Introduce HObjectAccess, which is used by LoadNamedField and StoreNamedField to denote what parts

src/hydrogen.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 1173 matching lines @@
 
   environment()->Push(elements);
   capacity_checker.End();
 
   if (is_js_array) {
     HValue* new_length = AddInstruction(
         HAdd::New(zone, context, length, graph_->GetConstant1()));
     new_length->ChangeRepresentation(Representation::Integer32());
     new_length->ClearFlag(HValue::kCanOverflow);
 
-    Factory* factory = isolate()->factory();
-    Representation representation = IsFastElementsKind(kind)
-        ? Representation::Smi() : Representation::Tagged();
-    HInstruction* length_store = AddInstruction(new(zone) HStoreNamedField(
-        object,
-        factory->length_field_string(),
-        new_length, true,
-        representation,
-        JSArray::kLengthOffset));
-    length_store->SetGVNFlag(kChangesArrayLengths);
+    AddStore(object, AccessArrayLength(), new_length, IsFastElementsKind(kind)
+        ? Representation::Smi() : Representation::Tagged());
   }
 
   length_checker.Else();
 
   AddBoundsCheck(key, length, ALLOW_SMI_KEY);
   environment()->Push(elements);
 
   length_checker.End();
 
   return environment()->Pop();
@@ skipping 61 matching lines @@
       AddInstruction(new(zone) HLoadElements(object, mapcheck));
   if (is_store && (fast_elements || fast_smi_only_elements) &&
       store_mode != STORE_NO_TRANSITION_HANDLE_COW) {
     HCheckMaps* check_cow_map = HCheckMaps::New(
         elements, isolate()->factory()->fixed_array_map(), zone);
     check_cow_map->ClearGVNFlag(kDependsOnElementsKind);
     AddInstruction(check_cow_map);
   }
   HInstruction* length = NULL;
   if (is_js_array) {
-    length = AddInstruction(
-        HLoadNamedField::NewArrayLength(zone, object, mapcheck, HType::Smi()));
+    length = AddLoad(object, AccessArrayLength(), mapcheck);
+    length->set_type(HType::Smi());
   } else {
     length = AddInstruction(new(zone) HFixedArrayBaseLength(elements));
   }
   HValue* checked_key = NULL;
   if (IsExternalArrayElementsKind(elements_kind)) {
     if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
       NoObservableSideEffectsScope no_effects(this);
       HLoadExternalArrayPointer* external_elements =
           new(zone) HLoadExternalArrayPointer(elements);
       AddInstruction(external_elements);
@@ skipping 105 matching lines @@
   HValue* elements =
       AddInstruction(new(zone) HAllocate(context, total_size,
                                          HType::JSArray(), flags));
   return elements;
 }
 
 
 void HGraphBuilder::BuildInitializeElements(HValue* elements,
                                             ElementsKind kind,
                                             HValue* capacity) {
-  Zone* zone = this->zone();
   Factory* factory = isolate()->factory();
   Handle<Map> map = IsFastDoubleElementsKind(kind)
       ? factory->fixed_double_array_map()
       : factory->fixed_array_map();
-  BuildStoreMap(elements, map);
 
-  Handle<String> fixed_array_length_field_name = factory->length_field_string();
-  Representation representation = IsFastElementsKind(kind)
-      ? Representation::Smi() : Representation::Tagged();
-  HInstruction* store_length =
-      new(zone) HStoreNamedField(elements, fixed_array_length_field_name,
-                                 capacity, true, representation,
-                                 FixedArray::kLengthOffset);
-  AddInstruction(store_length);
+  AddStoreMapConstant(elements, map);
+  AddStore(elements, AccessFixedArrayLength(), capacity,
+      IsFastElementsKind(kind)
+      ? Representation::Smi() : Representation::Tagged());
 }
 
 
 HValue* HGraphBuilder::BuildAllocateAndInitializeElements(HValue* context,
                                                           ElementsKind kind,
                                                           HValue* capacity) {
   HValue* new_elements = BuildAllocateElements(context, kind, capacity);
   BuildInitializeElements(new_elements, kind, capacity);
   return new_elements;
 }
 
 
 HInnerAllocatedObject* HGraphBuilder::BuildJSArrayHeader(HValue* array,
     HValue* array_map,
     AllocationSiteMode mode,
     HValue* allocation_site_payload,
     HValue* length_field) {
 
-  BuildStoreMap(array, array_map);
+  AddStore(array, AccessMap(), array_map);
 
   HConstant* empty_fixed_array =
       new(zone()) HConstant(
           Handle<FixedArray>(isolate()->heap()->empty_fixed_array()),
           Representation::Tagged());
   AddInstruction(empty_fixed_array);
 
