Commit Graph

36545 Commits

Author SHA1 Message Date
gsathya
bdffad82ce Remove unused var in objects-debug.cc
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2608183003
Cr-Commit-Position: refs/heads/master@{#42053}
2017-01-03 22:35:27 +00:00
gsathya
a2c15ba376 [promises] Refactor debug code
-- Removes remaning debug from promise.js and moves it to c++
-- Changes debug_id to be a smi in PromiseReactionJobInfo and
   PromiseResolveThenableJobInfo.
-- Changes debug_name to be a smi in PromiseReactionJobInfo and
   PromiseResolveThenableJobInfo.
-- Adds PromiseDebugActionName and PromiseDebugActionType enums
-- Adds PromiseDebugActionNameToString and
   PromiseDebugActionTypeToString helper methods
-- Changes variable `status` to be int in runtime functions.
-- Changes debug_id to start from 1, not 0 for easier bookkeeping.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2606093002
Cr-Commit-Position: refs/heads/master@{#42052}
2017-01-03 21:43:38 +00:00
caitp
c523474713 [cleanup] remove sloppy generator/async function maps
These maps contain exactly the same information as the strict maps, so
this frees up a few pointers of native context space, gets rid of some
branches in FastNewClosure, and adds missing poisoned properties tests
for async functions.

BUG=v8:2355, v8:4483
R=adamk@chromium.org, bmeurer@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2608333002
Cr-Commit-Position: refs/heads/master@{#42051}
2017-01-03 21:38:22 +00:00
jyan
410606a09d s390: Optimize LoadDoubleLiteral
R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2611773003
Cr-Commit-Position: refs/heads/master@{#42050}
2017-01-03 21:14:15 +00:00
marja
e87e82b8e7 Force ctxt allocation in eval scopes.
This is another attempt at solving v8:5736; the previous one (r 41723)
regressed code load.

BUG=v8:5736
R=adamk@chromium.org

Review-Url: https://codereview.chromium.org/2583163002
Cr-Commit-Position: refs/heads/master@{#42049}
2017-01-03 20:27:20 +00:00
caitp
5c6e79e184 [builtins] throw if TypedArray buffer is detached during iteration
Per spec change in https://github.com/tc39/ecma262/pull/724, this adds
the exception thrown when a TypedArray's array buffer is detached at
some point during iteration, after the iterator has already been
created.

BUG=v8:5388
R=littledan@chromium.org, bmeurer@chromium.org, petermarshall@chromium.org

Review-Url: https://codereview.chromium.org/2609913002
Cr-Commit-Position: refs/heads/master@{#42048}
2017-01-03 20:12:19 +00:00
adamk
db7f0169f5 Use "derived" instead of "subclass" in FunctionKind to match the spec
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2609663002
Cr-Commit-Position: refs/heads/master@{#42047}
2017-01-03 19:37:23 +00:00
bjaideep
7d52258b1d PPC/s390: [Ignition] Teach CompileLazy about interpreted functions.
Port 72c3707672

Original Commit Message:

    Currently the CompileLazy builtin checks the SFI expliciltly for FCG code. This means
    if the SFI has bytecode we have to go through to the runtime to install the
    interpreter entry trampoline into the JSFunction object.

    Modify the builtin to always put the SFI code object into the JSFunction unless it's
    the lazy compile stub on the SFI as well.

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4380
LOG=N

Review-Url: https://codereview.chromium.org/2602383003
Cr-Commit-Position: refs/heads/master@{#42046}
2017-01-03 19:27:35 +00:00
tebbi
199af0abb2 [turbofan] second attempt to fix second divergence in escape analysis
The previous patch for this bug (https://codereview.chromium.org/2599793002/) was wrong because it changed the behavior of isCreatedPhi() in an incompatible way. The actual source of the bug is that escape analysis propagates information along cycles without considering the previous analysis value. This fix makes sure that if a previous merge cleared a field, then it stays cleared.

R=bmeurer@chromium.org

BUG=chromium:670202

Review-Url: https://codereview.chromium.org/2610703002
Cr-Commit-Position: refs/heads/master@{#42045}
2017-01-03 19:21:54 +00:00
mlippautz
d75023f3a1 [heap] Enter final pause for embedder tracer in MarkLiveObjects
MarkCompactCollector::Prepare is too early in the rare case that we don't have a
marking deque yet. EnterFinalPause could then trigger
Heap::RegisterExternallyReferencedObject which rightfully fails because MC is
not properly set up.

Note that the DCHECK also triggers, without actual consequences, for aborting
incremental marking.

