[Interpreter] Collect type feedback for 'new' in the bytecode handler

src/interpreter/interpreter-assembler.cc

Index: src/interpreter/interpreter-assembler.cc
diff --git a/src/interpreter/interpreter-assembler.cc b/src/interpreter/interpreter-assembler.cc
index 8f5d941e5a2e6632fd93c8a0965fc5999375e629..c2df607bc6ef3d1f6981bc8d90d15637c0913740 100644
--- a/src/interpreter/interpreter-assembler.cc
+++ b/src/interpreter/interpreter-assembler.cc
@@ -467,7 +467,7 @@ Node* InterpreterAssembler::CallJSWithFeedback(Node* function, Node* context,
   Node* is_feedback_unavailable = Word32Equal(slot_id, Int32Constant(0));
   GotoIf(is_feedback_unavailable, &call);
 
-  // The checks. First, does rdi match the recorded monomorphic target?
+  // The checks. First, does function match the recorded monomorphic target?
   Node* feedback_element = LoadFixedArrayElement(type_feedback_vector, slot_id);
   Node* feedback_value = LoadWeakCellValue(feedback_element);
   Node* is_monomorphic = WordEqual(function, feedback_value);
@@ -601,13 +601,141 @@ Node* InterpreterAssembler::CallJS(Node* function, Node* context,
                   first_arg, function);
 }
 
+void InterpreterAssembler::UpdateTypeFeedback(Node* slot_id,

[rmcilroy, 2016/07/15 10:44:06]

Could we just do this inline? Or at least make the function name specific to
CallConstruct

[mythria, 2016/07/15 13:53:41]

I inlined it into the callConstruct. Done.

+                                              Node* type_feedback_vector,
+                                              Node* constructor,
+                                              Node* context) {
+  Label increment_count(this), extra_checks(this), done(this);
+
+  Node* feedback_element = LoadFixedArrayElement(type_feedback_vector, slot_id);
+  Node* feedback_value = LoadWeakCellValue(feedback_element);
+  Node* is_monomorphic = WordEqual(constructor, feedback_value);
+  BranchIf(is_monomorphic, &increment_count, &extra_checks);
+
+  Bind(&increment_count);
+  {
+    // Increment the call count.
+    Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
+    Node* call_count =
+        LoadFixedArrayElement(type_feedback_vector, call_count_slot);
+    Node* new_count = SmiAdd(call_count, SmiTag(Int32Constant(1)));
+    // Count is Smi, so we don't need a write barrier.
+    StoreFixedArrayElement(type_feedback_vector, call_count_slot, new_count,
+                           SKIP_WRITE_BARRIER);
+    Goto(&done);
+  }
+
+  Bind(&extra_checks);
+  {
+    Label mark_megamorphic(this), initialize(this),
+        check_weak_cell_cleared(this);
+    // Check if it is a megamorphic target
+    Node* is_megamorphic = WordEqual(
+        feedback_element,
+        HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())));
+    GotoIf(is_megamorphic, &done);
+
+    // Check if it is uninitialized.
+    Node* is_uninitialized = WordEqual(
+        feedback_element, LoadRoot(Heap::kuninitialized_symbolRootIndex));
+    BranchIf(is_uninitialized, &initialize, &check_weak_cell_cleared);
+
+    Bind(&check_weak_cell_cleared);
+    {
+      Node* is_weak_cell = WordEqual(LoadMap(feedback_element),
+                                     LoadRoot(Heap::kWeakCellMapRootIndex));
+      GotoUnless(is_weak_cell, &mark_megamorphic);
+
+      // If the weak cell is cleared, we have a new chance to become
+      // monomorphic.
+      Node* is_smi = WordIsSmi(feedback_value);
+      BranchIf(is_smi, &initialize, &mark_megamorphic);

[mythria, 2016/07/14 15:00:56]

This is a bit different from Call type feedback. We don't check if a weak cell
is cleared in the case of Call. 

