Unify calling to GenerateFastApiCallBody before stubbing it

src/x64/stub-cache-x64.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 374 matching lines @@
   __ CallExternalReference(
       ExternalReference(IC_Utility(id), masm->isolate()),
       StubCache::kInterceptorArgsLength);
 }
 
 
 // Number of pointers to be reserved on stack for fast API call.
 static const int kFastApiCallArguments = FunctionCallbackArguments::kArgsLength;
 
 
-// Reserves space for the extra arguments to API function in the
-// caller's frame.
-//
-// These arguments are set by CheckPrototypes and GenerateFastApiCall.
-static void ReserveSpaceForFastApiCall(MacroAssembler* masm, Register scratch) {
-  // ----------- S t a t e -------------
-  //  -- rsp[0] : return address
-  //  -- rsp[8] : last argument in the internal frame of the caller
-  // -----------------------------------
-  __ movq(scratch, StackOperandForReturnAddress(0));
-  __ subq(rsp, Immediate(kFastApiCallArguments * kPointerSize));
-  __ movq(StackOperandForReturnAddress(0), scratch);
-  __ Move(scratch, Smi::FromInt(0));
-  StackArgumentsAccessor args(rsp, kFastApiCallArguments,
-                              ARGUMENTS_DONT_CONTAIN_RECEIVER);
-  for (int i = 0; i < kFastApiCallArguments; i++) {
-     __ movp(args.GetArgumentOperand(i), scratch);
-  }
-}
-
-
-// Undoes the effects of ReserveSpaceForFastApiCall.
-static void FreeSpaceForFastApiCall(MacroAssembler* masm, Register scratch) {
-  // ----------- S t a t e -------------
-  //  -- rsp[0]                             : return address.
-  //  -- rsp[8]                             : last fast api call extra argument.
-  //  -- ...
-  //  -- rsp[kFastApiCallArguments * 8]     : first fast api call extra
-  //                                          argument.
-  //  -- rsp[kFastApiCallArguments * 8 + 8] : last argument in the internal
-  //                                          frame.
-  // -----------------------------------
-  __ movq(scratch, StackOperandForReturnAddress(0));
-  __ movq(StackOperandForReturnAddress(kFastApiCallArguments * kPointerSize),
-          scratch);
-  __ addq(rsp, Immediate(kPointerSize * kFastApiCallArguments));
-}
-
-
 static void GenerateFastApiCallBody(MacroAssembler* masm,
                                     const CallOptimization& optimization,
                                     int argc,
+                                    Register holder,
+                                    Register scratch1,
+                                    Register scratch2,
+                                    Register scratch3,
                                     bool restore_context);
 
 
+static void MoveHolder(MacroAssembler* masm,
+                       Handle<JSObject> receiver,
+                       Handle<JSObject> holder,
+                       Register dest) {
+  ASSERT(!receiver.is_identical_to(holder));
+  if (!masm->isolate()->heap()->InNewSpace(*holder)) {
+    __ Move(dest, holder);
+    return;
+  }
+  Handle<Map> current_map(receiver->map());
+  Handle<Map> holder_map(holder->map());
+  while (!current_map.is_identical_to(holder_map)) {
+    Handle<Map>

[Toon Verwaest, 2014/01/20 19:11:09]

Handle<Map> prototype_map(
    JSObject::cast(current_map->prototype())->map());

+    prototype_map(JSObject::cast(current_map->prototype())->map());
+    if (prototype_map.is_identical_to(holder_map)) {
+      __ Move(dest, current_map);
+      __ movp(dest, FieldOperand(dest, Map::kPrototypeOffset));
+      return;
+    }
+    current_map = prototype_map;
+  }
+  CHECK(false);

[Toon Verwaest, 2014/01/20 19:11:09]

UNREACHABLE();

+}
+
+
 // Generates call to API function.
 static void GenerateFastApiCall(MacroAssembler* masm,
                                 const CallOptimization& optimization,
-                                int argc) {
-  typedef FunctionCallbackArguments FCA;
-  StackArgumentsAccessor args(rsp, argc + kFastApiCallArguments);
+                                int argc,
+                                Handle<JSObject> api_receiver,
+                                Handle<JSObject> api_holder) {
+  Counters* counters = masm->isolate()->counters();
+  __ IncrementCounter(counters->call_const_fast_api(), 1);
 
