MIPS: Fix `[proxies] fix access issue when having proxies on the prototype-chain of global objects.`

src/crankshaft/mips/lithium-codegen-mips.cc

Index: src/crankshaft/mips/lithium-codegen-mips.cc
diff --git a/src/crankshaft/mips/lithium-codegen-mips.cc b/src/crankshaft/mips/lithium-codegen-mips.cc
index 85cd156296d275b25fdb60a9efc4264769357d6f..5a5cd4e0b6a4396675e4babde45e7a84a42ff7b6 100644
--- a/src/crankshaft/mips/lithium-codegen-mips.cc
+++ b/src/crankshaft/mips/lithium-codegen-mips.cc
@@ -2546,14 +2546,25 @@ void LCodeGen::DoHasInPrototypeChainAndBranch(
     __ SmiTst(object, at);
     EmitFalseBranch(instr, eq, at, Operand(zero_reg));
   }
+
   // Loop through the {object}s prototype chain looking for the {prototype}.
   __ lw(object_map, FieldMemOperand(object, HeapObject::kMapOffset));
   Label loop;
   __ bind(&loop);
+
+  // Deoptimize if the object needs to be access checked.
+  __ lbu(object_instance_type,
+         FieldMemOperand(object_map, Map::kBitFieldOffset));
+  __ And(object_instance_type, object_instance_type,
+         Operand(1 << Map::kIsAccessCheckNeeded));
+  DeoptimizeIf(ne, instr, Deoptimizer::kAccessCheck, object_instance_type,
+               Operand(zero_reg));
+  // Deoptimize for proxies.
   __ lbu(object_instance_type,
          FieldMemOperand(object_map, Map::kInstanceTypeOffset));
   DeoptimizeIf(eq, instr, Deoptimizer::kProxy, object_instance_type,
                Operand(JS_PROXY_TYPE));
+
   __ lw(object_prototype, FieldMemOperand(object_map, Map::kPrototypeOffset));
   EmitTrueBranch(instr, eq, object_prototype, Operand(prototype));
   __ LoadRoot(at, Heap::kNullValueRootIndex);