With this fix, we only create the enum cache for own property descriptors (originally we cached all descriptors in the map). The problem was that the size of all descriptors could be trimmed during GC triggered by allocating the storage for the cache, so we could have ended up with a wrong storage size.
This is really Toon's fix, I have only created a small repro case.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/
212673011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@20308
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
projects / platform / upstream / v8.git / commit