We can't properly guarantee that the interrupt is served from inside
the irregexp engine (it could happen before or after). Without that
guarantee, the test is prone to flaking. It's not very useful in
general, since it essentially only tests that the
CHECK(!regexp_stack_->is_in_use()) in regexp-stack.cc exists.

The real fix is to support reentrancy.

Bug: v8:11435,v8:11382
Change-Id: I0a8c3313dd9285ac0c84fef867196dede4785ebb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752159
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73362}

This reverts commit 812eb264.

Reason for revert: clusterfuzz crashes

Original change's description:
> [compiler] Cache StateValue processing in InstructionSelector.
>
> Processing StateValues into operands is one of the most costly
> parts of instruction selection. As it happens, StateValues are
> shared by many nodes, and so we are unecessarily reprocessing
> the same StateValues multiple times. This CL introduces caching
> for the processed StateValues enabling very fast emitting of
> operands for subsiquent instructions with the same StateValue.
> The hitrate for the cache is higher than 90% on most optimizations.
>
> BUG=v8:9684
>
> Change-Id: I45db86dcbf22ab972b892f11c608b825aeb3ecf3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749634
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73342}

Bug: v8:9684
Change-Id: I7d8121f91a0a7ed764add64f12f3954635921cfa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2756208
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73361}

This improves performance a little for especially small parsed
objects, e.g., parsing json-parse-financial data in kraken 100.000
times goes from 3.25 s to 3.1 or below.

Change-Id: Ic9b668b44fc766da9d8ad03f51924f7dd8b5cc7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752881Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73360}

This is a reland of 19b62d0b

Fixing the misalignment issue founded in usban build by doing four-byte
comparison: compressing the "expected" values such as script.name() and
passing them to CheckProp as type Tagged_t

Original change's description:
> [v8windbg] Add more items in the Locals pane
>
> Add more items in the Locals pane representing the JS function name,
> source file name, and character offset within the source file, so
> that the user doesn’t need to dig through the shared_function_info to
> find them.
>
> Change-Id: I5d42b3c9542885a72e81613503d1d5abf51870b5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712310
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#73282}

Change-Id: Idd77f61905651fbcfae5f5b590094639bc205834
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744959Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#73359}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/cb067b2..7633fcf

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/368c7dd..7242196

Rolling v8/third_party/aemu-linux-x64: ee1oRcPCyneRYNLsuBvxMYnBajvkvvdJY5BYvoaX0vUC..xkJqHNeFPOJ9cNmeaij9qrxQTAP8oRjXHcuTdg2nny8C

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/c2c576e..e8b56fb

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/348acca..0949050

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e65f1a7..e645571

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I18a2f9da689173e7ea3a79cc32634606543d2cf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752899Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73358}

Port 3f9ff062

Original Commit Message:

    This is a reland of 80f5dfda. A condition
    in pipeline.cc was inverted, which lead to a CSA verifier error.

    Original change's description:
    > [no-wasm] Exclude src/wasm from compilation
    >
    > This is the biggest chunk, including
    > - all of src/wasm,
    > - torque file for wasm objects,
    > - torque file for wasm builtins,
    > - wasm builtins,
    > - wasm runtime functions,
    > - int64 lowering,
    > - simd scala lowering,
    > - WasmGraphBuilder (TF graph construction for wasm),
    > - wasm frame types,
    > - wasm interrupts,
    > - the JSWasmCall opcode,
    > - wasm backing store allocation.
    >
    > Those components are all recursively entangled, so I found no way to
    > split this change up further.
    >
    > Some includes that were recursively included by wasm headers needed to
    > be added explicitly now.
    >
    > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc
    > because it only tests wasm backing stores. This file is excluded from
    > no-wasm builds then.
    >
    > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org
    >
    > Bug: v8:11238
    > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b
    > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955
    > Commit-Queue: Clemens Backes <clemensb@chromium.org>
    > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
    > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
    > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
    > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
    > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#73344}

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I006f32407aea051c960f32942f9353f415547116
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2753143Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73357}

Removes

--harmony-string-replaceall (shipped since 8.5)
--harmony-logical-assignment (shipped since 8.5)
--harmony-atomics-waitasync (shipped since 8.7)

Bug: v8:9801,v8:10372,v8:10239
Change-Id: Ifb8db93948a067e75da5e581603acb916b91342a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2747201
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73356}

Otherwise SMC perturbs the icache too much it seems.

