Make sure to always reference it indirectly. This allows us to make the vector
native-context dependent should we wish.

R=ishell@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1364373003

Cr-Commit-Position: refs/heads/master@{#30940}

This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
help with materializing arguments objects when possible. Along the way
this changes the calling convention of said stub to take parameters in
registers instead of on the stack.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1348773002

Cr-Commit-Position: refs/heads/master@{#30919}

Revert of Remove register index/code indirection (patchset #17 id:320001 of https://codereview.chromium.org/1287383003/ )

Reason for revert:
Failures on greedy RegAlloc, Fuzzer

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1365073002

Cr-Commit-Position: refs/heads/master@{#30914}

Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#30913}

There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).

This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.

Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4413, v8:4430
LOG=n

Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
Cr-Commit-Position: refs/heads/master@{#30900}

Review URL: https://codereview.chromium.org/1358423002

Cr-Commit-Position: refs/heads/master@{#30902}

Revert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001 of https://codereview.chromium.org/1358423002/ )

Reason for revert:
Failed on Fuzzer and MIPS bot.

Original issue's description:
> [es6] Introduce spec compliant IsConstructor.
>
> There was already a bit on the Map named "function with prototype",
> which basically meant that the Map was a map for a JSFunction that could
> be used as a constructor. Now this CL generalizes that bit to
> IsConstructor, which says that whatever (Heap)Object you are looking at
> can be used as a constructor (i.e. the bit is also set for bound
> functions that can be used as constructors and proxies that have a
> [[Construct]] internal method).
>
> This way we have a single chokepoint for IsConstructor checking, which
> allows us to get rid of the various ways in which we tried to guess
> whether something could be used as a constructor or not.
>
> Drive-by-fix: Renamed IsConstructor on FunctionKind to
> IsClassConstructor to resolve the weird name clash, and the
> IsClassConstructor name also matches the spec.
>
> R=jarin@chromium.org, rossberg@chromium.org
> BUG=v8:4430
> LOG=n
>
> Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
> Cr-Commit-Position: refs/heads/master@{#30900}

TBR=jarin@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4430

Review URL: https://codereview.chromium.org/1360403002

Cr-Commit-Position: refs/heads/master@{#30901}

There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).

This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.

Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.

R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1358423002

Cr-Commit-Position: refs/heads/master@{#30900}

BUG=chromium:527994
LOG=n

Review URL: https://codereview.chromium.org/1358393004

Cr-Commit-Position: refs/heads/master@{#30889}

We somehow try to push some stuff on the stack when we detect a stack
overflow, that we don't need. Even worse we might access outside the
valid stack bounds. Since we don't need this, it's gone.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=chromium:534881
LOG=n

Review URL: https://codereview.chromium.org/1360953003

Cr-Commit-Position: refs/heads/master@{#30883}

Now both Execution::Call and Execution::New can deal with any
kind of target and will raise a proper exception if the target is not
callable (which is not yet spec compliant for New, as we would
have to check IsConstructor instead, which we don't have yet).

Now we no longer need to do any of these weird call/construct
delegate gymnastics in C++, and we finally have a single true
bottleneck for Call/Construct abstract operations in the code
base, with only a few special handlings left in the compilers to
optimize the JSFunction case.

R=jarin@chromium.org
BUG=v8:4430, v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1360793002

Cr-Commit-Position: refs/heads/master@{#30874}

Slow path for relational comparison of boolean primitive values
now goes through the runtime, which made the slow path even
slower than it already was. So in order to repair the regression,
we just track boolean feedback for comparisons and use that
to generate decent code in Crankshaft (not the best possible
code, but good enough for Crankshaft; TurboFan will be able
to do better on that).

R=jarin@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1347063004

Cr-Commit-Position: refs/heads/master@{#30860}

Fixes a typo introduced earlier, where we compare the value to heap
number map instead of the map loaded previously.

TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1355253002

Cr-Commit-Position: refs/heads/master@{#30859}

Introduce new builtins Construct and ConstructFunction (in line
with the Call and CallFunction builtins that we already have) as
proper bottleneck for Construct and [[Construct]] on JSFunctions.
Use these builtins to support passing NewTarget from C++ to
JavaScript land.

Long-term we want the CallConstructStub to be used for
gathering feedback on entry to construction chain (i.e. the
initial new Foo), and use the Construct builtins to do the
actual work inside the construction chain (i.e. calling into
super and stuff).

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=jarin@chromium.org
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1359583002

Cr-Commit-Position: refs/heads/master@{#30857}

Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.

For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.

