[ic] Remove unnecessary access rights checks from the IC handlers.

src/ic/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/ic/ic.h"
 
 #include "src/accessors.h"
 #include "src/api-arguments-inl.h"
 #include "src/api.h"
 #include "src/arguments.h"
@@ skipping 837 matching lines @@
 
 namespace {
 
 template <bool fill_array>
 int InitPrototypeChecks(Isolate* isolate, Handle<Map> receiver_map,
                         Handle<JSObject> holder, Handle<FixedArray> array,
                         Handle<Name> name) {
   DCHECK(holder->HasFastProperties());
 
   // The following kinds of receiver maps require custom handler compilation.
-  if (receiver_map->IsPrimitiveMap() || receiver_map->IsJSGlobalProxyMap() ||
-      receiver_map->IsJSGlobalObjectMap()) {
+  if (receiver_map->IsPrimitiveMap() || receiver_map->IsJSGlobalObjectMap()) {
     return -1;
   }
+  // We don't encode the requirement to check access rights because we already
+  // passed the access check for current native context and the access
+  // can't be revoked.
 
   HandleScope scope(isolate);
   int checks_count = 0;
 
   // Switch to custom compiled handler if the prototype chain contains global
   // or dictionary objects.
   for (PrototypeIterator iter(receiver_map); !iter.IsAtEnd(); iter.Advance()) {
     Handle<JSObject> current = PrototypeIterator::GetCurrent<JSObject>(iter);
     if (*current == *holder) break;
     Handle<Map> current_map(current->map(), isolate);
 
-    // Only global objects and objects that do not require access
-    // checks are allowed in stubs.
-    DCHECK(current_map->IsJSGlobalProxyMap() ||
-           !current_map->is_access_check_needed());
-
     if (current_map->IsJSGlobalObjectMap()) {
       if (fill_array) {
         Handle<JSGlobalObject> global = Handle<JSGlobalObject>::cast(current);
         Handle<PropertyCell> cell = JSGlobalObject::EnsureEmptyPropertyCell(
             global, name, PropertyCellType::kInvalidated);
         DCHECK(cell->value()->IsTheHole(isolate));
         Handle<WeakCell> weak_cell = isolate->factory()->NewWeakCell(cell);
         array->set(LoadHandler::kFirstPrototypeIndex + checks_count,
                    *weak_cell);
       }
@@ skipping 23 matching lines @@
                                     Handle<FixedArray>(), Handle<Name>());
 }
 
 Handle<Object> LoadIC::SimpleLoadFromPrototype(Handle<Map> receiver_map,
                                                Handle<JSObject> holder,
                                                Handle<Name> name,
                                                Handle<Object> smi_handler) {
   int checks_count = GetPrototypeCheckCount(receiver_map, holder);
   DCHECK_LE(0, checks_count);
 
-  if (receiver_map->IsJSGlobalProxyMap() ||
-      receiver_map->IsJSGlobalObjectMap()) {
+  if (receiver_map->IsJSGlobalObjectMap()) {
     UNREACHABLE();
   } else if (receiver_map->is_dictionary_map()) {
     smi_handler =
         LoadHandler::EnableNegativeLookupOnReceiver(isolate(), smi_handler);
   }
 
   Handle<Cell> validity_cell =
       Map::GetOrCreatePrototypeChainValidityCell(receiver_map, isolate());
   DCHECK(!validity_cell.is_null());
 
@@ skipping 2133 matching lines @@
     DCHECK_EQ(LookupIterator::INTERCEPTOR, it.state());
     it.Next();
     ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result,
                                        Object::GetProperty(&it));
   }
 
   return *result;
 }
 }  // namespace internal
 }  // namespace v8