Port 255aaed9
Port 6bd44dfe

Change-Id: I9d57cf7782c267bda4532d0408e69b671e6001f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220271Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77407}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/61339fd2..8d420cef4

Bug: v8:7834
Change-Id: I03213a87597bf9dcd810bcc55f7bc9f352342b3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222879Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77406}

Bug: chromium:1258603
Change-Id: Ife2284de6151c7e70592b55871875061b93bbcca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218193Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77405}

In order to avoid namespace pollution and compilation overhead it is
desirable to avoid include windows.h, and this enforces that.

Bug: chromium:796644
Change-Id: I7fdcd3c182a77cee03672bc4324b9e21566896d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3223960Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77404}

There is no need to wrap the cage's page allocator into a
LsanPageAllocator as that page allocator ultimately relies on the
platform page allocator to obtain pages. As the platform page allocator
will be a LsanPageAllocator when LSAN is enabled, it will already take
care of marking the pages as root regions with LSAN.

luci.v8.try:v8_linux64_heap_sandbox_dbg_ng

Bug: chromium:1218005
Change-Id: I62b5da9cb320e5012a657951c0d4c85a1bb2b3fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222761Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77403}

On Windows pre 8.1, userspace is limited to 8TB of virtual address
space. Take that into account when determining the size and/or placement
of the virtual memory cage.

Bug: chromium:1218005
Change-Id: Idda94534cad67dc2db77e9ba459e3a4b239dac2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222763Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77402}

4 instructions, i8x16, i16x8, i32x4, i64x2 relaxed lane select. These
instructions only guarantee results when the entire lane is set or
unset, so vpblendvb will give correct results for all of them.

Bug: v8:12284
Change-Id: I76959a23f2d97de8ecc3bef43d138184484e3c4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3207006Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77401}

Add initial stack memory, jump buffer and continuation objects.

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I0c6bde4e5f15e9c539e5e8af1a3b84e5cb5bc9a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220342
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77400}

--trace-wasm-compilation-times: print one line per compiled function
      with basic performance information. Useful for narrowing down
      functions of interest before investigating them in more depth.
--wasm-tier-up-filter=N: only tier up function #N. Useful for focusing
      features like --turbo-stats-wasm on a particular function.

Change-Id: Iaddb29bf815f4de8381a08e29187e96cc9945779
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086341Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77399}

The virtual memory cage supports a fallback mode that attempts to obtain
memory pages within a specific virtual address range by using
PageAllocator hints. However, Prior to this CL, the default
PageAllocator on Fuchsia would ignore hints alltogether, preventing
these mechanisms from working there.

Ultimately, on Fuchsia it would probably be better to manage the virtual
memory cage purely through VMARs instead of actually creating pseudo
mappings just to reserve virtual address space as is currently done
through the PageAllocator. This will require broader changes though, so
in the meantime, sticking to the current PageAllocator API is probably
the best option.

Bug: chromium:1218005
Change-Id: I821cfbb815d81479c3b3310296302addbb9cd8f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220340Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77398}

Since we introduced `array.init` as a way to create fully initialized
arrays, immutable arrays are no longer useless, and they enable certain
static optimizations, so this patch allows them.

Bug: v8:7748
Change-Id: I404aab60099826f4bd83cf54e5e1acbc38a3ca9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221151
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77397}

Besides the virtual memory cage, the DecommitPages API is also now
required for Cppgc with crrev/c/3211583.

A working implementation of this API is availabe in src/base/platform
for all supported platforms and is used by the DefaultPlatform.

Bug: chromium:1218005
Change-Id: I29765993ed54bb52de71998ae8c6295637ee4072
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211584
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77396}

Port: 1cd7a582

Original Commit Message:

Class Constructors are special, because they are callable but [[Call]]
raises an exception. Instead of checking if a JS function is a class
constructor for every JS function call, this CL adds a new instance
type for class constructors.
This way we can use a fast instance type range check for the common
case, and only check for class constructors in the uncommon case were
a class constructor is called and when we need to raise an exception.

Change-Id: I8f11416124a1eefc4ba63423747686bc0b519bb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218711
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77395}

... into UNIQUE_LEAF_INSTANCE_TYPE_MAP_LIST_GENERATOR and the rest
where the former list contains only those maps which have 1:1 relation
to instance type values.

