Instead of implementing ExternalObjects as plain JSObjects with a single
EmbedderDataSlot pointing to a Foreign containing the actual raw
pointer, this CL now creates a new JSExternalObject type that directly
contains the external pointer.

As a side-effect of this refactoring, nullptr values are now no longer
valid for ExternalObjects.

Change-Id: Ic8ff334681c966e823ca70f34dd1efaaa21a0789
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513234Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79459}

Move the check for whether an object is live or dead out of the
prefinalizer trampoline. Moving it into the backend allows for
inlining the check which avoids a call to the trampoline for live
objects.

On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
~2k finalizers registered. In order to avoid memory overhead in the
range of a few KB, we store the fact whether the object points to the
base object payload in the LSB of the pointer. For caged builds this
is replaced with just storing the index into the cage for both object
and base object payload.

Locally saves around ~10% of atomic sweeping processing time which is
in the order of .05ms.

Bug: v8:12698
Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79442}

The only user of OverrideEmbedderStackStateScope is Blink where it is
used to override stack state of top-level tasks. Adjust the behavior
here to allow using this scope broadly while still supporting explicit
garbage collection calls.

Bug: chromium:1300492
Change-Id: I78c418c5f08991bf6857147cd4a537246bfcc556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497744Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79420}

Report full GC statistics to the Recorder API. These will be used by
Blink to populate UMA histograms. Existing UMA reporting in V8 remains
as is for now and will be removed in a followup.

With this CL, most full GC statistics are reported as part of
V8.GC.Cycle.*.Full.*. Also V8.GCMarkCompactReason is migrated to
V8.GC.Cycle.Reason.Full.

This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3353448

Bug: chromium:1154636
Change-Id: I199be75e75144a59e5f56a6872268d0ecad3a885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3356195Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79408}

Resurrecting finalizers cause all sorts of problems, from performance
penalties when used to hard-to-debug memory leaks.

There's no more usage left in Blink as well as V8 internally, so
deprecate resurrecting finalizers.

Bug: v8:12672
Change-Id: I998373d6468bbd3bd581a41dec8904de80561f43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507991Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79394}

Change-Id: I29b48de9e0f6d6db5fba50d4a081656d869d9892
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506309
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79389}

Instead of returning a boolean success/failure value, the Free* methods
of the VirtualAddressSpace API now terminate the process on failure, as
this implies a bug in the caller. This is simpler than CHECKing for
success in all callers and also provides more details about the possible
cause of the failure.

Bug: v8:12656
Change-Id: I5b469ae2c564068cff74e60b7e98f6a4776a239d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506992Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79388}

- Add a comment on the macro that registers a prefinalizer.
- Refactor the API to avoid exposing internal types needlessly.

Change-Id: Ia88e786304616848556263410a8f5398c5374533
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497766Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79334}

Before this CL Oilpan would schedule concurrent marking and sweeping
even in the presence of --single-threaded-gc. This e.g. flakily breaks
Blink tests that do not set up a thread-pool in certain configurations
where they pass --single-threaded (implying --single-threaded-gc).

Bug: chromium:1300492
Change-Id: I64f0c6a20f9c29d689a62e63cc5a8d024962ff2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497760Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79321}

Similar to other external pointers, the indices into the external
pointer table are stored shifted to the left to guarantee an upper
bound.

Bug: v8:10391
Change-Id: I079dc1568f49ae349c326a8e83fc32c93bdb35cf
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455152Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79209}

- TracedGlobal is now fully deprecated
- Removed GarbageCollectionForTesting

Bug: v8:12603
Change-Id: Iaaea924888d60f936c34461654d78d74792919f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471557Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79207}

This reverts commit 38db63b2.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/42484/overview

Original change's description:
> [profiler] opt-in tracing setting
>
> CpuProfiler includes logic tracing that is only relevant in
> the context of TracingCpuProfiler.
> Adds a setting to disable tracing for SamplingCpuProfiler.
>
> Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79190}

Change-Id: Ib39f3790c5ba63ba2609cd8e5f6c218cd8e96ef7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477102
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79191}

CpuProfiler includes logic tracing that is only relevant in
the context of TracingCpuProfiler.
Adds a setting to disable tracing for SamplingCpuProfiler.

Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79190}

Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS.
With this CL, V8_OS_DARWIN will be set on both macOS and iOS,
V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS.

This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and
renames platform-xnu.cc to platform-darwin.cc.

Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79167}

Outside of unittests, if someone tried to delete a GCed object manually
they would get a silent crash without a stacktrace or any error
messages. This CL replaces the silent crash with an informative message.

