RubyGems - libv8 - Versions diffs - 3.11.8.17 → 3.16.14.0 - Mend

libv8 3.11.8.17 → 3.16.14.0

Files changed (754) hide show

checksums.yaml +4 -4
data/.travis.yml +1 -2
data/Gemfile +1 -1
data/Rakefile +6 -7
data/lib/libv8/version.rb +1 -1
data/vendor/v8/.gitignore +24 -3
data/vendor/v8/AUTHORS +7 -0
data/vendor/v8/ChangeLog +839 -0
data/vendor/v8/DEPS +1 -1
data/vendor/v8/Makefile.android +92 -0
data/vendor/v8/OWNERS +11 -0
data/vendor/v8/PRESUBMIT.py +71 -0
data/vendor/v8/SConstruct +34 -39
data/vendor/v8/build/android.gypi +56 -37
data/vendor/v8/build/common.gypi +112 -30
data/vendor/v8/build/gyp_v8 +1 -1
data/vendor/v8/build/standalone.gypi +15 -11
data/vendor/v8/include/v8-debug.h +9 -1
data/vendor/v8/include/v8-preparser.h +4 -3
data/vendor/v8/include/v8-profiler.h +25 -25
data/vendor/v8/include/v8-testing.h +4 -3
data/vendor/v8/include/v8.h +994 -540
data/vendor/v8/preparser/preparser-process.cc +3 -3
data/vendor/v8/samples/lineprocessor.cc +20 -27
data/vendor/v8/samples/process.cc +18 -14
data/vendor/v8/samples/shell.cc +16 -15
data/vendor/v8/src/SConscript +15 -14
data/vendor/v8/src/accessors.cc +169 -77
data/vendor/v8/src/accessors.h +4 -0
data/vendor/v8/src/allocation-inl.h +2 -2
data/vendor/v8/src/allocation.h +7 -7
data/vendor/v8/src/api.cc +810 -497
data/vendor/v8/src/api.h +85 -60
data/vendor/v8/src/arm/assembler-arm-inl.h +179 -22
data/vendor/v8/src/arm/assembler-arm.cc +633 -264
data/vendor/v8/src/arm/assembler-arm.h +264 -197
data/vendor/v8/src/arm/builtins-arm.cc +117 -27
data/vendor/v8/src/arm/code-stubs-arm.cc +1241 -700
data/vendor/v8/src/arm/code-stubs-arm.h +35 -138
data/vendor/v8/src/arm/codegen-arm.cc +285 -16
data/vendor/v8/src/arm/codegen-arm.h +22 -0
data/vendor/v8/src/arm/constants-arm.cc +5 -3
data/vendor/v8/src/arm/constants-arm.h +24 -11
data/vendor/v8/src/arm/debug-arm.cc +3 -3
data/vendor/v8/src/arm/deoptimizer-arm.cc +382 -92
data/vendor/v8/src/arm/disasm-arm.cc +61 -12
data/vendor/v8/src/arm/frames-arm.h +0 -14
data/vendor/v8/src/arm/full-codegen-arm.cc +332 -304
data/vendor/v8/src/arm/ic-arm.cc +180 -259
data/vendor/v8/src/arm/lithium-arm.cc +364 -316
data/vendor/v8/src/arm/lithium-arm.h +512 -275
data/vendor/v8/src/arm/lithium-codegen-arm.cc +1768 -809
data/vendor/v8/src/arm/lithium-codegen-arm.h +97 -35
data/vendor/v8/src/arm/lithium-gap-resolver-arm.cc +12 -5
data/vendor/v8/src/arm/macro-assembler-arm.cc +439 -228
data/vendor/v8/src/arm/macro-assembler-arm.h +116 -70
data/vendor/v8/src/arm/regexp-macro-assembler-arm.cc +54 -44
data/vendor/v8/src/arm/regexp-macro-assembler-arm.h +3 -10
data/vendor/v8/src/arm/simulator-arm.cc +272 -238
data/vendor/v8/src/arm/simulator-arm.h +38 -8
data/vendor/v8/src/arm/stub-cache-arm.cc +522 -895
data/vendor/v8/src/array.js +101 -70
data/vendor/v8/src/assembler.cc +270 -19
data/vendor/v8/src/assembler.h +110 -15
data/vendor/v8/src/ast.cc +79 -69
data/vendor/v8/src/ast.h +255 -301
data/vendor/v8/src/atomicops.h +7 -1
data/vendor/v8/src/atomicops_internals_tsan.h +335 -0
data/vendor/v8/src/bootstrapper.cc +481 -418
data/vendor/v8/src/bootstrapper.h +4 -4
data/vendor/v8/src/builtins.cc +498 -311
data/vendor/v8/src/builtins.h +75 -47
data/vendor/v8/src/checks.cc +2 -1
data/vendor/v8/src/checks.h +8 -0
data/vendor/v8/src/code-stubs-hydrogen.cc +253 -0
data/vendor/v8/src/code-stubs.cc +249 -84
data/vendor/v8/src/code-stubs.h +501 -169
data/vendor/v8/src/codegen.cc +36 -18
data/vendor/v8/src/codegen.h +25 -3
data/vendor/v8/src/collection.js +54 -17
data/vendor/v8/src/compilation-cache.cc +24 -16
data/vendor/v8/src/compilation-cache.h +15 -6
data/vendor/v8/src/compiler.cc +497 -195
data/vendor/v8/src/compiler.h +246 -38
data/vendor/v8/src/contexts.cc +64 -24
data/vendor/v8/src/contexts.h +60 -29
data/vendor/v8/src/conversions-inl.h +24 -14
data/vendor/v8/src/conversions.h +7 -4
data/vendor/v8/src/counters.cc +21 -12
data/vendor/v8/src/counters.h +44 -16
data/vendor/v8/src/cpu-profiler.h +1 -1
data/vendor/v8/src/d8-debug.cc +2 -2
data/vendor/v8/src/d8-readline.cc +13 -2
data/vendor/v8/src/d8.cc +681 -273
data/vendor/v8/src/d8.gyp +4 -4
data/vendor/v8/src/d8.h +38 -18
data/vendor/v8/src/d8.js +0 -617
data/vendor/v8/src/data-flow.h +55 -0
data/vendor/v8/src/date.js +1 -42
data/vendor/v8/src/dateparser-inl.h +5 -1
data/vendor/v8/src/debug-agent.cc +10 -15
data/vendor/v8/src/debug-debugger.js +147 -149
data/vendor/v8/src/debug.cc +323 -164
data/vendor/v8/src/debug.h +26 -14
data/vendor/v8/src/deoptimizer.cc +765 -290
data/vendor/v8/src/deoptimizer.h +130 -28
data/vendor/v8/src/disassembler.cc +10 -4
data/vendor/v8/src/elements-kind.cc +7 -2
data/vendor/v8/src/elements-kind.h +19 -0
data/vendor/v8/src/elements.cc +607 -285
data/vendor/v8/src/elements.h +36 -13
data/vendor/v8/src/execution.cc +52 -31
data/vendor/v8/src/execution.h +4 -4
data/vendor/v8/src/extensions/externalize-string-extension.cc +5 -4
data/vendor/v8/src/extensions/gc-extension.cc +5 -1
data/vendor/v8/src/extensions/statistics-extension.cc +153 -0
data/vendor/v8/src/{inspector.h → extensions/statistics-extension.h} +12 -23
data/vendor/v8/src/factory.cc +101 -134
data/vendor/v8/src/factory.h +36 -31
data/vendor/v8/src/flag-definitions.h +102 -25
data/vendor/v8/src/flags.cc +9 -5
data/vendor/v8/src/frames-inl.h +10 -0
data/vendor/v8/src/frames.cc +116 -26
data/vendor/v8/src/frames.h +96 -12
data/vendor/v8/src/full-codegen.cc +219 -74
data/vendor/v8/src/full-codegen.h +63 -21
data/vendor/v8/src/func-name-inferrer.cc +8 -7
data/vendor/v8/src/func-name-inferrer.h +5 -3
data/vendor/v8/src/gdb-jit.cc +71 -57
data/vendor/v8/src/global-handles.cc +230 -101
data/vendor/v8/src/global-handles.h +26 -27
data/vendor/v8/src/globals.h +17 -19
data/vendor/v8/src/handles-inl.h +59 -12
data/vendor/v8/src/handles.cc +180 -200
data/vendor/v8/src/handles.h +80 -11
data/vendor/v8/src/hashmap.h +60 -40
data/vendor/v8/src/heap-inl.h +107 -45
data/vendor/v8/src/heap-profiler.cc +38 -19
data/vendor/v8/src/heap-profiler.h +24 -14
data/vendor/v8/src/heap.cc +1123 -738
data/vendor/v8/src/heap.h +385 -146
data/vendor/v8/src/hydrogen-instructions.cc +700 -217
data/vendor/v8/src/hydrogen-instructions.h +1158 -472
data/vendor/v8/src/hydrogen.cc +3319 -1662
data/vendor/v8/src/hydrogen.h +411 -170
data/vendor/v8/src/ia32/assembler-ia32-inl.h +46 -16
data/vendor/v8/src/ia32/assembler-ia32.cc +131 -61
data/vendor/v8/src/ia32/assembler-ia32.h +115 -57
data/vendor/v8/src/ia32/builtins-ia32.cc +99 -5
data/vendor/v8/src/ia32/code-stubs-ia32.cc +787 -495
data/vendor/v8/src/ia32/code-stubs-ia32.h +10 -100
data/vendor/v8/src/ia32/codegen-ia32.cc +227 -23
data/vendor/v8/src/ia32/codegen-ia32.h +14 -0
data/vendor/v8/src/ia32/deoptimizer-ia32.cc +428 -87
data/vendor/v8/src/ia32/disasm-ia32.cc +28 -1
data/vendor/v8/src/ia32/frames-ia32.h +6 -16
data/vendor/v8/src/ia32/full-codegen-ia32.cc +280 -272
data/vendor/v8/src/ia32/ic-ia32.cc +150 -250
data/vendor/v8/src/ia32/lithium-codegen-ia32.cc +1600 -517
data/vendor/v8/src/ia32/lithium-codegen-ia32.h +90 -24
data/vendor/v8/src/ia32/lithium-gap-resolver-ia32.cc +10 -6
data/vendor/v8/src/ia32/lithium-gap-resolver-ia32.h +2 -2
data/vendor/v8/src/ia32/lithium-ia32.cc +405 -302
data/vendor/v8/src/ia32/lithium-ia32.h +526 -271
data/vendor/v8/src/ia32/macro-assembler-ia32.cc +378 -119
data/vendor/v8/src/ia32/macro-assembler-ia32.h +62 -28
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.cc +43 -30
data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.h +2 -10
data/vendor/v8/src/ia32/stub-cache-ia32.cc +492 -678
data/vendor/v8/src/ic-inl.h +9 -4
data/vendor/v8/src/ic.cc +836 -923
data/vendor/v8/src/ic.h +228 -247
data/vendor/v8/src/incremental-marking-inl.h +26 -30
data/vendor/v8/src/incremental-marking.cc +276 -248
data/vendor/v8/src/incremental-marking.h +29 -37
data/vendor/v8/src/interface.cc +34 -25
data/vendor/v8/src/interface.h +69 -25
data/vendor/v8/src/interpreter-irregexp.cc +2 -2
data/vendor/v8/src/isolate.cc +382 -76
data/vendor/v8/src/isolate.h +109 -56
data/vendor/v8/src/json-parser.h +217 -104
data/vendor/v8/src/json-stringifier.h +745 -0
data/vendor/v8/src/json.js +10 -132
data/vendor/v8/src/jsregexp-inl.h +106 -0
data/vendor/v8/src/jsregexp.cc +517 -285
data/vendor/v8/src/jsregexp.h +145 -117
data/vendor/v8/src/list-inl.h +35 -22
data/vendor/v8/src/list.h +46 -19
data/vendor/v8/src/lithium-allocator-inl.h +22 -2
data/vendor/v8/src/lithium-allocator.cc +85 -70
data/vendor/v8/src/lithium-allocator.h +21 -39
data/vendor/v8/src/lithium.cc +259 -5
data/vendor/v8/src/lithium.h +131 -32
data/vendor/v8/src/liveedit-debugger.js +52 -3
data/vendor/v8/src/liveedit.cc +393 -113
data/vendor/v8/src/liveedit.h +7 -3
data/vendor/v8/src/log-utils.cc +4 -2
data/vendor/v8/src/log.cc +170 -140
data/vendor/v8/src/log.h +62 -11
data/vendor/v8/src/macro-assembler.h +17 -0
data/vendor/v8/src/macros.py +2 -0
data/vendor/v8/src/mark-compact-inl.h +3 -23
data/vendor/v8/src/mark-compact.cc +801 -830
data/vendor/v8/src/mark-compact.h +154 -47
data/vendor/v8/src/marking-thread.cc +85 -0
data/vendor/v8/src/{inspector.cc → marking-thread.h} +32 -24
data/vendor/v8/src/math.js +12 -18
data/vendor/v8/src/messages.cc +18 -8
data/vendor/v8/src/messages.js +314 -261
data/vendor/v8/src/mips/assembler-mips-inl.h +58 -6
data/vendor/v8/src/mips/assembler-mips.cc +92 -75
data/vendor/v8/src/mips/assembler-mips.h +54 -60
data/vendor/v8/src/mips/builtins-mips.cc +116 -17
data/vendor/v8/src/mips/code-stubs-mips.cc +919 -556
data/vendor/v8/src/mips/code-stubs-mips.h +22 -131
data/vendor/v8/src/mips/codegen-mips.cc +281 -6
data/vendor/v8/src/mips/codegen-mips.h +22 -0
data/vendor/v8/src/mips/constants-mips.cc +2 -0
data/vendor/v8/src/mips/constants-mips.h +12 -2
data/vendor/v8/src/mips/deoptimizer-mips.cc +286 -50
data/vendor/v8/src/mips/disasm-mips.cc +13 -0
data/vendor/v8/src/mips/full-codegen-mips.cc +297 -284
data/vendor/v8/src/mips/ic-mips.cc +182 -263
data/vendor/v8/src/mips/lithium-codegen-mips.cc +1208 -556
data/vendor/v8/src/mips/lithium-codegen-mips.h +72 -19
data/vendor/v8/src/mips/lithium-gap-resolver-mips.cc +9 -2
data/vendor/v8/src/mips/lithium-mips.cc +290 -302
data/vendor/v8/src/mips/lithium-mips.h +463 -266
data/vendor/v8/src/mips/macro-assembler-mips.cc +208 -115
data/vendor/v8/src/mips/macro-assembler-mips.h +67 -24
data/vendor/v8/src/mips/regexp-macro-assembler-mips.cc +40 -25
data/vendor/v8/src/mips/regexp-macro-assembler-mips.h +3 -9
data/vendor/v8/src/mips/simulator-mips.cc +112 -40
data/vendor/v8/src/mips/simulator-mips.h +5 -0
data/vendor/v8/src/mips/stub-cache-mips.cc +502 -884
data/vendor/v8/src/mirror-debugger.js +157 -30
data/vendor/v8/src/mksnapshot.cc +88 -14
data/vendor/v8/src/object-observe.js +235 -0
data/vendor/v8/src/objects-debug.cc +178 -176
data/vendor/v8/src/objects-inl.h +1333 -486
data/vendor/v8/src/objects-printer.cc +125 -43
data/vendor/v8/src/objects-visiting-inl.h +578 -6
data/vendor/v8/src/objects-visiting.cc +2 -2
data/vendor/v8/src/objects-visiting.h +172 -79
data/vendor/v8/src/objects.cc +3533 -2885
data/vendor/v8/src/objects.h +1352 -1131
data/vendor/v8/src/optimizing-compiler-thread.cc +152 -0
data/vendor/v8/src/optimizing-compiler-thread.h +111 -0
data/vendor/v8/src/parser.cc +390 -500
data/vendor/v8/src/parser.h +45 -33
data/vendor/v8/src/platform-cygwin.cc +10 -21
data/vendor/v8/src/platform-freebsd.cc +36 -41
data/vendor/v8/src/platform-linux.cc +160 -124
data/vendor/v8/src/platform-macos.cc +30 -27
data/vendor/v8/src/platform-nullos.cc +17 -1
data/vendor/v8/src/platform-openbsd.cc +19 -50
data/vendor/v8/src/platform-posix.cc +14 -0
data/vendor/v8/src/platform-solaris.cc +20 -53
data/vendor/v8/src/platform-win32.cc +49 -26
data/vendor/v8/src/platform.h +40 -1
data/vendor/v8/src/preparser.cc +8 -5
data/vendor/v8/src/preparser.h +2 -2
data/vendor/v8/src/prettyprinter.cc +16 -0
data/vendor/v8/src/prettyprinter.h +2 -0
data/vendor/v8/src/profile-generator-inl.h +1 -0
data/vendor/v8/src/profile-generator.cc +209 -147
data/vendor/v8/src/profile-generator.h +15 -12
data/vendor/v8/src/property-details.h +46 -31
data/vendor/v8/src/property.cc +27 -46
data/vendor/v8/src/property.h +163 -83
data/vendor/v8/src/proxy.js +7 -2
data/vendor/v8/src/regexp-macro-assembler-irregexp.cc +4 -13
data/vendor/v8/src/regexp-macro-assembler-irregexp.h +1 -2
data/vendor/v8/src/regexp-macro-assembler-tracer.cc +1 -11
data/vendor/v8/src/regexp-macro-assembler-tracer.h +0 -1
data/vendor/v8/src/regexp-macro-assembler.cc +31 -14
data/vendor/v8/src/regexp-macro-assembler.h +14 -11
data/vendor/v8/src/regexp-stack.cc +1 -0
data/vendor/v8/src/regexp.js +9 -8
data/vendor/v8/src/rewriter.cc +18 -7
data/vendor/v8/src/runtime-profiler.cc +52 -43
data/vendor/v8/src/runtime-profiler.h +0 -25
data/vendor/v8/src/runtime.cc +2006 -2023
data/vendor/v8/src/runtime.h +56 -49
data/vendor/v8/src/safepoint-table.cc +12 -18
data/vendor/v8/src/safepoint-table.h +11 -8
data/vendor/v8/src/scanner.cc +1 -0
data/vendor/v8/src/scanner.h +4 -10
data/vendor/v8/src/scopeinfo.cc +35 -9
data/vendor/v8/src/scopeinfo.h +64 -3
