[stubs] Introduce a dedicated FastNewObjectStub.

src/x64/code-stubs-x64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_X64
 
 #include "src/bootstrapper.h"
 #include "src/code-stubs.h"
 #include "src/codegen.h"
 #include "src/ic/handler-compiler.h"
@@ skipping 4446 matching lines @@
   Label fast_elements_case;
   __ cmpl(rcx, Immediate(FAST_ELEMENTS));
   __ j(equal, &fast_elements_case);
   GenerateCase(masm, FAST_HOLEY_ELEMENTS);
 
   __ bind(&fast_elements_case);
   GenerateCase(masm, FAST_ELEMENTS);
 }
 
 
+void FastNewObjectStub::Generate(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- rdi    : target
+  //  -- rdx    : new target
+  //  -- rsi    : context
+  //  -- rsp[0] : return address
+  // -----------------------------------
+  __ AssertFunction(rdi);
+  __ AssertReceiver(rdx);
+
+  // Verify that the new target is a JSFunction.
+  Label new_object;
+  __ CmpObjectType(rdx, JS_FUNCTION_TYPE, rbx);
+  __ j(not_equal, &new_object);
+
+  // Load the initial map and verify that it's in fact a map.
+  __ movp(rcx, FieldOperand(rdx, JSFunction::kPrototypeOrInitialMapOffset));
+  __ JumpIfSmi(rcx, &new_object);
+  __ CmpObjectType(rcx, MAP_TYPE, rbx);
+  __ j(not_equal, &new_object);
+
+  // Fall back to runtime if the target differs from the new target's
+  // initial map constructor.
+  __ cmpp(rdi, FieldOperand(rcx, Map::kConstructorOrBackPointerOffset));
+  __ j(not_equal, &new_object);
+
+  // Allocate the JSObject on the heap.
+  Label allocate, done_allocate;
+  __ movzxbl(rbx, FieldOperand(rcx, Map::kInstanceSizeOffset));
+  __ leal(rbx, Operand(rbx, times_pointer_size, 0));
+  __ Allocate(rbx, rax, rdi, no_reg, &allocate, NO_ALLOCATION_FLAGS);
+  __ bind(&done_allocate);
+
+  // Initialize the JSObject fields.
+  __ movp(Operand(rax, JSObject::kMapOffset), rcx);
+  __ LoadRoot(rbx, Heap::kEmptyFixedArrayRootIndex);
+  __ movp(Operand(rax, JSObject::kPropertiesOffset), rbx);
+  __ movp(Operand(rax, JSObject::kElementsOffset), rbx);
+  STATIC_ASSERT(JSObject::kHeaderSize == 3 * kPointerSize);
+  __ leap(rbx, Operand(rax, JSObject::kHeaderSize));
+
+  // ----------- S t a t e -------------
+  //  -- rax    : result (untagged)
+  //  -- rbx    : result fields (untagged)
+  //  -- rdi    : result end (untagged)
+  //  -- rcx    : initial map
+  //  -- rsi    : context
+  //  -- rsp[0] : return address
+  // -----------------------------------
+
+  // Perform in-object slack tracking if requested.
+  Label slack_tracking;
+  STATIC_ASSERT(Map::kNoSlackTracking == 0);
+  __ LoadRoot(r11, Heap::kUndefinedValueRootIndex);
+  __ testl(FieldOperand(rcx, Map::kBitField3Offset),
+           Immediate(Map::ConstructionCounter::kMask));
+  __ j(not_zero, &slack_tracking, Label::kNear);
+  {
+    // Initialize all in-object fields with undefined.
+    __ InitializeFieldsWithFiller(rbx, rdi, r11);
+
+    // Add the object tag to make the JSObject real.
+    STATIC_ASSERT(kHeapObjectTag == 1);
+    __ incp(rax);
+    __ Ret();
+  }
+  __ bind(&slack_tracking);
+  {
+    // Decrease generous allocation count.
+    STATIC_ASSERT(Map::ConstructionCounter::kNext == 32);
+    __ subl(FieldOperand(rcx, Map::kBitField3Offset),
+            Immediate(1 << Map::ConstructionCounter::kShift));
+
+    // Initialize the in-object fields with undefined.
+    __ movzxbl(rdx, FieldOperand(rcx, Map::kUnusedPropertyFieldsOffset));
+    __ negp(rdx);
+    __ leap(rdx, Operand(rdi, rdx, times_pointer_size, 0));
+    __ InitializeFieldsWithFiller(rbx, rdx, r11);
+
+    // Initialize the remaining (reserved) fields with one pointer filler map.
+    __ LoadRoot(r11, Heap::kOnePointerFillerMapRootIndex);
+    __ InitializeFieldsWithFiller(rdx, rdi, r11);
+
+    // Add the object tag to make the JSObject real.
+    STATIC_ASSERT(kHeapObjectTag == 1);
+    __ incp(rax);
+
+    // Check if we can finalize the instance size.
+    Label finalize;
+    STATIC_ASSERT(Map::kSlackTrackingCounterEnd == 1);
+    __ testl(FieldOperand(rcx, Map::kBitField3Offset),
+             Immediate(Map::ConstructionCounter::kMask));
+    __ j(zero, &finalize, Label::kNear);
+    __ Ret();
+
+    // Finalize the instance size.
+    __ bind(&finalize);
+    {
+      FrameScope scope(masm, StackFrame::INTERNAL);
+      __ Push(rax);
+      __ Push(rcx);
+      __ CallRuntime(Runtime::kFinalizeInstanceSize);
+      __ Pop(rax);
+    }
+    __ Ret();
+  }
+
+  // Fall back to %AllocateInNewSpace.
+  __ bind(&allocate);
+  {
+    FrameScope scope(masm, StackFrame::INTERNAL);
+    __ Integer32ToSmi(rbx, rbx);
+    __ Push(rcx);
+    __ Push(rbx);
+    __ CallRuntime(Runtime::kAllocateInNewSpace);
+    __ Pop(rcx);
+  }
+  STATIC_ASSERT(kHeapObjectTag == 1);
+  __ decp(rax);
+  __ movzxbl(rbx, FieldOperand(rcx, Map::kInstanceSizeOffset));
+  __ leap(rdi, Operand(rax, rbx, times_pointer_size, 0));
+  __ jmp(&done_allocate);
+
+  // Fall back to %NewObject.
+  __ bind(&new_object);
+  __ PopReturnAddressTo(rcx);
+  __ Push(rdi);
+  __ Push(rdx);
+  __ PushReturnAddressFrom(rcx);
+  __ TailCallRuntime(Runtime::kNewObject);
+}
+
+
 void FastNewRestParameterStub::Generate(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- rdi    : function
   //  -- rsi    : context
   //  -- rbp    : frame pointer
   //  -- rsp[0] : return address
   // -----------------------------------
   __ AssertFunction(rdi);
 
   // For Ignition we need to skip all possible handler/stub frames until
@@ skipping 1026 matching lines @@
                            NULL);
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_X64