Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ )

Reason for revert:
Fuzzer claims `try {  \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.

Original issue's description:
> Add errors for declarations which conflict with catch parameters.
>
> Catch parameters are largely treated as lexical declarations in the
> block which contains their body for the purposes of early syntax errors,
> with some exceptions outlined in B.3.5. This patch introduces most of
> those errors, except those from `eval('for (var e of ...);')` inside of
> a catch with a simple parameter named 'e'.
>
> Note that annex B.3.5 allows var declarations to conflict with simple
> catch parameters, except when the variable declaration is the init of a
> for-of statement.
>
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> Cr-Commit-Position: refs/heads/master@{#37462}

TBR=littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5112,v8:4231

Review-Url: https://codereview.chromium.org/2112223002
Cr-Commit-Position: refs/heads/master@{#37464}

- Uses byte_width() to determine if spill ranges can be merged.
- Modifies InstructionOperand canonicalization to ignore representation for stack slots.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2074323002
Cr-Commit-Position: refs/heads/master@{#37463}

Catch parameters are largely treated as lexical declarations in the
block which contains their body for the purposes of early syntax errors,
with some exceptions outlined in B.3.5. This patch introduces most of
those errors, except those from `eval('for (var e of ...);')` inside of
a catch with a simple parameter named 'e'.

Note that annex B.3.5 allows var declarations to conflict with simple
catch parameters, except when the variable declaration is the init of a
for-of statement.

BUG=v8:5112,v8:4231

Review-Url: https://codereview.chromium.org/2109733003
Cr-Commit-Position: refs/heads/master@{#37462}

Port 5febc27b

Original commit message:

    Prior to this commit, calls to C++ builtins created standard exit
    frames, which are skipped when constructing JS stack traces. In order to
    show these calls on traces, we introduce a new builtin exit frame type.

    Builtin exit frames contain target and new.target on the stack and are
    not skipped during stack trace construction.

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:4815
LOG=N

Review-Url: https://codereview.chromium.org/2105023008
Cr-Commit-Position: refs/heads/master@{#37461}

MathMaxMin creates frame on stack without removing top bit of r14 on 31-bit.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2111263002
Cr-Commit-Position: refs/heads/master@{#37460}

AddBoundMethod, in i18n.js, returns functions all of which share the
same backing SharedFunctionInfo, which means that its calls to
InstallGetter were causing all such functions to have a single name
(that of the last caller, "get breakType").

This patch skips calling InstallGetter and instead directly calls
%DefineGetterPropertyUnchecked, which itself sets the name property
on the JSFunction instance (it knows how to do this in order to handle
getters that have computed property names).

Also takes care of a TODO having to do with the inner boundMethod:
its name is now made empty, by using a new macro that gets around
ES2015's function name inference.

Finally, removes a redundant %FunctionRemovePrototype: arrow functions
have no prototypes to begin with.

R=littledan@chromium.org
BUG=v8:4778

Review-Url: https://codereview.chromium.org/2109223002
Cr-Commit-Position: refs/heads/master@{#37459}

Reland of Add crash instrumentation for crbug.com/621147 (patchset #1 id:1 of https://codereview.chromium.org/2118493002/ )

Reason for revert:
By request from ishell, plan is to leave this in master for awhile longer

Original issue's description:
> Revert of Add crash instrumentation for crbug.com/621147 (patchset #5 id:80001 of https://codereview.chromium.org/2100313002/ )
>
> Reason for revert:
> Instrumentation not needed on master branch
>
> Original issue's description:
> > Add crash instrumentation for crbug.com/621147
> >
> > BUG=chromium:621147
> > LOG=N
> > R=ishell@chromium.org,cbruni@chromium.org
> >
> > Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8
> > Cr-Commit-Position: refs/heads/master@{#37328}
>
> TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=chromium:621147, chromium:624764
>
> Committed: https://crrev.com/b324850900e531ccee03f1712333f13dfcf15427
> Cr-Commit-Position: refs/heads/master@{#37456}

TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:621147, chromium:624764

Review-Url: https://codereview.chromium.org/2114743002
Cr-Commit-Position: refs/heads/master@{#37458}

Added missing GetExtraICState() function for CompareICStub. Without it,
code->extra_ic_state() in IC::StateFromCode was returning zero, which was
causing some performance regressions, as the TypeFeedbackInfo was not updated
correctly, resulting in the runtime profiler choosing not to optimise some
functions that we previously would.

