We need to make sure that a node doesn't think it's still allocated in a
register (and doesn't need spilling) when it is freed to make space for
another allocation.

Bug: v8:7700
Change-Id: I6e35cd467bb7f17bb20dc6f4ab0a1df9efe78ffa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582220
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79926}

We were doing this for synchronous compiles, but not for asynchronous
ones.

Bug: v8:7700
Change-Id: I10173ddc34bd8750051272c0ec065e21bbd20082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3581767
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79925}

The external code space is required for the sandbox, so enable it on
Android to be able to enable the sandbox there as well in the future.

Bug: v8:11880
Change-Id: Ic7ba29c77affc3e0e83c8a93f2f6f53b3c72b8e8
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578799Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79924}

Change-Id: I8a46ee0f64d6e9b7d71c7f494cac3eff817fbdda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582417Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79923}

1. Added `generateWebDriverValue` flag to `Runtime.evaluate` and `Runtime.callFunctionOn`.
2. Added `webDriverValue` field to `RemoteObject`, and set it in case of the `generateWebDriverValue` flag was set.
3. Added virtual method `bidiSerialize` to allow embedder-implemented serialization (like in https://crrev.com/c/3472491).
4. Implemented V8 serialization in a separate class `V8WebDriverSerializer`.
5. Hardcode `max_depth=1`.
6. Added tests.

Not implemented yet:
1. `objectId`.
2. Test of embedder-implemented serialization.

Tested automatically by:
```
python3 tools/run-tests.py --outdir out/foo inspector/runtime/add-web-driver-value
```

Naming to be discussed. Suggestions are very welcome.

Design doc: http://go/bidi-serialization

Change-Id: Ib35ed8ff58e40b3304423cc2139050136d844e2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472077Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maksim Sadym <sadym@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79922}

... and fix AddSmi operation.

Bug: v8:7700
Change-Id: If81030e1e0d457076e09db62553342f04477e255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3581983
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79921}

FlagScope can't automatically disable wasm-dynamic-tiering.

Bug: v8:7748

Change-Id: Ieb59e20b4cb4436277aa88b615bca07657a1212c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578109
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79920}

This is a reland of commit 1f0d7d20

The fix merges concurrent marking tasks when marking in the atomic
pause. Without the fix, Oilpan markers would continue running
concurrently, possibly discovering new V8 objects. This violates the
assumption that the final transitive closure runs on a single thread.

Original change's description:
> cppgc-js: Concurrently process v8::TracedReference
>
> Adds concurrent marking for reaching through v8::TracedReference.
> Before this CL, a v8::TracedReference would always be processed on the
> main thread by pushing a callback for each encountered reference.
>
> This CL now wires up concurrent handling for such references. In particular:
> - Global handles are already marked as well and not repurposed during
>   the same GC cycle.
> - Since global handles are not repurposed, it is enough to
>   double-deref to the V8 object, checking for possible null pointers.
> - The bitmap for global handle flags is mostly non-atomic, with the
>   markbit being the exception.
> - Finally, all state is wired up in CppHeap. Concurrent markers keep
>   their own local worklist while the mutator marker directly pushes to
>   the worklist owned by V8.
>
> Bug: v8:12600
> Change-Id: Ia67dbd18a57dbcccf4dfb9ccfdb9ee438d27fe71
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516255
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79736}

Bug: v8:12600
Change-Id: I8545041b2c7b3daf7ecea7e3a100e27534e9b8b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571887Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79919}

Add LocalIsolate use, broker()->GetFeedbackForPropertyAccess, and
generating persistent/canonical handles to fix maglev concurrent
compilation.

Bug: v8:7700
Change-Id: Ifd1156c72710047b5f2930837a04709419b23bc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578546
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79918}

Port 52b99213e73045e9ffcae970e6c3f3cd07fc8381

Bug: v8:12161
Change-Id: Iac4f31eb6be83bca0e4bd407d81f1ece271b1e67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576124Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79917}

Change-Id: I0063c92ee99193440cdbbe18a6f0d094302e7c16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578544Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79916}

This is a reland of commit 6879c515

Original change's description:
> [osr] Enable concurrent OSR
>
> Fixed: v8:12161
> Change-Id: Ie6e83dd4f261fff2d1fa8613116e83ef6b61561f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576116
> Auto-Submit: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79857}

Change-Id: I418a1166c5eff4156f0c4406f024fc1ba5746732
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582038Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79915}

The roundss / vroundss instruction is only available on AVX or SSE4_1
hardware. Thus bring back the old code path with much longer code for
such old hardware.

