Currently, OSB can not be safely accessed if sweeping is in progress.
This can, however, be easily lifted with atomic stores.

Having the consistent bitmap is needed for the generational barrier for
source objects (to retrieve the source object beginning).

Bug: chromium:1029379
Change-Id: I5fb8db579f881ddf240ce68ad51fa8264ee645dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545071Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79606}

It's hitting unimplemented code paths.

Bug: v8:11111, v8:12731
Change-Id: Icbffced6cbe207426363daa5f3b9ff5677b58b6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548816Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79605}

This reverts commit 9c3d4b35.

Reason for revert: This is not the right fix (see bug).

Original change's description:
> [super IC] Fix receiver vs lookup start object confusion
>
> Bug: v8:9237,chromium:1308360
> Change-Id: I11e3c14a6cecb9d88a834711fb6252191494d5f7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545172
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79571}

Bug: v8:9237,chromium:1308360
Change-Id: I0efa6ab561482ffc323b63500acfeb80598f3e7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548896
Auto-Submit: Marja Hölttä <marja@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79604}

- When the property being defined with DefineKeyedOwnIC or
  DefineNamedOwnIC already exists, we should use the slow path to
  check if the operation is allowed in case the property is
  non-configurable or Object.preventExtensions() has been called on
  the property.
- Since KeyedStoreIC:Store() reuses StoreIC::Store() when the key is a
  name, we should use Runtime::DefineObjectOwnProperty() for
  DefineKeyedOwnIC too.
- When dealing with public fields, Runtime::DefineObjectOwnProperty()
  should use JSReceiver::CreateDataProperty() instead of
  Object::SetProperty() for the specified semantics. This patch also
  adds JSReceiver::AddPrivateField() for it and StoreIC::Store to
  define private fields without triggering traps or checking
  extensibility.
- To emit a more specific error message when redefining properties
  on non-extensible objects, Object::AddDataProperty() now also takes
  a EnforceDefineSemantics enum to distinguish between set and define.
- Drive-by: fix JSReceiver::CheckIfCanDefine() which should check for
  extensibility even if the configurability check passes.

Bug: chromium:1259950, v8:9888
Change-Id: Ib1bc851ffd4b9c3a0e98cac96dafe743c08ee37e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3517934Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79603}

Remove StoreToFrame and the general diff encoding for checkpoints, and
instead make all Checkpoints immediately copy the live part of the
interpreter frame state.

This means that we don't need to recreate the frame state during graph
processing, and we don't have to copy the checkpoint's state for storing
in the deferred DeoptimizationInfo.

In theory the diff encoding was meant to save zone memory for unused
checkpoints, and for checkpoints that don't differ much from each other.
However,

  a) We expect to do most checkpoint elimination during graph building,
     so the assumption that many checkpoints will be unused seems less
     probable, and

  b) We need to copy the checkpoint's frame state for emitting deopts,
     so we don't actually end up avoiding doing the copies.

So, we can simplify things by removing this complexity.

Bug: v8:7700
Change-Id: Iff9743fabbf7a017cccf0ece76a797c571764ea6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545178Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79602}

This is a reland of commit d9e1f2ae

Change: disable regression test on non-SIMD hardware

Original change's description:
> [wasm][liftoff] Spill regs for multi-value merges
>
> If there is more than one value in the merge region, a stack-to-stack
> move can overwrite the source of a stack-to-register move. To avoid
> this, spill all registers.
>
> R=clemensb@chromium.org
>
> Bug: chromium:1299183
> Change-Id: I10495434d0a18c9072ee3882e00a687edd8c592a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523044
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79584}

Bug: chromium:1299183
Change-Id: I6f2af786ab91194a93945f5030575d1b8abee7fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548716Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79601}

Rather than emitting eager deopt code inline, use the full
DeoptimizationData+TranslationArray mechanism in maglev, for consistency
with TurboFan and simplification of implementing lazy deopts in the
future.

