[Interpreter] Collect type feedback for 'new' in the bytecode handler

src/interpreter/interpreter-assembler.cc

Index: src/interpreter/interpreter-assembler.cc
diff --git a/src/interpreter/interpreter-assembler.cc b/src/interpreter/interpreter-assembler.cc
index 42501a1add63f550b6f2b6362e6a388cbcdeb96c..a23c22f888ce6c0a6013dff87c90c140dcd6f5ff 100644
--- a/src/interpreter/interpreter-assembler.cc
+++ b/src/interpreter/interpreter-assembler.cc
@@ -469,7 +469,7 @@ Node* InterpreterAssembler::CallJSWithFeedback(Node* function, Node* context,
   Node* is_feedback_unavailable = Word32Equal(slot_id, Int32Constant(0));
   GotoIf(is_feedback_unavailable, &call);
 
-  // The checks. First, does rdi match the recorded monomorphic target?
+  // The checks. First, does function match the recorded monomorphic target?
   Node* feedback_element = LoadFixedArrayElement(type_feedback_vector, slot_id);
   Node* feedback_value = LoadWeakCellValue(feedback_element);
   Node* is_monomorphic = WordEqual(function, feedback_value);
@@ -603,11 +603,202 @@ Node* InterpreterAssembler::CallJS(Node* function, Node* context,
 
