This CL extends the live edit mechanism to allow editing the function
that is currently on top of the stack, as long as that call frame is
the only activation of that  function.

The CL changes how we look for functions on the current JS stack:
Instead of starting at thread_local_top we start at the frame we
are currently paused in. This is possible since there can not be any
JavaScript frames above the current "break frame", only C++ frames
which are not relevant for live edit.

If the edited script modifes the top-most function, the inspector
will trigger a restart of that call frame. That is why we check
if we can actually restart the function and only allow the live
edit to go through if that is the case.

Note that this CL also adds a kill switch in the form of a runtime
flag for this feature, in case we need to pull the plug and disable
this feature again via back-merge.

R=jarin@chromium.org

Bug: chromium:1334484
Change-Id: I711913df96c8acc786ad4de28de804d2f90e1847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695353Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81097}

... which might fail because usual operator== for tagged values compares
only lower 32 bits of the pointer.

Bug: v8:11880, v8:12958
Change-Id: I0978d6c510424aecfee2f044c40ea424b6cb3ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695593Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81096}

R=thibaudm@chromium.org

Bug: chromium:1335523
Change-Id: I194915b37ea27b3d7d1a9f2367b6935b8a3bff39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702233
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81095}

Bug: v8:12783
Change-Id: I2d02b4466edb1da48512b1f2d2bc14f6d5cb8dc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701596Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81094}

Already after enabling Liftoff, the name did not match the semantics any
more. The callback was called after top-tier finished, not after initial
compilation of the module finished.
With dynamic tiering, the name is even less fitting.

This CL renames the "OnModuleCompiled" callback in the API to
"MoreFunctionsCanBeSerialized", which makes it more obvious what the
API should be used for. It also internally renames all related typedefs
and methods accordingly.

One call of the callback in the streaming decoder was already wrong
before this CL and is being removed.

R=jkummerow@chromium.org, cbruni@chromium.org

Bug: v8:12899
Change-Id: I95c0fc9e32442383e47e4370e31277cc065bf0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687689Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81093}

Deprecate the LegacyOOMErrorCallback in the 10.5 branch. Embedders are
expected to switch to OOMErrorCallback.
The deprecated LegacyOOMErrorCallback will then be removed in the 10.6
branch.

R=mlippautz@chromium.org

Bug: chromium:1323177
Change-Id: I83001bec760848ef39f0638ed5c5c9eaa7cdb6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646014Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81092}

This reverts commit c2f25454.

Reason for revert: CFI build failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/11255/overview

Original change's description:
> Avoid use of x18 register on arm64
>
> This causes crashes on Windows, as x18 is the "platform register",
> holding a pointer to thread-local storage.
>
> R=​jkummerow@chromium.org
> CC=​seth.brenith@microsoft.com
>
> Bug: v8:12959
> Change-Id: I20b8bee145d4ab3a40d8d140d98572df8300251c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695569
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81090}

Bug: v8:12959
Change-Id: Id239ccb55e0a2d29051f402af64a855a8fd2d23b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702231
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81091}

This causes crashes on Windows, as x18 is the "platform register",
holding a pointer to thread-local storage.

R=jkummerow@chromium.org
CC=seth.brenith@microsoft.com

Bug: v8:12959
Change-Id: I20b8bee145d4ab3a40d8d140d98572df8300251c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695569Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81090}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8ac7b3a..eb941d4

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220610.3.1..version:8.20220612.1.1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/8c95aed..2b3af06

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I3145586bec136a2ee98f1d2c6d10170a35743c7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701217
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81089}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/36d2c30..8ac7b3a

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220610.2.1..version:8.20220610.3.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ib61ca93d3d6047172ddc017d95e22951447dc302
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701215
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81088}

Bug: v8:12868
Change-Id: Ib92cbf7eae8e4b7bc76bc918011be747254d931f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700075
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81087}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2fdb9a9..36d2c30

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/a9467d8..6fbb744

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220609.0.1..version:8.20220610.2.1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/2f657cf..8c95aed

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie75126d6536441ebd96dc1846ccc053cb2cc9f32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700894
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81086}

... in unittests/testcfg.py on android.

