Pointing to the exact spot of the incorrect numeric separator seems
clearer both in terms of the error itself, and the resulting code in
scanner because we don't have to keep track of the start position.

Previously, the error was:
  ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
  unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
  0x1__1
  ^^^^
  SyntaxError: Only one underscore is allowed as numeric separator

Now, the error is:
  ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
  unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
  0x1__1
      ^
  SyntaxError: Only one underscore is allowed as numeric separator


Bug: v8:7317
Change-Id: I7df1b39816e51a97234da6ed0fca1bf8c0223c3e
Reviewed-on: https://chromium-review.googlesource.com/962241
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51950}

This reverts commit d504203e.

Reason for revert: b/74469145

Original change's description:
> [turbofan] Consistently use String feedback for JSAdd.
> 
> Currently we didn't always consistently use the String feedback on
> JSAdd, but only if JSTypedLowering would already figure out statically
> that one of the inputs is already a String. That leads to some odd
> performance cliffs, as highlighted in the referenced bug.
> 
> This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
> String feedback. This improves the relevant performance tests from the
> bug from
> 
>   console.timeEnd: Runtime join3, 967.512000
>   console.timeEnd: Runtime join, 1004.599000
>   console.timeEnd: Runtime join3, 1124.764000
>   console.timeEnd: Runtime join, 966.164000
>   console.timeEnd: Runtime join3, 1145.296000
>   console.timeEnd: Runtime join, 966.176000
>   console.timeEnd: Runtime join3, 1145.272000
>   console.timeEnd: Runtime join, 931.266000
> 
> to
> 
>   console.timeEnd: Runtime join3, 903.050000
>   console.timeEnd: Runtime join, 856.509000
>   console.timeEnd: Runtime join3, 945.144000
>   console.timeEnd: Runtime join, 840.038000
>   console.timeEnd: Runtime join3, 927.965000
>   console.timeEnd: Runtime join, 841.263000
>   console.timeEnd: Runtime join3, 929.342000
>   console.timeEnd: Runtime join, 858.143000
> 
> which corresponds to an 8-18% improvement.
> 
> Bug: v8:7415
> Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
> Reviewed-on: https://chromium-review.googlesource.com/936643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51551}

TBR=jarin@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7415
Change-Id: I106a314bcd4187abdad6dc11306226d0c28ef524
Reviewed-on: https://chromium-review.googlesource.com/963522Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51949}

Port ab9ac994

Original Commit Message:

    We can reduce boilerplate if we pass the continuation to
    some InstructionSelector::Emit.* methods.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia9ddd0dcf5d6115ee9f8c35e1b05c10f9f0c4b39
Reviewed-on: https://chromium-review.googlesource.com/959441
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51948}

On x64, the upper 32 bit of a register holding a 32-bit value are
always zero. Add several assertions to check that. This is particularly
important for memory accesses, where the whole 64-bit register is used
as offset for the memory access.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ifd3c6e90bb0056dbc2b8c66de919f35c7787965b
Reviewed-on: https://chromium-review.googlesource.com/963321
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51947}

Bug: v8:7317
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2920abc732b9006a24fcf11edb6bb779ac627d5a
Reviewed-on: https://chromium-review.googlesource.com/961064Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51946}

This patch extends ExtractContextReferences to handle all declaration
contexts, not only function/module/eval contexts.

Bug: chromium:817954
Change-Id: Ibe2827a9d6b2939552da26a60df959c9b22ea059
Reviewed-on: https://chromium-review.googlesource.com/962763
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51945}

Bug: v8:7558
Change-Id: I7f4eae87fad6b707c5defa033f4eaf6037c864ba
Reviewed-on: https://chromium-review.googlesource.com/963166
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51944}

Bug: v8:7317
Change-Id: I20fb706c05852668a5a6ae8b69c150ae2e6b2f65
Reviewed-on: https://chromium-review.googlesource.com/960901Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51943}

Implement Push and Load CallerFrameSlot instructions.
Also, fix some issues that was revealed after these changes.

Bug: v8:6600
Change-Id: I658c26b0dcec489e7e549d4f1fbd4ccd89a6ea99
Reviewed-on: https://chromium-review.googlesource.com/964001Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51942}

R=titzer@chromium.org

Change-Id: I9c947440e4e92ff7176d8dc2f334182c524898f9
Reviewed-on: https://chromium-review.googlesource.com/962451
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51941}

This test creates a BigInt object with size more then 250 MB. On certain
test systems, this large memory consumption will cause the test failing.
Therefore, this test will be skipped for MIPS32 architecture.

TEST=mjsunit/harmony/bigint/regressions
BUG=

Change-Id: I21bf86c3e6058818c6db3ed8970c0f1e3873e0a6
Reviewed-on: https://chromium-review.googlesource.com/962381
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51940}

Previously install-sysroot.py relied on gyp. This should be fixed now.
This way, tools/node/fetch_deps.py can also be used to fetch
dependencies when building V8 to run V8 tests from a Node.js checkout.

