Instead of loading the same mask twice, we load from an external
reference twice. This saves some some binary size and a bunch of
instructions.

Bug: v8:11002
Change-Id: Ice80bd10694dcca920e18b8043390d7631c65805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643404Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72242}

Code fo Instruction Selection is added to the comments
and should be added when opcode is moved out of being a prototype.

Bug: v8:10983
Change-Id: I55948208e0ba0e903b267e0ca3e5815cb673d264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642155Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72241}

Bug: v8:11168
Change-Id: I6f697363d6f6d9b6a2303dec848f6d5200613f0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2641198
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72240}

Bug: chromium:1167733
Change-Id: Ie057068ee4ff08055d9dc7812a2e4f4dca9ec8d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2636844Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72239}

Bug: v8:11168
Change-Id: I88fd086b83bd4a17aae145fb02280a4d36b31579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2641199
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72238}

These are never generated by the instruction-selector, and don't need to
be defined.

Bug: v8:11074
Change-Id: I83a5760b6350155fd19d069be6aeeec5887e5880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643396Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72237}

It acquires the string lock to avoid race conditions. It does so in a
slow way (by getting the isolate from the string) to avoid piping the
Isolate through.

Bug: v8:7790, chromium:1166095
Change-Id: I8b769b4e96ee780314359d1d15d712012aade88a
Fix: chromium:1166095
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637861Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72236}

Change-Id: I8c849e6259d60e8dc57a5b03f388cc9347488a1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642884Reviewed-by: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72235}

Those flags are only used in the simulators, hence hide them for
non-simulator builds.

Move the --log-colour flag out of the simulator block, because it
is also used in other components.

R=ahaas@chromium.org

Bug: v8:11074
Change-Id: Iafe3c6ba0ee78b2cf0b0dff7299a9b588d136ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642262Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72234}

Bug: chromium:1056170
Change-Id: I74c589171470296d310055ba3fe982fb3c9f25f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642261Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72233}

Change-Id: I5422d4288eebedac86077a42286231e5c225232d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642877
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72232}

With this change, the GC will compute the size for ScopeInfo instances
based on a combination of flags, context_local_count, and possibly
module_variable_count, rather than using the FixedArray-style length
field. After this change and a few more cleanups, we should be able to
remove that length field and save a few bytes.

Bug: v8:8952
Change-Id: Ica8e51ee106685b44fcc55556b4bb124afc91cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2598461
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72231}

Add test for Cpp->JS references.

Bug: chromium:1056170
Change-Id: I7240483b6ad7393346b55a9756fcd4721e238119
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642257Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72230}

deoptimized-frame-info: Used only by the debugger.
translated-state: Combines translations and current frame states to
describe in- and output frames.
translation-array: Utils for accessing the on-heap TranslationArray
object.

Bug: v8:11332
Change-Id: I86757bed370d6d9e493862eb24a9e92533f80933
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640414
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72229}

This CL keep the Deoptimizer class in deoptimizer.{h,cc} and moves
everything else into translations.{h,cc}. Translations may be further
split up in follow-up work.

Drive-by: Remove dead code and clean up includes.

Bug: v8:11332
Change-Id: If774399843da1322c01e03d71c97b10fc88e45cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639955Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72228}

Provide a way to trigger a write barrier when updating the embedder
fields. In future, such a mechanism should be encapsulated into V8.

Bug: chromium:1056170
Change-Id: I4e43362993c3e58d5bebdd58a7d46a39c0aa4f06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640419Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72227}

This is a reland of d1da9694

Relanding now that fixes for perfetto and cppgc are in:
https://chromium-review.googlesource.com/c/v8/v8/+/2640458
https://chromium-review.googlesource.com/c/v8/v8/+/2640480

Original change's description:
> [build] Enable external flag header by default
>
> Turns on v8_generate_external_defines_header.
>
> Bug: v8:11292
> Change-Id: I4b1d9b47390b560b7cbf677948310694d8b03367
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2610966
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72201}

Bug: v8:11292
Change-Id: Ia47eeb6c45f4cc3db72c10782d677b69506fa3d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642249Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72226}

This reverts commit c594a20e.

