Change-Id: I45a91f08a83f9cadff0d82b9090c2bc73fe93ed7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5728997
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/12.8.374@{#1}
Cr-Branched-From: 451b63ed-refs/heads/main@{#95151}

Runtime::kWasmGenerateRandomModule only exists on non-official builds.

Change-Id: I7579d28247a27d895ce350ba012ea7b27623c3e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724702


Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95151}

This is a reland of commit 121d624b

More runtime functions are now opted out of (differential) fuzzing.

Original change's description:
> Make more runtime functions available to the fuzzers
>
> Previously, we had an explicit allow-list of runtime functions for
> fuzzing, and every function that should be available to fuzzers needed
> to be added to that. This approach is somewhat fragile, however, as it
> is easy to forget adding new functions to that list. With this CL, all
> runtime functions that are used for testing are automatically exposed to
> fuzzers, but can be manually opted out, which is still necessary for
> some functions for a number of reasons.
>
> This CL also makes a number of test functions fuzzer safe, as those are
> now exposed to fuzzers. There will likely be a few more functions that
> were missed and are not yet fully fuzzer-compatible. However, those
> should quickly be identified by our fuzzers, at which point they can
> either be made fuzzing-compatible or opted-out of fuzzing.
>
> Bug: 353685107
> Change-Id: Ibae038fee2926205bcbc91a8bcadcaec9a8242a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5720570


> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#95126}

Bug: 353685107
Change-Id: Icff469bbee67bb65b8520ef57a42616615199916
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5728075


Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95150}

Change-Id: I2a49b2d0978c167c1ee69fbd64a36b9042aae571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5729412


Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95149}

In case of tail calls in the deoptimized frames the caller pc of the
bottom most (outer most) function can end up in a different stack slot
than in the optimized function as the number of parameter stack slots
may differ.

This means, the caller_pc_ needs to be stripped from the PAC and
re-signed again prior to writing it to the output frame.

Fixed: 353582136
Bug: 42204618
Change-Id: I1670c416d3af44af0507b82717ac1df4d3cc11ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5716734


Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#95148}

Fast API calls from WebAssembly are based on the well-known imports
optimization, which allows faster calls from WebAssembly when the import
is known to be of a special kind. However, this optimization can only
be used when all instances of a WebAssembly module use the same imports.

This CL adds a test where a WebAssembly module gets instantiated with
different fast API call targets to check that the well-known imports
optimization indeed gets disabled.

Bug: 41492790
Change-Id: I91ff611a6cbd26a025dd248cb83e2718b44fd956
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5720910


Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95147}

Rolling build: https://chromium.googlesource.com/chromium/src/build/+log/ad2f859..7a8285c

Rolling buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/adc2a53..3ef44a2

Rolling buildtools/reclient: re_client_version:0.148.0.41b09b51-gomaip..re_client_version:0.150.1.d9707319-gomaip

Rolling third_party/catapult: https://chromium.googlesource.com/catapult/+log/29445d0..1699936

Rolling third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b4102e4..cdcdd6e

Rolling third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/9ff2450..cee1ba1

Rolling third_party/markupsafe: https://chromium.googlesource.com/chromium/src/third_party/markupsafe/+log/e582d7f..6638e9b

Rolling third_party/siso: git_revision:b41f9eaf44dfdaec51ab2d7089aaa4cb6d9e7f5e..git_revision:50a6db5dae3978d2d2e8dce29f6df024dde48d1b

Rolling tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a5953b1..4dc76da

Rolling tools/luci-go: git_revision:c9c95dda5f310610a3fc574af44faeed298b3938..git_revision:771ea9a614a104c71655f699ef82219a2a474817

Rolling tools/luci-go: git_revision:c9c95dda5f310610a3fc574af44faeed298b3938..git_revision:771ea9a614a104c71655f699ef82219a2a474817

Roll created at https://cr-buildbucket.appspot.com/build/8741743458899784145

Change-Id: I8848908bd3d7046ce9a7afb7304d2c6f59867871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5728992
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#95146}

Fixed: 353877568
Change-Id: I31bba348ae0deff17ea1568d2791df51710cedc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724700


Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95145}

GCTracer::ResetForTesting() invokes the destructor and then uses
placement new to reinitialize GCTracer to its default state.
Unfortunately, the placement new call uses `heap_`, but `heap_` is no
longer valid to access after invoking the destructor.

