| Index: src/objects.cc
|
| diff --git a/src/objects.cc b/src/objects.cc
|
| index 1974a5de607c01df32f3fe85e3a024092389c313..aa59047927fa2ec6e8ef15694acfb5425d068086 100644
|
| --- a/src/objects.cc
|
| +++ b/src/objects.cc
|
| @@ -1806,6 +1806,9 @@ MaybeObject* JSObject::ConvertTransitionToMapTransition(
|
| Map* map;
|
| DescriptorArray* new_descriptors = new_map->instance_descriptors();
|
| DescriptorArray* old_descriptors = old_map->instance_descriptors();
|
| + if (old_descriptors->HasEnumCache()) {
|
| + new_descriptors->CopyEnumCacheFrom(old_descriptors);
|
| + }
|
| for (Object* current = old_map;
|
| !current->IsUndefined();
|
| current = map->GetBackPointer()) {
|
| @@ -1813,8 +1816,6 @@ MaybeObject* JSObject::ConvertTransitionToMapTransition(
|
| if (!map->HasTransitionArray()) break;
|
| TransitionArray* transitions = map->transitions();
|
| if (transitions->descriptors() != old_descriptors) break;
|
| - // Invalidate the enum caches only if the map did not own its descriptors.
|
| - if (!owned_descriptors) map->SetEnumLength(Map::kInvalidEnumCache);
|
| transitions->set_descriptors(new_descriptors);
|
| }
|
| old_map->set_owns_descriptors(false);
|
|
|
Chromium Code Reviews
Issue 11103036:
Don't clear EnumLength but rather copy the enum cache. Added regression test for crashes from chrom… (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge