port 3a9152ec (r42594)

  original commit message:
  We are planning to add a few more debugger related bits, and are running
  out of compiler hints bits. The new bit field is going to be part of the
  debug info struct. If the debug info is not available, we store the bit
  field in its place on the shared function info.

BUG=

Review-Url: https://codereview.chromium.org/2649893004
Cr-Commit-Position: refs/heads/master@{#42617}

A recent change to disallow wasm compilation in contexts where
CSP unsafe-eval would disallow eval also ended up banning asm.js there:
https://codereview.chromium.org/2646713002

This ends up banning non-evaled asm.js even in some places it should be
allowed.

NOTE: Although asm.js code converted to wasm generates an intermediate wasm
module. asm.js code evaled in a disallowed context can't even get
that far (as it's stoped at the eval site).

BUG=683867
R=mtrofin@chromium.org,titzer@chromium.org,adamk@chromium.org

Review-Url: https://codereview.chromium.org/2656463004
Cr-Commit-Position: refs/heads/master@{#42616}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0081085..dbe38ca

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/cb12d6e..8e94621

Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/49e3f62..e1e778d

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/fa8cd67..58fecbe

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2649983004
Cr-Commit-Position: refs/heads/master@{#42615}

V8 has internal mechanism to ignore steps and breaks inside internal scripts, in this CL it's reused for blackboxing implementation.
Advantages:
- much faster blackboxing implementation (before we at least wrap and collect current call stack for each step),
- get rid of StepFrame action and potential pause in blackboxed code after N StepFrame steps,
- simplification of debugger agent logic.
Disadvtanges:
- currently when user was paused in blackboxed code (e.g. on breakpoint) and then makes step action, debugger ignores blackboxed state of the script and allows to use step actions as usual - this behavior is regressed, we still able to support it on frontend side.

Current state and proposed changes for blackboxing: https://docs.google.com/document/d/1hnzaXPAN8_QC5ENxIgxgMNDbXLraM_OXT73rAyijTF8/edit?usp=sharing

BUG=v8:5842
R=yangguo@chromium.org,dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2633803002
Cr-Commit-Position: refs/heads/master@{#42614}

Check that number of properties < Code:kMaxArguments when object
destructuring with a rest property otherwise throw an error.

BUG=v8:5549

Review-Url: https://codereview.chromium.org/2650863002
Cr-Commit-Position: refs/heads/master@{#42613}

Also introduces FFIType separate from MachineType for express ffi
signatures.

BUG=v8:4456

Review-Url: https://codereview.chromium.org/2639163004
Cr-Commit-Position: refs/heads/master@{#42612}

Atomics.wait is a function which may block, which is not allowed on the
main thread. Since V8 doesn't know whether a particular isolate is the
"main thread", this CL adds an option to Isolate::CreateParams to choose
whether this function is allowed.

Review-Url: https://codereview.chromium.org/2642293002
Cr-Commit-Position: refs/heads/master@{#42611}

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2629223005
Cr-Commit-Position: refs/heads/master@{#42610}

Manipulating the signaling NaN used for the hole and uninitialized double
field sentinel in C++, e.g. with bit_cast or HeapNumber::value()/set_value(),
will change its value on ia32 (the x87 stack is used to return values and
stores to the stack silently clear the signalling bit).

BUG=v8:5495

Review-Url: https://codereview.chromium.org/2652553003
Cr-Commit-Position: refs/heads/master@{#42609}

Port 3a9152ec

Original Commit Message:

    We are planning to add a few more debugger related bits, and are running
    out of compiler hints bits. The new bit field is going to be part of the
    debug info struct. If the debug info is not available, we store the bit
    field in its place on the shared function info.

R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2653673002
Cr-Commit-Position: refs/heads/master@{#42608}

Also fixes check for table segments to be performed against actual size not declared one.

Makes us pass memory.wast and linking.wast tests (modulo issue 5860).

