[turbofan] Properly type %_IsDate intrinsic.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1208003002.

Cr-Commit-Position: refs/heads/master@{#29283}

Reland "Keep a canonical list of shared function infos."

This reverts commit 3164aa7483cb476da84895a3c9810015758fccf9.

Review URL: https://codereview.chromium.org/1211453002

Cr-Commit-Position: refs/heads/master@{#29282}

[ic] Record call counts for monomorphic calls made with an IC.

The idea is that TurboFan can use this information for more intelligent
inlining.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1201193003

Cr-Commit-Position: refs/heads/master@{#29281}

Vector ICs: Like megamorphic keyed koads, use a dummy vector for stores

It's useful for the megamorphic keyed store case to not require a
vector and slot as input. Analogous to the load case, we have a dummy
one-ic-slot vector to aid. Since the only kind of MISS is for
megamorphic cache stub failures, we don't need the real vector.
The reason is that megamorphic cache stub failures don't result in any
change to the type feedback vector state.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1210583002

Cr-Commit-Position: refs/heads/master@{#29280}

[turbofan] Add basic support for calling to (a subset of) C functions.

This introduces some initial building blocks for calling out to
C/C++ functions directly from TurboFan generated code objects.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1205023002.

Cr-Commit-Position: refs/heads/master@{#29279}

Simplify interface to optimized code map lookup.

This is one step torwards extracting an OptimizedCodeMap out from the
SharedFunctionInfo in order to have a more flexible implementation.

R=bmeurer@chromium.org, jarin@chromium.org

Review URL: https://codereview.chromium.org/1205783003.

Cr-Commit-Position: refs/heads/master@{#29278}

[turbofan] Revive the useful parts of the SimplifiedOperatorReducer.

This partially reverts https://codereview.chromium.org/1162563002
because we might actually be able to optimize certain combinations
now due to dead code elimination.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1202263006

Cr-Commit-Position: refs/heads/master@{#29277}

Make helper functions compatible with larger ToBooleanStub types.

I missed some functions that need to change.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1199413009

Cr-Commit-Position: refs/heads/master@{#29276}

Make sure bound functions never make it into optimized code map.

This is one step torwards extracting an OptimizedCodeMap out from the
SharedFunctionInfo in order to have a more flexible implementation.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1210523002

Cr-Commit-Position: refs/heads/master@{#29275}

Update V8 DEPS.

Rolling v8/third_party/icu to c3f79166089e5360c09e3053fce50e6e296c3204

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1206173002

Cr-Commit-Position: refs/heads/master@{#29274}

JSON.stringify should handle the replacer before the space

BUG=v8:4227
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1200373003

Cr-Commit-Position: refs/heads/master@{#29273}

Fix evaluation order of Object.prototype.hasOwnProperty

We need to do the ToName before the ToObject.

BUG=v8:4229
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1211663002

Cr-Commit-Position: refs/heads/master@{#29272}

jsmin.py: Fix issue with escaping of back ticks

The escaping of back ticks in template strings was incorrect

BUG=v8:4240
LOG=N
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1209713003

Cr-Commit-Position: refs/heads/master@{#29271}

JSON.stringify should use toString of replacer and not valueOf

If the replacer array contains a number wrapper we should use the
toString result and not valueOf.

BUG=v8:4228
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1207013002

Cr-Commit-Position: refs/heads/master@{#29270}

PPC: Debug check fix for test SMI optimization.

R=mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1202383005

Cr-Commit-Position: refs/heads/master@{#29269}

i18n.js was not using original functions

The i18n.js code was calling a lot of methods, which might have been
removed or replaced by user code.

Make sure we use the original functions.

BUG=v8:4220
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1199813004

Cr-Commit-Position: refs/heads/master@{#29268}

Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/1202963005/)

Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream blink first.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574

Please consider extra blink trybots on a reland.

