Accessing a Widened Property Key Doesn't Snapshot or Havoc

[sebmarkbage]

  var n = __abstract('number', '(2)');
  var i = 0;
  var obj = {0:'a', 1:'b', 2:'c'};
  __makePartial(obj);
  __makeSimple(obj);
  do {
    result = obj['' + i];
    i++;
  } while (i < n);
  obj[0] = 'X';
  obj[1] = 'Y';
  obj[2] = 'Z';

->

 var _$8 = this;

  var __empty = {};
  var _$0 = 0;
  var _9 = _$8;

  do {
    var _5 = "" + _$0;

    var _$1 = {
      0: "X",
      1: "Y",
      2: "Z"
    }[_5];
    result = _$1;
    var _$2 = _$1;
    _9.result = _$2;

    var _C = _$0 + 1;

    var _$3 = _C;
    _$0 = _$3;
    var _G = 2;

    var _F = _$0 < _G;

    var _$4 = _F;
  } while (_$4);

This yields a temporal property access in the loop, but if the object is mutated after then that property access is not valid since the serialized state is different than it was at the time of the access. It needs to access a snapshot or havoc the object.

[sebmarkbage]

Another detail is that the object gets inlined in the generator so it gets created every iteration.