[runtime] Introduce dedicated JSBoundFunction to represent bound functions.

src/ia32/builtins-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_IA32
 
 #include "src/code-factory.h"
 #include "src/codegen.h"
 #include "src/deoptimizer.h"
 #include "src/full-codegen/full-codegen.h"
@@ skipping 1749 matching lines @@
   __ bind(&class_constructor);
   {
     FrameScope frame(masm, StackFrame::INTERNAL);
     __ push(edi);
     __ CallRuntime(Runtime::kThrowConstructorNonCallableError, 1);
   }
 }
 
 
 // static
+void Builtins::Generate_CallBoundFunction(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edi : the function to call (checked to be a JSBoundFunction)
+  // -----------------------------------
+  __ AssertBoundFunction(edi);
+
+  // Patch the receiver to [[BoundThis]].
+  {
+    __ mov(ebx, FieldOperand(edi, JSBoundFunction::kBoundThisOffset));
+    __ mov(Operand(esp, eax, times_pointer_size, kPointerSize), ebx);
+  }
+
+  // Load [[BoundArguments]] into edx and length of that into ecx.
+  __ mov(edx, FieldOperand(edi, JSBoundFunction::kBoundArgumentsOffset));
+  __ mov(ecx, FieldOperand(edx, FixedArray::kLengthOffset));
+  __ SmiUntag(ecx);
+
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edi : the function to call (checked to be a JSBoundFunction)
+  //  -- edx : the [[BoundArguments]] (implemented as FixedArray)
+  //  -- ecx : the number of [[BoundArguments]]
+  // -----------------------------------
+
+  // Reserve stack space for the [[BoundArguments]].
+  {
+    Label done;
+    __ lea(ebx, Operand(ecx, times_pointer_size, 0));
+    __ sub(esp, ebx);
+    // Check the stack for overflow. We are not trying to catch interruptions
+    // (i.e. debug break and preemption) here, so check the "real stack limit".
+    __ CompareRoot(esp, ebx, Heap::kRealStackLimitRootIndex);
+    __ j(greater, &done, Label::kNear);  // Signed comparison.
+    // Restore the stack pointer.
+    __ lea(esp, Operand(esp, ecx, times_pointer_size, 0));
+    {
+      FrameScope scope(masm, StackFrame::MANUAL);
+      __ EnterFrame(StackFrame::INTERNAL);
+      __ CallRuntime(Runtime::kThrowStackOverflow, 0);
+    }
+    __ bind(&done);
+  }
+
+  // Relocate arguments and return address down the stack.
+  {
+    Label loop;
+    __ inc(eax);  // arguments plus return address
+    __ Set(ebx, 0);
+    __ bind(&loop);
+    __ movd(xmm0, Operand(esp, ecx, times_pointer_size, 0));
+    __ inc(ecx);
+    __ movd(Operand(esp, ebx, times_pointer_size, 0), xmm0);
+    __ inc(ebx);
+    __ cmp(ebx, eax);
+    __ j(less, &loop);
+  }
+
+  // Copy [[BoundArguments]] to the stack (below the arguments).
+  {
+    Label loop, done_loop;
+    __ mov(ecx, FieldOperand(edx, FixedArray::kLengthOffset));
+    __ SmiUntag(ecx);
+    __ bind(&loop);
+    __ sub(ecx, Immediate(1));
+    __ j(less, &done_loop, Label::kNear);
+    __ mov(ebx,
+           FieldOperand(edx, ecx, times_pointer_size, FixedArray::kHeaderSize));
+    __ mov(Operand(esp, eax, times_pointer_size, 0), ebx);
+    __ inc(eax);
+    __ jmp(&loop);
+    __ bind(&done_loop);
+  }
+
+  // Adjust effective number of arguments (eax contains the number of arguments
+  // from the call plus return address plus the number of [[BoundArguments]]),
+  // so we need to subtract one for the return address.
+  __ dec(eax);
+
+  // Call the [[BoundTargetFunction]] via the Call builtin.
+  __ mov(edi, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
+  __ mov(ecx, Operand::StaticVariable(ExternalReference(
+                  Builtins::kCall_ReceiverIsAny, masm->isolate())));
+  __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
+  __ jmp(ecx);
+}
+
+
+// static
 void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
   // ----------- S t a t e -------------
   //  -- eax : the number of arguments (not including the receiver)
   //  -- edi : the target to call (can be any Object).
   // -----------------------------------
 
   Label non_callable, non_function, non_smi;
   __ JumpIfSmi(edi, &non_callable);
   __ bind(&non_smi);
   __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
   __ j(equal, masm->isolate()->builtins()->CallFunction(mode),
        RelocInfo::CODE_TARGET);
+  __ CmpInstanceType(ecx, JS_BOUND_FUNCTION_TYPE);
+  __ j(equal, masm->isolate()->builtins()->CallBoundFunction(),
+       RelocInfo::CODE_TARGET);
   __ CmpInstanceType(ecx, JS_PROXY_TYPE);
   __ j(not_equal, &non_function);
 
   // 1. Runtime fallback for Proxy [[Call]].
   __ PopReturnAddressTo(ecx);
   __ Push(edi);
   __ PushReturnAddressFrom(ecx);
   // Increase the arguments size to include the pushed function and the
   // existing receiver on the stack.
   __ add(eax, Immediate(2));
@@ skipping 41 matching lines @@
   // Tail call to the function-specific construct stub (still in the caller
   // context at this point).
   __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
   __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kConstructStubOffset));
   __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
   __ jmp(ecx);
 }
 
