An additional slide offset is exported into `shared-library`, which is used to
symbolize C++ stack on systems with ASLR (OS X).

This patch adds slide offset support in dumpcpp script.

BUG=v8:5048

Review-Url: https://codereview.chromium.org/2006813002
Cr-Commit-Position: refs/heads/master@{#36574}

This fixes data-flow tracking of sub-word (i.e. int8 or int16) element
accesses withing the escape analysis. In essense this makes sure that
we only ever consider the offset for loads and stores on tracked objects
and avoid mangling the offset on untracked ones.

R=jarin@chromium.org
TEST=cctest/test-api/Fixed[U]Int[8,16]Array

Review-Url: https://codereview.chromium.org/2008883002
Cr-Commit-Position: refs/heads/master@{#36573}

Revert of [builtins] Also migrate String.prototype.toLowerCase/toUpperCase to C++. (patchset #2 id:20001 of https://codereview.chromium.org/2018983002/ )

Reason for revert:
Please rebase blink first (if intended):
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7092

Original issue's description:
> [builtins] Also migrate String.prototype.toLowerCase/toUpperCase to C++.
>
> These builtins always call into C++ anyways and so there's no point in
> having the JavaScript wrapper around them, but instead they can be
> implemented as C++ builtins directly.
>
> R=franzih@chromium.org
> BUG=v8:5049
>
> Committed: https://crrev.com/4e66888869bf04c73b41e5747e4595747a7b20df
> Cr-Commit-Position: refs/heads/master@{#36569}

TBR=franzih@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2023753002
Cr-Commit-Position: refs/heads/master@{#36572}

BUG=v8:5053
TBR=bmeurer@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2024583002
Cr-Commit-Position: refs/heads/master@{#36571}

  port 91c88644 (r36539)

  original commit message:
  We get less "pollution" of type feedback if we have one vector per native
  context, rather than one for the whole system. This CL moves the vector
  appropriately.

BUG=

Review-Url: https://codereview.chromium.org/2019263002
Cr-Commit-Position: refs/heads/master@{#36570}

These builtins always call into C++ anyways and so there's no point in
having the JavaScript wrapper around them, but instead they can be
implemented as C++ builtins directly.

R=franzih@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2018983002
Cr-Commit-Position: refs/heads/master@{#36569}

Rolling v8/build to 0671aae0bf5e388dc2a7d2610cbeab6b31ef7bb4

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2019253002
Cr-Commit-Position: refs/heads/master@{#36568}

Rolling v8/build to dd69258f1644517e9577f64ab72586fe097d681c

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2025533002
Cr-Commit-Position: refs/heads/master@{#36567}

Rolling v8/build to 10d3723f73a8bfb0bcbee33f368d92dea8ad1bd7

Rolling v8/tools/clang to ef8e028ea0f0fdf3be7be6e817e5c26c8ba7aebe

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2021623002
Cr-Commit-Position: refs/heads/master@{#36566}

One of the top runtime calls in many workloads is Runtime_Call. Add an
intrinsic for the interpreter to inline this runtime call.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2019433003
Cr-Commit-Position: refs/heads/master@{#36565}

Port 91c88644

Original commit message:

    We get less "pollution" of type feedback if we have one vector per native
    context, rather than one for the whole system. This CL moves the vector
    appropriately.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2011183005
Cr-Commit-Position: refs/heads/master@{#36564}

The busted logic caused us to go down the SCRIPT path internally,
causing us to fail the test262 tests that attempt to induce parse
errors at the top level.

R=littledan@chromium.org
BUG=v8:4985

Review-Url: https://codereview.chromium.org/2008743002
Cr-Commit-Position: refs/heads/master@{#36563}

We now have data that 0.011% of websites use the pattern
  for (var i = 0 in j) { ... }
This pattern was banned by ES2015, with the idea to revisit if
it presents a web compatibility problem. Informally, after
the May 2016 TC39 meeting, the new data was discussed, and there
was interest in reversing the decision. Although the specification
is not yet updated, it seems likely to come soon.

This patch turns off the flag which bans that construct, reenabling
it. The change should prevent websites from breaking.

