All --stress-* flags are now automatically tested. This also removes
a superfluous option that was never changed. The default value is
now inlined.

No-Try: true
Bug: v8:13113
Change-Id: If7428b383ed01ff36a93f618badababfc448db26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899259Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83258}

Before adding serialization of tiering information, refactor the
existing code to use a {ProfileGenerator} class. This makes it easier to
add new methods that can use all existing fields (instead of having new
functions that need a lot of parameters).

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I0946cb1d507fde9e6d680ad588ba963c539d1d0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899301
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83257}

Change-Id: Ibd4c958875d777ba5241a6424ab23f8a2d0ac5ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899263Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83256}

Bug: v8:12612, chromium:1364517
Change-Id: Id1e23d0ad0a786a01a432552937e1b6c6494bd9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899120Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83255}

Remove the deprecated OnCriticalMemoryPressure method with receives an
informative parameter.

R=mlippautz@chromium.org

Bug: chromium:634547
Change-Id: I932c3b5030291294dd340362f0b20d374e3067c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780533Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83254}

The number of feedback vector slots is currently stored in the
{WasmFunction}, returned in the {WasmCompilationResult}, and implicitly
stored as the size of the {call_targets} vector in
{FunctionTypeFeedback}.

This CL uses the latter as the source of truth, encapsulated in a new
{NumFeedbackSlots} function. This can be updated when adding new kinds
of feedback that need additional slots.
For now, the implementation of {NumFeedbackSlots} requires taking a
mutex, which we can hopefully avoid when productionizing speculative
inlining. We also take the mutex on every Liftoff compilation, which
adds synchronization between concurrent compilation which we previously
tried very hard to avoid (because it introduced significant overhead for
eager compilation).

As a nice side-effect, this CL reduces the per-function overhead by 8
bytes, independent of enabled features.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I2fe5f7fe73154328032a3f0961e88d068c5d07ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899299Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83253}

This is a reland of commit 10756bea

The reland is mostly unchanged except for changing the name for
the shared large object space. The name should use the same style
as other large object spaces.

The main reason for reverting was fixed in
https://crrev.com/c/3894303.

Original change's description:
> [heap] Add shared spaces for --shared-space
>
> This CL adds shared spaces for regular and large objects in the shared
> space isolate. Spaces aren't used for allocation yet.
>
> Bug: v8:13267
> Change-Id: If508144530f4c9a1b3c0567570165955b64cc200
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876824
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83178}

Bug: v8:13267
Change-Id: I3de586c1e141fb5f7693e2d6972db251b4a4f434
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892950Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83252}

We can't freely concatenate strings in the background because they
could be mutated by the main thread (eg, flattened, internalized,
externalized...).

So, when there is a JSAdd between 2 constant strings, we first checked
if they are "safe" (= internalized, I think), and if so, we
concatenate them at compile time. If they are "unsafe", then we don't.

It turns out that this wasn't an issue with delayed constant strings,
since the content of the strings were never accessed: the actual
concatenations were done on the main thread, where it's safe to do.

This CL fixes that for most cases:

  - if the strings really cannot be read from the background, but the
    length of their concatenation is more than ConsString::kMinLength,
    then we create a ConsString.

  - I added a set to record which strings we created in the turbofan:
    those strings can safely be accessed from turbofan regardless of
    their type.

The only case where delayed constant strings could be a bit better is
when there is a concatenation of 2 small non-internalized string,
because right now, we wouldn't fold it. Still, it should happen very
rarely, if ever.


Bug: chromium:1359941
Change-Id: I651b834273de89f1e3c60654094a4606dd9c62f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891252Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83251}

This moves the existing PGO code to a separate cc file with a separate
header. As the implementation will be further extended in follow-up CLs,
it's better to have it separated.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I7b7b5bf9c8d3d542dae734f3874499dccee152a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899321Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83250}

Resolve a TODO to remove cached template objects from the template cache
which have a cleared weak pointer to the template object. Requires a
little bit of awkward code to handle the "head is dead" case, but OTOH
the implementation cleans up the second Lookup of the head.

Bug: v8:13190
Change-Id: I31a8d8ab77e04c8496a2cacb6154f2ee84d6a795
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899257
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83249}

The cached template object weakmap shouldn't be updated when we update
an existing cached template object, because this update can truncate the
linked list of cached template objects.

