When walking up the prototype chain during OrdinaryHasInstance, we first
check if the current prototype equals the expected one, and only
afterwards check the current prototype against null. That's obviously
wrong if we check something like Proxy, whose prototype is null.

R=yangguo@chromium.org
BUG=v8:5085

Review-Url: https://codereview.chromium.org/2041103007
Cr-Commit-Position: refs/heads/master@{#36840}

Type feedback introduced DeoptimizeIf node in representation inference
(for Int32AddWithOverflow); we found the frame state for the deopt by
walking the effect chain. Unfortunately, the effect chain can hit
effect merges introduced by simplified lowering (e.g., in LoadBuffer)
and thus fail the assertion (we refuse to go through effect phis).

This CL postpones assignment of the frame state to the effect-control
lninearizer, so that we can correctly propagate the frame state to
the deopt point. The DeoptimizeIf node with unassigned frame state is
called CheckIf.

BUG=

Review-Url: https://codereview.chromium.org/2050813003
Cr-Commit-Position: refs/heads/master@{#36839}

Move is_profiling to the isolate for now.

BUG=v8:4789

Review-Url: https://codereview.chromium.org/2040683002
Cr-Commit-Position: refs/heads/master@{#36838}

Rolling v8/build to 4842479bd8da7b9e5eb027f8c15bee533f9c328f

Rolling v8/buildtools to 099f1da55bfe8caa12266371a7eb983698fb1d87

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2056613002
Cr-Commit-Position: refs/heads/master@{#36837}

Make it a part of V8 API GetStackSample function.
Also expose external_callback_entry in SampleInfo to break dependency
of clients on internal V8 structures.

BUG=v8:4789

Committed: https://crrev.com/70acfe39c07322144f5fe9b40bb584a8b1099ffd
Review-Url: https://codereview.chromium.org/2007343003
Cr-Original-Commit-Position: refs/heads/master@{#36831}
Cr-Commit-Position: refs/heads/master@{#36836}

Revert of Move stack trace extraction code out of TickSample::Init (patchset #1 id:1 of https://codereview.chromium.org/2007343003/ )

Reason for revert:
Make MSAN arm bot flaky

Original issue's description:
> Move stack trace extraction code out of TickSample::Init
>
> Make it a part of V8 API GetStackSample function.
> Also expose external_callback_entry in SampleInfo to break dependency
> of clients on internal V8 structures.
>
> BUG=v8:4789
>
> Committed: https://crrev.com/70acfe39c07322144f5fe9b40bb584a8b1099ffd
> Cr-Commit-Position: refs/heads/master@{#36831}

TBR=yangguo@chromium.org,lpy@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789

Review-Url: https://codereview.chromium.org/2049903002
Cr-Commit-Position: refs/heads/master@{#36835}

This improves maintainability. The Compile and Wasm benchmarks,
tracking compile time, show no regression.

BUG=

Review-Url: https://codereview.chromium.org/2044283003
Cr-Commit-Position: refs/heads/master@{#36834}

Port b9ded4ce

BUG=
TEST=cctest/test-run-native-calls/Float32Select_stack_params_return_reg,
cctest/test-run-native-calls/MixedParams_2, cctest/test-run-native-calls/MixedParams_3

Review-Url: https://codereview.chromium.org/2043743005
Cr-Commit-Position: refs/heads/master@{#36833}

This limits the use of the aforementioned helper class to only binary
and compare operations. These are the only operatins left that require
two frame state inputs on the same node.

R=jarin@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2050673002
Cr-Commit-Position: refs/heads/master@{#36832}

Make it a part of V8 API GetStackSample function.
Also expose external_callback_entry in SampleInfo to break dependency
of clients on internal V8 structures.

BUG=v8:4789

Review-Url: https://codereview.chromium.org/2007343003
Cr-Commit-Position: refs/heads/master@{#36831}

This ports the configuration for using a sysroot from
chromium's common.gypi.

This is restricted to clang only.

BUG=chromium:474921, chromium:616032
LOG=y

Committed: https://crrev.com/c47d3c63695d2999752f5fc61ff171f3ff100553
Review-Url: https://codereview.chromium.org/2028623002
Cr-Original-Commit-Position: refs/heads/master@{#36729}
Cr-Commit-Position: refs/heads/master@{#36830}

This removes the by now obsolete threading of the helper class attaching
two frame states (before and after) to a given node. This helper is no
longer required for variable loads and stores.

