Bug: v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I3294568a550b829b0ec90147a4cdaefe169bb7cb
Reviewed-on: https://chromium-review.googlesource.com/718206Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48587}

Bug: 
Change-Id: I41d3f3086f5e90a1a1579c18eca59b5d098f637f
Reviewed-on: https://chromium-review.googlesource.com/690374
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48207}

There are only very few custom compiled IC handlers left that go in there, and for each compiled handler we only have 1 cache hit on top25; maximally saving 60ms over 33s. Additionally we'll migrate the remaining handlers to data-driven handlers anyway. Let's try to remove this code.

Bug: 
Change-Id: Ib874cc498015046a3ff67c83ea8b10b3c4eb7d0f
Reviewed-on: https://chromium-review.googlesource.com/668409
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48201}

Fix 408f252b

Bug: 
Change-Id: Ibed235d76ceb9a6adc818a5e06b1ba28fe365cba
Reviewed-on: https://chromium-review.googlesource.com/659619Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47939}

In case of LAP(lazy accessor pair), the function's creation context
must be equal to the accessor holder's creation context, so this CL
changes the current context to the accessor holder's creation context.

Note that this is the second attempt after https://crrev.com/2770003002

The change from the previous attempt is to skip looking for the
object's constructor if the object itself is a function.

Also some of Blink's LAP-context-sensitive tests got updated at
https://crrev.com/c/597990 and the rest of the tests will get
temporarily disabled at https://crrev.com/c/605408 .

TBR=verwaest@chromium.org

Bug: v8:6156
Change-Id: I09709a90995d82a03996d0347e5a1d8425b5db9c
Reviewed-on: https://chromium-review.googlesource.com/563152
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47572}

R=ishell@chromium.org
BUG=v8:6409

Change-Id: Ic01d4f1a8b251bb5480840d4943d9ebec713b9c1
Reviewed-on: https://chromium-review.googlesource.com/626016Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47534}

TBR=bmeurer@chromium.org

Bug: v8:6404
Change-Id: Ic813f885449178d10527834356c33da658e2cf06
Reviewed-on: https://chromium-review.googlesource.com/569183
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46652}

Revert of Set the current context to the function's context when entering to LAP. (patchset #14 id:540001 of https://codereview.chromium.org/2770003002/ )

Reason for revert:
Speculative: Seems to break webkit_unit_tests:
https://build.chromium.org/p/tryserver.v8/builders/v8_linux_blink_rel/builds/23247
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/11038

Original issue's description:
> Set the current context to the function's context when entering to LAP.
>
> In case of LAP(lazy accessor pair), the function's creation context
> must be equal to the accessor holder's creation context, so this CL
> changes the current context to the accessor holder's creation context.
>
> BUG=v8:6156
>
> Review-Url: https://codereview.chromium.org/2770003002
> Cr-Commit-Position: refs/heads/master@{#46406}
> Committed: https://chromium.googlesource.com/v8/v8/+/18e73287dc65452bc2f952fc005b2251fc32c15a

TBR=jochen@chromium.org,verwaest@chromium.org,mstarzinger@chromium.org,tebbi@google.com,yukishiino@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6156

Review-Url: https://codereview.chromium.org/2973593002
Cr-Commit-Position: refs/heads/master@{#46408}

In case of LAP(lazy accessor pair), the function's creation context
must be equal to the accessor holder's creation context, so this CL
changes the current context to the accessor holder's creation context.

BUG=v8:6156

Review-Url: https://codereview.chromium.org/2770003002
Cr-Commit-Position: refs/heads/master@{#46406}

There are only two users of hidden prototypes left and they both only have 1 level. This slightly simplifies the handcrafted code.

Bug: v8:5561
Change-Id: I674e72f1465ccbe75c0bb63f7eea3525830145cb
Reviewed-on: https://chromium-review.googlesource.com/512745Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45503}

Change-Id: I20ed35a7fb5104a9cc66bb54fa8966589c43d7f9
Reviewed-on: https://chromium-review.googlesource.com/507287Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#45458}

Add Miran Karic and Dusan Simicic
Remove Paul Lind, Gergely Kis, Akos Palfi, Balasz Kilvady
and Dusan Milosavljevic

NOTRY=true

Review-Url: https://codereview.chromium.org/2881493003
Cr-Commit-Position: refs/heads/master@{#45273}

The CallApiCallbackStub can avoid loading undefined in case the
call_data is already undefined, which doubles the number of versions of
the stub and adds unnecessary complexity (at the benefit of saving one
stupid load). The idea is to turn the CallApiCallbackStub into a single
builtin instead, which does the right thing, so this is the first step
towards that goal.

R=yangguo@chromium.org
BUG=v8:6304

Review-Url: https://codereview.chromium.org/2838143003
Cr-Commit-Position: refs/heads/master@{#44869}

For MIPS64, many load/store operations from/to memory emit more then
one instruction. This is the reason for moving them from assembler to
macro-assembler.

TEST=
BUG=

Review-Url: https://codereview.chromium.org/2829073002
Cr-Commit-Position: refs/heads/master@{#44746}

The ForDeopt stub isn't actually necessary anymore; but I don't want to fix the deoptimizer in the same CL.

BUG=v8:5561

Change-Id: I7101cec4b783949bcfbf1ebdb80541d1b558e2e2
Reviewed-on: https://chromium-review.googlesource.com/455858
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43896}

BUG=v8:5561

Change-Id: Ib344479dac691bc418fbedffffbfbc1380ddd369
Reviewed-on: https://chromium-review.googlesource.com/455937
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43888}

BUG=

Change-Id: I1fd0ae3dcb0e644e9f2a56c242720b4def4bb579
Reviewed-on: https://chromium-review.googlesource.com/454836
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43818}

BUG=

Change-Id: Ic63c63a312c6282814c14176d982b8c825ba6dc4
Reviewed-on: https://chromium-review.googlesource.com/454756
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43816}

This doesn't support "lookup after interceptor", but that should be unnecessary by now since we have non-masking interceptors.