BUG=v8:4942

Review-Url: https://codereview.chromium.org/2011223003
Cr-Commit-Position: refs/heads/master@{#36562}

Some tests, e.g. in test262, want to create a new same-origin
realm. This patch exposes a new function,
Realm.createAllowCrossRealmAccess(), which vends a new realm with
the same security token as the currently executing one.

Review-Url: https://codereview.chromium.org/1973363004
Cr-Commit-Position: refs/heads/master@{#36561}

Port 91c88644

Original commit message:

    We get less "pollution" of type feedback if we have one vector per native
    context, rather than one for the whole system. This CL moves the vector
    appropriately.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2017983002
Cr-Commit-Position: refs/heads/master@{#36560}

R=littledan@chromium.org
BUG=v8:4628

Review-Url: https://codereview.chromium.org/2017753002
Cr-Commit-Position: refs/heads/master@{#36559}

- Renames UnallocatedOperandenum values to reflect the fact that there are
multiple FP machine representations.
- Renames enum values for RegisterAllocatorVerifier enum.
- Template-izes DefineAsFixed and UseFixed methods to handle multiple FP
register types.

BUG=v8:4124

Review-Url: https://codereview.chromium.org/2017733002
Cr-Commit-Position: refs/heads/master@{#36558}

Annex B 3.3 applies only for ordinary FunctionDeclarations, not
GeneratorDeclarations or AsyncFunctionDeclarations. This patch
- Skips applying Annex B 3.3 to async functions
- Adds a flag to refrain from applying it to generators
- UseCounter for how often duplicate function in block occurs
  with generators (unclear how to measure need for hoisting from block)

BUG=v8:4806

Review-Url: https://codereview.chromium.org/1995863002
Cr-Commit-Position: refs/heads/master@{#36557}

This got left behind from the changes in
https://codereview.chromium.org/2007803002/

PromiseSet only takes 3 arguments.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2016183002
Cr-Commit-Position: refs/heads/master@{#36556}

intl/number-format/parse-percent.js
intl/date-format/parse-mdyhms.js
intl/number-format/parse-decimal.js
intl/date-format/parse-MMMdy.js

Also added a few more test cases.

BUG=v8:3454
TEST=The tests listed above.

Review-Url: https://codereview.chromium.org/1988073003
Cr-Commit-Position: refs/heads/master@{#36555}

This is a temporary band-aid to turn an uncontrolled segfault into
a safe crash. The proper fix will probably be to abort compilation.

BUG=chromium:582702

Review-Url: https://codereview.chromium.org/2021433003
Cr-Commit-Position: refs/heads/master@{#36554}

These builtins do call into C++ anyways, so there's no point in keeping
the JavaScript wrappers for them.

R=franzih@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2018963002
Cr-Commit-Position: refs/heads/master@{#36553}

Rename some methods to reflect the fact that there are multiple FP
machine representations.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2013193002
Cr-Commit-Position: refs/heads/master@{#36552}

Online optimization stage for reducing redundant transfers between registers.

BUG=V8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1997653002
Cr-Commit-Position: refs/heads/master@{#36551}

This CL makes sure that Symbols-keys are printed the same way for
fast and slow properties. Additionally the elements and properties
are marked clearer in the output.

BUG=

Review-Url: https://codereview.chromium.org/2008893002
Cr-Commit-Position: refs/heads/master@{#36550}

R=titzer@chromium.org, bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2014283002
Cr-Commit-Position: refs/heads/master@{#36549}

BUG=mjsunit/wasm/asm-wasm-f*,mjsunit/wasm/asm-wasm-i*

Review-Url: https://codereview.chromium.org/2013393002
Cr-Commit-Position: refs/heads/master@{#36548}

This allows sloppy arguments objects to be allocated by the generic
Heap::AllocateJSObjectFromMap allocation function. An empty elements
backing store for such objects is provided. This is needed in order to
materialize such objects without access to a specific native context.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-613919
BUG=chromium:613919

Review-Url: https://codereview.chromium.org/2014343004
Cr-Commit-Position: refs/heads/master@{#36547}

R=ahaas@chromium.org,bradnelson@chromium.org,aseemgarg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2017853003
Cr-Commit-Position: refs/heads/master@{#36546}

This was initially used to special case some weird date.js behavior, but
has since been abused in other areas. In case of the string character
access, everything that is outside the Smi range cannot be a valid
string index anyways, so %NumberToSmi is perfect here in either case,
and for ToPositiveInteger it's better to just use ToInteger adding +0 to
turn -0 into +0.

