These maps contain exactly the same information as the strict maps, so
this frees up a few pointers of native context space, gets rid of some
branches in FastNewClosure, and adds missing poisoned properties tests
for async functions.

BUG=v8:2355, v8:4483
R=adamk@chromium.org, bmeurer@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2608333002
Cr-Commit-Position: refs/heads/master@{#42051}

R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2611773003
Cr-Commit-Position: refs/heads/master@{#42050}

This is another attempt at solving v8:5736; the previous one (r 41723)
regressed code load.

BUG=v8:5736
R=adamk@chromium.org

Review-Url: https://codereview.chromium.org/2583163002
Cr-Commit-Position: refs/heads/master@{#42049}

Per spec change in https://github.com/tc39/ecma262/pull/724, this adds
the exception thrown when a TypedArray's array buffer is detached at
some point during iteration, after the iterator has already been
created.

BUG=v8:5388
R=littledan@chromium.org, bmeurer@chromium.org, petermarshall@chromium.org

Review-Url: https://codereview.chromium.org/2609913002
Cr-Commit-Position: refs/heads/master@{#42048}

TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2609663002
Cr-Commit-Position: refs/heads/master@{#42047}

Port 72c37076

Original Commit Message:

    Currently the CompileLazy builtin checks the SFI expliciltly for FCG code. This means
    if the SFI has bytecode we have to go through to the runtime to install the
    interpreter entry trampoline into the JSFunction object.

    Modify the builtin to always put the SFI code object into the JSFunction unless it's
    the lazy compile stub on the SFI as well.

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4380
LOG=N

Review-Url: https://codereview.chromium.org/2602383003
Cr-Commit-Position: refs/heads/master@{#42046}

The previous patch for this bug (https://codereview.chromium.org/2599793002/) was wrong because it changed the behavior of isCreatedPhi() in an incompatible way. The actual source of the bug is that escape analysis propagates information along cycles without considering the previous analysis value. This fix makes sure that if a previous merge cleared a field, then it stays cleared.

R=bmeurer@chromium.org

BUG=chromium:670202

Review-Url: https://codereview.chromium.org/2610703002
Cr-Commit-Position: refs/heads/master@{#42045}

MarkCompactCollector::Prepare is too early in the rare case that we don't have a
marking deque yet. EnterFinalPause could then trigger
Heap::RegisterExternallyReferencedObject which rightfully fails because MC is
not properly set up.

Note that the DCHECK also triggers, without actual consequences, for aborting
incremental marking.

BUG=468240
TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2611753002
Cr-Commit-Position: refs/heads/master@{#42044}

This triggered on a CL I was working on today, figured I'd share
my work.

R=mythria@chromium.org, rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2601213002
Cr-Commit-Position: refs/heads/master@{#42043}

Tracks background compilation of Ignition in a separate bucket from main thread
compilation. Also add some more compilation buckets for functions which can take a
significant proportion of compilation.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2577263002
Cr-Original-Commit-Position: refs/heads/master@{#42026}
Committed: https://chromium.googlesource.com/v8/v8/+/b0e9116d59326a4f9a4f4691b61a510e342338c9
Review-Url: https://codereview.chromium.org/2577263002
Cr-Commit-Position: refs/heads/master@{#42042}

Review-Url: https://codereview.chromium.org/2602413002
Cr-Commit-Position: refs/heads/master@{#42041}

Original issue's description:
> Use background tasks for the compiler dispatcher
>
> BUG=v8:5215
> R=marja@chromium.org,vogelheim@chromium.org
>
> Review-Url: https://codereview.chromium.org/2606263002
> Cr-Commit-Position: refs/heads/master@{#42035}
> Committed: https://chromium.googlesource.com/v8/v8/+/7a1b3a7bebbef88e72c9f7747e1930f10ee10c80

BUG=v8:5215
TBR=marja@chromium.org,vogelheim@chromium.org,rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2613483002
Cr-Commit-Position: refs/heads/master@{#42040}

Port d3ed71ed

Original Commit Message:

    Don't fallback to the %StrictEqual / %Equal runtime functions for the
    generic CompareIC slow path, but use the (new) StrictEqual and Equal
    builtins instead. This avoids a performance cliff when mixing input
    types for strict equality sites.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4773
LOG=N