R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1355113002

Cr-Commit-Position: refs/heads/master@{#30852}

The StringCompareStub used to take its parameters on the (JavaScript)
stack, which made it impossible to use in TurboFan. Actually
StringCompareStub was currently completely unused. This changes the
calling convention to something TurboFan compatible and introduces a
CallInterfaceDescriptor for StringCompareStub. It also changes
HStringCompareAndBranch to use the StringCompareStub instead of using
the full blown CompareICStub for a stupid string comparison.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1347913003

Cr-Commit-Position: refs/heads/master@{#30818}

This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter.  As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.

Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1350113002

Cr-Commit-Position: refs/heads/master@{#30816}

Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n

Committed: https://crrev.com/359645f48156e15f235e9a9ede7910e0bcd9ae45
Cr-Commit-Position: refs/heads/master@{#30791}

Review URL: https://codereview.chromium.org/1353723002

Cr-Commit-Position: refs/heads/master@{#30808}

Revert of [runtime] Initial step towards switching Execution::Call to callable. (patchset #1 id:1 of https://codereview.chromium.org/1353723002/ )

Reason for revert:
[Sheriff] Causes a dcheck failure in layout tests (and some test changes in release):
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_64__dbg_/1442/layout-test-results/virtual/android/fullscreen/api/element-request-fullscreen-top-stderr.txt
from
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/1442

Original issue's description:
> [runtime] Initial step towards switching Execution::Call to callable.
>
> Currently Execution::Call (and friends) still duplicate a lot of the
> Call sequence logic that should be encapsulated in the Call and
> CallFunction builtins. So the plan now is to switch Execution::Call
> to accept any Callable and just pass that through to the Call builtin.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
> R=jarin@chromium.org
> BUG=v8:4413
> LOG=n
>
> Committed: https://crrev.com/359645f48156e15f235e9a9ede7910e0bcd9ae45
> Cr-Commit-Position: refs/heads/master@{#30791}

TBR=jarin@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413

Review URL: https://codereview.chromium.org/1346763005

Cr-Commit-Position: refs/heads/master@{#30793}

Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1353723002

Cr-Commit-Position: refs/heads/master@{#30791}

This will catch an invalid receiver before being passed to a load ic miss
handler in the runtime.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1351493002

Cr-Commit-Position: refs/heads/master@{#30768}

There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1202173002

Cr-Commit-Position: refs/heads/master@{#30767}

Implement the String constructor completely as native builtin,
avoiding the need to do gymnastics in JavaScript builtin to
properly detect the no argument case (which is different from
the undefined argument case) and also allowing to just
tailcall through to ToString or SymbolDescriptiveString for
the common case. Also the JavaScript builtin was misleading
since the case for construct call was unused, but could be
triggered in a wrong way once we support tail calls from
constructor functions.

This refactoring allows us to properly implement subclassing
for String builtins, once we have the correct initial_map on
derived classes (it's merely a matter of using NewTarget
instead of the target register now).

This introduces a new %SymbolDescriptiveString runtime
entry, which is also used by Symbol.toString() now.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1344893002

Cr-Commit-Position: refs/heads/master@{#30759}

BUG=v8:4423
LOG=N

Review URL: https://codereview.chromium.org/1342013003

Cr-Commit-Position: refs/heads/master@{#30758}

Move the implementation of the Abstract Equality Comparison to the
runtime and thereby remove the EQUALS dispatcher builtin. Also remove
the various runtime entry points that were only used to support the
EQUALS builtin.

Now the Abstract Equality Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1337993005

Cr-Commit-Position: refs/heads/master@{#30747}

Adds support for JS calls to the interpreter. In order to support
calls from the interpreter, the PushArgsAndCall builtin is added
which pushes a sequence of arguments onto the stack and calls
builtin::Call.

Adds the Call bytecode.

MIPS port contributed by akos.palfi@imgtec.com in https://codereview.chromium.org/1334873002/

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1323463005

Cr-Commit-Position: refs/heads/master@{#30710}

The String constructor was somewhat complex with a lot of micro
optimizations that are not relevant or even misguided. It would be
really hard to port that code to ES6, which requires String to be
subclassable. So as a first step we reduced the necessary complexity
to the bare minimum (also removing the last user of the fairly complex
MacroAssembler::LookupNumberStringCache method).

This also removes the counters for the String constructor, which
were not properly exposed anymore (and not kept in sync with inlined
versions of the String constructor anyway).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1335193002

Cr-Commit-Position: refs/heads/master@{#30706}

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1332283002

Cr-Commit-Position: refs/heads/master@{#30695}

Just use a %ThrowStackOverflow runtime function instead, which
does the trick, especially since the Isolate already has a
preallocated StackOverflow error for that.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1337883002

Cr-Commit-Position: refs/heads/master@{#30693}

Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.

Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1335723002

Cr-Commit-Position: refs/heads/master@{#30691}

There are now two runtime entries %NewClosure and %NewClosure_Tenured,
with the same signature (one parameter, the SharedFunctionInfo, and the
context of the caller).

Also remove the HFunctionLiteral special case instruction from Crankshaft,
as HCallWithDescriptor with FastNewClosureStub or HCallRuntime with
either %NewClosure or %NewClosure_Tenured can easily do that for you.

Also remove the redundant context parameter from the JSCreateClosure
operator, because every JS operator already takes a context input.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg

Review URL: https://codereview.chromium.org/1329293003

Cr-Commit-Position: refs/heads/master@{#30671}

On a call to Array(), we patched a call ic. This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and calling the array constructor stub appropriately.

BUG=

Review URL: https://codereview.chromium.org/1332563003

Cr-Commit-Position: refs/heads/master@{#30649}

The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.

The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.

BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1330033002

Cr-Commit-Position: refs/heads/master@{#30648}

The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.

If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).

BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1325573004

Cr-Commit-Position: refs/heads/master@{#30634}

The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.

This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.

This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4413
LOG=n

Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
Cr-Commit-Position: refs/heads/master@{#30627}

Review URL: https://codereview.chromium.org/1311013008

Cr-Commit-Position: refs/heads/master@{#30629}

Revert of [builtins] Unify the various versions of [[Call]] with a Call builtin. (patchset #10 id:260001 of https://codereview.chromium.org/1311013008/ )

Reason for revert:
Breaks nosnap, needs investigation

Original issue's description:
> [builtins] Unify the various versions of [[Call]] with a Call builtin.
>
> The new Call and CallFunction builtins supersede the current
> CallFunctionStub (and CallIC magic) and will be the single bottleneck
> for all calling, including the currently special Function.prototype.call
> and Function.prototype.apply builtins, which had handwritten (and
> not fully compliant) versions of CallFunctionStub, and also the
> CallIC(s), which where also slightly different.
>
> This also reduces the overhead for API function calls, which is still
> unnecessary high, but let's do that step-by-step.
>
> This also fixes a bunch of cases where the implicit ToObject for
> sloppy receivers was done in the wrong context (in the caller
> context instead of the callee context), which basically meant
> that we allowed cross context access to %ObjectPrototype%.
>
> MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
>
> R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
> BUG=v8:4413
> LOG=n
>
> Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
> Cr-Commit-Position: refs/heads/master@{#30627}

TBR=rmcilroy@chromium.org,jarin@chromium.org,mstarzinger@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413

Review URL: https://codereview.chromium.org/1328963004

Cr-Commit-Position: refs/heads/master@{#30628}

The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.

This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.

This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1311013008

Cr-Commit-Position: refs/heads/master@{#30627}

The last changes for vector store functionality, they are in 3 areas:

1) The new vector [keyed] store code stubs - implementation.
2) IC and handler compiler adjustments
3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.

TBR=bmeurer@chromium.org, jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1319123004

Cr-Commit-Position: refs/heads/master@{#30581}

This is uncontroversial the dead code removal part of
https://codereview.chromium.org/1307943013, which was
previously landed, but got reverted because of DOM
breakage that requires more investigation.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1322843005

Cr-Commit-Position: refs/heads/master@{#30577}

Revert of Vector ICs: platform support for vector-based stores. (patchset #7 id:120001 of https://codereview.chromium.org/1328603003/ )

Reason for revert:
[Sheriff] Breaks compile on arm:
http://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20builder/builds/6590

Original issue's description:
> Vector ICs: platform support for vector-based stores.
>
> The last changes for vector store functionality, they are in 3 areas:
>
> 1) The new vector [keyed] store code stubs - implementation.
> 2) IC and handler compiler adjustments
> 3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.
>
> BUG=
>
> Committed: https://crrev.com/63af1b3aec6547e7cdf502666ff79c562de8b679
> Cr-Commit-Position: refs/heads/master@{#30570}

TBR=bmeurer@chromium.org,jkummerow@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1303053004

Cr-Commit-Position: refs/heads/master@{#30571}

The last changes for vector store functionality, they are in 3 areas:

1) The new vector [keyed] store code stubs - implementation.
2) IC and handler compiler adjustments
3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.

BUG=

Review URL: https://codereview.chromium.org/1328603003

Cr-Commit-Position: refs/heads/master@{#30570}