Change-Id: Ied8895dab43ce7e3a9bf778b13e77d377d269fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468346
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79141}

Change-Id: I2c4bcabe00d85188675441dc242cd2efc90c5fca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3470561Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79136}

The new shared memory API should only be used on macOS, but
platform-macos.cc was also included on iOS, causing build failures. This
CL splits platform-macos.cc into platform-xnu.cc (common code for macOS
and iOS) and platform-macos.cc (the macOS specific parts)

Bug: chromium:1218005
Change-Id: Iab332865ffd8990ddd246bb9c08802909464d7e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468895Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79131}

This API allows allocating shared memory mappings inside a virtual
address space from a platform-specific handle to a shared memory object.
This will make it possible to allocate shared memory inside the sandbox,
for example as backing memory for ArrayBuffers.

Bug: chromium:1218005
Change-Id: I4f1f50baec50734e846496cff78046e4fffe75c5
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383777Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79123}

These should not be allowed inside the sandbox as they could be
corrupted by an attacker, thus posing a security risk. Furthermore,
executable pages require MAP_JIT on macOS, which causes fork() to become
excessively slow, in turn causing tests to time out.
Due to this, the sandbox now requires the external code space.

In addition, this CL adds a max_page_permissions member to the
VirtualAddressSpace API to make it possible to verify the maximum
permissions of a subspace.

Bug: v8:10391
Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79119}

Change-Id: I598b3e7b0ad349c504d8729eb288d19b14319253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439336Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Harshil Jain <twitharshil@gmail.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79074}

The generational barrier for source objects records the entire source
object to be processed later during remembered set visitation. It's
planned to be used for Blink backing stores when an inlined object (or a
range thereof) is added (HeapAllocator::NotifyNewObject(s)).

An alternative approach would be to eagerly process the inlined objects
using a custom callback. However, this requires changing Visitors to
bring slots into the context. This approach should better work for
scenarios where small ranges or single elements are added, to avoid
processing potentially large backing stores. The followup CL implements
this idea.

Bug: chromium:1029379
Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79073}

This will enable proper reporting of OOM errors during snapshot
deserialization, for example https://crbug.com/614440#c27.

Bug: chromium:614440
Change-Id: I226fb763d2630d0b21f7552070ed1a4cc222f69b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445203Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79055}

This will allow users to create invalid V8DebuggerIds, e.g. to handle
error cases.

Bug: v8:12528
Change-Id: I6efbea934d444b520fc43531b910f4f80c718630
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445742Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79000}

This method returns the unique debugger ID for a v8::Context (i.e. the
V8DebuggerID), serialized to a pair of int64_ts.

Bug: v8:12528
Change-Id: Ib2cdda73447f8233f9afb773fed4a634d4618aef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3369124Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78958}

Replacement is v8::TracedReference in combination with v8::Global if a
callback is really needed.

Bug: v8:12603
Change-Id: Iae48fee2e6588a594d430c5f3a71ff0b3e67e5b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439873Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78950}

This is needed to support minor gc tests on the Blink side.

Bug: chromium:1029379
Change-Id: Ic7ce1ae8e626b87738d76663ceecf7198e425d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437050Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78943}

The methods in explicit_management.h should be called via the public
variants in the subtle namespace. Calling the variants in the internal
namespace directly skips asserts and required size coversions. Doing so
may cause misuse of the api that may break GC inernals

Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78920}

The CL does following:
1) Makes sure young generation works and tests pass;
2) Provides CollectGarbageInYoungGenerationForTesting() that is needed
   to support remaining tests in Blink;
3) Moved cppgc_enable_young_generation GN flag to v8.gni to refer to it
   from Blink;
4) Bails out from marking TracedReferences in UnifiedHeapMarkingState;
5) Disables (temporarily) prompt freeing for young generation;
6) Fixes remembered set visitation for nullptr|kSentinel slots.

Bug: chromium:1029379
Change-Id: I5165fa22c8a0eaa708ef7a35a9978cb12e1cb13e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429202Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78901}

The ctors dispatch between atomic and non-atomic writes; there's no
need for a default initializer.

Bug: chromium:1292728
Change-Id: I2b4c3341ee2d2682ba0113c8366456147ebc717e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429201Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78884}

This guarantees that they are smaller than the maximum external pointer
table index when shifted to the right on load.