Original issue's description:
> Fix receiver when calling eval() bound by with scope
>
> Thanks to André Bargull for the report.
>
> BUG=v8:4214
> LOG=N
> R=arv@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/3c5f0db3a1768ade68108bf003676ce378d1cbdc
> Cr-Commit-Position: refs/heads/master@{#29259}

TBR=arv@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4214

Review URL: https://codereview.chromium.org/1201273004

Cr-Commit-Position: refs/heads/master@{#29267}

Revert of Extend big-disjunction optimization to case-independent regexps (patchset #5 id:80001 of https://codereview.chromium.org/1182783009/)

Reason for revert:
[Sheriff] Test times out now on msan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/2947

Original issue's description:
> Extend big-disjunction optimization to case-independent regexps
>
> R=yangguo@chromium.org
> BUG=chromium:482998
> LOG=n
>
> Committed: https://crrev.com/d2135603bcf462e15a1284d8ed969f6692610dda
> Cr-Commit-Position: refs/heads/master@{#29264}

TBR=yangguo@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:482998

Review URL: https://codereview.chromium.org/1204013003

Cr-Commit-Position: refs/heads/master@{#29266}

Fix cluster-fuzz regression with Workers and recursive serialization

Shell::SerializeValue was using a HandleScope, but was also storing Handles in
an ObjectList. The ObjectList handles would persist after the function had
returned, but will have already been destroyed by the HandleScope, so there is
a use-after-free.

This change removes the HandleScope in Shell::SerializeValue and relies on the
caller's HandleScope.

BUG=chromium:503968
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1211433003

Cr-Commit-Position: refs/heads/master@{#29265}

Extend big-disjunction optimization to case-independent regexps

R=yangguo@chromium.org
BUG=chromium:482998
LOG=n

Review URL: https://codereview.chromium.org/1182783009

Cr-Commit-Position: refs/heads/master@{#29264}

Fix cluster-fuzz regression with Workers when serializing empty string

BUG=chromium:503991
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1210623002

Cr-Commit-Position: refs/heads/master@{#29263}

Fix unexpected token messages in expression classifier

Some tokens need special messages because their token corresponds to
many names.

R=arv@chromium.org
BUG=v8:4213
LOG=N

Review URL: https://codereview.chromium.org/1207743004

Cr-Commit-Position: refs/heads/master@{#29262}

Fix cluster-fuzz regression with Workers on mips.debug

BUG=chromium:503698
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1208573003

Cr-Commit-Position: refs/heads/master@{#29261}

Use C runtime functions for ThrowNewXXError desugarings.

JS runtime function calls cause Hydrogen to bail out.

R=adamk@chromiunm.org,arv@chromium.org

Review URL: https://codereview.chromium.org/1210533003

Cr-Commit-Position: refs/heads/master@{#29260}

Fix receiver when calling eval() bound by with scope

Thanks to André Bargull for the report.

BUG=v8:4214
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1202963005

Cr-Commit-Position: refs/heads/master@{#29259}

Re-land new insertion write barrier.

BUG=

Review URL: https://codereview.chromium.org/1211513002

Cr-Commit-Position: refs/heads/master@{#29258}

PPC: Use big-boy Types to annotate interface descriptor parameters

Port c019d7f498ce6fbac6659924e20ddb6c59aebeb8

Original commit message:
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
  a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
  platform-independent components so that all descriptors share
  a common Type::FunctionType for all platforms.

R=danno@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1206893002

Cr-Commit-Position: refs/heads/master@{#29257}

Ensure there is some space on JS stack available for bootstrapping.

Review URL: https://codereview.chromium.org/1203873005

Cr-Commit-Position: refs/heads/master@{#29256}

Serializer: clear next link in weak cells.

If we do not clear next links during serialization, the
serializer would simply follow those links and serialize
arbitrary objects held by weak cells. This breaks the
invariant in the code serializer, which crashes if it
sees context-dependent objects.

R=ulan@chromium.org
BUG=chromium:503552
LOG=Y

Review URL: https://codereview.chromium.org/1203973002

Cr-Commit-Position: refs/heads/master@{#29255}

PPC: Do not add extra argument for new.target

Port 8196c28a94f62dec026f2b564ba81d690a4ed593

Original commit message:
JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.