 
 // static
+void Builtins::Generate_ConstructBoundFunction(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edx : the new target (checked to be a constructor)
+  //  -- edi : the constructor to call (checked to be a JSBoundFunction)
+  // -----------------------------------
+  __ AssertBoundFunction(edi);
+
+  // Save new.target in receiver slot, which is unused for [[Construct]].
+  __ mov(Operand(esp, eax, times_pointer_size, kPointerSize), edx);
+
+  // Load [[BoundArguments]] into edx and length of that into ecx.
+  __ mov(edx, FieldOperand(edi, JSBoundFunction::kBoundArgumentsOffset));
+  __ mov(ecx, FieldOperand(edx, FixedArray::kLengthOffset));
+  __ SmiUntag(ecx);
+
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edi : the function to call (checked to be a JSBoundFunction)
+  //  -- edx : the [[BoundArguments]] (implemented as FixedArray)
+  //  -- ecx : the number of [[BoundArguments]]
+  // -----------------------------------
+
+  // Reserve stack space for the [[BoundArguments]].
+  {
+    Label done;
+    __ lea(ebx, Operand(ecx, times_pointer_size, 0));
+    __ sub(esp, ebx);
+    // Check the stack for overflow. We are not trying to catch interruptions
+    // (i.e. debug break and preemption) here, so check the "real stack limit".
+    __ CompareRoot(esp, ebx, Heap::kRealStackLimitRootIndex);
+    __ j(greater, &done, Label::kNear);  // Signed comparison.
+    // Restore the stack pointer.
+    __ lea(esp, Operand(esp, ecx, times_pointer_size, 0));
+    {
+      FrameScope scope(masm, StackFrame::MANUAL);
+      __ EnterFrame(StackFrame::INTERNAL);
+      __ CallRuntime(Runtime::kThrowStackOverflow, 0);
+    }
+    __ bind(&done);
+  }
+
+  // Relocate arguments and return address down the stack.
+  {
+    Label loop;
+    __ inc(eax);  // arguments plus return address
+    __ Set(ebx, 0);
+    __ bind(&loop);
+    __ movd(xmm0, Operand(esp, ecx, times_pointer_size, 0));
+    __ inc(ecx);
+    __ movd(Operand(esp, ebx, times_pointer_size, 0), xmm0);
+    __ inc(ebx);
+    __ cmp(ebx, eax);
+    __ j(less, &loop);
+  }
+
+  // Copy [[BoundArguments]] to the stack (below the arguments).
+  {
+    Label loop, done_loop;
+    __ mov(ecx, FieldOperand(edx, FixedArray::kLengthOffset));
+    __ SmiUntag(ecx);
+    __ bind(&loop);
+    __ sub(ecx, Immediate(1));
+    __ j(less, &done_loop, Label::kNear);
+    __ mov(ebx,
+           FieldOperand(edx, ecx, times_pointer_size, FixedArray::kHeaderSize));
+    __ mov(Operand(esp, eax, times_pointer_size, 0), ebx);
+    __ inc(eax);
+    __ jmp(&loop);
+    __ bind(&done_loop);
+  }
+
+  // Adjust effective number of arguments (eax contains the number of arguments
+  // from the call plus return address plus the number of [[BoundArguments]]),
+  // so we need to subtract one for the return address.
+  __ dec(eax);
+
+  // Patch new.target to [[BoundTargetFunction]] if new.target equals target.
+  {
+    Label done;
+    __ mov(edx, Operand(esp, eax, times_pointer_size, kPointerSize));
+    __ cmp(edi, edx);
+    __ j(not_equal, &done, Label::kNear);
+    __ mov(edx, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
+    __ bind(&done);
+  }
+
+  // Construct the [[BoundTargetFunction]] via the Construct builtin.
+  __ mov(edi, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
+  __ mov(ecx, Operand::StaticVariable(
+                  ExternalReference(Builtins::kConstruct, masm->isolate())));
+  __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
+  __ jmp(ecx);
+}
+
+
+// static
 void Builtins::Generate_ConstructProxy(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- eax : the number of arguments (not including the receiver)
   //  -- edi : the constructor to call (checked to be a JSProxy)
   //  -- edx : the new target (either the same as the constructor or
   //           the JSFunction on which new was invoked initially)
   // -----------------------------------
 
   // Call into the Runtime for Proxy [[Construct]].
   __ PopReturnAddressTo(ecx);
@@ skipping 23 matching lines @@
 
   // Dispatch based on instance type.
   __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
   __ j(equal, masm->isolate()->builtins()->ConstructFunction(),
        RelocInfo::CODE_TARGET);
 
   // Check if target has a [[Construct]] internal method.
   __ test_b(FieldOperand(ecx, Map::kBitFieldOffset), 1 << Map::kIsConstructor);
   __ j(zero, &non_constructor, Label::kNear);
 
+  // Only dispatch to bound functions after checking whether they are
+  // constructors.
+  __ CmpInstanceType(ecx, JS_BOUND_FUNCTION_TYPE);
+  __ j(equal, masm->isolate()->builtins()->ConstructBoundFunction(),
+       RelocInfo::CODE_TARGET);
+
   // Only dispatch to proxies after checking whether they are constructors.
   __ CmpInstanceType(ecx, JS_PROXY_TYPE);
   __ j(equal, masm->isolate()->builtins()->ConstructProxy(),
        RelocInfo::CODE_TARGET);
 
   // Called Construct on an exotic Object with a [[Construct]] internal method.
   {
     // Overwrite the original receiver with the (original) target.
     __ mov(Operand(esp, eax, times_pointer_size, kPointerSize), edi);
     // Let the "call_as_constructor_delegate" take care of the rest.
@@ skipping 320 matching lines @@
 
   __ bind(&ok);
   __ ret(0);
 }
 
 #undef __
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_IA32