Review-Url: https://codereview.chromium.org/2608283002
Cr-Commit-Position: refs/heads/master@{#42039}

BUG=v8:5428

Review-Url: https://codereview.chromium.org/2613463002
Cr-Commit-Position: refs/heads/master@{#42038}

Revert of Use background tasks for the compiler dispatcher (patchset #5 id:80001 of https://codereview.chromium.org/2606263002/ )

Reason for revert:
Causes IgnitionCompilerDispatcherTest.FinishNowWithBackgroundTask to fail.

https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/11209

Original issue's description:
> Use background tasks for the compiler dispatcher
>
> BUG=v8:5215
> R=marja@chromium.org,vogelheim@chromium.org
>
> Review-Url: https://codereview.chromium.org/2606263002
> Cr-Commit-Position: refs/heads/master@{#42035}
> Committed: https://chromium.googlesource.com/v8/v8/+/7a1b3a7bebbef88e72c9f7747e1930f10ee10c80

TBR=marja@chromium.org,vogelheim@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5215

Review-Url: https://codereview.chromium.org/2614433002
Cr-Commit-Position: refs/heads/master@{#42037}

BUG=v8:5428
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2602403002
Cr-Commit-Position: refs/heads/master@{#42036}

BUG=v8:5215
R=marja@chromium.org,vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2606263002
Cr-Commit-Position: refs/heads/master@{#42035}

Currently the CompileLazy builtin checks the SFI expliciltly for FCG code. This means
if the SFI has bytecode we have to go through to the runtime to install the
interpreter entry trampoline into the JSFunction object.

Modify the builtin to always put the SFI code object into the JSFunction unless it's
the lazy compile stub on the SFI as well.

BUG=v8:4380

Review-Url: https://codereview.chromium.org/2583693003
Cr-Commit-Position: refs/heads/master@{#42034}

When baselining a function using the BaselineFunctionOnNextCall intrinsic, it is
not always ensured that a function is already compiled. Update the
Runtime_BaselineFunctionOnNextCall function to trigger a compile if it is not already
compiled.

BUG=v8:5768

Review-Url: https://codereview.chromium.org/2594543003
Cr-Commit-Position: refs/heads/master@{#42033}

RCS can't be used on background threads out of the box, but ignition
already has RCS itself, so just do trace events

BUG=v8:5215
R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2602383002
Cr-Commit-Position: refs/heads/master@{#42032}

Revert of [Compiler] Track Ignition background compilation separately in RuntimeStats. (patchset #3 id:80001 of https://codereview.chromium.org/2577263002/ )

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/13358

Original issue's description:
> [Compiler] Track Ignition background compilation separately in RuntimeStats.
>
> Tracks background compilation of Ignition in a separate bucket from main thread
> compilation. Also add some more compilation buckets for functions which can take a
> significant proportion of compilation.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2577263002
> Cr-Commit-Position: refs/heads/master@{#42026}
> Committed: https://chromium.googlesource.com/v8/v8/+/b0e9116d59326a4f9a4f4691b61a510e342338c9

TBR=jochen@chromium.org,cbruni@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2609773003
Cr-Commit-Position: refs/heads/master@{#42031}

Migrate Date.prototype.valueOf and Date.prototype[ @@toPrimitive ]
to use the CodeStubAssembler, to avoid going through C++ always
when comparing or subtracting two dates.

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2608143003
Cr-Commit-Position: refs/heads/master@{#42030}

(Missing includes discovered during the objects.h splitting work.)

BUG=v8:5402

Review-Url: https://codereview.chromium.org/2610643002
Cr-Commit-Position: refs/heads/master@{#42029}

Call the %DateCurrentTime runtime function directly instead, which is
cheaper than calling the C++ builtin.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2612513003
Cr-Commit-Position: refs/heads/master@{#42028}

BUG=v8:5428

Review-Url: https://codereview.chromium.org/2606273002
Cr-Commit-Position: refs/heads/master@{#42027}

Tracks background compilation of Ignition in a separate bucket from main thread
compilation. Also add some more compilation buckets for functions which can take a
significant proportion of compilation.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2577263002
Cr-Commit-Position: refs/heads/master@{#42026}

The heap traversal for SFI code objects when logging compiled functions
was previously accessing the abstract code of an SFI, logging its
bytecode if it exists or code object otherwise. However, there are some
(rare) cases where an SFI has both bytecode and a non-interpreter code
object -- for example, after baseline tier-up -- in which case we want
to log both, as both could be executing (at different points on the
stack).

