Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.

Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.

R=mstarzinger@chromium.org, neis@chromium.org
TBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n

Review URL: https://codereview.chromium.org/1865833002

Cr-Commit-Position: refs/heads/master@{#35283}

BUG=chromium:590071
LOG=N

Review URL: https://codereview.chromium.org/1856123005

Cr-Commit-Position: refs/heads/master@{#35282}

Anotates bytecodes with a description of how each uses the accumulator.

Validates annotations and uses of accumulator when generating bytecode
handlers.

Only prints the accumulator during tracing where used.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1852213002

Cr-Commit-Position: refs/heads/master@{#35281}

Rolling v8/third_party/icu to c291cde264469b20ca969ce8832088acb21e0c48

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1863963002

Cr-Commit-Position: refs/heads/master@{#35280}

The Chrome Extensions code that was broken by this change the first time
it landed has been amended to deal appropriately with the ES2015
semantics in https://codereview.chromium.org/1864733002/.

BUG=v8:4602
LOG=y

Review URL: https://codereview.chromium.org/1857313003

Cr-Commit-Position: refs/heads/master@{#35279}

BUG=v8:4680
LOG=N
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1865683002

Cr-Commit-Position: refs/heads/master@{#35278}

The parser eagerly rewrites destructuring assignments occuring
in formal parameter initializers, because not doing so would
cause the BindingPattern rewriting to be confused and do the
wrong thing.

This change prevents this rewriting from descending into the
bodies of lazily parsed functions.

In general, it's a mistake to descend into the bodies of function
literals anyways, since they are rewritten separately on their
own time, so there is no distinction made between lazily
"throw away" eagerly parsed functions in the temporary parser
arena, or "real" eagerly parsed functions that will be compiled.

BUG=chromium:594084, v8:811
LOG=N
R=adamk@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1864553002

Cr-Commit-Position: refs/heads/master@{#35277}

Since interface-descriptors-ppc.h is removed, so remove it from v8.gyp as well.

R=machenbach@chromium.org,joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1864593002

Cr-Commit-Position: refs/heads/master@{#35276}

We decided to remove related devtools experiment.

BUG=chromium:526811
LOG=Y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1833563002

Cr-Commit-Position: refs/heads/master@{#35275}

R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1862633002

Cr-Commit-Position: refs/heads/master@{#35274}

R=bradnelson@chromium.org
BUG=chromium:599825
LOG=Y

Review URL: https://codereview.chromium.org/1858263002

Cr-Commit-Position: refs/heads/master@{#35273}

R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1856413002

Cr-Commit-Position: refs/heads/master@{#35272}

Previously, CreateDataProperty would fail a DCHECK when used to create
an integer indexed property on a TypedArray. This patch makes it throw
a TypeError instead. The issue came up when Array.prototype.concat
was repaired to use CreateDataProperty rather than SetElement; concat
can be tricked into making a new TypedArray if it is given an Array
whose prototype is a TypedArray. This patch prevents the issue.

R=adamk
LOG=Y
BUG=chromium:596394

Review URL: https://codereview.chromium.org/1821723004

Cr-Commit-Position: refs/heads/master@{#35271}

R=neis@chromium.org
BUG=v8:4887
LOG=N

Review URL: https://codereview.chromium.org/1857263002

Cr-Commit-Position: refs/heads/master@{#35270}

BUG=chromium:599414
LOG=n

Review URL: https://codereview.chromium.org/1863553003

Cr-Commit-Position: refs/heads/master@{#35269}

LOG=N

Review URL: https://codereview.chromium.org/1796863002

Cr-Commit-Position: refs/heads/master@{#35268}

In test regress-492.js, the return sequence require to adjust sp to
sp + 513 * 8 bytes, which causes overflow of the displacement in LA.

