R=mlippautz@chromium.org
BUG=v8:6792

Change-Id: I4b148b4bcb6e3cb73bc58eaad61d52a14da19a35
Reviewed-on: https://chromium-review.googlesource.com/760739Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49278}

Removes the handling of the flag independent. The flag will be removed in a followup.

The patch changes handling of V8::PersistentBase that are set to Weak:
- The Scavenger ignores the flag independent.
- The Scavenger keeps alive anything that is marked as Active.
- The Scavenger is free to drop weak handles of non-Active object if they 
  are otherwise dead.

Active:
- Any JSObject will always be marked Active.
- Any JSApiObject will be marked Active if it has been modified (=has elements, properties, etc.)

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Bug: chromium:780749
Change-Id: If1f547f2419930ad9400bd3b11bdbf609cb57649
Reviewed-on: https://chromium-review.googlesource.com/741801
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49277}

Converts the ast prettyprinter to printing literals from the raw values
rather than internalized on-heap strings. This enables ast printing before
internalizing, and means we can avoid use of the isolate in the interpreter's
off-thread phase.

Also removes --print-builtin-ast and relies on just --print-ast to print
everything.

Finally, converts FunctionLiteral's debug_name function to return a
char[] which is created from the raw name literal where it exists, rather
than relying on the value having been internalized.

BUG=v8:5203

Change-Id: Ib69f754e254736f415db38713e6209465817e6f1
Reviewed-on: https://chromium-review.googlesource.com/758681Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49276}

Align the claimed arguments in Generate_JSConstructStubGeneric by pushing an
extra copy of the receiver as padding.

Bug: v8:6644
Change-Id: I77e92624ff32c21c8f3f310176aa2576c756b56c
Reviewed-on: https://chromium-review.googlesource.com/757098
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49275}

Bug: v8:6917
Change-Id: Id13b0d84ee255d12ecaf4a30479e7c7173462d5c
Reviewed-on: https://chromium-review.googlesource.com/760360Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49274}

This is a reland of 7e78506f
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

Bug: chromium:756050
Change-Id: I333f7a6aea0bcb608d01cafb43e94893a4625b15
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758509Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49273}

Bug: 
Change-Id: Ice28172e75a9fce1bad199b13e3fc0c123aaf42f
Reviewed-on: https://chromium-review.googlesource.com/758588Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49272}

This is necessary in order to support class literals boilerplates which will
contain descriptor arrays not attached to maps.

This CL introduces Heap::descriptor_array_map() which will be used only for
descriptor arrays templates created as a part of class literal boilerplate.

We don't use the new map for all descriptors for now because in order to handle
chicken-egg problem in deserializer which can be solved in a clean and readable
way only if introduce a DESCRIPTOR_ARRAY_TYPE instance type which we can't
currently do because the InstanceType enum is already "full".

Bug: v8:5799
Change-Id: I732d236b0dda2c436ab3ce3ac5967f6c66162df3
Reviewed-on: https://chromium-review.googlesource.com/758360
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49271}

This was meant to be included in https://crrev.com/c/757129 but got missed
somehow. The fuzzer was generating i64.store instructions with an i32 value
argument instead of i64 like it should be.

Bug: 
Change-Id: I5b5bcdb22b2ac3abe872e7ff0ab0019b5ecb9c98
Reviewed-on: https://chromium-review.googlesource.com/759148Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49270}

R=mvstanton@chromium.org

Change-Id: Iff5a3741ba93ea2cc9d4b9f9907b22ce768b1cb3
Reviewed-on: https://chromium-review.googlesource.com/758840
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49269}

Move block coverage logic for TryCatchStatement and TryFinallyStatement
nodes into builder classes.

Bug: v8:6000
Change-Id: I0402ef78a54d6ba1bae62214f16aabfebbd7c581
Reviewed-on: https://chromium-review.googlesource.com/758645
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49268}

This adds test coverage for write-protected code pages by adding the
feature to the existing "stress_incremental_marking" variant. Since this
is considered a temporary state, the variant has not been renamed.

R=machenbach@chromium.org
BUG=v8:6792

Change-Id: I62fa5aa15bf5309b12fbc269fcf81069845755f9
Reviewed-on: https://chromium-review.googlesource.com/753388Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49267}

I made a mistake in yesterday's cleanup.

R=jarin@chromium.org

Bug: chromium:783051
Change-Id: Iabd7403096197ce8e54d46e079bc9a70aa98578d
Reviewed-on: https://chromium-review.googlesource.com/758765
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49266}

Pending exceptions were not cleared when the TurboFan result was not
compared to the Interpreter result, which happens when the result may be
affected by potential nondeterminism. With this CL we always clear
pending exceptions.

