BUG=chromium:703226

Change-Id: I2232d4a721beb35478066b25143b9635bcc6b238
Reviewed-on: https://chromium-review.googlesource.com/458429Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44073}

Removed the invalid DCHECKs altogether.

BUG=v8:5561

Change-Id: I678b80a2f216a84333e3fe65843ca9dfc0bdf0d5
Reviewed-on: https://chromium-review.googlesource.com/458280
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44072}

BUG=chromium:645890

Change-Id: Iec8f473074a65abe9b4fbc968d5617038120efa5
Reviewed-on: https://chromium-review.googlesource.com/458011
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44071}

R=bjaideep@ca.ibm.com, jyan@ca.ibm.com, joransiu@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2760983003
Cr-Commit-Position: refs/heads/master@{#44070}

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2766423004
Cr-Commit-Position: refs/heads/master@{#44069}

When using --trace-ignition-codegen, the name for each bytecode handler is
missing. The reason is that we find the name of a bytecode by looking up the
code object entry in the interpreter's dispatch table, which is not yet
populated at this point.

BUG=

Review-Url: https://codereview.chromium.org/2771503004
Cr-Commit-Position: refs/heads/master@{#44068}

This is just an update to reflect the current spec proposal.
https://tc39.github.io/proposal-regexp-named-groups/

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2769143002
Cr-Commit-Position: refs/heads/master@{#44067}

BUG=chromium:645890
NOTRY=true
TBR=jochen@chromium.org,vogelheim@chromium.org

Change-Id: Id0e972bf2480dd9c48e064537090a7bd97431db1
Reviewed-on: https://chromium-review.googlesource.com/458223Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44066}

Stack overflow checks are typically implemented as part of the TurboFan
graph of a function. This means that the stack check code is executed
after frame construction. When a frame is too big, though, there may not
be enough space on the stack anymore to throw the stack overflow
exception after frame construction. With this CL we do an additional
stack check before frame construction for functions with big frames.

As discussed offline with mstarzinger, I do this change currently only
for WebAssembly.

This CL contains only the changes for arm. I will do the other platforms
in separate CLs.

R=mstarzinger@chromium.org, v8-arm-ports@googlegroups.com

Review-Url: https://codereview.chromium.org/2763593002
Cr-Commit-Position: refs/heads/master@{#44065}

BUG=none
TBR=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2773723002
Cr-Commit-Position: refs/heads/master@{#44064}

When available, we use the NEON instructions vld1.8 and vst1.8 to
implement unaligned loads and stores of float64 values.

R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com

Review-Url: https://codereview.chromium.org/2769723003
Cr-Commit-Position: refs/heads/master@{#44063}

R=machenbach@chromium.org
BUG=v8:6127

Change-Id: Iced2bd9e71006077aca4bd1de8dd14b6c771ec86
Reviewed-on: https://chromium-review.googlesource.com/458222Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44062}

BUG=v8:6090
R=marja@chromium.org

Review-Url: https://codereview.chromium.org/2769013002
Cr-Commit-Position: refs/heads/master@{#44061}

BUG=v8:5561

Change-Id: I3f8bac0083e22066ee26f4bfeae5a16f81654a91
Reviewed-on: https://chromium-review.googlesource.com/458424Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44060}

This CL adds support for indirect function calls to the interpreter. It
can indirectly call other wasm function in the same instance, which are
then executed in the interpreter, or call imported functions.

Implementing this required some refactoring:
- The wasm interpreter now unwraps import wrappers on demand, instead
  of unwrapping all of them on instantiation and storing a vector of
  handles. This also avoids the DeferredHandleScope completely, instead
  we just store two global handles in the code map.
- The interpreter gets the code table, function tables and signature
  tables directly from the attached wasm instance object. This ensures
  that the interpreter sees all updates to tables that might have been
  performed by external code.
- There is now common functionality for calling a code object. This is
  used for direct calls to imported functions and for all indirect
  calls. As these code objects can also be wasm functions which should
  be executed in the interpreter itself, I introduce a struct to hold
  the outcome of calling the code object, or a pointer to
  InterpreterCode to be called in the interpreter.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I20fb2ea007e79e5fcff9afb4b1ca31739ebcb83f
Reviewed-on: https://chromium-review.googlesource.com/458417
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44059}

BUG=v8:5561

Change-Id: I90f59b53dbf832571aef7fa07694abfddf53b7f6
Reviewed-on: https://chromium-review.googlesource.com/458200
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44058}

It was removed so that Parser::DeserializeScopeChain does not have
 to get it from ParseInfo.
Only a small step in direction of removing isolate from ParseInfo.

