This code is no longer used in full-codegen or ast-graph-builder since all
functions which have class literals go through Ignition first.

BUG=v8:5657

Review-Url: https://codereview.chromium.org/2534463002
Cr-Commit-Position: refs/heads/master@{#41282}

This makes sure call-site rendering for certain {TypeError} messages is
based on the correct underlying {JSFunction}, even when inlined frames
are present. Only the {FrameSummary} knows the exact function.

R=verwaest@chromium.org
TEST=message/regress/regress-crbug-661579
BUG=chromium:661579

Review-Url: https://codereview.chromium.org/2521103005
Cr-Commit-Position: refs/heads/master@{#41264}

Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
 - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
 - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
 - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
 - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.

 R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org

Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Original-Commit-Position: refs/heads/master@{#41198}
Cr-Commit-Position: refs/heads/master@{#41234}

BUG=v8:4280,v8:5657

Review-Url: https://codereview.chromium.org/2505933008
Cr-Commit-Position: refs/heads/master@{#41209}

Revert of [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects. (patchset #13 id:240001 of https://codereview.chromium.org/2471883003/ )

Reason for revert:
Test crashes after an unrelated revert: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7189

Reverting because of recommendation from WASM team.

Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
>  - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
>  - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
>  - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
>  - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
>  R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
> Cr-Original-Commit-Position: refs/heads/master@{#41121}
> Cr-Commit-Position: refs/heads/master@{#41198}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2529573002
Cr-Commit-Position: refs/heads/master@{#41208}

Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
 - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
 - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
 - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
 - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.

 R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org

Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Commit-Position: refs/heads/master@{#41198}

StepFrame is a combination of StepIn/StepOut, e.g. it breaks to the next
frame change. This is not part of the public API, but we want to keep it
for internal tests.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2514303003
Cr-Commit-Position: refs/heads/master@{#41177}

This renames the {operand_stack} field to {register_file}, to refelct
how said field is used on all {JSGeneratorObject} instances by now. This
is a pure refactoring CL, not changes in semantics.

R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2520913002
Cr-Commit-Position: refs/heads/master@{#41140}

This removes some outdated code that allocates a {JSGeneratorObject} for
baseline code. We no longer support such a representation of generators
and can rely on bytecode being available for all generators.

R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2515253003
Cr-Commit-Position: refs/heads/master@{#41137}

This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2504223002
Cr-Commit-Position: refs/heads/master@{#41135}

Stepping in a generator now behaves similar to stepping inside an
async function. Stepping in or next at a yield expression will result in
a break inside the same generator when we return to the generator.
Behavior of step-out does not change.

R=jgruber@chromium.org, neis@chromium.org
BUG=chromium:496865

Review-Url: https://codereview.chromium.org/2519853002
Cr-Commit-Position: refs/heads/master@{#41132}

Adapted various tests to restrictions of inspector protocol:

* osr-typing-debug-change: Don't set function variable value.
* debug-evaluate-locals: Add variable introduced by eval, run typeof
  inside evaluate().
* regress-419663: Don't set duplicate breakpoints.
* regress-crbug-465298: Compare against function name instead of value.
* regress-crbug-621361: Make evaluate return string results.
* debug-script: Various counts were off due to new way tests are called.
                Added new inspector script type.

Breakpoints now contain the actual break position, and remote object
reconstruction has been extended a bit.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2505363002
Cr-Commit-Position: refs/heads/master@{#41129}

Revert of [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects. (patchset #10 id:180001 of https://codereview.chromium.org/2471883003/ )

Reason for revert:
Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7114

Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
>  - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
>  - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
>  - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
>  - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
>  R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Cr-Commit-Position: refs/heads/master@{#41121}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2512323004
Cr-Commit-Position: refs/heads/master@{#41122}

Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
 - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
 - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
 - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
 - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.

 R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2471883003
Cr-Commit-Position: refs/heads/master@{#41121}

... at least for the function which will remain after restructuring of
the debug interface. For some methods that will be removed anyway, we
just return zero / null for now.

