Port 06af754c

Original Message:
  .. for more efficient access to builtins from generated code.

  Root-relative accesses tend to be faster and produce more compact
  code when the root-relative offset is small. IsolateData contains
  a few large tables (roots, external references, builtins), resulting
  in very large offsets in general.

  This CL starts by splitting the builtin table into tiers: tier 0
  is a minimal set of perf-critical builtins that should be cheap to
  access. The offset to tier 0 builtins is guaranteed to be small.

  The full builtin table also remains in IsolateData for occasions in
  which we need to lookup builtins by index.

  In future work, we can also split external references and roots into
  tiers.

  On x64, this reduces deopt exit sizes from 7 to 4 bytes and from 12
  to 9 bytes (dynamic map checks / EagerWithResume deopts).

Change-Id: I021d60b20b783da170987ffcf0327b93206f7e5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172917Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76967}

The shipping version was incorrect in the original CL.

R=ecmziegler@chromium.org

Bug: v8:7581
Change-Id: Ib382cdacb8f6aa80718e6917b535c026b83d88cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172766Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76966}

The function index encoded into the serialized module is already offset
by num_imported_functions. For lazy compilation, however, we added the
number of imported functions another time, which was incorrect.

R=clemensb@chromium.org

Change-Id: I56380e21e74b4d1935ebdbab6ef8cc388de49f2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172761
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76965}

Conditions are usually used in binary comparisons, and are named for
that purpose. When used in a unary comparison, {kEqual} means "equal to
zero" and {kUnequal} means "not equal to zero". This is noted in several
comments in {LiftoffCompiler}.

This CL introduces the alternative names {kEqualZero} and
{kNotEqualZero} to avoid the repeated comments and increase readability.

R=thibaudm@chromium.org

Bug: v8:12244
Change-Id: I720a3d91ea95a26a38a48c68161f1b0552937cd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172763Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76964}

Change-Id: Ibb8de6e2df6eaee5413d9d6b197a9490dfa8ff07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172756Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76963}

Change-Id: Ibcfdfa7c6f8e5c13f6f2a5098fc7fde4fa15f3c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172757
Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76962}

Useful for debugging errors

Change-Id: Ibab5acec4a8e927262dbc12d5d4cc4cd27ebf0ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172754
Auto-Submit: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76961}

Spec tests were fixed in the meantime.

R=ecmziegler@chromium.org

Bug: v8:7581
Change-Id: If8e192ea94f9908ec469ebd5ccd876f51e4ea6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3167492
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76960}

No-Try: true
Bug: v8:11880
Change-Id: If16fe503a7fda39ccbec745d6c75959e7d2f5433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172755
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76959}

Most call signatures are small enough to keep them on the stack. This CL
adds a little optimization to avoid two Zone allocations for such small
signatures (and one in the general case).

R=thibaudm@chromium.org

Change-Id: I20ea7b77bfe8f1c86f8aa66450baa3561d564de1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168279
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76958}

The fix is released now, so we can add the tests to the public repo.

R=ahaas@chromium.org

Bug: chromium:1239116
Change-Id: Ie1489f6bcd934f84222b4631921475c389f778dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172752Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76957}

Use <iosfwd> where possible, in particular in public headers
(include/v8-*.h).

R=cbruni@chromium.org

Bug: v8:11879
Change-Id: I9d6095e6385229763d667f5064a794d67952b2b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160517Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76956}

Bug: chromium:1228407, chromium:1234764, chromium:1234770, chromium:1247763
Change-Id: I1e8ffaa04eeda22b71ece2f59038e5c92861fde0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172751
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76955}

This CL sets the prototype for the other WebAssembly API objects,
Module, Instance, Table, and Memory.

For Instance, the WebAssemblyInstanceImpl function got inlined, as
there was only one caller, and it made setting the prototype
complicated.

R=jkummerow@chromium.org

Bug: v8:12227
Change-Id: I93b459d69b917b099b27f957fb0e04b7e021bd59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168282
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76954}

This adds a few DCHECKs to ensure that the process-wide memory
protection key is not writable (per thread) in a few strategic places:
- Before switching it to writable (which implicitly checks the initial
    state),
- when entering compiled code, and
- in the explicit unit test.

