In a recent CL (https://codereview.chromium.org/2738683003) I changed
the generation of call instructions on arm to emit a constant pool if
necessary. However it can happen now that a call is generated within a
PredictableSizeScope, which causes a crash if a constant pool is
actually emitted, which naturally changes the size of the generated
code. With this CL I add a flag to the generation of a call where we
can state explicitly that for particular calls, i.e. those calls within
a PredictableSizeScope, we do not want to emit a constant pool.

BUG=chromium:704528

Change-Id: I7740d5440d007a2a5457c524aa8eec1b74944d57
Reviewed-on: https://chromium-review.googlesource.com/459602Reviewed-by: Jacob Bramley <jacob.bramley@arm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44181}

Revert of [regexp] Named capture support for string replacements (patchset #5 id:80001 of https://codereview.chromium.org/2775303002/ )

Reason for revert:
Invalid DCHECKs for non-matched groups.

Original issue's description:
> [regexp] Named capture support for string replacements
>
> This implements support for named captures in
> RegExp.prototype[@@replace] for when the replaceValue is not callable.
>
> Named captures can be referenced from replacement strings by using the
> "$<name>" syntax. A couple of examples:
>
> let re = /(?<fst>.)(?<snd>.)/u;
> "abcd".replace(re, "$<snd>$<fst>")  // "bacd"
> "abcd".replace(re, "$2$1")     // "bacd" (numbered refs work as always)
> "abcd".replace(re, "$<snd")    // SyntaxError (unterminated named ref)
> "abcd".replace(re, "$<42$1>")  // "cd" (invalid name)
> "abcd".replace(re, "$<thd>")   // "cd" (non-existent name)
> "abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>")  // "cd" (non-matched capture)
>
> Support is currently behind the --harmony-regexp-named-captures flag.
>
> BUG=v8:5437
>
> Review-Url: https://codereview.chromium.org/2775303002
> Cr-Commit-Position: refs/heads/master@{#44171}
> Committed: https://chromium.googlesource.com/v8/v8/+/17f13863b64b25eccf565e0aa9c4c441f0562b84

TBR=yangguo@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5437

Review-Url: https://codereview.chromium.org/2776293003
Cr-Commit-Position: refs/heads/master@{#44180}

This CL removes code which is based on the assumption that if
WebAssembly code says that memory accesses are aligned, that they are
really aligned. On arm, memory accesses crashed when this assumption
was violated.

Most likely this CL will cause a performance regression on arm. At the
moment we plan to fix this regression eventually by using arm NEON
instructions in V8.

R=titzer@chromium.org

Change-Id: Ibb60fa1ef0173c13af813a3cb7eb26bfa2a847c2
Reviewed-on: https://chromium-review.googlesource.com/451297Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44179}

A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: Ic189610a943251b6b0cbd316afbf422c0da7a4cd
Reviewed-on: https://chromium-review.googlesource.com/458007
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44178}

As far as I can see, we have had this bug as long as destructuring assignments
have been there (i.e., this is not regression).

The problem was that Parser::DoParseFunction parsed the arrow function parameters
but didn't rewrite the destructuring assignments in them.

BUG=chromium:704811

Change-Id: I0b1424e7d5103eda6efd51b403fe81a4ee235e01
Reviewed-on: https://chromium-review.googlesource.com/459618
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44177}

A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: I0a3546618d01b9232014da94cf8d0f72427a0d1d
Reviewed-on: https://chromium-review.googlesource.com/458006
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44176}

We were notifying the debug event listeners after every 1000 steps.
This CL fixes this to only notify them if we actually paused because of
a hit breakpoint.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I00e36b89307c7e761ceb24ccdb3157056cfb8178
Reviewed-on: https://chromium-review.googlesource.com/459480Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44175}

This removes the static helper which is by now only used by a single
runtime function. In general the {Runtime} class no longer acts as a
grab-bag for various helper functions.

R=petermarshall@chromium.org

Change-Id: I9c2141bbd88db27ae1f95fe004bcc8a7c5506208
Reviewed-on: https://chromium-review.googlesource.com/459597
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44174}

A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: Ief4eb3c9873026a93338d5556985f31c9abe17e6
Reviewed-on: https://chromium-review.googlesource.com/458005
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44173}

BUG= v8:6132
NOTRY=true

Change-Id: I47beef4f90b37c259252b86a856f5bc075979084
Reviewed-on: https://chromium-review.googlesource.com/461299
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44172}

This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.

Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:

let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>")  // "bacd"
"abcd".replace(re, "$2$1")     // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd")    // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>")  // "cd" (invalid name)
"abcd".replace(re, "$<thd>")   // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>")  // "cd" (non-matched capture)

Support is currently behind the --harmony-regexp-named-captures flag.

