A64: Synchronize with r18084.

src/a64/stub-cache-a64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 686 matching lines @@
 void StoreStubCompiler::GenerateRestoreName(MacroAssembler* masm,
                                             Label* label,
                                             Handle<Name> name) {
   if (!label->is_unused()) {
     __ Bind(label);
     __ Mov(this->name(), Operand(name));
   }
 }
 
 
-void StubCompiler::GenerateCheckPropertyCells(MacroAssembler* masm,
-                                              Handle<JSObject> object,
-                                              Handle<JSObject> holder,
-                                              Handle<Name> name,
-                                              Register scratch1,
-                                              Label* miss) {
-  Handle<JSObject> current = object;
-  while (!current.is_identical_to(holder)) {
-    if (current->IsJSGlobalObject()) {
-      // TODO(all): GenerateCheckPropertyCell loads the hole (root value) every
-      // time. Hoist that out, and load it once at the start.
-      GenerateCheckPropertyCell(masm,
-                                Handle<JSGlobalObject>::cast(current),
-                                name,
-                                scratch1,
-                                miss);
-    }
-    current = Handle<JSObject>(JSObject::cast(current->GetPrototype()));
-  }
-}
-
-
 // The function to called must be passed in x1.
 static void GenerateCallFunction(MacroAssembler* masm,
                                  Handle<Object> object,
                                  const ParameterCount& arguments,
                                  Label* miss,
                                  Code::ExtraICState extra_ic_state,
                                  Register function,
                                  Register receiver,
                                  Register scratch) {
   ASSERT(!AreAliased(function, receiver, scratch));
@@ skipping 37 matching lines @@
   __ Mov(scratch, Operand(interceptor));
   __ Push(scratch, receiver, holder);
 }
 
 
 static void CompileCallLoadPropertyWithInterceptor(
     MacroAssembler* masm,
     Register receiver,
     Register holder,
     Register name,
-    Handle<JSObject> holder_obj) {
+    Handle<JSObject> holder_obj,
+    IC::UtilityId id) {
   PushInterceptorArguments(masm, receiver, holder, name, holder_obj);
 
-  ExternalReference ref =
-      ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorOnly),
-                        masm->isolate());
-  // Put the number of on-stack arguments for runtime call in x0.
-  // These arguemnts have been pushed by PushInterceptorArguments.
-  __ Mov(x0, StubCache::kInterceptorArgsLength);
-  __ Mov(x1, Operand(ref));
-
-  CEntryStub stub(1);
-  __ CallStub(&stub);
+  __ CallExternalReference(
+      ExternalReference(IC_Utility(id), masm->isolate()),
+      StubCache::kInterceptorArgsLength);
 }
 
 
 static const int kFastApiCallArguments = FunctionCallbackArguments::kArgsLength;
 
 // Reserves space for the extra arguments to API function in the
 // caller's frame.
 //
 // These arguments are set by CheckPrototypes and GenerateFastApiDirectCall.
 static void ReserveSpaceForFastApiCall(MacroAssembler* masm,
@@ skipping 230 matching lines @@
       __ IncrementCounter(counters->call_const_interceptor_fast_api(), 1,
                           scratch1, scratch2);
       ReserveSpaceForFastApiCall(masm, scratch1);
     }
 
     // Check that the maps from receiver to interceptor's holder
     // haven't changed and thus we can invoke interceptor.
     Label miss_cleanup;
     Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
     Register holder =
-        stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
-                                        scratch1, scratch2, scratch3,
-                                        name, depth1, miss);
+        stub_compiler_->CheckPrototypes(
+            IC::CurrentTypeOf(object, masm->isolate()), receiver,
+            interceptor_holder, scratch1, scratch2, scratch3,
+            name, depth1, miss);
 
     // Invoke an interceptor and if it provides a value,
     // branch to |regular_invoke|.
     Label regular_invoke;
     LoadWithInterceptor(masm, receiver, holder, interceptor_holder, scratch2,
                         &regular_invoke);
 
     // Interceptor returned nothing for this property.  Try to use cached
     // constant function.
 
