Add logic to drop cyclic contradictory flags from
correctness-fuzzing command lines. Add the currently known
biggest offenders.

Without this, the correctness fuzzing harness runs into a CHECK
failure during smoke testing, when attempting to pass cyclic flags
to d8. It fails fast, but uselessly burns fuzzing time.

This change drops one of the known cyclic flags instead to make the
test run still useful. The precedence is right to left like in the
V8 test framework.

Additionally on Clusterfuzz, all crashes during smoke testing are
deduped as one crash report. We don't know if there are other
problems before this one is fixed/hidden.

No-Try: true
Bug: chromium:1330303
Change-Id: I06cbb4655cd3cf467f5cce6f84dba653834ca72e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865562Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82939}

Port 247b33e9

R=gdeepti@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Iaedf6d6579e8224ba90b19b70ed040b23b85b2b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868835Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82938}

The intention is to be restrictive for now: modules should not
start to depend on this subtyping while the stringref type
hierarchy question is being settled (see
https://github.com/WebAssembly/stringref/issues/3 for details).

Bug: v8:12868
Change-Id: I0140e72f92550c88393dc84bb1fa3ce65840a048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865019
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82937}

Bug: v8:7748
Change-Id: Ibb43799319f8032d69adcaaeebb48ec8e4e6078c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869146
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82936}

At the start of the graph builder, we add merge states to exception
handlers basic block with ExceptionPhis (normal phis with no input,
but with an interpreter register "owner").

Every Node that can throw, can also lazy deopt, so we use the
lazy deopt IFS to recover the exception phi values in a trampoline
before jumping to the exception catch block.

Bug: v8:7700
Change-Id: I62fe7f19ce5e89c3df645224ea62f9fc2798207c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865865Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82935}

This change adds support for defining globals whose value is imported
and not defined inline. This was already possible for importing globals
from other modules, now it is also supported for non-global values, e.g.
values created by a wasm function and exported to JS.

Bug: v8:7748
Change-Id: I4fe22a7ab33b431cb731458900c0f332dff8b8f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865554Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82934}

Instead of implementing our own shared mutex, use std::shared_mutex,
which does not have the problem of deadlocking when interrupted by
signals (see https://crbug.com/v8/12037).
This is on Mac only, for now. If this fixes the regressions, we can
switch all systems to std::shared_mutex.

R=ishell@chromium.org
CC=dmercadier@chromium.org

Bug: v8:12037, v8:13256, chromium:1358856
Change-Id: Ie4be7cc5431905ca1e4f74809168eb6a9f584d28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870465
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82933}

Bug: v8:12612
Change-Id: I28a574435646073d65e6fe1e746267ffb0eaa01d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864083
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82932}

ResumeGenerator is semantically a successor of SuspendGenerator (for
reasoning about liveness), but operationally it's a successor of
SwitchOnGeneratorState. This means that the jump to ResumeGenerator will
always create a new basic block, even if the SuspendGenerator was dead.

This causes problems if we made other assumptions on liveness based on
the semantics; in particular, we assume that JumpLoop is dead if the
loop header is dead (thanks to loop irreducibility).
SwitchOnGeneratorState breaks irreducibility, and this manifests as the
JumpLoop being alive and trying to jump to a dead header.

Since this is a special case, and loops are otherwise irreducible, we
can also fix it with a special case; namely, MarkBytecodeDead now has a
special case for SuspendGenerator which manually advances the iterator
and kills the ResumeGenerator.

Bug: v8:7700
Change-Id: Ice162f061e7ba1dda7ceb4f6fe9234889655b417
Fixed: v8:13250
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865556Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82931}

Bug: v8:12868
Change-Id: Ia70ddb1fb25bc1f14259d14a8a9f614de7d8cd52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865558Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82930}

Check the function for TF code before finalizing a maglev compilation,
so that we don't accidentally overwrite the higher tier.

Bug: v8:7700
Change-Id: I20eb4e25f3bf2710b6e65f9d866cad143e77943d
Fixed: chromium:1359114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870464Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82929}

Besides, fix a error in GetMemOp.

Port commit 247b33e9

Change-Id: I34cf0d22870f438fb6bfcd67ef50ec254fb92608
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869758
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82928}

This CL refactors most of the cctests and unittests (22 out of 31) that
directly invoke heap GC, so that the corresponding internal heap methods
are called from a few specific places in boilerplate code. This will
facilitate impending changes to the interface of GC-related internal
heap methods.

Bug: v8:13257
Change-Id: Ia6773a7952501b0792b279b799171519620497d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869264Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82927}

Port commit 8e069d62

Bug:chromium:1356718

Change-Id: I0f9f19e45c8f3fc18b46ac0c1341cc61d5b1ae59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868714
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82926}

Check comment section of crrev.com/c/3862265 for more
details.

Change-Id: I4085e988ceaf04dbf2e2e34188b5748c025d9672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868500Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82925}

Use the correct helper function to emit an immediate.