R=machenbach@chromium.org

Change-Id: Ic4ee425d6ae744c32f604d14fbfdb0554a00c486
Reviewed-on: https://chromium-review.googlesource.com/962421
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51939}

Now, 'queryObjects' takes an optional 'objectGroup' argument,
allowing the frontend to release the response value.

This is important because each call produces a new Array, which
could not be released before.

Bug: chromium:815263
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I18c9a68c4ba45020fce9eea63cb263396a18d498
Reviewed-on: https://chromium-review.googlesource.com/935153
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51938}

- Update CodeSpecialization::RelocateDirectCalls and ApplyToWholeInstance to take a native module instead
- Use CodeSpecialization on NativeModule::LinkAll

Bug: v8:7539
Change-Id: I71ceb3114e8a0fca71dfa32f0721ef5fb4485eb4
Reviewed-on: https://chromium-review.googlesource.com/959592
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51937}

Annotate global handle with label to identify the context held alive for
debugging in DevTools

Bug: chromium:811842
Change-Id: I24f08b4d01939421ba1b7ec7b03982f00ebbdd1a
Reviewed-on: https://chromium-review.googlesource.com/962788Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51936}

TBR=machenbach@chromium.org

BUG=chromium:815092

Change-Id: Ib49dc50e41f0a7ec26d974b3d9d302003230f6e4
Reviewed-on: https://chromium-review.googlesource.com/962993Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51935}

TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:821689
Change-Id: Ia4010368738791ded4f0b27ef28d54ca3961e165
Reviewed-on: https://chromium-review.googlesource.com/962790
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51934}

- Add a new bytecode for the ToString operation, replacing the old
intrinsic call (currently does not collect type feedback).
- Add a new AST node to represent TemplateLiterals, and avoid
generating unnecessary ToString operations in some simple cases.
- Use a single feedback slot for each string addition, because the
type feedback should always be the same for each addition

This seems to produce a very slight improvement on JSTests benchmarks
and bench-ruben.js from v8:7415, and it's possible that type feedback
for the ToString bytecode could provide more opportunities to eliminate
the runtime call in TurboFan.

Doesn't touch tagged templates

[esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral

Fixes an error where TemplateLiteral printing in --print-ast
would try to read an element beyond the length of a vector.

BUG=v8:7415, chromium:820596
R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org

Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42
Reviewed-on: https://chromium-review.googlesource.com/958408Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51933}

This CL is preparation for moving the contents of the WasmContext
directly into the WasmInstanceObject. The moved fields are all untagged
pointers to C++ memory or untagged sizes which will be used in
generated machine code for WASM. They are not currently used, but
they are all set to kHeapObjectTag to make sure they are not
interpreted as tagged by the GC, using a custom object descriptor.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Bug: v8:7424
Change-Id: Ie5d5161df32564dcac74c6ff659f1a38ddca3cb0
Reviewed-on: https://chromium-review.googlesource.com/961065
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51932}

TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
Bug: chromium:821689
Change-Id: Ia5c13fb9d22a5695025434f3e48821469a79a0a3
Reviewed-on: https://chromium-review.googlesource.com/963021
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51931}

This adds support for i32.wrap/i64, i64.extend_s/i32, and
i64.extend_u/i32.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Iaeac1d24a53d044151cb244fffe3eab04314d908
Reviewed-on: https://chromium-review.googlesource.com/962281
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51930}

Now that Array.from() always calls the runtime to set the length if it's
not equal to the current length, don't actually set it on the fast path
since it's unobservable and doesn't change anything.

Also remove check for the array being writable since it's no longer
needed.

Change-Id: I0928d80b445807912fd925f7957c9a76385fc6bc
Reviewed-on: https://chromium-review.googlesource.com/961403Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51929}

R=titzer@chromium.org
BUG=v8:7549

Change-Id: Ie77a22f0a6204d673d130be45ca20d5986cddd88
Reviewed-on: https://chromium-review.googlesource.com/962423
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51928}

R=titzer@chromium.org
BUG=v8:7549

Change-Id: Ibae3ea41306ae89ee5caaa6ab2fdec6f08f2040c
Reviewed-on: https://chromium-review.googlesource.com/962361Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51927}

This removes the relocation mode and code specialization for table
sizes. These are now stored in the context and not inlined into code.

Bug: v8:7549, v8:7424

R=mstarzinger@chromium.org

Change-Id: I4cec78fdd365cd0c1dab9f5f4b40ffb69f540bda
Reviewed-on: https://chromium-review.googlesource.com/962221
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51926}

R=clemensh@chromium.org
BUG=v8:7549

Change-Id: Ied73ba2c146441c87c5ada65285037b68a83abe1
Reviewed-on: https://chromium-review.googlesource.com/962026Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51925}

This is a partial revert of e583fc83.
The reasoning here is that the treatment of SpeculativeToNumber[hint]
was not consistent (which led to the original bug that caused the
performance regression): The semantics of the operator is that it turns
its input into a number, and might bailout if the input is too complex
to accomplish that within optimized code. It can use the hint to handle
even fewer cases without the risk of a deoptimization loop. However it
cannot rely on the hint influencing the output, especially not before
SimplifiedLowering ran. The code for the OOB element access however
relied on the hint being enforced, which caused the original bug.