     // Check that the maps from interceptor's holder to constant function's
     // holder haven't changed and thus we can use cached constant function.
     if (*interceptor_holder != lookup->holder()) {
-      stub_compiler_->CheckPrototypes(interceptor_holder, receiver,
-                                      Handle<JSObject>(lookup->holder()),
-                                      scratch1, scratch2, scratch3,
-                                      name, depth2, miss);
+      stub_compiler_->CheckPrototypes(
+          IC::CurrentTypeOf(interceptor_holder, masm->isolate()), receiver,
+          handle(lookup->holder()), scratch1, scratch2, scratch3,
+          name, depth2, miss);
     } else {
       // CheckPrototypes has a side effect of fetching a 'holder'
       // for API (object which is instanceof for the signature).  It's
       // safe to omit it here, as if present, it should be fetched
       // by the previous CheckPrototypes.
       ASSERT(depth2 == kInvalidProtoDepth);
     }
 
     // Invoke function.
     if (can_do_fast_api_call) {
@@ skipping 26 matching lines @@
   void CompileRegular(MacroAssembler* masm,
                       Handle<JSObject> object,
                       Register receiver,
                       Register scratch1,
                       Register scratch2,
                       Register scratch3,
                       Handle<Name> name,
                       Handle<JSObject> interceptor_holder,
                       Label* miss_label) {
     Register holder =
-        stub_compiler_->CheckPrototypes(object, receiver, interceptor_holder,
-                                        scratch1, scratch2, scratch3,
-                                        name, miss_label);
+        stub_compiler_->CheckPrototypes(
+            IC::CurrentTypeOf(object, masm->isolate()), receiver,
+            interceptor_holder, scratch1, scratch2, scratch3, name, miss_label);
 
     // Call a runtime function to load the interceptor property.
     FrameScope scope(masm, StackFrame::INTERNAL);
     // The name_ register must be preserved across the call.
     __ Push(name_);
-    PushInterceptorArguments(masm, receiver, holder, name_, interceptor_holder);
-    __ CallExternalReference(
-        ExternalReference(IC_Utility(IC::kLoadPropertyWithInterceptorForCall),
-                          masm->isolate()),
-        StubCache::kInterceptorArgsLength);
+
+    CompileCallLoadPropertyWithInterceptor(
+        masm, receiver, holder, name_, interceptor_holder,
+        IC::kLoadPropertyWithInterceptorForCall);
+
     __ Pop(name_);
   }
 
 
   void LoadWithInterceptor(MacroAssembler* masm,
                            Register receiver,
                            Register holder,
                            Handle<JSObject> holder_obj,
                            Register scratch,
                            Label* interceptor_succeeded) {
     {
       FrameScope scope(masm, StackFrame::INTERNAL);
       __ Push(holder, name_);
-      CompileCallLoadPropertyWithInterceptor(masm,
-                                             receiver,
-                                             holder,
-                                             name_,
-                                             holder_obj);
+      CompileCallLoadPropertyWithInterceptor(
+          masm, receiver, holder, name_, holder_obj,
+          IC::kLoadPropertyWithInterceptorOnly);
       __ Pop(name_, receiver);
     }
 
     // If interceptor returns no-result sentinel, call the constant function.
     __ JumpIfNotRoot(x0,
                      Heap::kNoInterceptorResultSentinelRootIndex,
                      interceptor_succeeded);
   }
 
   StubCompiler* stub_compiler_;
   const ParameterCount& arguments_;
   Register name_;
   Code::ExtraICState extra_ic_state_;
 };
 
 
 void StubCompiler::GenerateTailCall(MacroAssembler* masm, Handle<Code> code) {
   __ Jump(code, RelocInfo::CODE_TARGET);
 }
 
 
 #undef __
 #define __ ACCESS_MASM(masm())
 
 
-Register StubCompiler::CheckPrototypes(Handle<JSObject> object,
+Register StubCompiler::CheckPrototypes(Handle<Type> type,
                                        Register object_reg,
                                        Handle<JSObject> holder,
                                        Register holder_reg,
                                        Register scratch1,
                                        Register scratch2,
                                        Handle<Name> name,
                                        int save_at_depth,
                                        Label* miss,
                                        PrototypeCheckType check) {
+  Handle<Map> receiver_map(IC::TypeToMap(*type, isolate()));
   // Make sure that the type feedback oracle harvests the receiver map.
   // TODO(svenpanne) Remove this hack when all ICs are reworked.
-  __ Mov(scratch1, Operand(Handle<Map>(object->map())));
-
-  Handle<JSObject> first = object;
+  __ Mov(scratch1, Operand(receiver_map));
 
   // object_reg and holder_reg registers can alias.
   ASSERT(!AreAliased(object_reg, scratch1, scratch2));
   ASSERT(!AreAliased(holder_reg, scratch1, scratch2));
 
