[Interpreter] Generate valid FrameStates in the Bytecode Graph Builder.

src/compiler/bytecode-graph-builder.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/bytecode-graph-builder.h"
 
 #include "src/compiler/bytecode-branch-analysis.h"
 #include "src/compiler/linkage.h"
 #include "src/compiler/operator-properties.h"
 #include "src/interpreter/bytecodes.h"
 
 namespace v8 {
 namespace internal {
 namespace compiler {
 
+// Helper for generating frame states for before and after a bytecode.
+class BytecodeGraphBuilder::FrameStateBeforeAndAfter {
+ public:
+  FrameStateBeforeAndAfter(BytecodeGraphBuilder* builder,
+                           const interpreter::BytecodeArrayIterator& iterator)
+      : builder_(builder), id_after_(BailoutId::None()) {
+    BailoutId id_before(iterator.current_offset());
+    frame_state_before_ = builder_->environment()->Checkpoint(
+        id_before, AccumulatorUpdateMode::kOutputIgnored);
+    id_after_ = BailoutId(id_before.ToInt() + iterator.current_bytecode_size());
+  }
+
+  ~FrameStateBeforeAndAfter() {
+    DCHECK(builder_->environment()->StateValuesAreUpToDate(
+        accumulator_update_mode_));
+  }
+
+ private:
+  friend class Environment;
+
+  void AddToNode(Node* node, AccumulatorUpdateMode update_mode) {
+    int count = OperatorProperties::GetFrameStateInputCount(node->op());
+    DCHECK_LE(count, 2);
+    if (count >= 1) {
+      // Add the frame state for after the operation.
+      DCHECK_EQ(IrOpcode::kDead,
+                NodeProperties::GetFrameStateInput(node, 0)->opcode());
+      Node* frame_state_after =
+          builder_->environment()->Checkpoint(id_after_, update_mode);
+      NodeProperties::ReplaceFrameStateInput(node, 0, frame_state_after);
+    }
+
+    if (count >= 2) {
+      // Add the frame state for before the operation.
+      DCHECK_EQ(IrOpcode::kDead,
+                NodeProperties::GetFrameStateInput(node, 1)->opcode());
+      NodeProperties::ReplaceFrameStateInput(node, 1, frame_state_before_);
+    }
+    accumulator_update_mode_ = update_mode;
+  }
+
+  BytecodeGraphBuilder* builder_;
+  Node* frame_state_before_;
+  BailoutId id_after_;
+  AccumulatorUpdateMode accumulator_update_mode_;
+};
+
+
 // Issues:
-// - Need to deal with FrameState / FrameStateBeforeAndAfter / StateValue.
 // - Scopes - intimately tied to AST. Need to eval what is needed.
 // - Need to resolve closure parameter treatment.
 BytecodeGraphBuilder::Environment::Environment(BytecodeGraphBuilder* builder,
                                                int register_count,
                                                int parameter_count,
                                                Node* control_dependency,
                                                Node* context)
     : builder_(builder),
       register_count_(register_count),
       parameter_count_(parameter_count),
       context_(context),
       control_dependency_(control_dependency),
       effect_dependency_(control_dependency),
-      values_(builder->local_zone()) {
+      values_(builder->local_zone()),
+      parameters_state_values_(nullptr),
+      registers_state_values_(nullptr),
+      accumulator_state_values_(nullptr) {
   // The layout of values_ is:
   //
-  // [receiver] [parameters] [registers]
+  // [receiver] [parameters] [registers] [accumulator]
   //
   // parameter[0] is the receiver (this), parameters 1..N are the
   // parameters supplied to the method (arg0..argN-1). The accumulator
   // is stored separately.
 
   // Parameters including the receiver
   for (int i = 0; i < parameter_count; i++) {
     const char* debug_name = (i == 0) ? "%this" : nullptr;
     const Operator* op = common()->Parameter(i, debug_name);
     Node* parameter = builder->graph()->NewNode(op, graph()->start());
     values()->push_back(parameter);
   }
 
   // Registers
   register_base_ = static_cast<int>(values()->size());
   Node* undefined_constant = builder->jsgraph()->UndefinedConstant();
   values()->insert(values()->end(), register_count, undefined_constant);
 
   // Accumulator
-  accumulator_ = undefined_constant;
+  accumulator_base_ = static_cast<int>(values()->size());
+  values()->push_back(undefined_constant);
 }
 
 
 BytecodeGraphBuilder::Environment::Environment(
     const BytecodeGraphBuilder::Environment* other)
     : builder_(other->builder_),
       register_count_(other->register_count_),
       parameter_count_(other->parameter_count_),
-      accumulator_(other->accumulator_),
       context_(other->context_),
       control_dependency_(other->control_dependency_),
       effect_dependency_(other->effect_dependency_),
       values_(other->zone()),
-      register_base_(other->register_base_) {
+      parameters_state_values_(nullptr),
+      registers_state_values_(nullptr),
+      accumulator_state_values_(nullptr),
+      register_base_(other->register_base_),
+      accumulator_base_(other->accumulator_base_) {
   values_ = other->values_;
 }
 
 
 int BytecodeGraphBuilder::Environment::RegisterToValuesIndex(
     interpreter::Register the_register) const {
   if (the_register.is_parameter()) {
     return the_register.ToParameterIndex(parameter_count());
   } else {
     return the_register.index() + register_base();
@@ skipping 16 matching lines @@
     return builder()->GetFunctionClosure();
   } else if (the_register.is_new_target()) {
     return builder()->GetNewTarget();
   } else {
     int values_index = RegisterToValuesIndex(the_register);
     return values()->at(values_index);
   }
 }
 
 
-void BytecodeGraphBuilder::Environment::BindAccumulator(Node* node) {
-  accumulator_ = node;
+void BytecodeGraphBuilder::Environment::BindAccumulator(
+    Node* node, FrameStateBeforeAndAfter* states) {
+  if (states) {
+    states->AddToNode(node, AccumulatorUpdateMode::kOutputInAccumulator);
+  }
+  values()->at(accumulator_base_) = node;
+}
+
+void BytecodeGraphBuilder::Environment::RecordAfterState(
+    Node* node, FrameStateBeforeAndAfter* states) {
+  states->AddToNode(node, AccumulatorUpdateMode::kOutputIgnored);
 }
 
 
 Node* BytecodeGraphBuilder::Environment::LookupAccumulator() const {
-  return accumulator_;
+  return values()->at(accumulator_base_);
 }
 
 
 bool BytecodeGraphBuilder::Environment::IsMarkedAsUnreachable() const {
   return GetControlDependency()->opcode() == IrOpcode::kDead;
 }
 
 
 void BytecodeGraphBuilder::Environment::MarkAsUnreachable() {
   UpdateControlDependency(builder()->jsgraph()->Dead());
@@ skipping 27 matching lines @@
   UpdateControlDependency(control);
 
   // Create a merge of the effect dependencies of both environments and update
   // the current environment's effect dependency accordingly.
   Node* effect = builder()->MergeEffect(GetEffectDependency(),
                                         other->GetEffectDependency(), control);
   UpdateEffectDependency(effect);
 
   // Introduce Phi nodes for values that have differing input at merge points,
   // potentially extending an existing Phi node if possible.
-  accumulator_ =
-      builder()->MergeValue(accumulator_, other->accumulator_, control);
   context_ = builder()->MergeValue(context_, other->context_, control);
   for (size_t i = 0; i < values_.size(); i++) {
     values_[i] = builder()->MergeValue(values_[i], other->values_[i], control);
   }
 }
 
 
 void BytecodeGraphBuilder::Environment::PrepareForLoop() {
   // Create a control node for the loop header.
   Node* control = builder()->NewLoop();
 
   // Create a Phi for external effects.
   Node* effect = builder()->NewEffectPhi(1, GetEffectDependency(), control);
   UpdateEffectDependency(effect);
 