Change-Id: Iceea779a7e3deee90efe29df568732d6ac5bcffa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2753768
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73355}

LVX simulation is also added in this CL.

Change-Id: I9c827d979cdcd86216f0b089e3819d65d6fc45c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2753767Reviewed-by: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73354}

Add the object start bit when adding an entry to the free list.
Introduce a GC at the end of the tests to make sure that the object
start bitmap verification catches such issues.

Bug: chromium:1056170
Change-Id: Id8ca257ce054fc3fb199955cf1c4f38004033747
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752870Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73353}

While working on the Torque compiler, I've sometimes found it difficult
to understand Torque's intermediate representation and how it
corresponds to the output. In this change, I propose adding a build flag
that instructs Torque to emit comments describing its IR, interspersed
in the generated code. This is particularly useful for seeing the stack
management instructions (Peek, Poke, and DeleteRange) which don't emit
any corresponding C++ code.

Bug: v8:7793
Change-Id: I24bdec47da76c9bd751b928d3cd92aa513dc6593
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748040Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#73352}

Change-Id: I15956f50e6c02d7c26d2810a3217d2d22eb71f5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752871Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#73351}

Change-Id: Ib60115cd06fe45d41490ff9bd69d23ab49ac6874
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2753126Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73350}

.. to reduce memory overhead. Zones allocate a minimum segment size of
8KB, and the uses in runtime-regexp.cc are expected to need << that.

Two uses were replaced by SmallVectors:

* CompiledReplacement, parses string replacement patterns for
  optimized repeated use.
* Intermediate data structures in RegExpReplace.

Bug: v8:11540
Change-Id: I3fb2d047f1bfadc9b85132f731b294bd8aa72368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752873
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73349}

This is a reland of 80f5dfda. A condition
in pipeline.cc was inverted, which lead to a CSA verifier error.

Original change's description:
> [no-wasm] Exclude src/wasm from compilation
>
> This is the biggest chunk, including
> - all of src/wasm,
> - torque file for wasm objects,
> - torque file for wasm builtins,
> - wasm builtins,
> - wasm runtime functions,
> - int64 lowering,
> - simd scala lowering,
> - WasmGraphBuilder (TF graph construction for wasm),
> - wasm frame types,
> - wasm interrupts,
> - the JSWasmCall opcode,
> - wasm backing store allocation.
>
> Those components are all recursively entangled, so I found no way to
> split this change up further.
>
> Some includes that were recursively included by wasm headers needed to
> be added explicitly now.
>
> backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc
> because it only tests wasm backing stores. This file is excluded from
> no-wasm builds then.
>
> R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org
>
> Bug: v8:11238
> Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b
> Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73344}

TBR=jgruber@chromium.org

Bug: v8:11238
Change-Id: I20bd2847a59c68738b5a336cd42582b7b1499585
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Cq-Include-Trybots: luci.v8.try:v8_linux_verify_csa_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_verify_csa_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752867Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73348}

I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/SO8zL3dvKsI/m/wMg-UGOUAgAJ

Bug: v8:11374
Change-Id: If25136f457ba15b7647b383d1e057e5ee4e8266f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745143Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73347}

This reverts commit 80f5dfda.

Reason for revert: Fails CSA verification: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/21766/overview

Original change's description:
> [no-wasm] Exclude src/wasm from compilation
>
> This is the biggest chunk, including
> - all of src/wasm,
> - torque file for wasm objects,
> - torque file for wasm builtins,
> - wasm builtins,
> - wasm runtime functions,
> - int64 lowering,
> - simd scala lowering,
> - WasmGraphBuilder (TF graph construction for wasm),
> - wasm frame types,
> - wasm interrupts,
> - the JSWasmCall opcode,
> - wasm backing store allocation.
>
> Those components are all recursively entangled, so I found no way to
> split this change up further.
>
> Some includes that were recursively included by wasm headers needed to
> be added explicitly now.
>
> backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc
> because it only tests wasm backing stores. This file is excluded from
> no-wasm builds then.
>
> R=​jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org
>
> Bug: v8:11238
> Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b
> Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73344}

Bug: v8:11238
Change-Id: I93672002c1faa36bb0bb5b4a9cc2032ee2ccd814
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752866
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73346}

This will make it easier to generate builtin calls that require the
context to be passed in that register, because this can be represented
as a {LiftoffRegister} then.

