Gather references to unbound variables where the reference (VariableProxy) is
inside strong mode. Check them against the global object when a script is bound
to a context (during compilation).

This CL only checks unbound variables which are not inside lazy functions - TBD
how do we solve that; alternatives: add developer mode which disables laziness /
do the check whenever lazy functions are really compiled.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1005063002

Cr-Commit-Position: refs/heads/master@{#27422}

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1029323003

Cr-Commit-Position: refs/heads/master@{#27421}

R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1034513002

Cr-Commit-Position: refs/heads/master@{#27420}

BUG=chromium:450004
R=yangguo@chromium.org, kozyatinskiy@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1030673002

Cr-Commit-Position: refs/heads/master@{#27419}

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1014093008

Cr-Commit-Position: refs/heads/master@{#27418}

Some code in type-info.cc could allow a cross context map to be visible to
crankshaft. Tighten up this code to be certain that only a JSFunction, an
AllocationSite or a Symbol can be returned.

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1026343004

Cr-Commit-Position: refs/heads/master@{#27417}

R=machenbach@chromium.org
BUG=408675
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1025553007

Cr-Commit-Position: refs/heads/master@{#27416}

These are needed (among other things) for a TurboFan-generated
StringAddStub. Furthermore, they can be used to nuke the overly
complex %_IsInstanceType intrisic, it's completely expressible in
JavaScript now, but that will be done in a separate CL.

Alpha-sorted things a bit on the way to ease navigation.

Review URL: https://codereview.chromium.org/1010973010

Cr-Commit-Position: refs/heads/master@{#27415}

Also introduce --trace-fragmentation-verbose, and fix --always-compact.

R=ulan@chromium.org
BUG=v8:3976
LOG=y

Review URL: https://codereview.chromium.org/1024823002

Cr-Commit-Position: refs/heads/master@{#27414}

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1029843002

Cr-Commit-Position: refs/heads/master@{#27413}

This fixes flaky GC stress failure:

> Fatal error in ../src/heap/mark-compact.cc, line 2127
> Check failed: retained_maps->Get(i)->IsWeakCell().

BUG=
TEST=test-heap/RegressArrayListGC

Review URL: https://codereview.chromium.org/1026113004

Cr-Commit-Position: refs/heads/master@{#27412}

This removes the CompilationInfoWithZone class from the header file
because it is more than a pure convenience class and shouldn't be used
outside of the compiler at all.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1000353004

Cr-Commit-Position: refs/heads/master@{#27411}

R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1029383002

Cr-Commit-Position: refs/heads/master@{#27410}

R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1031803004

Cr-Commit-Position: refs/heads/master@{#27409}

BUG=

Review URL: https://codereview.chromium.org/1034473002

Cr-Commit-Position: refs/heads/master@{#27408}

additionally, add a drive by fix to WeakCallbackInfo

R=jochen@chromium.org, erikcorry@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1026283004

Cr-Commit-Position: refs/heads/master@{#27407}

The test demonstrates a bad interaction between arguments object
materialization, escape analysis and exception handling.

We can return a wrong arguments object if we materialize arguments
object (using f.arguments) and then throw around f's frame so that f
does not clean up the materialized frame information (see the
MaterializedObjectStore in deoptimizer.h/.cc). If we enter another
function that has the same frame pointer and request an arguments object
of (or lazily deoptimize) that function, we can get the materialized
object of the original function.

We should clean up the materialized object store when we unwind the
stack.

BUG=v8:3985
LOG=n

Review URL: https://codereview.chromium.org/1032623003

Cr-Commit-Position: refs/heads/master@{#27406}

R=dcarney@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1036433002

Cr-Commit-Position: refs/heads/master@{#27405}

Remove Variable::IsValidReference(), and the Variable::is_valid_ref_
member: This was "false" only for "this", and for internal variables.
For the first, VariableProxy::is_this() can be used for the check
instead; and for internal variables, it is guaranteed they they will
not be written to (because the V8 code does not do it, and they are
not accessible from JavaScript).

The "bool is_this" parameter of VariableProxy() constructor is
changed to use Variable::Kind. This will allow to later on adding
a parameter to create unresolved variables of any kind, which in
turn will be used to make references to "this" initially unresolved,
and use the existing variable resolution mechanics for "this".

BUG=v8:2700
LOG=N

Review URL: https://codereview.chromium.org/1024703004

Cr-Commit-Position: refs/heads/master@{#27404}

it is the last patch of https://codereview.chromium.org/1012633002

All that we need here is to push the collected info to the profiler
and convert it into actionable information about deopt.

On the Next: get the info accessible by embedder.

BUG=chromium:452067
LOG=n
TEST=DeoptAtFirstLevelInlinedSource, DeoptAtSecondLevelInlinedSource, DeoptUntrackedFunction

Review URL: https://codereview.chromium.org/1013143003

Cr-Commit-Position: refs/heads/master@{#27403}

BUG=v8:3980
R=arv@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1027183002

Cr-Commit-Position: refs/heads/master@{#27402}

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1032553006

Cr-Commit-Position: refs/heads/master@{#27401}

R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1028393002

Cr-Commit-Position: refs/heads/master@{#27400}

BUG=

Review URL: https://codereview.chromium.org/1023103003

Cr-Commit-Position: refs/heads/master@{#27399}

Revert of [V8] Removed SourceLocationRestrict (patchset #3 id:40001 of https://codereview.chromium.org/1022333004/)

Reason for revert:
[Sheriff] This seems to change layout test expectations of some tests, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2317

Expectation example:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_64__dbg_/2317/layout-test-results/fast/events/window-onerror-11-pretty-diff.html

Please add a needsmanualrebaseline expectation to the tests affected by this change on the blink side first before relanding.