Bug: v8:7700
Change-Id: I67282b27493772c78ad28feaa4ad6a2c35c8e239
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545169Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79600}

This reverts commit 802c7b3e.

Reason for revert: Cluserfuzz found a reason to have this.

Original change's description:
> [string] DCHECK instead of test that ThinString's actuals have same length
>
> ThinStrings always forward to internalized strings that have the same
> character contents and thus the same length.
>
> Change-Id: I5929d266f96b23029f4786baf993a431cf4ad38d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541522
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79582}

Change-Id: Ib8a7b962242f8b8ab3ffc5c70ed1c84d187e5b8e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548459
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79599}

In LowerStringCodePointAt, rather than call StringCodePointAt
builtin, we could inline it using StringCharCodeAt.

Bug: v8:11743
Change-Id: I924f4180ffcfd583cfcbba57b2e0cf114adef068
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3517935Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79598}

This reverts part of crrev.com/c/2413252 since std::unique_ptr does
not satisfy is_standard_layout; and is_standard_layout is needed
to use offsetof:

 error: offset of on non-standard-layout type [-Werror,-Winvalid-offsetof]

Fixed: v8:12721
Change-Id: Ifbb1235fc3b8d1d855d41a226117fed88c506078
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540141Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79597}

Report fine-grain incremental mark/sweep statistics to the Recorder API.
These will be used by Blink to populate UMA histograms such as
V8.GC.Event.MainThread.Full.Incremental.(Mark|Sweep).

Bug: chromium:1154636
Change-Id: I1cbdcb2ffa49bd01d04a2e1d43921cebf956ac84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545070Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79596}

Bug: chromium:1029379
Change-Id: I74aeaa27c27ed33c169eee74b3a8c22adedb04eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545320
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79595}

The debugger maintains a stack of promises used for catch prediction
with promise builtins and async functions. Previously this stack would
hold on to the individual promises strongly, and subtle bugs that lead
to not properly cleaning up the stack in some corner cases would often
lead to significant memory issues (e.g. leaking whole iframes).

This refactors the PromiseOnStack to be

  (a) on the V8 heap, rather than allocating C++ structs with global
      handles pointing to the promises, and
  (b) hold on to the promises only weakly.

While this will not guarantee proper promise stack management, it will
at least ensure that edge cases don't lead to catastrophic (debugger
only) leaks.

Bug: chromium:1292063
Change-Id: I9c293ca2032de3a59e1e9624f132d37187805567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545176
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79594}

Before productionizing this, we probably want to just ignore the whole
section if it contains invalid data, but for now failing with a decode
error is more consistent with existing checks.

R=ecmziegler@chromium.org

Bug: v8:12537
Change-Id: I7fc5933573a4d6eddd039bf51361c5bee5c5170d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545177Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79593}

This reverts commit ad09811a.

Reason for revert: reverted by accident

Original change's description:
> Revert "cppgc: Add DCHECK that object start bitmap is safe to use"
>
> This reverts commit 9e1db518.
>
> Reason for revert: https://chromium-review.googlesource.com/c/v8/v8/+/3535782 causes roll failures, this needs to be reverted too because it's based on it
>
> Original change's description:
> > cppgc: Add DCHECK that object start bitmap is safe to use
> >
> > During sweeeping/compaction the bitmap is being reconstructed and
> > should not be relied on for finding object start.
> > Add a DCHECK that the bitmap is fully populated.
> >
> > Bug: chromium:1307471
> > Change-Id: I4aa414722262bb6fb169123a49fce1510a60d3ef
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540680
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Commit-Queue: Omer Katz <omerkatz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#79575}
>
> Bug: chromium:1307471
> Change-Id: I377b8737609fff33199776dce3d997f31074c59b
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545316
> Auto-Submit: Tobias Tebbi <tebbi@google.com>
> Owners-Override: Tobias Tebbi <tebbi@google.com>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#79586}

Bug: chromium:1307471
Change-Id: I04357072c6974e045c1e2bdea93d4059a1e987b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545319
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79592}

Accidentally, remembered sets for slots and source objects were passed
by value when visiting.

