1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "src/hydrogen.h"
11 #include "src/allocation-site-scopes.h"
12 #include "src/ast-numbering.h"
13 #include "src/full-codegen/full-codegen.h"
14 #include "src/hydrogen-bce.h"
15 #include "src/hydrogen-bch.h"
16 #include "src/hydrogen-canonicalize.h"
17 #include "src/hydrogen-check-elimination.h"
18 #include "src/hydrogen-dce.h"
19 #include "src/hydrogen-dehoist.h"
20 #include "src/hydrogen-environment-liveness.h"
21 #include "src/hydrogen-escape-analysis.h"
22 #include "src/hydrogen-gvn.h"
23 #include "src/hydrogen-infer-representation.h"
24 #include "src/hydrogen-infer-types.h"
25 #include "src/hydrogen-load-elimination.h"
26 #include "src/hydrogen-mark-deoptimize.h"
27 #include "src/hydrogen-mark-unreachable.h"
28 #include "src/hydrogen-osr.h"
29 #include "src/hydrogen-range-analysis.h"
30 #include "src/hydrogen-redundant-phi.h"
31 #include "src/hydrogen-removable-simulates.h"
32 #include "src/hydrogen-representation-changes.h"
33 #include "src/hydrogen-sce.h"
34 #include "src/hydrogen-store-elimination.h"
35 #include "src/hydrogen-uint32-analysis.h"
36 #include "src/ic/call-optimization.h"
37 #include "src/ic/ic.h"
39 #include "src/ic/ic-inl.h"
40 #include "src/lithium-allocator.h"
41 #include "src/parser.h"
42 #include "src/runtime/runtime.h"
43 #include "src/scopeinfo.h"
44 #include "src/typing.h"
46 #if V8_TARGET_ARCH_IA32
47 #include "src/ia32/lithium-codegen-ia32.h" // NOLINT
48 #elif V8_TARGET_ARCH_X64
49 #include "src/x64/lithium-codegen-x64.h" // NOLINT
50 #elif V8_TARGET_ARCH_ARM64
51 #include "src/arm64/lithium-codegen-arm64.h" // NOLINT
52 #elif V8_TARGET_ARCH_ARM
53 #include "src/arm/lithium-codegen-arm.h" // NOLINT
54 #elif V8_TARGET_ARCH_PPC
55 #include "src/ppc/lithium-codegen-ppc.h" // NOLINT
56 #elif V8_TARGET_ARCH_MIPS
57 #include "src/mips/lithium-codegen-mips.h" // NOLINT
58 #elif V8_TARGET_ARCH_MIPS64
59 #include "src/mips64/lithium-codegen-mips64.h" // NOLINT
60 #elif V8_TARGET_ARCH_X87
61 #include "src/x87/lithium-codegen-x87.h" // NOLINT
63 #error Unsupported target architecture.
69 HBasicBlock::HBasicBlock(HGraph* graph)
70 : block_id_(graph->GetNextBlockID()),
72 phis_(4, graph->zone()),
76 loop_information_(NULL),
77 predecessors_(2, graph->zone()),
79 dominated_blocks_(4, graph->zone()),
80 last_environment_(NULL),
82 first_instruction_index_(-1),
83 last_instruction_index_(-1),
84 deleted_phis_(4, graph->zone()),
85 parent_loop_header_(NULL),
86 inlined_entry_block_(NULL),
87 is_inline_return_target_(false),
89 dominates_loop_successors_(false),
91 is_ordered_(false) { }
94 Isolate* HBasicBlock::isolate() const {
95 return graph_->isolate();
99 void HBasicBlock::MarkUnreachable() {
100 is_reachable_ = false;
104 void HBasicBlock::AttachLoopInformation() {
105 DCHECK(!IsLoopHeader());
106 loop_information_ = new(zone()) HLoopInformation(this, zone());
110 void HBasicBlock::DetachLoopInformation() {
111 DCHECK(IsLoopHeader());
112 loop_information_ = NULL;
116 void HBasicBlock::AddPhi(HPhi* phi) {
117 DCHECK(!IsStartBlock());
118 phis_.Add(phi, zone());
123 void HBasicBlock::RemovePhi(HPhi* phi) {
124 DCHECK(phi->block() == this);
125 DCHECK(phis_.Contains(phi));
127 phis_.RemoveElement(phi);
132 void HBasicBlock::AddInstruction(HInstruction* instr, SourcePosition position) {
133 DCHECK(!IsStartBlock() || !IsFinished());
134 DCHECK(!instr->IsLinked());
135 DCHECK(!IsFinished());
137 if (!position.IsUnknown()) {
138 instr->set_position(position);
140 if (first_ == NULL) {
141 DCHECK(last_environment() != NULL);
142 DCHECK(!last_environment()->ast_id().IsNone());
143 HBlockEntry* entry = new(zone()) HBlockEntry();
144 entry->InitializeAsFirst(this);
145 if (!position.IsUnknown()) {
146 entry->set_position(position);
148 DCHECK(!FLAG_hydrogen_track_positions ||
149 !graph()->info()->IsOptimizing() || instr->IsAbnormalExit());
151 first_ = last_ = entry;
153 instr->InsertAfter(last_);
157 HPhi* HBasicBlock::AddNewPhi(int merged_index) {
158 if (graph()->IsInsideNoSideEffectsScope()) {
159 merged_index = HPhi::kInvalidMergedIndex;
161 HPhi* phi = new(zone()) HPhi(merged_index, zone());
167 HSimulate* HBasicBlock::CreateSimulate(BailoutId ast_id,
168 RemovableSimulate removable) {
169 DCHECK(HasEnvironment());
170 HEnvironment* environment = last_environment();
171 DCHECK(ast_id.IsNone() ||
172 ast_id == BailoutId::StubEntry() ||
173 environment->closure()->shared()->VerifyBailoutId(ast_id));
175 int push_count = environment->push_count();
176 int pop_count = environment->pop_count();
179 new(zone()) HSimulate(ast_id, pop_count, zone(), removable);
181 instr->set_closure(environment->closure());
183 // Order of pushed values: newest (top of stack) first. This allows
184 // HSimulate::MergeWith() to easily append additional pushed values
185 // that are older (from further down the stack).
186 for (int i = 0; i < push_count; ++i) {
187 instr->AddPushedValue(environment->ExpressionStackAt(i));
189 for (GrowableBitVector::Iterator it(environment->assigned_variables(),
193 int index = it.Current();
194 instr->AddAssignedValue(index, environment->Lookup(index));
196 environment->ClearHistory();
201 void HBasicBlock::Finish(HControlInstruction* end, SourcePosition position) {
202 DCHECK(!IsFinished());
203 AddInstruction(end, position);
205 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
206 it.Current()->RegisterPredecessor(this);
211 void HBasicBlock::Goto(HBasicBlock* block, SourcePosition position,
212 FunctionState* state, bool add_simulate) {
213 bool drop_extra = state != NULL &&
214 state->inlining_kind() == NORMAL_RETURN;
216 if (block->IsInlineReturnTarget()) {
217 HEnvironment* env = last_environment();
218 int argument_count = env->arguments_environment()->parameter_count();
219 AddInstruction(new(zone())
220 HLeaveInlined(state->entry(), argument_count),
222 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
225 if (add_simulate) AddNewSimulate(BailoutId::None(), position);
226 HGoto* instr = new(zone()) HGoto(block);
227 Finish(instr, position);
231 void HBasicBlock::AddLeaveInlined(HValue* return_value, FunctionState* state,
232 SourcePosition position) {
233 HBasicBlock* target = state->function_return();
234 bool drop_extra = state->inlining_kind() == NORMAL_RETURN;
236 DCHECK(target->IsInlineReturnTarget());
237 DCHECK(return_value != NULL);
238 HEnvironment* env = last_environment();
239 int argument_count = env->arguments_environment()->parameter_count();
240 AddInstruction(new(zone()) HLeaveInlined(state->entry(), argument_count),
242 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
243 last_environment()->Push(return_value);
244 AddNewSimulate(BailoutId::None(), position);
245 HGoto* instr = new(zone()) HGoto(target);
246 Finish(instr, position);
250 void HBasicBlock::SetInitialEnvironment(HEnvironment* env) {
251 DCHECK(!HasEnvironment());
252 DCHECK(first() == NULL);
253 UpdateEnvironment(env);
257 void HBasicBlock::UpdateEnvironment(HEnvironment* env) {
258 last_environment_ = env;
259 graph()->update_maximum_environment_size(env->first_expression_index());
263 void HBasicBlock::SetJoinId(BailoutId ast_id) {
264 int length = predecessors_.length();
266 for (int i = 0; i < length; i++) {
267 HBasicBlock* predecessor = predecessors_[i];
268 DCHECK(predecessor->end()->IsGoto());
269 HSimulate* simulate = HSimulate::cast(predecessor->end()->previous());
271 (predecessor->last_environment()->closure().is_null() ||
272 predecessor->last_environment()->closure()->shared()
273 ->VerifyBailoutId(ast_id)));
274 simulate->set_ast_id(ast_id);
275 predecessor->last_environment()->set_ast_id(ast_id);
280 bool HBasicBlock::Dominates(HBasicBlock* other) const {
281 HBasicBlock* current = other->dominator();
282 while (current != NULL) {
283 if (current == this) return true;
284 current = current->dominator();
290 bool HBasicBlock::EqualToOrDominates(HBasicBlock* other) const {
291 if (this == other) return true;
292 return Dominates(other);
296 int HBasicBlock::LoopNestingDepth() const {
297 const HBasicBlock* current = this;
298 int result = (current->IsLoopHeader()) ? 1 : 0;
299 while (current->parent_loop_header() != NULL) {
300 current = current->parent_loop_header();
307 void HBasicBlock::PostProcessLoopHeader(IterationStatement* stmt) {
308 DCHECK(IsLoopHeader());
310 SetJoinId(stmt->EntryId());
311 if (predecessors()->length() == 1) {
312 // This is a degenerated loop.
313 DetachLoopInformation();
317 // Only the first entry into the loop is from outside the loop. All other
318 // entries must be back edges.
319 for (int i = 1; i < predecessors()->length(); ++i) {
320 loop_information()->RegisterBackEdge(predecessors()->at(i));
325 void HBasicBlock::MarkSuccEdgeUnreachable(int succ) {
326 DCHECK(IsFinished());
327 HBasicBlock* succ_block = end()->SuccessorAt(succ);
329 DCHECK(succ_block->predecessors()->length() == 1);
330 succ_block->MarkUnreachable();
334 void HBasicBlock::RegisterPredecessor(HBasicBlock* pred) {
335 if (HasPredecessor()) {
336 // Only loop header blocks can have a predecessor added after
337 // instructions have been added to the block (they have phis for all
338 // values in the environment, these phis may be eliminated later).
339 DCHECK(IsLoopHeader() || first_ == NULL);
340 HEnvironment* incoming_env = pred->last_environment();
341 if (IsLoopHeader()) {
342 DCHECK_EQ(phis()->length(), incoming_env->length());
343 for (int i = 0; i < phis_.length(); ++i) {
344 phis_[i]->AddInput(incoming_env->values()->at(i));
347 last_environment()->AddIncomingEdge(this, pred->last_environment());
349 } else if (!HasEnvironment() && !IsFinished()) {
350 DCHECK(!IsLoopHeader());
351 SetInitialEnvironment(pred->last_environment()->Copy());
354 predecessors_.Add(pred, zone());
358 void HBasicBlock::AddDominatedBlock(HBasicBlock* block) {
359 DCHECK(!dominated_blocks_.Contains(block));
360 // Keep the list of dominated blocks sorted such that if there is two
361 // succeeding block in this list, the predecessor is before the successor.
363 while (index < dominated_blocks_.length() &&
364 dominated_blocks_[index]->block_id() < block->block_id()) {
367 dominated_blocks_.InsertAt(index, block, zone());
371 void HBasicBlock::AssignCommonDominator(HBasicBlock* other) {
372 if (dominator_ == NULL) {
374 other->AddDominatedBlock(this);
375 } else if (other->dominator() != NULL) {
376 HBasicBlock* first = dominator_;
377 HBasicBlock* second = other;
379 while (first != second) {
380 if (first->block_id() > second->block_id()) {
381 first = first->dominator();
383 second = second->dominator();
385 DCHECK(first != NULL && second != NULL);
388 if (dominator_ != first) {
389 DCHECK(dominator_->dominated_blocks_.Contains(this));
390 dominator_->dominated_blocks_.RemoveElement(this);
392 first->AddDominatedBlock(this);
398 void HBasicBlock::AssignLoopSuccessorDominators() {
399 // Mark blocks that dominate all subsequent reachable blocks inside their
400 // loop. Exploit the fact that blocks are sorted in reverse post order. When
401 // the loop is visited in increasing block id order, if the number of
402 // non-loop-exiting successor edges at the dominator_candidate block doesn't
403 // exceed the number of previously encountered predecessor edges, there is no
404 // path from the loop header to any block with higher id that doesn't go
405 // through the dominator_candidate block. In this case, the
406 // dominator_candidate block is guaranteed to dominate all blocks reachable
407 // from it with higher ids.
408 HBasicBlock* last = loop_information()->GetLastBackEdge();
409 int outstanding_successors = 1; // one edge from the pre-header
410 // Header always dominates everything.
411 MarkAsLoopSuccessorDominator();
412 for (int j = block_id(); j <= last->block_id(); ++j) {
413 HBasicBlock* dominator_candidate = graph_->blocks()->at(j);
414 for (HPredecessorIterator it(dominator_candidate); !it.Done();
416 HBasicBlock* predecessor = it.Current();
417 // Don't count back edges.
418 if (predecessor->block_id() < dominator_candidate->block_id()) {
419 outstanding_successors--;
423 // If more successors than predecessors have been seen in the loop up to
424 // now, it's not possible to guarantee that the current block dominates
425 // all of the blocks with higher IDs. In this case, assume conservatively
426 // that those paths through loop that don't go through the current block
427 // contain all of the loop's dependencies. Also be careful to record
428 // dominator information about the current loop that's being processed,
429 // and not nested loops, which will be processed when
430 // AssignLoopSuccessorDominators gets called on their header.
431 DCHECK(outstanding_successors >= 0);
432 HBasicBlock* parent_loop_header = dominator_candidate->parent_loop_header();
433 if (outstanding_successors == 0 &&
434 (parent_loop_header == this && !dominator_candidate->IsLoopHeader())) {
435 dominator_candidate->MarkAsLoopSuccessorDominator();
437 HControlInstruction* end = dominator_candidate->end();
438 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
439 HBasicBlock* successor = it.Current();
440 // Only count successors that remain inside the loop and don't loop back
442 if (successor->block_id() > dominator_candidate->block_id() &&
443 successor->block_id() <= last->block_id()) {
444 // Backwards edges must land on loop headers.
445 DCHECK(successor->block_id() > dominator_candidate->block_id() ||
446 successor->IsLoopHeader());
447 outstanding_successors++;
454 int HBasicBlock::PredecessorIndexOf(HBasicBlock* predecessor) const {
455 for (int i = 0; i < predecessors_.length(); ++i) {
456 if (predecessors_[i] == predecessor) return i;
464 void HBasicBlock::Verify() {
465 // Check that every block is finished.
466 DCHECK(IsFinished());
467 DCHECK(block_id() >= 0);
469 // Check that the incoming edges are in edge split form.
470 if (predecessors_.length() > 1) {
471 for (int i = 0; i < predecessors_.length(); ++i) {
472 DCHECK(predecessors_[i]->end()->SecondSuccessor() == NULL);
479 void HLoopInformation::RegisterBackEdge(HBasicBlock* block) {
480 this->back_edges_.Add(block, block->zone());
485 HBasicBlock* HLoopInformation::GetLastBackEdge() const {
487 HBasicBlock* result = NULL;
488 for (int i = 0; i < back_edges_.length(); ++i) {
489 HBasicBlock* cur = back_edges_[i];
490 if (cur->block_id() > max_id) {
491 max_id = cur->block_id();
499 void HLoopInformation::AddBlock(HBasicBlock* block) {
500 if (block == loop_header()) return;
501 if (block->parent_loop_header() == loop_header()) return;
502 if (block->parent_loop_header() != NULL) {
503 AddBlock(block->parent_loop_header());
505 block->set_parent_loop_header(loop_header());
506 blocks_.Add(block, block->zone());
507 for (int i = 0; i < block->predecessors()->length(); ++i) {
508 AddBlock(block->predecessors()->at(i));
516 // Checks reachability of the blocks in this graph and stores a bit in
517 // the BitVector "reachable()" for every block that can be reached
518 // from the start block of the graph. If "dont_visit" is non-null, the given
519 // block is treated as if it would not be part of the graph. "visited_count()"
520 // returns the number of reachable blocks.
521 class ReachabilityAnalyzer BASE_EMBEDDED {
523 ReachabilityAnalyzer(HBasicBlock* entry_block,
525 HBasicBlock* dont_visit)
527 stack_(16, entry_block->zone()),
528 reachable_(block_count, entry_block->zone()),
529 dont_visit_(dont_visit) {
530 PushBlock(entry_block);
534 int visited_count() const { return visited_count_; }
535 const BitVector* reachable() const { return &reachable_; }
538 void PushBlock(HBasicBlock* block) {
539 if (block != NULL && block != dont_visit_ &&
540 !reachable_.Contains(block->block_id())) {
541 reachable_.Add(block->block_id());
542 stack_.Add(block, block->zone());
548 while (!stack_.is_empty()) {
549 HControlInstruction* end = stack_.RemoveLast()->end();
550 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
551 PushBlock(it.Current());
557 ZoneList<HBasicBlock*> stack_;
558 BitVector reachable_;
559 HBasicBlock* dont_visit_;
563 void HGraph::Verify(bool do_full_verify) const {
564 Heap::RelocationLock relocation_lock(isolate()->heap());
565 AllowHandleDereference allow_deref;
566 AllowDeferredHandleDereference allow_deferred_deref;
567 for (int i = 0; i < blocks_.length(); i++) {
568 HBasicBlock* block = blocks_.at(i);
572 // Check that every block contains at least one node and that only the last
573 // node is a control instruction.
574 HInstruction* current = block->first();
575 DCHECK(current != NULL && current->IsBlockEntry());
576 while (current != NULL) {
577 DCHECK((current->next() == NULL) == current->IsControlInstruction());
578 DCHECK(current->block() == block);
580 current = current->next();
583 // Check that successors are correctly set.
584 HBasicBlock* first = block->end()->FirstSuccessor();
585 HBasicBlock* second = block->end()->SecondSuccessor();
586 DCHECK(second == NULL || first != NULL);
588 // Check that the predecessor array is correct.
590 DCHECK(first->predecessors()->Contains(block));
591 if (second != NULL) {
592 DCHECK(second->predecessors()->Contains(block));
596 // Check that phis have correct arguments.
597 for (int j = 0; j < block->phis()->length(); j++) {
598 HPhi* phi = block->phis()->at(j);
602 // Check that all join blocks have predecessors that end with an
603 // unconditional goto and agree on their environment node id.
604 if (block->predecessors()->length() >= 2) {
606 block->predecessors()->first()->last_environment()->ast_id();
607 for (int k = 0; k < block->predecessors()->length(); k++) {
608 HBasicBlock* predecessor = block->predecessors()->at(k);
609 DCHECK(predecessor->end()->IsGoto() ||
610 predecessor->end()->IsDeoptimize());
611 DCHECK(predecessor->last_environment()->ast_id() == id);
616 // Check special property of first block to have no predecessors.
617 DCHECK(blocks_.at(0)->predecessors()->is_empty());
619 if (do_full_verify) {
620 // Check that the graph is fully connected.
621 ReachabilityAnalyzer analyzer(entry_block_, blocks_.length(), NULL);
622 DCHECK(analyzer.visited_count() == blocks_.length());
624 // Check that entry block dominator is NULL.
625 DCHECK(entry_block_->dominator() == NULL);
628 for (int i = 0; i < blocks_.length(); ++i) {
629 HBasicBlock* block = blocks_.at(i);
630 if (block->dominator() == NULL) {
631 // Only start block may have no dominator assigned to.
634 // Assert that block is unreachable if dominator must not be visited.
635 ReachabilityAnalyzer dominator_analyzer(entry_block_,
638 DCHECK(!dominator_analyzer.reachable()->Contains(block->block_id()));
647 HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
649 if (!pointer->is_set()) {
650 // Can't pass GetInvalidContext() to HConstant::New, because that will
651 // recursively call GetConstant
652 HConstant* constant = HConstant::New(isolate(), zone(), NULL, value);
653 constant->InsertAfter(entry_block()->first());
654 pointer->set(constant);
657 return ReinsertConstantIfNecessary(pointer->get());
661 HConstant* HGraph::ReinsertConstantIfNecessary(HConstant* constant) {
662 if (!constant->IsLinked()) {
663 // The constant was removed from the graph. Reinsert.
664 constant->ClearFlag(HValue::kIsDead);
665 constant->InsertAfter(entry_block()->first());
671 HConstant* HGraph::GetConstant0() {
672 return GetConstant(&constant_0_, 0);
676 HConstant* HGraph::GetConstant1() {
677 return GetConstant(&constant_1_, 1);
681 HConstant* HGraph::GetConstantMinus1() {
682 return GetConstant(&constant_minus1_, -1);
686 HConstant* HGraph::GetConstantBool(bool value) {
687 return value ? GetConstantTrue() : GetConstantFalse();
691 #define DEFINE_GET_CONSTANT(Name, name, type, htype, boolean_value) \
692 HConstant* HGraph::GetConstant##Name() { \
693 if (!constant_##name##_.is_set()) { \
694 HConstant* constant = new(zone()) HConstant( \
695 Unique<Object>::CreateImmovable(isolate()->factory()->name##_value()), \
696 Unique<Map>::CreateImmovable(isolate()->factory()->type##_map()), \
698 Representation::Tagged(), \
704 constant->InsertAfter(entry_block()->first()); \
705 constant_##name##_.set(constant); \
707 return ReinsertConstantIfNecessary(constant_##name##_.get()); \
711 DEFINE_GET_CONSTANT(Undefined, undefined, undefined, HType::Undefined(), false)
712 DEFINE_GET_CONSTANT(True, true, boolean, HType::Boolean(), true)
713 DEFINE_GET_CONSTANT(False, false, boolean, HType::Boolean(), false)
714 DEFINE_GET_CONSTANT(Hole, the_hole, the_hole, HType::None(), false)
715 DEFINE_GET_CONSTANT(Null, null, null, HType::Null(), false)
718 #undef DEFINE_GET_CONSTANT
720 #define DEFINE_IS_CONSTANT(Name, name) \
721 bool HGraph::IsConstant##Name(HConstant* constant) { \
722 return constant_##name##_.is_set() && constant == constant_##name##_.get(); \
724 DEFINE_IS_CONSTANT(Undefined, undefined)
725 DEFINE_IS_CONSTANT(0, 0)
726 DEFINE_IS_CONSTANT(1, 1)
727 DEFINE_IS_CONSTANT(Minus1, minus1)
728 DEFINE_IS_CONSTANT(True, true)
729 DEFINE_IS_CONSTANT(False, false)
730 DEFINE_IS_CONSTANT(Hole, the_hole)
731 DEFINE_IS_CONSTANT(Null, null)
733 #undef DEFINE_IS_CONSTANT
736 HConstant* HGraph::GetInvalidContext() {
737 return GetConstant(&constant_invalid_context_, 0xFFFFC0C7);
741 bool HGraph::IsStandardConstant(HConstant* constant) {
742 if (IsConstantUndefined(constant)) return true;
743 if (IsConstant0(constant)) return true;
744 if (IsConstant1(constant)) return true;
745 if (IsConstantMinus1(constant)) return true;
746 if (IsConstantTrue(constant)) return true;
747 if (IsConstantFalse(constant)) return true;
748 if (IsConstantHole(constant)) return true;
749 if (IsConstantNull(constant)) return true;
754 HGraphBuilder::IfBuilder::IfBuilder() : builder_(NULL), needs_compare_(true) {}
757 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder)
758 : needs_compare_(true) {
763 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder,
764 HIfContinuation* continuation)
765 : needs_compare_(false), first_true_block_(NULL), first_false_block_(NULL) {
766 InitializeDontCreateBlocks(builder);
767 continuation->Continue(&first_true_block_, &first_false_block_);
771 void HGraphBuilder::IfBuilder::InitializeDontCreateBlocks(
772 HGraphBuilder* builder) {
777 did_else_if_ = false;
781 pending_merge_block_ = false;
782 split_edge_merge_block_ = NULL;
783 merge_at_join_blocks_ = NULL;
784 normal_merge_at_join_block_count_ = 0;
785 deopt_merge_at_join_block_count_ = 0;
789 void HGraphBuilder::IfBuilder::Initialize(HGraphBuilder* builder) {
790 InitializeDontCreateBlocks(builder);
791 HEnvironment* env = builder->environment();
792 first_true_block_ = builder->CreateBasicBlock(env->Copy());
793 first_false_block_ = builder->CreateBasicBlock(env->Copy());
797 HControlInstruction* HGraphBuilder::IfBuilder::AddCompare(
798 HControlInstruction* compare) {
799 DCHECK(did_then_ == did_else_);
801 // Handle if-then-elseif
807 pending_merge_block_ = false;
808 split_edge_merge_block_ = NULL;
809 HEnvironment* env = builder()->environment();
810 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
811 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
813 if (split_edge_merge_block_ != NULL) {
814 HEnvironment* env = first_false_block_->last_environment();
815 HBasicBlock* split_edge = builder()->CreateBasicBlock(env->Copy());
817 compare->SetSuccessorAt(0, split_edge);
818 compare->SetSuccessorAt(1, first_false_block_);
820 compare->SetSuccessorAt(0, first_true_block_);
821 compare->SetSuccessorAt(1, split_edge);
823 builder()->GotoNoSimulate(split_edge, split_edge_merge_block_);
825 compare->SetSuccessorAt(0, first_true_block_);
826 compare->SetSuccessorAt(1, first_false_block_);
828 builder()->FinishCurrentBlock(compare);
829 needs_compare_ = false;
834 void HGraphBuilder::IfBuilder::Or() {
835 DCHECK(!needs_compare_);
838 HEnvironment* env = first_false_block_->last_environment();
839 if (split_edge_merge_block_ == NULL) {
840 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
841 builder()->GotoNoSimulate(first_true_block_, split_edge_merge_block_);
842 first_true_block_ = split_edge_merge_block_;
844 builder()->set_current_block(first_false_block_);
845 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
849 void HGraphBuilder::IfBuilder::And() {
850 DCHECK(!needs_compare_);
853 HEnvironment* env = first_false_block_->last_environment();
854 if (split_edge_merge_block_ == NULL) {
855 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
856 builder()->GotoNoSimulate(first_false_block_, split_edge_merge_block_);
857 first_false_block_ = split_edge_merge_block_;
859 builder()->set_current_block(first_true_block_);
860 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
864 void HGraphBuilder::IfBuilder::CaptureContinuation(
865 HIfContinuation* continuation) {
866 DCHECK(!did_else_if_);
870 HBasicBlock* true_block = NULL;
871 HBasicBlock* false_block = NULL;
872 Finish(&true_block, &false_block);
873 DCHECK(true_block != NULL);
874 DCHECK(false_block != NULL);
875 continuation->Capture(true_block, false_block);
877 builder()->set_current_block(NULL);
882 void HGraphBuilder::IfBuilder::JoinContinuation(HIfContinuation* continuation) {
883 DCHECK(!did_else_if_);
886 HBasicBlock* true_block = NULL;
887 HBasicBlock* false_block = NULL;
888 Finish(&true_block, &false_block);
889 merge_at_join_blocks_ = NULL;
890 if (true_block != NULL && !true_block->IsFinished()) {
891 DCHECK(continuation->IsTrueReachable());
892 builder()->GotoNoSimulate(true_block, continuation->true_branch());
894 if (false_block != NULL && !false_block->IsFinished()) {
895 DCHECK(continuation->IsFalseReachable());
896 builder()->GotoNoSimulate(false_block, continuation->false_branch());
903 void HGraphBuilder::IfBuilder::Then() {
907 if (needs_compare_) {
908 // Handle if's without any expressions, they jump directly to the "else"
909 // branch. However, we must pretend that the "then" branch is reachable,
910 // so that the graph builder visits it and sees any live range extending
911 // constructs within it.
912 HConstant* constant_false = builder()->graph()->GetConstantFalse();
913 ToBooleanStub::Types boolean_type = ToBooleanStub::Types();
914 boolean_type.Add(ToBooleanStub::BOOLEAN);
915 HBranch* branch = builder()->New<HBranch>(
916 constant_false, boolean_type, first_true_block_, first_false_block_);
917 builder()->FinishCurrentBlock(branch);
919 builder()->set_current_block(first_true_block_);
920 pending_merge_block_ = true;
924 void HGraphBuilder::IfBuilder::Else() {
928 AddMergeAtJoinBlock(false);
929 builder()->set_current_block(first_false_block_);
930 pending_merge_block_ = true;
935 void HGraphBuilder::IfBuilder::Deopt(Deoptimizer::DeoptReason reason) {
937 builder()->Add<HDeoptimize>(reason, Deoptimizer::EAGER);
938 AddMergeAtJoinBlock(true);
942 void HGraphBuilder::IfBuilder::Return(HValue* value) {
943 HValue* parameter_count = builder()->graph()->GetConstantMinus1();
944 builder()->FinishExitCurrentBlock(
945 builder()->New<HReturn>(value, parameter_count));
946 AddMergeAtJoinBlock(false);
950 void HGraphBuilder::IfBuilder::AddMergeAtJoinBlock(bool deopt) {
951 if (!pending_merge_block_) return;
952 HBasicBlock* block = builder()->current_block();
953 DCHECK(block == NULL || !block->IsFinished());
954 MergeAtJoinBlock* record = new (builder()->zone())
955 MergeAtJoinBlock(block, deopt, merge_at_join_blocks_);
956 merge_at_join_blocks_ = record;
958 DCHECK(block->end() == NULL);
960 normal_merge_at_join_block_count_++;
962 deopt_merge_at_join_block_count_++;
965 builder()->set_current_block(NULL);
966 pending_merge_block_ = false;
970 void HGraphBuilder::IfBuilder::Finish() {
975 AddMergeAtJoinBlock(false);
978 AddMergeAtJoinBlock(false);
984 void HGraphBuilder::IfBuilder::Finish(HBasicBlock** then_continuation,
985 HBasicBlock** else_continuation) {
988 MergeAtJoinBlock* else_record = merge_at_join_blocks_;
989 if (else_continuation != NULL) {
990 *else_continuation = else_record->block_;
992 MergeAtJoinBlock* then_record = else_record->next_;
993 if (then_continuation != NULL) {
994 *then_continuation = then_record->block_;
996 DCHECK(then_record->next_ == NULL);
1000 void HGraphBuilder::IfBuilder::EndUnreachable() {
1001 if (captured_) return;
1003 builder()->set_current_block(nullptr);
1007 void HGraphBuilder::IfBuilder::End() {
1008 if (captured_) return;
1011 int total_merged_blocks = normal_merge_at_join_block_count_ +
1012 deopt_merge_at_join_block_count_;
1013 DCHECK(total_merged_blocks >= 1);
1014 HBasicBlock* merge_block =
1015 total_merged_blocks == 1 ? NULL : builder()->graph()->CreateBasicBlock();
1017 // Merge non-deopt blocks first to ensure environment has right size for
1019 MergeAtJoinBlock* current = merge_at_join_blocks_;
1020 while (current != NULL) {
1021 if (!current->deopt_ && current->block_ != NULL) {
1022 // If there is only one block that makes it through to the end of the
1023 // if, then just set it as the current block and continue rather then
1024 // creating an unnecessary merge block.
1025 if (total_merged_blocks == 1) {
1026 builder()->set_current_block(current->block_);
1029 builder()->GotoNoSimulate(current->block_, merge_block);
1031 current = current->next_;
1034 // Merge deopt blocks, padding when necessary.
1035 current = merge_at_join_blocks_;
1036 while (current != NULL) {
1037 if (current->deopt_ && current->block_ != NULL) {
1038 current->block_->FinishExit(
1039 HAbnormalExit::New(builder()->isolate(), builder()->zone(), NULL),
1040 SourcePosition::Unknown());
1042 current = current->next_;
1044 builder()->set_current_block(merge_block);
1048 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder) {
1049 Initialize(builder, NULL, kWhileTrue, NULL);
1053 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1054 LoopBuilder::Direction direction) {
1055 Initialize(builder, context, direction, builder->graph()->GetConstant1());
1059 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1060 LoopBuilder::Direction direction,
1061 HValue* increment_amount) {
1062 Initialize(builder, context, direction, increment_amount);
1063 increment_amount_ = increment_amount;
1067 void HGraphBuilder::LoopBuilder::Initialize(HGraphBuilder* builder,
1069 Direction direction,
1070 HValue* increment_amount) {
1073 direction_ = direction;
1074 increment_amount_ = increment_amount;
1077 header_block_ = builder->CreateLoopHeaderBlock();
1080 exit_trampoline_block_ = NULL;
1084 HValue* HGraphBuilder::LoopBuilder::BeginBody(
1086 HValue* terminating,
1087 Token::Value token) {
1088 DCHECK(direction_ != kWhileTrue);
1089 HEnvironment* env = builder_->environment();
1090 phi_ = header_block_->AddNewPhi(env->values()->length());
1091 phi_->AddInput(initial);
1093 builder_->GotoNoSimulate(header_block_);
1095 HEnvironment* body_env = env->Copy();
1096 HEnvironment* exit_env = env->Copy();
1097 // Remove the phi from the expression stack
1100 body_block_ = builder_->CreateBasicBlock(body_env);
1101 exit_block_ = builder_->CreateBasicBlock(exit_env);
1103 builder_->set_current_block(header_block_);
1105 builder_->FinishCurrentBlock(builder_->New<HCompareNumericAndBranch>(
1106 phi_, terminating, token, body_block_, exit_block_));
1108 builder_->set_current_block(body_block_);
1109 if (direction_ == kPreIncrement || direction_ == kPreDecrement) {
1110 Isolate* isolate = builder_->isolate();
1111 HValue* one = builder_->graph()->GetConstant1();
1112 if (direction_ == kPreIncrement) {
1113 increment_ = HAdd::New(isolate, zone(), context_, phi_, one);
1115 increment_ = HSub::New(isolate, zone(), context_, phi_, one);
1117 increment_->ClearFlag(HValue::kCanOverflow);
1118 builder_->AddInstruction(increment_);
1126 void HGraphBuilder::LoopBuilder::BeginBody(int drop_count) {
1127 DCHECK(direction_ == kWhileTrue);
1128 HEnvironment* env = builder_->environment();
1129 builder_->GotoNoSimulate(header_block_);
1130 builder_->set_current_block(header_block_);
1131 env->Drop(drop_count);
1135 void HGraphBuilder::LoopBuilder::Break() {
1136 if (exit_trampoline_block_ == NULL) {
1137 // Its the first time we saw a break.
