Bug: v8:12185
Change-Id: I32518ad88d98f68934a1b3c12b1559e31f0df628
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259528
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77698}

Clang doesn't optimise over handle derefs. Change the ValueSerializer
and the JsonStringifier to use InstanceType directly for checks.
This CL squeezes another 1.5% of JSON.stringify in local benchmarks.

Drive-by-fix:
- Avoid a few more derefs in the JsonStringifier
- Make JsonStringifier::SerializeJSArray a bit more readable

Change-Id: I37626a6d92a8d9275611a4e6d1d908f2e0c6d43b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247637
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77697}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/4f31803..8aae0a4

[cleanup] Change `== ""` to `.empty()` on string to avoid clang-tidy warnings (#1271) (Vy Nguyen)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/8aae0a4

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I4edce04c4cbc33019942b05ae1fdb094571f0694
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260155Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77696}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/cf32591..02bef0a

Rolling v8/buildtools/linux64: git_revision:8926696a4186279489cc2b8d768533e61bba73d7..git_revision:90294ccdcf9334ed25a76ac9b67689468e506342

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/75c4ea8..b939095

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/57c928c..8a0d05d

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/16f637f..bf0701d

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/21baac0..b2ffe54

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8f7d055b78dc6db357a4dcfe761e17728ae53b65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260153Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77695}

Currently, the safepoint is last call instruction's return address on
mips and loongarch64 platform. But in `CallCFunction`, there are some
other instructions after calling, which leading to a wrong safepoint
record on mips and loongarch64.

So I record the pc for safepoint at the end of `CallCFunction`
function, and change `last_call_pc_` to `pc_for_safepoint_`.

Besides, commit 48b2b891 introduced
a typo on loong64 platform, I also fixed it in this CL.

Change-Id: Ia3ea77ae2f6f1c8c604e35f420a7632a78c9725a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3258875
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77694}

Currently, in the following struct

struct LayoutObject : GarbageCollected<>, MixinA, MixinB {};

the subobject that corresponds to the first base GarbageCollected<>
always takes up some space (one word). The empty-base-optimization
doesn't happen because the second base (MixinA) has the same subobject
as the first base (GarbageCollected), which is the most parent class
GarbageCollectedBase. The compiler can't "merge" them because it must
guarantee that distinct objects of the same type have distinct
addresses.

The attribute [[no_unique_address]] doesn't work for base classes,
unfortunately (but is a good idea for a Standard proposal). As a
solution, the CL simply removes GarbageCollectedBase.

Bug: chromium:1260797
Change-Id: I415b10a5fbcebce3d6ee97b8870ea9ae90f383a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259654
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77693}

When a GC happens during context deserialization,
NativeContext::retained_maps might be uninitialized and not store a
WeakArrayList but Smi 0.

Bug: v8:12198
Change-Id: I03c1dfaa013c47907af67bb13b9277d67ca5ffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259662Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77692}

Port 4de20cb1

Original Commit Message:

    This CL adds a minor change to the arm/arm64 simulators to support up to
    20 arguments in a C function call. This change is necessary for an
    upcoming CL which adds float support to the simulator and tests with
    more than 20 arguments, see
    https://chromium-review.googlesource.com/c/v8/v8/+/3060486

R=mslekova@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ic3dabdcaa4982840466190003c56cfe82e91316b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259652Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77691}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/ba82d462..42e21582f

Bug: v8:7834
Change-Id: Icaa556ec606908fb8c0cd110285e054e9f6b0254
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3258874Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77690}

This reverts commit a3480b55.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20header%20includes/22234/overview

