Bug: v8:7444
Change-Id: Ib4f5134ff57127a5ce4d57dbc42e52111ab938ff
Reviewed-on: https://chromium-review.googlesource.com/940941Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51688}

This reverts commit f48e7349.

Reason for revert: innocent!!

Original change's description:
> Revert "[parsing] inline ArrayLiteral creation for spread calls"
> 
> This reverts commit 93fc3841.
> 
> Reason for revert: may break node.js integration
> 
> Original change's description:
> > [parsing] inline ArrayLiteral creation for spread calls
> > 
> > Instead of using runtime calls to generate the Array Literal passed to
> > %reflect_call / %reflect_construct, we create an ArrayLiteral from the
> > list of arguments, and perform spreads using the interpreter mechanism for
> > spreading in ArrayLiterals (thus, the spreading becomes inline). This
> > array literal is still passed to %reflect_call / %reflect_construct as
> > before.
> > 
> > This cuts the runtime for bench-spread-call.js -> testSpread roughly in
> > half, and will likely improve further once
> > https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.
> > 
> > BUG=v8:7446
> > R=​neis@chromium.org, adamk@chromium.org
> > 
> > Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
> > Reviewed-on: https://chromium-review.googlesource.com/939587
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#51678}
> 
> TBR=adamk@chromium.org,neis@chromium.org,caitp@igalia.com,bmeurer@chromium.org
> 
> Change-Id: I4730077591bce0e5e7b2ce7d59678e8b7135cc08
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7446
> Reviewed-on: https://chromium-review.googlesource.com/945769
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51682}

TBR=adamk@chromium.org,neis@chromium.org,sigurds@chromium.org,caitp@igalia.com,bmeurer@chromium.org

Change-Id: I977513bea06a4f3fba03fa4a89270298475422e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7446
Reviewed-on: https://chromium-review.googlesource.com/945808Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51686}

Table inits can contain imported functions, hence their code will be a
wasm-to-wasm wrapper.
Fix a DCHECK and add a regression test.

R=ahaas@chromium.org

Bug: chromium:817380
Change-Id: I836be589e1ae66839ccd470154c8dea488e6bc1f
Reviewed-on: https://chromium-review.googlesource.com/943107
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51685}

Previously the array iterator protector only guarded the lookup of the
@@iterator symbol on the initial Array.prototype, and we had to use an
additional map check on the %ArrayIteratorPrototype% to ensure that no
one messed with the next() method.  This CL extends the array iterator
protector to also guard the lookup of %ArrayIteratorPrototype%.next.

This simplifies the code quite a bit and makes it more robust for cases
where someone has to install additional methods on the iterator
prototype, i.e. a custom async iterator.

Bug: v8:7510, v8:7514
Change-Id: Ie6080bb837a91a2b60b224597121470614210660
Reviewed-on: https://chromium-review.googlesource.com/945728Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51684}

This reverts commit 93fc3841.

Reason for revert: may break node.js integration

Original change's description:
> [parsing] inline ArrayLiteral creation for spread calls
> 
> Instead of using runtime calls to generate the Array Literal passed to
> %reflect_call / %reflect_construct, we create an ArrayLiteral from the
> list of arguments, and perform spreads using the interpreter mechanism for
> spreading in ArrayLiterals (thus, the spreading becomes inline). This
> array literal is still passed to %reflect_call / %reflect_construct as
> before.
> 
> This cuts the runtime for bench-spread-call.js -> testSpread roughly in
> half, and will likely improve further once
> https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.
> 
> BUG=v8:7446
> R=​neis@chromium.org, adamk@chromium.org
> 
> Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
> Reviewed-on: https://chromium-review.googlesource.com/939587
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51678}

TBR=adamk@chromium.org,neis@chromium.org,caitp@igalia.com,bmeurer@chromium.org

Change-Id: I4730077591bce0e5e7b2ce7d59678e8b7135cc08
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7446
Reviewed-on: https://chromium-review.googlesource.com/945769Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51682}

Instead of using runtime calls to generate the Array Literal passed to
%reflect_call / %reflect_construct, we create an ArrayLiteral from the
list of arguments, and perform spreads using the interpreter mechanism for
spreading in ArrayLiterals (thus, the spreading becomes inline). This
array literal is still passed to %reflect_call / %reflect_construct as
before.

This cuts the runtime for bench-spread-call.js -> testSpread roughly in
half, and will likely improve further once
https://chromium-review.googlesource.com/c/v8/v8/+/915364 has landed.