Bug: v8:10391
Change-Id: I601f37fbb9640ee4b5215958afcc474c5e0eb9af
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359631Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78873}

Part I: V8_DEPRECATED_SOON => V8_DEPRECATED

Bug: v8:11165
Change-Id: I1f7191436ea03d341a0adcb29c8e0c811a12c51d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417434Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78812}

This is a reland of 5320fe8d

Changes since revert:
- Remove stale DCHECK in deserializer

Original change's description:
> Reland "[string] Support shared strings in Value{Serializer,Deserializer}"
>
> This is a reland of 3cb4039c
>
> Changes since revert:
> - Fix FLAG_stress_scavenge interaction with shared Isolate
> - Use the shared Isolate's global handles to keep shared values
>   alive in transit during a postMessage
>
> Original change's description:
> > [string] Support shared strings in Value{Serializer,Deserializer}
> >
> > When FLAG_shared_string_table is true, postMessaging strings will share
> > instead of copy.
> >
> > Note that not all operations on shared strings are supported, and shared
> > strings may be slower than non-shared strings for some operations.

Bug: v8:12007
Change-Id: I70782978ed05558615eca03bafc4c12eba3644ca
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417189Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78791}

Bug: v8:11165
Change-Id: I6d21b5ace124b6a47df983d5e3370d241f58f056
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395880Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78785}

This reverts commit 5320fe8d.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/38175/overview

Original change's description:
> Reland "[string] Support shared strings in Value{Serializer,Deserializer}"
>
> This is a reland of 3cb4039c
>
> Changes since revert:
> - Fix FLAG_stress_scavenge interaction with shared Isolate
> - Use the shared Isolate's global handles to keep shared values
>   alive in transit during a postMessage
>
> Original change's description:
> > [string] Support shared strings in Value{Serializer,Deserializer}
> >
> > When FLAG_shared_string_table is true, postMessaging strings will share
> > instead of copy.
> >
> > Note that not all operations on shared strings are supported, and shared
> > strings may be slower than non-shared strings for some operations.
> >
> > Bug: v8:12007
> > Change-Id: I3462128e15410d2568868143571571b3025722c1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Shu-yu Guo <syg@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78614}
>
> Bug: v8:12007
> Change-Id: I5d9b99b2dac6f26d5ef046d7aec94f1a1d219419
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389533
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78761}

Bug: v8:12007
Change-Id: Ie8e54b30055324e6592562450b51d5a11e11c9d0
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416232
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78762}

This is a reland of 3cb4039c

Changes since revert:
- Fix FLAG_stress_scavenge interaction with shared Isolate
- Use the shared Isolate's global handles to keep shared values
  alive in transit during a postMessage

Original change's description:
> [string] Support shared strings in Value{Serializer,Deserializer}
>
> When FLAG_shared_string_table is true, postMessaging strings will share
> instead of copy.
>
> Note that not all operations on shared strings are supported, and shared
> strings may be slower than non-shared strings for some operations.
>
> Bug: v8:12007
> Change-Id: I3462128e15410d2568868143571571b3025722c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78614}

Bug: v8:12007
Change-Id: I5d9b99b2dac6f26d5ef046d7aec94f1a1d219419
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389533Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78761}

1. Expose all the functions to empty builtins.
2. Wire up the basic structure of ShadowRealm and internal slots.

Bug: v8:11989
Change-Id: If7545fe18a74b2bd4b70a1a25776e41f03aaff89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195532Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#78757}

The hello world sample needs to initialize V8's default platform in case
it is not built as stand-alone example.

Bug: v8:12427
Change-Id: I78b68fbed2c2a25b0ff03675beb94dfc5b9b4135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412088Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78756}

When sandboxed external pointers are enabled, external pointers now only
require 32 bits of storage space in a HeapObject. This CL does not shrink
the size of EmbedderDataSlots, which will happen in a follow-up CL.

Bug: v8:10391
Change-Id: I3cf8b68c3b985cf806a45183717f50462a88c281
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359629Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78754}

Bug: v8:12356
Change-Id: Ib9e99c8b05e24a8983c5ff3d36ca534a262738a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404774
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78717}

So far this flag was process-global, so if one isolate used v8::Locker
all isolates were forced to use v8::Locker. With the shared isolate
now being a thing that routinely gets migrated between different
threads, all users of the shared isolate would be forced to use
v8::Locker. So we now store that flag on the isolate such that using
v8::Locker for the shared isolate does not affect other isolates.

Deprecate v8::Locker::WasEverUsed() at the same time.

Bug: v8:11708
Change-Id: I60531f084cc1b1b113620c46f5bed20511f52c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401595Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78712}