Background task restarting happens now in the CompilationState and not
in the AsyncCompileJob. The code in the AsyncCompileJob is dead, so I
remove it.

R=titzer@chromium.org

Change-Id: Ife52522a00ec43aa0f9ad50f8e0114c1e4da5db7
Reviewed-on: https://chromium-review.googlesource.com/978322Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52190}

Optimize initial implementation of i32_eqz and implement i64_eqz.

Bug: v8:6600
Change-Id: I695454a160fc57dc9981725583ed2f27c2c537db
Reviewed-on: https://chromium-review.googlesource.com/978207Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52189}

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib76185e7b6bc893460b97b43cc385412485da20c
Reviewed-on: https://chromium-review.googlesource.com/956464
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52188}

This eases transition handlers caching and avoids memory overhead of
respective StoreHandler objects. In addition, it allows to use such
transition handlers on runtime side to make Object.assign implementation
a bit faster.

Bug: v8:5988
Change-Id: Iba660a11d4b300cd5f80615fb7e2608e53da8fee
Reviewed-on: https://chromium-review.googlesource.com/931701Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52187}

This flips the default value of in_process_stack_dumping from enabled
to disabled. For many embedders the V8 signal handler produces worse
stack trace than the defaul signal handler.

Change-Id: Idb5ec30dc4b3cefe243be7304d10a02f1dcda167
Reviewed-on: https://chromium-review.googlesource.com/977903
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52186}

Part of ongoing work to remove the construct_stub.

For non-constructable functions, don't use the non-constructable stub,
instead handle non-constructables explicitly in ConstructFunction.

Bug: v8:7503
Change-Id: I24aa7c2d5e934d5e80cd96afaf005342773d57af
Reviewed-on: https://chromium-review.googlesource.com/975961
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52185}

This patch also fixes MaxReserved() to accound for page headers and
adds two tests for heap size and memory allocator size near OOM.

Bug: chromium:824214
Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
Reviewed-on: https://chromium-review.googlesource.com/973614Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52184}

Also add a new fast-path for String.fromCodePoint.

R=neis@chromium.org

Bug: v8:7570, v8:7340
Change-Id: I6cd6e6fc98943588ecd646f24fcda043d4033ab0
Reviewed-on: https://chromium-review.googlesource.com/978244Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52183}

This CL also cleans up some related naming in typed-optimization.

R=neis@chromium.org

Bug: v8:7531, v8:7570
Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051
Reviewed-on: https://chromium-review.googlesource.com/978066
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52182}

Removing the iterator from an array does not stop it being a fast array
(at least as far as BranchIfJSFastArray is concerned). The rest of the
code is not affected by whether the assert is false so this only
affected debug builds.

Change-Id: Iff78b8b21f3cc76a43d4251b4ba6ab078467db61
Reviewed-on: https://chromium-review.googlesource.com/976122Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52181}

This is something we already do for d8, and in general, any process
we run as part of the build.

Bug: chromium:819237
Change-Id: I8b90505a5c447c0a0311e45c4056cd2b84da4284
Reviewed-on: https://chromium-review.googlesource.com/968244
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52180}

Bug: v8:7253
Change-Id: I1724fdac3668bcc05ff581113ac843ab5ef1def2
Reviewed-on: https://chromium-review.googlesource.com/977971Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52179}

This moves source position tables associated with WasmCode objects to be
located outside the garbage-collected heap. There now is a clear link to
the source position table from code, making the one-to-one relationship
and its lifetime explicit.

R=ahaas@chromium.org
BUG=v8:7424

Change-Id: I9d0b332732508c302ba525059ef02559f45aa2f6
Reviewed-on: https://chromium-review.googlesource.com/975565
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52178}

Moves RO_SPACE to the front of the AllocationSpace enum, so the space
pre-allocation iterations don't miss it. Being at the start of the enum
means that it continues to not be iterated over by any sweeper code,
which iterates from FIRST_GROWABLE_PAGED_SPACE to
LAST_GROWABLE_PAGED_SPACE (renamed from FIRST_PAGED_SPACE and
LAST_PAGED_SPACE).

Bug: v8:7464
Change-Id: I480ba784afbd878552d1cb7f9f5fa57c3b55e004
Reviewed-on: https://chromium-review.googlesource.com/973604
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52177}

R=titzer@chromium.org

Bug: v8:7581
Change-Id: I66bf50bc1243cb5e4b9f2693febf91f74077a2f4
Reviewed-on: https://chromium-review.googlesource.com/978002Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52176}

NOTRY=true
TBR=sergiyb@chromium.org

Bug: v8:7339
Change-Id: I803bd6e8cff252698db079dd2f2952ad9d01f19f
Reviewed-on: https://chromium-review.googlesource.com/978123Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52175}

Change-Id: Iace7040f7327cbc76e75a0cd7229221c93a9456e
Reviewed-on: https://chromium-review.googlesource.com/975547Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52174}

See the referenced issue for details.

Bug: v8:7559
Change-Id: I16b5d22b484407d277fa55868429f5f11078b56d
Reviewed-on: https://chromium-review.googlesource.com/970361
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52173}

NOTRY=true
TBR=sergiyb@chromium.org

Bug: v8:7339
Change-Id: Iae0323d8f52fbd2db79c7362d074d758a7e1fa35
Reviewed-on: https://chromium-review.googlesource.com/977721Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52172}

TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
Change-Id: Icc71c1da5f0dfd6a041046e8a50ef29e270b2443
Reviewed-on: https://chromium-review.googlesource.com/977662
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52171}

This is the V8 equivalent to https://crrev.com/2779193002 and must be landed
before //build/secondary/{gtest,gmock} are removed from Chromium. This started
out as https://crrev.com/2847693002

The changes in tools/ were authored by yangguo@chromium.org and
initially shared in http://crrev.com/2849783003.

GoogleTest (gtest) and GoogleMock (gmock) are now hosted into the same
googletest repository. In order to cope with this, the googletest
repository is now sourced at third_party/googletest.

The file/directory layout of Google Test is not yet considered stable.
To minimize disruption while Google Test stabilizes, Chromium code will
be insulated from third_party/googletest.

* testing/gtest/include/gtest/ and testing/gmock/include/gmock have
  been populated with headers that forward into the appropriate
  locations of third_party/googletest

* testing/BUILD.gn has been populated with the targets
  //testing/gtest(:gtest_main) and //testing/gmock(:gmock_main),
  which depend on the appropriate //third_party/googletest targets.

All Chromium code should keep depending on the targets and
headers in testing/{gtest,gmock} for now.

BUG=chromium:630705

Change-Id: I12b07ae78c8039aeff6ada7a3335e4e2b5d308ab
Reviewed-on: https://chromium-review.googlesource.com/639953Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52170}

First pass callbacks are required to reset the handle before entering
the second callback.

Make this a CHECK and properly document what is required to fix when
hitting this assertion.

Change-Id: I13c6b0342fca16544cec01620ac74a87c290b87d
Reviewed-on: https://chromium-review.googlesource.com/975609
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52169}

The refactoring extracts code responsible for cloning and patching
code when creating a NativeModule clone. This extraction makes it easier
to reuse the code.

Change-Id: Id4543ee07ed85c1b44472723b0bce983a97da03e
Reviewed-on: https://chromium-review.googlesource.com/975302
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52168}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/30bf2a3..d873086

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I52816e40275461b012d218ae024261158db07dcb
Reviewed-on: https://chromium-review.googlesource.com/977262
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52167}

Change-Id: I9a78e0a8f673f311414f72055958c52d3c2cb0cd
Reviewed-on: https://chromium-review.googlesource.com/908256
Commit-Queue: Kanghua Yu <kanghua.yu@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52166}

Port 51ded9d3

Original Commit Message:

    This is a reland of d8f564ea

    Original change's description:
    > Reland: Remove SFI code field
    >
    > Remove the SharedFunctionInfo code field, inferring the code object
    > from the function_data field instead. In some cases, the function_data
    > field can now hold a Code object (e.g. some WASM cases).
    >
    > (Reland of https://chromium-review.googlesource.com/952452)
    >
    > TBR=mstarzinger@chromium.org
    >
    > Bug: chromium:783853
    > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
    > Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
    > Reviewed-on: https://chromium-review.googlesource.com/970649
    > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    > Reviewed-by: Yang Guo <yangguo@chromium.org>
    > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#52136}

R=leszeks@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I86c5a46a866830a2150ff9366be12a09f111240f
Reviewed-on: https://chromium-review.googlesource.com/976624Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52165}

Port 28190980

Original Commit Message:

    This patch also moves Shell::Exit to base::OS::ExitProcess.

R=ulan@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I0a7dc051ed5a21ad9641d1d05182ea4240bc666a
Reviewed-on: https://chromium-review.googlesource.com/976332Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52164}

When using trap handlers, memory references do not get any checks inserted. This
means there is no check for a null memory as happens when the memory size is
0. Normally this would be correctly caught as an out of bounds access, since the
low memory addresses are not normally mapped. However, if they were mapped for
some reason, we would not catch the out of bounds access.

The fix is to ensure WebAssembly instances always have a guard region even if
the memory is size 0.

This is a rewrite of 5e76ff5a

Note that this can lead to a large amount of unnecessary address space usage,
so we share a single reservation for empty array buffers.

Bug: chromium:769637

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia8e84be6d595e347d3d342959f2c374db1a3f683
Reviewed-on: https://chromium-review.googlesource.com/702657Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52163}

On float comparisons, we need a scratch byte register for the setcc
instruction, and if none is available, we spill. But this spilling code
is skipped if one of the operands is NaN. The cache state is updated
however, so following code assumes that the spill happened.
This CL fixes this by spilling before checking for NaN, such that the
spilling code is always executed.

