Adds --turbo to the set of flags run with ignition (making the
configuration pure Ignition+TurboFan except for fallbacks to
full-codegen for catch / eval). Also changes the default
--ignition-filter to allow everything, rather than omit everything.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1537433003

Cr-Commit-Position: refs/heads/master@{#33090}

Add control for the ignition test suites. This will be
followed by a change on the infra side that targets the
ignition set instead of the hardcoded mjsunit.

After that, cctest can be enabled in a separate CL. This CL
already includes the logic for running cctest for ignition
on swarming.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1559943002

Cr-Commit-Position: refs/heads/master@{#33089}

Fix stack push issues on non-x64 platforms for
InterpreterNotifyDeoptimized builtins.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1553123002

Cr-Commit-Position: refs/heads/master@{#33088}

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1559923002

Cr-Commit-Position: refs/heads/master@{#33087}

VisitNewLocalBlockContext funciton was allocating two registers and checking
if they are consecutive. This cl changes it to reserve consecutive registers.
The earlier code breaks this test mjsunit/regress/regress-542099.js.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1545003003

Cr-Commit-Position: refs/heads/master@{#33086}

This restricts turbofan to turbofan-supported subset for the shipping
configuration ("use asm" and features unsupported by Crankshaft).

Without this, we compile with Turbofan even when there is
try-catch-finally as long as the function is "use asm" or
it contains a feature unsupported by crankshaft but supported
by turbofan (e.g., 'with' statement).

BUG=

Review URL: https://codereview.chromium.org/1552233002

Cr-Commit-Position: refs/heads/master@{#33085}

This is preferable because in TurboFan we need to call it, and can't pass
untagged external pointers on the stack.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1556913002

Cr-Commit-Position: refs/heads/master@{#33084}

R=verwaest@chromium.org
BUG=chromium:573857
LOG=n

Review URL: https://codereview.chromium.org/1551333002

Cr-Commit-Position: refs/heads/master@{#33083}

In addition to ThrowTypeError not being a constructor, it was invalidly set up by simply swapping the map. Swapping the map is insufficient since NewFunction* actually set up the function depending on the used map.

BUG=chromium:573858
LOG=n

Review URL: https://codereview.chromium.org/1552223002

Cr-Commit-Position: refs/heads/master@{#33082}

LoadElement nodes used a Int32Constant in some cases, which made
matching for constant values in optimizations more difficult than
necessary.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1559853002

Cr-Commit-Position: refs/heads/master@{#33081}

TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1555053002 .

Cr-Commit-Position: refs/heads/master@{#33080}

TBR=hablich@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1553103002

Cr-Commit-Position: refs/heads/master@{#33079}

BUG=572409
LOG=n

Review URL: https://codereview.chromium.org/1555023002

Cr-Commit-Position: refs/heads/master@{#33078}

TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1557833002 .

Cr-Commit-Position: refs/heads/master@{#33077}

After this change (https://codereview.chromium.org/1507903004) to type feedback
vector, wide bytecodes for global/keyed/named load-stores were not generated due
to a change in the number of type feedback vector slots. This cl fixes tests to
generate wide bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1546923002

Cr-Commit-Position: refs/heads/master@{#33076}

Adds support for loads and stores to lookup slots to BytecodeGraphBuilder.
Also adds tests for them.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1541143003

Cr-Commit-Position: refs/heads/master@{#33075}

The Object.freeze, Object.isExtensible, Object.isFrozen,
Object.isSealed, Object.preventExtensions and Object.seal builtins were
already implemented in C++, but they still had some funny JavaScript
wrappers that just called into the C++ implementation on every
(interesting) execution path.

Review URL: https://codereview.chromium.org/1553043002

Cr-Commit-Position: refs/heads/master@{#33074}

Use the same mechanism that is already available for Crankshaft to not
leak all kinds of things in TurboFan generated code. Long-term we will
support weakness in a better way, but for now, just use the
infrastructure that is already in place to avoid memory leaks via
TurboFan generated code.

R=jarin@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1555743003

Cr-Commit-Position: refs/heads/master@{#33073}

Unify the constructors and isView methods for ArrayBuffer and
SharedArrayBuffer, moving them to C++ because there's no point
in having the JavaScript wrappers for them.

We choose to deliberately violate the ES2015 specification and
implement the ArrayBuffer constructor in a way that matches
Firefox and Safari instead.

CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
BUG=chromium:565917, v8:4592
TBR=hpayer@chromium.org
R=cbruni@chromium.org
LOG=n

Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
Cr-Commit-Position: refs/heads/master@{#32590}

Review URL: https://codereview.chromium.org/1500543002

Cr-Commit-Position: refs/heads/master@{#33072}

TurboFan can accept them, it calls a runtime function to initialize
the rest object as a JSArray.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1543253002

Cr-Commit-Position: refs/heads/master@{#33071}

X87: [runtime] TailCallRuntime and CallRuntime should use default argument counts specified in runtime.h.

  port b889d79d(r33066)

  original commit message:
  In the vast majority of the cases when we call into the runtime we use
  the default number of arguments. Hence, there is not need to specify it
  again. This CL also removes TailCallExternalReference as there were no
  users.

BUG=

Review URL: https://codereview.chromium.org/1559693002

Cr-Commit-Position: refs/heads/master@{#33070}

Rolling v8/buildtools to 6d0c448437825a1af0ad2ea28128dda474403cd7

Rolling v8/tools/clang to da84f132a581202117fb45bceec8327752c81283

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1554843002

Cr-Commit-Position: refs/heads/master@{#33069}

In a rare edge case, a difference in checks between C++ and
JavaScript lead to an 'illegal access' being thrown by the Date
constructor. This patch harmonizes the checks from both sides.
It's possible that slightly larger dates could be permitted,
as the ECMAScript 2015 specification indicates that +287396-10-12
would be a permissible date in the note in
http://tc39.github.io/ecma262/#sec-extended-years
This patch does not revisit the limit, only clears up the
inconsistency.

BUG=v8:4640
R=cbruni
LOG=Y

Review URL: https://codereview.chromium.org/1545883003

Cr-Commit-Position: refs/heads/master@{#33068}

Reland of Use ES2015-style TypedArray prototype chain (patchset #1 id:1 of https://codereview.chromium.org/1554523002/ )

Reason for revert:
Should be fixed again with this Blink change to add NeedsManualRebaseline

Original issue's description:
> Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
>
> Reason for revert:
> [Sheriff] Changes layout tests. Please fix upstream first if intended.
>
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689
>
> Original issue's description:
> > Use ES2015-style TypedArray prototype chain
> >
> > This patch switches TypedArrays to use the prototype chain described
> > in the ES2015 specification, which adds a %TypedArray% superclass above
> > all individual TypedArray types. Most methods are defined on the
> > superclass rather than the subclasses.
> >
> > In order to prevent a performance regression, a few methods are
> > marked as inline. Inlining might prevent code which was previously
> > monomorphic from becoming polymorphic, and it was specifically
> > applied in places where methods became more polymorphic than before.
> > Tests with realistic workloads would be nice to do before this
> > ships in stable.
> >
> > This patch does not bring TypedArrays up to full spec compliance. In
> > particular, @@species is not yet supported.
> >
> > R=cbruni
> > BUG=v8:4085
> > LOG=Y
> >
> > Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> > Cr-Commit-Position: refs/heads/master@{#33050}
>
> TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4085
>
> Committed: https://crrev.com/28b55ffd1e32e09aaf42b8bbb407944d4808e07c
> Cr-Commit-Position: refs/heads/master@{#33053}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,machenbach@chromium.org
BUG=v8:4085
LOG=Y

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1558663002

Cr-Commit-Position: refs/heads/master@{#33067}

counts specified in runtime.h.

In the vast majority of the cases when we call into the runtime we use
the default number of arguments. Hence, there is not need to specify it
again. This CL also removes TailCallExternalReference as there were no
users.

BUG=

Review URL: https://codereview.chromium.org/1553703002

Cr-Commit-Position: refs/heads/master@{#33066}

Reland "Clean up promises and fix an edge case bug (patchset #4 id:60001 of https://codereview.chromium.org/1488783002/ )"

This patch relands a change to ES2015 Promises which brings us closer to
spec compliance. In this new version, a bug which would lose async callstack
data was fixed.