Bug: chromium:1029379
Change-Id: I1942a13605990c0b13c378d33d3ace602daddf0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545318
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79591}

This reverts commit 164a040a.

Reason for revert: roll failure: https://ci.chromium.org/ui/p/chromium/builders/try/cast_shell_linux/1164753/overview

Original change's description:
> cppgc: Add regression test and check for object start bitmap
>
> Access to the object start bitmap is only safe during marking until
> sweeping is started as the concurrent sweeper may clear and rebuild
> the bitmap at any time during sweeping.
>
> Adds a DCHECK and an additional test for a previously broken
> pre-finalizer scenario.
>
> Bug: chromium:1307471
> Change-Id: If67ade43f7cdad6de4720c0efeac11bfe8c22b3c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535782
> Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79550}

Bug: chromium:1307471
Change-Id: I181e63a34eae9369184fb86112bc64e53b8bfad5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545317
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79590}

Remove deprecated TracedGlobal<>, greatly simplifying handling of
traced references in general.

Also saves a word per v8::TracedReference as there's no need to keep a
possible callback around.

Bug: v8:12603
Change-Id: Ice35d7906775b912d02e97a27a722b3e1cec28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532251Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79589}

Currently, we assume:
  allocated-object-size = marked-bytes-on-previous-cycle + k,
which is not the case for the sticky bits (with the young generation
enabled). The CL introduces a variable
StatsCollector::marked_bytes_so_far_ that keeps track of marked bytes
across GCs.

Bug: chromium:1029379
Change-Id: I749c8c0174889c10093c75f88c096c68905bf36e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545167Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79588}

This fixes a general race with stack-scoped `TestPlatform` which
may go out of scope while tasks on workers are still running.

Add a barrier for workers, implemented through tasks, to synchronize
destruction of `TestPlatform`.

While this fixes general races, such short-lived platforms still
break if tasks cache the global platform pointer.

Bug: v8:12635
Change-Id: Ifc6ecc29f0e2b7297ca52051eae9bd81013b60ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536651Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79587}

This reverts commit 9e1db518.

Reason for revert: https://chromium-review.googlesource.com/c/v8/v8/+/3535782 causes roll failures, this needs to be reverted too because it's based on it

Original change's description:
> cppgc: Add DCHECK that object start bitmap is safe to use
>
> During sweeeping/compaction the bitmap is being reconstructed and
> should not be relied on for finding object start.
> Add a DCHECK that the bitmap is fully populated.
>
> Bug: chromium:1307471
> Change-Id: I4aa414722262bb6fb169123a49fce1510a60d3ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540680
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79575}

Bug: chromium:1307471
Change-Id: I377b8737609fff33199776dce3d997f31074c59b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545316
Auto-Submit: Tobias Tebbi <tebbi@google.com>
Owners-Override: Tobias Tebbi <tebbi@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79586}

This reverts commit d9e1f2ae.

Reason for revert: Linux test failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/45960/overview

Original change's description:
> [wasm][liftoff] Spill regs for multi-value merges
>
> If there is more than one value in the merge region, a stack-to-stack
> move can overwrite the source of a stack-to-register move. To avoid
> this, spill all registers.
>
> R=​clemensb@chromium.org
>
> Bug: chromium:1299183
> Change-Id: I10495434d0a18c9072ee3882e00a687edd8c592a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523044
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79584}

Bug: chromium:1299183
Change-Id: I465129695cfc1c5678923f7eefe5b91e31383798
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3546745
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79585}

If there is more than one value in the merge region, a stack-to-stack
move can overwrite the source of a stack-to-register move. To avoid
this, spill all registers.