-  // Save calling context.
-  int offset = argc + kFastApiCallArguments;
-  __ movp(args.GetArgumentOperand(offset - FCA::kContextSaveIndex), rsi);
-
-  // Get the function and setup the context.
-  Handle<JSFunction> function = optimization.constant_function();
-  __ Move(rdi, function);
-  __ movp(rsi, FieldOperand(rdi, JSFunction::kContextOffset));
-  // Construct the FunctionCallbackInfo on the stack.
-  __ movp(args.GetArgumentOperand(offset - FCA::kCalleeIndex), rdi);
-  Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
-  Handle<Object> call_data(api_call_info->data(), masm->isolate());
-  if (masm->isolate()->heap()->InNewSpace(*call_data)) {
-    __ Move(rcx, api_call_info);
-    __ movp(rbx, FieldOperand(rcx, CallHandlerInfo::kDataOffset));
-    __ movp(args.GetArgumentOperand(offset - FCA::kDataIndex), rbx);
+  Register holder = rax;
+  if (api_holder.is_identical_to(api_receiver)) {
+    StackArgumentsAccessor args(rsp, argc);
+    __ movp(holder, args.GetReceiverOperand());
   } else {
-    __ Move(args.GetArgumentOperand(offset - FCA::kDataIndex), call_data);
+    MoveHolder(masm, api_receiver, api_holder, rax);
   }
-  __ Move(kScratchRegister,
-          ExternalReference::isolate_address(masm->isolate()));
-  __ movp(args.GetArgumentOperand(offset - FCA::kIsolateIndex),
-          kScratchRegister);
-  __ LoadRoot(kScratchRegister, Heap::kUndefinedValueRootIndex);
-  __ movp(args.GetArgumentOperand(offset - FCA::kReturnValueDefaultValueIndex),
-          kScratchRegister);
-  __ movp(args.GetArgumentOperand(offset - FCA::kReturnValueOffset),
-          kScratchRegister);
-
-  // Prepare arguments.
-  STATIC_ASSERT(kFastApiCallArguments == 7);
-  __ lea(rax, args.GetArgumentOperand(offset - FCA::kHolderIndex));
-
-  GenerateFastApiCallBody(masm, optimization, argc, false);
+  GenerateFastApiCallBody(masm,
+                          optimization,
+                          argc,
+                          holder,
+                          rbx,
+                          rcx,
+                          rdx,
+                          false);
 }
 
 
 // Generate call to api function.
 // This function uses push() to generate smaller, faster code than
 // the version above. It is an optimization that should will be removed
 // when api call ICs are generated in hydrogen.
 static void GenerateFastApiCall(MacroAssembler* masm,
                                 const CallOptimization& optimization,
                                 Register receiver,
                                 Register scratch1,
                                 Register scratch2,
                                 Register scratch3,
                                 int argc,
                                 Register* values) {
-  ASSERT(optimization.is_simple_api_call());
-
   __ PopReturnAddressTo(scratch1);
-
   // receiver
   __ push(receiver);
-
   // Write the arguments to stack frame.
   for (int i = 0; i < argc; i++) {
     Register arg = values[argc-1-i];
     ASSERT(!receiver.is(arg));
     ASSERT(!scratch1.is(arg));
     ASSERT(!scratch2.is(arg));
     ASSERT(!scratch3.is(arg));
     __ push(arg);
   }
+  __ PushReturnAddressFrom(scratch1);
+  // Stack now matches JSFunction abi.
+  GenerateFastApiCallBody(masm,
+                          optimization,
+                          argc,
+                          receiver,
+                          scratch1,
+                          scratch2,
+                          scratch3,
+                          true);
+}
+
+
+static void GenerateFastApiCallBody(MacroAssembler* masm,
+                                    const CallOptimization& optimization,
+                                    int argc,
+                                    Register holder,
+                                    Register scratch1,
+                                    Register scratch2,
+                                    Register scratch3,
+                                    bool restore_context) {
+  // ----------- S t a t e -------------
+  //  -- rsp[0]              : return address
+  //  -- rsp[8]              : last argument
+  //  -- ...
+  //  -- rsp[argc * 8]       : first argument
+  //  -- rsp[(argc + 1) * 8] : receiver
+  // -----------------------------------
+  ASSERT(optimization.is_simple_api_call());
 
   typedef FunctionCallbackArguments FCA;
 
   STATIC_ASSERT(FCA::kHolderIndex == 0);
   STATIC_ASSERT(FCA::kIsolateIndex == 1);
   STATIC_ASSERT(FCA::kReturnValueDefaultValueIndex == 2);
   STATIC_ASSERT(FCA::kReturnValueOffset == 3);
   STATIC_ASSERT(FCA::kDataIndex == 4);
   STATIC_ASSERT(FCA::kCalleeIndex == 5);
   STATIC_ASSERT(FCA::kContextSaveIndex == 6);
   STATIC_ASSERT(FCA::kArgsLength == 7);
 
