[turbofan] Only allocate implict receiver when needed.

src/compiler/js-inlining.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/js-inlining.h"
 
 #include "src/ast.h"
 #include "src/ast-numbering.h"
 #include "src/compiler.h"
 #include "src/compiler/all-nodes.h"
@@ skipping 246 matching lines @@
   const Operator* op_param =
       jsgraph_->common()->StateValues(static_cast<int>(params.size()));
   Node* params_node = jsgraph_->graph()->NewNode(
       op_param, static_cast<int>(params.size()), &params.front());
   return jsgraph_->graph()->NewNode(op, params_node, node0, node0,
                                     jsgraph_->UndefinedConstant(),
                                     node->InputAt(0), outer_frame_state);
 }
 
 
+namespace {
+
+// TODO(mstarzinger,verwaest): Move this predicate onto SharedFunctionInfo?
+bool NeedsImplicitReceiver(Handle<JSFunction> function, Isolate* isolate) {
+  Code* construct_stub = function->shared()->construct_stub();
+  return construct_stub != *isolate->builtins()->JSBuiltinsConstructStub() &&
+         construct_stub != *isolate->builtins()->ConstructedNonConstructable();
+}
+
+}  // namespace
+
+
 Reduction JSInliner::Reduce(Node* node) {
   if (!IrOpcode::IsInlineeOpcode(node->opcode())) return NoChange();
 
   // This reducer can handle both normal function calls as well a constructor
   // calls whenever the target is a constant function object, as follows:
   //  - JSCallFunction(target:constant, receiver, args...)
   //  - JSCallConstruct(target:constant, args..., new.target)
   HeapObjectMatcher match(node->InputAt(0));
   if (!match.HasValue() || !match.Value()->IsJSFunction()) return NoChange();
   Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
 
   return ReduceJSCall(node, function);
 }
 
 
 Reduction JSInliner::ReduceJSCall(Node* node, Handle<JSFunction> function) {
   DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
   JSCallAccessor call(node);
 
+  // Function must be inlineable.
   if (!function->shared()->IsInlineable()) {
-    // Function must be inlineable.
     TRACE("Not inlining %s into %s because callee is not inlineable\n",
           function->shared()->DebugName()->ToCString().get(),
           info_->shared_info()->DebugName()->ToCString().get());
     return NoChange();
   }
 
+  // Constructor must be constructable.
   if (node->opcode() == IrOpcode::kJSCallConstruct &&
       !function->IsConstructor()) {
-    // Constructor must be constructable.
-    TRACE("Not inlining %s into %s since constructor is not constructable.\n",
+    TRACE("Not inlining %s into %s because constructor is not constructable.\n",
           function->shared()->DebugName()->ToCString().get(),
           info_->shared_info()->DebugName()->ToCString().get());
     return NoChange();
   }
 
   // Class constructors are callable, but [[Call]] will raise an exception.
   // See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
-  if (IsClassConstructor(function->shared()->kind())) {
-    TRACE("Not inlining %s into %s because callee is classConstructor\n",
+  if (node->opcode() == IrOpcode::kJSCallFunction &&
+      IsClassConstructor(function->shared()->kind())) {
+    TRACE("Not inlining %s into %s because callee is a class constructor.\n",
           function->shared()->DebugName()->ToCString().get(),
           info_->shared_info()->DebugName()->ToCString().get());
     return NoChange();
   }
 
+  // Function contains break points.
   if (function->shared()->HasDebugInfo()) {
-    // Function contains break points.
     TRACE("Not inlining %s into %s because callee may contain break points\n",
           function->shared()->DebugName()->ToCString().get(),
           info_->shared_info()->DebugName()->ToCString().get());
     return NoChange();
   }
 
   // Disallow cross native-context inlining for now. This means that all parts
   // of the resulting code will operate on the same global object.
   // This also prevents cross context leaks for asm.js code, where we could
   // inline functions from a different context and hold on to that context (and
@@ skipping 93 matching lines @@
 
