Revert of Non-pattern rewriting revisited (patchset #3 id:40001 of https://codereview.chromium.org/1702063002/ )

Reason for revert:
[Sheriff] This makes jsfunfuzz unhappy:
https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/7681

Original issue's description:
> This patch implements an alternative approach to the rewriting
> of non-pattern expressions, according to the (internally circulated)
> design document.  Details to be provided here.
>
> 1.  RewritableAssignmentExpression has been renamed to RewritableExpression.
>     It is a wrapper for AST nodes that wait for some potential rewriting
>     (that may or may not happen).  Also, Is... and As... macros now see
>     through RewritableExpressions.
>
> 2.  The function state keeps a list of rewritable expressions that must be
>     rewritten only if they are used as non-pattern expressions.
>
> 3.  Expression classifiers are now templates, parameterized by parser
>     traits.  They keep some additional state: a pointer to the list of
>     non-pattern rewritable expressions.  It is important that expression
>     classifiers be used strictly in a stack fashion, from now on.
>
> 4.  The RewriteNonPattern function has been simplified.
>
> BUG=chromium:579913
> LOG=N
>
> Committed: https://crrev.com/7f5c864a6faf2b957b7273891e143b9bde35487c
> Cr-Commit-Position: refs/heads/master@{#34154}

TBR=rossberg@chromium.org,bmeurer@chromium.org,titzer@chromium.org,nikolaos@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579913

Review URL: https://codereview.chromium.org/1712203002

Cr-Commit-Position: refs/heads/master@{#34158}

This CL introduces an import section that names functions to be imported
as well as a CallImport bytecode to call imports from this table.

R=binji@chromium.org,bradnelson@chromium.org
LOG=Y
BUG=chromium:575167

Review URL: https://codereview.chromium.org/1709653002

Cr-Commit-Position: refs/heads/master@{#34157}

Extract the logic to find out the best candidate out of the core of the
scheduler. It allows more flexibility and make it easy to change the
policy use to schedule the basic blocks.

This patch also provide a new algorithm to randomly schedule the code
in order to perform stress tests on the scheduler.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1714753004

Cr-Commit-Position: refs/heads/master@{#34156}

This experimentally implements taring/untaring the test data
for test262 on the v8-side before test isolation and when
running the tests.

It archives on demand only if the tar is outdated compared
to the contained files. This comes with a cost of ~1s extra
to run gyp on linux and ~6s extra on windows. Ninja is
lightning fast afterwards in detecting changes. Also, we
archive only when test_isolation_mode is set and when
the test262_run target is required.

The archiving itself costs ~30s on all platforms. But as the
files will change seldom this shouldn't have a big impact.

Extraction on the test runner side is below 2s on mac and
linux. The speedup is enormous. Around 5 minutes were spent
on download on swarming slaves before, which is now only
a few seconds. So total test time for release (no variants),
e.g. goes from 8 to 3 minutes.

BUG=chromium:535160
LOG=n

Review URL: https://codereview.chromium.org/1713993002

Cr-Commit-Position: refs/heads/master@{#34155}

of non-pattern expressions, according to the (internally circulated)
design document.  Details to be provided here.

1.  RewritableAssignmentExpression has been renamed to RewritableExpression.
    It is a wrapper for AST nodes that wait for some potential rewriting
    (that may or may not happen).  Also, Is... and As... macros now see
    through RewritableExpressions.

2.  The function state keeps a list of rewritable expressions that must be
    rewritten only if they are used as non-pattern expressions.

3.  Expression classifiers are now templates, parameterized by parser
    traits.  They keep some additional state: a pointer to the list of
    non-pattern rewritable expressions.  It is important that expression
    classifiers be used strictly in a stack fashion, from now on.

4.  The RewriteNonPattern function has been simplified.

BUG=chromium:579913
LOG=N

Review URL: https://codereview.chromium.org/1702063002

Cr-Commit-Position: refs/heads/master@{#34154}

Track whether the Object.assign source is stable with a bool rather than map-check on each iteration.

BUG=

Review URL: https://codereview.chromium.org/1704363004

Cr-Commit-Position: refs/heads/master@{#34153}

A few options and features have been added to the tool:

* an output file might be specified using --output=file.name
* a shortcut when the output file is also the input, which is handy
   when fixing golden files, --rebaseline.
* the input snippet might be optionally not wrapped in a top function,
   or not executed after compilation (--no-wrap and --no-execute).
* the name of the wrapper can be configured using --wrapper-name=foo

The same options can be configured via setters on the usual
BytecodeExpectationsPrinter.

