R=danno@chromium.org
BUG=chromium:608675

Review-Url: https://codereview.chromium.org/2207553002
Cr-Commit-Position: refs/heads/master@{#38302}

Add a new bytecode to create a function context. The handler inlines
FastNewFunctionContextStub.

BUG=v8:4280
LOG=n

Review-Url: https://codereview.chromium.org/2187523002
Cr-Commit-Position: refs/heads/master@{#38301}

If ToObject() has thrown, do not throw another exception. The reason
this does not currently fail is that 1. Errors used to be created
through JS natives, and 2. the JSEntryStub clears any pending
exceptions. So, when calling into JS to create the new error, the old
exception was cleared.

BUG=5259

Review-Url: https://codereview.chromium.org/2208683002
Cr-Commit-Position: refs/heads/master@{#38300}

This new API function allows for setting several internal fields at once.
By avoiding crossing the API each time for setting an internal property we
can speed up the wrapper creation which has to set two fields for every new
object.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2185963002
Cr-Commit-Position: refs/heads/master@{#38299}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2210493002
Cr-Commit-Position: refs/heads/master@{#38298}

Use LoadInstanceType() rather than LoadMapInstanceType(), as this part of the
code is operating on a JS-accessible HeapObject rather than a Map.

BUG=chromium:633883, v8:5162
R=mstarzinger@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2207903002
Cr-Commit-Position: refs/heads/master@{#38297}

BUG=

Review-Url: https://codereview.chromium.org/2210463002
Cr-Commit-Position: refs/heads/master@{#38296}

BUG=

Review-Url: https://codereview.chromium.org/2206183002
Cr-Commit-Position: refs/heads/master@{#38295}

BUG=

Review-Url: https://codereview.chromium.org/2206203002
Cr-Commit-Position: refs/heads/master@{#38294}

LOG=N
BUG=V8:5187

Review-Url: https://codereview.chromium.org/2205093002
Cr-Commit-Position: refs/heads/master@{#38293}

A corresponding flag was added as well to help us find out what breaks when we
do not clear pending exceptions on each JS entry.

BUG=5259

Review-Url: https://codereview.chromium.org/2208663002
Cr-Commit-Position: refs/heads/master@{#38292}

This will allow for the background parser to parse inner functions

BUG=v8:5215
R=marja@chromium.org,verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2198043002
Cr-Commit-Position: refs/heads/master@{#38291}

So far we treated SignedSmall and Signed32 feedback the same for number
operations. However it would be beneficial to generate (a lot) less code
if we only do a Smi check on the inputs instead of doing the full Smi +
HeapNumber + conversion check that we need to do for Signed32 feedback.

R=epertoso@chromium.org
BUG=v8:4583

Review-Url: https://codereview.chromium.org/2207893002
Cr-Commit-Position: refs/heads/master@{#38290}

BUG=

Review-Url: https://codereview.chromium.org/2206573002
Cr-Commit-Position: refs/heads/master@{#38289}

The helper class in question is no longer needed now that frame states
representing the "before" state is not attached to nodes anymore. They
are represented by appropriate {Checkpoint} nodes in the graph now.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2205243002
Cr-Commit-Position: refs/heads/master@{#38288}

R=jkummerow@chromium.org
BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2201023004
Cr-Commit-Position: refs/heads/master@{#38287}

In the parser, we desugar yield* with the help of a regular yield. One
particular implementation detail of this desugaring is that when the user calls
the generator's throw method, this throws an exception that we immediately
catch. This exception should not be visible to the user, but through Devtools'
"Pause on Caught Exceptions" feature it used to be.

This CL extends the type of catch predictions with a new value for such internal
exceptions and uses that for the offending try-catch statement in yield*.  It
instruments the debugger to _not_ trigger an exception event in that case.

