port ac7f0e2b

Original Commit Message:
   *) For all tests the input validation was incorrect, i.e. some values
   were considered invalid although they were valid. The problem was that
   values which are outside int range can get in range through truncation.

   *) Removed an assertion in the x64 code generation of
   TruncateFloat64ToUint32 which trapped on negative inputs.

   *) Introduced a new TF operator TruncateFloat32ToUint32 which does
   the same as ChangeFloat32ToUint32 but does not trap on negative inputs.

R=titzer@chromium.org, ahaas@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1844053005

Cr-Commit-Position: refs/heads/master@{#35207}

A use of risbg instruction is not guarded by the corresponding
GENERAL_INSTR_EXT facility check.  This will result in an illegal
instruction when running on hardware without that facility installed
(i.e. z9).

R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1848533006

Cr-Commit-Position: refs/heads/master@{#35206}

BUG=v8:4804
LOG=n

Review URL: https://codereview.chromium.org/1853463004

Cr-Commit-Position: refs/heads/master@{#35205}

Port e1a7c1e7

Original commit message:
    - New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
    - RelocInfo mode recorded for immediates that use the memory buffer as base
    - Tests to verify address patching works

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1845283004

Cr-Commit-Position: refs/heads/master@{#35204}

Port eb5fe0df

Original commit message:
    Add relocatable pointers for wasm memory references that need to
    be updated when wasm GrowMemory is used. Code generator changes to
    accept relocatable constants as immediates.

R=gdeepti@google.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1851543004

Cr-Commit-Position: refs/heads/master@{#35203}

Handles bytecodeArray Objects when verifying the heap and also when
collecting code statistics. The changes include:
1. BytecodeArrays could be a part of the large object space. When
verifying the large object space we should also allow BytecodeArray
objects.
2. Adds support for BytecodeArrays when collecting code statistics.

BUG=v8:4280,chromium:599001
LOG=N

Review URL: https://codereview.chromium.org/1850443006

Cr-Commit-Position: refs/heads/master@{#35202}

Improves code coverage of bytecode array builder and constant
array builder.

Fixes initial index for constant pool slice for kQuad operands.

BUG=v8:4280,chromium:599000
LOG=N
TBR=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1845313002

Cr-Commit-Position: refs/heads/master@{#35201}

This should help speeding up Promise and RegExp instantiations substantially.

BUG=

Review URL: https://codereview.chromium.org/1850643002

Cr-Commit-Position: refs/heads/master@{#35200}

Currently, if the size of two cmp or test operands is a byte or a word, we sign-extend or zero-extend each of them into a 32-bit register before doing the comparison, even when the conditions for the use of a memory operand are met.

This CL makes it possible to load only one of them into a register and address the other as a memory operand.

The tricky bit is that, unlike as in the x64 counterpart http://crrev.com/1780193003, not all registers can be accessed as bytes.

BUG=

Review URL: https://codereview.chromium.org/1845603002

Cr-Commit-Position: refs/heads/master@{#35199}

Revert of Ship --harmony-regexp-exec (patchset #3 id:40001 of https://codereview.chromium.org/1847103002/ )

Reason for revert:
breaks some chromium browser_tests: https://codereview.chromium.org/1848233002/

Original issue's description:
> Ship --harmony-regexp-exec
>
> There are still spec compliance fixes to be made, but this patch
> turns the flag to shipping to make sure we get more canary coverage
> and performance data from the bots.
>
> BUG=v8:4602
> LOG=y
>
> Committed: https://crrev.com/84492bb66b340f4e0df36758e98fddbb10b5d1dc
> Cr-Commit-Position: refs/heads/master@{#35181}

TBR=littledan@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4602

Review URL: https://codereview.chromium.org/1852673003

Cr-Commit-Position: refs/heads/master@{#35198}

These operators will be easier to optimize, and we can remove some
unnecessary clutter from the intrinsic lowering.

Drive-by-cleanup: Some alpha sorting of the type conversion operator
business.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1848243002

Cr-Commit-Position: refs/heads/master@{#35197}

We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.

BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1847543002

Cr-Commit-Position: refs/heads/master@{#35196}

R=titzer@chromium.org, bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1847413002

Cr-Commit-Position: refs/heads/master@{#35195}

Especially when loading and untagging SMIs within code stubs, instances of the following pattern appear in the generated code:

movq %rax,[%rbx+%rcx*4+0xf]
sarq %rax, 32

This CL changes that code to:

movsxlq %rax, [%ebx+%ecx*4+0x13]

BUG=

Review URL: https://codereview.chromium.org/1845043004

Cr-Commit-Position: refs/heads/master@{#35194}

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1839043002

Cr-Commit-Position: refs/heads/master@{#35193}

1f895a06 did not use parenthesis around a conjunction in a
disjunction.

NOTRY=true
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1845313003

Cr-Commit-Position: refs/heads/master@{#35192}

Make sure we don't use arbitrary optimized code in FrameSummary.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1846183002

Cr-Commit-Position: refs/heads/master@{#35191}

This adds a new TurboFan-based ToIntegerStub, similar to the
ToLengthStub, and uses it whereever we had custom code for %_ToInteger
previously.

R=yangguo@chromium.org
BUG=v8:4587
LOG=n

Review URL: https://codereview.chromium.org/1846683006

Cr-Commit-Position: refs/heads/master@{#35190}

BUG=chromium:581412
LOG=N
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1851733002

Cr-Commit-Position: refs/heads/master@{#35189}

This CL ensures that we build environments/frame states so that tail caller frame will never become topmost.

BUG=chromium:598998, v8:4698
LOG=N

Review URL: https://codereview.chromium.org/1849503002

Cr-Commit-Position: refs/heads/master@{#35188}

The HandlerCompiler did not properly handle the weird edge case when a
sloppy mode function was installed as an accessor on one of the value
wrapper prototypes and then accessed via a load from a primitive value.
In this case we just passed the primitive value untouched instead of
properly wrapping it first. The CallFunction builtin properly deals with
all the funny edge cases, so we use it instead of duplicating almost all
of the logic here (the performance difference is neglible).

R=verwaest@chromium.org
BUG=chromium:599073, v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1845243005

Cr-Commit-Position: refs/heads/master@{#35187}

Port 6a628573

Original commit message:
    This reduces the reserved virtual memory size needed for the store buffer.

R=ulan@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:578883
LOG=NO

Review URL: https://codereview.chromium.org/1848983002

Cr-Commit-Position: refs/heads/master@{#35186}

Revert of [compiler] Add relocatable pointer constants for wasm memory references. (patchset #14 id:300001 of https://codereview.chromium.org/1759383003/ )

Reason for revert:
Test failures: https://build.chromium.org/p/client.v8/builders/V8%20Mac64/builds/8046

Original issue's description:
> [compiler] Add relocatable pointer constants for wasm memory references.
>
> Add relocatable pointers for wasm memory references that need to be updated when wasm GrowMemory is used. Code generator changes to accept relocatable constants as immediates.
>
> R=titzer@chromium.org, yangguo@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/eb5fe0df64ec0add423b2a1f6fb62d5a33dce2a5
> Cr-Commit-Position: refs/heads/master@{#35182}

TBR=bradnelson@chromium.org,titzer@chromium.org,gdeepti@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1846083005

Cr-Commit-Position: refs/heads/master@{#35185}

This CL implements the ALCR, add logical 32-bit integer with carry, instruction in the s390 simulator.

Some 64-bit operations in the 4-byte arithmetic section of the s390 simulator have been refactored into a separate function to stay below 500 lines.

R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com,

BUG=

Review URL: https://codereview.chromium.org/1846673003

Cr-Commit-Position: refs/heads/master@{#35184}

Add this define to the config used for mksnapshot. This fixes a bug
where certain applications would fail at runtime on Chromecast.

BUG=592660
LOG=Y
Bug: internal b/27495984

Test: Formerly broken Cast apps load and run as expected.

Review URL: https://codereview.chromium.org/1839763003

Cr-Commit-Position: refs/heads/master@{#35183}

Add relocatable pointers for wasm memory references that need to be updated when wasm GrowMemory is used. Code generator changes to accept relocatable constants as immediates.

R=titzer@chromium.org, yangguo@chromium.org, bradnelson@chromium.org

Review URL: https://codereview.chromium.org/1759383003

Cr-Commit-Position: refs/heads/master@{#35182}

There are still spec compliance fixes to be made, but this patch
turns the flag to shipping to make sure we get more canary coverage
and performance data from the bots.

