HydrogenCodeStub::GenerateLightweightMissCode( ExternalReference miss) { Factory* factory = isolate()->factory(); // Generate the new code. MacroAssembler masm(isolate(), NULL, 256, CodeObjectRequired::kYes); { // Update the static counter each time a new code stub is generated. isolate()->counters()->code_stubs()->Increment(); // Generate the code for the stub. masm.set_generating_stub(true); // TODO(yangguo): remove this once we can serialize IC stubs. masm.enable_serializer(); NoCurrentFrameScope scope(&masm); GenerateLightweightMiss(&masm, miss); } // Create the code object. CodeDesc desc; masm.GetCode(&desc); // Copy the generated code into a heap object. Handle new_object = factory->NewCode( desc, GetCodeFlags(), masm.CodeObject(), NeedsImmovableCode()); return new_object; } template static Handle DoGenerateCode(Stub* stub) { Isolate* isolate = stub->isolate(); CodeStubDescriptor descriptor(stub); // If we are uninitialized we can use a light-weight stub to enter // the runtime that is significantly faster than using the standard // stub-failure deopt mechanism. if (stub->IsUninitialized() && descriptor.has_miss_handler()) { DCHECK(!descriptor.stack_parameter_count().is_valid()); return stub->GenerateLightweightMissCode(descriptor.miss_handler()); } base::ElapsedTimer timer; if (FLAG_profile_hydrogen_code_stub_compilation) { timer.Start(); } Zone zone(isolate->allocator()); CompilationInfo info(CStrVector(CodeStub::MajorName(stub->MajorKey())), isolate, &zone, stub->GetCodeFlags()); // Parameter count is number of stack parameters. int parameter_count = descriptor.GetStackParameterCount(); if (descriptor.function_mode() == NOT_JS_FUNCTION_STUB_MODE) { parameter_count--; } info.set_parameter_count(parameter_count); CodeStubGraphBuilder builder(&info, stub); LChunk* chunk = OptimizeGraph(builder.CreateGraph()); Handle code = chunk->Codegen(); if (FLAG_profile_hydrogen_code_stub_compilation) { OFStream os(stdout); os << "[Lazy compilation of " << stub << " took " << timer.Elapsed().InMillisecondsF() << " ms]" << std::endl; } return code; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { info()->MarkAsSavesCallerDoubles(); HValue* number = GetParameter(NumberToStringStub::kNumber); return BuildNumberToString(number, Type::Number()); } Handle NumberToStringStub::GenerateCode() { return DoGenerateCode(this); } // Returns the type string of a value; see ECMA-262, 11.4.3 (p 47). template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HConstant* number_string = Add(factory->number_string()); HValue* object = GetParameter(TypeofStub::kObject); IfBuilder is_smi(this); HValue* smi_check = is_smi.If(object); is_smi.Then(); { Push(number_string); } is_smi.Else(); { IfBuilder is_number(this); is_number.If(object, isolate()->factory()->heap_number_map()); is_number.Then(); { Push(number_string); } is_number.Else(); { HValue* map = AddLoadMap(object, smi_check); HValue* instance_type = Add( map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder is_string(this); is_string.If( instance_type, Add(FIRST_NONSTRING_TYPE), Token::LT); is_string.Then(); { Push(Add(factory->string_string())); } is_string.Else(); { HConstant* object_string = Add(factory->object_string()); IfBuilder is_oddball(this); is_oddball.If( instance_type, Add(ODDBALL_TYPE), Token::EQ); is_oddball.Then(); { Push(Add(object, nullptr, HObjectAccess::ForOddballTypeOf())); } is_oddball.Else(); { IfBuilder is_symbol(this); is_symbol.If( instance_type, Add(SYMBOL_TYPE), Token::EQ); is_symbol.Then(); { Push(Add(factory->symbol_string())); } is_symbol.Else(); { HValue* bit_field = Add( map, nullptr, HObjectAccess::ForMapBitField()); HValue* bit_field_masked = AddUncasted( Token::BIT_AND, bit_field, Add((1 << Map::kIsCallable) | (1 << Map::kIsUndetectable))); IfBuilder is_function(this); is_function.If( bit_field_masked, Add(1 << Map::kIsCallable), Token::EQ); is_function.Then(); { Push(Add(factory->function_string())); } is_function.Else(); { #define SIMD128_BUILDER_OPEN(TYPE, Type, type, lane_count, lane_type) \ IfBuilder is_##type(this); \ is_##type.If( \ map, Add(factory->type##_map())); \ is_##type.Then(); \ { Push(Add(factory->type##_string())); } \ is_##type.Else(); { SIMD128_TYPES(SIMD128_BUILDER_OPEN) #undef SIMD128_BUILDER_OPEN // Is it an undetectable object? IfBuilder is_undetectable(this); is_undetectable.If( bit_field_masked, graph()->GetConstant0(), Token::NE); is_undetectable.Then(); { // typeof an undetectable object is 'undefined'. Push(Add(factory->undefined_string())); } is_undetectable.Else(); { // For any kind of object not handled above, the spec rule for // host objects gives that it is okay to return "object". Push(object_string); } #define SIMD128_BUILDER_CLOSE(TYPE, Type, type, lane_count, lane_type) } SIMD128_TYPES(SIMD128_BUILDER_CLOSE) #undef SIMD128_BUILDER_CLOSE } is_function.End(); } is_symbol.End(); } is_oddball.End(); } is_string.End(); } is_number.End(); } is_smi.End(); return environment()->Pop(); } Handle TypeofStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* boilerplate = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder if_notundefined(this); if_notundefined.IfNot( boilerplate, graph()->GetConstantUndefined()); if_notundefined.Then(); { int result_size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize; HValue* result = Add(Add(result_size), HType::JSObject(), NOT_TENURED, JS_REGEXP_TYPE, graph()->GetConstant0()); Add( result, HObjectAccess::ForMap(), Add(boilerplate, nullptr, HObjectAccess::ForMap())); Add( result, HObjectAccess::ForPropertiesPointer(), Add(boilerplate, nullptr, HObjectAccess::ForPropertiesPointer())); Add( result, HObjectAccess::ForElementsPointer(), Add(boilerplate, nullptr, HObjectAccess::ForElementsPointer())); for (int offset = JSObject::kHeaderSize; offset < result_size; offset += kPointerSize) { HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(offset); Add(result, access, Add(boilerplate, nullptr, access)); } Push(result); } if_notundefined.ElseDeopt(Deoptimizer::kUninitializedBoilerplateInFastClone); if_notundefined.End(); return Pop(); } Handle FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