Bug: v8:13190
Change-Id: Icea61fcbd5c05d4293a884d1872523ddcdfc3323
Fixed: chromium:1364429, chromium:1364471
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899256Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83248}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I417eee6311fadef9b60043cfc9a42926859c7ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899304Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83247}

This is a reland of commit 0a1f0e33

Changes since revert:
- Deferred label for loading from forwarding table.
- Check if hash is computed instead of checking if it is a forwarding index.
- Retreive hash from forwarding table only if hash is assumed to be computed.

Original change's description:
> [strings] Fix raw hash lookup for forwarded strings
>
> Raw hashes may need to be looked up via the forwarding table when
> internalized strings are forwarded to external resources. Notably, the
> megamorphic ICs were not correctly fetching the raw hash.
>
> Bug: v8:12007
> Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83115}

Bug: v8:12007
Change-Id: Ia88ed51a49c62170bc960b8f69673bb1e59a6009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888057
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83246}

This reverts commit 80fb2815.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1364400

Original change's description:
> [turbofan] Rematerialize BigInt64 in deopt
>
> This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.
>
> Bug: v8:9407
> Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Qifan Pan <panq@google.com>
> Cr-Commit-Position: refs/heads/main@{#83230}

Bug: v8:9407
Change-Id: I77d278ce302621db03b787318641709780348cc8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901814
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83245}

A recent refactoring changed the behavior of dropping/keeping
results after test execution. The numfuzz loop has previously
treated all results as analysis results, as it expected that others
are dropped. After keeping all results, the second round invalidated
the analysis results and the test loop stopped early.

We now add an additional safeguard that ensures the received result
is indeed associated with an analysis run and do not depend anymore
on result presence/absence.

This also adds all analysis-based instances to the test cases.

No-Try: true
Bug: v8:13295
Change-Id: Ic1ede904d279a0c2b318ec997e7c77542dbc75bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901812Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83244}

This improves the num-fuzzer system test. Previously, the test
didn't actually start up the main functionality of num-fuzz and
executed 0 tests. Now several of the production fuzzers are used to
run fake test cases. The overall timeout signal, used to
stop numfuzz, is mocked with a counter. The observer signals via the
event method that would have caused the hang fixed in:
https://crrev.com/c/3891373

No-Try: true
Bug: v8:13113
Change-Id: I47d17c1fa2099474079acaad5640228d8c454eb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893807Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83243}

Bug: v8:11111,chromium:1362487
Change-Id: Ifc7649ec945a0cb13e02c52a47f8ab68fa8ab848
Fixed: chromium:1362487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890915Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83242}

Do it conditionally only when young-gen is enabled.

Change-Id: I1bd8ed49302b9e2aef0a60ed7831de9ec1cbe276
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899308
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83241}

Myers algorithm for live edit diffing has been enabled since 10.6
without any reported problems, so we can safely remove the dynamic
programming approach with 10.8.

R=kimanh@chromium.org

Bug: chromium:1205288
Change-Id: I95c26c11e949b8c36a0b6abd54859b3936933e9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901811
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83240}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ccee528..b001130

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/040e851..813d569

Rolling v8/buildtools/linux64: git_revision:fff29c1b3f9703ea449f720fe70fa73575ef24e5..git_revision:e70d8c3d5620bc0ddcbad23a36b1b26f815ca90a

Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/c1e647c..e2f63a1

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0d1854a..c067655

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/5e4d749..dca14bc

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220914.1.1..version:9.20220915.2.1

Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/f48cb14..7d7ed92

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/12149f2..c3b78bc

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie381cd91ebf11d348beed4fdcc099292aa7ef3b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900398
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83239}

Now that we have all useful flags on the API side, use to them.

Bug: chromium:1056170
Change-Id: Ia849b0925a2b2c10ace30b6c2b6871bd3572da31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899306
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83238}

This reverts commit 4444874c.

Reason for revert: CHECK failure under UBSan
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan%20-%20builder/5103/overview

Original change's description:
> [v8] Use |AllocateAtLeast| for resizing v8 zones.
>
> This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
>
> Bug: v8:13193, chromium:1238858
> Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83235}

Bug: v8:13193, chromium:1238858
Change-Id: I03c8c1ad7bb1cd20770323bffe1c42a4be47c454
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900814
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83237}

Need to reset tzi_xxx and calendar_xxx in parser state if the
post-condition of CalendarName and TimeZoneIdentifier is not met.