R=dslomov@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1208443002

Cr-Commit-Position: refs/heads/master@{#29254}

Fix -Werror=sign-compare error with GCC

R=jkummerow@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1202843006

Cr-Commit-Position: refs/heads/master@{#29253}

[android] Set platform to 16 for 32 bit builds.

TBR=ulan, jochen
NOTRY=true

Review URL: https://codereview.chromium.org/1209453003

Cr-Commit-Position: refs/heads/master@{#29252}

[turbofan] Make TyperCache global and thread safe.

This way we need the common types only once per process and we don't
need to recreate them for every compilation. It uses the same pattern
that we already apply to caching operators. This simplifies the type
cache a lot.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1209513002

Cr-Commit-Position: refs/heads/master@{#29251}

[x64] Fix instruction selection for Word64Equal(Word64And, 0).

This fixes a slight inconsistency in the InstructionSelector that
basically disabled the optimization for things like ObjectIsSmi.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1206773002

Cr-Commit-Position: refs/heads/master@{#29250}

Reland r21101: "ARM64: use jssp for stack slots"

The original implementation assumed that LPushArguments and
LInvoke/Call* could be assumed to be exclusively sequential. However,
this isn't always the case. For example, GenerateCallFunction pushes
some arguments and then selects between HInvokeFunction and
HCallFunction.

This fixed implementation resets a pushed_arguments_ counter based on
the argument_count() of the preceeding basic block, then tracks it
per-instruction as before (except that now we maintain a count rather
than a boolean flag).

At the same time, since we now track exactly how many arguments have
been pushed onto the stack, I was able to adjust the offset accordingly
and use jssp for stack slots even when arguments have been pushed.

BUG=

Review URL: https://codereview.chromium.org/1038363002

Cr-Commit-Position: refs/heads/master@{#29249}

Use big-boy Types to annotate interface descriptor parameters

- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
  a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
  platform-independent components so that all descriptors share
  a common Type::FunctionType for all platforms.

Review URL: https://codereview.chromium.org/1197703002

Cr-Commit-Position: refs/heads/master@{#29248}

Expand ToBoolean stub so it can handle more types.

SIMD values will require their own type code for conversion to boolean.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1202973003

Cr-Commit-Position: refs/heads/master@{#29247}

Fix ReferenceError of Worker in regress-crbug-503578

Worker is not defined on the V8 Shared bots.

BUG=chromium:503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1202763004

Cr-Commit-Position: refs/heads/master@{#29246}

[android] Completly move path logic to gyp config.

BUG=chromium:502176
LOG=n

Review URL: https://codereview.chromium.org/1203653002

Cr-Commit-Position: refs/heads/master@{#29245}

Fix cluster-fuzz found regression in d8 when deserializing ArrayBuffer

BUG=503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1204753002

Cr-Commit-Position: refs/heads/master@{#29244}

[turbofan] Remove stale control-reducer.cc file.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1197793005

Cr-Commit-Position: refs/heads/master@{#29243}

Date() should not depend on Date.prototype.toString

We used to call toString as a method which is not safe.

BUG=v8:4225
LOG=Y
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1200033003

Cr-Commit-Position: refs/heads/master@{#29242}

Revert "Keep a canonical list of shared function infos."

Speculative revert in the hopes of fixing serializer crashes seen in canary.

This reverts commit c1669450834436508e0007885eb7ac266cbcf083, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit 7c43967bb73783b46c2ccf9cdd0fa716b74ce278).

BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1207583002

Cr-Commit-Position: refs/heads/master@{#29241}

Avoid built-ins in `Date.prototype.toISOString`

TEST=mjsunit/date
BUG=v8:4226
LOG=N

Review URL: https://codereview.chromium.org/1203733002

Cr-Commit-Position: refs/heads/master@{#29240}

Add mjsunit tests for optimization of float min/max.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1199053011

Cr-Commit-Position: refs/heads/master@{#29239}

Do not add extra argument for new.target

JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.

