[compiler] Properly guard the speculative optimizations for instanceof.

src/code-stub-assembler.cc

Index: src/code-stub-assembler.cc
diff --git a/src/code-stub-assembler.cc b/src/code-stub-assembler.cc
index 4e1c4a44f701bc3e879f1788334428e5a578402d..18b4e5ff83968d9f80ff6808e0ea4f09943fa501 100644
--- a/src/code-stub-assembler.cc
+++ b/src/code-stub-assembler.cc
@@ -3886,7 +3886,8 @@ void CodeStubAssembler::TryPrototypeChainLookup(
 }
 
 Node* CodeStubAssembler::OrdinaryHasInstance(Node* context, Node* callable,
-                                             Node* object) {
+                                             Node* object,
+                                             VectorSlotPair feedback) {
   Variable var_result(this, MachineRepresentation::kTagged);
   Label return_false(this), return_true(this),
       return_runtime(this, Label::kDeferred), return_result(this);
@@ -4011,6 +4012,17 @@ Node* CodeStubAssembler::OrdinaryHasInstance(Node* context, Node* callable,
   {
     // Invalidate the global instanceof cache.
     StoreRoot(Heap::kInstanceofCacheFunctionRootIndex, SmiConstant(0));
+
+    // Record megamorphic {feedback} if requested; we use this feedback to
+    // guard a bunch of speculative optimizations in TurboFand (and Crankshaft)
+    // that just deoptimize in case of funny inputs to instanceof.
+    if (feedback.IsValid()) {
+      Node* megamorphic_sentinel =
+          HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate()));
+      StoreFixedArrayElement(feedback.vector(), feedback.index(),
+                             megamorphic_sentinel, SKIP_WRITE_BARRIER);
+    }
+
     // Fallback to the runtime implementation.
     var_result.Bind(
         CallRuntime(Runtime::kOrdinaryHasInstance, context, callable, object));