1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "src/hydrogen.h"
11 #include "src/allocation-site-scopes.h"
12 #include "src/ast-numbering.h"
13 #include "src/full-codegen.h"
14 #include "src/hydrogen-bce.h"
15 #include "src/hydrogen-bch.h"
16 #include "src/hydrogen-canonicalize.h"
17 #include "src/hydrogen-check-elimination.h"
18 #include "src/hydrogen-dce.h"
19 #include "src/hydrogen-dehoist.h"
20 #include "src/hydrogen-environment-liveness.h"
21 #include "src/hydrogen-escape-analysis.h"
22 #include "src/hydrogen-gvn.h"
23 #include "src/hydrogen-infer-representation.h"
24 #include "src/hydrogen-infer-types.h"
25 #include "src/hydrogen-load-elimination.h"
26 #include "src/hydrogen-mark-deoptimize.h"
27 #include "src/hydrogen-mark-unreachable.h"
28 #include "src/hydrogen-osr.h"
29 #include "src/hydrogen-range-analysis.h"
30 #include "src/hydrogen-redundant-phi.h"
31 #include "src/hydrogen-removable-simulates.h"
32 #include "src/hydrogen-representation-changes.h"
33 #include "src/hydrogen-sce.h"
34 #include "src/hydrogen-store-elimination.h"
35 #include "src/hydrogen-uint32-analysis.h"
36 #include "src/ic/call-optimization.h"
37 #include "src/ic/ic.h"
39 #include "src/ic/ic-inl.h"
40 #include "src/lithium-allocator.h"
41 #include "src/parser.h"
42 #include "src/runtime/runtime.h"
43 #include "src/scopeinfo.h"
44 #include "src/typing.h"
46 #if V8_TARGET_ARCH_IA32
47 #include "src/ia32/lithium-codegen-ia32.h" // NOLINT
48 #elif V8_TARGET_ARCH_X64
49 #include "src/x64/lithium-codegen-x64.h" // NOLINT
50 #elif V8_TARGET_ARCH_ARM64
51 #include "src/arm64/lithium-codegen-arm64.h" // NOLINT
52 #elif V8_TARGET_ARCH_ARM
53 #include "src/arm/lithium-codegen-arm.h" // NOLINT
54 #elif V8_TARGET_ARCH_PPC
55 #include "src/ppc/lithium-codegen-ppc.h" // NOLINT
56 #elif V8_TARGET_ARCH_MIPS
57 #include "src/mips/lithium-codegen-mips.h" // NOLINT
58 #elif V8_TARGET_ARCH_MIPS64
59 #include "src/mips64/lithium-codegen-mips64.h" // NOLINT
60 #elif V8_TARGET_ARCH_X87
61 #include "src/x87/lithium-codegen-x87.h" // NOLINT
63 #error Unsupported target architecture.
69 HBasicBlock::HBasicBlock(HGraph* graph)
70 : block_id_(graph->GetNextBlockID()),
72 phis_(4, graph->zone()),
76 loop_information_(NULL),
77 predecessors_(2, graph->zone()),
79 dominated_blocks_(4, graph->zone()),
80 last_environment_(NULL),
82 first_instruction_index_(-1),
83 last_instruction_index_(-1),
84 deleted_phis_(4, graph->zone()),
85 parent_loop_header_(NULL),
86 inlined_entry_block_(NULL),
87 is_inline_return_target_(false),
89 dominates_loop_successors_(false),
91 is_ordered_(false) { }
94 Isolate* HBasicBlock::isolate() const {
95 return graph_->isolate();
99 void HBasicBlock::MarkUnreachable() {
100 is_reachable_ = false;
104 void HBasicBlock::AttachLoopInformation() {
105 DCHECK(!IsLoopHeader());
106 loop_information_ = new(zone()) HLoopInformation(this, zone());
110 void HBasicBlock::DetachLoopInformation() {
111 DCHECK(IsLoopHeader());
112 loop_information_ = NULL;
116 void HBasicBlock::AddPhi(HPhi* phi) {
117 DCHECK(!IsStartBlock());
118 phis_.Add(phi, zone());
123 void HBasicBlock::RemovePhi(HPhi* phi) {
124 DCHECK(phi->block() == this);
125 DCHECK(phis_.Contains(phi));
127 phis_.RemoveElement(phi);
132 void HBasicBlock::AddInstruction(HInstruction* instr, SourcePosition position) {
133 DCHECK(!IsStartBlock() || !IsFinished());
134 DCHECK(!instr->IsLinked());
135 DCHECK(!IsFinished());
137 if (!position.IsUnknown()) {
138 instr->set_position(position);
140 if (first_ == NULL) {
141 DCHECK(last_environment() != NULL);
142 DCHECK(!last_environment()->ast_id().IsNone());
143 HBlockEntry* entry = new(zone()) HBlockEntry();
144 entry->InitializeAsFirst(this);
145 if (!position.IsUnknown()) {
146 entry->set_position(position);
148 DCHECK(!FLAG_hydrogen_track_positions ||
149 !graph()->info()->IsOptimizing() || instr->IsAbnormalExit());
151 first_ = last_ = entry;
153 instr->InsertAfter(last_);
157 HPhi* HBasicBlock::AddNewPhi(int merged_index) {
158 if (graph()->IsInsideNoSideEffectsScope()) {
159 merged_index = HPhi::kInvalidMergedIndex;
161 HPhi* phi = new(zone()) HPhi(merged_index, zone());
167 HSimulate* HBasicBlock::CreateSimulate(BailoutId ast_id,
168 RemovableSimulate removable) {
169 DCHECK(HasEnvironment());
170 HEnvironment* environment = last_environment();
171 DCHECK(ast_id.IsNone() ||
172 ast_id == BailoutId::StubEntry() ||
173 environment->closure()->shared()->VerifyBailoutId(ast_id));
175 int push_count = environment->push_count();
176 int pop_count = environment->pop_count();
179 new(zone()) HSimulate(ast_id, pop_count, zone(), removable);
181 instr->set_closure(environment->closure());
183 // Order of pushed values: newest (top of stack) first. This allows
184 // HSimulate::MergeWith() to easily append additional pushed values
185 // that are older (from further down the stack).
186 for (int i = 0; i < push_count; ++i) {
187 instr->AddPushedValue(environment->ExpressionStackAt(i));
189 for (GrowableBitVector::Iterator it(environment->assigned_variables(),
193 int index = it.Current();
194 instr->AddAssignedValue(index, environment->Lookup(index));
196 environment->ClearHistory();
201 void HBasicBlock::Finish(HControlInstruction* end, SourcePosition position) {
202 DCHECK(!IsFinished());
203 AddInstruction(end, position);
205 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
206 it.Current()->RegisterPredecessor(this);
211 void HBasicBlock::Goto(HBasicBlock* block, SourcePosition position,
212 FunctionState* state, bool add_simulate) {
213 bool drop_extra = state != NULL &&
214 state->inlining_kind() == NORMAL_RETURN;
216 if (block->IsInlineReturnTarget()) {
217 HEnvironment* env = last_environment();
218 int argument_count = env->arguments_environment()->parameter_count();
219 AddInstruction(new(zone())
220 HLeaveInlined(state->entry(), argument_count),
222 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
225 if (add_simulate) AddNewSimulate(BailoutId::None(), position);
226 HGoto* instr = new(zone()) HGoto(block);
227 Finish(instr, position);
231 void HBasicBlock::AddLeaveInlined(HValue* return_value, FunctionState* state,
232 SourcePosition position) {
233 HBasicBlock* target = state->function_return();
234 bool drop_extra = state->inlining_kind() == NORMAL_RETURN;
236 DCHECK(target->IsInlineReturnTarget());
237 DCHECK(return_value != NULL);
238 HEnvironment* env = last_environment();
239 int argument_count = env->arguments_environment()->parameter_count();
240 AddInstruction(new(zone()) HLeaveInlined(state->entry(), argument_count),
242 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
243 last_environment()->Push(return_value);
244 AddNewSimulate(BailoutId::None(), position);
245 HGoto* instr = new(zone()) HGoto(target);
246 Finish(instr, position);
250 void HBasicBlock::SetInitialEnvironment(HEnvironment* env) {
251 DCHECK(!HasEnvironment());
252 DCHECK(first() == NULL);
253 UpdateEnvironment(env);
257 void HBasicBlock::UpdateEnvironment(HEnvironment* env) {
258 last_environment_ = env;
259 graph()->update_maximum_environment_size(env->first_expression_index());
263 void HBasicBlock::SetJoinId(BailoutId ast_id) {
264 int length = predecessors_.length();
266 for (int i = 0; i < length; i++) {
267 HBasicBlock* predecessor = predecessors_[i];
268 DCHECK(predecessor->end()->IsGoto());
269 HSimulate* simulate = HSimulate::cast(predecessor->end()->previous());
271 (predecessor->last_environment()->closure().is_null() ||
272 predecessor->last_environment()->closure()->shared()
273 ->VerifyBailoutId(ast_id)));
274 simulate->set_ast_id(ast_id);
275 predecessor->last_environment()->set_ast_id(ast_id);
280 bool HBasicBlock::Dominates(HBasicBlock* other) const {
281 HBasicBlock* current = other->dominator();
282 while (current != NULL) {
283 if (current == this) return true;
284 current = current->dominator();
290 bool HBasicBlock::EqualToOrDominates(HBasicBlock* other) const {
291 if (this == other) return true;
292 return Dominates(other);
296 int HBasicBlock::LoopNestingDepth() const {
297 const HBasicBlock* current = this;
298 int result = (current->IsLoopHeader()) ? 1 : 0;
299 while (current->parent_loop_header() != NULL) {
300 current = current->parent_loop_header();
307 void HBasicBlock::PostProcessLoopHeader(IterationStatement* stmt) {
308 DCHECK(IsLoopHeader());
310 SetJoinId(stmt->EntryId());
311 if (predecessors()->length() == 1) {
312 // This is a degenerated loop.
313 DetachLoopInformation();
317 // Only the first entry into the loop is from outside the loop. All other
318 // entries must be back edges.
319 for (int i = 1; i < predecessors()->length(); ++i) {
320 loop_information()->RegisterBackEdge(predecessors()->at(i));
325 void HBasicBlock::MarkSuccEdgeUnreachable(int succ) {
326 DCHECK(IsFinished());
327 HBasicBlock* succ_block = end()->SuccessorAt(succ);
329 DCHECK(succ_block->predecessors()->length() == 1);
330 succ_block->MarkUnreachable();
334 void HBasicBlock::RegisterPredecessor(HBasicBlock* pred) {
335 if (HasPredecessor()) {
336 // Only loop header blocks can have a predecessor added after
337 // instructions have been added to the block (they have phis for all
338 // values in the environment, these phis may be eliminated later).
339 DCHECK(IsLoopHeader() || first_ == NULL);
340 HEnvironment* incoming_env = pred->last_environment();
341 if (IsLoopHeader()) {
342 DCHECK(phis()->length() == incoming_env->length());
343 for (int i = 0; i < phis_.length(); ++i) {
344 phis_[i]->AddInput(incoming_env->values()->at(i));
347 last_environment()->AddIncomingEdge(this, pred->last_environment());
349 } else if (!HasEnvironment() && !IsFinished()) {
350 DCHECK(!IsLoopHeader());
351 SetInitialEnvironment(pred->last_environment()->Copy());
354 predecessors_.Add(pred, zone());
358 void HBasicBlock::AddDominatedBlock(HBasicBlock* block) {
359 DCHECK(!dominated_blocks_.Contains(block));
360 // Keep the list of dominated blocks sorted such that if there is two
361 // succeeding block in this list, the predecessor is before the successor.
363 while (index < dominated_blocks_.length() &&
364 dominated_blocks_[index]->block_id() < block->block_id()) {
367 dominated_blocks_.InsertAt(index, block, zone());
371 void HBasicBlock::AssignCommonDominator(HBasicBlock* other) {
372 if (dominator_ == NULL) {
374 other->AddDominatedBlock(this);
375 } else if (other->dominator() != NULL) {
376 HBasicBlock* first = dominator_;
377 HBasicBlock* second = other;
379 while (first != second) {
380 if (first->block_id() > second->block_id()) {
381 first = first->dominator();
383 second = second->dominator();
385 DCHECK(first != NULL && second != NULL);
388 if (dominator_ != first) {
389 DCHECK(dominator_->dominated_blocks_.Contains(this));
390 dominator_->dominated_blocks_.RemoveElement(this);
392 first->AddDominatedBlock(this);
398 void HBasicBlock::AssignLoopSuccessorDominators() {
399 // Mark blocks that dominate all subsequent reachable blocks inside their
400 // loop. Exploit the fact that blocks are sorted in reverse post order. When
401 // the loop is visited in increasing block id order, if the number of
402 // non-loop-exiting successor edges at the dominator_candidate block doesn't
403 // exceed the number of previously encountered predecessor edges, there is no
404 // path from the loop header to any block with higher id that doesn't go
405 // through the dominator_candidate block. In this case, the
406 // dominator_candidate block is guaranteed to dominate all blocks reachable
407 // from it with higher ids.
408 HBasicBlock* last = loop_information()->GetLastBackEdge();
409 int outstanding_successors = 1; // one edge from the pre-header
410 // Header always dominates everything.
411 MarkAsLoopSuccessorDominator();
412 for (int j = block_id(); j <= last->block_id(); ++j) {
413 HBasicBlock* dominator_candidate = graph_->blocks()->at(j);
414 for (HPredecessorIterator it(dominator_candidate); !it.Done();
416 HBasicBlock* predecessor = it.Current();
417 // Don't count back edges.
418 if (predecessor->block_id() < dominator_candidate->block_id()) {
419 outstanding_successors--;
423 // If more successors than predecessors have been seen in the loop up to
424 // now, it's not possible to guarantee that the current block dominates
425 // all of the blocks with higher IDs. In this case, assume conservatively
426 // that those paths through loop that don't go through the current block
427 // contain all of the loop's dependencies. Also be careful to record
428 // dominator information about the current loop that's being processed,
429 // and not nested loops, which will be processed when
430 // AssignLoopSuccessorDominators gets called on their header.
431 DCHECK(outstanding_successors >= 0);
432 HBasicBlock* parent_loop_header = dominator_candidate->parent_loop_header();
433 if (outstanding_successors == 0 &&
434 (parent_loop_header == this && !dominator_candidate->IsLoopHeader())) {
435 dominator_candidate->MarkAsLoopSuccessorDominator();
437 HControlInstruction* end = dominator_candidate->end();
438 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
439 HBasicBlock* successor = it.Current();
440 // Only count successors that remain inside the loop and don't loop back
442 if (successor->block_id() > dominator_candidate->block_id() &&
443 successor->block_id() <= last->block_id()) {
444 // Backwards edges must land on loop headers.
445 DCHECK(successor->block_id() > dominator_candidate->block_id() ||
446 successor->IsLoopHeader());
447 outstanding_successors++;
454 int HBasicBlock::PredecessorIndexOf(HBasicBlock* predecessor) const {
455 for (int i = 0; i < predecessors_.length(); ++i) {
456 if (predecessors_[i] == predecessor) return i;
464 void HBasicBlock::Verify() {
465 // Check that every block is finished.
466 DCHECK(IsFinished());
467 DCHECK(block_id() >= 0);
469 // Check that the incoming edges are in edge split form.
470 if (predecessors_.length() > 1) {
471 for (int i = 0; i < predecessors_.length(); ++i) {
472 DCHECK(predecessors_[i]->end()->SecondSuccessor() == NULL);
479 void HLoopInformation::RegisterBackEdge(HBasicBlock* block) {
480 this->back_edges_.Add(block, block->zone());
485 HBasicBlock* HLoopInformation::GetLastBackEdge() const {
487 HBasicBlock* result = NULL;
488 for (int i = 0; i < back_edges_.length(); ++i) {
489 HBasicBlock* cur = back_edges_[i];
490 if (cur->block_id() > max_id) {
491 max_id = cur->block_id();
499 void HLoopInformation::AddBlock(HBasicBlock* block) {
500 if (block == loop_header()) return;
501 if (block->parent_loop_header() == loop_header()) return;
502 if (block->parent_loop_header() != NULL) {
503 AddBlock(block->parent_loop_header());
505 block->set_parent_loop_header(loop_header());
506 blocks_.Add(block, block->zone());
507 for (int i = 0; i < block->predecessors()->length(); ++i) {
508 AddBlock(block->predecessors()->at(i));
516 // Checks reachability of the blocks in this graph and stores a bit in
517 // the BitVector "reachable()" for every block that can be reached
518 // from the start block of the graph. If "dont_visit" is non-null, the given
519 // block is treated as if it would not be part of the graph. "visited_count()"
520 // returns the number of reachable blocks.
521 class ReachabilityAnalyzer BASE_EMBEDDED {
523 ReachabilityAnalyzer(HBasicBlock* entry_block,
525 HBasicBlock* dont_visit)
527 stack_(16, entry_block->zone()),
528 reachable_(block_count, entry_block->zone()),
529 dont_visit_(dont_visit) {
530 PushBlock(entry_block);
534 int visited_count() const { return visited_count_; }
535 const BitVector* reachable() const { return &reachable_; }
538 void PushBlock(HBasicBlock* block) {
539 if (block != NULL && block != dont_visit_ &&
540 !reachable_.Contains(block->block_id())) {
541 reachable_.Add(block->block_id());
542 stack_.Add(block, block->zone());
548 while (!stack_.is_empty()) {
549 HControlInstruction* end = stack_.RemoveLast()->end();
550 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
551 PushBlock(it.Current());
557 ZoneList<HBasicBlock*> stack_;
558 BitVector reachable_;
559 HBasicBlock* dont_visit_;
563 void HGraph::Verify(bool do_full_verify) const {
564 Heap::RelocationLock relocation_lock(isolate()->heap());
565 AllowHandleDereference allow_deref;
566 AllowDeferredHandleDereference allow_deferred_deref;
567 for (int i = 0; i < blocks_.length(); i++) {
568 HBasicBlock* block = blocks_.at(i);
572 // Check that every block contains at least one node and that only the last
573 // node is a control instruction.
574 HInstruction* current = block->first();
575 DCHECK(current != NULL && current->IsBlockEntry());
576 while (current != NULL) {
577 DCHECK((current->next() == NULL) == current->IsControlInstruction());
578 DCHECK(current->block() == block);
580 current = current->next();
583 // Check that successors are correctly set.
584 HBasicBlock* first = block->end()->FirstSuccessor();
585 HBasicBlock* second = block->end()->SecondSuccessor();
586 DCHECK(second == NULL || first != NULL);
588 // Check that the predecessor array is correct.
590 DCHECK(first->predecessors()->Contains(block));
591 if (second != NULL) {
592 DCHECK(second->predecessors()->Contains(block));
596 // Check that phis have correct arguments.
597 for (int j = 0; j < block->phis()->length(); j++) {
598 HPhi* phi = block->phis()->at(j);
602 // Check that all join blocks have predecessors that end with an
603 // unconditional goto and agree on their environment node id.
604 if (block->predecessors()->length() >= 2) {
606 block->predecessors()->first()->last_environment()->ast_id();
607 for (int k = 0; k < block->predecessors()->length(); k++) {
608 HBasicBlock* predecessor = block->predecessors()->at(k);
609 DCHECK(predecessor->end()->IsGoto() ||
610 predecessor->end()->IsDeoptimize());
611 DCHECK(predecessor->last_environment()->ast_id() == id);
616 // Check special property of first block to have no predecessors.
617 DCHECK(blocks_.at(0)->predecessors()->is_empty());
619 if (do_full_verify) {
620 // Check that the graph is fully connected.
621 ReachabilityAnalyzer analyzer(entry_block_, blocks_.length(), NULL);
622 DCHECK(analyzer.visited_count() == blocks_.length());
624 // Check that entry block dominator is NULL.
625 DCHECK(entry_block_->dominator() == NULL);
628 for (int i = 0; i < blocks_.length(); ++i) {
629 HBasicBlock* block = blocks_.at(i);
630 if (block->dominator() == NULL) {
631 // Only start block may have no dominator assigned to.
634 // Assert that block is unreachable if dominator must not be visited.
635 ReachabilityAnalyzer dominator_analyzer(entry_block_,
638 DCHECK(!dominator_analyzer.reachable()->Contains(block->block_id()));
647 HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
649 if (!pointer->is_set()) {
650 // Can't pass GetInvalidContext() to HConstant::New, because that will
651 // recursively call GetConstant
652 HConstant* constant = HConstant::New(isolate(), zone(), NULL, value);
653 constant->InsertAfter(entry_block()->first());
654 pointer->set(constant);
657 return ReinsertConstantIfNecessary(pointer->get());
661 HConstant* HGraph::ReinsertConstantIfNecessary(HConstant* constant) {
662 if (!constant->IsLinked()) {
663 // The constant was removed from the graph. Reinsert.
664 constant->ClearFlag(HValue::kIsDead);
665 constant->InsertAfter(entry_block()->first());
671 HConstant* HGraph::GetConstant0() {
672 return GetConstant(&constant_0_, 0);
676 HConstant* HGraph::GetConstant1() {
677 return GetConstant(&constant_1_, 1);
681 HConstant* HGraph::GetConstantMinus1() {
682 return GetConstant(&constant_minus1_, -1);
686 #define DEFINE_GET_CONSTANT(Name, name, type, htype, boolean_value) \
687 HConstant* HGraph::GetConstant##Name() { \
688 if (!constant_##name##_.is_set()) { \
689 HConstant* constant = new(zone()) HConstant( \
690 Unique<Object>::CreateImmovable(isolate()->factory()->name##_value()), \
691 Unique<Map>::CreateImmovable(isolate()->factory()->type##_map()), \
693 Representation::Tagged(), \
699 constant->InsertAfter(entry_block()->first()); \
700 constant_##name##_.set(constant); \
702 return ReinsertConstantIfNecessary(constant_##name##_.get()); \
706 DEFINE_GET_CONSTANT(Undefined, undefined, undefined, HType::Undefined(), false)
707 DEFINE_GET_CONSTANT(True, true, boolean, HType::Boolean(), true)
708 DEFINE_GET_CONSTANT(False, false, boolean, HType::Boolean(), false)
709 DEFINE_GET_CONSTANT(Hole, the_hole, the_hole, HType::None(), false)
710 DEFINE_GET_CONSTANT(Null, null, null, HType::Null(), false)
713 #undef DEFINE_GET_CONSTANT
715 #define DEFINE_IS_CONSTANT(Name, name) \
716 bool HGraph::IsConstant##Name(HConstant* constant) { \
717 return constant_##name##_.is_set() && constant == constant_##name##_.get(); \
719 DEFINE_IS_CONSTANT(Undefined, undefined)
720 DEFINE_IS_CONSTANT(0, 0)
721 DEFINE_IS_CONSTANT(1, 1)
722 DEFINE_IS_CONSTANT(Minus1, minus1)
723 DEFINE_IS_CONSTANT(True, true)
724 DEFINE_IS_CONSTANT(False, false)
725 DEFINE_IS_CONSTANT(Hole, the_hole)
726 DEFINE_IS_CONSTANT(Null, null)
728 #undef DEFINE_IS_CONSTANT
731 HConstant* HGraph::GetInvalidContext() {
732 return GetConstant(&constant_invalid_context_, 0xFFFFC0C7);
736 bool HGraph::IsStandardConstant(HConstant* constant) {
737 if (IsConstantUndefined(constant)) return true;
738 if (IsConstant0(constant)) return true;
739 if (IsConstant1(constant)) return true;
740 if (IsConstantMinus1(constant)) return true;
741 if (IsConstantTrue(constant)) return true;
742 if (IsConstantFalse(constant)) return true;
743 if (IsConstantHole(constant)) return true;
744 if (IsConstantNull(constant)) return true;
749 HGraphBuilder::IfBuilder::IfBuilder() : builder_(NULL), needs_compare_(true) {}
752 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder)
753 : needs_compare_(true) {
758 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder,
759 HIfContinuation* continuation)
760 : needs_compare_(false), first_true_block_(NULL), first_false_block_(NULL) {
761 InitializeDontCreateBlocks(builder);
762 continuation->Continue(&first_true_block_, &first_false_block_);
766 void HGraphBuilder::IfBuilder::InitializeDontCreateBlocks(
767 HGraphBuilder* builder) {
772 did_else_if_ = false;
776 pending_merge_block_ = false;
777 split_edge_merge_block_ = NULL;
778 merge_at_join_blocks_ = NULL;
779 normal_merge_at_join_block_count_ = 0;
780 deopt_merge_at_join_block_count_ = 0;
784 void HGraphBuilder::IfBuilder::Initialize(HGraphBuilder* builder) {
785 InitializeDontCreateBlocks(builder);
786 HEnvironment* env = builder->environment();
787 first_true_block_ = builder->CreateBasicBlock(env->Copy());
788 first_false_block_ = builder->CreateBasicBlock(env->Copy());
792 HControlInstruction* HGraphBuilder::IfBuilder::AddCompare(
793 HControlInstruction* compare) {
794 DCHECK(did_then_ == did_else_);
796 // Handle if-then-elseif
802 pending_merge_block_ = false;
803 split_edge_merge_block_ = NULL;
804 HEnvironment* env = builder()->environment();
805 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
806 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
808 if (split_edge_merge_block_ != NULL) {
809 HEnvironment* env = first_false_block_->last_environment();
810 HBasicBlock* split_edge = builder()->CreateBasicBlock(env->Copy());
812 compare->SetSuccessorAt(0, split_edge);
813 compare->SetSuccessorAt(1, first_false_block_);
815 compare->SetSuccessorAt(0, first_true_block_);
816 compare->SetSuccessorAt(1, split_edge);
818 builder()->GotoNoSimulate(split_edge, split_edge_merge_block_);
820 compare->SetSuccessorAt(0, first_true_block_);
821 compare->SetSuccessorAt(1, first_false_block_);
823 builder()->FinishCurrentBlock(compare);
824 needs_compare_ = false;
829 void HGraphBuilder::IfBuilder::Or() {
830 DCHECK(!needs_compare_);
833 HEnvironment* env = first_false_block_->last_environment();
834 if (split_edge_merge_block_ == NULL) {
835 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
836 builder()->GotoNoSimulate(first_true_block_, split_edge_merge_block_);
837 first_true_block_ = split_edge_merge_block_;
839 builder()->set_current_block(first_false_block_);
840 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
844 void HGraphBuilder::IfBuilder::And() {
845 DCHECK(!needs_compare_);
848 HEnvironment* env = first_false_block_->last_environment();
849 if (split_edge_merge_block_ == NULL) {
850 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
851 builder()->GotoNoSimulate(first_false_block_, split_edge_merge_block_);
852 first_false_block_ = split_edge_merge_block_;
854 builder()->set_current_block(first_true_block_);
855 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
859 void HGraphBuilder::IfBuilder::CaptureContinuation(
860 HIfContinuation* continuation) {
861 DCHECK(!did_else_if_);
865 HBasicBlock* true_block = NULL;
866 HBasicBlock* false_block = NULL;
867 Finish(&true_block, &false_block);
868 DCHECK(true_block != NULL);
869 DCHECK(false_block != NULL);
870 continuation->Capture(true_block, false_block);
872 builder()->set_current_block(NULL);
877 void HGraphBuilder::IfBuilder::JoinContinuation(HIfContinuation* continuation) {
878 DCHECK(!did_else_if_);
881 HBasicBlock* true_block = NULL;
882 HBasicBlock* false_block = NULL;
883 Finish(&true_block, &false_block);
884 merge_at_join_blocks_ = NULL;
885 if (true_block != NULL && !true_block->IsFinished()) {
886 DCHECK(continuation->IsTrueReachable());
887 builder()->GotoNoSimulate(true_block, continuation->true_branch());
889 if (false_block != NULL && !false_block->IsFinished()) {
890 DCHECK(continuation->IsFalseReachable());
891 builder()->GotoNoSimulate(false_block, continuation->false_branch());
898 void HGraphBuilder::IfBuilder::Then() {
902 if (needs_compare_) {
903 // Handle if's without any expressions, they jump directly to the "else"
904 // branch. However, we must pretend that the "then" branch is reachable,
905 // so that the graph builder visits it and sees any live range extending
906 // constructs within it.
907 HConstant* constant_false = builder()->graph()->GetConstantFalse();
908 ToBooleanStub::Types boolean_type = ToBooleanStub::Types();
909 boolean_type.Add(ToBooleanStub::BOOLEAN);
910 HBranch* branch = builder()->New<HBranch>(
911 constant_false, boolean_type, first_true_block_, first_false_block_);
912 builder()->FinishCurrentBlock(branch);
914 builder()->set_current_block(first_true_block_);
915 pending_merge_block_ = true;
919 void HGraphBuilder::IfBuilder::Else() {
923 AddMergeAtJoinBlock(false);
924 builder()->set_current_block(first_false_block_);
925 pending_merge_block_ = true;
930 void HGraphBuilder::IfBuilder::Deopt(Deoptimizer::DeoptReason reason) {
932 builder()->Add<HDeoptimize>(reason, Deoptimizer::EAGER);
933 AddMergeAtJoinBlock(true);
937 void HGraphBuilder::IfBuilder::Return(HValue* value) {
938 HValue* parameter_count = builder()->graph()->GetConstantMinus1();
939 builder()->FinishExitCurrentBlock(
940 builder()->New<HReturn>(value, parameter_count));
941 AddMergeAtJoinBlock(false);
945 void HGraphBuilder::IfBuilder::AddMergeAtJoinBlock(bool deopt) {
946 if (!pending_merge_block_) return;
947 HBasicBlock* block = builder()->current_block();
948 DCHECK(block == NULL || !block->IsFinished());
949 MergeAtJoinBlock* record = new (builder()->zone())
950 MergeAtJoinBlock(block, deopt, merge_at_join_blocks_);
951 merge_at_join_blocks_ = record;
953 DCHECK(block->end() == NULL);
955 normal_merge_at_join_block_count_++;
957 deopt_merge_at_join_block_count_++;
960 builder()->set_current_block(NULL);
961 pending_merge_block_ = false;
965 void HGraphBuilder::IfBuilder::Finish() {
970 AddMergeAtJoinBlock(false);
973 AddMergeAtJoinBlock(false);
979 void HGraphBuilder::IfBuilder::Finish(HBasicBlock** then_continuation,
980 HBasicBlock** else_continuation) {
983 MergeAtJoinBlock* else_record = merge_at_join_blocks_;
984 if (else_continuation != NULL) {
985 *else_continuation = else_record->block_;
987 MergeAtJoinBlock* then_record = else_record->next_;
988 if (then_continuation != NULL) {
989 *then_continuation = then_record->block_;
991 DCHECK(then_record->next_ == NULL);
995 void HGraphBuilder::IfBuilder::End() {
996 if (captured_) return;
999 int total_merged_blocks = normal_merge_at_join_block_count_ +
1000 deopt_merge_at_join_block_count_;
1001 DCHECK(total_merged_blocks >= 1);
1002 HBasicBlock* merge_block =
1003 total_merged_blocks == 1 ? NULL : builder()->graph()->CreateBasicBlock();
1005 // Merge non-deopt blocks first to ensure environment has right size for
1007 MergeAtJoinBlock* current = merge_at_join_blocks_;
1008 while (current != NULL) {
1009 if (!current->deopt_ && current->block_ != NULL) {
1010 // If there is only one block that makes it through to the end of the
1011 // if, then just set it as the current block and continue rather then
1012 // creating an unnecessary merge block.
1013 if (total_merged_blocks == 1) {
1014 builder()->set_current_block(current->block_);
1017 builder()->GotoNoSimulate(current->block_, merge_block);
1019 current = current->next_;
1022 // Merge deopt blocks, padding when necessary.
1023 current = merge_at_join_blocks_;
1024 while (current != NULL) {
1025 if (current->deopt_ && current->block_ != NULL) {
1026 current->block_->FinishExit(
1027 HAbnormalExit::New(builder()->isolate(), builder()->zone(), NULL),
1028 SourcePosition::Unknown());
1030 current = current->next_;
1032 builder()->set_current_block(merge_block);
1036 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder) {
1037 Initialize(builder, NULL, kWhileTrue, NULL);
1041 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1042 LoopBuilder::Direction direction) {
1043 Initialize(builder, context, direction, builder->graph()->GetConstant1());
1047 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1048 LoopBuilder::Direction direction,
1049 HValue* increment_amount) {
1050 Initialize(builder, context, direction, increment_amount);
1051 increment_amount_ = increment_amount;
1055 void HGraphBuilder::LoopBuilder::Initialize(HGraphBuilder* builder,
1057 Direction direction,
1058 HValue* increment_amount) {
1061 direction_ = direction;
1062 increment_amount_ = increment_amount;
1065 header_block_ = builder->CreateLoopHeaderBlock();
1068 exit_trampoline_block_ = NULL;
1072 HValue* HGraphBuilder::LoopBuilder::BeginBody(
1074 HValue* terminating,
1075 Token::Value token) {
1076 DCHECK(direction_ != kWhileTrue);
1077 HEnvironment* env = builder_->environment();
1078 phi_ = header_block_->AddNewPhi(env->values()->length());
1079 phi_->AddInput(initial);
1081 builder_->GotoNoSimulate(header_block_);
1083 HEnvironment* body_env = env->Copy();
1084 HEnvironment* exit_env = env->Copy();
1085 // Remove the phi from the expression stack
1088 body_block_ = builder_->CreateBasicBlock(body_env);
1089 exit_block_ = builder_->CreateBasicBlock(exit_env);
1091 builder_->set_current_block(header_block_);
1093 builder_->FinishCurrentBlock(builder_->New<HCompareNumericAndBranch>(
1094 phi_, terminating, token, body_block_, exit_block_));
1096 builder_->set_current_block(body_block_);
1097 if (direction_ == kPreIncrement || direction_ == kPreDecrement) {
1098 Isolate* isolate = builder_->isolate();
1099 HValue* one = builder_->graph()->GetConstant1();
1100 if (direction_ == kPreIncrement) {
1101 increment_ = HAdd::New(isolate, zone(), context_, phi_, one);
1103 increment_ = HSub::New(isolate, zone(), context_, phi_, one);
1105 increment_->ClearFlag(HValue::kCanOverflow);
1106 builder_->AddInstruction(increment_);
1114 void HGraphBuilder::LoopBuilder::BeginBody(int drop_count) {
1115 DCHECK(direction_ == kWhileTrue);
1116 HEnvironment* env = builder_->environment();
1117 builder_->GotoNoSimulate(header_block_);
1118 builder_->set_current_block(header_block_);
1119 env->Drop(drop_count);
1123 void HGraphBuilder::LoopBuilder::Break() {
1124 if (exit_trampoline_block_ == NULL) {
1125 // Its the first time we saw a break.
1126 if (direction_ == kWhileTrue) {
1127 HEnvironment* env = builder_->environment()->Copy();
1128 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1130 HEnvironment* env = exit_block_->last_environment()->Copy();
1131 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1132 builder_->GotoNoSimulate(exit_block_, exit_trampoline_block_);
1136 builder_->GotoNoSimulate(exit_trampoline_block_);
1137 builder_->set_current_block(NULL);
1141 void HGraphBuilder::LoopBuilder::EndBody() {
1144 if (direction_ == kPostIncrement || direction_ == kPostDecrement) {
1145 Isolate* isolate = builder_->isolate();
1146 if (direction_ == kPostIncrement) {
1148 HAdd::New(isolate, zone(), context_, phi_, increment_amount_);
1151 HSub::New(isolate, zone(), context_, phi_, increment_amount_);
1153 increment_->ClearFlag(HValue::kCanOverflow);
1154 builder_->AddInstruction(increment_);
1157 if (direction_ != kWhileTrue) {
1158 // Push the new increment value on the expression stack to merge into
1160 builder_->environment()->Push(increment_);
1162 HBasicBlock* last_block = builder_->current_block();
1163 builder_->GotoNoSimulate(last_block, header_block_);
1164 header_block_->loop_information()->RegisterBackEdge(last_block);
1166 if (exit_trampoline_block_ != NULL) {
1167 builder_->set_current_block(exit_trampoline_block_);
1169 builder_->set_current_block(exit_block_);
1175 HGraph* HGraphBuilder::CreateGraph() {
1176 graph_ = new(zone()) HGraph(info_);
1177 if (FLAG_hydrogen_stats) isolate()->GetHStatistics()->Initialize(info_);
1178 CompilationPhase phase("H_Block building", info_);
1179 set_current_block(graph()->entry_block());
1180 if (!BuildGraph()) return NULL;
1181 graph()->FinalizeUniqueness();
1186 HInstruction* HGraphBuilder::AddInstruction(HInstruction* instr) {
1187 DCHECK(current_block() != NULL);
1188 DCHECK(!FLAG_hydrogen_track_positions ||
1189 !position_.IsUnknown() ||
1190 !info_->IsOptimizing());
1191 current_block()->AddInstruction(instr, source_position());
1192 if (graph()->IsInsideNoSideEffectsScope()) {
1193 instr->SetFlag(HValue::kHasNoObservableSideEffects);
1199 void HGraphBuilder::FinishCurrentBlock(HControlInstruction* last) {
1200 DCHECK(!FLAG_hydrogen_track_positions ||
1201 !info_->IsOptimizing() ||
1202 !position_.IsUnknown());
1203 current_block()->Finish(last, source_position());
1204 if (last->IsReturn() || last->IsAbnormalExit()) {
1205 set_current_block(NULL);
1210 void HGraphBuilder::FinishExitCurrentBlock(HControlInstruction* instruction) {
1211 DCHECK(!FLAG_hydrogen_track_positions || !info_->IsOptimizing() ||
1212 !position_.IsUnknown());
1213 current_block()->FinishExit(instruction, source_position());
1214 if (instruction->IsReturn() || instruction->IsAbnormalExit()) {
1215 set_current_block(NULL);
1220 void HGraphBuilder::AddIncrementCounter(StatsCounter* counter) {
1221 if (FLAG_native_code_counters && counter->Enabled()) {
1222 HValue* reference = Add<HConstant>(ExternalReference(counter));
1224 Add<HLoadNamedField>(reference, nullptr, HObjectAccess::ForCounter());
1225 HValue* new_value = AddUncasted<HAdd>(old_value, graph()->GetConstant1());
1226 new_value->ClearFlag(HValue::kCanOverflow); // Ignore counter overflow
1227 Add<HStoreNamedField>(reference, HObjectAccess::ForCounter(),
1228 new_value, STORE_TO_INITIALIZED_ENTRY);
1233 void HGraphBuilder::AddSimulate(BailoutId id,
1234 RemovableSimulate removable) {
1235 DCHECK(current_block() != NULL);
1236 DCHECK(!graph()->IsInsideNoSideEffectsScope());
1237 current_block()->AddNewSimulate(id, source_position(), removable);
1241 HBasicBlock* HGraphBuilder::CreateBasicBlock(HEnvironment* env) {
1242 HBasicBlock* b = graph()->CreateBasicBlock();
1243 b->SetInitialEnvironment(env);
1248 HBasicBlock* HGraphBuilder::CreateLoopHeaderBlock() {
1249 HBasicBlock* header = graph()->CreateBasicBlock();
1250 HEnvironment* entry_env = environment()->CopyAsLoopHeader(header);
1251 header->SetInitialEnvironment(entry_env);
1252 header->AttachLoopInformation();
1257 HValue* HGraphBuilder::BuildGetElementsKind(HValue* object) {
1258 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
1260 HValue* bit_field2 =
1261 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField2());
1262 return BuildDecodeField<Map::ElementsKindBits>(bit_field2);
1266 HValue* HGraphBuilder::BuildCheckHeapObject(HValue* obj) {
1267 if (obj->type().IsHeapObject()) return obj;
1268 return Add<HCheckHeapObject>(obj);
1272 void HGraphBuilder::FinishExitWithHardDeoptimization(
1273 Deoptimizer::DeoptReason reason) {
1274 Add<HDeoptimize>(reason, Deoptimizer::EAGER);
1275 FinishExitCurrentBlock(New<HAbnormalExit>());
1279 HValue* HGraphBuilder::BuildCheckString(HValue* string) {
1280 if (!string->type().IsString()) {
1281 DCHECK(!string->IsConstant() ||
1282 !HConstant::cast(string)->HasStringValue());
1283 BuildCheckHeapObject(string);
1284 return Add<HCheckInstanceType>(string, HCheckInstanceType::IS_STRING);
1290 HValue* HGraphBuilder::BuildWrapReceiver(HValue* object, HValue* function) {
1291 if (object->type().IsJSObject()) return object;
1292 if (function->IsConstant() &&
1293 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
1294 Handle<JSFunction> f = Handle<JSFunction>::cast(
1295 HConstant::cast(function)->handle(isolate()));
1296 SharedFunctionInfo* shared = f->shared();
1297 if (is_strict(shared->language_mode()) || shared->native()) return object;
1299 return Add<HWrapReceiver>(object, function);
1303 HValue* HGraphBuilder::BuildCheckForCapacityGrow(
1310 PropertyAccessType access_type) {
1311 IfBuilder length_checker(this);
1313 Token::Value token = IsHoleyElementsKind(kind) ? Token::GTE : Token::EQ;
1314 length_checker.If<HCompareNumericAndBranch>(key, length, token);
1316 length_checker.Then();
1318 HValue* current_capacity = AddLoadFixedArrayLength(elements);
1320 IfBuilder capacity_checker(this);
1322 capacity_checker.If<HCompareNumericAndBranch>(key, current_capacity,
1324 capacity_checker.Then();
1326 HValue* max_gap = Add<HConstant>(static_cast<int32_t>(JSObject::kMaxGap));
1327 HValue* max_capacity = AddUncasted<HAdd>(current_capacity, max_gap);
1329 Add<HBoundsCheck>(key, max_capacity);
1331 HValue* new_capacity = BuildNewElementsCapacity(key);
1332 HValue* new_elements = BuildGrowElementsCapacity(object, elements,
1336 environment()->Push(new_elements);
1337 capacity_checker.Else();
1339 environment()->Push(elements);
1340 capacity_checker.End();
1343 HValue* new_length = AddUncasted<HAdd>(key, graph_->GetConstant1());
1344 new_length->ClearFlag(HValue::kCanOverflow);
1346 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(kind),
1350 if (access_type == STORE && kind == FAST_SMI_ELEMENTS) {
1351 HValue* checked_elements = environment()->Top();
1353 // Write zero to ensure that the new element is initialized with some smi.
1354 Add<HStoreKeyed>(checked_elements, key, graph()->GetConstant0(), kind);
1357 length_checker.Else();
1358 Add<HBoundsCheck>(key, length);
1360 environment()->Push(elements);
1361 length_checker.End();
1363 return environment()->Pop();
1367 HValue* HGraphBuilder::BuildCopyElementsOnWrite(HValue* object,
1371 Factory* factory = isolate()->factory();
1373 IfBuilder cow_checker(this);
1375 cow_checker.If<HCompareMap>(elements, factory->fixed_cow_array_map());
1378 HValue* capacity = AddLoadFixedArrayLength(elements);
1380 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind,
1381 kind, length, capacity);
1383 environment()->Push(new_elements);
1387 environment()->Push(elements);
1391 return environment()->Pop();
1395 void HGraphBuilder::BuildTransitionElementsKind(HValue* object,
1397 ElementsKind from_kind,
1398 ElementsKind to_kind,
1400 DCHECK(!IsFastHoleyElementsKind(from_kind) ||
1401 IsFastHoleyElementsKind(to_kind));
1403 if (AllocationSite::GetMode(from_kind, to_kind) == TRACK_ALLOCATION_SITE) {
1404 Add<HTrapAllocationMemento>(object);
1407 if (!IsSimpleMapChangeTransition(from_kind, to_kind)) {
1408 HInstruction* elements = AddLoadElements(object);
1410 HInstruction* empty_fixed_array = Add<HConstant>(
1411 isolate()->factory()->empty_fixed_array());
1413 IfBuilder if_builder(this);
1415 if_builder.IfNot<HCompareObjectEqAndBranch>(elements, empty_fixed_array);
1419 HInstruction* elements_length = AddLoadFixedArrayLength(elements);
1421 HInstruction* array_length =
1423 ? Add<HLoadNamedField>(object, nullptr,
1424 HObjectAccess::ForArrayLength(from_kind))
1427 BuildGrowElementsCapacity(object, elements, from_kind, to_kind,
1428 array_length, elements_length);
1433 Add<HStoreNamedField>(object, HObjectAccess::ForMap(), map);
1437 void HGraphBuilder::BuildJSObjectCheck(HValue* receiver,
1438 int bit_field_mask) {
1439 // Check that the object isn't a smi.
1440 Add<HCheckHeapObject>(receiver);
1442 // Get the map of the receiver.
1444 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1446 // Check the instance type and if an access check is needed, this can be
1447 // done with a single load, since both bytes are adjacent in the map.
1448 HObjectAccess access(HObjectAccess::ForMapInstanceTypeAndBitField());
1449 HValue* instance_type_and_bit_field =
1450 Add<HLoadNamedField>(map, nullptr, access);
1452 HValue* mask = Add<HConstant>(0x00FF | (bit_field_mask << 8));
1453 HValue* and_result = AddUncasted<HBitwise>(Token::BIT_AND,
1454 instance_type_and_bit_field,
1456 HValue* sub_result = AddUncasted<HSub>(and_result,
1457 Add<HConstant>(JS_OBJECT_TYPE));
1458 Add<HBoundsCheck>(sub_result,
1459 Add<HConstant>(LAST_JS_OBJECT_TYPE + 1 - JS_OBJECT_TYPE));
1463 void HGraphBuilder::BuildKeyedIndexCheck(HValue* key,
1464 HIfContinuation* join_continuation) {
1465 // The sometimes unintuitively backward ordering of the ifs below is
1466 // convoluted, but necessary. All of the paths must guarantee that the
1467 // if-true of the continuation returns a smi element index and the if-false of
1468 // the continuation returns either a symbol or a unique string key. All other
1469 // object types cause a deopt to fall back to the runtime.
1471 IfBuilder key_smi_if(this);
1472 key_smi_if.If<HIsSmiAndBranch>(key);
1475 Push(key); // Nothing to do, just continue to true of continuation.
1479 HValue* map = Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForMap());
1480 HValue* instance_type =
1481 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1483 // Non-unique string, check for a string with a hash code that is actually
1485 STATIC_ASSERT(LAST_UNIQUE_NAME_TYPE == FIRST_NONSTRING_TYPE);
1486 IfBuilder not_string_or_name_if(this);
1487 not_string_or_name_if.If<HCompareNumericAndBranch>(
1489 Add<HConstant>(LAST_UNIQUE_NAME_TYPE),
1492 not_string_or_name_if.Then();
1494 // Non-smi, non-Name, non-String: Try to convert to smi in case of
1496 // TODO(danno): This could call some variant of ToString
1497 Push(AddUncasted<HForceRepresentation>(key, Representation::Smi()));
1499 not_string_or_name_if.Else();
1501 // String or Name: check explicitly for Name, they can short-circuit
1502 // directly to unique non-index key path.
1503 IfBuilder not_symbol_if(this);
1504 not_symbol_if.If<HCompareNumericAndBranch>(
1506 Add<HConstant>(SYMBOL_TYPE),
1509 not_symbol_if.Then();
1511 // String: check whether the String is a String of an index. If it is,
1512 // extract the index value from the hash.
1513 HValue* hash = Add<HLoadNamedField>(key, nullptr,
1514 HObjectAccess::ForNameHashField());
1515 HValue* not_index_mask = Add<HConstant>(static_cast<int>(
1516 String::kContainsCachedArrayIndexMask));
1518 HValue* not_index_test = AddUncasted<HBitwise>(
1519 Token::BIT_AND, hash, not_index_mask);
1521 IfBuilder string_index_if(this);
1522 string_index_if.If<HCompareNumericAndBranch>(not_index_test,
1523 graph()->GetConstant0(),
1525 string_index_if.Then();
1527 // String with index in hash: extract string and merge to index path.
1528 Push(BuildDecodeField<String::ArrayIndexValueBits>(hash));
1530 string_index_if.Else();
1532 // Key is a non-index String, check for uniqueness/internalization.
1533 // If it's not internalized yet, internalize it now.
1534 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1537 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1539 IfBuilder internalized(this);
1540 internalized.If<HCompareNumericAndBranch>(not_internalized_bit,
1541 graph()->GetConstant0(),
1543 internalized.Then();
1546 internalized.Else();
1547 Add<HPushArguments>(key);
1548 HValue* intern_key = Add<HCallRuntime>(
1549 isolate()->factory()->empty_string(),
1550 Runtime::FunctionForId(Runtime::kInternalizeString), 1);
1554 // Key guaranteed to be a unique string
1556 string_index_if.JoinContinuation(join_continuation);
1558 not_symbol_if.Else();
1560 Push(key); // Key is symbol
1562 not_symbol_if.JoinContinuation(join_continuation);
1564 not_string_or_name_if.JoinContinuation(join_continuation);
1566 key_smi_if.JoinContinuation(join_continuation);
1570 void HGraphBuilder::BuildNonGlobalObjectCheck(HValue* receiver) {
1571 // Get the the instance type of the receiver, and make sure that it is
1572 // not one of the global object types.
1574 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1575 HValue* instance_type =
1576 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1577 STATIC_ASSERT(JS_BUILTINS_OBJECT_TYPE == JS_GLOBAL_OBJECT_TYPE + 1);
1578 HValue* min_global_type = Add<HConstant>(JS_GLOBAL_OBJECT_TYPE);
1579 HValue* max_global_type = Add<HConstant>(JS_BUILTINS_OBJECT_TYPE);
1581 IfBuilder if_global_object(this);
1582 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1585 if_global_object.And();
1586 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1589 if_global_object.ThenDeopt(Deoptimizer::kReceiverWasAGlobalObject);
1590 if_global_object.End();
1594 void HGraphBuilder::BuildTestForDictionaryProperties(
1596 HIfContinuation* continuation) {
1597 HValue* properties = Add<HLoadNamedField>(
1598 object, nullptr, HObjectAccess::ForPropertiesPointer());
1599 HValue* properties_map =
1600 Add<HLoadNamedField>(properties, nullptr, HObjectAccess::ForMap());
1601 HValue* hash_map = Add<HLoadRoot>(Heap::kHashTableMapRootIndex);
1602 IfBuilder builder(this);
1603 builder.If<HCompareObjectEqAndBranch>(properties_map, hash_map);
1604 builder.CaptureContinuation(continuation);
1608 HValue* HGraphBuilder::BuildKeyedLookupCacheHash(HValue* object,
1610 // Load the map of the receiver, compute the keyed lookup cache hash
1611 // based on 32 bits of the map pointer and the string hash.
1612 HValue* object_map =
1613 Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMapAsInteger32());
1614 HValue* shifted_map = AddUncasted<HShr>(
1615 object_map, Add<HConstant>(KeyedLookupCache::kMapHashShift));
1616 HValue* string_hash =
1617 Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForStringHashField());
1618 HValue* shifted_hash = AddUncasted<HShr>(
1619 string_hash, Add<HConstant>(String::kHashShift));
1620 HValue* xor_result = AddUncasted<HBitwise>(Token::BIT_XOR, shifted_map,
1622 int mask = (KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask);
1623 return AddUncasted<HBitwise>(Token::BIT_AND, xor_result,
1624 Add<HConstant>(mask));
1628 HValue* HGraphBuilder::BuildElementIndexHash(HValue* index) {
1629 int32_t seed_value = static_cast<uint32_t>(isolate()->heap()->HashSeed());
1630 HValue* seed = Add<HConstant>(seed_value);
1631 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, index, seed);
1633 // hash = ~hash + (hash << 15);
1634 HValue* shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(15));
1635 HValue* not_hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash,
1636 graph()->GetConstantMinus1());
1637 hash = AddUncasted<HAdd>(shifted_hash, not_hash);
1639 // hash = hash ^ (hash >> 12);
1640 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(12));
1641 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1643 // hash = hash + (hash << 2);
1644 shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(2));
1645 hash = AddUncasted<HAdd>(hash, shifted_hash);
1647 // hash = hash ^ (hash >> 4);
1648 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(4));
1649 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1651 // hash = hash * 2057;
1652 hash = AddUncasted<HMul>(hash, Add<HConstant>(2057));
1653 hash->ClearFlag(HValue::kCanOverflow);
1655 // hash = hash ^ (hash >> 16);
1656 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(16));
1657 return AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1661 HValue* HGraphBuilder::BuildUncheckedDictionaryElementLoad(HValue* receiver,
1666 Add<HLoadKeyed>(elements, Add<HConstant>(NameDictionary::kCapacityIndex),
1667 nullptr, FAST_ELEMENTS);
1669 HValue* mask = AddUncasted<HSub>(capacity, graph()->GetConstant1());
1670 mask->ChangeRepresentation(Representation::Integer32());
1671 mask->ClearFlag(HValue::kCanOverflow);
1673 HValue* entry = hash;
1674 HValue* count = graph()->GetConstant1();
1678 HIfContinuation return_or_loop_continuation(graph()->CreateBasicBlock(),
1679 graph()->CreateBasicBlock());
1680 HIfContinuation found_key_match_continuation(graph()->CreateBasicBlock(),
1681 graph()->CreateBasicBlock());
1682 LoopBuilder probe_loop(this);
1683 probe_loop.BeginBody(2); // Drop entry, count from last environment to
1684 // appease live range building without simulates.
1688 entry = AddUncasted<HBitwise>(Token::BIT_AND, entry, mask);
1689 int entry_size = SeededNumberDictionary::kEntrySize;
1690 HValue* base_index = AddUncasted<HMul>(entry, Add<HConstant>(entry_size));
1691 base_index->ClearFlag(HValue::kCanOverflow);
1692 int start_offset = SeededNumberDictionary::kElementsStartIndex;
1694 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset));
1695 key_index->ClearFlag(HValue::kCanOverflow);
1697 HValue* candidate_key =
1698 Add<HLoadKeyed>(elements, key_index, nullptr, FAST_ELEMENTS);
1699 IfBuilder if_undefined(this);
1700 if_undefined.If<HCompareObjectEqAndBranch>(candidate_key,
1701 graph()->GetConstantUndefined());
1702 if_undefined.Then();
1704 // element == undefined means "not found". Call the runtime.
1705 // TODO(jkummerow): walk the prototype chain instead.
1706 Add<HPushArguments>(receiver, key);
1707 Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
1708 Runtime::FunctionForId(Runtime::kKeyedGetProperty),
1711 if_undefined.Else();
1713 IfBuilder if_match(this);
1714 if_match.If<HCompareObjectEqAndBranch>(candidate_key, key);
1718 // Update non-internalized string in the dictionary with internalized key?
1719 IfBuilder if_update_with_internalized(this);
1721 if_update_with_internalized.IfNot<HIsSmiAndBranch>(candidate_key);
1722 if_update_with_internalized.And();
1723 HValue* map = AddLoadMap(candidate_key, smi_check);
1724 HValue* instance_type =
1725 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1726 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1727 Token::BIT_AND, instance_type,
1728 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1729 if_update_with_internalized.If<HCompareNumericAndBranch>(
1730 not_internalized_bit, graph()->GetConstant0(), Token::NE);
1731 if_update_with_internalized.And();
1732 if_update_with_internalized.IfNot<HCompareObjectEqAndBranch>(
1733 candidate_key, graph()->GetConstantHole());
1734 if_update_with_internalized.AndIf<HStringCompareAndBranch>(candidate_key,
1736 if_update_with_internalized.Then();
1737 // Replace a key that is a non-internalized string by the equivalent
1738 // internalized string for faster further lookups.
1739 Add<HStoreKeyed>(elements, key_index, key, FAST_ELEMENTS);
1740 if_update_with_internalized.Else();
1742 if_update_with_internalized.JoinContinuation(&found_key_match_continuation);
1743 if_match.JoinContinuation(&found_key_match_continuation);
1745 IfBuilder found_key_match(this, &found_key_match_continuation);
1746 found_key_match.Then();
1747 // Key at current probe matches. Relevant bits in the |details| field must
1748 // be zero, otherwise the dictionary element requires special handling.
1749 HValue* details_index =
1750 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 2));
1751 details_index->ClearFlag(HValue::kCanOverflow);
1753 Add<HLoadKeyed>(elements, details_index, nullptr, FAST_ELEMENTS);
1754 int details_mask = PropertyDetails::TypeField::kMask |
1755 PropertyDetails::DeletedField::kMask;
1756 details = AddUncasted<HBitwise>(Token::BIT_AND, details,
1757 Add<HConstant>(details_mask));
1758 IfBuilder details_compare(this);
1759 details_compare.If<HCompareNumericAndBranch>(
1760 details, graph()->GetConstant0(), Token::EQ);
1761 details_compare.Then();
1762 HValue* result_index =
1763 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 1));
1764 result_index->ClearFlag(HValue::kCanOverflow);
1765 Push(Add<HLoadKeyed>(elements, result_index, nullptr, FAST_ELEMENTS));
1766 details_compare.Else();
1767 Add<HPushArguments>(receiver, key);
1768 Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
1769 Runtime::FunctionForId(Runtime::kKeyedGetProperty),
1771 details_compare.End();
1773 found_key_match.Else();
1774 found_key_match.JoinContinuation(&return_or_loop_continuation);
1776 if_undefined.JoinContinuation(&return_or_loop_continuation);
1778 IfBuilder return_or_loop(this, &return_or_loop_continuation);
1779 return_or_loop.Then();
1782 return_or_loop.Else();
1783 entry = AddUncasted<HAdd>(entry, count);
1784 entry->ClearFlag(HValue::kCanOverflow);
1785 count = AddUncasted<HAdd>(count, graph()->GetConstant1());
1786 count->ClearFlag(HValue::kCanOverflow);
1790 probe_loop.EndBody();
1792 return_or_loop.End();
1798 HValue* HGraphBuilder::BuildRegExpConstructResult(HValue* length,
1801 NoObservableSideEffectsScope scope(this);
1802 HConstant* max_length = Add<HConstant>(JSObject::kInitialMaxFastElementArray);
1803 Add<HBoundsCheck>(length, max_length);
1805 // Generate size calculation code here in order to make it dominate
1806 // the JSRegExpResult allocation.
