Add asserts and state tracking to ensure that we do not call

src/x64/builtins-x64.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 92 matching lines @@
           RelocInfo::CODE_TARGET);
 }
 
 
 static void Generate_JSConstructStubHelper(MacroAssembler* masm,
                                            bool is_api_function,
                                            bool count_constructions) {
   // Should never count constructions for api objects.
   ASSERT(!is_api_function || !count_constructions);
 
-    // Enter a construct frame.
-  __ EnterConstructFrame();
+  // Enter a construct frame.
+{
+  FrameScope scope(masm, StackFrame::CONSTRUCT);
 
   // Store a smi-tagged arguments count on the stack.
   __ Integer32ToSmi(rax, rax);
   __ push(rax);
 
   // Push the function to invoke on the stack.
   __ push(rdi);
 
-  // Try to allocate the object without transitioning into C code. If any of the
-  // preconditions is not met, the code bails out to the runtime call.
+  // Try to allocate the object without transitioning into C code. If any of
+  // the preconditions is not met, the code bails out to the runtime call.
   Label rt_call, allocated;
   if (FLAG_inline_new) {
     Label undo_allocation;
 
 #ifdef ENABLE_DEBUGGER_SUPPORT
     ExternalReference debug_step_in_fp =
         ExternalReference::debug_step_in_fp_address(masm->isolate());
     __ movq(kScratchRegister, debug_step_in_fp);
     __ cmpq(Operand(kScratchRegister, 0), Immediate(0));
     __ j(not_equal, &rt_call);
 #endif
 
     // Verified that the constructor is a JSFunction.
     // Load the initial map and verify that it is in fact a map.
     // rdi: constructor
     __ movq(rax, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
     // Will both indicate a NULL and a Smi
     ASSERT(kSmiTag == 0);
     __ JumpIfSmi(rax, &rt_call);
     // rdi: constructor
     // rax: initial map (if proven valid below)
     __ CmpObjectType(rax, MAP_TYPE, rbx);
     __ j(not_equal, &rt_call);
 
-    // Check that the constructor is not constructing a JSFunction (see comments
-    // in Runtime_NewObject in runtime.cc). In which case the initial map's
-    // instance type would be JS_FUNCTION_TYPE.
+    // Check that the constructor is not constructing a JSFunction (see
+    // comments in Runtime_NewObject in runtime.cc). In which case the initial
+    // map's instance type would be JS_FUNCTION_TYPE.
     // rdi: constructor
     // rax: initial map
     __ CmpInstanceType(rax, JS_FUNCTION_TYPE);
     __ j(equal, &rt_call);
 
     if (count_constructions) {
       Label allocate;
       // Decrease generous allocation count.
       __ movq(rcx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
-      __ decb(FieldOperand(rcx, SharedFunctionInfo::kConstructionCountOffset));
+      __ decb(FieldOperand(rcx,
+                           SharedFunctionInfo::kConstructionCountOffset));
       __ j(not_zero, &allocate);
 
       __ push(rax);
       __ push(rdi);
 
       __ push(rdi);  // constructor
       // The call will replace the stub, so the countdown is only done once.
       __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
 
       __ pop(rdi);
@@ skipping 34 matching lines @@
       __ lea(rcx, Operand(rbx, JSObject::kHeaderSize));
       __ jmp(&entry);
       __ bind(&loop);
       __ movq(Operand(rcx, 0), rdx);
       __ addq(rcx, Immediate(kPointerSize));
       __ bind(&entry);
       __ cmpq(rcx, rdi);
       __ j(less, &loop);
     }
 
-    // Add the object tag to make the JSObject real, so that we can continue and
-    // jump into the continuation code at any time from now on. Any failures
-    // need to undo the allocation, so that the heap is in a consistent state
-    // and verifiable.
+    // Add the object tag to make the JSObject real, so that we can continue
+    // and jump into the continuation code at any time from now on. Any
+    // failures need to undo the allocation, so that the heap is in a
+    // consistent state and verifiable.
     // rax: initial map
     // rbx: JSObject
     // rdi: start of next object
     __ or_(rbx, Immediate(kHeapObjectTag));
 
     // Check if a non-empty properties array is needed.
     // Allocate and initialize a FixedArray if it is.
     // rax: initial map
     // rbx: JSObject
     // rdi: start of next object
     // Calculate total properties described map.
     __ movzxbq(rdx, FieldOperand(rax, Map::kUnusedPropertyFieldsOffset));
-    __ movzxbq(rcx, FieldOperand(rax, Map::kPreAllocatedPropertyFieldsOffset));
+    __ movzxbq(rcx,
+               FieldOperand(rax, Map::kPreAllocatedPropertyFieldsOffset));
     __ addq(rdx, rcx);
     // Calculate unused properties past the end of the in-object properties.
     __ movzxbq(rcx, FieldOperand(rax, Map::kInObjectPropertiesOffset));
     __ subq(rdx, rcx);
     // Done if no extra properties are to be allocated.
     __ j(zero, &allocated);
     __ Assert(positive, "Property allocation count failed.");
 
