Since we are reading an Object field, it could be that the gc
predicate fails. Therefore, this CL changes to TryMakeRef, and
makes the return value of length_unsafe() optional.

Bug: v8:7790, v8:12282
Change-Id: I86a8bcc6649d5e8121e52f8947b8331fcf242887
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200078Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77209}

The checks for assignemnts to member during prefinalizers assumed the
slot has to live. It was assumed that if a slot is dead then we would
not be updating it.
Prefinalizers are allowed to touch dead objects and thus are techincally
allowed to write to dead slots. Such writes are usually redundant (the
object will be swept soon anyway) but are not always easy to get rid of.

Bug: chromium:1255152, v8:11749
Change-Id: I57e143abd53d434c3198616909c506eb70d8944b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199800Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77208}

Bug: v8:7790,v8:12282
Change-Id: Id6a129c21648bb7919b1d162b47bb24c5d6b432a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200077
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77207}

MapRef::GetConstructor and GetBackPointer are immutable after
initialization.

Bug: v8:7790, v8:12282
Change-Id: I1059aabdd85a08af5f6d570a2eee206bda4f7ac3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200076
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77206}

Since the WasmStackGuard build-in is not kNoThrow, it needs to be
inserted in the control chain between the IfFalse and Merge nodes of the
stack check.

Change-Id: I5ad1c4f01e079c0c9079ea129f8e3363ade80217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199798Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77205}

When scanning for capture groups, we have to consider the case that the
current state is inside a character class. In that case skip everything
until the end of the current character class. Otherwise we would wrongly
count open brackets inside the character class as start of a capture
group.

Bug: chromium:1254704
Change-Id: I91d2177c464f7e507413d96216fe570253f17676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199871
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77204}

Port 098f31f4

Original Commit Message:

    This CL adds support for handling calls to C functions with arbitrary
    signatures on native arm64. It introduces a new ExternalReference type
    FAST_C_CALL.

    The CL also splits the 10 bits used by kArchCallCFunction instruction to
    store the total number of parameters into two 5-bit values, representing
    the number of general purpose and floating point parameters.

    Design doc:
    https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit

    This CL is partially based on the previous attempt:
    https://chromium-review.googlesource.com/c/v8/v8/+/2343072

R=mslekova@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I3da5a9ef01f8de050a377e120ffcfbef6f2d31b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198748Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77203}

Bug: v8:12228
Change-Id: Ie1f569c450f84a862c754b844e36349b1533872d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194633Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Cr-Commit-Position: refs/heads/main@{#77202}

Bug: chromium:1254675
Change-Id: I8c24d3956752a367a4fa60827ee47a589c48e699
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197700Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77201}

There is a demand of access to %Array.prototype% in Blink in
order to implement Web IDL observable array type.

Bug: chromium:1201744
Change-Id: I31ca5cd746f3a2eab8bd291741408a1dea17c122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194025
Auto-Submit: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77200}

This reverts commit 3600aabf.

Reason for revert: Causes test failures on AIX and PPC Linux.

Original change's description:
> ppc: [liftoff] implement AtomicExch and AtomicCmpExch
>
> Change-Id: Ida66b9c42cfb9bd5b59a83188a2dfa0d602d4036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192427
> Reviewed-by: Milad Fa <mfarazma@redhat.com>
> Commit-Queue: Junliang Yan <junyan@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#77148}

Change-Id: If6ee4b050945b706c36a344abb844c7b73b2aba1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198736Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77199}

This CL adds support for handling calls to C functions with arbitrary
signatures on native arm64. It introduces a new ExternalReference type
FAST_C_CALL.

The CL also splits the 10 bits used by kArchCallCFunction instruction to
store the total number of parameters into two 5-bit values, representing
the number of general purpose and floating point parameters.

Design doc:
https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit

This CL is partially based on the previous attempt:
https://chromium-review.googlesource.com/c/v8/v8/+/2343072

Bug: chromium:1052746
Change-Id: Ib508626d57da26ec3c9186ee8fc46356e3c87f3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182232Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77198}

If processing the marking worklists found new ephemeron pairs, but
processing the existing ephemeron pairs didn't mark new objects, marking
would stop and the newly discovered ephemeron pairs would not be
processed. This can lead to a marked key with an unmarked value.

Bug: chromium:1252878
Change-Id: I0f158f6f64490f1f06961520b4ba57fa204bd867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199872
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77197}

Bug: chromium:1056170
Change-Id: Ib508e996bd714077ca49aa9496b7630c23d02836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199879
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77196}

This is mostly just whitespace tweaks, plus removing a redundant
public access specifier.

