Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/hydrogen.cc

Issue 1405363003: Move Hydrogen and Lithium to src/crankshaft/ (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: rebased Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/hydrogen.h ('k') | src/hydrogen-alias-analysis.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/hydrogen.h"
6
7 #include <sstream>
8
9 #include "src/allocation-site-scopes.h"
10 #include "src/ast-numbering.h"
11 #include "src/code-factory.h"
12 #include "src/full-codegen/full-codegen.h"
13 #include "src/hydrogen-bce.h"
14 #include "src/hydrogen-bch.h"
15 #include "src/hydrogen-canonicalize.h"
16 #include "src/hydrogen-check-elimination.h"
17 #include "src/hydrogen-dce.h"
18 #include "src/hydrogen-dehoist.h"
19 #include "src/hydrogen-environment-liveness.h"
20 #include "src/hydrogen-escape-analysis.h"
21 #include "src/hydrogen-gvn.h"
22 #include "src/hydrogen-infer-representation.h"
23 #include "src/hydrogen-infer-types.h"
24 #include "src/hydrogen-load-elimination.h"
25 #include "src/hydrogen-mark-deoptimize.h"
26 #include "src/hydrogen-mark-unreachable.h"
27 #include "src/hydrogen-osr.h"
28 #include "src/hydrogen-range-analysis.h"
29 #include "src/hydrogen-redundant-phi.h"
30 #include "src/hydrogen-removable-simulates.h"
31 #include "src/hydrogen-representation-changes.h"
32 #include "src/hydrogen-sce.h"
33 #include "src/hydrogen-store-elimination.h"
34 #include "src/hydrogen-uint32-analysis.h"
35 #include "src/ic/call-optimization.h"
36 #include "src/ic/ic.h"
37 // GetRootConstructor
38 #include "src/ic/ic-inl.h"
39 #include "src/isolate-inl.h"
40 #include "src/lithium-allocator.h"
41 #include "src/parser.h"
42 #include "src/runtime/runtime.h"
43 #include "src/scopeinfo.h"
44 #include "src/typing.h"
45
46 #if V8_TARGET_ARCH_IA32
47 #include "src/ia32/lithium-codegen-ia32.h" // NOLINT
48 #elif V8_TARGET_ARCH_X64
49 #include "src/x64/lithium-codegen-x64.h" // NOLINT
50 #elif V8_TARGET_ARCH_ARM64
51 #include "src/arm64/lithium-codegen-arm64.h" // NOLINT
52 #elif V8_TARGET_ARCH_ARM
53 #include "src/arm/lithium-codegen-arm.h" // NOLINT
54 #elif V8_TARGET_ARCH_PPC
55 #include "src/ppc/lithium-codegen-ppc.h" // NOLINT
56 #elif V8_TARGET_ARCH_MIPS
57 #include "src/mips/lithium-codegen-mips.h" // NOLINT
58 #elif V8_TARGET_ARCH_MIPS64
59 #include "src/mips64/lithium-codegen-mips64.h" // NOLINT
60 #elif V8_TARGET_ARCH_X87
61 #include "src/x87/lithium-codegen-x87.h" // NOLINT
62 #else
63 #error Unsupported target architecture.
64 #endif
65
66 namespace v8 {
67 namespace internal {
68
69 HBasicBlock::HBasicBlock(HGraph* graph)
70 : block_id_(graph->GetNextBlockID()),
71 graph_(graph),
72 phis_(4, graph->zone()),
73 first_(NULL),
74 last_(NULL),
75 end_(NULL),
76 loop_information_(NULL),
77 predecessors_(2, graph->zone()),
78 dominator_(NULL),
79 dominated_blocks_(4, graph->zone()),
80 last_environment_(NULL),
81 argument_count_(-1),
82 first_instruction_index_(-1),
83 last_instruction_index_(-1),
84 deleted_phis_(4, graph->zone()),
85 parent_loop_header_(NULL),
86 inlined_entry_block_(NULL),
87 is_inline_return_target_(false),
88 is_reachable_(true),
89 dominates_loop_successors_(false),
90 is_osr_entry_(false),
91 is_ordered_(false) { }
92
93
94 Isolate* HBasicBlock::isolate() const {
95 return graph_->isolate();
96 }
97
98
99 void HBasicBlock::MarkUnreachable() {
100 is_reachable_ = false;
101 }
102
103
104 void HBasicBlock::AttachLoopInformation() {
105 DCHECK(!IsLoopHeader());
106 loop_information_ = new(zone()) HLoopInformation(this, zone());
107 }
108
109
110 void HBasicBlock::DetachLoopInformation() {
111 DCHECK(IsLoopHeader());
112 loop_information_ = NULL;
113 }
114
115
116 void HBasicBlock::AddPhi(HPhi* phi) {
117 DCHECK(!IsStartBlock());
118 phis_.Add(phi, zone());
119 phi->SetBlock(this);
120 }
121
122
123 void HBasicBlock::RemovePhi(HPhi* phi) {
124 DCHECK(phi->block() == this);
125 DCHECK(phis_.Contains(phi));
126 phi->Kill();
127 phis_.RemoveElement(phi);
128 phi->SetBlock(NULL);
129 }
130
131
132 void HBasicBlock::AddInstruction(HInstruction* instr, SourcePosition position) {
133 DCHECK(!IsStartBlock() || !IsFinished());
134 DCHECK(!instr->IsLinked());
135 DCHECK(!IsFinished());
136
137 if (!position.IsUnknown()) {
138 instr->set_position(position);
139 }
140 if (first_ == NULL) {
141 DCHECK(last_environment() != NULL);
142 DCHECK(!last_environment()->ast_id().IsNone());
143 HBlockEntry* entry = new(zone()) HBlockEntry();
144 entry->InitializeAsFirst(this);
145 if (!position.IsUnknown()) {
146 entry->set_position(position);
147 } else {
148 DCHECK(!FLAG_hydrogen_track_positions ||
149 !graph()->info()->IsOptimizing() || instr->IsAbnormalExit());
150 }
151 first_ = last_ = entry;
152 }
153 instr->InsertAfter(last_);
154 }
155
156
157 HPhi* HBasicBlock::AddNewPhi(int merged_index) {
158 if (graph()->IsInsideNoSideEffectsScope()) {
159 merged_index = HPhi::kInvalidMergedIndex;
160 }
161 HPhi* phi = new(zone()) HPhi(merged_index, zone());
162 AddPhi(phi);
163 return phi;
164 }
165
166
167 HSimulate* HBasicBlock::CreateSimulate(BailoutId ast_id,
168 RemovableSimulate removable) {
169 DCHECK(HasEnvironment());
170 HEnvironment* environment = last_environment();
171 DCHECK(ast_id.IsNone() ||
172 ast_id == BailoutId::StubEntry() ||
173 environment->closure()->shared()->VerifyBailoutId(ast_id));
174
175 int push_count = environment->push_count();
176 int pop_count = environment->pop_count();
177
178 HSimulate* instr =
179 new(zone()) HSimulate(ast_id, pop_count, zone(), removable);
180 #ifdef DEBUG
181 instr->set_closure(environment->closure());
182 #endif
183 // Order of pushed values: newest (top of stack) first. This allows
184 // HSimulate::MergeWith() to easily append additional pushed values
185 // that are older (from further down the stack).
186 for (int i = 0; i < push_count; ++i) {
187 instr->AddPushedValue(environment->ExpressionStackAt(i));
188 }
189 for (GrowableBitVector::Iterator it(environment->assigned_variables(),
190 zone());
191 !it.Done();
192 it.Advance()) {
193 int index = it.Current();
194 instr->AddAssignedValue(index, environment->Lookup(index));
195 }
196 environment->ClearHistory();
197 return instr;
198 }
199
200
201 void HBasicBlock::Finish(HControlInstruction* end, SourcePosition position) {
202 DCHECK(!IsFinished());
203 AddInstruction(end, position);
204 end_ = end;
205 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
206 it.Current()->RegisterPredecessor(this);
207 }
208 }
209
210
211 void HBasicBlock::Goto(HBasicBlock* block, SourcePosition position,
212 FunctionState* state, bool add_simulate) {
213 bool drop_extra = state != NULL &&
214 state->inlining_kind() == NORMAL_RETURN;
215
216 if (block->IsInlineReturnTarget()) {
217 HEnvironment* env = last_environment();
218 int argument_count = env->arguments_environment()->parameter_count();
219 AddInstruction(new(zone())
220 HLeaveInlined(state->entry(), argument_count),
221 position);
222 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
223 }
224
225 if (add_simulate) AddNewSimulate(BailoutId::None(), position);
226 HGoto* instr = new(zone()) HGoto(block);
227 Finish(instr, position);
228 }
229
230
231 void HBasicBlock::AddLeaveInlined(HValue* return_value, FunctionState* state,
232 SourcePosition position) {
233 HBasicBlock* target = state->function_return();
234 bool drop_extra = state->inlining_kind() == NORMAL_RETURN;
235
236 DCHECK(target->IsInlineReturnTarget());
237 DCHECK(return_value != NULL);
238 HEnvironment* env = last_environment();
239 int argument_count = env->arguments_environment()->parameter_count();
240 AddInstruction(new(zone()) HLeaveInlined(state->entry(), argument_count),
241 position);
242 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
243 last_environment()->Push(return_value);
244 AddNewSimulate(BailoutId::None(), position);
245 HGoto* instr = new(zone()) HGoto(target);
246 Finish(instr, position);
247 }
248
249
250 void HBasicBlock::SetInitialEnvironment(HEnvironment* env) {
251 DCHECK(!HasEnvironment());
252 DCHECK(first() == NULL);
253 UpdateEnvironment(env);
254 }
255
256
257 void HBasicBlock::UpdateEnvironment(HEnvironment* env) {
258 last_environment_ = env;
259 graph()->update_maximum_environment_size(env->first_expression_index());
260 }
261
262
263 void HBasicBlock::SetJoinId(BailoutId ast_id) {
264 int length = predecessors_.length();
265 DCHECK(length > 0);
266 for (int i = 0; i < length; i++) {
267 HBasicBlock* predecessor = predecessors_[i];
268 DCHECK(predecessor->end()->IsGoto());
269 HSimulate* simulate = HSimulate::cast(predecessor->end()->previous());
270 DCHECK(i != 0 ||
271 (predecessor->last_environment()->closure().is_null() ||
272 predecessor->last_environment()->closure()->shared()
273 ->VerifyBailoutId(ast_id)));
274 simulate->set_ast_id(ast_id);
275 predecessor->last_environment()->set_ast_id(ast_id);
276 }
277 }
278
279
280 bool HBasicBlock::Dominates(HBasicBlock* other) const {
281 HBasicBlock* current = other->dominator();
282 while (current != NULL) {
283 if (current == this) return true;
284 current = current->dominator();
285 }
286 return false;
287 }
288
289
290 bool HBasicBlock::EqualToOrDominates(HBasicBlock* other) const {
291 if (this == other) return true;
292 return Dominates(other);
293 }
294
295
296 int HBasicBlock::LoopNestingDepth() const {
297 const HBasicBlock* current = this;
298 int result = (current->IsLoopHeader()) ? 1 : 0;
299 while (current->parent_loop_header() != NULL) {
300 current = current->parent_loop_header();
301 result++;
302 }
303 return result;
304 }
305
306
307 void HBasicBlock::PostProcessLoopHeader(IterationStatement* stmt) {
308 DCHECK(IsLoopHeader());
309
310 SetJoinId(stmt->EntryId());
311 if (predecessors()->length() == 1) {
312 // This is a degenerated loop.
313 DetachLoopInformation();
314 return;
315 }
316
317 // Only the first entry into the loop is from outside the loop. All other
318 // entries must be back edges.
319 for (int i = 1; i < predecessors()->length(); ++i) {
320 loop_information()->RegisterBackEdge(predecessors()->at(i));
321 }
322 }
323
324
325 void HBasicBlock::MarkSuccEdgeUnreachable(int succ) {
326 DCHECK(IsFinished());
327 HBasicBlock* succ_block = end()->SuccessorAt(succ);
328
329 DCHECK(succ_block->predecessors()->length() == 1);
330 succ_block->MarkUnreachable();
331 }
332
333
334 void HBasicBlock::RegisterPredecessor(HBasicBlock* pred) {
335 if (HasPredecessor()) {
336 // Only loop header blocks can have a predecessor added after
337 // instructions have been added to the block (they have phis for all
338 // values in the environment, these phis may be eliminated later).
339 DCHECK(IsLoopHeader() || first_ == NULL);
340 HEnvironment* incoming_env = pred->last_environment();
341 if (IsLoopHeader()) {
342 DCHECK_EQ(phis()->length(), incoming_env->length());
343 for (int i = 0; i < phis_.length(); ++i) {
344 phis_[i]->AddInput(incoming_env->values()->at(i));
345 }
346 } else {
347 last_environment()->AddIncomingEdge(this, pred->last_environment());
348 }
349 } else if (!HasEnvironment() && !IsFinished()) {
350 DCHECK(!IsLoopHeader());
351 SetInitialEnvironment(pred->last_environment()->Copy());
352 }
353
354 predecessors_.Add(pred, zone());
355 }
356
357
358 void HBasicBlock::AddDominatedBlock(HBasicBlock* block) {
359 DCHECK(!dominated_blocks_.Contains(block));
360 // Keep the list of dominated blocks sorted such that if there is two
361 // succeeding block in this list, the predecessor is before the successor.
362 int index = 0;
363 while (index < dominated_blocks_.length() &&
364 dominated_blocks_[index]->block_id() < block->block_id()) {
365 ++index;
366 }
367 dominated_blocks_.InsertAt(index, block, zone());
368 }
369
370
371 void HBasicBlock::AssignCommonDominator(HBasicBlock* other) {
372 if (dominator_ == NULL) {
373 dominator_ = other;
374 other->AddDominatedBlock(this);
375 } else if (other->dominator() != NULL) {
376 HBasicBlock* first = dominator_;
377 HBasicBlock* second = other;
378
379 while (first != second) {
380 if (first->block_id() > second->block_id()) {
381 first = first->dominator();
382 } else {
383 second = second->dominator();
384 }
385 DCHECK(first != NULL && second != NULL);
386 }
387
388 if (dominator_ != first) {
389 DCHECK(dominator_->dominated_blocks_.Contains(this));
390 dominator_->dominated_blocks_.RemoveElement(this);
391 dominator_ = first;
392 first->AddDominatedBlock(this);
393 }
394 }
395 }
396
397
398 void HBasicBlock::AssignLoopSuccessorDominators() {
399 // Mark blocks that dominate all subsequent reachable blocks inside their
400 // loop. Exploit the fact that blocks are sorted in reverse post order. When
401 // the loop is visited in increasing block id order, if the number of
402 // non-loop-exiting successor edges at the dominator_candidate block doesn't
403 // exceed the number of previously encountered predecessor edges, there is no
404 // path from the loop header to any block with higher id that doesn't go
405 // through the dominator_candidate block. In this case, the
406 // dominator_candidate block is guaranteed to dominate all blocks reachable
407 // from it with higher ids.
408 HBasicBlock* last = loop_information()->GetLastBackEdge();
409 int outstanding_successors = 1; // one edge from the pre-header
410 // Header always dominates everything.
411 MarkAsLoopSuccessorDominator();
412 for (int j = block_id(); j <= last->block_id(); ++j) {
413 HBasicBlock* dominator_candidate = graph_->blocks()->at(j);
414 for (HPredecessorIterator it(dominator_candidate); !it.Done();
415 it.Advance()) {
416 HBasicBlock* predecessor = it.Current();
417 // Don't count back edges.
418 if (predecessor->block_id() < dominator_candidate->block_id()) {
419 outstanding_successors--;
420 }
421 }
422
423 // If more successors than predecessors have been seen in the loop up to
424 // now, it's not possible to guarantee that the current block dominates
425 // all of the blocks with higher IDs. In this case, assume conservatively
426 // that those paths through loop that don't go through the current block
427 // contain all of the loop's dependencies. Also be careful to record
428 // dominator information about the current loop that's being processed,
429 // and not nested loops, which will be processed when
430 // AssignLoopSuccessorDominators gets called on their header.
431 DCHECK(outstanding_successors >= 0);
432 HBasicBlock* parent_loop_header = dominator_candidate->parent_loop_header();
433 if (outstanding_successors == 0 &&
434 (parent_loop_header == this && !dominator_candidate->IsLoopHeader())) {
435 dominator_candidate->MarkAsLoopSuccessorDominator();
436 }
437 HControlInstruction* end = dominator_candidate->end();
438 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
439 HBasicBlock* successor = it.Current();
440 // Only count successors that remain inside the loop and don't loop back
441 // to a loop header.
442 if (successor->block_id() > dominator_candidate->block_id() &&
443 successor->block_id() <= last->block_id()) {
444 // Backwards edges must land on loop headers.
445 DCHECK(successor->block_id() > dominator_candidate->block_id() ||
446 successor->IsLoopHeader());
447 outstanding_successors++;
448 }
449 }
450 }
451 }
452
453
454 int HBasicBlock::PredecessorIndexOf(HBasicBlock* predecessor) const {
455 for (int i = 0; i < predecessors_.length(); ++i) {
456 if (predecessors_[i] == predecessor) return i;
457 }
458 UNREACHABLE();
459 return -1;
460 }
461
462
463 #ifdef DEBUG
464 void HBasicBlock::Verify() {
465 // Check that every block is finished.
466 DCHECK(IsFinished());
467 DCHECK(block_id() >= 0);
468
469 // Check that the incoming edges are in edge split form.
470 if (predecessors_.length() > 1) {
471 for (int i = 0; i < predecessors_.length(); ++i) {
472 DCHECK(predecessors_[i]->end()->SecondSuccessor() == NULL);
473 }
474 }
475 }
476 #endif
477
478
479 void HLoopInformation::RegisterBackEdge(HBasicBlock* block) {
480 this->back_edges_.Add(block, block->zone());
481 AddBlock(block);
482 }
483
484
485 HBasicBlock* HLoopInformation::GetLastBackEdge() const {
486 int max_id = -1;
487 HBasicBlock* result = NULL;
488 for (int i = 0; i < back_edges_.length(); ++i) {
489 HBasicBlock* cur = back_edges_[i];
490 if (cur->block_id() > max_id) {
491 max_id = cur->block_id();
492 result = cur;
493 }
494 }
495 return result;
496 }
497
498
499 void HLoopInformation::AddBlock(HBasicBlock* block) {
500 if (block == loop_header()) return;
501 if (block->parent_loop_header() == loop_header()) return;
502 if (block->parent_loop_header() != NULL) {
503 AddBlock(block->parent_loop_header());
504 } else {
505 block->set_parent_loop_header(loop_header());
506 blocks_.Add(block, block->zone());
507 for (int i = 0; i < block->predecessors()->length(); ++i) {
508 AddBlock(block->predecessors()->at(i));
509 }
510 }
511 }
512
513
514 #ifdef DEBUG
515
516 // Checks reachability of the blocks in this graph and stores a bit in
517 // the BitVector "reachable()" for every block that can be reached
518 // from the start block of the graph. If "dont_visit" is non-null, the given
519 // block is treated as if it would not be part of the graph. "visited_count()"
520 // returns the number of reachable blocks.
521 class ReachabilityAnalyzer BASE_EMBEDDED {
522 public:
523 ReachabilityAnalyzer(HBasicBlock* entry_block,
524 int block_count,
525 HBasicBlock* dont_visit)
526 : visited_count_(0),
527 stack_(16, entry_block->zone()),
528 reachable_(block_count, entry_block->zone()),
529 dont_visit_(dont_visit) {
530 PushBlock(entry_block);
531 Analyze();
532 }
533
534 int visited_count() const { return visited_count_; }
535 const BitVector* reachable() const { return &reachable_; }
536
537 private:
538 void PushBlock(HBasicBlock* block) {
539 if (block != NULL && block != dont_visit_ &&
540 !reachable_.Contains(block->block_id())) {
541 reachable_.Add(block->block_id());
542 stack_.Add(block, block->zone());
543 visited_count_++;
544 }
545 }
546
547 void Analyze() {
548 while (!stack_.is_empty()) {
549 HControlInstruction* end = stack_.RemoveLast()->end();
550 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
551 PushBlock(it.Current());
552 }
553 }
554 }
555
556 int visited_count_;
557 ZoneList<HBasicBlock*> stack_;
558 BitVector reachable_;
559 HBasicBlock* dont_visit_;
560 };
561
562
563 void HGraph::Verify(bool do_full_verify) const {
564 Heap::RelocationLock relocation_lock(isolate()->heap());
565 AllowHandleDereference allow_deref;
566 AllowDeferredHandleDereference allow_deferred_deref;
567 for (int i = 0; i < blocks_.length(); i++) {
568 HBasicBlock* block = blocks_.at(i);
569
570 block->Verify();
571
572 // Check that every block contains at least one node and that only the last
573 // node is a control instruction.
574 HInstruction* current = block->first();
575 DCHECK(current != NULL && current->IsBlockEntry());
576 while (current != NULL) {
577 DCHECK((current->next() == NULL) == current->IsControlInstruction());
578 DCHECK(current->block() == block);
579 current->Verify();
580 current = current->next();
581 }
582
583 // Check that successors are correctly set.
584 HBasicBlock* first = block->end()->FirstSuccessor();
585 HBasicBlock* second = block->end()->SecondSuccessor();
586 DCHECK(second == NULL || first != NULL);
587
588 // Check that the predecessor array is correct.
589 if (first != NULL) {
590 DCHECK(first->predecessors()->Contains(block));
591 if (second != NULL) {
592 DCHECK(second->predecessors()->Contains(block));
593 }
594 }
595
596 // Check that phis have correct arguments.
597 for (int j = 0; j < block->phis()->length(); j++) {
598 HPhi* phi = block->phis()->at(j);
599 phi->Verify();
600 }
601
602 // Check that all join blocks have predecessors that end with an
603 // unconditional goto and agree on their environment node id.
604 if (block->predecessors()->length() >= 2) {
605 BailoutId id =
606 block->predecessors()->first()->last_environment()->ast_id();
607 for (int k = 0; k < block->predecessors()->length(); k++) {
608 HBasicBlock* predecessor = block->predecessors()->at(k);
609 DCHECK(predecessor->end()->IsGoto() ||
610 predecessor->end()->IsDeoptimize());
611 DCHECK(predecessor->last_environment()->ast_id() == id);
612 }
613 }
614 }
615
616 // Check special property of first block to have no predecessors.
617 DCHECK(blocks_.at(0)->predecessors()->is_empty());
618
619 if (do_full_verify) {
620 // Check that the graph is fully connected.
621 ReachabilityAnalyzer analyzer(entry_block_, blocks_.length(), NULL);
622 DCHECK(analyzer.visited_count() == blocks_.length());
623
624 // Check that entry block dominator is NULL.
625 DCHECK(entry_block_->dominator() == NULL);
626
627 // Check dominators.
628 for (int i = 0; i < blocks_.length(); ++i) {
629 HBasicBlock* block = blocks_.at(i);
630 if (block->dominator() == NULL) {
631 // Only start block may have no dominator assigned to.
632 DCHECK(i == 0);
633 } else {
634 // Assert that block is unreachable if dominator must not be visited.
635 ReachabilityAnalyzer dominator_analyzer(entry_block_,
636 blocks_.length(),
637 block->dominator());
638 DCHECK(!dominator_analyzer.reachable()->Contains(block->block_id()));
639 }
640 }
641 }
642 }
643
644 #endif
645
646
647 HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
648 int32_t value) {
649 if (!pointer->is_set()) {
650 // Can't pass GetInvalidContext() to HConstant::New, because that will
651 // recursively call GetConstant
652 HConstant* constant = HConstant::New(isolate(), zone(), NULL, value);
653 constant->InsertAfter(entry_block()->first());
654 pointer->set(constant);
655 return constant;
656 }
657 return ReinsertConstantIfNecessary(pointer->get());
658 }
659
660
661 HConstant* HGraph::ReinsertConstantIfNecessary(HConstant* constant) {
662 if (!constant->IsLinked()) {
663 // The constant was removed from the graph. Reinsert.
664 constant->ClearFlag(HValue::kIsDead);
665 constant->InsertAfter(entry_block()->first());
666 }
667 return constant;
668 }
669
670
671 HConstant* HGraph::GetConstant0() {
672 return GetConstant(&constant_0_, 0);
673 }
674
675
676 HConstant* HGraph::GetConstant1() {
677 return GetConstant(&constant_1_, 1);
678 }
679
680
681 HConstant* HGraph::GetConstantMinus1() {
682 return GetConstant(&constant_minus1_, -1);
683 }
684
685
686 HConstant* HGraph::GetConstantBool(bool value) {
687 return value ? GetConstantTrue() : GetConstantFalse();
688 }
689
690
691 #define DEFINE_GET_CONSTANT(Name, name, type, htype, boolean_value) \
692 HConstant* HGraph::GetConstant##Name() { \
693 if (!constant_##name##_.is_set()) { \
694 HConstant* constant = new(zone()) HConstant( \
695 Unique<Object>::CreateImmovable(isolate()->factory()->name##_value()), \
696 Unique<Map>::CreateImmovable(isolate()->factory()->type##_map()), \
697 false, \
698 Representation::Tagged(), \
699 htype, \
700 true, \
701 boolean_value, \
702 false, \
703 ODDBALL_TYPE); \
704 constant->InsertAfter(entry_block()->first()); \
705 constant_##name##_.set(constant); \
706 } \
707 return ReinsertConstantIfNecessary(constant_##name##_.get()); \
708 }
709
710
711 DEFINE_GET_CONSTANT(Undefined, undefined, undefined, HType::Undefined(), false)
712 DEFINE_GET_CONSTANT(True, true, boolean, HType::Boolean(), true)
713 DEFINE_GET_CONSTANT(False, false, boolean, HType::Boolean(), false)
714 DEFINE_GET_CONSTANT(Hole, the_hole, the_hole, HType::None(), false)
715 DEFINE_GET_CONSTANT(Null, null, null, HType::Null(), false)
716
717
718 #undef DEFINE_GET_CONSTANT
719
720 #define DEFINE_IS_CONSTANT(Name, name) \
721 bool HGraph::IsConstant##Name(HConstant* constant) { \
722 return constant_##name##_.is_set() && constant == constant_##name##_.get(); \
723 }
724 DEFINE_IS_CONSTANT(Undefined, undefined)
725 DEFINE_IS_CONSTANT(0, 0)
726 DEFINE_IS_CONSTANT(1, 1)
727 DEFINE_IS_CONSTANT(Minus1, minus1)
728 DEFINE_IS_CONSTANT(True, true)
729 DEFINE_IS_CONSTANT(False, false)
730 DEFINE_IS_CONSTANT(Hole, the_hole)
731 DEFINE_IS_CONSTANT(Null, null)
732
733 #undef DEFINE_IS_CONSTANT
734
735
736 HConstant* HGraph::GetInvalidContext() {
737 return GetConstant(&constant_invalid_context_, 0xFFFFC0C7);
738 }
739
740
741 bool HGraph::IsStandardConstant(HConstant* constant) {
742 if (IsConstantUndefined(constant)) return true;
743 if (IsConstant0(constant)) return true;
744 if (IsConstant1(constant)) return true;
745 if (IsConstantMinus1(constant)) return true;
746 if (IsConstantTrue(constant)) return true;
747 if (IsConstantFalse(constant)) return true;
748 if (IsConstantHole(constant)) return true;
749 if (IsConstantNull(constant)) return true;
750 return false;
751 }
752
753
754 HGraphBuilder::IfBuilder::IfBuilder() : builder_(NULL), needs_compare_(true) {}
755
756
757 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder)
758 : needs_compare_(true) {
759 Initialize(builder);
760 }
761
762
763 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder,
764 HIfContinuation* continuation)
765 : needs_compare_(false), first_true_block_(NULL), first_false_block_(NULL) {
766 InitializeDontCreateBlocks(builder);
767 continuation->Continue(&first_true_block_, &first_false_block_);
768 }
769
770
771 void HGraphBuilder::IfBuilder::InitializeDontCreateBlocks(
772 HGraphBuilder* builder) {
773 builder_ = builder;
774 finished_ = false;
775 did_then_ = false;
776 did_else_ = false;
777 did_else_if_ = false;
778 did_and_ = false;
779 did_or_ = false;
780 captured_ = false;
781 pending_merge_block_ = false;
782 split_edge_merge_block_ = NULL;
783 merge_at_join_blocks_ = NULL;
784 normal_merge_at_join_block_count_ = 0;
785 deopt_merge_at_join_block_count_ = 0;
786 }
787
788
789 void HGraphBuilder::IfBuilder::Initialize(HGraphBuilder* builder) {
790 InitializeDontCreateBlocks(builder);
791 HEnvironment* env = builder->environment();
792 first_true_block_ = builder->CreateBasicBlock(env->Copy());
793 first_false_block_ = builder->CreateBasicBlock(env->Copy());
794 }
795
796
797 HControlInstruction* HGraphBuilder::IfBuilder::AddCompare(
798 HControlInstruction* compare) {
799 DCHECK(did_then_ == did_else_);
800 if (did_else_) {
801 // Handle if-then-elseif
802 did_else_if_ = true;
803 did_else_ = false;
804 did_then_ = false;
805 did_and_ = false;
806 did_or_ = false;
807 pending_merge_block_ = false;
808 split_edge_merge_block_ = NULL;
809 HEnvironment* env = builder()->environment();
810 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
811 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
812 }
813 if (split_edge_merge_block_ != NULL) {
814 HEnvironment* env = first_false_block_->last_environment();
815 HBasicBlock* split_edge = builder()->CreateBasicBlock(env->Copy());
816 if (did_or_) {
817 compare->SetSuccessorAt(0, split_edge);
818 compare->SetSuccessorAt(1, first_false_block_);
819 } else {
820 compare->SetSuccessorAt(0, first_true_block_);
821 compare->SetSuccessorAt(1, split_edge);
822 }
823 builder()->GotoNoSimulate(split_edge, split_edge_merge_block_);
824 } else {
825 compare->SetSuccessorAt(0, first_true_block_);
826 compare->SetSuccessorAt(1, first_false_block_);
827 }
828 builder()->FinishCurrentBlock(compare);
829 needs_compare_ = false;
830 return compare;
831 }
832
833
834 void HGraphBuilder::IfBuilder::Or() {
835 DCHECK(!needs_compare_);
836 DCHECK(!did_and_);
837 did_or_ = true;
838 HEnvironment* env = first_false_block_->last_environment();
839 if (split_edge_merge_block_ == NULL) {
840 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
841 builder()->GotoNoSimulate(first_true_block_, split_edge_merge_block_);
842 first_true_block_ = split_edge_merge_block_;
843 }
844 builder()->set_current_block(first_false_block_);
845 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
846 }
847
848
849 void HGraphBuilder::IfBuilder::And() {
850 DCHECK(!needs_compare_);
851 DCHECK(!did_or_);
852 did_and_ = true;
853 HEnvironment* env = first_false_block_->last_environment();
854 if (split_edge_merge_block_ == NULL) {
855 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
856 builder()->GotoNoSimulate(first_false_block_, split_edge_merge_block_);
857 first_false_block_ = split_edge_merge_block_;
858 }
859 builder()->set_current_block(first_true_block_);
860 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
861 }
862
863
864 void HGraphBuilder::IfBuilder::CaptureContinuation(
865 HIfContinuation* continuation) {
866 DCHECK(!did_else_if_);
867 DCHECK(!finished_);
868 DCHECK(!captured_);
869
870 HBasicBlock* true_block = NULL;
871 HBasicBlock* false_block = NULL;
872 Finish(&true_block, &false_block);
873 DCHECK(true_block != NULL);
874 DCHECK(false_block != NULL);
875 continuation->Capture(true_block, false_block);
876 captured_ = true;
877 builder()->set_current_block(NULL);
878 End();
879 }
880
881
882 void HGraphBuilder::IfBuilder::JoinContinuation(HIfContinuation* continuation) {
883 DCHECK(!did_else_if_);
884 DCHECK(!finished_);
885 DCHECK(!captured_);
886 HBasicBlock* true_block = NULL;
887 HBasicBlock* false_block = NULL;
888 Finish(&true_block, &false_block);
889 merge_at_join_blocks_ = NULL;
890 if (true_block != NULL && !true_block->IsFinished()) {
891 DCHECK(continuation->IsTrueReachable());
892 builder()->GotoNoSimulate(true_block, continuation->true_branch());
893 }
894 if (false_block != NULL && !false_block->IsFinished()) {
895 DCHECK(continuation->IsFalseReachable());
896 builder()->GotoNoSimulate(false_block, continuation->false_branch());
897 }
898 captured_ = true;
899 End();
900 }
901
902
903 void HGraphBuilder::IfBuilder::Then() {
904 DCHECK(!captured_);
905 DCHECK(!finished_);
906 did_then_ = true;
907 if (needs_compare_) {
908 // Handle if's without any expressions, they jump directly to the "else"
909 // branch. However, we must pretend that the "then" branch is reachable,
910 // so that the graph builder visits it and sees any live range extending
911 // constructs within it.
912 HConstant* constant_false = builder()->graph()->GetConstantFalse();
913 ToBooleanStub::Types boolean_type = ToBooleanStub::Types();
914 boolean_type.Add(ToBooleanStub::BOOLEAN);
915 HBranch* branch = builder()->New<HBranch>(
916 constant_false, boolean_type, first_true_block_, first_false_block_);
917 builder()->FinishCurrentBlock(branch);
918 }
919 builder()->set_current_block(first_true_block_);
920 pending_merge_block_ = true;
921 }
922
923
924 void HGraphBuilder::IfBuilder::Else() {
925 DCHECK(did_then_);
926 DCHECK(!captured_);
927 DCHECK(!finished_);
928 AddMergeAtJoinBlock(false);
929 builder()->set_current_block(first_false_block_);
930 pending_merge_block_ = true;
931 did_else_ = true;
932 }
933
934
935 void HGraphBuilder::IfBuilder::Deopt(Deoptimizer::DeoptReason reason) {
936 DCHECK(did_then_);
937 builder()->Add<HDeoptimize>(reason, Deoptimizer::EAGER);
938 AddMergeAtJoinBlock(true);
939 }
940
941
942 void HGraphBuilder::IfBuilder::Return(HValue* value) {
943 HValue* parameter_count = builder()->graph()->GetConstantMinus1();
944 builder()->FinishExitCurrentBlock(
945 builder()->New<HReturn>(value, parameter_count));
946 AddMergeAtJoinBlock(false);
947 }
948
949
950 void HGraphBuilder::IfBuilder::AddMergeAtJoinBlock(bool deopt) {
951 if (!pending_merge_block_) return;
952 HBasicBlock* block = builder()->current_block();
953 DCHECK(block == NULL || !block->IsFinished());
954 MergeAtJoinBlock* record = new (builder()->zone())
955 MergeAtJoinBlock(block, deopt, merge_at_join_blocks_);
956 merge_at_join_blocks_ = record;
957 if (block != NULL) {
958 DCHECK(block->end() == NULL);
959 if (deopt) {
960 normal_merge_at_join_block_count_++;
961 } else {
962 deopt_merge_at_join_block_count_++;
963 }
964 }
965 builder()->set_current_block(NULL);
966 pending_merge_block_ = false;
967 }
968
969
970 void HGraphBuilder::IfBuilder::Finish() {
971 DCHECK(!finished_);
972 if (!did_then_) {
973 Then();
974 }
975 AddMergeAtJoinBlock(false);
976 if (!did_else_) {
977 Else();
978 AddMergeAtJoinBlock(false);
979 }
980 finished_ = true;
981 }
982
983
984 void HGraphBuilder::IfBuilder::Finish(HBasicBlock** then_continuation,
985 HBasicBlock** else_continuation) {
986 Finish();
987
988 MergeAtJoinBlock* else_record = merge_at_join_blocks_;
989 if (else_continuation != NULL) {
990 *else_continuation = else_record->block_;
991 }
992 MergeAtJoinBlock* then_record = else_record->next_;
993 if (then_continuation != NULL) {
994 *then_continuation = then_record->block_;
995 }
996 DCHECK(then_record->next_ == NULL);
997 }
998
999
1000 void HGraphBuilder::IfBuilder::EndUnreachable() {
1001 if (captured_) return;
1002 Finish();
1003 builder()->set_current_block(nullptr);
1004 }
1005
1006
1007 void HGraphBuilder::IfBuilder::End() {
1008 if (captured_) return;
1009 Finish();
1010
1011 int total_merged_blocks = normal_merge_at_join_block_count_ +
1012 deopt_merge_at_join_block_count_;
1013 DCHECK(total_merged_blocks >= 1);
1014 HBasicBlock* merge_block =
1015 total_merged_blocks == 1 ? NULL : builder()->graph()->CreateBasicBlock();
1016
1017 // Merge non-deopt blocks first to ensure environment has right size for
1018 // padding.
1019 MergeAtJoinBlock* current = merge_at_join_blocks_;
1020 while (current != NULL) {
1021 if (!current->deopt_ && current->block_ != NULL) {
1022 // If there is only one block that makes it through to the end of the
1023 // if, then just set it as the current block and continue rather then
1024 // creating an unnecessary merge block.
1025 if (total_merged_blocks == 1) {
1026 builder()->set_current_block(current->block_);
1027 return;
1028 }
1029 builder()->GotoNoSimulate(current->block_, merge_block);
1030 }
1031 current = current->next_;
1032 }
1033
1034 // Merge deopt blocks, padding when necessary.
1035 current = merge_at_join_blocks_;
1036 while (current != NULL) {
1037 if (current->deopt_ && current->block_ != NULL) {
1038 current->block_->FinishExit(
1039 HAbnormalExit::New(builder()->isolate(), builder()->zone(), NULL),
1040 SourcePosition::Unknown());
1041 }
1042 current = current->next_;
1043 }
1044 builder()->set_current_block(merge_block);
1045 }
1046
1047
1048 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder) {
1049 Initialize(builder, NULL, kWhileTrue, NULL);
1050 }
1051
1052
1053 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1054 LoopBuilder::Direction direction) {
1055 Initialize(builder, context, direction, builder->graph()->GetConstant1());
1056 }
1057
1058
1059 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1060 LoopBuilder::Direction direction,
1061 HValue* increment_amount) {
1062 Initialize(builder, context, direction, increment_amount);
1063 increment_amount_ = increment_amount;
1064 }
1065
1066
1067 void HGraphBuilder::LoopBuilder::Initialize(HGraphBuilder* builder,
1068 HValue* context,
1069 Direction direction,
1070 HValue* increment_amount) {
1071 builder_ = builder;
1072 context_ = context;
1073 direction_ = direction;
1074 increment_amount_ = increment_amount;
1075
1076 finished_ = false;
1077 header_block_ = builder->CreateLoopHeaderBlock();
1078 body_block_ = NULL;
1079 exit_block_ = NULL;
1080 exit_trampoline_block_ = NULL;
1081 }
1082
1083
1084 HValue* HGraphBuilder::LoopBuilder::BeginBody(
1085 HValue* initial,
1086 HValue* terminating,
1087 Token::Value token) {
1088 DCHECK(direction_ != kWhileTrue);
1089 HEnvironment* env = builder_->environment();
1090 phi_ = header_block_->AddNewPhi(env->values()->length());
1091 phi_->AddInput(initial);
1092 env->Push(initial);
1093 builder_->GotoNoSimulate(header_block_);
1094
1095 HEnvironment* body_env = env->Copy();
1096 HEnvironment* exit_env = env->Copy();
1097 // Remove the phi from the expression stack
1098 body_env->Pop();
1099 exit_env->Pop();
1100 body_block_ = builder_->CreateBasicBlock(body_env);
1101 exit_block_ = builder_->CreateBasicBlock(exit_env);
1102
1103 builder_->set_current_block(header_block_);
1104 env->Pop();
1105 builder_->FinishCurrentBlock(builder_->New<HCompareNumericAndBranch>(
1106 phi_, terminating, token, body_block_, exit_block_));
1107
1108 builder_->set_current_block(body_block_);
1109 if (direction_ == kPreIncrement || direction_ == kPreDecrement) {
1110 Isolate* isolate = builder_->isolate();
1111 HValue* one = builder_->graph()->GetConstant1();
1112 if (direction_ == kPreIncrement) {
1113 increment_ = HAdd::New(isolate, zone(), context_, phi_, one);
1114 } else {
1115 increment_ = HSub::New(isolate, zone(), context_, phi_, one);
1116 }
1117 increment_->ClearFlag(HValue::kCanOverflow);
1118 builder_->AddInstruction(increment_);
1119 return increment_;
1120 } else {
1121 return phi_;
1122 }
1123 }
1124
1125
1126 void HGraphBuilder::LoopBuilder::BeginBody(int drop_count) {
1127 DCHECK(direction_ == kWhileTrue);
1128 HEnvironment* env = builder_->environment();
1129 builder_->GotoNoSimulate(header_block_);
1130 builder_->set_current_block(header_block_);
1131 env->Drop(drop_count);
1132 }
1133
1134
1135 void HGraphBuilder::LoopBuilder::Break() {
1136 if (exit_trampoline_block_ == NULL) {
1137 // Its the first time we saw a break.
1138 if (direction_ == kWhileTrue) {
1139 HEnvironment* env = builder_->environment()->Copy();
1140 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1141 } else {
1142 HEnvironment* env = exit_block_->last_environment()->Copy();
1143 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1144 builder_->GotoNoSimulate(exit_block_, exit_trampoline_block_);
1145 }
1146 }
1147
1148 builder_->GotoNoSimulate(exit_trampoline_block_);
1149 builder_->set_current_block(NULL);
1150 }
1151
1152
1153 void HGraphBuilder::LoopBuilder::EndBody() {
1154 DCHECK(!finished_);
1155
1156 if (direction_ == kPostIncrement || direction_ == kPostDecrement) {
1157 Isolate* isolate = builder_->isolate();
1158 if (direction_ == kPostIncrement) {
1159 increment_ =
1160 HAdd::New(isolate, zone(), context_, phi_, increment_amount_);
1161 } else {
1162 increment_ =
1163 HSub::New(isolate, zone(), context_, phi_, increment_amount_);
1164 }
1165 increment_->ClearFlag(HValue::kCanOverflow);
1166 builder_->AddInstruction(increment_);
1167 }
1168
1169 if (direction_ != kWhileTrue) {
1170 // Push the new increment value on the expression stack to merge into
1171 // the phi.
1172 builder_->environment()->Push(increment_);
1173 }
1174 HBasicBlock* last_block = builder_->current_block();
1175 builder_->GotoNoSimulate(last_block, header_block_);
1176 header_block_->loop_information()->RegisterBackEdge(last_block);
1177
1178 if (exit_trampoline_block_ != NULL) {
1179 builder_->set_current_block(exit_trampoline_block_);
1180 } else {
1181 builder_->set_current_block(exit_block_);
1182 }
1183 finished_ = true;
1184 }
1185
1186
1187 HGraph* HGraphBuilder::CreateGraph() {
1188 graph_ = new(zone()) HGraph(info_);
1189 if (FLAG_hydrogen_stats) isolate()->GetHStatistics()->Initialize(info_);
1190 CompilationPhase phase("H_Block building", info_);
1191 set_current_block(graph()->entry_block());
1192 if (!BuildGraph()) return NULL;
1193 graph()->FinalizeUniqueness();
1194 return graph_;
1195 }
1196
1197
1198 HInstruction* HGraphBuilder::AddInstruction(HInstruction* instr) {
1199 DCHECK(current_block() != NULL);
1200 DCHECK(!FLAG_hydrogen_track_positions ||
1201 !position_.IsUnknown() ||
1202 !info_->IsOptimizing());
1203 current_block()->AddInstruction(instr, source_position());
1204 if (graph()->IsInsideNoSideEffectsScope()) {
1205 instr->SetFlag(HValue::kHasNoObservableSideEffects);
1206 }
1207 return instr;
1208 }
1209
1210
1211 void HGraphBuilder::FinishCurrentBlock(HControlInstruction* last) {
1212 DCHECK(!FLAG_hydrogen_track_positions ||
1213 !info_->IsOptimizing() ||
1214 !position_.IsUnknown());
1215 current_block()->Finish(last, source_position());
1216 if (last->IsReturn() || last->IsAbnormalExit()) {
1217 set_current_block(NULL);
1218 }
1219 }
1220
1221
1222 void HGraphBuilder::FinishExitCurrentBlock(HControlInstruction* instruction) {
1223 DCHECK(!FLAG_hydrogen_track_positions || !info_->IsOptimizing() ||
1224 !position_.IsUnknown());
1225 current_block()->FinishExit(instruction, source_position());
1226 if (instruction->IsReturn() || instruction->IsAbnormalExit()) {
1227 set_current_block(NULL);
1228 }
1229 }
1230
1231
1232 void HGraphBuilder::AddIncrementCounter(StatsCounter* counter) {
1233 if (FLAG_native_code_counters && counter->Enabled()) {
1234 HValue* reference = Add<HConstant>(ExternalReference(counter));
1235 HValue* old_value =
1236 Add<HLoadNamedField>(reference, nullptr, HObjectAccess::ForCounter());
1237 HValue* new_value = AddUncasted<HAdd>(old_value, graph()->GetConstant1());
1238 new_value->ClearFlag(HValue::kCanOverflow); // Ignore counter overflow
1239 Add<HStoreNamedField>(reference, HObjectAccess::ForCounter(),
1240 new_value, STORE_TO_INITIALIZED_ENTRY);
1241 }
1242 }
1243
1244
1245 void HGraphBuilder::AddSimulate(BailoutId id,
1246 RemovableSimulate removable) {
1247 DCHECK(current_block() != NULL);
1248 DCHECK(!graph()->IsInsideNoSideEffectsScope());
1249 current_block()->AddNewSimulate(id, source_position(), removable);
1250 }
1251
1252
1253 HBasicBlock* HGraphBuilder::CreateBasicBlock(HEnvironment* env) {
1254 HBasicBlock* b = graph()->CreateBasicBlock();
1255 b->SetInitialEnvironment(env);
1256 return b;
1257 }
1258
1259
1260 HBasicBlock* HGraphBuilder::CreateLoopHeaderBlock() {
1261 HBasicBlock* header = graph()->CreateBasicBlock();
1262 HEnvironment* entry_env = environment()->CopyAsLoopHeader(header);
1263 header->SetInitialEnvironment(entry_env);
1264 header->AttachLoopInformation();
1265 return header;
1266 }
1267
1268
1269 HValue* HGraphBuilder::BuildGetElementsKind(HValue* object) {
1270 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
1271
1272 HValue* bit_field2 =
1273 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField2());
1274 return BuildDecodeField<Map::ElementsKindBits>(bit_field2);
1275 }
1276
1277
1278 HValue* HGraphBuilder::BuildCheckHeapObject(HValue* obj) {
1279 if (obj->type().IsHeapObject()) return obj;
1280 return Add<HCheckHeapObject>(obj);
1281 }
1282
1283
1284 void HGraphBuilder::FinishExitWithHardDeoptimization(
1285 Deoptimizer::DeoptReason reason) {
1286 Add<HDeoptimize>(reason, Deoptimizer::EAGER);
1287 FinishExitCurrentBlock(New<HAbnormalExit>());
1288 }
1289
1290
1291 HValue* HGraphBuilder::BuildCheckString(HValue* string) {
1292 if (!string->type().IsString()) {
1293 DCHECK(!string->IsConstant() ||
1294 !HConstant::cast(string)->HasStringValue());
1295 BuildCheckHeapObject(string);
1296 return Add<HCheckInstanceType>(string, HCheckInstanceType::IS_STRING);
1297 }
1298 return string;
1299 }
1300
1301
1302 HValue* HGraphBuilder::BuildWrapReceiver(HValue* object, HValue* function) {
1303 if (object->type().IsJSObject()) return object;
1304 if (function->IsConstant() &&
1305 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
1306 Handle<JSFunction> f = Handle<JSFunction>::cast(
1307 HConstant::cast(function)->handle(isolate()));
1308 SharedFunctionInfo* shared = f->shared();
1309 if (is_strict(shared->language_mode()) || shared->native()) return object;
1310 }
1311 return Add<HWrapReceiver>(object, function);
1312 }
1313
1314
1315 HValue* HGraphBuilder::BuildCheckAndGrowElementsCapacity(
1316 HValue* object, HValue* elements, ElementsKind kind, HValue* length,
1317 HValue* capacity, HValue* key) {
1318 HValue* max_gap = Add<HConstant>(static_cast<int32_t>(JSObject::kMaxGap));
1319 HValue* max_capacity = AddUncasted<HAdd>(capacity, max_gap);
1320 Add<HBoundsCheck>(key, max_capacity);
1321
1322 HValue* new_capacity = BuildNewElementsCapacity(key);
1323 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind, kind,
1324 length, new_capacity);
1325 return new_elements;
1326 }
1327
1328
1329 HValue* HGraphBuilder::BuildCheckForCapacityGrow(
1330 HValue* object,
1331 HValue* elements,
1332 ElementsKind kind,
1333 HValue* length,
1334 HValue* key,
1335 bool is_js_array,
1336 PropertyAccessType access_type) {
1337 IfBuilder length_checker(this);
1338
1339 Token::Value token = IsHoleyElementsKind(kind) ? Token::GTE : Token::EQ;
1340 length_checker.If<HCompareNumericAndBranch>(key, length, token);
1341
1342 length_checker.Then();
1343
1344 HValue* current_capacity = AddLoadFixedArrayLength(elements);
1345
1346 if (top_info()->IsStub()) {
1347 IfBuilder capacity_checker(this);
1348 capacity_checker.If<HCompareNumericAndBranch>(key, current_capacity,
1349 Token::GTE);
1350 capacity_checker.Then();
1351 HValue* new_elements = BuildCheckAndGrowElementsCapacity(
1352 object, elements, kind, length, current_capacity, key);
1353 environment()->Push(new_elements);
1354 capacity_checker.Else();
1355 environment()->Push(elements);
1356 capacity_checker.End();
1357 } else {
1358 HValue* result = Add<HMaybeGrowElements>(
1359 object, elements, key, current_capacity, is_js_array, kind);
1360 environment()->Push(result);
1361 }
1362
1363 if (is_js_array) {
1364 HValue* new_length = AddUncasted<HAdd>(key, graph_->GetConstant1());
1365 new_length->ClearFlag(HValue::kCanOverflow);
1366
1367 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(kind),
1368 new_length);
1369 }
1370
1371 if (access_type == STORE && kind == FAST_SMI_ELEMENTS) {
1372 HValue* checked_elements = environment()->Top();
1373
1374 // Write zero to ensure that the new element is initialized with some smi.
1375 Add<HStoreKeyed>(checked_elements, key, graph()->GetConstant0(), kind);
1376 }
1377
1378 length_checker.Else();
1379 Add<HBoundsCheck>(key, length);
1380
1381 environment()->Push(elements);
1382 length_checker.End();
1383
1384 return environment()->Pop();
1385 }
1386
1387
1388 HValue* HGraphBuilder::BuildCopyElementsOnWrite(HValue* object,
1389 HValue* elements,
1390 ElementsKind kind,
1391 HValue* length) {
1392 Factory* factory = isolate()->factory();
1393
1394 IfBuilder cow_checker(this);
1395
1396 cow_checker.If<HCompareMap>(elements, factory->fixed_cow_array_map());
1397 cow_checker.Then();
1398
1399 HValue* capacity = AddLoadFixedArrayLength(elements);
1400
1401 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind,
1402 kind, length, capacity);
1403
1404 environment()->Push(new_elements);
1405
1406 cow_checker.Else();
1407
1408 environment()->Push(elements);
1409
1410 cow_checker.End();
1411
1412 return environment()->Pop();
1413 }
1414
1415
1416 void HGraphBuilder::BuildTransitionElementsKind(HValue* object,
1417 HValue* map,
1418 ElementsKind from_kind,
1419 ElementsKind to_kind,
1420 bool is_jsarray) {
1421 DCHECK(!IsFastHoleyElementsKind(from_kind) ||
1422 IsFastHoleyElementsKind(to_kind));
1423
1424 if (AllocationSite::GetMode(from_kind, to_kind) == TRACK_ALLOCATION_SITE) {
1425 Add<HTrapAllocationMemento>(object);
1426 }
1427
1428 if (!IsSimpleMapChangeTransition(from_kind, to_kind)) {
1429 HInstruction* elements = AddLoadElements(object);
1430
1431 HInstruction* empty_fixed_array = Add<HConstant>(
1432 isolate()->factory()->empty_fixed_array());
1433
1434 IfBuilder if_builder(this);
1435
1436 if_builder.IfNot<HCompareObjectEqAndBranch>(elements, empty_fixed_array);
1437
1438 if_builder.Then();
1439
1440 HInstruction* elements_length = AddLoadFixedArrayLength(elements);
1441
1442 HInstruction* array_length =
1443 is_jsarray
1444 ? Add<HLoadNamedField>(object, nullptr,
1445 HObjectAccess::ForArrayLength(from_kind))
1446 : elements_length;
1447
1448 BuildGrowElementsCapacity(object, elements, from_kind, to_kind,
1449 array_length, elements_length);
1450
1451 if_builder.End();
1452 }
1453
1454 Add<HStoreNamedField>(object, HObjectAccess::ForMap(), map);
1455 }
1456
1457
1458 void HGraphBuilder::BuildJSObjectCheck(HValue* receiver,
1459 int bit_field_mask) {
1460 // Check that the object isn't a smi.
1461 Add<HCheckHeapObject>(receiver);
1462
1463 // Get the map of the receiver.
1464 HValue* map =
1465 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1466
1467 // Check the instance type and if an access check is needed, this can be
1468 // done with a single load, since both bytes are adjacent in the map.
1469 HObjectAccess access(HObjectAccess::ForMapInstanceTypeAndBitField());
1470 HValue* instance_type_and_bit_field =
1471 Add<HLoadNamedField>(map, nullptr, access);
1472
1473 HValue* mask = Add<HConstant>(0x00FF | (bit_field_mask << 8));
1474 HValue* and_result = AddUncasted<HBitwise>(Token::BIT_AND,
1475 instance_type_and_bit_field,
1476 mask);
1477 HValue* sub_result = AddUncasted<HSub>(and_result,
1478 Add<HConstant>(JS_OBJECT_TYPE));
1479 Add<HBoundsCheck>(sub_result,
1480 Add<HConstant>(LAST_JS_OBJECT_TYPE + 1 - JS_OBJECT_TYPE));
1481 }
1482
1483
1484 void HGraphBuilder::BuildKeyedIndexCheck(HValue* key,
1485 HIfContinuation* join_continuation) {
1486 // The sometimes unintuitively backward ordering of the ifs below is
1487 // convoluted, but necessary. All of the paths must guarantee that the
1488 // if-true of the continuation returns a smi element index and the if-false of
1489 // the continuation returns either a symbol or a unique string key. All other
1490 // object types cause a deopt to fall back to the runtime.
1491
1492 IfBuilder key_smi_if(this);
1493 key_smi_if.If<HIsSmiAndBranch>(key);
1494 key_smi_if.Then();
1495 {
1496 Push(key); // Nothing to do, just continue to true of continuation.
1497 }
1498 key_smi_if.Else();
1499 {
1500 HValue* map = Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForMap());
1501 HValue* instance_type =
1502 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1503
1504 // Non-unique string, check for a string with a hash code that is actually
1505 // an index.
1506 STATIC_ASSERT(LAST_UNIQUE_NAME_TYPE == FIRST_NONSTRING_TYPE);
1507 IfBuilder not_string_or_name_if(this);
1508 not_string_or_name_if.If<HCompareNumericAndBranch>(
1509 instance_type,
1510 Add<HConstant>(LAST_UNIQUE_NAME_TYPE),
1511 Token::GT);
1512
1513 not_string_or_name_if.Then();
1514 {
1515 // Non-smi, non-Name, non-String: Try to convert to smi in case of
1516 // HeapNumber.
1517 // TODO(danno): This could call some variant of ToString
1518 Push(AddUncasted<HForceRepresentation>(key, Representation::Smi()));
1519 }
1520 not_string_or_name_if.Else();
1521 {
1522 // String or Name: check explicitly for Name, they can short-circuit
1523 // directly to unique non-index key path.
1524 IfBuilder not_symbol_if(this);
1525 not_symbol_if.If<HCompareNumericAndBranch>(
1526 instance_type,
1527 Add<HConstant>(SYMBOL_TYPE),
1528 Token::NE);
1529
1530 not_symbol_if.Then();
1531 {
1532 // String: check whether the String is a String of an index. If it is,
1533 // extract the index value from the hash.
1534 HValue* hash = Add<HLoadNamedField>(key, nullptr,
1535 HObjectAccess::ForNameHashField());
1536 HValue* not_index_mask = Add<HConstant>(static_cast<int>(
1537 String::kContainsCachedArrayIndexMask));
1538
1539 HValue* not_index_test = AddUncasted<HBitwise>(
1540 Token::BIT_AND, hash, not_index_mask);
1541
1542 IfBuilder string_index_if(this);
1543 string_index_if.If<HCompareNumericAndBranch>(not_index_test,
1544 graph()->GetConstant0(),
1545 Token::EQ);
1546 string_index_if.Then();
1547 {
1548 // String with index in hash: extract string and merge to index path.
1549 Push(BuildDecodeField<String::ArrayIndexValueBits>(hash));
1550 }
1551 string_index_if.Else();
1552 {
1553 // Key is a non-index String, check for uniqueness/internalization.
1554 // If it's not internalized yet, internalize it now.
1555 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1556 Token::BIT_AND,
1557 instance_type,
1558 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1559
1560 IfBuilder internalized(this);
1561 internalized.If<HCompareNumericAndBranch>(not_internalized_bit,
1562 graph()->GetConstant0(),
1563 Token::EQ);
1564 internalized.Then();
1565 Push(key);
1566
1567 internalized.Else();
1568 Add<HPushArguments>(key);
1569 HValue* intern_key = Add<HCallRuntime>(
1570 Runtime::FunctionForId(Runtime::kInternalizeString), 1);
1571 Push(intern_key);
1572
1573 internalized.End();
1574 // Key guaranteed to be a unique string
1575 }
1576 string_index_if.JoinContinuation(join_continuation);
1577 }
1578 not_symbol_if.Else();
1579 {
1580 Push(key); // Key is symbol
1581 }
1582 not_symbol_if.JoinContinuation(join_continuation);
1583 }
1584 not_string_or_name_if.JoinContinuation(join_continuation);
1585 }
1586 key_smi_if.JoinContinuation(join_continuation);
1587 }
1588
1589
1590 void HGraphBuilder::BuildNonGlobalObjectCheck(HValue* receiver) {
1591 // Get the the instance type of the receiver, and make sure that it is
1592 // not one of the global object types.
1593 HValue* map =
1594 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1595 HValue* instance_type =
1596 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1597 STATIC_ASSERT(JS_BUILTINS_OBJECT_TYPE == JS_GLOBAL_OBJECT_TYPE + 1);
1598 HValue* min_global_type = Add<HConstant>(JS_GLOBAL_OBJECT_TYPE);
1599 HValue* max_global_type = Add<HConstant>(JS_BUILTINS_OBJECT_TYPE);
1600
1601 IfBuilder if_global_object(this);
1602 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1603 max_global_type,
1604 Token::LTE);
1605 if_global_object.And();
1606 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1607 min_global_type,
1608 Token::GTE);
1609 if_global_object.ThenDeopt(Deoptimizer::kReceiverWasAGlobalObject);
1610 if_global_object.End();
1611 }
1612
1613
1614 void HGraphBuilder::BuildTestForDictionaryProperties(
1615 HValue* object,
1616 HIfContinuation* continuation) {
1617 HValue* properties = Add<HLoadNamedField>(
1618 object, nullptr, HObjectAccess::ForPropertiesPointer());
1619 HValue* properties_map =
1620 Add<HLoadNamedField>(properties, nullptr, HObjectAccess::ForMap());
1621 HValue* hash_map = Add<HLoadRoot>(Heap::kHashTableMapRootIndex);
1622 IfBuilder builder(this);
1623 builder.If<HCompareObjectEqAndBranch>(properties_map, hash_map);
1624 builder.CaptureContinuation(continuation);
1625 }
1626
1627
1628 HValue* HGraphBuilder::BuildKeyedLookupCacheHash(HValue* object,
1629 HValue* key) {
1630 // Load the map of the receiver, compute the keyed lookup cache hash
1631 // based on 32 bits of the map pointer and the string hash.
1632 HValue* object_map =
1633 Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMapAsInteger32());
1634 HValue* shifted_map = AddUncasted<HShr>(
1635 object_map, Add<HConstant>(KeyedLookupCache::kMapHashShift));
1636 HValue* string_hash =
1637 Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForStringHashField());
1638 HValue* shifted_hash = AddUncasted<HShr>(
1639 string_hash, Add<HConstant>(String::kHashShift));
1640 HValue* xor_result = AddUncasted<HBitwise>(Token::BIT_XOR, shifted_map,
1641 shifted_hash);
1642 int mask = (KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask);
1643 return AddUncasted<HBitwise>(Token::BIT_AND, xor_result,
1644 Add<HConstant>(mask));
1645 }
1646
1647
1648 HValue* HGraphBuilder::BuildElementIndexHash(HValue* index) {
1649 int32_t seed_value = static_cast<uint32_t>(isolate()->heap()->HashSeed());
1650 HValue* seed = Add<HConstant>(seed_value);
1651 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, index, seed);
1652
1653 // hash = ~hash + (hash << 15);
1654 HValue* shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(15));
1655 HValue* not_hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash,
1656 graph()->GetConstantMinus1());
1657 hash = AddUncasted<HAdd>(shifted_hash, not_hash);
1658
1659 // hash = hash ^ (hash >> 12);
1660 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(12));
1661 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1662
1663 // hash = hash + (hash << 2);
1664 shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(2));
1665 hash = AddUncasted<HAdd>(hash, shifted_hash);
1666
1667 // hash = hash ^ (hash >> 4);
1668 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(4));
1669 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1670
1671 // hash = hash * 2057;
1672 hash = AddUncasted<HMul>(hash, Add<HConstant>(2057));
1673 hash->ClearFlag(HValue::kCanOverflow);
1674
1675 // hash = hash ^ (hash >> 16);
1676 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(16));
1677 return AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1678 }
1679
1680
1681 HValue* HGraphBuilder::BuildUncheckedDictionaryElementLoad(
1682 HValue* receiver, HValue* elements, HValue* key, HValue* hash,
1683 LanguageMode language_mode) {
1684 HValue* capacity =
1685 Add<HLoadKeyed>(elements, Add<HConstant>(NameDictionary::kCapacityIndex),
1686 nullptr, FAST_ELEMENTS);
1687
1688 HValue* mask = AddUncasted<HSub>(capacity, graph()->GetConstant1());
1689 mask->ChangeRepresentation(Representation::Integer32());
1690 mask->ClearFlag(HValue::kCanOverflow);
1691
1692 HValue* entry = hash;
1693 HValue* count = graph()->GetConstant1();
1694 Push(entry);
1695 Push(count);
1696
1697 HIfContinuation return_or_loop_continuation(graph()->CreateBasicBlock(),
1698 graph()->CreateBasicBlock());
1699 HIfContinuation found_key_match_continuation(graph()->CreateBasicBlock(),
1700 graph()->CreateBasicBlock());
1701 LoopBuilder probe_loop(this);
1702 probe_loop.BeginBody(2); // Drop entry, count from last environment to
1703 // appease live range building without simulates.
1704
1705 count = Pop();
1706 entry = Pop();
1707 entry = AddUncasted<HBitwise>(Token::BIT_AND, entry, mask);
1708 int entry_size = SeededNumberDictionary::kEntrySize;
1709 HValue* base_index = AddUncasted<HMul>(entry, Add<HConstant>(entry_size));
1710 base_index->ClearFlag(HValue::kCanOverflow);
1711 int start_offset = SeededNumberDictionary::kElementsStartIndex;
1712 HValue* key_index =
1713 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset));
1714 key_index->ClearFlag(HValue::kCanOverflow);
1715
1716 HValue* candidate_key =
1717 Add<HLoadKeyed>(elements, key_index, nullptr, FAST_ELEMENTS);
1718 IfBuilder if_undefined(this);
1719 if_undefined.If<HCompareObjectEqAndBranch>(candidate_key,
1720 graph()->GetConstantUndefined());
1721 if_undefined.Then();
1722 {
1723 // element == undefined means "not found". Call the runtime.
1724 // TODO(jkummerow): walk the prototype chain instead.
1725 Add<HPushArguments>(receiver, key);
1726 Push(Add<HCallRuntime>(
1727 Runtime::FunctionForId(is_strong(language_mode)
1728 ? Runtime::kKeyedGetPropertyStrong
1729 : Runtime::kKeyedGetProperty),
1730 2));
1731 }
1732 if_undefined.Else();
1733 {
1734 IfBuilder if_match(this);
1735 if_match.If<HCompareObjectEqAndBranch>(candidate_key, key);
1736 if_match.Then();
1737 if_match.Else();
1738
1739 // Update non-internalized string in the dictionary with internalized key?
1740 IfBuilder if_update_with_internalized(this);
1741 HValue* smi_check =
1742 if_update_with_internalized.IfNot<HIsSmiAndBranch>(candidate_key);
1743 if_update_with_internalized.And();
1744 HValue* map = AddLoadMap(candidate_key, smi_check);
1745 HValue* instance_type =
1746 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1747 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1748 Token::BIT_AND, instance_type,
1749 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1750 if_update_with_internalized.If<HCompareNumericAndBranch>(
1751 not_internalized_bit, graph()->GetConstant0(), Token::NE);
1752 if_update_with_internalized.And();
1753 if_update_with_internalized.IfNot<HCompareObjectEqAndBranch>(
1754 candidate_key, graph()->GetConstantHole());
1755 if_update_with_internalized.AndIf<HStringCompareAndBranch>(candidate_key,
1756 key, Token::EQ);
1757 if_update_with_internalized.Then();
1758 // Replace a key that is a non-internalized string by the equivalent
1759 // internalized string for faster further lookups.
1760 Add<HStoreKeyed>(elements, key_index, key, FAST_ELEMENTS);
1761 if_update_with_internalized.Else();
1762
1763 if_update_with_internalized.JoinContinuation(&found_key_match_continuation);
1764 if_match.JoinContinuation(&found_key_match_continuation);
1765
1766 IfBuilder found_key_match(this, &found_key_match_continuation);
1767 found_key_match.Then();
1768 // Key at current probe matches. Relevant bits in the |details| field must
1769 // be zero, otherwise the dictionary element requires special handling.
1770 HValue* details_index =
1771 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 2));
1772 details_index->ClearFlag(HValue::kCanOverflow);
1773 HValue* details =
1774 Add<HLoadKeyed>(elements, details_index, nullptr, FAST_ELEMENTS);
1775 int details_mask = PropertyDetails::TypeField::kMask;
1776 details = AddUncasted<HBitwise>(Token::BIT_AND, details,
1777 Add<HConstant>(details_mask));
1778 IfBuilder details_compare(this);
1779 details_compare.If<HCompareNumericAndBranch>(
1780 details, graph()->GetConstant0(), Token::EQ);
1781 details_compare.Then();
1782 HValue* result_index =
1783 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 1));
1784 result_index->ClearFlag(HValue::kCanOverflow);
1785 Push(Add<HLoadKeyed>(elements, result_index, nullptr, FAST_ELEMENTS));
1786 details_compare.Else();
1787 Add<HPushArguments>(receiver, key);
1788 Push(Add<HCallRuntime>(
1789 Runtime::FunctionForId(is_strong(language_mode)
1790 ? Runtime::kKeyedGetPropertyStrong
1791 : Runtime::kKeyedGetProperty),
1792 2));
1793 details_compare.End();
1794
1795 found_key_match.Else();
1796 found_key_match.JoinContinuation(&return_or_loop_continuation);
1797 }
1798 if_undefined.JoinContinuation(&return_or_loop_continuation);
1799
1800 IfBuilder return_or_loop(this, &return_or_loop_continuation);
1801 return_or_loop.Then();
1802 probe_loop.Break();
1803
1804 return_or_loop.Else();
1805 entry = AddUncasted<HAdd>(entry, count);
1806 entry->ClearFlag(HValue::kCanOverflow);
1807 count = AddUncasted<HAdd>(count, graph()->GetConstant1());
1808 count->ClearFlag(HValue::kCanOverflow);
1809 Push(entry);
1810 Push(count);
1811
1812 probe_loop.EndBody();
1813
1814 return_or_loop.End();
1815
1816 return Pop();
1817 }
1818
1819
1820 HValue* HGraphBuilder::BuildCreateIterResultObject(HValue* value,
1821 HValue* done) {
1822 NoObservableSideEffectsScope scope(this);
1823
1824 // Allocate the JSIteratorResult object.