R=thibaudm@chromium.org

Bug: v8:11453
Change-Id: I00995203cc936f23d1c01fdbf8f13eb929f228ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752151Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73345}

This is the biggest chunk, including
- all of src/wasm,
- torque file for wasm objects,
- torque file for wasm builtins,
- wasm builtins,
- wasm runtime functions,
- int64 lowering,
- simd scala lowering,
- WasmGraphBuilder (TF graph construction for wasm),
- wasm frame types,
- wasm interrupts,
- the JSWasmCall opcode,
- wasm backing store allocation.

Those components are all recursively entangled, so I found no way to
split this change up further.

Some includes that were recursively included by wasm headers needed to
be added explicitly now.

backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc
because it only tests wasm backing stores. This file is excluded from
no-wasm builds then.

R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org

Bug: v8:11238
Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73344}

Bug: v8:7790
Change-Id: I6f322591e68f922b1441a10528da7bba77d4f922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739639Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73343}

Processing StateValues into operands is one of the most costly
parts of instruction selection. As it happens, StateValues are
shared by many nodes, and so we are unecessarily reprocessing
the same StateValues multiple times. This CL introduces caching
for the processed StateValues enabling very fast emitting of
operands for subsiquent instructions with the same StateValue.
The hitrate for the cache is higher than 90% on most optimizations.

BUG=v8:9684

Change-Id: I45db86dcbf22ab972b892f11c608b825aeb3ecf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749634Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73342}

Liftoff defines many signatures of fixed size. This is currently done by
defining a fixed-size array on the stack, and then using this in the
signature definition. This is cumbersome and hard to read, since the
array contains return types and parameter types, and only the signature
definition separates the two. But also the order of those two sizes in
the signature is non-obvious and easy to get wrong.

This CL introduces a helper to define fixed-size signatures in a
"builder style", i.e. parameters and return types can be added
separately. The fixed-size array will be contained in the returned
class, so it will still be stack-allocated like before. The copies to
iteratively build up this array should be completely eliminated by the
compiler, so the binary code should look exactly the same.

R=ahaas@chromium.org

Bug: v8:11384
Change-Id: I167830d6c3429f535b7d1241920730498a9bb4c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2747505
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73341}

CsaLoadElimination failed to account for truncation when optimizing
loads. This CL extends the notion of compatible Loads and Stores to
include ({store}, {load}) pairs which both have integral representation
and {store}'s representation is no smaller than {load}'s. In case the
representations are not identical, it truncates and possibly
sign-extends {store} before forwarding it to {load}.

Additional change: Extend ObjectMayAlias with wasm allocating builtin
calls.

Bug: v8:11504
Change-Id: I43f89a13793b54477a33be18aaf346462aefa8e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739975Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73340}

Adds GCInfo folding that delegates GCInfo requests to the
parent-most object if finalizer semantics match.

Folding is disabled for builds that want exact object names
as those names are also managed through GCInfo objects.

Bug: chromium:1056170
Change-Id: I783aad930587853741da533d0b9b56ba160d0596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748588
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73339}

The definition of {wasm::WasmCode} will not be available in no-wasm
builds, hence avoid any accesses to WasmCode for logging.

Drive-by: Inline enumeration of wasm modules for logging of existing
code, to avoid another #if.

R=petermarshall@chromium.org, jgruber@chromium.org

Bug: v8:11238
Change-Id: I3b78cf90f9ad155b5bea64e0941531aed2d4291a
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739978Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73338}

In https://chromium-review.googlesource.com/c/v8/v8/+/1866771 we added
a static regexp stack area to ensure a stack always exists. We
apparently forgot to update EnsureCapacity s.t. we skip
dynamically-allocating a stack when the static stack suffices.

Found by lizeb@, thanks!

Bug: v8:11540
Change-Id: Ie63b0b5e5959fbf0768cc3597f63943b1775fbf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749015
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73337}

Resize() is not similar to realloc() in that it allocates a new object
when passed a nullptr object.

Avoid corner cases around Resize(nullptr, size) where size may be
problematic if non-null by just requiring a valid object. The caller
can perform the necesary nullptr check.

