Destructors are allowed to allocate without triggering recursive
garbage collections.

This changes NoGCScope to provide a soft-bailout for garbage
collections to avoid introducing yet another scope.

Bug: chromium:1056170
Change-Id: I0fe51a21977ae954221b6b64b2f6e938ff6d3264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185131
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67632}

Adds a public method that embedders can use to trigger garbage
collections. Such garbage collections are always required to have a
source and reason specifying which components calls it why.

Change-Id: I6ae983f99227febc1b7f0dd15c191d5b1eaaf3f3
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181332Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67631}

RunSingleMicrotask calls Runtime::ReportMessage, but the implementation
of ReportMessage would unconditionally discard these exceptions. This
CL removes all of the intermediate logic and directly calls
MessageHandler::ReportMessage, restoring the ability of
RunSingleMicrotask to report exceptions that occur in microtasks.

Bug: v8:8326
Change-Id: I493de74383b2ab191d786611fb9eba9d27e7a243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162121
Commit-Queue: Gus Caplan <me@gus.host>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67630}

Bug: v8:7703
Change-Id: If2d5c2da1d653247f49e5dfb2e50850b97119b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170798Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67629}

BUG=chromium:1076569

Change-Id: I178e12e20f48dc4216c3f108352425e0aa91047f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185130
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67628}

This CL introduces VOR and VSRO opcodes which get used
for implementing F64x2Splat, I64x2Splat and F32x4Splat.

Change-Id: I64b4cd340fbe9ecf6a789a91e3219b6ad83ce3f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184830Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67627}

See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: I3d2503b46172bc2fa310b24f04e944ff211ebf51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182310Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67626}

Avoid templates, just encode all wasm opcodes as 2-byte LEB instead.

R=zhin@chromium.org

Bug: v8:10258
Change-Id: I3bfd5235b235a5d9366e0007e915a2c02a09b0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182638Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67625}

Bug: v8:10180
Change-Id: Ia7bb052d8f259939f17c7261a5ae3f2475bcf255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173945Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67624}

The location of the immediates depend on the opcode length if a
s128.load/store was encoded using multiple bytes.

Bug: v8:10258
Change-Id: I09de8a37d442c0711de96ba4bb1746ae6732d83e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182960Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67623}

See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: Ief62795bbce5f1e531c3f9c245e3c0294d698cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183272Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67622}

- Rewrites the following builtins in Torque:
  WasmThrow
  WasmRethrow
  WasmStackGuard
  WasmStackOverflow
  WasmTraceMemory
  WasmAllocateJSArray
  ThrowWasmTrap* builtins

- Changes return type of LoadContext* functions to NativeContext,
  so we can more easily construct JS objects.

Change-Id: Id034358f9f15e0acc58fd1f493b15d1cfd177a23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174830
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67621}

This is a reland of 8c8e6b41

Timeouts seem unrelated.

Original change's description:
> [offthread] Serialize new-space objects into old space
>
> If an object made it into serialization, it probably deserves to be in
> old space when it is deserialized. This will also make off-thread
> deserialization simpler, as there is no off-thread new space.
>
> Bug: chromium:1075999
> Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67606}

TBR=jgruber@chromium.org,ulan@chromium.org

Bug: chromium:1075999
Change-Id: Iac4e4eebeca1c343250269cdaad17e23645e9e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184970Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67620}

Bug: v8:10391
Change-Id: I4e86394c53d02eab797c2daad2ccfde6acb83bf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2151350
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67619}

This prevents bug flooding based on differences from calling
%GetOptimizationStatus in correctness tests. It is supposed to
be suppressed with --allow-natives-for-differential-fuzzing.
This ensures early bail-out in case the flag is forgotten at
some point. The v8_sanity_checks.js file is executed before
each correctness test case for this purpose.

NOTRY=true

Bug: chromium:1044942
Change-Id: I74a836a82562604b35e94e5e123a2a8bff939423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184294Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67618}

and avoid runtime calls for struct allocation. We can load the
map from the instance and do the allocation in a CSA builtin.

Bug: v8:7748
Change-Id: I76dfcb6c28800d69046b3d7381d3b8ba774fbf09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169099
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67617}

On the PredictablePlatform, worker tasks were executed immediately
instead of posting them in a task queue first. This approach caused
problems because the execution of the worker task blocked progress of
the posting task, and the worker task was always executed in the
context of the posting task, e.g. with an already open HandleScope.

