Previously, V8's slice was implemented in a combination of C++ and a 
Javascript fallback. The disadvantage of this approach was that the
fast-path required a call through the CEntryStub, which introduced
considerable overhead for small arrays with fast elements kinds.

Now the implementation primarily uses the CSA to generate both the
full spec-complaint implementation as well as fast paths for argument
objects and arrays with fast elements kinds. The CSA implementation
uses a C++ implementation fallback in select situations where the the
complexity of a CSA implementation would be too great and the
CEntryStub overhead is not decisive (e.g. slices of dictionary
elements arrays).

Performance results on semi-random arrays with small number of
elements (old vs. new):

smi copy: 48.7 ms vs. 12 ms
smi slice: 43.5 ms 14.8 ms
object copy: 35.5 ms 7.7 ms
object slice: 38.7 ms 8.8 ms
dictionary slice: 2398.3 ms vs. 5.4 ms
fast sloppy arguments slice: 9.6 ms vs. 7.2 ms
slow sloppy arguments slice: 28.9 ms vs. 8.5 ms

As a bonus, the new implementation is fully spec-compliant and fixes
at least one existing bug.

The design document for Array.prototype builtin rework can be found
at https://goo.gl/wFHe2n

Bug: v8:1956,v8:6601,v8:6710,v8:6978
Change-Id: Ia0155bedcf39b4577605ff754f416c2af938efb7
Reviewed-on: https://chromium-review.googlesource.com/574710
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48853}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ab1bd6e..f2dd2d1

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/12ba14e..2a5ee2c

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I49a295ae7d40c454b13d604638e2d661bd3d9b3e
Reviewed-on: https://chromium-review.googlesource.com/734941Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48852}

This is in preparation for the new --trace-maps feature which will also log the
current PC.

Change-Id: I20f60c8a1e0104d4497460bafab623840a129f41
Reviewed-on: https://chromium-review.googlesource.com/734463Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48851}

Change-Id: Ia7b30b3f9d19ac1a6da978a0bd884e8f6f38841b
Reviewed-on: https://chromium-review.googlesource.com/730570
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48850}

Change-Id: I6288e295dd403be45cb2e4a648ac50c8f1376b73
Reviewed-on: https://chromium-review.googlesource.com/734481Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48849}

BUG=v8:6921

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id29a5562b1551e78f60129216fdc2c209e585e43
Reviewed-on: https://chromium-review.googlesource.com/452381Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48848}

The stack can be cleared with RuntimeCallStats::Reset() call.
Correctly handle the case by silently exit the running timer scopes.

BUG=chromium:760649

Change-Id: I51ecca5591a7af358f3e50779d0f81cb9d76e502
Reviewed-on: https://chromium-review.googlesource.com/734121Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48847}

Support inlining of Array.prototype.filter in TurboFan.

Bug: v8:1956
Change-Id: If50e230d14461063d378c0591dc27dea43371afa
Reviewed-on: https://chromium-review.googlesource.com/733089
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48846}

...its users, the "Negate", "Inc", and "Dec" bytecode handler
generators, to use subclassing and method overriding instead
of passing lambdas around.

Change-Id: Ib3febbb5cb2d763705f902d0324c11290e9513f7
Reviewed-on: https://chromium-review.googlesource.com/731616
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48845}

The tests are generated randomly, using Python's arbitrary-precision
integers as the source of truth.
The generator script is landed as part of this CL. It also supports
a "stress test" mode for on-demand intensive test coverage.

Bug: v8:6791
Change-Id: Idc7a2e90fd8a0a8176283614b33ecd4c3597b1d1
Reviewed-on: https://chromium-review.googlesource.com/731464
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48844}

R=joransiu@ca.ibm.com, jbarboza@ca.ibm.com

Bug: 
Change-Id: Icb4c67c96cb44f75cd73e97929792795b1070dda
Reviewed-on: https://chromium-review.googlesource.com/733641Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48843}

See the comment here:
https://chromium-review.googlesource.com/c/v8/v8/+/719417/2/src/value-serializer.cc#496

BUG=v8:6895
R=clemensh@chromium.org

Change-Id: I89a6ba0986def1776ef3be9c72a2c5b6260b0c98
Reviewed-on: https://chromium-review.googlesource.com/730768Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48842}

When TurboFan sees a call to Reflect.get with exactly two parameters,
we can lower that to a direct call to the GetPropertyStub, which is
certainly faster than the general C++ builtin. This gives a nice
7-8% improvement on the chai test in the web-tooling-benchmark.