Reason for revert: Speculative revert for link issues: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/14658/overview

Original change's description:
> [cpu-profiler] Use base::LeakyObject for static CodeEntry objects
>
> This is preferred over the older LazyInstance based stuff, and has
> a lot less boilerplate and is easier to follow.
>
> Bug: v8:8600
> Change-Id: I7c5c5ae04c064b0fc598dc01f1ed5442dc21a17b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640475
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72224}

TBR=petermarshall@chromium.org,clemensb@chromium.org

Change-Id: I2e4fce9bc58d289338814f3ee1b1520a97dfd3cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8600
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642251Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72225}

This is preferred over the older LazyInstance based stuff, and has
a lot less boilerplate and is easier to follow.

Bug: v8:8600
Change-Id: I7c5c5ae04c064b0fc598dc01f1ed5442dc21a17b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640475
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72224}

OWNERS files: removed tebbi's entry.
TODOs: replaced with 'turbofan'.

Change-Id: Ib7a90418b394f123b82051379f120f0323d04097
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639757Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72223}

Add a dependency to a cppgc target for the the cppgc unit tests sources
so that the header files are used correctly. Previously it was working
because it added the external config which sets up the include
directories correctly, but would fail if the v8-gn.h file was not
generated quickly enough or if the cppgc_unittests_sources was built on
its own.

Bug: v8:11292
Change-Id: If12be4809b59b8dd5705468ad0343a1118547092
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640458Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72222}

Port: 624030e9

Bug: v8:11256

Change-Id: I48379a716fd5424448fb1fb1051a9d119f73bcdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642167
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72221}

Change-Id: I3eaa9c7e80bea7748dc28ec4ff09fecbdd7a434d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639767Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72220}

This fixes typing (and type conversions) in the two compilers and adds a
test for executing a memory.size instruction in memory64.

R=manoskouk@chromium.org

Bug: v8:10949
Change-Id: Ic06b224437cb818ad74d0732fc4c8e08c9095231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2632594
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72219}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/43dd249..2f05905

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/c38b5ab..0c30db8

Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/ef64306..fdaa5e5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/cf567b6..beb8370

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/dabd965..af0dca3

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ba4ee03..3c71637

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I1a41567539bad93f25648ce1719c20bf596af30f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642165Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72218}

The icache and jump-table-assembler tests need memory that is both
writable and executable. On Mac, to do this we need to pass MAP_JIT to
mmap which is wired with the VirtualMemory::JitPermission flag.

Change-Id: If8236fa8983a4a59ef39fe777f26a02103dc6f75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637227Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#72217}

This CL lands a workaround for a bug causing the linker to merge
ExternalOneByteStringGetChar() and ExternalTwoByteStringGetChar() which
leads to the generated vtable address checks failing on one of the
inputs.

To make the two function's machine code different (to prevent the
linker from merging them), this CL adds CHECKs of the arguments to both
functions.

Bug: chromium:1160961
Change-Id: Ifc4c6e4e05a394a6f27572877abb765d02fd23ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640478Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72216}

Previously ShouldHaveBeenSerialized() would return false for
kPossiblyBackgroundSerializedHeapObject objects which prevented
checks for whether the correct serialization had been done before
accessing Map::prototype() for these ObjectRefs.

BUG=chromium:1168435,v8:7790,v8:9684

Change-Id: I31b4cf7c7ce67ba1c46aea1451172b279d215508
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640479
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72215}

Adds v8config.h include before using V8_USE_PERFETTO to fix build errors
when v8_generate_external_defines_header and v8_use_perfetto are both
enabled.

Bug: v8:11292
Change-Id: I4ea5fd39ca7eaaa5ad64b532d26df7933da41659
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640480Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72214}

This will places builtins in .text$hot code section that is generated by native compiler PGO

Change-Id: I9e66eea99fc9b25cda9d9a9d1f57a0cd43d3a924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2628595
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72213}

This was previously removed in
https://chromium-review.googlesource.com/c/v8/v8/+/946129.

Given that test/mjsunit/compiler/regress-817225.js no longer
reproduces, and that the original CL removed only one occurrence of
this common pattern, it's not clear that it fixes anything.

