json-parser does the same thing. This drastically reduces GC cost when
deserializing objects large enough that multiple collections are likely
(since it saves the effort to move them to the old generation, when we
know that the objects we create will persist at least until the deserializer
finishes).

The threshold was chosen to match json-parser.

This patch reduces deserialization time on a large blob of JSON-y data
by approximately 30%.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2336973004
Cr-Commit-Position: refs/heads/master@{#39396}

v8::Isolate::Throw only schedules the exception; it is necessary to promote it
after invoking the delegate.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2332843003
Cr-Commit-Position: refs/heads/master@{#39395}

Handle some examples of the "asynchronous case" by marking await expressions
as either caught or uncaught; in the caught case, this marks the Promise passed
in as having a catch predicted. The marking is done in AST numbering, which
chooses between two different runtime function calls based on catch prediction.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2276243002
Cr-Commit-Position: refs/heads/master@{#39394}

The initial support for low level exception handling in Wasm will not
support finally blocks. This decision is taken for both simplicity (
handling finallys is not straightforward if we want try blocks to yield
values), and lack of good use case (clang++ does not need them.) They
may be added in the future once we understand the implications of
having them.

BUG=

Review-Url: https://codereview.chromium.org/2336303002
Cr-Commit-Position: refs/heads/master@{#39393}

R=rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2333023002
Cr-Commit-Position: refs/heads/master@{#39392}

This CL "weakens" the typer somewhat, as it was querying aspects of
Type that are within the representation dimension. It's not the right
place to do that.

BUG=

Review-Url: https://codereview.chromium.org/2320473003
Cr-Commit-Position: refs/heads/master@{#39391}

This reverts commit cf5180c3. It turns
out finally blocks aren't useful in the current incarnation of Wasm. We
might reintroduce it later.

BUG=

Review-Url: https://codereview.chromium.org/2330073002
Cr-Commit-Position: refs/heads/master@{#39390}

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2328423002
Cr-Commit-Position: refs/heads/master@{#39389}

Review-Url: https://codereview.chromium.org/2336203002
Cr-Commit-Position: refs/heads/master@{#39388}

The AllocationResult already carries the information in which space the allocation failure happened.
BUG=

Review-Url: https://codereview.chromium.org/2333293002
Cr-Commit-Position: refs/heads/master@{#39387}

During GC multiple threads can request icache flush when evacuating
code space in parallel.

Simulator::FlushICache updates Isolate::simulator_icache hashmap,
which leads to a race.

This patch adds a lock for simulator_icache.

BUG=

Review-Url: https://codereview.chromium.org/2338793002
Cr-Commit-Position: refs/heads/master@{#39386}

This adds a regression test for a bug where {OsrPoll} instructions
within the bytecode stream ended up outside of actual loops. This has
been fixed already, by merging {OsrPoll} into the backwards branch.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645888
BUG=chromium:645888

Review-Url: https://codereview.chromium.org/2337033002
Cr-Commit-Position: refs/heads/master@{#39385}

This introduces a new {JumpLoop} bytecode to combine the OSR polling
mechanism modeled by {OsrPoll} with the actual {Jump} performing the
backwards branch. This reduces the overall size and also avoids one
additional dispatch. It also makes sure that OSR polling is only done
within real loops.

R=rmcilroy@chromium.org
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2331033002
Cr-Commit-Position: refs/heads/master@{#39384}

BUG=

Review-Url: https://codereview.chromium.org/2338773002
Cr-Commit-Position: refs/heads/master@{#39383}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2239733002
Cr-Commit-Position: refs/heads/master@{#39382}

When lowering DataField accesses, we should pay attention to the
MachineRepresentation reported by the AccessInfo. This doesn't
yet change the rest of the pipeline to take full advantage of
the representations.

Drive-by-fix: Make the code more robust, especially the part that
deals with mutable heap number access.

R=mvstanton@chromium.org
BUG=v8:5267,v8:5270

Review-Url: https://codereview.chromium.org/2334193002
Cr-Commit-Position: refs/heads/master@{#39381}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2337943002
Cr-Commit-Position: refs/heads/master@{#39380}

When inlining sloppy functions try to find some witness in the effect
chain that the receiver is already a JSReceiver and thereby avoid
inserting the JSConvertReceiver node, which we currently cannot really
optimize away most of the time.

Middle-term we may want to change the way CheckMaps works and have some
unified mechanism to deal with effect chain walks to find witnesses for
various map related facts. Also we may want to consider doing this
optimization later, although that requires some more refactorings since
we already promised that JSConvertReceiver gives a Type::Receiver.

R=mstarzinger@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2333213002
Cr-Commit-Position: refs/heads/master@{#39379}

Moves the context chain search loop out of generated bytecode, and into
the (Lda|Ldr|Sda)ContextSlot handler, by passing the context depth in as
an additional operand. This should decrease the bytecode size and
increase performance for deep context chain searches, at the cost of
slightly increasing bytecode size for shallow context access.

Review-Url: https://codereview.chromium.org/2336643002
Cr-Commit-Position: refs/heads/master@{#39378}

To make better inlining decisions, it's good to have call counts for poly/mega-morphic cases. This CL makes it work for calls, and another will follow to better unify the code between constructor calls and normal calls (and thence, to record megamorphic call counts there as well).

BUG=

Review-Url: https://codereview.chromium.org/2325083003
Cr-Commit-Position: refs/heads/master@{#39377}

BUG=v8:5269

Review-Url: https://codereview.chromium.org/2325013004
Cr-Commit-Position: refs/heads/master@{#39376}

BUG=

Review-Url: https://codereview.chromium.org/2331843004
Cr-Commit-Position: refs/heads/master@{#39375}

We check for external memory limit in Heap::ReportExternalMemoryPressure.

