This was found through a VC++ 2015 Update 1 warning about
pointer truncation. The fix is required for VC++ 2015
compatibility.

Review URL: https://codereview.chromium.org/1411403011

Cr-Commit-Position: refs/heads/master@{#31897}

I improved the tests for Word32Clz, Word32Ctz, and Word32Popcnt, and ported
some tests to the BufferedRawMachineAssemblerTester.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1437493002

Cr-Commit-Position: refs/heads/master@{#31896}

This unconditionally enables zapping of old optimized code maps and
unifies the various zapping paths. The unconditional zapping, even if
heap verification is off, is needed because slots in the code map have
not been recorded and evacuation invariants break.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1410833009

Cr-Commit-Position: refs/heads/master@{#31895}

BUG=v8:4280
LOG=N
NOTRY=True
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1424263004

Cr-Commit-Position: refs/heads/master@{#31894}

This makes sure that --trace-turbo or --turbo-source-positions does not
completely disable inlining. The recent introduction of a finalization
interface to the reducer borked the SourcePositionWrapper reducer.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1406113008

Cr-Commit-Position: refs/heads/master@{#31893}

1) they always own descriptors,
2) the number of own descriptors is equal to the number of descriptors in the descriptor array.

This allows an initial map of a subclass to share descriptor array with initial map of the parent class (if it already contains properties).

BUG=chromium:551430
LOG=N

Review URL: https://codereview.chromium.org/1411933005

Cr-Commit-Position: refs/heads/master@{#31892}

Skips regress-446389.

BUG=v8:4280
LOG=N
NOTRY=true
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1412313010

Cr-Commit-Position: refs/heads/master@{#31891}

R=rossberg@chromium.org
BUG=chromium:552302
LOG=n

Review URL: https://codereview.chromium.org/1425723004

Cr-Commit-Position: refs/heads/master@{#31890}

BUG=v8:4280
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1429423002

Cr-Commit-Position: refs/heads/master@{#31889}

This moves the clearing of all optimized code maps out of the GC and
into the debugger to where it is actually required. The main goal here
is to simplify the logic in the already complex visitor for our shared
function info objects.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1423713018

Cr-Commit-Position: refs/heads/master@{#31888}

BUG=v8:4280
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1420203009

Cr-Commit-Position: refs/heads/master@{#31887}

BUG=v8:4280
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1415143009

Cr-Commit-Position: refs/heads/master@{#31886}

This redcues the noise created by --trace-turbo-inlining when there
actually are no candidates being processed.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1410723004

Cr-Commit-Position: refs/heads/master@{#31885}

  port 7c3396d0 (r31871)

  original commit message:
  Introduce receiver conversion mode specialization for the Call and
  CallFunction builtins, so we can specialize the builtin functionality
  (actually an optimization only) based on static information from the
  callsite (this is basically a superset of the optimizations that were
  available with the CallFunctionStub and CallICStub, except that these
  optimizations are correct now).

  This fixes a regression introduced by the removal of CallFunctionStub,
  for programs that call a lot.

BUG=

Review URL: https://codereview.chromium.org/1431133002

Cr-Commit-Position: refs/heads/master@{#31884}

BUG=

Review URL: https://codereview.chromium.org/1429063003

Cr-Commit-Position: refs/heads/master@{#31883}

Remove some non-standard code that doesn't do anything anyways.

While FireFox uses this to set the default value for the multiline flag,
it is nonstandard and slated for removal. The matching behaviour has
never been implemented in either JSC or V8, so there is little
web-compat risk.

The only possible risk could be someone depending on the ToBoolean()
behaviour of the flag, but this seems unlikely.

BUG=v8:3870
LOG=N
R=adamk@chromium.org, littledan@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1417733012

Cr-Commit-Position: refs/heads/master@{#31882}

Cr-Commit-Position: refs/heads/master@{#31881}

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1413783010

Cr-Commit-Position: refs/heads/master@{#31880}

This switches loading and storing of the message object within the
Isolate to use JavaScript operators built by the JSOperatorBuilder
instead of machine operators. This is a preparation for a stricter
representation selection for loads and stores.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1412443010

Cr-Commit-Position: refs/heads/master@{#31879}

BUG=

Review URL: https://codereview.chromium.org/1431813002

Cr-Commit-Position: refs/heads/master@{#31878}

BUG=chromium:553051
LOG=NO

Review URL: https://codereview.chromium.org/1433663002

Cr-Commit-Position: refs/heads/master@{#31877}

This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.

Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.

This reverts commit 7f1fb29f.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1418453008

Cr-Commit-Position: refs/heads/master@{#31876}

Introduce Reducer::Finalize, which get's called by the GraphReducer once
all reductions are done, and use this to implement full inlining as part
of the regular reducer fixpoint.

R=jarin@chromium.org
BUG=v8:4493
LOG=n

Review URL: https://codereview.chromium.org/1419373012

Cr-Commit-Position: refs/heads/master@{#31875}

BUG=

Review URL: https://codereview.chromium.org/1414283009

Cr-Commit-Position: refs/heads/master@{#31874}

The %StringCharFromCode and %CharFromCode runtime function perform
exactly the same task, so we need only one of them.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1417743007

Cr-Commit-Position: refs/heads/master@{#31873}

R=bmeurer@chromium.org
BUG=v8:4536
LOG=N

Review URL: https://codereview.chromium.org/1427743008

Cr-Commit-Position: refs/heads/master@{#31872}

Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).

This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.

R=yangguo@chromium.org
BUG=chromium:552244
LOG=n

Review URL: https://codereview.chromium.org/1436493002

Cr-Commit-Position: refs/heads/master@{#31871}

Review URL: https://codereview.chromium.org/1425143008

Cr-Commit-Position: refs/heads/master@{#31870}

While working on frame elision, I wanted to disassemble codegen in the
debugger, as the code generation is progressing. I discovered we had a
 "Print" member on the x64 assembler, without any implementation. I
pulled it up to AssemblerBase and gave it an implementation that
should work for the other architectures.

Also checked that ia32, x87, arm and arm64 assemblers didn't have
such an implementation - free Print.

Arm64 has a naming conflict with the v8::internal::Disassembler. I
renamed the arm64 type with a more specific name.

Opportunistically fixed a bug in the name converter. This debug-time
printer doesn't provide a Code object, which should be OK with the
name converters, by the looks of other APIs there. All this means is that
when using the Print() API, we just get addresses dumped without any
context (like what this address may be - a stub maybe, etc). This seems
fine for the scenario.

There may be other places that assume a Code object. Since this is
a diagnostics-only scenario, for codegen developers, I feel it is
reasonable to fix such other places as we find them.

Review URL: https://codereview.chromium.org/1431933003

Cr-Commit-Position: refs/heads/master@{#31869}

BUG=chromium:547162
LOG=Y

Review URL: https://codereview.chromium.org/1412933009

Cr-Commit-Position: refs/heads/master@{#31868}

JSRegExp's properties backing stores must not be shared.

BUG=chromium:548580
LOG=N

Review URL: https://codereview.chromium.org/1429743006

Cr-Commit-Position: refs/heads/master@{#31867}

Use compare-negate instruction if the right-hand input to a compare is a
negate operation.

BUG=

Review URL: https://codereview.chromium.org/1410123009

Cr-Commit-Position: refs/heads/master@{#31866}

IC::GetSharedFunctionInfo get's the JS frame which called the IC. When the
function is running in the interpreter, there is a Bytecode handler stub
frame between the IC and the JS frame. Modify IC::GetSharedFunctionInfo to
handle this.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1420283020

Cr-Commit-Position: refs/heads/master@{#31865}

Adds a blacklist of tests which are currently unsupported or broken in Ignition to
the mjsunit and test262 test status.

Also removes --ignition-script-filter flag, and adds a
--ignition_fallback_on_eval_and_catch flag which fallsback to fullcodegen for
functions which call eval or contain a catch block.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1420963009

Cr-Commit-Position: refs/heads/master@{#31864}

This allows testing the configuration where --harmony-default-parameters
is passed without --harmony-destructuring.

R=rossberg@chromium.org
BUG=v8:2160
LOG=n

Review URL: https://codereview.chromium.org/1410023015

Cr-Commit-Position: refs/heads/master@{#31863}

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1419273008

Cr-Commit-Position: refs/heads/master@{#31862}

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1408003012

Cr-Commit-Position: refs/heads/master@{#31861}

Now that the VisitCode visitor is actually marking through to inlined
code objects (as opposed to the VisitJSFunction visitor), we can make
this helper method private again.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1422853008

Cr-Commit-Position: refs/heads/master@{#31860}

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1406253008

Cr-Commit-Position: refs/heads/master@{#31859}

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1413463009

Cr-Commit-Position: refs/heads/master@{#31858}