data/vendor/v8/src/scopes.cc +251 -156
data/vendor/v8/src/scopes.h +61 -27
data/vendor/v8/src/serialize.cc +348 -396
data/vendor/v8/src/serialize.h +125 -114
data/vendor/v8/src/small-pointer-list.h +11 -11
data/vendor/v8/src/{smart-array-pointer.h → smart-pointers.h} +64 -15
data/vendor/v8/src/snapshot-common.cc +64 -15
data/vendor/v8/src/snapshot-empty.cc +7 -1
data/vendor/v8/src/snapshot.h +9 -2
data/vendor/v8/src/spaces-inl.h +17 -0
data/vendor/v8/src/spaces.cc +477 -183
data/vendor/v8/src/spaces.h +238 -58
data/vendor/v8/src/splay-tree-inl.h +8 -7
data/vendor/v8/src/splay-tree.h +24 -10
data/vendor/v8/src/store-buffer.cc +12 -5
data/vendor/v8/src/store-buffer.h +2 -4
data/vendor/v8/src/string-search.h +22 -6
data/vendor/v8/src/string-stream.cc +11 -8
data/vendor/v8/src/string.js +47 -15
data/vendor/v8/src/stub-cache.cc +461 -224
data/vendor/v8/src/stub-cache.h +164 -102
data/vendor/v8/src/sweeper-thread.cc +105 -0
data/vendor/v8/src/sweeper-thread.h +81 -0
data/vendor/v8/src/token.h +1 -0
data/vendor/v8/src/transitions-inl.h +220 -0
data/vendor/v8/src/transitions.cc +160 -0
data/vendor/v8/src/transitions.h +207 -0
data/vendor/v8/src/type-info.cc +182 -181
data/vendor/v8/src/type-info.h +31 -19
data/vendor/v8/src/unicode-inl.h +62 -106
data/vendor/v8/src/unicode.cc +57 -67
data/vendor/v8/src/unicode.h +45 -91
data/vendor/v8/src/uri.js +57 -29
data/vendor/v8/src/utils.h +105 -5
data/vendor/v8/src/v8-counters.cc +54 -11
data/vendor/v8/src/v8-counters.h +134 -19
data/vendor/v8/src/v8.cc +29 -29
data/vendor/v8/src/v8.h +1 -0
data/vendor/v8/src/v8conversions.cc +26 -22
data/vendor/v8/src/v8globals.h +56 -43
data/vendor/v8/src/v8natives.js +83 -30
data/vendor/v8/src/v8threads.cc +42 -21
data/vendor/v8/src/v8threads.h +4 -1
data/vendor/v8/src/v8utils.cc +9 -93
data/vendor/v8/src/v8utils.h +37 -33
data/vendor/v8/src/variables.cc +6 -3
data/vendor/v8/src/variables.h +6 -13
data/vendor/v8/src/version.cc +2 -2
data/vendor/v8/src/vm-state-inl.h +11 -0
data/vendor/v8/src/x64/assembler-x64-inl.h +39 -8
data/vendor/v8/src/x64/assembler-x64.cc +78 -64
data/vendor/v8/src/x64/assembler-x64.h +38 -33
data/vendor/v8/src/x64/builtins-x64.cc +105 -7
data/vendor/v8/src/x64/code-stubs-x64.cc +790 -413
data/vendor/v8/src/x64/code-stubs-x64.h +10 -106
data/vendor/v8/src/x64/codegen-x64.cc +210 -8
data/vendor/v8/src/x64/codegen-x64.h +20 -1
data/vendor/v8/src/x64/deoptimizer-x64.cc +336 -75
data/vendor/v8/src/x64/disasm-x64.cc +15 -0
data/vendor/v8/src/x64/frames-x64.h +0 -14
data/vendor/v8/src/x64/full-codegen-x64.cc +293 -270
data/vendor/v8/src/x64/ic-x64.cc +153 -251
data/vendor/v8/src/x64/lithium-codegen-x64.cc +1379 -531
data/vendor/v8/src/x64/lithium-codegen-x64.h +67 -23
data/vendor/v8/src/x64/lithium-gap-resolver-x64.cc +2 -2
data/vendor/v8/src/x64/lithium-x64.cc +349 -289
data/vendor/v8/src/x64/lithium-x64.h +460 -250
data/vendor/v8/src/x64/macro-assembler-x64.cc +350 -177
data/vendor/v8/src/x64/macro-assembler-x64.h +67 -49
data/vendor/v8/src/x64/regexp-macro-assembler-x64.cc +46 -33
data/vendor/v8/src/x64/regexp-macro-assembler-x64.h +2 -3
data/vendor/v8/src/x64/stub-cache-x64.cc +484 -653
data/vendor/v8/src/zone-inl.h +9 -27
data/vendor/v8/src/zone.cc +5 -5
data/vendor/v8/src/zone.h +53 -27
data/vendor/v8/test/benchmarks/testcfg.py +5 -0
data/vendor/v8/test/cctest/cctest.cc +4 -0
data/vendor/v8/test/cctest/cctest.gyp +3 -1
data/vendor/v8/test/cctest/cctest.h +57 -9
data/vendor/v8/test/cctest/cctest.status +15 -15
data/vendor/v8/test/cctest/test-accessors.cc +26 -0
data/vendor/v8/test/cctest/test-alloc.cc +22 -30
data/vendor/v8/test/cctest/test-api.cc +1943 -314
data/vendor/v8/test/cctest/test-assembler-arm.cc +133 -13
data/vendor/v8/test/cctest/test-assembler-ia32.cc +1 -1
data/vendor/v8/test/cctest/test-assembler-mips.cc +12 -0
data/vendor/v8/test/cctest/test-ast.cc +4 -2
data/vendor/v8/test/cctest/test-compiler.cc +61 -29
data/vendor/v8/test/cctest/test-dataflow.cc +2 -2
data/vendor/v8/test/cctest/test-debug.cc +212 -33
data/vendor/v8/test/cctest/test-decls.cc +257 -11
data/vendor/v8/test/cctest/test-dictionary.cc +24 -10
data/vendor/v8/test/cctest/test-disasm-arm.cc +118 -1
data/vendor/v8/test/cctest/test-disasm-ia32.cc +3 -2
data/vendor/v8/test/cctest/test-flags.cc +14 -1
data/vendor/v8/test/cctest/test-func-name-inference.cc +7 -4
data/vendor/v8/test/cctest/test-global-object.cc +51 -0
data/vendor/v8/test/cctest/test-hashing.cc +32 -23
data/vendor/v8/test/cctest/test-heap-profiler.cc +131 -77
data/vendor/v8/test/cctest/test-heap.cc +1084 -143
data/vendor/v8/test/cctest/test-list.cc +1 -1
data/vendor/v8/test/cctest/test-liveedit.cc +3 -2
data/vendor/v8/test/cctest/test-lockers.cc +12 -13
data/vendor/v8/test/cctest/test-log.cc +10 -8
data/vendor/v8/test/cctest/test-macro-assembler-x64.cc +2 -2
data/vendor/v8/test/cctest/test-mark-compact.cc +44 -22
data/vendor/v8/test/cctest/test-object-observe.cc +434 -0
data/vendor/v8/test/cctest/test-parsing.cc +86 -39
data/vendor/v8/test/cctest/test-platform-linux.cc +6 -0
data/vendor/v8/test/cctest/test-platform-win32.cc +7 -0
data/vendor/v8/test/cctest/test-random.cc +5 -4
data/vendor/v8/test/cctest/test-regexp.cc +137 -101
data/vendor/v8/test/cctest/test-serialize.cc +150 -230
data/vendor/v8/test/cctest/test-sockets.cc +1 -1
data/vendor/v8/test/cctest/test-spaces.cc +139 -0
data/vendor/v8/test/cctest/test-strings.cc +736 -74
data/vendor/v8/test/cctest/test-thread-termination.cc +10 -11
data/vendor/v8/test/cctest/test-threads.cc +4 -4
data/vendor/v8/test/cctest/test-utils.cc +16 -0
data/vendor/v8/test/cctest/test-weakmaps.cc +7 -3
data/vendor/v8/test/cctest/testcfg.py +64 -5
data/vendor/v8/test/es5conform/testcfg.py +5 -0
data/vendor/v8/test/message/message.status +1 -1
data/vendor/v8/test/message/overwritten-builtins.out +3 -0
data/vendor/v8/test/message/testcfg.py +89 -8
data/vendor/v8/test/message/try-catch-finally-no-message.out +26 -26
data/vendor/v8/test/mjsunit/accessor-map-sharing.js +18 -2
data/vendor/v8/test/mjsunit/allocation-site-info.js +126 -0
data/vendor/v8/test/mjsunit/array-bounds-check-removal.js +62 -1
data/vendor/v8/test/mjsunit/array-iteration.js +1 -1
data/vendor/v8/test/mjsunit/array-literal-transitions.js +2 -0
data/vendor/v8/test/mjsunit/array-natives-elements.js +317 -0
data/vendor/v8/test/mjsunit/array-reduce.js +8 -8
data/vendor/v8/test/mjsunit/array-slice.js +12 -0
data/vendor/v8/test/mjsunit/array-store-and-grow.js +4 -1
data/vendor/v8/test/mjsunit/assert-opt-and-deopt.js +1 -1
data/vendor/v8/test/mjsunit/bugs/bug-2337.js +53 -0
data/vendor/v8/test/mjsunit/compare-known-objects-slow.js +69 -0
data/vendor/v8/test/mjsunit/compiler/alloc-object-huge.js +3 -1
data/vendor/v8/test/mjsunit/compiler/inline-accessors.js +368 -0
data/vendor/v8/test/mjsunit/compiler/inline-arguments.js +87 -1
data/vendor/v8/test/mjsunit/compiler/inline-closures.js +49 -0
data/vendor/v8/test/mjsunit/compiler/inline-construct.js +55 -43
data/vendor/v8/test/mjsunit/compiler/inline-literals.js +39 -0
data/vendor/v8/test/mjsunit/compiler/multiply-add.js +69 -0
data/vendor/v8/test/mjsunit/compiler/optimized-closures.js +57 -0
data/vendor/v8/test/mjsunit/compiler/parallel-proto-change.js +44 -0
data/vendor/v8/test/mjsunit/compiler/property-static.js +69 -0
data/vendor/v8/test/mjsunit/compiler/proto-chain-constant.js +55 -0
data/vendor/v8/test/mjsunit/compiler/proto-chain-load.js +44 -0
data/vendor/v8/test/mjsunit/compiler/regress-gvn.js +3 -2
data/vendor/v8/test/mjsunit/compiler/regress-or.js +6 -2
data/vendor/v8/test/mjsunit/compiler/rotate.js +224 -0
data/vendor/v8/test/mjsunit/compiler/uint32.js +173 -0
data/vendor/v8/test/mjsunit/count-based-osr.js +2 -1
data/vendor/v8/test/mjsunit/d8-os.js +3 -3
data/vendor/v8/test/mjsunit/date-parse.js +3 -0
data/vendor/v8/test/mjsunit/date.js +22 -0
data/vendor/v8/test/mjsunit/debug-break-inline.js +1 -0
data/vendor/v8/test/mjsunit/debug-evaluate-locals-optimized-double.js +22 -12
data/vendor/v8/test/mjsunit/debug-evaluate-locals-optimized.js +21 -10
data/vendor/v8/test/mjsunit/debug-liveedit-compile-error.js +60 -0
data/vendor/v8/test/mjsunit/debug-liveedit-double-call.js +142 -0
data/vendor/v8/test/mjsunit/debug-liveedit-literals.js +94 -0
data/vendor/v8/test/mjsunit/debug-liveedit-restart-frame.js +153 -0
data/vendor/v8/test/mjsunit/debug-multiple-breakpoints.js +1 -1
data/vendor/v8/test/mjsunit/debug-script-breakpoints-closure.js +67 -0
data/vendor/v8/test/mjsunit/debug-script-breakpoints-nested.js +82 -0
data/vendor/v8/test/mjsunit/debug-script.js +4 -2
data/vendor/v8/test/mjsunit/debug-set-variable-value.js +308 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part1.js +190 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part2.js +83 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part3.js +80 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part4.js +80 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part5.js +77 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part6.js +79 -0
data/vendor/v8/test/mjsunit/debug-stepout-scope-part7.js +79 -0
data/vendor/v8/test/mjsunit/{debug-stepout-scope.js → debug-stepout-scope-part8.js} +0 -189
data/vendor/v8/test/mjsunit/delete-non-configurable.js +74 -0
data/vendor/v8/test/mjsunit/deopt-minus-zero.js +56 -0
data/vendor/v8/test/mjsunit/elements-kind.js +6 -4
data/vendor/v8/test/mjsunit/elements-length-no-holey.js +33 -0
data/vendor/v8/test/mjsunit/elements-transition-hoisting.js +46 -19
data/vendor/v8/test/mjsunit/error-accessors.js +54 -0
data/vendor/v8/test/mjsunit/error-constructors.js +1 -14
data/vendor/v8/test/mjsunit/error-tostring.js +8 -0
data/vendor/v8/test/mjsunit/eval-stack-trace.js +204 -0
data/vendor/v8/test/mjsunit/external-array.js +364 -1
data/vendor/v8/test/mjsunit/fast-array-length.js +37 -0
data/vendor/v8/test/mjsunit/fast-non-keyed.js +113 -0
data/vendor/v8/test/mjsunit/fast-prototype.js +117 -0
data/vendor/v8/test/mjsunit/function-call.js +14 -18
data/vendor/v8/test/mjsunit/fuzz-natives-part1.js +230 -0
data/vendor/v8/test/mjsunit/fuzz-natives-part2.js +229 -0
data/vendor/v8/test/mjsunit/fuzz-natives-part3.js +229 -0
data/vendor/v8/test/mjsunit/{fuzz-natives.js → fuzz-natives-part4.js} +12 -2
data/vendor/v8/test/mjsunit/generated-transition-stub.js +218 -0
data/vendor/v8/test/mjsunit/greedy.js +1 -1
data/vendor/v8/test/mjsunit/harmony/block-conflicts.js +2 -1
data/vendor/v8/test/mjsunit/harmony/block-let-crankshaft.js +1 -1
data/vendor/v8/test/mjsunit/harmony/collections.js +69 -11
data/vendor/v8/test/mjsunit/harmony/debug-blockscopes.js +2 -2
data/vendor/v8/test/mjsunit/harmony/module-linking.js +180 -3
data/vendor/v8/test/mjsunit/harmony/module-parsing.js +31 -0
data/vendor/v8/test/mjsunit/harmony/module-recompile.js +87 -0
data/vendor/v8/test/mjsunit/harmony/module-resolution.js +15 -2
data/vendor/v8/test/mjsunit/harmony/object-observe.js +1056 -0
data/vendor/v8/test/mjsunit/harmony/proxies-json.js +178 -0
data/vendor/v8/test/mjsunit/harmony/proxies.js +25 -10
data/vendor/v8/test/mjsunit/json-parser-recursive.js +33 -0
data/vendor/v8/test/mjsunit/json-stringify-recursive.js +52 -0
data/vendor/v8/test/mjsunit/json.js +38 -2
data/vendor/v8/test/mjsunit/json2.js +153 -0
data/vendor/v8/test/mjsunit/limit-locals.js +5 -4
data/vendor/v8/test/mjsunit/manual-parallel-recompile.js +79 -0
data/vendor/v8/test/mjsunit/math-exp-precision.js +64 -0
data/vendor/v8/test/mjsunit/math-floor-negative.js +59 -0
data/vendor/v8/test/mjsunit/math-floor-of-div-minus-zero.js +41 -0
data/vendor/v8/test/mjsunit/math-floor-of-div-nosudiv.js +288 -0
data/vendor/v8/test/mjsunit/math-floor-of-div.js +81 -9
data/vendor/v8/test/mjsunit/{math-floor.js → math-floor-part1.js} +1 -72
data/vendor/v8/test/mjsunit/math-floor-part2.js +76 -0
data/vendor/v8/test/mjsunit/math-floor-part3.js +78 -0
data/vendor/v8/test/mjsunit/math-floor-part4.js +76 -0
data/vendor/v8/test/mjsunit/mirror-object.js +43 -9
data/vendor/v8/test/mjsunit/mjsunit.js +1 -1
data/vendor/v8/test/mjsunit/mjsunit.status +52 -27
data/vendor/v8/test/mjsunit/mul-exhaustive-part1.js +491 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part10.js +470 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part2.js +525 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part3.js +532 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part4.js +509 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part5.js +505 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part6.js +554 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part7.js +497 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part8.js +526 -0
data/vendor/v8/test/mjsunit/mul-exhaustive-part9.js +533 -0
data/vendor/v8/test/mjsunit/new-function.js +34 -0
data/vendor/v8/test/mjsunit/numops-fuzz-part1.js +1172 -0
data/vendor/v8/test/mjsunit/numops-fuzz-part2.js +1178 -0
data/vendor/v8/test/mjsunit/numops-fuzz-part3.js +1178 -0
data/vendor/v8/test/mjsunit/numops-fuzz-part4.js +1177 -0
data/vendor/v8/test/mjsunit/object-define-property.js +107 -2
