Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9088cd6..f7f53e9

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/9901571..51ffc5e

Rolling v8/third_party/aemu-linux-x64: Ce6sqxwYi8DOFfwlCOP0MURltjjH-QIsgAsJ1p7--KIC..JOROMO2u_x7WbmPlWROhQxdCaIY-Q639bZpu8IWRc30C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/429f4e0..e5067b0

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1c179b5..6500963

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/7dab69f..a736941

Rolling v8/tools/luci-go: git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1..git_revision:d17c642c8c3c6d9e37bd9c25535c4c5b66b99781

Rolling v8/tools/luci-go: git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1..qLMs01I9Ry2iQnzjXEE-TVzz-tLGynUTnCfDp0JgjnAC

Rolling v8/tools/luci-go: git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1..git_revision:d17c642c8c3c6d9e37bd9c25535c4c5b66b99781

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4d277c7cb14ecc226a116d4013840c86f1dec456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264753Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77747}

Bug: v8:12228
Change-Id: I49b2e1a1c837b96ea2e7cb58f42314109845b7fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263766Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Cr-Commit-Position: refs/heads/main@{#77746}

Currently we are calculating the offset manually. This method
uses code patching to re-emit the instruction with correct offset
when the value is available.

Change-Id: Ie68580398df92ed2ab57c3972f408cfde8e60432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264746
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77745}

This CL adds support for handling calls to C functions with arbitrary
signatures on the arm64 simulator. It adds infrastructure for
encoding the signature data from CallDescriptor and FunctionInfo
classes into a compact representation, stored in the simulator and
called EncodedCSignature.

Design doc:
https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit

This CL is a follow up on the native support added in
https://chromium-review.googlesource.com/c/v8/v8/+/3182232
and is partially based on the previous attempt:
https://chromium-review.googlesource.com/c/v8/v8/+/2343072

Bug: chromium:1052746
Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77744}

This is to reduce eng-review bottleneck when new dot files are added
to the top-level directory.

No-Try: true
Bug: chromium:1266833
Change-Id: I62e1155e90f3f07bca15ca0b23d3308904ecaecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264284Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77743}

Bug: chromium:1266833
Change-Id: I3ec80560881c596c41df389c754a5b01f911bb9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260516
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77742}

After the snapshot data ends, interpret the rest as normal JS code.

Bug: v8:11525
Change-Id: I8de4cf4027e582e6b8e330dda7708623373d2675
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263896Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77741}

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I415c4488262a97cf04b71fd8e96071c7bff972cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231337Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77740}

Torque allows a `weak` keyword on class field declarations. This keyword
is confusing, because it means two completely different things:

1. This field should be included in the weak fields section, meaning the
   field's offset should be in the range [kStartOfWeakFieldsOffset,
   kEndOfWeakFieldsOffset).
2. If a BodyDescriptor is generated for this class, then this field
   should be visited using *custom* weakness semantics
   (IterateCustomWeakPointers, not IterateMaybeObjectPointers).

I propose the following updated behavior, which I think is a bit more
reasonable:

1. To request that the generated BodyDescriptor use custom weakness
   semantics, use a new annotation @customWeakMarking.
2. The weak fields section includes all fields that can be a Weak<T>
   type, plus those annotated with @customWeakMarking.

These new rules require reordering fields in two classes which didn't
already have all of their strong fields adjacent.

Bug: v8:7793
Change-Id: Ic9d741986afa7fc1be3de044af5cae11a3c64d8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3261968
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77739}

We use the InvokeParams to pass host-defined options to Invoke.
The script should never access them directly and thus we should clear
out the argv and argc values.

Bug: chromium:1244145
Change-Id: I915186d624f92581af79ca62bcb1613bc4069640
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263891Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77738}

Change-Id: Ie5d8ec9030df9f838522b4531205e71394a988da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263884
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77737}

The old check didn't expect to see an already evacuated object.

Bug: v8:11880
Change-Id: I5a105e3ae8c04df0061e96f0650c5bd3e66264de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264286
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77736}

This is a reland of 92edf9a1

Introduce map handle again to prevent corruption.