   // Keep track of the current object in register reg.
   Register reg = object_reg;
   int depth = 0;
 
   typedef FunctionCallbackArguments FCA;
   if (save_at_depth == depth) {
     __ Poke(reg, FCA::kHolderIndex * kPointerSize);
   }
 
-  // Check the maps in the prototype chain.
-  // Traverse the prototype chain from the object and do map checks.
-  Handle<JSObject> current = object;
-  while (!current.is_identical_to(holder)) {
+  Handle<JSObject> current = Handle<JSObject>::null();
+  if (type->IsConstant()) {
+    current = Handle<JSObject>::cast(type->AsConstant());
+  }
+  Handle<JSObject> prototype = Handle<JSObject>::null();
+  Handle<Map> current_map = receiver_map;
+  Handle<Map> holder_map(holder->map());
+  // Traverse the prototype chain and check the maps in the prototype chain for
+  // fast and global objects or do negative lookup for normal objects.
+  while (!current_map.is_identical_to(holder_map)) {
     ++depth;
 
     // Only global objects and objects that do not require access
     // checks are allowed in stubs.
-    ASSERT(current->IsJSGlobalProxy() || !current->IsAccessCheckNeeded());
+    ASSERT(current_map->IsJSGlobalProxyMap() ||
+           !current_map->is_access_check_needed());
 
-    Handle<JSObject> prototype(JSObject::cast(current->GetPrototype()));
-    if (!current->HasFastProperties() &&
-        !current->IsJSGlobalObject() &&
-        !current->IsJSGlobalProxy()) {
+    prototype = handle(JSObject::cast(current_map->prototype()));
+    if (current_map->is_dictionary_map() &&
+        !current_map->IsJSGlobalObjectMap() &&
+        !current_map->IsJSGlobalProxyMap()) {
       if (!name->IsUniqueName()) {
         ASSERT(name->IsString());
         name = factory()->InternalizeString(Handle<String>::cast(name));
       }
-      ASSERT(current->property_dictionary()->FindEntry(*name) ==
-             NameDictionary::kNotFound);
+      ASSERT(current.is_null() ||
+             (current->property_dictionary()->FindEntry(*name) ==
+              NameDictionary::kNotFound));
 
       GenerateDictionaryNegativeLookup(masm(), miss, reg, name,
                                        scratch1, scratch2);
 
       __ Ldr(scratch1, FieldMemOperand(reg, HeapObject::kMapOffset));
       reg = holder_reg;  // From now on the object will be in holder_reg.
       __ Ldr(reg, FieldMemOperand(scratch1, Map::kPrototypeOffset));
     } else {
       Register map_reg = scratch1;
       // TODO(jbramley): Skip this load when we don't need the map.
       __ Ldr(map_reg, FieldMemOperand(reg, HeapObject::kMapOffset));
 
-      if (!current.is_identical_to(first) || (check == CHECK_ALL_MAPS)) {
-        Handle<Map> current_map(current->map());
+      if (depth != 1 || check == CHECK_ALL_MAPS) {
         __ CheckMap(map_reg, current_map, miss, DONT_DO_SMI_CHECK);
       }
 
       // Check access rights to the global object.  This has to happen after
       // the map check so that we know that the object is actually a global
       // object.
-      if (current->IsJSGlobalProxy()) {
+      if (current_map->IsJSGlobalProxyMap()) {
         __ CheckAccessGlobalProxy(reg, scratch2, miss);
+      } else if (current_map->IsJSGlobalObjectMap()) {
+        GenerateCheckPropertyCell(
+            masm(), Handle<JSGlobalObject>::cast(current), name,
+            scratch2, miss);
       }
+
       reg = holder_reg;  // From now on the object will be in holder_reg.
 
       if (heap()->InNewSpace(*prototype)) {
         // The prototype is in new space; we cannot store a reference to it
         // in the code.  Load it from the map.
         __ Ldr(reg, FieldMemOperand(map_reg, Map::kPrototypeOffset));
       } else {
         // The prototype is in old space; load it directly.
         __ Mov(reg, Operand(prototype));
       }
     }
 
     if (save_at_depth == depth) {
       __ Poke(reg, FCA::kHolderIndex * kPointerSize);
     }
 
     // Go to the next object in the prototype chain.
     current = prototype;
+    current_map = handle(current->map());
   }
 
   // Log the check depth.
   LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
 