R=arv@chromium.org,adamk@chromium.org
BUG=v8:3886
LOG=N

Review URL: https://codereview.chromium.org/1196193014

Cr-Commit-Position: refs/heads/master@{#29238}

Expose Map/Set methods through the API

Map: get, set, has, delete, clear
Set: add, has, delete, clear

All except clear are implemented as calls into collection.js.

Note that some of these shadow methods of v8::Object. It's unclear
how confusing that's going to be: on the one hand, it seems likely
that most operations you would want to do on a Map or Set are these.
On the other, generic code could get confused if it somehow gets
ahold of a variable that happens to be C++-typed as a v8::Map or v8::Set.

BUG=v8:3340
LOG=y

Review URL: https://codereview.chromium.org/1204623002

Cr-Commit-Position: refs/heads/master@{#29237}

Fixed exception handling in Realm.create().

BUG=chromium:501711
LOG=N

Review URL: https://codereview.chromium.org/1207453002

Cr-Commit-Position: refs/heads/master@{#29236}

Let GC select the collector when the external memory allocation limit is reached

BUG=none
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1201993002

Cr-Commit-Position: refs/heads/master@{#29235}

PPC: [turbofan] Fix implementation of Float64Min.

The optimized instruction sequences for floating-point min/max do not
have the same behaviour as TurboFan's Float(32|64)(Min|Max) functions
(incorrect handling for NaN operands).

R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1193843015

Cr-Commit-Position: refs/heads/master@{#29234}

Don't insert elements transitions into normalized maps

BUG=chromium:499790
LOG=n

Review URL: https://codereview.chromium.org/1203653003

Cr-Commit-Position: refs/heads/master@{#29233}

Cleanup adding elements and in particular dictionary elements

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1196163005

Cr-Commit-Position: refs/heads/master@{#29232}

[turbofan] Make global variable loads and stores explicit.

This is a precursor to using specialized LoadIC and StoreIC stubs for
global variable access. It also removes the need to keep track of the
global object in the type system, hence freeing up one bit.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1205473004

Cr-Commit-Position: refs/heads/master@{#29231}

[turbofan] NaN is never truish.

BUG=v8:4207
LOG=y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1198993009

Cr-Commit-Position: refs/heads/master@{#29230}

[arm64][turbofan] Fix implementation of Float64Min.

ARM64's `fmin` and `fmax` instructions don't have the same behaviour as
TurboFan's Float(32|64)(Min|Max) functions.

BUG=4206
LOG=N

Review URL: https://codereview.chromium.org/1200123004

Cr-Commit-Position: refs/heads/master@{#29229}

Fix regexp perf: Only increase array size if needed

BUG=chromium:503457
LOG=n

Review URL: https://codereview.chromium.org/1198993008

Cr-Commit-Position: refs/heads/master@{#29228}

Merge AddFastElement and AddFastDoubleElement

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1198343004

Cr-Commit-Position: refs/heads/master@{#29227}

Map::ReconfigureProperty() should mark map as unstable when it returns a different map.

BUG=chromium:502930
LOG=N

Review URL: https://codereview.chromium.org/1200003002

Cr-Commit-Position: refs/heads/master@{#29226}

[turbofan] Run DeadCodeElimination together with the advanced reducers.

This will immediately remove dead code from the graph once any of
the advanced reducers inserts it. Also changes the GraphReducer to
use the canonical Dead node for ReplaceWithValue.

R=jarin@chromium.org

Committed: https://crrev.com/88a40c5fb381924b1c0b2403dc582bceb2abe5da
Cr-Commit-Position: refs/heads/master@{#29217}

Review URL: https://codereview.chromium.org/1206533002.

Cr-Commit-Position: refs/heads/master@{#29225}

Global handle leak in Realm.create() fixed.

BUG=chromium:501808
LOG=N

Review URL: https://codereview.chromium.org/1197403002

Cr-Commit-Position: refs/heads/master@{#29224}

[turbofan] Make an OptionalOperator for MachineOperatorBuilder.

This makes usage of the MachineOperatorBuilder more robust, as it will be
an error to request an unsupported operator.

Along the way, I noticed that all 7 platforms support Float32Abs and
Float64Abs. Should make them non-optional in another CL?