Bug: v8:11880
Change-Id: Ibe20ec7a7c432680dcf23a5c0102ae89c0689d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218065
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77394}

This function tries to determine the number of virtual address bits
available on the current CPU and with that the maximum size of the
userspace address space. On x64, it can be implemented through CPUID.

The result of this function is now used in two ways: first, it limits
the maximum size of the virtual memory cage, currently to a quarter of
the address space. Second, it influences the placement of fake cages,
which are attempted to be placed into the lower half of the address
space so that they are followed by large amounts of (hopefully) unused
but addressable virtual memory in which pages can be allocated.

Bug: chromium:1218005
Change-Id: I0edc5d241d899f16dbc47492fa1534b6aaa4aa13
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220348
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77393}

V8 can fall back to creating a virtual memory cage that does not have
the desired security properties but at least allows V8 to run when
caging is enabled. This API allows the embedder to determine which kind
of cage is being used, for example for metrics collection.

Bug: chromium:1218005
Change-Id: I6988d0a4fce8aeb1361b30fce8c9c2f68f3b92f9
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220343
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77392}

- Anonymous namespaces instead of static functions.
- Comments.
- Reserve enough space in the range ZoneList.

Change-Id: Ie79fda770974796cd590a155dc5fd504472e5bc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220341
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77391}

The concurrent marker consults the page flags to see if it should skip
objects in the shared heap, and it was missing a SynchronizePageAccess,
causing TSAN false positives.

Bug: v8:12314, v8:12007
Change-Id: I888a68a3eddaa3dfa1644364226010def8d2a9b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219946
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77390}

Scripts are treated as web snapshots if they start with a magic number.
This enables end-to-end web snapshot implementations without changing
the embedders.

Bug: v8:11525
Change-Id: Ib8b098bb8cf0b9f96894009414b1cea7646b60dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218977Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77389}

Tip of tree puts both internalized and in-place-internalizable strings
into the shared heap object cache. But only internalized strings need
to go in there, since we can't have duplicates of those. It's fine to
allocate in-place-internalizable strings in the shared heap each time
a new Isolate is initialized, it'll be deduplicated if it's
internalized eventually.

Bug: chromium:1258918, v8:12007
Change-Id: I0e46b73a5ac3be83d0eaa31915a3a24f47a8c2bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219690
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77388}

Mostly the macro lists, the rest will be moved in a follow-up.

Bug: v8:12207
Change-Id: Iedf48e80f94ac99869c8aa31516cf93f9fc23667
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3209665Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77387}

Consider in-construction keys as live during the final GC pause.

Bug: chromium:1259587
Change-Id: Ia8c05923db6e5827b68b17a51561fbc8b2c4b467
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221153
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77386}

The purpose of this CL is:
- To include all the logic of this function within the bit case switch.
- To make it more clear what the probabilities for each generated
  subtype are.
- To fix bugs where anyref fell back to unsupported types in interpreter
  mode.

Bug: v8:11954
Change-Id: Ibc2d487c3fd66ec44a2a4f0eee874c8d3591be52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220347Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77385}

Bug: v8:12244,v8:12245
Change-Id: I57d51bc26e05e6e33d8866681a887c09e7d332f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219082Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77384}

Bug: chromium:1256831
Change-Id: I51a7872996849c42fdc75c1691c1e4103e2a45c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220349
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77383}

Due to caching issues we will not be able to store host-defined options
directly on the Script anymore. ScriptOrModule can thus no longer be
a i::Script.

NodeJS keeps weak references from ScriptOrModule to their import meta
data. This CL changes ScriptOrModule to be a temporary struct which has
a different lifetime. As a temporary fix until the API is fully updated
we introduce the v8_scriptormodule_legacy_lifetime compile-time flag.
It keeps references to ScriptOrModule alive on the Script to restore the
previous behavior (at an additional memory cost).

Bug: chromium:1244145
Change-Id: I1dc42d25930d7bc4f22ee3c9bba93d89425be406
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211575
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77382}

This is a reland of 3600aabf

Original change's description:
> ppc: [liftoff] implement AtomicExch and AtomicCmpExch
>
> Change-Id: Ida66b9c42cfb9bd5b59a83188a2dfa0d602d4036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192427
> Reviewed-by: Milad Fa <mfarazma@redhat.com>
> Commit-Queue: Junliang Yan <junyan@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#77148}

Change-Id: I84dc2d2c429c1f1646d0b97036ad9baa96961e56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3216042
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77381}

We need to check if the index is less than zero and miss to the runtime
if this is so.

