This adds support to TurboFan's representation selection for the Word64
representation, and makes use of that to handle indices for memory access
and allocation instructions (i.e. LoadElement, StoreElement, Allocate,
etc.). These instructions had previously used Word32 as representation
for the indices / sizes, and then internally converted it to the correct
representation (aka Word64 on 64-bit architectures) later on, but that
was kind of brittle, and sometimes led to weird generated code.

The change thus only adds support to convert integer values in the safe
integer range from all kinds of representations to Word64 (on 64-bit
architectures). We don't yet handle the opposite direction and none of
the representation selection heuristics for the numeric operations were
changed so far. This will be done in follow-up CLs.

This CL itself is supposed to be neutral wrt. functionality, and only
serves as a starting point, and a cleanup for the (weird) implicit
Word64 index/size handling.

Bug: v8:7881, v8:8015, v8:8171
Design-Document: http://bit.ly/turbofan-word64
Change-Id: I3c6961a0e96cbc3fb8ac9d3e1be8f2e5c89bfd25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1224932
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55886}

To support all possible cases, we must limit the number of register
args for TFS builtins on ia32 to 3. Out of the 6 allocatable
registers, esi is taken as the context register and ebx is the root
register. One register must remain available to store the jump/call
target. Thus 3 registers remain for arguments.

The reason this applies to TFS builtins specifically is because this
becomes relevant for builtins used as targets of Torque function
pointers (which must have a register available to store the target).

Bug: v8:6666
Change-Id: I17d9450cc29c983ddaffc2deb36f45c1c414e166
Reviewed-on: https://chromium-review.googlesource.com/1209287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55759}

This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).

This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.

Bug: chromium:225811
Change-Id: I7c1ec826faf46a144a5a9068f8f815a5fd040997
Reviewed-on: https://chromium-review.googlesource.com/1174252Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55111}

This reverts commit c46915b9.

Reason for revert: Disasm failures https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/21727 

Original change's description:
> [turbofan] Further optimize DataView accesses.
> 
> This adds support for unaligned load/store access to the DataView
> backing store and uses byteswap operations to fix up the endianess
> when necessary. This changes the Word32ReverseBytes operator to be
> a required operator and adds the missing support on the Intel and
> ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
> is also mandatory now).
> 
> This further improves the performance on the dataviewperf.js test
> mentioned in the tracking bug by up to 40%, and at the same time
> reduces the code complexity in the EffectControlLinearizer.
> 
> Bug: chromium:225811
> Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
> Reviewed-on: https://chromium-review.googlesource.com/1172777
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55099}

TBR=sigurds@chromium.org,bmeurer@chromium.org

Change-Id: If7a62e3a1a4ad26823fcbd2ab6eb4c053ad11c49
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:225811
Reviewed-on: https://chromium-review.googlesource.com/1174171Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55107}

This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).

This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.

Bug: chromium:225811
Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
Reviewed-on: https://chromium-review.googlesource.com/1172777
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55099}

Bug: v8:7754
Change-Id: I6e1461d5e4214b5649f850166c3a988019098465
Reviewed-on: https://chromium-review.googlesource.com/1110126
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53958}

Bug: v8:7754, v8:6600
Change-Id: I4db943d4a4a02a14bba670f89661ea98c5e306dd
Reviewed-on: https://chromium-review.googlesource.com/1107919
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53907}

Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.

Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.

This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}

R=ishell@chromium.org

Change-Id: I84288cc16297dbe33adddbdf08b689db95d0fc04
Reviewed-on: https://chromium-review.googlesource.com/1104164Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53786}

Bug: v8:5269
Change-Id: I78678aee42b2ae930b995cd194b4d20516e0d229
Reviewed-on: https://chromium-review.googlesource.com/1098929
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53730}

The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.

With that in place, we also remove the array masking approach based
on arithmetic.

Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.

Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.

Bug: chromium:798964

Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}

This CL changes the poisoning in the interpreter to use the
infrastructure used in the JIT.

This does not change the original flag semantics:

--branch-load-poisoning enables JIT mitigations as before.

--untrusted-code-mitigation enables the interpreter mitigations
  (now realized using the compiler back-end), but does not enable
  the back-end based mitigations for the Javascript JIT. So in effect
  --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
  use the same mechanics (including changed register allocation) that
  --branch-load-poisoning enables for the JIT.

Bug: chromium:798964
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52243}

Change-Id: If8678bd244a0a4e21b1967c15da80e49643a33ea
Reviewed-on: https://chromium-review.googlesource.com/973001Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52101}

This also introduces FrameStateInfoOf helper.

