The existing stack check only checked the number of stack frames on the
stack, not the actual size of the stack frames. In the test case, each
stack frame is huge, and the interpreter runs out of memory before the
stack check stops the execution. With this change we take the size of
the value stack and the size of the control stack and compare their sum
to the stack limit of V8. Note that this stack limit is kind of
arbitrary, because the stack space of the interpreter is not on the
actual runtime stack but allocated in zone memory, and the stack check
exists to simulate stack overflows in compiled code, not to prevent
actual stack overflows.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-778917

Bug: chromium:778917
Change-Id: Ife47631fcb1a178a68facab1e42c0069b12c0155
Reviewed-on: https://chromium-review.googlesource.com/744003
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49071}

This is an experiment to quantify the impact of SlicedStrings on both
performance and memory usage. The intention is to get Canary coverage
for the experiment and then decide how to proceed.

Bug: v8:7025
Change-Id: Ied548cd9e2fab127c1ad2aea3e60b2615d3de663
Reviewed-on: https://chromium-review.googlesource.com/750082
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49070}

Proxy's call trap can be used to cause recursion.

R=bmeurer@chromium.org, tebbi@chromium.org

Bug: chromium:779344
Change-Id: I19c989f618f7230028ebe18c3415bc3f4bd72b93
Reviewed-on: https://chromium-review.googlesource.com/743782Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49069}

This partially reverts commit aaebbbaa,
which removed the --string-slices flag. We reintroduce the flag as a
build time flag for an experiment to gather information of how much
SliceStrings help with throughput and effective memory use.

Bug: v8:7025
Change-Id: I529da91bb7501fe93d83891abf560710f3ecb9d0
Reviewed-on: https://chromium-review.googlesource.com/750681Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49068}

This CL adds support for two byte string comparisons to the StringEqual
builtin, which so far was bailing out to the generic %StringEqual
runtime function whenever any two-byte string was involved. This made
comparisons that involved two-byte strings, either comparing them to
one-byte strings or comparing two two-byte strings, up to 3x slower than
if only one-byte strings were involved.

With this change, all direct string (SeqString or ExternalString)
equality checks are roughly on par now, and the weird performance cliff
is gone. On the micro-benchmark from the bug we go from

  stringEqualBothOneByteSeqString: 162 ms.
  stringEqualTwoByteAndOneByteSeqString: 446 ms.
  stringEqualOneByteAndTwoByteSeqString: 438 ms.
  stringEqualBothTwoByteSeqString: 472 ms.

to

  stringEqualBothOneByteSeqString: 151 ms.
  stringEqualTwoByteAndOneByteSeqString: 158 ms.
  stringEqualOneByteAndTwoByteSeqString: 166 ms.
  stringEqualBothTwoByteSeqString: 160 ms.

which is the desired result. On the esprima test of the
web-tooling-benchmark we seem to improve by 1-2%, which corresponds to
the savings of going to the runtime for many StringEqual comparisons.

Drive-by-cleanup: Introduce LoadAndUntagStringLength helper into the CSA
with proper typing to avoid the unnecessary shifts on 64-bit platforms
when keeping the length tagged initially in StringEqual.

Bug: v8:4913, v8:6365, v8:6371, v8:6936, v8:7022
Change-Id: I566f4b80e217513775ffbd35e0480154abf59b27
Reviewed-on: https://chromium-review.googlesource.com/749223Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49067}

Recent Clang versions (r317076+) warn about this.

Bug: chromium:780523
Change-Id: Iccc8d675ce4700f67dedfaa60bc6662b03b55ceb
Reviewed-on: https://chromium-review.googlesource.com/749117Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Hans Wennborg <hans@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49066}

Rather than having a single script compilation timer, split it into
multiple timers depending on the state of the (blink-owned) code cache
and (v8-owned) complation cache. This is intended to replace both the
script compilation time timer, and the compilation heuristic enum.

Also keep track of why blink might not want us to produce (or consume) a
code cache, and split the compilation timer on this as well.

Note, there is currently no timer for streaming sources, so these won't
show up in the histograms.

Bug: chromium:582873
Bug: chromium:769203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia32fff044f919e20e3cec73329e62e01e421b72a
Reviewed-on: https://chromium-review.googlesource.com/746922
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49065}

See: https://github.com/nodejs/node-v8/issues/23
Bug: 
Change-Id: Id8e1e828f6f9b1639917319b88c037942f8e73e8
Reviewed-on: https://chromium-review.googlesource.com/743941Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#49064}

Push cp in EnterFrame for CONSTRUCT type frames, in order to align the stack op,
and adapt the users (Generate_JSBuiltinConstructStub*) to account for it.
Then align the rest of the stack operations in
Generate_JSBuiltinConstructStubHelper.

