StaGlobal didn't write the accumulator, but the baseline implementation
assumed that it could preserve the accumulator by taking the return
value of the StoreGlobalIC. This almost always worked, except for
setters on the global object.

Fix this by marking StaGlobal as clobbering the accumulator, same as
StaNamedProperty (StaNamedProperty needs to do this anyway to avoid
inlined setters from needing to create accumulator-preserving frames;
StaGlobal would have needed the same thing if we'd ever inlined setters
for it).

Also, add a new debug scope, EnsureAccumulatorPreservedScope, to the
baseline compiler, which checks if the accumulator value is preserved
across non-accumulator-writing bytecodes. This found a (benign) bug with
ForInPrepare, so fix that too.

Fixed: chromium:1242306
Change-Id: I220b5b1c41010c16ac9f944cbd55d2705c299434
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122325
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76525}

Land some of the tests for Temporal.Duration
All marked as FAIL at this stage.

Bug: v8:11544
Change-Id: I4696edee7a2345133ed13c25aa720febe1f8fc69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087363
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76524}

This is causing a warning on newer build configs (crrev.com/c/3117087)

Change-Id: I8cf7644861c27b9959283510163ecf8acdb6bdc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124174
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76523}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6916c05..37c02f2

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4241fca..295492f

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/fc66578..094e3dd

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/ff21b36..955c7f8

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Idfcb99ea06fe22c031d512c443ed9d3e4dd93eed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123072Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76522}

Change-Id: Ibbe1882f043dd58ccea051e120a88bc4df1b9095
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123653
Commit-Queue: Yu Yin <xwafish@gmail.com>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#76521}

1. Move Abspd, Negpd from MacroAssembler into TurboAssembler so that we
can use it in code-generator
2. Add Absps and Negps (float32 versions of the instructions in 1)
3. Refactor SSE/AVX float32/float64 abs/neg to use these macro-assembler
helpers.
4. Use these helpers in Liftoff too

This has the benefit of not requiring to set up the masks in a temporary
register, and loading the constants via an ExternalReference instead.
It does require (in ins-sel) to have the input be in a Register, since
the ExternalReference is an operand (and the instruction can only have 1
operand input).

Bug: v8:11589
Change-Id: I68fafaf31b19ab05ee391aa3d54c45d547a85b34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123635Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76520}

Change-Id: I65128f04c86ae5332b4fc477ce3a131552932990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122567Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76519}

Consolidate all the cmp pseudo ops data into an array and use them when
disassembly all cmp instructions.

Drive-by clean up to x64 as well to add more supported pseudo-ops (to
match ia32, and this will be used in a subsequent patch).

Bug: v8:11879
Change-Id: I592bd146c27d8aedab7ccb0af4066583de6ead11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119374Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76518}

This CL takes advantage of the z15 `load byte reverse element`
instruction to optimize Simd LoadExtend opcodes.

On the simulator we only run `load element` as reversing is
not required.

Change-Id: Ia34ac86f93e987656596b3116771a30f64009416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119048Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76517}

No functionality change, moved the i8x16.popcnt algorithm
into shared-macro-assembler.

Bug: v8:11589
Change-Id: I3dd9d01589bf0176df1e33433f4c3c0c717c253d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122572Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76516}

Also move Pshufb definition into shared-macro-assembler. We define a
Pshufb that handles both SSE and AVX, and in SSE case will move src to
dst if they are not the same.

Define operator== and operator!= in ia32's Operand class that will check
against XMMRegister, we can then use DCHECK_NE to ensure that a register
doesn't alias a operand wrapping a register.

Bug: v8:11589
Change-Id: I7c30881e8a9b322b736bb7301dde0c5424efacdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119997
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76515}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a18fc49..6916c05

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/88e9a29..66ed234

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/ffda034..996cd74

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/5f26300..6474ba4

Rolling v8/third_party/aemu-linux-x64: mzkiKxqmdTggBfBNwOHm7OLAedgW6S1290tU-PuR80AC..oGv3yTl6dFNfI8UFd1J4dLV7QgFxe8HeuXPcvvBqsygC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ebf22ea..4241fca

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cfb4e59..fc66578

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/2f80c2b..ff21b36

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/563140d..77c1323

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/6002926..5ab37cd

Rolling v8/tools/luci-go: git_revision:6fd750aec1e6bffc49a4d87e26821a5a05b97b50..git_revision:e08764bfcf2e87425a025e3a1d196c5740385da2

Rolling v8/tools/luci-go: git_revision:6fd750aec1e6bffc49a4d87e26821a5a05b97b50..git_revision:e08764bfcf2e87425a025e3a1d196c5740385da2

Rolling v8/tools/luci-go: git_revision:6fd750aec1e6bffc49a4d87e26821a5a05b97b50..git_revision:e08764bfcf2e87425a025e3a1d196c5740385da2

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I36b90f036627293434596bec8dd1b1978399f3af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122787Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76514}

Move MakeDate/MakeTime/MakeDay to src/date/date.h so
we can reuse it to implement the GetEpochFromISOParts AO in
Temporal soon after.
See https://tc39.es/proposal-temporal/#sec-temporal-getepochfromisoparts

Bug: v8:11544
Change-Id: Ie48bf06670a9cae660864d66729b46f4c71e4fd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3120573Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76513}

When introducing LoadImmutable, we missed a couple of places where it
can be used like Load.

