This removes the additional call to `didPause` solely for
instrumentation breakpoints. They will be reported along with any
other pause reasons, and if several apply, 'ambiguous' will be
reported as a reason.

Bug: chromium:1229541
Change-Id: I38557248dc2274c2ff2c396aa19073f4a5c5abd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300134Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78271}

Change-Id: I8b496a028601442b509f894ab29d70c53d67eef5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318732
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78270}

Concurrent marking got accidentally disabled because
V8_ATOMIC_MARKING_STATE got removed.

Bug: v8:12470, chromium:1277264, chromium:1277330, chromium:1277392
Bug: chromium:1277287, chromium:1277260, chromium:1277259
Bug: chromium:1277256, chromium:1277252, chromium:1277250
Bug: chromium:1277254, chromium:1277251
Change-Id: I21211e8f6d3a65714ba3204e87863b71af42d82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318663
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78269}

MSVC disallows inline assembly on x64 and arm64, and instead requires
use of compiler intrinsics [0]. This CL checks for MSVC and uses
intrinsics for yield/pause, where available.

[0] https://docs.microsoft.com/en-us/cpp/intrinsics/compiler-intrinsics?view=msvc-170

Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel_ng
Change-Id: I3b9cbd998e91b391a21f1443e83758e7242425c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318721
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78268}

R=bmeurer@chromium.org

Bug: chromium:1267427
Change-Id: Ibee0fb62fda5f834b1866e2b6ae17bebca34f4ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317425
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78267}

Bug: v8:11880, v8:12478
Change-Id: I47f5384195aee8d6f251ca141714bdaec272f62f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318659
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78266}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/fd258bb..ab86707

clang-tidy: readability-redundant and performance (#1298) (dominc8)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/ab86707

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I234eb0daeb7d96c1886b780c97016ca25f5af7f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3319441
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78265}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/4b7f8b49c..1f16a6ad0

Bug: v8:7834
Change-Id: Id9d8d48f03d60e44fc614667e599da056cf23464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315231Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78264}

https://github.com/tc39/proposal-temporal/pull/1957
Resolve https://github.com/tc39/proposal-temporal/issues/1794

Bug: v8:11544
Change-Id: I50d406848e815b400d6e0cd14dee95589aac0647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318718Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78263}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/623bc83..0d9559b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/32ccf21..02439f6

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/203a644..82f3512

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/d812be7..fb06cff

Rolling v8/tools/luci-go: git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05..git_revision:81212ba3aa0a1a724465bded12d12c16ed46da3a

Rolling v8/tools/luci-go: git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05..git_revision:81212ba3aa0a1a724465bded12d12c16ed46da3a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If442eafffb10213c8e5b3cb624b833f3909ef523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3319440
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78262}

This is a reland of 3ee4804f.

The CL was originally reverted for blink test failures. Since the
revert, the blink top-level await flag has been removed.

Original change's description:
> [top-level-await] Remove --harmony-top-level-await
>
> TLA has been shipped since v8.9.
>
> Bug: v8:9344, chromium:1271114
> Change-Id: Ibebf21da8bacb1f0d212390133847495ad8553e5
> Reviewed-on:
https://chromium-review.googlesource.com/c/v8/v8/+/3307103
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78169}

Bug: v8:9344, chromium:1271114
Change-Id: I96a9641967a23a12ba2467a69e5859ad8647f3e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318717
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78261}

Avoid verifying the stack when running with TSAN as the TSAN runtime
changes stack contents when e.g. working with locks.

Specifically, the marker uses locks in slow path operations which
results in stack changes throughout marking. This means that the
conservative iteration in the verifier may find more objects then the
regular marker. The difference is benign as the delta of objects is
not reachable from user code but it prevents verification.

Bug: chromium:1275581
Change-Id: Ie316ab65a5b90a1b72c09966f72d61af91224091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317976
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78260}

This aligns the Torque semantics of catch with the JavaScript behavior:
When we catch an exception, we also reset the pending exception.
This also fixes a long-standing bug that we didn't restore the original
pending message after executing arbitrary JS in IteratorCloseOnException

Bug: v8:12439
Change-Id: I268d9d639d09023a424f352547cdce03428f983a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303805
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78259}

This CL separates checks for hardware support from checks for software
configuration. We unconditionally allocate a protection key to know
whether hardware support is there, but then only use it if PKU is
enabled via flags.
This will allow us to collect statistics on hardware availability even
if PKU cannot be used yet on ChromeOS. Allocation should always be fine,
and has been finched for several weeks now. The remaining kernel issue
on ChromeOS does not affect allocation and deallocation of protection
keys, so it is safe to unconditionally enable that.