Bug: chromium:1257519
Change-Id: I7d22f2765232815120b8baf7b8b83d5b00024375
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218975Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77380}

This is a reland of d7c9b31a

Original change's description:
> ppc: [liftoff] implement DropStackSlotsAndRet
>
> Change-Id: I05bcba3ad27b46b7c7888940895605ad463fc960
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3155302
> Reviewed-by: Milad Fa <mfarazma@redhat.com>
> Commit-Queue: Junliang Yan <junyan@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#76774}

Change-Id: Ifced82af6fdd16c72d36493afa27f4a4824ada90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3216041Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77379}

This is a reland of 1ea76c13

Disabled the failing test on Fuchsia until its PageAllocator
respects allocation hints.

Original change's description:
> Implement a fake virtual memory cage mechanism
>
> On operating systems where reserving virtual address space is expensive,
> notably Windows pre 8.1, it is not possible to create a proper virtual
> memory cage. In order to still be able to reference caged objects
> through offsets from the cage base on these systems, this CL introduces
> a fake cage mechanism. When the fake cage is used, most of the virtual
> memory for the cage is not actually reserved. Instead, the cage's page
> allocator simply relies on hints to the OS to obtain pages inside the
> cage. This does, however, not provide the same security benefits as a
> real cage as unrelated allocations might end up inside the cage.
>
> Bug: chromium:1218005
> Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77367}

Bug: chromium:1218005
Change-Id: I2ed95d121db164679c38085115e8fa92690c057e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220151Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77378}

Introduces several new runtime mechanics for defining private fields,
including:
  - Bytecode StaKeyedPropertyAsDefine
  - Builtins StoreOwnIC{Trampoline|Baseline|_NoFeedback}
  - Builtins KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic}
  - TurboFan IR opcode JSDefineProperty

These new operations can reduce a runtime call per class field into a
more traditional Store equivalent. In the microbenchmarks, this
results in a substantial win over the status quo (~8x benchmark score
for single fields with the changes, ~20x with multiple fields).

The TurboFan JSDefineProperty op is lowered in
JSNativeContextSpecialization, however this required some hacks.
Because private fields are defined as DONT_ENUM when added to the
object, we can't find a suitable transition using the typical data
property (NONE) flags. I've added a mechanism to specify the required
PropertyAttributes for the transition we want to look up.

Details:

New bytecodes:
  - StaKeyedPropertyAsDefine, which is essentially StaKeyedProperty
    but with a different IC builtin (KeyedDefineOwnIC). This is a
    bytecode rather than a flag for the existing StaKeyedProperty in
    order to avoid impacting typical keyed stores in any way due to
    additional branching and testing.

New builtins:
  - StoreOwnIC{TTrampoline|Baseline|_NoFeedback} is now used for
    StaNamedOwnProperty. Unlike the regular StoreIC, this variant will
    no longer look up the property name in the prototype.
    In adddition, this CL changes an assumption that
    StoreNamedOwnProperty can't result in a map transition, as we
    can't rely on the property already being present in the Map due
    to an object literal boilerplate.

    In the context of class features, this replaces the runtime
    function %CreateDataProperty().

  - KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} is used by the
    new StaKeyedPropertyAsDefine bytecode. This is similar to an
    ordinary KeyedStoreIC, but will not check the prototype for
    setters, and for private fields, will take the slow path if the
    field already exists.

    In the context of class features, this replaces the runtime
    function %AddPrivateField().

TurboFan IR:
  - JSDefineProperty is introduced to represent a situation where we
    need to use "Define" semantics, in particular, it codifies that we
    do not consult the prototype chain, and the semantics relating to
    private fields are implied as well.

R=leszeks@chromium.org, syg@chromium.org, rmcilroy@chromium.org

Bug: v8:9888
Change-Id: Idcc947585c0e612f9e8533aa4e2e0f8f0df8875d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795831Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#77377}

There's no point in maintaining a separate counter for the size of a
`std::list`. Also changing the type to `size_t` consistently.

Bug: chromium:1257637
Change-Id: I4f938b9888bb09cd1223ae6b6ae1db0fa1181096
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220332
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77376}

Instead, pass a return parameter to store the error message, if any.