The output file now includes all the relevant flags to reproduce it
when running again through the tool (usually with --rebaseline).

In particular, when running in --rebaseline mode, options from the
file header will override options specified in the command line.

A couple of other fixes and improvements:

* description of the handlers is now emitted (closing the TODO).
* the snippet is now correctly unquoted when double quotes are used.
* special registers (closure, context etc.) are now emitted as such,
   instead of displaying their numeric value.
* the tool can now process top level code as well.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1698403002

Cr-Commit-Position: refs/heads/master@{#34152}

ArchStackPointer operation should not be reordered with respect to instructions
which can modify the stack layout.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1716543004

Cr-Commit-Position: refs/heads/master@{#34151}

BUG=

Review URL: https://codereview.chromium.org/1715543003

Cr-Commit-Position: refs/heads/master@{#34150}

Review URL: https://codereview.chromium.org/1717603002

Cr-Commit-Position: refs/heads/master@{#34149}

Looks like the removal of %_FastOneByteArrayJoin flushes out a bug in
arm w/ the simulator.

R=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1716783002

Cr-Commit-Position: refs/heads/master@{#34148}

Revert of [turbofan] Connect ObjectIsNumber to effect and control chains. (patchset #1 id:1 of https://codereview.chromium.org/1709093002/ )

Reason for revert:
Tanks benchmarks (e.g., Octane box2d TF).

Original issue's description:
> [turbofan] Connect ObjectIsNumber to effect and control chains.
>
> In theory, we could connect the nodes when doing
> the schedule-in-the-middle pass, but that would require creating two
> versions of the operator (effectful and pure). I believe we do not
> lose anything by wiring the node up eagerly.
>
> Committed: https://crrev.com/2894e80a0a4a51a0d72e72aa48fcd01968f7949f
> Cr-Commit-Position: refs/heads/master@{#34141}

TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1718483002

Cr-Commit-Position: refs/heads/master@{#34147}

This intrinsic was only supported in fullcodegen, and is actually no
longer relevant for SunSpider peak performance it seems, so let's get
rid of it and maybe just implement Array.prototype.join with a fast
path at some point instead.

R=mstarzinger@chromium.org

Committed: https://crrev.com/ccf12b4bede3f1ce3ce14fb33bcc4041525a40af
Cr-Commit-Position: refs/heads/master@{#34084}

Review URL: https://codereview.chromium.org/1708523002

Cr-Commit-Position: refs/heads/master@{#34146}

The DataView constructor calls into C++ anyway, and is easier to deal
with this way, especially since we don't have the half initialized
object floating through JavaScript.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1712163002

Cr-Commit-Position: refs/heads/master@{#34145}

This should restore the splay regression.

BUG=

Review URL: https://codereview.chromium.org/1714753003

Cr-Commit-Position: refs/heads/master@{#34144}

This CL also enhances a "tail-call-megatest" which now tests product of the following cases:
1) tail caller is inlined/not-inlined
2) tail callee is inlined/not-inlined
3) tail caller has an arguments adaptor frame above or not
4) tail callee has an arguments adaptor frame above or not
5) tail callee is a sloppy/strict/possibly eval/bound/proxy function
6) tail calling via normal call/function.apply/function.call

BUG=v8:4698
LOG=N

Review URL: https://codereview.chromium.org/1711863002

Cr-Commit-Position: refs/heads/master@{#34143}

R=verwaest@chromium.org
LOG=y
BUG=none

Review URL: https://codereview.chromium.org/1711833002

Cr-Commit-Position: refs/heads/master@{#34142}

In theory, we could connect the nodes when doing
the schedule-in-the-middle pass, but that would require creating two
versions of the operator (effectful and pure). I believe we do not
lose anything by wiring the node up eagerly.

Review URL: https://codereview.chromium.org/1709093002

Cr-Commit-Position: refs/heads/master@{#34141}

Reland of Sampling heap profiler data structure changes (patchset #1 id:1 of https://codereview.chromium.org/1708363002/ )

Reason for revert:
Failure keeps lurking around after the revert. I'll reland, sorry for the inconvenience!

