Merge bleeding_edge 17696:18016.

src/stub-cache.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 84 matching lines @@
   primary->value = code;
   primary->map = map;
   isolate()->counters()->megamorphic_stub_cache_updates()->Increment();
   return code;
 }
 
 
 Handle<Code> StubCache::FindIC(Handle<Name> name,
                                Handle<Map> stub_holder_map,
                                Code::Kind kind,
-                               Code::ExtraICState extra_state) {
-  Code::Flags flags = Code::ComputeMonomorphicFlags(kind, extra_state);
+                               Code::ExtraICState extra_state,
+                               InlineCacheHolderFlag cache_holder) {
+  Code::Flags flags = Code::ComputeMonomorphicFlags(
+      kind, extra_state, cache_holder);
   Handle<Object> probe(stub_holder_map->FindInCodeCache(*name, flags),
                        isolate_);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
   return Handle<Code>::null();
 }
 
 
-Handle<Code> StubCache::FindIC(Handle<Name> name,
-                               Handle<JSObject> stub_holder,
-                               Code::Kind kind,
-                               Code::ExtraICState extra_ic_state) {
-  return FindIC(name, Handle<Map>(stub_holder->map()), kind, extra_ic_state);
-}
-
-
 Handle<Code> StubCache::FindHandler(Handle<Name> name,
-                                    Handle<JSObject> receiver,
+                                    Handle<HeapObject> stub_holder,
                                     Code::Kind kind,
+                                    InlineCacheHolderFlag cache_holder,
                                     StrictModeFlag strict_mode) {
   Code::ExtraICState extra_ic_state = Code::kNoExtraICState;
   if (kind == Code::STORE_IC || kind == Code::KEYED_STORE_IC) {
     extra_ic_state = Code::ComputeExtraICState(
         STANDARD_STORE, strict_mode);
   }
   Code::Flags flags = Code::ComputeMonomorphicFlags(
-      Code::HANDLER, extra_ic_state, Code::NORMAL, kind);
-  Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
+      Code::HANDLER, extra_ic_state, cache_holder, Code::NORMAL, kind);
+
+  Handle<Object> probe(stub_holder->map()->FindInCodeCache(*name, flags),
                        isolate_);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
   return Handle<Code>::null();
 }
 
 
-Handle<Code> StubCache::ComputeMonomorphicIC(Handle<HeapObject> receiver,
+Handle<Code> StubCache::ComputeMonomorphicIC(Handle<Name> name,
+                                             Handle<Type> type,
                                              Handle<Code> handler,
-                                             Handle<Name> name,
                                              StrictModeFlag strict_mode) {
   Code::Kind kind = handler->handler_kind();
-  Handle<Map> map(receiver->map());
-  Handle<Code> ic = FindIC(name, map, kind, strict_mode);
-  if (!ic.is_null()) return ic;
+  InlineCacheHolderFlag flag = IC::GetCodeCacheFlag(*type);
+
+  Handle<Map> stub_holder;
+  Handle<Code> ic;
+  // There are multiple string maps that all use the same prototype. That
+  // prototype cannot hold multiple handlers, one for each of the string maps,
+  // for a single name. Hence, turn off caching of the IC.
+  bool can_be_cached = !type->Is(Type::String());
+  if (can_be_cached) {
+    stub_holder = IC::GetCodeCacheHolder(flag, *type, isolate());
+    ic = FindIC(name, stub_holder, kind, strict_mode, flag);
+    if (!ic.is_null()) return ic;
+  }
 
   if (kind == Code::LOAD_IC) {
-    LoadStubCompiler ic_compiler(isolate());
-    ic = ic_compiler.CompileMonomorphicIC(map, handler, name);
+    LoadStubCompiler ic_compiler(isolate(), flag);
+    ic = ic_compiler.CompileMonomorphicIC(type, handler, name);
   } else if (kind == Code::KEYED_LOAD_IC) {
-    KeyedLoadStubCompiler ic_compiler(isolate());
-    ic = ic_compiler.CompileMonomorphicIC(map, handler, name);
+    KeyedLoadStubCompiler ic_compiler(isolate(), flag);
+    ic = ic_compiler.CompileMonomorphicIC(type, handler, name);
   } else if (kind == Code::STORE_IC) {
     StoreStubCompiler ic_compiler(isolate(), strict_mode);
-    ic = ic_compiler.CompileMonomorphicIC(map, handler, name);
+    ic = ic_compiler.CompileMonomorphicIC(type, handler, name);
   } else {
     ASSERT(kind == Code::KEYED_STORE_IC);
     KeyedStoreStubCompiler ic_compiler(isolate(), strict_mode, STANDARD_STORE);
-    ic = ic_compiler.CompileMonomorphicIC(map, handler, name);
+    ic = ic_compiler.CompileMonomorphicIC(type, handler, name);
   }
 