R=ahaas@chromium.org

Bug: v8:11974
Change-Id: I62fd48e6302aecae9843a62861d978f86ea52141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315446
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78258}

For shared strings, String::MakeThin is protected by using the map word
of the string being migrated as a spinlock.

Note that this CL does not make it safe yet to access character data
from multiple threads. The spinlock here only protects write-write races
in String::MakeThin.

For more information, see the following two design docs:

https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit
https://docs.google.com/document/d/1Drzigf17t4ofy0evDmaIL5p0MDZuAl95c9fSeX-QjVg/edit

Bug: v8:12007
Change-Id: I9c47412c6ec7360a672b65a8576b4f6156ee5846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313429
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78257}

This reverts commit 2d087f23.

Reason for revert: 
- Causing MSVC build failures: https://crbug.com/v8/12476
- Causing flaky failures: https://crbug.com/v8/12475

Original change's description:
> [profiler] Surface VM & Embedder State
>
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState: 
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}

Bug: chromium:1263871, v8:12475, v8:12476
Change-Id: I02670b1ed3bb863033208369227642a7419fce00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78256}

On Intel chips, MAP_JIT is required when the hardened runtime is
enabled, which it is in Chrome. Without MAP_JIT, it is then not possible
to allocate executable pages in an address space reservation.

Bug: chromium:1276887
Change-Id: I632fdfc9e6cf02bac95e630e6404fea7d8f4c176
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310913
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78255}

Currently atomic ops on TF are using machine native byte order
and cannot be used by Wasm calls.

This Cl adds support for Little Endian enforced Wasm atomic ops
to S390 by reversing bytes where needed.

This CL does not change the behaviour on S390 simulator.

Change-Id: Iedb2c05a55f495409ee21a76713bf15e21108997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313444
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78254}

Rename StringShape::full_representation_tag to
StringShape::representation_and_encoding_tag, since the full
representation tag now includes the shared bit.

There are no users of the new method in this CL; this is split out to
make subsequent shared string CLs smaller.

Bug: v8:12007
Change-Id: Ic4ac0241fd9846241e85b4a094dfee6d201ba42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313428Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78253}

Calling {V8::Dispose} resets flag values, but error simulation relies on
{FLAG_random_seed}. Thus simulate errors before disposing V8.

R=machenbach@chromium.org

Bug: chromium:1168290
Change-Id: Ie3bc921d6dd1dbaece68ef0b801d8b25ba97585f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315441Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78252}

When leak sanitizer is active, an LsanVirtualAddressSpace is used and
takes care of marking the allocated pages as lsan root regions.

Bug: chromium:1276767
Change-Id: I3d8a61f7d3c59e4574e46707d2217031a32e3f0e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314828
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78251}

Add APIs to surface VMState and new EmbedderState to CpuProfile samples.

EmbedderState:
* An EmbedderState is defined as a value uint8_t and a v8::context used
for filtering.
* EmbedderStates are stack allocated by the embedder, construction and
destruction set/unset the state to the isolate thread local top.
* A v8::context is used to filter states that are added to a CpuProfile,
if the CpuProfile do not have a ContextFilter set or if contexts do not
match, state defaults to Empty.

* v8:StateTag is already propagated all the way to a Sample, simply add
an API to surface it.

VMState: 
Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
Bug: chromium:1263871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78250}

Like https://crrev.com/c/3283074; iterating the unordered set is not
deterministic, so sort compile deps before iterating if --predictable is
set.

Bug: v8:12465,v8:12397
Change-Id: Ia0cc299b197e9c84f4fd3fbc70d592656cf4bd43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310911
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78249}

The counter is unused since https://crrev.com/c/2050398.

R=mlippautz@chromium.org

Bug: chromium:1275959
Change-Id: I0c1472e2d63451d3b7280f4ebec01314119584c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310926Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78248}

--dump-counters and --dump-counters-nvp are only functional in d8, thus
they should be d8-only flags.

R=mlippautz@chromium.org

Bug: v8:12464
Change-Id: Ie3295990a1b4691ab95f8403ff6d9932543b03cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312275Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78247}

The same Code object can and does deopt multiple times when called
recursively and thus present on the stack in >1 activations.

Fixed: v8:12458
Change-Id: Ib34d6bae4aa0ea2e31731c5a6e8e85a878362621
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314824
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78246}

This CL reverts two diagnosing CLs that introduced same-thread CHECKS,
recovering all introduced performance regressions.

We will try to add less performance-sensitive checks again in a follow
up.

This reverts commit 0c2bbfd5.
This reverts commit 6643c059.