Original issue's description:
> Revert of Sampling heap profiler data structure changes (patchset #10 id:180001 of https://codereview.chromium.org/1697903002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert for cpu profiler crashes on chromebooks:
> https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/549
> https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/550
>
> Original issue's description:
> > Sampling heap profiler data structure changes
> >
> > Previously, the sampling heap profiler stored a list of samples and then
> > built a tree representation when the profile was queried by calling
> > GetAllocationProfile. This change reduces duplication by removing stacks
> > from all samples. Also, less information is stored in the tree
> > maintained by the profiler and remaining information (script name, line
> > no, etc) is resolved when a profile is requested.
> >
> > BUG=
> >
> > Committed: https://crrev.com/cdd55e2a3717723492d76f66810bf56b8de7f198
> > Cr-Commit-Position: refs/heads/master@{#34119}
>
> TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/4578e52aefb8c4727742ce2e254613e482fdad1f
> Cr-Commit-Position: refs/heads/master@{#34128}

TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.

Review URL: https://codereview.chromium.org/1714493003

Cr-Commit-Position: refs/heads/master@{#34140}

This reducer doesn't really add value, because:

 (a) it is only concerned with JSCallFunction and JSToNumber, but when
     we get to it, all JSCallFunction nodes will have been replaced by
     Call nodes, and in the not so far future, we will also have
     replaced almost all JSToNumber nodes with better code,
 (b) and the reducer tries to be smart and use one of the outermost
     contexts, but that might not be beneficial always; actually it
     might even create longer live ranges and lead to more spilling
     in some cases.

But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1715633002

Cr-Commit-Position: refs/heads/master@{#34139}

No need to limit JSCreate inlining to JS_OBJECT_TYPE, since we can
handle everything that the FastNewObjectStub can deal with. Also we
don't need to restrict the number of inobject properties, as that is
already taken care of by the runtime anyways (limited by the initial
slack for the constructor).

And last but not least, we can of course inline allocations for
subclasses as long as the new.target is a JSFunction and it's initial
map's constructor points back to the target (same condition as for
the FastNewObjectStub fast case).

R=jarin@chromium.org
BUG=v8:4493
LOG=n

Review URL: https://codereview.chromium.org/1711883003

Cr-Commit-Position: refs/heads/master@{#34138}

Review URL: https://codereview.chromium.org/1712563002

Cr-Commit-Position: refs/heads/master@{#34137}

Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.

Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1708313002

Cr-Commit-Position: refs/heads/master@{#34136}

Ideally the JSInliner should not be concerned with JSFunction's at all,
but only look at the SharedFunctionInfo. This reduces the uses of the
concrete closure to two remaining cases, which we plan to fix soonish
too.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1714803002

Cr-Commit-Position: refs/heads/master@{#34135}

  port 55071954 (r34114)

  original commit message:
  Frame slots indexes numbers are used more consistently for
  computation in both TurboFan and Crankshaft. Specifically,
  Crankshaft now uses frame slot indexes in LChunk, removing
  the need for some special-case maths when building the
  deoptimization translation table.

BUG=

Review URL: https://codereview.chromium.org/1714763002

Cr-Commit-Position: refs/heads/master@{#34134}

Rolling v8/tools/clang to b194e7fa21cc99980e38ff8b29740e78134fcfce

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1712993002

Cr-Commit-Position: refs/heads/master@{#34133}

Various syntactic forms now cause functions to have names where they
didn't before. Per the upcoming changes to the toString spec, only
a name that was literally part of a function's expression or declaration
is meant to be reflected in toString. This also happens to be the same
set of names that V8 currently outputs (without the --harmony-function-name
flag).

This required distinguishing anonymous FunctionExpressions from other sorts
of function definitions (like methods and getters/setters) in the AST, parser,
and at runtime.

The patch also takes the opportunity to remove one more argument (and enum)
from FunctionLiteral, as well as adding a special factory method for the
case of a FunctionLiteral representing toplevel or eval'd code.

BUG=v8:4760
LOG=n

Review URL: https://codereview.chromium.org/1712833002

Cr-Commit-Position: refs/heads/master@{#34132}

In ES2015, Date.prototype.toGMTString is simply an alias of
Date.prototype.toUTCString, so it has the same identity as a function and
doesn't have its own name. Firefox has already shipped this behavior.
Previously, we copied JSC behavior by making it a separate function.
This change makes an addition test262 test pass.