1825 HValue* result =
1826 Add<HAllocate>(Add<HConstant>(JSIteratorResult::kSize), HType::JSObject(),
1827 NOT_TENURED, JS_ITERATOR_RESULT_TYPE);
1828
1829 // Initialize the JSIteratorResult object.
1830 HValue* native_context = BuildGetNativeContext();
1831 HValue* map = Add<HLoadNamedField>(
1832 native_context, nullptr,
1833 HObjectAccess::ForContextSlot(Context::ITERATOR_RESULT_MAP_INDEX));
1834 Add<HStoreNamedField>(result, HObjectAccess::ForMap(), map);
1835 HValue* empty_fixed_array = Add<HLoadRoot>(Heap::kEmptyFixedArrayRootIndex);
1836 Add<HStoreNamedField>(result, HObjectAccess::ForPropertiesPointer(),
1837 empty_fixed_array);
1838 Add<HStoreNamedField>(result, HObjectAccess::ForElementsPointer(),
1839 empty_fixed_array);
1840 Add<HStoreNamedField>(result, HObjectAccess::ForObservableJSObjectOffset(
1841 JSIteratorResult::kValueOffset),
1842 value);
1843 Add<HStoreNamedField>(result, HObjectAccess::ForObservableJSObjectOffset(
1844 JSIteratorResult::kDoneOffset),
1845 done);
1846 STATIC_ASSERT(JSIteratorResult::kSize == 5 * kPointerSize);
1847 return result;
1848 }
1849
1850
1851 HValue* HGraphBuilder::BuildRegExpConstructResult(HValue* length,
1852 HValue* index,
1853 HValue* input) {
1854 NoObservableSideEffectsScope scope(this);
1855 HConstant* max_length = Add<HConstant>(JSArray::kInitialMaxFastElementArray);
1856 Add<HBoundsCheck>(length, max_length);
1857
1858 // Generate size calculation code here in order to make it dominate
1859 // the JSRegExpResult allocation.
1860 ElementsKind elements_kind = FAST_ELEMENTS;
1861 HValue* size = BuildCalculateElementsSize(elements_kind, length);
1862
1863 // Allocate the JSRegExpResult and the FixedArray in one step.
1864 HValue* result = Add<HAllocate>(
1865 Add<HConstant>(JSRegExpResult::kSize), HType::JSArray(),
1866 NOT_TENURED, JS_ARRAY_TYPE);
1867
1868 // Initialize the JSRegExpResult header.
1869 HValue* global_object = Add<HLoadNamedField>(
1870 context(), nullptr,
1871 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
1872 HValue* native_context = Add<HLoadNamedField>(
1873 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
1874 Add<HStoreNamedField>(
1875 result, HObjectAccess::ForMap(),
1876 Add<HLoadNamedField>(
1877 native_context, nullptr,
1878 HObjectAccess::ForContextSlot(Context::REGEXP_RESULT_MAP_INDEX)));
1879 HConstant* empty_fixed_array =
1880 Add<HConstant>(isolate()->factory()->empty_fixed_array());
1881 Add<HStoreNamedField>(
1882 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
1883 empty_fixed_array);
1884 Add<HStoreNamedField>(
1885 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1886 empty_fixed_array);
1887 Add<HStoreNamedField>(
1888 result, HObjectAccess::ForJSArrayOffset(JSArray::kLengthOffset), length);
1889
1890 // Initialize the additional fields.
1891 Add<HStoreNamedField>(
1892 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kIndexOffset),
1893 index);
1894 Add<HStoreNamedField>(
1895 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kInputOffset),
1896 input);
1897
1898 // Allocate and initialize the elements header.
1899 HAllocate* elements = BuildAllocateElements(elements_kind, size);
1900 BuildInitializeElementsHeader(elements, elements_kind, length);
1901
1902 if (!elements->has_size_upper_bound()) {
1903 HConstant* size_in_bytes_upper_bound = EstablishElementsAllocationSize(
1904 elements_kind, max_length->Integer32Value());
1905 elements->set_size_upper_bound(size_in_bytes_upper_bound);
1906 }
1907
1908 Add<HStoreNamedField>(
1909 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1910 elements);
1911
1912 // Initialize the elements contents with undefined.
1913 BuildFillElementsWithValue(
1914 elements, elements_kind, graph()->GetConstant0(), length,
1915 graph()->GetConstantUndefined());
1916
1917 return result;
1918 }
1919
1920
1921 HValue* HGraphBuilder::BuildNumberToString(HValue* object, Type* type) {
1922 NoObservableSideEffectsScope scope(this);
1923
1924 // Convert constant numbers at compile time.
1925 if (object->IsConstant() && HConstant::cast(object)->HasNumberValue()) {
1926 Handle<Object> number = HConstant::cast(object)->handle(isolate());
1927 Handle<String> result = isolate()->factory()->NumberToString(number);
1928 return Add<HConstant>(result);
1929 }
1930
1931 // Create a joinable continuation.
1932 HIfContinuation found(graph()->CreateBasicBlock(),
1933 graph()->CreateBasicBlock());
1934
1935 // Load the number string cache.
1936 HValue* number_string_cache =
1937 Add<HLoadRoot>(Heap::kNumberStringCacheRootIndex);
1938
1939 // Make the hash mask from the length of the number string cache. It
1940 // contains two elements (number and string) for each cache entry.
1941 HValue* mask = AddLoadFixedArrayLength(number_string_cache);
1942 mask->set_type(HType::Smi());
1943 mask = AddUncasted<HSar>(mask, graph()->GetConstant1());
1944 mask = AddUncasted<HSub>(mask, graph()->GetConstant1());
1945
1946 // Check whether object is a smi.
1947 IfBuilder if_objectissmi(this);
1948 if_objectissmi.If<HIsSmiAndBranch>(object);
1949 if_objectissmi.Then();
1950 {
1951 // Compute hash for smi similar to smi_get_hash().
1952 HValue* hash = AddUncasted<HBitwise>(Token::BIT_AND, object, mask);
1953
1954 // Load the key.
1955 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1956 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1957 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1958
1959 // Check if object == key.
1960 IfBuilder if_objectiskey(this);
1961 if_objectiskey.If<HCompareObjectEqAndBranch>(object, key);
1962 if_objectiskey.Then();
1963 {
1964 // Make the key_index available.
1965 Push(key_index);
1966 }
1967 if_objectiskey.JoinContinuation(&found);
1968 }
1969 if_objectissmi.Else();
1970 {
1971 if (type->Is(Type::SignedSmall())) {
1972 if_objectissmi.Deopt(Deoptimizer::kExpectedSmi);
1973 } else {
1974 // Check if the object is a heap number.
1975 IfBuilder if_objectisnumber(this);
1976 HValue* objectisnumber = if_objectisnumber.If<HCompareMap>(
1977 object, isolate()->factory()->heap_number_map());
1978 if_objectisnumber.Then();
1979 {
1980 // Compute hash for heap number similar to double_get_hash().
1981 HValue* low = Add<HLoadNamedField>(
1982 object, objectisnumber,
1983 HObjectAccess::ForHeapNumberValueLowestBits());
1984 HValue* high = Add<HLoadNamedField>(
1985 object, objectisnumber,
1986 HObjectAccess::ForHeapNumberValueHighestBits());
1987 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, low, high);
1988 hash = AddUncasted<HBitwise>(Token::BIT_AND, hash, mask);
1989
1990 // Load the key.
1991 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1992 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1993 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1994
1995 // Check if the key is a heap number and compare it with the object.
1996 IfBuilder if_keyisnotsmi(this);
1997 HValue* keyisnotsmi = if_keyisnotsmi.IfNot<HIsSmiAndBranch>(key);
1998 if_keyisnotsmi.Then();
1999 {
2000 IfBuilder if_keyisheapnumber(this);
2001 if_keyisheapnumber.If<HCompareMap>(
2002 key, isolate()->factory()->heap_number_map());
2003 if_keyisheapnumber.Then();
2004 {
2005 // Check if values of key and object match.
2006 IfBuilder if_keyeqobject(this);
2007 if_keyeqobject.If<HCompareNumericAndBranch>(
2008 Add<HLoadNamedField>(key, keyisnotsmi,
2009 HObjectAccess::ForHeapNumberValue()),
2010 Add<HLoadNamedField>(object, objectisnumber,
2011 HObjectAccess::ForHeapNumberValue()),
2012 Token::EQ);
2013 if_keyeqobject.Then();
2014 {
2015 // Make the key_index available.
2016 Push(key_index);
2017 }
2018 if_keyeqobject.JoinContinuation(&found);
2019 }
2020 if_keyisheapnumber.JoinContinuation(&found);
2021 }
2022 if_keyisnotsmi.JoinContinuation(&found);
2023 }
2024 if_objectisnumber.Else();
2025 {
2026 if (type->Is(Type::Number())) {
2027 if_objectisnumber.Deopt(Deoptimizer::kExpectedHeapNumber);
2028 }
2029 }
2030 if_objectisnumber.JoinContinuation(&found);
2031 }
2032 }
2033 if_objectissmi.JoinContinuation(&found);
2034
2035 // Check for cache hit.
2036 IfBuilder if_found(this, &found);
2037 if_found.Then();
2038 {
2039 // Count number to string operation in native code.
2040 AddIncrementCounter(isolate()->counters()->number_to_string_native());
2041
2042 // Load the value in case of cache hit.
2043 HValue* key_index = Pop();
2044 HValue* value_index = AddUncasted<HAdd>(key_index, graph()->GetConstant1());
2045 Push(Add<HLoadKeyed>(number_string_cache, value_index, nullptr,
2046 FAST_ELEMENTS, ALLOW_RETURN_HOLE));
2047 }
2048 if_found.Else();
2049 {
2050 // Cache miss, fallback to runtime.
2051 Add<HPushArguments>(object);
2052 Push(Add<HCallRuntime>(
2053 Runtime::FunctionForId(Runtime::kNumberToStringSkipCache),
2054 1));
2055 }
2056 if_found.End();
2057
2058 return Pop();
2059 }
2060
2061
2062 HValue* HGraphBuilder::BuildToObject(HValue* receiver) {
2063 NoObservableSideEffectsScope scope(this);
2064
2065 // Create a joinable continuation.
2066 HIfContinuation wrap(graph()->CreateBasicBlock(),
2067 graph()->CreateBasicBlock());
2068
2069 // Determine the proper global constructor function required to wrap
2070 // {receiver} into a JSValue, unless {receiver} is already a {JSReceiver}, in
2071 // which case we just return it. Deopts to Runtime::kToObject if {receiver}
2072 // is undefined or null.
2073 IfBuilder receiver_is_smi(this);
2074 receiver_is_smi.If<HIsSmiAndBranch>(receiver);
2075 receiver_is_smi.Then();
2076 {
2077 // Use global Number function.
2078 Push(Add<HConstant>(Context::NUMBER_FUNCTION_INDEX));
2079 }
2080 receiver_is_smi.Else();
2081 {
2082 // Determine {receiver} map and instance type.
2083 HValue* receiver_map =
2084 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
2085 HValue* receiver_instance_type = Add<HLoadNamedField>(
2086 receiver_map, nullptr, HObjectAccess::ForMapInstanceType());
2087
2088 // First check whether {receiver} is already a spec object (fast case).
2089 IfBuilder receiver_is_not_spec_object(this);
2090 receiver_is_not_spec_object.If<HCompareNumericAndBranch>(
2091 receiver_instance_type, Add<HConstant>(FIRST_SPEC_OBJECT_TYPE),
2092 Token::LT);
2093 receiver_is_not_spec_object.Then();
2094 {
2095 // Load the constructor function index from the {receiver} map.
2096 HValue* constructor_function_index = Add<HLoadNamedField>(
2097 receiver_map, nullptr,
2098 HObjectAccess::ForMapInObjectPropertiesOrConstructorFunctionIndex());
2099
2100 // Check if {receiver} has a constructor (null and undefined have no
2101 // constructors, so we deoptimize to the runtime to throw an exception).
2102 IfBuilder constructor_function_index_is_invalid(this);
2103 constructor_function_index_is_invalid.If<HCompareNumericAndBranch>(
2104 constructor_function_index,
2105 Add<HConstant>(Map::kNoConstructorFunctionIndex), Token::EQ);
2106 constructor_function_index_is_invalid.ThenDeopt(
2107 Deoptimizer::kUndefinedOrNullInToObject);
2108 constructor_function_index_is_invalid.End();
2109
2110 // Use the global constructor function.
2111 Push(constructor_function_index);
2112 }
2113 receiver_is_not_spec_object.JoinContinuation(&wrap);
2114 }
2115 receiver_is_smi.JoinContinuation(&wrap);
2116
2117 // Wrap the receiver if necessary.
2118 IfBuilder if_wrap(this, &wrap);
2119 if_wrap.Then();
2120 {
2121 // Grab the constructor function index.
2122 HValue* constructor_index = Pop();
2123
2124 // Load native context.
2125 HValue* native_context = BuildGetNativeContext();
2126
2127 // Determine the initial map for the global constructor.
2128 HValue* constructor = Add<HLoadKeyed>(native_context, constructor_index,
2129 nullptr, FAST_ELEMENTS);
2130 HValue* constructor_initial_map = Add<HLoadNamedField>(
2131 constructor, nullptr, HObjectAccess::ForPrototypeOrInitialMap());
2132 // Allocate and initialize a JSValue wrapper.
2133 HValue* value =
2134 BuildAllocate(Add<HConstant>(JSValue::kSize), HType::JSObject(),
2135 JS_VALUE_TYPE, HAllocationMode());
2136 Add<HStoreNamedField>(value, HObjectAccess::ForMap(),
2137 constructor_initial_map);
2138 HValue* empty_fixed_array = Add<HLoadRoot>(Heap::kEmptyFixedArrayRootIndex);
2139 Add<HStoreNamedField>(value, HObjectAccess::ForPropertiesPointer(),
2140 empty_fixed_array);
2141 Add<HStoreNamedField>(value, HObjectAccess::ForElementsPointer(),
2142 empty_fixed_array);
2143 Add<HStoreNamedField>(value, HObjectAccess::ForObservableJSObjectOffset(
2144 JSValue::kValueOffset),
2145 receiver);
2146 Push(value);
2147 }
2148 if_wrap.Else();
2149 { Push(receiver); }
2150 if_wrap.End();
2151 return Pop();
2152 }
2153
2154
2155 HAllocate* HGraphBuilder::BuildAllocate(
2156 HValue* object_size,
2157 HType type,
2158 InstanceType instance_type,
2159 HAllocationMode allocation_mode) {
2160 // Compute the effective allocation size.
2161 HValue* size = object_size;
2162 if (allocation_mode.CreateAllocationMementos()) {
2163 size = AddUncasted<HAdd>(size, Add<HConstant>(AllocationMemento::kSize));
2164 size->ClearFlag(HValue::kCanOverflow);
2165 }
2166
2167 // Perform the actual allocation.
2168 HAllocate* object = Add<HAllocate>(
2169 size, type, allocation_mode.GetPretenureMode(),
2170 instance_type, allocation_mode.feedback_site());
2171
2172 // Setup the allocation memento.
2173 if (allocation_mode.CreateAllocationMementos()) {
2174 BuildCreateAllocationMemento(
2175 object, object_size, allocation_mode.current_site());
2176 }
2177
2178 return object;
2179 }
2180
2181
2182 HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
2183 HValue* right_length) {
2184 // Compute the combined string length and check against max string length.
2185 HValue* length = AddUncasted<HAdd>(left_length, right_length);
2186 // Check that length <= kMaxLength <=> length < MaxLength + 1.
2187 HValue* max_length = Add<HConstant>(String::kMaxLength + 1);
2188 Add<HBoundsCheck>(length, max_length);
2189 return length;
2190 }
2191
2192
2193 HValue* HGraphBuilder::BuildCreateConsString(
2194 HValue* length,
2195 HValue* left,
2196 HValue* right,
2197 HAllocationMode allocation_mode) {
2198 // Determine the string instance types.
2199 HInstruction* left_instance_type = AddLoadStringInstanceType(left);
2200 HInstruction* right_instance_type = AddLoadStringInstanceType(right);
2201
2202 // Allocate the cons string object. HAllocate does not care whether we
2203 // pass CONS_STRING_TYPE or CONS_ONE_BYTE_STRING_TYPE here, so we just use
2204 // CONS_STRING_TYPE here. Below we decide whether the cons string is
2205 // one-byte or two-byte and set the appropriate map.
2206 DCHECK(HAllocate::CompatibleInstanceTypes(CONS_STRING_TYPE,
2207 CONS_ONE_BYTE_STRING_TYPE));
2208 HAllocate* result = BuildAllocate(Add<HConstant>(ConsString::kSize),
2209 HType::String(), CONS_STRING_TYPE,
2210 allocation_mode);
2211
2212 // Compute intersection and difference of instance types.
2213 HValue* anded_instance_types = AddUncasted<HBitwise>(
2214 Token::BIT_AND, left_instance_type, right_instance_type);
2215 HValue* xored_instance_types = AddUncasted<HBitwise>(
2216 Token::BIT_XOR, left_instance_type, right_instance_type);
2217
2218 // We create a one-byte cons string if
2219 // 1. both strings are one-byte, or
2220 // 2. at least one of the strings is two-byte, but happens to contain only
2221 // one-byte characters.
2222 // To do this, we check
2223 // 1. if both strings are one-byte, or if the one-byte data hint is set in
2224 // both strings, or
2225 // 2. if one of the strings has the one-byte data hint set and the other
2226 // string is one-byte.
2227 IfBuilder if_onebyte(this);
2228 STATIC_ASSERT(kOneByteStringTag != 0);
2229 STATIC_ASSERT(kOneByteDataHintMask != 0);
2230 if_onebyte.If<HCompareNumericAndBranch>(
2231 AddUncasted<HBitwise>(
2232 Token::BIT_AND, anded_instance_types,
2233 Add<HConstant>(static_cast<int32_t>(
2234 kStringEncodingMask | kOneByteDataHintMask))),
2235 graph()->GetConstant0(), Token::NE);
2236 if_onebyte.Or();
2237 STATIC_ASSERT(kOneByteStringTag != 0 &&
2238 kOneByteDataHintTag != 0 &&
2239 kOneByteDataHintTag != kOneByteStringTag);
2240 if_onebyte.If<HCompareNumericAndBranch>(
2241 AddUncasted<HBitwise>(
2242 Token::BIT_AND, xored_instance_types,
2243 Add<HConstant>(static_cast<int32_t>(
2244 kOneByteStringTag | kOneByteDataHintTag))),
2245 Add<HConstant>(static_cast<int32_t>(
2246 kOneByteStringTag | kOneByteDataHintTag)), Token::EQ);
2247 if_onebyte.Then();
2248 {
2249 // We can safely skip the write barrier for storing the map here.
2250 Add<HStoreNamedField>(
2251 result, HObjectAccess::ForMap(),
2252 Add<HConstant>(isolate()->factory()->cons_one_byte_string_map()));
2253 }
2254 if_onebyte.Else();
2255 {
2256 // We can safely skip the write barrier for storing the map here.
2257 Add<HStoreNamedField>(
2258 result, HObjectAccess::ForMap(),
2259 Add<HConstant>(isolate()->factory()->cons_string_map()));
2260 }
2261 if_onebyte.End();
2262
2263 // Initialize the cons string fields.
2264 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2265 Add<HConstant>(String::kEmptyHashField));
2266 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2267 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringFirst(), left);
2268 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringSecond(), right);
2269
2270 // Count the native string addition.
2271 AddIncrementCounter(isolate()->counters()->string_add_native());
2272
2273 return result;
2274 }
2275
2276
2277 void HGraphBuilder::BuildCopySeqStringChars(HValue* src,
2278 HValue* src_offset,
2279 String::Encoding src_encoding,
2280 HValue* dst,
2281 HValue* dst_offset,
2282 String::Encoding dst_encoding,
2283 HValue* length) {
2284 DCHECK(dst_encoding != String::ONE_BYTE_ENCODING ||
2285 src_encoding == String::ONE_BYTE_ENCODING);
2286 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
2287 HValue* index = loop.BeginBody(graph()->GetConstant0(), length, Token::LT);
2288 {
2289 HValue* src_index = AddUncasted<HAdd>(src_offset, index);
2290 HValue* value =
2291 AddUncasted<HSeqStringGetChar>(src_encoding, src, src_index);
2292 HValue* dst_index = AddUncasted<HAdd>(dst_offset, index);
2293 Add<HSeqStringSetChar>(dst_encoding, dst, dst_index, value);
2294 }
2295 loop.EndBody();
2296 }
2297
2298
2299 HValue* HGraphBuilder::BuildObjectSizeAlignment(
2300 HValue* unaligned_size, int header_size) {
2301 DCHECK((header_size & kObjectAlignmentMask) == 0);
2302 HValue* size = AddUncasted<HAdd>(
2303 unaligned_size, Add<HConstant>(static_cast<int32_t>(
2304 header_size + kObjectAlignmentMask)));
2305 size->ClearFlag(HValue::kCanOverflow);
2306 return AddUncasted<HBitwise>(
2307 Token::BIT_AND, size, Add<HConstant>(static_cast<int32_t>(
2308 ~kObjectAlignmentMask)));
2309 }
2310
2311
2312 HValue* HGraphBuilder::BuildUncheckedStringAdd(
2313 HValue* left,
2314 HValue* right,
2315 HAllocationMode allocation_mode) {
2316 // Determine the string lengths.
2317 HValue* left_length = AddLoadStringLength(left);
2318 HValue* right_length = AddLoadStringLength(right);
2319
2320 // Compute the combined string length.
2321 HValue* length = BuildAddStringLengths(left_length, right_length);
2322
2323 // Do some manual constant folding here.
2324 if (left_length->IsConstant()) {
2325 HConstant* c_left_length = HConstant::cast(left_length);
2326 DCHECK_NE(0, c_left_length->Integer32Value());
2327 if (c_left_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2328 // The right string contains at least one character.
2329 return BuildCreateConsString(length, left, right, allocation_mode);
2330 }
2331 } else if (right_length->IsConstant()) {
2332 HConstant* c_right_length = HConstant::cast(right_length);
2333 DCHECK_NE(0, c_right_length->Integer32Value());
2334 if (c_right_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2335 // The left string contains at least one character.
2336 return BuildCreateConsString(length, left, right, allocation_mode);
2337 }
2338 }
2339
2340 // Check if we should create a cons string.
2341 IfBuilder if_createcons(this);
2342 if_createcons.If<HCompareNumericAndBranch>(
2343 length, Add<HConstant>(ConsString::kMinLength), Token::GTE);
2344 if_createcons.Then();
2345 {
2346 // Create a cons string.
2347 Push(BuildCreateConsString(length, left, right, allocation_mode));
2348 }
2349 if_createcons.Else();
2350 {
2351 // Determine the string instance types.
2352 HValue* left_instance_type = AddLoadStringInstanceType(left);
2353 HValue* right_instance_type = AddLoadStringInstanceType(right);
2354
2355 // Compute union and difference of instance types.
2356 HValue* ored_instance_types = AddUncasted<HBitwise>(
2357 Token::BIT_OR, left_instance_type, right_instance_type);
2358 HValue* xored_instance_types = AddUncasted<HBitwise>(
2359 Token::BIT_XOR, left_instance_type, right_instance_type);
2360
2361 // Check if both strings have the same encoding and both are
2362 // sequential.
2363 IfBuilder if_sameencodingandsequential(this);
2364 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2365 AddUncasted<HBitwise>(
2366 Token::BIT_AND, xored_instance_types,
2367 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2368 graph()->GetConstant0(), Token::EQ);
2369 if_sameencodingandsequential.And();
2370 STATIC_ASSERT(kSeqStringTag == 0);
2371 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2372 AddUncasted<HBitwise>(
2373 Token::BIT_AND, ored_instance_types,
2374 Add<HConstant>(static_cast<int32_t>(kStringRepresentationMask))),
2375 graph()->GetConstant0(), Token::EQ);
2376 if_sameencodingandsequential.Then();
2377 {
2378 HConstant* string_map =
2379 Add<HConstant>(isolate()->factory()->string_map());
2380 HConstant* one_byte_string_map =
2381 Add<HConstant>(isolate()->factory()->one_byte_string_map());
2382
2383 // Determine map and size depending on whether result is one-byte string.
2384 IfBuilder if_onebyte(this);
2385 STATIC_ASSERT(kOneByteStringTag != 0);
2386 if_onebyte.If<HCompareNumericAndBranch>(
2387 AddUncasted<HBitwise>(
2388 Token::BIT_AND, ored_instance_types,
2389 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2390 graph()->GetConstant0(), Token::NE);
2391 if_onebyte.Then();
2392 {
2393 // Allocate sequential one-byte string object.
2394 Push(length);
2395 Push(one_byte_string_map);
2396 }
2397 if_onebyte.Else();
2398 {
2399 // Allocate sequential two-byte string object.
2400 HValue* size = AddUncasted<HShl>(length, graph()->GetConstant1());
2401 size->ClearFlag(HValue::kCanOverflow);
2402 size->SetFlag(HValue::kUint32);
2403 Push(size);
2404 Push(string_map);
2405 }
2406 if_onebyte.End();
2407 HValue* map = Pop();
2408
2409 // Calculate the number of bytes needed for the characters in the
2410 // string while observing object alignment.
2411 STATIC_ASSERT((SeqString::kHeaderSize & kObjectAlignmentMask) == 0);
2412 HValue* size = BuildObjectSizeAlignment(Pop(), SeqString::kHeaderSize);
2413
2414 IfBuilder if_size(this);
2415 if_size.If<HCompareNumericAndBranch>(
2416 size, Add<HConstant>(Page::kMaxRegularHeapObjectSize), Token::LT);
2417 if_size.Then();
2418 {
2419 // Allocate the string object. HAllocate does not care whether we pass
2420 // STRING_TYPE or ONE_BYTE_STRING_TYPE here, so we just use STRING_TYPE.
2421 HAllocate* result =
2422 BuildAllocate(size, HType::String(), STRING_TYPE, allocation_mode);
2423 Add<HStoreNamedField>(result, HObjectAccess::ForMap(), map);
2424
2425 // Initialize the string fields.
2426 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2427 Add<HConstant>(String::kEmptyHashField));
2428 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2429
2430 // Copy characters to the result string.
2431 IfBuilder if_twobyte(this);
2432 if_twobyte.If<HCompareObjectEqAndBranch>(map, string_map);
2433 if_twobyte.Then();
2434 {
2435 // Copy characters from the left string.
2436 BuildCopySeqStringChars(
2437 left, graph()->GetConstant0(), String::TWO_BYTE_ENCODING, result,
2438 graph()->GetConstant0(), String::TWO_BYTE_ENCODING, left_length);
2439
2440 // Copy characters from the right string.
2441 BuildCopySeqStringChars(
2442 right, graph()->GetConstant0(), String::TWO_BYTE_ENCODING, result,
2443 left_length, String::TWO_BYTE_ENCODING, right_length);
2444 }
2445 if_twobyte.Else();
2446 {
2447 // Copy characters from the left string.
2448 BuildCopySeqStringChars(
2449 left, graph()->GetConstant0(), String::ONE_BYTE_ENCODING, result,
2450 graph()->GetConstant0(), String::ONE_BYTE_ENCODING, left_length);
2451
2452 // Copy characters from the right string.
2453 BuildCopySeqStringChars(
2454 right, graph()->GetConstant0(), String::ONE_BYTE_ENCODING, result,
2455 left_length, String::ONE_BYTE_ENCODING, right_length);
2456 }
2457 if_twobyte.End();
2458
2459 // Count the native string addition.
2460 AddIncrementCounter(isolate()->counters()->string_add_native());
2461
2462 // Return the sequential string.
2463 Push(result);
2464 }
2465 if_size.Else();
2466 {
2467 // Fallback to the runtime to add the two strings. The string has to be
2468 // allocated in LO space.
2469 Add<HPushArguments>(left, right);
2470 Push(Add<HCallRuntime>(Runtime::FunctionForId(Runtime::kStringAdd), 2));
2471 }
2472 if_size.End();
2473 }
2474 if_sameencodingandsequential.Else();
2475 {
2476 // Fallback to the runtime to add the two strings.
2477 Add<HPushArguments>(left, right);
2478 Push(Add<HCallRuntime>(Runtime::FunctionForId(Runtime::kStringAdd), 2));
2479 }
2480 if_sameencodingandsequential.End();
2481 }
2482 if_createcons.End();
2483
2484 return Pop();
2485 }
2486
2487
2488 HValue* HGraphBuilder::BuildStringAdd(
2489 HValue* left,
2490 HValue* right,
2491 HAllocationMode allocation_mode) {
2492 NoObservableSideEffectsScope no_effects(this);
2493
2494 // Determine string lengths.
2495 HValue* left_length = AddLoadStringLength(left);
2496 HValue* right_length = AddLoadStringLength(right);
2497
2498 // Check if left string is empty.
2499 IfBuilder if_leftempty(this);
2500 if_leftempty.If<HCompareNumericAndBranch>(
2501 left_length, graph()->GetConstant0(), Token::EQ);
2502 if_leftempty.Then();
2503 {
2504 // Count the native string addition.
2505 AddIncrementCounter(isolate()->counters()->string_add_native());
2506
2507 // Just return the right string.
2508 Push(right);
2509 }
2510 if_leftempty.Else();
2511 {
2512 // Check if right string is empty.
2513 IfBuilder if_rightempty(this);
2514 if_rightempty.If<HCompareNumericAndBranch>(
2515 right_length, graph()->GetConstant0(), Token::EQ);
2516 if_rightempty.Then();
2517 {
2518 // Count the native string addition.
2519 AddIncrementCounter(isolate()->counters()->string_add_native());
2520
2521 // Just return the left string.
2522 Push(left);
2523 }
2524 if_rightempty.Else();
2525 {
2526 // Add the two non-empty strings.
2527 Push(BuildUncheckedStringAdd(left, right, allocation_mode));
2528 }
2529 if_rightempty.End();
2530 }
2531 if_leftempty.End();
2532
2533 return Pop();
2534 }
2535
2536
2537 HInstruction* HGraphBuilder::BuildUncheckedMonomorphicElementAccess(
2538 HValue* checked_object,
2539 HValue* key,
2540 HValue* val,
2541 bool is_js_array,
2542 ElementsKind elements_kind,
2543 PropertyAccessType access_type,
2544 LoadKeyedHoleMode load_mode,
2545 KeyedAccessStoreMode store_mode) {
2546 DCHECK(top_info()->IsStub() || checked_object->IsCompareMap() ||
2547 checked_object->IsCheckMaps());
2548 DCHECK(!IsFixedTypedArrayElementsKind(elements_kind) || !is_js_array);
2549 // No GVNFlag is necessary for ElementsKind if there is an explicit dependency
2550 // on a HElementsTransition instruction. The flag can also be removed if the
2551 // map to check has FAST_HOLEY_ELEMENTS, since there can be no further
2552 // ElementsKind transitions. Finally, the dependency can be removed for stores
2553 // for FAST_ELEMENTS, since a transition to HOLEY elements won't change the
2554 // generated store code.
2555 if ((elements_kind == FAST_HOLEY_ELEMENTS) ||
2556 (elements_kind == FAST_ELEMENTS && access_type == STORE)) {
2557 checked_object->ClearDependsOnFlag(kElementsKind);
2558 }
2559
2560 bool fast_smi_only_elements = IsFastSmiElementsKind(elements_kind);
2561 bool fast_elements = IsFastObjectElementsKind(elements_kind);
2562 HValue* elements = AddLoadElements(checked_object);
2563 if (access_type == STORE && (fast_elements || fast_smi_only_elements) &&
2564 store_mode != STORE_NO_TRANSITION_HANDLE_COW) {
2565 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2566 elements, isolate()->factory()->fixed_array_map());
2567 check_cow_map->ClearDependsOnFlag(kElementsKind);
2568 }
2569 HInstruction* length = NULL;
2570 if (is_js_array) {
2571 length = Add<HLoadNamedField>(
2572 checked_object->ActualValue(), checked_object,
2573 HObjectAccess::ForArrayLength(elements_kind));
2574 } else {
2575 length = AddLoadFixedArrayLength(elements);
2576 }
2577 length->set_type(HType::Smi());
2578 HValue* checked_key = NULL;
2579 if (IsFixedTypedArrayElementsKind(elements_kind)) {
2580 checked_object = Add<HCheckArrayBufferNotNeutered>(checked_object);
2581
2582 HValue* external_pointer = Add<HLoadNamedField>(
2583 elements, nullptr,
2584 HObjectAccess::ForFixedTypedArrayBaseExternalPointer());
2585 HValue* base_pointer = Add<HLoadNamedField>(
2586 elements, nullptr, HObjectAccess::ForFixedTypedArrayBaseBasePointer());
2587 HValue* backing_store = AddUncasted<HAdd>(
2588 external_pointer, base_pointer, Strength::WEAK, AddOfExternalAndTagged);
2589
2590 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
2591 NoObservableSideEffectsScope no_effects(this);
2592 IfBuilder length_checker(this);
2593 length_checker.If<HCompareNumericAndBranch>(key, length, Token::LT);
2594 length_checker.Then();
2595 IfBuilder negative_checker(this);
2596 HValue* bounds_check = negative_checker.If<HCompareNumericAndBranch>(
2597 key, graph()->GetConstant0(), Token::GTE);
2598 negative_checker.Then();
2599 HInstruction* result = AddElementAccess(
2600 backing_store, key, val, bounds_check, elements_kind, access_type);
2601 negative_checker.ElseDeopt(Deoptimizer::kNegativeKeyEncountered);
2602 negative_checker.End();
2603 length_checker.End();
2604 return result;
2605 } else {
2606 DCHECK(store_mode == STANDARD_STORE);
2607 checked_key = Add<HBoundsCheck>(key, length);
2608 return AddElementAccess(
2609 backing_store, checked_key, val,
2610 checked_object, elements_kind, access_type);
2611 }
2612 }
2613 DCHECK(fast_smi_only_elements ||
2614 fast_elements ||
2615 IsFastDoubleElementsKind(elements_kind));
2616
2617 // In case val is stored into a fast smi array, assure that the value is a smi
2618 // before manipulating the backing store. Otherwise the actual store may
2619 // deopt, leaving the backing store in an invalid state.
2620 if (access_type == STORE && IsFastSmiElementsKind(elements_kind) &&
2621 !val->type().IsSmi()) {
2622 val = AddUncasted<HForceRepresentation>(val, Representation::Smi());
2623 }
2624
2625 if (IsGrowStoreMode(store_mode)) {
2626 NoObservableSideEffectsScope no_effects(this);
2627 Representation representation = HStoreKeyed::RequiredValueRepresentation(
2628 elements_kind, STORE_TO_INITIALIZED_ENTRY);
2629 val = AddUncasted<HForceRepresentation>(val, representation);
2630 elements = BuildCheckForCapacityGrow(checked_object, elements,
2631 elements_kind, length, key,
2632 is_js_array, access_type);
2633 checked_key = key;
2634 } else {
2635 checked_key = Add<HBoundsCheck>(key, length);
2636
2637 if (access_type == STORE && (fast_elements || fast_smi_only_elements)) {
2638 if (store_mode == STORE_NO_TRANSITION_HANDLE_COW) {
2639 NoObservableSideEffectsScope no_effects(this);
2640 elements = BuildCopyElementsOnWrite(checked_object, elements,
2641 elements_kind, length);
2642 } else {
2643 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2644 elements, isolate()->factory()->fixed_array_map());
2645 check_cow_map->ClearDependsOnFlag(kElementsKind);
2646 }
2647 }
2648 }
2649 return AddElementAccess(elements, checked_key, val, checked_object,
2650 elements_kind, access_type, load_mode);
2651 }
2652
2653
2654 HValue* HGraphBuilder::BuildAllocateArrayFromLength(
2655 JSArrayBuilder* array_builder,
2656 HValue* length_argument) {
2657 if (length_argument->IsConstant() &&
2658 HConstant::cast(length_argument)->HasSmiValue()) {
2659 int array_length = HConstant::cast(length_argument)->Integer32Value();
2660 if (array_length == 0) {
2661 return array_builder->AllocateEmptyArray();
2662 } else {
2663 return array_builder->AllocateArray(length_argument,
2664 array_length,
2665 length_argument);
2666 }
2667 }
2668
2669 HValue* constant_zero = graph()->GetConstant0();
2670 HConstant* max_alloc_length =
2671 Add<HConstant>(JSArray::kInitialMaxFastElementArray);
2672 HInstruction* checked_length = Add<HBoundsCheck>(length_argument,
2673 max_alloc_length);
2674 IfBuilder if_builder(this);
2675 if_builder.If<HCompareNumericAndBranch>(checked_length, constant_zero,
2676 Token::EQ);
2677 if_builder.Then();
2678 const int initial_capacity = JSArray::kPreallocatedArrayElements;
2679 HConstant* initial_capacity_node = Add<HConstant>(initial_capacity);
2680 Push(initial_capacity_node); // capacity
2681 Push(constant_zero); // length
2682 if_builder.Else();
2683 if (!(top_info()->IsStub()) &&
2684 IsFastPackedElementsKind(array_builder->kind())) {
2685 // We'll come back later with better (holey) feedback.
2686 if_builder.Deopt(
2687 Deoptimizer::kHoleyArrayDespitePackedElements_kindFeedback);
2688 } else {
2689 Push(checked_length); // capacity
2690 Push(checked_length); // length
2691 }
2692 if_builder.End();
2693
2694 // Figure out total size
2695 HValue* length = Pop();
2696 HValue* capacity = Pop();
2697 return array_builder->AllocateArray(capacity, max_alloc_length, length);
2698 }
2699
2700
2701 HValue* HGraphBuilder::BuildCalculateElementsSize(ElementsKind kind,
2702 HValue* capacity) {
2703 int elements_size = IsFastDoubleElementsKind(kind)
2704 ? kDoubleSize
2705 : kPointerSize;
2706
2707 HConstant* elements_size_value = Add<HConstant>(elements_size);
2708 HInstruction* mul =
2709 HMul::NewImul(isolate(), zone(), context(), capacity->ActualValue(),
2710 elements_size_value);
2711 AddInstruction(mul);
2712 mul->ClearFlag(HValue::kCanOverflow);
2713
2714 STATIC_ASSERT(FixedDoubleArray::kHeaderSize == FixedArray::kHeaderSize);
2715
2716 HConstant* header_size = Add<HConstant>(FixedArray::kHeaderSize);
2717 HValue* total_size = AddUncasted<HAdd>(mul, header_size);
2718 total_size->ClearFlag(HValue::kCanOverflow);
2719 return total_size;
2720 }
2721
2722
2723 HAllocate* HGraphBuilder::AllocateJSArrayObject(AllocationSiteMode mode) {
2724 int base_size = JSArray::kSize;
2725 if (mode == TRACK_ALLOCATION_SITE) {
2726 base_size += AllocationMemento::kSize;
2727 }
2728 HConstant* size_in_bytes = Add<HConstant>(base_size);
2729 return Add<HAllocate>(
2730 size_in_bytes, HType::JSArray(), NOT_TENURED, JS_OBJECT_TYPE);
2731 }
2732
2733
2734 HConstant* HGraphBuilder::EstablishElementsAllocationSize(
2735 ElementsKind kind,
2736 int capacity) {
2737 int base_size = IsFastDoubleElementsKind(kind)
2738 ? FixedDoubleArray::SizeFor(capacity)
2739 : FixedArray::SizeFor(capacity);
2740
2741 return Add<HConstant>(base_size);
2742 }
2743
2744
2745 HAllocate* HGraphBuilder::BuildAllocateElements(ElementsKind kind,
2746 HValue* size_in_bytes) {
2747 InstanceType instance_type = IsFastDoubleElementsKind(kind)
2748 ? FIXED_DOUBLE_ARRAY_TYPE
2749 : FIXED_ARRAY_TYPE;
2750
2751 return Add<HAllocate>(size_in_bytes, HType::HeapObject(), NOT_TENURED,
2752 instance_type);
2753 }
2754
2755
2756 void HGraphBuilder::BuildInitializeElementsHeader(HValue* elements,
2757 ElementsKind kind,
2758 HValue* capacity) {
2759 Factory* factory = isolate()->factory();
2760 Handle<Map> map = IsFastDoubleElementsKind(kind)
2761 ? factory->fixed_double_array_map()
2762 : factory->fixed_array_map();
2763
2764 Add<HStoreNamedField>(elements, HObjectAccess::ForMap(), Add<HConstant>(map));
2765 Add<HStoreNamedField>(elements, HObjectAccess::ForFixedArrayLength(),
2766 capacity);
2767 }
2768
2769
2770 HValue* HGraphBuilder::BuildAllocateAndInitializeArray(ElementsKind kind,
2771 HValue* capacity) {
2772 // The HForceRepresentation is to prevent possible deopt on int-smi
2773 // conversion after allocation but before the new object fields are set.
2774 capacity = AddUncasted<HForceRepresentation>(capacity, Representation::Smi());
2775 HValue* size_in_bytes = BuildCalculateElementsSize(kind, capacity);
2776 HValue* new_array = BuildAllocateElements(kind, size_in_bytes);
2777 BuildInitializeElementsHeader(new_array, kind, capacity);
2778 return new_array;
2779 }
2780
2781
2782 void HGraphBuilder::BuildJSArrayHeader(HValue* array,
2783 HValue* array_map,
2784 HValue* elements,
2785 AllocationSiteMode mode,
2786 ElementsKind elements_kind,
2787 HValue* allocation_site_payload,
2788 HValue* length_field) {
2789 Add<HStoreNamedField>(array, HObjectAccess::ForMap(), array_map);
2790
2791 HConstant* empty_fixed_array =
2792 Add<HConstant>(isolate()->factory()->empty_fixed_array());
2793
2794 Add<HStoreNamedField>(
2795 array, HObjectAccess::ForPropertiesPointer(), empty_fixed_array);
2796
2797 Add<HStoreNamedField>(
2798 array, HObjectAccess::ForElementsPointer(),
2799 elements != NULL ? elements : empty_fixed_array);
2800
2801 Add<HStoreNamedField>(
2802 array, HObjectAccess::ForArrayLength(elements_kind), length_field);
2803
2804 if (mode == TRACK_ALLOCATION_SITE) {
2805 BuildCreateAllocationMemento(
2806 array, Add<HConstant>(JSArray::kSize), allocation_site_payload);
2807 }
2808 }
2809
2810
2811 HInstruction* HGraphBuilder::AddElementAccess(
2812 HValue* elements,
2813 HValue* checked_key,
2814 HValue* val,
2815 HValue* dependency,
2816 ElementsKind elements_kind,
2817 PropertyAccessType access_type,
2818 LoadKeyedHoleMode load_mode) {
2819 if (access_type == STORE) {
2820 DCHECK(val != NULL);
2821 if (elements_kind == UINT8_CLAMPED_ELEMENTS) {
2822 val = Add<HClampToUint8>(val);
2823 }
2824 return Add<HStoreKeyed>(elements, checked_key, val, elements_kind,
2825 STORE_TO_INITIALIZED_ENTRY);
2826 }
2827
2828 DCHECK(access_type == LOAD);
2829 DCHECK(val == NULL);
2830 HLoadKeyed* load = Add<HLoadKeyed>(
2831 elements, checked_key, dependency, elements_kind, load_mode);
2832 if (elements_kind == UINT32_ELEMENTS) {
2833 graph()->RecordUint32Instruction(load);
2834 }
2835 return load;
2836 }
2837
2838
2839 HLoadNamedField* HGraphBuilder::AddLoadMap(HValue* object,
2840 HValue* dependency) {
2841 return Add<HLoadNamedField>(object, dependency, HObjectAccess::ForMap());
2842 }
2843
2844
2845 HLoadNamedField* HGraphBuilder::AddLoadElements(HValue* object,
2846 HValue* dependency) {
2847 return Add<HLoadNamedField>(
2848 object, dependency, HObjectAccess::ForElementsPointer());
2849 }
2850
2851
2852 HLoadNamedField* HGraphBuilder::AddLoadFixedArrayLength(
2853 HValue* array,
2854 HValue* dependency) {
2855 return Add<HLoadNamedField>(
2856 array, dependency, HObjectAccess::ForFixedArrayLength());
2857 }
2858
2859
2860 HLoadNamedField* HGraphBuilder::AddLoadArrayLength(HValue* array,
2861 ElementsKind kind,
2862 HValue* dependency) {
2863 return Add<HLoadNamedField>(
2864 array, dependency, HObjectAccess::ForArrayLength(kind));
2865 }
2866
2867
2868 HValue* HGraphBuilder::BuildNewElementsCapacity(HValue* old_capacity) {
2869 HValue* half_old_capacity = AddUncasted<HShr>(old_capacity,
2870 graph_->GetConstant1());
2871
2872 HValue* new_capacity = AddUncasted<HAdd>(half_old_capacity, old_capacity);
2873 new_capacity->ClearFlag(HValue::kCanOverflow);
2874
2875 HValue* min_growth = Add<HConstant>(16);
2876
2877 new_capacity = AddUncasted<HAdd>(new_capacity, min_growth);
2878 new_capacity->ClearFlag(HValue::kCanOverflow);
2879
2880 return new_capacity;
2881 }
2882
2883
2884 HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
2885 HValue* elements,
2886 ElementsKind kind,
2887 ElementsKind new_kind,
2888 HValue* length,
2889 HValue* new_capacity) {
2890 Add<HBoundsCheck>(new_capacity, Add<HConstant>(
2891 (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
2892 ElementsKindToShiftSize(new_kind)));
2893
2894 HValue* new_elements =
2895 BuildAllocateAndInitializeArray(new_kind, new_capacity);
2896
2897 BuildCopyElements(elements, kind, new_elements,
2898 new_kind, length, new_capacity);
2899
2900 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
2901 new_elements);
2902
2903 return new_elements;
2904 }
2905
2906
2907 void HGraphBuilder::BuildFillElementsWithValue(HValue* elements,
2908 ElementsKind elements_kind,
2909 HValue* from,
2910 HValue* to,
2911 HValue* value) {
2912 if (to == NULL) {
2913 to = AddLoadFixedArrayLength(elements);
2914 }
2915
2916 // Special loop unfolding case
2917 STATIC_ASSERT(JSArray::kPreallocatedArrayElements <=
2918 kElementLoopUnrollThreshold);
2919 int initial_capacity = -1;
2920 if (from->IsInteger32Constant() && to->IsInteger32Constant()) {
2921 int constant_from = from->GetInteger32Constant();
2922 int constant_to = to->GetInteger32Constant();
2923
2924 if (constant_from == 0 && constant_to <= kElementLoopUnrollThreshold) {
2925 initial_capacity = constant_to;
2926 }
2927 }
2928
2929 if (initial_capacity >= 0) {
2930 for (int i = 0; i < initial_capacity; i++) {
2931 HInstruction* key = Add<HConstant>(i);
2932 Add<HStoreKeyed>(elements, key, value, elements_kind);
2933 }
2934 } else {
2935 // Carefully loop backwards so that the "from" remains live through the loop
2936 // rather than the to. This often corresponds to keeping length live rather
2937 // then capacity, which helps register allocation, since length is used more
2938 // other than capacity after filling with holes.
2939 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2940
2941 HValue* key = builder.BeginBody(to, from, Token::GT);
2942
2943 HValue* adjusted_key = AddUncasted<HSub>(key, graph()->GetConstant1());
2944 adjusted_key->ClearFlag(HValue::kCanOverflow);
2945
2946 Add<HStoreKeyed>(elements, adjusted_key, value, elements_kind);
2947
2948 builder.EndBody();
2949 }
2950 }
2951
2952
2953 void HGraphBuilder::BuildFillElementsWithHole(HValue* elements,
2954 ElementsKind elements_kind,
2955 HValue* from,
2956 HValue* to) {
2957 // Fast elements kinds need to be initialized in case statements below cause a
2958 // garbage collection.
2959
2960 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
2961 ? graph()->GetConstantHole()
2962 : Add<HConstant>(HConstant::kHoleNaN);
2963
2964 // Since we're about to store a hole value, the store instruction below must
2965 // assume an elements kind that supports heap object values.
2966 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
2967 elements_kind = FAST_HOLEY_ELEMENTS;
2968 }
2969
2970 BuildFillElementsWithValue(elements, elements_kind, from, to, hole);
2971 }
2972
2973
2974 void HGraphBuilder::BuildCopyProperties(HValue* from_properties,
2975 HValue* to_properties, HValue* length,
2976 HValue* capacity) {
2977 ElementsKind kind = FAST_ELEMENTS;
2978
2979 BuildFillElementsWithValue(to_properties, kind, length, capacity,
2980 graph()->GetConstantUndefined());
2981
2982 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2983
2984 HValue* key = builder.BeginBody(length, graph()->GetConstant0(), Token::GT);
2985
2986 key = AddUncasted<HSub>(key, graph()->GetConstant1());
2987 key->ClearFlag(HValue::kCanOverflow);
2988
2989 HValue* element = Add<HLoadKeyed>(from_properties, key, nullptr, kind);
2990
2991 Add<HStoreKeyed>(to_properties, key, element, kind);
2992
2993 builder.EndBody();
2994 }
2995
2996
2997 void HGraphBuilder::BuildCopyElements(HValue* from_elements,
2998 ElementsKind from_elements_kind,
2999 HValue* to_elements,
3000 ElementsKind to_elements_kind,
3001 HValue* length,
3002 HValue* capacity) {
3003 int constant_capacity = -1;
3004 if (capacity != NULL &&
3005 capacity->IsConstant() &&
3006 HConstant::cast(capacity)->HasInteger32Value()) {
3007 int constant_candidate = HConstant::cast(capacity)->Integer32Value();
3008 if (constant_candidate <= kElementLoopUnrollThreshold) {
3009 constant_capacity = constant_candidate;
3010 }
3011 }
3012
3013 bool pre_fill_with_holes =
3014 IsFastDoubleElementsKind(from_elements_kind) &&
3015 IsFastObjectElementsKind(to_elements_kind);
3016 if (pre_fill_with_holes) {
3017 // If the copy might trigger a GC, make sure that the FixedArray is
3018 // pre-initialized with holes to make sure that it's always in a
3019 // consistent state.
3020 BuildFillElementsWithHole(to_elements, to_elements_kind,
3021 graph()->GetConstant0(), NULL);
3022 }
3023
3024 if (constant_capacity != -1) {
3025 // Unroll the loop for small elements kinds.
3026 for (int i = 0; i < constant_capacity; i++) {
3027 HValue* key_constant = Add<HConstant>(i);
3028 HInstruction* value = Add<HLoadKeyed>(from_elements, key_constant,
3029 nullptr, from_elements_kind);
3030 Add<HStoreKeyed>(to_elements, key_constant, value, to_elements_kind);
3031 }
3032 } else {
3033 if (!pre_fill_with_holes &&
3034 (capacity == NULL || !length->Equals(capacity))) {
3035 BuildFillElementsWithHole(to_elements, to_elements_kind,
3036 length, NULL);
3037 }
3038
3039 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
3040
3041 HValue* key = builder.BeginBody(length, graph()->GetConstant0(),
3042 Token::GT);
3043
3044 key = AddUncasted<HSub>(key, graph()->GetConstant1());
3045 key->ClearFlag(HValue::kCanOverflow);
3046
3047 HValue* element = Add<HLoadKeyed>(from_elements, key, nullptr,
3048 from_elements_kind, ALLOW_RETURN_HOLE);
3049
3050 ElementsKind kind = (IsHoleyElementsKind(from_elements_kind) &&
3051 IsFastSmiElementsKind(to_elements_kind))
3052 ? FAST_HOLEY_ELEMENTS : to_elements_kind;
3053
3054 if (IsHoleyElementsKind(from_elements_kind) &&
3055 from_elements_kind != to_elements_kind) {
3056 IfBuilder if_hole(this);
3057 if_hole.If<HCompareHoleAndBranch>(element);
3058 if_hole.Then();
3059 HConstant* hole_constant = IsFastDoubleElementsKind(to_elements_kind)
3060 ? Add<HConstant>(HConstant::kHoleNaN)
3061 : graph()->GetConstantHole();
3062 Add<HStoreKeyed>(to_elements, key, hole_constant, kind);
3063 if_hole.Else();
3064 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
3065 store->SetFlag(HValue::kAllowUndefinedAsNaN);
3066 if_hole.End();
3067 } else {
3068 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
3069 store->SetFlag(HValue::kAllowUndefinedAsNaN);
3070 }
3071
3072 builder.EndBody();
3073 }
3074
3075 Counters* counters = isolate()->counters();
3076 AddIncrementCounter(counters->inlined_copied_elements());
3077 }
3078
3079
3080 HValue* HGraphBuilder::BuildCloneShallowArrayCow(HValue* boilerplate,
3081 HValue* allocation_site,
3082 AllocationSiteMode mode,
3083 ElementsKind kind) {
3084 HAllocate* array = AllocateJSArrayObject(mode);
3085
3086 HValue* map = AddLoadMap(boilerplate);
3087 HValue* elements = AddLoadElements(boilerplate);
3088 HValue* length = AddLoadArrayLength(boilerplate, kind);
3089
3090 BuildJSArrayHeader(array,
3091 map,
3092 elements,
3093 mode,
3094 FAST_ELEMENTS,
3095 allocation_site,
3096 length);
3097 return array;
3098 }
3099
3100
3101 HValue* HGraphBuilder::BuildCloneShallowArrayEmpty(HValue* boilerplate,
3102 HValue* allocation_site,
3103 AllocationSiteMode mode) {
3104 HAllocate* array = AllocateJSArrayObject(mode);
3105
3106 HValue* map = AddLoadMap(boilerplate);
3107
3108 BuildJSArrayHeader(array,
3109 map,
3110 NULL, // set elements to empty fixed array
3111 mode,
3112 FAST_ELEMENTS,
3113 allocation_site,
3114 graph()->GetConstant0());
3115 return array;
3116 }
3117
3118
3119 HValue* HGraphBuilder::BuildCloneShallowArrayNonEmpty(HValue* boilerplate,
3120 HValue* allocation_site,
3121 AllocationSiteMode mode,
3122 ElementsKind kind) {
3123 HValue* boilerplate_elements = AddLoadElements(boilerplate);
3124 HValue* capacity = AddLoadFixedArrayLength(boilerplate_elements);
3125
3126 // Generate size calculation code here in order to make it dominate
3127 // the JSArray allocation.
3128 HValue* elements_size = BuildCalculateElementsSize(kind, capacity);
3129
3130 // Create empty JSArray object for now, store elimination should remove
3131 // redundant initialization of elements and length fields and at the same
3132 // time the object will be fully prepared for GC if it happens during
3133 // elements allocation.
3134 HValue* result = BuildCloneShallowArrayEmpty(
3135 boilerplate, allocation_site, mode);
3136
3137 HAllocate* elements = BuildAllocateElements(kind, elements_size);
3138
3139 // This function implicitly relies on the fact that the
3140 // FastCloneShallowArrayStub is called only for literals shorter than
3141 // JSArray::kInitialMaxFastElementArray.
3142 // Can't add HBoundsCheck here because otherwise the stub will eager a frame.
3143 HConstant* size_upper_bound = EstablishElementsAllocationSize(
3144 kind, JSArray::kInitialMaxFastElementArray);
3145 elements->set_size_upper_bound(size_upper_bound);
3146
3147 Add<HStoreNamedField>(result, HObjectAccess::ForElementsPointer(), elements);
3148
3149 // The allocation for the cloned array above causes register pressure on
3150 // machines with low register counts. Force a reload of the boilerplate
3151 // elements here to free up a register for the allocation to avoid unnecessary
3152 // spillage.
3153 boilerplate_elements = AddLoadElements(boilerplate);
3154 boilerplate_elements->SetFlag(HValue::kCantBeReplaced);
3155
3156 // Copy the elements array header.
3157 for (int i = 0; i < FixedArrayBase::kHeaderSize; i += kPointerSize) {
3158 HObjectAccess access = HObjectAccess::ForFixedArrayHeader(i);
3159 Add<HStoreNamedField>(
3160 elements, access,
3161 Add<HLoadNamedField>(boilerplate_elements, nullptr, access));
3162 }
3163
3164 // And the result of the length
3165 HValue* length = AddLoadArrayLength(boilerplate, kind);
3166 Add<HStoreNamedField>(result, HObjectAccess::ForArrayLength(kind), length);
3167
3168 BuildCopyElements(boilerplate_elements, kind, elements,
3169 kind, length, NULL);
3170 return result;
3171 }
3172
3173
3174 void HGraphBuilder::BuildCompareNil(HValue* value, Type* type,
3175 HIfContinuation* continuation,
3176 MapEmbedding map_embedding) {
3177 IfBuilder if_nil(this);
3178 bool some_case_handled = false;
3179 bool some_case_missing = false;
3180
3181 if (type->Maybe(Type::Null())) {
3182 if (some_case_handled) if_nil.Or();
3183 if_nil.If<HCompareObjectEqAndBranch>(value, graph()->GetConstantNull());
3184 some_case_handled = true;
3185 } else {
3186 some_case_missing = true;
3187 }
3188
3189 if (type->Maybe(Type::Undefined())) {
3190 if (some_case_handled) if_nil.Or();
3191 if_nil.If<HCompareObjectEqAndBranch>(value,
3192 graph()->GetConstantUndefined());
3193 some_case_handled = true;
3194 } else {
3195 some_case_missing = true;
3196 }
3197
3198 if (type->Maybe(Type::Undetectable())) {
3199 if (some_case_handled) if_nil.Or();
3200 if_nil.If<HIsUndetectableAndBranch>(value);
3201 some_case_handled = true;
3202 } else {
3203 some_case_missing = true;
3204 }
3205
3206 if (some_case_missing) {
3207 if_nil.Then();
3208 if_nil.Else();
3209 if (type->NumClasses() == 1) {
3210 BuildCheckHeapObject(value);
3211 // For ICs, the map checked below is a sentinel map that gets replaced by
3212 // the monomorphic map when the code is used as a template to generate a
3213 // new IC. For optimized functions, there is no sentinel map, the map
3214 // emitted below is the actual monomorphic map.
3215 if (map_embedding == kEmbedMapsViaWeakCells) {
3216 HValue* cell =
3217 Add<HConstant>(Map::WeakCellForMap(type->Classes().Current()));
3218 HValue* expected_map = Add<HLoadNamedField>(
3219 cell, nullptr, HObjectAccess::ForWeakCellValue());
3220 HValue* map =
3221 Add<HLoadNamedField>(value, nullptr, HObjectAccess::ForMap());
3222 IfBuilder map_check(this);
3223 map_check.IfNot<HCompareObjectEqAndBranch>(expected_map, map);
3224 map_check.ThenDeopt(Deoptimizer::kUnknownMap);
3225 map_check.End();
3226 } else {
3227 DCHECK(map_embedding == kEmbedMapsDirectly);
3228 Add<HCheckMaps>(value, type->Classes().Current());
3229 }
3230 } else {
3231 if_nil.Deopt(Deoptimizer::kTooManyUndetectableTypes);
3232 }
3233 }
3234
3235 if_nil.CaptureContinuation(continuation);
3236 }
3237
3238
3239 void HGraphBuilder::BuildCreateAllocationMemento(
3240 HValue* previous_object,
3241 HValue* previous_object_size,
3242 HValue* allocation_site) {
3243 DCHECK(allocation_site != NULL);
3244 HInnerAllocatedObject* allocation_memento = Add<HInnerAllocatedObject>(
3245 previous_object, previous_object_size, HType::HeapObject());
3246 AddStoreMapConstant(
3247 allocation_memento, isolate()->factory()->allocation_memento_map());
3248 Add<HStoreNamedField>(
3249 allocation_memento,
3250 HObjectAccess::ForAllocationMementoSite(),
3251 allocation_site);
3252 if (FLAG_allocation_site_pretenuring) {
3253 HValue* memento_create_count =
3254 Add<HLoadNamedField>(allocation_site, nullptr,
3255 HObjectAccess::ForAllocationSiteOffset(
3256 AllocationSite::kPretenureCreateCountOffset));
3257 memento_create_count = AddUncasted<HAdd>(
3258 memento_create_count, graph()->GetConstant1());
3259 // This smi value is reset to zero after every gc, overflow isn't a problem
3260 // since the counter is bounded by the new space size.
3261 memento_create_count->ClearFlag(HValue::kCanOverflow);
3262 Add<HStoreNamedField>(
3263 allocation_site, HObjectAccess::ForAllocationSiteOffset(
3264 AllocationSite::kPretenureCreateCountOffset), memento_create_count);
3265 }
3266 }
3267
3268
3269 HInstruction* HGraphBuilder::BuildGetNativeContext() {
3270 // Get the global object, then the native context
3271 HValue* global_object = Add<HLoadNamedField>(
3272 context(), nullptr,
3273 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3274 return Add<HLoadNamedField>(global_object, nullptr,
3275 HObjectAccess::ForObservableJSObjectOffset(
3276 GlobalObject::kNativeContextOffset));
3277 }
3278
3279
3280 HInstruction* HGraphBuilder::BuildGetNativeContext(HValue* closure) {
3281 // Get the global object, then the native context
3282 HInstruction* context = Add<HLoadNamedField>(
3283 closure, nullptr, HObjectAccess::ForFunctionContextPointer());
3284 HInstruction* global_object = Add<HLoadNamedField>(
3285 context, nullptr,
3286 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3287 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3288 GlobalObject::kNativeContextOffset);
3289 return Add<HLoadNamedField>(global_object, nullptr, access);
3290 }
3291
3292
3293 HInstruction* HGraphBuilder::BuildGetScriptContext(int context_index) {
3294 HValue* native_context = BuildGetNativeContext();
3295 HValue* script_context_table = Add<HLoadNamedField>(
3296 native_context, nullptr,
3297 HObjectAccess::ForContextSlot(Context::SCRIPT_CONTEXT_TABLE_INDEX));
3298 return Add<HLoadNamedField>(script_context_table, nullptr,
3299 HObjectAccess::ForScriptContext(context_index));
3300 }
3301
3302
3303 HValue* HGraphBuilder::BuildGetParentContext(HValue* depth, int depth_value) {
3304 HValue* script_context = context();
3305 if (depth != NULL) {
3306 HValue* zero = graph()->GetConstant0();
3307
3308 Push(script_context);
3309 Push(depth);
3310
3311 LoopBuilder loop(this);
3312 loop.BeginBody(2); // Drop script_context and depth from last environment
3313 // to appease live range building without simulates.
3314 depth = Pop();
3315 script_context = Pop();
3316
3317 script_context = Add<HLoadNamedField>(
3318 script_context, nullptr,
3319 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
3320 depth = AddUncasted<HSub>(depth, graph()->GetConstant1());
3321 depth->ClearFlag(HValue::kCanOverflow);
3322
3323 IfBuilder if_break(this);
3324 if_break.If<HCompareNumericAndBranch, HValue*>(depth, zero, Token::EQ);
3325 if_break.Then();
3326 {
3327 Push(script_context); // The result.
3328 loop.Break();
3329 }
3330 if_break.Else();
3331 {
3332 Push(script_context);
3333 Push(depth);
3334 }
3335 loop.EndBody();
3336 if_break.End();
3337
3338 script_context = Pop();
3339 } else if (depth_value > 0) {
3340 // Unroll the above loop.
3341 for (int i = 0; i < depth_value; i++) {
3342 script_context = Add<HLoadNamedField>(
3343 script_context, nullptr,
3344 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
3345 }
3346 }
3347 return script_context;
3348 }
3349
3350
3351 HInstruction* HGraphBuilder::BuildGetArrayFunction() {
3352 HInstruction* native_context = BuildGetNativeContext();
3353 HInstruction* index =
3354 Add<HConstant>(static_cast<int32_t>(Context::ARRAY_FUNCTION_INDEX));
3355 return Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3356 }
3357
3358
3359 HValue* HGraphBuilder::BuildArrayBufferViewFieldAccessor(HValue* object,
3360 HValue* checked_object,
3361 FieldIndex index) {
3362 NoObservableSideEffectsScope scope(this);
3363 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3364 index.offset(), Representation::Tagged());
3365 HInstruction* buffer = Add<HLoadNamedField>(
3366 object, checked_object, HObjectAccess::ForJSArrayBufferViewBuffer());
3367 HInstruction* field = Add<HLoadNamedField>(object, checked_object, access);
3368
3369 HInstruction* flags = Add<HLoadNamedField>(
3370 buffer, nullptr, HObjectAccess::ForJSArrayBufferBitField());
3371 HValue* was_neutered_mask =
3372 Add<HConstant>(1 << JSArrayBuffer::WasNeutered::kShift);
3373 HValue* was_neutered_test =
3374 AddUncasted<HBitwise>(Token::BIT_AND, flags, was_neutered_mask);
3375
3376 IfBuilder if_was_neutered(this);
3377 if_was_neutered.If<HCompareNumericAndBranch>(
3378 was_neutered_test, graph()->GetConstant0(), Token::NE);
3379 if_was_neutered.Then();
3380 Push(graph()->GetConstant0());
3381 if_was_neutered.Else();
3382 Push(field);
3383 if_was_neutered.End();
3384
3385 return Pop();
3386 }
3387
3388
3389 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3390 ElementsKind kind,
3391 HValue* allocation_site_payload,
3392 HValue* constructor_function,
3393 AllocationSiteOverrideMode override_mode) :
3394 builder_(builder),
3395 kind_(kind),
3396 allocation_site_payload_(allocation_site_payload),
3397 constructor_function_(constructor_function) {
3398 DCHECK(!allocation_site_payload->IsConstant() ||
3399 HConstant::cast(allocation_site_payload)->handle(
3400 builder_->isolate())->IsAllocationSite());
3401 mode_ = override_mode == DISABLE_ALLOCATION_SITES
3402 ? DONT_TRACK_ALLOCATION_SITE
3403 : AllocationSite::GetMode(kind);
3404 }
3405
3406
3407 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3408 ElementsKind kind,
3409 HValue* constructor_function) :
3410 builder_(builder),
3411 kind_(kind),
3412 mode_(DONT_TRACK_ALLOCATION_SITE),
3413 allocation_site_payload_(NULL),
3414 constructor_function_(constructor_function) {
3415 }
3416
3417
3418 HValue* HGraphBuilder::JSArrayBuilder::EmitMapCode() {
3419 if (!builder()->top_info()->IsStub()) {
3420 // A constant map is fine.
3421 Handle<Map> map(builder()->isolate()->get_initial_js_array_map(kind_),
3422 builder()->isolate());
3423 return builder()->Add<HConstant>(map);
3424 }
3425
3426 if (constructor_function_ != NULL && kind_ == GetInitialFastElementsKind()) {
3427 // No need for a context lookup if the kind_ matches the initial
3428 // map, because we can just load the map in that case.
3429 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3430 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3431 access);
3432 }
3433
3434 // TODO(mvstanton): we should always have a constructor function if we
3435 // are creating a stub.
