Pretenure call new support.

src/ia32/builtins-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 107 matching lines @@
   CallRuntimePassFunction(masm, Runtime::kTryInstallOptimizedCode);
   GenerateTailCallToReturnedCode(masm);
 
   __ bind(&ok);
   GenerateTailCallToSharedCode(masm);
 }
 
 
 static void Generate_JSConstructStubHelper(MacroAssembler* masm,
                                            bool is_api_function,
-                                           bool count_constructions) {
+                                           bool count_constructions,
+                                           bool create_memento) {
   // ----------- S t a t e -------------
   //  -- eax: number of arguments
   //  -- edi: constructor function
+  //  -- ebx: allocation site or undefined
   // -----------------------------------
 
   // Should never count constructions for api objects.
   ASSERT(!is_api_function || !count_constructions);
 
+  // Should never create mementos for api functions. (true?)

[Hannes Payer (out of office), 2014/02/11 15:51:23]

probably

[mvstanton, 2014/02/17 15:53:08]

Done.

+  ASSERT(!is_api_function || !create_memento);
+
   // Enter a construct frame.
   {
     FrameScope scope(masm, StackFrame::CONSTRUCT);
 
+    if (create_memento) {
+      __ AssertUndefinedOrAllocationSite(ebx);
+      __ push(ebx);
+    }
+
     // Store a smi-tagged arguments count on the stack.
     __ SmiTag(eax);
     __ push(eax);
 
     // Push the function to invoke on the stack.
     __ push(edi);
 
     // Try to allocate the object without transitioning into C code. If any of
     // the preconditions is not met, the code bails out to the runtime call.
     Label rt_call, allocated;
@@ skipping 44 matching lines @@
         __ pop(eax);
 
         __ bind(&allocate);
       }
 
       // Now allocate the JSObject on the heap.
       // edi: constructor
       // eax: initial map
       __ movzx_b(edi, FieldOperand(eax, Map::kInstanceSizeOffset));
       __ shl(edi, kPointerSizeLog2);
+      if (create_memento) {
+        __ add(edi, Immediate(AllocationMemento::kSize));
+      }
       __ Allocate(edi, ebx, edi, no_reg, &rt_call, NO_ALLOCATION_FLAGS);
+      Factory* factory = masm->isolate()->factory();
+      if (create_memento) {
+        __ sub(edi, Immediate(AllocationMemento::kSize));
+        Handle<Map> allocation_memento_map = factory->allocation_memento_map();
+        __ mov(Operand(edi, AllocationMemento::kMapOffset),
+               allocation_memento_map);
+        // Get the cell or undefined.
+        Label do_store;
+        __ mov(ecx, Operand(esp, kPointerSize*2));
+        __ cmp(ecx, masm->isolate()->factory()->undefined_value());
+        __ j(equal, &do_store);
+        // ecx is an AllocationSite. We are creating a memento from it, so we
+        // need to increment the memento create count.
+        __ add(Operand(ecx, AllocationSite::kPretenureCreateCountOffset),
+               Immediate(Smi::FromInt(1)));
+        __ bind(&do_store);

[Hannes Payer (out of office), 2014/02/11 15:51:23]

We could also undo the Memento allocation. WDYT?

[mvstanton, 2014/02/17 15:53:08]

Good point, I'll go ahead and fix it to only increment that count below the
label allocated, and to make sure that if the runtime version was called we step
over that (because the runtime routine will increment the count).

