Change-Id: Ia2cf7a509736ef6a9400b81a5726c717ac3c82b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763869Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81768}

Bug: v8:7700
Change-Id: I0fb6de81c924e8200bd0c3117e3bf08e0365d939
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764346
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81767}

Also sort the owners entries.

No-Try: true
Change-Id: Ie59dcd47bdf1e644cef9f1dc96201bdc1fcfdd38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769686Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81766}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/1531ee0..48c2d1c

Expose google_benchmark.State for python bindings. (#1430) (Ross McIlroy)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/48c2d1c

Suppress nvcc `offsetof` warning (#1429) (Cezary Skrzyński)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/4efcc47

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I758c48c4c5c061d980026f298531bb5d09e1f78d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767890Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81765}

No-Try: true
Bug: chromium:1292013
Change-Id: I5e30116230d88f2f38d20451735c5713691f2af2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521791Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81764}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5c74423..679de1e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0e93dc6623c0bb15e9bb603bc8aae4e0362d6c44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767889
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81763}

Baseline compiler generates instructions for bytecode JumpLoop with
the below layout:

  [OSR Check Armed]
  [OSR Handle Armed]
  [Jump Loop Header]

This CL advances [Jump Loop Header] and the layout will be:

  [OSR Check Armed]
  [Jump Loop Header]
  [OSR Handle Armed]

This can reduce the sizes of loops in baseline code.

Change-Id: I0a3996fddffd33caaef965c05f5c2593ad8951bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3759947Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81762}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/84a5cd0..5c74423

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0df2e2bc9e6b0480a63b52cfe0d5e933a06aaa70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767886
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81761}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/39eb47b..84a5cd0

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I5ecd049de24372eae11805995578512b22e5dba0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3766879
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81760}

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8805677..1240e97

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/26bc518..8168f76

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I3f652ae4921ec21a276a82429dc231f2f1231b9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3766878
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81759}

- Avoid adding an Invalid type that can never be reached during
  traversal;
- Expose class names as object names;

Bug: chromium:1321620
Change-Id: Ie3d9f78d97703535ecf67d56235d564ab6a9a7e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763866
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81758}

This CL refactors simd load/store to accept a scratch register
which will be used in macro-asm.

LE enforced versions of them is also introduced.

Change-Id: I97f4f4870d7889204b1d42cf50de85e234ecae36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3765514Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81757}

Change-Id: I2fbeeb9e7c64fe6597069e5b23e57a0fef0063a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3765512Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81756}

Previously these values weres stored only in the Code object associated
with the embedded builtins.

Bug: v8:11880
Change-Id: I8adf3f654c5c729a8cb58fc6941999b4c251896a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764442
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81755}

Currently the same reduction is used for both TypedArray's and
DataView's byte{Length,Offset} accessors. But their behavior differ on
detached buffers: TypedArray returns 0 while DataView throw.

Do not do the optimization for DataViews if we can't depend on the
detach protector.

Bug: chromium:1344549
Change-Id: I38b533a62f756869380cb5c19fe254e03979e81a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763785Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81754}

By about 10x-20x depending on platform and configuration.
Shorter test strings make the set of all possible substrings
considerably smaller.

Fixed: v8:13074
Bug: v8:12868
Change-Id: I46ae94fbcba43080d06b1b825feae6b2acf819d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763861Reviewed-by: Andy Wingo <wingo@igalia.com>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81753}

Move everything past the Smi check and "pointers-from-here" check in the
write barrier into deferred code. This matches what TF does for
kArchStoreWithWriteBarrier.

Bug: v8:7700
Change-Id: I869e6d5c85c01a3e265abca6cfa6f86066c1ab96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764443Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81752}

For prototype loads from strings, we require an access check, since
string maps are shared between native contexts. This makes our prototype
constant load optimisation bail out to a generic load.

We can, however skip this check given the knowledge that this is a
prototype load from a primitive, and instead emit a string check. We can
also be a slight bit more tolerant of multiple different string maps,
same as TF.

