For an edge case like the following in sloppy mode
  with ({}) function f() {}
a lexical scope needs to be created around the body in order
to hold the function declaration, so it can be hoisted according
to a loose interpretation of Annex B 3.3 (loose because ES2015
does not permit a function declaration as the body of a with
statement). This patch adds that scope.

BUG=chromium:542100
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1404803002

Cr-Commit-Position: refs/heads/master@{#31269}

This patch fixes an obscure edge case for functions defined as the
direct body of a for-of/for-in loop, such as the following:

 for (foo in []) function foo() { return foo; }

Here, the first occurrence of foo should point to the outer scope;
however, before this patch, it pointed to the inner foo in an
invalid way which caused an assertion about the scope chain to fail.
This patch fixes the scope chain by inserting an extra scope for
the body of the loop, not including the header.

BUG=chromium:542099
LOG=N
R=rossberg

Review URL: https://codereview.chromium.org/1396663004

Cr-Commit-Position: refs/heads/master@{#31268}

BUG=chromium:535160
LOG=n

Review URL: https://codereview.chromium.org/1402953004

Cr-Commit-Position: refs/heads/master@{#31267}

Revert of Add bailout for large objects when allocating arrays in optimized code. (patchset #1 id:1 of https://codereview.chromium.org/1408553002/ )

Reason for revert:
[Sheriff] Breaks deopt fuzzer:
http://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/5634

See comment in CL for repro.

Original issue's description:
> Add bailout for large objects when allocating arrays in optimized code.
>
> BUG=
>
> Committed: https://crrev.com/0c81c4e924d7bdb45fce98209c21985d754e047d
> Cr-Commit-Position: refs/heads/master@{#31259}

TBR=bmeurer@chromium.org,hpayer@chromium.org,mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1409543002

Cr-Commit-Position: refs/heads/master@{#31266}

This CL re-purposes ValueEffect and Finish as delimiters for regions
that are scheduled atomically (renamed to BeginRegion, FinishRegion).

The BeginRegion node takes and produces an effect. For the uses that do
not care about the placement in the effect chain, it is ok to feed
graph->start() as an effect input.

The FinishRegion takes a value and an effect and produces a value and
an effect. It is important that any value or effect produced inside the
region is not used outside the region. The FinishRegion node is the only
way to smuggle an effect and a value out.

At the moment, this does not support control flow inside the region. Control flow would be hard.

During scheduling we do some sanity check, but the checks are not exhaustive. Here is what we check:
- the effect chain between begin and finish is linear (no splitting,
  single effect input and output).
- any value produced is consumed by the FinishRegion node.
- no control flow outputs.

Review URL: https://codereview.chromium.org/1399423002

Cr-Commit-Position: refs/heads/master@{#31265}

The AccessorsTable has a non-deterministic iteration order depending on the
random seed. This means that the order of the accessor defines could vary
and the test which tried to set accessors on two different properties
could flakly fail due to the order not being as expected. To fix this I make
the test only do a setter on one property (the test-interpreter.cc test
does the check on multiple property accessors

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1404793002

Cr-Commit-Position: refs/heads/master@{#31264}

Support negate with shifted input on ARM64 by supporting lhs zero registers for
binary operations, and removing explicit Neg instruction support.

Review URL: https://codereview.chromium.org/1404093003

Cr-Commit-Position: refs/heads/master@{#31263}

Replaces the use of KeyedStoreICGeneric with a vector based KeyedStoreIC for
array literal computed stores now that there is a feedback vector slot for
these expressions. Removes KeyedStoreICGeneric bytecode since this is no
longer necessary.

BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1400353002

Cr-Commit-Position: refs/heads/master@{#31262}

Port f2f46aff

Original commit message:
    The lack of a vector slot for the keyed store operation in filling in
    non-constant array literal properties led to undesirable contortions in
    compilers downwind of full-codegen. The use of a single slot to initialize all
    the array elements is sufficient.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1390353006

Cr-Commit-Position: refs/heads/master@{#31261}

Previously, any AstVisitor subclasses which wanted to make use of
the shared stack overflow checking code needed to depend on Isolate.

With this patch, it will be easy to create a second InitializeAstVisitor
overload taking a stack_limit directly, for use in code that has no
Isolate available (such as code running in the parser).

AstVisitor subclasses which depended upon the isolate() accessor have
been fixed to either have their own isolate_ member or get it from
somewhere else convenient.