R=clemensb@chromium.org

Bug: chromium:1299183
Change-Id: I10495434d0a18c9072ee3882e00a687edd8c592a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523044Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79584}

Since assignments to read-only private references can be skipped due
to short-circuiting in logical assignments, we should not eagerly
emit the error of invalid writes, and should instead load the values
as usual, only emitting an error when the assignment happens,
which can be handled by BytecodeGenerator::BuildAssignment().

Bug: v8:12680, v8:8330, v8:10372
Change-Id: Ia5fea9090bc48b0af8a9c8d6f95174f7aa2d86f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509298Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79583}

ThinStrings always forward to internalized strings that have the same
character contents and thus the same length.

Change-Id: I5929d266f96b23029f4786baf993a431cf4ad38d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541522Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79582}

Bug: v8:12672
Change-Id: Ib4f53086436e028b4ea32fbc960f57e91709d184
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532256Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79581}

CreateInterpreterDataForDeserializedCode checks for bytecode, copies the
InterpreterEntryTrampoline, and installs that and the bytecode on
InterpreterData. However, the bytecode can be flushed when the IET is
copied, which results in a failure to read it afterward.

Add an IsCompiledScope to guard against this.

As a drive-by, guard against baseline code being installed on the
function. This shouldn't happen in normal execution, but could
theoretically happen with some extra support for --always-sparkplug.

Bug: chromium:1308178
Change-Id: Ia5e81b376bff2aaa19e9c6007242629ab8b0d4a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545171Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79580}

Bug: chromium:11043
Change-Id: I0a0c9b1320b5fb65d48a5f3c8512c9b9cadb61c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545175
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79579}

Instead of manually ensuring checkpoints and marking that operations had
side effects, do this in AddNewNode based on OpProperties.

Bug: v8:7700
Change-Id: I1e2699af537056d066e7f919abe5e7479bd3af91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545174Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79578}

Bug: v8:11111,chromium:1306929
Change-Id: I26e4c5d7e87f75844e60952f30e8fe20189910c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535783Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79577}

Change-Id: Ie74e9bb523463a4c9a0f23a1788246b376e08b14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3543169Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79576}

During sweeeping/compaction the bitmap is being reconstructed and
should not be relied on for finding object start.
Add a DCHECK that the bitmap is fully populated.

Bug: chromium:1307471
Change-Id: I4aa414722262bb6fb169123a49fce1510a60d3ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540680Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79575}

Change-Id: Ia5066069304ae2eee442cd3e224c0c0c0816fd75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3543179Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79574}

The code is dead since migrating to jobs API.

Change-Id: Icdcc3523ffe5830ef5851cf4ea86e579841f543c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540103Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79573}

The lookup is safe during executing pre-finalizers which requires that
the GC is put in the atomic pause.

Bug: chromium:1307471
Change-Id: I4e61573f5cadf2585daab24d73ad798004d54188
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545173
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79572}

Bug: v8:9237,chromium:1308360
Change-Id: I11e3c14a6cecb9d88a834711fb6252191494d5f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545172Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79571}

Some edges are self looping because of incorrect `horizontalPos`. This is occuring because of an unexpected scenario caused due to incorrect calculation of `inputApproch` and `outputApproach`. And all of this is occuring because of insufficient distance between two nodes.
An example of the problem is shown in the image: https://imgur.com/aAmnzaK.

Change-Id: I056e1fbcc420ce65a3ae9201e187b22ad3fbaaba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535791Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79570}

Bail if exception handler table is non-empty.

Bug: v8:12726, v8:7700
Change-Id: I6c19d66cd02b0cef610733b802f04f72e1dd0d58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545170Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79569}

Following up on https://crrev.com/c/3540145, this also changes local
debug evaluate scripts to be marked as shared-cross-origin.

Drive-by-fix: This also updates the test for global debug evaluate to
use the official (debug) API instead of peaking into the V8 internals
unnecessarily.

Bug: chromium:1295750
Change-Id: Ief0bc76a4333671f8db761d1f6a5fb740aae698e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541780Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79568}

Bug: v8:7700
Change-Id: Icd9c0ce6fce727759beec246253dbd16756abc09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545166
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79567}