3436 HInstruction* native_context = constructor_function_ != NULL
3437 ? builder()->BuildGetNativeContext(constructor_function_)
3438 : builder()->BuildGetNativeContext();
3439
3440 HInstruction* index = builder()->Add<HConstant>(
3441 static_cast<int32_t>(Context::JS_ARRAY_MAPS_INDEX));
3442
3443 HInstruction* map_array =
3444 builder()->Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3445
3446 HInstruction* kind_index = builder()->Add<HConstant>(kind_);
3447
3448 return builder()->Add<HLoadKeyed>(map_array, kind_index, nullptr,
3449 FAST_ELEMENTS);
3450 }
3451
3452
3453 HValue* HGraphBuilder::JSArrayBuilder::EmitInternalMapCode() {
3454 // Find the map near the constructor function
3455 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3456 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3457 access);
3458 }
3459
3460
3461 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateEmptyArray() {
3462 HConstant* capacity = builder()->Add<HConstant>(initial_capacity());
3463 return AllocateArray(capacity,
3464 capacity,
3465 builder()->graph()->GetConstant0());
3466 }
3467
3468
3469 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3470 HValue* capacity,
3471 HConstant* capacity_upper_bound,
3472 HValue* length_field,
3473 FillMode fill_mode) {
3474 return AllocateArray(capacity,
3475 capacity_upper_bound->GetInteger32Constant(),
3476 length_field,
3477 fill_mode);
3478 }
3479
3480
3481 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3482 HValue* capacity,
3483 int capacity_upper_bound,
3484 HValue* length_field,
3485 FillMode fill_mode) {
3486 HConstant* elememts_size_upper_bound = capacity->IsInteger32Constant()
3487 ? HConstant::cast(capacity)
3488 : builder()->EstablishElementsAllocationSize(kind_, capacity_upper_bound);
3489
3490 HAllocate* array = AllocateArray(capacity, length_field, fill_mode);
3491 if (!elements_location_->has_size_upper_bound()) {
3492 elements_location_->set_size_upper_bound(elememts_size_upper_bound);
3493 }
3494 return array;
3495 }
3496
3497
3498 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3499 HValue* capacity,
3500 HValue* length_field,
3501 FillMode fill_mode) {
3502 // These HForceRepresentations are because we store these as fields in the
3503 // objects we construct, and an int32-to-smi HChange could deopt. Accept
3504 // the deopt possibility now, before allocation occurs.
3505 capacity =
3506 builder()->AddUncasted<HForceRepresentation>(capacity,
3507 Representation::Smi());
3508 length_field =
3509 builder()->AddUncasted<HForceRepresentation>(length_field,
3510 Representation::Smi());
3511
3512 // Generate size calculation code here in order to make it dominate
3513 // the JSArray allocation.
3514 HValue* elements_size =
3515 builder()->BuildCalculateElementsSize(kind_, capacity);
3516
3517 // Bail out for large objects.
3518 HValue* max_regular_heap_object_size =
3519 builder()->Add<HConstant>(Page::kMaxRegularHeapObjectSize);
3520 builder()->Add<HBoundsCheck>(elements_size, max_regular_heap_object_size);
3521
3522 // Allocate (dealing with failure appropriately)
3523 HAllocate* array_object = builder()->AllocateJSArrayObject(mode_);
3524
3525 // Fill in the fields: map, properties, length
3526 HValue* map;
3527 if (allocation_site_payload_ == NULL) {
3528 map = EmitInternalMapCode();
3529 } else {
3530 map = EmitMapCode();
3531 }
3532
3533 builder()->BuildJSArrayHeader(array_object,
3534 map,
3535 NULL, // set elements to empty fixed array
3536 mode_,
3537 kind_,
3538 allocation_site_payload_,
3539 length_field);
3540
3541 // Allocate and initialize the elements
3542 elements_location_ = builder()->BuildAllocateElements(kind_, elements_size);
3543
3544 builder()->BuildInitializeElementsHeader(elements_location_, kind_, capacity);
3545
3546 // Set the elements
3547 builder()->Add<HStoreNamedField>(
3548 array_object, HObjectAccess::ForElementsPointer(), elements_location_);
3549
3550 if (fill_mode == FILL_WITH_HOLE) {
3551 builder()->BuildFillElementsWithHole(elements_location_, kind_,
3552 graph()->GetConstant0(), capacity);
3553 }
3554
3555 return array_object;
3556 }
3557
3558
3559 HValue* HGraphBuilder::AddLoadJSBuiltin(int context_index) {
3560 HValue* global_object = Add<HLoadNamedField>(
3561 context(), nullptr,
3562 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3563 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3564 GlobalObject::kNativeContextOffset);
3565 HValue* native_context = Add<HLoadNamedField>(global_object, nullptr, access);
3566 HObjectAccess function_access = HObjectAccess::ForContextSlot(context_index);
3567 return Add<HLoadNamedField>(native_context, nullptr, function_access);
3568 }
3569
3570
3571 HOptimizedGraphBuilder::HOptimizedGraphBuilder(CompilationInfo* info)
3572 : HGraphBuilder(info),
3573 function_state_(NULL),
3574 initial_function_state_(this, info, NORMAL_RETURN, 0),
3575 ast_context_(NULL),
3576 break_scope_(NULL),
3577 inlined_count_(0),
3578 globals_(10, info->zone()),
3579 osr_(new(info->zone()) HOsrBuilder(this)) {
3580 // This is not initialized in the initializer list because the
3581 // constructor for the initial state relies on function_state_ == NULL
3582 // to know it's the initial state.
3583 function_state_ = &initial_function_state_;
3584 InitializeAstVisitor(info->isolate());
3585 if (top_info()->is_tracking_positions()) {
3586 SetSourcePosition(info->shared_info()->start_position());
3587 }
3588 }
3589
3590
3591 HBasicBlock* HOptimizedGraphBuilder::CreateJoin(HBasicBlock* first,
3592 HBasicBlock* second,
3593 BailoutId join_id) {
3594 if (first == NULL) {
3595 return second;
3596 } else if (second == NULL) {
3597 return first;
3598 } else {
3599 HBasicBlock* join_block = graph()->CreateBasicBlock();
3600 Goto(first, join_block);
3601 Goto(second, join_block);
3602 join_block->SetJoinId(join_id);
3603 return join_block;
3604 }
3605 }
3606
3607
3608 HBasicBlock* HOptimizedGraphBuilder::JoinContinue(IterationStatement* statement,
3609 HBasicBlock* exit_block,
3610 HBasicBlock* continue_block) {
3611 if (continue_block != NULL) {
3612 if (exit_block != NULL) Goto(exit_block, continue_block);
3613 continue_block->SetJoinId(statement->ContinueId());
3614 return continue_block;
3615 }
3616 return exit_block;
3617 }
3618
3619
3620 HBasicBlock* HOptimizedGraphBuilder::CreateLoop(IterationStatement* statement,
3621 HBasicBlock* loop_entry,
3622 HBasicBlock* body_exit,
3623 HBasicBlock* loop_successor,
3624 HBasicBlock* break_block) {
3625 if (body_exit != NULL) Goto(body_exit, loop_entry);
3626 loop_entry->PostProcessLoopHeader(statement);
3627 if (break_block != NULL) {
3628 if (loop_successor != NULL) Goto(loop_successor, break_block);
3629 break_block->SetJoinId(statement->ExitId());
3630 return break_block;
3631 }
3632 return loop_successor;
3633 }
3634
3635
3636 // Build a new loop header block and set it as the current block.
3637 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry() {
3638 HBasicBlock* loop_entry = CreateLoopHeaderBlock();
3639 Goto(loop_entry);
3640 set_current_block(loop_entry);
3641 return loop_entry;
3642 }
3643
3644
3645 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry(
3646 IterationStatement* statement) {
3647 HBasicBlock* loop_entry = osr()->HasOsrEntryAt(statement)
3648 ? osr()->BuildOsrLoopEntry(statement)
3649 : BuildLoopEntry();
3650 return loop_entry;
3651 }
3652
3653
3654 void HBasicBlock::FinishExit(HControlInstruction* instruction,
3655 SourcePosition position) {
3656 Finish(instruction, position);
3657 ClearEnvironment();
3658 }
3659
3660
3661 std::ostream& operator<<(std::ostream& os, const HBasicBlock& b) {
3662 return os << "B" << b.block_id();
3663 }
3664
3665
3666 HGraph::HGraph(CompilationInfo* info)
3667 : isolate_(info->isolate()),
3668 next_block_id_(0),
3669 entry_block_(NULL),
3670 blocks_(8, info->zone()),
3671 values_(16, info->zone()),
3672 phi_list_(NULL),
3673 uint32_instructions_(NULL),
3674 osr_(NULL),
3675 info_(info),
3676 zone_(info->zone()),
3677 is_recursive_(false),
3678 use_optimistic_licm_(false),
3679 depends_on_empty_array_proto_elements_(false),
3680 type_change_checksum_(0),
3681 maximum_environment_size_(0),
3682 no_side_effects_scope_count_(0),
3683 disallow_adding_new_values_(false) {
3684 if (info->IsStub()) {
3685 CallInterfaceDescriptor descriptor =
3686 info->code_stub()->GetCallInterfaceDescriptor();
3687 start_environment_ =
3688 new (zone_) HEnvironment(zone_, descriptor.GetRegisterParameterCount());
3689 } else {
3690 if (info->is_tracking_positions()) {
3691 info->TraceInlinedFunction(info->shared_info(), SourcePosition::Unknown(),
3692 InlinedFunctionInfo::kNoParentId);
3693 }
3694 start_environment_ =
3695 new(zone_) HEnvironment(NULL, info->scope(), info->closure(), zone_);
3696 }
3697 start_environment_->set_ast_id(BailoutId::FunctionContext());
3698 entry_block_ = CreateBasicBlock();
3699 entry_block_->SetInitialEnvironment(start_environment_);
3700 }
3701
3702
3703 HBasicBlock* HGraph::CreateBasicBlock() {
3704 HBasicBlock* result = new(zone()) HBasicBlock(this);
3705 blocks_.Add(result, zone());
3706 return result;
3707 }
3708
3709
3710 void HGraph::FinalizeUniqueness() {
3711 DisallowHeapAllocation no_gc;
3712 for (int i = 0; i < blocks()->length(); ++i) {
3713 for (HInstructionIterator it(blocks()->at(i)); !it.Done(); it.Advance()) {
3714 it.Current()->FinalizeUniqueness();
3715 }
3716 }
3717 }
3718
3719
3720 int HGraph::SourcePositionToScriptPosition(SourcePosition pos) {
3721 return (FLAG_hydrogen_track_positions && !pos.IsUnknown())
3722 ? info()->start_position_for(pos.inlining_id()) + pos.position()
3723 : pos.raw();
3724 }
3725
3726
3727 // Block ordering was implemented with two mutually recursive methods,
3728 // HGraph::Postorder and HGraph::PostorderLoopBlocks.
3729 // The recursion could lead to stack overflow so the algorithm has been
3730 // implemented iteratively.
3731 // At a high level the algorithm looks like this:
3732 //
3733 // Postorder(block, loop_header) : {
3734 // if (block has already been visited or is of another loop) return;
3735 // mark block as visited;
3736 // if (block is a loop header) {
3737 // VisitLoopMembers(block, loop_header);
3738 // VisitSuccessorsOfLoopHeader(block);
3739 // } else {
3740 // VisitSuccessors(block)
3741 // }
3742 // put block in result list;
3743 // }
3744 //
3745 // VisitLoopMembers(block, outer_loop_header) {
3746 // foreach (block b in block loop members) {
3747 // VisitSuccessorsOfLoopMember(b, outer_loop_header);
3748 // if (b is loop header) VisitLoopMembers(b);
3749 // }
3750 // }
3751 //
3752 // VisitSuccessorsOfLoopMember(block, outer_loop_header) {
3753 // foreach (block b in block successors) Postorder(b, outer_loop_header)
3754 // }
3755 //
3756 // VisitSuccessorsOfLoopHeader(block) {
3757 // foreach (block b in block successors) Postorder(b, block)
3758 // }
3759 //
3760 // VisitSuccessors(block, loop_header) {
3761 // foreach (block b in block successors) Postorder(b, loop_header)
3762 // }
3763 //
3764 // The ordering is started calling Postorder(entry, NULL).
3765 //
3766 // Each instance of PostorderProcessor represents the "stack frame" of the
3767 // recursion, and particularly keeps the state of the loop (iteration) of the
3768 // "Visit..." function it represents.
3769 // To recycle memory we keep all the frames in a double linked list but
3770 // this means that we cannot use constructors to initialize the frames.
3771 //
3772 class PostorderProcessor : public ZoneObject {
3773 public:
3774 // Back link (towards the stack bottom).
3775 PostorderProcessor* parent() {return father_; }
3776 // Forward link (towards the stack top).
3777 PostorderProcessor* child() {return child_; }
3778 HBasicBlock* block() { return block_; }
3779 HLoopInformation* loop() { return loop_; }
3780 HBasicBlock* loop_header() { return loop_header_; }
3781
3782 static PostorderProcessor* CreateEntryProcessor(Zone* zone,
3783 HBasicBlock* block) {
3784 PostorderProcessor* result = new(zone) PostorderProcessor(NULL);
3785 return result->SetupSuccessors(zone, block, NULL);
3786 }
3787
3788 PostorderProcessor* PerformStep(Zone* zone,
3789 ZoneList<HBasicBlock*>* order) {
3790 PostorderProcessor* next =
3791 PerformNonBacktrackingStep(zone, order);
3792 if (next != NULL) {
3793 return next;
3794 } else {
3795 return Backtrack(zone, order);
3796 }
3797 }
3798
3799 private:
3800 explicit PostorderProcessor(PostorderProcessor* father)
3801 : father_(father), child_(NULL), successor_iterator(NULL) { }
3802
3803 // Each enum value states the cycle whose state is kept by this instance.
3804 enum LoopKind {
3805 NONE,
3806 SUCCESSORS,
3807 SUCCESSORS_OF_LOOP_HEADER,
3808 LOOP_MEMBERS,
3809 SUCCESSORS_OF_LOOP_MEMBER
3810 };
3811
3812 // Each "Setup..." method is like a constructor for a cycle state.
3813 PostorderProcessor* SetupSuccessors(Zone* zone,
3814 HBasicBlock* block,
3815 HBasicBlock* loop_header) {
3816 if (block == NULL || block->IsOrdered() ||
3817 block->parent_loop_header() != loop_header) {
3818 kind_ = NONE;
3819 block_ = NULL;
3820 loop_ = NULL;
3821 loop_header_ = NULL;
3822 return this;
3823 } else {
3824 block_ = block;
3825 loop_ = NULL;
3826 block->MarkAsOrdered();
3827
3828 if (block->IsLoopHeader()) {
3829 kind_ = SUCCESSORS_OF_LOOP_HEADER;
3830 loop_header_ = block;
3831 InitializeSuccessors();
3832 PostorderProcessor* result = Push(zone);
3833 return result->SetupLoopMembers(zone, block, block->loop_information(),
3834 loop_header);
3835 } else {
3836 DCHECK(block->IsFinished());
3837 kind_ = SUCCESSORS;
3838 loop_header_ = loop_header;
3839 InitializeSuccessors();
3840 return this;
3841 }
3842 }
3843 }
3844
3845 PostorderProcessor* SetupLoopMembers(Zone* zone,
3846 HBasicBlock* block,
3847 HLoopInformation* loop,
3848 HBasicBlock* loop_header) {
3849 kind_ = LOOP_MEMBERS;
3850 block_ = block;
3851 loop_ = loop;
3852 loop_header_ = loop_header;
3853 InitializeLoopMembers();
3854 return this;
3855 }
3856
3857 PostorderProcessor* SetupSuccessorsOfLoopMember(
3858 HBasicBlock* block,
3859 HLoopInformation* loop,
3860 HBasicBlock* loop_header) {
3861 kind_ = SUCCESSORS_OF_LOOP_MEMBER;
3862 block_ = block;
3863 loop_ = loop;
3864 loop_header_ = loop_header;
3865 InitializeSuccessors();
3866 return this;
3867 }
3868
3869 // This method "allocates" a new stack frame.
3870 PostorderProcessor* Push(Zone* zone) {
3871 if (child_ == NULL) {
3872 child_ = new(zone) PostorderProcessor(this);
3873 }
3874 return child_;
3875 }
3876
3877 void ClosePostorder(ZoneList<HBasicBlock*>* order, Zone* zone) {
3878 DCHECK(block_->end()->FirstSuccessor() == NULL ||
3879 order->Contains(block_->end()->FirstSuccessor()) ||
3880 block_->end()->FirstSuccessor()->IsLoopHeader());
3881 DCHECK(block_->end()->SecondSuccessor() == NULL ||
3882 order->Contains(block_->end()->SecondSuccessor()) ||
3883 block_->end()->SecondSuccessor()->IsLoopHeader());
3884 order->Add(block_, zone);
3885 }
3886
3887 // This method is the basic block to walk up the stack.
3888 PostorderProcessor* Pop(Zone* zone,
3889 ZoneList<HBasicBlock*>* order) {
3890 switch (kind_) {
3891 case SUCCESSORS:
3892 case SUCCESSORS_OF_LOOP_HEADER:
3893 ClosePostorder(order, zone);
3894 return father_;
3895 case LOOP_MEMBERS:
3896 return father_;
3897 case SUCCESSORS_OF_LOOP_MEMBER:
3898 if (block()->IsLoopHeader() && block() != loop_->loop_header()) {
3899 // In this case we need to perform a LOOP_MEMBERS cycle so we
3900 // initialize it and return this instead of father.
3901 return SetupLoopMembers(zone, block(),
3902 block()->loop_information(), loop_header_);
3903 } else {
3904 return father_;
3905 }
3906 case NONE:
3907 return father_;
3908 }
3909 UNREACHABLE();
3910 return NULL;
3911 }
3912
3913 // Walks up the stack.
3914 PostorderProcessor* Backtrack(Zone* zone,
3915 ZoneList<HBasicBlock*>* order) {
3916 PostorderProcessor* parent = Pop(zone, order);
3917 while (parent != NULL) {
3918 PostorderProcessor* next =
3919 parent->PerformNonBacktrackingStep(zone, order);
3920 if (next != NULL) {
3921 return next;
3922 } else {
3923 parent = parent->Pop(zone, order);
3924 }
3925 }
3926 return NULL;
3927 }
3928
3929 PostorderProcessor* PerformNonBacktrackingStep(
3930 Zone* zone,
3931 ZoneList<HBasicBlock*>* order) {
3932 HBasicBlock* next_block;
3933 switch (kind_) {
3934 case SUCCESSORS:
3935 next_block = AdvanceSuccessors();
3936 if (next_block != NULL) {
3937 PostorderProcessor* result = Push(zone);
3938 return result->SetupSuccessors(zone, next_block, loop_header_);
3939 }
3940 break;
3941 case SUCCESSORS_OF_LOOP_HEADER:
3942 next_block = AdvanceSuccessors();
3943 if (next_block != NULL) {
3944 PostorderProcessor* result = Push(zone);
3945 return result->SetupSuccessors(zone, next_block, block());
3946 }
3947 break;
3948 case LOOP_MEMBERS:
3949 next_block = AdvanceLoopMembers();
3950 if (next_block != NULL) {
3951 PostorderProcessor* result = Push(zone);
3952 return result->SetupSuccessorsOfLoopMember(next_block,
3953 loop_, loop_header_);
3954 }
3955 break;
3956 case SUCCESSORS_OF_LOOP_MEMBER:
3957 next_block = AdvanceSuccessors();
3958 if (next_block != NULL) {
3959 PostorderProcessor* result = Push(zone);
3960 return result->SetupSuccessors(zone, next_block, loop_header_);
3961 }
3962 break;
3963 case NONE:
3964 return NULL;
3965 }
3966 return NULL;
3967 }
3968
3969 // The following two methods implement a "foreach b in successors" cycle.
3970 void InitializeSuccessors() {
3971 loop_index = 0;
3972 loop_length = 0;
3973 successor_iterator = HSuccessorIterator(block_->end());
3974 }
3975
3976 HBasicBlock* AdvanceSuccessors() {
3977 if (!successor_iterator.Done()) {
3978 HBasicBlock* result = successor_iterator.Current();
3979 successor_iterator.Advance();
3980 return result;
3981 }
3982 return NULL;
3983 }
3984
3985 // The following two methods implement a "foreach b in loop members" cycle.
3986 void InitializeLoopMembers() {
3987 loop_index = 0;
3988 loop_length = loop_->blocks()->length();
3989 }
3990
3991 HBasicBlock* AdvanceLoopMembers() {
3992 if (loop_index < loop_length) {
3993 HBasicBlock* result = loop_->blocks()->at(loop_index);
3994 loop_index++;
3995 return result;
3996 } else {
3997 return NULL;
3998 }
3999 }
4000
4001 LoopKind kind_;
4002 PostorderProcessor* father_;
4003 PostorderProcessor* child_;
4004 HLoopInformation* loop_;
4005 HBasicBlock* block_;
4006 HBasicBlock* loop_header_;
4007 int loop_index;
4008 int loop_length;
4009 HSuccessorIterator successor_iterator;
4010 };
4011
4012
4013 void HGraph::OrderBlocks() {
4014 CompilationPhase phase("H_Block ordering", info());
4015
4016 #ifdef DEBUG
4017 // Initially the blocks must not be ordered.
4018 for (int i = 0; i < blocks_.length(); ++i) {
4019 DCHECK(!blocks_[i]->IsOrdered());
4020 }
4021 #endif
4022
4023 PostorderProcessor* postorder =
4024 PostorderProcessor::CreateEntryProcessor(zone(), blocks_[0]);
4025 blocks_.Rewind(0);
4026 while (postorder) {
4027 postorder = postorder->PerformStep(zone(), &blocks_);
4028 }
4029
4030 #ifdef DEBUG
4031 // Now all blocks must be marked as ordered.
4032 for (int i = 0; i < blocks_.length(); ++i) {
4033 DCHECK(blocks_[i]->IsOrdered());
4034 }
4035 #endif
4036
4037 // Reverse block list and assign block IDs.
4038 for (int i = 0, j = blocks_.length(); --j >= i; ++i) {
4039 HBasicBlock* bi = blocks_[i];
4040 HBasicBlock* bj = blocks_[j];
4041 bi->set_block_id(j);
4042 bj->set_block_id(i);
4043 blocks_[i] = bj;
4044 blocks_[j] = bi;
4045 }
4046 }
4047
4048
4049 void HGraph::AssignDominators() {
4050 HPhase phase("H_Assign dominators", this);
4051 for (int i = 0; i < blocks_.length(); ++i) {
4052 HBasicBlock* block = blocks_[i];
4053 if (block->IsLoopHeader()) {
4054 // Only the first predecessor of a loop header is from outside the loop.
4055 // All others are back edges, and thus cannot dominate the loop header.
4056 block->AssignCommonDominator(block->predecessors()->first());
4057 block->AssignLoopSuccessorDominators();
4058 } else {
4059 for (int j = blocks_[i]->predecessors()->length() - 1; j >= 0; --j) {
4060 blocks_[i]->AssignCommonDominator(blocks_[i]->predecessors()->at(j));
4061 }
4062 }
4063 }
4064 }
4065
4066
4067 bool HGraph::CheckArgumentsPhiUses() {
4068 int block_count = blocks_.length();
4069 for (int i = 0; i < block_count; ++i) {
4070 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
4071 HPhi* phi = blocks_[i]->phis()->at(j);
4072 // We don't support phi uses of arguments for now.
4073 if (phi->CheckFlag(HValue::kIsArguments)) return false;
4074 }
4075 }
4076 return true;
4077 }
4078
4079
4080 bool HGraph::CheckConstPhiUses() {
4081 int block_count = blocks_.length();
4082 for (int i = 0; i < block_count; ++i) {
4083 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
4084 HPhi* phi = blocks_[i]->phis()->at(j);
4085 // Check for the hole value (from an uninitialized const).
4086 for (int k = 0; k < phi->OperandCount(); k++) {
4087 if (phi->OperandAt(k) == GetConstantHole()) return false;
4088 }
4089 }
4090 }
4091 return true;
4092 }
4093
4094
4095 void HGraph::CollectPhis() {
4096 int block_count = blocks_.length();
4097 phi_list_ = new(zone()) ZoneList<HPhi*>(block_count, zone());
4098 for (int i = 0; i < block_count; ++i) {
4099 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
4100 HPhi* phi = blocks_[i]->phis()->at(j);
4101 phi_list_->Add(phi, zone());
4102 }
4103 }
4104 }
4105
4106
4107 // Implementation of utility class to encapsulate the translation state for
4108 // a (possibly inlined) function.
4109 FunctionState::FunctionState(HOptimizedGraphBuilder* owner,
4110 CompilationInfo* info, InliningKind inlining_kind,
4111 int inlining_id)
4112 : owner_(owner),
4113 compilation_info_(info),
4114 call_context_(NULL),
4115 inlining_kind_(inlining_kind),
4116 function_return_(NULL),
4117 test_context_(NULL),
4118 entry_(NULL),
4119 arguments_object_(NULL),
4120 arguments_elements_(NULL),
4121 inlining_id_(inlining_id),
4122 outer_source_position_(SourcePosition::Unknown()),
4123 outer_(owner->function_state()) {
4124 if (outer_ != NULL) {
4125 // State for an inline function.
4126 if (owner->ast_context()->IsTest()) {
4127 HBasicBlock* if_true = owner->graph()->CreateBasicBlock();
4128 HBasicBlock* if_false = owner->graph()->CreateBasicBlock();
4129 if_true->MarkAsInlineReturnTarget(owner->current_block());
4130 if_false->MarkAsInlineReturnTarget(owner->current_block());
4131 TestContext* outer_test_context = TestContext::cast(owner->ast_context());
4132 Expression* cond = outer_test_context->condition();
4133 // The AstContext constructor pushed on the context stack. This newed
4134 // instance is the reason that AstContext can't be BASE_EMBEDDED.
4135 test_context_ = new TestContext(owner, cond, if_true, if_false);
4136 } else {
4137 function_return_ = owner->graph()->CreateBasicBlock();
4138 function_return()->MarkAsInlineReturnTarget(owner->current_block());
4139 }
4140 // Set this after possibly allocating a new TestContext above.
4141 call_context_ = owner->ast_context();
4142 }
4143
4144 // Push on the state stack.
4145 owner->set_function_state(this);
4146
4147 if (compilation_info_->is_tracking_positions()) {
4148 outer_source_position_ = owner->source_position();
4149 owner->EnterInlinedSource(
4150 info->shared_info()->start_position(),
4151 inlining_id);
4152 owner->SetSourcePosition(info->shared_info()->start_position());
4153 }
4154 }
4155
4156
4157 FunctionState::~FunctionState() {
4158 delete test_context_;
4159 owner_->set_function_state(outer_);
4160
4161 if (compilation_info_->is_tracking_positions()) {
4162 owner_->set_source_position(outer_source_position_);
4163 owner_->EnterInlinedSource(
4164 outer_->compilation_info()->shared_info()->start_position(),
4165 outer_->inlining_id());
4166 }
4167 }
4168
4169
4170 // Implementation of utility classes to represent an expression's context in
4171 // the AST.
4172 AstContext::AstContext(HOptimizedGraphBuilder* owner, Expression::Context kind)
4173 : owner_(owner),
4174 kind_(kind),
4175 outer_(owner->ast_context()),
4176 typeof_mode_(NOT_INSIDE_TYPEOF) {
4177 owner->set_ast_context(this); // Push.
4178 #ifdef DEBUG
4179 DCHECK(owner->environment()->frame_type() == JS_FUNCTION);
4180 original_length_ = owner->environment()->length();
4181 #endif
4182 }
4183
4184
4185 AstContext::~AstContext() {
4186 owner_->set_ast_context(outer_); // Pop.
4187 }
4188
4189
4190 EffectContext::~EffectContext() {
4191 DCHECK(owner()->HasStackOverflow() ||
4192 owner()->current_block() == NULL ||
4193 (owner()->environment()->length() == original_length_ &&
4194 owner()->environment()->frame_type() == JS_FUNCTION));
4195 }
4196
4197
4198 ValueContext::~ValueContext() {
4199 DCHECK(owner()->HasStackOverflow() ||
4200 owner()->current_block() == NULL ||
4201 (owner()->environment()->length() == original_length_ + 1 &&
4202 owner()->environment()->frame_type() == JS_FUNCTION));
4203 }
4204
4205
4206 void EffectContext::ReturnValue(HValue* value) {
4207 // The value is simply ignored.
4208 }
4209
4210
4211 void ValueContext::ReturnValue(HValue* value) {
4212 // The value is tracked in the bailout environment, and communicated
4213 // through the environment as the result of the expression.
4214 if (value->CheckFlag(HValue::kIsArguments)) {
4215 if (flag_ == ARGUMENTS_FAKED) {
4216 value = owner()->graph()->GetConstantUndefined();
4217 } else if (!arguments_allowed()) {
4218 owner()->Bailout(kBadValueContextForArgumentsValue);
4219 }
4220 }
4221 owner()->Push(value);
4222 }
4223
4224
4225 void TestContext::ReturnValue(HValue* value) {
4226 BuildBranch(value);
4227 }
4228
4229
4230 void EffectContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4231 DCHECK(!instr->IsControlInstruction());
4232 owner()->AddInstruction(instr);
4233 if (instr->HasObservableSideEffects()) {
4234 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4235 }
4236 }
4237
4238
4239 void EffectContext::ReturnControl(HControlInstruction* instr,
4240 BailoutId ast_id) {
4241 DCHECK(!instr->HasObservableSideEffects());
4242 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4243 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4244 instr->SetSuccessorAt(0, empty_true);
4245 instr->SetSuccessorAt(1, empty_false);
4246 owner()->FinishCurrentBlock(instr);
4247 HBasicBlock* join = owner()->CreateJoin(empty_true, empty_false, ast_id);
4248 owner()->set_current_block(join);
4249 }
4250
4251
4252 void EffectContext::ReturnContinuation(HIfContinuation* continuation,
4253 BailoutId ast_id) {
4254 HBasicBlock* true_branch = NULL;
4255 HBasicBlock* false_branch = NULL;
4256 continuation->Continue(&true_branch, &false_branch);
4257 if (!continuation->IsTrueReachable()) {
4258 owner()->set_current_block(false_branch);
4259 } else if (!continuation->IsFalseReachable()) {
4260 owner()->set_current_block(true_branch);
4261 } else {
4262 HBasicBlock* join = owner()->CreateJoin(true_branch, false_branch, ast_id);
4263 owner()->set_current_block(join);
4264 }
4265 }
4266
4267
4268 void ValueContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4269 DCHECK(!instr->IsControlInstruction());
4270 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4271 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4272 }
4273 owner()->AddInstruction(instr);
4274 owner()->Push(instr);
4275 if (instr->HasObservableSideEffects()) {
4276 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4277 }
4278 }
4279
4280
4281 void ValueContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4282 DCHECK(!instr->HasObservableSideEffects());
4283 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4284 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4285 }
4286 HBasicBlock* materialize_false = owner()->graph()->CreateBasicBlock();
4287 HBasicBlock* materialize_true = owner()->graph()->CreateBasicBlock();
4288 instr->SetSuccessorAt(0, materialize_true);
4289 instr->SetSuccessorAt(1, materialize_false);
4290 owner()->FinishCurrentBlock(instr);
4291 owner()->set_current_block(materialize_true);
4292 owner()->Push(owner()->graph()->GetConstantTrue());
4293 owner()->set_current_block(materialize_false);
4294 owner()->Push(owner()->graph()->GetConstantFalse());
4295 HBasicBlock* join =
4296 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4297 owner()->set_current_block(join);
4298 }
4299
4300
4301 void ValueContext::ReturnContinuation(HIfContinuation* continuation,
4302 BailoutId ast_id) {
4303 HBasicBlock* materialize_true = NULL;
4304 HBasicBlock* materialize_false = NULL;
4305 continuation->Continue(&materialize_true, &materialize_false);
4306 if (continuation->IsTrueReachable()) {
4307 owner()->set_current_block(materialize_true);
4308 owner()->Push(owner()->graph()->GetConstantTrue());
4309 owner()->set_current_block(materialize_true);
4310 }
4311 if (continuation->IsFalseReachable()) {
4312 owner()->set_current_block(materialize_false);
4313 owner()->Push(owner()->graph()->GetConstantFalse());
4314 owner()->set_current_block(materialize_false);
4315 }
4316 if (continuation->TrueAndFalseReachable()) {
4317 HBasicBlock* join =
4318 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4319 owner()->set_current_block(join);
4320 }
4321 }
4322
4323
4324 void TestContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4325 DCHECK(!instr->IsControlInstruction());
4326 HOptimizedGraphBuilder* builder = owner();
4327 builder->AddInstruction(instr);
4328 // We expect a simulate after every expression with side effects, though
4329 // this one isn't actually needed (and wouldn't work if it were targeted).
4330 if (instr->HasObservableSideEffects()) {
4331 builder->Push(instr);
4332 builder->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4333 builder->Pop();
4334 }
4335 BuildBranch(instr);
4336 }
4337
4338
4339 void TestContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4340 DCHECK(!instr->HasObservableSideEffects());
4341 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4342 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4343 instr->SetSuccessorAt(0, empty_true);
4344 instr->SetSuccessorAt(1, empty_false);
4345 owner()->FinishCurrentBlock(instr);
4346 owner()->Goto(empty_true, if_true(), owner()->function_state());
4347 owner()->Goto(empty_false, if_false(), owner()->function_state());
4348 owner()->set_current_block(NULL);
4349 }
4350
4351
4352 void TestContext::ReturnContinuation(HIfContinuation* continuation,
4353 BailoutId ast_id) {
4354 HBasicBlock* true_branch = NULL;
4355 HBasicBlock* false_branch = NULL;
4356 continuation->Continue(&true_branch, &false_branch);
4357 if (continuation->IsTrueReachable()) {
4358 owner()->Goto(true_branch, if_true(), owner()->function_state());
4359 }
4360 if (continuation->IsFalseReachable()) {
4361 owner()->Goto(false_branch, if_false(), owner()->function_state());
4362 }
4363 owner()->set_current_block(NULL);
4364 }
4365
4366
4367 void TestContext::BuildBranch(HValue* value) {
4368 // We expect the graph to be in edge-split form: there is no edge that
4369 // connects a branch node to a join node. We conservatively ensure that
4370 // property by always adding an empty block on the outgoing edges of this
4371 // branch.
4372 HOptimizedGraphBuilder* builder = owner();
4373 if (value != NULL && value->CheckFlag(HValue::kIsArguments)) {
4374 builder->Bailout(kArgumentsObjectValueInATestContext);
4375 }
4376 ToBooleanStub::Types expected(condition()->to_boolean_types());
4377 ReturnControl(owner()->New<HBranch>(value, expected), BailoutId::None());
4378 }
4379
4380
4381 // HOptimizedGraphBuilder infrastructure for bailing out and checking bailouts.
4382 #define CHECK_BAILOUT(call) \
4383 do { \
4384 call; \
4385 if (HasStackOverflow()) return; \
4386 } while (false)
4387
4388
4389 #define CHECK_ALIVE(call) \
4390 do { \
4391 call; \
4392 if (HasStackOverflow() || current_block() == NULL) return; \
4393 } while (false)
4394
4395
4396 #define CHECK_ALIVE_OR_RETURN(call, value) \
4397 do { \
4398 call; \
4399 if (HasStackOverflow() || current_block() == NULL) return value; \
4400 } while (false)
4401
4402
4403 void HOptimizedGraphBuilder::Bailout(BailoutReason reason) {
4404 current_info()->AbortOptimization(reason);
4405 SetStackOverflow();
4406 }
4407
4408
4409 void HOptimizedGraphBuilder::VisitForEffect(Expression* expr) {
4410 EffectContext for_effect(this);
4411 Visit(expr);
4412 }
4413
4414
4415 void HOptimizedGraphBuilder::VisitForValue(Expression* expr,
4416 ArgumentsAllowedFlag flag) {
4417 ValueContext for_value(this, flag);
4418 Visit(expr);
4419 }
4420
4421
4422 void HOptimizedGraphBuilder::VisitForTypeOf(Expression* expr) {
4423 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
4424 for_value.set_typeof_mode(INSIDE_TYPEOF);
4425 Visit(expr);
4426 }
4427
4428
4429 void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
4430 HBasicBlock* true_block,
4431 HBasicBlock* false_block) {
4432 TestContext for_test(this, expr, true_block, false_block);
4433 Visit(expr);
4434 }
4435
4436
4437 void HOptimizedGraphBuilder::VisitExpressions(
4438 ZoneList<Expression*>* exprs) {
4439 for (int i = 0; i < exprs->length(); ++i) {
4440 CHECK_ALIVE(VisitForValue(exprs->at(i)));
4441 }
4442 }
4443
4444
4445 void HOptimizedGraphBuilder::VisitExpressions(ZoneList<Expression*>* exprs,
4446 ArgumentsAllowedFlag flag) {
4447 for (int i = 0; i < exprs->length(); ++i) {
4448 CHECK_ALIVE(VisitForValue(exprs->at(i), flag));
4449 }
4450 }
4451
4452
4453 bool HOptimizedGraphBuilder::BuildGraph() {
4454 if (IsSubclassConstructor(current_info()->literal()->kind())) {
4455 Bailout(kSuperReference);
4456 return false;
4457 }
4458
4459 Scope* scope = current_info()->scope();
4460 SetUpScope(scope);
4461
4462 // Add an edge to the body entry. This is warty: the graph's start
4463 // environment will be used by the Lithium translation as the initial
4464 // environment on graph entry, but it has now been mutated by the
4465 // Hydrogen translation of the instructions in the start block. This
4466 // environment uses values which have not been defined yet. These
4467 // Hydrogen instructions will then be replayed by the Lithium
4468 // translation, so they cannot have an environment effect. The edge to
4469 // the body's entry block (along with some special logic for the start
4470 // block in HInstruction::InsertAfter) seals the start block from
4471 // getting unwanted instructions inserted.
4472 //
4473 // TODO(kmillikin): Fix this. Stop mutating the initial environment.
4474 // Make the Hydrogen instructions in the initial block into Hydrogen
4475 // values (but not instructions), present in the initial environment and
4476 // not replayed by the Lithium translation.
4477 HEnvironment* initial_env = environment()->CopyWithoutHistory();
4478 HBasicBlock* body_entry = CreateBasicBlock(initial_env);
4479 Goto(body_entry);
4480 body_entry->SetJoinId(BailoutId::FunctionEntry());
4481 set_current_block(body_entry);
4482
4483 VisitDeclarations(scope->declarations());
4484 Add<HSimulate>(BailoutId::Declarations());
4485
4486 Add<HStackCheck>(HStackCheck::kFunctionEntry);
4487
4488 VisitStatements(current_info()->literal()->body());
4489 if (HasStackOverflow()) return false;
4490
4491 if (current_block() != NULL) {
4492 Add<HReturn>(graph()->GetConstantUndefined());
4493 set_current_block(NULL);
4494 }
4495
4496 // If the checksum of the number of type info changes is the same as the
4497 // last time this function was compiled, then this recompile is likely not
4498 // due to missing/inadequate type feedback, but rather too aggressive
4499 // optimization. Disable optimistic LICM in that case.
4500 Handle<Code> unoptimized_code(current_info()->shared_info()->code());
4501 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
4502 Handle<TypeFeedbackInfo> type_info(
4503 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
4504 int checksum = type_info->own_type_change_checksum();
4505 int composite_checksum = graph()->update_type_change_checksum(checksum);
4506 graph()->set_use_optimistic_licm(
4507 !type_info->matches_inlined_type_change_checksum(composite_checksum));
4508 type_info->set_inlined_type_change_checksum(composite_checksum);
4509
4510 // Perform any necessary OSR-specific cleanups or changes to the graph.
4511 osr()->FinishGraph();
4512
4513 return true;
4514 }
4515
4516
4517 bool HGraph::Optimize(BailoutReason* bailout_reason) {
4518 OrderBlocks();
4519 AssignDominators();
4520
4521 // We need to create a HConstant "zero" now so that GVN will fold every
4522 // zero-valued constant in the graph together.
4523 // The constant is needed to make idef-based bounds check work: the pass
4524 // evaluates relations with "zero" and that zero cannot be created after GVN.
4525 GetConstant0();
4526
4527 #ifdef DEBUG
4528 // Do a full verify after building the graph and computing dominators.
4529 Verify(true);
4530 #endif
4531
4532 if (FLAG_analyze_environment_liveness && maximum_environment_size() != 0) {
4533 Run<HEnvironmentLivenessAnalysisPhase>();
4534 }
4535
4536 if (!CheckConstPhiUses()) {
4537 *bailout_reason = kUnsupportedPhiUseOfConstVariable;
4538 return false;
4539 }
4540 Run<HRedundantPhiEliminationPhase>();
4541 if (!CheckArgumentsPhiUses()) {
4542 *bailout_reason = kUnsupportedPhiUseOfArguments;
4543 return false;
4544 }
4545
4546 // Find and mark unreachable code to simplify optimizations, especially gvn,
4547 // where unreachable code could unnecessarily defeat LICM.
4548 Run<HMarkUnreachableBlocksPhase>();
4549
4550 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4551 if (FLAG_use_escape_analysis) Run<HEscapeAnalysisPhase>();
4552
4553 if (FLAG_load_elimination) Run<HLoadEliminationPhase>();
4554
4555 CollectPhis();
4556
4557 if (has_osr()) osr()->FinishOsrValues();
4558
4559 Run<HInferRepresentationPhase>();
4560
4561 // Remove HSimulate instructions that have turned out not to be needed
4562 // after all by folding them into the following HSimulate.
4563 // This must happen after inferring representations.
4564 Run<HMergeRemovableSimulatesPhase>();
4565
4566 Run<HMarkDeoptimizeOnUndefinedPhase>();
4567 Run<HRepresentationChangesPhase>();
4568
4569 Run<HInferTypesPhase>();
4570
4571 // Must be performed before canonicalization to ensure that Canonicalize
4572 // will not remove semantically meaningful ToInt32 operations e.g. BIT_OR with
4573 // zero.
4574 Run<HUint32AnalysisPhase>();
4575
4576 if (FLAG_use_canonicalizing) Run<HCanonicalizePhase>();
4577
4578 if (FLAG_use_gvn) Run<HGlobalValueNumberingPhase>();
4579
4580 if (FLAG_check_elimination) Run<HCheckEliminationPhase>();
4581
4582 if (FLAG_store_elimination) Run<HStoreEliminationPhase>();
4583
4584 Run<HRangeAnalysisPhase>();
4585
4586 Run<HComputeChangeUndefinedToNaN>();
4587
4588 // Eliminate redundant stack checks on backwards branches.
4589 Run<HStackCheckEliminationPhase>();
4590
4591 if (FLAG_array_bounds_checks_elimination) Run<HBoundsCheckEliminationPhase>();
4592 if (FLAG_array_bounds_checks_hoisting) Run<HBoundsCheckHoistingPhase>();
4593 if (FLAG_array_index_dehoisting) Run<HDehoistIndexComputationsPhase>();
4594 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4595
4596 RestoreActualValues();
4597
4598 // Find unreachable code a second time, GVN and other optimizations may have
4599 // made blocks unreachable that were previously reachable.
4600 Run<HMarkUnreachableBlocksPhase>();
4601
4602 return true;
4603 }
4604
4605
4606 void HGraph::RestoreActualValues() {
4607 HPhase phase("H_Restore actual values", this);
4608
4609 for (int block_index = 0; block_index < blocks()->length(); block_index++) {
4610 HBasicBlock* block = blocks()->at(block_index);
4611
4612 #ifdef DEBUG
4613 for (int i = 0; i < block->phis()->length(); i++) {
4614 HPhi* phi = block->phis()->at(i);
4615 DCHECK(phi->ActualValue() == phi);
4616 }
4617 #endif
4618
4619 for (HInstructionIterator it(block); !it.Done(); it.Advance()) {
4620 HInstruction* instruction = it.Current();
4621 if (instruction->ActualValue() == instruction) continue;
4622 if (instruction->CheckFlag(HValue::kIsDead)) {
4623 // The instruction was marked as deleted but left in the graph
4624 // as a control flow dependency point for subsequent
4625 // instructions.
4626 instruction->DeleteAndReplaceWith(instruction->ActualValue());
4627 } else {
4628 DCHECK(instruction->IsInformativeDefinition());
4629 if (instruction->IsPurelyInformativeDefinition()) {
4630 instruction->DeleteAndReplaceWith(instruction->RedefinedOperand());
4631 } else {
4632 instruction->ReplaceAllUsesWith(instruction->ActualValue());
4633 }
4634 }
4635 }
4636 }
4637 }
4638
4639
4640 void HOptimizedGraphBuilder::PushArgumentsFromEnvironment(int count) {
4641 ZoneList<HValue*> arguments(count, zone());
4642 for (int i = 0; i < count; ++i) {
4643 arguments.Add(Pop(), zone());
4644 }
4645
4646 HPushArguments* push_args = New<HPushArguments>();
4647 while (!arguments.is_empty()) {
4648 push_args->AddInput(arguments.RemoveLast());
4649 }
4650 AddInstruction(push_args);
4651 }
4652
4653
4654 template <class Instruction>
4655 HInstruction* HOptimizedGraphBuilder::PreProcessCall(Instruction* call) {
4656 PushArgumentsFromEnvironment(call->argument_count());
4657 return call;
4658 }
4659
4660
4661 void HOptimizedGraphBuilder::SetUpScope(Scope* scope) {
4662 HEnvironment* prolog_env = environment();
4663 int parameter_count = environment()->parameter_count();
4664 ZoneList<HValue*> parameters(parameter_count, zone());
4665 for (int i = 0; i < parameter_count; ++i) {
4666 HInstruction* parameter = Add<HParameter>(static_cast<unsigned>(i));
4667 parameters.Add(parameter, zone());
4668 environment()->Bind(i, parameter);
4669 }
4670
4671 HConstant* undefined_constant = graph()->GetConstantUndefined();
4672 // Initialize specials and locals to undefined.
4673 for (int i = parameter_count + 1; i < environment()->length(); ++i) {
4674 environment()->Bind(i, undefined_constant);
4675 }
4676 Add<HPrologue>();
4677
4678 HEnvironment* initial_env = environment()->CopyWithoutHistory();
4679 HBasicBlock* body_entry = CreateBasicBlock(initial_env);
4680 GotoNoSimulate(body_entry);
4681 set_current_block(body_entry);
4682
4683 // Initialize context of prolog environment to undefined.
4684 prolog_env->BindContext(undefined_constant);
4685
4686 // First special is HContext.
4687 HInstruction* context = Add<HContext>();
4688 environment()->BindContext(context);
4689
4690 // Create an arguments object containing the initial parameters. Set the
4691 // initial values of parameters including "this" having parameter index 0.
4692 DCHECK_EQ(scope->num_parameters() + 1, parameter_count);
4693 HArgumentsObject* arguments_object = New<HArgumentsObject>(parameter_count);
4694 for (int i = 0; i < parameter_count; ++i) {
4695 HValue* parameter = parameters.at(i);
4696 arguments_object->AddArgument(parameter, zone());
4697 }
4698
4699 AddInstruction(arguments_object);
4700 graph()->SetArgumentsObject(arguments_object);
4701
4702 // Handle the arguments and arguments shadow variables specially (they do
4703 // not have declarations).
4704 if (scope->arguments() != NULL) {
4705 environment()->Bind(scope->arguments(), graph()->GetArgumentsObject());
4706 }
4707
4708 if (scope->this_function_var() != nullptr ||
4709 scope->new_target_var() != nullptr) {
4710 return Bailout(kSuperReference);
4711 }
4712
4713 // Trace the call.
4714 if (FLAG_trace && top_info()->IsOptimizing()) {
4715 Add<HCallRuntime>(Runtime::FunctionForId(Runtime::kTraceEnter), 0);
4716 }
4717 }
4718
4719
4720 void HOptimizedGraphBuilder::VisitStatements(ZoneList<Statement*>* statements) {
4721 for (int i = 0; i < statements->length(); i++) {
4722 Statement* stmt = statements->at(i);
4723 CHECK_ALIVE(Visit(stmt));
4724 if (stmt->IsJump()) break;
4725 }
4726 }
4727
4728
4729 void HOptimizedGraphBuilder::VisitBlock(Block* stmt) {
4730 DCHECK(!HasStackOverflow());
4731 DCHECK(current_block() != NULL);
4732 DCHECK(current_block()->HasPredecessor());
4733
4734 Scope* outer_scope = scope();
4735 Scope* scope = stmt->scope();
4736 BreakAndContinueInfo break_info(stmt, outer_scope);
4737
4738 { BreakAndContinueScope push(&break_info, this);
4739 if (scope != NULL) {
4740 if (scope->NeedsContext()) {
4741 // Load the function object.
4742 Scope* declaration_scope = scope->DeclarationScope();
4743 HInstruction* function;
4744 HValue* outer_context = environment()->context();
4745 if (declaration_scope->is_script_scope() ||
4746 declaration_scope->is_eval_scope()) {
4747 function = new (zone())
4748 HLoadContextSlot(outer_context, Context::CLOSURE_INDEX,
4749 HLoadContextSlot::kNoCheck);
4750 } else {
4751 function = New<HThisFunction>();
4752 }
4753 AddInstruction(function);
4754 // Allocate a block context and store it to the stack frame.
4755 HInstruction* inner_context = Add<HAllocateBlockContext>(
4756 outer_context, function, scope->GetScopeInfo(isolate()));
4757 HInstruction* instr = Add<HStoreFrameContext>(inner_context);
4758 set_scope(scope);
4759 environment()->BindContext(inner_context);
4760 if (instr->HasObservableSideEffects()) {
4761 AddSimulate(stmt->EntryId(), REMOVABLE_SIMULATE);
4762 }
4763 }
4764 VisitDeclarations(scope->declarations());
4765 AddSimulate(stmt->DeclsId(), REMOVABLE_SIMULATE);
4766 }
4767 CHECK_BAILOUT(VisitStatements(stmt->statements()));
4768 }
4769 set_scope(outer_scope);
4770 if (scope != NULL && current_block() != NULL &&
4771 scope->ContextLocalCount() > 0) {
4772 HValue* inner_context = environment()->context();
4773 HValue* outer_context = Add<HLoadNamedField>(
4774 inner_context, nullptr,
4775 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4776
4777 HInstruction* instr = Add<HStoreFrameContext>(outer_context);
4778 environment()->BindContext(outer_context);
4779 if (instr->HasObservableSideEffects()) {
4780 AddSimulate(stmt->ExitId(), REMOVABLE_SIMULATE);
4781 }
4782 }
4783 HBasicBlock* break_block = break_info.break_block();
4784 if (break_block != NULL) {
4785 if (current_block() != NULL) Goto(break_block);
4786 break_block->SetJoinId(stmt->ExitId());
4787 set_current_block(break_block);
4788 }
4789 }
4790
4791
4792 void HOptimizedGraphBuilder::VisitExpressionStatement(
4793 ExpressionStatement* stmt) {
4794 DCHECK(!HasStackOverflow());
4795 DCHECK(current_block() != NULL);
4796 DCHECK(current_block()->HasPredecessor());
4797 VisitForEffect(stmt->expression());
4798 }
4799
4800
4801 void HOptimizedGraphBuilder::VisitEmptyStatement(EmptyStatement* stmt) {
4802 DCHECK(!HasStackOverflow());
4803 DCHECK(current_block() != NULL);
4804 DCHECK(current_block()->HasPredecessor());
4805 }
4806
4807
4808 void HOptimizedGraphBuilder::VisitSloppyBlockFunctionStatement(
4809 SloppyBlockFunctionStatement* stmt) {
4810 Visit(stmt->statement());
4811 }
4812
4813
4814 void HOptimizedGraphBuilder::VisitIfStatement(IfStatement* stmt) {
4815 DCHECK(!HasStackOverflow());
4816 DCHECK(current_block() != NULL);
4817 DCHECK(current_block()->HasPredecessor());
4818 if (stmt->condition()->ToBooleanIsTrue()) {
4819 Add<HSimulate>(stmt->ThenId());
4820 Visit(stmt->then_statement());
4821 } else if (stmt->condition()->ToBooleanIsFalse()) {
4822 Add<HSimulate>(stmt->ElseId());
4823 Visit(stmt->else_statement());
4824 } else {
4825 HBasicBlock* cond_true = graph()->CreateBasicBlock();
4826 HBasicBlock* cond_false = graph()->CreateBasicBlock();
4827 CHECK_BAILOUT(VisitForControl(stmt->condition(), cond_true, cond_false));
4828
4829 if (cond_true->HasPredecessor()) {
4830 cond_true->SetJoinId(stmt->ThenId());
4831 set_current_block(cond_true);
4832 CHECK_BAILOUT(Visit(stmt->then_statement()));
4833 cond_true = current_block();
4834 } else {
4835 cond_true = NULL;
4836 }
4837
4838 if (cond_false->HasPredecessor()) {
4839 cond_false->SetJoinId(stmt->ElseId());
4840 set_current_block(cond_false);
4841 CHECK_BAILOUT(Visit(stmt->else_statement()));
4842 cond_false = current_block();
4843 } else {
4844 cond_false = NULL;
4845 }
4846
4847 HBasicBlock* join = CreateJoin(cond_true, cond_false, stmt->IfId());
4848 set_current_block(join);
4849 }
4850 }
4851
4852
4853 HBasicBlock* HOptimizedGraphBuilder::BreakAndContinueScope::Get(
4854 BreakableStatement* stmt,
4855 BreakType type,
4856 Scope** scope,
4857 int* drop_extra) {
4858 *drop_extra = 0;
4859 BreakAndContinueScope* current = this;
4860 while (current != NULL && current->info()->target() != stmt) {
4861 *drop_extra += current->info()->drop_extra();
4862 current = current->next();
4863 }
4864 DCHECK(current != NULL); // Always found (unless stack is malformed).
4865 *scope = current->info()->scope();
4866
4867 if (type == BREAK) {
4868 *drop_extra += current->info()->drop_extra();
4869 }
4870
4871 HBasicBlock* block = NULL;
4872 switch (type) {
4873 case BREAK:
4874 block = current->info()->break_block();
4875 if (block == NULL) {
4876 block = current->owner()->graph()->CreateBasicBlock();
4877 current->info()->set_break_block(block);
4878 }
4879 break;
4880
4881 case CONTINUE:
4882 block = current->info()->continue_block();
4883 if (block == NULL) {
4884 block = current->owner()->graph()->CreateBasicBlock();
4885 current->info()->set_continue_block(block);
4886 }
4887 break;
4888 }
4889
4890 return block;
4891 }
4892
4893
4894 void HOptimizedGraphBuilder::VisitContinueStatement(
4895 ContinueStatement* stmt) {
4896 DCHECK(!HasStackOverflow());
4897 DCHECK(current_block() != NULL);
4898 DCHECK(current_block()->HasPredecessor());
4899 Scope* outer_scope = NULL;
4900 Scope* inner_scope = scope();
4901 int drop_extra = 0;
4902 HBasicBlock* continue_block = break_scope()->Get(
4903 stmt->target(), BreakAndContinueScope::CONTINUE,
4904 &outer_scope, &drop_extra);
4905 HValue* context = environment()->context();
4906 Drop(drop_extra);
4907 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4908 if (context_pop_count > 0) {
4909 while (context_pop_count-- > 0) {
4910 HInstruction* context_instruction = Add<HLoadNamedField>(
4911 context, nullptr,
4912 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4913 context = context_instruction;
4914 }
4915 HInstruction* instr = Add<HStoreFrameContext>(context);
4916 if (instr->HasObservableSideEffects()) {
4917 AddSimulate(stmt->target()->EntryId(), REMOVABLE_SIMULATE);
4918 }
4919 environment()->BindContext(context);
4920 }
4921
4922 Goto(continue_block);
4923 set_current_block(NULL);
4924 }
4925
4926
4927 void HOptimizedGraphBuilder::VisitBreakStatement(BreakStatement* stmt) {
4928 DCHECK(!HasStackOverflow());
4929 DCHECK(current_block() != NULL);
4930 DCHECK(current_block()->HasPredecessor());
4931 Scope* outer_scope = NULL;
4932 Scope* inner_scope = scope();
4933 int drop_extra = 0;
4934 HBasicBlock* break_block = break_scope()->Get(
4935 stmt->target(), BreakAndContinueScope::BREAK,
4936 &outer_scope, &drop_extra);
4937 HValue* context = environment()->context();
4938 Drop(drop_extra);
4939 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4940 if (context_pop_count > 0) {
4941 while (context_pop_count-- > 0) {
4942 HInstruction* context_instruction = Add<HLoadNamedField>(
4943 context, nullptr,
4944 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4945 context = context_instruction;
4946 }
4947 HInstruction* instr = Add<HStoreFrameContext>(context);
4948 if (instr->HasObservableSideEffects()) {
4949 AddSimulate(stmt->target()->ExitId(), REMOVABLE_SIMULATE);
4950 }
4951 environment()->BindContext(context);
4952 }
4953 Goto(break_block);
4954 set_current_block(NULL);
4955 }
4956
4957
4958 void HOptimizedGraphBuilder::VisitReturnStatement(ReturnStatement* stmt) {
4959 DCHECK(!HasStackOverflow());
4960 DCHECK(current_block() != NULL);
4961 DCHECK(current_block()->HasPredecessor());
4962 FunctionState* state = function_state();
4963 AstContext* context = call_context();
4964 if (context == NULL) {
4965 // Not an inlined return, so an actual one.
4966 CHECK_ALIVE(VisitForValue(stmt->expression()));
4967 HValue* result = environment()->Pop();
4968 Add<HReturn>(result);
4969 } else if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
4970 // Return from an inlined construct call. In a test context the return value
4971 // will always evaluate to true, in a value context the return value needs
4972 // to be a JSObject.
4973 if (context->IsTest()) {
4974 TestContext* test = TestContext::cast(context);
4975 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4976 Goto(test->if_true(), state);
4977 } else if (context->IsEffect()) {
4978 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4979 Goto(function_return(), state);
4980 } else {
4981 DCHECK(context->IsValue());
4982 CHECK_ALIVE(VisitForValue(stmt->expression()));
4983 HValue* return_value = Pop();
4984 HValue* receiver = environment()->arguments_environment()->Lookup(0);
4985 HHasInstanceTypeAndBranch* typecheck =
4986 New<HHasInstanceTypeAndBranch>(return_value,
4987 FIRST_SPEC_OBJECT_TYPE,
4988 LAST_SPEC_OBJECT_TYPE);
4989 HBasicBlock* if_spec_object = graph()->CreateBasicBlock();
4990 HBasicBlock* not_spec_object = graph()->CreateBasicBlock();
4991 typecheck->SetSuccessorAt(0, if_spec_object);
4992 typecheck->SetSuccessorAt(1, not_spec_object);
4993 FinishCurrentBlock(typecheck);
4994 AddLeaveInlined(if_spec_object, return_value, state);
4995 AddLeaveInlined(not_spec_object, receiver, state);
4996 }
4997 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
4998 // Return from an inlined setter call. The returned value is never used, the
4999 // value of an assignment is always the value of the RHS of the assignment.
5000 CHECK_ALIVE(VisitForEffect(stmt->expression()));
5001 if (context->IsTest()) {
5002 HValue* rhs = environment()->arguments_environment()->Lookup(1);
5003 context->ReturnValue(rhs);
5004 } else if (context->IsEffect()) {
5005 Goto(function_return(), state);
5006 } else {
5007 DCHECK(context->IsValue());
5008 HValue* rhs = environment()->arguments_environment()->Lookup(1);
5009 AddLeaveInlined(rhs, state);
5010 }
5011 } else {
5012 // Return from a normal inlined function. Visit the subexpression in the
5013 // expression context of the call.
5014 if (context->IsTest()) {
5015 TestContext* test = TestContext::cast(context);
5016 VisitForControl(stmt->expression(), test->if_true(), test->if_false());
5017 } else if (context->IsEffect()) {
5018 // Visit in value context and ignore the result. This is needed to keep
5019 // environment in sync with full-codegen since some visitors (e.g.
5020 // VisitCountOperation) use the operand stack differently depending on
5021 // context.
5022 CHECK_ALIVE(VisitForValue(stmt->expression()));
5023 Pop();
5024 Goto(function_return(), state);
5025 } else {
5026 DCHECK(context->IsValue());
5027 CHECK_ALIVE(VisitForValue(stmt->expression()));
5028 AddLeaveInlined(Pop(), state);
5029 }
5030 }
5031 set_current_block(NULL);
5032 }
5033
5034
5035 void HOptimizedGraphBuilder::VisitWithStatement(WithStatement* stmt) {
5036 DCHECK(!HasStackOverflow());
5037 DCHECK(current_block() != NULL);
5038 DCHECK(current_block()->HasPredecessor());
5039 return Bailout(kWithStatement);
5040 }
5041
5042
5043 void HOptimizedGraphBuilder::VisitSwitchStatement(SwitchStatement* stmt) {
5044 DCHECK(!HasStackOverflow());
5045 DCHECK(current_block() != NULL);
5046 DCHECK(current_block()->HasPredecessor());
5047
5048 ZoneList<CaseClause*>* clauses = stmt->cases();
5049 int clause_count = clauses->length();
5050 ZoneList<HBasicBlock*> body_blocks(clause_count, zone());
5051
5052 CHECK_ALIVE(VisitForValue(stmt->tag()));
5053 Add<HSimulate>(stmt->EntryId());
5054 HValue* tag_value = Top();
5055 Type* tag_type = stmt->tag()->bounds().lower;
5056
5057 // 1. Build all the tests, with dangling true branches
5058 BailoutId default_id = BailoutId::None();
5059 for (int i = 0; i < clause_count; ++i) {
5060 CaseClause* clause = clauses->at(i);
5061 if (clause->is_default()) {
5062 body_blocks.Add(NULL, zone());
5063 if (default_id.IsNone()) default_id = clause->EntryId();
5064 continue;
5065 }
5066
5067 // Generate a compare and branch.
5068 CHECK_ALIVE(VisitForValue(clause->label()));
5069 HValue* label_value = Pop();
5070
5071 Type* label_type = clause->label()->bounds().lower;
5072 Type* combined_type = clause->compare_type();
5073 HControlInstruction* compare = BuildCompareInstruction(
5074 Token::EQ_STRICT, tag_value, label_value, tag_type, label_type,
5075 combined_type,
5076 ScriptPositionToSourcePosition(stmt->tag()->position()),
5077 ScriptPositionToSourcePosition(clause->label()->position()),
5078 PUSH_BEFORE_SIMULATE, clause->id());
5079
5080 HBasicBlock* next_test_block = graph()->CreateBasicBlock();
5081 HBasicBlock* body_block = graph()->CreateBasicBlock();
5082 body_blocks.Add(body_block, zone());
5083 compare->SetSuccessorAt(0, body_block);
5084 compare->SetSuccessorAt(1, next_test_block);
5085 FinishCurrentBlock(compare);
5086
5087 set_current_block(body_block);
5088 Drop(1); // tag_value
5089
5090 set_current_block(next_test_block);
5091 }
5092
5093 // Save the current block to use for the default or to join with the
5094 // exit.
5095 HBasicBlock* last_block = current_block();
5096 Drop(1); // tag_value
5097
5098 // 2. Loop over the clauses and the linked list of tests in lockstep,
5099 // translating the clause bodies.
5100 HBasicBlock* fall_through_block = NULL;
5101
5102 BreakAndContinueInfo break_info(stmt, scope());
5103 { BreakAndContinueScope push(&break_info, this);
5104 for (int i = 0; i < clause_count; ++i) {
5105 CaseClause* clause = clauses->at(i);
5106
5107 // Identify the block where normal (non-fall-through) control flow
5108 // goes to.
5109 HBasicBlock* normal_block = NULL;
5110 if (clause->is_default()) {
5111 if (last_block == NULL) continue;
5112 normal_block = last_block;
5113 last_block = NULL; // Cleared to indicate we've handled it.
5114 } else {
5115 normal_block = body_blocks[i];
5116 }
5117
5118 if (fall_through_block == NULL) {
5119 set_current_block(normal_block);
5120 } else {
5121 HBasicBlock* join = CreateJoin(fall_through_block,
5122 normal_block,
5123 clause->EntryId());
5124 set_current_block(join);
5125 }
5126
5127 CHECK_BAILOUT(VisitStatements(clause->statements()));
5128 fall_through_block = current_block();
5129 }
5130 }
5131
5132 // Create an up-to-3-way join. Use the break block if it exists since
5133 // it's already a join block.
5134 HBasicBlock* break_block = break_info.break_block();
5135 if (break_block == NULL) {
5136 set_current_block(CreateJoin(fall_through_block,
5137 last_block,
5138 stmt->ExitId()));
5139 } else {
5140 if (fall_through_block != NULL) Goto(fall_through_block, break_block);
5141 if (last_block != NULL) Goto(last_block, break_block);
5142 break_block->SetJoinId(stmt->ExitId());
5143 set_current_block(break_block);
5144 }
5145 }
5146
5147
5148 void HOptimizedGraphBuilder::VisitLoopBody(IterationStatement* stmt,
5149 HBasicBlock* loop_entry) {
5150 Add<HSimulate>(stmt->StackCheckId());
5151 HStackCheck* stack_check =
5152 HStackCheck::cast(Add<HStackCheck>(HStackCheck::kBackwardsBranch));
5153 DCHECK(loop_entry->IsLoopHeader());
5154 loop_entry->loop_information()->set_stack_check(stack_check);
5155 CHECK_BAILOUT(Visit(stmt->body()));
5156 }
5157
5158
5159 void HOptimizedGraphBuilder::VisitDoWhileStatement(DoWhileStatement* stmt) {
5160 DCHECK(!HasStackOverflow());
5161 DCHECK(current_block() != NULL);
5162 DCHECK(current_block()->HasPredecessor());
5163 DCHECK(current_block() != NULL);
5164 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5165
5166 BreakAndContinueInfo break_info(stmt, scope());
5167 {
5168 BreakAndContinueScope push(&break_info, this);
5169 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5170 }
5171 HBasicBlock* body_exit =
5172 JoinContinue(stmt, current_block(), break_info.continue_block());
5173 HBasicBlock* loop_successor = NULL;
5174 if (body_exit != NULL && !stmt->cond()->ToBooleanIsTrue()) {
5175 set_current_block(body_exit);
5176 loop_successor = graph()->CreateBasicBlock();
5177 if (stmt->cond()->ToBooleanIsFalse()) {
5178 loop_entry->loop_information()->stack_check()->Eliminate();
5179 Goto(loop_successor);
5180 body_exit = NULL;
5181 } else {
5182 // The block for a true condition, the actual predecessor block of the
5183 // back edge.
5184 body_exit = graph()->CreateBasicBlock();
5185 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_exit, loop_successor));
5186 }
5187 if (body_exit != NULL && body_exit->HasPredecessor()) {
5188 body_exit->SetJoinId(stmt->BackEdgeId());
5189 } else {
5190 body_exit = NULL;
5191 }
5192 if (loop_successor->HasPredecessor()) {
5193 loop_successor->SetJoinId(stmt->ExitId());
5194 } else {
5195 loop_successor = NULL;
5196 }
5197 }
5198 HBasicBlock* loop_exit = CreateLoop(stmt,
5199 loop_entry,
5200 body_exit,
5201 loop_successor,
5202 break_info.break_block());
5203 set_current_block(loop_exit);
5204 }
5205
5206
5207 void HOptimizedGraphBuilder::VisitWhileStatement(WhileStatement* stmt) {
5208 DCHECK(!HasStackOverflow());
5209 DCHECK(current_block() != NULL);
5210 DCHECK(current_block()->HasPredecessor());
5211 DCHECK(current_block() != NULL);
5212 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5213
5214 // If the condition is constant true, do not generate a branch.