With this CL, worker tasks get posted into the foreground task queue
of the nullptr isolate instead of executing them immediately.
The tasks of the nullptr isolate are then executed after a task of
some other task queue is executed. As the worker tasks are thereby
executed on the same thread as foreground tasks, the behavior is
deterministic.

A consequence of this approach is that each pumping the message loop
of an Isolate may also execute other Isolate's background tasks.

This approach is needed because we don't have a BackgroundTaskRunner but
merely a CallOnWorkerThread method that doesn't know which Isolate the
task corresponds to.

R=clemensb@chromium.org, mlippautz@chromium.org

Bug: v8:9670
Change-Id: I6847ae042146431bc2376d27280be8829f529b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182453
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67616}

This reverts commit 8c8e6b41.

Reason for revert: Makes Mac64 debug quite flaky: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20-%20debug/28766

Original change's description:
> [offthread] Serialize new-space objects into old space
> 
> If an object made it into serialization, it probably deserves to be in
> old space when it is deserialized. This will also make off-thread
> deserialization simpler, as there is no off-thread new space.
> 
> Bug: chromium:1075999
> Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67606}

TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org

Change-Id: I0baca3c3b7985fcda6b9055f93111ec99c207d29
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1075999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183925Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67615}

Motivation:
There were three versions of type decoding for wasm in the codebase.
Not all of them decoded gc types with immediates (reference types)
correctly.

Changes:
- Refactor the wasm binary decoder for unify type decoding.
- Update BranchTypeImmediate and SelectTypeImmediate to handle
  reference types.

Reference: https://github.com/WebAssembly/gc

R=jkummerow@chromium.org
Bug: v8:7748

Change-Id: I33b38c911d366570ca6ef2723ded5205698e1979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179003
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67614}

This is a reland of afd9493a

LSAN_IGNORE_OBJECTs for FreeListCategories are now removed.

Original change's description:
> [heap] Remove FreeList when sealing RO_SPACE
>
> This releases the FreeListCategories for each MemoryChunk when sealing
> the ReadOnlySpace and deletes the FreeList.
>
> Additionally this also calls
> ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
> sealing when pointer compression is enabled even if no memory is to be
> shared.
>
> Bug: v8:10454
> Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67598}

Bug: v8:10454
Change-Id: I08fcd122437c65c01af526fa8316d5c9e3ebeb3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184297
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67613}

Bug: v8:10484
Change-Id: I977c5974d33472f5af20d7646ad4cf2c58049632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182452
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67612}

These will be used by ic-collecting builtins called from both bytecode
handlers and js-generic-lowering.

For now only x64 is implemented.

Bug: v8:8888
Change-Id: I12a21b40061b7cb6c9b3cbad6134e7457a6cfa44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184237
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67611}

When the input to a speculative BigInt operation was an undefined
constant, no necessary type check was inserted by the
RepresentationChanger. This CL fixes this.

Bug: chromium:1077804
Change-Id: I3d4e15b1e018803d56e46c7b23b9d4b03832ba8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182455
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67610}

This patch unfies the finalization logic between the various unoptimized
compilation paths in compiler.cc, taking the various post-processings and
fixups needed for off-thread finalization and performing them in the same
order for the other finalizations.

It also unifies the general compilation path between streaming script
compilation, main-thread script compilation, and main-thread lazy
compilation, making the main-thread paths both use an iterative execution
and finalization, and making all three use the same job helper methods
and overall finalization helper.

Bug: chromium:1011762
Change-Id: Ibe56f6d2f75a2deffbe9e0b600ded8a02293b722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172790
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67609}

Move rewriting, scope analysis, and internalization, to be unconditional
operations done after parsing rather than a separate compile phase. This
removes some of the complexity about rememberering when to call
Compiler::Analyze, and makes these paths a bit more uniform.

Also, forbid allocating any more AST strings after AstValueFactory
internalization, by nulling out the Zone. Add an InternalizePartial
method which doesn't null out the zone for those cases where we do want
to be able to allocate after internalizing (e.g. internalization before
scope analysis).

Change-Id: Id444246d8362a1d169baf664fc37657d9576fd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182458Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67608}

Interpreter entry compilation was removed in
https://crrev.com/c/2172962. This CL removes the
{WasmInterpreterEntryFrame} and the corresponding
{WASM_INTERPRETER_ENTRY} code kind.

Some follow-up cleanups are left as TODOs.

