Fix deoptimization address patching in Turbofan to use safepoints.

Fix deoptimization address patching in Turbofan to use safepoints.

Since the deopt patch address needs to be available during GC to
resolve safepoints, we need to move it to the code object (instead of
the deoptimization input data) - accessing a separate fixed array
is not safe during GC. This CL adds a deoptimization_pc field to
each safepoint. The fields points to the deoptimization block.

The CL also fixes wrong register allocator constraints for
frame states on calls. These should always live on the stack
because registers are not preserved during a call.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/504493002

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23334 ce2b1a6d-e550-0410-aec6-3dcde31c8c00