Elide hole checks on KeyedLoads of holey double arrays.

src/objects.cc

Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index d127d1bb8a095bd8d9c9ac6adbcf2572e30989fe..f3c15ab495bb28ef4cac87b8dd788d2204014a3d 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -3006,6 +3006,20 @@ Map* Map::LookupElementsTransitionMap(ElementsKind to_kind) {
 }
 
 
+bool Map::IsMapInArrayPrototypeChain() {
+  Isolate* isolate = GetIsolate();
+  if (isolate->initial_array_prototype()->map() == this) {
+    return true;
+  }
+
+  if (isolate->initial_object_prototype()->map() == this) {
+    return true;
+  }
+
+  return false;
+}
+
+
 static MaybeObject* AddMissingElementsTransitions(Map* map,
                                                   ElementsKind to_kind) {
   ASSERT(IsFastElementsKind(map->elements_kind()));
@@ -11151,6 +11165,18 @@ MaybeObject* JSObject::SetFastElement(uint32_t index,
   ASSERT(HasFastSmiOrObjectElements() ||
          HasFastArgumentsElements());
 
+  // Array optimizations rely on the prototype lookups of Array objects always
+  // returning undefined. If there is a store to the initial prototype object,
+  // make sure all of these optimizations are invalidated.
+  Isolate* isolate(GetIsolate());
+  if (isolate->is_initial_object_prototype(this) ||
+      isolate->is_initial_array_prototype(this)) {
+    HandleScope scope(GetIsolate());
+    map()->dependent_code()->DeoptimizeDependentCodeGroup(
+        GetIsolate(),
+        DependentCode::kElementsCantBeAddedGroup);
+  }
+
   FixedArray* backing_store = FixedArray::cast(elements());
   if (backing_store->map() == GetHeap()->non_strict_arguments_elements_map()) {
     backing_store = FixedArray::cast(backing_store->get(1));