Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.calendar.prototype.day

Note- this is only the non-intl version. intl version in
https://tc39.es/proposal-temporal/#sup-temporal.calendar.prototype.day
will be implemented in later cl.

Bug: v8:11544
Change-Id: If56182cf65b3b8cc91ed843f0e20edeb6a065954
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3531556Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80347}

This reverts commit 0a5fcd8a.

Reason for revert: reenable TSAN test after moving best_fit out from stage

Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng,v8_linux64_tsan_no_cm_rel_ng,v8_linux64_tsan_rel_ng,v8_numfuzz_tsan_ng;luci.chromium.try:linux_chromium_tsan_rel_ng,linux_chromium_tsan_rel_ng-compilator

Original change's description:
> [test] Skip flaking test
>
> Bug: v8:12697
> Change-Id: I124f2f0fd3c98d6a5233a0e2a8236a2b15d791fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532261
> Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79518}

Bug: v8:12697
Change-Id: I53d109674ecd938d8be915099c412d174600edfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3624464
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80346}

Relative indexing methods have shipped since M92.

Bug: v8:10961
Change-Id: I4346a3bed443c9cc48924e5ef23ec012eeeecab1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622134Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80345}

This is a reland of commit 23b2d571

When updating pointers during a full GC, a page might not be swept
already. In such cases there might be invalid objects and slots
recorded in free memory. Updating tagged slots in free memory is fine
even though not strictly necessary.

However, the GC also needs to calculate the size of potentially dead
invalid objects in order to be able to check whether a slot is within
that object. But since that object is dead, its map might be dead as
well which makes size calculation impossible on such objects. The CL
changes this to cache the size of invalid objects. A follow-up CL will
also check the marking bit of invalid objects.

Reason for reverts:

Revert #2: In-object slack tracking on JSObjects doesn't update the
cached size of invalidated objects. The fix here was to stop
invalidating recorded slots on JSObjects at all and avoid that problem
completely (see https://crrev.com/c/3620274).

Revert #1: Not all size changes go through NotifyObjectLayoutChange, so
https://crrev.com/c/3607992 introduced NotifyObjectSizeChange as a
bottleneck for object size changes/right-trimming. This method is
now used to update the size of invalidated objects.

Bug: v8:12578, chromium:1316289
Change-Id: I0478d04601c0270ddb39419ca6cf98719951eb4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623542Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80344}

Also manually reformat some files with the clang-format change.

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e10cf1a..c8ec41b

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/c2e4795..113378f

Rolling v8/buildtools/linux64: git_revision:7c8e511229f0fc06f6250367d51156bb6f578258..git_revision:48b013c9d9debc0f5fc1dd71a257b3c38c5acb43

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/518fd76..c7888dd

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/705543f..d8a4746

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/88422dc..9ba02ee

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/dc8ca44..fccf35c

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/32e65ef..961141d

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3c4a622..75625c6

Rolling v8/tools/luci-go: git_revision:6da0608e4fa8a3c6d1fa4f855485c0038b05bf72..git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e

Rolling v8/tools/luci-go: git_revision:6da0608e4fa8a3c6d1fa4f855485c0038b05bf72..git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I00a09d42cf91f226c661e97915d5a95fff84b079
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3615245Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80343}

Bug: v8:11525
Change-Id: Ifd24e32dac905d47af233fa01b93206ee9ebdb8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623739
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80342}

Bug: v8:11525,v8:12820
Change-Id: I58bde48322c89bf33f3b28080659387a3c14de91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620277
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80341}

Distinguish untrusted clients in v8 inspector and disable Profiler, HeapProfiler and Schema CDP domains for them.

Bug: chromium:1313437
Change-Id: I7544c64acb4bc368392ba5f6a87ed62176828304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616517Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80340}

No-Try: true
Bug: v8:12847, v8:11111
Change-Id: Id0c2749970333b82650b33c9cddcb028ac03709c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623541
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80339}

Before this CL, the heap object name of unnamed objects(those not
inheriting from NameProvider) would be solely determined by whether the
build-time configuration cppgc_enable_object_names is enabled.

