[turbofan] Avoid allocating rest parameters for spread calls.

src/builtins/ia32/builtins-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_IA32
 
 #include "src/code-factory.h"
 #include "src/codegen.h"
 #include "src/deoptimizer.h"
 #include "src/full-codegen/full-codegen.h"
@@ skipping 2291 matching lines @@
 
   // Dispatch to Call or Construct depending on whether new.target is undefined.
   {
     __ CompareRoot(edx, Heap::kUndefinedValueRootIndex);
     __ j(equal, masm->isolate()->builtins()->Call(), RelocInfo::CODE_TARGET);
     __ Jump(masm->isolate()->builtins()->Construct(), RelocInfo::CODE_TARGET);
   }
 }
 
 // static
-void Builtins::Generate_CallForwardVarargs(MacroAssembler* masm,
-                                           Handle<Code> code) {
+void Builtins::Generate_ForwardVarargs(MacroAssembler* masm,
+                                       Handle<Code> code) {
   // ----------- S t a t e -------------
-  //  -- edi    : the target to call (can be any Object)
-  //  -- ecx    : start index (to support rest parameters)
-  //  -- esp[0] : return address.
-  //  -- esp[4] : thisArgument
+  //  -- eax : the number of arguments (not including the receiver)
+  //  -- edi : the target to call (can be any Object)
+  //  -- edx : the new target (for [[Construct]] calls)
+  //  -- ecx : start index (to support rest parameters)
   // -----------------------------------
 
+  // Preserve new.target (in case of [[Construct]]).
+  __ movd(xmm0, edx);
+
   // Check if we have an arguments adaptor frame below the function frame.
   Label arguments_adaptor, arguments_done;
   __ mov(ebx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
   __ cmp(Operand(ebx, CommonFrameConstants::kContextOrFrameTypeOffset),
          Immediate(StackFrame::TypeToMarker(StackFrame::ARGUMENTS_ADAPTOR)));
   __ j(equal, &arguments_adaptor, Label::kNear);
   {
-    __ mov(eax, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
-    __ mov(eax, FieldOperand(eax, JSFunction::kSharedFunctionInfoOffset));
-    __ mov(eax,
-           FieldOperand(eax, SharedFunctionInfo::kFormalParameterCountOffset));
+    __ mov(edx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
+    __ mov(edx, FieldOperand(edx, JSFunction::kSharedFunctionInfoOffset));
+    __ mov(edx,
+           FieldOperand(edx, SharedFunctionInfo::kFormalParameterCountOffset));
     __ mov(ebx, ebp);
   }
   __ jmp(&arguments_done, Label::kNear);
   __ bind(&arguments_adaptor);
   {
     // Just load the length from the ArgumentsAdaptorFrame.
-    __ mov(eax, Operand(ebx, ArgumentsAdaptorFrameConstants::kLengthOffset));
+    __ mov(edx, Operand(ebx, ArgumentsAdaptorFrameConstants::kLengthOffset));
   }
   __ bind(&arguments_done);
 
-  Label stack_empty, stack_done;
-  __ SmiUntag(eax);
-  __ sub(eax, ecx);
-  __ j(less_equal, &stack_empty);
+  Label stack_done;
+  __ SmiUntag(edx);
+  __ sub(edx, ecx);
+  __ j(less_equal, &stack_done);
   {
     // Check for stack overflow.
     {
       // Check the stack for overflow. We are not trying to catch interruptions
       // (i.e. debug break and preemption) here, so check the "real stack
       // limit".
       Label done;
       __ LoadRoot(ecx, Heap::kRealStackLimitRootIndex);
       // Make ecx the space we have left. The stack might already be
       // overflowed here which will cause ecx to become negative.
       __ neg(ecx);
       __ add(ecx, esp);
       __ sar(ecx, kPointerSizeLog2);
       // Check if the arguments will overflow the stack.
-      __ cmp(ecx, eax);
+      __ cmp(ecx, edx);
       __ j(greater, &done, Label::kNear);  // Signed comparison.
       __ TailCallRuntime(Runtime::kThrowStackOverflow);
       __ bind(&done);
     }
 
     // Forward the arguments from the caller frame.
     {
       Label loop;
-      __ mov(ecx, eax);
-      __ pop(edx);
+      __ add(eax, edx);
+      __ PopReturnAddressTo(ecx);
       __ bind(&loop);
       {
-        __ Push(Operand(ebx, ecx, times_pointer_size, 1 * kPointerSize));
-        __ dec(ecx);
+        __ Push(Operand(ebx, edx, times_pointer_size, 1 * kPointerSize));
+        __ dec(edx);
         __ j(not_zero, &loop);
       }
-      __ push(edx);
+      __ PushReturnAddressFrom(ecx);
     }
   }
-  __ jmp(&stack_done, Label::kNear);
-  __ bind(&stack_empty);
-  {
-    // We just pass the receiver, which is already on the stack.
-    __ Move(eax, Immediate(0));
-  }
   __ bind(&stack_done);
 
+  // Restore new.target (in case of [[Construct]]).
+  __ movd(edx, xmm0);
+
+  // Tail-call to the {code} handler.
   __ Jump(code, RelocInfo::CODE_TARGET);
 }
 
 namespace {
 
 // Drops top JavaScript frame and an arguments adaptor frame below it (if
 // present) preserving all the arguments prepared for current call.
 // Does nothing if debugger is currently active.
 // ES6 14.6.3. PrepareForTailCall
 //
@@ skipping 926 matching lines @@
   }
   // Now jump to the instructions of the returned code object.
   __ jmp(edi);
 }
 
 #undef __
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_IA32