[Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.

[Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.

We did not smi-check the spread argument here, meaning we tried to take the map
of a smi, resulting in segfaults which clusterfuzz found.

Also added tests that exercise this path.

BUG=685086
Review-Url: https://codereview.chromium.org/2655013002
Cr-Commit-Position: refs/heads/master@{#42657}
Committed: https://chromium.googlesource.com/v8/v8/+/bf782ec5124ff26d15a2bd413a4186ba20561e6d

[petermarshall, 2017-01-25 12:41:45]

The CQ bit was checked by petermarshall@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-25 12:41:51]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[petermarshall, 2017-01-25 12:44:28]

Description was changed from

==========
[Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.

BUG=685086
==========

to

==========
[Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.

We did not smi-check the spread argument here, meaning we tried to take the map
of a smi, resulting in segfaults which clusterfuzz found.

Also added tests that exercise this path.

BUG=685086
==========

[petermarshall, 2017-01-25 12:45:27]

petermarshall@chromium.org changed reviewers:
+ bmeurer@chromium.org

[petermarshall, 2017-01-25 12:45:27]

PTAL =]

[Benedikt Meurer, 2017-01-25 12:51:28]

LGTM

[commit-bot: I haz the power, 2017-01-25 12:55:41]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-25 12:55:42]

Dry run: Try jobs failed on following builders:
  v8_win_nosnap_shared_rel_ng on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_win_nosnap_shared_rel_ng...)
  v8_win_nosnap_shared_rel_ng_triggered on master.tryserver.v8 (JOB_FAILED,
http://build.chromium.org/p/tryserver.v8/builders/v8_win_nosnap_shared_rel_ng...)

[petermarshall, 2017-01-25 13:01:48]

The CQ bit was checked by petermarshall@chromium.org

[petermarshall, 2017-01-25 13:01:48]

The patchset sent to the CQ was uploaded after l-g-t-m from bmeurer@chromium.org
Link to the patchset: https://codereview.chromium.org/2655013002/#ps20001
(title: "Put a try/catch in the regression test so it doesn't fail")

[commit-bot: I haz the power, 2017-01-25 13:01:52]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-25 13:55:58]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1485349308070860,
"parent_rev": "6053f4a331ac7700cd63eb35e3ba2afb0b51930f", "commit_rev":
"bf782ec5124ff26d15a2bd413a4186ba20561e6d"}

[commit-bot: I haz the power, 2017-01-25 13:56:07]

Description was changed from

==========
[Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.

We did not smi-check the spread argument here, meaning we tried to take the map
of a smi, resulting in segfaults which clusterfuzz found.

Also added tests that exercise this path.

BUG=685086
==========

to

==========
[Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.

We did not smi-check the spread argument here, meaning we tried to take the map
of a smi, resulting in segfaults which clusterfuzz found.

Also added tests that exercise this path.

BUG=685086

Review-Url: https://codereview.chromium.org/2655013002
Cr-Commit-Position: refs/heads/master@{#42657}
Committed:
https://chromium.googlesource.com/v8/v8/+/bf782ec5124ff26d15a2bd413a4186ba205...
==========

[commit-bot: I haz the power, 2017-01-25 13:56:08]

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/v8/v8/+/bf782ec5124ff26d15a2bd413a4186ba205...