Bug: v8:7700
Change-Id: I4ad858cadea68246f903443d19fa6cdd65a14564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762576Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81751}

This CL refactors the implementation of inner pointer resolution, based
on the marking bitmap. MarkCompactCollector::FindBasePtrForMarking has
most of its code that processes the marking bitmap moved to a utility
function FindPreviousObjectForConservativeMarking, which iterates
backwards to find the closest previous object on the page that has been
marked.

Bug: v8:12851
Change-Id: I980ac5712d8b1df792196d77edb9526ca2e13e2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3758227Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81750}

Assembler::CheckBuffer() was defined inline in a header file but without
inline linkage, causing an undefined symbol link error on arm64 macOS.

Fixes: https://github.com/nodejs/node-v8/issues/233
Bug: v8:13055
Change-Id: Ifb638705e95de72b2e8d472e7092e88d77cf8ba8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749583
Auto-Submit: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81749}

Add the build flag `v8_enable_pointer_compression_8gb` which will enable
aligning all alocations to at least 8 bytes, instead of 4. The build
flag will affect tagged values (Smis and compressed pointers) that are
now aligned to 4 bytes. This new alignment is needed to support larger
V8 cages, with sizes of 8GB and larger.

Bug: v8:13070
Change-Id: I15fe1e0c8e0a105e831b756f502a4fcbf72f45a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757891Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Teo Dutu <teodutu@google.com>
Cr-Commit-Position: refs/heads/main@{#81748}

Change-Id: Ica7e51e8d3e2d41edb0ad98b77e5213fb5f6515a
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763864Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81747}

As sandboxed pointers are now default-enabled when the sandbox is
enabled, it is no longer possible to deactivate the sandbox at runtime.
This CL therefore removes all the logic that was required to support a
sandbox that could be disabled at runtime, moves the initialization of
the sandbox into V8::Initialize, and deprecates V8::InitializeSandbox.

This change also makes the sandbox initialization deterministic if
FLAG_random_seed is supplied.

Bug: v8:10391
Change-Id: Ibd49f7c251b7c58c642f18a551ecc2c391740970
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762583Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81746}

Raw data access is already possible via GetBackingStore()->GetData().
This API exposes a more efficient way for accessing
JSArrayBuffer::backing_store (which, despite the confusing name, is no
the BackingStore but its raw data pointer).

Bug: v8:10343
Change-Id: I695cea91e2c3de75ce6c86bac6e413ce6617958b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764341Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81745}

Bug: v8:7700
Change-Id: Ia8a924d4254deb6782774b882b0abbc6e3f48fb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762568Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81744}

Bug: v8:7700
Change-Id: I2cfb80046798e77f4392f16ebb8b3e89632d3da4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762570Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81743}

Duplicate the logic of trying to build Int32 comparisons to also try to
build Float64 comparisons if preceeding a branch. Also, make sure to do
the opposite (emit a tagged value) for the internalized string compare
case.

Bug: v8:7700
Change-Id: Ib34761fa0fdc26d4ad9b6adb960b0b17ec8e1f21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762582Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81742}

After last refactoring of ETW generation, I introduced a regression
in the method that checks when SourceLoad should happen, and
reverted the condition used to know if a new SourceLoad should
happen.

Bug: v8:12932
Change-Id: I69f5d0700f6af9b124bb0f55750c8d91e56e9e0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762585Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81741}

In this part: every, some

Bug: v8:11111
Change-Id: I2fbaf352606a47b7e6b0708589775656b83366c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762572
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81740}

In this part: map

Bug: v8:11111
Change-Id: I1fa9aa7ca78e8023242e75b61e8ec6b1902ccd84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762571
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81739}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/142c351..39eb47b

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/34f9ff8..5cee6a2

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If842e0931383d7ea97eea30b7dfe1bdca6cd1226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763639
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81738}

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/3007992..b954e3e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e8f62ff..8805677

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/c8fadda..26bc518

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220713.2.1..version:8.20220713.3.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8034f6934df62aee8b921e1b33eaac41075884cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763638
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81737}

Change-Id: I7a06701ddbd94a0df175b1b5a4c99d01a316b816
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763783Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81736}

This reverts commit e2066ff6.

