result is sign-extended on 64bit for functions
     LCodeGen::DoFlooringDivI and LCodeGen::DoDivI

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2029273002
Cr-Commit-Position: refs/heads/master@{#36661}

Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.

BUG=chromium:616064

Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}

Revert of Extend HasProperty stub with dictionary-mode and double-elements objects support. (patchset #8 id:280001 of https://codereview.chromium.org/1995453002/ )

Reason for revert:
There are crashes on Win32 and Win64 bots.

Original issue's description:
> Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
>
> This CL also replaces some Branch() usages with GotoIf/GotoUnless.
>
> BUG=v8:2743
> LOG=Y
>
> Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
> Cr-Commit-Position: refs/heads/master@{#36657}

TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2743

Review-Url: https://codereview.chromium.org/2028333002
Cr-Commit-Position: refs/heads/master@{#36659}

Review-Url: https://codereview.chromium.org/2031593002
Cr-Commit-Position: refs/heads/master@{#36658}

This CL also replaces some Branch() usages with GotoIf/GotoUnless.

BUG=v8:2743
LOG=Y

Review-Url: https://codereview.chromium.org/1995453002
Cr-Commit-Position: refs/heads/master@{#36657}

We already implemented CPU time for OS X and POSIX, this path is a
follow up for the implementation on Windows.

BUG=v8:5000
LOG=n

Review-Url: https://codereview.chromium.org/1977983003
Cr-Commit-Position: refs/heads/master@{#36656}

https://codereview.chromium.org/2001393004 makes TypedArray
length property writable, which means we shouldn't depend on it.
Instead, use %_TypedArrayGetLength% to get length.

Attached regression test.

BUG=chromium:615776

Review-Url: https://codereview.chromium.org/2020203006
Cr-Commit-Position: refs/heads/master@{#36655}

Adds instructions for ARM to push floats.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2024443002
Cr-Commit-Position: refs/heads/master@{#36654}

backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2026633003
Cr-Commit-Position: refs/heads/master@{#36653}

This CL also updates the elements kind transition lookup logic:
1) First we go back to the root map,
2) Follow elements kind transitions,
3) Replay the property transitions.

BUG=v8:5009
LOG=Y
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2015513002
Cr-Commit-Position: refs/heads/master@{#36652}

BUG=chromium:414964
LOG=NO

Review-Url: https://codereview.chromium.org/1975593004
Cr-Commit-Position: refs/heads/master@{#36651}

BUG=

Review-Url: https://codereview.chromium.org/2019333009
Cr-Commit-Position: refs/heads/master@{#36650}

GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.

BUG=chromium:612386

Review-Url: https://codereview.chromium.org/2011313003
Cr-Commit-Position: refs/heads/master@{#36649}

BUG=chromium:474921

Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
Cr-Commit-Position: refs/heads/master@{#36517}

Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4
Cr-Commit-Position: refs/heads/master@{#36586}

TBR=jochen@chromium.org

Committed: https://crrev.com/eea9fbe1858df23dd832ed8ddd284f98120d9e21
Cr-Commit-Position: refs/heads/master@{#36607}

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36648}

NOTRY=true
TBR=hablich@chromium.org, rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2027183002
Cr-Commit-Position: refs/heads/master@{#36647}

The idea is to make it easier (cheaper) to call into C/C++ directly with
C calling conventions, which require xmm0 to be used to pass and return
floating point values in the future.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2023763010
Cr-Commit-Position: refs/heads/master@{#36646}

A few values were missing use of a macro causing test to fail on big
endian machines.

BUG=

Review-Url: https://codereview.chromium.org/2024123002
Cr-Commit-Position: refs/heads/master@{#36645}

Revert of [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis. (patchset #2 id:20001 of https://codereview.chromium.org/2026173003/ )

Reason for revert:
Triggers crashes on the deopt fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/10608

Repro:
out/Release/d8 --test --random-seed=849179141 --deopt-every-n-times 149 --nohard-abort --nodead-code-elimination --nofold-constants --noconcurrent-recompilation test/webkit/resources/standalone-pre.js test/webkit/dfg-arguments-mixed-alias.js test/webkit/resources/standalone-post.js

Original issue's description:
> [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis.
>
> Currently, we do not emit EnvironmentMarkers if the hydrogen value
> in the environment is arguments object. As the hydrogen value can change
> for local variables, we emit only some environment markers. That can
> cause environment liveness analysis to mark part of live range as live
> and part as dead. The zapping phase then only inserts zaps in
> live->dead transitions, potentially zapping a live value.
>
> With this CL, we only emit EnvironmentMarkers for 'this' and
> 'arguments' local variables, disregarding the hydrogen value.
>
> BUG=chromium:612146
> LOG=n
>
> Committed: https://crrev.com/1428fbe224dc2df0cb6f59e4959430f7aa614064
> Cr-Commit-Position: refs/heads/master@{#36641}

TBR=jkummerow@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:612146

Review-Url: https://codereview.chromium.org/2029563002
Cr-Commit-Position: refs/heads/master@{#36644}

It happens that a scavenger runs during incremental marking. Currently scavenger does not care about MarkCompact's mark bits. When an object is alive and marked, and at least one scavenge happens during incremental marking, the object will be copied once to the other semispace in the new_space, and then once to the old_space. For surviving objects this is useless extra work.

