Reland r22460 - "Bootstrapper::DetachGlobal also need to unset g..."

| DetachGlobal detaches original context of a global proxy object.
|
| Before this patch, the constructor JSFunction still carried a
| reference to the old context after |Bootstrapper::DetachGlobal|
| call.
| This patch removes the reference by setting the constructor
| null.
|
| Review URL: https://codereview.chromium.org/397953009

TEST=http/tests/security/isolatedWorld w/ --enable-leak-detection
LOG=N
BUG=364377
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/424703002

Patch from Kouhei Ueno <kouhei@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/bootstrapper.cc

@@ -355,6 +355,7 @@ void Bootstrapper::DetachGlobal(Handle<Context> env) {
   Handle<JSGlobalProxy> global_proxy(JSGlobalProxy::cast(env->global_proxy()));
   global_proxy->set_native_context(*factory->null_value());
   SetObjectPrototype(global_proxy, factory->null_value());
+  global_proxy->map()->set_constructor(*factory->null_value());
 }