R=yangguo@chromium.org
TBR=littledan@chromium.org
BUG=v8:5218

Review-Url: https://codereview.chromium.org/2203803002
Cr-Commit-Position: refs/heads/master@{#38286}

1. Do not mark code_cache as a weak container.
2. Support layout_descriptor field.

Review-Url: https://codereview.chromium.org/2204133002
Cr-Commit-Position: refs/heads/master@{#38285}

The MachineOperatorReducer was only reducing word32 expressions of the type x << y | x >>> (32 - y) (and variants) to the equivalent Word32Ror. This CL applies the same pattern-matching logic to Word32Xor.

BUG=

Review-Url: https://codereview.chromium.org/2199323003
Cr-Commit-Position: refs/heads/master@{#38284}

Move all the typing rules for unary and binary number operations to the
OperationTyper and use them for both the regular Typer as well as the
retyper that runs as part of SimplifiedLowering.

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2202883005
Cr-Commit-Position: refs/heads/master@{#38283}

This completely removes the ability from nodes to point directly to the
frame state representing their eager bailout point. All nodes now either
have zero or one frame state inputs. These frame states can by now be
found via checkpoints in the graph.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2020323004
Cr-Commit-Position: refs/heads/master@{#38282}

This avoids double accounting since we also have the call in the bottleneck.

R=hpayer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2206623003
Cr-Commit-Position: refs/heads/master@{#38281}

This removes the frame state input representing the before-state from
nodes having any int32 bitwise operator. Lowering that inserts number
conversions of the inputs has to be disabled when deoptimization is
enabled, because the frame state layout is no longer known.

R=epertoso@chromium.org
BUG=v8:5021,v8:4746

Review-Url: https://codereview.chromium.org/2194383004
Cr-Commit-Position: refs/heads/master@{#38280}

We have a simple instantiation at hand if the new.target is from the same
context, not the other way around.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2201113002
Cr-Commit-Position: refs/heads/master@{#38279}

R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2206943002
Cr-Commit-Position: refs/heads/master@{#38278}

Similarly to how we check whether the entered context has access to the target
context when invoking the function constructor, we should check the involved
contexts before invoking eval().

I forgot to add this in the initial CL that adds the check for the function
constructor. Move the code to a common location, and use it for the GlobalEval
builtin as well.

BUG=chromium:541703
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2199343002
Cr-Commit-Position: refs/heads/master@{#38277}

The func_index parameter passed to GetWasmFunctionNameFromTable can be
user-controlled through the CallSite constructor. Catch out-of-bounds
reads and return null as the function name in such cases.

This applies to the 5.3 branch and will be reverted on TOT in a bit.

BUG=632965

Review-Url: https://codereview.chromium.org/2199333002
Cr-Commit-Position: refs/heads/master@{#38276}

Revert of [Tracing] Embed V8 runtime call stats into tracing. (patchset #6 id:100001 of https://codereview.chromium.org/2187693002/ )

Reason for revert:
Sanitizer failures:

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10989/
https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7786/

Original issue's description:
> [Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Cr-Commit-Position: refs/heads/master@{#38270}

TBR=cbruni@chromium.org,fmeawad@chromium.org,machenbach@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5089

Review-Url: https://codereview.chromium.org/2203913004
Cr-Commit-Position: refs/heads/master@{#38275}

  port a7581443 (r38231)

  original commit message:
  When we narrow a signed32 comparison to uint8 or uint16 representation,
  we also need to change the condition to unsigned comparisons otherwise
  the comparison will be done on int16/int8 which interprets the narrowed
  bits wrong.

BUG=

Review-Url: https://codereview.chromium.org/2206913002
Cr-Commit-Position: refs/heads/master@{#38274}

The protocol handler generator generates these files into a default location if
not specified by flag as output. We should account for these files and
explicitly set its output location.