-  AddInstruction(new(zone()) HStoreNamedField(array,
+  HObjectAccess *access = AccessInobject(
       isolate()->factory()->properties_field_symbol(),
-      empty_fixed_array,
-      true,
-      Representation::Tagged(),
-      JSArray::kPropertiesOffset));
-
-  HInstruction* length_store = AddInstruction(
-      new(zone()) HStoreNamedField(array,
-                                   isolate()->factory()->length_field_string(),
-                                   length_field,
-                                   true,
-                                   Representation::Tagged(),
-                                   JSArray::kLengthOffset));
-  length_store->SetGVNFlag(kChangesArrayLengths);
+      JSArray::kPropertiesOffset);
+  AddStore(array, access, empty_fixed_array);
+  AddStore(array, AccessArrayLength(), length_field);
 
   if (mode == TRACK_ALLOCATION_SITE) {
     BuildCreateAllocationSiteInfo(array,
                                   JSArray::kSize,
                                   allocation_site_payload);
   }
 
   int elements_location = JSArray::kSize;
   if (mode == TRACK_ALLOCATION_SITE) {
     elements_location += AllocationSiteInfo::kSize;
   }
 
   HInnerAllocatedObject* elements = new(zone()) HInnerAllocatedObject(
-      array,
-      elements_location);
+      array, elements_location);
   AddInstruction(elements);
 
-  HInstruction* elements_store = AddInstruction(
-      new(zone()) HStoreNamedField(
-          array,
-          isolate()->factory()->elements_field_string(),
-          elements,
-          true,
-          Representation::Tagged(),
-          JSArray::kElementsOffset));
-  elements_store->SetGVNFlag(kChangesElementsPointer);
-
+  AddStore(array, AccessElements(), elements);
   return elements;
 }
 
 
-HInstruction* HGraphBuilder::BuildStoreMap(HValue* object,
-                                           HValue* map) {
-  Zone* zone = this->zone();
-  Factory* factory = isolate()->factory();
-  Handle<String> map_field_name = factory->map_field_string();
-  HInstruction* store_map =
-      new(zone) HStoreNamedField(object, map_field_name, map,
-                                 true, Representation::Tagged(),
-                                 JSObject::kMapOffset);
-  store_map->ClearGVNFlag(kChangesInobjectFields);
-  store_map->SetGVNFlag(kChangesMaps);
-  AddInstruction(store_map);
-  return store_map;
-}
-
-
-HInstruction* HGraphBuilder::BuildStoreMap(HValue* object,
-                                           Handle<Map> map) {
-  Zone* zone = this->zone();
-  HValue* map_constant =
-      AddInstruction(new(zone) HConstant(map, Representation::Tagged()));
-  return BuildStoreMap(object, map_constant);
-}
-
-
 HValue* HGraphBuilder::BuildNewElementsCapacity(HValue* context,
                                                 HValue* old_capacity) {
   Zone* zone = this->zone();
   HValue* half_old_capacity =
       AddInstruction(HShr::New(zone, context, old_capacity,
                                graph_->GetConstant1()));
   half_old_capacity->ChangeRepresentation(Representation::Integer32());
   half_old_capacity->ClearFlag(HValue::kCanOverflow);
 
   HValue* new_capacity = AddInstruction(
@@ skipping 29 matching lines @@
                  HBoundsCheck(length, max_size_constant,
                               DONT_ALLOW_SMI_KEY, Representation::Integer32()));
 }
 
 
 HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
                                                  HValue* elements,
                                                  ElementsKind kind,
                                                  HValue* length,
                                                  HValue* new_capacity) {
-  Zone* zone = this->zone();
   HValue* context = environment()->LookupContext();
 
   BuildNewSpaceArrayCheck(new_capacity, kind);
 
   HValue* new_elements =
       BuildAllocateAndInitializeElements(context, kind, new_capacity);
 
   BuildCopyElements(context, elements, kind,
                     new_elements, kind,
                     length, new_capacity);
 
-  Factory* factory = isolate()->factory();
-  HInstruction* elements_store = AddInstruction(new(zone) HStoreNamedField(
-      object,
-      factory->elements_field_string(),
-      new_elements, true, Representation::Tagged(),
-      JSArray::kElementsOffset));
-  elements_store->SetGVNFlag(kChangesElementsPointer);
+  AddStore(object, AccessElements(), new_elements);
 
   return new_elements;
 }
 
 
 void HGraphBuilder::BuildFillElementsWithHole(HValue* context,
                                               HValue* elements,
                                               ElementsKind elements_kind,
                                               HValue* from,
                                               HValue* to) {
@@ skipping 114 matching lines @@
       AddInstruction(new(zone) HConstant(size, Representation::Integer32()));
   HInstruction* object =
       AddInstruction(new(zone) HAllocate(context,
                                          size_in_bytes,
                                          HType::JSObject(),
                                          allocate_flags));
 
   // Copy the JS array part.
   for (int i = 0; i < JSArray::kSize; i += kPointerSize) {
     if ((i != JSArray::kElementsOffset) || (length == 0)) {
-      HInstruction* value = AddInstruction(new(zone) HLoadNamedField(
-          boilerplate, true, Representation::Tagged(), i));
-      if (i != JSArray::kMapOffset) {
-        AddInstruction(new(zone) HStoreNamedField(object,
-                                                  factory->empty_string(),
-                                                  value, true,
-                                                  Representation::Tagged(), i));
-      } else {
-        BuildStoreMap(object, value);
-      }
+      HObjectAccess* access = AccessArrayHeader(i);
+      HInstruction* value = AddLoad(boilerplate, access);
+      AddStore(object, access, value);
     }
   }
 