This patch adds a way to override that value at runtime. This is
useful for preserving default behavior with custom builds but at the
same time allow them to still enable the feature.

Bug: chromium:1321620
Change-Id: I3aa06db15e58d9ba9773be6797572f17f007e9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620279Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80338}

Previously marked V8_DEPRECATED_SOON that are now V8_DEPRECATED:

File                                    Version  Date        Commit
include/v8-initialization.h:208            v9.9  2021-12-15  277fdd1d
include/v8-initialization.h:226            v9.9  2021-12-15  277fdd1d
include/v8-initialization.h:236            v9.9  2021-12-15  277fdd1d
include/v8-initialization.h:250            v9.9  2021-12-15  277fdd1d
include/v8-locker.h:130                   v10.0  2022-01-20  116ca00f
include/v8-message.h:90                    v9.8  2021-11-09  2b3df06b


Previously marked V8_DEPRECATED that are now removed:

File                                    Version  Date        Commit
include/v8-fast-api-calls.h:886            v9.8  2021-11-11  b295d0b0
include/v8-fast-api-calls.h:893            v9.8  2021-11-11  b295d0b0
include/v8-fast-api-calls.h:902            v9.8  2021-11-11  b295d0b0
include/v8-initialization.h:186           v10.0  2022-01-26  36707481
include/v8-isolate.h:639                  v10.0  2022-01-26  36707481
include/v8-locker.h:132                    v9.8  2021-11-11  b295d0b0
include/v8-object.h:597                    v9.9  2022-01-18  0a61fa51
include/v8-object.h:609                    v9.8  2021-11-11  b295d0b0
include/v8-script.h:50                    v10.0  2022-01-26  36707481
include/v8-script.h:653                   v10.0  2022-01-18  9cf4f131


Output generated by ./tools/release/list_deprecated.py

Bug: v8:11165, chromium:1166077
Change-Id: Ie0d435f7a10f362ed714bdc30ad899ee9c485cb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571804
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80337}

To be consistent with the all the other tiers and avoid confusion, we
rename --opt to ---turbofan, and --always-opt to --always-turbofan.

Change-Id: Ie23dc8282b3fb4cf2fbf73b6c3d5264de5d09718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610431Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80336}

The ubsan failures were fixed by 99e90c55.

Bug: chromium:1029379
Change-Id: Iec334388de7faf8a47e6d607501a2f1298a441a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623540Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80335}

Observe the beauty of nature, as a TODO blossoms into a DONE.

Bug: v8:7700
Change-Id: I6981a5530664aa9ba4d120000d688a682c923a23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622914Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80334}

Slots don't need to be invalidated in the object. The object is trimmed
to its supertype, so all possibly recorded slots remain valid.

Bug: v8:12578, chromium:1316289
Change-Id: I859b3ec843a2c2c9863cdb3bbc1c3158364aaa5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622917Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80333}

This fixes:
runtime error: upcast of misaligned address 0x000000000001
for type 'cppgc::internal::(anonymous namespace)::SimpleGCed<64>', which
  requires 8 byte alignment

Bug: chromium:1029379
Change-Id: Id03ce022e72fc07a18c171d4cf5e42f50cb684f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622918
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80332}

Mark the labels to the code and data global, which removes the need
for having separate pointers to these labels in the .data section.

This means that `v8_Default_embedded_blob_code_` and
`v8_Default_embedded_blob_data_` can now actually be read-only when
RELRO is enabled.

The actual contents of `v8_Default_embedded_blob_code_` remain
potentially non-readable for platforms where code is marked as
execute-only, but these changes do not attempt to read them.

Bug: v8:12850

Change-Id: Ic1bc8e68fe44a9ce45380c83b0be5fa94e7da267
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616510
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80331}

Bug: v8:12842
Change-Id: Ice4ef2f1e62773238a0d9b08b6af36e9bed48ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622919
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80330}

This CL changes MaybeLocal::ToLocal documentation to assign |out|
with nullptr when the MaybeLocal is empty to be consistent with
the behavior.

