Experimental parser: merge to r19637

src/deoptimizer.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 324 matching lines @@
    public:
     virtual void EnterContext(Context* context) { }  // Don't care.
     virtual void LeaveContext(Context* context)  { }  // Don't care.
     virtual void VisitFunction(JSFunction* function) {
       Code* code = function->code();
       if (!code->marked_for_deoptimization()) return;
 
       // Unlink this function and evict from optimized code map.
       SharedFunctionInfo* shared = function->shared();
       function->set_code(shared->code());
-      shared->EvictFromOptimizedCodeMap(code, "deoptimized function");
 
       if (FLAG_trace_deopt) {
         CodeTracer::Scope scope(code->GetHeap()->isolate()->GetCodeTracer());
         PrintF(scope.file(), "[deoptimizer unlinked: ");
         function->PrintName(scope.file());
         PrintF(scope.file(),
                " / %" V8PRIxPTR "]\n", reinterpret_cast<intptr_t>(function));
       }
     }
   };
@@ skipping 368 matching lines @@
 
 // We rely on this function not causing a GC.  It is called from generated code
 // without having a real stack frame in place.
 void Deoptimizer::DoComputeOutputFrames() {
   // Print some helpful diagnostic information.
   if (FLAG_log_timer_events &&
       compiled_code_->kind() == Code::OPTIMIZED_FUNCTION) {
     LOG(isolate(), CodeDeoptEvent(compiled_code_));
   }
   ElapsedTimer timer;
+
+  // Determine basic deoptimization information.  The optimized frame is
+  // described by the input data.
+  DeoptimizationInputData* input_data =
+      DeoptimizationInputData::cast(compiled_code_->deoptimization_data());
+
   if (trace_scope_ != NULL) {
     timer.Start();
     PrintF(trace_scope_->file(),
            "[deoptimizing (DEOPT %s): begin 0x%08" V8PRIxPTR " ",
            MessageFor(bailout_type_),
            reinterpret_cast<intptr_t>(function_));
     PrintFunctionName();
     PrintF(trace_scope_->file(),
-           " @%d, FP to SP delta: %d]\n",
+           " (opt #%d) @%d, FP to SP delta: %d]\n",
+           input_data->OptimizationId()->value(),
            bailout_id_,
            fp_to_sp_delta_);
     if (bailout_type_ == EAGER || bailout_type_ == SOFT) {
       compiled_code_->PrintDeoptLocation(trace_scope_->file(), bailout_id_);
     }
   }
 
-  // Determine basic deoptimization information.  The optimized frame is
-  // described by the input data.
-  DeoptimizationInputData* input_data =
-      DeoptimizationInputData::cast(compiled_code_->deoptimization_data());
   BailoutId node_id = input_data->AstId(bailout_id_);
   ByteArray* translations = input_data->TranslationByteArray();
   unsigned translation_index =
       input_data->TranslationIndex(bailout_id_)->value();
 
   // Do the input frame to output frame(s) translation.
   TranslationIterator iterator(translations, translation_index);
   Translation::Opcode opcode =
       static_cast<Translation::Opcode>(iterator.Next());
   ASSERT(Translation::BEGIN == opcode);
   USE(opcode);
   // Read the number of output frames and allocate an array for their
   // descriptions.
   int count = iterator.Next();
   iterator.Next();  // Drop JS frames count.
   ASSERT(output_ == NULL);
   output_ = new FrameDescription*[count];
   for (int i = 0; i < count; ++i) {
     output_[i] = NULL;
   }
   output_count_ = count;
 
