Check string length when creating strings to not exceed a maximum,
so we avoid integer overflows when concatenating strings.
The string limit must be small enough that we'll not integer overflow
in one concatenation (A + B + 1 must not overflow while still
exceeding the string limit).
Set the limit to 64KB for now.
If we need 2GB strings then we will have to use double or int64 variables
when calculating string lengths.
Separate literal/interned and garbage collected string types in js_Value.
js_pushintern/js_tointern are convenience functions to push/pop strings and
automatically intern them (so that the string pointers are guaranteed to be
stable).
js_pushliteral should push stable strings (either interned or actual literals).
js_pushstring will copy the string into garbage collected memory.
The pointer returned by js_tostring is guaranteed to be stable only for as long as
the stack slot it came from remains untouched.
Some uses will always cause a string to be interned:
* Using it as a property name.
* Wrapping it in a new String() object.
* Strings returned by toString().
ToPrimitive must not clobber the stack, so the result has to be unrooted.
* Numbers converted to strings (by js_tostring)
Likewise, we have nowhere to store the temporary string here.
Passing in a scratch buffer to js_tostring could help this problem.
Mostly an issue with array accesses (OP_GETPROP, etc) so an auxiliary
function and we don't have to clutter the API needlessly.
