Since the deoptimizer generalizes maps for all materialized objects, it
must make sure that none of the object's fields contain mutable heap numbers
(only double fields are allowed to point to mutable heap numbers). With this CL,
we simply change any mutable heap numbers in property arrays to immutable ones.

This could be dangerous if some non-materialized object could point to this
property array, but this cannot happen because interpreter registers cannot
refer to naked property arrays.

Bug: chromium:776309
Change-Id: I897b604fa804de673710cfa3ba0595dbd9f80eeb
Reviewed-on: https://chromium-review.googlesource.com/759781Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49263}

This reverts commit ac0661b3.

Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035

Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}

TBR=jarin@chromium.org,tebbi@chromium.org

Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}

R=machenbach@chromium.org
BUG=v8:6792
NOTREECHECKS=true
NOTRY=true

Change-Id: I878b11c6bddeca59ff49bfa88031a4ce15507e04
Reviewed-on: https://chromium-review.googlesource.com/759039Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49261}

This is a reland of 0db90bc5
Original change's description:
> [regexp] Include unicode/uvernum.h in parser
>
> This patch explicitly includes unicode/uvernum.h in the regular
> expression parser.
>
> It should be removed once we no longer need to check
> `U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
> updates their ICU. This is an ongoing effort:
> https://github.com/nodejs/node/pull/16876
>
> BUG=v8:4743
>
> Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
> Reviewed-on: https://chromium-review.googlesource.com/758407
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49253}

Bug: v8:4743
Change-Id: Id3f375f27fb5eaa4129884f99095d16763bd6e86
Reviewed-on: https://chromium-review.googlesource.com/758861Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49260}

TBR=machenbach@chromium.org

Change-Id: I5b82f56e9b9d894455500de693fe6ac6de5205ae
Reviewed-on: https://chromium-review.googlesource.com/758764
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49259}

assembler-arm64.h and assembler-arm64-inl.h have a B() function
which conflicts with the B macro in bytecode-utils.h.

Headers that leak macros can be annoying to deal with, in this case
we can't simply undef B at the end of source files that include
bytecode-utils.h because the second source file that includes
bytecode-utils.h won't see the B macro.  Let's just move this macro
into the two unittest files that include this header.

Bug: chromium:746958
Change-Id: I588b73fe81615f882a0e010c92ba187d3bc2bf25
Reviewed-on: https://chromium-review.googlesource.com/758779
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49258}

This turns the deoptimization entries from free-floating memory chunks
that were not considered part of the heap into true {Code} objects. By
marking them as immovable we get the same guarantees without the need
for side-stepping heap API methods.

R=jarin@chromium.org
BUG=v8:6792

Change-Id: I88e1795e52fb586f7ca960d08cd6d9d082f4df9b
Reviewed-on: https://chromium-review.googlesource.com/756851Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49257}

Bug: v8:6917
Change-Id: I7dae0715264cdf9f963f2454b101f6260d8493ff
Reviewed-on: https://chromium-review.googlesource.com/758837Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49256}

This reverts commit 0db90bc5.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/17335

You need to also check whether i18n is on, e.g. #ifdef V8_INTL_SUPPORT.

Original change's description:
> [regexp] Include unicode/uvernum.h in parser
> 
> This patch explicitly includes unicode/uvernum.h in the regular
> expression parser.
> 
> It should be removed once we no longer need to check
> `U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
> updates their ICU. This is an ongoing effort:
> https://github.com/nodejs/node/pull/16876
> 
> BUG=v8:4743
> 
> Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
> Reviewed-on: https://chromium-review.googlesource.com/758407
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49253}

TBR=yangguo@chromium.org,jshin@chromium.org,jgruber@chromium.org,mathias@chromium.org

Change-Id: I58d6b7a49b707c97153b8b0aec141248f5c669e1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:4743
Reviewed-on: https://chromium-review.googlesource.com/759777Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49255}

This was originally introduced to reuse large handlers, but now only
LdaContextSlot and LdaCurrentContextSlot remain (both roughly 2-300
bytes in size).