R=titzer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2649553002
Cr-Commit-Position: refs/heads/master@{#42607}

BUG=chromium:683617

Review-Url: https://codereview.chromium.org/2651553003
Cr-Commit-Position: refs/heads/master@{#42606}

BUG=chromium:683515

Review-Url: https://codereview.chromium.org/2654433003
Cr-Commit-Position: refs/heads/master@{#42605}

Revert of [wasm] Turn on trap-if by default. (patchset #1 id:1 of https://codereview.chromium.org/2647323002/ )

Reason for revert:
gc-stress failures

Original issue's description:
> [wasm] Turn on trap-if by default.
>
> This CL turns on trap-if by default, and it changes the tests so that
> traps in the cctests are also tested without trap-if.
>
> R=titzer@chromium.org, clemensh@chromium.org, bradnelson@chromium.org
>
> Review-Url: https://codereview.chromium.org/2647323002
> Cr-Commit-Position: refs/heads/master@{#42603}
> Committed: https://chromium.googlesource.com/v8/v8/+/01c87ebe70fb569205432597f3105c708bba0fef

TBR=bradnelson@chromium.org,titzer@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2645403005
Cr-Commit-Position: refs/heads/master@{#42604}

This CL turns on trap-if by default, and it changes the tests so that
traps in the cctests are also tested without trap-if.

R=titzer@chromium.org, clemensh@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2647323002
Cr-Commit-Position: refs/heads/master@{#42603}

This CL fixes an issue introduced in https://codereview.chromium.org/2645083003.

BUG=chromium:683818

Review-Url: https://codereview.chromium.org/2651653002
Cr-Commit-Position: refs/heads/master@{#42602}

For an object literal, has_seen_proto is needed to create the
BoilerplateDescription. When iterating over the object
properties in the AST, has_seen_proto can easily be computed. The
flag in the ObjectLiteral is unnecessary.

R=verwaest@chromium.org

BUG=v8:5625

Review-Url: https://codereview.chromium.org/2646333002
Cr-Commit-Position: refs/heads/master@{#42601}

Port the fast path for accessor inlining to cached property names from
Crankshaft to TurboFan. This constant-folds accesses to document in a
script.

R=jochen@chromium.org
BUG=v8:5548

Review-Url: https://codereview.chromium.org/2646363003
Cr-Commit-Position: refs/heads/master@{#42600}

The hardcoded constant caused a problem for the wasm fuzzer because
when the maximum memory was allocated in a test case, clusterfuzz ran
out of memory. with the command line flag we can set a lower limit
for the fuzzer.

The flag has the value of the constant as its default value, so that
for everything but the fuzzers nothing should change.

R=titzer@chromium.org
BUG=chromium:676888

Review-Url: https://codereview.chromium.org/2626313003
Cr-Commit-Position: refs/heads/master@{#42599}

We do not want to reserve space in the backing store for index keys.
Count index keys during creation of the BoilerplateDescription, and
substract them for the backing store size.

Correctly count index keys after encountering a property with
a computed name during object literal creation.

R=verwaest@chromium.org

BUG=v8:5625

Review-Url: https://codereview.chromium.org/2651523002
Cr-Commit-Position: refs/heads/master@{#42598}

As required by C++11, this CL changes the zone allocator to be able to
construct and destroy arbitrary types, and accept arbitrary arguments
for construct, passing them via perfect forwarding.
I also change some push_back to emplace_back. Some of those did not
compile before.

R=ishell@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2646873004
Cr-Commit-Position: refs/heads/master@{#42597}

I guess that a comparison with i::wasm::kV8MaxWasmTableSize was not
intended here. I did not add a test because I do not even know if it is
even possible to create a WasmMemoryObject with
maximum_pages > i::wasm::kV8MaxWasmMemoryPages. Maybe we should replace
the condition with a Check instead.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2645273004
Cr-Commit-Position: refs/heads/master@{#42596}

R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2642253005
Cr-Original-Commit-Position: refs/heads/master@{#42543}
Committed: https://chromium.googlesource.com/v8/v8/+/e26a58e43c51a680a0a6363e0066886f4971a41f
Review-Url: https://codereview.chromium.org/2642253005
Cr-Commit-Position: refs/heads/master@{#42595}

We are planning to add a few more debugger related bits, and are running
out of compiler hints bits. The new bit field is going to be part of the
debug info struct. If the debug info is not available, we store the bit
field in its place on the shared function info.

Review-Url: https://codereview.chromium.org/2649873002
Cr-Commit-Position: refs/heads/master@{#42594}

Add the operator in preparation for actual perf work. The operator is replaced
by the same runtime call as before, during lowering.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2639233002
Cr-Commit-Position: refs/heads/master@{#42593}

  port ee9c7091 (r42561)

  original commit message:
  FAST_DOUBLE_ELEMENTS and FAST_HOLEY_DOUBLE_ELEMENTS kinds should both
  be handled by the runtime.

BUG=

Review-Url: https://codereview.chromium.org/2649053002
Cr-Commit-Position: refs/heads/master@{#42592}

  The CL #42545 (https://codereview.chromium.org/2639353002 ) add SignallingNanSurvivesI32ReinterpretF32/SignallingNanSurvivesI64ReinterpretF64 tests.
  Those tests failed at x87 port as X87 FPU hardware will convert a sNaN to qNaN automatically.

  This CL skips SignallingNanSurvivesI32ReinterpretF32/SignallingNanSurvivesI64ReinterpretF64 tests for x87.

BUG=

Review-Url: https://codereview.chromium.org/2649843002
Cr-Commit-Position: refs/heads/master@{#42591}

Also, emit a NewWithSpread bytecode for CallNew AST nodes where possible, rather than desugaring in the parser.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2629363002
Cr-Original-Commit-Position: refs/heads/master@{#42455}
Committed: https://chromium.googlesource.com/v8/v8/+/4bae43471d5685e34d8bd74458889b83e60235a0
Review-Url: https://codereview.chromium.org/2629363002
Cr-Commit-Position: refs/heads/master@{#42590}

For calls from ToPrimitive we already now that the receiver cannot be
null or undefined, since a property lookup succeeded before the call,
which would have thrown an exception in case of null or undefined.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2649093002
Cr-Commit-Position: refs/heads/master@{#42589}

  port ea925431 (r42545)

  original commit message:
  On ia32 return statements in C++ automatically convert signalling NaNs
  to quiet NaNs, even when bit_cast is used. This CL removes all uses of
  bit_cast<float> and bit_cast<double> in the wasm compiler and wasm
  interpreter.

BUG=

Review-Url: https://codereview.chromium.org/2648203002
Cr-Commit-Position: refs/heads/master@{#42588}

  port 037200e6 (r42486)

  original commit message:
  The IA32AddPair and IA32SubPair instructions were using an input register as a
  temporary value, which led to registers sometimes being clobbered when they
  shouldn't have been. This led to problems, for example, in calling printf to
  format doubles:

  printf("%f", 1.2345) => 0.61725 (on x86)

BUG=

Review-Url: https://codereview.chromium.org/2645233002
Cr-Commit-Position: refs/heads/master@{#42587}

  port 0b8200c7 (r42444)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/2646343002
Cr-Commit-Position: refs/heads/master@{#42586}

  port 95a9b761 (r42344)

  original commit message:
  Recognize and emit in-memory comparisons of 8-bit and 16-bit values with
  immediate values that fit.

BUG=

Review-Url: https://codereview.chromium.org/2651553002
Cr-Commit-Position: refs/heads/master@{#42585}

Property backing store size for object literals is
the number of constant and named properties (possibly
over-allocating for the same names).

We do not reserve space in the backing store for __proto__.