Bug: v8:6644
Change-Id: I4ffca329d5838902f787a52ac0d362dfbf9174c6
Reviewed-on: https://chromium-review.googlesource.com/746923Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#49063}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7765787..ec29950

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6fd9f08..1471560

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I229d22f43903bc9101ba0958b8f5a05f83700913
Reviewed-on: https://chromium-review.googlesource.com/748582Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49062}

Change-Id: I7e833c3b06cfb3ff9eda663c2bee4981013744b0

Adding index accessor counter

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic353c11fa0f430537819387d17eedeec5466d9cc
Bug: 
Reviewed-on: https://chromium-review.googlesource.com/741169Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Natalie Silvanovich <natashenka@google.com>
Cr-Commit-Position: refs/heads/master@{#49061}

Bug: 
Change-Id: I72a91c3a7c89730b6f54ecd30743263ff0ab4642
Reviewed-on: https://chromium-review.googlesource.com/746946Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#49060}

The parser now throws for literals that are too big for the runtime
to support, thus avoiding CHECK-failures further down the line.

Tbr: rmcilroy@chromium.org
Bug: v8:6791
Change-Id: Ie45ddebb8aa9e7a30e8b6b74f99916b700e38e4a
Reviewed-on: https://chromium-review.googlesource.com/747682
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49059}

Currently, dynamic `import()` throws the following SyntaxError when
used without a specifier:

    > import();
    < Uncaught SyntaxError: Unexpected token )

From the error message, it seems this the result of the code snippet
being seen as static `import` followed by parens, as opposed to
`import()` with no specifier.

This patch makes this error message more clear:

    > import();
    < SyntaxError: import() requires a specifier

BUG=v8:7020,v8:6513

Change-Id: I3519dfd0029f38d23da858a5499f1d226e794935
Reviewed-on: https://chromium-review.googlesource.com/747141Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49058}

Implicit case-fallthrough strikes again.

Bug: v8:6791
Change-Id: Iee6422a67797f8958527507bac538bcdac2ebddc
Reviewed-on: https://chromium-review.googlesource.com/747075Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49057}

Objects with both dictionary and non-dictionary maps can store their
hash in the {properties} field when they have no other properties.

Bug: chromium:778952
Change-Id: I8ac8c31eaac32116415e3c65cef8dee260dca2c9
Reviewed-on: https://chromium-review.googlesource.com/747272Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49056}

Takes too long on bots to run

Bug: 
Change-Id: Ia99717fe943ff6437497425abd3a3cb9999d7564
Reviewed-on: https://chromium-review.googlesource.com/746533Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#49055}

When closing untagged template string literals, create a single n-ary
addition operation, instead of a tree of binary operations.

As a clean-up, this also entirely removes the "second" field from n-ary
operations. This was proving to be too confusing an API when building
an n-ary operation incrementally from a single expression (rather than
converting a binary operation).

Bug: v8:6964
Change-Id: I8f2a395d413cf345bab0a1a347b47f412cde83b1
Reviewed-on: https://chromium-review.googlesource.com/739821Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49054}

Also replaced kTrue/kFalse with a kBoolean type, and remove now-unused
IsTypeX() methods (leaving ones that are called frequently).

Bug: v8:6984
Change-Id: I0cbffc37efaa391981d8dce564051ce43257ed8a
Reviewed-on: https://chromium-review.googlesource.com/745023Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49053}

Change-Id: I9fbf2b291299d7bdf12e98e8a55f2d56b59807c8
Reviewed-on: https://chromium-review.googlesource.com/746881Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49052}

This is a reland of f259ec2d
Original change's description:
> [build] Include deopt-fuzzer isolates on fuzzer builders
> 
> TBR=sergiyb@chromium.org
> NOTRY=true
> NOTREECHECKS=true
> 
> Bug: v8:7012
> Change-Id: I1d0b0488cd9b7bf6a30edc0b010f32fb0914ed0b
> Reviewed-on: https://chromium-review.googlesource.com/743783
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49032}

TBR=sergiyb@chromium.org

Bug: v8:7012
Change-Id: Idbc7126ea0cbc37da1536ca3c0ed03c4ddb7c93d
Reviewed-on: https://chromium-review.googlesource.com/746781Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49051}

We have a check on maximum number of levels that can be inlined. This
in some cases causes performance cliffs, when we cannot inline a small
function because it has exceeded the number of levels. This cl removes
that check. The intuition is that, having gone down several levels in
a particular line stopping inlining that chain and exploring a new
call site may not be beneficial. This cl also introduces a absolute
limit on the number of nodes that can be inlined (including the small
functions).

