The StackSlot operator allows to allocate a spill slot on the stack. We
are going to use this operator to pass floats through pointers to c
functions, which we need for floating point rounding in the case where
the architecture does not provide rounding instructions.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com

Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
Cr-Commit-Position: refs/heads/master@{#33600}

Review URL: https://codereview.chromium.org/1645653002

Cr-Commit-Position: refs/heads/master@{#33606}

This moves the definition of the Environment class into the compilation
unit because it is only used there and not needed outside, the header
doesn't need to expose it.

R=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1644103002

Cr-Commit-Position: refs/heads/master@{#33605}

R=littledan@chromium.org, rossberg@chromium.org
BUG=v8:2952
LOG=Y

Review URL: https://codereview.chromium.org/1647773003

Cr-Commit-Position: refs/heads/master@{#33604}

ES2015 Annex B.1.4 specifies a restricted pattern language for unicode
mode. This change reflects that, based on some test262 test cases.

R=littledan@chromium.org
BUG=v8:2952
LOG=N

Committed: https://crrev.com/e918c4ec464456a374098049ca22eac2107f6223
Cr-Commit-Position: refs/heads/master@{#33584}

Review URL: https://codereview.chromium.org/1645573002

Cr-Commit-Position: refs/heads/master@{#33603}

Without this change, the v8::Local<> constructor will be picked up by the
compiler as an option for an implicit cast for any pointer type.  This leads
to bad error messages when accidentally passing an erroneous pointer type to
a function wanting a Local<> (complains about a pointer assignment in Local<>'s
constructor as opposed to a bad type for the parameter of the function being
called) and also causes ambiguity errors where none should exist when calling
overloaded functions (for example a function taking either a std::string or a
v8::Local<v8::Script> cannot be called with a const char * because the compiler
sees both types as being constructable with a const char *).

R=jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1647833005

Cr-Commit-Position: refs/heads/master@{#33602}

Revert of [turbofan] Add the StackSlot operator to turbofan. (patchset #4 id:60001 of https://codereview.chromium.org/1645653002/ )

Reason for revert:
problems on Mac64

Original issue's description:
> [turbofan] Add the StackSlot operator to turbofan.
>
> The StackSlot operator allows to allocate a spill slot on the stack. We
> are going to use this operator to pass floats through pointers to c
> functions, which we need for floating point rounding in the case where
> the architecture does not provide rounding instructions.
>
> R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com
>
> Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
> Cr-Commit-Position: refs/heads/master@{#33600}

TBR=titzer@chromium.org,v8-arm-ports@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1644283002

Cr-Commit-Position: refs/heads/master@{#33601}

The StackSlot operator allows to allocate a spill slot on the stack. We
are going to use this operator to pass floats through pointers to c
functions, which we need for floating point rounding in the case where
the architecture does not provide rounding instructions.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1645653002

Cr-Commit-Position: refs/heads/master@{#33600}

So far the for-in slow path in Crankshaft unconditionally called
%ForInFilter for every iteration of the for-in loop, without paying
attention to the possible enum cache equipped receiver map. So even
though we iterate the enum cache FixedArray associated with the map
we don't check the map, but always go to %ForInFilter. This would be
perfectly fine if the enum cache FixedArray would be immutable, but
due to some funny GC/runtime interaction kicking in, the enum cache
can be right trimmed while we are iterating it, and the only way to
detect this is to ensure that we check the map when accessing the
enum cache.

BUG=v8:3650,v8:4715
LOG=n

Review URL: https://codereview.chromium.org/1650493002

Cr-Commit-Position: refs/heads/master@{#33599}

Rolling v8/buildtools to be55b9ad86a4a5f760895984f93f76038e08e29e

Rolling v8/tools/clang to 2b2edb2dbbc5818f98972eeefd756cdcd69aa6f3

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1650463002

Cr-Commit-Position: refs/heads/master@{#33598}

Revert of Accurately type foreign functions, and variables. (patchset #2 id:20001 of https://codereview.chromium.org/1642993002/ )