The micro-benchmark on the issue goes from

  reflectGetPresent: 461 ms.
  reflectGetAbsent: 470 ms.

to 

  reflectGetPresent: 141 ms.
  reflectGetAbsent: 245 ms.

which is an up to 3.2x improvement.

Bug: v8:5996, v8:6936, v8:6937
Change-Id: Ic439fccb13f1a2f84386bf9fc31b4283d101afc4
Reviewed-on: https://chromium-review.googlesource.com/732988
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48841}

When simplifying the DoubleToI stub
(https://chromium-review.googlesource.com/c/v8/v8/+/720963), I accidentaly
removed support for generating a version of the stub which uses SSE
instructions. Re-enable support for this.

Bug: chromium:777304
Change-Id: I03c14464a2cf288216f59f59c88be7af42ef350b
Reviewed-on: https://chromium-review.googlesource.com/733130
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48840}

Currently we incorrectly show global object as arrow function receiver.
With this CL:
- if this is used inside of function we show correct this value,
- if this is unused and V8 optimizes it out - we show undefined.

Second is known issue which we should address separately.

R=dgozman@chromium.org,yangguo@chromium.org

Bug: chromium:552753
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iac88a07fe622eb9b2f8af7ecbc4a32a56c8cdfaa
Reviewed-on: https://chromium-review.googlesource.com/723840
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48839}

Bug: v8:6917
Change-Id: I1b7169c8702c8649812b17579d38d64de676ed60
Reviewed-on: https://chromium-review.googlesource.com/723420
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48838}

If the buffer associated with WebAssembly.Memory is used as memory
for asm.js modules, throw a range error on Memory.Grow.

Bug: chromium:776677
Change-Id: Iebcd7797fa7724002dd8073d1dbaeb98f080d316
Reviewed-on: https://chromium-review.googlesource.com/731844
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48837}

R=clemensh@chromium.org

Bug: v8:6959
Change-Id: I27164598dddf58da7f3040b7139c4ae99c52800f
Reviewed-on: https://chromium-review.googlesource.com/733097Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48836}

This patch implements the runtime semantics of static public
class fields.

Adds a new InitializeClassFieldsStatement AST node that contains
all the static class fields and their initializers. 

ClassLiteral is now desugared to be included in a do-exp that calls 
an initializer function which contains this new AST node.

Bug: v8:5367
Change-Id: I3574e4c685f1c039de42521c122e24f8d28e5d6c
Reviewed-on: https://chromium-review.googlesource.com/714817Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48835}

Fixes the value of V8_VERSION_STRING to add the embedder string when the
patch level is zero.

BUG=v8:5740

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idfe2020fe857865ff75a91ddb57f18ed23dfe3a7
Reviewed-on: https://chromium-review.googlesource.com/732992
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48834}

This reverts commit ddd15cda.

Reason for revert: Blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/732565

Original change's description:
> [turbofan] Instance type tracking in load elimination.
> 
> This tracks instance type in load elimination, so that it can be used
> to prune control flow with unreachable states.
> 
> (This is a cut down version of https://chromium-review.googlesource.com/c/v8/v8/+/727761),
> the regression should be addressed by the map invalidation fix from
> https://chromium-review.googlesource.com/c/v8/v8/+/730705.)
> 
> Bug: v8:6396
> Change-Id: I3acab16ebbc0f1f16c7900a8d307deb84e1cb618
> Reviewed-on: https://chromium-review.googlesource.com/732307
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48812}

TBR=jarin@chromium.org,bmeurer@chromium.org

Change-Id: I1a3fe1d62c05889ea83e2f6cfb31a6ccbe65241d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6396
Reviewed-on: https://chromium-review.googlesource.com/732898Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48833}

This CL adds a first implementation of Liftoff, the new wasm baseline
compiler, for x64 and ia32. It currently supports the most important
i32 instructions and control instructions. Whenever it encounters an
instruction it does not support yet, it aborts.
In a subsequent CL, Liftoff will be called from the
WasmCompilationUnit, falling back to Turbofan compilation if the
baseline compiler bails out.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ifa78fb9d546dce72c241ff01a251dfa13cb31c1d
Reviewed-on: https://chromium-review.googlesource.com/716480
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48832}

In js-call-reducer.cc, we reduce many builtins with similar properties.
This CL contains some abstractions useful also for future methods
we'd like to inline.

