This reverts commit f08547af.

Reason for revert: Causes failures due to virtual address space
exhaustion inside the sandbox.

Original change's description:
> [sandbox] Improve the default ArrayBufferAllocator for the sandbox
>
> Rather than using a page allocator and rounding all allocation request
> sizes up to the next multiple of the OS page size, we now use a
> base::RegionAllocator with a "page size" of 128 as a compromise between
> the number of regions it needs to manage and the amount of wasted memory
> due to allocations being rounded up to a multiple of that page size.
> While this is still not as performant as a "real" allocator, it does
> noticeably improve performance when allocating lots of ArrayBuffers.
>
> Bug: chromium:1340224
> Change-Id: I56d1ab066ba55710864bdad048fb620078b2d8c2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913346
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83396}

Bug: chromium:1340224
Change-Id: I3e3cc18c0e75cac586b7f014a75df1028bbfa86f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916637
Commit-Queue: Samuel Groß <saelo@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83417}

There is no need for ClientHeapVerifier anymore since we can simply
invoke full verification for all client heaps.

Bug: v8:13267
Change-Id: Ic72744aed09569f2e3e61bb3d6c889d2a7ad4de3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913030
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83416}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/60deb86..f87b9ff

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/b79692f..15fa3e7

Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/a4dc7f1..4d2c483

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I976f25d255f7f0f346a29de870b24f9b974a3d71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3917710
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83415}

In wasm-spec, the shift amount will modulo 32 or 64.

Change-Id: I98d003dfd8b73d0d3eb1a022942d7b138d29fdc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912629Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83414}

Bug: v8:13322
Change-Id: I0826175aeb47c07a7b53792d4c271a095b44e322
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915225Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83413}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d2ff521..60deb86

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/40b472e..209fff0

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I72143dcc8a33f25a99cec34dfce6091684bcc2cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3914622
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83412}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/bc5a8a1..d2ff521

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I6c275f6f326f89e5181fc5ec12feb80a40159197
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3914620
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83411}

Sync to the spec/calendar.html changes in
https://github.com/tc39/proposal-temporal/pull/2377
to change the order of calling ToTemporalOverflow.
This cl only cover the ISO8601 part, the the intl part of the PR
is not yet implemented and will be handle when e implemenet them.

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-isodatefromfields
https://tc39.es/proposal-temporal/#sec-temporal-isoyearmonthfromfields
https://tc39.es/proposal-temporal/#sec-temporal-isomonthdayfromfields

Bug: v8:11544
Change-Id: Ia4386d460dc45b0b377a483c6f4793da4cbd7c20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3903223
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83410}

Sync with https://github.com/tc39/proposal-temporal/pull/2394
to fix  TemporalCalendarString ambiguity issues


Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-parsetemporalcalendarstring
https://tc39.es/proposal-temporal/#sec-temporal-totemporalcalendar

Bug: v8:11544
Change-Id: I31d0255e55d1a432681fd060cf4f841cb1479480
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901196Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83409}

Bug: chromium:1367107, v8:12764
Change-Id: I0d07fc49eb68b1fa1a22635411e9b6b79ef2e2d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915483Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83408}

MSVC does not support inline assembly (clang-cl does).

Those two functions needs to be implemented using C++ only. Implemented
a version for MSVC only, based on an intrinsic (that guarantees load,
even with optimization) available for any architecture.

Bug: v8:13312
Change-Id: I3aa4eac03c099535c5d3a9a40221bd5f8bbcb0d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913036Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83407}

MSVC is confused by initializer list and default parameter, and reports
an ambiguous call.

test/cctest/test-assembler-arm64.cc(12208): error C2668: 'v8::internal::Clobber': ambiguous call to overloaded function
test-utils-arm64.h(251): note: could be 'void v8::internal::Clobber(v8::internal::MacroAssembler *,v8::internal::CPURegList)'
test-utils-arm64.h(241): note: or       'void v8::internal::Clobber(v8::internal::MacroAssembler *,v8::internal::RegList,const uint64_t)'

Solution is to construct with explicit type.

Bug: v8:13312
Change-Id: I66f5ba48bcdf6eb30035beaf7214a3d26fc9f18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913034Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83406}

Array#with and TypedArray#with adapt their arguments because they have a
fixed arity of 2. Builtins that adapt arguments shouldn't use
...arguments in Torque, which results in a "don't adapt" sentinel to be
generated, resulting in incorrect frame size computation.

Bug: v8:12764, chromium:1367133
Change-Id: I81c1ef2cdef25d049fa0b8effcb2a953c2a9846b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915939
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83405}

This compilation error was found by NodeJS when updating V8:
https://github.com/nodejs/node-v8/issues/240

MSVC reports an error with "too many initializer" for type uint32x4_t.

---

Under gcc/clang, this is a typedef to a builtin type.

For MSVC, it is a typedef to this union:
typedef union __n128
{
     unsigned __int64   n128_u64[2];
     unsigned __int32   n128_u32[4];
     ...
} __n128;

C++ mandates that only first member of union can be initialized at
declaration. Thus, it can only be initialized with {uint64_t, uint64_t}.