Original change's description:
> Reland "[torque] Don't generate k(?:Start|End)Of\w+FieldsOffset constants"
>
> This is a reland of 7366f6e2
>
> The test that failed after the initial commit was just flaky and has
> been fixed; see https://bugs.chromium.org/p/v8/issues/detail?id=12341
>
> Original change's description:
> > [torque] Don't generate k(?:Start|End)Of\w+FieldsOffset constants
> >
> > Torque currently generates constants like kStartOfWeakFieldsOffset and
> > kEndOfStrongFieldsOffset, which can be used when writing custom
> > BodyDescriptors. However, these offsets have some potentially confusing
> > behaviors:
> >
> > * They don't take inheritance into account and describe only the fields
> >   defined by the current class itself, so there might be (for example)
> >   strong fields before kStartOfStrongFieldsOffset if they were defined
> >   by a superclass.
> > * kStartOfWeakFieldsOffset points to the first field defined in Torque
> >   using the keyword `weak`, which indicates fields with *custom*
> >   weakness semantics (those that should be visited with
> >   IterateCustomWeakPointers), not those that may contain standard weak
> >   pointers (visited with IterateMaybeWeakPointers). (As a follow-up, I'd
> >   like to also rename `weak` to `@customWeak`.)
> >
> > Given that these constants have very low usage and somewhat bizarre
> > semantics, I propose that we remove them. This change does so, and
> > updates the existing usages to either define the required constants
> > directly in C++ or not use them. I know that defining these constants in
> > C++ is more brittle, but I think that brittle and clear is better than
> > automatic and incomprehensible.
> >
> > Bug: v8:7793
> > Change-Id: I87f8c85ccae4027f61ac73d4e7e4e2820e92003b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199731
> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> > Cr-Commit-Position: refs/heads/main@{#77411}
>
> Bug: v8:7793
> Change-Id: Iefdd4014ce4b85b48c19ead79a0316774a5ecd45
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3258082
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#77688}

Bug: v8:7793
Change-Id: I7b9667268901b7aef85a95832d40860056e61050
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259656Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77689}

This is a reland of 7366f6e2

The test that failed after the initial commit was just flaky and has
been fixed; see https://bugs.chromium.org/p/v8/issues/detail?id=12341

Original change's description:
> [torque] Don't generate k(?:Start|End)Of\w+FieldsOffset constants
>
> Torque currently generates constants like kStartOfWeakFieldsOffset and
> kEndOfStrongFieldsOffset, which can be used when writing custom
> BodyDescriptors. However, these offsets have some potentially confusing
> behaviors:
>
> * They don't take inheritance into account and describe only the fields
>   defined by the current class itself, so there might be (for example)
>   strong fields before kStartOfStrongFieldsOffset if they were defined
>   by a superclass.
> * kStartOfWeakFieldsOffset points to the first field defined in Torque
>   using the keyword `weak`, which indicates fields with *custom*
>   weakness semantics (those that should be visited with
>   IterateCustomWeakPointers), not those that may contain standard weak
>   pointers (visited with IterateMaybeWeakPointers). (As a follow-up, I'd
>   like to also rename `weak` to `@customWeak`.)
>
> Given that these constants have very low usage and somewhat bizarre
> semantics, I propose that we remove them. This change does so, and
> updates the existing usages to either define the required constants
> directly in C++ or not use them. I know that defining these constants in
> C++ is more brittle, but I think that brittle and clear is better than
> automatic and incomprehensible.
>
> Bug: v8:7793
> Change-Id: I87f8c85ccae4027f61ac73d4e7e4e2820e92003b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199731
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#77411}

Bug: v8:7793
Change-Id: Iefdd4014ce4b85b48c19ead79a0316774a5ecd45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3258082Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77688}

R=manoskouk@chromium.org

Bug: v8:12281
Change-Id: I7f5c231683c45e7c87c649246759f76464f4e835
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259646
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77687}

Change-Id: Ie46687a1af834b9c1a6c8fa5bcf5badb61cc1647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259645Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77686}

We only expect the "wasm_exception_values_symbol" property to be a fixed
array if the property actually exists. If the property is not found,
JSReceiver::GetProperty returns "undefined", so skip the check in this
case.

R=clemensb@chromium.org

Bug: chromium:1262582
Change-Id: I28d7891064bdd7632ff1a4c94ba021163401fd88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244416
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77685}

Bug: v8:12185
No-Try: true
Change-Id: Ib8296171d8101594949deddbf0a7c2a24ee5c7f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257717
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77684}

If index > JSObject::kMaxElementIndex, we have to perform a prototype
chain lookup for a named property. The corresponding check was missing
for string receivers.

