Revert revision 331. The propagation of monomorphic prototype failure...

src/ic.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 43 matching lines @@
   }
   UNREACHABLE();
   return 0;
 }
 
 void IC::TraceIC(const char* type,
                  Handle<String> name,
                  State old_state,
                  Code* new_target) {
   if (FLAG_trace_ic) {
-    State new_state = new_target->ic_state();
+    State new_state = StateFrom(new_target, Heap::undefined_value());
     PrintF("[%s (%c->%c) ", type,
            TransitionMarkFromState(old_state),
            TransitionMarkFromState(new_state));
     name->Print();
     PrintF("]\n");
   }
 }
 #endif
 
 
@@ skipping 45 matching lines @@
   // normally would be.
   Address addr = pc() - Assembler::kTargetAddrToReturnAddrDist;
   // Return the address in the original code. This is the place where
   // the call which has been overwriten by the DebugBreakXXX resides
   // and the place where the inline cache system should look.
   int delta = original_code->instruction_start() - code->instruction_start();
   return addr + delta;
 }
 
 
-IC::State IC::ComputeCacheState(Code* target, Object* receiver,
-                                Object* name, Object** new_target) {
-  // Get the raw state from the target.
-  State target_state = target->ic_state();
+IC::State IC::StateFrom(Code* target, Object* receiver) {
+  IC::State state = target->ic_state();
 
-  // Assume that no new target exists in the cache.
-  *new_target = Heap::undefined_value();
-
-  if (target_state != MONOMORPHIC) return target_state;
-  if (receiver->IsUndefined() || receiver->IsNull()) return target_state;
+  if (state != MONOMORPHIC) return state;
+  if (receiver->IsUndefined() || receiver->IsNull()) return state;
 
   Map* map = GetCodeCacheMapForObject(receiver);
 
   // Decide whether the inline cache failed because of changes to the
   // receiver itself or changes to one of its prototypes.
   //
   // If there are changes to the receiver itself, the map of the
   // receiver will have changed and the current target will not be in
   // the receiver map's code cache.  Therefore, if the current target
   // is in the receiver map's code cache, the inline cache failed due
   // to prototype check failure.
-  int index = -1;
-  Object* code = NULL;
-  if (name->IsString()) {
-    code = map->FindIndexInCodeCache(String::cast(name),
-                                     target->flags(),
-                                     &index);
-  }
-  if (index >= 0 && code == target) {
+  int index = map->IndexInCodeCache(target);
+  if (index >= 0) {
     // For keyed load/store, the most likely cause of cache failure is
     // that the key has changed.  We do not distinguish between
     // prototype and non-prototype failures for keyed access.
     Code::Kind kind = target->kind();
     if (kind == Code::KEYED_LOAD_IC || kind == Code::KEYED_STORE_IC) {
       return MONOMORPHIC;
     }
 
     // Remove the target from the code cache to avoid hitting the same
     // invalid stub again.
     map->RemoveFromCodeCache(index);
 
     return MONOMORPHIC_PROTOTYPE_FAILURE;
   }
 
   // The builtins object is special.  It only changes when JavaScript
   // builtins are loaded lazily.  It is important to keep inline
   // caches for the builtins object monomorphic.  Therefore, if we get
   // an inline cache miss for the builtins object after lazily loading
   // JavaScript builtins, we clear the code cache and return
   // uninitialized as the state to force the inline cache back to
   // monomorphic state.
   if (receiver->IsJSBuiltinsObject()) {
     map->ClearCodeCache();
     return UNINITIALIZED;
   }
 
-  *new_target = code;
   return MONOMORPHIC;
 }
 
 
 RelocMode IC::ComputeMode() {
   Address addr = address();
   Code* code = Code::cast(Heap::FindCodeObject(addr));
   for (RelocIterator it(code, RelocInfo::kCodeTargetMask);
        !it.done(); it.next()) {
     RelocInfo* info = it.rinfo();
@@ skipping 83 matching lines @@
     StackFrameLocator locator;
     JavaScriptFrame* frame = locator.FindJavaScriptFrame(0);
     int index = frame->ComputeExpressionsCount() - (argc + 1);
     frame->SetExpression(index, *target);
   }
 
   return *delegate;
 }
 
 
-Object* CallIC::LoadFunction(Handle<Object> object,
+Object* CallIC::LoadFunction(State state,
+                             Handle<Object> object,
                              Handle<String> name) {
   // If the object is undefined or null it's illegal to try to get any
   // of its properties; throw a TypeError in that case.
   if (object->IsUndefined() || object->IsNull()) {
     return TypeError("non_object_property_call", object, name);
   }
 