R=jkummerow@chromium.org
CC=mpdenton@chromium.org

Bug: v8:11974
Change-Id: I6037f599afe9009d5e48794eb382eb1979f3ce9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3165060Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76953}

It didn't take the recently added
--stress-concurrent-inlining-attach-code feature into account.

Bug: chromium:1250547
Change-Id: I657b030308158353b72b9b38db7909a1e4190b6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171153
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76952}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/713b917..0baacde

Update policy to match reality (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/0baacde

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I84c57d1fba5010c878abf79010c508c5516d121a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171724Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76951}

Rolling v8/third_party/aemu-linux-x64: 17S2VQDv3RUfAsW4s0c53HyKMVsd-i_1DocJS0aHWu4C..bOp0PE8R9VUQxsHclvuA10P4iOaWjRRpsK8ZQKtAZCAC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fb69904..8ec776f

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6550ec9..c1fd44b

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I990498d25f3d74d37050a37ab98be3d8bb68d722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171721Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76950}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ae8cb5d..1037128

Rolling v8/third_party/abseil-cpp: https://chromium.googlesource.com/chromium/src/third_party/abseil-cpp/+log/6569bfc..48418f3

Rolling v8/third_party/android_sdk/public: ZT3JmI6GMG4YVcZ1OtECRVMOLLJAWAdPbi-OclubJLMC..yODElY4RdHopNEfpOnqjRcrpa6JMzbhYYqGD53-DjJwC

Rolling v8/third_party/android_sdk/public: qi_k82nm6j9nz4dQosOoqXew4_TFAy8rcGOHDLptx1sC..g7n_-r6yJd_SGRklujGB1wEt8iyr77FZTUJVS9w6O34C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fa2350f..fb69904

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cf9d643..6550ec9

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/6f44cf5..7ea32d7

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Id62cd6c728dcc4bfc422632afdf47cef3db2bee1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171717Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76949}

At least for the initial rollout, we will gracefully handle cage
reservation failures by shrinking the size of the cage until the
reservation succeeds or the size drops below the mimimum cage size. This
will allow collecting statistics on how often cage reservation failures
occur in practice for different cage sizes, which will in turn influence
the decision on how to handle them in the future.

Bug: chromium:1218005
Change-Id: Ica58951ba51ac01bc2c387b34dfc8d9051ed4d75
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168347Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76948}

.. for more efficient access to builtins from generated code.

Root-relative accesses tend to be faster and produce more compact
code when the root-relative offset is small. IsolateData contains
a few large tables (roots, external references, builtins), resulting
in very large offsets in general.

This CL starts by splitting the builtin table into tiers: tier 0
is a minimal set of perf-critical builtins that should be cheap to
access. The offset to tier 0 builtins is guaranteed to be small.

The full builtin table also remains in IsolateData for occasions in
which we need to lookup builtins by index.

In future work, we can also split external references and roots into
tiers.

On x64, this reduces deopt exit sizes from 7 to 4 bytes and from 12
to 9 bytes (dynamic map checks / EagerWithResume deopts).

Bug: v8:12203,v8:8661
Change-Id: I5a9ed22b0e00682aca1abcf15892ae1458dbdd70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162142
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76947}

This is a reland of 5dde281c,
after also fixing the ic-migrated-... test, in which an object died
too early.

Original change's description:
> [compiler] Fix a few test flakes and reenable the tests
>
> Bug: v8:12173
> Change-Id: I2983be9133f8ff4d1740e8eba05a3c29d603dfc3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168270
> Auto-Submit: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76939}

Bug: v8:12173
Change-Id: If385e5c826b8470ef67f12705c5171f330f6cd57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171353
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76946}

When dst != lhs, we moved lhs to dst, but dst can be == rhs, so we would
overwrite rhs, and end up comparing lhs with itself, always returning
false. We handle the different aliasing cases in the macro-assembler
function I64x2GtS, to simplify the checks in Liftoff a little bit.
TurboFan does not need to change as it will require dst == lhs when AVX
is not supported.

