Harden some INLINE_OPTIMIZED runtime bultins.

src/hydrogen.cc

Index: src/hydrogen.cc
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index a41b80e78711debd532f9e4d71dd90ecaff54928..fe972e7b9baa049d4d37fea3593e2fa87fabda37 100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -8639,8 +8639,49 @@ void HOptimizedGraphBuilder::GenerateDataViewInitialize(
   CHECK_ALIVE(VisitForValue(arguments->at(3)));
   HValue* byte_length = Pop();
 
+  IfBuilder checker(this);
+  checker.If<HHasInstanceTypeAndBranch>(obj, JS_DATA_VIEW_TYPE);
+  checker.AndIf<HHasInstanceTypeAndBranch>(buffer, JS_ARRAY_BUFFER_TYPE);
+  checker.AndIf<HIsSmiAndBranch>(byte_offset);
+  checker.AndIf<HIsSmiAndBranch>(byte_length);
+  checker.And();
+  HValue* zero = graph()->GetConstant0();
+  HValue* buffer_length =
+      Add<HLoadNamedField>(buffer,
+                           static_cast<HValue*>(NULL),
+                           HObjectAccess::ForJSArrayBufferByteLength());
+  checker.If<HIsSmiAndBranch>(buffer_length);
+  checker.And();
+  HValue* smi_byte_offset =
+      AddUncasted<HForceRepresentation>(byte_offset, Representation::Smi());
+  HValue* smi_byte_length =
+      AddUncasted<HForceRepresentation>(byte_length, Representation::Smi());
+  HValue* smi_buffer_length =
+     AddUncasted<HForceRepresentation>(buffer_length, Representation::Smi());
+  checker.If<HCompareNumericAndBranch>(smi_byte_offset, zero, Token::GTE);
+  checker.And();
+  checker.If<HCompareNumericAndBranch>(
+      smi_byte_length, zero, Token::GTE);
+  checker.And();
+  checker.If<HCompareNumericAndBranch>(
+      smi_byte_offset, smi_buffer_length, Token::LTE);
+  checker.And();
+  HValue* view_length = AddUncasted<HAdd>(byte_offset, byte_length);
+  checker.If<HCompareNumericAndBranch>(
+      view_length, smi_buffer_length, Token::LTE);
+
+  checker.Then();
   BuildArrayBufferViewInitialization<JSDataView>(
       obj, buffer, byte_offset, byte_length);
+
+  checker.Else();
+  Push(obj);
+  Push(buffer);
+  Push(byte_offset);
+  Push(byte_length);
+  PushArgumentsFromEnvironment(4);
+  Add<HCallRuntime>(expr->name(), expr->function(), 4);
+  checker.End();
 }
 
 
@@ -8662,7 +8703,6 @@ static Handle<Map> TypedArrayMap(Isolate* isolate,
   return Map::AsElementsKind(map, target_kind);
 }
 
-
 HValue* HOptimizedGraphBuilder::BuildAllocateExternalElements(
     ExternalArrayType array_type,
     bool is_zero_byte_offset,
@@ -8889,55 +8929,85 @@ void HOptimizedGraphBuilder::GenerateTypedArrayMaxSizeInHeap(
 }
 
 
-void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
-    CallRuntime* expr) {
+void HOptimizedGraphBuilder::GenerateSimpleGetter(
+    CallRuntime* expr,
+    InstanceType instance_type,
+    HObjectAccess object_access) {
+  NoObservableSideEffectsScope scope(this);
   ASSERT(expr->arguments()->length() == 1);
   CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
   HValue* buffer = Pop();
-  HInstruction* result = New<HLoadNamedField>(
+  IfBuilder check_instance_type(this);
+  check_instance_type.If<HHasInstanceTypeAndBranch>(
+      buffer,
+      instance_type);
+  check_instance_type.Then();
+  HInstruction* result = Add<HLoadNamedField>(
     buffer,
     static_cast<HValue*>(NULL),
-    HObjectAccess::ForJSArrayBufferByteLength());
-  return ast_context()->ReturnInstruction(result, expr->id());
+    object_access);
+  Push(result);
+
+  check_instance_type.Else();
+  Push(buffer);
+  PushArgumentsFromEnvironment(1);
+  Push(Add<HCallRuntime>(expr->name(), expr->function(), 1));
+  check_instance_type.End();
+  return ast_context()->ReturnValue(Pop());
 }
 
 
-void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteLength(
+void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
     CallRuntime* expr) {
-  ASSERT(expr->arguments()->length() == 1);
-  CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
-  HValue* buffer = Pop();
-  HInstruction* result = New<HLoadNamedField>(
-    buffer,
-    static_cast<HValue*>(NULL),
-    HObjectAccess::ForJSArrayBufferViewByteLength());
-  return ast_context()->ReturnInstruction(result, expr->id());
+  GenerateSimpleGetter(
+      expr,
+      JS_ARRAY_BUFFER_TYPE,
+      HObjectAccess::ForJSArrayBufferByteLength());
 }
 
 
-void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteOffset(
+void HOptimizedGraphBuilder::GenerateTypedArrayGetByteLength(
     CallRuntime* expr) {
-  ASSERT(expr->arguments()->length() == 1);
-  CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
-  HValue* buffer = Pop();
-  HInstruction* result = New<HLoadNamedField>(
-    buffer,
-    static_cast<HValue*>(NULL),
-    HObjectAccess::ForJSArrayBufferViewByteOffset());
-  return ast_context()->ReturnInstruction(result, expr->id());
+  GenerateSimpleGetter(
+      expr,
+      JS_TYPED_ARRAY_TYPE,
+      HObjectAccess::ForJSArrayBufferViewByteLength());
+}
+
+
+void HOptimizedGraphBuilder::GenerateTypedArrayGetByteOffset(
+    CallRuntime* expr) {
+  GenerateSimpleGetter(
+      expr,
+      JS_TYPED_ARRAY_TYPE,
+      HObjectAccess::ForJSArrayBufferViewByteOffset());
+}
+
+
+void HOptimizedGraphBuilder::GenerateDataViewGetByteLength(
+    CallRuntime* expr) {
+  GenerateSimpleGetter(
+      expr,
+      JS_DATA_VIEW_TYPE,
+      HObjectAccess::ForJSArrayBufferViewByteLength());
+}
+
+
+void HOptimizedGraphBuilder::GenerateDataViewGetByteOffset(
+    CallRuntime* expr) {
+  GenerateSimpleGetter(
+      expr,
+      JS_DATA_VIEW_TYPE,
+      HObjectAccess::ForJSArrayBufferViewByteOffset());
 }
 
 
 void HOptimizedGraphBuilder::GenerateTypedArrayGetLength(
     CallRuntime* expr) {
-  ASSERT(expr->arguments()->length() == 1);
-  CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
-  HValue* buffer = Pop();
-  HInstruction* result = New<HLoadNamedField>(
-    buffer,
-    static_cast<HValue*>(NULL),
-    HObjectAccess::ForJSTypedArrayLength());
-  return ast_context()->ReturnInstruction(result, expr->id());
+  GenerateSimpleGetter(
+      expr,
+      JS_TYPED_ARRAY_TYPE,
+      HObjectAccess::ForJSTypedArrayLength());
 }