[WIP] Refactor OrdinaryHasInstance to be self-contained.

src/code-stub-assembler.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
+
 #include "src/code-stub-assembler.h"
+
+#include "src/builtins/builtins-descriptors.h"
 #include "src/code-factory.h"
 #include "src/frames-inl.h"
 #include "src/frames.h"
 
 namespace v8 {
 namespace internal {
 
 using compiler::Node;
 
 CodeStubAssembler::CodeStubAssembler(compiler::CodeAssemblerState* state)
@@ skipping 5975 matching lines @@
       var_holder_map.Bind(map);
       var_holder_instance_type.Bind(instance_type);
       Goto(&loop);
     }
   }
 }
 
 Node* CodeStubAssembler::OrdinaryHasInstance(Node* context, Node* callable,
                                              Node* object) {
   VARIABLE(var_result, MachineRepresentation::kTagged);
-  Label return_false(this), return_true(this),
+  Label return_false(this, Label::kDeferred), return_true(this),
+      return_instanceof(this, Label::kDeferred),
       return_runtime(this, Label::kDeferred), return_result(this);
 
-  // Goto runtime if {object} is a Smi.
-  GotoIf(TaggedIsSmi(object), &return_runtime);
+  // Return false if {callable} is not Callable.
+  GotoIf(TaggedIsSmi(callable), &return_false);
+  Node* callable_map = LoadMap(callable);
+  GotoIfNot(IsCallableMap(callable_map), &return_false);
 
-  // Load map of {object}.
+  // If {callable} is a JSBoundFunction, call the instanceof operator
+  // recursively with the bound target function.
+  Node* callable_instance_type = LoadMapInstanceType(callable_map);
+  GotoIf(InstanceTypeEqual(callable_instance_type, JS_BOUND_FUNCTION_TYPE),
+         &return_instanceof);
+
+  // Return false if {object} is not a JSReceiver.
+  GotoIf(TaggedIsSmi(object), &return_false);
   Node* object_map = LoadMap(object);
+  GotoIfNot(IsJSReceiverMap(object_map), &return_false);
 
-  // Goto runtime if {callable} is a Smi.
-  GotoIf(TaggedIsSmi(callable), &return_runtime);
-
-  // Load map of {callable}.
-  Node* callable_map = LoadMap(callable);
-
-  // Goto runtime if {callable} is not a JSFunction.
-  Node* callable_instance_type = LoadMapInstanceType(callable_map);
-  GotoIfNot(
-      Word32Equal(callable_instance_type, Int32Constant(JS_FUNCTION_TYPE)),
-      &return_runtime);
-
-  // Goto runtime if {callable} is not a constructor or has
-  // a non-instance "prototype".
+  // Load the "prototype" from the {callable}. We have a fast-path here for
+  // JSFunction objects that are marked as constructors and have an instance
+  // "prototype".
+  VARIABLE(var_callable_prototype, MachineRepresentation::kTagged);
+  Label fast_callable_prototype(this),
+      slow_callable_prototype(this, Label::kDeferred),
+      done_callable_prototype(this);
+  GotoIfNot(IsJSFunctionInstanceType(callable_instance_type),
+            &slow_callable_prototype);
   Node* callable_bitfield = LoadMapBitField(callable_map);
-  GotoIfNot(
+  Branch(
       Word32Equal(Word32And(callable_bitfield,
                             Int32Constant((1 << Map::kHasNonInstancePrototype) |
                                           (1 << Map::kIsConstructor))),
                   Int32Constant(1 << Map::kIsConstructor)),
-      &return_runtime);
+      &fast_callable_prototype, &slow_callable_prototype);
+  BIND(&fast_callable_prototype);
+  {
+    // Get the "prototype" (or initial map) of the {callable}.
+    Node* callable_prototype =
+        LoadObjectField(callable, JSFunction::kPrototypeOrInitialMapOffset);
+    var_callable_prototype.Bind(callable_prototype);
 
-  // Get the "prototype" (or initial map) of the {callable}.
-  Node* callable_prototype =
-      LoadObjectField(callable, JSFunction::kPrototypeOrInitialMapOffset);
-  {
-    Label callable_prototype_valid(this);
-    VARIABLE(var_callable_prototype, MachineRepresentation::kTagged,
-             callable_prototype);
-
-    // Resolve the "prototype" if the {callable} has an initial map.  Afterwards
-    // the {callable_prototype} will be either the JSReceiver prototype object
-    // or the hole value, which means that no instances of the {callable} were
-    // created so far and hence we should return false.
-    Node* callable_prototype_instance_type =
-        LoadInstanceType(callable_prototype);
-    GotoIfNot(
-        Word32Equal(callable_prototype_instance_type, Int32Constant(MAP_TYPE)),
-        &callable_prototype_valid);
+    // Resolve the "prototype" if the {callable} has an initial map.
+    // Afterwards the {callable_prototype} will be either the JSReceiver
+    // prototype object or the hole value, which means that no instances of
+    // the {callable} were created so far and hence we should return false.
+    GotoIfNot(IsMap(callable_prototype), &done_callable_prototype);
     var_callable_prototype.Bind(
         LoadObjectField(callable_prototype, Map::kPrototypeOffset));
-    Goto(&callable_prototype_valid);
-    BIND(&callable_prototype_valid);
-    callable_prototype = var_callable_prototype.value();
+    Goto(&done_callable_prototype);
   }
+  BIND(&slow_callable_prototype);
+  {
+    // Generic "prototype" lookup on the {callable}, including check
+    // that the resulting prototype is a proper JSReceiver.
+    Label callable_prototype_not_receiver(this, Label::kDeferred);
+    Node* callable_prototype =
+        GetProperty(context, callable, PrototypeStringConstant());
+    GotoIf(TaggedIsSmi(callable_prototype), &callable_prototype_not_receiver);
+    var_callable_prototype.Bind(callable_prototype);
+    Branch(IsJSReceiver(callable_prototype), &done_callable_prototype,
+           &callable_prototype_not_receiver);
+    BIND(&callable_prototype_not_receiver);
+    {
+      CallRuntime(Runtime::kThrowInstanceofNonobjectProto, context,
+                  callable_prototype);
+      Unreachable();
+    }
+  }
+  BIND(&done_callable_prototype);
+  Node* callable_prototype = var_callable_prototype.value();
 