BUG=

Change-Id: I8650a47ab2ce6fa314de25d0c4775b5c165df179
Reviewed-on: https://chromium-review.googlesource.com/453376Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43766}

As the code isn't used, but would have to be ported from hand-written
assembly to CodeStubAssembler anyways, I propose to remove it and
restore it if we decide that we actually need it.

R=vogelheim@chromium.org
BUG=

Change-Id: Iffd7fc6ec534b1dd7a9144da900424355c8a7a02
Reviewed-on: https://chromium-review.googlesource.com/453461
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43763}

This is a preliminary cleanup necessary for the actual fix of the associated issue.

BUG=chromium:688734

Change-Id: Iecd39ed4cef34c6cc5d9652c5569e048f0db46af
Reviewed-on: https://chromium-review.googlesource.com/446341
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43410}

BUG=

Change-Id: Ib7cc2a04a7c8e314e1f4a8720eef569a6a4a3b18
Reviewed-on: https://chromium-review.googlesource.com/444406Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43307}

BUG=v8:5269

Review-Url: https://codereview.chromium.org/2686723004
Cr-Commit-Position: refs/heads/master@{#43074}

BUG=v8:5917

Review-Url: https://codereview.chromium.org/2673383002
Cr-Commit-Position: refs/heads/master@{#42982}

This CL also removes unused LoadApiGetterStub and renames StoreElementStub to StoreSlowElementStub.

BUG=v8:4587

Review-Url: https://codereview.chromium.org/2670863003
Cr-Commit-Position: refs/heads/master@{#42951}

BUG=v8:5269

Review-Url: https://codereview.chromium.org/2622003004
Cr-Commit-Position: refs/heads/master@{#42261}

BUG=v8:5269

Review-Url: https://codereview.chromium.org/2623483002
Cr-Commit-Position: refs/heads/master@{#42171}

The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.

Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}

The access check is generated as a:
- Equality check of an execution-time and a compile-time native contexts
  for primitive receivers.
- Equality check of an execution-time and a compile-time native contexts
  or equality check of a respective security tokens for global proxy receivers.
- No-op for other kinds of receivers.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2482913002
Cr-Commit-Position: refs/heads/master@{#40829}

This CL adds support for primitive maps to
1) PrototypeIterator,
2) PropertyHandlerCompiler::CheckPrototypes(),
3) Map::GetOrCreatePrototypeChainValidityCell(),
4) Prototype checks in data-driven ICs.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2466553002
Cr-Commit-Position: refs/heads/master@{#40673}

The reasons are:
1) Type feedback vectors are not shared between different native contexts and
   therefore the IC handler created for one native context will not be reused
   in other native context.
2) Access rights revocation is not supported at all, therefore given (1) once
   we pass the access check we don't have to check access rights again.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2455953002
Cr-Commit-Position: refs/heads/master@{#40627}

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2449463002
Cr-Commit-Position: refs/heads/master@{#40626}

BUG=

Review-Url: https://codereview.chromium.org/2428473002
Cr-Commit-Position: refs/heads/master@{#40358}

RIP, handwritten KeyedLoadICStub, handwritten KeyedLoadIC_Megamorphic,
and hydrogenized KeyedLoadGeneric!

Review-Url: https://codereview.chromium.org/2424433002
Cr-Commit-Position: refs/heads/master@{#40354}

Introduce AccessCompilerData which hangs off the Isolate, and initialize
it when the first PropertyAccessCompiler is instantiated. This avoids
TSAN failures when trying to access load/store calling convention arrays.

BUG=v8:5427

Review-Url: https://codereview.chromium.org/2389313002
Cr-Commit-Position: refs/heads/master@{#40055}

... by passing a field offset as a runtime parameter.

This CL also introduces a StoreMapStub - a special case of a store transition
that used to be handled by old StoreTransitionStub.

BUG=chromium:648545

Review-Url: https://codereview.chromium.org/2397573004
Cr-Commit-Position: refs/heads/master@{#39997}

BUG=chromium:650973

Review-Url: https://codereview.chromium.org/2374003002
Cr-Commit-Position: refs/heads/master@{#39823}

According to new store IC calling convention the value, slot and vector are passed
on the stack and there's no need in trying to preserve values or respective registers
in store handlers.

Nice bonus: we also don't need virtual registers anymore.

BUG=v8:5407

Review-Url: https://codereview.chromium.org/2357323003
Cr-Commit-Position: refs/heads/master@{#39672}

This will allow to simplify the miss part of store IC handlers when we decide
to pass value/slot/vector on the stack.

BUG=v8:5407

Review-Url: https://codereview.chromium.org/2351643005
Cr-Commit-Position: refs/heads/master@{#39549}

This CL also cleans up related interface descriptors:
1) unused StoreTransitionDescriptor is removed and VectorStoreTransitionDescriptor is
renamed to StoreTransitionDescriptor.
2) on ia32/x87 architectures slot and vector are passed on the stack (dispatcher/handlers
cleanup will be addressed in a separate CL).

These two stub ports have to be combined in one CL because:
1) without changing the StoreTransitionDescriptor TF was not able to compile them
on ia32/x87 (because of lack of registers),
2) it was not possible to change the descriptor first because Crankshaft was not able
to deal with the stack allocated parameters in case of a stub failure.

TBR=jkummerow@chromium.org
BUG=v8:5269

Review-Url: https://codereview.chromium.org/2313093002
Cr-Commit-Position: refs/heads/master@{#39476}