BUG=

Review-Url: https://codereview.chromium.org/2116523002
Cr-Commit-Position: refs/heads/master@{#37457}

Revert of Add crash instrumentation for crbug.com/621147 (patchset #5 id:80001 of https://codereview.chromium.org/2100313002/ )

Reason for revert:
Instrumentation not needed on master branch

Original issue's description:
> Add crash instrumentation for crbug.com/621147
>
> BUG=chromium:621147
> LOG=N
> R=ishell@chromium.org,cbruni@chromium.org
>
> Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8
> Cr-Commit-Position: refs/heads/master@{#37328}

TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:621147, chromium:624764

Review-Url: https://codereview.chromium.org/2118493002
Cr-Commit-Position: refs/heads/master@{#37456}

Currently only property queries are supported.
This CL also factores out prototype chain iteration logic.

GetPropertyStub is not used yet.

BUG=v8:4911
LOG=Y

Review-Url: https://codereview.chromium.org/2087863002
Cr-Commit-Position: refs/heads/master@{#37455}

BUG=v8:5000

Review-Url: https://codereview.chromium.org/2106243002
Cr-Commit-Position: refs/heads/master@{#37454}

BUG=v8:4280

Review-Url: https://codereview.chromium.org/2113613002
Cr-Commit-Position: refs/heads/master@{#37453}

This turns the blacklist back into a white-list adding all binary operations as allowed operations. The one known fix is that it forces canonicalization of the double-hole as double constant.

BUG=chromium:621147

Review-Url: https://codereview.chromium.org/2106393002
Cr-Commit-Position: refs/heads/master@{#37452}

BUG=chromium:624544
LOG=NO

Review-Url: https://codereview.chromium.org/2110213003
Cr-Commit-Position: refs/heads/master@{#37451}

This removes the need to thread through frame states for eager bailout
points from the call-site into the reduction helper. The node under
reduction is known to JSBinopReduction, frame states are loaded late.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2112643006
Cr-Commit-Position: refs/heads/master@{#37450}

Revert of Put RegExp js code in strict mode (patchset #2 id:20001 of https://codereview.chromium.org/1776883005/ )

Reason for revert:
Found to break SAP Web IDE, and these semantics are not shipped in any other browser.
Revert to legacy semantics while assessing web compatibility.

BUG=chromium:624318

Original issue's description:
> Put RegExp js code in strict mode
>
> src/js/regexp.js was one of the few files that was left in sloppy
> mode. The ES2017 draft specification requires that writes to
> lastIndex throw when the property is non-writable, and test262
> tests enforce this behavior. This patch puts that file in strict
> mode.
>
> BUG=v8:4504
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213
> Cr-Commit-Position: refs/heads/master@{#34801}

TBR=yangguo@chromium.org,adamk@chromium.org

Review-Url: https://codereview.chromium.org/2112713003
Cr-Commit-Position: refs/heads/master@{#37449}

In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.

This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX.  When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.

With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.

@v8-mips-ports, can you do a similar implementation for mips?

R=titzer@chromium.org, Rodolph.Perfetta@arm.com

Review-Url: https://codereview.chromium.org/2105313002
Cr-Commit-Position: refs/heads/master@{#37448}

Having presubmit called from within the test runner often
requires logic to remove the call again.

After the GN transition it would be better if presubmit is
called by a wrapper script if needed at all. It is run
on upload and on the tryservers anyways.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2114653002
Cr-Commit-Position: refs/heads/master@{#37447}

This executes an action as part of the build, writing a json
configuration that includes all build flags relevant to v8
testing.

The test runner will derive all build-dependent flags from
the file if it detects it.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2106423002
Cr-Commit-Position: refs/heads/master@{#37446}

R=bmeurer@chromium.org, ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2112733003
Cr-Commit-Position: refs/heads/master@{#37445}

BUG=v8:5159
NOTRY=true

Review-Url: https://codereview.chromium.org/2111673003
Cr-Commit-Position: refs/heads/master@{#37444}

R=machenbach@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2113663002
Cr-Commit-Position: refs/heads/master@{#37443}

    fixed doubleregister name in VisitFloat64Ieee754Binop and VisitFloat64Ieee754Unop

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2111873002
Cr-Commit-Position: refs/heads/master@{#37442}

Port e60c4053

    this fix applies to s390 as well.

R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2101933006
Cr-Commit-Position: refs/heads/master@{#37441}

The functions related to code statistics are a part of spaces currently.
This is not very intutive and hence refactored these functions to a new
CodeStatistics class.