     // Scale the number of elements by pointer size and add the header for
     // FixedArrays to the start of the next object calculation from above.
@@ skipping 124 matching lines @@
   __ j(above_equal, &exit);
 
   // Throw away the result of the constructor invocation and use the
   // on-stack receiver as the result.
   __ bind(&use_receiver);
   __ movq(rax, Operand(rsp, 0));
 
   // Restore the arguments count and leave the construct frame.
   __ bind(&exit);
   __ movq(rbx, Operand(rsp, kPointerSize));  // get arguments count
-  __ LeaveConstructFrame();
+
+  // Leave the construct frame.
+}
 
   // Remove caller arguments from the stack and return.
   __ pop(rcx);
   SmiIndex index = masm->SmiToIndex(rbx, rbx, kPointerSizeLog2);
   __ lea(rsp, Operand(rsp, index.reg, index.scale, 1 * kPointerSize));
   __ push(rcx);
   Counters* counters = masm->isolate()->counters();
   __ IncrementCounter(counters->constructed_objects(), 1);
   __ ret(0);
 }
@@ skipping 17 matching lines @@
 static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
                                              bool is_construct) {
   // Expects five C++ function parameters.
   // - Address entry (ignored)
   // - JSFunction* function (
   // - Object* receiver
   // - int argc
   // - Object*** argv
   // (see Handle::Invoke in execution.cc).
 
+  // Open a C++ scope for the FrameScope.
+{
   // Platform specific argument handling. After this, the stack contains
   // an internal frame and the pushed function and receiver, and
   // register rax and rbx holds the argument count and argument array,
   // while rdi holds the function pointer and rsi the context.
+
 #ifdef _WIN64
   // MSVC parameters in:
   // rcx : entry (ignored)
   // rdx : function
   // r8 : receiver
   // r9 : argc
   // [rsp+0x20] : argv
 
-  // Clear the context before we push it when entering the JS frame.
+  // Clear the context before we push it when entering the internal frame.
   __ Set(rsi, 0);
-  __ EnterInternalFrame();
+  // Enter an internal frame.
+  FrameScope scope(masm, StackFrame::INTERNAL);
 
   // Load the function context into rsi.
   __ movq(rsi, FieldOperand(rdx, JSFunction::kContextOffset));
 
   // Push the function and the receiver onto the stack.
   __ push(rdx);
   __ push(r8);
 
   // Load the number of arguments and setup pointer to the arguments.
   __ movq(rax, r9);
   // Load the previous frame pointer to access C argument on stack
   __ movq(kScratchRegister, Operand(rbp, 0));
   __ movq(rbx, Operand(kScratchRegister, EntryFrameConstants::kArgvOffset));
   // Load the function pointer into rdi.
   __ movq(rdi, rdx);
 #else  // _WIN64
   // GCC parameters in:
   // rdi : entry (ignored)
   // rsi : function
   // rdx : receiver
   // rcx : argc
   // r8  : argv
 
   __ movq(rdi, rsi);
   // rdi : function
 
-  // Clear the context before we push it when entering the JS frame.
+  // Clear the context before we push it when entering the internal frame.
   __ Set(rsi, 0);
   // Enter an internal frame.
-  __ EnterInternalFrame();
+  FrameScope scope(masm, StackFrame::INTERNAL);
 
   // Push the function and receiver and setup the context.
   __ push(rdi);
   __ push(rdx);
   __ movq(rsi, FieldOperand(rdi, JSFunction::kContextOffset));
 
   // Load the number of arguments and setup pointer to the arguments.
   __ movq(rax, rcx);
   __ movq(rbx, r8);
 #endif  // _WIN64
@@ skipping 26 matching lines @@
   if (is_construct) {
     // Expects rdi to hold function pointer.
     __ Call(masm->isolate()->builtins()->JSConstructCall(),
             RelocInfo::CODE_TARGET);
   } else {
     ParameterCount actual(rax);
     // Function must be in rdi.
     __ InvokeFunction(rdi, actual, CALL_FUNCTION,
                       NullCallWrapper(), CALL_AS_METHOD);
   }
-
-  // Exit the JS frame. Notice that this also removes the empty
+  // Exit the internal frame. Notice that this also removes the empty
   // context and the function left on the stack by the code
   // invocation.
-  __ LeaveInternalFrame();
+}
+
   // TODO(X64): Is argument correct? Is there a receiver to remove?
-  __ ret(1 * kPointerSize);  // remove receiver
+  __ ret(1 * kPointerSize);  // Remove receiver.
 }
 
 
 void Builtins::Generate_JSEntryTrampoline(MacroAssembler* masm) {
   Generate_JSEntryTrampolineHelper(masm, false);
 }
 
 
 void Builtins::Generate_JSConstructEntryTrampoline(MacroAssembler* masm) {
   Generate_JSEntryTrampolineHelper(masm, true);
 }
 
 
 void Builtins::Generate_LazyCompile(MacroAssembler* masm) {
   // Enter an internal frame.
-  __ EnterInternalFrame();
+{
+  FrameScope scope(masm, StackFrame::INTERNAL);
 