1138 if (direction_ == kWhileTrue) {
1139 HEnvironment* env = builder_->environment()->Copy();
1140 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1142 HEnvironment* env = exit_block_->last_environment()->Copy();
1143 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1144 builder_->GotoNoSimulate(exit_block_, exit_trampoline_block_);
1148 builder_->GotoNoSimulate(exit_trampoline_block_);
1149 builder_->set_current_block(NULL);
1153 void HGraphBuilder::LoopBuilder::EndBody() {
1156 if (direction_ == kPostIncrement || direction_ == kPostDecrement) {
1157 Isolate* isolate = builder_->isolate();
1158 if (direction_ == kPostIncrement) {
1160 HAdd::New(isolate, zone(), context_, phi_, increment_amount_);
1163 HSub::New(isolate, zone(), context_, phi_, increment_amount_);
1165 increment_->ClearFlag(HValue::kCanOverflow);
1166 builder_->AddInstruction(increment_);
1169 if (direction_ != kWhileTrue) {
1170 // Push the new increment value on the expression stack to merge into
1172 builder_->environment()->Push(increment_);
1174 HBasicBlock* last_block = builder_->current_block();
1175 builder_->GotoNoSimulate(last_block, header_block_);
1176 header_block_->loop_information()->RegisterBackEdge(last_block);
1178 if (exit_trampoline_block_ != NULL) {
1179 builder_->set_current_block(exit_trampoline_block_);
1181 builder_->set_current_block(exit_block_);
1187 HGraph* HGraphBuilder::CreateGraph() {
1188 graph_ = new(zone()) HGraph(info_);
1189 if (FLAG_hydrogen_stats) isolate()->GetHStatistics()->Initialize(info_);
1190 CompilationPhase phase("H_Block building", info_);
1191 set_current_block(graph()->entry_block());
1192 if (!BuildGraph()) return NULL;
1193 graph()->FinalizeUniqueness();
1198 HInstruction* HGraphBuilder::AddInstruction(HInstruction* instr) {
1199 DCHECK(current_block() != NULL);
1200 DCHECK(!FLAG_hydrogen_track_positions ||
1201 !position_.IsUnknown() ||
1202 !info_->IsOptimizing());
1203 current_block()->AddInstruction(instr, source_position());
1204 if (graph()->IsInsideNoSideEffectsScope()) {
1205 instr->SetFlag(HValue::kHasNoObservableSideEffects);
1211 void HGraphBuilder::FinishCurrentBlock(HControlInstruction* last) {
1212 DCHECK(!FLAG_hydrogen_track_positions ||
1213 !info_->IsOptimizing() ||
1214 !position_.IsUnknown());
1215 current_block()->Finish(last, source_position());
1216 if (last->IsReturn() || last->IsAbnormalExit()) {
1217 set_current_block(NULL);
1222 void HGraphBuilder::FinishExitCurrentBlock(HControlInstruction* instruction) {
1223 DCHECK(!FLAG_hydrogen_track_positions || !info_->IsOptimizing() ||
1224 !position_.IsUnknown());
1225 current_block()->FinishExit(instruction, source_position());
1226 if (instruction->IsReturn() || instruction->IsAbnormalExit()) {
1227 set_current_block(NULL);
1232 void HGraphBuilder::AddIncrementCounter(StatsCounter* counter) {
1233 if (FLAG_native_code_counters && counter->Enabled()) {
1234 HValue* reference = Add<HConstant>(ExternalReference(counter));
1236 Add<HLoadNamedField>(reference, nullptr, HObjectAccess::ForCounter());
1237 HValue* new_value = AddUncasted<HAdd>(old_value, graph()->GetConstant1());
1238 new_value->ClearFlag(HValue::kCanOverflow); // Ignore counter overflow
1239 Add<HStoreNamedField>(reference, HObjectAccess::ForCounter(),
1240 new_value, STORE_TO_INITIALIZED_ENTRY);
1245 void HGraphBuilder::AddSimulate(BailoutId id,
1246 RemovableSimulate removable) {
1247 DCHECK(current_block() != NULL);
1248 DCHECK(!graph()->IsInsideNoSideEffectsScope());
1249 current_block()->AddNewSimulate(id, source_position(), removable);
1253 HBasicBlock* HGraphBuilder::CreateBasicBlock(HEnvironment* env) {
1254 HBasicBlock* b = graph()->CreateBasicBlock();
1255 b->SetInitialEnvironment(env);
1260 HBasicBlock* HGraphBuilder::CreateLoopHeaderBlock() {
1261 HBasicBlock* header = graph()->CreateBasicBlock();
1262 HEnvironment* entry_env = environment()->CopyAsLoopHeader(header);
1263 header->SetInitialEnvironment(entry_env);
1264 header->AttachLoopInformation();
1269 HValue* HGraphBuilder::BuildGetElementsKind(HValue* object) {
1270 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
1272 HValue* bit_field2 =
1273 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField2());
1274 return BuildDecodeField<Map::ElementsKindBits>(bit_field2);
1278 HValue* HGraphBuilder::BuildCheckHeapObject(HValue* obj) {
1279 if (obj->type().IsHeapObject()) return obj;
1280 return Add<HCheckHeapObject>(obj);
1284 void HGraphBuilder::FinishExitWithHardDeoptimization(
1285 Deoptimizer::DeoptReason reason) {
1286 Add<HDeoptimize>(reason, Deoptimizer::EAGER);
1287 FinishExitCurrentBlock(New<HAbnormalExit>());
1291 HValue* HGraphBuilder::BuildCheckString(HValue* string) {
1292 if (!string->type().IsString()) {
1293 DCHECK(!string->IsConstant() ||
1294 !HConstant::cast(string)->HasStringValue());
1295 BuildCheckHeapObject(string);
1296 return Add<HCheckInstanceType>(string, HCheckInstanceType::IS_STRING);
1302 HValue* HGraphBuilder::BuildWrapReceiver(HValue* object, HValue* function) {
1303 if (object->type().IsJSObject()) return object;
1304 if (function->IsConstant() &&
1305 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
1306 Handle<JSFunction> f = Handle<JSFunction>::cast(
1307 HConstant::cast(function)->handle(isolate()));
1308 SharedFunctionInfo* shared = f->shared();
1309 if (is_strict(shared->language_mode()) || shared->native()) return object;
1311 return Add<HWrapReceiver>(object, function);
1315 HValue* HGraphBuilder::BuildCheckAndGrowElementsCapacity(
1316 HValue* object, HValue* elements, ElementsKind kind, HValue* length,
1317 HValue* capacity, HValue* key) {
1318 HValue* max_gap = Add<HConstant>(static_cast<int32_t>(JSObject::kMaxGap));
1319 HValue* max_capacity = AddUncasted<HAdd>(capacity, max_gap);
1320 Add<HBoundsCheck>(key, max_capacity);
1322 HValue* new_capacity = BuildNewElementsCapacity(key);
1323 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind, kind,
1324 length, new_capacity);
1325 return new_elements;
1329 HValue* HGraphBuilder::BuildCheckForCapacityGrow(
1336 PropertyAccessType access_type) {
1337 IfBuilder length_checker(this);
1339 Token::Value token = IsHoleyElementsKind(kind) ? Token::GTE : Token::EQ;
1340 length_checker.If<HCompareNumericAndBranch>(key, length, token);
1342 length_checker.Then();
1344 HValue* current_capacity = AddLoadFixedArrayLength(elements);
1346 if (top_info()->IsStub()) {
1347 IfBuilder capacity_checker(this);
1348 capacity_checker.If<HCompareNumericAndBranch>(key, current_capacity,
1350 capacity_checker.Then();
1351 HValue* new_elements = BuildCheckAndGrowElementsCapacity(
1352 object, elements, kind, length, current_capacity, key);
1353 environment()->Push(new_elements);
1354 capacity_checker.Else();
1355 environment()->Push(elements);
1356 capacity_checker.End();
1358 HValue* result = Add<HMaybeGrowElements>(
1359 object, elements, key, current_capacity, is_js_array, kind);
1360 environment()->Push(result);
1364 HValue* new_length = AddUncasted<HAdd>(key, graph_->GetConstant1());
1365 new_length->ClearFlag(HValue::kCanOverflow);
1367 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(kind),
1371 if (access_type == STORE && kind == FAST_SMI_ELEMENTS) {
1372 HValue* checked_elements = environment()->Top();
1374 // Write zero to ensure that the new element is initialized with some smi.
1375 Add<HStoreKeyed>(checked_elements, key, graph()->GetConstant0(), kind);
1378 length_checker.Else();
1379 Add<HBoundsCheck>(key, length);
1381 environment()->Push(elements);
1382 length_checker.End();
1384 return environment()->Pop();
1388 HValue* HGraphBuilder::BuildCopyElementsOnWrite(HValue* object,
1392 Factory* factory = isolate()->factory();
1394 IfBuilder cow_checker(this);
1396 cow_checker.If<HCompareMap>(elements, factory->fixed_cow_array_map());
1399 HValue* capacity = AddLoadFixedArrayLength(elements);
1401 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind,
1402 kind, length, capacity);
1404 environment()->Push(new_elements);
1408 environment()->Push(elements);
1412 return environment()->Pop();
1416 void HGraphBuilder::BuildTransitionElementsKind(HValue* object,
1418 ElementsKind from_kind,
1419 ElementsKind to_kind,
1421 DCHECK(!IsFastHoleyElementsKind(from_kind) ||
1422 IsFastHoleyElementsKind(to_kind));
1424 if (AllocationSite::GetMode(from_kind, to_kind) == TRACK_ALLOCATION_SITE) {
1425 Add<HTrapAllocationMemento>(object);
1428 if (!IsSimpleMapChangeTransition(from_kind, to_kind)) {
1429 HInstruction* elements = AddLoadElements(object);
1431 HInstruction* empty_fixed_array = Add<HConstant>(
1432 isolate()->factory()->empty_fixed_array());
1434 IfBuilder if_builder(this);
1436 if_builder.IfNot<HCompareObjectEqAndBranch>(elements, empty_fixed_array);
1440 HInstruction* elements_length = AddLoadFixedArrayLength(elements);
1442 HInstruction* array_length =
1444 ? Add<HLoadNamedField>(object, nullptr,
1445 HObjectAccess::ForArrayLength(from_kind))
1448 BuildGrowElementsCapacity(object, elements, from_kind, to_kind,
1449 array_length, elements_length);
1454 Add<HStoreNamedField>(object, HObjectAccess::ForMap(), map);
1458 void HGraphBuilder::BuildJSObjectCheck(HValue* receiver,
1459 int bit_field_mask) {
1460 // Check that the object isn't a smi.
1461 Add<HCheckHeapObject>(receiver);
1463 // Get the map of the receiver.
1465 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1467 // Check the instance type and if an access check is needed, this can be
1468 // done with a single load, since both bytes are adjacent in the map.
1469 HObjectAccess access(HObjectAccess::ForMapInstanceTypeAndBitField());
1470 HValue* instance_type_and_bit_field =
1471 Add<HLoadNamedField>(map, nullptr, access);
1473 HValue* mask = Add<HConstant>(0x00FF | (bit_field_mask << 8));
1474 HValue* and_result = AddUncasted<HBitwise>(Token::BIT_AND,
1475 instance_type_and_bit_field,
1477 HValue* sub_result = AddUncasted<HSub>(and_result,
1478 Add<HConstant>(JS_OBJECT_TYPE));
1479 Add<HBoundsCheck>(sub_result,
1480 Add<HConstant>(LAST_JS_OBJECT_TYPE + 1 - JS_OBJECT_TYPE));
1484 void HGraphBuilder::BuildKeyedIndexCheck(HValue* key,
1485 HIfContinuation* join_continuation) {
1486 // The sometimes unintuitively backward ordering of the ifs below is
1487 // convoluted, but necessary. All of the paths must guarantee that the
1488 // if-true of the continuation returns a smi element index and the if-false of
1489 // the continuation returns either a symbol or a unique string key. All other
1490 // object types cause a deopt to fall back to the runtime.
1492 IfBuilder key_smi_if(this);
1493 key_smi_if.If<HIsSmiAndBranch>(key);
1496 Push(key); // Nothing to do, just continue to true of continuation.
1500 HValue* map = Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForMap());
1501 HValue* instance_type =
1502 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1504 // Non-unique string, check for a string with a hash code that is actually
1506 STATIC_ASSERT(LAST_UNIQUE_NAME_TYPE == FIRST_NONSTRING_TYPE);
1507 IfBuilder not_string_or_name_if(this);
1508 not_string_or_name_if.If<HCompareNumericAndBranch>(
1510 Add<HConstant>(LAST_UNIQUE_NAME_TYPE),
1513 not_string_or_name_if.Then();
1515 // Non-smi, non-Name, non-String: Try to convert to smi in case of
1517 // TODO(danno): This could call some variant of ToString
1518 Push(AddUncasted<HForceRepresentation>(key, Representation::Smi()));
1520 not_string_or_name_if.Else();
1522 // String or Name: check explicitly for Name, they can short-circuit
1523 // directly to unique non-index key path.
1524 IfBuilder not_symbol_if(this);
1525 not_symbol_if.If<HCompareNumericAndBranch>(
1527 Add<HConstant>(SYMBOL_TYPE),
1530 not_symbol_if.Then();
1532 // String: check whether the String is a String of an index. If it is,
1533 // extract the index value from the hash.
1534 HValue* hash = Add<HLoadNamedField>(key, nullptr,
1535 HObjectAccess::ForNameHashField());
1536 HValue* not_index_mask = Add<HConstant>(static_cast<int>(
1537 String::kContainsCachedArrayIndexMask));
1539 HValue* not_index_test = AddUncasted<HBitwise>(
1540 Token::BIT_AND, hash, not_index_mask);
1542 IfBuilder string_index_if(this);
1543 string_index_if.If<HCompareNumericAndBranch>(not_index_test,
1544 graph()->GetConstant0(),
1546 string_index_if.Then();
1548 // String with index in hash: extract string and merge to index path.
1549 Push(BuildDecodeField<String::ArrayIndexValueBits>(hash));
1551 string_index_if.Else();
1553 // Key is a non-index String, check for uniqueness/internalization.
1554 // If it's not internalized yet, internalize it now.
1555 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1558 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1560 IfBuilder internalized(this);
1561 internalized.If<HCompareNumericAndBranch>(not_internalized_bit,
1562 graph()->GetConstant0(),
1564 internalized.Then();
1567 internalized.Else();
1568 Add<HPushArguments>(key);
1569 HValue* intern_key = Add<HCallRuntime>(
1570 isolate()->factory()->empty_string(),
1571 Runtime::FunctionForId(Runtime::kInternalizeString), 1);
1575 // Key guaranteed to be a unique string
1577 string_index_if.JoinContinuation(join_continuation);
1579 not_symbol_if.Else();
1581 Push(key); // Key is symbol
1583 not_symbol_if.JoinContinuation(join_continuation);
1585 not_string_or_name_if.JoinContinuation(join_continuation);
1587 key_smi_if.JoinContinuation(join_continuation);
1591 void HGraphBuilder::BuildNonGlobalObjectCheck(HValue* receiver) {
1592 // Get the the instance type of the receiver, and make sure that it is
1593 // not one of the global object types.
1595 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1596 HValue* instance_type =
1597 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1598 STATIC_ASSERT(JS_BUILTINS_OBJECT_TYPE == JS_GLOBAL_OBJECT_TYPE + 1);
1599 HValue* min_global_type = Add<HConstant>(JS_GLOBAL_OBJECT_TYPE);
1600 HValue* max_global_type = Add<HConstant>(JS_BUILTINS_OBJECT_TYPE);
1602 IfBuilder if_global_object(this);
1603 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1606 if_global_object.And();
1607 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1610 if_global_object.ThenDeopt(Deoptimizer::kReceiverWasAGlobalObject);
1611 if_global_object.End();
1615 void HGraphBuilder::BuildTestForDictionaryProperties(
1617 HIfContinuation* continuation) {
1618 HValue* properties = Add<HLoadNamedField>(
1619 object, nullptr, HObjectAccess::ForPropertiesPointer());
1620 HValue* properties_map =
1621 Add<HLoadNamedField>(properties, nullptr, HObjectAccess::ForMap());
1622 HValue* hash_map = Add<HLoadRoot>(Heap::kHashTableMapRootIndex);
1623 IfBuilder builder(this);
1624 builder.If<HCompareObjectEqAndBranch>(properties_map, hash_map);
1625 builder.CaptureContinuation(continuation);
1629 HValue* HGraphBuilder::BuildKeyedLookupCacheHash(HValue* object,
1631 // Load the map of the receiver, compute the keyed lookup cache hash
1632 // based on 32 bits of the map pointer and the string hash.
1633 HValue* object_map =
1634 Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMapAsInteger32());
1635 HValue* shifted_map = AddUncasted<HShr>(
1636 object_map, Add<HConstant>(KeyedLookupCache::kMapHashShift));
1637 HValue* string_hash =
1638 Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForStringHashField());
1639 HValue* shifted_hash = AddUncasted<HShr>(
1640 string_hash, Add<HConstant>(String::kHashShift));
1641 HValue* xor_result = AddUncasted<HBitwise>(Token::BIT_XOR, shifted_map,
1643 int mask = (KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask);
1644 return AddUncasted<HBitwise>(Token::BIT_AND, xor_result,
1645 Add<HConstant>(mask));
1649 HValue* HGraphBuilder::BuildElementIndexHash(HValue* index) {
1650 int32_t seed_value = static_cast<uint32_t>(isolate()->heap()->HashSeed());
1651 HValue* seed = Add<HConstant>(seed_value);
1652 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, index, seed);
1654 // hash = ~hash + (hash << 15);
1655 HValue* shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(15));
1656 HValue* not_hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash,
1657 graph()->GetConstantMinus1());
1658 hash = AddUncasted<HAdd>(shifted_hash, not_hash);
1660 // hash = hash ^ (hash >> 12);
1661 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(12));
1662 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1664 // hash = hash + (hash << 2);
1665 shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(2));
1666 hash = AddUncasted<HAdd>(hash, shifted_hash);
1668 // hash = hash ^ (hash >> 4);
1669 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(4));
1670 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1672 // hash = hash * 2057;
1673 hash = AddUncasted<HMul>(hash, Add<HConstant>(2057));
1674 hash->ClearFlag(HValue::kCanOverflow);
1676 // hash = hash ^ (hash >> 16);
1677 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(16));
1678 return AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1682 HValue* HGraphBuilder::BuildUncheckedDictionaryElementLoad(
1683 HValue* receiver, HValue* elements, HValue* key, HValue* hash,
1684 LanguageMode language_mode) {
1686 Add<HLoadKeyed>(elements, Add<HConstant>(NameDictionary::kCapacityIndex),
1687 nullptr, FAST_ELEMENTS);
1689 HValue* mask = AddUncasted<HSub>(capacity, graph()->GetConstant1());
1690 mask->ChangeRepresentation(Representation::Integer32());
1691 mask->ClearFlag(HValue::kCanOverflow);
1693 HValue* entry = hash;
1694 HValue* count = graph()->GetConstant1();
1698 HIfContinuation return_or_loop_continuation(graph()->CreateBasicBlock(),
1699 graph()->CreateBasicBlock());
1700 HIfContinuation found_key_match_continuation(graph()->CreateBasicBlock(),
1701 graph()->CreateBasicBlock());
1702 LoopBuilder probe_loop(this);
1703 probe_loop.BeginBody(2); // Drop entry, count from last environment to
1704 // appease live range building without simulates.
1708 entry = AddUncasted<HBitwise>(Token::BIT_AND, entry, mask);
1709 int entry_size = SeededNumberDictionary::kEntrySize;
1710 HValue* base_index = AddUncasted<HMul>(entry, Add<HConstant>(entry_size));
1711 base_index->ClearFlag(HValue::kCanOverflow);
1712 int start_offset = SeededNumberDictionary::kElementsStartIndex;
1714 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset));
1715 key_index->ClearFlag(HValue::kCanOverflow);
1717 HValue* candidate_key =
1718 Add<HLoadKeyed>(elements, key_index, nullptr, FAST_ELEMENTS);
1719 IfBuilder if_undefined(this);
1720 if_undefined.If<HCompareObjectEqAndBranch>(candidate_key,
1721 graph()->GetConstantUndefined());
1722 if_undefined.Then();
1724 // element == undefined means "not found". Call the runtime.
1725 // TODO(jkummerow): walk the prototype chain instead.
1726 Add<HPushArguments>(receiver, key);
1727 Push(Add<HCallRuntime>(
1728 isolate()->factory()->empty_string(),
1729 Runtime::FunctionForId(is_strong(language_mode)
1730 ? Runtime::kKeyedGetPropertyStrong
1731 : Runtime::kKeyedGetProperty),
1734 if_undefined.Else();
1736 IfBuilder if_match(this);
1737 if_match.If<HCompareObjectEqAndBranch>(candidate_key, key);
1741 // Update non-internalized string in the dictionary with internalized key?
1742 IfBuilder if_update_with_internalized(this);
1744 if_update_with_internalized.IfNot<HIsSmiAndBranch>(candidate_key);
1745 if_update_with_internalized.And();
1746 HValue* map = AddLoadMap(candidate_key, smi_check);
1747 HValue* instance_type =
1748 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1749 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1750 Token::BIT_AND, instance_type,
1751 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1752 if_update_with_internalized.If<HCompareNumericAndBranch>(
1753 not_internalized_bit, graph()->GetConstant0(), Token::NE);
1754 if_update_with_internalized.And();
1755 if_update_with_internalized.IfNot<HCompareObjectEqAndBranch>(
1756 candidate_key, graph()->GetConstantHole());
1757 if_update_with_internalized.AndIf<HStringCompareAndBranch>(candidate_key,
1759 if_update_with_internalized.Then();
1760 // Replace a key that is a non-internalized string by the equivalent
1761 // internalized string for faster further lookups.
1762 Add<HStoreKeyed>(elements, key_index, key, FAST_ELEMENTS);
1763 if_update_with_internalized.Else();
1765 if_update_with_internalized.JoinContinuation(&found_key_match_continuation);
1766 if_match.JoinContinuation(&found_key_match_continuation);
1768 IfBuilder found_key_match(this, &found_key_match_continuation);
1769 found_key_match.Then();
1770 // Key at current probe matches. Relevant bits in the |details| field must
1771 // be zero, otherwise the dictionary element requires special handling.
1772 HValue* details_index =
1773 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 2));
1774 details_index->ClearFlag(HValue::kCanOverflow);
1776 Add<HLoadKeyed>(elements, details_index, nullptr, FAST_ELEMENTS);
1777 int details_mask = PropertyDetails::TypeField::kMask;
1778 details = AddUncasted<HBitwise>(Token::BIT_AND, details,
1779 Add<HConstant>(details_mask));
1780 IfBuilder details_compare(this);
1781 details_compare.If<HCompareNumericAndBranch>(
1782 details, graph()->GetConstant0(), Token::EQ);
1783 details_compare.Then();
1784 HValue* result_index =
1785 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 1));
1786 result_index->ClearFlag(HValue::kCanOverflow);
1787 Push(Add<HLoadKeyed>(elements, result_index, nullptr, FAST_ELEMENTS));
1788 details_compare.Else();
1789 Add<HPushArguments>(receiver, key);
1790 Push(Add<HCallRuntime>(
1791 isolate()->factory()->empty_string(),
1792 Runtime::FunctionForId(is_strong(language_mode)
1793 ? Runtime::kKeyedGetPropertyStrong
1794 : Runtime::kKeyedGetProperty),
1796 details_compare.End();
1798 found_key_match.Else();
1799 found_key_match.JoinContinuation(&return_or_loop_continuation);
1801 if_undefined.JoinContinuation(&return_or_loop_continuation);
1803 IfBuilder return_or_loop(this, &return_or_loop_continuation);
1804 return_or_loop.Then();
1807 return_or_loop.Else();
1808 entry = AddUncasted<HAdd>(entry, count);
1809 entry->ClearFlag(HValue::kCanOverflow);
1810 count = AddUncasted<HAdd>(count, graph()->GetConstant1());
1811 count->ClearFlag(HValue::kCanOverflow);
1815 probe_loop.EndBody();
1817 return_or_loop.End();
1823 HValue* HGraphBuilder::BuildRegExpConstructResult(HValue* length,
1826 NoObservableSideEffectsScope scope(this);
1827 HConstant* max_length = Add<HConstant>(JSObject::kInitialMaxFastElementArray);
1828 Add<HBoundsCheck>(length, max_length);
1830 // Generate size calculation code here in order to make it dominate
1831 // the JSRegExpResult allocation.
1832 ElementsKind elements_kind = FAST_ELEMENTS;
1833 HValue* size = BuildCalculateElementsSize(elements_kind, length);
1835 // Allocate the JSRegExpResult and the FixedArray in one step.
1836 HValue* result = Add<HAllocate>(
1837 Add<HConstant>(JSRegExpResult::kSize), HType::JSArray(),
1838 NOT_TENURED, JS_ARRAY_TYPE);
1840 // Initialize the JSRegExpResult header.
1841 HValue* global_object = Add<HLoadNamedField>(
1843 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
1844 HValue* native_context = Add<HLoadNamedField>(
1845 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
1846 Add<HStoreNamedField>(
1847 result, HObjectAccess::ForMap(),
1848 Add<HLoadNamedField>(
1849 native_context, nullptr,
1850 HObjectAccess::ForContextSlot(Context::REGEXP_RESULT_MAP_INDEX)));
1851 HConstant* empty_fixed_array =
1852 Add<HConstant>(isolate()->factory()->empty_fixed_array());
1853 Add<HStoreNamedField>(
1854 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
1856 Add<HStoreNamedField>(
1857 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1859 Add<HStoreNamedField>(
1860 result, HObjectAccess::ForJSArrayOffset(JSArray::kLengthOffset), length);
1862 // Initialize the additional fields.
1863 Add<HStoreNamedField>(
1864 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kIndexOffset),
1866 Add<HStoreNamedField>(
1867 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kInputOffset),
1870 // Allocate and initialize the elements header.
1871 HAllocate* elements = BuildAllocateElements(elements_kind, size);
1872 BuildInitializeElementsHeader(elements, elements_kind, length);
1874 if (!elements->has_size_upper_bound()) {
1875 HConstant* size_in_bytes_upper_bound = EstablishElementsAllocationSize(
1876 elements_kind, max_length->Integer32Value());
1877 elements->set_size_upper_bound(size_in_bytes_upper_bound);
1880 Add<HStoreNamedField>(
1881 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1884 // Initialize the elements contents with undefined.
1885 BuildFillElementsWithValue(
1886 elements, elements_kind, graph()->GetConstant0(), length,
1887 graph()->GetConstantUndefined());
1893 HValue* HGraphBuilder::BuildNumberToString(HValue* object, Type* type) {
1894 NoObservableSideEffectsScope scope(this);
1896 // Convert constant numbers at compile time.
1897 if (object->IsConstant() && HConstant::cast(object)->HasNumberValue()) {
1898 Handle<Object> number = HConstant::cast(object)->handle(isolate());
1899 Handle<String> result = isolate()->factory()->NumberToString(number);
1900 return Add<HConstant>(result);
1903 // Create a joinable continuation.
1904 HIfContinuation found(graph()->CreateBasicBlock(),
1905 graph()->CreateBasicBlock());
1907 // Load the number string cache.
1908 HValue* number_string_cache =
1909 Add<HLoadRoot>(Heap::kNumberStringCacheRootIndex);
1911 // Make the hash mask from the length of the number string cache. It
1912 // contains two elements (number and string) for each cache entry.
1913 HValue* mask = AddLoadFixedArrayLength(number_string_cache);
1914 mask->set_type(HType::Smi());
1915 mask = AddUncasted<HSar>(mask, graph()->GetConstant1());
1916 mask = AddUncasted<HSub>(mask, graph()->GetConstant1());
1918 // Check whether object is a smi.
1919 IfBuilder if_objectissmi(this);
1920 if_objectissmi.If<HIsSmiAndBranch>(object);
1921 if_objectissmi.Then();
1923 // Compute hash for smi similar to smi_get_hash().
1924 HValue* hash = AddUncasted<HBitwise>(Token::BIT_AND, object, mask);
1927 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1928 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1929 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1931 // Check if object == key.
1932 IfBuilder if_objectiskey(this);
1933 if_objectiskey.If<HCompareObjectEqAndBranch>(object, key);
1934 if_objectiskey.Then();
1936 // Make the key_index available.
1939 if_objectiskey.JoinContinuation(&found);
1941 if_objectissmi.Else();
1943 if (type->Is(Type::SignedSmall())) {
1944 if_objectissmi.Deopt(Deoptimizer::kExpectedSmi);
1946 // Check if the object is a heap number.
1947 IfBuilder if_objectisnumber(this);
1948 HValue* objectisnumber = if_objectisnumber.If<HCompareMap>(
1949 object, isolate()->factory()->heap_number_map());
1950 if_objectisnumber.Then();
1952 // Compute hash for heap number similar to double_get_hash().
1953 HValue* low = Add<HLoadNamedField>(
1954 object, objectisnumber,
1955 HObjectAccess::ForHeapNumberValueLowestBits());
1956 HValue* high = Add<HLoadNamedField>(
1957 object, objectisnumber,
1958 HObjectAccess::ForHeapNumberValueHighestBits());
1959 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, low, high);
1960 hash = AddUncasted<HBitwise>(Token::BIT_AND, hash, mask);
1963 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1964 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1965 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1967 // Check if the key is a heap number and compare it with the object.
1968 IfBuilder if_keyisnotsmi(this);
1969 HValue* keyisnotsmi = if_keyisnotsmi.IfNot<HIsSmiAndBranch>(key);
1970 if_keyisnotsmi.Then();
1972 IfBuilder if_keyisheapnumber(this);
1973 if_keyisheapnumber.If<HCompareMap>(
1974 key, isolate()->factory()->heap_number_map());
1975 if_keyisheapnumber.Then();
1977 // Check if values of key and object match.
1978 IfBuilder if_keyeqobject(this);
1979 if_keyeqobject.If<HCompareNumericAndBranch>(
1980 Add<HLoadNamedField>(key, keyisnotsmi,
1981 HObjectAccess::ForHeapNumberValue()),
1982 Add<HLoadNamedField>(object, objectisnumber,
1983 HObjectAccess::ForHeapNumberValue()),
1985 if_keyeqobject.Then();
1987 // Make the key_index available.
1990 if_keyeqobject.JoinContinuation(&found);
1992 if_keyisheapnumber.JoinContinuation(&found);
1994 if_keyisnotsmi.JoinContinuation(&found);
1996 if_objectisnumber.Else();
1998 if (type->Is(Type::Number())) {
1999 if_objectisnumber.Deopt(Deoptimizer::kExpectedHeapNumber);
2002 if_objectisnumber.JoinContinuation(&found);
2005 if_objectissmi.JoinContinuation(&found);
2007 // Check for cache hit.
2008 IfBuilder if_found(this, &found);
2011 // Count number to string operation in native code.
2012 AddIncrementCounter(isolate()->counters()->number_to_string_native());
2014 // Load the value in case of cache hit.
2015 HValue* key_index = Pop();
2016 HValue* value_index = AddUncasted<HAdd>(key_index, graph()->GetConstant1());
2017 Push(Add<HLoadKeyed>(number_string_cache, value_index, nullptr,
2018 FAST_ELEMENTS, ALLOW_RETURN_HOLE));
2022 // Cache miss, fallback to runtime.
2023 Add<HPushArguments>(object);
2024 Push(Add<HCallRuntime>(
2025 isolate()->factory()->empty_string(),
2026 Runtime::FunctionForId(Runtime::kNumberToStringSkipCache),
2035 HValue* HGraphBuilder::BuildToObject(HValue* receiver) {
2036 NoObservableSideEffectsScope scope(this);
2038 // Create a joinable continuation.
2039 HIfContinuation wrap(graph()->CreateBasicBlock(),
2040 graph()->CreateBasicBlock());
2042 // Determine the proper global constructor function required to wrap
2043 // {receiver} into a JSValue, unless {receiver} is already a {JSReceiver}, in
2044 // which case we just return it. Deopts to Runtime::kToObject if {receiver}
2045 // is undefined or null.
2046 IfBuilder receiver_is_smi(this);
2047 receiver_is_smi.If<HIsSmiAndBranch>(receiver);
2048 receiver_is_smi.Then();
2050 // Load native context.
2051 HValue* native_context = BuildGetNativeContext();
2053 // Load global Number function.
2054 HValue* constructor = Add<HLoadNamedField>(
2055 native_context, nullptr,
2056 HObjectAccess::ForContextSlot(Context::NUMBER_FUNCTION_INDEX));
2059 receiver_is_smi.Else();
2061 // Determine {receiver} map and instance type.
2062 HValue* receiver_map =
2063 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
2064 HValue* receiver_instance_type = Add<HLoadNamedField>(
2065 receiver_map, nullptr, HObjectAccess::ForMapInstanceType());
2067 // First check whether {receiver} is already a spec object (fast case).
2068 IfBuilder receiver_is_not_spec_object(this);
2069 receiver_is_not_spec_object.If<HCompareNumericAndBranch>(
2070 receiver_instance_type, Add<HConstant>(FIRST_SPEC_OBJECT_TYPE),
2072 receiver_is_not_spec_object.Then();
2074 // Load native context.
2075 HValue* native_context = BuildGetNativeContext();
2077 IfBuilder receiver_is_heap_number(this);
2078 receiver_is_heap_number.If<HCompareNumericAndBranch>(
2079 receiver_instance_type, Add<HConstant>(HEAP_NUMBER_TYPE), Token::EQ);
2080 receiver_is_heap_number.Then();
2082 // Load global Number function.
2083 HValue* constructor = Add<HLoadNamedField>(
2084 native_context, nullptr,
2085 HObjectAccess::ForContextSlot(Context::NUMBER_FUNCTION_INDEX));
2088 receiver_is_heap_number.Else();
2090 // Load boolean map (we cannot decide based on instance type, because
2091 // it's ODDBALL_TYPE, which would also include null and undefined).
2092 HValue* boolean_map = Add<HLoadRoot>(Heap::kBooleanMapRootIndex);
2094 IfBuilder receiver_is_boolean(this);
2095 receiver_is_boolean.If<HCompareObjectEqAndBranch>(receiver_map,
2097 receiver_is_boolean.Then();
2099 // Load global Boolean function.
2100 HValue* constructor = Add<HLoadNamedField>(
2101 native_context, nullptr,
2102 HObjectAccess::ForContextSlot(Context::BOOLEAN_FUNCTION_INDEX));
2105 receiver_is_boolean.Else();
2107 IfBuilder receiver_is_string(this);
2108 receiver_is_string.If<HCompareNumericAndBranch>(
2109 receiver_instance_type, Add<HConstant>(FIRST_NONSTRING_TYPE),
2111 receiver_is_string.Then();
2113 // Load global String function.
2114 HValue* constructor = Add<HLoadNamedField>(
2115 native_context, nullptr,
2116 HObjectAccess::ForContextSlot(Context::STRING_FUNCTION_INDEX));
2119 receiver_is_string.Else();
2121 IfBuilder receiver_is_symbol(this);
2122 receiver_is_symbol.If<HCompareNumericAndBranch>(
2123 receiver_instance_type, Add<HConstant>(SYMBOL_TYPE), Token::EQ);
2124 receiver_is_symbol.Then();
2126 // Load global Symbol function.
2127 HValue* constructor = Add<HLoadNamedField>(
2128 native_context, nullptr, HObjectAccess::ForContextSlot(
2129 Context::SYMBOL_FUNCTION_INDEX));
2132 receiver_is_symbol.Else();
2134 IfBuilder receiver_is_float32x4(this);
2135 receiver_is_float32x4.If<HCompareNumericAndBranch>(
2136 receiver_instance_type, Add<HConstant>(FLOAT32X4_TYPE),
2138 receiver_is_float32x4.Then();
2140 // Load global Float32x4 function.
2141 HValue* constructor = Add<HLoadNamedField>(
2142 native_context, nullptr,
2143 HObjectAccess::ForContextSlot(
2144 Context::FLOAT32X4_FUNCTION_INDEX));
2147 receiver_is_float32x4.ElseDeopt(
2148 Deoptimizer::kUndefinedOrNullInToObject);
2149 receiver_is_float32x4.JoinContinuation(&wrap);
2151 receiver_is_symbol.JoinContinuation(&wrap);
2153 receiver_is_string.JoinContinuation(&wrap);
2155 receiver_is_boolean.JoinContinuation(&wrap);
2157 receiver_is_heap_number.JoinContinuation(&wrap);
2159 receiver_is_not_spec_object.JoinContinuation(&wrap);
2161 receiver_is_smi.JoinContinuation(&wrap);
2163 // Wrap the receiver if necessary.
2164 IfBuilder if_wrap(this, &wrap);
2167 // Determine the initial map for the global constructor.
2168 HValue* constructor = Pop();
2169 HValue* constructor_initial_map = Add<HLoadNamedField>(
2170 constructor, nullptr, HObjectAccess::ForPrototypeOrInitialMap());
2171 // Allocate and initialize a JSValue wrapper.
2173 BuildAllocate(Add<HConstant>(JSValue::kSize), HType::JSObject(),
2174 JS_VALUE_TYPE, HAllocationMode());
2175 Add<HStoreNamedField>(value, HObjectAccess::ForMap(),
2176 constructor_initial_map);
2177 HValue* empty_fixed_array = Add<HLoadRoot>(Heap::kEmptyFixedArrayRootIndex);
2178 Add<HStoreNamedField>(value, HObjectAccess::ForPropertiesPointer(),
2180 Add<HStoreNamedField>(value, HObjectAccess::ForElementsPointer(),
2182 Add<HStoreNamedField>(value, HObjectAccess::ForObservableJSObjectOffset(
2183 JSValue::kValueOffset),
2194 HAllocate* HGraphBuilder::BuildAllocate(
2195 HValue* object_size,
2197 InstanceType instance_type,
2198 HAllocationMode allocation_mode) {
2199 // Compute the effective allocation size.
2200 HValue* size = object_size;
2201 if (allocation_mode.CreateAllocationMementos()) {
2202 size = AddUncasted<HAdd>(size, Add<HConstant>(AllocationMemento::kSize));
2203 size->ClearFlag(HValue::kCanOverflow);
2206 // Perform the actual allocation.
2207 HAllocate* object = Add<HAllocate>(
2208 size, type, allocation_mode.GetPretenureMode(),
2209 instance_type, allocation_mode.feedback_site());
2211 // Setup the allocation memento.
2212 if (allocation_mode.CreateAllocationMementos()) {
2213 BuildCreateAllocationMemento(
2214 object, object_size, allocation_mode.current_site());
2221 HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
2222 HValue* right_length) {
2223 // Compute the combined string length and check against max string length.
2224 HValue* length = AddUncasted<HAdd>(left_length, right_length);
2225 // Check that length <= kMaxLength <=> length < MaxLength + 1.
2226 HValue* max_length = Add<HConstant>(String::kMaxLength + 1);
2227 Add<HBoundsCheck>(length, max_length);
2232 HValue* HGraphBuilder::BuildCreateConsString(
2236 HAllocationMode allocation_mode) {
2237 // Determine the string instance types.
2238 HInstruction* left_instance_type = AddLoadStringInstanceType(left);
2239 HInstruction* right_instance_type = AddLoadStringInstanceType(right);
2241 // Allocate the cons string object. HAllocate does not care whether we
2242 // pass CONS_STRING_TYPE or CONS_ONE_BYTE_STRING_TYPE here, so we just use
2243 // CONS_STRING_TYPE here. Below we decide whether the cons string is
2244 // one-byte or two-byte and set the appropriate map.
2245 DCHECK(HAllocate::CompatibleInstanceTypes(CONS_STRING_TYPE,
2246 CONS_ONE_BYTE_STRING_TYPE));
2247 HAllocate* result = BuildAllocate(Add<HConstant>(ConsString::kSize),
2248 HType::String(), CONS_STRING_TYPE,
2251 // Compute intersection and difference of instance types.
2252 HValue* anded_instance_types = AddUncasted<HBitwise>(
2253 Token::BIT_AND, left_instance_type, right_instance_type);
2254 HValue* xored_instance_types = AddUncasted<HBitwise>(
2255 Token::BIT_XOR, left_instance_type, right_instance_type);
2257 // We create a one-byte cons string if
2258 // 1. both strings are one-byte, or
2259 // 2. at least one of the strings is two-byte, but happens to contain only
2260 // one-byte characters.
2261 // To do this, we check
2262 // 1. if both strings are one-byte, or if the one-byte data hint is set in
2264 // 2. if one of the strings has the one-byte data hint set and the other
2265 // string is one-byte.
2266 IfBuilder if_onebyte(this);
2267 STATIC_ASSERT(kOneByteStringTag != 0);
2268 STATIC_ASSERT(kOneByteDataHintMask != 0);
2269 if_onebyte.If<HCompareNumericAndBranch>(
2270 AddUncasted<HBitwise>(
2271 Token::BIT_AND, anded_instance_types,
2272 Add<HConstant>(static_cast<int32_t>(
2273 kStringEncodingMask | kOneByteDataHintMask))),
2274 graph()->GetConstant0(), Token::NE);
2276 STATIC_ASSERT(kOneByteStringTag != 0 &&
2277 kOneByteDataHintTag != 0 &&
2278 kOneByteDataHintTag != kOneByteStringTag);
2279 if_onebyte.If<HCompareNumericAndBranch>(
2280 AddUncasted<HBitwise>(
2281 Token::BIT_AND, xored_instance_types,
2282 Add<HConstant>(static_cast<int32_t>(
2283 kOneByteStringTag | kOneByteDataHintTag))),
2284 Add<HConstant>(static_cast<int32_t>(
2285 kOneByteStringTag | kOneByteDataHintTag)), Token::EQ);
2288 // We can safely skip the write barrier for storing the map here.
2289 Add<HStoreNamedField>(
2290 result, HObjectAccess::ForMap(),
2291 Add<HConstant>(isolate()->factory()->cons_one_byte_string_map()));
2295 // We can safely skip the write barrier for storing the map here.
2296 Add<HStoreNamedField>(
2297 result, HObjectAccess::ForMap(),
2298 Add<HConstant>(isolate()->factory()->cons_string_map()));
2302 // Initialize the cons string fields.
2303 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2304 Add<HConstant>(String::kEmptyHashField));
2305 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2306 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringFirst(), left);
2307 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringSecond(), right);
2309 // Count the native string addition.
2310 AddIncrementCounter(isolate()->counters()->string_add_native());
2316 void HGraphBuilder::BuildCopySeqStringChars(HValue* src,
2318 String::Encoding src_encoding,
2321 String::Encoding dst_encoding,
2323 DCHECK(dst_encoding != String::ONE_BYTE_ENCODING ||
2324 src_encoding == String::ONE_BYTE_ENCODING);
2325 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
2326 HValue* index = loop.BeginBody(graph()->GetConstant0(), length, Token::LT);
2328 HValue* src_index = AddUncasted<HAdd>(src_offset, index);
2330 AddUncasted<HSeqStringGetChar>(src_encoding, src, src_index);
2331 HValue* dst_index = AddUncasted<HAdd>(dst_offset, index);
2332 Add<HSeqStringSetChar>(dst_encoding, dst, dst_index, value);
2338 HValue* HGraphBuilder::BuildObjectSizeAlignment(
2339 HValue* unaligned_size, int header_size) {
2340 DCHECK((header_size & kObjectAlignmentMask) == 0);
2341 HValue* size = AddUncasted<HAdd>(
2342 unaligned_size, Add<HConstant>(static_cast<int32_t>(
2343 header_size + kObjectAlignmentMask)));
2344 size->ClearFlag(HValue::kCanOverflow);
2345 return AddUncasted<HBitwise>(
2346 Token::BIT_AND, size, Add<HConstant>(static_cast<int32_t>(
2347 ~kObjectAlignmentMask)));
2351 HValue* HGraphBuilder::BuildUncheckedStringAdd(
2354 HAllocationMode allocation_mode) {
2355 // Determine the string lengths.
2356 HValue* left_length = AddLoadStringLength(left);
2357 HValue* right_length = AddLoadStringLength(right);
2359 // Compute the combined string length.
2360 HValue* length = BuildAddStringLengths(left_length, right_length);
2362 // Do some manual constant folding here.
2363 if (left_length->IsConstant()) {
2364 HConstant* c_left_length = HConstant::cast(left_length);
2365 DCHECK_NE(0, c_left_length->Integer32Value());
2366 if (c_left_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2367 // The right string contains at least one character.
2368 return BuildCreateConsString(length, left, right, allocation_mode);
2370 } else if (right_length->IsConstant()) {
2371 HConstant* c_right_length = HConstant::cast(right_length);
2372 DCHECK_NE(0, c_right_length->Integer32Value());
2373 if (c_right_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2374 // The left string contains at least one character.
2375 return BuildCreateConsString(length, left, right, allocation_mode);
2379 // Check if we should create a cons string.
2380 IfBuilder if_createcons(this);
2381 if_createcons.If<HCompareNumericAndBranch>(
2382 length, Add<HConstant>(ConsString::kMinLength), Token::GTE);
2383 if_createcons.Then();
2385 // Create a cons string.
2386 Push(BuildCreateConsString(length, left, right, allocation_mode));
2388 if_createcons.Else();
2390 // Determine the string instance types.
2391 HValue* left_instance_type = AddLoadStringInstanceType(left);
2392 HValue* right_instance_type = AddLoadStringInstanceType(right);
2394 // Compute union and difference of instance types.
2395 HValue* ored_instance_types = AddUncasted<HBitwise>(
2396 Token::BIT_OR, left_instance_type, right_instance_type);
2397 HValue* xored_instance_types = AddUncasted<HBitwise>(
2398 Token::BIT_XOR, left_instance_type, right_instance_type);
2400 // Check if both strings have the same encoding and both are
2402 IfBuilder if_sameencodingandsequential(this);
2403 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2404 AddUncasted<HBitwise>(
2405 Token::BIT_AND, xored_instance_types,
2406 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2407 graph()->GetConstant0(), Token::EQ);
2408 if_sameencodingandsequential.And();
2409 STATIC_ASSERT(kSeqStringTag == 0);
2410 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2411 AddUncasted<HBitwise>(
2412 Token::BIT_AND, ored_instance_types,
2413 Add<HConstant>(static_cast<int32_t>(kStringRepresentationMask))),
2414 graph()->GetConstant0(), Token::EQ);
2415 if_sameencodingandsequential.Then();
2417 HConstant* string_map =
2418 Add<HConstant>(isolate()->factory()->string_map());
2419 HConstant* one_byte_string_map =
2420 Add<HConstant>(isolate()->factory()->one_byte_string_map());
2422 // Determine map and size depending on whether result is one-byte string.
2423 IfBuilder if_onebyte(this);
2424 STATIC_ASSERT(kOneByteStringTag != 0);
2425 if_onebyte.If<HCompareNumericAndBranch>(
2426 AddUncasted<HBitwise>(
2427 Token::BIT_AND, ored_instance_types,
2428 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2429 graph()->GetConstant0(), Token::NE);
2432 // Allocate sequential one-byte string object.
2434 Push(one_byte_string_map);
2438 // Allocate sequential two-byte string object.
2439 HValue* size = AddUncasted<HShl>(length, graph()->GetConstant1());
2440 size->ClearFlag(HValue::kCanOverflow);
2441 size->SetFlag(HValue::kUint32);
2446 HValue* map = Pop();
2448 // Calculate the number of bytes needed for the characters in the
2449 // string while observing object alignment.
2450 STATIC_ASSERT((SeqString::kHeaderSize & kObjectAlignmentMask) == 0);
2451 HValue* size = BuildObjectSizeAlignment(Pop(), SeqString::kHeaderSize);
2453 // Allocate the string object. HAllocate does not care whether we pass
2454 // STRING_TYPE or ONE_BYTE_STRING_TYPE here, so we just use STRING_TYPE.
2455 HAllocate* result = BuildAllocate(
2456 size, HType::String(), STRING_TYPE, allocation_mode);
2457 Add<HStoreNamedField>(result, HObjectAccess::ForMap(), map);
2459 // Initialize the string fields.
2460 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2461 Add<HConstant>(String::kEmptyHashField));
2462 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2464 // Copy characters to the result string.
2465 IfBuilder if_twobyte(this);
2466 if_twobyte.If<HCompareObjectEqAndBranch>(map, string_map);
2469 // Copy characters from the left string.
2470 BuildCopySeqStringChars(
2471 left, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2472 result, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2475 // Copy characters from the right string.
2476 BuildCopySeqStringChars(
2477 right, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2478 result, left_length, String::TWO_BYTE_ENCODING,
2483 // Copy characters from the left string.
2484 BuildCopySeqStringChars(
2485 left, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2486 result, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2489 // Copy characters from the right string.
2490 BuildCopySeqStringChars(
2491 right, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2492 result, left_length, String::ONE_BYTE_ENCODING,
2497 // Count the native string addition.
2498 AddIncrementCounter(isolate()->counters()->string_add_native());
2500 // Return the sequential string.
2503 if_sameencodingandsequential.Else();
2505 // Fallback to the runtime to add the two strings.
2506 Add<HPushArguments>(left, right);
2507 Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
2508 Runtime::FunctionForId(Runtime::kStringAdd), 2));
2510 if_sameencodingandsequential.End();
2512 if_createcons.End();
2518 HValue* HGraphBuilder::BuildStringAdd(
2521 HAllocationMode allocation_mode) {
2522 NoObservableSideEffectsScope no_effects(this);
2524 // Determine string lengths.
2525 HValue* left_length = AddLoadStringLength(left);
2526 HValue* right_length = AddLoadStringLength(right);
2528 // Check if left string is empty.
2529 IfBuilder if_leftempty(this);
2530 if_leftempty.If<HCompareNumericAndBranch>(
2531 left_length, graph()->GetConstant0(), Token::EQ);
2532 if_leftempty.Then();
2534 // Count the native string addition.
2535 AddIncrementCounter(isolate()->counters()->string_add_native());
2537 // Just return the right string.
2540 if_leftempty.Else();
2542 // Check if right string is empty.
2543 IfBuilder if_rightempty(this);
2544 if_rightempty.If<HCompareNumericAndBranch>(
2545 right_length, graph()->GetConstant0(), Token::EQ);
2546 if_rightempty.Then();
2548 // Count the native string addition.
2549 AddIncrementCounter(isolate()->counters()->string_add_native());
2551 // Just return the left string.
2554 if_rightempty.Else();
2556 // Add the two non-empty strings.
2557 Push(BuildUncheckedStringAdd(left, right, allocation_mode));
2559 if_rightempty.End();
2567 HInstruction* HGraphBuilder::BuildUncheckedMonomorphicElementAccess(
2568 HValue* checked_object,
2572 ElementsKind elements_kind,
2573 PropertyAccessType access_type,
2574 LoadKeyedHoleMode load_mode,
2575 KeyedAccessStoreMode store_mode) {
2576 DCHECK(top_info()->IsStub() || checked_object->IsCompareMap() ||
2577 checked_object->IsCheckMaps());
2578 DCHECK(!IsFixedTypedArrayElementsKind(elements_kind) || !is_js_array);
2579 // No GVNFlag is necessary for ElementsKind if there is an explicit dependency
2580 // on a HElementsTransition instruction. The flag can also be removed if the
2581 // map to check has FAST_HOLEY_ELEMENTS, since there can be no further
2582 // ElementsKind transitions. Finally, the dependency can be removed for stores
2583 // for FAST_ELEMENTS, since a transition to HOLEY elements won't change the
2584 // generated store code.
2585 if ((elements_kind == FAST_HOLEY_ELEMENTS) ||
2586 (elements_kind == FAST_ELEMENTS && access_type == STORE)) {
2587 checked_object->ClearDependsOnFlag(kElementsKind);
2590 bool fast_smi_only_elements = IsFastSmiElementsKind(elements_kind);
2591 bool fast_elements = IsFastObjectElementsKind(elements_kind);
2592 HValue* elements = AddLoadElements(checked_object);
2593 if (access_type == STORE && (fast_elements || fast_smi_only_elements) &&
2594 store_mode != STORE_NO_TRANSITION_HANDLE_COW) {
2595 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2596 elements, isolate()->factory()->fixed_array_map());
2597 check_cow_map->ClearDependsOnFlag(kElementsKind);
2599 HInstruction* length = NULL;
2601 length = Add<HLoadNamedField>(
2602 checked_object->ActualValue(), checked_object,
2603 HObjectAccess::ForArrayLength(elements_kind));
2605 length = AddLoadFixedArrayLength(elements);
2607 length->set_type(HType::Smi());
2608 HValue* checked_key = NULL;
2609 if (IsFixedTypedArrayElementsKind(elements_kind)) {
2610 checked_object = Add<HCheckArrayBufferNotNeutered>(checked_object);
2612 HValue* external_pointer = Add<HLoadNamedField>(
2614 HObjectAccess::ForFixedTypedArrayBaseExternalPointer());
2615 HValue* base_pointer = Add<HLoadNamedField>(
2616 elements, nullptr, HObjectAccess::ForFixedTypedArrayBaseBasePointer());
2617 HValue* backing_store = AddUncasted<HAdd>(
2618 external_pointer, base_pointer, Strength::WEAK, AddOfExternalAndTagged);
2620 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
2621 NoObservableSideEffectsScope no_effects(this);
2622 IfBuilder length_checker(this);
2623 length_checker.If<HCompareNumericAndBranch>(key, length, Token::LT);
2624 length_checker.Then();
2625 IfBuilder negative_checker(this);
2626 HValue* bounds_check = negative_checker.If<HCompareNumericAndBranch>(
2627 key, graph()->GetConstant0(), Token::GTE);
2628 negative_checker.Then();
2629 HInstruction* result = AddElementAccess(
2630 backing_store, key, val, bounds_check, elements_kind, access_type);
2631 negative_checker.ElseDeopt(Deoptimizer::kNegativeKeyEncountered);
2632 negative_checker.End();
2633 length_checker.End();
2636 DCHECK(store_mode == STANDARD_STORE);
2637 checked_key = Add<HBoundsCheck>(key, length);
2638 return AddElementAccess(
2639 backing_store, checked_key, val,
2640 checked_object, elements_kind, access_type);
2643 DCHECK(fast_smi_only_elements ||
2645 IsFastDoubleElementsKind(elements_kind));
2647 // In case val is stored into a fast smi array, assure that the value is a smi
2648 // before manipulating the backing store. Otherwise the actual store may
2649 // deopt, leaving the backing store in an invalid state.
2650 if (access_type == STORE && IsFastSmiElementsKind(elements_kind) &&
2651 !val->type().IsSmi()) {
2652 val = AddUncasted<HForceRepresentation>(val, Representation::Smi());
2655 if (IsGrowStoreMode(store_mode)) {
2656 NoObservableSideEffectsScope no_effects(this);
2657 Representation representation = HStoreKeyed::RequiredValueRepresentation(
2658 elements_kind, STORE_TO_INITIALIZED_ENTRY);
2659 val = AddUncasted<HForceRepresentation>(val, representation);
2660 elements = BuildCheckForCapacityGrow(checked_object, elements,
2661 elements_kind, length, key,
2662 is_js_array, access_type);
2665 checked_key = Add<HBoundsCheck>(key, length);
2667 if (access_type == STORE && (fast_elements || fast_smi_only_elements)) {
2668 if (store_mode == STORE_NO_TRANSITION_HANDLE_COW) {
2669 NoObservableSideEffectsScope no_effects(this);
2670 elements = BuildCopyElementsOnWrite(checked_object, elements,
2671 elements_kind, length);
2673 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2674 elements, isolate()->factory()->fixed_array_map());
2675 check_cow_map->ClearDependsOnFlag(kElementsKind);
2679 return AddElementAccess(elements, checked_key, val, checked_object,
2680 elements_kind, access_type, load_mode);
2684 HValue* HGraphBuilder::BuildAllocateArrayFromLength(
2685 JSArrayBuilder* array_builder,
2686 HValue* length_argument) {
2687 if (length_argument->IsConstant() &&
2688 HConstant::cast(length_argument)->HasSmiValue()) {
2689 int array_length = HConstant::cast(length_argument)->Integer32Value();
2690 if (array_length == 0) {
2691 return array_builder->AllocateEmptyArray();
2693 return array_builder->AllocateArray(length_argument,
2699 HValue* constant_zero = graph()->GetConstant0();
2700 HConstant* max_alloc_length =
2701 Add<HConstant>(JSObject::kInitialMaxFastElementArray);
2702 HInstruction* checked_length = Add<HBoundsCheck>(length_argument,
2704 IfBuilder if_builder(this);
2705 if_builder.If<HCompareNumericAndBranch>(checked_length, constant_zero,
2708 const int initial_capacity = JSArray::kPreallocatedArrayElements;
2709 HConstant* initial_capacity_node = Add<HConstant>(initial_capacity);
2710 Push(initial_capacity_node); // capacity
2711 Push(constant_zero); // length
2713 if (!(top_info()->IsStub()) &&
2714 IsFastPackedElementsKind(array_builder->kind())) {
2715 // We'll come back later with better (holey) feedback.
2717 Deoptimizer::kHoleyArrayDespitePackedElements_kindFeedback);
2719 Push(checked_length); // capacity
2720 Push(checked_length); // length
2724 // Figure out total size
2725 HValue* length = Pop();
2726 HValue* capacity = Pop();
2727 return array_builder->AllocateArray(capacity, max_alloc_length, length);
2731 HValue* HGraphBuilder::BuildCalculateElementsSize(ElementsKind kind,
2733 int elements_size = IsFastDoubleElementsKind(kind)
2737 HConstant* elements_size_value = Add<HConstant>(elements_size);
2739 HMul::NewImul(isolate(), zone(), context(), capacity->ActualValue(),
2740 elements_size_value);
2741 AddInstruction(mul);
2742 mul->ClearFlag(HValue::kCanOverflow);
2744 STATIC_ASSERT(FixedDoubleArray::kHeaderSize == FixedArray::kHeaderSize);
2746 HConstant* header_size = Add<HConstant>(FixedArray::kHeaderSize);
2747 HValue* total_size = AddUncasted<HAdd>(mul, header_size);
2748 total_size->ClearFlag(HValue::kCanOverflow);
2753 HAllocate* HGraphBuilder::AllocateJSArrayObject(AllocationSiteMode mode) {
2754 int base_size = JSArray::kSize;
2755 if (mode == TRACK_ALLOCATION_SITE) {
2756 base_size += AllocationMemento::kSize;
2758 HConstant* size_in_bytes = Add<HConstant>(base_size);
2759 return Add<HAllocate>(
2760 size_in_bytes, HType::JSArray(), NOT_TENURED, JS_OBJECT_TYPE);
2764 HConstant* HGraphBuilder::EstablishElementsAllocationSize(
2767 int base_size = IsFastDoubleElementsKind(kind)
2768 ? FixedDoubleArray::SizeFor(capacity)
2769 : FixedArray::SizeFor(capacity);
2771 return Add<HConstant>(base_size);
2775 HAllocate* HGraphBuilder::BuildAllocateElements(ElementsKind kind,
2776 HValue* size_in_bytes) {
2777 InstanceType instance_type = IsFastDoubleElementsKind(kind)
2778 ? FIXED_DOUBLE_ARRAY_TYPE
2781 return Add<HAllocate>(size_in_bytes, HType::HeapObject(), NOT_TENURED,
2786 void HGraphBuilder::BuildInitializeElementsHeader(HValue* elements,
2789 Factory* factory = isolate()->factory();
2790 Handle<Map> map = IsFastDoubleElementsKind(kind)
2791 ? factory->fixed_double_array_map()
2792 : factory->fixed_array_map();
2794 Add<HStoreNamedField>(elements, HObjectAccess::ForMap(), Add<HConstant>(map));
2795 Add<HStoreNamedField>(elements, HObjectAccess::ForFixedArrayLength(),
2800 HValue* HGraphBuilder::BuildAllocateAndInitializeArray(ElementsKind kind,
2802 // The HForceRepresentation is to prevent possible deopt on int-smi
2803 // conversion after allocation but before the new object fields are set.
2804 capacity = AddUncasted<HForceRepresentation>(capacity, Representation::Smi());
2805 HValue* size_in_bytes = BuildCalculateElementsSize(kind, capacity);
2806 HValue* new_array = BuildAllocateElements(kind, size_in_bytes);
2807 BuildInitializeElementsHeader(new_array, kind, capacity);
2812 void HGraphBuilder::BuildJSArrayHeader(HValue* array,
2815 AllocationSiteMode mode,
2816 ElementsKind elements_kind,
2817 HValue* allocation_site_payload,
2818 HValue* length_field) {
2819 Add<HStoreNamedField>(array, HObjectAccess::ForMap(), array_map);
2821 HConstant* empty_fixed_array =
2822 Add<HConstant>(isolate()->factory()->empty_fixed_array());
2824 Add<HStoreNamedField>(
2825 array, HObjectAccess::ForPropertiesPointer(), empty_fixed_array);
2827 Add<HStoreNamedField>(
2828 array, HObjectAccess::ForElementsPointer(),
2829 elements != NULL ? elements : empty_fixed_array);
2831 Add<HStoreNamedField>(
2832 array, HObjectAccess::ForArrayLength(elements_kind), length_field);
2834 if (mode == TRACK_ALLOCATION_SITE) {
2835 BuildCreateAllocationMemento(
2836 array, Add<HConstant>(JSArray::kSize), allocation_site_payload);
2841 HInstruction* HGraphBuilder::AddElementAccess(
2843 HValue* checked_key,
2846 ElementsKind elements_kind,
2847 PropertyAccessType access_type,
2848 LoadKeyedHoleMode load_mode) {
2849 if (access_type == STORE) {
2850 DCHECK(val != NULL);
2851 if (elements_kind == UINT8_CLAMPED_ELEMENTS) {
2852 val = Add<HClampToUint8>(val);
2854 return Add<HStoreKeyed>(elements, checked_key, val, elements_kind,
2855 STORE_TO_INITIALIZED_ENTRY);
2858 DCHECK(access_type == LOAD);
2859 DCHECK(val == NULL);
2860 HLoadKeyed* load = Add<HLoadKeyed>(
2861 elements, checked_key, dependency, elements_kind, load_mode);
2862 if (elements_kind == UINT32_ELEMENTS) {
2863 graph()->RecordUint32Instruction(load);
2869 HLoadNamedField* HGraphBuilder::AddLoadMap(HValue* object,
2870 HValue* dependency) {
2871 return Add<HLoadNamedField>(object, dependency, HObjectAccess::ForMap());
2875 HLoadNamedField* HGraphBuilder::AddLoadElements(HValue* object,
2876 HValue* dependency) {
2877 return Add<HLoadNamedField>(
2878 object, dependency, HObjectAccess::ForElementsPointer());
2882 HLoadNamedField* HGraphBuilder::AddLoadFixedArrayLength(
2884 HValue* dependency) {
2885 return Add<HLoadNamedField>(
2886 array, dependency, HObjectAccess::ForFixedArrayLength());
2890 HLoadNamedField* HGraphBuilder::AddLoadArrayLength(HValue* array,
2892 HValue* dependency) {
2893 return Add<HLoadNamedField>(
2894 array, dependency, HObjectAccess::ForArrayLength(kind));
2898 HValue* HGraphBuilder::BuildNewElementsCapacity(HValue* old_capacity) {
2899 HValue* half_old_capacity = AddUncasted<HShr>(old_capacity,
2900 graph_->GetConstant1());
2902 HValue* new_capacity = AddUncasted<HAdd>(half_old_capacity, old_capacity);
2903 new_capacity->ClearFlag(HValue::kCanOverflow);
2905 HValue* min_growth = Add<HConstant>(16);
2907 new_capacity = AddUncasted<HAdd>(new_capacity, min_growth);
2908 new_capacity->ClearFlag(HValue::kCanOverflow);
2910 return new_capacity;
2914 HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
2917 ElementsKind new_kind,
2919 HValue* new_capacity) {
2920 Add<HBoundsCheck>(new_capacity, Add<HConstant>(
2921 (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
2922 ElementsKindToShiftSize(new_kind)));
2924 HValue* new_elements =
2925 BuildAllocateAndInitializeArray(new_kind, new_capacity);
2927 BuildCopyElements(elements, kind, new_elements,
2928 new_kind, length, new_capacity);
2930 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
2933 return new_elements;
2937 void HGraphBuilder::BuildFillElementsWithValue(HValue* elements,
2938 ElementsKind elements_kind,
2943 to = AddLoadFixedArrayLength(elements);
2946 // Special loop unfolding case
2947 STATIC_ASSERT(JSArray::kPreallocatedArrayElements <=
2948 kElementLoopUnrollThreshold);
2949 int initial_capacity = -1;
2950 if (from->IsInteger32Constant() && to->IsInteger32Constant()) {
2951 int constant_from = from->GetInteger32Constant();
2952 int constant_to = to->GetInteger32Constant();
2954 if (constant_from == 0 && constant_to <= kElementLoopUnrollThreshold) {
2955 initial_capacity = constant_to;
2959 if (initial_capacity >= 0) {
2960 for (int i = 0; i < initial_capacity; i++) {
2961 HInstruction* key = Add<HConstant>(i);
2962 Add<HStoreKeyed>(elements, key, value, elements_kind);
2965 // Carefully loop backwards so that the "from" remains live through the loop
2966 // rather than the to. This often corresponds to keeping length live rather
2967 // then capacity, which helps register allocation, since length is used more
2968 // other than capacity after filling with holes.
2969 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2971 HValue* key = builder.BeginBody(to, from, Token::GT);
2973 HValue* adjusted_key = AddUncasted<HSub>(key, graph()->GetConstant1());
2974 adjusted_key->ClearFlag(HValue::kCanOverflow);
2976 Add<HStoreKeyed>(elements, adjusted_key, value, elements_kind);
2983 void HGraphBuilder::BuildFillElementsWithHole(HValue* elements,
2984 ElementsKind elements_kind,
2987 // Fast elements kinds need to be initialized in case statements below cause a
2988 // garbage collection.
2990 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
2991 ? graph()->GetConstantHole()
2992 : Add<HConstant>(HConstant::kHoleNaN);
2994 // Since we're about to store a hole value, the store instruction below must
2995 // assume an elements kind that supports heap object values.
2996 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
2997 elements_kind = FAST_HOLEY_ELEMENTS;
3000 BuildFillElementsWithValue(elements, elements_kind, from, to, hole);
3004 void HGraphBuilder::BuildCopyProperties(HValue* from_properties,
3005 HValue* to_properties, HValue* length,
3007 ElementsKind kind = FAST_ELEMENTS;
3009 BuildFillElementsWithValue(to_properties, kind, length, capacity,
3010 graph()->GetConstantUndefined());
3012 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
3014 HValue* key = builder.BeginBody(length, graph()->GetConstant0(), Token::GT);
3016 key = AddUncasted<HSub>(key, graph()->GetConstant1());
3017 key->ClearFlag(HValue::kCanOverflow);
3019 HValue* element = Add<HLoadKeyed>(from_properties, key, nullptr, kind);
3021 Add<HStoreKeyed>(to_properties, key, element, kind);
3027 void HGraphBuilder::BuildCopyElements(HValue* from_elements,
3028 ElementsKind from_elements_kind,
3029 HValue* to_elements,
3030 ElementsKind to_elements_kind,
3033 int constant_capacity = -1;
3034 if (capacity != NULL &&
3035 capacity->IsConstant() &&
3036 HConstant::cast(capacity)->HasInteger32Value()) {
3037 int constant_candidate = HConstant::cast(capacity)->Integer32Value();
3038 if (constant_candidate <= kElementLoopUnrollThreshold) {
3039 constant_capacity = constant_candidate;
3043 bool pre_fill_with_holes =
3044 IsFastDoubleElementsKind(from_elements_kind) &&
3045 IsFastObjectElementsKind(to_elements_kind);
3046 if (pre_fill_with_holes) {
3047 // If the copy might trigger a GC, make sure that the FixedArray is
3048 // pre-initialized with holes to make sure that it's always in a
3049 // consistent state.
3050 BuildFillElementsWithHole(to_elements, to_elements_kind,
3051 graph()->GetConstant0(), NULL);
3054 if (constant_capacity != -1) {
3055 // Unroll the loop for small elements kinds.
3056 for (int i = 0; i < constant_capacity; i++) {
3057 HValue* key_constant = Add<HConstant>(i);
3058 HInstruction* value = Add<HLoadKeyed>(from_elements, key_constant,
3059 nullptr, from_elements_kind);
3060 Add<HStoreKeyed>(to_elements, key_constant, value, to_elements_kind);
3063 if (!pre_fill_with_holes &&
3064 (capacity == NULL || !length->Equals(capacity))) {
3065 BuildFillElementsWithHole(to_elements, to_elements_kind,
3069 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
3071 HValue* key = builder.BeginBody(length, graph()->GetConstant0(),
3074 key = AddUncasted<HSub>(key, graph()->GetConstant1());
3075 key->ClearFlag(HValue::kCanOverflow);
3077 HValue* element = Add<HLoadKeyed>(from_elements, key, nullptr,
3078 from_elements_kind, ALLOW_RETURN_HOLE);
3080 ElementsKind kind = (IsHoleyElementsKind(from_elements_kind) &&
3081 IsFastSmiElementsKind(to_elements_kind))
3082 ? FAST_HOLEY_ELEMENTS : to_elements_kind;
3084 if (IsHoleyElementsKind(from_elements_kind) &&
3085 from_elements_kind != to_elements_kind) {
3086 IfBuilder if_hole(this);
3087 if_hole.If<HCompareHoleAndBranch>(element);
3089 HConstant* hole_constant = IsFastDoubleElementsKind(to_elements_kind)
3090 ? Add<HConstant>(HConstant::kHoleNaN)
3091 : graph()->GetConstantHole();
3092 Add<HStoreKeyed>(to_elements, key, hole_constant, kind);
3094 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
3095 store->SetFlag(HValue::kAllowUndefinedAsNaN);
3098 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
3099 store->SetFlag(HValue::kAllowUndefinedAsNaN);
3105 Counters* counters = isolate()->counters();
3106 AddIncrementCounter(counters->inlined_copied_elements());
3110 HValue* HGraphBuilder::BuildCloneShallowArrayCow(HValue* boilerplate,
3111 HValue* allocation_site,
3112 AllocationSiteMode mode,
3113 ElementsKind kind) {
3114 HAllocate* array = AllocateJSArrayObject(mode);
3116 HValue* map = AddLoadMap(boilerplate);
3117 HValue* elements = AddLoadElements(boilerplate);
3118 HValue* length = AddLoadArrayLength(boilerplate, kind);
3120 BuildJSArrayHeader(array,
3131 HValue* HGraphBuilder::BuildCloneShallowArrayEmpty(HValue* boilerplate,
3132 HValue* allocation_site,
3133 AllocationSiteMode mode) {
3134 HAllocate* array = AllocateJSArrayObject(mode);
3136 HValue* map = AddLoadMap(boilerplate);
3138 BuildJSArrayHeader(array,
3140 NULL, // set elements to empty fixed array
3144 graph()->GetConstant0());
3149 HValue* HGraphBuilder::BuildCloneShallowArrayNonEmpty(HValue* boilerplate,
3150 HValue* allocation_site,
3151 AllocationSiteMode mode,
3152 ElementsKind kind) {
3153 HValue* boilerplate_elements = AddLoadElements(boilerplate);
3154 HValue* capacity = AddLoadFixedArrayLength(boilerplate_elements);
3156 // Generate size calculation code here in order to make it dominate
3157 // the JSArray allocation.
3158 HValue* elements_size = BuildCalculateElementsSize(kind, capacity);
3160 // Create empty JSArray object for now, store elimination should remove
3161 // redundant initialization of elements and length fields and at the same
3162 // time the object will be fully prepared for GC if it happens during
3163 // elements allocation.
3164 HValue* result = BuildCloneShallowArrayEmpty(
3165 boilerplate, allocation_site, mode);
3167 HAllocate* elements = BuildAllocateElements(kind, elements_size);
3169 // This function implicitly relies on the fact that the
3170 // FastCloneShallowArrayStub is called only for literals shorter than
3171 // JSObject::kInitialMaxFastElementArray.
3172 // Can't add HBoundsCheck here because otherwise the stub will eager a frame.
3173 HConstant* size_upper_bound = EstablishElementsAllocationSize(
3174 kind, JSObject::kInitialMaxFastElementArray);
3175 elements->set_size_upper_bound(size_upper_bound);
3177 Add<HStoreNamedField>(result, HObjectAccess::ForElementsPointer(), elements);
3179 // The allocation for the cloned array above causes register pressure on
3180 // machines with low register counts. Force a reload of the boilerplate
3181 // elements here to free up a register for the allocation to avoid unnecessary
3183 boilerplate_elements = AddLoadElements(boilerplate);
3184 boilerplate_elements->SetFlag(HValue::kCantBeReplaced);
3186 // Copy the elements array header.
3187 for (int i = 0; i < FixedArrayBase::kHeaderSize; i += kPointerSize) {
3188 HObjectAccess access = HObjectAccess::ForFixedArrayHeader(i);
3189 Add<HStoreNamedField>(
3191 Add<HLoadNamedField>(boilerplate_elements, nullptr, access));
3194 // And the result of the length
3195 HValue* length = AddLoadArrayLength(boilerplate, kind);
3196 Add<HStoreNamedField>(result, HObjectAccess::ForArrayLength(kind), length);
3198 BuildCopyElements(boilerplate_elements, kind, elements,
3199 kind, length, NULL);
3204 void HGraphBuilder::BuildCompareNil(HValue* value, Type* type,
3205 HIfContinuation* continuation,
3206 MapEmbedding map_embedding) {
3207 IfBuilder if_nil(this);
3208 bool some_case_handled = false;
3209 bool some_case_missing = false;
3211 if (type->Maybe(Type::Null())) {
3212 if (some_case_handled) if_nil.Or();
3213 if_nil.If<HCompareObjectEqAndBranch>(value, graph()->GetConstantNull());
3214 some_case_handled = true;
3216 some_case_missing = true;
3219 if (type->Maybe(Type::Undefined())) {
3220 if (some_case_handled) if_nil.Or();
3221 if_nil.If<HCompareObjectEqAndBranch>(value,
3222 graph()->GetConstantUndefined());
3223 some_case_handled = true;
3225 some_case_missing = true;
3228 if (type->Maybe(Type::Undetectable())) {
3229 if (some_case_handled) if_nil.Or();
3230 if_nil.If<HIsUndetectableAndBranch>(value);
3231 some_case_handled = true;
3233 some_case_missing = true;
3236 if (some_case_missing) {
3239 if (type->NumClasses() == 1) {
3240 BuildCheckHeapObject(value);
3241 // For ICs, the map checked below is a sentinel map that gets replaced by
3242 // the monomorphic map when the code is used as a template to generate a
3243 // new IC. For optimized functions, there is no sentinel map, the map
3244 // emitted below is the actual monomorphic map.
3245 if (map_embedding == kEmbedMapsViaWeakCells) {
3247 Add<HConstant>(Map::WeakCellForMap(type->Classes().Current()));
3248 HValue* expected_map = Add<HLoadNamedField>(
3249 cell, nullptr, HObjectAccess::ForWeakCellValue());
3251 Add<HLoadNamedField>(value, nullptr, HObjectAccess::ForMap());
3252 IfBuilder map_check(this);
3253 map_check.IfNot<HCompareObjectEqAndBranch>(expected_map, map);
3254 map_check.ThenDeopt(Deoptimizer::kUnknownMap);
3257 DCHECK(map_embedding == kEmbedMapsDirectly);
3258 Add<HCheckMaps>(value, type->Classes().Current());
3261 if_nil.Deopt(Deoptimizer::kTooManyUndetectableTypes);
3265 if_nil.CaptureContinuation(continuation);
3269 void HGraphBuilder::BuildCreateAllocationMemento(
3270 HValue* previous_object,
3271 HValue* previous_object_size,
3272 HValue* allocation_site) {
3273 DCHECK(allocation_site != NULL);
3274 HInnerAllocatedObject* allocation_memento = Add<HInnerAllocatedObject>(
3275 previous_object, previous_object_size, HType::HeapObject());
3276 AddStoreMapConstant(
3277 allocation_memento, isolate()->factory()->allocation_memento_map());
3278 Add<HStoreNamedField>(
3280 HObjectAccess::ForAllocationMementoSite(),
3282 if (FLAG_allocation_site_pretenuring) {
3283 HValue* memento_create_count =
3284 Add<HLoadNamedField>(allocation_site, nullptr,
3285 HObjectAccess::ForAllocationSiteOffset(
3286 AllocationSite::kPretenureCreateCountOffset));
3287 memento_create_count = AddUncasted<HAdd>(
3288 memento_create_count, graph()->GetConstant1());
3289 // This smi value is reset to zero after every gc, overflow isn't a problem
3290 // since the counter is bounded by the new space size.