+  Register fp_reg = JavaScriptFrame::fp_register();
+  stack_fp_ = reinterpret_cast<Address>(
+      input_->GetRegister(fp_reg.code()) +
+          has_alignment_padding_ * kPointerSize);
+
   // Translate each output frame.
   for (int i = 0; i < count; ++i) {
     // Read the ast node id, function, and frame height for this output frame.
     Translation::Opcode opcode =
         static_cast<Translation::Opcode>(iterator.Next());
     switch (opcode) {
       case Translation::JS_FRAME:
         DoComputeJSFrame(&iterator, i);
         jsframe_count_++;
         break;
@@ skipping 737 matching lines @@
   // object to the callee and optionally the space to pass the argument
   // object to the stub failure handler.
   ASSERT(descriptor->register_param_count_ >= 0);
   int height_in_bytes = kPointerSize * descriptor->register_param_count_ +
       sizeof(Arguments) + kPointerSize;
   int fixed_frame_size = StandardFrameConstants::kFixedFrameSize;
   int input_frame_size = input_->GetFrameSize();
   int output_frame_size = height_in_bytes + fixed_frame_size;
   if (trace_scope_ != NULL) {
     PrintF(trace_scope_->file(),
-           "  translating %s => StubFailure%sTrampolineStub, height=%d\n",
+           "  translating %s => StubFailureTrampolineStub, height=%d\n",
            CodeStub::MajorName(static_cast<CodeStub::Major>(major_key), false),
-           descriptor->HasTailCallContinuation() ? "TailCall" : "",
            height_in_bytes);
   }
 
   // The stub failure trampoline is a single frame.
   FrameDescription* output_frame =
       new(output_frame_size) FrameDescription(output_frame_size, NULL);
   output_frame->SetFrameType(StackFrame::STUB_FAILURE_TRAMPOLINE);
   ASSERT(frame_index == 0);
   output_[frame_index] = output_frame;
 
@@ skipping 68 matching lines @@
   value = reinterpret_cast<intptr_t>(
       Smi::FromInt(StackFrame::STUB_FAILURE_TRAMPOLINE));
   output_frame->SetFrameSlot(output_frame_offset, value);
   if (trace_scope_ != NULL) {
     PrintF(trace_scope_->file(),
            "    0x%08" V8PRIxPTR ": [top + %d] <- 0x%08"
            V8PRIxPTR " ; function (stub failure sentinel)\n",
            top_address + output_frame_offset, output_frame_offset, value);
   }
 
-  intptr_t caller_arg_count = descriptor->HasTailCallContinuation()
-      ? compiled_code_->arguments_count() + 1 : 0;
+  intptr_t caller_arg_count = 0;
   bool arg_count_known = !descriptor->stack_parameter_count_.is_valid();
 
   // Build the Arguments object for the caller's parameters and a pointer to it.
   output_frame_offset -= kPointerSize;
   int args_arguments_offset = output_frame_offset;
   intptr_t the_hole = reinterpret_cast<intptr_t>(
       isolate_->heap()->the_hole_value());
   if (arg_count_known) {
     value = frame_ptr + StandardFrameConstants::kCallerSPOffset +
         (caller_arg_count - 1) * kPointerSize;
@@ skipping 75 matching lines @@
   }
 
   // Copy the double registers from the input into the output frame.
   CopyDoubleRegisters(output_frame);
 
   // Fill registers containing handler and number of parameters.
   SetPlatformCompiledStubRegisters(output_frame, descriptor);
 
   // Compute this frame's PC, state, and continuation.
   Code* trampoline = NULL;
-  if (descriptor->HasTailCallContinuation()) {
-    StubFailureTailCallTrampolineStub().FindCodeInCache(&trampoline, isolate_);
-  } else {
-    StubFunctionMode function_mode = descriptor->function_mode_;
-    StubFailureTrampolineStub(function_mode).FindCodeInCache(&trampoline,
-                                                             isolate_);
-  }
+  StubFunctionMode function_mode = descriptor->function_mode_;
+  StubFailureTrampolineStub(function_mode).FindCodeInCache(&trampoline,
+                                                           isolate_);
   ASSERT(trampoline != NULL);
   output_frame->SetPc(reinterpret_cast<intptr_t>(
       trampoline->instruction_start()));
   output_frame->SetState(Smi::FromInt(FullCodeGenerator::NO_REGISTERS));
   Code* notify_failure = NotifyStubFailureBuiltin();
   output_frame->SetContinuation(
       reinterpret_cast<intptr_t>(notify_failure->entry()));
 }
 