Reason for revert: fails tests on GC stress bot:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/42868/overview

Original change's description:
> [shared-struct] Add Atomics.Condition
>
> Bug: v8:12547
> Change-Id: Id439aef9cab3348171a23378cdd47ede5f4d7288
> Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630350
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81734}

Bug: v8:12547
Change-Id: I237b744e5be8725cbe41ca73076d951018ca80a0
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763784
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81735}

Bug: v8:12547
Change-Id: Id439aef9cab3348171a23378cdd47ede5f4d7288
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630350Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81734}

This CL adds a new vector scratch reg to PPC (v15)
and uses it during Simd swap operations.

Functions are also changed to accept scratch registers
as input.

Change-Id: I0220504ddf154148d2b83207b42ab2b7a794698c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763863Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81733}

The header is only slightly refactored:
* function names are slightly shortened,
* global functions and enums are converted to static methods and enums
  of a MemoryProtectionKey class.

This is a first step towards adding PKU support for V8 code space.

Bug: v8:13023
Change-Id: Iebcb075b07286d18d6834fbcf6697327f08c9f50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762584Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81732}

This reverts commit 543b54da.

Reason for revert: Causes crashes on Android due to TBI: https://crbug.com/chromium/1344581

Original change's description:
> [sandbox] Sandboxify Foreign external pointer
>
> Bug: v8:10391
> Change-Id: I4c5c209454db316fe86f379f6b2e6dfc7ba7754e
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757340
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81703}

Bug: v8:10391
Change-Id: I88899def209c592cd353dd4ed81003f1bbb7a760
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764440
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81731}

This reverts commit 8218c061.

Reason for revert: compile failures, e.g.:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release%20builder/11040/overview

Original change's description:
> [wasm] Reset PKRU before spawning new threads
>
> We sometimes hit the DCHECK in the wasm code manager:
>   DCHECK_IMPLIES(writable, !MemoryProtectionKeyWritable());
>
> This is because we spawn new threads while having a
> {CodeSpaceWriteScope} open. In the case of PKU, this changes the PKRU
> register to allow writes to the code space, and the value of that
> register is inherited by any new thread. If this thread then tries to
> switch to writable code spaces, it hits the DCHECK. It would hit a
> similar DCHECK when trying to execute code.
>
> We fix this issue by temporarily resetting the PKRU register to
> non-writable while we call the {NotifyConcurrencyIncrease} method. This
> is not a very robust solution, as any new call that potentially happens
> inside a {CodeSpaceWriteScope} needs to do the same, but refactoring the
> code to avoid spawning new threads while being in writable state would
> be a lot of work with other downsides.
>
> R=​jkummerow@chromium.org
>
> Bug: v8:13075
> Change-Id: Ibc7270aa597902dc6d9649cb6bcdfce8b1a9bafc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762579
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81729}

Bug: v8:13075
Change-Id: I235e7263856a37cf0f4aa1c27493aac8e6db7910
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763587
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81730}

We sometimes hit the DCHECK in the wasm code manager:
  DCHECK_IMPLIES(writable, !MemoryProtectionKeyWritable());

This is because we spawn new threads while having a
{CodeSpaceWriteScope} open. In the case of PKU, this changes the PKRU
register to allow writes to the code space, and the value of that
register is inherited by any new thread. If this thread then tries to
switch to writable code spaces, it hits the DCHECK. It would hit a
similar DCHECK when trying to execute code.

We fix this issue by temporarily resetting the PKRU register to
non-writable while we call the {NotifyConcurrencyIncrease} method. This
is not a very robust solution, as any new call that potentially happens
inside a {CodeSpaceWriteScope} needs to do the same, but refactoring the
code to avoid spawning new threads while being in writable state would
be a lot of work with other downsides.

R=jkummerow@chromium.org

Bug: v8:13075
Change-Id: Ibc7270aa597902dc6d9649cb6bcdfce8b1a9bafc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762579
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81729}