R=jkummerow@chromium.org,bmeurer@chromium.org

Bug: v8:10389
Change-Id: I1a43eba1ac1a751e05990c688088d99fc901231f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182456Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67607}

If an object made it into serialization, it probably deserves to be in
old space when it is deserialized. This will also make off-thread
deserialization simpler, as there is no off-thread new space.

Bug: chromium:1075999
Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67606}

{base::Vector} comparison is easier to read (IMO), and more performant,
since {memcmp} will be used internally instead of {strncmp}.

R=ahaas@chromium.org

Bug: v8:10155
Change-Id: If92361688a85e96aa661d3e05cc9966e5ea2d04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164796Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67605}

Just alpha-sort the list.

Tbr: ishell@chromium.org
Bug: v8:8888
Change-Id: I8b31f4176d5ad623557a3c0d8ab3f6be80072566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184236Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67604}

This reverts commit afd9493a.

Reason for revert: Speculative revert due to https://ci.chromium.org/p/v8/builders/ci/V8%20Clusterfuzz%20Linux%20ASAN%20arm%20-%20debug%20builder/14978?

Original change's description:
> [heap] Remove FreeList when sealing RO_SPACE
> 
> This releases the FreeListCategories for each MemoryChunk when sealing
> the ReadOnlySpace and deletes the FreeList.
> 
> Additionally this also calls
> ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
> sealing when pointer compression is enabled even if no memory is to be
> shared.
> 
> Bug: v8:10454
> Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67598}

TBR=ulan@chromium.org,delphick@chromium.org

Change-Id: I135c1ebc2340a75a30305b84625710ef14d9cdb3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10454
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183921Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67603}

Enable the use of Heap::AlignWithFiller off-thread by making the method
static.

Bug: chromium:1075999
Change-Id: I8071ae678f954dd4e960b2cd83f63dd22a948920
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184230Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67602}

Bug: v8:10391
Change-Id: Ic92cdaca38c2181427cc12ec5e572d5964afe704
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2152647Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67601}

Allow ReadOnlyRoots initialization from an OffThreadHeap, by creating
a FromHeap getter on OffThreadIsolate analogous to the one on Isolate.

Bug: chromium:1075999
Change-Id: Ie00e1547160e24d35bd7b0dd36d1b7eead87341e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184289Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67600}

Allow cleared references to be created with an OffThreadIsolate.
This includes allowing isolate_root to be accessed from the
OffThreadIsolate, for pointer decompression.

Bug: chromium:1075999
Change-Id: I62e0fe2c1c6166a7b816593ae1ec5ddb1c25d861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183911
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67599}

This releases the FreeListCategories for each MemoryChunk when sealing
the ReadOnlySpace and deletes the FreeList.

Additionally this also calls
ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
sealing when pointer compression is enabled even if no memory is to be
shared.

Bug: v8:10454
Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67598}

When updating the native module cache, the native module must have been
created in the same engine before. Hence replace a conditional by a
DCHECK, and add two more DCHECKs to ensure that all involved modules
belong to the same engine.

R=thibaudm@chromium.org

Bug: v8:6847
Change-Id: Ieb66b6b0bda40cd3c4637d38918762bc01c3a2d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182640Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67597}

Upon deserialization, serialized references to the global proxy are
replaced by the actual global proxy object. We must do the same for
the global proxy map.

Drive-by: Updated other outdated test skips.

Bug: v8:10504,v8:10416
Change-Id: Ib47ae2d08bbea2ca916f53152e9d4f75bb0a0e15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183913Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67596}

Fully remove the successor blocks when effect-control-linearization
reaches an unreachable node and is maintaining the schedule. Previously
we just updated the current_block_'s successor and removed any
unreachable predecessors from end, however if the current_block_ is not
an original block in the schedule, but a new one added due to control
flow from effect control linearization lowering, the removed successor
blocks could still be re-connected to the end block when they were
lowered. Instead, entirely remove these unreachable blocks from the
predecessor / successor chains, and have the effect-control-linearizer
avoid lowering these blocks entirely.

BUG=chromium:1076569,v8:9684

Change-Id: I4b4216019d55aef5363d88255726b85df8e7ada5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179842Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67595}

The Isolate* parameter in the deserializer SanityCheck is unused, and is
blocking the use of the deserializer off-thread.

Bug: chromium:1075999
Change-Id: I0f2acae3c1aff62aafeb2680a2eecb44b1608803
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184290
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67594}

Change-Id: I4f610400eab6e24fb7eb06465ca9abc63d20fdb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182474Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67593}