Revert of Reland [heap] Avoid the use of cells to point from code to new-space objects.

Revert of Reland [heap] Avoid the use of cells to point from code to new-space objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )

Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#

I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js  test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Committed: https://crrev.com/25d59e9d48b83202962cd1932606ede39b782ce8
Cr-Commit-Position: refs/heads/master@{#37221}

[vogelheim, 2016-06-23 16:02:09]

The CQ bit was checked by vogelheim@chromium.org

[vogelheim, 2016-06-23 16:02:10]

Created Revert of Reland [heap] Avoid the use of cells to point from code to
new-space objects.

[commit-bot: I haz the power, 2016-06-23 16:02:17]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2090983002/1

[commit-bot: I haz the power, 2016-06-23 16:02:43]

Description was changed from

==========
Revert of Reland [heap] Avoid the use of cells to point from code to new-space
objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )

Reason for revert:
This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Str...

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed:
Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address())
->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#


I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort
--nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code
--verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js
 test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500
--stress-compaction --concurrent-recompilation-queue-length=64
--concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
> 
> The reason for reverting was: [Sheriff] Breaks arm debug:
>
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20....
> 
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
> 
> Additionally some rebasing was necessary.
> 
> Original issue's description:
> 
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
> 
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
> 
> R=mlippautz@chromium.org
> 
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
==========

to

==========
Revert of Reland [heap] Avoid the use of cells to point from code to new-space
objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )

Reason for revert:
This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Str...

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed:
Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address())
->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#


I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort
--nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code
--verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js
 test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500
--stress-compaction --concurrent-recompilation-queue-length=64
--concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
> 
> The reason for reverting was: [Sheriff] Breaks arm debug:
>
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20....
> 
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
> 
> Additionally some rebasing was necessary.
> 
> Original issue's description:
> 
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
> 
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
> 
> R=mlippautz@chromium.org
> 
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
==========

[commit-bot: I haz the power, 2016-06-23 16:02:44]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-06-23 16:07:16]

Description was changed from

==========
Revert of Reland [heap] Avoid the use of cells to point from code to new-space
objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )

Reason for revert:
This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Str...

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed:
Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address())
->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#


I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort
--nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code
--verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js
 test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500
--stress-compaction --concurrent-recompilation-queue-length=64
--concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
> 
> The reason for reverting was: [Sheriff] Breaks arm debug:
>
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20....
> 
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
> 
> Additionally some rebasing was necessary.
> 
> Original issue's description:
> 
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
> 
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
> 
> R=mlippautz@chromium.org
> 
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
==========

to

==========
Revert of Reland [heap] Avoid the use of cells to point from code to new-space
objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )

Reason for revert:
This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Str...

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed:
Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address())
->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#

I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort
--nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code
--verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js
 test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500
--stress-compaction --concurrent-recompilation-queue-length=64
--concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
>
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20....
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Committed: https://crrev.com/25d59e9d48b83202962cd1932606ede39b782ce8
Cr-Commit-Position: refs/heads/master@{#37221}
==========

[commit-bot: I haz the power, 2016-06-23 16:07:18]

Patchset 1 (id:??) landed as
https://crrev.com/25d59e9d48b83202962cd1932606ede39b782ce8
Cr-Commit-Position: refs/heads/master@{#37221}