   // Assume everything in the loop is updated.
-  accumulator_ = builder()->NewPhi(1, accumulator_, control);
   context_ = builder()->NewPhi(1, context_, control);
   int size = static_cast<int>(values()->size());
   for (int i = 0; i < size; i++) {
     values()->at(i) = builder()->NewPhi(1, values()->at(i), control);
   }
 
   // Connect to the loop end.
   Node* terminate = builder()->graph()->NewNode(
       builder()->common()->Terminate(), effect, control);
   builder()->exit_controls_.push_back(terminate);
 }
 
 
+bool BytecodeGraphBuilder::Environment::StateValuesRequireUpdate(
+    Node** state_values, int offset, int count) {
+  Node** env_values = (count == 0) ? nullptr : &values()->at(offset);
+  if (*state_values == nullptr) {
+    return true;
+  } else {
+    DCHECK_EQ((*state_values)->InputCount(), count);
+    DCHECK_LE(static_cast<size_t>(offset + count), values()->size());
+    for (int i = 0; i < count; i++) {
+      if ((*state_values)->InputAt(i) != env_values[i]) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
+
+void BytecodeGraphBuilder::Environment::UpdateStateValues(Node** state_values,
+                                                          int offset,
+                                                          int count) {
+  if (StateValuesRequireUpdate(state_values, offset, count)) {
+    const Operator* op = common()->StateValues(count);
+    (*state_values) = graph()->NewNode(op, count, &values()->at(offset));
+  }
+}
+
+
+Node* BytecodeGraphBuilder::Environment::Checkpoint(
+    BailoutId bailout_id, AccumulatorUpdateMode update_mode) {
+  if (!builder()->info()->is_deoptimization_enabled()) {
+    return builder()->jsgraph()->EmptyFrameState();
+  }
+
+  // TODO(rmcilroy): Consider using StateValuesCache for some state values.
+  UpdateStateValues(&parameters_state_values_, 0, parameter_count());
+  UpdateStateValues(&registers_state_values_, register_base(),
+                    register_count());
+  UpdateStateValues(&accumulator_state_values_, accumulator_base(), 1);
+
+  OutputFrameStateCombine combine =
+      update_mode == AccumulatorUpdateMode::kOutputIgnored
+          ? OutputFrameStateCombine::Ignore()
+          : OutputFrameStateCombine::PokeAt(0);
+  const Operator* op = common()->FrameState(
+      bailout_id, combine, builder()->frame_state_function_info());
+
+  Node* result = graph()->NewNode(
+      op, parameters_state_values_, registers_state_values_,
+      accumulator_state_values_, Context(), builder()->GetFunctionClosure(),
+      builder()->graph()->start());
+
+  return result;
+}
+
+
+bool BytecodeGraphBuilder::Environment::StateValuesAreUpToDate(
+    AccumulatorUpdateMode update_mode) {
+  return !StateValuesRequireUpdate(&parameters_state_values_, 0,
+                                   parameter_count()) &&
+         !StateValuesRequireUpdate(&registers_state_values_, register_base(),
+                                   register_count()) &&
+         (update_mode == AccumulatorUpdateMode::kOutputInAccumulator ||
+          !StateValuesRequireUpdate(&accumulator_state_values_,
+                                    accumulator_base(), 1));
+}
+
+
 BytecodeGraphBuilder::BytecodeGraphBuilder(Zone* local_zone,
                                            CompilationInfo* compilation_info,
                                            JSGraph* jsgraph)
     : local_zone_(local_zone),
       info_(compilation_info),
       jsgraph_(jsgraph),
+      bytecode_array_(handle(info()->shared_info()->bytecode_array())),
+      frame_state_function_info_(common()->CreateFrameStateFunctionInfo(
+          FrameStateType::kInterpretedFunction,
+          bytecode_array()->parameter_count(),
+          bytecode_array()->register_count(), info()->shared_info(),
+          CALL_MAINTAINS_NATIVE_CONTEXT)),
       merge_environments_(local_zone),
       loop_header_environments_(local_zone),
       input_buffer_size_(0),
       input_buffer_(nullptr),
-      exit_controls_(local_zone) {
-  bytecode_array_ = handle(info()->shared_info()->bytecode_array());
-}
+      exit_controls_(local_zone) {}
 