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44171}

R=machenbach@chromium.org
BUG=v8:6127

Change-Id: I19092232bc0de728ec37fa9188998ec9dbd94bed
Reviewed-on: https://chromium-review.googlesource.com/459498
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44170}

When the optimal parameter mode is untagged (i.e. on x64), it's more
efficient to read the length of the properties backing store untagged
instead of reading the tagged value first and then untagging it
explicitly.

Change-Id: I0f685523e11da12fe51fad138bf972ee743c3ac8
Reviewed-on: https://chromium-review.googlesource.com/461138Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44169}

BUG=v8:6027

Review-Url: https://codereview.chromium.org/2772203005
Cr-Commit-Position: refs/heads/master@{#44168}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ad3a39a..5dd7ff3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/0cfeabf..d979a85

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/5c4f541..9fbab72

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I488badea7b8f36fb366cc514269f9bccf538ba37
Reviewed-on: https://chromium-review.googlesource.com/461400Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44167}

BUG=chromium:699485

R=ahaas@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2772973002
Cr-Commit-Position: refs/heads/master@{#44166}

This was causing GC stress failures. Garbage collections can happen during
runtime calls, such was WasmStackGuard. If the collection cleans up Wasm
objects, then they will have to modify the trap handler data structures, which
requires taking a lock. This lock can only be taken if the thread-in-wasm flag
is clear. We were getting crashes because this flag was not clear.

This change fixes the issue by making sure any runtime calls from Wasm clear the
thread-in-wasm flag and then restore it upon return. In addition, it cleans up
the code by adding a helper function that generates the code to modify the flag.

BUG= v8:6132

Change-Id: I95d43388dff60ba792c57fe13448a40a02ed4802
Reviewed-on: https://chromium-review.googlesource.com/458698
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44165}

Currently, V8 uses the same counter to count both wasm and and asm js. This
splits the counters into two separate counters, and then uses the appropriate
counter when instantiating the module.

BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2777073003
Cr-Commit-Position: refs/heads/master@{#44164}

Currently, V8 uses the same counter to collect decoding time for both asm.js and
WASM. This separates that counter into two separate counters, and then uses the appropriate counter when instantiating a module.

BUG=chromium:704922
R=bbudge@chromium.org,mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2780563002
Cr-Commit-Position: refs/heads/master@{#44163}

Previously we threw a generic error meesage on failing hole check for
accessing 'this'. But 'this' can be a hole only if the super() has not
been called so we change the error message.

BUG=v8:5957

Change-Id: I2f0e3d813f16919645d8a5efa7d26e73bd2d83fe
Reviewed-on: https://chromium-review.googlesource.com/459085
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44162}

Change-Id: Ib278d08768062c94b3a2f568f17984bb6761bc30
Reviewed-on: https://chromium-review.googlesource.com/461321Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44161}

A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: I977eec8faecc8a112506f219994b4e4ec388b180
Reviewed-on: https://chromium-review.googlesource.com/458004
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44160}

Previously this test was flaky, but it seems to have been fixed
upstream and it now consistently passes locally for 100 runs.

BUG=v8:4253

Change-Id: I583d6d7848ddbb9bcdacdbe7bf4374b01ba569af
Reviewed-on: https://chromium-review.googlesource.com/459739Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44159}

We don't need hints from embedder any more.

BUG=none
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2773143002
Cr-Commit-Position: refs/heads/master@{#44158}

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2776263002
Cr-Commit-Position: refs/heads/master@{#44157}

- Fixes vmovl for widening 16 to 32, 32 to 64.
- Adds vqmovn.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2773303002
Cr-Commit-Position: refs/heads/master@{#44156}

The SerializeGeneric method assumes that the object was not serialized
before. Hence, we should not call it repeatedly for the same builtin.
This CL now exposes SerializeBuiltin, and calls that directly.
We also serialize the Illegal builtin for wasm interpreter entries,
which are never reused across instantiations anyway.

R=ahaas@chromium.org, yangguo@chromium.org
BUG=v8:5822

Change-Id: Id74b86fe29171908ed35ddbc06c93f0d241e4917
Reviewed-on: https://chromium-review.googlesource.com/458380Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44155}

A std::deque interacts badly with zone memory in that it allocates chunks
of memory for the back of the queue and frees memory from the front of the
queue. As such we never reuse zone memory for the queue. Implement a very
simple RecyclingZoneAllocator which keeps a single block of memory from
deallocation that can be reused on allocation.

Also clean up zone-allocator a bit and make it use proper Chromium coding
style.

BUG=chromium:700364

Change-Id: I19330a8a9ec6d75fe18d8168d41f1a12030a6c4d
Reviewed-on: https://chromium-review.googlesource.com/458916Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44154}

When node splitting is enabled new nodes could be created during scheduling.
The Scheduler::node_data_ and Schedule::nodeid_to_block_ zone vectors
reserve enough space for the node count before splitting, however will
have to reallocate space when node splitting occurs. The vectors double
in space by default, meaning the peak zone usage is 3x the required amount
for these vectors as soon as a single node is split. Avoid this in the
common case by reserving 10% extra space for split nodes. The value
10% was choosen since it covers 98.7% of the optimized functions in Octane.

