Ensuring we move forward all the deferred handles, in all cases.

BUG=

Review-Url: https://codereview.chromium.org/2807013002
Cr-Commit-Position: refs/heads/master@{#44525}

The decoder has the assumption that it always holds that pc <= end.
However, in the FunctionBodyDecoder, end was set to start to terminate
the decoding loop. Thereby the assumption was violated, which caused a
crash. I set end to pc now to end the decoding loop, which preserves
the assumption and terminates the loop.

BUG=chromium:709741
TEST=unittests/FunctionBodyDecoderTest.Regression709741
R=clemensh@chromium.org

Change-Id: I5bfd61bdc4809fc16f12ca8611876c66a79aaa36
Reviewed-on: https://chromium-review.googlesource.com/472723
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44524}

Force passing arguments on the stack for PushCodeObjectsAndDie by using
more function arguments.

Change-Id: I7a2e825f3423946a03f5dd988c640a37709f32e3
Reviewed-on: https://chromium-review.googlesource.com/472747Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44523}

This occurs in the wasm scenario described in the referenced bug.
DecodeWasmModule collects statistics. Blink inserts a CreateHistogramCallback that
can't instantiate a histogram on non-joinable threads. Turns out, DecodeWasmModule
is scheduled on such a thread, now that we have async compilation.

This fix pre-initializes histograms when the callback is applied, which is assumed to
be in a context that can carry out the instantiation. In Blink, this happens on the main
thread.

BUG=chromium:709684

Review-Url: https://codereview.chromium.org/2812543002
Cr-Commit-Position: refs/heads/master@{#44522}

We went on decoding the next section, which happened to be the start
section. But since the function section had an error, the signature
pointer was not still {nullptr} on the start function, leading to a
segfault.

Drive-by fix: Improve decoder trace output.

R=ahaas@chromium.org
BUG=chromium:708714, chromium:708787

Change-Id: I5ae2adb32764b9d154f1ca878019f26ac31839b4
Reviewed-on: https://chromium-review.googlesource.com/472847Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44521}

According to the spec the copy step is defined iteratively and with
@@species we can create a TypedArray which shares the buffer with the
receiver which in turn prevents us from using memcpy.

Bug: v8:6223

Change-Id: If1bad085ea1d022bf3fb2cffc81645b2f7f56346
Reviewed-on: https://chromium-review.googlesource.com/471409Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44520}

NOTRY=true

Change-Id: I08b5bf55960d8a2f4e29fc278bd4ff79b8ba7f98
Reviewed-on: https://chromium-review.googlesource.com/472806Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44519}

- Store std::string instead of std::unique_ptr<char[]> for the error
  message.
- Remove ErrorCode, which was just kSuccess and kError anyway. Error is
  now detected on whether error_msg_ is empty or not.
- Refactor constructors for perfect forwarding; this will allow us to
  implement Result<std::unique_ptr<X*>>.
- Refactor Decoder::toResult for perfect forwarding.
- Remove output operators (operator<<) for Result; it was only used in
  the error case anyway. Print error message directly instead.
  The operator was problematic since it assumed the existence of an
  output operator for every T which is used in Result<T>.
- Remove ModuleError and FunctionError, introduce general static
  Result<T>::Error method instead.

R=ahaas@chromium.org

Change-Id: I1e0f602a61ee9780fee2a3ed33147d431fb092ba
Reviewed-on: https://chromium-review.googlesource.com/472748
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44518}

R=ahaas@chromium.org

Change-Id: Ife1b4a20e82544dfe2665ef7c438ee9801be75e4
Reviewed-on: https://chromium-review.googlesource.com/472807Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44517}

We were doing basically the same thing in our own functions, but not
quire right.

R=ahaas@chromium.org

Change-Id: I75409d45982d3edc53e4d12c28a293ed3a2dea97
Reviewed-on: https://chromium-review.googlesource.com/472846
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44516}

Previously we didn't produce all data that we need for creating sensemaking
FunctionLiterals for the skipped functions.

Test in https://chromium-review.googlesource.com/c/457037 .

