Implement Neg_d and Neg_s in macro-assembler.
Floating point negate instructions are removed in release 6.
On r2, these instructoin do not change the sign of NaN operands.

TEST=cctest/test-run-wasm/RunWasmCompiled_Float32Neg, cctest/test-run-wasm/RunWasmCompiled_Float64Neg
BUG=

Review-Url: https://codereview.chromium.org/2256963003
Cr-Commit-Position: refs/heads/master@{#38749}

Port 77c9cb83.

Original commit message:
This commit fixes wasm little-endian load issue on big-endian platform
by introducing reverse byte operation immediately after a load.

BUG=

Review-Url: https://codereview.chromium.org/2235703002
Cr-Commit-Position: refs/heads/master@{#38660}

Implement Bovc and Bnvc instruction macros in macro assembler.

The change 6f920d7d revealed an issue with AddBranchOvf for mips R6.
All branching instructions other than BOVC and BNVC are handled by Branch macro, which assures
correct handling of long and short branches. As a consequence, AddBranchOvf for R6 was working correctly
only before trampoline was emitted, but the case of long branch was not handled at all. Implemented
instruction macros enable proper handling of BOVC and BNVC in cases when long branching is needed.

TEST=test/intl/general/case-mapping.js

BUG=

Review-Url: https://codereview.chromium.org/2225323002
Cr-Commit-Position: refs/heads/master@{#38513}

This feature has not been used in the past few years and most likely does not
even work anymore.

R=ishell@chromium.org

Review-Url: https://codereview.chromium.org/2186533002
Cr-Commit-Position: refs/heads/master@{#38046}

BUG=

Review-Url: https://codereview.chromium.org/2101123005
Cr-Commit-Position: refs/heads/master@{#37748}

BUG=v8:5173
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2118283003
Cr-Commit-Position: refs/heads/master@{#37598}

Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.

Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.

BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg

Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}

Revert of [builtins] New frame type for exits to C++ builtins (patchset #5 id:80001 of https://codereview.chromium.org/2090723005/ )

Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626

Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}

TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815

Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}

Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.

Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.

BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}

BUG=

Review-Url: https://codereview.chromium.org/2069933003
Cr-Commit-Position: refs/heads/master@{#37295}

MIPS: Followup '[turbofan] Introduce new operators Float32SubPreserveNan and Float64SubPreserveNan'.

Port 481502da

Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.

TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero

BUG=

patch from issue 2019693002 at patchset 140001 (http://crrev.com/2019693002#ps140001)

R=ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2066483008
Cr-Commit-Position: refs/heads/master@{#37105}

The new allocation folding implementation avoids fragmentation between folded allocation. As a consequence, our heap will always be iterable i.e. we do not have to perform a garbage collection before iterating the heap.

BUG=chromium:580959
LOG=n

Review-Url: https://codereview.chromium.org/1899813003
Cr-Commit-Position: refs/heads/master@{#36133}

Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.

Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969
LOG=n

Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35918}

Implement unaligned access instructions, and tests for corresponding
instruction

BUG=

Review-Url: https://codereview.chromium.org/1902743002
Cr-Commit-Position: refs/heads/master@{#35873}

Default (and only way) is now to retrieve a tagged object.

BUG=chromium:606711
LOG=N

Review URL: https://codereview.chromium.org/1922553002

Cr-Commit-Position: refs/heads/master@{#35792}

Removes the register file machine register from the interpreter and
replaces it will loads from the parent frame pointer. As part of this
change the raw operand values for register values changes to enable the
interpreter to keep using the operand value as the offset from the
parent frame pointer.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1894063002

Cr-Commit-Position: refs/heads/master@{#35618}

Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.

Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.

R=mstarzinger@chromium.org, neis@chromium.org
TBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n

Review URL: https://codereview.chromium.org/1865833002

Cr-Commit-Position: refs/heads/master@{#35283}

Replace the uses with proper page flag lookups.

BUG=chromium:581412
LOG=N
TEST=mjsunit/allocation-site-info

Review URL: https://codereview.chromium.org/1845463003

Cr-Commit-Position: refs/heads/master@{#35153}

Port of changes that replace JR and JALR instructions with JIC and JIALC
for mips64r6. Macroassembler Jump and Call functions now use JIC and
JIALC if branch delay slot is not used. Code patching is adjusted to
work with new changes. Jr and Jalr macroassembler functions are removed.
Other changes where mips32r6 uses jr/jalr are not done because mips64r6
uses j/jal instructions.

BUG=

Review URL: https://codereview.chromium.org/1830133002

Cr-Commit-Position: refs/heads/master@{#35141}

Use macro instructions for min, max ops to get the same functionality on
pre-r6 and r6 targets.

BUG=
TEST=mjsunit/math-min-max, cctest/test-macro-assembler-mips64/min_max_nan, cctest/test-macro-assembler-mips/min_max_nan, cctest/test-assembler-mips64/min_max, cctest/test-assembler-mips/min_max

Review URL: https://codereview.chromium.org/1694833002

Cr-Commit-Position: refs/heads/master@{#35073}

Split ToNumberStub into the entry ToNumberStub, and two new stubs,
StringToNumberStub and NonNumberToNumberStub, which can be used when we
already know something about the input (i.e. in various branches of the
code stubs, or in TurboFan graphs).

Also introduce an appropriate StringToNumber simplified operator for
TurboFan, that is pure and is lowered to an invocation of the newly
added StringToNumberStub.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1818923002

Cr-Commit-Position: refs/heads/master@{#34922}

Port 21b331e3

BUG=

Review URL: https://codereview.chromium.org/1784353003

Cr-Commit-Position: refs/heads/master@{#34731}

Make the low level assembler implementation exact and protected to disallow explicit usage.

BUG=

Review URL: https://codereview.chromium.org/1749263002

Cr-Commit-Position: refs/heads/master@{#34673}

Before this CL, various code stubs used different techniques
for marking their frames to enable stack-crawling and other
access to data in the frame. All of them were based on a abuse
of the "standard" frame representation, e.g. storing the a
context pointer immediately below the frame's fp, and a
function pointer after that. Although functional, this approach
tends to make stubs and builtins do an awkward, unnecessary
dance to appear like standard frames, even if they have
nothing to do with JavaScript execution.

This CL attempts to improve this by:

* Ensuring that there are only two fundamentally different
  types of frames, a "standard" frame and a "typed" frame.
  Standard frames, as before, contain both a context and
  function pointer. Typed frames contain only a minimum
  of a smi marker in the position immediately below the fp
  where the context is in standard frames.
* Only interpreted, full codegen, and optimized Crankshaft and
  TurboFan JavaScript frames use the "standard" format. All
  other frames use the type frame format with an explicit
  marker.
* Typed frames can contain one or more values below the
  type marker. There is new magic macro machinery in
  frames.h that simplifies defining the offsets of these fields
  in typed frames.
* A new flag in the CallDescriptor enables specifying whether
  a frame is a standard frame or a typed frame. Secondary
  register location spilling is now only enabled for standard
  frames.
* A zillion places in the code have been updated to deal with
  the fact that most code stubs and internal frames use the
  typed frame format. This includes changes in the
  deoptimizer, debugger, and liveedit.
* StandardFrameConstants::kMarkerOffset is deprecated,
  (CommonFrameConstants::kContextOrFrameTypeOffset
  and StandardFrameConstants::kFrameOffset are now used
  in its stead).

LOG=N

Review URL: https://codereview.chromium.org/1696043002

Cr-Commit-Position: refs/heads/master@{#34571}

HInvokeFunction and HApplyArguments instructions now support tail calling.

Inlining of calls at tail position is not supported yet and therefore still disabled.

The tail-call-megatest was modified so that the usages of "arguments" object do not disable Crankshaft.

TBR=bmeurer@chromium.org
BUG=v8:4698
LOG=N

Review URL: https://codereview.chromium.org/1760253003

Cr-Commit-Position: refs/heads/master@{#34542}

This CL fixes the bugs caused by the following CL:
50a394df -- MIPS64: Fix 'MIPS: use DAHI/DATH for li macro on mips64r6.'
  Port 1f5b84e4
  MIPS: use DAHI/DATH for li macro on mips64r6.