R=tebbi@chromium.org

Bug: chromium:1314363
Change-Id: I79a58627c8b406817330e9f9601234cea28182c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578642Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79914}

This particular branch in CompileOptimizedOSR relies on a precise
invocation count at counts 0 and 1. The invocation count is unreliable
not only in the previously described situation (--always-opt), but also
e.g. when forcing optimization on the first execution through other
means like %OptimizeFunctionOnNextCall. Let's simply rewrite the
condition to explicitly exclude kIsInProgress.

Fixed: chromium:1314536
Change-Id: I27432f689c866bad3b407df7bbf276ec32c25c0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578644Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79913}

1: Clear cache entry 0 before overwriting it to maintain bookkeeping of
the SharedFunctionInfo's OSR code cache state, which tracks how many
cache entries there are for this particular SFI.

2: When inserting into the code cache, we don't know in advance whether
the entry is already present or not (this could happen with multiple
simultaneous compile jobs from different closures of the same SFI).

Fixed: chromium:1314644
Bug: v8:12161
Change-Id: I0085a3a6e0c1879c3d483853220e654aa03660ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578643Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79912}

This is a reland of commit 51b99213

Fixed in reland:
- bytecode_age was incorrectly still accessed as an int8 (instead
  of int16).
- age and osr state were incorrectly reset on ia32 (16-bit write
  instead of 32-bit).

Original change's description:
> [osr] Add an install-by-offset mechanism
>
> .. for concurrent OSR. There, the challenge is to hit the correct
> JumpLoop bytecode once compilation completes, since execution has
> moved on in the meantime.
>
> This CL adds a new mechanism to request installation at a specific
> bytecode offset. We add a new `osr_install_target` field to the
> BytecodeArray:
>
>   bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
>     osr_urgency: uint32: 3 bit;
>     osr_install_target: uint32: 13 bit;
>   }
>
>   // [...]
>   osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
>   bytecode_age: uint16;  // Only 3 bits used.
>   // [...]
>
> Note urgency and install target are packed into one 16 bit field,
> we can thus merge both checks into one comparison within JumpLoop.
> Note also that these fields are adjacent to the bytecode age; we
> still reset both OSR state and age with a single (now 32-bit)
> store.
>
> The install target is the lowest 13 bits of the bytecode offset.
> When set, every reached JumpLoop will check `is this my offset?`,
> and if yes, jump into runtime to tier up.
>
> Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
>
> Bug: v8:12161
> Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79853}

Bug: v8:12161
Change-Id: I7c59b2a2aacb1d7d40fdf39396ec9d8d48b0b9ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578543Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79911}

Join instead of cancel to make use of the the main thread.

Also make the Join() call explicit instead of implicitly finishing
concurrency on advancing tracing form the main thread.

Bug: v8:12600
Change-Id: I60d3e82bfc2e8a3ccc2dda761a5d3eb3ac7694d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578855Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79910}

To make the existing mechanism for printing JSON for turbolizer able to
print types other than the ones stored in the nodes (so the verifier can
print its own types here), this CL restructures the printing mechanism
into a single non-private class that can be inherited to override
certain parts of the printing. In this CL only GetType is made virtual
to allow verifier to override it, but additional parts can be made
overridable whenever necessary.

Bug: v8:12619
Change-Id: Idf31f8cdb49eb6c3204c6abfbb74fc981330d6d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571818Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79909}

Bring back raw SetAccumulator, instead of the separate
SetAccumulatorToNew/ExistingNode. SetAccumulator (and StoreRegister) are
now expected to only ever be called on new Nodes, with some DCHECKs
tracking which nodes are new guaranteeing this.

Bug: v8:7700
Change-Id: I5657fa85dc05445bc3d6956ebcd5541ec1cedfad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579362
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79908}

Map space can get disabled with --no-use-map-space.