R=michael_dawson@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1865443002

Cr-Commit-Position: refs/heads/master@{#35267}

R=ulan@chromium.org
BUG=v8:4886
LOG=N

Review URL: https://codereview.chromium.org/1859063003

Cr-Commit-Position: refs/heads/master@{#35266}

This makes sure the type feedback vector is allocated and installed on
the SharedFunctionInfo before any of the compilers are being called.
Note that this now allows for an object state where a function is not
compiled but has a valid feedback vector is installed. This is working
as intended and supported by the rest of the system.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1857203002

Cr-Commit-Position: refs/heads/master@{#35265}

Revert of [api] Restrict Template::Set to take templates or primitive values (patchset #1 id:1 of https://codereview.chromium.org/1839983002/ )

Reason for revert:
Breaks node.js

Original issue's description:
> [api] Restrict Template::Set to take templates or primitive values
>
> Embedders that passed in non-primitive values should either use
> getters/setters (templates) or install a native data property,
> otherwise, the values would all result in cross-context leaks
>
> BUG=none
> R=verwaest@chromium.org
> LOG=y
>
> Committed: https://crrev.com/eebdee8eafa97849cc70c25f3fecf1b075bac248
> Cr-Commit-Position: refs/heads/master@{#35244}

TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=none

Review URL: https://codereview.chromium.org/1860003002

Cr-Commit-Position: refs/heads/master@{#35264}

This makes sure the SharedFunctionInfo is available whenever we evaluate
the UseIgnition predicate. This makes sure we can apply filters properly
even when the interpreter causes eager compilation (instead of lazy).

R=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1860943002

Cr-Commit-Position: refs/heads/master@{#35263}

Because the operands in this test are encoded in little endian format.
Therefore, their bytes are all swapped when reading them on big endian machine.

R=mbrandy@us.ibm.com,joransiu@ca.ibm.com,titzer@chromium.org,machenbach@chromium.org,bradnelson@chromium.org,ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1858793002

Cr-Commit-Position: refs/heads/master@{#35262}

This change removes the large contiguous backing store from the young generation
and replaces it regular pages.

We keep a pool of pages that are committed/uncommitted to avoid creating virtual
memory maps during growing and shrinking.

BUG=chromium:581412
LOG=N

Review URL: https://codereview.chromium.org/1853783002

Cr-Commit-Position: refs/heads/master@{#35261}

Revert of Correctly annotate eval origin. (patchset #4 id:60001 of https://codereview.chromium.org/1854713002/ )

Reason for revert:
[Sheriff] Crashes a layout test:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/5855

Original issue's description:
> Correctly annotate eval origin.
>
> There were a couple of issues with it:
> - interpreter is not supported
> - the source position was just accidentally correct for full-codegen
> - the eval origin could have been cached
>
> Also fixes a few other places to use AbstractCode.
>
> R=mstarzinger@chromium.org
>
> Committed: https://crrev.com/2f3a171adc9e620c2235bf0562145b9d4eaba66d
> Cr-Commit-Position: refs/heads/master@{#35257}

TBR=mstarzinger@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1858773004

Cr-Commit-Position: refs/heads/master@{#35260}

In simplified numbering, we make sanity checks based on types (e.g.,
NumberSubtract should take numbers as inputs), but this can be
violated if optimization passes make types less precise.

In this CL, we fix load elimination to make sure that types are
smaller in the store -> load elimination by taking an intersection
of the load's type with the store value's type and inserting a guard
with that type. Note that the load type comes from type feedback, so
it can be disjoint from the stored value type (in that case, this
must be dead code because the map chack for the load should prevent
us from using the stored value).

BUG=chromium:599412
LOG=n

Review URL: https://codereview.chromium.org/1857133003

Cr-Commit-Position: refs/heads/master@{#35259}

If we use ScopeIterator inside a debug-evaluate call, we may iterate
over a debug-evaluate context that we created for the debug-evaluate
call. This may trigger assertions.

The solution is to have the ScopeIterator hide debug-evaluate contexts
by unwrapping it if it comes across any.

R=cbruni@chromium.org
BUG=chromium:599662
LOG=N

Review URL: https://codereview.chromium.org/1859033002

Cr-Commit-Position: refs/heads/master@{#35258}

There were a couple of issues with it:
- interpreter is not supported
- the source position was just accidentally correct for full-codegen
- the eval origin could have been cached

Also fixes a few other places to use AbstractCode.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1854713002

Cr-Commit-Position: refs/heads/master@{#35257}

Port 40bdbef9

Implement Int32MulPair operator for MIPS.