Bug: v8:11544
Change-Id: If2df6c8fc8cf2418ddd5443abab02066d423a0c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893554
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83236}

This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.

Bug: v8:13193, chromium:1238858
Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83235}

This CL introduces a new LookupIterator state WASM_OBJECT, and updates
all switches that need to handle it.

Bug: v8:7748
Change-Id: Ie3359aed2d37f5a6854e5577fa3799f0464391e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865559
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83234}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I06e12314495c2d89135e58e5d3a01310f108e865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899303Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83233}

The split is rudimental and now is not needed at all:
- as part of the shared-cage effort we added HeapHandle pointer to the
  BasePageHandle class (on the API side);
- for the value-full barrier we get HeapHandle from bitmasking the
  value;
- for the value-less barrier we get it from the callback provided by the
  caller.

The CL entirely removes the split and uses the single
BoundedPageAllocator. A minor note: the conservative stack scanning can
become sligthly more expensive.

Bug: chromium:1361582, chromium:1325007
Change-Id: I2a8aded3dd12037998f36341c68af8e23b0dcd88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899320Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83232}

Since enabling the sandbox is now required for example for mkgrokdump,
add it to the default gn args. Also treat non-sandbox builds as
"non-shipping" in mkgrokdump.cc

Bug: v8:13281
Change-Id: I08042aa53057e25c556e166c059373e2fdb9d2c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899317
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83231}

This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.

Bug: v8:9407
Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#83230}

When ETW Events are enabled with the --enable-etw-stack-walking flag
we should not also enable the --interpreted-frames-native-stack by
default.
Showing the interpreted frames on the native stack is quite expensive
since it involves mulltiple copies of the interpreter trampolines, and
it's not always necessary to profile JS code, so it should be enabled
when necessary with a separate flag.

Bug: v8:11043
Change-Id: Id2d779e7fcac9b626f9da2e0c77edf9c30f853df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893601
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83229}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=cbruni@chromium.org

Bug: v8:12887
Change-Id: I7e828480e9cc919609dac69df89315c6fdc82dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899296Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83228}

Bug: v8:7748
Change-Id: I74041f23ac64a3e509d82f84b4a710d23bbecbaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893859Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83227}

Inner pointer resolution, to be used in conservative stack scanning,
assumes that all pages registered with the memory allocator are
iterable. Until this CL, this was not the case for pages that were
owned by the young generation semispaces but were unused. Such pages
are either in the "from" semispace, or in the "to" semispace but have
not yet been used.

This CL ensures that all pages owned by the young generation are iterable. It also adds tests to verify that inner pointer resolution
works correctly for unused young pages and for pointers above the
page area.

Bug: v8:13257
Change-Id: Ieff7cc216853403e01f83220b96bf8ff4cdea596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885893Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83226}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jkummerow@chromium.org

Bug: v8:12887
Change-Id: I5bd5faaac89185c5f40b0eabb01f9b678f791498
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898934
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83225}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=marja@chromium.org

Bug: v8:12887
Change-Id: Ie0106ceb521a775c7660d369cdb15763e9264149
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898932Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83224}

Change-Id: I83b2181323b311fb6994c6d2bed731357079ec1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892060
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83223}

Also add a DCHECK to prevent this stupid mistake in the future.

Bug: v8:13190
Fixed: chromium:1363969
Change-Id: Ieb855ccfb42a1a6d84798eb09721d454c355935f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899313Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83222}

Change-Id: Ie338d4ecb1bcad09e0278dbceb2e21c7b9722d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899212Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83221}

Cached template objects only need to be cached for reference identity
comparisons. If there is no strong reference to the cached template
object, then there's nothing to compare it against if it were to be
loaded from the cache, so we can hold it in the cache weakly.

Bug: v8:13190
Change-Id: I4a787eb33eab734fe9df6c424ff915d775fce70f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898692
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83220}

Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=thibaudm@chromium.org

Bug: v8:12887
Change-Id: Id2f457a1c0056d5015e2f9983d4599582d7189cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876185Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83219}