Allocate generator result objects before unwinding try handlers

Allocate generator result objects before unwinding try handlers

When a generator suspends, it saves its state out to the heap and
unwinds try handlers but doesn't pop anything off the stack.  Instead it
relies on no GC happening between the suspend and the return from the
generator.  However this was not the case: boxing the result object
could cause GC, which would try to traverse the stack but would
misinterpret words from unwound try handlers as heap objects.

This CL changes to allocate the result objects before the suspend.  It
also removes the generators-iteration skip introduced in r15065.

R=mstarzinger@chromium.org
TEST=mjsunit/harmony/generators-iteration
BUG=

Committed: http://code.google.com/p/v8/source/detail?r=15079

[Michael Starzinger, 2013-06-12 10:47:56]

Lookgin good already, just one comment.

https://codereview.chromium.org/16801006/diff/1/src/ia32/full-codegen-ia32.cc
File src/ia32/full-codegen-ia32.cc (right):

https://codereview.chromium.org/16801006/diff/1/src/ia32/full-codegen-ia32.cc...
src/ia32/full-codegen-ia32.cc:1955: if (expr->yield_kind() == Yield::SUSPEND) {
This can be modeled by flipping the two cases above, moving the additional steps
for Yield::SUSPEND up and letting it fall-through to Yield::INITIAL. I think
that would be easier to read. Same applies to other architectures.

[Michael Starzinger, 2013-06-12 10:58:52]

LGTM.

[wingo, 2013-06-12 11:03:02]

Committed patchset #2 manually as r15079 (presubmit successful).