Fixed: chromium:1358909
Change-Id: I2f2ae7819f40009b3f9c22067cdf11885d3347ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869265Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82924}

Reference lowering in the corresponding issue:
https://github.com/WebAssembly/relaxed-simd/issues/52

Bug: v8:12284


Change-Id: Ia59419f41ae1e53804b0fdb7169bf6f56f864c53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862956Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82923}

Bug: chromium:1355824
Change-Id: Ic0809f68259939086ad0e9a329b718eaf0e107aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869266
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82922}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/252971c..15f3aed

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/c24a0d5..734683a

Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/42e738f..84f0693

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/638d30e..7ee0711

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/5084800..8cdc635

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/926ac23..81e0cc1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/b72e51a..e0c2881

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9a708ed9b806495ef3493d0e8dbb1ff12d661554
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869826
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82921}

This can save memory in cases where multiple frames in a process use the
same script, with sufficient time between loads that the script's
top-level SharedFunctionInfo is no longer present in the compilation
cache. Merging is relatively fast; it generally takes about one tenth as
long as deserialization.

Bug: v8:12808
Change-Id: I7366a51f1d2ca6a9f551cdf2bdbe0441450cf1bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868088
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82920}

No-Try: true
Bug: chromium:1240812
Change-Id: Ica677c1253bf4ff9ced0b91e71e35ee8e0cb78cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868906Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82919}

Bug: chromium:1356308
Change-Id: I00be3495031b203b71cf924745dd2bad878ab3c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868955Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82918}

This reverts commit 5a318a23.

Reason for revert: Fails on Mac arm64: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/8211/overview

Original change's description:
> Port Generic JS-Wasm Wrapper for arm64
>
> Bug: v8:10701
> Change-Id: I2014f8994c74379663998e2560d1d51b98a4a9a6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811834
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82915}

Bug: v8:10701
Change-Id: I9d5f19fedb82e2be64bd313f8cf5821fb0d8c795
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869145
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82917}

base::SharedMutex was implemented as an exclusive lock on Mac, because
of an OS issue on Mac (see https://crbug.com/v8/12037).
https://crrev.com/c/3855361 then introduced a custom implementation on
Mac, which caused performance regressions (see
https://crbug.com/1358856).

Since we rely on C++17 now, we can instead just use {std::shared_mutex},
which does not seem to have the deadlock issue of {pthread_rwlock_t}.
As a smoke test (and to check whether this actually fixes the
performance regressions), only switch one mutex in Wasm compilation to
std::shared_mutex. If this CL looks good, then other places can be
switched over as well.

R=ishell@chromium.org

Bug: chromium:1358856, v8:13256
Change-Id: Ia56efcb7747f191cc3ed7a381096c8f57142aff8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868954
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82916}

Bug: v8:10701
Change-Id: I2014f8994c74379663998e2560d1d51b98a4a9a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811834Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82915}

.. just until I can implement the fix.

Bug: v8:7700,v8:13251
Change-Id: I8ccbe8b08351472a1144db46fd8d9bcbd4188633
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865919
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82914}

This CL renames ConcurrentMarking::JobTask to JobTaskMajor, adds
JobTaskMinor, and makes ScheduleJob branch to schedule the respective
JobTask depending on its GarbageCollector parameter.

Bug: v8:13012
Change-Id: Ic7ab15ba70f7d4e86c94a6824623c258aa8b739c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850482Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82913}

Fold the CheckHeapObject check into the other checks (CheckMaps,
CheckString, etc), to avoid emitting a separate IR node with separate
deopt info and a separate actual deopt point.

Allow this check to be elided when we already know the node is a heap
object.

Bug: v8:7700
Change-Id: I981860a6522c082d86abc856cfe1b3ff5658ac59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867733
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82912}

Add a simple forward check elimination based on a side hashmap of "known
node aspects", namely the node type and node map (if any). This set of
aspects is cloned when merge states are created, and destructively
merged when merged into existing merge states -- destructive cloning
here means removing any mismatching information. This allows information
in dominators to be preserved.

Maps are kept separate from node types because we want to distinguish
between stable and unstable maps, where the former need a dependency and
the latter must be flushed across side-effecting calls.

The representation of this known information is currently very
inefficient, and won't win us any compilation speed prizes -- just
ZoneMaps keyed on ValueNode*. We should optimize this to take into
account some sort of liveness information, and clear out nodes that
aren't reachable anymore. There is also a lot more information we could
store per Node, e.g. known loaded fields or alternative representations;
depending on what we want to store and how that has to be invalidated,
we likely might need an alternative way of representing it. This
implementation is good enough for now though, for measuring the impact
of check elimination.

Bug: v8:7700
Change-Id: I2f001dedf8ab5d86f8acaa22416617bd80701982
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865160
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82911}

This CL removes the marking_worklists parameter from the
ConcurrentMarking constructor, and instead sets marking_worklists_
in ScheduleJob based on the new GarbageCollector parameter.

We will use the ConcurrentMarking class for both major and minor
marking later, and this CL does preparatory work for that by allowing
to change the mode of operation (minor/major) through ScheduleJob.