BUG=v8:7446
R=neis@chromium.org, adamk@chromium.org

Change-Id: I74a6acd3a60aad422e4ac575275c7b567659d8ad
Reviewed-on: https://chromium-review.googlesource.com/939587
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51678}

Bug: v8:6532
Change-Id: I6fde1fd2cc5776628af4e8a92e9b9ec030b398f7
Reviewed-on: https://chromium-review.googlesource.com/923718Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51675}

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I838bbb7c35c73edae8eaa7e94325e0c1341a0056
Reviewed-on: https://chromium-review.googlesource.com/944624Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51674}

This reverts commit 517df524.

Reason for revert: Fails MSAN tests - https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/20030

Original change's description:
> [parser] Implements proposal-numeric-separator.
> 
> https://github.com/tc39/proposal-numeric-separator
> 
> This proposal-numeric-separator extends NumericLiteral and
> allows developers to insert underscore(_) inside numeric literal.
> 
> Bug: v8:7317
> Change-Id: I2a1a45cd6fe09cc5df63433bc915988fde687a33
> Reviewed-on: https://chromium-review.googlesource.com/923441
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51671}

TBR=adamk@chromium.org,jkummerow@chromium.org,hablich@chromium.org,gsathya@chromium.org,mathias@chromium.org,goto@google.com,brn@b6n.ch

Change-Id: I6dcf46820caf20f28fbc11d94a5e8ced3cbbc78d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7317
Reviewed-on: https://chromium-review.googlesource.com/944767Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51672}

https://github.com/tc39/proposal-numeric-separator

This proposal-numeric-separator extends NumericLiteral and
allows developers to insert underscore(_) inside numeric literal.

Bug: v8:7317
Change-Id: I2a1a45cd6fe09cc5df63433bc915988fde687a33
Reviewed-on: https://chromium-review.googlesource.com/923441
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51671}

Bug: v8:6791, v8:7506
Change-Id: I8ff41cb5fab03ab2ced8f21016a0744582a3fcee
Reviewed-on: https://chromium-review.googlesource.com/942387
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51666}

Bug: v8:6791, v8:7486
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I733d0fb886c42928816fe570712ed23f41c8e751
Reviewed-on: https://chromium-review.googlesource.com/938945Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51664}

Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/941442.

"background" refers to a priority and is inappropriate to refer to
worker threads as many tasks posted to worker threads by v8 are in
fact high priority.

Also took advantage of this rename to make NumberOfWorkerThreads()
return an int instead of size_t. While it is never negative, int is
simpler and Google C++ style guide states to avoid unsigned integers in
such cases (ref. "On Unsigned Integers" @
https://google.github.io/styleguide/cppguide.html#Integer_Types).

The Chromium embedder for that call provided an int which was converted
to size_t for this override and most often casted back down to int on the
v8 side, adding churn, and readability overhead.

R=ahaas@chromium.org

Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib5280df73d2846b111d985be65a10b049995ea6a
Reviewed-on: https://chromium-review.googlesource.com/941944
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51662}

Bug: chromium:808845
Change-Id: I406ca472e74b8fce5f79bc389bd40aec7dcebb84
Reviewed-on: https://chromium-review.googlesource.com/943261Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51661}

This CL adds a regression benchmark for a fast-path of
String.p.charCodeAt, which is important for node.js.

Bug: v8:7326
Change-Id: I54efaa2988c595dd40e6a55a3464b3ee7de6f07b
Reviewed-on: https://chromium-review.googlesource.com/942885Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51654}

R=ahaas@chromium.org

Bug: v8:7508, v8:6600
Change-Id: I9eb04171eb489383bb746e2d04c6ffff304b7918
Reviewed-on: https://chromium-review.googlesource.com/942821Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51652}

MSVC 2015 and 2017 implement std::is_trivially_copyable, but not
correctly. Hence, reimplement it using more low-level primitives.

For stdlibc++ versions below 5.0, we already have a workaround for the
missing support of std::is_trivially_copyable, but this is an unsound
approximation, because it is ignoring move constructor, move assignment
and copy assignment. Therefore, do not use this approximation for
asserting trivial copyability of a type.

Finally, add unittests for the new is_trivially_copyable
implementations.

R=mstarzinger@chromium.org
CC=loorongjie@gmail.com

Change-Id: I9ee56a65882e8c94b72c9a2d484edd27963a5d89
Reviewed-on: https://chromium-review.googlesource.com/941521Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51651}

Some macros in test-assembler-mips have the same name
as newly introduced macros in sid sysroot. We rename
them in order to prevent compilation problems

Change-Id: I84d9562f39c1aca8ac20e979466862228f438425
Reviewed-on: https://chromium-review.googlesource.com/942322Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51649}

Bug: v8:7446
Change-Id: Ic4eaeeb1e4852cffde679b359e562a48e5ba39e9
Reviewed-on: https://chromium-review.googlesource.com/942922
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51648}

With a temporary intermediate step to allow adapting embedders before
getting rid of the ExpectedRuntime method altogether.

The method is being renamed to CallOnWorkerThread() as an effort to
go away from "background" nomenclature for worker threads ("background"
usually refers to a priority but worker threads are commonly used for
high priority tasks in v8).
Other CLs will follow to rename other "background" APIs.

Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2fd4eac7458708d4eacb0f4871c982a567a3865e
Reviewed-on: https://chromium-review.googlesource.com/941442
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51645}

Bug: v8:7310
Change-Id: I87bdb640a3c006a268974b34808f184307badeb2
Reviewed-on: https://chromium-review.googlesource.com/934243
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51644}

Also Add vhaddps to x64
Fix haddps for SSE3 scope and disassembler on ia32/x64

Change-Id: If511e6428fa1ce034b4281943dfee1405c9d4ffc
Reviewed-on: https://chromium-review.googlesource.com/939265Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#51642}

Bug: chromium:810176
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I16e4148434f5cbf44058e1aa5f01693bcba82d0a
Reviewed-on: https://chromium-review.googlesource.com/932943
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51640}

R=jkummerow@chromium.org

Bug: v8:7505, v8:6791
Change-Id: I11b0031dfafa499a813e3e52080ee5542224799a
Reviewed-on: https://chromium-review.googlesource.com/941130Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51639}

For namespace objects, [[GetOwnProperty]] on an uninitialized property
throws a ReferenceError. This was not implemented everywhere. This CL
fixes all such issues I'm aware of.

Bug: v8:7470
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I5f024450005c4f4dcb3f41c844ef055f67a9a869
Reviewed-on: https://chromium-review.googlesource.com/937341Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51638}

The assert-guarded comment claiming that ToNumber could not
possibly neuter the target array unfortunately turns out to
have been wishful thinking.

Bug: chromium:816961
Change-Id: Ib98f96f4cd7f33414c0b5a6037bfb881938cc15e
Reviewed-on: https://chromium-review.googlesource.com/939767
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51637}

gcc and clang (and the standard) don't allow implicit conversion of
function pointers to object pointers. MSVC does allow that, and since
system headers require this to work, clang-cl allows it too -- but
it emits a -Wmicrosoft-cast warning (which we currently suppress in
the Chromium build, but which we want to enable.)

As a side effect, when printing a function pointer to a stream, MSVC
(and clang-cl) will pick the operator<<(void*) overload, while gcc
and clang will pick operator<<(bool) since the best allowed conversion
they find is from function pointer to bool.

To prevent the clang-cl warning, we need to make sure that we never
directly print a function pointer to a stream. In v8, this requires
two changes:

1. Give PrintCheckOperand() an explicit specialization for function
   pointers and explicitly cast to void* there.  This ports
   https://codereview.chromium.org/2515283002/ to V8, and also fixes a
   bug on non-Windows where DCHECK() of function pointers would print
   "(1 vs 1)" instead of the function's addresses.
   (The bug remains with member function pointers,
   where it's not clear what to print instead of the 1.)

2. has_output_operator<T> must not use operator<< on its argument
   in an evaluated context if T is a function pointer.  This patch
   modifies has_output_operator<> to use an unevaluated context instead,
   which is simpler than the current approach (and matches what Chromium's
   base does), but changes behavior    in minor (boring) ways
   (see template-utils-unittest.cc), since operator<<() is now
   called with a temporary and only operator<<() implementations callable
   with a temporary are considered.
   A more complicated but behavior-preserving alternative would be to
   add an explicit specialization for function pointers. You can see
   this variant in patch set 1 on gerrit.

Bug: chromium:550065
Change-Id: Idc2854d6c258b7fc0b959604006d8952a79eca3d
Reviewed-on: https://chromium-review.googlesource.com/940004
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51636}

Due to a recent refactoring the function EnsureEventLoopInitialized on
the default platform became obsolete. It does not contain a single line
of code. With this CL we prepare the removal of this function from the
V8 platform API.