This CL repairs that and instead uses CheckSmi for the OOB element
access guard.

Also-By: tebbi@chromium.org
Bug: chromium:819298, chromium:820729
Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c
Reviewed-on: https://chromium-review.googlesource.com/961066Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51924}

R=clemensh@chromium.org
BUG=v8:7549

Change-Id: Ie2d9d9b569b46396e78b3a6c39fe7e36b6090608
Reviewed-on: https://chromium-review.googlesource.com/962247Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51923}

SafeStackFrameIterator used to skip over wasm frames, thus hiding them
for example in the Chrome profiler.

Change-Id: I81b1d73ab0b4fb1886f3300083a9550dc0f55525
Reviewed-on: https://chromium-review.googlesource.com/955697Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51922}

In case of Node.js (and Electron) we are guaranteed to always have only
off-heap typed arrays, indicated by V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP
being 0. So we can leverage this fact in TurboFan to generate more
efficient code, avoiding the offset computation.

Bug: v8:7253
Change-Id: I97db0dfec21c594ff8be0f1d405e828c7ae38c33
Reviewed-on: https://chromium-review.googlesource.com/962243Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51921}

This adds support for i32.reinterpret/f32, i64.reinterpret/f64,
f32.reinterpret/i32, and f64.reinterpret/i64.
On x64, all operations are straight-forward. On ia32, conversions from
or to i64 are done via the stack.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: If5562caf7367726904c6e405ad4fc5436d21144e
Reviewed-on: https://chromium-review.googlesource.com/962224Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51920}

Always use the runtime to set the length on an array if it doesn't match
the expected length after populating it using Array.from.

Bug: chromium:821137
Change-Id: I5a730db58de61ba789040e6dfc815d6067fbae64
Reviewed-on: https://chromium-review.googlesource.com/962222Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51919}

Previously the error was "undefined is not a function". Now it is
"1 is not iterable".

Bug: v8:6522
Change-Id: If338ddefca78fd6a10cc12b26f0dec632900f32b
Reviewed-on: https://chromium-review.googlesource.com/959728
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51918}

R=machenbach@chromium.org, sigurds@chromium.org

Bug: v8:7551
Change-Id: If7aca6477acc86eddd2ca7d96a8b222dca9298c2
Reviewed-on: https://chromium-review.googlesource.com/960662Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51917}

During a C call, a previous value of the stack pointer is stored in a
platform specific callee saved register. Loading the out argument of the
C call might overwrite the value in that register, if the destination
register collides with the platform specific register. Hence, do first
use that register to restore the previous stack pointer, and only then
load the out argument.
Similarly, when pushing arguments to the stack, do first push all
values and then set the platform specific register in order to avoid
overwriting an argument value held in that register.

Drive-by: Fix offset computations for parameters pushed to the stack
for c calls.

R=titzer@chromium.org

Bug: chromium:820802,chromium:820896,chromium:820807,v8:6600
Change-Id: If4567467b7912454f0bd2cad5927233c98894b03
Reviewed-on: https://chromium-review.googlesource.com/959064Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51916}

Since f32 and f64 constants are loaded into registers right away, we
never need to spill them as constants later.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I7da91bb995e5127b0a9cb1a12a0fcd6566ed98ff
Reviewed-on: https://chromium-review.googlesource.com/960943Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51915}

This reverts commit 98dec8f2.

Reason for revert: Speculative revert as win32/64 debug seems to
hang after this:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/13691

Original change's description:
> [inspector] added Runtime.terminateExecution
> 
> Runtime.terminateExecution terminates current or next JavaScript
> call. Termination flag is automatically reset as soon as v8 call
> or microtasks are completed.
> 
> R=​pfeldman@chromium.org
> 
> Bug: chromium:820640
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7
> Reviewed-on: https://chromium-review.googlesource.com/957386
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51912}

TBR=dgozman@chromium.org,pfeldman@chromium.org,kozyatinskiy@chromium.org

Change-Id: I25258ca5e9a2c2c514f0834da0ef0f5e75421d52
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:820640
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/962002Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51914}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/cd1fe2b..95a628b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/548a5bc..7b53f08

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I863f435f975b1323a2b8c1ce19b4dd9bd317a68d
Reviewed-on: https://chromium-review.googlesource.com/961810
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51913}

Runtime.terminateExecution terminates current or next JavaScript
call. Termination flag is automatically reset as soon as v8 call
or microtasks are completed.

R=pfeldman@chromium.org

Bug: chromium:820640
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7
Reviewed-on: https://chromium-review.googlesource.com/957386
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51912}

While deserializing a BigInt with the --harmony-bigint flag off is
harmless in itself, trying to wrap one as an Object (either during
deserialization of a JSValue or later from user code) requires the
BigInt constructor to be available. Since there's no strong reason
to support deserialization of BigInts without the flag, this patch
simply disallows it, which fixes the problem.

Bug: chromium:820819
Change-Id: I024a4f13715bbe95ee8eb6e1710e8f47ca227644
Reviewed-on: https://chromium-review.googlesource.com/959802Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51911}