Change-Id: If02f6f1ad01d9b68ee757b38689e9f6336a6fb1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118545Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76512}

Bug: v8:11589
Change-Id: I7c97920d8ab94408b5cde4e90e7ff1aa9bcaeeba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119995Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76511}

This reverts commit 80f10346.

Reason for revert: Breaks build: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8837831932745482705/+/u/build/compile/stdout?format=raw

Original change's description:
> Reland "heap: Use generic flags for main-thread only flags"
>
> This is a reland of 2a8e2a9b
>
> Original change's description:
> > heap: Use generic flags for main-thread only flags
> >
> > BasicMemoryChunk flags should only be mutated from the main thread
> > when no concurrent task can access them. For that purpose it is enough
> > to use regular non-atomic flags as they are immutable while the GC is
> > running.
> >
> > Change-Id: I0a9f8ecb2eb2aafaf17e77626ae27604abd1b618
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107230
> > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#76471}
>
> Change-Id: Iaf495546f82291ab674537f5d39e10d0495ac612
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3117486
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76506}

Change-Id: I2a20c6f70f796e7f869bb2c9be0f8e80a89c98cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122586
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76510}

This is causing a warning on newer build configs (crrev.com/c/3117087)

Change-Id: I56afc0e5b0df4b345f8d1b27520b7c35ba31b2df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122170Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76509}

Change-Id: I80b8a71205fb8f470def8f90c1ae71a05b85cb4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114062Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76508}

Change-Id: I251497b12a897fcc15a3a56c3f487d7097fa163a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122146
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76507}

This is a reland of 2a8e2a9b

Original change's description:
> heap: Use generic flags for main-thread only flags
>
> BasicMemoryChunk flags should only be mutated from the main thread
> when no concurrent task can access them. For that purpose it is enough
> to use regular non-atomic flags as they are immutable while the GC is
> running.
>
> Change-Id: I0a9f8ecb2eb2aafaf17e77626ae27604abd1b618
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107230
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76471}

Change-Id: Iaf495546f82291ab674537f5d39e10d0495ac612
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3117486
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76506}

This CL introduces a d8-only flag --expose-fast-api which enables the
test FastCAPI object if the --turbo-fast-api-calls flag is enabled. It
also disables --stress-snapshot, which is incompatible with fast calls.

Bug: v8:12137
Change-Id: I01e8321726b78be660fd6554225999bfc94006c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3117485Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76505}

This reverts commit 810d34df.

Reason for revert: The stricter host checks prevent
certain security issues. We will have to live with regressions
until we have a more flexible caching solution in place.

Original change's description:
> [codegen] Disable host-defined options checks in cache
>
> We see too many regressions for now in M94 (~10% more misses in
> some cases).
>
> This CL reverts the logic to the state before landing
> https://crrev.com/c/3069152 without having to revert the several
> refactoring CLs that landed on top of it.
>
> Bug: v8:10284, chromium:1238312, chromium:1237242
> Change-Id: I57e66b9e0d58c36d2f1563b07720e3729c88ec94
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103006
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76362}

Bug: v8:10284, chromium:1238312, chromium:1237242
Change-Id: I4c662dd0ac16a4406f06fb2a62b9e4e65fa428ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114057
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76504}

The array buffer sweeper has its own freed counter which is migrated
back to a global counter. There exist two paths for finalizing array
buffer sweeping which both need to merge back the counters. If we miss
out on merging back the counter, the freed counter may overflow in the
next cycle.

Bug: chromium:1241332
Change-Id: Ic985f72414198de2eaf900b8e2e9b39bed24d87e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3121905Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76503}

This CL implements early SyntaxErrors for regular expressions. Early
errors are thrown when a malformed pattern is parsed, rather than when
the code first runs.

We do this by having the JS parser call into the regexp parser when
a regexp pattern is found. Regexps are expected to be relatively
rare, small, and cheap to parse - that's why we currently accept that
the regexp parser does unnecessary work (e.g. creating the AST
structures).

If needed, we can optimize in the future. Ideas:

- Split up the regexp parser to avoid useless work for syntax validation.
- Preserve parser results to avoid reparsing later.

Bug: v8:896
Change-Id: I3d1ec18c980ba94439576ac3764138552418b85d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106647
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76502}

Taken from https://chromium-review.googlesource.com/c/v8/v8/+/2944249

Bug: v8:10793
Change-Id: I7bd0ed9b4af48d3cade6cd98b49a1733f3101da3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3105650Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#76501}

Bug: v8:12144
Change-Id: I19821db79a6a4453ad2120450b5f7b247599f276
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118554Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76500}

On 64bit we guarantee that object alignment and sizes are multiple of
the default shadow memory granularity (8 bytes). The CL also introduces
CHECKs that the assumption holds.

