[heap] JSFunction::context always points to valid context.

This removes an overly complex predicate from the IsFlushable check
within the marking visitor. By now all JSFunction objects reference a
valid Context object, also builtin functions can be recognized without
looking at the JSFunction object.

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1482363002

Cr-Commit-Position: refs/heads/master@{#32412}

src/heap/objects-visiting-inl.h

@@ -603,11 +603,6 @@ void StaticMarkingVisitor<StaticVisitor>::MarkInlinedFunctionsCode(Heap* heap,
 }
 
 
-inline static bool HasValidNonBuiltinContext(JSFunction* function) {
-  return function->context()->IsContext() && !function->shared()->IsBuiltin();
-}
-
-
 inline static bool HasSourceCode(Heap* heap, SharedFunctionInfo* info) {
   Object* undefined = heap->undefined_value();
   return (info->script() != undefined) &&
@@ -627,11 +622,6 @@ bool StaticMarkingVisitor<StaticVisitor>::IsFlushable(Heap* heap,
     return false;
   }
 
-  // The function must have a valid context and not be a builtin.
-  if (!HasValidNonBuiltinContext(function)) {
-    return false;
-  }
-
   // We do not (yet) flush code for optimized functions.
   if (function->code() != shared_info->code()) {
     return false;
@@ -689,6 +679,11 @@ bool StaticMarkingVisitor<StaticVisitor>::IsFlushable(
     return false;
   }
 
+  // The function must not be a builtin.
+  if (shared_info->IsBuiltin()) {
+    return false;
+  }
+
   // If this is a function initialized with %SetCode then the one-to-one
   // relation between SharedFunctionInfo and Code is broken.
   if (shared_info->dont_flush()) {