Reland d8bfdb7a

Original commit message:
If alignment parameter is set, the memory returned by the
StackSlot operator will be aligned according to the parameter.

The implementation goes like this. If alignment parameter is set
we allocate a bit more memory than actually needed and so we
can move the beginning of the StackSlot in order to have it aligned.

BUG=

Review-Url: https://codereview.chromium.org/2874713003
Cr-Commit-Position: refs/heads/master@{#45339}

Bug: v8:6351
Bug: v8:6366
Change-Id: I3ec9bd75031b2c6148278353461f442c1eaf60ca
Reviewed-on: https://chromium-review.googlesource.com/506015
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45335}

Introduce a new SwitchSmiTable bytecode for generators, which does a
table lookup for the accumulator value in a jump table stored in the
constant array pool. This removes the if-else chains at resumable
function/loop headers.

As a drive-by, add a scoped environment saving struct to the bytecode
graph builder.

Bug: v8:6351
Bug: v8:6366
Change-Id: I63be15a8b599d6684c7df19dedb8860562678fb0
Reviewed-on: https://chromium-review.googlesource.com/500271
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45314}

Add Miran Karic and Dusan Simicic
Remove Paul Lind, Gergely Kis, Akos Palfi, Balasz Kilvady
and Dusan Milosavljevic

NOTRY=true

Review-Url: https://codereview.chromium.org/2881493003
Cr-Commit-Position: refs/heads/master@{#45273}

The current implementation failed when comparing an integral type to a
reference to an integral type of different signedness (see updated
unittest).
This CL fixes the checks to actually test the std::decay<T>::type,
i.e. with all references, const or volatile modifiers stripped.

R=jochen@chromium.org, ishell@chromium.org
TEST=unittests/LoggingTest.CompareWithReferenceType

Change-Id: Ib0ac077a91e0409ada7a80b68150cb98cbdd32f1
Reviewed-on: https://chromium-review.googlesource.com/502814Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45271}

This CL implements a streaming decoder which takes the bytes
of a wasm module as an input, potentially split into multiple
chunks, and decodes them into segments. Each segment either
contains the payload of a whole section, or the code of a
single function. The goal is that the streaming decoder is
used for streaming compilation. That's where the interface
comes from, see
(https://cs.chromium.org/chromium/src/v8/include/v8.h?q=OnBytesReceived&sq=package:chromium&l=4060)

Error positions are not reported correctly at the moment. I
plan to do this in a separate CL.

Change-Id: I6e3df6a91945c7baec2dc4f5de2e5f47636083df
Reviewed-on: https://chromium-review.googlesource.com/471350
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45250}

One of the serializer fuzzers passes in random data to the deserializer,
which can then be used to deserialize a JSRegExp instance with random flag
contents. This can cause issues since the JSRegExp::Flag enum statically
contains kDotAll - but it is only valid to set kDotAll iff
FLAG_harmony_regexp_dotall is set.

This CL verifies deserialized flags before constructing the JSRegExp
and bails out if they are invalid.

R=jbroman@chromium.org,yangguo@chromium.org
BUG=chromium:719280

Review-Url: https://codereview.chromium.org/2870743004
Cr-Commit-Position: refs/heads/master@{#45222}

That's cleaner than having every target depending on v8 include icu
itself.

BUG=none
R=machenbach@chromium.org

Change-Id: Icaa9e8670718664041a6efe2622366c89b733f81
Reviewed-on: https://chromium-review.googlesource.com/500127Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45196}

R=clemensh@chromium.org

Change-Id: Iddbf8f2053318d90eaa3f469a36e67afca06b529
Reviewed-on: https://chromium-review.googlesource.com/500347Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45194}

Intrinsic and generic lowering for generator object creation. In a follow-on, create lowering will be addressed.

BUG=v8:6352

Review-Url: https://codereview.chromium.org/2862213002
Cr-Commit-Position: refs/heads/master@{#45171}

Make ModuleResult and FunctionResult return Result<std::unique_ptr<X>>.
This makes memory ownership and transfer of ownership more clear and
avoids a lot of manual releases of the referenced native heap object.

R=ahaas@chromium.org

Change-Id: I7a3f5bd7761b6ae1ebdc7d17ff1b96a8df599871
Reviewed-on: https://chromium-review.googlesource.com/498352Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45160}

This adaptation will allow build v8 when the component is defined as
shared library. Without this, at linking phase of the unittests will be
displayed error messages for undefined references.