Bug: v8:12781
Change-Id: I7a7f4edbae4f4fe646063d048f5132c401422be4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3697864Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#81085}

This is a partial reland of https://crrev.com/c/3597106

With this change, an old entry in the script compilation cache is not
completely removed by CompilationCacheScript::Age(). Instead, its value
is replaced with undefined. In that way, the Script is still accessible
from the table until the garbage collector destroys it and clears the
weak pointer.

Bug: v8:12808
Change-Id: Ib494674e67d0fec455e1fed40499c5cca3b7c0a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673426Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81084}

... to avoid additional indirection on every access.

Bug: v8:12949
Change-Id: I16840ac0517e86f1f70252153112ca3475527416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693707Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81083}

Bug: v8:12868
Change-Id: I5fb5dccb5ff6b691348a519253de338fa91e8be1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695269Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81082}

- Added separate layer for phases
- Moved json parsing logic to new layer

Change-Id: I16289b1f4f62d011c1801fbc37bac49ff911e61e
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695566
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81081}

Adds Module::GetStalledTopLevelAwaitMessage() API which searches for
modules that have no pending async dependencies but have not yet
resolved. An embedder may call this API when they are about to exit
to check if TLA evaluation has stalled and provide a better error
message.

Change-Id: I3b88802f70cc84c973551f13d73ef3e3d06f4027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341765
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81080}

Minor refactoring; shouldn't affect behavior.

This is a partial reland of https://crrev.com/c/3597106

Bug: v8:12808
Change-Id: Ibcc683317a6a85bb332dc96b212275f832cc59d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3665263Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81079}

Remove internal slot of LocalizedNumberRangeFormatter
in NumberFormat and PluralRules and converted from
LocalizedNumberFormatter on the calls require it instead.

Bug: chromium:1307699, chromium:1307698
Change-Id: I9be1b7dd1c931f273d845359ca4de1273ea837a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555261Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81078}

Use the field index to look up the descriptor for double fields, and add
a dependency on them.

Drive-by, fix store field optimisation to only emit the optimised direct
store for tagged fields, so that we don't accidentally insert
HeapNumbers into double fields (making them mutable).

Bug: v8:7700
Change-Id: I699c2a2e4e13194045139b9c995d05eb138c0e7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700071Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81077}

Bug: v8:12786
Change-Id: I0c53f9d7027c6b457186b2a04ab65daf7d6e0f85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698554Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81076}

profiling is enabled

Bug: v8:12952

Change-Id: Ie3c3de71c5ca4be8256ac87e60b183bc45e47cf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3696481Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Cr-Commit-Position: refs/heads/main@{#81075}

In particular, this CL adds support for:
- exception handling
- source positions
- OSR
- various numeric operations and conversions

Since the test suite now passes with `--turboshaft`, this also adds a
new variant for Turboshaft and enables it on some bots.

Bug: v8:12783
Change-Id: Ia2dd2e16f56fc955d49e51f86d050218e70cb575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669251Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81074}

This method was intended to run single-threaded, so with parallel
marking disabled. While correctness isn't an issue here (simply because
we will later run this method single-threaded as well), some CHECKs do
not hold when parallel marking is active.

Bug: chromium:1325628
Change-Id: Iedebcf6241835011982217b1452271e38a36ce9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700074
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81073}

roll_merge.py manually checks out V8 into a temporary directory, locally
builds a cherrypick, and uploads this to Gerrit. However, Gerrit has its
own REST API which allows cherrypicking. Using this API directly has two
advantages:

  1) We don't need to perform any local checkouts, so it's much faster,
     and
  2) The cherry-picked commit is marked as a cherry-pick by Gerrit,
     which means Rubber-Stamper-Bot will treat it as a cherry-pick.

The implementation for now is very simple, and doesn't support things
like cherry-picking multiple revisions or applying an additional local
patch. It does, however, increment the patch value in v8-version.h, and
tries to set Owners-Override +1.

Bug: v8:12849
Change-Id: Ie242dbec6b3d24f5118d601e9d326465d190a8f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644609
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81072}

Add a missing check to reject illegal sections.