The fix is to cache the value in a local and then pass the value of the
local to placement new.

Bug: 40222690
Bug: 353960901
Change-Id: I64bce1a995fd648bda167f743a0f9f1ed8b34215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5727716


Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95144}

This CL can improve Speedometer3 by ~0.3% and reduce ~4% (2903 -> 2793)
turbofan compilation when running Speedometer3.

Bug: v8:14296
Change-Id: I134013f6a895785e410c027c64120a1fd1910ffa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5679484


Reviewed-by: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#95143}

ExpectedTransitionKey directly returns key if TransitionAccessor has
only one member, and returns null if TransitionAccessor has multiple
entries.
This CL compare string content if TransitionAccessor has less than 8
entries.
This CL can improve the below micro case by ~17%.
  for (var i = 0; i < 1e7; ++i)
    JSON.parse('{"title":0,"completed":1,"id":2}');

Change-Id: I11307c5e68940a65ade244714652df6f8d655fbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5672333


Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95142}

Change-Id: If29e4190ccc3b8f320273d61ba9117d3f4fd3836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5717465


Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#95141}

This reverts commit 121d624b.

Reason for revert:
Causes many differential-fuzzing false positives in the current state.

Original change's description:
> Make more runtime functions available to the fuzzers
>
> Previously, we had an explicit allow-list of runtime functions for
> fuzzing, and every function that should be available to fuzzers needed
> to be added to that. This approach is somewhat fragile, however, as it
> is easy to forget adding new functions to that list. With this CL, all
> runtime functions that are used for testing are automatically exposed to
> fuzzers, but can be manually opted out, which is still necessary for
> some functions for a number of reasons.
>
> This CL also makes a number of test functions fuzzer safe, as those are
> now exposed to fuzzers. There will likely be a few more functions that
> were missed and are not yet fully fuzzer-compatible. However, those
> should quickly be identified by our fuzzers, at which point they can
> either be made fuzzing-compatible or opted-out of fuzzing.
>
> Bug: 353685107
> Change-Id: Ibae038fee2926205bcbc91a8bcadcaec9a8242a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5720570


> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#95126}

Bug: 353685107
Change-Id: I09af6688122055a89a999d9c201d9bf0f718e558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5725914
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95140}

This reverts commit 59798082.

Reason for revert: Need to revert previous CL.

Original change's description:
> Don't expose %SerializeDeserializeNow() to fuzzers
>
> The runtime function is not currently fuzzing-safe and will frequently
> cause crashes if used by fuzzers.
>
> Bug: 353971258, 353685107
> Change-Id: I692bbd752fc86930e4ea014d2557247422b6ba9a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5725353


> Auto-Submit: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#95136}

Bug: 353971258, 353685107
Change-Id: I937dc0aac4e58790abbcc3baa31b2a3a77bc1271
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5725935
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#95139}

Port e8f70212

Original Commit Message:

    The CL introduces F16x8Splat, F16x8ExtractLane and F16x8ReplaceLane
    opcodes together with software implementation in Liftoff.

R=irezvov@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I3532d89122e4d67034398c609ce3c17bc46da037
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5725501


Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#95138}

The CL introduces F16x8Splat, F16x8ExtractLane and F16x8ReplaceLane
opcodes together with software implementation in Liftoff.

Bug: 337998764
Change-Id: I628d25feba492afe02d4f4d325e4aaf824a98d53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5722510


Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95137}

The runtime function is not currently fuzzing-safe and will frequently
cause crashes if used by fuzzers.