Bug: v8:12578, chromium:1314307
Change-Id: I0f25e4e10c0baa0e9785d80c189dfe86c2bc6aec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579302Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79907}

port 49c95bd9

Change-Id: I69baf80d85e172014f4037fd4d345f0f0a634684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578101
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79906}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/53a9bbc..2c3758a

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/ed21e7f..e025ba5

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/cb96c63..c39fea8

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5af479b..4326c47

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e121d14..e222245

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/bbc5794..3eacd6c

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I26e6feb9ae9efefabdd941d2138b5abada80a2c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579950
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79905}

API logging has not been used in a while and we have valid alternatives:
- Runtime call stats
- Profiling
- Timer events

Together they make --log-api superfluous and we can remove it and reduce
the number of branches when calling into the V8 API.

Change-Id: Ie10f70b61ebdb82166270e7630ebcf20a27c4902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574549Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79904}

Instead of using cipd for dsymutil (which is updated via the autoroller),
chromium/src downloads the dependency directly from a storage bucket
(https://crrev.com/c/3564507).

This rolls the approach into v8's DEPS. Additionally, it manually rolls
the deps changes from https://crrev.com/c/3577241 to validate the fix for
chromium:1314724 in a led run referencing this commit in
https://chromium-swarm.appspot.com/task?id=5a235a3429884411.

Bug: chromium:1314724
Change-Id: I6eb0e954bd17a390cbc79d929f82793e877db7b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579304Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79903}

FPUCanonalizeOperation will output standard qNaN when the lvalue is nan
in simulator, and this implementation is inconsistent with physical
machine.

Besides, fix a wrong register request in i64_add on mips32.

Change-Id: Icddb1fc6d0e03a51d4fb4ba13ecb39f11a645af0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3580103
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#79902}

Port commit 9ca0bfef

Bug: v8:12166
Change-Id: I39708d61f823b4ef12ab5aac6b030eff89517b16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579870
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#79901}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/74ae567..6f75bb5

Shut down Bazel gracefully and revert wheel build strategy to job matrix (#1383) (Nicholas Junge)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/6f75bb5

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I68f28e3c67b897641717d4d97809bf2ccaaed494
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579467
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79900}

Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/5fb4338..1fd0dbe

Add a flag for selecting the ICU data source on Fuchsia (Filip Filmar)
https://chromium.googlesource.com/chromium/deps/icu/+/1fd0dbe

Add Welsh to CrOS ICU (mlcui)
https://chromium.googlesource.com/chromium/deps/icu/+/97d9bad

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I3dbb2de75266fc2d48d80708e0338fffe5a389d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579466
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79899}

This CL changes frame message from `Function.${staticMethodName}`
to `${className}.${staticMethodName}` for stack trace in class
static methods.

Bug: v8:12778
Change-Id: Ie2b9471066a6ba38265412f4af471789bd375c98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3575759Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#79898}

- Parse the condensed source position info support for jitted code
- Add progress bar/circle to loader
- Use temporary Array instead of concatenated strings in escapeField to
  reduce gc pressure
- Use bound functions as event handlers in more places
- Various timeline legend fixes:
  - Fix columns alignment when duration is present
  - Use fixed width to avoid breaking the UI
  - Correctly show total/percents for 'All' and 'Selection' entries
  - Improve usability of filtering buttons: added tooltips and fixed
    redrawing on filtering

Bug: v8:10644
Change-Id: I1275b31b7b13a05d9d6283d3067c1032d2d4819c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574544Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79897}

The tier up check in br_if is only executed conditionally, so it is
not allowed to update any cache state. Later code would work with that
updated state, even though the corresponding code would not have
executed.
There was a partial implementation for this by passing in a scratch
register for {TierupCheck}, but {TierupCheckOnExit} has the same
problem, and needs up to three scratch registers.

Until we come up with a better solution, just snapshot the cache state
before doing the tier up check, and restore it later. This has some
performance cost, but it's an effective fix.

