R=adamk@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2367403003
Cr-Commit-Position: refs/heads/master@{#39740}

R=adamk@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2369133002
Cr-Commit-Position: refs/heads/master@{#39739}

This allows the CreateExport/ResolveExport methods to be private to Module.

R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2368393002
Cr-Commit-Position: refs/heads/master@{#39738}

Revert of [stubs] Port SubStringStub to TurboFan (patchset #8 id:140001 of https://codereview.chromium.org/2355793003/ )

Reason for revert:
Speculative revert because of stability problems

Original issue's description:
> [stubs] Port SubStringStub to TurboFan
>
> This ports the platform-specific SubStringStub to TurboFan.
>
> It also contains a minor bug-fix for the case when the requested substring
> length equals the subject string length, but the start index is not equal to 0.
> The old stub implementation returned the subject string, while the new
> implementation calls into runtime, which finally results in a thrown exception.
>
> BUG=v8:5415
>
> Committed: https://crrev.com/49be31921536716706a6790fbbf9c346b975af16
> Cr-Commit-Position: refs/heads/master@{#39653}

TBR=ishell@chromium.org,bmeurer@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5415, chromium:649967
NOPRESUBMIT=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2365413002
Cr-Commit-Position: refs/heads/master@{#39737}

Revert of [compiler] Properly guard the speculative optimizations for instanceof. (patchset #3 id:40001 of https://codereview.chromium.org/2370693002/ )

Reason for revert:
Tanks EarleyBoyer.

Original issue's description:
> [compiler] Properly guard the speculative optimizations for instanceof.
>
> Add a general feedback slot for instanceof similar to what we already have
> for for-in, which basically has a fast (indicated by the uninitialized
> sentinel) and a slow (indicated by the megamorphic sentinel) mode. Now
> we can only take the fast path when the feedback slot says it hasn't
> seen any funky inputs and nothing funky appeared in the prototype chain.
> In the TurboFan code we also deoptimize whenever we see a funky object
> (i.e. a proxy or an object that requires access checks) in the prototype
> chain (similar to what Crankshaft already did).
>
> Drive-by-fix: Also make Crankshaft respect the mode and therefore
> address the deopt loop in Crankshaft around instanceof.
>
> We might want to introduce an InstanceOfIC mechanism at some point and
> track the map of the right-hand side.
>
> BUG=v8:5267
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/a0484bc6116ebc2b855de87d862945e2ae07169b
> Cr-Commit-Position: refs/heads/master@{#39718}

TBR=mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2365223003
Cr-Commit-Position: refs/heads/master@{#39736}

BUG=chromium:648568

Review-Url: https://codereview.chromium.org/2366393002
Cr-Commit-Position: refs/heads/master@{#39735}

All warnings were fixed. MSVS builds V8 with inspector without warnings.

BUG=chromium:635948
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2364473003
Cr-Commit-Position: refs/heads/master@{#39734}

R=bmeurer@chromium.org,jarin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2366993002
Cr-Commit-Position: refs/heads/master@{#39733}

Review-Url: https://codereview.chromium.org/2365343002
Cr-Commit-Position: refs/heads/master@{#39732}

Crankshaft doesn't actually require VFPv3, so there's no reason to
restrict it. V8 already requires at least VFPv2.

BUG=

Review-Url: https://codereview.chromium.org/2369913002
Cr-Commit-Position: refs/heads/master@{#39731}

Revert of Preparse inner functions (new try) (patchset #21 id:420001 of https://codereview.chromium.org/2352593002/ )

Reason for revert:
We currently have some stability issues on Canary. Let's reland this after we verified that we "fixed" Canary again.

Original issue's description:
> Preparse inner functions (new try)
>
> This is an overly pessimistic approach where PreParser only keeps
> track of unresolved variables, but doesn't declare anything. This
> will result in context-allocating variables in the outer function
> unnecessarily, if the variable names clash with variable names
> used by the inner function (even if the variables are not the
> same). However, we have been unable to prove that this approach
> wouldn't be good enough for the practical purposes.
>
> Fixes after the previous try ( https://codereview.chromium.org/2322243002/ ):
> Keep the context-allocation decision stable when compiling fully eagerly.
>
> Tests which exercise this functionality:
> mjsunit/fixed-context-shapes-when-recompiling.js
>
> Design document (chromium):
>
> https://docs.google.com/a/chromium.org/document/d/1rRv5JJZ0JpOZAZN2CSUwZPFJiBAdRnTiSYhazseNHFg/edit?usp=sharing
>
> BUG=
>
> Committed: https://crrev.com/7c73cf32c60484cdf37c84f1d61b4640e87068d7
> Cr-Commit-Position: refs/heads/master@{#39719}