BUG=v8:4708
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1709373002

Cr-Commit-Position: refs/heads/master@{#34131}

Port 187b3f28

BUG=

Review URL: https://codereview.chromium.org/1709793002

Cr-Commit-Position: refs/heads/master@{#34130}

Revert of Use displayName in Error.stack rendering if present. (patchset #1 id:1 of https://codereview.chromium.org/1706823003/ )

Reason for revert:
See Domenic's comment on the V8 bug.

Original issue's description:
> Use displayName in Error.stack rendering if present.
>
> BUG=v8:4761
> LOG=y
>
> Committed: https://crrev.com/953874e974037e7e96ef282a7078760ccc905878
> Cr-Commit-Position: refs/heads/master@{#34105}

TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4761

Review URL: https://codereview.chromium.org/1713663002

Cr-Commit-Position: refs/heads/master@{#34129}

Revert of Sampling heap profiler data structure changes (patchset #10 id:180001 of https://codereview.chromium.org/1697903002/ )

Reason for revert:
[Sheriff] Speculative revert for cpu profiler crashes on chromebooks:
https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/549
https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/550

Original issue's description:
> Sampling heap profiler data structure changes
>
> Previously, the sampling heap profiler stored a list of samples and then
> built a tree representation when the profile was queried by calling
> GetAllocationProfile. This change reduces duplication by removing stacks
> from all samples. Also, less information is stored in the tree
> maintained by the profiler and remaining information (script name, line
> no, etc) is resolved when a profile is requested.
>
> BUG=
>
> Committed: https://crrev.com/cdd55e2a3717723492d76f66810bf56b8de7f198
> Cr-Commit-Position: refs/heads/master@{#34119}

TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1708363002

Cr-Commit-Position: refs/heads/master@{#34128}

Fix comment.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4678
LOG=N

Review URL: https://codereview.chromium.org/1714503002

Cr-Commit-Position: refs/heads/master@{#34127}

Port 55071954

Original commit message:
    Frame slots indexes numbers are used more consistently for
    computation in both TurboFan and Crankshaft. Specifically,
    Crankshaft now uses frame slot indexes in LChunk, removing
    the need for some special-case maths when building the
    deoptimization translation table.

R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1710073002

Cr-Commit-Position: refs/heads/master@{#34126}

This frees up one bit in FunctionKind, which I plan to make slightly
more syntactic info about functions available in SharedFunctionInfo
(needed for ES2015 Function.name support).

BUG=v8:3956, v8:4760
LOG=n

Review URL: https://codereview.chromium.org/1704223002

Cr-Commit-Position: refs/heads/master@{#34125}

Synthetic names for wasm-to-js functions, for debug scenarios.

BUG=

Review URL: https://codereview.chromium.org/1709893002

Cr-Commit-Position: refs/heads/master@{#34124}

This cleans up and makes the tests easier to write and understand.
Also prepares for adding the WASM interpreter which needs a
different initialization sequence in tests.

R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1707403002

Cr-Commit-Position: refs/heads/master@{#34123}

This isolates all files necessary to run jsfunfuzz. The fuzz
harness is copied into the jsfunfuzz directory and will be
deleted in the old location after the migration to swarming.

BUG=chromium:535160
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1706223002

Cr-Commit-Position: refs/heads/master@{#34122}

I extended the Int64Lowering to lower calls, loads, stores, returns, and
parameters and apply the lowering on both the test function TF graph and
the WasmRunner TF graph.

The lowering of calls also requires an adjustment of the call descriptor.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1704033002

Cr-Commit-Position: refs/heads/master@{#34121}

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1704373002 .

Cr-Commit-Position: refs/heads/master@{#34120}

Previously, the sampling heap profiler stored a list of samples and then
built a tree representation when the profile was queried by calling
GetAllocationProfile. This change reduces duplication by removing stacks
from all samples. Also, less information is stored in the tree
maintained by the profiler and remaining information (script name, line
no, etc) is resolved when a profile is requested.

BUG=

Review URL: https://codereview.chromium.org/1697903002

Cr-Commit-Position: refs/heads/master@{#34119}