This introduces a new flag, --experimental-wasm-unsafe-nn-locals, which
allows arbitrary unvalidated local.get operations on non-nullable
locals.
For invalid accesses, this will crash. The intention is to allow module
producers to experiment; if they find these locals particularly useful,
we will add engine-side validation later.

Bug: v8:7748
Change-Id: I9a05747eaff312448ce0acf57a412e76679ff061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3110192
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76489}

This reverts commit 40af03b8.

Reason for revert: Breaks on win https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20debug/39151/overview

Original change's description:
> [codegen] Align the code start at 64 byte in x64
>
> In order to make loop header aligned at 64 byte (relative to memory address), code start should also be aligned at 64 byte.
>
> Bug: chromium:1231471
> Change-Id: I95390babd9cc78492e0beb0f1b03901eb481d5d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094167
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
> Cr-Commit-Position: refs/heads/main@{#76484}

Bug: chromium:1231471
Change-Id: I93ad896d40e8bb906a05eab8e03980ce2061b9c0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118005
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76488}

Bug: v8:11947
Change-Id: I89d97feba5e13577a768675122173b65af207dcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060479
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76487}

In a follow-up CL, the backing stores will, when the sandbox is enabled,
be referenced from V8 objects through offsets rather than raw pointers.
For that to work, all backing stores must be located inside the virtual
memory cage. This CL prepares for that.

Bug: chromium:1218005
Change-Id: Ibb989626ed7094bd4f02ca15464539f4e2bda90f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114136
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76486}

Make the GetDispatchCountersObject function return an internal Handle
rather than an API Local. Also, port its implementation to use internal
methods rather than API methods.

Change-Id: I191e0483263009c835c801462822e4fc7e78680e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3110198
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76485}

In order to make loop header aligned at 64 byte (relative to memory address), code start should also be aligned at 64 byte.

Bug: chromium:1231471
Change-Id: I95390babd9cc78492e0beb0f1b03901eb481d5d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094167Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#76484}

stress-concurrent-inlining has a negative implication for
lazy-feedback-allocation. So add lazy-feedback-allocation as
incompatible flag with stress-concurrent-inlining.

Bug: v8:12088, v8:11947
Change-Id: Ia8ff66c595f6c6288b44f7a066729ace0d7ad9d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113630
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76483}

This reverts commit 5a6c7dee.

Reason for revert: Speculative: Lots of Chrome crashes:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/13353/overview

Original change's description:
> cppgc: Fix CTP for destruction
>
> This avoids a benign race in setting the raw pointer inside CTP
> destructor by not emitting the write at all. The handle is destructed
> which means that we only need to destroy any backing node but may
> leave the handle untouched.
>
> Drive-by:
> - Add a few more docs.
> - Make Clear() thread-safe.
> - Make assignment of a sentinel pointer thread-safe.
> - Make assignment of a nullptr thread-safe.
>
> Bug: chromium:1242795
> Change-Id: I0d9dafa31c298053e87ba1eb75f99fa6e33fa10b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114134
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76455}

Bug: chromium:1242795
Change-Id: Ia96d66f4908894091a4e498116d9568bd7b0e0a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114058
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76482}

The v8::internal::IsolateData class in test/inspector/isolate-data.h
collides with v8::internal::IsolateData defined in
src/execution/isolate-data.h. In some circumstances, this can lead to
compilation or runtime issues. To fix that, this CL renames the class in
test/inspector to InspectorIsolateData.

Change-Id: I4b62b2a9d141169480c5a0591c1bcb2f275f87f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116248Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76481}

Until setup and general API direction are clear no C++ types should be
GCed.

Bug: chromium:1056170
Change-Id: I9d51e57065b22f025898114d20887166ef756319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116256Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76480}

Bug: chromium:1235909
Change-Id: I1eb320bafb276ff093a4f0d6b184fe77607c4678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116887
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76479}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/e7fa637..2b09332

replace #warning with #pragma message  (#1216) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/2b09332

force cmake version to 3.5.1 (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/04c4666

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I2ce53b2f649834f75b079de206a990117b43cebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3117090Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76478}

Change-Id: Idcb4f6263ff20866c166e44c33de1a37c4b6b896
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3115743
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76477}

These instructions are all single instruction lowering, so it's a matter
of changing the code-gen to call macro-assembler functions (that will do
the AVX check).

