Port commit c3ca8158

Change-Id: I76fd54522ec901534a13af6eadb917f6e8608d14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835264
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82509}

For Example:
------------------------
691:  Int32Constant[8]
1857: Word32And(1838,691)
1858: Word32Equal(1857,691)
1859: Branch(1858,2141)
======>
691:  Int32Constant[8]
1857: Word32And(1838,691)
1859: Branch(1857,2141)
------------------------


Assembly code:
------------------------
andl r9,0x8
cmpb r9l,0x8
jz 0x7f242017bf3c
======>
testb r9,0x8
jnz 0x7f56c017be2e
------------------------


Change-Id: I62a2a3d4bda5a82011b1c6aa745c1c8dc8cf4525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3809052Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Cr-Commit-Position: refs/heads/main@{#82508}

Bug: v8:11544
Change-Id: Iaf285f431e742e607e09d37c47a94d3f86806b13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833434Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82507}

This reverts commit 6561d415.

Reason for revert: Adds ~300kb of code size, breaking
https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia-binary-size/53196/overview

Original change's description:
> cppgc: Enable pointer compression on all platforms but M1
>
> M1 still seems to have some performance regressions on
> MotionMark/multiply.
>
> Bug: chromium:1325007
> Change-Id: I12ce44b8cef646f09a3c74ba533dfee8dffdd2ce
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829540
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82485}

Bug: chromium:1325007
Change-Id: Ib7aff1e1859ebd17cefd05c5f627a713f045fd26
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831333
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82506}

Refactoring the code dealing with TimeZone Canonicalization.
Change CanonicalizeTimeZoneName from return MaybeHandle<String> to Handle<String>
Move TimeZoneId from JSDateTimeFormat to Intl and return Handle<String> instead of Handle<Object>


Bug: v8:13112
Change-Id: I678b0e0d407e5e4e9dd8b7120c0e99e7e2d9c5ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833435Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82505}

This CL changes the WasmTypeInfo class to have a direct ExternalPointer
to the native type structure instead of using a Foreign. This in turn
makes it possible to use a unique pointer tag for that external pointer
when the sandbox is enabled.

Bug: v8:10391, v8:12949
Change-Id: Ifee4d2103cabfa6a7299d0d09e06d387034e5f8f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829085Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82504}

The previous CL (https://crrev.com/c/3810187) caused a 86.9kB binary
size regression on arm64 Android.
The 64kB alignment is actually only needed on Linux, as Android
always uses 4kB. This reduces the binary size by 98.3kB in a local test,
resulting in a 11.4kB reduction overall (over both patches).

R=cbruni@chromium.org

Bug: v8:12887
Change-Id: If0c44d1b447e6982876a6ced8680b904613e39d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829473Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82503}

Sync to https://github.com/tc39/proposal-temporal/pull/2278
Use Smi::zero instead of BigInt::FromInt64(isolate, 0)
Rework the BigInt comparions code

Bug: v8:11544
Change-Id: I8b85156927601aad272b10c35ae15fd1c65e01c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832538Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82502}

Bug: v8:13195
Change-Id: I4a7904e568933df2f6a8cffdb13f9b575fc17eee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832392
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82501}

Bug: v8:7327
Change-Id: I0de7ee31762db6b95a631eedffd0f82fa2f0ce3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812034Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82500}

Int32MulWithOverflow on arm64 uses a cmp to set flags rather than
the multiply instruction itself, thus we can use a left shift when
the multiplication is by a power of two.

This provides 0.15% for Speedometer2 on a Neoverse-N1 machine,
with React being improved by 0.45%.

Change-Id: Ic8db42ecc7cb14cf1ac7bbbeab0e9d8359104351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829472
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82499}

Bug: v8:7327
Change-Id: Ic805dc9bb1f653930d0bb34163d21aa34efc6a51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820069Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82498}

This fixes a compile error in C++20 with comparison operator reordering.

Also does a little misc. cleanup to the adjacent code.

Bug: chromium:1284275
Change-Id: I1999c4ef2e8a201d2f1270347fe12c33c961c011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830987
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82497}

Bug: v8:7327
Change-Id: Ia0b768fe6a08c6e628fb91ac489556ddedf120ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805662Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82496}

This reverts commit ee89a269.

Reason for revert: Speculative revert https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/24078/overview

Original change's description:
> [wasm-gc] Add extern.externalize
>
> This adds `extern.externalize(ref null any): ref null extern` to wasm
> which packs wasm objects into JS objects if the js-interop flag is not set.
> This is the counterpart to extern.internalize introduced in
> 50ec8a11.
>
> Bug: v8:7748
> Change-Id: I67b8fe6d70b9f526ff6c43b0a4d7861c7ff5dad0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825879
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82492}

Bug: v8:7748
Change-Id: I22c84d69a1dc957208f60ae3125e80278ae739a5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832389
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82495}

The {vmar.protect} API used for {SetPermissions} fails when called on
data memory with error -10 (ZX_ERR_INVALID_ARGS).
Skip fuchsia until we figure out the right API to use there.

R=cbruni@chromium.org

Bug: v8:13194
Change-Id: I20754f7212a892b8440f29658bf3db40f7745fe9
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833820
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82494}

This is a reland of commit a19316d9

- Revert malloc_usable_size() changes temporarily to land them in
  isolation.
- Add cosmetics from https://crrev.com/c/3827876

Original change's description:
> [heap] Rework Worklist base type
>
> Worklist uses a singly-linked list of segments to hold entries.
> Segment size was based on a compile-time constant but already stored
> in the segment itself.
>
> Rework the segments to query `malloc_usable_size()` on allocation and
> adjust the capacity properly. For PartitionAlloc, it turns out that
> there's ~20% more capacity available for the 64-element segments.
>
> This slows down actual allocation of the segments with the upside of
> improving utilization and requiring 20% less segments.
>
> Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82432}

Change-Id: Ic8c5257cfe3c347b11eea5c513ca7f62e09f637f
Bug: v8:13193
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829475Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82493}

This adds `extern.externalize(ref null any): ref null extern` to wasm
which packs wasm objects into JS objects if the js-interop flag is not set.
This is the counterpart to extern.internalize introduced in
50ec8a11.

Bug: v8:7748
Change-Id: I67b8fe6d70b9f526ff6c43b0a4d7861c7ff5dad0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825879Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82492}

Bug: v8:13035
Change-Id: I028f77f7dea73d56bf9df56ee06908fd01ce8a43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830034Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82491}

Bug: v8:11880
Change-Id: I4515f98ade8237ac049e782b1b886a2139295b3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827863Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82490}

This CL fixes a CHECK that checks the wrong thing. Specifically when
we `Advance` the debug::PropertyIterator it can throw an exception.
We have a CHECK that verifies that a corresponding v8::TryCatch catches
the exception when the return value indicates this. Unfortunately, the
CHECK was looking at the wrong v8::TryCatch scope.

R=jarin@chromium.org

Bug: chromium:1353051
Change-Id: Ic52e4efd44b89f8e4d1f6acace234c6065e081cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829543
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82489}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/ef7f75f..77d1e74

add debug option for enabling more output for failed cxxfeaturechecks (#1467) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/77d1e74

FIx typo in benchmark.h (#1465) (Björn Daase)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/4366d66

run ClearRegisteredBenchmarks at exit (#1463) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/af32e3f

Avoid deprecation warning in NVHPC (#1459) (Cezary Skrzyński)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/a476d0f

Ensure we don't need benchmark installed to pass c++ feature checks (#1456) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/974cd5a

Explicitly cast int literals to int8_t in tests to silence implicit-conversion warnings (#1455) (Vy Nguyen)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/5eb16ee

Fixed build issues on window (#1449) (Vy Nguyen)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/1cca1d0

remove unnecessary generated include directory (#1451) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/7d48eff

...

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I193cf1c771fd55990ab54cfd902248809b798006
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831637
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82488}

Port commit dc2d69d8

Bug: v8:11708
Change-Id: Ia21753e58b93abed3da13e6b05801f26d350f013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833439Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82487}

Introduce common bottleneck for all incremental marking step
invocations from a task context. This will later be used to move
code out of IncrementalMarking::Step.

This is a reland of https://crrev.com/c/3822682. This CL now always
schedules normal tasks instead of delayed ones in order to keep current
behavior.

Bug: v8:11708
Change-Id: I0dc378879177458a6429ea0b3acd3ee45b499240
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833814Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82486}

M1 still seems to have some performance regressions on
MotionMark/multiply.

Bug: chromium:1325007
Change-Id: I12ce44b8cef646f09a3c74ba533dfee8dffdd2ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829540Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82485}

The external pointer table is already to some degree self-compacting: as
the freelist is sorted in ascending order, free entries at the start of
the table should quickly fill up. However, any live entry at the end of
the table makes it impossible to shrink the table, thereby causing
higher memory consumption. To solve this, this CL implements a simple
table compaction algorithm, used when the freelist has become
sufficiently large (currently >= 10% of the table capacity):
 - The goal of the algorithm is to shrink the table by freelist_size/2
   entries at the end of compaction (during sweeping).
 - At the start of the marking phase, the compaction area is computed as
   roughly [capacity - freelist_size/2, capacity).
 - When an entry is marked as alive that lies inside the compaction
   area, a new "relocation entry" is allocated for it from the freelist
   and the address of the handle for that entry is stored in that entry.
   If there are no more free entries before the compaction area,
   compaction is aborted. This is expected to happen rarely and is
   logged into a histogram.
 - During sweeping, all relocation entries are "resolved": the content
   of the old entry is copied into the new entry and the handle is
   updated to point to the new entry.
 - Finally, the table is shrunk and the last initial_freelist_size/2
   entries are decommitted.

See also the comments in the ExternalPointerTable class for more details.

Bug: v8:10391
Change-Id: I28d475c3596590e860421f0a054e2ad4dbebd487
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794645Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82484}

Consider the function:

function foo() {
  debugger;
  let y = 1;
}

V8 will elide the hole initialization for 'y'. When we pause at the
debugger statement, then 'y' evaluates to 'undefined'.

This CL fixes this in the ScopeIterator. When we encounter local
variables with an `undefined` value we check the static scope
information if we are stopped *before* the variable's initializer.
If yes, then we are in the variable's TDZ and report
"value unavailable".

Drive-by: Mark `GetSourcePosition()` as `const` to make it available
in the visitor method.

R=bmeurer@chromium.org

Bug: chromium:1328681
Change-Id: I8b966eaa2af64a35a58095a744440851760921a0
Fixed: chromium:1303493
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829539
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82483}

This CL replaces the AllocateExternalPointerEntries methods with
per-field init_##fieldname methods for every external pointer field.
These now initialize the field by allocating the external pointer table
entry for it and also set the initial value. This saves one memory write
in the typical case (what used to be AllocateExternalPointerEntries
followed by a set_##fieldname) and removes some code that can be
factored out into the (DECL_)EXTERNAL_POINTER_ACCESSORS macro.

Bug: v8:10391
Change-Id: Iac937316322910de0a8bb99b33592eca8c57a4a6
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810344Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82482}

Bug: v8:13153
No-Try: true
Change-Id: I0436f71b5fa00f00a0ae7a30bb0a5a167994739d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833774
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82481}

Bug: v8:13154
No-Try: true
Change-Id: I8cb7b273cadfcd3704e25ccaa93f61fadb8d4585
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826256
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82480}

Reland "Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off""

This reverts commit e6bcabd1.

Reason for revert: preparation to reland for when the errors are solved

Original change's description:
> Revert "Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off""
>
> This reverts commit fe327545.
>
> Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/8615/overview
>
> Original change's description:
> > Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"
> >
> > This is a reland of commit 2055c3b4
> >
> > Original change's description:
> > > [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
> > >
> > > Bug: v8:13058
> > > Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> > > Cr-Commit-Position: refs/heads/main@{#82213}
> >
> > Bug: v8:13058
> > Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
> > Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#82221}
>
> Bug: v8:13058
> Change-Id: Icb621fac3758384e0b04520585f5c998563c1f6f
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811289
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82224}

Bug: v8:13058
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_tsan_rel_ng_triggered
Change-Id: Ifc8ecd1e7fc2ccc58718f662fbade1a66c46aa13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811585
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82479}

When freezing flags, not only remember this in a global variable, but
also actually memory-protect the memory that holds the flag values.