Review URL: https://codereview.chromium.org/1387383005

Cr-Commit-Position: refs/heads/master@{#31260}

BUG=

Review URL: https://codereview.chromium.org/1408553002

Cr-Commit-Position: refs/heads/master@{#31259}

BUG=

Review URL: https://codereview.chromium.org/1396333004

Cr-Commit-Position: refs/heads/master@{#31258}

BUG=chromium:542823
LOG=n

Review URL: https://codereview.chromium.org/1391373004

Cr-Commit-Position: refs/heads/master@{#31257}

It is used by AstGraphBuilder (TF) and BytecodeGenerator (Ignition), so is no
longer a full-codegen datastructure. Removes full-codegen.h dependency from
compiler/ and interpreter/

Review URL: https://codereview.chromium.org/1393393003

Cr-Commit-Position: refs/heads/master@{#31256}

Perform native context specialization immediately after graph
construction (also after inlinee graph construction). This way
we can do unified inlining before we go to typing and typed
lowering. And we will get better typing due to constants and
(checked) type feedback.

R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1404123002

Cr-Commit-Position: refs/heads/master@{#31255}

Revert of VectorICs: turn on vectors for STORE and KEYED_STORE ics. (patchset #1 id:1 of https://codereview.chromium.org/1396523005/ )

Reason for revert:
Windows crash failure, must be investigated.

Original issue's description:
> VectorICs: turn on vectors for STORE and KEYED_STORE ics.
>
> R=jkummerow@chromium.org
> BUG=
>
> Committed: https://crrev.com/52225f39df578e77b4804506ca4bc15e096f5cab
> Cr-Commit-Position: refs/heads/master@{#31252}

TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1398123003

Cr-Commit-Position: refs/heads/master@{#31254}

Adds Object literal support to the interpreter. Adds the following bytecodes:
 - ToName
 - CreateObjectLiteral.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1386313005

Cr-Commit-Position: refs/heads/master@{#31253}

R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1396523005

Cr-Commit-Position: refs/heads/master@{#31252}

R=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1403613003

Cr-Commit-Position: refs/heads/master@{#31251}

BUG=chromium:535160
LOG=n

Review URL: https://codereview.chromium.org/1402073003

Cr-Commit-Position: refs/heads/master@{#31250}

This is a first prototype for a rudimentary inlining heuristic allowing
enabling of general inlining based existing budget flags. Also note that
this approach does not yet work for multi-level inlining, for now the
list of candidates is processed exactly once.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1406543002

Cr-Commit-Position: refs/heads/master@{#31249}

BUG=v8:2899
LOG=n
TBR=jochen@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1396293006

Cr-Commit-Position: refs/heads/master@{#31248}

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1401923004

Cr-Commit-Position: refs/heads/master@{#31247}

R=machenbach@chromium.org
BUG=chromium:541791
LOG=N

Review URL: https://codereview.chromium.org/1396743005

Cr-Commit-Position: refs/heads/master@{#31246}

Correctly initialize the high FP registers.

TEST=test-assembler-mips/movz_movn,test-assembler-mips64/movz_movn
BUG=

Review URL: https://codereview.chromium.org/1399413003

Cr-Commit-Position: refs/heads/master@{#31245}

BUG=

Review URL: https://codereview.chromium.org/1406593002

Cr-Commit-Position: refs/heads/master@{#31244}

Fix mina instruction in mips32 and mips64 simulator according to IEEE 754-2008 standard

BUG=

Review URL: https://codereview.chromium.org/1402923002

Cr-Commit-Position: refs/heads/master@{#31243}

The lack of a vector slot for the keyed store operation in filling in
non-constant array literal properties led to undesirable contortions in
compilers downwind of full-codegen. The use of a single slot to initialize all
the array elements is sufficient.

BUG=

Review URL: https://codereview.chromium.org/1405503002

Cr-Commit-Position: refs/heads/master@{#31242}

Not used yet, so this CL shouldn't change behavior.

Review URL: https://codereview.chromium.org/1368753003

Cr-Commit-Position: refs/heads/master@{#31241}

Adds array literal support to the interpreter. Currently constructed
array elements don't have type feedback slots, so also adds support for
generic keyed store operations.

Adds the following bytecodes:
 - CreateArrayLiteral
 - KeyedStoreICGeneric

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1400753003

Cr-Commit-Position: refs/heads/master@{#31240}

Revert of [heap] Reland decrease large object limit for regular heap objects. (patchset #3 id:40001 of https://codereview.chromium.org/1401173003/ )

Reason for revert:
Still one failing test on Windows.