LUI instruction would sign extend into higher 32bits, in that case we might need to use DAHI, DATI to overwrite the extension.

The bug will occur when we are loading some addresses such as 0x00007fffffffxxxx.

BUG=
TEST=test-run-native-calls/Run_Int32_Select_*, test-run-native-calls/Run_Int32_WeightedSum_*, test-run-native-calls/Run_Int32_WeightedSum_*, test-run-native-calls/Run_Int32_Select_*

Review URL: https://codereview.chromium.org/1763733002

Cr-Commit-Position: refs/heads/master@{#34467}

Changes MacroAssembler::GenerateSwitchTable to make sure that 'ra' is properly restored.

BUG=

Review URL: https://codereview.chromium.org/1761863002

Cr-Commit-Position: refs/heads/master@{#34460}

Port 1f5b84e4

TEST=test-run-machops/RunInt64SubWithOverflowImm, test-run-machops/RunInt64AddWithOverflowImm
BUG=

Review URL: https://codereview.chromium.org/1714283002

Cr-Commit-Position: refs/heads/master@{#34300}

This makes the FullCodeGenerator::EmitNamedPropertyLoad be architecture
independent by adding MacroAssembler::Move helpers.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1734643002

Cr-Commit-Position: refs/heads/master@{#34259}

Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.

Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1708313002

Cr-Commit-Position: refs/heads/master@{#34136}

Port 187b3f28

BUG=

Review URL: https://codereview.chromium.org/1709793002

Cr-Commit-Position: refs/heads/master@{#34130}

Port 2166bd8c

BUG=

Review URL: https://codereview.chromium.org/1708853002

Cr-Commit-Position: refs/heads/master@{#34112}

Mark null and undefined as undetectable, and use it to handle abstract equality comparison in the generic compare ic

Marking as undetectable makes abstract equality of null, undefined, and
other undetectable objects easier. Supporting it in the generic compare
IC significantly speeds up dynamic comparison between those values and
JSReceivers by not falling back to the runtime.

MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>

Review URL: https://codereview.chromium.org/1683643002

Cr-Commit-Position: refs/heads/master@{#33858}

Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.

Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
  pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().

BUG=chromium:581412
LOG=N

Review URL: https://codereview.chromium.org/1632913003

Cr-Commit-Position: refs/heads/master@{#33857}

BUG=

Review URL: https://codereview.chromium.org/1647123002

Cr-Commit-Position: refs/heads/master@{#33718}

BUG=

Review URL: https://codereview.chromium.org/1628453002

Cr-Commit-Position: refs/heads/master@{#33703}

The PrepareId bailout location was used incorrectly in Crankshaft and,
as it turns out, is not required anyway (once you do it right). Also
there was some premature optimization going on with the CheckEnumCache
(trying to load null from roots only once), plus we can be smarter about
the null/undefined check anyway.

The idea behind this changes is to prepare unification of the two
different ForInPrepare implementations that we now have, with the end
result being that we only use the new implementation that was recently
added for the interpreter.

R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1618613002

Cr-Commit-Position: refs/heads/master@{#33426}

We no longer have the concept of "JS builtins" exposed to handwritten
native code, so there's no need to keep the InvokeBuiltin macro around.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1611613002

Cr-Commit-Position: refs/heads/master@{#33416}

Adds a ForInPrepare Runtime function which returns a triple of
cache_type, cache_array and cache_length.

This requires adding support to CEntryStub to call runtime functions
which return a ObjectTriple - a struct containing three Object*
pointers. Also did some cleanup of the x64 CEntryStub to avoid
replicated code.

Replaces the interpreter's use of the ad-hock InterpreterForInPrepare
Runtime function with ForInPrepare in preparation for fixing deopt in
BytecodeGraphBuilder for ForIn (which will be done in a followup CL).

MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1576093004

Cr-Commit-Position: refs/heads/master@{#33334}

Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.

Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1573243009

Cr-Commit-Position: refs/heads/master@{#33265}