5215 HBasicBlock* loop_successor = NULL;
5216 if (!stmt->cond()->ToBooleanIsTrue()) {
5217 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5218 loop_successor = graph()->CreateBasicBlock();
5219 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5220 if (body_entry->HasPredecessor()) {
5221 body_entry->SetJoinId(stmt->BodyId());
5222 set_current_block(body_entry);
5223 }
5224 if (loop_successor->HasPredecessor()) {
5225 loop_successor->SetJoinId(stmt->ExitId());
5226 } else {
5227 loop_successor = NULL;
5228 }
5229 }
5230
5231 BreakAndContinueInfo break_info(stmt, scope());
5232 if (current_block() != NULL) {
5233 BreakAndContinueScope push(&break_info, this);
5234 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5235 }
5236 HBasicBlock* body_exit =
5237 JoinContinue(stmt, current_block(), break_info.continue_block());
5238 HBasicBlock* loop_exit = CreateLoop(stmt,
5239 loop_entry,
5240 body_exit,
5241 loop_successor,
5242 break_info.break_block());
5243 set_current_block(loop_exit);
5244 }
5245
5246
5247 void HOptimizedGraphBuilder::VisitForStatement(ForStatement* stmt) {
5248 DCHECK(!HasStackOverflow());
5249 DCHECK(current_block() != NULL);
5250 DCHECK(current_block()->HasPredecessor());
5251 if (stmt->init() != NULL) {
5252 CHECK_ALIVE(Visit(stmt->init()));
5253 }
5254 DCHECK(current_block() != NULL);
5255 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5256
5257 HBasicBlock* loop_successor = NULL;
5258 if (stmt->cond() != NULL) {
5259 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5260 loop_successor = graph()->CreateBasicBlock();
5261 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5262 if (body_entry->HasPredecessor()) {
5263 body_entry->SetJoinId(stmt->BodyId());
5264 set_current_block(body_entry);
5265 }
5266 if (loop_successor->HasPredecessor()) {
5267 loop_successor->SetJoinId(stmt->ExitId());
5268 } else {
5269 loop_successor = NULL;
5270 }
5271 }
5272
5273 BreakAndContinueInfo break_info(stmt, scope());
5274 if (current_block() != NULL) {
5275 BreakAndContinueScope push(&break_info, this);
5276 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5277 }
5278 HBasicBlock* body_exit =
5279 JoinContinue(stmt, current_block(), break_info.continue_block());
5280
5281 if (stmt->next() != NULL && body_exit != NULL) {
5282 set_current_block(body_exit);
5283 CHECK_BAILOUT(Visit(stmt->next()));
5284 body_exit = current_block();
5285 }
5286
5287 HBasicBlock* loop_exit = CreateLoop(stmt,
5288 loop_entry,
5289 body_exit,
5290 loop_successor,
5291 break_info.break_block());
5292 set_current_block(loop_exit);
5293 }
5294
5295
5296 void HOptimizedGraphBuilder::VisitForInStatement(ForInStatement* stmt) {
5297 DCHECK(!HasStackOverflow());
5298 DCHECK(current_block() != NULL);
5299 DCHECK(current_block()->HasPredecessor());
5300
5301 if (!FLAG_optimize_for_in) {
5302 return Bailout(kForInStatementOptimizationIsDisabled);
5303 }
5304
5305 if (!stmt->each()->IsVariableProxy() ||
5306 !stmt->each()->AsVariableProxy()->var()->IsStackLocal()) {
5307 return Bailout(kForInStatementWithNonLocalEachVariable);
5308 }
5309
5310 Variable* each_var = stmt->each()->AsVariableProxy()->var();
5311
5312 CHECK_ALIVE(VisitForValue(stmt->enumerable()));
5313 HValue* enumerable = Top(); // Leave enumerable at the top.
5314
5315 IfBuilder if_undefined_or_null(this);
5316 if_undefined_or_null.If<HCompareObjectEqAndBranch>(
5317 enumerable, graph()->GetConstantUndefined());
5318 if_undefined_or_null.Or();
5319 if_undefined_or_null.If<HCompareObjectEqAndBranch>(
5320 enumerable, graph()->GetConstantNull());
5321 if_undefined_or_null.ThenDeopt(Deoptimizer::kUndefinedOrNullInForIn);
5322 if_undefined_or_null.End();
5323 BuildForInBody(stmt, each_var, enumerable);
5324 }
5325
5326
5327 void HOptimizedGraphBuilder::BuildForInBody(ForInStatement* stmt,
5328 Variable* each_var,
5329 HValue* enumerable) {
5330 HInstruction* map;
5331 HInstruction* array;
5332 HInstruction* enum_length;
5333 bool fast = stmt->for_in_type() == ForInStatement::FAST_FOR_IN;
5334 if (fast) {
5335 map = Add<HForInPrepareMap>(enumerable);
5336 Add<HSimulate>(stmt->PrepareId());
5337
5338 array = Add<HForInCacheArray>(enumerable, map,
5339 DescriptorArray::kEnumCacheBridgeCacheIndex);
5340 enum_length = Add<HMapEnumLength>(map);
5341
5342 HInstruction* index_cache = Add<HForInCacheArray>(
5343 enumerable, map, DescriptorArray::kEnumCacheBridgeIndicesCacheIndex);
5344 HForInCacheArray::cast(array)
5345 ->set_index_cache(HForInCacheArray::cast(index_cache));
5346 } else {
5347 Add<HSimulate>(stmt->PrepareId());
5348 {
5349 NoObservableSideEffectsScope no_effects(this);
5350 BuildJSObjectCheck(enumerable, 0);
5351 }
5352 Add<HSimulate>(stmt->ToObjectId());
5353
5354 map = graph()->GetConstant1();
5355 Runtime::FunctionId function_id = Runtime::kGetPropertyNamesFast;
5356 Add<HPushArguments>(enumerable);
5357 array = Add<HCallRuntime>(Runtime::FunctionForId(function_id), 1);
5358 Push(array);
5359 Add<HSimulate>(stmt->EnumId());
5360 Drop(1);
5361 Handle<Map> array_map = isolate()->factory()->fixed_array_map();
5362 HValue* check = Add<HCheckMaps>(array, array_map);
5363 enum_length = AddLoadFixedArrayLength(array, check);
5364 }
5365
5366 HInstruction* start_index = Add<HConstant>(0);
5367
5368 Push(map);
5369 Push(array);
5370 Push(enum_length);
5371 Push(start_index);
5372
5373 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5374
5375 // Reload the values to ensure we have up-to-date values inside of the loop.
5376 // This is relevant especially for OSR where the values don't come from the
5377 // computation above, but from the OSR entry block.
5378 enumerable = environment()->ExpressionStackAt(4);
5379 HValue* index = environment()->ExpressionStackAt(0);
5380 HValue* limit = environment()->ExpressionStackAt(1);
5381
5382 // Check that we still have more keys.
5383 HCompareNumericAndBranch* compare_index =
5384 New<HCompareNumericAndBranch>(index, limit, Token::LT);
5385 compare_index->set_observed_input_representation(
5386 Representation::Smi(), Representation::Smi());
5387
5388 HBasicBlock* loop_body = graph()->CreateBasicBlock();
5389 HBasicBlock* loop_successor = graph()->CreateBasicBlock();
5390
5391 compare_index->SetSuccessorAt(0, loop_body);
5392 compare_index->SetSuccessorAt(1, loop_successor);
5393 FinishCurrentBlock(compare_index);
5394
5395 set_current_block(loop_successor);
5396 Drop(5);
5397
5398 set_current_block(loop_body);
5399
5400 HValue* key =
5401 Add<HLoadKeyed>(environment()->ExpressionStackAt(2), // Enum cache.
5402 index, index, FAST_ELEMENTS);
5403
5404 if (fast) {
5405 // Check if the expected map still matches that of the enumerable.
5406 // If not just deoptimize.
5407 Add<HCheckMapValue>(enumerable, environment()->ExpressionStackAt(3));
5408 Bind(each_var, key);
5409 } else {
5410 Add<HPushArguments>(enumerable, key);
5411 Runtime::FunctionId function_id = Runtime::kForInFilter;
5412 key = Add<HCallRuntime>(Runtime::FunctionForId(function_id), 2);
5413 Push(key);
5414 Add<HSimulate>(stmt->FilterId());
5415 key = Pop();
5416 Bind(each_var, key);
5417 IfBuilder if_undefined(this);
5418 if_undefined.If<HCompareObjectEqAndBranch>(key,
5419 graph()->GetConstantUndefined());
5420 if_undefined.ThenDeopt(Deoptimizer::kUndefined);
5421 if_undefined.End();
5422 Add<HSimulate>(stmt->AssignmentId());
5423 }
5424
5425 BreakAndContinueInfo break_info(stmt, scope(), 5);
5426 {
5427 BreakAndContinueScope push(&break_info, this);
5428 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5429 }
5430
5431 HBasicBlock* body_exit =
5432 JoinContinue(stmt, current_block(), break_info.continue_block());
5433
5434 if (body_exit != NULL) {
5435 set_current_block(body_exit);
5436
5437 HValue* current_index = Pop();
5438 Push(AddUncasted<HAdd>(current_index, graph()->GetConstant1()));
5439 body_exit = current_block();
5440 }
5441
5442 HBasicBlock* loop_exit = CreateLoop(stmt,
5443 loop_entry,
5444 body_exit,
5445 loop_successor,
5446 break_info.break_block());
5447
5448 set_current_block(loop_exit);
5449 }
5450
5451
5452 void HOptimizedGraphBuilder::VisitForOfStatement(ForOfStatement* stmt) {
5453 DCHECK(!HasStackOverflow());
5454 DCHECK(current_block() != NULL);
5455 DCHECK(current_block()->HasPredecessor());
5456 return Bailout(kForOfStatement);
5457 }
5458
5459
5460 void HOptimizedGraphBuilder::VisitTryCatchStatement(TryCatchStatement* stmt) {
5461 DCHECK(!HasStackOverflow());
5462 DCHECK(current_block() != NULL);
5463 DCHECK(current_block()->HasPredecessor());
5464 return Bailout(kTryCatchStatement);
5465 }
5466
5467
5468 void HOptimizedGraphBuilder::VisitTryFinallyStatement(
5469 TryFinallyStatement* stmt) {
5470 DCHECK(!HasStackOverflow());
5471 DCHECK(current_block() != NULL);
5472 DCHECK(current_block()->HasPredecessor());
5473 return Bailout(kTryFinallyStatement);
5474 }
5475
5476
5477 void HOptimizedGraphBuilder::VisitDebuggerStatement(DebuggerStatement* stmt) {
5478 DCHECK(!HasStackOverflow());
5479 DCHECK(current_block() != NULL);
5480 DCHECK(current_block()->HasPredecessor());
5481 return Bailout(kDebuggerStatement);
5482 }
5483
5484
5485 void HOptimizedGraphBuilder::VisitCaseClause(CaseClause* clause) {
5486 UNREACHABLE();
5487 }
5488
5489
5490 void HOptimizedGraphBuilder::VisitFunctionLiteral(FunctionLiteral* expr) {
5491 DCHECK(!HasStackOverflow());
5492 DCHECK(current_block() != NULL);
5493 DCHECK(current_block()->HasPredecessor());
5494 Handle<SharedFunctionInfo> shared_info = Compiler::GetSharedFunctionInfo(
5495 expr, current_info()->script(), top_info());
5496 // We also have a stack overflow if the recursive compilation did.
5497 if (HasStackOverflow()) return;
5498 // Use the fast case closure allocation code that allocates in new
5499 // space for nested functions that don't need literals cloning.
5500 HConstant* shared_info_value = Add<HConstant>(shared_info);
5501 HInstruction* instr;
5502 if (!expr->pretenure() && shared_info->num_literals() == 0) {
5503 FastNewClosureStub stub(isolate(), shared_info->language_mode(),
5504 shared_info->kind());
5505 FastNewClosureDescriptor descriptor(isolate());
5506 HValue* values[] = {context(), shared_info_value};
5507 HConstant* stub_value = Add<HConstant>(stub.GetCode());
5508 instr = New<HCallWithDescriptor>(stub_value, 0, descriptor,
5509 Vector<HValue*>(values, arraysize(values)),
5510 NORMAL_CALL);
5511 } else {
5512 Add<HPushArguments>(shared_info_value);
5513 Runtime::FunctionId function_id =
5514 expr->pretenure() ? Runtime::kNewClosure_Tenured : Runtime::kNewClosure;
5515 instr = New<HCallRuntime>(Runtime::FunctionForId(function_id), 1);
5516 }
5517 return ast_context()->ReturnInstruction(instr, expr->id());
5518 }
5519
5520
5521 void HOptimizedGraphBuilder::VisitClassLiteral(ClassLiteral* lit) {
5522 DCHECK(!HasStackOverflow());
5523 DCHECK(current_block() != NULL);
5524 DCHECK(current_block()->HasPredecessor());
5525 return Bailout(kClassLiteral);
5526 }
5527
5528
5529 void HOptimizedGraphBuilder::VisitNativeFunctionLiteral(
5530 NativeFunctionLiteral* expr) {
5531 DCHECK(!HasStackOverflow());
5532 DCHECK(current_block() != NULL);
5533 DCHECK(current_block()->HasPredecessor());
5534 return Bailout(kNativeFunctionLiteral);
5535 }
5536
5537
5538 void HOptimizedGraphBuilder::VisitConditional(Conditional* expr) {
5539 DCHECK(!HasStackOverflow());
5540 DCHECK(current_block() != NULL);
5541 DCHECK(current_block()->HasPredecessor());
5542 HBasicBlock* cond_true = graph()->CreateBasicBlock();
5543 HBasicBlock* cond_false = graph()->CreateBasicBlock();
5544 CHECK_BAILOUT(VisitForControl(expr->condition(), cond_true, cond_false));
5545
5546 // Visit the true and false subexpressions in the same AST context as the
5547 // whole expression.
5548 if (cond_true->HasPredecessor()) {
5549 cond_true->SetJoinId(expr->ThenId());
5550 set_current_block(cond_true);
5551 CHECK_BAILOUT(Visit(expr->then_expression()));
5552 cond_true = current_block();
5553 } else {
5554 cond_true = NULL;
5555 }
5556
5557 if (cond_false->HasPredecessor()) {
5558 cond_false->SetJoinId(expr->ElseId());
5559 set_current_block(cond_false);
5560 CHECK_BAILOUT(Visit(expr->else_expression()));
5561 cond_false = current_block();
5562 } else {
5563 cond_false = NULL;
5564 }
5565
5566 if (!ast_context()->IsTest()) {
5567 HBasicBlock* join = CreateJoin(cond_true, cond_false, expr->id());
5568 set_current_block(join);
5569 if (join != NULL && !ast_context()->IsEffect()) {
5570 return ast_context()->ReturnValue(Pop());
5571 }
5572 }
5573 }
5574
5575
5576 HOptimizedGraphBuilder::GlobalPropertyAccess
5577 HOptimizedGraphBuilder::LookupGlobalProperty(Variable* var, LookupIterator* it,
5578 PropertyAccessType access_type) {
5579 if (var->is_this() || !current_info()->has_global_object()) {
5580 return kUseGeneric;
5581 }
5582
5583 switch (it->state()) {
5584 case LookupIterator::ACCESSOR:
5585 case LookupIterator::ACCESS_CHECK:
5586 case LookupIterator::INTERCEPTOR:
5587 case LookupIterator::INTEGER_INDEXED_EXOTIC:
5588 case LookupIterator::NOT_FOUND:
5589 return kUseGeneric;
5590 case LookupIterator::DATA:
5591 if (access_type == STORE && it->IsReadOnly()) return kUseGeneric;
5592 return kUseCell;
5593 case LookupIterator::JSPROXY:
5594 case LookupIterator::TRANSITION:
5595 UNREACHABLE();
5596 }
5597 UNREACHABLE();
5598 return kUseGeneric;
5599 }
5600
5601
5602 HValue* HOptimizedGraphBuilder::BuildContextChainWalk(Variable* var) {
5603 DCHECK(var->IsContextSlot());
5604 HValue* context = environment()->context();
5605 int length = scope()->ContextChainLength(var->scope());
5606 while (length-- > 0) {
5607 context = Add<HLoadNamedField>(
5608 context, nullptr,
5609 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
5610 }
5611 return context;
5612 }
5613
5614
5615 void HOptimizedGraphBuilder::VisitVariableProxy(VariableProxy* expr) {
5616 DCHECK(!HasStackOverflow());
5617 DCHECK(current_block() != NULL);
5618 DCHECK(current_block()->HasPredecessor());
5619 Variable* variable = expr->var();
5620 switch (variable->location()) {
5621 case VariableLocation::GLOBAL:
5622 case VariableLocation::UNALLOCATED: {
5623 if (IsLexicalVariableMode(variable->mode())) {
5624 // TODO(rossberg): should this be an DCHECK?
5625 return Bailout(kReferenceToGlobalLexicalVariable);
5626 }
5627 // Handle known global constants like 'undefined' specially to avoid a
5628 // load from a global cell for them.
5629 Handle<Object> constant_value =
5630 isolate()->factory()->GlobalConstantFor(variable->name());
5631 if (!constant_value.is_null()) {
5632 HConstant* instr = New<HConstant>(constant_value);
5633 return ast_context()->ReturnInstruction(instr, expr->id());
5634 }
5635
5636 Handle<GlobalObject> global(current_info()->global_object());
5637
5638 // Lookup in script contexts.
5639 {
5640 Handle<ScriptContextTable> script_contexts(
5641 global->native_context()->script_context_table());
5642 ScriptContextTable::LookupResult lookup;
5643 if (ScriptContextTable::Lookup(script_contexts, variable->name(),
5644 &lookup)) {
5645 Handle<Context> script_context = ScriptContextTable::GetContext(
5646 script_contexts, lookup.context_index);
5647 Handle<Object> current_value =
5648 FixedArray::get(script_context, lookup.slot_index);
5649
5650 // If the values is not the hole, it will stay initialized,
5651 // so no need to generate a check.
5652 if (*current_value == *isolate()->factory()->the_hole_value()) {
5653 return Bailout(kReferenceToUninitializedVariable);
5654 }
5655 HInstruction* result = New<HLoadNamedField>(
5656 Add<HConstant>(script_context), nullptr,
5657 HObjectAccess::ForContextSlot(lookup.slot_index));
5658 return ast_context()->ReturnInstruction(result, expr->id());
5659 }
5660 }
5661
5662 LookupIterator it(global, variable->name(), LookupIterator::OWN);
5663 GlobalPropertyAccess type = LookupGlobalProperty(variable, &it, LOAD);
5664
5665 if (type == kUseCell) {
5666 Handle<PropertyCell> cell = it.GetPropertyCell();
5667 top_info()->dependencies()->AssumePropertyCell(cell);
5668 auto cell_type = it.property_details().cell_type();
5669 if (cell_type == PropertyCellType::kConstant ||
5670 cell_type == PropertyCellType::kUndefined) {
5671 Handle<Object> constant_object(cell->value(), isolate());
5672 if (constant_object->IsConsString()) {
5673 constant_object =
5674 String::Flatten(Handle<String>::cast(constant_object));
5675 }
5676 HConstant* constant = New<HConstant>(constant_object);
5677 return ast_context()->ReturnInstruction(constant, expr->id());
5678 } else {
5679 auto access = HObjectAccess::ForPropertyCellValue();
5680 UniqueSet<Map>* field_maps = nullptr;
5681 if (cell_type == PropertyCellType::kConstantType) {
5682 switch (cell->GetConstantType()) {
5683 case PropertyCellConstantType::kSmi:
5684 access = access.WithRepresentation(Representation::Smi());
5685 break;
5686 case PropertyCellConstantType::kStableMap: {
5687 // Check that the map really is stable. The heap object could
5688 // have mutated without the cell updating state. In that case,
5689 // make no promises about the loaded value except that it's a
5690 // heap object.
5691 access =
5692 access.WithRepresentation(Representation::HeapObject());
5693 Handle<Map> map(HeapObject::cast(cell->value())->map());
5694 if (map->is_stable()) {
5695 field_maps = new (zone())
5696 UniqueSet<Map>(Unique<Map>::CreateImmovable(map), zone());
5697 }
5698 break;
5699 }
5700 }
5701 }
5702 HConstant* cell_constant = Add<HConstant>(cell);
5703 HLoadNamedField* instr;
5704 if (field_maps == nullptr) {
5705 instr = New<HLoadNamedField>(cell_constant, nullptr, access);
5706 } else {
5707 instr = New<HLoadNamedField>(cell_constant, nullptr, access,
5708 field_maps, HType::HeapObject());
5709 }
5710 instr->ClearDependsOnFlag(kInobjectFields);
5711 instr->SetDependsOnFlag(kGlobalVars);
5712 return ast_context()->ReturnInstruction(instr, expr->id());
5713 }
5714 } else if (variable->IsGlobalSlot()) {
5715 DCHECK(variable->index() > 0);
5716 DCHECK(variable->IsStaticGlobalObjectProperty());
5717 int slot_index = variable->index();
5718 int depth = scope()->ContextChainLength(variable->scope());
5719
5720 HLoadGlobalViaContext* instr =
5721 New<HLoadGlobalViaContext>(depth, slot_index);
5722 return ast_context()->ReturnInstruction(instr, expr->id());
5723
5724 } else {
5725 HValue* global_object = Add<HLoadNamedField>(
5726 context(), nullptr,
5727 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
5728 HLoadGlobalGeneric* instr = New<HLoadGlobalGeneric>(
5729 global_object, variable->name(), ast_context()->typeof_mode());
5730 instr->SetVectorAndSlot(handle(current_feedback_vector(), isolate()),
5731 expr->VariableFeedbackSlot());
5732 return ast_context()->ReturnInstruction(instr, expr->id());
5733 }
5734 }
5735
5736 case VariableLocation::PARAMETER:
5737 case VariableLocation::LOCAL: {
5738 HValue* value = LookupAndMakeLive(variable);
5739 if (value == graph()->GetConstantHole()) {
5740 DCHECK(IsDeclaredVariableMode(variable->mode()) &&
5741 variable->mode() != VAR);
5742 return Bailout(kReferenceToUninitializedVariable);
5743 }
5744 return ast_context()->ReturnValue(value);
5745 }
5746
5747 case VariableLocation::CONTEXT: {
5748 HValue* context = BuildContextChainWalk(variable);
5749 HLoadContextSlot::Mode mode;
5750 switch (variable->mode()) {
5751 case LET:
5752 case CONST:
5753 mode = HLoadContextSlot::kCheckDeoptimize;
5754 break;
5755 case CONST_LEGACY:
5756 mode = HLoadContextSlot::kCheckReturnUndefined;
5757 break;
5758 default:
5759 mode = HLoadContextSlot::kNoCheck;
5760 break;
5761 }
5762 HLoadContextSlot* instr =
5763 new(zone()) HLoadContextSlot(context, variable->index(), mode);
5764 return ast_context()->ReturnInstruction(instr, expr->id());
5765 }
5766
5767 case VariableLocation::LOOKUP:
5768 return Bailout(kReferenceToAVariableWhichRequiresDynamicLookup);
5769 }
5770 }
5771
5772
5773 void HOptimizedGraphBuilder::VisitLiteral(Literal* expr) {
5774 DCHECK(!HasStackOverflow());
5775 DCHECK(current_block() != NULL);
5776 DCHECK(current_block()->HasPredecessor());
5777 HConstant* instr = New<HConstant>(expr->value());
5778 return ast_context()->ReturnInstruction(instr, expr->id());
5779 }
5780
5781
5782 void HOptimizedGraphBuilder::VisitRegExpLiteral(RegExpLiteral* expr) {
5783 DCHECK(!HasStackOverflow());
5784 DCHECK(current_block() != NULL);
5785 DCHECK(current_block()->HasPredecessor());
5786 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5787 Handle<LiteralsArray> literals(closure->literals());
5788 HRegExpLiteral* instr = New<HRegExpLiteral>(literals,
5789 expr->pattern(),
5790 expr->flags(),
5791 expr->literal_index());
5792 return ast_context()->ReturnInstruction(instr, expr->id());
5793 }
5794
5795
5796 static bool CanInlinePropertyAccess(Handle<Map> map) {
5797 if (map->instance_type() == HEAP_NUMBER_TYPE) return true;
5798 if (map->instance_type() < FIRST_NONSTRING_TYPE) return true;
5799 return map->IsJSObjectMap() && !map->is_dictionary_map() &&
5800 !map->has_named_interceptor() &&
5801 // TODO(verwaest): Whitelist contexts to which we have access.
5802 !map->is_access_check_needed();
5803 }
5804
5805
5806 // Determines whether the given array or object literal boilerplate satisfies
5807 // all limits to be considered for fast deep-copying and computes the total
5808 // size of all objects that are part of the graph.
5809 static bool IsFastLiteral(Handle<JSObject> boilerplate,
5810 int max_depth,
5811 int* max_properties) {
5812 if (boilerplate->map()->is_deprecated() &&
5813 !JSObject::TryMigrateInstance(boilerplate)) {
5814 return false;
5815 }
5816
5817 DCHECK(max_depth >= 0 && *max_properties >= 0);
5818 if (max_depth == 0) return false;
5819
5820 Isolate* isolate = boilerplate->GetIsolate();
5821 Handle<FixedArrayBase> elements(boilerplate->elements());
5822 if (elements->length() > 0 &&
5823 elements->map() != isolate->heap()->fixed_cow_array_map()) {
5824 if (boilerplate->HasFastSmiOrObjectElements()) {
5825 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
5826 int length = elements->length();
5827 for (int i = 0; i < length; i++) {
5828 if ((*max_properties)-- == 0) return false;
5829 Handle<Object> value(fast_elements->get(i), isolate);
5830 if (value->IsJSObject()) {
5831 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5832 if (!IsFastLiteral(value_object,
5833 max_depth - 1,
5834 max_properties)) {
5835 return false;
5836 }
5837 }
5838 }
5839 } else if (!boilerplate->HasFastDoubleElements()) {
5840 return false;
5841 }
5842 }
5843
5844 Handle<FixedArray> properties(boilerplate->properties());
5845 if (properties->length() > 0) {
5846 return false;
5847 } else {
5848 Handle<DescriptorArray> descriptors(
5849 boilerplate->map()->instance_descriptors());
5850 int limit = boilerplate->map()->NumberOfOwnDescriptors();
5851 for (int i = 0; i < limit; i++) {
5852 PropertyDetails details = descriptors->GetDetails(i);
5853 if (details.type() != DATA) continue;
5854 if ((*max_properties)-- == 0) return false;
5855 FieldIndex field_index = FieldIndex::ForDescriptor(boilerplate->map(), i);
5856 if (boilerplate->IsUnboxedDoubleField(field_index)) continue;
5857 Handle<Object> value(boilerplate->RawFastPropertyAt(field_index),
5858 isolate);
5859 if (value->IsJSObject()) {
5860 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5861 if (!IsFastLiteral(value_object,
5862 max_depth - 1,
5863 max_properties)) {
5864 return false;
5865 }
5866 }
5867 }
5868 }
5869 return true;
5870 }
5871
5872
5873 void HOptimizedGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
5874 DCHECK(!HasStackOverflow());
5875 DCHECK(current_block() != NULL);
5876 DCHECK(current_block()->HasPredecessor());
5877
5878 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5879 HInstruction* literal;
5880
5881 // Check whether to use fast or slow deep-copying for boilerplate.
5882 int max_properties = kMaxFastLiteralProperties;
5883 Handle<Object> literals_cell(
5884 closure->literals()->literal(expr->literal_index()), isolate());
5885 Handle<AllocationSite> site;
5886 Handle<JSObject> boilerplate;
5887 if (!literals_cell->IsUndefined()) {
5888 // Retrieve the boilerplate
5889 site = Handle<AllocationSite>::cast(literals_cell);
5890 boilerplate = Handle<JSObject>(JSObject::cast(site->transition_info()),
5891 isolate());
5892 }
5893
5894 if (!boilerplate.is_null() &&
5895 IsFastLiteral(boilerplate, kMaxFastLiteralDepth, &max_properties)) {
5896 AllocationSiteUsageContext site_context(isolate(), site, false);
5897 site_context.EnterNewScope();
5898 literal = BuildFastLiteral(boilerplate, &site_context);
5899 site_context.ExitScope(site, boilerplate);
5900 } else {
5901 NoObservableSideEffectsScope no_effects(this);
5902 Handle<LiteralsArray> closure_literals(closure->literals(), isolate());
5903 Handle<FixedArray> constant_properties = expr->constant_properties();
5904 int literal_index = expr->literal_index();
5905 int flags = expr->ComputeFlags(true);
5906
5907 Add<HPushArguments>(Add<HConstant>(closure_literals),
5908 Add<HConstant>(literal_index),
5909 Add<HConstant>(constant_properties),
5910 Add<HConstant>(flags));
5911
5912 Runtime::FunctionId function_id = Runtime::kCreateObjectLiteral;
5913 literal = Add<HCallRuntime>(Runtime::FunctionForId(function_id), 4);
5914 }
5915
5916 // The object is expected in the bailout environment during computation
5917 // of the property values and is the value of the entire expression.
5918 Push(literal);
5919 for (int i = 0; i < expr->properties()->length(); i++) {
5920 ObjectLiteral::Property* property = expr->properties()->at(i);
5921 if (property->is_computed_name()) return Bailout(kComputedPropertyName);
5922 if (property->IsCompileTimeValue()) continue;
5923
5924 Literal* key = property->key()->AsLiteral();
5925 Expression* value = property->value();
5926
5927 switch (property->kind()) {
5928 case ObjectLiteral::Property::MATERIALIZED_LITERAL:
5929 DCHECK(!CompileTimeValue::IsCompileTimeValue(value));
5930 // Fall through.
5931 case ObjectLiteral::Property::COMPUTED:
5932 // It is safe to use [[Put]] here because the boilerplate already
5933 // contains computed properties with an uninitialized value.
5934 if (key->value()->IsInternalizedString()) {
5935 if (property->emit_store()) {
5936 CHECK_ALIVE(VisitForValue(value));
5937 HValue* value = Pop();
5938
5939 Handle<Map> map = property->GetReceiverType();
5940 Handle<String> name = key->AsPropertyName();
5941 HValue* store;
5942 FeedbackVectorSlot slot = property->GetSlot();
5943 if (map.is_null()) {
5944 // If we don't know the monomorphic type, do a generic store.
5945 CHECK_ALIVE(store = BuildNamedGeneric(STORE, NULL, slot, literal,
5946 name, value));
5947 } else {
5948 PropertyAccessInfo info(this, STORE, map, name);
5949 if (info.CanAccessMonomorphic()) {
5950 HValue* checked_literal = Add<HCheckMaps>(literal, map);
5951 DCHECK(!info.IsAccessorConstant());
5952 store = BuildMonomorphicAccess(
5953 &info, literal, checked_literal, value,
5954 BailoutId::None(), BailoutId::None());
5955 } else {
5956 CHECK_ALIVE(store = BuildNamedGeneric(STORE, NULL, slot,
5957 literal, name, value));
5958 }
5959 }
5960 if (store->IsInstruction()) {
5961 AddInstruction(HInstruction::cast(store));
5962 }
5963 DCHECK(store->HasObservableSideEffects());
5964 Add<HSimulate>(key->id(), REMOVABLE_SIMULATE);
5965
5966 // Add [[HomeObject]] to function literals.
5967 if (FunctionLiteral::NeedsHomeObject(property->value())) {
5968 Handle<Symbol> sym = isolate()->factory()->home_object_symbol();
5969 HInstruction* store_home = BuildNamedGeneric(
5970 STORE, NULL, property->GetSlot(1), value, sym, literal);
5971 AddInstruction(store_home);
5972 DCHECK(store_home->HasObservableSideEffects());
5973 Add<HSimulate>(property->value()->id(), REMOVABLE_SIMULATE);
5974 }
5975 } else {
5976 CHECK_ALIVE(VisitForEffect(value));
5977 }
5978 break;
5979 }
5980 // Fall through.
5981 case ObjectLiteral::Property::PROTOTYPE:
5982 case ObjectLiteral::Property::SETTER:
5983 case ObjectLiteral::Property::GETTER:
5984 return Bailout(kObjectLiteralWithComplexProperty);
5985 default: UNREACHABLE();
5986 }
5987 }
5988
5989 if (expr->has_function()) {
5990 // Return the result of the transformation to fast properties
5991 // instead of the original since this operation changes the map
5992 // of the object. This makes sure that the original object won't
5993 // be used by other optimized code before it is transformed
5994 // (e.g. because of code motion).
5995 HToFastProperties* result = Add<HToFastProperties>(Pop());
5996 return ast_context()->ReturnValue(result);
5997 } else {
5998 return ast_context()->ReturnValue(Pop());
5999 }
6000 }
6001
6002
6003 void HOptimizedGraphBuilder::VisitArrayLiteral(ArrayLiteral* expr) {
6004 DCHECK(!HasStackOverflow());
6005 DCHECK(current_block() != NULL);
6006 DCHECK(current_block()->HasPredecessor());
6007 ZoneList<Expression*>* subexprs = expr->values();
6008 int length = subexprs->length();
6009 HInstruction* literal;
6010
6011 Handle<AllocationSite> site;
6012 Handle<LiteralsArray> literals(environment()->closure()->literals(),
6013 isolate());
6014 bool uninitialized = false;
6015 Handle<Object> literals_cell(literals->literal(expr->literal_index()),
6016 isolate());
6017 Handle<JSObject> boilerplate_object;
6018 if (literals_cell->IsUndefined()) {
6019 uninitialized = true;
6020 Handle<Object> raw_boilerplate;
6021 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
6022 isolate(), raw_boilerplate,
6023 Runtime::CreateArrayLiteralBoilerplate(
6024 isolate(), literals, expr->constant_elements(),
6025 is_strong(function_language_mode())),
6026 Bailout(kArrayBoilerplateCreationFailed));
6027
6028 boilerplate_object = Handle<JSObject>::cast(raw_boilerplate);
6029 AllocationSiteCreationContext creation_context(isolate());
6030 site = creation_context.EnterNewScope();
6031 if (JSObject::DeepWalk(boilerplate_object, &creation_context).is_null()) {
6032 return Bailout(kArrayBoilerplateCreationFailed);
6033 }
6034 creation_context.ExitScope(site, boilerplate_object);
6035 literals->set_literal(expr->literal_index(), *site);
6036
6037 if (boilerplate_object->elements()->map() ==
6038 isolate()->heap()->fixed_cow_array_map()) {
6039 isolate()->counters()->cow_arrays_created_runtime()->Increment();
6040 }
6041 } else {
6042 DCHECK(literals_cell->IsAllocationSite());
6043 site = Handle<AllocationSite>::cast(literals_cell);
6044 boilerplate_object = Handle<JSObject>(
6045 JSObject::cast(site->transition_info()), isolate());
6046 }
6047
6048 DCHECK(!boilerplate_object.is_null());
6049 DCHECK(site->SitePointsToLiteral());
6050
6051 ElementsKind boilerplate_elements_kind =
6052 boilerplate_object->GetElementsKind();
6053
6054 // Check whether to use fast or slow deep-copying for boilerplate.
6055 int max_properties = kMaxFastLiteralProperties;
6056 if (IsFastLiteral(boilerplate_object,
6057 kMaxFastLiteralDepth,
6058 &max_properties)) {
6059 AllocationSiteUsageContext site_context(isolate(), site, false);
6060 site_context.EnterNewScope();
6061 literal = BuildFastLiteral(boilerplate_object, &site_context);
6062 site_context.ExitScope(site, boilerplate_object);
6063 } else {
6064 NoObservableSideEffectsScope no_effects(this);
6065 // Boilerplate already exists and constant elements are never accessed,
6066 // pass an empty fixed array to the runtime function instead.
6067 Handle<FixedArray> constants = isolate()->factory()->empty_fixed_array();
6068 int literal_index = expr->literal_index();
6069 int flags = expr->ComputeFlags(true);
6070
6071 Add<HPushArguments>(Add<HConstant>(literals),
6072 Add<HConstant>(literal_index),
6073 Add<HConstant>(constants),
6074 Add<HConstant>(flags));
6075
6076 Runtime::FunctionId function_id = Runtime::kCreateArrayLiteral;
6077 literal = Add<HCallRuntime>(Runtime::FunctionForId(function_id), 4);
6078
6079 // Register to deopt if the boilerplate ElementsKind changes.
6080 top_info()->dependencies()->AssumeTransitionStable(site);
6081 }
6082
6083 // The array is expected in the bailout environment during computation
6084 // of the property values and is the value of the entire expression.
6085 Push(literal);
6086 // The literal index is on the stack, too.
6087 Push(Add<HConstant>(expr->literal_index()));
6088
6089 HInstruction* elements = NULL;
6090
6091 for (int i = 0; i < length; i++) {
6092 Expression* subexpr = subexprs->at(i);
6093 if (subexpr->IsSpread()) {
6094 return Bailout(kSpread);
6095 }
6096
6097 // If the subexpression is a literal or a simple materialized literal it
6098 // is already set in the cloned array.
6099 if (CompileTimeValue::IsCompileTimeValue(subexpr)) continue;
6100
6101 CHECK_ALIVE(VisitForValue(subexpr));
6102 HValue* value = Pop();
6103 if (!Smi::IsValid(i)) return Bailout(kNonSmiKeyInArrayLiteral);
6104
6105 elements = AddLoadElements(literal);
6106
6107 HValue* key = Add<HConstant>(i);
6108
6109 switch (boilerplate_elements_kind) {
6110 case FAST_SMI_ELEMENTS:
6111 case FAST_HOLEY_SMI_ELEMENTS:
6112 case FAST_ELEMENTS:
6113 case FAST_HOLEY_ELEMENTS:
6114 case FAST_DOUBLE_ELEMENTS:
6115 case FAST_HOLEY_DOUBLE_ELEMENTS: {
6116 HStoreKeyed* instr = Add<HStoreKeyed>(elements, key, value,
6117 boilerplate_elements_kind);
6118 instr->SetUninitialized(uninitialized);
6119 break;
6120 }
6121 default:
6122 UNREACHABLE();
6123 break;
6124 }
6125
6126 Add<HSimulate>(expr->GetIdForElement(i));
6127 }
6128
6129 Drop(1); // array literal index
6130 return ast_context()->ReturnValue(Pop());
6131 }
6132
6133
6134 HCheckMaps* HOptimizedGraphBuilder::AddCheckMap(HValue* object,
6135 Handle<Map> map) {
6136 BuildCheckHeapObject(object);
6137 return Add<HCheckMaps>(object, map);
6138 }
6139
6140
6141 HInstruction* HOptimizedGraphBuilder::BuildLoadNamedField(
6142 PropertyAccessInfo* info,
6143 HValue* checked_object) {
6144 // See if this is a load for an immutable property
6145 if (checked_object->ActualValue()->IsConstant()) {
6146 Handle<Object> object(
6147 HConstant::cast(checked_object->ActualValue())->handle(isolate()));
6148
6149 if (object->IsJSObject()) {
6150 LookupIterator it(object, info->name(),
6151 LookupIterator::OWN_SKIP_INTERCEPTOR);
6152 Handle<Object> value = JSReceiver::GetDataProperty(&it);
6153 if (it.IsFound() && it.IsReadOnly() && !it.IsConfigurable()) {
6154 return New<HConstant>(value);
6155 }
6156 }
6157 }
6158
6159 HObjectAccess access = info->access();
6160 if (access.representation().IsDouble() &&
6161 (!FLAG_unbox_double_fields || !access.IsInobject())) {
6162 // Load the heap number.
6163 checked_object = Add<HLoadNamedField>(
6164 checked_object, nullptr,
6165 access.WithRepresentation(Representation::Tagged()));
6166 // Load the double value from it.
6167 access = HObjectAccess::ForHeapNumberValue();
6168 }
6169
6170 SmallMapList* map_list = info->field_maps();
6171 if (map_list->length() == 0) {
6172 return New<HLoadNamedField>(checked_object, checked_object, access);
6173 }
6174
6175 UniqueSet<Map>* maps = new(zone()) UniqueSet<Map>(map_list->length(), zone());
6176 for (int i = 0; i < map_list->length(); ++i) {
6177 maps->Add(Unique<Map>::CreateImmovable(map_list->at(i)), zone());
6178 }
6179 return New<HLoadNamedField>(
6180 checked_object, checked_object, access, maps, info->field_type());
6181 }
6182
6183
6184 HInstruction* HOptimizedGraphBuilder::BuildStoreNamedField(
6185 PropertyAccessInfo* info,
6186 HValue* checked_object,
6187 HValue* value) {
6188 bool transition_to_field = info->IsTransition();
6189 // TODO(verwaest): Move this logic into PropertyAccessInfo.
6190 HObjectAccess field_access = info->access();
6191
6192 HStoreNamedField *instr;
6193 if (field_access.representation().IsDouble() &&
6194 (!FLAG_unbox_double_fields || !field_access.IsInobject())) {
6195 HObjectAccess heap_number_access =
6196 field_access.WithRepresentation(Representation::Tagged());
6197 if (transition_to_field) {
6198 // The store requires a mutable HeapNumber to be allocated.
6199 NoObservableSideEffectsScope no_side_effects(this);
6200 HInstruction* heap_number_size = Add<HConstant>(HeapNumber::kSize);
6201
6202 // TODO(hpayer): Allocation site pretenuring support.
6203 HInstruction* heap_number = Add<HAllocate>(heap_number_size,
6204 HType::HeapObject(),
6205 NOT_TENURED,
6206 MUTABLE_HEAP_NUMBER_TYPE);
6207 AddStoreMapConstant(
6208 heap_number, isolate()->factory()->mutable_heap_number_map());
6209 Add<HStoreNamedField>(heap_number, HObjectAccess::ForHeapNumberValue(),
6210 value);
6211 instr = New<HStoreNamedField>(checked_object->ActualValue(),
6212 heap_number_access,
6213 heap_number);
6214 } else {
6215 // Already holds a HeapNumber; load the box and write its value field.
6216 HInstruction* heap_number =
6217 Add<HLoadNamedField>(checked_object, nullptr, heap_number_access);
6218 instr = New<HStoreNamedField>(heap_number,
6219 HObjectAccess::ForHeapNumberValue(),
6220 value, STORE_TO_INITIALIZED_ENTRY);
6221 }
6222 } else {
6223 if (field_access.representation().IsHeapObject()) {
6224 BuildCheckHeapObject(value);
6225 }
6226
6227 if (!info->field_maps()->is_empty()) {
6228 DCHECK(field_access.representation().IsHeapObject());
6229 value = Add<HCheckMaps>(value, info->field_maps());
6230 }
6231
6232 // This is a normal store.
6233 instr = New<HStoreNamedField>(
6234 checked_object->ActualValue(), field_access, value,
6235 transition_to_field ? INITIALIZING_STORE : STORE_TO_INITIALIZED_ENTRY);
6236 }
6237
6238 if (transition_to_field) {
6239 Handle<Map> transition(info->transition());
6240 DCHECK(!transition->is_deprecated());
6241 instr->SetTransition(Add<HConstant>(transition));
6242 }
6243 return instr;
6244 }
6245
6246
6247 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsCompatible(
6248 PropertyAccessInfo* info) {
6249 if (!CanInlinePropertyAccess(map_)) return false;
6250
6251 // Currently only handle Type::Number as a polymorphic case.
6252 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6253 // instruction.
6254 if (IsNumberType()) return false;
6255
6256 // Values are only compatible for monomorphic load if they all behave the same
6257 // regarding value wrappers.
6258 if (IsValueWrapped() != info->IsValueWrapped()) return false;
6259
6260 if (!LookupDescriptor()) return false;
6261
6262 if (!IsFound()) {
6263 return (!info->IsFound() || info->has_holder()) &&
6264 map()->prototype() == info->map()->prototype();
6265 }
6266
6267 // Mismatch if the other access info found the property in the prototype
6268 // chain.
6269 if (info->has_holder()) return false;
6270
6271 if (IsAccessorConstant()) {
6272 return accessor_.is_identical_to(info->accessor_) &&
6273 api_holder_.is_identical_to(info->api_holder_);
6274 }
6275
6276 if (IsDataConstant()) {
6277 return constant_.is_identical_to(info->constant_);
6278 }
6279
6280 DCHECK(IsData());
6281 if (!info->IsData()) return false;
6282
6283 Representation r = access_.representation();
6284 if (IsLoad()) {
6285 if (!info->access_.representation().IsCompatibleForLoad(r)) return false;
6286 } else {
6287 if (!info->access_.representation().IsCompatibleForStore(r)) return false;
6288 }
6289 if (info->access_.offset() != access_.offset()) return false;
6290 if (info->access_.IsInobject() != access_.IsInobject()) return false;
6291 if (IsLoad()) {
6292 if (field_maps_.is_empty()) {
6293 info->field_maps_.Clear();
6294 } else if (!info->field_maps_.is_empty()) {
6295 for (int i = 0; i < field_maps_.length(); ++i) {
6296 info->field_maps_.AddMapIfMissing(field_maps_.at(i), info->zone());
6297 }
6298 info->field_maps_.Sort();
6299 }
6300 } else {
6301 // We can only merge stores that agree on their field maps. The comparison
6302 // below is safe, since we keep the field maps sorted.
6303 if (field_maps_.length() != info->field_maps_.length()) return false;
6304 for (int i = 0; i < field_maps_.length(); ++i) {
6305 if (!field_maps_.at(i).is_identical_to(info->field_maps_.at(i))) {
6306 return false;
6307 }
6308 }
6309 }
6310 info->GeneralizeRepresentation(r);
6311 info->field_type_ = info->field_type_.Combine(field_type_);
6312 return true;
6313 }
6314
6315
6316 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupDescriptor() {
6317 if (!map_->IsJSObjectMap()) return true;
6318 LookupDescriptor(*map_, *name_);
6319 return LoadResult(map_);
6320 }
6321
6322
6323 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadResult(Handle<Map> map) {
6324 if (!IsLoad() && IsProperty() && IsReadOnly()) {
6325 return false;
6326 }
6327
6328 if (IsData()) {
6329 // Construct the object field access.
6330 int index = GetLocalFieldIndexFromMap(map);
6331 access_ = HObjectAccess::ForField(map, index, representation(), name_);
6332
6333 // Load field map for heap objects.
6334 return LoadFieldMaps(map);
6335 } else if (IsAccessorConstant()) {
6336 Handle<Object> accessors = GetAccessorsFromMap(map);
6337 if (!accessors->IsAccessorPair()) return false;
6338 Object* raw_accessor =
6339 IsLoad() ? Handle<AccessorPair>::cast(accessors)->getter()
6340 : Handle<AccessorPair>::cast(accessors)->setter();
6341 if (!raw_accessor->IsJSFunction()) return false;
6342 Handle<JSFunction> accessor = handle(JSFunction::cast(raw_accessor));
6343 if (accessor->shared()->IsApiFunction()) {
6344 CallOptimization call_optimization(accessor);
6345 if (call_optimization.is_simple_api_call()) {
6346 CallOptimization::HolderLookup holder_lookup;
6347 api_holder_ =
6348 call_optimization.LookupHolderOfExpectedType(map_, &holder_lookup);
6349 }
6350 }
6351 accessor_ = accessor;
6352 } else if (IsDataConstant()) {
6353 constant_ = GetConstantFromMap(map);
6354 }
6355
6356 return true;
6357 }
6358
6359
6360 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadFieldMaps(
6361 Handle<Map> map) {
6362 // Clear any previously collected field maps/type.
6363 field_maps_.Clear();
6364 field_type_ = HType::Tagged();
6365
6366 // Figure out the field type from the accessor map.
6367 Handle<HeapType> field_type = GetFieldTypeFromMap(map);
6368
6369 // Collect the (stable) maps from the field type.
6370 int num_field_maps = field_type->NumClasses();
6371 if (num_field_maps > 0) {
6372 DCHECK(access_.representation().IsHeapObject());
6373 field_maps_.Reserve(num_field_maps, zone());
6374 HeapType::Iterator<Map> it = field_type->Classes();
6375 while (!it.Done()) {
6376 Handle<Map> field_map = it.Current();
6377 if (!field_map->is_stable()) {
6378 field_maps_.Clear();
6379 break;
6380 }
6381 field_maps_.Add(field_map, zone());
6382 it.Advance();
6383 }
6384 }
6385
6386 if (field_maps_.is_empty()) {
6387 // Store is not safe if the field map was cleared.
6388 return IsLoad() || !field_type->Is(HeapType::None());
6389 }
6390
6391 field_maps_.Sort();
6392 DCHECK_EQ(num_field_maps, field_maps_.length());
6393
6394 // Determine field HType from field HeapType.
6395 field_type_ = HType::FromType<HeapType>(field_type);
6396 DCHECK(field_type_.IsHeapObject());
6397
6398 // Add dependency on the map that introduced the field.
6399 top_info()->dependencies()->AssumeFieldType(GetFieldOwnerFromMap(map));
6400 return true;
6401 }
6402
6403
6404 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupInPrototypes() {
6405 Handle<Map> map = this->map();
6406
6407 while (map->prototype()->IsJSObject()) {
6408 holder_ = handle(JSObject::cast(map->prototype()));
6409 if (holder_->map()->is_deprecated()) {
6410 JSObject::TryMigrateInstance(holder_);
6411 }
6412 map = Handle<Map>(holder_->map());
6413 if (!CanInlinePropertyAccess(map)) {
6414 NotFound();
6415 return false;
6416 }
6417 LookupDescriptor(*map, *name_);
6418 if (IsFound()) return LoadResult(map);
6419 }
6420
6421 NotFound();
6422 return !map->prototype()->IsJSReceiver();
6423 }
6424
6425
6426 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsIntegerIndexedExotic() {
6427 InstanceType instance_type = map_->instance_type();
6428 return instance_type == JS_TYPED_ARRAY_TYPE && name_->IsString() &&
6429 IsSpecialIndex(isolate()->unicode_cache(), String::cast(*name_));
6430 }
6431
6432
6433 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessMonomorphic() {
6434 if (!CanInlinePropertyAccess(map_)) return false;
6435 if (IsJSObjectFieldAccessor()) return IsLoad();
6436 if (IsJSArrayBufferViewFieldAccessor()) return IsLoad();
6437 if (map_->IsJSFunctionMap() && map_->is_constructor() &&
6438 !map_->has_non_instance_prototype() &&
6439 name_.is_identical_to(isolate()->factory()->prototype_string())) {
6440 return IsLoad();
6441 }
6442 if (!LookupDescriptor()) return false;
6443 if (IsFound()) return IsLoad() || !IsReadOnly();
6444 if (IsIntegerIndexedExotic()) return false;
6445 if (!LookupInPrototypes()) return false;
6446 if (IsLoad()) return true;
6447
6448 if (IsAccessorConstant()) return true;
6449 LookupTransition(*map_, *name_, NONE);
6450 if (IsTransitionToData() && map_->unused_property_fields() > 0) {
6451 // Construct the object field access.
6452 int descriptor = transition()->LastAdded();
6453 int index =
6454 transition()->instance_descriptors()->GetFieldIndex(descriptor) -
6455 map_->GetInObjectProperties();
6456 PropertyDetails details =
6457 transition()->instance_descriptors()->GetDetails(descriptor);
6458 Representation representation = details.representation();
6459 access_ = HObjectAccess::ForField(map_, index, representation, name_);
6460
6461 // Load field map for heap objects.
6462 return LoadFieldMaps(transition());
6463 }
6464 return false;
6465 }
6466
6467
6468 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessAsMonomorphic(
6469 SmallMapList* maps) {
6470 DCHECK(map_.is_identical_to(maps->first()));
6471 if (!CanAccessMonomorphic()) return false;
6472 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6473 if (maps->length() > kMaxLoadPolymorphism) return false;
6474 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6475 if (GetJSObjectFieldAccess(&access)) {
6476 for (int i = 1; i < maps->length(); ++i) {
6477 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6478 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6479 if (!test_info.GetJSObjectFieldAccess(&test_access)) return false;
6480 if (!access.Equals(test_access)) return false;
6481 }
6482 return true;
6483 }
6484 if (GetJSArrayBufferViewFieldAccess(&access)) {
6485 for (int i = 1; i < maps->length(); ++i) {
6486 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6487 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6488 if (!test_info.GetJSArrayBufferViewFieldAccess(&test_access)) {
6489 return false;
6490 }
6491 if (!access.Equals(test_access)) return false;
6492 }
6493 return true;
6494 }
6495
6496 // Currently only handle numbers as a polymorphic case.
6497 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6498 // instruction.
6499 if (IsNumberType()) return false;
6500
6501 // Multiple maps cannot transition to the same target map.
6502 DCHECK(!IsLoad() || !IsTransition());
6503 if (IsTransition() && maps->length() > 1) return false;
6504
6505 for (int i = 1; i < maps->length(); ++i) {
6506 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6507 if (!test_info.IsCompatible(this)) return false;
6508 }
6509
6510 return true;
6511 }
6512
6513
6514 Handle<Map> HOptimizedGraphBuilder::PropertyAccessInfo::map() {
6515 JSFunction* ctor = IC::GetRootConstructor(
6516 *map_, current_info()->closure()->context()->native_context());
6517 if (ctor != NULL) return handle(ctor->initial_map());
6518 return map_;
6519 }
6520
6521
6522 static bool NeedsWrapping(Handle<Map> map, Handle<JSFunction> target) {
6523 return !map->IsJSObjectMap() &&
6524 is_sloppy(target->shared()->language_mode()) &&
6525 !target->shared()->native();
6526 }
6527
6528
6529 bool HOptimizedGraphBuilder::PropertyAccessInfo::NeedsWrappingFor(
6530 Handle<JSFunction> target) const {
6531 return NeedsWrapping(map_, target);
6532 }
6533
6534
6535 HValue* HOptimizedGraphBuilder::BuildMonomorphicAccess(
6536 PropertyAccessInfo* info, HValue* object, HValue* checked_object,
6537 HValue* value, BailoutId ast_id, BailoutId return_id,
6538 bool can_inline_accessor) {
6539 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6540 if (info->GetJSObjectFieldAccess(&access)) {
6541 DCHECK(info->IsLoad());
6542 return New<HLoadNamedField>(object, checked_object, access);
6543 }
6544
6545 if (info->GetJSArrayBufferViewFieldAccess(&access)) {
6546 DCHECK(info->IsLoad());
6547 checked_object = Add<HCheckArrayBufferNotNeutered>(checked_object);
6548 return New<HLoadNamedField>(object, checked_object, access);
6549 }
6550
6551 if (info->name().is_identical_to(isolate()->factory()->prototype_string()) &&
6552 info->map()->IsJSFunctionMap() && info->map()->is_constructor()) {
6553 DCHECK(!info->map()->has_non_instance_prototype());
6554 return New<HLoadFunctionPrototype>(checked_object);
6555 }
6556
6557 HValue* checked_holder = checked_object;
6558 if (info->has_holder()) {
6559 Handle<JSObject> prototype(JSObject::cast(info->map()->prototype()));
6560 checked_holder = BuildCheckPrototypeMaps(prototype, info->holder());
6561 }
6562
6563 if (!info->IsFound()) {
6564 DCHECK(info->IsLoad());
6565 if (is_strong(function_language_mode())) {
6566 return New<HCallRuntime>(
6567 Runtime::FunctionForId(Runtime::kThrowStrongModeImplicitConversion),
6568 0);
6569 } else {
6570 return graph()->GetConstantUndefined();
6571 }
6572 }
6573
6574 if (info->IsData()) {
6575 if (info->IsLoad()) {
6576 return BuildLoadNamedField(info, checked_holder);
6577 } else {
6578 return BuildStoreNamedField(info, checked_object, value);
6579 }
6580 }
6581
6582 if (info->IsTransition()) {
6583 DCHECK(!info->IsLoad());
6584 return BuildStoreNamedField(info, checked_object, value);
6585 }
6586
6587 if (info->IsAccessorConstant()) {
6588 Push(checked_object);
6589 int argument_count = 1;
6590 if (!info->IsLoad()) {
6591 argument_count = 2;
6592 Push(value);
6593 }
6594
6595 if (info->NeedsWrappingFor(info->accessor())) {
6596 HValue* function = Add<HConstant>(info->accessor());
6597 PushArgumentsFromEnvironment(argument_count);
6598 return New<HCallFunction>(function, argument_count, WRAP_AND_CALL);
6599 } else if (FLAG_inline_accessors && can_inline_accessor) {
6600 bool success = info->IsLoad()
6601 ? TryInlineGetter(info->accessor(), info->map(), ast_id, return_id)
6602 : TryInlineSetter(
6603 info->accessor(), info->map(), ast_id, return_id, value);
6604 if (success || HasStackOverflow()) return NULL;
6605 }
6606
6607 PushArgumentsFromEnvironment(argument_count);
6608 return BuildCallConstantFunction(info->accessor(), argument_count);
6609 }
6610
6611 DCHECK(info->IsDataConstant());
6612 if (info->IsLoad()) {
6613 return New<HConstant>(info->constant());
6614 } else {
6615 return New<HCheckValue>(value, Handle<JSFunction>::cast(info->constant()));
6616 }
6617 }
6618
6619
6620 void HOptimizedGraphBuilder::HandlePolymorphicNamedFieldAccess(
6621 PropertyAccessType access_type, Expression* expr, FeedbackVectorSlot slot,
6622 BailoutId ast_id, BailoutId return_id, HValue* object, HValue* value,
6623 SmallMapList* maps, Handle<String> name) {
6624 // Something did not match; must use a polymorphic load.
6625 int count = 0;
6626 HBasicBlock* join = NULL;
6627 HBasicBlock* number_block = NULL;
6628 bool handled_string = false;
6629
6630 bool handle_smi = false;
6631 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6632 int i;
6633 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6634 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6635 if (info.IsStringType()) {
6636 if (handled_string) continue;
6637 handled_string = true;
6638 }
6639 if (info.CanAccessMonomorphic()) {
6640 count++;
6641 if (info.IsNumberType()) {
6642 handle_smi = true;
6643 break;
6644 }
6645 }
6646 }
6647
6648 if (i < maps->length()) {
6649 count = -1;
6650 maps->Clear();
6651 } else {
6652 count = 0;
6653 }
6654 HControlInstruction* smi_check = NULL;
6655 handled_string = false;
6656
6657 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6658 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6659 if (info.IsStringType()) {
6660 if (handled_string) continue;
6661 handled_string = true;
6662 }
6663 if (!info.CanAccessMonomorphic()) continue;
6664
6665 if (count == 0) {
6666 join = graph()->CreateBasicBlock();
6667 if (handle_smi) {
6668 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
6669 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
6670 number_block = graph()->CreateBasicBlock();
6671 smi_check = New<HIsSmiAndBranch>(
6672 object, empty_smi_block, not_smi_block);
6673 FinishCurrentBlock(smi_check);
6674 GotoNoSimulate(empty_smi_block, number_block);
6675 set_current_block(not_smi_block);
6676 } else {
6677 BuildCheckHeapObject(object);
6678 }
6679 }
6680 ++count;
6681 HBasicBlock* if_true = graph()->CreateBasicBlock();
6682 HBasicBlock* if_false = graph()->CreateBasicBlock();
6683 HUnaryControlInstruction* compare;
6684
6685 HValue* dependency;
6686 if (info.IsNumberType()) {
6687 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
6688 compare = New<HCompareMap>(object, heap_number_map, if_true, if_false);
6689 dependency = smi_check;
6690 } else if (info.IsStringType()) {
6691 compare = New<HIsStringAndBranch>(object, if_true, if_false);
6692 dependency = compare;
6693 } else {
6694 compare = New<HCompareMap>(object, info.map(), if_true, if_false);
6695 dependency = compare;
6696 }
6697 FinishCurrentBlock(compare);
6698
6699 if (info.IsNumberType()) {
6700 GotoNoSimulate(if_true, number_block);
6701 if_true = number_block;
6702 }
6703
6704 set_current_block(if_true);
6705
6706 HValue* access =
6707 BuildMonomorphicAccess(&info, object, dependency, value, ast_id,
6708 return_id, FLAG_polymorphic_inlining);
6709
6710 HValue* result = NULL;
6711 switch (access_type) {
6712 case LOAD:
6713 result = access;
6714 break;
6715 case STORE:
6716 result = value;
6717 break;
6718 }
6719
6720 if (access == NULL) {
6721 if (HasStackOverflow()) return;
6722 } else {
6723 if (access->IsInstruction()) {
6724 HInstruction* instr = HInstruction::cast(access);
6725 if (!instr->IsLinked()) AddInstruction(instr);
6726 }
6727 if (!ast_context()->IsEffect()) Push(result);
6728 }
6729
6730 if (current_block() != NULL) Goto(join);
6731 set_current_block(if_false);
6732 }
6733
6734 // Finish up. Unconditionally deoptimize if we've handled all the maps we
6735 // know about and do not want to handle ones we've never seen. Otherwise
6736 // use a generic IC.
6737 if (count == maps->length() && FLAG_deoptimize_uncommon_cases) {
6738 FinishExitWithHardDeoptimization(
6739 Deoptimizer::kUnknownMapInPolymorphicAccess);
6740 } else {
6741 HInstruction* instr =
6742 BuildNamedGeneric(access_type, expr, slot, object, name, value);
6743 AddInstruction(instr);
6744 if (!ast_context()->IsEffect()) Push(access_type == LOAD ? instr : value);
6745
6746 if (join != NULL) {
6747 Goto(join);
6748 } else {
6749 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6750 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6751 return;
6752 }
6753 }
6754
6755 DCHECK(join != NULL);
6756 if (join->HasPredecessor()) {
6757 join->SetJoinId(ast_id);
6758 set_current_block(join);
6759 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6760 } else {
6761 set_current_block(NULL);
6762 }
6763 }
6764
6765
6766 static bool ComputeReceiverTypes(Expression* expr,
6767 HValue* receiver,
6768 SmallMapList** t,
6769 Zone* zone) {
6770 SmallMapList* maps = expr->GetReceiverTypes();
6771 *t = maps;
6772 bool monomorphic = expr->IsMonomorphic();
6773 if (maps != NULL && receiver->HasMonomorphicJSObjectType()) {
6774 Map* root_map = receiver->GetMonomorphicJSObjectMap()->FindRootMap();
6775 maps->FilterForPossibleTransitions(root_map);
6776 monomorphic = maps->length() == 1;
6777 }
6778 return monomorphic && CanInlinePropertyAccess(maps->first());
6779 }
6780
6781
6782 static bool AreStringTypes(SmallMapList* maps) {
6783 for (int i = 0; i < maps->length(); i++) {
6784 if (maps->at(i)->instance_type() >= FIRST_NONSTRING_TYPE) return false;
6785 }
6786 return true;
6787 }
6788
6789
6790 void HOptimizedGraphBuilder::BuildStore(Expression* expr, Property* prop,
6791 FeedbackVectorSlot slot,
6792 BailoutId ast_id, BailoutId return_id,
6793 bool is_uninitialized) {
6794 if (!prop->key()->IsPropertyName()) {
6795 // Keyed store.
6796 HValue* value = Pop();
6797 HValue* key = Pop();
6798 HValue* object = Pop();
6799 bool has_side_effects = false;
6800 HValue* result =
6801 HandleKeyedElementAccess(object, key, value, expr, slot, ast_id,
6802 return_id, STORE, &has_side_effects);
6803 if (has_side_effects) {
6804 if (!ast_context()->IsEffect()) Push(value);
6805 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6806 if (!ast_context()->IsEffect()) Drop(1);
6807 }
6808 if (result == NULL) return;
6809 return ast_context()->ReturnValue(value);
6810 }
6811
6812 // Named store.
6813 HValue* value = Pop();
6814 HValue* object = Pop();
6815
6816 Literal* key = prop->key()->AsLiteral();
6817 Handle<String> name = Handle<String>::cast(key->value());
6818 DCHECK(!name.is_null());
6819
6820 HValue* access = BuildNamedAccess(STORE, ast_id, return_id, expr, slot,
6821 object, name, value, is_uninitialized);
6822 if (access == NULL) return;
6823
6824 if (!ast_context()->IsEffect()) Push(value);
6825 if (access->IsInstruction()) AddInstruction(HInstruction::cast(access));
6826 if (access->HasObservableSideEffects()) {
6827 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6828 }
6829 if (!ast_context()->IsEffect()) Drop(1);
6830 return ast_context()->ReturnValue(value);
6831 }
6832
6833
6834 void HOptimizedGraphBuilder::HandlePropertyAssignment(Assignment* expr) {
6835 Property* prop = expr->target()->AsProperty();
6836 DCHECK(prop != NULL);
6837 CHECK_ALIVE(VisitForValue(prop->obj()));
6838 if (!prop->key()->IsPropertyName()) {
6839 CHECK_ALIVE(VisitForValue(prop->key()));
6840 }
6841 CHECK_ALIVE(VisitForValue(expr->value()));
6842 BuildStore(expr, prop, expr->AssignmentSlot(), expr->id(),
6843 expr->AssignmentId(), expr->IsUninitialized());
6844 }
6845
6846
6847 // Because not every expression has a position and there is not common
6848 // superclass of Assignment and CountOperation, we cannot just pass the
6849 // owning expression instead of position and ast_id separately.
6850 void HOptimizedGraphBuilder::HandleGlobalVariableAssignment(
6851 Variable* var, HValue* value, FeedbackVectorSlot slot, BailoutId ast_id) {
6852 Handle<GlobalObject> global(current_info()->global_object());
6853
6854 // Lookup in script contexts.
6855 {
6856 Handle<ScriptContextTable> script_contexts(
6857 global->native_context()->script_context_table());
6858 ScriptContextTable::LookupResult lookup;
6859 if (ScriptContextTable::Lookup(script_contexts, var->name(), &lookup)) {
6860 if (lookup.mode == CONST) {
6861 return Bailout(kNonInitializerAssignmentToConst);
6862 }
6863 Handle<Context> script_context =
6864 ScriptContextTable::GetContext(script_contexts, lookup.context_index);
6865
6866 Handle<Object> current_value =
6867 FixedArray::get(script_context, lookup.slot_index);
6868
6869 // If the values is not the hole, it will stay initialized,
6870 // so no need to generate a check.
6871 if (*current_value == *isolate()->factory()->the_hole_value()) {
6872 return Bailout(kReferenceToUninitializedVariable);
6873 }
6874
6875 HStoreNamedField* instr = Add<HStoreNamedField>(
6876 Add<HConstant>(script_context),
6877 HObjectAccess::ForContextSlot(lookup.slot_index), value);
6878 USE(instr);
6879 DCHECK(instr->HasObservableSideEffects());
6880 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6881 return;
6882 }
6883 }
6884
6885 LookupIterator it(global, var->name(), LookupIterator::OWN);
6886 GlobalPropertyAccess type = LookupGlobalProperty(var, &it, STORE);
6887 if (type == kUseCell) {
6888 Handle<PropertyCell> cell = it.GetPropertyCell();
6889 top_info()->dependencies()->AssumePropertyCell(cell);
6890 auto cell_type = it.property_details().cell_type();
6891 if (cell_type == PropertyCellType::kConstant ||
6892 cell_type == PropertyCellType::kUndefined) {
6893 Handle<Object> constant(cell->value(), isolate());
6894 if (value->IsConstant()) {
6895 HConstant* c_value = HConstant::cast(value);
6896 if (!constant.is_identical_to(c_value->handle(isolate()))) {
6897 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6898 Deoptimizer::EAGER);
6899 }
6900 } else {
6901 HValue* c_constant = Add<HConstant>(constant);
6902 IfBuilder builder(this);
6903 if (constant->IsNumber()) {
6904 builder.If<HCompareNumericAndBranch>(value, c_constant, Token::EQ);
6905 } else {
6906 builder.If<HCompareObjectEqAndBranch>(value, c_constant);
6907 }
6908 builder.Then();
6909 builder.Else();
6910 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6911 Deoptimizer::EAGER);
6912 builder.End();
6913 }
6914 }
6915 HConstant* cell_constant = Add<HConstant>(cell);
6916 auto access = HObjectAccess::ForPropertyCellValue();
6917 if (cell_type == PropertyCellType::kConstantType) {
6918 switch (cell->GetConstantType()) {
6919 case PropertyCellConstantType::kSmi:
6920 access = access.WithRepresentation(Representation::Smi());
6921 break;
6922 case PropertyCellConstantType::kStableMap: {
6923 // The map may no longer be stable, deopt if it's ever different from
6924 // what is currently there, which will allow for restablization.
