Reshuffle registers in JSConstructStub to avoid trashing costructor and new.target on fast path (so…

src/mips64/builtins-mips64.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_MIPS64
 
 #include "src/codegen.h"
 #include "src/debug/debug.h"
 #include "src/deoptimizer.h"
 #include "src/full-codegen/full-codegen.h"
@@ skipping 350 matching lines @@
 
   Isolate* isolate = masm->isolate();
 
   // Enter a construct frame.
   {
     FrameScope scope(masm, StackFrame::CONSTRUCT);
 
     // Preserve the incoming parameters on the stack.
     __ AssertUndefinedOrAllocationSite(a2, t0);
     __ SmiTag(a0);
-    if (create_implicit_receiver) {
-      __ Push(a2, a0, a1, a3);
-    } else {
-      __ Push(a2, a0);
-    }
+    __ Push(a2, a0);
 
     if (create_implicit_receiver) {
       // Try to allocate the object without transitioning into C code. If any of
       // the preconditions is not met, the code bails out to the runtime call.
       Label rt_call, allocated;
       if (FLAG_inline_new) {
         // Verify that the new target is a JSFunction.
         __ GetObjectType(a3, a5, a4);
         __ Branch(&rt_call, ne, a4, Operand(JS_FUNCTION_TYPE));
 
@@ skipping 26 matching lines @@
           __ DecodeField<Map::Counter>(a6, a4);
           __ Branch(
               &allocate, lt, a6,
               Operand(static_cast<int64_t>(Map::kSlackTrackingCounterEnd)));
           // Decrease generous allocation count.
           __ Dsubu(a4, a4, Operand(1 << Map::Counter::kShift));
           __ Branch(USE_DELAY_SLOT, &allocate, ne, a6,
                     Operand(Map::kSlackTrackingCounterEnd));
           __ sw(a4, bit_field3);  // In delay slot.
 
-          __ Push(a1, a2, a2);  // a2 = Initial map.
+          // Push the constructor, new_target and map to the stack, and
+          // the map again as an argument to the runtime call.
+          __ Push(a1, a3, a2, a2);
           __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
 
-          __ Pop(a1, a2);
+          __ Pop(a1, a3, a2);
           __ li(a6, Operand(Map::kSlackTrackingCounterEnd - 1));
 
           __ bind(&allocate);
         }
 
         // Now allocate the JSObject on the heap.
         // a1: constructor function
         // a2: initial map
-        Label rt_call_reload_new_target;
-        __ lbu(a3, FieldMemOperand(a2, Map::kInstanceSizeOffset));
-
-        __ Allocate(a3, t0, a4, t2, &rt_call_reload_new_target, SIZE_IN_WORDS);
+        // a6: slack tracking counter (non-API function case)
+        __ lbu(a4, FieldMemOperand(a2, Map::kInstanceSizeOffset));
+        __ Allocate(a4, t0, a4, t2, &rt_call, SIZE_IN_WORDS);
 
         // Allocated the JSObject, now initialize the fields. Map is set to
         // initial map and properties and elements are set to empty fixed array.
         // a1: constructor function
         // a2: initial map
         // a3: object size
         // t0: JSObject (not tagged)
         // a4: start of next object
+        // a6: slack tracking counter (non-API function case)
         __ LoadRoot(t2, Heap::kEmptyFixedArrayRootIndex);
         __ mov(t1, t0);
         STATIC_ASSERT(0 * kPointerSize == JSObject::kMapOffset);
         __ sd(a2, MemOperand(t1, JSObject::kMapOffset));
         STATIC_ASSERT(1 * kPointerSize == JSObject::kPropertiesOffset);
         __ sd(t2, MemOperand(t1, JSObject::kPropertiesOffset));
         STATIC_ASSERT(2 * kPointerSize == JSObject::kElementsOffset);
         __ sd(t2, MemOperand(t1, JSObject::kElementsOffset));
+        STATIC_ASSERT(3 * kPointerSize == JSObject::kHeaderSize);
         __ Daddu(t1, t1, Operand(3 * kPointerSize));
 
         // Fill all the in-object properties with appropriate filler.
-        // a1: constructor function
-        // a2: initial map
-        // a3: object size (in words)
-        // t0: JSObject (not tagged)
-        // a4: start of next object
         // t1: First in-object property of JSObject (not tagged)
-        // a6: slack tracking counter (non-API function case)
-        DCHECK_EQ(3 * kPointerSize, JSObject::kHeaderSize);
 
         // Use t3 to hold undefined, which is used in several places below.
         __ LoadRoot(t3, Heap::kUndefinedValueRootIndex);
 
         if (!is_api_function) {
           Label no_inobject_slack_tracking;
 
           // Check if slack tracking is enabled.
           __ Branch(
               &no_inobject_slack_tracking, lt, a6,
               Operand(static_cast<int64_t>(Map::kSlackTrackingCounterEnd)));
 
           // Allocate object with a slack.
           __ lbu(a0, FieldMemOperand(a2, Map::kUnusedPropertyFieldsOffset));
           __ dsll(a0, a0, kPointerSizeLog2);
           __ dsubu(a0, a4, a0);
           // a0: offset of first field after pre-allocated fields
           if (FLAG_debug_code) {
             __ Assert(le, kUnexpectedNumberOfPreAllocatedPropertyFields, t1,
                       Operand(a0));
           }
           __ InitializeFieldsWithFiller(t1, a0, t3);
-          // To allow for truncation.
+
+          // To allow truncation fill the remaining fields with one pointer
+          // filler map.
           __ LoadRoot(t3, Heap::kOnePointerFillerMapRootIndex);
-          // Fill the remaining fields with one pointer filler map.
 
           __ bind(&no_inobject_slack_tracking);
         }
 
         __ InitializeFieldsWithFiller(t1, a4, t3);
 
         // Add the object tag to make the JSObject real, so that we can continue
         // and jump into the continuation code at any time from now on.
         __ Daddu(t0, t0, Operand(kHeapObjectTag));
 
         // Continue with JSObject being successfully allocated.
+        // a1: constructor function
+        // a3: new target
         // a4: JSObject
         __ jmp(&allocated);
-
-        // Reload the new target and fall-through.
-        __ bind(&rt_call_reload_new_target);
-        __ ld(a3, MemOperand(sp, 0 * kPointerSize));
       }
 
       // Allocate the new receiver object using the runtime call.
       // a1: constructor function
       // a3: new target
       __ bind(&rt_call);
 
-      __ Push(a1, a3);  // constructor function, new target
+      // Push the constructor and new_target twice, second pair as arguments
+      // to the runtime call.
+      __ Push(a1, a3, a1, a3);  // constructor function, new target
       __ CallRuntime(Runtime::kNewObject, 2);
       __ mov(t0, v0);
+      __ Pop(a1, a3);
 
       // Receiver for constructor call allocated.
+      // a1: constructor function
+      // a3: new target
       // t0: JSObject
       __ bind(&allocated);
 
-      // Restore the parameters.
-      __ Pop(a3);  // new.target
-      __ Pop(a1);
-
       __ ld(a0, MemOperand(sp));
     }
     __ SmiUntag(a0);
 
     // Push new.target onto the construct frame. This is stored just below the
     // receiver on the stack.
     if (create_implicit_receiver) {
       // Push the allocated receiver to the stack. We need two copies
       // because we may have to return the original one and the calling
       // conventions dictate that the called function pops the receiver.
@@ skipping 1332 matching lines @@
   }
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_MIPS64