This avoids direct scope() accesses and allows us to redirect it over ScopeState.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2226243002
Cr-Commit-Position: refs/heads/master@{#38507}

Remove the useless information from the BinaryOperationHints and
CompareOperationHints, and cache the JS operators appropriately.

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2228983002
Cr-Commit-Position: refs/heads/master@{#38506}

Block scopes don't need any special treatment here (it's unclear
to me why they ever did). And the has_forced_context_allocation() check
seems, according to our tests, to only have been necessary for proper
handling of 'with' scopes. This patch instead uses the "is_used" bit
to keep track of variables that are accessed from within a with.

R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2220293003
Cr-Commit-Position: refs/heads/master@{#38505}

If a whole scope has forced context allocation, MustAllocateInContext()
already takes care of returning true for all variables, there's no need
to individually call ForceContextAllocation() on them.

R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2222843005
Cr-Commit-Position: refs/heads/master@{#38504}

Because in case of interceptors we will install a slow stub that suits only one case.

BUG=chromium:634467
TBR=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2219303002
Cr-Commit-Position: refs/heads/master@{#38503}

R=danno,jarin
BUG=

Review-Url: https://codereview.chromium.org/2226293002
Cr-Commit-Position: refs/heads/master@{#38502}

Drive-by fix: Use  CodeStubAssembler::LoadNativeContext()

BUG=chromium:608675

Review-Url: https://codereview.chromium.org/2227763003
Cr-Commit-Position: refs/heads/master@{#38501}

BUG=

Review-Url: https://codereview.chromium.org/2225683009
Cr-Commit-Position: refs/heads/master@{#38500}

We assumed we could use a do..while, but the requested amount of slots could've
been 0 and we already started at MIN_CONTEXT_SLOTS. In that case the loop
should've been skipped.

Review-Url: https://codereview.chromium.org/2227723003
Cr-Commit-Position: refs/heads/master@{#38499}

Implementation of serialization/deserialization for compiled wasm
module.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2205973003
Cr-Commit-Position: refs/heads/master@{#38498}

This reverts commit d9d719e7.
Original review: https://codereview.chromium.org/2180273002/

With additional fixes to repair performance regressions:
- check PropertyCell::kValueOffset, not Cell::kValueOffset
- convert HeapNumbers to int on the fly if possible

NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2227703003
Cr-Commit-Position: refs/heads/master@{#38497}

Drive-by-fix: mark isolates as const in stack-allocated scopes

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2220993003
Cr-Commit-Position: refs/heads/master@{#38496}

BUG=chromium:634900

Review-Url: https://codereview.chromium.org/2225363002
Cr-Commit-Position: refs/heads/master@{#38495}

R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2228853002
Cr-Commit-Position: refs/heads/master@{#38494}

BUG=

Review-Url: https://codereview.chromium.org/2225373002
Cr-Commit-Position: refs/heads/master@{#38493}

On the debug info, we have a list of existing break points.  When we
step in the debugger, we flood the function with one-shot break points.
Afterwards, we clear these one-shots by clearing all break locations.

Previously, while clearing break locations, we would skip ones that have
actual break points. Now we clear all break locations, and then reapply
break points. This is necessary for the next step, when we encode break
point info by source position, and not code offset. Encoding by code
offset would mean that break points are dependent on the code kind we
use.

R=jgruber@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2221333002
Cr-Commit-Position: refs/heads/master@{#38492}

When we compile a growing store in TurboFan, we don't pass a (native)
context to the %GrowArrayElements fallback function, as the whole logic
is actually context independent. However, that means that we need to
bailout early in case the object is a prototype, which requires context
dependent checks in the array protector code.

R=cbruni@chromium.org
BUG=chromium:635798

Review-Url: https://codereview.chromium.org/2224253003
Cr-Commit-Position: refs/heads/master@{#38491}

Revert of [heap] Enable black allocation when finalizing incremental marking. (patchset #1 id:1 of https://codereview.chromium.org/2224153003/ )

Reason for revert:
crashing on ToT

Original issue's description:
> [heap] Enable black allocation when finalizing incremental marking.
>
> BUG=chromium:630386
>
> Committed: https://crrev.com/bb4e028648a27a6958afc9b5040366b899cda50d
> Cr-Commit-Position: refs/heads/master@{#38487}

TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2223423003
Cr-Commit-Position: refs/heads/master@{#38490}

R=yangguo@chromium.org
TEST=cctest/test-serialize/CodeSerializerLargeCodeObject

Review-Url: https://codereview.chromium.org/2226233002
Cr-Commit-Position: refs/heads/master@{#38489}

Review-Url: https://codereview.chromium.org/2225033004
Cr-Commit-Position: refs/heads/master@{#38488}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2224153003
Cr-Commit-Position: refs/heads/master@{#38487}

R=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2227703002
Cr-Commit-Position: refs/heads/master@{#38486}

Such scopes don't use those lists.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2221003002
Cr-Commit-Position: refs/heads/master@{#38485}

We lowered JSConvertReceiver using JSToObject, w/o connecting the
JSToObject to the control chain (which is fine since that ToObject
cannot throw). But then the lowering of the JSToObject would insert
an IfSuccess, which is immediately dead, since it is not used. This
was fine in a sense that it didn't seem to crash anything, but we
now want to do more aggressive checking if IfSuccess/IfException
nodes and so we need to fix this sloppyness in the lowerings.

