The machine types were incorrect for the runtime function and argument
count parameters. The latter was introduced in 3e2085eb, while the
former seems to always have been wrong.

This was not an issue so far because GetRuntimeCallDescriptor was only
called after the representation selection phase and thus the machine
type was ignored.

R=jarin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2250863004
Cr-Commit-Position: refs/heads/master@{#38720}

Initialize Code::builtin_index to -1. This ensures that it is
non-negative for builtin code objects (since it is set by
Builtins::SetUp), and -1 for everything else.

BUG=

Review-Url: https://codereview.chromium.org/2254193002
Cr-Commit-Position: refs/heads/master@{#38719}

As required by the spec, ToJS now throws a TypeError fit I64 values
instead of truncating the I64 value to I32. To throw a TypeError I
introduced a new runtime function because the existing
Runtime::kThrowWasmError does not throw a TypeError. Since we have calls
to two runtime functions now, and an additional one is needed for stack
checks, I extracted the call to runtime functions into a helper function.

R=titzer@chromium.org

TEST=mjsunit/wasm/ffi-error.js:I64InSignatureThrows

Review-Url: https://codereview.chromium.org/2254803002
Cr-Commit-Position: refs/heads/master@{#38718}

Adds support for dumping the stack on Windows. Also enables in-process
stack dumping in d8 to dump the stack on exceptions and signals.

This CL changes the format of stack dumps from:
 1: V8_Fatal
 2: 0x1ac6ba5
 3: v8::internal::interpreter::BytecodeGenerator::Visit(v8::internal::AstNode*)
 4: v8::internal::interpreter::BytecodeGenerator::VisitForAccumulatorValue(v8::internal::Expression*)
 ...

To:
  ./out/x64.debug/d8(v8::base::debug::StackTrace::StackTrace()+0x1e) [0x1c6ee5e]
  ./out/x64.debug/d8() [0x1c6ede5]
  /lib/x86_64-linux-gnu/libpthread.so.0(+0x10330) [0x7fa01193e330]
  ./out/x64.debug/d8(v8::base::OS::Abort()+0x12) [0x1c6cea2]
  ./out/x64.debug/d8() [0x1c67538]
  ./out/x64.debug/d8() [0x1ac80b5]
  ./out/x64.debug/d8(v8::internal::interpreter::BytecodeGenerator
::Visit(v8::internal::AstNode*)+0x3cb) [0x1ac323b]
  ./out/x64.debug/d8(v8::internal::interpreter::BytecodeGenerator
::VisitForAccumulatorValue(v8::internal::Expression*)+0x40) [0x1ac2570]

Review-Url: https://codereview.chromium.org/2248393002
Cr-Commit-Position: refs/heads/master@{#38717}

Removes all accesses to the Isolate during bytecode generation and the
bytecode pipeline. Adds an DisallowIsolateAccessScope which is used to
enforce this invariant within the BytecodeGenerator.

BUG=v8:5203

Review-Url: https://codereview.chromium.org/2242193002
Cr-Commit-Position: refs/heads/master@{#38716}

- Avoid unmapping of new space pages while sweeping using a delayed list that
  gets emptied upon the next call to the unmapper.

BUG=chromium:628984
R=hpayer@chromium.org

This reverts commit 4a1f2807.

Review-Url: https://codereview.chromium.org/2255153002
Cr-Commit-Position: refs/heads/master@{#38715}

Revert of There are only 2 language modes, not 3 (patchset #4 id:60001 of https://codereview.chromium.org/2250703003/ )

Reason for revert:
Breaks ARM and MIPS builds e.g. https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug%20builder/builds/2479/steps/compile/logs/stdio

Original issue's description:
> There are only 2 language modes, not 3
>
> BUG=
>
> Committed: https://crrev.com/39764ba293412adde99a77a66d0750695312e006
> Cr-Commit-Position: refs/heads/master@{#38704}

TBR=neis@chromium.org,marja@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2257133002
Cr-Commit-Position: refs/heads/master@{#38714}

Revert of Replace LANGUAGE_END with LAST_LANGUAGE_MODE (patchset #1 id:1 of https://codereview.chromium.org/2257703003/ )