VS people proposed to use designated initializer instead:
var = {.n128_u32={1, 2, 3, 8}}
https://developercommunity.visualstudio.com/t/error-c2078-too-many-initializers-when-using-arm-n/402911
But, you need to use /std:c++20 for this, which is not the case in v8.

---

Thus, the only solution is to implement a hack specifically for MSVC,
where you build two uint64, from four uint32.

---------------------------------------

Once solved, another error is reported:
templated function extract_first_nonzero_index is specialized twice.

This is because, with MSVC, uint32x4_t and uint64x2_t are typedef to the
same __n128 union. The fix is to drop templates, and use explicit
function names instead.

Bug: v8:13312
Change-Id: I231d8cf01c05af01af319d56d5666c415f8b989b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913035Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83404}

Bug: v8:12764, chromium:1367136
Change-Id: Ia73f507bf480035d883be1bb5189a5b464327d29
Fixed: chromium:1367136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916281
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83403}

clang/clang-cl compiled happily (probably included transitively this
header), but not MSVC.

Bug: v8:13312

Change-Id: I69b6c15f76d8ef13e4fac33f733717429ba96f71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913033Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83402}

This is a reland of commit 70de8dd1

Uses a version of python coverage available on arm.

Original change's description:
> [Python3] Clean up python2 holdovers
>
> Cq-Include-Trybots: luci.v8.try.triggered:v8_android_arm64_n5x_rel_ng_triggered
> Bug: v8:9871
> Change-Id: I889fad886339e754ffee4e11cc06bc594e30641d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913200
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Liviu Rau <liviurau@google.com>
> Cr-Commit-Position: refs/heads/main@{#83391}

Bug: v8:9871
Change-Id: I4a2eddc09e1a57cc9847b68caac8a9f98c14d222
Cq-Include-Trybots: luci.v8.try.triggered:v8_odroid_arm_rel_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913027Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83401}

Bug: v8:7748
Change-Id: I678d890cf5a6a606790d782eb4cbc8b574faf4d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913399
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83400}

On PPC we don't have the nearest int FP roundings available,
bailing out to C runtime.

Change-Id: I4d8ee4ba74fb6c60752cdbde4a73052ab159821a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913247Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83399}

Change-Id: I374200e97a9e1e302ac026a0d66a7e370f2d33c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913245
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83398}

Change-Id: Ibaea8f237d3bbee983f763a178eda0f7ca97d419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3911515Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83397}

Rather than using a page allocator and rounding all allocation request
sizes up to the next multiple of the OS page size, we now use a
base::RegionAllocator with a "page size" of 128 as a compromise between
the number of regions it needs to manage and the amount of wasted memory
due to allocations being rounded up to a multiple of that page size.
While this is still not as performant as a "real" allocator, it does
noticeably improve performance when allocating lots of ArrayBuffers.

Bug: chromium:1340224
Change-Id: I56d1ab066ba55710864bdad048fb620078b2d8c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913346
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83396}

Fixed: chromium:1366399
Change-Id: I652ba7ddf3665143562b3ee6d60cde017bfc9e8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913126
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83395}

This reverts commit 70de8dd1.

Reason for revert:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20-%20debug/23885/overview

Original change's description:
> [Python3] Clean up python2 holdovers
>
> Cq-Include-Trybots: luci.v8.try.triggered:v8_android_arm64_n5x_rel_ng_triggered
> Bug: v8:9871
> Change-Id: I889fad886339e754ffee4e11cc06bc594e30641d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913200
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Liviu Rau <liviurau@google.com>
> Cr-Commit-Position: refs/heads/main@{#83391}

Bug: v8:9871
Change-Id: I862f4d1c57b1a6286502b8c219da477b0373927f
Cq-Include-Trybots: luci.v8.try.triggered:v8_android_arm64_n5x_rel_ng_triggered
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916007
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83394}

A shared space isolate needs to safepoint all clients as well in order
to collect garbage in the shared spaces.

Bug: v8:13267
Change-Id: I3f00a84bd46353c4351bbbe4240b90d8847afc8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912764Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83393}

This aligns the breakpoint behavior of YieldExpression and
AwaitExpression with the behavior of AssignmentExpression
in V8. It basically boils down to not reporting expression
positions on SuspendGenerator bytecodes as breakable
locations.

In particular the initial implicit yield of any generator
function is no longer a breakable position. In light of
this changes we also refine https://crrev.com/c/2949099
to not be able to step to the initial implicit yield
either, which would otherwise be really odd.

