deps: backport 4af8029 from upstream V8

Original commit message:

    [turbofan] Fix missing lazy deopt in object literals.

    This adds a missing lazy bailout point when defining data properties
    with computed property names in object literals. The runtime call to
    Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary
    bailout ID already exists and is now properly used.

    R=jarin@chromium.org
    TEST=mjsunit/regress/regress-crbug-621816
    BUG=chromium:621816

    Review-Url: https://codereview.chromium.org/2099133003
    Cr-Commit-Position: refs/heads/master@{#37294}

Refs: v8/v8@4af8029
PR-URL: #17290
Fixes: #14326
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

Author: targos

deps/v8/include/v8-version.h

@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 5
 #define V8_MINOR_VERSION 1
 #define V8_BUILD_NUMBER 281
-#define V8_PATCH_LEVEL 108
+#define V8_PATCH_LEVEL 109
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)

deps/v8/src/compiler/ast-graph-builder.cc

@@ -1620,7 +1620,8 @@ void AstGraphBuilder::VisitClassLiteralContents(ClassLiteral* expr) {
             jsgraph()->Constant(property->NeedsSetFunctionName());
         const Operator* op =
             javascript()->CallRuntime(Runtime::kDefineDataPropertyInLiteral);
-        NewNode(op, receiver, key, value, attr, set_function_name);
+        Node* call = NewNode(op, receiver, key, value, attr, set_function_name);
+        PrepareFrameState(call, BailoutId::None());
         break;
       }
       case ObjectLiteral::Property::GETTER: {
@@ -1870,7 +1871,8 @@ void AstGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
             jsgraph()->Constant(property->NeedsSetFunctionName());
         const Operator* op =
             javascript()->CallRuntime(Runtime::kDefineDataPropertyInLiteral);
-        NewNode(op, receiver, key, value, attr, set_function_name);
+        Node* call = NewNode(op, receiver, key, value, attr, set_function_name);
+        PrepareFrameState(call, expr->GetIdForPropertySet(property_index));
         break;
       }
       case ObjectLiteral::Property::PROTOTYPE:

deps/v8/src/compiler/linkage.cc

@@ -145,7 +145,6 @@ int Linkage::FrameStateInputCount(Runtime::FunctionId function) {
   switch (function) {
     case Runtime::kAllocateInTargetSpace:
     case Runtime::kCreateIterResultObject:
-    case Runtime::kDefineDataPropertyInLiteral:
     case Runtime::kDefineGetterPropertyUnchecked:  // TODO(jarin): Is it safe?
     case Runtime::kDefineSetterPropertyUnchecked:  // TODO(jarin): Is it safe?
     case Runtime::kFinalizeClassDefinition:        // TODO(conradw): Is it safe?

deps/v8/src/full-codegen/arm/full-codegen-arm.cc

@@ -1572,6 +1572,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/arm64/full-codegen-arm64.cc

@@ -1557,6 +1557,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/ia32/full-codegen-ia32.cc

@@ -1493,6 +1493,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/mips/full-codegen-mips.cc

@@ -1569,6 +1569,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/mips64/full-codegen-mips64.cc

@@ -1570,6 +1570,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc

@@ -1532,6 +1532,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/s390/full-codegen-s390.cc

@@ -1491,6 +1491,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/x64/full-codegen-x64.cc

@@ -1518,6 +1518,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/src/full-codegen/x87/full-codegen-x87.cc

@@ -1485,6 +1485,8 @@ void FullCodeGenerator::VisitObjectLiteral(ObjectLiteral* expr) {
             PushOperand(Smi::FromInt(NONE));
             PushOperand(Smi::FromInt(property->NeedsSetFunctionName()));
             CallRuntimeWithOperands(Runtime::kDefineDataPropertyInLiteral);
+            PrepareForBailoutForId(expr->GetIdForPropertySet(property_index),
+                                   NO_REGISTERS);
           } else {
             DropOperands(3);
           }

deps/v8/test/mjsunit/regress/regress-crbug-621816.js

@@ -0,0 +1,18 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turbo
+
+function f() {
+  var o = {};
+  o.a = 1;
+}
+function g() {
+  var o = { ['a']: function(){} };
+  f();
+}
+f();
+f();
+%OptimizeFunctionOnNextCall(g);
+g();