When a Promise-Reject handler throws an unhandled exception, we should
use that promise's context for reporting the exception to the runtime.
This avoids a null-pointer deref.

Fixed: chromium:1263994
Change-Id: I3792a1884af4a83991249d612caf15588ea77dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250912
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77652}

This CL adds a minor change to the arm/arm64 simulators to support up to
20 arguments in a C function call. This change is necessary for an
upcoming CL which adds float support to the simulator and tests with
more than 20 arguments, see
https://chromium-review.googlesource.com/c/v8/v8/+/3060486

Bug: chromium:1052746
Change-Id: I60ae603c96554525d28f1cd248d7766f86c9cc3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256785
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77651}

Bug: v8:11111
Change-Id: Icefaa3f1090f9b41dc7837e3a95bbfd633703757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251179Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77650}

When materializing a scope object, we previously assumed that we will
not have any name collisions. This is not correct e.g. when eval
introduces an aliased local variable.

This CL resolves this wrong assumption. The test case should not crash.
It however fails as there is a bug in how debug-evaluate should resolve
variables defined in eval.

R=verwaest@chromium.org

Fixed: chromium:1240962
Bug: chromium:1264852
Change-Id: I0e41e7905589735e25eff221376d09997ea99117
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250911
Auto-Submit: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77649}

This reverts commit ca753bca.

Reason for revert: Need another whitespace change.

Original change's description:
> Whitespace change to test alerts
>
> No-Try: true
> Change-Id: I0f6211c6fc3990051ea6c50c815cc1fcc9f4643e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256787
> Auto-Submit: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#77643}

Change-Id: I81399910d7fa4d61e9459f85001e1563acba2a4c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256546
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77648}

After https://crrev.com/c/3247035 compilation with gcc may fail
with the following error:
```
error: comparison between 'enum v8::internal::
compiler::BitsetType::<unnamed>' and 'enum v8::internal::
TurbofanTypeBits::Flag'
```

Change-Id: I5edf28e335483be66ae46e4359e0a4dc83341adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255303Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77647}

Since early regexp errors were implemented in
crrev.com/a56874d3, the JS parser
calls into the regexp parser to validate the regexp literal syntax.

For these calls, the JS parser passes its Zone to the regexp parser.
This means that scripts with multiple regexp literals are all parsed
using the same Zone memory. Very large scripts with many (think
hundreds of thousands) regexp literals may thus run out of memory
whereas previously they would parse and run successfully.

This CL fixes the OOMs by resetting the state of the JS parser Zone
around regexp parser calls. We introduce a new ZoneScope class,
similar to HandleScope, which controls the lifetime of zone objects
allocated within its scope. In other words:

 {
   ZoneScope zone_scope(zone);  // Store zone state S.
   // ... Allocate objects O in zone.
   // zone is now in state S'.
 }
 // zone_scope goes out of scope, reset zone to state S. Objects O
 // are freed and no longer usable.

Fixed: chromium:1264014
Bug: v8:896
Change-Id: I3e7ac36f25a9d6c4eda2460bd1bea9814685e89b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256783Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77646}

In stress runs a GC may kick in before assertOptimized() is called
on the optimized function, causing it to deoptimize and the test
would fail even if the function is optimized as expected.
Adding --no-stress-flush-code --no-flush-bytecode fixes the timing
issue.

Bug: v8:12332
Change-Id: If43c2a06e84c0e3b5e21f7bde160340a0fc742f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3237326Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#77645}

Fixes `buildifier` warning, since the alias has the same name
as the icu/noicu/d8 targets.
The alias was used in the CI bot, but this is no longer the case.

No-Try: true
Change-Id: Ie8e9b6b2d8510c78982ed4c6845b51a4d4378106
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253356
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77644}

No-Try: true
Change-Id: I0f6211c6fc3990051ea6c50c815cc1fcc9f4643e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256787
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77643}

Write barriers are automatically emitted by v8::TracedReference.

