Add a method to emit abort for code which should
not be reachable.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2002833005
Cr-Commit-Position: refs/heads/master@{#36438}

Track based on JSArrayBuffer addresses instead of the attached backing store.
This way we can later on iterate buffers on a single page. The reland also
switches to a page-based implementation where a page contains the set of its
contained (live and dead) buffers.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/1964023002
Cr-Commit-Position: refs/heads/master@{#36437}

This makes escape analysis skip analyzing the code entry field within
JSFunction objects. Said field is an untagged pointer field and hence
cannot be tracked by an ObjectState node.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-613494
BUG=chromium:613494

Review-Url: https://codereview.chromium.org/1997353002
Cr-Commit-Position: refs/heads/master@{#36436}

This is a pure refactoring.

R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2002933002
Cr-Commit-Position: refs/heads/master@{#36435}

This fixes a syntax error in plot-timer-events script.

Before:
  $ out/x64.release/d8 --prof --log-timer-events script.js
  $ tools/plot-timer-events v8.log
  tools/plot-timer-events: 75: tools/plot-timer-events: options+=1343: not found
  --distortion=
  Cmdline args: [options] [log-file-name]
  Default log file name is "v8.log".
    ...

After:
  $ out/x64.release/d8 --prof --log-timer-events script.js
  $ tools/plot-timer-events v8.log
  $ ls timer-events.png
  timer-events.png

BUG=

Review-Url: https://codereview.chromium.org/1961873002
Cr-Commit-Position: refs/heads/master@{#36434}

R=mstarzinger@chromium.org
BUG=chromium:613570

Review-Url: https://codereview.chromium.org/1997003002
Cr-Commit-Position: refs/heads/master@{#36433}

This fixes the Python include path after the GYP files have been
relocated into another directory. It only affects 'make native', other
targets have been fixed in previous changes already.

R=jkummerow@chromium.org

Review-Url: https://codereview.chromium.org/2001053003
Cr-Commit-Position: refs/heads/master@{#36432}

R=ulan@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2003553002
Cr-Commit-Position: refs/heads/master@{#36431}

... but hit the runtime assert instead.
|
| Runtime error in ../src/runtime/runtime-internal.cc, line 409
|
| call_site.IsJavaScript() || call_site.IsWasm()
|

BUG=chromium:613905
LOG=N

Review-Url: https://codereview.chromium.org/2006603002
Cr-Commit-Position: refs/heads/master@{#36430}

Port for https://codereview.chromium.org/1409123003

In function Fast_ArrayConcat is added comparation between result_len and
FixedDoubleArray::kMaxLength. This change enables successful execution
of the test regress-599414-array-concat-fast-path.

Original commit message:
  [runtime] Avoid @@isConcatSpreadable lookup for fast path Array.prototype.concat

  Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
  set on the Array.prototype or Object.prototype the current fast paths fail.
  This CL adds a fix to globally invalidate a isConcatSpreadable_protector.

  Drive-by-fix: use named accessors for context variables

TEST=mjsunit/regress/regress-599414-array-concat-fast-path
BUG=

Review-Url: https://codereview.chromium.org/1995313002
Cr-Commit-Position: refs/heads/master@{#36429}

Address computation on 64-bit platforms must be done in Word64, mixing
Word32 here is unsound.

TBR=danno@chromium.org

Review-Url: https://codereview.chromium.org/1997223002
Cr-Commit-Position: refs/heads/master@{#36428}

The previous JavaScript version created way too many ConsStrings for
longer strings, i.e. when using String.fromCharCode together with
Function.prototype.apply and arrays of char codes.

This version now always allocates sequential strings and therefore uses
way less memory when turning longer character sequences into strings,
and therefore fixes the memory regression on Google Maps.

BUG=chromium:609831
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2004733002
Cr-Commit-Position: refs/heads/master@{#36427}

This patch changes the disassembly output for ARM64 when tracing
compiled code. We used to omit printing the encoding as opposed to what
ARM and X64 do. The new turbolizer tool assumes the encoding is printed
and gets confused otherwise.