 
 Node* BytecodeGraphBuilder::GetNewTarget() {
   if (!new_target_.is_set()) {
     int params = bytecode_array()->parameter_count();
     int index = Linkage::GetJSCallNewTargetParamIndex(params);
     const Operator* op = common()->Parameter(index, "%new.target");
     Node* node = NewNode(op, graph()->start());
     new_target_.set(node);
   }
@@ skipping 60 matching lines @@
 }
 
 
 VectorSlotPair BytecodeGraphBuilder::CreateVectorSlotPair(int slot_id) {
   Handle<TypeFeedbackVector> feedback_vector = info()->feedback_vector();
   FeedbackVectorSlot slot = feedback_vector->ToSlot(slot_id);
   return VectorSlotPair(feedback_vector, slot);
 }
 
 
-// TODO(mythria): Replace this function with one which adds real frame state.
-// Also add before and after frame states and checkpointing if required.
-void BytecodeGraphBuilder::AddEmptyFrameStateInputs(Node* node) {
-  int frame_state_count =
-      OperatorProperties::GetFrameStateInputCount(node->op());
-  for (int i = 0; i < frame_state_count; i++) {
-    NodeProperties::ReplaceFrameStateInput(node, i,
-                                           jsgraph()->EmptyFrameState());
-  }
-}
-
-
 bool BytecodeGraphBuilder::CreateGraph(bool stack_check) {
   // Set up the basic structure of the graph. Outputs for {Start} are
   // the formal parameters (including the receiver) plus context and
   // closure.
 
   // Set up the basic structure of the graph. Outputs for {Start} are the formal
   // parameters (including the receiver) plus new target, number of arguments,
   // context and closure.
   int actual_parameter_count = bytecode_array()->parameter_count() + 4;
   graph()->SetStart(graph()->NewNode(common()->Start(actual_parameter_count)));
@@ skipping 131 matching lines @@
 void BytecodeGraphBuilder::VisitMov(
     const interpreter::BytecodeArrayIterator& iterator) {
   Node* value = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   environment()->BindRegister(iterator.GetRegisterOperand(1), value);
 }
 
 
 void BytecodeGraphBuilder::BuildLoadGlobal(
     const interpreter::BytecodeArrayIterator& iterator,
     TypeofMode typeof_mode) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Handle<Name> name =
       Handle<Name>::cast(iterator.GetConstantForIndexOperand(0));
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(1));
 
   const Operator* op = javascript()->LoadGlobal(name, feedback, typeof_mode);
   Node* node = NewNode(op, BuildLoadFeedbackVector());
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitLdaGlobalSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildLoadGlobal(iterator, TypeofMode::NOT_INSIDE_TYPEOF);
 }
 
 
@@ skipping 41 matching lines @@
 
 void BytecodeGraphBuilder::VisitLdaGlobalInsideTypeofStrictWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_strict(language_mode()));
   BuildLoadGlobal(iterator, TypeofMode::INSIDE_TYPEOF);
 }
 
 
 void BytecodeGraphBuilder::BuildStoreGlobal(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Handle<Name> name =
       Handle<Name>::cast(iterator.GetConstantForIndexOperand(0));
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(1));
   Node* value = environment()->LookupAccumulator();
 
   const Operator* op =
       javascript()->StoreGlobal(language_mode(), name, feedback);
   Node* node = NewNode(op, value, BuildLoadFeedbackVector());
-  AddEmptyFrameStateInputs(node);
+  environment()->RecordAfterState(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitStaGlobalSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildStoreGlobal(iterator);
 }
 
