Fixing a few float and int overflows.
Drive-by fix: with --experimental-wasm-bigint, Number values
may not be used to initialize i64-typed globals. The existing
code for doing that relied on UB; since it's a spec violation
the fix is to throw instead.

No regression test for 933103 because it will OOM anyway.
No regression test for 932896 because it would be extremely slow.

Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60075}

... and fix header includes to please the respective bot.

Drive-by-fix: decompression implementation is now MSVC friendly.

Bug: v8:7703, v8:8834
Change-Id: Iaf589138e5bafb32b0d9feab5cf074b71f241a3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505579
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60074}

ReduceJSHasProperty was always passing STANDARD_LOAD instead of using the load mode from
the feedback verctor. This was causing deopt loops when checking for out-of-bounds
indices.

chromium: 937734
Change-Id: I6de29f2c6a80bcc171cf027d47a2d1af1414b76c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501975Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60073}

...mainly by giving a more precise type to global_proxy getters.

Change-Id: If4aef6b25baa2c641a45b177c59690e3ebfc3985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505578
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60072}

This is a reland of 80f06d6f

Original change's description:
> [wasm] Lazy update instances on a shared Memory.Grow
> 
>  - Introduce a GROW_SHARED_MEMORY interrupt, and handler
>  - Memory objects for isolates are updated on a stack check, add
>    tracking for isolates that hit the stack check
>  - When enough memory is not reserved ahead of time, fail to grow
>  - Add tracking for externalized buffers in the MemoryTracker so
>    that the MemoryTracker will know when backing_stores can be freed.
>  - For shared buffer, do not always allocate a new buffer when
>    growing an externalized buffer
> 
> 
> Change-Id: I9cf1be19f2f165fa6ea4096869f7d6365304c8c4
> Bug: v8:8564
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1472430
> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60064}

Bug: v8:8564
Change-Id: Id0cf8e42a9d54ac702dba351e248a1b92713c98a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506357Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60071}

JSRegExp, JSRegExpResult, JSRegExpStringIterator, AccessorInfo, AccessorPair, BreakPoint, BreakPointInfo

Change-Id: I51c557af543d2169dfc5da8bf5105a9eb03ff711

Bug: v8:8952
Change-Id: I51c557af543d2169dfc5da8bf5105a9eb03ff711
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499696
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60070}

This fixes a corner case during young generation evacuation:
1) Sweeping is in progress, but all pages are swept.
2) The main thread has acquired all swept pages.
3) A compaction space cannot get any swept page and has to allocate a
   new page.

This reduces memory usage of ArrayLiteralInitialSpreadLargeDoubleHoley
microbenchmark by 2x.

Bug: chromium:934453
Change-Id: I146d22a408910ae89adbfbac5822448952f5f0c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505798Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60069}

This reverts commit 80f06d6f.

Reason for revert: failing grow-memory tests

Original change's description:
> [wasm] Lazy update instances on a shared Memory.Grow
> 
>  - Introduce a GROW_SHARED_MEMORY interrupt, and handler
>  - Memory objects for isolates are updated on a stack check, add
>    tracking for isolates that hit the stack check
>  - When enough memory is not reserved ahead of time, fail to grow
>  - Add tracking for externalized buffers in the MemoryTracker so
>    that the MemoryTracker will know when backing_stores can be freed.
>  - For shared buffer, do not always allocate a new buffer when
>    growing an externalized buffer
> 
> 
> Change-Id: I9cf1be19f2f165fa6ea4096869f7d6365304c8c4
> Bug: v8:8564
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1472430
> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60064}

TBR=binji@chromium.org,titzer@chromium.org,gdeepti@chromium.org,ahaas@chromium.org

Change-Id: I2ed0b59bcbb285b701172b401d606963261d375c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506355Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60068}

This fixes a bug in the offset computation when instantiating the
decoder to decode a VarInt32.
It also extends the streaming decoder test to check the error location.

R=ahaas@chromium.org

Bug: v8:8814
Change-Id: Id8ce31ce7e494cce14231febbb5b0c7d91a26e01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505453Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60067}

R=ulan@chromium.org

Bug: chromium:936713
Change-Id: If3361023fa6fecfc070028ef505ca1ab1ec1d568
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505800Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60066}

Callbacks can be called and deleted from any thread, so they need to be
protected by a mutex. The deleted comment in {NotifyOnEvent} is
outdated.
Use a separate mutex such that callbacks can call back into the
NativeModule or CompilationState without deadlocking.