   // Loop through the prototype chain looking for the {callable} prototype.
   VARIABLE(var_object_map, MachineRepresentation::kTagged, object_map);
   Label loop(this, &var_object_map);
   Goto(&loop);
   BIND(&loop);
   {
+    // Check if the current {object} needs to be access checked.
     Node* object_map = var_object_map.value();
-
-    // Check if the current {object} needs to be access checked.
     Node* object_bitfield = LoadMapBitField(object_map);
     GotoIfNot(
         Word32Equal(Word32And(object_bitfield,
                               Int32Constant(1 << Map::kIsAccessCheckNeeded)),
                     Int32Constant(0)),
         &return_runtime);
 
     // Check if the current {object} is a proxy.
     Node* object_instance_type = LoadMapInstanceType(object_map);
-    GotoIf(Word32Equal(object_instance_type, Int32Constant(JS_PROXY_TYPE)),
+    GotoIf(InstanceTypeEqual(object_instance_type, JS_PROXY_TYPE),
            &return_runtime);
 
     // Check the current {object} prototype.
     Node* object_prototype = LoadMapPrototype(object_map);
     GotoIf(WordEqual(object_prototype, NullConstant()), &return_false);
     GotoIf(WordEqual(object_prototype, callable_prototype), &return_true);
 
     // Continue with the prototype.
     var_object_map.Bind(LoadMap(object_prototype));
     Goto(&loop);
   }
 
   BIND(&return_true);
   var_result.Bind(BooleanConstant(true));
   Goto(&return_result);
 
   BIND(&return_false);
   var_result.Bind(BooleanConstant(false));
   Goto(&return_result);
 
   BIND(&return_runtime);
   {
     // Fallback to the runtime implementation.
-    var_result.Bind(
-        CallRuntime(Runtime::kOrdinaryHasInstance, context, callable, object));
+    var_result.Bind(CallRuntime(Runtime::kHasInPrototypeChain, context, object,
+                                callable_prototype));
   }
   Goto(&return_result);
 
+  BIND(&return_instanceof);
+  {
+    // Use the InstanceOf algorithm on the [[BoundTargetFunction]].
+    ExternalReference ref(Builtins::kInstanceOf, isolate());
+    Node* code = Load(MachineType::AnyTagged(), ExternalConstant(ref));
+    Node* bound_target_function =
+        LoadObjectField(callable, JSBoundFunction::kBoundTargetFunctionOffset);
+    Node* result = CallStub(Builtin_InstanceOf_InterfaceDescriptor(isolate()),
+                            code, context, object, bound_target_function);
+    var_result.Bind(result);
+  }
+  Goto(&return_result);
+
   BIND(&return_result);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::ElementOffsetFromIndex(Node* index_node,
                                                 ElementsKind kind,
                                                 ParameterMode mode,
                                                 int base_size) {
   int element_size_shift = ElementsKindToShiftSize(kind);
   int element_size = 1 << element_size_shift;
@@ skipping 2639 matching lines @@
     // Convert the {result} to a Boolean.
     BranchIfToBooleanIsTrue(result, &return_true, &return_false);
   }
 
   BIND(&if_nohandler);
   {
     // Ensure that the {callable} is actually Callable.
     GotoIfNot(IsCallable(callable), &if_notcallable);
 
     // Use the OrdinaryHasInstance algorithm.
-    Node* result = CallStub(CodeFactory::OrdinaryHasInstance(isolate()),
-                            context, callable, object);
+    Node* result =
+        CallBuiltin(Builtins::kOrdinaryHasInstance, context, callable, object);
     var_result.Bind(result);
     Goto(&return_result);
   }
 
   BIND(&if_notcallable);
   {
     CallRuntime(Runtime::kThrowNonCallableInInstanceOfCheck, context);
     Unreachable();
   }
 
@@ skipping 582 matching lines @@
         formatted.c_str(), TENURED);
     CallRuntime(Runtime::kGlobalPrint, NoContextConstant(),
                 HeapConstant(string));
   }
   CallRuntime(Runtime::kDebugPrint, NoContextConstant(), tagged_value);
 #endif
 }
 
 }  // namespace internal
 }  // namespace v8