Also clean up the access check, which was doing too much.

This is in preparation of implementing Reflect.getPrototypeOf.

BUG=

Review URL: https://codereview.chromium.org/1402973002

Cr-Commit-Position: refs/heads/master@{#31434}

This is in preparation of implementing Reflect.setPrototypeOf.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1409003005

Cr-Commit-Position: refs/heads/master@{#31432}

Ignore proxies for now.

R=rossberg
BUG=v8:3931
LOG=n

Review URL: https://codereview.chromium.org/1397853005

Cr-Commit-Position: refs/heads/master@{#31431}

Separately collect element keys from property keys to avoid slow
corner-cases. Partly deal with keys generated by Proxies.

BUG=chromium:536790
LOG=N

Review URL: https://codereview.chromium.org/1397063002

Cr-Commit-Position: refs/heads/master@{#31378}

R=rossberg@chromium.org
BUG=chromium:451967
LOG=N

Review URL: https://codereview.chromium.org/1404783002

Cr-Commit-Position: refs/heads/master@{#31296}

This adds a bit of boilerplate to some AstVisitors (they now have to
declare their own zone_ member and zone() accessor), but makes it clearer
what DEFINE_AST_VISITOR_SUBCLASS_MEMBERS is for: stack limit checking.

Review URL: https://codereview.chromium.org/1394303008

Cr-Commit-Position: refs/heads/master@{#31287}

Not used yet, so this CL shouldn't change behavior.

Review URL: https://codereview.chromium.org/1368753003

Cr-Commit-Position: refs/heads/master@{#31241}

The flag for deactivating break points also affects stepping, since both
are implemented via debug break slots. Fixing this by introducing a new
flag solely responsible for deactivating actual break points.

R=mvstanton@chromium.org
BUG=chromium:119800
LOG=N

Review URL: https://codereview.chromium.org/1402913002

Cr-Commit-Position: refs/heads/master@{#31236}

R=jkummerow@chromium.org
BUG=chromium:528379
LOG=N

Review URL: https://codereview.chromium.org/1404613002

Cr-Commit-Position: refs/heads/master@{#31233}

Adds function literal support and add support for OTHER_CALLS which can be
made when calling a function literal.

Adds the CreateClosure bytecode.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1396693003

Cr-Commit-Position: refs/heads/master@{#31231}

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1406493002

Cr-Commit-Position: refs/heads/master@{#31226}

Revert of Don't compile functions in a context the caller doesn't have access to (patchset #1 id:1 of https://codereview.chromium.org/1393713006/ )

Reason for revert:
[Sheriff] Breaks layout tests. Please add needsmanualrebaseline upstream first if intended. E.g.:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/2263

(one of them is a timeout that only happens with this commit)

Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead, just return undefined.
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> Based on https://codereview.chromium.org/294073002 but taking access
> check callbacks into account
>
> BUG=chromium:541703
> R=verwaest@chromium.org
> LOG=y
>
> Committed: https://crrev.com/9a5e2f512c4aa90563eb575605c2a8c2a92ac9f4
> Cr-Commit-Position: refs/heads/master@{#31208}

TBR=verwaest@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:541703

Review URL: https://codereview.chromium.org/1395583004

Cr-Commit-Position: refs/heads/master@{#31212}

Previously, name conflicts between var and let declarations were only
made into exceptions if they were visible at parse-time. This patch adds
runtime checks so that sloppy-mode direct eval can't introduce conflicting
var declarations. The change is implemented by traversing the scope chain
when a direct eval introduces a var declaration to look for conflicting
let declarations, up to the function boundary.

BUG=v8:4454
R=adamk
LOG=Y

Review URL: https://codereview.chromium.org/1382513003

Cr-Commit-Position: refs/heads/master@{#31211}

Instead, just return undefined.

A side effect of this is that it's no longer possible to compile
functions in a detached context.

Based on https://codereview.chromium.org/294073002 but taking access
check callbacks into account

BUG=chromium:541703
R=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1393713006

Cr-Commit-Position: refs/heads/master@{#31208}

Now emits `Array buffer allocation failed` instead of
`Invalid array buffer length`.

Review URL: https://codereview.chromium.org/1393263003

Cr-Commit-Position: refs/heads/master@{#31200}

This will allow for probing access from any context to any receiver in a
future CL.

BUG=none
R=jkummerow@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1398093002

Cr-Commit-Position: refs/heads/master@{#31196}

BUG=

Review URL: https://codereview.chromium.org/1393833002

Cr-Commit-Position: refs/heads/master@{#31136}

Revert of [heap] Prepare code for smaller large object allocation limit than max allocatable memory. (patchset #10 id:180001 of https://codereview.chromium.org/1361853005/ )

Reason for revert:
[Sheriff] Need to revert for reverting https://codereview.chromium.org/1358703003/

Original issue's description:
> [heap] Prepare heap for smaller large object allocation limit than max allocatable memory.
>
> BUG=chromium:524425
> LOG=n
>
> Committed: https://crrev.com/c2bce747993c445daf78975392e587bff20c6677
> Cr-Commit-Position: refs/heads/master@{#31107}

TBR=mlippautz@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1376413005

Cr-Commit-Position: refs/heads/master@{#31129}

Implementations and tests for typeof, void, and logical not.