BUG=468240
TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2611753002
Cr-Commit-Position: refs/heads/master@{#42044}
2017-01-03 19:20:34 +00:00
adamk
a0eb5ab5fc [ignition] Make a DCHECK in ConstantArrayBuilder more useful
This triggered on a CL I was working on today, figured I'd share
my work.

R=mythria@chromium.org, rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2601213002
Cr-Commit-Position: refs/heads/master@{#42043}
2017-01-03 19:05:04 +00:00
rmcilroy
c899212587 [Compiler] Track Ignition background compilation separately in RuntimeStats.
Tracks background compilation of Ignition in a separate bucket from main thread
compilation. Also add some more compilation buckets for functions which can take a
significant proportion of compilation.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2577263002
Cr-Original-Commit-Position: refs/heads/master@{#42026}
Committed: b0e9116d59
Review-Url: https://codereview.chromium.org/2577263002
Cr-Commit-Position: refs/heads/master@{#42042}
2017-01-03 18:11:58 +00:00
jarin
db13377fe8 [turbofan] Use graph assembler for memory optimizer.
Review-Url: https://codereview.chromium.org/2602413002
Cr-Commit-Position: refs/heads/master@{#42041}
2017-01-03 17:29:32 +00:00
jochen
efb329a8ab Reland "Use background tasks for the compiler dispatcher
Original issue's description:
> Use background tasks for the compiler dispatcher
>
> BUG=v8:5215
> R=marja@chromium.org,vogelheim@chromium.org
>
> Review-Url: https://codereview.chromium.org/2606263002
> Cr-Commit-Position: refs/heads/master@{#42035}
> Committed: 7a1b3a7beb

BUG=v8:5215
TBR=marja@chromium.org,vogelheim@chromium.org,rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2613483002
Cr-Commit-Position: refs/heads/master@{#42040}
2017-01-03 17:00:56 +00:00
bjaideep
dc4586ce0c PPC/s390: [ic] Use StrictEqual/Equal builtins for CompareIC slow path.
Port d3ed71ed87

Original Commit Message:

    Don't fallback to the %StrictEqual / %Equal runtime functions for the
    generic CompareIC slow path, but use the (new) StrictEqual and Equal
    builtins instead. This avoids a performance cliff when mixing input
    types for strict equality sites.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4773
LOG=N

Review-Url: https://codereview.chromium.org/2608283002
Cr-Commit-Position: refs/heads/master@{#42039}
2017-01-03 16:59:45 +00:00
mvstanton
db5cf84a1c [Turbofan] Run loop peeling concurrently.
BUG=v8:5428

Review-Url: https://codereview.chromium.org/2613463002
Cr-Commit-Position: refs/heads/master@{#42038}
2017-01-03 15:52:51 +00:00
rmcilroy
d4b5bfe306 Revert of Use background tasks for the compiler dispatcher (patchset #5 id:80001 of https://codereview.chromium.org/2606263002/ )
Reason for revert:
Causes IgnitionCompilerDispatcherTest.FinishNowWithBackgroundTask to fail.

https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/11209

Original issue's description:
> Use background tasks for the compiler dispatcher
>
> BUG=v8:5215
> R=marja@chromium.org,vogelheim@chromium.org
>
> Review-Url: https://codereview.chromium.org/2606263002
> Cr-Commit-Position: refs/heads/master@{#42035}
> Committed: 7a1b3a7beb

TBR=marja@chromium.org,vogelheim@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5215

Review-Url: https://codereview.chromium.org/2614433002
Cr-Commit-Position: refs/heads/master@{#42037}
2017-01-03 15:51:44 +00:00
mvstanton
37de62c991 [Turbofan] run load elimination concurrently.
BUG=v8:5428
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2602403002
Cr-Commit-Position: refs/heads/master@{#42036}
2017-01-03 15:25:09 +00:00
jochen
7a1b3a7beb Use background tasks for the compiler dispatcher
BUG=v8:5215
R=marja@chromium.org,vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2606263002
Cr-Commit-Position: refs/heads/master@{#42035}
2017-01-03 15:24:00 +00:00
rmcilroy
72c3707672 [Ignition] Teach CompileLazy about interpreted functions.
Currently the CompileLazy builtin checks the SFI expliciltly for FCG code. This means
if the SFI has bytecode we have to go through to the runtime to install the
interpreter entry trampoline into the JSFunction object.

Modify the builtin to always put the SFI code object into the JSFunction unless it's
the lazy compile stub on the SFI as well.