1807 ElementsKind elements_kind = FAST_ELEMENTS;
1808 HValue* size = BuildCalculateElementsSize(elements_kind, length);
1810 // Allocate the JSRegExpResult and the FixedArray in one step.
1811 HValue* result = Add<HAllocate>(
1812 Add<HConstant>(JSRegExpResult::kSize), HType::JSArray(),
1813 NOT_TENURED, JS_ARRAY_TYPE);
1815 // Initialize the JSRegExpResult header.
1816 HValue* global_object = Add<HLoadNamedField>(
1818 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
1819 HValue* native_context = Add<HLoadNamedField>(
1820 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
1821 Add<HStoreNamedField>(
1822 result, HObjectAccess::ForMap(),
1823 Add<HLoadNamedField>(
1824 native_context, nullptr,
1825 HObjectAccess::ForContextSlot(Context::REGEXP_RESULT_MAP_INDEX)));
1826 HConstant* empty_fixed_array =
1827 Add<HConstant>(isolate()->factory()->empty_fixed_array());
1828 Add<HStoreNamedField>(
1829 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
1831 Add<HStoreNamedField>(
1832 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1834 Add<HStoreNamedField>(
1835 result, HObjectAccess::ForJSArrayOffset(JSArray::kLengthOffset), length);
1837 // Initialize the additional fields.
1838 Add<HStoreNamedField>(
1839 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kIndexOffset),
1841 Add<HStoreNamedField>(
1842 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kInputOffset),
1845 // Allocate and initialize the elements header.
1846 HAllocate* elements = BuildAllocateElements(elements_kind, size);
1847 BuildInitializeElementsHeader(elements, elements_kind, length);
1849 if (!elements->has_size_upper_bound()) {
1850 HConstant* size_in_bytes_upper_bound = EstablishElementsAllocationSize(
1851 elements_kind, max_length->Integer32Value());
1852 elements->set_size_upper_bound(size_in_bytes_upper_bound);
1855 Add<HStoreNamedField>(
1856 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1859 // Initialize the elements contents with undefined.
1860 BuildFillElementsWithValue(
1861 elements, elements_kind, graph()->GetConstant0(), length,
1862 graph()->GetConstantUndefined());
1868 HValue* HGraphBuilder::BuildNumberToString(HValue* object, Type* type) {
1869 NoObservableSideEffectsScope scope(this);
1871 // Convert constant numbers at compile time.
1872 if (object->IsConstant() && HConstant::cast(object)->HasNumberValue()) {
1873 Handle<Object> number = HConstant::cast(object)->handle(isolate());
1874 Handle<String> result = isolate()->factory()->NumberToString(number);
1875 return Add<HConstant>(result);
1878 // Create a joinable continuation.
1879 HIfContinuation found(graph()->CreateBasicBlock(),
1880 graph()->CreateBasicBlock());
1882 // Load the number string cache.
1883 HValue* number_string_cache =
1884 Add<HLoadRoot>(Heap::kNumberStringCacheRootIndex);
1886 // Make the hash mask from the length of the number string cache. It
1887 // contains two elements (number and string) for each cache entry.
1888 HValue* mask = AddLoadFixedArrayLength(number_string_cache);
1889 mask->set_type(HType::Smi());
1890 mask = AddUncasted<HSar>(mask, graph()->GetConstant1());
1891 mask = AddUncasted<HSub>(mask, graph()->GetConstant1());
1893 // Check whether object is a smi.
1894 IfBuilder if_objectissmi(this);
1895 if_objectissmi.If<HIsSmiAndBranch>(object);
1896 if_objectissmi.Then();
1898 // Compute hash for smi similar to smi_get_hash().
1899 HValue* hash = AddUncasted<HBitwise>(Token::BIT_AND, object, mask);
1902 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1903 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1904 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1906 // Check if object == key.
1907 IfBuilder if_objectiskey(this);
1908 if_objectiskey.If<HCompareObjectEqAndBranch>(object, key);
1909 if_objectiskey.Then();
1911 // Make the key_index available.
1914 if_objectiskey.JoinContinuation(&found);
1916 if_objectissmi.Else();
1918 if (type->Is(Type::SignedSmall())) {
1919 if_objectissmi.Deopt(Deoptimizer::kExpectedSmi);
1921 // Check if the object is a heap number.
1922 IfBuilder if_objectisnumber(this);
1923 HValue* objectisnumber = if_objectisnumber.If<HCompareMap>(
1924 object, isolate()->factory()->heap_number_map());
1925 if_objectisnumber.Then();
1927 // Compute hash for heap number similar to double_get_hash().
1928 HValue* low = Add<HLoadNamedField>(
1929 object, objectisnumber,
1930 HObjectAccess::ForHeapNumberValueLowestBits());
1931 HValue* high = Add<HLoadNamedField>(
1932 object, objectisnumber,
1933 HObjectAccess::ForHeapNumberValueHighestBits());
1934 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, low, high);
1935 hash = AddUncasted<HBitwise>(Token::BIT_AND, hash, mask);
1938 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1939 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1940 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1942 // Check if the key is a heap number and compare it with the object.
1943 IfBuilder if_keyisnotsmi(this);
1944 HValue* keyisnotsmi = if_keyisnotsmi.IfNot<HIsSmiAndBranch>(key);
1945 if_keyisnotsmi.Then();
1947 IfBuilder if_keyisheapnumber(this);
1948 if_keyisheapnumber.If<HCompareMap>(
1949 key, isolate()->factory()->heap_number_map());
1950 if_keyisheapnumber.Then();
1952 // Check if values of key and object match.
1953 IfBuilder if_keyeqobject(this);
1954 if_keyeqobject.If<HCompareNumericAndBranch>(
1955 Add<HLoadNamedField>(key, keyisnotsmi,
1956 HObjectAccess::ForHeapNumberValue()),
1957 Add<HLoadNamedField>(object, objectisnumber,
1958 HObjectAccess::ForHeapNumberValue()),
1960 if_keyeqobject.Then();
1962 // Make the key_index available.
1965 if_keyeqobject.JoinContinuation(&found);
1967 if_keyisheapnumber.JoinContinuation(&found);
1969 if_keyisnotsmi.JoinContinuation(&found);
1971 if_objectisnumber.Else();
1973 if (type->Is(Type::Number())) {
1974 if_objectisnumber.Deopt(Deoptimizer::kExpectedHeapNumber);
1977 if_objectisnumber.JoinContinuation(&found);
1980 if_objectissmi.JoinContinuation(&found);
1982 // Check for cache hit.
1983 IfBuilder if_found(this, &found);
1986 // Count number to string operation in native code.
1987 AddIncrementCounter(isolate()->counters()->number_to_string_native());
1989 // Load the value in case of cache hit.
1990 HValue* key_index = Pop();
1991 HValue* value_index = AddUncasted<HAdd>(key_index, graph()->GetConstant1());
1992 Push(Add<HLoadKeyed>(number_string_cache, value_index, nullptr,
1993 FAST_ELEMENTS, ALLOW_RETURN_HOLE));
1997 // Cache miss, fallback to runtime.
1998 Add<HPushArguments>(object);
1999 Push(Add<HCallRuntime>(
2000 isolate()->factory()->empty_string(),
2001 Runtime::FunctionForId(Runtime::kNumberToStringSkipCache),
2010 HAllocate* HGraphBuilder::BuildAllocate(
2011 HValue* object_size,
2013 InstanceType instance_type,
2014 HAllocationMode allocation_mode) {
2015 // Compute the effective allocation size.
2016 HValue* size = object_size;
2017 if (allocation_mode.CreateAllocationMementos()) {
2018 size = AddUncasted<HAdd>(size, Add<HConstant>(AllocationMemento::kSize));
2019 size->ClearFlag(HValue::kCanOverflow);
2022 // Perform the actual allocation.
2023 HAllocate* object = Add<HAllocate>(
2024 size, type, allocation_mode.GetPretenureMode(),
2025 instance_type, allocation_mode.feedback_site());
2027 // Setup the allocation memento.
2028 if (allocation_mode.CreateAllocationMementos()) {
2029 BuildCreateAllocationMemento(
2030 object, object_size, allocation_mode.current_site());
2037 HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
2038 HValue* right_length) {
2039 // Compute the combined string length and check against max string length.
2040 HValue* length = AddUncasted<HAdd>(left_length, right_length);
2041 // Check that length <= kMaxLength <=> length < MaxLength + 1.
2042 HValue* max_length = Add<HConstant>(String::kMaxLength + 1);
2043 Add<HBoundsCheck>(length, max_length);
2048 HValue* HGraphBuilder::BuildCreateConsString(
2052 HAllocationMode allocation_mode) {
2053 // Determine the string instance types.
2054 HInstruction* left_instance_type = AddLoadStringInstanceType(left);
2055 HInstruction* right_instance_type = AddLoadStringInstanceType(right);
2057 // Allocate the cons string object. HAllocate does not care whether we
2058 // pass CONS_STRING_TYPE or CONS_ONE_BYTE_STRING_TYPE here, so we just use
2059 // CONS_STRING_TYPE here. Below we decide whether the cons string is
2060 // one-byte or two-byte and set the appropriate map.
2061 DCHECK(HAllocate::CompatibleInstanceTypes(CONS_STRING_TYPE,
2062 CONS_ONE_BYTE_STRING_TYPE));
2063 HAllocate* result = BuildAllocate(Add<HConstant>(ConsString::kSize),
2064 HType::String(), CONS_STRING_TYPE,
2067 // Compute intersection and difference of instance types.
2068 HValue* anded_instance_types = AddUncasted<HBitwise>(
2069 Token::BIT_AND, left_instance_type, right_instance_type);
2070 HValue* xored_instance_types = AddUncasted<HBitwise>(
2071 Token::BIT_XOR, left_instance_type, right_instance_type);
2073 // We create a one-byte cons string if
2074 // 1. both strings are one-byte, or
2075 // 2. at least one of the strings is two-byte, but happens to contain only
2076 // one-byte characters.
2077 // To do this, we check
2078 // 1. if both strings are one-byte, or if the one-byte data hint is set in
2080 // 2. if one of the strings has the one-byte data hint set and the other
2081 // string is one-byte.
2082 IfBuilder if_onebyte(this);
2083 STATIC_ASSERT(kOneByteStringTag != 0);
2084 STATIC_ASSERT(kOneByteDataHintMask != 0);
2085 if_onebyte.If<HCompareNumericAndBranch>(
2086 AddUncasted<HBitwise>(
2087 Token::BIT_AND, anded_instance_types,
2088 Add<HConstant>(static_cast<int32_t>(
2089 kStringEncodingMask | kOneByteDataHintMask))),
2090 graph()->GetConstant0(), Token::NE);
2092 STATIC_ASSERT(kOneByteStringTag != 0 &&
2093 kOneByteDataHintTag != 0 &&
2094 kOneByteDataHintTag != kOneByteStringTag);
2095 if_onebyte.If<HCompareNumericAndBranch>(
2096 AddUncasted<HBitwise>(
2097 Token::BIT_AND, xored_instance_types,
2098 Add<HConstant>(static_cast<int32_t>(
2099 kOneByteStringTag | kOneByteDataHintTag))),
2100 Add<HConstant>(static_cast<int32_t>(
2101 kOneByteStringTag | kOneByteDataHintTag)), Token::EQ);
2104 // We can safely skip the write barrier for storing the map here.
2105 Add<HStoreNamedField>(
2106 result, HObjectAccess::ForMap(),
2107 Add<HConstant>(isolate()->factory()->cons_one_byte_string_map()));
2111 // We can safely skip the write barrier for storing the map here.
2112 Add<HStoreNamedField>(
2113 result, HObjectAccess::ForMap(),
2114 Add<HConstant>(isolate()->factory()->cons_string_map()));
2118 // Initialize the cons string fields.
2119 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2120 Add<HConstant>(String::kEmptyHashField));
2121 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2122 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringFirst(), left);
2123 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringSecond(), right);
2125 // Count the native string addition.
2126 AddIncrementCounter(isolate()->counters()->string_add_native());
2132 void HGraphBuilder::BuildCopySeqStringChars(HValue* src,
2134 String::Encoding src_encoding,
2137 String::Encoding dst_encoding,
2139 DCHECK(dst_encoding != String::ONE_BYTE_ENCODING ||
2140 src_encoding == String::ONE_BYTE_ENCODING);
2141 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
2142 HValue* index = loop.BeginBody(graph()->GetConstant0(), length, Token::LT);
2144 HValue* src_index = AddUncasted<HAdd>(src_offset, index);
2146 AddUncasted<HSeqStringGetChar>(src_encoding, src, src_index);
2147 HValue* dst_index = AddUncasted<HAdd>(dst_offset, index);
2148 Add<HSeqStringSetChar>(dst_encoding, dst, dst_index, value);
2154 HValue* HGraphBuilder::BuildObjectSizeAlignment(
2155 HValue* unaligned_size, int header_size) {
2156 DCHECK((header_size & kObjectAlignmentMask) == 0);
2157 HValue* size = AddUncasted<HAdd>(
2158 unaligned_size, Add<HConstant>(static_cast<int32_t>(
2159 header_size + kObjectAlignmentMask)));
2160 size->ClearFlag(HValue::kCanOverflow);
2161 return AddUncasted<HBitwise>(
2162 Token::BIT_AND, size, Add<HConstant>(static_cast<int32_t>(
2163 ~kObjectAlignmentMask)));
2167 HValue* HGraphBuilder::BuildUncheckedStringAdd(
2170 HAllocationMode allocation_mode) {
2171 // Determine the string lengths.
2172 HValue* left_length = AddLoadStringLength(left);
2173 HValue* right_length = AddLoadStringLength(right);
2175 // Compute the combined string length.
2176 HValue* length = BuildAddStringLengths(left_length, right_length);
2178 // Do some manual constant folding here.
2179 if (left_length->IsConstant()) {
2180 HConstant* c_left_length = HConstant::cast(left_length);
2181 DCHECK_NE(0, c_left_length->Integer32Value());
2182 if (c_left_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2183 // The right string contains at least one character.
2184 return BuildCreateConsString(length, left, right, allocation_mode);
2186 } else if (right_length->IsConstant()) {
2187 HConstant* c_right_length = HConstant::cast(right_length);
2188 DCHECK_NE(0, c_right_length->Integer32Value());
2189 if (c_right_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2190 // The left string contains at least one character.
2191 return BuildCreateConsString(length, left, right, allocation_mode);
2195 // Check if we should create a cons string.
2196 IfBuilder if_createcons(this);
2197 if_createcons.If<HCompareNumericAndBranch>(
2198 length, Add<HConstant>(ConsString::kMinLength), Token::GTE);
2199 if_createcons.Then();
2201 // Create a cons string.
2202 Push(BuildCreateConsString(length, left, right, allocation_mode));
2204 if_createcons.Else();
2206 // Determine the string instance types.
2207 HValue* left_instance_type = AddLoadStringInstanceType(left);
2208 HValue* right_instance_type = AddLoadStringInstanceType(right);
2210 // Compute union and difference of instance types.
2211 HValue* ored_instance_types = AddUncasted<HBitwise>(
2212 Token::BIT_OR, left_instance_type, right_instance_type);
2213 HValue* xored_instance_types = AddUncasted<HBitwise>(
2214 Token::BIT_XOR, left_instance_type, right_instance_type);
2216 // Check if both strings have the same encoding and both are
2218 IfBuilder if_sameencodingandsequential(this);
2219 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2220 AddUncasted<HBitwise>(
2221 Token::BIT_AND, xored_instance_types,
2222 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2223 graph()->GetConstant0(), Token::EQ);
2224 if_sameencodingandsequential.And();
2225 STATIC_ASSERT(kSeqStringTag == 0);
2226 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2227 AddUncasted<HBitwise>(
2228 Token::BIT_AND, ored_instance_types,
2229 Add<HConstant>(static_cast<int32_t>(kStringRepresentationMask))),
2230 graph()->GetConstant0(), Token::EQ);
2231 if_sameencodingandsequential.Then();
2233 HConstant* string_map =
2234 Add<HConstant>(isolate()->factory()->string_map());
2235 HConstant* one_byte_string_map =
2236 Add<HConstant>(isolate()->factory()->one_byte_string_map());
2238 // Determine map and size depending on whether result is one-byte string.
2239 IfBuilder if_onebyte(this);
2240 STATIC_ASSERT(kOneByteStringTag != 0);
2241 if_onebyte.If<HCompareNumericAndBranch>(
2242 AddUncasted<HBitwise>(
2243 Token::BIT_AND, ored_instance_types,
2244 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2245 graph()->GetConstant0(), Token::NE);
2248 // Allocate sequential one-byte string object.
2250 Push(one_byte_string_map);
2254 // Allocate sequential two-byte string object.
2255 HValue* size = AddUncasted<HShl>(length, graph()->GetConstant1());
2256 size->ClearFlag(HValue::kCanOverflow);
2257 size->SetFlag(HValue::kUint32);
2262 HValue* map = Pop();
2264 // Calculate the number of bytes needed for the characters in the
2265 // string while observing object alignment.
2266 STATIC_ASSERT((SeqString::kHeaderSize & kObjectAlignmentMask) == 0);
2267 HValue* size = BuildObjectSizeAlignment(Pop(), SeqString::kHeaderSize);
2269 // Allocate the string object. HAllocate does not care whether we pass
2270 // STRING_TYPE or ONE_BYTE_STRING_TYPE here, so we just use STRING_TYPE.
2271 HAllocate* result = BuildAllocate(
2272 size, HType::String(), STRING_TYPE, allocation_mode);
2273 Add<HStoreNamedField>(result, HObjectAccess::ForMap(), map);
2275 // Initialize the string fields.
2276 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2277 Add<HConstant>(String::kEmptyHashField));
2278 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2280 // Copy characters to the result string.
2281 IfBuilder if_twobyte(this);
2282 if_twobyte.If<HCompareObjectEqAndBranch>(map, string_map);
2285 // Copy characters from the left string.
2286 BuildCopySeqStringChars(
2287 left, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2288 result, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2291 // Copy characters from the right string.
2292 BuildCopySeqStringChars(
2293 right, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2294 result, left_length, String::TWO_BYTE_ENCODING,
2299 // Copy characters from the left string.
2300 BuildCopySeqStringChars(
2301 left, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2302 result, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2305 // Copy characters from the right string.
2306 BuildCopySeqStringChars(
2307 right, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2308 result, left_length, String::ONE_BYTE_ENCODING,
2313 // Count the native string addition.
2314 AddIncrementCounter(isolate()->counters()->string_add_native());
2316 // Return the sequential string.
2319 if_sameencodingandsequential.Else();
2321 // Fallback to the runtime to add the two strings.
2322 Add<HPushArguments>(left, right);
2323 Push(Add<HCallRuntime>(
2324 isolate()->factory()->empty_string(),
2325 Runtime::FunctionForId(Runtime::kStringAdd),
2328 if_sameencodingandsequential.End();
2330 if_createcons.End();
2336 HValue* HGraphBuilder::BuildStringAdd(
2339 HAllocationMode allocation_mode) {
2340 NoObservableSideEffectsScope no_effects(this);
2342 // Determine string lengths.
2343 HValue* left_length = AddLoadStringLength(left);
2344 HValue* right_length = AddLoadStringLength(right);
2346 // Check if left string is empty.
2347 IfBuilder if_leftempty(this);
2348 if_leftempty.If<HCompareNumericAndBranch>(
2349 left_length, graph()->GetConstant0(), Token::EQ);
2350 if_leftempty.Then();
2352 // Count the native string addition.
2353 AddIncrementCounter(isolate()->counters()->string_add_native());
2355 // Just return the right string.
2358 if_leftempty.Else();
2360 // Check if right string is empty.
2361 IfBuilder if_rightempty(this);
2362 if_rightempty.If<HCompareNumericAndBranch>(
2363 right_length, graph()->GetConstant0(), Token::EQ);
2364 if_rightempty.Then();
2366 // Count the native string addition.
2367 AddIncrementCounter(isolate()->counters()->string_add_native());
2369 // Just return the left string.
2372 if_rightempty.Else();
2374 // Add the two non-empty strings.
2375 Push(BuildUncheckedStringAdd(left, right, allocation_mode));
2377 if_rightempty.End();
2385 HInstruction* HGraphBuilder::BuildUncheckedMonomorphicElementAccess(
2386 HValue* checked_object,
2390 ElementsKind elements_kind,
2391 PropertyAccessType access_type,
2392 LoadKeyedHoleMode load_mode,
2393 KeyedAccessStoreMode store_mode) {
2394 DCHECK(top_info()->IsStub() || checked_object->IsCompareMap() ||
2395 checked_object->IsCheckMaps());
2396 DCHECK((!IsExternalArrayElementsKind(elements_kind) &&
2397 !IsFixedTypedArrayElementsKind(elements_kind)) ||
2399 // No GVNFlag is necessary for ElementsKind if there is an explicit dependency
2400 // on a HElementsTransition instruction. The flag can also be removed if the
2401 // map to check has FAST_HOLEY_ELEMENTS, since there can be no further
2402 // ElementsKind transitions. Finally, the dependency can be removed for stores
2403 // for FAST_ELEMENTS, since a transition to HOLEY elements won't change the
2404 // generated store code.
2405 if ((elements_kind == FAST_HOLEY_ELEMENTS) ||
2406 (elements_kind == FAST_ELEMENTS && access_type == STORE)) {
2407 checked_object->ClearDependsOnFlag(kElementsKind);
2410 bool fast_smi_only_elements = IsFastSmiElementsKind(elements_kind);
2411 bool fast_elements = IsFastObjectElementsKind(elements_kind);
2412 HValue* elements = AddLoadElements(checked_object);
2413 if (access_type == STORE && (fast_elements || fast_smi_only_elements) &&
2414 store_mode != STORE_NO_TRANSITION_HANDLE_COW) {
2415 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2416 elements, isolate()->factory()->fixed_array_map());
2417 check_cow_map->ClearDependsOnFlag(kElementsKind);
2419 HInstruction* length = NULL;
2421 length = Add<HLoadNamedField>(
2422 checked_object->ActualValue(), checked_object,
2423 HObjectAccess::ForArrayLength(elements_kind));
2425 length = AddLoadFixedArrayLength(elements);
2427 length->set_type(HType::Smi());
2428 HValue* checked_key = NULL;
2429 if (IsExternalArrayElementsKind(elements_kind) ||
2430 IsFixedTypedArrayElementsKind(elements_kind)) {
2431 HValue* backing_store;
2432 if (IsExternalArrayElementsKind(elements_kind)) {
2433 backing_store = Add<HLoadNamedField>(
2434 elements, nullptr, HObjectAccess::ForExternalArrayExternalPointer());
2436 backing_store = elements;
2438 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
2439 NoObservableSideEffectsScope no_effects(this);
2440 IfBuilder length_checker(this);
2441 length_checker.If<HCompareNumericAndBranch>(key, length, Token::LT);
2442 length_checker.Then();
2443 IfBuilder negative_checker(this);
2444 HValue* bounds_check = negative_checker.If<HCompareNumericAndBranch>(
2445 key, graph()->GetConstant0(), Token::GTE);
2446 negative_checker.Then();
2447 HInstruction* result = AddElementAccess(
2448 backing_store, key, val, bounds_check, elements_kind, access_type);
2449 negative_checker.ElseDeopt(Deoptimizer::kNegativeKeyEncountered);
2450 negative_checker.End();
2451 length_checker.End();
2454 DCHECK(store_mode == STANDARD_STORE);
2455 checked_key = Add<HBoundsCheck>(key, length);
2456 return AddElementAccess(
2457 backing_store, checked_key, val,
2458 checked_object, elements_kind, access_type);
2461 DCHECK(fast_smi_only_elements ||
2463 IsFastDoubleElementsKind(elements_kind));
2465 // In case val is stored into a fast smi array, assure that the value is a smi
2466 // before manipulating the backing store. Otherwise the actual store may
2467 // deopt, leaving the backing store in an invalid state.
2468 if (access_type == STORE && IsFastSmiElementsKind(elements_kind) &&
2469 !val->type().IsSmi()) {
2470 val = AddUncasted<HForceRepresentation>(val, Representation::Smi());
2473 if (IsGrowStoreMode(store_mode)) {
2474 NoObservableSideEffectsScope no_effects(this);
2475 Representation representation = HStoreKeyed::RequiredValueRepresentation(
2476 elements_kind, STORE_TO_INITIALIZED_ENTRY);
2477 val = AddUncasted<HForceRepresentation>(val, representation);
2478 elements = BuildCheckForCapacityGrow(checked_object, elements,
2479 elements_kind, length, key,
2480 is_js_array, access_type);
2483 checked_key = Add<HBoundsCheck>(key, length);
2485 if (access_type == STORE && (fast_elements || fast_smi_only_elements)) {
2486 if (store_mode == STORE_NO_TRANSITION_HANDLE_COW) {
2487 NoObservableSideEffectsScope no_effects(this);
2488 elements = BuildCopyElementsOnWrite(checked_object, elements,
2489 elements_kind, length);
2491 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2492 elements, isolate()->factory()->fixed_array_map());
2493 check_cow_map->ClearDependsOnFlag(kElementsKind);
2497 return AddElementAccess(elements, checked_key, val, checked_object,
2498 elements_kind, access_type, load_mode);
2502 HValue* HGraphBuilder::BuildAllocateArrayFromLength(
2503 JSArrayBuilder* array_builder,
2504 HValue* length_argument) {
2505 if (length_argument->IsConstant() &&
2506 HConstant::cast(length_argument)->HasSmiValue()) {
2507 int array_length = HConstant::cast(length_argument)->Integer32Value();
2508 if (array_length == 0) {
2509 return array_builder->AllocateEmptyArray();
2511 return array_builder->AllocateArray(length_argument,
2517 HValue* constant_zero = graph()->GetConstant0();
2518 HConstant* max_alloc_length =
2519 Add<HConstant>(JSObject::kInitialMaxFastElementArray);
2520 HInstruction* checked_length = Add<HBoundsCheck>(length_argument,
2522 IfBuilder if_builder(this);
2523 if_builder.If<HCompareNumericAndBranch>(checked_length, constant_zero,
2526 const int initial_capacity = JSArray::kPreallocatedArrayElements;
2527 HConstant* initial_capacity_node = Add<HConstant>(initial_capacity);
2528 Push(initial_capacity_node); // capacity
2529 Push(constant_zero); // length
2531 if (!(top_info()->IsStub()) &&
2532 IsFastPackedElementsKind(array_builder->kind())) {
2533 // We'll come back later with better (holey) feedback.
2535 Deoptimizer::kHoleyArrayDespitePackedElements_kindFeedback);
2537 Push(checked_length); // capacity
2538 Push(checked_length); // length
2542 // Figure out total size
2543 HValue* length = Pop();
2544 HValue* capacity = Pop();
2545 return array_builder->AllocateArray(capacity, max_alloc_length, length);
2549 HValue* HGraphBuilder::BuildCalculateElementsSize(ElementsKind kind,
2551 int elements_size = IsFastDoubleElementsKind(kind)
2555 HConstant* elements_size_value = Add<HConstant>(elements_size);
2557 HMul::NewImul(isolate(), zone(), context(), capacity->ActualValue(),
2558 elements_size_value);
2559 AddInstruction(mul);
2560 mul->ClearFlag(HValue::kCanOverflow);
2562 STATIC_ASSERT(FixedDoubleArray::kHeaderSize == FixedArray::kHeaderSize);
2564 HConstant* header_size = Add<HConstant>(FixedArray::kHeaderSize);
2565 HValue* total_size = AddUncasted<HAdd>(mul, header_size);
2566 total_size->ClearFlag(HValue::kCanOverflow);
2571 HAllocate* HGraphBuilder::AllocateJSArrayObject(AllocationSiteMode mode) {
2572 int base_size = JSArray::kSize;
2573 if (mode == TRACK_ALLOCATION_SITE) {
2574 base_size += AllocationMemento::kSize;
2576 HConstant* size_in_bytes = Add<HConstant>(base_size);
2577 return Add<HAllocate>(
2578 size_in_bytes, HType::JSArray(), NOT_TENURED, JS_OBJECT_TYPE);
2582 HConstant* HGraphBuilder::EstablishElementsAllocationSize(
2585 int base_size = IsFastDoubleElementsKind(kind)
2586 ? FixedDoubleArray::SizeFor(capacity)
2587 : FixedArray::SizeFor(capacity);
2589 return Add<HConstant>(base_size);
2593 HAllocate* HGraphBuilder::BuildAllocateElements(ElementsKind kind,
2594 HValue* size_in_bytes) {
2595 InstanceType instance_type = IsFastDoubleElementsKind(kind)
2596 ? FIXED_DOUBLE_ARRAY_TYPE
2599 return Add<HAllocate>(size_in_bytes, HType::HeapObject(), NOT_TENURED,
2604 void HGraphBuilder::BuildInitializeElementsHeader(HValue* elements,
2607 Factory* factory = isolate()->factory();
2608 Handle<Map> map = IsFastDoubleElementsKind(kind)
2609 ? factory->fixed_double_array_map()
2610 : factory->fixed_array_map();
2612 Add<HStoreNamedField>(elements, HObjectAccess::ForMap(), Add<HConstant>(map));
2613 Add<HStoreNamedField>(elements, HObjectAccess::ForFixedArrayLength(),
2618 HValue* HGraphBuilder::BuildAllocateAndInitializeArray(ElementsKind kind,
2620 // The HForceRepresentation is to prevent possible deopt on int-smi
2621 // conversion after allocation but before the new object fields are set.
2622 capacity = AddUncasted<HForceRepresentation>(capacity, Representation::Smi());
2623 HValue* size_in_bytes = BuildCalculateElementsSize(kind, capacity);
2624 HValue* new_array = BuildAllocateElements(kind, size_in_bytes);
2625 BuildInitializeElementsHeader(new_array, kind, capacity);
2630 void HGraphBuilder::BuildJSArrayHeader(HValue* array,
2633 AllocationSiteMode mode,
2634 ElementsKind elements_kind,
2635 HValue* allocation_site_payload,
2636 HValue* length_field) {
2637 Add<HStoreNamedField>(array, HObjectAccess::ForMap(), array_map);
2639 HConstant* empty_fixed_array =
2640 Add<HConstant>(isolate()->factory()->empty_fixed_array());
2642 Add<HStoreNamedField>(
2643 array, HObjectAccess::ForPropertiesPointer(), empty_fixed_array);
2645 Add<HStoreNamedField>(
2646 array, HObjectAccess::ForElementsPointer(),
2647 elements != NULL ? elements : empty_fixed_array);
2649 Add<HStoreNamedField>(
2650 array, HObjectAccess::ForArrayLength(elements_kind), length_field);
2652 if (mode == TRACK_ALLOCATION_SITE) {
2653 BuildCreateAllocationMemento(
2654 array, Add<HConstant>(JSArray::kSize), allocation_site_payload);
2659 HInstruction* HGraphBuilder::AddElementAccess(
2661 HValue* checked_key,
2664 ElementsKind elements_kind,
2665 PropertyAccessType access_type,
2666 LoadKeyedHoleMode load_mode) {
2667 if (access_type == STORE) {
2668 DCHECK(val != NULL);
2669 if (elements_kind == EXTERNAL_UINT8_CLAMPED_ELEMENTS ||
2670 elements_kind == UINT8_CLAMPED_ELEMENTS) {
2671 val = Add<HClampToUint8>(val);
2673 return Add<HStoreKeyed>(elements, checked_key, val, elements_kind,
2674 STORE_TO_INITIALIZED_ENTRY);
2677 DCHECK(access_type == LOAD);
2678 DCHECK(val == NULL);
2679 HLoadKeyed* load = Add<HLoadKeyed>(
2680 elements, checked_key, dependency, elements_kind, load_mode);
2681 if (elements_kind == EXTERNAL_UINT32_ELEMENTS ||
2682 elements_kind == UINT32_ELEMENTS) {
2683 graph()->RecordUint32Instruction(load);
2689 HLoadNamedField* HGraphBuilder::AddLoadMap(HValue* object,
2690 HValue* dependency) {
2691 return Add<HLoadNamedField>(object, dependency, HObjectAccess::ForMap());
2695 HLoadNamedField* HGraphBuilder::AddLoadElements(HValue* object,
2696 HValue* dependency) {
2697 return Add<HLoadNamedField>(
2698 object, dependency, HObjectAccess::ForElementsPointer());
2702 HLoadNamedField* HGraphBuilder::AddLoadFixedArrayLength(
2704 HValue* dependency) {
2705 return Add<HLoadNamedField>(
2706 array, dependency, HObjectAccess::ForFixedArrayLength());
2710 HLoadNamedField* HGraphBuilder::AddLoadArrayLength(HValue* array,
2712 HValue* dependency) {
2713 return Add<HLoadNamedField>(
2714 array, dependency, HObjectAccess::ForArrayLength(kind));
2718 HValue* HGraphBuilder::BuildNewElementsCapacity(HValue* old_capacity) {
2719 HValue* half_old_capacity = AddUncasted<HShr>(old_capacity,
2720 graph_->GetConstant1());
2722 HValue* new_capacity = AddUncasted<HAdd>(half_old_capacity, old_capacity);
2723 new_capacity->ClearFlag(HValue::kCanOverflow);
2725 HValue* min_growth = Add<HConstant>(16);
2727 new_capacity = AddUncasted<HAdd>(new_capacity, min_growth);
2728 new_capacity->ClearFlag(HValue::kCanOverflow);
2730 return new_capacity;
2734 HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
2737 ElementsKind new_kind,
2739 HValue* new_capacity) {
2740 Add<HBoundsCheck>(new_capacity, Add<HConstant>(
2741 (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
2742 ElementsKindToShiftSize(new_kind)));
2744 HValue* new_elements =
2745 BuildAllocateAndInitializeArray(new_kind, new_capacity);
2747 BuildCopyElements(elements, kind, new_elements,
2748 new_kind, length, new_capacity);
2750 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
2753 return new_elements;
2757 void HGraphBuilder::BuildFillElementsWithValue(HValue* elements,
2758 ElementsKind elements_kind,
2763 to = AddLoadFixedArrayLength(elements);
2766 // Special loop unfolding case
2767 STATIC_ASSERT(JSArray::kPreallocatedArrayElements <=
2768 kElementLoopUnrollThreshold);
2769 int initial_capacity = -1;
2770 if (from->IsInteger32Constant() && to->IsInteger32Constant()) {
2771 int constant_from = from->GetInteger32Constant();
2772 int constant_to = to->GetInteger32Constant();
2774 if (constant_from == 0 && constant_to <= kElementLoopUnrollThreshold) {
2775 initial_capacity = constant_to;
2779 if (initial_capacity >= 0) {
2780 for (int i = 0; i < initial_capacity; i++) {
2781 HInstruction* key = Add<HConstant>(i);
2782 Add<HStoreKeyed>(elements, key, value, elements_kind);
2785 // Carefully loop backwards so that the "from" remains live through the loop
2786 // rather than the to. This often corresponds to keeping length live rather
2787 // then capacity, which helps register allocation, since length is used more
2788 // other than capacity after filling with holes.
2789 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2791 HValue* key = builder.BeginBody(to, from, Token::GT);
2793 HValue* adjusted_key = AddUncasted<HSub>(key, graph()->GetConstant1());
2794 adjusted_key->ClearFlag(HValue::kCanOverflow);
2796 Add<HStoreKeyed>(elements, adjusted_key, value, elements_kind);
2803 void HGraphBuilder::BuildFillElementsWithHole(HValue* elements,
2804 ElementsKind elements_kind,
2807 // Fast elements kinds need to be initialized in case statements below cause a
2808 // garbage collection.
2810 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
2811 ? graph()->GetConstantHole()
2812 : Add<HConstant>(HConstant::kHoleNaN);
2814 // Since we're about to store a hole value, the store instruction below must
2815 // assume an elements kind that supports heap object values.
2816 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
2817 elements_kind = FAST_HOLEY_ELEMENTS;
2820 BuildFillElementsWithValue(elements, elements_kind, from, to, hole);
2824 void HGraphBuilder::BuildCopyProperties(HValue* from_properties,
2825 HValue* to_properties, HValue* length,
2827 ElementsKind kind = FAST_ELEMENTS;
2829 BuildFillElementsWithValue(to_properties, kind, length, capacity,
2830 graph()->GetConstantUndefined());
2832 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2834 HValue* key = builder.BeginBody(length, graph()->GetConstant0(), Token::GT);
2836 key = AddUncasted<HSub>(key, graph()->GetConstant1());
2837 key->ClearFlag(HValue::kCanOverflow);
2839 HValue* element = Add<HLoadKeyed>(from_properties, key, nullptr, kind);
2841 Add<HStoreKeyed>(to_properties, key, element, kind);
2847 void HGraphBuilder::BuildCopyElements(HValue* from_elements,
2848 ElementsKind from_elements_kind,
2849 HValue* to_elements,
2850 ElementsKind to_elements_kind,
2853 int constant_capacity = -1;
2854 if (capacity != NULL &&
2855 capacity->IsConstant() &&
2856 HConstant::cast(capacity)->HasInteger32Value()) {
2857 int constant_candidate = HConstant::cast(capacity)->Integer32Value();
2858 if (constant_candidate <= kElementLoopUnrollThreshold) {
2859 constant_capacity = constant_candidate;
2863 bool pre_fill_with_holes =
2864 IsFastDoubleElementsKind(from_elements_kind) &&
2865 IsFastObjectElementsKind(to_elements_kind);
2866 if (pre_fill_with_holes) {
2867 // If the copy might trigger a GC, make sure that the FixedArray is
2868 // pre-initialized with holes to make sure that it's always in a
2869 // consistent state.
2870 BuildFillElementsWithHole(to_elements, to_elements_kind,
2871 graph()->GetConstant0(), NULL);
2874 if (constant_capacity != -1) {
2875 // Unroll the loop for small elements kinds.
2876 for (int i = 0; i < constant_capacity; i++) {
2877 HValue* key_constant = Add<HConstant>(i);
2878 HInstruction* value = Add<HLoadKeyed>(from_elements, key_constant,
2879 nullptr, from_elements_kind);
2880 Add<HStoreKeyed>(to_elements, key_constant, value, to_elements_kind);
2883 if (!pre_fill_with_holes &&
2884 (capacity == NULL || !length->Equals(capacity))) {
2885 BuildFillElementsWithHole(to_elements, to_elements_kind,
2889 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2891 HValue* key = builder.BeginBody(length, graph()->GetConstant0(),
2894 key = AddUncasted<HSub>(key, graph()->GetConstant1());
2895 key->ClearFlag(HValue::kCanOverflow);
2897 HValue* element = Add<HLoadKeyed>(from_elements, key, nullptr,
2898 from_elements_kind, ALLOW_RETURN_HOLE);
2900 ElementsKind kind = (IsHoleyElementsKind(from_elements_kind) &&
2901 IsFastSmiElementsKind(to_elements_kind))
2902 ? FAST_HOLEY_ELEMENTS : to_elements_kind;
2904 if (IsHoleyElementsKind(from_elements_kind) &&
2905 from_elements_kind != to_elements_kind) {
2906 IfBuilder if_hole(this);
2907 if_hole.If<HCompareHoleAndBranch>(element);
2909 HConstant* hole_constant = IsFastDoubleElementsKind(to_elements_kind)
2910 ? Add<HConstant>(HConstant::kHoleNaN)
2911 : graph()->GetConstantHole();
2912 Add<HStoreKeyed>(to_elements, key, hole_constant, kind);
2914 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
2915 store->SetFlag(HValue::kAllowUndefinedAsNaN);
2918 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
2919 store->SetFlag(HValue::kAllowUndefinedAsNaN);
2925 Counters* counters = isolate()->counters();
2926 AddIncrementCounter(counters->inlined_copied_elements());
2930 HValue* HGraphBuilder::BuildCloneShallowArrayCow(HValue* boilerplate,
2931 HValue* allocation_site,
2932 AllocationSiteMode mode,
2933 ElementsKind kind) {
2934 HAllocate* array = AllocateJSArrayObject(mode);
2936 HValue* map = AddLoadMap(boilerplate);
2937 HValue* elements = AddLoadElements(boilerplate);
2938 HValue* length = AddLoadArrayLength(boilerplate, kind);
2940 BuildJSArrayHeader(array,
2951 HValue* HGraphBuilder::BuildCloneShallowArrayEmpty(HValue* boilerplate,
2952 HValue* allocation_site,
2953 AllocationSiteMode mode) {
2954 HAllocate* array = AllocateJSArrayObject(mode);
2956 HValue* map = AddLoadMap(boilerplate);
2958 BuildJSArrayHeader(array,
2960 NULL, // set elements to empty fixed array
2964 graph()->GetConstant0());
2969 HValue* HGraphBuilder::BuildCloneShallowArrayNonEmpty(HValue* boilerplate,
2970 HValue* allocation_site,
2971 AllocationSiteMode mode,
2972 ElementsKind kind) {
2973 HValue* boilerplate_elements = AddLoadElements(boilerplate);
2974 HValue* capacity = AddLoadFixedArrayLength(boilerplate_elements);
2976 // Generate size calculation code here in order to make it dominate
2977 // the JSArray allocation.
2978 HValue* elements_size = BuildCalculateElementsSize(kind, capacity);
2980 // Create empty JSArray object for now, store elimination should remove
2981 // redundant initialization of elements and length fields and at the same
2982 // time the object will be fully prepared for GC if it happens during
2983 // elements allocation.
2984 HValue* result = BuildCloneShallowArrayEmpty(
2985 boilerplate, allocation_site, mode);
2987 HAllocate* elements = BuildAllocateElements(kind, elements_size);
2989 // This function implicitly relies on the fact that the
2990 // FastCloneShallowArrayStub is called only for literals shorter than
2991 // JSObject::kInitialMaxFastElementArray.
2992 // Can't add HBoundsCheck here because otherwise the stub will eager a frame.
2993 HConstant* size_upper_bound = EstablishElementsAllocationSize(
2994 kind, JSObject::kInitialMaxFastElementArray);
2995 elements->set_size_upper_bound(size_upper_bound);
2997 Add<HStoreNamedField>(result, HObjectAccess::ForElementsPointer(), elements);
2999 // The allocation for the cloned array above causes register pressure on
3000 // machines with low register counts. Force a reload of the boilerplate
3001 // elements here to free up a register for the allocation to avoid unnecessary
3003 boilerplate_elements = AddLoadElements(boilerplate);
3004 boilerplate_elements->SetFlag(HValue::kCantBeReplaced);
3006 // Copy the elements array header.
3007 for (int i = 0; i < FixedArrayBase::kHeaderSize; i += kPointerSize) {
3008 HObjectAccess access = HObjectAccess::ForFixedArrayHeader(i);
3009 Add<HStoreNamedField>(
3011 Add<HLoadNamedField>(boilerplate_elements, nullptr, access));
3014 // And the result of the length
3015 HValue* length = AddLoadArrayLength(boilerplate, kind);
3016 Add<HStoreNamedField>(result, HObjectAccess::ForArrayLength(kind), length);
3018 BuildCopyElements(boilerplate_elements, kind, elements,
3019 kind, length, NULL);
3024 void HGraphBuilder::BuildCompareNil(HValue* value, Type* type,
3025 HIfContinuation* continuation,
3026 MapEmbedding map_embedding) {
3027 IfBuilder if_nil(this);
3028 bool some_case_handled = false;
3029 bool some_case_missing = false;
3031 if (type->Maybe(Type::Null())) {
3032 if (some_case_handled) if_nil.Or();
3033 if_nil.If<HCompareObjectEqAndBranch>(value, graph()->GetConstantNull());
3034 some_case_handled = true;
3036 some_case_missing = true;
3039 if (type->Maybe(Type::Undefined())) {
3040 if (some_case_handled) if_nil.Or();
3041 if_nil.If<HCompareObjectEqAndBranch>(value,
3042 graph()->GetConstantUndefined());
3043 some_case_handled = true;
3045 some_case_missing = true;
3048 if (type->Maybe(Type::Undetectable())) {
3049 if (some_case_handled) if_nil.Or();
3050 if_nil.If<HIsUndetectableAndBranch>(value);
3051 some_case_handled = true;
3053 some_case_missing = true;
3056 if (some_case_missing) {
3059 if (type->NumClasses() == 1) {
3060 BuildCheckHeapObject(value);
3061 // For ICs, the map checked below is a sentinel map that gets replaced by
3062 // the monomorphic map when the code is used as a template to generate a
3063 // new IC. For optimized functions, there is no sentinel map, the map
3064 // emitted below is the actual monomorphic map.
3065 if (map_embedding == kEmbedMapsViaWeakCells) {
3067 Add<HConstant>(Map::WeakCellForMap(type->Classes().Current()));
3068 HValue* expected_map = Add<HLoadNamedField>(
3069 cell, nullptr, HObjectAccess::ForWeakCellValue());
3071 Add<HLoadNamedField>(value, nullptr, HObjectAccess::ForMap());
3072 IfBuilder map_check(this);
3073 map_check.IfNot<HCompareObjectEqAndBranch>(expected_map, map);
3074 map_check.ThenDeopt(Deoptimizer::kUnknownMap);
3077 DCHECK(map_embedding == kEmbedMapsDirectly);
3078 Add<HCheckMaps>(value, type->Classes().Current());
3081 if_nil.Deopt(Deoptimizer::kTooManyUndetectableTypes);
3085 if_nil.CaptureContinuation(continuation);
3089 void HGraphBuilder::BuildCreateAllocationMemento(
3090 HValue* previous_object,
3091 HValue* previous_object_size,
3092 HValue* allocation_site) {
3093 DCHECK(allocation_site != NULL);
3094 HInnerAllocatedObject* allocation_memento = Add<HInnerAllocatedObject>(
3095 previous_object, previous_object_size, HType::HeapObject());
3096 AddStoreMapConstant(
3097 allocation_memento, isolate()->factory()->allocation_memento_map());
3098 Add<HStoreNamedField>(
3100 HObjectAccess::ForAllocationMementoSite(),
3102 if (FLAG_allocation_site_pretenuring) {
3103 HValue* memento_create_count =
3104 Add<HLoadNamedField>(allocation_site, nullptr,
3105 HObjectAccess::ForAllocationSiteOffset(
3106 AllocationSite::kPretenureCreateCountOffset));
3107 memento_create_count = AddUncasted<HAdd>(
3108 memento_create_count, graph()->GetConstant1());
3109 // This smi value is reset to zero after every gc, overflow isn't a problem
3110 // since the counter is bounded by the new space size.
3111 memento_create_count->ClearFlag(HValue::kCanOverflow);
3112 Add<HStoreNamedField>(
3113 allocation_site, HObjectAccess::ForAllocationSiteOffset(
3114 AllocationSite::kPretenureCreateCountOffset), memento_create_count);
3119 HInstruction* HGraphBuilder::BuildGetNativeContext(HValue* closure) {
3120 // Get the global object, then the native context
3121 HInstruction* context = Add<HLoadNamedField>(
3122 closure, nullptr, HObjectAccess::ForFunctionContextPointer());
3123 HInstruction* global_object = Add<HLoadNamedField>(
3125 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3126 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3127 GlobalObject::kNativeContextOffset);
3128 return Add<HLoadNamedField>(global_object, nullptr, access);
3132 HInstruction* HGraphBuilder::BuildGetScriptContext(int context_index) {
3133 HValue* native_context = BuildGetNativeContext();
3134 HValue* script_context_table = Add<HLoadNamedField>(
3135 native_context, nullptr,
3136 HObjectAccess::ForContextSlot(Context::SCRIPT_CONTEXT_TABLE_INDEX));
3137 return Add<HLoadNamedField>(script_context_table, nullptr,
3138 HObjectAccess::ForScriptContext(context_index));
3142 HInstruction* HGraphBuilder::BuildGetNativeContext() {
3143 // Get the global object, then the native context
3144 HValue* global_object = Add<HLoadNamedField>(
3146 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3147 return Add<HLoadNamedField>(global_object, nullptr,
3148 HObjectAccess::ForObservableJSObjectOffset(
3149 GlobalObject::kNativeContextOffset));
3153 HInstruction* HGraphBuilder::BuildGetArrayFunction() {
3154 HInstruction* native_context = BuildGetNativeContext();
3155 HInstruction* index =
3156 Add<HConstant>(static_cast<int32_t>(Context::ARRAY_FUNCTION_INDEX));
3157 return Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3161 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3163 HValue* allocation_site_payload,
3164 HValue* constructor_function,
3165 AllocationSiteOverrideMode override_mode) :
3168 allocation_site_payload_(allocation_site_payload),
3169 constructor_function_(constructor_function) {
3170 DCHECK(!allocation_site_payload->IsConstant() ||
3171 HConstant::cast(allocation_site_payload)->handle(
3172 builder_->isolate())->IsAllocationSite());
3173 mode_ = override_mode == DISABLE_ALLOCATION_SITES
3174 ? DONT_TRACK_ALLOCATION_SITE
3175 : AllocationSite::GetMode(kind);
3179 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3181 HValue* constructor_function) :
3184 mode_(DONT_TRACK_ALLOCATION_SITE),
3185 allocation_site_payload_(NULL),
3186 constructor_function_(constructor_function) {
3190 HValue* HGraphBuilder::JSArrayBuilder::EmitMapCode() {
3191 if (!builder()->top_info()->IsStub()) {
3192 // A constant map is fine.
3193 Handle<Map> map(builder()->isolate()->get_initial_js_array_map(kind_),
3194 builder()->isolate());
3195 return builder()->Add<HConstant>(map);
3198 if (constructor_function_ != NULL && kind_ == GetInitialFastElementsKind()) {
3199 // No need for a context lookup if the kind_ matches the initial
3200 // map, because we can just load the map in that case.
3201 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3202 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3206 // TODO(mvstanton): we should always have a constructor function if we
3207 // are creating a stub.
3208 HInstruction* native_context = constructor_function_ != NULL
3209 ? builder()->BuildGetNativeContext(constructor_function_)
3210 : builder()->BuildGetNativeContext();
3212 HInstruction* index = builder()->Add<HConstant>(
3213 static_cast<int32_t>(Context::JS_ARRAY_MAPS_INDEX));
3215 HInstruction* map_array =
3216 builder()->Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3218 HInstruction* kind_index = builder()->Add<HConstant>(kind_);
3220 return builder()->Add<HLoadKeyed>(map_array, kind_index, nullptr,
3225 HValue* HGraphBuilder::JSArrayBuilder::EmitInternalMapCode() {
3226 // Find the map near the constructor function
3227 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3228 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3233 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateEmptyArray() {
3234 HConstant* capacity = builder()->Add<HConstant>(initial_capacity());
3235 return AllocateArray(capacity,
3237 builder()->graph()->GetConstant0());
3241 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3243 HConstant* capacity_upper_bound,
3244 HValue* length_field,
3245 FillMode fill_mode) {
3246 return AllocateArray(capacity,
3247 capacity_upper_bound->GetInteger32Constant(),
3253 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3255 int capacity_upper_bound,
3256 HValue* length_field,
3257 FillMode fill_mode) {
3258 HConstant* elememts_size_upper_bound = capacity->IsInteger32Constant()
3259 ? HConstant::cast(capacity)
3260 : builder()->EstablishElementsAllocationSize(kind_, capacity_upper_bound);
3262 HAllocate* array = AllocateArray(capacity, length_field, fill_mode);
3263 if (!elements_location_->has_size_upper_bound()) {
3264 elements_location_->set_size_upper_bound(elememts_size_upper_bound);
3270 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3272 HValue* length_field,
3273 FillMode fill_mode) {
3274 // These HForceRepresentations are because we store these as fields in the
3275 // objects we construct, and an int32-to-smi HChange could deopt. Accept
3276 // the deopt possibility now, before allocation occurs.
3278 builder()->AddUncasted<HForceRepresentation>(capacity,
3279 Representation::Smi());
3281 builder()->AddUncasted<HForceRepresentation>(length_field,
3282 Representation::Smi());
3284 // Generate size calculation code here in order to make it dominate
3285 // the JSArray allocation.
3286 HValue* elements_size =
3287 builder()->BuildCalculateElementsSize(kind_, capacity);
3289 // Allocate (dealing with failure appropriately)
3290 HAllocate* array_object = builder()->AllocateJSArrayObject(mode_);
3292 // Fill in the fields: map, properties, length
3294 if (allocation_site_payload_ == NULL) {
3295 map = EmitInternalMapCode();
3297 map = EmitMapCode();
3300 builder()->BuildJSArrayHeader(array_object,
3302 NULL, // set elements to empty fixed array
3305 allocation_site_payload_,
3308 // Allocate and initialize the elements
3309 elements_location_ = builder()->BuildAllocateElements(kind_, elements_size);
3311 builder()->BuildInitializeElementsHeader(elements_location_, kind_, capacity);
3314 builder()->Add<HStoreNamedField>(
3315 array_object, HObjectAccess::ForElementsPointer(), elements_location_);
3317 if (fill_mode == FILL_WITH_HOLE) {
3318 builder()->BuildFillElementsWithHole(elements_location_, kind_,
3319 graph()->GetConstant0(), capacity);
3322 return array_object;
3326 HValue* HGraphBuilder::AddLoadJSBuiltin(Builtins::JavaScript builtin) {
3327 HValue* global_object = Add<HLoadNamedField>(
3329 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3330 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3331 GlobalObject::kBuiltinsOffset);
3332 HValue* builtins = Add<HLoadNamedField>(global_object, nullptr, access);
3333 HObjectAccess function_access = HObjectAccess::ForObservableJSObjectOffset(
3334 JSBuiltinsObject::OffsetOfFunctionWithId(builtin));
3335 return Add<HLoadNamedField>(builtins, nullptr, function_access);
3339 HOptimizedGraphBuilder::HOptimizedGraphBuilder(CompilationInfo* info)
3340 : HGraphBuilder(info),
3341 function_state_(NULL),
3342 initial_function_state_(this, info, NORMAL_RETURN, 0),
3346 globals_(10, info->zone()),
3347 osr_(new(info->zone()) HOsrBuilder(this)) {
3348 // This is not initialized in the initializer list because the
3349 // constructor for the initial state relies on function_state_ == NULL
3350 // to know it's the initial state.
3351 function_state_ = &initial_function_state_;
3352 InitializeAstVisitor(info->isolate(), info->zone());
3353 if (FLAG_hydrogen_track_positions) {
3354 SetSourcePosition(info->shared_info()->start_position());
3359 HBasicBlock* HOptimizedGraphBuilder::CreateJoin(HBasicBlock* first,
3360 HBasicBlock* second,
3361 BailoutId join_id) {
3362 if (first == NULL) {
3364 } else if (second == NULL) {
3367 HBasicBlock* join_block = graph()->CreateBasicBlock();
3368 Goto(first, join_block);
3369 Goto(second, join_block);
3370 join_block->SetJoinId(join_id);
3376 HBasicBlock* HOptimizedGraphBuilder::JoinContinue(IterationStatement* statement,
3377 HBasicBlock* exit_block,
3378 HBasicBlock* continue_block) {
3379 if (continue_block != NULL) {
3380 if (exit_block != NULL) Goto(exit_block, continue_block);
3381 continue_block->SetJoinId(statement->ContinueId());
3382 return continue_block;
3388 HBasicBlock* HOptimizedGraphBuilder::CreateLoop(IterationStatement* statement,
3389 HBasicBlock* loop_entry,
3390 HBasicBlock* body_exit,
3391 HBasicBlock* loop_successor,
3392 HBasicBlock* break_block) {
3393 if (body_exit != NULL) Goto(body_exit, loop_entry);
3394 loop_entry->PostProcessLoopHeader(statement);
3395 if (break_block != NULL) {
3396 if (loop_successor != NULL) Goto(loop_successor, break_block);
3397 break_block->SetJoinId(statement->ExitId());
3400 return loop_successor;
3404 // Build a new loop header block and set it as the current block.
3405 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry() {
3406 HBasicBlock* loop_entry = CreateLoopHeaderBlock();
3408 set_current_block(loop_entry);
3413 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry(
3414 IterationStatement* statement) {
3415 HBasicBlock* loop_entry = osr()->HasOsrEntryAt(statement)
3416 ? osr()->BuildOsrLoopEntry(statement)
3422 void HBasicBlock::FinishExit(HControlInstruction* instruction,
3423 SourcePosition position) {
3424 Finish(instruction, position);
3429 std::ostream& operator<<(std::ostream& os, const HBasicBlock& b) {
3430 return os << "B" << b.block_id();
3434 HGraph::HGraph(CompilationInfo* info)
3435 : isolate_(info->isolate()),
3438 blocks_(8, info->zone()),
3439 values_(16, info->zone()),
3441 uint32_instructions_(NULL),
3444 zone_(info->zone()),
3445 is_recursive_(false),
3446 use_optimistic_licm_(false),
3447 depends_on_empty_array_proto_elements_(false),
3448 type_change_checksum_(0),
3449 maximum_environment_size_(0),
3450 no_side_effects_scope_count_(0),
3451 disallow_adding_new_values_(false) {
3452 if (info->IsStub()) {
3453 CallInterfaceDescriptor descriptor =
3454 info->code_stub()->GetCallInterfaceDescriptor();
3455 start_environment_ = new (zone_)
3456 HEnvironment(zone_, descriptor.GetEnvironmentParameterCount());
3458 info->TraceInlinedFunction(info->shared_info(), SourcePosition::Unknown());
3459 start_environment_ =
3460 new(zone_) HEnvironment(NULL, info->scope(), info->closure(), zone_);
3462 start_environment_->set_ast_id(BailoutId::FunctionEntry());
3463 entry_block_ = CreateBasicBlock();
3464 entry_block_->SetInitialEnvironment(start_environment_);
3468 HBasicBlock* HGraph::CreateBasicBlock() {
3469 HBasicBlock* result = new(zone()) HBasicBlock(this);
3470 blocks_.Add(result, zone());
3475 void HGraph::FinalizeUniqueness() {
3476 DisallowHeapAllocation no_gc;
3477 DCHECK(!OptimizingCompilerThread::IsOptimizerThread(isolate()));
3478 for (int i = 0; i < blocks()->length(); ++i) {
3479 for (HInstructionIterator it(blocks()->at(i)); !it.Done(); it.Advance()) {
3480 it.Current()->FinalizeUniqueness();
3486 int HGraph::SourcePositionToScriptPosition(SourcePosition pos) {
3487 if (!FLAG_hydrogen_track_positions || pos.IsUnknown()) {
3491 const int id = info()->inlining_id_to_function_id()->at(pos.inlining_id());
3492 return info()->inlined_function_infos()->at(id).start_position() +
3497 // Block ordering was implemented with two mutually recursive methods,
3498 // HGraph::Postorder and HGraph::PostorderLoopBlocks.
3499 // The recursion could lead to stack overflow so the algorithm has been
3500 // implemented iteratively.
3501 // At a high level the algorithm looks like this:
3503 // Postorder(block, loop_header) : {
3504 // if (block has already been visited or is of another loop) return;
3505 // mark block as visited;
3506 // if (block is a loop header) {
3507 // VisitLoopMembers(block, loop_header);
3508 // VisitSuccessorsOfLoopHeader(block);
3510 // VisitSuccessors(block)
3512 // put block in result list;
3515 // VisitLoopMembers(block, outer_loop_header) {
3516 // foreach (block b in block loop members) {
3517 // VisitSuccessorsOfLoopMember(b, outer_loop_header);
3518 // if (b is loop header) VisitLoopMembers(b);
3522 // VisitSuccessorsOfLoopMember(block, outer_loop_header) {
3523 // foreach (block b in block successors) Postorder(b, outer_loop_header)
3526 // VisitSuccessorsOfLoopHeader(block) {
3527 // foreach (block b in block successors) Postorder(b, block)
3530 // VisitSuccessors(block, loop_header) {
3531 // foreach (block b in block successors) Postorder(b, loop_header)
3534 // The ordering is started calling Postorder(entry, NULL).
3536 // Each instance of PostorderProcessor represents the "stack frame" of the
3537 // recursion, and particularly keeps the state of the loop (iteration) of the
3538 // "Visit..." function it represents.
3539 // To recycle memory we keep all the frames in a double linked list but
3540 // this means that we cannot use constructors to initialize the frames.
3542 class PostorderProcessor : public ZoneObject {
3544 // Back link (towards the stack bottom).
3545 PostorderProcessor* parent() {return father_; }
3546 // Forward link (towards the stack top).
3547 PostorderProcessor* child() {return child_; }
3548 HBasicBlock* block() { return block_; }
3549 HLoopInformation* loop() { return loop_; }
3550 HBasicBlock* loop_header() { return loop_header_; }
3552 static PostorderProcessor* CreateEntryProcessor(Zone* zone,
3553 HBasicBlock* block) {
3554 PostorderProcessor* result = new(zone) PostorderProcessor(NULL);
3555 return result->SetupSuccessors(zone, block, NULL);
3558 PostorderProcessor* PerformStep(Zone* zone,
3559 ZoneList<HBasicBlock*>* order) {
3560 PostorderProcessor* next =
3561 PerformNonBacktrackingStep(zone, order);
3565 return Backtrack(zone, order);
3570 explicit PostorderProcessor(PostorderProcessor* father)
3571 : father_(father), child_(NULL), successor_iterator(NULL) { }
3573 // Each enum value states the cycle whose state is kept by this instance.
3577 SUCCESSORS_OF_LOOP_HEADER,
3579 SUCCESSORS_OF_LOOP_MEMBER
3582 // Each "Setup..." method is like a constructor for a cycle state.
3583 PostorderProcessor* SetupSuccessors(Zone* zone,
3585 HBasicBlock* loop_header) {
3586 if (block == NULL || block->IsOrdered() ||
3587 block->parent_loop_header() != loop_header) {
3591 loop_header_ = NULL;
3596 block->MarkAsOrdered();
3598 if (block->IsLoopHeader()) {
3599 kind_ = SUCCESSORS_OF_LOOP_HEADER;
3600 loop_header_ = block;
3601 InitializeSuccessors();
3602 PostorderProcessor* result = Push(zone);
3603 return result->SetupLoopMembers(zone, block, block->loop_information(),
3606 DCHECK(block->IsFinished());
3608 loop_header_ = loop_header;
3609 InitializeSuccessors();
3615 PostorderProcessor* SetupLoopMembers(Zone* zone,
3617 HLoopInformation* loop,
3618 HBasicBlock* loop_header) {
3619 kind_ = LOOP_MEMBERS;
3622 loop_header_ = loop_header;
3623 InitializeLoopMembers();
3627 PostorderProcessor* SetupSuccessorsOfLoopMember(
3629 HLoopInformation* loop,
3630 HBasicBlock* loop_header) {
3631 kind_ = SUCCESSORS_OF_LOOP_MEMBER;
3634 loop_header_ = loop_header;
3635 InitializeSuccessors();
3639 // This method "allocates" a new stack frame.
3640 PostorderProcessor* Push(Zone* zone) {
3641 if (child_ == NULL) {
3642 child_ = new(zone) PostorderProcessor(this);
3647 void ClosePostorder(ZoneList<HBasicBlock*>* order, Zone* zone) {
3648 DCHECK(block_->end()->FirstSuccessor() == NULL ||
3649 order->Contains(block_->end()->FirstSuccessor()) ||
3650 block_->end()->FirstSuccessor()->IsLoopHeader());
3651 DCHECK(block_->end()->SecondSuccessor() == NULL ||
3652 order->Contains(block_->end()->SecondSuccessor()) ||
3653 block_->end()->SecondSuccessor()->IsLoopHeader());
3654 order->Add(block_, zone);
3657 // This method is the basic block to walk up the stack.
3658 PostorderProcessor* Pop(Zone* zone,
3659 ZoneList<HBasicBlock*>* order) {
3662 case SUCCESSORS_OF_LOOP_HEADER:
3663 ClosePostorder(order, zone);
3667 case SUCCESSORS_OF_LOOP_MEMBER:
3668 if (block()->IsLoopHeader() && block() != loop_->loop_header()) {
3669 // In this case we need to perform a LOOP_MEMBERS cycle so we
3670 // initialize it and return this instead of father.
3671 return SetupLoopMembers(zone, block(),
3672 block()->loop_information(), loop_header_);
3683 // Walks up the stack.
3684 PostorderProcessor* Backtrack(Zone* zone,
3685 ZoneList<HBasicBlock*>* order) {
3686 PostorderProcessor* parent = Pop(zone, order);
3687 while (parent != NULL) {
3688 PostorderProcessor* next =
3689 parent->PerformNonBacktrackingStep(zone, order);
3693 parent = parent->Pop(zone, order);
3699 PostorderProcessor* PerformNonBacktrackingStep(
3701 ZoneList<HBasicBlock*>* order) {
3702 HBasicBlock* next_block;
3705 next_block = AdvanceSuccessors();
3706 if (next_block != NULL) {
3707 PostorderProcessor* result = Push(zone);
3708 return result->SetupSuccessors(zone, next_block, loop_header_);
3711 case SUCCESSORS_OF_LOOP_HEADER:
3712 next_block = AdvanceSuccessors();
3713 if (next_block != NULL) {
3714 PostorderProcessor* result = Push(zone);
3715 return result->SetupSuccessors(zone, next_block, block());
3719 next_block = AdvanceLoopMembers();
3720 if (next_block != NULL) {
3721 PostorderProcessor* result = Push(zone);
3722 return result->SetupSuccessorsOfLoopMember(next_block,
3723 loop_, loop_header_);
3726 case SUCCESSORS_OF_LOOP_MEMBER:
3727 next_block = AdvanceSuccessors();
3728 if (next_block != NULL) {
3729 PostorderProcessor* result = Push(zone);
3730 return result->SetupSuccessors(zone, next_block, loop_header_);
3739 // The following two methods implement a "foreach b in successors" cycle.
3740 void InitializeSuccessors() {
3743 successor_iterator = HSuccessorIterator(block_->end());
3746 HBasicBlock* AdvanceSuccessors() {
3747 if (!successor_iterator.Done()) {
3748 HBasicBlock* result = successor_iterator.Current();
3749 successor_iterator.Advance();
3755 // The following two methods implement a "foreach b in loop members" cycle.
3756 void InitializeLoopMembers() {
3758 loop_length = loop_->blocks()->length();
3761 HBasicBlock* AdvanceLoopMembers() {
3762 if (loop_index < loop_length) {
3763 HBasicBlock* result = loop_->blocks()->at(loop_index);
3772 PostorderProcessor* father_;
3773 PostorderProcessor* child_;
3774 HLoopInformation* loop_;
3775 HBasicBlock* block_;
3776 HBasicBlock* loop_header_;
3779 HSuccessorIterator successor_iterator;
3783 void HGraph::OrderBlocks() {
3784 CompilationPhase phase("H_Block ordering", info());
3787 // Initially the blocks must not be ordered.
3788 for (int i = 0; i < blocks_.length(); ++i) {
3789 DCHECK(!blocks_[i]->IsOrdered());
3793 PostorderProcessor* postorder =
3794 PostorderProcessor::CreateEntryProcessor(zone(), blocks_[0]);
3797 postorder = postorder->PerformStep(zone(), &blocks_);
3801 // Now all blocks must be marked as ordered.
3802 for (int i = 0; i < blocks_.length(); ++i) {
3803 DCHECK(blocks_[i]->IsOrdered());
3807 // Reverse block list and assign block IDs.
3808 for (int i = 0, j = blocks_.length(); --j >= i; ++i) {
3809 HBasicBlock* bi = blocks_[i];
3810 HBasicBlock* bj = blocks_[j];
3811 bi->set_block_id(j);
3812 bj->set_block_id(i);
3819 void HGraph::AssignDominators() {
3820 HPhase phase("H_Assign dominators", this);
3821 for (int i = 0; i < blocks_.length(); ++i) {
3822 HBasicBlock* block = blocks_[i];
3823 if (block->IsLoopHeader()) {
3824 // Only the first predecessor of a loop header is from outside the loop.
3825 // All others are back edges, and thus cannot dominate the loop header.
3826 block->AssignCommonDominator(block->predecessors()->first());
3827 block->AssignLoopSuccessorDominators();
3829 for (int j = blocks_[i]->predecessors()->length() - 1; j >= 0; --j) {
3830 blocks_[i]->AssignCommonDominator(blocks_[i]->predecessors()->at(j));
3837 bool HGraph::CheckArgumentsPhiUses() {
3838 int block_count = blocks_.length();
3839 for (int i = 0; i < block_count; ++i) {
3840 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3841 HPhi* phi = blocks_[i]->phis()->at(j);
3842 // We don't support phi uses of arguments for now.
3843 if (phi->CheckFlag(HValue::kIsArguments)) return false;
3850 bool HGraph::CheckConstPhiUses() {
3851 int block_count = blocks_.length();
3852 for (int i = 0; i < block_count; ++i) {
3853 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3854 HPhi* phi = blocks_[i]->phis()->at(j);
3855 // Check for the hole value (from an uninitialized const).
3856 for (int k = 0; k < phi->OperandCount(); k++) {
3857 if (phi->OperandAt(k) == GetConstantHole()) return false;
3865 void HGraph::CollectPhis() {
3866 int block_count = blocks_.length();
3867 phi_list_ = new(zone()) ZoneList<HPhi*>(block_count, zone());
3868 for (int i = 0; i < block_count; ++i) {
3869 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3870 HPhi* phi = blocks_[i]->phis()->at(j);
3871 phi_list_->Add(phi, zone());
3877 // Implementation of utility class to encapsulate the translation state for
3878 // a (possibly inlined) function.
3879 FunctionState::FunctionState(HOptimizedGraphBuilder* owner,
3880 CompilationInfo* info, InliningKind inlining_kind,
3883 compilation_info_(info),
3884 call_context_(NULL),
3885 inlining_kind_(inlining_kind),
3886 function_return_(NULL),
3887 test_context_(NULL),
3889 arguments_object_(NULL),
3890 arguments_elements_(NULL),
3891 inlining_id_(inlining_id),
3892 outer_source_position_(SourcePosition::Unknown()),
3893 outer_(owner->function_state()) {
3894 if (outer_ != NULL) {
3895 // State for an inline function.
3896 if (owner->ast_context()->IsTest()) {
3897 HBasicBlock* if_true = owner->graph()->CreateBasicBlock();
3898 HBasicBlock* if_false = owner->graph()->CreateBasicBlock();
3899 if_true->MarkAsInlineReturnTarget(owner->current_block());
3900 if_false->MarkAsInlineReturnTarget(owner->current_block());
3901 TestContext* outer_test_context = TestContext::cast(owner->ast_context());
3902 Expression* cond = outer_test_context->condition();
3903 // The AstContext constructor pushed on the context stack. This newed
3904 // instance is the reason that AstContext can't be BASE_EMBEDDED.
3905 test_context_ = new TestContext(owner, cond, if_true, if_false);
3907 function_return_ = owner->graph()->CreateBasicBlock();
3908 function_return()->MarkAsInlineReturnTarget(owner->current_block());
3910 // Set this after possibly allocating a new TestContext above.
3911 call_context_ = owner->ast_context();
3914 // Push on the state stack.
3915 owner->set_function_state(this);
3917 if (FLAG_hydrogen_track_positions) {
3918 outer_source_position_ = owner->source_position();
3919 owner->EnterInlinedSource(
3920 info->shared_info()->start_position(),
3922 owner->SetSourcePosition(info->shared_info()->start_position());
3927 FunctionState::~FunctionState() {
3928 delete test_context_;
3929 owner_->set_function_state(outer_);
3931 if (FLAG_hydrogen_track_positions) {
3932 owner_->set_source_position(outer_source_position_);
3933 owner_->EnterInlinedSource(
3934 outer_->compilation_info()->shared_info()->start_position(),
3935 outer_->inlining_id());
3940 // Implementation of utility classes to represent an expression's context in
3942 AstContext::AstContext(HOptimizedGraphBuilder* owner, Expression::Context kind)
3945 outer_(owner->ast_context()),
3946 for_typeof_(false) {
3947 owner->set_ast_context(this); // Push.
3949 DCHECK(owner->environment()->frame_type() == JS_FUNCTION);
3950 original_length_ = owner->environment()->length();
3955 AstContext::~AstContext() {
3956 owner_->set_ast_context(outer_); // Pop.
3960 EffectContext::~EffectContext() {
3961 DCHECK(owner()->HasStackOverflow() ||
3962 owner()->current_block() == NULL ||
3963 (owner()->environment()->length() == original_length_ &&
3964 owner()->environment()->frame_type() == JS_FUNCTION));
3968 ValueContext::~ValueContext() {
3969 DCHECK(owner()->HasStackOverflow() ||
3970 owner()->current_block() == NULL ||
3971 (owner()->environment()->length() == original_length_ + 1 &&
3972 owner()->environment()->frame_type() == JS_FUNCTION));
3976 void EffectContext::ReturnValue(HValue* value) {
3977 // The value is simply ignored.
3981 void ValueContext::ReturnValue(HValue* value) {
3982 // The value is tracked in the bailout environment, and communicated
3983 // through the environment as the result of the expression.
3984 if (value->CheckFlag(HValue::kIsArguments)) {
3985 if (flag_ == ARGUMENTS_FAKED) {
3986 value = owner()->graph()->GetConstantUndefined();
3987 } else if (!arguments_allowed()) {
3988 owner()->Bailout(kBadValueContextForArgumentsValue);
3991 owner()->Push(value);
3995 void TestContext::ReturnValue(HValue* value) {
4000 void EffectContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4001 DCHECK(!instr->IsControlInstruction());
4002 owner()->AddInstruction(instr);
4003 if (instr->HasObservableSideEffects()) {
4004 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4009 void EffectContext::ReturnControl(HControlInstruction* instr,
4011 DCHECK(!instr->HasObservableSideEffects());
4012 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4013 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4014 instr->SetSuccessorAt(0, empty_true);
4015 instr->SetSuccessorAt(1, empty_false);
4016 owner()->FinishCurrentBlock(instr);
4017 HBasicBlock* join = owner()->CreateJoin(empty_true, empty_false, ast_id);
4018 owner()->set_current_block(join);
4022 void EffectContext::ReturnContinuation(HIfContinuation* continuation,
4024 HBasicBlock* true_branch = NULL;
4025 HBasicBlock* false_branch = NULL;
4026 continuation->Continue(&true_branch, &false_branch);
4027 if (!continuation->IsTrueReachable()) {
4028 owner()->set_current_block(false_branch);
4029 } else if (!continuation->IsFalseReachable()) {
4030 owner()->set_current_block(true_branch);
4032 HBasicBlock* join = owner()->CreateJoin(true_branch, false_branch, ast_id);
4033 owner()->set_current_block(join);
4038 void ValueContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4039 DCHECK(!instr->IsControlInstruction());
4040 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4041 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4043 owner()->AddInstruction(instr);
4044 owner()->Push(instr);
4045 if (instr->HasObservableSideEffects()) {
4046 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4051 void ValueContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4052 DCHECK(!instr->HasObservableSideEffects());
4053 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4054 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4056 HBasicBlock* materialize_false = owner()->graph()->CreateBasicBlock();
4057 HBasicBlock* materialize_true = owner()->graph()->CreateBasicBlock();
4058 instr->SetSuccessorAt(0, materialize_true);
4059 instr->SetSuccessorAt(1, materialize_false);
4060 owner()->FinishCurrentBlock(instr);
4061 owner()->set_current_block(materialize_true);
4062 owner()->Push(owner()->graph()->GetConstantTrue());
4063 owner()->set_current_block(materialize_false);
4064 owner()->Push(owner()->graph()->GetConstantFalse());
4066 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4067 owner()->set_current_block(join);
4071 void ValueContext::ReturnContinuation(HIfContinuation* continuation,
4073 HBasicBlock* materialize_true = NULL;
4074 HBasicBlock* materialize_false = NULL;
4075 continuation->Continue(&materialize_true, &materialize_false);
4076 if (continuation->IsTrueReachable()) {
4077 owner()->set_current_block(materialize_true);
4078 owner()->Push(owner()->graph()->GetConstantTrue());
4079 owner()->set_current_block(materialize_true);
4081 if (continuation->IsFalseReachable()) {
4082 owner()->set_current_block(materialize_false);
4083 owner()->Push(owner()->graph()->GetConstantFalse());
4084 owner()->set_current_block(materialize_false);
4086 if (continuation->TrueAndFalseReachable()) {
4088 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4089 owner()->set_current_block(join);
4094 void TestContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4095 DCHECK(!instr->IsControlInstruction());
4096 HOptimizedGraphBuilder* builder = owner();
4097 builder->AddInstruction(instr);
4098 // We expect a simulate after every expression with side effects, though
4099 // this one isn't actually needed (and wouldn't work if it were targeted).
4100 if (instr->HasObservableSideEffects()) {
4101 builder->Push(instr);
4102 builder->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4109 void TestContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4110 DCHECK(!instr->HasObservableSideEffects());
4111 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4112 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4113 instr->SetSuccessorAt(0, empty_true);
4114 instr->SetSuccessorAt(1, empty_false);
4115 owner()->FinishCurrentBlock(instr);
4116 owner()->Goto(empty_true, if_true(), owner()->function_state());
4117 owner()->Goto(empty_false, if_false(), owner()->function_state());
4118 owner()->set_current_block(NULL);
4122 void TestContext::ReturnContinuation(HIfContinuation* continuation,
4124 HBasicBlock* true_branch = NULL;
4125 HBasicBlock* false_branch = NULL;
4126 continuation->Continue(&true_branch, &false_branch);
4127 if (continuation->IsTrueReachable()) {
4128 owner()->Goto(true_branch, if_true(), owner()->function_state());
4130 if (continuation->IsFalseReachable()) {
4131 owner()->Goto(false_branch, if_false(), owner()->function_state());
4133 owner()->set_current_block(NULL);
4137 void TestContext::BuildBranch(HValue* value) {
4138 // We expect the graph to be in edge-split form: there is no edge that
4139 // connects a branch node to a join node. We conservatively ensure that
4140 // property by always adding an empty block on the outgoing edges of this
4142 HOptimizedGraphBuilder* builder = owner();
4143 if (value != NULL && value->CheckFlag(HValue::kIsArguments)) {
4144 builder->Bailout(kArgumentsObjectValueInATestContext);
4146 ToBooleanStub::Types expected(condition()->to_boolean_types());
4147 ReturnControl(owner()->New<HBranch>(value, expected), BailoutId::None());
4151 // HOptimizedGraphBuilder infrastructure for bailing out and checking bailouts.
4152 #define CHECK_BAILOUT(call) \
4155 if (HasStackOverflow()) return; \
4159 #define CHECK_ALIVE(call) \
4162 if (HasStackOverflow() || current_block() == NULL) return; \
4166 #define CHECK_ALIVE_OR_RETURN(call, value) \
4169 if (HasStackOverflow() || current_block() == NULL) return value; \
4173 void HOptimizedGraphBuilder::Bailout(BailoutReason reason) {
4174 current_info()->AbortOptimization(reason);
4179 void HOptimizedGraphBuilder::VisitForEffect(Expression* expr) {
4180 EffectContext for_effect(this);
4185 void HOptimizedGraphBuilder::VisitForValue(Expression* expr,
4186 ArgumentsAllowedFlag flag) {
4187 ValueContext for_value(this, flag);
4192 void HOptimizedGraphBuilder::VisitForTypeOf(Expression* expr) {
4193 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
4194 for_value.set_for_typeof(true);
4199 void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
4200 HBasicBlock* true_block,
4201 HBasicBlock* false_block) {
4202 TestContext for_test(this, expr, true_block, false_block);
4207 void HOptimizedGraphBuilder::VisitExpressions(
4208 ZoneList<Expression*>* exprs) {
4209 for (int i = 0; i < exprs->length(); ++i) {
4210 CHECK_ALIVE(VisitForValue(exprs->at(i)));
4215 void HOptimizedGraphBuilder::VisitExpressions(ZoneList<Expression*>* exprs,
4216 ArgumentsAllowedFlag flag) {
4217 for (int i = 0; i < exprs->length(); ++i) {
4218 CHECK_ALIVE(VisitForValue(exprs->at(i), flag));
4223 bool HOptimizedGraphBuilder::BuildGraph() {
4224 if (IsSubclassConstructor(current_info()->function()->kind())) {
4225 Bailout(kSuperReference);
4229 Scope* scope = current_info()->scope();
4232 // Add an edge to the body entry. This is warty: the graph's start
4233 // environment will be used by the Lithium translation as the initial
4234 // environment on graph entry, but it has now been mutated by the
4235 // Hydrogen translation of the instructions in the start block. This
4236 // environment uses values which have not been defined yet. These
4237 // Hydrogen instructions will then be replayed by the Lithium
4238 // translation, so they cannot have an environment effect. The edge to
4239 // the body's entry block (along with some special logic for the start
4240 // block in HInstruction::InsertAfter) seals the start block from
4241 // getting unwanted instructions inserted.
4243 // TODO(kmillikin): Fix this. Stop mutating the initial environment.
4244 // Make the Hydrogen instructions in the initial block into Hydrogen
4245 // values (but not instructions), present in the initial environment and
4246 // not replayed by the Lithium translation.
4247 HEnvironment* initial_env = environment()->CopyWithoutHistory();
4248 HBasicBlock* body_entry = CreateBasicBlock(initial_env);
4250 body_entry->SetJoinId(BailoutId::FunctionEntry());
4251 set_current_block(body_entry);
4253 // Handle implicit declaration of the function name in named function
4254 // expressions before other declarations.
4255 if (scope->is_function_scope() && scope->function() != NULL) {
4256 VisitVariableDeclaration(scope->function());
4258 VisitDeclarations(scope->declarations());
4259 Add<HSimulate>(BailoutId::Declarations());
4261 Add<HStackCheck>(HStackCheck::kFunctionEntry);
4263 VisitStatements(current_info()->function()->body());
4264 if (HasStackOverflow()) return false;
4266 if (current_block() != NULL) {
4267 Add<HReturn>(graph()->GetConstantUndefined());
4268 set_current_block(NULL);
4271 // If the checksum of the number of type info changes is the same as the
4272 // last time this function was compiled, then this recompile is likely not
4273 // due to missing/inadequate type feedback, but rather too aggressive
4274 // optimization. Disable optimistic LICM in that case.
4275 Handle<Code> unoptimized_code(current_info()->shared_info()->code());
4276 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
4277 Handle<TypeFeedbackInfo> type_info(
4278 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
4279 int checksum = type_info->own_type_change_checksum();
4280 int composite_checksum = graph()->update_type_change_checksum(checksum);
4281 graph()->set_use_optimistic_licm(
4282 !type_info->matches_inlined_type_change_checksum(composite_checksum));
4283 type_info->set_inlined_type_change_checksum(composite_checksum);
4285 // Perform any necessary OSR-specific cleanups or changes to the graph.
4286 osr()->FinishGraph();
4292 bool HGraph::Optimize(BailoutReason* bailout_reason) {
4296 // We need to create a HConstant "zero" now so that GVN will fold every
4297 // zero-valued constant in the graph together.
4298 // The constant is needed to make idef-based bounds check work: the pass
4299 // evaluates relations with "zero" and that zero cannot be created after GVN.
4303 // Do a full verify after building the graph and computing dominators.
4307 if (FLAG_analyze_environment_liveness && maximum_environment_size() != 0) {
4308 Run<HEnvironmentLivenessAnalysisPhase>();
4311 if (!CheckConstPhiUses()) {
4312 *bailout_reason = kUnsupportedPhiUseOfConstVariable;
4315 Run<HRedundantPhiEliminationPhase>();
4316 if (!CheckArgumentsPhiUses()) {
4317 *bailout_reason = kUnsupportedPhiUseOfArguments;
4321 // Find and mark unreachable code to simplify optimizations, especially gvn,
4322 // where unreachable code could unnecessarily defeat LICM.
4323 Run<HMarkUnreachableBlocksPhase>();
4325 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4326 if (FLAG_use_escape_analysis) Run<HEscapeAnalysisPhase>();
4328 if (FLAG_load_elimination) Run<HLoadEliminationPhase>();
4332 if (has_osr()) osr()->FinishOsrValues();
4334 Run<HInferRepresentationPhase>();
4336 // Remove HSimulate instructions that have turned out not to be needed
4337 // after all by folding them into the following HSimulate.
4338 // This must happen after inferring representations.
4339 Run<HMergeRemovableSimulatesPhase>();
4341 Run<HMarkDeoptimizeOnUndefinedPhase>();
4342 Run<HRepresentationChangesPhase>();
4344 Run<HInferTypesPhase>();
4346 // Must be performed before canonicalization to ensure that Canonicalize
4347 // will not remove semantically meaningful ToInt32 operations e.g. BIT_OR with
4349 Run<HUint32AnalysisPhase>();
4351 if (FLAG_use_canonicalizing) Run<HCanonicalizePhase>();
4353 if (FLAG_use_gvn) Run<HGlobalValueNumberingPhase>();
4355 if (FLAG_check_elimination) Run<HCheckEliminationPhase>();
4357 if (FLAG_store_elimination) Run<HStoreEliminationPhase>();
4359 Run<HRangeAnalysisPhase>();
4361 Run<HComputeChangeUndefinedToNaN>();
4363 // Eliminate redundant stack checks on backwards branches.
4364 Run<HStackCheckEliminationPhase>();
4366 if (FLAG_array_bounds_checks_elimination) Run<HBoundsCheckEliminationPhase>();
4367 if (FLAG_array_bounds_checks_hoisting) Run<HBoundsCheckHoistingPhase>();
4368 if (FLAG_array_index_dehoisting) Run<HDehoistIndexComputationsPhase>();
4369 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4371 RestoreActualValues();
4373 // Find unreachable code a second time, GVN and other optimizations may have
4374 // made blocks unreachable that were previously reachable.
4375 Run<HMarkUnreachableBlocksPhase>();
4381 void HGraph::RestoreActualValues() {
4382 HPhase phase("H_Restore actual values", this);
4384 for (int block_index = 0; block_index < blocks()->length(); block_index++) {
4385 HBasicBlock* block = blocks()->at(block_index);
4388 for (int i = 0; i < block->phis()->length(); i++) {
4389 HPhi* phi = block->phis()->at(i);
4390 DCHECK(phi->ActualValue() == phi);
4394 for (HInstructionIterator it(block); !it.Done(); it.Advance()) {
4395 HInstruction* instruction = it.Current();
4396 if (instruction->ActualValue() == instruction) continue;
4397 if (instruction->CheckFlag(HValue::kIsDead)) {
4398 // The instruction was marked as deleted but left in the graph
4399 // as a control flow dependency point for subsequent
4401 instruction->DeleteAndReplaceWith(instruction->ActualValue());
4403 DCHECK(instruction->IsInformativeDefinition());
4404 if (instruction->IsPurelyInformativeDefinition()) {
4405 instruction->DeleteAndReplaceWith(instruction->RedefinedOperand());
4407 instruction->ReplaceAllUsesWith(instruction->ActualValue());
4415 void HOptimizedGraphBuilder::PushArgumentsFromEnvironment(int count) {
4416 ZoneList<HValue*> arguments(count, zone());
4417 for (int i = 0; i < count; ++i) {
4418 arguments.Add(Pop(), zone());
4421 HPushArguments* push_args = New<HPushArguments>();
4422 while (!arguments.is_empty()) {
4423 push_args->AddInput(arguments.RemoveLast());
4425 AddInstruction(push_args);
4429 template <class Instruction>
4430 HInstruction* HOptimizedGraphBuilder::PreProcessCall(Instruction* call) {
4431 PushArgumentsFromEnvironment(call->argument_count());
4436 void HOptimizedGraphBuilder::SetUpScope(Scope* scope) {
4437 // First special is HContext.
4438 HInstruction* context = Add<HContext>();
4439 environment()->BindContext(context);
4441 // Create an arguments object containing the initial parameters. Set the
4442 // initial values of parameters including "this" having parameter index 0.
4443 DCHECK_EQ(scope->num_parameters() + 1, environment()->parameter_count());
4444 HArgumentsObject* arguments_object =
4445 New<HArgumentsObject>(environment()->parameter_count());
4446 for (int i = 0; i < environment()->parameter_count(); ++i) {
4447 HInstruction* parameter = Add<HParameter>(i);
4448 arguments_object->AddArgument(parameter, zone());
4449 environment()->Bind(i, parameter);
4451 AddInstruction(arguments_object);
4452 graph()->SetArgumentsObject(arguments_object);
4454 HConstant* undefined_constant = graph()->GetConstantUndefined();
4455 // Initialize specials and locals to undefined.
4456 for (int i = environment()->parameter_count() + 1;
4457 i < environment()->length();
4459 environment()->Bind(i, undefined_constant);
4462 // Handle the arguments and arguments shadow variables specially (they do
4463 // not have declarations).
4464 if (scope->arguments() != NULL) {
4465 environment()->Bind(scope->arguments(),
4466 graph()->GetArgumentsObject());
4470 Variable* rest = scope->rest_parameter(&rest_index);
4472 return Bailout(kRestParameter);
4477 void HOptimizedGraphBuilder::VisitStatements(ZoneList<Statement*>* statements) {
4478 for (int i = 0; i < statements->length(); i++) {
4479 Statement* stmt = statements->at(i);
4480 CHECK_ALIVE(Visit(stmt));
4481 if (stmt->IsJump()) break;
4486 void HOptimizedGraphBuilder::VisitBlock(Block* stmt) {
4487 DCHECK(!HasStackOverflow());
4488 DCHECK(current_block() != NULL);
4489 DCHECK(current_block()->HasPredecessor());
4491 Scope* outer_scope = scope();
4492 Scope* scope = stmt->scope();
4493 BreakAndContinueInfo break_info(stmt, outer_scope);
4495 { BreakAndContinueScope push(&break_info, this);
4496 if (scope != NULL) {
4497 // Load the function object.
4498 Scope* declaration_scope = scope->DeclarationScope();
4499 HInstruction* function;
4500 HValue* outer_context = environment()->context();
4501 if (declaration_scope->is_script_scope() ||
4502 declaration_scope->is_eval_scope()) {
4503 function = new(zone()) HLoadContextSlot(
4504 outer_context, Context::CLOSURE_INDEX, HLoadContextSlot::kNoCheck);
4506 function = New<HThisFunction>();
4508 AddInstruction(function);
4509 // Allocate a block context and store it to the stack frame.
4510 HInstruction* inner_context = Add<HAllocateBlockContext>(
4511 outer_context, function, scope->GetScopeInfo(isolate()));
4512 HInstruction* instr = Add<HStoreFrameContext>(inner_context);
4514 environment()->BindContext(inner_context);
4515 if (instr->HasObservableSideEffects()) {
4516 AddSimulate(stmt->EntryId(), REMOVABLE_SIMULATE);
4518 VisitDeclarations(scope->declarations());
4519 AddSimulate(stmt->DeclsId(), REMOVABLE_SIMULATE);
4521 CHECK_BAILOUT(VisitStatements(stmt->statements()));
4523 set_scope(outer_scope);
4524 if (scope != NULL && current_block() != NULL) {
4525 HValue* inner_context = environment()->context();
4526 HValue* outer_context = Add<HLoadNamedField>(
4527 inner_context, nullptr,
4528 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4530 HInstruction* instr = Add<HStoreFrameContext>(outer_context);
4531 environment()->BindContext(outer_context);
4532 if (instr->HasObservableSideEffects()) {
4533 AddSimulate(stmt->ExitId(), REMOVABLE_SIMULATE);
4536 HBasicBlock* break_block = break_info.break_block();
4537 if (break_block != NULL) {
4538 if (current_block() != NULL) Goto(break_block);
4539 break_block->SetJoinId(stmt->ExitId());
4540 set_current_block(break_block);
4545 void HOptimizedGraphBuilder::VisitExpressionStatement(
4546 ExpressionStatement* stmt) {
4547 DCHECK(!HasStackOverflow());
4548 DCHECK(current_block() != NULL);
4549 DCHECK(current_block()->HasPredecessor());
4550 VisitForEffect(stmt->expression());
4554 void HOptimizedGraphBuilder::VisitEmptyStatement(EmptyStatement* stmt) {
4555 DCHECK(!HasStackOverflow());
4556 DCHECK(current_block() != NULL);
4557 DCHECK(current_block()->HasPredecessor());
4561 void HOptimizedGraphBuilder::VisitIfStatement(IfStatement* stmt) {
4562 DCHECK(!HasStackOverflow());
4563 DCHECK(current_block() != NULL);
4564 DCHECK(current_block()->HasPredecessor());
4565 if (stmt->condition()->ToBooleanIsTrue()) {
4566 Add<HSimulate>(stmt->ThenId());
4567 Visit(stmt->then_statement());
4568 } else if (stmt->condition()->ToBooleanIsFalse()) {
4569 Add<HSimulate>(stmt->ElseId());
4570 Visit(stmt->else_statement());
4572 HBasicBlock* cond_true = graph()->CreateBasicBlock();
4573 HBasicBlock* cond_false = graph()->CreateBasicBlock();
4574 CHECK_BAILOUT(VisitForControl(stmt->condition(), cond_true, cond_false));
4576 if (cond_true->HasPredecessor()) {
4577 cond_true->SetJoinId(stmt->ThenId());
4578 set_current_block(cond_true);
4579 CHECK_BAILOUT(Visit(stmt->then_statement()));
4580 cond_true = current_block();
4585 if (cond_false->HasPredecessor()) {
4586 cond_false->SetJoinId(stmt->ElseId());
4587 set_current_block(cond_false);
4588 CHECK_BAILOUT(Visit(stmt->else_statement()));
4589 cond_false = current_block();
4594 HBasicBlock* join = CreateJoin(cond_true, cond_false, stmt->IfId());
4595 set_current_block(join);
4600 HBasicBlock* HOptimizedGraphBuilder::BreakAndContinueScope::Get(
4601 BreakableStatement* stmt,
4606 BreakAndContinueScope* current = this;
4607 while (current != NULL && current->info()->target() != stmt) {
4608 *drop_extra += current->info()->drop_extra();
4609 current = current->next();
4611 DCHECK(current != NULL); // Always found (unless stack is malformed).
4612 *scope = current->info()->scope();
4614 if (type == BREAK) {
4615 *drop_extra += current->info()->drop_extra();
4618 HBasicBlock* block = NULL;
4621 block = current->info()->break_block();
4622 if (block == NULL) {
4623 block = current->owner()->graph()->CreateBasicBlock();
4624 current->info()->set_break_block(block);
4629 block = current->info()->continue_block();
4630 if (block == NULL) {
4631 block = current->owner()->graph()->CreateBasicBlock();
4632 current->info()->set_continue_block(block);
4641 void HOptimizedGraphBuilder::VisitContinueStatement(
4642 ContinueStatement* stmt) {
4643 DCHECK(!HasStackOverflow());
4644 DCHECK(current_block() != NULL);
4645 DCHECK(current_block()->HasPredecessor());
4646 Scope* outer_scope = NULL;
4647 Scope* inner_scope = scope();
4649 HBasicBlock* continue_block = break_scope()->Get(
4650 stmt->target(), BreakAndContinueScope::CONTINUE,
4651 &outer_scope, &drop_extra);
4652 HValue* context = environment()->context();
4654 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4655 if (context_pop_count > 0) {
4656 while (context_pop_count-- > 0) {
4657 HInstruction* context_instruction = Add<HLoadNamedField>(
4659 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4660 context = context_instruction;
4662 HInstruction* instr = Add<HStoreFrameContext>(context);
4663 if (instr->HasObservableSideEffects()) {
4664 AddSimulate(stmt->target()->EntryId(), REMOVABLE_SIMULATE);
4666 environment()->BindContext(context);
4669 Goto(continue_block);
4670 set_current_block(NULL);
4674 void HOptimizedGraphBuilder::VisitBreakStatement(BreakStatement* stmt) {
4675 DCHECK(!HasStackOverflow());
4676 DCHECK(current_block() != NULL);
4677 DCHECK(current_block()->HasPredecessor());
4678 Scope* outer_scope = NULL;
4679 Scope* inner_scope = scope();
4681 HBasicBlock* break_block = break_scope()->Get(
4682 stmt->target(), BreakAndContinueScope::BREAK,
4683 &outer_scope, &drop_extra);
4684 HValue* context = environment()->context();
4686 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4687 if (context_pop_count > 0) {
4688 while (context_pop_count-- > 0) {
4689 HInstruction* context_instruction = Add<HLoadNamedField>(
4691 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4692 context = context_instruction;
4694 HInstruction* instr = Add<HStoreFrameContext>(context);
4695 if (instr->HasObservableSideEffects()) {
4696 AddSimulate(stmt->target()->ExitId(), REMOVABLE_SIMULATE);
4698 environment()->BindContext(context);
4701 set_current_block(NULL);
4705 void HOptimizedGraphBuilder::VisitReturnStatement(ReturnStatement* stmt) {
4706 DCHECK(!HasStackOverflow());
4707 DCHECK(current_block() != NULL);
4708 DCHECK(current_block()->HasPredecessor());
4709 FunctionState* state = function_state();
4710 AstContext* context = call_context();
4711 if (context == NULL) {
4712 // Not an inlined return, so an actual one.
4713 CHECK_ALIVE(VisitForValue(stmt->expression()));
4714 HValue* result = environment()->Pop();
4715 Add<HReturn>(result);
4716 } else if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
4717 // Return from an inlined construct call. In a test context the return value
4718 // will always evaluate to true, in a value context the return value needs
4719 // to be a JSObject.
4720 if (context->IsTest()) {
4721 TestContext* test = TestContext::cast(context);
4722 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4723 Goto(test->if_true(), state);
4724 } else if (context->IsEffect()) {
4725 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4726 Goto(function_return(), state);
4728 DCHECK(context->IsValue());
4729 CHECK_ALIVE(VisitForValue(stmt->expression()));
4730 HValue* return_value = Pop();
4731 HValue* receiver = environment()->arguments_environment()->Lookup(0);
4732 HHasInstanceTypeAndBranch* typecheck =
4733 New<HHasInstanceTypeAndBranch>(return_value,
4734 FIRST_SPEC_OBJECT_TYPE,
4735 LAST_SPEC_OBJECT_TYPE);
4736 HBasicBlock* if_spec_object = graph()->CreateBasicBlock();
4737 HBasicBlock* not_spec_object = graph()->CreateBasicBlock();
4738 typecheck->SetSuccessorAt(0, if_spec_object);
4739 typecheck->SetSuccessorAt(1, not_spec_object);
4740 FinishCurrentBlock(typecheck);
4741 AddLeaveInlined(if_spec_object, return_value, state);
4742 AddLeaveInlined(not_spec_object, receiver, state);
4744 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
4745 // Return from an inlined setter call. The returned value is never used, the
4746 // value of an assignment is always the value of the RHS of the assignment.
4747 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4748 if (context->IsTest()) {
4749 HValue* rhs = environment()->arguments_environment()->Lookup(1);
4750 context->ReturnValue(rhs);
4751 } else if (context->IsEffect()) {
4752 Goto(function_return(), state);
4754 DCHECK(context->IsValue());
4755 HValue* rhs = environment()->arguments_environment()->Lookup(1);
4756 AddLeaveInlined(rhs, state);
4759 // Return from a normal inlined function. Visit the subexpression in the
4760 // expression context of the call.
4761 if (context->IsTest()) {
4762 TestContext* test = TestContext::cast(context);
4763 VisitForControl(stmt->expression(), test->if_true(), test->if_false());
4764 } else if (context->IsEffect()) {
4765 // Visit in value context and ignore the result. This is needed to keep
4766 // environment in sync with full-codegen since some visitors (e.g.
4767 // VisitCountOperation) use the operand stack differently depending on
4769 CHECK_ALIVE(VisitForValue(stmt->expression()));
4771 Goto(function_return(), state);
4773 DCHECK(context->IsValue());
4774 CHECK_ALIVE(VisitForValue(stmt->expression()));
4775 AddLeaveInlined(Pop(), state);
4778 set_current_block(NULL);
4782 void HOptimizedGraphBuilder::VisitWithStatement(WithStatement* stmt) {
4783 DCHECK(!HasStackOverflow());
4784 DCHECK(current_block() != NULL);
4785 DCHECK(current_block()->HasPredecessor());
4786 return Bailout(kWithStatement);
4790 void HOptimizedGraphBuilder::VisitSwitchStatement(SwitchStatement* stmt) {
4791 DCHECK(!HasStackOverflow());
4792 DCHECK(current_block() != NULL);
4793 DCHECK(current_block()->HasPredecessor());
4795 ZoneList<CaseClause*>* clauses = stmt->cases();
4796 int clause_count = clauses->length();
4797 ZoneList<HBasicBlock*> body_blocks(clause_count, zone());
4799 CHECK_ALIVE(VisitForValue(stmt->tag()));
4800 Add<HSimulate>(stmt->EntryId());
4801 HValue* tag_value = Top();
4802 Type* tag_type = stmt->tag()->bounds().lower;
4804 // 1. Build all the tests, with dangling true branches
4805 BailoutId default_id = BailoutId::None();
4806 for (int i = 0; i < clause_count; ++i) {
4807 CaseClause* clause = clauses->at(i);
4808 if (clause->is_default()) {
4809 body_blocks.Add(NULL, zone());
4810 if (default_id.IsNone()) default_id = clause->EntryId();
4814 // Generate a compare and branch.
4815 CHECK_ALIVE(VisitForValue(clause->label()));
4816 HValue* label_value = Pop();
4818 Type* label_type = clause->label()->bounds().lower;
4819 Type* combined_type = clause->compare_type();
4820 HControlInstruction* compare = BuildCompareInstruction(
4821 Token::EQ_STRICT, tag_value, label_value, tag_type, label_type,
4823 ScriptPositionToSourcePosition(stmt->tag()->position()),
4824 ScriptPositionToSourcePosition(clause->label()->position()),
4825 PUSH_BEFORE_SIMULATE, clause->id());
4827 HBasicBlock* next_test_block = graph()->CreateBasicBlock();
4828 HBasicBlock* body_block = graph()->CreateBasicBlock();
4829 body_blocks.Add(body_block, zone());
4830 compare->SetSuccessorAt(0, body_block);
4831 compare->SetSuccessorAt(1, next_test_block);
4832 FinishCurrentBlock(compare);
4834 set_current_block(body_block);
4835 Drop(1); // tag_value
4837 set_current_block(next_test_block);
4840 // Save the current block to use for the default or to join with the
4842 HBasicBlock* last_block = current_block();
4843 Drop(1); // tag_value
4845 // 2. Loop over the clauses and the linked list of tests in lockstep,
4846 // translating the clause bodies.
4847 HBasicBlock* fall_through_block = NULL;
4849 BreakAndContinueInfo break_info(stmt, scope());
4850 { BreakAndContinueScope push(&break_info, this);
4851 for (int i = 0; i < clause_count; ++i) {
4852 CaseClause* clause = clauses->at(i);
4854 // Identify the block where normal (non-fall-through) control flow
4856 HBasicBlock* normal_block = NULL;
4857 if (clause->is_default()) {
4858 if (last_block == NULL) continue;
4859 normal_block = last_block;
4860 last_block = NULL; // Cleared to indicate we've handled it.
4862 normal_block = body_blocks[i];
4865 if (fall_through_block == NULL) {
4866 set_current_block(normal_block);
4868 HBasicBlock* join = CreateJoin(fall_through_block,
4871 set_current_block(join);
4874 CHECK_BAILOUT(VisitStatements(clause->statements()));
4875 fall_through_block = current_block();
4879 // Create an up-to-3-way join. Use the break block if it exists since
4880 // it's already a join block.
4881 HBasicBlock* break_block = break_info.break_block();
4882 if (break_block == NULL) {
4883 set_current_block(CreateJoin(fall_through_block,
4887 if (fall_through_block != NULL) Goto(fall_through_block, break_block);
4888 if (last_block != NULL) Goto(last_block, break_block);
4889 break_block->SetJoinId(stmt->ExitId());
4890 set_current_block(break_block);
4895 void HOptimizedGraphBuilder::VisitLoopBody(IterationStatement* stmt,
4896 HBasicBlock* loop_entry) {
4897 Add<HSimulate>(stmt->StackCheckId());
4898 HStackCheck* stack_check =
4899 HStackCheck::cast(Add<HStackCheck>(HStackCheck::kBackwardsBranch));
4900 DCHECK(loop_entry->IsLoopHeader());
4901 loop_entry->loop_information()->set_stack_check(stack_check);
4902 CHECK_BAILOUT(Visit(stmt->body()));
4906 void HOptimizedGraphBuilder::VisitDoWhileStatement(DoWhileStatement* stmt) {
4907 DCHECK(!HasStackOverflow());
4908 DCHECK(current_block() != NULL);
4909 DCHECK(current_block()->HasPredecessor());
4910 DCHECK(current_block() != NULL);
4911 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
4913 BreakAndContinueInfo break_info(stmt, scope());
4915 BreakAndContinueScope push(&break_info, this);
4916 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
4918 HBasicBlock* body_exit =
4919 JoinContinue(stmt, current_block(), break_info.continue_block());
4920 HBasicBlock* loop_successor = NULL;
4921 if (body_exit != NULL && !stmt->cond()->ToBooleanIsTrue()) {
4922 set_current_block(body_exit);
4923 loop_successor = graph()->CreateBasicBlock();
4924 if (stmt->cond()->ToBooleanIsFalse()) {
4925 loop_entry->loop_information()->stack_check()->Eliminate();
4926 Goto(loop_successor);
4929 // The block for a true condition, the actual predecessor block of the
4931 body_exit = graph()->CreateBasicBlock();
4932 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_exit, loop_successor));
4934 if (body_exit != NULL && body_exit->HasPredecessor()) {
4935 body_exit->SetJoinId(stmt->BackEdgeId());
4939 if (loop_successor->HasPredecessor()) {
4940 loop_successor->SetJoinId(stmt->ExitId());
4942 loop_successor = NULL;
4945 HBasicBlock* loop_exit = CreateLoop(stmt,
4949 break_info.break_block());
4950 set_current_block(loop_exit);
4954 void HOptimizedGraphBuilder::VisitWhileStatement(WhileStatement* stmt) {
4955 DCHECK(!HasStackOverflow());
4956 DCHECK(current_block() != NULL);
4957 DCHECK(current_block()->HasPredecessor());
4958 DCHECK(current_block() != NULL);
4959 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
4961 // If the condition is constant true, do not generate a branch.
4962 HBasicBlock* loop_successor = NULL;
4963 if (!stmt->cond()->ToBooleanIsTrue()) {
4964 HBasicBlock* body_entry = graph()->CreateBasicBlock();
4965 loop_successor = graph()->CreateBasicBlock();
4966 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
4967 if (body_entry->HasPredecessor()) {
4968 body_entry->SetJoinId(stmt->BodyId());
4969 set_current_block(body_entry);
4971 if (loop_successor->HasPredecessor()) {
4972 loop_successor->SetJoinId(stmt->ExitId());
4974 loop_successor = NULL;
4978 BreakAndContinueInfo break_info(stmt, scope());
4979 if (current_block() != NULL) {
4980 BreakAndContinueScope push(&break_info, this);
4981 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
4983 HBasicBlock* body_exit =
4984 JoinContinue(stmt, current_block(), break_info.continue_block());
4985 HBasicBlock* loop_exit = CreateLoop(stmt,
4989 break_info.break_block());
4990 set_current_block(loop_exit);
4994 void HOptimizedGraphBuilder::VisitForStatement(ForStatement* stmt) {
4995 DCHECK(!HasStackOverflow());
4996 DCHECK(current_block() != NULL);
4997 DCHECK(current_block()->HasPredecessor());
4998 if (stmt->init() != NULL) {
4999 CHECK_ALIVE(Visit(stmt->init()));
5001 DCHECK(current_block() != NULL);
5002 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5004 HBasicBlock* loop_successor = NULL;
5005 if (stmt->cond() != NULL) {
5006 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5007 loop_successor = graph()->CreateBasicBlock();
5008 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5009 if (body_entry->HasPredecessor()) {
5010 body_entry->SetJoinId(stmt->BodyId());
5011 set_current_block(body_entry);
5013 if (loop_successor->HasPredecessor()) {
5014 loop_successor->SetJoinId(stmt->ExitId());
5016 loop_successor = NULL;
5020 BreakAndContinueInfo break_info(stmt, scope());
5021 if (current_block() != NULL) {
5022 BreakAndContinueScope push(&break_info, this);
5023 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5025 HBasicBlock* body_exit =
5026 JoinContinue(stmt, current_block(), break_info.continue_block());
5028 if (stmt->next() != NULL && body_exit != NULL) {
5029 set_current_block(body_exit);
5030 CHECK_BAILOUT(Visit(stmt->next()));
5031 body_exit = current_block();
5034 HBasicBlock* loop_exit = CreateLoop(stmt,
5038 break_info.break_block());
5039 set_current_block(loop_exit);
5043 void HOptimizedGraphBuilder::VisitForInStatement(ForInStatement* stmt) {
5044 DCHECK(!HasStackOverflow());
5045 DCHECK(current_block() != NULL);
5046 DCHECK(current_block()->HasPredecessor());
5048 if (!FLAG_optimize_for_in) {
5049 return Bailout(kForInStatementOptimizationIsDisabled);
5052 if (stmt->for_in_type() != ForInStatement::FAST_FOR_IN) {
5053 return Bailout(kForInStatementIsNotFastCase);
5056 if (!stmt->each()->IsVariableProxy() ||
5057 !stmt->each()->AsVariableProxy()->var()->IsStackLocal()) {
5058 return Bailout(kForInStatementWithNonLocalEachVariable);
5061 Variable* each_var = stmt->each()->AsVariableProxy()->var();
5063 CHECK_ALIVE(VisitForValue(stmt->enumerable()));
5064 HValue* enumerable = Top(); // Leave enumerable at the top.
5066 HInstruction* map = Add<HForInPrepareMap>(enumerable);
5067 Add<HSimulate>(stmt->PrepareId());
5069 HInstruction* array = Add<HForInCacheArray>(
5070 enumerable, map, DescriptorArray::kEnumCacheBridgeCacheIndex);
5072 HInstruction* enum_length = Add<HMapEnumLength>(map);
5074 HInstruction* start_index = Add<HConstant>(0);
5081 HInstruction* index_cache = Add<HForInCacheArray>(
5082 enumerable, map, DescriptorArray::kEnumCacheBridgeIndicesCacheIndex);
5083 HForInCacheArray::cast(array)->set_index_cache(
5084 HForInCacheArray::cast(index_cache));
5086 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5088 HValue* index = environment()->ExpressionStackAt(0);
5089 HValue* limit = environment()->ExpressionStackAt(1);
5091 // Check that we still have more keys.
5092 HCompareNumericAndBranch* compare_index =
5093 New<HCompareNumericAndBranch>(index, limit, Token::LT);
5094 compare_index->set_observed_input_representation(
5095 Representation::Smi(), Representation::Smi());
5097 HBasicBlock* loop_body = graph()->CreateBasicBlock();
5098 HBasicBlock* loop_successor = graph()->CreateBasicBlock();
5100 compare_index->SetSuccessorAt(0, loop_body);
5101 compare_index->SetSuccessorAt(1, loop_successor);
5102 FinishCurrentBlock(compare_index);
5104 set_current_block(loop_successor);
5107 set_current_block(loop_body);
5109 HValue* key = Add<HLoadKeyed>(
5110 environment()->ExpressionStackAt(2), // Enum cache.
5111 environment()->ExpressionStackAt(0), // Iteration index.
5112 environment()->ExpressionStackAt(0),
5115 // Check if the expected map still matches that of the enumerable.
5116 // If not just deoptimize.
5117 Add<HCheckMapValue>(environment()->ExpressionStackAt(4),
5118 environment()->ExpressionStackAt(3));
5120 Bind(each_var, key);
5122 BreakAndContinueInfo break_info(stmt, scope(), 5);
5124 BreakAndContinueScope push(&break_info, this);
5125 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5128 HBasicBlock* body_exit =
5129 JoinContinue(stmt, current_block(), break_info.continue_block());
5131 if (body_exit != NULL) {
5132 set_current_block(body_exit);
5134 HValue* current_index = Pop();
5135 Push(AddUncasted<HAdd>(current_index, graph()->GetConstant1()));
5136 body_exit = current_block();
5139 HBasicBlock* loop_exit = CreateLoop(stmt,
5143 break_info.break_block());
5145 set_current_block(loop_exit);
5149 void HOptimizedGraphBuilder::VisitForOfStatement(ForOfStatement* stmt) {
5150 DCHECK(!HasStackOverflow());
5151 DCHECK(current_block() != NULL);
5152 DCHECK(current_block()->HasPredecessor());
5153 return Bailout(kForOfStatement);
5157 void HOptimizedGraphBuilder::VisitTryCatchStatement(TryCatchStatement* stmt) {
5158 DCHECK(!HasStackOverflow());
5159 DCHECK(current_block() != NULL);
5160 DCHECK(current_block()->HasPredecessor());
5161 return Bailout(kTryCatchStatement);
5165 void HOptimizedGraphBuilder::VisitTryFinallyStatement(
5166 TryFinallyStatement* stmt) {
5167 DCHECK(!HasStackOverflow());
5168 DCHECK(current_block() != NULL);
5169 DCHECK(current_block()->HasPredecessor());
5170 return Bailout(kTryFinallyStatement);
5174 void HOptimizedGraphBuilder::VisitDebuggerStatement(DebuggerStatement* stmt) {
5175 DCHECK(!HasStackOverflow());
5176 DCHECK(current_block() != NULL);
5177 DCHECK(current_block()->HasPredecessor());
5178 return Bailout(kDebuggerStatement);
5182 void HOptimizedGraphBuilder::VisitCaseClause(CaseClause* clause) {
5187 void HOptimizedGraphBuilder::VisitFunctionLiteral(FunctionLiteral* expr) {
5188 DCHECK(!HasStackOverflow());
5189 DCHECK(current_block() != NULL);
5190 DCHECK(current_block()->HasPredecessor());
5191 Handle<SharedFunctionInfo> shared_info = expr->shared_info();
5192 if (shared_info.is_null()) {
5194 Compiler::BuildFunctionInfo(expr, current_info()->script(), top_info());
5196 // We also have a stack overflow if the recursive compilation did.
