These functions should only be called in case of a parse error, so speed
of calling them should not be a concern.

In local testing, this saves ~16k of binary size on a release mode build.

Bug: v8:7090
Change-Id: I433df81c2a5811ed922885dbab3ce003427f3d1c
Reviewed-on: https://chromium-review.googlesource.com/780693Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49551}

Bug: 
Change-Id: Idc0bbc55713a6e6dcc88db77477bfddf3bd80a02
Reviewed-on: https://chromium-review.googlesource.com/781769Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49550}

Reduce the deopt table size by reusing the entry address available in a temp
register to compute the entry id. Saves ~200kB.

Bug: 
Change-Id: I3a1baf0e4c8cf19a0aa149da2bea623c1349a9ca
Reviewed-on: https://chromium-review.googlesource.com/774890Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49549}

Both can be used to optionally initialize an object, but with
base::Optional it will be stack-allocated.

R=ahaas@chromium.org

Change-Id: I9977e1b2e0532505f8582cc68e27687aaeebd33d
Reviewed-on: https://chromium-review.googlesource.com/781920Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49548}

Filtering by status file split to four parts:
1. Getting outcomes - reads both variant dependent and
independent outcomes, no more need to do it twice.
2. Checking unused rules - has a switch to check only variant
dependent/independent rules.
3. Reading flags - if outcome starts with '--' it is treated as a flag.
4. Actual filtering.

Outcomes removed from the testcase object, can be accessed
by call to its testsuite.

Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I35762f891010ddda926250452b88656047433daa
Reviewed-on: https://chromium-review.googlesource.com/775160
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49547}

On x64, we optimize out EmbeddedReferences, unless we explicitly
indicate serialization is enabled. We serialize js-to-wasm wrappers,
which include such references.

Bug: v8:7083
Change-Id: I976da4af74bf7ee3245e1465b8e47f2c042ec3b4
Reviewed-on: https://chromium-review.googlesource.com/780207Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49546}

Typically the interpreter returns 0xdeadbeef to indicate an exception.
However, for stack overflows a normal exception is used. The interpreter
requires an activation, however, to deal with normal exceptions. With
this CL we start an activation before we execute the fuzzer input in the
interpreter.

R=clemensh@chromium.org

Bug: chromium:781103
Change-Id: I4fc3a18bfc2076aab9ff7d2324a3311fe222954a
Reviewed-on: https://chromium-review.googlesource.com/776835
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49545}

A few coverage tests depend on a GC run that deterministically frees all
dead objects, but Runtime::kCollectGarbage did not explicitly disable
incremental marking. Incremental marking makes liveness detection
timing-dependent and thus should be disabled here.

NOTRY=true
NOPRESUBMIT=true
TBR=mlippautz@chromium.org

Bug: v8:7108
Change-Id: I8bebe612bbc2126b8ad778af15f08442ccc91a35
Reviewed-on: https://chromium-review.googlesource.com/781865
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49544}

R=machenbach@chromium.org
BUG=v8:7106

Change-Id: I89ff17393848c88ffd885af3fec8b6703c75d073
Reviewed-on: https://chromium-review.googlesource.com/781942Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49543}

The unused properties fields number is calculatable via used in-object
properties count and we can drop it now.

Bug: chromium:774644
Change-Id: I7388af7772a8e793593fabc46527886cf2e36095
Reviewed-on: https://chromium-review.googlesource.com/781465Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49542}

Bug: 
Change-Id: Iccc0241859970ad4e04b9a6e5f206491aa7c442e
Reviewed-on: https://chromium-review.googlesource.com/781939Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49541}

The wasm context will always be stored on the stack, and will be loaded
from there whenever needed (for accessing globals or the memory). We
can still improve this later by caching the context address or specific
information loaded from it.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Idd7fb1ccff28a73beaf545997e3dfdb74757b686
Reviewed-on: https://chromium-review.googlesource.com/779145
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49540}

This introduces a JSBitwiseNot operator and lowers it either to a
speculative xor with -1 (when we have Number feedback) or to
a stub call. The stub is also new.

Bug: v8:6791
Change-Id: I362e52de8a741dc5db044c406543878e407eb2ed
Reviewed-on: https://chromium-review.googlesource.com/778839
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49539}

This introduces a JSNegate operator and lowers it either to a
speculative multiplication with -1 (when we have Number feedback)
or to a stub call. The stub is also new.