Bug: v8:12165
Change-Id: I6ee9b95e9d25fe9606ce1b11b21b3905d47ee8cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253343Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77642}

Bug: v8:12350
Change-Id: Ic4c8f11df4f0916d3fcb4b9d60b6e06bab4f3df8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3252820
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77641}

This patch refactors the ClassFields benchmarks and makes the results
detection work properly. Previously the errors weren't caught since
the ClassFields benchmarks don't get run in the perf_integration
step in the CI.

- Instead of putting different configs (single/multiple fields, type
  of fields, etc.)in the JSON configuration, we now group the related
  benchmarks into the same script and run the different configurations
  in the scripts directly. Only the optimization status is now
  controlled in JSON. All the class fields definition benchmarks are
  merged into initialize-class.js.
- Update the number of local iterations of evaluate-class.js to 100
  (similar to most of other benchmarks) to keep the time spent on
  this benchmark similar to that of other benchmarks.

In addition, copy the configs to JSTests3 so that the benchmarks gets
run by the perf_integration step and we can see the graphs on
http://chromeperf.appspot.com/report. These can be removed
when the ClassFields benchmark results are generated there too.

Bug: v8:10793, v8:9888
Change-Id: I4e677bdc7b582650f39cf6e9ec02775c57fd04ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226550
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77640}

Design doc:  https://bit.ly/3jEVgzz

Summary:
We change the context for WasmJSFunction and WasmCapiFunction from a
tuple containing the instance to a triple WasmAPIFunctionRef =
{isolate root, context, callable}. This way we do not have to maintain
the correct instance at runtime. Also, a few places in the code get
simplified.

Changes:
- In WasmGraphBuilder, support having a WasmAPIFunctionRef at parameter
  0.
- Remove unpacking of (instance, callable) tuple from code generators.
- Remove the part in WasmGraphBuilder and LiftoffCompiler that used to
  set the instance field of the function reference.
- Modify code that handles the 'ref' field in wasm-objects.*, factory.*
  and c-api.cc.
- Fix the recorded safepoint address for arm when calling a C function
  from wasm.
- (Drive-by) Remove WasmAllocatePair.

Bug: v8:11510
Change-Id: I2a4ef3abaf9da36c4a2d85b434965a40a289b9ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236719
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77639}

R=jkummerow@chromium.org

Bug: v8:12281
Change-Id: If0ef4861d6466da211a799916e62234d458c2614
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253357Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77638}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d552bed..1eb779c

Rolling v8/buildtools/linux64: git_revision:f847b5744a81d23b96de3f2e56ce0398f550bd0e..git_revision:8926696a4186279489cc2b8d768533e61bba73d7

Rolling v8/third_party/aemu-linux-x64: oGlyr7Yd3bVAIOk9ix9USsqpL5HzLbxt5CyB54MmvJ4C..hys6gk1KOHMz9nURGWen255HiLIaVd3e4eZfa-w6l7oC

Rolling v8/third_party/android_ndk: https://chromium.googlesource.com/android_ndk/+log/401019b..9644104

Rolling v8/third_party/android_sdk/public: n7svc8KYah-i4s8zwkVa85SI3_H0WFOniP0mpwNdFO0C..Yw53980aNNn0n9l58lN7u0wSVmxlY0OM1zFnGDQeJs4C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f10f06d..2c76b34

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/0f5bd4f..aebf624

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/729a6d1..21baac0

Rolling v8/tools/luci-go: git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323..git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1

Rolling v8/tools/luci-go: git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323..git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1

Rolling v8/tools/luci-go: git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323..git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If41da8684b30379acac77bba4b7a6ac0f8d8a213
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256764Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77637}

Port commit 7a93bd64
Port commit afd15549

Change-Id: I7b5d59d448d210d80ee656d81c8134c780586296
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256981Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77636}

Port commit 7a93bd64

Change-Id: I3d1793154b1d69fcc0dcde7b7d731cbbb326f05d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255208
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Liu yu <liuyu@loongson.cn>
Commit-Queue: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77635}

Port e127f584

Change-Id: Id0eb9205c3e94cb504340110ff6a42bc94a80cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251133
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77634}

Port commit afd15549

Since V8 heap sandbox requires pointer compression, which is not
implemented on mips64 and loong64 ports, so I just fix the build
issue in this CL.