data/vendor/v8/test/mjsunit/override-read-only-property.js +6 -4
data/vendor/v8/test/mjsunit/packed-elements.js +2 -2
data/vendor/v8/test/mjsunit/parse-int-float.js +4 -4
data/vendor/v8/test/mjsunit/pixel-array-rounding.js +1 -1
data/vendor/v8/test/mjsunit/readonly.js +228 -0
data/vendor/v8/test/mjsunit/regexp-capture-3.js +16 -18
data/vendor/v8/test/mjsunit/regexp-capture.js +2 -0
data/vendor/v8/test/mjsunit/regexp-global.js +122 -0
data/vendor/v8/test/mjsunit/regexp-results-cache.js +78 -0
data/vendor/v8/test/mjsunit/regress/regress-1117.js +12 -3
data/vendor/v8/test/mjsunit/regress/regress-1118.js +1 -1
data/vendor/v8/test/mjsunit/regress/regress-115100.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-1199637.js +1 -3
data/vendor/v8/test/mjsunit/regress/regress-121407.js +1 -1
data/vendor/v8/test/mjsunit/regress/regress-131923.js +30 -0
data/vendor/v8/test/mjsunit/regress/regress-131994.js +70 -0
data/vendor/v8/test/mjsunit/regress/regress-133211.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-133211b.js +39 -0
data/vendor/v8/test/mjsunit/regress/regress-136048.js +34 -0
data/vendor/v8/test/mjsunit/regress/regress-137768.js +73 -0
data/vendor/v8/test/mjsunit/regress/regress-143967.js +34 -0
data/vendor/v8/test/mjsunit/regress/regress-145201.js +107 -0
data/vendor/v8/test/mjsunit/regress/regress-147497.js +45 -0
data/vendor/v8/test/mjsunit/regress/regress-148378.js +38 -0
data/vendor/v8/test/mjsunit/regress/regress-1563.js +1 -1
data/vendor/v8/test/mjsunit/regress/regress-1591.js +48 -0
data/vendor/v8/test/mjsunit/regress/regress-164442.js +45 -0
data/vendor/v8/test/mjsunit/regress/regress-165637.js +61 -0
data/vendor/v8/test/mjsunit/regress/regress-166379.js +39 -0
data/vendor/v8/test/mjsunit/regress/regress-166553.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-1692.js +1 -1
data/vendor/v8/test/mjsunit/regress/regress-171641.js +40 -0
data/vendor/v8/test/mjsunit/regress/regress-1980.js +1 -1
data/vendor/v8/test/mjsunit/regress/regress-2073.js +99 -0
data/vendor/v8/test/mjsunit/regress/regress-2119.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-2156.js +39 -0
data/vendor/v8/test/mjsunit/regress/regress-2163.js +70 -0
data/vendor/v8/test/mjsunit/regress/regress-2170.js +58 -0
data/vendor/v8/test/mjsunit/regress/regress-2172.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-2185-2.js +145 -0
data/vendor/v8/test/mjsunit/regress/regress-2185.js +38 -0
data/vendor/v8/test/mjsunit/regress/regress-2186.js +49 -0
data/vendor/v8/test/mjsunit/regress/regress-2193.js +58 -0
data/vendor/v8/test/mjsunit/regress/regress-2219.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-2225.js +65 -0
data/vendor/v8/test/mjsunit/regress/regress-2226.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-2234.js +41 -0
data/vendor/v8/test/mjsunit/regress/regress-2243.js +31 -0
data/vendor/v8/test/mjsunit/regress/regress-2249.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-2250.js +68 -0
data/vendor/v8/test/mjsunit/regress/regress-2261.js +113 -0
data/vendor/v8/test/mjsunit/regress/regress-2263.js +30 -0
data/vendor/v8/test/mjsunit/regress/regress-2284.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-2285.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-2286.js +32 -0
data/vendor/v8/test/mjsunit/regress/regress-2289.js +34 -0
data/vendor/v8/test/mjsunit/regress/regress-2291.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-2294.js +70 -0
data/vendor/v8/test/mjsunit/regress/regress-2296.js +40 -0
data/vendor/v8/test/mjsunit/regress/regress-2315.js +40 -0
data/vendor/v8/test/mjsunit/regress/regress-2318.js +66 -0
data/vendor/v8/test/mjsunit/regress/regress-2322.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-2326.js +54 -0
data/vendor/v8/test/mjsunit/regress/regress-2336.js +53 -0
data/vendor/v8/test/mjsunit/regress/regress-2339.js +59 -0
data/vendor/v8/test/mjsunit/regress/regress-2346.js +123 -0
data/vendor/v8/test/mjsunit/regress/regress-2373.js +29 -0
data/vendor/v8/test/mjsunit/regress/regress-2374.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-2398.js +41 -0
data/vendor/v8/test/mjsunit/regress/regress-2410.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-2416.js +75 -0
data/vendor/v8/test/mjsunit/regress/regress-2419.js +37 -0
data/vendor/v8/test/mjsunit/regress/regress-2433.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-2437.js +156 -0
data/vendor/v8/test/mjsunit/regress/regress-2438.js +52 -0
data/vendor/v8/test/mjsunit/regress/regress-2443.js +129 -0
data/vendor/v8/test/mjsunit/regress/regress-2444.js +120 -0
data/vendor/v8/test/mjsunit/regress/regress-2489.js +50 -0
data/vendor/v8/test/mjsunit/regress/regress-2499.js +40 -0
data/vendor/v8/test/mjsunit/regress/regress-334.js +1 -1
data/vendor/v8/test/mjsunit/regress/regress-492.js +39 -1
data/vendor/v8/test/mjsunit/regress/regress-builtin-array-op.js +38 -0
data/vendor/v8/test/mjsunit/regress/regress-cnlt-elements.js +43 -0
data/vendor/v8/test/mjsunit/regress/regress-cnlt-enum-indices.js +45 -0
data/vendor/v8/test/mjsunit/regress/regress-cntl-descriptors-enum.js +46 -0
data/vendor/v8/test/mjsunit/regress/regress-convert-enum.js +60 -0
data/vendor/v8/test/mjsunit/regress/regress-convert-enum2.js +46 -0
data/vendor/v8/test/mjsunit/regress/regress-convert-transition.js +40 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-119926.js +3 -1
data/vendor/v8/test/mjsunit/regress/regress-crbug-125148.js +90 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-134055.js +63 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-134609.js +59 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-135008.js +45 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-135066.js +55 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-137689.js +47 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-138887.js +48 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-140083.js +44 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-142087.js +38 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-142218.js +44 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-145961.js +39 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-146910.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-147475.js +48 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-148376.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-150545.js +53 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-150729.js +39 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-157019.js +54 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-157520.js +38 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-158185.js +39 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-160010.js +35 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-162085.js +71 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-168545.js +34 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-170856.js +33 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-172345.js +34 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-173974.js +36 -0
data/vendor/v8/test/mjsunit/regress/regress-crbug-18639.js +9 -5
data/vendor/v8/test/mjsunit/regress/regress-debug-code-recompilation.js +2 -1
data/vendor/v8/test/mjsunit/regress/regress-deep-proto.js +45 -0
data/vendor/v8/test/mjsunit/regress/regress-delete-empty-double.js +40 -0
data/vendor/v8/test/mjsunit/regress/regress-iteration-order.js +42 -0
data/vendor/v8/test/mjsunit/regress/regress-json-stringify-gc.js +41 -0
data/vendor/v8/test/mjsunit/regress/regress-latin-1.js +78 -0
data/vendor/v8/test/mjsunit/regress/regress-load-elements.js +49 -0
data/vendor/v8/test/mjsunit/regress/regress-observe-empty-double-array.js +38 -0
data/vendor/v8/test/mjsunit/regress/regress-undefined-store-keyed-fast-element.js +37 -0
data/vendor/v8/test/mjsunit/shift-for-integer-div.js +59 -0
data/vendor/v8/test/mjsunit/stack-traces-gc.js +119 -0
data/vendor/v8/test/mjsunit/stack-traces-overflow.js +122 -0
data/vendor/v8/test/mjsunit/stack-traces.js +39 -1
data/vendor/v8/test/mjsunit/str-to-num.js +7 -2
data/vendor/v8/test/mjsunit/strict-mode.js +36 -11
data/vendor/v8/test/mjsunit/string-charcodeat.js +3 -0
data/vendor/v8/test/mjsunit/string-natives.js +72 -0
data/vendor/v8/test/mjsunit/string-split.js +17 -0
data/vendor/v8/test/mjsunit/testcfg.py +76 -6
data/vendor/v8/test/mjsunit/tools/tickprocessor.js +4 -1
data/vendor/v8/test/mjsunit/try-finally-continue.js +72 -0
data/vendor/v8/test/mjsunit/typed-array-slice.js +61 -0
data/vendor/v8/test/mjsunit/unbox-double-arrays.js +2 -0
data/vendor/v8/test/mjsunit/uri.js +12 -0
data/vendor/v8/test/mjsunit/with-readonly.js +4 -2
data/vendor/v8/test/mozilla/mozilla.status +19 -113
data/vendor/v8/test/mozilla/testcfg.py +122 -3
data/vendor/v8/test/preparser/preparser.status +5 -0
data/vendor/v8/test/preparser/strict-identifiers.pyt +1 -1
data/vendor/v8/test/preparser/testcfg.py +101 -5
data/vendor/v8/test/sputnik/sputnik.status +1 -1
data/vendor/v8/test/sputnik/testcfg.py +5 -0
data/vendor/v8/test/test262/README +2 -2
data/vendor/v8/test/test262/test262.status +13 -36
data/vendor/v8/test/test262/testcfg.py +102 -8
data/vendor/v8/tools/android-build.sh +0 -0
data/vendor/v8/tools/android-ll-prof.sh +69 -0
data/vendor/v8/tools/android-run.py +109 -0
data/vendor/v8/tools/android-sync.sh +105 -0
data/vendor/v8/tools/bash-completion.sh +0 -0
data/vendor/v8/tools/check-static-initializers.sh +0 -0
data/vendor/v8/tools/common-includes.sh +15 -22
data/vendor/v8/tools/disasm.py +4 -4
data/vendor/v8/tools/fuzz-harness.sh +0 -0
data/vendor/v8/tools/gen-postmortem-metadata.py +6 -8
data/vendor/v8/tools/grokdump.py +404 -129
data/vendor/v8/tools/gyp/v8.gyp +105 -43
data/vendor/v8/tools/linux-tick-processor +5 -5
data/vendor/v8/tools/ll_prof.py +75 -15
data/vendor/v8/tools/merge-to-branch.sh +2 -2
data/vendor/v8/tools/plot-timer-events +70 -0
data/vendor/v8/tools/plot-timer-events.js +510 -0
data/vendor/v8/tools/presubmit.py +1 -0
data/vendor/v8/tools/push-to-trunk.sh +14 -4
data/vendor/v8/tools/run-llprof.sh +69 -0
data/vendor/v8/tools/run-tests.py +372 -0
data/vendor/v8/tools/run-valgrind.py +1 -1
data/vendor/v8/tools/status-file-converter.py +39 -0
data/vendor/v8/tools/test-server.py +224 -0
data/vendor/v8/tools/test-wrapper-gypbuild.py +13 -16
data/vendor/v8/tools/test.py +10 -19
data/vendor/v8/tools/testrunner/README +174 -0
data/vendor/v8/tools/testrunner/__init__.py +26 -0
data/vendor/v8/tools/testrunner/local/__init__.py +26 -0
data/vendor/v8/tools/testrunner/local/commands.py +153 -0
data/vendor/v8/tools/testrunner/local/execution.py +182 -0
data/vendor/v8/tools/testrunner/local/old_statusfile.py +460 -0
data/vendor/v8/tools/testrunner/local/progress.py +238 -0
data/vendor/v8/tools/testrunner/local/statusfile.py +145 -0
data/vendor/v8/tools/testrunner/local/testsuite.py +187 -0
data/vendor/v8/tools/testrunner/local/utils.py +108 -0
data/vendor/v8/tools/testrunner/local/verbose.py +99 -0
data/vendor/v8/tools/testrunner/network/__init__.py +26 -0
data/vendor/v8/tools/testrunner/network/distro.py +90 -0
data/vendor/v8/tools/testrunner/network/endpoint.py +124 -0
data/vendor/v8/tools/testrunner/network/network_execution.py +253 -0
data/vendor/v8/tools/testrunner/network/perfdata.py +120 -0
data/vendor/v8/tools/testrunner/objects/__init__.py +26 -0
data/vendor/v8/tools/testrunner/objects/context.py +50 -0
data/vendor/v8/tools/testrunner/objects/output.py +60 -0
data/vendor/v8/tools/testrunner/objects/peer.py +80 -0
data/vendor/v8/tools/testrunner/objects/testcase.py +83 -0
data/vendor/v8/tools/testrunner/objects/workpacket.py +90 -0
data/vendor/v8/tools/testrunner/server/__init__.py +26 -0
data/vendor/v8/tools/testrunner/server/compression.py +111 -0
data/vendor/v8/tools/testrunner/server/constants.py +51 -0
data/vendor/v8/tools/testrunner/server/daemon.py +147 -0
data/vendor/v8/tools/testrunner/server/local_handler.py +119 -0
data/vendor/v8/tools/testrunner/server/main.py +245 -0
data/vendor/v8/tools/testrunner/server/presence_handler.py +120 -0
data/vendor/v8/tools/testrunner/server/signatures.py +63 -0
data/vendor/v8/tools/testrunner/server/status_handler.py +112 -0
data/vendor/v8/tools/testrunner/server/work_handler.py +150 -0
data/vendor/v8/tools/tick-processor.html +168 -0
data/vendor/v8/tools/tickprocessor-driver.js +5 -3
data/vendor/v8/tools/tickprocessor.js +58 -15
metadata +534 -30
data/patches/add-freebsd9-and-freebsd10-to-gyp-GetFlavor.patch +0 -11
data/patches/do-not-imply-vfp3-and-armv7.patch +0 -44
data/patches/fPIC-on-x64.patch +0 -14
data/vendor/v8/src/liveobjectlist-inl.h +0 -126
data/vendor/v8/src/liveobjectlist.cc +0 -2631
data/vendor/v8/src/liveobjectlist.h +0 -319
data/vendor/v8/test/mjsunit/mul-exhaustive.js +0 -4629
data/vendor/v8/test/mjsunit/numops-fuzz.js +0 -4609
data/vendor/v8/test/mjsunit/regress/regress-1969.js +0 -5045

data/vendor/v8/src/ia32/macro-assembler-ia32.h CHANGED Viewed

@@ -35,18 +35,6 @@
 namespace v8 {
 namespace internal {
-// Flags used for the AllocateInNewSpace functions.
