[heap] Fix verification of unsafe object layout changes.

[heap] Fix verification of unsafe object layout changes.

This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.

All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.

BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2885883004
Cr-Commit-Position: refs/heads/master@{#45403}
Committed: https://chromium.googlesource.com/v8/v8/+/6b5e4439724c08ddc5537956be5b46df3ebd327c

[ulan, 2017-05-17 16:57:51]

Description was changed from

==========
[heap] Fix verification of unsafe object layout changes.

BUG=chromium:694255
==========

to

==========
[heap] Fix verification of unsafe object layout changes.

This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.

All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.

BUG=chromium:694255
==========

[ulan, 2017-05-17 16:58:08]

ulan@chromium.org changed reviewers:
+ mlippautz@chromium.org

[ulan, 2017-05-17 16:58:08]

ptal

[Michael Lippautz, 2017-05-18 11:42:48]

lgtm

[ulan, 2017-05-18 18:38:19]

The CQ bit was checked by ulan@chromium.org

[commit-bot: I haz the power, 2017-05-18 18:38:25]

CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-05-18 19:24:23]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1495132699825050,
"parent_rev": "f4da43618c18c0c0f6b3a4b488f822f8d40b04ab", "commit_rev":
"6b5e4439724c08ddc5537956be5b46df3ebd327c"}

[commit-bot: I haz the power, 2017-05-18 19:24:32]

Description was changed from

==========
[heap] Fix verification of unsafe object layout changes.

This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.

All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.

BUG=chromium:694255
==========

to

==========
[heap] Fix verification of unsafe object layout changes.

This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.

All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2885883004
Cr-Commit-Position: refs/heads/master@{#45403}
Committed:
https://chromium.googlesource.com/v8/v8/+/6b5e4439724c08ddc5537956be5b46df3eb...
==========

[commit-bot: I haz the power, 2017-05-18 19:24:33]

Committed patchset #3 (id:40001) as
https://chromium.googlesource.com/v8/v8/+/6b5e4439724c08ddc5537956be5b46df3eb...