Change-Id: Ibdcd3ed46d7b6ec6aeb637237a9fdb1003bda227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915112
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/10.8.42@{#1}
Cr-Branched-From: a89e10fd-refs/heads/main@{#83389}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7f9e493..bc5a8a1

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5b90d5e..5eb0675

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/082ae7e..40b472e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I7037105e2ff55bcb9183b7b8315e9a93307fd15f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915108
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83389}

Bug: v8:12764
Change-Id: Ib201cad04b339e8193a64bdadf62e5fa9daf1881
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3911377
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83388}

Bug: v8:13311
Change-Id: Ibe6967fe951086689aa9c33e50512f45c4d4c016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909548Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83387}

Holder in 'object where the property was found' sense is different from
the holder object needed for calling API callbacks (see
FunctionCallbackInfo::Holder()).

Bug: v8:13284
Change-Id: I08dd625de6cc7ba33aec8cea4ebe28c884755455
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913285Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83386}

Fixed: chromium:1365101
Change-Id: Ie6f5fa08416348e827de9a389af5d63eba118ceb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909810Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83385}

This is a reland of commit 80fb2815

This CL fixes the signedness of rematerialized Numbers from immediates, which was introduced by the original change. Besides, BigInt truncation to zero bits is lowered to Int64Constant instead of NumberConstant of zero, which will flow into the state values directly.

Original change's description:
> [turbofan] Rematerialize BigInt64 in deopt
>
> This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.
>
> Bug: v8:9407
> Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Qifan Pan <panq@google.com>
> Cr-Commit-Position: refs/heads/main@{#83230}

Bug: v8:9407, chromium:1364319, chromium:1364400
Change-Id: I0b4e077b52f64af46018b6c045893bbd56153f32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899258
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83384}

V8-side implementation for trusted types fromLiteral.

Create a separate JSArray root map for template literal objects to
clearly identify untampered template literals belonging to a given
context.

Given that template literals are frozen arrays with a 'raw' property,
we don't expect additional polymorphism.

Drive-by-fix:
Avoid ValidateElements call in NewJSArrayWithElements.

Bug: chromium:1271149
Change-Id: I327b0fd99a2db3b57d35efa9293ddf2f14e555ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572044Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83383}

This is an unmodified reland of commit 67106ff4
The issue causing the revert should be addressed by commit 8598d770

Original change's description:
> [wasm-gc] JS interop: Do not wrap structs/arrays by default
>
> Bug: v8:7748
> Change-Id: I441fd294bc0f31c0396217bc55c27159abacdbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905725
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83338}

Bug: v8:7748
Change-Id: I3e6a0a33bed4dbc7dd7c311465b25de4f8184894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912763Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83382}

Bug: v8:12783
Change-Id: I09dcdfcf244af830380ca734859a46dd489e3836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909808
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83381}

We set the JSArray's length to the elements's length before,
which is wrong when the elements have the slack part. We could
serialize the correct length and only the actual elements excluding
the slack part for JSArray's elements. And we do the same thing
for the objects to avoid serializing unnecessary elements.

Bug: v8:13304
Change-Id: Ib68e06f409bfcab5c57fb5532e188aa0099d1140
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905061Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83380}

We don't remove the code just yet in case we need to re-enable the
feature. This could be in case we discover workflows not covered by
the "Scope View" and the scopes we report on "Debugger.paused".

R=kimanh@chromium.org

Bug: chromium:1365858
Change-Id: I636cc861af932156944a3f6e0a149cce0f939329
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905185Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83379}

This reverts commit 2a7f86ed.

