While they have not been observed to slow down real-world use cases,
some blink_layout microbenchmarks feel better with these methods
disabled. In order to be concervative at the launch time, lift
the CFI defense for these methods.

8/10 of these methods will become much faster when an optimization
proposed in https://crbug.com/638056 -- we only need to load vptr
once (before the loop) and have a single CFI check instead of
a check per iteration.

BUG=638056,634139

Review-Url: https://codereview.chromium.org/2258003002
Cr-Commit-Position: refs/heads/master@{#38759}

BUG=

Review-Url: https://codereview.chromium.org/2259883002
Cr-Commit-Position: refs/heads/master@{#38758}

Fix d0e52555

Typo in builtin-mips64.cc caused crashes in test mjsunit/asm/asm-validation.js

TEST=mjsunit/asm/asm-validation
BUG=

Review-Url: https://codereview.chromium.org/2258093002
Cr-Commit-Position: refs/heads/master@{#38757}

This isn't the most elegant fix, but I'd prefer to not rework the logic
right now. What happens is:
- Most parts of the Scanner use nullptr to mean, no literal buffer.
- The bookmarking logic may end up with a state where there's a non-nullptr
  literal buffer, but it's empty. (length 0)
- These are functionally equivalent, so there's no 'real' bug.
- But it makes it hard to reason. This patch hence checks for length-0
  literal buffers, and uses nullptr instead.

R=marja@chromium.org
BUG=chromium:639191 v8:4947

Review-Url: https://codereview.chromium.org/2258073003
Cr-Commit-Position: refs/heads/master@{#38756}

R=adamk@chromium.org, verwaest@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2263523002
Cr-Commit-Position: refs/heads/master@{#38755}

Version 0 dense arrays cannot be deserialized by current Chromium, which
suggests that this is not necessary.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2256413002
Cr-Commit-Position: refs/heads/master@{#38754}

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2253913002
Cr-Commit-Position: refs/heads/master@{#38753}

BUG=

Review-Url: https://codereview.chromium.org/2255973004
Cr-Commit-Position: refs/heads/master@{#38752}

BUG=v8:5273
R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2250513005
Cr-Commit-Position: refs/heads/master@{#38751}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2258083002
Cr-Commit-Position: refs/heads/master@{#38750}

Implement Neg_d and Neg_s in macro-assembler.
Floating point negate instructions are removed in release 6.
On r2, these instructoin do not change the sign of NaN operands.

TEST=cctest/test-run-wasm/RunWasmCompiled_Float32Neg, cctest/test-run-wasm/RunWasmCompiled_Float64Neg
BUG=

Review-Url: https://codereview.chromium.org/2256963003
Cr-Commit-Position: refs/heads/master@{#38749}

BUG=

Review-Url: https://codereview.chromium.org/2255263002
Cr-Commit-Position: refs/heads/master@{#38748}

This fixes the self-healing mechanism for closures in the interpreter
entry trampoline not that bytecode can be preserved even when baseline
code is already available.

R=rmcilroy@chromium.org
TEST=cctest/test-compiler/IgnitionEntryTrampolineSelfHealing
BUG=chromium:638225

Review-Url: https://codereview.chromium.org/2257143002
Cr-Commit-Position: refs/heads/master@{#38747}

Unify the representation selection rules for NumberAdd/Subtract and
SpeculativeNumberAdd/Subtract wrt. Int32Add/Sub selection. We can
safely use Int32Add/Sub as long as the inputs are in the safe additive
integer range and the output is either truncated to Word32 or provably
in Signed32 or Unsigned32 range.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2253293005
Cr-Commit-Position: refs/heads/master@{#38746}

BUG=chromium:508898

Review-Url: https://codereview.chromium.org/2237443002
Cr-Commit-Position: refs/heads/master@{#38745}

Changes the control flow builder classes to make use of the
BytecodeLabels helper class.