 
@@ skipping 35 matching lines @@
 
 void BytecodeGraphBuilder::VisitStaContextSlot(
     const interpreter::BytecodeArrayIterator& iterator) {
   // TODO(mythria): LoadContextSlots are unrolled by the required depth when
   // generating bytecode. Hence the value of depth is always 0. Update this
   // code, when the implementation changes.
   const Operator* op =
       javascript()->StoreContext(0, iterator.GetIndexOperand(1));
   Node* context = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   Node* value = environment()->LookupAccumulator();
-  Node* node = NewNode(op, context, value);
-  CHECK(node != nullptr);
-  environment()->BindAccumulator(value);
+  NewNode(op, context, value);
 }
 
 
 void BytecodeGraphBuilder::VisitLdaLookupSlot(
     const interpreter::BytecodeArrayIterator& iterator) {
   UNIMPLEMENTED();
 }
 
 
 void BytecodeGraphBuilder::VisitLdaLookupSlotInsideTypeof(
     const interpreter::BytecodeArrayIterator& iterator) {
   UNIMPLEMENTED();
 }
 
 
 void BytecodeGraphBuilder::VisitStaLookupSlotSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   UNIMPLEMENTED();
 }
 
 
 void BytecodeGraphBuilder::VisitStaLookupSlotStrict(
     const interpreter::BytecodeArrayIterator& iterator) {
   UNIMPLEMENTED();
 }
 
 
 void BytecodeGraphBuilder::BuildNamedLoad(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* object = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   Handle<Name> name =
       Handle<Name>::cast(iterator.GetConstantForIndexOperand(1));
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(2));
 
   const Operator* op = javascript()->LoadNamed(language_mode(), name, feedback);
   Node* node = NewNode(op, object, BuildLoadFeedbackVector());
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitLoadICSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildNamedLoad(iterator);
 }
 
 
@@ skipping 13 matching lines @@
 
 void BytecodeGraphBuilder::VisitLoadICStrictWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_strict(language_mode()));
   BuildNamedLoad(iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildKeyedLoad(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* key = environment()->LookupAccumulator();
   Node* object = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(1));
 
   const Operator* op = javascript()->LoadProperty(language_mode(), feedback);
   Node* node = NewNode(op, object, key, BuildLoadFeedbackVector());
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitKeyedLoadICSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildKeyedLoad(iterator);
 }
 
 
@@ skipping 13 matching lines @@
 
 void BytecodeGraphBuilder::VisitKeyedLoadICStrictWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_strict(language_mode()));
   BuildKeyedLoad(iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildNamedStore(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* value = environment()->LookupAccumulator();
   Node* object = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   Handle<Name> name =
       Handle<Name>::cast(iterator.GetConstantForIndexOperand(1));
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(2));
 
   const Operator* op =
       javascript()->StoreNamed(language_mode(), name, feedback);
   Node* node = NewNode(op, object, value, BuildLoadFeedbackVector());
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(value);
+  environment()->RecordAfterState(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitStoreICSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildNamedStore(iterator);
 }
 
 
@@ skipping 13 matching lines @@
 
 void BytecodeGraphBuilder::VisitStoreICStrictWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_strict(language_mode()));
   BuildNamedStore(iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildKeyedStore(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* value = environment()->LookupAccumulator();
   Node* object = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   Node* key = environment()->LookupRegister(iterator.GetRegisterOperand(1));
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(2));
 
   const Operator* op = javascript()->StoreProperty(language_mode(), feedback);
   Node* node = NewNode(op, object, key, value, BuildLoadFeedbackVector());
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(value);
+  environment()->RecordAfterState(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitKeyedStoreICSloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildKeyedStore(iterator);
 }
 
 
@@ skipping 34 matching lines @@
 
 
 void BytecodeGraphBuilder::VisitCreateClosure(
     const interpreter::BytecodeArrayIterator& iterator) {
   Handle<SharedFunctionInfo> shared_info =
       Handle<SharedFunctionInfo>::cast(iterator.GetConstantForIndexOperand(0));
   PretenureFlag tenured =
       iterator.GetImmediateOperand(1) ? TENURED : NOT_TENURED;
   const Operator* op = javascript()->CreateClosure(shared_info, tenured);
   Node* closure = NewNode(op);
-  AddEmptyFrameStateInputs(closure);
   environment()->BindAccumulator(closure);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateClosureWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   VisitCreateClosure(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateMappedArguments(
     const interpreter::BytecodeArrayIterator& iterator) {
   UNIMPLEMENTED();
 }
 
 
 void BytecodeGraphBuilder::VisitCreateUnmappedArguments(
     const interpreter::BytecodeArrayIterator& iterator) {
   UNIMPLEMENTED();
 }
 
