R=mstarzinger@chromium.org

Bug: v8:8781
Change-Id: I6982170a3e4c31a6d39e6368b7a3163dbb08cee7
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1451917Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59327}

NOTRY=true

Bug: v8:8278
Change-Id: I0f6c5ca3766ce6a9ffa2a97082b875b2a3fb357f
Reviewed-on: https://chromium-review.googlesource.com/c/1450122Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59326}

This is a reland of 0befa6d4

Original change's description:
> [nojit] Check that --jitless is disabled when creating wasm code
>
> Drive-by: Amend wasm test skips for lite mode.
>
> Bug: v8:7777
> Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
> Reviewed-on: https://chromium-review.googlesource.com/c/1449616
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59314}

Tbr: mstarzinger@chromium.org
Bug: v8:7777
Change-Id: I0a076b36bb2e69b612df89b0f35067f299f27a7e
Reviewed-on: https://chromium-review.googlesource.com/c/1451819
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59325}

This reverts commit 83908b86.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/25074

Original change's description:
> Reland "Extract JSObject class from objects.cc"
> 
> This is a reland of b8c821f4
> 
> Fix: include src/string-stream.h for compile failure
> https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/39320
> 
> Original change's description:
> > Extract JSObject class from objects.cc
> >
> > I extracted following class member functions to js-objects.cc
> > * JSReceiver
> > * JSObject
> > * JSBoundFunction
> > * JSFunction
> > * JSGlobalObject
> > * JSDate
> > * JSMessageObject
> >
> > Declaration of all above class are in js-objects.h.
> >
> > I also moved AllocationSite::DigestTransitionFeedback used in JSObject::UpdateAllocationSite
> > and ShouldConvertToSlowElements used in JSObject and JSArray
> >
> > This patch makes compile time of objects.cc from 17.6s to 14.1s on Z840 Linux.
> > And js-objects.cc takes 8.69s for compile.
> >
> > Bug: v8:7629
> > Change-Id: I989f22363667445dd28d7f8c06c81ff79d6ed45f
> > Reviewed-on: https://chromium-review.googlesource.com/c/1447916
> > Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Marja Hölttä <marja@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#59288}
> 
> Bug: v8:7629
> Bug: v8:8562
> Change-Id: Iac2227c5f0c5a4072d16814ecae481fb4720e4f5
> Reviewed-on: https://chromium-review.googlesource.com/c/1449951
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59318}

TBR=marja@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,tikuta@chromium.org

Change-Id: I3260edecb1434bbf9c25d89c9f9a8af02d106855
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7629, v8:8562
Reviewed-on: https://chromium-review.googlesource.com/c/1452096Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59324}

The most common use of {SaveContext} is to allocate this object, then
immediately set the context of the isolate to another Context. Thus
introduce a second class called "SaveAndSwitchContext" which implements
exactly that.

R=mstarzinger@chromium.org

Bug: v8:8562
Change-Id: I2fca1eadd909a7afe035316ded934624273f2e21
Reviewed-on: https://chromium-review.googlesource.com/c/1448319Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59323}

As Marja suggested, this CL changes tools/locs.py in such a way that
it also counts the bytes in the input file and the output file.

Example output now looks similar to this:

Processed 1,526 files in 24.58 sec.
gen         (   31 files):    94,507 LoC (  4,972 kB) to    2,839,311 LoC (183,777 kB) (   30x)
src         (  630 files):   371,499 LoC ( 14,743 kB) to   53,707,841 LoC (  3,155 MB) (  145x)
test        (  381 files):   492,861 LoC ( 25,372 kB) to   36,885,988 LoC (  2,194 MB) (   75x)
third_party (  433 files):   239,155 LoC (  8,683 kB) to    9,713,872 LoC (412,829 kB) (   41x)
total       ( 1526 files): 1,212,675 LoC ( 54,242 kB) to  104,133,982 LoC (  5,973 MB) (   86x)


Change-Id: I1ff5e752ee3a96d388a4393c2592aec68f834000
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/1450113
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59322}

In the process add missing base	Torque functionality for 8-bit and
16-bit integers and Cast<> operators to make them easy to use.