Bug: v8:12845
Change-Id: I8145d6604c51b79f137b686b3e9b4f328534e0a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616432
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80329}

Fix: copy-paste error in raw ptr GC update function.

Bug: v8:11525
Change-Id: I915ae92191b2add60962395a2d0ad28f57e02fd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622915
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80328}

When lowering signatures, we must preserve the separation of parameters
into tagged and untagged sections.

Fixed: chromium:1320614
Change-Id: I8119ba23e35f499630c2d2494e99191ca793cb1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620283Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80327}

For entries in the string forwarding table, mark the internalized string
if the original string is marked.

The logic is moved from the string forwarding table implementation to
the mark compact implementation, using RootVisitor.

Bug: v8:12007
Change-Id: I860de75077c864dd4e5f2c47ab647d2eafcc5ced
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610625Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80326}

Due to the consistent overhead of snapshot checksum verification
we ideally want to avoid it all-together. However there are still enough
devices out there that suffer from corrupted snapshots that might
cause hard to debug heap corruptions.

This CL exposes the calculated (dummy value for now) and the expected
snapshot checksum as a crash key, so it can be easily consulted during
investigation.

Note: The calculated crash key contains 0x0 for now as a dummy value. We
will come up with a strategy later-on to limit the overhead of
calculating the checksum.

Bug: v8:12195
Change-Id: I6da6d74c035cb6f9b0edae212a36e6c41c048a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605813Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80325}

While nullptr also mostly seems to work, GetCurrentProcess() is the
correct way of specifying the current process for operations like
MapViewOfFile3 or VirtualAlloc2.

Bug: chromium:1218005
Change-Id: I988140374a708018dca089c29eb699e0536a5285
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620288Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80324}

When formatting console messages (for consumption in Chromium/Blink), we
have special logic to unwrap value wrapper objects. But this logic was
not very consistent, and especially Number values and NumberObject
values were formatted differently.

This changes the V8ValueStringBuilder::append() logic to always unwrap
any value wrapper first and then use the regular dispatch for the
primitive value.

Fixed: chromium:1321833
Change-Id: I9996671e1f91da0841e5d5f1687cf647ab72a561
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3622913
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80323}

In v3 we allow both significant digits and fraction digits to be set in some conditions.
Also fix the case in v2 we didn't handle "precision-integer" with currency format.

Related spec text:
https://tc39.es/proposal-intl-numberformat-v3/out/numberformat/diff.html#sec-intl.numberformat.prototype.resolvedoptions
https://tc39.es/proposal-intl-numberformat-v3/out/numberformat/diff.html#sec-setnfdigitoptions

Bug: v8:11544
Change-Id: I89c147dcc7803eae7aad2a380e85d1d877e30370
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3615217
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80322}

Bug: v8:11989
Change-Id: Idd7ab73f923a7a0114c0fb7a40807b4b163d6bcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595106Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80321}

This change adds support for computing SHA-256 hashes in the stack
output of errors by adding a function to the prototype of the
`CallSite` object, passed to `Error.prepareStackTrace`. Additionally,
it updates the `hash` property from `Debugger.scriptParsed` and
`Debugger.scriptFailedToParse` to be SHA-256 instead of the
proprietary hash it is today.

It is intended to be an advancement in indexing source maps to
support improved tooling, especially for post-hoc or in-production
diagnostics scenarios.