   Object* result = Heap::the_hole_value();
 
   // Check if the name is trivially convertible to an index and get
@@ skipping 18 matching lines @@
     // If the object does not have the requested property, check which
     // exception we need to throw.
     if (is_contextual()) {
       return ReferenceError("not_defined", name);
     }
     return TypeError("undefined_method", object, name);
   }
 
   // Lookup is valid: Update inline cache and stub cache.
   if (FLAG_use_ic && lookup.IsLoaded()) {
-    UpdateCaches(&lookup, object, name);
+    UpdateCaches(&lookup, state, object, name);
   }
 
   if (lookup.type() == INTERCEPTOR) {
     // Get the property.
     PropertyAttributes attr;
     result = object->GetProperty(*name, &attr);
     if (result->IsFailure()) return result;
     // If the object does not have the requested property, check which
     // exception we need to throw.
     if (attr == ABSENT) {
@@ skipping 38 matching lines @@
   }
 
   // Try to find a suitable function delegate for the object at hand.
   result = TryCallAsFunction(result);
   return result->IsJSFunction() ?
       result : TypeError("property_not_function", object, name);
 }
 
 
 void CallIC::UpdateCaches(LookupResult* lookup,
+                          State state,
                           Handle<Object> object,
                           Handle<String> name) {
   ASSERT(lookup->IsLoaded());
   // Bail out if we didn't find a result.
   if (!lookup->IsValid() || !lookup->IsCacheable()) return;
 
   // Compute the number of arguments.
   int argc = target()->arguments_count();
+  Object* code = NULL;
 
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *object, *name, &code);
-
-  switch (state) {
-    case UNINITIALIZED:
-      code = StubCache::ComputeCallPreMonomorphic(argc);
-      break;
-    case MONOMORPHIC:
-      if (code->IsUndefined()) code = StubCache::ComputeCallMegamorphic(argc);
-      break;
-    default:
-      // Compute monomorphic stub.
-      switch (lookup->type()) {
-        case FIELD: {
-          int index = lookup->GetFieldIndex();
-          code = StubCache::ComputeCallField(argc, *name, *object,
-                                             lookup->holder(), index);
-          break;
-        }
-        case CONSTANT_FUNCTION: {
-          // Get the constant function and compute the code stub for this
-          // call; used for rewriting to monomorphic state and making sure
-          // that the code stub is in the stub cache.
-          JSFunction* function = lookup->GetConstantFunction();
-          code = StubCache::ComputeCallConstant(argc, *name, *object,
-                                                lookup->holder(), function);
-          break;
-        }
-        case NORMAL: {
-          // There is only one shared stub for calling normalized
-          // properties. It does not traverse the prototype chain, so the
-          // property must be found in the receiver for the stub to be
-          // applicable.
-          if (!object->IsJSObject()) return;
-          Handle<JSObject> receiver = Handle<JSObject>::cast(object);
-          if (lookup->holder() != *receiver) return;
-          code = StubCache::ComputeCallNormal(argc, *name, *receiver);
-          break;
-        }
-        case INTERCEPTOR: {
-          code = StubCache::ComputeCallInterceptor(argc, *name, *object,
-                                                   lookup->holder());
-          break;
-        }
-        default:
-          return;
+  if (state == UNINITIALIZED) {
+    // This is the first time we execute this inline cache.
+    // Set the target to the pre monomorphic stub to delay
+    // setting the monomorphic state.
+    code = StubCache::ComputeCallPreMonomorphic(argc);
+  } else if (state == MONOMORPHIC) {
+    code = StubCache::ComputeCallMegamorphic(argc);
+  } else {
+    // Compute monomorphic stub.
+    switch (lookup->type()) {
+      case FIELD: {
+        int index = lookup->GetFieldIndex();
+        code = StubCache::ComputeCallField(argc, *name, *object,
+                                           lookup->holder(), index);
+        break;
       }
-      break;
+      case CONSTANT_FUNCTION: {
+        // Get the constant function and compute the code stub for this
+        // call; used for rewriting to monomorphic state and making sure
+        // that the code stub is in the stub cache.
+        JSFunction* function = lookup->GetConstantFunction();
+        code = StubCache::ComputeCallConstant(argc, *name, *object,
+                                              lookup->holder(), function);
+        break;
+      }
+      case NORMAL: {
+        // There is only one shared stub for calling normalized
+        // properties. It does not traverse the prototype chain, so the
+        // property must be found in the receiver for the stub to be
+        // applicable.
+        if (!object->IsJSObject()) return;
+        Handle<JSObject> receiver = Handle<JSObject>::cast(object);
+        if (lookup->holder() != *receiver) return;
+        code = StubCache::ComputeCallNormal(argc, *name, *receiver);
+        break;
+      }
+      case INTERCEPTOR: {
+        code = StubCache::ComputeCallInterceptor(argc, *name, *object,
+                                                 lookup->holder());
+        break;
+      }
+      default:
+        return;
+    }
   }
 
