[Interpreter] Collect allocation site feedback in call bytecode handler.

src/interpreter/interpreter-assembler.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/interpreter/interpreter-assembler.h"
 
 #include <limits>
 #include <ostream>
 
 #include "src/code-factory.h"
@@ skipping 505 matching lines @@
         isolate(), tail_call_mode, CallableType::kJSFunction);
     Node* code_target = HeapConstant(callable.code());
     Node* ret_value = CallStub(callable.descriptor(), code_target, context,
                                arg_count, first_arg, function);
     return_value.Bind(ret_value);
     Goto(&end);
   }
 
   Bind(&extra_checks);
   {
-    Label check_initialized(this, Label::kDeferred), mark_megamorphic(this);
+    Label check_initialized(this, Label::kDeferred), mark_megamorphic(this),
+        check_allocation_site(this), create_allocation_site(this);
     // Check if it is a megamorphic target
     Node* is_megamorphic = WordEqual(
         feedback_element,
         HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())));
-    BranchIf(is_megamorphic, &call, &check_initialized);
+    BranchIf(is_megamorphic, &call, &check_allocation_site);
+
+    Bind(&check_allocation_site);
+    {
+      Node* is_allocation_site =
+          WordEqual(LoadMap(feedback_element),
+                    LoadRoot(Heap::kAllocationSiteMapRootIndex));
+      GotoUnless(is_allocation_site, &check_initialized);
+
+      // If it is not an array function, mark megamorphic.
+      Node* context_slot =
+          LoadFixedArrayElement(LoadNativeContext(context),
+                                Int32Constant(Context::ARRAY_FUNCTION_INDEX));
+      Node* is_array_function = WordEqual(context_slot, function);
+      GotoUnless(is_array_function, &mark_megamorphic);
+
+      // It is a monomorphic Array function. Increment the call count.
+      Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
+      Node* call_count =
+          LoadFixedArrayElement(type_feedback_vector, call_count_slot);
+      Node* new_count = SmiAdd(call_count, SmiTag(Int32Constant(1)));
+      // Count is Smi, so we don't need a write barrier.
+      StoreFixedArrayElement(type_feedback_vector, call_count_slot, new_count,
+                             SKIP_WRITE_BARRIER);
+
+      // Call using CallFunction builtin.
+      // TODO(mythria): We still do not use the collected feedback when creating
+      // a new array. To use it, we should have an adapter builtin similiar to
+      // InterpreterPushArgsAndCall to push arguments and call the
+      // ArrayConstructorStub or Runtime_NewArray.
+      Callable callable_call = CodeFactory::InterpreterPushArgsAndCall(
+          isolate(), tail_call_mode, CallableType::kJSFunction);
+      Node* code_target_call = HeapConstant(callable_call.code());
+      Node* ret_value = CallStub(callable_call.descriptor(), code_target_call,
+                                 context, arg_count, first_arg, function);

[mythria, 2016/09/02 14:33:46]

We do not pass allocation site feedback here, so the new array that is created
does not use this information. If I understand correctly, we still collect
feedback and can use it in turbofan. I am not sure if this is sufficient for
now. If this implementation is not Ok, then I can change it to call the
ArrayConstructorStub. We just need an additional builtin to push the arguments
before we call the stub. 

[Benedikt Meurer, 2016/09/05 04:11:20]

Ah, I misunderstood you in our offline conversation: This actually only makes
sense if you pass the allocation site to the Array constructor, because that
does the elements kind tracking. I'm pretty sure we need this for 2-3
benchmarks, otherwise we don't remove the majority of elements kind transitions
and we might even stay polymophic in many cases.

[mythria, 2016/09/05 12:56:34]

Thanks Benedikt. I now implemented it throw ArrayConstructor Stub. Done.

+      return_value.Bind(ret_value);
+      Goto(&end);
+    }
 
     Bind(&check_initialized);
     {
       Label possibly_monomorphic(this);
       // Check if it is uninitialized.
       Node* is_uninitialized = WordEqual(
           feedback_element,
           HeapConstant(TypeFeedbackVector::UninitializedSentinel(isolate())));
       GotoUnless(is_uninitialized, &mark_megamorphic);
 
       Node* is_smi = WordIsSmi(function);
       GotoIf(is_smi, &mark_megamorphic);
 
       // Check if function is an object of JSFunction type
       Node* instance_type = LoadInstanceType(function);
       Node* is_js_function =
           WordEqual(instance_type, Int32Constant(JS_FUNCTION_TYPE));
       GotoUnless(is_js_function, &mark_megamorphic);
 
