Previously when hitting a debugger statement we would ignore reporting
the hit breakpoints.

Bug: chromium:1229541, chromium:1133307
Change-Id: I47427a541391a27fc7783930e5e7eb41fbf2bb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306373Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78145}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2386a80..e0d5dbf

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/75423c3..8cf0922

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2ffa1bd..512ca5c

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/11ea35f..9c18fde

Rolling v8/tools/luci-go: git_revision:03f7c59feeac59c211e5b06fbbbc7405861b482e..git_revision:7422359d33c606e8adb0e9cf461837eb9b49431f

Rolling v8/tools/luci-go: git_revision:03f7c59feeac59c211e5b06fbbbc7405861b482e..git_revision:7422359d33c606e8adb0e9cf461837eb9b49431f

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I605ad6a635b3ee5b1d0f46f75e351b347382a3ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308453
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78144}

Change-Id: I72a9b9551bc99d94bfb41fe5174ae58844e5dedb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303802Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78143}

This reverts commit 4997ce58.

Reason for revert: CHECK triggers on content_browsertests, blocking V8 roll
https://cr-buildbucket.appspot.com/build/8829191878491185313

Original change's description:
> cppgc: Add targeted CHECK for diagnosing Peristent issue
>
> The added CHECK aims at finding problems where Peristent is used off
> the owning thread.
>
> Bug: chromium:1253650, chromium:1243257
> Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78137}

Bug: chromium:1253650, chromium:1243257
Change-Id: I6b5c3d3ac0a01e1e3de31a10d5903ea26cf5ae9a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308373
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78142}

Current Baseline compiler generates calls to Binop_Baseline for both
Binop and Binop with Smi rhs. This CL make BinopSmi calls to
BinopSmi_Baseline which does not do speculation for rhs.

Bug: v8:12442
Change-Id: Ied786af028429aa0842b9b6d2a5736779f24b568
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303807Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#78141}

--experimental-wasm-mv has been removed, and --wasm-loop-unrolling is on
by default.

Change-Id: I094870765031ef46fcec95e9071333e4e80f407b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302805
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78140}

{WasmInternalFunction::external} might return a function that is not
a WasmExportedFunction, at which point the code in ProcessTypeFeedback
fails.

See crrev.com/c/3277878 for context.

Bug: v8:12436, v8:12166
Change-Id: I09ef96df3fc051586044dd9c2ce88d6aeeb34b9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306391Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78139}

result needs to byte-swapped as it's currently in machine
native order and Wasm requires LE ordering.

Change-Id: Ib29e26985b122a4c1ebba715c47a4d4477bbad54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301460Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78138}

The added CHECK aims at finding problems where Peristent is used off
the owning thread.

Bug: chromium:1253650, chromium:1243257
Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78137}

memory[1] needs to be set in LE order even on BE platforms.

Change-Id: I44620c30a25719d0d61e0f14490342ee930dbbb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302852Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78136}

It's not yet understood how this worked with c++14. Add the workaround,
so that we can figure this out in parallel with -std=c++17 enablement.

Bug: chromium:1273966
Change-Id: I7098d345a5df6e208dfd582eeaecab22e52fecb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304143
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78135}

Annotating the global handles gives us a nice description in heap
snapshots.

Bug: v8:12198
Change-Id: Ie6385794a6b5a1d43f5730b6ff521611f1b366af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304067Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78134}

JSWeakRef and WeakCell both have weak pointers, which should be marked
as such in heap profiler snapshots.

Bug: v8:12112
Change-Id: Ie7aaa2cd3e44552427679e650e462d64704725d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299592Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78133}

This CL removes registration of CppHeap as a remote tracer, and
revises LocalEmbedderHeapTracer as a switching point between CppHeap
and a remote tracer. Currently it is assumed that CppHeap and a remote
tracer are mutually exclusive and only one can be used at any given
time.