Bug: 353971258, 353685107
Change-Id: I692bbd752fc86930e4ea014d2557247422b6ba9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5725353


Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95136}

Based on the preceeding CL (https://crrev.com/c/5718231) we can greatly
simplify the LogCodesTask, relying on the CancellableTaskManager.
Instead of using a bunch of atomic values and pointers, we now update
all fields under the WasmEngine's mutex.

R=mliedtke@chromium.org

Bug: 42204620
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_dbg
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Change-Id: I13fabfbf3f388274030f72e36f7dad1b6b7b3d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5718451


Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95135}

Bug: chromium:42210561
Change-Id: I534d1f3b066fcba1c50671cfbda8c3fbd6c813d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5725552


Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95134}

They explicitly aren't Key*, but can be treated similarly.

Change-Id: Ib2c403425681a16014640bb3768cf60c85c4a287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724451


Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95133}

Followup CL on porting f2aaa9fd

Change-Id: I2f36c60e214d2583622e9ad828045acd2b822ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5717298


Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#95132}

This CL removes most of the overhead of the `ConsoleHelper` from the
implementation of `console.timeStamp()` by defering work to until it's
actually needed.

Bug: 350443026
Change-Id: I26a2bd3f246b24eaad349e213b17baeeed23fa6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724349


Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95131}

With this CL, FeedbackCells now own an entry in the JSDispatchTable.
The entry is not yet populated, but it is already managed by the GC. In
follow-up CLs, the entry handle will be populated to point to the
current code for the functions sharing the FeedbackCell.

Bug: 40931165, 42204201
Change-Id: I4f2cb6850b31ba7fc7af7460a3f8e9d5a0b9ed65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5677828


Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Olivier Flückiger <olivf@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95130}

This is a reland of commit 857c5502

All of the bugs that were found when fuzzing turboshaft-from-maglev
the 1st time have been fixed. Time for round 2!

Original change's description:
> [test] Add turboshaft-from-maglev to fuzzing experiments
>
> No-Try: true
> Bug: 42204525
> Change-Id: If7b5a42b2b5ba8b225cfea476e20210f44f11f85
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5679230


> Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#94858}

Bug: 42204525
Change-Id: I1243c8a1b0af21db9ade9447754b0d46e8d100a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724351


Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95129}

Bug: chromium:42204525
Change-Id: I3ae60b1a730a904bc23faab784a7dc8fe360bfb8
Fixed: chromium:350770683
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5713609


Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95128}

Bug: chromium:42210561
Change-Id: If3ae2b7abe391395474097d336cf4e131b330384
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5723348


Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95127}

Previously, we had an explicit allow-list of runtime functions for
fuzzing, and every function that should be available to fuzzers needed
to be added to that. This approach is somewhat fragile, however, as it
is easy to forget adding new functions to that list. With this CL, all
runtime functions that are used for testing are automatically exposed to
fuzzers, but can be manually opted out, which is still necessary for
some functions for a number of reasons.

This CL also makes a number of test functions fuzzer safe, as those are
now exposed to fuzzers. There will likely be a few more functions that
were missed and are not yet fully fuzzer-compatible. However, those
should quickly be identified by our fuzzers, at which point they can
either be made fuzzing-compatible or opted-out of fuzzing.

Bug: 353685107
Change-Id: Ibae038fee2926205bcbc91a8bcadcaec9a8242a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5720570


Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95126}

The regression test uncovers more issues, so skip if for now until they are also fixed.

Bug: 354103254, 354104317, 353980376
No-Try: true
No-Tree-Checks: true
Change-Id: I6275dba336838c9c1e5c0057e76c91adf06bdbf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724449


Reviewed-by: Eva Herencsárová <evih@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95125}

It leads to rare lock-order inversion problems if the foreground task
runner calls task destructors while holding the task runner's lock.
This currently happened when a new task was posted when the task runner
was already terminated. After normal execution we would only call the
destructor after releasing the lock anyway.

This CL ensures that the mutex is never held when calling a task
destructor.

R=mlippautz@chromium.org

Bug: 42204620
Change-Id: Ie895e5a605dff064bc5a4a90bdf1c7cdd4dc8cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5718231


Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95124}

This allows setting/storing fields in the same basic block
without copying the VO.

