Reshuffle registers in JSConstructStub to avoid trashing costructor and new.target on fast path (so…

src/arm64/builtins-arm64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_ARM64
 
 #include "src/arm64/frames-arm64.h"
 #include "src/codegen.h"
 #include "src/debug/debug.h"
 #include "src/deoptimizer.h"
@@ skipping 343 matching lines @@
 
     // Preserve the four incoming parameters on the stack.
     Register argc = x0;
     Register constructor = x1;
     Register allocation_site = x2;
     Register new_target = x3;
 
     // Preserve the incoming parameters on the stack.
     __ AssertUndefinedOrAllocationSite(allocation_site, x10);
     __ SmiTag(argc);
-    if (create_implicit_receiver) {
-      __ Push(allocation_site, argc, constructor, new_target);
-    } else {
-      __ Push(allocation_site, argc);
-    }
+    __ Push(allocation_site, argc);
 
     if (create_implicit_receiver) {
       // sp[0]: new.target
       // sp[1]: Constructor function.
       // sp[2]: number of arguments (smi-tagged)
       // sp[3]: allocation site
       // Try to allocate the object without transitioning into C code. If any of
       // the preconditions is not met, the code bails out to the runtime call.
       Label rt_call, allocated;
       if (FLAG_inline_new) {
@@ skipping 32 matching lines @@
           __ Ldr(x4, bit_field3);
           __ DecodeField<Map::Counter>(constructon_count, x4);
           __ Cmp(constructon_count, Operand(Map::kSlackTrackingCounterEnd));
           __ B(lt, &allocate);
           // Decrease generous allocation count.
           __ Subs(x4, x4, Operand(1 << Map::Counter::kShift));
           __ Str(x4, bit_field3);
           __ Cmp(constructon_count, Operand(Map::kSlackTrackingCounterEnd));
           __ B(ne, &allocate);
 
-          // Push the constructor and map to the stack, and the map again
-          // as argument to the runtime call.
-          __ Push(constructor, init_map, init_map);
+          // Push the constructor, new_target and map to the stack, and
+          // the map again as an argument to the runtime call.
+          __ Push(constructor, new_target, init_map, init_map);
           __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
-          __ Pop(init_map, constructor);
+          __ Pop(init_map, new_target, constructor);
           __ Mov(constructon_count, Operand(Map::kSlackTrackingCounterEnd - 1));
           __ Bind(&allocate);
         }
 
         // Now allocate the JSObject on the heap.
-        Label rt_call_reload_new_target;
-        Register obj_size = x3;
+        Register obj_size = x10;
         Register new_obj = x4;
-        Register next_obj = x10;
+        Register next_obj = obj_size;  // May overlap.
         __ Ldrb(obj_size, FieldMemOperand(init_map, Map::kInstanceSizeOffset));
-        __ Allocate(obj_size, new_obj, next_obj, x11,
-                    &rt_call_reload_new_target, SIZE_IN_WORDS);
+        __ Allocate(obj_size, new_obj, next_obj, x11, &rt_call, SIZE_IN_WORDS);
 
         // Allocated the JSObject, now initialize the fields. Map is set to
         // initial map and properties and elements are set to empty fixed array.
         // NB. the object pointer is not tagged, so MemOperand is used.
         Register write_address = x5;
         Register empty = x7;
         __ Mov(write_address, new_obj);
         __ LoadRoot(empty, Heap::kEmptyFixedArrayRootIndex);
         STATIC_ASSERT(0 * kPointerSize == JSObject::kMapOffset);
         __ Str(init_map, MemOperand(write_address, kPointerSize, PostIndex));
         STATIC_ASSERT(1 * kPointerSize == JSObject::kPropertiesOffset);
         STATIC_ASSERT(2 * kPointerSize == JSObject::kElementsOffset);
         __ Stp(empty, empty,
                MemOperand(write_address, 2 * kPointerSize, PostIndex));
+        STATIC_ASSERT(3 * kPointerSize == JSObject::kHeaderSize);
 
         // Fill all of the in-object properties with the appropriate filler.
         Register filler = x7;
         __ LoadRoot(filler, Heap::kUndefinedValueRootIndex);
 
         if (!is_api_function) {
           Label no_inobject_slack_tracking;
 
           // Check if slack tracking is enabled.
           __ Cmp(constructon_count, Operand(Map::kSlackTrackingCounterEnd));
@@ skipping 29 matching lines @@
 
         // Fill all of the property fields with undef.
         __ InitializeFieldsWithFiller(write_address, next_obj, filler);
 
         // Add the object tag to make the JSObject real, so that we can continue
         // and jump into the continuation code at any time from now on.
         __ Add(new_obj, new_obj, kHeapObjectTag);
 
         // Continue with JSObject being successfully allocated.
         __ B(&allocated);
-
-        // Reload the new target and fall-through.
-        __ Bind(&rt_call_reload_new_target);
-        __ Peek(x3, 0 * kXRegSize);
       }
 
       // Allocate the new receiver object using the runtime call.
       // x1: constructor function
       // x3: new target
       __ Bind(&rt_call);
-      __ Push(constructor, new_target);  // arguments 1-2
+
+      // Push the constructor and new_target twice, second pair as arguments
+      // to the runtime call.
+      __ Push(constructor, new_target, constructor, new_target);
       __ CallRuntime(Runtime::kNewObject, 2);
       __ Mov(x4, x0);
+      __ Pop(new_target, constructor);
 
       // Receiver for constructor call allocated.
+      // x1: constructor function
+      // x3: new target
       // x4: JSObject
       __ Bind(&allocated);
 
-      // Restore the parameters.
-      __ Pop(new_target);
-      __ Pop(constructor);
-
       // Reload the number of arguments from the stack.
       // Set it up in x0 for the function call below.
       // jssp[0]: number of arguments (smi-tagged)
       __ Peek(argc, 0);  // Load number of arguments.
     }
 
     __ SmiUntag(argc);
 
     // Push new.target onto the construct frame. This is stored just below the
     // receiver on the stack.
@@ skipping 1391 matching lines @@
   }
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_ARM