new_object = factory->NewCode( desc, GetCodeFlags(), masm.CodeObject(), NeedsImmovableCode()); return new_object; } template static Handle DoGenerateCode(Stub* stub) { Isolate* isolate = stub->isolate(); CodeStubDescriptor descriptor(stub); // If we are uninitialized we can use a light-weight stub to enter // the runtime that is significantly faster than using the standard // stub-failure deopt mechanism. if (stub->IsUninitialized() && descriptor.has_miss_handler()) { DCHECK(!descriptor.stack_parameter_count().is_valid()); return stub->GenerateLightweightMissCode(descriptor.miss_handler()); } base::ElapsedTimer timer; if (FLAG_profile_hydrogen_code_stub_compilation) { timer.Start(); } Zone zone(isolate->allocator()); CompilationInfo info(CStrVector(CodeStub::MajorName(stub->MajorKey())), isolate, &zone, stub->GetCodeFlags()); // Parameter count is number of stack parameters. int parameter_count = descriptor.GetStackParameterCount(); if (descriptor.function_mode() == NOT_JS_FUNCTION_STUB_MODE) { parameter_count--; } info.set_parameter_count(parameter_count); CodeStubGraphBuilder builder(&info, stub); LChunk* chunk = OptimizeGraph(builder.CreateGraph()); Handle code = chunk->Codegen(); if (FLAG_profile_hydrogen_code_stub_compilation) { OFStream os(stdout); os << "[Lazy compilation of " << stub << " took " << timer.Elapsed().InMillisecondsF() << " ms]" << std::endl; } return code; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { info()->MarkAsSavesCallerDoubles(); HValue* number = GetParameter(NumberToStringStub::kNumber); return BuildNumberToString(number, Type::Number()); } Handle NumberToStringStub::GenerateCode() { return DoGenerateCode(this); } // Returns the type string of a value; see ECMA-262, 11.4.3 (p 47). template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HConstant* number_string = Add(factory->number_string()); HValue* object = GetParameter(TypeofStub::kObject); IfBuilder is_smi(this); HValue* smi_check = is_smi.If(object); is_smi.Then(); { Push(number_string); } is_smi.Else(); { IfBuilder is_number(this); is_number.If(object, isolate()->factory()->heap_number_map()); is_number.Then(); { Push(number_string); } is_number.Else(); { HValue* map = AddLoadMap(object, smi_check); HValue* instance_type = Add( map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder is_string(this); is_string.If( instance_type, Add(FIRST_NONSTRING_TYPE), Token::LT); is_string.Then(); { Push(Add(factory->string_string())); } is_string.Else(); { HConstant* object_string = Add(factory->object_string()); IfBuilder is_oddball(this); is_oddball.If( instance_type, Add(ODDBALL_TYPE), Token::EQ); is_oddball.Then(); { Push(Add(object, nullptr, HObjectAccess::ForOddballTypeOf())); } is_oddball.Else(); { IfBuilder is_symbol(this); is_symbol.If( instance_type, Add(SYMBOL_TYPE), Token::EQ); is_symbol.Then(); { Push(Add(factory->symbol_string())); } is_symbol.Else(); { HValue* bit_field = Add( map, nullptr, HObjectAccess::ForMapBitField()); HValue* bit_field_masked = AddUncasted( Token::BIT_AND, bit_field, Add((1 << Map::kIsCallable) | (1 << Map::kIsUndetectable))); IfBuilder is_function(this); is_function.If( bit_field_masked, Add(1 << Map::kIsCallable), Token::EQ); is_function.Then(); { Push(Add(factory->function_string())); } is_function.Else(); { #define SIMD128_BUILDER_OPEN(TYPE, Type, type, lane_count, lane_type) \ IfBuilder is_##type(this); \ is_##type.If( \ map, Add(factory->type##_map())); \ is_##type.Then(); \ { Push(Add(factory->type##_string())); } \ is_##type.Else(); { SIMD128_TYPES(SIMD128_BUILDER_OPEN) #undef SIMD128_BUILDER_OPEN // Is it an undetectable object? IfBuilder is_undetectable(this); is_undetectable.If( bit_field_masked, graph()->GetConstant0(), Token::NE); is_undetectable.Then(); { // typeof an undetectable object is 'undefined'. Push(Add(factory->undefined_string())); } is_undetectable.Else(); { // For any kind of object not handled above, the spec rule for // host objects gives that it is okay to return "object". Push(object_string); } #define SIMD128_BUILDER_CLOSE(TYPE, Type, type, lane_count, lane_type) } SIMD128_TYPES(SIMD128_BUILDER_CLOSE) #undef SIMD128_BUILDER_CLOSE } is_function.End(); } is_symbol.End(); } is_oddball.End(); } is_string.End(); } is_number.End(); } is_smi.End(); return environment()->Pop(); } Handle TypeofStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* boilerplate = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder if_notundefined(this); if_notundefined.IfNot( boilerplate, graph()->GetConstantUndefined()); if_notundefined.Then(); { int result_size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize; HValue* result = Add(Add(result_size), HType::JSObject(), NOT_TENURED, JS_REGEXP_TYPE, graph()->GetConstant0()); Add( result, HObjectAccess::ForMap(), Add(boilerplate, nullptr, HObjectAccess::ForMap())); Add( result, HObjectAccess::ForPropertiesPointer(), Add(boilerplate, nullptr, HObjectAccess::ForPropertiesPointer())); Add( result, HObjectAccess::ForElementsPointer(), Add(boilerplate, nullptr, HObjectAccess::ForElementsPointer())); for (int offset = JSObject::kHeaderSize; offset < result_size; offset += kPointerSize) { HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(offset); Add(result, access, Add(boilerplate, nullptr, access)); } Push(result); } if_notundefined.ElseDeopt(Deoptimizer::kUninitializedBoilerplateInFastClone); if_notundefined.End(); return Pop(); } Handle FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
DoGenerateCode(Stub* stub) { Isolate* isolate = stub->isolate(); CodeStubDescriptor descriptor(stub); // If we are uninitialized we can use a light-weight stub to enter // the runtime that is significantly faster than using the standard // stub-failure deopt mechanism. if (stub->IsUninitialized() && descriptor.has_miss_handler()) { DCHECK(!descriptor.stack_parameter_count().is_valid()); return stub->GenerateLightweightMissCode(descriptor.miss_handler()); } base::ElapsedTimer timer; if (FLAG_profile_hydrogen_code_stub_compilation) { timer.Start(); } Zone zone(isolate->allocator()); CompilationInfo info(CStrVector(CodeStub::MajorName(stub->MajorKey())), isolate, &zone, stub->GetCodeFlags()); // Parameter count is number of stack parameters. int parameter_count = descriptor.GetStackParameterCount(); if (descriptor.function_mode() == NOT_JS_FUNCTION_STUB_MODE) { parameter_count--; } info.set_parameter_count(parameter_count); CodeStubGraphBuilder builder(&info, stub); LChunk* chunk = OptimizeGraph(builder.CreateGraph()); Handle code = chunk->Codegen(); if (FLAG_profile_hydrogen_code_stub_compilation) { OFStream os(stdout); os << "[Lazy compilation of " << stub << " took " << timer.Elapsed().InMillisecondsF() << " ms]" << std::endl; } return code; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { info()->MarkAsSavesCallerDoubles(); HValue* number = GetParameter(NumberToStringStub::kNumber); return BuildNumberToString(number, Type::Number()); } Handle