Drive-by-fix:
Make some PropertyDetails and Representation methods constexpr.

Original change's description:
> [runtime] Optimise paired instance type checks
>
> Clang doesn't optimise over handle derefs. Change the ValueSerializer
> and the JsonStringifier to use InstanceType directly for checks.
> This CL squeezes another 1.5% of JSON.stringify in local benchmarks.
>
> Drive-by-fix:
> - Avoid a few more derefs in the JsonStringifier
> - Make JsonStringifier::SerializeJSArray a bit more readable
>
> Change-Id: I37626a6d92a8d9275611a4e6d1d908f2e0c6d43b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247637
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77697}

Change-Id: I8915a82aab6dd7966223a4d7a8dd1363258b7c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260512
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77735}

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: I15a5507a7dd0f02a3bbe9d3ce200206adf4d4539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231075
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77734}

The new callback does no longer use ScriptOrModule but rather gets the
host-defined options and the referrer name as separate arguments.

This brings us one step closer to deprecate ScriptOrModule and putting
the host-defined options in the script context.

- Add v8::Data::IsFixedArray and cast helpers
- Deprecate HostImportModuleDynamicallyWithImportAssertionsCallback soon
- Add Script::Run entry point that explicitly takes host-defined
  options (unused yet)

Bug: chromium:1244145
Change-Id: I08bc92cfb3b79d840e766fb71b8d91d301f4399c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263893
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77733}

CodeSpaceMemoryModificationScope should only be used by the main
thread and during a safepoint. This adds a check in
CodeSpaceMemoryModificationScope.

The reason for this is that CodeSpaceMemoryModificationScope is not
thread-safe. It assumes that no other thread is modifying code space
(either by setting memory permission or adding a new page).

This CL also replaces CodeSpaceMemoryModificationScope to
CodePageCollectionMemoryModificationScope in a few occurrences, where
the former is not needed. This should not hurt performance.

Bug: v8:12054
Change-Id: I2675e667782c6ad8410877a4e64374899066bcd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263890
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77732}

Report young generation GC statistics to the Recorder API.
These will be used by Blink to populate UMA histograms.
Existing UMA reporting in V8 remains as is for now and will be removed
in a followup.

This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3247446

Change-Id: I1fed070d4a3996c4d0d8942b455d722afafcc4ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247635
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77731}

We enable struct.new and array.init initializer expressions in the JS
testcase generated by --wasm-fuzzer-gen-test. We needed to make some
changes in the WasmInitExpr class, and to implement a new interface for
the WasmFullDecoder, which constructs a WasmInitExpr.
Changes:
- Make WasmInitExpr a ZoneObject. Use a pointer for its operands_ field.
  This is needed so WasmInitExpr is trivially copiable, and thus usable
  as a Value type in WasmFullDecoder.
- Implement a WasmFullDecoder interface in wasm-fuzzer-common that
  constructs a WasmInitExpr. Use it to decode initializers in the
  module generated by the fuzzer.
- Change AppendInitExpr to take a WasmInitExpr as argument.
- Fix an issue with printing of struct definitions.
- Change initializer expression used for structs to struct.new_with_rtt.
  This is consistent with the currently used structural types.

Bug: v8:11954
Change-Id: I65a87cc98701a54f32500be192b3b6eef2ff6c8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257712Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77730}

This reverts commit 5dd16ca0.

Reason for revert: MSAN complains about an uninitialized value, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/41150/overview

Original change's description:
> Add tests for serialization of v8::CFunction
>
> The tests are modeled after another patch that includes
> v8::CFunctions into Node.js's builtin snapshot.
>
> Refs: https://github.com/nodejs/node/pull/40649
> Change-Id: I5a91682f7944ef06a0d3caf7333b09f974bcd64b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251138
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#77726}

Change-Id: I9ea32a84783c3f555ee40daebf7b7f6c74f75062
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263892
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77729}

We don't do scope analysis when there is a preparse error, so we don't
have a literal that is valid enough to create a SharedFunctionInfo.