BUG=v8:5516

Change-Id: I1fd02c1109ef6e07e93da131062fd5101a8c8de9
Reviewed-on: https://chromium-review.googlesource.com/469767
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44515}

Revert of [turbofan] reenable: extend escape analysis to reduce CheckMaps (patchset #1 id:1 of https://codereview.chromium.org/2803643004/ )

Reason for revert:
canary crashes

Original issue's description:
> [turbofan] reenable: extend escape analysis to reduce CheckMaps
>
> R=bmeurer@chromium.org
>
> Review-Url: https://codereview.chromium.org/2803643004
> Cr-Commit-Position: refs/heads/master@{#44461}
> Committed: https://chromium.googlesource.com/v8/v8/+/25aff3448eb1813702d098361437a7e88256a1c1

TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/2811693002
Cr-Commit-Position: refs/heads/master@{#44514}

The DCHECK added by https://chromium-review.googlesource.com/461827 was not true
in case we failed to compile the function.

BUG=chromium:708598

Change-Id: I6a542c3ac6281c0549396b4ff0af34ea44450006
Reviewed-on: https://chromium-review.googlesource.com/472826Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44513}

R=jgruber@chromium.org
BUG=v8:4743

Review-Url: https://codereview.chromium.org/2803693006
Cr-Commit-Position: refs/heads/master@{#44512}

This relands commit d3e9aade. The original CL was reverted speculatively but didn't cause the buildbot failure.

Original change's description:
> [Interpreter] Move BinaryOp Smi transformation into BytecodeGenerator.
> 
> Perform the transformation to <BinaryOp>Smi for Binary ops which take Smi
> literals in the BytecodeGenerator. This enables us to perform the
> transformation for literals on either side for commutative operations, and
> Avoids having to do the check on every bytecode in the peephole optimizer.
> 
> In the process, adds Smi bytecode variants for all binary operations, adding
>  - MulSmi
>  - DivSmi
>  - ModSmi
>  - BitwiseXorSmi
>  - ShiftRightLogical
> 
> BUG=v8:6194
> 
> Change-Id: If1484252f5385c16957004b9cac8bfbb1f209219
> Reviewed-on: https://chromium-review.googlesource.com/466246
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44477}

TBR=rmcilroy@chromium.org,machenbach@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,mythria@chromium.org,v8-reviews@googlegroups.com,ishell@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6194

Change-Id: I2ccaefa1ce58d3885f5c2648755985c06f25c1d8
Reviewed-on: https://chromium-review.googlesource.com/472746Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44511}

Instead of storing {start} and {error_pc} we now store the
{error_offset}, which is anyways the only value we use.

R=clemensh@chromium.org

Change-Id: Ifd9791eff5c9efce2e7e2a1989bf3b5eaa464a02
Reviewed-on: https://chromium-review.googlesource.com/471527
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44510}

This is inital work in order to utilize CompilerDispatcher in parallel
parsing.

BUG=v8:6093

Change-Id: I6aae4f32ddb2314585d09039c1c5d7e658dc896f
Reviewed-on: https://chromium-review.googlesource.com/469709Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#44509}

R=clemensh@chromium.org

Change-Id: I7c7bc0293ad093853d945fb18d7e5cb5bf54c3ec
Reviewed-on: https://chromium-review.googlesource.com/464868
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44508}

The spec requires that we use IterableToList, which we skipped for
some arrays as an optimization. We can't skip this for arrays with
objects though, because the objects may mutate the array during
the copying step via valueOf side effects.

Also clean up the implementation to use a runtime function rather
than a builtin as the helper. Also reverses the result of the helper
because I think it is a bit more intuitive that way.

Bug: v8:6224
Change-Id: I9199491abede4479785df6d9068331bc2d6e9c5e
Reviewed-on: https://chromium-review.googlesource.com/471986Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44507}

R=clemensh@chromium.org
TEST=message/asm-table-mismatch-[def|use]
BUG=v8:6202

Change-Id: I3e87f84591bedbda6366883a850dced149db0c8a
Reviewed-on: https://chromium-review.googlesource.com/471666Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44506}

The Generic access info was introduced to handle transitioning stores
that extend the properties backing store (by reusing the STORE_IC). But
since crrev.com/2778133003 TurboFan handles these by just inlining the
properties backing store (re)allocation, and thus this is now dead code.