   // If we're unable to compute the stub (not enough memory left), we
   // simply avoid updating the caches.
   if (code->IsFailure()) return;
 
   // Patch the call site depending on the state of the cache.
   if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
       state == MONOMORPHIC || state == MONOMORPHIC_PROTOTYPE_FAILURE) {
     set_target(Code::cast(code));
   }
 
 #ifdef DEBUG
   TraceIC("CallIC", name, state, target());
 #endif
 }
 
 
-Object* LoadIC::Load(Handle<Object> object, Handle<String> name) {
+Object* LoadIC::Load(State state, Handle<Object> object, Handle<String> name) {
   // If the object is undefined or null it's illegal to try to get any
   // of its properties; throw a TypeError in that case.
   if (object->IsUndefined() || object->IsNull()) {
     return TypeError("non_object_property_load", object, name);
   }
 
   if (FLAG_use_ic) {
     // Use specialized code for getting the length of strings.
     if (object->IsString() && name->Equals(Heap::length_symbol())) {
 #ifdef DEBUG
@@ skipping 52 matching lines @@
     }
     String* class_name = object->IsJSObject()
                          ? Handle<JSObject>::cast(object)->class_name()
                          : Heap::empty_string();
     LOG(SuspectReadEvent(*name, class_name));
     USE(class_name);
   }
 
   // Update inline cache and stub cache.
   if (FLAG_use_ic && lookup.IsLoaded()) {
-    UpdateCaches(&lookup, object, name);
+    UpdateCaches(&lookup, state, object, name);
   }
 
   PropertyAttributes attr;
   if (lookup.IsValid() && lookup.type() == INTERCEPTOR) {
     // Get the property.
     Object* result = object->GetProperty(*object, &lookup, *name, &attr);
     if (result->IsFailure()) return result;
     // If the property is not present, check if we need to throw an
     // exception.
     if (attr == ABSENT && is_contextual()) {
       return ReferenceError("not_defined", name);
     }
     return result;
   }
 
   // Get the property.
   return object->GetProperty(*object, &lookup, *name, &attr);
 }
 
 
 void LoadIC::UpdateCaches(LookupResult* lookup,
+                          State state,
                           Handle<Object> object,
                           Handle<String> name) {
   ASSERT(lookup->IsLoaded());
   // Bail out if we didn't find a result.
   if (!lookup->IsValid() || !lookup->IsCacheable()) return;
 
   // Loading properties from values is not common, so don't try to
   // deal with non-JS objects here.
   if (!object->IsJSObject()) return;
   Handle<JSObject> receiver = Handle<JSObject>::cast(object);
 