R=adamk
CC=rossberg,caitp
LOG=Y
BUG=v8:3641
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1538663002

Cr-Commit-Position: refs/heads/master@{#33065}

Port 97def807

Original commit message:
    According to the ES2015 specification, bound functions are exotic
    objects, and thus don't need to be implemented as JSFunctions. So
    we introduce a new JSBoundFunction type to represent bound functions
    and make them optimizable. This already improves the performance of
    calling or constructing bound functions by 10-100x depending on the
    use case because we avoid the crazy dance between JavaScript and C++
    that was implemented in v8natives.js previously.

    There's still room for improvement in the performance of actually
    creating bound functions, which is also relevant in practice, but
    we already have a plan how to accomplish that later.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Review URL: https://codereview.chromium.org/1559473002

Cr-Commit-Position: refs/heads/master@{#33064}

Port bafb568b

R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1552783002

Cr-Commit-Position: refs/heads/master@{#33063}

Do not abstract r0 as a general scratch register -- usage is valid
only in short, localized sequences (since its value may be altered
implicitly by some macro operations).

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:571370
LOG=N

Review URL: https://codereview.chromium.org/1556643002

Cr-Commit-Position: refs/heads/master@{#33062}

There's no point in keeping the ObjectCreate JavaScript wrapper
function, which even does allocation site pretenuring for the
instances created via Object.create (where ObjectCreate itself is
the AllocationSite), and does not offer any sane way forward.

Instead introduce a new ObjectCreate C++ builtin, which currently
serves as a baseline implementation, on top of which we can think
about ways to optimize Object.create for the common case (i.e.
frameworks such as Ember.js make heavy use of Object.create).

R=cbruni@chromium.org
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1558433002

Cr-Commit-Position: refs/heads/master@{#33061}

Rolling v8/tools/clang to d1e1de24f0e66c2f5a8b865c8ffb4042793286e9

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1551053002

Cr-Commit-Position: refs/heads/master@{#33060}

JumpToExternalReference ignored the passed-in result_size argument, which
defaulted to 1. This change updates all users to not use a result_size.

BUG=

Review URL: https://codereview.chromium.org/1550923002

Cr-Commit-Position: refs/heads/master@{#33059}

BUG=chromium:571064
LOG=Y
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1548363003

Cr-Commit-Position: refs/heads/master@{#33058}

BUG=chromium:571370
LOG=Y

Review URL: https://codereview.chromium.org/1546323002

Cr-Commit-Position: refs/heads/master@{#33057}

This matches the behavior of JSObject::JSObjectVerify() and seems to be
the current contract for --verify-heap.

BUG=chromium:572590
LOG=n

Review URL: https://codereview.chromium.org/1553463002

Cr-Commit-Position: refs/heads/master@{#33056}

BUG=

Review URL: https://codereview.chromium.org/1550113002

Cr-Commit-Position: refs/heads/master@{#33055}

NOTRY=true
TBR=rmcilroy@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1552663002

Cr-Commit-Position: refs/heads/master@{#33054}

Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )

Reason for revert:
[Sheriff] Changes layout tests. Please fix upstream first if intended.

https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689

Original issue's description:
> Use ES2015-style TypedArray prototype chain
>
> This patch switches TypedArrays to use the prototype chain described
> in the ES2015 specification, which adds a %TypedArray% superclass above
> all individual TypedArray types. Most methods are defined on the
> superclass rather than the subclasses.
>
> In order to prevent a performance regression, a few methods are
> marked as inline. Inlining might prevent code which was previously
> monomorphic from becoming polymorphic, and it was specifically
> applied in places where methods became more polymorphic than before.
> Tests with realistic workloads would be nice to do before this
> ships in stable.
>
> This patch does not bring TypedArrays up to full spec compliance. In
> particular, @@species is not yet supported.
>
> R=cbruni
> BUG=v8:4085
> LOG=Y
>
> Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> Cr-Commit-Position: refs/heads/master@{#33050}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1554523002

Cr-Commit-Position: refs/heads/master@{#33053}

Rolling v8/tools/clang to 2f115cac36580d305f8060d98fb9cc1f034e78e8

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1550883002

Cr-Commit-Position: refs/heads/master@{#33052}

When calling into C++ for a ConstructStub, we need to enter the target
context manually currently, which seems to be too fragile and easy to
forget. So instead of doing that manually, we just always enter the
correct context in the trampoline.

Drive-by-fix: Trivial cleanups for some builtins.

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1551473002

Cr-Commit-Position: refs/heads/master@{#33051}