R=clemensh@chromium.org

Bug: chromium:782267
Change-Id: Ibe9b33c94810cccb6282c6c8dc49748fb79b07e4
Reviewed-on: https://chromium-review.googlesource.com/758272Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49265}

Bug: 
Change-Id: I8f82cba33f19c56b169f6bb641bf16301d578a0a
Reviewed-on: https://chromium-review.googlesource.com/758368Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49264}

Since the deoptimizer generalizes maps for all materialized objects, it
must make sure that none of the object's fields contain mutable heap numbers
(only double fields are allowed to point to mutable heap numbers). With this CL,
we simply change any mutable heap numbers in property arrays to immutable ones.

This could be dangerous if some non-materialized object could point to this
property array, but this cannot happen because interpreter registers cannot
refer to naked property arrays.

Bug: chromium:776309
Change-Id: I897b604fa804de673710cfa3ba0595dbd9f80eeb
Reviewed-on: https://chromium-review.googlesource.com/759781Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49263}

This reverts commit ac0661b3.

Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035

Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}

TBR=jarin@chromium.org,tebbi@chromium.org

Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}

R=machenbach@chromium.org
BUG=v8:6792
NOTREECHECKS=true
NOTRY=true

Change-Id: I878b11c6bddeca59ff49bfa88031a4ce15507e04
Reviewed-on: https://chromium-review.googlesource.com/759039Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49261}

This is a reland of 0db90bc5
Original change's description:
> [regexp] Include unicode/uvernum.h in parser
>
> This patch explicitly includes unicode/uvernum.h in the regular
> expression parser.
>
> It should be removed once we no longer need to check
> `U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
> updates their ICU. This is an ongoing effort:
> https://github.com/nodejs/node/pull/16876
>
> BUG=v8:4743
>
> Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
> Reviewed-on: https://chromium-review.googlesource.com/758407
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49253}

Bug: v8:4743
Change-Id: Id3f375f27fb5eaa4129884f99095d16763bd6e86
Reviewed-on: https://chromium-review.googlesource.com/758861Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49260}

TBR=machenbach@chromium.org

Change-Id: I5b82f56e9b9d894455500de693fe6ac6de5205ae
Reviewed-on: https://chromium-review.googlesource.com/758764
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49259}

assembler-arm64.h and assembler-arm64-inl.h have a B() function
which conflicts with the B macro in bytecode-utils.h.

Headers that leak macros can be annoying to deal with, in this case
we can't simply undef B at the end of source files that include
bytecode-utils.h because the second source file that includes
bytecode-utils.h won't see the B macro.  Let's just move this macro
into the two unittest files that include this header.

Bug: chromium:746958
Change-Id: I588b73fe81615f882a0e010c92ba187d3bc2bf25
Reviewed-on: https://chromium-review.googlesource.com/758779
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49258}

This turns the deoptimization entries from free-floating memory chunks
that were not considered part of the heap into true {Code} objects. By
marking them as immovable we get the same guarantees without the need
for side-stepping heap API methods.

R=jarin@chromium.org
BUG=v8:6792

Change-Id: I88e1795e52fb586f7ca960d08cd6d9d082f4df9b
Reviewed-on: https://chromium-review.googlesource.com/756851Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49257}

Bug: v8:6917
Change-Id: I7dae0715264cdf9f963f2454b101f6260d8493ff
Reviewed-on: https://chromium-review.googlesource.com/758837Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49256}

This reverts commit 0db90bc5.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/17335

You need to also check whether i18n is on, e.g. #ifdef V8_INTL_SUPPORT.

Original change's description:
> [regexp] Include unicode/uvernum.h in parser
> 
> This patch explicitly includes unicode/uvernum.h in the regular
> expression parser.
> 
> It should be removed once we no longer need to check
> `U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
> updates their ICU. This is an ongoing effort:
> https://github.com/nodejs/node/pull/16876
> 
> BUG=v8:4743
> 
> Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
> Reviewed-on: https://chromium-review.googlesource.com/758407
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49253}

TBR=yangguo@chromium.org,jshin@chromium.org,jgruber@chromium.org,mathias@chromium.org

Change-Id: I58d6b7a49b707c97153b8b0aec141248f5c669e1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:4743
Reviewed-on: https://chromium-review.googlesource.com/759777Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49255}

This was originally introduced to reuse large handlers, but now only
LdaContextSlot and LdaCurrentContextSlot remain (both roughly 2-300
bytes in size).

Since handler reuse complicates lazy (de)serialization and currently
doesn't seem to give us significant advantages, let's remove this.

Bug: v8:6624
Change-Id: I6f19952632e10bd67677a825bbcb46d580a9d5c8
Reviewed-on: https://chromium-review.googlesource.com/758642Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49254}

This patch explicitly includes unicode/uvernum.h in the regular
expression parser.