   // Check the holder map.
-  if (!holder.is_identical_to(first) || check == CHECK_ALL_MAPS) {
+  if (depth != 0 || check == CHECK_ALL_MAPS) {
     // Check the holder map.
-    __ CheckMap(reg, scratch1, Handle<Map>(current->map()), miss,
-                DONT_DO_SMI_CHECK);
+    __ CheckMap(reg, scratch1, current_map, miss, DONT_DO_SMI_CHECK);
   }
 
   // Perform security check for access to the global object.
-  ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
-  if (holder->IsJSGlobalProxy()) {
+  ASSERT(current_map->IsJSGlobalProxyMap() ||
+         !current_map->is_access_check_needed());
+  if (current_map->IsJSGlobalProxyMap()) {
     __ CheckAccessGlobalProxy(reg, scratch1, miss);
   }
 
-  // If we've skipped any global objects, it's not enough to verify that
-  // their maps haven't changed.  We also need to check that the property
-  // cell for the property is still empty.
-  GenerateCheckPropertyCells(masm(), object, holder, name, scratch1, miss);
-
   // Return the register containing the holder.
   return reg;
 }
 
 
 void LoadStubCompiler::HandlerFrontendFooter(Handle<Name> name, Label* miss) {
   if (!miss->is_unused()) {
     Label success;
     __ B(&success);
 
@@ skipping 11 matching lines @@
     __ B(&success);
 
     GenerateRestoreName(masm(), miss, name);
     TailCallBuiltin(masm(), MissBuiltin(kind()));
 
     __ Bind(&success);
   }
 }
 
 
-Register LoadStubCompiler::CallbackHandlerFrontend(Handle<Object> object,
+Register LoadStubCompiler::CallbackHandlerFrontend(Handle<Type> type,
                                                    Register object_reg,
                                                    Handle<JSObject> holder,
                                                    Handle<Name> name,
                                                    Handle<Object> callback) {
   Label miss;
 
-  Register reg = HandlerFrontendHeader(object, object_reg, holder, name, &miss);
+  Register reg = HandlerFrontendHeader(type, object_reg, holder, name, &miss);
 
   // TODO(jbramely): HandlerFrontendHeader returns its result in scratch1(), so
   // we can't use it below, but that isn't very obvious. Is there a better way
   // of handling this?
 
   if (!holder->HasFastProperties() && !holder->IsJSGlobalObject()) {
     ASSERT(!AreAliased(reg, scratch2(), scratch3(), scratch4()));
 
     // Load the properties dictionary.
     Register dictionary = scratch4();
@@ skipping 204 matching lines @@
     {
       FrameScope frame_scope(masm(), StackFrame::INTERNAL);
       if (must_preserve_receiver_reg) {
         __ Push(receiver(), holder_reg, this->name());
       } else {
         __ Push(holder_reg, this->name());
       }
       // Invoke an interceptor.  Note: map checks from receiver to
       // interceptor's holder has been compiled before (see a caller
       // of this method.)
-      CompileCallLoadPropertyWithInterceptor(masm(),
-                                             receiver(),
-                                             holder_reg,
-                                             this->name(),
-                                             interceptor_holder);
+      CompileCallLoadPropertyWithInterceptor(
+          masm(), receiver(), holder_reg, this->name(), interceptor_holder,
+          IC::kLoadPropertyWithInterceptorOnly);
+
       // Check if interceptor provided a value for property.  If it's
       // the case, return immediately.
       Label interceptor_failed;
       __ JumpIfRoot(x0,
                     Heap::kNoInterceptorResultSentinelRootIndex,
                     &interceptor_failed);
       frame_scope.GenerateLeaveFrame();
       __ Ret();
 
       __ Bind(&interceptor_failed);
@@ skipping 37 matching lines @@
   ASSERT(holder->IsGlobalObject());
 
   const int argc = arguments().immediate();
 
   // Get the receiver from the stack.
   Register receiver = x0;
   __ Peek(receiver, argc * kPointerSize);
 
   // Check that the maps haven't changed.
   __ JumpIfSmi(receiver, miss);
-  CheckPrototypes(object, receiver, holder, x3, x1, x4, name, miss);
+  CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                  receiver, holder, x3, x1, x4, name, miss);
 }
 
 
 // Load the function object into x1 register.
 void CallStubCompiler::GenerateLoadFunctionFromCell(
     Handle<Cell> cell,
     Handle<JSFunction> function,
     Label* miss) {
   // Get the value from the cell.
   __ Mov(x3, Operand(cell));
@@ skipping 45 matching lines @@
   GenerateNameCheck(name, &miss);
 