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1128133003

Cr-Commit-Position: refs/heads/master@{#29223}

Move SetFastElementsCapacity into GrowCapacityAndConvert

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1197133003

Cr-Commit-Position: refs/heads/master@{#29222}

[test] Teach test runner about whether novfp3 is on or off

BUG=none
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1204643003

Cr-Commit-Position: refs/heads/master@{#29221}

Revert of [turbofan] Run DeadCodeElimination together with the advanced reducers. (patchset #1 id:1 of https://codereview.chromium.org/1206533002/)

Reason for revert:
Looks like this breaks Tests262.

Original issue's description:
> [turbofan] Run DeadCodeElimination together with the advanced reducers.
>
> This will immediately remove dead code from the graph once any of
> the advanced reducers inserts it. Also changes the GraphReducer to
> use the canonical Dead node for ReplaceWithValue.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/88a40c5fb381924b1c0b2403dc582bceb2abe5da
> Cr-Commit-Position: refs/heads/master@{#29217}

TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1200983004

Cr-Commit-Position: refs/heads/master@{#29220}

Vector ICs: Additional Turbofan support

Lowering of stores need the vector and slot if --vector-stores is true.

BUG=

Review URL: https://codereview.chromium.org/1193313002

Cr-Commit-Position: refs/heads/master@{#29219}

Fix wrong DCHECK in Heap::FindAllocationMemento where bump pointer overflow points to the currently used new space page.

BUG=chromium:501693
LOG=n

Review URL: https://codereview.chromium.org/1200833003

Cr-Commit-Position: refs/heads/master@{#29218}

[turbofan] Run DeadCodeElimination together with the advanced reducers.

This will immediately remove dead code from the graph once any of
the advanced reducers inserts it. Also changes the GraphReducer to
use the canonical Dead node for ReplaceWithValue.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1206533002

Cr-Commit-Position: refs/heads/master@{#29217}

[turbofan] Avoid embedding type feedback vector into code.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1198263004

Cr-Commit-Position: refs/heads/master@{#29216}

Also check for access checks and indexed interceptors before allowing fast moving of elements

BUG=

Review URL: https://codereview.chromium.org/1200053002

Cr-Commit-Position: refs/heads/master@{#29215}

[turbofan] Factor out the function specific part from the frame state operator.

This also threads through the parameter count and local count to the instruction selector. This will be later used to allow merging of various StateValues vector (and prepare for differential encoding which will not distinguish between parameters, locals and expression stack).

BUG=

Review URL: https://codereview.chromium.org/1191243003

Cr-Commit-Position: refs/heads/master@{#29214}

X87: Built-in apply() performance benefits from an uninitialized IC.

port 2a3b05758721a2f63a7c611ef22e364ead9ed0f3 (r29175).

original commit message:

   Built-in apply() performance benefits from an uninitialized IC.

BUG=

Review URL: https://codereview.chromium.org/1199913007

Cr-Commit-Position: refs/heads/master@{#29213}

X87: Vector ICs: Turbofan vector store ic support

port 17c8ffeaa3e4e1769f0b4d0e7c8a6fb26b5297bd (r29173)

original commit message:

    Vector ICs: Turbofan vector store ic support

    Turbofan needs to pass vector slots around for named and keyed stores.
    Also, the CL addresses a missing slot for ClassLiterals.

BUG=

Review URL: https://codereview.chromium.org/1195793007

Cr-Commit-Position: refs/heads/master@{#29212}

[date] Use explicit control flow to replace %_ThrowIfNotADate.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1191283003

Cr-Commit-Position: refs/heads/master@{#29211}

Update V8 DEPS.

Rolling v8/third_party/android_tools to 21f4bcbd6cd927e4b4227cfde7d5f13486be1236

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1203633004

Cr-Commit-Position: refs/heads/master@{#29210}

Re-ship Harmony Array/TypedArray methods

Turning the --harmony-array flag on has been delayed behind
unrelated test failures. Now that those tests are disabled,
land the changes.

This patch fixes WebKit tests based on the new change.