Bug: v8:7793
Change-Id: Ic8b3efe4f707108d29dc2dfd55c46d9a47c48058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199603Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77195}

This is a reland of da35064b

Original change's description:
> Update V8 DEPS.
>
> Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ecb990f..ebad853
>
> Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/50e90b8..9959b06
>
> Rolling v8/third_party/aemu-linux-x64: e_KiIcYNB7sHa2eqRBhqVoR_Mmg2Q7nqmzRCXzegWQAC..FAd7QuRV-mCjbKgg2SO4BBlRCvGIsI672THjo3tEIZAC
>
> Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/6e5dc9a..7a11b79
>
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5afc365..c0b9d25
>
> Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/764c927..0e2fb33
>
> Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/ab36804..3b49be0
>
> Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/eb740e9..5df06a4
>
> Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/278dd91..c06edd1
>
> TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
>
> Change-Id: Ifafd7fe3250976867f35c4d709b0220a23930c3f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199830
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#77190}

Bug: v8:12277
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_msan_rel_ng_triggered
Change-Id: Ie5bd6b01d0acbe836b8881717b09280e782c8827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199876Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77194}

Bug: chromium:1245634
Change-Id: I48eb590fa8c75fe2eded6b85dab6680efb751fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199873
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77193}

This reverts commit da35064b.

Reason for revert: Still failing on MSAN, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/40662/overview

Original change's description:
> Update V8 DEPS.
>
> Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ecb990f..ebad853
>
> Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/50e90b8..9959b06
>
> Rolling v8/third_party/aemu-linux-x64: e_KiIcYNB7sHa2eqRBhqVoR_Mmg2Q7nqmzRCXzegWQAC..FAd7QuRV-mCjbKgg2SO4BBlRCvGIsI672THjo3tEIZAC
>
> Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/6e5dc9a..7a11b79
>
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5afc365..c0b9d25
>
> Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/764c927..0e2fb33
>
> Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/ab36804..3b49be0
>
> Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/eb740e9..5df06a4
>
> Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/278dd91..c06edd1
>
> TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
>
> Change-Id: Ifafd7fe3250976867f35c4d709b0220a23930c3f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199830
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#77190}

Change-Id: Icf6b30f4c09d9604e25bfacbf7e844147a105c09
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199875
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77192}

Bug: v8:11826
Change-Id: I7f93b4bfeccc47c1a4e6c2b3a72d2595b4af8bfb
Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg_ng,v8_numfuzz_ng,v8_numfuzz_tsan_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197716
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77191}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ecb990f..ebad853

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/50e90b8..9959b06

Rolling v8/third_party/aemu-linux-x64: e_KiIcYNB7sHa2eqRBhqVoR_Mmg2Q7nqmzRCXzegWQAC..FAd7QuRV-mCjbKgg2SO4BBlRCvGIsI672THjo3tEIZAC

Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/6e5dc9a..7a11b79

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5afc365..c0b9d25

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/764c927..0e2fb33

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/ab36804..3b49be0

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/eb740e9..5df06a4

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/278dd91..c06edd1

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ifafd7fe3250976867f35c4d709b0220a23930c3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199830Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77190}

It's not always easy to spot what exact configuration of V8 is run
within embedders. With --print-flag-values we can easily compare
different configurations.

Drive-by-fix:
- Use new FlagValue and FlagName helpers for printing
- Remove unused FlagList::argv helper

Change-Id: Ic8a25479d7b1e72f714b22ae7d2e56e06e810556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197713Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77189}

By changing AllocationFlag from enum to enum class

Bug: v8:12244, v8:12245
Change-Id: Ifdd04bb12026619f6422a98ee0890bd557f0e4e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181536
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77188}

When we generate identical signatures in the fuzzer,
we generate one function for each of the copies.
However, when these functions are added to WasmModulBuilder,
all will be assigned the same signature index.
Therefore, when ref.func tries to find a function corresponding
to a signature index, it will fail, despite a matching signature
existing in the module.
This CL fixes this issue by looking up functions by signature
over signature index.

Bug: v8:11954, chromium:1254387
Change-Id: Iac8d5444d4914d993da63d0630ca4d95e671630c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197711Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#77187}

The logic to locate the correct function to set a breakpoint in based
on script position was treating SharedFunctionInfo::EndPosition() as
inclusive rather than exclusive. There are various assumptions all over
the Debugger that seem to demand this treatment for the toplevel script.
But it's definitely wrong for function literals.

Fixed: chromium:1253277
Change-Id: I3421703673f4d78aee28e923e03e2fca24bc06ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197715
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77186}

Smi constants in 32 bit machines are guaranteed to be 31 bits.

Bug: chromium:1254189
Change-Id: I4ea296a7212c5e6ea14119fbd71cfb5789762b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195874
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77185}

This CL adds a getStorageIfAligned method to obtaining a typed pointer
to the underlying TypedArray data, if the pointer to it is properly
aligned.

Bug: chromium:1052746
Change-Id: Ie8cb3438135b0da060e2b42ec71bba0e72ae4f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195875Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77184}

Previously we'd treat %_AsyncFunctionReject (and %AsyncFunctionReject)
as side-effect free (in async functions), but that's not correct, since
promise rejections have side-effects (at the very least triggering the
unhandled promise rejection machinery in the browser).