   // Compute the code stub for this load.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *object, *name, &code);
-
+  Object* code = NULL;
   if (state == UNINITIALIZED) {
     // This is the first time we execute this inline cache.
     // Set the target to the pre monomorphic stub to delay
     // setting the monomorphic state.
     code = pre_monomorphic_stub();
-  } else if (state != MONOMORPHIC) {
+  } else {
     // Compute monomorphic stub.
     switch (lookup->type()) {
       case FIELD: {
         code = StubCache::ComputeLoadField(*name, *receiver,
                                            lookup->holder(),
                                            lookup->GetFieldIndex());
         break;
       }
       case CONSTANT_FUNCTION: {
         Object* constant = lookup->GetConstantFunction();
@@ skipping 20 matching lines @@
         break;
       }
       case INTERCEPTOR: {
         code = StubCache::ComputeLoadInterceptor(*name, *receiver,
                                                  lookup->holder());
         break;
       }
       default:
         return;
     }
+  }
 
-    // If we're unable to compute the stub (not enough memory left), we
-    // simply avoid updating the caches.
-    if (code->IsFailure()) return;
-  }
+  // If we're unable to compute the stub (not enough memory left), we
+  // simply avoid updating the caches.
+  if (code->IsFailure()) return;
 
   // Patch the call site depending on the state of the cache.
   if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
       state == MONOMORPHIC_PROTOTYPE_FAILURE) {
     set_target(Code::cast(code));
-  } else if (state == MONOMORPHIC && code->IsUndefined()) {
+  } else if (state == MONOMORPHIC) {
     set_target(megamorphic_stub());
-  } else if (state == MONOMORPHIC) {
-    set_target(Code::cast(code));
   }
 
 #ifdef DEBUG
   TraceIC("LoadIC", name, state, target());
 #endif
 }
 
 
-Object* KeyedLoadIC::Load(Handle<Object> object,
+Object* KeyedLoadIC::Load(State state,
+                          Handle<Object> object,
                           Handle<Object> key) {
   if (key->IsSymbol()) {
     Handle<String> name = Handle<String>::cast(key);
 
     // If the object is undefined or null it's illegal to try to get any
     // of its properties; throw a TypeError in that case.
     if (object->IsUndefined() || object->IsNull()) {
       return TypeError("non_object_property_load", object, name);
     }
 
     if (FLAG_use_ic) {
       // Use specialized code for getting the length of strings.
       if (object->IsString() && name->Equals(Heap::length_symbol())) {
         Handle<String> string = Handle<String>::cast(object);
         Object* code = NULL;
         if (string->IsShortString()) {
           code = StubCache::ComputeKeyedLoadShortStringLength(*name, *string);
         } else if (string->IsMediumString()) {
           code =
               StubCache::ComputeKeyedLoadMediumStringLength(*name, *string);
         } else {
           ASSERT(string->IsLongString());
           code = StubCache::ComputeKeyedLoadLongStringLength(*name, *string);
         }
         if (code->IsFailure()) return code;
         set_target(Code::cast(code));
 #ifdef DEBUG
-        if (FLAG_trace_ic) PrintF("[KeyedLoadIC : +#length /string]\n");
+        TraceIC("KeyedLoadIC", name, state, target());
 #endif
         return Smi::FromInt(string->length());
       }
 
       // Use specialized code for getting the length of arrays.
       if (object->IsJSArray() && name->Equals(Heap::length_symbol())) {
         Handle<JSArray> array = Handle<JSArray>::cast(object);
         Object* code = StubCache::ComputeKeyedLoadArrayLength(*name, *array);
         if (code->IsFailure()) return code;
         set_target(Code::cast(code));
 #ifdef DEBUG
-        if (FLAG_trace_ic) PrintF("[KeyedLoadIC : +#length /array]\n");
+        TraceIC("KeyedLoadIC", name, state, target());
 #endif
         return JSArray::cast(*object)->length();
       }
 
       // Use specialized code for getting prototype of functions.
       if (object->IsJSFunction() && name->Equals(Heap::prototype_symbol())) {
         Handle<JSFunction> function = Handle<JSFunction>::cast(object);
         Object* code =
             StubCache::ComputeKeyedLoadFunctionPrototype(*name, *function);
         if (code->IsFailure()) return code;
         set_target(Code::cast(code));
 #ifdef DEBUG
-        if (FLAG_trace_ic) PrintF("[KeyedLoadIC : +#prototype /function]\n");
+        TraceIC("KeyedLoadIC", name, state, target());
 #endif
         return Accessors::FunctionGetPrototype(*object, 0);
       }
     }
 
     // Check if the name is trivially convertible to an index and get
     // the element or char if so.
     uint32_t index = 0;
     if (name->AsArrayIndex(&index)) {
       HandleScope scope;
       // Rewrite to the generic keyed load stub.
       if (FLAG_use_ic) set_target(generic_stub());
       return Runtime::GetElementOrCharAt(object, index);
     }
 
     // Named lookup.
     LookupResult lookup;
     object->Lookup(*name, &lookup);
 
     // If lookup is invalid, check if we need to throw an exception.
     if (!lookup.IsValid()) {
       if (FLAG_strict || is_contextual()) {
         return ReferenceError("not_defined", name);
       }
     }
 
     // Update the inline cache.
     if (FLAG_use_ic && lookup.IsLoaded()) {
-      UpdateCaches(&lookup, object, name);
+      UpdateCaches(&lookup, state, object, name);
     }
 
     PropertyAttributes attr;
     if (lookup.IsValid() && lookup.type() == INTERCEPTOR) {
       // Get the property.
       Object* result = object->GetProperty(*object, &lookup, *name, &attr);
       if (result->IsFailure()) return result;
       // If the property is not present, check if we need to throw an
       // exception.
       if (attr == ABSENT && is_contextual()) {
         return ReferenceError("not_defined", name);
       }
       return result;
     }
 
     return object->GetProperty(*object, &lookup, *name, &attr);
   }
 
   // Do not use ICs for objects that require access checks (including
   // the global object).
   bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
 
   if (use_ic) set_target(generic_stub());
 
   // Get the property.
   return Runtime::GetObjectProperty(object, key);
 }
 
 
-void KeyedLoadIC::UpdateCaches(LookupResult* lookup,
-                               Handle<Object> object,
-                               Handle<String> name) {
+void KeyedLoadIC::UpdateCaches(LookupResult* lookup, State state,
+                               Handle<Object> object, Handle<String> name) {
   ASSERT(lookup->IsLoaded());
   // Bail out if we didn't find a result.
   if (!lookup->IsValid() || !lookup->IsCacheable()) return;
 
   if (!object->IsJSObject()) return;
   Handle<JSObject> receiver = Handle<JSObject>::cast(object);
 
-  // Compute the state of the current inline cache.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *object, *name, &code);
+  // Compute the code stub for this load.
+  Object* code = NULL;
 
-  // Compute the code stub for this load.
   if (state == UNINITIALIZED) {
     // This is the first time we execute this inline cache.
     // Set the target to the pre monomorphic stub to delay
     // setting the monomorphic state.
     code = pre_monomorphic_stub();
   } else {
     // Compute a monomorphic stub.
     switch (lookup->type()) {
       case FIELD: {
         code = StubCache::ComputeKeyedLoadField(*name, *receiver,
@@ skipping 42 matching lines @@
   } else if (state == MONOMORPHIC) {
     set_target(megamorphic_stub());
   }
 
 #ifdef DEBUG
   TraceIC("KeyedLoadIC", name, state, target());
 #endif
 }
 
 
-Object* StoreIC::Store(Handle<Object> object,
+Object* StoreIC::Store(State state,
+                       Handle<Object> object,
                        Handle<String> name,
                        Handle<Object> value) {
   // If the object is undefined or null it's illegal to try to set any
   // properties on it; throw a TypeError in that case.
   if (object->IsUndefined() || object->IsNull()) {
     return TypeError("non_object_property_store", object, name);
   }
 
   // Ignore stores where the receiver is not a JSObject.
   if (!object->IsJSObject()) return *value;
   Handle<JSObject> receiver = Handle<JSObject>::cast(object);
 