   CopyVisitor visitor(&graph, jsgraph_->graph(), &zone);
   visitor.CopyGraph();
 
   Node* start = visitor.GetCopy(graph.start());
   Node* end = visitor.GetCopy(graph.end());
   Node* frame_state = call.frame_state_after();
   Node* new_target = jsgraph_->UndefinedConstant();
 
   // Insert nodes around the call that model the behavior required for a
-  // constructor dispatch and turn the constructor call into a regular call.
+  // constructor dispatch (allocate implicit receiver and check return value).
   // This models the behavior usually accomplished by our {JSConstructStub}.
   // Note that the context has to be the callers context (input to call node).
-  // TODO(4544): Once we support inlining builtins, make sure no implicit
-  // receiver is created for builtins that don't expect any.
-  if (node->opcode() == IrOpcode::kJSCallConstruct) {
+  Node* receiver = jsgraph_->UndefinedConstant();  // Implicit receiver.
+  if (node->opcode() == IrOpcode::kJSCallConstruct &&
+      NeedsImplicitReceiver(function, info_->isolate())) {
     Node* effect = NodeProperties::GetEffectInput(node);
     Node* context = NodeProperties::GetContextInput(node);
     Node* create = jsgraph_->graph()->NewNode(jsgraph_->javascript()->Create(),
                                               call.target(), call.new_target(),
                                               context, frame_state, effect);
     NodeProperties::ReplaceEffectInput(node, create);
-    // TODO(4544): For derived constructors we should not allocate an implicit
-    // receiver and also the return value should not be checked afterwards.
-    CHECK(!IsClassConstructor(function->shared()->kind()));
-    // Swizzle the inputs of the {JSCallConstruct} node to look like inputs to
-    // any {JSCallFunction} node so that the rest of the inlining machinery
-    // behaves as if we were dealing with a regular function invocation.
-    new_target = call.new_target();  // Retrieve new target value input.
-    node->RemoveInput(call.formal_arguments() + 1);  // Drop new target.
-    node->InsertInput(jsgraph_->graph()->zone(), 1, create);
     // Insert a check of the return value to determine whether the return value
     // or the implicit receiver should be selected as a result of the call.
     Node* check = jsgraph_->graph()->NewNode(
         jsgraph_->javascript()->CallRuntime(Runtime::kInlineIsSpecObject, 1),
         node, context, node, start);
     Node* select = jsgraph_->graph()->NewNode(
         jsgraph_->common()->Select(kMachAnyTagged), check, node, create);
     NodeProperties::ReplaceUses(node, select, check, node, node);
     NodeProperties::ReplaceValueInput(select, node, 1);
     NodeProperties::ReplaceValueInput(check, node, 0);
     NodeProperties::ReplaceEffectInput(check, node);
+    receiver = create;  // The implicit receiver.
+  }
+
+  // Swizzle the inputs of the {JSCallConstruct} node to look like inputs to a
+  // normal {JSCallFunction} node so that the rest of the inlining machinery
+  // behaves as if we were dealing with a regular function invocation.
+  if (node->opcode() == IrOpcode::kJSCallConstruct) {
+    new_target = call.new_target();  // Retrieve new target value input.
+    node->RemoveInput(call.formal_arguments() + 1);  // Drop new target.
+    node->InsertInput(jsgraph_->graph()->zone(), 1, receiver);
     // Insert a construct stub frame into the chain of frame states. This will
     // reconstruct the proper frame when deoptimizing within the constructor.
     frame_state = CreateArtificialFrameState(
         node, frame_state, call.formal_arguments(),
         FrameStateType::kConstructStub, info.shared_info());
   }
 
   // The inlinee specializes to the context from the JSFunction object.
   // TODO(turbofan): We might want to load the context from the JSFunction at
   // runtime in case we only know the SharedFunctionInfo once we have dynamic
@@ skipping 27 matching lines @@
         node, frame_state, call.formal_arguments(),
         FrameStateType::kArgumentsAdaptor, info.shared_info());
   }
 
   return InlineCall(node, new_target, context, frame_state, start, end);
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8