[runtime] Compare against masked_hash while creating identity hash

A random hash could potential have top 10 bits be non zero which would
pass the hash != PropertyArray::kNoHashSentinel test but fail the
masked_hash != PropertyArray::kNoHashSentinel.


Bug: v8:6404, chromium:757750
Change-Id: Iade531fefc75dd76bd7a89b377d17e59532087d8
Reviewed-on: https://chromium-review.googlesource.com/627380Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47528}

src/objects.cc

@@ -6349,12 +6349,14 @@ Smi* JSObject::GetOrCreateIdentityHash(Isolate* isolate) {
     return Smi::cast(hash_obj);
   }
 
-  int hash;
+  int masked_hash;
+  // TODO(gsathya): Remove the loop and pass kHashMask directly to
+  // GenerateIdentityHash.
   do {
-    hash = isolate->GenerateIdentityHash(Smi::kMaxValue);
-  } while (hash == PropertyArray::kNoHashSentinel);
+    int hash = isolate->GenerateIdentityHash(Smi::kMaxValue);
+    masked_hash = hash & JSReceiver::kHashMask;
+  } while (masked_hash == PropertyArray::kNoHashSentinel);
 
-  int masked_hash = hash & JSReceiver::kHashMask;
   SetIdentityHash(masked_hash);
   return Smi::FromInt(masked_hash);
 }