R=titzer@chromium.org

Bug: v8:7582, v8:6600
Change-Id: I768d8de14e494d3ebea181c1f9f3129a4b005396
Reviewed-on: https://chromium-review.googlesource.com/973961Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52162}

googletest's directory structure has completely changed, and trybots
have trouble with the roll CL https://crrev.com/c/639953 because of
https://crbug.com/823586.

This CL works aroud the bug above, using the same method as
https://pdfium-review.googlesource.com/c/pdfium/+/29011 which helped
land https://pdfium-review.googlesource.com/c/pdfium/+/28791.

Bug: chromium:823586
Change-Id: Iffce1277c6b73b5cea96465a6035380cba0d103c
Reviewed-on: https://chromium-review.googlesource.com/974917Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52161}

This reverts commit 4d1c2907.

Reason for revert: Still often hangs:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23898

Original change's description:
> Reland "[d8][wasm] Test wasm compilation completion"
> 
> This is a reland of ed2605f0
> 
> Original change's description:
> > [d8][wasm] Test wasm compilation completion
> > 
> > d8 was recently changed to keep running until wasm compilation has
> > completed. This adds a message test to test that.
> > 
> > R=ahaas@chromium.org
> > 
> > Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> > Reviewed-on: https://chromium-review.googlesource.com/966184
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52008}
> 
> Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
> Reviewed-on: https://chromium-review.googlesource.com/975242
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52154}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4c2f3f69d6a2e749ce7c5379a3949d098c5946c4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/975835Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52160}

This is a reland of d8f564ea

TBR=mstarzinger@chromium.org,yangguo@chromium.org,jgruber@chromium.org

Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I5187851b923e9a92f43daf8cb99e662786cbb839
Reviewed-on: https://chromium-review.googlesource.com/975942
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52159}

TBR=sergiyb@chromium.org

Change-Id: I5def23b438ab6b90c5386ad60b061e1f248d5ee1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/975644Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52158}

This is a follow-up for 8ed81dde.

The TSAN exception has to be in MarkObject because that is called from
two places in concurrent marking.

Bug: v8:7574
Change-Id: If36b564bce0970c9b44c029055114bb6e2a74059
Reviewed-on: https://chromium-review.googlesource.com/973526
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52157}

TBR=sergiyb@chromium.org

Bug: chromium:819555
Change-Id: Iad5526b1423f8bdab9c0734ffc2f378d892b5b9d
Reviewed-on: https://chromium-review.googlesource.com/973379
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52156}

This changes ArrayBufferTracker to count array buffer byte length instead of
allocation length. Byte length better approximates actual memory pressure
because it refers to how many bytes are actually committed, whereas for
allocation length, these bytes may be reserved but not committed.

Note that we still need to be careful about address space exhaustion. Most
address space is used by WebAssembly's guard regions. These are now managed by
WasmMemoryTracker to ensure we do not consume too much address space.

As a side effect, this CL fixes v8:7576 because byte_length() does not need to
access the is_wasm_memory field whereas allocation_length() does.

Bug: v8:7576
Change-Id: Ib974e86ec61e170930c835f0f0ad03e89dc02854
Reviewed-on: https://chromium-review.googlesource.com/973884Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52155}

This is a reland of ed2605f0

Original change's description:
> [d8][wasm] Test wasm compilation completion
> 
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
> 
> R=ahaas@chromium.org
> 
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}

Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
Reviewed-on: https://chromium-review.googlesource.com/975242Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52154}

Bug: v8:7531, chromium:822170
Change-Id: Ida5b0714a584df3d830f95088db51c1841b63cc2
Reviewed-on: https://chromium-review.googlesource.com/966062Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52153}

For mode = kArrayFunction, we know that we need to call the array
constructor stub, so we don't need to read it out from the construct_stub
field. We also don't need to set it in the construct_stub field anymore,
so just use the builtins constructor stub like other builtins.

Also cleans up PushArgsThenCall by adding a dcheck that we are never in
mode = kArrayFunction, so we don't even try to generate code for this
case, but fail earlier instead.

We don't need to load the array function in ArrayConstructor because this
is set up for us by the builtins construct stub. We do have to check if
new_target is actually set before overwriting it with target, as we are
handling both call and construct cases in ArrayConstructor now.

Bug: v8:7503
Change-Id: I3622bf6127eebed8b55c9c199fa938a8e03b8baa
Reviewed-on: https://chromium-review.googlesource.com/973364
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52152}

R=jgruber@chromium.org, kozyatinskiy@chromium.org

Bug: v8:178
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idee461c6ff6c8a14b01229ea6448e437f3db6dab
Reviewed-on: https://chromium-review.googlesource.com/973202
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52151}