R=ishell@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2010183003
Cr-Commit-Position: refs/heads/master@{#36545}

Adding optional operators for FNeg for WebAssembly, as the current implementation was significantly suboptimal for ARM.

Review-Url: https://codereview.chromium.org/2011303002
Cr-Commit-Position: refs/heads/master@{#36544}

Rewrite decodeURI and decodeURIComponent as builtin functions
and install them in the bootstrapper.

Delete unused runtime functions:
 - TruncateString
 - NewString
 - OneByteSeqStringGetChar
 - OneByteSeqStringSetChar
 - TwoByteSeqStringGetChar
 - TwoByteSeqStringSetChar

Add regression test for decoding large strings. Clusterfuzz detected
a problem with %TruncateString, see
https://bugs.chromium.org/p/chromium/issues/detail?id=612109#c6
This is automatically fixed by this rewrite because %TruncateString
is deleted anyways.

Crude benchmark on 585 decodeURI and decodeURIComponent tests
averaged over five runs:

* builtin functions
real	0m9.69s
user	2m39.8816s
sys    	0m12.6398s

* JS functions calling into the runtime e.g., for %TruncateString
real	0m11.0598s
user	3m6.7026s
sys	0m13.5756s

By running:
$  time tools/run-tests.py   --arch=x64  --mode=Release --buildbot
  test262/built-ins/decodeURI* mjsunit/uri
>>> Running tests for x64.Release

BUG=v8:4912, chromium:612109
R=yangguo@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1994733003
Cr-Commit-Position: refs/heads/master@{#36543}

This inlines the test and compare binary operations into Ignition.
With this CL all binary ops are inlined into Ignition's bytecode
handlers.

Some blocks were shuffled around in Equals/NotEquals stubs to avoid
creating frames unecessarily. Some labels were also marked as non-
deferred in both Equals/NotEquals and the AbstractRelationalComparison
stubs for the same reason.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2013573004
Cr-Commit-Position: refs/heads/master@{#36542}

Commit c86f1897 corrected the way context from which a specific error is
thrown, but the in-line comment was not updated to reflect this.

Update the comment to accurately describe the intended behavior.

LOG=N
R=littledan@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1999483002
Cr-Commit-Position: refs/heads/master@{#36541}

This intrinsic (and the matching runtime entry) are no longer used by
now and can thereby be removed.

BUG=v8:5049

Review-Url: https://codereview.chromium.org/2016993003
Cr-Commit-Position: refs/heads/master@{#36540}

We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.

BUG=

Review-Url: https://codereview.chromium.org/1906823002
Cr-Commit-Position: refs/heads/master@{#36539}

Currently Mac ComputeThreadTicks only uses user time, this patch adds system
time in order to get more accurate CPU time.

BUG=v8:4984
LOG=n

Review-Url: https://codereview.chromium.org/2016513002
Cr-Commit-Position: refs/heads/master@{#36538}

Rolling v8/build to d96032ba08a39623c95c377a5f592f9931c93385

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2017003002
Cr-Commit-Position: refs/heads/master@{#36537}

For the common use case of having a single resolve or reject callback,
the callbacks are stored directly. Only when an additional callback is
registered, we create an array to store these callbacks.

There are 3 possible states for the resolve, reject symbols when we add
a new callback --
1) UNDEFINED -- This is the zero state where there is no callback
registered. When we see this state, we directly attach the callbacks to
the symbol.
2) !IS_ARRAY -- There is a single callback directly attached to the
symbols. We need to create a new array to store additional callbacks.
3) IS_ARRAY -- There are multiple callbacks already registered,
therefore we can just push the new callback to the existing array.

Also, this change creates a new symbol for storing the deferred objects.
Previously the deferred objects were stored in the callback arrays, but
since we no longer create arrays for the initial case, we need this new
symbol. The cctest has been updated to account for this new symbol.

This patch results in a 19% improvement(over 5 runs) in the bluebird benchmark.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2007803002
Cr-Commit-Position: refs/heads/master@{#36536}

Review-Url: https://codereview.chromium.org/2001283006
Cr-Commit-Position: refs/heads/master@{#36535}