6925 Handle<Map> map(HeapObject::cast(cell->value())->map());
6926 Add<HCheckHeapObject>(value);
6927 value = Add<HCheckMaps>(value, map);
6928 access = access.WithRepresentation(Representation::HeapObject());
6929 break;
6930 }
6931 }
6932 }
6933 HInstruction* instr = Add<HStoreNamedField>(cell_constant, access, value);
6934 instr->ClearChangesFlag(kInobjectFields);
6935 instr->SetChangesFlag(kGlobalVars);
6936 if (instr->HasObservableSideEffects()) {
6937 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6938 }
6939 } else if (var->IsGlobalSlot()) {
6940 DCHECK(var->index() > 0);
6941 DCHECK(var->IsStaticGlobalObjectProperty());
6942 int slot_index = var->index();
6943 int depth = scope()->ContextChainLength(var->scope());
6944
6945 HStoreGlobalViaContext* instr = Add<HStoreGlobalViaContext>(
6946 value, depth, slot_index, function_language_mode());
6947 USE(instr);
6948 DCHECK(instr->HasObservableSideEffects());
6949 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6950
6951 } else {
6952 HValue* global_object = Add<HLoadNamedField>(
6953 context(), nullptr,
6954 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
6955 HStoreNamedGeneric* instr =
6956 Add<HStoreNamedGeneric>(global_object, var->name(), value,
6957 function_language_mode(), PREMONOMORPHIC);
6958 if (FLAG_vector_stores) {
6959 Handle<TypeFeedbackVector> vector =
6960 handle(current_feedback_vector(), isolate());
6961 instr->SetVectorAndSlot(vector, slot);
6962 }
6963 USE(instr);
6964 DCHECK(instr->HasObservableSideEffects());
6965 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6966 }
6967 }
6968
6969
6970 void HOptimizedGraphBuilder::HandleCompoundAssignment(Assignment* expr) {
6971 Expression* target = expr->target();
6972 VariableProxy* proxy = target->AsVariableProxy();
6973 Property* prop = target->AsProperty();
6974 DCHECK(proxy == NULL || prop == NULL);
6975
6976 // We have a second position recorded in the FullCodeGenerator to have
6977 // type feedback for the binary operation.
6978 BinaryOperation* operation = expr->binary_operation();
6979
6980 if (proxy != NULL) {
6981 Variable* var = proxy->var();
6982 if (var->mode() == LET) {
6983 return Bailout(kUnsupportedLetCompoundAssignment);
6984 }
6985
6986 CHECK_ALIVE(VisitForValue(operation));
6987
6988 switch (var->location()) {
6989 case VariableLocation::GLOBAL:
6990 case VariableLocation::UNALLOCATED:
6991 HandleGlobalVariableAssignment(var, Top(), expr->AssignmentSlot(),
6992 expr->AssignmentId());
6993 break;
6994
6995 case VariableLocation::PARAMETER:
6996 case VariableLocation::LOCAL:
6997 if (var->mode() == CONST_LEGACY) {
6998 return Bailout(kUnsupportedConstCompoundAssignment);
6999 }
7000 if (var->mode() == CONST) {
7001 return Bailout(kNonInitializerAssignmentToConst);
7002 }
7003 BindIfLive(var, Top());
7004 break;
7005
7006 case VariableLocation::CONTEXT: {
7007 // Bail out if we try to mutate a parameter value in a function
7008 // using the arguments object. We do not (yet) correctly handle the
7009 // arguments property of the function.
7010 if (current_info()->scope()->arguments() != NULL) {
7011 // Parameters will be allocated to context slots. We have no
7012 // direct way to detect that the variable is a parameter so we do
7013 // a linear search of the parameter variables.
7014 int count = current_info()->scope()->num_parameters();
7015 for (int i = 0; i < count; ++i) {
7016 if (var == current_info()->scope()->parameter(i)) {
7017 Bailout(kAssignmentToParameterFunctionUsesArgumentsObject);
7018 }
7019 }
7020 }
7021
7022 HStoreContextSlot::Mode mode;
7023
7024 switch (var->mode()) {
7025 case LET:
7026 mode = HStoreContextSlot::kCheckDeoptimize;
7027 break;
7028 case CONST:
7029 return Bailout(kNonInitializerAssignmentToConst);
7030 case CONST_LEGACY:
7031 return ast_context()->ReturnValue(Pop());
7032 default:
7033 mode = HStoreContextSlot::kNoCheck;
7034 }
7035
7036 HValue* context = BuildContextChainWalk(var);
7037 HStoreContextSlot* instr = Add<HStoreContextSlot>(
7038 context, var->index(), mode, Top());
7039 if (instr->HasObservableSideEffects()) {
7040 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
7041 }
7042 break;
7043 }
7044
7045 case VariableLocation::LOOKUP:
7046 return Bailout(kCompoundAssignmentToLookupSlot);
7047 }
7048 return ast_context()->ReturnValue(Pop());
7049
7050 } else if (prop != NULL) {
7051 CHECK_ALIVE(VisitForValue(prop->obj()));
7052 HValue* object = Top();
7053 HValue* key = NULL;
7054 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
7055 CHECK_ALIVE(VisitForValue(prop->key()));
7056 key = Top();
7057 }
7058
7059 CHECK_ALIVE(PushLoad(prop, object, key));
7060
7061 CHECK_ALIVE(VisitForValue(expr->value()));
7062 HValue* right = Pop();
7063 HValue* left = Pop();
7064
7065 Push(BuildBinaryOperation(operation, left, right, PUSH_BEFORE_SIMULATE));
7066
7067 BuildStore(expr, prop, expr->AssignmentSlot(), expr->id(),
7068 expr->AssignmentId(), expr->IsUninitialized());
7069 } else {
7070 return Bailout(kInvalidLhsInCompoundAssignment);
7071 }
7072 }
7073
7074
7075 void HOptimizedGraphBuilder::VisitAssignment(Assignment* expr) {
7076 DCHECK(!HasStackOverflow());
7077 DCHECK(current_block() != NULL);
7078 DCHECK(current_block()->HasPredecessor());
7079 VariableProxy* proxy = expr->target()->AsVariableProxy();
7080 Property* prop = expr->target()->AsProperty();
7081 DCHECK(proxy == NULL || prop == NULL);
7082
7083 if (expr->is_compound()) {
7084 HandleCompoundAssignment(expr);
7085 return;
7086 }
7087
7088 if (prop != NULL) {
7089 HandlePropertyAssignment(expr);
7090 } else if (proxy != NULL) {
7091 Variable* var = proxy->var();
7092
7093 if (var->mode() == CONST) {
7094 if (expr->op() != Token::INIT_CONST) {
7095 return Bailout(kNonInitializerAssignmentToConst);
7096 }
7097 } else if (var->mode() == CONST_LEGACY) {
7098 if (expr->op() != Token::INIT_CONST_LEGACY) {
7099 CHECK_ALIVE(VisitForValue(expr->value()));
7100 return ast_context()->ReturnValue(Pop());
7101 }
7102
7103 if (var->IsStackAllocated()) {
7104 // We insert a use of the old value to detect unsupported uses of const
7105 // variables (e.g. initialization inside a loop).
7106 HValue* old_value = environment()->Lookup(var);
7107 Add<HUseConst>(old_value);
7108 }
7109 }
7110
7111 if (proxy->IsArguments()) return Bailout(kAssignmentToArguments);
7112
7113 // Handle the assignment.
7114 switch (var->location()) {
7115 case VariableLocation::GLOBAL:
7116 case VariableLocation::UNALLOCATED:
7117 CHECK_ALIVE(VisitForValue(expr->value()));
7118 HandleGlobalVariableAssignment(var, Top(), expr->AssignmentSlot(),
7119 expr->AssignmentId());
7120 return ast_context()->ReturnValue(Pop());
7121
7122 case VariableLocation::PARAMETER:
7123 case VariableLocation::LOCAL: {
7124 // Perform an initialization check for let declared variables
7125 // or parameters.
7126 if (var->mode() == LET && expr->op() == Token::ASSIGN) {
7127 HValue* env_value = environment()->Lookup(var);
7128 if (env_value == graph()->GetConstantHole()) {
7129 return Bailout(kAssignmentToLetVariableBeforeInitialization);
7130 }
7131 }
7132 // We do not allow the arguments object to occur in a context where it
7133 // may escape, but assignments to stack-allocated locals are
7134 // permitted.
7135 CHECK_ALIVE(VisitForValue(expr->value(), ARGUMENTS_ALLOWED));
7136 HValue* value = Pop();
7137 BindIfLive(var, value);
7138 return ast_context()->ReturnValue(value);
7139 }
7140
7141 case VariableLocation::CONTEXT: {
7142 // Bail out if we try to mutate a parameter value in a function using
7143 // the arguments object. We do not (yet) correctly handle the
7144 // arguments property of the function.
7145 if (current_info()->scope()->arguments() != NULL) {
7146 // Parameters will rewrite to context slots. We have no direct way
7147 // to detect that the variable is a parameter.
7148 int count = current_info()->scope()->num_parameters();
7149 for (int i = 0; i < count; ++i) {
7150 if (var == current_info()->scope()->parameter(i)) {
7151 return Bailout(kAssignmentToParameterInArgumentsObject);
7152 }
7153 }
7154 }
7155
7156 CHECK_ALIVE(VisitForValue(expr->value()));
7157 HStoreContextSlot::Mode mode;
7158 if (expr->op() == Token::ASSIGN) {
7159 switch (var->mode()) {
7160 case LET:
7161 mode = HStoreContextSlot::kCheckDeoptimize;
7162 break;
7163 case CONST:
7164 // This case is checked statically so no need to
7165 // perform checks here
7166 UNREACHABLE();
7167 case CONST_LEGACY:
7168 return ast_context()->ReturnValue(Pop());
7169 default:
7170 mode = HStoreContextSlot::kNoCheck;
7171 }
7172 } else if (expr->op() == Token::INIT_VAR ||
7173 expr->op() == Token::INIT_LET ||
7174 expr->op() == Token::INIT_CONST) {
7175 mode = HStoreContextSlot::kNoCheck;
7176 } else {
7177 DCHECK(expr->op() == Token::INIT_CONST_LEGACY);
7178
7179 mode = HStoreContextSlot::kCheckIgnoreAssignment;
7180 }
7181
7182 HValue* context = BuildContextChainWalk(var);
7183 HStoreContextSlot* instr = Add<HStoreContextSlot>(
7184 context, var->index(), mode, Top());
7185 if (instr->HasObservableSideEffects()) {
7186 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
7187 }
7188 return ast_context()->ReturnValue(Pop());
7189 }
7190
7191 case VariableLocation::LOOKUP:
7192 return Bailout(kAssignmentToLOOKUPVariable);
7193 }
7194 } else {
7195 return Bailout(kInvalidLeftHandSideInAssignment);
7196 }
7197 }
7198
7199
7200 void HOptimizedGraphBuilder::VisitYield(Yield* expr) {
7201 // Generators are not optimized, so we should never get here.
7202 UNREACHABLE();
7203 }
7204
7205
7206 void HOptimizedGraphBuilder::VisitThrow(Throw* expr) {
7207 DCHECK(!HasStackOverflow());
7208 DCHECK(current_block() != NULL);
7209 DCHECK(current_block()->HasPredecessor());
7210 if (!ast_context()->IsEffect()) {
7211 // The parser turns invalid left-hand sides in assignments into throw
7212 // statements, which may not be in effect contexts. We might still try
7213 // to optimize such functions; bail out now if we do.
7214 return Bailout(kInvalidLeftHandSideInAssignment);
7215 }
7216 CHECK_ALIVE(VisitForValue(expr->exception()));
7217
7218 HValue* value = environment()->Pop();
7219 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
7220 Add<HPushArguments>(value);
7221 Add<HCallRuntime>(Runtime::FunctionForId(Runtime::kThrow), 1);
7222 Add<HSimulate>(expr->id());
7223
7224 // If the throw definitely exits the function, we can finish with a dummy
7225 // control flow at this point. This is not the case if the throw is inside
7226 // an inlined function which may be replaced.
7227 if (call_context() == NULL) {
7228 FinishExitCurrentBlock(New<HAbnormalExit>());
7229 }
7230 }
7231
7232
7233 HInstruction* HGraphBuilder::AddLoadStringInstanceType(HValue* string) {
7234 if (string->IsConstant()) {
7235 HConstant* c_string = HConstant::cast(string);
7236 if (c_string->HasStringValue()) {
7237 return Add<HConstant>(c_string->StringValue()->map()->instance_type());
7238 }
7239 }
7240 return Add<HLoadNamedField>(
7241 Add<HLoadNamedField>(string, nullptr, HObjectAccess::ForMap()), nullptr,
7242 HObjectAccess::ForMapInstanceType());
7243 }
7244
7245
7246 HInstruction* HGraphBuilder::AddLoadStringLength(HValue* string) {
7247 return AddInstruction(BuildLoadStringLength(string));
7248 }
7249
7250
7251 HInstruction* HGraphBuilder::BuildLoadStringLength(HValue* string) {
7252 if (string->IsConstant()) {
7253 HConstant* c_string = HConstant::cast(string);
7254 if (c_string->HasStringValue()) {
7255 return New<HConstant>(c_string->StringValue()->length());
7256 }
7257 }
7258 return New<HLoadNamedField>(string, nullptr,
7259 HObjectAccess::ForStringLength());
7260 }
7261
7262
7263 HInstruction* HOptimizedGraphBuilder::BuildNamedGeneric(
7264 PropertyAccessType access_type, Expression* expr, FeedbackVectorSlot slot,
7265 HValue* object, Handle<Name> name, HValue* value, bool is_uninitialized) {
7266 if (is_uninitialized) {
7267 Add<HDeoptimize>(
7268 Deoptimizer::kInsufficientTypeFeedbackForGenericNamedAccess,
7269 Deoptimizer::SOFT);
7270 }
7271 if (access_type == LOAD) {
7272 Handle<TypeFeedbackVector> vector =
7273 handle(current_feedback_vector(), isolate());
7274
7275 if (!expr->AsProperty()->key()->IsPropertyName()) {
7276 // It's possible that a keyed load of a constant string was converted
7277 // to a named load. Here, at the last minute, we need to make sure to
7278 // use a generic Keyed Load if we are using the type vector, because
7279 // it has to share information with full code.
7280 HConstant* key = Add<HConstant>(name);
7281 HLoadKeyedGeneric* result = New<HLoadKeyedGeneric>(
7282 object, key, function_language_mode(), PREMONOMORPHIC);
7283 result->SetVectorAndSlot(vector, slot);
7284 return result;
7285 }
7286
7287 HLoadNamedGeneric* result = New<HLoadNamedGeneric>(
7288 object, name, function_language_mode(), PREMONOMORPHIC);
7289 result->SetVectorAndSlot(vector, slot);
7290 return result;
7291 } else {
7292 if (FLAG_vector_stores &&
7293 current_feedback_vector()->GetKind(slot) ==
7294 FeedbackVectorSlotKind::KEYED_STORE_IC) {
7295 // It's possible that a keyed store of a constant string was converted
7296 // to a named store. Here, at the last minute, we need to make sure to
7297 // use a generic Keyed Store if we are using the type vector, because
7298 // it has to share information with full code.
7299 HConstant* key = Add<HConstant>(name);
7300 HStoreKeyedGeneric* result = New<HStoreKeyedGeneric>(
7301 object, key, value, function_language_mode(), PREMONOMORPHIC);
7302 Handle<TypeFeedbackVector> vector =
7303 handle(current_feedback_vector(), isolate());
7304 result->SetVectorAndSlot(vector, slot);
7305 return result;
7306 }
7307
7308 HStoreNamedGeneric* result = New<HStoreNamedGeneric>(
7309 object, name, value, function_language_mode(), PREMONOMORPHIC);
7310 if (FLAG_vector_stores) {
7311 Handle<TypeFeedbackVector> vector =
7312 handle(current_feedback_vector(), isolate());
7313 result->SetVectorAndSlot(vector, slot);
7314 }
7315 return result;
7316 }
7317 }
7318
7319
7320 HInstruction* HOptimizedGraphBuilder::BuildKeyedGeneric(
7321 PropertyAccessType access_type, Expression* expr, FeedbackVectorSlot slot,
7322 HValue* object, HValue* key, HValue* value) {
7323 if (access_type == LOAD) {
7324 InlineCacheState initial_state = expr->AsProperty()->GetInlineCacheState();
7325 HLoadKeyedGeneric* result = New<HLoadKeyedGeneric>(
7326 object, key, function_language_mode(), initial_state);
7327 // HLoadKeyedGeneric with vector ics benefits from being encoded as
7328 // MEGAMORPHIC because the vector/slot combo becomes unnecessary.
7329 if (initial_state != MEGAMORPHIC) {
7330 // We need to pass vector information.
7331 Handle<TypeFeedbackVector> vector =
7332 handle(current_feedback_vector(), isolate());
7333 result->SetVectorAndSlot(vector, slot);
7334 }
7335 return result;
7336 } else {
7337 HStoreKeyedGeneric* result = New<HStoreKeyedGeneric>(
7338 object, key, value, function_language_mode(), PREMONOMORPHIC);
7339 if (FLAG_vector_stores) {
7340 Handle<TypeFeedbackVector> vector =
7341 handle(current_feedback_vector(), isolate());
7342 result->SetVectorAndSlot(vector, slot);
7343 }
7344 return result;
7345 }
7346 }
7347
7348
7349 LoadKeyedHoleMode HOptimizedGraphBuilder::BuildKeyedHoleMode(Handle<Map> map) {
7350 // Loads from a "stock" fast holey double arrays can elide the hole check.
7351 // Loads from a "stock" fast holey array can convert the hole to undefined
7352 // with impunity.
7353 LoadKeyedHoleMode load_mode = NEVER_RETURN_HOLE;
7354 bool holey_double_elements =
7355 *map == isolate()->get_initial_js_array_map(FAST_HOLEY_DOUBLE_ELEMENTS);
7356 bool holey_elements =
7357 *map == isolate()->get_initial_js_array_map(FAST_HOLEY_ELEMENTS);
7358 if ((holey_double_elements || holey_elements) &&
7359 isolate()->IsFastArrayConstructorPrototypeChainIntact()) {
7360 load_mode =
7361 holey_double_elements ? ALLOW_RETURN_HOLE : CONVERT_HOLE_TO_UNDEFINED;
7362
7363 Handle<JSObject> prototype(JSObject::cast(map->prototype()), isolate());
7364 Handle<JSObject> object_prototype = isolate()->initial_object_prototype();
7365 BuildCheckPrototypeMaps(prototype, object_prototype);
7366 graph()->MarkDependsOnEmptyArrayProtoElements();
7367 }
7368 return load_mode;
7369 }
7370
7371
7372 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicElementAccess(
7373 HValue* object,
7374 HValue* key,
7375 HValue* val,
7376 HValue* dependency,
7377 Handle<Map> map,
7378 PropertyAccessType access_type,
7379 KeyedAccessStoreMode store_mode) {
7380 HCheckMaps* checked_object = Add<HCheckMaps>(object, map, dependency);
7381
7382 if (access_type == STORE && map->prototype()->IsJSObject()) {
7383 // monomorphic stores need a prototype chain check because shape
7384 // changes could allow callbacks on elements in the chain that
7385 // aren't compatible with monomorphic keyed stores.
7386 PrototypeIterator iter(map);
7387 JSObject* holder = NULL;
7388 while (!iter.IsAtEnd()) {
7389 holder = *PrototypeIterator::GetCurrent<JSObject>(iter);
7390 iter.Advance();
7391 }
7392 DCHECK(holder && holder->IsJSObject());
7393
7394 BuildCheckPrototypeMaps(handle(JSObject::cast(map->prototype())),
7395 Handle<JSObject>(holder));
7396 }
7397
7398 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7399 return BuildUncheckedMonomorphicElementAccess(
7400 checked_object, key, val,
7401 map->instance_type() == JS_ARRAY_TYPE,
7402 map->elements_kind(), access_type,
7403 load_mode, store_mode);
7404 }
7405
7406
7407 static bool CanInlineElementAccess(Handle<Map> map) {
7408 return map->IsJSObjectMap() && !map->has_dictionary_elements() &&
7409 !map->has_sloppy_arguments_elements() &&
7410 !map->has_indexed_interceptor() && !map->is_access_check_needed();
7411 }
7412
7413
7414 HInstruction* HOptimizedGraphBuilder::TryBuildConsolidatedElementLoad(
7415 HValue* object,
7416 HValue* key,
7417 HValue* val,
7418 SmallMapList* maps) {
7419 // For polymorphic loads of similar elements kinds (i.e. all tagged or all
7420 // double), always use the "worst case" code without a transition. This is
7421 // much faster than transitioning the elements to the worst case, trading a
7422 // HTransitionElements for a HCheckMaps, and avoiding mutation of the array.
7423 bool has_double_maps = false;
7424 bool has_smi_or_object_maps = false;
7425 bool has_js_array_access = false;
7426 bool has_non_js_array_access = false;
7427 bool has_seen_holey_elements = false;
7428 Handle<Map> most_general_consolidated_map;
7429 for (int i = 0; i < maps->length(); ++i) {
7430 Handle<Map> map = maps->at(i);
7431 if (!CanInlineElementAccess(map)) return NULL;
7432 // Don't allow mixing of JSArrays with JSObjects.
7433 if (map->instance_type() == JS_ARRAY_TYPE) {
7434 if (has_non_js_array_access) return NULL;
7435 has_js_array_access = true;
7436 } else if (has_js_array_access) {
7437 return NULL;
7438 } else {
7439 has_non_js_array_access = true;
7440 }
7441 // Don't allow mixed, incompatible elements kinds.
7442 if (map->has_fast_double_elements()) {
7443 if (has_smi_or_object_maps) return NULL;
7444 has_double_maps = true;
7445 } else if (map->has_fast_smi_or_object_elements()) {
7446 if (has_double_maps) return NULL;
7447 has_smi_or_object_maps = true;
7448 } else {
7449 return NULL;
7450 }
7451 // Remember if we've ever seen holey elements.
7452 if (IsHoleyElementsKind(map->elements_kind())) {
7453 has_seen_holey_elements = true;
7454 }
7455 // Remember the most general elements kind, the code for its load will
7456 // properly handle all of the more specific cases.
7457 if ((i == 0) || IsMoreGeneralElementsKindTransition(
7458 most_general_consolidated_map->elements_kind(),
7459 map->elements_kind())) {
7460 most_general_consolidated_map = map;
7461 }
7462 }
7463 if (!has_double_maps && !has_smi_or_object_maps) return NULL;
7464
7465 HCheckMaps* checked_object = Add<HCheckMaps>(object, maps);
7466 // FAST_ELEMENTS is considered more general than FAST_HOLEY_SMI_ELEMENTS.
7467 // If we've seen both, the consolidated load must use FAST_HOLEY_ELEMENTS.
7468 ElementsKind consolidated_elements_kind = has_seen_holey_elements
7469 ? GetHoleyElementsKind(most_general_consolidated_map->elements_kind())
7470 : most_general_consolidated_map->elements_kind();
7471 LoadKeyedHoleMode load_mode = NEVER_RETURN_HOLE;
7472 if (has_seen_holey_elements) {
7473 // Make sure that all of the maps we are handling have the initial array
7474 // prototype.
7475 bool saw_non_array_prototype = false;
7476 for (int i = 0; i < maps->length(); ++i) {
7477 Handle<Map> map = maps->at(i);
7478 if (map->prototype() != *isolate()->initial_array_prototype()) {
7479 // We can't guarantee that loading the hole is safe. The prototype may
7480 // have an element at this position.
7481 saw_non_array_prototype = true;
7482 break;
7483 }
7484 }
7485
7486 if (!saw_non_array_prototype) {
7487 Handle<Map> holey_map = handle(
7488 isolate()->get_initial_js_array_map(consolidated_elements_kind));
7489 load_mode = BuildKeyedHoleMode(holey_map);
7490 if (load_mode != NEVER_RETURN_HOLE) {
7491 for (int i = 0; i < maps->length(); ++i) {
7492 Handle<Map> map = maps->at(i);
7493 // The prototype check was already done for the holey map in
7494 // BuildKeyedHoleMode.
7495 if (!map.is_identical_to(holey_map)) {
7496 Handle<JSObject> prototype(JSObject::cast(map->prototype()),
7497 isolate());
7498 Handle<JSObject> object_prototype =
7499 isolate()->initial_object_prototype();
7500 BuildCheckPrototypeMaps(prototype, object_prototype);
7501 }
7502 }
7503 }
7504 }
7505 }
7506 HInstruction* instr = BuildUncheckedMonomorphicElementAccess(
7507 checked_object, key, val,
7508 most_general_consolidated_map->instance_type() == JS_ARRAY_TYPE,
7509 consolidated_elements_kind, LOAD, load_mode, STANDARD_STORE);
7510 return instr;
7511 }
7512
7513
7514 HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
7515 Expression* expr, FeedbackVectorSlot slot, HValue* object, HValue* key,
7516 HValue* val, SmallMapList* maps, PropertyAccessType access_type,
7517 KeyedAccessStoreMode store_mode, bool* has_side_effects) {
7518 *has_side_effects = false;
7519 BuildCheckHeapObject(object);
7520
7521 if (access_type == LOAD) {
7522 HInstruction* consolidated_load =
7523 TryBuildConsolidatedElementLoad(object, key, val, maps);
7524 if (consolidated_load != NULL) {
7525 *has_side_effects |= consolidated_load->HasObservableSideEffects();
7526 return consolidated_load;
7527 }
7528 }
7529
7530 // Elements_kind transition support.
7531 MapHandleList transition_target(maps->length());
7532 // Collect possible transition targets.
7533 MapHandleList possible_transitioned_maps(maps->length());
7534 for (int i = 0; i < maps->length(); ++i) {
7535 Handle<Map> map = maps->at(i);
7536 // Loads from strings or loads with a mix of string and non-string maps
7537 // shouldn't be handled polymorphically.
7538 DCHECK(access_type != LOAD || !map->IsStringMap());
7539 ElementsKind elements_kind = map->elements_kind();
7540 if (CanInlineElementAccess(map) && IsFastElementsKind(elements_kind) &&
7541 elements_kind != GetInitialFastElementsKind()) {
7542 possible_transitioned_maps.Add(map);
7543 }
7544 if (IsSloppyArgumentsElements(elements_kind)) {
7545 HInstruction* result =
7546 BuildKeyedGeneric(access_type, expr, slot, object, key, val);
7547 *has_side_effects = result->HasObservableSideEffects();
7548 return AddInstruction(result);
7549 }
7550 }
7551 // Get transition target for each map (NULL == no transition).
7552 for (int i = 0; i < maps->length(); ++i) {
7553 Handle<Map> map = maps->at(i);
7554 Handle<Map> transitioned_map =
7555 Map::FindTransitionedMap(map, &possible_transitioned_maps);
7556 transition_target.Add(transitioned_map);
7557 }
7558
7559 MapHandleList untransitionable_maps(maps->length());
7560 HTransitionElementsKind* transition = NULL;
7561 for (int i = 0; i < maps->length(); ++i) {
7562 Handle<Map> map = maps->at(i);
7563 DCHECK(map->IsMap());
7564 if (!transition_target.at(i).is_null()) {
7565 DCHECK(Map::IsValidElementsTransition(
7566 map->elements_kind(),
7567 transition_target.at(i)->elements_kind()));
7568 transition = Add<HTransitionElementsKind>(object, map,
7569 transition_target.at(i));
7570 } else {
7571 untransitionable_maps.Add(map);
7572 }
7573 }
7574
7575 // If only one map is left after transitioning, handle this case
7576 // monomorphically.
7577 DCHECK(untransitionable_maps.length() >= 1);
7578 if (untransitionable_maps.length() == 1) {
7579 Handle<Map> untransitionable_map = untransitionable_maps[0];
7580 HInstruction* instr = NULL;
7581 if (!CanInlineElementAccess(untransitionable_map)) {
7582 instr = AddInstruction(
7583 BuildKeyedGeneric(access_type, expr, slot, object, key, val));
7584 } else {
7585 instr = BuildMonomorphicElementAccess(
7586 object, key, val, transition, untransitionable_map, access_type,
7587 store_mode);
7588 }
7589 *has_side_effects |= instr->HasObservableSideEffects();
7590 return access_type == STORE ? val : instr;
7591 }
7592
7593 HBasicBlock* join = graph()->CreateBasicBlock();
7594
7595 for (int i = 0; i < untransitionable_maps.length(); ++i) {
7596 Handle<Map> map = untransitionable_maps[i];
7597 ElementsKind elements_kind = map->elements_kind();
7598 HBasicBlock* this_map = graph()->CreateBasicBlock();
7599 HBasicBlock* other_map = graph()->CreateBasicBlock();
7600 HCompareMap* mapcompare =
7601 New<HCompareMap>(object, map, this_map, other_map);
7602 FinishCurrentBlock(mapcompare);
7603
7604 set_current_block(this_map);
7605 HInstruction* access = NULL;
7606 if (!CanInlineElementAccess(map)) {
7607 access = AddInstruction(
7608 BuildKeyedGeneric(access_type, expr, slot, object, key, val));
7609 } else {
7610 DCHECK(IsFastElementsKind(elements_kind) ||
7611 IsFixedTypedArrayElementsKind(elements_kind));
7612 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7613 // Happily, mapcompare is a checked object.
7614 access = BuildUncheckedMonomorphicElementAccess(
7615 mapcompare, key, val,
7616 map->instance_type() == JS_ARRAY_TYPE,
7617 elements_kind, access_type,
7618 load_mode,
7619 store_mode);
7620 }
7621 *has_side_effects |= access->HasObservableSideEffects();
7622 // The caller will use has_side_effects and add a correct Simulate.
7623 access->SetFlag(HValue::kHasNoObservableSideEffects);
7624 if (access_type == LOAD) {
7625 Push(access);
7626 }
7627 NoObservableSideEffectsScope scope(this);
7628 GotoNoSimulate(join);
7629 set_current_block(other_map);
7630 }
7631
7632 // Ensure that we visited at least one map above that goes to join. This is
7633 // necessary because FinishExitWithHardDeoptimization does an AbnormalExit
7634 // rather than joining the join block. If this becomes an issue, insert a
7635 // generic access in the case length() == 0.
7636 DCHECK(join->predecessors()->length() > 0);
7637 // Deopt if none of the cases matched.
7638 NoObservableSideEffectsScope scope(this);
7639 FinishExitWithHardDeoptimization(
7640 Deoptimizer::kUnknownMapInPolymorphicElementAccess);
7641 set_current_block(join);
7642 return access_type == STORE ? val : Pop();
7643 }
7644
7645
7646 HValue* HOptimizedGraphBuilder::HandleKeyedElementAccess(
7647 HValue* obj, HValue* key, HValue* val, Expression* expr,
7648 FeedbackVectorSlot slot, BailoutId ast_id, BailoutId return_id,
7649 PropertyAccessType access_type, bool* has_side_effects) {
7650 if (key->ActualValue()->IsConstant()) {
7651 Handle<Object> constant =
7652 HConstant::cast(key->ActualValue())->handle(isolate());
7653 uint32_t array_index;
7654 if (constant->IsString() &&
7655 !Handle<String>::cast(constant)->AsArrayIndex(&array_index)) {
7656 if (!constant->IsUniqueName()) {
7657 constant = isolate()->factory()->InternalizeString(
7658 Handle<String>::cast(constant));
7659 }
7660 HValue* access =
7661 BuildNamedAccess(access_type, ast_id, return_id, expr, slot, obj,
7662 Handle<String>::cast(constant), val, false);
7663 if (access == NULL || access->IsPhi() ||
7664 HInstruction::cast(access)->IsLinked()) {
7665 *has_side_effects = false;
7666 } else {
7667 HInstruction* instr = HInstruction::cast(access);
7668 AddInstruction(instr);
7669 *has_side_effects = instr->HasObservableSideEffects();
7670 }
7671 return access;
7672 }
7673 }
7674
7675 DCHECK(!expr->IsPropertyName());
7676 HInstruction* instr = NULL;
7677
7678 SmallMapList* maps;
7679 bool monomorphic = ComputeReceiverTypes(expr, obj, &maps, zone());
7680
7681 bool force_generic = false;
7682 if (expr->GetKeyType() == PROPERTY) {
7683 // Non-Generic accesses assume that elements are being accessed, and will
7684 // deopt for non-index keys, which the IC knows will occur.
7685 // TODO(jkummerow): Consider adding proper support for property accesses.
7686 force_generic = true;
7687 monomorphic = false;
7688 } else if (access_type == STORE &&
7689 (monomorphic || (maps != NULL && !maps->is_empty()))) {
7690 // Stores can't be mono/polymorphic if their prototype chain has dictionary
7691 // elements. However a receiver map that has dictionary elements itself
7692 // should be left to normal mono/poly behavior (the other maps may benefit
7693 // from highly optimized stores).
7694 for (int i = 0; i < maps->length(); i++) {
7695 Handle<Map> current_map = maps->at(i);
7696 if (current_map->DictionaryElementsInPrototypeChainOnly()) {
7697 force_generic = true;
7698 monomorphic = false;
7699 break;
7700 }
7701 }
7702 } else if (access_type == LOAD && !monomorphic &&
7703 (maps != NULL && !maps->is_empty())) {
7704 // Polymorphic loads have to go generic if any of the maps are strings.
7705 // If some, but not all of the maps are strings, we should go generic
7706 // because polymorphic access wants to key on ElementsKind and isn't
7707 // compatible with strings.
7708 for (int i = 0; i < maps->length(); i++) {
7709 Handle<Map> current_map = maps->at(i);
7710 if (current_map->IsStringMap()) {
7711 force_generic = true;
7712 break;
7713 }
7714 }
7715 }
7716
7717 if (monomorphic) {
7718 Handle<Map> map = maps->first();
7719 if (!CanInlineElementAccess(map)) {
7720 instr = AddInstruction(
7721 BuildKeyedGeneric(access_type, expr, slot, obj, key, val));
7722 } else {
7723 BuildCheckHeapObject(obj);
7724 instr = BuildMonomorphicElementAccess(
7725 obj, key, val, NULL, map, access_type, expr->GetStoreMode());
7726 }
7727 } else if (!force_generic && (maps != NULL && !maps->is_empty())) {
7728 return HandlePolymorphicElementAccess(expr, slot, obj, key, val, maps,
7729 access_type, expr->GetStoreMode(),
7730 has_side_effects);
7731 } else {
7732 if (access_type == STORE) {
7733 if (expr->IsAssignment() &&
7734 expr->AsAssignment()->HasNoTypeInformation()) {
7735 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedStore,
7736 Deoptimizer::SOFT);
7737 }
7738 } else {
7739 if (expr->AsProperty()->HasNoTypeInformation()) {
7740 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedLoad,
7741 Deoptimizer::SOFT);
7742 }
7743 }
7744 instr = AddInstruction(
7745 BuildKeyedGeneric(access_type, expr, slot, obj, key, val));
7746 }
7747 *has_side_effects = instr->HasObservableSideEffects();
7748 return instr;
7749 }
7750
7751
7752 void HOptimizedGraphBuilder::EnsureArgumentsArePushedForAccess() {
7753 // Outermost function already has arguments on the stack.
7754 if (function_state()->outer() == NULL) return;
7755
7756 if (function_state()->arguments_pushed()) return;
7757
7758 // Push arguments when entering inlined function.
7759 HEnterInlined* entry = function_state()->entry();
7760 entry->set_arguments_pushed();
7761
7762 HArgumentsObject* arguments = entry->arguments_object();
7763 const ZoneList<HValue*>* arguments_values = arguments->arguments_values();
7764
7765 HInstruction* insert_after = entry;
7766 for (int i = 0; i < arguments_values->length(); i++) {
7767 HValue* argument = arguments_values->at(i);
7768 HInstruction* push_argument = New<HPushArguments>(argument);
7769 push_argument->InsertAfter(insert_after);
7770 insert_after = push_argument;
7771 }
7772
7773 HArgumentsElements* arguments_elements = New<HArgumentsElements>(true);
7774 arguments_elements->ClearFlag(HValue::kUseGVN);
7775 arguments_elements->InsertAfter(insert_after);
7776 function_state()->set_arguments_elements(arguments_elements);
7777 }
7778
7779
7780 bool HOptimizedGraphBuilder::TryArgumentsAccess(Property* expr) {
7781 VariableProxy* proxy = expr->obj()->AsVariableProxy();
7782 if (proxy == NULL) return false;
7783 if (!proxy->var()->IsStackAllocated()) return false;
7784 if (!environment()->Lookup(proxy->var())->CheckFlag(HValue::kIsArguments)) {
7785 return false;
7786 }
7787
7788 HInstruction* result = NULL;
7789 if (expr->key()->IsPropertyName()) {
7790 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7791 if (!String::Equals(name, isolate()->factory()->length_string())) {
7792 return false;
7793 }
7794
7795 if (function_state()->outer() == NULL) {
7796 HInstruction* elements = Add<HArgumentsElements>(false);
7797 result = New<HArgumentsLength>(elements);
7798 } else {
7799 // Number of arguments without receiver.
7800 int argument_count = environment()->
7801 arguments_environment()->parameter_count() - 1;
7802 result = New<HConstant>(argument_count);
7803 }
7804 } else {
7805 Push(graph()->GetArgumentsObject());
7806 CHECK_ALIVE_OR_RETURN(VisitForValue(expr->key()), true);
7807 HValue* key = Pop();
7808 Drop(1); // Arguments object.
7809 if (function_state()->outer() == NULL) {
7810 HInstruction* elements = Add<HArgumentsElements>(false);
7811 HInstruction* length = Add<HArgumentsLength>(elements);
7812 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7813 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7814 } else {
7815 EnsureArgumentsArePushedForAccess();
7816
7817 // Number of arguments without receiver.
7818 HInstruction* elements = function_state()->arguments_elements();
7819 int argument_count = environment()->
7820 arguments_environment()->parameter_count() - 1;
7821 HInstruction* length = Add<HConstant>(argument_count);
7822 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7823 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7824 }
7825 }
7826 ast_context()->ReturnInstruction(result, expr->id());
7827 return true;
7828 }
7829
7830
7831 HValue* HOptimizedGraphBuilder::BuildNamedAccess(
7832 PropertyAccessType access, BailoutId ast_id, BailoutId return_id,
7833 Expression* expr, FeedbackVectorSlot slot, HValue* object,
7834 Handle<String> name, HValue* value, bool is_uninitialized) {
7835 SmallMapList* maps;
7836 ComputeReceiverTypes(expr, object, &maps, zone());
7837 DCHECK(maps != NULL);
7838
7839 if (maps->length() > 0) {
7840 PropertyAccessInfo info(this, access, maps->first(), name);
7841 if (!info.CanAccessAsMonomorphic(maps)) {
7842 HandlePolymorphicNamedFieldAccess(access, expr, slot, ast_id, return_id,
7843 object, value, maps, name);
7844 return NULL;
7845 }
7846
7847 HValue* checked_object;
7848 // Type::Number() is only supported by polymorphic load/call handling.
7849 DCHECK(!info.IsNumberType());
7850 BuildCheckHeapObject(object);
7851 if (AreStringTypes(maps)) {
7852 checked_object =
7853 Add<HCheckInstanceType>(object, HCheckInstanceType::IS_STRING);
7854 } else {
7855 checked_object = Add<HCheckMaps>(object, maps);
7856 }
7857 return BuildMonomorphicAccess(
7858 &info, object, checked_object, value, ast_id, return_id);
7859 }
7860
7861 return BuildNamedGeneric(access, expr, slot, object, name, value,
7862 is_uninitialized);
7863 }
7864
7865
7866 void HOptimizedGraphBuilder::PushLoad(Property* expr,
7867 HValue* object,
7868 HValue* key) {
7869 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
7870 Push(object);
7871 if (key != NULL) Push(key);
7872 BuildLoad(expr, expr->LoadId());
7873 }
7874
7875
7876 void HOptimizedGraphBuilder::BuildLoad(Property* expr,
7877 BailoutId ast_id) {
7878 HInstruction* instr = NULL;
7879 if (expr->IsStringAccess()) {
7880 HValue* index = Pop();
7881 HValue* string = Pop();
7882 HInstruction* char_code = BuildStringCharCodeAt(string, index);
7883 AddInstruction(char_code);
7884 instr = NewUncasted<HStringCharFromCode>(char_code);
7885
7886 } else if (expr->key()->IsPropertyName()) {
7887 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7888 HValue* object = Pop();
7889
7890 HValue* value = BuildNamedAccess(LOAD, ast_id, expr->LoadId(), expr,
7891 expr->PropertyFeedbackSlot(), object, name,
7892 NULL, expr->IsUninitialized());
7893 if (value == NULL) return;
7894 if (value->IsPhi()) return ast_context()->ReturnValue(value);
7895 instr = HInstruction::cast(value);
7896 if (instr->IsLinked()) return ast_context()->ReturnValue(instr);
7897
7898 } else {
7899 HValue* key = Pop();
7900 HValue* obj = Pop();
7901
7902 bool has_side_effects = false;
7903 HValue* load = HandleKeyedElementAccess(
7904 obj, key, NULL, expr, expr->PropertyFeedbackSlot(), ast_id,
7905 expr->LoadId(), LOAD, &has_side_effects);
7906 if (has_side_effects) {
7907 if (ast_context()->IsEffect()) {
7908 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7909 } else {
7910 Push(load);
7911 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7912 Drop(1);
7913 }
7914 }
7915 if (load == NULL) return;
7916 return ast_context()->ReturnValue(load);
7917 }
7918 return ast_context()->ReturnInstruction(instr, ast_id);
7919 }
7920
7921
7922 void HOptimizedGraphBuilder::VisitProperty(Property* expr) {
7923 DCHECK(!HasStackOverflow());
7924 DCHECK(current_block() != NULL);
7925 DCHECK(current_block()->HasPredecessor());
7926
7927 if (TryArgumentsAccess(expr)) return;
7928
7929 CHECK_ALIVE(VisitForValue(expr->obj()));
7930 if (!expr->key()->IsPropertyName() || expr->IsStringAccess()) {
7931 CHECK_ALIVE(VisitForValue(expr->key()));
7932 }
7933
7934 BuildLoad(expr, expr->id());
7935 }
7936
7937
7938 HInstruction* HGraphBuilder::BuildConstantMapCheck(Handle<JSObject> constant) {
7939 HCheckMaps* check = Add<HCheckMaps>(
7940 Add<HConstant>(constant), handle(constant->map()));
7941 check->ClearDependsOnFlag(kElementsKind);
7942 return check;
7943 }
7944
7945
7946 HInstruction* HGraphBuilder::BuildCheckPrototypeMaps(Handle<JSObject> prototype,
7947 Handle<JSObject> holder) {
7948 PrototypeIterator iter(isolate(), prototype,
7949 PrototypeIterator::START_AT_RECEIVER);
7950 while (holder.is_null() ||
7951 !PrototypeIterator::GetCurrent(iter).is_identical_to(holder)) {
7952 BuildConstantMapCheck(PrototypeIterator::GetCurrent<JSObject>(iter));
7953 iter.Advance();
7954 if (iter.IsAtEnd()) {
7955 return NULL;
7956 }
7957 }
7958 return BuildConstantMapCheck(PrototypeIterator::GetCurrent<JSObject>(iter));
7959 }
7960
7961
7962 void HOptimizedGraphBuilder::AddCheckPrototypeMaps(Handle<JSObject> holder,
7963 Handle<Map> receiver_map) {
7964 if (!holder.is_null()) {
7965 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
7966 BuildCheckPrototypeMaps(prototype, holder);
7967 }
7968 }
7969
7970
7971 HInstruction* HOptimizedGraphBuilder::NewPlainFunctionCall(HValue* fun,
7972 int argument_count) {
7973 return New<HCallJSFunction>(fun, argument_count);
7974 }
7975
7976
7977 HInstruction* HOptimizedGraphBuilder::NewArgumentAdaptorCall(
7978 HValue* fun, HValue* context,
7979 int argument_count, HValue* expected_param_count) {
7980 ArgumentAdaptorDescriptor descriptor(isolate());
7981 HValue* arity = Add<HConstant>(argument_count - 1);
7982
7983 HValue* op_vals[] = { context, fun, arity, expected_param_count };
7984
7985 Handle<Code> adaptor =
7986 isolate()->builtins()->ArgumentsAdaptorTrampoline();
7987 HConstant* adaptor_value = Add<HConstant>(adaptor);
7988
7989 return New<HCallWithDescriptor>(adaptor_value, argument_count, descriptor,
7990 Vector<HValue*>(op_vals, arraysize(op_vals)));
7991 }
7992
7993
7994 HInstruction* HOptimizedGraphBuilder::BuildCallConstantFunction(
7995 Handle<JSFunction> jsfun, int argument_count) {
7996 HValue* target = Add<HConstant>(jsfun);
7997 // For constant functions, we try to avoid calling the
7998 // argument adaptor and instead call the function directly
7999 int formal_parameter_count =
8000 jsfun->shared()->internal_formal_parameter_count();
8001 bool dont_adapt_arguments =
8002 (formal_parameter_count ==
8003 SharedFunctionInfo::kDontAdaptArgumentsSentinel);
8004 int arity = argument_count - 1;
8005 bool can_invoke_directly =
8006 dont_adapt_arguments || formal_parameter_count == arity;
8007 if (can_invoke_directly) {
8008 if (jsfun.is_identical_to(current_info()->closure())) {
8009 graph()->MarkRecursive();
8010 }
8011 return NewPlainFunctionCall(target, argument_count);
8012 } else {
8013 HValue* param_count_value = Add<HConstant>(formal_parameter_count);
8014 HValue* context = Add<HLoadNamedField>(
8015 target, nullptr, HObjectAccess::ForFunctionContextPointer());
8016 return NewArgumentAdaptorCall(target, context,
8017 argument_count, param_count_value);
8018 }
8019 UNREACHABLE();
8020 return NULL;
8021 }
8022
8023
8024 class FunctionSorter {
8025 public:
8026 explicit FunctionSorter(int index = 0, int ticks = 0, int size = 0)
8027 : index_(index), ticks_(ticks), size_(size) {}
8028
8029 int index() const { return index_; }
8030 int ticks() const { return ticks_; }
8031 int size() const { return size_; }
8032
8033 private:
8034 int index_;
8035 int ticks_;
8036 int size_;
8037 };
8038
8039
8040 inline bool operator<(const FunctionSorter& lhs, const FunctionSorter& rhs) {
8041 int diff = lhs.ticks() - rhs.ticks();
8042 if (diff != 0) return diff > 0;
8043 return lhs.size() < rhs.size();
8044 }
8045
8046
8047 void HOptimizedGraphBuilder::HandlePolymorphicCallNamed(Call* expr,
8048 HValue* receiver,
8049 SmallMapList* maps,
8050 Handle<String> name) {
8051 int argument_count = expr->arguments()->length() + 1; // Includes receiver.
8052 FunctionSorter order[kMaxCallPolymorphism];
8053
8054 bool handle_smi = false;
8055 bool handled_string = false;
8056 int ordered_functions = 0;
8057
8058 int i;
8059 for (i = 0; i < maps->length() && ordered_functions < kMaxCallPolymorphism;
8060 ++i) {
8061 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
8062 if (info.CanAccessMonomorphic() && info.IsDataConstant() &&
8063 info.constant()->IsJSFunction()) {
8064 if (info.IsStringType()) {
8065 if (handled_string) continue;
8066 handled_string = true;
8067 }
8068 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
8069 if (info.IsNumberType()) {
8070 handle_smi = true;
8071 }
8072 expr->set_target(target);
8073 order[ordered_functions++] = FunctionSorter(
8074 i, target->shared()->profiler_ticks(), InliningAstSize(target));
8075 }
8076 }
8077
8078 std::sort(order, order + ordered_functions);
8079
8080 if (i < maps->length()) {
8081 maps->Clear();
8082 ordered_functions = -1;
8083 }
8084
8085 HBasicBlock* number_block = NULL;
8086 HBasicBlock* join = NULL;
8087 handled_string = false;
8088 int count = 0;
8089
8090 for (int fn = 0; fn < ordered_functions; ++fn) {
8091 int i = order[fn].index();
8092 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
8093 if (info.IsStringType()) {
8094 if (handled_string) continue;
8095 handled_string = true;
8096 }
8097 // Reloads the target.
8098 info.CanAccessMonomorphic();
8099 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
8100
8101 expr->set_target(target);
8102 if (count == 0) {
8103 // Only needed once.
8104 join = graph()->CreateBasicBlock();
8105 if (handle_smi) {
8106 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
8107 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
8108 number_block = graph()->CreateBasicBlock();
8109 FinishCurrentBlock(New<HIsSmiAndBranch>(
8110 receiver, empty_smi_block, not_smi_block));
8111 GotoNoSimulate(empty_smi_block, number_block);
8112 set_current_block(not_smi_block);
8113 } else {
8114 BuildCheckHeapObject(receiver);
8115 }
8116 }
8117 ++count;
8118 HBasicBlock* if_true = graph()->CreateBasicBlock();
8119 HBasicBlock* if_false = graph()->CreateBasicBlock();
8120 HUnaryControlInstruction* compare;
8121
8122 Handle<Map> map = info.map();
8123 if (info.IsNumberType()) {
8124 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
8125 compare = New<HCompareMap>(receiver, heap_number_map, if_true, if_false);
8126 } else if (info.IsStringType()) {
8127 compare = New<HIsStringAndBranch>(receiver, if_true, if_false);
8128 } else {
8129 compare = New<HCompareMap>(receiver, map, if_true, if_false);
8130 }
8131 FinishCurrentBlock(compare);
8132
8133 if (info.IsNumberType()) {
8134 GotoNoSimulate(if_true, number_block);
8135 if_true = number_block;
8136 }
8137
8138 set_current_block(if_true);
8139
8140 AddCheckPrototypeMaps(info.holder(), map);
8141
8142 HValue* function = Add<HConstant>(expr->target());
8143 environment()->SetExpressionStackAt(0, function);
8144 Push(receiver);
8145 CHECK_ALIVE(VisitExpressions(expr->arguments()));
8146 bool needs_wrapping = info.NeedsWrappingFor(target);
8147 bool try_inline = FLAG_polymorphic_inlining && !needs_wrapping;
8148 if (FLAG_trace_inlining && try_inline) {
8149 Handle<JSFunction> caller = current_info()->closure();
8150 base::SmartArrayPointer<char> caller_name =
8151 caller->shared()->DebugName()->ToCString();
8152 PrintF("Trying to inline the polymorphic call to %s from %s\n",
8153 name->ToCString().get(),
8154 caller_name.get());
8155 }
8156 if (try_inline && TryInlineCall(expr)) {
8157 // Trying to inline will signal that we should bailout from the
8158 // entire compilation by setting stack overflow on the visitor.
8159 if (HasStackOverflow()) return;
8160 } else {
8161 // Since HWrapReceiver currently cannot actually wrap numbers and strings,
8162 // use the regular CallFunctionStub for method calls to wrap the receiver.
8163 // TODO(verwaest): Support creation of value wrappers directly in
8164 // HWrapReceiver.
8165 HInstruction* call = needs_wrapping
8166 ? NewUncasted<HCallFunction>(
8167 function, argument_count, WRAP_AND_CALL)
8168 : BuildCallConstantFunction(target, argument_count);
8169 PushArgumentsFromEnvironment(argument_count);
8170 AddInstruction(call);
8171 Drop(1); // Drop the function.
8172 if (!ast_context()->IsEffect()) Push(call);
8173 }
8174
8175 if (current_block() != NULL) Goto(join);
8176 set_current_block(if_false);
8177 }
8178
8179 // Finish up. Unconditionally deoptimize if we've handled all the maps we
8180 // know about and do not want to handle ones we've never seen. Otherwise
8181 // use a generic IC.
8182 if (ordered_functions == maps->length() && FLAG_deoptimize_uncommon_cases) {
8183 FinishExitWithHardDeoptimization(Deoptimizer::kUnknownMapInPolymorphicCall);
8184 } else {
8185 Property* prop = expr->expression()->AsProperty();
8186 HInstruction* function =
8187 BuildNamedGeneric(LOAD, prop, prop->PropertyFeedbackSlot(), receiver,
8188 name, NULL, prop->IsUninitialized());
8189 AddInstruction(function);
8190 Push(function);
8191 AddSimulate(prop->LoadId(), REMOVABLE_SIMULATE);
8192
8193 environment()->SetExpressionStackAt(1, function);
8194 environment()->SetExpressionStackAt(0, receiver);
8195 CHECK_ALIVE(VisitExpressions(expr->arguments()));
8196
8197 CallFunctionFlags flags = receiver->type().IsJSObject()
8198 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
8199 HInstruction* call = New<HCallFunction>(
8200 function, argument_count, flags);
8201
8202 PushArgumentsFromEnvironment(argument_count);
8203
8204 Drop(1); // Function.
8205
8206 if (join != NULL) {
8207 AddInstruction(call);
8208 if (!ast_context()->IsEffect()) Push(call);
8209 Goto(join);
8210 } else {
8211 return ast_context()->ReturnInstruction(call, expr->id());
8212 }
8213 }
8214
8215 // We assume that control flow is always live after an expression. So
8216 // even without predecessors to the join block, we set it as the exit
8217 // block and continue by adding instructions there.
8218 DCHECK(join != NULL);
8219 if (join->HasPredecessor()) {
8220 set_current_block(join);
8221 join->SetJoinId(expr->id());
8222 if (!ast_context()->IsEffect()) return ast_context()->ReturnValue(Pop());
8223 } else {
8224 set_current_block(NULL);
8225 }
8226 }
8227
8228
8229 void HOptimizedGraphBuilder::TraceInline(Handle<JSFunction> target,
8230 Handle<JSFunction> caller,
8231 const char* reason) {
8232 if (FLAG_trace_inlining) {
8233 base::SmartArrayPointer<char> target_name =
8234 target->shared()->DebugName()->ToCString();
8235 base::SmartArrayPointer<char> caller_name =
8236 caller->shared()->DebugName()->ToCString();
8237 if (reason == NULL) {
8238 PrintF("Inlined %s called from %s.\n", target_name.get(),
8239 caller_name.get());
8240 } else {
8241 PrintF("Did not inline %s called from %s (%s).\n",
8242 target_name.get(), caller_name.get(), reason);
8243 }
8244 }
8245 }
8246
8247
8248 static const int kNotInlinable = 1000000000;
8249
8250
8251 int HOptimizedGraphBuilder::InliningAstSize(Handle<JSFunction> target) {
8252 if (!FLAG_use_inlining) return kNotInlinable;
8253
8254 // Precondition: call is monomorphic and we have found a target with the
8255 // appropriate arity.
8256 Handle<JSFunction> caller = current_info()->closure();
8257 Handle<SharedFunctionInfo> target_shared(target->shared());
8258
8259 // Always inline functions that force inlining.
8260 if (target_shared->force_inline()) {
8261 return 0;
8262 }
8263 if (target->IsBuiltin()) {
8264 return kNotInlinable;
8265 }
8266
8267 if (target_shared->IsApiFunction()) {
8268 TraceInline(target, caller, "target is api function");
8269 return kNotInlinable;
8270 }
8271
8272 // Do a quick check on source code length to avoid parsing large
8273 // inlining candidates.
8274 if (target_shared->SourceSize() >
8275 Min(FLAG_max_inlined_source_size, kUnlimitedMaxInlinedSourceSize)) {
8276 TraceInline(target, caller, "target text too big");
8277 return kNotInlinable;
8278 }
8279
8280 // Target must be inlineable.
8281 BailoutReason noopt_reason = target_shared->disable_optimization_reason();
8282 if (!target_shared->IsInlineable() && noopt_reason != kHydrogenFilter) {
8283 TraceInline(target, caller, "target not inlineable");
8284 return kNotInlinable;
8285 }
8286 if (noopt_reason != kNoReason && noopt_reason != kHydrogenFilter) {
8287 TraceInline(target, caller, "target contains unsupported syntax [early]");
8288 return kNotInlinable;
8289 }
8290
8291 int nodes_added = target_shared->ast_node_count();
8292 return nodes_added;
8293 }
8294
8295
8296 bool HOptimizedGraphBuilder::TryInline(Handle<JSFunction> target,
8297 int arguments_count,
8298 HValue* implicit_return_value,
8299 BailoutId ast_id, BailoutId return_id,
8300 InliningKind inlining_kind) {
8301 if (target->context()->native_context() !=
8302 top_info()->closure()->context()->native_context()) {
8303 return false;
8304 }
8305 int nodes_added = InliningAstSize(target);
8306 if (nodes_added == kNotInlinable) return false;
8307
8308 Handle<JSFunction> caller = current_info()->closure();
8309
8310 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
8311 TraceInline(target, caller, "target AST is too large [early]");
8312 return false;
8313 }
8314
8315 // Don't inline deeper than the maximum number of inlining levels.
8316 HEnvironment* env = environment();
8317 int current_level = 1;
8318 while (env->outer() != NULL) {
8319 if (current_level == FLAG_max_inlining_levels) {
8320 TraceInline(target, caller, "inline depth limit reached");
8321 return false;
8322 }
8323 if (env->outer()->frame_type() == JS_FUNCTION) {
8324 current_level++;
8325 }
8326 env = env->outer();
8327 }
8328
8329 // Don't inline recursive functions.
8330 for (FunctionState* state = function_state();
8331 state != NULL;
8332 state = state->outer()) {
8333 if (*state->compilation_info()->closure() == *target) {
8334 TraceInline(target, caller, "target is recursive");
8335 return false;
8336 }
8337 }
8338
8339 // We don't want to add more than a certain number of nodes from inlining.
8340 // Always inline small methods (<= 10 nodes).
8341 if (inlined_count_ > Min(FLAG_max_inlined_nodes_cumulative,
8342 kUnlimitedMaxInlinedNodesCumulative)) {
8343 TraceInline(target, caller, "cumulative AST node limit reached");
8344 return false;
8345 }
8346
8347 // Parse and allocate variables.
8348 // Use the same AstValueFactory for creating strings in the sub-compilation
8349 // step, but don't transfer ownership to target_info.
8350 ParseInfo parse_info(zone(), target);
8351 parse_info.set_ast_value_factory(
8352 top_info()->parse_info()->ast_value_factory());
8353 parse_info.set_ast_value_factory_owned(false);
8354
8355 CompilationInfo target_info(&parse_info);
8356 Handle<SharedFunctionInfo> target_shared(target->shared());
8357 if (target_shared->HasDebugInfo()) {
8358 TraceInline(target, caller, "target is being debugged");
8359 return false;
8360 }
8361 if (!Compiler::ParseAndAnalyze(target_info.parse_info())) {
8362 if (target_info.isolate()->has_pending_exception()) {
8363 // Parse or scope error, never optimize this function.
8364 SetStackOverflow();
8365 target_shared->DisableOptimization(kParseScopeError);
8366 }
8367 TraceInline(target, caller, "parse failure");
8368 return false;
8369 }
8370
8371 if (target_info.scope()->num_heap_slots() > 0) {
8372 TraceInline(target, caller, "target has context-allocated variables");
8373 return false;
8374 }
8375 FunctionLiteral* function = target_info.literal();
8376
8377 // The following conditions must be checked again after re-parsing, because
8378 // earlier the information might not have been complete due to lazy parsing.
8379 nodes_added = function->ast_node_count();
8380 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
8381 TraceInline(target, caller, "target AST is too large [late]");
8382 return false;
8383 }
8384 if (function->dont_optimize()) {
8385 TraceInline(target, caller, "target contains unsupported syntax [late]");
8386 return false;
8387 }
8388
8389 // If the function uses the arguments object check that inlining of functions
8390 // with arguments object is enabled and the arguments-variable is
8391 // stack allocated.
8392 if (function->scope()->arguments() != NULL) {
8393 if (!FLAG_inline_arguments) {
8394 TraceInline(target, caller, "target uses arguments object");
8395 return false;
8396 }
8397 }
8398
8399 // All declarations must be inlineable.
8400 ZoneList<Declaration*>* decls = target_info.scope()->declarations();
8401 int decl_count = decls->length();
8402 for (int i = 0; i < decl_count; ++i) {
8403 if (!decls->at(i)->IsInlineable()) {
8404 TraceInline(target, caller, "target has non-trivial declaration");
8405 return false;
8406 }
8407 }
8408
8409 // Generate the deoptimization data for the unoptimized version of
8410 // the target function if we don't already have it.
8411 if (!Compiler::EnsureDeoptimizationSupport(&target_info)) {
8412 TraceInline(target, caller, "could not generate deoptimization info");
8413 return false;
8414 }
8415
8416 // In strong mode it is an error to call a function with too few arguments.
8417 // In that case do not inline because then the arity check would be skipped.
8418 if (is_strong(function->language_mode()) &&
8419 arguments_count < function->parameter_count()) {
8420 TraceInline(target, caller,
8421 "too few arguments passed to a strong function");
8422 return false;
8423 }
8424
8425 // ----------------------------------------------------------------
8426 // After this point, we've made a decision to inline this function (so
8427 // TryInline should always return true).
8428
8429 // Type-check the inlined function.
8430 DCHECK(target_shared->has_deoptimization_support());
8431 AstTyper(target_info.isolate(), target_info.zone(), target_info.closure(),
8432 target_info.scope(), target_info.osr_ast_id(), target_info.literal())
8433 .Run();
8434
8435 int inlining_id = 0;
8436 if (top_info()->is_tracking_positions()) {
8437 inlining_id = top_info()->TraceInlinedFunction(
8438 target_shared, source_position(), function_state()->inlining_id());
8439 }
8440
8441 // Save the pending call context. Set up new one for the inlined function.
8442 // The function state is new-allocated because we need to delete it
8443 // in two different places.
8444 FunctionState* target_state =
8445 new FunctionState(this, &target_info, inlining_kind, inlining_id);
8446
8447 HConstant* undefined = graph()->GetConstantUndefined();
8448
8449 HEnvironment* inner_env =
8450 environment()->CopyForInlining(target,
8451 arguments_count,
8452 function,
8453 undefined,
8454 function_state()->inlining_kind());
8455
8456 HConstant* context = Add<HConstant>(Handle<Context>(target->context()));
8457 inner_env->BindContext(context);
8458
8459 // Create a dematerialized arguments object for the function, also copy the
8460 // current arguments values to use them for materialization.
8461 HEnvironment* arguments_env = inner_env->arguments_environment();
8462 int parameter_count = arguments_env->parameter_count();
8463 HArgumentsObject* arguments_object = Add<HArgumentsObject>(parameter_count);
8464 for (int i = 0; i < parameter_count; i++) {
8465 arguments_object->AddArgument(arguments_env->Lookup(i), zone());
8466 }
8467
8468 // If the function uses arguments object then bind bind one.
8469 if (function->scope()->arguments() != NULL) {
8470 DCHECK(function->scope()->arguments()->IsStackAllocated());
8471 inner_env->Bind(function->scope()->arguments(), arguments_object);
8472 }
8473
8474 // Capture the state before invoking the inlined function for deopt in the
8475 // inlined function. This simulate has no bailout-id since it's not directly
8476 // reachable for deopt, and is only used to capture the state. If the simulate
8477 // becomes reachable by merging, the ast id of the simulate merged into it is
8478 // adopted.
8479 Add<HSimulate>(BailoutId::None());
8480
8481 current_block()->UpdateEnvironment(inner_env);
8482 Scope* saved_scope = scope();
8483 set_scope(target_info.scope());
8484 HEnterInlined* enter_inlined =
8485 Add<HEnterInlined>(return_id, target, context, arguments_count, function,
8486 function_state()->inlining_kind(),
8487 function->scope()->arguments(), arguments_object);
8488 if (top_info()->is_tracking_positions()) {
8489 enter_inlined->set_inlining_id(inlining_id);
8490 }
8491 function_state()->set_entry(enter_inlined);
8492
8493 VisitDeclarations(target_info.scope()->declarations());
8494 VisitStatements(function->body());
8495 set_scope(saved_scope);
8496 if (HasStackOverflow()) {
8497 // Bail out if the inline function did, as we cannot residualize a call
8498 // instead, but do not disable optimization for the outer function.
8499 TraceInline(target, caller, "inline graph construction failed");
8500 target_shared->DisableOptimization(kInliningBailedOut);
8501 current_info()->RetryOptimization(kInliningBailedOut);
8502 delete target_state;
8503 return true;
8504 }
8505
8506 // Update inlined nodes count.
8507 inlined_count_ += nodes_added;
8508
8509 Handle<Code> unoptimized_code(target_shared->code());
8510 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
8511 Handle<TypeFeedbackInfo> type_info(
8512 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
8513 graph()->update_type_change_checksum(type_info->own_type_change_checksum());
8514
8515 TraceInline(target, caller, NULL);
8516
8517 if (current_block() != NULL) {
8518 FunctionState* state = function_state();
8519 if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
8520 // Falling off the end of an inlined construct call. In a test context the
8521 // return value will always evaluate to true, in a value context the
8522 // return value is the newly allocated receiver.
8523 if (call_context()->IsTest()) {
8524 Goto(inlined_test_context()->if_true(), state);
8525 } else if (call_context()->IsEffect()) {
8526 Goto(function_return(), state);
8527 } else {
8528 DCHECK(call_context()->IsValue());
8529 AddLeaveInlined(implicit_return_value, state);
8530 }
8531 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
8532 // Falling off the end of an inlined setter call. The returned value is
8533 // never used, the value of an assignment is always the value of the RHS
8534 // of the assignment.
8535 if (call_context()->IsTest()) {
8536 inlined_test_context()->ReturnValue(implicit_return_value);
8537 } else if (call_context()->IsEffect()) {
8538 Goto(function_return(), state);
8539 } else {
8540 DCHECK(call_context()->IsValue());
8541 AddLeaveInlined(implicit_return_value, state);
8542 }
8543 } else {
8544 // Falling off the end of a normal inlined function. This basically means
8545 // returning undefined.
8546 if (call_context()->IsTest()) {
8547 Goto(inlined_test_context()->if_false(), state);
8548 } else if (call_context()->IsEffect()) {
8549 Goto(function_return(), state);
8550 } else {
8551 DCHECK(call_context()->IsValue());
8552 AddLeaveInlined(undefined, state);
8553 }
8554 }
8555 }
8556
8557 // Fix up the function exits.
8558 if (inlined_test_context() != NULL) {
8559 HBasicBlock* if_true = inlined_test_context()->if_true();
8560 HBasicBlock* if_false = inlined_test_context()->if_false();
8561
8562 HEnterInlined* entry = function_state()->entry();
8563
8564 // Pop the return test context from the expression context stack.
8565 DCHECK(ast_context() == inlined_test_context());
8566 ClearInlinedTestContext();
8567 delete target_state;
8568
8569 // Forward to the real test context.
8570 if (if_true->HasPredecessor()) {
8571 entry->RegisterReturnTarget(if_true, zone());
8572 if_true->SetJoinId(ast_id);
8573 HBasicBlock* true_target = TestContext::cast(ast_context())->if_true();
8574 Goto(if_true, true_target, function_state());
8575 }
8576 if (if_false->HasPredecessor()) {
8577 entry->RegisterReturnTarget(if_false, zone());
8578 if_false->SetJoinId(ast_id);
8579 HBasicBlock* false_target = TestContext::cast(ast_context())->if_false();
8580 Goto(if_false, false_target, function_state());
8581 }
8582 set_current_block(NULL);
8583 return true;
8584
8585 } else if (function_return()->HasPredecessor()) {
8586 function_state()->entry()->RegisterReturnTarget(function_return(), zone());
8587 function_return()->SetJoinId(ast_id);
8588 set_current_block(function_return());
8589 } else {
8590 set_current_block(NULL);
8591 }
8592 delete target_state;
8593 return true;
8594 }
8595
8596
8597 bool HOptimizedGraphBuilder::TryInlineCall(Call* expr) {
8598 return TryInline(expr->target(), expr->arguments()->length(), NULL,
8599 expr->id(), expr->ReturnId(), NORMAL_RETURN);
8600 }
8601
8602
8603 bool HOptimizedGraphBuilder::TryInlineConstruct(CallNew* expr,
8604 HValue* implicit_return_value) {
8605 return TryInline(expr->target(), expr->arguments()->length(),
8606 implicit_return_value, expr->id(), expr->ReturnId(),
8607 CONSTRUCT_CALL_RETURN);
8608 }
8609
8610
8611 bool HOptimizedGraphBuilder::TryInlineGetter(Handle<JSFunction> getter,
8612 Handle<Map> receiver_map,
8613 BailoutId ast_id,
8614 BailoutId return_id) {
8615 if (TryInlineApiGetter(getter, receiver_map, ast_id)) return true;
8616 return TryInline(getter, 0, NULL, ast_id, return_id, GETTER_CALL_RETURN);
8617 }
8618
8619
8620 bool HOptimizedGraphBuilder::TryInlineSetter(Handle<JSFunction> setter,
8621 Handle<Map> receiver_map,
8622 BailoutId id,
8623 BailoutId assignment_id,
8624 HValue* implicit_return_value) {
8625 if (TryInlineApiSetter(setter, receiver_map, id)) return true;
8626 return TryInline(setter, 1, implicit_return_value, id, assignment_id,
8627 SETTER_CALL_RETURN);
8628 }
8629
8630
8631 bool HOptimizedGraphBuilder::TryInlineIndirectCall(Handle<JSFunction> function,
8632 Call* expr,
8633 int arguments_count) {
8634 return TryInline(function, arguments_count, NULL, expr->id(),
8635 expr->ReturnId(), NORMAL_RETURN);
8636 }
8637
8638
8639 bool HOptimizedGraphBuilder::TryInlineBuiltinFunctionCall(Call* expr) {
8640 if (!expr->target()->shared()->HasBuiltinFunctionId()) return false;
8641 BuiltinFunctionId id = expr->target()->shared()->builtin_function_id();
8642 switch (id) {
8643 case kMathExp:
8644 if (!FLAG_fast_math) break;
8645 // Fall through if FLAG_fast_math.