   // Get the receiver of the function from the stack.
   Register receiver = x0;
   __ Peek(receiver, argc * kXRegSizeInBytes);
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(receiver, &miss);
 
   // Do the right check and compute the holder register.
   Register holder_reg = CheckPrototypes(
-      object, receiver, holder, x1, x3, x4, name, &miss);
+      IC::CurrentTypeOf(object, isolate()),
+      receiver, holder, x1, x3, x4, name, &miss);
   Register function = x1;
   GenerateFastPropertyLoad(masm(), function, holder_reg,
                            index.is_inobject(holder),
                            index.translate(holder),
                            Representation::Tagged());
 
   GenerateCallFunction(
       masm(), object, arguments(), &miss, extra_state_, function, receiver, x3);
 
   // Handle call cache miss.
@@ skipping 26 matching lines @@
   GenerateNameCheck(name, &miss);
 
   Register receiver = x1;
   if (cell.is_null()) {
     __ Peek(receiver, argc * kPointerSize);
 
     // Check that the receiver isn't a smi.
     __ JumpIfSmi(receiver, &miss);
 
     // Check that the maps haven't changed.
-    CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder, x3, x0,
-                    x4, name, &miss);
+    CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                    receiver, holder, x3, x0, x4, name, &miss);
   } else {
     ASSERT(cell->value() == *function);
     GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
                                 &miss);
     GenerateLoadFunctionFromCell(cell, function, &miss);
   }
 
   Handle<AllocationSite> site = isolate()->factory()->NewAllocationSite();
   site->SetElementsKind(GetInitialFastElementsKind());
   Handle<Cell> site_feedback_cell = isolate()->factory()->NewCell(site);
@@ skipping 41 matching lines @@
   GenerateNameCheck(name, &miss);
 
   // Get the receiver from the stack
   Register receiver = x1;
   __ Peek(receiver, argc * kPointerSize);
 
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(receiver, &miss);
 
   // Check that the maps haven't changed.
-  CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder, x3, x0, x4,
-                  name, &miss);
+  CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                  receiver, holder, x3, x0, x4, name, &miss);
 
   if (argc == 0) {
     // Nothing to do, just return the length.
     __ Ldr(result, FieldMemOperand(receiver, JSArray::kLengthOffset));
     __ Drop(argc + 1);
     __ Ret();
   } else {
     Label call_builtin;
 
     if (argc == 1) {  // Otherwise fall through to call the builtin.
@@ skipping 251 matching lines @@
 
   GenerateNameCheck(name, &miss);
 
   // Get the receiver from the stack
   Register receiver = x1;
   __ Peek(receiver, argc * kPointerSize);
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(receiver, &miss);
 
   // Check that the maps haven't changed.
-  CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder,
-                  x3, x4, x0, name, &miss);
+  CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                  receiver, holder, x3, x4, x0, name, &miss);
 
   // Get the elements array of the object.
   Register elements = x3;
   __ Ldr(elements, FieldMemOperand(receiver, JSArray::kElementsOffset));
 
   // Check that the elements are in fast mode and writable.
   __ CheckMap(elements,
               x0,
               Heap::kFixedArrayMapRootIndex,
               &call_builtin,
@@ skipping 64 matching lines @@
   Label* index_out_of_range_label = &index_out_of_range;
 
   if (kind_ == Code::CALL_IC &&
       (CallICBase::StringStubState::decode(extra_state_) ==
        DEFAULT_STRING_STUB)) {
     index_out_of_range_label = &miss;
   }
   GenerateNameCheck(name, &name_miss);
 
   // Check that the maps starting from the prototype haven't changed.
-  Register prototype = x0;
+  Register prototype_reg = x0;
   GenerateDirectLoadGlobalFunctionPrototype(masm(),
                                             Context::STRING_FUNCTION_INDEX,
-                                            prototype,
+                                            prototype_reg,
                                             &miss);
   ASSERT(!object.is_identical_to(holder));
-  CheckPrototypes(
-      Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
-      prototype, holder, x1, x3, x4, name, &miss);
+  Handle<JSObject> prototype(JSObject::cast(object->GetPrototype(isolate())));
+  CheckPrototypes(IC::CurrentTypeOf(prototype, isolate()),
+                  prototype_reg, holder, x1, x3, x4, name, &miss);
 
