• plind44@gmail.com's avatar
    MIPS: Correct handling of arrays with callbacks in the prototype chain. · 60067c9a
    plind44@gmail.com authored
    Port r17525 (55b95f3)
    
    Original commit message:
    Our generic KeyedStoreIC doesn't handle the case when a callback is
    set on array elements in the prototype chain of the object, nor do
    we recognize that we need to avoid the monomorphic case if these
    callbacks exist.
    
    This CL addresses the issue by looking for dictionary elements in
    the prototype chain on IC misses and crankshaft element store
    instructions. When found, the generic IC is used. The generic IC is
    changed to go to the runtime in this case too.
    
    In general, keyed loads are immune from this problem because they
    won't return the hole: discovery of the hole goes to the runtime where
    the callback will be found in the prototype chain. Double array loads
    in crankshaft can return the hole but only if the prototype chain is
    unaltered (we will catch such alterations).
    
    Includes the following patch as well (already reviewed by bmeurer):
    Performance regression found in test regress-2185-2.js. The problem was
    that the bailout method for TransitionAndStoreStub was not performing
    the appropriate transition.
    
    (Review URL for the ElementsTransitionAndStoreIC_Miss change:
    https://codereview.chromium.org/26911007)
    
    BUG=
    R=plind44@gmail.com
    
    Review URL: https://codereview.chromium.org/63083002
    
    Patch from Balazs Kilvady <kilvadyb@homejinni.com>.
    
    git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@17535 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
    60067c9a
macro-assembler-mips.cc 181 KB