BUG=v8:4380

Review-Url: https://codereview.chromium.org/2583693003
Cr-Commit-Position: refs/heads/master@{#42034}
2017-01-03 15:18:21 +00:00
mythria
d338b94e86 [Interpreter] Ensure that a function is compiled before tiering up to baseline.
When baselining a function using the BaselineFunctionOnNextCall intrinsic, it is
not always ensured that a function is already compiled. Update the
Runtime_BaselineFunctionOnNextCall function to trigger a compile if it is not already
compiled.

BUG=v8:5768

Review-Url: https://codereview.chromium.org/2594543003
Cr-Commit-Position: refs/heads/master@{#42033}
2017-01-03 15:11:32 +00:00
jochen
a11a9c7dd7 Remove runtime-call-stats from compiler dispatcher
RCS can't be used on background threads out of the box, but ignition
already has RCS itself, so just do trace events

BUG=v8:5215
R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2602383002
Cr-Commit-Position: refs/heads/master@{#42032}
2017-01-03 14:39:47 +00:00
machenbach
8ad1e681e3 Revert of [Compiler] Track Ignition background compilation separately in RuntimeStats. (patchset #3 id:80001 of https://codereview.chromium.org/2577263002/ )
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/13358

Original issue's description:
> [Compiler] Track Ignition background compilation separately in RuntimeStats.
>
> Tracks background compilation of Ignition in a separate bucket from main thread
> compilation. Also add some more compilation buckets for functions which can take a
> significant proportion of compilation.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2577263002
> Cr-Commit-Position: refs/heads/master@{#42026}
> Committed: b0e9116d59

TBR=jochen@chromium.org,cbruni@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2609773003
Cr-Commit-Position: refs/heads/master@{#42031}
2017-01-03 14:05:43 +00:00
bmeurer
3a81236f4a [builtins] Migrate more Date builtins to TurboFan builtins.
Migrate Date.prototype.valueOf and Date.prototype[ @@toPrimitive ]
to use the CodeStubAssembler, to avoid going through C++ always
when comparing or subtracting two dates.

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2608143003
Cr-Commit-Position: refs/heads/master@{#42030}
2017-01-03 13:35:05 +00:00
marja
a8a45d875f Various IWYU fixes.
(Missing includes discovered during the objects.h splitting work.)

BUG=v8:5402

Review-Url: https://codereview.chromium.org/2610643002
Cr-Commit-Position: refs/heads/master@{#42029}
2017-01-03 13:16:59 +00:00
bmeurer
f1473c9bb3 [turbofan] Inline calls to Date.now builtin.
Call the %DateCurrentTime runtime function directly instead, which is
cheaper than calling the C++ builtin.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2612513003
Cr-Commit-Position: refs/heads/master@{#42028}
2017-01-03 13:12:29 +00:00
mvstanton
35a393f87a [Turbofan] Run escape analysis concurrently.
BUG=v8:5428

Review-Url: https://codereview.chromium.org/2606273002
Cr-Commit-Position: refs/heads/master@{#42027}
2017-01-03 13:01:36 +00:00
rmcilroy
b0e9116d59 [Compiler] Track Ignition background compilation separately in RuntimeStats.
Tracks background compilation of Ignition in a separate bucket from main thread
compilation. Also add some more compilation buckets for functions which can take a
significant proportion of compilation.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2577263002
Cr-Commit-Position: refs/heads/master@{#42026}
2017-01-03 12:49:17 +00:00
leszeks
b8f93dfe9d [profiler] Log both code and bytecode in heap SFI traversal
The heap traversal for SFI code objects when logging compiled functions
was previously accessing the abstract code of an SFI, logging its
bytecode if it exists or code object otherwise. However, there are some
(rare) cases where an SFI has both bytecode and a non-interpreter code
object -- for example, after baseline tier-up -- in which case we want
to log both, as both could be executing (at different points on the
stack).

BUG=v8:5758

Review-Url: https://codereview.chromium.org/2603333002
Cr-Commit-Position: refs/heads/master@{#42025}
2017-01-03 12:48:05 +00:00
leszeks
0b10c04473 [turbofan] Use Node input iterators where possible
Changes some for loops to use node->inputs() instead of iterating over
InputCount and accessing InputAt(i). This saves some checks for
"has_inline_inputs" and so some branches.

Review-Url: https://codereview.chromium.org/2585713002
Cr-Commit-Position: refs/heads/master@{#42024}
2017-01-03 11:29:23 +00:00
tebbi
e3ac5a31cb Revert of [turbofan] fix another divergence in escape analysis (patchset #1 id:1 of https://codereview.chromium.org/2599793002/ )
Reason for revert:
Caused memory corruption.