As a poster child, port the field declarations of SharedFunctionInfo
to the class definition in base.tq.

As a drive by: Add the missing GN dependency on
class-definitions-from-dsl.h

Bug: v8:7793
Change-Id: I76a41c2e81ffd1cbb90ac7a4ef8d4003ac86e8dc
Reviewed-on: https://chromium-review.googlesource.com/c/1445882Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59321}

This CL changes most Call* macros (and some others) in Array#sort to
pass the context and sortState implicitly. This improves
readability, especially for loads and stores.

R=jgruber@chromium.org, tebbi@chromium.org

Bug: v8:8567
Change-Id: I6528d080bb01ab676de3ba6a7bf8223b98b6db7f
Reviewed-on: https://chromium-review.googlesource.com/c/1450114Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59320}

For compiled SFIs, finding the FunctionLiteralId is a slow operation that requires
doing a binary search in the script's SFI table. Given the SFI has been flushed,
it is unlikely we will need the FunctionLiteralId again, so just mark the
UncompiledData has having an invalid FunctionLiteralID such that we only do
the search if it is required from the UncompiledData.

This addresses a significant regression on gc_latency when bytecode flushing was
enabled.

BUG=chromium:927038,v8:8395

Change-Id: I7123c3fe05034ff96e84f9d1d36d5f312a2a56e0
Reviewed-on: https://chromium-review.googlesource.com/c/1450118Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59319}

This is a reland of b8c821f4

Fix: include src/string-stream.h for compile failure
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/39320

Original change's description:
> Extract JSObject class from objects.cc
>
> I extracted following class member functions to js-objects.cc
> * JSReceiver
> * JSObject
> * JSBoundFunction
> * JSFunction
> * JSGlobalObject
> * JSDate
> * JSMessageObject
>
> Declaration of all above class are in js-objects.h.
>
> I also moved AllocationSite::DigestTransitionFeedback used in JSObject::UpdateAllocationSite
> and ShouldConvertToSlowElements used in JSObject and JSArray
>
> This patch makes compile time of objects.cc from 17.6s to 14.1s on Z840 Linux.
> And js-objects.cc takes 8.69s for compile.
>
> Bug: v8:7629
> Change-Id: I989f22363667445dd28d7f8c06c81ff79d6ed45f
> Reviewed-on: https://chromium-review.googlesource.com/c/1447916
> Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59288}

Bug: v8:7629
Bug: v8:8562
Change-Id: Iac2227c5f0c5a4072d16814ecae481fb4720e4f5
Reviewed-on: https://chromium-review.googlesource.com/c/1449951Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59318}

This reverts commit 0befa6d4.

Reason for revert: Fails in lite mode: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/2177

Original change's description:
> [nojit] Check that --jitless is disabled when creating wasm code
> 
> Drive-by: Amend wasm test skips for lite mode.
> 
> Bug: v8:7777
> Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
> Reviewed-on: https://chromium-review.googlesource.com/c/1449616
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59314}

TBR=mstarzinger@chromium.org,jgruber@chromium.org

Change-Id: Id0d43fe4b03a2992acd980fd9fa4ef114d4b6aa2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7777
Reviewed-on: https://chromium-review.googlesource.com/c/1451877Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59317}

This CL makes the TypedArray#sort unit test more robust, that checks
for the stable property.

R=jgruber@chromium.org

Bug: v8:8567
Change-Id: I8e6a729d0a8b54901535d49eb578b8b34bd6f2eb
Reviewed-on: https://chromium-review.googlesource.com/c/1449695Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59316}

These offsets are now transported via CodeDesc.

Bug: v8:8758
Change-Id: If7485c62878bc81a55c9b4ca8ce3578dab2376ce
Reviewed-on: https://chromium-review.googlesource.com/c/1447717
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59315}

Drive-by: Amend wasm test skips for lite mode.

Bug: v8:7777
Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
Reviewed-on: https://chromium-review.googlesource.com/c/1449616Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59314}

This replaces the "trusted" with the "jitless" correctness-fuzzing experiment.
The former is a no-op already.