Bug: chromium:1253650, chromium:1243257, chromium:1274201
Change-Id: I96c41c39c4f58b062574fa11c4a2d76ad030bcf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315437
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78245}

This is a reland of f68242bc, with
fixes for UBSan (double-fixed, actually).

Original change's description:
> [codegen] Reduce size of safepoint table fields
>
> Code objects are often small and do not use the full integer range of PC
> offsets and deoptimization indexes. Reducing the size of these fields to
> the required size per table reduces the overall size of safepoint tables
> by roughly 25%.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12401
> Change-Id: Ie6889a70782f5510436a1d05d31d17aac0bfec6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306556
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78216}

Bug: v8:12401
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Change-Id: I2aa7f6448afd3350b0cc3d09a0f4ac18fcab0928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310806Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78244}

This CL makes sure that the API reports an error if the embedder
attempts to create a fast API function which could be used as a
constructor. It also adds corresponding cctest.

Bug: chromium:1052746
Change-Id: I36e51b298889900131bd5c3894134df3d8d28e5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314856
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78243}

In particular
* use variadic templates in BodyDescriptorApply(),
* ensure all the relevant classes have BodyDescriptor definition,
* ensure "objects-body-descriptors[-inl].h" headers are included only
  where necessary.

Bug: v8:12425
Change-Id: I7a95ed94bf62952e3d22d419d4a65ad2fe959d57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312273Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78242}

Use an atomic marking state in all builds - even builds with concurrent
marking disabled. This will allow us to simplify our code a bit.

This CL starts by always using MajorMarkingState for
MarkCompactCollector::MarkingState and removing V8_ATOMIC_MARKING_STATE.

Bug: v8:12470
Change-Id: I88a65647fb2142a63b2b51fc21391c8ef1baa82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314864
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78241}

When performing a shared GC, we need to find references from the client
heaps into the shared heaps. For now we achieve this by simply
iterating all objects in client heaps.

We need to do this both for marking and when updating pointers after
evacuation.

Bug: v8:11708
Change-Id: Ic1dd94cc352be0404095e548979c37b1ef25682a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300142
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78240}

It points at an uint8_t array, not a single uint8_t.

Fixed: chromium:1276455
Change-Id: I221c911b7fc71803e2c79f7a755fe73928e6ffa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317418
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78239}

Bug: chromium:1276129
Change-Id: I346d91282bccb4f75a8dfeec5e359d4a5c9a4891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317416
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78238}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0142a64..623bc83

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/4d362c3..d812be7

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I01f011876c6608404108b6fc51bd5a577a9a0815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317018
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78237}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b0031ae..0142a64

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/16279ec..4d362c3

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Iacbe57fbb36af0180ab10aeb9cadfbb437f4f771
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314346
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78236}

This interface is meant to eventually replace the existing
v8::PageAllocator interface. Beyond general refactoring of the
PageAllocator APIs, the new interface now supports the concept of
(contiguous) address space reservations, which previously had to be
implemented through page allocations. These reservations now make better
use of provided OS primitives on Fuchsia (VMARs) and Windows
(placeholder mappings) and can be used to back many of the cages and
virtual memory regions that V8 creates.

The new interface is not yet stable and may change at any time without
deprecating the old version first.

Bug: chromium:1218005
Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78235}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/746224d..b0031ae

Rolling v8/buildtools/clang_format/script: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/clang/tools/clang-format/+log/99876ca..e435ad7

Rolling v8/buildtools/linux64: git_revision:b79031308cc878488202beb99883ec1f2efd9a6d..git_revision:e0afadf7a743d5b14737bd454df45d5f1caf0d23

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/0f447a3..74c6eec

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dbf8536..32ccf21

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/3e68015..203a644

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/1b26064..d61d4d8

Rolling v8/tools/luci-go: git_revision:d3f13de997dcae45d2af9210be74e7eb96a98268..git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05

Rolling v8/tools/luci-go: git_revision:d3f13de997dcae45d2af9210be74e7eb96a98268..git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I14d594e8eb7322e8ea1a505df1ee7b834833fcb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314344
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78234}

Sync the parser to grammar change in
https://github.com/tc39/proposal-temporal/pull/1950

Bug: v8:11544
Change-Id: I57e9f9c2bd234f930cc06dd730ad4ccf77d239d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313966Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78233}

When pntr compression is enabled, `Pointer()` reads 8 bytes
whereas `TaggedPointer()` reads 4 bytes and decompresses.

TaggedPointer() in this case was causing an incorrect read
on big endian as the desired value was located on the high side
of memory.

Similar patches were also applied in this CL:
https://crrev.com/c/2057355

Change-Id: I77c449256ae1f56f2f8664f687985221badf819f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314302
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78232}