R=rmcilroy@chromium.org

Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: If4d54cd989f8df2f40b322be3b67bb8a482398d0
Reviewed-on: https://chromium-review.googlesource.com/934221
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51635}

R=clemensh@chromium.org

Change-Id: Ib6f0c0de813049192ea99b194d5ef4b17d44cd72
Reviewed-on: https://chromium-review.googlesource.com/939784Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51632}

This CL also reorganizes the Strings test suite

Bug: v8:7340
Change-Id: I54d4d76a16c362e38ebfc9719ac8cb1a490ef3cc
Reviewed-on: https://chromium-review.googlesource.com/941122Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51631}

According to the spec, exported wasm functions should not have a
[[Construct]] method, hence they don't have a prototype.

R=bmeurer@chromium.org
CC=​titzer@chromium.org

Bug: v8:7503
Change-Id: I9e142d65a80c0ef6dbd743421771f194c2d50614
Reviewed-on: https://chromium-review.googlesource.com/939782Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51622}

This also adds a DCHECK that the buffer does not have guard pages in
MaterializeArrayBuffer because the code there does not know how correctly set up
a buffer with guard pages.

Bug: chromium:801849
Change-Id: Ic761fcdfbd16a2d6e87f4eb135f5d03b7aa2d71d
Reviewed-on: https://chromium-review.googlesource.com/938968Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51616}

Previously GetSharedFunctionInfoForStreamedScript didn't either check the
compilation cache or put the result of compilation into the compilation
cache. This would mean future compiles would need to re-parse / compile
the same script even if the isolate had already seen it. This CL
fixes this.

Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
for all script compiles even when loading from a cache.

BUG=v8:5203

Change-Id: I4b06bdfc566425f4e6d70fc3e6e080b0dc497d48
Reviewed-on: https://chromium-review.googlesource.com/939464
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51607}

Bug: chromium:774108
Change-Id: I5345fed261862b0e20356ec4579b16cdf0ea58a6
Reviewed-on: https://chromium-review.googlesource.com/899148
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51606}

R=cbruni@chromium.org
BUG=v8:7438

Change-Id: I2359ff08f0c37c683bbcb164eb3120539d2bb124
Reviewed-on: https://chromium-review.googlesource.com/939468Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51605}

When generating a 64bit memory operation on ia32, we need to emit two
operations, one at {offset+4}, one at {offset}. The computation
{offset+4} can overflow, which is ok because
1) it won't be used for code generation later, and
2) the generated code will not be reached because the memory access is
   always out of bounds anyway.

R=ahaas@chromium.org

Bug: v8:7499, v8:6600
Change-Id: Ia4660688c3291700c48efc201d15fc370b4dd854
Reviewed-on: https://chromium-review.googlesource.com/939389Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51604}

The number of arguments passed on the stack might exceed the regular
object size limits. Hence we need to emit write barriers when copying
the arguments from the stack into the allocated array.

Bug: chromium:813450
Change-Id: I829c5c32b1a7b5f4ddb01cc6ea92f85ab47126aa
Reviewed-on: https://chromium-review.googlesource.com/939174Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51603}

Turbofan can only handle 64K control inputs for merges. Such large
can only be created by functions with 64K jumps, so we limit the
bytecode size to the minimum size of bytecode arrays with 64K jumps.

Bug: chromium:815392, v8:7438
Change-Id: I674705e87e19ce451b40d5827c9fe3e6ec17293a
Reviewed-on: https://chromium-review.googlesource.com/938421
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51598}

This reverts commit 25427203.

Reason for revert: code-coverage failures on gc-stress bot: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/17956

Original change's description:
> Reland: [Compiler] Use CompilationCache for StreamedScript compilation.
> 
> Previously GetSharedFunctionInfoForStreamedScript didn't either check the
> compilation cache or put the result of compilation into the compilation
> cache. This would mean future compiles would need to re-parse / compile
> the same script even if the isolate had already seen it. This CL
> fixes this.
> 
> Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
> for all script compiles even when loading from a cache.
> 
> BUG=v8:5203
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> 
> Change-Id: I0a74c5b67bfaca5e50511d5f72da0ab53d8457f6
> Reviewed-on: https://chromium-review.googlesource.com/937724
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51594}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,mythria@chromium.org

Change-Id: I784b9eeff75a677b9f2276fa05a0d1af09772baa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/939401Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51596}

There is a clear mistake of using kWasmF64 instead of kWasmF32.

R=ahaas@chromium.org

Change-Id: I638d568b3736fdb8417f17bcd04d17268a45b965
Reviewed-on: https://chromium-review.googlesource.com/939178Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51595}