R=cbruni@chromium.org
CC=​sroettger@chromium.org

Bug: v8:12887
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Change-Id: I2ae638790d1f08f4bcc1b7e6cb5970e4e7463aad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811286Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82478}

Change-Id: Ic394381f5159211a437e8ee30a474ed974b7f930
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832374
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82477}

Remove the following deprecated functions:
include/v8-inspector.h:364 v10.3  Use version with client_is_trusted argument
include/v8-locker.h:130    v10.3  This method will be removed.
include/v8-message.h:90    v10.3  Use GetHostDefinedOptions
include/v8-script.h:51     v10.0  Use HostDefinedOptions
include/v8-script.h:671    v10.0  Use CompileFunction

Output generated by tools/release/list_deprecated.py.

Remove CompileFunctionInContext for chrome and only implement it if
V8_SCRIPTORMODULE_LEGACY_LIFETIME is defined.

Change-Id: I33dd3665220f484e277e66f340e17ed2c3b49916
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702449Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82476}

TotalDurationNanoseconds previously return a double to represent the
total duration nanoseconds, but the value could be easily bigger than
the precise value a double can represent. A double can precisely
represent integer to 2^53, which is only about 104 days if that value
is nanoseconds. So we need to change the return type to BigInt.

Refactor BalanceDuration to merge common code.

Change JSTemporalDuration::Compare to use the BigInt version of
TotalDurationNanoseconds
Change the call site of TotalDurationNanoseconds in  RoundDuration

Add newly defined BalancePossiblyInfiniteDuration and change
BalanceDuration to call it.

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-balancepossiblyinfiniteduration
https://tc39.es/proposal-temporal/#sec-temporal-balanceduration
https://tc39.es/proposal-temporal/#sec-temporal-totaldurationnanoseconds

Split from changes in cl/3750098

Bug: v8:11544
Change-Id: Ia4ca8f9bdba49c3a5e54edeef0d2a5833b0002a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824658Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82475}

Make sure there is no background GC when setting flags.

Bug: v8:12612, v8:13185
Change-Id: I0a2d4796abe265defa00d86f826003eb048e5bf1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829482
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82474}

This CL builds upon https://crrev.com/c/3284887 (and partly reverts it).

Class literals are a bit iffy when it comes to source position and
debugging. Mainly the debugger assumes the following invariant:
When we are paused inside a class scope, then we expect the class's
BlockContext to be pushed already. On the other hand, when we are
paused outside a class scope in a function, we don't expect to find
the class's BlockContext.

The problem is that there are cases where we can either pause
"inside" or "outside" the class scope. E.g.:

  * `var x = class {};` will break on `class` which is inside
    the class scope, so we expect the BlockContext to be pushed

  * `new class x {};` will break on `new` which is outside the
    class scope, so we expect the BlockContext to not be pushed
    yet.

The issue with the fix in https://crrev.com/c/3284887 is that it
adjusted the break position for the bytecode of class literals to
ALWAYS be after the BlockContext is pushed. This breaks the
second example above. We need to tighten the fix a bit and only
defer the break position if the "current source position" is
inside the class's scope. This way we always guarantee that the
BlockContext is pushed or not, depending if the source position
that corresponds to the break position is inside or outside the
class's scope.

Note 1: The CL updates a lot of the bytecode expectations. This
is because the class literals are often the first statement in
the snippet so we don't need to defer the break position.

Note 2: We add a mirrored debugger test to the inspector test so
the fuzzer can have some more fun.

Fixed: chromim:1350842
Change-Id: I9b5a409f77be80db674217a685a3fc9f8a0a71cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827871Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82473}

Enable test-gc/RunWasmLiftoff_WasmArrayCop test-gc/RunWasmLiftoff_CastsBenchmark

Change-Id: I4d67ce0ead382c2e96951098b0fdd53766e5921f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822761
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82472}

Bug: v8:12781
Change-Id: I57bda54ef37a9dfdb9f3f8ad7c9e16541b345509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827130
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82471}

Once lazy compilation lands we want to continue testing the eager
compilation configuration. For that we add --no-wasm-lazy-compilation to
the "stress" variant.

Bug: v8:12852
Change-Id: I1777aaeb1c8cec0359128ed4b3d34a21aa3ce37e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810249Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82470}