-  HeapObject::UpdateMapCodeCache(receiver, name, ic);
+  if (can_be_cached) Map::UpdateCodeCache(stub_holder, name, ic);
   return ic;
 }
 
 
 Handle<Code> StubCache::ComputeLoadNonexistent(Handle<Name> name,
-                                               Handle<JSObject> receiver) {
+                                               Handle<Object> object) {
+  InlineCacheHolderFlag cache_holder = IC::GetCodeCacheForObject(*object);
+  Handle<HeapObject> stub_holder(IC::GetCodeCacheHolder(
+      isolate(), *object, cache_holder));
   // If no global objects are present in the prototype chain, the load
   // nonexistent IC stub can be shared for all names for a given map
   // and we use the empty string for the map cache in that case.  If
   // there are global objects involved, we need to check global
   // property cells in the stub and therefore the stub will be
   // specific to the name.
   Handle<Name> cache_name = factory()->empty_string();
   Handle<JSObject> current;
-  Handle<Object> next = receiver;
+  Handle<Object> next = stub_holder;
   Handle<JSGlobalObject> global;
   do {
     current = Handle<JSObject>::cast(next);
     next = Handle<Object>(current->GetPrototype(), isolate_);
     if (current->IsJSGlobalObject()) {
       global = Handle<JSGlobalObject>::cast(current);
       cache_name = name;
     } else if (!current->HasFastProperties()) {
       cache_name = name;
     }
   } while (!next->IsNull());
 
   // Compile the stub that is either shared for all names or
   // name specific if there are global objects involved.
-  Handle<Code> handler = FindHandler(cache_name, receiver, Code::LOAD_IC);
+  Handle<Code> handler = FindHandler(
+      cache_name, stub_holder, Code::LOAD_IC, cache_holder);
   if (!handler.is_null()) return handler;
 
-  LoadStubCompiler compiler(isolate_);
+  LoadStubCompiler compiler(isolate_, cache_holder);
   handler =
-      compiler.CompileLoadNonexistent(receiver, current, cache_name, global);
-  HeapObject::UpdateMapCodeCache(receiver, cache_name, handler);
+      compiler.CompileLoadNonexistent(object, current, cache_name, global);
+  HeapObject::UpdateMapCodeCache(stub_holder, cache_name, handler);
   return handler;
 }
 
 
 Handle<Code> StubCache::ComputeKeyedLoadElement(Handle<Map> receiver_map) {
   Code::Flags flags = Code::ComputeMonomorphicFlags(Code::KEYED_LOAD_IC);
   Handle<Name> name =
       isolate()->factory()->KeyedLoadElementMonomorphic_string();
 
   Handle<Object> probe(receiver_map->FindInCodeCache(*name, flags), isolate_);
@@ skipping 39 matching lines @@
     (kind == Code::CALL_IC ? Logger::type : Logger::KEYED_##type)
 
 Handle<Code> StubCache::ComputeCallConstant(int argc,
                                             Code::Kind kind,
                                             Code::ExtraICState extra_state,
                                             Handle<Name> name,
                                             Handle<Object> object,
                                             Handle<JSObject> holder,
                                             Handle<JSFunction> function) {
   // Compute the check type and the map.
-  InlineCacheHolderFlag cache_holder =
-      IC::GetCodeCacheForObject(*object, *holder);
-  Handle<JSObject> stub_holder(IC::GetCodeCacheHolder(
+  InlineCacheHolderFlag cache_holder = IC::GetCodeCacheForObject(*object);
+  Handle<HeapObject> stub_holder(IC::GetCodeCacheHolder(
       isolate_, *object, cache_holder));
 
   // Compute check type based on receiver/holder.
   CheckType check = RECEIVER_MAP_CHECK;
   if (object->IsString()) {
     check = STRING_CHECK;
   } else if (object->IsSymbol()) {
     check = SYMBOL_CHECK;
   } else if (object->IsNumber()) {
     check = NUMBER_CHECK;
   } else if (object->IsBoolean()) {
     check = BOOLEAN_CHECK;
   }
 
   if (check != RECEIVER_MAP_CHECK &&
       !function->IsBuiltin() &&
       function->shared()->is_classic_mode()) {
     // Calling non-strict non-builtins with a value as the receiver
     // requires boxing.
     return Handle<Code>::null();
   }
 
   Code::Flags flags = Code::ComputeMonomorphicFlags(
-      kind, extra_state, Code::CONSTANT, argc, cache_holder);
+      kind, extra_state, cache_holder, Code::FAST, argc);
   Handle<Object> probe(stub_holder->map()->FindInCodeCache(*name, flags),
                        isolate_);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
 
