[infra] Increase timeout (1h → 2h) and bump shards (8 → 10) due to lower performance bots (8 → 4 cpus)

Bug: chromium:1279426
Change-Id: I6e4d010ae57541b051529a76b11d265d34f36010
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350579
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78423}

Port b36368d2

Change-Id: Icac5b041f2af423b2b81eab53bfc56644ca29374
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347228Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78422}

Bug: v8:12502

Change-Id: I8d1b599fc945e276b70901953368768594470204
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3343861Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78421}

Change-Id: I8b19de82af5e3f856f22b6f79d81dc6aee8a3d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347231
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78420}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6353c5a..4edcc0a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4d36f128d348363ae57111cb6aa63d744262df70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3349172
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78419}

Shared array buffers are not tracked by the garbage collector, which
makes the fuzzer run out of memory pretty quickly. Since shared memory
is not needed any more for testing atomics, we can just make the memory
non-shared again.

This also improves the performance of the fuzzer (execs/s) by more than
2x locally.

R=ahaas@chromium.org

Bug: chromium:1281419
Change-Id: Ic7803617d6a14aaa698d9181327ec20b21d29faa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350764Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78418}

The motivation is being able to build Chrome/Mac/Intel on an
Apple Silicon mac.

Depends on https://chromium-review.googlesource.com/c/chromium/src/+/3348020

- Correctly set v8_snapshot_toolchain when targeting x64 on an arm64
  host (always use the clang_ toolchain for now since that's all
  that's needed at the moment)

- Check V8_HOST_ARCH in immediate-crash.h. In V8 terminology, "host"
  is the machine the snapshot generation runs on, while "target" is the
  machine that V8 runs on when it JITs. IMMEDIATE_CRASH runs on the
  host. Up to now, target arch x64 implied host arch x64 so the old code
  happened to work too, but this is the correct macro (and it makes this
  cross scenario work).

- In assembler-x64.cc, only compile the code that probes the current CPU
  when running on an intel host. (There's an early return for snapshot
  generation anyways.)

Bug: chromium:1280968
Change-Id: I4821a5994de8ed5f9e4f62184dc6ab6f5223bc3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348040Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78417}

Report young generation GC statistics to the Recorder API.
These will be used by Blink to populate UMA histograms.
Existing UMA reporting in V8 remains as is for now and will be removed
in a followup.

With this CL, minor mark-compaction statistics are reported as part
of V8.GC.Cycle.*.Young. Also V8.GCScavengeReason is migrated to
V8.GC.Cycle.Reason.Young.

This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3320388

Bug: chromium:1154636
Change-Id: Ia1030c80d4bc75ac6e176ed60f838929ddb9b20f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320430Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78416}

We clear the worker state in the worker thread after processing
all messages (and getting the terminate signal). This could cause
a race condition when interacting with the worker from the main thread.

This was previously working and broke with https://crrev.com/c/3318669

- Add is_joined_ variable which is mutex guarded
- Simplify Worker::State
- Mutex guard task_runner_ access

Bug: v8:12487
Change-Id: Ib53e5a1a636cb29db50efdb63526b0023a5ea768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345005Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78415}

Without simple FP aliasing, a SIMD register will overlap with two
floating-point registers. If we spill an FP register to use it for a
SIMD operation, we need to make sure to also spill the "sibling" FP
register.

R=leszeks@chromium.org

Bug: v8:12330, chromium:1271244
Change-Id: I7fdc6cb8da35d66b4862a8a913ba4ff906cf05aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347576Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78414}

Initialize the (thread-local) memory protection key permissions for any
isolate that joins the wasm engine. Otherwise it can happen that an
isolate gets Wasm code from the cache without ever compiling anything
(hence without ever changing memory protection key permissions), and
then it would not be allowed to access (read or execute) the code.

I tested this change manually on a PKU-enabled devices. The new test
crashed before the fix, and completes successfully afterwards.

R=ahaas@chromium.org

Bug: v8:11974, chromium:1280451
Change-Id: I90dded8b4fdaa8cf34b44107291d3f525ce16335
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347563Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78413}

After https://crrev.com/c/3315446 we allocate the memory protection key
unconditionally, so the method is redundant.

R=ahaas@chromium.org

Bug: v8:11974
Change-Id: I205a0cda86dfaf394c68788a662241d76a3f8510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347562Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78412}

The mid-tier register allocator could not handle the case that the same
virtual register was used for
- the input corresponding to the 'same-as-input' output, and
- another 'unique register' input.

In this case, it cannot choose the already assigned register for the
'unique' register. Instead, it needs to allocate a new register and
introduce a gap move to duplicate the input value in two different
registers.

FYI, the instruction where the current logic failed was:
  (v5(0), v6(R)) = IA32AddPair v7(R) v7(*) v8(R) v7(R)
(where the last input was marked 'unique').

