In the C++20 a following paper was implemented [1]. This
paper makes code below illformed. The high level idea is
that as soon as class gets non default constructor - all
default initializations are not added implicitly.

class A {
public:
  A(const A&) = delete;
};

int main() {
  A a{};
  return 0;
}

So if V8 embedder is building its code with C++20 it can
not initialize v8::CppHeapCreateParams struct and as a
result can not create a CppHeap.

One of the possible mitigations (3.3) from the paper is
to add non copyable field into class. Luckily there
is std::vector<std::unique_ptr>> in this class already.

[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1008r1.pdf

Change-Id: I8a2dc35784d7646b5f73a5e178716e9bf2ffe601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348007Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78504}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/04cd6da0..6c9b4de

Bug: v8:7834
Change-Id: I29159c3421ad81ec86544ac9682c76abc73c6703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367376Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78503}

This reverts commit be6bd4f4.

Reason for revert: Consistent timeouts on Linux and Mac, e.g.
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/37973/overview
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/37346/overview

Original change's description:
> [wasm] Fast paths in EvaluateInitExpression
>
> We add fast paths for the most common types of expressions in
> {EvaluateInitExpression} to improve instantiation time. We fall back to
> full expression decoding for less common operators, or for expressions
> with operands.
>
> Bug: chromium:1284557
> Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78497}

Bug: chromium:1284557
Change-Id: If09468eb1e790d4359573ddff8b653fe84b0e11e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368602
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78502}

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I35415a80ded1a90007c70347e9fffd97f47243a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3346681Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78501}

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I6caa36473b9fb92358e45b795f3f6ff39100586d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3346680Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78500}

Clang 12 doesn't support -Wno-bitwise-instead-of-logical,
so silence it with -Wno-unknown-warning-option.

GCC requires using GNU dialect of the C++ standard, using
optimizations (otherwise "always_inline" fails to inline),
and produces a lot of warnings that had to be silenced.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I9ddd4f39dca2167b5b208dc2d0ba8e60030eddfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333635Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78499}

New text is moved over from BlinkGCDesign.md

Bug: chromium:1283934
Change-Id: I10a84c91a642e96c494d6e523d6d89059afaa1ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366658Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78498}

We add fast paths for the most common types of expressions in
{EvaluateInitExpression} to improve instantiation time. We fall back to
full expression decoding for less common operators, or for expressions
with operands.

Bug: chromium:1284557
Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78497}

We implement loop peeling for wasm, currently available behind a flag.
Loops are peeled regardless of size.

Bug: v8:11510
Change-Id: Ia4c883abdee83df632b2611584d608c44e3295c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367615Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78496}

This reverts commit c7c5b492.

Reason for revert: Looks like test needs to be disabled for noi18n: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/40832/overview

Original change's description:
> [scanner] Combine surrogate pairs at start when scanning private names
>
> Bug: v8:12523
> Change-Id: Ic3779fe6f20965d177d99d0a570a735df72e4fde
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366994
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78493}

Bug: v8:12523
Change-Id: I678d69a7acb793ed03ce049a05c37685d0cdee1a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368106
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78495}

Introduce a build-time flag to disable all CET shadow-stack
manipulation. This will allow us to develop the feature without breaking
production code, and enable it all at once once the feature is ready.

R=mlippautz@chromium.org

Bug: v8:12522, v8:11246, chromium:1284445, chromium:1284599
Change-Id: Iedc1b9a0c0c74f484bb76d86c84809798c0931b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368101Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78494}

Bug: v8:12523
Change-Id: Ic3779fe6f20965d177d99d0a570a735df72e4fde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366994Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78493}

When computing the code size estimate for {PrepareAndStartCompile}, we
did not consider Liftoff code in the async path. Other invocations
checked {FLAG_liftoff} to decide whether Liftoff code will be generated.
This CL fixes the async path to do the same, and renames {uses_liftoff}
to {include_liftoff} to match the name of the parameter in
{EstimateNativeModuleCodeSize}.

R=ahaas@chromium.org

Bug: v8:12520
Change-Id: Ic92237dc05ac96ddd88c3e8788cd443c83bd446f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367624Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78492}

The jump table sizes were added to the estimated code size, and then
again added for computing the reservation size for the code. This CL
moves the jump table size from {EstimateNativeModuleCodeSize} to
{EstimateNativeModuleMetaDataSize} so it is still considered for the
total memory associated with the {NativeModule}, but only added once for
the code space reservation.

R=ahaas@chromium.org

Bug: v8:12520
Change-Id: I871e54833659a0d466f3e8359bb3b515c85dd3cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367622Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78491}

The V8InspectorSessionImpl constructor accepts a state, as either text
or CBOR encoded, and generally ignores all invalid inputs, except for
the case where it's a valid value, but not a dictionary value, in which
case it'll leak the value and crash upon casting to a `DictionaryValue`.

This is purely an issue with the test driver, so no security impact on
Chromium in the wild.