R=jarin@chromium.org

Bug: v8:6791
Change-Id: I8e20333fe49cc6088d2d10777be982e42eed2412
Reviewed-on: https://chromium-review.googlesource.com/774718
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49538}

Bug: 
Change-Id: Ic72ebff8c106ef200875de352972c5b324dcb5a0
Reviewed-on: https://chromium-review.googlesource.com/781466
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49537}

This works because we pool regular non-executable pages on a lower level. Executable pages are currently not supported by the pooling mechanism. If this regresses we should fix it.

Change-Id: Ief3484d59f1f1f4bc63f8e718482e4174bedc012
Reviewed-on: https://chromium-review.googlesource.com/778939Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49536}

This introduces {Heap::write_protect_code_memory} as a race-free copy of
the underlying {FLAG_write_protect_code_memory} flag. Since this flag is
checked from the parallel sweeper, subsequent flag implications might be
racing against the read. This ensures race-free reads.

R=hpayer@chromium.org
BUG=v8:6792,chromium:774108,v8:7106

Change-Id: I1a1073f11e91bebd60f8d5da440845452ec67c50
Reviewed-on: https://chromium-review.googlesource.com/781662Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49535}

Currently the SourcePositionTableBuilder requires a Zone because it
holds a ZoneVector<byte> of the encoded entries. Since ZoneVector is a
suboptimal data structure anyway, and for Liftoff we don't even have a
Zone allocated currently, this CL replaces the ZoneVector by
std::vector.

R=mstarzinger@chromium.org

Bug: v8:6600
Change-Id: I8010143e917e2351664e2b53746753b597f4407a
Reviewed-on: https://chromium-review.googlesource.com/779181Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49534}

In the case of a corrupted snapshot we fall back to initializing the isolate
from scratch. Howver, we don't ship the full SetupIsolateDelegate. This causes
spurious failures during later initialization.

This CL mostly turns the DCHECKs in SetupIsolateDelegate into hard CHECKs making
it easier to spot these kind of failures.


Bug: chromium:767846
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe8a5beece27433439b1b09412f6110be703ff86
Reviewed-on: https://chromium-review.googlesource.com/779189Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49533}

This makes sure the {CodeSpaceMemoryModificationScope} for the common
allocation path is inside the {Heap} component. This will in turn enable
finer-grained control of the modification scope in the future.

R=hpayer@chromium.org
BUG=v8:6792

Change-Id: I6c3bc457bac641e79b2786cf78557b26aa2027e7
Reviewed-on: https://chromium-review.googlesource.com/779399
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49532}

This is a reland of 712fa675.

Original change's description:
> [test] Add Liftoff variant
>
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
>
> R=machenbach@chromium.org, hablich@chromium.org
>
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org
CC=hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: Ieb20020f07c70acaa64bb421763a41aa163a261b
Reviewed-on: https://chromium-review.googlesource.com/781499
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49531}

The integer value denoting the number of captures (and thus the size
of the list of captures created in @@replace [0]) can be controlled by
the user.  This CL ensures we don't overflow and respect
Code::kMaxArguments, but note that it is still possible to trigger
OOMs through large lists.

Bug: chromium:786573
Change-Id: I19c88908c594487818d083b2ba423764ef91eae0
Reviewed-on: https://chromium-review.googlesource.com/779001Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49530}

TBR=machenbach@chromium.org

Bug: chromium:748002, chromium:773606, chromium:748003, chromium:748035
Change-Id: Ibe24a76598daa8af1fe5530859a8a657c54c3b9b
Reviewed-on: https://chromium-review.googlesource.com/779434
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49529}

TBR: rmcilroy@chromium.org
Bug: v8:6791
Change-Id: I4ac2bdce353d987a2fe45149d8556b6591569a01
Reviewed-on: https://chromium-review.googlesource.com/771191
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49528}

Bug: 
Change-Id: Ib9ca5458554ed23e94e85e2a9cb42d816649c881
Reviewed-on: https://chromium-review.googlesource.com/781661Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49527}

This enables lazy bytecode handler deserialization by default.

Design doc: http://goo.gl/QxZBL2

TBR=hablich@chromium.org

Bug: v8:6624
Change-Id: I89a17e16a4ee18ee1bfca75a1d61f7a11cdc211f
Reviewed-on: https://chromium-review.googlesource.com/776836Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49526}

R=clemensh@chromium.org

Change-Id: Ifb5c02698b5ad9189283e227e89fa020f92186a8
Reviewed-on: https://chromium-review.googlesource.com/781720Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49525}

Change-Id: I3f54db032526e4253adacbff8c50393392aad852
Reviewed-on: https://chromium-review.googlesource.com/781629
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49524}

The index of a function in the WasmModule data structure is offset by
the number of imported functions in the module. The {DecodeFunctionBody}
function of the module decoder, however, requires the function index
without this offset. The streaming processor mixed up these two ranges
of function indices. This is fixed in this CL.