R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2228783003
Cr-Commit-Position: refs/heads/master@{#38484}

R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2227663002
Cr-Commit-Position: refs/heads/master@{#38483}

BUG=v8:5265

Review-Url: https://codereview.chromium.org/2218873002
Cr-Commit-Position: refs/heads/master@{#38482}

BUG=chromium:634900

Review-Url: https://codereview.chromium.org/2226023005
Cr-Commit-Position: refs/heads/master@{#38481}

Avoids the always generated Star bytecodes after ObjectLiteral.

BUG=v4:4820
LOG=n

Review-Url: https://codereview.chromium.org/2216023003
Cr-Commit-Position: refs/heads/master@{#38480}

Previously, we would output \x5c to escape a backslash, but this is
invalid JSON and it would crash Turbolizer. Use \u005c instead.

BUG=

Review-Url: https://codereview.chromium.org/2224913002
Cr-Commit-Position: refs/heads/master@{#38479}

Use common CodeStubAssembler routines for FixedArray-copying builtin.
Also cleanup a few shared pieces of code along the way.

BUG=chromium:608675

Review-Url: https://codereview.chromium.org/2220673002
Cr-Commit-Position: refs/heads/master@{#38478}

- Remove Declaration::initialization(), move logic into parser.
  The backends should only care about the actual initialization flag on the
  variable.
- Introduce DeclareVariable convenience function that covers most cases of
  variable declarations.

R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2223843002
Cr-Commit-Position: refs/heads/master@{#38477}

  port 6c44ab30 (r38399)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/2221323002
Cr-Commit-Position: refs/heads/master@{#38476}

These were the final remnants of error code written in JavaScript.

BUG=

Review-Url: https://codereview.chromium.org/2222893002
Cr-Commit-Position: refs/heads/master@{#38475}

BUG=chromium:635429

Review-Url: https://codereview.chromium.org/2228503004
Cr-Commit-Position: refs/heads/master@{#38474}

Revert of [KeyedLoadIC] Support Smi "handlers" for element loads (patchset #5 id:80001 of https://codereview.chromium.org/2180273002/ )

Reason for revert:
Times out webgl errors: https://bugs.chromium.org/p/chromium/issues/detail?id=635545

Original issue's description:
> [KeyedLoadIC] Support Smi "handlers" for element loads
>
> This is an experiment as far as performance is concerned. If Smi-configured
> element loading directly from the dispatcher stub is fast enough, then we
> can stop compiling LoadFastElementStubs (and drop the corresponding code).
>
> Committed: https://crrev.com/c9308147b341596de2733039223918a6202afa5f
> Cr-Commit-Position: refs/heads/master@{#38377}

BUG=chromium:635545
TBR=ishell@chromium.org,jkummerow@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/2222273003
Cr-Commit-Position: refs/heads/master@{#38473}

Sanitize the typing rules for the various supported Math builtins, and
add appropriate typing rules for various Number, String, Object and global
builtins as well.

R=franzih@chromium.org

Review-Url: https://codereview.chromium.org/2222053002
Cr-Commit-Position: refs/heads/master@{#38472}

BUG=chromium:634900

Review-Url: https://codereview.chromium.org/2223903002
Cr-Commit-Position: refs/heads/master@{#38471}

NOTRY=true
TBR=mstarzinger@chromium.org,bmeurer@chromium.org
BUG=v8:5276

Review-Url: https://codereview.chromium.org/2221313002
Cr-Commit-Position: refs/heads/master@{#38470}

Rolling v8/build to a348ac1d0bd4d6f42bf36f88904a52da2df9d899

Rolling v8/buildtools to 33a32b8aa2b7274d246fcf85ce8f762cf4291418

Rolling v8/tools/clang to 29b1d8ac90f12e64aa1604a14486f5ef383fe29e

Rolling v8/tools/mb to 7bf9c40acdef35ded30efc4b237d2d3946842126

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2223183003
Cr-Commit-Position: refs/heads/master@{#38469}

  port 6768456d (r38395)

  original commit message:
  The old code was using VariableMode, but that signal is both
  over-pessimistic (some CONST and LET variables need no hole-initialization)
  and inconsistent with other uses of the InitializationFlag enum (such
  as %LoadLookupSlot).

  This changes no observable behavior, but removes unnecessary hole
  initialization and hole checks in a few places, including
  block-scoped function declarations, super property lookups,
  and new.target.

BUG=

Review-Url: https://codereview.chromium.org/2223803002
Cr-Commit-Position: refs/heads/master@{#38468}