This required a minor refactoring as previously we'd classify functions
as side-effecting or not depending on whether they contain any calls to
side-effecting intrinsics, no matter whether this call is actually
executed or not. That would break REPL mode however if we'd generally
treat all async functions with %_AsyncFunctionReject intrinsic calls as
side-effecting, so instead of performing the intrinsic checks ahead of
time, we now perform the test at execution time.

Before: https://imgur.com/5BvJP9d.png
After: https://imgur.com/10FanNr.png
Fixed: chromium:1249275
Change-Id: Ib06f945ba21f1e06ee9b13a1363fad342464fd9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197712
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77183}

Fixed: chromium:1073804
Change-Id: Idb8b4b5558bb243eb1cbe70b2de1c22d8dd07f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198152
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77182}

We implement two optimizations for trap conditionals for patterns that
come up in wasm-gc.
In case of a Merge followed by a trap, where the path conditions of all
branches of the Merge contain the trap condition, we lift the trap into
the branches of the Merge.
In case of a Branch whose IfTrue branch is followed by a TrapIf with the
same condition, we replace it with the trap followed by the IfFalse
branch. Symmetrically for IfFalse and TrapUnless.

Bug: v8:7748
Change-Id: I43040aebe60eab7b2230fc3130e3b8250e8b2f45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190109Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77181}

Port 3e3a027d

Original Commit Message:

    Irregexp reentrancy (crrev.com/c/3162604) introduced a bug for global
    regexp execution in which each iteration would use a new stack region
    (i.e. we forgot to pop the regexp stack pointer when starting a new
    iteration).

    This CL fixes that by popping the stack pointer on the loop backedge.

    At a high level:

    - Initialize the backtrack_stackpointer earlier and avoid clobbering
      it by setup code.
    - Pop it on the loop backedge.
    - Slightly refactor Push/Pop operations to avoid unneeded memory
      accesses.

R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Iafe6814d3695e83fced6a46209accf5e712d56f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198391Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77180}

Port b9a6301e

Original Commit Message:

    Load instance type into a register instead of using memory operands for
    several checks on ia32 and x64.

R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I05ea2bd32ea2a2053b601323813c580d55094e46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198130Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77179}

Currently, it is possible to declare macros, builtins, etc., without
specifying a return type, in which case the return type is treated as
void. This is confusing; the code is more clear if we require the return
type to be specified.

Aside from src/torque, this change is almost entirely just adding
`: void` until the compiler is happy. However, two intrinsics in
src/builtins/torque-internal.tq have been corrected to declare an
appropriate return type. Those two intrinsics were only used in code
generated within the compiler after the type-checking phase, so we never
noticed that their return types were declared incorrectly.

Bug: v8:7793
Change-Id: Ib7df88678c25393a9e3eba389a6a1c4d9233dcbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3176502
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77178}

Bug: chromium:1254191, v8:9407
Change-Id: Ieb22063dad1ea8dfde359662d0330e689b6b2e05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193547Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77177}

Change-Id: Iec020471bd8268043961c62207cc03ca8a315d33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197290Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77176}

Loop exits are only used during loop unrolling and are then removed, as
they cannot be handled by later optimization stages. Since unrolling
comes before inlining in the compilation pipeline, we should not emit
loop exits in inlined functions.

Bug: v8:12166
Change-Id: I28b3ebaf67c9e15b127eeb1a63906c4ecfd77480
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195871Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77175}

Bug: chromium:1052746
Change-Id: I368ef855f711ca09c1a34b2be6e9bf72e6a7310c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193873Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Austin Eng <enga@chromium.org>
Auto-Submit: Austin Eng <enga@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77174}

This reverts commit f4099832.

Reason for revert: The new test is failing on noi18n, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/39705/blamelist

Original change's description:
> [inspector] Mark `Intl` builtins as side-effect free.
>
> Fixed: chromium:1073804
> Change-Id: Ia8cd29323e2b1c4faa0f115b5f60bc216b7813f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196175
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77171}

Change-Id: Ibb11ba2e835992e8b2fdd374bb38e245d32a1047
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197192
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77173}

The NewWasmStruct/NewWasmArray factory functions didn't take pointer
compression into account; this patch fixes that.

Bug: v8:7748
Change-Id: I7a77d867971aad1df6660a3b7279ca3b2819b86a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195873Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77172}

Fixed: chromium:1073804
Change-Id: Ia8cd29323e2b1c4faa0f115b5f60bc216b7813f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196175
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77171}

Minor MC does not support processing the specialized remembered set
for ephemeron tables.

Temporarily delegate to the regular write barrier for correctness
until the other barrier is supported.

Bug: v8:12262
Change-Id: Iad74b27f8738237dcc1e146b2df3aa6ed8c9a505
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195895Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77170}