Bug: v8:7517, v8:7310
Change-Id: If2dd1257fb9384fe957a980077a65154cc014d3b
Reviewed-on: https://chromium-review.googlesource.com/946009
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51718}

Change-Id: I618e357ea0d00b64dd4d8a54e865bed716a460e8
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/947963Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51716}

This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only for x64 optimized code, under the
--branch-load-poisoning flag.

Overview of changes:
- new register configuration configuration with one register reserved for
  the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
  of all successors of branches (and deopts) that are marked as safety
  branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
  * only integer loads are masked at the moment.

Bug: chromium:798964
Change-Id: Ie51fdbde578fc289dff029794f3cfe8eaf33e1ef
Reviewed-on: https://chromium-review.googlesource.com/901625
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51272}

This is a purely cosmetic change. Rename all local variables and
parameters of type CallDescriptor* to "call_descriptor".
For locals that are now named "call_descriptor", use auto upon
initialization, following the Google style guide
(https://google.github.io/styleguide/cppguide.html#auto).

Note: fields in structs and classes were not renamed in this CL.

R=clemensh@chromium.org,mstarzinger@chromium.org,jarin@chromium.org

Change-Id: Ic6f7afdba12f7b97741b098a9d0e0f58c41c587e
Reviewed-on: https://chromium-review.googlesource.com/909866
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51223}

After https://crrev.com/c/832457, CheckedLoad is not being used any
more. Thus, remove it from the TurboFan backend and from all tests.
CheckedStore was already removed in https://crrev.com/c/822570.

R=jarin@chromium.org
CC=titzer@chromium.org, mstarzinger@chromium.org

Change-Id: I2eeec2f4a9d0a10067db5cc25ec41366ae85e917
Reviewed-on: https://chromium-review.googlesource.com/832459
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50323}

This operation was used to implement asm.js stores, but is obsolete
with asm.js stores now being lowered to normal graph nodes.

R=mstarzinger@chromium.org
CC=jarin@chromium.org

Bug: 
Change-Id: Iea90b1a62be2e273c0562058642adc5b63ae2cf8
Reviewed-on: https://chromium-review.googlesource.com/822570
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50046}

Reland of https://chromium-review.googlesource.com/c/v8/v8/+/727893
The crashes should be fixed by https://chromium-review.googlesource.com/c/v8/v8/+/763531

Original change's description:
> Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph""
> 
> This reverts commit ac0661b3.
> 
> Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
> 
> Original change's description:
> > Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This gives up on earlier attempts to interpret DeadValue as a signal of
> > unreachable code. This does not work because free-floating dead value
> > nodes, and even pure branch nodes that use them, can get scheduled so
> > early that they get reachable. Instead, we now eagerly remove branches
> > that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> > to value phi nodes with dummy values.
> >
> > Reland of https://chromium-review.googlesource.com/715716
> >
> > Bug: chromium:741225 chromium:776256
> > Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> > Reviewed-on: https://chromium-review.googlesource.com/727893
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#49188}
> 
> TBR=jarin@chromium.org,tebbi@chromium.org
> 
> Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
> Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
> Reviewed-on: https://chromium-review.googlesource.com/758770
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49262}

TBR=jarin@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6c02b4beb02997ec34015ed2f6791a93c70f5e36
Reviewed-on: https://chromium-review.googlesource.com/772150
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49429}

This is a reland of ba76ad68
Original change's description:
> [Turbofan] Introduce AllocateRaw node
>
> In order to simplify and verify the TurboFan graph, we
> need to wire allocations into the control chain after
> effect control linearization.
>
> Bug: v8:7002
> Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
> Reviewed-on: https://chromium-review.googlesource.com/738139
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49209}

TBR=jarin@chromium.org

Bug: v8:7002
Change-Id: Iba588c498bb5de113abfba7f9e40cfe4325dea4a
Reviewed-on: https://chromium-review.googlesource.com/758436
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49300}

This reverts commit ac0661b3.

Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035

Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}

TBR=jarin@chromium.org,tebbi@chromium.org

Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}

This reverts commit ba76ad68.

Reason for revert: Broke GCStress on arm64 port...investigating

Original change's description:
> [Turbofan] Introduce AllocateRaw node
> 
> In order to simplify and verify the TurboFan graph, we
> need to wire allocations into the control chain after
> effect control linearization.
> 
> Bug: v8:7002
> Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
> Reviewed-on: https://chromium-review.googlesource.com/738139
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49209}

TBR=mvstanton@chromium.org,jarin@chromium.org

Change-Id: I98669fdff1b960912d6eaad239776262f7bf8c67
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7002
Reviewed-on: https://chromium-review.googlesource.com/758396Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49212}

In order to simplify and verify the TurboFan graph, we
need to wire allocations into the control chain after
effect control linearization.