NOTRY=true

Bug: v8:8778
Change-Id: Ie9b490df27071980b2049148844b8f716bbbb1f7
Reviewed-on: https://chromium-review.googlesource.com/c/1450120Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59313}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/79e2191..ed3546e

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3114fbc..05973b6

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I26a29a3655c00dc3b349eaf99c1262265b108048
Reviewed-on: https://chromium-review.googlesource.com/c/1451260Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#59312}

Set entries return an array with the value as first and second entry.
As such these are considered key value pairs to align with maps
entries iterator.
So far the return value was identical to the values iterator and that
is misleading.

This also adds tests to verify the results and improves the coverage
a tiny bit by testing different iterators.

Refs: https://github.com/nodejs/node/issues/24629

R=yangguo@chromium.org

Change-Id: I669a724bb4afaf5a713e468b1f51691d22c25253
Reviewed-on: https://chromium-review.googlesource.com/c/1350790
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59311}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/eb61983..79e2191

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I268f52fbf24db332be534983f49dac7ace14ac09
Reviewed-on: https://chromium-review.googlesource.com/c/1450788Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#59310}

It shipped in Chrome 69.

Bug: v8:7220, v8:8562
Change-Id: I09d5ee9e98fc32ae3163c8983d552b99ac4f08e6
Reviewed-on: https://chromium-review.googlesource.com/c/1450781Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59309}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c1ab94d..eb61983

Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/d52eade..1fff613

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/e958d6e..347a7c8

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b6cc5a6..8af4b4b

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/39b0b8e..a1fbdff

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I583fe4bc46e2dd76f1f0f522eaa3aeaf458edaee
Reviewed-on: https://chromium-review.googlesource.com/c/1450782Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#59308}

The program:

    foo;
    let foo = 5;

…now produces:

    ReferenceError: Cannot access 'foo' before initialization

…instead of:

    ReferenceError: foo is not defined

Bug: v8:6513, v8:6951
Change-Id: I6c372626734570d5abeb1d0196b814dde02b9e3e
Reviewed-on: https://chromium-review.googlesource.com/c/1441151Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59307}

TBR=sergiyb@chromium.org,tmrts@chromium.org
NOTRY=true

Change-Id: I4fe37f8e38922e2a7d08a6b28191eff50778e0b2
Reviewed-on: https://chromium-review.googlesource.com/c/1450121Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59306}

This reverts commit 6e03d7ee.

Reason for revert: This breaks the Android bot:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Android%20Arm64%20-%20N5X/2933
It's quite hidden due to https://crbug.com/v8/8731 but all shards
time out. It looks like to to this change, testing takes
dramatically longer, maybe the pushing takes now much longer than
before. If we want decide for this, the builder needs to get
many more shards.

Original change's description:
> Reland "[tools] Push files using high-level device.PushChangedFiles method"
> 
> This is a reland of d045f666
> 
> Original change's description:
> > [tools] Push files using high-level device.PushChangedFiles method
> >
> > R=machenbach@chromium.org
> >
> > No-Try: true
> > Bug: chromium:893593
> > Change-Id: I11cce7694eb7755ccee42c9a342fc1aa22663d85
> > Reviewed-on: https://chromium-review.googlesource.com/c/1382468
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58407}
> 
> Bug: chromium:893593
> Change-Id: I88a7143b3f31d87d266b89221f81efe831ea3823
> Reviewed-on: https://chromium-review.googlesource.com/c/1443055
> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59221}

TBR=machenbach@chromium.org,tandrii@chromium.org,sergiyb@chromium.org,bpastene@chromium.org,jbudorick@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:893593
Change-Id: Ifea307b5de8f39b660966fc6bef54601df91d841
Reviewed-on: https://chromium-review.googlesource.com/c/1450119Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59305}

R=leszeks@chromium.org, rmcilroy@chromium.org

Bug: v8:8766
Change-Id: I85ac658dddffaea69f64864185e87db2fdb2f90f
Reviewed-on: https://chromium-review.googlesource.com/c/1450132Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59304}

The result of Object::ToInteger is a number rounded to an
integer value, but not necessarily in the range of what a
C++ "int" can represent. Doing the 2 <= radix <= 36 range
check first makes the subsequent cast safe.