-enum AllocationFlags {
-  // No special flags.
-  NO_ALLOCATION_FLAGS = 0,
-  // Return the pointer to the allocated already tagged as a heap object.
-  TAG_OBJECT = 1 << 0,
-  // The content of the result register already contains the allocation top in
-  // new space.
-  RESULT_CONTAINS_TOP = 1 << 1
-};
 // Convenience for platform-independent signatures.  We do not normally
 // distinguish memory operands from other operands on ia32.
 typedef Operand MemOperand;
@@ -55,6 +43,12 @@ enum RememberedSetAction { EMIT_REMEMBERED_SET, OMIT_REMEMBERED_SET };
 enum SmiCheck { INLINE_SMI_CHECK, OMIT_SMI_CHECK };
+enum RegisterValueType {
+  REGISTER_VALUE_IS_SMI,
+  REGISTER_VALUE_IS_INT32
+};
 bool AreAliased(Register r1, Register r2, Register r3, Register r4);
@@ -90,6 +84,13 @@ class MacroAssembler: public Assembler {
                      Label* condition_met,
                      Label::Distance condition_met_distance = Label::kFar);
+  void CheckPageFlagForMap(
+      Handle<Map> map,
+      int mask,
+      Condition cc,
+      Label* condition_met,
+      Label::Distance condition_met_distance = Label::kFar);
   // Check if object is in new space.  Jumps if the object is not in new space.
   // The register scratch can be object itself, but scratch will be clobbered.
   void JumpIfNotInNewSpace(Register object,
@@ -194,6 +195,16 @@ class MacroAssembler: public Assembler {
       RememberedSetAction remembered_set_action = EMIT_REMEMBERED_SET,
       SmiCheck smi_check = INLINE_SMI_CHECK);
+  // For page containing |object| mark the region covering the object's map
+  // dirty. |object| is the object being stored into, |map| is the Map object
+  // that was stored.
+  void RecordWriteForMap(
+      Register object,
+      Handle<Map> map,
+      Register scratch1,
+      Register scratch2,
+      SaveFPRegsMode save_fp);
 #ifdef ENABLE_DEBUGGER_SUPPORT
   // ---------------------------------------------------------------------------
   // Debugger Support
@@ -222,8 +233,8 @@ class MacroAssembler: public Assembler {
   void LoadContext(Register dst, int context_chain_length);
   // Conditionally load the cached Array transitioned map of type
-  // transitioned_kind from the global context if the map in register
-  // map_in_out is the cached Array map in the global context of
+  // transitioned_kind from the native context if the map in register
+  // map_in_out is the cached Array map in the native context of
   // expected_kind.
   void LoadTransitionedArrayMapConditional(
       ElementsKind expected_kind,
@@ -371,7 +382,8 @@ class MacroAssembler: public Assembler {
                                    Register scratch1,
                                    XMMRegister scratch2,
                                    Label* fail,
-                                   bool specialize_for_processor);
+                                   bool specialize_for_processor,
+                                   int offset = 0);
   // Compare an object's map with the specified map and its transitioned
   // elements maps if mode is ALLOW_ELEMENT_TRANSITION_MAPS. FLAGS are set with
@@ -450,6 +462,8 @@ class MacroAssembler: public Assembler {
     j(not_carry, is_smi);
   }
+  void LoadUint32(XMMRegister dst, Register src, XMMRegister scratch);
   // Jump the register contains a smi.
   inline void JumpIfSmi(Register value,
                         Label* smi_label,
@@ -473,20 +487,29 @@ class MacroAssembler: public Assembler {
   }
   void LoadInstanceDescriptors(Register map, Register descriptors);
+  void EnumLength(Register dst, Register map);
+  void NumberOfOwnDescriptors(Register dst, Register map);
+  template<typename Field>
+  void DecodeField(Register reg) {
+    static const int shift = Field::kShift;
+    static const int mask = (Field::kMask >> Field::kShift) << kSmiTagSize;
+    sar(reg, shift);
+    and_(reg, Immediate(mask));
+  }
   void LoadPowerOf2(XMMRegister dst, Register scratch, int power);
-  // Abort execution if argument is not a number. Used in debug code.
-  void AbortIfNotNumber(Register object);
+  // Abort execution if argument is not a number, enabled via --debug-code.
+  void AssertNumber(Register object);
-  // Abort execution if argument is not a smi. Used in debug code.
-  void AbortIfNotSmi(Register object);
+  // Abort execution if argument is not a smi, enabled via --debug-code.
+  void AssertSmi(Register object);
-  // Abort execution if argument is a smi. Used in debug code.
-  void AbortIfSmi(Register object);
+  // Abort execution if argument is a smi, enabled via --debug-code.
+  void AssertNotSmi(Register object);
-  // Abort execution if argument is a string. Used in debug code.
-  void AbortIfNotString(Register object);
+  // Abort execution if argument is not a string, enabled via --debug-code.
+  void AssertString(Register object);
   // ---------------------------------------------------------------------------
   // Exception handling
@@ -547,6 +570,7 @@ class MacroAssembler: public Assembler {
   void AllocateInNewSpace(int header_size,
                           ScaleFactor element_size,
                           Register element_count,
+                          RegisterValueType element_count_type,
                           Register result,
                           Register result_end,
                           Register scratch,
@@ -671,7 +695,7 @@ class MacroAssembler: public Assembler {
   // Runtime calls
   // Call a code stub.  Generate the code if necessary.
-  void CallStub(CodeStub* stub, unsigned ast_id = kNoASTId);
+  void CallStub(CodeStub* stub, TypeFeedbackId ast_id = TypeFeedbackId::None());
   // Tail call a code stub (jump).  Generate the code if necessary.
   void TailCallStub(CodeStub* stub);
@@ -760,6 +784,7 @@ class MacroAssembler: public Assembler {
   // Push a handle value.
   void Push(Handle<Object> handle) { push(Immediate(handle)); }
+  void Push(Smi* smi) { Push(Handle<Smi>(smi)); }
   Handle<Object> CodeObject() {
     ASSERT(!code_object_.is_null());
@@ -834,6 +859,15 @@ class MacroAssembler: public Assembler {
   // in eax.  Assumes that any other register can be used as a scratch.
   void CheckEnumCache(Label* call_runtime);
+  // AllocationSiteInfo support. Arrays may have an associated
+  // AllocationSiteInfo object that can be checked for in order to pretransition
+  // to another type.
+  // On entry, receiver_reg should point to the array object.
+  // scratch_reg gets clobbered.
+  // If allocation info is present, conditional code is set to equal
+  void TestJSArrayForAllocationSiteInfo(Register receiver_reg,
+                                        Register scratch_reg);
  private:
   bool generating_stub_;
   bool allow_stub_calls_;
@@ -894,9 +928,9 @@ class MacroAssembler: public Assembler {
   Operand SafepointRegisterSlot(Register reg);
   static int SafepointRegisterStackIndex(int reg_code);
-  // Needs access to SafepointRegisterStackIndex for optimized frame
+  // Needs access to SafepointRegisterStackIndex for compiled frame
   // traversal.
-  friend class OptimizedFrame;
+  friend class StandardFrame;
 };
@@ -944,7 +978,7 @@ inline Operand ContextOperand(Register context, int index) {
 inline Operand GlobalObjectOperand() {
-  return ContextOperand(esi, Context::GLOBAL_INDEX);
+  return ContextOperand(esi, Context::GLOBAL_OBJECT_INDEX);
 }

data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.cc CHANGED Viewed

@@ -101,8 +101,10 @@ namespace internal {
 RegExpMacroAssemblerIA32::RegExpMacroAssemblerIA32(
     Mode mode,
-    int registers_to_save)
-    : masm_(new MacroAssembler(Isolate::Current(), NULL, kRegExpCodeSize)),
+    int registers_to_save,
+    Zone* zone)
+    : NativeRegExpMacroAssembler(zone),
+      masm_(new MacroAssembler(Isolate::Current(), NULL, kRegExpCodeSize)),
       mode_(mode),
       num_registers_(registers_to_save),
       num_saved_registers_(registers_to_save),
@@ -215,7 +217,7 @@ void RegExpMacroAssemblerIA32::CheckCharacters(Vector<const uc16> str,
   // If input is ASCII, don't even bother calling here if the string to
   // match contains a non-ASCII character.
   if (mode_ == ASCII) {
-    ASSERT(String::IsAscii(str.start(), str.length()));
+    ASSERT(String::IsOneByte(str.start(), str.length()));
   }
 #endif
   int byte_length = str.length() * char_size();
@@ -314,6 +316,11 @@ void RegExpMacroAssemblerIA32::CheckNotBackReferenceIgnoreCase(
   // uncaptured. In either case succeed immediately.
   __ j(equal, &fallthrough);
+  // Check that there are sufficient characters left in the input.
+  __ mov(eax, edi);
+  __ add(eax, ebx);
+  BranchOrBacktrack(greater, on_no_match);
   if (mode_ == ASCII) {
     Label success;
     Label fail;
@@ -337,7 +344,19 @@ void RegExpMacroAssemblerIA32::CheckNotBackReferenceIgnoreCase(
     __ or_(eax, 0x20);  // Convert match character to lower-case.
     __ lea(ecx, Operand(eax, -'a'));
     __ cmp(ecx, static_cast<int32_t>('z' - 'a'));  // Is eax a lowercase letter?
-    __ j(above, &fail);
+#ifndef ENABLE_LATIN_1
+    __ j(above, &fail);  // Weren't letters anyway.
+#else
+    Label convert_capture;
+    __ j(below_equal, &convert_capture);  // In range 'a'-'z'.
+    // Latin-1: Check for values in range [224,254] but not 247.
+    __ sub(ecx, Immediate(224 - 'a'));
+    __ cmp(ecx, Immediate(254 - 224));
+    __ j(above, &fail);  // Weren't Latin-1 letters.
+    __ cmp(ecx, Immediate(247 - 224));  // Check for 247.
+    __ j(equal, &fail);
+    __ bind(&convert_capture);
+#endif
     // Also convert capture character.
     __ movzx_b(ecx, Operand(edx, 0));
     __ or_(ecx, 0x20);
@@ -485,15 +504,6 @@ void RegExpMacroAssemblerIA32::CheckNotBackReference(
 }
-void RegExpMacroAssemblerIA32::CheckNotRegistersEqual(int reg1,
-                                                      int reg2,
-                                                      Label* on_not_equal) {
-  __ mov(eax, register_location(reg1));
-  __ cmp(eax, register_location(reg2));
-  BranchOrBacktrack(not_equal, on_not_equal);
-}
 void RegExpMacroAssemblerIA32::CheckNotCharacter(uint32_t c,
                                                  Label* on_not_equal) {
   __ cmp(current_character(), c);
@@ -571,7 +581,7 @@ void RegExpMacroAssemblerIA32::CheckBitInTable(
     Label* on_bit_set) {
   __ mov(eax, Immediate(table));
   Register index = current_character();
-  if (mode_ != ASCII || kTableMask != String::kMaxAsciiCharCode) {
+  if (mode_ != ASCII || kTableMask != String::kMaxOneByteCharCode) {
     __ mov(ebx, kTableSize - 1);
     __ and_(ebx, current_character());
     index = ebx;
@@ -857,7 +867,7 @@ Handle<HeapObject> RegExpMacroAssemblerIA32::GetCode(Handle<String> source) {
       }
       for (int i = 0; i < num_saved_registers_; i++) {
         __ mov(eax, register_location(i));
-        if (i == 0 && global()) {
+        if (i == 0 && global_with_zero_length_check()) {
           // Keep capture start in edx for the zero-length check later.
           __ mov(edx, eax);
         }
@@ -890,20 +900,23 @@ Handle<HeapObject> RegExpMacroAssemblerIA32::GetCode(Handle<String> source) {
       // Prepare eax to initialize registers with its value in the next run.
       __ mov(eax, Operand(ebp, kInputStartMinusOne));
-      // Special case for zero-length matches.
-      // edx: capture start index
-      __ cmp(edi, edx);
-      // Not a zero-length match, restart.
-      __ j(not_equal, &load_char_start_regexp);
-      // edi (offset from the end) is zero if we already reached the end.
-      __ test(edi, edi);
-      __ j(zero, &exit_label_, Label::kNear);
-      // Advance current position after a zero-length match.
-      if (mode_ == UC16) {
-        __ add(edi, Immediate(2));
-      } else {
-        __ inc(edi);
+      if (global_with_zero_length_check()) {
+        // Special case for zero-length matches.