5197 if (HasStackOverflow()) return;
5198 HFunctionLiteral* instr =
5199 New<HFunctionLiteral>(shared_info, expr->pretenure());
5200 return ast_context()->ReturnInstruction(instr, expr->id());
5204 void HOptimizedGraphBuilder::VisitClassLiteral(ClassLiteral* lit) {
5205 DCHECK(!HasStackOverflow());
5206 DCHECK(current_block() != NULL);
5207 DCHECK(current_block()->HasPredecessor());
5208 return Bailout(kClassLiteral);
5212 void HOptimizedGraphBuilder::VisitNativeFunctionLiteral(
5213 NativeFunctionLiteral* expr) {
5214 DCHECK(!HasStackOverflow());
5215 DCHECK(current_block() != NULL);
5216 DCHECK(current_block()->HasPredecessor());
5217 return Bailout(kNativeFunctionLiteral);
5221 void HOptimizedGraphBuilder::VisitConditional(Conditional* expr) {
5222 DCHECK(!HasStackOverflow());
5223 DCHECK(current_block() != NULL);
5224 DCHECK(current_block()->HasPredecessor());
5225 HBasicBlock* cond_true = graph()->CreateBasicBlock();
5226 HBasicBlock* cond_false = graph()->CreateBasicBlock();
5227 CHECK_BAILOUT(VisitForControl(expr->condition(), cond_true, cond_false));
5229 // Visit the true and false subexpressions in the same AST context as the
5230 // whole expression.
5231 if (cond_true->HasPredecessor()) {
5232 cond_true->SetJoinId(expr->ThenId());
5233 set_current_block(cond_true);
5234 CHECK_BAILOUT(Visit(expr->then_expression()));
5235 cond_true = current_block();
5240 if (cond_false->HasPredecessor()) {
5241 cond_false->SetJoinId(expr->ElseId());
5242 set_current_block(cond_false);
5243 CHECK_BAILOUT(Visit(expr->else_expression()));
5244 cond_false = current_block();
5249 if (!ast_context()->IsTest()) {
5250 HBasicBlock* join = CreateJoin(cond_true, cond_false, expr->id());
5251 set_current_block(join);
5252 if (join != NULL && !ast_context()->IsEffect()) {
5253 return ast_context()->ReturnValue(Pop());
5259 HOptimizedGraphBuilder::GlobalPropertyAccess
5260 HOptimizedGraphBuilder::LookupGlobalProperty(Variable* var, LookupIterator* it,
5261 PropertyAccessType access_type) {
5262 if (var->is_this() || !current_info()->has_global_object()) {
5266 switch (it->state()) {
5267 case LookupIterator::ACCESSOR:
5268 case LookupIterator::ACCESS_CHECK:
5269 case LookupIterator::INTERCEPTOR:
5270 case LookupIterator::NOT_FOUND:
5272 case LookupIterator::DATA:
5273 if (access_type == STORE && it->IsReadOnly()) return kUseGeneric;
5275 case LookupIterator::JSPROXY:
5276 case LookupIterator::TRANSITION:
5284 HValue* HOptimizedGraphBuilder::BuildContextChainWalk(Variable* var) {
5285 DCHECK(var->IsContextSlot());
5286 HValue* context = environment()->context();
5287 int length = scope()->ContextChainLength(var->scope());
5288 while (length-- > 0) {
5289 context = Add<HLoadNamedField>(
5291 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
5297 void HOptimizedGraphBuilder::VisitVariableProxy(VariableProxy* expr) {
5298 if (expr->is_this()) {
5299 current_info()->set_this_has_uses(true);
5302 DCHECK(!HasStackOverflow());
5303 DCHECK(current_block() != NULL);
5304 DCHECK(current_block()->HasPredecessor());
5305 Variable* variable = expr->var();
5306 switch (variable->location()) {
5307 case Variable::UNALLOCATED: {
5308 if (IsLexicalVariableMode(variable->mode())) {
5309 // TODO(rossberg): should this be an DCHECK?
5310 return Bailout(kReferenceToGlobalLexicalVariable);
5312 // Handle known global constants like 'undefined' specially to avoid a
5313 // load from a global cell for them.
5314 Handle<Object> constant_value =
5315 isolate()->factory()->GlobalConstantFor(variable->name());
5316 if (!constant_value.is_null()) {
5317 HConstant* instr = New<HConstant>(constant_value);
5318 return ast_context()->ReturnInstruction(instr, expr->id());
5321 Handle<GlobalObject> global(current_info()->global_object());
5323 if (FLAG_harmony_scoping) {
5324 Handle<ScriptContextTable> script_contexts(
5325 global->native_context()->script_context_table());
5326 ScriptContextTable::LookupResult lookup;
5327 if (ScriptContextTable::Lookup(script_contexts, variable->name(),
5329 Handle<Context> script_context = ScriptContextTable::GetContext(
5330 script_contexts, lookup.context_index);
5331 Handle<Object> current_value =
5332 FixedArray::get(script_context, lookup.context_index);
5334 // If the values is not the hole, it will stay initialized,
5335 // so no need to generate a check.
5336 if (*current_value == *isolate()->factory()->the_hole_value()) {
5337 return Bailout(kReferenceToUninitializedVariable);
5339 HInstruction* result = New<HLoadNamedField>(
5340 Add<HConstant>(script_context), nullptr,
5341 HObjectAccess::ForContextSlot(lookup.slot_index));
5342 return ast_context()->ReturnInstruction(result, expr->id());
5346 LookupIterator it(global, variable->name(),
5347 LookupIterator::OWN_SKIP_INTERCEPTOR);
5348 GlobalPropertyAccess type = LookupGlobalProperty(variable, &it, LOAD);
5350 if (type == kUseCell) {
5351 Handle<PropertyCell> cell = it.GetPropertyCell();
5352 if (cell->type()->IsConstant()) {
5353 PropertyCell::AddDependentCompilationInfo(cell, top_info());
5354 Handle<Object> constant_object = cell->type()->AsConstant()->Value();
5355 if (constant_object->IsConsString()) {
5357 String::Flatten(Handle<String>::cast(constant_object));
5359 HConstant* constant = New<HConstant>(constant_object);
5360 return ast_context()->ReturnInstruction(constant, expr->id());
5362 HLoadGlobalCell* instr =
5363 New<HLoadGlobalCell>(cell, it.property_details());
5364 return ast_context()->ReturnInstruction(instr, expr->id());
5367 HValue* global_object = Add<HLoadNamedField>(
5369 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
5370 HLoadGlobalGeneric* instr =
5371 New<HLoadGlobalGeneric>(global_object,
5373 ast_context()->is_for_typeof());
5374 if (FLAG_vector_ics) {
5375 Handle<SharedFunctionInfo> current_shared =
5376 function_state()->compilation_info()->shared_info();
5377 instr->SetVectorAndSlot(
5378 handle(current_shared->feedback_vector(), isolate()),
5379 expr->VariableFeedbackSlot());
5381 return ast_context()->ReturnInstruction(instr, expr->id());
5385 case Variable::PARAMETER:
5386 case Variable::LOCAL: {
5387 HValue* value = LookupAndMakeLive(variable);
5388 if (value == graph()->GetConstantHole()) {
5389 DCHECK(IsDeclaredVariableMode(variable->mode()) &&
5390 variable->mode() != VAR);
5391 return Bailout(kReferenceToUninitializedVariable);
5393 return ast_context()->ReturnValue(value);
5396 case Variable::CONTEXT: {
5397 HValue* context = BuildContextChainWalk(variable);
5398 HLoadContextSlot::Mode mode;
5399 switch (variable->mode()) {
5402 mode = HLoadContextSlot::kCheckDeoptimize;
5405 mode = HLoadContextSlot::kCheckReturnUndefined;
5408 mode = HLoadContextSlot::kNoCheck;
5411 HLoadContextSlot* instr =
5412 new(zone()) HLoadContextSlot(context, variable->index(), mode);
5413 return ast_context()->ReturnInstruction(instr, expr->id());
5416 case Variable::LOOKUP:
5417 return Bailout(kReferenceToAVariableWhichRequiresDynamicLookup);
5422 void HOptimizedGraphBuilder::VisitLiteral(Literal* expr) {
5423 DCHECK(!HasStackOverflow());
5424 DCHECK(current_block() != NULL);
5425 DCHECK(current_block()->HasPredecessor());
5426 HConstant* instr = New<HConstant>(expr->value());
5427 return ast_context()->ReturnInstruction(instr, expr->id());
5431 void HOptimizedGraphBuilder::VisitRegExpLiteral(RegExpLiteral* expr) {
5432 DCHECK(!HasStackOverflow());
5433 DCHECK(current_block() != NULL);
5434 DCHECK(current_block()->HasPredecessor());
5435 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5436 Handle<FixedArray> literals(closure->literals());
5437 HRegExpLiteral* instr = New<HRegExpLiteral>(literals,
5440 expr->literal_index());
5441 return ast_context()->ReturnInstruction(instr, expr->id());
5445 static bool CanInlinePropertyAccess(Handle<Map> map) {
5446 if (map->instance_type() == HEAP_NUMBER_TYPE) return true;
5447 if (map->instance_type() < FIRST_NONSTRING_TYPE) return true;
5448 return map->IsJSObjectMap() &&
5449 !map->is_dictionary_map() &&
5450 !map->has_named_interceptor();
5454 // Determines whether the given array or object literal boilerplate satisfies
5455 // all limits to be considered for fast deep-copying and computes the total
5456 // size of all objects that are part of the graph.
5457 static bool IsFastLiteral(Handle<JSObject> boilerplate,
5459 int* max_properties) {
5460 if (boilerplate->map()->is_deprecated() &&
5461 !JSObject::TryMigrateInstance(boilerplate)) {
5465 DCHECK(max_depth >= 0 && *max_properties >= 0);
5466 if (max_depth == 0) return false;
5468 Isolate* isolate = boilerplate->GetIsolate();
5469 Handle<FixedArrayBase> elements(boilerplate->elements());
5470 if (elements->length() > 0 &&
5471 elements->map() != isolate->heap()->fixed_cow_array_map()) {
5472 if (boilerplate->HasFastSmiOrObjectElements()) {
5473 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
5474 int length = elements->length();
5475 for (int i = 0; i < length; i++) {
5476 if ((*max_properties)-- == 0) return false;
5477 Handle<Object> value(fast_elements->get(i), isolate);
5478 if (value->IsJSObject()) {
5479 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5480 if (!IsFastLiteral(value_object,
5487 } else if (!boilerplate->HasFastDoubleElements()) {
5492 Handle<FixedArray> properties(boilerplate->properties());
5493 if (properties->length() > 0) {
5496 Handle<DescriptorArray> descriptors(
5497 boilerplate->map()->instance_descriptors());
5498 int limit = boilerplate->map()->NumberOfOwnDescriptors();
5499 for (int i = 0; i < limit; i++) {
5500 PropertyDetails details = descriptors->GetDetails(i);
5501 if (details.type() != DATA) continue;
5502 if ((*max_properties)-- == 0) return false;
5503 FieldIndex field_index = FieldIndex::ForDescriptor(boilerplate->map(), i);
5504 if (boilerplate->IsUnboxedDoubleField(field_index)) continue;
5505 Handle<Object> value(boilerplate->RawFastPropertyAt(field_index),
5507 if (value->IsJSObject()) {
5508 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5509 if (!IsFastLiteral(value_object,
5521 void HOptimizedGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
5522 DCHECK(!HasStackOverflow());
5523 DCHECK(current_block() != NULL);
5524 DCHECK(current_block()->HasPredecessor());
5526 expr->BuildConstantProperties(isolate());
5527 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5528 HInstruction* literal;
5530 // Check whether to use fast or slow deep-copying for boilerplate.
5531 int max_properties = kMaxFastLiteralProperties;
5532 Handle<Object> literals_cell(closure->literals()->get(expr->literal_index()),
5534 Handle<AllocationSite> site;
5535 Handle<JSObject> boilerplate;
5536 if (!literals_cell->IsUndefined()) {
5537 // Retrieve the boilerplate
5538 site = Handle<AllocationSite>::cast(literals_cell);
5539 boilerplate = Handle<JSObject>(JSObject::cast(site->transition_info()),
5543 if (!boilerplate.is_null() &&
5544 IsFastLiteral(boilerplate, kMaxFastLiteralDepth, &max_properties)) {
5545 AllocationSiteUsageContext usage_context(isolate(), site, false);
5546 usage_context.EnterNewScope();
5547 literal = BuildFastLiteral(boilerplate, &usage_context);
5548 usage_context.ExitScope(site, boilerplate);
5550 NoObservableSideEffectsScope no_effects(this);
5551 Handle<FixedArray> closure_literals(closure->literals(), isolate());
5552 Handle<FixedArray> constant_properties = expr->constant_properties();
5553 int literal_index = expr->literal_index();
5554 int flags = expr->ComputeFlags(true);
5556 Add<HPushArguments>(Add<HConstant>(closure_literals),
5557 Add<HConstant>(literal_index),
5558 Add<HConstant>(constant_properties),
5559 Add<HConstant>(flags));
5561 Runtime::FunctionId function_id = Runtime::kCreateObjectLiteral;
5562 literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5563 Runtime::FunctionForId(function_id),
5567 // The object is expected in the bailout environment during computation
5568 // of the property values and is the value of the entire expression.
5571 expr->CalculateEmitStore(zone());
5573 for (int i = 0; i < expr->properties()->length(); i++) {
5574 ObjectLiteral::Property* property = expr->properties()->at(i);
5575 if (property->is_computed_name()) return Bailout(kComputedPropertyName);
5576 if (property->IsCompileTimeValue()) continue;
5578 Literal* key = property->key()->AsLiteral();
5579 Expression* value = property->value();
5581 switch (property->kind()) {
5582 case ObjectLiteral::Property::MATERIALIZED_LITERAL:
5583 DCHECK(!CompileTimeValue::IsCompileTimeValue(value));
5585 case ObjectLiteral::Property::COMPUTED:
5586 // It is safe to use [[Put]] here because the boilerplate already
5587 // contains computed properties with an uninitialized value.
5588 if (key->value()->IsInternalizedString()) {
5589 if (property->emit_store()) {
5590 CHECK_ALIVE(VisitForValue(value));
5591 HValue* value = Pop();
5593 // Add [[HomeObject]] to function literals.
5594 if (FunctionLiteral::NeedsHomeObject(property->value())) {
5595 Handle<Symbol> sym = isolate()->factory()->home_object_symbol();
5596 HInstruction* store_home = BuildKeyedGeneric(
5597 STORE, NULL, value, Add<HConstant>(sym), literal);
5598 AddInstruction(store_home);
5599 DCHECK(store_home->HasObservableSideEffects());
5600 Add<HSimulate>(property->value()->id(), REMOVABLE_SIMULATE);
5603 Handle<Map> map = property->GetReceiverType();
5604 Handle<String> name = key->AsPropertyName();
5605 HInstruction* store;
5606 if (map.is_null()) {
5607 // If we don't know the monomorphic type, do a generic store.
5608 CHECK_ALIVE(store = BuildNamedGeneric(
5609 STORE, NULL, literal, name, value));
5611 PropertyAccessInfo info(this, STORE, map, name);
5612 if (info.CanAccessMonomorphic()) {
5613 HValue* checked_literal = Add<HCheckMaps>(literal, map);
5614 DCHECK(!info.IsAccessorConstant());
5615 store = BuildMonomorphicAccess(
5616 &info, literal, checked_literal, value,
5617 BailoutId::None(), BailoutId::None());
5619 CHECK_ALIVE(store = BuildNamedGeneric(
5620 STORE, NULL, literal, name, value));
5623 AddInstruction(store);
5624 DCHECK(store->HasObservableSideEffects());
5625 Add<HSimulate>(key->id(), REMOVABLE_SIMULATE);
5627 CHECK_ALIVE(VisitForEffect(value));
5632 case ObjectLiteral::Property::PROTOTYPE:
5633 case ObjectLiteral::Property::SETTER:
5634 case ObjectLiteral::Property::GETTER:
5635 return Bailout(kObjectLiteralWithComplexProperty);
5636 default: UNREACHABLE();
5640 if (expr->has_function()) {
5641 // Return the result of the transformation to fast properties
5642 // instead of the original since this operation changes the map
5643 // of the object. This makes sure that the original object won't
5644 // be used by other optimized code before it is transformed
5645 // (e.g. because of code motion).
5646 HToFastProperties* result = Add<HToFastProperties>(Pop());
5647 return ast_context()->ReturnValue(result);
5649 return ast_context()->ReturnValue(Pop());
5654 void HOptimizedGraphBuilder::VisitArrayLiteral(ArrayLiteral* expr) {
5655 DCHECK(!HasStackOverflow());
5656 DCHECK(current_block() != NULL);
5657 DCHECK(current_block()->HasPredecessor());
5658 expr->BuildConstantElements(isolate());
5659 ZoneList<Expression*>* subexprs = expr->values();
5660 int length = subexprs->length();
5661 HInstruction* literal;
5663 Handle<AllocationSite> site;
5664 Handle<FixedArray> literals(environment()->closure()->literals(), isolate());
5665 bool uninitialized = false;
5666 Handle<Object> literals_cell(literals->get(expr->literal_index()),
5668 Handle<JSObject> boilerplate_object;
5669 if (literals_cell->IsUndefined()) {
5670 uninitialized = true;
5671 Handle<Object> raw_boilerplate;
5672 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
5673 isolate(), raw_boilerplate,
5674 Runtime::CreateArrayLiteralBoilerplate(
5675 isolate(), literals, expr->constant_elements()),
5676 Bailout(kArrayBoilerplateCreationFailed));
5678 boilerplate_object = Handle<JSObject>::cast(raw_boilerplate);
5679 AllocationSiteCreationContext creation_context(isolate());
5680 site = creation_context.EnterNewScope();
5681 if (JSObject::DeepWalk(boilerplate_object, &creation_context).is_null()) {
5682 return Bailout(kArrayBoilerplateCreationFailed);
5684 creation_context.ExitScope(site, boilerplate_object);
5685 literals->set(expr->literal_index(), *site);
5687 if (boilerplate_object->elements()->map() ==
5688 isolate()->heap()->fixed_cow_array_map()) {
5689 isolate()->counters()->cow_arrays_created_runtime()->Increment();
5692 DCHECK(literals_cell->IsAllocationSite());
5693 site = Handle<AllocationSite>::cast(literals_cell);
5694 boilerplate_object = Handle<JSObject>(
5695 JSObject::cast(site->transition_info()), isolate());
5698 DCHECK(!boilerplate_object.is_null());
5699 DCHECK(site->SitePointsToLiteral());
5701 ElementsKind boilerplate_elements_kind =
5702 boilerplate_object->GetElementsKind();
5704 // Check whether to use fast or slow deep-copying for boilerplate.
5705 int max_properties = kMaxFastLiteralProperties;
5706 if (IsFastLiteral(boilerplate_object,
5707 kMaxFastLiteralDepth,
5709 AllocationSiteUsageContext usage_context(isolate(), site, false);
5710 usage_context.EnterNewScope();
5711 literal = BuildFastLiteral(boilerplate_object, &usage_context);
5712 usage_context.ExitScope(site, boilerplate_object);
5714 NoObservableSideEffectsScope no_effects(this);
5715 // Boilerplate already exists and constant elements are never accessed,
5716 // pass an empty fixed array to the runtime function instead.
5717 Handle<FixedArray> constants = isolate()->factory()->empty_fixed_array();
5718 int literal_index = expr->literal_index();
5719 int flags = expr->ComputeFlags(true);
5721 Add<HPushArguments>(Add<HConstant>(literals),
5722 Add<HConstant>(literal_index),
5723 Add<HConstant>(constants),
5724 Add<HConstant>(flags));
5726 Runtime::FunctionId function_id = Runtime::kCreateArrayLiteral;
5727 literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5728 Runtime::FunctionForId(function_id),
5731 // Register to deopt if the boilerplate ElementsKind changes.
5732 AllocationSite::RegisterForDeoptOnTransitionChange(site, top_info());
5735 // The array is expected in the bailout environment during computation
5736 // of the property values and is the value of the entire expression.
5738 // The literal index is on the stack, too.
5739 Push(Add<HConstant>(expr->literal_index()));
5741 HInstruction* elements = NULL;
5743 for (int i = 0; i < length; i++) {
5744 Expression* subexpr = subexprs->at(i);
5745 // If the subexpression is a literal or a simple materialized literal it
5746 // is already set in the cloned array.
5747 if (CompileTimeValue::IsCompileTimeValue(subexpr)) continue;
5749 CHECK_ALIVE(VisitForValue(subexpr));
5750 HValue* value = Pop();
5751 if (!Smi::IsValid(i)) return Bailout(kNonSmiKeyInArrayLiteral);
5753 elements = AddLoadElements(literal);
5755 HValue* key = Add<HConstant>(i);
5757 switch (boilerplate_elements_kind) {
5758 case FAST_SMI_ELEMENTS:
5759 case FAST_HOLEY_SMI_ELEMENTS:
5761 case FAST_HOLEY_ELEMENTS:
5762 case FAST_DOUBLE_ELEMENTS:
5763 case FAST_HOLEY_DOUBLE_ELEMENTS: {
5764 HStoreKeyed* instr = Add<HStoreKeyed>(elements, key, value,
5765 boilerplate_elements_kind);
5766 instr->SetUninitialized(uninitialized);
5774 Add<HSimulate>(expr->GetIdForElement(i));
5777 Drop(1); // array literal index
5778 return ast_context()->ReturnValue(Pop());
5782 HCheckMaps* HOptimizedGraphBuilder::AddCheckMap(HValue* object,
5784 BuildCheckHeapObject(object);
5785 return Add<HCheckMaps>(object, map);
5789 HInstruction* HOptimizedGraphBuilder::BuildLoadNamedField(
5790 PropertyAccessInfo* info,
5791 HValue* checked_object) {
5792 // See if this is a load for an immutable property
5793 if (checked_object->ActualValue()->IsConstant()) {
5794 Handle<Object> object(
5795 HConstant::cast(checked_object->ActualValue())->handle(isolate()));
5797 if (object->IsJSObject()) {
5798 LookupIterator it(object, info->name(),
5799 LookupIterator::OWN_SKIP_INTERCEPTOR);
5800 Handle<Object> value = JSObject::GetDataProperty(&it);
5801 if (it.IsFound() && it.IsReadOnly() && !it.IsConfigurable()) {
5802 return New<HConstant>(value);
5807 HObjectAccess access = info->access();
5808 if (access.representation().IsDouble() &&
5809 (!FLAG_unbox_double_fields || !access.IsInobject())) {
5810 // Load the heap number.
5811 checked_object = Add<HLoadNamedField>(
5812 checked_object, nullptr,
5813 access.WithRepresentation(Representation::Tagged()));
5814 // Load the double value from it.
5815 access = HObjectAccess::ForHeapNumberValue();
5818 SmallMapList* map_list = info->field_maps();
5819 if (map_list->length() == 0) {
5820 return New<HLoadNamedField>(checked_object, checked_object, access);
5823 UniqueSet<Map>* maps = new(zone()) UniqueSet<Map>(map_list->length(), zone());
5824 for (int i = 0; i < map_list->length(); ++i) {
5825 maps->Add(Unique<Map>::CreateImmovable(map_list->at(i)), zone());
5827 return New<HLoadNamedField>(
5828 checked_object, checked_object, access, maps, info->field_type());
5832 HInstruction* HOptimizedGraphBuilder::BuildStoreNamedField(
5833 PropertyAccessInfo* info,
5834 HValue* checked_object,
5836 bool transition_to_field = info->IsTransition();
5837 // TODO(verwaest): Move this logic into PropertyAccessInfo.
5838 HObjectAccess field_access = info->access();
5840 HStoreNamedField *instr;
5841 if (field_access.representation().IsDouble() &&
5842 (!FLAG_unbox_double_fields || !field_access.IsInobject())) {
5843 HObjectAccess heap_number_access =
5844 field_access.WithRepresentation(Representation::Tagged());
5845 if (transition_to_field) {
5846 // The store requires a mutable HeapNumber to be allocated.
5847 NoObservableSideEffectsScope no_side_effects(this);
5848 HInstruction* heap_number_size = Add<HConstant>(HeapNumber::kSize);
5850 // TODO(hpayer): Allocation site pretenuring support.
5851 HInstruction* heap_number = Add<HAllocate>(heap_number_size,
5852 HType::HeapObject(),
5854 MUTABLE_HEAP_NUMBER_TYPE);
5855 AddStoreMapConstant(
5856 heap_number, isolate()->factory()->mutable_heap_number_map());
5857 Add<HStoreNamedField>(heap_number, HObjectAccess::ForHeapNumberValue(),
5859 instr = New<HStoreNamedField>(checked_object->ActualValue(),
5863 // Already holds a HeapNumber; load the box and write its value field.
5864 HInstruction* heap_number =
5865 Add<HLoadNamedField>(checked_object, nullptr, heap_number_access);
5866 instr = New<HStoreNamedField>(heap_number,
5867 HObjectAccess::ForHeapNumberValue(),
5868 value, STORE_TO_INITIALIZED_ENTRY);
5871 if (field_access.representation().IsHeapObject()) {
5872 BuildCheckHeapObject(value);
5875 if (!info->field_maps()->is_empty()) {
5876 DCHECK(field_access.representation().IsHeapObject());
5877 value = Add<HCheckMaps>(value, info->field_maps());
5880 // This is a normal store.
5881 instr = New<HStoreNamedField>(
5882 checked_object->ActualValue(), field_access, value,
5883 transition_to_field ? INITIALIZING_STORE : STORE_TO_INITIALIZED_ENTRY);
5886 if (transition_to_field) {
5887 Handle<Map> transition(info->transition());
5888 DCHECK(!transition->is_deprecated());
5889 instr->SetTransition(Add<HConstant>(transition));
5895 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsCompatible(
5896 PropertyAccessInfo* info) {
5897 if (!CanInlinePropertyAccess(map_)) return false;
5899 // Currently only handle Type::Number as a polymorphic case.
5900 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
5902 if (IsNumberType()) return false;
5904 // Values are only compatible for monomorphic load if they all behave the same
5905 // regarding value wrappers.
5906 if (IsValueWrapped() != info->IsValueWrapped()) return false;
5908 if (!LookupDescriptor()) return false;
5911 return (!info->IsFound() || info->has_holder()) &&
5912 map()->prototype() == info->map()->prototype();
5915 // Mismatch if the other access info found the property in the prototype
5917 if (info->has_holder()) return false;
5919 if (IsAccessorConstant()) {
5920 return accessor_.is_identical_to(info->accessor_) &&
5921 api_holder_.is_identical_to(info->api_holder_);
5924 if (IsDataConstant()) {
5925 return constant_.is_identical_to(info->constant_);
5929 if (!info->IsData()) return false;
5931 Representation r = access_.representation();
5933 if (!info->access_.representation().IsCompatibleForLoad(r)) return false;
5935 if (!info->access_.representation().IsCompatibleForStore(r)) return false;
5937 if (info->access_.offset() != access_.offset()) return false;
5938 if (info->access_.IsInobject() != access_.IsInobject()) return false;
5940 if (field_maps_.is_empty()) {
5941 info->field_maps_.Clear();
5942 } else if (!info->field_maps_.is_empty()) {
5943 for (int i = 0; i < field_maps_.length(); ++i) {
5944 info->field_maps_.AddMapIfMissing(field_maps_.at(i), info->zone());
5946 info->field_maps_.Sort();
5949 // We can only merge stores that agree on their field maps. The comparison
5950 // below is safe, since we keep the field maps sorted.
5951 if (field_maps_.length() != info->field_maps_.length()) return false;
5952 for (int i = 0; i < field_maps_.length(); ++i) {
5953 if (!field_maps_.at(i).is_identical_to(info->field_maps_.at(i))) {
5958 info->GeneralizeRepresentation(r);
5959 info->field_type_ = info->field_type_.Combine(field_type_);
5964 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupDescriptor() {
5965 if (!map_->IsJSObjectMap()) return true;
5966 lookup_.LookupDescriptor(*map_, *name_);
5967 return LoadResult(map_);
5971 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadResult(Handle<Map> map) {
5972 if (!IsLoad() && IsProperty() && IsReadOnly()) {
5977 // Construct the object field access.
5978 int index = GetLocalFieldIndexFromMap(map);
5979 access_ = HObjectAccess::ForField(map, index, representation(), name_);
5981 // Load field map for heap objects.
5983 } else if (IsAccessorConstant()) {
5984 Handle<Object> accessors = GetAccessorsFromMap(map);
5985 if (!accessors->IsAccessorPair()) return false;
5986 Object* raw_accessor =
5987 IsLoad() ? Handle<AccessorPair>::cast(accessors)->getter()
5988 : Handle<AccessorPair>::cast(accessors)->setter();
5989 if (!raw_accessor->IsJSFunction()) return false;
5990 Handle<JSFunction> accessor = handle(JSFunction::cast(raw_accessor));
5991 if (accessor->shared()->IsApiFunction()) {
5992 CallOptimization call_optimization(accessor);
5993 if (call_optimization.is_simple_api_call()) {
5994 CallOptimization::HolderLookup holder_lookup;
5996 call_optimization.LookupHolderOfExpectedType(map_, &holder_lookup);
5999 accessor_ = accessor;
6000 } else if (IsDataConstant()) {
6001 constant_ = GetConstantFromMap(map);
6008 void HOptimizedGraphBuilder::PropertyAccessInfo::LoadFieldMaps(
6010 // Clear any previously collected field maps/type.
6011 field_maps_.Clear();
6012 field_type_ = HType::Tagged();
6014 // Figure out the field type from the accessor map.
6015 Handle<HeapType> field_type = GetFieldTypeFromMap(map);
6017 // Collect the (stable) maps from the field type.
6018 int num_field_maps = field_type->NumClasses();
6019 if (num_field_maps == 0) return;
6020 DCHECK(access_.representation().IsHeapObject());
6021 field_maps_.Reserve(num_field_maps, zone());
6022 HeapType::Iterator<Map> it = field_type->Classes();
6023 while (!it.Done()) {
6024 Handle<Map> field_map = it.Current();
6025 if (!field_map->is_stable()) {
6026 field_maps_.Clear();
6029 field_maps_.Add(field_map, zone());
6033 DCHECK_EQ(num_field_maps, field_maps_.length());
6035 // Determine field HType from field HeapType.
6036 field_type_ = HType::FromType<HeapType>(field_type);
6037 DCHECK(field_type_.IsHeapObject());
6039 // Add dependency on the map that introduced the field.
6040 Map::AddDependentCompilationInfo(GetFieldOwnerFromMap(map),
6041 DependentCode::kFieldTypeGroup, top_info());
6045 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupInPrototypes() {
6046 Handle<Map> map = this->map();
6048 while (map->prototype()->IsJSObject()) {
6049 holder_ = handle(JSObject::cast(map->prototype()));
6050 if (holder_->map()->is_deprecated()) {
6051 JSObject::TryMigrateInstance(holder_);
6053 map = Handle<Map>(holder_->map());
6054 if (!CanInlinePropertyAccess(map)) {
6058 lookup_.LookupDescriptor(*map, *name_);
6059 if (IsFound()) return LoadResult(map);
6066 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessMonomorphic() {
6067 if (!CanInlinePropertyAccess(map_)) return false;
6068 if (IsJSObjectFieldAccessor()) return IsLoad();
6069 if (map_->function_with_prototype() && !map_->has_non_instance_prototype() &&
6070 name_.is_identical_to(isolate()->factory()->prototype_string())) {
6073 if (!LookupDescriptor()) return false;
6074 if (IsFound()) return IsLoad() || !IsReadOnly();
6075 if (!LookupInPrototypes()) return false;
6076 if (IsLoad()) return true;
6078 if (IsAccessorConstant()) return true;
6079 lookup_.LookupTransition(*map_, *name_, NONE);
6080 if (lookup_.IsTransitionToData() && map_->unused_property_fields() > 0) {
6081 // Construct the object field access.
6082 int descriptor = transition()->LastAdded();
6084 transition()->instance_descriptors()->GetFieldIndex(descriptor) -
6085 map_->inobject_properties();
6086 PropertyDetails details =
6087 transition()->instance_descriptors()->GetDetails(descriptor);
6088 Representation representation = details.representation();
6089 access_ = HObjectAccess::ForField(map_, index, representation, name_);
6091 // Load field map for heap objects.
6092 LoadFieldMaps(transition());
6099 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessAsMonomorphic(
6100 SmallMapList* maps) {
6101 DCHECK(map_.is_identical_to(maps->first()));
6102 if (!CanAccessMonomorphic()) return false;
6103 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6104 if (maps->length() > kMaxLoadPolymorphism) return false;
6106 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6107 if (GetJSObjectFieldAccess(&access)) {
6108 for (int i = 1; i < maps->length(); ++i) {
6109 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6110 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6111 if (!test_info.GetJSObjectFieldAccess(&test_access)) return false;
6112 if (!access.Equals(test_access)) return false;
6117 // Currently only handle numbers as a polymorphic case.
6118 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6120 if (IsNumberType()) return false;
6122 // Multiple maps cannot transition to the same target map.
6123 DCHECK(!IsLoad() || !IsTransition());
6124 if (IsTransition() && maps->length() > 1) return false;
6126 for (int i = 1; i < maps->length(); ++i) {
6127 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6128 if (!test_info.IsCompatible(this)) return false;
6135 Handle<Map> HOptimizedGraphBuilder::PropertyAccessInfo::map() {
6136 JSFunction* ctor = IC::GetRootConstructor(
6137 *map_, current_info()->closure()->context()->native_context());
6138 if (ctor != NULL) return handle(ctor->initial_map());
6143 static bool NeedsWrapping(Handle<Map> map, Handle<JSFunction> target) {
6144 return !map->IsJSObjectMap() &&
6145 is_sloppy(target->shared()->language_mode()) &&
6146 !target->shared()->native();
6150 bool HOptimizedGraphBuilder::PropertyAccessInfo::NeedsWrappingFor(
6151 Handle<JSFunction> target) const {
6152 return NeedsWrapping(map_, target);
6156 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicAccess(
6157 PropertyAccessInfo* info,
6159 HValue* checked_object,
6162 BailoutId return_id,
6163 bool can_inline_accessor) {
6165 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6166 if (info->GetJSObjectFieldAccess(&access)) {
6167 DCHECK(info->IsLoad());
6168 return New<HLoadNamedField>(object, checked_object, access);
6171 if (info->name().is_identical_to(isolate()->factory()->prototype_string()) &&
6172 info->map()->function_with_prototype()) {
6173 DCHECK(!info->map()->has_non_instance_prototype());
6174 return New<HLoadFunctionPrototype>(checked_object);
6177 HValue* checked_holder = checked_object;
6178 if (info->has_holder()) {
6179 Handle<JSObject> prototype(JSObject::cast(info->map()->prototype()));
6180 checked_holder = BuildCheckPrototypeMaps(prototype, info->holder());
6183 if (!info->IsFound()) {
6184 DCHECK(info->IsLoad());
6185 return graph()->GetConstantUndefined();
6188 if (info->IsData()) {
6189 if (info->IsLoad()) {
6190 return BuildLoadNamedField(info, checked_holder);
6192 return BuildStoreNamedField(info, checked_object, value);
6196 if (info->IsTransition()) {
6197 DCHECK(!info->IsLoad());
6198 return BuildStoreNamedField(info, checked_object, value);
6201 if (info->IsAccessorConstant()) {
6202 Push(checked_object);
6203 int argument_count = 1;
6204 if (!info->IsLoad()) {
6209 if (info->NeedsWrappingFor(info->accessor())) {
6210 HValue* function = Add<HConstant>(info->accessor());
6211 PushArgumentsFromEnvironment(argument_count);
6212 return New<HCallFunction>(function, argument_count, WRAP_AND_CALL);
6213 } else if (FLAG_inline_accessors && can_inline_accessor) {
6214 bool success = info->IsLoad()
6215 ? TryInlineGetter(info->accessor(), info->map(), ast_id, return_id)
6217 info->accessor(), info->map(), ast_id, return_id, value);
6218 if (success || HasStackOverflow()) return NULL;
6221 PushArgumentsFromEnvironment(argument_count);
6222 return BuildCallConstantFunction(info->accessor(), argument_count);
6225 DCHECK(info->IsDataConstant());
6226 if (info->IsLoad()) {
6227 return New<HConstant>(info->constant());
6229 return New<HCheckValue>(value, Handle<JSFunction>::cast(info->constant()));
6234 void HOptimizedGraphBuilder::HandlePolymorphicNamedFieldAccess(
6235 PropertyAccessType access_type, Expression* expr, BailoutId ast_id,
6236 BailoutId return_id, HValue* object, HValue* value, SmallMapList* maps,
6237 Handle<String> name) {
6238 // Something did not match; must use a polymorphic load.
6240 HBasicBlock* join = NULL;
6241 HBasicBlock* number_block = NULL;
6242 bool handled_string = false;
6244 bool handle_smi = false;
6245 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6247 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6248 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6249 if (info.IsStringType()) {
6250 if (handled_string) continue;
6251 handled_string = true;
6253 if (info.CanAccessMonomorphic()) {
6255 if (info.IsNumberType()) {
6262 if (i < maps->length()) {
6268 HControlInstruction* smi_check = NULL;
6269 handled_string = false;
6271 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6272 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6273 if (info.IsStringType()) {
6274 if (handled_string) continue;
6275 handled_string = true;
6277 if (!info.CanAccessMonomorphic()) continue;
6280 join = graph()->CreateBasicBlock();
6282 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
6283 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
6284 number_block = graph()->CreateBasicBlock();
6285 smi_check = New<HIsSmiAndBranch>(
6286 object, empty_smi_block, not_smi_block);
6287 FinishCurrentBlock(smi_check);
6288 GotoNoSimulate(empty_smi_block, number_block);
6289 set_current_block(not_smi_block);
6291 BuildCheckHeapObject(object);
6295 HBasicBlock* if_true = graph()->CreateBasicBlock();
6296 HBasicBlock* if_false = graph()->CreateBasicBlock();
6297 HUnaryControlInstruction* compare;
6300 if (info.IsNumberType()) {
6301 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
6302 compare = New<HCompareMap>(object, heap_number_map, if_true, if_false);
6303 dependency = smi_check;
6304 } else if (info.IsStringType()) {
6305 compare = New<HIsStringAndBranch>(object, if_true, if_false);
6306 dependency = compare;
6308 compare = New<HCompareMap>(object, info.map(), if_true, if_false);
6309 dependency = compare;
6311 FinishCurrentBlock(compare);
6313 if (info.IsNumberType()) {
6314 GotoNoSimulate(if_true, number_block);
6315 if_true = number_block;
6318 set_current_block(if_true);
6320 HInstruction* access = BuildMonomorphicAccess(
6321 &info, object, dependency, value, ast_id,
6322 return_id, FLAG_polymorphic_inlining);
6324 HValue* result = NULL;
6325 switch (access_type) {
6334 if (access == NULL) {
6335 if (HasStackOverflow()) return;
6337 if (!access->IsLinked()) AddInstruction(access);
6338 if (!ast_context()->IsEffect()) Push(result);
6341 if (current_block() != NULL) Goto(join);
6342 set_current_block(if_false);
6345 // Finish up. Unconditionally deoptimize if we've handled all the maps we
6346 // know about and do not want to handle ones we've never seen. Otherwise
6347 // use a generic IC.
6348 if (count == maps->length() && FLAG_deoptimize_uncommon_cases) {
6349 FinishExitWithHardDeoptimization(
6350 Deoptimizer::kUnknownMapInPolymorphicAccess);
6352 HInstruction* instr = BuildNamedGeneric(access_type, expr, object, name,
6354 AddInstruction(instr);
6355 if (!ast_context()->IsEffect()) Push(access_type == LOAD ? instr : value);
6360 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6361 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6366 DCHECK(join != NULL);
6367 if (join->HasPredecessor()) {
6368 join->SetJoinId(ast_id);
6369 set_current_block(join);
6370 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6372 set_current_block(NULL);
6377 static bool ComputeReceiverTypes(Expression* expr,
6381 SmallMapList* maps = expr->GetReceiverTypes();
6383 bool monomorphic = expr->IsMonomorphic();
6384 if (maps != NULL && receiver->HasMonomorphicJSObjectType()) {
6385 Map* root_map = receiver->GetMonomorphicJSObjectMap()->FindRootMap();
6386 maps->FilterForPossibleTransitions(root_map);
6387 monomorphic = maps->length() == 1;
6389 return monomorphic && CanInlinePropertyAccess(maps->first());
6393 static bool AreStringTypes(SmallMapList* maps) {
6394 for (int i = 0; i < maps->length(); i++) {
6395 if (maps->at(i)->instance_type() >= FIRST_NONSTRING_TYPE) return false;
6401 void HOptimizedGraphBuilder::BuildStore(Expression* expr,
6404 BailoutId return_id,
6405 bool is_uninitialized) {
6406 if (!prop->key()->IsPropertyName()) {
6408 HValue* value = Pop();
6409 HValue* key = Pop();
6410 HValue* object = Pop();
6411 bool has_side_effects = false;
6412 HValue* result = HandleKeyedElementAccess(
6413 object, key, value, expr, ast_id, return_id, STORE, &has_side_effects);
6414 if (has_side_effects) {
6415 if (!ast_context()->IsEffect()) Push(value);
6416 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6417 if (!ast_context()->IsEffect()) Drop(1);
6419 if (result == NULL) return;
6420 return ast_context()->ReturnValue(value);
6424 HValue* value = Pop();
6425 HValue* object = Pop();
6427 Literal* key = prop->key()->AsLiteral();
6428 Handle<String> name = Handle<String>::cast(key->value());
6429 DCHECK(!name.is_null());
6431 HInstruction* instr = BuildNamedAccess(STORE, ast_id, return_id, expr,
6432 object, name, value, is_uninitialized);
6433 if (instr == NULL) return;
6435 if (!ast_context()->IsEffect()) Push(value);
6436 AddInstruction(instr);
6437 if (instr->HasObservableSideEffects()) {
6438 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6440 if (!ast_context()->IsEffect()) Drop(1);
6441 return ast_context()->ReturnValue(value);
6445 void HOptimizedGraphBuilder::HandlePropertyAssignment(Assignment* expr) {
6446 Property* prop = expr->target()->AsProperty();
6447 DCHECK(prop != NULL);
6448 CHECK_ALIVE(VisitForValue(prop->obj()));
6449 if (!prop->key()->IsPropertyName()) {
6450 CHECK_ALIVE(VisitForValue(prop->key()));
6452 CHECK_ALIVE(VisitForValue(expr->value()));
6453 BuildStore(expr, prop, expr->id(),
6454 expr->AssignmentId(), expr->IsUninitialized());
6458 // Because not every expression has a position and there is not common
6459 // superclass of Assignment and CountOperation, we cannot just pass the
6460 // owning expression instead of position and ast_id separately.
6461 void HOptimizedGraphBuilder::HandleGlobalVariableAssignment(
6465 Handle<GlobalObject> global(current_info()->global_object());
6467 if (FLAG_harmony_scoping) {
6468 Handle<ScriptContextTable> script_contexts(
6469 global->native_context()->script_context_table());
6470 ScriptContextTable::LookupResult lookup;
6471 if (ScriptContextTable::Lookup(script_contexts, var->name(), &lookup)) {
6472 if (lookup.mode == CONST) {
6473 return Bailout(kNonInitializerAssignmentToConst);
6475 Handle<Context> script_context =
6476 ScriptContextTable::GetContext(script_contexts, lookup.context_index);
6477 HStoreNamedField* instr = Add<HStoreNamedField>(
6478 Add<HConstant>(script_context),
6479 HObjectAccess::ForContextSlot(lookup.slot_index), value);
6481 DCHECK(instr->HasObservableSideEffects());
6482 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6487 LookupIterator it(global, var->name(), LookupIterator::OWN_SKIP_INTERCEPTOR);
6488 GlobalPropertyAccess type = LookupGlobalProperty(var, &it, STORE);
6489 if (type == kUseCell) {
6490 Handle<PropertyCell> cell = it.GetPropertyCell();
6491 if (cell->type()->IsConstant()) {
6492 Handle<Object> constant = cell->type()->AsConstant()->Value();
6493 if (value->IsConstant()) {
6494 HConstant* c_value = HConstant::cast(value);
6495 if (!constant.is_identical_to(c_value->handle(isolate()))) {
6496 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6497 Deoptimizer::EAGER);
6500 HValue* c_constant = Add<HConstant>(constant);
6501 IfBuilder builder(this);
6502 if (constant->IsNumber()) {
6503 builder.If<HCompareNumericAndBranch>(value, c_constant, Token::EQ);
6505 builder.If<HCompareObjectEqAndBranch>(value, c_constant);
6509 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6510 Deoptimizer::EAGER);
6514 HInstruction* instr =
6515 Add<HStoreGlobalCell>(value, cell, it.property_details());
6516 if (instr->HasObservableSideEffects()) {
6517 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6520 HValue* global_object = Add<HLoadNamedField>(
6522 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
6523 HStoreNamedGeneric* instr = Add<HStoreNamedGeneric>(
6524 global_object, var->name(), value, function_language_mode());
6526 DCHECK(instr->HasObservableSideEffects());
6527 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6532 void HOptimizedGraphBuilder::HandleCompoundAssignment(Assignment* expr) {
6533 Expression* target = expr->target();
6534 VariableProxy* proxy = target->AsVariableProxy();
6535 Property* prop = target->AsProperty();
6536 DCHECK(proxy == NULL || prop == NULL);
6538 // We have a second position recorded in the FullCodeGenerator to have
6539 // type feedback for the binary operation.
6540 BinaryOperation* operation = expr->binary_operation();
6542 if (proxy != NULL) {
6543 Variable* var = proxy->var();
6544 if (var->mode() == LET) {
6545 return Bailout(kUnsupportedLetCompoundAssignment);
6548 CHECK_ALIVE(VisitForValue(operation));
6550 switch (var->location()) {
6551 case Variable::UNALLOCATED:
6552 HandleGlobalVariableAssignment(var,
6554 expr->AssignmentId());
6557 case Variable::PARAMETER:
6558 case Variable::LOCAL:
6559 if (var->mode() == CONST_LEGACY) {
6560 return Bailout(kUnsupportedConstCompoundAssignment);
6562 if (var->mode() == CONST) {
6563 return Bailout(kNonInitializerAssignmentToConst);
6565 BindIfLive(var, Top());
6568 case Variable::CONTEXT: {
6569 // Bail out if we try to mutate a parameter value in a function
6570 // using the arguments object. We do not (yet) correctly handle the
6571 // arguments property of the function.
6572 if (current_info()->scope()->arguments() != NULL) {
6573 // Parameters will be allocated to context slots. We have no
6574 // direct way to detect that the variable is a parameter so we do
6575 // a linear search of the parameter variables.
6576 int count = current_info()->scope()->num_parameters();
6577 for (int i = 0; i < count; ++i) {
6578 if (var == current_info()->scope()->parameter(i)) {
6579 Bailout(kAssignmentToParameterFunctionUsesArgumentsObject);
6584 HStoreContextSlot::Mode mode;
6586 switch (var->mode()) {
6588 mode = HStoreContextSlot::kCheckDeoptimize;
6591 return Bailout(kNonInitializerAssignmentToConst);
6593 return ast_context()->ReturnValue(Pop());
6595 mode = HStoreContextSlot::kNoCheck;
6598 HValue* context = BuildContextChainWalk(var);
6599 HStoreContextSlot* instr = Add<HStoreContextSlot>(
6600 context, var->index(), mode, Top());
6601 if (instr->HasObservableSideEffects()) {
6602 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
6607 case Variable::LOOKUP:
6608 return Bailout(kCompoundAssignmentToLookupSlot);
6610 return ast_context()->ReturnValue(Pop());
6612 } else if (prop != NULL) {
6613 CHECK_ALIVE(VisitForValue(prop->obj()));
6614 HValue* object = Top();
6616 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
6617 CHECK_ALIVE(VisitForValue(prop->key()));
6621 CHECK_ALIVE(PushLoad(prop, object, key));
6623 CHECK_ALIVE(VisitForValue(expr->value()));
6624 HValue* right = Pop();
6625 HValue* left = Pop();
6627 Push(BuildBinaryOperation(operation, left, right, PUSH_BEFORE_SIMULATE));
6629 BuildStore(expr, prop, expr->id(),
6630 expr->AssignmentId(), expr->IsUninitialized());
6632 return Bailout(kInvalidLhsInCompoundAssignment);
6637 void HOptimizedGraphBuilder::VisitAssignment(Assignment* expr) {
6638 DCHECK(!HasStackOverflow());
6639 DCHECK(current_block() != NULL);
6640 DCHECK(current_block()->HasPredecessor());
6641 VariableProxy* proxy = expr->target()->AsVariableProxy();
6642 Property* prop = expr->target()->AsProperty();
6643 DCHECK(proxy == NULL || prop == NULL);
6645 if (expr->is_compound()) {
6646 HandleCompoundAssignment(expr);
6651 HandlePropertyAssignment(expr);
6652 } else if (proxy != NULL) {
6653 Variable* var = proxy->var();
6655 if (var->mode() == CONST) {
6656 if (expr->op() != Token::INIT_CONST) {
6657 return Bailout(kNonInitializerAssignmentToConst);
6659 } else if (var->mode() == CONST_LEGACY) {
6660 if (expr->op() != Token::INIT_CONST_LEGACY) {
6661 CHECK_ALIVE(VisitForValue(expr->value()));
6662 return ast_context()->ReturnValue(Pop());
6665 if (var->IsStackAllocated()) {
6666 // We insert a use of the old value to detect unsupported uses of const
6667 // variables (e.g. initialization inside a loop).
6668 HValue* old_value = environment()->Lookup(var);
6669 Add<HUseConst>(old_value);
6673 if (proxy->IsArguments()) return Bailout(kAssignmentToArguments);
6675 // Handle the assignment.
6676 switch (var->location()) {
6677 case Variable::UNALLOCATED:
6678 CHECK_ALIVE(VisitForValue(expr->value()));
6679 HandleGlobalVariableAssignment(var,
6681 expr->AssignmentId());
6682 return ast_context()->ReturnValue(Pop());
6684 case Variable::PARAMETER:
6685 case Variable::LOCAL: {
6686 // Perform an initialization check for let declared variables
6688 if (var->mode() == LET && expr->op() == Token::ASSIGN) {
6689 HValue* env_value = environment()->Lookup(var);
6690 if (env_value == graph()->GetConstantHole()) {
6691 return Bailout(kAssignmentToLetVariableBeforeInitialization);
6694 // We do not allow the arguments object to occur in a context where it
6695 // may escape, but assignments to stack-allocated locals are
6697 CHECK_ALIVE(VisitForValue(expr->value(), ARGUMENTS_ALLOWED));
6698 HValue* value = Pop();
6699 BindIfLive(var, value);
6700 return ast_context()->ReturnValue(value);
6703 case Variable::CONTEXT: {
6704 // Bail out if we try to mutate a parameter value in a function using
6705 // the arguments object. We do not (yet) correctly handle the
6706 // arguments property of the function.
6707 if (current_info()->scope()->arguments() != NULL) {
6708 // Parameters will rewrite to context slots. We have no direct way
6709 // to detect that the variable is a parameter.
6710 int count = current_info()->scope()->num_parameters();
6711 for (int i = 0; i < count; ++i) {
6712 if (var == current_info()->scope()->parameter(i)) {
6713 return Bailout(kAssignmentToParameterInArgumentsObject);
6718 CHECK_ALIVE(VisitForValue(expr->value()));
6719 HStoreContextSlot::Mode mode;
6720 if (expr->op() == Token::ASSIGN) {
6721 switch (var->mode()) {
6723 mode = HStoreContextSlot::kCheckDeoptimize;
6726 // This case is checked statically so no need to
6727 // perform checks here
6730 return ast_context()->ReturnValue(Pop());
6732 mode = HStoreContextSlot::kNoCheck;
6734 } else if (expr->op() == Token::INIT_VAR ||
6735 expr->op() == Token::INIT_LET ||
6736 expr->op() == Token::INIT_CONST) {
6737 mode = HStoreContextSlot::kNoCheck;
6739 DCHECK(expr->op() == Token::INIT_CONST_LEGACY);
6741 mode = HStoreContextSlot::kCheckIgnoreAssignment;
6744 HValue* context = BuildContextChainWalk(var);
6745 HStoreContextSlot* instr = Add<HStoreContextSlot>(
6746 context, var->index(), mode, Top());
6747 if (instr->HasObservableSideEffects()) {
6748 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
6750 return ast_context()->ReturnValue(Pop());
6753 case Variable::LOOKUP:
6754 return Bailout(kAssignmentToLOOKUPVariable);
6757 return Bailout(kInvalidLeftHandSideInAssignment);
6762 void HOptimizedGraphBuilder::VisitYield(Yield* expr) {
6763 // Generators are not optimized, so we should never get here.
6768 void HOptimizedGraphBuilder::VisitThrow(Throw* expr) {
6769 DCHECK(!HasStackOverflow());
6770 DCHECK(current_block() != NULL);
6771 DCHECK(current_block()->HasPredecessor());
6772 if (!ast_context()->IsEffect()) {
6773 // The parser turns invalid left-hand sides in assignments into throw
6774 // statements, which may not be in effect contexts. We might still try
6775 // to optimize such functions; bail out now if we do.
6776 return Bailout(kInvalidLeftHandSideInAssignment);
6778 CHECK_ALIVE(VisitForValue(expr->exception()));
6780 HValue* value = environment()->Pop();
6781 if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
6782 Add<HPushArguments>(value);
6783 Add<HCallRuntime>(isolate()->factory()->empty_string(),
6784 Runtime::FunctionForId(Runtime::kThrow), 1);
6785 Add<HSimulate>(expr->id());
6787 // If the throw definitely exits the function, we can finish with a dummy
6788 // control flow at this point. This is not the case if the throw is inside
6789 // an inlined function which may be replaced.
6790 if (call_context() == NULL) {
6791 FinishExitCurrentBlock(New<HAbnormalExit>());
6796 HInstruction* HGraphBuilder::AddLoadStringInstanceType(HValue* string) {
6797 if (string->IsConstant()) {
6798 HConstant* c_string = HConstant::cast(string);
6799 if (c_string->HasStringValue()) {
6800 return Add<HConstant>(c_string->StringValue()->map()->instance_type());
6803 return Add<HLoadNamedField>(
6804 Add<HLoadNamedField>(string, nullptr, HObjectAccess::ForMap()), nullptr,
6805 HObjectAccess::ForMapInstanceType());
6809 HInstruction* HGraphBuilder::AddLoadStringLength(HValue* string) {
6810 if (string->IsConstant()) {
6811 HConstant* c_string = HConstant::cast(string);
6812 if (c_string->HasStringValue()) {
6813 return Add<HConstant>(c_string->StringValue()->length());
6816 return Add<HLoadNamedField>(string, nullptr,
6817 HObjectAccess::ForStringLength());
6821 HInstruction* HOptimizedGraphBuilder::BuildNamedGeneric(
6822 PropertyAccessType access_type,
6825 Handle<String> name,
6827 bool is_uninitialized) {
6828 if (is_uninitialized) {
6830 Deoptimizer::kInsufficientTypeFeedbackForGenericNamedAccess,
6833 if (access_type == LOAD) {
6834 HLoadNamedGeneric* result = New<HLoadNamedGeneric>(object, name);
6835 if (FLAG_vector_ics) {
6836 Handle<SharedFunctionInfo> current_shared =
6837 function_state()->compilation_info()->shared_info();
6838 Handle<TypeFeedbackVector> vector =
6839 handle(current_shared->feedback_vector(), isolate());
6840 FeedbackVectorICSlot slot = expr->AsProperty()->PropertyFeedbackSlot();
6841 result->SetVectorAndSlot(vector, slot);
6845 return New<HStoreNamedGeneric>(object, name, value,
6846 function_language_mode());
6852 HInstruction* HOptimizedGraphBuilder::BuildKeyedGeneric(
6853 PropertyAccessType access_type,
6858 if (access_type == LOAD) {
6859 HLoadKeyedGeneric* result = New<HLoadKeyedGeneric>(object, key);
6860 if (FLAG_vector_ics) {
6861 Handle<SharedFunctionInfo> current_shared =
6862 function_state()->compilation_info()->shared_info();
6863 Handle<TypeFeedbackVector> vector =
6864 handle(current_shared->feedback_vector(), isolate());
6865 FeedbackVectorICSlot slot = expr->AsProperty()->PropertyFeedbackSlot();
6866 result->SetVectorAndSlot(vector, slot);
6870 return New<HStoreKeyedGeneric>(object, key, value,
6871 function_language_mode());
6876 LoadKeyedHoleMode HOptimizedGraphBuilder::BuildKeyedHoleMode(Handle<Map> map) {
6877 // Loads from a "stock" fast holey double arrays can elide the hole check.
