This CL puts off-heap targets (i.e. code addresses for embedded builtins)
in the constant pool on ARM.

We are landing this CL to evaluate impact on benchmarks and code size,
and expect to revert it once we have gathered that data.

Bug: v8:6666

Change-Id: If4935a6fb162cd1ffb34489c6fa9630f10ca2c9f
Reviewed-on: https://chromium-review.googlesource.com/1154924
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54914}

This is not used in Chrome or Node anymore.
(This could also potentially be just removed at this point.)

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I59ecc216faeb3d56d3a52c548a863544570b6173
Reviewed-on: https://chromium-review.googlesource.com/1161936
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54913}

By using a built-in this functions works with SafeStack and doesn't
require an attribute disabling ASan.

BUG=chromium:864705

Change-Id: I898d42c0b39b07300f1679eba11e7f50cad42120
Reviewed-on: https://chromium-review.googlesource.com/1162669Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54912}

This reverts commit bf5ea813.

Reason for revert: Breaks Sanitizers
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20ASAN/26688

Original change's description:
> [tracing] allow dynamic control of tracing
> 
> If the trace_buffer_ was null, we were returning a pointer to a static
> flag back that permanently disabled that particular trace point.
> 
> This implied an assumption that tracing will be statically enabled at
> process startup, and once it is disabled, it will never be enabled
> again. On Node.js side we want to dynamically enable/disable tracing as per
> programmer intent.
> 
> Change-Id: Ic7a7839b8450ab5c356d85e8e0826f42824907f4
> Reviewed-on: https://chromium-review.googlesource.com/1161518
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#54903}

TBR=yangguo@chromium.org,ofrobots@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I9459992e8c2ee403b9ddc8f6b9582d204139f6e8
Reviewed-on: https://chromium-review.googlesource.com/1162122Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54911}

This reverts commit 898f880a.

Reason for revert: TSAN report memory leaks 
This is not related to this CL, but to behavior in tracing-controller.cc. Sorry!

https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8938962708686133568/+/steps/Check_-_slow_path__flakes_/0/logs/memory_grow/0

Original change's description:
> [cpu-profiler] Turn on detailed line info for optimized code
> 
> Cautiously turn on this flag by default to check the impact on
> performance bots. Could show minor regressions in old space and/or
> code_and_metadata memory buckets.
> 
> Bug: v8:7983
> Change-Id: Ic4369cdb0231f4f88eada699da948e8bb48a25fd
> Reviewed-on: https://chromium-review.googlesource.com/1162234
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54908}

TBR=yangguo@chromium.org,petermarshall@chromium.org

Change-Id: If17abee873cb589fc6450231149ccc82e7ca9f7b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7983
Reviewed-on: https://chromium-review.googlesource.com/1163441Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54910}

Bug: chromium:869735
Change-Id: I65c4a1b92e1e0874eabff14e9cf6f5b56dc8d43a
Reviewed-on: https://chromium-review.googlesource.com/1158065Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54909}

Cautiously turn on this flag by default to check the impact on
performance bots. Could show minor regressions in old space and/or
code_and_metadata memory buckets.

Bug: v8:7983
Change-Id: Ic4369cdb0231f4f88eada699da948e8bb48a25fd
Reviewed-on: https://chromium-review.googlesource.com/1162234
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54908}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e1167bf..7d6c957

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I135164556a3821e81177cae1cb6e3fadc1cac0ea
Reviewed-on: https://chromium-review.googlesource.com/1163290Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#54907}

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d30f108..d2f6e76

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I9b8393ba556f43a25d69eb353801571cbdb478a0
Reviewed-on: https://chromium-review.googlesource.com/1163073Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#54906}

This fixes a CHECK failure in MapVerify, and gets the correct behaviour
for uses of the well-known symbols.

