- Use the lowered 32-bit signature when linking the inlined and caller
  graphs.
- Tolerate non-projection uses of Call nodes when linking the graphs.
  These can be left over by Int64Lowering.
- Drive-by: Inline really small functions even if their call count is
  low.

Bug: v8:12166
Change-Id: I5b472d3f617f2f23820a5d142102c0a6c5c769dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720715Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81386}

- Moved graph-phase.ts to graph-phase folder
- Refactored selection.ts, selection-broker.ts, selection-handler.ts, source-resolver.ts

Bug: v8:7327
Change-Id: I922c8730f89c53a73a55414378ac1e29a6397a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714945Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#81385}

It is no longer necessary to postpone the allocation of backing stores
to avoid triggering GC. As such, the logic around ArrayBuffer
deserialization can be simplified.

Bug: v8:10391, v8:11111
Change-Id: I7410392a6e658cd4be77e2192483c6d412b63412
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717982Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81384}

No-Try: true
Bug: v8:12999
Change-Id: I82b1d8d3dc9ab62341f581440665964652603b92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720718
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81383}

Now you can use 3-letter alias for all modes: rel, opt, dbg
Example: gm.py x64.opt.d8

No-Try: True
Change-Id: I825ebbf4cc1c509599f4fd2ac5aa0ac6fab998c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723506Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81382}

In this part: entries, keys, values

Bug: v8:11111
Change-Id: I2a87be21348626e34f887c71026dba1120adb7d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723504Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81381}

The waiter queue node of JS Atomics.Mutex is now stored in the shared
external pointer table.

Bug: v8:12547
Change-Id: I2f4ce1c705d5e710b49872942702f60edf6c4043
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721696Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81380}

Instead of creating smaller sandboxes when the allocation of the virtual
address space reservation fails, we now create partially-reserved
sandboxes and halve the reservation size until the initialization
succeeds. That way, the unreserved part of the sandbox can still be used
for allocating objects.

Bug: v8:10391
Change-Id: I89a7790ffcda87ab71cc7b7f1101c0a1c3c62829
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714241Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81379}

Previously, only root marking performed during the final pause
was accounted for in the tracing data.

This CL enables tracing of the initial root marking step of MajorMC.

Change-Id: I4aa8a52144d81a12e43a481518acbab118978992
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3724793
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81378}

Utf8Decoder used to use unibrow::Utf8::ValueOfIncremental, which had a
fast path to avoid the decoder for bytes less than 0x80 in the start
state.  We had to switch away from ValueOfIncremental but it's probably
a good idea to keep the fast path.

Bug: v8:12868
Change-Id: I7d83d67f2c13a1c4f026dde04ef0a69b7de47dc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723498
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81377}

Quite embarassingly, the test that the WTF-8 decoder rejects surrogate
pairs was broken: the trailing surrogate was invalid.  (The range of the
second byte for leading surrogates is [A0,AF], and for trailing is
[B0,BF]).  Of course the actual functionality was broken, because the
code that detected surrogate pairs called IsSurrogatePair with swapped
arguments.

Bug: v8:12868
Change-Id: Icab5e2e4e200afb3d34f478ab4f98b739ada5645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723497Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81376}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2089295..da9fb2e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I97069cb241823a1cd7841500c4c8fd546174ad88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3725651
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81375}

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220625.1.1..version:8.20220626.2.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I1062c51092c5b726eda8c676da482b2c40a914ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3725648
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81374}

This CL adds control-path type-tracking for wasm-gc nodes in the
WasmGCOperatorReducer. Nodes now use the types assigned to their
argument nodes, as well as the additional information tracked along
control paths.

Drive-by: Add support for multiple instances of the same node to
appear in control-path-state.

Bug: v8:7748
Change-Id: I73e8f84595609b3a5fb61a2bffeb973182d17676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717994Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81373}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/21685e0..2089295

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Icc99863c6ef4e1628f663f1fbe030f05e94e1214
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3724862
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81372}

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c7d258f..17a97ab

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220624.2.1..version:8.20220625.1.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I1c8ca01eabe718eaf69f61934a663ffce0aec896
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3724859
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81371}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ae20ef2..21685e0

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Icb2309a1db1c9c08109713e514972c8534053abe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3724527
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81370}

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/1da9170..50ec7b3

CherryPick PR2117 to avoid assert on invalid state (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/50ec7b3

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I7d5adea35e71e05537a3059241410e8536101021
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723786
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81369}

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/3236751..c7d258f

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/d9a9c40..ebccac7

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220623.3.1..version:8.20220624.2.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I733ec707759f16be34853b06edef5c1c8dea5329
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723784
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81368}

https://chromium.googlesource.com/external/github.com/tc39/test262/+log/b1f49b5c46..b458b9f0c2

Bug: v8:7834
Change-Id: I6191d4533ae2046b3b132b62397bcefa597320f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3724328
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81367}

In this part: find, findIndex, findLast, findLastIndex

Drive-by: add missing tests for A.p.fill + detaching.

Bug: v8:11111
Change-Id: I7583ccce16bf294cc5ab6adbb7ce1f019a11ad18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721315Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81366}

Bug: chromium:1339356, chromium:1338687
Change-Id: Ied308cc98c19e3b1402ffff6b2e8519d1e33fda2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721468
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81365}

Drive-by: add unscopable test for Array.prototype.toReversed.