6878 LoadKeyedHoleMode load_mode = NEVER_RETURN_HOLE;
6879 if (*map == isolate()->get_initial_js_array_map(FAST_HOLEY_DOUBLE_ELEMENTS) &&
6880 isolate()->IsFastArrayConstructorPrototypeChainIntact()) {
6881 Handle<JSObject> prototype(JSObject::cast(map->prototype()), isolate());
6882 Handle<JSObject> object_prototype = isolate()->initial_object_prototype();
6883 BuildCheckPrototypeMaps(prototype, object_prototype);
6884 load_mode = ALLOW_RETURN_HOLE;
6885 graph()->MarkDependsOnEmptyArrayProtoElements();
6892 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicElementAccess(
6898 PropertyAccessType access_type,
6899 KeyedAccessStoreMode store_mode) {
6900 HCheckMaps* checked_object = Add<HCheckMaps>(object, map, dependency);
6902 if (access_type == STORE && map->prototype()->IsJSObject()) {
6903 // monomorphic stores need a prototype chain check because shape
6904 // changes could allow callbacks on elements in the chain that
6905 // aren't compatible with monomorphic keyed stores.
6906 PrototypeIterator iter(map);
6907 JSObject* holder = NULL;
6908 while (!iter.IsAtEnd()) {
6909 holder = JSObject::cast(*PrototypeIterator::GetCurrent(iter));
6912 DCHECK(holder && holder->IsJSObject());
6914 BuildCheckPrototypeMaps(handle(JSObject::cast(map->prototype())),
6915 Handle<JSObject>(holder));
6918 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
6919 return BuildUncheckedMonomorphicElementAccess(
6920 checked_object, key, val,
6921 map->instance_type() == JS_ARRAY_TYPE,
6922 map->elements_kind(), access_type,
6923 load_mode, store_mode);
6927 static bool CanInlineElementAccess(Handle<Map> map) {
6928 return map->IsJSObjectMap() && !map->has_slow_elements_kind() &&
6929 !map->has_indexed_interceptor();
6933 HInstruction* HOptimizedGraphBuilder::TryBuildConsolidatedElementLoad(
6937 SmallMapList* maps) {
6938 // For polymorphic loads of similar elements kinds (i.e. all tagged or all
6939 // double), always use the "worst case" code without a transition. This is
6940 // much faster than transitioning the elements to the worst case, trading a
6941 // HTransitionElements for a HCheckMaps, and avoiding mutation of the array.
6942 bool has_double_maps = false;
6943 bool has_smi_or_object_maps = false;
6944 bool has_js_array_access = false;
6945 bool has_non_js_array_access = false;
6946 bool has_seen_holey_elements = false;
6947 Handle<Map> most_general_consolidated_map;
6948 for (int i = 0; i < maps->length(); ++i) {
6949 Handle<Map> map = maps->at(i);
6950 if (!CanInlineElementAccess(map)) return NULL;
6951 // Don't allow mixing of JSArrays with JSObjects.
6952 if (map->instance_type() == JS_ARRAY_TYPE) {
6953 if (has_non_js_array_access) return NULL;
6954 has_js_array_access = true;
6955 } else if (has_js_array_access) {
6958 has_non_js_array_access = true;
6960 // Don't allow mixed, incompatible elements kinds.
6961 if (map->has_fast_double_elements()) {
6962 if (has_smi_or_object_maps) return NULL;
6963 has_double_maps = true;
6964 } else if (map->has_fast_smi_or_object_elements()) {
6965 if (has_double_maps) return NULL;
6966 has_smi_or_object_maps = true;
6970 // Remember if we've ever seen holey elements.
6971 if (IsHoleyElementsKind(map->elements_kind())) {
6972 has_seen_holey_elements = true;
6974 // Remember the most general elements kind, the code for its load will
6975 // properly handle all of the more specific cases.
6976 if ((i == 0) || IsMoreGeneralElementsKindTransition(
6977 most_general_consolidated_map->elements_kind(),
6978 map->elements_kind())) {
6979 most_general_consolidated_map = map;
6982 if (!has_double_maps && !has_smi_or_object_maps) return NULL;
6984 HCheckMaps* checked_object = Add<HCheckMaps>(object, maps);
6985 // FAST_ELEMENTS is considered more general than FAST_HOLEY_SMI_ELEMENTS.
6986 // If we've seen both, the consolidated load must use FAST_HOLEY_ELEMENTS.
6987 ElementsKind consolidated_elements_kind = has_seen_holey_elements
6988 ? GetHoleyElementsKind(most_general_consolidated_map->elements_kind())
6989 : most_general_consolidated_map->elements_kind();
6990 HInstruction* instr = BuildUncheckedMonomorphicElementAccess(
6991 checked_object, key, val,
6992 most_general_consolidated_map->instance_type() == JS_ARRAY_TYPE,
6993 consolidated_elements_kind,
6994 LOAD, NEVER_RETURN_HOLE, STANDARD_STORE);
6999 HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
7005 PropertyAccessType access_type,
7006 KeyedAccessStoreMode store_mode,
7007 bool* has_side_effects) {
7008 *has_side_effects = false;
7009 BuildCheckHeapObject(object);
7011 if (access_type == LOAD) {
7012 HInstruction* consolidated_load =
7013 TryBuildConsolidatedElementLoad(object, key, val, maps);
7014 if (consolidated_load != NULL) {
7015 *has_side_effects |= consolidated_load->HasObservableSideEffects();
7016 return consolidated_load;
7020 // Elements_kind transition support.
7021 MapHandleList transition_target(maps->length());
7022 // Collect possible transition targets.
7023 MapHandleList possible_transitioned_maps(maps->length());
7024 for (int i = 0; i < maps->length(); ++i) {
7025 Handle<Map> map = maps->at(i);
7026 // Loads from strings or loads with a mix of string and non-string maps
7027 // shouldn't be handled polymorphically.
7028 DCHECK(access_type != LOAD || !map->IsStringMap());
7029 ElementsKind elements_kind = map->elements_kind();
7030 if (CanInlineElementAccess(map) && IsFastElementsKind(elements_kind) &&
7031 elements_kind != GetInitialFastElementsKind()) {
7032 possible_transitioned_maps.Add(map);
7034 if (elements_kind == SLOPPY_ARGUMENTS_ELEMENTS) {
7035 HInstruction* result = BuildKeyedGeneric(access_type, expr, object, key,
7037 *has_side_effects = result->HasObservableSideEffects();
7038 return AddInstruction(result);
7041 // Get transition target for each map (NULL == no transition).
7042 for (int i = 0; i < maps->length(); ++i) {
7043 Handle<Map> map = maps->at(i);
7044 Handle<Map> transitioned_map =
7045 map->FindTransitionedMap(&possible_transitioned_maps);
7046 transition_target.Add(transitioned_map);
7049 MapHandleList untransitionable_maps(maps->length());
7050 HTransitionElementsKind* transition = NULL;
7051 for (int i = 0; i < maps->length(); ++i) {
7052 Handle<Map> map = maps->at(i);
7053 DCHECK(map->IsMap());
7054 if (!transition_target.at(i).is_null()) {
7055 DCHECK(Map::IsValidElementsTransition(
7056 map->elements_kind(),
7057 transition_target.at(i)->elements_kind()));
7058 transition = Add<HTransitionElementsKind>(object, map,
7059 transition_target.at(i));
7061 untransitionable_maps.Add(map);
7065 // If only one map is left after transitioning, handle this case
7067 DCHECK(untransitionable_maps.length() >= 1);
7068 if (untransitionable_maps.length() == 1) {
7069 Handle<Map> untransitionable_map = untransitionable_maps[0];
7070 HInstruction* instr = NULL;
7071 if (!CanInlineElementAccess(untransitionable_map)) {
7072 instr = AddInstruction(BuildKeyedGeneric(access_type, expr, object, key,
7075 instr = BuildMonomorphicElementAccess(
7076 object, key, val, transition, untransitionable_map, access_type,
7079 *has_side_effects |= instr->HasObservableSideEffects();
7080 return access_type == STORE ? val : instr;
7083 HBasicBlock* join = graph()->CreateBasicBlock();
7085 for (int i = 0; i < untransitionable_maps.length(); ++i) {
7086 Handle<Map> map = untransitionable_maps[i];
7087 ElementsKind elements_kind = map->elements_kind();
7088 HBasicBlock* this_map = graph()->CreateBasicBlock();
7089 HBasicBlock* other_map = graph()->CreateBasicBlock();
7090 HCompareMap* mapcompare =
7091 New<HCompareMap>(object, map, this_map, other_map);
7092 FinishCurrentBlock(mapcompare);
7094 set_current_block(this_map);
7095 HInstruction* access = NULL;
7096 if (!CanInlineElementAccess(map)) {
7097 access = AddInstruction(BuildKeyedGeneric(access_type, expr, object, key,
7100 DCHECK(IsFastElementsKind(elements_kind) ||
7101 IsExternalArrayElementsKind(elements_kind) ||
7102 IsFixedTypedArrayElementsKind(elements_kind));
7103 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7104 // Happily, mapcompare is a checked object.
7105 access = BuildUncheckedMonomorphicElementAccess(
7106 mapcompare, key, val,
7107 map->instance_type() == JS_ARRAY_TYPE,
7108 elements_kind, access_type,
7112 *has_side_effects |= access->HasObservableSideEffects();
7113 // The caller will use has_side_effects and add a correct Simulate.
7114 access->SetFlag(HValue::kHasNoObservableSideEffects);
7115 if (access_type == LOAD) {
7118 NoObservableSideEffectsScope scope(this);
7119 GotoNoSimulate(join);
7120 set_current_block(other_map);
7123 // Ensure that we visited at least one map above that goes to join. This is
7124 // necessary because FinishExitWithHardDeoptimization does an AbnormalExit
7125 // rather than joining the join block. If this becomes an issue, insert a
7126 // generic access in the case length() == 0.
7127 DCHECK(join->predecessors()->length() > 0);
7128 // Deopt if none of the cases matched.
7129 NoObservableSideEffectsScope scope(this);
7130 FinishExitWithHardDeoptimization(
7131 Deoptimizer::kUnknownMapInPolymorphicElementAccess);
7132 set_current_block(join);
7133 return access_type == STORE ? val : Pop();
7137 HValue* HOptimizedGraphBuilder::HandleKeyedElementAccess(
7138 HValue* obj, HValue* key, HValue* val, Expression* expr, BailoutId ast_id,
7139 BailoutId return_id, PropertyAccessType access_type,
7140 bool* has_side_effects) {
7141 // TODO(mvstanton): This optimization causes trouble for vector-based
7142 // KeyedLoadICs, turn it off for now.
7143 if (!FLAG_vector_ics && key->ActualValue()->IsConstant()) {
7144 Handle<Object> constant =
7145 HConstant::cast(key->ActualValue())->handle(isolate());
7146 uint32_t array_index;
7147 if (constant->IsString() &&
7148 !Handle<String>::cast(constant)->AsArrayIndex(&array_index)) {
7149 if (!constant->IsUniqueName()) {
7150 constant = isolate()->factory()->InternalizeString(
7151 Handle<String>::cast(constant));
7153 HInstruction* instr =
7154 BuildNamedAccess(access_type, ast_id, return_id, expr, obj,
7155 Handle<String>::cast(constant), val, false);
7156 if (instr == NULL || instr->IsLinked()) {
7157 *has_side_effects = false;
7159 AddInstruction(instr);
7160 *has_side_effects = instr->HasObservableSideEffects();
7166 DCHECK(!expr->IsPropertyName());
7167 HInstruction* instr = NULL;
7170 bool monomorphic = ComputeReceiverTypes(expr, obj, &maps, zone());
7172 bool force_generic = false;
7173 if (expr->GetKeyType() == PROPERTY) {
7174 // Non-Generic accesses assume that elements are being accessed, and will
7175 // deopt for non-index keys, which the IC knows will occur.
7176 // TODO(jkummerow): Consider adding proper support for property accesses.
7177 force_generic = true;
7178 monomorphic = false;
7179 } else if (access_type == STORE &&
7180 (monomorphic || (maps != NULL && !maps->is_empty()))) {
7181 // Stores can't be mono/polymorphic if their prototype chain has dictionary
7182 // elements. However a receiver map that has dictionary elements itself
7183 // should be left to normal mono/poly behavior (the other maps may benefit
7184 // from highly optimized stores).
7185 for (int i = 0; i < maps->length(); i++) {
7186 Handle<Map> current_map = maps->at(i);
7187 if (current_map->DictionaryElementsInPrototypeChainOnly()) {
7188 force_generic = true;
7189 monomorphic = false;
7193 } else if (access_type == LOAD && !monomorphic &&
7194 (maps != NULL && !maps->is_empty())) {
7195 // Polymorphic loads have to go generic if any of the maps are strings.
7196 // If some, but not all of the maps are strings, we should go generic
7197 // because polymorphic access wants to key on ElementsKind and isn't
7198 // compatible with strings.
7199 for (int i = 0; i < maps->length(); i++) {
7200 Handle<Map> current_map = maps->at(i);
7201 if (current_map->IsStringMap()) {
7202 force_generic = true;
7209 Handle<Map> map = maps->first();
7210 if (!CanInlineElementAccess(map)) {
7211 instr = AddInstruction(BuildKeyedGeneric(access_type, expr, obj, key,
7214 BuildCheckHeapObject(obj);
7215 instr = BuildMonomorphicElementAccess(
7216 obj, key, val, NULL, map, access_type, expr->GetStoreMode());
7218 } else if (!force_generic && (maps != NULL && !maps->is_empty())) {
7219 return HandlePolymorphicElementAccess(expr, obj, key, val, maps,
7220 access_type, expr->GetStoreMode(),
7223 if (access_type == STORE) {
7224 if (expr->IsAssignment() &&
7225 expr->AsAssignment()->HasNoTypeInformation()) {
7226 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedStore,
7230 if (expr->AsProperty()->HasNoTypeInformation()) {
7231 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedLoad,
7235 instr = AddInstruction(BuildKeyedGeneric(access_type, expr, obj, key, val));
7237 *has_side_effects = instr->HasObservableSideEffects();
7242 void HOptimizedGraphBuilder::EnsureArgumentsArePushedForAccess() {
7243 // Outermost function already has arguments on the stack.
7244 if (function_state()->outer() == NULL) return;
7246 if (function_state()->arguments_pushed()) return;
7248 // Push arguments when entering inlined function.
7249 HEnterInlined* entry = function_state()->entry();
7250 entry->set_arguments_pushed();
7252 HArgumentsObject* arguments = entry->arguments_object();
7253 const ZoneList<HValue*>* arguments_values = arguments->arguments_values();
7255 HInstruction* insert_after = entry;
7256 for (int i = 0; i < arguments_values->length(); i++) {
7257 HValue* argument = arguments_values->at(i);
7258 HInstruction* push_argument = New<HPushArguments>(argument);
7259 push_argument->InsertAfter(insert_after);
7260 insert_after = push_argument;
7263 HArgumentsElements* arguments_elements = New<HArgumentsElements>(true);
7264 arguments_elements->ClearFlag(HValue::kUseGVN);
7265 arguments_elements->InsertAfter(insert_after);
7266 function_state()->set_arguments_elements(arguments_elements);
7270 bool HOptimizedGraphBuilder::TryArgumentsAccess(Property* expr) {
7271 VariableProxy* proxy = expr->obj()->AsVariableProxy();
7272 if (proxy == NULL) return false;
7273 if (!proxy->var()->IsStackAllocated()) return false;
7274 if (!environment()->Lookup(proxy->var())->CheckFlag(HValue::kIsArguments)) {
7278 HInstruction* result = NULL;
7279 if (expr->key()->IsPropertyName()) {
7280 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7281 if (!String::Equals(name, isolate()->factory()->length_string())) {
7285 if (function_state()->outer() == NULL) {
7286 HInstruction* elements = Add<HArgumentsElements>(false);
7287 result = New<HArgumentsLength>(elements);
7289 // Number of arguments without receiver.
7290 int argument_count = environment()->
7291 arguments_environment()->parameter_count() - 1;
7292 result = New<HConstant>(argument_count);
7295 Push(graph()->GetArgumentsObject());
7296 CHECK_ALIVE_OR_RETURN(VisitForValue(expr->key()), true);
7297 HValue* key = Pop();
7298 Drop(1); // Arguments object.
7299 if (function_state()->outer() == NULL) {
7300 HInstruction* elements = Add<HArgumentsElements>(false);
7301 HInstruction* length = Add<HArgumentsLength>(elements);
7302 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7303 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7305 EnsureArgumentsArePushedForAccess();
7307 // Number of arguments without receiver.
7308 HInstruction* elements = function_state()->arguments_elements();
7309 int argument_count = environment()->
7310 arguments_environment()->parameter_count() - 1;
7311 HInstruction* length = Add<HConstant>(argument_count);
7312 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7313 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7316 ast_context()->ReturnInstruction(result, expr->id());
7321 HInstruction* HOptimizedGraphBuilder::BuildNamedAccess(
7322 PropertyAccessType access,
7324 BailoutId return_id,
7327 Handle<String> name,
7329 bool is_uninitialized) {
7331 ComputeReceiverTypes(expr, object, &maps, zone());
7332 DCHECK(maps != NULL);
7334 if (maps->length() > 0) {
7335 PropertyAccessInfo info(this, access, maps->first(), name);
7336 if (!info.CanAccessAsMonomorphic(maps)) {
7337 HandlePolymorphicNamedFieldAccess(access, expr, ast_id, return_id, object,
7342 HValue* checked_object;
7343 // Type::Number() is only supported by polymorphic load/call handling.
7344 DCHECK(!info.IsNumberType());
7345 BuildCheckHeapObject(object);
7346 if (AreStringTypes(maps)) {
7348 Add<HCheckInstanceType>(object, HCheckInstanceType::IS_STRING);
7350 checked_object = Add<HCheckMaps>(object, maps);
7352 return BuildMonomorphicAccess(
7353 &info, object, checked_object, value, ast_id, return_id);
7356 return BuildNamedGeneric(access, expr, object, name, value, is_uninitialized);
7360 void HOptimizedGraphBuilder::PushLoad(Property* expr,
7363 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
7365 if (key != NULL) Push(key);
7366 BuildLoad(expr, expr->LoadId());
7370 void HOptimizedGraphBuilder::BuildLoad(Property* expr,
7372 HInstruction* instr = NULL;
7373 if (expr->IsStringAccess()) {
7374 HValue* index = Pop();
7375 HValue* string = Pop();
7376 HInstruction* char_code = BuildStringCharCodeAt(string, index);
7377 AddInstruction(char_code);
7378 instr = NewUncasted<HStringCharFromCode>(char_code);
7380 } else if (expr->key()->IsPropertyName()) {
7381 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7382 HValue* object = Pop();
7384 instr = BuildNamedAccess(LOAD, ast_id, expr->LoadId(), expr,
7385 object, name, NULL, expr->IsUninitialized());
7386 if (instr == NULL) return;
7387 if (instr->IsLinked()) return ast_context()->ReturnValue(instr);
7390 HValue* key = Pop();
7391 HValue* obj = Pop();
7393 bool has_side_effects = false;
7394 HValue* load = HandleKeyedElementAccess(
7395 obj, key, NULL, expr, ast_id, expr->LoadId(), LOAD, &has_side_effects);
7396 if (has_side_effects) {
7397 if (ast_context()->IsEffect()) {
7398 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7401 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7405 if (load == NULL) return;
7406 return ast_context()->ReturnValue(load);
7408 return ast_context()->ReturnInstruction(instr, ast_id);
7412 void HOptimizedGraphBuilder::VisitProperty(Property* expr) {
7413 DCHECK(!HasStackOverflow());
7414 DCHECK(current_block() != NULL);
7415 DCHECK(current_block()->HasPredecessor());
7417 if (TryArgumentsAccess(expr)) return;
7419 CHECK_ALIVE(VisitForValue(expr->obj()));
7420 if (!expr->key()->IsPropertyName() || expr->IsStringAccess()) {
7421 CHECK_ALIVE(VisitForValue(expr->key()));
7424 BuildLoad(expr, expr->id());
7428 HInstruction* HGraphBuilder::BuildConstantMapCheck(Handle<JSObject> constant) {
7429 HCheckMaps* check = Add<HCheckMaps>(
7430 Add<HConstant>(constant), handle(constant->map()));
7431 check->ClearDependsOnFlag(kElementsKind);
7436 HInstruction* HGraphBuilder::BuildCheckPrototypeMaps(Handle<JSObject> prototype,
7437 Handle<JSObject> holder) {
7438 PrototypeIterator iter(isolate(), prototype,
7439 PrototypeIterator::START_AT_RECEIVER);
7440 while (holder.is_null() ||
7441 !PrototypeIterator::GetCurrent(iter).is_identical_to(holder)) {
7442 BuildConstantMapCheck(
7443 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7445 if (iter.IsAtEnd()) {
7449 return BuildConstantMapCheck(
7450 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7454 void HOptimizedGraphBuilder::AddCheckPrototypeMaps(Handle<JSObject> holder,
7455 Handle<Map> receiver_map) {
7456 if (!holder.is_null()) {
7457 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
7458 BuildCheckPrototypeMaps(prototype, holder);
7463 HInstruction* HOptimizedGraphBuilder::NewPlainFunctionCall(
7464 HValue* fun, int argument_count, bool pass_argument_count) {
7465 return New<HCallJSFunction>(fun, argument_count, pass_argument_count);
7469 HInstruction* HOptimizedGraphBuilder::NewArgumentAdaptorCall(
7470 HValue* fun, HValue* context,
7471 int argument_count, HValue* expected_param_count) {
7472 ArgumentAdaptorDescriptor descriptor(isolate());
7473 HValue* arity = Add<HConstant>(argument_count - 1);
7475 HValue* op_vals[] = { context, fun, arity, expected_param_count };
7477 Handle<Code> adaptor =
7478 isolate()->builtins()->ArgumentsAdaptorTrampoline();
7479 HConstant* adaptor_value = Add<HConstant>(adaptor);
7481 return New<HCallWithDescriptor>(
7482 adaptor_value, argument_count, descriptor,
7483 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
7487 HInstruction* HOptimizedGraphBuilder::BuildCallConstantFunction(
7488 Handle<JSFunction> jsfun, int argument_count) {
7489 HValue* target = Add<HConstant>(jsfun);
7490 // For constant functions, we try to avoid calling the
7491 // argument adaptor and instead call the function directly
7492 int formal_parameter_count =
7493 jsfun->shared()->internal_formal_parameter_count();
7494 bool dont_adapt_arguments =
7495 (formal_parameter_count ==
7496 SharedFunctionInfo::kDontAdaptArgumentsSentinel);
7497 int arity = argument_count - 1;
7498 bool can_invoke_directly =
7499 dont_adapt_arguments || formal_parameter_count == arity;
7500 if (can_invoke_directly) {
7501 if (jsfun.is_identical_to(current_info()->closure())) {
7502 graph()->MarkRecursive();
7504 return NewPlainFunctionCall(target, argument_count, dont_adapt_arguments);
7506 HValue* param_count_value = Add<HConstant>(formal_parameter_count);
7507 HValue* context = Add<HLoadNamedField>(
7508 target, nullptr, HObjectAccess::ForFunctionContextPointer());
7509 return NewArgumentAdaptorCall(target, context,
7510 argument_count, param_count_value);
7517 class FunctionSorter {
7519 explicit FunctionSorter(int index = 0, int ticks = 0, int size = 0)
7520 : index_(index), ticks_(ticks), size_(size) {}
7522 int index() const { return index_; }
7523 int ticks() const { return ticks_; }
7524 int size() const { return size_; }
7533 inline bool operator<(const FunctionSorter& lhs, const FunctionSorter& rhs) {
7534 int diff = lhs.ticks() - rhs.ticks();
7535 if (diff != 0) return diff > 0;
7536 return lhs.size() < rhs.size();
7540 void HOptimizedGraphBuilder::HandlePolymorphicCallNamed(Call* expr,
7543 Handle<String> name) {
7544 int argument_count = expr->arguments()->length() + 1; // Includes receiver.
7545 FunctionSorter order[kMaxCallPolymorphism];
7547 bool handle_smi = false;
7548 bool handled_string = false;
7549 int ordered_functions = 0;
7552 for (i = 0; i < maps->length() && ordered_functions < kMaxCallPolymorphism;
7554 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
7555 if (info.CanAccessMonomorphic() && info.IsDataConstant() &&
7556 info.constant()->IsJSFunction()) {
7557 if (info.IsStringType()) {
7558 if (handled_string) continue;
7559 handled_string = true;
7561 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
7562 if (info.IsNumberType()) {
7565 expr->set_target(target);
7566 order[ordered_functions++] = FunctionSorter(
7567 i, target->shared()->profiler_ticks(), InliningAstSize(target));
7571 std::sort(order, order + ordered_functions);
7573 if (i < maps->length()) {
7575 ordered_functions = -1;
7578 HBasicBlock* number_block = NULL;
7579 HBasicBlock* join = NULL;
7580 handled_string = false;
7583 for (int fn = 0; fn < ordered_functions; ++fn) {
7584 int i = order[fn].index();
7585 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
7586 if (info.IsStringType()) {
7587 if (handled_string) continue;
7588 handled_string = true;
7590 // Reloads the target.
7591 info.CanAccessMonomorphic();
7592 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
7594 expr->set_target(target);
7596 // Only needed once.
7597 join = graph()->CreateBasicBlock();
7599 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
7600 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
7601 number_block = graph()->CreateBasicBlock();
7602 FinishCurrentBlock(New<HIsSmiAndBranch>(
7603 receiver, empty_smi_block, not_smi_block));
7604 GotoNoSimulate(empty_smi_block, number_block);
7605 set_current_block(not_smi_block);
7607 BuildCheckHeapObject(receiver);
7611 HBasicBlock* if_true = graph()->CreateBasicBlock();
7612 HBasicBlock* if_false = graph()->CreateBasicBlock();
7613 HUnaryControlInstruction* compare;
7615 Handle<Map> map = info.map();
7616 if (info.IsNumberType()) {
7617 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
7618 compare = New<HCompareMap>(receiver, heap_number_map, if_true, if_false);
7619 } else if (info.IsStringType()) {
7620 compare = New<HIsStringAndBranch>(receiver, if_true, if_false);
7622 compare = New<HCompareMap>(receiver, map, if_true, if_false);
7624 FinishCurrentBlock(compare);
7626 if (info.IsNumberType()) {
7627 GotoNoSimulate(if_true, number_block);
7628 if_true = number_block;
7631 set_current_block(if_true);
7633 AddCheckPrototypeMaps(info.holder(), map);
7635 HValue* function = Add<HConstant>(expr->target());
7636 environment()->SetExpressionStackAt(0, function);
7638 CHECK_ALIVE(VisitExpressions(expr->arguments()));
7639 bool needs_wrapping = info.NeedsWrappingFor(target);
7640 bool try_inline = FLAG_polymorphic_inlining && !needs_wrapping;
7641 if (FLAG_trace_inlining && try_inline) {
7642 Handle<JSFunction> caller = current_info()->closure();
7643 SmartArrayPointer<char> caller_name =
7644 caller->shared()->DebugName()->ToCString();
7645 PrintF("Trying to inline the polymorphic call to %s from %s\n",
7646 name->ToCString().get(),
7649 if (try_inline && TryInlineCall(expr)) {
7650 // Trying to inline will signal that we should bailout from the
7651 // entire compilation by setting stack overflow on the visitor.
7652 if (HasStackOverflow()) return;
7654 // Since HWrapReceiver currently cannot actually wrap numbers and strings,
7655 // use the regular CallFunctionStub for method calls to wrap the receiver.
7656 // TODO(verwaest): Support creation of value wrappers directly in
7658 HInstruction* call = needs_wrapping
7659 ? NewUncasted<HCallFunction>(
7660 function, argument_count, WRAP_AND_CALL)
7661 : BuildCallConstantFunction(target, argument_count);
7662 PushArgumentsFromEnvironment(argument_count);
7663 AddInstruction(call);
7664 Drop(1); // Drop the function.
7665 if (!ast_context()->IsEffect()) Push(call);
7668 if (current_block() != NULL) Goto(join);
7669 set_current_block(if_false);
7672 // Finish up. Unconditionally deoptimize if we've handled all the maps we
7673 // know about and do not want to handle ones we've never seen. Otherwise
7674 // use a generic IC.
7675 if (ordered_functions == maps->length() && FLAG_deoptimize_uncommon_cases) {
7676 FinishExitWithHardDeoptimization(Deoptimizer::kUnknownMapInPolymorphicCall);
7678 Property* prop = expr->expression()->AsProperty();
7679 HInstruction* function = BuildNamedGeneric(
7680 LOAD, prop, receiver, name, NULL, prop->IsUninitialized());
7681 AddInstruction(function);
7683 AddSimulate(prop->LoadId(), REMOVABLE_SIMULATE);
7685 environment()->SetExpressionStackAt(1, function);
7686 environment()->SetExpressionStackAt(0, receiver);
7687 CHECK_ALIVE(VisitExpressions(expr->arguments()));
7689 CallFunctionFlags flags = receiver->type().IsJSObject()
7690 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
7691 HInstruction* call = New<HCallFunction>(
7692 function, argument_count, flags);
7694 PushArgumentsFromEnvironment(argument_count);
7696 Drop(1); // Function.
7699 AddInstruction(call);
7700 if (!ast_context()->IsEffect()) Push(call);
7703 return ast_context()->ReturnInstruction(call, expr->id());
7707 // We assume that control flow is always live after an expression. So
7708 // even without predecessors to the join block, we set it as the exit
7709 // block and continue by adding instructions there.
7710 DCHECK(join != NULL);
7711 if (join->HasPredecessor()) {
7712 set_current_block(join);
7713 join->SetJoinId(expr->id());
7714 if (!ast_context()->IsEffect()) return ast_context()->ReturnValue(Pop());
7716 set_current_block(NULL);
7721 void HOptimizedGraphBuilder::TraceInline(Handle<JSFunction> target,
7722 Handle<JSFunction> caller,
7723 const char* reason) {
7724 if (FLAG_trace_inlining) {
7725 SmartArrayPointer<char> target_name =
7726 target->shared()->DebugName()->ToCString();
7727 SmartArrayPointer<char> caller_name =
7728 caller->shared()->DebugName()->ToCString();
7729 if (reason == NULL) {
7730 PrintF("Inlined %s called from %s.\n", target_name.get(),
7733 PrintF("Did not inline %s called from %s (%s).\n",
7734 target_name.get(), caller_name.get(), reason);
7740 static const int kNotInlinable = 1000000000;
7743 int HOptimizedGraphBuilder::InliningAstSize(Handle<JSFunction> target) {
7744 if (!FLAG_use_inlining) return kNotInlinable;
7746 // Precondition: call is monomorphic and we have found a target with the
7747 // appropriate arity.
7748 Handle<JSFunction> caller = current_info()->closure();
7749 Handle<SharedFunctionInfo> target_shared(target->shared());
7751 // Always inline builtins marked for inlining.
7752 if (target->IsBuiltin()) {
7753 return target_shared->inline_builtin() ? 0 : kNotInlinable;
7756 if (target_shared->IsApiFunction()) {
7757 TraceInline(target, caller, "target is api function");
7758 return kNotInlinable;
7761 // Do a quick check on source code length to avoid parsing large
7762 // inlining candidates.
7763 if (target_shared->SourceSize() >
7764 Min(FLAG_max_inlined_source_size, kUnlimitedMaxInlinedSourceSize)) {
7765 TraceInline(target, caller, "target text too big");
7766 return kNotInlinable;
7769 // Target must be inlineable.
7770 if (!target_shared->IsInlineable()) {
7771 TraceInline(target, caller, "target not inlineable");
7772 return kNotInlinable;
7774 if (target_shared->disable_optimization_reason() != kNoReason) {
7775 TraceInline(target, caller, "target contains unsupported syntax [early]");
7776 return kNotInlinable;
7779 int nodes_added = target_shared->ast_node_count();
7784 bool HOptimizedGraphBuilder::TryInline(Handle<JSFunction> target,
7785 int arguments_count,
7786 HValue* implicit_return_value,
7787 BailoutId ast_id, BailoutId return_id,
7788 InliningKind inlining_kind,
7789 SourcePosition position) {
7790 int nodes_added = InliningAstSize(target);
7791 if (nodes_added == kNotInlinable) return false;
7793 Handle<JSFunction> caller = current_info()->closure();
7795 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
7796 TraceInline(target, caller, "target AST is too large [early]");
7800 // Don't inline deeper than the maximum number of inlining levels.
7801 HEnvironment* env = environment();
7802 int current_level = 1;
7803 while (env->outer() != NULL) {
7804 if (current_level == FLAG_max_inlining_levels) {
7805 TraceInline(target, caller, "inline depth limit reached");
7808 if (env->outer()->frame_type() == JS_FUNCTION) {
7814 // Don't inline recursive functions.
7815 for (FunctionState* state = function_state();
7817 state = state->outer()) {
7818 if (*state->compilation_info()->closure() == *target) {
7819 TraceInline(target, caller, "target is recursive");
7824 // We don't want to add more than a certain number of nodes from inlining.
7825 // Always inline small methods (<= 10 nodes).
7826 if (inlined_count_ > Min(FLAG_max_inlined_nodes_cumulative,
7827 kUnlimitedMaxInlinedNodesCumulative)) {
7828 TraceInline(target, caller, "cumulative AST node limit reached");
7832 // Parse and allocate variables.
7833 CompilationInfo target_info(target, zone());
7834 // Use the same AstValueFactory for creating strings in the sub-compilation
7835 // step, but don't transfer ownership to target_info.
7836 target_info.SetAstValueFactory(top_info()->ast_value_factory(), false);
7837 Handle<SharedFunctionInfo> target_shared(target->shared());
7838 if (!Compiler::ParseAndAnalyze(&target_info)) {
7839 if (target_info.isolate()->has_pending_exception()) {
7840 // Parse or scope error, never optimize this function.
7842 target_shared->DisableOptimization(kParseScopeError);
7844 TraceInline(target, caller, "parse failure");
7848 if (target_info.scope()->num_heap_slots() > 0) {
7849 TraceInline(target, caller, "target has context-allocated variables");
7852 FunctionLiteral* function = target_info.function();
7854 // The following conditions must be checked again after re-parsing, because
7855 // earlier the information might not have been complete due to lazy parsing.
7856 nodes_added = function->ast_node_count();
7857 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
7858 TraceInline(target, caller, "target AST is too large [late]");
7861 if (function->dont_optimize()) {
7862 TraceInline(target, caller, "target contains unsupported syntax [late]");
7866 // If the function uses the arguments object check that inlining of functions
7867 // with arguments object is enabled and the arguments-variable is
7869 if (function->scope()->arguments() != NULL) {
7870 if (!FLAG_inline_arguments) {
7871 TraceInline(target, caller, "target uses arguments object");
7876 // All declarations must be inlineable.
7877 ZoneList<Declaration*>* decls = target_info.scope()->declarations();
7878 int decl_count = decls->length();
7879 for (int i = 0; i < decl_count; ++i) {
7880 if (!decls->at(i)->IsInlineable()) {
7881 TraceInline(target, caller, "target has non-trivial declaration");
7886 // Generate the deoptimization data for the unoptimized version of
7887 // the target function if we don't already have it.
7888 if (!Compiler::EnsureDeoptimizationSupport(&target_info)) {
7889 TraceInline(target, caller, "could not generate deoptimization info");
7893 // ----------------------------------------------------------------
7894 // After this point, we've made a decision to inline this function (so
7895 // TryInline should always return true).
7897 // Type-check the inlined function.
7898 DCHECK(target_shared->has_deoptimization_support());
7899 AstTyper::Run(&target_info);
7901 int function_id = top_info()->TraceInlinedFunction(target_shared, position);
7903 // Save the pending call context. Set up new one for the inlined function.
7904 // The function state is new-allocated because we need to delete it
7905 // in two different places.
7906 FunctionState* target_state = new FunctionState(
7907 this, &target_info, inlining_kind, function_id);
7909 HConstant* undefined = graph()->GetConstantUndefined();
7911 HEnvironment* inner_env =
7912 environment()->CopyForInlining(target,
7916 function_state()->inlining_kind());
7918 HConstant* context = Add<HConstant>(Handle<Context>(target->context()));
7919 inner_env->BindContext(context);
7921 // Create a dematerialized arguments object for the function, also copy the
7922 // current arguments values to use them for materialization.
7923 HEnvironment* arguments_env = inner_env->arguments_environment();
7924 int parameter_count = arguments_env->parameter_count();
7925 HArgumentsObject* arguments_object = Add<HArgumentsObject>(parameter_count);
7926 for (int i = 0; i < parameter_count; i++) {
7927 arguments_object->AddArgument(arguments_env->Lookup(i), zone());
7930 // If the function uses arguments object then bind bind one.
7931 if (function->scope()->arguments() != NULL) {
7932 DCHECK(function->scope()->arguments()->IsStackAllocated());
7933 inner_env->Bind(function->scope()->arguments(), arguments_object);
7936 // Capture the state before invoking the inlined function for deopt in the
7937 // inlined function. This simulate has no bailout-id since it's not directly
7938 // reachable for deopt, and is only used to capture the state. If the simulate
7939 // becomes reachable by merging, the ast id of the simulate merged into it is
7941 Add<HSimulate>(BailoutId::None());
7943 current_block()->UpdateEnvironment(inner_env);
7944 Scope* saved_scope = scope();
7945 set_scope(target_info.scope());
7946 HEnterInlined* enter_inlined =
7947 Add<HEnterInlined>(return_id, target, context, arguments_count, function,
7948 function_state()->inlining_kind(),
7949 function->scope()->arguments(), arguments_object);
7950 function_state()->set_entry(enter_inlined);
7952 VisitDeclarations(target_info.scope()->declarations());
7953 VisitStatements(function->body());
7954 set_scope(saved_scope);
7955 if (HasStackOverflow()) {
7956 // Bail out if the inline function did, as we cannot residualize a call
7957 // instead, but do not disable optimization for the outer function.
7958 TraceInline(target, caller, "inline graph construction failed");
7959 target_shared->DisableOptimization(kInliningBailedOut);
7960 current_info()->RetryOptimization(kInliningBailedOut);
7961 delete target_state;
7965 // Update inlined nodes count.
7966 inlined_count_ += nodes_added;
7968 Handle<Code> unoptimized_code(target_shared->code());
7969 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
7970 Handle<TypeFeedbackInfo> type_info(
7971 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
7972 graph()->update_type_change_checksum(type_info->own_type_change_checksum());
7974 TraceInline(target, caller, NULL);
7976 if (current_block() != NULL) {
7977 FunctionState* state = function_state();
7978 if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
7979 // Falling off the end of an inlined construct call. In a test context the
7980 // return value will always evaluate to true, in a value context the
7981 // return value is the newly allocated receiver.
7982 if (call_context()->IsTest()) {
7983 Goto(inlined_test_context()->if_true(), state);
7984 } else if (call_context()->IsEffect()) {
7985 Goto(function_return(), state);
7987 DCHECK(call_context()->IsValue());
7988 AddLeaveInlined(implicit_return_value, state);
7990 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
7991 // Falling off the end of an inlined setter call. The returned value is
7992 // never used, the value of an assignment is always the value of the RHS
7993 // of the assignment.
7994 if (call_context()->IsTest()) {
7995 inlined_test_context()->ReturnValue(implicit_return_value);
7996 } else if (call_context()->IsEffect()) {
7997 Goto(function_return(), state);
7999 DCHECK(call_context()->IsValue());
8000 AddLeaveInlined(implicit_return_value, state);
8003 // Falling off the end of a normal inlined function. This basically means
8004 // returning undefined.
8005 if (call_context()->IsTest()) {
8006 Goto(inlined_test_context()->if_false(), state);
8007 } else if (call_context()->IsEffect()) {
8008 Goto(function_return(), state);
8010 DCHECK(call_context()->IsValue());
8011 AddLeaveInlined(undefined, state);
8016 // Fix up the function exits.
8017 if (inlined_test_context() != NULL) {
8018 HBasicBlock* if_true = inlined_test_context()->if_true();
8019 HBasicBlock* if_false = inlined_test_context()->if_false();
8021 HEnterInlined* entry = function_state()->entry();
8023 // Pop the return test context from the expression context stack.
8024 DCHECK(ast_context() == inlined_test_context());
8025 ClearInlinedTestContext();
8026 delete target_state;
8028 // Forward to the real test context.
8029 if (if_true->HasPredecessor()) {
8030 entry->RegisterReturnTarget(if_true, zone());
8031 if_true->SetJoinId(ast_id);
8032 HBasicBlock* true_target = TestContext::cast(ast_context())->if_true();
8033 Goto(if_true, true_target, function_state());
8035 if (if_false->HasPredecessor()) {
8036 entry->RegisterReturnTarget(if_false, zone());
8037 if_false->SetJoinId(ast_id);
8038 HBasicBlock* false_target = TestContext::cast(ast_context())->if_false();
8039 Goto(if_false, false_target, function_state());
8041 set_current_block(NULL);
8044 } else if (function_return()->HasPredecessor()) {
8045 function_state()->entry()->RegisterReturnTarget(function_return(), zone());
8046 function_return()->SetJoinId(ast_id);
8047 set_current_block(function_return());
8049 set_current_block(NULL);
8051 delete target_state;
8056 bool HOptimizedGraphBuilder::TryInlineCall(Call* expr) {
8057 return TryInline(expr->target(),
8058 expr->arguments()->length(),
8063 ScriptPositionToSourcePosition(expr->position()));
8067 bool HOptimizedGraphBuilder::TryInlineConstruct(CallNew* expr,
8068 HValue* implicit_return_value) {
8069 return TryInline(expr->target(),
8070 expr->arguments()->length(),
8071 implicit_return_value,
8074 CONSTRUCT_CALL_RETURN,
8075 ScriptPositionToSourcePosition(expr->position()));
8079 bool HOptimizedGraphBuilder::TryInlineGetter(Handle<JSFunction> getter,
8080 Handle<Map> receiver_map,
8082 BailoutId return_id) {
8083 if (TryInlineApiGetter(getter, receiver_map, ast_id)) return true;
8084 return TryInline(getter,
8094 bool HOptimizedGraphBuilder::TryInlineSetter(Handle<JSFunction> setter,
8095 Handle<Map> receiver_map,
8097 BailoutId assignment_id,
8098 HValue* implicit_return_value) {
8099 if (TryInlineApiSetter(setter, receiver_map, id)) return true;
8100 return TryInline(setter,
8102 implicit_return_value,
8109 bool HOptimizedGraphBuilder::TryInlineIndirectCall(Handle<JSFunction> function,
8111 int arguments_count) {
8112 return TryInline(function,
8118 ScriptPositionToSourcePosition(expr->position()));
8122 bool HOptimizedGraphBuilder::TryInlineBuiltinFunctionCall(Call* expr) {
8123 if (!expr->target()->shared()->HasBuiltinFunctionId()) return false;
8124 BuiltinFunctionId id = expr->target()->shared()->builtin_function_id();
8127 if (!FLAG_fast_math) break;
8128 // Fall through if FLAG_fast_math.
8136 if (expr->arguments()->length() == 1) {
8137 HValue* argument = Pop();
8138 Drop(2); // Receiver and function.
8139 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8140 ast_context()->ReturnInstruction(op, expr->id());
8145 if (expr->arguments()->length() == 2) {
8146 HValue* right = Pop();
8147 HValue* left = Pop();
8148 Drop(2); // Receiver and function.
8150 HMul::NewImul(isolate(), zone(), context(), left, right);
8151 ast_context()->ReturnInstruction(op, expr->id());
8156 // Not supported for inlining yet.
8164 bool HOptimizedGraphBuilder::IsReadOnlyLengthDescriptor(
8165 Handle<Map> jsarray_map) {
8166 DCHECK(!jsarray_map->is_dictionary_map());
8167 LookupResult lookup;
8168 Isolate* isolate = jsarray_map->GetIsolate();
8169 Handle<Name> length_string = isolate->factory()->length_string();
8170 lookup.LookupDescriptor(*jsarray_map, *length_string);
8171 return lookup.IsReadOnly();
8176 bool HOptimizedGraphBuilder::CanInlineArrayResizeOperation(
8177 Handle<Map> receiver_map) {
8178 return !receiver_map.is_null() &&
8179 receiver_map->instance_type() == JS_ARRAY_TYPE &&
8180 IsFastElementsKind(receiver_map->elements_kind()) &&
8181 !receiver_map->is_dictionary_map() &&
8182 !IsReadOnlyLengthDescriptor(receiver_map) &&
8183 !receiver_map->is_observed() && receiver_map->is_extensible();
8187 bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
8188 Call* expr, Handle<JSFunction> function, Handle<Map> receiver_map,
8189 int args_count_no_receiver) {
8190 if (!function->shared()->HasBuiltinFunctionId()) return false;
8191 BuiltinFunctionId id = function->shared()->builtin_function_id();
8192 int argument_count = args_count_no_receiver + 1; // Plus receiver.
8194 if (receiver_map.is_null()) {
8195 HValue* receiver = environment()->ExpressionStackAt(args_count_no_receiver);
8196 if (receiver->IsConstant() &&
8197 HConstant::cast(receiver)->handle(isolate())->IsHeapObject()) {
8199 handle(Handle<HeapObject>::cast(
8200 HConstant::cast(receiver)->handle(isolate()))->map());
8203 // Try to inline calls like Math.* as operations in the calling function.
8205 case kStringCharCodeAt:
8207 if (argument_count == 2) {
8208 HValue* index = Pop();
8209 HValue* string = Pop();
8210 Drop(1); // Function.
8211 HInstruction* char_code =
8212 BuildStringCharCodeAt(string, index);
8213 if (id == kStringCharCodeAt) {
8214 ast_context()->ReturnInstruction(char_code, expr->id());
8217 AddInstruction(char_code);
8218 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
8219 ast_context()->ReturnInstruction(result, expr->id());
8223 case kStringFromCharCode:
8224 if (argument_count == 2) {
8225 HValue* argument = Pop();
8226 Drop(2); // Receiver and function.
8227 HInstruction* result = NewUncasted<HStringCharFromCode>(argument);
8228 ast_context()->ReturnInstruction(result, expr->id());
8233 if (!FLAG_fast_math) break;
8234 // Fall through if FLAG_fast_math.
8242 if (argument_count == 2) {
8243 HValue* argument = Pop();
8244 Drop(2); // Receiver and function.
8245 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8246 ast_context()->ReturnInstruction(op, expr->id());
8251 if (argument_count == 3) {
8252 HValue* right = Pop();
8253 HValue* left = Pop();
8254 Drop(2); // Receiver and function.
8255 HInstruction* result = NULL;
8256 // Use sqrt() if exponent is 0.5 or -0.5.
8257 if (right->IsConstant() && HConstant::cast(right)->HasDoubleValue()) {
8258 double exponent = HConstant::cast(right)->DoubleValue();
8259 if (exponent == 0.5) {
8260 result = NewUncasted<HUnaryMathOperation>(left, kMathPowHalf);
8261 } else if (exponent == -0.5) {
8262 HValue* one = graph()->GetConstant1();
8263 HInstruction* sqrt = AddUncasted<HUnaryMathOperation>(
8264 left, kMathPowHalf);
8265 // MathPowHalf doesn't have side effects so there's no need for
8266 // an environment simulation here.
8267 DCHECK(!sqrt->HasObservableSideEffects());
8268 result = NewUncasted<HDiv>(one, sqrt);
8269 } else if (exponent == 2.0) {
8270 result = NewUncasted<HMul>(left, left);
8274 if (result == NULL) {
8275 result = NewUncasted<HPower>(left, right);
8277 ast_context()->ReturnInstruction(result, expr->id());
8283 if (argument_count == 3) {
8284 HValue* right = Pop();
8285 HValue* left = Pop();
8286 Drop(2); // Receiver and function.
8287 HMathMinMax::Operation op = (id == kMathMin) ? HMathMinMax::kMathMin
8288 : HMathMinMax::kMathMax;
8289 HInstruction* result = NewUncasted<HMathMinMax>(left, right, op);
8290 ast_context()->ReturnInstruction(result, expr->id());
8295 if (argument_count == 3) {
8296 HValue* right = Pop();
8297 HValue* left = Pop();
8298 Drop(2); // Receiver and function.
8299 HInstruction* result =
8300 HMul::NewImul(isolate(), zone(), context(), left, right);
8301 ast_context()->ReturnInstruction(result, expr->id());
8306 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8307 ElementsKind elements_kind = receiver_map->elements_kind();
8309 Drop(args_count_no_receiver);
8311 HValue* reduced_length;
8312 HValue* receiver = Pop();
8314 HValue* checked_object = AddCheckMap(receiver, receiver_map);
8316 Add<HLoadNamedField>(checked_object, nullptr,
8317 HObjectAccess::ForArrayLength(elements_kind));
8319 Drop(1); // Function.
8321 { NoObservableSideEffectsScope scope(this);
8322 IfBuilder length_checker(this);
8324 HValue* bounds_check = length_checker.If<HCompareNumericAndBranch>(
8325 length, graph()->GetConstant0(), Token::EQ);
8326 length_checker.Then();
8328 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8330 length_checker.Else();
8331 HValue* elements = AddLoadElements(checked_object);
8332 // Ensure that we aren't popping from a copy-on-write array.
8333 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8334 elements = BuildCopyElementsOnWrite(checked_object, elements,
8335 elements_kind, length);
8337 reduced_length = AddUncasted<HSub>(length, graph()->GetConstant1());
8338 result = AddElementAccess(elements, reduced_length, NULL,
8339 bounds_check, elements_kind, LOAD);
8340 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
8341 ? graph()->GetConstantHole()
8342 : Add<HConstant>(HConstant::kHoleNaN);
8343 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8344 elements_kind = FAST_HOLEY_ELEMENTS;
8347 elements, reduced_length, hole, bounds_check, elements_kind, STORE);
8348 Add<HStoreNamedField>(
8349 checked_object, HObjectAccess::ForArrayLength(elements_kind),
8350 reduced_length, STORE_TO_INITIALIZED_ENTRY);
8352 if (!ast_context()->IsEffect()) Push(result);
8354 length_checker.End();
8356 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8357 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8358 if (!ast_context()->IsEffect()) Drop(1);
8360 ast_context()->ReturnValue(result);
8364 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8365 ElementsKind elements_kind = receiver_map->elements_kind();
8367 // If there may be elements accessors in the prototype chain, the fast
8368 // inlined version can't be used.
8369 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8370 // If there currently can be no elements accessors on the prototype chain,
8371 // it doesn't mean that there won't be any later. Install a full prototype
8372 // chain check to trap element accessors being installed on the prototype
8373 // chain, which would cause elements to go to dictionary mode and result
8375 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
8376 BuildCheckPrototypeMaps(prototype, Handle<JSObject>());
8378 const int argc = args_count_no_receiver;
8379 if (argc != 1) return false;
8381 HValue* value_to_push = Pop();
8382 HValue* array = Pop();
8383 Drop(1); // Drop function.
8385 HInstruction* new_size = NULL;
8386 HValue* length = NULL;
8389 NoObservableSideEffectsScope scope(this);
8391 length = Add<HLoadNamedField>(
8392 array, nullptr, HObjectAccess::ForArrayLength(elements_kind));
8394 new_size = AddUncasted<HAdd>(length, graph()->GetConstant1());
8396 bool is_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
8397 HValue* checked_array = Add<HCheckMaps>(array, receiver_map);
8398 BuildUncheckedMonomorphicElementAccess(
8399 checked_array, length, value_to_push, is_array, elements_kind,
8400 STORE, NEVER_RETURN_HOLE, STORE_AND_GROW_NO_TRANSITION);
8402 if (!ast_context()->IsEffect()) Push(new_size);
8403 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8404 if (!ast_context()->IsEffect()) Drop(1);
8407 ast_context()->ReturnValue(new_size);
8411 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8412 ElementsKind kind = receiver_map->elements_kind();
8414 // If there may be elements accessors in the prototype chain, the fast
8415 // inlined version can't be used.
8416 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8418 // If there currently can be no elements accessors on the prototype chain,
8419 // it doesn't mean that there won't be any later. Install a full prototype
8420 // chain check to trap element accessors being installed on the prototype
8421 // chain, which would cause elements to go to dictionary mode and result
8423 BuildCheckPrototypeMaps(
8424 handle(JSObject::cast(receiver_map->prototype()), isolate()),
8425 Handle<JSObject>::null());
8427 // Threshold for fast inlined Array.shift().
8428 HConstant* inline_threshold = Add<HConstant>(static_cast<int32_t>(16));
8430 Drop(args_count_no_receiver);
8431 HValue* receiver = Pop();
8432 HValue* function = Pop();
8436 NoObservableSideEffectsScope scope(this);
8438 HValue* length = Add<HLoadNamedField>(
8439 receiver, nullptr, HObjectAccess::ForArrayLength(kind));
8441 IfBuilder if_lengthiszero(this);
8442 HValue* lengthiszero = if_lengthiszero.If<HCompareNumericAndBranch>(
8443 length, graph()->GetConstant0(), Token::EQ);
8444 if_lengthiszero.Then();
8446 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8448 if_lengthiszero.Else();
8450 HValue* elements = AddLoadElements(receiver);
8452 // Check if we can use the fast inlined Array.shift().
8453 IfBuilder if_inline(this);
8454 if_inline.If<HCompareNumericAndBranch>(
8455 length, inline_threshold, Token::LTE);
8456 if (IsFastSmiOrObjectElementsKind(kind)) {
8457 // We cannot handle copy-on-write backing stores here.
8458 if_inline.AndIf<HCompareMap>(
8459 elements, isolate()->factory()->fixed_array_map());
8463 // Remember the result.
8464 if (!ast_context()->IsEffect()) {
8465 Push(AddElementAccess(elements, graph()->GetConstant0(), NULL,
8466 lengthiszero, kind, LOAD));
8469 // Compute the new length.
8470 HValue* new_length = AddUncasted<HSub>(
8471 length, graph()->GetConstant1());
8472 new_length->ClearFlag(HValue::kCanOverflow);
8474 // Copy the remaining elements.
8475 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
8477 HValue* new_key = loop.BeginBody(
8478 graph()->GetConstant0(), new_length, Token::LT);
8479 HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1());
8480 key->ClearFlag(HValue::kCanOverflow);
8481 ElementsKind copy_kind =
8482 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
8483 HValue* element = AddUncasted<HLoadKeyed>(
8484 elements, key, lengthiszero, copy_kind, ALLOW_RETURN_HOLE);
8485 HStoreKeyed* store =
8486 Add<HStoreKeyed>(elements, new_key, element, copy_kind);
8487 store->SetFlag(HValue::kAllowUndefinedAsNaN);
8491 // Put a hole at the end.
8492 HValue* hole = IsFastSmiOrObjectElementsKind(kind)
8493 ? graph()->GetConstantHole()
8494 : Add<HConstant>(HConstant::kHoleNaN);
8495 if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS;
8497 elements, new_length, hole, kind, INITIALIZING_STORE);
8499 // Remember new length.
8500 Add<HStoreNamedField>(
8501 receiver, HObjectAccess::ForArrayLength(kind),
8502 new_length, STORE_TO_INITIALIZED_ENTRY);
8506 Add<HPushArguments>(receiver);
8507 result = Add<HCallJSFunction>(function, 1, true);
8508 if (!ast_context()->IsEffect()) Push(result);
8512 if_lengthiszero.End();
8514 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8515 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8516 if (!ast_context()->IsEffect()) Drop(1);
8517 ast_context()->ReturnValue(result);
8521 case kArrayLastIndexOf: {
8522 if (receiver_map.is_null()) return false;
8523 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
8524 ElementsKind kind = receiver_map->elements_kind();
8525 if (!IsFastElementsKind(kind)) return false;
8526 if (receiver_map->is_observed()) return false;
8527 if (argument_count != 2) return false;
8528 if (!receiver_map->is_extensible()) return false;
8530 // If there may be elements accessors in the prototype chain, the fast
8531 // inlined version can't be used.
8532 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8534 // If there currently can be no elements accessors on the prototype chain,
8535 // it doesn't mean that there won't be any later. Install a full prototype
8536 // chain check to trap element accessors being installed on the prototype
8537 // chain, which would cause elements to go to dictionary mode and result
8539 BuildCheckPrototypeMaps(
8540 handle(JSObject::cast(receiver_map->prototype()), isolate()),
8541 Handle<JSObject>::null());
8543 HValue* search_element = Pop();
8544 HValue* receiver = Pop();
8545 Drop(1); // Drop function.
8547 ArrayIndexOfMode mode = (id == kArrayIndexOf)
8548 ? kFirstIndexOf : kLastIndexOf;
8549 HValue* index = BuildArrayIndexOf(receiver, search_element, kind, mode);
8551 if (!ast_context()->IsEffect()) Push(index);
8552 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8553 if (!ast_context()->IsEffect()) Drop(1);
8554 ast_context()->ReturnValue(index);
8558 // Not yet supported for inlining.