R=jarin@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2051443003
Cr-Commit-Position: refs/heads/master@{#36829}

Adding properties to prototypes is faster when we don't force their
maps into fast mode yet. Once a prototype shows up in the IC system,
its setup phase is likely over, and it makes sense to transition it
to fast properties.
This patch speeds up the microbenchmark in the bug by 20x.
Octane-Typescript sees a 3% improvement.

BUG=chromium:607010

Review-Url: https://codereview.chromium.org/2036493006
Cr-Commit-Position: refs/heads/master@{#36828}

BUG=chromium:618305
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2045273002
Cr-Commit-Position: refs/heads/master@{#36827}

This sets the target_arch for simulator builds.

Fix needed for https://codereview.chromium.org/2028623002/

BUG=chromium:616032
NOTRY=true

Review-Url: https://codereview.chromium.org/2045173003
Cr-Commit-Position: refs/heads/master@{#36826}

BUG=

Review-Url: https://codereview.chromium.org/2040393003
Cr-Commit-Position: refs/heads/master@{#36825}

BUG=

Review-Url: https://codereview.chromium.org/2040243002
Cr-Commit-Position: refs/heads/master@{#36824}

This allows using icu data, bundled in the icudtl.dat file,
to be loaded automatically from a default location
side-by-side with the executable.

The v8 stand-alone default is still to use statically
linked ICU data, but this will be switched in a separate
follow-up CL.

BUG=chromium:616033
LOG=y

Review-Url: https://codereview.chromium.org/2042253002
Cr-Commit-Position: refs/heads/master@{#36823}

Also, make %GeneratorGetSourcePosition fail if called on a suspended Ignition generator
(rather than return nonsense).  This functionality is currently not implemented.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/2049663002
Cr-Commit-Position: refs/heads/master@{#36822}

This might help with some further investigations when using the IC-Explorer.

BUG=

Review-Url: https://codereview.chromium.org/2046943003
Cr-Commit-Position: refs/heads/master@{#36821}

BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/2040423002 .

Cr-Commit-Position: refs/heads/master@{#36820}

Now that we track feedback per realm, this kind of IC is always guaranteed to be an update to the object structure.

BUG=

Review-Url: https://codereview.chromium.org/2040363003
Cr-Commit-Position: refs/heads/master@{#36819}

R=bmeurer@chromium.org
BUG=chromium:495493

Review-Url: https://codereview.chromium.org/2044353002
Cr-Commit-Position: refs/heads/master@{#36818}

This speeds up .bind by >10x as measured by
function f(a,b,c) {}

for (var i = 0; i < 10000000; i++) {
  f.bind(1); // or more arguments.
}

(Uses hydrogen-stubs rather than TF due to var-args + possible runtime fallback, which is still unsupported in TF.)

BUG=

Review-Url: https://codereview.chromium.org/2044113002
Cr-Commit-Position: refs/heads/master@{#36817}

This workaround had been added because sanitizer interceptors were
linking against an old version of GLIBC. The respective sanitizers
within LLVM have by now be fixed, workaround can be removed.

The original workaround: https://codereview.chromium.org/1407463002

R=machenbach@chromium.org
BUG=chromium:536813

Review-Url: https://codereview.chromium.org/2045993003
Cr-Commit-Position: refs/heads/master@{#36816}

This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.

R=verwaest@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2041353003
Cr-Commit-Position: refs/heads/master@{#36815}

BUG=

Review-Url: https://codereview.chromium.org/2044173002
Cr-Commit-Position: refs/heads/master@{#36814}

R=bmeurer@chromium.org
BUG=chromium:617527

Review-Url: https://codereview.chromium.org/2045153002
Cr-Commit-Position: refs/heads/master@{#36813}

The upcoming snapshot creator API will have no way to distinguish default
from custom snapshots.

R=vogelheim@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2040813005
Cr-Commit-Position: refs/heads/master@{#36812}

Revert "Revert of [builtins] Properly optimize TypedArray/DataView accessors. (patchset #3 id:40001 of https://codereview.chromium.org/2042013003/ )"

This reverts commit d3a43e47.

This patch also adds typed_array_fun and typed_array_protoype to the
native context. These are used in InstallTypedArray to set up the
prototype chain correctly for each typed array sub class. This removes
the need to later monkey patch them prototype chain in typedarray.js.
This mechanism is also used to get hold of the TypedArray in
typedarray.js, removing the need for a global TypedArray.

This patch updates CallRuntime.golden to account for the two extra
native runtime calls. This patch also fixes some formatting issues (by
running git cl format).