Reason for revert:
Needed to land revert https://codereview.chromium.org/2257133002/

Original issue's description:
> Replace LANGUAGE_END with LAST_LANGUAGE_MODE
>
> BUG=
>
> Committed: https://crrev.com/9324efca85710ebb14f21ef8476447e21cbe3f35
> Cr-Commit-Position: refs/heads/master@{#38707}

TBR=neis@chromium.org,marja@chromium.org,verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2259853002
Cr-Commit-Position: refs/heads/master@{#38713}

Revert of [heap] Don't unmap new space pages while sweeping is active (patchset #4 id:80001 of https://codereview.chromium.org/2250423002/ )

Reason for revert:
The barrier in newspace is still needed.

Original issue's description:
> [heap] Don't unmap new space pages while sweeping is active
>
> - The barrier for scavenge only checked for whether new space pages were swept.
>   This is not enough as a concurrent task could still hang right before trying to
>   lock the page for sweeping. Remove the barrier completely.
> - Avoid unmapping of new space pages while sweeping using a delayed list that
>   gets emptied upon the next call to the unmapper.
>
> BUG=chromium:628984
> R=hpayer@chromium.org
>
> Committed: https://crrev.com/982b399423e6bd941cabb2b825031cd8d5eb4980
> Cr-Commit-Position: refs/heads/master@{#38710}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:628984

Review-Url: https://codereview.chromium.org/2244233007
Cr-Commit-Position: refs/heads/master@{#38712}

[turbofan/x64] Load word64 followed by a shift right 32 -> load (and sign-extend if necessary) high 32bit.

We were missing this optimization in a few cases because TruncateInt64ToInt32 was also interfering.
Also removed the equivalent from simplified-lowering.cc, as the arm64 instruction selector has a similar optimization.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2252333002
Cr-Commit-Position: refs/heads/master@{#38711}

- The barrier for scavenge only checked for whether new space pages were swept.
  This is not enough as a concurrent task could still hang right before trying to
  lock the page for sweeping. Remove the barrier completely.
- Avoid unmapping of new space pages while sweeping using a delayed list that
  gets emptied upon the next call to the unmapper.

BUG=chromium:628984
R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2250423002
Cr-Commit-Position: refs/heads/master@{#38710}

This fixes canonicalization of {SharedFunctionInfo} objects in the
{Compiler::GetSharedFunctionInfo} method when bytecode is preserved.
Eager compilation is only triggered when no code is present.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-638551
BUG=chromium:638551

Review-Url: https://codereview.chromium.org/2245263006
Cr-Commit-Position: refs/heads/master@{#38709}

Rebuilding (after touching certain files) is crazy slow because
includes are out of control.

Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.

BUG=v8:5294

Review-Url: https://codereview.chromium.org/2246203005
Cr-Commit-Position: refs/heads/master@{#38708}

BUG=

Review-Url: https://codereview.chromium.org/2257703003
Cr-Commit-Position: refs/heads/master@{#38707}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2247303005
Cr-Commit-Position: refs/heads/master@{#38706}

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2259613003
Cr-Commit-Position: refs/heads/master@{#38705}

BUG=

Review-Url: https://codereview.chromium.org/2250703003
Cr-Commit-Position: refs/heads/master@{#38704}

This moves the module_descriptor_ field to that subclass, as well as other module-only methods.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2252223002
Cr-Commit-Position: refs/heads/master@{#38703}

BUG=chromium:468240

Review-Url: https://codereview.chromium.org/2245133004
Cr-Commit-Position: refs/heads/master@{#38702}

TBR=littledan@chromium.org
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2259793002
Cr-Commit-Position: refs/heads/master@{#38701}

Revert of Use a custom Struct for stack trace storage (patchset #4 id:60001 of https://codereview.chromium.org/2230953002/ )

Reason for revert:
Performance regressions in Gameboy, Life, CodeLoad and others. See crbug.com/638210.