R=ahaas@chromium.org

Bug: v8:8904, v8:8689
Change-Id: If28a1f5682894518453b216c3ea152e5d6d8afdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505457Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60065}

 - Introduce a GROW_SHARED_MEMORY interrupt, and handler
 - Memory objects for isolates are updated on a stack check, add
   tracking for isolates that hit the stack check
 - When enough memory is not reserved ahead of time, fail to grow
 - Add tracking for externalized buffers in the MemoryTracker so
   that the MemoryTracker will know when backing_stores can be freed.
 - For shared buffer, do not always allocate a new buffer when
   growing an externalized buffer


Change-Id: I9cf1be19f2f165fa6ea4096869f7d6365304c8c4
Bug: v8:8564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1472430
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60064}

Followup to https://chromium-review.googlesource.com/c/v8/v8/+/1487491.

Change-Id: I44deb28ef5c8638236b04849921359cc7285c10f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505576Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60063}

Causes flakyness in TSAN runs when flag is written by EnforceFlagImplications
and read by ConcurrentMarking.

BUG=v8:8924

Change-Id: I2b0bf0fbb678e03492d7ed13e48657de9316b700
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505796
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60062}

This CL builds on top of feedback preprocessing. It brokerizes
all parts of element access reduction and disallows heap access there
(except for debug tracing).

To make this work without breaking tests (when concurrent inlining is
enabled):
- We don't inline functions that weren't serialized for compilation.
- We don't optimize for constant typed-array receivers when the typed
  array wasn't serialized.

This means that from now on --concurrent-inlining (and thus --future)
may result in less optimization than the default configuration.

Bug: v8:7790
Change-Id: I22685258b7d841fc9183bf99775d3f09cd272927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495556
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60061}

When VTune JIT support is enabled, the WasmEngine of an Isolate tries to
enable code logging by EnableCodeLogging() method. This multithreaded
method requires a Mutex for safety. However, as the WasmEngine is not
created, the Mutex of it is not initialized. An attempt of acquiring
this Mutex results in an error. The bug is fixed by creating WasmEngine
before it enables code logging.

Change-Id: I59e749190288ec412f6661233e8f62b0dff3cd7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1337376Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60060}

... when the latter is not already available.

Bug: v8:8834
Change-Id: Ib45b0e04c35a797e2d36a96b891ff1f82d4de02c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505574Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60059}

Change-Id: I8e353e6ae46b16abfe2812af88b6718250854e29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503562Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60058}

This piggy-backs off similar support for lite mode, which silently skips
tests that require optimization in lite (and now jitless) modes.

Bug: v8:7777,v8:8778, v8:8885
Change-Id: I666d92685ca71682224028743f02d0cce3723135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503758
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60057}

... when pointer compression is enabled and some number of cleanups.

Bug: v8:7703
Change-Id: If7344abf68a1c4d54e4a79d066dc185f25055d7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477737
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60056}

R=ulan@chromium.org

Change-Id: Ib2caeeeb9877f853848b4014a8088ee447d1705a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503765Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60055}

Yu Yin is working for company that is willing to maintain MIPS ports
therefore I am transferring ownership to Yu Yin.

No-Presubmit: true
TBR=mstarzinger@chromium.org
NOTRY=true

Change-Id: Ibb534165a1a67ad65a58ea85f5885a70b59302be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505454Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Predrag Rudic <prudic@wavecomp.com>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#60054}

This reverts commit 43b92772.

Reason for revert: Breaks Mac build, see https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20ASAN/22200

Particular cause: https://chromium.googlesource.com/chromium/src/build/+/7b62c8979c4963f8f0fa8ec33391793bd9d73f28

Original change's description:
> Update V8 DEPS.
> 
> Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/80892bf..983d3df
> 
> Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cf661ac..7e68767
> 
> TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org
> 
> Change-Id: I6f335b8628338d94558309b5bc06725f9d20ea8b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1504781
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#60050}

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com

Change-Id: I6ca9cf4d0f7051979f59c4a72f2a46ad67331b21
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505812Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60053}

Unicode v12 was released today:
https://unicode.org/versions/Unicode12.0.0/

This patch updates the following sequence property escapes per
Unicode 12:

- Emoji_Flag_Sequence (no changes)
- Emoji_Keycap_Sequence (no changes)
- Emoji_Tag_Sequence (no changes)
- Emoji_ZWJ_Sequence

Note that Emoji_Modifier_Sequence is still using Unicode 11 data. This
will be fixed automatically once a version of ICU with Unicode 12 support
rolls into V8, at which point I'll update the relevant tests.

