Windows can allocate the stack at low addresses. A low-address on-stack
slot (e.g. backing store reference for Blink's on-heap collections) with
a null value would make TryGetCagedHeap falsely think that the slot
resides in a caged heap that starts at a null address.

We will still crash for low-address on-stack slots with non-null
on-stack value, since these cases are not considered valid and should
not happen.

The null value check is added only to Windows. It is not an issue on
other OSes where the stack always resides at high addresses and we
prefer to keep the write barrier as cheap as possible.

Bug: chromium:1230794, chromium:1056170
Change-Id: I07e2d178cd95edba57015d6bc6eb127a443b0589
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069146
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76069}

Change-Id: I82464ad3ae81843b8e3ac940c079218a55aad67e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041145
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76068}

While reading through the jump threading implementation, I noticed
something strange: ApplyForwarding iterates through the block list in
reverse post-order, not in assembly order. Thus, the value prev_fallthru
might not refer to the previous block in assembly order. Obviously it
works fine this way or we would have noticed by now, but I think that
this step would be a little easier to read and reason about if the
iteration used assembly order instead.

I've added a test case to demonstrate the difference when using
assembly order: in a diamond where the right side starts with an empty
deferred block, the current implementation would fail to replace that
block with a nop. I doubt this case would have any real-world impact.

Change-Id: I28abe2043434debb54896871d15c540ad52c6368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3039261
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76067}

I/F 32x4 and 64x2 ReplaceLane opcodes are optimized
on P10.

Change-Id: I28ddc2b4e66ca39414e9c3ed2efd0eea268f1a07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067803Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76066}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/afe217b31..ab353c6

Bug: v8:7834, v8:3038, v8:3019, v8:11934, v8:12043, v8:12044, v8:11989
Change-Id: I3fd38aa0c2374f96506c21999f8ea04c9ece4f49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068506Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76065}

Windows.h causes massive namespace pollution with its defining of many
macros, it adds to build times, it disables warnings, and it makes it
easier to write non-portable code.

This change removes windows.h from V8's win32-headers.h. It does this
by replicating the small number of typedefs that are needed and by
defining three "proxy" types that are the same size and layout. The
V8ToWindowsType functions are used to reinterpret_cast between the
types.

Prior to this change there were over 760 v8-related source files that
include windows.h. After this change there are 16.

Bug: chromium:796644
Change-Id: I89efeed47028faae72de2da4f1dae345d8d7746c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042215
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76064}

Port f7de8c80

Original Commit Message:

    For large frames we are executing a special stack check that checks the
    remaining stack space before allocating the new frame. Different
    platforms used different limits for the frame size so far. Liftoff
    already uses 4KB everywhere, hence use the same limit also for TurboFan.

    simplification.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ie47572277769170878c3ed5598fe61edd8524ac7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068955Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76063}

Bug: chromium:1234770
Change-Id: I7368c4bcebc9b4ae78291e9e7bfc860328a742ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068941Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76062}

Also introduce a separate error type for WebAssembly.Exception,
since the properties should not be added to RuntimeError.

R=jkummerow@chromium.org

Bug: v8:11992
Change-Id: I8f4ae0da9a95184366e07dc43e58a5a9ff4382ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055304Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76061}

This ports https://crrev.com/c/3040844 to also work on Mac. All that's
needed is minor tweaks to the inline assembly. The inline assembly is
stripped down to what's actually needed. I didn't find documentation on
".pushsection" and ".popsection" on Mac. Since we do not have this on
other inline assembly (e.g. src/heap/base/asm/x64/push_registers_asm.cc)
removing this here does not regress the status quo. If this ever causes
problems, we will have to consistently add it everywhere.

The new code paths are tested by the v8_mac_arm64* CQ bots, and the
"V8 Mac - arm64 - sim - {debug,release}" waterfall bots.

R=ahaas@chromium.org, mseaborn@chromium.org

Bug: v8:11955
Change-Id: If0b78a2d2a8b365c1c77b171de0591452e4bbeec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063500Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76060}

Previously the V8 inspector would only turn embedder accessors on the
prototype chain into data properties, but would not do the same for
ECMAScript builtins, which is kind of inconsistent and weird behavior.

