X87: [Turbofan] Implement call with spread bytecode in assembly code.

src/builtins/x87/builtins-x87.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_X87
 
 #include "src/code-factory.h"
 #include "src/codegen.h"
 #include "src/deoptimizer.h"
 #include "src/full-codegen/full-codegen.h"
@@ skipping 712 matching lines @@
   __ add(ecx, ebx);
   Generate_InterpreterPushArgs(masm, ecx, ebx);
 
   // Call the target.
   __ Push(edx);  // Re-push return address.
 
   if (mode == InterpreterPushArgsMode::kJSFunction) {
     __ Jump(masm->isolate()->builtins()->CallFunction(ConvertReceiverMode::kAny,
                                                       tail_call_mode),
             RelocInfo::CODE_TARGET);
+  } else if (mode == InterpreterPushArgsMode::kWithFinalSpread) {
+    __ Jump(masm->isolate()->builtins()->CallWithSpread(),
+            RelocInfo::CODE_TARGET);
   } else {
-    DCHECK_EQ(mode, InterpreterPushArgsMode::kOther);
     __ Jump(masm->isolate()->builtins()->Call(ConvertReceiverMode::kAny,
                                               tail_call_mode),
             RelocInfo::CODE_TARGET);
   }
 
   __ bind(&stack_overflow);
   {
     // Pop the temporary registers, so that return address is on top of stack.
     __ Pop(edi);
 
@@ skipping 1949 matching lines @@
 
   // 3. Call to something that is not callable.
   __ bind(&non_callable);
   {
     FrameScope scope(masm, StackFrame::INTERNAL);
     __ Push(edi);
     __ CallRuntime(Runtime::kThrowCalledNonCallable);
   }
 }
 
-// static
-void Builtins::Generate_ConstructFunction(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- eax : the number of arguments (not including the receiver)
-  //  -- edx : the new target (checked to be a constructor)
-  //  -- edi : the constructor to call (checked to be a JSFunction)
-  // -----------------------------------
-  __ AssertFunction(edi);
-
-  // Calling convention for function specific ConstructStubs require
-  // ebx to contain either an AllocationSite or undefined.
-  __ LoadRoot(ebx, Heap::kUndefinedValueRootIndex);
-
-  // Tail call to the function-specific construct stub (still in the caller
-  // context at this point).
-  __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
-  __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kConstructStubOffset));
-  __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
-  __ jmp(ecx);
-}
-
-// static
-void Builtins::Generate_ConstructBoundFunction(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- eax : the number of arguments (not including the receiver)
-  //  -- edx : the new target (checked to be a constructor)
-  //  -- edi : the constructor to call (checked to be a JSBoundFunction)
-  // -----------------------------------
-  __ AssertBoundFunction(edi);
-
-  // Push the [[BoundArguments]] onto the stack.
-  Generate_PushBoundArguments(masm);
-
-  // Patch new.target to [[BoundTargetFunction]] if new.target equals target.
-  {
-    Label done;
-    __ cmp(edi, edx);
-    __ j(not_equal, &done, Label::kNear);
-    __ mov(edx, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
-    __ bind(&done);
-  }
-
-  // Construct the [[BoundTargetFunction]] via the Construct builtin.
-  __ mov(edi, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
-  __ mov(ecx, Operand::StaticVariable(
-                  ExternalReference(Builtins::kConstruct, masm->isolate())));
-  __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
-  __ jmp(ecx);
-}
-
-// static
-void Builtins::Generate_ConstructProxy(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- eax : the number of arguments (not including the receiver)
-  //  -- edi : the constructor to call (checked to be a JSProxy)
-  //  -- edx : the new target (either the same as the constructor or
-  //           the JSFunction on which new was invoked initially)
-  // -----------------------------------
-
-  // Call into the Runtime for Proxy [[Construct]].
-  __ PopReturnAddressTo(ecx);
-  __ Push(edi);
-  __ Push(edx);
-  __ PushReturnAddressFrom(ecx);
-  // Include the pushed new_target, constructor and the receiver.
-  __ add(eax, Immediate(3));
-  // Tail-call to the runtime.
-  __ JumpToExternalReference(
-      ExternalReference(Runtime::kJSProxyConstruct, masm->isolate()));
-}
-
-// static
-void Builtins::Generate_Construct(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- eax : the number of arguments (not including the receiver)
-  //  -- edx : the new target (either the same as the constructor or
-  //           the JSFunction on which new was invoked initially)
-  //  -- edi : the constructor to call (can be any Object)
-  // -----------------------------------
-
-  // Check if target is a Smi.
-  Label non_constructor;
-  __ JumpIfSmi(edi, &non_constructor, Label::kNear);
-
-  // Dispatch based on instance type.
-  __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
-  __ j(equal, masm->isolate()->builtins()->ConstructFunction(),
-       RelocInfo::CODE_TARGET);
-
-  // Check if target has a [[Construct]] internal method.
-  __ test_b(FieldOperand(ecx, Map::kBitFieldOffset),
-            Immediate(1 << Map::kIsConstructor));
-  __ j(zero, &non_constructor, Label::kNear);
-
-  // Only dispatch to bound functions after checking whether they are
-  // constructors.
-  __ CmpInstanceType(ecx, JS_BOUND_FUNCTION_TYPE);
-  __ j(equal, masm->isolate()->builtins()->ConstructBoundFunction(),
-       RelocInfo::CODE_TARGET);
-
-  // Only dispatch to proxies after checking whether they are constructors.
-  __ CmpInstanceType(ecx, JS_PROXY_TYPE);
-  __ j(equal, masm->isolate()->builtins()->ConstructProxy(),
-       RelocInfo::CODE_TARGET);
-
-  // Called Construct on an exotic Object with a [[Construct]] internal method.
-  {
-    // Overwrite the original receiver with the (original) target.
-    __ mov(Operand(esp, eax, times_pointer_size, kPointerSize), edi);
-    // Let the "call_as_constructor_delegate" take care of the rest.
-    __ LoadGlobalFunction(Context::CALL_AS_CONSTRUCTOR_DELEGATE_INDEX, edi);
-    __ Jump(masm->isolate()->builtins()->CallFunction(),
-            RelocInfo::CODE_TARGET);
-  }
-
-  // Called Construct on an Object that doesn't have a [[Construct]] internal
-  // method.
-  __ bind(&non_constructor);
-  __ Jump(masm->isolate()->builtins()->ConstructedNonConstructable(),
-          RelocInfo::CODE_TARGET);
-}
-
-// static
-void Builtins::Generate_ConstructWithSpread(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- eax : the number of arguments (not including the receiver)
-  //  -- edx : the new target (either the same as the constructor or
-  //           the JSFunction on which new was invoked initially)
-  //  -- edi : the constructor to call (can be any Object)
-  // -----------------------------------
-
+static void CheckSpreadAndPushToStack(MacroAssembler* masm) {
   // Free up some registers.
   // Save edx/edi to stX0/stX1.
   __ push(edx);
   __ push(edi);
   __ fld_s(MemOperand(esp, 0));
   __ fld_s(MemOperand(esp, 4));
   __ lea(esp, Operand(esp, 2 * kFloatSize));
 