   // Create an allocation site info if requested.
   if (mode == TRACK_ALLOCATION_SITE) {
     BuildCreateAllocationSiteInfo(object, JSArray::kSize, boilerplate);
   }
 
   if (length > 0) {
     // Get hold of the elements array of the boilerplate and setup the
     // elements pointer in the resulting object.
     HValue* boilerplate_elements =
         AddInstruction(new(zone) HLoadElements(boilerplate, NULL));
     HValue* object_elements =
         AddInstruction(new(zone) HInnerAllocatedObject(object, elems_offset));
-    AddInstruction(new(zone) HStoreNamedField(object,
-                                              factory->elements_field_string(),
-                                              object_elements, true,
-                                              Representation::Tagged(),
-                                              JSObject::kElementsOffset));
+    AddStore(object, AccessElements(), object_elements);
 
     // Copy the elements array header.
     for (int i = 0; i < FixedArrayBase::kHeaderSize; i += kPointerSize) {
-      HInstruction* value =
-          AddInstruction(new(zone) HLoadNamedField(
-              boilerplate_elements, true, Representation::Tagged(), i));
-      AddInstruction(new(zone) HStoreNamedField(object_elements,
-                                                factory->empty_string(),
-                                                value, true,
-                                                Representation::Tagged(), i));
+      // TODO(titzer): AccessFixedArray?
+      HObjectAccess* access = AccessInobject(factory->empty_string(), i);
+      HInstruction* value = AddLoad(boilerplate_elements, access);
+      AddStore(object_elements, access, value);
     }
 
     // Copy the elements array contents.
     // TODO(mstarzinger): Teach HGraphBuilder::BuildCopyElements to unfold
     // copying loops with constant length up to a given boundary and use this
     // helper here instead.
     for (int i = 0; i < length; i++) {
       HValue* key_constant =
           AddInstruction(new(zone) HConstant(i, Representation::Integer32()));
       HInstruction* value =
@@ skipping 59 matching lines @@
 }
 
 
 HValue* HGraphBuilder::BuildCreateAllocationSiteInfo(HValue* previous_object,
                                                      int previous_object_size,
                                                      HValue* payload) {
   HInnerAllocatedObject* alloc_site = new(zone())
         HInnerAllocatedObject(previous_object, previous_object_size);
   AddInstruction(alloc_site);
   Handle<Map> alloc_site_map(isolate()->heap()->allocation_site_info_map());
-  BuildStoreMap(alloc_site, alloc_site_map);
-  AddInstruction(new(zone()) HStoreNamedField(alloc_site,
+  AddStoreMapConstant(alloc_site, alloc_site_map);
+  HObjectAccess* access = AccessInobject(
       isolate()->factory()->payload_string(),
-      payload,
-      true,
-      Representation::Tagged(),
-      AllocationSiteInfo::kPayloadOffset));
+      AllocationSiteInfo::kPayloadOffset);
+  AddStore(alloc_site, access, payload);
   return alloc_site;
 }
 
 
 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
                                               ElementsKind kind,
                                               HValue* allocation_site_payload,
                                               AllocationSiteMode mode) :
         builder_(builder),
         kind_(kind),
         allocation_site_payload_(allocation_site_payload) {
   if (mode == DONT_TRACK_ALLOCATION_SITE) {
     mode_ = mode;
   } else {
     mode_ = AllocationSiteInfo::GetMode(kind);
   }
 }
 
 
 HValue* HGraphBuilder::JSArrayBuilder::EmitMapCode(HValue* context) {
   // Get the global context, the native context, the map array
   HInstruction* global_object = AddInstruction(new(zone())
       HGlobalObject(context));
-  HInstruction* native_context = AddInstruction(new(zone())
-      HLoadNamedField(global_object, true, Representation::Tagged(),
-                      GlobalObject::kNativeContextOffset));
+  Handle<String> unknown =
+      builder()->isolate()->factory()->unknown_field_string();
+  HObjectAccess* access = builder()->AccessInobject(unknown,
+      GlobalObject::kNativeContextOffset);
+  HInstruction* native_context = builder()->AddLoad(global_object, access);
+
   int offset = Context::kHeaderSize +
       kPointerSize * Context::JS_ARRAY_MAPS_INDEX;
-  HInstruction* map_array = AddInstruction(new(zone())
-      HLoadNamedField(native_context, true, Representation::Tagged(), offset));
+  access = builder()->AccessInobject(unknown, offset);
+  HInstruction* map_array = builder()->AddLoad(native_context, access);
+
   offset = kind_ * kPointerSize + FixedArrayBase::kHeaderSize;
-  return AddInstruction(new(zone()) HLoadNamedField(
-      map_array, true, Representation::Tagged(), offset));
+  access = builder()->AccessInobject(unknown, offset);
+  return builder()->AddLoad(map_array, access);
 }
 