Fixed: chromium:1281031
Change-Id: I7b4d0aea83370499b1274d3fa214a14dc098d2f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361838
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78490}

This method performs exactly the same operation as the official
`v8::Exception::GetStackTrace()`, which is already used in other
places, so there's no point to have a duplicate of that in the
debug interface.

Bug: chromium:1283162
Change-Id: I09dd07f678165e1565bd77173e8ce64636ef649b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366659
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78489}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/44c14db..ccc9811

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1227b26..ec88714

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/54c265e..02d65ea

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/8b73305..2d10229

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Iade1fe67ff6f3dea3eacc7b614150da806e3ed20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3365993
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78488}

Change-Id: I7b20a32973c7592c6e47477b1d98bb0d72b27e33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347571Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#78487}

There is no reason for bazel/config to be used as an external dependency
(we can replace "@v8//bazel/config" as easily as "@config") and it makes
integration with other Bazel workspaces much harded than it needs to be.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: Idb818c3237d6840ebaa1dfc85b8be686b06d8a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3331591Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78486}

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I521c3f0c8be13df4b4661a0c1e67d9dd278acbe8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364916Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78485}

Naming a class member function the same as a class name
could cause compilation issues with gcc:
```
error: changes meaning of 'StackFrameInfo' from 'class
v8::internal::StackFrameInfo'
```
This CL changes the function name to fix the problem.


Change-Id: I085018504deefefa99dbf2ff8638bc0e872fdbc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366703Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78484}

If a fixed register is defined for an input, we did only spill the
sibling SIMD register if the other sibling was allocated. This is not
correct. If only the sibling is in use (e.g. s1 colliding with q0) we
also have to spill that sibling.

R=mslekova@chromium.org

Bug: chromium:1283042, v8:12330
Change-Id: I6a22eaf461774a0b4603ec3ff17062134a528161
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359615Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78483}

The mid-tier register allocator did not handle block merges correctly
where a SIMD register was partially overlapping with a non-SIMD
register. This CL fixes that, and reorders the code to allow for early
exits.

R=mslekova@chromium.org

Bug: chromium:1282224, v8:12330
Change-Id: I2e9275d5c1aaa764ecb63fbf8fa197b68d6b6c3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358294Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78482}

If such a frame is near the top of the stack frame, move to the frame
below instead, which is the caller of OS::DebugBreak.
Also, rename dcheck_stop_handler to v8_stop_handler since we handle more
than DCHECKs there.

R=leszeks@chromium.org

No-Try: true
Change-Id: Ib31c2dc8278ec779a00babfdc952453e66e5f110
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366238Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78481}

Previously, guard regions were created by allocating pages with
PROT_NONE and relying on an allocation hint. This could fail however,
for example on Fuchsia (where it would allocate a VMO to back the guard
region) and possibly on Windows (where a placeholder mapping was
replaced by a "real" mapping).

Introducing an explicit VirtualAddressSpace::AllocateGuardRegion routine
now makes this operation more efficient and effectively guarantees that
it cannot fail if used correctly: in a regular subspace, there is no
need to allocate anything when creating guard regions since the address
space reservation backing the subspace is guaranteed to be inaccessible
when no pages are allocated in it.

Bug: chromium:1218005
Change-Id: I6945f17616b6b8dad47241af96d4cb1f660e8858
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366237Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78480}

This change fixes the implementation of the previously introduced API
`Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
(consistently) to stack traces captured by V8 when exceptions are
thrown. It does so in a fully backwards compatible manner.

This change thus makes the previous fix for catapult (which landed in
http://crrev.com/c/3347789) effective, and therefore ensures that real
world performance benchmarks aren't affected by the use of the `Runtime`
domain in the catapult test framework.

Note this is basically a reland of crrev.com/c/3361839, but without
touching the stack traces for console messages (which led to the
regressions in crbug/1283516, crbug/1283523, etc.).

Fixed: chromium:1280831
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: I3dcec7b75d76ca267fac8bd6fcb2cda60d5e60dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364086Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78479}

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I8545294056e3ee330383e5f3bd50127f8221d9ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337367Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78478}

This sprinkles some more trace events in the disabled by default
"v8.inspector" category, to help with understanding performance
impact of stack trace capturing better.

Bug: chromium:1283162
Change-Id: I6085d587f241635fbb6934bef3adc95f58c5d2aa
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364085Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78477}

We unify the implementation of element segment expression entries with
other initializer expressions: we represent them with a {WireBytesRef}
and decode them with {InitExprInterface}. Except for reducing code
duplication, this also fixes a bug where {global.get} entries in element
segments could reference invalid globals.

Changes:
- Change {WasmElemSegment::Entry} to a union of a {WireBytesRef}
  initializer expression and a {uint32_t} function index.
- In module-decoder, change parsing of expression entries to use
  {consume_init_expr}. Add type checking to
  {consume_element_func_index}, to complement type checking happening in
  {consume_init_expr}.
- In module-instantiate.cc:
  - Move instantiation of indirect tables before loading of element
    segments. This way, when we call {UpdateDispatchTables} in
    {SetTableEntry}, the indirect table for the current table will also
    be updated.
  - Consolidate table entry instantiation into {SetTableEntry}, which
    handles lazily instantiated functions, or dispatches to
    {WasmTableObject::Set}.
  - Rename {InitializeIndirectFunctionTables} to
    {InitializeNonDefaultableTables}.
  - Change {InitializeNonDefaultableTables} and {LoadElemSegmentImpl}
    to use {EvaluateInitExpression}.
- Add a test to exclude mutable/non-imported globals from the element
  section.
- Update tests as needed.
- Update .js module emission in wasm-fuzzer-common.

