Fix prototype chain traversing (#4458)

After the introduction of the Proxy builtin object there was
a possibility to traverse the prototype chain with an invalid object.
The prototype was freed before it's data/properties were queried resulting
in accessing invalid information.

By forcing the allocator to always do a gc (`--mem-stres-test=on` build option)
it was possible to trigger the issue without complicated tests.

New internal method:
* `ecma_op_object_get_prototype_of` which always returns the prototype
  of an object and the return value must be freed (if it is valid).

Updated prototype chain traversing in:
* `jerry_object_get_property_names`
* `ecma_builtin_object_prototype_lookup_getter_setter`
* `ecma_op_function_has_instance`
* `ecma_op_function_get_super_constructor`
* `ecma_op_object_is_prototype_of`
* `ecma_op_object_enumerate`

Removed method `ecma_proxy_object_prototype_to_cp`

JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com

jerry-core/ecma/operations/ecma-proxy-object.c

@@ -228,31 +228,6 @@ ecma_proxy_object_find (ecma_object_t *obj_p, /**< proxy object */
   return ecma_proxy_object_get (obj_p, prop_name_p, ecma_make_object_value (obj_p));
 } /* ecma_proxy_object_find */
 
-/**
- * Convert the result of the ecma_proxy_object_get_prototype_of to compressed pointer
- *
- * Note: if `proto` is non-null, the reference from the object is released
- *
- * @return compressed pointer to the `proto` value
- */
-jmem_cpointer_t
-ecma_proxy_object_prototype_to_cp (ecma_value_t proto) /**< ECMA_VALUE_NULL or object */
-{
-  JERRY_ASSERT (ecma_is_value_null (proto) || ecma_is_value_object (proto));
-
-  if (ecma_is_value_null (proto))
-  {
-    return JMEM_CP_NULL;
-  }
-
-  jmem_cpointer_t proto_cp;
-  ecma_object_t *proto_obj_p = ecma_get_object_from_value (proto);
-  ECMA_SET_POINTER (proto_cp, proto_obj_p);
-  ecma_deref_object (proto_obj_p);
-
-  return proto_cp;
-} /* ecma_proxy_object_prototype_to_cp */
-
 /**
  * Helper method for validate the proxy object
  *