Change-Id: Ie71910149271a4268799ee41a8873df51812c505
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218989
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77375}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/64ad2a1..f78b0bd

Rolling v8/buildtools/clang_format/script: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/clang/tools/clang-format/+log/99803d7..99876ca

Rolling v8/buildtools/linux64: git_revision:0153d369bbccc908f4da4993b1ba82728055926a..git_revision:693f9fb87e4febdd4299db9f73d8d2c958e63148

Rolling v8/third_party/aemu-linux-x64: -dh4A1LzldRT2V-3X5pbC7DZsxgQ01JhKIFo6Bx5WP4C..oT0j0p3wnLGyIs4qDcea3sRhW4YKoAhTY2LDWkJ4T4QC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ee3f2f4..876bab7

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/7cdf142..756e98f

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/4df07a2..eedbaf7

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/bffc82b..6da1d53

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/203feb7..c00aa10

Rolling v8/tools/luci-go: git_revision:413d434bd4eee1130614494dfb19f1eba03d71af..git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323

Rolling v8/tools/luci-go: git_revision:413d434bd4eee1130614494dfb19f1eba03d71af..git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323

Rolling v8/tools/luci-go: git_revision:413d434bd4eee1130614494dfb19f1eba03d71af..git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I465ba638acf2820aba8d5872f87b19f58388ae57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217261Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77374}

This is a reland of 9fe53c4f

- Fix data-race by using an atomic for flag_hash;
- Make sure flag_hash != 0
- Initialize flag_hash in V8::InitializeOncePerProcessImpl
- Clear flag_hash in more cases

Original change's description:
> [flags] Skip --random-seed in FlagList::Hash
>
> Node and friends use --random-seed to temporary reset the seed for
> predictable code-cache creation. To allow custom random seeds at runtime
> the flag is reset for encoding the FlagList::Hash in the snapshots.
>
> We will soon disallow changing flags via the API after V8 has been
> initialized. In order to make node work we will exclude --random-seed
> from the FlagList::Hash calculation.
>
> Drive-by-fix:
> * Lazily initialize flag_hash instead of calculating it after every call
>   to SetFlagsFromString / EnforceFlagImplications.
> * Simplify hash string source creation since out << flag now includes
>   the full flag information
>
> Bug: v8:12309
> Change-Id: I1a168f4702d8c4d160ff12fdbea881731e4ea8b6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218159
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77345}

Bug: v8:12309
Change-Id: I12cd2931d81dc74e07a4da3564e4bf8dd151300a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218981
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77373}

Port commit 7c08633b

Bug: v8:12244
Change-Id: Ib6ccca9e8e3e79ec7ba7b6c522f3aa1989ab50ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219706
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77372}

Also skip the test-shared-strings/YoungInternalization cctest, which
doesn't make sense when there is no young generation.

Bug: v8:12007
Change-Id: I3006960181a7da681d7318289a6ade6b0f0bf6da
Cq-Include-Trybots: luci.v8.try:v8_linux64_single_generation_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218197
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77371}

https://crrev.com/c/3218150 introduced a bug where we would create a
filler entry without updating the object start bitmap.

Bug: v8:12295
Change-Id: Ic39cea54d2e0e8297fe58eb1e5b22d787874c565
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218066
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77370}

After https://crrev.com/c/3211894 the following error
gets thrown on gcc:
```
 error: call to non-'constexpr' function 'uint8_t
v8::internal::LocalHeap::ThreadState::raw() const'
         : raw_state_(state.raw()) {}
```

Bug: v8:11708
Change-Id: I6377c95fa38d4b4670f6a513e061f13e349a3212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3216043Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77369}

This reverts commit 1ea76c13.

Reason for revert: The unit test added fails on the Fuchsia bot https://ci.chromium.org/p/v8/builders/ci/V8%20Fuchsia/25976?

Original change's description:
> Implement a fake virtual memory cage mechanism
>
> On operating systems where reserving virtual address space is expensive,
> notably Windows pre 8.1, it is not possible to create a proper virtual
> memory cage. In order to still be able to reference caged objects
> through offsets from the cage base on these systems, this CL introduces
> a fake cage mechanism. When the fake cage is used, most of the virtual
> memory for the cage is not actually reserved. Instead, the cage's page
> allocator simply relies on hints to the OS to obtain pages inside the
> cage. This does, however, not provide the same security benefits as a
> real cage as unrelated allocations might end up inside the cage.
>
> Bug: chromium:1218005
> Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77367}

Bug: chromium:1218005
Change-Id: I541bb9656ab2a6a080c2a30d372226fcc5c95391
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219086
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77368}