A decoder error sets builder_ to null, which causes builder_->StackCheck
to segfault.

R=titzer@chromium.org

TEST=mjsunit/regress/wasm/loop-stack-check

Review-Url: https://codereview.chromium.org/2416873002
Cr-Commit-Position: refs/heads/master@{#40271}

R=ishell@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2410353004
Cr-Commit-Position: refs/heads/master@{#40270}

BUG=v8:5501

Review-Url: https://codereview.chromium.org/2417643004
Cr-Commit-Position: refs/heads/master@{#40269}

This CL fixes the debugger interface to provide correct (high-level)
information for asm.js frames.
It moves the computation of the source position from the FrameInspector
to the individual StackFrame implementations, such that we can easily
specualize it for certain frame types, and can potentially reuse this
in other locations.

Also, we are finalizing the setup of the wasm module earlier, before
executing the start function. This is required for correct stack traces
during the execution of the start function.

R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:4203

Review-Url: https://codereview.chromium.org/2413693003
Cr-Commit-Position: refs/heads/master@{#40268}

BUG=chromium:648568

Review-Url: https://codereview.chromium.org/2418773002
Cr-Commit-Position: refs/heads/master@{#40267}

R=jarin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2407153007
Cr-Commit-Position: refs/heads/master@{#40266}

As part of this, introduce a new JSObject for iterating over the elements of a
FixedArray.

R=adamk@chromium.org,bmeurer@chromium.org
TBR=ulan@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2407423002
Cr-Commit-Position: refs/heads/master@{#40265}

BUG=v8:5501

Review-Url: https://codereview.chromium.org/2413763004
Cr-Commit-Position: refs/heads/master@{#40264}

R=bmeurer@chromium.org
BUG=v8:5439

Review-Url: https://codereview.chromium.org/2407823002
Cr-Commit-Position: refs/heads/master@{#40263}

AllocateAlignedMemory calls ReserveAlignedMemory which increments size_
value. In some cases AllocateAlignedMemory can return NULL value. Before
returning NULL, AllocateAlignedMemory should decrease size_ value.

TEST=cctest/test-spaces/LargeObjectSpace
BUG=

Review-Url: https://codereview.chromium.org/2418733002
Cr-Commit-Position: refs/heads/master@{#40262}

When we inlined a [[Construct]] call to a subclass constructor, we can
also inline the super constructor call (either explicit or implicit),
since we have a concrete JSFunction constant for the subclass and we
can thus constant-fold the %_GetSuperConstructor intrinsic. We don't
need any guards here since the prototype of subclass constructors is
non-writable, non-configurable in ES6.

BUG=v8:5517
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2409423006
Cr-Commit-Position: refs/heads/master@{#40261}

Instead of suppressing the linker warnings and disallowing incremental
linking, just fix the annotations..

R=machenbach@chromium.org,jgruber@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2420603002
Cr-Commit-Position: refs/heads/master@{#40260}

BUG=

Review-Url: https://codereview.chromium.org/2417833002
Cr-Commit-Position: refs/heads/master@{#40259}

It belongs there more logically. In addition, this is a pre-step needed
for preparsing the parameters of a preparsed function.

In addition, move the "subtract rest parameter from arity" logic from
Parser to (Pre)?ParserFormalParameters.

BUG=v8:5515

Review-Url: https://codereview.chromium.org/2414003002
Cr-Commit-Position: refs/heads/master@{#40258}

NOTRY=true
TBR=adamk, caitp

Review-Url: https://codereview.chromium.org/2419433006
Cr-Commit-Position: refs/heads/master@{#40257}

Turn AllowsLazyParsingWithoutUnresolvedVariables into a whitelist stopping at the outer parsed context.

Any context outer to what we're parsing already has proper context allocation, so we don't need to check those scopes.

BUG=v8:5501

Review-Url: https://codereview.chromium.org/2417643003
Cr-Commit-Position: refs/heads/master@{#40256}

BUG=

Review-Url: https://codereview.chromium.org/2412043003
Cr-Commit-Position: refs/heads/master@{#40255}

In a fuzzer testcase I found locally the ast-decoder spent a lot of time
in the decoding of kExprBrTable after the decoder already found an
error. I did not add a test because the fuzzer test case did not
actually crash. It only run out of memory in the chromium fuzzer.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2413863003
Cr-Commit-Position: refs/heads/master@{#40254}

This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}

BUG=

Review-Url: https://codereview.chromium.org/2412493008
Cr-Commit-Position: refs/heads/master@{#40252}

Stack checks in loops allows to interrupt loops.