+  __ PopReturnAddressTo(scratch1);
+
+  ASSERT(!holder.is(rsi));
   // context save
   __ push(rsi);
 
   // Get the function and setup the context.
   Handle<JSFunction> function = optimization.constant_function();
   __ Move(scratch2, function);
   __ push(scratch2);
 
   Isolate* isolate = masm->isolate();
   Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
@@ skipping 16 matching lines @@
   }
   // return value
   __ push(scratch3);
   // return value default
   __ push(scratch3);
   // isolate
   __ Move(scratch3,
           ExternalReference::isolate_address(masm->isolate()));
   __ push(scratch3);
   // holder
-  __ push(receiver);
+  __ push(holder);
 
   ASSERT(!scratch1.is(rax));
-  // store receiver address for GenerateFastApiCallBody
   __ movp(rax, rsp);
+  // Push return address back on stack.
   __ PushReturnAddressFrom(scratch1);
 
-  GenerateFastApiCallBody(masm, optimization, argc, true);
-}
-
-
-static void GenerateFastApiCallBody(MacroAssembler* masm,
-                                    const CallOptimization& optimization,
-                                    int argc,
-                                    bool restore_context) {
-  // ----------- S t a t e -------------
-  //  -- rsp[0]              : return address
-  //  -- rsp[8] - rsp[56]    : FunctionCallbackInfo, incl.
-  //                         :  object passing the type check
-  //                            (set by CheckPrototypes)
-  //  -- rsp[64]             : last argument
-  //  -- ...
-  //  -- rsp[(argc + 7) * 8] : first argument
-  //  -- rsp[(argc + 8) * 8] : receiver
-  //
-  // rax : receiver address
-  // -----------------------------------
-  typedef FunctionCallbackArguments FCA;
-
-  Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
   // Function address is a foreign pointer outside V8's heap.
   Address function_address = v8::ToCData<Address>(api_call_info->callback());
 
   // Allocate the v8::Arguments structure in the arguments' space since
   // it's not controlled by GC.
   const int kApiStackSpace = 4;
 
   __ PrepareCallApiFunction(kApiStackSpace);
 
   __ movp(StackSpaceOperand(0), rax);  // FunctionCallbackInfo::implicit_args_.
@@ skipping 75 matching lines @@
                         Register scratch2,
                         Register scratch3,
                         Handle<JSObject> interceptor_holder,
                         LookupResult* lookup,
                         Handle<Name> name,
                         const CallOptimization& optimization,
                         Label* miss_label) {
     ASSERT(optimization.is_constant_call());
     ASSERT(!lookup->holder()->IsGlobalObject());
 
-    int depth1 = kInvalidProtoDepth;
-    int depth2 = kInvalidProtoDepth;
-    bool can_do_fast_api_call = false;
-    if (optimization.is_simple_api_call() &&
-        !lookup->holder()->IsGlobalObject()) {
-      depth1 = optimization.GetPrototypeDepthOfExpectedType(
-          object, interceptor_holder);
-      if (depth1 == kInvalidProtoDepth) {
-        depth2 = optimization.GetPrototypeDepthOfExpectedType(
-            interceptor_holder, Handle<JSObject>(lookup->holder()));
-      }
-      can_do_fast_api_call =
-          depth1 != kInvalidProtoDepth || depth2 != kInvalidProtoDepth;
-    }
-
     Counters* counters = masm->isolate()->counters();
     __ IncrementCounter(counters->call_const_interceptor(), 1);
 
-    if (can_do_fast_api_call) {
-      __ IncrementCounter(counters->call_const_interceptor_fast_api(), 1);
-      ReserveSpaceForFastApiCall(masm, scratch1);
-    }
-
     // Check that the maps from receiver to interceptor's holder
     // haven't changed and thus we can invoke interceptor.
     Label miss_cleanup;
-    Label* miss = can_do_fast_api_call ? &miss_cleanup : miss_label;
     Register holder =
         stub_compiler_->CheckPrototypes(
             IC::CurrentTypeOf(object, masm->isolate()), receiver,
             interceptor_holder, scratch1, scratch2, scratch3,
-            name, depth1, miss);
+            name, miss_label);
 
     // Invoke an interceptor and if it provides a value,
     // branch to |regular_invoke|.
     Label regular_invoke;
     LoadWithInterceptor(masm, receiver, holder, interceptor_holder,
                         &regular_invoke);
 
     // Interceptor returned nothing for this property.  Try to use cached
     // constant function.
 