Reason for revert:
[Sheriff] Breaks arm x-compile:
https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug%20builder/builds/7484/steps/compile/logs/stdio

Original issue's description:
> Accurately type foreign functions, and variables.
>
> Associate a type with foreign functions at their callsite.
> Associate a type with foreign variables.
> More pervasively forbid computation in the module body.
> Confirm foreign call arguments are exports.
>
> BUG= https://code.google.com/p/v8/issues/detail?id=4203
> TEST=test-asm-validator
> R=aseemgarg@chromium.org,titzer@chromium.org
> LOG=N
>
> Committed: https://crrev.com/b1d43d0b31e8aea7b31261764fef5bee4ad13903
> Cr-Commit-Position: refs/heads/master@{#33596}

TBR=aseemgarg@chromium.org,titzer@chromium.org,bradnelson@google.com,bradnelson@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://code.google.com/p/v8/issues/detail?id=4203

Review URL: https://codereview.chromium.org/1648063003

Cr-Commit-Position: refs/heads/master@{#33597}

Associate a type with foreign functions at their callsite.
Associate a type with foreign variables.
More pervasively forbid computation in the module body.
Confirm foreign call arguments are exports.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1642993002

Cr-Commit-Position: refs/heads/master@{#33596}

R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1644023002

Cr-Commit-Position: refs/heads/master@{#33595}

Adds --trace-ignition flag which allows tracing of bytecodes as they
execute. As well as printing out the bytecode, this also prints out the
input and output registers to each operation. The generated output looks
as follows:

 -> 0x350cb46d5264 (139) : 49 fc fb 03 07    Call r4, r5, #3, [7]
      [ accumulator -> 0x177fba00bc99 <JS Array[2]> ]
      [          r4 -> 0x350cb46ce099 <JS Function InstallFunctions (SharedFunctionInfo 0x350cb46470c1)> ]
      [          r5 -> 0x350cb46cddc1 <an Object with map 0x35fdf590a3a9> ]
      [          r6 -> 0x350cb46d3f11 <JS Function Proxy (SharedFunctionInfo 0x350cb46d3e61)> ]
      [          r7 -> 2 ]
      [ accumulator <- 0x350cb4604189 <undefined> ]
 -> 0x350cb46d5978 (47) : 4b f8 00 00 00    CallRuntime [248], r0, #0
      [ accumulator -> 0x350cb4604189 <undefined> ]
      [ accumulator <- 0x350cb4604189 <undefined> ]
 -> 0x350cb46d597d (52) : 23 09             Ldar a0
      [ accumulator -> 0x350cb4604189 <undefined> ]
      [          a0 -> 0x350cb46d3f11 <JS Function Proxy (SharedFunctionInfo 0x350cb46d3e61)> ]
      [ accumulator <- 0x350cb46d3f11 <JS Function Proxy (SharedFunctionInfo 0x350cb46d3e61)> ]
 -> 0x350cb46d597f (54) : 24 fd             Star r3
      [ accumulator -> 0x350cb46d3f11 <JS Function Proxy (SharedFunctionInfo 0x350cb46d3e61)> ]
      [ accumulator <- 0x350cb46d3f11 <JS Function Proxy (SharedFunctionInfo 0x350cb46d3e61)> ]
      [          r3 <- 0x350cb46d3f11 <JS Function Proxy (SharedFunctionInfo 0x350cb46d3e61)> ]

Also adds support for --print_source and --print-ast to the interpreter.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1640213002

Cr-Commit-Position: refs/heads/master@{#33594}

BUG=

Review URL: https://codereview.chromium.org/1649653004

Cr-Commit-Position: refs/heads/master@{#33593}

R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1648503003

Cr-Commit-Position: refs/heads/master@{#33592}

This is to fix a bug in the bytecode graph builder. This cl adds a new merge
node before we copy the environment on conditional/unconditional jumps. Since
these environments could be merged later, we add a place holder merge so that
the control dependencies are correctly merged. If we do not have a merge node
we may incorrectly merge the dependencies into the previous block.
For ex: test-run-variables/ContextStoreVariables in cctests.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1641143002

Cr-Commit-Position: refs/heads/master@{#33591}

avoid jump threading erasing the reconstruction of a frame, if the
frame was elided.