We do not reserve space in the backing store for index keys.
Currently, we account for index keys in the runtime when iterating
over the boilerplate properties. Since the boilerplate properties
only include the properties up to the first computed property
name, the property backing store size includes space for index keys
if seen after the first computed property.

R=verwaest@chromium.org

BUG=v8:5625

Review-Url: https://codereview.chromium.org/2650593002
Cr-Commit-Position: refs/heads/master@{#42584}

Revert of [build] Introduce an embedder version string (patchset #3 id:40001 of https://codereview.chromium.org/2619213002/ )

Reason for revert:
Blocks roll https://codereview.chromium.org/2647183002/

Original issue's description:
> [build] Introduce an embedder version string
>
> Sometimes, the embedder might want to merge a fix to an abandoned branch
> or to a supported branch but the fix is not relevant to Chromium.
> This adds a new version string that the embedder can set on compile time
> and that will be appended to the official V8 version.
> The separator must be provided in the string. For instance, to have a
> full version string like "5.5.372.37.custom.1", the embedder must set
> V8_EMBEDDER_STRING to ".custom.1".
>
> Related Node.js issue: https://github.com/nodejs/node/pull/9754
>
> BUG=v8:5740
> R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com
>
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Original-Commit-Position: refs/heads/master@{#42175}
> Committed: https://chromium.googlesource.com/v8/v8/+/fc86d4329b253bf21c1dd85469f1ef4b6e5ba01a
> Review-Url: https://codereview.chromium.org/2619213002
> Cr-Commit-Position: refs/heads/master@{#42582}
> Committed: https://chromium.googlesource.com/v8/v8/+/2c1d1e60883882011ed50310a9b09e95dc61234a

TBR=hablich@chromium.com,machenbach@chromium.org,ofrobots@google.com,mic.besace@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5740

Review-Url: https://codereview.chromium.org/2643393004
Cr-Commit-Position: refs/heads/master@{#42583}

Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set on compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "5.5.372.37.custom.1", the embedder must set
V8_EMBEDDER_STRING to ".custom.1".

Related Node.js issue: https://github.com/nodejs/node/pull/9754

BUG=v8:5740
R=machenbach@chromium.org,hablich@chromium.com,ofrobots@google.com

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2619213002
Cr-Original-Commit-Position: refs/heads/master@{#42175}
Committed: https://chromium.googlesource.com/v8/v8/+/fc86d4329b253bf21c1dd85469f1ef4b6e5ba01a
Review-Url: https://codereview.chromium.org/2619213002
Cr-Commit-Position: refs/heads/master@{#42582}

Convert strings to numbers if possible in the runtime call and store
in excluded property list.

BUG=v8:5549

Review-Url: https://codereview.chromium.org/2639333004
Cr-Commit-Position: refs/heads/master@{#42581}

This enables us to produce the list of eager inner functions for compilation
in one go during the outer function's renumbering step, and avoid having
to do renumbering explicitly on the inner functions, simplifying the zone
ownership.

BUG=v8:5203, v8:5215

Review-Url: https://codereview.chromium.org/2648503002
Cr-Original-Commit-Position: refs/heads/master@{#42540}
Committed: https://chromium.googlesource.com/v8/v8/+/3541a074e241421b64ba41d81d8a99bb6ac62c5e
Review-Url: https://codereview.chromium.org/2648503002
Cr-Commit-Position: refs/heads/master@{#42580}

This moves AsyncFunctionAwait{Caught,Uncaught} to CSA, and removes
async-await.js.

BUG=v8:5639

Review-Url: https://codereview.chromium.org/2643023002
Cr-Commit-Position: refs/heads/master@{#42579}

BUG=v8:5863

R=titzer@chromium.org, dschuff@chromium.org

Review-Url: https://codereview.chromium.org/2640403004
Cr-Commit-Position: refs/heads/master@{#42578}