Several small optimisations for TranslationArray:

  a) Store opcodes and register codes as unsigned values (no need to
     shift in the sign bit when encoding/decoding). Note that skips over
     register codes will decode them as if they were signed -- this is
     ok since we don't use the skipped value.

  b) Use the static knowledge that opcodes and register codes need 7
     bits to avoid the VLQEncode loop when building (still use a
     VLQDecode when decoding since decode time matters less).

  c) Add a special opcode for "optimized out", instead of using a
     literal, since this will be a common case.

Change-Id: I9758e5b889ecc3f1a3fa4d840867f2a3d481e75f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812040
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82227}

addressing mode, pt.2

Compiler generates the below instructions for compressed pointer:

  [ DecompressTaggedPointer
  movl r8,[r8+0x13]
  REX.W addq r8,r14
  ]
  addl [r8+0x7],0xe6

This CL optimize the pointer decompression by using complex
addressing mode in x64:

  movl r8,[r8+0x13]
  addl [r14+r8*1+0x7],0xe6

Bug: v8:13056, v8:7703
Change-Id: I5beec9803d595d2e97367d53ae4497387e0830fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754285
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82226}

Bug: v8:13116
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_gc_stress_dbg_ng_triggered
Change-Id: I0041fd3820d464e142269c99cdf2d24ea890b286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812041Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82225}

Revert "Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off""

This reverts commit fe327545.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/8615/overview

Original change's description:
> Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"
>
> This is a reland of commit 2055c3b4
>
> Original change's description:
> > [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
> >
> > Bug: v8:13058
> > Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#82213}
>
> Bug: v8:13058
> Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82221}

Bug: v8:13058
Change-Id: Icb621fac3758384e0b04520585f5c998563c1f6f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811289Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82224}

Bug: v8:13058
Change-Id: I2a90e3ef4f4b455d6ece47a809defc975f09e1bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810351Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82223}

Bug: v8:13145
Change-Id: Ie507d3db4ac1d6096ddb12e7d2d8895e18886642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810182Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82222}

Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"

This is a reland of commit 2055c3b4

Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}

Bug: v8:13058
Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82221}

The "Deoptimized function count" displayed in profview tool
should be the sum of deopt-eager, deopt-lazy and deopt-soft.

Change-Id: I42252930c3685f1ca721691f983abb8adeb492e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793469Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82220}

Introduces a CheckSymbol to guard a reference equality for values in an
equality comparison with Symbol feedback.

Bug: v8:7700
Change-Id: Ieb012b292f2d955faf76e485e6636a2d293fa007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811500
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82219}

If the same WebAssembly module gets compiled multiple times, the
compilation result of the first compilation gets reused for later
compilations. With streaming compilation functions get compiled before
the whole module got downloaded, so it cannot be determined if the
currently compiled module has already been compiled or not. Therefore,
to check if the WebAssembly module has already been compiled, we compare
if the hash of the header section matches the hash of any of the already
compiled modules. If so, no function gets compiled until all bytes were
received. Then a full module check can be done, and either an existing
module can be reused, or the whole module gets compiled.

While compilation is avoided after a prefix_cache_hit, decoding still has
to happen. In the existing implementation, validation for lazy
compilation also happened in addition to decoding. This lead to the
problem that validation of lazy compilation could post a foreground task
when an error was detected, and later another foreground task got posted
when all bytes were received to do the full module check. Having two
foreground tasks at the same time violates an invariant in the
AsyncCompileJob.

With this CL we avoid the initial function validation after a
prefix_cache_hit to avoid the task for the error handling. Validation
will anyways happen again if the full module check fails later, or
validation is unnecessary if the full module check succeeds, as the
module has already been validated before.

R=clemensb@chromium.org

Bug: v8:13147, v8:12852
Change-Id: Iae24c056057f3a5dfd2f61accd1f9f0d35412996
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812038
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82218}

In the previous CL
(https://chromium-review.googlesource.com/c/v8/v8/+/3778969), we
executed i::Compiler::Compile regardless of the function has been
compiled or not.  That caused DCHECK failures in the Compile function,
which allows to compile only once.

Bug: chromium:1347319
Change-Id: I240591cbec46dc4fac4028a80a8ba5ab2f05c450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806929Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82217}

This CL fixes a crash when we build the scope chain after re-parsing
for Debugger.evaluateOnCallFrame.

The following script causes the crash:

class A {
  test(){
    debugger;
  }
  f = (x) => {}
}
let a = new A()
a.test()

The current scope search tries to be smart and descends deeper
into the scope tree based on source position. That is not a sound
approach as V8 doesn't guarantee that sibling scopes don't overlap.