R=clemensh@chromium.org

Bug: chromium:781507
Change-Id: Ie3e0c4703b06ecb923c98ffb961844915323197c
Reviewed-on: https://chromium-review.googlesource.com/776680
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49523}

R=machenbach@chromium.org

Bug: chromium:748002, chromium:773606, chromium:748003, chromium:748035
No-Try: true
Change-Id: I80ec2a4bf8cb1193c4f31ae1dc84e7f88a2011b4
Reviewed-on: https://chromium-review.googlesource.com/779431
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49522}

[heap] Initialize the write_unprotect_counter_ of new code pages with the number of open CodeSpaceMemoryModificationScopes.

Bug: chromium:774108,v8:6792
Change-Id: Ib5306075aeff61160762c685c343970ceb32b66a
Reviewed-on: https://chromium-review.googlesource.com/779201Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49521}

V8 passes the command explicitly to each swarming task, hence it's
not necessary to store the command in the isolate.

This drops the Chromium-specific code in MB that creates the
swarming command based on Chromium test features.

This also makes the swarming targets option a no-op to allow
activating it on the infra side without disruption.

Bug: chromium:669910
Change-Id: I6cb03f05d034092a25d879d52b4d64952493f55b
Reviewed-on: https://chromium-review.googlesource.com/779148Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49520}

Currently the size of compaction spaces is not taken into account in
the Heap::CanExpandOldGeneration predicate. This can push the heap size
over the hard limit in some cases.

This patch makes Heap::CanExpandOldGeneration stricter and also fixes
the SelectGarbageCollector to prefer Mark-Compact near the hard limit.

Bug: chromium:784077
Change-Id: I00c7295eba8794a342dd6277a45f995529054b64
Reviewed-on: https://chromium-review.googlesource.com/779265Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49519}

This code was confusing, since "target" declared in one of the subscopes
shadowed a parameter with the same name.

Change-Id: Ibf694c94f0a26ca65609cb80d22c40a8fa98f4f3
Reviewed-on: https://chromium-review.googlesource.com/779261Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49518}

R=jarin@chromium.org
BUG=v8:6792

Change-Id: Id97c7a9911eb2c0606f8ea25d0a2c8ebcb4c8ccd
Reviewed-on: https://chromium-review.googlesource.com/753729Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49517}

Not resetting the ticks regresses optimization time without substantial
performance benenfits on twitter, facebook, youtube, linkedin and wikipedia.

There was no net positive effect visible otherwise.

Bug: chromium:786908
Change-Id: I98237dee170e7a387f09ccfbad178793361d4a67
Reviewed-on: https://chromium-review.googlesource.com/779435Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49516}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5718716..6167734

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/509676b..bd3b137

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I70c12249d7946044d7049f5cf03357c5a2d1fbaf
Reviewed-on: https://chromium-review.googlesource.com/780865Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49515}

BUG=v8:7070

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I92d7c61afa88e0a52c8eed0c2a44a4e49847e83b
Reviewed-on: https://chromium-review.googlesource.com/767618Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49514}

The strex (Store Exclusive) instruction has the form:

    strex rd, rt, [rn]

It stores the value in register rt at the address in register rn. If the
store succeeds, then 0 is stored in rd, otherwise 1 is stored. The ARM
manual says that behavior is "unpredictable" if d == n || d == t (i.e.
those registers are aliased).

We were not checking for this behavior in the assembler or simulator,
and as a result were generating output where it occurred. This didn't
always break; the tests we run on ARM hardware run this instruction and
pass.

BUG: chromium:786168

Change-Id: I57fe3a1db406eac96eb04ef2246f6970548d3cf9
Reviewed-on: https://chromium-review.googlesource.com/777777Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49513}

This is a reland of c71fd20c
Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
>
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
>
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
>
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable
> JITing using the new data structures.
>
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}

Bug: v8:6876
Change-Id: Ifd1a4c23de8150dbdc75f059cd657e9670b15c9b
Reviewed-on: https://chromium-review.googlesource.com/779680
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49512}