Yet another regression from
https://chromium.googlesource.com/v8/v8/+/3c4bc27f132b6221836e702684cdb4a3e0d009c0

Should we revert this since it seems have regressed a lot of stuff.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4651f644aba04bd82eb0f04070df72c6e9ba25ba

commit 4651f644aba04bd82eb0f04070df72c6e9ba25ba
Author: Tobias Tebbi <tebbi@chromium.org>
Date: Sat Sep 30 07:41:48 2017

Revert "Reland "[turbofan] eagerly prune None types and deadness from the graph""

This reverts commit 3c4bc27f132b6221836e702684cdb4a3e0d009c0.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=770257

Original change's description:
> Reland "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This is a reland of e1cdda2512d9844e180883902b08ed9b302471c0
> Original change's description:
> > [turbofan] eagerly prune None types and deadness from the graph
> > 
> > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > of a node with type {None} as dead.
> > 
> > Bug: chromium:741225
> > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > Reviewed-on: https://chromium-review.googlesource.com/641250
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48208}
> 
> Bug: chromium:741225
> Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> Reviewed-on: https://chromium-review.googlesource.com/692034
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48232}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: Ied8da411a9c8cbe4ed2e1d3e98a76162c2834c97
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225  chromium:770257 
Reviewed-on: https://chromium-review.googlesource.com/693235
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48246}
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/branch-elimination.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/common-operator.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/common-operator.h
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/dead-code-elimination.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/dead-code-elimination.h
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/effect-control-linearizer.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/instruction-selector.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/instruction-selector.h
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/js-graph.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/js-graph.h
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/memory-optimizer.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/opcodes.h
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/representation-change.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/simplified-lowering.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/typer.cc
[modify] https://crrev.com/4651f644aba04bd82eb0f04070df72c6e9ba25ba/src/compiler/verifier.cc

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 48245:48246.

Detailed report: https://clusterfuzz.com/testcase?key=6015987559432192

Fuzzer: inferno_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Unexpected operator #60:DeadValue @ node #NUMBER in instruction-selector.cc
  v8::internal::compiler::InstructionSelector::VisitNode
  v8::internal::compiler::InstructionSelector::VisitBlock
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48231:48232
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48245:48246

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6015987559432192

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

ClusterFuzz testcase 6015987559432192 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot