We cannot skip the @@hasInstance lookup in instanceof depending on a
global protector cell, as the lookup of the property is observable
via proxies or accessors. So remove the global protector and properly
implement CSA::InstanceOf via GetPropertyStub, with an appropriate
fast-path for Function.prototype[@@hasInstance] where we call the
builtin code object directly if the function matches, skipping all
the checks from the call sequence, and also avoid the redundant
ToBoolean conversion on the result.

R=yangguo@chromium.org
TBR=ulan@chromium.org
BUG=v8:5958

Review-Url: https://codereview.chromium.org/2684033012
Cr-Commit-Position: refs/heads/master@{#43137}

We need it to be a PropertyCell so that we can list it as a dependency for
optimised code.

Also drive-by clean up some variable names in src/isolate-inl.h.

BUG=v8:5895

Review-Url: https://codereview.chromium.org/2658573008
Cr-Commit-Position: refs/heads/master@{#42764}

We don't need to check for neutered array buffers unless at least one
JSArrayBuffer has been neutered (i.e. detached in TC39 speak). For this
we introduce a protector cell that get's invalidated on first call to
the JSArrayBuffer::Neuter() method.

R=jarin@chromium.org,ulan@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2504163002
Cr-Commit-Position: refs/heads/master@{#41021}

Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.

Only deals with the case where there is a single spread argument.

Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}

Adds a protector cell to prevent inlining (which will likely lead to deopt
loops) when a JSArrayIterator's array transitions from a fast JSArray to a
slow JSArray (such as, when the array is touched during iteration in a way
which triggers a map transition).

Also adds TODO comments relating to the spec update proposed by Dan at
https://github.com/tc39/ecma262/pull/724

BUG=v8:5388
R=bmeurer@chromium.org, mstarzinger@chromium.org
TBR=hpayer@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/2484003002
Cr-Commit-Position: refs/heads/master@{#40970}

This is essentially CL/2275293002, with the difference that the effect
dependencies are now updated correctly.

BUG=

Review-Url: https://codereview.chromium.org/2378773013
Cr-Commit-Position: refs/heads/master@{#39919}

Revert of [WASM] Implements catch for the wasm low level exception mechanism. (patchset #16 id:300001 of https://codereview.chromium.org/2275293002/ )

Reason for revert:
nosse4 errors:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/13524
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/11215

Original issue's description:
> [WASM] Implements catch for the wasm low level exception mechanism.
>
> BUG=
>
> Committed: https://crrev.com/93e5425c46453764779bd557628d61fae670027a
> Cr-Commit-Position: refs/heads/master@{#39881}

TBR=titzer@chromium.org,bradnelson@chromium.org,jpp@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2383613002
Cr-Commit-Position: refs/heads/master@{#39884}

BUG=

Review-Url: https://codereview.chromium.org/2275293002
Cr-Commit-Position: refs/heads/master@{#39881}

Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ )

Reason for revert:
Regresses API see go/v8-startup-api

Original issue's description:
> [api] Clean up scopes and precheck instantiations cache
>
> Make sure all the scopes used in api-natives.cc have inlineable constructors
> and destructors. Additionally directly precheck the instantiations cache before
> trying to enter the InvokeScope which sets the save_context.
>
> BUG=chromium:630217
>
> Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5
> Cr-Commit-Position: refs/heads/master@{#38346}

TBR=yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:630217, chromium:635912

Review-Url: https://codereview.chromium.org/2366903003
Cr-Commit-Position: refs/heads/master@{#39680}

Crankshaft just unconditionally deoptimizes the code when the length of
a string addition result would overflow. In order to protect against
deopt loops we insert a global protector cell.

We will use the same mechanism for inlining certain string additions
into TurboFan as well, and protecting against overflow (we will also
extend this to deal with String.prototype.concat and friends once we
get there).

BUG=v8:5404
R=jarin@chromium.org,hpayer@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_msan_rel

Committed: https://crrev.com/cb19257a926a55209a6d6858ce26d51a0447ba71
Review-Url: https://codereview.chromium.org/2348293002
Cr-Original-Commit-Position: refs/heads/master@{#39511}
Cr-Commit-Position: refs/heads/master@{#39525}

Revert of [crankshaft] Protect against deopt loops from string length overflows. (patchset #1 id:1 of https://codereview.chromium.org/2348293002/ )

Reason for revert:
Mean https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/10910

Original issue's description:
> [crankshaft] Protect against deopt loops from string length overflows.
>
> Crankshaft just unconditionally deoptimizes the code when the length of
> a string addition result would overflow. In order to protect against
> deopt loops we insert a global protector cell.
>
> We will use the same mechanism for inlining certain string additions
> into TurboFan as well, and protecting against overflow (we will also
> extend this to deal with String.prototype.concat and friends once we
> get there).
>
> BUG=v8:5404
> R=jarin@chromium.org,hpayer@chromium.org
>
> Committed: https://crrev.com/cb19257a926a55209a6d6858ce26d51a0447ba71
> Cr-Commit-Position: refs/heads/master@{#39511}

TBR=hpayer@chromium.org,jarin@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5404

Review-Url: https://codereview.chromium.org/2357433002
Cr-Commit-Position: refs/heads/master@{#39518}

Crankshaft just unconditionally deoptimizes the code when the length of
a string addition result would overflow. In order to protect against
deopt loops we insert a global protector cell.

We will use the same mechanism for inlining certain string additions
into TurboFan as well, and protecting against overflow (we will also
extend this to deal with String.prototype.concat and friends once we
get there).

BUG=v8:5404
R=jarin@chromium.org,hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2348293002
Cr-Commit-Position: refs/heads/master@{#39511}

Reland of [api] Clean up scopes and precheck instantiations cache (patchset #1 id:1 of https://codereview.chromium.org/2216903003/ )

Reason for revert:
asan failures are caused by a flaky stack-verflow (see https://codereview.chromium.org/2218033002 for a fix).

Original issue's description:
> Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ )
>
> Reason for revert:
> [Sheriff] Leads to mac asan failures:
> https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7835
>
> Original issue's description:
> > [api] Clean up scopes and precheck instantiations cache
> >
> > Make sure all the scopes used in api-natives.cc have inlineable constructors
> > and destructors. Additionally directly precheck the instantiations cache before
> > trying to enter the InvokeScope which sets the save_context.
> >
> > BUG=chromium:630217
> >
> > Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5
> > Cr-Commit-Position: refs/heads/master@{#38346}
>
> TBR=yangguo@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:630217
>
> Committed: https://crrev.com/e1b5cb43a9b90546ff5d6cea89ba17c485e842fb
> Cr-Commit-Position: refs/heads/master@{#38356}

TBR=yangguo@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2217353002
Cr-Commit-Position: refs/heads/master@{#38401}

Revert of [api] Clean up scopes and precheck instantiations cache (patchset #3 id:40001 of https://codereview.chromium.org/2206773003/ )

Reason for revert:
[Sheriff] Leads to mac asan failures:
https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7835

Original issue's description:
> [api] Clean up scopes and precheck instantiations cache
>
> Make sure all the scopes used in api-natives.cc have inlineable constructors
> and destructors. Additionally directly precheck the instantiations cache before
> trying to enter the InvokeScope which sets the save_context.
>
> BUG=chromium:630217
>
> Committed: https://crrev.com/a2496b942cad524f0f3144b107936eaa9a7c9fd5
> Cr-Commit-Position: refs/heads/master@{#38346}

TBR=yangguo@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2216903003
Cr-Commit-Position: refs/heads/master@{#38356}

Make sure all the scopes used in api-natives.cc have inlineable constructors
and destructors. Additionally directly precheck the instantiations cache before
trying to enter the InvokeScope which sets the save_context.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2206773003
Cr-Commit-Position: refs/heads/master@{#38346}

The showed up unnaturally high while profiling DOM node creation.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2181323002
Cr-Commit-Position: refs/heads/master@{#38068}

Flags removed (all begin with "harmony-"):
  function-name
  instanceof
  iterator-close
  unicode-regexps
  regexp-exec
  regexp-subclass
  species

BUG=v8:3566, v8:3648, v8:3699, v8:4093, v8:4447, v8:4602

Review-Url: https://codereview.chromium.org/2096933002
Cr-Commit-Position: refs/heads/master@{#37235}

Reland of place all remaining Oddball checks with new function (patchset #1 id:1 of https://codereview.chromium.org/2060213002/ )

Reason for revert:
Cannot reproduce gc-stress failures locally.

Original issue's description:
> Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ )
>
> Reason for revert:
> failing tests
>
> Original issue's description:
> > Replace all remaining Oddball checks with new function
> >
> > This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> > The new method all take the isolate as parameter.
> >
> > BUG=
> >
> > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> > Cr-Commit-Position: refs/heads/master@{#36921}
>
> TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/33b8bc24a12fb062100c0be84456faeb0b9fa5d1
> Cr-Commit-Position: refs/heads/master@{#36923}

TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2059173002
Cr-Commit-Position: refs/heads/master@{#36957}

Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ )

Reason for revert:
failing tests

Original issue's description:
> Replace all remaining Oddball checks with new function
>
> This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> The new method all take the isolate as parameter.
>
> BUG=
>
> Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> Cr-Commit-Position: refs/heads/master@{#36921}

TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2060213002
Cr-Commit-Position: refs/heads/master@{#36923}

This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
The new method all take the isolate as parameter.

BUG=

Review-Url: https://codereview.chromium.org/2043183003
Cr-Commit-Position: refs/heads/master@{#36921}

Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.

BUG=

Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}

This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.

