Free ArrayBuffer backing stores on a background thread, rather than
blocking the main thread after processing. Could potentially cause
contention with the array buffer allocator once JS execution resumes.

The new ArrayBufferCollector class tracks these dead allocations.

Later, the processing of array buffers can happen in parallel.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Bug: v8:6992
Change-Id: I2b74f008f79521414374f607ed510f66508af160
Reviewed-on: https://chromium-review.googlesource.com/779182
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49505}

Add a variant for testing the current state of the Liftoff
implementation.
This variant will only run on a subset of the bots, just like the
--future variant.

R=machenbach@chromium.org, hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: If49fad3a8ed579356504b821a787326754f24e78
Reviewed-on: https://chromium-review.googlesource.com/779420
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49504}

This reverts commit c71fd20c.

Reason for revert: msvc is unhappy (https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/208)

Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
> 
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
> 
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
> 
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable JITing
> using the new data structures.
> 
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}

TBR=bradnelson@chromium.org,ulan@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mlippautz@chromium.org

Change-Id: Id54deb74782c6f0fd06c61ddcabb727eb7010333
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6876
Reviewed-on: https://chromium-review.googlesource.com/779679Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49503}

Bug: v8:7067
Change-Id: Ie9c0a84492965d08f67c910c489e59cbc50a5918
Reviewed-on: https://chromium-review.googlesource.com/778819Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49502}

This CL introduces the structures for JIT-ing wasm on the native heap.
They are described in detail at go/wasm-on-native-heap-stage-1

Briefly:
- WasmCodeManager manages memory for modules and offers an interior
pointer lookup (i.e. PC -> WasmCode)
- WasmCode represents code, including reloc info. It holds wasm
specific data, like function index, and runtime information, like trap
handler info.
- NativeModule manages memory for one module.

Tests cover the allocation and lookup aspects, following that current
regression tests cover the JITed code. A separate CL will enable JITing
using the new data structures.

Bug: v8:6876
Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
Reviewed-on: https://chromium-review.googlesource.com/767581
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49501}

R=clemensh@chromium.org

Change-Id: Ie66315bc3fdb44387f4dc8e4dd6e1058c173b786
Reviewed-on: https://chromium-review.googlesource.com/779123
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49500}

TBR=machenbach@chromium.org

Bug: 
Change-Id: Ic95d5fc96fd6546709c024f6f772fb3308e93887
Reviewed-on: https://chromium-review.googlesource.com/779459
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49499}

I just pass a pointer of the platform to the task runner so that the
task runners can put tasks directly into the platform data structures.

R=rmcilroy@chromium.org

Change-Id: I7c1c56c3b9f550c0fe80012abcd31011e69f3d5d
Reviewed-on: https://chromium-review.googlesource.com/771751Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49498}

Bug: 
Change-Id: Ia3e42c8bfc8773fbd160f4200337617afd54d445
Reviewed-on: https://chromium-review.googlesource.com/779196Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49497}

Test suite contract changes:
- support * only at the end of the rule.
- loading status file is mandatory before filtering by status file.

Bug: v8:6917
Change-Id: Ia345ebfa7827c50f13f20e5cb7489e62c53f3357
Reviewed-on: https://chromium-review.googlesource.com/779185
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49496}

Bug: v8:6917
Change-Id: Ida8594caead9119b7b5dad6209017e2eae9cd3aa
Reviewed-on: https://chromium-review.googlesource.com/776799
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49495}

Streaming compilation started the compilation of a module at the
beginning of the code section. However, there exist valid modules which
do not contain a code section. In this CL we check for the existence of
a code section when we finish the stream. We do this by checking if the
module compiler in the AsyncCompileJob exists, because the module
compiler gets initialized at the beginning of the code section.

If we detect that compilation has not been started because there was no
code section, then we start compilation when the stream finishes.

R=clemensh@chromium.org

Bug: chromium:771973
Change-Id: I7c95a7a791d02254f086961e7cd81885eec27382
Reviewed-on: https://chromium-review.googlesource.com/778541
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49494}

Bug: chromium:786938
Change-Id: Ib8041c3cfe2237922824d783ebf8f0bb4d967a53
Reviewed-on: https://chromium-review.googlesource.com/779259Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49493}

We should only ever call value() on a variable while we are inside a block.
This CL adds a DEBUG check to this effect.

Bug: 
Change-Id: Ic85fae70e2c3543ff79e3234ba26e1daa234f7e3
Reviewed-on: https://chromium-review.googlesource.com/772233Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49492}

Bug: chromium:750084
Change-Id: I3d449ab76101100866b18db776b9f282154a77d9
Reviewed-on: https://chromium-review.googlesource.com/768679
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49491}

Bug: v8:7002
Change-Id: Id8a7362f199ee776c0eade4cdbb9d3e413c17ead
Reviewed-on: https://chromium-review.googlesource.com/778164Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49490}

This reverts commit b6658ade.

Reason for revert: TSAN detects data race when running mksnapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/18354

Original change's description:
> [heap] Concurrently free ArrayBuffer allocations.
> 
> Free ArrayBuffer backing stores on a background thread, rather than
> blocking the main thread after processing. Could potentially cause
> contention with the array buffer allocator once JS execution resumes.
> 
> The new ArrayBufferCollector class tracks these dead allocations.
> 
> Later, the processing of array buffers can happen in parallel.
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> 
> Bug: v8:6992
> Change-Id: I49ae4db12ed62d8400ba2bbafeda05a11479d904
> Reviewed-on: https://chromium-review.googlesource.com/739829
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49485}

TBR=hpayer@chromium.org,mlippautz@chromium.org,petermarshall@chromium.org

Change-Id: I293440b5f2602ca1c8ad120003f551bc8db6b75f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6992
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/779199Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49489}

This reverts commit b6658ade.

Reason for revert: Breaks TSAN :(

Original change's description:
> [heap] Concurrently free ArrayBuffer allocations.
> 
> Free ArrayBuffer backing stores on a background thread, rather than
> blocking the main thread after processing. Could potentially cause
> contention with the array buffer allocator once JS execution resumes.
> 
> The new ArrayBufferCollector class tracks these dead allocations.
> 
> Later, the processing of array buffers can happen in parallel.
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> 
> Bug: v8:6992
> Change-Id: I49ae4db12ed62d8400ba2bbafeda05a11479d904
> Reviewed-on: https://chromium-review.googlesource.com/739829
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49485}

TBR=hpayer@chromium.org,mlippautz@chromium.org,petermarshall@chromium.org

Change-Id: If6743b83f871c0fd0d6e83a3083dce0eecd99021
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6992
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/779159Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49488}

This updates the V8 side MB fork with all upstream changes until:
https://chromium.googlesource.com/chromium/src/+/f4d92a15f/tools/mb/mb.py

This includes a required feature for mapping isolate targets to
runtime deps.

Bug: chromium:669910
Change-Id: I22244455b22737cfbfc45adef93581ef44cf4151
Reviewed-on: https://chromium-review.googlesource.com/778879Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49487}

Avoid the stupid newline when the name is a String, which is
automatically appended by the Object::Print() method. Just use
the Name::NamePrint() method instead.

Bug: v8:5267
Change-Id: I12ec878325b6f6ecdd8633a5ac8129b2398ddf9a
Reviewed-on: https://chromium-review.googlesource.com/778823Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49486}

Free ArrayBuffer backing stores on a background thread, rather than
blocking the main thread after processing. Could potentially cause
contention with the array buffer allocator once JS execution resumes.

The new ArrayBufferCollector class tracks these dead allocations.

Later, the processing of array buffers can happen in parallel.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng

Bug: v8:6992
Change-Id: I49ae4db12ed62d8400ba2bbafeda05a11479d904
Reviewed-on: https://chromium-review.googlesource.com/739829
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49485}

When collecting source ranges for conditionals (`a ? b : c`), include
the '?' and ':' tokens in the then- and else ranges, respectively.

Bug: v8:7098
Change-Id: I22315e2040c96c977e0b49e1fafe4228a6558471
Reviewed-on: https://chromium-review.googlesource.com/778321Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49484}

This moves the logging of the RCS event for background parsing tasks out
of the parser and performs it at the end of the background parsing task.
This is necessary in order to log background compile RCS events which happen
after parsing.

BUG=v8:5203

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie216eeade0279d8243818a8eb59309969775823c
Reviewed-on: https://chromium-review.googlesource.com/776669Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49483}

For the fast case we can avoid the instance type check, since the map
check covers that. We also don't need to call out to the ToBoolean
builtin in general, but just use the BranchIfToBooleanIsTrue logic.

Plus in the fast case, we don't know that the JSIteratorResult::done is
a boolean, since the map doesn't guard this assumption, so we also need
to do a proper BranchIfToBooleanIsTrue in that case.

Bug: v8:5269
Change-Id: I36f0d0841472c02f8030f9ce067d20326c9388bd
Reviewed-on: https://chromium-review.googlesource.com/778882Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49482}

Bug: chromium:785804
Change-Id: I1a65e2007438ac009d961e0e2c0425212216fcf1
Reviewed-on: https://chromium-review.googlesource.com/776696Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49481}

We can just use the same trick here that we use with TurboFan and load
the (signaling) NaN value out of the canonical tagged root. This
improves the loop for initializing double backing stores by hoisting the
load of the constant value out of the loop.

