From 3586c074d4336c939b120c6527afc6102cd05b6c Mon Sep 17 00:00:00 2001
From: "verwaest@chromium.org"
 <verwaest@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Fri, 25 Jul 2014 12:27:55 +0000
Subject: [PATCH] Smi arrays are only guaranteed to be initialized in non-holey
 case

BUG=
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/413393004

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/hydrogen-instructions.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/hydrogen-instructions.h b/src/hydrogen-instructions.h
index fdbcff0206..28a56122b1 100644
--- a/src/hydrogen-instructions.h
+++ b/src/hydrogen-instructions.h
@@ -6981,10 +6981,12 @@ class HStoreKeyed V8_FINAL
       return Representation::Double();
     }
 
+    if (kind == FAST_SMI_ELEMENTS && SmiValuesAre32Bits() &&
+        mode == STORE_TO_INITIALIZED_ENTRY) {
+      return Representation::Integer32();
+    }
+
     if (IsFastSmiElementsKind(kind)) {
-      if (SmiValuesAre32Bits() && mode == STORE_TO_INITIALIZED_ENTRY) {
-        return Representation::Integer32();
-      }
       return Representation::Smi();
     }