Since handler reuse complicates lazy (de)serialization and currently
doesn't seem to give us significant advantages, let's remove this.

Bug: v8:6624
Change-Id: I6f19952632e10bd67677a825bbcb46d580a9d5c8
Reviewed-on: https://chromium-review.googlesource.com/758642Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49254}

This patch explicitly includes unicode/uvernum.h in the regular
expression parser.

It should be removed once we no longer need to check
`U_ICU_VERSION_MAJOR_NUM` during preprocessing, i.e. once Node.js
updates their ICU. This is an ongoing effort:
https://github.com/nodejs/node/pull/16876

BUG=v8:4743

Change-Id: I3cd9447b481249a9035d9fb00745057da8809c58
Reviewed-on: https://chromium-review.googlesource.com/758407Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49253}

Bug: chromium:746958
Change-Id: I38e19678e57e5769f4eb19b588ab1de1f4c3bb11
Reviewed-on: https://chromium-review.googlesource.com/758777Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49252}

R=yangguo@chromium.org

This is a reland of
for the no-i18n configuration.

https: //chromium-review.googlesource.com/c/v8/v8/+/571746 with a fix
Bug: 
Change-Id: I3e654791267b20fb3703ad4220404d8078f43440
Reviewed-on: https://chromium-review.googlesource.com/758999Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Corry <erikcorry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49251}

This patch adds support for Regional_Indicator within Unicode property
escapes in regular expressions.

The Regional_Indicator binary property was added in Unicode v10 and is
supported in ICU 60.1.

An `#if` directive is used to prevent breaking Node.js until they
update their ICU.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7acec13c8ae7552558a0f852937984bba828e738
Reviewed-on: https://chromium-review.googlesource.com/758273Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49250}

This reverts commit 7e78506f.

Reason for revert: Breaks roll:
https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm64_dbg_recipe/builds/381619

Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: If538a174d048e0416b4374426df721d4ea84cd4c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758860Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49249}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6501469..cfed275

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/ca0bd08..4a9623a

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/723b259..4b58512

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I31f2d64ee07b308fe1b66603e9b630c9b1007e7f
Reviewed-on: https://chromium-review.googlesource.com/759936Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49248}

Shl/ShrS/ShrU
Add/AddSaturateS/Sub/SubSaturateS

Bug: 
Change-Id: I9fbca45a22505ce1cea6b6ee2b57c07b71d31d50
Reviewed-on: https://chromium-review.googlesource.com/737513
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49247}

Change-Id: Id7e93baaf9a4991c26c73579754a3a03d3822f1e
Reviewed-on: https://chromium-review.googlesource.com/759408Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49246}

The runtime_call_stats_ can be NULL on a worker thread when RCS
are enabled dynamically.

BUG=v8:7043

Change-Id: I1d26ae76c46955e017c82037b4a015ad86ba2f77
Reviewed-on: https://chromium-review.googlesource.com/755419Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49245}

BUG=v8:7054
TBR=adamk@chromium.org,yangguo@chromium.org
NOTRY=true
NOTREECHECKS=true

Change-Id: I69690ac4062c0dcb3c66a7db3ddba6d1078bc389
Reviewed-on: https://chromium-review.googlesource.com/759246
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49244}

Like CSP flag 'unsafe-eval', which communicates if both JS source
files and WASM binary files may be compiled, this CL adds a similar
flag for the compilation of WASM binary files.

That is, a WASM binary file will be compiled only if the new flag is
defined, or the flag for 'unsafe-eval' allows it. These flags are
implemented as callback functions on the isolate. The callbacks get a
(CSP) context, and a string, and returns the corresponding value of
the flag.

Both callbacks are initialized with the nullptr, and is used to
communicate that no CSP policy is defined. This allows this concept to
work, independent of it running in Chrome.

