Bug: v8:6917
Change-Id: I3ba4ca3df8bac400c248fa16c58fcba3497da806
Reviewed-on: https://chromium-review.googlesource.com/881167
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50871}

This is a reland of 4de2be99.

Original change's description:
> [test] Move timeout control to timeout processor
> 
> Bug: v8:6917
> Change-Id: I03be38be952f0d59eb20fa98102ef09ca795de40
> Reviewed-on: https://chromium-review.googlesource.com/883446
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50848}

Bug: v8:6917
Change-Id: I52798af84991d4815910e9da5f4837329cdb3c96
Reviewed-on: https://chromium-review.googlesource.com/885765Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50870}

This is somewhat of a revival of what used to be
UnseededNumberDictionary. The difference to NumberDictionary is that
each entry only has two fields (no field for property details) and there
is no header field for a bitfield.

The reason for this change is memory regression introduced when we
removed UnseededNumberDictionary (6e1c57ea). We now use
SimpleNumberDictionary for
- slow template instantiation cache
- code stubs table
- value serializer map
- stack frame cache
- type profile source positions

R=ishell@chromium.org, ulan@chromium.org

Bug: chromium:783695
Change-Id: I3cd32e485060bb379fb2279eeefbbbded7455f0e
Reviewed-on: https://chromium-review.googlesource.com/885811Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50869}

Also refactor the implementation of i32.eqz such that the same
platform-specific code can be reused.
As a next step, it should be straight-forward to add other i32
comparison operations.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I4e8768d4ceb7294ba35777b7777ddd69d1a58cf1
Reviewed-on: https://chromium-review.googlesource.com/877889
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50868}

- Introduce new helper IsFastJSArrayWithNoCustomIteration.
  - Consolidates all entry array checks...
    - Is a fast array (defers to BranchIfFastJSArray)
    - No possibility that the Array's iteration protocol has been tampered with
- Introduce new BoolT constant helpers Int32TrueConstant and Int32FalseConstant.

Bug: chromium:804176, chromium:804188
Change-Id: I6b08396484682dc680b431ea564a7a28eeab8108
Reviewed-on: https://chromium-review.googlesource.com/883065
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50867}

TBR=sergiyb@chromium.org

Bug: v8:7343
Change-Id: I24ec4d9a58596cca22ca34a48b5a7297ed24b132
Reviewed-on: https://chromium-review.googlesource.com/886341Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50866}

No-try: true
Bug: v8:7266
Change-Id: I89f54feafbd4e2a6021c3bd8e339b00ed39fc3b9
Reviewed-on: https://chromium-review.googlesource.com/883883Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50865}

Array.p.reduce[Right] did not correctly treat holey arrays
when dealing with mixed holey/non-holey receiver maps.

Bug: chromium:804956
Change-Id: Ic22f64a1beeb93005809948299cde1f1d21a0f19
Reviewed-on: https://chromium-review.googlesource.com/883241Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50864}

In addition I added some comments in the update script which describes
steps which have to be takes the first time you run the script on a
new machine.

R=titzer@chromium.org

Change-Id: Ib360e6fcdcb63eaf225f398eff60041b48f86b62
Reviewed-on: https://chromium-review.googlesource.com/883344Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50863}

We cannot handle i64 values yet, so bail out if an indirect call
returns i64. The same bailout already exists for direct calls.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I3ddf44a913ee79b5610862e3a93059c6d37a280c
Reviewed-on: https://chromium-review.googlesource.com/885813Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50862}

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0ecc0af1668f5036bb591e8236d9a28fba61cea5
Reviewed-on: https://chromium-review.googlesource.com/881782
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50861}

This reverts commit 181ac2b0.

Reason for revert: TF changes break load elimination.