3291 memento_create_count->ClearFlag(HValue::kCanOverflow);
3292 Add<HStoreNamedField>(
3293 allocation_site, HObjectAccess::ForAllocationSiteOffset(
3294 AllocationSite::kPretenureCreateCountOffset), memento_create_count);
3299 HInstruction* HGraphBuilder::BuildGetNativeContext() {
3300 // Get the global object, then the native context
3301 HValue* global_object = Add<HLoadNamedField>(
3303 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3304 return Add<HLoadNamedField>(global_object, nullptr,
3305 HObjectAccess::ForObservableJSObjectOffset(
3306 GlobalObject::kNativeContextOffset));
3310 HInstruction* HGraphBuilder::BuildGetNativeContext(HValue* closure) {
3311 // Get the global object, then the native context
3312 HInstruction* context = Add<HLoadNamedField>(
3313 closure, nullptr, HObjectAccess::ForFunctionContextPointer());
3314 HInstruction* global_object = Add<HLoadNamedField>(
3316 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3317 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3318 GlobalObject::kNativeContextOffset);
3319 return Add<HLoadNamedField>(global_object, nullptr, access);
3323 HInstruction* HGraphBuilder::BuildGetScriptContext(int context_index) {
3324 HValue* native_context = BuildGetNativeContext();
3325 HValue* script_context_table = Add<HLoadNamedField>(
3326 native_context, nullptr,
3327 HObjectAccess::ForContextSlot(Context::SCRIPT_CONTEXT_TABLE_INDEX));
3328 return Add<HLoadNamedField>(script_context_table, nullptr,
3329 HObjectAccess::ForScriptContext(context_index));
3333 HValue* HGraphBuilder::BuildGetParentContext(HValue* depth, int depth_value) {
3334 HValue* script_context = context();
3335 if (depth != NULL) {
3336 HValue* zero = graph()->GetConstant0();
3338 Push(script_context);
3341 LoopBuilder loop(this);
3342 loop.BeginBody(2); // Drop script_context and depth from last environment
3343 // to appease live range building without simulates.
3345 script_context = Pop();
3347 script_context = Add<HLoadNamedField>(
3348 script_context, nullptr,
3349 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
3350 depth = AddUncasted<HSub>(depth, graph()->GetConstant1());
3351 depth->ClearFlag(HValue::kCanOverflow);
3353 IfBuilder if_break(this);
3354 if_break.If<HCompareNumericAndBranch, HValue*>(depth, zero, Token::EQ);
3357 Push(script_context); // The result.
3362 Push(script_context);
3368 script_context = Pop();
3369 } else if (depth_value > 0) {
3370 // Unroll the above loop.
3371 for (int i = 0; i < depth_value; i++) {
3372 script_context = Add<HLoadNamedField>(
3373 script_context, nullptr,
3374 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
3377 return script_context;
3381 HInstruction* HGraphBuilder::BuildGetArrayFunction() {
3382 HInstruction* native_context = BuildGetNativeContext();
3383 HInstruction* index =
3384 Add<HConstant>(static_cast<int32_t>(Context::ARRAY_FUNCTION_INDEX));
3385 return Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3389 HValue* HGraphBuilder::BuildArrayBufferViewFieldAccessor(HValue* object,
3390 HValue* checked_object,
3392 NoObservableSideEffectsScope scope(this);
3393 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3394 index.offset(), Representation::Tagged());
3395 HInstruction* buffer = Add<HLoadNamedField>(
3396 object, checked_object, HObjectAccess::ForJSArrayBufferViewBuffer());
3397 HInstruction* field = Add<HLoadNamedField>(object, checked_object, access);
3399 HInstruction* flags = Add<HLoadNamedField>(
3400 buffer, nullptr, HObjectAccess::ForJSArrayBufferBitField());
3401 HValue* was_neutered_mask =
3402 Add<HConstant>(1 << JSArrayBuffer::WasNeutered::kShift);
3403 HValue* was_neutered_test =
3404 AddUncasted<HBitwise>(Token::BIT_AND, flags, was_neutered_mask);
3406 IfBuilder if_was_neutered(this);
3407 if_was_neutered.If<HCompareNumericAndBranch>(
3408 was_neutered_test, graph()->GetConstant0(), Token::NE);
3409 if_was_neutered.Then();
3410 Push(graph()->GetConstant0());
3411 if_was_neutered.Else();
3413 if_was_neutered.End();
3419 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3421 HValue* allocation_site_payload,
3422 HValue* constructor_function,
3423 AllocationSiteOverrideMode override_mode) :
3426 allocation_site_payload_(allocation_site_payload),
3427 constructor_function_(constructor_function) {
3428 DCHECK(!allocation_site_payload->IsConstant() ||
3429 HConstant::cast(allocation_site_payload)->handle(
3430 builder_->isolate())->IsAllocationSite());
3431 mode_ = override_mode == DISABLE_ALLOCATION_SITES
3432 ? DONT_TRACK_ALLOCATION_SITE
3433 : AllocationSite::GetMode(kind);
3437 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3439 HValue* constructor_function) :
3442 mode_(DONT_TRACK_ALLOCATION_SITE),
3443 allocation_site_payload_(NULL),
3444 constructor_function_(constructor_function) {
3448 HValue* HGraphBuilder::JSArrayBuilder::EmitMapCode() {
3449 if (!builder()->top_info()->IsStub()) {
3450 // A constant map is fine.
3451 Handle<Map> map(builder()->isolate()->get_initial_js_array_map(kind_),
3452 builder()->isolate());
3453 return builder()->Add<HConstant>(map);
3456 if (constructor_function_ != NULL && kind_ == GetInitialFastElementsKind()) {
3457 // No need for a context lookup if the kind_ matches the initial
3458 // map, because we can just load the map in that case.
3459 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3460 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3464 // TODO(mvstanton): we should always have a constructor function if we
3465 // are creating a stub.
3466 HInstruction* native_context = constructor_function_ != NULL
3467 ? builder()->BuildGetNativeContext(constructor_function_)
3468 : builder()->BuildGetNativeContext();
3470 HInstruction* index = builder()->Add<HConstant>(
3471 static_cast<int32_t>(Context::JS_ARRAY_MAPS_INDEX));
3473 HInstruction* map_array =
3474 builder()->Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3476 HInstruction* kind_index = builder()->Add<HConstant>(kind_);
3478 return builder()->Add<HLoadKeyed>(map_array, kind_index, nullptr,
3483 HValue* HGraphBuilder::JSArrayBuilder::EmitInternalMapCode() {
3484 // Find the map near the constructor function
3485 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3486 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3491 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateEmptyArray() {
3492 HConstant* capacity = builder()->Add<HConstant>(initial_capacity());
3493 return AllocateArray(capacity,
3495 builder()->graph()->GetConstant0());
3499 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3501 HConstant* capacity_upper_bound,
3502 HValue* length_field,
3503 FillMode fill_mode) {
3504 return AllocateArray(capacity,
3505 capacity_upper_bound->GetInteger32Constant(),
3511 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3513 int capacity_upper_bound,
3514 HValue* length_field,
3515 FillMode fill_mode) {
3516 HConstant* elememts_size_upper_bound = capacity->IsInteger32Constant()
3517 ? HConstant::cast(capacity)
3518 : builder()->EstablishElementsAllocationSize(kind_, capacity_upper_bound);
3520 HAllocate* array = AllocateArray(capacity, length_field, fill_mode);
3521 if (!elements_location_->has_size_upper_bound()) {
3522 elements_location_->set_size_upper_bound(elememts_size_upper_bound);
3528 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3530 HValue* length_field,
3531 FillMode fill_mode) {
3532 // These HForceRepresentations are because we store these as fields in the
3533 // objects we construct, and an int32-to-smi HChange could deopt. Accept
3534 // the deopt possibility now, before allocation occurs.
3536 builder()->AddUncasted<HForceRepresentation>(capacity,
3537 Representation::Smi());
3539 builder()->AddUncasted<HForceRepresentation>(length_field,
3540 Representation::Smi());
3542 // Generate size calculation code here in order to make it dominate
3543 // the JSArray allocation.
3544 HValue* elements_size =
3545 builder()->BuildCalculateElementsSize(kind_, capacity);
3547 // Allocate (dealing with failure appropriately)
3548 HAllocate* array_object = builder()->AllocateJSArrayObject(mode_);
3550 // Fill in the fields: map, properties, length
3552 if (allocation_site_payload_ == NULL) {
3553 map = EmitInternalMapCode();
3555 map = EmitMapCode();
3558 builder()->BuildJSArrayHeader(array_object,
3560 NULL, // set elements to empty fixed array
3563 allocation_site_payload_,
3566 // Allocate and initialize the elements
3567 elements_location_ = builder()->BuildAllocateElements(kind_, elements_size);
3569 builder()->BuildInitializeElementsHeader(elements_location_, kind_, capacity);
3572 builder()->Add<HStoreNamedField>(
3573 array_object, HObjectAccess::ForElementsPointer(), elements_location_);
3575 if (fill_mode == FILL_WITH_HOLE) {
3576 builder()->BuildFillElementsWithHole(elements_location_, kind_,
3577 graph()->GetConstant0(), capacity);
3580 return array_object;
3584 HValue* HGraphBuilder::AddLoadJSBuiltin(Builtins::JavaScript builtin) {
3585 HValue* global_object = Add<HLoadNamedField>(
3587 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3588 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3589 GlobalObject::kBuiltinsOffset);
3590 HValue* builtins = Add<HLoadNamedField>(global_object, nullptr, access);
3591 HObjectAccess function_access = HObjectAccess::ForObservableJSObjectOffset(
3592 JSBuiltinsObject::OffsetOfFunctionWithId(builtin));
3593 return Add<HLoadNamedField>(builtins, nullptr, function_access);
3597 HOptimizedGraphBuilder::HOptimizedGraphBuilder(CompilationInfo* info)
3598 : HGraphBuilder(info),
3599 function_state_(NULL),
3600 initial_function_state_(this, info, NORMAL_RETURN, 0),
3604 globals_(10, info->zone()),
3605 osr_(new(info->zone()) HOsrBuilder(this)) {
3606 // This is not initialized in the initializer list because the
3607 // constructor for the initial state relies on function_state_ == NULL
3608 // to know it's the initial state.
3609 function_state_ = &initial_function_state_;
3610 InitializeAstVisitor(info->isolate(), info->zone());
3611 if (top_info()->is_tracking_positions()) {
3612 SetSourcePosition(info->shared_info()->start_position());
3617 HBasicBlock* HOptimizedGraphBuilder::CreateJoin(HBasicBlock* first,
3618 HBasicBlock* second,
3619 BailoutId join_id) {
3620 if (first == NULL) {
3622 } else if (second == NULL) {
3625 HBasicBlock* join_block = graph()->CreateBasicBlock();
3626 Goto(first, join_block);
3627 Goto(second, join_block);
3628 join_block->SetJoinId(join_id);
3634 HBasicBlock* HOptimizedGraphBuilder::JoinContinue(IterationStatement* statement,
3635 HBasicBlock* exit_block,
3636 HBasicBlock* continue_block) {
3637 if (continue_block != NULL) {
3638 if (exit_block != NULL) Goto(exit_block, continue_block);
3639 continue_block->SetJoinId(statement->ContinueId());
3640 return continue_block;
3646 HBasicBlock* HOptimizedGraphBuilder::CreateLoop(IterationStatement* statement,
3647 HBasicBlock* loop_entry,
3648 HBasicBlock* body_exit,
3649 HBasicBlock* loop_successor,
3650 HBasicBlock* break_block) {
3651 if (body_exit != NULL) Goto(body_exit, loop_entry);
3652 loop_entry->PostProcessLoopHeader(statement);
3653 if (break_block != NULL) {
3654 if (loop_successor != NULL) Goto(loop_successor, break_block);
3655 break_block->SetJoinId(statement->ExitId());
3658 return loop_successor;
3662 // Build a new loop header block and set it as the current block.
3663 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry() {
3664 HBasicBlock* loop_entry = CreateLoopHeaderBlock();
3666 set_current_block(loop_entry);
3671 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry(
3672 IterationStatement* statement) {
3673 HBasicBlock* loop_entry = osr()->HasOsrEntryAt(statement)
3674 ? osr()->BuildOsrLoopEntry(statement)
3680 void HBasicBlock::FinishExit(HControlInstruction* instruction,
3681 SourcePosition position) {
3682 Finish(instruction, position);
3687 std::ostream& operator<<(std::ostream& os, const HBasicBlock& b) {
3688 return os << "B" << b.block_id();
3692 HGraph::HGraph(CompilationInfo* info)
3693 : isolate_(info->isolate()),
3696 blocks_(8, info->zone()),
3697 values_(16, info->zone()),
3699 uint32_instructions_(NULL),
3702 zone_(info->zone()),
3703 is_recursive_(false),
3704 use_optimistic_licm_(false),
3705 depends_on_empty_array_proto_elements_(false),
3706 type_change_checksum_(0),
3707 maximum_environment_size_(0),
3708 no_side_effects_scope_count_(0),
3709 disallow_adding_new_values_(false) {
3710 if (info->IsStub()) {
3711 CallInterfaceDescriptor descriptor =
3712 info->code_stub()->GetCallInterfaceDescriptor();
3713 start_environment_ =
3714 new (zone_) HEnvironment(zone_, descriptor.GetRegisterParameterCount());
3716 if (info->is_tracking_positions()) {
3717 info->TraceInlinedFunction(info->shared_info(), SourcePosition::Unknown(),
3718 InlinedFunctionInfo::kNoParentId);
3720 start_environment_ =
3721 new(zone_) HEnvironment(NULL, info->scope(), info->closure(), zone_);
3723 start_environment_->set_ast_id(BailoutId::FunctionEntry());
3724 entry_block_ = CreateBasicBlock();
3725 entry_block_->SetInitialEnvironment(start_environment_);
3729 HBasicBlock* HGraph::CreateBasicBlock() {
3730 HBasicBlock* result = new(zone()) HBasicBlock(this);
3731 blocks_.Add(result, zone());
3736 void HGraph::FinalizeUniqueness() {
3737 DisallowHeapAllocation no_gc;
3738 for (int i = 0; i < blocks()->length(); ++i) {
3739 for (HInstructionIterator it(blocks()->at(i)); !it.Done(); it.Advance()) {
3740 it.Current()->FinalizeUniqueness();
3746 int HGraph::SourcePositionToScriptPosition(SourcePosition pos) {
3747 return (FLAG_hydrogen_track_positions && !pos.IsUnknown())
3748 ? info()->start_position_for(pos.inlining_id()) + pos.position()
3753 // Block ordering was implemented with two mutually recursive methods,
3754 // HGraph::Postorder and HGraph::PostorderLoopBlocks.
3755 // The recursion could lead to stack overflow so the algorithm has been
3756 // implemented iteratively.
3757 // At a high level the algorithm looks like this:
3759 // Postorder(block, loop_header) : {
3760 // if (block has already been visited or is of another loop) return;
3761 // mark block as visited;
3762 // if (block is a loop header) {
3763 // VisitLoopMembers(block, loop_header);
3764 // VisitSuccessorsOfLoopHeader(block);
3766 // VisitSuccessors(block)
3768 // put block in result list;
3771 // VisitLoopMembers(block, outer_loop_header) {
3772 // foreach (block b in block loop members) {
3773 // VisitSuccessorsOfLoopMember(b, outer_loop_header);
3774 // if (b is loop header) VisitLoopMembers(b);
3778 // VisitSuccessorsOfLoopMember(block, outer_loop_header) {
3779 // foreach (block b in block successors) Postorder(b, outer_loop_header)
3782 // VisitSuccessorsOfLoopHeader(block) {
3783 // foreach (block b in block successors) Postorder(b, block)
3786 // VisitSuccessors(block, loop_header) {
3787 // foreach (block b in block successors) Postorder(b, loop_header)
3790 // The ordering is started calling Postorder(entry, NULL).
3792 // Each instance of PostorderProcessor represents the "stack frame" of the
3793 // recursion, and particularly keeps the state of the loop (iteration) of the
3794 // "Visit..." function it represents.
3795 // To recycle memory we keep all the frames in a double linked list but
3796 // this means that we cannot use constructors to initialize the frames.
3798 class PostorderProcessor : public ZoneObject {
3800 // Back link (towards the stack bottom).
3801 PostorderProcessor* parent() {return father_; }
3802 // Forward link (towards the stack top).
3803 PostorderProcessor* child() {return child_; }
3804 HBasicBlock* block() { return block_; }
3805 HLoopInformation* loop() { return loop_; }
3806 HBasicBlock* loop_header() { return loop_header_; }
3808 static PostorderProcessor* CreateEntryProcessor(Zone* zone,
3809 HBasicBlock* block) {
3810 PostorderProcessor* result = new(zone) PostorderProcessor(NULL);
3811 return result->SetupSuccessors(zone, block, NULL);
3814 PostorderProcessor* PerformStep(Zone* zone,
3815 ZoneList<HBasicBlock*>* order) {
3816 PostorderProcessor* next =
3817 PerformNonBacktrackingStep(zone, order);
3821 return Backtrack(zone, order);
3826 explicit PostorderProcessor(PostorderProcessor* father)
3827 : father_(father), child_(NULL), successor_iterator(NULL) { }
3829 // Each enum value states the cycle whose state is kept by this instance.
3833 SUCCESSORS_OF_LOOP_HEADER,
3835 SUCCESSORS_OF_LOOP_MEMBER
3838 // Each "Setup..." method is like a constructor for a cycle state.
3839 PostorderProcessor* SetupSuccessors(Zone* zone,
3841 HBasicBlock* loop_header) {
3842 if (block == NULL || block->IsOrdered() ||
3843 block->parent_loop_header() != loop_header) {
3847 loop_header_ = NULL;
3852 block->MarkAsOrdered();
3854 if (block->IsLoopHeader()) {
3855 kind_ = SUCCESSORS_OF_LOOP_HEADER;
3856 loop_header_ = block;
3857 InitializeSuccessors();
3858 PostorderProcessor* result = Push(zone);
3859 return result->SetupLoopMembers(zone, block, block->loop_information(),
3862 DCHECK(block->IsFinished());
3864 loop_header_ = loop_header;
3865 InitializeSuccessors();
3871 PostorderProcessor* SetupLoopMembers(Zone* zone,
3873 HLoopInformation* loop,
3874 HBasicBlock* loop_header) {
3875 kind_ = LOOP_MEMBERS;
3878 loop_header_ = loop_header;
3879 InitializeLoopMembers();
3883 PostorderProcessor* SetupSuccessorsOfLoopMember(
3885 HLoopInformation* loop,
3886 HBasicBlock* loop_header) {
3887 kind_ = SUCCESSORS_OF_LOOP_MEMBER;
3890 loop_header_ = loop_header;
3891 InitializeSuccessors();
3895 // This method "allocates" a new stack frame.
3896 PostorderProcessor* Push(Zone* zone) {
3897 if (child_ == NULL) {
3898 child_ = new(zone) PostorderProcessor(this);
3903 void ClosePostorder(ZoneList<HBasicBlock*>* order, Zone* zone) {
3904 DCHECK(block_->end()->FirstSuccessor() == NULL ||
3905 order->Contains(block_->end()->FirstSuccessor()) ||
3906 block_->end()->FirstSuccessor()->IsLoopHeader());
3907 DCHECK(block_->end()->SecondSuccessor() == NULL ||
3908 order->Contains(block_->end()->SecondSuccessor()) ||
3909 block_->end()->SecondSuccessor()->IsLoopHeader());
3910 order->Add(block_, zone);
3913 // This method is the basic block to walk up the stack.
3914 PostorderProcessor* Pop(Zone* zone,
3915 ZoneList<HBasicBlock*>* order) {
3918 case SUCCESSORS_OF_LOOP_HEADER:
3919 ClosePostorder(order, zone);
3923 case SUCCESSORS_OF_LOOP_MEMBER:
3924 if (block()->IsLoopHeader() && block() != loop_->loop_header()) {
3925 // In this case we need to perform a LOOP_MEMBERS cycle so we
3926 // initialize it and return this instead of father.
3927 return SetupLoopMembers(zone, block(),
3928 block()->loop_information(), loop_header_);
3939 // Walks up the stack.
3940 PostorderProcessor* Backtrack(Zone* zone,
3941 ZoneList<HBasicBlock*>* order) {
3942 PostorderProcessor* parent = Pop(zone, order);
3943 while (parent != NULL) {
3944 PostorderProcessor* next =
3945 parent->PerformNonBacktrackingStep(zone, order);
3949 parent = parent->Pop(zone, order);
3955 PostorderProcessor* PerformNonBacktrackingStep(
3957 ZoneList<HBasicBlock*>* order) {
3958 HBasicBlock* next_block;
3961 next_block = AdvanceSuccessors();
3962 if (next_block != NULL) {
3963 PostorderProcessor* result = Push(zone);
3964 return result->SetupSuccessors(zone, next_block, loop_header_);
3967 case SUCCESSORS_OF_LOOP_HEADER:
3968 next_block = AdvanceSuccessors();
3969 if (next_block != NULL) {
3970 PostorderProcessor* result = Push(zone);
3971 return result->SetupSuccessors(zone, next_block, block());
3975 next_block = AdvanceLoopMembers();
3976 if (next_block != NULL) {
3977 PostorderProcessor* result = Push(zone);
3978 return result->SetupSuccessorsOfLoopMember(next_block,
3979 loop_, loop_header_);
3982 case SUCCESSORS_OF_LOOP_MEMBER:
3983 next_block = AdvanceSuccessors();
3984 if (next_block != NULL) {
3985 PostorderProcessor* result = Push(zone);
3986 return result->SetupSuccessors(zone, next_block, loop_header_);
3995 // The following two methods implement a "foreach b in successors" cycle.
3996 void InitializeSuccessors() {
3999 successor_iterator = HSuccessorIterator(block_->end());
4002 HBasicBlock* AdvanceSuccessors() {
4003 if (!successor_iterator.Done()) {
4004 HBasicBlock* result = successor_iterator.Current();
4005 successor_iterator.Advance();
4011 // The following two methods implement a "foreach b in loop members" cycle.
4012 void InitializeLoopMembers() {
4014 loop_length = loop_->blocks()->length();
4017 HBasicBlock* AdvanceLoopMembers() {
4018 if (loop_index < loop_length) {
4019 HBasicBlock* result = loop_->blocks()->at(loop_index);
4028 PostorderProcessor* father_;
4029 PostorderProcessor* child_;
4030 HLoopInformation* loop_;
4031 HBasicBlock* block_;
4032 HBasicBlock* loop_header_;
4035 HSuccessorIterator successor_iterator;
4039 void HGraph::OrderBlocks() {
4040 CompilationPhase phase("H_Block ordering", info());
4043 // Initially the blocks must not be ordered.
4044 for (int i = 0; i < blocks_.length(); ++i) {
4045 DCHECK(!blocks_[i]->IsOrdered());
4049 PostorderProcessor* postorder =
4050 PostorderProcessor::CreateEntryProcessor(zone(), blocks_[0]);
4053 postorder = postorder->PerformStep(zone(), &blocks_);
4057 // Now all blocks must be marked as ordered.
4058 for (int i = 0; i < blocks_.length(); ++i) {
4059 DCHECK(blocks_[i]->IsOrdered());
4063 // Reverse block list and assign block IDs.
4064 for (int i = 0, j = blocks_.length(); --j >= i; ++i) {
4065 HBasicBlock* bi = blocks_[i];
4066 HBasicBlock* bj = blocks_[j];
4067 bi->set_block_id(j);
4068 bj->set_block_id(i);
4075 void HGraph::AssignDominators() {
4076 HPhase phase("H_Assign dominators", this);
4077 for (int i = 0; i < blocks_.length(); ++i) {
4078 HBasicBlock* block = blocks_[i];
4079 if (block->IsLoopHeader()) {
4080 // Only the first predecessor of a loop header is from outside the loop.
4081 // All others are back edges, and thus cannot dominate the loop header.
4082 block->AssignCommonDominator(block->predecessors()->first());
4083 block->AssignLoopSuccessorDominators();
4085 for (int j = blocks_[i]->predecessors()->length() - 1; j >= 0; --j) {
4086 blocks_[i]->AssignCommonDominator(blocks_[i]->predecessors()->at(j));
4093 bool HGraph::CheckArgumentsPhiUses() {
4094 int block_count = blocks_.length();
4095 for (int i = 0; i < block_count; ++i) {
4096 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
4097 HPhi* phi = blocks_[i]->phis()->at(j);
4098 // We don't support phi uses of arguments for now.
4099 if (phi->CheckFlag(HValue::kIsArguments)) return false;
4106 bool HGraph::CheckConstPhiUses() {
4107 int block_count = blocks_.length();
4108 for (int i = 0; i < block_count; ++i) {
4109 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
4110 HPhi* phi = blocks_[i]->phis()->at(j);
4111 // Check for the hole value (from an uninitialized const).
4112 for (int k = 0; k < phi->OperandCount(); k++) {
4113 if (phi->OperandAt(k) == GetConstantHole()) return false;
4121 void HGraph::CollectPhis() {
4122 int block_count = blocks_.length();
4123 phi_list_ = new(zone()) ZoneList<HPhi*>(block_count, zone());
4124 for (int i = 0; i < block_count; ++i) {
4125 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
4126 HPhi* phi = blocks_[i]->phis()->at(j);
4127 phi_list_->Add(phi, zone());
4133 // Implementation of utility class to encapsulate the translation state for
4134 // a (possibly inlined) function.
4135 FunctionState::FunctionState(HOptimizedGraphBuilder* owner,
4136 CompilationInfo* info, InliningKind inlining_kind,
4139 compilation_info_(info),
4140 call_context_(NULL),
4141 inlining_kind_(inlining_kind),
4142 function_return_(NULL),
4143 test_context_(NULL),
4145 arguments_object_(NULL),
4146 arguments_elements_(NULL),
4147 inlining_id_(inlining_id),
4148 outer_source_position_(SourcePosition::Unknown()),
4149 outer_(owner->function_state()) {
4150 if (outer_ != NULL) {
4151 // State for an inline function.
4152 if (owner->ast_context()->IsTest()) {
4153 HBasicBlock* if_true = owner->graph()->CreateBasicBlock();
4154 HBasicBlock* if_false = owner->graph()->CreateBasicBlock();
4155 if_true->MarkAsInlineReturnTarget(owner->current_block());
4156 if_false->MarkAsInlineReturnTarget(owner->current_block());
4157 TestContext* outer_test_context = TestContext::cast(owner->ast_context());
4158 Expression* cond = outer_test_context->condition();
4159 // The AstContext constructor pushed on the context stack. This newed
4160 // instance is the reason that AstContext can't be BASE_EMBEDDED.
4161 test_context_ = new TestContext(owner, cond, if_true, if_false);
4163 function_return_ = owner->graph()->CreateBasicBlock();
4164 function_return()->MarkAsInlineReturnTarget(owner->current_block());
4166 // Set this after possibly allocating a new TestContext above.
4167 call_context_ = owner->ast_context();
4170 // Push on the state stack.
4171 owner->set_function_state(this);
4173 if (compilation_info_->is_tracking_positions()) {
4174 outer_source_position_ = owner->source_position();
4175 owner->EnterInlinedSource(
4176 info->shared_info()->start_position(),
4178 owner->SetSourcePosition(info->shared_info()->start_position());
4183 FunctionState::~FunctionState() {
4184 delete test_context_;
4185 owner_->set_function_state(outer_);
4187 if (compilation_info_->is_tracking_positions()) {
4188 owner_->set_source_position(outer_source_position_);
4189 owner_->EnterInlinedSource(
4190 outer_->compilation_info()->shared_info()->start_position(),
4191 outer_->inlining_id());
4196 // Implementation of utility classes to represent an expression's context in
4198 AstContext::AstContext(HOptimizedGraphBuilder* owner, Expression::Context kind)
4201 outer_(owner->ast_context()),
4202 typeof_mode_(NOT_INSIDE_TYPEOF) {
4203 owner->set_ast_context(this); // Push.
4205 DCHECK(owner->environment()->frame_type() == JS_FUNCTION);
4206 original_length_ = owner->environment()->length();
4211 AstContext::~AstContext() {
4212 owner_->set_ast_context(outer_); // Pop.
4216 EffectContext::~EffectContext() {
4217 DCHECK(owner()->HasStackOverflow() ||
4218 owner()->current_block() == NULL ||
4219 (owner()->environment()->length() == original_length_ &&
4220 owner()->environment()->frame_type() == JS_FUNCTION));
4224 ValueContext::~ValueContext() {
4225 DCHECK(owner()->HasStackOverflow() ||
4226 owner()->current_block() == NULL ||
4227 (owner()->environment()->length() == original_length_ + 1 &&
4228 owner()->environment()->frame_type() == JS_FUNCTION));
4232 void EffectContext::ReturnValue(HValue* value) {
4233 // The value is simply ignored.
4237 void ValueContext::ReturnValue(HValue* value) {
4238 // The value is tracked in the bailout environment, and communicated
4239 // through the environment as the result of the expression.
4240 if (value->CheckFlag(HValue::kIsArguments)) {
4241 if (flag_ == ARGUMENTS_FAKED) {
4242 value = owner()->graph()->GetConstantUndefined();
4243 } else if (!arguments_allowed()) {
4244 owner()->Bailout(kBadValueContextForArgumentsValue);
4247 owner()->Push(value);
4251 void TestContext::ReturnValue(HValue* value) {
4256 void EffectContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4257 DCHECK(!instr->IsControlInstruction());
4258 owner()->AddInstruction(instr);
4259 if (instr->HasObservableSideEffects()) {
4260 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4265 void EffectContext::ReturnControl(HControlInstruction* instr,
4267 DCHECK(!instr->HasObservableSideEffects());
4268 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4269 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4270 instr->SetSuccessorAt(0, empty_true);
4271 instr->SetSuccessorAt(1, empty_false);
4272 owner()->FinishCurrentBlock(instr);
4273 HBasicBlock* join = owner()->CreateJoin(empty_true, empty_false, ast_id);
4274 owner()->set_current_block(join);
4278 void EffectContext::ReturnContinuation(HIfContinuation* continuation,
4280 HBasicBlock* true_branch = NULL;
4281 HBasicBlock* false_branch = NULL;
4282 continuation->Continue(&true_branch, &false_branch);
4283 if (!continuation->IsTrueReachable()) {
4284 owner()->set_current_block(false_branch);
4285 } else if (!continuation->IsFalseReachable()) {
4286 owner()->set_current_block(true_branch);
4288 HBasicBlock* join = owner()->CreateJoin(true_branch, false_branch, ast_id);
4289 owner()->set_current_block(join);
4294 void ValueContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4295 DCHECK(!instr->IsControlInstruction());
4296 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4297 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4299 owner()->AddInstruction(instr);
4300 owner()->Push(instr);
4301 if (instr->HasObservableSideEffects()) {
4302 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4307 void ValueContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4308 DCHECK(!instr->HasObservableSideEffects());
4309 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4310 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4312 HBasicBlock* materialize_false = owner()->graph()->CreateBasicBlock();
4313 HBasicBlock* materialize_true = owner()->graph()->CreateBasicBlock();
4314 instr->SetSuccessorAt(0, materialize_true);
4315 instr->SetSuccessorAt(1, materialize_false);
4316 owner()->FinishCurrentBlock(instr);
4317 owner()->set_current_block(materialize_true);
4318 owner()->Push(owner()->graph()->GetConstantTrue());
4319 owner()->set_current_block(materialize_false);
4320 owner()->Push(owner()->graph()->GetConstantFalse());
4322 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4323 owner()->set_current_block(join);
4327 void ValueContext::ReturnContinuation(HIfContinuation* continuation,
4329 HBasicBlock* materialize_true = NULL;
4330 HBasicBlock* materialize_false = NULL;
4331 continuation->Continue(&materialize_true, &materialize_false);
4332 if (continuation->IsTrueReachable()) {
4333 owner()->set_current_block(materialize_true);
4334 owner()->Push(owner()->graph()->GetConstantTrue());
4335 owner()->set_current_block(materialize_true);
4337 if (continuation->IsFalseReachable()) {
4338 owner()->set_current_block(materialize_false);
4339 owner()->Push(owner()->graph()->GetConstantFalse());
4340 owner()->set_current_block(materialize_false);
4342 if (continuation->TrueAndFalseReachable()) {
4344 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4345 owner()->set_current_block(join);
4350 void TestContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4351 DCHECK(!instr->IsControlInstruction());
4352 HOptimizedGraphBuilder* builder = owner();
4353 builder->AddInstruction(instr);
4354 // We expect a simulate after every expression with side effects, though
4355 // this one isn't actually needed (and wouldn't work if it were targeted).
4356 if (instr->HasObservableSideEffects()) {
4357 builder->Push(instr);
4358 builder->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4365 void TestContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4366 DCHECK(!instr->HasObservableSideEffects());
4367 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4368 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4369 instr->SetSuccessorAt(0, empty_true);
4370 instr->SetSuccessorAt(1, empty_false);
4371 owner()->FinishCurrentBlock(instr);
4372 owner()->Goto(empty_true, if_true(), owner()->function_state());
4373 owner()->Goto(empty_false, if_false(), owner()->function_state());
4374 owner()->set_current_block(NULL);
4378 void TestContext::ReturnContinuation(HIfContinuation* continuation,
4380 HBasicBlock* true_branch = NULL;
4381 HBasicBlock* false_branch = NULL;
4382 continuation->Continue(&true_branch, &false_branch);
4383 if (continuation->IsTrueReachable()) {
4384 owner()->Goto(true_branch, if_true(), owner()->function_state());
4386 if (continuation->IsFalseReachable()) {
4387 owner()->Goto(false_branch, if_false(), owner()->function_state());
4389 owner()->set_current_block(NULL);
4393 void TestContext::BuildBranch(HValue* value) {
4394 // We expect the graph to be in edge-split form: there is no edge that
4395 // connects a branch node to a join node. We conservatively ensure that
4396 // property by always adding an empty block on the outgoing edges of this
4398 HOptimizedGraphBuilder* builder = owner();
4399 if (value != NULL && value->CheckFlag(HValue::kIsArguments)) {
4400 builder->Bailout(kArgumentsObjectValueInATestContext);
4402 ToBooleanStub::Types expected(condition()->to_boolean_types());
4403 ReturnControl(owner()->New<HBranch>(value, expected), BailoutId::None());
4407 // HOptimizedGraphBuilder infrastructure for bailing out and checking bailouts.
4408 #define CHECK_BAILOUT(call) \
4411 if (HasStackOverflow()) return; \
4415 #define CHECK_ALIVE(call) \
4418 if (HasStackOverflow() || current_block() == NULL) return; \
4422 #define CHECK_ALIVE_OR_RETURN(call, value) \
4425 if (HasStackOverflow() || current_block() == NULL) return value; \
4429 void HOptimizedGraphBuilder::Bailout(BailoutReason reason) {
4430 current_info()->AbortOptimization(reason);
4435 void HOptimizedGraphBuilder::VisitForEffect(Expression* expr) {
4436 EffectContext for_effect(this);
4441 void HOptimizedGraphBuilder::VisitForValue(Expression* expr,
4442 ArgumentsAllowedFlag flag) {
4443 ValueContext for_value(this, flag);
4448 void HOptimizedGraphBuilder::VisitForTypeOf(Expression* expr) {
4449 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
4450 for_value.set_typeof_mode(INSIDE_TYPEOF);
4455 void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
4456 HBasicBlock* true_block,
4457 HBasicBlock* false_block) {
4458 TestContext for_test(this, expr, true_block, false_block);
4463 void HOptimizedGraphBuilder::VisitExpressions(
4464 ZoneList<Expression*>* exprs) {
4465 for (int i = 0; i < exprs->length(); ++i) {
4466 CHECK_ALIVE(VisitForValue(exprs->at(i)));
4471 void HOptimizedGraphBuilder::VisitExpressions(ZoneList<Expression*>* exprs,
4472 ArgumentsAllowedFlag flag) {
4473 for (int i = 0; i < exprs->length(); ++i) {
4474 CHECK_ALIVE(VisitForValue(exprs->at(i), flag));
4479 bool HOptimizedGraphBuilder::BuildGraph() {
4480 if (IsSubclassConstructor(current_info()->function()->kind())) {
4481 Bailout(kSuperReference);
4485 int slots = current_info()->num_heap_slots() - Context::MIN_CONTEXT_SLOTS;
4486 if (current_info()->scope()->is_script_scope() && slots > 0) {
4487 Bailout(kScriptContext);
4491 Scope* scope = current_info()->scope();
4494 // Add an edge to the body entry. This is warty: the graph's start
4495 // environment will be used by the Lithium translation as the initial
4496 // environment on graph entry, but it has now been mutated by the
4497 // Hydrogen translation of the instructions in the start block. This
4498 // environment uses values which have not been defined yet. These
4499 // Hydrogen instructions will then be replayed by the Lithium
4500 // translation, so they cannot have an environment effect. The edge to
4501 // the body's entry block (along with some special logic for the start
4502 // block in HInstruction::InsertAfter) seals the start block from
4503 // getting unwanted instructions inserted.