 
 HValue* HGraphBuilder::JSArrayBuilder::EstablishAllocationSize(
     HValue* length_node) {
   HValue* context = builder()->environment()->LookupContext();
   ASSERT(length_node != NULL);
 
   int base_size = JSArray::kSize;
   if (mode_ == TRACK_ALLOCATION_SITE) {
@@ skipping 88 matching lines @@
 
   if (fill_with_hole) {
     builder()->BuildFillElementsWithHole(context, elements_location_, kind_,
                                          graph()->GetConstant0(), capacity);
   }
 
   return new_object;
 }
 
 
+HStoreNamedField* HGraphBuilder::AddStore(HValue *object, HObjectAccess* access,
+    HValue *val, Representation representation) {
+  HStoreNamedField *instr = new(zone()) HStoreNamedField(object, access, val);
+  AddInstruction(instr);
+  instr->set_field_representation(representation);
+  return instr;
+}
+
+
+HLoadNamedField* HGraphBuilder::AddLoad(HValue *object, HObjectAccess* access,
+    HValue *typecheck) {
+  HLoadNamedField *instr = new(zone())
+      HLoadNamedField(object, access, typecheck);
+  AddInstruction(instr);
+  return instr;
+}
+
+
+HStoreNamedField* HGraphBuilder::AddStoreMapConstant(HValue *object,
+    Handle<Map> map) {
+  HValue* constant = AddInstruction(new(zone())
+      HConstant(map, Representation::Tagged()));
+  HStoreNamedField *instr = new(zone())
+      HStoreNamedField(object, AccessMap(), constant);
+  AddInstruction(instr);
+  return instr;
+}
+
+
+HObjectAccess* HGraphBuilder::AccessArrayHeader(int offset) {

[danno, 2013/05/02 14:16:47]

I am not convinced this should be separate method. I think it's useful to have
factories for specific fields, but the only one "generic" version that handles
everything else. This avoid logic duplication.

In this case, JSObjects all have elements pointers, including arrays, so there
should be a ObjectAccess::ForElements for all JSObjects/JSArrays. For Maps, we
already have a accessor, nothing needed there. Adding
ObjectAccess::ForArrayLength seems to make sense.

[titzer, 2013/05/03 09:18:41]

I've moved this and other constructor methods to HObjectAccess. The original
reason for having an AccessArrayHeader method was that it was used in places
where it was known that an array header (but not exactly which kind of array--no
map) was being accessed.

+  ASSERT(offset >= 0 && offset <= JSArray::kSize);
+  Factory *factory = isolate()->factory();
+  HObjectAccess::Portion portion = HObjectAccess::kInobject;
+  Handle<String> name = factory->empty_string();
+  if (offset == JSObject::kElementsOffset) {
+    portion = HObjectAccess::kElementsPointer;
+    name = factory->elements_field_string();
+  } else if (offset == JSArray::kLengthOffset) {
+    portion = HObjectAccess::kArrayLengths;
+    name = factory->length_field_string();
+  } else if (offset == JSArray::kMapOffset) {
+    portion = HObjectAccess::kMaps;
+    name = factory->map_field_string();
+  }
+  return new(zone()) HObjectAccess(portion, offset, name);
+}
+
+
+HObjectAccess* HGraphBuilder::AccessArrayLength() {
+  return new (zone()) HObjectAccess(HObjectAccess::kArrayLengths,

[danno, 2013/05/02 14:16:47]

This method and the methods below should return the address of singletons. 

[titzer, 2013/05/03 09:18:41]

Done (in HObjectAccess).

+      JSArray::kLengthOffset, isolate()->factory()->length_field_string());
+}
+
+
+HObjectAccess* HGraphBuilder::AccessFixedArrayLength() {
+  return new(zone()) HObjectAccess(HObjectAccess::kInobject,
+      FixedArray::kLengthOffset, isolate()->factory()->length_field_string());
+}
+
+
+HObjectAccess* HGraphBuilder::AccessElements() {
+  return new(zone()) HObjectAccess(HObjectAccess::kElementsPointer,
+      JSObject::kElementsOffset, isolate()->factory()->elements_field_string());
+}
+
+
+HObjectAccess* HGraphBuilder::AccessMap() {
+  return new(zone()) HObjectAccess(HObjectAccess::kMaps, JSObject::kMapOffset,
+      isolate()->factory()->map_field_string());
+}
+
+
+HObjectAccess* HGraphBuilder::AccessField(Handle<Map> map, Handle<String> name,
+    LookupResult* lookup) {
+  ASSERT(lookup->IsField() || lookup->IsTransitionToField(*map));
+  int index;
+  if (lookup->IsField()) {
+    index = lookup->GetLocalFieldIndexFromMap(*map);
+  } else {
+    Map* transition = lookup->GetTransitionMapFromMap(*map);
+    int descriptor = transition->LastAdded();
+    index = transition->instance_descriptors()->GetFieldIndex(descriptor) -
+        map->inobject_properties();
+  }
+  if (index < 0) {
+    // Negative property indices are in-object properties, indexed
+    // from the end of the fixed part of the object.
+    int offset = (index * kPointerSize) + map->instance_size();
+    return new(zone()) HObjectAccess(HObjectAccess::kInobject, offset);
+  } else {
+    // Non-negative property indices are in the properties array.
+    int offset = (index * kPointerSize) + FixedArray::kHeaderSize;
+    return new(zone())
+        HObjectAccess(HObjectAccess::kBackingStore, offset, name);

[danno, 2013/05/02 14:16:47]

Seems like a wast of memory, these can be stack allocated with the right
constructor.