Fixed: chromium:1267172
Change-Id: I18437889fb42593622410a44922bd9f0dc995992
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263887
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77728}

Bug: v8:12165
Change-Id: I47b92d71ef76e71b6bfbcc883e70f5b31bceedcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263889Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77727}

The tests are modeled after another patch that includes
v8::CFunctions into Node.js's builtin snapshot.

Refs: https://github.com/nodejs/node/pull/40649
Change-Id: I5a91682f7944ef06a0d3caf7333b09f974bcd64b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251138Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#77726}

Change-Id: I5dbfe8c1e2f8474d4693dc9e9ddd57639c37c6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263885Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77725}

Change-Id: I1d343244f9b4674b830c13a879d90397de4a784a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263886
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77724}

Remove FunctionLiterals and ParseInfo from the LazyCompileDispatcher
API, passing instead the SharedFunctionInfo, a character stream, and
optionally some preparse data.

In the future, this should allow us to pass arbitrary uncompiled
SharedFunctionInfos into the LazyCompileDispatcher.

Change-Id: Iff90408f3b259c7f5df0e74687d052e75959fa48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262131Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77723}

Capture group names were extended in

https://github.com/tc39/ecma262/pull/1869/files
https://github.com/tc39/ecma262/pull/1932/files

RegExpIdentifierName now explicitly enables unicode (+U) for
unicode escape sequences; likewise, surrogate pairs are now allowed
unconditionally.

The implementation simply switches on unicode temporarily while
parsing a capture group name.

Good news everyone, /(?<𝒜>.)/ is now a legal pattern.

Bug: v8:10384
Change-Id: Ida805998eb91ed717b2e05d81d52c1ed61104e3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233234
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77722}

Bug: chromium:1136844
Change-Id: Ie282c94e18bce71e47f69d84c89640d459ea39a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260505
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77721}

Do a full copy of all fields when initialising and copying from the
placeholder SharedFunctionInfo that is used in off-thread function
compilation. This guarantees that all fields are correct both in the
on-thread and off-thread cases.

Change-Id: If1807c6f56fe38fea40ed39596f85634356e2623
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260518Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77720}

Move logic to perform a global safepoint into GlobalSafepointScope
respectively GlobalSafepoint for easier reuse of this functionality in
the future.

Note that full functionality for a global safepoint will be provided
in a subsequent CL.

Bug: v8:11708
Change-Id: I80dd22c36ab01df573623aa36ead9cc373663b9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259531Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77719}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/8aae0a4..329fb06

Fix error with Fix Werror=old-style-cast  (#1272) (Bensuperpc)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/329fb06

Fix error Wshorten-64-to-32 (#1273) (Bensuperpc)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/8826ef7

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I02d2c02eba3ba63364060cc0809ee021fa4b804e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262145Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77718}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/02bef0a..9088cd6

Rolling v8/third_party/aemu-linux-x64: hys6gk1KOHMz9nURGWen255HiLIaVd3e4eZfa-w6l7oC..Ce6sqxwYi8DOFfwlCOP0MURltjjH-QIsgAsJ1p7--KIC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b939095..429f4e0

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/8a0d05d..1c179b5

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/3c149f5..7dab69f

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/b2ffe54..af96b7b

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie305f81bb17aabb539976e30057152e18e1df4c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262141Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77717}

This is a reland of 0446ab7c

Additional fix:
Manually set the host-defined options on deserialised scripts in d8.

Original change's description:
> [d8] Verify host-defined options
>
> d8 never checked what the actual value of the host-defined options are.
> We now properly very that the host-defined options is a specific object
> so we we don't end up accidentally ignoring a wrong options object.
>
> Drive-by-fix:
> - Convert %AbortJS argument to string
>
> Bug: chromium:1244145
> Change-Id: If0ed128d215682bcf066592418420548b06eb6a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259655
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77699}

Bug: chromium:1244145
Change-Id: I8ddfdba27d84c36862323ab9e1aba14b2ff932a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259539
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77716}

The wasm serialization format only contains TurboFan code. All other
functions are only represented by placeholders. With this CL
serialization fails if the serialized module does not contain any
TurboFan functions and would therefore consist only of placeholders.