NumberToStringStub::GenerateCode() { return DoGenerateCode(this); } // Returns the type string of a value; see ECMA-262, 11.4.3 (p 47). template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HConstant* number_string = Add(factory->number_string()); HValue* object = GetParameter(TypeofStub::kObject); IfBuilder is_smi(this); HValue* smi_check = is_smi.If(object); is_smi.Then(); { Push(number_string); } is_smi.Else(); { IfBuilder is_number(this); is_number.If(object, isolate()->factory()->heap_number_map()); is_number.Then(); { Push(number_string); } is_number.Else(); { HValue* map = AddLoadMap(object, smi_check); HValue* instance_type = Add( map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder is_string(this); is_string.If( instance_type, Add(FIRST_NONSTRING_TYPE), Token::LT); is_string.Then(); { Push(Add(factory->string_string())); } is_string.Else(); { HConstant* object_string = Add(factory->object_string()); IfBuilder is_oddball(this); is_oddball.If( instance_type, Add(ODDBALL_TYPE), Token::EQ); is_oddball.Then(); { Push(Add(object, nullptr, HObjectAccess::ForOddballTypeOf())); } is_oddball.Else(); { IfBuilder is_symbol(this); is_symbol.If( instance_type, Add(SYMBOL_TYPE), Token::EQ); is_symbol.Then(); { Push(Add(factory->symbol_string())); } is_symbol.Else(); { HValue* bit_field = Add( map, nullptr, HObjectAccess::ForMapBitField()); HValue* bit_field_masked = AddUncasted( Token::BIT_AND, bit_field, Add((1 << Map::kIsCallable) | (1 << Map::kIsUndetectable))); IfBuilder is_function(this); is_function.If( bit_field_masked, Add(1 << Map::kIsCallable), Token::EQ); is_function.Then(); { Push(Add(factory->function_string())); } is_function.Else(); { #define SIMD128_BUILDER_OPEN(TYPE, Type, type, lane_count, lane_type) \ IfBuilder is_##type(this); \ is_##type.If( \ map, Add(factory->type##_map())); \ is_##type.Then(); \ { Push(Add(factory->type##_string())); } \ is_##type.Else(); { SIMD128_TYPES(SIMD128_BUILDER_OPEN) #undef SIMD128_BUILDER_OPEN // Is it an undetectable object? IfBuilder is_undetectable(this); is_undetectable.If( bit_field_masked, graph()->GetConstant0(), Token::NE); is_undetectable.Then(); { // typeof an undetectable object is 'undefined'. Push(Add(factory->undefined_string())); } is_undetectable.Else(); { // For any kind of object not handled above, the spec rule for // host objects gives that it is okay to return "object". Push(object_string); } #define SIMD128_BUILDER_CLOSE(TYPE, Type, type, lane_count, lane_type) } SIMD128_TYPES(SIMD128_BUILDER_CLOSE) #undef SIMD128_BUILDER_CLOSE } is_function.End(); } is_symbol.End(); } is_oddball.End(); } is_string.End(); } is_number.End(); } is_smi.End(); return environment()->Pop(); } Handle TypeofStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* boilerplate = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder if_notundefined(this); if_notundefined.IfNot( boilerplate, graph()->GetConstantUndefined()); if_notundefined.Then(); { int result_size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize; HValue* result = Add(Add(result_size), HType::JSObject(), NOT_TENURED, JS_REGEXP_TYPE, graph()->GetConstant0()); Add( result, HObjectAccess::ForMap(), Add(boilerplate, nullptr, HObjectAccess::ForMap())); Add( result, HObjectAccess::ForPropertiesPointer(), Add(boilerplate, nullptr, HObjectAccess::ForPropertiesPointer())); Add( result, HObjectAccess::ForElementsPointer(), Add(boilerplate, nullptr, HObjectAccess::ForElementsPointer())); for (int offset = JSObject::kHeaderSize; offset < result_size; offset += kPointerSize) { HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(offset); Add(result, access, Add(boilerplate, nullptr, access)); } Push(result); } if_notundefined.ElseDeopt(Deoptimizer::kUninitializedBoilerplateInFastClone); if_notundefined.End(); return Pop(); } Handle FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
code = chunk->Codegen(); if (FLAG_profile_hydrogen_code_stub_compilation) { OFStream os(stdout); os << "[Lazy compilation of " << stub << " took " << timer.Elapsed().InMillisecondsF() << " ms]" << std::endl; } return code; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { info()->MarkAsSavesCallerDoubles(); HValue* number = GetParameter(NumberToStringStub::kNumber); return BuildNumberToString(number, Type::Number()); } Handle NumberToStringStub::GenerateCode() { return DoGenerateCode(this); } // Returns the type string of a value; see ECMA-262, 11.4.3 (p 47). template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HConstant* number_string = Add(factory->number_string()); HValue* object = GetParameter(TypeofStub::kObject); IfBuilder is_smi(this); HValue* smi_check = is_smi.If(object); is_smi.Then(); { Push(number_string); } is_smi.Else(); { IfBuilder is_number(this); is_number.If(object, isolate()->factory()->heap_number_map()); is_number.Then(); { Push(number_string); } is_number.Else(); { HValue* map = AddLoadMap(object, smi_check); HValue* instance_type = Add( map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder is_string(this); is_string.If( instance_type, Add(FIRST_NONSTRING_TYPE), Token::LT); is_string.Then(); { Push(Add(factory->string_string())); } is_string.Else(); { HConstant* object_string = Add(factory->object_string()); IfBuilder is_oddball(this); is_oddball.If( instance_type, Add(ODDBALL_TYPE), Token::EQ); is_oddball.Then(); { Push(Add(object, nullptr, HObjectAccess::ForOddballTypeOf())); } is_oddball.Else(); { IfBuilder is_symbol(this); is_symbol.If( instance_type, Add(SYMBOL_TYPE), Token::EQ); is_symbol.Then(); { Push(Add(factory->symbol_string())); } is_symbol.Else(); { HValue* bit_field = Add( map, nullptr, HObjectAccess::ForMapBitField()); HValue* bit_field_masked = AddUncasted( Token::BIT_AND, bit_field, Add((1 << Map::kIsCallable) | (1 << Map::kIsUndetectable))); IfBuilder is_function(this); is_function.If( bit_field_masked, Add(1 << Map::kIsCallable), Token::EQ); is_function.Then(); { Push(Add(factory->function_string())); } is_function.Else(); { #define SIMD128_BUILDER_OPEN(TYPE, Type, type, lane_count, lane_type) \ IfBuilder is_##type(this); \ is_##type.If( \ map, Add(factory->type##_map())); \ is_##type.Then(); \ { Push(Add(factory->type##_string())); } \ is_##type.Else(); { SIMD128_TYPES(SIMD128_BUILDER_OPEN) #undef SIMD128_BUILDER_OPEN // Is it an undetectable object? IfBuilder is_undetectable(this); is_undetectable.If( bit_field_masked, graph()->GetConstant0(), Token::NE); is_undetectable.Then(); { // typeof an undetectable object is 'undefined'. Push(Add(factory->undefined_string())); } is_undetectable.Else(); { // For