R=adamk
LOG=Y
BUG=v8:3578
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1199113003

Cr-Commit-Position: refs/heads/master@{#29209}

Remove usage of S.p.charCodeAt from uri.js

We were using both String.prototype.charCodeAt and
String.prototype.charAt.

BUG=v8:4224
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1204483003

Cr-Commit-Position: refs/heads/master@{#29208}

Disable a flaky test

This test starts failing when the --harmony-array flag is turned on,
but the failure does not directly have to do with that flag. Disabling
the test in debug mode to unblock the release.

BUG=v8:4237
LOG=n
R=adamk,erikcorry

Review URL: https://codereview.chromium.org/1202523005

Cr-Commit-Position: refs/heads/master@{#29207}

Fix HTML string methods to not depend on replace method

Before this we were using String.prototype.replace. Now
we call the internal StringReplace instead.

BUG=v8:4221
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1199933005

Cr-Commit-Position: refs/heads/master@{#29206}

Add an informative comment on regress-1132 ASAN suppression

TBR=arv@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1199053002.

Cr-Commit-Position: refs/heads/master@{#29205}

Remove duplicate isolate

BUG=

Review URL: https://codereview.chromium.org/1196533004

Cr-Commit-Position: refs/heads/master@{#29204}

Use CHECK_LT in CheckHandleCountVisitor for better error message

Review URL: https://codereview.chromium.org/1201773005

Cr-Commit-Position: refs/heads/master@{#29203}

Fix string HTML methods to call ToString

Before this we were using + which calls valueOf which is not correct
for these methods.

BUG=v8:4222
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1194173004

Cr-Commit-Position: refs/heads/master@{#29202}

Disable regress-1132 on ASAN runs

This test appears to trigger some bug in either ASAN or V8 when
accompanied by an increase in JS code size. Disabling the test
on ASAN runs to unblock adding new JS code.

BUG=v8:4236
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1203523002

Cr-Commit-Position: refs/heads/master@{#29201}

[Test262-es6] Update to use FAIL_SLOPPY everywhere

Also reordered related test

BUG=N
LOG=N
R=adamk, littledan

Review URL: https://codereview.chromium.org/1199013002

Cr-Commit-Position: refs/heads/master@{#29200}

Atomic operations on Uint8ClampedArray

BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1201543002

Cr-Commit-Position: refs/heads/master@{#29199}

PPC: Vector ICs: Turbofan vector store ic support

Port 17c8ffeaa3e4e1769f0b4d0e7c8a6fb26b5297bd

Original commit message:
Turbofan needs to pass vector slots around for named and keyed stores.
Also, the CL addresses a missing slot for ClassLiterals.

R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1201983005

Cr-Commit-Position: refs/heads/master@{#29198}

PPC: Clean up JSConstructStub

Port 882055ff6a58f6b585575229f40f364e5f2a3ad0

Original commit message:
- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers

No change in functionality intended.

Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:

- print PC of each frame
- print the function's source also for optimized frames

R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1193363004

Cr-Commit-Position: refs/heads/master@{#29197}

PPC: Built-in apply() performance benefits from an uninitialized IC.

Port 2a3b05758721a2f63a7c611ef22e364ead9ed0f3

R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1196253003

Cr-Commit-Position: refs/heads/master@{#29196}

Add d8 API for spawning function on a new thread (Third try)

This API closely matches the Worker API. The differences:

1) The argument to the Worker constructor is a function to run, not a script.
2) Receiving a message from a worker is a synchronous API (as there is no event
loop).

The serialization done here is not robust as the real DOM implementation. For
example, recursive data structures or otherwise duplicated objects are not
allowed.

BUG=chromium:497295
LOG=n

Review URL: https://codereview.chromium.org/1192923002

Cr-Commit-Position: refs/heads/master@{#29195}

Test262-es6 test runner should handle sloppy fail better

This adds a new FAIL_SLOPPY expected output. It then uses this to
determine if the test case has unexpected output.

BUG=v8:4164
LOG=N
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1197913002

Cr-Commit-Position: refs/heads/master@{#29194}

[es6] Bound function names

https://people.mozilla.org/~jorendorff/es6-draft.html#sec-function.prototype.bind

Bound functions should have a name based on the function that was
bound.

