Both methods decoded a LEB128 encoded integer, but only consume_leb
incremented the pc pointer accordingly.
This CL implements consume_leb by using checked_read_leb.

It also refactors a few things:
1) It removes error_pt, which was only avaible in checked_read_leb.
2) It renames the error method to errorf, since it receives a format
   string. This also avoids a name clash.
3) It implements sign extension directly in checked_read_leb instead of
   doing this in the caller.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I8058f57418493861e5df26d4949041f6766d5138
Reviewed-on: https://chromium-review.googlesource.com/467150
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44405}

This reverts commit 4bca9dc7.

Reason for revert: Breaks mips builder:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/8600

Original change's description:
> [compiler-dispatcher] Use an integer job id.
> 
> It enables jobs without a SharedFunctionInfo.
> 
> BUG=v8:6093
> 
> Change-Id: Icc5f01512c270a55349087d418b6be82ad5c6cb4
> Reviewed-on: https://chromium-review.googlesource.com/467148
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44402}

TBR=rmcilroy@chromium.org,marja@chromium.org,jochen@chromium.org,rmcilroy@google.com,wiktorg@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6093

Change-Id: Ie8d26f4e2d42f67a1cfa91269e80e407ed3f0799
Reviewed-on: https://chromium-review.googlesource.com/468887Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44404}

Bug: v8:6154
NOTRY=true
TBR=yangguo@chromium.org

Change-Id: I7acb31abd5571261740fd95eeb58f104c26b192e
Reviewed-on: https://chromium-review.googlesource.com/468807Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44403}

It enables jobs without a SharedFunctionInfo.

BUG=v8:6093

Change-Id: Icc5f01512c270a55349087d418b6be82ad5c6cb4
Reviewed-on: https://chromium-review.googlesource.com/467148
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44402}

Bug: chromium:706763
Change-Id: Iac91fa538ed61d1c47509f990ee9426b0b3bdc1d
Reviewed-on: https://chromium-review.googlesource.com/467147Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44401}

Broken by https://chromium-review.googlesource.com/c/467486/

R=vogelheim@chromium.org

Bug:

Change-Id: Id4353f880f80b48f61a6be1773ebfed16a25e85a
Reviewed-on: https://chromium-review.googlesource.com/468806Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44400}

Bug: v8:6154
NOTRY=true

Change-Id: I7f18efaf2f86b9dfa43f249d817777f19ee29c9b
Reviewed-on: https://chromium-review.googlesource.com/467427Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44399}

This reverts commit eddf90c4.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2792063004
Cr-Commit-Position: refs/heads/master@{#44398}

Bug: v8:6154
NOTRY=true
TBR=yangguo@chromium.org

Change-Id: I29e8fd8e12c43478086a35a28249f5f66cd30b6b
Reviewed-on: https://chromium-review.googlesource.com/467429Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44397}

IdentifierStart::Is and IdentifierContinue::Is both return true for '\'.
The reason for this is lost to history.

Special-case '\' in the regexp parser to handle this.

BUG=v8:5437,v8:5868

Review-Url: https://codereview.chromium.org/2795093003
Cr-Commit-Position: refs/heads/master@{#44396}

Better demarcation between what's mutable because it is code-
specialization specific, and what is provided at initialization.

BUG=

Review-Url: https://codereview.chromium.org/2784233004
Cr-Commit-Position: refs/heads/master@{#44395}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/58260ed..a312720

Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/7726dac..b3c4635

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/61065eb..05d5695

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I294769d63e0b53b73260ce824a5a9a4e59728fcb
Reviewed-on: https://chromium-review.googlesource.com/468587Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44394}

Remove destructuring assignments (parsed during arrow function formal
parameters) from queue for rewriting if parsing a lazy top-level arrow function.

Built ontop of https://chromium-review.googlesource.com/c/464769/

BUG=chromium:706234, chromium:706761, v8:6182
R=marja@chromium.org, adamk@chromium.org, vogelheim@chromium.org

Change-Id: Ib35196b907350d1d78e4c3fcbf4cc971bf200948
Reviewed-on: https://chromium-review.googlesource.com/465415
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44393}

R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com

Review-Url: https://codereview.chromium.org/2795803003
Cr-Commit-Position: refs/heads/master@{#44392}

This enables clients like IndexedDB to know when the data format version has
decreased (i.e. the user has switched to an earlier version) and deal with the
resulting incompatibility up front.

BUG=chromium:704293

Review-Url: https://codereview.chromium.org/2772723005
Cr-Commit-Position: refs/heads/master@{#44391}

Bug: v8:6186
Change-Id: If460313ee861f826a89bc7390a5e35d43d175622
Reviewed-on: https://chromium-review.googlesource.com/466549Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44390}

Also rename "Discard" for clarity.

Bug: v8:6092
Change-Id: I8c299ded920e794418e0619b6958fbef35dfda4e
Reviewed-on: https://chromium-review.googlesource.com/466591Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44389}

After discussion with Chrome reviewers for UMA, it was decided that we
would report array buffer allocation sizes in megabytes (not the log).

They also wanted to wait until there is proof that small array buffer
allocations would flood the histogram. Hence, all allocation sizes are
sampled.

There were several ways we could have added the notion of megabyte
samples to V8 code. None of them are a great fit.  This code simply
provides a local function within the code that needs it.

Other possible solutions but rejected were:

a) Use a subclass of histogram to collect data at the megabyte level.
   It has it's own Add() method that converts the size from bytes to
   megabytes, and then call the generic add method AddSample(). This
   solution appears to follow the conventions of subclasses of class
   Histogram.

b) Use Chrome macros - Rejected because it involves changing the
   counter representation of V8.

c) Add a method AddMegabyteSample() to base class Histogram. Rejected
   because it may get confusing if a lot of different measures are
   added the the base class of histograms.

d) Make method AddSample() virtual and override in the derived
   class. Rejected in that sampling is supposed to be fast, and adding
   a virtual call may be breaking that contract.

d) Do not add a derived class. Rather just do the conversions at the
   call sites. Rejected because this duplicates code, and also makes
   it hard to change assumptions on how to calculate.

For Chromes UMA changes see:

CL: https://codereview.chromium.org/2795463002

BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2795763002
Cr-Commit-Position: refs/heads/master@{#44388}

This reflects both the contract in blink, as well as what we
plan to do in streamed compilation, where we'll want to lay out
bytes received such that each section and each function body is
contiguous, but they may all be separate - which entails a copy.

BUG=chromium:697028

Review-Url: https://codereview.chromium.org/2797653002
Cr-Commit-Position: refs/heads/master@{#44387}

This reverts commit c766727a.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2793323002
Cr-Commit-Position: refs/heads/master@{#44386}

The past re-factoring inadvertently increased memory consumption for
AstConsString. This implements a micro-optimization to revert and slightly
improve beyond the original state.

Example, Zone size for parsing closure.js:
  - 20,999,848 B (before refactoring)
  - 21,651,056 B (after refactoring patch; 3.1% regression)
  - 20,641,320 B (after this CL; 1.7% improvement over original)

(Reason: ZoneLinkedList requires 4 pointers to support
the std::list functionality (Zone*, head/tail ptr, payload ptr).
But since we only append and iterate in order and have the Zone*
available in the context, a super simple linked list (value + next ptr)
saves a bit of memory, especially for the common case of having 0 or 1
string segments.)

BUG=v8:6902, chromium:706935

Review-Url: https://codereview.chromium.org/2792353002
Cr-Commit-Position: refs/heads/master@{#44385}

When emitting a frame, we always push the old frame pointer at offset 0 relative
to the new frame pointer. However, we didn't emit DWARF opcodes to inform perf
of this.

BUG=

Review-Url: https://codereview.chromium.org/2795253002
Cr-Commit-Position: refs/heads/master@{#44384}

Revert of [heap] Fix CompactionSpace test and move to unittests (patchset #3 id:40001 of https://codereview.chromium.org/2796033002/ )

Reason for revert:
Breaks
https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20shared/builds/17291

Original issue's description:
> [heap] Fix CompactionSpace test and move to unittests
>
> BUG=chromium:651354
>
> Review-Url: https://codereview.chromium.org/2796033002
> Cr-Commit-Position: refs/heads/master@{#44382}
> Committed: https://chromium.googlesource.com/v8/v8/+/ce9a2db1e13131245d8adc2757b9d9202ba568e0

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2793033004
Cr-Commit-Position: refs/heads/master@{#44383}

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2796033002
Cr-Commit-Position: refs/heads/master@{#44382}

This reverts 1c1edda7. I can't reproduce
the flakes locally anymore, let's see if this sticks.

BUG=v8:5619

Review-Url: https://codereview.chromium.org/2796053002
Cr-Commit-Position: refs/heads/master@{#44381}

Bug: v8:5193
NOTRY=true
TBR=hablich@chromium.org

Change-Id: I54861956c1a7b3c3e5048946618ea98fbe0a7066
Reviewed-on: https://chromium-review.googlesource.com/467246Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44380}

This removes kDeoptTableSerializeEntryCount heuristic constant.

Review-Url: https://codereview.chromium.org/2790573002
Cr-Commit-Position: refs/heads/master@{#44379}

The unwinding information we emit wrongly encodes code locations as relative
offsets. If we look at the .eh_frame section of shared object generated by "perf
inject" using "objdump -g":

~~~
00000000 0000000000000018 00000000 CIE
(snip)
0000001c 0000000000000028 00000020 FDE cie=00000000 pc=fffffffffffffee8..00000000000017f8
(snip)
00000048 ZERO terminator
~~~

We can see the range that the FDE entry covers is incorrect, it should point to
where the .text section is, at address 0x40 on a 64-bit architecture.

The reason for this was that the PerfJitLogger logs a code size that is
different from the one we've used when encoding the unwinding information. The
logger will ignore the safepoint table while the unwinding info assumes it is
part of the code.

BUG=

Review-Url: https://codereview.chromium.org/2790403002
Cr-Commit-Position: refs/heads/master@{#44378}

Revert of [heap] Refactor evacuation verifier (patchset #1 id:1 of https://codereview.chromium.org/2790373002/ )

Reason for revert:
Speculative revert. Breaks https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/16112 and seems to lead to flakes.

Original issue's description:
> [heap] Refactor evacuation verifier
>
> BUG=chromium:651354
>
> Review-Url: https://codereview.chromium.org/2790373002
> Cr-Commit-Position: refs/heads/master@{#44375}
> Committed: https://chromium.googlesource.com/v8/v8/+/396f1e242184b936c61dda7a14d1306d43b1863c

TBR=ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2795903004
Cr-Commit-Position: refs/heads/master@{#44377}

This makes it easier to match VariableProxys against variables in
Scopes (allocation-based prints such as local[0] or context[0] are not
unique).

R=vogelheim@chromium.org

Bug:

Change-Id: I8f86504f5e1657633286561e032805a8f6cff06e
Reviewed-on: https://chromium-review.googlesource.com/467486
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44376}

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2790373002
Cr-Commit-Position: refs/heads/master@{#44375}

Support arbitrary arguments in %ArrayBufferNeuter without aborting for
future exposure in ClusterFuzz.

Change-Id: I3053a2139af215c9d417356bdeeda58d594d16aa
Reviewed-on: https://chromium-review.googlesource.com/465830Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44374}

Update according to new spec change at
https://github.com/tc39/ecma262/pull/856

- Call ToNumber only once in BUILTIN
- Remove unused FillNumberSlowPath
- FillImpl assumes obj_value->IsNumber() is true
- Update test

Bug:v8:5929,chromium:702902

Change-Id: Ic83e6754d043582955b81c76e68f95e1c6b7e901
Reviewed-on: https://chromium-review.googlesource.com/465646Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44373}

Getting elements, querying length or copying elements
are now const functions.

Drive-by fix: Noticed a few more getters that should be const.
Add a comment to ArrayList functions that are static functions. 
BUG=

Change-Id: I5de1aed97510dea4e47cb974b3259da51ae663af
Reviewed-on: https://chromium-review.googlesource.com/467249Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44372}

Broke after:
https://codereview.chromium.org/2757593002

NOTRY=true
TBR=yangguo@chromium.org
BUG=v8:6091

Change-Id: Id06860ad6519966a31d768ec9608b48786397e8f
Reviewed-on: https://chromium-review.googlesource.com/467209Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44371}

BUG=

Change-Id: Ia02787bef5fcd38397977d0ba2298d216f25f0df
Reviewed-on: https://chromium-review.googlesource.com/467386
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44370}

BUG=v8:5402
R=mstarzinger@chromium.org

Change-Id: Ib53721867e0978b6f4f127883ae1b72145adb6e8
Reviewed-on: https://chromium-review.googlesource.com/461863Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44369}

Make sure that we call the destructors on all embedded object by
replacing the WasmInterpreterInternals::Delete method by an actual
destructor. This way, the compiler automatically calls destructors on
all embedded objects, in particular the IdentityMap in the CodeMap.

This change also requires to release managed objects *before*
tearing down the heap, because the wasm interpreter, referenced via
Managed<>, contains global handles. When those are destroyed, the
isolate still needs to be intact.

Drive-by: Fix include guard in managed.h.

R=ahaas@chromium.org, ulan@chromium.org, mvstanton@chromium.org
BUG=v8:5822

Change-Id: I9a067f037e013c84e4d697a1e913b27c683bb529
Reviewed-on: https://chromium-review.googlesource.com/466187Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44368}

This makes temporary variables nestable and fixes borked nesting with
function table calls by introducing a {TemporaryVariableScope} helper.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-6196
BUG=v8:6196

Change-Id: Ie760f27ce9ede3d4d5dacdebdc295c56cc666970
Reviewed-on: https://chromium-review.googlesource.com/467327
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44367}

Fix ff8b1abb

This fixes the problem with the alignment of typed arrays in turbofan. Namely,
Float64 typed arrays weren't properly aligned on 32bit architectures,
and this causes crashes on those architectures that do not support misaligned
memory access.

TEST=mjsunit/es6/typedarray-*
BUG=v8:6075

Review-Url: https://codereview.chromium.org/2784253002
Cr-Commit-Position: refs/heads/master@{#44366}