[turbofan] Fix receiver binding for inlined callees.

src/compiler/ast-graph-builder.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/ast-graph-builder.h"
 
 #include "src/compiler.h"
 #include "src/compiler/ast-loop-assignment-analyzer.h"
 #include "src/compiler/control-builders.h"
 #include "src/compiler/linkage.h"
@@ skipping 2294 matching lines @@
 }
 
 
 void AstGraphBuilder::VisitCall(Call* expr) {
   Expression* callee = expr->expression();
   Call::CallType call_type = expr->GetCallType(isolate());
 
   // Prepare the callee and the receiver to the function call. This depends on
   // the semantics of the underlying call type.
   CallFunctionFlags flags = NO_CALL_FUNCTION_FLAGS;
-  Node* receiver_value = NULL;
-  Node* callee_value = NULL;
+  ConvertReceiverMode receiver_hint = ConvertReceiverMode::kAny;
+  Node* receiver_value = nullptr;
+  Node* callee_value = nullptr;
   bool possibly_eval = false;
   switch (call_type) {
     case Call::GLOBAL_CALL: {
       VariableProxy* proxy = callee->AsVariableProxy();
       VectorSlotPair pair = CreateVectorSlotPair(proxy->VariableFeedbackSlot());
       FrameStateBeforeAndAfter states(this, BeforeId(proxy));
       callee_value =
           BuildVariableLoad(proxy->var(), expr->expression()->id(), states,
                             pair, OutputFrameStateCombine::Push());
+      receiver_hint = ConvertReceiverMode::kNullOrUndefined;
       receiver_value = jsgraph()->UndefinedConstant();
       break;
     }
     case Call::LOOKUP_SLOT_CALL: {
       Variable* variable = callee->AsVariableProxy()->var();
       DCHECK(variable->location() == VariableLocation::LOOKUP);
       Node* name = jsgraph()->Constant(variable->name());
       const Operator* op =
           javascript()->CallRuntime(Runtime::kLoadLookupSlot, 2);
       Node* pair = NewNode(op, current_context(), name);
@@ skipping 19 matching lines @@
           states.AddToNode(callee_value, property->LoadId(),
                            OutputFrameStateCombine::Push());
         } else {
           VisitForValue(property->key());
           FrameStateBeforeAndAfter states(this, property->key()->id());
           Node* key = environment()->Pop();
           callee_value = BuildKeyedLoad(object, key, pair);
           states.AddToNode(callee_value, property->LoadId(),
                            OutputFrameStateCombine::Push());
         }
+        // Note that a PROPERTY_CALL requires the receiver to be wrapped into an
+        // object for sloppy callees. However the receiver is guaranteed not to
+        // be null or undefined at this point.
+        receiver_hint = ConvertReceiverMode::kNotNullOrUndefined;
         receiver_value = environment()->Pop();
-        // Note that a PROPERTY_CALL requires the receiver to be wrapped into an
-        // object for sloppy callees. This could also be modeled explicitly
-        // here,
-        // thereby obsoleting the need for a flag to the call operator.
         flags = CALL_AS_METHOD;
 
       } else {
+        // TODO(mstarzinger): Cleanup this special handling for super access,
+        // the stack layout seems to be completely out of sync here, fix this!
         VisitForValue(property->obj()->AsSuperPropertyReference()->this_var());
         VisitForValue(
             property->obj()->AsSuperPropertyReference()->home_object());
         Node* home_object = environment()->Pop();
         receiver_value = environment()->Pop();
         if (property->key()->IsPropertyName()) {
           FrameStateBeforeAndAfter states(this, property->obj()->id());
           Handle<Name> name = property->key()->AsLiteral()->AsPropertyName();
           callee_value =
               BuildNamedSuperLoad(receiver_value, home_object, name, pair);
@@ skipping 26 matching lines @@
         callee_value = NewNode(common()->Projection(0), pair);
         receiver_value = NewNode(common()->Projection(1), pair);
         PrepareFrameState(pair, expr->LookupId(),
                           OutputFrameStateCombine::Push(2));
         break;
       }
     // Fall through.
     case Call::OTHER_CALL:
       VisitForValue(callee);
       callee_value = environment()->Pop();
+      receiver_hint = ConvertReceiverMode::kNullOrUndefined;
       receiver_value = jsgraph()->UndefinedConstant();
       break;
   }
 
   // The callee and the receiver both have to be pushed onto the operand stack
   // before arguments are being evaluated.
   environment()->Push(callee_value);
   environment()->Push(receiver_value);
 
   // Evaluate all arguments to the function call,
   ZoneList<Expression*>* args = expr->arguments();
   VisitForValues(args);
 
   // Resolve callee and receiver for a potential direct eval call. This block
   // will mutate the callee and receiver values pushed onto the environment.
   if (possibly_eval && args->length() > 0) {
     int arg_count = args->length();
 
     // Extract callee and source string from the environment.
     Node* callee = environment()->Peek(arg_count + 1);
     Node* source = environment()->Peek(arg_count - 1);
 
     // Create node to ask for help resolving potential eval call. This will
-    // provide a fully resolved callee and the corresponding receiver.
+    // provide a fully resolved callee to patch into the environment.
     Node* function = GetFunctionClosure();
     Node* language = jsgraph()->Constant(language_mode());
     Node* position = jsgraph()->Constant(current_scope()->start_position());
     const Operator* op =
         javascript()->CallRuntime(Runtime::kResolvePossiblyDirectEval, 5);
     Node* new_callee =
         NewNode(op, callee, source, function, language, position);
     PrepareFrameState(new_callee, expr->EvalId(),
                       OutputFrameStateCombine::PokeAt(arg_count + 1));
 
     // Patch callee on the environment.
     environment()->Poke(arg_count + 1, new_callee);
   }
 
   // Create node to perform the function call.
   VectorSlotPair feedback = CreateVectorSlotPair(expr->CallFeedbackICSlot());
-  const Operator* call = javascript()->CallFunction(args->length() + 2, flags,
-                                                    language_mode(), feedback);
+  const Operator* call = javascript()->CallFunction(
+      args->length() + 2, flags, language_mode(), feedback, receiver_hint);
   Node* value = ProcessArguments(call, args->length() + 2);
   environment()->Push(callee_value);
   PrepareFrameState(value, expr->ReturnId(), OutputFrameStateCombine::Push());
   environment()->Drop(1);
   ast_context()->ProduceValue(value);
 }
 
 
 void AstGraphBuilder::VisitCallSuper(Call* expr) {
   SuperCallReference* super = expr->expression()->AsSuperCallReference();
@@ skipping 1751 matching lines @@
     // Phi does not exist yet, introduce one.
     value = NewPhi(inputs, value, control);
     value->ReplaceInput(inputs - 1, other);
   }
   return value;
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8