 
@@ skipping 32 matching lines @@
     // Dispatch on the instance type of the object to be materialized.
     // We also need to make sure that the representation of all fields
     // in the given object are general enough to hold a tagged value.
     Handle<Map> map = Map::GeneralizeAllFieldRepresentations(
         Handle<Map>::cast(MaterializeNextValue()), Representation::Tagged());
     switch (map->instance_type()) {
       case HEAP_NUMBER_TYPE: {
         // Reuse the HeapNumber value directly as it is already properly
         // tagged and skip materializing the HeapNumber explicitly.
         Handle<Object> object = MaterializeNextValue();
-        materialized_objects_->Add(object);
+        if (object_index < prev_materialized_count_) {
+          materialized_objects_->Add(Handle<Object>(
+              previously_materialized_objects_->get(object_index), isolate_));
+        } else {
+          materialized_objects_->Add(object);
+        }
         materialization_value_index_ += kDoubleSize / kPointerSize - 1;
         break;
       }
       case JS_OBJECT_TYPE: {
         Handle<JSObject> object =
             isolate_->factory()->NewJSObjectFromMap(map, NOT_TENURED, false);
-        materialized_objects_->Add(object);
+        if (object_index < prev_materialized_count_) {
+          materialized_objects_->Add(Handle<Object>(
+              previously_materialized_objects_->get(object_index), isolate_));
+        } else {
+          materialized_objects_->Add(object);
+        }
         Handle<Object> properties = MaterializeNextValue();
         Handle<Object> elements = MaterializeNextValue();
         object->set_properties(FixedArray::cast(*properties));
         object->set_elements(FixedArrayBase::cast(*elements));
         for (int i = 0; i < length - 3; ++i) {
           Handle<Object> value = MaterializeNextValue();
           object->FastPropertyAtPut(i, *value);
         }
         break;
       }
       case JS_ARRAY_TYPE: {
         Handle<JSArray> object =
             isolate_->factory()->NewJSArray(0, map->elements_kind());
-        materialized_objects_->Add(object);
+        if (object_index < prev_materialized_count_) {
+          materialized_objects_->Add(Handle<Object>(
+              previously_materialized_objects_->get(object_index), isolate_));
+        } else {
+          materialized_objects_->Add(object);
+        }
         Handle<Object> properties = MaterializeNextValue();
         Handle<Object> elements = MaterializeNextValue();
         Handle<Object> length = MaterializeNextValue();
         object->set_properties(FixedArray::cast(*properties));
         object->set_elements(FixedArrayBase::cast(*elements));
         object->set_length(*length);
         break;
       }
       default:
         PrintF(stderr,
@@ skipping 12 matching lines @@
   if (*value == isolate_->heap()->arguments_marker()) {
     value = MaterializeNextHeapObject();
   }
   return value;
 }
 
 
 void Deoptimizer::MaterializeHeapObjects(JavaScriptFrameIterator* it) {
   ASSERT_NE(DEBUGGER, bailout_type_);
 
+  MaterializedObjectStore* materialized_store =
+      isolate_->materialized_object_store();
+  previously_materialized_objects_ = materialized_store->Get(stack_fp_);
+  prev_materialized_count_ = previously_materialized_objects_.is_null() ?
+      0 : previously_materialized_objects_->length();
+
   // Walk all JavaScript output frames with the given frame iterator.
   for (int frame_index = 0; frame_index < jsframe_count(); ++frame_index) {
     if (frame_index != 0) it->Advance();
     JavaScriptFrame* frame = it->frame();
     jsframe_functions_.Add(handle(frame->function(), isolate_));
     jsframe_has_adapted_arguments_.Add(frame->has_adapted_arguments());
   }
 
   // Handlify all tagged object values before triggering any allocation.
   List<Handle<Object> > values(deferred_objects_tagged_values_.length());
@@ skipping 69 matching lines @@
                  reinterpret_cast<void*>(descriptor.slot_address()));
         }
         object->ShortPrint(trace_scope_->file());
         PrintF(trace_scope_->file(), "\n");
       }
     }
 
     ASSERT(materialization_object_index_ == materialized_objects_->length());
     ASSERT(materialization_value_index_ == materialized_values_->length());
   }
+
+  if (prev_materialized_count_ > 0) {
+    materialized_store->Remove(stack_fp_);
+  }
 }
 
 
 #ifdef ENABLE_DEBUGGER_SUPPORT
 void Deoptimizer::MaterializeHeapNumbersForDebuggerInspectableFrame(
     Address parameters_top,
     uint32_t parameters_size,
     Address expressions_top,
     uint32_t expressions_size,
     DeoptimizedFrameInfo* info) {
@@ skipping 724 matching lines @@
                                    JSFunction* function)
     : frame_size_(frame_size),
       function_(function),
       top_(kZapUint32),
       pc_(kZapUint32),
       fp_(kZapUint32),
       context_(kZapUint32),
       constant_pool_(kZapUint32) {
   // Zap all the registers.
   for (int r = 0; r < Register::kNumRegisters; r++) {
+    // TODO(jbramley): It isn't safe to use kZapUint32 here. If the register
+    // isn't used before the next safepoint, the GC will try to scan it as a
+    // tagged value. kZapUint32 looks like a valid tagged pointer, but it isn't.
     SetRegister(r, kZapUint32);
   }
 
   // Zap all the slots.
   for (unsigned o = 0; o < frame_size; o += kPointerSize) {
     SetFrameSlot(o, kZapUint32);
   }
 }
 
 
@@ skipping 264 matching lines @@
   UNREACHABLE();
   return "";
 }
 
 #endif
 
 
 // We can't intermix stack decoding and allocations because
 // deoptimization infrastracture is not GC safe.
 // Thus we build a temporary structure in malloced space.
-SlotRef SlotRef::ComputeSlotForNextArgument(TranslationIterator* iterator,
-                                            DeoptimizationInputData* data,
-                                            JavaScriptFrame* frame) {
-  Translation::Opcode opcode =
-      static_cast<Translation::Opcode>(iterator->Next());
-
+SlotRef SlotRefValueBuilder::ComputeSlotForNextArgument(
+    Translation::Opcode opcode,
+    TranslationIterator* iterator,
+    DeoptimizationInputData* data,
+    JavaScriptFrame* frame) {
   switch (opcode) {
     case Translation::BEGIN:
     case Translation::JS_FRAME:
     case Translation::ARGUMENTS_ADAPTOR_FRAME:
     case Translation::CONSTRUCT_STUB_FRAME:
     case Translation::GETTER_STUB_FRAME:
     case Translation::SETTER_STUB_FRAME:
       // Peeled off before getting here.
       break;
 
-    case Translation::DUPLICATED_OBJECT:
+    case Translation::DUPLICATED_OBJECT: {
+      return SlotRef::NewDuplicateObject(iterator->Next());
+    }
+
     case Translation::ARGUMENTS_OBJECT:
-    case Translation::CAPTURED_OBJECT:
-      // This can be only emitted for local slots not for argument slots.
-      break;
+      return SlotRef::NewArgumentsObject(iterator->Next());
+
+    case Translation::CAPTURED_OBJECT: {
+      return SlotRef::NewDeferredObject(iterator->Next());
+    }
 
     case Translation::REGISTER:
     case Translation::INT32_REGISTER:
     case Translation::UINT32_REGISTER:
     case Translation::DOUBLE_REGISTER:
       // We are at safepoint which corresponds to call.  All registers are
       // saved by caller so there would be no live registers at this
       // point. Thus these translation commands should not be used.
       break;
 
@@ skipping 25 matching lines @@
       int literal_index = iterator->Next();
       return SlotRef(data->GetIsolate(),
                      data->LiteralArray()->get(literal_index));
     }
 
     case Translation::COMPILED_STUB_FRAME:
       UNREACHABLE();
       break;
   }
 
-  UNREACHABLE();
+  FATAL("We should never get here - unexpected deopt info.");
   return SlotRef();
 }
 
 
-void SlotRef::ComputeSlotsForArguments(Vector<SlotRef>* args_slots,
-                                       TranslationIterator* it,
-                                       DeoptimizationInputData* data,
-                                       JavaScriptFrame* frame) {
-  // Process the translation commands for the arguments.
+SlotRefValueBuilder::SlotRefValueBuilder(JavaScriptFrame* frame,
+                                         int inlined_jsframe_index,
+                                         int formal_parameter_count)
+    : current_slot_(0), args_length_(-1), first_slot_index_(-1) {
+  DisallowHeapAllocation no_gc;
 
-  // Skip the translation command for the receiver.
-  it->Skip(Translation::NumberOfOperandsFor(
-      static_cast<Translation::Opcode>(it->Next())));
-
-  // Compute slots for arguments.
-  for (int i = 0; i < args_slots->length(); ++i) {
-    (*args_slots)[i] = ComputeSlotForNextArgument(it, data, frame);
-  }
-}
-
-
-Vector<SlotRef> SlotRef::ComputeSlotMappingForArguments(
-    JavaScriptFrame* frame,
-    int inlined_jsframe_index,
-    int formal_parameter_count) {
-  DisallowHeapAllocation no_gc;
   int deopt_index = Safepoint::kNoDeoptimizationIndex;
   DeoptimizationInputData* data =
       static_cast<OptimizedFrame*>(frame)->GetDeoptimizationData(&deopt_index);
   TranslationIterator it(data->TranslationByteArray(),
                          data->TranslationIndex(deopt_index)->value());
   Translation::Opcode opcode = static_cast<Translation::Opcode>(it.Next());
   ASSERT(opcode == Translation::BEGIN);
   it.Next();  // Drop frame count.
+
+  stack_frame_id_ = frame->fp();
+
   int jsframe_count = it.Next();
   USE(jsframe_count);
   ASSERT(jsframe_count > inlined_jsframe_index);
   int jsframes_to_skip = inlined_jsframe_index;
-  while (true) {
+  int number_of_slots = -1;  // Number of slots inside our frame (yet unknown)
+  bool should_deopt = false;
+  while (number_of_slots != 0) {
     opcode = static_cast<Translation::Opcode>(it.Next());
+    bool processed = false;
     if (opcode == Translation::ARGUMENTS_ADAPTOR_FRAME) {
       if (jsframes_to_skip == 0) {
         ASSERT(Translation::NumberOfOperandsFor(opcode) == 2);
 
         it.Skip(1);  // literal id
         int height = it.Next();
 
+        // Skip the translation command for the receiver.
+        it.Skip(Translation::NumberOfOperandsFor(
+            static_cast<Translation::Opcode>(it.Next())));
+
         // We reached the arguments adaptor frame corresponding to the
         // inlined function in question.  Number of arguments is height - 1.
-        Vector<SlotRef> args_slots =
-            Vector<SlotRef>::New(height - 1);  // Minus receiver.
-        ComputeSlotsForArguments(&args_slots, &it, data, frame);
-        return args_slots;
+        first_slot_index_ = slot_refs_.length();
+        args_length_ = height - 1;
+        number_of_slots = height - 1;
+        processed = true;
       }
     } else if (opcode == Translation::JS_FRAME) {
       if (jsframes_to_skip == 0) {
         // Skip over operands to advance to the next opcode.
         it.Skip(Translation::NumberOfOperandsFor(opcode));
 