It also does a small clean up in api.cc to use macro CALLER_SETTERS,
instead of explicit code when appropriate.

Bug: v8:7041
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idb3356574ae2a298057e6b7bccbd3492831952ae
Reviewed-on: https://chromium-review.googlesource.com/759162Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49243}

This reverts commit 7e78506f.

Reason for revert: Broke Android build on Arm64.

Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Ic09de4d63c19746a62e804b1f889817ffaebc330
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758625Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49242}

The Wasm AST-based fuzzer is supposed to create valid modules by
construction. This change adds a CHECK to enforce this property.

Additionally, this change exposed several cases where we were not generating
valid modules before:
  * Block types did not match up correctly
  * Memory operations could have invalid alignments
  * Storing an i64 could generate an i32 argument incorrectly.
This CL includes fixes for these issues as well.

Bug: 
Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b
Reviewed-on: https://chromium-review.googlesource.com/757129
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49241}

b % 32 could produce negative results. Therefore, the result
of the shift could be undefined values.

Bug: 
Change-Id: I6c2f7201df424735695aa01891d46523e3c5bd12
Reviewed-on: https://chromium-review.googlesource.com/759079
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49240}

StoreDataPropertyInLiteral doesn't throw (because the previous uses of
this didn't throw), but class fields can throw on defining the
property which means we can't use this. Changing to CreateDataProperty
runtime call instead.

Bug: v8:5367
Change-Id: I1ab45413b121972dd18fe2b35a0cedd8efe0e0bf
Reviewed-on: https://chromium-review.googlesource.com/757824
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49239}

This was a regression from 317cf321
which showed up, at least, on Kraken.

Bug: chromium:782150
Change-Id: Ifd69b86c566182f1a50761b67c911bdde2aed997
Reviewed-on: https://chromium-review.googlesource.com/759101Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49238}

We need to throw before rethrowing, otherwise the exception does
not trigger a debugger event and is not reported if uncaught.

R=gsathya@chromium.org, jgruber@chromium.org

Bug: v8:7047
Change-Id: I7ce0253883a21d6059e4e0ed0fc56dc55a0dcba6
Reviewed-on: https://chromium-review.googlesource.com/758372Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49237}

The method forces all running profilers attached to the provided isolate
to collect a sample with the current stack.

It is going to be used to synchronize trace events generated by embedder with the samples
collected by the profiler.

Also it will finally allow us to break dependency of isolate on CPU profiler.

BUG=chromium:721099

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I81a0f8a463f837b5201bc8edaf2eb4f3761e3ff8
Reviewed-on: https://chromium-review.googlesource.com/750264Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49236}

- Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
- Changes OS::Allocate to take alignment parameter, reorders parameters
  to match page_allocator.
- Since the size of memory allocation can be deduced, don't return the
  amount of memory allocated.
- Changes reservation of aligned address space. Before we would reserve
  (size + alignment) rounded up to page size. This is too much, because
  maximum misalignment is (alignment - page_size).
- On Windows and Cygwin, we release an oversize allocation and
  immediately retry at the aligned address in the allocation. If we
  lose the address due to a race, we just retry.
- Clean up all the calls to OS::Allocate in codegen and tests by adding
  helper AllocateSystemPage function (allocation.h) and
  AllocateAssemblerBuffer (cctest.h).
- Changes 'assm' to 'masm' in some targets for consistency when using
  a macro-assembler.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
Reviewed-on: https://chromium-review.googlesource.com/749848
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49235}

Now that ICU 60.1 was autorolled in, reenable
number-format/format-currency test the expected result of which was
adjusted to match the output from ICU 60.1/CLDR 32.

Bug: chromium:766816
Test: intl/number-format/format-currency
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If58d493821d505b86202e134b9e2061504dd5e6a
Reviewed-on: https://chromium-review.googlesource.com/758027Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49234}

Function prologues created slots for callee-saved registers twice on all platforms.
This didn't affect JS because it doesn't use callee-save, but would probably have
badly broken exceptions raised in Wasm code because Isolate::UnwindAndFindHandler
was restoring registers and SP incorrectly. It also broke the in-progress CL for
on-stack multiple returns.