Bug: v8:12407
Change-Id: I53513d181ab63f56a88f05c3b76b47ac4dffe86f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289167
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78132}

Bug: v8:12446
No-try: True
Change-Id: I55638c294d499ae3e1dc7108bfcaf62b1aebc07a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306388
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78131}

This low-level API implements virtual address space reservations on the
supported platforms. An AddressSpaceReservation supports similar
functionality as the global page management APIs in the OS class but
operates inside a continuous region of previously reserved virtual
address space. A reservation is backed by regular mmap mappings on
Posix, by placeholder mappings on Windows, and by VMARs on Fuchsia.

Bug: chromium:1218005
Change-Id: I99bc6bcbc26eb4aa3b54a31c671c9e06e92c471b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270540
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78130}

We had IsJSHandlerOnTop and IsExternalHandlerOnTop, which were almost
opposites but not quite. We often did the same computation repeatedly
for determining which kind of a handler is at the top (if any).

This CL simplifies the logic, and only does the three-way logic once:
either there's an external handler, a JS handler, or neither.

It also removes dead code from Isolate::ReportPendingExceptions: we
already do an early return if there's a JS handler on top, so we don't
need to re-check.

Bug: v8:12437
Change-Id: Ic15675bf2177772037d9fcec31c79019e4f0e02c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302802Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78129}

This method should make it easier to debug memory leaks or out-of-memory
errors with d8.

Bug: v8:12198
Change-Id: I66d0ce8e04732badb7902453a1cd95ba9c29f3e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303801Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78128}

With https://crrev.com/c/3272577 we introduced a `StackFrame` cache for
the inspector, which is keyed on the script ID, line and column number,
so the syntactic properties of the function. However, the name that we
report for functions is dynamic and can change (per closure) by
explicitly reconfiguring the "name" property via

```js
var f = function() { /* ... */ }
Object.defineProperty(f, "name", {value: "super duper function"});
```

for example, so we need to take that into account as well, and only use
the cached `StackFrame` instance if the dynamic names still match up.
Otherwise we just overwrite the cached entry with a new instance (the
assumption here is that "name" isn't reconfigured often).

Fixed: chromium:1274529
Bug: chromium:1268436
Change-Id: I519017c762aed5b4f93b9dc4553fa81d5979f1a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306376
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78127}

{WasmInternalFunction::external} might return a function that is not
a WasmExportedFunction, at which point the code in ProcessTypeFeedback
fails.

See crrev.com/c/3277878 for context.

Bug: v8:12436
Change-Id: I447710cfa2dbdb64cba27922da85871d18bc79a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303613Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78126}

Until now, histograms associated with isolate counters were created
at the time of isolate initialization. This is too early because it
happens before persistent memory is configured. Histograms created
before persistent memory is set up are retrieved periodically but
infrequently and are not "flushed" on process termination. As a result,
a lot of samples from V8 are lost.

This CL implements lazy creation of counter histograms, the first time
that they are used.

Bug: chromium:1270428
Change-Id: I8540b50b6c3dde1f477853a011b6c3f2c2c6ef9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284888
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78125}

This is a reland of 76f6c276

Original change's description:
> cppgc: Fix data race ObjectSizeTrait
>
> Fix benign race in
>   https://clusterfuzz.com/testcase-detail/5203237072076800
>
> Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78121}

Change-Id: Ifa50f35591b2ae40f11a384f0fb2ff50115b2511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306379
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78124}

To trigger speculative inlining, a function needs to run a few times on
Liftoff-tier, and then tier-up to Turbofan. We make sure this happens
by enabling --wasm-dynamic-tiering with a small budget, and running
the critical functions until {%IsLiftoffFunction} is false.
We also add an additional test.

Bug: v8:12166
Change-Id: I6c5e0d3f1e3ba0df8510ae6850d8e9af1d01c179
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306372Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78123}

This reverts commit 76f6c276.