TBR=verwaest@chromium.org,adamk@chromium.org,marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2373443003
Cr-Commit-Position: refs/heads/master@{#39730}

Revert of Preparse functions in the scope that was created when parsing of the function was started (patchset #2 id:20001 of https://codereview.chromium.org/2370713003/ )

Reason for revert:
Needed for https://codereview.chromium.org/2373443003/

Original issue's description:
> Preparse functions in the scope that was created when parsing of the function was started
>
> This reduces the number of scopes for lazily parsed top-level functions from 3 to 1
>
> BUG=v8:5209
>
> Committed: https://crrev.com/9618d095903c604a032b33792c068f4a6169503c
> Cr-Commit-Position: refs/heads/master@{#39725}

TBR=marja@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5209

Review-Url: https://codereview.chromium.org/2365393002
Cr-Commit-Position: refs/heads/master@{#39729}

Reland of VariableProxy: when cloning, don't even think about creating dangling references. (patchset #1 id:1 of https://codereview.chromium.org/2368303002/ )

Reason for revert:
wrong CL

Original issue's description:
> Revert of VariableProxy: when cloning, don't even think about creating dangling references. (patchset #1 id:1 of https://codereview.chromium.org/2368253002/ )
>
> Reason for revert:
> Needed for  https://codereview.chromium.org/2373443003/
>
> Original issue's description:
> > VariableProxy: when cloning, don't even think about creating dangling references.
> >
> > The code path for cloning resolved VariableProxys (into a different
> > Zone) was never hit, but if it was, it would create a dangling
> > reference, since the Variable would stay in the original Zone.
> >
> > Kudos to verwaest@ for finding this!
> >
> > R=verwaest@chromium.org
> > BUG=
> >
> > Committed: https://crrev.com/fd429bdb9e70cb8c4f8a4bbef0806e008c60440c
> > Cr-Commit-Position: refs/heads/master@{#39723}
>
> TBR=verwaest@chromium.org,marja@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/8edf2905693a2b486a97a0547ec53bb552f7db15
> Cr-Commit-Position: refs/heads/master@{#39726}

TBR=verwaest@chromium.org,marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2366373002
Cr-Commit-Position: refs/heads/master@{#39728}

BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2343733002
Cr-Commit-Position: refs/heads/master@{#39727}

Revert of VariableProxy: when cloning, don't even think about creating dangling references. (patchset #1 id:1 of https://codereview.chromium.org/2368253002/ )

Reason for revert:
Needed for  https://codereview.chromium.org/2373443003/

Original issue's description:
> VariableProxy: when cloning, don't even think about creating dangling references.
>
> The code path for cloning resolved VariableProxys (into a different
> Zone) was never hit, but if it was, it would create a dangling
> reference, since the Variable would stay in the original Zone.
>
> Kudos to verwaest@ for finding this!
>
> R=verwaest@chromium.org
> BUG=
>
> Committed: https://crrev.com/fd429bdb9e70cb8c4f8a4bbef0806e008c60440c
> Cr-Commit-Position: refs/heads/master@{#39723}

TBR=verwaest@chromium.org,marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2368303002
Cr-Commit-Position: refs/heads/master@{#39726}

This reduces the number of scopes for lazily parsed top-level functions from 3 to 1

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2370713003
Cr-Commit-Position: refs/heads/master@{#39725}

Revert of [stubs] Port String.prototype.substring to TurboFan (patchset #5 id:80001 of https://codereview.chromium.org/2358133004/ )

Reason for revert:
Blocks roll: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/10075

Original issue's description:
> [stubs] Port String.prototype.substring to TurboFan
>
> BUG=v8:5415
>
> Committed: https://crrev.com/cc37dff7ba21345b3a867a86127a208e34a3f707
> Cr-Commit-Position: refs/heads/master@{#39717}

TBR=ishell@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5415

Review-Url: https://codereview.chromium.org/2369003002
Cr-Commit-Position: refs/heads/master@{#39724}

The code path for cloning resolved VariableProxys (into a different
Zone) was never hit, but if it was, it would create a dangling
reference, since the Variable would stay in the original Zone.

Kudos to verwaest@ for finding this!

R=verwaest@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2368253002
Cr-Commit-Position: refs/heads/master@{#39723}

The WebAssembly spec requires a HasProperty() check for the maximum
property of the descriptor object which is used to set up a
WebAssembly.Memory object or a WebAssembly.Table object.

