Bug: v8:12244,v8:12245
Change-Id: I1f0c7fa26e6db208f621470d4bcbea904909a799
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3274014
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77859}

This reverts commit 72e01a06.

Reason for revert: Failing on Linux 64, local bisect to this change, run with --random-seed-stress-count=1000

Original change's description:
> Reland "[baseline] Enable concurrent sparkplug on future"
>
> This is a reland of 0e4554b4
>
> Original change's description:
> > [baseline] Enable concurrent sparkplug on future
> >
> > Bug: v8:12054
> > Change-Id: I9d5040c806232ecbe71c26b7d65acbc8005bbd00
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233139
> > Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77842}
>
> Bug: v8:12054
> Change-Id: I60849c6c9c7c7e6687422669e5636b2a283cc6ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275560
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77850}

TBR=leszeks@chromium.org,v8-scoped@luci-project-accounts.iam.gserviceaccount.com,victorgomes@chromium.org

Change-Id: I26b75edb26bd81128a2a266461e7a917dff3b176
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:12054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3276912Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77858}

My previous change https://crrev.com/c/3160299 introduced a runtime
CHECK that crashes the process if V8 attempts to read a deoptimization
literal which has been cleared. That CHECK is indeed crashing the
process.

It appears that the trouble arises in cases where the deoptimization
data indicates that an object should be materialized as needed. In those
cases, one of the deoptimization literals is the Map to use when
materializing the object. It is possible to reach a part of the code
that requires the materialized object, and therefore the Map, without
there being any other owner of that Map. This is in contrast to most
other deoptimization literals, which are logically equivalent to omitted
values from the stack frame and therefore can't be reached without a
real owner somewhere to keep them alive.

To fix, I propose referring to Maps strongly from the deoptimization
literals. The cases I investigated in v8:4578 didn't involve Maps, so I
believe that the observed memory leaks are still fixed with this change.

Bug: chromium:1268681, chromium:1268683, chromium:1268825, v8:12300
Change-Id: Ifd32a7f9cc29e0384650013ab16e05646bf57895
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272880
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77857}

Bug: v8:12244,v8:12245
Change-Id: I4adafe31ffc747f7184c8b868f97e4a549e619ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273530Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77856}

Bug: v8:12244,v8:12245
Change-Id: I98c3f5e4aeed2d2179c61d482999fb498c676639
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273527Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77855}

Bug: v8:12244,v8:12245
Change-Id: I2d1f9f24b8a78b8025c73e065e79c72c842a939b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273528Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77854}

Bug: v8:12244,v8:12245
Change-Id: Ieb3129ec1e66024b5431a1deb231529b94c740f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273894Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77853}

Bug: v8:12244,v8:12245
Change-Id: Ibef9eaa7f1c3a58ef290b61a9f46b98fc30184af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3274019Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77852}

Similar to previous bug v8:11771, this test needs deterministic GC
behavior so it is incompatible with concurrent inlining.

Bug: v8:12374, v8:4578
Change-Id: Ib3667744d1032524a0c2e697a970876dfc1677ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272882
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77851}

This is a reland of 0e4554b4

Original change's description:
> [baseline] Enable concurrent sparkplug on future
>
> Bug: v8:12054
> Change-Id: I9d5040c806232ecbe71c26b7d65acbc8005bbd00
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233139
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77842}

Bug: v8:12054
Change-Id: I60849c6c9c7c7e6687422669e5636b2a283cc6ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275560
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77850}

The check is a simple shortcut, but this is not safe in multithreading.

In a multi-threaded situation, if a CodePageCol**Scope is open while
a CodeSpaceMem**Scope is already opened, the result is a noop.
If the latter finishes first, then we would decrement a wrong
depth in ~CodePageCollectionMemoryModificationScope.

Bug: v8:12054
Change-Id: I7e1016628ffbd37b343ea130eb8d7d8e60abec98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275562Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77849}

R=ecmziegler@chromium.org

Change-Id: Ia2502f8fec849b6622bf3cad9d65dae7bc0b83e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275567Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77848}

Bug: v8:11165
Change-Id: Iff70b6fcf1a68f330750afb5fb94787673de3bbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275565Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77847}

Loop headers in the interpreter would start a new basic block, which
among other things would reset the liveness of that block. This meant
that a loop created after dead code, without a check for whether the
code is currently dead or not, would "resurrect" that block's liveness,
making the inside of the loop live even though the loop itself is
unreachable.

This works fine, since the loop is still unreachable, but can breaks
DCHECKs in bytecode liveness analysis for cases where a register is
supposed to be initialised before the loop, in the dead code, and is
then used inside the loop, in the resurrected code.

Normally this wouldn't be a problem, since blocks are normally killed on
the statement level and we check for deadness during statement
iteration, but `foo() = x` introduces an expression-level block killer
(being re-written to `foo[throw ReferenceError] = x`) and we don't check
for deadness after assignment Lhs preparation.