   // Push a copy of the function onto the stack.
   __ push(rdi);
   // Push call kind information.
   __ push(rcx);
 
   __ push(rdi);  // Function is also the parameter to the runtime call.
   __ CallRuntime(Runtime::kLazyCompile, 1);
 
   // Restore call kind information.
   __ pop(rcx);
   // Restore receiver.
   __ pop(rdi);
 
-  // Tear down temporary frame.
-  __ LeaveInternalFrame();
+  // Tear down internal frame.
+}
 
   // Do a tail-call of the compiled function.
   __ lea(rax, FieldOperand(rax, Code::kHeaderSize));
   __ jmp(rax);
 }
 
 
 void Builtins::Generate_LazyRecompile(MacroAssembler* masm) {
   // Enter an internal frame.
-  __ EnterInternalFrame();
+{
+  FrameScope scope(masm, StackFrame::INTERNAL);
 
   // Push a copy of the function onto the stack.
   __ push(rdi);
   // Push call kind information.
   __ push(rcx);
 
   __ push(rdi);  // Function is also the parameter to the runtime call.
   __ CallRuntime(Runtime::kLazyRecompile, 1);
 
   // Restore call kind information.
   __ pop(rcx);
   // Restore function.
   __ pop(rdi);
 
-  // Tear down temporary frame.
-  __ LeaveInternalFrame();
+  // Tear down internal frame.
+}
 
   // Do a tail-call of the compiled function.
   __ lea(rax, FieldOperand(rax, Code::kHeaderSize));
   __ jmp(rax);
 }
 
 
 static void Generate_NotifyDeoptimizedHelper(MacroAssembler* masm,
                                              Deoptimizer::BailoutType type) {
   // Enter an internal frame.
-  __ EnterInternalFrame();
+{
+  FrameScope scope(masm, StackFrame::INTERNAL);
 
   // Pass the deoptimization type to the runtime system.
   __ Push(Smi::FromInt(static_cast<int>(type)));
 
   __ CallRuntime(Runtime::kNotifyDeoptimized, 1);
-  // Tear down temporary frame.
-  __ LeaveInternalFrame();
+  // Tear down internal frame.
+}
 
   // Get the full codegen state from the stack and untag it.
   __ SmiToInteger32(rcx, Operand(rsp, 1 * kPointerSize));
 
   // Switch on the state.
   Label not_no_registers, not_tos_rax;
   __ cmpq(rcx, Immediate(FullCodeGenerator::NO_REGISTERS));
   __ j(not_equal, &not_no_registers, Label::kNear);
   __ ret(1 * kPointerSize);  // Remove state.
 
@@ skipping 16 matching lines @@
   Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::LAZY);
 }
 
 
 void Builtins::Generate_NotifyOSR(MacroAssembler* masm) {
   // For now, we are relying on the fact that Runtime::NotifyOSR
   // doesn't do any garbage collection which allows us to save/restore
   // the registers without worrying about which of them contain
   // pointers. This seems a bit fragile.
   __ Pushad();
-  __ EnterInternalFrame();
-  __ CallRuntime(Runtime::kNotifyOSR, 0);
-  __ LeaveInternalFrame();
+  {
+    FrameScope scope(masm, StackFrame::INTERNAL);
+    __ CallRuntime(Runtime::kNotifyOSR, 0);
+  }
   __ Popad();
   __ ret(0);
 }
 
 
 void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
   // Stack Layout:
   // rsp[0]:   Return address
   // rsp[1]:   Argument n
   // rsp[2]:   Argument n-1
@@ skipping 49 matching lines @@
     __ j(equal, &use_global_receiver);
     __ CompareRoot(rbx, Heap::kUndefinedValueRootIndex);
     __ j(equal, &use_global_receiver);
 
     STATIC_ASSERT(LAST_JS_OBJECT_TYPE + 1 == LAST_TYPE);
     STATIC_ASSERT(LAST_TYPE == JS_FUNCTION_TYPE);
     __ CmpObjectType(rbx, FIRST_JS_OBJECT_TYPE, rcx);
     __ j(above_equal, &shift_arguments);
 