BUG=v8:5267

Review-Url: https://codereview.chromium.org/2811593002
Cr-Commit-Position: refs/heads/master@{#44505}

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/8235ac1..e9f3127

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: Icedf6fe686afb85953492e395446e06dd7bc62db
Reviewed-on: https://chromium-review.googlesource.com/472349Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44504}

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/7ec8401..8235ac1

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I15af028812bd628970f63cc551539e5bb245cd79
Reviewed-on: https://chromium-review.googlesource.com/472487Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44503}

We don't need to do any kind of translation for non-wasm frames. And we need this knowledge for lazy symbolization.
Capturing stack trace is ~7% faster.

BUG=v8:6189
R=dgozman@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2795103004
Cr-Commit-Position: refs/heads/master@{#44502}

On those architectures that do support unaligned memory access
there is no need to emit heap alignment code in TypedArrayInitialize.

BUG=chromium:708545

Review-Url: https://codereview.chromium.org/2802003003
Cr-Commit-Position: refs/heads/master@{#44501}

This revealed a bug in the TypedArray(typedArray) constructor when the arg is backed by a SharedArrayBuffer.

Also install the species getter and add a test, since it's not tested in
test262 presently.

BUG=v8:5983,v8:5984
R=adamk@chromium.org

Review-Url: https://codereview.chromium.org/2798403004
Cr-Commit-Position: refs/heads/master@{#44500}

TurboFan didn't support transitioning stores that also need to grow the
properties backing store so far. This CL adds support for re-allocating
the properties backing store in-place, so these stores can participate
properly in various optimizations like escape analysis and allocation
folding.

R=ishell@chromium.org
BUG=v8:5267,chromium:708339

Review-Url: https://codereview.chromium.org/2778133003
Cr-Original-Commit-Position: refs/heads/master@{#44183}
Committed: https://chromium.googlesource.com/v8/v8/+/88a7061a53ad200121f7ee2b2bdcc05d793de806
Review-Url: https://codereview.chromium.org/2778133003
Cr-Commit-Position: refs/heads/master@{#44499}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1314c9a..6c97eff

Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/e6b510a..d307444

Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/e650872..87e8335

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/70cd354..7ec8401

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I05b56fb39e1162326e496e99eb8f13e3b144cf6a
Reviewed-on: https://chromium-review.googlesource.com/472166Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44498}

Avoid clobbering argument count when loading instance type.

TBR=bmeurer@chromium.org, ivica.bogosavljevic@imgtec.com

Bug: chromium:706642
Change-Id: I82ceb6f1270420ec683f0659f9433795562ab1b4
Reviewed-on: https://chromium-review.googlesource.com/471872Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44497}

This reverts commit 88a7061a (with
one manually-resolved merge conflict).

It caused a spike of GC crashes on Canary.

TBR=bmeurer@chromium.org

Bug: chromium:708339, v8:5267
Change-Id: I8a5683bbdfb61c95d81a2ee7cdb913f39e553093
Reviewed-on: https://chromium-review.googlesource.com/471928
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44496}

Includes a drive-by fix to a couple of superficial Intl changes

With this roll, test262 starts to look at test262 feature
flags to determine which harmony flags to turn on. There's
still more to do, including adding feature flags to existing
upstream tests and taking advantage of more flags here.


Change-Id: I9cb813e0450be9dc7769ac9c601092bd3572556f
Reviewed-on: https://chromium-review.googlesource.com/471546Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44495}

[heap] Reland "Remove size specializations in static object visitors. (patchset #4 id:60001 of https://codereview.chromium.org/2763413007/ )"

This reverts commit 61df2d90.
The CL was speculatively reverted due to canary crashes, which turned
out to be caused by another CL.

