Fixed unsafe code where a GC could occour after a Handle had been deferenced.

  instances->set(i, *GetScriptWrapper(script));

GetScriptWrapper can call GC. The failure have only been seen on ARM, where
the g++ compiler pulls out the object from the instances handle to a register
before calling GetScriptWrapper causing set to be called on an object which
may have moved.

Marked a test on ARM as no longer flaky, whereas two other fails consistently
but that is no longer related to the problem fixed above.

BUG=1308895
Review URL: http://codereview.chromium.org/6271

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/runtime.cc

@@ -4697,8 +4697,14 @@ static Object* Runtime_DebugGetLoadedScripts(Arguments args) {
 
   // Convert the script objects to proper JS objects.
   for (int i = 0; i < count; i++) {
-    Handle<Script> script(Script::cast(instances->get(i)));
-    instances->set(i, *GetScriptWrapper(script));
+    Handle<Script> script = Handle<Script>(Script::cast(instances->get(i)));
+    // Get the script wrapper in a local handle before calling GetScriptWrapper,
+    // because using
+    //   instances->set(i, *GetScriptWr apper(script))
+    // is unsafe as GetScriptWrapper might call GC and the C++ compiler might
+    // already have deferenced the instances handle. 
+    Handle<JSValue> wrapper = GetScriptWrapper(script);
+    instances->set(i, *wrapper);
   }
 
   // Return result as a JS array.

test/mjsunit/mjsunit.status

@@ -57,11 +57,7 @@ debug-setbreakpoint: FAIL
 debug-step-stub-callfunction: FAIL
 debug-stepin-constructor: FAIL
 debug-step: FAIL
-regress/regress-998565: FAIL
-
-# Bug number 1308895: These tests pass on the ARM simulator, but
-# fail on the ARM Linux machine.
-debug-script-breakpoints: PASS || FAIL
-debug-scripts-request: PASS || FAIL
+debug-script-breakpoints: FAIL
 debug-breakpoints: PASS || FAIL
 
+regress/regress-998565: FAIL