Reason for revert: Mac64 ASAN is unhappy, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20ASAN%20-%20builder/194/overview

Original change's description:
> cppgc: Fix data race ObjectSizeTrait
>
> Fix benign race in
>   https://clusterfuzz.com/testcase-detail/5203237072076800
>
> Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78121}

Change-Id: I96c40a1e3421f59cf97efd4a844a041280989171
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306377
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78122}

Fix benign race in
  https://clusterfuzz.com/testcase-detail/5203237072076800

Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78121}

Loong64 supports 4K-64K OS pages
Fix loong64 unittests PlatformUsesGuardPages failure

Change-Id: I1451685828ef1d857b7d2af3f1810286f84bdc50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299672Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#78120}

Bug: chromium:1272026
Change-Id: Ic569c61b21d4c9c95d62e731a48076c871dd74ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303804Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78119}

Previously, we would encode 'other' as a reason for pausing when
stepping too, however, it would not show as such in case it would
overlap with another reason. This CL makes sure that we always report
'other' as a reason if we are stepping.

Drive-by: only encode 'other' as a reason once

Bug: chromium:1229541
Change-Id: Id73822dff68d1d54a2f1fafdf2a097e1377ece75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295346Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78118}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/78cedba..2386a80

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/f8964a5..2231b7c

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I3b3e7c679be02dd9165d2cd87986364547357dbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304144
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78117}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/680d3fd..fe2e8aa

Fix broken link to Setup/Teardown section (#1291) (Robert Adam)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/fe2e8aa

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I0a70d832e9ac24565e3876fa80b9d60c5ff92150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304140
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78116}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/26881c1..78cedba

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/e504863..665b74f

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/f51a154..c936d73

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/3e0e32b..e2f3978

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ace6575..11ea35f

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9a4b3998bb75a848af479bedc5df36e3d8cd86f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304139
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78115}

result needs to byte-swapped as it's currently in machine
native order and Wasm requires LE ordering.

Change-Id: I9c1d6752fbdaba18fb7a8d49a9848d04c1a21be8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303954Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78114}

This allows the embedder to determine whether some function has been
called from a destructor.

See discussion in
  https://crrev.com/c/3302810

Bug: chromium:1273928
Change-Id: Icb5d98eff777574488a7d6de5e693c502c2fb53e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303793Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78113}

Fixing a dcheck compilation error missed by
https://crrev.com/c/3302850

Change-Id: I98c7394cbe64d99647656aebd175c8321f53c2de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300927Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78112}

This also fuzzes values of --budget-for-feedback-vector-allocation.
Boundaries for the intervals are the default values in the code.

No-Try: true
Bug: v8:12434
Change-Id: I0a9d7421408a51c717c2edfe0e67c459f0a2834c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303792Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78111}

The CL converts uses of v8::internal::Worklist to heap::base::Worklist
which does not require to know the number of tasks working with the
work list upfront. heap::base::Worklist is the common implementation
for V8's heap and cppgc and should be used/optimized going forward.

Bug: v8:12426
Change-Id: If219edb8c0a8890c7bd0a131b8847b66256fdc21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302799Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78110}

Bug seems to not reproduce anymore as shown by:
https://chromium-review.googlesource.com/c/v8/v8/+/3302803/1

No-Try: true
Bug: v8:10243
Change-Id: Ic892b2c08d917f805ab6893e9dba86d112790abc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302803
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78109}

See crrev.com/c/3277878 for context.

We should only transform extenral to internal function references when
passing a function value to a function-typed global or table. For their
externref counterparts, we should preserve the reference unchanged.

Bug: v8:11510, chromium:1273705
Change-Id: Ic1719c4d31e175f3a37ced6e4e4dfcd61a19ae57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302790
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78108}

This fuzzes more values of interrupt-budget on numfuzz. For now
as a single instance. In a follow up we add it also to combined
flags.

No-Try: true
Bug: v8:12434
Change-Id: I836c5e829ffeabfa4a4686d4d3d2fd43fce1ee88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302797Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78107}

Port commit 098f31f4

Bug: chromium:1052746

Change-Id: I4f9fd952c2ce8b51772eac89d4852d55363d1ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3292352
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78106}