Revert "Reland r21346 "Inobject slack tracking is done on a per-closure basis instead of per-shared…

src/arm64/builtins-arm64.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "v8.h"
 
 #if V8_TARGET_ARCH_ARM64
 
 #include "codegen.h"
 #include "debug.h"
@@ skipping 286 matching lines @@
   CallRuntimePassFunction(masm, Runtime::kHiddenTryInstallOptimizedCode);
   GenerateTailCallToReturnedCode(masm);
 
   __ Bind(&ok);
   GenerateTailCallToSharedCode(masm);
 }
 
 
 static void Generate_JSConstructStubHelper(MacroAssembler* masm,
                                            bool is_api_function,
+                                           bool count_constructions,
                                            bool create_memento) {
   // ----------- S t a t e -------------
   //  -- x0     : number of arguments
   //  -- x1     : constructor function
   //  -- x2     : allocation site or undefined
   //  -- lr     : return address
   //  -- sp[...]: constructor arguments
   // -----------------------------------
 
   ASM_LOCATION("Builtins::Generate_JSConstructStubHelper");
+  // Should never count constructions for api objects.
+  ASSERT(!is_api_function || !count_constructions);
   // Should never create mementos for api functions.
   ASSERT(!is_api_function || !create_memento);
+  // Should never create mementos before slack tracking is finished.
+  ASSERT(!count_constructions || !create_memento);
 
   Isolate* isolate = masm->isolate();
 
   // Enter a construct frame.
   {
     FrameScope scope(masm, StackFrame::CONSTRUCT);
 
     // Preserve the three incoming parameters on the stack.
     if (create_memento) {
       __ AssertUndefinedOrAllocationSite(x2, x10);
@@ skipping 25 matching lines @@
                              JSFunction::kPrototypeOrInitialMapOffset));
       __ JumpIfSmi(init_map, &rt_call);
       __ JumpIfNotObjectType(init_map, x10, x11, MAP_TYPE, &rt_call);
 
       // Check that the constructor is not constructing a JSFunction (see
       // comments in Runtime_NewObject in runtime.cc). In which case the initial
       // map's instance type would be JS_FUNCTION_TYPE.
       __ CompareInstanceType(init_map, x10, JS_FUNCTION_TYPE);
       __ B(eq, &rt_call);
 
-      Register constructon_count = x14;
-      if (!is_api_function) {
+      if (count_constructions) {
         Label allocate;
-        MemOperand bit_field3 =
-            FieldMemOperand(init_map, Map::kBitField3Offset);
-        // Check if slack tracking is enabled.
-        __ Ldr(x4, bit_field3);
-        __ DecodeField<Map::ConstructionCount>(constructon_count, x4);
-        __ Cmp(constructon_count, Operand(JSFunction::kNoSlackTracking));
-        __ B(eq, &allocate);
         // Decrease generous allocation count.
-        __ Subs(x4, x4, Operand(1 << Map::ConstructionCount::kShift));
-        __ Str(x4, bit_field3);
-        __ Cmp(constructon_count, Operand(JSFunction::kFinishSlackTracking));
+        __ Ldr(x3, FieldMemOperand(constructor,
+                                   JSFunction::kSharedFunctionInfoOffset));
+        MemOperand constructor_count =
+            FieldMemOperand(x3, SharedFunctionInfo::kConstructionCountOffset);
+        __ Ldrb(x4, constructor_count);
+        __ Subs(x4, x4, 1);
+        __ Strb(x4, constructor_count);
         __ B(ne, &allocate);
 
         // Push the constructor and map to the stack, and the constructor again
         // as argument to the runtime call.
         __ Push(constructor, init_map, constructor);
+        // The call will replace the stub, so the countdown is only done once.
         __ CallRuntime(Runtime::kHiddenFinalizeInstanceSize, 1);
         __ Pop(init_map, constructor);
-        __ Mov(constructon_count, Operand(JSFunction::kNoSlackTracking));
         __ Bind(&allocate);
       }
 
       // Now allocate the JSObject on the heap.
       Register obj_size = x3;
       Register new_obj = x4;
       __ Ldrb(obj_size, FieldMemOperand(init_map, Map::kInstanceSizeOffset));
       if (create_memento) {
         __ Add(x7, obj_size,
                Operand(AllocationMemento::kSize / kPointerSize));
         __ Allocate(x7, new_obj, x10, x11, &rt_call, SIZE_IN_WORDS);
       } else {
         __ Allocate(obj_size, new_obj, x10, x11, &rt_call, SIZE_IN_WORDS);
       }
 