 Node* InterpreterAssembler::CallConstruct(Node* constructor, Node* context,
                                           Node* new_target, Node* first_arg,
-                                          Node* arg_count) {
-  Callable callable = CodeFactory::InterpreterPushArgsAndConstruct(isolate());
-  Node* code_target = HeapConstant(callable.code());
-  return CallStub(callable.descriptor(), code_target, context, arg_count,
-                  new_target, constructor, first_arg);
+                                          Node* arg_count, Node* slot_id,
+                                          Node* type_feedback_vector) {
+  Label call_construct(this), js_function(this), end(this);
+  Variable return_value(this, MachineRepresentation::kTagged);
+  Variable allocation_feedback(this, MachineRepresentation::kTagged);
+  allocation_feedback.Bind(UndefinedConstant());
+
+  // Slot id of 0 is used to indicate no type feedback is available.
+  STATIC_ASSERT(TypeFeedbackVector::kReservedIndexCount > 0);
+  Node* is_feedback_unavailable = Word32Equal(slot_id, Int32Constant(0));
+  GotoIf(is_feedback_unavailable, &call_construct);
+
+  // Check that the constructor is not a smi.
+  Node* is_smi = WordIsSmi(constructor);
+  GotoIf(is_smi, &call_construct);
+
+  // Check that constructor is a JSFunction.
+  Node* instance_type = LoadInstanceType(constructor);
+  Node* is_js_function =
+      WordEqual(instance_type, Int32Constant(JS_FUNCTION_TYPE));
+  BranchIf(is_js_function, &js_function, &call_construct);
+
+  Bind(&js_function);
+  {
+    // Cache the called function in a feedback vector slot. Cache states
+    // are uninitialized, monomorphic (indicated by a JSFunction), and
+    // megamorphic.
+    // TODO(mythria/v8:5210): Check if it is better to mark extra_checks as a
+    // deferred block so that call_construct_function will be scheduled just
+    // after increment_count and in the fast path we can reduce one branch in
+    // the
+    // fast path.
+    Label increment_count(this), extra_checks(this),
+        call_construct_function(this);
+
+    Node* feedback_element =
+        LoadFixedArrayElement(type_feedback_vector, slot_id);
+    Node* feedback_value = LoadWeakCellValue(feedback_element);
+    Node* is_monomorphic = WordEqual(constructor, feedback_value);
+    BranchIf(is_monomorphic, &increment_count, &extra_checks);
+
+    Bind(&extra_checks);
+    {
+      Label mark_megamorphic(this), initialize(this),
+          check_allocation_site(this), check_initialized(this),
+          set_alloc_feedback_and_inc_count(this);
+      {
+        // Check if it is a megamorphic target
+        Comment("check if megamorphic");
+        Node* is_megamorphic = WordEqual(
+            feedback_element,
+            HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())));
+        GotoIf(is_megamorphic, &call_construct_function);
+
+        Comment("check if weak cell");
+        Node* is_weak_cell = WordEqual(LoadMap(feedback_element),
+                                       LoadRoot(Heap::kWeakCellMapRootIndex));
+        GotoUnless(is_weak_cell, &check_allocation_site);
+        // If the weak cell is cleared, we have a new chance to become
+        // monomorphic.
+        Comment("check if weak cell is cleared");
+        Node* is_smi = WordIsSmi(feedback_value);
+        BranchIf(is_smi, &initialize, &mark_megamorphic);
+      }
+
+      Bind(&check_allocation_site);
+      {
+        Comment("check if it is an allocation site");
+        Node* is_allocation_site =
+            WordEqual(LoadObjectField(feedback_element, 0),
+                      LoadRoot(Heap::kAllocationSiteMapRootIndex));
+        GotoUnless(is_allocation_site, &check_initialized);
+
+        // Make sure the function is the Array() function
+        Node* context_slot =
+            LoadFixedArrayElement(LoadNativeContext(context),
+                                  Int32Constant(Context::ARRAY_FUNCTION_INDEX));
+        Node* is_array_function = WordEqual(context_slot, constructor);
+        BranchIf(is_array_function, &set_alloc_feedback_and_inc_count,
+                 &mark_megamorphic);
+      }
+
+      Bind(&set_alloc_feedback_and_inc_count);
+      {
+        allocation_feedback.Bind(feedback_element);
+        Goto(&increment_count);
+      }
+
+      Bind(&check_initialized);
+      {
+        // Check if it is uninitialized.
+        Comment("check if uninitialized");
+        Node* is_uninitialized = WordEqual(
+            feedback_element, LoadRoot(Heap::kuninitialized_symbolRootIndex));
+        BranchIf(is_uninitialized, &initialize, &mark_megamorphic);
+      }
+
+      Bind(&initialize);
+      {
+        Label initialize_count(this), create_weak_cell(this),
+            create_allocation_site(this);
+        Comment("initialize the feedback element");
+        // Check that it is the Array() function.
+        Node* context_slot =
+            LoadFixedArrayElement(LoadNativeContext(context),
+                                  Int32Constant(Context::ARRAY_FUNCTION_INDEX));
+        Node* is_array_function = WordEqual(context_slot, constructor);
+        BranchIf(is_array_function, &create_allocation_site, &create_weak_cell);
+
+        Bind(&create_allocation_site);
+        {
+          // TODO(mythria): Inline the creation of allocation site.
+          CreateAllocationSiteStub create_stub(isolate());
+          CallStub(create_stub.GetCallInterfaceDescriptor(),
+                   HeapConstant(create_stub.GetCode()), context,
+                   type_feedback_vector, SmiTag(slot_id));
+          Node* feedback_element =
+              LoadFixedArrayElement(type_feedback_vector, slot_id);
+          allocation_feedback.Bind(feedback_element);
+          Goto(&initialize_count);
+        }
+
+        Bind(&create_weak_cell);
+        {
+          CreateWeakCellInFeedbackVector(type_feedback_vector, SmiTag(slot_id),
+                                         constructor);
+          Goto(&initialize_count);
+        }
+
+        Bind(&initialize_count);
+        {
+          Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
+          // Count is Smi, so we don't need a write barrier.
+          StoreFixedArrayElement(type_feedback_vector, call_count_slot,
+                                 SmiTag(Int32Constant(1)), SKIP_WRITE_BARRIER);
+          Goto(&call_construct_function);
+        }
+      }
+
+      Bind(&mark_megamorphic);
+      {
+        // MegamorphicSentinel is an immortal immovable object so no
+        // write-barrier
+        // is needed.
+        Comment("transition to megamorphic");
+        DCHECK(
+            Heap::RootIsImmortalImmovable(Heap::kmegamorphic_symbolRootIndex));
+        StoreFixedArrayElement(
+            type_feedback_vector, slot_id,
+            HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())),
+            SKIP_WRITE_BARRIER);
+        Goto(&call_construct_function);
+      }
+    }
+
+    Bind(&increment_count);
+    {
+      // Increment the call count.
+      Comment("increment call count");
+      Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
+      Node* call_count =
+          LoadFixedArrayElement(type_feedback_vector, call_count_slot);
+      Node* new_count = SmiAdd(call_count, SmiTag(Int32Constant(1)));
+      // Count is Smi, so we don't need a write barrier.
+      StoreFixedArrayElement(type_feedback_vector, call_count_slot, new_count,
+                             SKIP_WRITE_BARRIER);
+      Goto(&call_construct_function);
+    }
+
+    Bind(&call_construct_function);
+    {
+      Comment("call using callConstructFunction");
+      Callable callable_function = CodeFactory::InterpreterPushArgsAndConstruct(
+          isolate(), CallableType::kJSFunction);
+      return_value.Bind(CallStub(callable_function.descriptor(),
+                                 HeapConstant(callable_function.code()),
+                                 context, arg_count, new_target, constructor,
+                                 allocation_feedback.value(), first_arg));
+      Goto(&end);
+    }
+  }
+
+  Bind(&call_construct);
+  {
+    Comment("call using callConstruct builtin");
+    Callable callable = CodeFactory::InterpreterPushArgsAndConstruct(
+        isolate(), CallableType::kAny);
+    Node* code_target = HeapConstant(callable.code());
+    return_value.Bind(CallStub(callable.descriptor(), code_target, context,
+                               arg_count, new_target, constructor,
+                               UndefinedConstant(), first_arg));
+    Goto(&end);
+  }
+
+  Bind(&end);
+  return return_value.value();
 }
 
 Node* InterpreterAssembler::CallRuntimeN(Node* function_id, Node* context,