   Register result = x0;
   Register receiver = x1;
   Register index = x4;
 
   __ Peek(receiver, argc * kPointerSize);
   if (argc > 0) {
     __ Peek(index, (argc - 1) * kPointerSize);
   } else {
     __ LoadRoot(index, Heap::kUndefinedValueRootIndex);
@@ skipping 56 matching lines @@
   Label* index_out_of_range_label = &index_out_of_range;
 
   if (kind_ == Code::CALL_IC &&
       (CallICBase::StringStubState::decode(extra_state_) ==
        DEFAULT_STRING_STUB)) {
     index_out_of_range_label = &miss;
   }
   GenerateNameCheck(name, &name_miss);
 
   // Check that the maps starting from the prototype haven't changed.
-  Register prototype = x0;
+  Register prototype_reg = x0;
   GenerateDirectLoadGlobalFunctionPrototype(masm(),
                                             Context::STRING_FUNCTION_INDEX,
-                                            prototype,
+                                            prototype_reg,
                                             &miss);
   ASSERT(!object.is_identical_to(holder));
-  CheckPrototypes(
-      Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
-      prototype, holder, x1, x3, x4, name, &miss);
+  Handle<JSObject> prototype(JSObject::cast(object->GetPrototype(isolate())));
+  CheckPrototypes(IC::CurrentTypeOf(prototype, isolate()),
+                  prototype_reg, holder, x1, x3, x4, name, &miss);
 
   Register receiver = x0;
   Register index = x4;
   Register scratch = x3;
   Register result = x0;
 
   __ Peek(receiver, argc * kPointerSize);
   if (argc > 0) {
     __ Peek(index, (argc - 1) * kPointerSize);
   } else {
@@ skipping 54 matching lines @@
   if (!object->IsJSObject() || argc != 1) return Handle<Code>::null();
 
   Label miss;
   GenerateNameCheck(name, &miss);
 
   if (cell.is_null()) {
     Register receiver = x1;
     __ Peek(receiver, kPointerSize);
     __ JumpIfSmi(receiver, &miss);
 
-    CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder,
-                    x0, x3, x4, name, &miss);
+    CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                    receiver, holder, x0, x3, x4, name, &miss);
   } else {
     ASSERT(cell->value() == *function);
     GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
                                 &miss);
     GenerateLoadFunctionFromCell(cell, function, &miss);
   }
 
   // Load the char code argument.
   Register code = x1;
   __ Peek(code, 0);
@@ skipping 51 matching lines @@
   // If the object is not a JSObject or we got an unexpected number of
   // arguments, bail out to the regular call.
   if (!object->IsJSObject() || argc != 1) return Handle<Code>::null();
 
   GenerateNameCheck(name, &miss);
 
   if (cell.is_null()) {
     Register receiver = x1;
     __ Peek(receiver, kPointerSize);
     __ JumpIfSmi(receiver, &miss);
-    CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder,
-                    x0, x3, x4, name, &miss);
+    CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                    receiver, holder, x0, x3, x4, name, &miss);
   } else {
     ASSERT(cell->value() == *function);
     GenerateGlobalReceiverCheck(
         Handle<JSObject>::cast(object), holder, name, &miss);
     GenerateLoadFunctionFromCell(cell, function, &miss);
   }
 
   // Load the (only) argument.
   Register arg = x0;
   __ Peek(arg, 0);
@@ skipping 94 matching lines @@
   if (!object->IsJSObject() || argc != 1) return Handle<Code>::null();
 
   Register result = x0;
   Label miss, slow;
   GenerateNameCheck(name, &miss);
 
   if (cell.is_null()) {
     Register receiver = x1;
     __ Peek(receiver, kPointerSize);
     __ JumpIfSmi(receiver, &miss);
-    CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder,
-                    x0, x3, x4, name, &miss);
+    CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                    receiver, holder, x0, x3, x4, name, &miss);
   } else {
     ASSERT(cell->value() == *function);
     GenerateGlobalReceiverCheck(Handle<JSObject>::cast(object), holder, name,
                                 &miss);
     GenerateLoadFunctionFromCell(cell, function, &miss);
   }
 
   // Load the (only) argument.
   Register arg = x0;
   __ Peek(arg, 0);
@@ skipping 73 matching lines @@
 
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(receiver, &miss_before_stack_reserved);
 
   __ IncrementCounter(counters->call_const(), 1, x0, x3);
   __ IncrementCounter(counters->call_const_fast_api(), 1, x0, x3);
 
