[runtime] Force internalize names used before lookup in in DescriptorArray and TransitionArray

src/lookup.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/lookup.h"
 
 #include "src/bootstrapper.h"
 #include "src/deoptimizer.h"
 #include "src/elements.h"
 #include "src/field-type.h"
@@ skipping 20 matching lines @@
   if (!*success) {
     DCHECK(isolate->has_pending_exception());
     // Return an unusable dummy.
     return LookupIterator(receiver, isolate->factory()->empty_string());
   }
 
   if (name->AsArrayIndex(&index)) {
     LookupIterator it(isolate, receiver, index, configuration);
     // Here we try to avoid having to rebuild the string later
     // by storing it on the indexed LookupIterator.
-    it.name_ = name;
+    it.name_ = isolate->factory()->InternalizeName(name);
     return it;
   }
 
   return LookupIterator(receiver, name, configuration);
 }
 
 
 void LookupIterator::Next() {
   DCHECK_NE(JSPROXY, state_);
   DCHECK_NE(TRANSITION, state_);
@@ skipping 180 matching lines @@
   DCHECK_NE(INTEGER_INDEXED_EXOTIC, state_);
   DCHECK(state_ == NOT_FOUND || !HolderIsReceiverOrHiddenPrototype());
 
   Handle<Map> map(receiver->map(), isolate_);
 
   // Dictionary maps can always have additional data properties.
   if (map->is_dictionary_map()) {
     state_ = TRANSITION;
     if (map->IsJSGlobalObjectMap()) {
       // Install a property cell.
-      InternalizeName();
       auto cell = JSGlobalObject::EnsurePropertyCell(
           Handle<JSGlobalObject>::cast(receiver), name());
       DCHECK(cell->value()->IsTheHole());
       transition_ = cell;
     } else {
       transition_ = map;
     }
     return;
   }
 
@@ skipping 274 matching lines @@
     NameDictionary* property_dictionary = holder->property_dictionary();
     property_dictionary->ValueAtPut(dictionary_entry(), *value);
   } else if (property_details_.type() == v8::internal::DATA) {
     JSObject::cast(*holder)->WriteToField(descriptor_number(), *value);
   } else {
     DCHECK_EQ(v8::internal::DATA_CONSTANT, property_details_.type());
   }
 }
 
 
-void LookupIterator::InternalizeName() {
-  if (name_->IsUniqueName()) return;
-  name_ = factory()->InternalizeString(Handle<String>::cast(name_));
-}
-
-
 bool LookupIterator::HasInterceptor(Map* map) const {
   if (IsElement()) return map->has_indexed_interceptor();
   return map->has_named_interceptor();
 }
 
 
 bool LookupIterator::SkipInterceptor(JSObject* holder) {
   auto info = GetInterceptor(holder);
   // TODO(dcarney): check for symbol/can_intercept_symbols here as well.
   if (info->non_masking()) {
@@ skipping 128 matching lines @@
     // Fall through.
     default:
       return NOT_FOUND;
   }
   UNREACHABLE();
   return state_;
 }
 
 }  // namespace internal
 }  // namespace v8