I also refactored the ScriptLocationFromLine method to make it more
readable and reuse parts in other files (like ScriptLinePosition).

BUG=5655
R=titzer@chromium.org, jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2512833003
Cr-Commit-Position: refs/heads/master@{#41115}

This is a next step towards removing names table from type feedback metadata.

BUG=chromium:576312, v8:5561

Review-Url: https://codereview.chromium.org/2514453002
Cr-Commit-Position: refs/heads/master@{#41111}

This is a next step towards removing names table from type feedback metadata.

BUG=chromium:576312, v8:5561

Review-Url: https://codereview.chromium.org/2507143003
Cr-Commit-Position: refs/heads/master@{#41106}

We never increment live bytes concurrent to the sweeper.

BUG=

Review-Url: https://codereview.chromium.org/2504193002
Cr-Commit-Position: refs/heads/master@{#41097}

With the new wasm object types, the GetCompiledModule and GetWasmBytes
functions are not needed any more. The same functions are already
public on the wasm objects.
In order to use them properly, I changed a few more locations to make
use of the new types.

R=ahaas@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2503403005
Cr-Commit-Position: refs/heads/master@{#41085}

This method is a slight misnomer. What we actually want to know is
whether the function was defined in a user-provided script.

Also remove redundant Script::hide_source flag.

R=bmeurer@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/2505853003
Cr-Commit-Position: refs/heads/master@{#41065}

Revert of Refactor SharedFunctionInfo::IsBuiltin. (patchset #1 id:1 of https://codereview.chromium.org/2505853003/ )

Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11394

Original issue's description:
> Refactor SharedFunctionInfo::IsBuiltin.
>
> This method is a slight misnomer. What we actually want to know is
> whether the function was defined in a user-provided script.
>
> Also remove redundant Script::hide_source flag.
>
> R=bmeurer@chromium.org, ulan@chromium.org

TBR=bmeurer@chromium.org,ulan@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2512463002
Cr-Commit-Position: refs/heads/master@{#41050}

R=clemensh@chromium.org,mtrofin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2510673002
Cr-Commit-Position: refs/heads/master@{#41043}

This method is a slight misnomer. What we actually want to know is
whether the function was defined in a user-provided script.

Also remove redundant Script::hide_source flag.

R=bmeurer@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/2505853003
Cr-Commit-Position: refs/heads/master@{#41036}

Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.

BUG=chromium:662334

Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}

In case of an allocation failure in for-in over holey elements, use precise
number of elements to allocate a smaller buffer for the collected indices.

Drive-by-fix: make is_the_hole accept the isolate for faster checks.

BUG=chromium:609761

Review-Url: https://codereview.chromium.org/2041963003
Cr-Commit-Position: refs/heads/master@{#41010}

ICU now supports uppercasing in Greek via its regular uppercasing API.
So, there's no need to use a slow transliteration API for uppercasing
in Greek.

This CL includes rolling ICU to ICU 58.1.

Besides, drop intl402/Intl/getCanonicalLocales/weird-cases from
test262.status because it passes now with ICU 58.1.

BUG=chromium:637001,v8:5012

Review-Url: https://codereview.chromium.org/2491333003
Cr-Commit-Position: refs/heads/master@{#41009}

Before, we allocated one script per function per instance, and each
script referenced the wasm instance and the function index. Now we only
allocate one script per compiled wasm module, so the script also only
references this WasmCompiledModule, which causes changes to many interfaces.

Instead of fixing the disassemble API only used via debug.js, I decided
to drop it for now. Some later CL will reintroduce it via
DebugInterface.

BUG=v8:5530,chromium:659715
R=yangguo@chromium.org, titzer@chromium.org
CC=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2493823003
Cr-Commit-Position: refs/heads/master@{#41004}

Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.

Only deals with the case where there is a single spread argument.

Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}

This CL enables precise source positions for all V8 compilers. It merges compiler::SourcePosition and internal::SourcePosition to a single class used throughout the codebase. The new internal::SourcePosition instances store an id identifying an inlined function in addition to a script offset.
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
 - The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
 - The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().

If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.

All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.

At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.

I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.