       // Check that it is not the Array() function.
       Node* context_slot =
           LoadFixedArrayElement(LoadNativeContext(context),
                                 Int32Constant(Context::ARRAY_FUNCTION_INDEX));
       Node* is_array_function = WordEqual(context_slot, function);
-      GotoIf(is_array_function, &mark_megamorphic);
+      GotoIf(is_array_function, &create_allocation_site);
 
       // Check if the function belongs to the same native context
       Node* native_context = LoadNativeContext(
           LoadObjectField(function, JSFunction::kContextOffset));
       Node* is_same_native_context =
           WordEqual(native_context, LoadNativeContext(context));
       GotoUnless(is_same_native_context, &mark_megamorphic);
 
       // Initialize it to a monomorphic target.
       Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
       // Count is Smi, so we don't need a write barrier.
       StoreFixedArrayElement(type_feedback_vector, call_count_slot,
                              SmiTag(Int32Constant(1)), SKIP_WRITE_BARRIER);
 
       CreateWeakCellInFeedbackVector(type_feedback_vector, SmiTag(slot_id),
                                      function);
 
       // Call using call function builtin.
       Callable callable = CodeFactory::InterpreterPushArgsAndCall(
           isolate(), tail_call_mode, CallableType::kJSFunction);
       Node* code_target = HeapConstant(callable.code());
       Node* ret_value = CallStub(callable.descriptor(), code_target, context,
                                  arg_count, first_arg, function);
       return_value.Bind(ret_value);
       Goto(&end);
     }
 
+    Bind(&create_allocation_site);
+    {
+      // TODO(mythria): Inline the creation of allocation site.
+      CreateAllocationSiteStub create_stub(isolate());
+      CallStub(create_stub.GetCallInterfaceDescriptor(),
+               HeapConstant(create_stub.GetCode()), context,
+               type_feedback_vector, SmiTag(slot_id));
+
+      // Initialize the count to 1.
+      Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
+      // Count is Smi, so we don't need a write barrier.
+      StoreFixedArrayElement(type_feedback_vector, call_count_slot,
+                             SmiTag(Int32Constant(1)), SKIP_WRITE_BARRIER);
+
+      // Call using CallFunction builtin.
+      // TODO(mythria): We still do not use the collected feedback when creating
+      // a new array. To use it, we should have an adapter builtin similiar to
+      // InterpreterPushArgsAndCall to push arguments and call the
+      // ArrayConstructorStub or Runtime_NewArray.
+      Callable callable_call = CodeFactory::InterpreterPushArgsAndCall(
+          isolate(), tail_call_mode, CallableType::kJSFunction);
+      Node* code_target_call = HeapConstant(callable_call.code());
+      Node* ret_value = CallStub(callable_call.descriptor(), code_target_call,
+                                 context, arg_count, first_arg, function);
+      return_value.Bind(ret_value);
+      Goto(&end);
+    }
+
     Bind(&mark_megamorphic);
     {
       // Mark it as a megamorphic.
       // MegamorphicSentinel is created as a part of Heap::InitialObjects
       // and will not move during a GC. So it is safe to skip write barrier.
       DCHECK(Heap::RootIsImmortalImmovable(Heap::kmegamorphic_symbolRootIndex));
       StoreFixedArrayElement(
           type_feedback_vector, slot_id,
           HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())),
           SKIP_WRITE_BARRIER);
@@ skipping 163 matching lines @@
           Node* call_count_slot = IntPtrAdd(slot_id, IntPtrConstant(1));
           // Count is Smi, so we don't need a write barrier.
           StoreFixedArrayElement(type_feedback_vector, call_count_slot,
                                  SmiTag(Int32Constant(1)), SKIP_WRITE_BARRIER);
           Goto(&call_construct_function);
         }
       }
 
       Bind(&mark_megamorphic);
       {
-        // MegamorphicSentinel is an immortal immovable object so no
-        // write-barrier
-        // is needed.
+        // MegamorphicSentinel is an immortal immovable object so
+        // write-barrier is not needed.
         Comment("transition to megamorphic");
         DCHECK(
             Heap::RootIsImmortalImmovable(Heap::kmegamorphic_symbolRootIndex));
         StoreFixedArrayElement(
             type_feedback_vector, slot_id,
             HeapConstant(TypeFeedbackVector::MegamorphicSentinel(isolate())),
             SKIP_WRITE_BARRIER);
         Goto(&call_construct_function);
       }
     }
@@ skipping 483 matching lines @@
     Goto(&loop);
   }
   Bind(&done_loop);
 
   return array;
 }
 
 }  // namespace interpreter
 }  // namespace internal
 }  // namespace v8