Change-Id: I29c541bbca8531e8d0312ed95869c8e78a5a0c57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364082Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78476}

Chromium builds indicate that moving an optional doesn't reset the
source, and the source still indicates it has a value.
That may be a bug in base::optional, but we should fix it here first to
resolve current crashes.

Bug: chromium:1154636
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Change-Id: Ibfb53b6d06d5f0310e68b200cc27ca318a5a57e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366235Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78475}

The virtual register should be prefixed with a 'v' to match the printing
of virtual registers in other places.

R=mslekova@chromium.org

Bug: v8:12330
Change-Id: Ib79ace97b1c497efa3de85e1e48f5b07bb76d6cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358293Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78474}

The mid-tier register allocator already did some consistency checks;
this CL extends them, and removes a redundant check.
The added check ensures that no two virtual registers are assigned to
the same register. A separate check for the correctness of the
{allocated_registers_bits_} bitset is folded into {CheckConsistency}.
A second check that an allocated register is contained in
{allocated_registers_bits_} is removed.

R=mslekova@chromium.org

Bug: v8:12330
Change-Id: I6420eede145f88006c49e6ab16fdbeabffb8c9c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358291Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78473}

This fixes an unbalanced return stack that was caused by popping the
return address and jumping to it, instead of pushing it back and
returning properly.

R=leszeks@chromium.org

Bug: v8:11246
Change-Id: I5c58c587cc0f5433c0a3595f5ed4c765e90d1a30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3365267Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78472}

Change-Id: I6893f37b7b56759341a1d43c21fa52b3836fde27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3353368
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78471}

See related CL for context.

Changes:
- In InitExprInterface, add the ability to evaluate function references
  as index only. Remove the global buffers and use the ones passed with
  the instance object instead.
- In WasmElemSegment, add a field indicating if elements should be
  parsed as expressions or indices. Change module-decoder.cc to reflect
  this change.
- In module-instantiate, change the signatures of LoadElemSegment,
  LoadElemSegmentImpl, and EvaluateInitExpr. Move the latter out of
  InstanceBuilder.

Change-Id: I1df54393b2005fba49380654bdd40429bd4869dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364081Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78470}

For low-cost exception handling, it's important to be able to quickly
drop frames from the stack until reaching the exception handler.
The Intel shadow stack offers an instruction to avoid offending
stack discipline, incsspq, which drops N values from the stack.

This CL integrates that instruction for v8 exception handling.

Bug: v8:11246
Change-Id: I908f0ab8bb3de6c36e6078e27b65132287328f2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289637Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78469}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/555c8b4..44c14db

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/2715a6c..c884e7a

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/4ead610..6a10e3e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8cc3640b698cba2d84b0e1c11d97ec1eedbb743e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364392
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78468}

Commit 84f3877c moved IsInRange to
base::IsInRange and updated src/parsing/keywords-gen.h, but did not
update tools/gen-keywords-gen-h.py.

Bug: v8:12507
Change-Id: I914ba73feac3bac6fd5d08d14d17149faf6c5c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3356200Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78467}

This changes the StackFrameInfo to either hold on to a pair of

  (Script,source position)

or a pair of

  (SharedFunctioInfo,bytecode offset)

similar to what we do for MessageLocation. The idea here is to defer the
costly bytecode offset to source position lookup until really needed,
and in particular, avoid the costly lookup during stack trace capturing.

On the `standalone.js` benchmark in crbug.com/1283162#c1, this reduces
overall average execution time by roughly 25%, and the performance is
almost back to where it was before crrev.com/c/3302794 (being only 12%
slower than before on the `standalone.js` test case).

Note that due to unrelated limitations we cannot encode -1 as bytecode
offset in the flags field of the StackFrameInfo, and so we treat this
case specially (happens when stack trace capturing is triggered in the
function entry sequence) and just eagerly resolve it to the source
position.

Bug: chromium:1278650, chromium:1283162, chromium:1280803
Bug: chromium:1280818, chromium:1280831, chromium:1280832
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: If7cf62fce48d32c0f188895d1f8c9eee51b9e70d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359633Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78466}

This is in line with PartitionAlloc's DiscardSystemPagesInternal.

When the sandbox is enabled, OS::DiscardSystemPages is used instead of
PA's version. As such, these two implementations should ideally be
mostly identical. Using MADV_FREE instead of MADV_DONTNEED as was
previously done appears to cause some memory regressions.

Bug: chromium:1276887
Change-Id: Ied92b106e9894d428e599801d753ab4c8cffd874
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364090Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78465}