Bug: v8:11217
Change-Id: I472eacf74933f4b504299fc85f63fd07062db320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114602Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76476}

Bug: v8:11589
Change-Id: Ie51cfd6cd6315f7f14f0c584f190a478ed565b0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114603Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76475}

We also set these operations to explicitly require Register for the
second operand (rhs) even if AVX is supported. Although AVX instructions
support unaligned operands, there is potentially a performance hit,
especially on older hardware. This matches the x64 instruction selector
as well.

Bug: v8:11217
Change-Id: Iae11ec23cc607842a034250028f7667fb2fcb0d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114601Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76474}

This removes 4 arch opcodes.

Bug: v8:11217
Change-Id: Idff04fb205c7d7d1577ce123cc2160d678dfe39a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114599Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76473}

This reverts commit 2a8e2a9b.

Reason for revert: Linking error on UBSan https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20UBSan%20-%20release%20builder/17755/overview

Original change's description:
> heap: Use generic flags for main-thread only flags
>
> BasicMemoryChunk flags should only be mutated from the main thread
> when no concurrent task can access them. For that purpose it is enough
> to use regular non-atomic flags as they are immutable while the GC is
> running.
>
> Change-Id: I0a9f8ecb2eb2aafaf17e77626ae27604abd1b618
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107230
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76471}

Change-Id: I5da7dff91549fd4aadd0bc9ae0a29c52748d9dcb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116810
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76472}

BasicMemoryChunk flags should only be mutated from the main thread
when no concurrent task can access them. For that purpose it is enough
to use regular non-atomic flags as they are immutable while the GC is
running.

Change-Id: I0a9f8ecb2eb2aafaf17e77626ae27604abd1b618
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107230Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76471}

This reverts commit 5e041b82.

Reason for revert: Mysterious breakage of SIMD tests: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/41767/overview

Original change's description:
> [cleanup] Remove harmony-intl-dateformat-day-period
>
> harmony-intl-dateformat-day-period is shipped in M92
>
> Bug: v8:12109
> Change-Id: I7d24463c0cc353c4baf52326159beb04592b81b5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099087
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76468}

Bug: v8:12109
Change-Id: If7f32c650dc88bf6280573db9d6e42f89277778e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116806
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76470}

Previously SharedTurboAssembler was a base class for ia32 and x64
TurboAssembler. This made it easy to share code, only if the
implementation was the same. In some cases, like
ExternalReferenceAsOperand, the implementation defers slightly between
the two architectures.

We add a new class template SharedTurboAssemblerBase,
which derives from SharedTurboAssembler. Using the CRTP pattern, we
can call derived classes functions using the template parameter.
For any function that is exactly the same, we can declare them in
the header and define them in the cc file, instead of inlining
them all into the header.

Bug: v8:11589
Change-Id: I9319bd0c26c76995cef43ae5ec3f69392b3f825b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097109
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76469}

harmony-intl-dateformat-day-period is shipped in M92

Bug: v8:12109
Change-Id: I7d24463c0cc353c4baf52326159beb04592b81b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099087Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76468}

Sets up custom OOM handling in cppgc and installs a handler that
redirects to V8's handler when running with unified heap.

Bug: chromium:1242180
Change-Id: I68b7038a3736cc0aa92207db2c3d129a9ff68091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116253
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76467}

We were overwriting the shift Register, instead, we should be using the
tmp_shift register.

Bug: chromium:1242689
Change-Id: I732c9c1f8a43401ce003b22893db9e39dfac3817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116115
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76466}

Stage 3 proposal

flag --harmony_intl_enumeration

Spec: https://tc39.es/proposal-intl-enumeration/
I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/Txtf_rSqGH8/m/e27FY33JAQAJ
Design Doc: https://docs.google.com/document/d/1lbj_YVW-xhzYNMQeHB-qDjVkf4SA-eTHYpYXx3Oaud8
https://chromestatus.com/guide/edit/5649454590853120

Bug: v8:10743
Change-Id: I0c0b8ccb8e1f143b75f6f3f4128bdfe350d299de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099086Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76465}

Relanding https://crrev.com/c/3071212

Bug: v8:12049
Change-Id: If7bb3f9f6d9da05eee3d3e8ec355bc9d4e987ea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116251Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76464}

... when necessary and drop the now unused flag
ExtractFixedArrayFlag::kNewSpaceAllocationOnly.