Add missing string type to Object::TypeOf.

BUG=v8:4280
LOG=NO

Review URL: https://codereview.chromium.org/1390483002

Cr-Commit-Position: refs/heads/master@{#31124}

BUG=chromium:524425
LOG=n

Review URL: https://codereview.chromium.org/1361853005

Cr-Commit-Position: refs/heads/master@{#31107}

BUG=v8:2764
LOG=N
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1378323003

Cr-Commit-Position: refs/heads/master@{#31099}

Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.

Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1362383002

Cr-Commit-Position: refs/heads/master@{#31089}

Properly share both the constructor and the non-constructor maps
for bound functions. Previously we had only the non-constructor
map shared on the native context, and we had to create a new map
for every bound function whose [[BoundTargetFunction]] is a
constructor (in the ES6 sense).

This should repair the most recent regression on Speedometer.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=chromium:536114,chromium:535408,v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1379323002

Cr-Commit-Position: refs/heads/master@{#31086}

Revert of [Interpreter] Add CallRuntime support to the interpreter. (patchset #8 id:220001 of https://codereview.chromium.org/1362383002/ )

Reason for revert:
Now breaking arm32 debug bot (worked locally even with --debug-code, so I'll need to figure out what's different on the bot)

Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>

TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280

Review URL: https://codereview.chromium.org/1379933003

Cr-Commit-Position: refs/heads/master@{#31078}

Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.

Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.

BUG=v8:4280
LOG=N

Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
Cr-Commit-Position: refs/heads/master@{#31064}

Review URL: https://codereview.chromium.org/1362383002

Cr-Commit-Position: refs/heads/master@{#31076}

Revert of [Interpreter] Add CallRuntime support to the interpreter. (patchset #6 id:180001 of https://codereview.chromium.org/1362383002/ )

Reason for revert:
Broke Arm64 bot (CEntry stub is trying to pop arguments off stack when argv_in_reg, so I need to fix this).

Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
> Cr-Commit-Position: refs/heads/master@{#31064}

TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280

Review URL: https://codereview.chromium.org/1387543002

Cr-Commit-Position: refs/heads/master@{#31066}

Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.

Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1362383002

Cr-Commit-Position: refs/heads/master@{#31064}

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1378343002

Cr-Commit-Position: refs/heads/master@{#31055}

Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.

Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).

Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1384443002

Cr-Commit-Position: refs/heads/master@{#31054}

We need to do other things with this bindings object, like store a feedback vector. Therefore, it's a good time to wrap it up in a helper class.

BUG=

Review URL: https://codereview.chromium.org/1369293003

Cr-Commit-Position: refs/heads/master@{#31044}

No users of that functionality yet, those will come separately.

Review URL: https://codereview.chromium.org/1375003002

Cr-Commit-Position: refs/heads/master@{#31024}

Continuing unification of properties/elements handling, the new
LookupIterator::PropertyOrElement(..., Handle<Object> key, ...) takes
any Object and does the required ToPrimitive/ToName/ToArrayIndex
conversions on it.

Review URL: https://codereview.chromium.org/1375943002

Cr-Commit-Position: refs/heads/master@{#31023}

This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1371083003

Cr-Commit-Position: refs/heads/master@{#31019}

The LiteralsArray will soon hold a type feedback vector. Code treats it as an
ordinary fixed array, and needs to stop that.

BUG=

Review URL: https://codereview.chromium.org/1374723002

Cr-Commit-Position: refs/heads/master@{#31000}

This is mostly removing dead code and also dropping MUST_USE_RESULT
annotations from methods that cannot throw an exception anyways.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1370153002

Cr-Commit-Position: refs/heads/master@{#30995}

This adds ES6 compliant Object::ToInteger, Object::ToInt32,
Object::ToUint32 and Object::ToLength, and replaces the old
Execution wrappers of those abstract operations (which were
not using the correct ToPrimitive).

This also introduces proper %ToInteger and %ToLength runtime
entries, with a fast path %_ToInteger supported in fullcodegen
and Crankshaft (for now). Internal JavaScript code should use
TO_INTEGER and TO_LENGTH respectively.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1378533002

Cr-Commit-Position: refs/heads/master@{#30993}

Drive-by: remove unnecessary includes.

Review URL: https://codereview.chromium.org/1356223004

Cr-Commit-Position: refs/heads/master@{#30987}

The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1369123002

Cr-Commit-Position: refs/heads/master@{#30983}

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1365803004

Cr-Commit-Position: refs/heads/master@{#30963}

The actual Function.prototype.toMethod was removed some time already,
but there were some stuff (esp. %ToMethod) left in the tree, including
tests for %ToMethod.  This code (and esp. the tests) cause trouble in
the process of moving bound functions away from JSFunction; so since
the code is unused anyway, we can as well remove it.

The original removal of Function.prototype.toMethod was in February
2015 in 68e48975.

R=jarin@chromium.org
BUG=v8:3330
LOG=n

Review URL: https://codereview.chromium.org/1366063002

Cr-Commit-Position: refs/heads/master@{#30925}