350884: KeyedStoreIC miss didn't handle a transitioning case.
It's possible to get a transitioned map with no links to the origin
map if it's a shared map. Code in KeyedStoreIC::StoreElementStub
assumes it can check if two maps are in the same family by
traversing the transition array. Long term, the "family" relationship
should be recognized with the Normalized Map Cache. For now, allow
the IC to remain monomorphic in this case if the receiver map and
the previous receiver map are the same.
Filed V8 issue 3210 (https://code.google.com/p/v8/issues/detail?id=3210)
to track the issue with the Normalized Map Cache.
BUG=350884
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/
194623005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19847
ce2b1a6d-e550-0410-aec6-
3dcde31c8c00
projects / platform / upstream / v8.git / commit