   CallStubCompiler compiler(isolate_, argc, kind, extra_state, cache_holder);
   Handle<Code> code =
       compiler.CompileCallConstant(object, holder, name, check, function);
   code->set_check_type(check);
   ASSERT(flags == code->flags());
   PROFILE(isolate_,
           CodeCreateEvent(CALL_LOGGER_TAG(kind, CALL_IC_TAG), *code, *name));
   GDBJIT(AddCode(GDBJITInterface::CALL_IC, *name, *code));
 
   if (CallStubCompiler::CanBeCached(function)) {
     HeapObject::UpdateMapCodeCache(stub_holder, name, code);
   }
   return code;
 }
 
 
 Handle<Code> StubCache::ComputeCallField(int argc,
                                          Code::Kind kind,
                                          Code::ExtraICState extra_state,
                                          Handle<Name> name,
                                          Handle<Object> object,
                                          Handle<JSObject> holder,
                                          PropertyIndex index) {
   // Compute the check type and the map.
-  InlineCacheHolderFlag cache_holder =
-      IC::GetCodeCacheForObject(*object, *holder);
-  Handle<JSObject> stub_holder(IC::GetCodeCacheHolder(
+  InlineCacheHolderFlag cache_holder = IC::GetCodeCacheForObject(*object);
+  Handle<HeapObject> stub_holder(IC::GetCodeCacheHolder(
       isolate_, *object, cache_holder));
 
   // TODO(1233596): We cannot do receiver map check for non-JS objects
   // because they may be represented as immediates without a
   // map. Instead, we check against the map in the holder.
   if (object->IsNumber() || object->IsSymbol() ||
       object->IsBoolean() || object->IsString()) {
     object = holder;
   }
 
   Code::Flags flags = Code::ComputeMonomorphicFlags(
-      kind, extra_state, Code::FIELD, argc, cache_holder);
+      kind, extra_state, cache_holder, Code::FAST, argc);
   Handle<Object> probe(stub_holder->map()->FindInCodeCache(*name, flags),
                        isolate_);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
 
   CallStubCompiler compiler(isolate_, argc, kind, extra_state, cache_holder);
   Handle<Code> code =
       compiler.CompileCallField(Handle<JSObject>::cast(object),
                                 holder, index, name);
   ASSERT(flags == code->flags());
   PROFILE(isolate_,
           CodeCreateEvent(CALL_LOGGER_TAG(kind, CALL_IC_TAG), *code, *name));
   GDBJIT(AddCode(GDBJITInterface::CALL_IC, *name, *code));
   HeapObject::UpdateMapCodeCache(stub_holder, name, code);
   return code;
 }
 
 
 Handle<Code> StubCache::ComputeCallInterceptor(int argc,
                                                Code::Kind kind,
                                                Code::ExtraICState extra_state,
                                                Handle<Name> name,
                                                Handle<Object> object,
                                                Handle<JSObject> holder) {
   // Compute the check type and the map.
-  InlineCacheHolderFlag cache_holder =
-      IC::GetCodeCacheForObject(*object, *holder);
-  Handle<JSObject> stub_holder(IC::GetCodeCacheHolder(
+  InlineCacheHolderFlag cache_holder = IC::GetCodeCacheForObject(*object);
+  Handle<HeapObject> stub_holder(IC::GetCodeCacheHolder(
       isolate_, *object, cache_holder));
 
   // TODO(1233596): We cannot do receiver map check for non-JS objects
   // because they may be represented as immediates without a
   // map. Instead, we check against the map in the holder.
   if (object->IsNumber() || object->IsSymbol() ||
       object->IsBoolean() || object->IsString()) {
     object = holder;
   }
 
   Code::Flags flags = Code::ComputeMonomorphicFlags(
-      kind, extra_state, Code::INTERCEPTOR, argc, cache_holder);
+      kind, extra_state, cache_holder, Code::FAST, argc);
   Handle<Object> probe(stub_holder->map()->FindInCodeCache(*name, flags),
                        isolate_);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
 
   CallStubCompiler compiler(isolate(), argc, kind, extra_state, cache_holder);
   Handle<Code> code =
       compiler.CompileCallInterceptor(Handle<JSObject>::cast(object),
                                       holder, name);
   ASSERT(flags == code->flags());
   PROFILE(isolate(),
           CodeCreateEvent(CALL_LOGGER_TAG(kind, CALL_IC_TAG), *code, *name));
   GDBJIT(AddCode(GDBJITInterface::CALL_IC, *name, *code));
   HeapObject::UpdateMapCodeCache(stub_holder, name, code);
   return code;
 }
 
 
 Handle<Code> StubCache::ComputeCallGlobal(int argc,
                                           Code::Kind kind,
                                           Code::ExtraICState extra_state,
                                           Handle<Name> name,
                                           Handle<JSObject> receiver,
                                           Handle<GlobalObject> holder,
                                           Handle<PropertyCell> cell,
                                           Handle<JSFunction> function) {
   Code::Flags flags = Code::ComputeMonomorphicFlags(
-      kind, extra_state, Code::NORMAL, argc);
+      kind, extra_state, OWN_MAP, Code::NORMAL, argc);
   Handle<Object> probe(receiver->map()->FindInCodeCache(*name, flags),
                        isolate_);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
 
   CallStubCompiler compiler(isolate(), argc, kind, extra_state);
   Handle<Code> code =
       compiler.CompileCallGlobal(receiver, holder, cell, function, name);
   ASSERT(flags == code->flags());
   PROFILE(isolate(),
           CodeCreateEvent(CALL_LOGGER_TAG(kind, CALL_IC_TAG), *code, *name));
@@ skipping 167 matching lines @@
   ic->ReplaceNthObject(1, isolate_->heap()->meta_map(), *receiver_map);
 
   if (!receiver_map->is_shared()) {
     Map::UpdateCodeCache(receiver_map, name, ic);
   }
 
   return ic;
 }
 
 
+// TODO(verwaest): Change this method so it takes in a TypeHandleList.
 Handle<Code> StubCache::ComputeLoadElementPolymorphic(
     MapHandleList* receiver_maps) {
   Code::Flags flags = Code::ComputeFlags(Code::KEYED_LOAD_IC, POLYMORPHIC);
   Handle<PolymorphicCodeCache> cache =
       isolate_->factory()->polymorphic_code_cache();
   Handle<Object> probe = cache->Lookup(receiver_maps, flags);
   if (probe->IsCode()) return Handle<Code>::cast(probe);
 
+  TypeHandleList types(receiver_maps->length());
+  for (int i = 0; i < receiver_maps->length(); i++) {
+    types.Add(handle(Type::Class(receiver_maps->at(i)), isolate()));
+  }
   CodeHandleList handlers(receiver_maps->length());
   KeyedLoadStubCompiler compiler(isolate_);
   compiler.CompileElementHandlers(receiver_maps, &handlers);
   Handle<Code> code = compiler.CompilePolymorphicIC(
-      receiver_maps, &handlers, factory()->empty_string(),
-      Code::NORMAL, ELEMENT);
+      &types, &handlers, factory()->empty_string(), Code::NORMAL, ELEMENT);
 
   isolate()->counters()->keyed_load_polymorphic_stubs()->Increment();
 
   PolymorphicCodeCache::Update(cache, receiver_maps, flags, code);
   return code;
 }
 
 
-Handle<Code> StubCache::ComputePolymorphicIC(MapHandleList* receiver_maps,
+Handle<Code> StubCache::ComputePolymorphicIC(TypeHandleList* types,
                                              CodeHandleList* handlers,
-                                             int number_of_valid_maps,
+                                             int number_of_valid_types,
                                              Handle<Name> name,
                                              StrictModeFlag strict_mode) {
   Handle<Code> handler = handlers->at(0);
   Code::Kind kind = handler->handler_kind();
-  Code::StubType type = number_of_valid_maps == 1 ? handler->type()
-                                                  : Code::NORMAL;
+  Code::StubType type = number_of_valid_types == 1 ? handler->type()
+                                                   : Code::NORMAL;
   if (kind == Code::LOAD_IC) {
     LoadStubCompiler ic_compiler(isolate_);
     return ic_compiler.CompilePolymorphicIC(
-        receiver_maps, handlers, name, type, PROPERTY);
+        types, handlers, name, type, PROPERTY);
   } else {
     ASSERT(kind == Code::STORE_IC);
     StoreStubCompiler ic_compiler(isolate_, strict_mode);
     return ic_compiler.CompilePolymorphicIC(
-        receiver_maps, handlers, name, type, PROPERTY);
+        types, handlers, name, type, PROPERTY);
   }
 }
 
 
 Handle<Code> StubCache::ComputeStoreElementPolymorphic(
     MapHandleList* receiver_maps,
     KeyedAccessStoreMode store_mode,
     StrictModeFlag strict_mode) {
   ASSERT(store_mode == STANDARD_STORE ||
          store_mode == STORE_AND_GROW_NO_TRANSITION ||
@@ skipping 186 matching lines @@
   return isolate->heap()->no_interceptor_result_sentinel();
 }
 
 
 static MaybeObject* ThrowReferenceError(Isolate* isolate, Name* name) {
   // If the load is non-contextual, just return the undefined result.
   // Note that both keyed and non-keyed loads may end up here, so we
   // can't use either LoadIC or KeyedLoadIC constructors.
   HandleScope scope(isolate);
   IC ic(IC::NO_EXTRA_FRAME, isolate);
-  ASSERT(ic.target()->is_load_stub() || ic.target()->is_keyed_load_stub());
+  ASSERT(ic.IsLoadStub());
   if (!ic.SlowIsUndeclaredGlobal()) return isolate->heap()->undefined_value();
 
   // Throw a reference error.
   Handle<Name> name_handle(name);
   Handle<Object> error =
       isolate->factory()->NewReferenceError("not_defined",
                                             HandleVector(&name_handle, 1));
   return isolate->Throw(*error);
 }
 
@@ skipping 249 matching lines @@
 #undef CALL_LOGGER_TAG
 
 
 Handle<Code> StubCompiler::GetCodeWithFlags(Code::Flags flags,
                                             const char* name) {
   // Create code object in the heap.
   CodeDesc desc;
   masm_.GetCode(&desc);
   Handle<Code> code = factory()->NewCode(desc, flags, masm_.CodeObject());
 #ifdef ENABLE_DISASSEMBLER
-  if (FLAG_print_code_stubs) {
-    CodeTracer::Scope trace_scope(isolate()->GetCodeTracer());
-    code->Disassemble(name, trace_scope.file());
-  }
+  if (FLAG_print_code_stubs) code->Disassemble(name);
 #endif
   return code;
 }
 
 
 Handle<Code> StubCompiler::GetCodeWithFlags(Code::Flags flags,
                                             Handle<Name> name) {
   return (FLAG_print_code_stubs && !name.is_null() && name->IsString())
       ? GetCodeWithFlags(flags, *Handle<String>::cast(name)->ToCString())
       : GetCodeWithFlags(flags, NULL);
 }
 
 
 void StubCompiler::LookupPostInterceptor(Handle<JSObject> holder,
                                          Handle<Name> name,
                                          LookupResult* lookup) {
   holder->LocalLookupRealNamedProperty(*name, lookup);
   if (lookup->IsFound()) return;
   if (holder->GetPrototype()->IsNull()) return;
   holder->GetPrototype()->Lookup(*name, lookup);
 }
 
 
 #define __ ACCESS_MASM(masm())
 
 
 Register LoadStubCompiler::HandlerFrontendHeader(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Register object_reg,
     Handle<JSObject> holder,
     Handle<Name> name,
     Label* miss) {
-  return CheckPrototypes(object, object_reg, holder,
+  Handle<JSObject> receiver;
+  PrototypeCheckType check_type = CHECK_ALL_MAPS;
+  int function_index = -1;
+  if (object->IsJSObject()) {
+    receiver = Handle<JSObject>::cast(object);
+    check_type = SKIP_RECEIVER;
+  } else {
+    if (object->IsString()) {
+      function_index = Context::STRING_FUNCTION_INDEX;
+    } else if (object->IsSymbol()) {
+      function_index = Context::SYMBOL_FUNCTION_INDEX;
+    } else if (object->IsNumber()) {
+      function_index = Context::NUMBER_FUNCTION_INDEX;
+    } else {
+      ASSERT(object->IsBoolean());
+      // Booleans use the generic oddball map, so an additional check is
+      // needed to ensure the receiver is really a boolean.
+      GenerateBooleanCheck(object_reg, miss);
+      function_index = Context::BOOLEAN_FUNCTION_INDEX;
+    }
+
+    GenerateDirectLoadGlobalFunctionPrototype(
+        masm(), function_index, scratch1(), miss);
+    receiver = handle(JSObject::cast(object->GetPrototype(isolate())));
+    object_reg = scratch1();
+  }
+
+  // Check that the maps starting from the prototype haven't changed.
+  return CheckPrototypes(receiver, object_reg, holder,
                          scratch1(), scratch2(), scratch3(),
-                         name, miss, SKIP_RECEIVER);
+                         name, miss, check_type);
 }
 
 
 // HandlerFrontend for store uses the name register. It has to be restored
 // before a miss.
 Register StoreStubCompiler::HandlerFrontendHeader(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Register object_reg,
     Handle<JSObject> holder,
     Handle<Name> name,
     Label* miss) {
-  return CheckPrototypes(object, object_reg, holder,
+  return CheckPrototypes(Handle<JSObject>::cast(object), object_reg, holder,
                          this->name(), scratch1(), scratch2(),
                          name, miss, SKIP_RECEIVER);
 }
 
 
-Register BaseLoadStoreStubCompiler::HandlerFrontend(Handle<JSObject> object,
+bool BaseLoadStoreStubCompiler::IncludesNumberType(TypeHandleList* types) {
+  for (int i = 0; i < types->length(); ++i) {
+    if (types->at(i)->Is(Type::Number())) return true;
+  }
+  return false;
+}
+
+
+Register BaseLoadStoreStubCompiler::HandlerFrontend(Handle<Object> object,
                                                     Register object_reg,
                                                     Handle<JSObject> holder,
-                                                    Handle<Name> name,
-                                                    Label* success) {
+                                                    Handle<Name> name) {
   Label miss;
 
   Register reg = HandlerFrontendHeader(object, object_reg, holder, name, &miss);
 
-  HandlerFrontendFooter(name, success, &miss);
+  HandlerFrontendFooter(name, &miss);
+
   return reg;
 }
 
 
 void LoadStubCompiler::NonexistentHandlerFrontend(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> last,
     Handle<Name> name,
-    Label* success,
     Handle<JSGlobalObject> global) {
   Label miss;
 
-  Register holder =
-      HandlerFrontendHeader(object, receiver(), last, name, &miss);
+  Register holder = HandlerFrontendHeader(
+      object, receiver(), last, name, &miss);
 
   if (!last->HasFastProperties() &&
       !last->IsJSGlobalObject() &&
       !last->IsJSGlobalProxy()) {
     if (!name->IsUniqueName()) {
       ASSERT(name->IsString());
       name = factory()->InternalizeString(Handle<String>::cast(name));
     }
     ASSERT(last->property_dictionary()->FindEntry(*name) ==
         NameDictionary::kNotFound);
     GenerateDictionaryNegativeLookup(masm(), &miss, holder, name,
                                      scratch2(), scratch3());
   }
 
   // If the last object in the prototype chain is a global object,
   // check that the global property cell is empty.
   if (!global.is_null()) {
     GenerateCheckPropertyCell(masm(), global, name, scratch2(), &miss);
   }
 
-  HandlerFrontendFooter(name, success, &miss);
+  HandlerFrontendFooter(name, &miss);
 }
 
 
 Handle<Code> LoadStubCompiler::CompileLoadField(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     PropertyIndex field,
     Representation representation) {
   Label miss;
 
   Register reg = HandlerFrontendHeader(object, receiver(), holder, name, &miss);
 
   GenerateLoadField(reg, holder, field, representation);
 
   __ bind(&miss);
   TailCallBuiltin(masm(), MissBuiltin(kind()));
 
   // Return the generated code.
-  return GetCode(kind(), Code::FIELD, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> LoadStubCompiler::CompileLoadConstant(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     Handle<Object> value) {
-  Label success;
-  HandlerFrontend(object, receiver(), holder, name, &success);
-  __ bind(&success);
+  HandlerFrontend(object, receiver(), holder, name);
   GenerateLoadConstant(value);
 
   // Return the generated code.
-  return GetCode(kind(), Code::CONSTANT, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> LoadStubCompiler::CompileLoadCallback(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     Handle<ExecutableAccessorInfo> callback) {
-  Label success;
-
   Register reg = CallbackHandlerFrontend(
-      object, receiver(), holder, name, &success, callback);
-  __ bind(&success);
+      object, receiver(), holder, name, callback);
   GenerateLoadCallback(reg, callback);
 
   // Return the generated code.
-  return GetCode(kind(), Code::CALLBACKS, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> LoadStubCompiler::CompileLoadCallback(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     const CallOptimization& call_optimization) {
   ASSERT(call_optimization.is_simple_api_call());
-  Label success;
-
   Handle<JSFunction> callback = call_optimization.constant_function();
-  CallbackHandlerFrontend(
-      object, receiver(), holder, name, &success, callback);
-  __ bind(&success);
+  CallbackHandlerFrontend(object, receiver(), holder, name, callback);
   GenerateLoadCallback(call_optimization);
 
   // Return the generated code.
-  return GetCode(kind(), Code::CALLBACKS, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> LoadStubCompiler::CompileLoadInterceptor(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> holder,
     Handle<Name> name) {
-  Label success;
-
   LookupResult lookup(isolate());
   LookupPostInterceptor(holder, name, &lookup);
 
-  Register reg = HandlerFrontend(object, receiver(), holder, name, &success);
-  __ bind(&success);
+  Register reg = HandlerFrontend(object, receiver(), holder, name);
   // TODO(368): Compile in the whole chain: all the interceptors in
   // prototypes and ultimate answer.
   GenerateLoadInterceptor(reg, object, holder, &lookup, name);
 