[titzer, 2013/05/03 09:18:41]

Can't do that, since a pointer to them is retained in HLoadNamedField and
HStoreNamedField.

+  }
+}
+
+HObjectAccess* HGraphBuilder::AccessInobject(Handle<String> name, int offset) {
+  return new(zone()) HObjectAccess(HObjectAccess::kInobject, offset, name);

[danno, 2013/05/02 14:16:47]

Same here...

+}
+
+
 HOptimizedGraphBuilder::HOptimizedGraphBuilder(CompilationInfo* info,
                                                TypeFeedbackOracle* oracle)
     : HGraphBuilder(info),
       function_state_(NULL),
       initial_function_state_(this, info, oracle, NORMAL_RETURN),
       ast_context_(NULL),
       break_scope_(NULL),
       inlined_count_(0),
       globals_(10, info->zone()),
       inline_bailout_(false) {
@@ skipping 4892 matching lines @@
   if (!is_store) return false;
 
   // 2nd chance: A store into a non-existent field can still be inlined if we
   // have a matching transition and some room left in the object.
   type->LookupTransition(NULL, *name, lookup);
   return lookup->IsTransitionToField(*type) &&
       (type->unused_property_fields() > 0);
 }
 
 
-static int ComputeLoadStoreFieldIndex(Handle<Map> type,
-                                      LookupResult* lookup) {
-  ASSERT(lookup->IsField() || lookup->IsTransitionToField(*type));
-  if (lookup->IsField()) {
-    return lookup->GetLocalFieldIndexFromMap(*type);
-  } else {
-    Map* transition = lookup->GetTransitionMapFromMap(*type);
-    int descriptor = transition->LastAdded();
-    int index = transition->instance_descriptors()->GetFieldIndex(descriptor);
-    return index - type->inobject_properties();
-  }
-}
-
-
 static Representation ComputeLoadStoreRepresentation(Handle<Map> type,
                                                      LookupResult* lookup) {
   if (lookup->IsField()) {
     return lookup->representation();
   } else {
     Map* transition = lookup->GetTransitionMapFromMap(*type);
     int descriptor = transition->LastAdded();
     PropertyDetails details =
         transition->instance_descriptors()->GetDetails(descriptor);
     return details.representation();
@@ skipping 44 matching lines @@
       }
       ASSERT(proto->GetPrototype(isolate())->IsNull());
     }
     ASSERT(proto->IsJSObject());
     AddInstruction(new(zone()) HCheckPrototypeMaps(
         Handle<JSObject>(JSObject::cast(map->prototype())),
         Handle<JSObject>(JSObject::cast(proto)),
         zone()));
   }
 
-  int index = ComputeLoadStoreFieldIndex(map, lookup);
-  bool is_in_object = index < 0;
-  Representation representation = ComputeLoadStoreRepresentation(map, lookup);
-  int offset = index * kPointerSize;
-  if (index < 0) {
-    // Negative property indices are in-object properties, indexed
-    // from the end of the fixed part of the object.
-    offset += map->instance_size();
-  } else {
-    offset += FixedArray::kHeaderSize;
-  }
-  HStoreNamedField* instr = new(zone()) HStoreNamedField(
-      object, name, value, is_in_object, representation, offset);
+  HObjectAccess* access = AccessField(map, name, lookup);
+  HStoreNamedField* instr = new(zone()) HStoreNamedField(object, access, value);
+  instr->set_field_representation(ComputeLoadStoreRepresentation(map, lookup));
+
   if (lookup->IsTransitionToField(*map)) {
     Handle<Map> transition(lookup->GetTransitionMapFromMap(*map));
     instr->set_transition(transition);
     // TODO(fschneider): Record the new map type of the object in the IR to
     // enable elimination of redundant checks after the transition store.
     instr->SetGVNFlag(kChangesMaps);
   }
   return instr;
 }
 
@@ skipping 49 matching lines @@
     Handle<String> name) {
   if (!name->Equals(isolate()->heap()->length_string())) return false;
 
   for (int i = 0; i < types->length(); i++) {
     if (types->at(i)->instance_type() != JS_ARRAY_TYPE) return false;
   }
 
   AddInstruction(new(zone()) HCheckNonSmi(object));
 
   HInstruction* typecheck =
-    AddInstruction(HCheckMaps::New(object, types, zone()));
-  HInstruction* instr =
-    HLoadNamedField::NewArrayLength(zone(), object, typecheck);
+      AddInstruction(HCheckMaps::New(object, types, zone()));
+  HInstruction* instr = new(zone())
+      HLoadNamedField(object, AccessArrayLength(), typecheck);
+
   instr->set_position(expr->position());
   ast_context()->ReturnInstruction(instr, expr->id());
   return true;
 }
 
 
 void HOptimizedGraphBuilder::HandlePolymorphicLoadNamedField(Property* expr,
     HValue* object,
     SmallMapList* types,
     Handle<String> name) {
   int count = 0;
   int previous_field_offset = 0;
   bool previous_field_is_in_object = false;
   bool is_monomorphic_field = true;
 
   if (HandlePolymorphicArrayLengthLoad(expr, object, types, name))
     return;
 
   Handle<Map> map;
   LookupResult lookup(isolate());
   for (int i = 0; i < types->length() && count < kMaxLoadPolymorphism; ++i) {
     map = types->at(i);
     if (ComputeLoadStoreField(map, name, &lookup, false)) {
-      int index = ComputeLoadStoreFieldIndex(map, &lookup);
-      bool is_in_object = index < 0;
-      int offset = index * kPointerSize;
-      if (index < 0) {
-        // Negative property indices are in-object properties, indexed
-        // from the end of the fixed part of the object.
-        offset += map->instance_size();
-      } else {
-        offset += FixedArray::kHeaderSize;
-      }
+      HObjectAccess* access = AccessField(map, name, &lookup);
       if (count == 0) {
-        previous_field_offset = offset;
-        previous_field_is_in_object = is_in_object;
+        previous_field_offset = access->offset();
+        previous_field_is_in_object = access->IsInobject();
       } else if (is_monomorphic_field) {
-        is_monomorphic_field = (offset == previous_field_offset) &&
-                               (is_in_object == previous_field_is_in_object);
+        // TODO(titzer): just break out of this loop if not the same
+        is_monomorphic_field =
+            (access->offset() == previous_field_offset) &&
+            (access->IsInobject() == previous_field_is_in_object);
       }
       ++count;
     }
   }
 
   // Use monomorphic load if property lookup results in the same field index
   // for all maps.  Requires special map check on the set of all handled maps.
   AddInstruction(new(zone()) HCheckNonSmi(object));
   HInstruction* instr;
   if (count == types->length() && is_monomorphic_field) {
     AddInstruction(HCheckMaps::New(object, types, zone()));
-    instr = BuildLoadNamedField(object, map, &lookup);
+    instr = new(zone())
+        HLoadNamedField(object, AccessField(map, name, &lookup));
+    // TODO(titzer): ensure the representation is the same for all maps
   } else {
     HValue* context = environment()->LookupContext();
-    instr = new(zone()) HLoadNamedFieldPolymorphic(context,
-                                                   object,
-                                                   types,
-                                                   name,
-                                                   zone());
+    instr = new(zone())
+        HLoadNamedFieldPolymorphic(context, object, types, name, zone());
   }
 
   instr->set_position(expr->position());
   return ast_context()->ReturnInstruction(instr, expr->id());
 }
 
 
 void HOptimizedGraphBuilder::HandlePolymorphicStoreNamedField(
     Assignment* expr,
     HValue* object,
@@ skipping 532 matching lines @@
   HValue* value = environment()->Pop();
   HThrow* instr = new(zone()) HThrow(context, value);
   instr->set_position(expr->position());
   AddInstruction(instr);
   AddSimulate(expr->id());
   current_block()->FinishExit(new(zone()) HAbnormalExit);
   set_current_block(NULL);
 }
 
 
-HLoadNamedField* HOptimizedGraphBuilder::BuildLoadNamedField(
-    HValue* object,
-    Handle<Map> map,
-    LookupResult* lookup) {
-  Representation representation = lookup->representation();
-  int index = lookup->GetLocalFieldIndexFromMap(*map);
-  if (index < 0) {
-    // Negative property indices are in-object properties, indexed
-    // from the end of the fixed part of the object.
-    int offset = (index * kPointerSize) + map->instance_size();
-    return new(zone()) HLoadNamedField(object, true, representation, offset);
-  } else {
-    // Non-negative property indices are in the properties array.
-    int offset = (index * kPointerSize) + FixedArray::kHeaderSize;
-    return new(zone()) HLoadNamedField(object, false, representation, offset);
-  }
-}
-
-
 HInstruction* HOptimizedGraphBuilder::BuildLoadNamedGeneric(
     HValue* object,
     Handle<String> name,
     Property* expr) {
   if (expr->IsUninitialized()) {
     AddSoftDeoptimize();
   }
   HValue* context = environment()->LookupContext();
   return new(zone()) HLoadNamedGeneric(context, object, name);
 }
@@ skipping 15 matching lines @@
     Handle<String> name,
     Property* expr,
     Handle<Map> map) {
   // Handle a load from a known field.
   ASSERT(!map->is_dictionary_map());
 
   // Handle access to various length properties
   if (name->Equals(isolate()->heap()->length_string())) {
     if (map->instance_type() == JS_ARRAY_TYPE) {
       AddCheckMapsWithTransitions(object, map);
-      return HLoadNamedField::NewArrayLength(zone(), object, object);
+      return new(zone()) HLoadNamedField(object, AccessArrayLength());
     }
   }
 
   LookupResult lookup(isolate());
   map->LookupDescriptor(NULL, *name, &lookup);
   if (lookup.IsField()) {
     AddCheckMap(object, map);
-    return BuildLoadNamedField(object, map, &lookup);
+    HLoadNamedField* load = new(zone())
+        HLoadNamedField(object, AccessField(map, name, &lookup));
+    load->set_field_representation(
+        ComputeLoadStoreRepresentation(map, &lookup));
+    return load;
   }
 
   // Handle a load of a constant known function.
   if (lookup.IsConstantFunction()) {
     AddCheckMap(object, map);
     Handle<JSFunction> function(lookup.GetConstantFunctionFromMap(*map));
     return new(zone()) HConstant(function, Representation::Tagged());
   }
 
   // Handle a load from a known field somewhere in the prototype chain.
   LookupInPrototypes(map, name, &lookup);
   if (lookup.IsField()) {
     Handle<JSObject> prototype(JSObject::cast(map->prototype()));
     Handle<JSObject> holder(lookup.holder());
     Handle<Map> holder_map(holder->map());
     AddCheckMap(object, map);
-    AddInstruction(
-        new(zone()) HCheckPrototypeMaps(prototype, holder, zone()));
-    HValue* holder_value = AddInstruction(
-            new(zone()) HConstant(holder, Representation::Tagged()));
-    return BuildLoadNamedField(holder_value, holder_map, &lookup);
+    AddInstruction(new(zone())
+        HCheckPrototypeMaps(prototype, holder, zone()));
+    HValue* holder_value = AddInstruction(new(zone())
+        HConstant(holder, Representation::Tagged()));
+    HLoadNamedField* load = new(zone())
+        HLoadNamedField(holder_value, AccessField(holder_map, name, &lookup));
+    load->set_field_representation(
+        ComputeLoadStoreRepresentation(map, &lookup));
+    return load;
   }
 
   // Handle a load of a constant function somewhere in the prototype chain.
   if (lookup.IsConstantFunction()) {
     Handle<JSObject> prototype(JSObject::cast(map->prototype()));
     Handle<JSObject> holder(lookup.holder());
     Handle<Map> holder_map(holder->map());
     AddCheckMap(object, map);
     AddInstruction(new(zone()) HCheckPrototypeMaps(prototype, holder, zone()));
     Handle<JSFunction> function(lookup.GetConstantFunctionFromMap(*holder_map));
@@ skipping 243 matching lines @@
         //     it's a keyed property) and registered in the full codegen.
         HBasicBlock* if_jsarray = graph()->CreateBasicBlock();
         HBasicBlock* if_fastobject = graph()->CreateBasicBlock();
         HHasInstanceTypeAndBranch* typecheck =
             new(zone()) HHasInstanceTypeAndBranch(object, JS_ARRAY_TYPE);
         typecheck->SetSuccessorAt(0, if_jsarray);
         typecheck->SetSuccessorAt(1, if_fastobject);
         current_block()->Finish(typecheck);
 
         set_current_block(if_jsarray);
-        HInstruction* length;
-        length = AddInstruction(
-            HLoadNamedField::NewArrayLength(zone(), object, typecheck,
-                                            HType::Smi()));
+        HInstruction* length = AddLoad(object, AccessArrayLength(), typecheck);
+        length->set_type(HType::Smi());
+        // TODO(titzer): length->set_field_representation(Representation::Smi())
+
         checked_key = AddBoundsCheck(key, length, ALLOW_SMI_KEY);
         access = AddInstruction(BuildFastElementAccess(
             elements, checked_key, val, elements_kind_branch,
             elements_kind, is_store, STANDARD_STORE));
         if (!is_store) {
           Push(access);
         }
 
         *has_side_effects |= access->HasObservableSideEffects();
         // The caller will use has_side_effects and add correct Simulate.
@@ skipping 2672 matching lines @@
     Handle<Object> value =
         Handle<Object>(boilerplate_object->InObjectPropertyAt(i),
         isolate());
     if (value->IsJSObject()) {
       Handle<JSObject> value_object = Handle<JSObject>::cast(value);
       Handle<JSObject> original_value_object = Handle<JSObject>::cast(
           Handle<Object>(original_boilerplate_object->InObjectPropertyAt(i),
               isolate()));
       HInstruction* value_instruction =
           AddInstruction(new(zone) HInnerAllocatedObject(target, *offset));
+
       // TODO(verwaest): choose correct storage.
-      AddInstruction(new(zone) HStoreNamedField(
-          object_properties, factory->unknown_field_string(), value_instruction,
-          true, Representation::Tagged(),
-          boilerplate_object->GetInObjectPropertyOffset(i)));
+      HObjectAccess* access = AccessInobject(factory->unknown_field_string(),
+          boilerplate_object->GetInObjectPropertyOffset(i));
+      AddStore(object_properties, access, value_instruction);
+
       BuildEmitDeepCopy(value_object, original_value_object, target,
                         offset, DONT_TRACK_ALLOCATION_SITE);
     } else {
       // TODO(verwaest): choose correct storage.
       HInstruction* value_instruction = AddInstruction(new(zone) HConstant(
           value, Representation::Tagged()));
-      AddInstruction(new(zone) HStoreNamedField(
-          object_properties, factory->unknown_field_string(), value_instruction,
-          true, Representation::Tagged(),
-          boilerplate_object->GetInObjectPropertyOffset(i)));
+
+      HObjectAccess* access = AccessInobject(factory->unknown_field_string(),
+          boilerplate_object->GetInObjectPropertyOffset(i));
+      AddStore(object_properties, access, value_instruction);
     }
   }
 