BUG=

Review URL: https://codereview.chromium.org/1642823002

Cr-Commit-Position: refs/heads/master@{#33590}

Compilation dependencies for O32 ABI are removed from the code and now
compilation will be done according n64 ABI only.

TEST=
BUG=

Review URL: https://codereview.chromium.org/1638303005

Cr-Commit-Position: refs/heads/master@{#33589}

Revert of [regexp] restrict pattern syntax for unicode mode. (patchset #6 id:120001 of https://codereview.chromium.org/1645573002/ )

Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/4222

Original issue's description:
> [regexp] restrict pattern syntax for unicode mode.
>
> ES2015 Annex B.1.4 specifies a restricted pattern language for unicode
> mode. This change reflects that, based on some test262 test cases.
>
> R=littledan@chromium.org
> BUG=v8:2952
> LOG=N
>
> Committed: https://crrev.com/e918c4ec464456a374098049ca22eac2107f6223
> Cr-Commit-Position: refs/heads/master@{#33584}

TBR=vogelheim@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2952

Review URL: https://codereview.chromium.org/1648673002

Cr-Commit-Position: refs/heads/master@{#33588}

Disabling it for anything else, to avoid compile time overhead.

BUG=

Review URL: https://codereview.chromium.org/1641653005

Cr-Commit-Position: refs/heads/master@{#33587}

With the new iteration strategy, sucessors of EffectPhis
are only visited once the effect phi has been processed.

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1641923003

Cr-Commit-Position: refs/heads/master@{#33586}

This adds debug code to the interpreter entry trampoline to ensure that
the called bytecode handler will never return, but instead tear down the
frame with a proper exit trampoline eventually.

R=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1642063002

Cr-Commit-Position: refs/heads/master@{#33585}

ES2015 Annex B.1.4 specifies a restricted pattern language for unicode
mode. This change reflects that, based on some test262 test cases.

R=littledan@chromium.org
BUG=v8:2952
LOG=N

Review URL: https://codereview.chromium.org/1645573002

Cr-Commit-Position: refs/heads/master@{#33584}

Revert of MIPS: Add FPXX support to MIPS32R2 (patchset #3 id:40001 of https://codereview.chromium.org/1586223004/ )

Reason for revert:
Revert patch due to a number of failures appearing on the MIPS v8 simulator

Original issue's description:
> MIPS: Add FPXX support to MIPS32R2
>
> The JIT code generated by V8 is FPXX compliant
> when v8 compiled with FPXX flag. This allows the code to
> run in both FP=1 and FP=0 mode. It also alows v8 to be used
> as a library by both FP32 and FP64 binaries.
>
> BUG=
>
> Committed: https://crrev.com/95110dde666158a230a823fd50a68558ad772320
> Cr-Commit-Position: refs/heads/master@{#33576}

TBR=paul.lind@imgtec.com,gergely.kis@imgtec.com,akos.palfi@imgtec.com,ilija.pavlovic@imgtec.com,marija.antic@imgtec.com,miran.karic@imgtec.com,balazs.kilvady@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1646813003

Cr-Commit-Position: refs/heads/master@{#33583}

The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).

So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1641083003

Cr-Commit-Position: refs/heads/master@{#33582}

R=ahaas@chromium.org, bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1642043002

Cr-Commit-Position: refs/heads/master@{#33581}

This translates the exception handler table attached to a bytecode array
correctly into exceptional projections within the TurboFan graph. We
perform an abstract simulation of handlers that are being entered and
exited by the bytecode iteration to track the correct handler for each
node.

R=oth@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1641723002

Cr-Commit-Position: refs/heads/master@{#33580}

This change adds AbstractCode, which can be either Code or
BytecodeArray, and adds methods to calculate source position based
on that. Also cleans up to use code offsets instead of raw PC
where possible, and consistently uses the offset from instruction
start (as opposed to code object start).