BUG=v8:5758

Review-Url: https://codereview.chromium.org/2603333002
Cr-Commit-Position: refs/heads/master@{#42025}

Changes some for loops to use node->inputs() instead of iterating over
InputCount and accessing InputAt(i). This saves some checks for
"has_inline_inputs" and so some branches.

Review-Url: https://codereview.chromium.org/2585713002
Cr-Commit-Position: refs/heads/master@{#42024}

Revert of [turbofan] fix another divergence in escape analysis (patchset #1 id:1 of https://codereview.chromium.org/2599793002/ )

Reason for revert:
Caused memory corruption.

BUG=chromium:676767

Original issue's description:
> [turbofan] fix another divergence in escape analysis
>
> This divergence bug is very similar to the one fixed in https://codereview.chromium.org/2522253002/, this time it is an oscillation between a cleared field and a new phi node. The page http://www.sears.com/clothing-shoes-jewelry-clothing-men-s-clothing-men-s-jeans/b-1325287370?Brand=LEE&filterList=Brand&sortOption=UNITS_HIGH_TO_LOW allows for a reliable reproduction.
>
> This fix makes sure that once a field that generated a phi gets cleared, it always stays cleared.
>
> BUG=chromium:670202
>
> R=bmeurer@chromium.org
>
> Review-Url: https://codereview.chromium.org/2599793002
> Cr-Commit-Position: refs/heads/master@{#41922}
> Committed: https://chromium.googlesource.com/v8/v8/+/8435cc852672c504d5899cc2765c5b895e658efe

TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:670202

Review-Url: https://codereview.chromium.org/2611623002
Cr-Commit-Position: refs/heads/master@{#42023}

BUG=

Review-Url: https://codereview.chromium.org/2609833003
Cr-Commit-Position: refs/heads/master@{#42022}

Don't fallback to the %StrictEqual / %Equal runtime functions for the
generic CompareIC slow path, but use the (new) StrictEqual and Equal
builtins instead. This avoids a performance cliff when mixing input
types for strict equality sites.

R=jochen@chromium.org
BUG=v8:4773

Review-Url: https://codereview.chromium.org/2609153002
Cr-Commit-Position: refs/heads/master@{#42021}

  port 05873add (r41989)

  original commit message:
  The following ported to builtins:
  FastCloneRegExp
  FastCloneShallowArray
  FastCloneShallowObject

BUG=

Review-Url: https://codereview.chromium.org/2607383002
Cr-Commit-Position: refs/heads/master@{#42020}

  port f2e8c978 (r41988)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/2603313002
Cr-Commit-Position: refs/heads/master@{#42019}

  port 5b02a98b (r41986)

  original commit message:
  In the process, convert from a code stub into a builtin.

BUG=

Review-Url: https://codereview.chromium.org/2608203002
Cr-Commit-Position: refs/heads/master@{#42018}

  port be11812c (r41971)

  original commit message:
  Recognize and emit in-memory comparisons of 8-bit and 16-bit values with
  immediate values that fit.

BUG=

Review-Url: https://codereview.chromium.org/2612503002
Cr-Commit-Position: refs/heads/master@{#42017}

The ControlEquivalence cannot deal with new nodes inserted by the
Scheduler due to Node splitting. Rather when the ControlEquivalence
sees such a new Node, it'll likely crash on an out-of-bounds access.

This is a speculative fix to make the crash disappear, as there's no
100% reliable repro currently.

BUG=chromium:629398
TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2611603002
Cr-Commit-Position: refs/heads/master@{#42016}

Hook up TurboFan with the existing field type tracking machinery to
eliminate redundant map checks on the results of LoadField operators.
The store side is already implemented in TurboFan for quite some time,
this just adds the load part.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2604393002
Cr-Commit-Position: refs/heads/master@{#42015}

- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.

Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.

BUG=v8:5343
TBR=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}

Review-Url: https://codereview.chromium.org/2571903004
Cr-Commit-Position: refs/heads/master@{#42013}

R=jarin@chromium.org
BUG=v8:5428

Review-Url: https://codereview.chromium.org/2611523002
Cr-Commit-Position: refs/heads/master@{#42012}