     // Check that the maps from interceptor's holder to constant function's
     // holder haven't changed and thus we can use cached constant function.
     if (*interceptor_holder != lookup->holder()) {
       stub_compiler_->CheckPrototypes(
           IC::CurrentTypeOf(interceptor_holder, masm->isolate()), holder,
           handle(lookup->holder()), scratch1, scratch2, scratch3,
-          name, depth2, miss);
-    } else {
-      // CheckPrototypes has a side effect of fetching a 'holder'
-      // for API (object which is instanceof for the signature).  It's
-      // safe to omit it here, as if present, it should be fetched
-      // by the previous CheckPrototypes.
-      ASSERT(depth2 == kInvalidProtoDepth);
+          name, miss_label);
+    }
+
+    Handle<JSObject> api_receiver;
+    Handle<JSObject> api_holder;
+    if (optimization.is_simple_api_call() &&
+        !lookup->holder()->IsGlobalObject()) {
+      api_receiver = object;
+      api_holder = optimization.GetPrototypeOfExpectedType(
+          api_receiver, interceptor_holder);
+      if (api_holder.is_null()) {
+        api_receiver = interceptor_holder;
+        api_holder = optimization.GetPrototypeOfExpectedType(
+            api_receiver, Handle<JSObject>(lookup->holder()));

[Toon Verwaest, 2014/01/20 19:11:09]

This entire code part is a bit weird to me. Why would we have an interceptor
case if there's a holder above the interceptor? Or that just because the holder
is completely unrelated to the thing that holds the API function? Is that why
you called it api_holder?

[dcarney, 2014/01/20 20:23:56]

exactly.  It's not what you'd expect to call a holder, but it's between the
receiver and the holder on the chain.  it would be nice to delete all this
garbage with recursive interceptors

+      }
     }
 
     // Invoke function.
-    if (can_do_fast_api_call) {
-      GenerateFastApiCall(masm, optimization, arguments_.immediate());
+    if (!api_holder.is_null()) {
+      int argc = arguments_.immediate();
+      GenerateFastApiCall(masm, optimization, argc, api_receiver, api_holder);
     } else {
       Handle<JSFunction> fun = optimization.constant_function();
       stub_compiler_->GenerateJumpFunction(object, fun);
     }
 
-    // Deferred code for fast API call case---clean preallocated space.
-    if (can_do_fast_api_call) {
-      __ bind(&miss_cleanup);
-      FreeSpaceForFastApiCall(masm, scratch1);
-      __ jmp(miss_label);
-    }
-
     // Invoke a regular function.
     __ bind(&regular_invoke);
-    if (can_do_fast_api_call) {
-      FreeSpaceForFastApiCall(masm, scratch1);
-    }
   }
 
   void CompileRegular(MacroAssembler* masm,
                       Handle<JSObject> object,
                       Register receiver,
                       Register scratch1,
                       Register scratch2,
                       Register scratch3,
                       Handle<Name> name,
                       Handle<JSObject> interceptor_holder,
@@ skipping 341 matching lines @@
 #define __ ACCESS_MASM((masm()))
 
 
 Register StubCompiler::CheckPrototypes(Handle<Type> type,
                                        Register object_reg,
                                        Handle<JSObject> holder,
                                        Register holder_reg,
                                        Register scratch1,
                                        Register scratch2,
                                        Handle<Name> name,
-                                       int save_at_depth,
                                        Label* miss,
                                        PrototypeCheckType check) {
   Handle<Map> receiver_map(IC::TypeToMap(*type, isolate()));
   // Make sure that the type feedback oracle harvests the receiver map.
   // TODO(svenpanne) Remove this hack when all ICs are reworked.
   __ Move(scratch1, receiver_map);
 
   // Make sure there's no overlap between holder and object registers.
   ASSERT(!scratch1.is(object_reg) && !scratch1.is(holder_reg));
   ASSERT(!scratch2.is(object_reg) && !scratch2.is(holder_reg)
          && !scratch2.is(scratch1));
 
   // Keep track of the current object in register reg.  On the first
   // iteration, reg is an alias for object_reg, on later iterations,
   // it is an alias for holder_reg.
   Register reg = object_reg;
   int depth = 0;
 
