For the common use case of having a single resolve or reject callback,
the callbacks are stored directly. Only when an additional callback is
registered, we create an array to store these callbacks.

There are 3 possible states for the resolve, reject symbols when we add
a new callback --
1) UNDEFINED -- This is the zero state where there is no callback
registered. When we see this state, we directly attach the callbacks to
the symbol.
2) !IS_ARRAY -- There is a single callback directly attached to the
symbols. We need to create a new array to store additional callbacks.
3) IS_ARRAY -- There are multiple callbacks already registered,
therefore we can just push the new callback to the existing array.

Also, this change creates a new symbol for storing the deferred objects.
Previously the deferred objects were stored in the callback arrays, but
since we no longer create arrays for the initial case, we need this new
symbol. The cctest has been updated to account for this new symbol.

This patch results in a 19% improvement(over 5 runs) in the bluebird benchmark.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2007803002
Cr-Commit-Position: refs/heads/master@{#36536}

Review-Url: https://codereview.chromium.org/2001283006
Cr-Commit-Position: refs/heads/master@{#36535}

Adds an API to request the total size of code/bytecode and their associated
metadata in the heap. When requested, the code_space, old_space and
large_object_space  is scanned to find any code/bytecode array objects.
This could be slow and hence it should be used with caution.

BUG=v8:5019
LOG=N

Review-Url: https://codereview.chromium.org/1997363002
Cr-Commit-Position: refs/heads/master@{#36534}

Rolling v8/build to a11885a5fd2ae5b45d97a2bbfe3e33ab13a88f68

Rolling v8/third_party/icu to 4745cccafba8cdb646263fa48b959f386722c155

Rolling v8/tools/clang to 5c08263d87fd4fe23df4f73323cd6146f5dfe7b2

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2015453004
Cr-Commit-Position: refs/heads/master@{#36533}

This patch does five things:

1. Extracts sampler as libsampler to provide sampling functionality support.
2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
3. Removes sampler.[h|cc].
4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
5. Creates SamplerManager to manage the relationship between samplers and threads.

The reason we port hashmap.h is that in debug mode, STL containers are using
mutexes from a mutex pool, which may lead to deadlock when using asynchronously
signal handler.

Currently libsampler is used in V8 temporarily.

BUG=v8:4789
LOG=n

Committed: https://crrev.com/06cc9b7c176a6223971deaa9fbcafe1a05058c7b
Cr-Commit-Position: refs/heads/master@{#36527}

Review-Url: https://codereview.chromium.org/1922303002
Cr-Commit-Position: refs/heads/master@{#36532}

Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #1 id:1 of https://codereview.chromium.org/2009383002/ )

Reason for revert:
https://build.chromium.org/p/chromium.gpu.fyi/builders/Linux%20Debug%20%28NVIDIA%29/builds/29860/steps/maps_pixel_test%20on%20NVIDIA%20GPU%20on%20Linux%20on%20Linux/logs/stdio

Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #1 id:1 of https://codereview.chromium.org/2011563003/ )
>
> Reason for revert:
> Premature revert. Chromium roll included an earlier version.
>
> Original issue's description:
> > Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )
> >
> > Reason for revert:
> > Breaks webgl2 conformance tests
> >   https://bugs.chromium.org/p/chromium/issues/detail?id=614730
> >
> > Original issue's description:
> > > Reland of "[heap] Fine-grained JSArrayBuffer tracking"
> > >
> > > Track based on JSArrayBuffer addresses on pages instead of the attached
> > > backing store.
> > >
> > > Details of tracking:
> > > - Scavenge: New space pages are processes in bulk on the main thread
> > > - MC: Unswept pages are processed in bulk in parallel. All other pages
> > >   are processed by the sweeper concurrently.
> > >
> > > This reverts commit 93fe04af.
> > >
> > > R=hpayer@chromium.org
> > > BUG=chromium:611688
> > > LOG=N
> > > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
> > >
> > > Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> > > Cr-Commit-Position: refs/heads/master@{#36513}
> >
> > TBR=hpayer@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:611688
> >
> > Committed: https://crrev.com/b9b0868ec49a52c9a80c9beea862a61707b292e5
> > Cr-Commit-Position: refs/heads/master@{#36524}
>
> TBR=hpayer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:611688
>
> Committed: https://crrev.com/b23e008885c4c452ae2b329c9dad167a76e4d7be
> Cr-Commit-Position: refs/heads/master@{#36530}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2009893003
Cr-Commit-Position: refs/heads/master@{#36531}

Reland of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #1 id:1 of https://codereview.chromium.org/2011563003/ )

Reason for revert:
Premature revert. Chromium roll included an earlier version.

Original issue's description:
> Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )
>
> Reason for revert:
> Breaks webgl2 conformance tests
>   https://bugs.chromium.org/p/chromium/issues/detail?id=614730
>
> Original issue's description:
> > Reland of "[heap] Fine-grained JSArrayBuffer tracking"
> >
> > Track based on JSArrayBuffer addresses on pages instead of the attached
> > backing store.
> >
> > Details of tracking:
> > - Scavenge: New space pages are processes in bulk on the main thread
> > - MC: Unswept pages are processed in bulk in parallel. All other pages
> >   are processed by the sweeper concurrently.
> >
> > This reverts commit 93fe04af.
> >
> > R=hpayer@chromium.org
> > BUG=chromium:611688
> > LOG=N
> > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
> >
> > Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> > Cr-Commit-Position: refs/heads/master@{#36513}
>
> TBR=hpayer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:611688
>
> Committed: https://crrev.com/b9b0868ec49a52c9a80c9beea862a61707b292e5
> Cr-Commit-Position: refs/heads/master@{#36524}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2009383002
Cr-Commit-Position: refs/heads/master@{#36530}

Revert of Create libsampler as V8 sampler library. (patchset #24 id:460001 of https://codereview.chromium.org/1922303002/ )

Reason for revert:
V8 Linux64 TSAN failure because ThreadSanitizer indicated data race.

Original issue's description:
> Create libsampler as V8 sampler library.
>
> This patch does five things:
>
> 1. Extracts sampler as libsampler to provide sampling functionality support.
> 2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
> 3. Removes sampler.[h|cc].
> 4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
> 5. Creates SamplerManager to manage the relationship between samplers and threads.
>
> The reason we port hashmap.h is that in debug mode, STL containers are using
> mutexes from a mutex pool, which may lead to deadlock when using asynchronously
> signal handler.
>
> Currently libsampler is used in V8 temporarily.
>
> BUG=v8:4789
> LOG=n
>
> Committed: https://crrev.com/06cc9b7c176a6223971deaa9fbcafe1a05058c7b
> Cr-Commit-Position: refs/heads/master@{#36527}

TBR=jochen@chromium.org,alph@chromium.org,fmeawad@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789

Review-Url: https://codereview.chromium.org/2000323007
Cr-Commit-Position: refs/heads/master@{#36529}

Removes the DONT_DELETE enum bit from the properties to make them
configurable.

Also, updates the regress-typedarray-length test to --
- Check for true boolean return value on deletion of these
  properties.
- Check for undefined return value on trying to access these
  properties after deletion.

BUG=v8:4902
LOG=Y

Review-Url: https://codereview.chromium.org/2001393004
Cr-Commit-Position: refs/heads/master@{#36528}

This patch does five things:

1. Extracts sampler as libsampler to provide sampling functionality support.
2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
3. Removes sampler.[h|cc].
4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
5. Creates SamplerManager to manage the relationship between samplers and threads.

The reason we port hashmap.h is that in debug mode, STL containers are using
mutexes from a mutex pool, which may lead to deadlock when using asynchronously
signal handler.

Currently libsampler is used in V8 temporarily.

BUG=v8:4789
LOG=n

Review-Url: https://codereview.chromium.org/1922303002
Cr-Commit-Position: refs/heads/master@{#36527}

Bootstrapper previously created %ThrowTypeError% before the strict
function maps existed, so making that function strict required a small
amount of code reordering.

This fixes a few test262 tests, but we're still non-compliant due to the
fact that we have two functions instead of one (see issue 4034).

BUG=v8:4925
LOG=y

Review-Url: https://codereview.chromium.org/2006733004
Cr-Commit-Position: refs/heads/master@{#36526}

Intersection of types is used in several places,
if it yields the empty set, this indicates a type mismatch.
We should emit an error in this case.

Add the RECURSE() macro around IntersectResult to allow errors to propagate immediately.

BUG=614291
R=ahaas@chromium.org
TEST=asm-wasm
LOG=N

Review-Url: https://codereview.chromium.org/2011873002
Cr-Commit-Position: refs/heads/master@{#36525}

Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )

Reason for revert:
Breaks webgl2 conformance tests
  https://bugs.chromium.org/p/chromium/issues/detail?id=614730

Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> This reverts commit 93fe04af.
>
> R=hpayer@chromium.org
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> Cr-Commit-Position: refs/heads/master@{#36513}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2011563003
Cr-Commit-Position: refs/heads/master@{#36524}

This removes the last use of the old_functions section, which greatly
simplifies encoding.