Change-Id: Ie8f9d070c6149d85c2c870e882199ede2ebfe317
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255207
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Liu yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77633}

Drive-by:
* don't create proto handlers for DefineOwnIC and StoreOwnIC,
* make sure that none of the DefineOwnIC and StoreOwnIC handlers are
  leaked into StoreIC's megamorphic stub cache.

Bug: v8:9888, chromium:1259950
Change-Id: I9db538e6ed14bc578aa80df037ffebd9e8c3c649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250641
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77632}

This reverts commit 35a6eeec.

Reason for revert: TSAN failures like https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/39084/overview

Original change's description:
> [off-thread] Allow off-thread top-level IIFE finalization
>
> Allow off-thread finalization for parallel compile tasks (i.e. for top-
> level IIFEs).
>
> This allows us to merge the code paths in BackgroundCompileTask, and
> re-enable the compiler dispatcher tests under the off-thread
> finalization flag. Indeed, we can simplify further and get rid of that
> flag entirely (it has been on-by-default for several releases now).
>
> Change-Id: I54f361997d651667fa813ec09790a6aab4d26774
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226780
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77615}

Change-Id: I6752470eebd594bad92c7cf4e58dbe5bac53598c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255667Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77631}

Port: 89933af6

Bug: v8:11112
Change-Id: I59d5cf363e427e7e5157be8c9eb033a11614fad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251587Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77630}

This reverts commit 4bdc9097.

Reason for revert: So that [1] can revert cleanly, for TSAN
failures like [2].

[1] https://chromium-review.googlesource.com/c/v8/v8/+/3226780
[2] https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/39084/overview

Original change's description:
> [cleanup] Remove RecursivelyExecuteUnoptimizedCompilationJobs
>
> Change-Id: Ibc33de815e869462bd0946b13867cf2667bd1c3b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253353
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77622}

Change-Id: Ic3f0ba99b6227286b2799e9e7b61df8e30b140d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3254180
Owners-Override: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77629}

Port 7a93bd64

Original Commit Message:

    Temporarily behind a new flag: --new-wasm-dynamic-tiering
    The plan is to merge this into the existing --wasm-dynamic-tiering
    flag once it's been confirmed to be generally beneficial.

R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I1ba28b60e628dc2ded33b267be62debcf1b03099
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250936
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77628}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/da01c5e..4f31803

Fix un-initted error in test and fix change the API previously proposed to use std::string instead of raw char* (#1266) (Vy Nguyen)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/4f31803

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I6d993fd5df4c55fc75648776015f0f671bda41c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253925Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77627}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/40d725c..d552bed

Rolling v8/buildtools/linux64: git_revision:79c6c1b1a24c46df5a773cc61604bb5051ca6cf4..git_revision:f847b5744a81d23b96de3f2e56ce0398f550bd0e

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/1876d99..4c6e099

Rolling v8/third_party/aemu-linux-x64: ed-NOx1j5-wX3SbRi_OHyHn-6tFz33VbLDCFga8JWFwC..oGlyr7Yd3bVAIOk9ix9USsqpL5HzLbxt5CyB54MmvJ4C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/819f08f..f10f06d

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b3a1a79..0f5bd4f

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f827083..729a6d1

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I741a993592d2c6d3d68ae201915f1398b1a77fd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253923Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77626}

There is a bit of a contradictory register requirement in the
instruction selector for i64x2.mul. We want dst == lhs (when AVX not
supported), but we also want lhs and rhs to be unique (to ensure that
that they don't alias the temp).

We remove the requirement for dst == lhs, since the code gen can handle
both cases (dst == lhs, dst != lhs), at the expense of 1 movaps.

Bug: chromium:1264462
Change-Id: Ia48572412b1f6e0da3551880d8b68a03f42fe2a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253661
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77625}

Port afd15549

Original Commit Message:

    A CagedPointer is guaranteed to point into the Virtual Memory Cage and
    will for example be used for ArrayBuffer backing stores when the heap
    sandbox is enabled. In the current implementation, CagedPointers are
    stored as offsets from the cage base, shifted to the left. Because the
    cage base address is usually available in a register, accessing a
    CagedPointer is very efficient, requiring only an additional shift and
    add operation.