   // Return the generated code.
-  return GetCode(kind(), Code::INTERCEPTOR, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 void LoadStubCompiler::GenerateLoadPostInterceptor(
     Register interceptor_reg,
     Handle<JSObject> interceptor_holder,
     Handle<Name> name,
     LookupResult* lookup) {
-  Label success;
   Handle<JSObject> holder(lookup->holder());
   if (lookup->IsField()) {
     PropertyIndex field = lookup->GetFieldIndex();
     if (interceptor_holder.is_identical_to(holder)) {
       GenerateLoadField(
           interceptor_reg, holder, field, lookup->representation());
     } else {
       // We found FIELD property in prototype chain of interceptor's holder.
       // Retrieve a field from field's holder.
       Register reg = HandlerFrontend(
-          interceptor_holder, interceptor_reg, holder, name, &success);
-      __ bind(&success);
+          interceptor_holder, interceptor_reg, holder, name);
       GenerateLoadField(
           reg, holder, field, lookup->representation());
     }
   } else {
     // We found CALLBACKS property in prototype chain of interceptor's
     // holder.
     ASSERT(lookup->type() == CALLBACKS);
     Handle<ExecutableAccessorInfo> callback(
         ExecutableAccessorInfo::cast(lookup->GetCallbackObject()));
     ASSERT(callback->getter() != NULL);
 
     Register reg = CallbackHandlerFrontend(
-        interceptor_holder, interceptor_reg, holder, name, &success, callback);
-    __ bind(&success);
+        interceptor_holder, interceptor_reg, holder, name, callback);
     GenerateLoadCallback(reg, callback);
   }
 }
 
 
 Handle<Code> BaseLoadStoreStubCompiler::CompileMonomorphicIC(
-    Handle<Map> receiver_map,
+    Handle<Type> type,
     Handle<Code> handler,
     Handle<Name> name) {
-  MapHandleList receiver_maps(1);
-  receiver_maps.Add(receiver_map);
+  TypeHandleList types(1);
   CodeHandleList handlers(1);
+  types.Add(type);
   handlers.Add(handler);
-  Code::StubType type = handler->type();
-  return CompilePolymorphicIC(&receiver_maps, &handlers, name, type, PROPERTY);
+  Code::StubType stub_type = handler->type();
+  return CompilePolymorphicIC(&types, &handlers, name, stub_type, PROPERTY);
 }
 
 
 Handle<Code> LoadStubCompiler::CompileLoadViaGetter(
-    Handle<JSObject> object,
+    Handle<Object> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     Handle<JSFunction> getter) {
-  Label success;
-  HandlerFrontend(object, receiver(), holder, name, &success);
-
-  __ bind(&success);
+  HandlerFrontend(object, receiver(), holder, name);
   GenerateLoadViaGetter(masm(), receiver(), getter);
 
   // Return the generated code.
-  return GetCode(kind(), Code::CALLBACKS, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> StoreStubCompiler::CompileStoreTransition(
     Handle<JSObject> object,
     LookupResult* lookup,
     Handle<Map> transition,
     Handle<Name> name) {
   Label miss, slow;
 
@@ skipping 36 matching lines @@
                           &slow);
 
   // Handle store cache miss.
   GenerateRestoreName(masm(), &miss, name);
   TailCallBuiltin(masm(), MissBuiltin(kind()));
 
   GenerateRestoreName(masm(), &slow, name);
   TailCallBuiltin(masm(), SlowBuiltin(kind()));
 
   // Return the generated code.
-  return GetCode(kind(), Code::TRANSITION, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> StoreStubCompiler::CompileStoreField(Handle<JSObject> object,
                                                   LookupResult* lookup,
                                                   Handle<Name> name) {
   Label miss;
 
   HandlerFrontendHeader(object, receiver(), object, name, &miss);
 
   // Generate store field code.
   GenerateStoreField(masm(),
                      object,
                      lookup,
                      receiver(), this->name(), value(), scratch1(), scratch2(),
                      &miss);
 
   // Handle store cache miss.
   __ bind(&miss);
   TailCallBuiltin(masm(), MissBuiltin(kind()));
 
   // Return the generated code.
-  return GetCode(kind(), Code::FIELD, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
     Handle<JSObject> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     Handle<JSFunction> setter) {
-  Label success;
-  HandlerFrontend(object, receiver(), holder, name, &success);
-
-  __ bind(&success);
+  HandlerFrontend(object, receiver(), holder, name);
   GenerateStoreViaSetter(masm(), setter);
 
-  return GetCode(kind(), Code::CALLBACKS, name);
+  return GetCode(kind(), Code::FAST, name);
 }
 
 
 Handle<Code> KeyedLoadStubCompiler::CompileLoadElement(
     Handle<Map> receiver_map) {
   ElementsKind elements_kind = receiver_map->elements_kind();
   if (receiver_map->has_fast_elements() ||
       receiver_map->has_external_array_elements()) {
     Handle<Code> stub = KeyedLoadFastElementStub(
         receiver_map->instance_type() == JS_ARRAY_TYPE,
         elements_kind).GetCode(isolate());
     __ DispatchMap(receiver(), scratch1(), receiver_map, stub, DO_SMI_CHECK);
   } else {
-    Handle<Code> stub =
-        KeyedLoadDictionaryElementStub().GetCode(isolate());
+    Handle<Code> stub = FLAG_compiled_keyed_dictionary_loads
+        ? KeyedLoadDictionaryElementStub().GetCode(isolate())
+        : KeyedLoadDictionaryElementPlatformStub().GetCode(isolate());
     __ DispatchMap(receiver(), scratch1(), receiver_map, stub, DO_SMI_CHECK);
   }
 