Bug: 
Change-Id: I41a5a5c549177fc750bc576fbc7616c2b4c41793
Reviewed-on: https://chromium-review.googlesource.com/733099Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48831}

R=rossberg@chromium.org

Bug: chromium:772636
Change-Id: I885f8657eb755953be17d7bf32aef2629092b9c2
Reviewed-on: https://chromium-review.googlesource.com/733086Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48830}

This reverts commit 97ead433.

Reason for revert: makes the PreParserScopeAnalysis test much slower.

Original change's description:
> [parser] Skipping inner funcs: Use less memory for variables.
> 
> - Make it possible to store quarter-bytes instead of full bytes.
> 
> - Don't store is_used; it can be recovered correctly based on the actual full
>   parse (when a lazy function is eventually called) and
>   has_forced_scope_allocation.
> 
> - With the is_used change, the old testing approach (which compared a scope for
>   which we didn't do scope allocation to the baseline) no longer made
>   sense. Replaced it with a new testing approach, which is also closer to the
>   actual usage.
> 
> BUG=v8:5516
> 
> Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
> Reviewed-on: https://chromium-review.googlesource.com/725422
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48828}

TBR=marja@chromium.org,verwaest@chromium.org

Change-Id: I8cb87bcd55462b1cef4444dabb5cbfa2ecb24c7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5516
Reviewed-on: https://chromium-review.googlesource.com/732878Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48829}

- Make it possible to store quarter-bytes instead of full bytes.

- Don't store is_used; it can be recovered correctly based on the actual full
  parse (when a lazy function is eventually called) and
  has_forced_scope_allocation.

- With the is_used change, the old testing approach (which compared a scope for
  which we didn't do scope allocation to the baseline) no longer made
  sense. Replaced it with a new testing approach, which is also closer to the
  actual usage.

BUG=v8:5516

Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
Reviewed-on: https://chromium-review.googlesource.com/725422
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48828}

R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: I50cf6418f382689559b33b2c5a218435373dec64
Reviewed-on: https://chromium-review.googlesource.com/666920
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48827}

Also removes can_execute_on_background_thread() since all compilation jobs can now do that.
Part of the work towards enabling off-thread bytecode compilation.

BUG=v8:5203

Change-Id: I6a52c26d599ce74482b5fb49926603cb326f1e31
Reviewed-on: https://chromium-review.googlesource.com/731285Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48826}

Fixes the implementation of step 9 in the Proxy's internal [[Get]]
method:

Let targetDesc be ? target.[[GetOwnProperty]](P)

If P is an accessor, this should not result in a call to the getter.
Likewise in [[Set]] and [[Has]].

https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver

Bug: chromium:776338
Change-Id: I2652ffab2b3e4c38de00a82b8419192fdc768951
Reviewed-on: https://chromium-review.googlesource.com/732897Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48825}

R=gsathya@chromium.org
BUG=v8:6792

Change-Id: I68a5f9e7e52dbc9512e6919fce2064d748a3e7c4
Reviewed-on: https://chromium-review.googlesource.com/730726
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48824}

Bug: 
Change-Id: I79ddd65af022a22929131fcfc062e15300de04bd
Reviewed-on: https://chromium-review.googlesource.com/732661Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48823}

This reverts commit 00ba1dca.

Reason for revert: perf regressions crbug.com/774903 

Original change's description:
> [heap] Disable map retaining optimization.
> 
> The optimization keeps dying maps alive for several GCs to mitigate
> code deoptimization with weak maps.
> 
> This patch disables the optimization to see if it still needed.
> 
> Bug: 
> Change-Id: Ie5717967ad56858e6ae546c90fde73e8d5bcc4ec
> Reviewed-on: https://chromium-review.googlesource.com/712598
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48458}

TBR=ulan@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Id57d7239a041b03e02a35ccbf5830ff9838a6246
Reviewed-on: https://chromium-review.googlesource.com/733017Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48822}

- Fix a wrong type casting triggered when a given array's length is zero
- Add a regression test case

Bug: chromium:777182, chromium:768775
Change-Id: I615b73e9d7bad657c872c96c7a204efe355d8289
Reviewed-on: https://chromium-review.googlesource.com/732865Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48821}

This adds a new InstanceOfIC where the TestInstanceOf bytecode collects
constant feedback about the right-hand side of instanceof operators,
including both JSFunction and JSBoundFunction instances. TurboFan then
uses the feedback to optimize instanceof in places where the right-hand
side is not a known constant (known to TurboFan).

