port d00da47b(r34335)

  original commit message:
  The CompareICStub produces an untagged raw word value, which has to be
  translated to true or false manually in the TurboFan code. But for lazy
  bailout after the CompareIC, we immediately go back to fullcodegen or
  Ignition with the raw value, to a location where both fullcodegen and
  Ignition expect a boolean value, which might crash or in the worst case
  (depending on the exact computation inside the CompareIC) could lead to
  arbitrary memory access.

  Short-term fix is to use the proper runtime functions (unified with the
  interpreter now) for comparisons. Next task is to provide optimized
  versions of these based on the CodeStubAssembler, which can then be used
  via code stubs in TurboFan or directly in handlers in the interpreter.

BUG=

Review URL: https://codereview.chromium.org/1744923002

Cr-Commit-Position: refs/heads/master@{#34372}