   Register argc = eax;
 
   Register scratch = ecx;
   Register scratch2 = edi;
 
   Register spread = ebx;
   Register spread_map = edx;
 
+  Register spread_len = edx;
+
   __ mov(spread, Operand(esp, kPointerSize));
   __ mov(spread_map, FieldOperand(spread, HeapObject::kMapOffset));
 
   Label runtime_call, push_args;
   // Check that the spread is an array.
   __ CmpInstanceType(spread_map, JS_ARRAY_TYPE);
   __ j(not_equal, &runtime_call);
 
   // Check that we have the original ArrayPrototype.
   __ mov(scratch, FieldOperand(spread_map, Map::kPrototypeOffset));
@@ skipping 32 matching lines @@
   __ j(equal, &no_protector_check);
   __ cmp(scratch, Immediate(FAST_ELEMENTS));
   __ j(equal, &no_protector_check);
   // Check the ArrayProtector cell.
   __ LoadRoot(scratch, Heap::kArrayProtectorRootIndex);
   __ cmp(FieldOperand(scratch, PropertyCell::kValueOffset),
          Immediate(Smi::FromInt(Isolate::kProtectorValid)));
   __ j(not_equal, &runtime_call);
 
   __ bind(&no_protector_check);
-  // Load the FixedArray backing store.
+  // Load the FixedArray backing store, but use the length from the array.
+  __ mov(spread_len, FieldOperand(spread, JSArray::kLengthOffset));
+  __ SmiUntag(spread_len);
   __ mov(spread, FieldOperand(spread, JSArray::kElementsOffset));
-  // Free up some registers.
   __ jmp(&push_args);
 
   __ bind(&runtime_call);
   {
     // Call the builtin for the result of the spread.
     FrameScope scope(masm, StackFrame::INTERNAL);
     // Need to save these on the stack.
     // Restore edx/edi from stX0/stX1.
     __ lea(esp, Operand(esp, -2 * kFloatSize));
     __ fstp_s(MemOperand(esp, 0));
@@ skipping 14 matching lines @@
     __ Pop(edi);
     // Free up some registers.
     // Save edx/edi to stX0/stX1.
     __ push(edx);
     __ push(edi);
     __ fld_s(MemOperand(esp, 0));
     __ fld_s(MemOperand(esp, 4));
     __ lea(esp, Operand(esp, 2 * kFloatSize));
   }
 