any kind of object not handled above, the spec rule for // host objects gives that it is okay to return "object". Push(object_string); } #define SIMD128_BUILDER_CLOSE(TYPE, Type, type, lane_count, lane_type) } SIMD128_TYPES(SIMD128_BUILDER_CLOSE) #undef SIMD128_BUILDER_CLOSE } is_function.End(); } is_symbol.End(); } is_oddball.End(); } is_string.End(); } is_number.End(); } is_smi.End(); return environment()->Pop(); } Handle TypeofStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* boilerplate = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder if_notundefined(this); if_notundefined.IfNot( boilerplate, graph()->GetConstantUndefined()); if_notundefined.Then(); { int result_size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize; HValue* result = Add(Add(result_size), HType::JSObject(), NOT_TENURED, JS_REGEXP_TYPE, graph()->GetConstant0()); Add( result, HObjectAccess::ForMap(), Add(boilerplate, nullptr, HObjectAccess::ForMap())); Add( result, HObjectAccess::ForPropertiesPointer(), Add(boilerplate, nullptr, HObjectAccess::ForPropertiesPointer())); Add( result, HObjectAccess::ForElementsPointer(), Add(boilerplate, nullptr, HObjectAccess::ForElementsPointer())); for (int offset = JSObject::kHeaderSize; offset < result_size; offset += kPointerSize) { HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(offset); Add(result, access, Add(boilerplate, nullptr, access)); } Push(result); } if_notundefined.ElseDeopt(Deoptimizer::kUninitializedBoilerplateInFastClone); if_notundefined.End(); return Pop(); } Handle FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
NumberToStringStub::GenerateCode() { return DoGenerateCode(this); } // Returns the type string of a value; see ECMA-262, 11.4.3 (p 47). template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HConstant* number_string = Add(factory->number_string()); HValue* object = GetParameter(TypeofStub::kObject); IfBuilder is_smi(this); HValue* smi_check = is_smi.If(object); is_smi.Then(); { Push(number_string); } is_smi.Else(); { IfBuilder is_number(this); is_number.If(object, isolate()->factory()->heap_number_map()); is_number.Then(); { Push(number_string); } is_number.Else(); { HValue* map = AddLoadMap(object, smi_check); HValue* instance_type = Add( map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder is_string(this); is_string.If( instance_type, Add(FIRST_NONSTRING_TYPE), Token::LT); is_string.Then(); { Push(Add(factory->string_string())); } is_string.Else(); { HConstant* object_string = Add(factory->object_string()); IfBuilder is_oddball(this); is_oddball.If( instance_type, Add(ODDBALL_TYPE), Token::EQ); is_oddball.Then(); { Push(Add(object, nullptr, HObjectAccess::ForOddballTypeOf())); } is_oddball.Else(); { IfBuilder is_symbol(this); is_symbol.If( instance_type, Add(SYMBOL_TYPE), Token::EQ); is_symbol.Then(); { Push(Add(factory->symbol_string())); } is_symbol.Else(); { HValue* bit_field = Add( map, nullptr, HObjectAccess::ForMapBitField()); HValue* bit_field_masked = AddUncasted( Token::BIT_AND, bit_field, Add((1 << Map::kIsCallable) | (1 << Map::kIsUndetectable))); IfBuilder is_function(this); is_function.If( bit_field_masked, Add(1 << Map::kIsCallable), Token::EQ); is_function.Then(); { Push(Add(factory->function_string())); } is_function.Else(); { #define SIMD128_BUILDER_OPEN(TYPE, Type, type, lane_count, lane_type) \ IfBuilder is_##type(this); \ is_##type.If( \ map, Add(factory->type##_map())); \ is_##type.Then(); \ { Push(Add(factory->type##_string())); } \ is_##type.Else(); { SIMD128_TYPES(SIMD128_BUILDER_OPEN) #undef SIMD128_BUILDER_OPEN // Is it an undetectable object? IfBuilder is_undetectable(this); is_undetectable.If( bit_field_masked, graph()->GetConstant0(), Token::NE); is_undetectable.Then(); { // typeof an undetectable object is 'undefined'. Push(Add(factory->undefined_string())); } is_undetectable.Else(); { // For any kind of object not handled above, the spec rule for // host objects gives that it is okay to return "object". Push(object_string); } #define SIMD128_BUILDER_CLOSE(TYPE, Type, type, lane_count, lane_type) } SIMD128_TYPES(SIMD128_BUILDER_CLOSE) #undef SIMD128_BUILDER_CLOSE } is_function.End(); } is_symbol.End(); } is_oddball.End(); } is_string.End(); } is_number.End(); } is_smi.End(); return environment()->Pop(); } Handle TypeofStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* boilerplate = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder if_notundefined(this); if_notundefined.IfNot( boilerplate, graph()->GetConstantUndefined()); if_notundefined.Then(); { int result_size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize; HValue* result = Add(Add(result_size), HType::JSObject(), NOT_TENURED, JS_REGEXP_TYPE, graph()->GetConstant0()); Add( result, HObjectAccess::ForMap(), Add(boilerplate, nullptr, HObjectAccess::ForMap())); Add( result, HObjectAccess::ForPropertiesPointer(), Add(boilerplate, nullptr, HObjectAccess::ForPropertiesPointer())); Add( result, HObjectAccess::ForElementsPointer(), Add(boilerplate, nullptr, HObjectAccess::ForElementsPointer())); for (int offset = JSObject::kHeaderSize; offset < result_size; offset += kPointerSize) { HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(offset); Add(result, access, Add(boilerplate, nullptr, access)); } Push(result); } if_notundefined.ElseDeopt(Deoptimizer::kUninitializedBoilerplateInFastClone); if_notundefined.End(); return Pop(); } Handle FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
TypeofStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* boilerplate = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder if_notundefined(this); if_notundefined.IfNot( boilerplate, graph()->GetConstantUndefined()); if_notundefined.Then(); { int result_size = JSRegExp::kSize + JSRegExp::kInObjectFieldCount * kPointerSize; HValue* result = Add(Add(result_size), HType::JSObject(), NOT_TENURED, JS_REGEXP_TYPE, graph()->GetConstant0()); Add( result, HObjectAccess::ForMap(), Add(boilerplate, nullptr, HObjectAccess::ForMap())); Add( result, HObjectAccess::ForPropertiesPointer(), Add(boilerplate, nullptr, HObjectAccess::ForPropertiesPointer())); Add( result, HObjectAccess::ForElementsPointer(), Add(boilerplate, nullptr, HObjectAccess::ForElementsPointer())); for (int offset = JSObject::kHeaderSize; offset < result_size; offset += kPointerSize) { HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(offset); Add(result, access, Add(boilerplate, nullptr, access)); } Push(result); } if_notundefined.ElseDeopt(Deoptimizer::kUninitializedBoilerplateInFastClone); if_notundefined.End(); return Pop(); } Handle FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
FastCloneRegExpStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { Factory* factory = isolate()->factory(); HValue* undefined = graph()->GetConstantUndefined(); AllocationSiteMode alloc_site_mode = casted_stub()->allocation_site_mode(); HValue* closure = GetParameter(0); HValue* literal_index = GetParameter(1); // TODO(turbofan): This codestub has regressed to need a frame on ia32 at some // point and wasn't caught since it wasn't built in the snapshot. We should // probably just replace with a TurboFan stub rather than fixing it. #if !(V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_X87) // This stub is very performance sensitive, the generated code must be tuned // so that it doesn't build and eager frame. info()->MarkMustNotHaveEagerFrame(); #endif HValue* literals_array = Add( closure, nullptr, HObjectAccess::ForLiteralsPointer()); HInstruction* allocation_site = Add( literals_array, literal_index, nullptr, nullptr, FAST_ELEMENTS, NEVER_RETURN_HOLE, LiteralsArray::kOffsetToFirstLiteral - kHeapObjectTag); IfBuilder checker(this); checker.IfNot(allocation_site, undefined); checker.Then(); HObjectAccess access = HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset); HInstruction* boilerplate = Add(allocation_site, nullptr, access); HValue* elements = AddLoadElements(boilerplate); HValue* capacity = AddLoadFixedArrayLength(elements); IfBuilder zero_capacity(this); zero_capacity.If(capacity, graph()->GetConstant0(), Token::EQ); zero_capacity.Then(); Push(BuildCloneShallowArrayEmpty(boilerplate, allocation_site, alloc_site_mode)); zero_capacity.Else(); IfBuilder if_fixed_cow(this); if_fixed_cow.If(elements, factory->fixed_cow_array_map()); if_fixed_cow.Then(); Push(BuildCloneShallowArrayCow(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed_cow.Else(); IfBuilder if_fixed(this); if_fixed.If(elements, factory->fixed_array_map()); if_fixed.Then(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_ELEMENTS)); if_fixed.Else(); Push(BuildCloneShallowArrayNonEmpty(boilerplate, allocation_site, alloc_site_mode, FAST_DOUBLE_ELEMENTS)); if_fixed.End(); if_fixed_cow.End(); zero_capacity.End(); checker.ElseDeopt(Deoptimizer::kUninitializedBoilerplateLiterals); checker.End(); return environment()->Pop(); } Handle FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
FastCloneShallowArrayStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(AllocationSite::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); // Store the map Handle allocation_site_map = isolate()->factory()->allocation_site_map(); AddStoreMapConstant(object, allocation_site_map); // Store the payload (smi elements kind) HValue* initial_elements_kind = Add(GetInitialFastElementsKind()); Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kTransitionInfoOffset), initial_elements_kind); // Unlike literals, constructed arrays don't have nested sites Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kNestedSiteOffset), graph()->GetConstant0()); // Pretenuring calculation field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureDataOffset), graph()->GetConstant0()); // Pretenuring memento creation count field. Add(object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kPretenureCreateCountOffset), graph()->GetConstant0()); // Store an empty fixed array for the code dependency. HConstant* empty_fixed_array = Add(isolate()->factory()->empty_fixed_array()); Add( object, HObjectAccess::ForAllocationSiteOffset( AllocationSite::kDependentCodeOffset), empty_fixed_array); // Link the object to the allocation site list HValue* site_list = Add( ExternalReference::allocation_sites_list_address(isolate())); HValue* site = Add(site_list, nullptr, HObjectAccess::ForAllocationSiteList()); // TODO(mvstanton): This is a store to a weak pointer, which we may want to // mark as such in order to skip the write barrier, once we have a unified // system for weakness. For now we decided to keep it like this because having // an initial write barrier backed store makes this pointer strong until the // next GC, and allocation sites are designed to survive several GCs anyway. Add( object, HObjectAccess::ForAllocationSiteOffset(AllocationSite::kWeakNextOffset), site); Add(site_list, HObjectAccess::ForAllocationSiteList(), object); HInstruction* feedback_vector = GetParameter(0); HInstruction* slot = GetParameter(1); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return feedback_vector; } Handle CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
CreateAllocationSiteStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // This stub is performance sensitive, the generated code must be tuned // so that it doesn't build an eager frame. info()->MarkMustNotHaveEagerFrame(); HValue* size = Add(WeakCell::kSize); HInstruction* object = Add(size, HType::JSObject(), TENURED, JS_OBJECT_TYPE, graph()->GetConstant0()); Handle weak_cell_map = isolate()->factory()->weak_cell_map(); AddStoreMapConstant(object, weak_cell_map); HInstruction* value = GetParameter(CreateWeakCellDescriptor::kValueIndex); Add(object, HObjectAccess::ForWeakCellValue(), value); Add(object, HObjectAccess::ForWeakCellNext(), graph()->GetConstantHole()); HInstruction* feedback_vector = GetParameter(CreateWeakCellDescriptor::kVectorIndex); HInstruction* slot = GetParameter(CreateWeakCellDescriptor::kSlotIndex); Add(feedback_vector, slot, object, nullptr, FAST_ELEMENTS, INITIALIZING_STORE); return graph()->GetConstant0(); } Handle CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
CreateWeakCellStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); return Add(script_context, nullptr, HObjectAccess::ForContextSlot(slot_index)); } Handle LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
LoadScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { int context_index = casted_stub()->context_index(); int slot_index = casted_stub()->slot_index(); HValue* script_context = BuildGetScriptContext(context_index); Add(script_context, HObjectAccess::ForContextSlot(slot_index), GetParameter(2), STORE_TO_INITIALIZED_ENTRY); return GetParameter(2); } Handle StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
StoreScriptContextFieldStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::BuildPushElement(HValue* object, HValue* argc, HValue* argument_elements, ElementsKind kind) { // Precheck whether all elements fit into the array. if (!IsFastObjectElementsKind(kind)) { LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HInstruction* argument = Add(argument_elements, argc, key); IfBuilder can_store(this); can_store.IfNot(argument); if (IsFastDoubleElementsKind(kind)) { can_store.And(); can_store.IfNot(argument, isolate()->factory()->heap_number_map()); } can_store.ThenDeopt(Deoptimizer::kFastPathFailed); can_store.End(); } builder.EndBody(); } HValue* length = Add(object, nullptr, HObjectAccess::ForArrayLength(kind)); HValue* new_length = AddUncasted(length, argc); HValue* max_key = AddUncasted(new_length, graph()->GetConstant1()); HValue* elements = Add(object, nullptr, HObjectAccess::ForElementsPointer()); elements = BuildCheckForCapacityGrow(object, elements, kind, length, max_key, true, STORE); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant0(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, length); AddElementAccess(elements, index, argument, object, nullptr, kind, STORE); } builder.EndBody(); return new_length; } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_ARRAY); // Disallow pushing onto prototypes. It might be the JSArray prototype. // Disallow pushing onto non-extensible objects. { HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* mask = Add(static_cast(Map::IsPrototypeMapBits::kMask) | (1 << Map::kIsExtensible)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field2, mask); IfBuilder check(this); check.If( bits, Add(1 << Map::kIsExtensible), Token::NE); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Disallow pushing onto arrays in dictionary named property mode. We need to // figure out whether the length property is still writable. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length property is writable. The length property is the // only default named property on arrays. It's nonconfigurable, hence is // guaranteed to stay the first property. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* details = Add( descriptors, Add(DescriptorArray::ToDetailsIndex(0)), nullptr, nullptr, FAST_SMI_ELEMENTS); HValue* mask = Add(READ_ONLY << PropertyDetails::AttributesField::kShift); HValue* bit = AddUncasted(Token::BIT_AND, details, mask); IfBuilder readonly(this); readonly.If(bit, mask, Token::EQ); readonly.ThenDeopt(Deoptimizer::kFastPathFailed); readonly.End(); } HValue* null = Add(Heap::kNullValueRootIndex); HValue* empty = Add(Heap::kEmptyFixedArrayRootIndex); environment()->Push(map); LoopBuilder check_prototypes(this); check_prototypes.BeginBody(1); { HValue* parent_map = environment()->Pop(); HValue* prototype = Add(parent_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder is_null(this); is_null.If(prototype, null); is_null.Then(); check_prototypes.Break(); is_null.End(); HValue* prototype_map = Add(prototype, nullptr, HObjectAccess::ForMap()); HValue* instance_type = Add( prototype_map, nullptr, HObjectAccess::ForMapInstanceType()); IfBuilder check_instance_type(this); check_instance_type.If( instance_type, Add(LAST_CUSTOM_ELEMENTS_RECEIVER), Token::LTE); check_instance_type.ThenDeopt(Deoptimizer::kFastPathFailed); check_instance_type.End(); HValue* elements = Add( prototype, nullptr, HObjectAccess::ForElementsPointer()); IfBuilder no_elements(this); no_elements.IfNot(elements, empty); no_elements.ThenDeopt(Deoptimizer::kFastPathFailed); no_elements.End(); environment()->Push(prototype_map); } check_prototypes.EndBody(); HValue* bit_field2 = Add(map, nullptr, HObjectAccess::ForMapBitField2()); HValue* kind = BuildDecodeField(bit_field2); // Below we only check the upper bound of the relevant ranges to include both // holey and non-holey versions. We check them in order smi, object, double // since smi < object < double. STATIC_ASSERT(FAST_SMI_ELEMENTS < FAST_HOLEY_SMI_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_ELEMENTS < FAST_HOLEY_ELEMENTS); STATIC_ASSERT(FAST_HOLEY_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); STATIC_ASSERT(FAST_DOUBLE_ELEMENTS < FAST_HOLEY_DOUBLE_ELEMENTS); IfBuilder has_smi_elements(this); has_smi_elements.If( kind, Add(FAST_HOLEY_SMI_ELEMENTS), Token::LTE); has_smi_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_SMI_ELEMENTS); environment()->Push(new_length); } has_smi_elements.Else(); { IfBuilder has_object_elements(this); has_object_elements.If( kind, Add(FAST_HOLEY_ELEMENTS), Token::LTE); has_object_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_ELEMENTS); environment()->Push(new_length); } has_object_elements.Else(); { IfBuilder has_double_elements(this); has_double_elements.If( kind, Add(FAST_HOLEY_DOUBLE_ELEMENTS), Token::LTE); has_double_elements.Then(); { HValue* new_length = BuildPushElement(object, argc, argument_elements, FAST_HOLEY_DOUBLE_ELEMENTS); environment()->Push(new_length); } has_double_elements.ElseDeopt(Deoptimizer::kFastPathFailed); has_double_elements.End(); } has_object_elements.End(); } has_smi_elements.End(); return environment()->Pop(); } Handle FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
FastArrayPushStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { // TODO(verwaest): Fix deoptimizer messages. HValue* argc = GetArgumentsLength(); HInstruction* argument_elements = Add(false, false); HInstruction* object = Add(argument_elements, argc, graph()->GetConstantMinus1()); BuildCheckHeapObject(object); HValue* map = Add(object, nullptr, HObjectAccess::ForMap()); Add(object, HCheckInstanceType::IS_JS_FUNCTION); // Disallow binding of slow-mode functions. We need to figure out whether the // length and name property are in the original state. { HValue* bit_field3 = Add(map, nullptr, HObjectAccess::ForMapBitField3()); HValue* mask = Add(static_cast(Map::DictionaryMap::kMask)); HValue* bit = AddUncasted(Token::BIT_AND, bit_field3, mask); IfBuilder check(this); check.If(bit, mask, Token::EQ); check.ThenDeopt(Deoptimizer::kFastPathFailed); check.End(); } // Check whether the length and name properties are still present as // AccessorInfo objects. In that case, their value can be recomputed even if // the actual value on the object changes. { HValue* descriptors = Add(map, nullptr, HObjectAccess::ForMapDescriptors()); HValue* descriptors_length = Add( descriptors, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder range(this); range.If(descriptors_length, graph()->GetConstant1(), Token::LTE); range.ThenDeopt(Deoptimizer::kFastPathFailed); range.End(); // Verify .length. const int length_index = JSFunction::kLengthDescriptorIndex; HValue* maybe_length = Add( descriptors, Add(DescriptorArray::ToKeyIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); Unique length_string = Unique::CreateUninitialized( isolate()->factory()->length_string()); Add(maybe_length, length_string, false); HValue* maybe_length_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(length_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_length_accessor); Add(maybe_length_accessor, isolate()->factory()->accessor_info_map()); // Verify .name. const int name_index = JSFunction::kNameDescriptorIndex; HValue* maybe_name = Add( descriptors, Add(DescriptorArray::ToKeyIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); Unique name_string = Unique::CreateUninitialized(isolate()->factory()->name_string()); Add(maybe_name, name_string, false); HValue* maybe_name_accessor = Add( descriptors, Add(DescriptorArray::ToValueIndex(name_index)), nullptr, nullptr, FAST_ELEMENTS); BuildCheckHeapObject(maybe_name_accessor); Add(maybe_name_accessor, isolate()->factory()->accessor_info_map()); } // Choose the right bound function map based on whether the target is // constructable. { HValue* bit_field = Add(map, nullptr, HObjectAccess::ForMapBitField()); HValue* mask = Add(static_cast(1 << Map::kIsConstructor)); HValue* bits = AddUncasted(Token::BIT_AND, bit_field, mask); HValue* native_context = BuildGetNativeContext(); IfBuilder is_constructor(this); is_constructor.If(bits, mask, Token::EQ); is_constructor.Then(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITH_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.Else(); { HValue* map = Add( native_context, nullptr, HObjectAccess::ForContextSlot( Context::BOUND_FUNCTION_WITHOUT_CONSTRUCTOR_MAP_INDEX)); environment()->Push(map); } is_constructor.End(); } HValue* bound_function_map = environment()->Pop(); // Verify that __proto__ matches that of a the target bound function. { HValue* prototype = Add(map, nullptr, HObjectAccess::ForPrototype()); HValue* expected_prototype = Add( bound_function_map, nullptr, HObjectAccess::ForPrototype()); IfBuilder equal_prototype(this); equal_prototype.IfNot(prototype, expected_prototype); equal_prototype.ThenDeopt(Deoptimizer::kFastPathFailed); equal_prototype.End(); } // Allocate the arguments array. IfBuilder empty_args(this); empty_args.If(argc, graph()->GetConstant1(), Token::LTE); empty_args.Then(); { environment()->Push(Add(Heap::kEmptyFixedArrayRootIndex)); } empty_args.Else(); { HValue* elements_length = AddUncasted(argc, graph()->GetConstant1()); HValue* elements = BuildAllocateAndInitializeArray(FAST_ELEMENTS, elements_length); LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement); HValue* start = graph()->GetConstant1(); HValue* key = builder.BeginBody(start, argc, Token::LT); { HValue* argument = Add(argument_elements, argc, key); HValue* index = AddUncasted(key, graph()->GetConstant1()); AddElementAccess(elements, index, argument, elements, nullptr, FAST_ELEMENTS, STORE); } builder.EndBody(); environment()->Push(elements); } empty_args.End(); HValue* elements = environment()->Pop(); // Find the 'this' to bind. IfBuilder no_receiver(this); no_receiver.If(argc, graph()->GetConstant0(), Token::EQ); no_receiver.Then(); { environment()->Push(Add(Heap::kUndefinedValueRootIndex)); } no_receiver.Else(); { environment()->Push(Add(argument_elements, argc, graph()->GetConstant0())); } no_receiver.End(); HValue* receiver = environment()->Pop(); // Allocate the resulting bound function. HValue* size = Add(JSBoundFunction::kSize); HValue* bound_function = Add(size, HType::JSObject(), NOT_TENURED, JS_BOUND_FUNCTION_TYPE, graph()->GetConstant0()); Add(bound_function, HObjectAccess::ForMap(), bound_function_map); HValue* empty_fixed_array = Add(Heap::kEmptyFixedArrayRootIndex); Add(bound_function, HObjectAccess::ForPropertiesPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForElementsPointer(), empty_fixed_array); Add(bound_function, HObjectAccess::ForBoundTargetFunction(), object); Add(bound_function, HObjectAccess::ForBoundThis(), receiver); Add(bound_function, HObjectAccess::ForBoundArguments(), elements); return bound_function; } Handle FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
FastFunctionBindStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { ElementsKind kind = casted_stub()->elements_kind(); if (IsFastDoubleElementsKind(kind)) { info()->MarkAsSavesCallerDoubles(); } HValue* object = GetParameter(GrowArrayElementsDescriptor::kObjectIndex); HValue* key = GetParameter(GrowArrayElementsDescriptor::kKeyIndex); HValue* elements = AddLoadElements(object); HValue* current_capacity = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* length = casted_stub()->is_js_array() ? Add(object, static_cast(NULL), HObjectAccess::ForArrayLength(kind)) : current_capacity; return BuildCheckAndGrowElementsCapacity(object, elements, kind, length, current_capacity, key); } Handle GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
GrowArrayElementsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { LoadKeyedHoleMode hole_mode = casted_stub()->convert_hole_to_undefined() ? CONVERT_HOLE_TO_UNDEFINED : NEVER_RETURN_HOLE; HInstruction* load = BuildUncheckedMonomorphicElementAccess( GetParameter(LoadDescriptor::kReceiverIndex), GetParameter(LoadDescriptor::kNameIndex), NULL, casted_stub()->is_js_array(), casted_stub()->elements_kind(), LOAD, hole_mode, STANDARD_STORE); return load; } Handle LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
LoadFastElementStub::GenerateCode() { return DoGenerateCode(this); } HLoadNamedField* CodeStubGraphBuilderBase::BuildLoadNamedField( HValue* object, FieldIndex index) { Representation representation = index.is_double() ? Representation::Double() : Representation::Tagged(); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (index.is_double() && (!FLAG_unbox_double_fields || !index.is_inobject())) { // Load the heap number. object = Add( object, nullptr, access.WithRepresentation(Representation::Tagged())); // Load the double value from it. access = HObjectAccess::ForHeapNumberValue(); } return Add(object, nullptr, access); } template<> HValue* CodeStubGraphBuilder::BuildCodeStub() { return BuildLoadNamedField(GetParameter(0), casted_stub()->index()); } Handle LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
LoadFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* map = AddLoadMap(GetParameter(0), NULL); HObjectAccess descriptors_access = HObjectAccess::ForObservableJSObjectOffset( Map::kDescriptorsOffset, Representation::Tagged()); HValue* descriptors = Add(map, nullptr, descriptors_access); HObjectAccess value_access = HObjectAccess::ForObservableJSObjectOffset( DescriptorArray::GetValueOffset(casted_stub()->constant_index())); return Add(descriptors, nullptr, value_access); } Handle LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