8565 bool HOptimizedGraphBuilder::TryInlineApiFunctionCall(Call* expr,
8567 Handle<JSFunction> function = expr->target();
8568 int argc = expr->arguments()->length();
8569 SmallMapList receiver_maps;
8570 return TryInlineApiCall(function,
8579 bool HOptimizedGraphBuilder::TryInlineApiMethodCall(
8582 SmallMapList* receiver_maps) {
8583 Handle<JSFunction> function = expr->target();
8584 int argc = expr->arguments()->length();
8585 return TryInlineApiCall(function,
8594 bool HOptimizedGraphBuilder::TryInlineApiGetter(Handle<JSFunction> function,
8595 Handle<Map> receiver_map,
8597 SmallMapList receiver_maps(1, zone());
8598 receiver_maps.Add(receiver_map, zone());
8599 return TryInlineApiCall(function,
8600 NULL, // Receiver is on expression stack.
8608 bool HOptimizedGraphBuilder::TryInlineApiSetter(Handle<JSFunction> function,
8609 Handle<Map> receiver_map,
8611 SmallMapList receiver_maps(1, zone());
8612 receiver_maps.Add(receiver_map, zone());
8613 return TryInlineApiCall(function,
8614 NULL, // Receiver is on expression stack.
8622 bool HOptimizedGraphBuilder::TryInlineApiCall(Handle<JSFunction> function,
8624 SmallMapList* receiver_maps,
8627 ApiCallType call_type) {
8628 CallOptimization optimization(function);
8629 if (!optimization.is_simple_api_call()) return false;
8630 Handle<Map> holder_map;
8631 if (call_type == kCallApiFunction) {
8632 // Cannot embed a direct reference to the global proxy map
8633 // as it maybe dropped on deserialization.
8634 CHECK(!isolate()->serializer_enabled());
8635 DCHECK_EQ(0, receiver_maps->length());
8636 receiver_maps->Add(handle(function->global_proxy()->map()), zone());
8638 CallOptimization::HolderLookup holder_lookup =
8639 CallOptimization::kHolderNotFound;
8640 Handle<JSObject> api_holder = optimization.LookupHolderOfExpectedType(
8641 receiver_maps->first(), &holder_lookup);
8642 if (holder_lookup == CallOptimization::kHolderNotFound) return false;
8644 if (FLAG_trace_inlining) {
8645 PrintF("Inlining api function ");
8646 function->ShortPrint();
8650 bool is_function = false;
8651 bool is_store = false;
8652 switch (call_type) {
8653 case kCallApiFunction:
8654 case kCallApiMethod:
8655 // Need to check that none of the receiver maps could have changed.
8656 Add<HCheckMaps>(receiver, receiver_maps);
8657 // Need to ensure the chain between receiver and api_holder is intact.
8658 if (holder_lookup == CallOptimization::kHolderFound) {
8659 AddCheckPrototypeMaps(api_holder, receiver_maps->first());
8661 DCHECK_EQ(holder_lookup, CallOptimization::kHolderIsReceiver);
8663 // Includes receiver.
8664 PushArgumentsFromEnvironment(argc + 1);
8667 case kCallApiGetter:
8668 // Receiver and prototype chain cannot have changed.
8670 DCHECK_NULL(receiver);
8671 // Receiver is on expression stack.
8673 Add<HPushArguments>(receiver);
8675 case kCallApiSetter:
8678 // Receiver and prototype chain cannot have changed.
8680 DCHECK_NULL(receiver);
8681 // Receiver and value are on expression stack.
8682 HValue* value = Pop();
8684 Add<HPushArguments>(receiver, value);
8689 HValue* holder = NULL;
8690 switch (holder_lookup) {
8691 case CallOptimization::kHolderFound:
8692 holder = Add<HConstant>(api_holder);
8694 case CallOptimization::kHolderIsReceiver:
8697 case CallOptimization::kHolderNotFound:
8701 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
8702 Handle<Object> call_data_obj(api_call_info->data(), isolate());
8703 bool call_data_undefined = call_data_obj->IsUndefined();
8704 HValue* call_data = Add<HConstant>(call_data_obj);
8705 ApiFunction fun(v8::ToCData<Address>(api_call_info->callback()));
8706 ExternalReference ref = ExternalReference(&fun,
8707 ExternalReference::DIRECT_API_CALL,
8709 HValue* api_function_address = Add<HConstant>(ExternalReference(ref));
8711 HValue* op_vals[] = {context(), Add<HConstant>(function), call_data, holder,
8712 api_function_address, nullptr};
8714 HInstruction* call = nullptr;
8716 CallApiAccessorStub stub(isolate(), is_store, call_data_undefined);
8717 Handle<Code> code = stub.GetCode();
8718 HConstant* code_value = Add<HConstant>(code);
8719 ApiAccessorDescriptor descriptor(isolate());
8720 DCHECK(arraysize(op_vals) - 1 == descriptor.GetEnvironmentLength());
8721 call = New<HCallWithDescriptor>(
8722 code_value, argc + 1, descriptor,
8723 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8724 } else if (argc <= CallApiFunctionWithFixedArgsStub::kMaxFixedArgs) {
8725 CallApiFunctionWithFixedArgsStub stub(isolate(), argc, call_data_undefined);
8726 Handle<Code> code = stub.GetCode();
8727 HConstant* code_value = Add<HConstant>(code);
8728 ApiFunctionWithFixedArgsDescriptor descriptor(isolate());
8729 DCHECK(arraysize(op_vals) - 1 == descriptor.GetEnvironmentLength());
8730 call = New<HCallWithDescriptor>(
8731 code_value, argc + 1, descriptor,
8732 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8733 Drop(1); // Drop function.
8735 op_vals[arraysize(op_vals) - 1] = Add<HConstant>(argc);
8736 CallApiFunctionStub stub(isolate(), call_data_undefined);
8737 Handle<Code> code = stub.GetCode();
8738 HConstant* code_value = Add<HConstant>(code);
8739 ApiFunctionDescriptor descriptor(isolate());
8740 DCHECK(arraysize(op_vals) == descriptor.GetEnvironmentLength());
8741 call = New<HCallWithDescriptor>(
8742 code_value, argc + 1, descriptor,
8743 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8744 Drop(1); // Drop function.
8747 ast_context()->ReturnInstruction(call, ast_id);
8752 void HOptimizedGraphBuilder::HandleIndirectCall(Call* expr, HValue* function,
8753 int arguments_count) {
8754 Handle<JSFunction> known_function;
8755 int args_count_no_receiver = arguments_count - 1;
8756 if (function->IsConstant() &&
8757 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
8759 Handle<JSFunction>::cast(HConstant::cast(function)->handle(isolate()));
8760 if (TryInlineBuiltinMethodCall(expr, known_function, Handle<Map>(),
8761 args_count_no_receiver)) {
8762 if (FLAG_trace_inlining) {
8763 PrintF("Inlining builtin ");
8764 known_function->ShortPrint();
8770 if (TryInlineIndirectCall(known_function, expr, args_count_no_receiver)) {
8775 PushArgumentsFromEnvironment(arguments_count);
8776 HInvokeFunction* call =
8777 New<HInvokeFunction>(function, known_function, arguments_count);
8778 Drop(1); // Function
8779 ast_context()->ReturnInstruction(call, expr->id());
8783 bool HOptimizedGraphBuilder::TryIndirectCall(Call* expr) {
8784 DCHECK(expr->expression()->IsProperty());
8786 if (!expr->IsMonomorphic()) {
8789 Handle<Map> function_map = expr->GetReceiverTypes()->first();
8790 if (function_map->instance_type() != JS_FUNCTION_TYPE ||
8791 !expr->target()->shared()->HasBuiltinFunctionId()) {
8795 switch (expr->target()->shared()->builtin_function_id()) {
8796 case kFunctionCall: {
8797 if (expr->arguments()->length() == 0) return false;
8798 BuildFunctionCall(expr);
8801 case kFunctionApply: {
8802 // For .apply, only the pattern f.apply(receiver, arguments)
8804 if (current_info()->scope()->arguments() == NULL) return false;
8806 if (!CanBeFunctionApplyArguments(expr)) return false;
8808 BuildFunctionApply(expr);
8811 default: { return false; }
8817 void HOptimizedGraphBuilder::BuildFunctionApply(Call* expr) {
8818 ZoneList<Expression*>* args = expr->arguments();
8819 CHECK_ALIVE(VisitForValue(args->at(0)));
8820 HValue* receiver = Pop(); // receiver
8821 HValue* function = Pop(); // f
8824 Handle<Map> function_map = expr->GetReceiverTypes()->first();
8825 HValue* checked_function = AddCheckMap(function, function_map);
8827 if (function_state()->outer() == NULL) {
8828 HInstruction* elements = Add<HArgumentsElements>(false);
8829 HInstruction* length = Add<HArgumentsLength>(elements);
8830 HValue* wrapped_receiver = BuildWrapReceiver(receiver, checked_function);
8831 HInstruction* result = New<HApplyArguments>(function,
8835 ast_context()->ReturnInstruction(result, expr->id());
8837 // We are inside inlined function and we know exactly what is inside
8838 // arguments object. But we need to be able to materialize at deopt.
8839 DCHECK_EQ(environment()->arguments_environment()->parameter_count(),
8840 function_state()->entry()->arguments_object()->arguments_count());
8841 HArgumentsObject* args = function_state()->entry()->arguments_object();
8842 const ZoneList<HValue*>* arguments_values = args->arguments_values();
8843 int arguments_count = arguments_values->length();
8845 Push(BuildWrapReceiver(receiver, checked_function));
8846 for (int i = 1; i < arguments_count; i++) {
8847 Push(arguments_values->at(i));
8849 HandleIndirectCall(expr, function, arguments_count);
8855 void HOptimizedGraphBuilder::BuildFunctionCall(Call* expr) {
8856 HValue* function = Top(); // f
8857 Handle<Map> function_map = expr->GetReceiverTypes()->first();
8858 HValue* checked_function = AddCheckMap(function, function_map);
8860 // f and call are on the stack in the unoptimized code
8861 // during evaluation of the arguments.
8862 CHECK_ALIVE(VisitExpressions(expr->arguments()));
8864 int args_length = expr->arguments()->length();
8865 int receiver_index = args_length - 1;
8866 // Patch the receiver.
8867 HValue* receiver = BuildWrapReceiver(
8868 environment()->ExpressionStackAt(receiver_index), checked_function);
8869 environment()->SetExpressionStackAt(receiver_index, receiver);
8871 // Call must not be on the stack from now on.
8872 int call_index = args_length + 1;
8873 environment()->RemoveExpressionStackAt(call_index);
8875 HandleIndirectCall(expr, function, args_length);
8879 HValue* HOptimizedGraphBuilder::ImplicitReceiverFor(HValue* function,
8880 Handle<JSFunction> target) {
8881 SharedFunctionInfo* shared = target->shared();
8882 if (is_sloppy(shared->language_mode()) && !shared->native()) {
8883 // Cannot embed a direct reference to the global proxy
8884 // as is it dropped on deserialization.
8885 CHECK(!isolate()->serializer_enabled());
8886 Handle<JSObject> global_proxy(target->context()->global_proxy());
8887 return Add<HConstant>(global_proxy);
8889 return graph()->GetConstantUndefined();
8893 void HOptimizedGraphBuilder::BuildArrayCall(Expression* expression,
8894 int arguments_count,
8896 Handle<AllocationSite> site) {
8897 Add<HCheckValue>(function, array_function());
8899 if (IsCallArrayInlineable(arguments_count, site)) {
8900 BuildInlinedCallArray(expression, arguments_count, site);
8904 HInstruction* call = PreProcessCall(New<HCallNewArray>(
8905 function, arguments_count + 1, site->GetElementsKind()));
8906 if (expression->IsCall()) {
8909 ast_context()->ReturnInstruction(call, expression->id());
8913 HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver,
8914 HValue* search_element,
8916 ArrayIndexOfMode mode) {
8917 DCHECK(IsFastElementsKind(kind));
8919 NoObservableSideEffectsScope no_effects(this);
8921 HValue* elements = AddLoadElements(receiver);
8922 HValue* length = AddLoadArrayLength(receiver, kind);
8925 HValue* terminating;
8927 LoopBuilder::Direction direction;
8928 if (mode == kFirstIndexOf) {
8929 initial = graph()->GetConstant0();
8930 terminating = length;
8932 direction = LoopBuilder::kPostIncrement;
8934 DCHECK_EQ(kLastIndexOf, mode);
8936 terminating = graph()->GetConstant0();
8938 direction = LoopBuilder::kPreDecrement;
8941 Push(graph()->GetConstantMinus1());
8942 if (IsFastDoubleElementsKind(kind) || IsFastSmiElementsKind(kind)) {
8943 // Make sure that we can actually compare numbers correctly below, see
8944 // https://code.google.com/p/chromium/issues/detail?id=407946 for details.
8945 search_element = AddUncasted<HForceRepresentation>(
8946 search_element, IsFastSmiElementsKind(kind) ? Representation::Smi()
8947 : Representation::Double());
8949 LoopBuilder loop(this, context(), direction);
8951 HValue* index = loop.BeginBody(initial, terminating, token);
8952 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr, kind,
8954 IfBuilder if_issame(this);
8955 if_issame.If<HCompareNumericAndBranch>(element, search_element,
8967 IfBuilder if_isstring(this);
8968 if_isstring.If<HIsStringAndBranch>(search_element);
8971 LoopBuilder loop(this, context(), direction);
8973 HValue* index = loop.BeginBody(initial, terminating, token);
8974 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
8975 kind, ALLOW_RETURN_HOLE);
8976 IfBuilder if_issame(this);
8977 if_issame.If<HIsStringAndBranch>(element);
8978 if_issame.AndIf<HStringCompareAndBranch>(
8979 element, search_element, Token::EQ_STRICT);
8992 IfBuilder if_isnumber(this);
8993 if_isnumber.If<HIsSmiAndBranch>(search_element);
8994 if_isnumber.OrIf<HCompareMap>(
8995 search_element, isolate()->factory()->heap_number_map());
8998 HValue* search_number =
8999 AddUncasted<HForceRepresentation>(search_element,
9000 Representation::Double());
9001 LoopBuilder loop(this, context(), direction);
9003 HValue* index = loop.BeginBody(initial, terminating, token);
9004 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9005 kind, ALLOW_RETURN_HOLE);
9007 IfBuilder if_element_isnumber(this);
9008 if_element_isnumber.If<HIsSmiAndBranch>(element);
9009 if_element_isnumber.OrIf<HCompareMap>(
9010 element, isolate()->factory()->heap_number_map());
9011 if_element_isnumber.Then();
9014 AddUncasted<HForceRepresentation>(element,
9015 Representation::Double());
9016 IfBuilder if_issame(this);
9017 if_issame.If<HCompareNumericAndBranch>(
9018 number, search_number, Token::EQ_STRICT);
9027 if_element_isnumber.End();
9033 LoopBuilder loop(this, context(), direction);
9035 HValue* index = loop.BeginBody(initial, terminating, token);
9036 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9037 kind, ALLOW_RETURN_HOLE);
9038 IfBuilder if_issame(this);
9039 if_issame.If<HCompareObjectEqAndBranch>(
9040 element, search_element);
9060 bool HOptimizedGraphBuilder::TryHandleArrayCall(Call* expr, HValue* function) {
9061 if (!array_function().is_identical_to(expr->target())) {
9065 Handle<AllocationSite> site = expr->allocation_site();
9066 if (site.is_null()) return false;
9068 BuildArrayCall(expr,
9069 expr->arguments()->length(),
9076 bool HOptimizedGraphBuilder::TryHandleArrayCallNew(CallNew* expr,
9078 if (!array_function().is_identical_to(expr->target())) {
9082 BuildArrayCall(expr,
9083 expr->arguments()->length(),
9085 expr->allocation_site());
9090 bool HOptimizedGraphBuilder::CanBeFunctionApplyArguments(Call* expr) {
9091 ZoneList<Expression*>* args = expr->arguments();
9092 if (args->length() != 2) return false;
9093 VariableProxy* arg_two = args->at(1)->AsVariableProxy();
9094 if (arg_two == NULL || !arg_two->var()->IsStackAllocated()) return false;
9095 HValue* arg_two_value = LookupAndMakeLive(arg_two->var());
9096 if (!arg_two_value->CheckFlag(HValue::kIsArguments)) return false;
9101 void HOptimizedGraphBuilder::VisitCall(Call* expr) {
9102 DCHECK(!HasStackOverflow());
9103 DCHECK(current_block() != NULL);
9104 DCHECK(current_block()->HasPredecessor());
9105 Expression* callee = expr->expression();
9106 int argument_count = expr->arguments()->length() + 1; // Plus receiver.
9107 HInstruction* call = NULL;
9109 Property* prop = callee->AsProperty();
9111 CHECK_ALIVE(VisitForValue(prop->obj()));
9112 HValue* receiver = Top();
9115 ComputeReceiverTypes(expr, receiver, &maps, zone());
9117 if (prop->key()->IsPropertyName() && maps->length() > 0) {
9118 Handle<String> name = prop->key()->AsLiteral()->AsPropertyName();
9119 PropertyAccessInfo info(this, LOAD, maps->first(), name);
9120 if (!info.CanAccessAsMonomorphic(maps)) {
9121 HandlePolymorphicCallNamed(expr, receiver, maps, name);
9127 if (!prop->key()->IsPropertyName()) {
9128 CHECK_ALIVE(VisitForValue(prop->key()));
9132 CHECK_ALIVE(PushLoad(prop, receiver, key));
9133 HValue* function = Pop();
9135 if (FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
9137 if (function->IsConstant() &&
9138 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9139 // Push the function under the receiver.
9140 environment()->SetExpressionStackAt(0, function);
9143 Handle<JSFunction> known_function = Handle<JSFunction>::cast(
9144 HConstant::cast(function)->handle(isolate()));
9145 expr->set_target(known_function);
9147 if (TryIndirectCall(expr)) return;
9148 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9150 Handle<Map> map = maps->length() == 1 ? maps->first() : Handle<Map>();
9151 if (TryInlineBuiltinMethodCall(expr, known_function, map,
9152 expr->arguments()->length())) {
9153 if (FLAG_trace_inlining) {
9154 PrintF("Inlining builtin ");
9155 known_function->ShortPrint();
9160 if (TryInlineApiMethodCall(expr, receiver, maps)) return;
9162 // Wrap the receiver if necessary.
9163 if (NeedsWrapping(maps->first(), known_function)) {
9164 // Since HWrapReceiver currently cannot actually wrap numbers and
9165 // strings, use the regular CallFunctionStub for method calls to wrap
9167 // TODO(verwaest): Support creation of value wrappers directly in
9169 call = New<HCallFunction>(
9170 function, argument_count, WRAP_AND_CALL);
9171 } else if (TryInlineCall(expr)) {
9174 call = BuildCallConstantFunction(known_function, argument_count);
9178 ArgumentsAllowedFlag arguments_flag = ARGUMENTS_NOT_ALLOWED;
9179 if (CanBeFunctionApplyArguments(expr) && expr->is_uninitialized()) {
9180 // We have to use EAGER deoptimization here because Deoptimizer::SOFT
9181 // gets ignored by the always-opt flag, which leads to incorrect code.
9183 Deoptimizer::kInsufficientTypeFeedbackForCallWithArguments,
9184 Deoptimizer::EAGER);
9185 arguments_flag = ARGUMENTS_FAKED;
9188 // Push the function under the receiver.
9189 environment()->SetExpressionStackAt(0, function);
9192 CHECK_ALIVE(VisitExpressions(expr->arguments(), arguments_flag));
9193 CallFunctionFlags flags = receiver->type().IsJSObject()
9194 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
9195 call = New<HCallFunction>(function, argument_count, flags);
9197 PushArgumentsFromEnvironment(argument_count);
9200 VariableProxy* proxy = expr->expression()->AsVariableProxy();
9201 if (proxy != NULL && proxy->var()->is_possibly_eval(isolate())) {
9202 return Bailout(kPossibleDirectCallToEval);
9205 // The function is on the stack in the unoptimized code during
9206 // evaluation of the arguments.
9207 CHECK_ALIVE(VisitForValue(expr->expression()));
9208 HValue* function = Top();
9209 if (expr->global_call()) {
9210 Variable* var = proxy->var();
9211 bool known_global_function = false;
9212 // If there is a global property cell for the name at compile time and
9213 // access check is not enabled we assume that the function will not change
9214 // and generate optimized code for calling the function.
9215 Handle<GlobalObject> global(current_info()->global_object());
9216 LookupIterator it(global, var->name(),
9217 LookupIterator::OWN_SKIP_INTERCEPTOR);
9218 GlobalPropertyAccess type = LookupGlobalProperty(var, &it, LOAD);
9219 if (type == kUseCell) {
9220 known_global_function = expr->ComputeGlobalTarget(global, &it);
9222 if (known_global_function) {
9223 Add<HCheckValue>(function, expr->target());
9225 // Placeholder for the receiver.
9226 Push(graph()->GetConstantUndefined());
9227 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9229 // Patch the global object on the stack by the expected receiver.
9230 HValue* receiver = ImplicitReceiverFor(function, expr->target());
9231 const int receiver_index = argument_count - 1;
9232 environment()->SetExpressionStackAt(receiver_index, receiver);
9234 if (TryInlineBuiltinFunctionCall(expr)) {
9235 if (FLAG_trace_inlining) {
9236 PrintF("Inlining builtin ");
9237 expr->target()->ShortPrint();
9242 if (TryInlineApiFunctionCall(expr, receiver)) return;
9243 if (TryHandleArrayCall(expr, function)) return;
9244 if (TryInlineCall(expr)) return;
9246 PushArgumentsFromEnvironment(argument_count);
9247 call = BuildCallConstantFunction(expr->target(), argument_count);
9249 Push(graph()->GetConstantUndefined());
9250 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9251 PushArgumentsFromEnvironment(argument_count);
9252 call = New<HCallFunction>(function, argument_count);
9255 } else if (expr->IsMonomorphic()) {
9256 Add<HCheckValue>(function, expr->target());
9258 Push(graph()->GetConstantUndefined());
9259 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9261 HValue* receiver = ImplicitReceiverFor(function, expr->target());
9262 const int receiver_index = argument_count - 1;
9263 environment()->SetExpressionStackAt(receiver_index, receiver);
9265 if (TryInlineBuiltinFunctionCall(expr)) {
9266 if (FLAG_trace_inlining) {
9267 PrintF("Inlining builtin ");
9268 expr->target()->ShortPrint();
9273 if (TryInlineApiFunctionCall(expr, receiver)) return;
9275 if (TryInlineCall(expr)) return;
9277 call = PreProcessCall(New<HInvokeFunction>(
9278 function, expr->target(), argument_count));
9281 Push(graph()->GetConstantUndefined());
9282 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9283 PushArgumentsFromEnvironment(argument_count);
9284 HCallFunction* call_function =
9285 New<HCallFunction>(function, argument_count);
9286 call = call_function;
9287 if (expr->is_uninitialized() &&
9288 expr->IsUsingCallFeedbackICSlot(isolate())) {
9289 // We've never seen this call before, so let's have Crankshaft learn
9290 // through the type vector.
9291 Handle<SharedFunctionInfo> current_shared =
9292 function_state()->compilation_info()->shared_info();
9293 Handle<TypeFeedbackVector> vector =
9294 handle(current_shared->feedback_vector(), isolate());
9295 FeedbackVectorICSlot slot = expr->CallFeedbackICSlot();
9296 call_function->SetVectorAndSlot(vector, slot);
9301 Drop(1); // Drop the function.
9302 return ast_context()->ReturnInstruction(call, expr->id());
9306 void HOptimizedGraphBuilder::BuildInlinedCallArray(
9307 Expression* expression,
9309 Handle<AllocationSite> site) {
9310 DCHECK(!site.is_null());
9311 DCHECK(argument_count >= 0 && argument_count <= 1);
9312 NoObservableSideEffectsScope no_effects(this);
9314 // We should at least have the constructor on the expression stack.
9315 HValue* constructor = environment()->ExpressionStackAt(argument_count);
9317 // Register on the site for deoptimization if the transition feedback changes.
9318 AllocationSite::RegisterForDeoptOnTransitionChange(site, top_info());
9319 ElementsKind kind = site->GetElementsKind();
9320 HInstruction* site_instruction = Add<HConstant>(site);
9322 // In the single constant argument case, we may have to adjust elements kind
9323 // to avoid creating a packed non-empty array.
9324 if (argument_count == 1 && !IsHoleyElementsKind(kind)) {
9325 HValue* argument = environment()->Top();
9326 if (argument->IsConstant()) {
9327 HConstant* constant_argument = HConstant::cast(argument);
9328 DCHECK(constant_argument->HasSmiValue());
9329 int constant_array_size = constant_argument->Integer32Value();
9330 if (constant_array_size != 0) {
9331 kind = GetHoleyElementsKind(kind);
9337 JSArrayBuilder array_builder(this,
9341 DISABLE_ALLOCATION_SITES);
9342 HValue* new_object = argument_count == 0
9343 ? array_builder.AllocateEmptyArray()
9344 : BuildAllocateArrayFromLength(&array_builder, Top());
9346 int args_to_drop = argument_count + (expression->IsCall() ? 2 : 1);
9348 ast_context()->ReturnValue(new_object);
9352 // Checks whether allocation using the given constructor can be inlined.
9353 static bool IsAllocationInlineable(Handle<JSFunction> constructor) {
9354 return constructor->has_initial_map() &&
9355 constructor->initial_map()->instance_type() == JS_OBJECT_TYPE &&
9356 constructor->initial_map()->instance_size() < HAllocate::kMaxInlineSize &&
9357 constructor->initial_map()->InitialPropertiesLength() == 0;
9361 bool HOptimizedGraphBuilder::IsCallArrayInlineable(
9363 Handle<AllocationSite> site) {
9364 Handle<JSFunction> caller = current_info()->closure();
9365 Handle<JSFunction> target = array_function();
9366 // We should have the function plus array arguments on the environment stack.
9367 DCHECK(environment()->length() >= (argument_count + 1));
9368 DCHECK(!site.is_null());
9370 bool inline_ok = false;
9371 if (site->CanInlineCall()) {
9372 // We also want to avoid inlining in certain 1 argument scenarios.
9373 if (argument_count == 1) {
9374 HValue* argument = Top();
9375 if (argument->IsConstant()) {
9376 // Do not inline if the constant length argument is not a smi or
9377 // outside the valid range for unrolled loop initialization.
9378 HConstant* constant_argument = HConstant::cast(argument);
9379 if (constant_argument->HasSmiValue()) {
9380 int value = constant_argument->Integer32Value();
9381 inline_ok = value >= 0 && value <= kElementLoopUnrollThreshold;
9383 TraceInline(target, caller,
9384 "Constant length outside of valid inlining range.");
9388 TraceInline(target, caller,
9389 "Dont inline [new] Array(n) where n isn't constant.");
9391 } else if (argument_count == 0) {
9394 TraceInline(target, caller, "Too many arguments to inline.");
9397 TraceInline(target, caller, "AllocationSite requested no inlining.");
9401 TraceInline(target, caller, NULL);
9407 void HOptimizedGraphBuilder::VisitCallNew(CallNew* expr) {
9408 DCHECK(!HasStackOverflow());
9409 DCHECK(current_block() != NULL);
9410 DCHECK(current_block()->HasPredecessor());
9411 if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
9412 int argument_count = expr->arguments()->length() + 1; // Plus constructor.
9413 Factory* factory = isolate()->factory();
9415 // The constructor function is on the stack in the unoptimized code
9416 // during evaluation of the arguments.
9417 CHECK_ALIVE(VisitForValue(expr->expression()));
9418 HValue* function = Top();
9419 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9421 if (FLAG_inline_construct &&
9422 expr->IsMonomorphic() &&
9423 IsAllocationInlineable(expr->target())) {
9424 Handle<JSFunction> constructor = expr->target();
9425 HValue* check = Add<HCheckValue>(function, constructor);
9427 // Force completion of inobject slack tracking before generating
9428 // allocation code to finalize instance size.
9429 if (constructor->IsInobjectSlackTrackingInProgress()) {
9430 constructor->CompleteInobjectSlackTracking();
9433 // Calculate instance size from initial map of constructor.
9434 DCHECK(constructor->has_initial_map());
9435 Handle<Map> initial_map(constructor->initial_map());
9436 int instance_size = initial_map->instance_size();
9437 DCHECK(initial_map->InitialPropertiesLength() == 0);
9439 // Allocate an instance of the implicit receiver object.
9440 HValue* size_in_bytes = Add<HConstant>(instance_size);
9441 HAllocationMode allocation_mode;
9442 if (FLAG_pretenuring_call_new) {
9443 if (FLAG_allocation_site_pretenuring) {
9444 // Try to use pretenuring feedback.
9445 Handle<AllocationSite> allocation_site = expr->allocation_site();
9446 allocation_mode = HAllocationMode(allocation_site);
9447 // Take a dependency on allocation site.
9448 AllocationSite::RegisterForDeoptOnTenureChange(allocation_site,
9453 HAllocate* receiver = BuildAllocate(
9454 size_in_bytes, HType::JSObject(), JS_OBJECT_TYPE, allocation_mode);
9455 receiver->set_known_initial_map(initial_map);
9457 // Initialize map and fields of the newly allocated object.
9458 { NoObservableSideEffectsScope no_effects(this);
9459 DCHECK(initial_map->instance_type() == JS_OBJECT_TYPE);
9460 Add<HStoreNamedField>(receiver,
9461 HObjectAccess::ForMapAndOffset(initial_map, JSObject::kMapOffset),
9462 Add<HConstant>(initial_map));
9463 HValue* empty_fixed_array = Add<HConstant>(factory->empty_fixed_array());
9464 Add<HStoreNamedField>(receiver,
9465 HObjectAccess::ForMapAndOffset(initial_map,
9466 JSObject::kPropertiesOffset),
9468 Add<HStoreNamedField>(receiver,
9469 HObjectAccess::ForMapAndOffset(initial_map,
9470 JSObject::kElementsOffset),
9472 if (initial_map->inobject_properties() != 0) {
9473 HConstant* undefined = graph()->GetConstantUndefined();
9474 for (int i = 0; i < initial_map->inobject_properties(); i++) {
9475 int property_offset = initial_map->GetInObjectPropertyOffset(i);
9476 Add<HStoreNamedField>(receiver,
9477 HObjectAccess::ForMapAndOffset(initial_map, property_offset),
9483 // Replace the constructor function with a newly allocated receiver using
9484 // the index of the receiver from the top of the expression stack.
9485 const int receiver_index = argument_count - 1;
9486 DCHECK(environment()->ExpressionStackAt(receiver_index) == function);
9487 environment()->SetExpressionStackAt(receiver_index, receiver);
9489 if (TryInlineConstruct(expr, receiver)) {
9490 // Inlining worked, add a dependency on the initial map to make sure that
9491 // this code is deoptimized whenever the initial map of the constructor
9493 Map::AddDependentCompilationInfo(
9494 initial_map, DependentCode::kInitialMapChangedGroup, top_info());
9498 // TODO(mstarzinger): For now we remove the previous HAllocate and all
9499 // corresponding instructions and instead add HPushArguments for the
9500 // arguments in case inlining failed. What we actually should do is for
9501 // inlining to try to build a subgraph without mutating the parent graph.
9502 HInstruction* instr = current_block()->last();
9504 HInstruction* prev_instr = instr->previous();
9505 instr->DeleteAndReplaceWith(NULL);
9507 } while (instr != check);
9508 environment()->SetExpressionStackAt(receiver_index, function);
9509 HInstruction* call =
9510 PreProcessCall(New<HCallNew>(function, argument_count));
9511 return ast_context()->ReturnInstruction(call, expr->id());
9513 // The constructor function is both an operand to the instruction and an
9514 // argument to the construct call.
9515 if (TryHandleArrayCallNew(expr, function)) return;
9517 HInstruction* call =
9518 PreProcessCall(New<HCallNew>(function, argument_count));
9519 return ast_context()->ReturnInstruction(call, expr->id());
9524 // Support for generating inlined runtime functions.
9526 // Lookup table for generators for runtime calls that are generated inline.
9527 // Elements of the table are member pointers to functions of
9528 // HOptimizedGraphBuilder.
9529 #define INLINE_FUNCTION_GENERATOR_ADDRESS(Name, argc, ressize) \
9530 &HOptimizedGraphBuilder::Generate##Name,
9532 const HOptimizedGraphBuilder::InlineFunctionGenerator
9533 HOptimizedGraphBuilder::kInlineFunctionGenerators[] = {
9534 INLINE_FUNCTION_LIST(INLINE_FUNCTION_GENERATOR_ADDRESS)
9535 INLINE_OPTIMIZED_FUNCTION_LIST(INLINE_FUNCTION_GENERATOR_ADDRESS)
9537 #undef INLINE_FUNCTION_GENERATOR_ADDRESS
9540 template <class ViewClass>
9541 void HGraphBuilder::BuildArrayBufferViewInitialization(
9544 HValue* byte_offset,
9545 HValue* byte_length) {
9547 for (int offset = ViewClass::kSize;
9548 offset < ViewClass::kSizeWithInternalFields;
9549 offset += kPointerSize) {
9550 Add<HStoreNamedField>(obj,
9551 HObjectAccess::ForObservableJSObjectOffset(offset),
9552 graph()->GetConstant0());
9555 Add<HStoreNamedField>(
9557 HObjectAccess::ForJSArrayBufferViewByteOffset(),
9559 Add<HStoreNamedField>(
9561 HObjectAccess::ForJSArrayBufferViewByteLength(),
9564 if (buffer != NULL) {
9565 Add<HStoreNamedField>(
9567 HObjectAccess::ForJSArrayBufferViewBuffer(), buffer);
9568 HObjectAccess weak_first_view_access =
9569 HObjectAccess::ForJSArrayBufferWeakFirstView();
9570 Add<HStoreNamedField>(
9571 obj, HObjectAccess::ForJSArrayBufferViewWeakNext(),
9572 Add<HLoadNamedField>(buffer, nullptr, weak_first_view_access));
9573 Add<HStoreNamedField>(buffer, weak_first_view_access, obj);
9575 Add<HStoreNamedField>(
9577 HObjectAccess::ForJSArrayBufferViewBuffer(),
9578 Add<HConstant>(static_cast<int32_t>(0)));
9579 Add<HStoreNamedField>(obj,
9580 HObjectAccess::ForJSArrayBufferViewWeakNext(),
9581 graph()->GetConstantUndefined());
9586 void HOptimizedGraphBuilder::GenerateDataViewInitialize(
9587 CallRuntime* expr) {
9588 ZoneList<Expression*>* arguments = expr->arguments();
9590 DCHECK(arguments->length()== 4);
9591 CHECK_ALIVE(VisitForValue(arguments->at(0)));
9592 HValue* obj = Pop();
9594 CHECK_ALIVE(VisitForValue(arguments->at(1)));
9595 HValue* buffer = Pop();
9597 CHECK_ALIVE(VisitForValue(arguments->at(2)));
9598 HValue* byte_offset = Pop();
9600 CHECK_ALIVE(VisitForValue(arguments->at(3)));
9601 HValue* byte_length = Pop();
9604 NoObservableSideEffectsScope scope(this);
9605 BuildArrayBufferViewInitialization<JSDataView>(
9606 obj, buffer, byte_offset, byte_length);
9611 static Handle<Map> TypedArrayMap(Isolate* isolate,
9612 ExternalArrayType array_type,
9613 ElementsKind target_kind) {
9614 Handle<Context> native_context = isolate->native_context();
9615 Handle<JSFunction> fun;
9616 switch (array_type) {
9617 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
9618 case kExternal##Type##Array: \
9619 fun = Handle<JSFunction>(native_context->type##_array_fun()); \
9622 TYPED_ARRAYS(TYPED_ARRAY_CASE)
9623 #undef TYPED_ARRAY_CASE
9625 Handle<Map> map(fun->initial_map());
9626 return Map::AsElementsKind(map, target_kind);
9630 HValue* HOptimizedGraphBuilder::BuildAllocateExternalElements(
9631 ExternalArrayType array_type,
9632 bool is_zero_byte_offset,
9633 HValue* buffer, HValue* byte_offset, HValue* length) {
9634 Handle<Map> external_array_map(
9635 isolate()->heap()->MapForExternalArrayType(array_type));
9637 // The HForceRepresentation is to prevent possible deopt on int-smi
9638 // conversion after allocation but before the new object fields are set.
9639 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
9642 Add<HConstant>(ExternalArray::kAlignedSize),
9643 HType::HeapObject(),
9645 external_array_map->instance_type());
9647 AddStoreMapConstant(elements, external_array_map);
9648 Add<HStoreNamedField>(elements,
9649 HObjectAccess::ForFixedArrayLength(), length);
9651 HValue* backing_store = Add<HLoadNamedField>(
9652 buffer, nullptr, HObjectAccess::ForJSArrayBufferBackingStore());
9654 HValue* typed_array_start;
9655 if (is_zero_byte_offset) {
9656 typed_array_start = backing_store;
9658 HInstruction* external_pointer =
9659 AddUncasted<HAdd>(backing_store, byte_offset);
9660 // Arguments are checked prior to call to TypedArrayInitialize,
9661 // including byte_offset.
9662 external_pointer->ClearFlag(HValue::kCanOverflow);
9663 typed_array_start = external_pointer;
9666 Add<HStoreNamedField>(elements,
9667 HObjectAccess::ForExternalArrayExternalPointer(),
9674 HValue* HOptimizedGraphBuilder::BuildAllocateFixedTypedArray(
9675 ExternalArrayType array_type, size_t element_size,
9676 ElementsKind fixed_elements_kind,
9677 HValue* byte_length, HValue* length) {
9679 (FixedTypedArrayBase::kHeaderSize & kObjectAlignmentMask) == 0);
9682 // if fixed array's elements are not aligned to object's alignment,
9683 // we need to align the whole array to object alignment.
9684 if (element_size % kObjectAlignment != 0) {
9685 total_size = BuildObjectSizeAlignment(
9686 byte_length, FixedTypedArrayBase::kHeaderSize);
9688 total_size = AddUncasted<HAdd>(byte_length,
9689 Add<HConstant>(FixedTypedArrayBase::kHeaderSize));
9690 total_size->ClearFlag(HValue::kCanOverflow);
9693 // The HForceRepresentation is to prevent possible deopt on int-smi
9694 // conversion after allocation but before the new object fields are set.
9695 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
9696 Handle<Map> fixed_typed_array_map(
9697 isolate()->heap()->MapForFixedTypedArray(array_type));
9699 Add<HAllocate>(total_size, HType::HeapObject(),
9700 NOT_TENURED, fixed_typed_array_map->instance_type());
9701 AddStoreMapConstant(elements, fixed_typed_array_map);
9703 Add<HStoreNamedField>(elements,
9704 HObjectAccess::ForFixedArrayLength(),
9707 HValue* filler = Add<HConstant>(static_cast<int32_t>(0));
9710 LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
9712 HValue* key = builder.BeginBody(
9713 Add<HConstant>(static_cast<int32_t>(0)),
9715 Add<HStoreKeyed>(elements, key, filler, fixed_elements_kind);
9723 void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
9724 CallRuntime* expr) {
9725 ZoneList<Expression*>* arguments = expr->arguments();
9727 static const int kObjectArg = 0;
9728 static const int kArrayIdArg = 1;
9729 static const int kBufferArg = 2;
9730 static const int kByteOffsetArg = 3;
9731 static const int kByteLengthArg = 4;
9732 static const int kArgsLength = 5;
9733 DCHECK(arguments->length() == kArgsLength);
9736 CHECK_ALIVE(VisitForValue(arguments->at(kObjectArg)));
9737 HValue* obj = Pop();
9739 if (arguments->at(kArrayIdArg)->IsLiteral()) {
9740 // This should never happen in real use, but can happen when fuzzing.
9742 Bailout(kNeedSmiLiteral);
9745 Handle<Object> value =
9746 static_cast<Literal*>(arguments->at(kArrayIdArg))->value();
9747 if (!value->IsSmi()) {
9748 // This should never happen in real use, but can happen when fuzzing.
9750 Bailout(kNeedSmiLiteral);
9753 int array_id = Smi::cast(*value)->value();
9756 if (!arguments->at(kBufferArg)->IsNullLiteral()) {
9757 CHECK_ALIVE(VisitForValue(arguments->at(kBufferArg)));
9763 HValue* byte_offset;
9764 bool is_zero_byte_offset;
9766 if (arguments->at(kByteOffsetArg)->IsLiteral()
9767 && Smi::FromInt(0) ==
9768 *static_cast<Literal*>(arguments->at(kByteOffsetArg))->value()) {
9769 byte_offset = Add<HConstant>(static_cast<int32_t>(0));
9770 is_zero_byte_offset = true;
9772 CHECK_ALIVE(VisitForValue(arguments->at(kByteOffsetArg)));
9773 byte_offset = Pop();
9774 is_zero_byte_offset = false;
9775 DCHECK(buffer != NULL);
9778 CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
9779 HValue* byte_length = Pop();
9781 NoObservableSideEffectsScope scope(this);
9782 IfBuilder byte_offset_smi(this);
9784 if (!is_zero_byte_offset) {
9785 byte_offset_smi.If<HIsSmiAndBranch>(byte_offset);
9786 byte_offset_smi.Then();
9789 ExternalArrayType array_type =
9790 kExternalInt8Array; // Bogus initialization.
9791 size_t element_size = 1; // Bogus initialization.
9792 ElementsKind external_elements_kind = // Bogus initialization.
9793 EXTERNAL_INT8_ELEMENTS;
9794 ElementsKind fixed_elements_kind = // Bogus initialization.
9796 Runtime::ArrayIdToTypeAndSize(array_id,
9798 &external_elements_kind,
9799 &fixed_elements_kind,
9803 { // byte_offset is Smi.
9804 BuildArrayBufferViewInitialization<JSTypedArray>(
9805 obj, buffer, byte_offset, byte_length);
9808 HInstruction* length = AddUncasted<HDiv>(byte_length,
9809 Add<HConstant>(static_cast<int32_t>(element_size)));
9811 Add<HStoreNamedField>(obj,
9812 HObjectAccess::ForJSTypedArrayLength(),
9816 if (buffer != NULL) {
9817 elements = BuildAllocateExternalElements(
9818 array_type, is_zero_byte_offset, buffer, byte_offset, length);
9819 Handle<Map> obj_map = TypedArrayMap(
9820 isolate(), array_type, external_elements_kind);
9821 AddStoreMapConstant(obj, obj_map);
9823 DCHECK(is_zero_byte_offset);
9824 elements = BuildAllocateFixedTypedArray(
9825 array_type, element_size, fixed_elements_kind,
9826 byte_length, length);
9828 Add<HStoreNamedField>(
9829 obj, HObjectAccess::ForElementsPointer(), elements);
9832 if (!is_zero_byte_offset) {
9833 byte_offset_smi.Else();
9834 { // byte_offset is not Smi.
9836 CHECK_ALIVE(VisitForValue(arguments->at(kArrayIdArg)));
9840 PushArgumentsFromEnvironment(kArgsLength);
9841 Add<HCallRuntime>(expr->name(), expr->function(), kArgsLength);
9844 byte_offset_smi.End();
9848 void HOptimizedGraphBuilder::GenerateMaxSmi(CallRuntime* expr) {
9849 DCHECK(expr->arguments()->length() == 0);
9850 HConstant* max_smi = New<HConstant>(static_cast<int32_t>(Smi::kMaxValue));
9851 return ast_context()->ReturnInstruction(max_smi, expr->id());
9855 void HOptimizedGraphBuilder::GenerateTypedArrayMaxSizeInHeap(
9856 CallRuntime* expr) {
9857 DCHECK(expr->arguments()->length() == 0);
9858 HConstant* result = New<HConstant>(static_cast<int32_t>(
9859 FLAG_typed_array_max_size_in_heap));
9860 return ast_context()->ReturnInstruction(result, expr->id());
9864 void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
9865 CallRuntime* expr) {
9866 DCHECK(expr->arguments()->length() == 1);
9867 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9868 HValue* buffer = Pop();
9869 HInstruction* result = New<HLoadNamedField>(
9870 buffer, nullptr, HObjectAccess::ForJSArrayBufferByteLength());
9871 return ast_context()->ReturnInstruction(result, expr->id());
9875 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteLength(
9876 CallRuntime* expr) {
9877 DCHECK(expr->arguments()->length() == 1);
9878 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9879 HValue* buffer = Pop();
9880 HInstruction* result = New<HLoadNamedField>(
9881 buffer, nullptr, HObjectAccess::ForJSArrayBufferViewByteLength());
9882 return ast_context()->ReturnInstruction(result, expr->id());
9886 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteOffset(
9887 CallRuntime* expr) {
9888 DCHECK(expr->arguments()->length() == 1);
9889 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9890 HValue* buffer = Pop();
9891 HInstruction* result = New<HLoadNamedField>(
9892 buffer, nullptr, HObjectAccess::ForJSArrayBufferViewByteOffset());
9893 return ast_context()->ReturnInstruction(result, expr->id());
9897 void HOptimizedGraphBuilder::GenerateTypedArrayGetLength(
9898 CallRuntime* expr) {
9899 DCHECK(expr->arguments()->length() == 1);
9900 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9901 HValue* buffer = Pop();
9902 HInstruction* result = New<HLoadNamedField>(
9903 buffer, nullptr, HObjectAccess::ForJSTypedArrayLength());
9904 return ast_context()->ReturnInstruction(result, expr->id());
9908 void HOptimizedGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
9909 DCHECK(!HasStackOverflow());
9910 DCHECK(current_block() != NULL);
9911 DCHECK(current_block()->HasPredecessor());
9912 if (expr->is_jsruntime()) {
9913 return Bailout(kCallToAJavaScriptRuntimeFunction);
9916 const Runtime::Function* function = expr->function();
9917 DCHECK(function != NULL);
9919 if (function->intrinsic_type == Runtime::INLINE ||
9920 function->intrinsic_type == Runtime::INLINE_OPTIMIZED) {
9921 DCHECK(expr->name()->length() > 0);
9922 DCHECK(expr->name()->Get(0) == '_');
9923 // Call to an inline function.
9924 int lookup_index = static_cast<int>(function->function_id) -
9925 static_cast<int>(Runtime::kFirstInlineFunction);
9926 DCHECK(lookup_index >= 0);
9927 DCHECK(static_cast<size_t>(lookup_index) <
9928 arraysize(kInlineFunctionGenerators));
9929 InlineFunctionGenerator generator = kInlineFunctionGenerators[lookup_index];
9931 // Call the inline code generator using the pointer-to-member.
9932 (this->*generator)(expr);
9934 DCHECK(function->intrinsic_type == Runtime::RUNTIME);
9935 Handle<String> name = expr->name();
9936 int argument_count = expr->arguments()->length();
9937 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9938 PushArgumentsFromEnvironment(argument_count);
9939 HCallRuntime* call = New<HCallRuntime>(name, function,
9941 return ast_context()->ReturnInstruction(call, expr->id());
9946 void HOptimizedGraphBuilder::VisitUnaryOperation(UnaryOperation* expr) {
9947 DCHECK(!HasStackOverflow());
9948 DCHECK(current_block() != NULL);
9949 DCHECK(current_block()->HasPredecessor());
9950 switch (expr->op()) {
9951 case Token::DELETE: return VisitDelete(expr);
9952 case Token::VOID: return VisitVoid(expr);
9953 case Token::TYPEOF: return VisitTypeof(expr);
9954 case Token::NOT: return VisitNot(expr);
9955 default: UNREACHABLE();
9960 void HOptimizedGraphBuilder::VisitDelete(UnaryOperation* expr) {
9961 Property* prop = expr->expression()->AsProperty();
9962 VariableProxy* proxy = expr->expression()->AsVariableProxy();
9964 CHECK_ALIVE(VisitForValue(prop->obj()));
9965 CHECK_ALIVE(VisitForValue(prop->key()));
9966 HValue* key = Pop();
9967 HValue* obj = Pop();
9968 HValue* function = AddLoadJSBuiltin(Builtins::DELETE);
9969 Add<HPushArguments>(obj, key, Add<HConstant>(function_language_mode()));
9970 // TODO(olivf) InvokeFunction produces a check for the parameter count,
9971 // even though we are certain to pass the correct number of arguments here.
9972 HInstruction* instr = New<HInvokeFunction>(function, 3);
9973 return ast_context()->ReturnInstruction(instr, expr->id());
9974 } else if (proxy != NULL) {
9975 Variable* var = proxy->var();
9976 if (var->IsUnallocated()) {
9977 Bailout(kDeleteWithGlobalVariable);
9978 } else if (var->IsStackAllocated() || var->IsContextSlot()) {
9979 // Result of deleting non-global variables is false. 'this' is not
9980 // really a variable, though we implement it as one. The
9981 // subexpression does not have side effects.
9982 HValue* value = var->is_this()
9983 ? graph()->GetConstantTrue()
9984 : graph()->GetConstantFalse();
9985 return ast_context()->ReturnValue(value);
9987 Bailout(kDeleteWithNonGlobalVariable);
9990 // Result of deleting non-property, non-variable reference is true.
9991 // Evaluate the subexpression for side effects.
9992 CHECK_ALIVE(VisitForEffect(expr->expression()));
9993 return ast_context()->ReturnValue(graph()->GetConstantTrue());
9998 void HOptimizedGraphBuilder::VisitVoid(UnaryOperation* expr) {
9999 CHECK_ALIVE(VisitForEffect(expr->expression()));
10000 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
10004 void HOptimizedGraphBuilder::VisitTypeof(UnaryOperation* expr) {
10005 CHECK_ALIVE(VisitForTypeOf(expr->expression()));
10006 HValue* value = Pop();
10007 HInstruction* instr = New<HTypeof>(value);
10008 return ast_context()->ReturnInstruction(instr, expr->id());
10012 void HOptimizedGraphBuilder::VisitNot(UnaryOperation* expr) {
10013 if (ast_context()->IsTest()) {
10014 TestContext* context = TestContext::cast(ast_context());
10015 VisitForControl(expr->expression(),
10016 context->if_false(),
10017 context->if_true());
10021 if (ast_context()->IsEffect()) {
10022 VisitForEffect(expr->expression());
10026 DCHECK(ast_context()->IsValue());
10027 HBasicBlock* materialize_false = graph()->CreateBasicBlock();
10028 HBasicBlock* materialize_true = graph()->CreateBasicBlock();
10029 CHECK_BAILOUT(VisitForControl(expr->expression(),
10031 materialize_true));
10033 if (materialize_false->HasPredecessor()) {
10034 materialize_false->SetJoinId(expr->MaterializeFalseId());
10035 set_current_block(materialize_false);
10036 Push(graph()->GetConstantFalse());
10038 materialize_false = NULL;
10041 if (materialize_true->HasPredecessor()) {
10042 materialize_true->SetJoinId(expr->MaterializeTrueId());
10043 set_current_block(materialize_true);
10044 Push(graph()->GetConstantTrue());
10046 materialize_true = NULL;
10049 HBasicBlock* join =
10050 CreateJoin(materialize_false, materialize_true, expr->id());
10051 set_current_block(join);
10052 if (join != NULL) return ast_context()->ReturnValue(Pop());
10056 HInstruction* HOptimizedGraphBuilder::BuildIncrement(
10057 bool returns_original_input,
10058 CountOperation* expr) {
10059 // The input to the count operation is on top of the expression stack.
10060 Representation rep = Representation::FromType(expr->type());
10061 if (rep.IsNone() || rep.IsTagged()) {
10062 rep = Representation::Smi();
10065 if (returns_original_input) {
10066 // We need an explicit HValue representing ToNumber(input). The
10067 // actual HChange instruction we need is (sometimes) added in a later
10068 // phase, so it is not available now to be used as an input to HAdd and
10069 // as the return value.
10070 HInstruction* number_input = AddUncasted<HForceRepresentation>(Pop(), rep);
10071 if (!rep.IsDouble()) {
10072 number_input->SetFlag(HInstruction::kFlexibleRepresentation);
10073 number_input->SetFlag(HInstruction::kCannotBeTagged);
10075 Push(number_input);
10078 // The addition has no side effects, so we do not need
10079 // to simulate the expression stack after this instruction.
10080 // Any later failures deopt to the load of the input or earlier.
10081 HConstant* delta = (expr->op() == Token::INC)
10082 ? graph()->GetConstant1()
10083 : graph()->GetConstantMinus1();
10084 HInstruction* instr = AddUncasted<HAdd>(Top(), delta);
10085 if (instr->IsAdd()) {
10086 HAdd* add = HAdd::cast(instr);
10087 add->set_observed_input_representation(1, rep);
10088 add->set_observed_input_representation(2, Representation::Smi());
10090 instr->SetFlag(HInstruction::kCannotBeTagged);
10091 instr->ClearAllSideEffects();
10096 void HOptimizedGraphBuilder::BuildStoreForEffect(Expression* expr,
10099 BailoutId return_id,
10103 EffectContext for_effect(this);
10105 if (key != NULL) Push(key);
10107 BuildStore(expr, prop, ast_id, return_id);
10111 void HOptimizedGraphBuilder::VisitCountOperation(CountOperation* expr) {
10112 DCHECK(!HasStackOverflow());
10113 DCHECK(current_block() != NULL);
10114 DCHECK(current_block()->HasPredecessor());
10115 if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
10116 Expression* target = expr->expression();
10117 VariableProxy* proxy = target->AsVariableProxy();
10118 Property* prop = target->AsProperty();
10119 if (proxy == NULL && prop == NULL) {
10120 return Bailout(kInvalidLhsInCountOperation);
10123 // Match the full code generator stack by simulating an extra stack
10124 // element for postfix operations in a non-effect context. The return
10125 // value is ToNumber(input).
10126 bool returns_original_input =
10127 expr->is_postfix() && !ast_context()->IsEffect();
10128 HValue* input = NULL; // ToNumber(original_input).
10129 HValue* after = NULL; // The result after incrementing or decrementing.
10131 if (proxy != NULL) {
10132 Variable* var = proxy->var();
10133 if (var->mode() == CONST_LEGACY) {
10134 return Bailout(kUnsupportedCountOperationWithConst);
10136 if (var->mode() == CONST) {
10137 return Bailout(kNonInitializerAssignmentToConst);
10139 // Argument of the count operation is a variable, not a property.
10140 DCHECK(prop == NULL);
10141 CHECK_ALIVE(VisitForValue(target));
10143 after = BuildIncrement(returns_original_input, expr);
10144 input = returns_original_input ? Top() : Pop();
10147 switch (var->location()) {
10148 case Variable::UNALLOCATED:
10149 HandleGlobalVariableAssignment(var,
10151 expr->AssignmentId());
10154 case Variable::PARAMETER:
10155 case Variable::LOCAL:
10156 BindIfLive(var, after);
10159 case Variable::CONTEXT: {
10160 // Bail out if we try to mutate a parameter value in a function
10161 // using the arguments object. We do not (yet) correctly handle the
10162 // arguments property of the function.
10163 if (current_info()->scope()->arguments() != NULL) {
10164 // Parameters will rewrite to context slots. We have no direct
10165 // way to detect that the variable is a parameter so we use a
10166 // linear search of the parameter list.
10167 int count = current_info()->scope()->num_parameters();
10168 for (int i = 0; i < count; ++i) {
10169 if (var == current_info()->scope()->parameter(i)) {
10170 return Bailout(kAssignmentToParameterInArgumentsObject);
10175 HValue* context = BuildContextChainWalk(var);
10176 HStoreContextSlot::Mode mode = IsLexicalVariableMode(var->mode())
10177 ? HStoreContextSlot::kCheckDeoptimize : HStoreContextSlot::kNoCheck;
10178 HStoreContextSlot* instr = Add<HStoreContextSlot>(context, var->index(),
10180 if (instr->HasObservableSideEffects()) {
10181 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
10186 case Variable::LOOKUP:
10187 return Bailout(kLookupVariableInCountOperation);
10190 Drop(returns_original_input ? 2 : 1);
10191 return ast_context()->ReturnValue(expr->is_postfix() ? input : after);
10194 // Argument of the count operation is a property.
10195 DCHECK(prop != NULL);
10196 if (returns_original_input) Push(graph()->GetConstantUndefined());
10198 CHECK_ALIVE(VisitForValue(prop->obj()));
10199 HValue* object = Top();
10201 HValue* key = NULL;
10202 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
10203 CHECK_ALIVE(VisitForValue(prop->key()));
10207 CHECK_ALIVE(PushLoad(prop, object, key));
10209 after = BuildIncrement(returns_original_input, expr);
10211 if (returns_original_input) {
10213 // Drop object and key to push it again in the effect context below.
10214 Drop(key == NULL ? 1 : 2);
10215 environment()->SetExpressionStackAt(0, input);
10216 CHECK_ALIVE(BuildStoreForEffect(
10217 expr, prop, expr->id(), expr->AssignmentId(), object, key, after));
10218 return ast_context()->ReturnValue(Pop());
10221 environment()->SetExpressionStackAt(0, after);
10222 return BuildStore(expr, prop, expr->id(), expr->AssignmentId());
10226 HInstruction* HOptimizedGraphBuilder::BuildStringCharCodeAt(
10229 if (string->IsConstant() && index->IsConstant()) {
10230 HConstant* c_string = HConstant::cast(string);
10231 HConstant* c_index = HConstant::cast(index);
10232 if (c_string->HasStringValue() && c_index->HasNumberValue()) {
10233 int32_t i = c_index->NumberValueAsInteger32();
10234 Handle<String> s = c_string->StringValue();
10235 if (i < 0 || i >= s->length()) {
10236 return New<HConstant>(std::numeric_limits<double>::quiet_NaN());
10238 return New<HConstant>(s->Get(i));
10241 string = BuildCheckString(string);
10242 index = Add<HBoundsCheck>(index, AddLoadStringLength(string));
10243 return New<HStringCharCodeAt>(string, index);
10247 // Checks if the given shift amounts have following forms:
10248 // (N1) and (N2) with N1 + N2 = 32; (sa) and (32 - sa).
