Commit Graph

31823 Commits

Author SHA1 Message Date
rmcilroy
1b4e0130fa Reland: [Crankshaft] Always check for stubs marked to not require an eager frame.
Previously only stubs built in the snapshot were checked for having an
eager frame. This caused a regression to creap in on ia32 for
RegExpConstructResultStub. Change test to always check.

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg

Review-Url: https://codereview.chromium.org/2089673002
Cr-Commit-Position: refs/heads/master@{#37181}
2016-06-22 11:09:40 +00:00
verwaest
813f231896 Further streamline HandleApiCall
The CL avoids superfluous conversions / reboxing and handlescopes.

BUG=

Review-Url: https://codereview.chromium.org/2089703004
Cr-Commit-Position: refs/heads/master@{#37180}
2016-06-22 10:23:45 +00:00
jochen
c7715c2fbe Add HasOwnProperty with array indexes
This way embedders don't have to manually convert them to strings

BUG=chromium:619166
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2085223002
Cr-Commit-Position: refs/heads/master@{#37179}
2016-06-22 10:20:45 +00:00
yangguo
03996851f4 [serializer] reorder some bytecodes to free up large blocks.
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2083303002
Cr-Commit-Position: refs/heads/master@{#37178}
2016-06-22 10:14:45 +00:00
danno
9dc2c31d64 [turbolizer] Performance improvements for selection in graph & schedule
Review-Url: https://codereview.chromium.org/2066313002
Cr-Commit-Position: refs/heads/master@{#37177}
2016-06-22 10:11:39 +00:00
yangguo
55b2124968 [heap] reorder root list items.
- Moves the most often used 32 items to the top. This shaves off 10kB
  from the startup snapshot size.
- Sorts the rest by usage and type.

R=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2088023003
Cr-Commit-Position: refs/heads/master@{#37176}
2016-06-22 09:30:57 +00:00
ahaas
c5be8d2af5 [wasm] Store the semaphore for parallel compilation in exactly one smart pointer.
R=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2080223005
Cr-Commit-Position: refs/heads/master@{#37175}
2016-06-22 09:22:11 +00:00
verwaest
bedcc31b83 Remove element handling from named path
This was necessary since certain named handlers didn't check the name beforehand, and could miss to LoadIC_Miss with a name convertible to an index. This is currently not supported anymore, so we can drop this path. We should make sure we miss to the right label instead.

BUG=

Review-Url: https://codereview.chromium.org/2083283002
Cr-Commit-Position: refs/heads/master@{#37174}
2016-06-22 09:22:10 +00:00
jgruber
6bd37e3f20 [builtins] Fix clobbered reg in Math.{Max,Min}
edi is expected to contain the JS function. Ensure that it is not
overwritten.

BUG=chromium:621431,chromium:621550,chromium:621217
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2085043004
Cr-Commit-Position: refs/heads/master@{#37173}
2016-06-22 09:18:55 +00:00
yangguo
2618eb0a7b [heap] compact more weak fixed arrays before serializing.
R=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2087163002
Cr-Commit-Position: refs/heads/master@{#37172}
2016-06-22 09:13:09 +00:00
mlippautz
21b55c4aa5 [heap] Fix check in AdvancePage
Failing to do the right check in AdvancePage results in a crash in a CHECK later
in EnsureCurrentCapacity.

BUG=chromium:620750,chromium:622115
LOG=N
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2090013002
Cr-Commit-Position: refs/heads/master@{#37171}
2016-06-22 09:10:09 +00:00
yangguo
6793728528 Use zig-zag encoding in the source position table.
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2081703002
Cr-Commit-Position: refs/heads/master@{#37170}
2016-06-22 09:06:53 +00:00
yangguo
5eaf4ac48f [debugger] add test case for scope materialization and rest params.
R=jgruber@chromium.org
BUG=v8:4703

Review-Url: https://codereview.chromium.org/2088703002
Cr-Commit-Position: refs/heads/master@{#37169}
2016-06-22 08:35:28 +00:00
bmeurer
a334354288 [turbofan] Add dedicated test for check constant folding.
This adds a dedicated test to make sure we don't try constant folding on
checks (in this case CheckTaggedPointer), which would generate invalid
code as we removing checks that guard the constant without knowing
whether it's safe to do so.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2087153002
Cr-Commit-Position: refs/heads/master@{#37168}
2016-06-22 08:20:50 +00:00
bmeurer
c30b854aa3 [turbofan] Some strength reduction on Smi/HeapObject checks.
Let the SimplifiedOperatorReducer perform some strength reduction for
certain CheckTaggedSigned and CheckTaggedPointer inputs (reusing the
existing logic for ObjectIsSmi).