+        // edx: capture start index
+        __ cmp(edi, edx);
+        // Not a zero-length match, restart.
+        __ j(not_equal, &load_char_start_regexp);
+        // edi (offset from the end) is zero if we already reached the end.
+        __ test(edi, edi);
+        __ j(zero, &exit_label_, Label::kNear);
+        // Advance current position after a zero-length match.
+        if (mode_ == UC16) {
+          __ add(edi, Immediate(2));
+        } else {
+          __ inc(edi);
+        }
       }
       __ jmp(&load_char_start_regexp);
     } else {
       __ mov(eax, Immediate(SUCCESS));
@@ -1196,7 +1209,7 @@ int RegExpMacroAssemblerIA32::CheckStackGuardState(Address* return_address,
   Handle<String> subject(frame_entry<String*>(re_frame, kInputString));
   // Current string.
-  bool is_ascii = subject->IsAsciiRepresentationUnderneath();
+  bool is_ascii = subject->IsOneByteRepresentationUnderneath();
   ASSERT(re_code->instruction_start() <= *return_address);
   ASSERT(*return_address <=
@@ -1227,7 +1240,7 @@ int RegExpMacroAssemblerIA32::CheckStackGuardState(Address* return_address,
   }
   // String might have changed.
-  if (subject_tmp->IsAsciiRepresentation() != is_ascii) {
+  if (subject_tmp->IsOneByteRepresentation() != is_ascii) {
     // If we changed between an ASCII and an UC16 string, the specialized
     // code cannot be used, and we need to restart regexp matching from
     // scratch (including, potentially, compiling a new version of the code).

data/vendor/v8/src/ia32/regexp-macro-assembler-ia32.h CHANGED Viewed

@@ -34,17 +34,10 @@
 namespace v8 {
 namespace internal {
-#ifdef V8_INTERPRETED_REGEXP
-class RegExpMacroAssemblerIA32: public RegExpMacroAssembler {
- public:
-  RegExpMacroAssemblerIA32() { }
-  virtual ~RegExpMacroAssemblerIA32() { }
-};
-#else  // V8_INTERPRETED_REGEXP
+#ifndef V8_INTERPRETED_REGEXP
 class RegExpMacroAssemblerIA32: public NativeRegExpMacroAssembler {
  public:
-  RegExpMacroAssemblerIA32(Mode mode, int registers_to_save);
+  RegExpMacroAssemblerIA32(Mode mode, int registers_to_save, Zone* zone);
   virtual ~RegExpMacroAssemblerIA32();
   virtual int stack_limit_slack();
   virtual void AdvanceCurrentPosition(int by);
@@ -69,7 +62,6 @@ class RegExpMacroAssemblerIA32: public NativeRegExpMacroAssembler {
   virtual void CheckNotBackReference(int start_reg, Label* on_no_match);
   virtual void CheckNotBackReferenceIgnoreCase(int start_reg,
                                                Label* on_no_match);
-  virtual void CheckNotRegistersEqual(int reg1, int reg2, Label* on_not_equal);
   virtual void CheckNotCharacter(uint32_t c, Label* on_not_equal);
   virtual void CheckNotCharacterAfterAnd(uint32_t c,
                                          uint32_t mask,

data/vendor/v8/src/ia32/stub-cache-ia32.cc CHANGED Viewed

@@ -276,12 +276,12 @@ void StubCompiler::GenerateDirectLoadGlobalFunctionPrototype(
     Register prototype,
     Label* miss) {
   // Check we're still in the same context.
-  __ cmp(Operand(esi, Context::SlotOffset(Context::GLOBAL_INDEX)),
-         masm->isolate()->global());
+  __ cmp(Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)),
+         masm->isolate()->global_object());
   __ j(not_equal, miss);
   // Get the global function with the given index.
   Handle<JSFunction> function(
-      JSFunction::cast(masm->isolate()->global_context()->get(index)));
+      JSFunction::cast(masm->isolate()->native_context()->get(index)));
   // Load its initial map. The global functions all have initial maps.
   __ Set(prototype, Immediate(Handle<Map>(function->initial_map())));
   // Load the prototype from the initial map.
@@ -376,18 +376,23 @@ void StubCompiler::GenerateFastPropertyLoad(MacroAssembler* masm,
                                             Register dst,
                                             Register src,
                                             Handle<JSObject> holder,
-                                            int index) {
-  // Adjust for the number of properties stored in the holder.
-  index -= holder->map()->inobject_properties();
-  if (index < 0) {
-    // Get the property straight out of the holder.
-    int offset = holder->map()->instance_size() + (index * kPointerSize);
+                                            PropertyIndex index) {
+  if (index.is_header_index()) {
+    int offset = index.header_index() * kPointerSize;
     __ mov(dst, FieldOperand(src, offset));
   } else {
-    // Calculate the offset into the properties array.
-    int offset = index * kPointerSize + FixedArray::kHeaderSize;
-    __ mov(dst, FieldOperand(src, JSObject::kPropertiesOffset));
-    __ mov(dst, FieldOperand(dst, offset));
+    // Adjust for the number of properties stored in the holder.
+    int slot = index.field_index() - holder->map()->inobject_properties();
+    if (slot < 0) {
+      // Get the property straight out of the holder.
+      int offset = holder->map()->instance_size() + (slot * kPointerSize);
+      __ mov(dst, FieldOperand(src, offset));
+    } else {
+      // Calculate the offset into the properties array.
+      int offset = slot * kPointerSize + FixedArray::kHeaderSize;
+      __ mov(dst, FieldOperand(src, JSObject::kPropertiesOffset));
+      __ mov(dst, FieldOperand(dst, offset));
+    }
   }
 }
@@ -732,6 +737,15 @@ void StubCompiler::GenerateLoadMiss(MacroAssembler* masm, Code::Kind kind) {
 }
+void StubCompiler::GenerateStoreMiss(MacroAssembler* masm, Code::Kind kind) {
+  ASSERT(kind == Code::STORE_IC || kind == Code::KEYED_STORE_IC);
+  Handle<Code> code = (kind == Code::STORE_IC)
+      ? masm->isolate()->builtins()->StoreIC_Miss()
+      : masm->isolate()->builtins()->KeyedStoreIC_Miss();
+  __ jmp(code, RelocInfo::CODE_TARGET);
+}
 void StubCompiler::GenerateKeyedLoadMissForceGeneric(MacroAssembler* masm) {
   Handle<Code> code =
       masm->isolate()->builtins()->KeyedLoadIC_MissForceGeneric();
@@ -745,10 +759,22 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
                                       Handle<JSObject> object,
                                       int index,
                                       Handle<Map> transition,
+                                      Handle<String> name,
                                       Register receiver_reg,
                                       Register name_reg,
-                                      Register scratch,
+                                      Register scratch1,
+                                      Register scratch2,
                                       Label* miss_label) {
+  LookupResult lookup(masm->isolate());
+  object->Lookup(*name, &lookup);
+  if (lookup.IsFound() && (lookup.IsReadOnly() || !lookup.IsCacheable())) {
+    // In sloppy mode, we could just return the value and be done. However, we
+    // might be in strict mode, where we have to throw. Since we cannot tell,
+    // go into slow case unconditionally.
+    __ jmp(miss_label);
+    return;
+  }
   // Check that the map of the object hasn't changed.
   CompareMapMode mode = transition.is_null() ? ALLOW_ELEMENT_TRANSITION_MAPS
                                              : REQUIRE_EXACT_MAP;
@@ -757,7 +783,32 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
   // Perform global security token check if needed.
   if (object->IsJSGlobalProxy()) {
-    __ CheckAccessGlobalProxy(receiver_reg, scratch, miss_label);
+    __ CheckAccessGlobalProxy(receiver_reg, scratch1, miss_label);
+  }
+  // Check that we are allowed to write this.
+  if (!transition.is_null() && object->GetPrototype()->IsJSObject()) {
+    JSObject* holder;
+    if (lookup.IsFound()) {
+      holder = lookup.holder();
+    } else {
+      // Find the top object.
+      holder = *object;
+      do {
+        holder = JSObject::cast(holder->GetPrototype());
+      } while (holder->GetPrototype()->IsJSObject());
+    }
+    // We need an extra register, push
+    __ push(name_reg);
+    Label miss_pop, done_check;
+    CheckPrototypes(object, receiver_reg, Handle<JSObject>(holder), name_reg,
+                    scratch1, scratch2, name, &miss_pop);
+    __ jmp(&done_check);
+    __ bind(&miss_pop);
+    __ pop(name_reg);
+    __ jmp(miss_label);
+    __ bind(&done_check);
+    __ pop(name_reg);
   }
   // Stub never generated for non-global objects that require access
@@ -768,11 +819,11 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
   if (!transition.is_null() && (object->map()->unused_property_fields() == 0)) {
     // The properties must be extended before we can store the value.
     // We jump to a runtime call that extends the properties array.
-    __ pop(scratch);  // Return address.
+    __ pop(scratch1);  // Return address.
     __ push(receiver_reg);
     __ push(Immediate(transition));
     __ push(eax);
-    __ push(scratch);
+    __ push(scratch1);
     __ TailCallExternalReference(
         ExternalReference(IC_Utility(IC::kSharedStoreIC_ExtendStorage),
                           masm->isolate()),
@@ -783,14 +834,14 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
   if (!transition.is_null()) {
     // Update the map of the object.
-    __ mov(scratch, Immediate(transition));
-    __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch);
+    __ mov(scratch1, Immediate(transition));
+    __ mov(FieldOperand(receiver_reg, HeapObject::kMapOffset), scratch1);
     // Update the write barrier for the map field and pass the now unused
     // name_reg as scratch register.
     __ RecordWriteField(receiver_reg,
                         HeapObject::kMapOffset,
-                        scratch,
+                        scratch1,
                         name_reg,
                         kDontSaveFPRegs,
                         OMIT_REMEMBERED_SET,
@@ -813,19 +864,19 @@ void StubCompiler::GenerateStoreField(MacroAssembler* masm,
     __ RecordWriteField(receiver_reg,
                         offset,
                         name_reg,
-                        scratch,
+                        scratch1,
                         kDontSaveFPRegs);
   } else {
     // Write to the properties array.
     int offset = index * kPointerSize + FixedArray::kHeaderSize;
     // Get the properties array (optimistically).
-    __ mov(scratch, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
-    __ mov(FieldOperand(scratch, offset), eax);
+    __ mov(scratch1, FieldOperand(receiver_reg, JSObject::kPropertiesOffset));
+    __ mov(FieldOperand(scratch1, offset), eax);
     // Update the write barrier for the array address.
     // Pass the value being stored in the now unused name_reg.
     __ mov(name_reg, eax);
-    __ RecordWriteField(scratch,
+    __ RecordWriteField(scratch1,
                         offset,
                         name_reg,
                         receiver_reg,
@@ -999,7 +1050,7 @@ void StubCompiler::GenerateLoadField(Handle<JSObject> object,
                                      Register scratch1,
                                      Register scratch2,
                                      Register scratch3,
-                                     int index,
+                                     PropertyIndex index,
                                      Handle<String> name,
                                      Label* miss) {
   // Check that the receiver isn't a smi.
@@ -1015,6 +1066,58 @@ void StubCompiler::GenerateLoadField(Handle<JSObject> object,
 }
+void StubCompiler::GenerateDictionaryLoadCallback(Register receiver,
+                                                  Register name_reg,
+                                                  Register scratch1,
+                                                  Register scratch2,
+                                                  Register scratch3,
+                                                  Handle<AccessorInfo> callback,
+                                                  Handle<String> name,
+                                                  Label* miss) {
+  ASSERT(!receiver.is(scratch2));
+  ASSERT(!receiver.is(scratch3));
+  Register dictionary = scratch1;
+  bool must_preserve_dictionary_reg = receiver.is(dictionary);
+  // Load the properties dictionary.
+  if (must_preserve_dictionary_reg) {
+    __ push(dictionary);
+  }
+  __ mov(dictionary, FieldOperand(receiver, JSObject::kPropertiesOffset));
+  // Probe the dictionary.
+  Label probe_done, pop_and_miss;
+  StringDictionaryLookupStub::GeneratePositiveLookup(masm(),
+                                                     &pop_and_miss,
+                                                     &probe_done,
+                                                     dictionary,
+                                                     name_reg,
+                                                     scratch2,
+                                                     scratch3);
+  __ bind(&pop_and_miss);
+  if (must_preserve_dictionary_reg) {
+    __ pop(dictionary);
+  }
+  __ jmp(miss);
+  __ bind(&probe_done);
+  // If probing finds an entry in the dictionary, scratch2 contains the
+  // index into the dictionary. Check that the value is the callback.
+  Register index = scratch2;
+  const int kElementsStartOffset =
+      StringDictionary::kHeaderSize +
+      StringDictionary::kElementsStartIndex * kPointerSize;
+  const int kValueOffset = kElementsStartOffset + kPointerSize;
+  __ mov(scratch3,
+         Operand(dictionary, index, times_4, kValueOffset - kHeapObjectTag));
+  if (must_preserve_dictionary_reg) {
+    __ pop(dictionary);
+  }
+  __ cmp(scratch3, callback);
+  __ j(not_equal, miss);
+}
 void StubCompiler::GenerateLoadCallback(Handle<JSObject> object,
                                         Handle<JSObject> holder,
                                         Register receiver,
@@ -1022,6 +1125,7 @@ void StubCompiler::GenerateLoadCallback(Handle<JSObject> object,
                                         Register scratch1,
                                         Register scratch2,
                                         Register scratch3,
+                                        Register scratch4,
                                         Handle<AccessorInfo> callback,
                                         Handle<String> name,
                                         Label* miss) {
@@ -1032,6 +1136,11 @@ void StubCompiler::GenerateLoadCallback(Handle<JSObject> object,
   Register reg = CheckPrototypes(object, receiver, holder, scratch1,
                                  scratch2, scratch3, name, miss);
+  if (!holder->HasFastProperties() && !holder->IsJSGlobalObject()) {
+    GenerateDictionaryLoadCallback(
+        reg, name_reg, scratch1, scratch2, scratch3, callback, name, miss);
+  }
   // Insert additional parameters into the stack frame above return address.
   ASSERT(!scratch3.is(reg));
   __ pop(scratch3);  // Get return address to place it below.
@@ -1120,12 +1229,13 @@ void StubCompiler::GenerateLoadInterceptor(Handle<JSObject> object,
   // later.
   bool compile_followup_inline = false;
   if (lookup->IsFound() && lookup->IsCacheable()) {
-    if (lookup->type() == FIELD) {
+    if (lookup->IsField()) {
       compile_followup_inline = true;
     } else if (lookup->type() == CALLBACKS &&
                lookup->GetCallbackObject()->IsAccessorInfo()) {
-      compile_followup_inline =
-          AccessorInfo::cast(lookup->GetCallbackObject())->getter() != NULL;
+      AccessorInfo* callback = AccessorInfo::cast(lookup->GetCallbackObject());
+      compile_followup_inline = callback->getter() != NULL &&
+          callback->IsCompatibleReceiver(*object);
     }
   }
@@ -1204,7 +1314,7 @@ void StubCompiler::GenerateLoadInterceptor(Handle<JSObject> object,
                                    miss);
     }
-    if (lookup->type() == FIELD) {
+    if (lookup->IsField()) {
       // We found FIELD property in prototype chain of interceptor's holder.
       // Retrieve a field from field's holder.