BUG=v8:7611, chromium:866229
R=jkummerow@chromium.org, mvstanton@chromium.org, bmeurer@chromium.org

Change-Id: I5d679357b8807ea9d1054121d8d336fe0dd43c7c
Reviewed-on: https://chromium-review.googlesource.com/1162278Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#54905}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/641e460..e1167bf

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/eae13a4..d30f108

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/29b7b99..82bb756

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/2175972..657bfc2

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ia00fd691a828dff7e0cfadbf5cf81a18c4d4bfb6
Reviewed-on: https://chromium-review.googlesource.com/1162992Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#54904}

If the trace_buffer_ was null, we were returning a pointer to a static
flag back that permanently disabled that particular trace point.

This implied an assumption that tracing will be statically enabled at
process startup, and once it is disabled, it will never be enabled
again. On Node.js side we want to dynamically enable/disable tracing as per
programmer intent.

Change-Id: Ic7a7839b8450ab5c356d85e8e0826f42824907f4
Reviewed-on: https://chromium-review.googlesource.com/1161518Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#54903}

I have a project that embeds V8 and uses a single `Isolate` from multiple
threads. The program runs just fine, but sometimes the inspector doesn't
stop on the correct line after stepping over a statement that switches
threads behind the scenes, even though the original thread is restored by
the time the next statement is executed.

After some digging, I discovered that the `Debug::ArchiveDebug` and
`Debug::RestoreDebug` methods, which should be responsible for
saving/restoring this `ThreadLocal` information when switching threads,
currently don't do anything.

This commit implements those methods using MemCopy, in the style of other
Archive/Restore methods in the V8 codebase.

Related: https://groups.google.com/forum/#!topic/v8-users/_Qf2rwljRk8

Note: I believe my employer, Meteor Development Group, has previously
signed the CLA using the group email address google-contrib@meteor.com.

R=yangguo@chromium.org,jgruber@chromium.org
CC=info@bnoordhuis.nl

Bug: v8:7230
Change-Id: Id517c873eb81cd53f7216c7efd441b956cf7f943
Reviewed-on: https://chromium-review.googlesource.com/833260
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54902}

In order to enable PIC code in builtins we need to have BranchLong
position independent.

Change-Id: I374134ff540b515f3cf385a8b936487b47c55762
Reviewed-on: https://chromium-review.googlesource.com/1152810Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#54901}

This CL fixes a bug found by Clusterfuzz, in which the functions
LoadDataViewByteOffset and -ByteLength incorrectly had a return
type of TNode<Smi> instead of TNode<Number>.

This caused a CAST() call to fail when the requested byte offset
or byte length did not fit inside a Smi, i.e. when the underlying
ArrayBuffer of the DataView had a length longer than 2^30 on
32-bit platforms.

The CL also includes a new test in mjsunit to test against this.

Bug: chromium:869313
Change-Id: Ibb7d29bda5782a12c4b506c070bb03fef8c3ec70
Reviewed-on: https://chromium-review.googlesource.com/1158582
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54900}

Move them to builtins-utils-inl.h instead.

R=titzer@chromium.org

Bug: v8:8015, v8:7965
Change-Id: I692e5871e320896923bed5cc6a2efc609c793446
Reviewed-on: https://chromium-review.googlesource.com/1160845
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54899}

We have two constants for the PC load delta; this CL
consolidates them into one. The CL does not change MIPS
as the two constants are defined to different values there.

Bug: v8:6666
Change-Id: If207a59dea3ef33756a5d7330217ab8a176bdf63
Reviewed-on: https://chromium-review.googlesource.com/1161926Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54898}

After the recent bugfix, the special case for 'undefined' is no longer
needed.

Bug: v8:7813
Change-Id: Iee3fccd72c525ac86a6fa6b3c55bcd2ce8159852
Reviewed-on: https://chromium-review.googlesource.com/1161906Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54897}

This became obsolete when I rewrote CompilationDependencies.