R=jarin@chromium.org
BUG=v8:5141

Review-Url: https://codereview.chromium.org/2080703006
Cr-Commit-Position: refs/heads/master@{#37167}
2016-06-22 07:52:19 +00:00
jarin
ef925a2739 [turbofan] Reuse the operation typer's logic in the typer.
Review-Url: https://codereview.chromium.org/2084943002
Cr-Commit-Position: refs/heads/master@{#37166}
2016-06-22 06:55:43 +00:00
bmeurer
f54fa4d426 [ieee754] Slightly improve unittests for exp/log.
BUG=v8:3266, v8:3468, v8:3493, v8:5086, v8:5108
R=rtoy@chromium.org

Review-Url: https://codereview.chromium.org/2086663004
Cr-Commit-Position: refs/heads/master@{#37165}
2016-06-22 05:56:06 +00:00
bmeurer
488d6e5f84 [turbofan] x - y < 0 is not equivalent to x < y.
We cannot change x - y < 0 to x < y, because it would only be safe if
x - y cannot overflow, which we don't know in general.

R=jarin@chromium.org
BUG=v8:5129

Review-Url: https://codereview.chromium.org/2090493002
Cr-Commit-Position: refs/heads/master@{#37164}
2016-06-22 05:38:36 +00:00
bmeurer
1006f3cd23 Revert of [Crankshaft] Always check for stubs marked to not require an eager frame. (patchset #2 id:20001 of https://codereview.chromium.org/2089673002/ )
Reason for revert:
Breaks with nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7474/steps/Check/logs/regress-2612

Original issue's description:
> [Crankshaft] Always check for stubs marked to not require an eager frame.
>
> Previously only stubs built in the snapshot were checked for having an
> eager frame. This caused a regression to creap in on ia32 for
> RegExpConstructResultStub. Change test to always check.
>
> Committed: https://crrev.com/f6facbb2106ffc2918dd249166233a7fa95dc449
> Cr-Commit-Position: refs/heads/master@{#37162}

TBR=rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2087963004
Cr-Commit-Position: refs/heads/master@{#37163}
2016-06-22 05:35:34 +00:00
rmcilroy
f6facbb210 [Crankshaft] Always check for stubs marked to not require an eager frame.
Previously only stubs built in the snapshot were checked for having an
eager frame. This caused a regression to creap in on ia32 for
RegExpConstructResultStub. Change test to always check.

Review-Url: https://codereview.chromium.org/2089673002
Cr-Commit-Position: refs/heads/master@{#37162}
2016-06-22 03:53:01 +00:00
v8-autoroll
f45c65cae0 Update V8 DEPS.
Rolling v8/build to f56976d676dfd5597229b21a83a53a58704582bf

Rolling v8/buildtools to 56eaae134648135663c4aa1ed82278572b5f35ef

Rolling v8/tools/mb to 5268873c8c1eebbf1a3aaed7e63f99b600fab65e

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2087933004
Cr-Commit-Position: refs/heads/master@{#37161}
2016-06-22 03:24:26 +00:00
bjaideep
97c2154869 PPC/s390: [builtins] NonNumberToNumber and StringToNumber now use CallRuntime instead of TailCallRuntime
Port b5c69cbf39

Original commit message:

    With the tail call, pointers to the JS heap could be pushed on a
    js-to-wasm frame. On the js-to-wasm frame, however, this pointer would
    not be updated by the GC.

R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=617084
LOG=N

Review-Url: https://codereview.chromium.org/2085183002
Cr-Commit-Position: refs/heads/master@{#37160}
2016-06-22 02:38:12 +00:00
ritesht
d0b8e7fb54 [wasm] Support undefined indirect table entries, behind a flag.
Add a flag to gate experimental support for dynamic code loading and JITing (at runtime in a wasm module).

Enhancing functionality of the indirect function table to support JITing and dynamic linking by allowing additional space to be filled with an "undefined" function signature.

BUG=v8:5044
LOG=N
TEST=None
R=mtrofin@chromium.org,bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2049513003
Cr-Commit-Position: refs/heads/master@{#37159}
2016-06-22 00:53:31 +00:00
dpranke
365e32b130 Use the new "optimize_speed" GN config.
The GN configs for different optimization levels are confusing and
should probably be reworked, but for now we add a special config
specifically so that we can compile with -O3 when appropriate.

R=brettw@chromium.org, machenbach@chromium.org
BUG=616031, 618678, 621335

Review-Url: https://codereview.chromium.org/2076403002
Cr-Commit-Position: refs/heads/master@{#37158}
2016-06-21 23:37:14 +00:00
bjaideep
2b8f55456a PPC/s390: [builtins] Introduce a proper BUILTIN frame type.
Port f47b9e9810

Original commit message:

    This adds a new BUILTIN frame type, which supports variable number of
    arguments for builtins implemented in hand-written native code (we will
    extend this mechanism to TurboFan builtins at some point). Convert the
    Math.max and Math.min builtins to construct a BUILTIN frame if required.

    This does not yet work for C++ builtins, but that'll be the next step.

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:4815
LOG=N

Review-Url: https://codereview.chromium.org/2087433003
Cr-Commit-Position: refs/heads/master@{#37157}
2016-06-21 21:43:33 +00:00
jwolfe
d8147eb98c Reland: change most cases of variable redeclaration from TypeError to SyntaxError.
Reland of https://codereview.chromium.org/2048703002/

Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.

The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation

BUG=v8:4955
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=adamk

Review-Url: https://codereview.chromium.org/2086063002
Cr-Commit-Position: refs/heads/master@{#37156}
2016-06-21 20:19:59 +00:00
rossberg
271a7f55cd Refactor module builder
- Use ES6 classes and other goodies.
- Make some names match design/spec.
- Remove obsolete generation of END section.

R=bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2081973003
Cr-Commit-Position: refs/heads/master@{#37155}
2016-06-21 19:48:16 +00:00
caitpotter88
e45fba811f [parser] only parse async arrow function when necessary
Previously, an async arrow function would be parsed if any valid
ConditionalExpression began with the identifier "async", and its following token
was on the same line.

So for example, `async.bar foo => 1` was parsed as a valid async arrow function.
This patch corrects this behaviour by asserting that the following token is a
valid arrow parameters start.

BUG=v8:4483
R=littledan@chromium.org, henrique.ferreiro@gmail.com

Review-Url: https://codereview.chromium.org/2089733002
Cr-Commit-Position: refs/heads/master@{#37154}
2016-06-21 19:48:15 +00:00
verwaest
9bfd7b9d17 Optimize HandleApiCallHelper and friends
BUG=chromium:595492

Review-Url: https://codereview.chromium.org/2084923003
Cr-Commit-Position: refs/heads/master@{#37153}
2016-06-21 19:23:01 +00:00
jochen
2c8ca9ad09 Make sure api interceptors don't change the store target w/o storing
BUG=chromium:619166
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2082633002
Cr-Commit-Position: refs/heads/master@{#37152}
2016-06-21 18:09:52 +00:00
balazs.kilvady
8c4e388e50 MIPS: Fix 'MIPS: Followup [turbofan] Introduce new operators Float32SubPreserveNan and Float64SubPreserveNan.'
Port eff959bb55

Original commit message:
Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.

TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero
BUG=

Review-Url: https://codereview.chromium.org/2081993002
Cr-Commit-Position: refs/heads/master@{#37151}
2016-06-21 17:04:52 +00:00
nikolaos
2cabc866ec Fix classifier related bug
R=adamk@chromium.org
BUG=chromium:621111
LOG=N

Review-Url: https://codereview.chromium.org/2086513002
Cr-Commit-Position: refs/heads/master@{#37150}
2016-06-21 16:41:00 +00:00
caitpotter88
36dd4780f0 [test] add FunctionMirror and PromiseMirror tests for async functions
BUG=v8:4483
R=yangguo@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2082023002
Cr-Commit-Position: refs/heads/master@{#37149}
2016-06-21 16:31:52 +00:00
bmeurer
00889cc29c [turbofan] Address the useless overflow bit materialization.
Add control dependencies to Projection and Int32Add/SubWithOverflow
operators, to prevent the scheduler from moving the Projection nodes
into the wrong place. This way the instruction selection can combine
the Int32Add/SubWithOverflow operations with the DeoptimizeIf and/or
DeoptimizeUnless nodes. This needs new operators CheckedInt32Add and
CheckedInt32Sub so that we can delay the actual lowering until the
effect/control linearizer.

This also makes CheckIf operator obsolete, so we can drop it.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2082993002
Cr-Commit-Position: refs/heads/master@{#37148}
2016-06-21 15:46:40 +00:00
rmcilroy
76368d0854 [Interpreter] Add a simple dead-code elimination bytecode optimizer.
Adds back simple dead code elimination to the bytecode pipeline.

BUG=v8:4280,chromium:616064

Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
2016-06-21 15:29:24 +00:00
bgeron
f567930712 [turbolizer] Fully parse schedule data.
Fixes bug 5128 in product V8.

R=danno@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2087813002
Cr-Commit-Position: refs/heads/master@{#37146}
2016-06-21 15:18:40 +00:00
rmcilroy
6003ed0489 Reland: [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode.
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.

BUG=v8:4822
LOG=N

Committed: https://crrev.com/36abd28a8d9932eb55d7c2bf3ad5e7cfe3eb99ea
Review-Url: https://codereview.chromium.org/2084623002
Cr-Original-Commit-Position: refs/heads/master@{#37135}
Cr-Commit-Position: refs/heads/master@{#37145}
2016-06-21 14:39:52 +00:00
neis
dacc5a73cd Turn on --ignition-generators by default.
This CL merely sets the --ignition-generators flag to true. This flag is
currently only meaningful in combination with --ignition.