+        // Skip the translation command for the receiver.
+        it.Skip(Translation::NumberOfOperandsFor(
+            static_cast<Translation::Opcode>(it.Next())));
+
         // We reached the frame corresponding to the inlined function
         // in question.  Process the translation commands for the
         // arguments.  Number of arguments is equal to the number of
         // format parameter count.
-        Vector<SlotRef> args_slots =
-            Vector<SlotRef>::New(formal_parameter_count);
-        ComputeSlotsForArguments(&args_slots, &it, data, frame);
-        return args_slots;
+        first_slot_index_ = slot_refs_.length();
+        args_length_ = formal_parameter_count;
+        number_of_slots = formal_parameter_count;
+        processed = true;
       }
       jsframes_to_skip--;
-    }
-
-    // Skip over operands to advance to the next opcode.
-    it.Skip(Translation::NumberOfOperandsFor(opcode));
-  }
-
-  UNREACHABLE();
-  return Vector<SlotRef>();
+    } else if (opcode != Translation::BEGIN &&
+               opcode != Translation::CONSTRUCT_STUB_FRAME &&
+               opcode != Translation::GETTER_STUB_FRAME &&
+               opcode != Translation::SETTER_STUB_FRAME &&
+               opcode != Translation::COMPILED_STUB_FRAME) {
+      slot_refs_.Add(ComputeSlotForNextArgument(opcode, &it, data, frame));
+
+      if (first_slot_index_ >= 0) {
+        // We have found the beginning of our frame -> make sure we count
+        // the nested slots of captured objects
+        number_of_slots--;
+        SlotRef& slot = slot_refs_.last();
+        ASSERT(slot.Representation() != SlotRef::ARGUMENTS_OBJECT);
+        number_of_slots += slot.GetChildrenCount();
+        if (slot.Representation() == SlotRef::DEFERRED_OBJECT ||
+            slot.Representation() == SlotRef::DUPLICATE_OBJECT) {
+          should_deopt = true;
+        }
+      }
+
+      processed = true;
+    }
+    if (!processed) {
+      // Skip over operands to advance to the next opcode.
+      it.Skip(Translation::NumberOfOperandsFor(opcode));
+    }
+  }
+  if (should_deopt) {
+    List<JSFunction*> functions(2);
+    frame->GetFunctions(&functions);
+    Deoptimizer::DeoptimizeFunction(functions[0]);
+  }
+}
+
+
+Handle<Object> SlotRef::GetValue(Isolate* isolate) {
+  switch (representation_) {
+    case TAGGED:
+      return Handle<Object>(Memory::Object_at(addr_), isolate);
+
+    case INT32: {
+      int value = Memory::int32_at(addr_);
+      if (Smi::IsValid(value)) {
+        return Handle<Object>(Smi::FromInt(value), isolate);
+      } else {
+        return isolate->factory()->NewNumberFromInt(value);
+      }
+    }
+
+    case UINT32: {
+      uint32_t value = Memory::uint32_at(addr_);
+      if (value <= static_cast<uint32_t>(Smi::kMaxValue)) {
+        return Handle<Object>(Smi::FromInt(static_cast<int>(value)), isolate);
+      } else {
+        return isolate->factory()->NewNumber(static_cast<double>(value));
+      }
+    }
+
+    case DOUBLE: {
+      double value = read_double_value(addr_);
+      return isolate->factory()->NewNumber(value);
+    }
+
+    case LITERAL:
+      return literal_;
+
+    default:
+      FATAL("We should never get here - unexpected deopt info.");
+      return Handle<Object>::null();
+  }
+}
+
+
+void SlotRefValueBuilder::Prepare(Isolate* isolate) {
+  MaterializedObjectStore* materialized_store =
+      isolate->materialized_object_store();
+  previously_materialized_objects_ = materialized_store->Get(stack_frame_id_);
+  prev_materialized_count_ = previously_materialized_objects_.is_null()
+      ? 0 : previously_materialized_objects_->length();
+
+  // Skip any materialized objects of the inlined "parent" frames.
+  // (Note that we still need to materialize them because they might be
+  // referred to as duplicated objects.)
+  while (current_slot_ < first_slot_index_) {
+    GetNext(isolate, 0);
+  }
+  ASSERT(current_slot_ == first_slot_index_);
+}
+
+
+Handle<Object> SlotRefValueBuilder::GetPreviouslyMaterialized(
+    Isolate* isolate, int length) {
+  int object_index = materialized_objects_.length();
+  Handle<Object> return_value = Handle<Object>(
+      previously_materialized_objects_->get(object_index), isolate);