10249 static bool ShiftAmountsAllowReplaceByRotate(HValue* sa,
10250 HValue* const32_minus_sa) {
10251 if (sa->IsConstant() && const32_minus_sa->IsConstant()) {
10252 const HConstant* c1 = HConstant::cast(sa);
10253 const HConstant* c2 = HConstant::cast(const32_minus_sa);
10254 return c1->HasInteger32Value() && c2->HasInteger32Value() &&
10255 (c1->Integer32Value() + c2->Integer32Value() == 32);
10257 if (!const32_minus_sa->IsSub()) return false;
10258 HSub* sub = HSub::cast(const32_minus_sa);
10259 return sub->left()->EqualsInteger32Constant(32) && sub->right() == sa;
10263 // Checks if the left and the right are shift instructions with the oposite
10264 // directions that can be replaced by one rotate right instruction or not.
10265 // Returns the operand and the shift amount for the rotate instruction in the
10267 bool HGraphBuilder::MatchRotateRight(HValue* left,
10270 HValue** shift_amount) {
10273 if (left->IsShl() && right->IsShr()) {
10274 shl = HShl::cast(left);
10275 shr = HShr::cast(right);
10276 } else if (left->IsShr() && right->IsShl()) {
10277 shl = HShl::cast(right);
10278 shr = HShr::cast(left);
10282 if (shl->left() != shr->left()) return false;
10284 if (!ShiftAmountsAllowReplaceByRotate(shl->right(), shr->right()) &&
10285 !ShiftAmountsAllowReplaceByRotate(shr->right(), shl->right())) {
10288 *operand = shr->left();
10289 *shift_amount = shr->right();
10294 bool CanBeZero(HValue* right) {
10295 if (right->IsConstant()) {
10296 HConstant* right_const = HConstant::cast(right);
10297 if (right_const->HasInteger32Value() &&
10298 (right_const->Integer32Value() & 0x1f) != 0) {
10306 HValue* HGraphBuilder::EnforceNumberType(HValue* number,
10308 if (expected->Is(Type::SignedSmall())) {
10309 return AddUncasted<HForceRepresentation>(number, Representation::Smi());
10311 if (expected->Is(Type::Signed32())) {
10312 return AddUncasted<HForceRepresentation>(number,
10313 Representation::Integer32());
10319 HValue* HGraphBuilder::TruncateToNumber(HValue* value, Type** expected) {
10320 if (value->IsConstant()) {
10321 HConstant* constant = HConstant::cast(value);
10322 Maybe<HConstant*> number =
10323 constant->CopyToTruncatedNumber(isolate(), zone());
10324 if (number.has_value) {
10325 *expected = Type::Number(zone());
10326 return AddInstruction(number.value);
10330 // We put temporary values on the stack, which don't correspond to anything
10331 // in baseline code. Since nothing is observable we avoid recording those
10332 // pushes with a NoObservableSideEffectsScope.
10333 NoObservableSideEffectsScope no_effects(this);
10335 Type* expected_type = *expected;
10337 // Separate the number type from the rest.
10338 Type* expected_obj =
10339 Type::Intersect(expected_type, Type::NonNumber(zone()), zone());
10340 Type* expected_number =
10341 Type::Intersect(expected_type, Type::Number(zone()), zone());
10343 // We expect to get a number.
10344 // (We need to check first, since Type::None->Is(Type::Any()) == true.
10345 if (expected_obj->Is(Type::None())) {
10346 DCHECK(!expected_number->Is(Type::None(zone())));
10350 if (expected_obj->Is(Type::Undefined(zone()))) {
10351 // This is already done by HChange.
10352 *expected = Type::Union(expected_number, Type::Number(zone()), zone());
10360 HValue* HOptimizedGraphBuilder::BuildBinaryOperation(
10361 BinaryOperation* expr,
10364 PushBeforeSimulateBehavior push_sim_result) {
10365 Type* left_type = expr->left()->bounds().lower;
10366 Type* right_type = expr->right()->bounds().lower;
10367 Type* result_type = expr->bounds().lower;
10368 Maybe<int> fixed_right_arg = expr->fixed_right_arg();
10369 Handle<AllocationSite> allocation_site = expr->allocation_site();
10371 HAllocationMode allocation_mode;
10372 if (FLAG_allocation_site_pretenuring && !allocation_site.is_null()) {
10373 allocation_mode = HAllocationMode(allocation_site);
10376 HValue* result = HGraphBuilder::BuildBinaryOperation(
10377 expr->op(), left, right, left_type, right_type, result_type,
10378 fixed_right_arg, allocation_mode);
10379 // Add a simulate after instructions with observable side effects, and
10380 // after phis, which are the result of BuildBinaryOperation when we
10381 // inlined some complex subgraph.
10382 if (result->HasObservableSideEffects() || result->IsPhi()) {
10383 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
10385 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10388 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10395 HValue* HGraphBuilder::BuildBinaryOperation(
10402 Maybe<int> fixed_right_arg,
10403 HAllocationMode allocation_mode) {
10405 Representation left_rep = Representation::FromType(left_type);
10406 Representation right_rep = Representation::FromType(right_type);
10408 bool maybe_string_add = op == Token::ADD &&
10409 (left_type->Maybe(Type::String()) ||
10410 left_type->Maybe(Type::Receiver()) ||
10411 right_type->Maybe(Type::String()) ||
10412 right_type->Maybe(Type::Receiver()));
10414 if (!left_type->IsInhabited()) {
10416 Deoptimizer::kInsufficientTypeFeedbackForLHSOfBinaryOperation,
10417 Deoptimizer::SOFT);
10418 // TODO(rossberg): we should be able to get rid of non-continuous
10420 left_type = Type::Any(zone());
10422 if (!maybe_string_add) left = TruncateToNumber(left, &left_type);
10423 left_rep = Representation::FromType(left_type);
10426 if (!right_type->IsInhabited()) {
10428 Deoptimizer::kInsufficientTypeFeedbackForRHSOfBinaryOperation,
10429 Deoptimizer::SOFT);
10430 right_type = Type::Any(zone());
10432 if (!maybe_string_add) right = TruncateToNumber(right, &right_type);
10433 right_rep = Representation::FromType(right_type);
10436 // Special case for string addition here.
10437 if (op == Token::ADD &&
10438 (left_type->Is(Type::String()) || right_type->Is(Type::String()))) {
10439 // Validate type feedback for left argument.
10440 if (left_type->Is(Type::String())) {
10441 left = BuildCheckString(left);
10444 // Validate type feedback for right argument.
10445 if (right_type->Is(Type::String())) {
10446 right = BuildCheckString(right);
10449 // Convert left argument as necessary.
10450 if (left_type->Is(Type::Number())) {
10451 DCHECK(right_type->Is(Type::String()));
10452 left = BuildNumberToString(left, left_type);
10453 } else if (!left_type->Is(Type::String())) {
10454 DCHECK(right_type->Is(Type::String()));
10455 HValue* function = AddLoadJSBuiltin(Builtins::STRING_ADD_RIGHT);
10456 Add<HPushArguments>(left, right);
10457 return AddUncasted<HInvokeFunction>(function, 2);
10460 // Convert right argument as necessary.
10461 if (right_type->Is(Type::Number())) {
10462 DCHECK(left_type->Is(Type::String()));
10463 right = BuildNumberToString(right, right_type);
10464 } else if (!right_type->Is(Type::String())) {
10465 DCHECK(left_type->Is(Type::String()));
10466 HValue* function = AddLoadJSBuiltin(Builtins::STRING_ADD_LEFT);
10467 Add<HPushArguments>(left, right);
10468 return AddUncasted<HInvokeFunction>(function, 2);
10471 // Fast path for empty constant strings.
10472 if (left->IsConstant() &&
10473 HConstant::cast(left)->HasStringValue() &&
10474 HConstant::cast(left)->StringValue()->length() == 0) {
10477 if (right->IsConstant() &&
10478 HConstant::cast(right)->HasStringValue() &&
10479 HConstant::cast(right)->StringValue()->length() == 0) {
10483 // Register the dependent code with the allocation site.
10484 if (!allocation_mode.feedback_site().is_null()) {
10485 DCHECK(!graph()->info()->IsStub());
10486 Handle<AllocationSite> site(allocation_mode.feedback_site());
10487 AllocationSite::RegisterForDeoptOnTenureChange(site, top_info());
10490 // Inline the string addition into the stub when creating allocation
10491 // mementos to gather allocation site feedback, or if we can statically
10492 // infer that we're going to create a cons string.
10493 if ((graph()->info()->IsStub() &&
10494 allocation_mode.CreateAllocationMementos()) ||
10495 (left->IsConstant() &&
10496 HConstant::cast(left)->HasStringValue() &&
10497 HConstant::cast(left)->StringValue()->length() + 1 >=
10498 ConsString::kMinLength) ||
10499 (right->IsConstant() &&
10500 HConstant::cast(right)->HasStringValue() &&
10501 HConstant::cast(right)->StringValue()->length() + 1 >=
10502 ConsString::kMinLength)) {
10503 return BuildStringAdd(left, right, allocation_mode);
10506 // Fallback to using the string add stub.
10507 return AddUncasted<HStringAdd>(
10508 left, right, allocation_mode.GetPretenureMode(),
10509 STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
10512 if (graph()->info()->IsStub()) {
10513 left = EnforceNumberType(left, left_type);
10514 right = EnforceNumberType(right, right_type);
10517 Representation result_rep = Representation::FromType(result_type);
10519 bool is_non_primitive = (left_rep.IsTagged() && !left_rep.IsSmi()) ||
10520 (right_rep.IsTagged() && !right_rep.IsSmi());
10522 HInstruction* instr = NULL;
10523 // Only the stub is allowed to call into the runtime, since otherwise we would
10524 // inline several instructions (including the two pushes) for every tagged
10525 // operation in optimized code, which is more expensive, than a stub call.
10526 if (graph()->info()->IsStub() && is_non_primitive) {
10527 HValue* function = AddLoadJSBuiltin(BinaryOpIC::TokenToJSBuiltin(op));
10528 Add<HPushArguments>(left, right);
10529 instr = AddUncasted<HInvokeFunction>(function, 2);
10533 instr = AddUncasted<HAdd>(left, right);
10536 instr = AddUncasted<HSub>(left, right);
10539 instr = AddUncasted<HMul>(left, right);
10542 if (fixed_right_arg.has_value &&
10543 !right->EqualsInteger32Constant(fixed_right_arg.value)) {
10544 HConstant* fixed_right = Add<HConstant>(
10545 static_cast<int>(fixed_right_arg.value));
10546 IfBuilder if_same(this);
10547 if_same.If<HCompareNumericAndBranch>(right, fixed_right, Token::EQ);
10549 if_same.ElseDeopt(Deoptimizer::kUnexpectedRHSOfBinaryOperation);
10550 right = fixed_right;
10552 instr = AddUncasted<HMod>(left, right);
10556 instr = AddUncasted<HDiv>(left, right);
10558 case Token::BIT_XOR:
10559 case Token::BIT_AND:
10560 instr = AddUncasted<HBitwise>(op, left, right);
10562 case Token::BIT_OR: {
10563 HValue* operand, *shift_amount;
10564 if (left_type->Is(Type::Signed32()) &&
10565 right_type->Is(Type::Signed32()) &&
10566 MatchRotateRight(left, right, &operand, &shift_amount)) {
10567 instr = AddUncasted<HRor>(operand, shift_amount);
10569 instr = AddUncasted<HBitwise>(op, left, right);
10574 instr = AddUncasted<HSar>(left, right);
10577 instr = AddUncasted<HShr>(left, right);
10578 if (instr->IsShr() && CanBeZero(right)) {
10579 graph()->RecordUint32Instruction(instr);
10583 instr = AddUncasted<HShl>(left, right);
10590 if (instr->IsBinaryOperation()) {
10591 HBinaryOperation* binop = HBinaryOperation::cast(instr);
10592 binop->set_observed_input_representation(1, left_rep);
10593 binop->set_observed_input_representation(2, right_rep);
10594 binop->initialize_output_representation(result_rep);
10595 if (graph()->info()->IsStub()) {
10596 // Stub should not call into stub.
10597 instr->SetFlag(HValue::kCannotBeTagged);
10598 // And should truncate on HForceRepresentation already.
10599 if (left->IsForceRepresentation()) {
10600 left->CopyFlag(HValue::kTruncatingToSmi, instr);
10601 left->CopyFlag(HValue::kTruncatingToInt32, instr);
10603 if (right->IsForceRepresentation()) {
10604 right->CopyFlag(HValue::kTruncatingToSmi, instr);
10605 right->CopyFlag(HValue::kTruncatingToInt32, instr);
10613 // Check for the form (%_ClassOf(foo) === 'BarClass').
10614 static bool IsClassOfTest(CompareOperation* expr) {
10615 if (expr->op() != Token::EQ_STRICT) return false;
10616 CallRuntime* call = expr->left()->AsCallRuntime();
10617 if (call == NULL) return false;
10618 Literal* literal = expr->right()->AsLiteral();
10619 if (literal == NULL) return false;
10620 if (!literal->value()->IsString()) return false;
10621 if (!call->name()->IsOneByteEqualTo(STATIC_CHAR_VECTOR("_ClassOf"))) {
10624 DCHECK(call->arguments()->length() == 1);
10629 void HOptimizedGraphBuilder::VisitBinaryOperation(BinaryOperation* expr) {
10630 DCHECK(!HasStackOverflow());
10631 DCHECK(current_block() != NULL);
10632 DCHECK(current_block()->HasPredecessor());
10633 switch (expr->op()) {
10635 return VisitComma(expr);
10638 return VisitLogicalExpression(expr);
10640 return VisitArithmeticExpression(expr);
10645 void HOptimizedGraphBuilder::VisitComma(BinaryOperation* expr) {
10646 CHECK_ALIVE(VisitForEffect(expr->left()));
10647 // Visit the right subexpression in the same AST context as the entire
10649 Visit(expr->right());
10653 void HOptimizedGraphBuilder::VisitLogicalExpression(BinaryOperation* expr) {
10654 bool is_logical_and = expr->op() == Token::AND;
10655 if (ast_context()->IsTest()) {
10656 TestContext* context = TestContext::cast(ast_context());
10657 // Translate left subexpression.
10658 HBasicBlock* eval_right = graph()->CreateBasicBlock();
10659 if (is_logical_and) {
10660 CHECK_BAILOUT(VisitForControl(expr->left(),
10662 context->if_false()));
10664 CHECK_BAILOUT(VisitForControl(expr->left(),
10665 context->if_true(),
10669 // Translate right subexpression by visiting it in the same AST
10670 // context as the entire expression.
10671 if (eval_right->HasPredecessor()) {
10672 eval_right->SetJoinId(expr->RightId());
10673 set_current_block(eval_right);
10674 Visit(expr->right());
10677 } else if (ast_context()->IsValue()) {
10678 CHECK_ALIVE(VisitForValue(expr->left()));
10679 DCHECK(current_block() != NULL);
10680 HValue* left_value = Top();
10682 // Short-circuit left values that always evaluate to the same boolean value.
10683 if (expr->left()->ToBooleanIsTrue() || expr->left()->ToBooleanIsFalse()) {
10684 // l (evals true) && r -> r
10685 // l (evals true) || r -> l
10686 // l (evals false) && r -> l
10687 // l (evals false) || r -> r
10688 if (is_logical_and == expr->left()->ToBooleanIsTrue()) {
10690 CHECK_ALIVE(VisitForValue(expr->right()));
10692 return ast_context()->ReturnValue(Pop());
10695 // We need an extra block to maintain edge-split form.
10696 HBasicBlock* empty_block = graph()->CreateBasicBlock();
10697 HBasicBlock* eval_right = graph()->CreateBasicBlock();
10698 ToBooleanStub::Types expected(expr->left()->to_boolean_types());
10699 HBranch* test = is_logical_and
10700 ? New<HBranch>(left_value, expected, eval_right, empty_block)
10701 : New<HBranch>(left_value, expected, empty_block, eval_right);
10702 FinishCurrentBlock(test);
10704 set_current_block(eval_right);
10705 Drop(1); // Value of the left subexpression.
10706 CHECK_BAILOUT(VisitForValue(expr->right()));
10708 HBasicBlock* join_block =
10709 CreateJoin(empty_block, current_block(), expr->id());
10710 set_current_block(join_block);
10711 return ast_context()->ReturnValue(Pop());
10714 DCHECK(ast_context()->IsEffect());
10715 // In an effect context, we don't need the value of the left subexpression,
10716 // only its control flow and side effects. We need an extra block to
10717 // maintain edge-split form.
10718 HBasicBlock* empty_block = graph()->CreateBasicBlock();
10719 HBasicBlock* right_block = graph()->CreateBasicBlock();
10720 if (is_logical_and) {
10721 CHECK_BAILOUT(VisitForControl(expr->left(), right_block, empty_block));
10723 CHECK_BAILOUT(VisitForControl(expr->left(), empty_block, right_block));
10726 // TODO(kmillikin): Find a way to fix this. It's ugly that there are
10727 // actually two empty blocks (one here and one inserted by
10728 // TestContext::BuildBranch, and that they both have an HSimulate though the
10729 // second one is not a merge node, and that we really have no good AST ID to
10730 // put on that first HSimulate.
10732 if (empty_block->HasPredecessor()) {
10733 empty_block->SetJoinId(expr->id());
10735 empty_block = NULL;
10738 if (right_block->HasPredecessor()) {
10739 right_block->SetJoinId(expr->RightId());
10740 set_current_block(right_block);
10741 CHECK_BAILOUT(VisitForEffect(expr->right()));
10742 right_block = current_block();
10744 right_block = NULL;
10747 HBasicBlock* join_block =
10748 CreateJoin(empty_block, right_block, expr->id());
10749 set_current_block(join_block);
10750 // We did not materialize any value in the predecessor environments,
10751 // so there is no need to handle it here.
10756 void HOptimizedGraphBuilder::VisitArithmeticExpression(BinaryOperation* expr) {
10757 CHECK_ALIVE(VisitForValue(expr->left()));
10758 CHECK_ALIVE(VisitForValue(expr->right()));
10759 SetSourcePosition(expr->position());
10760 HValue* right = Pop();
10761 HValue* left = Pop();
10763 BuildBinaryOperation(expr, left, right,
10764 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
10765 : PUSH_BEFORE_SIMULATE);
10766 if (FLAG_hydrogen_track_positions && result->IsBinaryOperation()) {
10767 HBinaryOperation::cast(result)->SetOperandPositions(
10769 ScriptPositionToSourcePosition(expr->left()->position()),
10770 ScriptPositionToSourcePosition(expr->right()->position()));
10772 return ast_context()->ReturnValue(result);
10776 void HOptimizedGraphBuilder::HandleLiteralCompareTypeof(CompareOperation* expr,
10777 Expression* sub_expr,
10778 Handle<String> check) {
10779 CHECK_ALIVE(VisitForTypeOf(sub_expr));
10780 SetSourcePosition(expr->position());
10781 HValue* value = Pop();
10782 HTypeofIsAndBranch* instr = New<HTypeofIsAndBranch>(value, check);
10783 return ast_context()->ReturnControl(instr, expr->id());
10787 static bool IsLiteralCompareBool(Isolate* isolate,
10791 return op == Token::EQ_STRICT &&
10792 ((left->IsConstant() &&
10793 HConstant::cast(left)->handle(isolate)->IsBoolean()) ||
10794 (right->IsConstant() &&
10795 HConstant::cast(right)->handle(isolate)->IsBoolean()));
10799 void HOptimizedGraphBuilder::VisitCompareOperation(CompareOperation* expr) {
10800 DCHECK(!HasStackOverflow());
10801 DCHECK(current_block() != NULL);
10802 DCHECK(current_block()->HasPredecessor());
10804 if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
10806 // Check for a few fast cases. The AST visiting behavior must be in sync
10807 // with the full codegen: We don't push both left and right values onto
10808 // the expression stack when one side is a special-case literal.
10809 Expression* sub_expr = NULL;
10810 Handle<String> check;
10811 if (expr->IsLiteralCompareTypeof(&sub_expr, &check)) {
10812 return HandleLiteralCompareTypeof(expr, sub_expr, check);
10814 if (expr->IsLiteralCompareUndefined(&sub_expr, isolate())) {
10815 return HandleLiteralCompareNil(expr, sub_expr, kUndefinedValue);
10817 if (expr->IsLiteralCompareNull(&sub_expr)) {
10818 return HandleLiteralCompareNil(expr, sub_expr, kNullValue);
10821 if (IsClassOfTest(expr)) {
10822 CallRuntime* call = expr->left()->AsCallRuntime();
10823 DCHECK(call->arguments()->length() == 1);
10824 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
10825 HValue* value = Pop();
10826 Literal* literal = expr->right()->AsLiteral();
10827 Handle<String> rhs = Handle<String>::cast(literal->value());
10828 HClassOfTestAndBranch* instr = New<HClassOfTestAndBranch>(value, rhs);
10829 return ast_context()->ReturnControl(instr, expr->id());
10832 Type* left_type = expr->left()->bounds().lower;
10833 Type* right_type = expr->right()->bounds().lower;
10834 Type* combined_type = expr->combined_type();
10836 CHECK_ALIVE(VisitForValue(expr->left()));
10837 CHECK_ALIVE(VisitForValue(expr->right()));
10839 if (FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
10841 HValue* right = Pop();
10842 HValue* left = Pop();
10843 Token::Value op = expr->op();
10845 if (IsLiteralCompareBool(isolate(), left, op, right)) {
10846 HCompareObjectEqAndBranch* result =
10847 New<HCompareObjectEqAndBranch>(left, right);
10848 return ast_context()->ReturnControl(result, expr->id());
10851 if (op == Token::INSTANCEOF) {
10852 // Check to see if the rhs of the instanceof is a global function not
10853 // residing in new space. If it is we assume that the function will stay the
10855 Handle<JSFunction> target = Handle<JSFunction>::null();
10856 VariableProxy* proxy = expr->right()->AsVariableProxy();
10857 bool global_function = (proxy != NULL) && proxy->var()->IsUnallocated();
10858 if (global_function && current_info()->has_global_object()) {
10859 Handle<String> name = proxy->name();
10860 Handle<GlobalObject> global(current_info()->global_object());
10861 LookupIterator it(global, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
10862 Handle<Object> value = JSObject::GetDataProperty(&it);
10863 if (it.IsFound() && value->IsJSFunction()) {
10864 Handle<JSFunction> candidate = Handle<JSFunction>::cast(value);
10865 // If the function is in new space we assume it's more likely to
10866 // change and thus prefer the general IC code.
10867 if (!isolate()->heap()->InNewSpace(*candidate)) {
10868 target = candidate;
10873 // If the target is not null we have found a known global function that is
10874 // assumed to stay the same for this instanceof.
10875 if (target.is_null()) {
10876 HInstanceOf* result = New<HInstanceOf>(left, right);
10877 return ast_context()->ReturnInstruction(result, expr->id());
10879 Add<HCheckValue>(right, target);
10880 HInstanceOfKnownGlobal* result =
10881 New<HInstanceOfKnownGlobal>(left, target);
10882 return ast_context()->ReturnInstruction(result, expr->id());
10885 // Code below assumes that we don't fall through.
10887 } else if (op == Token::IN) {
10888 HValue* function = AddLoadJSBuiltin(Builtins::IN);
10889 Add<HPushArguments>(left, right);
10890 // TODO(olivf) InvokeFunction produces a check for the parameter count,
10891 // even though we are certain to pass the correct number of arguments here.
10892 HInstruction* result = New<HInvokeFunction>(function, 2);
10893 return ast_context()->ReturnInstruction(result, expr->id());
10896 PushBeforeSimulateBehavior push_behavior =
10897 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
10898 : PUSH_BEFORE_SIMULATE;
10899 HControlInstruction* compare = BuildCompareInstruction(
10900 op, left, right, left_type, right_type, combined_type,
10901 ScriptPositionToSourcePosition(expr->left()->position()),
10902 ScriptPositionToSourcePosition(expr->right()->position()),
10903 push_behavior, expr->id());
10904 if (compare == NULL) return; // Bailed out.
10905 return ast_context()->ReturnControl(compare, expr->id());
10909 HControlInstruction* HOptimizedGraphBuilder::BuildCompareInstruction(
10910 Token::Value op, HValue* left, HValue* right, Type* left_type,
10911 Type* right_type, Type* combined_type, SourcePosition left_position,
10912 SourcePosition right_position, PushBeforeSimulateBehavior push_sim_result,
10913 BailoutId bailout_id) {
10914 // Cases handled below depend on collected type feedback. They should
10915 // soft deoptimize when there is no type feedback.
10916 if (!combined_type->IsInhabited()) {
10918 Deoptimizer::kInsufficientTypeFeedbackForCombinedTypeOfBinaryOperation,
10919 Deoptimizer::SOFT);
10920 combined_type = left_type = right_type = Type::Any(zone());
10923 Representation left_rep = Representation::FromType(left_type);
10924 Representation right_rep = Representation::FromType(right_type);
10925 Representation combined_rep = Representation::FromType(combined_type);
10927 if (combined_type->Is(Type::Receiver())) {
10928 if (Token::IsEqualityOp(op)) {
10929 // HCompareObjectEqAndBranch can only deal with object, so
10930 // exclude numbers.
10931 if ((left->IsConstant() &&
10932 HConstant::cast(left)->HasNumberValue()) ||
10933 (right->IsConstant() &&
10934 HConstant::cast(right)->HasNumberValue())) {
10935 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
10936 Deoptimizer::SOFT);
10937 // The caller expects a branch instruction, so make it happy.
10938 return New<HBranch>(graph()->GetConstantTrue());
10940 // Can we get away with map check and not instance type check?
10941 HValue* operand_to_check =
10942 left->block()->block_id() < right->block()->block_id() ? left : right;
10943 if (combined_type->IsClass()) {
10944 Handle<Map> map = combined_type->AsClass()->Map();
10945 AddCheckMap(operand_to_check, map);
10946 HCompareObjectEqAndBranch* result =
10947 New<HCompareObjectEqAndBranch>(left, right);
10948 if (FLAG_hydrogen_track_positions) {
10949 result->set_operand_position(zone(), 0, left_position);
10950 result->set_operand_position(zone(), 1, right_position);
10954 BuildCheckHeapObject(operand_to_check);
10955 Add<HCheckInstanceType>(operand_to_check,
10956 HCheckInstanceType::IS_SPEC_OBJECT);
10957 HCompareObjectEqAndBranch* result =
10958 New<HCompareObjectEqAndBranch>(left, right);
10962 Bailout(kUnsupportedNonPrimitiveCompare);
10965 } else if (combined_type->Is(Type::InternalizedString()) &&
10966 Token::IsEqualityOp(op)) {
10967 // If we have a constant argument, it should be consistent with the type
10968 // feedback (otherwise we fail assertions in HCompareObjectEqAndBranch).
10969 if ((left->IsConstant() &&
10970 !HConstant::cast(left)->HasInternalizedStringValue()) ||
10971 (right->IsConstant() &&
10972 !HConstant::cast(right)->HasInternalizedStringValue())) {
10973 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
10974 Deoptimizer::SOFT);
10975 // The caller expects a branch instruction, so make it happy.
10976 return New<HBranch>(graph()->GetConstantTrue());
10978 BuildCheckHeapObject(left);
10979 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_INTERNALIZED_STRING);
10980 BuildCheckHeapObject(right);
10981 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_INTERNALIZED_STRING);
10982 HCompareObjectEqAndBranch* result =
10983 New<HCompareObjectEqAndBranch>(left, right);
10985 } else if (combined_type->Is(Type::String())) {
10986 BuildCheckHeapObject(left);
10987 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_STRING);
10988 BuildCheckHeapObject(right);
10989 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_STRING);
10990 HStringCompareAndBranch* result =
10991 New<HStringCompareAndBranch>(left, right, op);
10994 if (combined_rep.IsTagged() || combined_rep.IsNone()) {
10995 HCompareGeneric* result = Add<HCompareGeneric>(left, right, op);
10996 result->set_observed_input_representation(1, left_rep);
10997 result->set_observed_input_representation(2, right_rep);
10998 if (result->HasObservableSideEffects()) {
10999 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
11001 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11004 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11007 // TODO(jkummerow): Can we make this more efficient?
11008 HBranch* branch = New<HBranch>(result);
11011 HCompareNumericAndBranch* result =
11012 New<HCompareNumericAndBranch>(left, right, op);
11013 result->set_observed_input_representation(left_rep, right_rep);
11014 if (FLAG_hydrogen_track_positions) {
11015 result->SetOperandPositions(zone(), left_position, right_position);
11023 void HOptimizedGraphBuilder::HandleLiteralCompareNil(CompareOperation* expr,
11024 Expression* sub_expr,
11026 DCHECK(!HasStackOverflow());
11027 DCHECK(current_block() != NULL);
11028 DCHECK(current_block()->HasPredecessor());
11029 DCHECK(expr->op() == Token::EQ || expr->op() == Token::EQ_STRICT);
11030 if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
11031 CHECK_ALIVE(VisitForValue(sub_expr));
11032 HValue* value = Pop();
11033 if (expr->op() == Token::EQ_STRICT) {
11034 HConstant* nil_constant = nil == kNullValue
11035 ? graph()->GetConstantNull()
11036 : graph()->GetConstantUndefined();
11037 HCompareObjectEqAndBranch* instr =
11038 New<HCompareObjectEqAndBranch>(value, nil_constant);
11039 return ast_context()->ReturnControl(instr, expr->id());
11041 DCHECK_EQ(Token::EQ, expr->op());
11042 Type* type = expr->combined_type()->Is(Type::None())
11043 ? Type::Any(zone()) : expr->combined_type();
11044 HIfContinuation continuation;
11045 BuildCompareNil(value, type, &continuation);
11046 return ast_context()->ReturnContinuation(&continuation, expr->id());
11051 HInstruction* HOptimizedGraphBuilder::BuildThisFunction() {
11052 // If we share optimized code between different closures, the
11053 // this-function is not a constant, except inside an inlined body.
11054 if (function_state()->outer() != NULL) {
11055 return New<HConstant>(
11056 function_state()->compilation_info()->closure());
11058 return New<HThisFunction>();
11063 HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
11064 Handle<JSObject> boilerplate_object,
11065 AllocationSiteUsageContext* site_context) {
11066 NoObservableSideEffectsScope no_effects(this);
11067 InstanceType instance_type = boilerplate_object->map()->instance_type();
11068 DCHECK(instance_type == JS_ARRAY_TYPE || instance_type == JS_OBJECT_TYPE);
11070 HType type = instance_type == JS_ARRAY_TYPE
11071 ? HType::JSArray() : HType::JSObject();
11072 HValue* object_size_constant = Add<HConstant>(
11073 boilerplate_object->map()->instance_size());
11075 PretenureFlag pretenure_flag = NOT_TENURED;
11076 Handle<AllocationSite> site(site_context->current());
11077 if (FLAG_allocation_site_pretenuring) {
11078 pretenure_flag = site_context->current()->GetPretenureMode();
11079 AllocationSite::RegisterForDeoptOnTenureChange(site, top_info());
11082 AllocationSite::RegisterForDeoptOnTransitionChange(site, top_info());
11084 HInstruction* object = Add<HAllocate>(object_size_constant, type,
11085 pretenure_flag, instance_type, site_context->current());
11087 // If allocation folding reaches Page::kMaxRegularHeapObjectSize the
11088 // elements array may not get folded into the object. Hence, we set the
11089 // elements pointer to empty fixed array and let store elimination remove
11090 // this store in the folding case.
11091 HConstant* empty_fixed_array = Add<HConstant>(
11092 isolate()->factory()->empty_fixed_array());
11093 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11094 empty_fixed_array);
11096 BuildEmitObjectHeader(boilerplate_object, object);
11098 Handle<FixedArrayBase> elements(boilerplate_object->elements());
11099 int elements_size = (elements->length() > 0 &&
11100 elements->map() != isolate()->heap()->fixed_cow_array_map()) ?
11101 elements->Size() : 0;
11103 if (pretenure_flag == TENURED &&
11104 elements->map() == isolate()->heap()->fixed_cow_array_map() &&
11105 isolate()->heap()->InNewSpace(*elements)) {
11106 // If we would like to pretenure a fixed cow array, we must ensure that the
11107 // array is already in old space, otherwise we'll create too many old-to-
11108 // new-space pointers (overflowing the store buffer).
11109 elements = Handle<FixedArrayBase>(
11110 isolate()->factory()->CopyAndTenureFixedCOWArray(
11111 Handle<FixedArray>::cast(elements)));
11112 boilerplate_object->set_elements(*elements);
11115 HInstruction* object_elements = NULL;
11116 if (elements_size > 0) {
11117 HValue* object_elements_size = Add<HConstant>(elements_size);
11118 InstanceType instance_type = boilerplate_object->HasFastDoubleElements()
11119 ? FIXED_DOUBLE_ARRAY_TYPE : FIXED_ARRAY_TYPE;
11120 object_elements = Add<HAllocate>(
11121 object_elements_size, HType::HeapObject(),
11122 pretenure_flag, instance_type, site_context->current());
11124 BuildInitElementsInObjectHeader(boilerplate_object, object, object_elements);
11126 // Copy object elements if non-COW.
11127 if (object_elements != NULL) {
11128 BuildEmitElements(boilerplate_object, elements, object_elements,
11132 // Copy in-object properties.
11133 if (boilerplate_object->map()->NumberOfFields() != 0 ||
11134 boilerplate_object->map()->unused_property_fields() > 0) {
11135 BuildEmitInObjectProperties(boilerplate_object, object, site_context,
11142 void HOptimizedGraphBuilder::BuildEmitObjectHeader(
11143 Handle<JSObject> boilerplate_object,
11144 HInstruction* object) {
11145 DCHECK(boilerplate_object->properties()->length() == 0);
11147 Handle<Map> boilerplate_object_map(boilerplate_object->map());
11148 AddStoreMapConstant(object, boilerplate_object_map);
11150 Handle<Object> properties_field =
11151 Handle<Object>(boilerplate_object->properties(), isolate());
11152 DCHECK(*properties_field == isolate()->heap()->empty_fixed_array());
11153 HInstruction* properties = Add<HConstant>(properties_field);
11154 HObjectAccess access = HObjectAccess::ForPropertiesPointer();
11155 Add<HStoreNamedField>(object, access, properties);
11157 if (boilerplate_object->IsJSArray()) {
11158 Handle<JSArray> boilerplate_array =
11159 Handle<JSArray>::cast(boilerplate_object);
11160 Handle<Object> length_field =
11161 Handle<Object>(boilerplate_array->length(), isolate());
11162 HInstruction* length = Add<HConstant>(length_field);
11164 DCHECK(boilerplate_array->length()->IsSmi());
11165 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(
11166 boilerplate_array->GetElementsKind()), length);
11171 void HOptimizedGraphBuilder::BuildInitElementsInObjectHeader(
11172 Handle<JSObject> boilerplate_object,
11173 HInstruction* object,
11174 HInstruction* object_elements) {
11175 DCHECK(boilerplate_object->properties()->length() == 0);
11176 if (object_elements == NULL) {
11177 Handle<Object> elements_field =
11178 Handle<Object>(boilerplate_object->elements(), isolate());
11179 object_elements = Add<HConstant>(elements_field);
11181 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11186 void HOptimizedGraphBuilder::BuildEmitInObjectProperties(
11187 Handle<JSObject> boilerplate_object,
11188 HInstruction* object,
11189 AllocationSiteUsageContext* site_context,
11190 PretenureFlag pretenure_flag) {
11191 Handle<Map> boilerplate_map(boilerplate_object->map());
11192 Handle<DescriptorArray> descriptors(boilerplate_map->instance_descriptors());
11193 int limit = boilerplate_map->NumberOfOwnDescriptors();
11195 int copied_fields = 0;
11196 for (int i = 0; i < limit; i++) {
11197 PropertyDetails details = descriptors->GetDetails(i);
11198 if (details.type() != DATA) continue;
11200 FieldIndex field_index = FieldIndex::ForDescriptor(*boilerplate_map, i);
11203 int property_offset = field_index.offset();
11204 Handle<Name> name(descriptors->GetKey(i));
11206 // The access for the store depends on the type of the boilerplate.
11207 HObjectAccess access = boilerplate_object->IsJSArray() ?
11208 HObjectAccess::ForJSArrayOffset(property_offset) :
11209 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11211 if (boilerplate_object->IsUnboxedDoubleField(field_index)) {
11212 CHECK(!boilerplate_object->IsJSArray());
11213 double value = boilerplate_object->RawFastDoublePropertyAt(field_index);
11214 access = access.WithRepresentation(Representation::Double());
11215 Add<HStoreNamedField>(object, access, Add<HConstant>(value));
11218 Handle<Object> value(boilerplate_object->RawFastPropertyAt(field_index),
11221 if (value->IsJSObject()) {
11222 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11223 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11224 HInstruction* result =
11225 BuildFastLiteral(value_object, site_context);
11226 site_context->ExitScope(current_site, value_object);
11227 Add<HStoreNamedField>(object, access, result);
11229 Representation representation = details.representation();
11230 HInstruction* value_instruction;
11232 if (representation.IsDouble()) {
11233 // Allocate a HeapNumber box and store the value into it.
11234 HValue* heap_number_constant = Add<HConstant>(HeapNumber::kSize);
11235 // This heap number alloc does not have a corresponding
11236 // AllocationSite. That is okay because
11237 // 1) it's a child object of another object with a valid allocation site
11238 // 2) we can just use the mode of the parent object for pretenuring
11239 HInstruction* double_box =
11240 Add<HAllocate>(heap_number_constant, HType::HeapObject(),
11241 pretenure_flag, MUTABLE_HEAP_NUMBER_TYPE);
11242 AddStoreMapConstant(double_box,
11243 isolate()->factory()->mutable_heap_number_map());
11244 // Unwrap the mutable heap number from the boilerplate.
11245 HValue* double_value =
11246 Add<HConstant>(Handle<HeapNumber>::cast(value)->value());
11247 Add<HStoreNamedField>(
11248 double_box, HObjectAccess::ForHeapNumberValue(), double_value);
11249 value_instruction = double_box;
11250 } else if (representation.IsSmi()) {
11251 value_instruction = value->IsUninitialized()
11252 ? graph()->GetConstant0()
11253 : Add<HConstant>(value);
11254 // Ensure that value is stored as smi.
11255 access = access.WithRepresentation(representation);
11257 value_instruction = Add<HConstant>(value);
11260 Add<HStoreNamedField>(object, access, value_instruction);
11264 int inobject_properties = boilerplate_object->map()->inobject_properties();
11265 HInstruction* value_instruction =
11266 Add<HConstant>(isolate()->factory()->one_pointer_filler_map());
11267 for (int i = copied_fields; i < inobject_properties; i++) {
11268 DCHECK(boilerplate_object->IsJSObject());
11269 int property_offset = boilerplate_object->GetInObjectPropertyOffset(i);
11270 HObjectAccess access =
11271 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11272 Add<HStoreNamedField>(object, access, value_instruction);
11277 void HOptimizedGraphBuilder::BuildEmitElements(
11278 Handle<JSObject> boilerplate_object,
11279 Handle<FixedArrayBase> elements,
11280 HValue* object_elements,
11281 AllocationSiteUsageContext* site_context) {
11282 ElementsKind kind = boilerplate_object->map()->elements_kind();
11283 int elements_length = elements->length();
11284 HValue* object_elements_length = Add<HConstant>(elements_length);
11285 BuildInitializeElementsHeader(object_elements, kind, object_elements_length);
11287 // Copy elements backing store content.
11288 if (elements->IsFixedDoubleArray()) {
11289 BuildEmitFixedDoubleArray(elements, kind, object_elements);
11290 } else if (elements->IsFixedArray()) {
11291 BuildEmitFixedArray(elements, kind, object_elements,
11299 void HOptimizedGraphBuilder::BuildEmitFixedDoubleArray(
11300 Handle<FixedArrayBase> elements,
11302 HValue* object_elements) {
11303 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11304 int elements_length = elements->length();
11305 for (int i = 0; i < elements_length; i++) {
11306 HValue* key_constant = Add<HConstant>(i);
11307 HInstruction* value_instruction = Add<HLoadKeyed>(
11308 boilerplate_elements, key_constant, nullptr, kind, ALLOW_RETURN_HOLE);
11309 HInstruction* store = Add<HStoreKeyed>(object_elements, key_constant,
11310 value_instruction, kind);
11311 store->SetFlag(HValue::kAllowUndefinedAsNaN);
11316 void HOptimizedGraphBuilder::BuildEmitFixedArray(
11317 Handle<FixedArrayBase> elements,
11319 HValue* object_elements,
11320 AllocationSiteUsageContext* site_context) {
11321 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11322 int elements_length = elements->length();
11323 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
11324 for (int i = 0; i < elements_length; i++) {
11325 Handle<Object> value(fast_elements->get(i), isolate());
11326 HValue* key_constant = Add<HConstant>(i);
11327 if (value->IsJSObject()) {
11328 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11329 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11330 HInstruction* result =
11331 BuildFastLiteral(value_object, site_context);
11332 site_context->ExitScope(current_site, value_object);
11333 Add<HStoreKeyed>(object_elements, key_constant, result, kind);
11335 ElementsKind copy_kind =
11336 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
11337 HInstruction* value_instruction =
11338 Add<HLoadKeyed>(boilerplate_elements, key_constant, nullptr,
11339 copy_kind, ALLOW_RETURN_HOLE);
11340 Add<HStoreKeyed>(object_elements, key_constant, value_instruction,
11347 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) {
11348 DCHECK(!HasStackOverflow());
11349 DCHECK(current_block() != NULL);
11350 DCHECK(current_block()->HasPredecessor());
11351 HInstruction* instr = BuildThisFunction();
11352 return ast_context()->ReturnInstruction(instr, expr->id());
11356 void HOptimizedGraphBuilder::VisitSuperReference(SuperReference* expr) {
11357 DCHECK(!HasStackOverflow());
11358 DCHECK(current_block() != NULL);
11359 DCHECK(current_block()->HasPredecessor());
11360 return Bailout(kSuperReference);
11364 void HOptimizedGraphBuilder::VisitDeclarations(
11365 ZoneList<Declaration*>* declarations) {
11366 DCHECK(globals_.is_empty());
11367 AstVisitor::VisitDeclarations(declarations);
11368 if (!globals_.is_empty()) {
11369 Handle<FixedArray> array =
11370 isolate()->factory()->NewFixedArray(globals_.length(), TENURED);
11371 for (int i = 0; i < globals_.length(); ++i) array->set(i, *globals_.at(i));
11373 DeclareGlobalsEvalFlag::encode(current_info()->is_eval()) |
11374 DeclareGlobalsNativeFlag::encode(current_info()->is_native()) |
11375 DeclareGlobalsLanguageMode::encode(current_info()->language_mode());
11376 Add<HDeclareGlobals>(array, flags);
11377 globals_.Rewind(0);
11382 void HOptimizedGraphBuilder::VisitVariableDeclaration(
11383 VariableDeclaration* declaration) {
11384 VariableProxy* proxy = declaration->proxy();
11385 VariableMode mode = declaration->mode();
11386 Variable* variable = proxy->var();
11387 bool hole_init = mode == LET || mode == CONST || mode == CONST_LEGACY;
11388 switch (variable->location()) {
11389 case Variable::UNALLOCATED:
11390 globals_.Add(variable->name(), zone());
11391 globals_.Add(variable->binding_needs_init()
11392 ? isolate()->factory()->the_hole_value()
11393 : isolate()->factory()->undefined_value(), zone());
11395 case Variable::PARAMETER:
11396 case Variable::LOCAL:
11398 HValue* value = graph()->GetConstantHole();
11399 environment()->Bind(variable, value);
11402 case Variable::CONTEXT:
11404 HValue* value = graph()->GetConstantHole();
11405 HValue* context = environment()->context();
11406 HStoreContextSlot* store = Add<HStoreContextSlot>(
11407 context, variable->index(), HStoreContextSlot::kNoCheck, value);
11408 if (store->HasObservableSideEffects()) {
11409 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11413 case Variable::LOOKUP:
11414 return Bailout(kUnsupportedLookupSlotInDeclaration);
11419 void HOptimizedGraphBuilder::VisitFunctionDeclaration(
11420 FunctionDeclaration* declaration) {
11421 VariableProxy* proxy = declaration->proxy();
11422 Variable* variable = proxy->var();
11423 switch (variable->location()) {
11424 case Variable::UNALLOCATED: {
11425 globals_.Add(variable->name(), zone());
11426 Handle<SharedFunctionInfo> function = Compiler::BuildFunctionInfo(
11427 declaration->fun(), current_info()->script(), top_info());
11428 // Check for stack-overflow exception.
11429 if (function.is_null()) return SetStackOverflow();
11430 globals_.Add(function, zone());
11433 case Variable::PARAMETER:
11434 case Variable::LOCAL: {
11435 CHECK_ALIVE(VisitForValue(declaration->fun()));
11436 HValue* value = Pop();
11437 BindIfLive(variable, value);
11440 case Variable::CONTEXT: {
11441 CHECK_ALIVE(VisitForValue(declaration->fun()));
11442 HValue* value = Pop();
11443 HValue* context = environment()->context();
11444 HStoreContextSlot* store = Add<HStoreContextSlot>(
11445 context, variable->index(), HStoreContextSlot::kNoCheck, value);
11446 if (store->HasObservableSideEffects()) {
11447 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11451 case Variable::LOOKUP:
11452 return Bailout(kUnsupportedLookupSlotInDeclaration);
11457 void HOptimizedGraphBuilder::VisitModuleDeclaration(
11458 ModuleDeclaration* declaration) {
11463 void HOptimizedGraphBuilder::VisitImportDeclaration(
11464 ImportDeclaration* declaration) {
11469 void HOptimizedGraphBuilder::VisitExportDeclaration(
11470 ExportDeclaration* declaration) {
11475 void HOptimizedGraphBuilder::VisitModuleLiteral(ModuleLiteral* module) {
11480 void HOptimizedGraphBuilder::VisitModulePath(ModulePath* module) {
11485 void HOptimizedGraphBuilder::VisitModuleUrl(ModuleUrl* module) {
11490 void HOptimizedGraphBuilder::VisitModuleStatement(ModuleStatement* stmt) {
11495 // Generators for inline runtime functions.
11496 // Support for types.
11497 void HOptimizedGraphBuilder::GenerateIsSmi(CallRuntime* call) {
11498 DCHECK(call->arguments()->length() == 1);
11499 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11500 HValue* value = Pop();
11501 HIsSmiAndBranch* result = New<HIsSmiAndBranch>(value);
11502 return ast_context()->ReturnControl(result, call->id());
11506 void HOptimizedGraphBuilder::GenerateIsSpecObject(CallRuntime* call) {
11507 DCHECK(call->arguments()->length() == 1);
11508 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11509 HValue* value = Pop();
11510 HHasInstanceTypeAndBranch* result =
11511 New<HHasInstanceTypeAndBranch>(value,
11512 FIRST_SPEC_OBJECT_TYPE,
11513 LAST_SPEC_OBJECT_TYPE);
11514 return ast_context()->ReturnControl(result, call->id());
11518 void HOptimizedGraphBuilder::GenerateIsFunction(CallRuntime* call) {
11519 DCHECK(call->arguments()->length() == 1);
11520 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11521 HValue* value = Pop();
11522 HHasInstanceTypeAndBranch* result =
11523 New<HHasInstanceTypeAndBranch>(value, JS_FUNCTION_TYPE);
11524 return ast_context()->ReturnControl(result, call->id());
11528 void HOptimizedGraphBuilder::GenerateIsMinusZero(CallRuntime* call) {
11529 DCHECK(call->arguments()->length() == 1);
11530 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11531 HValue* value = Pop();
11532 HCompareMinusZeroAndBranch* result = New<HCompareMinusZeroAndBranch>(value);
11533 return ast_context()->ReturnControl(result, call->id());
11537 void HOptimizedGraphBuilder::GenerateHasCachedArrayIndex(CallRuntime* call) {
11538 DCHECK(call->arguments()->length() == 1);
11539 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11540 HValue* value = Pop();
11541 HHasCachedArrayIndexAndBranch* result =
11542 New<HHasCachedArrayIndexAndBranch>(value);
11543 return ast_context()->ReturnControl(result, call->id());
11547 void HOptimizedGraphBuilder::GenerateIsArray(CallRuntime* call) {
11548 DCHECK(call->arguments()->length() == 1);
11549 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11550 HValue* value = Pop();
11551 HHasInstanceTypeAndBranch* result =
11552 New<HHasInstanceTypeAndBranch>(value, JS_ARRAY_TYPE);
11553 return ast_context()->ReturnControl(result, call->id());
11557 void HOptimizedGraphBuilder::GenerateIsRegExp(CallRuntime* call) {
11558 DCHECK(call->arguments()->length() == 1);
11559 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11560 HValue* value = Pop();
11561 HHasInstanceTypeAndBranch* result =
11562 New<HHasInstanceTypeAndBranch>(value, JS_REGEXP_TYPE);
11563 return ast_context()->ReturnControl(result, call->id());
11567 void HOptimizedGraphBuilder::GenerateIsObject(CallRuntime* call) {
11568 DCHECK(call->arguments()->length() == 1);
11569 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11570 HValue* value = Pop();
11571 HIsObjectAndBranch* result = New<HIsObjectAndBranch>(value);
11572 return ast_context()->ReturnControl(result, call->id());
11576 void HOptimizedGraphBuilder::GenerateIsJSProxy(CallRuntime* call) {
11577 DCHECK(call->arguments()->length() == 1);
11578 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11579 HValue* value = Pop();
11580 HIfContinuation continuation;
11581 IfBuilder if_proxy(this);
11583 HValue* smicheck = if_proxy.IfNot<HIsSmiAndBranch>(value);
11585 HValue* map = Add<HLoadNamedField>(value, smicheck, HObjectAccess::ForMap());
11586 HValue* instance_type =
11587 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
11588 if_proxy.If<HCompareNumericAndBranch>(
11589 instance_type, Add<HConstant>(FIRST_JS_PROXY_TYPE), Token::GTE);
11591 if_proxy.If<HCompareNumericAndBranch>(
11592 instance_type, Add<HConstant>(LAST_JS_PROXY_TYPE), Token::LTE);
11594 if_proxy.CaptureContinuation(&continuation);
11595 return ast_context()->ReturnContinuation(&continuation, call->id());
11599 void HOptimizedGraphBuilder::GenerateHasFastPackedElements(CallRuntime* call) {
11600 DCHECK(call->arguments()->length() == 1);
11601 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11602 HValue* object = Pop();
11603 HIfContinuation continuation(graph()->CreateBasicBlock(),
11604 graph()->CreateBasicBlock());
11605 IfBuilder if_not_smi(this);
11606 if_not_smi.IfNot<HIsSmiAndBranch>(object);
11609 NoObservableSideEffectsScope no_effects(this);
11611 IfBuilder if_fast_packed(this);
11612 HValue* elements_kind = BuildGetElementsKind(object);
11613 if_fast_packed.If<HCompareNumericAndBranch>(
11614 elements_kind, Add<HConstant>(FAST_SMI_ELEMENTS), Token::EQ);
11615 if_fast_packed.Or();
11616 if_fast_packed.If<HCompareNumericAndBranch>(
11617 elements_kind, Add<HConstant>(FAST_ELEMENTS), Token::EQ);
11618 if_fast_packed.Or();
11619 if_fast_packed.If<HCompareNumericAndBranch>(
11620 elements_kind, Add<HConstant>(FAST_DOUBLE_ELEMENTS), Token::EQ);
11621 if_fast_packed.JoinContinuation(&continuation);
11623 if_not_smi.JoinContinuation(&continuation);
11624 return ast_context()->ReturnContinuation(&continuation, call->id());
11628 void HOptimizedGraphBuilder::GenerateIsNonNegativeSmi(CallRuntime* call) {
11629 return Bailout(kInlinedRuntimeFunctionIsNonNegativeSmi);
11633 void HOptimizedGraphBuilder::GenerateIsUndetectableObject(CallRuntime* call) {
11634 DCHECK(call->arguments()->length() == 1);
11635 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11636 HValue* value = Pop();
11637 HIsUndetectableAndBranch* result = New<HIsUndetectableAndBranch>(value);
11638 return ast_context()->ReturnControl(result, call->id());
11642 void HOptimizedGraphBuilder::GenerateIsStringWrapperSafeForDefaultValueOf(
11643 CallRuntime* call) {
11644 return Bailout(kInlinedRuntimeFunctionIsStringWrapperSafeForDefaultValueOf);
11648 // Support for construct call checks.
11649 void HOptimizedGraphBuilder::GenerateIsConstructCall(CallRuntime* call) {
11650 DCHECK(call->arguments()->length() == 0);
11651 if (function_state()->outer() != NULL) {
11652 // We are generating graph for inlined function.
11653 HValue* value = function_state()->inlining_kind() == CONSTRUCT_CALL_RETURN
11654 ? graph()->GetConstantTrue()
11655 : graph()->GetConstantFalse();
11656 return ast_context()->ReturnValue(value);
11658 return ast_context()->ReturnControl(New<HIsConstructCallAndBranch>(),
11664 // Support for arguments.length and arguments[?].
11665 void HOptimizedGraphBuilder::GenerateArgumentsLength(CallRuntime* call) {
11666 DCHECK(call->arguments()->length() == 0);
11667 HInstruction* result = NULL;
11668 if (function_state()->outer() == NULL) {
11669 HInstruction* elements = Add<HArgumentsElements>(false);
11670 result = New<HArgumentsLength>(elements);
11672 // Number of arguments without receiver.
11673 int argument_count = environment()->
11674 arguments_environment()->parameter_count() - 1;
11675 result = New<HConstant>(argument_count);
11677 return ast_context()->ReturnInstruction(result, call->id());
11681 void HOptimizedGraphBuilder::GenerateArguments(CallRuntime* call) {
11682 DCHECK(call->arguments()->length() == 1);
11683 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11684 HValue* index = Pop();
11685 HInstruction* result = NULL;
11686 if (function_state()->outer() == NULL) {
11687 HInstruction* elements = Add<HArgumentsElements>(false);
11688 HInstruction* length = Add<HArgumentsLength>(elements);
11689 HInstruction* checked_index = Add<HBoundsCheck>(index, length);
11690 result = New<HAccessArgumentsAt>(elements, length, checked_index);
11692 EnsureArgumentsArePushedForAccess();
11694 // Number of arguments without receiver.
11695 HInstruction* elements = function_state()->arguments_elements();
11696 int argument_count = environment()->
11697 arguments_environment()->parameter_count() - 1;
11698 HInstruction* length = Add<HConstant>(argument_count);
11699 HInstruction* checked_key = Add<HBoundsCheck>(index, length);
11700 result = New<HAccessArgumentsAt>(elements, length, checked_key);
11702 return ast_context()->ReturnInstruction(result, call->id());
11706 // Support for accessing the class and value fields of an object.
11707 void HOptimizedGraphBuilder::GenerateClassOf(CallRuntime* call) {
11708 // The special form detected by IsClassOfTest is detected before we get here
11709 // and does not cause a bailout.
11710 return Bailout(kInlinedRuntimeFunctionClassOf);
11714 void HOptimizedGraphBuilder::GenerateValueOf(CallRuntime* call) {
11715 DCHECK(call->arguments()->length() == 1);
11716 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11717 HValue* object = Pop();
11719 IfBuilder if_objectisvalue(this);
11720 HValue* objectisvalue = if_objectisvalue.If<HHasInstanceTypeAndBranch>(
11721 object, JS_VALUE_TYPE);
11722 if_objectisvalue.Then();
11724 // Return the actual value.
11725 Push(Add<HLoadNamedField>(
11726 object, objectisvalue,
11727 HObjectAccess::ForObservableJSObjectOffset(
11728 JSValue::kValueOffset)));
11729 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11731 if_objectisvalue.Else();
11733 // If the object is not a value return the object.
11735 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11737 if_objectisvalue.End();
11738 return ast_context()->ReturnValue(Pop());
11742 void HOptimizedGraphBuilder::GenerateDateField(CallRuntime* call) {
11743 DCHECK(call->arguments()->length() == 2);
11744 DCHECK_NOT_NULL(call->arguments()->at(1)->AsLiteral());
11745 Smi* index = Smi::cast(*(call->arguments()->at(1)->AsLiteral()->value()));
11746 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11747 HValue* date = Pop();
11748 HDateField* result = New<HDateField>(date, index);
11749 return ast_context()->ReturnInstruction(result, call->id());
11753 void HOptimizedGraphBuilder::GenerateOneByteSeqStringSetChar(
11754 CallRuntime* call) {
11755 DCHECK(call->arguments()->length() == 3);
11756 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11757 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11758 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11759 HValue* string = Pop();
11760 HValue* value = Pop();
11761 HValue* index = Pop();
11762 Add<HSeqStringSetChar>(String::ONE_BYTE_ENCODING, string,
11764 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11765 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11769 void HOptimizedGraphBuilder::GenerateTwoByteSeqStringSetChar(
11770 CallRuntime* call) {
11771 DCHECK(call->arguments()->length() == 3);
11772 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11773 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11774 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11775 HValue* string = Pop();
11776 HValue* value = Pop();
11777 HValue* index = Pop();
11778 Add<HSeqStringSetChar>(String::TWO_BYTE_ENCODING, string,
11780 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11781 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11785 void HOptimizedGraphBuilder::GenerateSetValueOf(CallRuntime* call) {
11786 DCHECK(call->arguments()->length() == 2);
11787 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11788 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11789 HValue* value = Pop();
11790 HValue* object = Pop();
11792 // Check if object is a JSValue.