Bug: chromium:1239922
Change-Id: Ic68d241ae7422df8e203ec12de800ded8862852e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3110371
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76463}

Fixed: chromium:1236286
Change-Id: I90106fce4d6e747f35c638ab00bf9a1696c8eb77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3109668
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76462}

Change-Id: I44f84a91a22cbe6cc364b43d096244fafaea7aca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114850Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76461}

This is a reland of d1b27019

Fixes include:
Adding missing file to bazel build
Forward-declaring classing before friend-classing them to fix win/gcc
Add missing v8-isolate.h include for vtune builds

Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}

Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit
Bug: v8:11965
Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76460}

Bug: v8:12128
Change-Id: Ie32a582da7b823f75462c0cea3fff68daf483df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114140Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76459}

Change-Id: Id807e5e09fff59f4aedfca67461ffe3af3ffbea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114144
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76458}

Give a little bit of introduction to Oilpan and provide a few links to
navigate the project.

Bug: chromium:1056170
Change-Id: I4ef8c256c8de7932e3393017be6c58ba48ca45f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114141
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76457}

This reverts commit 26609973.

Reason for revert: Breaks code_serializer tests - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/36427/overview

Original change's description:
> [codegen] Assert that deserialized SFIs have correct origins
>
> Re-use the same check we already have in place for the
> compilation cache for when we use CodeSerializer::Deserialize.
>
> - Move HasOrigin to SharedFunctionInfo::HasMatchingOrigin
> - HasMatchingOrigin no longer allocates
> - Pass ScriptDetails in more places
>
> Bug: v8:10284
> Change-Id: I6e074bd1e7db9a35fdf7123d04a65841d9813e02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090968
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76451}

Bug: v8:10284
Change-Id: I234fcf031001819b05dbcdd421f235f71e9805b2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114143
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76456}

This avoids a benign race in setting the raw pointer inside CTP
destructor by not emitting the write at all. The handle is destructed
which means that we only need to destroy any backing node but may
leave the handle untouched.

Drive-by:
- Add a few more docs.
- Make Clear() thread-safe.
- Make assignment of a sentinel pointer thread-safe.
- Make assignment of a nullptr thread-safe.

Bug: chromium:1242795
Change-Id: I0d9dafa31c298053e87ba1eb75f99fa6e33fa10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114134
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76455}

Add copies of the NumFuzz CI builders with the infra
staging flag which in turn adds the no fail flag that
ignores exit code 1. We want to see if this catches bugs
with less noise.


Bug: v8:11826
Change-Id: Ide6ffa7475e464075e588df0eaed524503c8cf95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114133
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76454}

In Blink, WindowProxy may be referred from two diffrent JS wrapper
objects during page refresh (same site navigation reusing parts of the
DOM). In this intermediate state, the old frame state is not yet
reclaimed while the new state is already being added.

We would like to only merge nodes when there's a 1:1 relation between
C++ and JS objects. Unfortunately, WindowProxy breaks that assumption
in that the C++ object doesn't directly point to the wrapper. In
addition, merging this case is important as otherwise detachedness
would not be propagated to the Window object (JS wrapper) which is the
main user of detachedness.

The CL allows overriding merged nodes, picking a random merged state
during pageload while still resulting in the regular snapshot behavior
outside of reloading the same page.

The proper fix is addressing chromium:1218404 and only create merged
nodes when the back reference points to the same object.

Bug: chromium:1241610
Change-Id: Ie77b51a56ce90ef377124304bb025342a724c600
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114139Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76453}

Python client is deprecated.

This removes all references to swarming_client in this repository.
https://source.chromium.org/search?q=swarming_client&sq=&ss=chromium%2Fchromium%2Fsrc:v8%2F

Bug: chromium:984869
Change-Id: I377c47fc696723ae4ba53418682f6e06129812f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114156
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76452}

Re-use the same check we already have in place for the
compilation cache for when we use CodeSerializer::Deserialize.

- Move HasOrigin to SharedFunctionInfo::HasMatchingOrigin
- HasMatchingOrigin no longer allocates
- Pass ScriptDetails in more places

Bug: v8:10284
Change-Id: I6e074bd1e7db9a35fdf7123d04a65841d9813e02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090968
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76451}

map, filter and values do not return lists in python3.

Change-Id: I608e8f61649f60f6cfeb9c4e12d293655c5647de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107305Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76450}