Original issue's description:
> [heap] Reland decrease large object limit for regular heap objects.
>
> BUG=
>
> Committed: https://crrev.com/9b91bf3a630b5382080ba1d7f9f3e88de3de8a95
> Cr-Commit-Position: refs/heads/master@{#31228}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1395653003

Cr-Commit-Position: refs/heads/master@{#31239}

Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
 - PushContext
 - PopContext

Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1379793004

Cr-Commit-Position: refs/heads/master@{#31238}

Using perf-basic-prof in the test-case was problematic on windows. Use
CodeEventLogger directly.

Previous issue: https://codereview.chromium.org/1396843004/

R=jkummerow@chromium.org,yangguo@chromium.org,yurys@chromium.org
BUG=chromium:539892
LOG=N

Committed: https://crrev.com/701ba0b255f9c34f4b8c43584ef1e35040474e7d
Cr-Commit-Position: refs/heads/master@{#31197}

patch from issue 1396843004 at patchset 60001 (http://crrev.com/1396843004#ps60001)

Review URL: https://codereview.chromium.org/1403763002

Cr-Commit-Position: refs/heads/master@{#31237}

The flag for deactivating break points also affects stepping, since both
are implemented via debug break slots. Fixing this by introducing a new
flag solely responsible for deactivating actual break points.

R=mvstanton@chromium.org
BUG=chromium:119800
LOG=N

Review URL: https://codereview.chromium.org/1402913002

Cr-Commit-Position: refs/heads/master@{#31236}

Revert of [heap] Divide available memory upon compaction tasks (patchset #9 id:340001 of https://codereview.chromium.org/1382003002/ )

Reason for revert:
Failing tests: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug%20-%202/builds/3804/steps/Check/logs/DontLeakGlobalObjects

Original issue's description:
> [heap] Divide available memory upon compaction tasks
>
> - Fairly (round-robin) divide available memory upon compaction tasks.
> - Ensure an upper limit (of memory) since dividing is O(n) for n free-space
>   nodes.
> - Refill from free lists managed by sweeper once a compaction space becomes
>   empty.
>
> Assumption for dividing memory: Memory in the free lists is sparse upon starting
> compaction (which means that only few nodes are available), except for memory
> reducer GCs, which happen in idle time though (so it's less of a problem).
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/30236c052ba9266fc55412a8fd63b17f683ff40b
> Cr-Commit-Position: refs/heads/master@{#31234}

TBR=ulan@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1406533002

Cr-Commit-Position: refs/heads/master@{#31235}

- Fairly (round-robin) divide available memory upon compaction tasks.
- Ensure an upper limit (of memory) since dividing is O(n) for n free-space
  nodes.
- Refill from free lists managed by sweeper once a compaction space becomes
  empty.

Assumption for dividing memory: Memory in the free lists is sparse upon starting
compaction (which means that only few nodes are available), except for memory
reducer GCs, which happen in idle time though (so it's less of a problem).

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1382003002

Cr-Commit-Position: refs/heads/master@{#31234}

R=jkummerow@chromium.org
BUG=chromium:528379
LOG=N

Review URL: https://codereview.chromium.org/1404613002

Cr-Commit-Position: refs/heads/master@{#31233}

This adds a workaround that zeroes out semaphores before they are
initialized. Some versions of sem_init (e.g. GLIBC_2.0) fail to fully
zero out the semaphore, leading to {errno == ENOSYS} with subsequent
sem_timedwait calls.

R=machenbach@chromium.org
BUG=chromium:536813
LOG=n

Review URL: https://codereview.chromium.org/1407463002

Cr-Commit-Position: refs/heads/master@{#31232}

Adds function literal support and add support for OTHER_CALLS which can be
made when calling a function literal.

Adds the CreateClosure bytecode.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1396693003

Cr-Commit-Position: refs/heads/master@{#31231}

This moves JavaScript source files that are bundled with V8 into a
separate directory. The goal is to improve code readability and also
being able to formalize ideal reviewers by subsequently adding the
OWNERS file. These files almost exclusively contain implementations
of methods fully specified by ES6.

Note that files in the "debug" directory as well as the "d8.js" file
aren't affected by this change.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1398733002

Cr-Commit-Position: refs/heads/master@{#31230}