This leaves in the hack that the inspector reports native accessor
properties as (own) data properties, but now at least the very least
does so consistently. In the absence of a better solution, we'll go
with this for now.

Bug: chromium:1076820, chromium:1199247
Change-Id: I593f909a46cb714dbec629a2944eeb892881ba6f
Before: https://imgur.com/kPuSldj.png
After: https://imgur.com/eFau45m.png
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067319
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76059}

The current map is safe to read, and backpointers (read inside
Map::FindFieldOwner) are immutable after initialization.

Bug: v8:7790
Change-Id: I10329a44b8fa1e831fc2b52c0bc16c81891af784
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068949
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76058}

Feedback is protected by acquire-release.

Bug: v8:7790
Change-Id: I5b9e8f2fa8109207420dd715407c0791fe47db8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068943
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76057}

Port 6bf0b704

Bug: v8:11872

Change-Id: I08a88402229e56b923a0551d64c53d73b8e909f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068323
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#76056}

Based on a CL by mvstanton@.

Bug: v8:7790,v8:12030,v8:12031,v8:12041
Change-Id: I58b75bd96c724a99133bec7d3bd6cf4e0c9be6d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059683Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76055}

The `previous` field is immutable after initialization and the
context itself is read through an atomic load.

Bug: v8:7790
Change-Id: I8525cac7264573a7e9fc479613aaf268b72ab836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067333
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76054}

This reverts commit 098835f7.

Reason for revert: Testing reverts

Original change's description:
> [infra] Dummy change to test OWNERS enforcement
>
> No-Try: true
> Bug: chromium:1235962
> Change-Id: I6dabb9855e5db118315c33ab106ac7ba2c4721b8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068938
> Owners-Override: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76051}

Bug: chromium:1235962
Change-Id: I5d3d865c2e8b4c69122a2b6ee6c0bcb9bd1ec6f6
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068940
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76053}

Bug: chromium:1234764
Change-Id: I5b1053accf77331687939c789b7ed94df1219287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067327Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76052}

No-Try: true
Bug: chromium:1235962
Change-Id: I6dabb9855e5db118315c33ab106ac7ba2c4721b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068938
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76051}

Bug: chromium:1234764
Change-Id: Ie899f00e9247bdf67b59aa3ebb7def2948ccdb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067332Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76050}

No-Try: true
Bug: chromium:1235962
Change-Id: I4ed07e9e39ae60fa24b76b40bf8d251d16c924e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067336
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76049}

Change-Id: I09ea01231fc3f646f215ff9fca0b526357d04385
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068322
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#76048}

This is a temp fix to throw instead of DCHECK in debug build.
The correct fix depends on the landing of
https://github.com/unicode-org/icu/pull/1762

Once that land I will cherrypick into chrome to fix the function correctly.
But the current (before this CL) behavior is not harmful in release build.
It basically does not do the max nor min just return itself.

Bug: chromium:1224869
Change-Id: Iebce2ab0a5ce047e83e8fce05db8290212e64509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017300Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76047}

Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/ad56859..1169114

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/50fd66a..cff8a26

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/cdb04dc..b79b97c

Rolling v8/third_party/aemu-linux-x64: pmyID7CW-4NsGYefh7NnE4xj3AbHD5lu9r5GLO3rzMYC..DxCnfY154Xn-UYrZ-GF8FewyGfo29cYHkKdDMgpEHJkC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4505381..61f0e50

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/f7a5fc9..563140d

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/d0097bc..dd02422

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I85237ce6814f9389b20e78238d4c447707599449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067947Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76046}

And fallback to handle references on heap compilation.

Port 7ac3b55a
Port 642a4673

Bug: v8:11872

Change-Id: Ia371c53d32c0f1f4496fee1a7c72461ea291191f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3066946
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#76045}

ICU 69 moved content of nb resources to no and let
nb fallback to no. This break our original design of checking
locale availability. Hard wire to check on no if nb fail for now
until we come out with a better fix.

Bug: chromium:1215606
Change-Id: I831529d29590cc643ee0109fb2ce8948dac75613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068010
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76044}

stress_flush_bytecode controls stress flushing of both bytecode and
baseline code. So rename the flag to better reflect its functionality

Bug: v8:11947
Change-Id: Ie6c124a476c3a7c6eabd1d75de030ee15fe78e32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062567
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76043}

Previously, when the Load IC saw a deprecated map, it would migrate to
the new map but not update the feedback vector. This would lead to a
deopt the next time the same object was seen.