R=bradnelson@chromium.org,aseemgarg@chromium.org,mtrofin@chromium.org

BUG=

Review-Url: https://codereview.chromium.org/2014533003
Cr-Commit-Position: refs/heads/master@{#36523}

Port a23222ed

Original commit message:
    For cross-compiler-compatibility and standards compliance %p
    requires a void*, rather than any pointer type.

R=machenbach@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=chromium:474921
LOG=N

Review-Url: https://codereview.chromium.org/2010743002
Cr-Commit-Position: refs/heads/master@{#36522}

Reason for revert:
Speculative revert because of roll block:
https://codereview.chromium.org/2004203004/

Original issue's description:
> [gn] Add unittests
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
> Cr-Commit-Position: refs/heads/master@{#36510}

TBR=vogelheim@chromium.org,bmeurer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2004373005
Cr-Commit-Position: refs/heads/master@{#36521}

Reason for revert:
Reason for revert:
Speculative revert because of roll block:
https://codereview.chromium.org/2004203004/

Original issue's description:
> [gn] Add cctest
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
> Cr-Commit-Position: refs/heads/master@{#36517}

TBR=vogelheim@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2008543007
Cr-Commit-Position: refs/heads/master@{#36520}

Port a23222ed

Original commit message:

    For cross-compiler-compatibility and standards compliance %p
    requires a void*, rather than any pointer type.

R=machenbach@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=chromium:474921
LOG=N

Review-Url: https://codereview.chromium.org/2009653002
Cr-Commit-Position: refs/heads/master@{#36519}

Port a6ddbef0

Original commit message:

    The TurboFan inliner makes use of these counts.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2014563002
Cr-Commit-Position: refs/heads/master@{#36518}

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36517}

R=bradnelson@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2011893002
Cr-Commit-Position: refs/heads/master@{#36516}

Signalling an error to the ErrorThrower causes a heap allocation and should
therefore not happen in the parallel phase of the compilation.

Additionally I did some refactoring: I pulled the function
BuildGraphForWasmFunction into the WasmCompilationUnit and as a consequence
I can use the class fields directly instead of passing them as parameters.

BUG=chromium::614291
LOG=N
R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2007113004
Cr-Commit-Position: refs/heads/master@{#36515}

R=cbruni@chromium.org

Committed: https://crrev.com/53d4594b849bed40d96389f00b6ce0ca1fff05bb
Cr-Commit-Position: refs/heads/master@{#36499}

Review-Url: https://codereview.chromium.org/2010533002
Cr-Commit-Position: refs/heads/master@{#36514}

Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

This reverts commit 93fe04af.

R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2007253002
Cr-Commit-Position: refs/heads/master@{#36513}

Revert of [json] support replacer function in BasicJsonStringifier. (patchset #4 id:60001 of https://codereview.chromium.org/2010533002/ )

Reason for revert:
Layout test failure:

https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7029

Original issue's description:
> [json] support replacer function in BasicJsonStringifier.
>
> R=cbruni@chromium.org
>
> Committed: https://crrev.com/53d4594b849bed40d96389f00b6ce0ca1fff05bb
> Cr-Commit-Position: refs/heads/master@{#36499}

TBR=cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2008293002
Cr-Commit-Position: refs/heads/master@{#36512}

Caching nodes with mutable inputs is a bad idea and already blew up
twice now, so in order to avoid further breakage, let's kill the
EmptyFrameState caching on JSGraph completely and only cache the empty
state values there.

We can remove the hacking from JSTypedLowering completely once we have
the PlainPrimitiveToNumber in action.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2006423003
Cr-Commit-Position: refs/heads/master@{#36511}

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36510}

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2007023003
Cr-Commit-Position: refs/heads/master@{#36509}

Previously we first created a temporary graph for the inlinee and then
copied over all the nodes to the actual graph. This however introduces
unnecessary complexity, and we can instead just create the inlinee
inside the target graph.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2006353003
Cr-Commit-Position: refs/heads/master@{#36508}

This change introduces five fused bytecodes for common bytecode
sequences on popular websites. These are LdrNamedProperty,
LdrKeyedProperty, LdrGlobal, LdrContextSlot, and LdrUndefined. These
load values into a destination register operand instead of the
accumulator. They are emitted by the peephole optimizer.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1985753002
Cr-Commit-Position: refs/heads/master@{#36507}

  - Add Simd128 type to Wasm AST types
  - Seperate out generic SIMD Machine ops
  - Opcodes added as per Wasm SIMD opcode table prototype. All opcodes
  except Bool8x16, Bool16x8 and S128 Load/Store opcodes added.