11793 IfBuilder if_objectisvalue(this);
11794 if_objectisvalue.If<HHasInstanceTypeAndBranch>(object, JS_VALUE_TYPE);
11795 if_objectisvalue.Then();
11797 // Create in-object property store to kValueOffset.
11798 Add<HStoreNamedField>(object,
11799 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset),
11801 if (!ast_context()->IsEffect()) {
11804 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11806 if_objectisvalue.Else();
11808 // Nothing to do in this case.
11809 if (!ast_context()->IsEffect()) {
11812 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11814 if_objectisvalue.End();
11815 if (!ast_context()->IsEffect()) {
11818 return ast_context()->ReturnValue(value);
11822 // Fast support for charCodeAt(n).
11823 void HOptimizedGraphBuilder::GenerateStringCharCodeAt(CallRuntime* call) {
11824 DCHECK(call->arguments()->length() == 2);
11825 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11826 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11827 HValue* index = Pop();
11828 HValue* string = Pop();
11829 HInstruction* result = BuildStringCharCodeAt(string, index);
11830 return ast_context()->ReturnInstruction(result, call->id());
11834 // Fast support for string.charAt(n) and string[n].
11835 void HOptimizedGraphBuilder::GenerateStringCharFromCode(CallRuntime* call) {
11836 DCHECK(call->arguments()->length() == 1);
11837 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11838 HValue* char_code = Pop();
11839 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
11840 return ast_context()->ReturnInstruction(result, call->id());
11844 // Fast support for string.charAt(n) and string[n].
11845 void HOptimizedGraphBuilder::GenerateStringCharAt(CallRuntime* call) {
11846 DCHECK(call->arguments()->length() == 2);
11847 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11848 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11849 HValue* index = Pop();
11850 HValue* string = Pop();
11851 HInstruction* char_code = BuildStringCharCodeAt(string, index);
11852 AddInstruction(char_code);
11853 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
11854 return ast_context()->ReturnInstruction(result, call->id());
11858 // Fast support for object equality testing.
11859 void HOptimizedGraphBuilder::GenerateObjectEquals(CallRuntime* call) {
11860 DCHECK(call->arguments()->length() == 2);
11861 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11862 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11863 HValue* right = Pop();
11864 HValue* left = Pop();
11865 HCompareObjectEqAndBranch* result =
11866 New<HCompareObjectEqAndBranch>(left, right);
11867 return ast_context()->ReturnControl(result, call->id());
11871 // Fast support for StringAdd.
11872 void HOptimizedGraphBuilder::GenerateStringAdd(CallRuntime* call) {
11873 DCHECK_EQ(2, call->arguments()->length());
11874 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11875 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11876 HValue* right = Pop();
11877 HValue* left = Pop();
11878 HInstruction* result = NewUncasted<HStringAdd>(left, right);
11879 return ast_context()->ReturnInstruction(result, call->id());
11883 // Fast support for SubString.
11884 void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
11885 DCHECK_EQ(3, call->arguments()->length());
11886 CHECK_ALIVE(VisitExpressions(call->arguments()));
11887 PushArgumentsFromEnvironment(call->arguments()->length());
11888 HCallStub* result = New<HCallStub>(CodeStub::SubString, 3);
11889 return ast_context()->ReturnInstruction(result, call->id());
11893 // Fast support for StringCompare.
11894 void HOptimizedGraphBuilder::GenerateStringCompare(CallRuntime* call) {
11895 DCHECK_EQ(2, call->arguments()->length());
11896 CHECK_ALIVE(VisitExpressions(call->arguments()));
11897 PushArgumentsFromEnvironment(call->arguments()->length());
11898 HCallStub* result = New<HCallStub>(CodeStub::StringCompare, 2);
11899 return ast_context()->ReturnInstruction(result, call->id());
11903 // Support for direct calls from JavaScript to native RegExp code.
11904 void HOptimizedGraphBuilder::GenerateRegExpExec(CallRuntime* call) {
11905 DCHECK_EQ(4, call->arguments()->length());
11906 CHECK_ALIVE(VisitExpressions(call->arguments()));
11907 PushArgumentsFromEnvironment(call->arguments()->length());
11908 HCallStub* result = New<HCallStub>(CodeStub::RegExpExec, 4);
11909 return ast_context()->ReturnInstruction(result, call->id());
11913 void HOptimizedGraphBuilder::GenerateDoubleLo(CallRuntime* call) {
11914 DCHECK_EQ(1, call->arguments()->length());
11915 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11916 HValue* value = Pop();
11917 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::LOW);
11918 return ast_context()->ReturnInstruction(result, call->id());
11922 void HOptimizedGraphBuilder::GenerateDoubleHi(CallRuntime* call) {
11923 DCHECK_EQ(1, call->arguments()->length());
11924 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11925 HValue* value = Pop();
11926 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::HIGH);
11927 return ast_context()->ReturnInstruction(result, call->id());
11931 void HOptimizedGraphBuilder::GenerateConstructDouble(CallRuntime* call) {
11932 DCHECK_EQ(2, call->arguments()->length());
11933 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11934 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11935 HValue* lo = Pop();
11936 HValue* hi = Pop();
11937 HInstruction* result = NewUncasted<HConstructDouble>(hi, lo);
11938 return ast_context()->ReturnInstruction(result, call->id());
11942 // Construct a RegExp exec result with two in-object properties.
11943 void HOptimizedGraphBuilder::GenerateRegExpConstructResult(CallRuntime* call) {
11944 DCHECK_EQ(3, call->arguments()->length());
11945 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11946 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11947 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11948 HValue* input = Pop();
11949 HValue* index = Pop();
11950 HValue* length = Pop();
11951 HValue* result = BuildRegExpConstructResult(length, index, input);
11952 return ast_context()->ReturnValue(result);
11956 // Support for fast native caches.
11957 void HOptimizedGraphBuilder::GenerateGetFromCache(CallRuntime* call) {
11958 return Bailout(kInlinedRuntimeFunctionGetFromCache);
11962 // Fast support for number to string.
11963 void HOptimizedGraphBuilder::GenerateNumberToString(CallRuntime* call) {
11964 DCHECK_EQ(1, call->arguments()->length());
11965 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11966 HValue* number = Pop();
11967 HValue* result = BuildNumberToString(number, Type::Any(zone()));
11968 return ast_context()->ReturnValue(result);
11972 // Fast call for custom callbacks.
11973 void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
11974 // 1 ~ The function to call is not itself an argument to the call.
11975 int arg_count = call->arguments()->length() - 1;
11976 DCHECK(arg_count >= 1); // There's always at least a receiver.
11978 CHECK_ALIVE(VisitExpressions(call->arguments()));
11979 // The function is the last argument
11980 HValue* function = Pop();
11981 // Push the arguments to the stack
11982 PushArgumentsFromEnvironment(arg_count);
11984 IfBuilder if_is_jsfunction(this);
11985 if_is_jsfunction.If<HHasInstanceTypeAndBranch>(function, JS_FUNCTION_TYPE);
11987 if_is_jsfunction.Then();
11989 HInstruction* invoke_result =
11990 Add<HInvokeFunction>(function, arg_count);
11991 if (!ast_context()->IsEffect()) {
11992 Push(invoke_result);
11994 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11997 if_is_jsfunction.Else();
11999 HInstruction* call_result =
12000 Add<HCallFunction>(function, arg_count);
12001 if (!ast_context()->IsEffect()) {
12004 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12006 if_is_jsfunction.End();
12008 if (ast_context()->IsEffect()) {
12009 // EffectContext::ReturnValue ignores the value, so we can just pass
12010 // 'undefined' (as we do not have the call result anymore).
12011 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12013 return ast_context()->ReturnValue(Pop());
12018 void HOptimizedGraphBuilder::GenerateDefaultConstructorCallSuper(
12019 CallRuntime* call) {
12020 return Bailout(kSuperReference);
12024 // Fast call to math functions.
12025 void HOptimizedGraphBuilder::GenerateMathPow(CallRuntime* call) {
12026 DCHECK_EQ(2, call->arguments()->length());
12027 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12028 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12029 HValue* right = Pop();
12030 HValue* left = Pop();
12031 HInstruction* result = NewUncasted<HPower>(left, right);
12032 return ast_context()->ReturnInstruction(result, call->id());
12036 void HOptimizedGraphBuilder::GenerateMathLogRT(CallRuntime* call) {
12037 DCHECK(call->arguments()->length() == 1);
12038 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12039 HValue* value = Pop();
12040 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathLog);
12041 return ast_context()->ReturnInstruction(result, call->id());
12045 void HOptimizedGraphBuilder::GenerateMathSqrtRT(CallRuntime* call) {
12046 DCHECK(call->arguments()->length() == 1);
12047 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12048 HValue* value = Pop();
12049 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathSqrt);
12050 return ast_context()->ReturnInstruction(result, call->id());
12054 HValue* HOptimizedGraphBuilder::BuildOrderedHashTableHashToBucket(
12055 HValue* hash, HValue* num_buckets) {
12056 HValue* mask = AddUncasted<HSub>(num_buckets, graph()->GetConstant1());
12057 mask->ChangeRepresentation(Representation::Integer32());
12058 mask->ClearFlag(HValue::kCanOverflow);
12059 return AddUncasted<HBitwise>(Token::BIT_AND, hash, mask);
12063 template <typename CollectionType>
12064 HValue* HOptimizedGraphBuilder::BuildOrderedHashTableHashToEntry(
12065 HValue* table, HValue* hash, HValue* num_buckets) {
12066 HValue* bucket = BuildOrderedHashTableHashToBucket(hash, num_buckets);
12067 HValue* entry_index = AddUncasted<HAdd>(
12068 bucket, Add<HConstant>(CollectionType::kHashTableStartIndex));
12069 entry_index->ClearFlag(HValue::kCanOverflow);
12070 HValue* entry = Add<HLoadKeyed>(table, entry_index, nullptr, FAST_ELEMENTS);
12071 entry->set_type(HType::Smi());
12076 template <typename CollectionType>
12077 HValue* HOptimizedGraphBuilder::BuildOrderedHashTableEntryToIndex(
12078 HValue* entry, HValue* num_buckets) {
12080 AddUncasted<HMul>(entry, Add<HConstant>(CollectionType::kEntrySize));
12081 index->ClearFlag(HValue::kCanOverflow);
12082 index = AddUncasted<HAdd>(index, num_buckets);
12083 index->ClearFlag(HValue::kCanOverflow);
12084 index = AddUncasted<HAdd>(
12085 index, Add<HConstant>(CollectionType::kHashTableStartIndex));
12086 index->ClearFlag(HValue::kCanOverflow);
12091 template <typename CollectionType>
12092 HValue* HOptimizedGraphBuilder::BuildOrderedHashTableFindEntry(HValue* table,
12095 HValue* num_buckets = Add<HLoadNamedField>(
12097 HObjectAccess::ForOrderedHashTableNumberOfBuckets<CollectionType>());
12099 HValue* entry = BuildOrderedHashTableHashToEntry<CollectionType>(table, hash,
12104 LoopBuilder loop(this);
12110 IfBuilder if_not_found(this);
12111 if_not_found.If<HCompareNumericAndBranch>(
12112 entry, Add<HConstant>(CollectionType::kNotFound), Token::EQ);
12113 if_not_found.Then();
12118 HValue* key_index =
12119 BuildOrderedHashTableEntryToIndex<CollectionType>(entry, num_buckets);
12120 HValue* candidate_key =
12121 Add<HLoadKeyed>(table, key_index, nullptr, FAST_ELEMENTS);
12124 IfBuilder if_keys_equal(this);
12125 if_keys_equal.If<HIsStringAndBranch>(candidate_key);
12126 if_keys_equal.AndIf<HStringCompareAndBranch>(candidate_key, key,
12128 if_keys_equal.Then();
12134 HValue* chain_index = AddUncasted<HAdd>(
12135 key_index, Add<HConstant>(CollectionType::kChainOffset));
12136 chain_index->ClearFlag(HValue::kCanOverflow);
12137 entry = Add<HLoadKeyed>(table, chain_index, nullptr, FAST_ELEMENTS);
12138 entry->set_type(HType::Smi());
12147 void HOptimizedGraphBuilder::GenerateMapGet(CallRuntime* call) {
12148 DCHECK(call->arguments()->length() == 2);
12149 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12150 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12151 HValue* key = Pop();
12152 HValue* receiver = Pop();
12154 NoObservableSideEffectsScope no_effects(this);
12156 HIfContinuation continuation;
12158 BuildStringHashLoadIfIsStringAndHashComputed(key, &continuation);
12160 IfBuilder string_checker(this, &continuation);
12161 string_checker.Then();
12163 HValue* table = Add<HLoadNamedField>(
12164 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12165 HValue* key_index =
12166 BuildOrderedHashTableFindEntry<OrderedHashMap>(table, key, hash);
12167 IfBuilder if_found(this);
12168 if_found.If<HCompareNumericAndBranch>(
12169 key_index, Add<HConstant>(OrderedHashMap::kNotFound), Token::NE);
12172 HValue* value_index = AddUncasted<HAdd>(
12173 key_index, Add<HConstant>(OrderedHashMap::kValueOffset));
12174 value_index->ClearFlag(HValue::kCanOverflow);
12175 Push(Add<HLoadKeyed>(table, value_index, nullptr, FAST_ELEMENTS));
12178 Push(graph()->GetConstantUndefined());
12181 string_checker.Else();
12183 Add<HPushArguments>(receiver, key);
12184 Push(Add<HCallRuntime>(call->name(),
12185 Runtime::FunctionForId(Runtime::kMapGet), 2));
12189 return ast_context()->ReturnValue(Pop());
12193 HValue* HOptimizedGraphBuilder::BuildStringHashLoadIfIsStringAndHashComputed(
12194 HValue* object, HIfContinuation* continuation) {
12195 IfBuilder string_checker(this);
12196 string_checker.If<HIsStringAndBranch>(object);
12197 string_checker.And();
12198 HValue* hash = Add<HLoadNamedField>(object, nullptr,
12199 HObjectAccess::ForStringHashField());
12200 HValue* hash_not_computed_mask = Add<HConstant>(String::kHashNotComputedMask);
12201 HValue* hash_computed_test =
12202 AddUncasted<HBitwise>(Token::BIT_AND, hash, hash_not_computed_mask);
12203 string_checker.If<HCompareNumericAndBranch>(
12204 hash_computed_test, graph()->GetConstant0(), Token::EQ);
12205 string_checker.Then();
12206 HValue* shifted_hash =
12207 AddUncasted<HShr>(hash, Add<HConstant>(String::kHashShift));
12208 string_checker.CaptureContinuation(continuation);
12209 return shifted_hash;
12213 template <typename CollectionType>
12214 void HOptimizedGraphBuilder::BuildJSCollectionHas(
12215 CallRuntime* call, const Runtime::Function* c_function) {
12216 DCHECK(call->arguments()->length() == 2);
12217 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12218 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12219 HValue* key = Pop();
12220 HValue* receiver = Pop();
12222 NoObservableSideEffectsScope no_effects(this);
12224 HIfContinuation continuation;
12226 BuildStringHashLoadIfIsStringAndHashComputed(key, &continuation);
12228 IfBuilder string_checker(this, &continuation);
12229 string_checker.Then();
12231 HValue* table = Add<HLoadNamedField>(
12232 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12233 HValue* key_index =
12234 BuildOrderedHashTableFindEntry<CollectionType>(table, key, hash);
12236 IfBuilder if_found(this);
12237 if_found.If<HCompareNumericAndBranch>(
12238 key_index, Add<HConstant>(CollectionType::kNotFound), Token::NE);
12240 Push(graph()->GetConstantTrue());
12242 Push(graph()->GetConstantFalse());
12245 string_checker.Else();
12247 Add<HPushArguments>(receiver, key);
12248 Push(Add<HCallRuntime>(call->name(), c_function, 2));
12252 return ast_context()->ReturnValue(Pop());
12256 void HOptimizedGraphBuilder::GenerateMapHas(CallRuntime* call) {
12257 BuildJSCollectionHas<OrderedHashMap>(
12258 call, Runtime::FunctionForId(Runtime::kMapHas));
12262 void HOptimizedGraphBuilder::GenerateSetHas(CallRuntime* call) {
12263 BuildJSCollectionHas<OrderedHashSet>(
12264 call, Runtime::FunctionForId(Runtime::kSetHas));
12268 template <typename CollectionType>
12269 HValue* HOptimizedGraphBuilder::BuildOrderedHashTableAddEntry(
12270 HValue* table, HValue* key, HValue* hash,
12271 HIfContinuation* join_continuation) {
12272 HValue* num_buckets = Add<HLoadNamedField>(
12274 HObjectAccess::ForOrderedHashTableNumberOfBuckets<CollectionType>());
12275 HValue* capacity = AddUncasted<HMul>(
12276 num_buckets, Add<HConstant>(CollectionType::kLoadFactor));
12277 capacity->ClearFlag(HValue::kCanOverflow);
12278 HValue* num_elements = Add<HLoadNamedField>(
12280 HObjectAccess::ForOrderedHashTableNumberOfElements<CollectionType>());
12281 HValue* num_deleted = Add<HLoadNamedField>(
12282 table, nullptr, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12283 CollectionType>());
12284 HValue* used = AddUncasted<HAdd>(num_elements, num_deleted);
12285 used->ClearFlag(HValue::kCanOverflow);
12286 IfBuilder if_space_available(this);
12287 if_space_available.If<HCompareNumericAndBranch>(capacity, used, Token::GT);
12288 if_space_available.Then();
12289 HValue* bucket = BuildOrderedHashTableHashToBucket(hash, num_buckets);
12290 HValue* entry = used;
12291 HValue* key_index =
12292 BuildOrderedHashTableEntryToIndex<CollectionType>(entry, num_buckets);
12294 HValue* bucket_index = AddUncasted<HAdd>(
12295 bucket, Add<HConstant>(CollectionType::kHashTableStartIndex));
12296 bucket_index->ClearFlag(HValue::kCanOverflow);
12297 HValue* chain_entry =
12298 Add<HLoadKeyed>(table, bucket_index, nullptr, FAST_ELEMENTS);
12299 chain_entry->set_type(HType::Smi());
12301 HValue* chain_index = AddUncasted<HAdd>(
12302 key_index, Add<HConstant>(CollectionType::kChainOffset));
12303 chain_index->ClearFlag(HValue::kCanOverflow);
12305 Add<HStoreKeyed>(table, bucket_index, entry, FAST_ELEMENTS);
12306 Add<HStoreKeyed>(table, chain_index, chain_entry, FAST_ELEMENTS);
12307 Add<HStoreKeyed>(table, key_index, key, FAST_ELEMENTS);
12309 HValue* new_num_elements =
12310 AddUncasted<HAdd>(num_elements, graph()->GetConstant1());
12311 new_num_elements->ClearFlag(HValue::kCanOverflow);
12312 Add<HStoreNamedField>(
12314 HObjectAccess::ForOrderedHashTableNumberOfElements<CollectionType>(),
12316 if_space_available.JoinContinuation(join_continuation);
12321 void HOptimizedGraphBuilder::GenerateMapSet(CallRuntime* call) {
12322 DCHECK(call->arguments()->length() == 3);
12323 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12324 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12325 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12326 HValue* value = Pop();
12327 HValue* key = Pop();
12328 HValue* receiver = Pop();
12330 NoObservableSideEffectsScope no_effects(this);
12332 HIfContinuation return_or_call_runtime_continuation(
12333 graph()->CreateBasicBlock(), graph()->CreateBasicBlock());
12334 HIfContinuation got_string_hash;
12336 BuildStringHashLoadIfIsStringAndHashComputed(key, &got_string_hash);
12337 IfBuilder string_checker(this, &got_string_hash);
12338 string_checker.Then();
12340 HValue* table = Add<HLoadNamedField>(receiver, nullptr,
12341 HObjectAccess::ForJSCollectionTable());
12342 HValue* key_index =
12343 BuildOrderedHashTableFindEntry<OrderedHashMap>(table, key, hash);
12345 IfBuilder if_found(this);
12346 if_found.If<HCompareNumericAndBranch>(
12347 key_index, Add<HConstant>(OrderedHashMap::kNotFound), Token::NE);
12350 HValue* value_index = AddUncasted<HAdd>(
12351 key_index, Add<HConstant>(OrderedHashMap::kValueOffset));
12352 value_index->ClearFlag(HValue::kCanOverflow);
12353 Add<HStoreKeyed>(table, value_index, value, FAST_ELEMENTS);
12357 HIfContinuation did_add(graph()->CreateBasicBlock(),
12358 graph()->CreateBasicBlock());
12359 HValue* key_index = BuildOrderedHashTableAddEntry<OrderedHashMap>(
12360 table, key, hash, &did_add);
12361 IfBuilder if_did_add(this, &did_add);
12364 HValue* value_index = AddUncasted<HAdd>(
12365 key_index, Add<HConstant>(OrderedHashMap::kValueOffset));
12366 value_index->ClearFlag(HValue::kCanOverflow);
12367 Add<HStoreKeyed>(table, value_index, value, FAST_ELEMENTS);
12369 if_did_add.JoinContinuation(&return_or_call_runtime_continuation);
12373 string_checker.JoinContinuation(&return_or_call_runtime_continuation);
12376 IfBuilder return_or_call_runtime(this,
12377 &return_or_call_runtime_continuation);
12378 return_or_call_runtime.Then();
12380 return_or_call_runtime.Else();
12381 Add<HPushArguments>(receiver, key, value);
12382 Push(Add<HCallRuntime>(call->name(),
12383 Runtime::FunctionForId(Runtime::kMapSet), 3));
12386 return ast_context()->ReturnValue(Pop());
12390 void HOptimizedGraphBuilder::GenerateSetAdd(CallRuntime* call) {
12391 DCHECK(call->arguments()->length() == 2);
12392 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12393 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12394 HValue* key = Pop();
12395 HValue* receiver = Pop();
12397 NoObservableSideEffectsScope no_effects(this);
12399 HIfContinuation return_or_call_runtime_continuation(
12400 graph()->CreateBasicBlock(), graph()->CreateBasicBlock());
12401 HIfContinuation got_string_hash;
12403 BuildStringHashLoadIfIsStringAndHashComputed(key, &got_string_hash);
12404 IfBuilder string_checker(this, &got_string_hash);
12405 string_checker.Then();
12407 HValue* table = Add<HLoadNamedField>(receiver, nullptr,
12408 HObjectAccess::ForJSCollectionTable());
12409 HValue* key_index =
12410 BuildOrderedHashTableFindEntry<OrderedHashSet>(table, key, hash);
12412 IfBuilder if_not_found(this);
12413 if_not_found.If<HCompareNumericAndBranch>(
12414 key_index, Add<HConstant>(OrderedHashSet::kNotFound), Token::EQ);
12415 if_not_found.Then();
12416 BuildOrderedHashTableAddEntry<OrderedHashSet>(
12417 table, key, hash, &return_or_call_runtime_continuation);
12420 string_checker.JoinContinuation(&return_or_call_runtime_continuation);
12423 IfBuilder return_or_call_runtime(this,
12424 &return_or_call_runtime_continuation);
12425 return_or_call_runtime.Then();
12427 return_or_call_runtime.Else();
12428 Add<HPushArguments>(receiver, key);
12429 Push(Add<HCallRuntime>(call->name(),
12430 Runtime::FunctionForId(Runtime::kSetAdd), 2));
12433 return ast_context()->ReturnValue(Pop());
12437 template <typename CollectionType>
12438 void HOptimizedGraphBuilder::BuildJSCollectionDelete(
12439 CallRuntime* call, const Runtime::Function* c_function) {
12440 DCHECK(call->arguments()->length() == 2);
12441 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12442 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12443 HValue* key = Pop();
12444 HValue* receiver = Pop();
12446 NoObservableSideEffectsScope no_effects(this);
12448 HIfContinuation return_or_call_runtime_continuation(
12449 graph()->CreateBasicBlock(), graph()->CreateBasicBlock());
12450 HIfContinuation got_string_hash;
12452 BuildStringHashLoadIfIsStringAndHashComputed(key, &got_string_hash);
12453 IfBuilder string_checker(this, &got_string_hash);
12454 string_checker.Then();
12456 HValue* table = Add<HLoadNamedField>(receiver, nullptr,
12457 HObjectAccess::ForJSCollectionTable());
12458 HValue* key_index =
12459 BuildOrderedHashTableFindEntry<CollectionType>(table, key, hash);
12461 IfBuilder if_found(this);
12462 if_found.If<HCompareNumericAndBranch>(
12463 key_index, Add<HConstant>(CollectionType::kNotFound), Token::NE);
12466 // If we're removing an element, we might need to shrink.
12467 // If we do need to shrink, we'll be bailing out to the runtime.
12468 HValue* num_elements = Add<HLoadNamedField>(
12469 table, nullptr, HObjectAccess::ForOrderedHashTableNumberOfElements<
12470 CollectionType>());
12471 num_elements = AddUncasted<HSub>(num_elements, graph()->GetConstant1());
12472 num_elements->ClearFlag(HValue::kCanOverflow);
12474 HValue* num_buckets = Add<HLoadNamedField>(
12475 table, nullptr, HObjectAccess::ForOrderedHashTableNumberOfBuckets<
12476 CollectionType>());
12477 // threshold is capacity >> 2; we simplify this to num_buckets >> 1
12478 // since kLoadFactor is 2.
12479 STATIC_ASSERT(CollectionType::kLoadFactor == 2);
12480 HValue* threshold =
12481 AddUncasted<HShr>(num_buckets, graph()->GetConstant1());
12483 IfBuilder if_need_not_shrink(this);
12484 if_need_not_shrink.If<HCompareNumericAndBranch>(num_elements, threshold,
12486 if_need_not_shrink.Then();
12488 Add<HStoreKeyed>(table, key_index, graph()->GetConstantHole(),
12491 // For maps, also need to clear the value.
12492 if (CollectionType::kChainOffset > 1) {
12493 HValue* value_index =
12494 AddUncasted<HAdd>(key_index, graph()->GetConstant1());
12495 value_index->ClearFlag(HValue::kCanOverflow);
12496 Add<HStoreKeyed>(table, value_index, graph()->GetConstantHole(),
12499 STATIC_ASSERT(CollectionType::kChainOffset <= 2);
12501 HValue* num_deleted = Add<HLoadNamedField>(
12503 HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12504 CollectionType>());
12505 num_deleted = AddUncasted<HAdd>(num_deleted, graph()->GetConstant1());
12506 num_deleted->ClearFlag(HValue::kCanOverflow);
12507 Add<HStoreNamedField>(
12508 table, HObjectAccess::ForOrderedHashTableNumberOfElements<
12511 Add<HStoreNamedField>(
12512 table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12515 Push(graph()->GetConstantTrue());
12517 if_need_not_shrink.JoinContinuation(
12518 &return_or_call_runtime_continuation);
12522 // Not found, so we're done.
12523 Push(graph()->GetConstantFalse());
12527 string_checker.JoinContinuation(&return_or_call_runtime_continuation);
12530 IfBuilder return_or_call_runtime(this,
12531 &return_or_call_runtime_continuation);
12532 return_or_call_runtime.Then();
12533 return_or_call_runtime.Else();
12534 Add<HPushArguments>(receiver, key);
12535 Push(Add<HCallRuntime>(call->name(), c_function, 2));
12538 return ast_context()->ReturnValue(Pop());
12542 void HOptimizedGraphBuilder::GenerateMapDelete(CallRuntime* call) {
12543 BuildJSCollectionDelete<OrderedHashMap>(
12544 call, Runtime::FunctionForId(Runtime::kMapDelete));
12548 void HOptimizedGraphBuilder::GenerateSetDelete(CallRuntime* call) {
12549 BuildJSCollectionDelete<OrderedHashSet>(
12550 call, Runtime::FunctionForId(Runtime::kSetDelete));
12554 void HOptimizedGraphBuilder::GenerateSetGetSize(CallRuntime* call) {
12555 DCHECK(call->arguments()->length() == 1);
12556 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12557 HValue* receiver = Pop();
12558 HValue* table = Add<HLoadNamedField>(receiver, nullptr,
12559 HObjectAccess::ForJSCollectionTable());
12560 HInstruction* result = New<HLoadNamedField>(
12562 HObjectAccess::ForOrderedHashTableNumberOfElements<OrderedHashSet>());
12563 return ast_context()->ReturnInstruction(result, call->id());
12567 void HOptimizedGraphBuilder::GenerateMapGetSize(CallRuntime* call) {
12568 DCHECK(call->arguments()->length() == 1);
12569 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12570 HValue* receiver = Pop();
12571 HValue* table = Add<HLoadNamedField>(receiver, nullptr,
12572 HObjectAccess::ForJSCollectionTable());
12573 HInstruction* result = New<HLoadNamedField>(
12575 HObjectAccess::ForOrderedHashTableNumberOfElements<OrderedHashMap>());
12576 return ast_context()->ReturnInstruction(result, call->id());
12580 template <typename CollectionType>
12581 HValue* HOptimizedGraphBuilder::BuildAllocateOrderedHashTable() {
12582 static const int kCapacity = CollectionType::kMinCapacity;
12583 static const int kBucketCount = kCapacity / CollectionType::kLoadFactor;
12584 static const int kFixedArrayLength = CollectionType::kHashTableStartIndex +
12586 (kCapacity * CollectionType::kEntrySize);
12587 static const int kSizeInBytes =
12588 FixedArray::kHeaderSize + (kFixedArrayLength * kPointerSize);
12590 // Allocate the table and add the proper map.
12592 Add<HAllocate>(Add<HConstant>(kSizeInBytes), HType::HeapObject(),
12593 NOT_TENURED, FIXED_ARRAY_TYPE);
12594 AddStoreMapConstant(table, isolate()->factory()->ordered_hash_table_map());
12596 // Initialize the FixedArray...
12597 HValue* length = Add<HConstant>(kFixedArrayLength);
12598 Add<HStoreNamedField>(table, HObjectAccess::ForFixedArrayLength(), length);
12600 // ...and the OrderedHashTable fields.
12601 Add<HStoreNamedField>(
12603 HObjectAccess::ForOrderedHashTableNumberOfBuckets<CollectionType>(),
12604 Add<HConstant>(kBucketCount));
12605 Add<HStoreNamedField>(
12607 HObjectAccess::ForOrderedHashTableNumberOfElements<CollectionType>(),
12608 graph()->GetConstant0());
12609 Add<HStoreNamedField>(
12610 table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12612 graph()->GetConstant0());
12614 // Fill the buckets with kNotFound.
12615 HValue* not_found = Add<HConstant>(CollectionType::kNotFound);
12616 for (int i = 0; i < kBucketCount; ++i) {
12617 Add<HStoreNamedField>(
12618 table, HObjectAccess::ForOrderedHashTableBucket<CollectionType>(i),
12622 // Fill the data table with undefined.
12623 HValue* undefined = graph()->GetConstantUndefined();
12624 for (int i = 0; i < (kCapacity * CollectionType::kEntrySize); ++i) {
12625 Add<HStoreNamedField>(table,
12626 HObjectAccess::ForOrderedHashTableDataTableIndex<
12627 CollectionType, kBucketCount>(i),
12635 void HOptimizedGraphBuilder::GenerateSetInitialize(CallRuntime* call) {
12636 DCHECK(call->arguments()->length() == 1);
12637 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12638 HValue* receiver = Pop();
12640 NoObservableSideEffectsScope no_effects(this);
12641 HValue* table = BuildAllocateOrderedHashTable<OrderedHashSet>();
12642 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12643 return ast_context()->ReturnValue(receiver);
12647 void HOptimizedGraphBuilder::GenerateMapInitialize(CallRuntime* call) {
12648 DCHECK(call->arguments()->length() == 1);
12649 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12650 HValue* receiver = Pop();
12652 NoObservableSideEffectsScope no_effects(this);
12653 HValue* table = BuildAllocateOrderedHashTable<OrderedHashMap>();
12654 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12655 return ast_context()->ReturnValue(receiver);
12659 template <typename CollectionType>
12660 void HOptimizedGraphBuilder::BuildOrderedHashTableClear(HValue* receiver) {
12661 HValue* old_table = Add<HLoadNamedField>(
12662 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12663 HValue* new_table = BuildAllocateOrderedHashTable<CollectionType>();
12664 Add<HStoreNamedField>(
12665 old_table, HObjectAccess::ForOrderedHashTableNextTable<CollectionType>(),
12667 Add<HStoreNamedField>(
12668 old_table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12670 Add<HConstant>(CollectionType::kClearedTableSentinel));
12671 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(),
12676 void HOptimizedGraphBuilder::GenerateSetClear(CallRuntime* call) {
12677 DCHECK(call->arguments()->length() == 1);
12678 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12679 HValue* receiver = Pop();
12681 NoObservableSideEffectsScope no_effects(this);
12682 BuildOrderedHashTableClear<OrderedHashSet>(receiver);
12683 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12687 void HOptimizedGraphBuilder::GenerateMapClear(CallRuntime* call) {
12688 DCHECK(call->arguments()->length() == 1);
12689 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12690 HValue* receiver = Pop();
12692 NoObservableSideEffectsScope no_effects(this);
12693 BuildOrderedHashTableClear<OrderedHashMap>(receiver);
12694 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12698 void HOptimizedGraphBuilder::GenerateGetCachedArrayIndex(CallRuntime* call) {
12699 DCHECK(call->arguments()->length() == 1);
12700 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12701 HValue* value = Pop();
12702 HGetCachedArrayIndex* result = New<HGetCachedArrayIndex>(value);
12703 return ast_context()->ReturnInstruction(result, call->id());
12707 void HOptimizedGraphBuilder::GenerateFastOneByteArrayJoin(CallRuntime* call) {
12708 return Bailout(kInlinedRuntimeFunctionFastOneByteArrayJoin);
12712 // Support for generators.
12713 void HOptimizedGraphBuilder::GenerateGeneratorNext(CallRuntime* call) {
12714 return Bailout(kInlinedRuntimeFunctionGeneratorNext);
12718 void HOptimizedGraphBuilder::GenerateGeneratorThrow(CallRuntime* call) {
12719 return Bailout(kInlinedRuntimeFunctionGeneratorThrow);
12723 void HOptimizedGraphBuilder::GenerateDebugBreakInOptimizedCode(
12724 CallRuntime* call) {
12725 Add<HDebugBreak>();
12726 return ast_context()->ReturnValue(graph()->GetConstant0());
12730 void HOptimizedGraphBuilder::GenerateDebugIsActive(CallRuntime* call) {
12731 DCHECK(call->arguments()->length() == 0);
12733 Add<HConstant>(ExternalReference::debug_is_active_address(isolate()));
12735 Add<HLoadNamedField>(ref, nullptr, HObjectAccess::ForExternalUInteger8());
12736 return ast_context()->ReturnValue(value);
12740 void HOptimizedGraphBuilder::GenerateGetPrototype(CallRuntime* call) {
12741 DCHECK(call->arguments()->length() == 1);
12742 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12743 HValue* object = Pop();
12745 NoObservableSideEffectsScope no_effects(this);
12747 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
12748 HValue* bit_field =
12749 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField());
12750 HValue* is_access_check_needed_mask =
12751 Add<HConstant>(1 << Map::kIsAccessCheckNeeded);
12752 HValue* is_access_check_needed_test = AddUncasted<HBitwise>(
12753 Token::BIT_AND, bit_field, is_access_check_needed_mask);
12756 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForPrototype());
12757 HValue* proto_map =
12758 Add<HLoadNamedField>(proto, nullptr, HObjectAccess::ForMap());
12759 HValue* proto_bit_field =
12760 Add<HLoadNamedField>(proto_map, nullptr, HObjectAccess::ForMapBitField());
12761 HValue* is_hidden_prototype_mask =
12762 Add<HConstant>(1 << Map::kIsHiddenPrototype);
12763 HValue* is_hidden_prototype_test = AddUncasted<HBitwise>(
12764 Token::BIT_AND, proto_bit_field, is_hidden_prototype_mask);
12767 IfBuilder needs_runtime(this);
12768 needs_runtime.If<HCompareNumericAndBranch>(
12769 is_access_check_needed_test, graph()->GetConstant0(), Token::NE);
12770 needs_runtime.OrIf<HCompareNumericAndBranch>(
12771 is_hidden_prototype_test, graph()->GetConstant0(), Token::NE);
12773 needs_runtime.Then();
12775 Add<HPushArguments>(object);
12776 Push(Add<HCallRuntime>(
12777 call->name(), Runtime::FunctionForId(Runtime::kGetPrototype), 1));
12780 needs_runtime.Else();
12783 return ast_context()->ReturnValue(Pop());
12787 #undef CHECK_BAILOUT
12791 HEnvironment::HEnvironment(HEnvironment* outer,
12793 Handle<JSFunction> closure,
12795 : closure_(closure),
12797 frame_type_(JS_FUNCTION),
12798 parameter_count_(0),
12799 specials_count_(1),
12805 ast_id_(BailoutId::None()),
12807 Scope* declaration_scope = scope->DeclarationScope();
12808 Initialize(declaration_scope->num_parameters() + 1,
12809 declaration_scope->num_stack_slots(), 0);
12813 HEnvironment::HEnvironment(Zone* zone, int parameter_count)
12814 : values_(0, zone),
12816 parameter_count_(parameter_count),
12817 specials_count_(1),
12823 ast_id_(BailoutId::None()),
12825 Initialize(parameter_count, 0, 0);
12829 HEnvironment::HEnvironment(const HEnvironment* other, Zone* zone)
12830 : values_(0, zone),
12831 frame_type_(JS_FUNCTION),
12832 parameter_count_(0),
12833 specials_count_(0),
12839 ast_id_(other->ast_id()),
12845 HEnvironment::HEnvironment(HEnvironment* outer,
12846 Handle<JSFunction> closure,
12847 FrameType frame_type,
12850 : closure_(closure),
12851 values_(arguments, zone),
12852 frame_type_(frame_type),
12853 parameter_count_(arguments),
12854 specials_count_(0),
12860 ast_id_(BailoutId::None()),
12865 void HEnvironment::Initialize(int parameter_count,
12867 int stack_height) {
12868 parameter_count_ = parameter_count;
12869 local_count_ = local_count;
12871 // Avoid reallocating the temporaries' backing store on the first Push.
12872 int total = parameter_count + specials_count_ + local_count + stack_height;
12873 values_.Initialize(total + 4, zone());
12874 for (int i = 0; i < total; ++i) values_.Add(NULL, zone());
12878 void HEnvironment::Initialize(const HEnvironment* other) {
12879 closure_ = other->closure();
12880 values_.AddAll(other->values_, zone());
12881 assigned_variables_.Union(other->assigned_variables_, zone());
12882 frame_type_ = other->frame_type_;
12883 parameter_count_ = other->parameter_count_;
12884 local_count_ = other->local_count_;
12885 if (other->outer_ != NULL) outer_ = other->outer_->Copy(); // Deep copy.
12886 entry_ = other->entry_;
12887 pop_count_ = other->pop_count_;
12888 push_count_ = other->push_count_;
12889 specials_count_ = other->specials_count_;
12890 ast_id_ = other->ast_id_;
12894 void HEnvironment::AddIncomingEdge(HBasicBlock* block, HEnvironment* other) {
12895 DCHECK(!block->IsLoopHeader());
12896 DCHECK(values_.length() == other->values_.length());
12898 int length = values_.length();
12899 for (int i = 0; i < length; ++i) {
12900 HValue* value = values_[i];
12901 if (value != NULL && value->IsPhi() && value->block() == block) {
12902 // There is already a phi for the i'th value.
12903 HPhi* phi = HPhi::cast(value);
12904 // Assert index is correct and that we haven't missed an incoming edge.
12905 DCHECK(phi->merged_index() == i || !phi->HasMergedIndex());
12906 DCHECK(phi->OperandCount() == block->predecessors()->length());
12907 phi->AddInput(other->values_[i]);
12908 } else if (values_[i] != other->values_[i]) {
12909 // There is a fresh value on the incoming edge, a phi is needed.
12910 DCHECK(values_[i] != NULL && other->values_[i] != NULL);
12911 HPhi* phi = block->AddNewPhi(i);
12912 HValue* old_value = values_[i];
12913 for (int j = 0; j < block->predecessors()->length(); j++) {
12914 phi->AddInput(old_value);
12916 phi->AddInput(other->values_[i]);
12917 this->values_[i] = phi;
12923 void HEnvironment::Bind(int index, HValue* value) {
12924 DCHECK(value != NULL);
12925 assigned_variables_.Add(index, zone());
12926 values_[index] = value;
12930 bool HEnvironment::HasExpressionAt(int index) const {
12931 return index >= parameter_count_ + specials_count_ + local_count_;
12935 bool HEnvironment::ExpressionStackIsEmpty() const {
12936 DCHECK(length() >= first_expression_index());
12937 return length() == first_expression_index();
12941 void HEnvironment::SetExpressionStackAt(int index_from_top, HValue* value) {
12942 int count = index_from_top + 1;
12943 int index = values_.length() - count;
12944 DCHECK(HasExpressionAt(index));
12945 // The push count must include at least the element in question or else
12946 // the new value will not be included in this environment's history.
12947 if (push_count_ < count) {
12948 // This is the same effect as popping then re-pushing 'count' elements.
12949 pop_count_ += (count - push_count_);
12950 push_count_ = count;
12952 values_[index] = value;
12956 HValue* HEnvironment::RemoveExpressionStackAt(int index_from_top) {
12957 int count = index_from_top + 1;
12958 int index = values_.length() - count;
12959 DCHECK(HasExpressionAt(index));
12960 // Simulate popping 'count' elements and then
12961 // pushing 'count - 1' elements back.
12962 pop_count_ += Max(count - push_count_, 0);
12963 push_count_ = Max(push_count_ - count, 0) + (count - 1);
12964 return values_.Remove(index);
12968 void HEnvironment::Drop(int count) {
12969 for (int i = 0; i < count; ++i) {
12975 HEnvironment* HEnvironment::Copy() const {
12976 return new(zone()) HEnvironment(this, zone());
12980 HEnvironment* HEnvironment::CopyWithoutHistory() const {
12981 HEnvironment* result = Copy();
12982 result->ClearHistory();
12987 HEnvironment* HEnvironment::CopyAsLoopHeader(HBasicBlock* loop_header) const {
12988 HEnvironment* new_env = Copy();
12989 for (int i = 0; i < values_.length(); ++i) {
12990 HPhi* phi = loop_header->AddNewPhi(i);
12991 phi->AddInput(values_[i]);
12992 new_env->values_[i] = phi;
12994 new_env->ClearHistory();
12999 HEnvironment* HEnvironment::CreateStubEnvironment(HEnvironment* outer,
13000 Handle<JSFunction> target,
13001 FrameType frame_type,
13002 int arguments) const {
13003 HEnvironment* new_env =
13004 new(zone()) HEnvironment(outer, target, frame_type,
13005 arguments + 1, zone());
13006 for (int i = 0; i <= arguments; ++i) { // Include receiver.
13007 new_env->Push(ExpressionStackAt(arguments - i));
13009 new_env->ClearHistory();
13014 HEnvironment* HEnvironment::CopyForInlining(
13015 Handle<JSFunction> target,
13017 FunctionLiteral* function,
13018 HConstant* undefined,
13019 InliningKind inlining_kind) const {
13020 DCHECK(frame_type() == JS_FUNCTION);
13022 // Outer environment is a copy of this one without the arguments.
13023 int arity = function->scope()->num_parameters();
13025 HEnvironment* outer = Copy();
13026 outer->Drop(arguments + 1); // Including receiver.
13027 outer->ClearHistory();
13029 if (inlining_kind == CONSTRUCT_CALL_RETURN) {
13030 // Create artificial constructor stub environment. The receiver should
13031 // actually be the constructor function, but we pass the newly allocated
13032 // object instead, DoComputeConstructStubFrame() relies on that.
13033 outer = CreateStubEnvironment(outer, target, JS_CONSTRUCT, arguments);
13034 } else if (inlining_kind == GETTER_CALL_RETURN) {
13035 // We need an additional StackFrame::INTERNAL frame for restoring the
13036 // correct context.
13037 outer = CreateStubEnvironment(outer, target, JS_GETTER, arguments);
13038 } else if (inlining_kind == SETTER_CALL_RETURN) {
13039 // We need an additional StackFrame::INTERNAL frame for temporarily saving
13040 // the argument of the setter, see StoreStubCompiler::CompileStoreViaSetter.
13041 outer = CreateStubEnvironment(outer, target, JS_SETTER, arguments);
13044 if (arity != arguments) {
13045 // Create artificial arguments adaptation environment.
13046 outer = CreateStubEnvironment(outer, target, ARGUMENTS_ADAPTOR, arguments);
13049 HEnvironment* inner =
13050 new(zone()) HEnvironment(outer, function->scope(), target, zone());
13051 // Get the argument values from the original environment.
13052 for (int i = 0; i <= arity; ++i) { // Include receiver.
13053 HValue* push = (i <= arguments) ?
13054 ExpressionStackAt(arguments - i) : undefined;
13055 inner->SetValueAt(i, push);
13057 inner->SetValueAt(arity + 1, context());
13058 for (int i = arity + 2; i < inner->length(); ++i) {
13059 inner->SetValueAt(i, undefined);
13062 inner->set_ast_id(BailoutId::FunctionEntry());
13067 std::ostream& operator<<(std::ostream& os, const HEnvironment& env) {
13068 for (int i = 0; i < env.length(); i++) {
13069 if (i == 0) os << "parameters\n";
13070 if (i == env.parameter_count()) os << "specials\n";
13071 if (i == env.parameter_count() + env.specials_count()) os << "locals\n";
13072 if (i == env.parameter_count() + env.specials_count() + env.local_count()) {
13073 os << "expressions\n";
13075 HValue* val = env.values()->at(i);
13088 void HTracer::TraceCompilation(CompilationInfo* info) {
13089 Tag tag(this, "compilation");
13090 if (info->IsOptimizing()) {
13091 Handle<String> name = info->function()->debug_name();
13092 PrintStringProperty("name", name->ToCString().get());
13094 trace_.Add("method \"%s:%d\"\n",
13095 name->ToCString().get(),
13096 info->optimization_id());
13098 CodeStub::Major major_key = info->code_stub()->MajorKey();
13099 PrintStringProperty("name", CodeStub::MajorName(major_key, false));
13100 PrintStringProperty("method", "stub");
13102 PrintLongProperty("date",
13103 static_cast<int64_t>(base::OS::TimeCurrentMillis()));
13107 void HTracer::TraceLithium(const char* name, LChunk* chunk) {
13108 DCHECK(!chunk->isolate()->concurrent_recompilation_enabled());
13109 AllowHandleDereference allow_deref;
13110 AllowDeferredHandleDereference allow_deferred_deref;
13111 Trace(name, chunk->graph(), chunk);
13115 void HTracer::TraceHydrogen(const char* name, HGraph* graph) {
13116 DCHECK(!graph->isolate()->concurrent_recompilation_enabled());
13117 AllowHandleDereference allow_deref;
13118 AllowDeferredHandleDereference allow_deferred_deref;
13119 Trace(name, graph, NULL);
13123 void HTracer::Trace(const char* name, HGraph* graph, LChunk* chunk) {
13124 Tag tag(this, "cfg");
13125 PrintStringProperty("name", name);
13126 const ZoneList<HBasicBlock*>* blocks = graph->blocks();
13127 for (int i = 0; i < blocks->length(); i++) {
13128 HBasicBlock* current = blocks->at(i);
13129 Tag block_tag(this, "block");
13130 PrintBlockProperty("name", current->block_id());
13131 PrintIntProperty("from_bci", -1);
13132 PrintIntProperty("to_bci", -1);
13134 if (!current->predecessors()->is_empty()) {
13136 trace_.Add("predecessors");
13137 for (int j = 0; j < current->predecessors()->length(); ++j) {
13138 trace_.Add(" \"B%d\"", current->predecessors()->at(j)->block_id());
13142 PrintEmptyProperty("predecessors");
13145 if (current->end()->SuccessorCount() == 0) {
13146 PrintEmptyProperty("successors");
13149 trace_.Add("successors");
13150 for (HSuccessorIterator it(current->end()); !it.Done(); it.Advance()) {
13151 trace_.Add(" \"B%d\"", it.Current()->block_id());
13156 PrintEmptyProperty("xhandlers");
13160 trace_.Add("flags");
13161 if (current->IsLoopSuccessorDominator()) {
13162 trace_.Add(" \"dom-loop-succ\"");
13164 if (current->IsUnreachable()) {
13165 trace_.Add(" \"dead\"");
13167 if (current->is_osr_entry()) {
13168 trace_.Add(" \"osr\"");
13173 if (current->dominator() != NULL) {
13174 PrintBlockProperty("dominator", current->dominator()->block_id());
13177 PrintIntProperty("loop_depth", current->LoopNestingDepth());
13179 if (chunk != NULL) {
13180 int first_index = current->first_instruction_index();
13181 int last_index = current->last_instruction_index();
13184 LifetimePosition::FromInstructionIndex(first_index).Value());
13187 LifetimePosition::FromInstructionIndex(last_index).Value());
13191 Tag states_tag(this, "states");
13192 Tag locals_tag(this, "locals");
13193 int total = current->phis()->length();
13194 PrintIntProperty("size", current->phis()->length());
13195 PrintStringProperty("method", "None");
13196 for (int j = 0; j < total; ++j) {
13197 HPhi* phi = current->phis()->at(j);
13199 std::ostringstream os;
13200 os << phi->merged_index() << " " << NameOf(phi) << " " << *phi << "\n";
13201 trace_.Add(os.str().c_str());
13206 Tag HIR_tag(this, "HIR");
13207 for (HInstructionIterator it(current); !it.Done(); it.Advance()) {
13208 HInstruction* instruction = it.Current();
13209 int uses = instruction->UseCount();
13211 std::ostringstream os;
13212 os << "0 " << uses << " " << NameOf(instruction) << " " << *instruction;
13213 if (FLAG_hydrogen_track_positions &&
13214 instruction->has_position() &&
13215 instruction->position().raw() != 0) {
13216 const SourcePosition pos = instruction->position();
13218 if (pos.inlining_id() != 0) os << pos.inlining_id() << "_";
13219 os << pos.position();
13222 trace_.Add(os.str().c_str());
13227 if (chunk != NULL) {
13228 Tag LIR_tag(this, "LIR");
13229 int first_index = current->first_instruction_index();
13230 int last_index = current->last_instruction_index();
13231 if (first_index != -1 && last_index != -1) {
13232 const ZoneList<LInstruction*>* instructions = chunk->instructions();
13233 for (int i = first_index; i <= last_index; ++i) {
13234 LInstruction* linstr = instructions->at(i);
13235 if (linstr != NULL) {
13238 LifetimePosition::FromInstructionIndex(i).Value());
13239 linstr->PrintTo(&trace_);
13240 std::ostringstream os;
13241 os << " [hir:" << NameOf(linstr->hydrogen_value()) << "] <|@\n";
13242 trace_.Add(os.str().c_str());
13251 void HTracer::TraceLiveRanges(const char* name, LAllocator* allocator) {
13252 Tag tag(this, "intervals");
13253 PrintStringProperty("name", name);
13255 const Vector<LiveRange*>* fixed_d = allocator->fixed_double_live_ranges();
13256 for (int i = 0; i < fixed_d->length(); ++i) {
13257 TraceLiveRange(fixed_d->at(i), "fixed", allocator->zone());
13260 const Vector<LiveRange*>* fixed = allocator->fixed_live_ranges();
13261 for (int i = 0; i < fixed->length(); ++i) {
13262 TraceLiveRange(fixed->at(i), "fixed", allocator->zone());
13265 const ZoneList<LiveRange*>* live_ranges = allocator->live_ranges();
13266 for (int i = 0; i < live_ranges->length(); ++i) {
13267 TraceLiveRange(live_ranges->at(i), "object", allocator->zone());
13272 void HTracer::TraceLiveRange(LiveRange* range, const char* type,
13274 if (range != NULL && !range->IsEmpty()) {
13276 trace_.Add("%d %s", range->id(), type);
13277 if (range->HasRegisterAssigned()) {
13278 LOperand* op = range->CreateAssignedOperand(zone);
13279 int assigned_reg = op->index();
13280 if (op->IsDoubleRegister()) {
13281 trace_.Add(" \"%s\"",
13282 DoubleRegister::AllocationIndexToString(assigned_reg));
13284 DCHECK(op->IsRegister());
13285 trace_.Add(" \"%s\"", Register::AllocationIndexToString(assigned_reg));
13287 } else if (range->IsSpilled()) {
13288 LOperand* op = range->TopLevel()->GetSpillOperand();
13289 if (op->IsDoubleStackSlot()) {
13290 trace_.Add(" \"double_stack:%d\"", op->index());
13292 DCHECK(op->IsStackSlot());
13293 trace_.Add(" \"stack:%d\"", op->index());
13296 int parent_index = -1;
13297 if (range->IsChild()) {
13298 parent_index = range->parent()->id();
13300 parent_index = range->id();
13302 LOperand* op = range->FirstHint();
13303 int hint_index = -1;
13304 if (op != NULL && op->IsUnallocated()) {
13305 hint_index = LUnallocated::cast(op)->virtual_register();
13307 trace_.Add(" %d %d", parent_index, hint_index);
13308 UseInterval* cur_interval = range->first_interval();
13309 while (cur_interval != NULL && range->Covers(cur_interval->start())) {
13310 trace_.Add(" [%d, %d[",
13311 cur_interval->start().Value(),
13312 cur_interval->end().Value());
13313 cur_interval = cur_interval->next();
13316 UsePosition* current_pos = range->first_pos();
13317 while (current_pos != NULL) {
13318 if (current_pos->RegisterIsBeneficial() || FLAG_trace_all_uses) {
13319 trace_.Add(" %d M", current_pos->pos().Value());
13321 current_pos = current_pos->next();
13324 trace_.Add(" \"\"\n");
13329 void HTracer::FlushToFile() {
13330 AppendChars(filename_.start(), trace_.ToCString().get(), trace_.length(),
13336 void HStatistics::Initialize(CompilationInfo* info) {
13337 if (info->shared_info().is_null()) return;
13338 source_size_ += info->shared_info()->SourceSize();
13342 void HStatistics::Print() {
13345 "----------------------------------------"
13346 "----------------------------------------\n"
13347 "--- Hydrogen timing results:\n"
13348 "----------------------------------------"
13349 "----------------------------------------\n");
13350 base::TimeDelta sum;
13351 for (int i = 0; i < times_.length(); ++i) {
13355 for (int i = 0; i < names_.length(); ++i) {
13356 PrintF("%33s", names_[i]);
13357 double ms = times_[i].InMillisecondsF();
13358 double percent = times_[i].PercentOf(sum);
13359 PrintF(" %8.3f ms / %4.1f %% ", ms, percent);
13361 size_t size = sizes_[i];
13362 double size_percent = static_cast<double>(size) * 100 / total_size_;
13363 PrintF(" %9zu bytes / %4.1f %%\n", size, size_percent);
13367 "----------------------------------------"
13368 "----------------------------------------\n");
13369 base::TimeDelta total = create_graph_ + optimize_graph_ + generate_code_;
13370 PrintF("%33s %8.3f ms / %4.1f %% \n", "Create graph",
13371 create_graph_.InMillisecondsF(), create_graph_.PercentOf(total));
13372 PrintF("%33s %8.3f ms / %4.1f %% \n", "Optimize graph",
13373 optimize_graph_.InMillisecondsF(), optimize_graph_.PercentOf(total));
13374 PrintF("%33s %8.3f ms / %4.1f %% \n", "Generate and install code",
13375 generate_code_.InMillisecondsF(), generate_code_.PercentOf(total));
13377 "----------------------------------------"
13378 "----------------------------------------\n");
13379 PrintF("%33s %8.3f ms %9zu bytes\n", "Total",
13380 total.InMillisecondsF(), total_size_);
13381 PrintF("%33s (%.1f times slower than full code gen)\n", "",
13382 total.TimesOf(full_code_gen_));
13384 double source_size_in_kb = static_cast<double>(source_size_) / 1024;
13385 double normalized_time = source_size_in_kb > 0
13386 ? total.InMillisecondsF() / source_size_in_kb
13388 double normalized_size_in_kb =
13389 source_size_in_kb > 0
13390 ? static_cast<double>(total_size_) / 1024 / source_size_in_kb
13392 PrintF("%33s %8.3f ms %7.3f kB allocated\n",
13393 "Average per kB source", normalized_time, normalized_size_in_kb);
13397 void HStatistics::SaveTiming(const char* name, base::TimeDelta time,
13399 total_size_ += size;
13400 for (int i = 0; i < names_.length(); ++i) {
13401 if (strcmp(names_[i], name) == 0) {
13413 HPhase::~HPhase() {
13414 if (ShouldProduceTraceOutput()) {
13415 isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
13419 graph_->Verify(false); // No full verify.
13423 } } // namespace v8::internal
projects / platform / upstream / nodejs.git / blob