BUG=v8:4280
LOG=n

Review-Url: https://codereview.chromium.org/2254493002
Cr-Commit-Position: refs/heads/master@{#38744}

BUG=

Review-Url: https://codereview.chromium.org/2257393002
Cr-Commit-Position: refs/heads/master@{#38743}

TEST=mjsunit/wasm/stack.js:testStackOverflow

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2256603002
Cr-Commit-Position: refs/heads/master@{#38742}

R=mstarzinger@chromium.org, rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2263493002
Cr-Commit-Position: refs/heads/master@{#38741}

Rebuilding (after touching certain files) is crazy slow because
includes are out of control.

Fixing it:
- Don't include stuff in headers unless necessary.
- Include the stuff you need, not some other stuff that happens to include the
stuff you need.

BUG=v8:5294

Review-Url: https://codereview.chromium.org/2260483002
Cr-Commit-Position: refs/heads/master@{#38740}

Revert of [heap] Improve size profiling for ArrayBuffer tracking (patchset #6 id:140001 of https://codereview.chromium.org/2210263002/ )

Reason for revert:
Tanks octane

Original issue's description:
> [heap] Improve size profiling for ArrayBuffer tracking
>
> Eagerly account for retained sizes during ArrayBuffer tracking. Following up on this,
> we can now do Scavenges if the amount of memory retained from new space is too large.
>
> BUG=chromium:621829
> R=jochen@chromium.org,hpayer@chromium.org
>
> Committed: https://crrev.com/28e13bd6a75c9467dae43043e7b741a1387d5252
> Cr-Commit-Position: refs/heads/master@{#38731}

TBR=jochen@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:621829

Review-Url: https://codereview.chromium.org/2261513003
Cr-Commit-Position: refs/heads/master@{#38739}

R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2256163002
Cr-Commit-Position: refs/heads/master@{#38738}

BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2264493002
Cr-Commit-Position: refs/heads/master@{#38737}

This patch refactors the traits objects, used by the parser and the
preparser, so that they contain the same set of methods, with the same
signatures.

R=adamk@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2179423002
Cr-Commit-Position: refs/heads/master@{#38736}

BUG=

Review-Url: https://codereview.chromium.org/2261643002
Cr-Commit-Position: refs/heads/master@{#38735}

Rolling v8/build to d158ac9f154829bb0a57c2fd398972482cebef28

Rolling v8/tools/clang to eebeb555075fbd7bb86829d37f1f7b7d6f10c8e3

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2261613002
Cr-Commit-Position: refs/heads/master@{#38734}

Also add a test for the return object of getCanonicalLocaleList().

See https://github.com/tc39/test262/issues/745 for more details.

BUG=v8:5012
TEST=test262/intl402/Intl/getCanonicalLocales/*
TEST=intl/general/getCanonicalLocales

Review-Url: https://codereview.chromium.org/2239523002
Cr-Commit-Position: refs/heads/master@{#38733}

The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.

Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.

BUG=chromium:148757

Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
Review-Url: https://codereview.chromium.org/2259633002
Cr-Original-Commit-Position: refs/heads/master@{#38729}
Cr-Commit-Position: refs/heads/master@{#38732}

Eagerly account for retained sizes during ArrayBuffer tracking. Following up on this,
we can now do Scavenges if the amount of memory retained from new space is too large.

BUG=chromium:621829
R=jochen@chromium.org,hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2210263002
Cr-Commit-Position: refs/heads/master@{#38731}

Revert of Blink-compatible serialization of arrays, both dense and sparse. (patchset #6 id:100001 of https://codereview.chromium.org/2259633002/ )

Reason for revert:
Broke MIPS compile due to an uninitialization warning:

https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/3110/steps/compile/logs/stdio

Original issue's description:
> Blink-compatible serialization of arrays, both dense and sparse.
>
> The current "dense" format is not expressive enough to distinguish between
> an element that is not defined and one that has the value "undefined",
> but in this CL the existing behaviour of Blink is used for such cases.
> Format changes to fix these issues could be made later on.
>
> Not included in this CL is compatibility with version 0 arrays.
> Those will be implemented in a separate CL.
>
> BUG=chromium:148757
>
> Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
> Cr-Commit-Position: refs/heads/master@{#38729}

TBR=jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2255313002
Cr-Commit-Position: refs/heads/master@{#38730}

The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.

Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2259633002
Cr-Commit-Position: refs/heads/master@{#38729}

BUG=

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com, bmeurer@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2242223002
Cr-Commit-Position: refs/heads/master@{#38728}

Revert of [Interpreter] Introduce InterpreterCompilationJob (patchset #9 id:180001 of https://codereview.chromium.org/2240463002/ )

Reason for revert:
Revert again...

Original issue's description:
> [Interpreter] Introduce InterpreterCompilationJob
>
> Adds InterpreterCompilationJob as a sub-class of
> CompilationJob, to enable off-thread bytecode
> generation. Currently only used in
> Interpreter::MakeBytecode.
>
> As part of this change, CompilationJob is modified
> to make it less specific to optimized compilation,
> renaming the phases as follows:
>  - CreateGraph -> PrepareJob
>  - OptimizeGraph -> ExecuteJob
>  - GenerateCode -> FinalizeJob
>
> RegisterWeakObjectsInOptimizedCode is also moved out
> of CompilationJob and instead becomes a static function
> on Compiler.
>
> BUG=v8:5203
>
> Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
> Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
> Committed: https://crrev.com/d7c6195c4c5cdc080caa74dfe2ae9ecab69bea73
> Cr-Original-Original-Commit-Position: refs/heads/master@{#38662}
> Cr-Original-Commit-Position: refs/heads/master@{#38668}
> Cr-Commit-Position: refs/heads/master@{#38725}

TBR=mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203

Review-Url: https://codereview.chromium.org/2260583002
Cr-Commit-Position: refs/heads/master@{#38727}

One more bytecode to pass info through to TurboFan.

BUG=v8:4280
LOG=n

Review-Url: https://codereview.chromium.org/2260473003
Cr-Commit-Position: refs/heads/master@{#38726}

Adds InterpreterCompilationJob as a sub-class of
CompilationJob, to enable off-thread bytecode
generation. Currently only used in
Interpreter::MakeBytecode.

As part of this change, CompilationJob is modified
to make it less specific to optimized compilation,
renaming the phases as follows:
 - CreateGraph -> PrepareJob
 - OptimizeGraph -> ExecuteJob
 - GenerateCode -> FinalizeJob

RegisterWeakObjectsInOptimizedCode is also moved out
of CompilationJob and instead becomes a static function
on Compiler.

BUG=v8:5203

Committed: https://crrev.com/1fb6a7e697e8bc5b4af51647553741f966e00cdc
Committed: https://crrev.com/785990e9fc0dd9a9d963d25d0bed2909165e4ca9
Review-Url: https://codereview.chromium.org/2240463002
Cr-Original-Original-Commit-Position: refs/heads/master@{#38662}
Cr-Original-Commit-Position: refs/heads/master@{#38668}
Cr-Commit-Position: refs/heads/master@{#38725}

Use bool is_strict_ to encode language_mode in scopes using a single bit.

BUG=

Review-Url: https://codereview.chromium.org/2261463002
Cr-Commit-Position: refs/heads/master@{#38724}

Generates a JSCreateWithContext node for TurboFan to optimize.

BUG=v8:4280
LOG=n

Review-Url: https://codereview.chromium.org/2255793002
Cr-Commit-Position: refs/heads/master@{#38723}

NOTRY=true

Review-Url: https://codereview.chromium.org/2260543002
Cr-Commit-Position: refs/heads/master@{#38722}

V8 doesn't build on Ubuntu 16.04 (with GCC 5.3). Seems to be
a known regression on newer GCC version. It emits incorrect
"error: array subscript is above array bounds" message. Adding
explicit array bound check fixes the issue.

R=hablich@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2256113002
Cr-Commit-Position: refs/heads/master@{#38721}

The machine types were incorrect for the runtime function and argument
count parameters. The latter was introduced in 3e2085eb, while the
former seems to always have been wrong.

This was not an issue so far because GetRuntimeCallDescriptor was only
called after the representation selection phase and thus the machine
type was ignored.

R=jarin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2250863004
Cr-Commit-Position: refs/heads/master@{#38720}