     __ bind(&convert_to_object);
-    __ EnterInternalFrame();  // In order to preserve argument count.
+  {
+    // Enter an internal frame in order to preserve argument count.
+    FrameScope scope(masm, StackFrame::INTERNAL);
     __ Integer32ToSmi(rax, rax);
     __ push(rax);
 
     __ push(rbx);
     __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
     __ movq(rbx, rax);
 
     __ pop(rax);
     __ SmiToInteger32(rax, rax);
-    __ LeaveInternalFrame();
+  }
+
     // Restore the function to rdi.
     __ movq(rdi, Operand(rsp, rax, times_pointer_size, 1 * kPointerSize));
     __ jmp(&patch_receiver, Label::kNear);
 
     // Use the global receiver object from the called function as the
     // receiver.
     __ bind(&use_global_receiver);
     const int kGlobalIndex =
         Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize;
     __ movq(rbx, FieldOperand(rsi, kGlobalIndex));
@@ skipping 62 matching lines @@
                 NullCallWrapper(), CALL_AS_METHOD);
 }
 
 
 void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
   // Stack at entry:
   //    rsp: return address
   //  rsp+8: arguments
   // rsp+16: receiver ("this")
   // rsp+24: function
-  __ EnterInternalFrame();
+{
+  FrameScope scope(masm, StackFrame::INTERNAL);
   // Stack frame:
   //    rbp: Old base pointer
   // rbp[1]: return address
   // rbp[2]: function arguments
   // rbp[3]: receiver
   // rbp[4]: function
   static const int kArgumentsOffset = 2 * kPointerSize;
   static const int kReceiverOffset = 3 * kPointerSize;
   static const int kFunctionOffset = 4 * kPointerSize;
   __ push(Operand(rbp, kFunctionOffset));
@@ skipping 112 matching lines @@
   __ cmpq(rax, Operand(rbp, kLimitOffset));
   __ j(not_equal, &loop);
 
   // Invoke the function.
   ParameterCount actual(rax);
   __ SmiToInteger32(rax, rax);
   __ movq(rdi, Operand(rbp, kFunctionOffset));
   __ InvokeFunction(rdi, actual, CALL_FUNCTION,
                     NullCallWrapper(), CALL_AS_METHOD);
 
-  __ LeaveInternalFrame();
+  // Leave internal frame.
+}
   __ ret(3 * kPointerSize);  // remove function, receiver, and arguments
 }
 
 
 // Number of empty elements to allocate for an empty array.
 static const int kPreallocatedArrayElements = 4;
 
 
 // Allocate an empty JSArray. The allocated array is put into the result
 // register. If the parameter initial_capacity is larger than zero an elements
@@ skipping 539 matching lines @@
   // should perform a stack guard check so we can get interrupts while
   // waiting for on-stack replacement.
   __ movq(rax, Operand(rbp, JavaScriptFrameConstants::kFunctionOffset));
   __ movq(rcx, FieldOperand(rax, JSFunction::kSharedFunctionInfoOffset));
   __ movq(rcx, FieldOperand(rcx, SharedFunctionInfo::kCodeOffset));
   __ cmpb(rbx, FieldOperand(rcx, Code::kAllowOSRAtLoopNestingLevelOffset));
   __ j(greater, &stack_check);
 
   // Pass the function to optimize as the argument to the on-stack
   // replacement runtime function.
-  __ EnterInternalFrame();
+{
+  FrameScope scope(masm, StackFrame::INTERNAL);
   __ push(rax);
   __ CallRuntime(Runtime::kCompileForOnStackReplacement, 1);
-  __ LeaveInternalFrame();
+}
 
   // If the result was -1 it means that we couldn't optimize the
   // function. Just return and continue in the unoptimized version.
   Label skip;
   __ SmiCompare(rax, Smi::FromInt(-1));
   __ j(not_equal, &skip, Label::kNear);
   __ ret(0);
 
   // If we decide not to perform on-stack replacement we perform a
   // stack guard check to enable interrupts.
   __ bind(&stack_check);
   Label ok;
   __ CompareRoot(rsp, Heap::kStackLimitRootIndex);
   __ j(above_equal, &ok, Label::kNear);
 
   StackCheckStub stub;
   __ TailCallStub(&stub);
-  __ Abort("Unreachable code: returned from tail call.");
+  if (FLAG_debug_code) {
+    __ Abort("Unreachable code: returned from tail call.");
+  }
   __ bind(&ok);
   __ ret(0);
 
   __ bind(&skip);
   // Untag the AST id and push it on the stack.
   __ SmiToInteger32(rax, rax);
   __ push(rax);
 
   // Generate the code for doing the frame-to-frame translation using
   // the deoptimizer infrastructure.
   Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR);
   generator.Generate();
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_X64