In our current attempts (https://codereview.chromium.org/1988623002) to ensure marked objects are scavenged, all marked objects will survive therefore there will be many objects which will be uselessly copied.

This cl modifies our promotion logic so when incremental marking is in progress, and the object is marked, we promote it unconditionally.

BUG=
LOG=no

Review-Url: https://codereview.chromium.org/2005173003
Cr-Commit-Position: refs/heads/master@{#36643}

BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
Cr-Commit-Position: refs/heads/master@{#36510}

Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c
Cr-Commit-Position: refs/heads/master@{#36582}

Committed: https://crrev.com/378a26c03efc74bda401daa5accda223cb266177
Cr-Commit-Position: refs/heads/master@{#36606}

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36642}

Currently, we do not emit EnvironmentMarkers if the hydrogen value
in the environment is arguments object. As the hydrogen value can change
for local variables, we emit only some environment markers. That can
cause environment liveness analysis to mark part of live range as live
and part as dead. The zapping phase then only inserts zaps in
live->dead transitions, potentially zapping a live value.

With this CL, we only emit EnvironmentMarkers for 'this' and
'arguments' local variables, disregarding the hydrogen value.

BUG=chromium:612146
LOG=n

Review-Url: https://codereview.chromium.org/2026173003
Cr-Commit-Position: refs/heads/master@{#36641}

Revert of Provide a tagged allocation top pointer. (patchset #4 id:60001 of https://codereview.chromium.org/2028633002/ )

Reason for revert:
Seems to be causing flakiness in some wasm tests:

https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/10598
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/2528

Original issue's description:
> Provide a tagged allocation top pointer.
>
> Taking over http://crrev.com/1924223002.
>
> BUG=chromium:606711
> LOG=N
>
> Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
> Cr-Commit-Position: refs/heads/master@{#36633}

TBR=bmeurer@chromium.org,hpayer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:606711

Review-Url: https://codereview.chromium.org/2031493002
Cr-Commit-Position: refs/heads/master@{#36640}

Reland of [ESNext] Activate async/await for ClusterFuzz (patchset #2 id:40001 of https://codereview.chromium.org/2003503002/ )

Reason for revert:
All known async/await issues are fixed; turn back on Clusterfuzz

Original issue's description:
> Revert of [ESNext] Activate async/await for ClusterFuzz (patchset #1 id:1 of https://codereview.chromium.org/1992173002/ )
>
> Reason for revert:
> First CF feedback is in, reverting for now until the know bugs are fixed.
>
> Original issue's description:
> > [ESNext] Activate async/await for ClusterFuzz
> >
> > BUG=v8:4483
> > R=neis@chromium.org,littledan@chromium.org,caitpotter88@gmail.com
> > LOG=N
> >
> > Committed: https://crrev.com/c57cadfa09fa493141bf43c1c7b898187a71da19
> > Cr-Commit-Position: refs/heads/master@{#36362}
>
> TBR=littledan@chromium.org,caitpotter88@gmail.com,neis@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4483
>
> Committed: https://crrev.com/eb059498b2b2d05731b0dce648bdab801d3873fd
> Cr-Commit-Position: refs/heads/master@{#36397}

TBR=caitpotter88@gmail.com,neis@chromium.org,mstarzinger@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2023003002
Cr-Commit-Position: refs/heads/master@{#36639}

This is a first step towards explicit checkpoints in the graph. For now
we still use the explicit eager bailout points in the AstGraphBuilder
that are marked by the FrameStateBeforeAndAfter helper. Eventually these
will be implicitly emitted by expression visits having a side-effect.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2018403002
Cr-Commit-Position: refs/heads/master@{#36638}

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2022033004
Cr-Commit-Position: refs/heads/master@{#36637}

This mostly affects ARMv6, but also fixes some failures on ARMv7 when
hardware integer division is not available.

- Fix a case where a CodePatcher accumulates literal pool entries, but
  does not actually emit them.
- Don't treat division as safe if we can't use the hardware instruction.
  Our fallback implementation returns the wrong result if the divisor is
  zero.
- Support deoptimization tables bigger than 8 bits. (kMaxNumberOfEntries
  requires a 16-bit table index.)
- Correct a TurboFan instruction encoding to encode the Operand2 mode.

