Change-Id: Ib4039ede294fe3c108cd49c45a7a5e36a6f51780
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653714Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80640}

Bug: chromium:1310790
Change-Id: I739161f47fc1fc32d832f106d5ef6b7df4aed213
Fixed: chromium:1310790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654096Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#80639}

Specifically, move numeric conversions from WasmGraphBuilder, and add
functionality for traps.
These will be used in wasm-gc lowering phases.

Change-Id: I73f0dab28d87db8f1c4c339ea3d871f262e270ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654101Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80638}

The script compilation cache contains weak pointers to Script objects as
its keys. When doing a rehashing operation, any hash table needs the
ability to get the hash code for every entry in the table. However, if
the weak pointer was cleared from a key, there is no longer any way to
get the hash code for that entry.

In https://crrev.com/c/3597106 , I attempted to solve this problem by
deleting all entries whose keys contain cleared weak pointers prior to
rehashing, but the implementation has a bug: when resizing, the new
table is allocated after deleting the entries with cleared keys, so if
that allocation triggers a GC, the table can once again have entries
with cleared keys.

This could be solved in a variety of ways, such as:

1. Iterate the entries again and delete those with cleared keys, after
   allocating the new table but before calling Rehash() to copy data
   into that new table. This means we can't directly use
   HashTable::EnsureCapacity, which normally does both the allocation
   and the rehashing.
2. Return a bogus hash code for entries whose keys contain cleared weak
   pointers. This is simple but risks poor distribution of data after
   rehashing.
3. Implement custom rehashing which can avoid copying entries with
   cleared keys, rather than reusing the rehashing implementation from
   HashTable.
4. Include the hash value in every key, so a consistent hash value is
   available even after the weak Script pointer has been cleared.

The fourth option sounds like the lowest risk to me, so this change
implements that option.

Bug: v8:12808
Change-Id: I6b19b9c8af67dcfc31b74842ba581dd141e18845
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654413Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80637}

The majority of 64-bit Android devices appear to be using a 40-bit
address space, i.e. 512GB for userspace. Allocating a 256GB sandbox
(plus 2x 32GB guard regions) may take too much of the address space and
cause the creation of other address space reservations (e.g. the cppgc
caged heap), which are created per worker, to fail later on.

In general, we should try to limit the sandbox size to less than 1/4 of
the address space, so this CL shinks the sandbox on Android to 128GB.

Bug: chromium:1327131
Change-Id: Ib48b45506ad6a7a5e15b95115c7642bf62a68fa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652783Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80636}

As a follow-up to https://crrev.com/c/3625835, document how we
internally encode Wasm opcodes in the WasmOpcode enum. In particular,
it's important for the mapping to be bijective.

R=thibaudm@chromium.org
CC=gdeepti@chromium.org

Bug: v8:12284
Change-Id: Ic4bcd70211e83b1eabb45204bdcce3209a4432b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647360Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80635}

This fixes a few minor issues in the handling of priority top-tier
compilation units, and adds some comment.

1) We document the current design around priority top-tier units.
2) We simplify the code to increase the priority a bit, and make sure to
   avoid integer overflows.
3) We reorder two statements to first increase the
   outstanding_top_tier_functions_ counter before adding a new unit, in
   order to avoid starting to execute a top-tier unit when the counter
   is 0, which would be an inconsistent state.

R=ahaas@chromium.org

Bug: v8:12880
Change-Id: I67bd71135f34b793ea5cf064108668fb72c7e345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654097Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80634}

Dynamic tiering is now enabled by default, and the origin trial is
expired, so the callback can be removed.
The callback was already never called, because the flag value is always
checked first.

R=ahaas@chromium.org, mlippautz@chromium.org

Bug: v8:12281
Change-Id: I58eaa210c86024128328a13ba07bb8fc1b437841
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644951
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80633}

This gives a small speedup for wasm-gc programs.

Bug: v8:7748
Change-Id: I4a172251ab85e2a5e030ee5cae97db9e3655f5cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654095Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80632}

* "volatile" on by-value params is deprecated.  Remove.
* ICU has decided not to fix a warning about rewritten comparison
  operators.  Work around.  This is ugly, but the alternative is
  disabling the warning entirely for this file or all of v8, which seem
  worse.

Bug: chromium:1284275
Change-Id: Ia90ae439fc56c3970da539d4ae3a64927ec4357b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652575
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80631}

The frozenness / sealednes is not yet serialized & deserialized, but
this allows prototyping web snap in contexts where frozen / sealed
elements occur.

Bug: v8:11525, v8:12820
Change-Id: I8fb788bd3d1a1ec3e6b47610c69230cc900033b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652779
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80630}

This improves a pattern that appears in the SunSpider
base64 benchmark.