4505 // TODO(kmillikin): Fix this. Stop mutating the initial environment.
4506 // Make the Hydrogen instructions in the initial block into Hydrogen
4507 // values (but not instructions), present in the initial environment and
4508 // not replayed by the Lithium translation.
4509 HEnvironment* initial_env = environment()->CopyWithoutHistory();
4510 HBasicBlock* body_entry = CreateBasicBlock(initial_env);
4512 body_entry->SetJoinId(BailoutId::FunctionEntry());
4513 set_current_block(body_entry);
4515 VisitDeclarations(scope->declarations());
4516 Add<HSimulate>(BailoutId::Declarations());
4518 Add<HStackCheck>(HStackCheck::kFunctionEntry);
4520 VisitStatements(current_info()->function()->body());
4521 if (HasStackOverflow()) return false;
4523 if (current_block() != NULL) {
4524 Add<HReturn>(graph()->GetConstantUndefined());
4525 set_current_block(NULL);
4528 // If the checksum of the number of type info changes is the same as the
4529 // last time this function was compiled, then this recompile is likely not
4530 // due to missing/inadequate type feedback, but rather too aggressive
4531 // optimization. Disable optimistic LICM in that case.
4532 Handle<Code> unoptimized_code(current_info()->shared_info()->code());
4533 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
4534 Handle<TypeFeedbackInfo> type_info(
4535 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
4536 int checksum = type_info->own_type_change_checksum();
4537 int composite_checksum = graph()->update_type_change_checksum(checksum);
4538 graph()->set_use_optimistic_licm(
4539 !type_info->matches_inlined_type_change_checksum(composite_checksum));
4540 type_info->set_inlined_type_change_checksum(composite_checksum);
4542 // Perform any necessary OSR-specific cleanups or changes to the graph.
4543 osr()->FinishGraph();
4549 bool HGraph::Optimize(BailoutReason* bailout_reason) {
4553 // We need to create a HConstant "zero" now so that GVN will fold every
4554 // zero-valued constant in the graph together.
4555 // The constant is needed to make idef-based bounds check work: the pass
4556 // evaluates relations with "zero" and that zero cannot be created after GVN.
4560 // Do a full verify after building the graph and computing dominators.
4564 if (FLAG_analyze_environment_liveness && maximum_environment_size() != 0) {
4565 Run<HEnvironmentLivenessAnalysisPhase>();
4568 if (!CheckConstPhiUses()) {
4569 *bailout_reason = kUnsupportedPhiUseOfConstVariable;
4572 Run<HRedundantPhiEliminationPhase>();
4573 if (!CheckArgumentsPhiUses()) {
4574 *bailout_reason = kUnsupportedPhiUseOfArguments;
4578 // Find and mark unreachable code to simplify optimizations, especially gvn,
4579 // where unreachable code could unnecessarily defeat LICM.
4580 Run<HMarkUnreachableBlocksPhase>();
4582 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4583 if (FLAG_use_escape_analysis) Run<HEscapeAnalysisPhase>();
4585 if (FLAG_load_elimination) Run<HLoadEliminationPhase>();
4589 if (has_osr()) osr()->FinishOsrValues();
4591 Run<HInferRepresentationPhase>();
4593 // Remove HSimulate instructions that have turned out not to be needed
4594 // after all by folding them into the following HSimulate.
4595 // This must happen after inferring representations.
4596 Run<HMergeRemovableSimulatesPhase>();
4598 Run<HMarkDeoptimizeOnUndefinedPhase>();
4599 Run<HRepresentationChangesPhase>();
4601 Run<HInferTypesPhase>();
4603 // Must be performed before canonicalization to ensure that Canonicalize
4604 // will not remove semantically meaningful ToInt32 operations e.g. BIT_OR with
4606 Run<HUint32AnalysisPhase>();
4608 if (FLAG_use_canonicalizing) Run<HCanonicalizePhase>();
4610 if (FLAG_use_gvn) Run<HGlobalValueNumberingPhase>();
4612 if (FLAG_check_elimination) Run<HCheckEliminationPhase>();
4614 if (FLAG_store_elimination) Run<HStoreEliminationPhase>();
4616 Run<HRangeAnalysisPhase>();
4618 Run<HComputeChangeUndefinedToNaN>();
4620 // Eliminate redundant stack checks on backwards branches.
4621 Run<HStackCheckEliminationPhase>();
4623 if (FLAG_array_bounds_checks_elimination) Run<HBoundsCheckEliminationPhase>();
4624 if (FLAG_array_bounds_checks_hoisting) Run<HBoundsCheckHoistingPhase>();
4625 if (FLAG_array_index_dehoisting) Run<HDehoistIndexComputationsPhase>();
4626 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4628 RestoreActualValues();
4630 // Find unreachable code a second time, GVN and other optimizations may have
4631 // made blocks unreachable that were previously reachable.
4632 Run<HMarkUnreachableBlocksPhase>();
4638 void HGraph::RestoreActualValues() {
4639 HPhase phase("H_Restore actual values", this);
4641 for (int block_index = 0; block_index < blocks()->length(); block_index++) {
4642 HBasicBlock* block = blocks()->at(block_index);
4645 for (int i = 0; i < block->phis()->length(); i++) {
4646 HPhi* phi = block->phis()->at(i);
4647 DCHECK(phi->ActualValue() == phi);
4651 for (HInstructionIterator it(block); !it.Done(); it.Advance()) {
4652 HInstruction* instruction = it.Current();
4653 if (instruction->ActualValue() == instruction) continue;
4654 if (instruction->CheckFlag(HValue::kIsDead)) {
4655 // The instruction was marked as deleted but left in the graph
4656 // as a control flow dependency point for subsequent
4658 instruction->DeleteAndReplaceWith(instruction->ActualValue());
4660 DCHECK(instruction->IsInformativeDefinition());
4661 if (instruction->IsPurelyInformativeDefinition()) {
4662 instruction->DeleteAndReplaceWith(instruction->RedefinedOperand());
4664 instruction->ReplaceAllUsesWith(instruction->ActualValue());
4672 void HOptimizedGraphBuilder::PushArgumentsFromEnvironment(int count) {
4673 ZoneList<HValue*> arguments(count, zone());
4674 for (int i = 0; i < count; ++i) {
4675 arguments.Add(Pop(), zone());
4678 HPushArguments* push_args = New<HPushArguments>();
4679 while (!arguments.is_empty()) {
4680 push_args->AddInput(arguments.RemoveLast());
4682 AddInstruction(push_args);
4686 template <class Instruction>
4687 HInstruction* HOptimizedGraphBuilder::PreProcessCall(Instruction* call) {
4688 PushArgumentsFromEnvironment(call->argument_count());
4693 void HOptimizedGraphBuilder::SetUpScope(Scope* scope) {
4694 // First special is HContext.
4695 HInstruction* context = Add<HContext>();
4696 environment()->BindContext(context);
4698 // Create an arguments object containing the initial parameters. Set the
4699 // initial values of parameters including "this" having parameter index 0.
4700 DCHECK_EQ(scope->num_parameters() + 1, environment()->parameter_count());
4701 HArgumentsObject* arguments_object =
4702 New<HArgumentsObject>(environment()->parameter_count());
4703 for (int i = 0; i < environment()->parameter_count(); ++i) {
4704 HInstruction* parameter = Add<HParameter>(i);
4705 arguments_object->AddArgument(parameter, zone());
4706 environment()->Bind(i, parameter);
4708 AddInstruction(arguments_object);
4709 graph()->SetArgumentsObject(arguments_object);
4711 HConstant* undefined_constant = graph()->GetConstantUndefined();
4712 // Initialize specials and locals to undefined.
4713 for (int i = environment()->parameter_count() + 1;
4714 i < environment()->length();
4716 environment()->Bind(i, undefined_constant);
4719 // Handle the arguments and arguments shadow variables specially (they do
4720 // not have declarations).
4721 if (scope->arguments() != NULL) {
4722 environment()->Bind(scope->arguments(),
4723 graph()->GetArgumentsObject());
4727 Variable* rest = scope->rest_parameter(&rest_index);
4729 return Bailout(kRestParameter);
4732 if (scope->this_function_var() != nullptr ||
4733 scope->new_target_var() != nullptr) {
4734 return Bailout(kSuperReference);
4739 void HOptimizedGraphBuilder::VisitStatements(ZoneList<Statement*>* statements) {
4740 for (int i = 0; i < statements->length(); i++) {
4741 Statement* stmt = statements->at(i);
4742 CHECK_ALIVE(Visit(stmt));
4743 if (stmt->IsJump()) break;
4748 void HOptimizedGraphBuilder::VisitBlock(Block* stmt) {
4749 DCHECK(!HasStackOverflow());
4750 DCHECK(current_block() != NULL);
4751 DCHECK(current_block()->HasPredecessor());
4753 Scope* outer_scope = scope();
4754 Scope* scope = stmt->scope();
4755 BreakAndContinueInfo break_info(stmt, outer_scope);
4757 { BreakAndContinueScope push(&break_info, this);
4758 if (scope != NULL) {
4759 if (scope->ContextLocalCount() > 0) {
4760 // Load the function object.
4761 Scope* declaration_scope = scope->DeclarationScope();
4762 HInstruction* function;
4763 HValue* outer_context = environment()->context();
4764 if (declaration_scope->is_script_scope() ||
4765 declaration_scope->is_eval_scope()) {
4766 function = new (zone())
4767 HLoadContextSlot(outer_context, Context::CLOSURE_INDEX,
4768 HLoadContextSlot::kNoCheck);
4770 function = New<HThisFunction>();
4772 AddInstruction(function);
4773 // Allocate a block context and store it to the stack frame.
4774 HInstruction* inner_context = Add<HAllocateBlockContext>(
4775 outer_context, function, scope->GetScopeInfo(isolate()));
4776 HInstruction* instr = Add<HStoreFrameContext>(inner_context);
4778 environment()->BindContext(inner_context);
4779 if (instr->HasObservableSideEffects()) {
4780 AddSimulate(stmt->EntryId(), REMOVABLE_SIMULATE);
4783 VisitDeclarations(scope->declarations());
4784 AddSimulate(stmt->DeclsId(), REMOVABLE_SIMULATE);
4786 CHECK_BAILOUT(VisitStatements(stmt->statements()));
4788 set_scope(outer_scope);
4789 if (scope != NULL && current_block() != NULL &&
4790 scope->ContextLocalCount() > 0) {
4791 HValue* inner_context = environment()->context();
4792 HValue* outer_context = Add<HLoadNamedField>(
4793 inner_context, nullptr,
4794 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4796 HInstruction* instr = Add<HStoreFrameContext>(outer_context);
4797 environment()->BindContext(outer_context);
4798 if (instr->HasObservableSideEffects()) {
4799 AddSimulate(stmt->ExitId(), REMOVABLE_SIMULATE);
4802 HBasicBlock* break_block = break_info.break_block();
4803 if (break_block != NULL) {
4804 if (current_block() != NULL) Goto(break_block);
4805 break_block->SetJoinId(stmt->ExitId());
4806 set_current_block(break_block);
4811 void HOptimizedGraphBuilder::VisitExpressionStatement(
4812 ExpressionStatement* stmt) {
4813 DCHECK(!HasStackOverflow());
4814 DCHECK(current_block() != NULL);
4815 DCHECK(current_block()->HasPredecessor());
4816 VisitForEffect(stmt->expression());
4820 void HOptimizedGraphBuilder::VisitEmptyStatement(EmptyStatement* stmt) {
4821 DCHECK(!HasStackOverflow());
4822 DCHECK(current_block() != NULL);
4823 DCHECK(current_block()->HasPredecessor());
4827 void HOptimizedGraphBuilder::VisitIfStatement(IfStatement* stmt) {
4828 DCHECK(!HasStackOverflow());
4829 DCHECK(current_block() != NULL);
4830 DCHECK(current_block()->HasPredecessor());
4831 if (stmt->condition()->ToBooleanIsTrue()) {
4832 Add<HSimulate>(stmt->ThenId());
4833 Visit(stmt->then_statement());
4834 } else if (stmt->condition()->ToBooleanIsFalse()) {
4835 Add<HSimulate>(stmt->ElseId());
4836 Visit(stmt->else_statement());
4838 HBasicBlock* cond_true = graph()->CreateBasicBlock();
4839 HBasicBlock* cond_false = graph()->CreateBasicBlock();
4840 CHECK_BAILOUT(VisitForControl(stmt->condition(), cond_true, cond_false));
4842 if (cond_true->HasPredecessor()) {
4843 cond_true->SetJoinId(stmt->ThenId());
4844 set_current_block(cond_true);
4845 CHECK_BAILOUT(Visit(stmt->then_statement()));
4846 cond_true = current_block();
4851 if (cond_false->HasPredecessor()) {
4852 cond_false->SetJoinId(stmt->ElseId());
4853 set_current_block(cond_false);
4854 CHECK_BAILOUT(Visit(stmt->else_statement()));
4855 cond_false = current_block();
4860 HBasicBlock* join = CreateJoin(cond_true, cond_false, stmt->IfId());
4861 set_current_block(join);
4866 HBasicBlock* HOptimizedGraphBuilder::BreakAndContinueScope::Get(
4867 BreakableStatement* stmt,
4872 BreakAndContinueScope* current = this;
4873 while (current != NULL && current->info()->target() != stmt) {
4874 *drop_extra += current->info()->drop_extra();
4875 current = current->next();
4877 DCHECK(current != NULL); // Always found (unless stack is malformed).
4878 *scope = current->info()->scope();
4880 if (type == BREAK) {
4881 *drop_extra += current->info()->drop_extra();
4884 HBasicBlock* block = NULL;
4887 block = current->info()->break_block();
4888 if (block == NULL) {
4889 block = current->owner()->graph()->CreateBasicBlock();
4890 current->info()->set_break_block(block);
4895 block = current->info()->continue_block();
4896 if (block == NULL) {
4897 block = current->owner()->graph()->CreateBasicBlock();
4898 current->info()->set_continue_block(block);
4907 void HOptimizedGraphBuilder::VisitContinueStatement(
4908 ContinueStatement* stmt) {
4909 DCHECK(!HasStackOverflow());
4910 DCHECK(current_block() != NULL);
4911 DCHECK(current_block()->HasPredecessor());
4912 Scope* outer_scope = NULL;
4913 Scope* inner_scope = scope();
4915 HBasicBlock* continue_block = break_scope()->Get(
4916 stmt->target(), BreakAndContinueScope::CONTINUE,
4917 &outer_scope, &drop_extra);
4918 HValue* context = environment()->context();
4920 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4921 if (context_pop_count > 0) {
4922 while (context_pop_count-- > 0) {
4923 HInstruction* context_instruction = Add<HLoadNamedField>(
4925 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4926 context = context_instruction;
4928 HInstruction* instr = Add<HStoreFrameContext>(context);
4929 if (instr->HasObservableSideEffects()) {
4930 AddSimulate(stmt->target()->EntryId(), REMOVABLE_SIMULATE);
4932 environment()->BindContext(context);
4935 Goto(continue_block);
4936 set_current_block(NULL);
4940 void HOptimizedGraphBuilder::VisitBreakStatement(BreakStatement* stmt) {
4941 DCHECK(!HasStackOverflow());
4942 DCHECK(current_block() != NULL);
4943 DCHECK(current_block()->HasPredecessor());
4944 Scope* outer_scope = NULL;
4945 Scope* inner_scope = scope();
4947 HBasicBlock* break_block = break_scope()->Get(
4948 stmt->target(), BreakAndContinueScope::BREAK,
4949 &outer_scope, &drop_extra);
4950 HValue* context = environment()->context();
4952 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4953 if (context_pop_count > 0) {
4954 while (context_pop_count-- > 0) {
4955 HInstruction* context_instruction = Add<HLoadNamedField>(
4957 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4958 context = context_instruction;
4960 HInstruction* instr = Add<HStoreFrameContext>(context);
4961 if (instr->HasObservableSideEffects()) {
4962 AddSimulate(stmt->target()->ExitId(), REMOVABLE_SIMULATE);
4964 environment()->BindContext(context);
4967 set_current_block(NULL);
4971 void HOptimizedGraphBuilder::VisitReturnStatement(ReturnStatement* stmt) {
4972 DCHECK(!HasStackOverflow());
4973 DCHECK(current_block() != NULL);
4974 DCHECK(current_block()->HasPredecessor());
4975 FunctionState* state = function_state();
4976 AstContext* context = call_context();
4977 if (context == NULL) {
4978 // Not an inlined return, so an actual one.
4979 CHECK_ALIVE(VisitForValue(stmt->expression()));
4980 HValue* result = environment()->Pop();
4981 Add<HReturn>(result);
4982 } else if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
4983 // Return from an inlined construct call. In a test context the return value
4984 // will always evaluate to true, in a value context the return value needs
4985 // to be a JSObject.
4986 if (context->IsTest()) {
4987 TestContext* test = TestContext::cast(context);
4988 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4989 Goto(test->if_true(), state);
4990 } else if (context->IsEffect()) {
4991 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4992 Goto(function_return(), state);
4994 DCHECK(context->IsValue());
4995 CHECK_ALIVE(VisitForValue(stmt->expression()));
4996 HValue* return_value = Pop();
4997 HValue* receiver = environment()->arguments_environment()->Lookup(0);
4998 HHasInstanceTypeAndBranch* typecheck =
4999 New<HHasInstanceTypeAndBranch>(return_value,
5000 FIRST_SPEC_OBJECT_TYPE,
5001 LAST_SPEC_OBJECT_TYPE);
5002 HBasicBlock* if_spec_object = graph()->CreateBasicBlock();
5003 HBasicBlock* not_spec_object = graph()->CreateBasicBlock();
5004 typecheck->SetSuccessorAt(0, if_spec_object);
5005 typecheck->SetSuccessorAt(1, not_spec_object);
5006 FinishCurrentBlock(typecheck);
5007 AddLeaveInlined(if_spec_object, return_value, state);
5008 AddLeaveInlined(not_spec_object, receiver, state);
5010 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
5011 // Return from an inlined setter call. The returned value is never used, the
5012 // value of an assignment is always the value of the RHS of the assignment.
5013 CHECK_ALIVE(VisitForEffect(stmt->expression()));
5014 if (context->IsTest()) {
5015 HValue* rhs = environment()->arguments_environment()->Lookup(1);
5016 context->ReturnValue(rhs);
5017 } else if (context->IsEffect()) {
5018 Goto(function_return(), state);
5020 DCHECK(context->IsValue());
5021 HValue* rhs = environment()->arguments_environment()->Lookup(1);
5022 AddLeaveInlined(rhs, state);
5025 // Return from a normal inlined function. Visit the subexpression in the
5026 // expression context of the call.
5027 if (context->IsTest()) {
5028 TestContext* test = TestContext::cast(context);
5029 VisitForControl(stmt->expression(), test->if_true(), test->if_false());
5030 } else if (context->IsEffect()) {
5031 // Visit in value context and ignore the result. This is needed to keep
5032 // environment in sync with full-codegen since some visitors (e.g.
5033 // VisitCountOperation) use the operand stack differently depending on
5035 CHECK_ALIVE(VisitForValue(stmt->expression()));
5037 Goto(function_return(), state);
5039 DCHECK(context->IsValue());
5040 CHECK_ALIVE(VisitForValue(stmt->expression()));
5041 AddLeaveInlined(Pop(), state);
5044 set_current_block(NULL);
5048 void HOptimizedGraphBuilder::VisitWithStatement(WithStatement* stmt) {
5049 DCHECK(!HasStackOverflow());
5050 DCHECK(current_block() != NULL);
5051 DCHECK(current_block()->HasPredecessor());
5052 return Bailout(kWithStatement);
5056 void HOptimizedGraphBuilder::VisitSwitchStatement(SwitchStatement* stmt) {
5057 DCHECK(!HasStackOverflow());
5058 DCHECK(current_block() != NULL);
5059 DCHECK(current_block()->HasPredecessor());
5061 ZoneList<CaseClause*>* clauses = stmt->cases();
5062 int clause_count = clauses->length();
5063 ZoneList<HBasicBlock*> body_blocks(clause_count, zone());
5065 CHECK_ALIVE(VisitForValue(stmt->tag()));
5066 Add<HSimulate>(stmt->EntryId());
5067 HValue* tag_value = Top();
5068 Type* tag_type = stmt->tag()->bounds().lower;
5070 // 1. Build all the tests, with dangling true branches
5071 BailoutId default_id = BailoutId::None();
5072 for (int i = 0; i < clause_count; ++i) {
5073 CaseClause* clause = clauses->at(i);
5074 if (clause->is_default()) {
5075 body_blocks.Add(NULL, zone());
5076 if (default_id.IsNone()) default_id = clause->EntryId();
5080 // Generate a compare and branch.
5081 CHECK_ALIVE(VisitForValue(clause->label()));
5082 HValue* label_value = Pop();
5084 Type* label_type = clause->label()->bounds().lower;
5085 Type* combined_type = clause->compare_type();
5086 HControlInstruction* compare = BuildCompareInstruction(
5087 Token::EQ_STRICT, tag_value, label_value, tag_type, label_type,
5089 ScriptPositionToSourcePosition(stmt->tag()->position()),
5090 ScriptPositionToSourcePosition(clause->label()->position()),
5091 PUSH_BEFORE_SIMULATE, clause->id());
5093 HBasicBlock* next_test_block = graph()->CreateBasicBlock();
5094 HBasicBlock* body_block = graph()->CreateBasicBlock();
5095 body_blocks.Add(body_block, zone());
5096 compare->SetSuccessorAt(0, body_block);
5097 compare->SetSuccessorAt(1, next_test_block);
5098 FinishCurrentBlock(compare);
5100 set_current_block(body_block);
5101 Drop(1); // tag_value
5103 set_current_block(next_test_block);
5106 // Save the current block to use for the default or to join with the
5108 HBasicBlock* last_block = current_block();
5109 Drop(1); // tag_value
5111 // 2. Loop over the clauses and the linked list of tests in lockstep,
5112 // translating the clause bodies.
5113 HBasicBlock* fall_through_block = NULL;
5115 BreakAndContinueInfo break_info(stmt, scope());
5116 { BreakAndContinueScope push(&break_info, this);
5117 for (int i = 0; i < clause_count; ++i) {
5118 CaseClause* clause = clauses->at(i);
5120 // Identify the block where normal (non-fall-through) control flow
5122 HBasicBlock* normal_block = NULL;
5123 if (clause->is_default()) {
5124 if (last_block == NULL) continue;
5125 normal_block = last_block;
5126 last_block = NULL; // Cleared to indicate we've handled it.
5128 normal_block = body_blocks[i];
5131 if (fall_through_block == NULL) {
5132 set_current_block(normal_block);
5134 HBasicBlock* join = CreateJoin(fall_through_block,
5137 set_current_block(join);
5140 CHECK_BAILOUT(VisitStatements(clause->statements()));
5141 fall_through_block = current_block();
5145 // Create an up-to-3-way join. Use the break block if it exists since
5146 // it's already a join block.
5147 HBasicBlock* break_block = break_info.break_block();
5148 if (break_block == NULL) {
5149 set_current_block(CreateJoin(fall_through_block,
5153 if (fall_through_block != NULL) Goto(fall_through_block, break_block);
5154 if (last_block != NULL) Goto(last_block, break_block);
5155 break_block->SetJoinId(stmt->ExitId());
5156 set_current_block(break_block);
5161 void HOptimizedGraphBuilder::VisitLoopBody(IterationStatement* stmt,
5162 HBasicBlock* loop_entry) {
5163 Add<HSimulate>(stmt->StackCheckId());
5164 HStackCheck* stack_check =
5165 HStackCheck::cast(Add<HStackCheck>(HStackCheck::kBackwardsBranch));
5166 DCHECK(loop_entry->IsLoopHeader());
5167 loop_entry->loop_information()->set_stack_check(stack_check);
5168 CHECK_BAILOUT(Visit(stmt->body()));
5172 void HOptimizedGraphBuilder::VisitDoWhileStatement(DoWhileStatement* stmt) {
5173 DCHECK(!HasStackOverflow());
5174 DCHECK(current_block() != NULL);
5175 DCHECK(current_block()->HasPredecessor());
5176 DCHECK(current_block() != NULL);
5177 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5179 BreakAndContinueInfo break_info(stmt, scope());
5181 BreakAndContinueScope push(&break_info, this);
5182 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5184 HBasicBlock* body_exit =
5185 JoinContinue(stmt, current_block(), break_info.continue_block());
5186 HBasicBlock* loop_successor = NULL;
5187 if (body_exit != NULL && !stmt->cond()->ToBooleanIsTrue()) {
5188 set_current_block(body_exit);
5189 loop_successor = graph()->CreateBasicBlock();
5190 if (stmt->cond()->ToBooleanIsFalse()) {
5191 loop_entry->loop_information()->stack_check()->Eliminate();
5192 Goto(loop_successor);
5195 // The block for a true condition, the actual predecessor block of the
5197 body_exit = graph()->CreateBasicBlock();
5198 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_exit, loop_successor));
5200 if (body_exit != NULL && body_exit->HasPredecessor()) {
5201 body_exit->SetJoinId(stmt->BackEdgeId());
5205 if (loop_successor->HasPredecessor()) {
5206 loop_successor->SetJoinId(stmt->ExitId());
5208 loop_successor = NULL;
5211 HBasicBlock* loop_exit = CreateLoop(stmt,
5215 break_info.break_block());
5216 set_current_block(loop_exit);
5220 void HOptimizedGraphBuilder::VisitWhileStatement(WhileStatement* stmt) {
5221 DCHECK(!HasStackOverflow());
5222 DCHECK(current_block() != NULL);
5223 DCHECK(current_block()->HasPredecessor());
5224 DCHECK(current_block() != NULL);
5225 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5227 // If the condition is constant true, do not generate a branch.
5228 HBasicBlock* loop_successor = NULL;
5229 if (!stmt->cond()->ToBooleanIsTrue()) {
5230 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5231 loop_successor = graph()->CreateBasicBlock();
5232 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5233 if (body_entry->HasPredecessor()) {
5234 body_entry->SetJoinId(stmt->BodyId());
5235 set_current_block(body_entry);
5237 if (loop_successor->HasPredecessor()) {
5238 loop_successor->SetJoinId(stmt->ExitId());
5240 loop_successor = NULL;
5244 BreakAndContinueInfo break_info(stmt, scope());
5245 if (current_block() != NULL) {
5246 BreakAndContinueScope push(&break_info, this);
5247 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5249 HBasicBlock* body_exit =
5250 JoinContinue(stmt, current_block(), break_info.continue_block());
5251 HBasicBlock* loop_exit = CreateLoop(stmt,
5255 break_info.break_block());
5256 set_current_block(loop_exit);
5260 void HOptimizedGraphBuilder::VisitForStatement(ForStatement* stmt) {
5261 DCHECK(!HasStackOverflow());
5262 DCHECK(current_block() != NULL);
5263 DCHECK(current_block()->HasPredecessor());
5264 if (stmt->init() != NULL) {
5265 CHECK_ALIVE(Visit(stmt->init()));
5267 DCHECK(current_block() != NULL);
5268 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5270 HBasicBlock* loop_successor = NULL;
5271 if (stmt->cond() != NULL) {
5272 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5273 loop_successor = graph()->CreateBasicBlock();
5274 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5275 if (body_entry->HasPredecessor()) {
5276 body_entry->SetJoinId(stmt->BodyId());
5277 set_current_block(body_entry);
5279 if (loop_successor->HasPredecessor()) {
5280 loop_successor->SetJoinId(stmt->ExitId());
5282 loop_successor = NULL;
5286 BreakAndContinueInfo break_info(stmt, scope());
5287 if (current_block() != NULL) {
5288 BreakAndContinueScope push(&break_info, this);
5289 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5291 HBasicBlock* body_exit =
5292 JoinContinue(stmt, current_block(), break_info.continue_block());
5294 if (stmt->next() != NULL && body_exit != NULL) {
5295 set_current_block(body_exit);
5296 CHECK_BAILOUT(Visit(stmt->next()));
5297 body_exit = current_block();
5300 HBasicBlock* loop_exit = CreateLoop(stmt,
5304 break_info.break_block());
5305 set_current_block(loop_exit);
5309 void HOptimizedGraphBuilder::VisitForInStatement(ForInStatement* stmt) {
5310 DCHECK(!HasStackOverflow());
5311 DCHECK(current_block() != NULL);
5312 DCHECK(current_block()->HasPredecessor());
5314 if (!FLAG_optimize_for_in) {
5315 return Bailout(kForInStatementOptimizationIsDisabled);
5318 if (!stmt->each()->IsVariableProxy() ||
5319 !stmt->each()->AsVariableProxy()->var()->IsStackLocal()) {
5320 return Bailout(kForInStatementWithNonLocalEachVariable);
5323 Variable* each_var = stmt->each()->AsVariableProxy()->var();
5325 CHECK_ALIVE(VisitForValue(stmt->enumerable()));
5326 HValue* enumerable = Top(); // Leave enumerable at the top.
5328 IfBuilder if_undefined_or_null(this);
5329 if_undefined_or_null.If<HCompareObjectEqAndBranch>(
5330 enumerable, graph()->GetConstantUndefined());
5331 if_undefined_or_null.Or();
5332 if_undefined_or_null.If<HCompareObjectEqAndBranch>(
5333 enumerable, graph()->GetConstantNull());
5334 if_undefined_or_null.ThenDeopt(Deoptimizer::kUndefinedOrNullInForIn);
5335 if_undefined_or_null.End();
5336 BuildForInBody(stmt, each_var, enumerable);
5340 void HOptimizedGraphBuilder::BuildForInBody(ForInStatement* stmt,
5342 HValue* enumerable) {
5344 HInstruction* array;
5345 HInstruction* enum_length;
5346 bool fast = stmt->for_in_type() == ForInStatement::FAST_FOR_IN;
5348 map = Add<HForInPrepareMap>(enumerable);
5349 Add<HSimulate>(stmt->PrepareId());
5351 array = Add<HForInCacheArray>(enumerable, map,
5352 DescriptorArray::kEnumCacheBridgeCacheIndex);
5353 enum_length = Add<HMapEnumLength>(map);
5355 HInstruction* index_cache = Add<HForInCacheArray>(
5356 enumerable, map, DescriptorArray::kEnumCacheBridgeIndicesCacheIndex);
5357 HForInCacheArray::cast(array)
5358 ->set_index_cache(HForInCacheArray::cast(index_cache));
5360 Add<HSimulate>(stmt->PrepareId());
5362 NoObservableSideEffectsScope no_effects(this);
5363 BuildJSObjectCheck(enumerable, 0);
5365 Add<HSimulate>(stmt->ToObjectId());
5367 map = graph()->GetConstant1();
5368 Runtime::FunctionId function_id = Runtime::kGetPropertyNamesFast;
5369 Add<HPushArguments>(enumerable);
5370 array = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5371 Runtime::FunctionForId(function_id), 1);
5373 Add<HSimulate>(stmt->EnumId());
5375 Handle<Map> array_map = isolate()->factory()->fixed_array_map();
5376 HValue* check = Add<HCheckMaps>(array, array_map);
5377 enum_length = AddLoadFixedArrayLength(array, check);
5380 HInstruction* start_index = Add<HConstant>(0);
5387 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5389 // Reload the values to ensure we have up-to-date values inside of the loop.
5390 // This is relevant especially for OSR where the values don't come from the
5391 // computation above, but from the OSR entry block.
5392 enumerable = environment()->ExpressionStackAt(4);
5393 HValue* index = environment()->ExpressionStackAt(0);
5394 HValue* limit = environment()->ExpressionStackAt(1);
5396 // Check that we still have more keys.
5397 HCompareNumericAndBranch* compare_index =
5398 New<HCompareNumericAndBranch>(index, limit, Token::LT);
5399 compare_index->set_observed_input_representation(
5400 Representation::Smi(), Representation::Smi());
5402 HBasicBlock* loop_body = graph()->CreateBasicBlock();
5403 HBasicBlock* loop_successor = graph()->CreateBasicBlock();
5405 compare_index->SetSuccessorAt(0, loop_body);
5406 compare_index->SetSuccessorAt(1, loop_successor);
5407 FinishCurrentBlock(compare_index);
5409 set_current_block(loop_successor);
5412 set_current_block(loop_body);
5415 Add<HLoadKeyed>(environment()->ExpressionStackAt(2), // Enum cache.
5416 index, index, FAST_ELEMENTS);
5419 // Check if the expected map still matches that of the enumerable.
5420 // If not just deoptimize.
5421 Add<HCheckMapValue>(enumerable, environment()->ExpressionStackAt(3));
5422 Bind(each_var, key);
5424 Add<HPushArguments>(enumerable, key);
5425 Runtime::FunctionId function_id = Runtime::kForInFilter;
5426 key = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5427 Runtime::FunctionForId(function_id), 2);
5429 Add<HSimulate>(stmt->FilterId());
5431 Bind(each_var, key);
5432 IfBuilder if_undefined(this);
5433 if_undefined.If<HCompareObjectEqAndBranch>(key,
5434 graph()->GetConstantUndefined());
5435 if_undefined.ThenDeopt(Deoptimizer::kUndefined);
5437 Add<HSimulate>(stmt->AssignmentId());
5440 BreakAndContinueInfo break_info(stmt, scope(), 5);
5442 BreakAndContinueScope push(&break_info, this);
5443 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5446 HBasicBlock* body_exit =
5447 JoinContinue(stmt, current_block(), break_info.continue_block());
5449 if (body_exit != NULL) {
5450 set_current_block(body_exit);
5452 HValue* current_index = Pop();
5453 Push(AddUncasted<HAdd>(current_index, graph()->GetConstant1()));
5454 body_exit = current_block();
5457 HBasicBlock* loop_exit = CreateLoop(stmt,
5461 break_info.break_block());
5463 set_current_block(loop_exit);
5467 void HOptimizedGraphBuilder::VisitForOfStatement(ForOfStatement* stmt) {
5468 DCHECK(!HasStackOverflow());
5469 DCHECK(current_block() != NULL);
5470 DCHECK(current_block()->HasPredecessor());
5471 return Bailout(kForOfStatement);
5475 void HOptimizedGraphBuilder::VisitTryCatchStatement(TryCatchStatement* stmt) {
5476 DCHECK(!HasStackOverflow());
5477 DCHECK(current_block() != NULL);
5478 DCHECK(current_block()->HasPredecessor());
5479 return Bailout(kTryCatchStatement);
5483 void HOptimizedGraphBuilder::VisitTryFinallyStatement(
5484 TryFinallyStatement* stmt) {
5485 DCHECK(!HasStackOverflow());
5486 DCHECK(current_block() != NULL);
5487 DCHECK(current_block()->HasPredecessor());
5488 return Bailout(kTryFinallyStatement);
5492 void HOptimizedGraphBuilder::VisitDebuggerStatement(DebuggerStatement* stmt) {
5493 DCHECK(!HasStackOverflow());
5494 DCHECK(current_block() != NULL);
5495 DCHECK(current_block()->HasPredecessor());
5496 return Bailout(kDebuggerStatement);
5500 void HOptimizedGraphBuilder::VisitCaseClause(CaseClause* clause) {
5505 void HOptimizedGraphBuilder::VisitFunctionLiteral(FunctionLiteral* expr) {
5506 DCHECK(!HasStackOverflow());
5507 DCHECK(current_block() != NULL);
5508 DCHECK(current_block()->HasPredecessor());
5509 Handle<SharedFunctionInfo> shared_info = Compiler::GetSharedFunctionInfo(
5510 expr, current_info()->script(), top_info());
5511 // We also have a stack overflow if the recursive compilation did.
5512 if (HasStackOverflow()) return;
5513 HFunctionLiteral* instr =
5514 New<HFunctionLiteral>(shared_info, expr->pretenure());
5515 return ast_context()->ReturnInstruction(instr, expr->id());
5519 void HOptimizedGraphBuilder::VisitClassLiteral(ClassLiteral* lit) {
5520 DCHECK(!HasStackOverflow());
5521 DCHECK(current_block() != NULL);
5522 DCHECK(current_block()->HasPredecessor());
5523 return Bailout(kClassLiteral);
5527 void HOptimizedGraphBuilder::VisitNativeFunctionLiteral(
5528 NativeFunctionLiteral* expr) {
5529 DCHECK(!HasStackOverflow());
5530 DCHECK(current_block() != NULL);
5531 DCHECK(current_block()->HasPredecessor());
5532 return Bailout(kNativeFunctionLiteral);
5536 void HOptimizedGraphBuilder::VisitConditional(Conditional* expr) {
5537 DCHECK(!HasStackOverflow());
5538 DCHECK(current_block() != NULL);
5539 DCHECK(current_block()->HasPredecessor());
5540 HBasicBlock* cond_true = graph()->CreateBasicBlock();
5541 HBasicBlock* cond_false = graph()->CreateBasicBlock();
5542 CHECK_BAILOUT(VisitForControl(expr->condition(), cond_true, cond_false));
5544 // Visit the true and false subexpressions in the same AST context as the
5545 // whole expression.