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2082863003
Cr-Commit-Position: refs/heads/master@{#37440}

BUG=

Review-Url: https://codereview.chromium.org/2112873002
Cr-Commit-Position: refs/heads/master@{#37439}

Revert of [compiler] Load elimination now traverses CheckTaggedPointer. (patchset #1 id:1 of https://codereview.chromium.org/2104893002/ )

Reason for revert:
Clusterfuzz breakage (https://bugs.chromium.org/p/chromium/issues/detail?id=624756)

Original issue's description:
> [compiler] Load elimination now traverses CheckTaggedPointer.
>
> It also dereferences the inputs of StoreField, if those were
> CheckTaggedPointers. Tested manually.
>
> BUG=
>
> Committed: https://crrev.com/f416886358c0aeaa5b4d1e83d9c7d6bb8b0e7f2f
> Cr-Commit-Position: refs/heads/master@{#37330}

TBR=bmeurer@chromium.org,bgeron@google.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/2113623002
Cr-Commit-Position: refs/heads/master@{#37438}

-Defines SIMD128_REGISTERS for all platforms.
-Adds Simd128 register information to RegisterConfiguration, and implements
aliasing calculations.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2092103004
Cr-Commit-Position: refs/heads/master@{#37437}

BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/52a43518abe9143a14ded92a89bd3384a47e9193
Review-Url: https://codereview.chromium.org/2113583002
Cr-Original-Commit-Position: refs/heads/master@{#37431}
Cr-Commit-Position: refs/heads/master@{#37436}

R=jgruber@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2111793002
Cr-Commit-Position: refs/heads/master@{#37435}

Revert of [gn] Switch custom snapsot bot to gn (patchset #2 id:20001 of https://codereview.chromium.org/2113583002/ )

Reason for revert:
Breaks...

Original issue's description:
> [gn] Switch custom snapsot bot to gn
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/52a43518abe9143a14ded92a89bd3384a47e9193
> Cr-Commit-Position: refs/heads/master@{#37431}

TBR=yangguo@chromium.org,vogelheim@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2107423003
Cr-Commit-Position: refs/heads/master@{#37434}

Like the other Math builtins, Math.abs() is now a TurboFan builtin.
It uses RawMachineAssembler::Float64Abs().

R=bmeurer@chromium.org
BUG=v8:5163, v8:5086
LOG=N

Review-Url: https://codereview.chromium.org/2115493002
Cr-Commit-Position: refs/heads/master@{#37433}

These are no longer used, except in tests that test these intrinsics.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2114613002
Cr-Commit-Position: refs/heads/master@{#37432}

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2113583002
Cr-Commit-Position: refs/heads/master@{#37431}

This stores the wasm object and the function index in the script, and
adds functions to get the disassembled wasm code as well as the offset
table mapping from byte position to line and column in the disassembly
solely from the script.
This will be used to show "ui source code" in DevTools, and map raw
locations from the stack trace into this code view.

R=yangguo@chromium.org, ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110

patch from issue 2063013004 at patchset 80001 (http://crrev.com/2063013004#ps80001)

Review-Url: https://codereview.chromium.org/2105303002
Cr-Commit-Position: refs/heads/master@{#37430}

Converts FastNewClosureStub from a Hydrogen to a TurboFan code stub.
The plan is to start using this in the Interpreter CreateClosure
bytecode handler (in a follow-up CL).

BUG=v8:4280

Review-Url: https://codereview.chromium.org/2100883003
Cr-Commit-Position: refs/heads/master@{#37429}

R=yangguo@chromium.org,ahaas@chromium.org
BUG=chromium:624713
LOG=Y

Review-Url: https://codereview.chromium.org/2111843002
Cr-Commit-Position: refs/heads/master@{#37428}

NOTRY=true
TBR=neis@chromium.org

Review-Url: https://codereview.chromium.org/2104143004
Cr-Commit-Position: refs/heads/master@{#37427}

R=mstarzinger@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2109773004
Cr-Commit-Position: refs/heads/master@{#37426}

BUG=chromium:474921

Committed: https://crrev.com/3cfc9f209ed0c173319659114859b7e848812fd7
Review-Url: https://codereview.chromium.org/2105353002
Cr-Original-Commit-Position: refs/heads/master@{#37414}
Cr-Commit-Position: refs/heads/master@{#37425}