Bug: chromium:927212
Change-Id: I49f115140f6dc1f951cbc08a3025b3ac92ec8628
Reviewed-on: https://chromium-review.googlesource.com/c/1449040
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59303}

This is a reland of ac2fb66b.
Crashes were fixed in https://crrev.com/c/1429862.

Original change's description:
> [wasm] Remove finisher task
>
> This removes the finisher task and instead finishes compilation units
> from the background.
> It also changes ownership of the AsyncCompileJob to be shared among all
> tasks that still operate on it. The AsyncCompileJob dies when the last
> reference dies.
>
> R=ahaas@chromium.org
> CC=​​mstarzinger@chromium.org
>
> Bug: v8:7921, v8:8423
> Change-Id: Id09378327dfc146459ef41bc97176a8716756ae4
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/1335553
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58630}

Bug: v8:7921, v8:8423
Change-Id: I3dcee4e8e56d2a524d302af91b5cb4a7a9ceb8ce
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1400781
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59302}

BUG=v8:7294,v8:8562

Change-Id: I1ed3b6d6a2fed2aee224e22ae8db5d76a52998a5
Reviewed-on: https://chromium-review.googlesource.com/c/1449731Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59301}

This reverts commit a1b431d7.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22809

Original change's description:
> [serializer] share class positions tuple across contexts
> 
> Class positions is a struct that stores the start and end positions of a class
> literal. It is stored both on class objects, and the template used to
> instantiate class objects.
> 
> The template is reachable from the bytecode array and therefore serialized by
> the startup serializer. Class objects are context-dependent and therefore
> serialized by the partial serializer. Serializing class positions from both
> serializers violates the assumption that we don't serialize any object twice.
> 
> R=​gsathya@chromium.org
> 
> Bug: v8:8761
> Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
> Reviewed-on: https://chromium-review.googlesource.com/c/1444956
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59292}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,gsathya@chromium.org

Change-Id: I9f3fd1b29b5991b450223f8b27dfc7aa7e5a3171
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8761
Reviewed-on: https://chromium-review.googlesource.com/c/1450116Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59300}

This basically adjusts reality to match our expectations. Methods based
on Code::kConstantPoolOffset expected the constant pool to be located
immediately following the handler table and before the code comments
section, while it was actually emitted before the jump table. We did
not notice earlier since this is only relevant on ppc.

Bug: v8:8758
Change-Id: I189af491fe133a7dc480ff4056372ba7a27faa81
Reviewed-on: https://chromium-review.googlesource.com/c/1445880
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59299}

Clean up some redundant variables after https://crrev.com/c/1449615.

R=mstarzinger@chromium.org

Bug: v8:8562
Change-Id: I44d46b037978f8feff7486cdc5c521c74c0a1c9e
Reviewed-on: https://chromium-review.googlesource.com/c/1449617
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59298}

Users should switch to TracedGlobal and the newly added methods of
v8::EmbedderHeapTracer.

Bug: chromium:923361, v8:8562
Change-Id: I3e5ed5785a0a49c0b65c7b1d1d103e568dd3e938
Reviewed-on: https://chromium-review.googlesource.com/c/1445752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59297}

This CL revises some of our error messages, and removes unneeded parts
(like "AsyncCompilation: " or "(null): "). It also extends existing
tests to check for the precise error message more thoroughly to detect
changes or nondeterminism earlier.

R=titzer@chromium.org, ahaas@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:926311
Change-Id: I1ccfb307d4a61291f4582330152a53fbadd0848f
Reviewed-on: https://chromium-review.googlesource.com/c/1445897
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59296}

This adds support for integrity level transitions (preventExtensions,
seal and freeze) to MapUpdater and Map::TryUpdate.

In both cases, we first try to detect whether there were integrity
level transitions in the transition tree to the old map and make note
of the most restrictive integrity transition and the map just before
the transition (integrity-source-map). Then we find an appropriate root
(based on integrity-source-map's elements kind) and replay the
transitions based on the integrity-source-map's descriptor
array. Finally, if we saw an integrity level transition in
the beginning, we will find-or-create that transition (on the
updated version of integrity-source-map).