No tests included with this fix, because currently it is almost impossible to test
directly (according to mstarzinger). But it will be tested indirectly via the upcoming
multi-return support.

Change-Id: If763cafc03de0a912eca48d5e25e8edfc4552b24
Reviewed-on: https://chromium-review.googlesource.com/758374Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49233}

Bug: v8:6791
Change-Id: I05c8be6ac880c5ab5451db24dd0ad57b74bde8ba
Reviewed-on: https://chromium-review.googlesource.com/757137
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49232}

For each single bug, the fuzzer might find many very similar inputs
which trigger this bug. All of them are reported as individual bugs
currently, which means lots of noise in bug reports and increased
workload for the clusterfuzz sheriffs.
After this change, all bugs of the same category ("compiles !=
validates", "interpreter != liftoff", ...) will be grouped together.
This requires us to fix them soon after reporting, as they will hide
all other bugs of the same category.

R=ahaas@chromium.org
CC=mmoroz@chromium.org

Change-Id: Ie203eed0c7681e3450df977b10c0d9dbbc402d34
Reviewed-on: https://chromium-review.googlesource.com/758438Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49231}

Instead of disabling the entire RegExp Unicode property escape test
suite, this patch explicitly lists the failing tests and only disables
them.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If398eb4fcc8d9d96279dc5afb29489e699744d9f
Reviewed-on: https://chromium-review.googlesource.com/758757
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49230}

This patch adds support for Emoji_Component within Unicode property
escapes in regular expressions.

The Emoji_Component binary property was added in Emoji data v5
and is supported in ICU 60.1.

An `#if` directive is used to prevent breaking Node.js until they
update their ICU.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If1b49a4c175e88f1840ca5ef8d57829d6d8c3291
Reviewed-on: https://chromium-review.googlesource.com/758261Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49229}

They have been meaning the same thing for a while now.

R=jarin@chromium.org

Bug: 
Change-Id: Ie5988e6429b795babfa1e1f79841a9f03b8362dc
Reviewed-on: https://chromium-review.googlesource.com/758268
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49228}

Port https://chromium-review.googlesource.com/c/chromium/src/+/752143 to GYP

Bug: 
Change-Id: Id6f3322282ef5992b1e93dcab16d573a6b394a4d
Reviewed-on: https://chromium-review.googlesource.com/758243Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#49227}

Arm64 jumbo builds might otherwise select the CountTrailingZeros function
from utils-arm64.h as a closer match, and fail to build due to differences
in the function prototype.

Bug: chromium:782640
Change-Id: Ie26d71b34aaf0e3ae5020597fed506df83b7d0ea
Reviewed-on: https://chromium-review.googlesource.com/758271Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49226}

This is a cleanup.

R=jarin@chromium.org

Bug: 
Change-Id: I1621fde3f2a7da03ceca781b96d5ffec44eb8168
Reviewed-on: https://chromium-review.googlesource.com/758373Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49225}

There's three common situations in which we need to create JSFunction
objects.  1) from the compiler, 2) from tests, and 3) everything else
(mostly during bootstrapping).

This is an attempt to simplify case 3), which previously relied on
several Factory::NewFunction overloads where it was not clear how the
semantics of each overload differed.

This CL removes all but one overload, and packs arguments into a new
NewFunctionArgs helper class.

It also removes the hacks around
SFI::set_lazy_deserialization_builtin_id by explicitly passing
builtin_id into Factory::NewSharedFunctionInfo.

Drive-by-fix: Properly set is_constructor hint in
SimpleCreateSharedFunctionInfo.

Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ica94d95e72e443055db5e7ff9e8cdf4115201ef1
Reviewed-on: https://chromium-review.googlesource.com/757094
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49224}