BUG=chromium:579905, chromium:593634, v8:4085, v8:5073

Review-Url: https://codereview.chromium.org/2046333002
Cr-Commit-Position: refs/heads/master@{#36811}

This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
function. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.

R=binji@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2034063002
Cr-Commit-Position: refs/heads/master@{#36810}

Ideally we would have a dedicated MachineRepresentation for Smis during
representation selection and use that to properly optimize ObjectIsSmi
(and other ObjectIs<Type> predicates), but that will take some time to
get that done. So in the meantime we can just do simple (local) strength
reduction on ObjectIsSmi to avoid Smi checks in the simplest cases at
least.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2047213002
Cr-Commit-Position: refs/heads/master@{#36809}

This changes the contract for the aforementioned API function to be more
permissive and allow callers to call it with less restrictions. The new
contract is:

a) For so far un-compiled functions, the compiler is free to choose the
   backend according to other decision criteria. Debug code can hence be
   provided by either Ignition or FullCodegen.
b) For compiled functions, the compiler will provide debug code within
   the same tier as existing code. For Ignition the generated code will
   be equivalent to the old one. For FullCodegen the code will contain
   debug information and debug break slots.

Concretely this fixes an issue where generator or async functions might
have been compiled with an unexpected backend, due to the fact that the
API method in question was always providing FullCodegen code.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2044063002
Cr-Commit-Position: refs/heads/master@{#36808}

Revert of [heap] Uncommit unused large object page memory. (patchset #13 id:230001 of https://codereview.chromium.org/2032393002/ )

Reason for revert:
Needs fixing of slot set.

Original issue's description:
> [heap] Uncommit unused large object page memory.
>
> As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.
>
> BUG=
>
> Committed: https://crrev.com/d61a5c376ba51145dc4684e39d5d3a9ce75bcfa6
> Cr-Commit-Position: refs/heads/master@{#36763}

TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/2043263002
Cr-Commit-Position: refs/heads/master@{#36807}

Revert of [heap] Unregister shrinked large object memory from chunk map. (patchset #6 id:100001 of https://codereview.chromium.org/2046953002/ )

Reason for revert:
Revert because uncommit of lo is broken.

Original issue's description:
> [heap] Unregister shrinked large object memory from chunk map.
>
> BUG=chromium:617883
> LOG=n
>
> Committed: https://crrev.com/2b38d3121b5fd0e409cdda0071fa2e0ec2846ab2
> Cr-Commit-Position: refs/heads/master@{#36793}

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:617883

Review-Url: https://codereview.chromium.org/2046563008
Cr-Commit-Position: refs/heads/master@{#36806}

In Crankshaft we don't know reliably know that an HAdd might not turn
into a string addition later (via deoptimization), so we cannot set the
HValue::kAllowUndefinedAsNaN flag on the HAdd instruction in those
cases. It doesn't seem to affect performance if we just remove the flag
completely from the HAdd instruction, so let's stick to that approach
for now.

R=jarin@chromium.org
BUG=v8:5074

Review-Url: https://codereview.chromium.org/2048643002
Cr-Commit-Position: refs/heads/master@{#36805}

Rolling v8/build to d3b5b6bf460126a9f8b6d883749baac3cebbb449

Rolling v8/buildtools to 8dd3c8e39a48743c4eb790d9a8abe9676b617046

Rolling v8/tools/clang to db6e187140f7b870bdcaab19456193c94d7963bd

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2045883003
Cr-Commit-Position: refs/heads/master@{#36804}

Revert of [heap] Fix chunk map removal for large objects. (patchset #1 id:1 of https://codereview.chromium.org/2042123003/ )

Reason for revert:
Fails on noi18n debug build (https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/8040/steps/Check/logs/unbox-double-arrays), please take a look.

Original issue's description:
> [heap] Fix chunk map removal for large objects.
>
> BUG=
>
> Committed: https://crrev.com/65dac7f8ead2eb09d417ecaaae0164699edfd510
> Cr-Commit-Position: refs/heads/master@{#36802}

TBR=mlippautz@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2046283002
Cr-Commit-Position: refs/heads/master@{#36803}

BUG=

Review-Url: https://codereview.chromium.org/2042123003
Cr-Commit-Position: refs/heads/master@{#36802}

Port 8d90210a

R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com

BUG=v8:4483
LOG=N

Review-Url: https://codereview.chromium.org/2047673003
Cr-Commit-Position: refs/heads/master@{#36801}