   TailCallBuiltin(masm(), Builtins::kKeyedLoadIC_Miss);
 
   // Return the generated code.
   return GetICCode(kind(), Code::NORMAL, factory()->empty_string());
 }
 
 
@@ skipping 71 matching lines @@
   PROFILE(isolate(), CodeCreateEvent(log_kind(code), *code, *name));
   JitEvent(name, code);
   return code;
 }
 
 
 Handle<Code> BaseLoadStoreStubCompiler::GetCode(Code::Kind kind,
                                                 Code::StubType type,
                                                 Handle<Name> name) {
   Code::Flags flags = Code::ComputeFlags(
-      Code::HANDLER, MONOMORPHIC, extra_state(), type, kind);
+      Code::HANDLER, MONOMORPHIC, extra_state(), type, kind, cache_holder_);
   Handle<Code> code = GetCodeWithFlags(flags, name);
   PROFILE(isolate(), CodeCreateEvent(log_kind(code), *code, *name));
   JitEvent(name, code);
   return code;
 }
 
 
 void KeyedLoadStubCompiler::CompileElementHandlers(MapHandleList* receiver_maps,
                                                    CodeHandleList* handlers) {
   for (int i = 0; i < receiver_maps->length(); ++i) {
@@ skipping 147 matching lines @@
                             holder,
                             cell,
                             function,
                             fname);
 }
 
 
 Handle<Code> CallStubCompiler::GetCode(Code::StubType type,
                                        Handle<Name> name) {
   int argc = arguments_.immediate();
-  Code::Flags flags = Code::ComputeMonomorphicFlags(kind_,
-                                                    extra_state_,
-                                                    type,
-                                                    argc,
-                                                    cache_holder_);
+  Code::Flags flags = Code::ComputeMonomorphicFlags(
+      kind_, extra_state_, cache_holder_, type, argc);
   return GetCodeWithFlags(flags, name);
 }
 
 
 Handle<Code> CallStubCompiler::GetCode(Handle<JSFunction> function) {
   Handle<String> function_name;
   if (function->shared()->name()->IsString()) {
     function_name = Handle<String>(String::cast(function->shared()->name()));
   }
-  return GetCode(Code::CONSTANT, function_name);
+  return GetCode(Code::FAST, function_name);
 }
 
 
 CallOptimization::CallOptimization(LookupResult* lookup) {
   if (lookup->IsFound() &&
       lookup->IsCacheable() &&
       lookup->IsConstantFunction()) {
     // We only optimize constant function calls.
     Initialize(Handle<JSFunction>(lookup->GetConstantFunction()));
   } else {
     Initialize(Handle<JSFunction>::null());
   }
 }
 
 
 CallOptimization::CallOptimization(Handle<JSFunction> function) {
   Initialize(function);
 }
 
 
 int CallOptimization::GetPrototypeDepthOfExpectedType(
     Handle<JSObject> object,
     Handle<JSObject> holder) const {
   ASSERT(is_simple_api_call());
   if (expected_receiver_type_.is_null()) return 0;
   int depth = 0;
   while (!object.is_identical_to(holder)) {
-    if (object->IsInstanceOf(*expected_receiver_type_)) return depth;
+    if (expected_receiver_type_->IsTemplateFor(object->map())) return depth;
     object = Handle<JSObject>(JSObject::cast(object->GetPrototype()));
     if (!object->map()->is_hidden_prototype()) return kInvalidProtoDepth;
     ++depth;
   }
-  if (holder->IsInstanceOf(*expected_receiver_type_)) return depth;
+  if (expected_receiver_type_->IsTemplateFor(holder->map())) return depth;
   return kInvalidProtoDepth;
 }
 
 
 void CallOptimization::Initialize(Handle<JSFunction> function) {
   constant_function_ = Handle<JSFunction>::null();
   is_simple_api_call_ = false;
   expected_receiver_type_ = Handle<FunctionTemplateInfo>::null();
   api_call_info_ = Handle<CallHandlerInfo>::null();
 
@@ skipping 24 matching lines @@
           Handle<FunctionTemplateInfo>(
               FunctionTemplateInfo::cast(signature->receiver()));
     }
   }
 
   is_simple_api_call_ = true;
 }
 
 
 } }  // namespace v8::internal