LoadConstantStub::GenerateCode() { return DoGenerateCode(this); } HValue* CodeStubGraphBuilderBase::UnmappedCase(HValue* elements, HValue* key, HValue* value) { HValue* result = NULL; HInstruction* backing_store = Add(elements, graph()->GetConstant1(), nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); Add(backing_store, isolate()->factory()->fixed_array_map()); HValue* backing_store_length = Add( backing_store, nullptr, HObjectAccess::ForFixedArrayLength()); IfBuilder in_unmapped_range(this); in_unmapped_range.If(key, backing_store_length, Token::LT); in_unmapped_range.Then(); { if (value == NULL) { result = Add(backing_store, key, nullptr, nullptr, FAST_HOLEY_ELEMENTS, NEVER_RETURN_HOLE); } else { Add(backing_store, key, value, nullptr, FAST_HOLEY_ELEMENTS); } } in_unmapped_range.ElseDeopt(Deoptimizer::kOutsideOfRange); in_unmapped_range.End(); return result; } HValue* CodeStubGraphBuilderBase::EmitKeyedSloppyArguments(HValue* receiver, HValue* key, HValue* value) { // Mapped arguments are actual arguments. Unmapped arguments are values added // to the arguments object after it was created for the call. Mapped arguments // are stored in the context at indexes given by elements[key + 2]. Unmapped // arguments are stored as regular indexed properties in the arguments array, // held at elements[1]. See NewSloppyArguments() in runtime.cc for a detailed // look at argument object construction. // // The sloppy arguments elements array has a special format: // // 0: context // 1: unmapped arguments array // 2: mapped_index0, // 3: mapped_index1, // ... // // length is 2 + min(number_of_actual_arguments, number_of_formal_arguments). // If key + 2 >= elements.length then attempt to look in the unmapped // arguments array (given by elements[1]) and return the value at key, missing // to the runtime if the unmapped arguments array is not a fixed array or if // key >= unmapped_arguments_array.length. // // Otherwise, t = elements[key + 2]. If t is the hole, then look up the value // in the unmapped arguments array, as described above. Otherwise, t is a Smi // index into the context array given at elements[0]. Return the value at // context[t]. bool is_load = value == NULL; key = AddUncasted(key, Representation::Smi()); IfBuilder positive_smi(this); positive_smi.If(key, graph()->GetConstant0(), Token::LT); positive_smi.ThenDeopt(Deoptimizer::kKeyIsNegative); positive_smi.End(); HValue* constant_two = Add(2); HValue* elements = AddLoadElements(receiver, nullptr); HValue* elements_length = Add( elements, nullptr, HObjectAccess::ForFixedArrayLength()); HValue* adjusted_length = AddUncasted(elements_length, constant_two); IfBuilder in_range(this); in_range.If(key, adjusted_length, Token::LT); in_range.Then(); { HValue* index = AddUncasted(key, constant_two); HInstruction* mapped_index = Add(elements, index, nullptr, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE); IfBuilder is_valid(this); is_valid.IfNot(mapped_index, graph()->GetConstantHole()); is_valid.Then(); { // TODO(mvstanton): I'd like to assert from this point, that if the // mapped_index is not the hole that it is indeed, a smi. An unnecessary // smi check is being emitted. HValue* the_context = Add(elements, graph()->GetConstant0(), nullptr, nullptr, FAST_ELEMENTS); STATIC_ASSERT(Context::kHeaderSize == FixedArray::kHeaderSize); if (is_load) { HValue* result = Add(the_context, mapped_index, nullptr, nullptr, FAST_ELEMENTS, ALLOW_RETURN_HOLE); environment()->Push(result); } else { DCHECK(value != NULL); Add(the_context, mapped_index, value, nullptr, FAST_ELEMENTS); environment()->Push(value); } } is_valid.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } is_valid.End(); } in_range.Else(); { HValue* result = UnmappedCase(elements, key, value); environment()->Push(is_load ? result : value); } in_range.End(); return environment()->Pop(); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(LoadDescriptor::kReceiverIndex); HValue* key = GetParameter(LoadDescriptor::kNameIndex); return EmitKeyedSloppyArguments(receiver, key, NULL); } Handle KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
KeyedLoadSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { HValue* receiver = GetParameter(StoreDescriptor::kReceiverIndex); HValue* key = GetParameter(StoreDescriptor::kNameIndex); HValue* value = GetParameter(StoreDescriptor::kValueIndex); return EmitKeyedSloppyArguments(receiver, key, value); } Handle KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
KeyedStoreSloppyArgumentsStub::GenerateCode() { return DoGenerateCode(this); } void CodeStubGraphBuilderBase::BuildStoreNamedField( HValue* object, HValue* value, FieldIndex index, Representation representation, bool transition_to_field) { DCHECK(!index.is_double() || representation.IsDouble()); int offset = index.offset(); HObjectAccess access = index.is_inobject() ? HObjectAccess::ForObservableJSObjectOffset(offset, representation) : HObjectAccess::ForBackingStoreOffset(offset, representation); if (representation.IsDouble()) { if (!FLAG_unbox_double_fields || !index.is_inobject()) { HObjectAccess heap_number_access = access.WithRepresentation(Representation::Tagged()); if (transition_to_field) { // The store requires a mutable HeapNumber to be allocated. NoObservableSideEffectsScope no_side_effects(this); HInstruction* heap_number_size = Add(HeapNumber::kSize); // TODO(hpayer): Allocation site pretenuring support. HInstruction* heap_number = Add(heap_number_size, HType::HeapObject(), NOT_TENURED, MUTABLE_HEAP_NUMBER_TYPE, graph()->GetConstant0()); AddStoreMapConstant(heap_number, isolate()->factory()->mutable_heap_number_map()); Add(heap_number, HObjectAccess::ForHeapNumberValue(), value); // Store the new mutable heap number into the object. access = heap_number_access; value = heap_number; } else { // Load the heap number. object = Add(object, nullptr, heap_number_access); // Store the double value into it. access = HObjectAccess::ForHeapNumberValue(); } } } else if (representation.IsHeapObject()) { BuildCheckHeapObject(value); } Add(object, access, value, INITIALIZING_STORE); } template <> HValue* CodeStubGraphBuilder::BuildCodeStub() { BuildStoreNamedField(GetParameter(0), GetParameter(2), casted_stub()->index(), casted_stub()->representation(), false); return GetParameter(2); } Handle StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder
StoreFieldStub::GenerateCode() { return DoGenerateCode(this); } template <> HValue* CodeStubGraphBuilder