BUG=

Review URL: https://codereview.chromium.org/1848253002

Cr-Commit-Position: refs/heads/master@{#35256}

BUG=v8:4882
LOG=n

Review URL: https://codereview.chromium.org/1863543002

Cr-Commit-Position: refs/heads/master@{#35255}

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1830593002

Cr-Commit-Position: refs/heads/master@{#35254}

BUG=chromium:537444, v8:4698
LOG=N
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1859763005

Cr-Commit-Position: refs/heads/master@{#35253}

If a statement or expression does not produce any bytecode, it's position
should always be overwritten by a following statement position.

R=mstarzinger@chromium.org, vogelheim@chromium.org
BUG=v8:4680
LOG=N

Review URL: https://codereview.chromium.org/1854113002

Cr-Commit-Position: refs/heads/master@{#35252}

When seeing a rest pattern, we used to get the remaining elements from the
iterator by calling %concat_iterable_to_array on it.  This was wrong because it
caused an observable [[Get]] for @@iterator (which the iterator may not even
provide).

This CL gets rid of the call to %concat_iterable_to_array and does the iteration
manually in a simple while-loop.  It also gets rid of %concat_iterable_to_array
itself because there aren't any other uses of it.

BUG=v8:4759
LOG=n
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1852703002

Cr-Commit-Position: refs/heads/master@{#35251}

  The CL #35067 (https://codereview.chromium.org/1830703003) exposed one hidden bug in x87 crankshaft code generation for DoMathFloor and DoMathRound.

  The current DoMathFloor will change the default round mode of x87 FPU and then deoptimized into FC code before the default x87 FPU's round mode was restored.
  This behavior caused several test cases fail as the FC code expected to run under the default x87 FPU's round mode.

  This CL fixed this bug.

BUG=

Review URL: https://codereview.chromium.org/1856303002

Cr-Commit-Position: refs/heads/master@{#35250}

This was missing from the previous fix.

R=ishell@chromium.org
BUG=chromium:599714
LOG=n

Review URL: https://codereview.chromium.org/1861583002

Cr-Commit-Position: refs/heads/master@{#35249}

Rolling v8/base/trace_event/common to c8c8665c2deaf1cc749d9f8e153256d4f67bf1b8

Rolling v8/build/gyp to 4ec6c4e3a94bd04a6da2858163d40b2429b8aad1

Rolling v8/tools/clang to faee82e064e04e5cbf60cc7327e7a81d2a4557ad

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1856133003

Cr-Commit-Position: refs/heads/master@{#35248}

Mask used in MacroAssembler::TestJSArrayForAllocationMemento was not supposed
to shifted right by 16 bits before loaded in to register r0.

R=michael_dawson@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1852403002

Cr-Commit-Position: refs/heads/master@{#35247}

R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com,joransiu@ca.ibm.com,

BUG=

Review URL: https://codereview.chromium.org/1852373002

Cr-Commit-Position: refs/heads/master@{#35246}

The background here is that graphs generated from WASM are not trimmed.
That means there can be some floating control diamonds that are not
reachable from end. An assertion in the scheduler for phis from floating
diamonds checks that the use edge in this situation is the control edge,
but in general, any edge could cause this.

Scheduling still works without this assertion. The longer term fix
is to either trim the graphs (more compile time overhead for WASM)
or improve the scheduler's handling of dead code in the graph. Currently
it does not schedule dead code but the potential use positions of
dead code are used in the computation of the common dominator of uses. We could
recognize dead nodes in PrepareUses() and check in GetBlockForUse()
as per TODO.

R=bradnelson@chromium.org, mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1846933002

Cr-Commit-Position: refs/heads/master@{#35245}

Embedders that passed in non-primitive values should either use
getters/setters (templates) or install a native data property,
otherwise, the values would all result in cross-context leaks

BUG=none
R=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1839983002

Cr-Commit-Position: refs/heads/master@{#35244}