Before: https://imgur.com/KYy9F1S.png
After: https://imgur.com/gCnWU8J.png
Doc: https://goo.gle/devtools-reliable-await-breakpoints
Bug: chromium:901814, chromium:1319019, chromium:1246869
Fixed: chromium:1319019, chromium:1357501
Change-Id: I0c5f83e279918eb392d8f77a8a04c4c0285f938e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909688
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83392}

Cq-Include-Trybots: luci.v8.try.triggered:v8_android_arm64_n5x_rel_ng_triggered
Bug: v8:9871
Change-Id: I889fad886339e754ffee4e11cc06bc594e30641d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913200
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#83391}

This change makes the default configuration of standalone V8 builds
(again) reflect the default configuration of V8 in Chromium builds.

Bug: v8:10391
Change-Id: Ia98492a283772ebfde43f0edbfdff05319ac4352
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913345Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83390}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7f9e493..bc5a8a1

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5b90d5e..5eb0675

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/082ae7e..40b472e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I7037105e2ff55bcb9183b7b8315e9a93307fd15f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915108
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83389}

Bug: v8:12764
Change-Id: Ib201cad04b339e8193a64bdadf62e5fa9daf1881
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3911377
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83388}

Bug: v8:13311
Change-Id: Ibe6967fe951086689aa9c33e50512f45c4d4c016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909548Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83387}

Holder in 'object where the property was found' sense is different from
the holder object needed for calling API callbacks (see
FunctionCallbackInfo::Holder()).

Bug: v8:13284
Change-Id: I08dd625de6cc7ba33aec8cea4ebe28c884755455
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913285Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83386}

Fixed: chromium:1365101
Change-Id: Ie6f5fa08416348e827de9a389af5d63eba118ceb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909810Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83385}

This is a reland of commit 80fb2815

This CL fixes the signedness of rematerialized Numbers from immediates, which was introduced by the original change. Besides, BigInt truncation to zero bits is lowered to Int64Constant instead of NumberConstant of zero, which will flow into the state values directly.

Original change's description:
> [turbofan] Rematerialize BigInt64 in deopt
>
> This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.
>
> Bug: v8:9407
> Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Qifan Pan <panq@google.com>
> Cr-Commit-Position: refs/heads/main@{#83230}

Bug: v8:9407, chromium:1364319, chromium:1364400
Change-Id: I0b4e077b52f64af46018b6c045893bbd56153f32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899258
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83384}

V8-side implementation for trusted types fromLiteral.

Create a separate JSArray root map for template literal objects to
clearly identify untampered template literals belonging to a given
context.

Given that template literals are frozen arrays with a 'raw' property,
we don't expect additional polymorphism.

Drive-by-fix:
Avoid ValidateElements call in NewJSArrayWithElements.

Bug: chromium:1271149
Change-Id: I327b0fd99a2db3b57d35efa9293ddf2f14e555ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572044Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83383}

This is an unmodified reland of commit 67106ff4
The issue causing the revert should be addressed by commit 8598d770

Original change's description:
> [wasm-gc] JS interop: Do not wrap structs/arrays by default
>
> Bug: v8:7748
> Change-Id: I441fd294bc0f31c0396217bc55c27159abacdbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905725
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83338}

Bug: v8:7748
Change-Id: I3e6a0a33bed4dbc7dd7c311465b25de4f8184894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912763Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83382}

Bug: v8:12783
Change-Id: I09dcdfcf244af830380ca734859a46dd489e3836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909808
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83381}

We set the JSArray's length to the elements's length before,
which is wrong when the elements have the slack part. We could
serialize the correct length and only the actual elements excluding
the slack part for JSArray's elements. And we do the same thing
for the objects to avoid serializing unnecessary elements.

Bug: v8:13304
Change-Id: Ib68e06f409bfcab5c57fb5532e188aa0099d1140
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905061Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83380}

We don't remove the code just yet in case we need to re-enable the
feature. This could be in case we discover workflows not covered by
the "Scope View" and the scopes we report on "Debugger.paused".

R=kimanh@chromium.org

Bug: chromium:1365858
Change-Id: I636cc861af932156944a3f6e0a149cce0f939329
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905185Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83379}

This reverts commit 2a7f86ed.

Reason for revert: Blocking the roll (https://ci.chromium.org/ui/p/chromium/builders/try/mac-rel/b8802346196479466065/test-results?q=ExactID%3Aninja%3A%2F%2Fgin%3Agin_unittests%2FGinShellTest.HelloWorld+VHash%3A46648b293475ce2a&clean=)

Original change's description:
> Reland "[v8] Use |AllocateAtLeast| for resizing v8 zones."
>
> This is a reland of commit 4444874c
> This fixes a failure on the UBSan bots caused by assuming |Realloc| is always in-place if the new size is <= the value of |malloc_usable_size|.
>
> Original change's description:
> > [v8] Use |AllocateAtLeast| for resizing v8 zones.
> >
> > This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
> >
> > Bug: v8:13193, chromium:1238858
> > Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#83235}
>
> Bug: v8:13193, chromium:1238858
> Change-Id: I923bcbce8403dd7d84642340fd7202087b8a4440
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910268
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83372}

Bug: v8:13193, chromium:1238858
Change-Id: I32f9c4701a29c0516e3f587f1c6028e4d4158466
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909358
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83378}