It should be removed once we no longer need to check
`U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
updates their ICU. This is an ongoing effort:
https://github.com/nodejs/node/pull/16876

BUG=v8:4743

Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
Reviewed-on: https://chromium-review.googlesource.com/758407Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49253}

Bug: chromium:746958
Change-Id: I38e19678e57e5769f4eb19b588ab1de1f4c3bb11
Reviewed-on: https://chromium-review.googlesource.com/758777Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49252}

R=yangguo@chromium.org

This is a reland of
for the no-i18n configuration.

https: //chromium-review.googlesource.com/c/v8/v8/+/571746 with a fix
Bug: 
Change-Id: I3e654791267b20fb3703ad4220404d8078f43440
Reviewed-on: https://chromium-review.googlesource.com/758999Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Corry <erikcorry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49251}

This patch adds support for Regional_Indicator within Unicode property
escapes in regular expressions.

The Regional_Indicator binary property was added in Unicode v10 and is
supported in ICU 60.1.

An `#if` directive is used to prevent breaking Node.js until they
update their ICU.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7acec13c8ae7552558a0f852937984bba828e738
Reviewed-on: https://chromium-review.googlesource.com/758273Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49250}

This reverts commit 7e78506f.

Reason for revert: Breaks roll:
https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm64_dbg_recipe/builds/381619

Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: If538a174d048e0416b4374426df721d4ea84cd4c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758860Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49249}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6501469..cfed275

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/ca0bd08..4a9623a

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/723b259..4b58512

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I31f2d64ee07b308fe1b66603e9b630c9b1007e7f
Reviewed-on: https://chromium-review.googlesource.com/759936Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49248}

Shl/ShrS/ShrU
Add/AddSaturateS/Sub/SubSaturateS

Bug: 
Change-Id: I9fbca45a22505ce1cea6b6ee2b57c07b71d31d50
Reviewed-on: https://chromium-review.googlesource.com/737513
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49247}

Change-Id: Id7e93baaf9a4991c26c73579754a3a03d3822f1e
Reviewed-on: https://chromium-review.googlesource.com/759408Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49246}

The runtime_call_stats_ can be NULL on a worker thread when RCS
are enabled dynamically.

BUG=v8:7043

Change-Id: I1d26ae76c46955e017c82037b4a015ad86ba2f77
Reviewed-on: https://chromium-review.googlesource.com/755419Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49245}

BUG=v8:7054
TBR=adamk@chromium.org,yangguo@chromium.org
NOTRY=true
NOTREECHECKS=true

Change-Id: I69690ac4062c0dcb3c66a7db3ddba6d1078bc389
Reviewed-on: https://chromium-review.googlesource.com/759246
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49244}

Like CSP flag 'unsafe-eval', which communicates if both JS source
files and WASM binary files may be compiled, this CL adds a similar
flag for the compilation of WASM binary files.

That is, a WASM binary file will be compiled only if the new flag is
defined, or the flag for 'unsafe-eval' allows it. These flags are
implemented as callback functions on the isolate. The callbacks get a
(CSP) context, and a string, and returns the corresponding value of
the flag.

Both callbacks are initialized with the nullptr, and is used to
communicate that no CSP policy is defined. This allows this concept to
work, independent of it running in Chrome.

It also does a small clean up in api.cc to use macro CALLER_SETTERS,
instead of explicit code when appropriate.

Bug: v8:7041
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idb3356574ae2a298057e6b7bccbd3492831952ae
Reviewed-on: https://chromium-review.googlesource.com/759162Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49243}

This reverts commit 7e78506f.

Reason for revert: Broke Android build on Arm64.

Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Ic09de4d63c19746a62e804b1f889817ffaebc330
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758625Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49242}

The Wasm AST-based fuzzer is supposed to create valid modules by
construction. This change adds a CHECK to enforce this property.

Additionally, this change exposed several cases where we were not generating
valid modules before:
  * Block types did not match up correctly
  * Memory operations could have invalid alignments
  * Storing an i64 could generate an i32 argument incorrectly.
This CL includes fixes for these issues as well.

Bug: 
Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b
Reviewed-on: https://chromium-review.googlesource.com/757129
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49241}

b % 32 could produce negative results. Therefore, the result
of the shift could be undefined values.

Bug: 
Change-Id: I6c2f7201df424735695aa01891d46523e3c5bd12
Reviewed-on: https://chromium-review.googlesource.com/759079
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49240}

StoreDataPropertyInLiteral doesn't throw (because the previous uses of
this didn't throw), but class fields can throw on defining the
property which means we can't use this. Changing to CreateDataProperty
runtime call instead.

Bug: v8:5367
Change-Id: I1ab45413b121972dd18fe2b35a0cedd8efe0e0bf
Reviewed-on: https://chromium-review.googlesource.com/757824
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49239}