Fixed: chromium:1265043
Change-Id: Ibccd058a4bd108eeee235762bea0bc4163aaa0b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257704
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77683}

Bug: v8:11880
Change-Id: Iffebca251d18d5637884b2181acdfb3e6c5496a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257715Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77682}

Happy hunting.

Bug: chromium:1262676
Change-Id: I0f3a5519cb9ed3dc4787acd61cb437ee8c2bf2d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257716
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77681}

Bug: v8:11880
Change-Id: Ib0997ca8cedaf1065fc6803d5297c30621b49949
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257714Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77680}

`UseScratchRegisterScope` should be used in a block scope, to avoid keeping the
scratch register in use for longer than it's needed. Spotted when experimenting
with the `v8_enable_heap_sandbox` and `v8_enable_external_code_space` flags.

Change-Id: I34330f3e4dbd114aa75efb0ebdcf557f0bd45f11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256997Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/main@{#77679}

In order to avoid some of the unnecessary Code <-> CodeDataContainer
conversions in builtins we need to be able to embed CodeDataContainer
references to builtins.

This CL makes it possible by introducing a table of builtins' CDCs.
Eventually, usages of the builtins table containing Code objects will
be replaced by usages of this table.

Bug: v8:11880
Change-Id: Iffffd1507d5c7b38af34c42071a4577a8d18e8eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257710Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77678}

The runtime function 'WasmIsValidRefValue' can be called from C-API and
JS wrappers and needs to be passed an instance. Therefore, we always
have to define an instance node, even when it is just undefined.
See also https://chromium-review.googlesource.com/c/v8/v8/+/3236719.

Bug: v8:11510, chromium:1266080
Change-Id: Ib9712fe3a3880db8656ee4882bec0ae7635cc60f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257708Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77677}

This is a reland of 35a6eeec

Reland fixes:
  * Add a SharedFunctionInfo::CopyFrom to encapsulate updating the SFI
    from the placeholder. This now includes copying scope_info (which
    wasn't included in the original CL and caused some of the issues)
  * Make sure that LocalHandleScope is initialised only inside of
    UnparkedScope (fixed TSAN issues)
  * Clean-up: Don't add `script_` to ParseInfo, but instead pass it
    separately to Parser. Eventually we'd ideally get rid of ParseInfo
    entirely (splitting it into input and output) so let's not add more
    fields to it. Reverts changing CreateScript to InitializeScript.

Original change's description:
> [off-thread] Allow off-thread top-level IIFE finalization
>
> Allow off-thread finalization for parallel compile tasks (i.e. for top-
> level IIFEs).
>
> This allows us to merge the code paths in BackgroundCompileTask, and
> re-enable the compiler dispatcher tests under the off-thread
> finalization flag. Indeed, we can simplify further and get rid of that
> flag entirely (it has been on-by-default for several releases now).
>
> Change-Id: I54f361997d651667fa813ec09790a6aab4d26774
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226780
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77615}

Change-Id: If1a5b14900aa6753561e34e972a293be0be9a07d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256692
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77676}

Change-Id: I5c8452a0fb5512a007f9b892c81711a30f65344c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257707
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77675}

.. as a custom data structure with questionable value.

Also: a few drive-by refactors.

Change-Id: I74957b70c4357795dc46ef5520d58b6a78be31b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3240823
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77674}

Unfortunately, CharacterRanges may use 0x10ffff as a marker value
signifying 'highest possible code unit' irrespective of whether the
regexp instance has the unicode flag or not. This value makes it
through RegExpCharacterClass::ToNode unmodified (since no surrogate
desugaring takes place without /u). Correctly mask out the 0xffff
value for purposes of building our uint16_t range array.

Note: It'd be better to never introduce 0x10ffff in the first place,
but given the irregexp pipeline's lack of hackability I hesitate to
change this - we are sure to rely on it implicitly in other spots.

Drive-by: Refactors.