Bug: v8:7002
Change-Id: I4c5956c8d16773d721482d46a0b407bee01a9597
Reviewed-on: https://chromium-review.googlesource.com/738139Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49209}

This gives up on earlier attempts to interpret DeadValue as a signal of 
unreachable code. This does not work because free-floating dead value 
nodes, and even pure branch nodes that use them, can get scheduled so
early that they get reachable. Instead, we now eagerly remove branches
that use DeadValue in DeadCodeElimination and replace DeadValue inputs 
to value phi nodes with dummy values.

Reland of https://chromium-review.googlesource.com/715716

Bug: chromium:741225 chromium:776256
Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
Reviewed-on: https://chromium-review.googlesource.com/727893
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49188}

This revert is manual, but almost completely automatic. 
It was just blocked by a single-line irrelevant refactoring change.
This reverts commit 1cee0e01.

Reason for revert: chromium:776256

Original change's description:
> Reland^4 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
> The issue was that in the EffectControlLinearizer, the effect input of an
> {Unreachable} node was not updated, leaving a {Checkpoint} behind.
>
> This is a reland of 4cf47645
> Original change's description:
> > Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This fixes the issues
> > https://bugs.chromium.org/p/chromium/issues/detail?id=772873
> > and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> >
> > One problem was that mutating an effect node into Unreachable confused
> > the LoadElimination sidetables, so I just always create a new node now.
> >
> > The other problem was that UpdateBlockControl() was executed after
> > UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> > So now I make sure that UpdateEffectPhi() is always executed last.
> >
> > This is a reland of 6ddb5e7d
> > Original change's description:
> > > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > >
> > > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the
> > > graph end. This fixes issues with later phases running DeadCodeElimination and
> > > introducing new DeadValue nodes when processing uses of Unreachable.
> > >
> > > This is a reland of 3c4bc27f
> > > Original change's description:
> > > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > >
> > > > This is a reland of e1cdda25
> > > > Original change's description:
> > > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > >
> > > > > In addition to using the {Dead} node to prune dead control nodes and nodes that
> > > > > depend on them, we introduce a {DeadValue} node representing an impossible value
> > > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > > of a node with type {None} as dead.
> > > > >
> > > > > Bug: chromium:741225
> > > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > >
> > > > Bug: chromium:741225
> > > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48232}
> > >
> > > Bug: chromium:741225
> > > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > > Reviewed-on: https://chromium-review.googlesource.com/702264
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48366}
> >
> > Bug: chromium:741225
> > Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> > Reviewed-on: https://chromium-review.googlesource.com/709214
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48469}
>
> Bug: chromium:741225
> Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
> Reviewed-on: https://chromium-review.googlesource.com/715716
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48660}

TBR=jarin@chromium.org,tebbi@chromium.org,bmeurer@chromium.org


Bug: chromium:741225 chromium:776256
Change-Id: Iaf2af3cb6dea5fdece43297cb9d987e7decc726d
Reviewed-on: https://chromium-review.googlesource.com/727804
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48749}

This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
The issue was that in the EffectControlLinearizer, the effect input of an
{Unreachable} node was not updated, leaving a {Checkpoint} behind.

This is a reland of 4cf47645
Original change's description:
> Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This fixes the issues 
> https://bugs.chromium.org/p/chromium/issues/detail?id=772873 
> and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> 
> One problem was that mutating an effect node into Unreachable confused 
> the LoadElimination sidetables, so I just always create a new node now.
> 
> The other problem was that UpdateBlockControl() was executed after 
> UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> So now I make sure that UpdateEffectPhi() is always executed last.
> 
> This is a reland of 6ddb5e7d
> Original change's description:
> > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> > graph end. This fixes issues with later phases running DeadCodeElimination and
> > introducing new DeadValue nodes when processing uses of Unreachable.
> > 
> > This is a reland of 3c4bc27f
> > Original change's description:
> > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > 
> > > This is a reland of e1cdda25
> > > Original change's description:
> > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > 
> > > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > of a node with type {None} as dead.
> > > > 
> > > > Bug: chromium:741225
> > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > 
> > > Bug: chromium:741225
> > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48232}
> > 
> > Bug: chromium:741225
> > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > Reviewed-on: https://chromium-review.googlesource.com/702264
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48366}
> 
> Bug: chromium:741225
> Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> Reviewed-on: https://chromium-review.googlesource.com/709214
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48469}

Bug: chromium:741225
Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
Reviewed-on: https://chromium-review.googlesource.com/715716Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48660}

This reverts commit 4cf47645.