TEST=
BUG=

Review-Url: https://codereview.chromium.org/2853483002
Cr-Commit-Position: refs/heads/master@{#45126}

- Removes primitive shuffle opcodes.
- Adds Shuffle opcode for S32x4, S16x8, S8x16.
- Adds code to ARM instruction selector to pick best opcodes for some
  common shuffle patterns.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2847663005
Cr-Commit-Position: refs/heads/master@{#45104}

AllocateGuarded previously fell back on Allocate and then called Guard
to set the protection to PROT_NONE. Linux commits RW memory, but the
important thing here is to reserve the address space without committing
it. This change adds a new variant of Allocate that takes explicit
permission bits so that AllocateGuarded allocates non-RW memory from the
beginning.

Bug: v8:6320
Change-Id: I7962acbed09938951bf3bb4af2d1f302adba2547
Reviewed-on: https://chromium-review.googlesource.com/491928
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45075}

In the spirit of the full MC, we evacuate and update pointers in parallel for
the young generation.

The collectors are connected during incremental marking when mark bits are
transferred from the young generation bitmap to the old generation bitmap.

The evacuation phase cannot (yet) move pages and relies completely on copying
objects.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2796233003
Cr-Commit-Position: refs/heads/master@{#45074}

During computation of the side table, ignore stack effects of
instructions following any unconditional jump in the same block
(|unreachable|, |br|, |br_table| or |return| jump out of the block).
Without this fix, the current stack height might underflow, or we compute an
unnecessarily large max_stack_height_. Note that those instruction will
never get executed anyway.
Hence, we don't need to store any side table information for such
unreachable code.

R=rossberg@chromium.org
BUG=chromium:716936, chromium:715990

Change-Id: I282f7f18ba1b972a112210e692f6cd05cf32308c
Reviewed-on: https://chromium-review.googlesource.com/493266Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45059}

This reverts commit 5db25a09.

Original change's description:
> Make unittest link correctly again
>
> Remains to port these fixes over to gyp.
>
> R=machenbach@chromium.org, jkummerow@chromium.org, mstarzinger@chromium.org
> BUG=v8:6325
>
> Change-Id: I3bebbc6d0ec52fcb60e3d51acd27e616f51d3dbb
> Reviewed-on: https://chromium-review.googlesource.com/490108
> Commit-Queue: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45026}

R=jkummerow@chromium.org
TBR=mstarzinger@chromium.org,clemensh@chromium.org
BUG=v8:6325

Change-Id: Ic3c0ffdf1f13045ea5a3929b720908e0b27a11c3
Reviewed-on: https://chromium-review.googlesource.com/494566Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45056}

This reverts commit 0f5ebcca.

Reason for revert: Still blocks rolling:
https://codereview.chromium.org/2857903002/

Original change's description:
> Make unittest link correctly again
> 
> Remains to port these fixes over to gyp.
> 
> R=​machenbach@chromium.org, jkummerow@chromium.org, mstarzinger@chromium.org
> BUG=v8:6325
> 
> Change-Id: I3bebbc6d0ec52fcb60e3d51acd27e616f51d3dbb
> Reviewed-on: https://chromium-review.googlesource.com/490108
> Commit-Queue: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45026}

TBR=jkummerow@chromium.org,machenbach@chromium.org,mstarzinger@chromium.org,jochen@chromium.org,clemensh@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6325

Change-Id: Icb11e6e12cb6c7bd6c68677359596fee740b6531
Reviewed-on: https://chromium-review.googlesource.com/494467Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45049}

This patch adds a concurrent marking deque that exposes the same interface
for the main thread as the existing marking deque.

The matching interface makes the concurrent marking deque a drop-in
replacement for the sequential marking deque without any change in
mark-compactor and incremental marker.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2810893002
Cr-Commit-Position: refs/heads/master@{#45042}

BytecodeRegisterOptimizer had special handling for the case when parameters
is 0. This is not possible from valid javascript. It exists because some
tests do not take this into account. Fixed tests and removed the special
handling.

Also removed a TODO, which is already done here:
https://codereview.chromium.org/2227203002/

Bug: v8:4280,v8:6325
Change-Id: Idc17af12ad9292c13a6677aa4c8b88d21f4adf81
Reviewed-on: https://chromium-review.googlesource.com/490308
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45036}

Remains to port these fixes over to gyp.