 
-void BytecodeGraphBuilder::BuildCreateLiteral(const Operator* op) {
+void BytecodeGraphBuilder::BuildCreateLiteral(
+    const Operator* op, const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* literal = NewNode(op, GetFunctionClosure());
-  AddEmptyFrameStateInputs(literal);
-  environment()->BindAccumulator(literal);
+  environment()->BindAccumulator(literal, &states);
 }
 
 
 void BytecodeGraphBuilder::BuildCreateRegExpLiteral(
     const interpreter::BytecodeArrayIterator& iterator) {
   Handle<String> constant_pattern =
       Handle<String>::cast(iterator.GetConstantForIndexOperand(0));
   int literal_index = iterator.GetIndexOperand(1);
   int literal_flags = iterator.GetImmediateOperand(2);
   const Operator* op = javascript()->CreateLiteralRegExp(
       constant_pattern, literal_flags, literal_index);
-  BuildCreateLiteral(op);
+  BuildCreateLiteral(op, iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateRegExpLiteral(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCreateRegExpLiteral(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateRegExpLiteralWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCreateRegExpLiteral(iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildCreateArrayLiteral(
     const interpreter::BytecodeArrayIterator& iterator) {
   Handle<FixedArray> constant_elements =
       Handle<FixedArray>::cast(iterator.GetConstantForIndexOperand(0));
   int literal_index = iterator.GetIndexOperand(1);
   int literal_flags = iterator.GetImmediateOperand(2);
   const Operator* op = javascript()->CreateLiteralArray(
       constant_elements, literal_flags, literal_index);
-  BuildCreateLiteral(op);
+  BuildCreateLiteral(op, iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateArrayLiteral(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCreateArrayLiteral(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateArrayLiteralWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCreateArrayLiteral(iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildCreateObjectLiteral(
     const interpreter::BytecodeArrayIterator& iterator) {
   Handle<FixedArray> constant_properties =
       Handle<FixedArray>::cast(iterator.GetConstantForIndexOperand(0));
   int literal_index = iterator.GetIndexOperand(1);
   int literal_flags = iterator.GetImmediateOperand(2);
   const Operator* op = javascript()->CreateLiteralObject(
       constant_properties, literal_flags, literal_index);
-  BuildCreateLiteral(op);
+  BuildCreateLiteral(op, iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateObjectLiteral(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCreateObjectLiteral(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCreateObjectLiteralWide(
@@ skipping 14 matching lines @@
     all[i] = environment()->LookupRegister(
         interpreter::Register(receiver_index + i - 1));
   }
   Node* value = MakeNode(call_op, static_cast<int>(arity), all, false);
   return value;
 }
 
 
 void BytecodeGraphBuilder::BuildCall(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   // TODO(rmcilroy): Set receiver_hint correctly based on whether the receiver
   // register has been loaded with null / undefined explicitly or we are sure it
   // is not null / undefined.
   ConvertReceiverMode receiver_hint = ConvertReceiverMode::kAny;
   Node* callee = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   interpreter::Register receiver = iterator.GetRegisterOperand(1);
   size_t arg_count = iterator.GetCountOperand(2);
   VectorSlotPair feedback = CreateVectorSlotPair(iterator.GetIndexOperand(3));
 
   const Operator* call = javascript()->CallFunction(
       arg_count + 2, language_mode(), feedback, receiver_hint);
   Node* value = ProcessCallArguments(call, callee, receiver, arg_count + 2);
-  AddEmptyFrameStateInputs(value);
-  environment()->BindAccumulator(value);
+  environment()->BindAccumulator(value, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitCall(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCall(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCallWide(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCall(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitCallJSRuntime(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* callee = BuildLoadNativeContextField(iterator.GetIndexOperand(0));
   interpreter::Register receiver = iterator.GetRegisterOperand(1);
   size_t arg_count = iterator.GetCountOperand(2);
 