R=ishell@chromium.org
TBR=hpayer@chromium.org,rossberg@chromium.org
BUG=chromium:597249, v8:4447
LOG=n

Review-Url: https://codereview.chromium.org/1980483003
Cr-Commit-Position: refs/heads/master@{#36275}

Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
set on the Array.prototype or Object.prototype the current fast paths fail.
This CL adds a fix to globally invalidate a isConcatSpreadable_protector.

Drive-by-fix: use named accessors for context variables

LOG=N
BUG=chromium:542504, v8:903

Review-Url: https://codereview.chromium.org/1409123003
Cr-Commit-Position: refs/heads/master@{#36201}

- Inline reads to the species protector
- Put V8_LIKELY/V8_UNLIKELY to guide Array.prototype.{slice,splice,concat}
  to the fast paths
- Put the Array species good path checks directly in
  Array.prototype.concat to avoid a couple reads of the array constructor
  from the native context

These changes together bring a ~4-6% win on
kraken-orig/stanford-crypto-pbkdf2-orig which more than makes up from
the performance degradation from a recent other species-related change.

BUG=chromium:609739
R=cbruni@chromium.org
LOG=Y

Review-Url: https://codereview.chromium.org/1958713003
Cr-Commit-Position: refs/heads/master@{#36121}

Reland of Remove more dead code after Object.observe removal (patchset #1 id:1 of https://codereview.chromium.org/1929293002/ )

This moves __{define,lookup}{Getter,Setter}__ to builtins.cc.

Compared to the first attempt, this patch now preserves non-spec-compliant legacy behavior and does not throw on failure.

Original review: https://codereview.chromium.org/1904313004

Review-Url: https://codereview.chromium.org/1932163002
Cr-Commit-Position: refs/heads/master@{#35899}

Revert of Remove more dead code after Object.observe removal (patchset #5 id:80001 of https://codereview.chromium.org/1904313004/ )

Reason for revert:
[Sheriff] Looks like this breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/6442

Original issue's description:
> Remove more dead code after Object.observe removal
>
> This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.

TBR=verwaest@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/1929293002
Cr-Commit-Position: refs/heads/master@{#35886}

This moves __{define,lookup}{Getter,Setter}__ to builtins.cc to free up the JavaScript implementation of DefineOwnProperty for deletion.

Review-Url: https://codereview.chromium.org/1904313004
Cr-Commit-Position: refs/heads/master@{#35876}

Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.

This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.

Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=yangguo@chromium.org,mstarzinger@chromium.org

Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
Cr-Commit-Position: refs/heads/master@{#32375}

Review URL: https://codereview.chromium.org/1480003002

Cr-Commit-Position: refs/heads/master@{#32381}

Revert of [runtime] Replace global object link with native context link in all contexts. (patchset #3 id:40001 of https://codereview.chromium.org/1480003002/ )

Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5472

Original issue's description:
> [runtime] Replace global object link with native context link in all contexts.
>
> Previously all contexts had a link to the global object, but what is
> required in most cases (except for the global load, store and delete
> case) is the native context.
>
> This also removes the second dummy global object that was still linked
> to every native context. We will add a different mechanism to ensure
> that builtins do not pollute the actual global object during
> bootstrapping.
>
> Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
> Cr-Commit-Position: refs/heads/master@{#32375}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1478303002

Cr-Commit-Position: refs/heads/master@{#32377}

Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.

This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.

Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1480003002

Cr-Commit-Position: refs/heads/master@{#32375}

R=jkummerow@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1406113007

Cr-Commit-Position: refs/heads/master@{#31714}

This CL us a pure refactoring that makes an empty compilation unit
including just "isolate.h" or "contexts.h" but not "objects-inl.h"
compile without warnings or errors. This is needed to further reduce
the header dependency tangle.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1322883002

Cr-Commit-Position: refs/heads/master@{#30500}

Baby steps towards saner #includes...

Review URL: https://codereview.chromium.org/1051393003

Cr-Commit-Position: refs/heads/master@{#27958}

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/804713006

Cr-Commit-Position: refs/heads/master@{#26145}

Also split v8-core independent methods from checks.h to base/logging.h and
merge v8checks with the rest of checks.

The CPU::FlushICache method is moved to CpuFeatures::FlushICache

RoundUp and related methods are moved to base/macros.h

Remove all layering violations from src/libplatform

BUG=none
R=jkummerow@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/358363002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22092 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

This will allow for using the RNG from platform files without depending on
isolates.

BUG=none
R=bmeurer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/333053002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21879 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

- this avoids using relative include paths which are forbidden by the style guide
- makes the code more readable since it's clear which header is meant
- allows for starting to use checkdeps

BUG=none
R=jkummerow@chromium.org, danno@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/304153016

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/261253005

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

There is no point doing it lazily, since compiling and executing the tiniest piece of code triggers lazy init.
Also removed some dead code.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/265593004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21135 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/259183002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21035 ce2b1a6d-e550-0410-aec6-3dcde31c8c00