+  materialized_objects_.Add(return_value);
+
+  // Now need to skip all the nested objects (and possibly read them from
+  // the materialization store, too).
+  for (int i = 0; i < length; i++) {
+    SlotRef& slot = slot_refs_[current_slot_];
+    current_slot_++;
+
+    // We need to read all the nested objects - add them to the
+    // number of objects we need to process.
+    length += slot.GetChildrenCount();
+
+    // Put the nested deferred/duplicate objects into our materialization
+    // array.
+    if (slot.Representation() == SlotRef::DEFERRED_OBJECT ||
+        slot.Representation() == SlotRef::DUPLICATE_OBJECT) {
+      int nested_object_index = materialized_objects_.length();
+      Handle<Object> nested_object = Handle<Object>(
+          previously_materialized_objects_->get(nested_object_index),
+          isolate);
+      materialized_objects_.Add(nested_object);
+    }
+  }
+
+  return return_value;
+}
+
+
+Handle<Object> SlotRefValueBuilder::GetNext(Isolate* isolate, int lvl) {
+  SlotRef& slot = slot_refs_[current_slot_];
+  current_slot_++;
+  switch (slot.Representation()) {
+    case SlotRef::TAGGED:
+    case SlotRef::INT32:
+    case SlotRef::UINT32:
+    case SlotRef::DOUBLE:
+    case SlotRef::LITERAL: {
+      return slot.GetValue(isolate);
+    }
+    case SlotRef::ARGUMENTS_OBJECT: {
+      // We should never need to materialize an arguments object,
+      // but we still need to put something into the array
+      // so that the indexing is consistent.
+      materialized_objects_.Add(isolate->factory()->undefined_value());
+      int length = slot.GetChildrenCount();
+      for (int i = 0; i < length; ++i) {
+        // We don't need the argument, just ignore it
+        GetNext(isolate, lvl + 1);
+      }
+      return isolate->factory()->undefined_value();
+    }
+    case SlotRef::DEFERRED_OBJECT: {
+      int length = slot.GetChildrenCount();
+      ASSERT(slot_refs_[current_slot_].Representation() == SlotRef::LITERAL ||
+             slot_refs_[current_slot_].Representation() == SlotRef::TAGGED);
+
+      int object_index = materialized_objects_.length();
+      if (object_index <  prev_materialized_count_) {
+        return GetPreviouslyMaterialized(isolate, length);
+      }
+
+      Handle<Object> map_object = slot_refs_[current_slot_].GetValue(isolate);
+      Handle<Map> map = Map::GeneralizeAllFieldRepresentations(
+          Handle<Map>::cast(map_object), Representation::Tagged());
+      current_slot_++;
+      // TODO(jarin) this should be unified with the code in
+      // Deoptimizer::MaterializeNextHeapObject()
+      switch (map->instance_type()) {
+        case HEAP_NUMBER_TYPE: {
+          // Reuse the HeapNumber value directly as it is already properly
+          // tagged and skip materializing the HeapNumber explicitly.
+          Handle<Object> object = GetNext(isolate, lvl + 1);
+          materialized_objects_.Add(object);
+          return object;
+        }
+        case JS_OBJECT_TYPE: {
+          Handle<JSObject> object =
+              isolate->factory()->NewJSObjectFromMap(map, NOT_TENURED, false);
+          materialized_objects_.Add(object);
+          Handle<Object> properties = GetNext(isolate, lvl + 1);
+          Handle<Object> elements = GetNext(isolate, lvl + 1);
+          object->set_properties(FixedArray::cast(*properties));
+          object->set_elements(FixedArrayBase::cast(*elements));
+          for (int i = 0; i < length - 3; ++i) {
+            Handle<Object> value = GetNext(isolate, lvl + 1);
+            object->FastPropertyAtPut(i, *value);
+          }
+          return object;
+        }
+        case JS_ARRAY_TYPE: {
+          Handle<JSArray> object =
+              isolate->factory()->NewJSArray(0, map->elements_kind());
+          materialized_objects_.Add(object);
+          Handle<Object> properties = GetNext(isolate, lvl + 1);
+          Handle<Object> elements = GetNext(isolate, lvl + 1);
+          Handle<Object> length = GetNext(isolate, lvl + 1);
+          object->set_properties(FixedArray::cast(*properties));
+          object->set_elements(FixedArrayBase::cast(*elements));
+          object->set_length(*length);
+          return object;