5546 if (cond_true->HasPredecessor()) {
5547 cond_true->SetJoinId(expr->ThenId());
5548 set_current_block(cond_true);
5549 CHECK_BAILOUT(Visit(expr->then_expression()));
5550 cond_true = current_block();
5555 if (cond_false->HasPredecessor()) {
5556 cond_false->SetJoinId(expr->ElseId());
5557 set_current_block(cond_false);
5558 CHECK_BAILOUT(Visit(expr->else_expression()));
5559 cond_false = current_block();
5564 if (!ast_context()->IsTest()) {
5565 HBasicBlock* join = CreateJoin(cond_true, cond_false, expr->id());
5566 set_current_block(join);
5567 if (join != NULL && !ast_context()->IsEffect()) {
5568 return ast_context()->ReturnValue(Pop());
5574 HOptimizedGraphBuilder::GlobalPropertyAccess
5575 HOptimizedGraphBuilder::LookupGlobalProperty(Variable* var, LookupIterator* it,
5576 PropertyAccessType access_type) {
5577 if (var->is_this() || !current_info()->has_global_object()) {
5581 switch (it->state()) {
5582 case LookupIterator::ACCESSOR:
5583 case LookupIterator::ACCESS_CHECK:
5584 case LookupIterator::INTERCEPTOR:
5585 case LookupIterator::INTEGER_INDEXED_EXOTIC:
5586 case LookupIterator::NOT_FOUND:
5588 case LookupIterator::DATA:
5589 if (access_type == STORE && it->IsReadOnly()) return kUseGeneric;
5591 case LookupIterator::JSPROXY:
5592 case LookupIterator::TRANSITION:
5600 HValue* HOptimizedGraphBuilder::BuildContextChainWalk(Variable* var) {
5601 DCHECK(var->IsContextSlot());
5602 HValue* context = environment()->context();
5603 int length = scope()->ContextChainLength(var->scope());
5604 while (length-- > 0) {
5605 context = Add<HLoadNamedField>(
5607 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
5613 void HOptimizedGraphBuilder::VisitVariableProxy(VariableProxy* expr) {
5614 DCHECK(!HasStackOverflow());
5615 DCHECK(current_block() != NULL);
5616 DCHECK(current_block()->HasPredecessor());
5617 Variable* variable = expr->var();
5618 switch (variable->location()) {
5619 case VariableLocation::GLOBAL:
5620 case VariableLocation::UNALLOCATED: {
5621 if (IsLexicalVariableMode(variable->mode())) {
5622 // TODO(rossberg): should this be an DCHECK?
5623 return Bailout(kReferenceToGlobalLexicalVariable);
5625 // Handle known global constants like 'undefined' specially to avoid a
5626 // load from a global cell for them.
5627 Handle<Object> constant_value =
5628 isolate()->factory()->GlobalConstantFor(variable->name());
5629 if (!constant_value.is_null()) {
5630 HConstant* instr = New<HConstant>(constant_value);
5631 return ast_context()->ReturnInstruction(instr, expr->id());
5634 Handle<GlobalObject> global(current_info()->global_object());
5636 // Lookup in script contexts.
5638 Handle<ScriptContextTable> script_contexts(
5639 global->native_context()->script_context_table());
5640 ScriptContextTable::LookupResult lookup;
5641 if (ScriptContextTable::Lookup(script_contexts, variable->name(),
5643 Handle<Context> script_context = ScriptContextTable::GetContext(
5644 script_contexts, lookup.context_index);
5645 Handle<Object> current_value =
5646 FixedArray::get(script_context, lookup.slot_index);
5648 // If the values is not the hole, it will stay initialized,
5649 // so no need to generate a check.
5650 if (*current_value == *isolate()->factory()->the_hole_value()) {
5651 return Bailout(kReferenceToUninitializedVariable);
5653 HInstruction* result = New<HLoadNamedField>(
5654 Add<HConstant>(script_context), nullptr,
5655 HObjectAccess::ForContextSlot(lookup.slot_index));
5656 return ast_context()->ReturnInstruction(result, expr->id());
5660 LookupIterator it(global, variable->name(), LookupIterator::OWN);
5661 GlobalPropertyAccess type = LookupGlobalProperty(variable, &it, LOAD);
5663 if (type == kUseCell) {
5664 Handle<PropertyCell> cell = it.GetPropertyCell();
5665 top_info()->dependencies()->AssumePropertyCell(cell);
5666 auto cell_type = it.property_details().cell_type();
5667 if (cell_type == PropertyCellType::kConstant ||
5668 cell_type == PropertyCellType::kUndefined) {
5669 Handle<Object> constant_object(cell->value(), isolate());
5670 if (constant_object->IsConsString()) {
5672 String::Flatten(Handle<String>::cast(constant_object));
5674 HConstant* constant = New<HConstant>(constant_object);
5675 return ast_context()->ReturnInstruction(constant, expr->id());
5677 auto access = HObjectAccess::ForPropertyCellValue();
5678 UniqueSet<Map>* field_maps = nullptr;
5679 if (cell_type == PropertyCellType::kConstantType) {
5680 switch (cell->GetConstantType()) {
5681 case PropertyCellConstantType::kSmi:
5682 access = access.WithRepresentation(Representation::Smi());
5684 case PropertyCellConstantType::kStableMap: {
5685 // Check that the map really is stable. The heap object could
5686 // have mutated without the cell updating state. In that case,
5687 // make no promises about the loaded value except that it's a
5690 access.WithRepresentation(Representation::HeapObject());
5691 Handle<Map> map(HeapObject::cast(cell->value())->map());
5692 if (map->is_stable()) {
5693 field_maps = new (zone())
5694 UniqueSet<Map>(Unique<Map>::CreateImmovable(map), zone());
5700 HConstant* cell_constant = Add<HConstant>(cell);
5701 HLoadNamedField* instr;
5702 if (field_maps == nullptr) {
5703 instr = New<HLoadNamedField>(cell_constant, nullptr, access);
5705 instr = New<HLoadNamedField>(cell_constant, nullptr, access,
5706 field_maps, HType::HeapObject());
5708 instr->ClearDependsOnFlag(kInobjectFields);
5709 instr->SetDependsOnFlag(kGlobalVars);
5710 return ast_context()->ReturnInstruction(instr, expr->id());
5712 } else if (variable->IsGlobalSlot()) {
5713 DCHECK(variable->index() > 0);
5714 DCHECK(variable->IsStaticGlobalObjectProperty());
5715 int slot_index = variable->index();
5716 int depth = scope()->ContextChainLength(variable->scope());
5718 HLoadGlobalViaContext* instr =
5719 New<HLoadGlobalViaContext>(depth, slot_index);
5720 return ast_context()->ReturnInstruction(instr, expr->id());
5723 HValue* global_object = Add<HLoadNamedField>(
5725 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
5726 HLoadGlobalGeneric* instr = New<HLoadGlobalGeneric>(
5727 global_object, variable->name(), ast_context()->typeof_mode());
5728 instr->SetVectorAndSlot(handle(current_feedback_vector(), isolate()),
5729 expr->VariableFeedbackSlot());
5730 return ast_context()->ReturnInstruction(instr, expr->id());
5734 case VariableLocation::PARAMETER:
5735 case VariableLocation::LOCAL: {
5736 HValue* value = LookupAndMakeLive(variable);
5737 if (value == graph()->GetConstantHole()) {
5738 DCHECK(IsDeclaredVariableMode(variable->mode()) &&
5739 variable->mode() != VAR);
5740 return Bailout(kReferenceToUninitializedVariable);
5742 return ast_context()->ReturnValue(value);
5745 case VariableLocation::CONTEXT: {
5746 HValue* context = BuildContextChainWalk(variable);
5747 HLoadContextSlot::Mode mode;
5748 switch (variable->mode()) {
5751 mode = HLoadContextSlot::kCheckDeoptimize;
5754 mode = HLoadContextSlot::kCheckReturnUndefined;
5757 mode = HLoadContextSlot::kNoCheck;
5760 HLoadContextSlot* instr =
5761 new(zone()) HLoadContextSlot(context, variable->index(), mode);
5762 return ast_context()->ReturnInstruction(instr, expr->id());
5765 case VariableLocation::LOOKUP:
5766 return Bailout(kReferenceToAVariableWhichRequiresDynamicLookup);
5771 void HOptimizedGraphBuilder::VisitLiteral(Literal* expr) {
5772 DCHECK(!HasStackOverflow());
5773 DCHECK(current_block() != NULL);
5774 DCHECK(current_block()->HasPredecessor());
5775 HConstant* instr = New<HConstant>(expr->value());
5776 return ast_context()->ReturnInstruction(instr, expr->id());
5780 void HOptimizedGraphBuilder::VisitRegExpLiteral(RegExpLiteral* expr) {
5781 DCHECK(!HasStackOverflow());
5782 DCHECK(current_block() != NULL);
5783 DCHECK(current_block()->HasPredecessor());
5784 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5785 Handle<FixedArray> literals(closure->literals());
5786 HRegExpLiteral* instr = New<HRegExpLiteral>(literals,
5789 expr->literal_index());
5790 return ast_context()->ReturnInstruction(instr, expr->id());
5794 static bool CanInlinePropertyAccess(Handle<Map> map) {
5795 if (map->instance_type() == HEAP_NUMBER_TYPE) return true;
5796 if (map->instance_type() < FIRST_NONSTRING_TYPE) return true;
5797 return map->IsJSObjectMap() && !map->is_dictionary_map() &&
5798 !map->has_named_interceptor() &&
5799 // TODO(verwaest): Whitelist contexts to which we have access.
5800 !map->is_access_check_needed();
5804 // Determines whether the given array or object literal boilerplate satisfies
5805 // all limits to be considered for fast deep-copying and computes the total
5806 // size of all objects that are part of the graph.
5807 static bool IsFastLiteral(Handle<JSObject> boilerplate,
5809 int* max_properties) {
5810 if (boilerplate->map()->is_deprecated() &&
5811 !JSObject::TryMigrateInstance(boilerplate)) {
5815 DCHECK(max_depth >= 0 && *max_properties >= 0);
5816 if (max_depth == 0) return false;
5818 Isolate* isolate = boilerplate->GetIsolate();
5819 Handle<FixedArrayBase> elements(boilerplate->elements());
5820 if (elements->length() > 0 &&
5821 elements->map() != isolate->heap()->fixed_cow_array_map()) {
5822 if (boilerplate->HasFastSmiOrObjectElements()) {
5823 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
5824 int length = elements->length();
5825 for (int i = 0; i < length; i++) {
5826 if ((*max_properties)-- == 0) return false;
5827 Handle<Object> value(fast_elements->get(i), isolate);
5828 if (value->IsJSObject()) {
5829 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5830 if (!IsFastLiteral(value_object,
5837 } else if (!boilerplate->HasFastDoubleElements()) {
5842 Handle<FixedArray> properties(boilerplate->properties());
5843 if (properties->length() > 0) {
5846 Handle<DescriptorArray> descriptors(
5847 boilerplate->map()->instance_descriptors());
5848 int limit = boilerplate->map()->NumberOfOwnDescriptors();
5849 for (int i = 0; i < limit; i++) {
5850 PropertyDetails details = descriptors->GetDetails(i);
5851 if (details.type() != DATA) continue;
5852 if ((*max_properties)-- == 0) return false;
5853 FieldIndex field_index = FieldIndex::ForDescriptor(boilerplate->map(), i);
5854 if (boilerplate->IsUnboxedDoubleField(field_index)) continue;
5855 Handle<Object> value(boilerplate->RawFastPropertyAt(field_index),
5857 if (value->IsJSObject()) {
5858 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5859 if (!IsFastLiteral(value_object,
5871 void HOptimizedGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
5872 DCHECK(!HasStackOverflow());
5873 DCHECK(current_block() != NULL);
5874 DCHECK(current_block()->HasPredecessor());
5876 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5877 HInstruction* literal;
5879 // Check whether to use fast or slow deep-copying for boilerplate.
5880 int max_properties = kMaxFastLiteralProperties;
5881 Handle<Object> literals_cell(closure->literals()->get(expr->literal_index()),
5883 Handle<AllocationSite> site;
5884 Handle<JSObject> boilerplate;
5885 if (!literals_cell->IsUndefined()) {
5886 // Retrieve the boilerplate
5887 site = Handle<AllocationSite>::cast(literals_cell);
5888 boilerplate = Handle<JSObject>(JSObject::cast(site->transition_info()),
5892 if (!boilerplate.is_null() &&
5893 IsFastLiteral(boilerplate, kMaxFastLiteralDepth, &max_properties)) {
5894 AllocationSiteUsageContext site_context(isolate(), site, false);
5895 site_context.EnterNewScope();
5896 literal = BuildFastLiteral(boilerplate, &site_context);
5897 site_context.ExitScope(site, boilerplate);
5899 NoObservableSideEffectsScope no_effects(this);
5900 Handle<FixedArray> closure_literals(closure->literals(), isolate());
5901 Handle<FixedArray> constant_properties = expr->constant_properties();
5902 int literal_index = expr->literal_index();
5903 int flags = expr->ComputeFlags(true);
5905 Add<HPushArguments>(Add<HConstant>(closure_literals),
5906 Add<HConstant>(literal_index),
5907 Add<HConstant>(constant_properties),
5908 Add<HConstant>(flags));
5910 Runtime::FunctionId function_id = Runtime::kCreateObjectLiteral;
5911 literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5912 Runtime::FunctionForId(function_id),
5916 // The object is expected in the bailout environment during computation
5917 // of the property values and is the value of the entire expression.
5919 int store_slot_index = 0;
5920 for (int i = 0; i < expr->properties()->length(); i++) {
5921 ObjectLiteral::Property* property = expr->properties()->at(i);
5922 if (property->is_computed_name()) return Bailout(kComputedPropertyName);
5923 if (property->IsCompileTimeValue()) continue;
5925 Literal* key = property->key()->AsLiteral();
5926 Expression* value = property->value();
5928 switch (property->kind()) {
5929 case ObjectLiteral::Property::MATERIALIZED_LITERAL:
5930 DCHECK(!CompileTimeValue::IsCompileTimeValue(value));
5932 case ObjectLiteral::Property::COMPUTED:
5933 // It is safe to use [[Put]] here because the boilerplate already
5934 // contains computed properties with an uninitialized value.
5935 if (key->value()->IsInternalizedString()) {
5936 if (property->emit_store()) {
5937 CHECK_ALIVE(VisitForValue(value));
5938 HValue* value = Pop();
5940 Handle<Map> map = property->GetReceiverType();
5941 Handle<String> name = key->AsPropertyName();
5943 FeedbackVectorICSlot slot = expr->GetNthSlot(store_slot_index++);
5944 if (map.is_null()) {
5945 // If we don't know the monomorphic type, do a generic store.
5946 CHECK_ALIVE(store = BuildNamedGeneric(STORE, NULL, slot, literal,
5949 PropertyAccessInfo info(this, STORE, map, name);
5950 if (info.CanAccessMonomorphic()) {
5951 HValue* checked_literal = Add<HCheckMaps>(literal, map);
5952 DCHECK(!info.IsAccessorConstant());
5953 store = BuildMonomorphicAccess(
5954 &info, literal, checked_literal, value,
5955 BailoutId::None(), BailoutId::None());
5957 CHECK_ALIVE(store = BuildNamedGeneric(STORE, NULL, slot,
5958 literal, name, value));
5961 if (store->IsInstruction()) {
5962 AddInstruction(HInstruction::cast(store));
5964 DCHECK(store->HasObservableSideEffects());
5965 Add<HSimulate>(key->id(), REMOVABLE_SIMULATE);
5967 // Add [[HomeObject]] to function literals.
5968 if (FunctionLiteral::NeedsHomeObject(property->value())) {
5969 Handle<Symbol> sym = isolate()->factory()->home_object_symbol();
5970 HInstruction* store_home = BuildNamedGeneric(
5971 STORE, NULL, expr->GetNthSlot(store_slot_index++), value, sym,
5973 AddInstruction(store_home);
5974 DCHECK(store_home->HasObservableSideEffects());
5975 Add<HSimulate>(property->value()->id(), REMOVABLE_SIMULATE);
5978 CHECK_ALIVE(VisitForEffect(value));
5983 case ObjectLiteral::Property::PROTOTYPE:
5984 case ObjectLiteral::Property::SETTER:
5985 case ObjectLiteral::Property::GETTER:
5986 return Bailout(kObjectLiteralWithComplexProperty);
5987 default: UNREACHABLE();
5991 // Crankshaft may not consume all the slots because it doesn't emit accessors.
5992 DCHECK(!FLAG_vector_stores || store_slot_index <= expr->slot_count());
5994 if (expr->has_function()) {
5995 // Return the result of the transformation to fast properties
5996 // instead of the original since this operation changes the map
5997 // of the object. This makes sure that the original object won't
5998 // be used by other optimized code before it is transformed
5999 // (e.g. because of code motion).
6000 HToFastProperties* result = Add<HToFastProperties>(Pop());
6001 return ast_context()->ReturnValue(result);
6003 return ast_context()->ReturnValue(Pop());
6008 void HOptimizedGraphBuilder::VisitArrayLiteral(ArrayLiteral* expr) {
6009 DCHECK(!HasStackOverflow());
6010 DCHECK(current_block() != NULL);
6011 DCHECK(current_block()->HasPredecessor());
6012 expr->BuildConstantElements(isolate());
6013 ZoneList<Expression*>* subexprs = expr->values();
6014 int length = subexprs->length();
6015 HInstruction* literal;
6017 Handle<AllocationSite> site;
6018 Handle<FixedArray> literals(environment()->closure()->literals(), isolate());
6019 bool uninitialized = false;
6020 Handle<Object> literals_cell(literals->get(expr->literal_index()),
6022 Handle<JSObject> boilerplate_object;
6023 if (literals_cell->IsUndefined()) {
6024 uninitialized = true;
6025 Handle<Object> raw_boilerplate;
6026 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
6027 isolate(), raw_boilerplate,
6028 Runtime::CreateArrayLiteralBoilerplate(
6029 isolate(), literals, expr->constant_elements(),
6030 is_strong(function_language_mode())),
6031 Bailout(kArrayBoilerplateCreationFailed));
6033 boilerplate_object = Handle<JSObject>::cast(raw_boilerplate);
6034 AllocationSiteCreationContext creation_context(isolate());
6035 site = creation_context.EnterNewScope();
6036 if (JSObject::DeepWalk(boilerplate_object, &creation_context).is_null()) {
6037 return Bailout(kArrayBoilerplateCreationFailed);
6039 creation_context.ExitScope(site, boilerplate_object);
6040 literals->set(expr->literal_index(), *site);
6042 if (boilerplate_object->elements()->map() ==
6043 isolate()->heap()->fixed_cow_array_map()) {
6044 isolate()->counters()->cow_arrays_created_runtime()->Increment();
6047 DCHECK(literals_cell->IsAllocationSite());
6048 site = Handle<AllocationSite>::cast(literals_cell);
6049 boilerplate_object = Handle<JSObject>(
6050 JSObject::cast(site->transition_info()), isolate());
6053 DCHECK(!boilerplate_object.is_null());
6054 DCHECK(site->SitePointsToLiteral());
6056 ElementsKind boilerplate_elements_kind =
6057 boilerplate_object->GetElementsKind();
6059 // Check whether to use fast or slow deep-copying for boilerplate.
6060 int max_properties = kMaxFastLiteralProperties;
6061 if (IsFastLiteral(boilerplate_object,
6062 kMaxFastLiteralDepth,
6064 AllocationSiteUsageContext site_context(isolate(), site, false);
6065 site_context.EnterNewScope();
6066 literal = BuildFastLiteral(boilerplate_object, &site_context);
6067 site_context.ExitScope(site, boilerplate_object);
6069 NoObservableSideEffectsScope no_effects(this);
6070 // Boilerplate already exists and constant elements are never accessed,
6071 // pass an empty fixed array to the runtime function instead.
6072 Handle<FixedArray> constants = isolate()->factory()->empty_fixed_array();
6073 int literal_index = expr->literal_index();
6074 int flags = expr->ComputeFlags(true);
6076 Add<HPushArguments>(Add<HConstant>(literals),
6077 Add<HConstant>(literal_index),
6078 Add<HConstant>(constants),
6079 Add<HConstant>(flags));
6081 Runtime::FunctionId function_id = Runtime::kCreateArrayLiteral;
6082 literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
6083 Runtime::FunctionForId(function_id),
6086 // Register to deopt if the boilerplate ElementsKind changes.
6087 top_info()->dependencies()->AssumeTransitionStable(site);
6090 // The array is expected in the bailout environment during computation
6091 // of the property values and is the value of the entire expression.
6093 // The literal index is on the stack, too.
6094 Push(Add<HConstant>(expr->literal_index()));
6096 HInstruction* elements = NULL;
6098 for (int i = 0; i < length; i++) {
6099 Expression* subexpr = subexprs->at(i);
6100 if (subexpr->IsSpread()) {
6101 return Bailout(kSpread);
6104 // If the subexpression is a literal or a simple materialized literal it
6105 // is already set in the cloned array.
6106 if (CompileTimeValue::IsCompileTimeValue(subexpr)) continue;
6108 CHECK_ALIVE(VisitForValue(subexpr));
6109 HValue* value = Pop();
6110 if (!Smi::IsValid(i)) return Bailout(kNonSmiKeyInArrayLiteral);
6112 elements = AddLoadElements(literal);
6114 HValue* key = Add<HConstant>(i);
6116 switch (boilerplate_elements_kind) {
6117 case FAST_SMI_ELEMENTS:
6118 case FAST_HOLEY_SMI_ELEMENTS:
6120 case FAST_HOLEY_ELEMENTS:
6121 case FAST_DOUBLE_ELEMENTS:
6122 case FAST_HOLEY_DOUBLE_ELEMENTS: {
6123 HStoreKeyed* instr = Add<HStoreKeyed>(elements, key, value,
6124 boilerplate_elements_kind);
6125 instr->SetUninitialized(uninitialized);
6133 Add<HSimulate>(expr->GetIdForElement(i));
6136 Drop(1); // array literal index
6137 return ast_context()->ReturnValue(Pop());
6141 HCheckMaps* HOptimizedGraphBuilder::AddCheckMap(HValue* object,
6143 BuildCheckHeapObject(object);
6144 return Add<HCheckMaps>(object, map);
6148 HInstruction* HOptimizedGraphBuilder::BuildLoadNamedField(
6149 PropertyAccessInfo* info,
6150 HValue* checked_object) {
6151 // See if this is a load for an immutable property
6152 if (checked_object->ActualValue()->IsConstant()) {
6153 Handle<Object> object(
6154 HConstant::cast(checked_object->ActualValue())->handle(isolate()));
6156 if (object->IsJSObject()) {
6157 LookupIterator it(object, info->name(),
6158 LookupIterator::OWN_SKIP_INTERCEPTOR);
6159 Handle<Object> value = JSReceiver::GetDataProperty(&it);
6160 if (it.IsFound() && it.IsReadOnly() && !it.IsConfigurable()) {
6161 return New<HConstant>(value);
6166 HObjectAccess access = info->access();
6167 if (access.representation().IsDouble() &&
6168 (!FLAG_unbox_double_fields || !access.IsInobject())) {
6169 // Load the heap number.
6170 checked_object = Add<HLoadNamedField>(
6171 checked_object, nullptr,
6172 access.WithRepresentation(Representation::Tagged()));
6173 // Load the double value from it.
6174 access = HObjectAccess::ForHeapNumberValue();
6177 SmallMapList* map_list = info->field_maps();
6178 if (map_list->length() == 0) {
6179 return New<HLoadNamedField>(checked_object, checked_object, access);
6182 UniqueSet<Map>* maps = new(zone()) UniqueSet<Map>(map_list->length(), zone());
6183 for (int i = 0; i < map_list->length(); ++i) {
6184 maps->Add(Unique<Map>::CreateImmovable(map_list->at(i)), zone());
6186 return New<HLoadNamedField>(
6187 checked_object, checked_object, access, maps, info->field_type());
6191 HInstruction* HOptimizedGraphBuilder::BuildStoreNamedField(
6192 PropertyAccessInfo* info,
6193 HValue* checked_object,
6195 bool transition_to_field = info->IsTransition();
6196 // TODO(verwaest): Move this logic into PropertyAccessInfo.
6197 HObjectAccess field_access = info->access();
6199 HStoreNamedField *instr;
6200 if (field_access.representation().IsDouble() &&
6201 (!FLAG_unbox_double_fields || !field_access.IsInobject())) {
6202 HObjectAccess heap_number_access =
6203 field_access.WithRepresentation(Representation::Tagged());
6204 if (transition_to_field) {
6205 // The store requires a mutable HeapNumber to be allocated.
6206 NoObservableSideEffectsScope no_side_effects(this);
6207 HInstruction* heap_number_size = Add<HConstant>(HeapNumber::kSize);
6209 // TODO(hpayer): Allocation site pretenuring support.
6210 HInstruction* heap_number = Add<HAllocate>(heap_number_size,
6211 HType::HeapObject(),
6213 MUTABLE_HEAP_NUMBER_TYPE);
6214 AddStoreMapConstant(
6215 heap_number, isolate()->factory()->mutable_heap_number_map());
6216 Add<HStoreNamedField>(heap_number, HObjectAccess::ForHeapNumberValue(),
6218 instr = New<HStoreNamedField>(checked_object->ActualValue(),
6222 // Already holds a HeapNumber; load the box and write its value field.
6223 HInstruction* heap_number =
6224 Add<HLoadNamedField>(checked_object, nullptr, heap_number_access);
6225 instr = New<HStoreNamedField>(heap_number,
6226 HObjectAccess::ForHeapNumberValue(),
6227 value, STORE_TO_INITIALIZED_ENTRY);
6230 if (field_access.representation().IsHeapObject()) {
6231 BuildCheckHeapObject(value);
6234 if (!info->field_maps()->is_empty()) {
6235 DCHECK(field_access.representation().IsHeapObject());
6236 value = Add<HCheckMaps>(value, info->field_maps());
6239 // This is a normal store.
6240 instr = New<HStoreNamedField>(
6241 checked_object->ActualValue(), field_access, value,
6242 transition_to_field ? INITIALIZING_STORE : STORE_TO_INITIALIZED_ENTRY);
6245 if (transition_to_field) {
6246 Handle<Map> transition(info->transition());
6247 DCHECK(!transition->is_deprecated());
6248 instr->SetTransition(Add<HConstant>(transition));
6254 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsCompatible(
6255 PropertyAccessInfo* info) {
6256 if (!CanInlinePropertyAccess(map_)) return false;
6258 // Currently only handle Type::Number as a polymorphic case.
6259 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6261 if (IsNumberType()) return false;
6263 // Values are only compatible for monomorphic load if they all behave the same
6264 // regarding value wrappers.
6265 if (IsValueWrapped() != info->IsValueWrapped()) return false;
6267 if (!LookupDescriptor()) return false;
6270 return (!info->IsFound() || info->has_holder()) &&
6271 map()->prototype() == info->map()->prototype();
6274 // Mismatch if the other access info found the property in the prototype
6276 if (info->has_holder()) return false;
6278 if (IsAccessorConstant()) {
6279 return accessor_.is_identical_to(info->accessor_) &&
6280 api_holder_.is_identical_to(info->api_holder_);
6283 if (IsDataConstant()) {
6284 return constant_.is_identical_to(info->constant_);
6288 if (!info->IsData()) return false;
6290 Representation r = access_.representation();
6292 if (!info->access_.representation().IsCompatibleForLoad(r)) return false;
6294 if (!info->access_.representation().IsCompatibleForStore(r)) return false;
6296 if (info->access_.offset() != access_.offset()) return false;
6297 if (info->access_.IsInobject() != access_.IsInobject()) return false;
6299 if (field_maps_.is_empty()) {
6300 info->field_maps_.Clear();
6301 } else if (!info->field_maps_.is_empty()) {
6302 for (int i = 0; i < field_maps_.length(); ++i) {
6303 info->field_maps_.AddMapIfMissing(field_maps_.at(i), info->zone());
6305 info->field_maps_.Sort();
6308 // We can only merge stores that agree on their field maps. The comparison
6309 // below is safe, since we keep the field maps sorted.
6310 if (field_maps_.length() != info->field_maps_.length()) return false;
6311 for (int i = 0; i < field_maps_.length(); ++i) {
6312 if (!field_maps_.at(i).is_identical_to(info->field_maps_.at(i))) {
6317 info->GeneralizeRepresentation(r);
6318 info->field_type_ = info->field_type_.Combine(field_type_);
6323 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupDescriptor() {
6324 if (!map_->IsJSObjectMap()) return true;
6325 LookupDescriptor(*map_, *name_);
6326 return LoadResult(map_);
6330 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadResult(Handle<Map> map) {
6331 if (!IsLoad() && IsProperty() && IsReadOnly()) {
6336 // Construct the object field access.
6337 int index = GetLocalFieldIndexFromMap(map);
6338 access_ = HObjectAccess::ForField(map, index, representation(), name_);
6340 // Load field map for heap objects.
6341 return LoadFieldMaps(map);
6342 } else if (IsAccessorConstant()) {
6343 Handle<Object> accessors = GetAccessorsFromMap(map);
6344 if (!accessors->IsAccessorPair()) return false;
6345 Object* raw_accessor =
6346 IsLoad() ? Handle<AccessorPair>::cast(accessors)->getter()
6347 : Handle<AccessorPair>::cast(accessors)->setter();
6348 if (!raw_accessor->IsJSFunction()) return false;
6349 Handle<JSFunction> accessor = handle(JSFunction::cast(raw_accessor));
6350 if (accessor->shared()->IsApiFunction()) {
6351 CallOptimization call_optimization(accessor);
6352 if (call_optimization.is_simple_api_call()) {
6353 CallOptimization::HolderLookup holder_lookup;
6355 call_optimization.LookupHolderOfExpectedType(map_, &holder_lookup);
6358 accessor_ = accessor;
6359 } else if (IsDataConstant()) {
6360 constant_ = GetConstantFromMap(map);
6367 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadFieldMaps(
6369 // Clear any previously collected field maps/type.
6370 field_maps_.Clear();
6371 field_type_ = HType::Tagged();
6373 // Figure out the field type from the accessor map.
6374 Handle<HeapType> field_type = GetFieldTypeFromMap(map);
6376 // Collect the (stable) maps from the field type.
6377 int num_field_maps = field_type->NumClasses();
6378 if (num_field_maps > 0) {
6379 DCHECK(access_.representation().IsHeapObject());
6380 field_maps_.Reserve(num_field_maps, zone());
6381 HeapType::Iterator<Map> it = field_type->Classes();
6382 while (!it.Done()) {
6383 Handle<Map> field_map = it.Current();
6384 if (!field_map->is_stable()) {
6385 field_maps_.Clear();
6388 field_maps_.Add(field_map, zone());
6393 if (field_maps_.is_empty()) {
6394 // Store is not safe if the field map was cleared.
6395 return IsLoad() || !field_type->Is(HeapType::None());
6399 DCHECK_EQ(num_field_maps, field_maps_.length());
6401 // Determine field HType from field HeapType.
6402 field_type_ = HType::FromType<HeapType>(field_type);
6403 DCHECK(field_type_.IsHeapObject());
6405 // Add dependency on the map that introduced the field.
6406 top_info()->dependencies()->AssumeFieldType(GetFieldOwnerFromMap(map));
6411 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupInPrototypes() {
6412 Handle<Map> map = this->map();
6414 while (map->prototype()->IsJSObject()) {
6415 holder_ = handle(JSObject::cast(map->prototype()));
6416 if (holder_->map()->is_deprecated()) {
6417 JSObject::TryMigrateInstance(holder_);
6419 map = Handle<Map>(holder_->map());
6420 if (!CanInlinePropertyAccess(map)) {
6424 LookupDescriptor(*map, *name_);
6425 if (IsFound()) return LoadResult(map);
6429 return !map->prototype()->IsJSReceiver();
6433 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsIntegerIndexedExotic() {
6434 InstanceType instance_type = map_->instance_type();
6435 return instance_type == JS_TYPED_ARRAY_TYPE &&
6436 IsSpecialIndex(isolate()->unicode_cache(), *name_);
6440 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessMonomorphic() {
6441 if (!CanInlinePropertyAccess(map_)) return false;
6442 if (IsJSObjectFieldAccessor()) return IsLoad();
6443 if (IsJSArrayBufferViewFieldAccessor()) return IsLoad();
6444 if (map_->function_with_prototype() && !map_->has_non_instance_prototype() &&
6445 name_.is_identical_to(isolate()->factory()->prototype_string())) {
6448 if (!LookupDescriptor()) return false;
6449 if (IsFound()) return IsLoad() || !IsReadOnly();
6450 if (IsIntegerIndexedExotic()) return false;
6451 if (!LookupInPrototypes()) return false;
6452 if (IsLoad()) return true;
6454 if (IsAccessorConstant()) return true;
6455 LookupTransition(*map_, *name_, NONE);
6456 if (IsTransitionToData() && map_->unused_property_fields() > 0) {
6457 // Construct the object field access.
6458 int descriptor = transition()->LastAdded();
6460 transition()->instance_descriptors()->GetFieldIndex(descriptor) -
6461 map_->inobject_properties();
6462 PropertyDetails details =
6463 transition()->instance_descriptors()->GetDetails(descriptor);
6464 Representation representation = details.representation();
6465 access_ = HObjectAccess::ForField(map_, index, representation, name_);
6467 // Load field map for heap objects.
6468 return LoadFieldMaps(transition());
6474 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessAsMonomorphic(
6475 SmallMapList* maps) {
6476 DCHECK(map_.is_identical_to(maps->first()));
6477 if (!CanAccessMonomorphic()) return false;
6478 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6479 if (maps->length() > kMaxLoadPolymorphism) return false;
6480 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6481 if (GetJSObjectFieldAccess(&access)) {
6482 for (int i = 1; i < maps->length(); ++i) {
6483 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6484 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6485 if (!test_info.GetJSObjectFieldAccess(&test_access)) return false;
6486 if (!access.Equals(test_access)) return false;
6490 if (GetJSArrayBufferViewFieldAccess(&access)) {
6491 for (int i = 1; i < maps->length(); ++i) {
6492 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6493 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6494 if (!test_info.GetJSArrayBufferViewFieldAccess(&test_access)) {
6497 if (!access.Equals(test_access)) return false;
6502 // Currently only handle numbers as a polymorphic case.
6503 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6505 if (IsNumberType()) return false;
6507 // Multiple maps cannot transition to the same target map.
6508 DCHECK(!IsLoad() || !IsTransition());
6509 if (IsTransition() && maps->length() > 1) return false;
6511 for (int i = 1; i < maps->length(); ++i) {
6512 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6513 if (!test_info.IsCompatible(this)) return false;
6520 Handle<Map> HOptimizedGraphBuilder::PropertyAccessInfo::map() {
6521 JSFunction* ctor = IC::GetRootConstructor(
6522 *map_, current_info()->closure()->context()->native_context());
6523 if (ctor != NULL) return handle(ctor->initial_map());
6528 static bool NeedsWrapping(Handle<Map> map, Handle<JSFunction> target) {
6529 return !map->IsJSObjectMap() &&
6530 is_sloppy(target->shared()->language_mode()) &&
6531 !target->shared()->native();
6535 bool HOptimizedGraphBuilder::PropertyAccessInfo::NeedsWrappingFor(
6536 Handle<JSFunction> target) const {
6537 return NeedsWrapping(map_, target);
6541 HValue* HOptimizedGraphBuilder::BuildMonomorphicAccess(
6542 PropertyAccessInfo* info, HValue* object, HValue* checked_object,
6543 HValue* value, BailoutId ast_id, BailoutId return_id,
6544 bool can_inline_accessor) {
6545 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6546 if (info->GetJSObjectFieldAccess(&access)) {
6547 DCHECK(info->IsLoad());
6548 return New<HLoadNamedField>(object, checked_object, access);
6551 if (info->GetJSArrayBufferViewFieldAccess(&access)) {
6552 DCHECK(info->IsLoad());
6553 checked_object = Add<HCheckArrayBufferNotNeutered>(checked_object);
6554 return New<HLoadNamedField>(object, checked_object, access);
6557 if (info->name().is_identical_to(isolate()->factory()->prototype_string()) &&
6558 info->map()->function_with_prototype()) {
6559 DCHECK(!info->map()->has_non_instance_prototype());
6560 return New<HLoadFunctionPrototype>(checked_object);
6563 HValue* checked_holder = checked_object;
6564 if (info->has_holder()) {
6565 Handle<JSObject> prototype(JSObject::cast(info->map()->prototype()));
6566 checked_holder = BuildCheckPrototypeMaps(prototype, info->holder());
6569 if (!info->IsFound()) {
6570 DCHECK(info->IsLoad());
6571 if (is_strong(function_language_mode())) {
6572 return New<HCallRuntime>(
6573 isolate()->factory()->empty_string(),
6574 Runtime::FunctionForId(Runtime::kThrowStrongModeImplicitConversion),
6577 return graph()->GetConstantUndefined();
6581 if (info->IsData()) {
6582 if (info->IsLoad()) {
6583 return BuildLoadNamedField(info, checked_holder);
6585 return BuildStoreNamedField(info, checked_object, value);
6589 if (info->IsTransition()) {
6590 DCHECK(!info->IsLoad());
6591 return BuildStoreNamedField(info, checked_object, value);
6594 if (info->IsAccessorConstant()) {
6595 Push(checked_object);
6596 int argument_count = 1;
6597 if (!info->IsLoad()) {
6602 if (info->NeedsWrappingFor(info->accessor())) {
6603 HValue* function = Add<HConstant>(info->accessor());
6604 PushArgumentsFromEnvironment(argument_count);
6605 return New<HCallFunction>(function, argument_count, WRAP_AND_CALL);
6606 } else if (FLAG_inline_accessors && can_inline_accessor) {
6607 bool success = info->IsLoad()
6608 ? TryInlineGetter(info->accessor(), info->map(), ast_id, return_id)
6610 info->accessor(), info->map(), ast_id, return_id, value);
6611 if (success || HasStackOverflow()) return NULL;
6614 PushArgumentsFromEnvironment(argument_count);
6615 return BuildCallConstantFunction(info->accessor(), argument_count);
6618 DCHECK(info->IsDataConstant());
6619 if (info->IsLoad()) {
6620 return New<HConstant>(info->constant());
6622 return New<HCheckValue>(value, Handle<JSFunction>::cast(info->constant()));
6627 void HOptimizedGraphBuilder::HandlePolymorphicNamedFieldAccess(
6628 PropertyAccessType access_type, Expression* expr, FeedbackVectorICSlot slot,
6629 BailoutId ast_id, BailoutId return_id, HValue* object, HValue* value,
6630 SmallMapList* maps, Handle<String> name) {
6631 // Something did not match; must use a polymorphic load.