-  StackArgumentsAccessor args(rsp, kFastApiCallArguments,
-                              ARGUMENTS_DONT_CONTAIN_RECEIVER);
-  const int kHolderIndex = kFastApiCallArguments - 1 -
-      FunctionCallbackArguments::kHolderIndex;
-
-  if (save_at_depth == depth) {
-    __ movp(args.GetArgumentOperand(kHolderIndex), object_reg);
-  }
-
   Handle<JSObject> current = Handle<JSObject>::null();
   if (type->IsConstant()) current = Handle<JSObject>::cast(type->AsConstant());
   Handle<JSObject> prototype = Handle<JSObject>::null();
   Handle<Map> current_map = receiver_map;
   Handle<Map> holder_map(holder->map());
   // Traverse the prototype chain and check the maps in the prototype chain for
   // fast and global objects or do negative lookup for normal objects.
   while (!current_map.is_identical_to(holder_map)) {
     ++depth;
 
@@ skipping 45 matching lines @@
       if (in_new_space) {
         // The prototype is in new space; we cannot store a reference to it
         // in the code.  Load it from the map.
         __ movp(reg, FieldOperand(scratch1, Map::kPrototypeOffset));
       } else {
         // The prototype is in old space; load it directly.
         __ Move(reg, prototype);
       }
     }
 
-    if (save_at_depth == depth) {
-      __ movp(args.GetArgumentOperand(kHolderIndex), reg);
-    }
-
     // Go to the next object in the prototype chain.
     current = prototype;
     current_map = handle(current->map());
   }
 
   // Log the check depth.
   LOG(isolate(), IntEvent("check-maps-depth", depth + 1));
 
   if (depth != 0 || check == CHECK_ALL_MAPS) {
     // Check the holder map.
@@ skipping 681 matching lines @@
     Handle<JSObject> holder,
     Handle<Cell> cell,
     Handle<JSFunction> function,
     Handle<String> name) {
   ASSERT(optimization.is_simple_api_call());
   // Bail out if object is a global object as we don't want to
   // repatch it to global receiver.
   if (object->IsGlobalObject()) return Handle<Code>::null();
   if (!cell.is_null()) return Handle<Code>::null();
   if (!object->IsJSObject()) return Handle<Code>::null();
-  int depth = optimization.GetPrototypeDepthOfExpectedType(
-      Handle<JSObject>::cast(object), holder);
-  if (depth == kInvalidProtoDepth) return Handle<Code>::null();
+  Handle<JSObject> receiver = Handle<JSObject>::cast(object);
+  Handle<JSObject> api_holder =
+      optimization.GetPrototypeOfExpectedType(receiver, holder);
+  if (api_holder.is_null()) return Handle<Code>::null();
 
-  Label miss, miss_before_stack_reserved;
-  GenerateNameCheck(name, &miss_before_stack_reserved);
+  Label miss;
+  GenerateNameCheck(name, &miss);
 
   const int argc = arguments().immediate();
   StackArgumentsAccessor args(rsp, argc);
   __ movp(rdx, args.GetReceiverOperand());
 
   // Check that the receiver isn't a smi.
-  __ JumpIfSmi(rdx, &miss_before_stack_reserved);
+  __ JumpIfSmi(rdx, &miss);
 
   Counters* counters = isolate()->counters();
   __ IncrementCounter(counters->call_const(), 1);
-  __ IncrementCounter(counters->call_const_fast_api(), 1);
-
-  // Allocate space for v8::Arguments implicit values. Must be initialized
-  // before calling any runtime function.
-  __ subq(rsp, Immediate(kFastApiCallArguments * kPointerSize));
 
   // Check that the maps haven't changed and find a Holder as a side effect.
   CheckPrototypes(IC::CurrentTypeOf(object, isolate()), rdx, holder,
-                  rbx, rax, rdi, name, depth, &miss);
+                  rbx, rax, rdi, name, &miss);
 
-  // Move the return address on top of the stack.
-  __ movq(rax,
-          StackOperandForReturnAddress(kFastApiCallArguments * kPointerSize));
-  __ movq(StackOperandForReturnAddress(0), rax);
+  GenerateFastApiCall(masm(), optimization, argc, receiver, api_holder);
 
-  GenerateFastApiCall(masm(), optimization, argc);
-
-  __ bind(&miss);
-  __ addq(rsp, Immediate(kFastApiCallArguments * kPointerSize));
-
-  HandlerFrontendFooter(&miss_before_stack_reserved);
+  HandlerFrontendFooter(&miss);
 
   // Return the generated code.
   return GetCode(function);
 }
 
 
 void StubCompiler::GenerateBooleanCheck(Register object, Label* miss) {
   Label success;
   // Check that the object is a boolean.
   __ CompareRoot(object, Heap::kTrueValueRootIndex);
@@ skipping 522 matching lines @@
   // -----------------------------------
   TailCallBuiltin(masm, Builtins::kKeyedLoadIC_Miss);
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_X64