This reverts the revert f2747ed9b48d0e62c7a30da69825ff926aeedbd2. The original
CL was reverted because the Blink layout test broke. I have a CL that disables
these tests at: https://codereview.chromium.org/1196753003/

BUG=N
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1195983002

Cr-Commit-Position: refs/heads/master@{#29193}

[destructuring] Implement parameter pattern matching.

Scoping for initializers is yet incorrect. Defaults are not supported.

R=arv@chromium.org,rossberg@chromium.org
BUG=v8:811
LOG=N

Committed: https://crrev.com/42f30f4ded2b1ca0c4caa7639e6206e93c78ee70
Cr-Commit-Position: refs/heads/master@{#29184}

Review URL: https://codereview.chromium.org/1189743003

Cr-Commit-Position: refs/heads/master@{#29192}

[es6] ship Rest Parameters

BUG=v8:2159
LOG=N
R=arv@chromium.org, dslomov@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1191653008

Cr-Commit-Position: refs/heads/master@{#29191}

Keep track of ArrayBuffers based on collector type, not space

Since Mark/Compact also collects garbage in the new space, we can't just
free old space ArrayBuffers during MC - otherwise we run the risk of
never freeing new array buffers

BUG=v8:4201
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1199913002

Cr-Commit-Position: refs/heads/master@{#29190}

[android] Merge gyp configurations.

The merge makes it possible to reuse variables from the
android configuration in standalone.gypi.

BUG=chromium:502176
LOG=n

Review URL: https://codereview.chromium.org/1196253002

Cr-Commit-Position: refs/heads/master@{#29189}

Revert of [destructuring] Implement parameter pattern matching. (patchset #7 id:120001 of https://codereview.chromium.org/1189743003/)

Reason for revert:
[Sheriff] Breaks tsan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/4392

Original issue's description:
> [destructuring] Implement parameter pattern matching.
>
> Scoping for initializers is yet incorrect. Defaults are not supported.
>
> R=arv@chromium.org,rossberg@chromium.org
> BUG=v8:811
> LOG=N
>
> Committed: https://crrev.com/42f30f4ded2b1ca0c4caa7639e6206e93c78ee70
> Cr-Commit-Position: refs/heads/master@{#29184}

TBR=arv@chromium.org,rossberg@chromium.org,caitpotter88@gmail.com,wingo@igalia.com,dslomov@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811

Review URL: https://codereview.chromium.org/1195163007

Cr-Commit-Position: refs/heads/master@{#29188}

[turbofan] Add CodeFactory::Instanceof helper.

R=mvstanton@chromium.org
TEST=cctest/test-run-jsops/BinopInstanceOf

Review URL: https://codereview.chromium.org/1196213004

Cr-Commit-Position: refs/heads/master@{#29187}

Use optparse in js2c.py for python compatibility

Without this change, V8 won't build on RHEL/CentOS 6 because the distro
python is too old to know about the argparse module.

Can this commit be cherry-picked to the 4.4 branch?  It should apply
cleanly.

BUG=

Review URL: https://codereview.chromium.org/1192973004

Cr-Commit-Position: refs/heads/master@{#29186}

[turbofan] Revive the VectorSlotPair and also put feedback on JSCallFunction.

We resurrect the VectorSlotPair in order to be able to separate the
feedback input for the compiler from the actual type feedback vector
that is required to meet the IC requirements at runtime. This will allow
us to for example use feedback from a different context or divide the
type feedback vector into two separate vectors, without having to touch
the compiler. It'll allow use to load the vector from the shared
function info at runtime, while still consuming feedback in the
compiler (i.e. we don't rely on the feedback vector node to be a heap
constant).

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1198983002

Cr-Commit-Position: refs/heads/master@{#29185}

[destructuring] Implement parameter pattern matching.

Scoping for initializers is yet incorrect. Defaults are not supported.

R=arv@chromium.org,rossberg@chromium.org
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1189743003

Cr-Commit-Position: refs/heads/master@{#29184}