8646 case kMathRound:
8647 case kMathFround:
8648 case kMathFloor:
8649 case kMathAbs:
8650 case kMathSqrt:
8651 case kMathLog:
8652 case kMathClz32:
8653 if (expr->arguments()->length() == 1) {
8654 HValue* argument = Pop();
8655 Drop(2); // Receiver and function.
8656 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8657 ast_context()->ReturnInstruction(op, expr->id());
8658 return true;
8659 }
8660 break;
8661 case kMathImul:
8662 if (expr->arguments()->length() == 2) {
8663 HValue* right = Pop();
8664 HValue* left = Pop();
8665 Drop(2); // Receiver and function.
8666 HInstruction* op =
8667 HMul::NewImul(isolate(), zone(), context(), left, right);
8668 ast_context()->ReturnInstruction(op, expr->id());
8669 return true;
8670 }
8671 break;
8672 default:
8673 // Not supported for inlining yet.
8674 break;
8675 }
8676 return false;
8677 }
8678
8679
8680 // static
8681 bool HOptimizedGraphBuilder::IsReadOnlyLengthDescriptor(
8682 Handle<Map> jsarray_map) {
8683 DCHECK(!jsarray_map->is_dictionary_map());
8684 Isolate* isolate = jsarray_map->GetIsolate();
8685 Handle<Name> length_string = isolate->factory()->length_string();
8686 DescriptorArray* descriptors = jsarray_map->instance_descriptors();
8687 int number = descriptors->SearchWithCache(*length_string, *jsarray_map);
8688 DCHECK_NE(DescriptorArray::kNotFound, number);
8689 return descriptors->GetDetails(number).IsReadOnly();
8690 }
8691
8692
8693 // static
8694 bool HOptimizedGraphBuilder::CanInlineArrayResizeOperation(
8695 Handle<Map> receiver_map) {
8696 return !receiver_map.is_null() &&
8697 receiver_map->instance_type() == JS_ARRAY_TYPE &&
8698 IsFastElementsKind(receiver_map->elements_kind()) &&
8699 !receiver_map->is_dictionary_map() && !receiver_map->is_observed() &&
8700 receiver_map->is_extensible() &&
8701 (!receiver_map->is_prototype_map() || receiver_map->is_stable()) &&
8702 !IsReadOnlyLengthDescriptor(receiver_map);
8703 }
8704
8705
8706 bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
8707 Call* expr, Handle<JSFunction> function, Handle<Map> receiver_map,
8708 int args_count_no_receiver) {
8709 if (!function->shared()->HasBuiltinFunctionId()) return false;
8710 BuiltinFunctionId id = function->shared()->builtin_function_id();
8711 int argument_count = args_count_no_receiver + 1; // Plus receiver.
8712
8713 if (receiver_map.is_null()) {
8714 HValue* receiver = environment()->ExpressionStackAt(args_count_no_receiver);
8715 if (receiver->IsConstant() &&
8716 HConstant::cast(receiver)->handle(isolate())->IsHeapObject()) {
8717 receiver_map =
8718 handle(Handle<HeapObject>::cast(
8719 HConstant::cast(receiver)->handle(isolate()))->map());
8720 }
8721 }
8722 // Try to inline calls like Math.* as operations in the calling function.
8723 switch (id) {
8724 case kStringCharCodeAt:
8725 case kStringCharAt:
8726 if (argument_count == 2) {
8727 HValue* index = Pop();
8728 HValue* string = Pop();
8729 Drop(1); // Function.
8730 HInstruction* char_code =
8731 BuildStringCharCodeAt(string, index);
8732 if (id == kStringCharCodeAt) {
8733 ast_context()->ReturnInstruction(char_code, expr->id());
8734 return true;
8735 }
8736 AddInstruction(char_code);
8737 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
8738 ast_context()->ReturnInstruction(result, expr->id());
8739 return true;
8740 }
8741 break;
8742 case kStringFromCharCode:
8743 if (argument_count == 2) {
8744 HValue* argument = Pop();
8745 Drop(2); // Receiver and function.
8746 HInstruction* result = NewUncasted<HStringCharFromCode>(argument);
8747 ast_context()->ReturnInstruction(result, expr->id());
8748 return true;
8749 }
8750 break;
8751 case kMathExp:
8752 if (!FLAG_fast_math) break;
8753 // Fall through if FLAG_fast_math.
8754 case kMathRound:
8755 case kMathFround:
8756 case kMathFloor:
8757 case kMathAbs:
8758 case kMathSqrt:
8759 case kMathLog:
8760 case kMathClz32:
8761 if (argument_count == 2) {
8762 HValue* argument = Pop();
8763 Drop(2); // Receiver and function.
8764 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8765 ast_context()->ReturnInstruction(op, expr->id());
8766 return true;
8767 }
8768 break;
8769 case kMathPow:
8770 if (argument_count == 3) {
8771 HValue* right = Pop();
8772 HValue* left = Pop();
8773 Drop(2); // Receiver and function.
8774 HInstruction* result = NULL;
8775 // Use sqrt() if exponent is 0.5 or -0.5.
8776 if (right->IsConstant() && HConstant::cast(right)->HasDoubleValue()) {
8777 double exponent = HConstant::cast(right)->DoubleValue();
8778 if (exponent == 0.5) {
8779 result = NewUncasted<HUnaryMathOperation>(left, kMathPowHalf);
8780 } else if (exponent == -0.5) {
8781 HValue* one = graph()->GetConstant1();
8782 HInstruction* sqrt = AddUncasted<HUnaryMathOperation>(
8783 left, kMathPowHalf);
8784 // MathPowHalf doesn't have side effects so there's no need for
8785 // an environment simulation here.
8786 DCHECK(!sqrt->HasObservableSideEffects());
8787 result = NewUncasted<HDiv>(one, sqrt);
8788 } else if (exponent == 2.0) {
8789 result = NewUncasted<HMul>(left, left);
8790 }
8791 }
8792
8793 if (result == NULL) {
8794 result = NewUncasted<HPower>(left, right);
8795 }
8796 ast_context()->ReturnInstruction(result, expr->id());
8797 return true;
8798 }
8799 break;
8800 case kMathMax:
8801 case kMathMin:
8802 if (argument_count == 3) {
8803 HValue* right = Pop();
8804 HValue* left = Pop();
8805 Drop(2); // Receiver and function.
8806 HMathMinMax::Operation op = (id == kMathMin) ? HMathMinMax::kMathMin
8807 : HMathMinMax::kMathMax;
8808 HInstruction* result = NewUncasted<HMathMinMax>(left, right, op);
8809 ast_context()->ReturnInstruction(result, expr->id());
8810 return true;
8811 }
8812 break;
8813 case kMathImul:
8814 if (argument_count == 3) {
8815 HValue* right = Pop();
8816 HValue* left = Pop();
8817 Drop(2); // Receiver and function.
8818 HInstruction* result =
8819 HMul::NewImul(isolate(), zone(), context(), left, right);
8820 ast_context()->ReturnInstruction(result, expr->id());
8821 return true;
8822 }
8823 break;
8824 case kArrayPop: {
8825 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8826 ElementsKind elements_kind = receiver_map->elements_kind();
8827
8828 Drop(args_count_no_receiver);
8829 HValue* result;
8830 HValue* reduced_length;
8831 HValue* receiver = Pop();
8832
8833 HValue* checked_object = AddCheckMap(receiver, receiver_map);
8834 HValue* length =
8835 Add<HLoadNamedField>(checked_object, nullptr,
8836 HObjectAccess::ForArrayLength(elements_kind));
8837
8838 Drop(1); // Function.
8839
8840 { NoObservableSideEffectsScope scope(this);
8841 IfBuilder length_checker(this);
8842
8843 HValue* bounds_check = length_checker.If<HCompareNumericAndBranch>(
8844 length, graph()->GetConstant0(), Token::EQ);
8845 length_checker.Then();
8846
8847 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8848
8849 length_checker.Else();
8850 HValue* elements = AddLoadElements(checked_object);
8851 // Ensure that we aren't popping from a copy-on-write array.
8852 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8853 elements = BuildCopyElementsOnWrite(checked_object, elements,
8854 elements_kind, length);
8855 }
8856 reduced_length = AddUncasted<HSub>(length, graph()->GetConstant1());
8857 result = AddElementAccess(elements, reduced_length, NULL,
8858 bounds_check, elements_kind, LOAD);
8859 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
8860 ? graph()->GetConstantHole()
8861 : Add<HConstant>(HConstant::kHoleNaN);
8862 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8863 elements_kind = FAST_HOLEY_ELEMENTS;
8864 }
8865 AddElementAccess(
8866 elements, reduced_length, hole, bounds_check, elements_kind, STORE);
8867 Add<HStoreNamedField>(
8868 checked_object, HObjectAccess::ForArrayLength(elements_kind),
8869 reduced_length, STORE_TO_INITIALIZED_ENTRY);
8870
8871 if (!ast_context()->IsEffect()) Push(result);
8872
8873 length_checker.End();
8874 }
8875 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8876 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8877 if (!ast_context()->IsEffect()) Drop(1);
8878
8879 ast_context()->ReturnValue(result);
8880 return true;
8881 }
8882 case kArrayPush: {
8883 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8884 ElementsKind elements_kind = receiver_map->elements_kind();
8885
8886 // If there may be elements accessors in the prototype chain, the fast
8887 // inlined version can't be used.
8888 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8889 // If there currently can be no elements accessors on the prototype chain,
8890 // it doesn't mean that there won't be any later. Install a full prototype
8891 // chain check to trap element accessors being installed on the prototype
8892 // chain, which would cause elements to go to dictionary mode and result
8893 // in a map change.
8894 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
8895 BuildCheckPrototypeMaps(prototype, Handle<JSObject>());
8896
8897 // Protect against adding elements to the Array prototype, which needs to
8898 // route through appropriate bottlenecks.
8899 if (isolate()->IsFastArrayConstructorPrototypeChainIntact() &&
8900 !prototype->IsJSArray()) {
8901 return false;
8902 }
8903
8904 const int argc = args_count_no_receiver;
8905 if (argc != 1) return false;
8906
8907 HValue* value_to_push = Pop();
8908 HValue* array = Pop();
8909 Drop(1); // Drop function.
8910
8911 HInstruction* new_size = NULL;
8912 HValue* length = NULL;
8913
8914 {
8915 NoObservableSideEffectsScope scope(this);
8916
8917 length = Add<HLoadNamedField>(
8918 array, nullptr, HObjectAccess::ForArrayLength(elements_kind));
8919
8920 new_size = AddUncasted<HAdd>(length, graph()->GetConstant1());
8921
8922 bool is_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
8923 HValue* checked_array = Add<HCheckMaps>(array, receiver_map);
8924 BuildUncheckedMonomorphicElementAccess(
8925 checked_array, length, value_to_push, is_array, elements_kind,
8926 STORE, NEVER_RETURN_HOLE, STORE_AND_GROW_NO_TRANSITION);
8927
8928 if (!ast_context()->IsEffect()) Push(new_size);
8929 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8930 if (!ast_context()->IsEffect()) Drop(1);
8931 }
8932
8933 ast_context()->ReturnValue(new_size);
8934 return true;
8935 }
8936 case kArrayShift: {
8937 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8938 ElementsKind kind = receiver_map->elements_kind();
8939
8940 // If there may be elements accessors in the prototype chain, the fast
8941 // inlined version can't be used.
8942 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8943
8944 // If there currently can be no elements accessors on the prototype chain,
8945 // it doesn't mean that there won't be any later. Install a full prototype
8946 // chain check to trap element accessors being installed on the prototype
8947 // chain, which would cause elements to go to dictionary mode and result
8948 // in a map change.
8949 BuildCheckPrototypeMaps(
8950 handle(JSObject::cast(receiver_map->prototype()), isolate()),
8951 Handle<JSObject>::null());
8952
8953 // Threshold for fast inlined Array.shift().
8954 HConstant* inline_threshold = Add<HConstant>(static_cast<int32_t>(16));
8955
8956 Drop(args_count_no_receiver);
8957 HValue* receiver = Pop();
8958 HValue* function = Pop();
8959 HValue* result;
8960
8961 {
8962 NoObservableSideEffectsScope scope(this);
8963
8964 HValue* length = Add<HLoadNamedField>(
8965 receiver, nullptr, HObjectAccess::ForArrayLength(kind));
8966
8967 IfBuilder if_lengthiszero(this);
8968 HValue* lengthiszero = if_lengthiszero.If<HCompareNumericAndBranch>(
8969 length, graph()->GetConstant0(), Token::EQ);
8970 if_lengthiszero.Then();
8971 {
8972 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8973 }
8974 if_lengthiszero.Else();
8975 {
8976 HValue* elements = AddLoadElements(receiver);
8977
8978 // Check if we can use the fast inlined Array.shift().
8979 IfBuilder if_inline(this);
8980 if_inline.If<HCompareNumericAndBranch>(
8981 length, inline_threshold, Token::LTE);
8982 if (IsFastSmiOrObjectElementsKind(kind)) {
8983 // We cannot handle copy-on-write backing stores here.
8984 if_inline.AndIf<HCompareMap>(
8985 elements, isolate()->factory()->fixed_array_map());
8986 }
8987 if_inline.Then();
8988 {
8989 // Remember the result.
8990 if (!ast_context()->IsEffect()) {
8991 Push(AddElementAccess(elements, graph()->GetConstant0(), NULL,
8992 lengthiszero, kind, LOAD));
8993 }
8994
8995 // Compute the new length.
8996 HValue* new_length = AddUncasted<HSub>(
8997 length, graph()->GetConstant1());
8998 new_length->ClearFlag(HValue::kCanOverflow);
8999
9000 // Copy the remaining elements.
9001 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
9002 {
9003 HValue* new_key = loop.BeginBody(
9004 graph()->GetConstant0(), new_length, Token::LT);
9005 HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1());
9006 key->ClearFlag(HValue::kCanOverflow);
9007 ElementsKind copy_kind =
9008 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
9009 HValue* element = AddUncasted<HLoadKeyed>(
9010 elements, key, lengthiszero, copy_kind, ALLOW_RETURN_HOLE);
9011 HStoreKeyed* store =
9012 Add<HStoreKeyed>(elements, new_key, element, copy_kind);
9013 store->SetFlag(HValue::kAllowUndefinedAsNaN);
9014 }
9015 loop.EndBody();
9016
9017 // Put a hole at the end.
9018 HValue* hole = IsFastSmiOrObjectElementsKind(kind)
9019 ? graph()->GetConstantHole()
9020 : Add<HConstant>(HConstant::kHoleNaN);
9021 if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS;
9022 Add<HStoreKeyed>(
9023 elements, new_length, hole, kind, INITIALIZING_STORE);
9024
9025 // Remember new length.
9026 Add<HStoreNamedField>(
9027 receiver, HObjectAccess::ForArrayLength(kind),
9028 new_length, STORE_TO_INITIALIZED_ENTRY);
9029 }
9030 if_inline.Else();
9031 {
9032 Add<HPushArguments>(receiver);
9033 result = Add<HCallJSFunction>(function, 1);
9034 if (!ast_context()->IsEffect()) Push(result);
9035 }
9036 if_inline.End();
9037 }
9038 if_lengthiszero.End();
9039 }
9040 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
9041 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
9042 if (!ast_context()->IsEffect()) Drop(1);
9043 ast_context()->ReturnValue(result);
9044 return true;
9045 }
9046 case kArrayIndexOf:
9047 case kArrayLastIndexOf: {
9048 if (receiver_map.is_null()) return false;
9049 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
9050 ElementsKind kind = receiver_map->elements_kind();
9051 if (!IsFastElementsKind(kind)) return false;
9052 if (receiver_map->is_observed()) return false;
9053 if (argument_count != 2) return false;
9054 if (!receiver_map->is_extensible()) return false;
9055
9056 // If there may be elements accessors in the prototype chain, the fast
9057 // inlined version can't be used.
9058 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
9059
9060 // If there currently can be no elements accessors on the prototype chain,
9061 // it doesn't mean that there won't be any later. Install a full prototype
9062 // chain check to trap element accessors being installed on the prototype
9063 // chain, which would cause elements to go to dictionary mode and result
9064 // in a map change.
9065 BuildCheckPrototypeMaps(
9066 handle(JSObject::cast(receiver_map->prototype()), isolate()),
9067 Handle<JSObject>::null());
9068
9069 HValue* search_element = Pop();
9070 HValue* receiver = Pop();
9071 Drop(1); // Drop function.
9072
9073 ArrayIndexOfMode mode = (id == kArrayIndexOf)
9074 ? kFirstIndexOf : kLastIndexOf;
9075 HValue* index = BuildArrayIndexOf(receiver, search_element, kind, mode);
9076
9077 if (!ast_context()->IsEffect()) Push(index);
9078 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
9079 if (!ast_context()->IsEffect()) Drop(1);
9080 ast_context()->ReturnValue(index);
9081 return true;
9082 }
9083 default:
9084 // Not yet supported for inlining.
9085 break;
9086 }
9087 return false;
9088 }
9089
9090
9091 bool HOptimizedGraphBuilder::TryInlineApiFunctionCall(Call* expr,
9092 HValue* receiver) {
9093 Handle<JSFunction> function = expr->target();
9094 int argc = expr->arguments()->length();
9095 SmallMapList receiver_maps;
9096 return TryInlineApiCall(function,
9097 receiver,
9098 &receiver_maps,
9099 argc,
9100 expr->id(),
9101 kCallApiFunction);
9102 }
9103
9104
9105 bool HOptimizedGraphBuilder::TryInlineApiMethodCall(
9106 Call* expr,
9107 HValue* receiver,
9108 SmallMapList* receiver_maps) {
9109 Handle<JSFunction> function = expr->target();
9110 int argc = expr->arguments()->length();
9111 return TryInlineApiCall(function,
9112 receiver,
9113 receiver_maps,
9114 argc,
9115 expr->id(),
9116 kCallApiMethod);
9117 }
9118
9119
9120 bool HOptimizedGraphBuilder::TryInlineApiGetter(Handle<JSFunction> function,
9121 Handle<Map> receiver_map,
9122 BailoutId ast_id) {
9123 SmallMapList receiver_maps(1, zone());
9124 receiver_maps.Add(receiver_map, zone());
9125 return TryInlineApiCall(function,
9126 NULL, // Receiver is on expression stack.
9127 &receiver_maps,
9128 0,
9129 ast_id,
9130 kCallApiGetter);
9131 }
9132
9133
9134 bool HOptimizedGraphBuilder::TryInlineApiSetter(Handle<JSFunction> function,
9135 Handle<Map> receiver_map,
9136 BailoutId ast_id) {
9137 SmallMapList receiver_maps(1, zone());
9138 receiver_maps.Add(receiver_map, zone());
9139 return TryInlineApiCall(function,
9140 NULL, // Receiver is on expression stack.
9141 &receiver_maps,
9142 1,
9143 ast_id,
9144 kCallApiSetter);
9145 }
9146
9147
9148 bool HOptimizedGraphBuilder::TryInlineApiCall(Handle<JSFunction> function,
9149 HValue* receiver,
9150 SmallMapList* receiver_maps,
9151 int argc,
9152 BailoutId ast_id,
9153 ApiCallType call_type) {
9154 if (function->context()->native_context() !=
9155 top_info()->closure()->context()->native_context()) {
9156 return false;
9157 }
9158 CallOptimization optimization(function);
9159 if (!optimization.is_simple_api_call()) return false;
9160 Handle<Map> holder_map;
9161 for (int i = 0; i < receiver_maps->length(); ++i) {
9162 auto map = receiver_maps->at(i);
9163 // Don't inline calls to receivers requiring accesschecks.
9164 if (map->is_access_check_needed()) return false;
9165 }
9166 if (call_type == kCallApiFunction) {
9167 // Cannot embed a direct reference to the global proxy map
9168 // as it maybe dropped on deserialization.
9169 CHECK(!isolate()->serializer_enabled());
9170 DCHECK_EQ(0, receiver_maps->length());
9171 receiver_maps->Add(handle(function->global_proxy()->map()), zone());
9172 }
9173 CallOptimization::HolderLookup holder_lookup =
9174 CallOptimization::kHolderNotFound;
9175 Handle<JSObject> api_holder = optimization.LookupHolderOfExpectedType(
9176 receiver_maps->first(), &holder_lookup);
9177 if (holder_lookup == CallOptimization::kHolderNotFound) return false;
9178
9179 if (FLAG_trace_inlining) {
9180 PrintF("Inlining api function ");
9181 function->ShortPrint();
9182 PrintF("\n");
9183 }
9184
9185 bool is_function = false;
9186 bool is_store = false;
9187 switch (call_type) {
9188 case kCallApiFunction:
9189 case kCallApiMethod:
9190 // Need to check that none of the receiver maps could have changed.
9191 Add<HCheckMaps>(receiver, receiver_maps);
9192 // Need to ensure the chain between receiver and api_holder is intact.
9193 if (holder_lookup == CallOptimization::kHolderFound) {
9194 AddCheckPrototypeMaps(api_holder, receiver_maps->first());
9195 } else {
9196 DCHECK_EQ(holder_lookup, CallOptimization::kHolderIsReceiver);
9197 }
9198 // Includes receiver.
9199 PushArgumentsFromEnvironment(argc + 1);
9200 is_function = true;
9201 break;
9202 case kCallApiGetter:
9203 // Receiver and prototype chain cannot have changed.
9204 DCHECK_EQ(0, argc);
9205 DCHECK_NULL(receiver);
9206 // Receiver is on expression stack.
9207 receiver = Pop();
9208 Add<HPushArguments>(receiver);
9209 break;
9210 case kCallApiSetter:
9211 {
9212 is_store = true;
9213 // Receiver and prototype chain cannot have changed.
9214 DCHECK_EQ(1, argc);
9215 DCHECK_NULL(receiver);
9216 // Receiver and value are on expression stack.
9217 HValue* value = Pop();
9218 receiver = Pop();
9219 Add<HPushArguments>(receiver, value);
9220 break;
9221 }
9222 }
9223
9224 HValue* holder = NULL;
9225 switch (holder_lookup) {
9226 case CallOptimization::kHolderFound:
9227 holder = Add<HConstant>(api_holder);
9228 break;
9229 case CallOptimization::kHolderIsReceiver:
9230 holder = receiver;
9231 break;
9232 case CallOptimization::kHolderNotFound:
9233 UNREACHABLE();
9234 break;
9235 }
9236 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
9237 Handle<Object> call_data_obj(api_call_info->data(), isolate());
9238 bool call_data_undefined = call_data_obj->IsUndefined();
9239 HValue* call_data = Add<HConstant>(call_data_obj);
9240 ApiFunction fun(v8::ToCData<Address>(api_call_info->callback()));
9241 ExternalReference ref = ExternalReference(&fun,
9242 ExternalReference::DIRECT_API_CALL,
9243 isolate());
9244 HValue* api_function_address = Add<HConstant>(ExternalReference(ref));
9245
9246 HValue* op_vals[] = {context(), Add<HConstant>(function), call_data, holder,
9247 api_function_address, nullptr};
9248
9249 HInstruction* call = nullptr;
9250 if (!is_function) {
9251 CallApiAccessorStub stub(isolate(), is_store, call_data_undefined);
9252 Handle<Code> code = stub.GetCode();
9253 HConstant* code_value = Add<HConstant>(code);
9254 ApiAccessorDescriptor descriptor(isolate());
9255 call = New<HCallWithDescriptor>(
9256 code_value, argc + 1, descriptor,
9257 Vector<HValue*>(op_vals, arraysize(op_vals) - 1));
9258 } else if (argc <= CallApiFunctionWithFixedArgsStub::kMaxFixedArgs) {
9259 CallApiFunctionWithFixedArgsStub stub(isolate(), argc, call_data_undefined);
9260 Handle<Code> code = stub.GetCode();
9261 HConstant* code_value = Add<HConstant>(code);
9262 ApiFunctionWithFixedArgsDescriptor descriptor(isolate());
9263 call = New<HCallWithDescriptor>(
9264 code_value, argc + 1, descriptor,
9265 Vector<HValue*>(op_vals, arraysize(op_vals) - 1));
9266 Drop(1); // Drop function.
9267 } else {
9268 op_vals[arraysize(op_vals) - 1] = Add<HConstant>(argc);
9269 CallApiFunctionStub stub(isolate(), call_data_undefined);
9270 Handle<Code> code = stub.GetCode();
9271 HConstant* code_value = Add<HConstant>(code);
9272 ApiFunctionDescriptor descriptor(isolate());
9273 call =
9274 New<HCallWithDescriptor>(code_value, argc + 1, descriptor,
9275 Vector<HValue*>(op_vals, arraysize(op_vals)));
9276 Drop(1); // Drop function.
9277 }
9278
9279 ast_context()->ReturnInstruction(call, ast_id);
9280 return true;
9281 }
9282
9283
9284 void HOptimizedGraphBuilder::HandleIndirectCall(Call* expr, HValue* function,
9285 int arguments_count) {
9286 Handle<JSFunction> known_function;
9287 int args_count_no_receiver = arguments_count - 1;
9288 if (function->IsConstant() &&
9289 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9290 known_function =
9291 Handle<JSFunction>::cast(HConstant::cast(function)->handle(isolate()));
9292 if (TryInlineBuiltinMethodCall(expr, known_function, Handle<Map>(),
9293 args_count_no_receiver)) {
9294 if (FLAG_trace_inlining) {
9295 PrintF("Inlining builtin ");
9296 known_function->ShortPrint();
9297 PrintF("\n");
9298 }
9299 return;
9300 }
9301
9302 if (TryInlineIndirectCall(known_function, expr, args_count_no_receiver)) {
9303 return;
9304 }
9305 }
9306
9307 PushArgumentsFromEnvironment(arguments_count);
9308 HInvokeFunction* call =
9309 New<HInvokeFunction>(function, known_function, arguments_count);
9310 Drop(1); // Function
9311 ast_context()->ReturnInstruction(call, expr->id());
9312 }
9313
9314
9315 bool HOptimizedGraphBuilder::TryIndirectCall(Call* expr) {
9316 DCHECK(expr->expression()->IsProperty());
9317
9318 if (!expr->IsMonomorphic()) {
9319 return false;
9320 }
9321 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9322 if (function_map->instance_type() != JS_FUNCTION_TYPE ||
9323 !expr->target()->shared()->HasBuiltinFunctionId()) {
9324 return false;
9325 }
9326
9327 switch (expr->target()->shared()->builtin_function_id()) {
9328 case kFunctionCall: {
9329 if (expr->arguments()->length() == 0) return false;
9330 BuildFunctionCall(expr);
9331 return true;
9332 }
9333 case kFunctionApply: {
9334 // For .apply, only the pattern f.apply(receiver, arguments)
9335 // is supported.
9336 if (current_info()->scope()->arguments() == NULL) return false;
9337
9338 if (!CanBeFunctionApplyArguments(expr)) return false;
9339
9340 BuildFunctionApply(expr);
9341 return true;
9342 }
9343 default: { return false; }
9344 }
9345 UNREACHABLE();
9346 }
9347
9348
9349 void HOptimizedGraphBuilder::BuildFunctionApply(Call* expr) {
9350 ZoneList<Expression*>* args = expr->arguments();
9351 CHECK_ALIVE(VisitForValue(args->at(0)));
9352 HValue* receiver = Pop(); // receiver
9353 HValue* function = Pop(); // f
9354 Drop(1); // apply
9355
9356 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9357 HValue* checked_function = AddCheckMap(function, function_map);
9358
9359 if (function_state()->outer() == NULL) {
9360 HInstruction* elements = Add<HArgumentsElements>(false);
9361 HInstruction* length = Add<HArgumentsLength>(elements);
9362 HValue* wrapped_receiver = BuildWrapReceiver(receiver, checked_function);
9363 HInstruction* result = New<HApplyArguments>(function,
9364 wrapped_receiver,
9365 length,
9366 elements);
9367 ast_context()->ReturnInstruction(result, expr->id());
9368 } else {
9369 // We are inside inlined function and we know exactly what is inside
9370 // arguments object. But we need to be able to materialize at deopt.
9371 DCHECK_EQ(environment()->arguments_environment()->parameter_count(),
9372 function_state()->entry()->arguments_object()->arguments_count());
9373 HArgumentsObject* args = function_state()->entry()->arguments_object();
9374 const ZoneList<HValue*>* arguments_values = args->arguments_values();
9375 int arguments_count = arguments_values->length();
9376 Push(function);
9377 Push(BuildWrapReceiver(receiver, checked_function));
9378 for (int i = 1; i < arguments_count; i++) {
9379 Push(arguments_values->at(i));
9380 }
9381 HandleIndirectCall(expr, function, arguments_count);
9382 }
9383 }
9384
9385
9386 // f.call(...)
9387 void HOptimizedGraphBuilder::BuildFunctionCall(Call* expr) {
9388 HValue* function = Top(); // f
9389 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9390 HValue* checked_function = AddCheckMap(function, function_map);
9391
9392 // f and call are on the stack in the unoptimized code
9393 // during evaluation of the arguments.
9394 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9395
9396 int args_length = expr->arguments()->length();
9397 int receiver_index = args_length - 1;
9398 // Patch the receiver.
9399 HValue* receiver = BuildWrapReceiver(
9400 environment()->ExpressionStackAt(receiver_index), checked_function);
9401 environment()->SetExpressionStackAt(receiver_index, receiver);
9402
9403 // Call must not be on the stack from now on.
9404 int call_index = args_length + 1;
9405 environment()->RemoveExpressionStackAt(call_index);
9406
9407 HandleIndirectCall(expr, function, args_length);
9408 }
9409
9410
9411 HValue* HOptimizedGraphBuilder::ImplicitReceiverFor(HValue* function,
9412 Handle<JSFunction> target) {
9413 SharedFunctionInfo* shared = target->shared();
9414 if (is_sloppy(shared->language_mode()) && !shared->native()) {
9415 // Cannot embed a direct reference to the global proxy
9416 // as is it dropped on deserialization.
9417 CHECK(!isolate()->serializer_enabled());
9418 Handle<JSObject> global_proxy(target->context()->global_proxy());
9419 return Add<HConstant>(global_proxy);
9420 }
9421 return graph()->GetConstantUndefined();
9422 }
9423
9424
9425 void HOptimizedGraphBuilder::BuildArrayCall(Expression* expression,
9426 int arguments_count,
9427 HValue* function,
9428 Handle<AllocationSite> site) {
9429 Add<HCheckValue>(function, array_function());
9430
9431 if (IsCallArrayInlineable(arguments_count, site)) {
9432 BuildInlinedCallArray(expression, arguments_count, site);
9433 return;
9434 }
9435
9436 HInstruction* call = PreProcessCall(New<HCallNewArray>(
9437 function, arguments_count + 1, site->GetElementsKind(), site));
9438 if (expression->IsCall()) {
9439 Drop(1);
9440 }
9441 ast_context()->ReturnInstruction(call, expression->id());
9442 }
9443
9444
9445 HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver,
9446 HValue* search_element,
9447 ElementsKind kind,
9448 ArrayIndexOfMode mode) {
9449 DCHECK(IsFastElementsKind(kind));
9450
9451 NoObservableSideEffectsScope no_effects(this);
9452
9453 HValue* elements = AddLoadElements(receiver);
9454 HValue* length = AddLoadArrayLength(receiver, kind);
9455
9456 HValue* initial;
9457 HValue* terminating;
9458 Token::Value token;
9459 LoopBuilder::Direction direction;
9460 if (mode == kFirstIndexOf) {
9461 initial = graph()->GetConstant0();
9462 terminating = length;
9463 token = Token::LT;
9464 direction = LoopBuilder::kPostIncrement;
9465 } else {
9466 DCHECK_EQ(kLastIndexOf, mode);
9467 initial = length;
9468 terminating = graph()->GetConstant0();
9469 token = Token::GT;
9470 direction = LoopBuilder::kPreDecrement;
9471 }
9472
9473 Push(graph()->GetConstantMinus1());
9474 if (IsFastDoubleElementsKind(kind) || IsFastSmiElementsKind(kind)) {
9475 // Make sure that we can actually compare numbers correctly below, see
9476 // https://code.google.com/p/chromium/issues/detail?id=407946 for details.
9477 search_element = AddUncasted<HForceRepresentation>(
9478 search_element, IsFastSmiElementsKind(kind) ? Representation::Smi()
9479 : Representation::Double());
9480
9481 LoopBuilder loop(this, context(), direction);
9482 {
9483 HValue* index = loop.BeginBody(initial, terminating, token);
9484 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr, kind,
9485 ALLOW_RETURN_HOLE);
9486 IfBuilder if_issame(this);
9487 if_issame.If<HCompareNumericAndBranch>(element, search_element,
9488 Token::EQ_STRICT);
9489 if_issame.Then();
9490 {
9491 Drop(1);
9492 Push(index);
9493 loop.Break();
9494 }
9495 if_issame.End();
9496 }
9497 loop.EndBody();
9498 } else {
9499 IfBuilder if_isstring(this);
9500 if_isstring.If<HIsStringAndBranch>(search_element);
9501 if_isstring.Then();
9502 {
9503 LoopBuilder loop(this, context(), direction);
9504 {
9505 HValue* index = loop.BeginBody(initial, terminating, token);
9506 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9507 kind, ALLOW_RETURN_HOLE);
9508 IfBuilder if_issame(this);
9509 if_issame.If<HIsStringAndBranch>(element);
9510 if_issame.AndIf<HStringCompareAndBranch>(
9511 element, search_element, Token::EQ_STRICT);
9512 if_issame.Then();
9513 {
9514 Drop(1);
9515 Push(index);
9516 loop.Break();
9517 }
9518 if_issame.End();
9519 }
9520 loop.EndBody();
9521 }
9522 if_isstring.Else();
9523 {
9524 IfBuilder if_isnumber(this);
9525 if_isnumber.If<HIsSmiAndBranch>(search_element);
9526 if_isnumber.OrIf<HCompareMap>(
9527 search_element, isolate()->factory()->heap_number_map());
9528 if_isnumber.Then();
9529 {
9530 HValue* search_number =
9531 AddUncasted<HForceRepresentation>(search_element,
9532 Representation::Double());
9533 LoopBuilder loop(this, context(), direction);
9534 {
9535 HValue* index = loop.BeginBody(initial, terminating, token);
9536 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9537 kind, ALLOW_RETURN_HOLE);
9538
9539 IfBuilder if_element_isnumber(this);
9540 if_element_isnumber.If<HIsSmiAndBranch>(element);
9541 if_element_isnumber.OrIf<HCompareMap>(
9542 element, isolate()->factory()->heap_number_map());
9543 if_element_isnumber.Then();
9544 {
9545 HValue* number =
9546 AddUncasted<HForceRepresentation>(element,
9547 Representation::Double());
9548 IfBuilder if_issame(this);
9549 if_issame.If<HCompareNumericAndBranch>(
9550 number, search_number, Token::EQ_STRICT);
9551 if_issame.Then();
9552 {
9553 Drop(1);
9554 Push(index);
9555 loop.Break();
9556 }
9557 if_issame.End();
9558 }
9559 if_element_isnumber.End();
9560 }
9561 loop.EndBody();
9562 }
9563 if_isnumber.Else();
9564 {
9565 LoopBuilder loop(this, context(), direction);
9566 {
9567 HValue* index = loop.BeginBody(initial, terminating, token);
9568 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9569 kind, ALLOW_RETURN_HOLE);
9570 IfBuilder if_issame(this);
9571 if_issame.If<HCompareObjectEqAndBranch>(
9572 element, search_element);
9573 if_issame.Then();
9574 {
9575 Drop(1);
9576 Push(index);
9577 loop.Break();
9578 }
9579 if_issame.End();
9580 }
9581 loop.EndBody();
9582 }
9583 if_isnumber.End();
9584 }
9585 if_isstring.End();
9586 }
9587
9588 return Pop();
9589 }
9590
9591
9592 bool HOptimizedGraphBuilder::TryHandleArrayCall(Call* expr, HValue* function) {
9593 if (!array_function().is_identical_to(expr->target())) {
9594 return false;
9595 }
9596
9597 Handle<AllocationSite> site = expr->allocation_site();
9598 if (site.is_null()) return false;
9599
9600 BuildArrayCall(expr,
9601 expr->arguments()->length(),
9602 function,
9603 site);
9604 return true;
9605 }
9606
9607
9608 bool HOptimizedGraphBuilder::TryHandleArrayCallNew(CallNew* expr,
9609 HValue* function) {
9610 if (!array_function().is_identical_to(expr->target())) {
9611 return false;
9612 }
9613
9614 Handle<AllocationSite> site = expr->allocation_site();
9615 if (site.is_null()) return false;
9616
9617 BuildArrayCall(expr, expr->arguments()->length(), function, site);
9618 return true;
9619 }
9620
9621
9622 bool HOptimizedGraphBuilder::CanBeFunctionApplyArguments(Call* expr) {
9623 ZoneList<Expression*>* args = expr->arguments();
9624 if (args->length() != 2) return false;
9625 VariableProxy* arg_two = args->at(1)->AsVariableProxy();
9626 if (arg_two == NULL || !arg_two->var()->IsStackAllocated()) return false;
9627 HValue* arg_two_value = LookupAndMakeLive(arg_two->var());
9628 if (!arg_two_value->CheckFlag(HValue::kIsArguments)) return false;
9629 return true;
9630 }
9631
9632
9633 void HOptimizedGraphBuilder::VisitCall(Call* expr) {
9634 DCHECK(!HasStackOverflow());
9635 DCHECK(current_block() != NULL);
9636 DCHECK(current_block()->HasPredecessor());
9637 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
9638 Expression* callee = expr->expression();
9639 int argument_count = expr->arguments()->length() + 1; // Plus receiver.
9640 HInstruction* call = NULL;
9641
9642 Property* prop = callee->AsProperty();
9643 if (prop != NULL) {
9644 CHECK_ALIVE(VisitForValue(prop->obj()));
9645 HValue* receiver = Top();
9646
9647 SmallMapList* maps;
9648 ComputeReceiverTypes(expr, receiver, &maps, zone());
9649
9650 if (prop->key()->IsPropertyName() && maps->length() > 0) {
9651 Handle<String> name = prop->key()->AsLiteral()->AsPropertyName();
9652 PropertyAccessInfo info(this, LOAD, maps->first(), name);
9653 if (!info.CanAccessAsMonomorphic(maps)) {
9654 HandlePolymorphicCallNamed(expr, receiver, maps, name);
9655 return;
9656 }
9657 }
9658 HValue* key = NULL;
9659 if (!prop->key()->IsPropertyName()) {
9660 CHECK_ALIVE(VisitForValue(prop->key()));
9661 key = Pop();
9662 }
9663
9664 CHECK_ALIVE(PushLoad(prop, receiver, key));
9665 HValue* function = Pop();
9666
9667 if (function->IsConstant() &&
9668 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9669 // Push the function under the receiver.
9670 environment()->SetExpressionStackAt(0, function);
9671 Push(receiver);
9672
9673 Handle<JSFunction> known_function = Handle<JSFunction>::cast(
9674 HConstant::cast(function)->handle(isolate()));
9675 expr->set_target(known_function);
9676
9677 if (TryIndirectCall(expr)) return;
9678 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9679
9680 Handle<Map> map = maps->length() == 1 ? maps->first() : Handle<Map>();
9681 if (TryInlineBuiltinMethodCall(expr, known_function, map,
9682 expr->arguments()->length())) {
9683 if (FLAG_trace_inlining) {
9684 PrintF("Inlining builtin ");
9685 known_function->ShortPrint();
9686 PrintF("\n");
9687 }
9688 return;
9689 }
9690 if (TryInlineApiMethodCall(expr, receiver, maps)) return;
9691
9692 // Wrap the receiver if necessary.
9693 if (NeedsWrapping(maps->first(), known_function)) {
9694 // Since HWrapReceiver currently cannot actually wrap numbers and
9695 // strings, use the regular CallFunctionStub for method calls to wrap
9696 // the receiver.
9697 // TODO(verwaest): Support creation of value wrappers directly in
9698 // HWrapReceiver.
9699 call = New<HCallFunction>(
9700 function, argument_count, WRAP_AND_CALL);
9701 } else if (TryInlineCall(expr)) {
9702 return;
9703 } else {
9704 call = BuildCallConstantFunction(known_function, argument_count);
9705 }
9706
9707 } else {
9708 ArgumentsAllowedFlag arguments_flag = ARGUMENTS_NOT_ALLOWED;
9709 if (CanBeFunctionApplyArguments(expr) && expr->is_uninitialized()) {
9710 // We have to use EAGER deoptimization here because Deoptimizer::SOFT
9711 // gets ignored by the always-opt flag, which leads to incorrect code.
9712 Add<HDeoptimize>(
9713 Deoptimizer::kInsufficientTypeFeedbackForCallWithArguments,
9714 Deoptimizer::EAGER);
9715 arguments_flag = ARGUMENTS_FAKED;
9716 }
9717
9718 // Push the function under the receiver.
9719 environment()->SetExpressionStackAt(0, function);
9720 Push(receiver);
9721
9722 CHECK_ALIVE(VisitExpressions(expr->arguments(), arguments_flag));
9723 CallFunctionFlags flags = receiver->type().IsJSObject()
9724 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
9725 call = New<HCallFunction>(function, argument_count, flags);
9726 }
9727 PushArgumentsFromEnvironment(argument_count);
9728
9729 } else {
9730 VariableProxy* proxy = expr->expression()->AsVariableProxy();
9731 if (proxy != NULL && proxy->var()->is_possibly_eval(isolate())) {
9732 return Bailout(kPossibleDirectCallToEval);
9733 }
9734
9735 // The function is on the stack in the unoptimized code during
9736 // evaluation of the arguments.
9737 CHECK_ALIVE(VisitForValue(expr->expression()));
9738 HValue* function = Top();
9739 if (function->IsConstant() &&
9740 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9741 Handle<Object> constant = HConstant::cast(function)->handle(isolate());
9742 Handle<JSFunction> target = Handle<JSFunction>::cast(constant);
9743 expr->SetKnownGlobalTarget(target);
9744 }
9745
9746 // Placeholder for the receiver.
9747 Push(graph()->GetConstantUndefined());
9748 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9749
9750 if (expr->IsMonomorphic()) {
9751 Add<HCheckValue>(function, expr->target());
9752
9753 // Patch the global object on the stack by the expected receiver.
9754 HValue* receiver = ImplicitReceiverFor(function, expr->target());
9755 const int receiver_index = argument_count - 1;
9756 environment()->SetExpressionStackAt(receiver_index, receiver);
9757
9758 if (TryInlineBuiltinFunctionCall(expr)) {
9759 if (FLAG_trace_inlining) {
9760 PrintF("Inlining builtin ");
9761 expr->target()->ShortPrint();
9762 PrintF("\n");
9763 }
9764 return;
9765 }
9766 if (TryInlineApiFunctionCall(expr, receiver)) return;
9767 if (TryHandleArrayCall(expr, function)) return;
9768 if (TryInlineCall(expr)) return;
9769
9770 PushArgumentsFromEnvironment(argument_count);
9771 call = BuildCallConstantFunction(expr->target(), argument_count);
9772 } else {
9773 PushArgumentsFromEnvironment(argument_count);
9774 HCallFunction* call_function =
9775 New<HCallFunction>(function, argument_count);
9776 call = call_function;
9777 if (expr->is_uninitialized() &&
9778 expr->IsUsingCallFeedbackICSlot(isolate())) {
9779 // We've never seen this call before, so let's have Crankshaft learn
9780 // through the type vector.
9781 Handle<TypeFeedbackVector> vector =
9782 handle(current_feedback_vector(), isolate());
9783 FeedbackVectorSlot slot = expr->CallFeedbackICSlot();
9784 call_function->SetVectorAndSlot(vector, slot);
9785 }
9786 }
9787 }
9788
9789 Drop(1); // Drop the function.
9790 return ast_context()->ReturnInstruction(call, expr->id());
9791 }
9792
9793
9794 void HOptimizedGraphBuilder::BuildInlinedCallArray(
9795 Expression* expression,
9796 int argument_count,
9797 Handle<AllocationSite> site) {
9798 DCHECK(!site.is_null());
9799 DCHECK(argument_count >= 0 && argument_count <= 1);
9800 NoObservableSideEffectsScope no_effects(this);
9801
9802 // We should at least have the constructor on the expression stack.
9803 HValue* constructor = environment()->ExpressionStackAt(argument_count);
9804
9805 // Register on the site for deoptimization if the transition feedback changes.
9806 top_info()->dependencies()->AssumeTransitionStable(site);
9807 ElementsKind kind = site->GetElementsKind();
9808 HInstruction* site_instruction = Add<HConstant>(site);
9809
9810 // In the single constant argument case, we may have to adjust elements kind
9811 // to avoid creating a packed non-empty array.
9812 if (argument_count == 1 && !IsHoleyElementsKind(kind)) {
9813 HValue* argument = environment()->Top();
9814 if (argument->IsConstant()) {
9815 HConstant* constant_argument = HConstant::cast(argument);
9816 DCHECK(constant_argument->HasSmiValue());
9817 int constant_array_size = constant_argument->Integer32Value();
9818 if (constant_array_size != 0) {
9819 kind = GetHoleyElementsKind(kind);
9820 }
9821 }
9822 }
9823
9824 // Build the array.
9825 JSArrayBuilder array_builder(this,
9826 kind,
9827 site_instruction,
9828 constructor,
9829 DISABLE_ALLOCATION_SITES);
9830 HValue* new_object = argument_count == 0
9831 ? array_builder.AllocateEmptyArray()
9832 : BuildAllocateArrayFromLength(&array_builder, Top());
9833
9834 int args_to_drop = argument_count + (expression->IsCall() ? 2 : 1);
9835 Drop(args_to_drop);
9836 ast_context()->ReturnValue(new_object);
9837 }
9838
9839
9840 // Checks whether allocation using the given constructor can be inlined.
9841 static bool IsAllocationInlineable(Handle<JSFunction> constructor) {
9842 return constructor->has_initial_map() &&
9843 constructor->initial_map()->instance_type() == JS_OBJECT_TYPE &&
9844 constructor->initial_map()->instance_size() <
9845 HAllocate::kMaxInlineSize;
9846 }
9847
9848
9849 bool HOptimizedGraphBuilder::IsCallArrayInlineable(
9850 int argument_count,
9851 Handle<AllocationSite> site) {
9852 Handle<JSFunction> caller = current_info()->closure();
9853 Handle<JSFunction> target = array_function();
9854 // We should have the function plus array arguments on the environment stack.
9855 DCHECK(environment()->length() >= (argument_count + 1));
9856 DCHECK(!site.is_null());
9857
9858 bool inline_ok = false;
9859 if (site->CanInlineCall()) {
9860 // We also want to avoid inlining in certain 1 argument scenarios.
9861 if (argument_count == 1) {
9862 HValue* argument = Top();
9863 if (argument->IsConstant()) {
9864 // Do not inline if the constant length argument is not a smi or
9865 // outside the valid range for unrolled loop initialization.
9866 HConstant* constant_argument = HConstant::cast(argument);
9867 if (constant_argument->HasSmiValue()) {
9868 int value = constant_argument->Integer32Value();
9869 inline_ok = value >= 0 && value <= kElementLoopUnrollThreshold;
9870 if (!inline_ok) {
9871 TraceInline(target, caller,
9872 "Constant length outside of valid inlining range.");
9873 }
9874 }
9875 } else {
9876 TraceInline(target, caller,
9877 "Dont inline [new] Array(n) where n isn't constant.");
9878 }
9879 } else if (argument_count == 0) {
9880 inline_ok = true;
9881 } else {
9882 TraceInline(target, caller, "Too many arguments to inline.");
9883 }
9884 } else {
9885 TraceInline(target, caller, "AllocationSite requested no inlining.");
9886 }
9887
9888 if (inline_ok) {
9889 TraceInline(target, caller, NULL);
9890 }
9891 return inline_ok;
9892 }
9893
9894
9895 void HOptimizedGraphBuilder::VisitCallNew(CallNew* expr) {
9896 DCHECK(!HasStackOverflow());
9897 DCHECK(current_block() != NULL);
9898 DCHECK(current_block()->HasPredecessor());
9899 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
9900 int argument_count = expr->arguments()->length() + 1; // Plus constructor.
9901 Factory* factory = isolate()->factory();
9902
9903 // The constructor function is on the stack in the unoptimized code
9904 // during evaluation of the arguments.
9905 CHECK_ALIVE(VisitForValue(expr->expression()));
9906 HValue* function = Top();
9907 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9908
9909 if (function->IsConstant() &&
9910 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9911 Handle<Object> constant = HConstant::cast(function)->handle(isolate());
9912 expr->SetKnownGlobalTarget(Handle<JSFunction>::cast(constant));
9913 }
9914
9915 if (FLAG_inline_construct &&
9916 expr->IsMonomorphic() &&
9917 IsAllocationInlineable(expr->target())) {
9918 Handle<JSFunction> constructor = expr->target();
9919 HValue* check = Add<HCheckValue>(function, constructor);
9920
9921 // Force completion of inobject slack tracking before generating
9922 // allocation code to finalize instance size.
9923 if (constructor->IsInobjectSlackTrackingInProgress()) {
9924 constructor->CompleteInobjectSlackTracking();
9925 }
9926
9927 // Calculate instance size from initial map of constructor.
9928 DCHECK(constructor->has_initial_map());
9929 Handle<Map> initial_map(constructor->initial_map());
9930 int instance_size = initial_map->instance_size();
9931
9932 // Allocate an instance of the implicit receiver object.
9933 HValue* size_in_bytes = Add<HConstant>(instance_size);
9934 HAllocationMode allocation_mode;
9935 HAllocate* receiver = BuildAllocate(
9936 size_in_bytes, HType::JSObject(), JS_OBJECT_TYPE, allocation_mode);
9937 receiver->set_known_initial_map(initial_map);
9938
9939 // Initialize map and fields of the newly allocated object.
9940 { NoObservableSideEffectsScope no_effects(this);
9941 DCHECK(initial_map->instance_type() == JS_OBJECT_TYPE);
9942 Add<HStoreNamedField>(receiver,
9943 HObjectAccess::ForMapAndOffset(initial_map, JSObject::kMapOffset),
9944 Add<HConstant>(initial_map));
9945 HValue* empty_fixed_array = Add<HConstant>(factory->empty_fixed_array());
9946 Add<HStoreNamedField>(receiver,
9947 HObjectAccess::ForMapAndOffset(initial_map,
9948 JSObject::kPropertiesOffset),
9949 empty_fixed_array);
9950 Add<HStoreNamedField>(receiver,
9951 HObjectAccess::ForMapAndOffset(initial_map,
9952 JSObject::kElementsOffset),
9953 empty_fixed_array);
9954 BuildInitializeInobjectProperties(receiver, initial_map);
9955 }
9956
9957 // Replace the constructor function with a newly allocated receiver using
9958 // the index of the receiver from the top of the expression stack.
9959 const int receiver_index = argument_count - 1;
9960 DCHECK(environment()->ExpressionStackAt(receiver_index) == function);
9961 environment()->SetExpressionStackAt(receiver_index, receiver);
9962
9963 if (TryInlineConstruct(expr, receiver)) {
9964 // Inlining worked, add a dependency on the initial map to make sure that
9965 // this code is deoptimized whenever the initial map of the constructor
9966 // changes.
9967 top_info()->dependencies()->AssumeInitialMapCantChange(initial_map);
9968 return;
9969 }
9970
9971 // TODO(mstarzinger): For now we remove the previous HAllocate and all
9972 // corresponding instructions and instead add HPushArguments for the
9973 // arguments in case inlining failed. What we actually should do is for
9974 // inlining to try to build a subgraph without mutating the parent graph.
9975 HInstruction* instr = current_block()->last();
9976 do {
9977 HInstruction* prev_instr = instr->previous();
9978 instr->DeleteAndReplaceWith(NULL);
9979 instr = prev_instr;
9980 } while (instr != check);
9981 environment()->SetExpressionStackAt(receiver_index, function);
9982 HInstruction* call =
9983 PreProcessCall(New<HCallNew>(function, argument_count));
9984 return ast_context()->ReturnInstruction(call, expr->id());
9985 } else {
9986 // The constructor function is both an operand to the instruction and an
9987 // argument to the construct call.
9988 if (TryHandleArrayCallNew(expr, function)) return;
9989
9990 HInstruction* call =
9991 PreProcessCall(New<HCallNew>(function, argument_count));
9992 return ast_context()->ReturnInstruction(call, expr->id());
9993 }
9994 }
9995
9996
9997 void HOptimizedGraphBuilder::BuildInitializeInobjectProperties(
9998 HValue* receiver, Handle<Map> initial_map) {
9999 if (initial_map->GetInObjectProperties() != 0) {
10000 HConstant* undefined = graph()->GetConstantUndefined();
10001 for (int i = 0; i < initial_map->GetInObjectProperties(); i++) {
10002 int property_offset = initial_map->GetInObjectPropertyOffset(i);
10003 Add<HStoreNamedField>(receiver, HObjectAccess::ForMapAndOffset(
10004 initial_map, property_offset),
10005 undefined);
10006 }
10007 }
10008 }
10009
10010
10011 HValue* HGraphBuilder::BuildAllocateEmptyArrayBuffer(HValue* byte_length) {
10012 // We HForceRepresentation here to avoid allocations during an *-to-tagged
10013 // HChange that could cause GC while the array buffer object is not fully
10014 // initialized.
10015 HObjectAccess byte_length_access(HObjectAccess::ForJSArrayBufferByteLength());
10016 byte_length = AddUncasted<HForceRepresentation>(
10017 byte_length, byte_length_access.representation());
10018 HAllocate* result =
10019 BuildAllocate(Add<HConstant>(JSArrayBuffer::kSizeWithInternalFields),
10020 HType::JSObject(), JS_ARRAY_BUFFER_TYPE, HAllocationMode());
10021
10022 HValue* global_object = Add<HLoadNamedField>(
10023 context(), nullptr,
10024 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
10025 HValue* native_context = Add<HLoadNamedField>(
10026 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
10027 Add<HStoreNamedField>(
10028 result, HObjectAccess::ForMap(),
10029 Add<HLoadNamedField>(
10030 native_context, nullptr,
10031 HObjectAccess::ForContextSlot(Context::ARRAY_BUFFER_MAP_INDEX)));
10032
10033 HConstant* empty_fixed_array =
10034 Add<HConstant>(isolate()->factory()->empty_fixed_array());
10035 Add<HStoreNamedField>(
10036 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
10037 empty_fixed_array);
10038 Add<HStoreNamedField>(
10039 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
10040 empty_fixed_array);
10041 Add<HStoreNamedField>(
10042 result, HObjectAccess::ForJSArrayBufferBackingStore().WithRepresentation(
10043 Representation::Smi()),
10044 graph()->GetConstant0());
10045 Add<HStoreNamedField>(result, byte_length_access, byte_length);
10046 Add<HStoreNamedField>(result, HObjectAccess::ForJSArrayBufferBitFieldSlot(),
10047 graph()->GetConstant0());
10048 Add<HStoreNamedField>(
10049 result, HObjectAccess::ForJSArrayBufferBitField(),
10050 Add<HConstant>((1 << JSArrayBuffer::IsExternal::kShift) |
10051 (1 << JSArrayBuffer::IsNeuterable::kShift)));
10052
10053 for (int field = 0; field < v8::ArrayBuffer::kInternalFieldCount; ++field) {
10054 Add<HStoreNamedField>(
10055 result,
10056 HObjectAccess::ForObservableJSObjectOffset(
10057 JSArrayBuffer::kSize + field * kPointerSize, Representation::Smi()),
10058 graph()->GetConstant0());
10059 }
10060
10061 return result;
10062 }
10063
10064
10065 template <class ViewClass>
10066 void HGraphBuilder::BuildArrayBufferViewInitialization(
10067 HValue* obj,
10068 HValue* buffer,
10069 HValue* byte_offset,
10070 HValue* byte_length) {
10071
10072 for (int offset = ViewClass::kSize;
10073 offset < ViewClass::kSizeWithInternalFields;
10074 offset += kPointerSize) {
10075 Add<HStoreNamedField>(obj,
10076 HObjectAccess::ForObservableJSObjectOffset(offset),
10077 graph()->GetConstant0());
10078 }
10079
10080 Add<HStoreNamedField>(
10081 obj,
10082 HObjectAccess::ForJSArrayBufferViewByteOffset(),
10083 byte_offset);
10084 Add<HStoreNamedField>(
10085 obj,
10086 HObjectAccess::ForJSArrayBufferViewByteLength(),
10087 byte_length);
10088 Add<HStoreNamedField>(obj, HObjectAccess::ForJSArrayBufferViewBuffer(),
10089 buffer);
10090 }
10091
10092
10093 void HOptimizedGraphBuilder::GenerateDataViewInitialize(
10094 CallRuntime* expr) {
10095 ZoneList<Expression*>* arguments = expr->arguments();
10096
10097 DCHECK(arguments->length()== 4);
10098 CHECK_ALIVE(VisitForValue(arguments->at(0)));
10099 HValue* obj = Pop();
10100
10101 CHECK_ALIVE(VisitForValue(arguments->at(1)));
10102 HValue* buffer = Pop();
10103
10104 CHECK_ALIVE(VisitForValue(arguments->at(2)));
10105 HValue* byte_offset = Pop();
10106
10107 CHECK_ALIVE(VisitForValue(arguments->at(3)));
10108 HValue* byte_length = Pop();
10109
10110 {
10111 NoObservableSideEffectsScope scope(this);
10112 BuildArrayBufferViewInitialization<JSDataView>(
10113 obj, buffer, byte_offset, byte_length);
10114 }
10115 }
10116
10117
10118 static Handle<Map> TypedArrayMap(Isolate* isolate,
10119 ExternalArrayType array_type,
10120 ElementsKind target_kind) {
10121 Handle<Context> native_context = isolate->native_context();
10122 Handle<JSFunction> fun;
10123 switch (array_type) {
10124 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
10125 case kExternal##Type##Array: \
10126 fun = Handle<JSFunction>(native_context->type##_array_fun()); \
10127 break;
10128
10129 TYPED_ARRAYS(TYPED_ARRAY_CASE)
10130 #undef TYPED_ARRAY_CASE
10131 }
10132 Handle<Map> map(fun->initial_map());
10133 return Map::AsElementsKind(map, target_kind);
10134 }
10135
10136
10137 HValue* HOptimizedGraphBuilder::BuildAllocateExternalElements(
10138 ExternalArrayType array_type,
10139 bool is_zero_byte_offset,
10140 HValue* buffer, HValue* byte_offset, HValue* length) {
10141 Handle<Map> external_array_map(
10142 isolate()->heap()->MapForFixedTypedArray(array_type));
10143
10144 // The HForceRepresentation is to prevent possible deopt on int-smi
10145 // conversion after allocation but before the new object fields are set.
10146 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
10147 HValue* elements = Add<HAllocate>(
10148 Add<HConstant>(FixedTypedArrayBase::kHeaderSize), HType::HeapObject(),
10149 NOT_TENURED, external_array_map->instance_type());
10150
10151 AddStoreMapConstant(elements, external_array_map);
10152 Add<HStoreNamedField>(elements,
10153 HObjectAccess::ForFixedArrayLength(), length);
10154
10155 HValue* backing_store = Add<HLoadNamedField>(
10156 buffer, nullptr, HObjectAccess::ForJSArrayBufferBackingStore());
10157
10158 HValue* typed_array_start;
10159 if (is_zero_byte_offset) {
10160 typed_array_start = backing_store;
10161 } else {
10162 HInstruction* external_pointer =
10163 AddUncasted<HAdd>(backing_store, byte_offset);
10164 // Arguments are checked prior to call to TypedArrayInitialize,
10165 // including byte_offset.
10166 external_pointer->ClearFlag(HValue::kCanOverflow);
10167 typed_array_start = external_pointer;
10168 }
10169
10170 Add<HStoreNamedField>(elements,
10171 HObjectAccess::ForFixedTypedArrayBaseBasePointer(),
10172 graph()->GetConstant0());
10173 Add<HStoreNamedField>(elements,
10174 HObjectAccess::ForFixedTypedArrayBaseExternalPointer(),
10175 typed_array_start);
10176
10177 return elements;
10178 }
10179
10180
10181 HValue* HOptimizedGraphBuilder::BuildAllocateFixedTypedArray(
10182 ExternalArrayType array_type, size_t element_size,
10183 ElementsKind fixed_elements_kind, HValue* byte_length, HValue* length,
10184 bool initialize) {
10185 STATIC_ASSERT(
10186 (FixedTypedArrayBase::kHeaderSize & kObjectAlignmentMask) == 0);
10187 HValue* total_size;
10188
10189 // if fixed array's elements are not aligned to object's alignment,
10190 // we need to align the whole array to object alignment.
10191 if (element_size % kObjectAlignment != 0) {
10192 total_size = BuildObjectSizeAlignment(
10193 byte_length, FixedTypedArrayBase::kHeaderSize);
10194 } else {
10195 total_size = AddUncasted<HAdd>(byte_length,
10196 Add<HConstant>(FixedTypedArrayBase::kHeaderSize));
10197 total_size->ClearFlag(HValue::kCanOverflow);
10198 }
10199
10200 // The HForceRepresentation is to prevent possible deopt on int-smi
10201 // conversion after allocation but before the new object fields are set.
10202 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
10203 Handle<Map> fixed_typed_array_map(
10204 isolate()->heap()->MapForFixedTypedArray(array_type));
10205 HAllocate* elements =
10206 Add<HAllocate>(total_size, HType::HeapObject(), NOT_TENURED,
10207 fixed_typed_array_map->instance_type());
10208
10209 #ifndef V8_HOST_ARCH_64_BIT
10210 if (array_type == kExternalFloat64Array) {
10211 elements->MakeDoubleAligned();
10212 }
10213 #endif
10214
10215 AddStoreMapConstant(elements, fixed_typed_array_map);
10216
10217 Add<HStoreNamedField>(elements,
10218 HObjectAccess::ForFixedArrayLength(),
10219 length);
10220 Add<HStoreNamedField>(
10221 elements, HObjectAccess::ForFixedTypedArrayBaseBasePointer(), elements);
10222
10223 Add<HStoreNamedField>(
10224 elements, HObjectAccess::ForFixedTypedArrayBaseExternalPointer(),
10225 Add<HConstant>(ExternalReference::fixed_typed_array_base_data_offset()));
10226
10227 HValue* filler = Add<HConstant>(static_cast<int32_t>(0));
10228
10229 if (initialize) {
10230 LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
10231
10232 HValue* backing_store = AddUncasted<HAdd>(
10233 Add<HConstant>(ExternalReference::fixed_typed_array_base_data_offset()),
10234 elements, Strength::WEAK, AddOfExternalAndTagged);
10235
10236 HValue* key = builder.BeginBody(
10237 Add<HConstant>(static_cast<int32_t>(0)),
10238 length, Token::LT);
10239 Add<HStoreKeyed>(backing_store, key, filler, fixed_elements_kind);
10240
10241 builder.EndBody();
10242 }
10243 return elements;
10244 }
10245
10246
10247 void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
10248 CallRuntime* expr) {
10249 ZoneList<Expression*>* arguments = expr->arguments();
10250
10251 static const int kObjectArg = 0;
10252 static const int kArrayIdArg = 1;
10253 static const int kBufferArg = 2;
10254 static const int kByteOffsetArg = 3;
10255 static const int kByteLengthArg = 4;
10256 static const int kInitializeArg = 5;
10257 static const int kArgsLength = 6;
10258 DCHECK(arguments->length() == kArgsLength);
10259
10260
10261 CHECK_ALIVE(VisitForValue(arguments->at(kObjectArg)));
10262 HValue* obj = Pop();
10263
10264 if (!arguments->at(kArrayIdArg)->IsLiteral()) {
10265 // This should never happen in real use, but can happen when fuzzing.
10266 // Just bail out.
10267 Bailout(kNeedSmiLiteral);
10268 return;
10269 }
10270 Handle<Object> value =
10271 static_cast<Literal*>(arguments->at(kArrayIdArg))->value();
10272 if (!value->IsSmi()) {
10273 // This should never happen in real use, but can happen when fuzzing.
10274 // Just bail out.
10275 Bailout(kNeedSmiLiteral);
10276 return;
10277 }
10278 int array_id = Smi::cast(*value)->value();
10279
10280 HValue* buffer;
10281 if (!arguments->at(kBufferArg)->IsNullLiteral()) {
10282 CHECK_ALIVE(VisitForValue(arguments->at(kBufferArg)));
10283 buffer = Pop();
10284 } else {
10285 buffer = NULL;
10286 }
10287
10288 HValue* byte_offset;
10289 bool is_zero_byte_offset;
10290
10291 if (arguments->at(kByteOffsetArg)->IsLiteral()
10292 && Smi::FromInt(0) ==
10293 *static_cast<Literal*>(arguments->at(kByteOffsetArg))->value()) {
10294 byte_offset = Add<HConstant>(static_cast<int32_t>(0));
10295 is_zero_byte_offset = true;
10296 } else {
10297 CHECK_ALIVE(VisitForValue(arguments->at(kByteOffsetArg)));
10298 byte_offset = Pop();
10299 is_zero_byte_offset = false;
10300 DCHECK(buffer != NULL);
10301 }
10302
10303 CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
10304 HValue* byte_length = Pop();
10305
10306 CHECK(arguments->at(kInitializeArg)->IsLiteral());
10307 bool initialize = static_cast<Literal*>(arguments->at(kInitializeArg))
10308 ->value()
10309 ->BooleanValue();
10310
10311 NoObservableSideEffectsScope scope(this);
10312 IfBuilder byte_offset_smi(this);
10313
10314 if (!is_zero_byte_offset) {
10315 byte_offset_smi.If<HIsSmiAndBranch>(byte_offset);
10316 byte_offset_smi.Then();
10317 }
10318
10319 ExternalArrayType array_type =
10320 kExternalInt8Array; // Bogus initialization.
10321 size_t element_size = 1; // Bogus initialization.
10322 ElementsKind fixed_elements_kind = // Bogus initialization.
10323 INT8_ELEMENTS;
10324 Runtime::ArrayIdToTypeAndSize(array_id,
10325 &array_type,
10326 &fixed_elements_kind,
10327 &element_size);
10328
10329
10330 { // byte_offset is Smi.
10331 HValue* allocated_buffer = buffer;
10332 if (buffer == NULL) {
10333 allocated_buffer = BuildAllocateEmptyArrayBuffer(byte_length);
10334 }
10335 BuildArrayBufferViewInitialization<JSTypedArray>(obj, allocated_buffer,
10336 byte_offset, byte_length);
10337
10338
10339 HInstruction* length = AddUncasted<HDiv>(byte_length,
10340 Add<HConstant>(static_cast<int32_t>(element_size)));
10341
10342 Add<HStoreNamedField>(obj,
10343 HObjectAccess::ForJSTypedArrayLength(),
10344 length);
10345
10346 HValue* elements;
10347 if (buffer != NULL) {
10348 elements = BuildAllocateExternalElements(
10349 array_type, is_zero_byte_offset, buffer, byte_offset, length);
10350 Handle<Map> obj_map =
10351 TypedArrayMap(isolate(), array_type, fixed_elements_kind);
10352 AddStoreMapConstant(obj, obj_map);
10353 } else {
10354 DCHECK(is_zero_byte_offset);
10355 elements = BuildAllocateFixedTypedArray(array_type, element_size,
10356 fixed_elements_kind, byte_length,
10357 length, initialize);
10358 }
10359 Add<HStoreNamedField>(
10360 obj, HObjectAccess::ForElementsPointer(), elements);
10361 }
10362
10363 if (!is_zero_byte_offset) {
10364 byte_offset_smi.Else();
10365 { // byte_offset is not Smi.
10366 Push(obj);
10367 CHECK_ALIVE(VisitForValue(arguments->at(kArrayIdArg)));
10368 Push(buffer);
10369 Push(byte_offset);
10370 Push(byte_length);
10371 CHECK_ALIVE(VisitForValue(arguments->at(kInitializeArg)));
10372 PushArgumentsFromEnvironment(kArgsLength);
10373 Add<HCallRuntime>(expr->function(), kArgsLength);
10374 }
10375 }
10376 byte_offset_smi.End();
10377 }
10378
10379
10380 void HOptimizedGraphBuilder::GenerateMaxSmi(CallRuntime* expr) {
10381 DCHECK(expr->arguments()->length() == 0);
10382 HConstant* max_smi = New<HConstant>(static_cast<int32_t>(Smi::kMaxValue));
10383 return ast_context()->ReturnInstruction(max_smi, expr->id());
10384 }
10385
10386
10387 void HOptimizedGraphBuilder::GenerateTypedArrayMaxSizeInHeap(
10388 CallRuntime* expr) {
10389 DCHECK(expr->arguments()->length() == 0);
10390 HConstant* result = New<HConstant>(static_cast<int32_t>(
10391 FLAG_typed_array_max_size_in_heap));
10392 return ast_context()->ReturnInstruction(result, expr->id());
10393 }
10394
10395
10396 void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
10397 CallRuntime* expr) {
10398 DCHECK(expr->arguments()->length() == 1);
10399 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10400 HValue* buffer = Pop();
10401 HInstruction* result = New<HLoadNamedField>(
10402 buffer, nullptr, HObjectAccess::ForJSArrayBufferByteLength());
10403 return ast_context()->ReturnInstruction(result, expr->id());
10404 }
10405
10406
10407 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteLength(
10408 CallRuntime* expr) {
10409 NoObservableSideEffectsScope scope(this);
10410 DCHECK(expr->arguments()->length() == 1);
10411 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10412 HValue* view = Pop();
10413
10414 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10415 view, nullptr,
10416 FieldIndex::ForInObjectOffset(JSArrayBufferView::kByteLengthOffset)));
10417 }
10418
10419
10420 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteOffset(
10421 CallRuntime* expr) {
10422 NoObservableSideEffectsScope scope(this);
10423 DCHECK(expr->arguments()->length() == 1);
10424 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10425 HValue* view = Pop();
10426
10427 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10428 view, nullptr,
10429 FieldIndex::ForInObjectOffset(JSArrayBufferView::kByteOffsetOffset)));
10430 }
10431
10432
10433 void HOptimizedGraphBuilder::GenerateTypedArrayGetLength(
10434 CallRuntime* expr) {
10435 NoObservableSideEffectsScope scope(this);
10436 DCHECK(expr->arguments()->length() == 1);
10437 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10438 HValue* view = Pop();
10439
10440 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10441 view, nullptr,
10442 FieldIndex::ForInObjectOffset(JSTypedArray::kLengthOffset)));
10443 }
10444
10445
10446 void HOptimizedGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
10447 DCHECK(!HasStackOverflow());
10448 DCHECK(current_block() != NULL);
10449 DCHECK(current_block()->HasPredecessor());
10450 if (expr->is_jsruntime()) {
10451 return Bailout(kCallToAJavaScriptRuntimeFunction);
10452 }
10453
10454 const Runtime::Function* function = expr->function();
10455 DCHECK(function != NULL);
10456 switch (function->function_id) {
10457 #define CALL_INTRINSIC_GENERATOR(Name) \
10458 case Runtime::kInline##Name: \
10459 return Generate##Name(expr);
10460
10461 FOR_EACH_HYDROGEN_INTRINSIC(CALL_INTRINSIC_GENERATOR)
10462 #undef CALL_INTRINSIC_GENERATOR
10463 default: {
10464 int argument_count = expr->arguments()->length();
10465 CHECK_ALIVE(VisitExpressions(expr->arguments()));
10466 PushArgumentsFromEnvironment(argument_count);
10467 HCallRuntime* call = New<HCallRuntime>(function, argument_count);
10468 return ast_context()->ReturnInstruction(call, expr->id());
10469 }
10470 }
10471 }
10472
10473
10474 void HOptimizedGraphBuilder::VisitUnaryOperation(UnaryOperation* expr) {
10475 DCHECK(!HasStackOverflow());
10476 DCHECK(current_block() != NULL);
10477 DCHECK(current_block()->HasPredecessor());
10478 switch (expr->op()) {
10479 case Token::DELETE: return VisitDelete(expr);
10480 case Token::VOID: return VisitVoid(expr);
10481 case Token::TYPEOF: return VisitTypeof(expr);
10482 case Token::NOT: return VisitNot(expr);
10483 default: UNREACHABLE();
10484 }
10485 }
10486
10487
10488 void HOptimizedGraphBuilder::VisitDelete(UnaryOperation* expr) {
10489 Property* prop = expr->expression()->AsProperty();
10490 VariableProxy* proxy = expr->expression()->AsVariableProxy();
10491 if (prop != NULL) {
10492 CHECK_ALIVE(VisitForValue(prop->obj()));
10493 CHECK_ALIVE(VisitForValue(prop->key()));
10494 HValue* key = Pop();
10495 HValue* obj = Pop();
10496 Add<HPushArguments>(obj, key);
10497 HInstruction* instr = New<HCallRuntime>(
10498 Runtime::FunctionForId(is_strict(function_language_mode())
10499 ? Runtime::kDeleteProperty_Strict
10500 : Runtime::kDeleteProperty_Sloppy),
10501 2);
10502 return ast_context()->ReturnInstruction(instr, expr->id());
10503 } else if (proxy != NULL) {
10504 Variable* var = proxy->var();
10505 if (var->IsUnallocatedOrGlobalSlot()) {
10506 Bailout(kDeleteWithGlobalVariable);
10507 } else if (var->IsStackAllocated() || var->IsContextSlot()) {
10508 // Result of deleting non-global variables is false. 'this' is not really
10509 // a variable, though we implement it as one. The subexpression does not
10510 // have side effects.
10511 HValue* value = var->HasThisName(isolate()) ? graph()->GetConstantTrue()
10512 : graph()->GetConstantFalse();
10513 return ast_context()->ReturnValue(value);
10514 } else {
10515 Bailout(kDeleteWithNonGlobalVariable);
10516 }
10517 } else {
10518 // Result of deleting non-property, non-variable reference is true.
10519 // Evaluate the subexpression for side effects.
10520 CHECK_ALIVE(VisitForEffect(expr->expression()));
10521 return ast_context()->ReturnValue(graph()->GetConstantTrue());
10522 }
10523 }
10524
10525
10526 void HOptimizedGraphBuilder::VisitVoid(UnaryOperation* expr) {
10527 CHECK_ALIVE(VisitForEffect(expr->expression()));
10528 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
10529 }
10530
10531
10532 void HOptimizedGraphBuilder::VisitTypeof(UnaryOperation* expr) {
10533 CHECK_ALIVE(VisitForTypeOf(expr->expression()));
10534 HValue* value = Pop();
10535 HInstruction* instr = New<HTypeof>(value);
10536 return ast_context()->ReturnInstruction(instr, expr->id());
10537 }
10538
10539
10540 void HOptimizedGraphBuilder::VisitNot(UnaryOperation* expr) {
10541 if (ast_context()->IsTest()) {
10542 TestContext* context = TestContext::cast(ast_context());
10543 VisitForControl(expr->expression(),
10544 context->if_false(),
10545 context->if_true());
10546 return;
10547 }
10548
10549 if (ast_context()->IsEffect()) {
10550 VisitForEffect(expr->expression());
10551 return;
10552 }
10553
10554 DCHECK(ast_context()->IsValue());
10555 HBasicBlock* materialize_false = graph()->CreateBasicBlock();
10556 HBasicBlock* materialize_true = graph()->CreateBasicBlock();
10557 CHECK_BAILOUT(VisitForControl(expr->expression(),
10558 materialize_false,
10559 materialize_true));
10560
10561 if (materialize_false->HasPredecessor()) {
10562 materialize_false->SetJoinId(expr->MaterializeFalseId());
10563 set_current_block(materialize_false);
10564 Push(graph()->GetConstantFalse());
10565 } else {
10566 materialize_false = NULL;
10567 }
10568
10569 if (materialize_true->HasPredecessor()) {
10570 materialize_true->SetJoinId(expr->MaterializeTrueId());
10571 set_current_block(materialize_true);
10572 Push(graph()->GetConstantTrue());
10573 } else {
10574 materialize_true = NULL;
10575 }
10576
10577 HBasicBlock* join =
10578 CreateJoin(materialize_false, materialize_true, expr->id());
10579 set_current_block(join);
10580 if (join != NULL) return ast_context()->ReturnValue(Pop());
10581 }
10582
10583
10584 static Representation RepresentationFor(Type* type) {
10585 DisallowHeapAllocation no_allocation;
10586 if (type->Is(Type::None())) return Representation::None();
10587 if (type->Is(Type::SignedSmall())) return Representation::Smi();
10588 if (type->Is(Type::Signed32())) return Representation::Integer32();
10589 if (type->Is(Type::Number())) return Representation::Double();
10590 return Representation::Tagged();
10591 }
10592
10593
10594 HInstruction* HOptimizedGraphBuilder::BuildIncrement(
10595 bool returns_original_input,
10596 CountOperation* expr) {
10597 // The input to the count operation is on top of the expression stack.
10598 Representation rep = RepresentationFor(expr->type());
10599 if (rep.IsNone() || rep.IsTagged()) {
10600 rep = Representation::Smi();
10601 }
10602
10603 if (returns_original_input && !is_strong(function_language_mode())) {
10604 // We need an explicit HValue representing ToNumber(input). The
10605 // actual HChange instruction we need is (sometimes) added in a later
10606 // phase, so it is not available now to be used as an input to HAdd and
10607 // as the return value.
10608 HInstruction* number_input = AddUncasted<HForceRepresentation>(Pop(), rep);
10609 if (!rep.IsDouble()) {
10610 number_input->SetFlag(HInstruction::kFlexibleRepresentation);
10611 number_input->SetFlag(HInstruction::kCannotBeTagged);
10612 }
10613 Push(number_input);
10614 }
10615
10616 // The addition has no side effects, so we do not need
10617 // to simulate the expression stack after this instruction.
10618 // Any later failures deopt to the load of the input or earlier.
10619 HConstant* delta = (expr->op() == Token::INC)
10620 ? graph()->GetConstant1()
10621 : graph()->GetConstantMinus1();
10622 HInstruction* instr =
10623 AddUncasted<HAdd>(Top(), delta, strength(function_language_mode()));
10624 if (instr->IsAdd()) {
10625 HAdd* add = HAdd::cast(instr);
10626 add->set_observed_input_representation(1, rep);
10627 add->set_observed_input_representation(2, Representation::Smi());
10628 }
10629 if (!is_strong(function_language_mode())) {
10630 instr->ClearAllSideEffects();
10631 } else {
10632 Add<HSimulate>(expr->ToNumberId(), REMOVABLE_SIMULATE);
10633 }
10634 instr->SetFlag(HInstruction::kCannotBeTagged);
10635 return instr;
10636 }
10637
10638
10639 void HOptimizedGraphBuilder::BuildStoreForEffect(
10640 Expression* expr, Property* prop, FeedbackVectorSlot slot, BailoutId ast_id,
10641 BailoutId return_id, HValue* object, HValue* key, HValue* value) {
10642 EffectContext for_effect(this);
10643 Push(object);
10644 if (key != NULL) Push(key);
10645 Push(value);
10646 BuildStore(expr, prop, slot, ast_id, return_id);
10647 }
10648
10649
10650 void HOptimizedGraphBuilder::VisitCountOperation(CountOperation* expr) {
10651 DCHECK(!HasStackOverflow());
10652 DCHECK(current_block() != NULL);
10653 DCHECK(current_block()->HasPredecessor());
10654 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
10655 Expression* target = expr->expression();
10656 VariableProxy* proxy = target->AsVariableProxy();
10657 Property* prop = target->AsProperty();
10658 if (proxy == NULL && prop == NULL) {
10659 return Bailout(kInvalidLhsInCountOperation);
10660 }
10661
10662 // Match the full code generator stack by simulating an extra stack
10663 // element for postfix operations in a non-effect context. The return
10664 // value is ToNumber(input).
10665 bool returns_original_input =
10666 expr->is_postfix() && !ast_context()->IsEffect();
10667 HValue* input = NULL; // ToNumber(original_input).
10668 HValue* after = NULL; // The result after incrementing or decrementing.
10669
10670 if (proxy != NULL) {
10671 Variable* var = proxy->var();
10672 if (var->mode() == CONST_LEGACY) {
10673 return Bailout(kUnsupportedCountOperationWithConst);
10674 }
10675 if (var->mode() == CONST) {
10676 return Bailout(kNonInitializerAssignmentToConst);
10677 }
10678 // Argument of the count operation is a variable, not a property.
10679 DCHECK(prop == NULL);
10680 CHECK_ALIVE(VisitForValue(target));
10681
10682 after = BuildIncrement(returns_original_input, expr);
10683 input = returns_original_input ? Top() : Pop();
10684 Push(after);
10685
10686 switch (var->location()) {
10687 case VariableLocation::GLOBAL:
10688 case VariableLocation::UNALLOCATED:
10689 HandleGlobalVariableAssignment(var, after, expr->CountSlot(),
10690 expr->AssignmentId());
10691 break;
10692
10693 case VariableLocation::PARAMETER:
10694 case VariableLocation::LOCAL:
10695 BindIfLive(var, after);
10696 break;
10697
10698 case VariableLocation::CONTEXT: {
10699 // Bail out if we try to mutate a parameter value in a function
10700 // using the arguments object. We do not (yet) correctly handle the
10701 // arguments property of the function.
10702 if (current_info()->scope()->arguments() != NULL) {
10703 // Parameters will rewrite to context slots. We have no direct
10704 // way to detect that the variable is a parameter so we use a
10705 // linear search of the parameter list.
10706 int count = current_info()->scope()->num_parameters();
10707 for (int i = 0; i < count; ++i) {
10708 if (var == current_info()->scope()->parameter(i)) {
10709 return Bailout(kAssignmentToParameterInArgumentsObject);
10710 }
10711 }
10712 }
10713
10714 HValue* context = BuildContextChainWalk(var);
10715 HStoreContextSlot::Mode mode = IsLexicalVariableMode(var->mode())
10716 ? HStoreContextSlot::kCheckDeoptimize : HStoreContextSlot::kNoCheck;
10717 HStoreContextSlot* instr = Add<HStoreContextSlot>(context, var->index(),
10718 mode, after);
10719 if (instr->HasObservableSideEffects()) {
10720 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
10721 }
10722 break;
10723 }
10724
10725 case VariableLocation::LOOKUP:
10726 return Bailout(kLookupVariableInCountOperation);
10727 }
10728
10729 Drop(returns_original_input ? 2 : 1);
10730 return ast_context()->ReturnValue(expr->is_postfix() ? input : after);
10731 }
10732
10733 // Argument of the count operation is a property.
10734 DCHECK(prop != NULL);
10735 if (returns_original_input) Push(graph()->GetConstantUndefined());
10736
10737 CHECK_ALIVE(VisitForValue(prop->obj()));
10738 HValue* object = Top();
10739
10740 HValue* key = NULL;
10741 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
10742 CHECK_ALIVE(VisitForValue(prop->key()));
10743 key = Top();
10744 }
10745
10746 CHECK_ALIVE(PushLoad(prop, object, key));
10747
10748 after = BuildIncrement(returns_original_input, expr);
10749
10750 if (returns_original_input) {
10751 input = Pop();
10752 // Drop object and key to push it again in the effect context below.
10753 Drop(key == NULL ? 1 : 2);
10754 environment()->SetExpressionStackAt(0, input);
10755 CHECK_ALIVE(BuildStoreForEffect(expr, prop, expr->CountSlot(), expr->id(),
10756 expr->AssignmentId(), object, key, after));
10757 return ast_context()->ReturnValue(Pop());
10758 }
10759
10760 environment()->SetExpressionStackAt(0, after);
10761 return BuildStore(expr, prop, expr->CountSlot(), expr->id(),
10762 expr->AssignmentId());
10763 }
10764
10765
10766 HInstruction* HOptimizedGraphBuilder::BuildStringCharCodeAt(
10767 HValue* string,
10768 HValue* index) {
10769 if (string->IsConstant() && index->IsConstant()) {
10770 HConstant* c_string = HConstant::cast(string);
10771 HConstant* c_index = HConstant::cast(index);
10772 if (c_string->HasStringValue() && c_index->HasNumberValue()) {
10773 int32_t i = c_index->NumberValueAsInteger32();
10774 Handle<String> s = c_string->StringValue();
10775 if (i < 0 || i >= s->length()) {
10776 return New<HConstant>(std::numeric_limits<double>::quiet_NaN());
10777 }
10778 return New<HConstant>(s->Get(i));
10779 }
10780 }
10781 string = BuildCheckString(string);
10782 index = Add<HBoundsCheck>(index, AddLoadStringLength(string));
10783 return New<HStringCharCodeAt>(string, index);
10784 }
10785
10786
10787 // Checks if the given shift amounts have following forms:
10788 // (N1) and (N2) with N1 + N2 = 32; (sa) and (32 - sa).
10789 static bool ShiftAmountsAllowReplaceByRotate(HValue* sa,
10790 HValue* const32_minus_sa) {
10791 if (sa->IsConstant() && const32_minus_sa->IsConstant()) {
10792 const HConstant* c1 = HConstant::cast(sa);
10793 const HConstant* c2 = HConstant::cast(const32_minus_sa);
10794 return c1->HasInteger32Value() && c2->HasInteger32Value() &&
10795 (c1->Integer32Value() + c2->Integer32Value() == 32);
10796 }
10797 if (!const32_minus_sa->IsSub()) return false;
10798 HSub* sub = HSub::cast(const32_minus_sa);
10799 return sub->left()->EqualsInteger32Constant(32) && sub->right() == sa;
10800 }
10801
10802
10803 // Checks if the left and the right are shift instructions with the oposite
10804 // directions that can be replaced by one rotate right instruction or not.
10805 // Returns the operand and the shift amount for the rotate instruction in the
10806 // former case.
10807 bool HGraphBuilder::MatchRotateRight(HValue* left,
10808 HValue* right,
10809 HValue** operand,
10810 HValue** shift_amount) {
10811 HShl* shl;
10812 HShr* shr;
10813 if (left->IsShl() && right->IsShr()) {
10814 shl = HShl::cast(left);
10815 shr = HShr::cast(right);
10816 } else if (left->IsShr() && right->IsShl()) {
10817 shl = HShl::cast(right);
10818 shr = HShr::cast(left);
10819 } else {
10820 return false;
10821 }
10822 if (shl->left() != shr->left()) return false;
10823
10824 if (!ShiftAmountsAllowReplaceByRotate(shl->right(), shr->right()) &&
10825 !ShiftAmountsAllowReplaceByRotate(shr->right(), shl->right())) {
10826 return false;
10827 }
10828 *operand = shr->left();
10829 *shift_amount = shr->right();
10830 return true;
10831 }
10832
10833
10834 bool CanBeZero(HValue* right) {
10835 if (right->IsConstant()) {
10836 HConstant* right_const = HConstant::cast(right);
10837 if (right_const->HasInteger32Value() &&
10838 (right_const->Integer32Value() & 0x1f) != 0) {
10839 return false;
10840 }
10841 }
10842 return true;
10843 }
10844
10845
10846 HValue* HGraphBuilder::EnforceNumberType(HValue* number,
10847 Type* expected) {
10848 if (expected->Is(Type::SignedSmall())) {
10849 return AddUncasted<HForceRepresentation>(number, Representation::Smi());
10850 }
10851 if (expected->Is(Type::Signed32())) {
10852 return AddUncasted<HForceRepresentation>(number,
10853 Representation::Integer32());
10854 }
10855 return number;
10856 }
10857
10858
10859 HValue* HGraphBuilder::TruncateToNumber(HValue* value, Type** expected) {
10860 if (value->IsConstant()) {
10861 HConstant* constant = HConstant::cast(value);
10862 Maybe<HConstant*> number =
10863 constant->CopyToTruncatedNumber(isolate(), zone());
10864 if (number.IsJust()) {
10865 *expected = Type::Number(zone());
10866 return AddInstruction(number.FromJust());
10867 }
10868 }
10869
10870 // We put temporary values on the stack, which don't correspond to anything
10871 // in baseline code. Since nothing is observable we avoid recording those
10872 // pushes with a NoObservableSideEffectsScope.
10873 NoObservableSideEffectsScope no_effects(this);
10874
10875 Type* expected_type = *expected;
10876
10877 // Separate the number type from the rest.
10878 Type* expected_obj =
10879 Type::Intersect(expected_type, Type::NonNumber(zone()), zone());
10880 Type* expected_number =
10881 Type::Intersect(expected_type, Type::Number(zone()), zone());
10882
10883 // We expect to get a number.
10884 // (We need to check first, since Type::None->Is(Type::Any()) == true.
10885 if (expected_obj->Is(Type::None())) {
10886 DCHECK(!expected_number->Is(Type::None(zone())));
10887 return value;
10888 }
10889
10890 if (expected_obj->Is(Type::Undefined(zone()))) {
10891 // This is already done by HChange.
10892 *expected = Type::Union(expected_number, Type::Number(zone()), zone());
10893 return value;
10894 }
10895
10896 return value;
10897 }
10898
10899
10900 HValue* HOptimizedGraphBuilder::BuildBinaryOperation(
10901 BinaryOperation* expr,
10902 HValue* left,
10903 HValue* right,
10904 PushBeforeSimulateBehavior push_sim_result) {
10905 Type* left_type = expr->left()->bounds().lower;
10906 Type* right_type = expr->right()->bounds().lower;
10907 Type* result_type = expr->bounds().lower;
10908 Maybe<int> fixed_right_arg = expr->fixed_right_arg();
10909 Handle<AllocationSite> allocation_site = expr->allocation_site();
10910
10911 HAllocationMode allocation_mode;
10912 if (FLAG_allocation_site_pretenuring && !allocation_site.is_null()) {
10913 allocation_mode = HAllocationMode(allocation_site);
10914 }
10915 HValue* result = HGraphBuilder::BuildBinaryOperation(
10916 expr->op(), left, right, left_type, right_type, result_type,
10917 fixed_right_arg, allocation_mode, strength(function_language_mode()),
10918 expr->id());
10919 // Add a simulate after instructions with observable side effects, and
10920 // after phis, which are the result of BuildBinaryOperation when we
10921 // inlined some complex subgraph.
10922 if (result->HasObservableSideEffects() || result->IsPhi()) {
10923 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
10924 Push(result);
10925 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10926 Drop(1);
10927 } else {
10928 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10929 }
10930 }
10931 return result;
10932 }
10933
10934
10935 HValue* HGraphBuilder::BuildBinaryOperation(
10936 Token::Value op, HValue* left, HValue* right, Type* left_type,
10937 Type* right_type, Type* result_type, Maybe<int> fixed_right_arg,
10938 HAllocationMode allocation_mode, Strength strength, BailoutId opt_id) {
10939 bool maybe_string_add = false;
10940 if (op == Token::ADD) {
10941 // If we are adding constant string with something for which we don't have
10942 // a feedback yet, assume that it's also going to be a string and don't
10943 // generate deopt instructions.
10944 if (!left_type->IsInhabited() && right->IsConstant() &&
10945 HConstant::cast(right)->HasStringValue()) {
10946 left_type = Type::String();
10947 }
10948
10949 if (!right_type->IsInhabited() && left->IsConstant() &&
10950 HConstant::cast(left)->HasStringValue()) {
10951 right_type = Type::String();
10952 }
10953
10954 maybe_string_add = (left_type->Maybe(Type::String()) ||
10955 left_type->Maybe(Type::Receiver()) ||
10956 right_type->Maybe(Type::String()) ||
10957 right_type->Maybe(Type::Receiver()));
10958 }
10959
10960 Representation left_rep = RepresentationFor(left_type);
10961 Representation right_rep = RepresentationFor(right_type);
10962
10963 if (!left_type->IsInhabited()) {
10964 Add<HDeoptimize>(
10965 Deoptimizer::kInsufficientTypeFeedbackForLHSOfBinaryOperation,
10966 Deoptimizer::SOFT);
10967 left_type = Type::Any(zone());
10968 left_rep = RepresentationFor(left_type);
10969 maybe_string_add = op == Token::ADD;
10970 }
10971
10972 if (!right_type->IsInhabited()) {
10973 Add<HDeoptimize>(
10974 Deoptimizer::kInsufficientTypeFeedbackForRHSOfBinaryOperation,
10975 Deoptimizer::SOFT);
10976 right_type = Type::Any(zone());
10977 right_rep = RepresentationFor(right_type);
10978 maybe_string_add = op == Token::ADD;
10979 }
10980
10981 if (!maybe_string_add && !is_strong(strength)) {
10982 left = TruncateToNumber(left, &left_type);
10983 right = TruncateToNumber(right, &right_type);
10984 }
10985
10986 // Special case for string addition here.
10987 if (op == Token::ADD &&
10988 (left_type->Is(Type::String()) || right_type->Is(Type::String()))) {
10989 if (is_strong(strength)) {
10990 // In strong mode, if the one side of an addition is a string,
10991 // the other side must be a string too.
10992 left = BuildCheckString(left);
10993 right = BuildCheckString(right);
10994 } else {
10995 // Validate type feedback for left argument.
10996 if (left_type->Is(Type::String())) {
10997 left = BuildCheckString(left);
10998 }
10999
11000 // Validate type feedback for right argument.
11001 if (right_type->Is(Type::String())) {
11002 right = BuildCheckString(right);
11003 }
11004
11005 // Convert left argument as necessary.
11006 if (left_type->Is(Type::Number())) {
11007 DCHECK(right_type->Is(Type::String()));
11008 left = BuildNumberToString(left, left_type);
11009 } else if (!left_type->Is(Type::String())) {
11010 DCHECK(right_type->Is(Type::String()));
11011 return AddUncasted<HStringAdd>(
11012 left, right, allocation_mode.GetPretenureMode(),
11013 STRING_ADD_CONVERT_LEFT, allocation_mode.feedback_site());
11014 }
11015
11016 // Convert right argument as necessary.
11017 if (right_type->Is(Type::Number())) {
11018 DCHECK(left_type->Is(Type::String()));
11019 right = BuildNumberToString(right, right_type);
11020 } else if (!right_type->Is(Type::String())) {
11021 DCHECK(left_type->Is(Type::String()));
11022 return AddUncasted<HStringAdd>(
11023 left, right, allocation_mode.GetPretenureMode(),
11024 STRING_ADD_CONVERT_RIGHT, allocation_mode.feedback_site());
11025 }
11026 }
11027
11028 // Fast paths for empty constant strings.
11029 Handle<String> left_string =
11030 left->IsConstant() && HConstant::cast(left)->HasStringValue()
11031 ? HConstant::cast(left)->StringValue()
11032 : Handle<String>();
11033 Handle<String> right_string =
11034 right->IsConstant() && HConstant::cast(right)->HasStringValue()
11035 ? HConstant::cast(right)->StringValue()
11036 : Handle<String>();
11037 if (!left_string.is_null() && left_string->length() == 0) return right;
11038 if (!right_string.is_null() && right_string->length() == 0) return left;
11039 if (!left_string.is_null() && !right_string.is_null()) {
11040 return AddUncasted<HStringAdd>(
11041 left, right, allocation_mode.GetPretenureMode(),
11042 STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
11043 }
11044
11045 // Register the dependent code with the allocation site.
11046 if (!allocation_mode.feedback_site().is_null()) {
11047 DCHECK(!graph()->info()->IsStub());
11048 Handle<AllocationSite> site(allocation_mode.feedback_site());
11049 top_info()->dependencies()->AssumeTenuringDecision(site);
11050 }
11051
11052 // Inline the string addition into the stub when creating allocation
11053 // mementos to gather allocation site feedback, or if we can statically
11054 // infer that we're going to create a cons string.
11055 if ((graph()->info()->IsStub() &&
11056 allocation_mode.CreateAllocationMementos()) ||
11057 (left->IsConstant() &&
11058 HConstant::cast(left)->HasStringValue() &&
11059 HConstant::cast(left)->StringValue()->length() + 1 >=
11060 ConsString::kMinLength) ||
11061 (right->IsConstant() &&
11062 HConstant::cast(right)->HasStringValue() &&
11063 HConstant::cast(right)->StringValue()->length() + 1 >=
11064 ConsString::kMinLength)) {
11065 return BuildStringAdd(left, right, allocation_mode);
11066 }
11067
11068 // Fallback to using the string add stub.
11069 return AddUncasted<HStringAdd>(
11070 left, right, allocation_mode.GetPretenureMode(), STRING_ADD_CHECK_NONE,
11071 allocation_mode.feedback_site());
11072 }
11073
11074 if (graph()->info()->IsStub()) {
11075 left = EnforceNumberType(left, left_type);
11076 right = EnforceNumberType(right, right_type);
11077 }
11078
11079 Representation result_rep = RepresentationFor(result_type);
11080
11081 bool is_non_primitive = (left_rep.IsTagged() && !left_rep.IsSmi()) ||
11082 (right_rep.IsTagged() && !right_rep.IsSmi());
11083
11084 HInstruction* instr = NULL;
11085 // Only the stub is allowed to call into the runtime, since otherwise we would
11086 // inline several instructions (including the two pushes) for every tagged
11087 // operation in optimized code, which is more expensive, than a stub call.
11088 if (graph()->info()->IsStub() && is_non_primitive) {
11089 Runtime::FunctionId function_id;
11090 switch (op) {
11091 default:
11092 UNREACHABLE();
11093 case Token::ADD:
11094 function_id =
11095 is_strong(strength) ? Runtime::kAdd_Strong : Runtime::kAdd;
11096 break;
11097 case Token::SUB:
11098 function_id = is_strong(strength) ? Runtime::kSubtract_Strong
11099 : Runtime::kSubtract;
11100 break;
11101 case Token::MUL:
11102 function_id = is_strong(strength) ? Runtime::kMultiply_Strong
11103 : Runtime::kMultiply;
11104 break;
11105 case Token::DIV:
11106 function_id =
11107 is_strong(strength) ? Runtime::kDivide_Strong : Runtime::kDivide;
11108 break;
11109 case Token::MOD:
11110 function_id =
11111 is_strong(strength) ? Runtime::kModulus_Strong : Runtime::kModulus;
11112 break;
11113 case Token::BIT_OR:
11114 function_id = is_strong(strength) ? Runtime::kBitwiseOr_Strong
11115 : Runtime::kBitwiseOr;
11116 break;
11117 case Token::BIT_AND:
11118 function_id = is_strong(strength) ? Runtime::kBitwiseAnd_Strong
11119 : Runtime::kBitwiseAnd;
11120 break;
11121 case Token::BIT_XOR:
11122 function_id = is_strong(strength) ? Runtime::kBitwiseXor_Strong
11123 : Runtime::kBitwiseXor;
11124 break;
11125 case Token::SAR:
11126 function_id = is_strong(strength) ? Runtime::kShiftRight_Strong
11127 : Runtime::kShiftRight;
11128 break;
11129 case Token::SHR:
11130 function_id = is_strong(strength) ? Runtime::kShiftRightLogical_Strong
11131 : Runtime::kShiftRightLogical;
11132 break;
11133 case Token::SHL:
11134 function_id = is_strong(strength) ? Runtime::kShiftLeft_Strong
11135 : Runtime::kShiftLeft;
11136 break;
11137 }
11138 Add<HPushArguments>(left, right);
11139 instr = AddUncasted<HCallRuntime>(Runtime::FunctionForId(function_id), 2);
11140 } else {
11141 if (is_strong(strength) && Token::IsBitOp(op)) {
11142 // TODO(conradw): This is not efficient, but is necessary to prevent
11143 // conversion of oddball values to numbers in strong mode. It would be
11144 // better to prevent the conversion rather than adding a runtime check.
11145 IfBuilder if_builder(this);
11146 if_builder.If<HHasInstanceTypeAndBranch>(left, ODDBALL_TYPE);
11147 if_builder.OrIf<HHasInstanceTypeAndBranch>(right, ODDBALL_TYPE);
11148 if_builder.Then();
11149 Add<HCallRuntime>(
11150 Runtime::FunctionForId(Runtime::kThrowStrongModeImplicitConversion),
11151 0);
11152 if (!graph()->info()->IsStub()) {
11153 Add<HSimulate>(opt_id, REMOVABLE_SIMULATE);
11154 }
11155 if_builder.End();
11156 }
11157 switch (op) {
11158 case Token::ADD:
11159 instr = AddUncasted<HAdd>(left, right, strength);
11160 break;
11161 case Token::SUB:
11162 instr = AddUncasted<HSub>(left, right, strength);
11163 break;
11164 case Token::MUL:
11165 instr = AddUncasted<HMul>(left, right, strength);
11166 break;
11167 case Token::MOD: {
11168 if (fixed_right_arg.IsJust() &&
11169 !right->EqualsInteger32Constant(fixed_right_arg.FromJust())) {
11170 HConstant* fixed_right =
11171 Add<HConstant>(static_cast<int>(fixed_right_arg.FromJust()));
11172 IfBuilder if_same(this);
11173 if_same.If<HCompareNumericAndBranch>(right, fixed_right, Token::EQ);
11174 if_same.Then();
11175 if_same.ElseDeopt(Deoptimizer::kUnexpectedRHSOfBinaryOperation);
11176 right = fixed_right;
11177 }
11178 instr = AddUncasted<HMod>(left, right, strength);
11179 break;
11180 }
11181 case Token::DIV:
11182 instr = AddUncasted<HDiv>(left, right, strength);
11183 break;
11184 case Token::BIT_XOR:
11185 case Token::BIT_AND:
11186 instr = AddUncasted<HBitwise>(op, left, right, strength);
11187 break;
11188 case Token::BIT_OR: {
11189 HValue *operand, *shift_amount;
11190 if (left_type->Is(Type::Signed32()) &&
11191 right_type->Is(Type::Signed32()) &&
11192 MatchRotateRight(left, right, &operand, &shift_amount)) {
11193 instr = AddUncasted<HRor>(operand, shift_amount, strength);
11194 } else {
11195 instr = AddUncasted<HBitwise>(op, left, right, strength);
11196 }
11197 break;
11198 }
11199 case Token::SAR:
11200 instr = AddUncasted<HSar>(left, right, strength);
11201 break;
11202 case Token::SHR:
11203 instr = AddUncasted<HShr>(left, right, strength);
11204 if (instr->IsShr() && CanBeZero(right)) {
11205 graph()->RecordUint32Instruction(instr);
11206 }
11207 break;
11208 case Token::SHL:
11209 instr = AddUncasted<HShl>(left, right, strength);
11210 break;
11211 default:
11212 UNREACHABLE();
11213 }
11214 }
11215
11216 if (instr->IsBinaryOperation()) {
11217 HBinaryOperation* binop = HBinaryOperation::cast(instr);
11218 binop->set_observed_input_representation(1, left_rep);
11219 binop->set_observed_input_representation(2, right_rep);
11220 binop->initialize_output_representation(result_rep);
11221 if (graph()->info()->IsStub()) {
11222 // Stub should not call into stub.
11223 instr->SetFlag(HValue::kCannotBeTagged);
11224 // And should truncate on HForceRepresentation already.
11225 if (left->IsForceRepresentation()) {
11226 left->CopyFlag(HValue::kTruncatingToSmi, instr);
11227 left->CopyFlag(HValue::kTruncatingToInt32, instr);
11228 }
11229 if (right->IsForceRepresentation()) {
11230 right->CopyFlag(HValue::kTruncatingToSmi, instr);
11231 right->CopyFlag(HValue::kTruncatingToInt32, instr);
11232 }
11233 }
11234 }
11235 return instr;
11236 }
11237
11238
11239 // Check for the form (%_ClassOf(foo) === 'BarClass').
11240 static bool IsClassOfTest(CompareOperation* expr) {
11241 if (expr->op() != Token::EQ_STRICT) return false;
11242 CallRuntime* call = expr->left()->AsCallRuntime();
11243 if (call == NULL) return false;
11244 Literal* literal = expr->right()->AsLiteral();
11245 if (literal == NULL) return false;
11246 if (!literal->value()->IsString()) return false;
11247 if (!call->is_jsruntime() &&
11248 call->function()->function_id != Runtime::kInlineClassOf) {
11249 return false;
11250 }
11251 DCHECK(call->arguments()->length() == 1);
11252 return true;
11253 }
11254
11255
11256 void HOptimizedGraphBuilder::VisitBinaryOperation(BinaryOperation* expr) {
11257 DCHECK(!HasStackOverflow());
11258 DCHECK(current_block() != NULL);
11259 DCHECK(current_block()->HasPredecessor());
11260 switch (expr->op()) {
11261 case Token::COMMA:
11262 return VisitComma(expr);
11263 case Token::OR:
11264 case Token::AND:
11265 return VisitLogicalExpression(expr);
11266 default:
11267 return VisitArithmeticExpression(expr);
11268 }
11269 }
11270
11271
11272 void HOptimizedGraphBuilder::VisitComma(BinaryOperation* expr) {
11273 CHECK_ALIVE(VisitForEffect(expr->left()));
11274 // Visit the right subexpression in the same AST context as the entire
11275 // expression.
11276 Visit(expr->right());
11277 }
11278
11279
11280 void HOptimizedGraphBuilder::VisitLogicalExpression(BinaryOperation* expr) {
11281 bool is_logical_and = expr->op() == Token::AND;
11282 if (ast_context()->IsTest()) {
11283 TestContext* context = TestContext::cast(ast_context());
11284 // Translate left subexpression.
11285 HBasicBlock* eval_right = graph()->CreateBasicBlock();
11286 if (is_logical_and) {
11287 CHECK_BAILOUT(VisitForControl(expr->left(),
11288 eval_right,
11289 context->if_false()));
11290 } else {
11291 CHECK_BAILOUT(VisitForControl(expr->left(),
11292 context->if_true(),
11293 eval_right));
11294 }
11295
11296 // Translate right subexpression by visiting it in the same AST
11297 // context as the entire expression.
11298 if (eval_right->HasPredecessor()) {
11299 eval_right->SetJoinId(expr->RightId());
11300 set_current_block(eval_right);
11301 Visit(expr->right());
11302 }
11303
11304 } else if (ast_context()->IsValue()) {
11305 CHECK_ALIVE(VisitForValue(expr->left()));
11306 DCHECK(current_block() != NULL);
11307 HValue* left_value = Top();
11308
11309 // Short-circuit left values that always evaluate to the same boolean value.
11310 if (expr->left()->ToBooleanIsTrue() || expr->left()->ToBooleanIsFalse()) {
11311 // l (evals true) && r -> r
11312 // l (evals true) || r -> l
11313 // l (evals false) && r -> l
11314 // l (evals false) || r -> r
11315 if (is_logical_and == expr->left()->ToBooleanIsTrue()) {
11316 Drop(1);
11317 CHECK_ALIVE(VisitForValue(expr->right()));
11318 }
11319 return ast_context()->ReturnValue(Pop());
11320 }
11321
11322 // We need an extra block to maintain edge-split form.
11323 HBasicBlock* empty_block = graph()->CreateBasicBlock();
11324 HBasicBlock* eval_right = graph()->CreateBasicBlock();
11325 ToBooleanStub::Types expected(expr->left()->to_boolean_types());
11326 HBranch* test = is_logical_and
11327 ? New<HBranch>(left_value, expected, eval_right, empty_block)
11328 : New<HBranch>(left_value, expected, empty_block, eval_right);
11329 FinishCurrentBlock(test);
11330
11331 set_current_block(eval_right);
11332 Drop(1); // Value of the left subexpression.
11333 CHECK_BAILOUT(VisitForValue(expr->right()));
11334
11335 HBasicBlock* join_block =
11336 CreateJoin(empty_block, current_block(), expr->id());
11337 set_current_block(join_block);
11338 return ast_context()->ReturnValue(Pop());
11339
11340 } else {
11341 DCHECK(ast_context()->IsEffect());
11342 // In an effect context, we don't need the value of the left subexpression,
11343 // only its control flow and side effects. We need an extra block to
11344 // maintain edge-split form.
11345 HBasicBlock* empty_block = graph()->CreateBasicBlock();
11346 HBasicBlock* right_block = graph()->CreateBasicBlock();
11347 if (is_logical_and) {
11348 CHECK_BAILOUT(VisitForControl(expr->left(), right_block, empty_block));
11349 } else {
11350 CHECK_BAILOUT(VisitForControl(expr->left(), empty_block, right_block));
11351 }
11352
11353 // TODO(kmillikin): Find a way to fix this. It's ugly that there are
11354 // actually two empty blocks (one here and one inserted by
11355 // TestContext::BuildBranch, and that they both have an HSimulate though the
11356 // second one is not a merge node, and that we really have no good AST ID to
11357 // put on that first HSimulate.
11358
11359 if (empty_block->HasPredecessor()) {
11360 empty_block->SetJoinId(expr->id());
11361 } else {
11362 empty_block = NULL;
11363 }
11364
11365 if (right_block->HasPredecessor()) {
11366 right_block->SetJoinId(expr->RightId());
11367 set_current_block(right_block);
11368 CHECK_BAILOUT(VisitForEffect(expr->right()));
11369 right_block = current_block();
11370 } else {
11371 right_block = NULL;
11372 }
11373
11374 HBasicBlock* join_block =
11375 CreateJoin(empty_block, right_block, expr->id());
11376 set_current_block(join_block);
11377 // We did not materialize any value in the predecessor environments,
11378 // so there is no need to handle it here.
11379 }
11380 }
11381
11382
11383 void HOptimizedGraphBuilder::VisitArithmeticExpression(BinaryOperation* expr) {
11384 CHECK_ALIVE(VisitForValue(expr->left()));
11385 CHECK_ALIVE(VisitForValue(expr->right()));
11386 SetSourcePosition(expr->position());
11387 HValue* right = Pop();
11388 HValue* left = Pop();
11389 HValue* result =
11390 BuildBinaryOperation(expr, left, right,
11391 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
11392 : PUSH_BEFORE_SIMULATE);
11393 if (top_info()->is_tracking_positions() && result->IsBinaryOperation()) {
11394 HBinaryOperation::cast(result)->SetOperandPositions(
11395 zone(),
11396 ScriptPositionToSourcePosition(expr->left()->position()),
11397 ScriptPositionToSourcePosition(expr->right()->position()));
11398 }
11399 return ast_context()->ReturnValue(result);
11400 }
11401
11402
11403 void HOptimizedGraphBuilder::HandleLiteralCompareTypeof(CompareOperation* expr,
11404 Expression* sub_expr,
11405 Handle<String> check) {
11406 CHECK_ALIVE(VisitForTypeOf(sub_expr));
11407 SetSourcePosition(expr->position());
11408 HValue* value = Pop();
11409 HTypeofIsAndBranch* instr = New<HTypeofIsAndBranch>(value, check);
11410 return ast_context()->ReturnControl(instr, expr->id());
11411 }
11412
11413
11414 static bool IsLiteralCompareBool(Isolate* isolate,
11415 HValue* left,
11416 Token::Value op,
11417 HValue* right) {
11418 return op == Token::EQ_STRICT &&
11419 ((left->IsConstant() &&
11420 HConstant::cast(left)->handle(isolate)->IsBoolean()) ||
11421 (right->IsConstant() &&
11422 HConstant::cast(right)->handle(isolate)->IsBoolean()));
11423 }
11424
11425
11426 void HOptimizedGraphBuilder::VisitCompareOperation(CompareOperation* expr) {
11427 DCHECK(!HasStackOverflow());
11428 DCHECK(current_block() != NULL);
11429 DCHECK(current_block()->HasPredecessor());
11430
11431 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
11432
11433 // Check for a few fast cases. The AST visiting behavior must be in sync
11434 // with the full codegen: We don't push both left and right values onto
11435 // the expression stack when one side is a special-case literal.
11436 Expression* sub_expr = NULL;
11437 Handle<String> check;
11438 if (expr->IsLiteralCompareTypeof(&sub_expr, &check)) {
11439 return HandleLiteralCompareTypeof(expr, sub_expr, check);
11440 }
11441 if (expr->IsLiteralCompareUndefined(&sub_expr, isolate())) {
11442 return HandleLiteralCompareNil(expr, sub_expr, kUndefinedValue);
11443 }
11444 if (expr->IsLiteralCompareNull(&sub_expr)) {
11445 return HandleLiteralCompareNil(expr, sub_expr, kNullValue);
11446 }
11447
11448 if (IsClassOfTest(expr)) {
11449 CallRuntime* call = expr->left()->AsCallRuntime();
11450 DCHECK(call->arguments()->length() == 1);
11451 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11452 HValue* value = Pop();
11453 Literal* literal = expr->right()->AsLiteral();
11454 Handle<String> rhs = Handle<String>::cast(literal->value());
11455 HClassOfTestAndBranch* instr = New<HClassOfTestAndBranch>(value, rhs);
11456 return ast_context()->ReturnControl(instr, expr->id());
11457 }
11458
11459 Type* left_type = expr->left()->bounds().lower;
11460 Type* right_type = expr->right()->bounds().lower;
11461 Type* combined_type = expr->combined_type();
11462
11463 CHECK_ALIVE(VisitForValue(expr->left()));
11464 CHECK_ALIVE(VisitForValue(expr->right()));
11465
11466 HValue* right = Pop();
11467 HValue* left = Pop();
11468 Token::Value op = expr->op();
11469
11470 if (IsLiteralCompareBool(isolate(), left, op, right)) {
11471 HCompareObjectEqAndBranch* result =
11472 New<HCompareObjectEqAndBranch>(left, right);
11473 return ast_context()->ReturnControl(result, expr->id());
11474 }
11475
11476 if (op == Token::INSTANCEOF) {
11477 // Check to see if the rhs of the instanceof is a known function.
11478 if (right->IsConstant() &&
11479 HConstant::cast(right)->handle(isolate())->IsJSFunction()) {
11480 Handle<JSFunction> constructor =
11481 Handle<JSFunction>::cast(HConstant::cast(right)->handle(isolate()));
11482 if (!constructor->map()->has_non_instance_prototype()) {
11483 JSFunction::EnsureHasInitialMap(constructor);
11484 DCHECK(constructor->has_initial_map());
11485 Handle<Map> initial_map(constructor->initial_map(), isolate());
11486 top_info()->dependencies()->AssumeInitialMapCantChange(initial_map);
11487 HInstruction* prototype =
11488 Add<HConstant>(handle(initial_map->prototype(), isolate()));
11489 HHasInPrototypeChainAndBranch* result =
11490 New<HHasInPrototypeChainAndBranch>(left, prototype);
11491 return ast_context()->ReturnControl(result, expr->id());
11492 }
11493 }
11494
11495 HInstanceOf* result = New<HInstanceOf>(left, right);
11496 return ast_context()->ReturnInstruction(result, expr->id());
11497
11498 } else if (op == Token::IN) {
11499 Add<HPushArguments>(left, right);
11500 HInstruction* result =
11501 New<HCallRuntime>(Runtime::FunctionForId(Runtime::kHasProperty), 2);
11502 return ast_context()->ReturnInstruction(result, expr->id());
11503 }
11504
11505 PushBeforeSimulateBehavior push_behavior =
11506 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
11507 : PUSH_BEFORE_SIMULATE;
11508 HControlInstruction* compare = BuildCompareInstruction(
11509 op, left, right, left_type, right_type, combined_type,
11510 ScriptPositionToSourcePosition(expr->left()->position()),
11511 ScriptPositionToSourcePosition(expr->right()->position()),
11512 push_behavior, expr->id());
11513 if (compare == NULL) return; // Bailed out.
11514 return ast_context()->ReturnControl(compare, expr->id());
11515 }
11516
11517
11518 HControlInstruction* HOptimizedGraphBuilder::BuildCompareInstruction(
11519 Token::Value op, HValue* left, HValue* right, Type* left_type,
11520 Type* right_type, Type* combined_type, SourcePosition left_position,
11521 SourcePosition right_position, PushBeforeSimulateBehavior push_sim_result,
11522 BailoutId bailout_id) {
11523 // Cases handled below depend on collected type feedback. They should
11524 // soft deoptimize when there is no type feedback.
11525 if (!combined_type->IsInhabited()) {
11526 Add<HDeoptimize>(
11527 Deoptimizer::kInsufficientTypeFeedbackForCombinedTypeOfBinaryOperation,
11528 Deoptimizer::SOFT);
11529 combined_type = left_type = right_type = Type::Any(zone());
11530 }
11531
11532 Representation left_rep = RepresentationFor(left_type);
11533 Representation right_rep = RepresentationFor(right_type);
11534 Representation combined_rep = RepresentationFor(combined_type);
11535
11536 if (combined_type->Is(Type::Receiver())) {
11537 if (Token::IsEqualityOp(op)) {
11538 // HCompareObjectEqAndBranch can only deal with object, so
11539 // exclude numbers.
11540 if ((left->IsConstant() &&
11541 HConstant::cast(left)->HasNumberValue()) ||
11542 (right->IsConstant() &&
11543 HConstant::cast(right)->HasNumberValue())) {
11544 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
11545 Deoptimizer::SOFT);
11546 // The caller expects a branch instruction, so make it happy.
11547 return New<HBranch>(graph()->GetConstantTrue());
11548 }
11549 // Can we get away with map check and not instance type check?
11550 HValue* operand_to_check =
11551 left->block()->block_id() < right->block()->block_id() ? left : right;
11552 if (combined_type->IsClass()) {
11553 Handle<Map> map = combined_type->AsClass()->Map();
11554 AddCheckMap(operand_to_check, map);
11555 HCompareObjectEqAndBranch* result =
11556 New<HCompareObjectEqAndBranch>(left, right);
11557 if (top_info()->is_tracking_positions()) {
11558 result->set_operand_position(zone(), 0, left_position);
11559 result->set_operand_position(zone(), 1, right_position);
11560 }
11561 return result;
11562 } else {
11563 BuildCheckHeapObject(operand_to_check);
11564 Add<HCheckInstanceType>(operand_to_check,
11565 HCheckInstanceType::IS_SPEC_OBJECT);
11566 HCompareObjectEqAndBranch* result =
11567 New<HCompareObjectEqAndBranch>(left, right);
11568 return result;
11569 }
11570 } else {
11571 if (combined_type->IsClass()) {
11572 // TODO(bmeurer): This is an optimized version of an x < y, x > y,
11573 // x <= y or x >= y, where both x and y are spec objects with the
11574 // same map. The CompareIC collects this map for us. So if we know
11575 // that there's no @@toPrimitive on the map (including the prototype
11576 // chain), and both valueOf and toString are the default initial
11577 // implementations (on the %ObjectPrototype%), then we can reduce
11578 // the comparison to map checks on x and y, because the comparison
11579 // will turn into a comparison of "[object CLASS]" to itself (the
11580 // default outcome of toString, since valueOf returns a spec object).
11581 // This is pretty much adhoc, so in TurboFan we could do a lot better
11582 // and inline the interesting parts of ToPrimitive (actually we could
11583 // even do that in Crankshaft but we don't want to waste too much
11584 // time on this now).
11585 DCHECK(Token::IsOrderedRelationalCompareOp(op));
11586 Handle<Map> map = combined_type->AsClass()->Map();
11587 PropertyAccessInfo value_of(this, LOAD, map,
11588 isolate()->factory()->valueOf_string());
11589 PropertyAccessInfo to_primitive(
11590 this, LOAD, map, isolate()->factory()->to_primitive_symbol());
11591 PropertyAccessInfo to_string(this, LOAD, map,
11592 isolate()->factory()->toString_string());
11593 PropertyAccessInfo to_string_tag(
11594 this, LOAD, map, isolate()->factory()->to_string_tag_symbol());
11595 if (to_primitive.CanAccessMonomorphic() && !to_primitive.IsFound() &&
11596 to_string_tag.CanAccessMonomorphic() &&
11597 (!to_string_tag.IsFound() || to_string_tag.IsData() ||
11598 to_string_tag.IsDataConstant()) &&
11599 value_of.CanAccessMonomorphic() && value_of.IsDataConstant() &&
11600 value_of.constant().is_identical_to(isolate()->object_value_of()) &&
11601 to_string.CanAccessMonomorphic() && to_string.IsDataConstant() &&
11602 to_string.constant().is_identical_to(
11603 isolate()->object_to_string())) {
11604 // We depend on the prototype chain to stay the same, because we
11605 // also need to deoptimize when someone installs @@toPrimitive
11606 // or @@toStringTag somewhere in the prototype chain.
11607 BuildCheckPrototypeMaps(handle(JSObject::cast(map->prototype())),
11608 Handle<JSObject>::null());
11609 AddCheckMap(left, map);
11610 AddCheckMap(right, map);
11611 // The caller expects a branch instruction, so make it happy.
11612 return New<HBranch>(
11613 graph()->GetConstantBool(op == Token::LTE || op == Token::GTE));
11614 }
11615 }
11616 Bailout(kUnsupportedNonPrimitiveCompare);
11617 return NULL;
11618 }
11619 } else if (combined_type->Is(Type::InternalizedString()) &&
11620 Token::IsEqualityOp(op)) {
11621 // If we have a constant argument, it should be consistent with the type
11622 // feedback (otherwise we fail assertions in HCompareObjectEqAndBranch).
11623 if ((left->IsConstant() &&
11624 !HConstant::cast(left)->HasInternalizedStringValue()) ||
11625 (right->IsConstant() &&
11626 !HConstant::cast(right)->HasInternalizedStringValue())) {
11627 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
11628 Deoptimizer::SOFT);
11629 // The caller expects a branch instruction, so make it happy.
11630 return New<HBranch>(graph()->GetConstantTrue());
11631 }
11632 BuildCheckHeapObject(left);
11633 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_INTERNALIZED_STRING);
11634 BuildCheckHeapObject(right);
11635 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_INTERNALIZED_STRING);
11636 HCompareObjectEqAndBranch* result =
11637 New<HCompareObjectEqAndBranch>(left, right);
11638 return result;
11639 } else if (combined_type->Is(Type::String())) {
11640 BuildCheckHeapObject(left);
11641 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_STRING);
11642 BuildCheckHeapObject(right);
11643 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_STRING);
11644 HStringCompareAndBranch* result =
11645 New<HStringCompareAndBranch>(left, right, op);
11646 return result;
11647 } else if (combined_type->Is(Type::Boolean())) {
11648 AddCheckMap(left, isolate()->factory()->boolean_map());
11649 AddCheckMap(right, isolate()->factory()->boolean_map());
11650 if (Token::IsEqualityOp(op)) {
11651 HCompareObjectEqAndBranch* result =
11652 New<HCompareObjectEqAndBranch>(left, right);
11653 return result;
11654 }
11655 left = Add<HLoadNamedField>(
11656 left, nullptr,
11657 HObjectAccess::ForOddballToNumber(Representation::Smi()));
11658 right = Add<HLoadNamedField>(
11659 right, nullptr,
11660 HObjectAccess::ForOddballToNumber(Representation::Smi()));
11661 HCompareNumericAndBranch* result =
11662 New<HCompareNumericAndBranch>(left, right, op);
11663 return result;
11664 } else {
11665 if (combined_rep.IsTagged() || combined_rep.IsNone()) {
11666 HCompareGeneric* result = Add<HCompareGeneric>(
11667 left, right, op, strength(function_language_mode()));
11668 result->set_observed_input_representation(1, left_rep);
11669 result->set_observed_input_representation(2, right_rep);
11670 if (result->HasObservableSideEffects()) {
11671 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
11672 Push(result);
11673 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11674 Drop(1);
11675 } else {
11676 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11677 }
11678 }
11679 // TODO(jkummerow): Can we make this more efficient?
11680 HBranch* branch = New<HBranch>(result);
11681 return branch;
11682 } else {
11683 HCompareNumericAndBranch* result = New<HCompareNumericAndBranch>(
11684 left, right, op, strength(function_language_mode()));
11685 result->set_observed_input_representation(left_rep, right_rep);
11686 if (top_info()->is_tracking_positions()) {
11687 result->SetOperandPositions(zone(), left_position, right_position);
11688 }
11689 return result;
11690 }
11691 }
11692 }
11693
11694
11695 void HOptimizedGraphBuilder::HandleLiteralCompareNil(CompareOperation* expr,
11696 Expression* sub_expr,
11697 NilValue nil) {
11698 DCHECK(!HasStackOverflow());
11699 DCHECK(current_block() != NULL);
11700 DCHECK(current_block()->HasPredecessor());
11701 DCHECK(expr->op() == Token::EQ || expr->op() == Token::EQ_STRICT);
11702 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
11703 CHECK_ALIVE(VisitForValue(sub_expr));
11704 HValue* value = Pop();
11705 if (expr->op() == Token::EQ_STRICT) {
11706 HConstant* nil_constant = nil == kNullValue
11707 ? graph()->GetConstantNull()
11708 : graph()->GetConstantUndefined();
11709 HCompareObjectEqAndBranch* instr =
11710 New<HCompareObjectEqAndBranch>(value, nil_constant);
11711 return ast_context()->ReturnControl(instr, expr->id());
11712 } else {
11713 DCHECK_EQ(Token::EQ, expr->op());
11714 Type* type = expr->combined_type()->Is(Type::None())
11715 ? Type::Any(zone()) : expr->combined_type();
11716 HIfContinuation continuation;
11717 BuildCompareNil(value, type, &continuation);
11718 return ast_context()->ReturnContinuation(&continuation, expr->id());
11719 }
11720 }
11721
11722
11723 void HOptimizedGraphBuilder::VisitSpread(Spread* expr) { UNREACHABLE(); }
11724
11725
11726 void HOptimizedGraphBuilder::VisitEmptyParentheses(EmptyParentheses* expr) {
11727 UNREACHABLE();
11728 }
11729
11730
11731 HInstruction* HOptimizedGraphBuilder::BuildThisFunction() {
11732 // If we share optimized code between different closures, the
11733 // this-function is not a constant, except inside an inlined body.
11734 if (function_state()->outer() != NULL) {
11735 return New<HConstant>(
11736 function_state()->compilation_info()->closure());
11737 } else {
11738 return New<HThisFunction>();
11739 }
11740 }
11741
11742
11743 HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
11744 Handle<JSObject> boilerplate_object,
11745 AllocationSiteUsageContext* site_context) {
11746 NoObservableSideEffectsScope no_effects(this);
11747 Handle<Map> initial_map(boilerplate_object->map());
11748 InstanceType instance_type = initial_map->instance_type();
11749 DCHECK(instance_type == JS_ARRAY_TYPE || instance_type == JS_OBJECT_TYPE);
11750
11751 HType type = instance_type == JS_ARRAY_TYPE
11752 ? HType::JSArray() : HType::JSObject();
11753 HValue* object_size_constant = Add<HConstant>(initial_map->instance_size());
11754
11755 PretenureFlag pretenure_flag = NOT_TENURED;
11756 Handle<AllocationSite> top_site(*site_context->top(), isolate());
11757 if (FLAG_allocation_site_pretenuring) {
11758 pretenure_flag = top_site->GetPretenureMode();
11759 }
11760
11761 Handle<AllocationSite> current_site(*site_context->current(), isolate());
11762 if (*top_site == *current_site) {
11763 // We install a dependency for pretenuring only on the outermost literal.
11764 top_info()->dependencies()->AssumeTenuringDecision(top_site);
11765 }
11766 top_info()->dependencies()->AssumeTransitionStable(current_site);
11767
11768 HInstruction* object = Add<HAllocate>(
11769 object_size_constant, type, pretenure_flag, instance_type, top_site);
11770
11771 // If allocation folding reaches Page::kMaxRegularHeapObjectSize the
11772 // elements array may not get folded into the object. Hence, we set the
11773 // elements pointer to empty fixed array and let store elimination remove
11774 // this store in the folding case.
11775 HConstant* empty_fixed_array = Add<HConstant>(
11776 isolate()->factory()->empty_fixed_array());
11777 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11778 empty_fixed_array);
11779
11780 BuildEmitObjectHeader(boilerplate_object, object);
11781
11782 // Similarly to the elements pointer, there is no guarantee that all
11783 // property allocations can get folded, so pre-initialize all in-object
11784 // properties to a safe value.
11785 BuildInitializeInobjectProperties(object, initial_map);
11786
11787 Handle<FixedArrayBase> elements(boilerplate_object->elements());
11788 int elements_size = (elements->length() > 0 &&
11789 elements->map() != isolate()->heap()->fixed_cow_array_map()) ?
11790 elements->Size() : 0;
11791
11792 if (pretenure_flag == TENURED &&
11793 elements->map() == isolate()->heap()->fixed_cow_array_map() &&
11794 isolate()->heap()->InNewSpace(*elements)) {
11795 // If we would like to pretenure a fixed cow array, we must ensure that the
11796 // array is already in old space, otherwise we'll create too many old-to-
11797 // new-space pointers (overflowing the store buffer).
11798 elements = Handle<FixedArrayBase>(
11799 isolate()->factory()->CopyAndTenureFixedCOWArray(
11800 Handle<FixedArray>::cast(elements)));
11801 boilerplate_object->set_elements(*elements);
11802 }
11803
11804 HInstruction* object_elements = NULL;
11805 if (elements_size > 0) {
11806 HValue* object_elements_size = Add<HConstant>(elements_size);
11807 InstanceType instance_type = boilerplate_object->HasFastDoubleElements()
11808 ? FIXED_DOUBLE_ARRAY_TYPE : FIXED_ARRAY_TYPE;
11809 object_elements = Add<HAllocate>(object_elements_size, HType::HeapObject(),
11810 pretenure_flag, instance_type, top_site);
11811 BuildEmitElements(boilerplate_object, elements, object_elements,
11812 site_context);
11813 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11814 object_elements);
11815 } else {
11816 Handle<Object> elements_field =
11817 Handle<Object>(boilerplate_object->elements(), isolate());
11818 HInstruction* object_elements_cow = Add<HConstant>(elements_field);
11819 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11820 object_elements_cow);
11821 }
11822
11823 // Copy in-object properties.
11824 if (initial_map->NumberOfFields() != 0 ||
11825 initial_map->unused_property_fields() > 0) {
11826 BuildEmitInObjectProperties(boilerplate_object, object, site_context,
11827 pretenure_flag);
11828 }
11829 return object;
11830 }
11831
11832
11833 void HOptimizedGraphBuilder::BuildEmitObjectHeader(
11834 Handle<JSObject> boilerplate_object,
11835 HInstruction* object) {
11836 DCHECK(boilerplate_object->properties()->length() == 0);
11837
11838 Handle<Map> boilerplate_object_map(boilerplate_object->map());
11839 AddStoreMapConstant(object, boilerplate_object_map);
11840
11841 Handle<Object> properties_field =
11842 Handle<Object>(boilerplate_object->properties(), isolate());
11843 DCHECK(*properties_field == isolate()->heap()->empty_fixed_array());
11844 HInstruction* properties = Add<HConstant>(properties_field);
11845 HObjectAccess access = HObjectAccess::ForPropertiesPointer();
11846 Add<HStoreNamedField>(object, access, properties);
11847
11848 if (boilerplate_object->IsJSArray()) {
11849 Handle<JSArray> boilerplate_array =
11850 Handle<JSArray>::cast(boilerplate_object);
11851 Handle<Object> length_field =
11852 Handle<Object>(boilerplate_array->length(), isolate());
11853 HInstruction* length = Add<HConstant>(length_field);
11854
11855 DCHECK(boilerplate_array->length()->IsSmi());
11856 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(
11857 boilerplate_array->GetElementsKind()), length);
11858 }
11859 }
11860
11861
11862 void HOptimizedGraphBuilder::BuildEmitInObjectProperties(
11863 Handle<JSObject> boilerplate_object,
11864 HInstruction* object,
11865 AllocationSiteUsageContext* site_context,
11866 PretenureFlag pretenure_flag) {
11867 Handle<Map> boilerplate_map(boilerplate_object->map());
11868 Handle<DescriptorArray> descriptors(boilerplate_map->instance_descriptors());
11869 int limit = boilerplate_map->NumberOfOwnDescriptors();
11870
11871 int copied_fields = 0;
11872 for (int i = 0; i < limit; i++) {
11873 PropertyDetails details = descriptors->GetDetails(i);
11874 if (details.type() != DATA) continue;
11875 copied_fields++;
11876 FieldIndex field_index = FieldIndex::ForDescriptor(*boilerplate_map, i);
11877
11878
11879 int property_offset = field_index.offset();
11880 Handle<Name> name(descriptors->GetKey(i));
11881
11882 // The access for the store depends on the type of the boilerplate.
11883 HObjectAccess access = boilerplate_object->IsJSArray() ?
11884 HObjectAccess::ForJSArrayOffset(property_offset) :
11885 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11886
11887 if (boilerplate_object->IsUnboxedDoubleField(field_index)) {
11888 CHECK(!boilerplate_object->IsJSArray());
11889 double value = boilerplate_object->RawFastDoublePropertyAt(field_index);
11890 access = access.WithRepresentation(Representation::Double());
11891 Add<HStoreNamedField>(object, access, Add<HConstant>(value));
11892 continue;
11893 }
11894 Handle<Object> value(boilerplate_object->RawFastPropertyAt(field_index),
11895 isolate());
11896
11897 if (value->IsJSObject()) {
11898 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11899 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11900 HInstruction* result =
11901 BuildFastLiteral(value_object, site_context);
11902 site_context->ExitScope(current_site, value_object);
11903 Add<HStoreNamedField>(object, access, result);
11904 } else {
11905 Representation representation = details.representation();
11906 HInstruction* value_instruction;
11907
11908 if (representation.IsDouble()) {
11909 // Allocate a HeapNumber box and store the value into it.
11910 HValue* heap_number_constant = Add<HConstant>(HeapNumber::kSize);
11911 HInstruction* double_box =
11912 Add<HAllocate>(heap_number_constant, HType::HeapObject(),
11913 pretenure_flag, MUTABLE_HEAP_NUMBER_TYPE);
11914 AddStoreMapConstant(double_box,
11915 isolate()->factory()->mutable_heap_number_map());
11916 // Unwrap the mutable heap number from the boilerplate.
11917 HValue* double_value =
11918 Add<HConstant>(Handle<HeapNumber>::cast(value)->value());
11919 Add<HStoreNamedField>(
11920 double_box, HObjectAccess::ForHeapNumberValue(), double_value);
11921 value_instruction = double_box;
11922 } else if (representation.IsSmi()) {
11923 value_instruction = value->IsUninitialized()
11924 ? graph()->GetConstant0()
11925 : Add<HConstant>(value);
11926 // Ensure that value is stored as smi.
11927 access = access.WithRepresentation(representation);
11928 } else {
11929 value_instruction = Add<HConstant>(value);
11930 }
11931
11932 Add<HStoreNamedField>(object, access, value_instruction);
11933 }
11934 }
11935
11936 int inobject_properties = boilerplate_object->map()->GetInObjectProperties();
11937 HInstruction* value_instruction =
11938 Add<HConstant>(isolate()->factory()->one_pointer_filler_map());
11939 for (int i = copied_fields; i < inobject_properties; i++) {
11940 DCHECK(boilerplate_object->IsJSObject());
11941 int property_offset = boilerplate_object->GetInObjectPropertyOffset(i);
11942 HObjectAccess access =
11943 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11944 Add<HStoreNamedField>(object, access, value_instruction);
11945 }
11946 }
11947
11948
11949 void HOptimizedGraphBuilder::BuildEmitElements(
11950 Handle<JSObject> boilerplate_object,
11951 Handle<FixedArrayBase> elements,
11952 HValue* object_elements,
11953 AllocationSiteUsageContext* site_context) {
11954 ElementsKind kind = boilerplate_object->map()->elements_kind();
11955 int elements_length = elements->length();
11956 HValue* object_elements_length = Add<HConstant>(elements_length);
11957 BuildInitializeElementsHeader(object_elements, kind, object_elements_length);
11958
11959 // Copy elements backing store content.