With this CL, the feedback vector will be updated to the target of the
deprecated map. In order to do this, we need to mark the IC for
recomputation. Without that call, the map and handler would look the
same to IC::UpdatePolymorphicIC amd would decline to update, causing
the IC to go megamorphic instead.

Bug: v8:10816
Change-Id: I0dcf97fb278bc0b167df6ce24d5db179f599f535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032983Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#76042}

The V8.Execute histogram is not free and can cause more overhead
than expected. This CL is guarding slower histograms behind a new
--slow-histograms flag.

For now --slow-histograms is enabled by default. Once all
chrome-side changes and benchmark changes have landed it will be
disabled by default.

--dump-counters will automatically enable --slow-histograms.

The goal is to not report slow histograms on UMA by default on stable:
- 100% reporting on canary/dev/beta
- 1% reporting on stable or specific finch experiments

Chrome-side feature: https://crrev.com/c/3065464

Bug: v8:11946
Change-Id: I23c782288e10ceb76323d72eceea9170739fd543
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067318
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76041}

- Add V8_OS_STRING and V8_TARGET_OS_STRING define
- Add v8-platform logging event
- Add shared-library-end event for faster v8.log processing

Change-Id: Id25a9e704620dbb70042e51a1fb6ed77ca7256bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067219Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76040}

No-try: true
Change-Id: Ib9574d3ddd5ad2ed6d203479baa13a660e170ed6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3047359Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76039}

This lands the CLs for creating V8 roll branches without TBR.

No-Try: true
Bug: chromium:1176141
Change-Id: I67defe7e0337f6beb3db2e198dc2cf87f1345ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067320Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76038}

- Add V8_WARN_UNUSED_RESULT to TryCopyAndConvertArrayToCppBuffer
  methods
- Remove --force-slow-path implications in
  Object::IterationHasObservableEffects

Bug: v8:11739
Change-Id: I20dcac1c460c6ee116ff372806cdf8764a99d9f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063504Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76037}

Instead of throwing a fatal error when setting a value in an array with
index larger than FixedArray:kMaxLength, we now throw an exception.

This CL propagates the exception in StoreInArrayLiteralIC.

Bug: chromium:1235093, chromium:1201626
Change-Id: Iaffd4eff47ad689fce2fd641ce1beaddd02d1a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067220
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76036}

This avoids having all code writable while compiling functions. We only
need it writable for copying the code to the NativeModule and for
updating the jump table(s).

R=jkummerow@chromium.org

Change-Id: Ifb212b1cd3f7702fac4b1eb9e7bc7d5b5bd5198a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063221Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76035}

For large frames we are executing a special stack check that checks the
remaining stack space before allocating the new frame. Different
platforms used different limits for the frame size so far. Liftoff
already uses 4KB everywhere, hence use the same limit also for TurboFan.

Drive-by: Remove an outdated and misleading comment, and other minor
simplification.

R=ahaas@chromium.org

Bug: v8:12017
Change-Id: I6548b2293ec255349bf4e08c26fd05b7e0df0497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063501Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76034}

Regressed in crrev.com/152ecad8.

Fixed: chromium:1234931
Change-Id: I8f2b603a914fccaeaeb3dcffa63070cf8fb6f0e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064604
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76033}

Also:
* Remove forward declare and As##Name for never serialized Data classes
* Remove the Data classes
* Refactor macro list to encode being background or never serialized

Bug: v8:7790
Change-Id: Ide29d89072b247311f29948f04c4147c5c1103cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056458
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76032}

A JSFunction object may count as 'ObjectMayBeUninitialized', yet still
be safe to read for other reasons (e.g. because it has been loaded
through a chain of acquire-loads and immutable-after-initialization
guarantees).

Bug: chromium:1235071,v8:7790
Change-Id: I18c81695f001fd67e69d98dde641b71ed7b7e53d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064606
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76031}

Lookup the corresponding details on the given map instead of the
owner map.

Change-Id: I2dcd0b24216c2bdc5860518d34d710b771f74973
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063234
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76030}