   ReserveSpaceForFastApiCall(masm(), x0);
 
   // Check that the maps haven't changed and find a Holder as a side effect.
-  CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder, x0, x3, x4,
-                  name, depth, &miss);
+  CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                  receiver, holder, x0, x3, x4, name, depth, &miss);
 
   GenerateFastApiDirectCall(masm(), optimization, argc, false);
 
   __ Bind(&miss);
   FreeSpaceForFastApiCall(masm());
 
   __ Bind(&miss_before_stack_reserved);
   GenerateMissBranch();
 
   // Return the generated code.
@@ skipping 34 matching lines @@
 
   // Make sure that it's okay not to patch the on stack receiver
   // unless we're doing a receiver map check.
   ASSERT(!object->IsGlobalObject() || check == RECEIVER_MAP_CHECK);
 
   switch (check) {
     case RECEIVER_MAP_CHECK: {
       __ IncrementCounter(isolate()->counters()->call_const(), 1, x0, x3);
 
       // Check that the maps haven't changed.
-      CheckPrototypes(Handle<JSObject>::cast(object), receiver, holder,
-                      x0, x3, x4, name, &miss);
+      CheckPrototypes(IC::CurrentTypeOf(object, isolate()),
+                      receiver, holder, x0, x3, x4, name, &miss);
 
       // Patch the receiver on the stack with the global proxy if necessary.
       if (object->IsGlobalObject()) {
         __ Ldr(x3,
                FieldMemOperand(receiver, GlobalObject::kGlobalReceiverOffset));
         __ Poke(x3,  argc * kPointerSize);
       }
       break;
     }
     case STRING_CHECK: {
       // Check that the object is a string.
       __ JumpIfObjectType(receiver, x3, x3, FIRST_NONSTRING_TYPE, &miss, ge);
       // Check that the maps starting from the prototype haven't changed.
-      Register prototype = x0;
+      Register prototype_reg = x0;
       GenerateDirectLoadGlobalFunctionPrototype(
-          masm(), Context::STRING_FUNCTION_INDEX, prototype, &miss);
+          masm(), Context::STRING_FUNCTION_INDEX, prototype_reg, &miss);
+      Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
       CheckPrototypes(
-          Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
-          prototype, holder, x3, x1, x4, name, &miss);
+          IC::CurrentTypeOf(prototype, isolate()),
+          prototype_reg, holder, x3, x1, x4, name, &miss);
       break;
     }
     case SYMBOL_CHECK: {
       // Check that the object is a symbol.
       __ JumpIfNotObjectType(receiver, x3, x3, SYMBOL_TYPE, &miss);
       // Check that the maps starting from the prototype haven't changed.
-      Register prototype = x0;
+      Register prototype_reg = x0;
       GenerateDirectLoadGlobalFunctionPrototype(
-          masm(), Context::SYMBOL_FUNCTION_INDEX, prototype, &miss);
+          masm(), Context::SYMBOL_FUNCTION_INDEX, prototype_reg, &miss);
+      Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
       CheckPrototypes(
-          Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
-          prototype, holder, x3, x1, x4, name, &miss);
+          IC::CurrentTypeOf(prototype, isolate()),
+          prototype_reg, holder, x3, x1, x4, name, &miss);
       break;
     }
     case NUMBER_CHECK: {
       Label fast;
       // Check that the object is a smi or a heap number.
       __ JumpIfSmi(receiver, &fast);
       __ JumpIfNotObjectType(receiver, x0, x0, HEAP_NUMBER_TYPE, &miss);
 
       __ Bind(&fast);
       // Check that the maps starting from the prototype haven't changed.
-      Register prototype = x0;
+      Register prototype_reg = x0;
       GenerateDirectLoadGlobalFunctionPrototype(
-          masm(), Context::NUMBER_FUNCTION_INDEX, prototype, &miss);
+          masm(), Context::NUMBER_FUNCTION_INDEX, prototype_reg, &miss);
+      Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
       CheckPrototypes(
-          Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
-          prototype, holder, x3, x1, x4, name, &miss);
+          IC::CurrentTypeOf(prototype, isolate()),
+          prototype_reg, holder, x3, x1, x4, name, &miss);
       break;
     }
     case BOOLEAN_CHECK: {
       GenerateBooleanCheck(receiver, &miss);
 