The explainer can be found here:
https://docs.google.com/document/d/13hNeeLC2Ve_FVieNndZUUUP15x2O4ltvjnGWwOsMlrU/edit?usp=sharing

Change-Id: Ifbbed4b22c8256e74e6d79974d2dd1e444143eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229957Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Robert Paveza <Rob.Paveza@microsoft.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80320}

This is a reland of commit 89600314

Changes since revert: None, reverted wrong suspect CL

Original change's description:
> [Temporal] Fix Calendar.prototype.fields CSA
>
> Use LoadAndUntagToWord32ObjectField instead of LoadObjectField<Uint32T>
> to load the flag since it is defined as
>  flags: SmiTagged<JSTemporalCalendarFlags>;
>
> Otherwise LoadObjectField<Uint32T> will load the zero part when
> v8_enable_pointer_compression = false
>
> Add unit tests to intl (because the problem only show up on calendar
> other than non iso8601.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_mipsel_compile_rel,v8_linux_mips64el_compile_rel
>
>
> Bug: v8:12848
> Change-Id: I44b685af99dc9820dfa228447e2b42ae0a82464c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3617388
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80314}

Bug: v8:12848
Change-Id: I423ea5f0a4a30fc73546df208d24aec84db76eb4
Cq-Include-Trybots: luci.v8.try:v8_linux_mipsel_compile_rel,v8_linux_mips64el_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620838
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80319}

This reverts commit 31009706.

Reason for revert: UBSan failure: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/21069/overview

Original change's description:
> cppgc: young-gen: Enable cppgc_enable_young_generation by default
>
> Oilpan Young Generation is now controlled by the runtime flag
> --cppgc-young-generation.
>
> Bug: chromium:1029379
> Change-Id: I9ded9637f43a2f86993cff898cd7f272a051ae3c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616728
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80312}

Bug: chromium:1029379
Change-Id: I18ac696380df5f77d0978072b8e5af2f2e305994
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620839
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80318}

This reverts commit 89600314.

Reason for revert: UBSAN errors in GC tests
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/21069/overview

Original change's description:
> [Temporal] Fix Calendar.prototype.fields CSA
>
> Use LoadAndUntagToWord32ObjectField instead of LoadObjectField<Uint32T>
> to load the flag since it is defined as
>  flags: SmiTagged<JSTemporalCalendarFlags>;
>
> Otherwise LoadObjectField<Uint32T> will load the zero part when
> v8_enable_pointer_compression = false
>
> Add unit tests to intl (because the problem only show up on calendar
> other than non iso8601.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_mipsel_compile_rel,v8_linux_mips64el_compile_rel
>
>
> Bug: v8:12848
> Change-Id: I44b685af99dc9820dfa228447e2b42ae0a82464c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3617388
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80314}

Bug: v8:12848
Change-Id: I3a8af8acbbdfc5d0f5386f2a9d50d62b9f422fb8
Cq-Include-Trybots: luci.v8.try:v8_linux_mipsel_compile_rel,v8_linux_mips64el_compile_rel
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620837
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80317}

This is a reland of commit 445190bf

The fix addresses the issue where object size accounting went out of
sync because of right-trimmed LO in new space that were migrated with
a different size than they were accounted for.

The fix now iterates only live objects for size computation which
avoids accessing reclaimed maps and fixes up the objects accounting.

Original change's description:
> [heap] Fix bogus object size computation
>
> The map of an object may be gone by the time we try to compute its
> size for accounting purposes.
>
> Bug: chromium:1319217
> Change-Id: I93cca766a8cedebf4ed30a3a65fd6eff5bc72bcf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605817
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80271}

Bug: chromium:1319217
Change-Id: I8d032edf96a4bf4b0faa4bbd9b0be247051c49fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616507Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80316}

This is a reland of commit c575e8ae

Original change's description:
> PPC/S390: Reland "[osr] Use the new OSR cache"
>
> Port 91453880
>
> Original Commit Message:
>
>   This is a reland of commit 91da3883
>
>   Original change's description:
>   > Fixed: Use an X register for JumpIfCodeTIsMarkedForDeoptimization
>   > on arm64.
>   > Bug: v8:12161
>
> Change-Id: I6e63bd5995340bac32654ef12c52d25b496140e3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607997
> Reviewed-by: Junliang Yan <junyan@redhat.com>
> Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#80194}

Change-Id: Id5e41c659a3c29a6d22c0393ad0003a24fa1ef5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3621273
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80315}

Use LoadAndUntagToWord32ObjectField instead of LoadObjectField<Uint32T>
to load the flag since it is defined as
 flags: SmiTagged<JSTemporalCalendarFlags>;

Otherwise LoadObjectField<Uint32T> will load the zero part when
v8_enable_pointer_compression = false

Add unit tests to intl (because the problem only show up on calendar
other than non iso8601.