The test is added in three forms, to give fuzzers more food: A fuzzer
regression test for the streaming fuzzer, a unit test for the streaming
decoder, and an mjsunit test for streaming compilation.

Drive-by: Remove a redundant line in the synchronous decoder (this is
already handled by the following statement.

R=ahaas@chromium.org

Bug: chromium:1335023
Change-Id: Ic8c3b301f1b58981c7d68eafcffc89531ed2c64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698549Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81071}

The mid-tier register allocator keeps values in stack slots for too
long. This is incompatible with left-trimming, therefore we cannot
enable it for JS functions.

Bug: chromium:1335054
Change-Id: I61ab97d4fbfcbb81319e611a64a6454e050a1d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695266Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81070}

... flag-definitions-unittest.

We should setup the isolate to get the correct Flag_*.
This CL fixes the breakage in https://ci.chromium.org/p/v8/g/ports/console including https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite and https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite%20-%20debug etc.

Bug: v8:12781
Change-Id: Ifca84c02f8458f0a906948f4a7e0f999af429abf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3697865Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#81069}

... base/platform/platform-unittest.

Bug: v8:12781
Change-Id: I05902bfa5ad6f391f7b7ffa8b22b46627c244fef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688893
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81068}

Bug: chromium:1325007
Change-Id: I6adb06c4b15e5656f2b2c47b49d6a225750a6b2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695572
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81067}

... execution/thread-termination-unittest.

Bug: v8:12781
Change-Id: I772ad8550e242eae66f76c5785aeb7f1e4425fae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688894
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81066}

This CL splits two mjsunit files and skips the ones
which take the longest on the simulator and cause a timeout.

Change-Id: I89be764dc2d7684b401690a23bf53a3ef6384d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693667
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81065}

... into VisitExternalPointer(HeapObject, ExternalPointerSlot,
                              ExternalPointerTag).

Drive-by: introduce ExternalPointerSlot - a slot containing an
ExternalPointer_t value.

This cleanup is a prerequisite for inlining Foreign object fields into
field's holder objects.

Bug: v8:12949
Change-Id: Ifd74ed285796b0952d7d06de82b56c63fd1f7f3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695361Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81064}

GCC fails to compile extract_first_nonzero_index because of the
signedness type mismatch in the NEON intrinsics.

Bug: chromium:819294
Change-Id: I9b73e5fa1d5fbf161740ab1b5d77f5c494369dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693709Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81063}

Use the "convert" parameter to SequentialStringKey to construct one-byte
strings out of two-byte input vectors, where appropriate.

Change-Id: I8a214b3960c677614d6f82ed3b29405e2e493e81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557981
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81062}

Run mem in simulator may be occurs segments fault. This cl to fix it.
If value of reg is small int, it should be smi.

Change-Id: I60b4eb8c959bc9f86ae28718ff6dd54ecf40a6ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698757
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81061}

The module's "prefix hash" is based on a prefix of the module bytes that
starts at the beginning of the module and stops at the code section.

In the case of the streaming decoder, if the code section is empty,
`AsyncStreamingProcessor::ProcessCodeSectionHeader()` is never called,
and we keep accumulating bytes in the hash after the code section. Fix
this by always calling into the streaming processor even if the code
section is empty.

R=ahaas@chromium.org
CC=clemensb@chromium.org

Bug: chromium:1334651
Change-Id: Id2a03468b355867868e589523c994c268c7b4eaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695564
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81060}

Currently, PageAllocator assumes that FreePages(start, size) will always
be called on the same region that was passed to AllocatePages(start,
size). This assumption is made in:
1) leak-sanitizer (LsanPageAllocator) that checks it explicitly,
2) on Windows, FreePages() calls VirtualFree() with zero-size and
   MEM_RELEASE, which causes the entire reservation to be freed.

The CL temporarily fixes the bot failures just by holding the unneeded
half and adds a TODO to return the unneded part back to the OS.

Bug: chromium:1325007
Change-Id: I2bd878876d43d693cf2138020f410ffe1615b4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695363Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81059}

... static generator methods and static async generator methods
for Class.

Bug: v8:11525
Change-Id: I58e8059c95e8a24e1a09d84aea84b82d35f5e2d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688891
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81058}