-  Register spread_len = edx;
   Register return_address = edi;
-  __ bind(&push_args);
   {
+    // Calculate the new nargs including the result of the spread.
+    __ mov(spread_len, FieldOperand(spread, FixedArray::kLengthOffset));
+    __ SmiUntag(spread_len);
+
+    __ bind(&push_args);
+    // argc += spread_len - 1. Subtract 1 for the spread itself.
+    __ lea(argc, Operand(argc, spread_len, times_1, -1));
+
     // Pop the return address and spread argument.
     __ PopReturnAddressTo(return_address);
     __ Pop(scratch);
-
-    // Calculate the new nargs including the result of the spread.
-    __ mov(spread_len, FieldOperand(spread, FixedArray::kLengthOffset));
-    __ SmiUntag(spread_len);
-    // argc += spread_len - 1. Subtract 1 for the spread itself.
-    __ lea(argc, Operand(argc, spread_len, times_1, -1));
   }
 
   // Check for stack overflow.
   {
     // Check the stack for overflow. We are not trying to catch interruptions
     // (i.e. debug break and preemption) here, so check the "real stack limit".
     Label done;
     __ LoadRoot(scratch, Heap::kRealStackLimitRootIndex);
     // Make scratch the space we have left. The stack might already be
     // overflowed here which will cause scratch to become negative.
     __ neg(scratch);
     __ add(scratch, esp);
     __ sar(scratch, kPointerSizeLog2);
     // Check if the arguments will overflow the stack.
     __ cmp(scratch, spread_len);
     __ j(greater, &done, Label::kNear);  // Signed comparison.
     __ TailCallRuntime(Runtime::kThrowStackOverflow);
     __ bind(&done);
   }
 
   // Put the evaluated spread onto the stack as additional arguments.
   {
     Register scratch2 = esi;
-    //    __ movd(xmm2, esi);
     // Save esi to stX0, edx/edi in stX1/stX2 now.
     __ push(esi);
     __ fld_s(MemOperand(esp, 0));
     __ lea(esp, Operand(esp, 1 * kFloatSize));
 
     __ mov(scratch, Immediate(0));
     Label done, loop;
     __ bind(&loop);
     __ cmp(scratch, spread_len);
     __ j(equal, &done, Label::kNear);
     __ mov(scratch2, FieldOperand(spread, scratch, times_pointer_size,
                                   FixedArray::kHeaderSize));
     __ Push(scratch2);
     __ inc(scratch);
     __ jmp(&loop);
     __ bind(&done);
     __ PushReturnAddressFrom(return_address);
 
     // Now Restore esi from stX0, edx/edi from stX1/stX2.
     __ lea(esp, Operand(esp, -3 * kFloatSize));
     __ fstp_s(MemOperand(esp, 0));
     __ fstp_s(MemOperand(esp, 4));
     __ fstp_s(MemOperand(esp, 8));
     __ pop(esi);
     __ pop(edx);
     __ pop(edi);
   }
+}
 