BUG=

Review-Url: https://codereview.chromium.org/2021343002
Cr-Commit-Position: refs/heads/master@{#36636}

R=jarin@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2025273002
Cr-Commit-Position: refs/heads/master@{#36635}

This adds a very simplistic reduction of {CheckPoint} nodes via the new
{CheckpointElimination}, eliminating redundant check points that appear
in an effect chain of operations that are all {kNoWrite}. Such a chain
allows an arbitrary check point to be chosen. The current approach will
end up choosing the first one for all deopts in the chain.

R=bmeurer@chromium.org
TEST=unittests/CheckpointEliminationTest.CheckPointChain
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2022913003
Cr-Commit-Position: refs/heads/master@{#36634}

Taking over http://crrev.com/1924223002.

BUG=chromium:606711
LOG=N

Review-Url: https://codereview.chromium.org/2028633002
Cr-Commit-Position: refs/heads/master@{#36633}

This patch enables the following transformations in the instruction
selector:

| Before           | After                  |
|------------------+------------------------|
| and x3, x1, #0x1 | tb{,n}z w1, #0, #+0x78 |
| cmp x3, #0x0     |                        |
| b.{eq,ne} #+0x80 |                        |
|------------------+------------------------|
| cmp x0, #0x0     | cb{,n}z x0, #+0x48     |
| b.{eq,ne} #+0x4c |                        |

I have not seen these patterns beeing generated by turbofan, however the
stubs hit these cases frequently. A particular reason is that we are
turning operations that check for a Smi into a single `tbz`.

As a concequence, the interpreter is affected thanks to inlining
turbofan stubs into it's bytecode handlers. I have noticed the size of
the interpreter was reduced by 200 instructions.

BUG=

Review-Url: https://codereview.chromium.org/2022073002
Cr-Commit-Position: refs/heads/master@{#36632}

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2026633004
Cr-Commit-Position: refs/heads/master@{#36631}

We may set a proper HType on HCall or HCallWithDescriptor nodes, for
example for the InstanceOfStub, where we know that the result is a
boolean. So HCall and HCallWithDescriptor shall not ignore the type,
but pass through whatever we set (defaulting to Tagged).

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2024033005
Cr-Commit-Position: refs/heads/master@{#36630}

These functions call into C++ anyways, so there's no need to
have the JavaScript wrapper around them. This commit removes uri.js
completely.

R=yangguo@chromium.org, bmeurer@chromium.org

BUG=v8:4912

Review-Url: https://codereview.chromium.org/2027003002
Cr-Commit-Position: refs/heads/master@{#36629}

     This error is specific to PPC on native(sim builds fine), seems
     AddHexEncodedToBuffer is inlined (with -fno-inline it passes)
     and the compiler emits error that the array may be used
     uninitialized in this function.
     I'm not entirely sure why this occurs only on PPC (native).

R=franzih@chromium.org, bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2019113002
Cr-Commit-Position: refs/heads/master@{#36628}

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2024853002
Cr-Commit-Position: refs/heads/master@{#36627}

Rolling v8/build to 060e1e80a111f7a2f4757758381445c9ec254878

Rolling v8/buildtools to 1a6b6666528b3428abf1cbee7a3b82a30c0355ee

Rolling v8/third_party/icu to 466129d661caa849d4087b624840b4b2c4ee7d85

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2027083002
Cr-Commit-Position: refs/heads/master@{#36626}

If scripts is paused in class constructor before super() call then any attempt to evaluate something like this.* on top frame will produce crash.

BUG=chromium:614019
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2013223003
Cr-Commit-Position: refs/heads/master@{#36625}

Port 63ea3a50

Original commit message:

    Previously, we used the lowest bit for something else.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2024973003
Cr-Commit-Position: refs/heads/master@{#36624}

There are 2 possible states for the deferred symbol --
1) UNDEFINED -- This is the zero state, no deferred object is attached
   to this symbol. When we want to add a new deferred we directly
   attach it to this symbol.
2) symbol with attached deferred object -- New deferred objects are
   not attached to this symbol, but instead they are directly attached
   to the resolve, reject callback arrays. At this point, the deferred
   symbol's state is stale, and the deferreds should be read from the
   reject, resolve callbacks.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2018913004
Cr-Commit-Position: refs/heads/master@{#36623}

Revert of [heap] Do not invoke GC to make heap iterable. (patchset #3 id:40001 of https://codereview.chromium.org/1992913004/ )

Reason for revert:
[Sheriff] Speculative revert for some flakes on the waterfall:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20-%20debug/builds/7409
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20avx2/builds/7983
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/4901

Original issue's description:
> [heap] Do not invoke GC to make heap iterable.
>
> This reverts commit 0aa3707d.
>
> And removes the UnreachableObjectsFilter.
>
> BUG=chromium:580959
> LOG=n
>
> Committed: https://crrev.com/132f89800f560190b4d655adcb4e0eeedd17fd82
> Cr-Commit-Position: refs/heads/master@{#36617}

TBR=yangguo@chromium.org,ulan@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:580959

Review-Url: https://codereview.chromium.org/2020363002
Cr-Commit-Position: refs/heads/master@{#36622}