The original implementation only approximated the HasProperty() check.
It used Get() to get the value of the maximum property of the descriptor
object and compared the resulting value to {undefined}. However, this
approximation is incorrect if the property exists but its value is
{undefined}.

R=titzer@chromium.org, franzih@chromium.org
BUG=chromium:649461
TEST=mjsunit/wasm/memory

Review-Url: https://codereview.chromium.org/2367673003
Cr-Commit-Position: refs/heads/master@{#39722}

The previous change accidentally shifted categories around which broke our
performance graphs.

BUG=

Review-Url: https://codereview.chromium.org/2369863002
Cr-Commit-Position: refs/heads/master@{#39721}

Reverted for stability reasons.

BUG=chromium:649967
TBR=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2370763002
Cr-Commit-Position: refs/heads/master@{#39720}

This is an overly pessimistic approach where PreParser only keeps
track of unresolved variables, but doesn't declare anything. This
will result in context-allocating variables in the outer function
unnecessarily, if the variable names clash with variable names
used by the inner function (even if the variables are not the
same). However, we have been unable to prove that this approach
wouldn't be good enough for the practical purposes.

Fixes after the previous try ( https://codereview.chromium.org/2322243002/ ):
Keep the context-allocation decision stable when compiling fully eagerly.

Tests which exercise this functionality:
mjsunit/fixed-context-shapes-when-recompiling.js

Design document (chromium):

https://docs.google.com/a/chromium.org/document/d/1rRv5JJZ0JpOZAZN2CSUwZPFJiBAdRnTiSYhazseNHFg/edit?usp=sharing

BUG=

Review-Url: https://codereview.chromium.org/2352593002
Cr-Commit-Position: refs/heads/master@{#39719}

Add a general feedback slot for instanceof similar to what we already have
for for-in, which basically has a fast (indicated by the uninitialized
sentinel) and a slow (indicated by the megamorphic sentinel) mode. Now
we can only take the fast path when the feedback slot says it hasn't
seen any funky inputs and nothing funky appeared in the prototype chain.
In the TurboFan code we also deoptimize whenever we see a funky object
(i.e. a proxy or an object that requires access checks) in the prototype
chain (similar to what Crankshaft already did).

Drive-by-fix: Also make Crankshaft respect the mode and therefore
address the deopt loop in Crankshaft around instanceof.

We might want to introduce an InstanceOfIC mechanism at some point and
track the map of the right-hand side.

BUG=v8:5267
R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2370693002
Cr-Commit-Position: refs/heads/master@{#39718}

BUG=v8:5415

Review-Url: https://codereview.chromium.org/2358133004
Cr-Commit-Position: refs/heads/master@{#39717}

Reverted for stability reasons.

BUG=chromium:649967
TBR=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2366313002
Cr-Commit-Position: refs/heads/master@{#39716}

BUG=chromium:650215

Review-Url: https://codereview.chromium.org/2373453002
Cr-Commit-Position: refs/heads/master@{#39715}

This adds handling of simplified ops without effect input to the escape
status analysis. Such uses are treated as escaping for now until we add
dedicated handling to the escape analysis reducer.

R=bmeurer@chromium.org
BUG=chromium:650170

Review-Url: https://codereview.chromium.org/2372533002
Cr-Commit-Position: refs/heads/master@{#39714}

BUG=v8:5330

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2311153002
Cr-Commit-Position: refs/heads/master@{#39713}

BUG=chromium:648864,chromium:648610
NOTRY=true
TBR=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2371713002
Cr-Commit-Position: refs/heads/master@{#39712}

BUG=chromium:649283
R=titzer@chromium.org
TEST=mjsunit/wasm/table

Review-Url: https://codereview.chromium.org/2358923003
Cr-Commit-Position: refs/heads/master@{#39711}

Passing kTruncateMinusZero truncates -0.0 to Smi 0, while kNoTruncation returns
-0.0 as a heap number.

BUG=

Review-Url: https://codereview.chromium.org/2361363002
Cr-Commit-Position: refs/heads/master@{#39710}

V8 is collecting a growing amount of fuzzers, all of which take substantial
space on the bots and in chromium build archives. This CL improves that
situation by allowing component (shared library) builds for almost all fuzzers.

The parser fuzzer is handled as an exception since it would require exporting a
large number of additional functions.

A component build results in about a 50-100x improvement in file size for each
fuzzer (~50M-100M to around 1.1M).