R=machenbach@chromium.org

Committed: https://crrev.com/ac1d077db39dcabb74e36ad5d4bc7ea9fad96ed9
Review-Url: https://codereview.chromium.org/2199253002
Cr-Original-Commit-Position: refs/heads/master@{#38268}
Cr-Commit-Position: refs/heads/master@{#38273}

Revert of [inspector] include additional outputs from protocol handler generator. (patchset #2 id:20001 of https://codereview.chromium.org/2199253002/ )

Reason for revert:
Compile warnings: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/1901/steps/compile/logs/stdio

Original issue's description:
> [inspector] include additional outputs from protocol handler generator.
>
> The protocol handler generator generates these files into a default location if
> not specified by flag as output. We should account for these files and
> explicitly set its output location.
>
> R=machenbach@chromium.org
>
> Committed: https://crrev.com/ac1d077db39dcabb74e36ad5d4bc7ea9fad96ed9
> Cr-Commit-Position: refs/heads/master@{#38268}

TBR=machenbach@chromium.org,faith4roy16@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2206573004
Cr-Commit-Position: refs/heads/master@{#38272}

  port 5bc24397 (r38219)

  original commit message:
  This will enable the interpreter to add a bytecode and use the stub.

BUG=

Review-Url: https://codereview.chromium.org/2205813002
Cr-Commit-Position: refs/heads/master@{#38271}

Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.

This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.

BUG=5089

Review-Url: https://codereview.chromium.org/2187693002
Cr-Commit-Position: refs/heads/master@{#38270}

  port 205457b1 (r38195)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/2206543002
Cr-Commit-Position: refs/heads/master@{#38269}

The protocol handler generator generates these files into a default location if
not specified by flag as output. We should account for these files and
explicitly set its output location.

R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2199253002
Cr-Commit-Position: refs/heads/master@{#38268}

Infer a more precise type even in case where NaN and/or -0 is a possible
outcome of the operation, and use this more precise type to improve code
generation for the modulus itself by trying harder to stick to Word32
operations instead of going to Float64, and also optimize the pattern
where we compare the output of x % y to some non-zero integer constant
K, in which case we can truncate the output of x % y to Word32 if the
type of x % y is Signed32/Unsigned32 \/ NaN \/ MinusZero, as NaN and
MinusZero will both be truncated to zero, which cannot match the non
zero constant K.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2202413002
Cr-Commit-Position: refs/heads/master@{#38267}

BUG=v8:5162
R=bmeurer@chromium.org, cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2205883003
Cr-Commit-Position: refs/heads/master@{#38266}

Rolling v8/build to 957253ade4c8b5125afa41102ca41a0b19985e4e

Rolling v8/buildtools to c3a780dcb63ff053439315f761190ffab0480ad4

Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 7d2a29d289d54b8ff9c330efc5145158f1191af2

Rolling v8/tools/mb to e100ad0410f9de1e859a143fe20a9b58f8f8d420

Rolling v8/tools/swarming_client to e4288c3040a32f2e7ad92f957668f2ee3d36e5a6

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2201303002
Cr-Commit-Position: refs/heads/master@{#38265}

Port 5bc24397

Original commit message:

    This will enable the interpreter to add a bytecode and use the stub.

R=klaasb@google.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2200263003
Cr-Commit-Position: refs/heads/master@{#38264}

A fix would be to walk the reloc info and RecordWriteIntoCode. Doing
so, however, upsets a scavenger DCHECK.

We stumbled upon this issue because we were placing wasm objects
(fixed arrays) in NEW_SPACE, rather than OLD_SPACE. These fixed
arrays were subsequently referenced from Code objects, which were
then cloned.

The current CL ensures wasm constructs are allocated in OLD_SPACE,
by pre-tenuring them (consistent with other wasm allocations). In
addition, it adds a DCHECK for CopyCode clarifying its lack of support
for references to NEW_SPACE.

We can investigate in a subsequent CL making CopyCode more robust,
pending understanding of the Scavenger's assumptions.

BUG=

Review-Url: https://codereview.chromium.org/2201663003
Cr-Commit-Position: refs/heads/master@{#38263}