| Index: src/compiler/js-typed-lowering.cc
|
| diff --git a/src/compiler/js-typed-lowering.cc b/src/compiler/js-typed-lowering.cc
|
| index 06e04fd63a7b1c0c6ad05ccff62db14fe7399482..fac10fecb0889851695a063faaec1addb0540ea5 100644
|
| --- a/src/compiler/js-typed-lowering.cc
|
| +++ b/src/compiler/js-typed-lowering.cc
|
| @@ -1940,6 +1940,66 @@ Reduction JSTypedLowering::ReduceJSCreateBlockContext(Node* node) {
|
| }
|
|
|
|
|
| +Reduction JSTypedLowering::ReduceJSCallConstruct(Node* node) {
|
| + DCHECK_EQ(IrOpcode::kJSCallConstruct, node->opcode());
|
| + CallConstructParameters const& p = CallConstructParametersOf(node->op());
|
| + DCHECK_LE(2u, p.arity());
|
| + int const arity = static_cast<int>(p.arity() - 2);
|
| + Node* target = NodeProperties::GetValueInput(node, 0);
|
| + Type* target_type = NodeProperties::GetType(target);
|
| + Node* new_target = NodeProperties::GetValueInput(node, arity + 1);
|
| +
|
| + // Check if {target} is a known JSFunction.
|
| + if (target_type->IsConstant() &&
|
| + target_type->AsConstant()->Value()->IsJSFunction()) {
|
| + Handle<JSFunction> function =
|
| + Handle<JSFunction>::cast(target_type->AsConstant()->Value());
|
| + Handle<SharedFunctionInfo> shared(function->shared(), isolate());
|
| +
|
| + // Remove the eager bailout frame state.
|
| + NodeProperties::RemoveFrameStateInput(node, 1);
|
| +
|
| + // Patch {node} to an indirect call via the {function}s construct stub.
|
| + Callable callable(handle(shared->construct_stub(), isolate()),
|
| + ConstructStubDescriptor(isolate()));
|
| + node->RemoveInput(arity + 1);
|
| + node->InsertInput(graph()->zone(), 0,
|
| + jsgraph()->HeapConstant(callable.code()));
|
| + node->InsertInput(graph()->zone(), 2, new_target);
|
| + node->InsertInput(graph()->zone(), 3, jsgraph()->Int32Constant(arity));
|
| + node->InsertInput(graph()->zone(), 4, jsgraph()->UndefinedConstant());
|
| + node->InsertInput(graph()->zone(), 5, jsgraph()->UndefinedConstant());
|
| + NodeProperties::ChangeOp(
|
| + node, common()->Call(Linkage::GetStubCallDescriptor(
|
| + isolate(), graph()->zone(), callable.descriptor(), 1 + arity,
|
| + CallDescriptor::kNeedsFrameState)));
|
| + return Changed(node);
|
| + }
|
| +
|
| + // Check if {target} is a JSFunction.
|
| + if (target_type->Is(Type::Function())) {
|
| + // Remove the eager bailout frame state.
|
| + NodeProperties::RemoveFrameStateInput(node, 1);
|
| +
|
| + // Patch {node} to an indirect call via the ConstructFunction builtin.
|
| + Callable callable = CodeFactory::ConstructFunction(isolate());
|
| + node->RemoveInput(arity + 1);
|
| + node->InsertInput(graph()->zone(), 0,
|
| + jsgraph()->HeapConstant(callable.code()));
|
| + node->InsertInput(graph()->zone(), 2, new_target);
|
| + node->InsertInput(graph()->zone(), 3, jsgraph()->Int32Constant(arity));
|
| + node->InsertInput(graph()->zone(), 4, jsgraph()->UndefinedConstant());
|
| + NodeProperties::ChangeOp(
|
| + node, common()->Call(Linkage::GetStubCallDescriptor(
|
| + isolate(), graph()->zone(), callable.descriptor(), 1 + arity,
|
| + CallDescriptor::kNeedsFrameState)));
|
| + return Changed(node);
|
| + }
|
| +
|
| + return NoChange();
|
| +}
|
| +
|
| +
|
| Reduction JSTypedLowering::ReduceJSCallFunction(Node* node) {
|
| DCHECK_EQ(IrOpcode::kJSCallFunction, node->opcode());
|
| CallFunctionParameters const& p = CallFunctionParametersOf(node->op());
|
| @@ -2469,6 +2529,8 @@ Reduction JSTypedLowering::Reduce(Node* node) {
|
| return ReduceJSCreateCatchContext(node);
|
| case IrOpcode::kJSCreateBlockContext:
|
| return ReduceJSCreateBlockContext(node);
|
| + case IrOpcode::kJSCallConstruct:
|
| + return ReduceJSCallConstruct(node);
|
| case IrOpcode::kJSCallFunction:
|
| return ReduceJSCallFunction(node);
|
| case IrOpcode::kJSForInDone:
|
|
|
Chromium Code Reviews
Issue 1517593003:
[turbofan] Optimize JSCallConstruct in typed lowering to direct calls. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master