Review-Url: https://codereview.chromium.org/2009553002
Cr-Commit-Position: refs/heads/master@{#36506}

It's always possible to deoptimize to Ignition from TurboFan, and we
don't use Ignition for asm.js code, so there's no need to have the empty
frame state magic in the BytecodeGraphBuilder.

R=mstarzinger@chromium.org
BUG=v8:4280

Review-Url: https://codereview.chromium.org/2008243002
Cr-Commit-Position: refs/heads/master@{#36505}

Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #6 id:220001 of https://codereview.chromium.org/2005723005/ )

Reason for revert:
Breaking TSAN
  https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20TSAN/builds/9741/steps/Ignition%20-%20turbofan%20%28flakes%29/logs/FixedUint32Array

Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> This reverts commit d2dff032.
>
> R=hpayer@chromium.org
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/b5704bc1e6ba74c9ca975f5d58f5b2dc60261457
> Cr-Commit-Position: refs/heads/master@{#36495}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2011863002
Cr-Commit-Position: refs/heads/master@{#36504}

BUG=chromium:614291
LOG=N
R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2009823002
Cr-Commit-Position: refs/heads/master@{#36503}

Reland of [keys] Simplify KeyAccumulator (patchset #1 id:1 of https://codereview.chromium.org/2010593002/ )

Reason for revert:
relanding, fixed handle dereferencing

Original issue's description:
> Revert of [keys] Simplify KeyAccumulator (patchset #15 id:280001 of https://codereview.chromium.org/1995263002/ )
>
> Reason for revert:
> https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/6248
>
> Original issue's description:
> > [keys] Simplify KeyAccumulator
> >
> > - Use KeyAccumulator::GetKeys directly instead of JSReceiver::GetKeys
> > - Revert KeyAccumulator to single OrderedHashSet implementation.
> > - Convert the OrderedHashSet in-place to a FixedArray
> > - IndexedInterceptor indices are no longer combined and sorted with the object indices
> >
> > BUG=
> >
> > Committed: https://crrev.com/d3324df017046bcde247a5aef6d1b59bfae5908f
> > Cr-Commit-Position: refs/heads/master@{#36485}
>
> TBR=jkummerow@chromium.org,verwaest@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/893524b53d43df63bca6cb9b7244d21771fadb0b
> Cr-Commit-Position: refs/heads/master@{#36486}

TBR=jkummerow@chromium.org,verwaest@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2014523002
Cr-Commit-Position: refs/heads/master@{#36502}

X87: [x64/ia32] Deal with the non-transitivity of InstructionSelector::CanCover() when folding loads into branches.

    port 0d22e7e4 (r36482)

    original commit message:
    Sequences like:

    1: Load[kRepWord32|kTypeInt32](<address>, ...)
    2: Word32And(1, <constant>)
    3: Word32Equal(2, <another constant>)
    4: Store[(kRepWord32 : NoWriteBarrier)](<address>, <value>)
    5: Branch[None](3, ...) -> B1, B2

    where #1 and #4 refer to the same memory location, are problematic because in VisitBranch we assume that 'InstructionSelector::CanCover()' is transitive.

    What happens is that CanCover(5, 3) is true (3 is a pure op), and so are CanCover(3, 2), CanCover(2, 1), but the effect level of 5 and 3 never gets checked because 3 is a pure op. Upon VisitBranch, we

    mov [address], <value>
    test [address], <another constant>

    With this patch, it becomes:

    mov reg, [address]
    mov [address], <value>
    test reg, <another constant>

BUG=

Review-Url: https://codereview.chromium.org/2006223004
Cr-Commit-Position: refs/heads/master@{#36501}

Add stack overflow checks to AstTraversalVisitor, and let
AstExpressionVisitor reuse traversal logic from AstTraversalVisitor.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2004363002
Cr-Commit-Position: refs/heads/master@{#36500}

R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2010533002
Cr-Commit-Position: refs/heads/master@{#36499}

  port a6ddbef0 (r36472)

  original commit message:
  The TurboFan inliner makes use of these counts.

BUG=

Review-Url: https://codereview.chromium.org/2013453003
Cr-Commit-Position: refs/heads/master@{#36498}

This interpreter directly decodes and executes WASM binary code for
the purpose of supporting low-level debugging. It is not currently
integrated into the main WASM implementation.

R=ahaas@chromium.org,clemensh@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1972153002
Cr-Commit-Position: refs/heads/master@{#36497}