Bug: v8:5267
Change-Id: Idcf07c0e910ecc085a8b89225613f0a8fb50a414
Reviewed-on: https://chromium-review.googlesource.com/778979Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49480}

TBR=machenbach@chromium.org

Bug: chromium:748000
Change-Id: I383a1203b094d1e17453ee5aabca3267132df363
Reviewed-on: https://chromium-review.googlesource.com/778540Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49479}

Bug: v8:5267
Change-Id: I2338702ef69298bc95c47dcfedf7ef7632a2bf7f
Reviewed-on: https://chromium-review.googlesource.com/778842Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49478}

When using ninja to build without specifying explicit targets,
all existing targets in any BUILD.gn file are built/executed.

We now hide the snapshot targets behind the snapshot condition
to prevent them from being built and executed in nosnap builds.

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel

Bug: v8:7089
Change-Id: I4cd8ebadc377fd20b3887e9628990a75732ab74c
Reviewed-on: https://chromium-review.googlesource.com/778320Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49477}

Bug: 
Change-Id: I553d6481a485a87c0246424270d63297400ceabe
Reviewed-on: https://chromium-review.googlesource.com/579909Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49476}

Bug: v8:7040
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I537b5d96e8d9275b695a3c56c57899e88b8b199d
Reviewed-on: https://chromium-review.googlesource.com/776654
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49475}

Now that Crankshaft is gone we no longer need to worry about parameter
mismatch for safepoints and we can just tail-call to %GrowArrayElements
from the GrowArrayElementsStub.

Bug: chromium:608675, v8:5269, v8:6408
Change-Id: I1b11d7d00cad02749a0ebc0a7de5e608de6d91c9
Reviewed-on: https://chromium-review.googlesource.com/778861Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49474}

The StringEqual builtin handles two byte strings already.

Bug: v8:4913, v8:6365, v8:6371, v8:6936, v8:7022
Change-Id: I6f5a3999ccdce8e9bfcece6e94362c15183bbd8c
Reviewed-on: https://chromium-review.googlesource.com/778883Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49473}

For simple replacement strings without $ characters, we can do the
replacement in CSA for a global regexp. This is a common case because
this is currently the most widely used way to 'replaceAll' in a string.

This CL speeds up the test case in the linked bug by 13%.

Bug: v8:7053
Change-Id: I0d1d7c25fed07dfd7927191a3ef3138302e10c8f
Reviewed-on: https://chromium-review.googlesource.com/774440
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49472}

The "array protector" now guards the Object.prototype, the
Array.prototype and the String.prototype, so the name was a
bit misleading nowadays. So the new name "no elements protector"
was chosen.

Bug: v8:6936, v8:7014, v8:7027
Change-Id: I9a9d7caa2caf0ac9e78cc6658de2f0506970dfa2
Reviewed-on: https://chromium-review.googlesource.com/778162Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49471}

The ToBooleanHints were used to represent the ToBoolean feedback
collected by Fullcodegen. But Ignition doesn't collect this feedback
and also TurboFan doesn't make use of the hints, so we should remove
this for now.

Bug: v8:7101
Change-Id: Ifc97d3ebb7494029b33ad79fc8bafdf3c08fb871
Reviewed-on: https://chromium-review.googlesource.com/778163Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49470}

R=mstarzinger@chromium.org

Bug: v8:6593
Change-Id: Ica794c7b0d779f04647d2b2c5ce7762a537620ae
Reviewed-on: https://chromium-review.googlesource.com/759793
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49469}

Previously, in order to get immortal immovable objects onto
the first page, the serializer would iterate the root list
twice. The first time it would prioritize immortal immovables.
The second time it would serialize the rest.

This does not guarantee that immortal immovable objects
actually end up on the first page, and by now this is not
necessary anymore, since we mark all pages created during
heap init as immortal immovable pages.

R=mlippautz@chromium.org

Change-Id: Ie95fcd779377a75337621ba862bc1a745ed5cbaa
Reviewed-on: https://chromium-review.googlesource.com/768731
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49468}

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f2ca3e0..509676b

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I5d6e78e23d83234c8c80eaef4a7c8a51c7575e6a
Reviewed-on: https://chromium-review.googlesource.com/777929Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49467}

The existance of an `AllowJavascriptExecutionDebugOnly` scope in
`Isolate::ReportPendingMessages()` indicates that the API supports
running arbitrary JS code in a `AddMessageListener` callback.

Currently, this can fail in debug mode: The
`!isolate->external_caught_exception()` condition is checked when
entering API methods inside such a handler. However, if there is
a verbose `TryCatch` active when the exception occurs, this
check fails, and when calling `ToString()` on the exception object
leaves a pending exception itself, the flag is re-set to `true`.

Fix this problem by clearing the flag and the pending exception if
there was one during `ToString()`. This matches the code a few lines
up in `messages.cc`, so the exception state is now consistent
during the callback.

This currently makes a Node.js test fail in debug mode
(`parallel/test-error-reporting`).

Bug: node:7144
Bug: node:17016
Change-Id: I060d00fea3e9a497f4df34c6ff8d6e29ebe96321
Reviewed-on: https://chromium-review.googlesource.com/718096
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49466}