BUG=

Review-Url: https://codereview.chromium.org/2065963002
Cr-Commit-Position: refs/heads/master@{#37144}
2016-06-21 13:00:08 +00:00
rossberg
386c747b8a Upgrade Wasm JS API, step 1
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.

Also, changes ErrorThrower to support capturing errors in a promise reject.

Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.

BUG=

Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
2016-06-21 12:54:09 +00:00
bmeurer
61386fb82d [turbofan] Propagate word32 truncations through tagged-hole checks.
If all uses of a CheckTaggedHole[convert-hole-to-undefined] node
truncate to word32, we can replace the hole check with a Smi check
and return the result as word32.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2079233006
Cr-Commit-Position: refs/heads/master@{#37142}
2016-06-21 12:45:20 +00:00
jarin
fdea33767d [turbofan] Sync typing of addition in operation typer with static typer.
Review-Url: https://codereview.chromium.org/2087693003
Cr-Commit-Position: refs/heads/master@{#37141}
2016-06-21 12:33:50 +00:00
neis
7c57ffc1df [generators] Implement %GeneratorGetSourcePosition.
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended.  This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.

TBR=littledan@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
2016-06-21 12:13:39 +00:00
machenbach
1f12208101 Revert of [heap] Avoid the use of cells to point from code to new-space objects. (patchset #7 id:120001 of https://codereview.chromium.org/2045263002/ )
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038

Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}

TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
2016-06-21 12:10:31 +00:00
machenbach
f984051284 [mb] Remove lsan from x86 bots
Lsan only works with x64. This broke when landing:
https://codereview.chromium.org/2085513002/

BUG=616035
TBR=jochen@chromium.org, vogelheim@chromium.org, kjellander@chromium.org
NOTRY=true
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2086623003
Cr-Commit-Position: refs/heads/master@{#37138}
2016-06-21 12:07:21 +00:00
machenbach
1f81574911 Revert of [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode. (patchset #3 id:40001 of https://codereview.chromium.org/2084623002/ )
Reason for revert:
[Sheriff] Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/6304

Original issue's description:
> [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode.
>
> Make intrinsic ids a contiguous set of ids so that the switch statement can build
> a table switch rather than doing a large if/else tree.
>
> BUG=v8:4822
> LOG=N
>
> Committed: https://crrev.com/36abd28a8d9932eb55d7c2bf3ad5e7cfe3eb99ea
> Cr-Commit-Position: refs/heads/master@{#37135}

TBR=epertoso@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4822

Review-Url: https://codereview.chromium.org/2085823003
Cr-Commit-Position: refs/heads/master@{#37137}
2016-06-21 11:53:00 +00:00
oth
303d340f66 [interpreter] Minor clean-up of BytecodeSourceInfo.
Add explicit state in BytecodeSourceInfo to simplify checks for
validity and whether a statement or expression position.

Remove BytecodeSourceInfo::Update which inherited rules for updating
source position information during bytecode building.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2048203002
Cr-Commit-Position: refs/heads/master@{#37136}
2016-06-21 11:12:31 +00:00
rmcilroy
36abd28a8d [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode.
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.

BUG=v8:4822
LOG=N

Review-Url: https://codereview.chromium.org/2084623002
Cr-Commit-Position: refs/heads/master@{#37135}
2016-06-21 10:55:11 +00:00
ahaas
2d2087b79a [heap] Avoid the use of cells to point from code to new-space objects.
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
2016-06-21 10:40:45 +00:00
bmeurer
5e0cd389bf [turbofan] MemoryOptimizer cannot deal with dead nodes in use lists.
We need to trim the graph before we execute the MemoryOptimizer, because
that just walks the effect chain from Start to End and cannot deal with
dead nodes in the use lists.

R=jarin@chromium.org
BUG=chromium:614292

Review-Url: https://codereview.chromium.org/2080703003
Cr-Commit-Position: refs/heads/master@{#37133}
2016-06-21 10:40:44 +00:00
ahaas
b5c69cbf39 [builtins] NonNumberToNumber and StringToNumber now use CallRuntime instead of TailCallRuntime
With the tail call, pointers to the JS heap could be pushed on a
js-to-wasm frame. On the js-to-wasm frame, however, this pointer would
not be updated by the GC.

R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com
BUG=617084
TEST=mjsunit/wasm/gc-frame.js:GCInJSToWasmTest()

Review-Url: https://codereview.chromium.org/2079393003
Cr-Commit-Position: refs/heads/master@{#37132}
2016-06-21 09:26:54 +00:00