       GenerateFastPropertyLoad(masm(), eax, holder_reg,
@@ -1327,7 +1437,7 @@ void CallStubCompiler::GenerateMissBranch() {
 Handle<Code> CallStubCompiler::CompileCallField(Handle<JSObject> object,
                                                 Handle<JSObject> holder,
-                                                int index,
+                                                PropertyIndex index,
                                                 Handle<String> name) {
   // ----------- S t a t e -------------
   //  -- ecx                 : name
@@ -1377,7 +1487,7 @@ Handle<Code> CallStubCompiler::CompileCallField(Handle<JSObject> object,
   GenerateMissBranch();
   // Return the generated code.
-  return GetCode(FIELD, name);
+  return GetCode(Code::FIELD, name);
 }
@@ -1422,7 +1532,7 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
     Label call_builtin;
     if (argc == 1) {  // Otherwise fall through to call builtin.
-      Label attempt_to_grow_elements, with_write_barrier;
+      Label attempt_to_grow_elements, with_write_barrier, check_double;
       // Get the elements array of the object.
       __ mov(edi, FieldOperand(edx, JSArray::kElementsOffset));
@@ -1430,7 +1540,7 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
       // Check that the elements are in fast mode and writable.
       __ cmp(FieldOperand(edi, HeapObject::kMapOffset),
              Immediate(factory()->fixed_array_map()));
-      __ j(not_equal, &call_builtin);
+      __ j(not_equal, &check_double);
       // Get the array's length into eax and calculate new length.
       __ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
@@ -1461,17 +1571,49 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
       __ ret((argc + 1) * kPointerSize);
+      __ bind(&check_double);
+      // Check that the elements are in double mode.
+      __ cmp(FieldOperand(edi, HeapObject::kMapOffset),
+             Immediate(factory()->fixed_double_array_map()));
+      __ j(not_equal, &call_builtin);
+      // Get the array's length into eax and calculate new length.
+      __ mov(eax, FieldOperand(edx, JSArray::kLengthOffset));
+      STATIC_ASSERT(kSmiTagSize == 1);
+      STATIC_ASSERT(kSmiTag == 0);
+      __ add(eax, Immediate(Smi::FromInt(argc)));
+      // Get the elements' length into ecx.
+      __ mov(ecx, FieldOperand(edi, FixedArray::kLengthOffset));
+      // Check if we could survive without allocation.
+      __ cmp(eax, ecx);
+      __ j(greater, &call_builtin);
+      __ mov(ecx, Operand(esp, argc * kPointerSize));
+      __ StoreNumberToDoubleElements(
+          ecx, edi, eax, ecx, xmm0, &call_builtin, true, argc * kDoubleSize);
+      // Save new length.
+      __ mov(FieldOperand(edx, JSArray::kLengthOffset), eax);
+      __ ret((argc + 1) * kPointerSize);
       __ bind(&with_write_barrier);
       __ mov(ebx, FieldOperand(edx, HeapObject::kMapOffset));
-      if (FLAG_smi_only_arrays  && !FLAG_trace_elements_transitions) {
+      if (FLAG_smi_only_arrays && !FLAG_trace_elements_transitions) {
         Label fast_object, not_fast_object;
         __ CheckFastObjectElements(ebx, &not_fast_object, Label::kNear);
         __ jmp(&fast_object);
         // In case of fast smi-only, convert to fast object, otherwise bail out.
         __ bind(&not_fast_object);
         __ CheckFastSmiElements(ebx, &call_builtin);
+        __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
+               Immediate(factory()->heap_number_map()));
+        __ j(equal, &call_builtin);
         // edi: elements array
         // edx: receiver
         // ebx: map
@@ -1483,7 +1625,9 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
                                                &try_holey_map);
         ElementsTransitionGenerator::
-            GenerateMapChangeElementsTransition(masm());
+            GenerateMapChangeElementsTransition(masm(),
+                                                DONT_TRACK_ALLOCATION_SITE,
+                                                NULL);
         // Restore edi.
         __ mov(edi, FieldOperand(edx, JSArray::kElementsOffset));
         __ jmp(&fast_object);
@@ -1495,7 +1639,9 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
                                                edi,
                                                &call_builtin);
         ElementsTransitionGenerator::
-            GenerateMapChangeElementsTransition(masm());
+            GenerateMapChangeElementsTransition(masm(),
+                                                DONT_TRACK_ALLOCATION_SITE,
+                                                NULL);
         // Restore edi.
         __ mov(edi, FieldOperand(edx, JSArray::kElementsOffset));
         __ bind(&fast_object);
@@ -1924,7 +2070,7 @@ Handle<Code> CallStubCompiler::CompileStringFromCharCodeCall(
   GenerateMissBranch();
   // Return the generated code.
-  return cell.is_null() ? GetCode(function) : GetCode(NORMAL, name);
+  return cell.is_null() ? GetCode(function) : GetCode(Code::NORMAL, name);
 }
@@ -2054,7 +2200,7 @@ Handle<Code> CallStubCompiler::CompileMathFloorCall(
   GenerateMissBranch();
   // Return the generated code.
-  return cell.is_null() ? GetCode(function) : GetCode(NORMAL, name);
+  return cell.is_null() ? GetCode(function) : GetCode(Code::NORMAL, name);
 }
@@ -2159,7 +2305,7 @@ Handle<Code> CallStubCompiler::CompileMathAbsCall(
   GenerateMissBranch();
   // Return the generated code.
-  return cell.is_null() ? GetCode(function) : GetCode(NORMAL, name);
+  return cell.is_null() ? GetCode(function) : GetCode(Code::NORMAL, name);
 }
@@ -2222,11 +2368,11 @@ Handle<Code> CallStubCompiler::CompileFastApiCall(
 }
-Handle<Code> CallStubCompiler::CompileCallConstant(Handle<Object> object,
-                                                   Handle<JSObject> holder,
-                                                   Handle<JSFunction> function,
-                                                   Handle<String> name,
-                                                   CheckType check) {
+void CallStubCompiler::CompileHandlerFrontend(Handle<Object> object,
+                                              Handle<JSObject> holder,
+                                              Handle<String> name,
+                                              CheckType check,
+                                              Label* success) {
   // ----------- S t a t e -------------
   //  -- ecx                 : name
   //  -- esp[0]              : return address
@@ -2234,15 +2380,6 @@ Handle<Code> CallStubCompiler::CompileCallConstant(Handle<Object> object,
   //  -- ...
   //  -- esp[(argc + 1) * 4] : receiver
   // -----------------------------------
-  if (HasCustomCallGenerator(function)) {
-    Handle<Code> code = CompileCustomCall(object, holder,
-                                          Handle<JSGlobalPropertyCell>::null(),
-                                          function, name);
-    // A null handle means bail out to the regular compiler code below.
-    if (!code.is_null()) return code;
-  }
   Label miss;
   GenerateNameCheck(name, &miss);
@@ -2275,76 +2412,87 @@ Handle<Code> CallStubCompiler::CompileCallConstant(Handle<Object> object,
       break;
     case STRING_CHECK:
-      if (function->IsBuiltin() || !function->shared()->is_classic_mode()) {
-        // Check that the object is a string or a symbol.
-        __ CmpObjectType(edx, FIRST_NONSTRING_TYPE, eax);
-        __ j(above_equal, &miss);
-        // Check that the maps starting from the prototype haven't changed.
-        GenerateDirectLoadGlobalFunctionPrototype(
-            masm(), Context::STRING_FUNCTION_INDEX, eax, &miss);
-        CheckPrototypes(
-            Handle<JSObject>(JSObject::cast(object->GetPrototype())),
-            eax, holder, ebx, edx, edi, name, &miss);
-      } else {
-        // Calling non-strict non-builtins with a value as the receiver
-        // requires boxing.
-        __ jmp(&miss);
-      }
+      // Check that the object is a string or a symbol.
+      __ CmpObjectType(edx, FIRST_NONSTRING_TYPE, eax);
+      __ j(above_equal, &miss);
+      // Check that the maps starting from the prototype haven't changed.
+      GenerateDirectLoadGlobalFunctionPrototype(
+          masm(), Context::STRING_FUNCTION_INDEX, eax, &miss);
+      CheckPrototypes(
+          Handle<JSObject>(JSObject::cast(object->GetPrototype())),
+          eax, holder, ebx, edx, edi, name, &miss);
       break;
-    case NUMBER_CHECK:
-      if (function->IsBuiltin() || !function->shared()->is_classic_mode()) {
-        Label fast;
-        // Check that the object is a smi or a heap number.
-        __ JumpIfSmi(edx, &fast);
-        __ CmpObjectType(edx, HEAP_NUMBER_TYPE, eax);
-        __ j(not_equal, &miss);
-        __ bind(&fast);
-        // Check that the maps starting from the prototype haven't changed.
-        GenerateDirectLoadGlobalFunctionPrototype(
-            masm(), Context::NUMBER_FUNCTION_INDEX, eax, &miss);
-        CheckPrototypes(
-            Handle<JSObject>(JSObject::cast(object->GetPrototype())),
-            eax, holder, ebx, edx, edi, name, &miss);
-      } else {
-        // Calling non-strict non-builtins with a value as the receiver
-        // requires boxing.
-        __ jmp(&miss);
-      }
+    case NUMBER_CHECK: {
+      Label fast;
+      // Check that the object is a smi or a heap number.
+      __ JumpIfSmi(edx, &fast);
+      __ CmpObjectType(edx, HEAP_NUMBER_TYPE, eax);
+      __ j(not_equal, &miss);
+      __ bind(&fast);
+      // Check that the maps starting from the prototype haven't changed.
+      GenerateDirectLoadGlobalFunctionPrototype(
+          masm(), Context::NUMBER_FUNCTION_INDEX, eax, &miss);
+      CheckPrototypes(
+          Handle<JSObject>(JSObject::cast(object->GetPrototype())),
+          eax, holder, ebx, edx, edi, name, &miss);
       break;
-    case BOOLEAN_CHECK:
-      if (function->IsBuiltin() || !function->shared()->is_classic_mode()) {
-        Label fast;
-        // Check that the object is a boolean.
-        __ cmp(edx, factory()->true_value());
-        __ j(equal, &fast);
-        __ cmp(edx, factory()->false_value());
-        __ j(not_equal, &miss);
-        __ bind(&fast);
-        // Check that the maps starting from the prototype haven't changed.
-        GenerateDirectLoadGlobalFunctionPrototype(
-            masm(), Context::BOOLEAN_FUNCTION_INDEX, eax, &miss);
-        CheckPrototypes(
-            Handle<JSObject>(JSObject::cast(object->GetPrototype())),
-            eax, holder, ebx, edx, edi, name, &miss);
-      } else {
-        // Calling non-strict non-builtins with a value as the receiver
-        // requires boxing.
-        __ jmp(&miss);
-      }
+    }
+    case BOOLEAN_CHECK: {
+      Label fast;
+      // Check that the object is a boolean.
+      __ cmp(edx, factory()->true_value());
+      __ j(equal, &fast);
+      __ cmp(edx, factory()->false_value());
+      __ j(not_equal, &miss);
+      __ bind(&fast);
+      // Check that the maps starting from the prototype haven't changed.
+      GenerateDirectLoadGlobalFunctionPrototype(
+          masm(), Context::BOOLEAN_FUNCTION_INDEX, eax, &miss);
+      CheckPrototypes(
+          Handle<JSObject>(JSObject::cast(object->GetPrototype())),
+          eax, holder, ebx, edx, edi, name, &miss);
       break;
+    }
   }
+  __ jmp(success);
+  // Handle call cache miss.
+  __ bind(&miss);
+  GenerateMissBranch();
+}
+void CallStubCompiler::CompileHandlerBackend(Handle<JSFunction> function) {
   CallKind call_kind = CallICBase::Contextual::decode(extra_state_)
       ? CALL_AS_FUNCTION
       : CALL_AS_METHOD;
   __ InvokeFunction(function, arguments(), JUMP_FUNCTION,
                     NullCallWrapper(), call_kind);
+}
-  // Handle call cache miss.
-  __ bind(&miss);
-  GenerateMissBranch();
+Handle<Code> CallStubCompiler::CompileCallConstant(
+    Handle<Object> object,
+    Handle<JSObject> holder,
+    Handle<String> name,
+    CheckType check,
+    Handle<JSFunction> function) {
+  if (HasCustomCallGenerator(function)) {
+    Handle<Code> code = CompileCustomCall(object, holder,
+                                          Handle<JSGlobalPropertyCell>::null(),
+                                          function, name);
+    // A null handle means bail out to the regular compiler code below.
+    if (!code.is_null()) return code;
+  }
+  Label success;
+  CompileHandlerFrontend(object, holder, name, check, &success);
+  __ bind(&success);
+  CompileHandlerBackend(function);
   // Return the generated code.
   return GetCode(function);
@@ -2406,7 +2554,7 @@ Handle<Code> CallStubCompiler::CompileCallInterceptor(Handle<JSObject> object,
   GenerateMissBranch();
   // Return the generated code.
-  return GetCode(INTERCEPTOR, name);
+  return GetCode(Code::INTERCEPTOR, name);
 }
@@ -2467,7 +2615,7 @@ Handle<Code> CallStubCompiler::CompileCallGlobal(
   GenerateMissBranch();
   // Return the generated code.
-  return GetCode(NORMAL, name);
+  return GetCode(Code::NORMAL, name);
 }
@@ -2484,8 +2632,13 @@ Handle<Code> StoreStubCompiler::CompileStoreField(Handle<JSObject> object,
   Label miss;
   // Generate store field code.  Trashes the name register.
-  GenerateStoreField(masm(), object, index, transition, edx, ecx, ebx, &miss);
+  GenerateStoreField(masm(),
+                     object,
+                     index,
+                     transition,
+                     name,
+                     edx, ecx, ebx, edi,
+                     &miss);
   // Handle store cache miss.
   __ bind(&miss);
   __ mov(ecx, Immediate(name));  // restore name
@@ -2493,14 +2646,17 @@ Handle<Code> StoreStubCompiler::CompileStoreField(Handle<JSObject> object,
   __ jmp(ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(transition.is_null() ? FIELD : MAP_TRANSITION, name);
+  return GetCode(transition.is_null()
+                 ? Code::FIELD
+                 : Code::MAP_TRANSITION, name);
 }
 Handle<Code> StoreStubCompiler::CompileStoreCallback(
-    Handle<JSObject> object,
-    Handle<AccessorInfo> callback,
-    Handle<String> name) {
+    Handle<String> name,
+    Handle<JSObject> receiver,
+    Handle<JSObject> holder,
+    Handle<AccessorInfo> callback) {
   // ----------- S t a t e -------------
   //  -- eax    : value
   //  -- ecx    : name
@@ -2508,19 +2664,14 @@ Handle<Code> StoreStubCompiler::CompileStoreCallback(
   //  -- esp[0] : return address
   // -----------------------------------
   Label miss;
+  // Check that the maps haven't changed, preserving the value register.
+  __ push(eax);
+  __ JumpIfSmi(edx, &miss);
+  CheckPrototypes(receiver, edx, holder, ebx, eax, edi, name, &miss);
+  __ pop(eax);  // restore value
-  // Check that the map of the object hasn't changed.
-  __ CheckMap(edx, Handle<Map>(object->map()),
-              &miss, DO_SMI_CHECK, ALLOW_ELEMENT_TRANSITION_MAPS);
-  // Perform global security token check if needed.
-  if (object->IsJSGlobalProxy()) {
-    __ CheckAccessGlobalProxy(edx, ebx, &miss);
-  }
-  // Stub never generated for non-global objects that require access
-  // checks.
-  ASSERT(object->IsJSGlobalProxy() || !object->IsAccessCheckNeeded());
+  // Stub never generated for non-global objects that require access checks.
+  ASSERT(holder->IsJSGlobalProxy() || !holder->IsAccessCheckNeeded());
   __ pop(ebx);  // remove the return address
   __ push(edx);  // receiver
@@ -2536,11 +2687,89 @@ Handle<Code> StoreStubCompiler::CompileStoreCallback(
   // Handle store cache miss.
   __ bind(&miss);
+  __ pop(eax);
+  Handle<Code> ic = isolate()->builtins()->StoreIC_Miss();
+  __ jmp(ic, RelocInfo::CODE_TARGET);
+  // Return the generated code.
+  return GetCode(Code::CALLBACKS, name);
+}
+#undef __
+#define __ ACCESS_MASM(masm)
+void StoreStubCompiler::GenerateStoreViaSetter(
+    MacroAssembler* masm,
+    Handle<JSFunction> setter) {
+  // ----------- S t a t e -------------
+  //  -- eax    : value
+  //  -- ecx    : name
+  //  -- edx    : receiver
+  //  -- esp[0] : return address
+  // -----------------------------------
+  {
+    FrameScope scope(masm, StackFrame::INTERNAL);
+    // Save value register, so we can restore it later.
+    __ push(eax);
+    if (!setter.is_null()) {
+      // Call the JavaScript setter with receiver and value on the stack.
+      __ push(edx);
+      __ push(eax);
+      ParameterCount actual(1);
+      __ InvokeFunction(setter, actual, CALL_FUNCTION, NullCallWrapper(),
+                        CALL_AS_METHOD);
+    } else {
+      // If we generate a global code snippet for deoptimization only, remember
+      // the place to continue after deoptimization.
+      masm->isolate()->heap()->SetSetterStubDeoptPCOffset(masm->pc_offset());
+    }
+    // We have to return the passed value, not the return value of the setter.
+    __ pop(eax);
+    // Restore context register.
+    __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+  }
+  __ ret(0);
+}
+#undef __
+#define __ ACCESS_MASM(masm())
+Handle<Code> StoreStubCompiler::CompileStoreViaSetter(
+    Handle<String> name,
+    Handle<JSObject> receiver,
+    Handle<JSObject> holder,
+    Handle<JSFunction> setter) {
+  // ----------- S t a t e -------------
+  //  -- eax    : value
+  //  -- ecx    : name
+  //  -- edx    : receiver
+  //  -- esp[0] : return address
+  // -----------------------------------
+  Label miss;
+  // Check that the maps haven't changed, preserving the name register.
+  __ push(ecx);
+  __ JumpIfSmi(edx, &miss);
+  CheckPrototypes(receiver, edx, holder, ebx, ecx, edi, name, &miss);
+  __ pop(ecx);
+  GenerateStoreViaSetter(masm(), setter);
+  __ bind(&miss);
+  __ pop(ecx);
   Handle<Code> ic = isolate()->builtins()->StoreIC_Miss();
   __ jmp(ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(CALLBACKS, name);
+  return GetCode(Code::CALLBACKS, name);
 }
@@ -2586,7 +2815,7 @@ Handle<Code> StoreStubCompiler::CompileStoreInterceptor(
   __ jmp(ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(INTERCEPTOR, name);
+  return GetCode(Code::INTERCEPTOR, name);
 }
@@ -2634,7 +2863,7 @@ Handle<Code> StoreStubCompiler::CompileStoreGlobal(
   __ jmp(ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(NORMAL, name);
+  return GetCode(Code::NORMAL, name);
 }
@@ -2658,7 +2887,13 @@ Handle<Code> KeyedStoreStubCompiler::CompileStoreField(Handle<JSObject> object,
   __ j(not_equal, &miss);
   // Generate store field code.  Trashes the name register.
-  GenerateStoreField(masm(), object, index, transition, edx, ecx, ebx, &miss);
+  GenerateStoreField(masm(),
+                     object,
+                     index,
+                     transition,
+                     name,
+                     edx, ecx, ebx, edi,
+                     &miss);
   // Handle store cache miss.
   __ bind(&miss);
@@ -2667,7 +2902,9 @@ Handle<Code> KeyedStoreStubCompiler::CompileStoreField(Handle<JSObject> object,
   __ jmp(ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(transition.is_null() ? FIELD : MAP_TRANSITION, name);
+  return GetCode(transition.is_null()
+                 ? Code::FIELD
+                 : Code::MAP_TRANSITION, name);
 }
@@ -2690,7 +2927,7 @@ Handle<Code> KeyedStoreStubCompiler::CompileStoreElement(
   __ jmp(ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(NORMAL, factory()->empty_string());
+  return GetCode(Code::NORMAL, factory()->empty_string());
 }
@@ -2725,13 +2962,15 @@ Handle<Code> KeyedStoreStubCompiler::CompileStorePolymorphic(
   __ jmp(miss_ic, RelocInfo::CODE_TARGET);
   // Return the generated code.
-  return GetCode(NORMAL, factory()->empty_string(), MEGAMORPHIC);
+  return GetCode(Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
 }
-Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<String> name,
-                                                      Handle<JSObject> object,
-                                                      Handle<JSObject> last) {
+Handle<Code> LoadStubCompiler::CompileLoadNonexistent(
+    Handle<JSObject> object,
+    Handle<JSObject> last,
+    Handle<String> name,
+    Handle<GlobalObject> global) {
   // ----------- S t a t e -------------
   //  -- ecx    : name
   //  -- edx    : receiver
@@ -2742,18 +2981,25 @@ Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<String> name,
   // Check that the receiver isn't a smi.
   __ JumpIfSmi(edx, &miss);
-  ASSERT(last->IsGlobalObject() || last->HasFastProperties());
+  Register scratch = eax;
   // Check the maps of the full prototype chain. Also check that
   // global property cells up to (but not including) the last object
   // in the prototype chain are empty.
-  CheckPrototypes(object, edx, last, ebx, eax, edi, name, &miss);
+  Register result =
+      CheckPrototypes(object, edx, last, ebx, scratch, edi, name, &miss);
   // If the last object in the prototype chain is a global object,
   // check that the global property cell is empty.
-  if (last->IsGlobalObject()) {
-    GenerateCheckPropertyCell(
-        masm(), Handle<GlobalObject>::cast(last), name, eax, &miss);
+  if (!global.is_null()) {
+    GenerateCheckPropertyCell(masm(), global, name, scratch, &miss);
+  }
+  if (!last->HasFastProperties()) {
+    __ mov(scratch, FieldOperand(result, HeapObject::kMapOffset));
+    __ mov(scratch, FieldOperand(scratch, Map::kPrototypeOffset));
+    __ cmp(scratch, isolate()->factory()->null_value());
+    __ j(not_equal, &miss);
   }
   // Return undefined if maps of the full prototype chain are still the
@@ -2765,75 +3011,74 @@ Handle<Code> LoadStubCompiler::CompileLoadNonexistent(Handle<String> name,
   GenerateLoadMiss(masm(), Code::LOAD_IC);
   // Return the generated code.
-  return GetCode(NONEXISTENT, factory()->empty_string());
+  return GetCode(Code::NONEXISTENT, factory()->empty_string());
 }
-Handle<Code> LoadStubCompiler::CompileLoadField(Handle<JSObject> object,
-                                                Handle<JSObject> holder,
-                                                int index,
-                                                Handle<String> name) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : name
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
+Register* LoadStubCompiler::registers() {
+  // receiver, name, scratch1, scratch2, scratch3, scratch4.
+  static Register registers[] = { edx, ecx, ebx, eax, edi, no_reg };
+  return registers;
+}
-  GenerateLoadField(object, holder, edx, ebx, eax, edi, index, name, &miss);
-  __ bind(&miss);
-  GenerateLoadMiss(masm(), Code::LOAD_IC);
-  // Return the generated code.
-  return GetCode(FIELD, name);
+Register* KeyedLoadStubCompiler::registers() {
+  // receiver, name, scratch1, scratch2, scratch3, scratch4.
+  static Register registers[] = { edx, ecx, ebx, eax, edi, no_reg };
+  return registers;
 }
-Handle<Code> LoadStubCompiler::CompileLoadCallback(
-    Handle<String> name,
-    Handle<JSObject> object,
-    Handle<JSObject> holder,
-    Handle<AccessorInfo> callback) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : name
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
+void KeyedLoadStubCompiler::GenerateNameCheck(Handle<String> name,
+                                              Register name_reg,
+                                              Label* miss) {
+  __ cmp(name_reg, Immediate(name));
+  __ j(not_equal, miss);
+}
-  GenerateLoadCallback(object, holder, edx, ecx, ebx, eax, edi, callback,
-                       name, &miss);
-  __ bind(&miss);
-  GenerateLoadMiss(masm(), Code::LOAD_IC);
-  // Return the generated code.
-  return GetCode(CALLBACKS, name);
-}
+#undef __
+#define __ ACCESS_MASM(masm)
-Handle<Code> LoadStubCompiler::CompileLoadConstant(Handle<JSObject> object,
-                                                   Handle<JSObject> holder,
-                                                   Handle<JSFunction> value,
-                                                   Handle<String> name) {
+void LoadStubCompiler::GenerateLoadViaGetter(MacroAssembler* masm,
+                                             Handle<JSFunction> getter) {
   // ----------- S t a t e -------------
   //  -- ecx    : name
   //  -- edx    : receiver
   //  -- esp[0] : return address
   // -----------------------------------
-  Label miss;
+  {
+    FrameScope scope(masm, StackFrame::INTERNAL);
-  GenerateLoadConstant(object, holder, edx, ebx, eax, edi, value, name, &miss);
-  __ bind(&miss);
-  GenerateLoadMiss(masm(), Code::LOAD_IC);
+    if (!getter.is_null()) {
+      // Call the JavaScript getter with the receiver on the stack.
+      __ push(edx);
+      ParameterCount actual(0);
+      __ InvokeFunction(getter, actual, CALL_FUNCTION, NullCallWrapper(),
+                        CALL_AS_METHOD);
+    } else {
+      // If we generate a global code snippet for deoptimization only, remember
+      // the place to continue after deoptimization.
+      masm->isolate()->heap()->SetGetterStubDeoptPCOffset(masm->pc_offset());
+    }
-  // Return the generated code.
-  return GetCode(CONSTANT_FUNCTION, name);
+    // Restore context register.
+    __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
+  }
+  __ ret(0);
 }
-Handle<Code> LoadStubCompiler::CompileLoadInterceptor(Handle<JSObject> receiver,
-                                                      Handle<JSObject> holder,
-                                                      Handle<String> name) {
+#undef __
+#define __ ACCESS_MASM(masm())
+Handle<Code> LoadStubCompiler::CompileLoadViaGetter(
+    Handle<JSObject> receiver,
+    Handle<JSObject> holder,
+    Handle<String> name,
+    Handle<JSFunction> getter) {
   // ----------- S t a t e -------------
   //  -- ecx    : name
   //  -- edx    : receiver
@@ -2841,19 +3086,17 @@ Handle<Code> LoadStubCompiler::CompileLoadInterceptor(Handle<JSObject> receiver,
   // -----------------------------------
   Label miss;
-  LookupResult lookup(isolate());
-  LookupPostInterceptor(holder, name, &lookup);
+  // Check that the maps haven't changed.
+  __ JumpIfSmi(edx, &miss);
+  CheckPrototypes(receiver, edx, holder, ebx, eax, edi, name, &miss);
-  // TODO(368): Compile in the whole chain: all the interceptors in
-  // prototypes and ultimate answer.
-  GenerateLoadInterceptor(receiver, holder, &lookup, edx, ecx, eax, ebx, edi,
-                          name, &miss);
+  GenerateLoadViaGetter(masm(), getter);
   __ bind(&miss);
   GenerateLoadMiss(masm(), Code::LOAD_IC);
   // Return the generated code.
-  return GetCode(INTERCEPTOR, name);
+  return GetCode(Code::CALLBACKS, name);
 }
@@ -2901,253 +3144,62 @@ Handle<Code> LoadStubCompiler::CompileLoadGlobal(
   GenerateLoadMiss(masm(), Code::LOAD_IC);
   // Return the generated code.
-  return GetCode(NORMAL, name);
+  return GetCode(Code::NORMAL, name);
 }
-Handle<Code> KeyedLoadStubCompiler::CompileLoadField(Handle<String> name,
-                                                     Handle<JSObject> receiver,
-                                                     Handle<JSObject> holder,
-                                                     int index) {
+Handle<Code> KeyedLoadStubCompiler::CompileLoadElement(
+    Handle<Map> receiver_map) {
   // ----------- S t a t e -------------
   //  -- ecx    : key
   //  -- edx    : receiver
   //  -- esp[0] : return address
   // -----------------------------------
-  Label miss;
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_field(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  GenerateLoadField(receiver, holder, edx, ebx, eax, edi, index, name, &miss);
+  ElementsKind elements_kind = receiver_map->elements_kind();
+  if (receiver_map->has_fast_elements() ||
+      receiver_map->has_external_array_elements()) {
+    Handle<Code> stub = KeyedLoadFastElementStub(
+        receiver_map->instance_type() == JS_ARRAY_TYPE,
+        elements_kind).GetCode();
+    __ DispatchMap(edx, receiver_map, stub, DO_SMI_CHECK);
+  } else {
+    Handle<Code> stub =
+        KeyedLoadDictionaryElementStub().GetCode();
+    __ DispatchMap(edx, receiver_map, stub, DO_SMI_CHECK);
+  }
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_field(), 1);
   GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
   // Return the generated code.
-  return GetCode(FIELD, name);
+  return GetCode(Code::NORMAL, factory()->empty_string());
 }
-Handle<Code> KeyedLoadStubCompiler::CompileLoadCallback(
-    Handle<String> name,
-    Handle<JSObject> receiver,
-    Handle<JSObject> holder,
-    Handle<AccessorInfo> callback) {
+Handle<Code> KeyedLoadStubCompiler::CompileLoadPolymorphic(
+    MapHandleList* receiver_maps,
+    CodeHandleList* handler_ics) {
   // ----------- S t a t e -------------
   //  -- ecx    : key
   //  -- edx    : receiver
   //  -- esp[0] : return address
   // -----------------------------------
   Label miss;
+  __ JumpIfSmi(edx, &miss);
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_callback(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  GenerateLoadCallback(receiver, holder, edx, ecx, ebx, eax, edi, callback,
-                       name, &miss);
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_callback(), 1);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(CALLBACKS, name);
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadConstant(
-    Handle<String> name,
-    Handle<JSObject> receiver,
-    Handle<JSObject> holder,
-    Handle<JSFunction> value) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_constant_function(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  GenerateLoadConstant(
-      receiver, holder, edx, ebx, eax, edi, value, name, &miss);
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_constant_function(), 1);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(CONSTANT_FUNCTION, name);
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadInterceptor(
-    Handle<JSObject> receiver,
-    Handle<JSObject> holder,
-    Handle<String> name) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_interceptor(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  LookupResult lookup(isolate());
-  LookupPostInterceptor(holder, name, &lookup);
-  GenerateLoadInterceptor(receiver, holder, &lookup, edx, ecx, eax, ebx, edi,
-                          name, &miss);
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_interceptor(), 1);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(INTERCEPTOR, name);
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadArrayLength(
-    Handle<String> name) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_array_length(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  GenerateLoadArrayLength(masm(), edx, eax, &miss);
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_array_length(), 1);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(CALLBACKS, name);
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadStringLength(
-    Handle<String> name) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_string_length(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  GenerateLoadStringLength(masm(), edx, eax, ebx, &miss, true);
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_string_length(), 1);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(CALLBACKS, name);
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadFunctionPrototype(
-    Handle<String> name) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
-  Counters* counters = isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_function_prototype(), 1);
-  // Check that the name has not changed.
