Revert "Only create arguments-maps in the bootstrapper, remove now obsolete ValueType flag."

src/heap.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/api.h"
 #include "src/base/once.h"
 #include "src/base/utils/random-number-generator.h"
@@ skipping 3551 matching lines @@
   result->set_map_no_write_barrier(map);
   if (allocation_site != NULL) {
     AllocationMemento* alloc_memento = reinterpret_cast<AllocationMemento*>(
         reinterpret_cast<Address>(result) + map->instance_size());
     InitializeAllocationMemento(alloc_memento, allocation_site);
   }
   return result;
 }
 
 
+AllocationResult Heap::AllocateArgumentsObject(Object* callee, int length) {
+  // To get fast allocation and map sharing for arguments objects we
+  // allocate them based on an arguments boilerplate.
+
+  JSObject* boilerplate;
+  int arguments_object_size;
+  bool strict_mode_callee = callee->IsJSFunction() &&
+      JSFunction::cast(callee)->shared()->strict_mode() == STRICT;
+  if (strict_mode_callee) {
+    boilerplate =
+        isolate()->context()->native_context()->strict_arguments_boilerplate();
+    arguments_object_size = kStrictArgumentsObjectSize;
+  } else {
+    boilerplate =
+        isolate()->context()->native_context()->sloppy_arguments_boilerplate();
+    arguments_object_size = kSloppyArgumentsObjectSize;
+  }
+
+  // Check that the size of the boilerplate matches our
+  // expectations. The ArgumentsAccessStub::GenerateNewObject relies
+  // on the size being a known constant.
+  ASSERT(arguments_object_size == boilerplate->map()->instance_size());
+
+  // Do the allocation.
+  HeapObject* result;
+  { AllocationResult allocation =
+        AllocateRaw(arguments_object_size, NEW_SPACE, OLD_POINTER_SPACE);
+    if (!allocation.To(&result)) return allocation;
+  }
+
+  // Copy the content. The arguments boilerplate doesn't have any
+  // fields that point to new space so it's safe to skip the write
+  // barrier here.
+  CopyBlock(result->address(), boilerplate->address(), JSObject::kHeaderSize);
+
+  // Set the length property.
+  JSObject* js_obj = JSObject::cast(result);
+  js_obj->InObjectPropertyAtPut(
+      kArgumentsLengthIndex, Smi::FromInt(length), SKIP_WRITE_BARRIER);
+  // Set the callee property for sloppy mode arguments object only.
+  if (!strict_mode_callee) {
+    js_obj->InObjectPropertyAtPut(kArgumentsCalleeIndex, callee);
+  }
+
+  // Check the state of the object
+  ASSERT(js_obj->HasFastProperties());
+  ASSERT(js_obj->HasFastObjectElements());
+
+  return js_obj;
+}
+
+
 void Heap::InitializeJSObjectFromMap(JSObject* obj,
                                      FixedArray* properties,
                                      Map* map) {
   obj->set_properties(properties);
   obj->initialize_elements();
   // TODO(1240798): Initialize the object's body using valid initial values
   // according to the object's initial map.  For example, if the map's
   // instance type is JS_ARRAY_TYPE, the length field should be initialized
   // to a number (e.g. Smi::FromInt(0)) and the elements initialized to a
   // fixed array (e.g. Heap::empty_fixed_array()).  Currently, the object
@@ skipping 2829 matching lines @@
       static_cast<int>(object_sizes_last_time_[index]));
   CODE_AGE_LIST_COMPLETE(ADJUST_LAST_TIME_OBJECT_COUNT)
 #undef ADJUST_LAST_TIME_OBJECT_COUNT
 
   MemCopy(object_counts_last_time_, object_counts_, sizeof(object_counts_));
   MemCopy(object_sizes_last_time_, object_sizes_, sizeof(object_sizes_));
   ClearObjectStats();
 }
 
 } }  // namespace v8::internal