R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2110053002
Cr-Commit-Position: refs/heads/master@{#37387}

This functionality is duplicated with the same functionality in
SimplifiedLowering, which is kinda premature and doesn't seem to
be useful.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2103323003
Cr-Commit-Position: refs/heads/master@{#37386}

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2109083002
Cr-Commit-Position: refs/heads/master@{#37385}

Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.

Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.

BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2111433003
Cr-Commit-Position: refs/heads/master@{#37383}

There are no useful typing rules for Change and Checked operators, so we
better make sure we don't run them through the Typer at all.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2107783004
Cr-Commit-Position: refs/heads/master@{#37382}

This function should also be callable from a concurrent thread, so we cannot use
the scope here. Instead, provide a test that checks that no handles are created.

R=ulan@chromium.org
TEST=cctest/test-conversions/NoHandlesForTryNumberToSize
BUG=

Review-Url: https://codereview.chromium.org/2106083002
Cr-Commit-Position: refs/heads/master@{#37381}

BUG=

Review-Url: https://codereview.chromium.org/2099683002
Cr-Commit-Position: refs/heads/master@{#37380}

This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.

This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.

R=yangguo@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}

The start argument must be converted to an integer before the length argument is
converted.  (Consequently, the start argument is converted even when the length
is 0.)  This matters because conversion is observable.

Also rewrite the function in a way that closely resembles the spec text.

R=littledan@chromium.org
BUG=v8:5140

Review-Url: https://codereview.chromium.org/2109583002
Cr-Commit-Position: refs/heads/master@{#37378}

R=yangguo@chromium.org,jarin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2112443002
Cr-Commit-Position: refs/heads/master@{#37377}

BUG=

Review-Url: https://codereview.chromium.org/2109943003
Cr-Commit-Position: refs/heads/master@{#37376}

R=bmeurer@chromium.org

BUG=v8:5086,v8:5157

Review-Url: https://codereview.chromium.org/2107733002
Cr-Commit-Position: refs/heads/master@{#37375}

BUG=

Review-Url: https://codereview.chromium.org/2107833002
Cr-Commit-Position: refs/heads/master@{#37374}

Reland of https://codereview.chromium.org/2034093002 (reverted by
https://codereview.chromium.org/2080153002).

Original commit message:
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.

BUG=

Review-Url: https://codereview.chromium.org/2083523002
Cr-Commit-Position: refs/heads/master@{#37373}

Revert of [turbofan] Implicitly emit eager checkpoint at graph building. (patchset #13 id:260001 of https://codereview.chromium.org/2074703002/ )

Reason for revert:
Causers flaky failures on the waterfall on Mac with the following error in the builtin QuickSort method:

#
# Fatal error in Zone
# Allocation failed - process out of memory
#

Original issue's description:
> [turbofan] Implicitly emit eager checkpoint at graph building.
>
> This makes preparation of eager checkpoints within the graph builder
> implicit. Every sub-expression visitation is now guaranteed to emit
> valid checkpoints in AstContext.
>
> R=jarin@chromium.org
> BUG=v8:5021
>
> Committed: https://crrev.com/74e328efee7995aeee6d568f9d14f9bbc1087100
> Cr-Commit-Position: refs/heads/master@{#37368}

TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2104973004
Cr-Commit-Position: refs/heads/master@{#37372}

  The reason:
  All RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases
  use the C++ function to generate the expected value or result. So for x87, all those expected value or result are
  extended double precision as the extended double precision is default for x87 Gcc compiler and std lib on linux platform.

  The issue is:
  For RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan test cases, the expected values generated by C++ function
  are extended double precision, the results generated by X87 jitted code are double precision according to the ECMA standard.
  The comparison of different precisons caused some of those test cases failed.

  For Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases, the expected values are pre-defined double precision values, the results
  generated by C++ function are extended double precision. The comparison of different precisons caused some of those test cases
  failed too.

  This CL disables RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases for x87.

BUG=

Review-Url: https://codereview.chromium.org/2111493002
Cr-Commit-Position: refs/heads/master@{#37371}

Operand(reg) -> reg
Operand(reg, 0) -> [reg]

BUG=

Review-Url: https://codereview.chromium.org/2111503002
Cr-Commit-Position: refs/heads/master@{#37370}

The lastIndex property must be written with the semantics of a strict [[Set]],
so an exception must be thrown when the attributes don't allow writing.  We used
to ignore the attributes.

R=littledan@chromium.org, yangguo@chromium.org
BUG=v8:5138

Review-Url: https://codereview.chromium.org/2109593002
Cr-Commit-Position: refs/heads/master@{#37369}

This makes preparation of eager checkpoints within the graph builder
implicit. Every sub-expression visitation is now guaranteed to emit
valid checkpoints in AstContext.

R=jarin@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2074703002
Cr-Commit-Position: refs/heads/master@{#37368}

It's not safe to magically compute types during representation
selection, so better disable the Typer decorator before we start
to do the representation/truncation analysis. This will also allow
us to move to a world where we can run representation selection
concurrently eventually.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2103363004
Cr-Commit-Position: refs/heads/master@{#37367}

BUG=chromium:620553
LOG=N
R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2102243002
Cr-Commit-Position: refs/heads/master@{#37366}

BUG=none
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2101413002
Cr-Commit-Position: refs/heads/master@{#37365}

Port c1d01aea

Fix a few failures which occur because instruction cache
hasn't been flushed after update of WASM references.

