These are no longer tied to instruction-selector, so move them out into
their own unittests. We can then remove the *ForTesting methods.

Bug: v8:10696
Change-Id: I387cf38290d9602b011ee1d13ee5285ac660f208
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326951Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69149}

This is a spec bug in V8. Only call expressions literally of the form
'eval(...)' are considered direct.

Bug: v8:10688
Change-Id: Ia5ac9992db82cad0ad6870119bd94a0b4daee417
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327752Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69148}

This reverts commit 5ee39a50.

Reason for revert: To trigger builders again

Original change's description:
> Whitespace to trigger builders
> 
> TBR: clemensb@chromium.org
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Change-Id: Id8dba0dad4b7bfd68ed7c0300ddfeac2b9c349b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330012
> Reviewed-by: Liviu Rau <liviurau@chromium.org>
> Commit-Queue: Liviu Rau <liviurau@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69146}

TBR=clemensb@chromium.org,liviurau@chromium.org

Change-Id: Iff68a4ab57a30bdc594a49f3ff0cff43740b6634
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330015Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69147}

TBR: clemensb@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: Id8dba0dad4b7bfd68ed7c0300ddfeac2b9c349b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330012Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69146}

Bug: v8:9891
Change-Id: Ief289a9990ac545aa479f564094e3bbde4144aae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2293709
Commit-Queue: Gus Caplan <snek@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69145}

... by ensuring that the V8 platform is initialized before the
AccountingAllocator used in the tests.

Bug: v8:9923
Change-Id: I2d75b7c26dab55b9258c1be800a37a6f777f1103
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2328791Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69144}

This is to group them up and not have classes and methods intertwined.

Change-Id: I8147f06f060932f7b70e478324ce5868d0ffd5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2328786Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69143}

Bug: chromium:1108537
Change-Id: I82a64d57432b7e0854a3787f309c85477d37f701
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327910Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69142}

Adds unittests that test the fast register allocator correctly deals
with spills of Phi's between their definition and a predecessor block's
gap move to populate the Phi.

BUG=v8:9684

Change-Id: I17263058d5ac29088895ad3de7b3131315ec8fae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299371
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69141}

Due to dynamic map checks we generate different code and the pattern
fails. As a note, the other tests have already been disabled for
TurboProp.

Bug: v8:9684, v8:9820
Change-Id: Ib8be11ae10bc801116d6a17d1c6b08d8026287b3
Fixes: v8:9820
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2328784
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69140}

Adds support for Phis to be allocated to the fast register
allocator. Registers used for Phis are marked specially between
the point where the Phi is defined, and the gap-move's in the
predecessor blocks which populate the Phi value, since if the
Phi is spilled then all predecessor blocks must also spill the
Phi even if they were already allocated.

BUG=v8:9684

Change-Id: Iebe90495b83df655d3335a7d55874123f3b27f8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299366
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69139}

PersistentHandlesScope works similar to the DeferredHandleScope, but
returns PersistentHandles instead of DeferredHandles on Detach().

Since PersistentHandlesScope takes over filled blocks from the
main thread local handle, remove the block_size_ field and use
kHandleBlockSize instead. This way all blocks have exactly the same size.

Bug: v8:10315
Change-Id: I295cad6f84852f87c55d95572905069443f5698c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324254
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69138}

The DecompressionOptimizationPhase performs MachineRepresentation
changes in the nodes, which causes the node's instruction selection
to avoid decompression.

It is safe to run after we already have a schedule since it does not
drop any nodes.

Bug: v8:9684, v8:7703
Change-Id: I636ae80fa82d0c78878756e9f39e7a14c02803b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324252
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69137}

Bug: v8:10477
Change-Id: I0ce6cd46d3886a37e96bdd62df263addc5b9631f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327186Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69136}

lvx and stvx require 16-byte aligned addresses.
This CL enables loading and storing to addresses which are not
16-byte aligned.

Change-Id: I5635e857a979520822c8b30bb5477a159e97e6e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327648Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69135}

This reverts commit 76b53b66.

Reason for revert: Can't be used easily in embedder (Chromium).

Original change's description:
> [api] Add a SharedArrayBuffersEnabled callback.
> 
> - Adds a SharedArrayBuffersEnabled callback and uses it to
>   enable/disable SABs per context. The feature flag is used
>   if no callback is registered.
> 
> Bug: chromium:923807
> Change-Id: I4d3472fcd79b158cb50dc98793aece6dbbb81d93
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316901
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69057}

TBR=bbudge@chromium.org,adamk@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:923807
Change-Id: I6e3ddfa9cd64ba3106b4a75ea7a5185f873facc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326952Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69134}

Although the code generator already combines return instructions late
in the pipeline into a common site, there were still superfluous jumps
to that common site left in the code.