   // Create node to perform the JS runtime call.
   const Operator* call =
       javascript()->CallFunction(arg_count + 2, language_mode());
   Node* value = ProcessCallArguments(call, callee, receiver, arg_count + 2);
-  AddEmptyFrameStateInputs(value);
-  environment()->BindAccumulator(value);
+  environment()->BindAccumulator(value, &states);
 }
 
 
 Node* BytecodeGraphBuilder::ProcessCallRuntimeArguments(
     const Operator* call_runtime_op, interpreter::Register first_arg,
     size_t arity) {
   Node** all = info()->zone()->NewArray<Node*>(arity);
   int first_arg_index = first_arg.index();
   for (int i = 0; i < static_cast<int>(arity); ++i) {
     all[i] = environment()->LookupRegister(
         interpreter::Register(first_arg_index + i));
   }
   Node* value = MakeNode(call_runtime_op, static_cast<int>(arity), all, false);
   return value;
 }
 
 
 void BytecodeGraphBuilder::VisitCallRuntime(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Runtime::FunctionId functionId =
       static_cast<Runtime::FunctionId>(iterator.GetIndexOperand(0));
   interpreter::Register first_arg = iterator.GetRegisterOperand(1);
   size_t arg_count = iterator.GetCountOperand(2);
 
   // Create node to perform the runtime call.
   const Operator* call = javascript()->CallRuntime(functionId, arg_count);
   Node* value = ProcessCallRuntimeArguments(call, first_arg, arg_count);
-  AddEmptyFrameStateInputs(value);
-  environment()->BindAccumulator(value);
+  environment()->BindAccumulator(value, &states);
 }
 
 
 Node* BytecodeGraphBuilder::ProcessCallNewArguments(
     const Operator* call_new_op, interpreter::Register callee,
     interpreter::Register first_arg, size_t arity) {
   Node** all = info()->zone()->NewArray<Node*>(arity);
   all[0] = environment()->LookupRegister(callee);
   int first_arg_index = first_arg.index();
   for (int i = 1; i < static_cast<int>(arity) - 1; ++i) {
     all[i] = environment()->LookupRegister(
         interpreter::Register(first_arg_index + i - 1));
   }
   // Original constructor is the same as the callee.
   all[arity - 1] = environment()->LookupRegister(callee);
   Node* value = MakeNode(call_new_op, static_cast<int>(arity), all, false);
   return value;
 }
 
 
 void BytecodeGraphBuilder::VisitNew(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   interpreter::Register callee = iterator.GetRegisterOperand(0);
   interpreter::Register first_arg = iterator.GetRegisterOperand(1);
   size_t arg_count = iterator.GetCountOperand(2);
 
   // TODO(turbofan): Pass the feedback here.
   const Operator* call = javascript()->CallConstruct(
       static_cast<int>(arg_count) + 2, VectorSlotPair());
   Node* value = ProcessCallNewArguments(call, callee, first_arg, arg_count + 2);
-  AddEmptyFrameStateInputs(value);
-  environment()->BindAccumulator(value);
+  environment()->BindAccumulator(value, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitThrow(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* value = environment()->LookupAccumulator();
   // TODO(mythria): Change to Runtime::kThrow when we have deoptimization
   // information support in the interpreter.
   NewNode(javascript()->CallRuntime(Runtime::kReThrow, 1), value);
   Node* control = NewNode(common()->Throw(), value);
+  environment()->RecordAfterState(control, &states);
   UpdateControlDependencyToLeaveFunction(control);
-  environment()->BindAccumulator(value);
 }
 
 
 void BytecodeGraphBuilder::BuildBinaryOp(
     const Operator* js_op, const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* left = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   Node* right = environment()->LookupAccumulator();
   Node* node = NewNode(js_op, left, right);
-
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitAdd(
     const interpreter::BytecodeArrayIterator& iterator) {
   BinaryOperationHints hints = BinaryOperationHints::Any();
   BuildBinaryOp(javascript()->Add(language_mode(), hints), iterator);
 }
 