R=jarin@chromium.org

Change-Id: Ifc567fafccd33e98be9d1bdf6264c680be3149e4
Reviewed-on: https://chromium-review.googlesource.com/1161919Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54896}

R=jarin@chromium.org

Bug: v8:7790
Change-Id: Iad9380ac6c6035a731db2e0b2b9abbc9f8570cc2
Reviewed-on: https://chromium-review.googlesource.com/1161915
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54895}

R=titzer@chromium.org

Bug: v8:7754, v8:7965
Change-Id: I62027d97c40276b5dfa9579fc4e903ee21a55b54
Reviewed-on: https://chromium-review.googlesource.com/1160539
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54894}

Bug: v8:8012 v8:7793
Change-Id: Idc5d685d021fd107974b4415f7b855397004cb53
Reviewed-on: https://chromium-review.googlesource.com/1160841Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54893}

FixedArray max size is currently 1024 MB on 64 bit and 512 MB on 32 bit.
Update the max size of FixedDoubleArray to match. This doubles the max
size for arrays of doubles.

Bug: chromium:814599
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3ac1b4caaf5b6428fe8a8c848fffdf84af8a9ae9
Reviewed-on: https://chromium-review.googlesource.com/1160235Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54892}

Reason: flaky wasm crashes.

This leaves WeakArrayList::RemoveOne (+ tests for it) in place.

BUG=v8:7308, v8:8014

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1195d061ae7d3c82f921f94f50df3f09a55de5ca
Reviewed-on: https://chromium-review.googlesource.com/1161904Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54891}

On all architectures except for arm64 (which has a limit of 128 MB), we
increase the maximum wasm code space from 256 MB to 512 MB. This
generally allows for bigger WebAssembly modules and tolerates the code
size increase because of Liftoff.

R=titzer@chromium.org

Bug: chromium:840292, v8:6600
Change-Id: I999cc0c96740ad3da15cc70114d7835354d67fbf
Reviewed-on: https://chromium-review.googlesource.com/1160702Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54890}

arguments.h used methods only defined in objects-inl.h and
handles-inl.h. These uses are now moved to arguments-inl.h. Since
builtins-utils.h used these methods, it also needs to be split to have
an inl header now.

R=titzer@chromium.org

Bug: v8:7754, v8:7965
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I21db7a86f7c15776eccf060f81f2bde000b92a40
Reviewed-on: https://chromium-review.googlesource.com/1160647Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54889}

TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:7918
Change-Id: Ida8bec40acc349fe6f4de5316cc9a42f5b5c6e16
Reviewed-on: https://chromium-review.googlesource.com/1161905Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54888}

Also add more test cases of Array lastIndexOf with proxy, inspired by test262.

In the path for sparse arrays, no changes are needed because element accesses
are not observable there (thanks to UseSparseVariant).

Bug: v8:7813
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ifd47149f654e92f56d0a1ed6b3debc93718702be
Reviewed-on: https://chromium-review.googlesource.com/1160307
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54887}

This reverts commit 12c81480.

Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20msvc/3967

Original change's description:
> Update GetCurrentStackPosition to use built-in
> 
> By using a built-in this functions works with SafeStack and doesn't
> require an attribute disabling ASan.
> 
> BUG=chromium:864705
> 
> Change-Id: I20cc818f1a0724a017a4f7f9ae3cd8fedb6245ee
> Reviewed-on: https://chromium-review.googlesource.com/1141045
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54884}

TBR=clemensh@chromium.org,vtsyrklevich@chromium.org

Change-Id: I779091eb7e98f6a8920e274df60e35693bfdc512
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:864705
Reviewed-on: https://chromium-review.googlesource.com/1161881Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54886}

This also removes the config for a non-existing builder.

TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:8009
Change-Id: Ic6d65bce46db9807ffcbeb51d507b51ca5311cfe
Reviewed-on: https://chromium-review.googlesource.com/1161802
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54885}

By using a built-in this functions works with SafeStack and doesn't
require an attribute disabling ASan.