BUG=chromium:700364

Change-Id: Ibabd8d04cffd1eb08cc3b8a12b76892208ef3288
Reviewed-on: https://chromium-review.googlesource.com/458425
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44153}

The scheduled_nodes_ vector is used to maintain a per-block list of
non-fixed nodes. For most blocks this list remains empty, so lazily
initialize it instead of pre-allocating to save memory.

Also pre-reserve an extra 10% of blocks to avoid reallocting space in the
vector when fusing floating control creates new basic blocks.

BUG=chromium:700364

Change-Id: I9876e6a42bc90c9bff5838620365c18609ed1ee9
Reviewed-on: https://chromium-review.googlesource.com/458919Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44152}

These aren't used thanks to new implementation in CSA.

BUG=v8:5977

Change-Id: Ia4acfa0d1a925eba305a818913cbeff479b27792
Reviewed-on: https://chromium-review.googlesource.com/458477
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44151}

The Control Equivalance phase was taking a lot of memory by allocating a
large datastructure for every node even if the nodes were dead or wouldn't
participate in the control equivalence algorithm. Instead allocate the
data on-demand, and use the presense of the data as the flag for whether
the node participates in the algorithm.

Also remove DFS number field as it was unused.

This reduces the amount of memory used for a 10,000 node graph in the linked
bug from ~450KB to ~70KB. It also seems to reduce scheduling time by around
10% for local runs of Octane.

BUG=chromium:700364

Change-Id: Iedfdf4dff0a01463c5b6471513e6b69ef010b02d
Reviewed-on: https://chromium-review.googlesource.com/458219Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44150}

If used, the TypeProfileSlot is always added as the first slot and its
index is constant. If other slots are added before the TypeProfileSlot,
this number changes.

BUG=v8:5933

Change-Id: I57bc6bea3c48804af28c2d1dafe6a52bdd7d12e3
Reviewed-on: https://chromium-review.googlesource.com/459511Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44149}

This patch adds support for MIPS SIMD (MSA) instructions in Assembler
and Decoder (disassembler) classes. MSA instructions are implemented for
both mips32 and mips64 architectures.

BUG=

Review-Url: https://codereview.chromium.org/2740123004
Cr-Commit-Position: refs/heads/master@{#44148}

Remove deep nesting and repeated code by using a switch-based structure
(instead of if-based), use clearer variable names, and separate cleanly between
immutable and mutable variables.

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2776123002
Cr-Commit-Position: refs/heads/master@{#44147}

This reverts commit 3d82e557.

Reason for revert: gc stress failures, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/9729/steps/Mjsunit%20%28flakes%29/logs/regress-crbug-647217

Original change's description:
> Resize identity map by doubling instead of quadrupling.
> 
> Perf-sheriffs please revert if this causes any performance regressions.
> 
> BUG=
> 
> Change-Id: I9ead7148e1e0146ece3614df49fd031dd1e357fe
> Reviewed-on: https://chromium-review.googlesource.com/445159
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44143}

TBR=rmcilroy@chromium.org,titzer@chromium.org,jochen@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Change-Id: I96cc0e2ca225b9a76eaaf604cd240e71176736ba
Reviewed-on: https://chromium-review.googlesource.com/459513Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44146}

This reverts commit 6ad5ca59.

Reason for revert: Breaks on noi18n bot, needs fix in the new regression test

Original change's description:
> [wasm] Check the result of Promise::Resolver
> 
> We check that if we do not get a result, or if we get a negative result,
> then there has to be a scheduled exception.
> 
> R=​clemensh@chromium.org
> TEST=mjsunit/regress/wasm/regression-704127
> BUG=chromium:704127
> 
> Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5
> Reviewed-on: https://chromium-review.googlesource.com/458282
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44144}

TBR=ahaas@chromium.org,clemensh@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:704127

Change-Id: Ibf6d27929c88064bc2755688358998640092e31a
Reviewed-on: https://chromium-review.googlesource.com/459512Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44145}

We check that if we do not get a result, or if we get a negative result,
then there has to be a scheduled exception.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regression-704127
BUG=chromium:704127

Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5
Reviewed-on: https://chromium-review.googlesource.com/458282Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44144}

Perf-sheriffs please revert if this causes any performance regressions.

BUG=

Change-Id: I9ead7148e1e0146ece3614df49fd031dd1e357fe
Reviewed-on: https://chromium-review.googlesource.com/445159
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44143}

This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is callable.

In that case, the result.groups object is passed to the replacer
function as the last argument.

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2764343004
Cr-Commit-Position: refs/heads/master@{#44142}