This could have been fixed in the tool instead but making disassembly
output consistent across architecture seems like a better solution.

BUG=

Review-Url: https://codereview.chromium.org/1996983003
Cr-Commit-Position: refs/heads/master@{#36426}

BUG=chromium:613796
LOG=N

Review-Url: https://codereview.chromium.org/2002813002
Cr-Commit-Position: refs/heads/master@{#36425}

Rolling v8/build to 298aeabfe2aa544f7be8cab05a133428bca7dea3

Rolling v8/third_party/icu to 54f86bb1d1d02968576d21c16d7134ec35c30fbc

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2005633002
Cr-Commit-Position: refs/heads/master@{#36424}

This unifies the calculation of virtual offsets within the escape
analysis pass to go through common helpers. It also switches to safer
accessors for getting FieldAccess and ElementAccess parameters.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2000733002
Cr-Commit-Position: refs/heads/master@{#36423}

combination of LoadByte/Shift/Or and StoreByte/Shift/And.

BUG=

Review-Url: https://codereview.chromium.org/1928513002
Cr-Commit-Position: refs/heads/master@{#36422}

R=rmcilroy@chromium.org
BUG=v8:4907,v8:5027

Review-Url: https://codereview.chromium.org/1995303002
Cr-Commit-Position: refs/heads/master@{#36421}

In case of calling 'toLocaleString', 'toLocaleTimeString' and
'toLocaleDateString' functions of 'Date' with empty 'locales' and
'options', DateTimeFormat is cached inside 'defaultObjects'.
If we change the timezone the cache is not invalidated.

BUG=v8:5022
TEST=cctest:DateCacheVersion. See the bug
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_noi18n_rel_ng

Review-Url: https://codereview.chromium.org/1985423003
Cr-Commit-Position: refs/heads/master@{#36420}

Review-Url: https://codereview.chromium.org/1996373002
Cr-Commit-Position: refs/heads/master@{#36419}

Rather than bake foreign globals into the module
at compile time, add a __foreign_init__ function that can be called
after instantiation with foreign values gathers using keys
in a separately generated FixedArray.

This is an incremental step towards being able to enable asm->wasm
on for general traffic, behind a flag.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=asm-wasm
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review-Url: https://codereview.chromium.org/1999523002
Cr-Commit-Position: refs/heads/master@{#36418}

Crankshaft shouldn't try to inline functions it knows it can't handle.

BUG=v8:5033

Review-Url: https://codereview.chromium.org/2000703002
Cr-Commit-Position: refs/heads/master@{#36417}

R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/1996333002
Cr-Commit-Position: refs/heads/master@{#36416}

At the moment the code assumes C-function returns the address of the
struct with the values. Unfortunately, the arm ABI does not guarantee that.
After this CL, we do not assume that, and instead just take the value from the stack.

BUG=chromium:611885
LOG=n

Review-Url: https://codereview.chromium.org/2000713002
Cr-Commit-Position: refs/heads/master@{#36415}

Revert of [keys] Don't omit write barrier after std::sort (patchset #2 id:20001 of https://codereview.chromium.org/1991173002/ )

Reason for revert:
This array only contains Smis, see its only store site five lines above:

array->set(array_size++, Smi::FromInt(i));

If you want to improve something here, use a C++ array instead of a FixedArray. There's no reason to have this short-lived list on the V8 heap.

Original issue's description:
> [keys] Don't omit write barrier after std::sort
>
> BUG=
>
> Committed: https://crrev.com/681ac8979e820d147380b5fdb2aae773e22f1302
> Cr-Commit-Position: refs/heads/master@{#36412}

TBR=mlippautz@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/1996963002
Cr-Commit-Position: refs/heads/master@{#36414}

Revert of [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators. (patchset #1 id:1 of https://codereview.chromium.org/1968453002/ )

Reason for revert:
Breaks a KCS demo:

BUG=chromium:611976

Original issue's description:
> [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators.
>
> Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
>
> Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
>
> Committed: https://crrev.com/2da70f853d7f680d491c37c72d5ef04a85497ba9
> Cr-Commit-Position: refs/heads/master@{#36136}

TBR=bmeurer@chromium.org,epertoso@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/1995303003
Cr-Commit-Position: refs/heads/master@{#36413}

BUG=

Review-Url: https://codereview.chromium.org/1991173002
Cr-Commit-Position: refs/heads/master@{#36412}

BUG=chromium:613518
LOG=n

Review-Url: https://codereview.chromium.org/1999743002
Cr-Commit-Position: refs/heads/master@{#36411}

- Move usable functions into proper heap-utils.h/.cc files and remove
  utils-inl.h file
- Fix assumptions accross the board relying on certain behavior that is not
  invariant

This is a requirement for modifying page size.

BUG=chromium:581412
LOG=N
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/1999753002
Cr-Commit-Position: refs/heads/master@{#36410}

R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/1994183002
Cr-Commit-Position: refs/heads/master@{#36409}

In VisitArrayLiteral(), we stopped creating boilerplates during
 compilation. This created a bug, because we'd emit an HStoreKeyed with an
 ElementsKind based on the initial elements kind of the boilerplate. Since
 boilerplates may transition as part of elements transition feedback, this can
 lead to incorrect values (storing a smi in a double array).

BUG=chromium:606021

Review-Url: https://codereview.chromium.org/2000673002
Cr-Commit-Position: refs/heads/master@{#36408}

Instead of dynamically creating semaphore for each page parallel job,
we create one semaphore for MarkCompact and reuse it.

This patch also removes all instrumentation code that was added to
help with investigation.

BUG=chromium:609249
LOG=NO

Review-Url: https://codereview.chromium.org/1998213002
Cr-Commit-Position: refs/heads/master@{#36407}

Review-Url: https://codereview.chromium.org/2003513002
Cr-Commit-Position: refs/heads/master@{#36406}

BUG=v8:4483
R=littledan@chromium.org, hpayer@chromium.org, mstarzinger@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/1992093003
Cr-Commit-Position: refs/heads/master@{#36405}

For now we treat simplified ObjectIsFoo operators as escaping uses when
it comes to escape analysis. Eventually we want to handle them in the
associated reducer, just like we do with ObjectIsSmi.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2002573002
Cr-Commit-Position: refs/heads/master@{#36404}

Revert of Refactor script position calculation (patchset #3 id:40001 of https://codereview.chromium.org/2003483002/ )

Reason for revert:
Crashes gc stress with custom snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/5763

Original issue's description:
> Refactor script position calculation
>
> Script position calculation logic (i.e. line & column numbers for a
> given code position) is now based on a single method
> Script::GetPositionInfo(). Refactored related code in isolate.cc and
> js/messages.js to use the new method. The line_ends accessor is still
> in use by chromium and thus cannot be removed yet.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/2f3879d54633c4076d38e9fc85b6e2e157c61548
> Cr-Commit-Position: refs/heads/master@{#36398}

TBR=yangguo@chromium.org,jgruber@chromium.org,jgruber@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/1995323002
Cr-Commit-Position: refs/heads/master@{#36403}

 - Lane indices are no longer required to be integers. Add index coersion for loads/stores
 - Give shift operators masking shift count semantics
 - Throw type/range errors instead of runtime asserts.

BUG=v8:4963
LOG=N

R=bbudge@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1965443003
Cr-Commit-Position: refs/heads/master@{#36402}

Also change parser to insert %_GeneratorClose instead of %GeneratorClose.
Full-codegen generators will fall back to the runtime function.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/1993073003
Cr-Commit-Position: refs/heads/master@{#36401}

This adds support to materialize JSFunction objects from deoptimization
information. By now we need to support this because TurboFan's escape
analysis can produce virtual (i.e. non-escaping) closures.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1998143002
Cr-Commit-Position: refs/heads/master@{#36400}

NOTRY=true
TBR=mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/1996923002
Cr-Commit-Position: refs/heads/master@{#36399}