Original change's description:
> [ic] Improve performance of KeyedStoreIC on literal-based arrays.
> 
> In mode STORE_AND_GROW_NO_TRANSITION, the handler for elements stores
> used to bail out when seeing a COW array, even if the store that
> installed the handler had been operating on the very same array.
> 
> This CL adds support for COW arrays to the mode (and renames it to
> STORE_AND_GROW_NO_TRANSITION_HANDLE_COW).
> 
> Bug: v8:7334
> Change-Id: I6a15e8c1ff8d4ad4d5b8fc447745dce5d146c67c
> Reviewed-on: https://chromium-review.googlesource.com/876014
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50840}

TBR=neis@chromium.org,ishell@chromium.org,bmeurer@chromium.org

Change-Id: Id841d91b12d199045e0a9c4ddae2c2ead20b5e21
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7334
Reviewed-on: https://chromium-review.googlesource.com/885814Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50860}

R=machenbach@chromium.org

Bug: v8:7341
Change-Id: I8ab5cadbff2428f43ee1f240c58c53f14c2a8df3
Reviewed-on: https://chromium-review.googlesource.com/883201
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50859}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6f1e572..3e3eeac

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/296e7c3..e99797e

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: If632b39f9f0a9b7ce511b367f04f6b281cfe73df
Reviewed-on: https://chromium-review.googlesource.com/885721Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50858}

Bug: v8:6020
Change-Id: I056eb376bddfefad9f509808a6c71f5ce1769402
Reviewed-on: https://chromium-review.googlesource.com/877327
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50857}

Refactor the PromiseHandle builtin and move the separate debug checks
into the PromiseHookBefore and PromiseHookAfter runtime calls, so they
are performed only when we've already hit the slow-path.

Bug: v8:7253
Change-Id: I01ab8592a474b6897280734b995cab0b90a5e010
Reviewed-on: https://chromium-review.googlesource.com/884583Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50856}

Do not start a new step when an existing step is in progress. We may
have partially updated information as part of the current step, and the
next step will assume consistency. A new step will be started once the
current in-progress step completes.

BUG=v8:7313

Change-Id: I4c0c47c4f4b5f8b9139be24408440189679b38dc
Reviewed-on: https://chromium-review.googlesource.com/882507Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50855}

This is a reland of 4de2be99.

Original change's description:
> [test] Move timeout control to timeout processor
>
> Bug: v8:6917
> Change-Id: I03be38be952f0d59eb20fa98102ef09ca795de40
> Reviewed-on: https://chromium-review.googlesource.com/883446
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50848}

Bug: v8:6917
Change-Id: I7c83bf1cb8965a149b06c1dbc138b5d097f5275d
Reviewed-on: https://chromium-review.googlesource.com/883284Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50854}

When moving arguments for calls into the right registers and stack
slots, we were sometimes overwriting stack slots which would still be
used later to load arguments from. This is because we popped the (wasm)
value stack before executing the register moves, hence the stack
transfer would think the values are not being used any more and reuse
the stack slots.
With this CL, we only pop the arguments from the stack after executing
the stack transfer.

R=ahaas@chromium.org

Bug: v8:7366, v8:6600
Change-Id: I3aa5126c82634fd281959075e91e73465c39abaa
Reviewed-on: https://chromium-review.googlesource.com/883802
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50853}

R=machenbach@chromium.org

Bug: chromium:616879
Change-Id: Ice9927dd4bbaf72141c6693e4afaf57a362f515b
Reviewed-on: https://chromium-review.googlesource.com/884281Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50852}

This reverts commit 4de2be99.

Reason for revert: Testing stops too early now, e.g. here after 2 min:
https://build.chromium.org/p/client.v8.clusterfuzz/builders/V8%20NumFuzz/builds/32

Original change's description:
> [test] Move timeout control to timeout processor
> 
> Bug: v8:6917
> Change-Id: I03be38be952f0d59eb20fa98102ef09ca795de40
> Reviewed-on: https://chromium-review.googlesource.com/883446
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50848}

TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com

Change-Id: I6a925866476c69b3b50aa08e99facca0eaaa396b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6917
Reviewed-on: https://chromium-review.googlesource.com/884082Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50851}

This is a reland of fffa4555.

The win asan bots use win10 now which should fix the problems.