       // Check that the maps starting from the prototype haven't changed.
-      Register prototype = x0;
+      Register prototype_reg = x0;
       GenerateDirectLoadGlobalFunctionPrototype(
-          masm(), Context::BOOLEAN_FUNCTION_INDEX, prototype, &miss);
+          masm(), Context::BOOLEAN_FUNCTION_INDEX, prototype_reg, &miss);
+      Handle<Object> prototype(object->GetPrototype(isolate()), isolate());
       CheckPrototypes(
-          Handle<JSObject>(JSObject::cast(object->GetPrototype(isolate()))),
-          prototype, holder, x3, x1, x4, name, &miss);
+          IC::CurrentTypeOf(prototype, isolate()),
+          prototype_reg, holder, x3, x1, x4, name, &miss);
       break;
     }
   }
 
   Label success;
   __ B(&success);
 
   // Handle call cache miss.
   __ Bind(&miss);
   GenerateMissBranch();
@@ skipping 142 matching lines @@
   return GetCode(Code::NORMAL, name);
 }
 
 
 Handle<Code> StoreStubCompiler::CompileStoreCallback(
     Handle<JSObject> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     Handle<ExecutableAccessorInfo> callback) {
   ASM_LOCATION("StoreStubCompiler::CompileStoreCallback");
-  HandlerFrontend(object, receiver(), holder, name);
+  HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
+                  receiver(), holder, name);
 
   // Stub never generated for non-global objects that require access checks.
   ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
 
   __ Mov(scratch1(), Operand(callback));
   __ Mov(scratch2(), Operand(name));
   __ Push(receiver(), scratch1(), scratch2(), value());
 
   // Do tail-call to the runtime system.
   ExternalReference store_callback_property =
@@ skipping 84 matching lines @@
 
   // Handle store cache miss.
   __ Bind(&miss);
   TailCallBuiltin(masm(), MissBuiltin(kind()));
 
   // Return the generated code.
   return GetCode(kind(), Code::FAST, name);
 }
 
 
-Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
-    Handle<Object> object,
-    Handle<JSObject> last,
-    Handle<Name> name,
-    Handle<JSGlobalObject> global) {
-  NonexistentHandlerFrontend(object, last, name, global);
+Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<Type> type,
+                                                      Handle<JSObject> last,
+                                                      Handle<Name> name) {
+  NonexistentHandlerFrontend(type, last, name);
 
   // Return undefined if maps of the full prototype chain are still the
   // same and no global property with this name contains a value.
   __ LoadRoot(x0, Heap::kUndefinedValueRootIndex);
   __ Ret();
 
   // Return the generated code.
   return GetCode(kind(), Code::FAST, name);
 }
 
@@ skipping 75 matching lines @@
   }
   __ Ret();
 }
 
 
 #undef __
 #define __ ACCESS_MASM(masm())
 
 
 Handle<Code> LoadStubCompiler::CompileLoadGlobal(
-    Handle<Object> object,
+    Handle<Type> type,
     Handle<GlobalObject> global,
     Handle<PropertyCell> cell,
     Handle<Name> name,
     bool is_dont_delete) {
   Label miss;
 
-  HandlerFrontendHeader(object, receiver(), global, name, &miss);
+  HandlerFrontendHeader(type, receiver(), global, name, &miss);
 
   // Get the value from the cell.
   __ Mov(x3, Operand(cell));
   __ Ldr(x4, FieldMemOperand(x3, Cell::kValueOffset));
 
   // Check for deleted property if property can actually be deleted.
   if (!is_dont_delete) {
     __ JumpIfRoot(x4, Heap::kTheHoleValueRootIndex, &miss);
   }
 
@@ skipping 89 matching lines @@
   return GetICCode(
       kind(), Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
 }
 
 
 Handle<Code> StoreStubCompiler::CompileStoreCallback(
     Handle<JSObject> object,
     Handle<JSObject> holder,
     Handle<Name> name,
     const CallOptimization& call_optimization) {
-  HandlerFrontend(object, receiver(), holder, name);
+  HandlerFrontend(IC::CurrentTypeOf(object, isolate()),
+                  receiver(), holder, name);
 
   Register values[] = { value() };
   GenerateFastApiCall(
       masm(), call_optimization, receiver(), scratch3(), 1, values);
 
   // Return the generated code.
   return GetCode(kind(), Code::FAST, name);
 }
 
 
@@ skipping 25 matching lines @@
 
   // Miss case, call the runtime.
   __ Bind(&miss);
   TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Miss);
 }
 
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_A64