+        __ mov(Operand(edi, AllocationMemento::kAllocationSiteOffset),
+               ecx);
+      }
       // Allocated the JSObject, now initialize the fields.
       // eax: initial map
       // ebx: JSObject
-      // edi: start of next object
+      // edi: start of next object (or memento if create_memento)
       __ mov(Operand(ebx, JSObject::kMapOffset), eax);
-      Factory* factory = masm->isolate()->factory();
       __ mov(ecx, factory->empty_fixed_array());
       __ mov(Operand(ebx, JSObject::kPropertiesOffset), ecx);
       __ mov(Operand(ebx, JSObject::kElementsOffset), ecx);
       // Set extra fields in the newly allocated object.
       // eax: initial map
       // ebx: JSObject
-      // edi: start of next object
+      // edi: start of next object (or memento if create_memento)
       __ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
       __ mov(edx, factory->undefined_value());
       if (count_constructions) {
         __ movzx_b(esi,
                    FieldOperand(eax, Map::kPreAllocatedPropertyFieldsOffset));
         __ lea(esi,
                Operand(ebx, esi, times_pointer_size, JSObject::kHeaderSize));
         // esi: offset of first field after pre-allocated fields
         if (FLAG_debug_code) {
           __ cmp(esi, edi);
           __ Assert(less_equal,
                     kUnexpectedNumberOfPreAllocatedPropertyFields);
         }
         __ InitializeFieldsWithFiller(ecx, esi, edx);
         __ mov(edx, factory->one_pointer_filler_map());
       }
       __ InitializeFieldsWithFiller(ecx, edi, edx);
+      if (create_memento) {
+        __ add(edi, Immediate(AllocationMemento::kSize));
+      }
 
       // Add the object tag to make the JSObject real, so that we can continue
       // and jump into the continuation code at any time from now on. Any
       // failures need to undo the allocation, so that the heap is in a
       // consistent state and verifiable.
       // eax: initial map
       // ebx: JSObject
       // edi: start of next object
       __ or_(ebx, Immediate(kHeapObjectTag));
 
@@ skipping 70 matching lines @@
       // Undo the setting of the new top so that the heap is verifiable. For
       // example, the map's unused properties potentially do not match the
       // allocated objects unused properties.
       // ebx: JSObject (previous new top)
       __ bind(&undo_allocation);
       __ UndoAllocationInNewSpace(ebx);
     }
 
     // Allocate the new receiver object using the runtime call.
     __ bind(&rt_call);
+    int offset = 0;
+    if (create_memento) {
+      // Get the cell or allocation site.
+      __ mov(edi, Operand(esp, kPointerSize*2));
+      __ push(edi);
+      offset = kPointerSize;
+    }
+
     // Must restore edi (constructor) before calling runtime.
-    __ mov(edi, Operand(esp, 0));
+    __ mov(edi, Operand(esp, offset));
     // edi: function (constructor)
     __ push(edi);
-    __ CallRuntime(Runtime::kNewObject, 1);
+    if (create_memento) {
+      __ CallRuntime(Runtime::kNewObjectWithAllocationSite, 2);
+    } else {
+      __ CallRuntime(Runtime::kNewObject, 1);
+    }
     __ mov(ebx, eax);  // store result in ebx
 
     // New object allocated.
     // ebx: newly allocated object
     __ bind(&allocated);
     // Retrieve the function from the stack.
     __ pop(edi);
 
     // Retrieve smi-tagged arguments count from the stack.
     __ mov(eax, Operand(esp, 0));
@@ skipping 67 matching lines @@
   STATIC_ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
   __ pop(ecx);
   __ lea(esp, Operand(esp, ebx, times_2, 1 * kPointerSize));  // 1 ~ receiver
   __ push(ecx);
   __ IncrementCounter(masm->isolate()->counters()->constructed_objects(), 1);
   __ ret(0);
 }
 
 
 void Builtins::Generate_JSConstructStubCountdown(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, false, true);
+  Generate_JSConstructStubHelper(masm, false, true, true);
 }
 
 
 void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, false, false);
+  Generate_JSConstructStubHelper(masm, false, false, true);
 }
 
 
 void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, true, false);
+  Generate_JSConstructStubHelper(masm, true, false, false);
 }
 
 
 static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
                                              bool is_construct) {
   ProfileEntryHookStub::MaybeCallEntryHook(masm);
 
   // Clear the context before we push it when entering the internal frame.
   __ Set(esi, Immediate(0));
 
@@ skipping 926 matching lines @@
 
   __ bind(&ok);
   __ ret(0);
 }
 
 #undef __
 }
 }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_IA32