SpiderMonkey's GC may crash if chipmunk's collision handler isn't removed

[pandamicro]

Take ChipmunkCollisionTest test case in ChipmunkTest.js as an example

this.space.addCollisionHandler( 1, 2,
    this.collisionBegin.bind(this),
    this.collisionPre.bind(this),
    this.collisionPost.bind(this),
    this.collisionSeparate.bind(this)
);

In this test we added object's internal functions as collision handlers, and these handlers will be added to root in JSB to avoid being released.

Normally handlers should be removed automatically from root when the space getting released. But in this particular case:

1. Object(this) hold a ref to space
2. Object(this) hold refs to handlers
3. Root hold refs to handlers

If we don't remove the collision handler explicitly in the code. Then the object can't get released because its handlers are held by root and cannot be released. Then space won't get released, and handlers won't be removed from root. At last GC will crash at the point when it try to release the object.

The ordinary state should be :

1. Object(this) hold a ref to space
2. Object(this) hold refs to handlers
3. Space hold refs to handlers

This issue is related to JSB basic implementation principles and user's code structure. Avoid using Root should be able to improve the use experience

[pandamicro]

This issue can also be avoided by always removing the handler explicitly