R=machenbach@chromium.org, jkummerow@chromium.org, mstarzinger@chromium.org
BUG=v8:6325

Change-Id: I3bebbc6d0ec52fcb60e3d51acd27e616f51d3dbb
Reviewed-on: https://chromium-review.googlesource.com/490108
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45026}

This avoids generating redundant code for different template
instantiations.
I also introduce getters instead of accessing the fields directly.

R=ahaas@chromium.org
BUG=v8:6325

Change-Id: I3e0eca9ef6a01e0a3ebb73f4f357bcb59e120f43
Reviewed-on: https://chromium-review.googlesource.com/490166Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44976}

BUG=v8:6316
R=jbroman@chromium.org,yangguo@chromium.org

Change-Id: Icfc33e3e51cdbfad246a971a5a2737a8fdfba058
Reviewed-on: https://chromium-review.googlesource.com/488941
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44963}

With fix for architectures where x<<32 != x.

Original change's description:
> [base] Introduce RoundUpToPowerOfTwo64
>
> And fix RoundUpToPowerOfTwo32 to return 1 for the input 0.
> 0 is no power of two.
> Beside being the correct value, this also avoids a special case in the
> (new) fast path using the number of leading zeros.
>
> R=​jochen@chromium.org, ahaas@chromium.org
>
> Change-Id: I87173495e13b334954bcebbb55724fb666dfa809
> Reviewed-on: https://chromium-review.googlesource.com/488143
> Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44925}

TBR=ahaas@chromium.org,jochen@chromium.org,clemensh@chromium.org,v8-reviews@googlegroups.com

Change-Id: I7b4719d84a419bb7b38e3b5c9d6d183275087ace
Reviewed-on: https://chromium-review.googlesource.com/488981
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44951}

This reverts commit 9ceaf212.

Reason for revert: Fails on arm: http://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/2950/steps/Check/logs/Bits.RoundUpToPowerOf..

Original change's description:
> [base] Introduce RoundUpToPowerOfTwo64
> 
> And fix RoundUpToPowerOfTwo32 to return 1 for the input 0.
> 0 is no power of two.
> Beside being the correct value, this also avoids a special case in the
> (new) fast path using the number of leading zeros.
> 
> R=​jochen@chromium.org, ahaas@chromium.org
> 
> Change-Id: I87173495e13b334954bcebbb55724fb666dfa809
> Reviewed-on: https://chromium-review.googlesource.com/488143
> Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44925}

TBR=ahaas@chromium.org,jochen@chromium.org,clemensh@chromium.org,v8-reviews@googlegroups.com,wasm-v8@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Change-Id: Ib353ee0a944316da6f919bac3bb88d4f95d98ea0
Reviewed-on: https://chromium-review.googlesource.com/488365Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44935}

And fix RoundUpToPowerOfTwo32 to return 1 for the input 0.
0 is no power of two.
Beside being the correct value, this also avoids a special case in the
(new) fast path using the number of leading zeros.

R=jochen@chromium.org, ahaas@chromium.org

Change-Id: I87173495e13b334954bcebbb55724fb666dfa809
Reviewed-on: https://chromium-review.googlesource.com/488143Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44925}

This fixes the bounds checking of "unsigned" numeric literals (those
that do not contains dots) by the parser. In particular this fixes a
bogus truncation to 32-bit in the scanner. It also makes the scanner
more robust by limiting the range of those numeric literals, hence
completely avoiding rounding loss or truncation errors.

R=clemensh@chromium.org
TEST=unittests/AsmJsScannerTest.UnsignedNumbers
BUG=v8:6298

Change-Id: Id31ab3c652e99fa8d3d6663315768e1bfaf3b773
Reviewed-on: https://chromium-review.googlesource.com/486881Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44890}

The only users of the LoadStoreOpcodeOf function were a number of
macros in wasm-macro-gen.h, and three test functions using it directly.
This CL refactors those functions to also use the macros.
In one case, this requires storing the value in a local variable first.

R=ahaas@chromium.org

Change-Id: Ia2fbf67a3831fafc9345e155eb240cf1bf6feb5d
Reviewed-on: https://chromium-review.googlesource.com/486842Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44885}

This header file is only used from tests.
Also, move the LoadStoreOpcodeOf method (only used in tests) from
wasm-opcodes.h to wasm-macro-gen.h.