       // Allocated the JSObject, now initialize the fields. Map is set to
       // initial map and properties and elements are set to empty fixed array.
       // NB. the object pointer is not tagged, so MemOperand is used.
       Register empty = x5;
       __ LoadRoot(empty, Heap::kEmptyFixedArrayRootIndex);
       __ Str(init_map, MemOperand(new_obj, JSObject::kMapOffset));
       STATIC_ASSERT(JSObject::kElementsOffset ==
           (JSObject::kPropertiesOffset + kPointerSize));
       __ Stp(empty, empty, MemOperand(new_obj, JSObject::kPropertiesOffset));
 
       Register first_prop = x5;
       __ Add(first_prop, new_obj, JSObject::kHeaderSize);
 
       // Fill all of the in-object properties with the appropriate filler.
-      Register filler = x7;
-      __ LoadRoot(filler, Heap::kUndefinedValueRootIndex);
+      Register undef = x7;
+      __ LoadRoot(undef, Heap::kUndefinedValueRootIndex);
 
       // Obtain number of pre-allocated property fields and in-object
       // properties.
       Register prealloc_fields = x10;
       Register inobject_props = x11;
       Register inst_sizes = x11;
       __ Ldr(inst_sizes, FieldMemOperand(init_map, Map::kInstanceSizesOffset));
       __ Ubfx(prealloc_fields, inst_sizes,
               Map::kPreAllocatedPropertyFieldsByte * kBitsPerByte,
               kBitsPerByte);
       __ Ubfx(inobject_props, inst_sizes,
               Map::kInObjectPropertiesByte * kBitsPerByte, kBitsPerByte);
 
       // Calculate number of property fields in the object.
       Register prop_fields = x6;
       __ Sub(prop_fields, obj_size, JSObject::kHeaderSize / kPointerSize);
 
-      if (!is_api_function) {
-        Label no_inobject_slack_tracking;
+      if (count_constructions) {
+        // Fill the pre-allocated fields with undef.
+        __ FillFields(first_prop, prealloc_fields, undef);
 
-        // Check if slack tracking is enabled.
-        __ Cmp(constructon_count, Operand(JSFunction::kNoSlackTracking));
-        __ B(eq, &no_inobject_slack_tracking);
-        constructon_count = NoReg;
-
-        // Fill the pre-allocated fields with undef.
-        __ FillFields(first_prop, prealloc_fields, filler);
-
-        // Update first_prop register to be the offset of the first field after
+        // Register first_non_prealloc is the offset of the first field after
         // pre-allocated fields.
-        __ Add(first_prop, first_prop,
+        Register first_non_prealloc = x12;
+        __ Add(first_non_prealloc, first_prop,
                Operand(prealloc_fields, LSL, kPointerSizeLog2));
 
+        first_prop = NoReg;
+
         if (FLAG_debug_code) {
-          Register obj_end = x14;
+          Register obj_end = x5;
           __ Add(obj_end, new_obj, Operand(obj_size, LSL, kPointerSizeLog2));
-          __ Cmp(first_prop, obj_end);
+          __ Cmp(first_non_prealloc, obj_end);
           __ Assert(le, kUnexpectedNumberOfPreAllocatedPropertyFields);
         }
 