+    }
+
+    Bind(&initialize);
+    {
+      // Check that it is not the Array() function.
+      Node* context_slot =
+          LoadFixedArrayElement(LoadNativeContext(context),
+                                Int32Constant(Context::ARRAY_FUNCTION_INDEX));
+      Node* is_array_function = WordEqual(context_slot, constructor);
+      GotoIf(is_array_function, &mark_megamorphic);
+
+      Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
+      // Count is Smi, so we don't need a write barrier.
+      StoreFixedArrayElement(type_feedback_vector, call_count_slot,
+                             SmiTag(Int32Constant(1)), SKIP_WRITE_BARRIER);
+
+      CreateWeakCellStub weak_cell_stub(isolate());
+      CallStub(weak_cell_stub.GetCallInterfaceDescriptor(),
+               HeapConstant(weak_cell_stub.GetCode()), context,
+               type_feedback_vector, SmiTag(slot_id), constructor);
+      Goto(&done);
+    }
+
+    Bind(&mark_megamorphic);
+    {
+      // MegamorphicSentinel is an immortal immovable object so no write-barrier
+      // is needed.
+      DCHECK(Heap::RootIsImmortalImmovable(Heap::kmegamorphic_symbolRootIndex));
+      StoreFixedArrayElement(
+          type_feedback_vector, slot_id,
+          HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())),
+          SKIP_WRITE_BARRIER);
+      Goto(&done);
+    }
+  }
+
+  Bind(&done);
+}
+
 Node* InterpreterAssembler::CallConstruct(Node* constructor, Node* context,
                                           Node* new_target, Node* first_arg,
-                                          Node* arg_count) {
-  Callable callable = CodeFactory::InterpreterPushArgsAndConstruct(isolate());
+                                          Node* arg_count, Node* slot_id,
+                                          Node* type_feedback_vector) {
+  Label call_constrcut(this), js_function(this), end(this);
+  Variable return_value(this, MachineRepresentation::kTagged);
+
+  // Slot id of 0 is used to indicate no typefeedback is available.
+  STATIC_ASSERT(TypeFeedbackVector::kReservedIndexCount > 0);
+  Node* is_feedback_unavailable = Word32Equal(slot_id, Int32Constant(0));
+  GotoIf(is_feedback_unavailable, &call_constrcut);
+
+  // Check that the constructor is not a smi.
+  Node* is_smi = WordIsSmi(constructor);
+  GotoIf(is_smi, &call_constrcut);
+
+  // Check that constructor is a JSFunction.
+  Node* instance_type = LoadInstanceType(constructor);
+  Node* is_js_function =
+      WordEqual(instance_type, Int32Constant(JS_FUNCTION_TYPE));
+  BranchIf(is_js_function, &js_function, &call_constrcut);

[mythria, 2016/07/14 15:00:56]

If constructor is not a JSFunction, we do not update the type feedback. Is this
correct? For Call bytecode we move to megamorphic, so I just wanted to make sure
this is intended.

[rmcilroy, 2016/07/15 10:44:06]

call_constrcut - fix typo

[mythria, 2016/07/15 13:53:41]

Thanks. Done.

+
+  Bind(&js_function);
+  // Cache the called function in a feedback vector slot.  Cache states
+  // are uninitialized, monomorphic (indicated by a JSFunction), and
+  // megamorphic.
+  UpdateTypeFeedback(slot_id, type_feedback_vector, constructor, context);
+
+  // TODO(mythria): Get allocation site feedback if available. Currently
+  // we do not collect  allocation site feedback.
+  Callable callable_function = CodeFactory::InterpreterPushArgsAndConstruct(
+      isolate(), CallableType::kJSFunction);
+  return_value.Bind(CallStub(callable_function.descriptor(),
+                             HeapConstant(callable_function.code()), context,
+                             arg_count, new_target, constructor, first_arg));
+  Goto(&end);
+
+  Bind(&call_constrcut);
+  Callable callable = CodeFactory::InterpreterPushArgsAndConstruct(
+      isolate(), CallableType::kAny);
   Node* code_target = HeapConstant(callable.code());
-  return CallStub(callable.descriptor(), code_target, context, arg_count,
-                  new_target, constructor, first_arg);
+  return_value.Bind(CallStub(callable.descriptor(), code_target, context,
+                             arg_count, new_target, constructor, first_arg));
+  Goto(&end);
+
+  Bind(&end);
+  return return_value.value();
 }
 
 Node* InterpreterAssembler::CallRuntimeN(Node* function_id, Node* context,