R=ahaas@chromium.org

Change-Id: I8d4691be494b5c1fbe3084441329850930bad647
Reviewed-on: https://chromium-review.googlesource.com/486861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44845}

wasm-macro-gen.h is mainly used from tests, but LocalDeclEncoder is
also used from various other places.
This CL moves the LocalDeclEncoder to an own compilation unit. We want
to later move wasm-macro-gen.h to the tests folder.
It also refactors the LocalDeclEncoder to reuse the
LEBHelper::write_u32v and LEBHelper::sizeof_u32v methods instead of
reimplementing it.

R=ahaas@chromium.org

Change-Id: Ia4651436f0544578da7c1c43596d343571942e97
Reviewed-on: https://chromium-review.googlesource.com/486724Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44838}

Instead of dynamically tracking the block nesting, precompute the
information statically.
The interpreter was already using a side table to store the pc diff for
each break, conditional break and others. The information needed to
adjust the stack was tracked dynamically, however. This CL also
precomputes this information, as it is statically known.
Instead of just storing the pc diff in the side table, we now store the
pc diff, the stack height diff and the arity of the target block.

Local measurements show speedups of 5-6% on average, sometimes >10%.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I986cfa989aabe1488f2ff79ddbfbb28aeffe1452
Reviewed-on: https://chromium-review.googlesource.com/485482Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44837}

VC++ 2017's STL doesn't suppress warnings as aggressively as prior
versions did. This causes warnings on code which mixes signed and
unsigned types. In this case a deque of unsigned integers was being
queried to see how many signed integers it contains. This could be
fixed by passing in unsigned 0, 1, and 2 to std::count but changing
the deque from unsigned to int is simpler.

R=adamk@chromium.org
BUG=chromium:683729

Review-Url: https://codereview.chromium.org/2834293002
Cr-Commit-Position: refs/heads/master@{#44814}

- Split out code for Intl objects into src/objects/
- Rename i18n to intl (except for the name of the build flag)
- Use build system more broadly to turn on/off Intl code
- Delete a little bit of dead code

Bug: v8:5751
Change-Id: I41bf2825a5cb0df20824922b17c24cae637984da
Reviewed-on: https://chromium-review.googlesource.com/481284Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44801}

Add missing kEnd opcode after each body. Also, avoid the macro.
This fix is needed for follow-up changes to the control transfer
computation.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: If2b4dbea831ec40939a2045701f3d13479331773
Reviewed-on: https://chromium-review.googlesource.com/485481Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44794}

Review-Url: https://codereview.chromium.org/2827263004
Cr-Commit-Position: refs/heads/master@{#44783}

There's no reason to keep track, for a preparsed function itself,
whether that function calls eval. All that matters is that the ancestor
scopes are marked as having an inner scope which calls eval. The function
will have its "calls eval" bit persisted if/when it's fully parsed.

The only "behavioral" change in this patch is the removal of a DCHECK.

Bug: v8:6092
Change-Id: I17e396c8a265030fe0ad941707e4a97972e6650b
Reviewed-on: https://chromium-review.googlesource.com/481223
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44732}

This switches the parser to use token positions (i.e. {Position})
instead of stream positions (i.e. {GetPosition}) everywhere. Access to
the latter is being removed as it is unsupported when the scanner is in
rewind state anyways. This prevents "skipping" a token when seeking.

R=bradnelson@chromium.org
BUG=v8:6127

Change-Id: I9c13dd20a981061a2bccc4fb57e5c57d2a64ac5c
Reviewed-on: https://chromium-review.googlesource.com/480300Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44699}

BUG=v8:5516

Change-Id: Ie2e41ffa82c63788e285641232a5d555155b0d13
Reviewed-on: https://chromium-review.googlesource.com/480239
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44689}

When the incoming value to ChangeFloat64ToTagged is in Smi range, we
represent it as Smi instead of a HeapNumber. This addresses a range of
problems where TurboFan unnecessarily deoptimizes because an operation
learned Smi feedback in Ignition, but was then confronted with a tagged
HeapNumber in TurboFan, just because the value was also represented as
unboxed double somewhere in the meantime.

BUG=v8:6256
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2815283002
Cr-Commit-Position: refs/heads/master@{#44631}

Usually program doesn't contain a lot of different stack frames in collected stack trace.

BUG=v8:6189
R=yangguo@chromium.orr
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2788413004
Cr-Commit-Position: refs/heads/master@{#44622}