-  __ cmp(ecx, Immediate(name));
-  __ j(not_equal, &miss);
-  GenerateLoadFunctionPrototype(masm(), edx, eax, ebx, &miss);
-  __ bind(&miss);
-  __ DecrementCounter(counters->keyed_load_function_prototype(), 1);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(CALLBACKS, name);
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadElement(
-    Handle<Map> receiver_map) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  ElementsKind elements_kind = receiver_map->elements_kind();
-  Handle<Code> stub = KeyedLoadElementStub(elements_kind).GetCode();
-  __ DispatchMap(edx, receiver_map, stub, DO_SMI_CHECK);
-  GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
-  // Return the generated code.
-  return GetCode(NORMAL, factory()->empty_string());
-}
-Handle<Code> KeyedLoadStubCompiler::CompileLoadPolymorphic(
-    MapHandleList* receiver_maps,
-    CodeHandleList* handler_ics) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss;
-  __ JumpIfSmi(edx, &miss);
-  Register map_reg = ebx;
-  __ mov(map_reg, FieldOperand(edx, HeapObject::kMapOffset));
-  int receiver_count = receiver_maps->length();
-  for (int current = 0; current < receiver_count; ++current) {
-    __ cmp(map_reg, receiver_maps->at(current));
-    __ j(equal, handler_ics->at(current));
-  }
+  Register map_reg = ebx;
+  __ mov(map_reg, FieldOperand(edx, HeapObject::kMapOffset));
+  int receiver_count = receiver_maps->length();
+  for (int current = 0; current < receiver_count; ++current) {
+    __ cmp(map_reg, receiver_maps->at(current));
+    __ j(equal, handler_ics->at(current));
+  }
   __ bind(&miss);
   GenerateLoadMiss(masm(), Code::KEYED_LOAD_IC);
   // Return the generated code.
-  return GetCode(NORMAL, factory()->empty_string(), MEGAMORPHIC);
+  return GetCode(Code::NORMAL, factory()->empty_string(), POLYMORPHIC);
 }
@@ -3173,6 +3225,7 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
 #endif
   // Load the initial map and verify that it is in fact a map.
+  // edi: constructor
   __ mov(ebx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
   // Will both indicate a NULL and a Smi.
   __ JumpIfSmi(ebx, &generic_stub_call);
@@ -3181,19 +3234,23 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
 #ifdef DEBUG
   // Cannot construct functions this way.
-  // edi: constructor
   // ebx: initial map
   __ CmpInstanceType(ebx, JS_FUNCTION_TYPE);
-  __ Assert(not_equal, "Function constructed by construct stub.");
+  __ Check(not_equal, "Function constructed by construct stub.");
 #endif
   // Now allocate the JSObject on the heap by moving the new space allocation
   // top forward.
-  // edi: constructor
   // ebx: initial map
+  ASSERT(function->has_initial_map());
+  int instance_size = function->initial_map()->instance_size();
+#ifdef DEBUG
   __ movzx_b(ecx, FieldOperand(ebx, Map::kInstanceSizeOffset));
   __ shl(ecx, kPointerSizeLog2);
-  __ AllocateInNewSpace(ecx, edx, ecx, no_reg,
+  __ cmp(ecx, Immediate(instance_size));
+  __ Check(equal, "Instance size of initial map changed.");
+#endif
+  __ AllocateInNewSpace(instance_size, edx, ecx, no_reg,
                         &generic_stub_call, NO_ALLOCATION_FLAGS);
   // Allocated the JSObject, now initialize the fields and add the heap tag.
@@ -3253,7 +3310,6 @@ Handle<Code> ConstructStubCompiler::CompileConstructStub(
   }
   // Fill the unused in-object property fields with undefined.
-  ASSERT(function->has_initial_map());
   for (int i = shared->this_property_assignments_count();
        i < function->initial_map()->inobject_properties();
        i++) {
@@ -3372,157 +3428,6 @@ static void GenerateSmiKeyCheck(MacroAssembler* masm,
 }
-void KeyedLoadStubCompiler::GenerateLoadExternalArray(
-    MacroAssembler* masm,
-    ElementsKind elements_kind) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss_force_generic, failed_allocation, slow;
-  // This stub is meant to be tail-jumped to, the receiver must already
-  // have been verified by the caller to not be a smi.
-  // Check that the key is a smi or a heap number convertible to a smi.
-  GenerateSmiKeyCheck(masm, ecx, eax, xmm0, xmm1, &miss_force_generic);
-  // Check that the index is in range.
-  __ mov(ebx, FieldOperand(edx, JSObject::kElementsOffset));
-  __ cmp(ecx, FieldOperand(ebx, ExternalArray::kLengthOffset));
-  // Unsigned comparison catches both negative and too-large values.
-  __ j(above_equal, &miss_force_generic);
-  __ mov(ebx, FieldOperand(ebx, ExternalArray::kExternalPointerOffset));
-  // ebx: base pointer of external storage
-  switch (elements_kind) {
-    case EXTERNAL_BYTE_ELEMENTS:
-      __ SmiUntag(ecx);  // Untag the index.
-      __ movsx_b(eax, Operand(ebx, ecx, times_1, 0));
-      break;
-    case EXTERNAL_UNSIGNED_BYTE_ELEMENTS:
-    case EXTERNAL_PIXEL_ELEMENTS:
-      __ SmiUntag(ecx);  // Untag the index.
-      __ movzx_b(eax, Operand(ebx, ecx, times_1, 0));
-      break;
-    case EXTERNAL_SHORT_ELEMENTS:
-      __ movsx_w(eax, Operand(ebx, ecx, times_1, 0));
-      break;
-    case EXTERNAL_UNSIGNED_SHORT_ELEMENTS:
-      __ movzx_w(eax, Operand(ebx, ecx, times_1, 0));
-      break;
-    case EXTERNAL_UNSIGNED_INT_ELEMENTS:
-    case EXTERNAL_INT_ELEMENTS:
-      __ mov(eax, Operand(ebx, ecx, times_2, 0));
-      break;
-    case EXTERNAL_FLOAT_ELEMENTS:
-      __ fld_s(Operand(ebx, ecx, times_2, 0));
-      break;
-    case EXTERNAL_DOUBLE_ELEMENTS:
-      __ fld_d(Operand(ebx, ecx, times_4, 0));
-      break;
-    default:
-      UNREACHABLE();
-      break;
-  }
-  // For integer array types:
-  // eax: value
-  // For floating-point array type:
-  // FP(0): value
-  if (elements_kind == EXTERNAL_INT_ELEMENTS ||
-      elements_kind == EXTERNAL_UNSIGNED_INT_ELEMENTS) {
-    // For the Int and UnsignedInt array types, we need to see whether
-    // the value can be represented in a Smi. If not, we need to convert
-    // it to a HeapNumber.
-    Label box_int;
-    if (elements_kind == EXTERNAL_INT_ELEMENTS) {
-      __ cmp(eax, 0xc0000000);
-      __ j(sign, &box_int);
-    } else {
-      ASSERT_EQ(EXTERNAL_UNSIGNED_INT_ELEMENTS, elements_kind);
-      // The test is different for unsigned int values. Since we need
-      // the value to be in the range of a positive smi, we can't
-      // handle either of the top two bits being set in the value.
-      __ test(eax, Immediate(0xc0000000));
-      __ j(not_zero, &box_int);
-    }
-    __ SmiTag(eax);
-    __ ret(0);
-    __ bind(&box_int);
-    // Allocate a HeapNumber for the int and perform int-to-double
-    // conversion.
-    if (elements_kind == EXTERNAL_INT_ELEMENTS) {
-      __ push(eax);
-      __ fild_s(Operand(esp, 0));
-      __ pop(eax);
-    } else {
-      ASSERT_EQ(EXTERNAL_UNSIGNED_INT_ELEMENTS, elements_kind);
-      // Need to zero-extend the value.
-      // There's no fild variant for unsigned values, so zero-extend
-      // to a 64-bit int manually.
-      __ push(Immediate(0));
-      __ push(eax);
-      __ fild_d(Operand(esp, 0));
-      __ pop(eax);
-      __ pop(eax);
-    }
-    // FP(0): value
-    __ AllocateHeapNumber(eax, ebx, edi, &failed_allocation);
-    // Set the value.
-    __ fstp_d(FieldOperand(eax, HeapNumber::kValueOffset));
-    __ ret(0);
-  } else if (elements_kind == EXTERNAL_FLOAT_ELEMENTS ||
-             elements_kind == EXTERNAL_DOUBLE_ELEMENTS) {
-    // For the floating-point array type, we need to always allocate a
-    // HeapNumber.
-    __ AllocateHeapNumber(eax, ebx, edi, &failed_allocation);
-    // Set the value.
-    __ fstp_d(FieldOperand(eax, HeapNumber::kValueOffset));
-    __ ret(0);
-  } else {
-    __ SmiTag(eax);
-    __ ret(0);
-  }
-  // If we fail allocation of the HeapNumber, we still have a value on
-  // top of the FPU stack. Remove it.
-  __ bind(&failed_allocation);
-  __ fstp(0);
-  // Fall through to slow case.
-  // Slow case: Jump to runtime.
-  __ bind(&slow);
-  Counters* counters = masm->isolate()->counters();
-  __ IncrementCounter(counters->keyed_load_external_array_slow(), 1);
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Handle<Code> ic = masm->isolate()->builtins()->KeyedLoadIC_Slow();
-  __ jmp(ic, RelocInfo::CODE_TARGET);
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  // Miss case: Jump to runtime.
-  __ bind(&miss_force_generic);
-  Handle<Code> miss_ic =
-      masm->isolate()->builtins()->KeyedLoadIC_MissForceGeneric();
-  __ jmp(miss_ic, RelocInfo::CODE_TARGET);
-}
 void KeyedStoreStubCompiler::GenerateStoreExternalArray(
     MacroAssembler* masm,
     ElementsKind elements_kind) {
@@ -3722,106 +3627,6 @@ void KeyedStoreStubCompiler::GenerateStoreExternalArray(
 }
-void KeyedLoadStubCompiler::GenerateLoadFastElement(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss_force_generic;
-  // This stub is meant to be tail-jumped to, the receiver must already
-  // have been verified by the caller to not be a smi.
-  // Check that the key is a smi or a heap number convertible to a smi.
-  GenerateSmiKeyCheck(masm, ecx, eax, xmm0, xmm1, &miss_force_generic);
-  // Get the elements array.
-  __ mov(eax, FieldOperand(edx, JSObject::kElementsOffset));
-  __ AssertFastElements(eax);
-  // Check that the key is within bounds.
-  __ cmp(ecx, FieldOperand(eax, FixedArray::kLengthOffset));
-  __ j(above_equal, &miss_force_generic);
-  // Load the result and make sure it's not the hole.
-  __ mov(ebx, Operand(eax, ecx, times_2,
-                      FixedArray::kHeaderSize - kHeapObjectTag));
-  __ cmp(ebx, masm->isolate()->factory()->the_hole_value());
-  __ j(equal, &miss_force_generic);
-  __ mov(eax, ebx);
-  __ ret(0);
-  __ bind(&miss_force_generic);
-  Handle<Code> miss_ic =
-      masm->isolate()->builtins()->KeyedLoadIC_MissForceGeneric();
-  __ jmp(miss_ic, RelocInfo::CODE_TARGET);
-}
-void KeyedLoadStubCompiler::GenerateLoadFastDoubleElement(
-    MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- ecx    : key
-  //  -- edx    : receiver
-  //  -- esp[0] : return address
-  // -----------------------------------
-  Label miss_force_generic, slow_allocate_heapnumber;
-  // This stub is meant to be tail-jumped to, the receiver must already
-  // have been verified by the caller to not be a smi.
-  // Check that the key is a smi or a heap number convertible to a smi.
-  GenerateSmiKeyCheck(masm, ecx, eax, xmm0, xmm1, &miss_force_generic);
-  // Get the elements array.
-  __ mov(eax, FieldOperand(edx, JSObject::kElementsOffset));
-  __ AssertFastElements(eax);
-  // Check that the key is within bounds.
-  __ cmp(ecx, FieldOperand(eax, FixedDoubleArray::kLengthOffset));
-  __ j(above_equal, &miss_force_generic);
-  // Check for the hole
-  uint32_t offset = FixedDoubleArray::kHeaderSize + sizeof(kHoleNanLower32);
-  __ cmp(FieldOperand(eax, ecx, times_4, offset), Immediate(kHoleNanUpper32));
-  __ j(equal, &miss_force_generic);
-  // Always allocate a heap number for the result.
-  if (CpuFeatures::IsSupported(SSE2)) {
-    CpuFeatures::Scope use_sse2(SSE2);
-    __ movdbl(xmm0, FieldOperand(eax, ecx, times_4,
-                                 FixedDoubleArray::kHeaderSize));
-  } else {
-    __ fld_d(FieldOperand(eax, ecx, times_4, FixedDoubleArray::kHeaderSize));
-  }
-  __ AllocateHeapNumber(eax, ebx, edi, &slow_allocate_heapnumber);
-  // Set the value.
-  if (CpuFeatures::IsSupported(SSE2)) {
-    CpuFeatures::Scope use_sse2(SSE2);
-    __ movdbl(FieldOperand(eax, HeapNumber::kValueOffset), xmm0);
-  } else {
-    __ fstp_d(FieldOperand(eax, HeapNumber::kValueOffset));
-  }
-  __ ret(0);
-  __ bind(&slow_allocate_heapnumber);
-  // A value was pushed on the floating point stack before the allocation, if
-  // the allocation fails it needs to be removed.
-  if (!CpuFeatures::IsSupported(SSE2)) {
-    __ fstp(0);
-  }
-  Handle<Code> slow_ic =
-      masm->isolate()->builtins()->KeyedLoadIC_Slow();
-  __ jmp(slow_ic, RelocInfo::CODE_TARGET);
-  __ bind(&miss_force_generic);
-  Handle<Code> miss_ic =
-      masm->isolate()->builtins()->KeyedLoadIC_MissForceGeneric();
-  __ jmp(miss_ic, RelocInfo::CODE_TARGET);
-}
 void KeyedStoreStubCompiler::GenerateStoreFastElement(
     MacroAssembler* masm,
     bool is_js_array,
@@ -4064,13 +3869,22 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     // ecx: key
     // edx: receiver
     // edi: elements
-    // Initialize the new FixedDoubleArray. Leave elements unitialized for
-    // efficiency, they are guaranteed to be initialized before use.
+    // Initialize the new FixedDoubleArray.
     __ mov(FieldOperand(edi, JSObject::kMapOffset),
            Immediate(masm->isolate()->factory()->fixed_double_array_map()));
     __ mov(FieldOperand(edi, FixedDoubleArray::kLengthOffset),
            Immediate(Smi::FromInt(JSArray::kPreallocatedArrayElements)));
+    __ StoreNumberToDoubleElements(eax, edi, ecx, ebx, xmm0,
+                                   &transition_elements_kind, true);
+    for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
+      int offset = FixedDoubleArray::OffsetOfElementAt(i);
+      __ mov(FieldOperand(edi, offset), Immediate(kHoleNanLower32));
+      __ mov(FieldOperand(edi, offset + kPointerSize),
+             Immediate(kHoleNanUpper32));
+    }
     // Install the new backing store in the JSArray.
     __ mov(FieldOperand(edx, JSObject::kElementsOffset), edi);
     __ RecordWriteField(edx, JSObject::kElementsOffset, edi, ebx,
@@ -4080,7 +3894,7 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     __ add(FieldOperand(edx, JSArray::kLengthOffset),
            Immediate(Smi::FromInt(1)));
     __ mov(edi, FieldOperand(edx, JSObject::kElementsOffset));
-    __ jmp(&finish_store);
+    __ ret(0);
     __ bind(&check_capacity);
     // eax: value