R=leszeks@chromium.org
CC=thibaudm@chromium.org

Bug: v8:12330, chromium:1272204
Change-Id: Ie4843aa9f5e027afe503e0481a4acdfa325dfe0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347821Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78411}

Bug: chromium:1279426
Change-Id: Ia8ce4598da5f5f31fa282c9e7ff330b39caa68d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350451
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78410}

If a name is defined for a wasm function, we retrieve it from the module
and use it for tracing.

Change-Id: I42da12d2476af573017daaa3f216cca8a95efbbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344646Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78409}

R=machenbach@google.com,liviurau@google.com,alexschulze@google.com

Bug: v8:12496, v8:11211
Change-Id: I58c224114ee9c7cde64ffed4ddf639244507db3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333925
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Owners-Override: Liviu Rau <liviurau@google.com>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78408}

Avoid the trailing ";" after the last parallel gap move. Instead, make the
semicolon part of the delimiter between moves.

Before:
gap ([stack:8|w32] = [constant:0];) ([edi|R|w32] = [constant:7]; [edx|R|w32] = [constant:8];)
After:
gap ([stack:8|w32] = [constant:0]) ([edi|R|w32] = [constant:7]; [edx|R|w32] = [constant:8])

R=mslekova@chromium.org

Bug: v8:12330
Change-Id: If9f3d67f09e48f717e839fa7fb8968f20bb58b16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347820Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78407}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e37fef4..6353c5a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I730283874d689afea45eb5347aa998bd50d1a478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3350025
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78406}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/480295f..e37fef4

Rolling v8/buildtools/linux64: git_revision:18df6af86191edab1e47c84d56e608da414d446b..git_revision:281ba2c91861b10fec7407c4b6172ec3d4661243

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a25500b..97da6b1

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/168ca4d..db41eed

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/4424dce..a08f552

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Idcb39c49d1ec7a8a028fedb6225cc4f1da3e10b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347959
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78405}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1a7d92e..480295f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/22e558b..a25500b

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I48d60f353ac190886bed0f55127744c658576e54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348326
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78404}

Change-Id: If9619a796865b402361f521c0529e8452a9a3078
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3343862Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78403}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/539f2b4..1a7d92e

Rolling v8/buildtools/linux64: git_revision:2e56c317bd8e2bf152cfa2ead6ac5fa476fe28b4..git_revision:18df6af86191edab1e47c84d56e608da414d446b

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/d81cd62..4ead610

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/58f3a92..22e558b

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/dc7eff9..4424dce

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I6be576dcf3a61a6f9f48073a2e1f43e24630c2e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345026
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78402}

Change-Id: Idb14cbc5caf0bf17e0a1538ed116e41cf9180d42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345760Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78401}

A SIMD register can "block" more than one FP register. In that case, no
virtual register will be assigned for one of the FP registers. This is
fine, we just need to detect and handle that case correctly.

R=thibaudm@chromium.org
CC=​leszeks@chromium.org

Bug: chromium:1271538, v8:12330
Change-Id: I7ec19229445c5ace0782f63945acb89322816540
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293082Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78400}

This CL
* removes Builtins::codet() and Builtins::codet_handle() returning
  builtins as CodeT objects in favor of code() and code_handle(),
* removes BUILTIN_CODET macro in favor of BUILTIN_CODE,
* removes CodeDataContainer table.

Bug: v8:11880
Change-Id: Ic868549030744b0ff3ea5d5edbfcacf77c6de96d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344650Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78399}

This bitset is used to quickly find the set of used / free registers,
and it should always be consistent with the information in the
{RegisterState}.
This CL adds a little validation after the register allocation of each
instruction.
This should help fuzzers to catch inconsistencies earlier.

R=thibaudm@chromium.org

Bug: v8:12330
Change-Id: Ia8da9708e982726d72d156f5bca04213a3f03b7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3341520Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78398}

This reverts commit 00a757fa.

Reason for revert: Caused perf regressions, https://crbug.com/1280236

Original change's description:
> Shorten generated code for binary-search switches
>
> On some branches of the search tree for a binary-search switch, the
> input value is sufficiently constrained that we could unconditionally
> jump to the last possible case rather than checking for value equality.
> This shortens some builtins by a few instructions and might speed things
> up, though I expect the effect to be small.
>
> Change-Id: I2313f26976e6d3c182f03bd927b338c8175b3af3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335437
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#78376}

Bug: chromium:1280236
Change-Id: I88d9ff64641b85d48198b7012df2eeb9441913b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3343234
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78397}

We don't need this with reversed arguments.