Having kObjectAlignment be multiple of this granularity allows us to
check poisoness of each byte of an object. On 32bit we can not do that,
since the object alignment requirement is 4 bytes.

Bug: chromium:1241514
Change-Id: Ib19667724adaa7bc791ffa054eea618c365d65cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118552
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76499}

Port: 07b03b83

Bug: v8:10026
Change-Id: I4d7dc0fef98aa1754d3aea1d0f5d13b9bad9d645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118615
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76498}

'volatile Address' is a volatile pointer to non-volatile memory, which
means that writes to dereferenced memory may still be omitted. The CL
fixes it by treating dereferenced memory as volatile.

Change-Id: Ide4949c317467cb4440f98a1114991a102577e00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118946Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76497}

This should be the last remaining thing that fails the
-Wunreachable-code-aggressive warning.

Currently V8 DEPS update is failing due to the update containing
https://crrev.com/c/3115354, with this, the update should then be fine.

Bug: chromium:1066980
Change-Id: Ic74b3a95f90204333b0724d30463c6953047e5f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119999
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76496}

Bug: v8:11589
Change-Id: I7b55efa76f60eacf31700a544f54042eec963f57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3115545Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76495}

We create a ExternalReferenceAsOperand helper function in
SharedTurboAssemblerBase that delegates to the actual arch specific
implementation of TurboAssembler, because the ia32 and x64
ExternalReferenceAsOperand differs slightly in their implementation.

Bug: v8:11589
Change-Id: I378ea6b72fb2bba1a37482cc31cd58db0ba35721
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114604Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76494}

This avoids a benign race in setting the raw pointer inside CTP
destructor by not emitting the write at all. The handle is destructed
which means that we only need to destroy any backing node but may
leave the handle untouched.

Drive-by:
- Add a few more docs.
- Make Clear() thread-safe.
- Make assignment of a sentinel pointer thread-safe.
- Make assignment of a nullptr thread-safe.

Depends on the Blink change: https://crrev.com/c/3116259

Bug: chromium:1242795, chromium:1243350
Change-Id: I8d76da30893c165e3946322b6d02f6ea2c8e529e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114064
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76493}

This function was added (and tests updated) in
https://crrev.com/c/2928505.

Change-Id: I8e5ab63a832e5689811b09ab624e7f88b1c449b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116116Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76492}

Disable the system instrumentation tracing feature when Perfetto is
used as a tracing mechanism. This is because with Perfetto, trace events
no longer flow through the legacy TRACE_EVENT macro mechanism and thus
can't be intercepted by v8::platform::tracing::Recorder.

Perfetto has an interceptor API[1] for this purpose, but the existing
Recorders first need to be ported to it.

[1] https://perfetto.dev/docs/instrumentation/interceptors

Change-Id: I3d10b3470ae45a4c8aedd8e128369508a462cd27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118546
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76491}

This CL takes advantage of the z15 `load reverse and replicate`
instruction to optimize Simd LoadSplat opcodes.

On the simulator we only run `load replicate` as reversing is
not required.

We will need to implement the rest of the `load transform` ops
before enabling this from wasm-compiler on BE machines.

Change-Id: I81ffedf51c3d35dbbc2a6455a2756cad25434127
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3115142Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76490}

This introduces a new flag, --experimental-wasm-unsafe-nn-locals, which
allows arbitrary unvalidated local.get operations on non-nullable
locals.
For invalid accesses, this will crash. The intention is to allow module
producers to experiment; if they find these locals particularly useful,
we will add engine-side validation later.

Bug: v8:7748
Change-Id: I9a05747eaff312448ce0acf57a412e76679ff061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3110192
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76489}

This reverts commit 40af03b8.

Reason for revert: Breaks on win https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20debug/39151/overview

Original change's description:
> [codegen] Align the code start at 64 byte in x64
>
> In order to make loop header aligned at 64 byte (relative to memory address), code start should also be aligned at 64 byte.
>
> Bug: chromium:1231471
> Change-Id: I95390babd9cc78492e0beb0f1b03901eb481d5d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094167
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
> Cr-Commit-Position: refs/heads/main@{#76484}

Bug: chromium:1231471
Change-Id: I93ad896d40e8bb906a05eab8e03980ce2061b9c0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118005
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76488}

Bug: v8:11947
Change-Id: I89d97feba5e13577a768675122173b65af207dcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060479
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76487}

In a follow-up CL, the backing stores will, when the sandbox is enabled,
be referenced from V8 objects through offsets rather than raw pointers.
For that to work, all backing stores must be located inside the virtual
memory cage. This CL prepares for that.

Bug: chromium:1218005
Change-Id: Ibb989626ed7094bd4f02ca15464539f4e2bda90f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114136
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76486}