Bug: v8:7519
Change-Id: I973a581e1e6cdea5ba2ff31364bd6701602fc8d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637854
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72212}

The `parameters` attached to FrameState nodes are often iterated s.t.
the receiver (implicitly at index 0), and potentially some leading
parameters, are skipped. The new convenience functions
`begin_without_receiver` and `begin_without_receiver_and_skip` make this
pattern more convenient.

Bug: chromium:1166136
Change-Id: Ic2bc7319edf9b8567346788dfaebd8852672a703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637221
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72211}

The compatibility fixes have been standardized.

Bug: chromium:581577
Change-Id: I4ab1df59cbcb4bcbcfe9e3a3c658b2d6b81fe68e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2633539Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72210}

This is a reland of 1694925c

Minor fix to linkage for constexpr.

TBR=ahaas@chromium.org,neis@chromium.org

Original change's description:
> Reland "[compiler][wasm] Align Frame slots to value size"
>
> This is a reland of cddaf66c
>
> Original change's description:
> > [compiler][wasm] Align Frame slots to value size
> >
> > - Adds an AlignedSlotAllocator class and tests, to unify slot
> >   allocation. This attempts to use alignment holes for smaller
> >   values.
> > - Reworks Frame to use the new allocator for stack slots.
> > - Reworks LinkageAllocator to use the new allocator for stack
> >   slots and for ARMv7 FP register aliasing.
> > - Fixes the RegisterAllocator to align spill slots.
> > - Fixes InstructionSelector to align spill slots.
> >
> > Bug: v8:9198
> >
> > Change-Id: Ida148db428be89ef95de748ec5fc0e7b0358f523
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512840
> > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#71644}
>
> Bug: v8:9198
> Change-Id: Ib91fa6746370c38496706341e12d05c7bf999389
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2633390
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72195}

Bug: v8:9198
Change-Id: I91e02b823af8ec925dacf075388fb22e3eeb3384
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640890Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72209}

Add interpreter implementation and tests.

Bug: v8:11265
Change-Id: Iddb33f2d2fe0badc0a5ee4a950a65b4caf5d289f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2636846Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72208}

Adds a `data` field to `v8::FastApiCallbackOptions`.

Bug: chromium:1052746
Change-Id: I0c4ac1a0ea1191e90d3bbc041aec5d8d860d7057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2603925
Commit-Queue: Gus Caplan <snek@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72207}

Bug: v8:11333
Change-Id: I0de067b0c23591c95c1454b9a17872ad28e0c98d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639956Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72206}

After removing the arguments adaptor frame, there is no more any distinction between
kArchTailCallCodeObjectFromJSFunction and kArchTailCallCodeObject.

Change-Id: Iebb374726b576b8e089425f989bb2da9d5ace4db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639761
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72205}

Currently background thread cannot allocate embedder objects and
checking the embedder heap size is not thread-safe. For simplicity,
we can skip the check until concurrent allocation of embedder objects
is supported.

Bug: chromium:1162744, chromium:1160097
Change-Id: I47d6299e77b986e4b2cb8da841e0149ef577918a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2640477Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72204}

The V8 inspector is using the DebugPropertyIterator (a debug only
interface) while building RemoteObjects. The DebugPropertyIterator
uses the `KeyAccumulator::GetKeys` for this, which can potentially
throw, but the DebugPropertyIterator ignores exceptions and keeps
iterating. If multiple iteration steps throw an exception
(e.g. due to a pending stack overflow), we run into a CHECK in
Isolate::Throw, as we can't throw exceptions while another
exception is still pending.

This CL fixes the CHECK crash by properly propagating exceptions
after the iterator is created or advanced and returning early
in the inspector if an exception happens.

Please note that the regression test that showcases this behavior
is still disabled, as fixing the crash causes currently an
endless loop. While the exception in `ValueMirror::getProperties`
is handled by early returing, we still need to forward it as
the result of the `Runtime::evaluate` all the way up the stack.

R=bmeurer@chromium.org, yangguo@chromium.org

Bug: chromium:1080638
Change-Id: I1d55e0d70490a06a6bc1b0a3525236411da7f64b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639954Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72203}