Original change's description:
> [build] Prepare switching win asan to 64 bits
>
> This switches the current win32 bots to win32 under the hood in MB. We'll
> remove them and replace them with win64 bots in a follow up on the infra
> side.
>
> This also infers the clang option from asan, because on windows we need
> to set clang explicitly.
>
> TBR=sergiyb@chromium.org
>
> Bug: chromium:786303
> Change-Id: I9dddd5050a21a364c302a761ff15ddd21e97c7dc
> Reviewed-on: https://chromium-review.googlesource.com/883103
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50828}

TBR=sergiyb@chromium.org

Bug: chromium:786303
Change-Id: Ie344a7b6b16f575a061d13b5c3792fc9bd862734
Reviewed-on: https://chromium-review.googlesource.com/883522Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50850}

This adds a new operator JSCreatePromise, which currently allocates
a native JSPromise instance and initializes it to pending state.

In addition to that we introduce a new PromiseHookProtector, which
get's invalidated the first time someone enables the debugger or
installs a PromiseHook (via async_hooks for example). As long as
the protector is intact we lower AsyncFunctionPromiseCreate to
JSCreatePromise and AsyncFunctionPromiseRelease to a no-op in
optimized code.

This yields a speedup of roughly 33% on the benchmark mentioned
in the bug.

Bug: v8:7271, v8:7253
Change-Id: Ib5d219f2b6e052a7cc5e6ed5aa66dd3c8885a859
Reviewed-on: https://chromium-review.googlesource.com/883124
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50849}

Bug: v8:6917
Change-Id: I03be38be952f0d59eb20fa98102ef09ca795de40
Reviewed-on: https://chromium-review.googlesource.com/883446
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50848}

When executing register moves, we might need to spill registers to the
stack. Ensure that we don't exceed the reserved stack space for the
current frame.

R=ahaas@chromium.org

Bug: v8:7366, v8:6600
Change-Id: Ic11ff2ff5f46535c3663ef4cf62b095f6c8ba637
Reviewed-on: https://chromium-review.googlesource.com/883282
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50847}

Bug: v8:7178
Change-Id: Ib86942acff8419699d739c6fb28479613b04e745
Reviewed-on: https://chromium-review.googlesource.com/878179
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50846}

The SwitchOnGeneratorState bytecode now also falls through if the
generator object is undefined (so that we don't need that jump) and
restores generator context (so that we don't need that PushContext).
This saves 10 bytes per generator.

Change-Id: Ie0872c827119b9f1d1e9244d3be6496a30cd9620
Reviewed-on: https://chromium-review.googlesource.com/867051
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50845}

The CompilationUnitBuilder of the StreamingProcessor is cleared when an
error occurs in the streaming decoder. The clearing of the
CompilationUnitBuilder was guarded by the existence of the
ModuleCompiler, because this ModuleCompiler and the
CompilationUnitBuilder are created together. However, the
CompilationUnitBuilder is reset when the next section after the code
section is processed, whereas the ModuleCompiler exists until the end of
the AsyncCompileJob. With this CL the clearing of the
CompilationUnitBuilder is also guarded by its own existence.

R=clemensh@chromium.org

Bug: chromium:805346
Change-Id: I0e9e9eaff9239fadb21c0f17990da61cbfaa6856
Reviewed-on: https://chromium-review.googlesource.com/883527
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50844}

When reserving stack space by decrementing rsp/esp, we were ignoring
the constant size needed for the stack marker and the wasm context.
Later, we were using that space anyway, which can lead to errors if e.g.
interrupt handlers kick in and use that space below rsp/esp.

R=ahaas@chromium.org

Bug: v8:7366, v8:6600
Change-Id: I2f49ef5785d33e98c29c5cf4fe7624a02e8c7628
Reviewed-on: https://chromium-review.googlesource.com/883881Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50843}

Instead of collecting eagerly compilable inner function literals (IIFEs
etc.) during AST numbering, collect them during bytecode generation,
exposing them on the CompilationJob.

Bug: v8:7178
Change-Id: I47451f412d2796e5857b4bc38c4f29c80cb0745d
Reviewed-on: https://chromium-review.googlesource.com/873872
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50842}

It is analogous to Template::SetLazyDataProperty, but for a single
existing object. Similar to how SetNativeDataProperty exists on both.

Bug: v8:7303
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I634358ee455e28150198bd87a2bd79dc59e3e449
Reviewed-on: https://chromium-review.googlesource.com/867474Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jeremy Roman <jbroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50841}

In mode STORE_AND_GROW_NO_TRANSITION, the handler for elements stores
used to bail out when seeing a COW array, even if the store that
installed the handler had been operating on the very same array.