This does mean that we have to fix the InterpreterJumps test, to not try
to jump into the middle of a loop (since this could revive the loop).
This can only happen when manually creating bytecode, bytecode generated
from JavaScript is always reducible.

Bug: chromium:1230597
Change-Id: I8403ccdeae7e5450adf629026e2ca8a134c81877
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275557
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77846}

This reverts commit 90a9d6cb.

Reason for revert: Seems to make some test to fail flakily. Revert for now until this is fixed.

Original change's description:
> [heap] Support multiple clients in shared GC
>
> Add support for safepointing multiple isolates as described in the
> design doc (link is below). A safepoint across multiple isolates is
> considered a global safepoint to distinguish it from regular safepoints.
>
> The basic idea behind the implementation is that we reach a
> safepoint for each client. What's new is that now also main threads
> need to participate in the safepointing protocol and need to give up
> control in time. The slow paths of Park(), Unpark() and Safepoint() on
> the main thread need to be adjusted for this reason as well.
>
> This CL introduces GlobalSafepoint and GlobalSafepointScope to mirror
> IsolateSafepoint and IsolateSafepointScope.
>
> This CL adds the type IgnoreLocalGCRequests, it is used to prevent
> Park() and Unpark() from honoring the request from background threads
> to perform a local GC. This is used heap-internally to not have GCs
> (or even nested GCs) in certain locations. E.g. when initiating a
> safepoint to perform a GC we don't want a "recursive" GC to occur.
>
> Design doc: https://docs.google.com/document/d/1y6C9zAACEr0sBYMIYk3YpXosnkF3Ak4CEuWJu1-3zXs/edit?usp=sharing
>
> Bug: v8:11708
> Change-Id: I5aca8f5f24873279271a53be3bb093fc92a1a1eb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009224
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77812}

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:11708
Change-Id: I85fbf896c59492fc571b3bfaa7f9e3ea8a883260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275552
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77845}

Test needs young generation to work properly.

Bug: v8:12380
Change-Id: I5dca5bd6be10371ee9aabf263c4f8491917b9803
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275556
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77844}

This reverts commit 0e4554b4.

Reason for revert: Breaks due to read-only flags https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug%20builder/3926/overview

Original change's description:
> [baseline] Enable concurrent sparkplug on future
>
> Bug: v8:12054
> Change-Id: I9d5040c806232ecbe71c26b7d65acbc8005bbd00
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233139
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77842}

TBR=leszeks@chromium.org,v8-scoped@luci-project-accounts.iam.gserviceaccount.com,victorgomes@chromium.org

Change-Id: I25bbe7f38d87fcc13931782d26cd6b75bba50848
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:12054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275555Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77843}

Bug: v8:12054
Change-Id: I9d5040c806232ecbe71c26b7d65acbc8005bbd00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233139
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77842}

Change-Id: I80affc4c813dff2a42afcdcea60e3856eaf346aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272576Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77841}

Changes:
- Enable allocation folding for wasm-gc graphs.
- Improve structure of wasm escape analysis code. Kill dead nodes.
- Revisit object node after eliminating a load or a store to that node.
- Add a couple of tests, rename one test file.

Bug: v8:11510
Change-Id: I8b3c5186cd0a8827744a05eba366ff79bc7bc975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264215Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77840}

Properly scope unique_ptr for Heap.

Change-Id: I9ce65f326065333f2600e6057ae3015a41d4c39a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273815
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77839}

Change-Id: I7e07821ed56f2813ad90d21bd36382aa25351d21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273813
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77838}

... by
1) using platform-specific kMaxPCRelativeCodeRangeInMB constant
   instead of fixed 2GB for computing a region around embedded builtins
   from which the builtins could be reachable by pc-relative call/jump
   instructions,
2) remapping builtins into the code range if the latter happened to be
   allocated too far from embedded builtins (so that the pc-relative
   calls/jumps can't reach the embedded builtins blob).

Bug: v8:11880
Change-Id: I3c8df6836a8f0156d5360edd9c4ae8c295ec7100
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270543Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77837}

Force-inline the HandleScope constructor and destructor, and
add branch hints for two commonly-mispredicted branches. This
moves the overall JetStream2/cdjs score by roughly 4% on d8. I
suspect no change will be visible in chromium builds (with PGO).

Bug: v8:12196
Change-Id: I0fd7b67aa554876d2dad2d706b874df21dbb72e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270542
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77836}

This introduces a stack frame cache on the V8Debugger level, which
de-duplicates StackFrame instances based on their scriptId, line and
column number.

This greatly reduces the memory pressure when debugging huge Web
applications that have a lot of async activity (and potentially
have scripts with huge URLs). This is guided by the observation
that even in huge applications, there are only a very limited
number of call sites that initiate async activity and hence we
only have a limited number of distinct StackFrames to worry
about (despite having to maintain a large number of async stack
traces overall).

As a nice side effect, this CL also greatly reduces the negative
performance impact of collecting async stack traces in these
huge applications.

Generally speaking this is mostly duct tape however, and we might
want to follow up with changes to make capturing (and storing)
stack frames even cheaper.

Fixed: chromium:1268436
Change-Id: Ib212b3c97dce2bb7ca47d5875d45cf20b9b97afe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272577
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77835}

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/431abd1..b3c08f6

check clang format on pull requests and merges (#1281) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/b3c08f6

format tests with clang-format (#1282) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/c07a498

clang-format Google on {src/,include/} (#1280) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/fcef4fb

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I32740a6899832fdfbb89b41e4b082eddb5c94063
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273787Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77834}

The second parameter of Int64Mul may be a 64-bit immediate value,
treating it as a 32-bit value will lose the upper 32 bits.
Besides, add a test for this error.

Bug: v8:12373
Change-Id: I92e95f7906051c91f9076730e5490b0956416d68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272195
Auto-Submit: Liu yu <liuyu@loongson.cn>
Commit-Queue: Liu yu <liuyu@loongson.cn>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77833}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3a26983..2f14357

Rolling v8/third_party/aemu-linux-x64: f0uJsXEjFFbo2nVGo8XXghmC5jioFclKgH_jzEObMmYC..j1lOwTKOsgGUj2jDFDa6IhTVhwEoPPzmdxFksCvz278C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5c5e5a1..0dab16a

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ea9285c..2df8443

Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/aa486f1..79efd96

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/8bed2fb..286f857

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Idc46d13ab8010d5d1f86d03bdcf3eb24c6595bc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3273786Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77832}

The is_shared bit bumps the number of reserved bits for Strings'
InstanceType from 6 to 7. This has the side effect of shuffling the
InstanceType enum values.

There are no users of this bit yet. This is steps 1-2 from the following
design doc [1], in preparation for sharing internalized and
in-place-internalizable strings.

[1] https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit?usp=sharing

Bug: v8:12007
Change-Id: Idf11a6035305f0375b4f824ffd32a64f6b5b043b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3266017
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77831}

Don't emit modsd, modud, modsw, moduw if Power proc. version is less
than 9.

Change-Id: I20a33930c5887921cf1943558b3ab6ac8d8a53ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3271636Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Cr-Commit-Position: refs/heads/main@{#77830}

Bug: chromium:1136844
Change-Id: I1c9be9ff38114f548b5f40462d96968dbf1565ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272580
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77829}

Bug: v8:12244,v8:12245
Change-Id: I678296c3ebf5d78dac7697a25b27c583406e02cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3269179
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77828}

While compiling concurrently, we change the permissions of the page
containing the new code object to RWX, so the main thread can continue
executing a potential code in the same page.

If no thread is compiling the new code, we change the permissions
of all pages affected back to RX.

We also initialises code object page to immediately RWX by default.
Otherwise, a new code could be allocated in the same page, it will call
UnprotectAndRegister, and since write_unprotect_counter_ is now at
least 2, the code ignores the permission change. We then sigfault
when trying to run the new code.

Change-Id: Id18bcb9a44843b4ff747b1e4ac91913e80b74d80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257606Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77827}

Change-Id: Id60f3552af2ba12a8ac8fd88ad43a88a9076774d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272582Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77826}

Change-Id: I48384ff3282e32108cc439bdb56097ca59bedefb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270002Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77825}

BUG=chromium:1257321
TEST=none

Change-Id: I59f34e8b41ba08f5046754c13be8f1df6a335655
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3271389Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77824}

Change-Id: Ic868b6f9bb17bb9d6e6fe2a7203a41383aef5cf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272206Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Cr-Commit-Position: refs/heads/main@{#77823}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6d2bdd8..3a26983

Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/ee43952..707d75f

Rolling v8/third_party/aemu-linux-x64: v2iF9qvnOnVHoqJpdbZJYOqXwQzHFLq1S6pnFoNhtEgC..f0uJsXEjFFbo2nVGo8XXghmC5jioFclKgH_jzEObMmYC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c9cf63a..5c5e5a1

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1b2f8f0..ea9285c

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/565ca2d..8bed2fb

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I52def08a4fc2d0839a80313b1930ea4197dc9d6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3271747Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77822}

Bug: chromium:1268452
Change-Id: Idbddd1a2079cfa1e38ce5209799bfb656e5b7911
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270544Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77821}

The feature is controlled by a boolean flag on Isolate, so there's no
need to keep the flag read-only.

Bug: v8:11527, chromium:1241665
Change-Id: I377452fed10b319a4a512c090706c754603c2ae8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270547
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77820}