BUG=chromium:648864
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe

Review-Url: https://codereview.chromium.org/2360983002
Cr-Commit-Position: refs/heads/master@{#39709}

Fixed another TSAN issue in https://codereview.chromium.org/2365123002

TBR=caitp@igalia.com,adamk@chromium.org
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2367203002
Cr-Commit-Position: refs/heads/master@{#39708}

BUG=v8:5408

Review-Url: https://codereview.chromium.org/2367693002
Cr-Commit-Position: refs/heads/master@{#39707}

The file formerly known as src/js/harmony-async-await.js does not
expose anything directly to JavaScript code; it just makes a few
functions available on the native context for the parser desugaring
to expand into. Experimental natives have various issues with
larger amounts of code, so this patch moves the JS builtins to
support async functions out of experimental natives and into the
core snapshot. The change would be done eventually anyway, but this
patch does it before removing the flag to support shipping the
feature while avoiding the pitfalls of experimental natives.

Drive by cleanup: remove more unused functions from the whitelist for experimental natives.

BUG=v8:5427,v8:4483

Review-Url: https://codereview.chromium.org/2365123002
Cr-Commit-Position: refs/heads/master@{#39706}

If DevTools is turned on in the middle of doing some things with async
functions, then more items may be popped from the Promise stack than were
pushed to it. In this sort of case, it's OK to have a catch misprediction,
but a crash is unacceptable. This patch defensively handles this edge
case where the Promise stack is unexpectedly empty for that reason.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2361333003
Cr-Commit-Position: refs/heads/master@{#39705}

Rolling v8/build to 7ec7ad1a5dba8b996440e3bcbd05983cbd41ef3b

Rolling v8/buildtools to 86f7e41d9424b9d8faf66c601b129855217f9a08

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2363053004
Cr-Commit-Position: refs/heads/master@{#39704}

Reason for revert:
TSAN failures still happening; need to investigate more.

Original issue's description:
> Reland of Ship async functions (patchset #1 id:1 of https://codereview.chromium.org/2364963003/ )
>
> Reason for revert:
> Fixed underlying cause of TSAN issue; trying again while watching the bots.
>
> Original issue's description:
> > Revert of Ship async functions (patchset #2 id:20001 of https://codereview.chromium.org/2356943002/ )
> >
> > Reason for revert:
> > Triggers TSAN errors on Linux64:
> >
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/11901
> >
> > Original issue's description:
> > > Ship async functions
> > >
> > > Intent to ship discussion:
> > > https://groups.google.com/forum/#!topic/v8-users/gwpcEIrgIZY
> > >
> > > BUG=v8:4483
> > >
> > > Committed: https://crrev.com/9f7540a0ec6333e7c71615609fe29274d9b7a4c5
> > > Cr-Commit-Position: refs/heads/master@{#39697}
> >
> > TBR=caitp@igalia.com,littledan@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=v8:4483
> >
> > Committed: https://crrev.com/a4354b6c15fd9dbde2677efdf81fbc99ff0cf3e0
> > Cr-Commit-Position: refs/heads/master@{#39699}
>
> TBR=caitp@igalia.com,adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4483
>
> Committed: https://crrev.com/97cdf9f978e971df8a463fef7525bb942d305796
> Cr-Commit-Position: refs/heads/master@{#39702}

TBR=caitp@igalia.com,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2365113003
Cr-Commit-Position: refs/heads/master@{#39703}

Reason for revert:
Fixed underlying cause of TSAN issue; trying again while watching the bots.

Original issue's description:
> Revert of Ship async functions (patchset #2 id:20001 of https://codereview.chromium.org/2356943002/ )
>
> Reason for revert:
> Triggers TSAN errors on Linux64:
>
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/11901
>
> Original issue's description:
> > Ship async functions
> >
> > Intent to ship discussion:
> > https://groups.google.com/forum/#!topic/v8-users/gwpcEIrgIZY
> >
> > BUG=v8:4483
> >
> > Committed: https://crrev.com/9f7540a0ec6333e7c71615609fe29274d9b7a4c5
> > Cr-Commit-Position: refs/heads/master@{#39697}
>
> TBR=caitp@igalia.com,littledan@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4483
>
> Committed: https://crrev.com/a4354b6c15fd9dbde2677efdf81fbc99ff0cf3e0
> Cr-Commit-Position: refs/heads/master@{#39699}

TBR=caitp@igalia.com,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2363093003
Cr-Commit-Position: refs/heads/master@{#39702}

This patch fixes the logic of finding the location of a duplicate
parameter error in arrow functions by only looking at the error if it
exists. This should address a TSAN error. Further, an UNREACHABLE()
statement is inserted somewhere in the ExpressionClassifier code
to make future similar bugs easier to find.

BUG=v8:4483

Review-Url: https://codereview.chromium.org/2365693004
Cr-Commit-Position: refs/heads/master@{#39701}