Reason for revert: Broken effect chains detected by Clusterfuzz. Playing it safe for the 63 branch.

Original change's description:
> Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This fixes the issues 
> https://bugs.chromium.org/p/chromium/issues/detail?id=772873 
> and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> 
> One problem was that mutating an effect node into Unreachable confused 
> the LoadElimination sidetables, so I just always create a new node now.
> 
> The other problem was that UpdateBlockControl() was executed after 
> UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> So now I make sure that UpdateEffectPhi() is always executed last.
> 
> This is a reland of 6ddb5e7d
> Original change's description:
> > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> > graph end. This fixes issues with later phases running DeadCodeElimination and
> > introducing new DeadValue nodes when processing uses of Unreachable.
> > 
> > This is a reland of 3c4bc27f
> > Original change's description:
> > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > 
> > > This is a reland of e1cdda25
> > > Original change's description:
> > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > 
> > > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > of a node with type {None} as dead.
> > > > 
> > > > Bug: chromium:741225
> > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > 
> > > Bug: chromium:741225
> > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48232}
> > 
> > Bug: chromium:741225
> > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > Reviewed-on: https://chromium-review.googlesource.com/702264
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48366}
> 
> Bug: chromium:741225
> Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> Reviewed-on: https://chromium-review.googlesource.com/709214
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48469}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: Icf6a6af4feaafd4bde28cb7b996735ff91bb3810
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225
Reviewed-on: https://chromium-review.googlesource.com/715096Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48482}

This fixes the issues 
https://bugs.chromium.org/p/chromium/issues/detail?id=772873 
and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.

One problem was that mutating an effect node into Unreachable confused 
the LoadElimination sidetables, so I just always create a new node now.

The other problem was that UpdateBlockControl() was executed after 
UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
So now I make sure that UpdateEffectPhi() is always executed last.

This is a reland of 6ddb5e7d
Original change's description:
> Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> graph end. This fixes issues with later phases running DeadCodeElimination and
> introducing new DeadValue nodes when processing uses of Unreachable.
> 
> This is a reland of 3c4bc27f
> Original change's description:
> > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > This is a reland of e1cdda25
> > Original change's description:
> > > [turbofan] eagerly prune None types and deadness from the graph
> > > 
> > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > of a node with type {None} as dead.
> > > 
> > > Bug: chromium:741225
> > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48208}
> > 
> > Bug: chromium:741225
> > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > Reviewed-on: https://chromium-review.googlesource.com/692034
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48232}
> 
> Bug: chromium:741225
> Change-Id: I5702ec34856c075717162153adc765774453c45f
> Reviewed-on: https://chromium-review.googlesource.com/702264
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48366}

Bug: chromium:741225
Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
Reviewed-on: https://chromium-review.googlesource.com/709214
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48469}

This reverts commit 6ddb5e7d.

Reason for revert: chromium:772873 chromium:772872

Original change's description:
> Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> graph end. This fixes issues with later phases running DeadCodeElimination and
> introducing new DeadValue nodes when processing uses of Unreachable.
> 
> This is a reland of 3c4bc27f
> Original change's description:
> > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > This is a reland of e1cdda25
> > Original change's description:
> > > [turbofan] eagerly prune None types and deadness from the graph
> > > 
> > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > of a node with type {None} as dead.
> > > 
> > > Bug: chromium:741225
> > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48208}
> > 
> > Bug: chromium:741225
> > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > Reviewed-on: https://chromium-review.googlesource.com/692034
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48232}
> 
> Bug: chromium:741225
> Change-Id: I5702ec34856c075717162153adc765774453c45f
> Reviewed-on: https://chromium-review.googlesource.com/702264
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48366}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: Ib0f59b8463681abf6a9158112515aefae3c76b5f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225
Reviewed-on: https://chromium-review.googlesource.com/707275Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48407}

Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
graph end. This fixes issues with later phases running DeadCodeElimination and
introducing new DeadValue nodes when processing uses of Unreachable.