Original issue's description:
> Refactor data structures for simple stack traces
>
> Simple stack traces are captured through Isolate::CaptureSimpleStackTrace.
> Captured frames are stored in a FixedArray, which in turn is stored as a
> property (using a private symbol) on the error object itself. Actual formatting
> of the textual stack trace is done lazily when the user reads the stack
> property of the error object.
>
> This would involve many conversions back and forth between index-encoded raw
> data (receiver, function, offset and code), JS CallSite objects, and C++
> CallSite objects.
>
> This commit refactors the C++ CallSite class into a Struct class called
> StackTraceFrame, which is the new single point of truth frame information.
> Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS
> CallSite objects (now created only when the user specifies custom stack trace
> formatting through Error.prepareStackTrace) internally only store a reference
> to a StackTraceFrame.
>
> BUG=
>
> Committed: https://crrev.com/b4c1aefb9c369f1a33a6ca94a5de9b06ea4bf5c4
> Cr-Commit-Position: refs/heads/master@{#38645}

TBR=yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/2252783007
Cr-Commit-Position: refs/heads/master@{#38700}

They were not using it for anything. Block and FunctionLiteral need the
Zone, others don't.

BUG=

Review-Url: https://codereview.chromium.org/2249783004
Cr-Commit-Position: refs/heads/master@{#38699}

Ensures SMI values have SMI type even if they have a dot (e.g., 1.0).
Adds SMI_WITH_DOT type to maintain this.

BUG=chromium:638134

Review-Url: https://codereview.chromium.org/2248693005
Cr-Commit-Position: refs/heads/master@{#38698}

Fixed ExtraICStateField which used 1 bits more than were available
BUG=

Review-Url: https://codereview.chromium.org/2258473002
Cr-Commit-Position: refs/heads/master@{#38697}

This fixes the case where a module is instantiated twice via the same
closure when in the meantime another closure has destroyed and removed
the WASM data attached to the SharedFunctionInfo.

R=bradnelson@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=v8:4203

Review-Url: https://codereview.chromium.org/2253613004
Cr-Commit-Position: refs/heads/master@{#38696}

Rolling v8/build to 388e658306466650ee4ad4b3d6d7b230c9cad64c

Rolling v8/third_party/icu to 2341038bf72869a5683a893a2b319a48ffec7f62

Rolling v8/tools/mb to f3036b2e34d746db3635afa0841f51019b2b8d38

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2259703002
Cr-Commit-Position: refs/heads/master@{#38695}

Ensure wasm binaries intended to be used in hosts of v8, such as
chromium, are up to date.

See https://codereview.chromium.org/2255673003/

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2259693002
Cr-Commit-Position: refs/heads/master@{#38694}

BUG=

Review-Url: https://codereview.chromium.org/2250913002
Cr-Commit-Position: refs/heads/master@{#38693}

Language tags with Unicode extensions can have multiple subtags
for a key (e.g. -ca-ismalic-civil has 'islamic-civi' for 'ca').

BUG=v8:4749
TEST=intl/date-format/calendar-with-multiple-type-subtags.js

Review-Url: https://codereview.chromium.org/2248563003
Cr-Commit-Position: refs/heads/master@{#38692}

Reland of Amends the TypedArray constructor to use the path for primitives for all (patchset #1 id:1 of https://codereview.chromium.org/2120763002/ )

Reason for revert:
WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests.

Original issue's description:
> Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset #4 id:60001 of https://codereview.chromium.org/2096873002/ )
>
> Reason for revert:
> Speculative revert to unblock roll https://codereview.chromium.org/2114113002/
>
> Original issue's description:
> > Amends the TypedArray constructor to use the path for primitives for all
> > types of primitives, not just undefined, booleans, numbers, and strings.
> > (The missing cases were null and Symbol.) This is required by the
> > specification, and there are test262 tests which we were failing due to
> > this bug.
> >
> > BUG=v8:5124
> >
> > Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> > Committed: https://crrev.com/f772c22cd1c492aa0235a8e6012d0386146d2eb2
> > Cr-Original-Commit-Position: refs/heads/master@{#37234}
> > Cr-Commit-Position: refs/heads/master@{#37407}
>
> TBR=littledan@chromium.org,bakkot@google.com
> NOTREECHECKS=true
> BUG=v8:5124
>
> Committed: https://crrev.com/9c0aef52fa672db856ebfac7f4bdcd7d7b103663
> Cr-Commit-Position: refs/heads/master@{#37487}

TBR=littledan@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5124

Review-Url: https://codereview.chromium.org/2255543002
Cr-Commit-Position: refs/heads/master@{#38691}

BUG=

Review-Url: https://codereview.chromium.org/2245323005
Cr-Commit-Position: refs/heads/master@{#38690}

Reland of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #2 id:170001 of https://codereview.chromium.org/2113593002/ )

Reason for revert:
WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests.