BUG=v8:4602
LOG=y

Review URL: https://codereview.chromium.org/1847103002

Cr-Commit-Position: refs/heads/master@{#35181}

Revert of Remove RegExp.prototype.source getter compat workaround (patchset #2 id:20001 of https://codereview.chromium.org/1837843002/ )

Reason for revert:
TC39 decided that this compatibility fix should be standardized.

Original issue's description:
> Remove RegExp.prototype.source getter compat workaround
>
> The getter RegExp.prototype.source is specified in ES2015 to throw when
> called on a non-RegExp instance, such as RegExp.prototype. We had previously
> put in a compatibility workaround for all RegExp getters to make them
> throw on access specifically with RegExp.prototype as the receiver; however,
> we only have evidence that this is needed for properties other than source.
> This patch removes the compatibility workaround for get RegExp.prototype.source
> and gives it semantics precisely as per the ES2015 specification.
>
> R=adamk
> BUG=chromium:581577,v8:4827
> LOG=Y
>
> Committed: https://crrev.com/80803aa89e31839b8f73959776fa7e1923c6b461
> Cr-Commit-Position: refs/heads/master@{#35086}

R=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581577,v8:4827
LOG=Y

Review URL: https://codereview.chromium.org/1847783003

Cr-Commit-Position: refs/heads/master@{#35180}

Port f2a58593

Original commit message:
    Replace the uses with proper page flag lookups.

R=mlippautz@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:581412
LOG=N
TEST=mjsunit/allocation-site-info

Review URL: https://codereview.chromium.org/1848003002

Cr-Commit-Position: refs/heads/master@{#35179}

BUG=

Review URL: https://codereview.chromium.org/1848783003

Cr-Commit-Position: refs/heads/master@{#35178}

Port 53d51c52

Original commit message:
    Removed Frame::needs_frame and the function-wide logic using it in
    favor of FrameAccessState::has_frame, which can be set on a more
    granular level, and driving it block by block.

R=mtrofin@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com, rmcilroy@chromium.org
BUG=v8:4533
LOG=N

Review URL: https://codereview.chromium.org/1848623003

Cr-Commit-Position: refs/heads/master@{#35177}

*) For all tests the input validation was incorrect, i.e. some values
were considered invalid although they were valid. The problem was that
values which are outside int range can get in range through truncation.

*) Removed an assertion in the x64 code generation of
TruncateFloat64ToUint32 which trapped on negative inputs.

*) Introduced a new TF operator TruncateFloat32ToUint32 which does
the same as ChangeFloat32ToUint32 but does not trap on negative inputs.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1843983002

Cr-Commit-Position: refs/heads/master@{#35176}

53d51c52 (frame elision).

Turns out it was the cause of the regression in the referenced bug.

BUG=599421
LOG=N

Review URL: https://codereview.chromium.org/1847073002

Cr-Commit-Position: refs/heads/master@{#35175}

This reduces the reserved virtual memory size needed for the store buffer.

BUG=chromium:578883
LOG=NO

Review URL: https://codereview.chromium.org/1851473002

Cr-Commit-Position: refs/heads/master@{#35174}

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1843123002

Cr-Commit-Position: refs/heads/master@{#35173}

Port f2a58593

Original commit message:
    Replace the uses with proper page flag lookups.

R=mlippautz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:581412
LOG=N
TEST=mjsunit/allocation-site-info

Review URL: https://codereview.chromium.org/1845753005

Cr-Commit-Position: refs/heads/master@{#35172}

BUG=
LOG=no

Review URL: https://codereview.chromium.org/1845843003

Cr-Commit-Position: refs/heads/master@{#35171}

ARM specific CONFIG_KUSER_HELPERS kernel feature for Linux can be disabled,
and in this case, we shouldn't crash. Use a __sync_synchronize() call
instead for Linux platforms.

BUG=chromium:599051
LOG=Y

Review URL: https://codereview.chromium.org/1840203004

Cr-Commit-Position: refs/heads/master@{#35170}

R=hpayer@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1836283007

Cr-Commit-Position: refs/heads/master@{#35169}

* Add csv output mode for spreadsheet pasting
* Add option to leave out top-level categories
* Deal with unknown categories

R=hpayer@chromium.org
LOG=N
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1846983002

Cr-Commit-Position: refs/heads/master@{#35168}