Bug: chromium:1056170
Change-Id: Ic05972ae67c2968fc3eb002a6302b44e56b41ab4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752147Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73336}

Bug: v8:11524
Change-Id: I009e050baa1e08a520c00bb88b61cffd3f1c2acc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742476Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73335}

For use at locations where we know, that no GC can happen.
This avoids unnecessary handlifying of objects.

Bug: v8:11420
Change-Id: Ic549c56c4366060a6da3a3772dbd0aae23151eab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735394Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73334}

Splitting a range at an instruction position can lead to incorrect code
generation. See the attached bug for a concrete example of that, in
particular comment 6.

The issue is when we add a gap move to connect the split ranges during
the ConnectLiveRanges phase. If the split position is a gap position,
the move coincides with the start of the range. But if the split
position is an instruction position, the move is inserted in the last
gap position, which is outside of the range. This violates assumptions
made during the main register allocation phase and can invalidate the
use of that register in a different range.

The fix proposed here works by moving the split position backwards to
the previous gap position. This ensures that the connecting gap move is
always at the start of the range that it defines.

R=sigurds@chromium.org

Bug: chromium:1182985
Change-Id: Ic4a9f56d5551f01cc91bece087d5ab3afd9b04fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735396Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73333}

Previously `setBreakpointByUrl` and friends would only filter based on
line number to find matching scripts. But that didn't work when there
were multiple scripts in the same line (i.e. minified HTML), and we'd
end up setting multiple breakpoints in different inline scripts, looking
for the next possible break location in each of them individually.

Fixed: chromium:1183664
Also-By: pfaffe@chromium.org, kimanh@chromium.org
Change-Id: I957811d30aa71609a38da75f33a24c0f720116f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749155
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73332}

... instead of Code. This is useful because usually the callers are
interested in having just a builtin ID but not the Code object.

This CL also makes Builtins::kNoBuiltinId a part of the Builtins::Name
enum.

Bug: v8:11527
Change-Id: I501e3e52dccc73cc7800f271939e0bf9fd00a975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749635Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73331}

OptimizedFrame::Summarize is used by debugger features etc
to inspect the frame of an optimized function (and the virtual frames
of functions that got inlined). It could end up materializing a JSArray
with the same backing store as one that would later get left-trimmed,
resulting in a dangling elements pointer. This CL fixes that by creating
a fresh copy of the elements store instead.

Bug: chromium:1182647
Change-Id: Iaf329464520a927b0ba33166cad2524d3752c450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748593Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73330}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/389d3f3..cb067b2

Rolling v8/third_party/aemu-linux-x64: oXIWsntGxFugYHN4Qb0Ve-IRPq4Rq1FxFYNiuEKnP0kC..ee1oRcPCyneRYNLsuBvxMYnBajvkvvdJY5BYvoaX0vUC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4f82770..7a3a736

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/57af8c3..c2c576e

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/fc54e6b..e65f1a7

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I921f4b3aa14f88bae4a1a96a58c40db7796d1ae6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2751388Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73329}

Change-Id: Iaf00bdfba9d42d1e472e048bffee2cde628d164a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749576Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73328}

Change-Id: I953d1f9e1789cb6f754b1206edcac752e4f22801
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749575Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73327}

Change-Id: I86fbdc9ca2c1bf66092e52bc85a5b9dfbc696bfb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749574Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73326}

Robustify %CompileBaseline against fuzzing, and allowlist it in the
fuzzer.

Bug: v8:11420
Change-Id: I44947014c8c9362d80ea98636dbbaa5d07d6a177
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739643
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73325}

This will make it easier to generate builtin calls that require the
context to be passed in that register, because this can be represented
as a {LiftoffRegister} then.

Drive-by: Fix a typo (x8 -> x28).

R=thibaudm@chromium.org

Bug: v8:11453
Change-Id: I7dcf7a0390dbde9713334d3da28ce6d79413a9f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748585Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73324}

Building arm64 binaries on arm64 hosts works as long as you set
the correct options in args.gn. This patch teaches gm.py to do
that.
Building 32-bit arm binaries on arm64 hosts requires an extra
definition in snapshot_toolchain.gni (as well as some system
setup to support running 32-bit binaries).

Change-Id: I66c1f8f51932e2f5425033ef09181c31ea5d633e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743889
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73323}