[heap] Fix race when setting aborted compaction flag

When compaction is aborted we used to remember this in a data structure
and in a flag on the page that was set by the compacting thread.

Setting the flag races with other threads recording old-to-old slots and
thus checking the page's flags.

Since we already record the page in a data structure, we can delay
setting the flag on the page until post processing aborted compaction
pages right after the evacuation phase.

Bug: v8:7125
Change-Id: I20d109f0f69cf8eab90ed355c113abc6a2f606da
Reviewed-on: https://chromium-review.googlesource.com/789931Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49625}

src/heap/mark-compact.cc

@@ -4401,7 +4401,6 @@ void MarkCompactCollector::ReportAbortedEvacuationCandidate(
     HeapObject* failed_object, Page* page) {
   base::LockGuard<base::Mutex> guard(&mutex_);
 
-  page->SetFlag(Page::COMPACTION_WAS_ABORTED);
   aborted_evacuation_candidates_.push_back(std::make_pair(failed_object, page));
 }
 
@@ -4409,7 +4408,7 @@ void MarkCompactCollector::PostProcessEvacuationCandidates() {
   for (auto object_and_page : aborted_evacuation_candidates_) {
     HeapObject* failed_object = object_and_page.first;
     Page* page = object_and_page.second;
-    DCHECK(page->IsFlagSet(Page::COMPACTION_WAS_ABORTED));
+    page->SetFlag(Page::COMPACTION_WAS_ABORTED);
     // Aborted compaction page. We have to record slots here, since we
     // might not have recorded them in first place.