Change-Id: I06c885fb0ab6a2c078f9dabdc6616c6881f42c75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284984
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69133}

This prints a message whenever we discard compiled metadata of an SFI.
The message identifies the SFI. I've found this helpful when debugging.

Change-Id: Ib34266199ade2ef88a6bafe32295ab505ce7c899
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324260Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69132}

Temporarily disable cctest DisasmPoisonMonomorphicLoadFloat64.

Bug: v8:9820
Change-Id: I3208a7f85aa7ab2c09602107b2f0954f02b15a45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326332Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69131}

I noticed that, with pointer-compression enabled, in map checks we no
longer load the map as part of the cmp instruction:

movl rcx,[rdx-0x1]
movl rdi,0x8286f8d  ;; (compressed) object: <Map(HOLEY_ELEMENTS)>
cmpl rdi,rcx

This CL restores that:

movl rcx,0x82c6f8d  ;; (compressed) object: <Map(HOLEY_ELEMENTS)>
cmpl [rdx-0x1],rcx

Change-Id: Ifcc7f34fddf6aa423c0a26066ac124e9757cb9ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320653Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69130}

The bug was that the allocation of the result array (before the loop)
was using the outer frame state, thus returning the allocation's result
(an array full of holes) as the return value of the map operation in
case the allocation triggers a lazy deopt.

Bug: chromium:1104514
Change-Id: I9a6db8a5860472e1b438b6b54414938d61e166c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324249Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69129}

Bug: v8:10582, v8:9684
Change-Id: Ib29e9b56d4c722cb572e86def7eeb3f588dc9c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316079Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69128}

Since we now add the additional required capacity when assessing
StringTable shrinking during LookupKey-caused string insertion, we no
longer have to add a slack capacity. This more closely matches previous
behaviour, which didn't consider the additional required capacity but
did add slack (which, because of rounding to the next power of two,
amounts to the same thing).

Bug: chromium:1108258
Change-Id: I81f513fdc800a2caab76e030c0c5e767cd1360d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324253
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69127}

If we don't have slack and we want to add an element to the
TransitionArray, we would create a new TransitionArray. The background
hread, however, can be holding a pointer to the old transitions. This
test tests that this is safe to do, i.e the background thread reading
the old TransitionArray.

To make sure that we are testing that, we can add more synchronization
via an extra semaphore.

Bug: v8:7790
Change-Id: Ie454d79282ac267d3527269e8490baced979aa45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323351Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69126}

This CL aims to clean dead code across the app
and use private class fields for storing private
information.

Bug: v8:10644, v8:10735

Change-Id: I1129104925f230bed922cc76abdb432d536d2111
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323352Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#69125}

This is the first step towards implementing a tier-up mechanism from
NCI code to TF. We will follow the existing Ignition-to-Turbofan
mechanics, which are, roughly:

1. Track a bytecode interrupt budget.
2. When exhausted, call the runtime profiler, which increments
   profiler ticks for the top frame's function.
3. When a function should tier up, it is marked as such using the
   FeedbackVector::optimized_code_weak_or_smi slot / the
   OptimizationMarker mechanism.
4. The InterpreterEntryTrampoline checks this slot and calls into
   runtime to compile if needed.
5. The finished code is also placed into this slot, as well as
   installed on the JSFunction.
6. Again, the IET checks the slot and tail-calls the code object if it
   exists.

This CL implements step 1 for NCI code by inserting the new simplified
UpdateInterruptBudget operator at the same spots (and using the same
offsets) as Ignition. When the budget is exhausted, we call a runtime
function that currently does nothing and will be implemented in the
next CL.

Bug: v8:8888
Change-Id: I98c0f8d96f32d515218dc2a76f961d44fe281c86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312778
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69124}

The CL add two files:
1) copy.bara.sky - source file for copybara that needs to migrate cppgc
from v8 repo to GitHub;
2) export_to_github.sh - top level bash script that runs copybara and
generates CMake files if needed.

Bug: v8:10724
Change-Id: I6a5f0ed1d007533914d578203a37fab2c3e9774a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320651Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69123}

Change-Id: I41be2c5b0867739dbbe3667144bf6b479c609e53
Bug: chromium:1107221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2322628
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69122}

Zap freed local and persistent handles similar to main thread handles.
As a drive-by change, fix the creation of local handles without
LocalHandleScope.

Bug: v8:10315
Change-Id: Ia71bc5419c62ae073928751f57fc221ea11de254
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323362
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69121}

Drive-by:
 * Updated nullptr to using base::Optional.
 * Remove ParameterMode use in CloneFixedArray.

Bug: v8:9708, v8:6949
Change-Id: I0a98ded0a5d25df078cccbba1385d177652d1cf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324242Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69120}

Remove from:
    * FillPropertyArrayWithUndefined
    * CopyPropertyArrayValues

Bug: v8:9708, v8:6949
Change-Id: I536df1dbcff9b29746ab561d2fd563e16ef9be76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324241Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69119}

Bug: v8:10724
Change-Id: I3f8c316818d4ec048143dc731b11808652612925
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324248Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69118}

Port 1250fd59
https://crrev.com/c/2307240

Original Commit Message:

  This generic wrapper builtin is currently used only when the wasm
  function has no parameters and no return value.

  Added a new V8 flag to use this generic wrapper.

  Also added a JS test function for this generic wrapper.

Change-Id: I2c515e095730ba3880b639bdd85504e644b64e53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2325258Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#69117}

This will allow inlining of this function.

Bug: v8:10315
Change-Id: I6b9db641b00e215cf58b82a9a9a5cf9e676f3f02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323354
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69116}

This cl also
1. Fixes a bug in effect-control-linearizer where we should have
converted fixed array length from Smi to integer
2. Also prints deopt location for the new "bailout" deopt type on
--trace-deopt.

Bug: v8:10582, v8:9684
Change-Id: Iafc5e8abbca5252a8783a5a1184a1667a7f708a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297460
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69115}

LocalHeap should only be used on the heap it was created on.

Bug: v8:10315
Change-Id: Ia06f0169d39b4148b356568795f4e316361a1e9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323358Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69114}

R=clemensb@chromium.org

Change-Id: I3cedc8d27c9a597cd2e6013d3be479db513a0a3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323356
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69113}

1. Adds a flag to specify if minimorphic accesses should be optimized
using dynamic map checks operators. This flag is disabled by default.
2. Builds the PropertyAccessInfo from handlers instead of reading it
from maps for minimorphic accesses
3. Uses DynamicMapChecks operator to lower the minimorphic accesses.

Bug: v8:10582, v8:9684
Change-Id: I0b7b26b876f9ad12d6fc38788137b66ee6455aeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241524Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69112}

Setup the function table exactly like the module's function table, so
that we can share most of the call generation logic.

R=clemensb@chromium.org

Bug: v8:10751
Change-Id: Ie74150af8cf79d00adcc59d6880d2ed3e7cf78f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323353
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69111}

Currently WebAssembly always goes through the ArgumentsAdaptorTrampoline
builtin for wasm-to-js calls as soon as there's a mismatch between the
actual number of arguments and the expected number of arguments.

This can be made faster in cases where:
1. the callee has "don't adapt arguments" set, which is often the case
for builtins, or
2. the callee has "skip adapt arguments" set, which is often the case
for strict mode functions.

TurboFan already supports this for JS calls:
https://chromium-review.googlesource.com/c/1482735;
explainer document:
http://bit.ly/v8-faster-calls-with-arguments-mismatch.

Even though it is probably not as common to have arity mismatches in
Wasm->JS calls as it is in JS->JS calls, this still seems a worthwhile
optimization to do.

This CL ports the TurboFan fix to WebAssembly. In particular, the CL
introduces a new WasmImportCallKind (kJSFunctionArityMismatchSkipAdaptor)
for the case where the call to  Builtins_ArgumentsAdaptorTrampoline
can be skipped, and modifies WasmImportWrapperCache::CacheKey to also
consider the arity of the imported JS function.

A micro-benchmark for this change can be found here:
- https://gist.github.com/paolosevMSFT/72c67591170d6163f67c9b03a7e12525#file-adapter-cc
- https://gist.github.com/paolosevMSFT/72c67591170d6163f67c9b03a7e12525#file-adapter_test-js

With this benchmark, we can save a 40% overhead of
Builtins_ArgumentsAdaptorTrampoline for calls that pass too many
arguments, while the savings for calls that pass too few arguments are
less impressive:

                            Before     After
callProperApplication:      563 ms     566 ms
callOverApplication1:       972 ms     562 ms
callOverApplication2:       962 ms     562 ms
callUnderApplication:       949 ms     890 ms


Bug: v8:8909
Change-Id: Id51764e7c422d00ecc4a48704323e11bdca9377f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317061
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69110}