For the following micro-benchmark, we get about 10x speedup.

```
function C() {
  this.x = 1;
  Object.seal(this);
  this.x = 0.1;
}

const start = Date.now();
for (let i = 0; i < 1e7; i++) {
  new C();
}
console.log("Reconfigure sealed: " + (Date.now() - start));
```

Before:
> Reconfigure sealed: 5202

After:
> Reconfigure sealed: 479

Bug: v8:8538
Change-Id: If695be7469d8b6ccd44ac4528be8aa34b65b3e4d
Reviewed-on: https://chromium-review.googlesource.com/c/1442640
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59295}

BUG=v8:8395

Change-Id: I717f4c35fb9764a2ffb97662eef0148ad04284e6
Reviewed-on: https://chromium-review.googlesource.com/c/1449633Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59294}

Change-Id: Ifa1f7cbfd62f16118f97848e9d6b60744d9ba515
Reviewed-on: https://chromium-review.googlesource.com/c/1450112Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59293}

Class positions is a struct that stores the start and end positions of a class
literal. It is stored both on class objects, and the template used to
instantiate class objects.

The template is reachable from the bytecode array and therefore serialized by
the startup serializer. Class objects are context-dependent and therefore
serialized by the partial serializer. Serializing class positions from both
serializers violates the assumption that we don't serialize any object twice.

R=gsathya@chromium.org

Bug: v8:8761
Change-Id: If22c554cc7396d63998a015454ce0c67a7d2e05c
Reviewed-on: https://chromium-review.googlesource.com/c/1444956Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59292}

This CL is mostly a mechanical change. Loading either the receiver,
the backing store or the temp array from the sort state is pushed down
into each respective Load/Store builtin. This eliminates the need
for reloading the elements pointer after each compare function call.

R=jgruber@chromium.org, tebbi@chromium.org

Bug: v8:8562
Change-Id: I453e98635f9d891da58cf7b2a86c5c58f4a4069c
Reviewed-on: https://chromium-review.googlesource.com/c/1449613Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59291}

BUG=v8:8562

Change-Id: I66b729aeb306ecfbf92ee6e992c3abb6f854949c
Reviewed-on: https://chromium-review.googlesource.com/c/1449733Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59290}

This reverts commit b8c821f4.

Reason for revert: compile errors, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/39320

Original change's description:
> Extract JSObject class from objects.cc
> 
> I extracted following class member functions to js-objects.cc
> * JSReceiver
> * JSObject
> * JSBoundFunction
> * JSFunction
> * JSGlobalObject
> * JSDate
> * JSMessageObject
> 
> Declaration of all above class are in js-objects.h.
> 
> I also moved AllocationSite::DigestTransitionFeedback used in JSObject::UpdateAllocationSite
> and ShouldConvertToSlowElements used in JSObject and JSArray
> 
> This patch makes compile time of objects.cc from 17.6s to 14.1s on Z840 Linux.
> And js-objects.cc takes 8.69s for compile.
> 
> Bug: v8:7629
> Change-Id: I989f22363667445dd28d7f8c06c81ff79d6ed45f
> Reviewed-on: https://chromium-review.googlesource.com/c/1447916
> Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59288}

TBR=marja@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,tikuta@chromium.org

Change-Id: I18a8af8a7970f96b2ec3e56b2b1871b4f080ab01
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7629
Reviewed-on: https://chromium-review.googlesource.com/c/1449635Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59289}

I extracted following class member functions to js-objects.cc
* JSReceiver
* JSObject
* JSBoundFunction
* JSFunction
* JSGlobalObject
* JSDate
* JSMessageObject

Declaration of all above class are in js-objects.h.

I also moved AllocationSite::DigestTransitionFeedback used in JSObject::UpdateAllocationSite
and ShouldConvertToSlowElements used in JSObject and JSArray

This patch makes compile time of objects.cc from 17.6s to 14.1s on Z840 Linux.
And js-objects.cc takes 8.69s for compile.

Bug: v8:7629
Change-Id: I989f22363667445dd28d7f8c06c81ff79d6ed45f
Reviewed-on: https://chromium-review.googlesource.com/c/1447916
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59288}