This is a defense in depth approach, because ideally serialization
only gets triggered when TurboFan code is available. However, in some
scenarios like debugging it can happen that modules without TurboFan
code get serialized.

Bug: v8:12281
Change-Id: Ib05430ff89eb2317da80fc0d086ce1d7ab0e919d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3212510
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77715}

Change-Id: I68935a96ac674965cf12079daa0aae35be042a97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260523
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77714}

Adjust WATCHLISTS to only send out updates to those testfiles as part
of notifying oilpan-reviews+v8@.

Change-Id: Ib877f0353ea2b2d1ac06c93d450145dbeb6fcc66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260517
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77713}

Remove the concept of JobId from LazyCompileDispatcher, and make SFIs
the canonical id for these jobs.

This has several consequences:

  * We no longer split enqueing a job and registering a SFI with that
    job. We did this previously because we could not allocate SFIs in
    the Parser -- now with LocalHeap we can, so we do.
  * We remove the separate Job vector, and make the SFI IdentityMap
    hold pointers to Jobs directly. This requires a small amount of
    extra care to deallocate Jobs when removing them from the map,
    but it means not having to allocate new global handles for jobs.
  * The SFI is passed into the BackgroundCompileTask instead of the
    script, so our task finalization doesn't need the SFI anymore.
  * We no longer need to iterate ParallelTasks after compiling (to
    register SFIs), so we can get rid of ParallelTasks entirely and
    access the dispatcher directly from the parser.

There are a few drive-bys since we're touching this code:

  * Jobs are move to have a "state" variable rather than a collection
    of bools, for stricter DCHECKing.
  * There's no longer a set of "currently running" jobs, since this
    was only used to check if a job is running, we can instead inspect
    the job's state directly.
  * s/LazyCompilerDispatcher/LazyCompileDispatcher/g

Change-Id: I85e4bd6db108f5e8e7fe2e919c548ce45796dd50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259647
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77712}

R=hablich@chromium.org, vahl@chromium.org

Change-Id: I33783822bf8131910ff9840a58b07da5086a92d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260521Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77711}

LayoutDescriptor has been removed some time ago.

Change-Id: I8aa16fcd82be098c9bfd439decef8147514587d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260515
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77710}

Add CHECK ensuring that the young generation is indeed empty for
pointers updating. This is necessary as otherwise iterating an
object may race with updating a slot in a Map for WasmStruct.

Bug: v8:12185
Change-Id: Id590cf267fedf95d97df2464a638352696ad53db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260514Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77709}

This reverts commit f9ebad01.

Reason for revert: suspected root cause of crbug.com/1257806 Additionally, this patch might actually be incorrect as we eagerly evaluate native accessors, which can only happen if the debugger is running.

Original change's description:
> [inspector] Use side-effect free debug evaluate for inherited accessors.
>
> Replace the hard-coded blocklist ("Response.body" and "Request.body") in
> the V8 inspector with proper side-effect free debug evaluate. This is
> otherwise a non-functional change and in particular preserves the
> behavior of reporting accessors as (own) data properties. That will be
> tackled in a follow-up CL.
>
> This CL is possible because with https://crrev.com/c/3056879 Blink now
> properly marks accessors as side-effect free consistently with what the
> V8 inspector had done before.
>
> Doc: http://doc/1gLyyOlssS5zyCSEyybVC-5sp0UnNJj2hBoFyf6ryrTc
> Bug: chromium:829571, chromium:1076820, chromium:1119900
> Change-Id: Idb256accaf4cfb5db5982b3eb06ddcef588be635
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062573
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
> Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76019}

Bug: chromium:829571, chromium:1076820, chromium:1119900, chromium:1257806
Fixed: chromium:1265372
Change-Id: Ia31a3022aaa9ddeae1f01eaa90e345f8bdbb21c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259653
Commit-Queue: Tim van der Lippe <tvanderlippe@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77708}