BUG=chromium:616434

Review-Url: https://codereview.chromium.org/2329993002
Cr-Commit-Position: refs/heads/master@{#39374}

This makes sure OSR entry points can be added without having special
{OsrPoll} instructions in the bytecode stream. Eventually we might end
up merging back-branches and OSR polls together. Any loop header can be
used as an OSR entry point.

R=bmeurer@chromium.org
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2329933003
Cr-Commit-Position: refs/heads/master@{#39373}

BUG=v8:5269

Review-Url: https://codereview.chromium.org/2327103002
Cr-Commit-Position: refs/heads/master@{#39372}

Don't sort inline candidates by comparing Node pointers, where the order
depends on the allocation order and the concrete Zone memory layout at
runtime. Instead sort based on NodeId, which is deterministic.

R=mvstanton@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2336113002
Cr-Commit-Position: refs/heads/master@{#39371}

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2328233002
Cr-Commit-Position: refs/heads/master@{#39370}

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2322163003
Cr-Commit-Position: refs/heads/master@{#39369}

Also unify the Pow implementation somewhat. There are still some
inconsistencies with the FPU version for x64/ia32, but that has
to be resolved separately.

R=ahaas@chromium.org, mvstanton@chromium.org
BUG=v8:5086

Review-Url: https://codereview.chromium.org/2333663002
Cr-Commit-Position: refs/heads/master@{#39368}

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2328293002
Cr-Commit-Position: refs/heads/master@{#39367}

Add strength reduction rules to optimize

 CheckTaggedSigned(CheckTaggedSigned(x)) -> CheckTaggedSigned(x)

and

 CheckTaggedPointer(CheckTaggedPointer(x)) -> CheckTaggedPointer(x)

where we do some cleanup optimizations after loop peeling and redundancy
elimination, which can generate these constructs.

BUG=v8:5267

Review-Url: https://codereview.chromium.org/2336093002
Cr-Commit-Position: refs/heads/master@{#39366}

Reduce compilation time (with clang) for opcodes-unittest.cc from
1m38s to roughly 1s by not overusing the macro expansion magic.

TBR=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2331413002
Cr-Commit-Position: refs/heads/master@{#39365}

Cleanup fix addressing the comment on crrev.com/2325943002.

TBR=jarin@chromium.org,brucedawson@chromium.org

Review-Url: https://codereview.chromium.org/2335083002
Cr-Commit-Position: refs/heads/master@{#39364}

BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2336023002
Cr-Commit-Position: refs/heads/master@{#39363}

Going forward we may relax this, but it is a conscious decision to be made.

BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2337523003
Cr-Commit-Position: refs/heads/master@{#39362}

This change avoids needing to keep around an unused compiled
module. Instead, the result of compiling the wasm bytes is
given to the first instance. The module object and that instance object
point to the same compiled module. Instances are, then, cloned from
the compiled module the module object points to. When an instance is
collected, we make sure that the module object still has a clone
available, and, if the last instance is GC-ed, we also reset the compiled
module so that it does not reference its heap, so that it (==heap) may
be collected.

This is achieved by linking the clones in a double-linked list and
registering a finalizer for each. When we create an instance, we tie it
in the front of the list, making the module object point to it (O(1)). When
the finalizer is called, we relink the list over the dying object (O(1)). The
costliest operation is finalizing the last instance, since we need to visit
all wasm functions and reset heap references.

BUG=v8:5316

Committed: https://crrev.com/01f5af515728aebe6c5246f4f7dd6c573e8748af
Review-Url: https://codereview.chromium.org/2305903002
Cr-Original-Commit-Position: refs/heads/master@{#39153}
Cr-Commit-Position: refs/heads/master@{#39361}

Moved the compilation/instantiation pipeline to work off the
module object (JSObject), making the compiled module data (the
FixedArray) an implementation detail. This:
- simplifies the code by removing duplicate decode->compile->instantiate
sequences
- sets up the stage for "dressing up" the runtime model with
stronger typed APIs
- helps relanding this CL: https://codereview.chromium.org/2305903002/.
  It turns out that GCs during the cloning/instantiation events cause
trouble, and centering the source of truth on the module object helps
address this issue.

In the process, clarified cctest setup for wasm-capable isolates,
and changed signatures for consistency (using ModuleOrigin througout).

BUG=

Review-Url: https://codereview.chromium.org/2320723005
Cr-Commit-Position: refs/heads/master@{#39360}

The raw pointer to the parameter_map might get stale in case of accessors present on
the arguments object.
Drive-by-fix: use nullptr instead of the_hole with isolate access.

BUG=chromium:645680

Review-Url: https://codereview.chromium.org/2332503002
Cr-Commit-Position: refs/heads/master@{#39359}

BUG=chromium:645851

Review-Url: https://codereview.chromium.org/2332633002
Cr-Commit-Position: refs/heads/master@{#39358}

The whitelist is populated with those inline intrinsics that are lowered
in JSIntrinsicInlining and were not previously blacklisted. Thus the only
additional FrameStates this CL adds are those where the caller tries to
call the INLINE version of an intrinsic but ends up calling the RUNTIME
version instead.

R=bmeurer@chromium.org
BUG=chromium:644631

Review-Url: https://codereview.chromium.org/2331543002
Cr-Commit-Position: refs/heads/master@{#39357}