In the above case V8 creates an instance initializer scope where
f is assigned (and the initializer scope is the parent scope for
the arrow function). The problem is that the initializer scope
uses the same source range as the class `A` itself, so when we
look for the scope for `test`, we descend wrongly into the
initializer scope and can't recover.

The solution is to not try and be too smart:
  - First, find the closure scope with a straight-up DFS.
  - Once we have that, descend from there and try to find the
    closest fitting scope around the break position.

R=bmeurer@chromium.org, jarin@chromium.org

Bug: chromium:1348186
Change-Id: Ic5e20c4d12b3d768f76a17367dc0f87bcc73763b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807594Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82216}

Revert "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"

This reverts commit 2055c3b4.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20-%20release%20builder/29801/overview

Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}

Bug: v8:13058
Change-Id: I63b86420d12fb4bf0333e9e52b17763c9d80afce
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811498
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82215}

There are a same name field equivalence_id_ in both
BytecodeRegisterOptimizer and RegisterInfo, but one of them is int,
another one is uint32_t, it's better to change them as same type
to avoid addtional or potential type casting.

Change-Id: I509f850d82a9a0fc30168fae83a0bd6565b7000e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811138Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82214}

Bug: v8:13058
Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82213}

Factory::CopyCode was using ProcessBlackAllocatedObject and
WriteBarrierForCode(Code) to handle write barriers for that newly
created code object. But even when used in tandem with each other they
would miss OLD_TO_NEW references in the code object header.

This CL simplifies Factory::CopyCode by letting
WriteBarrierForCode(Code) handle all outgoing pointers of that code
object (not just a subset of RelocInfos) by implementing an
ObjectVisitor. This removes the need for ProcessBlackAllocatedObject.

Since Factory::CopyCode was the only user of
ProcessBlackAllocatedObject, we can also remove all the object
revisiting logic in the main thread marker.

Bug: v8:11708
Change-Id: I7d9b12eb0a76ba41a38efc147f44556ddc941a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810186Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82212}

Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/d115b03..2ba7a48

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0ad6539..664331e

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ba74bc7..5a9c565

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9110def860f4ac6e6bebc3dea81e24254498d3a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812269
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82211}

Add "k <= (x >> n) to (k << n) <= x" reduction to Word64Comparisons.
This can help to reduce the below codes:

  45: Int64Constant[164]
  39: Load[kRepTaggedSigned|kTypeInt32](...)
  40: BitcastTaggedToWordForTagAndSmiBits(39)
  41: TruncateInt64ToInt32(40)
  42: ChangeInt32ToInt64(41)
  43: Word64Sar[ShiftOutZeros](42, 29)
  46: Uint64LessThan(45, 43)

into:

  4530: Int32Constant[328]
  39: Load[kRepTaggedSigned|kTypeInt32](...)
  40: BitcastTaggedToWordForTagAndSmiBits(39)
  41: TruncateInt64ToInt32(40)
  46: Uint32LessThan(4530, 41)

Change-Id: I6ca802c9bb3c941c689ebbcb4ae3072501555266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793464
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82210}

Port dc2d69d8

Original Commit Message:

    Pass WriteBarrierMode to the code object write barrier and DCHECK WriteBarrier::IsRequired when using SKIP_WRITE_BARRIER.

R=dinfuehr@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I356379e0d682e855d1c43f35a7a0d06734f8408b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812036
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/main@{#82209}

While it is not required to invoke the full barrier in this case, we
can invoke the full write barrier which improves verification but also
makes the code easier to understand by relying less on GC
implementation details.

Bug: v8:11708
Change-Id: I4d2f6640bc0efb5b763ccd5ca99e573421be3a06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807592Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82208}

R=ecmziegler@chromium.org

Bug: v8:12852
Change-Id: I69fc153aefa9711fce22a1330b9d24910a467b3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3809812Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82207}

- Update parse processor to use new async log-reader functions
- Fix some typos
- Add more desciptions to the output
- Update bytes and time formatting to use common helper.mjs functions

Bug: v8:13146
Change-Id: Idf58a394aa493b7f50ad5282533c1b6d326117be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810233Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82206}

When calculating the GC collection rate, we assume that the start object
size (before GC) is non zero. It appears that this is not always the
case, not only because of tests that explicitly trigger GC, but also in
Chrome, when the --gc-interval flag is used with a small interval value.

Furthermore, efficiency calculation (freed bytes over GC duration)
assumes that the duration of the GC is non zero. However, if the clock
resolution is not small enough and the entire GC is very short, the
timed value appears to be zero. This again leads to NaN values showing
in metrics and CHECKs failing and has already been fixed for Oilpan
(crrev.com/c/3723499).

This CL fixes these two issues.

