Drive-by improve some tracing too.

Bug: v8:7700
Change-Id: I52546a19c15ad1a6bbac1b15cdf8fba33dab1cb7
Fixed: chromium:1361345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886873
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83116}

Raw hashes may need to be looked up via the forwarding table when
internalized strings are forwarded to external resources. Notably, the
megamorphic ICs were not correctly fetching the raw hash.

Bug: v8:12007
Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83115}

Bug: v8:13269
Change-Id: Icb8b83b5f4695a9739d10d15936f4fead3b35ad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886865Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83114}

This allows (de)optimizing it in TF.

Bug: v8:13091
Change-Id: Iba64df02379dbf3ac07c96e10facb728e7d10501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886869
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83113}

Port 6f9e71fa

Original Commit Message:

    - Fix tracing of reference return values. StoreTaggedPointer should not
      use the write barrier since we are writing to the stack.
    - Avoid re-allocating a slot for the return value when it is already
      spilled.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I5b16259b1c6e8c019f6b17e8efb7947776e4ee24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886398Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83112}

This reverts commit 49c59678.

Reason for revert: The change is suspected to be breaking chromium's determinism test: https://ci.chromium.org/ui/p/chromium/builders/ci/Deterministic%20Linux/35003/overview

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I515ba771aa21f58b752a3a5b36b4deb2abc5f9c0
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886870
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83111}

Storing with E64 when SEW=32 has EMUL=2, which copies |n| 64 bit wide
data to the result double array already. Besides, accessing v1 when
EMUL=2 is reserved.

R=yahan@iscas.ac.cn

Change-Id: I0870d53c36b642529cab753409f52016d79219b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878442
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83110}

32-bit values are held in a sign-extended format in 64-bit registers. Which
the vaule 0x856AF894 becomes 0xFFFFFFFF856AF894 and failed equality comparison
with lwu's result 0x00000000856AF894. XOR the result with 0xFFFFFFFF00000000
before comparison.

R=yahan@iscas.ac.cn

Change-Id: I4d225ff653070022023ac7f10257ad0c30c24e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3881601
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83109}

When externalizing a string, the external pointer slots need to be
initialized before the new Map is installed. Otherwise, a GC marking
thread may see the new Map before the slots are valid. In that case, it
would attempt to mark invalid ExternalPointerTable entries as alive,
leading to a crash.

Bug: chromium:1361557
Change-Id: I47f19e6d9576fab0809dca36388cdfa9c28113e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885891Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83108}

This is a reland of commit 72d6dc6d

Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}

Bug: v8:12612
Change-Id: I2075c8a509265a16a133b309f98eefad7b011212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885889
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83107}

In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.

gni/v8.cmx is retained temporarily until out-of-tree consumers have been
updated.

Bug: v8:12589
Change-Id: If08cfcbf579696482e7cd60a8b8b80bcc4c7dab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885881
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83106}

This CL cancels concurrent workers instead of joining them in
MarkLiveObjects. Joining could trigger another costly run.

Bug: v8:13012
Change-Id: I873db6e9d612e219060de0fa2447f6c7c0e9de3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885876Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83105}

This CL reschedules minor concurrent marking in MinorMCTaskObserver.
This allows to make continuous concurrent marking progress.

Bug: v8:13012
Change-Id: I5cc4e02a60993dd5ce970244274d4d5f99b4a550
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885885Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83104}

Currently, compilation may fail in some configurations.

Change-Id: I2fd6a71c4f43c66416429a9d3dbbf9970c68aeaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885886Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83103}

- Fix tracing of reference return values. StoreTaggedPointer should not
  use the write barrier since we are writing to the stack.
- Avoid re-allocating a slot for the return value when it is already
  spilled.

R=manoskouk@chromium.org

Change-Id: I6418c48332964a1c3d407abafaf466b0e789be69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882971
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83102}

On termination of the worker pool in the main process, a SIGTERM is
sent from pool to worker. It was meant to terminate long-running
tests in the worker process. The signal handler on the worker side,
however, was only registered during test execution. During the
remaining logic (<1% of the time probably) the default system
behavior for SIGTERM would be used (which will likely just kill
the process). The ungracefully killed process might be killed while
writing to the results queue, which then remains with corrupted data.
Later when the main process cleans up the queue, it hangs.

We now register a default handler in the worker process that catches
the SIGTERM and also gracefully stops the processing loop. Like
that, the SIGTERM signal will always be handled in workers and never
fall back to SIGKILL.

However, a small time window exists when the SIGTERM was caught
right when starting a test process, but when the test-abort handler
was not registered yet. We keep fixing this as a TODO. Worst case,
the main process will block until the last test run is done.

Bug: v8:13113
Change-Id: Ib60f82c6a1569da042c9f44f7b516e2f40a46f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882972Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83101}

This reverts commit 72d6dc6d.

Reason for revert: UBSan failure in PagedNewSpace: 
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/23130/overview

Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}

Bug: v8:12612
Change-Id: Ife4a41fa835e61a6d9f0f1c254900288b805f41f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885884
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83100}

Bug: v8:12445
Change-Id: Iec07b49986a6ceff3842b55af24d375149930a91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885877
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83099}

Bug: v8:13269
Change-Id: I0f35101bd4b8a91ed5aa596cb5d27a5dbb5f764e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882976Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83098}

When testing for "has" rather than loading, we can immediately return
true when there is an accessor (this is already what the LoadHandler
path does but was missed in the inlined case).

Fixed: chromium:1361434
Fixed: chromium:1361560
Fixed: chromium:1361566
Fixed: chromium:1361654
Fixed: chromium:1361830
Change-Id: I69073eccbb39b08da597297fa597f53f260b242e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885879
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83097}

In case the free list fast path fails, do a precise search through the
precise category for the current allocation.

Bug: v8:12612
Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83096}

Port commit c0f420ef

Change-Id: I061da980f39888f0f43e2746c8c37d683b200a95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885381
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#83095}

Bug: chromium:1350125
Change-Id: Ia89d01420e93e110a5da22f104f5b8afbdd2f558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882973
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83094}

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/bbdc7d8..20f8ac6

Make references to //third_party/icu relative (Filip Filmar)
https://chromium.googlesource.com/chromium/deps/icu/+/20f8ac6

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I87063f9ec7b4ef8491c43ad8e1902e2741dd0e49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886397
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83093}

Bug: v8:11544
Change-Id: I23435db7f625ee35f560fd84ee98d481081fb5ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868513
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83092}

Bug: v8:12716
Change-Id: I0a1e807f7b0c64afa7d259361c47314e9c9e30db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867140Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83091}

This is a reland of commit a165e82e

The reason of revert is  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22   which is the line
"nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);"
where seconds_mv is a double and nanoseconds_mv is a int32_t
In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error.


Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double and int32_t instead of int64_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}

Bug: v8:11544
Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83090}

When the sandbox is disabled, object layouts are now different as
ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit
(ExternalPointerHandles).

Bug: v8:10391
Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83089}

Change AddInstant to use BigInt::FromNumber(isolate, factory->NewNumber
instead of BigInt::FromInt64 to convert from double to BigInt.
Sync AddZonedDateTime with https://github.com/tc39/proposal-temporal/pull/2303 which call AddInstant as ? instead of ! marking.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-addinstant
https://tc39.es/proposal-temporal/#sec-temporal-addzoneddatetime

PR: https://github.com/tc39/proposal-temporal/pull/2303

Bug: v8:11544
Change-Id: I4bd176294780f761341c25a5f71643b437f99c82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859165
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83088}

This reverts commit 50802793.

Reason for revert: blocking v8 roll:
https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia_x64/1301026/overview

Original change's description:
> [fuchsia] Migrate d8 to a component framework v2 Fuchsia component
>
> In the process, switch to using the Fuchsia GN SDK templates for
> building the component and package.
>
> Bug: v8:12589
> Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
> Auto-Submit: Greg Thompson <grt@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Greg Thompson <grt@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83084}

Bug: v8:12589
Change-Id: I94ce2ef0e7cba5d39c8d18ca7dc7264289325e99
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885079
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83087}

This CL includes the following changes:
1) Ignore ShouldReduceMemory for MinorMC (since it can't move objects)
2) Make FLAG_page_promotion more explicit in the condition
3) Take wasted bytes into account for MinorMC (full GC can compact and
   "reset" wasted bytes)

Bug: v8:12612
Change-Id: I64d214e692b8ecd20189c59e2a77807f05e43817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879606Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83086}

Change-Id: I064347b21de1eb8013754e715d99f13c6e59c192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876443
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83085}

In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.

Bug: v8:12589
Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83084}

Now that all external pointers have been sandboxed,
V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
shrinks external pointer slots to 32 bits when the sandbox is enabled.

Bug: v8:10391
Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83083}

Support LoadHandler::Kind::kAccessorFromPrototype, which is an accessor
on the prototype and is a direct call to the accessor.

Bug: v8:7700
Change-Id: I288972c027d37c8eb7c3558db4951bffdfba201f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882975
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83082}

This mimics Ignition, which calls AbortIfRegisterCountInvalid.

This adds a --maglev-assert flag, since we do not want to emit
different code per IR node for debug vs. release modes.

Bug: v8:7700
Change-Id: Iddb17f0ccadf9d6009b242883b2e5d126875c844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876385Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83081}

Inlining of bar into foo required taking allocation in foo into account
as well (crrev.com/c/1021734), but this makes the test vulnerable to gc
timing changes since other allocations are also inlined into foo and may
die at arbitrary times (as observed when enabling MinorMC).
Fix by preventing inlining of bar into foo.

Bug: v8:12612
Change-Id: I2d8848d4002334d329c4b2cc8f18bff1296f5cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882970Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83080}

Currently this observer uses 80% of initial new space capacity as
step size. But this means that after the first minor GC this will most
likely decouple from the current new space size since the allocation
counter isn't reset after a GC and surviving objects aren't
accounted.

Use 64K as step-size since this should be large enough to not cause
regression but it should still work for Scavenger and Minor MC such
that a step invocation will be performed close to reaching 80% of
new space capacity.

Bug: v8:12612
Change-Id: I4abc17eaeded90e0f72d9467a4410159ef0e6dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879618Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83079}

Drive-by: merge all collector choosing criteria into
SelectGarbageCollector.

Bug: v8:12612
Change-Id: I84d9e1aa5f658f48d5deeab1a8ef49ed1871cba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879608Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83078}

Change the constructor and instance registers into a single
constructor_then_instance register, and add some register allocation
scopes to reduce temporary register use. This also allows us to change
FindNonDefaultConstructor to only need one output for both constructor
and instance.

Also make BuildCreateArrayLiteral a bit more friendly to the interpreter
register allocation.,

Bug: v8:13091
Change-Id: I0b6015b0bc6810bb4607157d715b7e536efb89f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876386Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83077}