Original issue's description:
> [V8] Removed SourceLocationRestrict
>
> This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
> Method looks obsolete.
> One of the strange side effect is shown by attached issue.
>
> BUG=chromium:468781
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/b563ceac0f95551a128a1403cdbacc7aefcdabaf
> Cr-Commit-Position: refs/heads/master@{#27374}

TBR=yangguo@chromium.org,kozyatinskiy@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:468781

Review URL: https://codereview.chromium.org/1028413002

Cr-Commit-Position: refs/heads/master@{#27398}

port e18e3cd4 (r27305)

original commit message:

  [stubs] Add missing interface descriptor for the CompareIC.

BUG=

Review URL: https://codereview.chromium.org/1024553007

Cr-Commit-Position: refs/heads/master@{#27397}

port 7c149afb (r27275).

original commit message:

 Serializer: serialize internal references via object visitor.

BUG=

Review URL: https://codereview.chromium.org/1029793002

Cr-Commit-Position: refs/heads/master@{#27396}

port 16c8485a (r27269).

original commit message:

  Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.

BUG=

Review URL: https://codereview.chromium.org/1013543004

Cr-Commit-Position: refs/heads/master@{#27395}

port 34a1a76d (r27235)

original commit message:

  A hydrogen code stub is not the best approach because it builds a frame
  and doesn't have the technology to discard roots at tail call exits.
  Platform-specific stubs provide much better performance at this point.

BUG=

Review URL: https://codereview.chromium.org/1025073005

Cr-Commit-Position: refs/heads/master@{#27394}

This reverts r21101. r21101 appears to be at fault for the ARM64
failures here: https://codereview.chromium.org/1023103003

BUG=

Review URL: https://codereview.chromium.org/1019393003

Cr-Commit-Position: refs/heads/master@{#27393}

Port d21fd154

Original commit message:
BUG=v8:3900
LOG=N

R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org, dslomov@chromium.org

Review URL: https://codereview.chromium.org/999613004

Cr-Commit-Position: refs/heads/master@{#27392}

Port 3aa206b8

Original commit message:
R=dcarney@chromium.org, yangguo@chromium.org
BUG=v8:3952
LOG=n

R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1028313003

Cr-Commit-Position: refs/heads/master@{#27391}

commit bef80fcf

Original commit message:
BUG=v8:3977
R=dslomov@chromium.org, arv@chromium.org
LOG=N

R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1018043008

Cr-Commit-Position: refs/heads/master@{#27390}

Revert of [es6] Object.getPrototypeOf should work with values (patchset #3 id:40001 of https://codereview.chromium.org/1014813003/)

Reason for revert:
Layout test failures. Please update layout test expectations before landing this, in order to not block the roll.

Original issue's description:
> [es6] Object.getPrototypeOf should work with values
>
> The final spec for Object.getPrototypeOf calls ToObject on the
> parameter, which means that it should only throw for null and
> undefined. For other non object values the prototype of the wrapper
> should be used.
>
> BUG=v8:3964
> LOG=N
> R=adamk, rossberg@chromium.org
>
> Committed: https://crrev.com/ea463a916bbe5994b0d2d04e8075058b373b2e2c
> Cr-Commit-Position: refs/heads/master@{#27354}

TBR=adamk@chromium.org,rossberg@chromium.org,arv@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3964

Review URL: https://codereview.chromium.org/1033623002

Cr-Commit-Position: refs/heads/master@{#27389}

Port 7c149afb

Original commit message:

R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1029723002

Cr-Commit-Position: refs/heads/master@{#27388}

Port dda2bd6f

Original commit message:

R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1028323002

Cr-Commit-Position: refs/heads/master@{#27387}

All users should use IdleNotificationDeadline() instead

BUG=none
R=hpayer@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1028163003

Cr-Commit-Position: refs/heads/master@{#27386}

port 15f82138 (r27263)

original commit message:

 This relands commit 96f79568.

 This makes the Isolate::Throw logic not depend on a prediction of
 whether an exception is caught or uncaught. Such a prediction is
 inherently undecidable because a finally block can decide between
 consuming or re-throwing an exception depending on arbitray control
 flow.

 There still is a conservative prediction mechanism in place that
 components like the debugger or tracing can use for reporting.

 With this change we can get rid of the StackHandler::kind field, a
 pre-requisite to do table-based lookups of exception handlers.

BUG=

Review URL: https://codereview.chromium.org/1027413002

Cr-Commit-Position: refs/heads/master@{#27385}

Every time embedder calls v8::HeapProfiler::GetHeapStats we store next unuassigned heap object id and timestamp of the request. This patch serializes all that data into heap snapshot so that embedder can restore allocation timeline.

BUG=chromium:467222
LOG=Y

Review URL: https://codereview.chromium.org/1019813004

Cr-Commit-Position: refs/heads/master@{#27384}

Port 6689cc27

Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.

It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.

BUG=

Review URL: https://codereview.chromium.org/1025303005

Cr-Commit-Position: refs/heads/master@{#27383}