 
@@ skipping 63 matching lines @@
 void BytecodeGraphBuilder::VisitShiftRightLogical(
     const interpreter::BytecodeArrayIterator& iterator) {
   BinaryOperationHints hints = BinaryOperationHints::Any();
   BuildBinaryOp(javascript()->ShiftRightLogical(language_mode(), hints),
                 iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitInc(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   const Operator* js_op =
       javascript()->Add(language_mode(), BinaryOperationHints::Any());
   Node* node = NewNode(js_op, environment()->LookupAccumulator(),
                        jsgraph()->OneConstant());
-
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitDec(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   const Operator* js_op =
       javascript()->Subtract(language_mode(), BinaryOperationHints::Any());
   Node* node = NewNode(js_op, environment()->LookupAccumulator(),
                        jsgraph()->OneConstant());
-
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitLogicalNot(
     const interpreter::BytecodeArrayIterator& iterator) {
   Node* value = NewNode(javascript()->ToBoolean(ToBooleanHint::kAny),
                         environment()->LookupAccumulator());
   Node* node = NewNode(common()->Select(MachineRepresentation::kTagged), value,
                        jsgraph()->FalseConstant(), jsgraph()->TrueConstant());
   environment()->BindAccumulator(node);
 }
 
 
 void BytecodeGraphBuilder::VisitTypeOf(
     const interpreter::BytecodeArrayIterator& iterator) {
   Node* node =
       NewNode(javascript()->TypeOf(), environment()->LookupAccumulator());
   environment()->BindAccumulator(node);
 }
 
 
 void BytecodeGraphBuilder::BuildDelete(
     const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* key = environment()->LookupAccumulator();
   Node* object = environment()->LookupRegister(iterator.GetRegisterOperand(0));
-
   Node* node =
       NewNode(javascript()->DeleteProperty(language_mode()), object, key);
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitDeletePropertyStrict(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_strict(language_mode()));
   BuildDelete(iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitDeletePropertySloppy(
     const interpreter::BytecodeArrayIterator& iterator) {
   DCHECK(is_sloppy(language_mode()));
   BuildDelete(iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildCompareOp(
     const Operator* js_op, const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* left = environment()->LookupRegister(iterator.GetRegisterOperand(0));
   Node* right = environment()->LookupAccumulator();
   Node* node = NewNode(js_op, left, right);
-
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitTestEqual(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCompareOp(javascript()->Equal(), iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitTestNotEqual(
@@ skipping 45 matching lines @@
 
 
 void BytecodeGraphBuilder::VisitTestInstanceOf(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCompareOp(javascript()->InstanceOf(), iterator);
 }
 
 
 void BytecodeGraphBuilder::BuildCastOperator(
     const Operator* js_op, const interpreter::BytecodeArrayIterator& iterator) {
+  FrameStateBeforeAndAfter states(this, iterator);
   Node* node = NewNode(js_op, environment()->LookupAccumulator());
-  AddEmptyFrameStateInputs(node);
-  environment()->BindAccumulator(node);
+  environment()->BindAccumulator(node, &states);
 }
 
 
 void BytecodeGraphBuilder::VisitToName(
     const interpreter::BytecodeArrayIterator& iterator) {
   BuildCastOperator(javascript()->ToName(), iterator);
 }
 
 
 void BytecodeGraphBuilder::VisitToNumber(
@@ skipping 373 matching lines @@
 
 void BytecodeGraphBuilder::UpdateControlDependencyToLeaveFunction(Node* exit) {
   if (environment()->IsMarkedAsUnreachable()) return;
   environment()->MarkAsUnreachable();
   exit_controls_.push_back(exit);
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8