-  // Dispatch.
+// static
+void Builtins::Generate_CallWithSpread(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edi : the target to call (can be any Object)
+  // -----------------------------------
+
+  // CheckSpreadAndPushToStack will push edx to save it.
+  __ LoadRoot(edx, Heap::kUndefinedValueRootIndex);
+  CheckSpreadAndPushToStack(masm);
+  __ Jump(masm->isolate()->builtins()->Call(ConvertReceiverMode::kAny,
+                                            TailCallMode::kDisallow),
+          RelocInfo::CODE_TARGET);
+}
+
+// static
+void Builtins::Generate_ConstructFunction(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edx : the new target (checked to be a constructor)
+  //  -- edi : the constructor to call (checked to be a JSFunction)
+  // -----------------------------------
+  __ AssertFunction(edi);
+
+  // Calling convention for function specific ConstructStubs require
+  // ebx to contain either an AllocationSite or undefined.
+  __ LoadRoot(ebx, Heap::kUndefinedValueRootIndex);
+
+  // Tail call to the function-specific construct stub (still in the caller
+  // context at this point).
+  __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
+  __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kConstructStubOffset));
+  __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
+  __ jmp(ecx);
+}
+
+// static
+void Builtins::Generate_ConstructBoundFunction(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edx : the new target (checked to be a constructor)
+  //  -- edi : the constructor to call (checked to be a JSBoundFunction)
+  // -----------------------------------
+  __ AssertBoundFunction(edi);
+
+  // Push the [[BoundArguments]] onto the stack.
+  Generate_PushBoundArguments(masm);
+
+  // Patch new.target to [[BoundTargetFunction]] if new.target equals target.
+  {
+    Label done;
+    __ cmp(edi, edx);
+    __ j(not_equal, &done, Label::kNear);
+    __ mov(edx, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
+    __ bind(&done);
+  }
+
+  // Construct the [[BoundTargetFunction]] via the Construct builtin.
+  __ mov(edi, FieldOperand(edi, JSBoundFunction::kBoundTargetFunctionOffset));
+  __ mov(ecx, Operand::StaticVariable(
+                  ExternalReference(Builtins::kConstruct, masm->isolate())));
+  __ lea(ecx, FieldOperand(ecx, Code::kHeaderSize));
+  __ jmp(ecx);
+}
+
+// static
+void Builtins::Generate_ConstructProxy(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edi : the constructor to call (checked to be a JSProxy)
+  //  -- edx : the new target (either the same as the constructor or
+  //           the JSFunction on which new was invoked initially)
+  // -----------------------------------
+
+  // Call into the Runtime for Proxy [[Construct]].
+  __ PopReturnAddressTo(ecx);
+  __ Push(edi);
+  __ Push(edx);
+  __ PushReturnAddressFrom(ecx);
+  // Include the pushed new_target, constructor and the receiver.
+  __ add(eax, Immediate(3));
+  // Tail-call to the runtime.
+  __ JumpToExternalReference(
+      ExternalReference(Runtime::kJSProxyConstruct, masm->isolate()));
+}
+
+// static
+void Builtins::Generate_Construct(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edx : the new target (either the same as the constructor or
+  //           the JSFunction on which new was invoked initially)
+  //  -- edi : the constructor to call (can be any Object)
+  // -----------------------------------
+
+  // Check if target is a Smi.
+  Label non_constructor;
+  __ JumpIfSmi(edi, &non_constructor, Label::kNear);
+
+  // Dispatch based on instance type.
+  __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
+  __ j(equal, masm->isolate()->builtins()->ConstructFunction(),
+       RelocInfo::CODE_TARGET);
+
+  // Check if target has a [[Construct]] internal method.
+  __ test_b(FieldOperand(ecx, Map::kBitFieldOffset),
+            Immediate(1 << Map::kIsConstructor));
+  __ j(zero, &non_constructor, Label::kNear);
+
+  // Only dispatch to bound functions after checking whether they are
+  // constructors.
+  __ CmpInstanceType(ecx, JS_BOUND_FUNCTION_TYPE);
+  __ j(equal, masm->isolate()->builtins()->ConstructBoundFunction(),
+       RelocInfo::CODE_TARGET);
+
+  // Only dispatch to proxies after checking whether they are constructors.
+  __ CmpInstanceType(ecx, JS_PROXY_TYPE);
+  __ j(equal, masm->isolate()->builtins()->ConstructProxy(),
+       RelocInfo::CODE_TARGET);
+
+  // Called Construct on an exotic Object with a [[Construct]] internal method.
+  {
+    // Overwrite the original receiver with the (original) target.
+    __ mov(Operand(esp, eax, times_pointer_size, kPointerSize), edi);
+    // Let the "call_as_constructor_delegate" take care of the rest.
+    __ LoadGlobalFunction(Context::CALL_AS_CONSTRUCTOR_DELEGATE_INDEX, edi);
+    __ Jump(masm->isolate()->builtins()->CallFunction(),
+            RelocInfo::CODE_TARGET);
+  }
+
+  // Called Construct on an Object that doesn't have a [[Construct]] internal
+  // method.
+  __ bind(&non_constructor);
+  __ Jump(masm->isolate()->builtins()->ConstructedNonConstructable(),
+          RelocInfo::CODE_TARGET);
+}
+
+// static
+void Builtins::Generate_ConstructWithSpread(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edx : the new target (either the same as the constructor or
+  //           the JSFunction on which new was invoked initially)
+  //  -- edi : the constructor to call (can be any Object)
+  // -----------------------------------
+
+  CheckSpreadAndPushToStack(masm);
   __ Jump(masm->isolate()->builtins()->Construct(), RelocInfo::CODE_TARGET);
 }
 
 // static
 void Builtins::Generate_AllocateInNewSpace(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- edx    : requested object size (untagged)
   //  -- esp[0] : return address
   // -----------------------------------
   __ SmiTag(edx);
@@ skipping 305 matching lines @@
 
 void Builtins::Generate_InterpreterOnStackReplacement(MacroAssembler* masm) {
   Generate_OnStackReplacementHelper(masm, true);
 }
 
 #undef __
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_X87