R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N

Review URL: https://codereview.chromium.org/1618343002

Cr-Commit-Position: refs/heads/master@{#33579}

BUG=
A bug in android-sync.sh, which caused the android_arm.release.check
unittests crash on device. It is fixed by adding:
  sync_file "$OUTDIR/$ARCH_MODE/natives_blob.bin"
  sync_file "$OUTDIR/$ARCH_MODE/snapshot_blob.bin"

Review URL: https://codereview.chromium.org/1616393002

Cr-Commit-Position: refs/heads/master@{#33578}

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1647653004

Cr-Commit-Position: refs/heads/master@{#33577}

The JIT code generated by V8 is FPXX compliant
when v8 compiled with FPXX flag. This allows the code to
run in both FP=1 and FP=0 mode. It also alows v8 to be used
as a library by both FP32 and FP64 binaries.

BUG=

Review URL: https://codereview.chromium.org/1586223004

Cr-Commit-Position: refs/heads/master@{#33576}

This currently works since we never call set_target_cell when we have to record slots for evacuation. It would break with black allocation.

BUG=chromium:561449
LOG=n

Review URL: https://codereview.chromium.org/1643573003

Cr-Commit-Position: refs/heads/master@{#33575}

The body of a generator function can now refer to the generator's input value via a new
"function.sent" expression.  We extend the proposal at
https://github.com/allenwb/ESideas/blob/master/Generator%20metaproperty.md
in the obvious way to also apply to GeneratorResumeAbrupt.
This will enable us to desugar yield*.

The new syntax is behind a new --harmony-function-sent flag.

BUG=v8:4700
LOG=n

Review URL: https://codereview.chromium.org/1620253003

Cr-Commit-Position: refs/heads/master@{#33574}

  X87 TurboFan code generation convention assumes that there is always a value at the top of the X87 FPU stack for each TurboFan's float operation.
  But native C++ function assumes there are 8 FPU stack slots can be used when it's called. This will lead to FPU stack overflow when TurboFan x87 code calls or returns back to native C++ function.
  as there are only 7 FPU stack slots remained for this native C++ function.

  This CL does:
  1. Make sure X87 FPU stack depth always 1 before each TurboFan's float operation
  2. Remove the top value in X87 FPU stack required by TurboFan when calling or returning from TurboFan Functions to other TurboFan or Non-TurboFan Functions.
  3. Add the strict X87 FPU stack depth check for TurboFan debug code.
  4. Re-initialize the X87 FPU stack and push a value at the top of the X87 FPU stack to satify the X87 TurboFan code generation convention for float operation
     at the entries where the TurboFan code will be called such as: exception handler, CallCFunctions in tests,..etc

BUG=

Review URL: https://codereview.chromium.org/1636353002

Cr-Commit-Position: refs/heads/master@{#33573}

We can reduce Math.round(v) to a sequence of

  let i = Float64RoundUp(v);
  let r = i - v;
  return r > 0.5 ? 1.0 + i : i;

if the target supports the Float64RoundUp machine operator (i.e.
roundsd with RoundUp rounding on Intel processors with SSE4.1).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1640393002

Cr-Commit-Position: refs/heads/master@{#33572}

We already have this fast case in Crankshaft where we don't call
%ToInteger when the input is already a SMI. Add the same optimization
to JSIntrinsicLowering.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1641753002

Cr-Commit-Position: refs/heads/master@{#33571}

  port 57d202d8 (r33550)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1640823003

Cr-Commit-Position: refs/heads/master@{#33570}

Rolling v8/tools/clang to 50155e1a5a647a6184e3fe2c687e2fbe1720d3e4

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1639253004

Cr-Commit-Position: refs/heads/master@{#33569}

  port a2baaaac (r33538)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1644863002

Cr-Commit-Position: refs/heads/master@{#33568}

  port a685180d (r33535)

  original commit message:
  On Intel, imul clobbers {r|e}ax.  We're missing that in the representation
  of the MulHigh intermediate instructions. Fixing, by adding it as a temp,
  akin VisitDiv does.

BUG=

Review URL: https://codereview.chromium.org/1643753003

Cr-Commit-Position: refs/heads/master@{#33567}