11960 if (elements->IsFixedDoubleArray()) {
11961 BuildEmitFixedDoubleArray(elements, kind, object_elements);
11962 } else if (elements->IsFixedArray()) {
11963 BuildEmitFixedArray(elements, kind, object_elements,
11964 site_context);
11965 } else {
11966 UNREACHABLE();
11967 }
11968 }
11969
11970
11971 void HOptimizedGraphBuilder::BuildEmitFixedDoubleArray(
11972 Handle<FixedArrayBase> elements,
11973 ElementsKind kind,
11974 HValue* object_elements) {
11975 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11976 int elements_length = elements->length();
11977 for (int i = 0; i < elements_length; i++) {
11978 HValue* key_constant = Add<HConstant>(i);
11979 HInstruction* value_instruction = Add<HLoadKeyed>(
11980 boilerplate_elements, key_constant, nullptr, kind, ALLOW_RETURN_HOLE);
11981 HInstruction* store = Add<HStoreKeyed>(object_elements, key_constant,
11982 value_instruction, kind);
11983 store->SetFlag(HValue::kAllowUndefinedAsNaN);
11984 }
11985 }
11986
11987
11988 void HOptimizedGraphBuilder::BuildEmitFixedArray(
11989 Handle<FixedArrayBase> elements,
11990 ElementsKind kind,
11991 HValue* object_elements,
11992 AllocationSiteUsageContext* site_context) {
11993 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11994 int elements_length = elements->length();
11995 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
11996 for (int i = 0; i < elements_length; i++) {
11997 Handle<Object> value(fast_elements->get(i), isolate());
11998 HValue* key_constant = Add<HConstant>(i);
11999 if (value->IsJSObject()) {
12000 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
12001 Handle<AllocationSite> current_site = site_context->EnterNewScope();
12002 HInstruction* result =
12003 BuildFastLiteral(value_object, site_context);
12004 site_context->ExitScope(current_site, value_object);
12005 Add<HStoreKeyed>(object_elements, key_constant, result, kind);
12006 } else {
12007 ElementsKind copy_kind =
12008 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
12009 HInstruction* value_instruction =
12010 Add<HLoadKeyed>(boilerplate_elements, key_constant, nullptr,
12011 copy_kind, ALLOW_RETURN_HOLE);
12012 Add<HStoreKeyed>(object_elements, key_constant, value_instruction,
12013 copy_kind);
12014 }
12015 }
12016 }
12017
12018
12019 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) {
12020 DCHECK(!HasStackOverflow());
12021 DCHECK(current_block() != NULL);
12022 DCHECK(current_block()->HasPredecessor());
12023 HInstruction* instr = BuildThisFunction();
12024 return ast_context()->ReturnInstruction(instr, expr->id());
12025 }
12026
12027
12028 void HOptimizedGraphBuilder::VisitSuperPropertyReference(
12029 SuperPropertyReference* expr) {
12030 DCHECK(!HasStackOverflow());
12031 DCHECK(current_block() != NULL);
12032 DCHECK(current_block()->HasPredecessor());
12033 return Bailout(kSuperReference);
12034 }
12035
12036
12037 void HOptimizedGraphBuilder::VisitSuperCallReference(SuperCallReference* expr) {
12038 DCHECK(!HasStackOverflow());
12039 DCHECK(current_block() != NULL);
12040 DCHECK(current_block()->HasPredecessor());
12041 return Bailout(kSuperReference);
12042 }
12043
12044
12045 void HOptimizedGraphBuilder::VisitDeclarations(
12046 ZoneList<Declaration*>* declarations) {
12047 DCHECK(globals_.is_empty());
12048 AstVisitor::VisitDeclarations(declarations);
12049 if (!globals_.is_empty()) {
12050 Handle<FixedArray> array =
12051 isolate()->factory()->NewFixedArray(globals_.length(), TENURED);
12052 for (int i = 0; i < globals_.length(); ++i) array->set(i, *globals_.at(i));
12053 int flags =
12054 DeclareGlobalsEvalFlag::encode(current_info()->is_eval()) |
12055 DeclareGlobalsNativeFlag::encode(current_info()->is_native()) |
12056 DeclareGlobalsLanguageMode::encode(current_info()->language_mode());
12057 Add<HDeclareGlobals>(array, flags);
12058 globals_.Rewind(0);
12059 }
12060 }
12061
12062
12063 void HOptimizedGraphBuilder::VisitVariableDeclaration(
12064 VariableDeclaration* declaration) {
12065 VariableProxy* proxy = declaration->proxy();
12066 VariableMode mode = declaration->mode();
12067 Variable* variable = proxy->var();
12068 bool hole_init = mode == LET || mode == CONST || mode == CONST_LEGACY;
12069 switch (variable->location()) {
12070 case VariableLocation::GLOBAL:
12071 case VariableLocation::UNALLOCATED:
12072 globals_.Add(variable->name(), zone());
12073 globals_.Add(variable->binding_needs_init()
12074 ? isolate()->factory()->the_hole_value()
12075 : isolate()->factory()->undefined_value(), zone());
12076 return;
12077 case VariableLocation::PARAMETER:
12078 case VariableLocation::LOCAL:
12079 if (hole_init) {
12080 HValue* value = graph()->GetConstantHole();
12081 environment()->Bind(variable, value);
12082 }
12083 break;
12084 case VariableLocation::CONTEXT:
12085 if (hole_init) {
12086 HValue* value = graph()->GetConstantHole();
12087 HValue* context = environment()->context();
12088 HStoreContextSlot* store = Add<HStoreContextSlot>(
12089 context, variable->index(), HStoreContextSlot::kNoCheck, value);
12090 if (store->HasObservableSideEffects()) {
12091 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
12092 }
12093 }
12094 break;
12095 case VariableLocation::LOOKUP:
12096 return Bailout(kUnsupportedLookupSlotInDeclaration);
12097 }
12098 }
12099
12100
12101 void HOptimizedGraphBuilder::VisitFunctionDeclaration(
12102 FunctionDeclaration* declaration) {
12103 VariableProxy* proxy = declaration->proxy();
12104 Variable* variable = proxy->var();
12105 switch (variable->location()) {
12106 case VariableLocation::GLOBAL:
12107 case VariableLocation::UNALLOCATED: {
12108 globals_.Add(variable->name(), zone());
12109 Handle<SharedFunctionInfo> function = Compiler::GetSharedFunctionInfo(
12110 declaration->fun(), current_info()->script(), top_info());
12111 // Check for stack-overflow exception.
12112 if (function.is_null()) return SetStackOverflow();
12113 globals_.Add(function, zone());
12114 return;
12115 }
12116 case VariableLocation::PARAMETER:
12117 case VariableLocation::LOCAL: {
12118 CHECK_ALIVE(VisitForValue(declaration->fun()));
12119 HValue* value = Pop();
12120 BindIfLive(variable, value);
12121 break;
12122 }
12123 case VariableLocation::CONTEXT: {
12124 CHECK_ALIVE(VisitForValue(declaration->fun()));
12125 HValue* value = Pop();
12126 HValue* context = environment()->context();
12127 HStoreContextSlot* store = Add<HStoreContextSlot>(
12128 context, variable->index(), HStoreContextSlot::kNoCheck, value);
12129 if (store->HasObservableSideEffects()) {
12130 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
12131 }
12132 break;
12133 }
12134 case VariableLocation::LOOKUP:
12135 return Bailout(kUnsupportedLookupSlotInDeclaration);
12136 }
12137 }
12138
12139
12140 void HOptimizedGraphBuilder::VisitImportDeclaration(
12141 ImportDeclaration* declaration) {
12142 UNREACHABLE();
12143 }
12144
12145
12146 void HOptimizedGraphBuilder::VisitExportDeclaration(
12147 ExportDeclaration* declaration) {
12148 UNREACHABLE();
12149 }
12150
12151
12152 // Generators for inline runtime functions.
12153 // Support for types.
12154 void HOptimizedGraphBuilder::GenerateIsSmi(CallRuntime* call) {
12155 DCHECK(call->arguments()->length() == 1);
12156 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12157 HValue* value = Pop();
12158 HIsSmiAndBranch* result = New<HIsSmiAndBranch>(value);
12159 return ast_context()->ReturnControl(result, call->id());
12160 }
12161
12162
12163 void HOptimizedGraphBuilder::GenerateIsSpecObject(CallRuntime* call) {
12164 DCHECK(call->arguments()->length() == 1);
12165 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12166 HValue* value = Pop();
12167 HHasInstanceTypeAndBranch* result =
12168 New<HHasInstanceTypeAndBranch>(value,
12169 FIRST_SPEC_OBJECT_TYPE,
12170 LAST_SPEC_OBJECT_TYPE);
12171 return ast_context()->ReturnControl(result, call->id());
12172 }
12173
12174
12175 void HOptimizedGraphBuilder::GenerateIsFunction(CallRuntime* call) {
12176 DCHECK(call->arguments()->length() == 1);
12177 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12178 HValue* value = Pop();
12179 HHasInstanceTypeAndBranch* result =
12180 New<HHasInstanceTypeAndBranch>(value, JS_FUNCTION_TYPE);
12181 return ast_context()->ReturnControl(result, call->id());
12182 }
12183
12184
12185 void HOptimizedGraphBuilder::GenerateIsMinusZero(CallRuntime* call) {
12186 DCHECK(call->arguments()->length() == 1);
12187 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12188 HValue* value = Pop();
12189 HCompareMinusZeroAndBranch* result = New<HCompareMinusZeroAndBranch>(value);
12190 return ast_context()->ReturnControl(result, call->id());
12191 }
12192
12193
12194 void HOptimizedGraphBuilder::GenerateHasCachedArrayIndex(CallRuntime* call) {
12195 DCHECK(call->arguments()->length() == 1);
12196 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12197 HValue* value = Pop();
12198 HHasCachedArrayIndexAndBranch* result =
12199 New<HHasCachedArrayIndexAndBranch>(value);
12200 return ast_context()->ReturnControl(result, call->id());
12201 }
12202
12203
12204 void HOptimizedGraphBuilder::GenerateIsArray(CallRuntime* call) {
12205 DCHECK(call->arguments()->length() == 1);
12206 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12207 HValue* value = Pop();
12208 HHasInstanceTypeAndBranch* result =
12209 New<HHasInstanceTypeAndBranch>(value, JS_ARRAY_TYPE);
12210 return ast_context()->ReturnControl(result, call->id());
12211 }
12212
12213
12214 void HOptimizedGraphBuilder::GenerateIsTypedArray(CallRuntime* call) {
12215 DCHECK(call->arguments()->length() == 1);
12216 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12217 HValue* value = Pop();
12218 HHasInstanceTypeAndBranch* result =
12219 New<HHasInstanceTypeAndBranch>(value, JS_TYPED_ARRAY_TYPE);
12220 return ast_context()->ReturnControl(result, call->id());
12221 }
12222
12223
12224 void HOptimizedGraphBuilder::GenerateIsRegExp(CallRuntime* call) {
12225 DCHECK(call->arguments()->length() == 1);
12226 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12227 HValue* value = Pop();
12228 HHasInstanceTypeAndBranch* result =
12229 New<HHasInstanceTypeAndBranch>(value, JS_REGEXP_TYPE);
12230 return ast_context()->ReturnControl(result, call->id());
12231 }
12232
12233
12234 void HOptimizedGraphBuilder::GenerateToInteger(CallRuntime* call) {
12235 DCHECK_EQ(1, call->arguments()->length());
12236 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12237 HValue* input = Pop();
12238 if (input->type().IsSmi()) {
12239 return ast_context()->ReturnValue(input);
12240 } else {
12241 IfBuilder if_inputissmi(this);
12242 if_inputissmi.If<HIsSmiAndBranch>(input);
12243 if_inputissmi.Then();
12244 {
12245 // Return the input value.
12246 Push(input);
12247 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12248 }
12249 if_inputissmi.Else();
12250 {
12251 Add<HPushArguments>(input);
12252 Push(Add<HCallRuntime>(Runtime::FunctionForId(Runtime::kToInteger), 1));
12253 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12254 }
12255 if_inputissmi.End();
12256 return ast_context()->ReturnValue(Pop());
12257 }
12258 }
12259
12260
12261 void HOptimizedGraphBuilder::GenerateToObject(CallRuntime* call) {
12262 DCHECK_EQ(1, call->arguments()->length());
12263 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12264 HValue* value = Pop();
12265 HValue* result = BuildToObject(value);
12266 return ast_context()->ReturnValue(result);
12267 }
12268
12269
12270 void HOptimizedGraphBuilder::GenerateToString(CallRuntime* call) {
12271 DCHECK_EQ(1, call->arguments()->length());
12272 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12273 Callable callable = CodeFactory::ToString(isolate());
12274 HValue* input = Pop();
12275 if (input->type().IsString()) {
12276 return ast_context()->ReturnValue(input);
12277 } else {
12278 HValue* stub = Add<HConstant>(callable.code());
12279 HValue* values[] = {context(), input};
12280 HInstruction* result =
12281 New<HCallWithDescriptor>(stub, 0, callable.descriptor(),
12282 Vector<HValue*>(values, arraysize(values)));
12283 return ast_context()->ReturnInstruction(result, call->id());
12284 }
12285 }
12286
12287
12288 void HOptimizedGraphBuilder::GenerateToLength(CallRuntime* call) {
12289 DCHECK_EQ(1, call->arguments()->length());
12290 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12291 Callable callable = CodeFactory::ToLength(isolate());
12292 HValue* input = Pop();
12293 HValue* stub = Add<HConstant>(callable.code());
12294 HValue* values[] = {context(), input};
12295 HInstruction* result =
12296 New<HCallWithDescriptor>(stub, 0, callable.descriptor(),
12297 Vector<HValue*>(values, arraysize(values)));
12298 return ast_context()->ReturnInstruction(result, call->id());
12299 }
12300
12301
12302 void HOptimizedGraphBuilder::GenerateToNumber(CallRuntime* call) {
12303 DCHECK_EQ(1, call->arguments()->length());
12304 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12305 Callable callable = CodeFactory::ToNumber(isolate());
12306 HValue* input = Pop();
12307 if (input->type().IsTaggedNumber()) {
12308 return ast_context()->ReturnValue(input);
12309 } else {
12310 HValue* stub = Add<HConstant>(callable.code());
12311 HValue* values[] = {context(), input};
12312 HInstruction* result =
12313 New<HCallWithDescriptor>(stub, 0, callable.descriptor(),
12314 Vector<HValue*>(values, arraysize(values)));
12315 return ast_context()->ReturnInstruction(result, call->id());
12316 }
12317 }
12318
12319
12320 void HOptimizedGraphBuilder::GenerateIsJSProxy(CallRuntime* call) {
12321 DCHECK(call->arguments()->length() == 1);
12322 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12323 HValue* value = Pop();
12324 HIfContinuation continuation;
12325 IfBuilder if_proxy(this);
12326
12327 HValue* smicheck = if_proxy.IfNot<HIsSmiAndBranch>(value);
12328 if_proxy.And();
12329 HValue* map = Add<HLoadNamedField>(value, smicheck, HObjectAccess::ForMap());
12330 HValue* instance_type =
12331 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
12332 if_proxy.If<HCompareNumericAndBranch>(
12333 instance_type, Add<HConstant>(FIRST_JS_PROXY_TYPE), Token::GTE);
12334 if_proxy.And();
12335 if_proxy.If<HCompareNumericAndBranch>(
12336 instance_type, Add<HConstant>(LAST_JS_PROXY_TYPE), Token::LTE);
12337
12338 if_proxy.CaptureContinuation(&continuation);
12339 return ast_context()->ReturnContinuation(&continuation, call->id());
12340 }
12341
12342
12343 void HOptimizedGraphBuilder::GenerateHasFastPackedElements(CallRuntime* call) {
12344 DCHECK(call->arguments()->length() == 1);
12345 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12346 HValue* object = Pop();
12347 HIfContinuation continuation(graph()->CreateBasicBlock(),
12348 graph()->CreateBasicBlock());
12349 IfBuilder if_not_smi(this);
12350 if_not_smi.IfNot<HIsSmiAndBranch>(object);
12351 if_not_smi.Then();
12352 {
12353 NoObservableSideEffectsScope no_effects(this);
12354
12355 IfBuilder if_fast_packed(this);
12356 HValue* elements_kind = BuildGetElementsKind(object);
12357 if_fast_packed.If<HCompareNumericAndBranch>(
12358 elements_kind, Add<HConstant>(FAST_SMI_ELEMENTS), Token::EQ);
12359 if_fast_packed.Or();
12360 if_fast_packed.If<HCompareNumericAndBranch>(
12361 elements_kind, Add<HConstant>(FAST_ELEMENTS), Token::EQ);
12362 if_fast_packed.Or();
12363 if_fast_packed.If<HCompareNumericAndBranch>(
12364 elements_kind, Add<HConstant>(FAST_DOUBLE_ELEMENTS), Token::EQ);
12365 if_fast_packed.JoinContinuation(&continuation);
12366 }
12367 if_not_smi.JoinContinuation(&continuation);
12368 return ast_context()->ReturnContinuation(&continuation, call->id());
12369 }
12370
12371
12372 // Support for construct call checks.
12373 void HOptimizedGraphBuilder::GenerateIsConstructCall(CallRuntime* call) {
12374 DCHECK(call->arguments()->length() == 0);
12375 if (function_state()->outer() != NULL) {
12376 // We are generating graph for inlined function.
12377 HValue* value = function_state()->inlining_kind() == CONSTRUCT_CALL_RETURN
12378 ? graph()->GetConstantTrue()
12379 : graph()->GetConstantFalse();
12380 return ast_context()->ReturnValue(value);
12381 } else {
12382 return ast_context()->ReturnControl(New<HIsConstructCallAndBranch>(),
12383 call->id());
12384 }
12385 }
12386
12387
12388 // Support for arguments.length and arguments[?].
12389 void HOptimizedGraphBuilder::GenerateArgumentsLength(CallRuntime* call) {
12390 DCHECK(call->arguments()->length() == 0);
12391 HInstruction* result = NULL;
12392 if (function_state()->outer() == NULL) {
12393 HInstruction* elements = Add<HArgumentsElements>(false);
12394 result = New<HArgumentsLength>(elements);
12395 } else {
12396 // Number of arguments without receiver.
12397 int argument_count = environment()->
12398 arguments_environment()->parameter_count() - 1;
12399 result = New<HConstant>(argument_count);
12400 }
12401 return ast_context()->ReturnInstruction(result, call->id());
12402 }
12403
12404
12405 void HOptimizedGraphBuilder::GenerateArguments(CallRuntime* call) {
12406 DCHECK(call->arguments()->length() == 1);
12407 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12408 HValue* index = Pop();
12409 HInstruction* result = NULL;
12410 if (function_state()->outer() == NULL) {
12411 HInstruction* elements = Add<HArgumentsElements>(false);
12412 HInstruction* length = Add<HArgumentsLength>(elements);
12413 HInstruction* checked_index = Add<HBoundsCheck>(index, length);
12414 result = New<HAccessArgumentsAt>(elements, length, checked_index);
12415 } else {
12416 EnsureArgumentsArePushedForAccess();
12417
12418 // Number of arguments without receiver.
12419 HInstruction* elements = function_state()->arguments_elements();
12420 int argument_count = environment()->
12421 arguments_environment()->parameter_count() - 1;
12422 HInstruction* length = Add<HConstant>(argument_count);
12423 HInstruction* checked_key = Add<HBoundsCheck>(index, length);
12424 result = New<HAccessArgumentsAt>(elements, length, checked_key);
12425 }
12426 return ast_context()->ReturnInstruction(result, call->id());
12427 }
12428
12429
12430 void HOptimizedGraphBuilder::GenerateValueOf(CallRuntime* call) {
12431 DCHECK(call->arguments()->length() == 1);
12432 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12433 HValue* object = Pop();
12434
12435 IfBuilder if_objectisvalue(this);
12436 HValue* objectisvalue = if_objectisvalue.If<HHasInstanceTypeAndBranch>(
12437 object, JS_VALUE_TYPE);
12438 if_objectisvalue.Then();
12439 {
12440 // Return the actual value.
12441 Push(Add<HLoadNamedField>(
12442 object, objectisvalue,
12443 HObjectAccess::ForObservableJSObjectOffset(
12444 JSValue::kValueOffset)));
12445 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12446 }
12447 if_objectisvalue.Else();
12448 {
12449 // If the object is not a value return the object.
12450 Push(object);
12451 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12452 }
12453 if_objectisvalue.End();
12454 return ast_context()->ReturnValue(Pop());
12455 }
12456
12457
12458 void HOptimizedGraphBuilder::GenerateJSValueGetValue(CallRuntime* call) {
12459 DCHECK(call->arguments()->length() == 1);
12460 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12461 HValue* value = Pop();
12462 HInstruction* result = Add<HLoadNamedField>(
12463 value, nullptr,
12464 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset));
12465 return ast_context()->ReturnInstruction(result, call->id());
12466 }
12467
12468
12469 void HOptimizedGraphBuilder::GenerateIsDate(CallRuntime* call) {
12470 DCHECK_EQ(1, call->arguments()->length());
12471 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12472 HValue* value = Pop();
12473 HHasInstanceTypeAndBranch* result =
12474 New<HHasInstanceTypeAndBranch>(value, JS_DATE_TYPE);
12475 return ast_context()->ReturnControl(result, call->id());
12476 }
12477
12478
12479 void HOptimizedGraphBuilder::GenerateThrowNotDateError(CallRuntime* call) {
12480 DCHECK_EQ(0, call->arguments()->length());
12481 Add<HDeoptimize>(Deoptimizer::kNotADateObject, Deoptimizer::EAGER);
12482 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12483 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12484 }
12485
12486
12487 void HOptimizedGraphBuilder::GenerateDateField(CallRuntime* call) {
12488 DCHECK(call->arguments()->length() == 2);
12489 DCHECK_NOT_NULL(call->arguments()->at(1)->AsLiteral());
12490 Smi* index = Smi::cast(*(call->arguments()->at(1)->AsLiteral()->value()));
12491 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12492 HValue* date = Pop();
12493 HDateField* result = New<HDateField>(date, index);
12494 return ast_context()->ReturnInstruction(result, call->id());
12495 }
12496
12497
12498 void HOptimizedGraphBuilder::GenerateOneByteSeqStringSetChar(
12499 CallRuntime* call) {
12500 DCHECK(call->arguments()->length() == 3);
12501 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12502 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12503 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12504 HValue* string = Pop();
12505 HValue* value = Pop();
12506 HValue* index = Pop();
12507 Add<HSeqStringSetChar>(String::ONE_BYTE_ENCODING, string,
12508 index, value);
12509 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12510 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12511 }
12512
12513
12514 void HOptimizedGraphBuilder::GenerateTwoByteSeqStringSetChar(
12515 CallRuntime* call) {
12516 DCHECK(call->arguments()->length() == 3);
12517 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12518 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12519 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12520 HValue* string = Pop();
12521 HValue* value = Pop();
12522 HValue* index = Pop();
12523 Add<HSeqStringSetChar>(String::TWO_BYTE_ENCODING, string,
12524 index, value);
12525 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12526 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12527 }
12528
12529
12530 void HOptimizedGraphBuilder::GenerateSetValueOf(CallRuntime* call) {
12531 DCHECK(call->arguments()->length() == 2);
12532 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12533 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12534 HValue* value = Pop();
12535 HValue* object = Pop();
12536
12537 // Check if object is a JSValue.
12538 IfBuilder if_objectisvalue(this);
12539 if_objectisvalue.If<HHasInstanceTypeAndBranch>(object, JS_VALUE_TYPE);
12540 if_objectisvalue.Then();
12541 {
12542 // Create in-object property store to kValueOffset.
12543 Add<HStoreNamedField>(object,
12544 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset),
12545 value);
12546 if (!ast_context()->IsEffect()) {
12547 Push(value);
12548 }
12549 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12550 }
12551 if_objectisvalue.Else();
12552 {
12553 // Nothing to do in this case.
12554 if (!ast_context()->IsEffect()) {
12555 Push(value);
12556 }
12557 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12558 }
12559 if_objectisvalue.End();
12560 if (!ast_context()->IsEffect()) {
12561 Drop(1);
12562 }
12563 return ast_context()->ReturnValue(value);
12564 }
12565
12566
12567 // Fast support for charCodeAt(n).
12568 void HOptimizedGraphBuilder::GenerateStringCharCodeAt(CallRuntime* call) {
12569 DCHECK(call->arguments()->length() == 2);
12570 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12571 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12572 HValue* index = Pop();
12573 HValue* string = Pop();
12574 HInstruction* result = BuildStringCharCodeAt(string, index);
12575 return ast_context()->ReturnInstruction(result, call->id());
12576 }
12577
12578
12579 // Fast support for string.charAt(n) and string[n].
12580 void HOptimizedGraphBuilder::GenerateStringCharFromCode(CallRuntime* call) {
12581 DCHECK(call->arguments()->length() == 1);
12582 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12583 HValue* char_code = Pop();
12584 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
12585 return ast_context()->ReturnInstruction(result, call->id());
12586 }
12587
12588
12589 // Fast support for string.charAt(n) and string[n].
12590 void HOptimizedGraphBuilder::GenerateStringCharAt(CallRuntime* call) {
12591 DCHECK(call->arguments()->length() == 2);
12592 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12593 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12594 HValue* index = Pop();
12595 HValue* string = Pop();
12596 HInstruction* char_code = BuildStringCharCodeAt(string, index);
12597 AddInstruction(char_code);
12598 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
12599 return ast_context()->ReturnInstruction(result, call->id());
12600 }
12601
12602
12603 // Fast support for object equality testing.
12604 void HOptimizedGraphBuilder::GenerateObjectEquals(CallRuntime* call) {
12605 DCHECK(call->arguments()->length() == 2);
12606 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12607 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12608 HValue* right = Pop();
12609 HValue* left = Pop();
12610 HCompareObjectEqAndBranch* result =
12611 New<HCompareObjectEqAndBranch>(left, right);
12612 return ast_context()->ReturnControl(result, call->id());
12613 }
12614
12615
12616 // Fast support for StringAdd.
12617 void HOptimizedGraphBuilder::GenerateStringAdd(CallRuntime* call) {
12618 DCHECK_EQ(2, call->arguments()->length());
12619 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12620 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12621 HValue* right = Pop();
12622 HValue* left = Pop();
12623 HInstruction* result = NewUncasted<HStringAdd>(left, right);
12624 return ast_context()->ReturnInstruction(result, call->id());
12625 }
12626
12627
12628 // Fast support for SubString.
12629 void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
12630 DCHECK_EQ(3, call->arguments()->length());
12631 CHECK_ALIVE(VisitExpressions(call->arguments()));
12632 PushArgumentsFromEnvironment(call->arguments()->length());
12633 HCallStub* result = New<HCallStub>(CodeStub::SubString, 3);
12634 return ast_context()->ReturnInstruction(result, call->id());
12635 }
12636
12637
12638 void HOptimizedGraphBuilder::GenerateStringGetLength(CallRuntime* call) {
12639 DCHECK(call->arguments()->length() == 1);
12640 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12641 HValue* string = Pop();
12642 HInstruction* result = BuildLoadStringLength(string);
12643 return ast_context()->ReturnInstruction(result, call->id());
12644 }
12645
12646
12647 // Support for direct calls from JavaScript to native RegExp code.
12648 void HOptimizedGraphBuilder::GenerateRegExpExec(CallRuntime* call) {
12649 DCHECK_EQ(4, call->arguments()->length());
12650 CHECK_ALIVE(VisitExpressions(call->arguments()));
12651 PushArgumentsFromEnvironment(call->arguments()->length());
12652 HCallStub* result = New<HCallStub>(CodeStub::RegExpExec, 4);
12653 return ast_context()->ReturnInstruction(result, call->id());
12654 }
12655
12656
12657 void HOptimizedGraphBuilder::GenerateDoubleLo(CallRuntime* call) {
12658 DCHECK_EQ(1, call->arguments()->length());
12659 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12660 HValue* value = Pop();
12661 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::LOW);
12662 return ast_context()->ReturnInstruction(result, call->id());
12663 }
12664
12665
12666 void HOptimizedGraphBuilder::GenerateDoubleHi(CallRuntime* call) {
12667 DCHECK_EQ(1, call->arguments()->length());
12668 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12669 HValue* value = Pop();
12670 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::HIGH);
12671 return ast_context()->ReturnInstruction(result, call->id());
12672 }
12673
12674
12675 void HOptimizedGraphBuilder::GenerateConstructDouble(CallRuntime* call) {
12676 DCHECK_EQ(2, call->arguments()->length());
12677 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12678 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12679 HValue* lo = Pop();
12680 HValue* hi = Pop();
12681 HInstruction* result = NewUncasted<HConstructDouble>(hi, lo);
12682 return ast_context()->ReturnInstruction(result, call->id());
12683 }
12684
12685
12686 // Construct a RegExp exec result with two in-object properties.
12687 void HOptimizedGraphBuilder::GenerateRegExpConstructResult(CallRuntime* call) {
12688 DCHECK_EQ(3, call->arguments()->length());
12689 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12690 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12691 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12692 HValue* input = Pop();
12693 HValue* index = Pop();
12694 HValue* length = Pop();
12695 HValue* result = BuildRegExpConstructResult(length, index, input);
12696 return ast_context()->ReturnValue(result);
12697 }
12698
12699
12700 // Fast support for number to string.
12701 void HOptimizedGraphBuilder::GenerateNumberToString(CallRuntime* call) {
12702 DCHECK_EQ(1, call->arguments()->length());
12703 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12704 HValue* number = Pop();
12705 HValue* result = BuildNumberToString(number, Type::Any(zone()));
12706 return ast_context()->ReturnValue(result);
12707 }
12708
12709
12710 // Fast support for calls.
12711 void HOptimizedGraphBuilder::GenerateCall(CallRuntime* call) {
12712 DCHECK_LE(2, call->arguments()->length());
12713 CHECK_ALIVE(VisitExpressions(call->arguments()));
12714 CallTrampolineDescriptor descriptor(isolate());
12715 PushArgumentsFromEnvironment(call->arguments()->length() - 1);
12716 HValue* trampoline = Add<HConstant>(isolate()->builtins()->Call());
12717 HValue* target = Pop();
12718 HValue* values[] = {context(), target,
12719 Add<HConstant>(call->arguments()->length() - 2)};
12720 HInstruction* result = New<HCallWithDescriptor>(
12721 trampoline, call->arguments()->length() - 1, descriptor,
12722 Vector<HValue*>(values, arraysize(values)));
12723 return ast_context()->ReturnInstruction(result, call->id());
12724 }
12725
12726
12727 // Fast call for custom callbacks.
12728 void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
12729 // 1 ~ The function to call is not itself an argument to the call.
12730 int arg_count = call->arguments()->length() - 1;
12731 DCHECK(arg_count >= 1); // There's always at least a receiver.
12732
12733 CHECK_ALIVE(VisitExpressions(call->arguments()));
12734 // The function is the last argument
12735 HValue* function = Pop();
12736 // Push the arguments to the stack
12737 PushArgumentsFromEnvironment(arg_count);
12738
12739 IfBuilder if_is_jsfunction(this);
12740 if_is_jsfunction.If<HHasInstanceTypeAndBranch>(function, JS_FUNCTION_TYPE);
12741
12742 if_is_jsfunction.Then();
12743 {
12744 HInstruction* invoke_result =
12745 Add<HInvokeFunction>(function, arg_count);
12746 if (!ast_context()->IsEffect()) {
12747 Push(invoke_result);
12748 }
12749 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12750 }
12751
12752 if_is_jsfunction.Else();
12753 {
12754 HInstruction* call_result =
12755 Add<HCallFunction>(function, arg_count);
12756 if (!ast_context()->IsEffect()) {
12757 Push(call_result);
12758 }
12759 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12760 }
12761 if_is_jsfunction.End();
12762
12763 if (ast_context()->IsEffect()) {
12764 // EffectContext::ReturnValue ignores the value, so we can just pass
12765 // 'undefined' (as we do not have the call result anymore).
12766 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12767 } else {
12768 return ast_context()->ReturnValue(Pop());
12769 }
12770 }
12771
12772
12773 // Fast call to math functions.
12774 void HOptimizedGraphBuilder::GenerateMathPow(CallRuntime* call) {
12775 DCHECK_EQ(2, call->arguments()->length());
12776 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12777 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12778 HValue* right = Pop();
12779 HValue* left = Pop();
12780 HInstruction* result = NewUncasted<HPower>(left, right);
12781 return ast_context()->ReturnInstruction(result, call->id());
12782 }
12783
12784
12785 void HOptimizedGraphBuilder::GenerateMathClz32(CallRuntime* call) {
12786 DCHECK(call->arguments()->length() == 1);
12787 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12788 HValue* value = Pop();
12789 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathClz32);
12790 return ast_context()->ReturnInstruction(result, call->id());
12791 }
12792
12793
12794 void HOptimizedGraphBuilder::GenerateMathFloor(CallRuntime* call) {
12795 DCHECK(call->arguments()->length() == 1);
12796 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12797 HValue* value = Pop();
12798 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathFloor);
12799 return ast_context()->ReturnInstruction(result, call->id());
12800 }
12801
12802
12803 void HOptimizedGraphBuilder::GenerateMathLogRT(CallRuntime* call) {
12804 DCHECK(call->arguments()->length() == 1);
12805 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12806 HValue* value = Pop();
12807 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathLog);
12808 return ast_context()->ReturnInstruction(result, call->id());
12809 }
12810
12811
12812 void HOptimizedGraphBuilder::GenerateMathSqrt(CallRuntime* call) {
12813 DCHECK(call->arguments()->length() == 1);
12814 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12815 HValue* value = Pop();
12816 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathSqrt);
12817 return ast_context()->ReturnInstruction(result, call->id());
12818 }
12819
12820
12821 void HOptimizedGraphBuilder::GenerateLikely(CallRuntime* call) {
12822 DCHECK(call->arguments()->length() == 1);
12823 Visit(call->arguments()->at(0));
12824 }
12825
12826
12827 void HOptimizedGraphBuilder::GenerateUnlikely(CallRuntime* call) {
12828 return GenerateLikely(call);
12829 }
12830
12831
12832 void HOptimizedGraphBuilder::GenerateHasInPrototypeChain(CallRuntime* call) {
12833 DCHECK_EQ(2, call->arguments()->length());
12834 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12835 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12836 HValue* prototype = Pop();
12837 HValue* object = Pop();
12838 HHasInPrototypeChainAndBranch* result =
12839 New<HHasInPrototypeChainAndBranch>(object, prototype);
12840 return ast_context()->ReturnControl(result, call->id());
12841 }
12842
12843
12844 void HOptimizedGraphBuilder::GenerateFixedArrayGet(CallRuntime* call) {
12845 DCHECK(call->arguments()->length() == 2);
12846 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12847 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12848 HValue* index = Pop();
12849 HValue* object = Pop();
12850 HInstruction* result = New<HLoadKeyed>(
12851 object, index, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE);
12852 return ast_context()->ReturnInstruction(result, call->id());
12853 }
12854
12855
12856 void HOptimizedGraphBuilder::GenerateFixedArraySet(CallRuntime* call) {
12857 DCHECK(call->arguments()->length() == 3);
12858 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12859 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12860 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12861 HValue* value = Pop();
12862 HValue* index = Pop();
12863 HValue* object = Pop();
12864 NoObservableSideEffectsScope no_effects(this);
12865 Add<HStoreKeyed>(object, index, value, FAST_HOLEY_ELEMENTS);
12866 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12867 }
12868
12869
12870 void HOptimizedGraphBuilder::GenerateTheHole(CallRuntime* call) {
12871 DCHECK(call->arguments()->length() == 0);
12872 return ast_context()->ReturnValue(graph()->GetConstantHole());
12873 }
12874
12875
12876 void HOptimizedGraphBuilder::GenerateCreateIterResultObject(CallRuntime* call) {
12877 DCHECK_EQ(2, call->arguments()->length());
12878 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12879 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12880 HValue* done = Pop();
12881 HValue* value = Pop();
12882 HValue* result = BuildCreateIterResultObject(value, done);
12883 return ast_context()->ReturnValue(result);
12884 }
12885
12886
12887 void HOptimizedGraphBuilder::GenerateJSCollectionGetTable(CallRuntime* call) {
12888 DCHECK(call->arguments()->length() == 1);
12889 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12890 HValue* receiver = Pop();
12891 HInstruction* result = New<HLoadNamedField>(
12892 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12893 return ast_context()->ReturnInstruction(result, call->id());
12894 }
12895
12896
12897 void HOptimizedGraphBuilder::GenerateStringGetRawHashField(CallRuntime* call) {
12898 DCHECK(call->arguments()->length() == 1);
12899 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12900 HValue* object = Pop();
12901 HInstruction* result = New<HLoadNamedField>(
12902 object, nullptr, HObjectAccess::ForStringHashField());
12903 return ast_context()->ReturnInstruction(result, call->id());
12904 }
12905
12906
12907 template <typename CollectionType>
12908 HValue* HOptimizedGraphBuilder::BuildAllocateOrderedHashTable() {
12909 static const int kCapacity = CollectionType::kMinCapacity;
12910 static const int kBucketCount = kCapacity / CollectionType::kLoadFactor;
12911 static const int kFixedArrayLength = CollectionType::kHashTableStartIndex +
12912 kBucketCount +
12913 (kCapacity * CollectionType::kEntrySize);
12914 static const int kSizeInBytes =
12915 FixedArray::kHeaderSize + (kFixedArrayLength * kPointerSize);
12916
12917 // Allocate the table and add the proper map.
12918 HValue* table =
12919 Add<HAllocate>(Add<HConstant>(kSizeInBytes), HType::HeapObject(),
12920 NOT_TENURED, FIXED_ARRAY_TYPE);
12921 AddStoreMapConstant(table, isolate()->factory()->ordered_hash_table_map());
12922
12923 // Initialize the FixedArray...
12924 HValue* length = Add<HConstant>(kFixedArrayLength);
12925 Add<HStoreNamedField>(table, HObjectAccess::ForFixedArrayLength(), length);
12926
12927 // ...and the OrderedHashTable fields.
12928 Add<HStoreNamedField>(
12929 table,
12930 HObjectAccess::ForOrderedHashTableNumberOfBuckets<CollectionType>(),
12931 Add<HConstant>(kBucketCount));
12932 Add<HStoreNamedField>(
12933 table,
12934 HObjectAccess::ForOrderedHashTableNumberOfElements<CollectionType>(),
12935 graph()->GetConstant0());
12936 Add<HStoreNamedField>(
12937 table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12938 CollectionType>(),
12939 graph()->GetConstant0());
12940
12941 // Fill the buckets with kNotFound.
12942 HValue* not_found = Add<HConstant>(CollectionType::kNotFound);
12943 for (int i = 0; i < kBucketCount; ++i) {
12944 Add<HStoreNamedField>(
12945 table, HObjectAccess::ForOrderedHashTableBucket<CollectionType>(i),
12946 not_found);
12947 }
12948
12949 // Fill the data table with undefined.
12950 HValue* undefined = graph()->GetConstantUndefined();
12951 for (int i = 0; i < (kCapacity * CollectionType::kEntrySize); ++i) {
12952 Add<HStoreNamedField>(table,
12953 HObjectAccess::ForOrderedHashTableDataTableIndex<
12954 CollectionType, kBucketCount>(i),
12955 undefined);
12956 }
12957
12958 return table;
12959 }
12960
12961
12962 void HOptimizedGraphBuilder::GenerateSetInitialize(CallRuntime* call) {
12963 DCHECK(call->arguments()->length() == 1);
12964 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12965 HValue* receiver = Pop();
12966
12967 NoObservableSideEffectsScope no_effects(this);
12968 HValue* table = BuildAllocateOrderedHashTable<OrderedHashSet>();
12969 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12970 return ast_context()->ReturnValue(receiver);
12971 }
12972
12973
12974 void HOptimizedGraphBuilder::GenerateMapInitialize(CallRuntime* call) {
12975 DCHECK(call->arguments()->length() == 1);
12976 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12977 HValue* receiver = Pop();
12978
12979 NoObservableSideEffectsScope no_effects(this);
12980 HValue* table = BuildAllocateOrderedHashTable<OrderedHashMap>();
12981 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12982 return ast_context()->ReturnValue(receiver);
12983 }
12984
12985
12986 template <typename CollectionType>
12987 void HOptimizedGraphBuilder::BuildOrderedHashTableClear(HValue* receiver) {
12988 HValue* old_table = Add<HLoadNamedField>(
12989 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12990 HValue* new_table = BuildAllocateOrderedHashTable<CollectionType>();
12991 Add<HStoreNamedField>(
12992 old_table, HObjectAccess::ForOrderedHashTableNextTable<CollectionType>(),
12993 new_table);
12994 Add<HStoreNamedField>(
12995 old_table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12996 CollectionType>(),
12997 Add<HConstant>(CollectionType::kClearedTableSentinel));
12998 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(),
12999 new_table);
13000 }
13001
13002
13003 void HOptimizedGraphBuilder::GenerateSetClear(CallRuntime* call) {
13004 DCHECK(call->arguments()->length() == 1);
13005 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
13006 HValue* receiver = Pop();
13007
13008 NoObservableSideEffectsScope no_effects(this);
13009 BuildOrderedHashTableClear<OrderedHashSet>(receiver);
13010 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
13011 }
13012
13013
13014 void HOptimizedGraphBuilder::GenerateMapClear(CallRuntime* call) {
13015 DCHECK(call->arguments()->length() == 1);
13016 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
13017 HValue* receiver = Pop();
13018
13019 NoObservableSideEffectsScope no_effects(this);
13020 BuildOrderedHashTableClear<OrderedHashMap>(receiver);
13021 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
13022 }
13023
13024
13025 void HOptimizedGraphBuilder::GenerateGetCachedArrayIndex(CallRuntime* call) {
13026 DCHECK(call->arguments()->length() == 1);
13027 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
13028 HValue* value = Pop();
13029 HGetCachedArrayIndex* result = New<HGetCachedArrayIndex>(value);
13030 return ast_context()->ReturnInstruction(result, call->id());
13031 }
13032
13033
13034 void HOptimizedGraphBuilder::GenerateFastOneByteArrayJoin(CallRuntime* call) {
13035 // Simply returning undefined here would be semantically correct and even
13036 // avoid the bailout. Nevertheless, some ancient benchmarks like SunSpider's
13037 // string-fasta would tank, because fullcode contains an optimized version.
13038 // Obviously the fullcode => Crankshaft => bailout => fullcode dance is
13039 // faster... *sigh*
13040 return Bailout(kInlinedRuntimeFunctionFastOneByteArrayJoin);
13041 }
13042
13043
13044 void HOptimizedGraphBuilder::GenerateDebugBreakInOptimizedCode(
13045 CallRuntime* call) {
13046 Add<HDebugBreak>();
13047 return ast_context()->ReturnValue(graph()->GetConstant0());
13048 }
13049
13050
13051 void HOptimizedGraphBuilder::GenerateDebugIsActive(CallRuntime* call) {
13052 DCHECK(call->arguments()->length() == 0);
13053 HValue* ref =
13054 Add<HConstant>(ExternalReference::debug_is_active_address(isolate()));
13055 HValue* value =
13056 Add<HLoadNamedField>(ref, nullptr, HObjectAccess::ForExternalUInteger8());
13057 return ast_context()->ReturnValue(value);
13058 }
13059
13060
13061 #undef CHECK_BAILOUT
13062 #undef CHECK_ALIVE
13063
13064
13065 HEnvironment::HEnvironment(HEnvironment* outer,
13066 Scope* scope,
13067 Handle<JSFunction> closure,
13068 Zone* zone)
13069 : closure_(closure),
13070 values_(0, zone),
13071 frame_type_(JS_FUNCTION),
13072 parameter_count_(0),
13073 specials_count_(1),
13074 local_count_(0),
13075 outer_(outer),
13076 entry_(NULL),
13077 pop_count_(0),
13078 push_count_(0),
13079 ast_id_(BailoutId::None()),
13080 zone_(zone) {
13081 Scope* declaration_scope = scope->DeclarationScope();
13082 Initialize(declaration_scope->num_parameters() + 1,
13083 declaration_scope->num_stack_slots(), 0);
13084 }
13085
13086
13087 HEnvironment::HEnvironment(Zone* zone, int parameter_count)
13088 : values_(0, zone),
13089 frame_type_(STUB),
13090 parameter_count_(parameter_count),
13091 specials_count_(1),
13092 local_count_(0),
13093 outer_(NULL),
13094 entry_(NULL),
13095 pop_count_(0),
13096 push_count_(0),
13097 ast_id_(BailoutId::None()),
13098 zone_(zone) {
13099 Initialize(parameter_count, 0, 0);
13100 }
13101
13102
13103 HEnvironment::HEnvironment(const HEnvironment* other, Zone* zone)
13104 : values_(0, zone),
13105 frame_type_(JS_FUNCTION),
13106 parameter_count_(0),
13107 specials_count_(0),
13108 local_count_(0),
13109 outer_(NULL),
13110 entry_(NULL),
13111 pop_count_(0),
13112 push_count_(0),
13113 ast_id_(other->ast_id()),
13114 zone_(zone) {
13115 Initialize(other);
13116 }
13117
13118
13119 HEnvironment::HEnvironment(HEnvironment* outer,
13120 Handle<JSFunction> closure,
13121 FrameType frame_type,
13122 int arguments,
13123 Zone* zone)
13124 : closure_(closure),
13125 values_(arguments, zone),
13126 frame_type_(frame_type),
13127 parameter_count_(arguments),
13128 specials_count_(0),
13129 local_count_(0),
13130 outer_(outer),
13131 entry_(NULL),
13132 pop_count_(0),
13133 push_count_(0),
13134 ast_id_(BailoutId::None()),
13135 zone_(zone) {
13136 }
13137
13138
13139 void HEnvironment::Initialize(int parameter_count,
13140 int local_count,
13141 int stack_height) {
13142 parameter_count_ = parameter_count;
13143 local_count_ = local_count;
13144
13145 // Avoid reallocating the temporaries' backing store on the first Push.
13146 int total = parameter_count + specials_count_ + local_count + stack_height;
13147 values_.Initialize(total + 4, zone());
13148 for (int i = 0; i < total; ++i) values_.Add(NULL, zone());
13149 }
13150
13151
13152 void HEnvironment::Initialize(const HEnvironment* other) {
13153 closure_ = other->closure();
13154 values_.AddAll(other->values_, zone());
13155 assigned_variables_.Union(other->assigned_variables_, zone());
13156 frame_type_ = other->frame_type_;
13157 parameter_count_ = other->parameter_count_;
13158 local_count_ = other->local_count_;
13159 if (other->outer_ != NULL) outer_ = other->outer_->Copy(); // Deep copy.
13160 entry_ = other->entry_;
13161 pop_count_ = other->pop_count_;
13162 push_count_ = other->push_count_;
13163 specials_count_ = other->specials_count_;
13164 ast_id_ = other->ast_id_;
13165 }
13166
13167
13168 void HEnvironment::AddIncomingEdge(HBasicBlock* block, HEnvironment* other) {
13169 DCHECK(!block->IsLoopHeader());
13170 DCHECK(values_.length() == other->values_.length());
13171
13172 int length = values_.length();
13173 for (int i = 0; i < length; ++i) {
13174 HValue* value = values_[i];
13175 if (value != NULL && value->IsPhi() && value->block() == block) {
13176 // There is already a phi for the i'th value.
13177 HPhi* phi = HPhi::cast(value);
13178 // Assert index is correct and that we haven't missed an incoming edge.
13179 DCHECK(phi->merged_index() == i || !phi->HasMergedIndex());
13180 DCHECK(phi->OperandCount() == block->predecessors()->length());
13181 phi->AddInput(other->values_[i]);
13182 } else if (values_[i] != other->values_[i]) {
13183 // There is a fresh value on the incoming edge, a phi is needed.
13184 DCHECK(values_[i] != NULL && other->values_[i] != NULL);
13185 HPhi* phi = block->AddNewPhi(i);
13186 HValue* old_value = values_[i];
13187 for (int j = 0; j < block->predecessors()->length(); j++) {
13188 phi->AddInput(old_value);
13189 }
13190 phi->AddInput(other->values_[i]);
13191 this->values_[i] = phi;
13192 }
13193 }
13194 }
13195
13196
13197 void HEnvironment::Bind(int index, HValue* value) {
13198 DCHECK(value != NULL);
13199 assigned_variables_.Add(index, zone());
13200 values_[index] = value;
13201 }
13202
13203
13204 bool HEnvironment::HasExpressionAt(int index) const {
13205 return index >= parameter_count_ + specials_count_ + local_count_;
13206 }
13207
13208
13209 bool HEnvironment::ExpressionStackIsEmpty() const {
13210 DCHECK(length() >= first_expression_index());
13211 return length() == first_expression_index();
13212 }
13213
13214
13215 void HEnvironment::SetExpressionStackAt(int index_from_top, HValue* value) {
13216 int count = index_from_top + 1;
13217 int index = values_.length() - count;
13218 DCHECK(HasExpressionAt(index));
13219 // The push count must include at least the element in question or else
13220 // the new value will not be included in this environment's history.
13221 if (push_count_ < count) {
13222 // This is the same effect as popping then re-pushing 'count' elements.
13223 pop_count_ += (count - push_count_);
13224 push_count_ = count;
13225 }
13226 values_[index] = value;
13227 }
13228
13229
13230 HValue* HEnvironment::RemoveExpressionStackAt(int index_from_top) {
13231 int count = index_from_top + 1;
13232 int index = values_.length() - count;
13233 DCHECK(HasExpressionAt(index));
13234 // Simulate popping 'count' elements and then
13235 // pushing 'count - 1' elements back.
13236 pop_count_ += Max(count - push_count_, 0);
13237 push_count_ = Max(push_count_ - count, 0) + (count - 1);
13238 return values_.Remove(index);
13239 }
13240
13241
13242 void HEnvironment::Drop(int count) {
13243 for (int i = 0; i < count; ++i) {
13244 Pop();
13245 }
13246 }
13247
13248
13249 void HEnvironment::Print() const {
13250 OFStream os(stdout);
13251 os << *this << "\n";
13252 }
13253
13254
13255 HEnvironment* HEnvironment::Copy() const {
13256 return new(zone()) HEnvironment(this, zone());
13257 }
13258
13259
13260 HEnvironment* HEnvironment::CopyWithoutHistory() const {
13261 HEnvironment* result = Copy();
13262 result->ClearHistory();
13263 return result;
13264 }
13265
13266
13267 HEnvironment* HEnvironment::CopyAsLoopHeader(HBasicBlock* loop_header) const {
13268 HEnvironment* new_env = Copy();
13269 for (int i = 0; i < values_.length(); ++i) {
13270 HPhi* phi = loop_header->AddNewPhi(i);
13271 phi->AddInput(values_[i]);
13272 new_env->values_[i] = phi;
13273 }
13274 new_env->ClearHistory();
13275 return new_env;
13276 }
13277
13278
13279 HEnvironment* HEnvironment::CreateStubEnvironment(HEnvironment* outer,
13280 Handle<JSFunction> target,
13281 FrameType frame_type,
13282 int arguments) const {
13283 HEnvironment* new_env =
13284 new(zone()) HEnvironment(outer, target, frame_type,
13285 arguments + 1, zone());
13286 for (int i = 0; i <= arguments; ++i) { // Include receiver.
13287 new_env->Push(ExpressionStackAt(arguments - i));
13288 }
13289 new_env->ClearHistory();
13290 return new_env;
13291 }
13292
13293
13294 HEnvironment* HEnvironment::CopyForInlining(
13295 Handle<JSFunction> target,
13296 int arguments,
13297 FunctionLiteral* function,
13298 HConstant* undefined,
13299 InliningKind inlining_kind) const {
13300 DCHECK(frame_type() == JS_FUNCTION);
13301
13302 // Outer environment is a copy of this one without the arguments.
13303 int arity = function->scope()->num_parameters();
13304
13305 HEnvironment* outer = Copy();
13306 outer->Drop(arguments + 1); // Including receiver.
13307 outer->ClearHistory();
13308
13309 if (inlining_kind == CONSTRUCT_CALL_RETURN) {
13310 // Create artificial constructor stub environment. The receiver should
13311 // actually be the constructor function, but we pass the newly allocated
13312 // object instead, DoComputeConstructStubFrame() relies on that.
13313 outer = CreateStubEnvironment(outer, target, JS_CONSTRUCT, arguments);
13314 } else if (inlining_kind == GETTER_CALL_RETURN) {
13315 // We need an additional StackFrame::INTERNAL frame for restoring the
13316 // correct context.
13317 outer = CreateStubEnvironment(outer, target, JS_GETTER, arguments);
13318 } else if (inlining_kind == SETTER_CALL_RETURN) {
13319 // We need an additional StackFrame::INTERNAL frame for temporarily saving
13320 // the argument of the setter, see StoreStubCompiler::CompileStoreViaSetter.
13321 outer = CreateStubEnvironment(outer, target, JS_SETTER, arguments);
13322 }
13323
13324 if (arity != arguments) {
13325 // Create artificial arguments adaptation environment.
13326 outer = CreateStubEnvironment(outer, target, ARGUMENTS_ADAPTOR, arguments);
13327 }
13328
13329 HEnvironment* inner =
13330 new(zone()) HEnvironment(outer, function->scope(), target, zone());
13331 // Get the argument values from the original environment.
13332 for (int i = 0; i <= arity; ++i) { // Include receiver.
13333 HValue* push = (i <= arguments) ?
13334 ExpressionStackAt(arguments - i) : undefined;
13335 inner->SetValueAt(i, push);
13336 }
13337 inner->SetValueAt(arity + 1, context());
13338 for (int i = arity + 2; i < inner->length(); ++i) {
13339 inner->SetValueAt(i, undefined);
13340 }
13341
13342 inner->set_ast_id(BailoutId::FunctionEntry());
13343 return inner;
13344 }
13345
13346
13347 std::ostream& operator<<(std::ostream& os, const HEnvironment& env) {
13348 for (int i = 0; i < env.length(); i++) {
13349 if (i == 0) os << "parameters\n";
13350 if (i == env.parameter_count()) os << "specials\n";
13351 if (i == env.parameter_count() + env.specials_count()) os << "locals\n";
13352 if (i == env.parameter_count() + env.specials_count() + env.local_count()) {
13353 os << "expressions\n";
13354 }
13355 HValue* val = env.values()->at(i);
13356 os << i << ": ";
13357 if (val != NULL) {
13358 os << val;
13359 } else {
13360 os << "NULL";
13361 }
13362 os << "\n";
13363 }
13364 return os << "\n";
13365 }
13366
13367
13368 void HTracer::TraceCompilation(CompilationInfo* info) {
13369 Tag tag(this, "compilation");
13370 base::SmartArrayPointer<char> name = info->GetDebugName();
13371 if (info->IsOptimizing()) {
13372 PrintStringProperty("name", name.get());
13373 PrintIndent();
13374 trace_.Add("method \"%s:%d\"\n", name.get(), info->optimization_id());
13375 } else {
13376 PrintStringProperty("name", name.get());
13377 PrintStringProperty("method", "stub");
13378 }
13379 PrintLongProperty("date",
13380 static_cast<int64_t>(base::OS::TimeCurrentMillis()));
13381 }
13382
13383
13384 void HTracer::TraceLithium(const char* name, LChunk* chunk) {
13385 DCHECK(!chunk->isolate()->concurrent_recompilation_enabled());
13386 AllowHandleDereference allow_deref;
13387 AllowDeferredHandleDereference allow_deferred_deref;
13388 Trace(name, chunk->graph(), chunk);
13389 }
13390
13391
13392 void HTracer::TraceHydrogen(const char* name, HGraph* graph) {
13393 DCHECK(!graph->isolate()->concurrent_recompilation_enabled());
13394 AllowHandleDereference allow_deref;
13395 AllowDeferredHandleDereference allow_deferred_deref;
13396 Trace(name, graph, NULL);
13397 }
13398
13399
13400 void HTracer::Trace(const char* name, HGraph* graph, LChunk* chunk) {
13401 Tag tag(this, "cfg");
13402 PrintStringProperty("name", name);
13403 const ZoneList<HBasicBlock*>* blocks = graph->blocks();
13404 for (int i = 0; i < blocks->length(); i++) {
13405 HBasicBlock* current = blocks->at(i);
13406 Tag block_tag(this, "block");
13407 PrintBlockProperty("name", current->block_id());
13408 PrintIntProperty("from_bci", -1);
13409 PrintIntProperty("to_bci", -1);
13410
13411 if (!current->predecessors()->is_empty()) {
13412 PrintIndent();
13413 trace_.Add("predecessors");
13414 for (int j = 0; j < current->predecessors()->length(); ++j) {
13415 trace_.Add(" \"B%d\"", current->predecessors()->at(j)->block_id());
13416 }
13417 trace_.Add("\n");
13418 } else {
13419 PrintEmptyProperty("predecessors");
13420 }
13421
13422 if (current->end()->SuccessorCount() == 0) {
13423 PrintEmptyProperty("successors");
13424 } else {
13425 PrintIndent();
13426 trace_.Add("successors");
13427 for (HSuccessorIterator it(current->end()); !it.Done(); it.Advance()) {
13428 trace_.Add(" \"B%d\"", it.Current()->block_id());
13429 }
13430 trace_.Add("\n");
13431 }
13432
13433 PrintEmptyProperty("xhandlers");
13434
13435 {
13436 PrintIndent();
13437 trace_.Add("flags");
13438 if (current->IsLoopSuccessorDominator()) {
13439 trace_.Add(" \"dom-loop-succ\"");
13440 }
13441 if (current->IsUnreachable()) {
13442 trace_.Add(" \"dead\"");
13443 }
13444 if (current->is_osr_entry()) {
13445 trace_.Add(" \"osr\"");
13446 }
13447 trace_.Add("\n");
13448 }
13449
13450 if (current->dominator() != NULL) {
13451 PrintBlockProperty("dominator", current->dominator()->block_id());
13452 }
13453
13454 PrintIntProperty("loop_depth", current->LoopNestingDepth());
13455
13456 if (chunk != NULL) {
13457 int first_index = current->first_instruction_index();
13458 int last_index = current->last_instruction_index();
13459 PrintIntProperty(
13460 "first_lir_id",
13461 LifetimePosition::FromInstructionIndex(first_index).Value());
13462 PrintIntProperty(
13463 "last_lir_id",
13464 LifetimePosition::FromInstructionIndex(last_index).Value());
13465 }
13466
13467 {
13468 Tag states_tag(this, "states");
13469 Tag locals_tag(this, "locals");
13470 int total = current->phis()->length();
13471 PrintIntProperty("size", current->phis()->length());
13472 PrintStringProperty("method", "None");
13473 for (int j = 0; j < total; ++j) {
13474 HPhi* phi = current->phis()->at(j);
13475 PrintIndent();
13476 std::ostringstream os;
13477 os << phi->merged_index() << " " << NameOf(phi) << " " << *phi << "\n";
13478 trace_.Add(os.str().c_str());
13479 }
13480 }
13481
13482 {
13483 Tag HIR_tag(this, "HIR");
13484 for (HInstructionIterator it(current); !it.Done(); it.Advance()) {
13485 HInstruction* instruction = it.Current();
13486 int uses = instruction->UseCount();
13487 PrintIndent();
13488 std::ostringstream os;
13489 os << "0 " << uses << " " << NameOf(instruction) << " " << *instruction;
13490 if (graph->info()->is_tracking_positions() &&
13491 instruction->has_position() && instruction->position().raw() != 0) {
13492 const SourcePosition pos = instruction->position();
13493 os << " pos:";
13494 if (pos.inlining_id() != 0) os << pos.inlining_id() << "_";
13495 os << pos.position();
13496 }
13497 os << " <|@\n";
13498 trace_.Add(os.str().c_str());
13499 }
13500 }
13501
13502
13503 if (chunk != NULL) {
13504 Tag LIR_tag(this, "LIR");
13505 int first_index = current->first_instruction_index();
13506 int last_index = current->last_instruction_index();
13507 if (first_index != -1 && last_index != -1) {
13508 const ZoneList<LInstruction*>* instructions = chunk->instructions();
13509 for (int i = first_index; i <= last_index; ++i) {
13510 LInstruction* linstr = instructions->at(i);
13511 if (linstr != NULL) {
13512 PrintIndent();
13513 trace_.Add("%d ",
13514 LifetimePosition::FromInstructionIndex(i).Value());
13515 linstr->PrintTo(&trace_);
13516 std::ostringstream os;
13517 os << " [hir:" << NameOf(linstr->hydrogen_value()) << "] <|@\n";
13518 trace_.Add(os.str().c_str());
13519 }
13520 }
13521 }
13522 }
13523 }
13524 }
13525
13526
13527 void HTracer::TraceLiveRanges(const char* name, LAllocator* allocator) {
13528 Tag tag(this, "intervals");
13529 PrintStringProperty("name", name);
13530
13531 const Vector<LiveRange*>* fixed_d = allocator->fixed_double_live_ranges();
13532 for (int i = 0; i < fixed_d->length(); ++i) {
13533 TraceLiveRange(fixed_d->at(i), "fixed", allocator->zone());
13534 }
13535
13536 const Vector<LiveRange*>* fixed = allocator->fixed_live_ranges();
13537 for (int i = 0; i < fixed->length(); ++i) {
13538 TraceLiveRange(fixed->at(i), "fixed", allocator->zone());
13539 }
13540
13541 const ZoneList<LiveRange*>* live_ranges = allocator->live_ranges();
13542 for (int i = 0; i < live_ranges->length(); ++i) {
13543 TraceLiveRange(live_ranges->at(i), "object", allocator->zone());
13544 }
13545 }
13546
13547
13548 void HTracer::TraceLiveRange(LiveRange* range, const char* type,
13549 Zone* zone) {
13550 if (range != NULL && !range->IsEmpty()) {
13551 PrintIndent();
13552 trace_.Add("%d %s", range->id(), type);
13553 if (range->HasRegisterAssigned()) {
13554 LOperand* op = range->CreateAssignedOperand(zone);
13555 int assigned_reg = op->index();
13556 if (op->IsDoubleRegister()) {
13557 trace_.Add(" \"%s\"",
13558 DoubleRegister::from_code(assigned_reg).ToString());
13559 } else {
13560 DCHECK(op->IsRegister());
13561 trace_.Add(" \"%s\"", Register::from_code(assigned_reg).ToString());
13562 }
13563 } else if (range->IsSpilled()) {
13564 LOperand* op = range->TopLevel()->GetSpillOperand();
13565 if (op->IsDoubleStackSlot()) {
13566 trace_.Add(" \"double_stack:%d\"", op->index());
13567 } else {
13568 DCHECK(op->IsStackSlot());
13569 trace_.Add(" \"stack:%d\"", op->index());
13570 }
13571 }
13572 int parent_index = -1;
13573 if (range->IsChild()) {
13574 parent_index = range->parent()->id();
13575 } else {
13576 parent_index = range->id();
13577 }
13578 LOperand* op = range->FirstHint();
13579 int hint_index = -1;
13580 if (op != NULL && op->IsUnallocated()) {
13581 hint_index = LUnallocated::cast(op)->virtual_register();
13582 }
13583 trace_.Add(" %d %d", parent_index, hint_index);
13584 UseInterval* cur_interval = range->first_interval();
13585 while (cur_interval != NULL && range->Covers(cur_interval->start())) {
13586 trace_.Add(" [%d, %d[",
13587 cur_interval->start().Value(),
13588 cur_interval->end().Value());
13589 cur_interval = cur_interval->next();
13590 }
13591
13592 UsePosition* current_pos = range->first_pos();
13593 while (current_pos != NULL) {
13594 if (current_pos->RegisterIsBeneficial() || FLAG_trace_all_uses) {
13595 trace_.Add(" %d M", current_pos->pos().Value());
13596 }
13597 current_pos = current_pos->next();
13598 }
13599
13600 trace_.Add(" \"\"\n");
13601 }
13602 }
13603
13604
13605 void HTracer::FlushToFile() {
13606 AppendChars(filename_.start(), trace_.ToCString().get(), trace_.length(),
13607 false);
13608 trace_.Reset();
13609 }
13610
13611
13612 void HStatistics::Initialize(CompilationInfo* info) {
13613 if (!info->has_shared_info()) return;
13614 source_size_ += info->shared_info()->SourceSize();
13615 }
13616
13617
13618 void HStatistics::Print() {
13619 PrintF(
13620 "\n"
13621 "----------------------------------------"
13622 "----------------------------------------\n"
13623 "--- Hydrogen timing results:\n"
13624 "----------------------------------------"
13625 "----------------------------------------\n");
13626 base::TimeDelta sum;
13627 for (int i = 0; i < times_.length(); ++i) {
13628 sum += times_[i];
13629 }
13630
13631 for (int i = 0; i < names_.length(); ++i) {
13632 PrintF("%33s", names_[i]);
13633 double ms = times_[i].InMillisecondsF();
13634 double percent = times_[i].PercentOf(sum);
13635 PrintF(" %8.3f ms / %4.1f %% ", ms, percent);
13636
13637 size_t size = sizes_[i];
13638 double size_percent = static_cast<double>(size) * 100 / total_size_;
13639 PrintF(" %9zu bytes / %4.1f %%\n", size, size_percent);
13640 }
13641
13642 PrintF(
13643 "----------------------------------------"
13644 "----------------------------------------\n");
13645 base::TimeDelta total = create_graph_ + optimize_graph_ + generate_code_;
13646 PrintF("%33s %8.3f ms / %4.1f %% \n", "Create graph",
13647 create_graph_.InMillisecondsF(), create_graph_.PercentOf(total));
13648 PrintF("%33s %8.3f ms / %4.1f %% \n", "Optimize graph",
13649 optimize_graph_.InMillisecondsF(), optimize_graph_.PercentOf(total));
13650 PrintF("%33s %8.3f ms / %4.1f %% \n", "Generate and install code",
13651 generate_code_.InMillisecondsF(), generate_code_.PercentOf(total));
13652 PrintF(
13653 "----------------------------------------"
13654 "----------------------------------------\n");
13655 PrintF("%33s %8.3f ms %9zu bytes\n", "Total",
13656 total.InMillisecondsF(), total_size_);
13657 PrintF("%33s (%.1f times slower than full code gen)\n", "",
13658 total.TimesOf(full_code_gen_));
13659
13660 double source_size_in_kb = static_cast<double>(source_size_) / 1024;
13661 double normalized_time = source_size_in_kb > 0
13662 ? total.InMillisecondsF() / source_size_in_kb
13663 : 0;
13664 double normalized_size_in_kb =
13665 source_size_in_kb > 0
13666 ? static_cast<double>(total_size_) / 1024 / source_size_in_kb
13667 : 0;
13668 PrintF("%33s %8.3f ms %7.3f kB allocated\n",
13669 "Average per kB source", normalized_time, normalized_size_in_kb);
13670 }
13671
13672
13673 void HStatistics::SaveTiming(const char* name, base::TimeDelta time,
13674 size_t size) {
13675 total_size_ += size;
13676 for (int i = 0; i < names_.length(); ++i) {
13677 if (strcmp(names_[i], name) == 0) {
13678 times_[i] += time;
13679 sizes_[i] += size;
13680 return;
13681 }
13682 }
13683 names_.Add(name);
13684 times_.Add(time);
13685 sizes_.Add(size);
13686 }
13687
13688
13689 HPhase::~HPhase() {
13690 if (ShouldProduceTraceOutput()) {
13691 isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
13692 }
13693
13694 #ifdef DEBUG
13695 graph_->Verify(false); // No full verify.
13696 #endif
13697 }
13698
13699 } // namespace internal
13700 } // namespace v8
OLDNEW
« no previous file with comments | « src/hydrogen.h ('k') | src/hydrogen-alias-analysis.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698