Bug: v8:6871, chromium:779509
Change-Id: Id29639ff2fd85b84d8746da3fb78a82d4e9852e8
Reviewed-on: https://chromium-review.googlesource.com/743727Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49050}

This adds support to the KeyedLoadIC to ignore out of bounds accesses
for Strings and return undefined instead. We add a dedicated bit to the
Smi handler to encode the OOB state and have TurboFan generate appropriate
code for that case as well. This is mostly useful when programs
accidentially access past the length of a string, which was observed and
fixed for example in Babel recently, see

  https://github.com/babel/babel/pull/6589

for details. The idea is to also extend this mechanism to Arrays and
maybe other receivers, as reading beyond the length is also often used
in jQuery and other popular libraries.

Note that this is considered a mitigation for a performance cliff and
not a general optimization of OOB accesses. These should still be
avoided and handled properly instead.

This seems to further improve the babel test on the web-tooling-benchmark
by around 1%, because the OOB access no longer turns the otherwise
MONOMORPHIC access into MEGAMORPHIC state.

Bug: v8:6936, v8:7014
Change-Id: I9df03304e056d7001a65da8e9621119f8e9bb55b
Reviewed-on: https://chromium-review.googlesource.com/744022
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49049}

This both simplifies the code, and brings it in-line with
what we need for wasm on the native heap.

Bug: v8:6876
Change-Id: Ia48aed86ddcd94e85c0aecc053c327dfacb795d6
Reviewed-on: https://chromium-review.googlesource.com/744593
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49048}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c5d82db..7765787

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/e043d81..3275a09

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/110e5f6..ca0bd08

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/52d748d..6fd9f08

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ib82da8ba88f625e1d64070d69df742a3ec0792ef
Reviewed-on: https://chromium-review.googlesource.com/745603Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49047}

This reverts commit 521fa16e.

Reason for revert: fails tests under code-serializer:

https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/17691

Original change's description:
> [runtime] Slightly optimize creation of class literals.
> 
> TBR=bmeurer@chromium.org
> 
> Bug: v8:5799
> Change-Id: I61de5f8b3333db174dadf76ed983950acb39742b
> Reviewed-on: https://chromium-review.googlesource.com/649509
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49044}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,mythria@chromium.org,gsathya@chromium.org,ishell@chromium.org,verwaest@chromium.org

Change-Id: I994edb855a8a0aa6e7e7476b0b013a46aac6f2e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5799
Reviewed-on: https://chromium-review.googlesource.com/745581Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49046}

Bug: v8:5785
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia386725996beb8f47f97930c9dfc8a9639887fea
Reviewed-on: https://chromium-review.googlesource.com/744739Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49045}

TBR=bmeurer@chromium.org

Bug: v8:5799
Change-Id: I61de5f8b3333db174dadf76ed983950acb39742b
Reviewed-on: https://chromium-review.googlesource.com/649509
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49044}

R=joransiu@ca.ibm.com, jbarboza@ca.ibm.com, michael_dawson@ca.ibm.com

Bug: 
Change-Id: I1f25a81637dd50b1d7e9a47154e3df4c61521fad
Reviewed-on: https://chromium-review.googlesource.com/744504Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#49043}

Create new state before parsing FormalParameter because we don't
want to use any of the parameters as an inferred function name.

Previously the stacktrace was:
  test.js:3: Error: boom
      throw new Error('boom');
      ^
  Error: boom
      at param (test.js:3:11)
      at test.js:4:5
      at test.js:6:3

The stacktrace with this patch:
  test.js:3: Error: boom
      throw new Error('boom');
      ^
  Error: boom
      at test.js:3:11
      at test.js:4:5
      at test.js:6:3


Bug: v8:6822, v8:6513
Change-Id: Ifbadc660fc4e85248af405acd67c025f11662bd4
Reviewed-on: https://chromium-review.googlesource.com/742657Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49042}

With the existing platform API it is not possible to post foreground
tasks from background tasks. This is, however, required to implement
asynchronous compilation for WebAssembly. With this CL we add the
concept of a TaskRunner to the platform API. The TaskRunner contains
all data needed to post a foreground task and can be used both from a
foreground task and a background task. Eventually the TaskRunner should
replace the existing API.

In addition, this CL contains a default implementation of the
TaskRunner. This implementation has tempory workaround for platforms
which do not provide a TaskRunner implementation yet. This default
implementation should be deleted again when all platforms provide a
TaskRunner implementation.

