OSR compilations happen on main thread and the functions that are called
from would have been already optimized. Also this code is only used for
this invocation. So to limit the amount of time spent on main thread
we could do a quick Turboprop compilation instead of a highly optimized
TurboFan compilaiton.

Change-Id: Ifcdcb5c855d8a9a56b13c1940b4ee0ed3bfb4d67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2659257
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72505}

Bug: chromium:1174040
Change-Id: I2ee539e5074707ac93f97a9a3a131e9c2745cdbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2672180Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72504}

Adds testing API that can only be used after enabling it on a heap.
The call that enables testing is only provided via v8_for_testing or
cppgc_for_testing build targets which protects against misusing from
production code.

Change-Id: I24a8f5543a2bb479481384e2c555d231383e5d12
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667513Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72503}

- Fixes some incorrect assumptions about padding in the
  code generation. Slots may have apparent extra padding
  when allocation fragments go unused.
- Reworks 32 bit push code to simplify skipping slot gaps
  when 'push' instructions are used.
- Adds a ElementSizeInPointers function on machine
  representations.

Bug: chromium:1171759,v8:9198

Change-Id: I029e300fa9c306d7e35344576fd1c68857cf2bca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2660379
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72502}

R=ahaas@chromium.org,ulan@chromium.org

Bug: v8:8091
Change-Id: Ia826e18bd06b5e6d401ff43b33b43b4e4c2a69db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2672022Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72501}

IsAnyInitialArrayPrototype doesn't need an handlified input argument
as it doesn't cause GC.

This improves performance of MapData::MapData as canonical handle scope
creation is expensive.

Change-Id: I2e1a46354276857b64867ea3e994356faef8950e
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2671659
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72500}

When generating getters, Torque needs to decide whether to perform a
normal or relaxed load. Thus far, it has used the somewhat non-obvious
logic that any indexed field with tagged non-smi data gets relaxed
loads. This change adds a new annotation @relaxedRead to be consistent
with the existing @relaxedWrite annotation. I added @relaxedRead
annotations on any field that previously had this automatic behavior and
whose getter is called, except for those in ScopeInfo because I'm
relatively confident that it doesn't need relaxed access.

Bug: v8:7793
Change-Id: I9987eea13760b967f1b8a3189b69742e55140c30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2600113
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72499}

Fix some trailing whitespace issues in files in the tools directory.

Change-Id: If9e9b1dab1d6f521e20619a2a1d093749f0528d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2671660
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72498}

Also access the DescriptorArray through GetPropertyKey concurrently if
the FLAG_turbo_direct_heap_access is on.

Bug: v8:7790
Change-Id: I29e5895fefc3653f954ba56aa85218121402e7ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2653232Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72497}

Port 45b99aaa

Original Commit Message:

    In https://crrev.com/c/2645694 we push the full q registers before lazy
    compile, but we did not change the fixed frame size to account for the
    wider registers being pushed.

    This manifested in the frame having data like:

    (gdb) x/10xg start.ptr_
    0x7f5576ff3eb0: 0x0000000000000000      0x0000336b08202759
    0x7f5576ff3ec0: 0x7ff000007f801000      0x0000000000000000
    0x7f5576ff3ed0: 0x7ff000007f801001      0x0000000000000000
    0x7f5576ff3ee0: 0x7ff000007f801002      0x0000000000000000
    0x7f5576ff3ef0: 0x7ff000007f801003      0x0000000000000000

    The GC then walks part of this frame, thinking that 0x7ff000007f801003
    is a heap object, and then crashes.

    Add some static_asserts (similar to builtins-x64) to remind ourselves
    that the pushed registers have to match the size in frame constants.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I994f1b7fecbb24ea97d846b1eed98201bc3b08ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2669308Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72496}

Code sequence from https://github.com/WebAssembly/simd/pull/379, and
exactly the same as x64, with minor tweaks for
ExternalReferenceAsOperand.

Bug: v8:11002
Change-Id: Icbfdac62b21c2734ad4886b3d48f34e29f7a8222
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2664860
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72495}

Port 910d92e2

Original Commit Message:

    This is a partial revert of https://crrev.com/c/2457669 to add back
    i64x2.ne and i64x2.all_true, which were accepted into the proposal
    (https://github.com/WebAssembly/simd/issues/419).

    This only implements it for x64 and arm64 on TurboFan, other archs and
    Liftoff will come later.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I9aedc94f665a7e02426e0abe44cea72176063942
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2668830Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72494}

Bug: v8:11217
Change-Id: I6e61b11babc0baecf7b1982ef779b941d3344182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667971Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72493}

V8 uses the same set of fp param registers as Simd param registers.
As these registers are two different sets on ppc we must make
sure to also save them when Simd is enabled.
Check the comments under crrev.com/c/2645694 for more details.