Change-Id: I902b2e9740d9750a2b6463a00289625500c4c0d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810393Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82205}

It introduces GetSecondReturnedValue node, which must be added
immediately after a node that calls a builtin that expects 2
returned values.

It simply binds kReturnRegister1 to a value node. Since the previous
node must have been a builtin call, kReturnRegister1 is free in
the register allocator. No gap moves will be emitted between these
two nodes.

Bug: v8:7700
Change-Id: Iddd81ef534a6397bad5682fa1430a94d2075b746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810183
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82204}

Resolve the TODO to avoid the push/pop of the cycle break temporary
value, by keeping track of whether the scratch register currently holds
the temporary value and spill it if the register is needed for stack
slot moves instead.

Bug: v8:7700
Change-Id: If4119e63312bdc2b89987f92328ae646a46543ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810185
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82203}

Bug: v8:7700
Change-Id: I17f0df4e8ddf835af8231c5e06a6ecc416b3bc97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810181
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82202}

Pass WriteBarrierMode to the code object write barrier and DCHECK WriteBarrier::IsRequired when using SKIP_WRITE_BARRIER.

Bug: v8:11708
Change-Id: I457d0fa07e830d6831fb95a4ae9311f6066215e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810171Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82201}

Memory limits are difference on 32-bit and 64-bit systems, so foozzie
finds differences in Wasm execution.
This can be avoided by always setting the same (lower) limit.

R=machenbach@chromium.org

Bug: chromium:1348335
Change-Id: I452d257fd78730b4113bfe67120dbed2e8ba5878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804696Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82200}

Change-Id: Ie78370bd2fb99df62a195da1d0070fd4da8d879a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807853Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82199}

This is a reland of commit 491de34b

co-authors: Ji Qiu <qiuji@iscas.ac.cn>
            Alvise De Faveri Tron <elvisilde@gmail.com>
            Usman Zain <uszain@gmail.com>
            Zheng Quan <vitalyankh@gmail.com>

Original change's description:
> [riscv32] Add RISCV32 backend
>
> This very large changeset adds support for RISCV32.
>
> Bug: v8:13025
> Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82053}

Bug: v8:13025
Change-Id: I220fae4b8e2679bdc111724e08817b079b373bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807124
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82198}

As part of revising MinorMC, it would soon be broken and bots should
not be red because of it.

Bug: v8:12612
Change-Id: I0551d0a115ac2f4fa7fc32190458850f80b84cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810353
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82197}

Fixes a C++20 build break.

Bug: chromium:1284275
Change-Id: I67ee8c94a4ecd0d53101a643ff37c1d1ce0bd512
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803132Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82196}

Bug: v8:7700
Change-Id: I4cb5636acd38319f13d91cbad7d04486346ba74d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805882
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82195}

Change-Id: Ic4266909eef21398377372a18b004e2ba37567e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810192Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82194}

Bug: v8:13116
Change-Id: I76b5e7dfa5e99107fc54722b794bd07ada91152c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810231Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82193}

Revert "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"

This reverts commit 161d7f92.

Reason for revert: 
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20-%20release%20builder/29779/overview

Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: Ie3d4f87080fd1076edff1ee75cb03ee8ea4db505
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788096
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82191}

Bug: v8:13058
Change-Id: I68a4097074150f2cf7cca9c776054dca19597fcc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810611
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82192}

Bug: v8:13058
Change-Id: Ie3d4f87080fd1076edff1ee75cb03ee8ea4db505
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788096Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82191}

This is a reland of commit 4bab7a8e

The reland changes the way how we install the async stack tagging API
on the console object. Instead of using `v8::Object::Set`, we use
`createDataProperty` which is sufficient. With `Set`, arbitrary
JS could run via accessors, which might not be allowed depending on
when the API is installed.

Original change's description:
> [inspector] Enable async stack tagging API by default
>
> R=bmeurer@chromium.org
>
> Fixed: chromium:1334585
> Change-Id: Id79a60bac1731ea9c60654ff15c8e23f958c6e57
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3799431
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82161}

Change-Id: I9b8c8e643705f8f043acac5af14307f2dbdb5a68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3809692Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82190}

Change-Id: I67b6594d7ec5226d54f09954210fe4f6ec4d47b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810172Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82189}

v8::TracedReference is supposed to be used from objects allocated on
CppHeap. Such objects can be in construction during garbage
collection, meaning that they are unable to invoke
Trace(v8::TraceReference) as they have not been properly set up.

It is thus necessary to use conservative tracing to find
v8::TracedReference (backed by TracedNode in GlobalHandle) in
in-construction objects.

Change-Id: I5b4ac6e7805ff7ded33f63a405db65ea08d809ad
Bug: v8:13141, chromium:1322114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806439
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82188}