Bug: v8:7467
Change-Id: Iba575a471382ba7b029da06c2868c368ff43c649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503764Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60052}

Bug: chromium:938251
Change-Id: I336765c894cc78ca822904a32356db43feadea07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505312Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60051}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/80892bf..983d3df

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cf661ac..7e68767

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I6f335b8628338d94558309b5bc06725f9d20ea8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1504781Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60050}

Port https://crrev.com/c/1469821

Original Commit Message:

    Refactor the CallApiCallback builtin to

    - pass the context as with other stubs, and
    - pass holder and call data in registers.

    This avoids having to place holder and call data onto the stack, and
    thus makes it possible to easily call the CallApiCallback builtin from
    other builtins while just forwarding the (stack) arguments. The idea
    is to use this in the future to optimize the general case of calling
    into any API method via a FunctionTemplateInfo and doing appropriate
    security and/or interface checks upfront as necessary (eventually making
    the HandleApiCall C++ builtin obsolete at some point).

Change-Id: Ice52b68678fbea69e765c22daa3134524860e5de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505234Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Predrag Rudic <prudic@wavecomp.com>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60049}

Blink CL: http://crrev.com/c/1504573

Bug: chromium:936797
Change-Id: I24092f53f40dbd663ffb58122ec0239b7c185904
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505372Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60048}

This CL refactors the torque-compiler module slightly to allow
compilation of string inputs in addition to file path inputs. The
added functionality is then used to implement the first
'goto type defintion' unit test.

R=tebbi@chromium.org

Bug: v8:8880
Change-Id: I178a387abda6e319e66d41c50431cb139ac6e9f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503263
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60047}

This becomes necessary due to [1]. We cannot roll DEPS otherwise [2].
WebRTC is doing this too [3].

[1] https://chromium-review.googlesource.com/c/chromium/src/+/1500198
[2] https://chromium-review.googlesource.com/c/v8/v8/+/1505272
[3] https://webrtc-review.googlesource.com/c/src/+/125840

TBR=machenbach@chromium.org

Change-Id: I07ecc878f6c64767be025c9999dbb49423031e90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505292Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60046}

This adds overloads of v8::Isolate::{Add,Remove}MicrotaskCompletedCallback,
that use MicrotasksCompletedCallbackWithData, and marks the original one
as V8_DEPRECATE_SOON for transition.

Bug: v8:8124
Change-Id: I124c3108545e1a2b29cd95620f36901431663c65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1493766Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60045}

This reverts commit 83fa1717.

Reason for revert: Mac ASan failure. This also happens for WebRTC and is due to this change: https://chromium-review.googlesource.com/c/chromium/src/+/1500198

Original change's description:
> Update V8 DEPS.
> 
> Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/80892bf..0416321
> 
> Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cf661ac..7e68767
> 
> TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org
> 
> Change-Id: I029046d9e7fbceaed48d94e9e20c2eba61b08cac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1504778
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#60043}

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com

Change-Id: If8c60c8d83f70a0fc966d7bda00999bc5630431e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505272Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60044}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/80892bf..0416321

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cf661ac..7e68767

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I029046d9e7fbceaed48d94e9e20c2eba61b08cac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1504778Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60043}

This is in preparation for the removal of Unibrow.

Bug: v8:8362
Change-Id: Icb969457e71d64d765eaf0fd1d0b8b9c6b6eb388
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1490572
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60042}

JSDate, JSStringIterator, JSAsyncFromSyncIterator, JSDataPropertyDescriptor

Change-Id: Ia2cfd8fa61672fb4d6ec5082bae07e7add97fe60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1500674Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60041}

The bulk memory operations should not bounds check ahead of time, but
instead should write as many bytes as possible until the first
out-of-bounds access.

Bug: v8:8890
Change-Id: Ia8179fe268fc65816c34a8f3461ed0a0d35600aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497520
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60040}

we can't use {**dict1, **dict2} in python2 code.
see report https://travis-ci.com/bmsdave/v8/jobs/180113432

Bug: v8:935200
Change-Id: I2f2a1283583432d6d0167436dd7d4205455049cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1484303
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60039}

R=clemensh@chromium.org
CC=machenbach@chromium.org,sergiyb@chromium.org

Bug: v8:8728
Change-Id: I37d10867a805647c98660699233c5c2b23429eae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503377Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60038}

Bug: v8:8945
Change-Id: Ib26d97bb6b5b1a6d523079bd3277ca28488eec9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503264
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60037}

Align the Table implementation limits with the JavaScript Embedding
limits defined in the specification (from MAX_UINT32 to 1e7).

Introduce a new helper (max_table_init_entries) that returns the
maximum number of Table entry at initialization. It takes into account
the maximum Table size, which can be passed by a flag.

Bug: v8:8633
Change-Id: Idfa19418e81f478f7886a30876e66c9b216e25ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496971
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60036}