BUG=cctest/test-run-wasm-module/TestInterruptLoop
R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2405293002
Cr-Commit-Position: refs/heads/master@{#40251}

BUG=chromium:652721

Review-Url: https://codereview.chromium.org/2406363002
Cr-Commit-Position: refs/heads/master@{#40250}

This fixes the code-path in RegExpExec in which both the passed exec
argument and regexp.exec are not callable and regexp is a JSRegExp.

In this case, we fall back to the default RegExp.prototype.exec
implementation. The arguments for Execution::call were incorrect.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2415073002
Cr-Commit-Position: refs/heads/master@{#40249}

I don't see a reason why we can't benefit from preparsing such functions. We don't necessarily compile them, so fully parsing them when unnecessary is just additional overhead.

BUG=v8:5501

Review-Url: https://codereview.chromium.org/2413213002
Cr-Commit-Position: refs/heads/master@{#40248}

BUG=v8:5501,chromium:655122

Review-Url: https://codereview.chromium.org/2419663005
Cr-Commit-Position: refs/heads/master@{#40247}

BUG=chromium:654377
TEST=mjsunit/regress/wasm/regression-654377
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2403013002
Cr-Commit-Position: refs/heads/master@{#40246}

BUG=

Review-Url: https://codereview.chromium.org/2402313003
Cr-Commit-Position: refs/heads/master@{#40245}

  port c15c5827 (r40206)

  original commit message:
  This is the next step to unify the Call/Construct feedback collection
  and prepare it to be able to collect SharedFunctionInfo feedback. This
  also reduces the CallICStub overhead quite a bit since we only need one
  stub per mode (and tail call mode), not also one per call arity.

BUG=

Review-Url: https://codereview.chromium.org/2409953005
Cr-Commit-Position: refs/heads/master@{#40244}

R=jgruber@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2407153003
Cr-Commit-Position: refs/heads/master@{#40243}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/dd41141..f9e6643

Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapul/+log/daccdeb..5b5774b

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clan/+log/3d97083..6551b7f

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2413533004
Cr-Commit-Position: refs/heads/master@{#40242}

Review-Url: https://codereview.chromium.org/2419713002
Cr-Commit-Position: refs/heads/master@{#40241}

This is a much more descriptive name.

BUG=v8:5343
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2412263002
Cr-Commit-Position: refs/heads/master@{#40240}

This patch results in a 11% improvement over 5 runs in the
bluebird benchmark.

BUG=v8:5343,v8:5046
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2406343002
Cr-Commit-Position: refs/heads/master@{#40239}

This incorporates recent feedback:
- simpler deserialization API by dropping the std::unique_ptr.
The only purpose there was communicating to the caller that they
own the buffer, and that the deserializer won't delete it. The new
design communicates that through a naming choice.
- renamed *UncompiledBytes to *WasmWireBytes

BUG=

Review-Url: https://codereview.chromium.org/2411263004
Cr-Commit-Position: refs/heads/master@{#40238}

Review-Url: https://codereview.chromium.org/2404663002
Cr-Commit-Position: refs/heads/master@{#40237}

Review-Url: https://codereview.chromium.org/2405173005
Cr-Commit-Position: refs/heads/master@{#40236}

BUG=428099

Review-Url: https://codereview.chromium.org/2404283002
Cr-Commit-Position: refs/heads/master@{#40235}

The over allocated memory of fixed array type didn't equal to the sum of all
fixed array sub types previously, this patch adds over allocated memory of fixed
array sub types to fixed array type when we record fixed array sub type stats.

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2410083003
Cr-Commit-Position: refs/heads/master@{#40234}

By defining functions with namespace prefix, the compiler checks that
they were previously declared, and checks that the signature matches.
I stumbled across this several times when changing the interface of a
function in the header.
With this change you get a compile error right away instead of a linker
error in the very end.

This change also revealed two functions which could be placed in an
anonymous namespace, saving 5.5kB program size in Debug build, 2.3kB in
Optdebug and 0.3kB in Release. It's also opening more options for
compiler optimizations, as the functions now have internal linkage.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2415603002
Cr-Commit-Position: refs/heads/master@{#40233}

The state sampling was implemented in chrome, we had an interface for it
V8 but it was not implemented yet.
The chrome version version has been removed in
https://codereview.chromium.org/2406703002/
Therefore following up with its removal in V8 as well.

This CL can land independent of the Chromium related CL.

R=primiano@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2410523002
Cr-Commit-Position: refs/heads/master@{#40232}