6633 HBasicBlock* join = NULL;
6634 HBasicBlock* number_block = NULL;
6635 bool handled_string = false;
6637 bool handle_smi = false;
6638 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6640 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6641 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6642 if (info.IsStringType()) {
6643 if (handled_string) continue;
6644 handled_string = true;
6646 if (info.CanAccessMonomorphic()) {
6648 if (info.IsNumberType()) {
6655 if (i < maps->length()) {
6661 HControlInstruction* smi_check = NULL;
6662 handled_string = false;
6664 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6665 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6666 if (info.IsStringType()) {
6667 if (handled_string) continue;
6668 handled_string = true;
6670 if (!info.CanAccessMonomorphic()) continue;
6673 join = graph()->CreateBasicBlock();
6675 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
6676 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
6677 number_block = graph()->CreateBasicBlock();
6678 smi_check = New<HIsSmiAndBranch>(
6679 object, empty_smi_block, not_smi_block);
6680 FinishCurrentBlock(smi_check);
6681 GotoNoSimulate(empty_smi_block, number_block);
6682 set_current_block(not_smi_block);
6684 BuildCheckHeapObject(object);
6688 HBasicBlock* if_true = graph()->CreateBasicBlock();
6689 HBasicBlock* if_false = graph()->CreateBasicBlock();
6690 HUnaryControlInstruction* compare;
6693 if (info.IsNumberType()) {
6694 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
6695 compare = New<HCompareMap>(object, heap_number_map, if_true, if_false);
6696 dependency = smi_check;
6697 } else if (info.IsStringType()) {
6698 compare = New<HIsStringAndBranch>(object, if_true, if_false);
6699 dependency = compare;
6701 compare = New<HCompareMap>(object, info.map(), if_true, if_false);
6702 dependency = compare;
6704 FinishCurrentBlock(compare);
6706 if (info.IsNumberType()) {
6707 GotoNoSimulate(if_true, number_block);
6708 if_true = number_block;
6711 set_current_block(if_true);
6714 BuildMonomorphicAccess(&info, object, dependency, value, ast_id,
6715 return_id, FLAG_polymorphic_inlining);
6717 HValue* result = NULL;
6718 switch (access_type) {
6727 if (access == NULL) {
6728 if (HasStackOverflow()) return;
6730 if (access->IsInstruction()) {
6731 HInstruction* instr = HInstruction::cast(access);
6732 if (!instr->IsLinked()) AddInstruction(instr);
6734 if (!ast_context()->IsEffect()) Push(result);
6737 if (current_block() != NULL) Goto(join);
6738 set_current_block(if_false);
6741 // Finish up. Unconditionally deoptimize if we've handled all the maps we
6742 // know about and do not want to handle ones we've never seen. Otherwise
6743 // use a generic IC.
6744 if (count == maps->length() && FLAG_deoptimize_uncommon_cases) {
6745 FinishExitWithHardDeoptimization(
6746 Deoptimizer::kUnknownMapInPolymorphicAccess);
6748 HInstruction* instr =
6749 BuildNamedGeneric(access_type, expr, slot, object, name, value);
6750 AddInstruction(instr);
6751 if (!ast_context()->IsEffect()) Push(access_type == LOAD ? instr : value);
6756 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6757 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6762 DCHECK(join != NULL);
6763 if (join->HasPredecessor()) {
6764 join->SetJoinId(ast_id);
6765 set_current_block(join);
6766 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6768 set_current_block(NULL);
6773 static bool ComputeReceiverTypes(Expression* expr,
6777 SmallMapList* maps = expr->GetReceiverTypes();
6779 bool monomorphic = expr->IsMonomorphic();
6780 if (maps != NULL && receiver->HasMonomorphicJSObjectType()) {
6781 Map* root_map = receiver->GetMonomorphicJSObjectMap()->FindRootMap();
6782 maps->FilterForPossibleTransitions(root_map);
6783 monomorphic = maps->length() == 1;
6785 return monomorphic && CanInlinePropertyAccess(maps->first());
6789 static bool AreStringTypes(SmallMapList* maps) {
6790 for (int i = 0; i < maps->length(); i++) {
6791 if (maps->at(i)->instance_type() >= FIRST_NONSTRING_TYPE) return false;
6797 void HOptimizedGraphBuilder::BuildStore(Expression* expr, Property* prop,
6798 FeedbackVectorICSlot slot,
6799 BailoutId ast_id, BailoutId return_id,
6800 bool is_uninitialized) {
6801 if (!prop->key()->IsPropertyName()) {
6803 HValue* value = Pop();
6804 HValue* key = Pop();
6805 HValue* object = Pop();
6806 bool has_side_effects = false;
6808 HandleKeyedElementAccess(object, key, value, expr, slot, ast_id,
6809 return_id, STORE, &has_side_effects);
6810 if (has_side_effects) {
6811 if (!ast_context()->IsEffect()) Push(value);
6812 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6813 if (!ast_context()->IsEffect()) Drop(1);
6815 if (result == NULL) return;
6816 return ast_context()->ReturnValue(value);
6820 HValue* value = Pop();
6821 HValue* object = Pop();
6823 Literal* key = prop->key()->AsLiteral();
6824 Handle<String> name = Handle<String>::cast(key->value());
6825 DCHECK(!name.is_null());
6827 HValue* access = BuildNamedAccess(STORE, ast_id, return_id, expr, slot,
6828 object, name, value, is_uninitialized);
6829 if (access == NULL) return;
6831 if (!ast_context()->IsEffect()) Push(value);
6832 if (access->IsInstruction()) AddInstruction(HInstruction::cast(access));
6833 if (access->HasObservableSideEffects()) {
6834 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6836 if (!ast_context()->IsEffect()) Drop(1);
6837 return ast_context()->ReturnValue(value);
6841 void HOptimizedGraphBuilder::HandlePropertyAssignment(Assignment* expr) {
6842 Property* prop = expr->target()->AsProperty();
6843 DCHECK(prop != NULL);
6844 CHECK_ALIVE(VisitForValue(prop->obj()));
6845 if (!prop->key()->IsPropertyName()) {
6846 CHECK_ALIVE(VisitForValue(prop->key()));
6848 CHECK_ALIVE(VisitForValue(expr->value()));
6849 BuildStore(expr, prop, expr->AssignmentSlot(), expr->id(),
6850 expr->AssignmentId(), expr->IsUninitialized());
6854 // Because not every expression has a position and there is not common
6855 // superclass of Assignment and CountOperation, we cannot just pass the
6856 // owning expression instead of position and ast_id separately.
6857 void HOptimizedGraphBuilder::HandleGlobalVariableAssignment(
6858 Variable* var, HValue* value, FeedbackVectorICSlot ic_slot,
6860 Handle<GlobalObject> global(current_info()->global_object());
6862 // Lookup in script contexts.
6864 Handle<ScriptContextTable> script_contexts(
6865 global->native_context()->script_context_table());
6866 ScriptContextTable::LookupResult lookup;
6867 if (ScriptContextTable::Lookup(script_contexts, var->name(), &lookup)) {
6868 if (lookup.mode == CONST) {
6869 return Bailout(kNonInitializerAssignmentToConst);
6871 Handle<Context> script_context =
6872 ScriptContextTable::GetContext(script_contexts, lookup.context_index);
6874 Handle<Object> current_value =
6875 FixedArray::get(script_context, lookup.slot_index);
6877 // If the values is not the hole, it will stay initialized,
6878 // so no need to generate a check.
6879 if (*current_value == *isolate()->factory()->the_hole_value()) {
6880 return Bailout(kReferenceToUninitializedVariable);
6883 HStoreNamedField* instr = Add<HStoreNamedField>(
6884 Add<HConstant>(script_context),
6885 HObjectAccess::ForContextSlot(lookup.slot_index), value);
6887 DCHECK(instr->HasObservableSideEffects());
6888 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6893 LookupIterator it(global, var->name(), LookupIterator::OWN);
6894 GlobalPropertyAccess type = LookupGlobalProperty(var, &it, STORE);
6895 if (type == kUseCell) {
6896 Handle<PropertyCell> cell = it.GetPropertyCell();
6897 top_info()->dependencies()->AssumePropertyCell(cell);
6898 auto cell_type = it.property_details().cell_type();
6899 if (cell_type == PropertyCellType::kConstant ||
6900 cell_type == PropertyCellType::kUndefined) {
6901 Handle<Object> constant(cell->value(), isolate());
6902 if (value->IsConstant()) {
6903 HConstant* c_value = HConstant::cast(value);
6904 if (!constant.is_identical_to(c_value->handle(isolate()))) {
6905 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6906 Deoptimizer::EAGER);
6909 HValue* c_constant = Add<HConstant>(constant);
6910 IfBuilder builder(this);
6911 if (constant->IsNumber()) {
6912 builder.If<HCompareNumericAndBranch>(value, c_constant, Token::EQ);
6914 builder.If<HCompareObjectEqAndBranch>(value, c_constant);
6918 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6919 Deoptimizer::EAGER);
6923 HConstant* cell_constant = Add<HConstant>(cell);
6924 auto access = HObjectAccess::ForPropertyCellValue();
6925 if (cell_type == PropertyCellType::kConstantType) {
6926 switch (cell->GetConstantType()) {
6927 case PropertyCellConstantType::kSmi:
6928 access = access.WithRepresentation(Representation::Smi());
6930 case PropertyCellConstantType::kStableMap: {
6931 // The map may no longer be stable, deopt if it's ever different from
6932 // what is currently there, which will allow for restablization.
6933 Handle<Map> map(HeapObject::cast(cell->value())->map());
6934 Add<HCheckHeapObject>(value);
6935 value = Add<HCheckMaps>(value, map);
6936 access = access.WithRepresentation(Representation::HeapObject());
6941 HInstruction* instr = Add<HStoreNamedField>(cell_constant, access, value);
6942 instr->ClearChangesFlag(kInobjectFields);
6943 instr->SetChangesFlag(kGlobalVars);
6944 if (instr->HasObservableSideEffects()) {
6945 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6947 } else if (var->IsGlobalSlot()) {
6948 DCHECK(var->index() > 0);
6949 DCHECK(var->IsStaticGlobalObjectProperty());
6950 int slot_index = var->index();
6951 int depth = scope()->ContextChainLength(var->scope());
6953 HStoreGlobalViaContext* instr = Add<HStoreGlobalViaContext>(
6954 value, depth, slot_index, function_language_mode());
6956 DCHECK(instr->HasObservableSideEffects());
6957 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6960 HValue* global_object = Add<HLoadNamedField>(
6962 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
6963 HStoreNamedGeneric* instr =
6964 Add<HStoreNamedGeneric>(global_object, var->name(), value,
6965 function_language_mode(), PREMONOMORPHIC);
6966 if (FLAG_vector_stores) {
6967 Handle<TypeFeedbackVector> vector =
6968 handle(current_feedback_vector(), isolate());
6969 instr->SetVectorAndSlot(vector, ic_slot);
6972 DCHECK(instr->HasObservableSideEffects());
6973 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6978 void HOptimizedGraphBuilder::HandleCompoundAssignment(Assignment* expr) {
6979 Expression* target = expr->target();
6980 VariableProxy* proxy = target->AsVariableProxy();
6981 Property* prop = target->AsProperty();
6982 DCHECK(proxy == NULL || prop == NULL);
6984 // We have a second position recorded in the FullCodeGenerator to have
6985 // type feedback for the binary operation.
6986 BinaryOperation* operation = expr->binary_operation();
6988 if (proxy != NULL) {
6989 Variable* var = proxy->var();
6990 if (var->mode() == LET) {
6991 return Bailout(kUnsupportedLetCompoundAssignment);
6994 CHECK_ALIVE(VisitForValue(operation));
6996 switch (var->location()) {
6997 case VariableLocation::GLOBAL:
6998 case VariableLocation::UNALLOCATED:
6999 HandleGlobalVariableAssignment(var, Top(), expr->AssignmentSlot(),
7000 expr->AssignmentId());
7003 case VariableLocation::PARAMETER:
7004 case VariableLocation::LOCAL:
7005 if (var->mode() == CONST_LEGACY) {
7006 return Bailout(kUnsupportedConstCompoundAssignment);
7008 if (var->mode() == CONST) {
7009 return Bailout(kNonInitializerAssignmentToConst);
7011 BindIfLive(var, Top());
7014 case VariableLocation::CONTEXT: {
7015 // Bail out if we try to mutate a parameter value in a function
7016 // using the arguments object. We do not (yet) correctly handle the
7017 // arguments property of the function.
7018 if (current_info()->scope()->arguments() != NULL) {
7019 // Parameters will be allocated to context slots. We have no
7020 // direct way to detect that the variable is a parameter so we do
7021 // a linear search of the parameter variables.
7022 int count = current_info()->scope()->num_parameters();
7023 for (int i = 0; i < count; ++i) {
7024 if (var == current_info()->scope()->parameter(i)) {
7025 Bailout(kAssignmentToParameterFunctionUsesArgumentsObject);
7030 HStoreContextSlot::Mode mode;
7032 switch (var->mode()) {
7034 mode = HStoreContextSlot::kCheckDeoptimize;
7037 return Bailout(kNonInitializerAssignmentToConst);
7039 return ast_context()->ReturnValue(Pop());
7041 mode = HStoreContextSlot::kNoCheck;
7044 HValue* context = BuildContextChainWalk(var);
7045 HStoreContextSlot* instr = Add<HStoreContextSlot>(
7046 context, var->index(), mode, Top());
7047 if (instr->HasObservableSideEffects()) {
7048 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
7053 case VariableLocation::LOOKUP:
7054 return Bailout(kCompoundAssignmentToLookupSlot);
7056 return ast_context()->ReturnValue(Pop());
7058 } else if (prop != NULL) {
7059 CHECK_ALIVE(VisitForValue(prop->obj()));
7060 HValue* object = Top();
7062 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
7063 CHECK_ALIVE(VisitForValue(prop->key()));
7067 CHECK_ALIVE(PushLoad(prop, object, key));
7069 CHECK_ALIVE(VisitForValue(expr->value()));
7070 HValue* right = Pop();
7071 HValue* left = Pop();
7073 Push(BuildBinaryOperation(operation, left, right, PUSH_BEFORE_SIMULATE));
7075 BuildStore(expr, prop, expr->AssignmentSlot(), expr->id(),
7076 expr->AssignmentId(), expr->IsUninitialized());
7078 return Bailout(kInvalidLhsInCompoundAssignment);
7083 void HOptimizedGraphBuilder::VisitAssignment(Assignment* expr) {
7084 DCHECK(!HasStackOverflow());
7085 DCHECK(current_block() != NULL);
7086 DCHECK(current_block()->HasPredecessor());
7087 VariableProxy* proxy = expr->target()->AsVariableProxy();
7088 Property* prop = expr->target()->AsProperty();
7089 DCHECK(proxy == NULL || prop == NULL);
7091 if (expr->is_compound()) {
7092 HandleCompoundAssignment(expr);
7097 HandlePropertyAssignment(expr);
7098 } else if (proxy != NULL) {
7099 Variable* var = proxy->var();
7101 if (var->mode() == CONST) {
7102 if (expr->op() != Token::INIT_CONST) {
7103 return Bailout(kNonInitializerAssignmentToConst);
7105 } else if (var->mode() == CONST_LEGACY) {
7106 if (expr->op() != Token::INIT_CONST_LEGACY) {
7107 CHECK_ALIVE(VisitForValue(expr->value()));
7108 return ast_context()->ReturnValue(Pop());
7111 if (var->IsStackAllocated()) {
7112 // We insert a use of the old value to detect unsupported uses of const
7113 // variables (e.g. initialization inside a loop).
7114 HValue* old_value = environment()->Lookup(var);
7115 Add<HUseConst>(old_value);
7119 if (proxy->IsArguments()) return Bailout(kAssignmentToArguments);
7121 // Handle the assignment.
7122 switch (var->location()) {
7123 case VariableLocation::GLOBAL:
7124 case VariableLocation::UNALLOCATED:
7125 CHECK_ALIVE(VisitForValue(expr->value()));
7126 HandleGlobalVariableAssignment(var, Top(), expr->AssignmentSlot(),
7127 expr->AssignmentId());
7128 return ast_context()->ReturnValue(Pop());
7130 case VariableLocation::PARAMETER:
7131 case VariableLocation::LOCAL: {
7132 // Perform an initialization check for let declared variables
7134 if (var->mode() == LET && expr->op() == Token::ASSIGN) {
7135 HValue* env_value = environment()->Lookup(var);
7136 if (env_value == graph()->GetConstantHole()) {
7137 return Bailout(kAssignmentToLetVariableBeforeInitialization);
7140 // We do not allow the arguments object to occur in a context where it
7141 // may escape, but assignments to stack-allocated locals are
7143 CHECK_ALIVE(VisitForValue(expr->value(), ARGUMENTS_ALLOWED));
7144 HValue* value = Pop();
7145 BindIfLive(var, value);
7146 return ast_context()->ReturnValue(value);
7149 case VariableLocation::CONTEXT: {
7150 // Bail out if we try to mutate a parameter value in a function using
7151 // the arguments object. We do not (yet) correctly handle the
7152 // arguments property of the function.
7153 if (current_info()->scope()->arguments() != NULL) {
7154 // Parameters will rewrite to context slots. We have no direct way
7155 // to detect that the variable is a parameter.
7156 int count = current_info()->scope()->num_parameters();
7157 for (int i = 0; i < count; ++i) {
7158 if (var == current_info()->scope()->parameter(i)) {
7159 return Bailout(kAssignmentToParameterInArgumentsObject);
7164 CHECK_ALIVE(VisitForValue(expr->value()));
7165 HStoreContextSlot::Mode mode;
7166 if (expr->op() == Token::ASSIGN) {
7167 switch (var->mode()) {
7169 mode = HStoreContextSlot::kCheckDeoptimize;
7172 // This case is checked statically so no need to
7173 // perform checks here
7176 return ast_context()->ReturnValue(Pop());
7178 mode = HStoreContextSlot::kNoCheck;
7180 } else if (expr->op() == Token::INIT_VAR ||
7181 expr->op() == Token::INIT_LET ||
7182 expr->op() == Token::INIT_CONST) {
7183 mode = HStoreContextSlot::kNoCheck;
7185 DCHECK(expr->op() == Token::INIT_CONST_LEGACY);
7187 mode = HStoreContextSlot::kCheckIgnoreAssignment;
7190 HValue* context = BuildContextChainWalk(var);
7191 HStoreContextSlot* instr = Add<HStoreContextSlot>(
7192 context, var->index(), mode, Top());
7193 if (instr->HasObservableSideEffects()) {
7194 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
7196 return ast_context()->ReturnValue(Pop());
7199 case VariableLocation::LOOKUP:
7200 return Bailout(kAssignmentToLOOKUPVariable);
7203 return Bailout(kInvalidLeftHandSideInAssignment);
7208 void HOptimizedGraphBuilder::VisitYield(Yield* expr) {
7209 // Generators are not optimized, so we should never get here.
7214 void HOptimizedGraphBuilder::VisitThrow(Throw* expr) {
7215 DCHECK(!HasStackOverflow());
7216 DCHECK(current_block() != NULL);
7217 DCHECK(current_block()->HasPredecessor());
7218 if (!ast_context()->IsEffect()) {
7219 // The parser turns invalid left-hand sides in assignments into throw
7220 // statements, which may not be in effect contexts. We might still try
7221 // to optimize such functions; bail out now if we do.
7222 return Bailout(kInvalidLeftHandSideInAssignment);
7224 CHECK_ALIVE(VisitForValue(expr->exception()));
7226 HValue* value = environment()->Pop();
7227 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
7228 Add<HPushArguments>(value);
7229 Add<HCallRuntime>(isolate()->factory()->empty_string(),
7230 Runtime::FunctionForId(Runtime::kThrow), 1);
7231 Add<HSimulate>(expr->id());
7233 // If the throw definitely exits the function, we can finish with a dummy
7234 // control flow at this point. This is not the case if the throw is inside
7235 // an inlined function which may be replaced.
7236 if (call_context() == NULL) {
7237 FinishExitCurrentBlock(New<HAbnormalExit>());
7242 HInstruction* HGraphBuilder::AddLoadStringInstanceType(HValue* string) {
7243 if (string->IsConstant()) {
7244 HConstant* c_string = HConstant::cast(string);
7245 if (c_string->HasStringValue()) {
7246 return Add<HConstant>(c_string->StringValue()->map()->instance_type());
7249 return Add<HLoadNamedField>(
7250 Add<HLoadNamedField>(string, nullptr, HObjectAccess::ForMap()), nullptr,
7251 HObjectAccess::ForMapInstanceType());
7255 HInstruction* HGraphBuilder::AddLoadStringLength(HValue* string) {
7256 return AddInstruction(BuildLoadStringLength(string));
7260 HInstruction* HGraphBuilder::BuildLoadStringLength(HValue* string) {
7261 if (string->IsConstant()) {
7262 HConstant* c_string = HConstant::cast(string);
7263 if (c_string->HasStringValue()) {
7264 return New<HConstant>(c_string->StringValue()->length());
7267 return New<HLoadNamedField>(string, nullptr,
7268 HObjectAccess::ForStringLength());
7272 HInstruction* HOptimizedGraphBuilder::BuildNamedGeneric(
7273 PropertyAccessType access_type, Expression* expr, FeedbackVectorICSlot slot,
7274 HValue* object, Handle<Name> name, HValue* value, bool is_uninitialized) {
7275 if (is_uninitialized) {
7277 Deoptimizer::kInsufficientTypeFeedbackForGenericNamedAccess,
7280 if (access_type == LOAD) {
7281 Handle<TypeFeedbackVector> vector =
7282 handle(current_feedback_vector(), isolate());
7284 if (!expr->AsProperty()->key()->IsPropertyName()) {
7285 // It's possible that a keyed load of a constant string was converted
7286 // to a named load. Here, at the last minute, we need to make sure to
7287 // use a generic Keyed Load if we are using the type vector, because
7288 // it has to share information with full code.
7289 HConstant* key = Add<HConstant>(name);
7290 HLoadKeyedGeneric* result = New<HLoadKeyedGeneric>(
7291 object, key, function_language_mode(), PREMONOMORPHIC);
7292 result->SetVectorAndSlot(vector, slot);
7296 HLoadNamedGeneric* result = New<HLoadNamedGeneric>(
7297 object, name, function_language_mode(), PREMONOMORPHIC);
7298 result->SetVectorAndSlot(vector, slot);
7301 if (FLAG_vector_stores &&
7302 current_feedback_vector()->GetKind(slot) == Code::KEYED_STORE_IC) {
7303 // It's possible that a keyed store of a constant string was converted
7304 // to a named store. Here, at the last minute, we need to make sure to
7305 // use a generic Keyed Store if we are using the type vector, because
7306 // it has to share information with full code.
7307 HConstant* key = Add<HConstant>(name);
7308 HStoreKeyedGeneric* result = New<HStoreKeyedGeneric>(
7309 object, key, value, function_language_mode(), PREMONOMORPHIC);
7310 Handle<TypeFeedbackVector> vector =
7311 handle(current_feedback_vector(), isolate());
7312 result->SetVectorAndSlot(vector, slot);
7316 HStoreNamedGeneric* result = New<HStoreNamedGeneric>(
7317 object, name, value, function_language_mode(), PREMONOMORPHIC);
7318 if (FLAG_vector_stores) {
7319 Handle<TypeFeedbackVector> vector =
7320 handle(current_feedback_vector(), isolate());
7321 result->SetVectorAndSlot(vector, slot);
7328 HInstruction* HOptimizedGraphBuilder::BuildKeyedGeneric(
7329 PropertyAccessType access_type, Expression* expr, FeedbackVectorICSlot slot,
7330 HValue* object, HValue* key, HValue* value) {
7331 if (access_type == LOAD) {
7332 InlineCacheState initial_state = expr->AsProperty()->GetInlineCacheState();
7333 HLoadKeyedGeneric* result = New<HLoadKeyedGeneric>(
7334 object, key, function_language_mode(), initial_state);
7335 // HLoadKeyedGeneric with vector ics benefits from being encoded as
7336 // MEGAMORPHIC because the vector/slot combo becomes unnecessary.
7337 if (initial_state != MEGAMORPHIC) {
7338 // We need to pass vector information.
7339 Handle<TypeFeedbackVector> vector =
7340 handle(current_feedback_vector(), isolate());
7341 result->SetVectorAndSlot(vector, slot);
7345 HStoreKeyedGeneric* result = New<HStoreKeyedGeneric>(
7346 object, key, value, function_language_mode(), PREMONOMORPHIC);
7347 if (FLAG_vector_stores) {
7348 Handle<TypeFeedbackVector> vector =
7349 handle(current_feedback_vector(), isolate());
7350 result->SetVectorAndSlot(vector, slot);
7357 LoadKeyedHoleMode HOptimizedGraphBuilder::BuildKeyedHoleMode(Handle<Map> map) {
7358 // Loads from a "stock" fast holey double arrays can elide the hole check.
7359 // Loads from a "stock" fast holey array can convert the hole to undefined
7361 LoadKeyedHoleMode load_mode = NEVER_RETURN_HOLE;
7362 bool holey_double_elements =
7363 *map == isolate()->get_initial_js_array_map(FAST_HOLEY_DOUBLE_ELEMENTS);
7364 bool holey_elements =
7365 *map == isolate()->get_initial_js_array_map(FAST_HOLEY_ELEMENTS);
7366 if ((holey_double_elements || holey_elements) &&
7367 isolate()->IsFastArrayConstructorPrototypeChainIntact()) {
7369 holey_double_elements ? ALLOW_RETURN_HOLE : CONVERT_HOLE_TO_UNDEFINED;
7371 Handle<JSObject> prototype(JSObject::cast(map->prototype()), isolate());
7372 Handle<JSObject> object_prototype = isolate()->initial_object_prototype();
7373 BuildCheckPrototypeMaps(prototype, object_prototype);
7374 graph()->MarkDependsOnEmptyArrayProtoElements();
7380 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicElementAccess(
7386 PropertyAccessType access_type,
7387 KeyedAccessStoreMode store_mode) {
7388 HCheckMaps* checked_object = Add<HCheckMaps>(object, map, dependency);
7390 if (access_type == STORE && map->prototype()->IsJSObject()) {
7391 // monomorphic stores need a prototype chain check because shape
7392 // changes could allow callbacks on elements in the chain that
7393 // aren't compatible with monomorphic keyed stores.
7394 PrototypeIterator iter(map);
7395 JSObject* holder = NULL;
7396 while (!iter.IsAtEnd()) {
7397 holder = JSObject::cast(*PrototypeIterator::GetCurrent(iter));
7400 DCHECK(holder && holder->IsJSObject());
7402 BuildCheckPrototypeMaps(handle(JSObject::cast(map->prototype())),
7403 Handle<JSObject>(holder));
7406 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7407 return BuildUncheckedMonomorphicElementAccess(
7408 checked_object, key, val,
7409 map->instance_type() == JS_ARRAY_TYPE,
7410 map->elements_kind(), access_type,
7411 load_mode, store_mode);
7415 static bool CanInlineElementAccess(Handle<Map> map) {
7416 return map->IsJSObjectMap() && !map->has_dictionary_elements() &&
7417 !map->has_sloppy_arguments_elements() &&
7418 !map->has_indexed_interceptor() && !map->is_access_check_needed();
7422 HInstruction* HOptimizedGraphBuilder::TryBuildConsolidatedElementLoad(
7426 SmallMapList* maps) {
7427 // For polymorphic loads of similar elements kinds (i.e. all tagged or all
7428 // double), always use the "worst case" code without a transition. This is
7429 // much faster than transitioning the elements to the worst case, trading a
7430 // HTransitionElements for a HCheckMaps, and avoiding mutation of the array.
7431 bool has_double_maps = false;
7432 bool has_smi_or_object_maps = false;
7433 bool has_js_array_access = false;
7434 bool has_non_js_array_access = false;
7435 bool has_seen_holey_elements = false;
7436 Handle<Map> most_general_consolidated_map;
7437 for (int i = 0; i < maps->length(); ++i) {
7438 Handle<Map> map = maps->at(i);
7439 if (!CanInlineElementAccess(map)) return NULL;
7440 // Don't allow mixing of JSArrays with JSObjects.
7441 if (map->instance_type() == JS_ARRAY_TYPE) {
7442 if (has_non_js_array_access) return NULL;
7443 has_js_array_access = true;
7444 } else if (has_js_array_access) {
7447 has_non_js_array_access = true;
7449 // Don't allow mixed, incompatible elements kinds.
7450 if (map->has_fast_double_elements()) {
7451 if (has_smi_or_object_maps) return NULL;
7452 has_double_maps = true;
7453 } else if (map->has_fast_smi_or_object_elements()) {
7454 if (has_double_maps) return NULL;
7455 has_smi_or_object_maps = true;
7459 // Remember if we've ever seen holey elements.
7460 if (IsHoleyElementsKind(map->elements_kind())) {
7461 has_seen_holey_elements = true;
7463 // Remember the most general elements kind, the code for its load will
7464 // properly handle all of the more specific cases.
7465 if ((i == 0) || IsMoreGeneralElementsKindTransition(
7466 most_general_consolidated_map->elements_kind(),
7467 map->elements_kind())) {
7468 most_general_consolidated_map = map;
7471 if (!has_double_maps && !has_smi_or_object_maps) return NULL;
7473 HCheckMaps* checked_object = Add<HCheckMaps>(object, maps);
7474 // FAST_ELEMENTS is considered more general than FAST_HOLEY_SMI_ELEMENTS.
7475 // If we've seen both, the consolidated load must use FAST_HOLEY_ELEMENTS.
7476 ElementsKind consolidated_elements_kind = has_seen_holey_elements
7477 ? GetHoleyElementsKind(most_general_consolidated_map->elements_kind())
7478 : most_general_consolidated_map->elements_kind();
7479 HInstruction* instr = BuildUncheckedMonomorphicElementAccess(
7480 checked_object, key, val,
7481 most_general_consolidated_map->instance_type() == JS_ARRAY_TYPE,
7482 consolidated_elements_kind,
7483 LOAD, NEVER_RETURN_HOLE, STANDARD_STORE);
7488 HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
7489 Expression* expr, FeedbackVectorICSlot slot, HValue* object, HValue* key,
7490 HValue* val, SmallMapList* maps, PropertyAccessType access_type,
7491 KeyedAccessStoreMode store_mode, bool* has_side_effects) {
7492 *has_side_effects = false;
7493 BuildCheckHeapObject(object);
7495 if (access_type == LOAD) {
7496 HInstruction* consolidated_load =
7497 TryBuildConsolidatedElementLoad(object, key, val, maps);
7498 if (consolidated_load != NULL) {
7499 *has_side_effects |= consolidated_load->HasObservableSideEffects();
7500 return consolidated_load;
7504 // Elements_kind transition support.
7505 MapHandleList transition_target(maps->length());
7506 // Collect possible transition targets.
7507 MapHandleList possible_transitioned_maps(maps->length());
7508 for (int i = 0; i < maps->length(); ++i) {
7509 Handle<Map> map = maps->at(i);
7510 // Loads from strings or loads with a mix of string and non-string maps
7511 // shouldn't be handled polymorphically.
7512 DCHECK(access_type != LOAD || !map->IsStringMap());
7513 ElementsKind elements_kind = map->elements_kind();
7514 if (CanInlineElementAccess(map) && IsFastElementsKind(elements_kind) &&
7515 elements_kind != GetInitialFastElementsKind()) {
7516 possible_transitioned_maps.Add(map);
7518 if (IsSloppyArgumentsElements(elements_kind)) {
7519 HInstruction* result =
7520 BuildKeyedGeneric(access_type, expr, slot, object, key, val);
7521 *has_side_effects = result->HasObservableSideEffects();
7522 return AddInstruction(result);
7525 // Get transition target for each map (NULL == no transition).
7526 for (int i = 0; i < maps->length(); ++i) {
7527 Handle<Map> map = maps->at(i);
7528 Handle<Map> transitioned_map =
7529 Map::FindTransitionedMap(map, &possible_transitioned_maps);
7530 transition_target.Add(transitioned_map);
7533 MapHandleList untransitionable_maps(maps->length());
7534 HTransitionElementsKind* transition = NULL;
7535 for (int i = 0; i < maps->length(); ++i) {
7536 Handle<Map> map = maps->at(i);
7537 DCHECK(map->IsMap());
7538 if (!transition_target.at(i).is_null()) {
7539 DCHECK(Map::IsValidElementsTransition(
7540 map->elements_kind(),
7541 transition_target.at(i)->elements_kind()));
7542 transition = Add<HTransitionElementsKind>(object, map,
7543 transition_target.at(i));
7545 untransitionable_maps.Add(map);
7549 // If only one map is left after transitioning, handle this case
7551 DCHECK(untransitionable_maps.length() >= 1);
7552 if (untransitionable_maps.length() == 1) {
7553 Handle<Map> untransitionable_map = untransitionable_maps[0];
7554 HInstruction* instr = NULL;
7555 if (!CanInlineElementAccess(untransitionable_map)) {
7556 instr = AddInstruction(
7557 BuildKeyedGeneric(access_type, expr, slot, object, key, val));
7559 instr = BuildMonomorphicElementAccess(
7560 object, key, val, transition, untransitionable_map, access_type,
7563 *has_side_effects |= instr->HasObservableSideEffects();
7564 return access_type == STORE ? val : instr;
7567 HBasicBlock* join = graph()->CreateBasicBlock();
7569 for (int i = 0; i < untransitionable_maps.length(); ++i) {
7570 Handle<Map> map = untransitionable_maps[i];
7571 ElementsKind elements_kind = map->elements_kind();
7572 HBasicBlock* this_map = graph()->CreateBasicBlock();
7573 HBasicBlock* other_map = graph()->CreateBasicBlock();
7574 HCompareMap* mapcompare =
7575 New<HCompareMap>(object, map, this_map, other_map);
7576 FinishCurrentBlock(mapcompare);
7578 set_current_block(this_map);
7579 HInstruction* access = NULL;
7580 if (!CanInlineElementAccess(map)) {
7581 access = AddInstruction(
7582 BuildKeyedGeneric(access_type, expr, slot, object, key, val));
7584 DCHECK(IsFastElementsKind(elements_kind) ||
7585 IsFixedTypedArrayElementsKind(elements_kind));
7586 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7587 // Happily, mapcompare is a checked object.
7588 access = BuildUncheckedMonomorphicElementAccess(
7589 mapcompare, key, val,
7590 map->instance_type() == JS_ARRAY_TYPE,
7591 elements_kind, access_type,
7595 *has_side_effects |= access->HasObservableSideEffects();
7596 // The caller will use has_side_effects and add a correct Simulate.
7597 access->SetFlag(HValue::kHasNoObservableSideEffects);
7598 if (access_type == LOAD) {
7601 NoObservableSideEffectsScope scope(this);
7602 GotoNoSimulate(join);
7603 set_current_block(other_map);
7606 // Ensure that we visited at least one map above that goes to join. This is
7607 // necessary because FinishExitWithHardDeoptimization does an AbnormalExit
7608 // rather than joining the join block. If this becomes an issue, insert a
7609 // generic access in the case length() == 0.
7610 DCHECK(join->predecessors()->length() > 0);
7611 // Deopt if none of the cases matched.