         // Fill the remaining fields with one pointer filler map.
-        __ LoadRoot(filler, Heap::kOnePointerFillerMapRootIndex);
-        __ Sub(prop_fields, prop_fields, prealloc_fields);
-
-        __ bind(&no_inobject_slack_tracking);
-      }
-      if (create_memento) {
+        Register one_pointer_filler = x5;
+        Register non_prealloc_fields = x6;
+        __ LoadRoot(one_pointer_filler, Heap::kOnePointerFillerMapRootIndex);
+        __ Sub(non_prealloc_fields, prop_fields, prealloc_fields);
+        __ FillFields(first_non_prealloc, non_prealloc_fields,
+                      one_pointer_filler);
+        prop_fields = NoReg;
+      } else if (create_memento) {
         // Fill the pre-allocated fields with undef.
-        __ FillFields(first_prop, prop_fields, filler);
+        __ FillFields(first_prop, prop_fields, undef);
         __ Add(first_prop, new_obj, Operand(obj_size, LSL, kPointerSizeLog2));
         __ LoadRoot(x14, Heap::kAllocationMementoMapRootIndex);
         ASSERT_EQ(0 * kPointerSize, AllocationMemento::kMapOffset);
         __ Str(x14, MemOperand(first_prop, kPointerSize, PostIndex));
         // Load the AllocationSite
         __ Peek(x14, 2 * kXRegSize);
         ASSERT_EQ(1 * kPointerSize, AllocationMemento::kAllocationSiteOffset);
         __ Str(x14, MemOperand(first_prop, kPointerSize, PostIndex));
         first_prop = NoReg;
       } else {
         // Fill all of the property fields with undef.
-        __ FillFields(first_prop, prop_fields, filler);
+        __ FillFields(first_prop, prop_fields, undef);
         first_prop = NoReg;
         prop_fields = NoReg;
       }
 
       // Add the object tag to make the JSObject real, so that we can continue
       // and jump into the continuation code at any time from now on. Any
       // failures need to undo the allocation, so that the heap is in a
       // consistent state and verifiable.
       __ Add(new_obj, new_obj, kHeapObjectTag);
 
@@ skipping 22 matching lines @@
 
       Register array_map = x10;
       __ LoadRoot(array_map, Heap::kFixedArrayMapRootIndex);
       __ Str(array_map, MemOperand(new_array, FixedArray::kMapOffset));
       __ SmiTag(x0, element_count);
       __ Str(x0, MemOperand(new_array, FixedArray::kLengthOffset));
 
       // Initialize the fields to undefined.
       Register elements = x10;
       __ Add(elements, new_array, FixedArray::kHeaderSize);
-      __ FillFields(elements, element_count, filler);
+      __ FillFields(elements, element_count, undef);
 
       // Store the initialized FixedArray into the properties field of the
       // JSObject.
       __ Add(new_array, new_array, kHeapObjectTag);
       __ Str(new_array, FieldMemOperand(new_obj, JSObject::kPropertiesOffset));
 
       // Continue with JSObject being successfully allocated.
       __ B(&allocated);
 
       // Undo the setting of the new top so that the heap is verifiable. For
@@ skipping 87 matching lines @@
       __ Ldr(cp, FieldMemOperand(constructor, JSFunction::kContextOffset));
       Handle<Code> code =
           masm->isolate()->builtins()->HandleApiCallConstruct();
       __ Call(code, RelocInfo::CODE_TARGET);
     } else {
       ParameterCount actual(argc);
       __ InvokeFunction(constructor, actual, CALL_FUNCTION, NullCallWrapper());
     }
 
     // Store offset of return address for deoptimizer.
-    if (!is_api_function) {
+    if (!is_api_function && !count_constructions) {
       masm->isolate()->heap()->SetConstructStubDeoptPCOffset(masm->pc_offset());
     }
 
     // Restore the context from the frame.
     // x0: result
     // jssp[0]: receiver
     // jssp[1]: constructor function
     // jssp[2]: number of arguments (smi-tagged)
     __ Ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
 
@@ skipping 30 matching lines @@
     // Leave construct frame.
   }
 
   __ DropBySMI(x1);
   __ Drop(1);
   __ IncrementCounter(isolate->counters()->constructed_objects(), 1, x1, x2);
   __ Ret();
 }
 
 
+void Builtins::Generate_JSConstructStubCountdown(MacroAssembler* masm) {
+  Generate_JSConstructStubHelper(masm, false, true, false);
+}
+
+
 void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, false, FLAG_pretenuring_call_new);
+  Generate_JSConstructStubHelper(masm, false, false, FLAG_pretenuring_call_new);
 }
 
 
 void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, true, false);
+  Generate_JSConstructStubHelper(masm, true, false, false);
 }
 
 
 // Input:
 //   x0: code entry.
 //   x1: function.
 //   x2: receiver.
 //   x3: argc.
 //   x4: argv.
 // Output:
@@ skipping 860 matching lines @@
     __ Unreachable();
   }
 }
 
 
 #undef __
 
 } }  // namespace v8::internal
 
 #endif  // V8_TARGET_ARCH_ARM