   // Check if the given name is an array index.
   uint32_t index;
   if (name->AsArrayIndex(&index)) {
     HandleScope scope;
     Handle<Object> result = SetElement(receiver, index, value);
     if (result.is_null()) return Failure::Exception();
     return *value;
   }
 
   // Lookup the property locally in the receiver.
   LookupResult lookup;
   receiver->LocalLookup(*name, &lookup);
 
   // Update inline cache and stub cache.
   if (FLAG_use_ic && lookup.IsLoaded()) {
-    UpdateCaches(&lookup, receiver, name, value);
+    UpdateCaches(&lookup, state, receiver, name, value);
   }
 
   // Set the property.
   return receiver->SetProperty(*name, *value, NONE);
 }
 
 
 void StoreIC::UpdateCaches(LookupResult* lookup,
+                           State state,
                            Handle<JSObject> receiver,
                            Handle<String> name,
                            Handle<Object> value) {
   ASSERT(lookup->IsLoaded());
   // Bail out if we didn't find a result.
   if (!lookup->IsValid() || !lookup->IsCacheable()) return;
 
   // If the property is read-only, we leave the IC in its current
   // state.
   if (lookup->IsReadOnly()) return;
 
   // If the property has a non-field type allowing map transitions
   // where there is extra room in the object, we leave the IC in its
   // current state.
   PropertyType type = lookup->type();
 
-  // Compute the state of the current inline cache.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *receiver, *name, &code);
-
   // Compute the code stub for this store; used for rewriting to
   // monomorphic state and making sure that the code stub is in the
   // stub cache.
+  Object* code = NULL;
   switch (type) {
     case FIELD: {
       code = StubCache::ComputeStoreField(*name, *receiver,
                                           lookup->GetFieldIndex());
       break;
     }
     case MAP_TRANSITION: {
       if (lookup->GetAttributes() != NONE) return;
       if (receiver->map()->unused_property_fields() == 0) return;
       HandleScope scope;
@@ skipping 29 matching lines @@
   } else if (state == MONOMORPHIC) {
     set_target(megamorphic_stub());
   }
 
 #ifdef DEBUG
   TraceIC("StoreIC", name, state, target());
 #endif
 }
 
 
-Object* KeyedStoreIC::Store(Handle<Object> object,
+Object* KeyedStoreIC::Store(State state,
+                            Handle<Object> object,
                             Handle<Object> key,
                             Handle<Object> value) {
   if (key->IsSymbol()) {
     Handle<String> name = Handle<String>::cast(key);
 
     // If the object is undefined or null it's illegal to try to set any
     // properties on it; throw a TypeError in that case.
     if (object->IsUndefined() || object->IsNull()) {
       return TypeError("non_object_property_store", object, name);
     }
@@ skipping 10 matching lines @@
       if (result.is_null()) return Failure::Exception();
       return *value;
     }
 
     // Lookup the property locally in the receiver.
     LookupResult lookup;
     receiver->LocalLookup(*name, &lookup);
 
     // Update inline cache and stub cache.
     if (FLAG_use_ic && lookup.IsLoaded()) {
-      UpdateCaches(&lookup, receiver, name, value);
+      UpdateCaches(&lookup, state, receiver, name, value);
     }
 
     // Set the property.
     return receiver->SetProperty(*name, *value, NONE);
   }
 
   // Do not use ICs for objects that require access checks (including
   // the global object).
   bool use_ic = FLAG_use_ic && !object->IsAccessCheckNeeded();
 
   if (use_ic) set_target(generic_stub());
 
   // Set the property.
   return Runtime::SetObjectProperty(object, key, value, NONE);
 }
 
 
 void KeyedStoreIC::UpdateCaches(LookupResult* lookup,
+                                State state,
                                 Handle<JSObject> receiver,
                                 Handle<String> name,
                                 Handle<Object> value) {
   ASSERT(lookup->IsLoaded());
   // Bail out if we didn't find a result.
   if (!lookup->IsValid() || !lookup->IsCacheable()) return;
 
   // If the property is read-only, we leave the IC in its current
   // state.
   if (lookup->IsReadOnly()) return;
 