Original issue's description:
> Revert of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #8 id:140001 of https://codereview.chromium.org/2090353003/ )
>
> Reason for revert:
> Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
>
> Original issue's description:
> > Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
> >
> > The spec was modified to relax some requirements which implementors had not been
> > enforcing. Part of this process involved introducing a new abstract operation
> > ToIndex, which had partial overlap with our existing semantics as well as some
> > differences (most notably treating undefined as 0). Test262 tests were introduced to
> > check for the new semantics, some of which we were failing. This patch amends the
> > parts of our implementation corresponding to specification algorithms which use
> > ToIndex to follow its semantics precisely.
> >
> > BUG=v8:4784,v8:5120
> >
> > Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> > Cr-Commit-Position: refs/heads/master@{#37406}
>
> TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/b1f7f1f4e41a723d5f997738a07e35a031713b8f
> Cr-Commit-Position: refs/heads/master@{#37417}

TBR=littledan@chromium.org,adamk@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4784,v8:5120

Review-Url: https://codereview.chromium.org/2247073004
Cr-Commit-Position: refs/heads/master@{#38689}

Our previous per-arch instantiation thunks for asm.js
didn't support modules that had or were called with anything other
than 3 arguments. Adding support for this.

Addding a runtime test method to check if asm validation succeeded.

Adding a test of validation with different argument count combinations.

R=mstarzinger@chromium.org
TEST=mjsunit/asm/asm-validator.js
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203

Review-Url: https://codereview.chromium.org/2229723002
Cr-Commit-Position: refs/heads/master@{#38688}

Variable alloction and block finalization may reset num_heap_slots_ to 0 later.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2257473002
Cr-Commit-Position: refs/heads/master@{#38687}

The "version 0" format did not deal with references, and used a stack model to
deserialize objects (conceptually, a postorder tree traversal). This requires
an explicit stack, so special logic is added to decode this format.

All subsequent versions also put an object marker at the beginning, which is
equivalent to how the current version serializes.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2248893003
Cr-Commit-Position: refs/heads/master@{#38686}

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2253093002
Cr-Commit-Position: refs/heads/master@{#38685}

Async functions are implemented via special generator functions; special in the
sense that they generally do not immediately yield.  However, our generators
implementation still assumed that every generator function initially yields
(concretely: before doing the state dispatch in a loop header).  This CL fixes
that.

R=littledan@chromium.org, rmcilroy@chromium.org
BUG=chromium:638019

Review-Url: https://codereview.chromium.org/2253033002
Cr-Commit-Position: refs/heads/master@{#38684}

As part of this CL, object reference tracking is implemented (and tested with a
self-referential object). This sort of reference tracking will be shared with
other receivers (array, date, regexp and host objects).

Not included in this CL is compatibility with version-0 objects (which don't
support a non-tree object graph, and require a little stack to correctly
deserialize).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2246093003
Cr-Commit-Position: refs/heads/master@{#38683}

The Smi case was updating the feedback with a bitwise AND instead of a bitwise OR. This was causing feedback that should have been 'kAny' to be erroneusly reported as 'kSignedSmall'.

R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2251863004
Cr-Commit-Position: refs/heads/master@{#38682}

We mark an object allocated as uninitialized. If we happen to have a GC before
fields of a map are written, msan will observe access to unitialized memory and
crash.

This also unifies the handling as we now deal with all spaces in the same way.
In future we could parallelize clearing.

BUG=chromium:638226
R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2251993002
Cr-Commit-Position: refs/heads/master@{#38681}