Fixed: chromium:1264508
Bug: v8:11069
Change-Id: Ib3c5780e91f682f1a6d15f26eb4cf03636d93c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256549
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77673}

It is easy to miss that a LocalHandleScope can only be created when
the current thread is in the running state and not parked. Add a DCHECK
for this, such that we don't need to rely on TSAN for finding such
issues.

Bug: v8:12357
Change-Id: I1f2f9b1fdf05814009f2edccf192afbb1caf6baf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257705
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77672}

NewJSObjectWithNullProto has use cases outside of the debugger. We
previously changed it to create dictionary mode objects, which affects
the performance of non-debugger use cases. This change partially
reverts that change by differentiating between use cases.

Fixed: chromium:1266160
Change-Id: I875073bdc062cf187ef24da62324f743169d2e29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257706
Auto-Submit: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77671}

With LocalHeaps multiple threads may now access the heap. We now need
to bring background threads to a safepoint and make all LABs iterable
in order to be able to safely iterate the heap.

Bug: v8:12338
Change-Id: Ia39f3bf7ac13ba405c86ee2f0048c600ce36c2d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256690Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77670}

Port commit 4de20cb1

Change-Id: I753c9e02b517d73caf12e12104196f1a5b82847c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3258452
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Liu yu <liuyu@loongson.cn>
Commit-Queue: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77669}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1eb779c..cf32591

Rolling v8/third_party/android_ndk: https://chromium.googlesource.com/android_ndk/+log/9644104..401019b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2c76b34..75c4ea8

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/aebf624..57c928c

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ib09b9883a06199b1e00e4fb6fa3a03f23a2f55a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257209Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77668}

Port 4de20cb1

Change-Id: I8801bbcf9647c1abcb9cc5fb41720009e002d153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257964
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77667}

This CL makes sure the offset is calculated correctly to be
the return address from a C Function. Checking the size
of generated code is also fixed to take into account the extra
instruction we have from LoadPC.

Change-Id: I585c11efbe4342bc5a0d3068683b54cb563a3bc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257206Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77666}

- Fix definition and declaration of noexcept methods not matching
- Disable test using deprecated APIs. Only having clang coverage is
  okay here.

Change-Id: I412d0b0087b2858fb72b0365b94b82ebc13462de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256693
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77665}

This improves the performance of initializing instances with
private methods by 5-6x and makes it on par with initializing
instances with only public methods.

Drive-by: remove the obsolete AddPrivateField runtime function
along with the AddPrivateBrand function.

Bug: v8:10793, v8:12355
Change-Id: Ic0896adb2102db7790f955fecbdd22f61ab2e7ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256999
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77664}

Bug: v8:12244,v8:12245
Change-Id: Iee80a34255a9c8ee5000719340a475331ab82942
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3254004Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77663}

Bug: v8:12244,v8:12245
Change-Id: I5890c4a95da6ea8098a0f7d8a90f503a89704d45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3254003Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77662}

I'm in the process of evaluating impact of v8 snapshot and
would like to understand the amount of time spend decompressing.

BUG=chromium:1257321
TEST=none

Change-Id: I122a2151e48f61db3352da56763e3e66f7415efe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256006
Commit-Queue: Scott Violet <sky@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77661}

This reverts commit 12e0978d.

Reason for revert: Issues should be fixed by https://crrev.com/c/3123420

Original change's description:
> Skip code flushing tests failing on NumFuzz bots
>
> Bug: v8:12088
> Change-Id: Ibc4db95125d44eca110829f1c043e769de5bd349
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123416
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Auto-Submit: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76527}

Bug: v8:12088
Change-Id: I5fcf0f149028d34ade3aa5aabc2e8de73631cac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256551Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77660}

Add support for non-nullable reference types.
Refactor the GetValueType function. Emit a meaningful
initializer for every ref type in globals instead of an
empty one. Avoid the non-nullable recursive type by only
allowing indices that are strictly less than the current index.

Bug: v8:11954
Change-Id: Id1a405525080de7eb9dbbd4f2b8aea5f05684665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251171
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77659}