   // Build Allocation Site Info if desired
   if (create_allocation_site_info) {
     BuildCreateAllocationSiteInfo(target, JSArray::kSize, original_boilerplate);
   }
 
   if (object_elements != NULL) {
     HInstruction* boilerplate_elements = AddInstruction(new(zone) HConstant(
@@ skipping 57 matching lines @@
     int elements_offset,
     int elements_size) {
   ASSERT(boilerplate_object->properties()->length() == 0);
   Zone* zone = this->zone();
   Factory* factory = isolate()->factory();
   HValue* result = NULL;
 
   HValue* object_header =
       AddInstruction(new(zone) HInnerAllocatedObject(target, object_offset));
   Handle<Map> boilerplate_object_map(boilerplate_object->map());
-  BuildStoreMap(object_header, boilerplate_object_map);
+  AddStoreMapConstant(object_header, boilerplate_object_map);
 
   HInstruction* elements;
   if (elements_size == 0) {
     Handle<Object> elements_field =
         Handle<Object>(boilerplate_object->elements(), isolate());
     elements = AddInstruction(new(zone) HConstant(
         elements_field, Representation::Tagged()));
   } else {
     elements = AddInstruction(new(zone) HInnerAllocatedObject(
         target, elements_offset));
     result = elements;
   }
-  HInstruction* elements_store = AddInstruction(new(zone) HStoreNamedField(
-      object_header,
-      factory->elements_field_string(),
-      elements,
-      true, Representation::Tagged(), JSObject::kElementsOffset));
-  elements_store->SetGVNFlag(kChangesElementsPointer);
+  AddStore(object_header, AccessElements(), elements);
 
   Handle<Object> properties_field =
       Handle<Object>(boilerplate_object->properties(), isolate());
   ASSERT(*properties_field == isolate()->heap()->empty_fixed_array());
   HInstruction* properties = AddInstruction(new(zone) HConstant(
       properties_field, Representation::None()));
-  AddInstruction(new(zone) HStoreNamedField(object_header,
-                                            factory->empty_string(),
-                                            properties, true,
-                                            Representation::Tagged(),
-                                            JSObject::kPropertiesOffset));
+  HObjectAccess* access = AccessInobject(
+      factory->empty_string(), JSObject::kPropertiesOffset);
+  AddStore(object_header, access, properties);
 
   if (boilerplate_object->IsJSArray()) {
     Handle<JSArray> boilerplate_array =
         Handle<JSArray>::cast(boilerplate_object);
     Handle<Object> length_field =
         Handle<Object>(boilerplate_array->length(), isolate());
     HInstruction* length = AddInstruction(new(zone) HConstant(
         length_field, Representation::None()));
+
     ASSERT(boilerplate_array->length()->IsSmi());
     Representation representation =
         IsFastElementsKind(boilerplate_array->GetElementsKind())
         ? Representation::Smi() : Representation::Tagged();
-    HInstruction* length_store = AddInstruction(new(zone) HStoreNamedField(
-        object_header,
-        factory->length_field_string(),
-        length,
-        true, representation, JSArray::kLengthOffset));
-    length_store->SetGVNFlag(kChangesArrayLengths);
+    AddStore(object_header, AccessArrayLength(), length, representation);
   }
 
   return result;
 }
 
 
 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) {
   ASSERT(!HasStackOverflow());
   ASSERT(current_block() != NULL);
   ASSERT(current_block()->HasPredecessor());
@@ skipping 367 matching lines @@
   HBasicBlock* if_js_value = graph()->CreateBasicBlock();
   HBasicBlock* not_js_value = graph()->CreateBasicBlock();
   typecheck->SetSuccessorAt(0, if_js_value);
   typecheck->SetSuccessorAt(1, not_js_value);
   current_block()->Finish(typecheck);
   not_js_value->Goto(join);
 
   // Create in-object property store to kValueOffset.
   set_current_block(if_js_value);
   Handle<String> name = isolate()->factory()->undefined_string();
-  AddInstruction(new(zone()) HStoreNamedField(object,
-                                              name,
-                                              value,
-                                              true,  // in-object store.
-                                              Representation::Tagged(),
-                                              JSValue::kValueOffset));
+  AddStore(object, AccessInobject(name, JSValue::kValueOffset), value);
   if_js_value->Goto(join);
   join->SetJoinId(call->id());
   set_current_block(join);
   return ast_context()->ReturnValue(value);
 }
 
 
 // Fast support for charCodeAt(n).
 void HOptimizedGraphBuilder::GenerateStringCharCodeAt(CallRuntime* call) {
   ASSERT(call->arguments()->length() == 2);
@@ skipping 954 matching lines @@
     }
   }
 
 #ifdef DEBUG
   if (graph_ != NULL) graph_->Verify(false);  // No full verify.
   if (allocator_ != NULL) allocator_->Verify();
 #endif
 }
 
 } }  // namespace v8::internal