Bug: v8:13012
Change-Id: I44a35155cf19e1df139a6a4e5bc5cbedbc3e00aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850289
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82910}

This is a reland of commit aa541f1c

Original change's description:
> [turbofan][arm64] Emit Lsl for Int32MulWithOverflow when possible
>
> Int32MulWithOverflow on arm64 uses a cmp to set flags rather than
> the multiply instruction itself, thus we can use a left shift when
> the multiplication is by a power of two.
>
> This provides 0.15% for Speedometer2 on a Neoverse-N1 machine,
> with React being improved by 0.45%.
>
> Change-Id: Ic8db42ecc7cb14cf1ac7bbbeab0e9d8359104351
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829472
> Commit-Queue: George Wort <george.wort@arm.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82499}

Change-Id: Ib8f387bd41d283df551299f7ee98e72d39e2a3bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865484
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82909}

Remove jump optimization for platforms such as arm64 that
do not support it, and thus unblock alignment in builtins.

This provides a 0.3% improvement in Speedometer2
on a Cortex-A55 machine when PGO is applied.

This patch increases arm64's embedded code size by 0.3%.

Change-Id: Ice09c39f5f3fc954e114b9ee30630c0d9528107c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863281
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82908}

This CL adds src/base/container-utils.h wich contains a few utilities
to make working with containers easier by providing a few additional
functions (e.g. contains, all_equal, ...) that are not (yet) shipped
with C++ standard containers.

Change-Id: I365b88c4286bf58bcac32c7bb89a5b0a98fc3509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865966Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82907}

Sufficiently full pages in new space are promoted as is to old space. If
a string is allocated on such a page, it won't be promoted to the shared
heap. The string can later be promoted by the next full GC, but then it
is promoted from old space, not new space, which was not supported.

Bug: v8:12612
Change-Id: I6133e13bec9ba3110b2b9dbfb4dcef47bde25e90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865162
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82906}

This is a reland of commit 911c7170

Re-landed as https://crrev.com/c/3867727 has also been re-landed.

Original change's description:
> [debug] CHECK that a function's context is always available
>
> After https://crrev.com/c/3854501 has landed, we no longer have to
> handle the case that we do not find a function's context in the
> scope iterator even though the function requires one.
>
> This CL renames `NeedsAndHasContext` to `NeedsContext` since we
> always find a scope's context now. Additionally we turn this
> assumption into a dedicated check.
>
> R=bmeurer@chromium.org
>
> Bug: chromium:1246907
> Change-Id: I6458df76689c0bfa6d6b2f8c421f9ce481855547
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865153
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82848}

Bug: chromium:1246907
Change-Id: I5ce4fe458e4614f4d6ee419483c5a9071dc91bbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865555
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82905}

Otherwise we could point to a potentially dead (not allocable)
input to GeneratorStore.

Bug: v8:7700
Change-Id: I113a02e0c1a3eb1b817dc4eb8f538cf40a1d0d3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867729
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82904}

It is possible for IncrementalMarkingJob to be scheduled while MajorMC
is running, but it only gets to run after MajorMC finished.

If concurrent MinorMC is run in the meantime, RunInternal should not
invoke Step, which is currently only supported for MajorMC. This CL adds
a bailout for this case.

Bug: v8:13012
Change-Id: I3012cac3de5195a9f1b85f1ac18b02cef67b004b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867516
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82903}

Bug: v8:13247
Change-Id: Ia1e82ef106914481e20076ac1ada9ba79e23c5a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865547Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82902}

This is a reland of commit 3297ccca

This is a straight-up reland of the original CL. The failing test
was flaky and removed with https://crrev.com/c/3868727. We replaced
the test with a proper DevTools e2e test: https://crrev.com/c/3867522

Original change's description:
> [debug] Immediately step-in for 'stack check triggered' debug breaks
>
> This CL changes debug breaks that are triggered via interrupts (i.e.
> via stack check). One client of this behavior is the `Debugger.pause`
> CDP method.
>
> The problem is that when we pause so early, the JSFunction didn't have
> time yet to create and push it's context. This requires special
> handling in the ScopeIterator and makes an upcoming change unnecessary
> complex.
>
> Another (minor) problem is that local debug-evaluate can't change
> context-allocated local variables (see changed regression bug). Since
> the context is not yet created and pushed, variables are written to
> the DebugEvaluateContext that goes away after the evaluation.
>
> The solution is to mirror what `BreakOnNextFunction` does. Instead
> of staying paused in the middle of the function entry, we trigger
> a "step in" and pause at the first valid breakable position instead.
> This ensures that the function context is already created and pushed.
>
> Note that we do this only in case for JSFunctions. In all other cases
> we keep the existing behavior and stay paused in the entry.
>
> R=jgruber@chromium.org
>
> Fixed: chromium:1246907
> Change-Id: I0cd8ae6e049a3b55bdd44858e769682a1ca47064
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854501
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82817}

Change-Id: I1938ccb5979fd80dff530b2ffe3f18714b7eff3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867727
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82901}

Bug: v8:13091,v8:13253
Change-Id: I9a40a937e2774a62e607d792256fdd34e8a634f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867735
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82900}