R=saelo@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I6d5b9da23f35b60dffecb5fc5acb9c7fa362df14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250935Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77624}

Trait requires methods taking `const void*` as they are passed along
as regular TraceCallback.

Bug: v8:12165
Change-Id: Ic5cfb8dba070e5a2c0087069086c925c5318fb8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253354Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77623}

Change-Id: Ibc33de815e869462bd0946b13867cf2667bd1c3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253353
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77622}

Change-Id: I01cfc6ad6fc57ede0f1712f9b60200ee3e9b7f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253347Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77621}

Temporarily behind a new flag: --new-wasm-dynamic-tiering
The plan is to merge this into the existing --wasm-dynamic-tiering
flag once it's been confirmed to be generally beneficial.

Bug: v8:12281
Change-Id: I191d03170f8d5360073a45fea170f432074f7534
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247632Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77620}

The trait is expected to return a nullptr for the base address. This
is required for ephemeron tracing to trigger eagerly tracing a value.

This will be required when Blink uses a type alias to TracedReference.

Bug: v8:12165
Change-Id: Ibe142eaff41616c9de6ae0db9878f8489a5e4142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253345Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77619}

Port the CompilerDispatcher to use the Jobs API, instead of its own
hand-rolled worker management.

This required some re-thinking of how testing is handled, since the
tests want to be able to

  a) Defer calls to PostTask/Job, to actuall post the jobs later. This
     was easy enough with PostTask, since we could simply store the task
     in a list and no-op, but PostJob has to return a JobHandle. The
     tests now have a DelayedJobHandleWrapper, which defers all method
     calls on itself, and because of all the unique_ptrs, there's also
     now a SharedJobHandleWrapper.

  b) Wait until tasks/jobs complete. Returning from a Task meant that
     the task had completed, but this isn't necessarily the case with
     JobTasks; e.g. a job might be asked to yield. This patch hacks
     around this by Posting and Joining a non-owning copy of the
     requested JobTask, and then re-posting it once Join returns.

Change-Id: If867b4122af52758ffabcfb78a6701f0f95d896d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563664
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77618}

The time spent by the parallel scavengers running on the main thread
was being added twice to the SCAVENGER_SCAVENGE_PARALLEL scope.

Change-Id: I358b28cbf56f554d04e3da927182a7c1a7568dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253341
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77617}

This CL fixes an error when generating code for a fast API function
that has no fallback case, but can still fallback to the slow call
due to e.g. argument mismatch in the overloads. It also adds cctest
for overloading between TypedArray and JSArray.

Bug: chromium:1052746
Change-Id: Iee09d942cba85bed84a764bc53e98c3e36312c8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244421
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77616}

Allow off-thread finalization for parallel compile tasks (i.e. for top-
level IIFEs).

This allows us to merge the code paths in BackgroundCompileTask, and
re-enable the compiler dispatcher tests under the off-thread
finalization flag. Indeed, we can simplify further and get rid of that
flag entirely (it has been on-by-default for several releases now).

Change-Id: I54f361997d651667fa813ec09790a6aab4d26774
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226780Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77615}

A CagedPointer is guaranteed to point into the Virtual Memory Cage and
will for example be used for ArrayBuffer backing stores when the heap
sandbox is enabled. In the current implementation, CagedPointers are
stored as offsets from the cage base, shifted to the left. Because the
cage base address is usually available in a register, accessing a
CagedPointer is very efficient, requiring only an additional shift and
add operation.

Bug: chromium:1218005
Change-Id: Ifc8c088e3862400672051a8c52840514dee2911f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123417Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77614}

This is done in a separate runtime function call for now, so that we can
update the limit under the ExecutionAcess lock.

Also set the thread-in-wasm flag before calling the wasm function.

R=ahaas@chromium.org
CC=​fgm@chromium.org

Bug: v8:12191
Change-Id: I914856bc261fa0f75e93620bc6597bd28bec0695
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250902Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77613}