   // If the property has a non-field type allowing map transitions
   // where there is extra room in the object, we leave the IC in its
   // current state.
   PropertyType type = lookup->type();
 
   // Compute the code stub for this store; used for rewriting to
   // monomorphic state and making sure that the code stub is in the
   // stub cache.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *receiver, *name, &code);
+  Object* code = NULL;
 
   switch (type) {
     case FIELD: {
       code = StubCache::ComputeKeyedStoreField(*name, *receiver,
                                                lookup->GetFieldIndex());
       break;
     }
     case MAP_TRANSITION: {
       if (lookup->GetAttributes() == NONE) {
         if (receiver->map()->unused_property_fields() == 0) return;
@@ skipping 37 matching lines @@
 
 // ----------------------------------------------------------------------------
 // Static IC stub generators.
 //
 
 // Used from ic_<arch>.cc.
 Object* CallIC_Miss(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 2);
   CallIC ic;
-  return ic.LoadFunction(args.at<Object>(0), args.at<String>(1));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.LoadFunction(state, args.at<Object>(0), args.at<String>(1));
 }
 
 
 void CallIC::GenerateInitialize(MacroAssembler* masm, int argc) {
   Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
 }
 
 
 void CallIC::GeneratePreMonomorphic(MacroAssembler* masm, int argc) {
   Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
 }
 
 
 void CallIC::GenerateMiss(MacroAssembler* masm, int argc) {
   Generate(masm, argc, ExternalReference(IC_Utility(kCallIC_Miss)));
 }
 
 
 // Used from ic_<arch>.cc.
 Object* LoadIC_Miss(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 2);
   LoadIC ic;
-  return ic.Load(args.at<Object>(0), args.at<String>(1));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Load(state, args.at<Object>(0), args.at<String>(1));
 }
 
 
 void LoadIC::GenerateInitialize(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kLoadIC_Miss)));
 }
 
 
 void LoadIC::GeneratePreMonomorphic(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kLoadIC_Miss)));
 }
 
 
 // Used from ic_<arch>.cc
 Object* KeyedLoadIC_Miss(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 2);
   KeyedLoadIC ic;
-  return ic.Load(args.at<Object>(0), args.at<Object>(1));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Load(state, args.at<Object>(0), args.at<Object>(1));
 }
 
 
 void KeyedLoadIC::GenerateInitialize(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kKeyedLoadIC_Miss)));
 }
 
 
 void KeyedLoadIC::GeneratePreMonomorphic(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kKeyedLoadIC_Miss)));
 }
 
 
 // Used from ic_<arch>.cc.
 Object* StoreIC_Miss(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 3);
   StoreIC ic;
-  return ic.Store(args.at<Object>(0), args.at<String>(1), args.at<Object>(2));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Store(state, args.at<Object>(0), args.at<String>(1),
+                  args.at<Object>(2));
 }
 
 
 void StoreIC::GenerateInitialize(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kStoreIC_Miss)));
 }
 
 
 void StoreIC::GenerateMiss(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kStoreIC_Miss)));
 }
 
 
 // Used from ic_<arch>.cc.
 Object* KeyedStoreIC_Miss(Arguments args) {
   NoHandleAllocation na;
   ASSERT(args.length() == 3);
   KeyedStoreIC ic;
-  return ic.Store(args.at<Object>(0), args.at<Object>(1), args.at<Object>(2));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Store(state, args.at<Object>(0), args.at<Object>(1),
+                  args.at<Object>(2));
 }
 
 
 void KeyedStoreIC::GenerateInitialize(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kKeyedStoreIC_Miss)));
 }
 
 
 void KeyedStoreIC::GenerateMiss(MacroAssembler* masm) {
   Generate(masm, ExternalReference(IC_Utility(kKeyedStoreIC_Miss)));
 }
 
 
 static Address IC_utilities[] = {
 #define ADDR(name) FUNCTION_ADDR(name),
     IC_UTIL_LIST(ADDR)
     NULL
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) {
   return IC_utilities[id];
 }
 
 
 } }  // namespace v8::internal