Change-Id: I1b5f4535d24d8a39cc480508d1e11c8e92e0135c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654098Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80629}

Port commit 0236d7b5

Bug: v8:12284
Change-Id: I8ce66d3e4d61e8cc446364fbc1b1ba7d6036fca7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653715
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80628}

Also add AOs: TemporalYearMonthToString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plainyearmonth.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-temporalyearmonthtostring

Bug: v8:11544
Change-Id: Ibe8bd20ae5eb5b7721e50cf5386c20d8d23e18e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437894
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80627}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5b615fa..62419bc

Rolling v8/buildtools/linux64: git_revision:bf4e17dc67b2a2007475415e3f9e1d1cf32f6e35..git_revision:c547ca1497e3ff0dcbc0b2cb036b3d40380cbeeb

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/b682786..75a3853

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/44c86bb..837a94e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ecd2da3..8111049

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/8fb649c..ab4d2e3

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220516.3.1..version:8.20220518.3.1

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/7085d03..2fe249a

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/56af55b..6e492e7

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie312502b162d4244148f4345649c3a7f1d0a7f65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654580
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80626}

Port commit 0236d7b5

Bug: v8:12284
Change-Id: I5a1c7b7a50c45e0d768ee3e200a2c25dbfcc8b36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654978Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#80625}

Also add AO: TemporalMonthDayToString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plainmonthday.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-temporalmonthdaytostring

Bug: v8:11544
Change-Id: Ibbc5b28a9c73474f7edc1b67c9beabf5bca54dbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437891Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80624}

If b is S128Zero, Shuffle(a,b,s) can be optimized to
Swizzle(a,s). By setting s[i] to 0x80, we can avoid access b.
If a is S128Zero, we can swap a and b first.

If one input of I8x16Shuffle is S128Zero, this patch can save
~60% instructions(7 of 12), and more than 30% improvement is
observed in local microbenchmarks.

Change-Id: I5953fa9064e01203cd4cf423c55dd5ed33cad57e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3544992Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#80623}

Also add AOs: PadISOYear, FormatCalendarAnnotation, TemporalDateToString
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-padisoyear
https://tc39.es/proposal-temporal/#sec-temporal-formatcalendarannotation
https://tc39.es/proposal-temporal/#sec-temporal-temporaldatetostring

Change the ISODateTimeWithinLimits from
-8.64 × 10^21 - 8.64 × 10^16, 8.64 × 10^21 + 8.64 × 10^16
to
-8.64 × 10^21 - 8.64 × 10^13, 8.64 × 10^21 + 8.64 × 10^13
per https://github.com/tc39/proposal-temporal/pull/1723

Change to use AppendCStringLiteral instead of AppendCharacter when
appropriate.

Bug: v8:11544
Change-Id: I01f22657b2c3e5aacbea790593d7e9f60076ec74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3438379
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80622}

Instruction lowering on ARM uses pmin/pmax as there is no hardware support.
More details here: https://github.com/WebAssembly/relaxed-simd/issues/33

Bug: v8:12284
Change-Id: I075d4a6660afc4418fcc91c5d48e8e9096536dc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646075
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80621}

Fix for the following minor issue:
```
error: variable 'first_output_index' set but not used
```

Change-Id: Iccc5e15db62a5768ba6f3742f3c4d7123f493c65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652093Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80620}

Goal is to keep the tree green while the issue is investigated.
No impact on shipped product since shared-memory is flag-guarded off.

Bug: v8:12883
Change-Id: I9a434bdebc781023fa6693eef47db6dbe81cd4bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653320
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80619}

Bug: v8:12783
Change-Id: I15cf16bd66a97c33170ca4f1f5e3acc6ff9bf956
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576129
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80618}

This reverts commit a7607221.

Reason for revert: fails on GC Stress bot:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/38512/overview

Original change's description:
> Disable recompilation of existing Scripts from Isolate compilation cache
>
> My previous change https://crrev.com/c/3597106 led to some performance
> regressions in time spent on parsing and compilation. This change
> disables the ability to recompile an existing uncompiled Script, as an
> attempt to both fix the regressions and isolate which part of the
> previous change was the cause of those problems.
>
> Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
> Change-Id: Ifa086bf27070da8f4b3c0e4415af5ca7b6706b0a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652252
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80616}

Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
Change-Id: I0f56163856d04ff49da96b0fb344fb59b5501a40
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653273
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80617}

My previous change https://crrev.com/c/3597106 led to some performance
regressions in time spent on parsing and compilation. This change
disables the ability to recompile an existing uncompiled Script, as an
attempt to both fix the regressions and isolate which part of the
previous change was the cause of those problems.

Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
Change-Id: Ifa086bf27070da8f4b3c0e4415af5ca7b6706b0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652252Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80616}

The test cctest/test-v8windbg recently started failing because the
v8windbg debugger extension is unable to read the "flags" field on a
SharedFunctionInfo instance. This occurs because one of the bitfields
within "flags" has type OSRCodeCacheStateOfSFI, which is only declared
using an "opaque enum declaration":

  enum OSRCodeCacheStateOfSFI : uint8_t;

When WinDbg fails in its attempt to look up that type, v8windbg responds
by failing to construct anything at all for "flags". However, the other
17 bitfields in "flags" can be represented successfully, so a more
useful behavior is to just skip the one failed entry.

Change-Id: I40630548d21499e49f0214da28260318a38d9360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653096Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80615}

on latest MSVC, build will fail due to error C1017

log: https://github.com/bnoordhuis/v8-cmake/runs/6473602404
Change-Id: Ida6a4f1cbace68cbfc5aa7d4df2e7829fc755a55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653496Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80614}

BACKGROUND_UNPARK and BACKGROUND_SAFEPOINT were introduced in
crrev.com/c/2704075 but the LAST_GENERAL_BACKGROUND_SCOPE was
not updated, so they were not tracked properly by GCTracer.

Bug: v8:12425
Change-Id: Ibbd7f5410088c45454b6e22af4e038e8ef0dd7fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650598Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80613}

In particular use the same "location" in any call site to make grouping
OOMs easier. Move the detail information into the new OOMDetails struct.

Since we cannot construct OOMDetails via "{.detail = ...}" yet (C++20),
we add another variants of FatalProcessOutOfMemory which receives the
detail string and internally stores it in an OOMDetails struct.

R=jkummerow@chromium.org
CC=mlippautz@chromium.org

Bug: chromium:1323177
Change-Id: Ie10cde8dd060867515fab4c61c15030f9c3ccff9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652298Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80612}

There is a DCHECK in the gin platform that {ShouldYield} is not called
again after it already returned {true}.
This CL adds a similar DCHECK to the default platform to catch bugs
earlier (in d8).

R=ahaas@chromium.org, mlippautz@chromium.org

Bug: chromium:1277962
Change-Id: I4dc9d880cf6d36e3e497c5324aaf44889fe7fcee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644801Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80611}

This reverts commit e412e643.

Reason for revert: builder takes too long on CQ

Original change's description:
> Change linux_chromium_chromeos_msan_rel_ng to blocking on auto roll
>
> Bug: v8:12755
> Change-Id: I7c693c07640fd5952047666063f23b4be77692bd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644954
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80590}

Bug: v8:12755
Change-Id: I371c4ebbfc9dc9a0e806653c6c819b0eb29e5228
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644962
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80610}

This is a follow-up CL to https://crrev.com/c/3623542.

When updating pointers during a full GC, a page might not be swept
already. In such cases there might be invalid objects in free memory.
Since these objects might be dead, their maps might have been reclaimed
already as well.

The previous CL cached the size of invalid objects in order to avoid
accessing an invalid object's map. However, as soon as a slot is within
an invalid object, we also need to check whether this slot is still a
tagged pointer which would require map access. This CL checks marking
bits on invalid objects to skip that check on such invalid objects.

Bug: v8:12578, chromium:1316289
Change-Id: Ie1d736f897a2994dbed7bfb95ed37732cd3b0882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596123Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80609}

Especially, this requires having the __proto__s of functions serialized.

Drive-by fix (gc stress): Handlify IterateBuiltinObjects.

Bug: v8:11525
Change-Id: I8dc50b9144d17134a7c9b8fdbabe23f5e44f197f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644613Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80608}

Rewrite CreateTemporalTimeZone to sync with
https://github.com/tc39/proposal-temporal/pull/2008



Bug: v8:11544
Change-Id: I75c75146a5a84fc51d4b5ed182641ebf697e8389
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630351Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80607}

Also add the non-intl version of AO
GetIANATimeZoneOffsetNanoseconds which only implement for UTC.
(intl version implement other tz come later)

Also fix bug in JSTemporalTimeZone::offset_nanoseconds() that
"1000000L * offset_milliseconds()" may overflow int32_t before returning as int64_t by first casting offset_milliseconds() to int64_t in the operation so the whole formula is calculating under 64 bits not 32 bits. This bug fix some  *timezone-string-datetime tests.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.timezone.prototype.getoffsetnanosecondsfor
https://tc39.es/proposal-temporal/#sec-temporal.timezone.prototype.getoffsetstringfor
https://tc39.es/proposal-temporal/#sec-temporal-getianatimezoneoffsetnanoseconds

Bug: v8:11544
Change-Id: I2227dbfc8d6ed3ef83edcef5a9b903b8642b5902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534622Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80606}

Bug: v8:12868
Change-Id: I42ef3e15b2a7fd2ef157aa0e657ddf98973e8d79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644956Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80605}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/aecbdbf..37be1e8

Add option to get the verbosity provided by commandline flag -v (#1330) (#1397) (Matthdonau)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/37be1e8

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I0bb00e8310d4f7bf91fee25e52fdaa8cf1bccafd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652086
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80604}

Bug: v8:12868
Change-Id: I8d789457c725708e06f482d362d17c16a802a1f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644950Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80603}

When call_ref has seen more than one call target, we now support
inlining all of them (constrained by budget/heuristics).

Bug: v8:7748,v8:12166
Change-Id: Iae16e74da1bad5e7a117f70efb6c61b3f39f832c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650607Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80602}

The forced allocation of fixed registers can override the arbitrary
choice of register in a previous allocation. Fix this by first
allocating fixed registers, and only afterward allocating arbitrary
registers.

Also add a DCHECK after input assignment that input locations match
their node's current location.

Bug: v8:7700
Change-Id: I262c2a1f9a3c47d5c23c84b3764569692f18f39d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644958
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80601}