This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.

Bug: v8:13193, chromium:1238858
Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83235}

This CL introduces a new LookupIterator state WASM_OBJECT, and updates
all switches that need to handle it.

Bug: v8:7748
Change-Id: Ie3359aed2d37f5a6854e5577fa3799f0464391e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865559
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83234}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I06e12314495c2d89135e58e5d3a01310f108e865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899303Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83233}

The split is rudimental and now is not needed at all:
- as part of the shared-cage effort we added HeapHandle pointer to the
  BasePageHandle class (on the API side);
- for the value-full barrier we get HeapHandle from bitmasking the
  value;
- for the value-less barrier we get it from the callback provided by the
  caller.

The CL entirely removes the split and uses the single
BoundedPageAllocator. A minor note: the conservative stack scanning can
become sligthly more expensive.

Bug: chromium:1361582, chromium:1325007
Change-Id: I2a8aded3dd12037998f36341c68af8e23b0dcd88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899320Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83232}

Since enabling the sandbox is now required for example for mkgrokdump,
add it to the default gn args. Also treat non-sandbox builds as
"non-shipping" in mkgrokdump.cc

Bug: v8:13281
Change-Id: I08042aa53057e25c556e166c059373e2fdb9d2c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899317
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83231}

This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.

Bug: v8:9407
Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#83230}

When ETW Events are enabled with the --enable-etw-stack-walking flag
we should not also enable the --interpreted-frames-native-stack by
default.
Showing the interpreted frames on the native stack is quite expensive
since it involves mulltiple copies of the interpreter trampolines, and
it's not always necessary to profile JS code, so it should be enabled
when necessary with a separate flag.

Bug: v8:11043
Change-Id: Id2d779e7fcac9b626f9da2e0c77edf9c30f853df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893601
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83229}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=cbruni@chromium.org

Bug: v8:12887
Change-Id: I7e828480e9cc919609dac69df89315c6fdc82dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899296Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83228}

Bug: v8:7748
Change-Id: I74041f23ac64a3e509d82f84b4a710d23bbecbaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893859Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83227}

Inner pointer resolution, to be used in conservative stack scanning,
assumes that all pages registered with the memory allocator are
iterable. Until this CL, this was not the case for pages that were
owned by the young generation semispaces but were unused. Such pages
are either in the "from" semispace, or in the "to" semispace but have
not yet been used.

This CL ensures that all pages owned by the young generation are iterable. It also adds tests to verify that inner pointer resolution
works correctly for unused young pages and for pointers above the
page area.

Bug: v8:13257
Change-Id: Ieff7cc216853403e01f83220b96bf8ff4cdea596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885893Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83226}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jkummerow@chromium.org

Bug: v8:12887
Change-Id: I5bd5faaac89185c5f40b0eabb01f9b678f791498
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898934
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83225}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=marja@chromium.org

Bug: v8:12887
Change-Id: Ie0106ceb521a775c7660d369cdb15763e9264149
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898932Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83224}

Change-Id: I83b2181323b311fb6994c6d2bed731357079ec1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892060
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83223}

Also add a DCHECK to prevent this stupid mistake in the future.

Bug: v8:13190
Fixed: chromium:1363969
Change-Id: Ieb855ccfb42a1a6d84798eb09721d454c355935f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899313Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83222}

Change-Id: Ie338d4ecb1bcad09e0278dbceb2e21c7b9722d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899212Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83221}

Cached template objects only need to be cached for reference identity
comparisons. If there is no strong reference to the cached template
object, then there's nothing to compare it against if it were to be
loaded from the cache, so we can hold it in the cache weakly.

Bug: v8:13190
Change-Id: I4a787eb33eab734fe9df6c424ff915d775fce70f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898692
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83220}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=thibaudm@chromium.org

Bug: v8:12887
Change-Id: Id2f457a1c0056d5015e2f9983d4599582d7189cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876185Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83219}

This test observes GC behavior and needs the garbage collector to work
in a somewhat predictable way.

Bug: v8:13286
Change-Id: I24e6a4f33a644b5f1845cd34558da03fc196f7e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898721
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83218}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I36c66465e3b6c1b27c1825e50f17f4bc8557c426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898936Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83217}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=szuend@chromium.org

Bug: v8:12887
Change-Id: I8123d18ae852807557bf26b1308e0061dc1ac123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898937Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83216}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=leszeks@chromium.org

Bug: v8:12887
Change-Id: I45a24a6297153f279a060079c0ee318545df6817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898931Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83215}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jgruber@chromium.org

Bug: v8:12887
Change-Id: I0454426c664e54e9b8c8b39f903eeca1a80d4bc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898933
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83214}

This reverts commit c66e6ea0.

Reason for revert: fyi bots are green again.

Original change's description:
> Disable interrupt-budget-for-maglev flag
>
> Bug: v8:7700
> Change-Id: Ieff3e3b053f418e73699a208993c4d0771326522
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879614
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83066}

Bug: v8:7700
Change-Id: I5c09ba5f7b3dc7f67582bb2ed7b4c4451660c4c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898938Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83213}

The kContextRegister can alias allocated registers - when setting it,
take care not to unintentionally clobber.

Bug: v8:7700
Change-Id: I0635d334fb14fa15540582a4873d4186fffa2199
Fixed: chromium:1363450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897634
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83212}

.. in TryBuildMonomorphicLoadFromLoadHandler. If data1 is cleared,
emit an unconditional eager deopt.

Note all early-return paths must happen before any code is emitted.

Bug: v8:7700
Change-Id: I00d5ff258cc88a0cb2423267b362c05540d09839
Fixed: chromium:1359714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898691Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83211}

This can happen when we have a load from a double field of a value that
canonicalises to a Smi, and we then use that Smi value in Smi-feedback
arithmetic.

Bug: v8:7700
Fixed: v8:13282
Change-Id: I6d8245b8393f7595c3442985087ebb8e806061eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890999
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83210}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=nicohartmann@chromium.org

Bug: v8:12887
Change-Id: Ibdf60bd42ed577f367eee7da4de3a7e3dd6799e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871205Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83209}

Running the libfuzzer fuzzers locally (with an experimental flag turned
on) found crashes, but did not produce crash files because we were
generating a software interrupt ("trap") instead of properly aborting.
Disabling the "hard-abort" feature fixes that.

This will hopefully not flush out previously missed crashes. If so,
please do manually bisect across this CL, instead of assigning to me :)

Drive-by: Move more initialization logic from {InitializeFuzzerSupport}
to the {FuzzerSupport} constructor, where other similar work is
performed.

R=thibaudm@chromium.org, saelo@chromium.org

Bug: v8:13283
Change-Id: Id8d4e92f5ab6bb27676adeae6b3b1eb042b8ba3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892061Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83208}

Temporaries and the allocated result register may alias, thus order is
important when setting the result value.

Fixed: TestUndetectable, LogicalNot, SetPendingMessage.

Drive-by: Pass Label::kNear in a few spots I passed by.

Bug: v8:7700
Change-Id: Ice3de1d1014ad05d8fa9fb18d967887386bfed0d
Fixed: chromium:1359723
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898530
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83207}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4157fb6..ccee528

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/e713c13..040e851

Rolling v8/buildtools/linux64: git_revision:b4851eb2062f76a880c07f7fa0d12913beb6d79e..git_revision:fff29c1b3f9703ea449f720fe70fa73575ef24e5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/37391a1..0d1854a

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9ebcfa6..5e4d749

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220913.3.1..version:9.20220914.1.1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/02a202a..12149f2

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4afeac189d64d4ef62599de14187f9bd2348ff5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897654
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83206}

Correct the call the the one which take the UTC based time
instead of the one taking the local wall time.

Bug: v8:11544
Change-Id: Ib288617e8f98b21865c306ca36cd905a3e5315bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892639
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83205}

Sync with 2210 and 2240
https://github.com/tc39/proposal-temporal/pull/2210
https://github.com/tc39/proposal-temporal/pull/2400

Add AO: RoundNumberToIncrementAsIfPositive
Change AO parameter: DifferenceInstant

Spec:
https://tc39.es/proposal-temporal/#sec-temporal-roundnumbertoincrementasifpositive
https://tc39.es/proposal-temporal/#sec-temporal-roundtemporalinstant
https://tc39.es/proposal-temporal/#sec-temporal-differenceinstant
https://tc39.es/proposal-temporal/#sec-temporal-addduration
https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalinstant
https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalzoneddatetime

Bug: v8:11544
Change-Id: I6b613bd19014d770852b9ba587278e714f9ac110
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857451Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83204}

Bug: v8:10391
Change-Id: I383e11bdccf6fcaf13f29d25e1404545067d313e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891249Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83203}

A couple of customers have asked about using devtools to get information
about temporary allocations, with the goal of reducing GC time and/or
peak memory usage. Currently, the sampling heap profiler reports only
objects which are still alive at the end of the profiling session. In
this change, I propose adding configuration options when starting the
sampling heap profiler so that it can optionally include information
about objects which were discarded by the GC before the end of the
profiling session. A user could run the sampling heap profiler in
several different modes depending on their goals:

1. To find memory leaks or determine which functions contribute most to
   steady-state memory consumption, the current default mode is best.
2. To find functions which cause large temporary memory spikes or large
   GC pauses, the user can request data about both live objects and
   those collected by major GC.
3. To tune for minimal GC activity in latency-sensitive applications
   like real-time audio processing, the user can request data about
   every allocation, including objects collected by major or minor GC.
4. I'm not sure why anybody would want data about objects collected by
   minor GC and not objects collected by major GC, but it's also a valid
   flags combination.

Change-Id: If55d5965a1de04fed3ae640a02ca369723f64fdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868522Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83202}

When regenerating v8heapconst.py, the v8 sandbox now has to be enabled
explicitly (using the v8_enabe_sandbox=true gn arg) as it is enabled by
default in Chromium builds, but not standalone v8 builds.

Bug: v8:13281
Change-Id: I1a0861b1d63f340465d7433e042b27eace706ca7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3895622
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83201}

Change-Id: Id691009bddafdbb5a53c234fe00995b6e0733586
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893417
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83200}

We count the calls to `createTask` to track adoption.

Chromium CL: https://crrev.com/c/3894138

R=kimanh@chromium.org

Bug: chromium:1334585
Change-Id: I091f738e5b0dfdbb5843cda09eed7d3f906ea681
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892783
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83199}

JumpIfTagged access the stack for 4 byte compressed ptrs
so we need to add stack bias for that for big endian

Change-Id: Ifefa56018cf4ddccb337704775b38937e47ac3ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893419Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83198}

Check whether the exception phi for the accumulator (i.e. the exception
message object) is dead, and don't assign rax to it if yes. Note that
maglev node liveness can differ from bytecode liveness, since the
bytecode accumulator could have been considered "live" just because of a
move to a (dead) register.

Bug: v8:7700
Change-Id: If1384284f6f55a565e2ae94e5e7a32455fdedb93
Fixed: chromium:1359382
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892353
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83197}

Bug: v8:7700
Change-Id: I0eaf1ffaaa2d759226b675b367a58bc0ea9a5da2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3895813Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83196}