The following additional changes were necessary:
 - The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
 - The class HPositionInfo was effectively dead code and is now removed.
 - SourcePosition has new printing and information facilities, including computing a full inlining stack.
 - I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
 - I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
 - I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
 - Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).

BUG=v8:5432

Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}

Adds a protector cell to prevent inlining (which will likely lead to deopt
loops) when a JSArrayIterator's array transitions from a fast JSArray to a
slow JSArray (such as, when the array is touched during iteration in a way
which triggers a map transition).

Also adds TODO comments relating to the spec update proposed by Dan at
https://github.com/tc39/ecma262/pull/724

BUG=v8:5388
R=bmeurer@chromium.org, mstarzinger@chromium.org
TBR=hpayer@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/2484003002
Cr-Commit-Position: refs/heads/master@{#40970}

- Creates a new promise-utils.{h, cc} which refactors out the
logic to create resolving functions. This is shared between the
runtime functions and builtins.

- Changes PromiseResolveThenableJobInfo to store the context
since we no longer create the resolving functions in JS.

- Changes EnqueuPromiseResolveThenableJob to take in the promise and
  not the callbacks.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2487053002
Cr-Commit-Position: refs/heads/master@{#40941}

Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.

Reland of https://codereview.chromium.org/2448933002

BUG=v8:5512

Review-Url: https://codereview.chromium.org/2497573003
Cr-Commit-Position: refs/heads/master@{#40930}

Revert of [compiler] Fix flipped boolean checks in marked tier-up (patchset #7 id:120001 of https://codereview.chromium.org/2478323002/ )

Reason for revert:
Breaks deopt fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/14872/steps/Deopt%20Fuzz%20on%20Ubuntu-12.04/logs/stdio

Original issue's description:
> [compiler] Fix flipped boolean checks in marked tier-up
>
> Fixes incorrect checks for handle validity when checking the compiled
> code, as well as incorrect uses of tst in arm and ppc flag checking
> code. Also adds a test that the tier-up works correctly.

TBR=rmcilroy@chromium.org,leszeks@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2492523007
Cr-Commit-Position: refs/heads/master@{#40919}

Fixes incorrect checks for handle validity when checking the compiled
code, as well as incorrect uses of tst in arm and ppc flag checking
code. Also adds a test that the tier-up works correctly.

Review-Url: https://codereview.chromium.org/2478323002
Cr-Commit-Position: refs/heads/master@{#40915}

This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.

R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}

BUG=v8:5614

Review-Url: https://codereview.chromium.org/2493553002
Cr-Commit-Position: refs/heads/master@{#40892}

This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.

The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-660379
BUG=chromium:660379

Review-Url: https://codereview.chromium.org/2487173002
Cr-Commit-Position: refs/heads/master@{#40887}

This makes use of the newly introduced cell indices to speed up variable
accesses. Imports and local exports are now directly stored in (separate)
arrays. In the future, we may merge the two arrays into a single one, or
even into the module context.

This CL also replaces the LoadImport and LoadExport runtime functions with
a single LoadVariable taking a variable index as argument (rather than a
name).

BUG=v8:1569

Review-Url: https://codereview.chromium.org/2465283004
Cr-Commit-Position: refs/heads/master@{#40808}

This CL adds simple implementation of break and stepping-related functionality
as required by the debug-step.js test. This includes

* stepOver, stepInto, stepOut
* setBreakPoint
* clearBreakPoint
* evaluate

Some of these, e.g. setBreakPoint are not fully implemented for all cases but
only for the ones we need right now.

One interesting result of this is that using the inspector protocol is roughly
14x slower for debug-step.js (14s instead of 0.5s). One cause of this seems to
be iteration over all object properties in toProtocolValue, which is used to
serialize JS objects before being sent over the wire (e.g. FrameMirrors).  This
is something that should be fixed at some point. In the meantime, the test now
runs 100 instead of 1000 iterations.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2447073007
Cr-Commit-Position: refs/heads/master@{#40636}

This is no longer used.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2454713003
Cr-Commit-Position: refs/heads/master@{#40622}