Reason for revert: Blocking the roll (https://ci.chromium.org/ui/p/chromium/builders/try/mac-rel/b8802346196479466065/test-results?q=ExactID%3Aninja%3A%2F%2Fgin%3Agin_unittests%2FGinShellTest.HelloWorld+VHash%3A46648b293475ce2a&clean=)

Original change's description:
> Reland "[v8] Use |AllocateAtLeast| for resizing v8 zones."
>
> This is a reland of commit 4444874c
> This fixes a failure on the UBSan bots caused by assuming |Realloc| is always in-place if the new size is <= the value of |malloc_usable_size|.
>
> Original change's description:
> > [v8] Use |AllocateAtLeast| for resizing v8 zones.
> >
> > This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
> >
> > Bug: v8:13193, chromium:1238858
> > Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#83235}
>
> Bug: v8:13193, chromium:1238858
> Change-Id: I923bcbce8403dd7d84642340fd7202087b8a4440
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910268
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83372}

Bug: v8:13193, chromium:1238858
Change-Id: I32f9c4701a29c0516e3f587f1c6028e4d4158466
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909358
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83378}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/962a856..7f9e493

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/dea2dd1..b79692f

Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/cec1dd0..a4dc7f1

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/77b82eb..7ff728a

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0a4b3b9..5b90d5e

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/0d126c9..08bb5c4

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/0cb9db1..082ae7e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ifa490129d29a584ce272b0b5102c92dda2d1eeea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910281
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83377}

https://github.com/tc39/proposal-temporal/pull/2260

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-getoffsetnanosecondsfor

Bug: v8:11544
Change-Id: I107372ba883f97c1bf74b96cd0f592d47aa1f359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901199
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83376}

Changes in preparation for incorporating IETF draft
https://github.com/tc39/proposal-temporal/pull/2385

The changes in this CL is needed to implement
https://chromium-review.googlesource.com/c/v8/v8/+/3901196
and several other PR just agreed on TC39

Rename DateRecord => DateRecordWithCalendar
Rename TimeRecord => TimeRecordWithCalendar
Rename DateTimeRecord => DateTimeRecordWithCalendar
Rename DateRecordCommon => DateRecord
Rename TimeRecordCommon => TimeRecord
Rename DateTimeRecordCommon => DateTimeRecord

Bug: v8:11544
Change-Id: I77397363569c15320154fe0b226036f8d6df74a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893552Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83375}

Change-Id: I658c1b781163bcd3ca39bfceb74aef9d255247b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3894795Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#83374}

Blink has shipped import assertions since M91, so it is safe enough to
go straight to shipping here.

Bug: v8:10958
Change-Id: I3256172473a1ae8ce74e7fa63b14137e24568360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3911378Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83373}

This is a reland of commit 4444874c
This fixes a failure on the UBSan bots caused by assuming |Realloc| is always in-place if the new size is <= the value of |malloc_usable_size|.

Original change's description:
> [v8] Use |AllocateAtLeast| for resizing v8 zones.
>
> This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
>
> Bug: v8:13193, chromium:1238858
> Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83235}

Bug: v8:13193, chromium:1238858
Change-Id: I923bcbce8403dd7d84642340fd7202087b8a4440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910268Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83372}

This CL implements collection of garbage in the shared spaces in
the shared heap isolate. GC on such an isolate should now work
correctly without worker isolates. Support for worker isolates will
be implemented in a subsequent CL.

Bug: v8:13267
Change-Id: I30125ce3b791e2faa0504d065f23639d6106e6b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904647Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83371}

Bug: v8:12764

Change-Id: I1b48d4b685d0ce626da99ef5740edc1e1216ddc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3907682Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83370}

Change-Id: Idc2a9019f5b0e67860edd8620a6cb0ed7002b1df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910029Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83369}

The string forwarding table invokes MakeThin even during a GC.
However during a GC we didn't update the invalidated object size for
OLD_TO_OLD because incremental marking was already stopped at that
point.

Change-Id: Ia2f0d2277b59b299c3c8bf5c3febbde634e3ec06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910028Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83368}

- Use non-idle tasks to be able to process finalizers on time.
- Only process finalizers while concurrent marking is still running.

Bug: v8:13294
Change-Id: I1a2812c3fc350ea679c4c916c230cf736f2aa3ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904648
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83367}

Change-Id: Ie5de6f4b7415c67eb77aa4b6e29764c595fca766
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905123Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83366}