[interpreter] Fix destroyed new.target register use.

[interpreter] Fix destroyed new.target register use.

This fixes a corner-case where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobbered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103
Committed: https://crrev.com/0681deb9142f7845b2d28e062664a0e63c601b68
Cr-Commit-Position: refs/heads/master@{#39306}

[Michael Starzinger, 2016-09-09 11:29:52]

The CQ bit was checked by mstarzinger@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-09 11:29:53]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Michael Starzinger, 2016-09-09 11:39:09]

The CQ bit was checked by mstarzinger@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-09 11:39:18]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Michael Starzinger, 2016-09-09 11:42:47]

Description was changed from

==========
[interpreter] Fix destroyed new.target register use.

This fixes a cornercase where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103
==========

to

==========
[interpreter] Fix destroyed new.target register use.

This fixes a corner-case where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobbered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103
==========

[rmcilroy, 2016-09-09 11:46:05]

lgtm, thanks.

[commit-bot: I haz the power, 2016-09-09 12:07:16]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-09 12:07:17]

Dry run: This issue passed the CQ dry run.

[Michael Starzinger, 2016-09-09 12:18:03]

The CQ bit was checked by mstarzinger@chromium.org

[commit-bot: I haz the power, 2016-09-09 12:18:16]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-09 12:19:55]

Description was changed from

==========
[interpreter] Fix destroyed new.target register use.

This fixes a corner-case where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobbered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103
==========

to

==========
[interpreter] Fix destroyed new.target register use.

This fixes a corner-case where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobbered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103
==========

[commit-bot: I haz the power, 2016-09-09 12:19:56]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-09-09 12:20:26]

Description was changed from

==========
[interpreter] Fix destroyed new.target register use.

This fixes a corner-case where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobbered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103
==========

to

==========
[interpreter] Fix destroyed new.target register use.

This fixes a corner-case where the bytecode was using the <new.target>
register directly without going through the local variable. The value
might be clobbered because the deoptimizer doesn't properly restore the
value. The label will causes bytecode pipeline to be flushed and hence
ensure {BytecodeRegisterOptimizer} doesn't reuse <new.target> anymore.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645103
BUG=chromium:645103

Committed: https://crrev.com/0681deb9142f7845b2d28e062664a0e63c601b68
Cr-Commit-Position: refs/heads/master@{#39306}
==========

[commit-bot: I haz the power, 2016-09-09 12:20:27]

Patchset 2 (id:??) landed as
https://crrev.com/0681deb9142f7845b2d28e062664a0e63c601b68
Cr-Commit-Position: refs/heads/master@{#39306}