: I936990a25f079a0d72f877a5095ed93819fc539a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3331929Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78357}

Change-Id: I53234b6494887edd2b18e5d6b7d07675414d2e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329802Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78356}

Bug: chromium:1279426
Change-Id: Ia510b105a4aacbca3abc521b110bcf58cfe6e294
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335816
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78355}

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: Iee9005f1dd934fc6b81c1a8eb3d8d6bfb21b4bdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3334336Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78354}

We recently ran into two separate issues with this DCHECK. To enhance
debugging, let's add some more information as to which property is
failing. That should make investigating of the problematic property
easier, as we now no longer need to printf the results.

R=jkummerow@chromium.org

Bug: chromium:1276617, chromium:1262066
Change-Id: I8613780fc9613af700e113bb6050d4cbbd4cb040
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3330467
Commit-Queue: Tim Van der Lippe <tvanderlippe@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Tim Van der Lippe <tvanderlippe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78353}

No behavior change.

Bug: chromium:1278777
Change-Id: I18deed9571acb9f953cb6cddee12e27733de98b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3332197
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78352}

Since the reftypes proposal has shipped, we remove the respective flag
and the code that handled its absence. We maintain a WasmFeature for
reftypes for feature detection purposes. We remove the flag declaration
from tests, and adapt some tests that make no sense without the flag.

Bug: v8:7581
Change-Id: Icf2f8d0feae8f30ec68d5560f1e7ee5959481483
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329781Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78351}

Support was added to big endian machines (PPC/AIX and S390)
using the following CLs:

TurboFan fixes:
https://crrev.com/c/3313444
https://crrev.com/c/3327721
Wasm Compiler fix:
https://crrev.com/c/3316032
cctest:
https://crrev.com/c/3302852

Change-Id: Ie20dcbe37d04b20d15aae724a82a204bd12baa2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329795Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78350}

This is a reland of 863bc2b8

Diff to original:
- Don't eliminate GC observable stores that were temporarily
  unobservable during traversal.
- Skip the previously added test for single-generation
- Add new test

Original change's description:
> [turbofan] Improve StoreStoreElimination
>
> Previously, StoreStoreElimination handled allocations as
> "can observe anything". This is pretty conservative and prohibits
> elimination of repeated double stores to the same field.
> With this CL allocations are changed to "observes initializing or
> transitioning stores".
> This way it is guaranteed that initializing stores to a freshly created
> object or stores that are part of a map transition are not eliminated
> before allocations (that can trigger GC), but allows elimination of
> non-initializing, non-transitioning, unobservable stores in the
> presence of allocations.
>
> Bug: v8:12200
> Change-Id: Ie1419696b9c8cb7c39aecf38d9f08102177b2c0f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295449
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78230}

Bug: v8:12200, chromium:1276923, v8:12477
Change-Id: Ied45ee28ac12b370f7b232d2d338f93e10fea6b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320460Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78349}

This is a reland of 2418d22a

Reland fixes:
  * Rebase this 2+ year old change 😱
  * Unpoison the kept segment before zapping it to make ASAN happy.
  * Carefully adjust allocation size tracking fields to compensate for
    kept segment.

Original change's description:
> [zone] Keep one page when we Zone::Reset for reuse
>
> Change-Id: I50c6124d3da5b35d4156c066f38d10d2dc966567
> Reviewed-on: https://chromium-review.googlesource.com/c/1349246
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57793}

Change-Id: Iaffde5b38b3d683af081b1878464dd4c66be5af8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322833Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78348}

This CL overrides the Summarize() method on the BuiltinExitFrame,
similar to what is already implemented on UnoptimizedFrame. This
way the stack trace capturing logic can be unified further, and
only needs to distinguish between JavaScript(ish) and WebAssembly
frames now.

Bug: chromium:1258599, chromium:1278650, chromium:1278647
Change-Id: I15f4dd61199ff047930796ce285bd938e8bcd22f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3327142
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78347}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/dda89a8..47daaa3

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I67a741acaa598961fee60c788f202cf23c3e3f0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3330906
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78346}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/10669fa..dda89a8

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/d520ea5..58799ca

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/70bcf59..45fc896

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/58c7c38..ecc14aa

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I1168840eaadcc74c3a0845192669ad5c4a523361
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3330905
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78345}