+        }
+        default:
+          PrintF(stderr,
+                 "[couldn't handle instance type %d]\n", map->instance_type());
+          UNREACHABLE();
+          break;
+      }
+      UNREACHABLE();
+    }
+
+    case SlotRef::DUPLICATE_OBJECT: {
+      int object_index = slot.DuplicateObjectId();
+      Handle<Object> object = materialized_objects_[object_index];
+      materialized_objects_.Add(object);
+      return object;
+    }
+    default:
+      UNREACHABLE();
+      break;
+  }
+
+  FATAL("We should never get here - unexpected deopt slot kind.");
+  return Handle<Object>::null();
+}
+
+
+void SlotRefValueBuilder::Finish(Isolate* isolate) {
+  // We should have processed all slot
+  ASSERT(slot_refs_.length() == current_slot_);
+
+  if (materialized_objects_.length() > prev_materialized_count_) {
+    // We have materialized some new objects, so we have to store them
+    // to prevent duplicate materialization
+    Handle<FixedArray> array = isolate->factory()->NewFixedArray(
+        materialized_objects_.length());
+    for (int i = 0; i < materialized_objects_.length(); i++) {
+      array->set(i, *(materialized_objects_.at(i)));
+    }
+    isolate->materialized_object_store()->Set(stack_frame_id_, array);
+  }
+}
+
+
+Handle<FixedArray> MaterializedObjectStore::Get(Address fp) {
+  int index = StackIdToIndex(fp);
+  if (index == -1) {
+    return Handle<FixedArray>::null();
+  }
+  Handle<FixedArray> array = GetStackEntries();
+  ASSERT(array->length() > index);
+  return Handle<FixedArray>::cast(Handle<Object>(array->get(index),
+                                                 isolate()));
+}
+
+
+void MaterializedObjectStore::Set(Address fp,
+    Handle<FixedArray> materialized_objects) {
+  int index = StackIdToIndex(fp);
+  if (index == -1) {
+    index = frame_fps_.length();
+    frame_fps_.Add(fp);
+  }
+
+  Handle<FixedArray> array = EnsureStackEntries(index + 1);
+  array->set(index, *materialized_objects);
+}
+
+
+void MaterializedObjectStore::Remove(Address fp) {
+  int index = StackIdToIndex(fp);
+  ASSERT(index >= 0);
+
+  frame_fps_.Remove(index);
+  Handle<FixedArray> array = GetStackEntries();
+  ASSERT(array->length() > index);
+  for (int i = index; i < frame_fps_.length(); i++) {
+    array->set(i, array->get(i + 1));
+  }
+  array->set(frame_fps_.length(), isolate()->heap()->undefined_value());
+}
+
+
+int MaterializedObjectStore::StackIdToIndex(Address fp) {
+  for (int i = 0; i < frame_fps_.length(); i++) {
+    if (frame_fps_[i] == fp) {
+      return i;
+    }
+  }
+  return -1;
+}
+
+
+Handle<FixedArray> MaterializedObjectStore::GetStackEntries() {
+  return Handle<FixedArray>(isolate()->heap()->materialized_objects());
+}
+
+
+Handle<FixedArray> MaterializedObjectStore::EnsureStackEntries(int length) {
+  Handle<FixedArray> array = GetStackEntries();
+  if (array->length() >= length) {
+    return array;
+  }
+
+  int new_length = length > 10 ? length : 10;
+  if (new_length < 2 * array->length()) {
+    new_length = 2 * array->length();
+  }
+
+  Handle<FixedArray> new_array =
+      isolate()->factory()->NewFixedArray(new_length, TENURED);
+  for (int i = 0; i < array->length(); i++) {
+    new_array->set(i, array->get(i));
+  }
+  for (int i = array->length(); i < length; i++) {
+    new_array->set(i, isolate()->heap()->undefined_value());
+  }
+  isolate()->heap()->public_set_materialized_objects(*new_array);
+  return new_array;
 }
 
 #ifdef ENABLE_DEBUGGER_SUPPORT
 
 DeoptimizedFrameInfo::DeoptimizedFrameInfo(Deoptimizer* deoptimizer,
                                            int frame_index,
                                            bool has_arguments_adaptor,
                                            bool has_construct_stub) {
   FrameDescription* output_frame = deoptimizer->output_[frame_index];
   function_ = output_frame->GetFunction();
@@ skipping 30 matching lines @@
 
 void DeoptimizedFrameInfo::Iterate(ObjectVisitor* v) {
   v->VisitPointer(BitCast<Object**>(&function_));
   v->VisitPointers(parameters_, parameters_ + parameters_count_);
   v->VisitPointers(expression_stack_, expression_stack_ + expression_count_);
 }
 
 #endif  // ENABLE_DEBUGGER_SUPPORT
 
 } }  // namespace v8::internal