This is a reland of 3c4bc27f
Original change's description:
> Reland "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This is a reland of e1cdda25
> Original change's description:
> > [turbofan] eagerly prune None types and deadness from the graph
> > 
> > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > of a node with type {None} as dead.
> > 
> > Bug: chromium:741225
> > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > Reviewed-on: https://chromium-review.googlesource.com/641250
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48208}
> 
> Bug: chromium:741225
> Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> Reviewed-on: https://chromium-review.googlesource.com/692034
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48232}

Bug: chromium:741225
Change-Id: I5702ec34856c075717162153adc765774453c45f
Reviewed-on: https://chromium-review.googlesource.com/702264Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48366}

This reverts commit 3c4bc27f.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=770257

Original change's description:
> Reland "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This is a reland of e1cdda25
> Original change's description:
> > [turbofan] eagerly prune None types and deadness from the graph
> > 
> > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > of a node with type {None} as dead.
> > 
> > Bug: chromium:741225
> > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > Reviewed-on: https://chromium-review.googlesource.com/641250
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48208}
> 
> Bug: chromium:741225
> Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> Reviewed-on: https://chromium-review.googlesource.com/692034
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48232}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: Ied8da411a9c8cbe4ed2e1d3e98a76162c2834c97
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225 chromium:770257
Reviewed-on: https://chromium-review.googlesource.com/693235Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48246}

This is a reland of e1cdda25
Original change's description:
> [turbofan] eagerly prune None types and deadness from the graph
> 
> In addition to using the {Dead} node to prune dead control nodes and nodes that 
> depend on them, we introduce a {DeadValue} node representing an impossible value 
> that can occur at any position in the graph. The extended {DeadCodeElimination}
> prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> the effect chain when possible. The remaining uses of {DeadValue} are handled
> in {EffectControlLinearizer}, where we always have access to the effect chain.
> In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> of a node with type {None} as dead.
> 
> Bug: chromium:741225
> Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> Reviewed-on: https://chromium-review.googlesource.com/641250
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48208}

Bug: chromium:741225
Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
Reviewed-on: https://chromium-review.googlesource.com/692034Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48232}

This reverts commit e1cdda25.

Reason for revert: Fails 'constructor-inlining' on GC-Stress bot: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15270

Original change's description:
> [turbofan] eagerly prune None types and deadness from the graph
> 
> In addition to using the {Dead} node to prune dead control nodes and nodes that 
> depend on them, we introduce a {DeadValue} node representing an impossible value 
> that can occur at any position in the graph. The extended {DeadCodeElimination}
> prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> the effect chain when possible. The remaining uses of {DeadValue} are handled
> in {EffectControlLinearizer}, where we always have access to the effect chain.
> In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> of a node with type {None} as dead.
> 
> Bug: chromium:741225
> Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> Reviewed-on: https://chromium-review.googlesource.com/641250
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48208}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: I9c175d47e2ee4b11a36ed90421202f2354610398
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225
Reviewed-on: https://chromium-review.googlesource.com/690080Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48210}

In addition to using the {Dead} node to prune dead control nodes and nodes that 
depend on them, we introduce a {DeadValue} node representing an impossible value 
that can occur at any position in the graph. The extended {DeadCodeElimination}
prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
the effect chain when possible. The remaining uses of {DeadValue} are handled
in {EffectControlLinearizer}, where we always have access to the effect chain.
In addition to explicitly introduced {DeadValue} nodes, we consider any value use
of a node with type {None} as dead.

Bug: chromium:741225
Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
Reviewed-on: https://chromium-review.googlesource.com/641250
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48208}

Bug: v8:5267
Change-Id: Ib103fbc3cabaac191dde817724308b19361c443b
Reviewed-on: https://chromium-review.googlesource.com/640385Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47670}

Bug: v8:5267
Change-Id: I0a94b1c2df3d5d0871e36c0f688a5d7d88179a09
Reviewed-on: https://chromium-review.googlesource.com/640370
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47660}

The new node behave the same as its counterpart, CallCFunction, with the
additional saving and restoring caller saved registers before and after
the function call.

Bug: chromium:749486
Change-Id: I0a1dfb2e4e55f7720541a00e6d16fd20220f39ed
Reviewed-on: https://chromium-review.googlesource.com/620709
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47479}

Now that we are writing more complex code in the effect control
linearizer, it can be helpful to stop in certain cases during
development / debugging.

Bug: 
Change-Id: Ibeafe807c43e092534509d4d9c3f84f9c20525a5
Reviewed-on: https://chromium-review.googlesource.com/584749Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46869}

Review-Url: https://codereview.chromium.org/2602413002
Cr-Commit-Position: refs/heads/master@{#42041}