[compiler] Make sure to use the same DescriptorArray in LookupTransition

Call synchronized_instance_descriptors only once in LookupTransition to
make sure we have the same DescriptorArray in the method.

Bug: v8:7790
Change-Id: Ie2a610d9c1229f7f467f56365498b89f078d6347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278043
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68648}

src/compiler/access-info.cc

@@ -777,8 +777,9 @@ PropertyAccessInfo AccessInfoFactory::LookupTransition(
 
   Handle<Map> transition_map(transition, isolate());
   InternalIndex const number = transition_map->LastAdded();
-  PropertyDetails const details =
-      transition_map->synchronized_instance_descriptors().GetDetails(number);
+  Handle<DescriptorArray> descriptors(
+      transition_map->synchronized_instance_descriptors(), isolate());
+  PropertyDetails const details = descriptors->GetDetails(number);
   // Don't bother optimizing stores to read-only properties.
   if (details.IsReadOnly()) {
     return PropertyAccessInfo::Invalid(zone());
@@ -812,10 +813,8 @@ PropertyAccessInfo AccessInfoFactory::LookupTransition(
   } else if (details_representation.IsHeapObject()) {
     // Extract the field type from the property details (make sure its
     // representation is TaggedPointer to reflect the heap object case).
-    Handle<FieldType> descriptors_field_type(
-        transition_map->synchronized_instance_descriptors().GetFieldType(
-            number),
-        isolate());
+    Handle<FieldType> descriptors_field_type(descriptors->GetFieldType(number),
+                                             isolate());
     if (descriptors_field_type->IsNone()) {
       // Store is not safe if the field type was cleared.
       return PropertyAccessInfo::Invalid(zone());