Port 3b302d5c

Original Commit Message:

    If a lazy compilation happens in between 2 Wasm calls, we need to save
    the full Q register, since we can have live v128 values.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Icdd0a6d38225a866b61651ff406598c144c25ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667952Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72492}

We were hitting an implementation defined behavior in this instruction:

- v is clamped to uint8_t::min and uint8_t::max
- then we static_cast<int8_t>(v)
- any values that don't fit in int8_t (> 127) hits and implementation
defined behavior

We reuse base::saturated_cast here instead to avoid this undefined
behavior.

Drive-by cleanup of test cases to make the signed/unsigned cases more
explicity.

Bug: v8:11372
Change-Id: I4e92cdfb685d74bd5436ba25f1c00db49a231221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2659501
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72491}

R=clemensb@chromium.org

Bug: v8:8091
Change-Id: Id2f0b4635ee235c592a969a41d1f50ed677150f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667857Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72490}

This is a partial revert of https://crrev.com/c/2457669 to add back
i64x2.ne and i64x2.all_true, which were accepted into the proposal
(https://github.com/WebAssembly/simd/issues/419).

This only implements it for x64 and arm64 on TurboFan, other archs and
Liftoff will come later.

Bug: v8:11347,v8:11348
Change-Id: I86934478760e3d501ecdb3ce6c9b702764cc0838
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2665005Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72489}

Change-Id: I6b0aa0daab07728f5a524ecba289276c7fa33a08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2668568Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72488}

Now with more fixes.

Bug: chromium:1162473, v8:11383
Change-Id: I54751cef03f6b2b1dc70324486441c9b0b011cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667512
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72487}

Change-Id: I34552a97244c5f4c343d16e5093676e3af5c210b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667510Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72486}

Previously the WebAssembly debugger support completely ignored the
condition on breakpoints. With this change, we check conditions
(snippets of JavaScript) properly, which enables not only conditional
breakpoints in the front-end, but also other features like 'Never pause
here' (which simply sets `false` as condition) and log points.

Fixed: chromium:1173007
Bug: chromium:1173006
Change-Id: I02c740d383378a1f4cc08134ad571bea08e9a905
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666690Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72485}

We are often stepping multiple times without inspecting the state
in-between. Hence, the generated debug side table is often not being
used. Instead of always generating it, we can generate it lazily on
demand, which can avoid the need to generate it at all.

R=thibaudm@chromium.org

TEST=inspector/debugger/wasm-stepping

Bug: chromium:1172299
Change-Id: I9b9ff4485d65d720d23585856b3d672925460667
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2664446
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72484}

Also, enable concurrent GetBackPointer().

Bug: v8:7790
Change-Id: If92cb7cdd9e6f5eb9a636764ca8abe2fc2c05ab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650205
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72483}

When constant-folding the test based on static types in the function
body decoder, we have to ensure Liftoff's value stack is properly
updated.

Fixed: chromium:1172912
Change-Id: I618992608882b850a8a4bce0b267ce456e4c2a40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2664447Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72482}

This reverts commit a850668c.

Reason for revert: new test flaking on many bots, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win32/31068/overview

Original change's description:
> [d8] Fix a crash when getting the worker's onmessage handler
>
> Bug: chromium:1162473
> Change-Id: Ided2f52882aaf02e1dc9a8d0ba883fedf029464d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2663004
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72473}

TBR=marja@chromium.org,cbruni@chromium.org

Change-Id: I5ec056185967974a94fd61baec8a75e855e1a272
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1162473, v8:11383
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666693Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72481}

Add a simple backtrace/bt command to the simulator debugger, which does
the frame-pointer stack walk and dumps pc/fp/sp for each frame.

This is strictly less powerful than the full JS stack dump, but can be
used to debug issues with corrupted frames that prevent the JS stack
dumper from working correctly.

Change-Id: I26cc962ab8d22c0a219d6a35548544602aa89418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666688
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72480}

Extract out the command processing from Simulator::Debug(), and expose
it to gdb as a new 'sim' command. Example usage:

    (gdb) sim p x15
    (gdb) sim stack

The sim command will execute that one command, and will return to gdb.

For a list of all commands, you can call

    (gdb) sim help

Note that sim won't resume simulator execution until gdb continues
execution; for example, `sim next` will set a breakpoint on the next
instruction, and will return to gdb. The user then has to continue
execution in gdb, at which point the simulator will break. The user can
then re-enter gdb with the gdb command. This will look like this:

    (gdb) sim next
    (gdb) continue
    ...
    sim> gdb
    (gdb) ...

Change-Id: I678e71e2642d8427950b5f7ed65890ceae69e18d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2664448
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72479}

Conditional breakpoints are not implemented yet; the condition is just
ignored for wasm. This CL adds a test for conditional breakpoints. The
output is expected to change once the implementation is finished.

R=bmeurer@chromium.org

Bug: chromium:1173007
Change-Id: I15e0053ec8b57e28b8eadc208f35bbf70437682e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666692
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72478}

Changes:
- Rename ObjectReferenceKnowledgs::object_must_be_data_ref to
  reference_kind, introduce an enum to describe it.
- In both compilers, remove the dynamic check whether the object is an
  array/struct. This is known statically. Instead, if we are checking
  for a function, just check for rtt equality and exit.
- Remove is_data_ref_type(), replace it in the compilers with calls to
  has_signature().
- Restructure AllocateSubRtt() to handle function rtts properly.
- Add a couple execution tests.

Bug: v8:7748
Change-Id: I46fbbfe2f2a7d29b583de0d536d71c534b98322f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661460Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72477}

The removed flags are:

1. --turbo-nci-as-midtier
2. --turbo-nci-cache-ageing
3. --turbo-nci-delayed-codegen

Flag 1. was used by a testing mode that is no longer used. Flags 2. and
3. were used to experiment with codegen and cacheing heuristics, no
longer needed now that work is suspended.

Bug: v8:8888
Change-Id: Ib4a89f09340c2d94ee7688928c8235276c1f1032
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661461
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72476}

Optional chain checks check if the object is null or undefined and
if it is we don't perform the load but just load accumulator with
undefined. For calls the value of the accumulator needs to be stored
in the callee register. We were doing this only when the object
isn't null or undefined. This cl fixes it by storing it to callee
always.

Bug: chromium:1171954
Change-Id: I391af18e783486fed70be561027bd8aba97b93cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2665466
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72475}

Boolean denotes the boolean JS values and doesn't make sense for the
result of a WordEqual.

Change-Id: Id504bbe1171c2603ed4070ed922fcafd94d846c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666689
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72474}

Bug: chromium:1162473
Change-Id: Ided2f52882aaf02e1dc9a8d0ba883fedf029464d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2663004Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72473}

Add comments and simpify code a bit for less chance of cargo culting.

Change-Id: Ica3fc60b0b7c11cc99a4c9ba9e3255662bbbb6bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642459
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72472}

Port: 3b302d5c

Port: 45b99aaa

Besides, removed redundant DCHECK.

Change-Id: Ifac825ae7670b075750603b2c61a3d60a85cc373
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2662581Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72471}

Port: 6d3a53e7

Bug: v8:11331

Change-Id: I6aaba8e4d25e01121f0f7e01f67af3b5c7202ba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666712
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72470}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/dce1147..dc9dc45

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/9904915..fc5af1a

Rolling v8/third_party/aemu-linux-x64: Y_rckHsnBv6dqNUbG4QoVkl3njqEx7ewCNGmqOE_h1MC.._nJMIPzu-ykpL-XPjf14IZ3CAFT3iQRtsbzyiSm9u7QC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/91735e2..4920147

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cb07c52..8c95595

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/c876c8f..bf44340

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/9290907..ec98581

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ic364444072e5b2405dc05d3cce7133585cce84c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666713Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72469}

- Allow downcasting construciton and assignment;
- Add WeakCrossThreadPersistent::Lock() that safely retrieves a strong
  handle for a weak reference;

Bug: chromium:1056170
Change-Id: I5f8d85a87c9955506dd87723ffb4c80d66770c04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2663160
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72468}

Port 6d3a53e7

Original Commit Message:

    This is a reland of commit 9c09c227.

    The fix for gc stress failure is merged: https://crrev.com/c/2656857.

    Original change's description:

    > Bug: v8:11331
    > Change-Id: Ie394ec841a1a1c4030c4f589eac2cee8a6a2a1f9
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639033
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
    > Commit-Queue: Zhi An Ng <zhin@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#72304}

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I68991b81c18e06714d272f019dab7994419692bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2665894Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72467}

Port 07b03b83

Original Commit Message:

    c_entry_fp is normally cleared in `LeaveExitFrame`, but we adjust
    the frame without it in the exception path.

    This can cause the SafeStackFrameIterator to assume we have an exit
    frame and iterate over frames incorrectly, which for arm64 can
    cause pointer authentication failures with CFI enabled. Even without
    the pointer authentication failure, we iterate over frames
incorrectly,
    so make this change for other architectures too.

    Also clear c_entry_fp in the beginning of JSEntry, after pushing it
    on the stack. Not doing this doesn't cause pointer authentication
    failures, but it will make the SafeStackFrameIterator assume we
    are executing C++ and miss the JS frames on top.

R=georgia.kouveli@arm.com, joransiu@ca.ibm.com, junyan@redhat.com,
midawson@redhat.com, mfarazma@redhat.com
BUG=
LOG=N

Change-Id: Id12286a0f18fce928f9e44825fc13cd0338bac46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2665893Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72466}