Bug: v8:12237
Change-Id: Icefa6eb79083c003e93dbbd11ccc419aae4b15d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169312Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76945}

We move some instructions from the test that just disassembles them, to
the test that checks for expected output.

Bug: v8:12207
Change-Id: I913237427d795ed44539c7294ebbe69330c41dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163278Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76944}

This is similar to x64, these SSE operations take 2 operands, and their
AVX version also takes 2 operands.

Bug: v8:11879
Change-Id: I98885a7b69f3b61ee89e713b5d7cf2f4fd2406db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169315
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76943}

Copy the initial allowlist (and banned list) from relevant entries in
the Chromium guidelines.

Change-Id: Id22566ffe97e36f0c139d05218e94448f10a790f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168281
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76942}

This reverts commit 5dde281c.

Reason for revert: Test still fails on gc-stress: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/19821/overview

Original change's description:
> [compiler] Fix a few test flakes and reenable the tests
>
> Bug: v8:12173
> Change-Id: I2983be9133f8ff4d1740e8eba05a3c29d603dfc3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168270
> Auto-Submit: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76939}

Bug: v8:12173
Change-Id: I402982540d6a06dc1ca8bbd87ae5f58a000f0c1a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171352
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76941}

Change-Id: I296b7e2012bc8b1a141a382793b977e67ebf2a97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168343Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76940}

Bug: v8:12173
Change-Id: I2983be9133f8ff4d1740e8eba05a3c29d603dfc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168270
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76939}

No-Try: true
Bug: v8:11006
Change-Id: Ie2758849fcb8b19ae34289d3e762094b062f2a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168644Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76938}

See the issue for details.

Bug: chromium:1237821
Change-Id: I847229c3d0a5435f956c97a621991915aafdd4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171156Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76937}

Bug: chromium:1250660, v8:7790
Change-Id: If96ab8879f54549b3b3d92ef2b1c13344dca17b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171154
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76936}

We add table.copy operation to the fuzzed module.

Bug: v8:11954
Change-Id: I7f584335b977ae9bf46f13cb8ddacdcce0824291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168275Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/main@{#76935}

Make GetValueType to generate only function signatures
to avoid default values in new_object.

Bug: v8:11954
Change-Id: Ia6ebdde0a9c10c56afef29d6db3b3266816210e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158222Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/main@{#76934}

When loading the code object entry, we can do a little bit of strength
reduction to avoid a sign extend, `tst` and `lsl` instruction,
especially given Code::IsOffHeapTrampoline::kMask is a single-bit mask
we can use `tbz`.

Change-Id: I89fcd64cb517bf1ba8b43c05e9a784a9237889d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168274Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#76933}

... and move methods that use XXX::cast() there.
This will untangle the include cycle that'll happen in a follow-up CLs.

Bug: v8:11880
Change-Id: Iba46bc9b0e0df9530197f57d0469456eb9006e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164456Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76932}

We add support for array.get, array.set and array.len operation to the fuzzed module.

Bug: v8:11954
Change-Id: Ic8fd89ec7f7f31e70a40bad831567e50ae49f668
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168624Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#76931}

Change-Id: Ie07e626900f8fc8218944be2b33da6fc109adf92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168273
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76930}

This is a reland of b7355768
Issue was fixed with https://crrev.com/c/3165058

Original change's description:
> [x64][ia32] Activate Argument Count Consistency
>
> Activate argument count consistency (receiver is always included in
> JS argument count) for x64 and ia32.
>
> Bug: v8:11112
> Change-Id: If60000b6566846c84f1042473d25d79bf5c86a9d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160198
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76838}

Bug: v8:11112
Change-Id: I7968525dce2d36f94b7c8d066b0729969c55c6fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171151Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76929}

This means we don't need to copy over properties, and accessors stay in
place similar to when we deserialize a custom snapshot.

This slightly changes the semantics of Context::New, so let's see
whether someone depends on this behaviour. We may need to revert if so
(hopefully until we can update the embedder).


Bug: v8:12113
Change-Id: I8325480a00bab5b2bb6ea42274e295b0d4dfc85c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162143
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76928}