This CL adds support for COW arrays to the mode (and renames it to
STORE_AND_GROW_NO_TRANSITION_HANDLE_COW).

Bug: v8:7334
Change-Id: I6a15e8c1ff8d4ad4d5b8fc447745dce5d146c67c
Reviewed-on: https://chromium-review.googlesource.com/876014
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50840}

R=machenbach@chromium.org

Bug: chromium:616879
Change-Id: I168ec7d3dbd1a9e9c6006919bf59de1d8b40ab3b
Reviewed-on: https://chromium-review.googlesource.com/881483Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50839}

R=hablich@chromium.org
BUG=v8:6792,v8:7272,chromium:793428

Change-Id: Idcb3d8c5193ce943dc67e2275b89603563f131ca
Reviewed-on: https://chromium-review.googlesource.com/883509Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50838}

FixedArrays hanging off recursively of the constant pool without any
real objects in between can be considered as meta data. They are shared
with optimized code (embedder pointers).

Bug: v8:7266
Change-Id: I4006675e17e8eea3bdc8565254d80e2ffece0ad0
Reviewed-on: https://chromium-review.googlesource.com/883361Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50837}

R=clemensh@chromium.org
BUG=chromium:801878

Change-Id: I32a3cf3a63dfe073a06066f1db2fb32eb739f153
Reviewed-on: https://chromium-review.googlesource.com/883367Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50836}

This reverts commit 25ecc45f.

Reason for revert: Two issues discovered with W^X in V8's 6.5 branch (see v8:7272 and chromium:793428). Still need a way to disable the feature.

Original change's description:
> [heap] Remove --write-protect-code-memory feature flag.
> 
> R=​hpayer@chromium.org
> BUG=v8:6792
> 
> Change-Id: Id3413994de603dac1b7501c6fe376cdac1f9d7ce
> Reviewed-on: https://chromium-review.googlesource.com/866851
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50759}

TBR=mstarzinger@chromium.org,hpayer@chromium.org,hablich@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6792
Change-Id: Ie0d4409b36f22c97a6777e512618beafdef8c2f4
Reviewed-on: https://chromium-review.googlesource.com/883502Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50835}

This reverts commit bf19e60c.

Reason for revert: Two issues discovered with W^X in V8's 6.5 branch (see v8:7272 and chromium:793428). Still need a way to disable the feature.

Original change's description:
> [platform] Remove {PageAllocator::kReadWriteExecute}.
> 
> Now that write-protection of code memory is enabled everywhere and V8 is
> fully W^X compliant, we can remove the permission mode in question.
> 
> R=​hpayer@chromium.org
> BUG=v8:6792
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I80fe95ac6bb0e2d1ad6d993154ce45d492d941be
> Reviewed-on: https://chromium-review.googlesource.com/866855
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50770}

TBR=bbudge@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6792
Change-Id: If4a205497ac83084a4092560363affb13b391462
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/883461Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50834}

This reverts commit e02f5611.

Reason for revert: Regresses compile time: chromium:803840

Original change's description:
> [turbofan] trim effect chain nodes when they have no side-effect
>
> Bug:
> Change-Id: Ic1b6dc6fcd8bfc4f0c3dbb101a38106aa3596a12
> Reviewed-on: https://chromium-review.googlesource.com/863886
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50588}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: I631840ca3b79272108d5696e6dc68d671774e35c
Bug: 
Reviewed-on: https://chromium-review.googlesource.com/883521
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50833}

Add effect input and output to String.p.char[Code]At/codePointAt.
This is necessary to fix an hard to reproduce bug, a repro for
which is included. However, the only way to get the repro
included in this CL to fail is to run it with the patch of

  873382:
  [turbofan] Speculate on bounds checks for String#char[Code]At

but WITHOUT this patch. This fixes a scheduling problem triggered
by 873382 that caused a bounds check to get scheduled after the
associated access.

Bug: v8:7326
Change-Id: I4b97c1726caac92ff8f74c23df2788f0ecfb1304
Reviewed-on: https://chromium-review.googlesource.com/881781Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50832}