Fixing failure on GC stress.

This bug was introduced by the CL
https://chromium-review.googlesource.com/c/586707

With these changes we make sure that the object being deoptimized 
does not point to code objects that have been already collected. 
The CL https://chromium-review.googlesource.com/c/596027 did not
fix this problem because we were only invalidating embedded objects
reachable from the stack, however it is possible that there are some 
dangling references in objects not on the stack. Thus we consider 
all the optimized code objects that are marked for deoptimization.

Bug: v8:751825
Change-Id: I3a6410c2bf556fa254c54a25e1f49d7356b9e51d
Reviewed-on: https://chromium-review.googlesource.com/601967
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47163}

src/deoptimizer.cc

@@ -315,6 +315,8 @@ void Deoptimizer::DeoptimizeMarkedCodeForContext(Context* context) {
     Object* next = code->next_code_link();
 
     if (code->marked_for_deoptimization()) {
+      // Make sure that this object does not point to any garbage.
+      code->InvalidateEmbeddedObjects();
       if (prev != NULL) {
         // Skip this code in the optimized code list.
         prev->set_next_code_link(next);
@@ -349,9 +351,6 @@ void Deoptimizer::DeoptimizeMarkedCodeForContext(Context* context) {
                        safe_to_deopt_topmost_optimized_code);
         // Replace the current pc on the stack with the trampoline.
         it.frame()->set_pc(code->instruction_start() + trampoline_pc);
-
-        // Make sure that this object does not point to any garbage.
-        code->InvalidateEmbeddedObjects();
       }
     }
   }