Bug: v8:7700
Change-Id: I9ef2d0e5de39a9fa235b8dc95b5144ef3cab75f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5701106


Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95123}

AnyUseMarkingProcessor iterates the graph forward, and can only remove
the node it's currently visiting. This means that if a node n1 is only
used in a node n2, which itself has no uses, then {n1} cannot be
removed when it's visited because it has a use. When visiting {n2},
{n2} is removed and the use-count of {n1} is set to 0 (or -1?), but
{n1} is not removed.

Note that in the regular Maglev pipeline, such unused nodes are
removed by LiveRangeAndNextUseProcessor, but this processor doesn't
run in the Turboshaft pipeline, which is how we ended up reaching this
DCHECK.

Bug: chromium:42204525
Change-Id: Id00950fafeb530e48198af93fa6d639b61ee4026
Fixed: chromium:351283984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5717696


Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95122}

Just a little cleanup before doing the actual change I want to do in the
next CL.
We have lots of "FooLocked()" methods in the code which assume that some
mutex is locked. In the case of the {DefaultForegroundTaskRunner} we
were passing a reference to the {MutexGuard} to those methods to further
enforce that the mutex is held by the caller.

This CL removes this and instead adds a DCHECK that the mutex cannot be
locked again in the caller.

Drive-by: Rename "lock_" to "mutex_".

R=mlippautz@chromium.org

Bug: 42204620
Change-Id: I3738db79d45875c975bd37398ef7e9052dc11896
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5717890


Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95121}

The handling of the `console.time*()` functions by the embedder is now
done through an alternative interface that passes `v8::String` directly
and thereby saves unnecessary copies of string bytes.

As of https://crrev.com/c/5721448 Chromium is migrated to the new
interface and Node.js never implemented the interface in the first
place, so we are good to remove the old interface now.

Bug: 350443026, 41433391
Change-Id: I53a6b371f85b2150beaef0a28fc18206fa07ff17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5724348


Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95120}

Port commit 06847fbb


Change-Id: I3fb708c7e3a55a02443484f743ffa1c4f3c3c31c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5716343


Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#95119}

Some methods were not allowlisted because in the past, they were
implemented as JS builtins and there were side-effects due to creating
an i18n cache object.

Some other methods were not allowlisted because they run regexps, which
can affect RegExp.$1 etc – that has since then been worked around.

For String.{match, matchAll, replace, replaceAll, split, search} we
invalidate the protector cell to avoid the fast path that inlines calls
to RegExp.prototype[Symbol.*].

Bug: 351769842
Change-Id: I2e5276b81d5b48488fc716d183a7ffa74a225604
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5720968


Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95118}

Port commit f2aaa9fd


Change-Id: I036cd6a7bd9f9c60a8248dcc3b2f4a8e05caa181
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5716342


Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#95117}

The Edge performance team requested this change as part of an
investigation into memory-related system calls.

Change-Id: Ia65a96149df3e5e3a427ff058dde260806ad28ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5667927


Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95116}

When a parameter for a fast API call gets converted from float64 or
float32 to int64 (see https://crrev.com/c/5710270 for an explanation),
the float value may be out of int64 range. In that case, an out-of-range
error should be thrown. This situation was ignored so far. With this CL,
an error gets thrown by doing a regular API call instead of a fast API
call, and let the regular call (actually the regular API call callback)
take care of the range check.

Bug: 41492790
Change-Id: I6c74d7fc97fa0d450fcc202db9ade2f555bec9df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5712993


Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#95115}

Rolling build: https://chromium.googlesource.com/chromium/src/build/+log/0e57d88..ad2f859

Rolling third_party/abseil-cpp: https://chromium.googlesource.com/chromium/src/third_party/abseil-cpp/+log/b7e091d..9d1552f

Roll created at https://cr-buildbucket.appspot.com/build/8742060549809517889

Change-Id: I835b83e597de47761dfb60d53403a7f71a55f491
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5722348
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#95114}