R=jkummerow@chromium.org

Bug: chromium:1314184
Change-Id: I1272010cc247b755e2f4d40615284a03ff8dadb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579363Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79896}

This is a reland of commit c482a66b

Original change's description:
> Enable PAC and BTI for runtime generated code.
>
> This patch enables PAC and BTI for runtime generated code when PAC
> is enabled. Additional BTI landing pads will resolve to NOOP when
> running on non BTI device and will not cause functional problems.
>
> Change-Id: I3993481df2c3c47e3e81bfb76a8c355f642cd572
> Bug: chromium:919548, v8:10026
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548457
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Andre Kempe <andre.kempe@arm.com>
> Cr-Commit-Position: refs/heads/main@{#79630}

Bug: chromium:919548, chromium:1310642, v8:10026
Change-Id: I5f76705a222b5f4fbc07cf472c02e9b58b5171fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579164Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Andre Kempe <andre.kempe@arm.com>
Cr-Commit-Position: refs/heads/main@{#79895}

Opportunistically specializing the inlined function's signature
based on statically available type information in the caller is
currently important for performance, but can make inlining fail
if parts of the inlinee relied on the more generic types.
This patch addresses that problem by retrying with the original
signature in such cases.
Long-term, check elimination should be based on typed IR nodes
instead.

Bug: v8:12166
Change-Id: I4b68d0b056daec25844f6386da11b933cc343d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579144Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79894}

Change-Id: Ifb69e0d12359b7781665729d3abf91db4c1505bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579361
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79893}

Bug: chromium:1314496
Change-Id: I2f1579715910900dff9e157a6a6a9af2fbcbbb42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578853Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79892}

Similar to full GCs, the GC defers metric reporting until sweeping is
finished.

Bug: chromium:1029379
Change-Id: Ib06adb3be691c1ad2bd530eb77fc01cc22537338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576130Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79891}

This reverts commit 6879c515.

Reason for revert: Speculative revert for roll failures
https://ci.chromium.org/ui/p/chromium/builders/try/win_optional_gpu_tests_rel/80674/overview

Original change's description:
> [osr] Enable concurrent OSR
>
> Fixed: v8:12161
> Change-Id: Ie6e83dd4f261fff2d1fa8613116e83ef6b61561f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576116
> Auto-Submit: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79857}

Change-Id: I05bd9594e8ce3db71acb31cf4c626c066158ceaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579163
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79890}

This reverts commit 2b6a3f3c.

Reason for revert: Closed the tree (https://cr-buildbucket.appspot.com/build/8817446249181470449)

Original change's description:
> Update V8 DEPS.
>
> Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/38ea770..53a9bbc
>
> Rolling v8/buildtools/linux64: git_revision:ab9104586734cb45aa77c70ca5042edbcc9f6aa5..git_revision:ae110f8b525009255ba1f9ae96982176d3bfad3d
>
> Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/ac492da..ed21e7f
>
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5ff11ff..5af479b
>
> Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ba94bbe..e121d14
>
> Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3436376..bbc5794
>
> Rolling v8/tools/clang/dsymutil: M56jPzDv1620Rnm__jTMYS62Zi8rxHVq7yw0qeBFEgkC..pEbTLlGCfrxK3iYSRElN2XcFrzEUg0_Wo3mQsE6AbtIC
>
> R=​v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
>
> Change-Id: Iefe6463005318beb32d0f3752771420a8a228df0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3577241
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#79888}

Change-Id: I89aac6dc90a01b2c41edb6c4fe5450cebed1d420
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579146
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79889}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/38ea770..53a9bbc

Rolling v8/buildtools/linux64: git_revision:ab9104586734cb45aa77c70ca5042edbcc9f6aa5..git_revision:ae110f8b525009255ba1f9ae96982176d3bfad3d

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/ac492da..ed21e7f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5ff11ff..5af479b

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ba94bbe..e121d14

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3436376..bbc5794

Rolling v8/tools/clang/dsymutil: M56jPzDv1620Rnm__jTMYS62Zi8rxHVq7yw0qeBFEgkC..pEbTLlGCfrxK3iYSRElN2XcFrzEUg0_Wo3mQsE6AbtIC

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Iefe6463005318beb32d0f3752771420a8a228df0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3577241
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79888}

Bug: v8:7700
Change-Id: I32e1160dd71193857e6760dd0a3b826e3ec0f044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579141Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79887}