[stubs] Add a test for canary crashes in SubStringStub

[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967
Committed: https://crrev.com/0ce95e0878f89b53029f39ad22e90d9413d9005f
Cr-Commit-Position: refs/heads/master@{#39772}

[jgruber, 2016-09-27 12:30:10]

The CQ bit was checked by jgruber@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-27 12:30:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-27 12:54:42]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-27 12:54:43]

Dry run: This issue passed the CQ dry run.

[jgruber, 2016-09-27 12:59:28]

jgruber@chromium.org changed reviewers:
+ jarin@chromium.org

[jgruber, 2016-09-27 13:41:41]

Description was changed from

==========
[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967
==========

to

==========
[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967
==========

[Jarin, 2016-09-27 13:41:49]

lgtm

[jgruber, 2016-09-27 13:47:52]

The CQ bit was checked by jgruber@chromium.org

[commit-bot: I haz the power, 2016-09-27 13:48:01]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-27 13:53:05]

Description was changed from

==========
[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967
==========

to

==========
[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967
==========

[commit-bot: I haz the power, 2016-09-27 13:53:06]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-09-27 13:53:20]

Description was changed from

==========
[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967
==========

to

==========
[stubs] Add a test for canary crashes in SubStringStub

These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967

Committed: https://crrev.com/0ce95e0878f89b53029f39ad22e90d9413d9005f
Cr-Commit-Position: refs/heads/master@{#39772}
==========

[commit-bot: I haz the power, 2016-09-27 13:53:21]

Patchset 1 (id:??) landed as
https://crrev.com/0ce95e0878f89b53029f39ad22e90d9413d9005f
Cr-Commit-Position: refs/heads/master@{#39772}