[wasm] Avoid js-typed-lowering optimization for wasm Memory objects

[wasm] Avoid js-typed-lowering optimization for wasm Memory objects

If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify these with a flag and avoid optimizations in js-typed-lowering.cc. This is needed becasue buffers associated with memory objects can be grown/detached leading to crashes.

BUG=chromium:717194
Review-Url: https://codereview.chromium.org/2862763002
Cr-Commit-Position: refs/heads/master@{#45105}
Committed: https://chromium.googlesource.com/v8/v8/+/82503e9ba30f38d428431f69a82f885569ac4913

[gdeepti, 2017-05-04 03:03:47]

Description was changed from

==========
[wasm] Avoid js-typed-lowering optimization for wasm Memory objects

If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify
these with a flag and avoid optimizations in js-typed-lowering.cc. This is
needed becasue buffers associated with memory objects can be grown/detached
leading to crashes.

BUG=717194
==========

to

==========
[wasm] Avoid js-typed-lowering optimization for wasm Memory objects

If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify
these with a flag and avoid optimizations in js-typed-lowering.cc. This is
needed becasue buffers associated with memory objects can be grown/detached
leading to crashes.

BUG=chromium:717194
==========

[gdeepti, 2017-05-04 03:06:10]

The CQ bit was checked by gdeepti@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-05-04 03:06:20]

Dry run: CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-05-04 03:36:35]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-05-04 03:36:36]

Dry run: This issue passed the CQ dry run.

[gdeepti, 2017-05-04 05:17:27]

The CQ bit was checked by gdeepti@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-05-04 05:17:49]

Dry run: CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[gdeepti, 2017-05-04 05:24:03]

gdeepti@chromium.org changed reviewers:
+ bmeurer@chromium.org, bradnelson@chromium.org

[Benedikt Meurer, 2017-05-04 05:38:01]

Thanks. LGTM!

[commit-bot: I haz the power, 2017-05-04 05:47:17]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-05-04 05:47:17]

Dry run: This issue passed the CQ dry run.

[bradnelson, 2017-05-04 17:20:19]

The CQ bit was checked by bradnelson@chromium.org

[bradnelson, 2017-05-04 17:20:19]

lgtm

[commit-bot: I haz the power, 2017-05-04 17:20:25]

CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-05-04 17:21:57]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1493918419455130,
"parent_rev": "0cd0fa3b98a06126681f4ce091555a0aa2e35859", "commit_rev":
"82503e9ba30f38d428431f69a82f885569ac4913"}

[commit-bot: I haz the power, 2017-05-04 17:22:03]

Description was changed from

==========
[wasm] Avoid js-typed-lowering optimization for wasm Memory objects

If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify
these with a flag and avoid optimizations in js-typed-lowering.cc. This is
needed becasue buffers associated with memory objects can be grown/detached
leading to crashes.

BUG=chromium:717194
==========

to

==========
[wasm] Avoid js-typed-lowering optimization for wasm Memory objects

If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify
these with a flag and avoid optimizations in js-typed-lowering.cc. This is
needed becasue buffers associated with memory objects can be grown/detached
leading to crashes.

BUG=chromium:717194

Review-Url: https://codereview.chromium.org/2862763002
Cr-Commit-Position: refs/heads/master@{#45105}
Committed:
https://chromium.googlesource.com/v8/v8/+/82503e9ba30f38d428431f69a82f885569a...
==========

[commit-bot: I haz the power, 2017-05-04 17:22:04]

Committed patchset #3 (id:40001) as
https://chromium.googlesource.com/v8/v8/+/82503e9ba30f38d428431f69a82f885569a...