Change-Id: I86c5183bccc62ba1727080ebbd685df083608d2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344947
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78396}

Bug: chromium:1279426
Change-Id: If7c1c96d4637a6d2c2fe20bf6aac921ad9b81490
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3341513Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78395}

We switch the order of inlining and loop unrolling optimizations. This
gives small improvements to wasm-gc benchmarks.
Changes:
- Change the loop analysis algorithm to accept loops directly connected
  to the graph's end. This is required because some nodes in an inlined
  function, such as tail calls, might be directly connected to the outer
  function's end without an intervening LoopExit node.
- Based on the above, skip emitting loop exits for some Throw nodes in
  WasmGraphBuildingInterface.
- Introduce WasmInliningPhase, add it before loop unrolling. Remove
  inlining from WasmOptimizationPhase.
- Handle graph terminators in loop unrolling.
- Add loops in the inlined function to the callers loop_infos.
Drive-by:
- Allow more wasm builtins in unrolled loops.
- Reduce inlining parameters to reflect that functions are now slightly
  smaller during inlining, as no unrolling has taken place yet.

Bug: v8:12166
Change-Id: Iadd6b2f75170aa153ca1efb47fbb0d185c2b8371
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329783Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78394}

... in order to avoid Code <-> CodeT conversions in builtins.
This CL changes the meaning of RelocInfo::CODE_TARGET which now expects
CodeT objects as a code target.

In order to reduce code churn this CL makes BUILTIN_CODE and friends
return CodeT instead of Code. In the follow-up CLs BUILTIN_CODET and
friends will be removed.

Bug: v8:11880
Change-Id: Ib8f60973e55c60fc62ba84707471da388f8201b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338483Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78393}

This is the first step towards moving away from sending `url` with every
call frame when emitting the `Debugger.paused` event.

Bug: chromium:1270316, chromium:1271078
Change-Id: I2f57f21e15bf908ffb53f5c7b5862d3efa329c86
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344946Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78392}

In the WebAssembly Turbofan pipeline, inlining should come before
unrolling. When we inline a function, we link unhandled throwing calls
in it to the handler of the caller node. If a throwing call is in a
loop, we need to generate loop exits between the call and the handler if
we want to unroll later.
This CL adds dangling IfException/LoopExit nodes following each throwing
call in an inlined function. These nodes are connected as required in
inlining.
Drive-by: Remove CheckForException from tail calls, which are kNoThrow.

Bug: v8:12166
Change-Id: Icb8371a0a27234f07d4880e5b3005fc90a91a4b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322975Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78391}

Since load elimination is only enabled for wasm-gc, we should use
LoadImmutable over LoadImmutableFromObject when possible. This is
possible for instance fields, which are always populated before the
start of function execution.

Bug: v8:11510, chromium:1279211
Change-Id: Ib11e8d19b91a16f509983378f74bdc4c3c2150ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3341522Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78390}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/568d316..539f2b4

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/075dd7e..d7bdd6f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/563885e..58f3a92

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9e5809e..168ca4d

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/054a986..97a4675

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ib8167be98698f85d8c196cfee9a053d00ecb3cc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344127
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78389}

While there, make sure to exit on failures (e.g. missing tools).
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: Ie84425bbedefc8c37cf12afbf0ad541caa125ac0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333634Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78388}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/1f16a6ad0..04cd6da0

Bug: v8:7834
Change-Id: Ia7bd4f86974bf96ed3fd6e74d88c98145488c518
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3340192Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78387}

When compiled with gn argument 'is_debug=false' these tests fail on
Windows due to the fact that they're compiled with '/guard:cf'.

This CL changes the use of FUNCTION_CAST to GeneratedCode::Call which
contains DISABLE_CFI_ICALL attribute. This is analogous to how
assembled functions are called in Assembler tests for other
architectures.

Change-Id: I330e29a508ad1421cb98dea3d9761f05272ab763
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3341511
Auto-Submit: Dmitrii Tsykunov <dtsykunov1@yandex-team.ru>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78386}

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I33ef12d28d2e76694f971bab56bd7b7b66731709
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3336502Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78385}

This CL renames a number of things related to the V8 sandbox.
Mainly, what used to be under V8_HEAP_SANDBOX is now under
V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
is now simply the V8 Sandbox:

V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
V8VirtualMemoryCage => Sandbox
CagedPointer => SandboxedPointer
fake cage => partially reserved sandbox
src/security => src/sandbox

This naming scheme should simplify things: the sandbox is now the large
region of virtual address space inside which V8 mainly operates and
which should be considered untrusted. Mechanisms like sandboxed pointers
are then used to attempt to prevent escapes from the sandbox (i.e.
corruption of memory outside of it). Furthermore, the new naming scheme
avoids the confusion with the various other "cages" in V8, in
particular, the VirtualMemoryCage class, by dropping that name entirely.

Future sandbox features are developed under their own V8_SANDBOX_X flag,
and will, once final, be merged into V8_SANDBOX. Current future features
are sandboxed external pointers (using the external pointer table), and
sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
because they are encoded as offsets). This CL then also introduces a new
build flag, v8_enable_sandbox_future, which enables all future features.

Bug: v8:10391
Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78384}