BUG=v8:6093

Change-Id: Iaaf92dc6eb5ec9c4efc05ac73666fbc66e0ed8c1
Reviewed-on: https://chromium-review.googlesource.com/457999
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44057}

Revert of [heap] Simplify clearing of normalized map caches. (patchset #1 id:1 of https://codereview.chromium.org/2745183002/ )

Reason for revert:
https://bugs.chromium.org/p/v8/issues/detail?id=6135

Original issue's description:
> [heap] Simplify clearing of normalized map caches.
>
> Currently the incremental marking visitor treats elements of normalized
> map caches weakly by coloring the caches grey without pusing to marking
> deque.
>
> The mark-compact prologue then clears all normalized map caches.
>
> We can achieve similar effect by just clearing the caches in the marking
> visitor.
>
> BUG=chromium:694255
>
> Review-Url: https://codereview.chromium.org/2745183002
> Cr-Commit-Position: refs/heads/master@{#43941}
> Committed: https://chromium.googlesource.com/v8/v8/+/3d68306c71b17ebcb306b4e2ed8cae110c52229c

TBR=hpayer@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2771703003
Cr-Commit-Position: refs/heads/master@{#44056}

This adds a --stress-validate-asm flag intended to stress test the
validator by running against every single function, independent of
whether a "use asm" directive is present. It mainly tests negative
cases because barely any function in our test corpus will be a valid
module according to the asm.js spec.

R=bradnelson@chromium.org
BUG=v8:6127

Change-Id: Id04b0440628134d4e81c9bb4d71039f940fc9a83
Reviewed-on: https://chromium-review.googlesource.com/457039Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44055}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a53333d..4a2354d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/8cbbd7f..2038d74

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I3363a0fa2ce1c5021029dea2a8dab2eee7cf2454
Reviewed-on: https://chromium-review.googlesource.com/458119Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44054}

APIs and trivial implementation, to unblock Chrome side dev.

BUG=chromium:697028

Review-Url: https://codereview.chromium.org/2763413003
Cr-Commit-Position: refs/heads/master@{#44053}

This reverts commit e35ec4a7.

Reason for revert: crash on WebKit Mac10.11 (dbg).

Original change's description:
> [ic] General cleanup after moving more ICs to data handlers
> 
> BUG=v8:5561
> 
> Change-Id: Ibc64f2a42089b40a605313a5f24b1da85722fde8
> Reviewed-on: https://chromium-review.googlesource.com/457370
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44005}

TBR=ishell@chromium.org,verwaest@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5561

Change-Id: I2000ba48b2165e26a48f3e02259e054b40c50704
Reviewed-on: https://chromium-review.googlesource.com/457788Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44052}

BUG=v8:6116

Change-Id: I4e521d2fb3964e0d3615ef1deea6b3418fc77c50
Reviewed-on: https://chromium-review.googlesource.com/458400
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44051}

Move ICU case conversion utility functions to a common location.

BUG=v8:5751
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng

Review-Url: https://codereview.chromium.org/2728763006
Cr-Commit-Position: refs/heads/master@{#44050}

The AssignmentExpressions can legally contain destructuring assignments.

BUG=v8:6098
R=marja@chromium.org, adamk@chromium.org

Change-Id: I99b3a0f4c8d103edfb1dda943ec3e2ab2a5969f7
Reviewed-on: https://chromium-review.googlesource.com/455221
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44049}

These JS objects don't have size property.

BUG=none
R=dgozman@chromium.org,luoe@chromium.org

Review-Url: https://codereview.chromium.org/2770583002
Cr-Commit-Position: refs/heads/master@{#44048}

Current implementation of the pextrw instruction is the legacy SSE2 instruction in the assembler (66 0F C5), and SSE4 implementation(66 0F 3A 15) in disasm-x64.cc, this causes incorrect instruction encodings to be printed when using --print-code flag for debug, in this case, causes over flow of bytes, and subsequent instructions to be incorrectly disassembled. Fixing to use SSE4 encodings in the assembler cosistent with pextrb, pextrd.

R=bbudge@chromium.org, mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2771513002
Cr-Commit-Position: refs/heads/master@{#44047}

Enable compilation stats for Wasm code.
As parallel compilation can interfere with these measurements,
also force single threaded compilation when collecting stats.

BUG=None
TEST=None
LOG=N
R=mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2769743002
Cr-Commit-Position: refs/heads/master@{#44046}

- Skips test when expected value is very small or large.
- Renames methods to make more sense.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2764413003
Cr-Commit-Position: refs/heads/master@{#44045}

This will lazily compile all wasm modules. Just for experimenting
currently.

R=ahaas@chromium.org
BUG=v8:5991

Change-Id: I51fc3655e15f55e87d9fec86ff5dca109fb052be
Reviewed-on: https://chromium-review.googlesource.com/458008Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44044}

- renamed inspector-test methods,
- tuned comment in debug.h

BUG=v8:6118
TBR=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2766283002
Cr-Commit-Position: refs/heads/master@{#44043}

This CL also
1) turns (Add/Subtract)WithFeedbackStub into builtins
2) makes interpreter use BinaryOpAssembler directly
3) drops unused (Multipy/Divide/Modulus)WithFeedbackStubs

BUG=v8:6116

Change-Id: I994aba6442f173535c13dfbaaafae1033de3f2ce
Reviewed-on: https://chromium-review.googlesource.com/458438Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44042}

The order of the return values are wrong for 32 bit big endian machines.

BUG=none
R=titzer@chromium.org, clemensh@chromium.org,

Review-Url: https://codereview.chromium.org/2764583003
Cr-Commit-Position: refs/heads/master@{#44041}

Just the front-end side of
https://chromium-review.googlesource.com/c/446961/. Adds support for
parsing AsyncGeneratorExpression, AsyncGeneratorDeclaration, and
AsyncGeneratorMethod, as well as parser tests.

BUG=v8:5855
R=neis@chromium.org, marja@chromium.org, littledan@chromium.org

Change-Id: I70e1a9681f22573f29292eacb4b9f57f9a38e2b2
Reviewed-on: https://chromium-review.googlesource.com/447117Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44040}

With flag we can debug injected-script-source in inspector-test or from DevTools frontend as regular user code. We need this when working on new features or debugging issues, it's for internal purpose only and doesn't provide any benefits for end users.

Flag: --expose-inspector-scripts

BUG=none
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2767873002
Cr-Commit-Position: refs/heads/master@{#44039}

While the primary use-case for Suspend nodes is the Yield expression,
there are other uses as well: Await expressions, and the initial suspend
of Generators, which returns an object matching the Iterator protocol.

"Suspend" is a better representation of the spec text (closer
to the spec text for the values of [[GeneratorState]] and
[[AsyncGeneratorState]]), and can make it easier to understand the
meaning of what I had previously called Yield::is_normal() (now
Suspend::is_yield()).

Changes requested as part of https://chromium-review.googlesource.com/c/447117/

BUG=
R=neis@chromium.org, adamk@chromium.org
TBR=bmeurer@chromium.org, paul.lind@imgtec.com, joransiu@ca.ibm.com, weiliang.lin@intel.com

Change-Id: Ic6f15b04fff091c20f26526391b967287c06f6bf
Reviewed-on: https://chromium-review.googlesource.com/455583Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44038}

The stack check at the beginning of each function maps to the wasm byte
offset 0. For asm.js functions, this byte offset is mapped further to an
asm.js source position. For most functions, we explicitly add an entry
to this side table for offset 0. This was missing for the start
function.

R=ahaas@chromium.org
BUG=v8:4203,chromium:703568

Change-Id: I05bc4a8cfa666864bb7a0b23f75186abe0be9bee
Reviewed-on: https://chromium-review.googlesource.com/458437
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44037}

Change-Id: I7db6a8bfad31012f09cdfe4a395339309aad45b1
Reviewed-on: https://chromium-review.googlesource.com/457779
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44036}

BUG=v8:6077

Review-Url: https://codereview.chromium.org/2765323002
Cr-Commit-Position: refs/heads/master@{#44035}

Indisputable profit:
- correct break location in next task (see tests),
- stepOver with async await never lands in random code (see related test and issue),
- inspector doesn't store current stepping state in debugger agent and completely trust V8 - step to new inspector-V8 design (I will finish design doc soon).
- willExecuteScript and didExecuteScript instrumentation could be removed from code base - reduce probability of future errors.
- finally - less code,
- stepping implementation in V8 makes another step to follow our stepping strategy (stepOut should do stepInto and break when exit current frame) (another one one page design doc based on @aandrey comment is coming),
- knowledge about existing of context groups is still inspector-only.

Disputable part is related to super rare scenario when in single isolate we have more then one context group id with enabled debugger agent:
- if one agent request break in own context (stepping, pause, e.t.c.) then we ignore all breaks in another agent. From one hand it looks like good: user clicks stepInto and they don't expect that execution could be paused by another instance of DevTools in unobservable from current DevTools way (second DevTools will get paused notification and run nested message loop). From another hand we shouldn't ignore breakpoints or debugger statement never. In general, I think that proposed behavior is rathe feature then issue.
- and disadvantage, on attempt to break in non-target context group id we just call StepOut until reach target context group id, step out call could deoptimize code in non related to current debugger agent context. But break could happens only in case of debugger stmt or breakpoint - sound like minor issue. Ignoring break on exception sounds like real issue but by module of rareness of this case I think we can ignore this.

Implementation details:
- when debugger agent request break for any reason it passes target context group id to V8Debugger - last agent requesting break is preferred.
- when V8Debugger gets BreakProgramRequested notification from V8, it checks current context group id against target context group id, if they match then just process break as usual otherwise makes StepOut action,
- debug.cc at the end of microtask if last_scheduled_action is StepOut, schedules StepIn and will break on first instruction in next task.

BUG=chromium:654022
R=dgozman@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2748503002
Cr-Commit-Position: refs/heads/master@{#44034}