BUG=chromium:864705

Change-Id: I20cc818f1a0724a017a4f7f9ae3cd8fedb6245ee
Reviewed-on: https://chromium-review.googlesource.com/1141045
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54884}

This enables direct uses in e.g.
  unique_ptr<v8::EmbedderHeapTracer>

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I11f86c916dca5c31413866d9972178fccda7df9c
Reviewed-on: https://chromium-review.googlesource.com/1160538Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54883}

There is a proposal to make this defined behaviour, so remove the
deprecation comment for now.

R=jkummerow@chromium.org

Bug: v8:3770
Change-Id: Iff50ec544473bed844c586ed242bd062e8d530d8
Reviewed-on: https://chromium-review.googlesource.com/1160238Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54882}

This skips two tests in TSAN with stress mode only. The tests are
particularly slow with isolates testing, but they're also the two
lowest hanging fruits in normal TSAN testing.

TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:8009
Change-Id: Ic262fc39dee8ee0d8d1fdad10beced0e8f9c87a0
Reviewed-on: https://chromium-review.googlesource.com/1160860
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54881}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/cc35cac..641e460

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2acd8e0..eae13a4

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6f812e1..29b7b99

Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/e4f38ff..c8d8248

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/bb4cc1a..2175972

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ifce98c452f5b852a19a967b98620a0d07d6032b1
Reviewed-on: https://chromium-review.googlesource.com/1161611Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#54880}

Etc/GMT* time zones are  listed in the INAN time zone database and
they should be accepted as valid.

This CL will be followed by a CL for moving time zone name checks to C++
that will accept all the time zone names (e.g. EST5EDT, Hongkong, ROK, Zulu).

Bug: chromium:364374
Test: intl/date-format/timezone.js
Test: mjsunit/regress/regress-crbug-364374
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If0e5327d7e980504a9cb3d2b641e907ebce61180
Reviewed-on: https://chromium-review.googlesource.com/1159546
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54879}

While working on crrev.com/c/1141045 I caused 3 assertThrows() tests
under the 'Deeply nested target' tests to fail. The tests for
defineProperty, isExtensible, and preventExtensions began to fail under
a couple build configurations because my change modified the stack check
code such that it no longer inhibited tail call optimization. Under some
build configurations the methods responsible for causing a stack oveflow
for those 3 methods were tail call optimized and the tests no longer
threw an exception.

Other built-in implementations of proxy handler methods could also fail
in the future due to refactors moving variables off the stack. Change
the test to ensure v8 doesn't crash but don't rely on stack overflow
exceptions being thrown for the 'deeply nested target' test.

BUG=chromium:864705

Change-Id: Iefeaa1d5402986c1831d0f259f83025452756387
Reviewed-on: https://chromium-review.googlesource.com/1159356Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54878}

Change-Id: Iaad8bc94e9222d309749491df9a500544b5b37da
Reviewed-on: https://chromium-review.googlesource.com/1158687
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54877}

When TypedArray builtin code was still in JS, we used to completely
elide IterableToList when passed an array. This meant that it was
possible for the builtins to observe side-effects which mutated the
array when that should have been impossible.

When IterableToList was ported to CSA, it changed to clone the passed-in
array instead of passing it through. This means that there's now no
need to guard against side-effects due to ToNumber conversions, so we
can simply return the result of Object::IterationHasObservableEffects.

Though no test changes are included here, this code is covered
by the regression tests added previously when this runtime function
was added (and later modified).

This still leaves a future TODO to port IterationHasObservableEffects
to CSA.

Change-Id: If913c035b124ecb59a5f647344b653429a162a2b
Reviewed-on: https://chromium-review.googlesource.com/1159733Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54876}

Previously, removing an element in the middle made it consume space
forever. This fixes that, without changing the complexity of removal /
addition. The trade-off is that RemoveOne will shuffle indices (which should be
OK for the current users).

BUG=v8:7308

Change-Id: I0373e30f2d9d1ffb93a78d383d41b500dbbf3429
Reviewed-on: https://chromium-review.googlesource.com/1159371
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54875}