This addresses the odd performance cliff that we see with instanceof in
functions with multiple closures. It was discovered as one of the main
bottlenecks on the uglify-es test in the web-tooling-benchmark. The
uglify-es test (run in separation) is ~18% faster with this change.

On the micro-benchmark in the tracking bug we go from

  instanceofSingleClosure_Const: 69 ms.
  instanceofSingleClosure_Class: 246 ms.
  instanceofMultiClosure: 246 ms.
  instanceofParameter: 246 ms.

to

  instanceofSingleClosure_Const: 70 ms.
  instanceofSingleClosure_Class: 75 ms.
  instanceofMultiClosure: 76 ms.
  instanceofParameter: 73 ms.

boosting performance by roughly 3.6x and thus effectively removing the
performance cliff around instanceof.

Bug: v8:6936, v8:6971
Change-Id: Ib88dbb9eaef9cafa4a0e260fbbde73427a54046e
Reviewed-on: https://chromium-review.googlesource.com/730686
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48820}

There are wasm operations which operate on floats or double, but they
need to preserve the exact bit pattern. Thus they cannot be stored and
passed as float or double, since that might flip the signaling NaN bit.
This CL extends WasmValue to store floats and doubles as bit pattern,
and adds accessors to extract them as Float32 or Float64.
The interpreter is changed to execute certain operations (i32.abs,
i32.neg, i64.abs, i64.neg, f32.reinterpret/i32, f64.reinterpret/i64) on
boxed floats.

R=titzer@chromium.org

Bug: v8:6954
Change-Id: I0251d1a67b6caf593194d4eb292a325cdd3f20cf
Reviewed-on: https://chromium-review.googlesource.com/730716
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48819}

Remove checking detached buffer of a validated typed array in
%TypedArray%.prototype.slice. Now, JSTypedArray::Validate checks
if the new typed array's buffer is detached or not.

Bug: v8:5929
Change-Id: I381e33e3995ae10cc2907a7141a64ec9f97c742f
Reviewed-on: https://chromium-review.googlesource.com/721399Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48818}

Currently the concurrent marker iterates all fields in JSObjects up to
the instance size defined by the map. This can lead to a race when the
object transitions to unboxed double field.

Bug: chromium:774644
Change-Id: I01a69240869217127769bba9ff1c49dc5a81fa9c
Reviewed-on: https://chromium-review.googlesource.com/730717Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48817}

Even static constant fields need to have definitions outside of the
class scope if a reference to them is passed.
This CL fixes link errors which occured on an independent CL
(https://crrev.com/c/730716).

Drive-by: Make the fields constexpr.

R=mstarzinger@chromium.org

Change-Id: Iff5dd1f3d41ddfba0c20531dbecd63c1d4c670e8
Reviewed-on: https://chromium-review.googlesource.com/732114Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48816}

This reverts commit 14165a47.

Reason for revert: Fix is incomplete, will reland soon.

Original change's description:
> [proxy] Fix invalid call to getter in [[Get/Set]]
> 
> Fixes the implementation of step 9 in the Proxy's internal [[Get]]
> method:
> 
> Let targetDesc be ? target.[[GetOwnProperty]](P)
> 
> If P is an accessor, this should not result in a call to the getter.
> Likewise in [[Set]].
> 
> https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver
> 
> Bug: chromium:776338
> Change-Id: Ic06b7eeac6a1ef9606ddda6fa9d6d58b709702fb
> Reviewed-on: https://chromium-review.googlesource.com/731123
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48813}

TBR=neis@chromium.org,jgruber@chromium.org

Change-Id: I92a11791b3c6a73ada1f72fe4193c25e7a054746
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:776338
Reviewed-on: https://chromium-review.googlesource.com/732877Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48815}

NOTRY=true

Bug: v8:6918, chromium:747960
Change-Id: I0a83cd1eebfe4082399dc1d26dbdf7ff3ef1f158
Reviewed-on: https://chromium-review.googlesource.com/731044Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48814}