Original issue's description:
> [heap] Remove size specializations in static object visitors.
>
> Apart from that this patch adds kVisitJSObjectFast for JSObjects that
> do not have any unboxed double fields and can be visited without
> run-time layout check.
>
> BUG=chromium:694255
>
> Review-Url: https://codereview.chromium.org/2763413007
> Cr-Commit-Position: refs/heads/master@{#44237}
> Committed: https://chromium.googlesource.com/v8/v8/+/dbb1cbe3a85d5c5528ce876d905e78d2ab35f00b

Review-Url: https://codereview.chromium.org/2808533002
Cr-Commit-Position: refs/heads/master@{#44494}

R=adamk@chromium.org
BUG=v8:4743

Review-Url: https://codereview.chromium.org/2801263002
Cr-Commit-Position: refs/heads/master@{#44493}

The format of the name section changed recently. It now contains
subsections of different type (currently for function names or local
variable names).
This CL changes our internal wasm module builders (in JS and C++) to
emit this new format, and changes the decoder to understand it.
We currently only parse the function name section, and ignore names of
local variables. I will later extend this to parse local variable names
when needed for debugging.

R=ahaas@chromium.org, rossberg@chromium.org
BUG=v8:6222

Change-Id: I2627160c25c9209a3f09abe0b88941ec48b24434
Reviewed-on: https://chromium-review.googlesource.com/470247
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44492}

... by avoiding reads through timer objects allocated on stack of another thread and
explicitly maintaining current RuntimeCallCounter object in RuntimeCallStats instead.

Change-Id: I54eaf078dc1e77dc47ded963903d54ffb583f377
Reviewed-on: https://chromium-review.googlesource.com/471667Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44491}

Split TFS builtins into

* TFC: TF builtins with stub linkage that use a custom interface descriptor
       (e.g. because of a non-standard return size or untagged arguments)
* TFS: the rest.

Automatically generate interface descriptors for TFS builtins to reduce
boilerplate involved in setting up stub calls. These are now as simple as
creating the TFS stub and using CSA::CallBuiltin, no extra work required.

BUG=v8:6116

Review-Url: https://codereview.chromium.org/2777203007
Cr-Commit-Position: refs/heads/master@{#44490}

and out of the main library. This saves about 5% of binary size
(800KB on x64, 373KB on android_arm).

Only the GN build is supported; the GYP build is maintained working
but does not support the feature.

Previously landed as 4782bc0d / r44412.

BUG=v8:6055
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;

Review-Url: https://codereview.chromium.org/2760233005
Cr-Commit-Position: refs/heads/master@{#44489}

This reverts commit d3e9aade.

Reason for revert: Speculative for:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/4449

Bisect points to this CL.

Original change's description:
> [Interpreter] Move BinaryOp Smi transformation into BytecodeGenerator.
> 
> Perform the transformation to <BinaryOp>Smi for Binary ops which take Smi
> literals in the BytecodeGenerator. This enables us to perform the
> transformation for literals on either side for commutative operations, and
> Avoids having to do the check on every bytecode in the peephole optimizer.
> 
> In the process, adds Smi bytecode variants for all binary operations, adding
>  - MulSmi
>  - DivSmi
>  - ModSmi
>  - BitwiseXorSmi
>  - ShiftRightLogical
> 
> BUG=v8:6194
> 
> Change-Id: If1484252f5385c16957004b9cac8bfbb1f209219
> Reviewed-on: https://chromium-review.googlesource.com/466246
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44477}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,mythria@chromium.org,ishell@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6194

Change-Id: If57dbdbe40be77804bf437463b855d3167e2d473
Reviewed-on: https://chromium-review.googlesource.com/471308Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44488}

The spec requires truncation while ToUint32 originally rounded down.
This also adds a bunch of test cases to check edge case behavior.

BUG=v8:6212

Review-Url: https://codereview.chromium.org/2805783003
Cr-Commit-Position: refs/heads/master@{#44487}

The LoadElimination (and potentially earlier passes too) might have
removed or lowered side-effecting operations, which allows for further
combining of check points in the graph, removing unnecessary StateValue
uses for the later truncation analysis.

BUG=chromium:709398
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2807563002
Cr-Commit-Position: refs/heads/master@{#44486}