BUG=chromium:676767

Original issue's description:
> [turbofan] fix another divergence in escape analysis
>
> This divergence bug is very similar to the one fixed in https://codereview.chromium.org/2522253002/, this time it is an oscillation between a cleared field and a new phi node. The page http://www.sears.com/clothing-shoes-jewelry-clothing-men-s-clothing-men-s-jeans/b-1325287370?Brand=LEE&filterList=Brand&sortOption=UNITS_HIGH_TO_LOW allows for a reliable reproduction.
>
> This fix makes sure that once a field that generated a phi gets cleared, it always stays cleared.
>
> BUG=chromium:670202
>
> R=bmeurer@chromium.org
>
> Review-Url: https://codereview.chromium.org/2599793002
> Cr-Commit-Position: refs/heads/master@{#41922}
> Committed: 8435cc8526

TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:670202

Review-Url: https://codereview.chromium.org/2611623002
Cr-Commit-Position: refs/heads/master@{#42023}
2017-01-03 11:12:05 +00:00
jochen
1795343f3c Add support for idle tasks to the default platform
BUG=

Review-Url: https://codereview.chromium.org/2609833003
Cr-Commit-Position: refs/heads/master@{#42022}
2017-01-03 08:41:40 +00:00
bmeurer
d3ed71ed87 [ic] Use StrictEqual/Equal builtins for CompareIC slow path.
Don't fallback to the %StrictEqual / %Equal runtime functions for the
generic CompareIC slow path, but use the (new) StrictEqual and Equal
builtins instead. This avoids a performance cliff when mixing input
types for strict equality sites.

R=jochen@chromium.org
BUG=v8:4773

Review-Url: https://codereview.chromium.org/2609153002
Cr-Commit-Position: refs/heads/master@{#42021}
2017-01-03 08:30:26 +00:00
zhengxing.li
08f00a15ae X87: [builtins] More stubs to the builtin-o-sphere.
port 05873add85 (r41989)

  original commit message:
  The following ported to builtins:
  FastCloneRegExp
  FastCloneShallowArray
  FastCloneShallowObject

BUG=

Review-Url: https://codereview.chromium.org/2607383002
Cr-Commit-Position: refs/heads/master@{#42020}
2017-01-03 06:26:05 +00:00
zhengxing.li
6ef22472c1 X87: [builtins] FastNewFunctionContextStub becomes a builtin.
port f2e8c9786f (r41988)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/2603313002
Cr-Commit-Position: refs/heads/master@{#42019}
2017-01-03 06:03:55 +00:00
zhengxing.li
0522ea7424 X87: [stubs] Port FastNewObjectStub to TF.
port 5b02a98bfa (r41986)

  original commit message:
  In the process, convert from a code stub into a builtin.

BUG=

Review-Url: https://codereview.chromium.org/2608203002
Cr-Commit-Position: refs/heads/master@{#42018}
2017-01-03 06:01:14 +00:00
zhengxing.li
5892cc9b61 X87: [turbofan] Improve codegen for 8- and 16-bit memory comparisons on Intel platforms.
port be11812c53 (r41971)

  original commit message:
  Recognize and emit in-memory comparisons of 8-bit and 16-bit values with
  immediate values that fit.

BUG=

Review-Url: https://codereview.chromium.org/2612503002
Cr-Commit-Position: refs/heads/master@{#42017}
2017-01-03 05:55:46 +00:00
bmeurer
64e5143dfe [turbofan] Tentative fix for ControlEquivalence crasher.
The ControlEquivalence cannot deal with new nodes inserted by the
Scheduler due to Node splitting. Rather when the ControlEquivalence
sees such a new Node, it'll likely crash on an out-of-bounds access.

This is a speculative fix to make the crash disappear, as there's no
100% reliable repro currently.

BUG=chromium:629398
TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2611603002
Cr-Commit-Position: refs/heads/master@{#42016}
2017-01-03 05:52:27 +00:00
bmeurer
589ecbfa85 [turbofan] Utilize maps from field type tracking to eliminate map checks.
Hook up TurboFan with the existing field type tracking machinery to
eliminate redundant map checks on the results of LoadField operators.
The store side is already implemented in TurboFan for quite some time,
this just adds the load part.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2604393002
Cr-Commit-Position: refs/heads/master@{#42015}
2017-01-02 19:07:28 +00:00
caitp
4f95a1eb5f [promises] port NewPromiseCapability to TF
- Adds CodeAssembler::ConstructJS() to simplify calling JS functions as
constructors, used by NewPromiseCapability()
- Defines PromiseCapability as a special JSObject subclass, with a
non-exensible Map, and read-only non-configurable DataDescriptors which
point to its in-object fields. This allows its fields to be used by JS
builtins until there is no longer any need.