BUG=mjsunit/wasm/asm-wasm-heap,mjsunit/wasm/start-function

Review-Url: https://codereview.chromium.org/2103093003
Cr-Commit-Position: refs/heads/master@{#37364}

BUG=v8:5161
NOTRY=true
NOTREECHECKS=true
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2111483002
Cr-Commit-Position: refs/heads/master@{#37363}

BUG=v8:5161
NOTRY=true
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2107113002
Cr-Commit-Position: refs/heads/master@{#37362}

The only real use case left for TypeGuard was the renaming inside the
LoadElimination, but this case only occurs in dead code (guarded by a
previous Check), so it's not relevant, and we can drop the TypeGuard
operator completely.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2108793003
Cr-Commit-Position: refs/heads/master@{#37361}

TBR=hablich@chromium.org, kbr@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2106053002
Cr-Commit-Position: refs/heads/master@{#37360}

This is the last user of %_DoubleLo and actually unnecessary, since we
can just use the normal Math.random() instead.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2109483004
Cr-Commit-Position: refs/heads/master@{#37359}

Revert of [heap] Optimize ArrayBuffer tracking (patchset #5 id:80001 of https://codereview.chromium.org/2107443002/ )

Reason for revert:
Seems to break GPU bots

Original issue's description:
> [heap] Optimize ArrayBuffer tracking
>
> With the current approach we only need to track using an unordered set as we can
> still access the backing store pointer and length by the time we free the
> backing store.
>
> BUG=chromium:619491, chromium:611688
> LOG=N
> R=ulan@chromium.org
>
> Committed: https://crrev.com/8d2ae27808f047ca8b8f90e63a9c8735321d2ad0
> Cr-Commit-Position: refs/heads/master@{#37318}

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:619491, chromium:611688

Review-Url: https://codereview.chromium.org/2105273002
Cr-Commit-Position: refs/heads/master@{#37358}

R=bmeurer@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2101523003
Cr-Commit-Position: refs/heads/master@{#37357}

Rolling v8/build to 5340820b7f216d4f155213173cf678774741788d

Rolling v8/buildtools to c36df184fb212b911d5e0fdee45647610e3ea54d

Rolling v8/tools/mb to e79fc1007f026e7d899abec066b714c750103019

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2102393002
Cr-Commit-Position: refs/heads/master@{#37356}

Add a flag harmony_trailing_commas_in_parameters that allows trailing
commas in function parameter declaration lists and function call
parameter lists. Trailing commas are allowed in parenthetical lists like
`(a, b, c,)` only if the next token is `=>`, thereby making it an arrow
function declaration. Only 1 trailing comma is allowed, not `(a,,)`. A
trailing comma must follow a non-rest parameter, so `(,)` and `(...a,)`
are still SyntaxErrors. However, a trailing comma is allowed after a
spread parameter, e.g. `a(...b,);`.

Add parser tests for all of the above.

BUG=v8:5051
LOG=y

Review-Url: https://codereview.chromium.org/2094463002
Cr-Commit-Position: refs/heads/master@{#37355}

BUG=617526
R=bradnelson@chromium.org
TEST=regress-617526.js

Review-Url: https://codereview.chromium.org/2101923003
Cr-Commit-Position: refs/heads/master@{#37354}

Comparisons were allowing asm 'int' values in places
that require strict 'signed' or 'unsigned' but not both.

Fixes crash when these make it to asm-wasm.

BUG=599413
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2106683003
Cr-Commit-Position: refs/heads/master@{#37353}

This reverts commit 1eb1dfab.

The original compilation separation change avoided associating a heap
for the wasm instance if memory was not provided, nor needed. The
grow memory CL assumed the old behavior, where a memory buffer was
always present, but may have had a zero size.

The 2CLS  landed shortly after one another. We decided to treat the
grow memory as the race condition winner, so this CL here re-lands
compilation separation, plus adjusts grow memory to deal with
the undefined mem buffer.

BUG=

Review-Url: https://codereview.chromium.org/2102193003
Cr-Commit-Position: refs/heads/master@{#37352}

This reverts commit 0c7ee927.

BUG=

Review-Url: https://codereview.chromium.org/2103983003
Cr-Commit-Position: refs/heads/master@{#37351}

asm.js forbids mixing signed and unsigned % or /.
We had been allowing these.

Fixes crash.

BUG=618602
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2107683002
Cr-Commit-Position: refs/heads/master@{#37350}

We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).

Fixes crash.

BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}

Support for serializing/deserializing the compiled wasm module.

We want to reuse the javascript snapshotting mechanics, at least in the
short term, when we still use the JS heap for the compiled wasm code.
Given that a module may be compiled in one v8 instance and then
instantiated later, in a different instance, whatever information we need
at instantiation time must also be serializable.

We currently hold on to the un-decoded wasm bytes, for enabling
debugging scenarios. This imposes a ~20% penalty on the memory
requirements of the wasm compiled code. We do not need this data
otherwise, for runtime, and it is sensible to consider eventually loading it
on demand. Therefore, I intentionally avoided relying on it and re-
decoding the wasm module data, and instead saved the information
necessary to support instantiation.

Given how whatever we need to persist must be serializable, the CL
uses a structure made out of serializable objects (fixed arrays mostly)
for storing this information. I preferred going this route rather than
adding more wasm-specific support to the serializer, given that we want
to eventually move off the JS heap, and therefore the serializer.

Additionally, it turns out this extra information is relatively not complex:
minimal structure, little nesting depth, mostly simple data like numbers
or byte blobs, or opaque data like compiled functions.

This CL also moves export compilation ahead of instantiation time.

This change added a helper getter to FixedArray, to make typed retrieval
of elements easier.

BUG=

Review-Url: https://codereview.chromium.org/2094563002
Cr-Commit-Position: refs/heads/master@{#37348}