[builtins] Fix pointer comparison in ToString builtin.

[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
Committed: https://crrev.com/79aee39f24d6753ce6fbf36eb09f5fb63614e0d8
Cr-Commit-Position: refs/heads/master@{#40963}

[Michael Starzinger, 2016-11-14 11:54:46]

The CQ bit was checked by mstarzinger@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-14 11:54:50]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Michael Starzinger, 2016-11-14 11:56:42]

Description was changed from

==========
[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparions in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
==========

to

==========
[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
==========

[jgruber1, 2016-11-14 12:10:37]

jgruber@google.com changed reviewers:
+ jgruber@google.com

[jgruber1, 2016-11-14 12:10:37]

lgtm

[commit-bot: I haz the power, 2016-11-14 12:19:09]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-14 12:19:09]

Dry run: This issue passed the CQ dry run.

[Michael Starzinger, 2016-11-14 12:42:07]

The CQ bit was checked by mstarzinger@chromium.org

[commit-bot: I haz the power, 2016-11-14 12:42:20]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-14 12:44:18]

Description was changed from

==========
[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
==========

to

==========
[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
==========

[commit-bot: I haz the power, 2016-11-14 12:44:18]

Committed patchset #1 (id:1)

[Michael Achenbach, 2016-11-14 13:40:07]

machenbach@chromium.org changed reviewers:
+ machenbach@chromium.org

[Michael Achenbach, 2016-11-14 13:40:10]

https://codereview.chromium.org/2496043003/diff/1/test/mjsunit/regress/regres...
File test/mjsunit/regress/regress-crbug-664506.js (right):

https://codereview.chromium.org/2496043003/diff/1/test/mjsunit/regress/regres...
test/mjsunit/regress/regress-crbug-664506.js:5: // Flags: --expose-gc
--predictable --random-seed=-1109634722
Hmm, I think the test suite always overrides random-seed. We'd need a new
feature to use the Flags version if present.

[Michael Starzinger, 2016-11-14 14:50:27]

https://codereview.chromium.org/2496043003/diff/1/test/mjsunit/regress/regres...
File test/mjsunit/regress/regress-crbug-664506.js (right):

https://codereview.chromium.org/2496043003/diff/1/test/mjsunit/regress/regres...
test/mjsunit/regress/regress-crbug-664506.js:5: // Flags: --expose-gc
--predictable --random-seed=-1109634722
On 2016/11/14 13:40:10, machenbach (slow) wrote:
> Hmm, I think the test suite always overrides random-seed. We'd need a new
> feature to use the Flags version if present.

Nope, I don't think that is true. The test suite adds a random-seed flag and
then appends the flag from the comment. That means the fixed random-seed
appearing here appears later in the command line and will win. Also I tried
locally when I wrote this regression test and it reproduces reliably. IMHO we
are fine. WDYT?

[Michael Achenbach, 2016-11-14 15:02:07]

On 2016/11/14 14:50:27, Michael Starzinger wrote:
>
https://codereview.chromium.org/2496043003/diff/1/test/mjsunit/regress/regres...
> File test/mjsunit/regress/regress-crbug-664506.js (right):
> 
>
https://codereview.chromium.org/2496043003/diff/1/test/mjsunit/regress/regres...
> test/mjsunit/regress/regress-crbug-664506.js:5: // Flags: --expose-gc
> --predictable --random-seed=-1109634722
> On 2016/11/14 13:40:10, machenbach (slow) wrote:
> > Hmm, I think the test suite always overrides random-seed. We'd need a new
> > feature to use the Flags version if present.
> 
> Nope, I don't think that is true. The test suite adds a random-seed flag and
> then appends the flag from the comment. That means the fixed random-seed
> appearing here appears later in the command line and will win. Also I tried
> locally when I wrote this regression test and it reproduces reliably. IMHO we
> are fine. WDYT?

Right. All good then!

[commit-bot: I haz the power, 2016-11-17 22:32:30]

Description was changed from

==========
[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506
==========

to

==========
[builtins] Fix pointer comparison in ToString builtin.

This fixes the bogus {Word32Equal} comparison in the ToString builtin
implementing Object.prototype.toString to be a pointer-size {WordEqual}
comparison instead. Comparing just the lower half-word is insufficient
on 64-bit architectures.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-crbug-664506
BUG=chromium:664506

Committed: https://crrev.com/79aee39f24d6753ce6fbf36eb09f5fb63614e0d8
Cr-Commit-Position: refs/heads/master@{#40963}
==========

[commit-bot: I haz the power, 2016-11-17 22:32:31]

Patchset 1 (id:??) landed as
https://crrev.com/79aee39f24d6753ce6fbf36eb09f5fb63614e0d8
Cr-Commit-Position: refs/heads/master@{#40963}