Currently, the performance benefit comes from
https://codereview.chromium.org/2567033003/, but does not appear to
regress performance in any significant way.

BUG=v8:5343
TBR=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2567333002
Cr-Commit-Position: refs/heads/master@{#42014}
2017-01-02 17:22:30 +00:00
jarin
587fda09b7 [turbofan] Introduce graph assembler to build effect-control-linearizer sub-graphs.
Review-Url: https://codereview.chromium.org/2571903004
Cr-Commit-Position: refs/heads/master@{#42013}
2017-01-02 15:50:55 +00:00
mvstanton
0663c225f8 [Turbofan] Simplified lowering to be done concurrently.
R=jarin@chromium.org
BUG=v8:5428

Review-Url: https://codereview.chromium.org/2611523002
Cr-Commit-Position: refs/heads/master@{#42012}
2017-01-02 13:23:25 +00:00
mlippautz
5622bc15f1 Reland of "[heap] Report wrappers after processing the marking deque incrementally"
We need to report cached wrappers within v8 to the embedder after each atomic
phase of v8 marking because the embedder can invalidate the wrappers in-between
v8 marking steps.

E.g., in Chrome, a conservative GC might need to wipe dead wrappables from
the wrapper tracing marking deque.

BUG=chromium:676700, chromium:468240

Review-Url: https://codereview.chromium.org/2610563002
Cr-Commit-Position: refs/heads/master@{#42011}
2017-01-02 13:06:11 +00:00
bmeurer
45aa13514b [turbofan] Track multiple maps for LoadElimination.
Store maps on the CheckMaps operator instead of burning inputs for
the individual maps. Use the same data structure (the ZoneHandleSet)
in the LoadElimination to track multiple maps per object.

BUG=v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2431563002
Cr-Commit-Position: refs/heads/master@{#42010}
2017-01-02 13:03:02 +00:00
jochen
09cb6efd58 Reland "Disable the CompilerDispatcher if we don't have idle time"
Original issue's description:
> Disable the CompilerDispatcher if we don't have idle time
>
> Since we can't do all steps on background threads, we need idle time to
> work
>
> BUG=v8:5215
> R=danno@chromium.org
>
> Review-Url: https://codereview.chromium.org/2600743002
> Cr-Commit-Position: refs/heads/master@{#41944}
> Committed: https://chromium.googlesource.com/v8/v8/+/a0d9eb346bba90aa0b32a
2d3184cbbfd6adb243e

BUG=v8:5215

Review-Url: https://codereview.chromium.org/2606233002
Cr-Commit-Position: refs/heads/master@{#42009}
2017-01-02 12:59:07 +00:00
bmeurer
b617335623 [turbofan] Use InternalizedString feedback abstract/strict equality comparisons.
Add machinery to Ignition and TurboFan to collect and consume
InternalizedString feedback for abstract and strict equality
comparisons. Here we can turn the comparison into a simple
pointer equality check.

R=jarin@chromium.org
BUG=v8:5786

Review-Url: https://codereview.chromium.org/2609013002
Cr-Commit-Position: refs/heads/master@{#42008}
2017-01-02 11:58:01 +00:00
jochen
4246200c4c Remove old debug code from compiler-dispatcher-job-unittest
R=marja@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2606223002
Cr-Commit-Position: refs/heads/master@{#42007}
2017-01-02 11:56:50 +00:00
neis
c5d75a381f [test] Add more maybe-assigned tests for parameters.
R=marja@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2580833005
Cr-Commit-Position: refs/heads/master@{#42006}
2017-01-02 11:25:26 +00:00
bmeurer
380a0207db [crankshaft] Don't bailout on uninitialized access to arguments object.
When Crankshaft compiles a keyed load to arguments, it disabled
optimization unless the KEYED_LOAD_IC for the access was monomorphic.
But that's too restrictive, since it will also disable optimization
for this function when the access is on a path that was never executed
so far.

This was spotted in the Node.js core function EventEmitter.prototype.emit,
which was no longer optimizable with Crankshaft using latest V8.

R=jarin@chromium.org
BUG=v8:5790

Review-Url: https://codereview.chromium.org/2607303002
Cr-Commit-Position: refs/heads/master@{#42005}
2017-01-02 06:52:04 +00:00
ulan
b00fc8be8a Use std::deque for storing edges and children in heap snapshot.
This patch fixes OOM crash that happens for large heap where
the total size of edges exceeds 2GB, which is the hard limit
for v8::internal::List allocated using tcmalloc.

BUG=chromium:675911

Review-Url: https://codereview.chromium.org/2595003002
Cr-Commit-Position: refs/heads/master@{#42004}
2016-12-30 16:27:15 +00:00