Bug: v8:12764
Change-Id: I9d7dd8d4eae6d23811382b6795c2c6ff7f76be72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717552Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81364}

This reverts commit c4301c04.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/42568/overview

Original change's description:
> [maglev] Add internalized string compare fast-path
>
> - Rename TryBuildCompareOperationBranch to TryBuildCompareOperation
> - Add CheckedInternalizedString conversion Node that checks for string
>   inputs and extracts internalised Strings from ThinStrings
> - Add BranchIfReferenceCompare Node
> - Add runtime functions to create internalised and thin Strings
> - Add deopt check to test/mjsunit/maglev/int32-branch.js
>
> Bug: v8:7700
> Change-Id: I0073c24fad9e3231c985153cd27b0b8fe6ee56f0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664498
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81361}

Bug: v8:7700
Change-Id: Id4e18f42a5b1f0d6909b0a017ae8e289ae8c8614
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723520
Owners-Override: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81363}

Changes for TF instruction selector will be pasted
in the CL comments and will get applied once all
relaxed opcodes have been implemented in codegen/liftoff.

Change-Id: If7250d97398fd99dc2dd59d5d7ce079b99feed43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721428
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81362}

- Rename TryBuildCompareOperationBranch to TryBuildCompareOperation
- Add CheckedInternalizedString conversion Node that checks for string
  inputs and extracts internalised Strings from ThinStrings
- Add BranchIfReferenceCompare Node
- Add runtime functions to create internalised and thin Strings
- Add deopt check to test/mjsunit/maglev/int32-branch.js

Bug: v8:7700
Change-Id: I0073c24fad9e3231c985153cd27b0b8fe6ee56f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664498Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81361}

Replace MutexGuards with ParkedMutexGuards where GC might happen.

Change-Id: Ie782ca01962bd522870d3f82327aefd89095b165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720729
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81360}

v8 have not rolled latest perfetto's since January 2021.

At the moment, this roll is blocked on b/236945541

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Change-Id: Ife1a56a3b1ded47d806394738943805b7989964e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721615Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Mohit Saini <mohitms@google.com>
Cr-Commit-Position: refs/heads/main@{#81359}

Unaglined allocations are not fully supported in V8.

- Set USE_ALLOCATION_ALIGNMENT_BOOL to false for documentation
- Verify HeapObject address alignment requirements with --verify-heap
- Move address alignment to right after allocation in the deserializer
- Use object_size in the CheckAlignment helper to get a chance to
  figure out which allocation path we took

Bug: chromium:1330861, v8:8875
Change-Id: Iffd02d869923ccec133618250dfefb0480b02741
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717995Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81358}

The optimization of a trap inside a branch is being removed. Since it
does not speed-up non-trapping programs, and it is quite narrow, it is
not worth the maintenance cost.

Bug: chromium:1338947, chromium:1338950, chromium:1339153
Change-Id: I5b3f52e2b11d4c5113dd44fe23c14d74124a15f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721617
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81357}

|exclude_imports| flag is set in some of the perfetto's proto_library
targets to indicate that we don't need to generate the proto-descriptor
for the protos included in those `x.proto` files. In this CL we use that
flag to conditionally pass `--include_imports` argument to protoc.

This is similar to the CL (https://crrev.com/c/2632759)

Bug: b:236945541
Change-Id: I0689003978096798d1e966ec8485cd6af7237804
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721616Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Mohit Saini <mohitms@google.com>
Cr-Commit-Position: refs/heads/main@{#81356}

Bug: v8:7748
Change-Id: Id886fa4c734bbd826770239ea145630570915749
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723505Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81355}

This is a reland of commit 543acf34

Original change's description:
> cppgc: Minor fix in cppgc efficiency calculation
>
> Efficiency calculation (freed bytes over GC duration) assumes that the
> duration of the GC is non zero. However, if the clock resolution is
> not small enough and the entire GC is very short, the timed value
> appears to be zero. This leads to NaN values showing in metrics and
> CHECKs failing. This CL fixes the issue.
>
> Bug: chromium:1338256
> Change-Id: I1dbc52072fcde3411aa38fa0c11da25afd107ca8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714356
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81329}

Bug: chromium:1338256
Bug: chromium:1339180
Change-Id: Ib2b2a6973a6d290adf01568f35a205b606dd99f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723499Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81354}

There's no need to use the regular Scavenge visitor that would possibly
populate the worklists again as we already know that we merely want to
update the references at this point.

Bug: chromium:1336158
Change-Id: I137d0bc990473cd6bc23f3a8849d83314807f6a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723500Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81353}

Bug: v8:10644
Change-Id: Ie14c5055a4d24d064def7435fee2cde480844e8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717985Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81352}

Bug: v8:12833
Change-Id: I91e4dd6afb4c5b53a43067912a2d0cf0f4c9170a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719685Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81351}

Bug: v8:12783
Change-Id: I33f2809b60c894a82c3f00c59e9b848cc9f5036d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723501
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81350}

There were multiple bugs and no test coverage for br_on_cast and br_on_cast_fail, specifically for the paths in the decoder where those
checks get optimized away.

Bug: v8:7748
Change-Id: I6e5d6449152df0456b43938174f57055a4c63fdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723503Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81349}

When a detached JSDataView is deserialized, it's backing ArrayBuffer
backing store is empty (i.e. the EmptyBackingStoreBuffer() pointer).
Previously, the JSDataView's data_pointer would then be set to
EmptyBackingStoreBuffer() + byte_offset(), which is not a valid backing
store pointer as it points outside of the sandbox. Instead, which this
CL the data_pointer is now simply set to EmptyBackingStoreBuffer().

Bug: v8:10391
Change-Id: Ic7d144f2f20d5ec99438d2b3bf33735fbf8d5fc6
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717987
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81348}

Port commit e35039e7

Bug: v8:12191
Change-Id: I1e6c49c22b3b94306d5b46e2672594cb842232d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723159Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#81347}