Cq-Include-Trybots: luci.v8.try:v8_linux_mipsel_compile_rel,v8_linux_mips64el_compile_rel


Bug: v8:12848
Change-Id: I44b685af99dc9820dfa228447e2b42ae0a82464c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3617388Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80314}

This CL adds serialization and deserialization support
for HOLEY_ELEMENTS and HOLEY_SMI_ELEMENTS kind arrays.

Bug: v8:11525
Change-Id: Ib6fdcd1916badd02e567571e1c0748dce85cd8a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620753Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80313}

Oilpan Young Generation is now controlled by the runtime flag
--cppgc-young-generation.

Bug: chromium:1029379
Change-Id: I9ded9637f43a2f86993cff898cd7f272a051ae3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616728Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80312}

This reverts commit 25e32252.

Reason for revert: Suspect for roll failure: https://ci.chromium.org/ui/p/chromium/builders/try/android_optional_gpu_tests_rel/98554/overview

Original change's description:
> Reland "[heap] Refactor atomic marking phase"
>
> This is a reland of commit a3f66927
>
> The reland addresses a few CHECKs that were too agressive and also
> properly adjusts Oilpan's marking configurations depending on V8's
> flags.
>
> Original change's description:
> > [heap] Refactor atomic marking phase
> >
> > The atomic marking phase was organized in many distinct smaller
> > phases. In particular, before http://crrev.com/c/3584115 the marking
> > phase split into two large separate phases.
> >
> > This CL reorganizes marking into two phases that perform regular V8
> > heap marking, Oilpan, and ephemerons:
> > - A parallel phase that likely drains all marking worklists;
> > - A single-threaded final phase to catch any left overs;
> >
> > This avoids artificial splitting in phases and also avoids repeated
> > starting and joining of jobs.
> >
> > Change-Id: I5cccfc5777837d9ece10d8f4925781bf2d07d9da
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602507
> > Reviewed-by: Omer Katz <omerkatz@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#80265}
>
> Change-Id: I26648da361b92d787c173aa9d390100ce8958728
> Bug: chromium:1320896
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616519
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80301}

Bug: chromium:1320896
Change-Id: I01742f25d54de8e4e22fefe87ce61ba295950baa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620286
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80311}

I was trying to build chromium with Perfetto enabled and I ran into this
compilation error:
```
../../v8/src/libplatform/tracing/recorder-win.cc(48,42): error: no member named 'GetCategoryGroupName' in 'v8::platform::tracing::TracingController'
                      TracingController::GetCategoryGroupName(
                      ~~~~~~~~~~~~~~~~~~~^
1 error generated.
```
This happens because the GetCategoryGroupName() function is added to
the TracingController class only if Perfetto is disabled.
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Change-Id: If53dab5ea9b8c3e2f69e8e84c8d6ba06ee3c496e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616427Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80310}

https://crrev.com/c/3571817 introduced a bug that string table lookups
failed on SlicedStrings with a start offset of 0.
This CL fixes the issue by re-using the already computed hash only
if the length of the source string matches the length of the string to
lookup.

Bug: chromium:1320179, chromium:1321573
Change-Id: Ic8755a0266a9ec67fe5eb9c96fdab1b55d5009f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616723
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80309}

In Sampler::DoSample, we only guard SignalHandler::Installed before
and Sampler::Stop may happen at the same time, which may cause SIGPROF
signal handler was already restored before SIGPROF was emit and trigger
profiling timer expired. This CL changes Sampler::DoSample to use
SignalHandler::mutex() to guard the entire function and also change
the mutex to recursive mutex.

Bug: v8:12838
Change-Id: I5195742ecdbade342986755233840d7be5d83c62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616429Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80308}