R=rmcilroy@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6ea4a1c9da1eb9a19e8ce8f2163000dbc2598802
Reviewed-on: https://chromium-review.googlesource.com/741588
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49041}

This CL contains the base implementation for logging function events.
Currently only compiler events are support (compile, compile-lazy...),
future CLs will enable log events for parsing and first-time exeuction
of functions.

Bug: chromium:757467
Change-Id: Ia705979190a3ebc1009989610483a7a141bc504b
Reviewed-on: https://chromium-review.googlesource.com/743921Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49040}

... when storing to proxies.

Bug: chromium:772897
Change-Id: Ia91e69f35dc3b1f67b67038bd8206e508149e9a3
Reviewed-on: https://chromium-review.googlesource.com/744041Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49039}

Port 776d6e9d

R=rossberg@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, jbarboza@ca.ibm.com
BUG=
LOG=N

Change-Id: I62e59ba70fac2627a5ee00fd3007766c7c570ba3
Reviewed-on: https://chromium-review.googlesource.com/742694Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#49038}

This reverts commit ecd3a2ea.

Reason for revert: Bug 779509, a crash with chrome.

Original change's description:
> [TurboFan] Remove maximum inlining levels check from inlining heuristics
> 
> We have a check on maximum number of levels that can be inlined. This
> in some cases causes performance cliffs, when we cannot inline a small
> function because it has exceeded the number of levels. This cl removes
> that check. The intuition is that, having gone down several levels in
> a particular line stopping inlining that chain and exploring a new
> call site may not be beneficial.
> 
> Bug: v8:6871
> Change-Id: I120056db38e78ce48dff010b6cf994259238582a
> Reviewed-on: https://chromium-review.googlesource.com/741705
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49009}

TBR=mythria@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6871
Change-Id: I4766f911cb326c224af110be5c0dd7a44362a880
Reviewed-on: https://chromium-review.googlesource.com/743785Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49037}

- Add WeakMapPrototypeSet and WeakSetPrototypeAdd TFJ builtins
  - Fast paths for...
    1) existing key
    2) new key when ObjectHashTable has a "sufficient capacity"
- Create WeakCollectionsBuiltinsAssembler to consolidate common WeakMap/WeakSet code generation
- Convert existing WeakMapLookupHashIndex to use WeakCollectionsBuiltinsAssembler

Some quick benchmarks shows performance gains of...
- 1.56x - 1.98x for WeakMap constructor
- 1.66x - 2.06x for WeakSet constructor
- 1.50x - 2.11x for WeakMap.p.set
- 1.54x - 2.26x for WeakSet.p.add

https: //github.com/peterwmwong/v8-perf/blob/master/weakcollection-set/README.md
Bug: v8:5049, v8:6604
Change-Id: I3499d46be6b2b3b1d8d46720ebe86cc5142ee542
Reviewed-on: https://chromium-review.googlesource.com/737935
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49036}

Test that console.time/End/Stamp properly show up in the log file.

Change-Id: I99904e20fc98811ed3e3b5e5a9d186b459b8d4be
Reviewed-on: https://chromium-review.googlesource.com/743020
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49035}

This proceeds the experiment using the legacy bots, since luci bots
are blocked on https://crbug.com/776734.

NOTRY=true

Bug: chromium:772816, chromium:776734
Change-Id: I7532e04e98a96d69dbeefcd6edf66fb0cddbe111
Reviewed-on: https://chromium-review.googlesource.com/743365Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49034}

This reverts commit f259ec2d.

Reason for revert: Breaks tree

Original change's description:
> [build] Include deopt-fuzzer isolates on fuzzer builders
> 
> TBR=sergiyb@chromium.org
> NOTRY=true
> NOTREECHECKS=true
> 
> Bug: v8:7012
> Change-Id: I1d0b0488cd9b7bf6a30edc0b010f32fb0914ed0b
> Reviewed-on: https://chromium-review.googlesource.com/743783
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49032}

TBR=machenbach@chromium.org,sergiyb@chromium.org

Change-Id: If1846d2a711edeb44f031e536f84cc4b71a107e5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7012
Reviewed-on: https://chromium-review.googlesource.com/743784Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49033}

TBR=sergiyb@chromium.org
NOTRY=true
NOTREECHECKS=true

Bug: v8:7012
Change-Id: I1d0b0488cd9b7bf6a30edc0b010f32fb0914ed0b
Reviewed-on: https://chromium-review.googlesource.com/743783
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49032}