7612 NoObservableSideEffectsScope scope(this);
7613 FinishExitWithHardDeoptimization(
7614 Deoptimizer::kUnknownMapInPolymorphicElementAccess);
7615 set_current_block(join);
7616 return access_type == STORE ? val : Pop();
7620 HValue* HOptimizedGraphBuilder::HandleKeyedElementAccess(
7621 HValue* obj, HValue* key, HValue* val, Expression* expr,
7622 FeedbackVectorICSlot slot, BailoutId ast_id, BailoutId return_id,
7623 PropertyAccessType access_type, bool* has_side_effects) {
7624 if (key->ActualValue()->IsConstant()) {
7625 Handle<Object> constant =
7626 HConstant::cast(key->ActualValue())->handle(isolate());
7627 uint32_t array_index;
7628 if (constant->IsString() &&
7629 !Handle<String>::cast(constant)->AsArrayIndex(&array_index)) {
7630 if (!constant->IsUniqueName()) {
7631 constant = isolate()->factory()->InternalizeString(
7632 Handle<String>::cast(constant));
7635 BuildNamedAccess(access_type, ast_id, return_id, expr, slot, obj,
7636 Handle<String>::cast(constant), val, false);
7637 if (access == NULL || access->IsPhi() ||
7638 HInstruction::cast(access)->IsLinked()) {
7639 *has_side_effects = false;
7641 HInstruction* instr = HInstruction::cast(access);
7642 AddInstruction(instr);
7643 *has_side_effects = instr->HasObservableSideEffects();
7649 DCHECK(!expr->IsPropertyName());
7650 HInstruction* instr = NULL;
7653 bool monomorphic = ComputeReceiverTypes(expr, obj, &maps, zone());
7655 bool force_generic = false;
7656 if (expr->GetKeyType() == PROPERTY) {
7657 // Non-Generic accesses assume that elements are being accessed, and will
7658 // deopt for non-index keys, which the IC knows will occur.
7659 // TODO(jkummerow): Consider adding proper support for property accesses.
7660 force_generic = true;
7661 monomorphic = false;
7662 } else if (access_type == STORE &&
7663 (monomorphic || (maps != NULL && !maps->is_empty()))) {
7664 // Stores can't be mono/polymorphic if their prototype chain has dictionary
7665 // elements. However a receiver map that has dictionary elements itself
7666 // should be left to normal mono/poly behavior (the other maps may benefit
7667 // from highly optimized stores).
7668 for (int i = 0; i < maps->length(); i++) {
7669 Handle<Map> current_map = maps->at(i);
7670 if (current_map->DictionaryElementsInPrototypeChainOnly()) {
7671 force_generic = true;
7672 monomorphic = false;
7676 } else if (access_type == LOAD && !monomorphic &&
7677 (maps != NULL && !maps->is_empty())) {
7678 // Polymorphic loads have to go generic if any of the maps are strings.
7679 // If some, but not all of the maps are strings, we should go generic
7680 // because polymorphic access wants to key on ElementsKind and isn't
7681 // compatible with strings.
7682 for (int i = 0; i < maps->length(); i++) {
7683 Handle<Map> current_map = maps->at(i);
7684 if (current_map->IsStringMap()) {
7685 force_generic = true;
7692 Handle<Map> map = maps->first();
7693 if (!CanInlineElementAccess(map)) {
7694 instr = AddInstruction(
7695 BuildKeyedGeneric(access_type, expr, slot, obj, key, val));
7697 BuildCheckHeapObject(obj);
7698 instr = BuildMonomorphicElementAccess(
7699 obj, key, val, NULL, map, access_type, expr->GetStoreMode());
7701 } else if (!force_generic && (maps != NULL && !maps->is_empty())) {
7702 return HandlePolymorphicElementAccess(expr, slot, obj, key, val, maps,
7703 access_type, expr->GetStoreMode(),
7706 if (access_type == STORE) {
7707 if (expr->IsAssignment() &&
7708 expr->AsAssignment()->HasNoTypeInformation()) {
7709 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedStore,
7713 if (expr->AsProperty()->HasNoTypeInformation()) {
7714 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedLoad,
7718 instr = AddInstruction(
7719 BuildKeyedGeneric(access_type, expr, slot, obj, key, val));
7721 *has_side_effects = instr->HasObservableSideEffects();
7726 void HOptimizedGraphBuilder::EnsureArgumentsArePushedForAccess() {
7727 // Outermost function already has arguments on the stack.
7728 if (function_state()->outer() == NULL) return;
7730 if (function_state()->arguments_pushed()) return;
7732 // Push arguments when entering inlined function.
7733 HEnterInlined* entry = function_state()->entry();
7734 entry->set_arguments_pushed();
7736 HArgumentsObject* arguments = entry->arguments_object();
7737 const ZoneList<HValue*>* arguments_values = arguments->arguments_values();
7739 HInstruction* insert_after = entry;
7740 for (int i = 0; i < arguments_values->length(); i++) {
7741 HValue* argument = arguments_values->at(i);
7742 HInstruction* push_argument = New<HPushArguments>(argument);
7743 push_argument->InsertAfter(insert_after);
7744 insert_after = push_argument;
7747 HArgumentsElements* arguments_elements = New<HArgumentsElements>(true);
7748 arguments_elements->ClearFlag(HValue::kUseGVN);
7749 arguments_elements->InsertAfter(insert_after);
7750 function_state()->set_arguments_elements(arguments_elements);
7754 bool HOptimizedGraphBuilder::TryArgumentsAccess(Property* expr) {
7755 VariableProxy* proxy = expr->obj()->AsVariableProxy();
7756 if (proxy == NULL) return false;
7757 if (!proxy->var()->IsStackAllocated()) return false;
7758 if (!environment()->Lookup(proxy->var())->CheckFlag(HValue::kIsArguments)) {
7762 HInstruction* result = NULL;
7763 if (expr->key()->IsPropertyName()) {
7764 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7765 if (!String::Equals(name, isolate()->factory()->length_string())) {
7769 if (function_state()->outer() == NULL) {
7770 HInstruction* elements = Add<HArgumentsElements>(false);
7771 result = New<HArgumentsLength>(elements);
7773 // Number of arguments without receiver.
7774 int argument_count = environment()->
7775 arguments_environment()->parameter_count() - 1;
7776 result = New<HConstant>(argument_count);
7779 Push(graph()->GetArgumentsObject());
7780 CHECK_ALIVE_OR_RETURN(VisitForValue(expr->key()), true);
7781 HValue* key = Pop();
7782 Drop(1); // Arguments object.
7783 if (function_state()->outer() == NULL) {
7784 HInstruction* elements = Add<HArgumentsElements>(false);
7785 HInstruction* length = Add<HArgumentsLength>(elements);
7786 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7787 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7789 EnsureArgumentsArePushedForAccess();
7791 // Number of arguments without receiver.
7792 HInstruction* elements = function_state()->arguments_elements();
7793 int argument_count = environment()->
7794 arguments_environment()->parameter_count() - 1;
7795 HInstruction* length = Add<HConstant>(argument_count);
7796 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7797 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7800 ast_context()->ReturnInstruction(result, expr->id());
7805 HValue* HOptimizedGraphBuilder::BuildNamedAccess(
7806 PropertyAccessType access, BailoutId ast_id, BailoutId return_id,
7807 Expression* expr, FeedbackVectorICSlot slot, HValue* object,
7808 Handle<String> name, HValue* value, bool is_uninitialized) {
7810 ComputeReceiverTypes(expr, object, &maps, zone());
7811 DCHECK(maps != NULL);
7813 if (maps->length() > 0) {
7814 PropertyAccessInfo info(this, access, maps->first(), name);
7815 if (!info.CanAccessAsMonomorphic(maps)) {
7816 HandlePolymorphicNamedFieldAccess(access, expr, slot, ast_id, return_id,
7817 object, value, maps, name);
7821 HValue* checked_object;
7822 // Type::Number() is only supported by polymorphic load/call handling.
7823 DCHECK(!info.IsNumberType());
7824 BuildCheckHeapObject(object);
7825 if (AreStringTypes(maps)) {
7827 Add<HCheckInstanceType>(object, HCheckInstanceType::IS_STRING);
7829 checked_object = Add<HCheckMaps>(object, maps);
7831 return BuildMonomorphicAccess(
7832 &info, object, checked_object, value, ast_id, return_id);
7835 return BuildNamedGeneric(access, expr, slot, object, name, value,
7840 void HOptimizedGraphBuilder::PushLoad(Property* expr,
7843 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
7845 if (key != NULL) Push(key);
7846 BuildLoad(expr, expr->LoadId());
7850 void HOptimizedGraphBuilder::BuildLoad(Property* expr,
7852 HInstruction* instr = NULL;
7853 if (expr->IsStringAccess()) {
7854 HValue* index = Pop();
7855 HValue* string = Pop();
7856 HInstruction* char_code = BuildStringCharCodeAt(string, index);
7857 AddInstruction(char_code);
7858 instr = NewUncasted<HStringCharFromCode>(char_code);
7860 } else if (expr->key()->IsPropertyName()) {
7861 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7862 HValue* object = Pop();
7864 HValue* value = BuildNamedAccess(LOAD, ast_id, expr->LoadId(), expr,
7865 expr->PropertyFeedbackSlot(), object, name,
7866 NULL, expr->IsUninitialized());
7867 if (value == NULL) return;
7868 if (value->IsPhi()) return ast_context()->ReturnValue(value);
7869 instr = HInstruction::cast(value);
7870 if (instr->IsLinked()) return ast_context()->ReturnValue(instr);
7873 HValue* key = Pop();
7874 HValue* obj = Pop();
7876 bool has_side_effects = false;
7877 HValue* load = HandleKeyedElementAccess(
7878 obj, key, NULL, expr, expr->PropertyFeedbackSlot(), ast_id,
7879 expr->LoadId(), LOAD, &has_side_effects);
7880 if (has_side_effects) {
7881 if (ast_context()->IsEffect()) {
7882 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7885 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7889 if (load == NULL) return;
7890 return ast_context()->ReturnValue(load);
7892 return ast_context()->ReturnInstruction(instr, ast_id);
7896 void HOptimizedGraphBuilder::VisitProperty(Property* expr) {
7897 DCHECK(!HasStackOverflow());
7898 DCHECK(current_block() != NULL);
7899 DCHECK(current_block()->HasPredecessor());
7901 if (TryArgumentsAccess(expr)) return;
7903 CHECK_ALIVE(VisitForValue(expr->obj()));
7904 if (!expr->key()->IsPropertyName() || expr->IsStringAccess()) {
7905 CHECK_ALIVE(VisitForValue(expr->key()));
7908 BuildLoad(expr, expr->id());
7912 HInstruction* HGraphBuilder::BuildConstantMapCheck(Handle<JSObject> constant) {
7913 HCheckMaps* check = Add<HCheckMaps>(
7914 Add<HConstant>(constant), handle(constant->map()));
7915 check->ClearDependsOnFlag(kElementsKind);
7920 HInstruction* HGraphBuilder::BuildCheckPrototypeMaps(Handle<JSObject> prototype,
7921 Handle<JSObject> holder) {
7922 PrototypeIterator iter(isolate(), prototype,
7923 PrototypeIterator::START_AT_RECEIVER);
7924 while (holder.is_null() ||
7925 !PrototypeIterator::GetCurrent(iter).is_identical_to(holder)) {
7926 BuildConstantMapCheck(
7927 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7929 if (iter.IsAtEnd()) {
7933 return BuildConstantMapCheck(
7934 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7938 void HOptimizedGraphBuilder::AddCheckPrototypeMaps(Handle<JSObject> holder,
7939 Handle<Map> receiver_map) {
7940 if (!holder.is_null()) {
7941 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
7942 BuildCheckPrototypeMaps(prototype, holder);
7947 HInstruction* HOptimizedGraphBuilder::NewPlainFunctionCall(
7948 HValue* fun, int argument_count, bool pass_argument_count) {
7949 return New<HCallJSFunction>(fun, argument_count, pass_argument_count);
7953 HInstruction* HOptimizedGraphBuilder::NewArgumentAdaptorCall(
7954 HValue* fun, HValue* context,
7955 int argument_count, HValue* expected_param_count) {
7956 ArgumentAdaptorDescriptor descriptor(isolate());
7957 HValue* arity = Add<HConstant>(argument_count - 1);
7959 HValue* op_vals[] = { context, fun, arity, expected_param_count };
7961 Handle<Code> adaptor =
7962 isolate()->builtins()->ArgumentsAdaptorTrampoline();
7963 HConstant* adaptor_value = Add<HConstant>(adaptor);
7965 return New<HCallWithDescriptor>(adaptor_value, argument_count, descriptor,
7966 Vector<HValue*>(op_vals, arraysize(op_vals)));
7970 HInstruction* HOptimizedGraphBuilder::BuildCallConstantFunction(
7971 Handle<JSFunction> jsfun, int argument_count) {
7972 HValue* target = Add<HConstant>(jsfun);
7973 // For constant functions, we try to avoid calling the
7974 // argument adaptor and instead call the function directly
7975 int formal_parameter_count =
7976 jsfun->shared()->internal_formal_parameter_count();
7977 bool dont_adapt_arguments =
7978 (formal_parameter_count ==
7979 SharedFunctionInfo::kDontAdaptArgumentsSentinel);
7980 int arity = argument_count - 1;
7981 bool can_invoke_directly =
7982 dont_adapt_arguments || formal_parameter_count == arity;
7983 if (can_invoke_directly) {
7984 if (jsfun.is_identical_to(current_info()->closure())) {
7985 graph()->MarkRecursive();
7987 return NewPlainFunctionCall(target, argument_count, dont_adapt_arguments);
7989 HValue* param_count_value = Add<HConstant>(formal_parameter_count);
7990 HValue* context = Add<HLoadNamedField>(
7991 target, nullptr, HObjectAccess::ForFunctionContextPointer());
7992 return NewArgumentAdaptorCall(target, context,
7993 argument_count, param_count_value);
8000 class FunctionSorter {
8002 explicit FunctionSorter(int index = 0, int ticks = 0, int size = 0)
8003 : index_(index), ticks_(ticks), size_(size) {}
8005 int index() const { return index_; }
8006 int ticks() const { return ticks_; }
8007 int size() const { return size_; }
8016 inline bool operator<(const FunctionSorter& lhs, const FunctionSorter& rhs) {
8017 int diff = lhs.ticks() - rhs.ticks();
8018 if (diff != 0) return diff > 0;
8019 return lhs.size() < rhs.size();
8023 void HOptimizedGraphBuilder::HandlePolymorphicCallNamed(Call* expr,
8026 Handle<String> name) {
8027 int argument_count = expr->arguments()->length() + 1; // Includes receiver.
8028 FunctionSorter order[kMaxCallPolymorphism];
8030 bool handle_smi = false;
8031 bool handled_string = false;
8032 int ordered_functions = 0;
8035 for (i = 0; i < maps->length() && ordered_functions < kMaxCallPolymorphism;
8037 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
8038 if (info.CanAccessMonomorphic() && info.IsDataConstant() &&
8039 info.constant()->IsJSFunction()) {
8040 if (info.IsStringType()) {
8041 if (handled_string) continue;
8042 handled_string = true;
8044 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
8045 if (info.IsNumberType()) {
8048 expr->set_target(target);
8049 order[ordered_functions++] = FunctionSorter(
8050 i, target->shared()->profiler_ticks(), InliningAstSize(target));
8054 std::sort(order, order + ordered_functions);
8056 if (i < maps->length()) {
8058 ordered_functions = -1;
8061 HBasicBlock* number_block = NULL;
8062 HBasicBlock* join = NULL;
8063 handled_string = false;
8066 for (int fn = 0; fn < ordered_functions; ++fn) {
8067 int i = order[fn].index();
8068 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
8069 if (info.IsStringType()) {
8070 if (handled_string) continue;
8071 handled_string = true;
8073 // Reloads the target.
8074 info.CanAccessMonomorphic();
8075 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
8077 expr->set_target(target);
8079 // Only needed once.
8080 join = graph()->CreateBasicBlock();
8082 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
8083 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
8084 number_block = graph()->CreateBasicBlock();
8085 FinishCurrentBlock(New<HIsSmiAndBranch>(
8086 receiver, empty_smi_block, not_smi_block));
8087 GotoNoSimulate(empty_smi_block, number_block);
8088 set_current_block(not_smi_block);
8090 BuildCheckHeapObject(receiver);
8094 HBasicBlock* if_true = graph()->CreateBasicBlock();
8095 HBasicBlock* if_false = graph()->CreateBasicBlock();
8096 HUnaryControlInstruction* compare;
8098 Handle<Map> map = info.map();
8099 if (info.IsNumberType()) {
8100 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
8101 compare = New<HCompareMap>(receiver, heap_number_map, if_true, if_false);
8102 } else if (info.IsStringType()) {
8103 compare = New<HIsStringAndBranch>(receiver, if_true, if_false);
8105 compare = New<HCompareMap>(receiver, map, if_true, if_false);
8107 FinishCurrentBlock(compare);
8109 if (info.IsNumberType()) {
8110 GotoNoSimulate(if_true, number_block);
8111 if_true = number_block;
8114 set_current_block(if_true);
8116 AddCheckPrototypeMaps(info.holder(), map);
8118 HValue* function = Add<HConstant>(expr->target());
8119 environment()->SetExpressionStackAt(0, function);
8121 CHECK_ALIVE(VisitExpressions(expr->arguments()));
8122 bool needs_wrapping = info.NeedsWrappingFor(target);
8123 bool try_inline = FLAG_polymorphic_inlining && !needs_wrapping;
8124 if (FLAG_trace_inlining && try_inline) {
8125 Handle<JSFunction> caller = current_info()->closure();
8126 base::SmartArrayPointer<char> caller_name =
8127 caller->shared()->DebugName()->ToCString();
8128 PrintF("Trying to inline the polymorphic call to %s from %s\n",
8129 name->ToCString().get(),
8132 if (try_inline && TryInlineCall(expr)) {
8133 // Trying to inline will signal that we should bailout from the
8134 // entire compilation by setting stack overflow on the visitor.
8135 if (HasStackOverflow()) return;
8137 // Since HWrapReceiver currently cannot actually wrap numbers and strings,
8138 // use the regular CallFunctionStub for method calls to wrap the receiver.
8139 // TODO(verwaest): Support creation of value wrappers directly in
8141 HInstruction* call = needs_wrapping
8142 ? NewUncasted<HCallFunction>(
8143 function, argument_count, WRAP_AND_CALL)
8144 : BuildCallConstantFunction(target, argument_count);
8145 PushArgumentsFromEnvironment(argument_count);
8146 AddInstruction(call);
8147 Drop(1); // Drop the function.
8148 if (!ast_context()->IsEffect()) Push(call);
8151 if (current_block() != NULL) Goto(join);
8152 set_current_block(if_false);
8155 // Finish up. Unconditionally deoptimize if we've handled all the maps we
8156 // know about and do not want to handle ones we've never seen. Otherwise
8157 // use a generic IC.
8158 if (ordered_functions == maps->length() && FLAG_deoptimize_uncommon_cases) {
8159 FinishExitWithHardDeoptimization(Deoptimizer::kUnknownMapInPolymorphicCall);
8161 Property* prop = expr->expression()->AsProperty();
8162 HInstruction* function =
8163 BuildNamedGeneric(LOAD, prop, prop->PropertyFeedbackSlot(), receiver,
8164 name, NULL, prop->IsUninitialized());
8165 AddInstruction(function);
8167 AddSimulate(prop->LoadId(), REMOVABLE_SIMULATE);
8169 environment()->SetExpressionStackAt(1, function);
8170 environment()->SetExpressionStackAt(0, receiver);
8171 CHECK_ALIVE(VisitExpressions(expr->arguments()));
8173 CallFunctionFlags flags = receiver->type().IsJSObject()
8174 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
8175 HInstruction* call = New<HCallFunction>(
8176 function, argument_count, flags);
8178 PushArgumentsFromEnvironment(argument_count);
8180 Drop(1); // Function.
8183 AddInstruction(call);
8184 if (!ast_context()->IsEffect()) Push(call);
8187 return ast_context()->ReturnInstruction(call, expr->id());
8191 // We assume that control flow is always live after an expression. So
8192 // even without predecessors to the join block, we set it as the exit
8193 // block and continue by adding instructions there.
8194 DCHECK(join != NULL);
8195 if (join->HasPredecessor()) {
8196 set_current_block(join);
8197 join->SetJoinId(expr->id());
8198 if (!ast_context()->IsEffect()) return ast_context()->ReturnValue(Pop());
8200 set_current_block(NULL);
8205 void HOptimizedGraphBuilder::TraceInline(Handle<JSFunction> target,
8206 Handle<JSFunction> caller,
8207 const char* reason) {
8208 if (FLAG_trace_inlining) {
8209 base::SmartArrayPointer<char> target_name =
8210 target->shared()->DebugName()->ToCString();
8211 base::SmartArrayPointer<char> caller_name =
8212 caller->shared()->DebugName()->ToCString();
8213 if (reason == NULL) {
8214 PrintF("Inlined %s called from %s.\n", target_name.get(),
8217 PrintF("Did not inline %s called from %s (%s).\n",
8218 target_name.get(), caller_name.get(), reason);
8224 static const int kNotInlinable = 1000000000;
8227 int HOptimizedGraphBuilder::InliningAstSize(Handle<JSFunction> target) {
8228 if (!FLAG_use_inlining) return kNotInlinable;
8230 // Precondition: call is monomorphic and we have found a target with the
8231 // appropriate arity.
8232 Handle<JSFunction> caller = current_info()->closure();
8233 Handle<SharedFunctionInfo> target_shared(target->shared());
8235 // Always inline functions that force inlining.
8236 if (target_shared->force_inline()) {
8239 if (target->IsBuiltin()) {
8240 return kNotInlinable;
8243 if (target_shared->IsApiFunction()) {
8244 TraceInline(target, caller, "target is api function");
8245 return kNotInlinable;
8248 // Do a quick check on source code length to avoid parsing large
8249 // inlining candidates.
8250 if (target_shared->SourceSize() >
8251 Min(FLAG_max_inlined_source_size, kUnlimitedMaxInlinedSourceSize)) {
8252 TraceInline(target, caller, "target text too big");
8253 return kNotInlinable;
8256 // Target must be inlineable.
8257 if (!target_shared->IsInlineable()) {
8258 TraceInline(target, caller, "target not inlineable");
8259 return kNotInlinable;
8261 if (target_shared->disable_optimization_reason() != kNoReason) {
8262 TraceInline(target, caller, "target contains unsupported syntax [early]");
8263 return kNotInlinable;
8266 int nodes_added = target_shared->ast_node_count();
8271 bool HOptimizedGraphBuilder::TryInline(Handle<JSFunction> target,
8272 int arguments_count,
8273 HValue* implicit_return_value,
8274 BailoutId ast_id, BailoutId return_id,
8275 InliningKind inlining_kind) {
8276 if (target->context()->native_context() !=
8277 top_info()->closure()->context()->native_context()) {
8280 int nodes_added = InliningAstSize(target);
8281 if (nodes_added == kNotInlinable) return false;
8283 Handle<JSFunction> caller = current_info()->closure();
8285 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
8286 TraceInline(target, caller, "target AST is too large [early]");
8290 // Don't inline deeper than the maximum number of inlining levels.
8291 HEnvironment* env = environment();
8292 int current_level = 1;
8293 while (env->outer() != NULL) {
8294 if (current_level == FLAG_max_inlining_levels) {
8295 TraceInline(target, caller, "inline depth limit reached");
8298 if (env->outer()->frame_type() == JS_FUNCTION) {
8304 // Don't inline recursive functions.
8305 for (FunctionState* state = function_state();
8307 state = state->outer()) {
8308 if (*state->compilation_info()->closure() == *target) {
8309 TraceInline(target, caller, "target is recursive");
8314 // We don't want to add more than a certain number of nodes from inlining.
8315 // Always inline small methods (<= 10 nodes).
8316 if (inlined_count_ > Min(FLAG_max_inlined_nodes_cumulative,
8317 kUnlimitedMaxInlinedNodesCumulative)) {
8318 TraceInline(target, caller, "cumulative AST node limit reached");
8322 // Parse and allocate variables.
8323 // Use the same AstValueFactory for creating strings in the sub-compilation
8324 // step, but don't transfer ownership to target_info.
8325 ParseInfo parse_info(zone(), target);
8326 parse_info.set_ast_value_factory(
8327 top_info()->parse_info()->ast_value_factory());
8328 parse_info.set_ast_value_factory_owned(false);
8330 CompilationInfo target_info(&parse_info);
8331 Handle<SharedFunctionInfo> target_shared(target->shared());
8332 if (target_shared->HasDebugInfo()) {
8333 TraceInline(target, caller, "target is being debugged");
8336 if (!Compiler::ParseAndAnalyze(target_info.parse_info())) {
8337 if (target_info.isolate()->has_pending_exception()) {
8338 // Parse or scope error, never optimize this function.
8340 target_shared->DisableOptimization(kParseScopeError);
8342 TraceInline(target, caller, "parse failure");
8346 if (target_info.scope()->num_heap_slots() > 0) {
8347 TraceInline(target, caller, "target has context-allocated variables");
8350 FunctionLiteral* function = target_info.function();
8352 // The following conditions must be checked again after re-parsing, because
8353 // earlier the information might not have been complete due to lazy parsing.
8354 nodes_added = function->ast_node_count();
8355 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
8356 TraceInline(target, caller, "target AST is too large [late]");
8359 if (function->dont_optimize()) {
8360 TraceInline(target, caller, "target contains unsupported syntax [late]");
8364 // If the function uses the arguments object check that inlining of functions
8365 // with arguments object is enabled and the arguments-variable is
8367 if (function->scope()->arguments() != NULL) {
8368 if (!FLAG_inline_arguments) {
8369 TraceInline(target, caller, "target uses arguments object");
8374 // All declarations must be inlineable.
8375 ZoneList<Declaration*>* decls = target_info.scope()->declarations();
8376 int decl_count = decls->length();
8377 for (int i = 0; i < decl_count; ++i) {
8378 if (!decls->at(i)->IsInlineable()) {
8379 TraceInline(target, caller, "target has non-trivial declaration");
8384 // Generate the deoptimization data for the unoptimized version of
8385 // the target function if we don't already have it.
8386 if (!Compiler::EnsureDeoptimizationSupport(&target_info)) {
8387 TraceInline(target, caller, "could not generate deoptimization info");
8391 // In strong mode it is an error to call a function with too few arguments.
8392 // In that case do not inline because then the arity check would be skipped.
8393 if (is_strong(function->language_mode()) &&
8394 arguments_count < function->parameter_count()) {
8395 TraceInline(target, caller,
8396 "too few arguments passed to a strong function");
8400 // ----------------------------------------------------------------
8401 // After this point, we've made a decision to inline this function (so
8402 // TryInline should always return true).
8404 // Type-check the inlined function.
8405 DCHECK(target_shared->has_deoptimization_support());
8406 AstTyper::Run(&target_info);
8408 int inlining_id = 0;
8409 if (top_info()->is_tracking_positions()) {
8410 inlining_id = top_info()->TraceInlinedFunction(
8411 target_shared, source_position(), function_state()->inlining_id());
8414 // Save the pending call context. Set up new one for the inlined function.
8415 // The function state is new-allocated because we need to delete it
8416 // in two different places.
8417 FunctionState* target_state =
8418 new FunctionState(this, &target_info, inlining_kind, inlining_id);
8420 HConstant* undefined = graph()->GetConstantUndefined();
8422 HEnvironment* inner_env =
8423 environment()->CopyForInlining(target,
8427 function_state()->inlining_kind());
8429 HConstant* context = Add<HConstant>(Handle<Context>(target->context()));
8430 inner_env->BindContext(context);
8432 // Create a dematerialized arguments object for the function, also copy the
8433 // current arguments values to use them for materialization.
8434 HEnvironment* arguments_env = inner_env->arguments_environment();
8435 int parameter_count = arguments_env->parameter_count();
8436 HArgumentsObject* arguments_object = Add<HArgumentsObject>(parameter_count);
8437 for (int i = 0; i < parameter_count; i++) {
8438 arguments_object->AddArgument(arguments_env->Lookup(i), zone());
8441 // If the function uses arguments object then bind bind one.
8442 if (function->scope()->arguments() != NULL) {
8443 DCHECK(function->scope()->arguments()->IsStackAllocated());
8444 inner_env->Bind(function->scope()->arguments(), arguments_object);
8447 // Capture the state before invoking the inlined function for deopt in the
8448 // inlined function. This simulate has no bailout-id since it's not directly
8449 // reachable for deopt, and is only used to capture the state. If the simulate
8450 // becomes reachable by merging, the ast id of the simulate merged into it is
8452 Add<HSimulate>(BailoutId::None());
8454 current_block()->UpdateEnvironment(inner_env);
8455 Scope* saved_scope = scope();
8456 set_scope(target_info.scope());
8457 HEnterInlined* enter_inlined =
8458 Add<HEnterInlined>(return_id, target, context, arguments_count, function,
8459 function_state()->inlining_kind(),
8460 function->scope()->arguments(), arguments_object);
8461 if (top_info()->is_tracking_positions()) {
8462 enter_inlined->set_inlining_id(inlining_id);
8464 function_state()->set_entry(enter_inlined);
8466 VisitDeclarations(target_info.scope()->declarations());
8467 VisitStatements(function->body());
8468 set_scope(saved_scope);
8469 if (HasStackOverflow()) {
8470 // Bail out if the inline function did, as we cannot residualize a call
8471 // instead, but do not disable optimization for the outer function.
8472 TraceInline(target, caller, "inline graph construction failed");
8473 target_shared->DisableOptimization(kInliningBailedOut);
8474 current_info()->RetryOptimization(kInliningBailedOut);
8475 delete target_state;
8479 // Update inlined nodes count.
8480 inlined_count_ += nodes_added;
8482 Handle<Code> unoptimized_code(target_shared->code());
8483 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
8484 Handle<TypeFeedbackInfo> type_info(
8485 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
8486 graph()->update_type_change_checksum(type_info->own_type_change_checksum());
8488 TraceInline(target, caller, NULL);
8490 if (current_block() != NULL) {
8491 FunctionState* state = function_state();
8492 if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
8493 // Falling off the end of an inlined construct call. In a test context the
8494 // return value will always evaluate to true, in a value context the
8495 // return value is the newly allocated receiver.
8496 if (call_context()->IsTest()) {
8497 Goto(inlined_test_context()->if_true(), state);
8498 } else if (call_context()->IsEffect()) {
8499 Goto(function_return(), state);
8501 DCHECK(call_context()->IsValue());
8502 AddLeaveInlined(implicit_return_value, state);
8504 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
8505 // Falling off the end of an inlined setter call. The returned value is
8506 // never used, the value of an assignment is always the value of the RHS
8507 // of the assignment.
8508 if (call_context()->IsTest()) {
8509 inlined_test_context()->ReturnValue(implicit_return_value);
8510 } else if (call_context()->IsEffect()) {
8511 Goto(function_return(), state);
8513 DCHECK(call_context()->IsValue());
8514 AddLeaveInlined(implicit_return_value, state);
8517 // Falling off the end of a normal inlined function. This basically means
8518 // returning undefined.
8519 if (call_context()->IsTest()) {
8520 Goto(inlined_test_context()->if_false(), state);
8521 } else if (call_context()->IsEffect()) {
8522 Goto(function_return(), state);
8524 DCHECK(call_context()->IsValue());
8525 AddLeaveInlined(undefined, state);
8530 // Fix up the function exits.
8531 if (inlined_test_context() != NULL) {
8532 HBasicBlock* if_true = inlined_test_context()->if_true();
8533 HBasicBlock* if_false = inlined_test_context()->if_false();
8535 HEnterInlined* entry = function_state()->entry();
8537 // Pop the return test context from the expression context stack.
8538 DCHECK(ast_context() == inlined_test_context());
8539 ClearInlinedTestContext();
8540 delete target_state;
8542 // Forward to the real test context.
8543 if (if_true->HasPredecessor()) {
8544 entry->RegisterReturnTarget(if_true, zone());
8545 if_true->SetJoinId(ast_id);
8546 HBasicBlock* true_target = TestContext::cast(ast_context())->if_true();
8547 Goto(if_true, true_target, function_state());
8549 if (if_false->HasPredecessor()) {
8550 entry->RegisterReturnTarget(if_false, zone());
8551 if_false->SetJoinId(ast_id);
8552 HBasicBlock* false_target = TestContext::cast(ast_context())->if_false();
8553 Goto(if_false, false_target, function_state());
8555 set_current_block(NULL);
8558 } else if (function_return()->HasPredecessor()) {
8559 function_state()->entry()->RegisterReturnTarget(function_return(), zone());
8560 function_return()->SetJoinId(ast_id);
8561 set_current_block(function_return());
8563 set_current_block(NULL);
8565 delete target_state;
8570 bool HOptimizedGraphBuilder::TryInlineCall(Call* expr) {
8571 return TryInline(expr->target(), expr->arguments()->length(), NULL,
8572 expr->id(), expr->ReturnId(), NORMAL_RETURN);
8576 bool HOptimizedGraphBuilder::TryInlineConstruct(CallNew* expr,
8577 HValue* implicit_return_value) {
8578 return TryInline(expr->target(), expr->arguments()->length(),
8579 implicit_return_value, expr->id(), expr->ReturnId(),
8580 CONSTRUCT_CALL_RETURN);
8584 bool HOptimizedGraphBuilder::TryInlineGetter(Handle<JSFunction> getter,
8585 Handle<Map> receiver_map,
8587 BailoutId return_id) {
8588 if (TryInlineApiGetter(getter, receiver_map, ast_id)) return true;
8589 return TryInline(getter, 0, NULL, ast_id, return_id, GETTER_CALL_RETURN);
8593 bool HOptimizedGraphBuilder::TryInlineSetter(Handle<JSFunction> setter,
8594 Handle<Map> receiver_map,
8596 BailoutId assignment_id,
8597 HValue* implicit_return_value) {
8598 if (TryInlineApiSetter(setter, receiver_map, id)) return true;
8599 return TryInline(setter, 1, implicit_return_value, id, assignment_id,
8600 SETTER_CALL_RETURN);
8604 bool HOptimizedGraphBuilder::TryInlineIndirectCall(Handle<JSFunction> function,
8606 int arguments_count) {
8607 return TryInline(function, arguments_count, NULL, expr->id(),
8608 expr->ReturnId(), NORMAL_RETURN);
8612 bool HOptimizedGraphBuilder::TryInlineBuiltinFunctionCall(Call* expr) {
8613 if (!expr->target()->shared()->HasBuiltinFunctionId()) return false;
8614 BuiltinFunctionId id = expr->target()->shared()->builtin_function_id();
8617 if (!FLAG_fast_math) break;
8618 // Fall through if FLAG_fast_math.
8626 if (expr->arguments()->length() == 1) {
8627 HValue* argument = Pop();
8628 Drop(2); // Receiver and function.
8629 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8630 ast_context()->ReturnInstruction(op, expr->id());
8635 if (expr->arguments()->length() == 2) {
8636 HValue* right = Pop();
8637 HValue* left = Pop();
8638 Drop(2); // Receiver and function.
8640 HMul::NewImul(isolate(), zone(), context(), left, right);
8641 ast_context()->ReturnInstruction(op, expr->id());
8646 // Not supported for inlining yet.
8654 bool HOptimizedGraphBuilder::IsReadOnlyLengthDescriptor(
8655 Handle<Map> jsarray_map) {
8656 DCHECK(!jsarray_map->is_dictionary_map());
8657 Isolate* isolate = jsarray_map->GetIsolate();
8658 Handle<Name> length_string = isolate->factory()->length_string();
8659 DescriptorArray* descriptors = jsarray_map->instance_descriptors();
8660 int number = descriptors->SearchWithCache(*length_string, *jsarray_map);
8661 DCHECK_NE(DescriptorArray::kNotFound, number);
8662 return descriptors->GetDetails(number).IsReadOnly();
8667 bool HOptimizedGraphBuilder::CanInlineArrayResizeOperation(
8668 Handle<Map> receiver_map) {
8669 return !receiver_map.is_null() &&
8670 receiver_map->instance_type() == JS_ARRAY_TYPE &&
8671 IsFastElementsKind(receiver_map->elements_kind()) &&
8672 !receiver_map->is_dictionary_map() &&
8673 !IsReadOnlyLengthDescriptor(receiver_map) &&
8674 !receiver_map->is_observed() && receiver_map->is_extensible();
8678 bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
8679 Call* expr, Handle<JSFunction> function, Handle<Map> receiver_map,
8680 int args_count_no_receiver) {
8681 if (!function->shared()->HasBuiltinFunctionId()) return false;
8682 BuiltinFunctionId id = function->shared()->builtin_function_id();
8683 int argument_count = args_count_no_receiver + 1; // Plus receiver.
8685 if (receiver_map.is_null()) {
8686 HValue* receiver = environment()->ExpressionStackAt(args_count_no_receiver);
8687 if (receiver->IsConstant() &&
8688 HConstant::cast(receiver)->handle(isolate())->IsHeapObject()) {
8690 handle(Handle<HeapObject>::cast(
8691 HConstant::cast(receiver)->handle(isolate()))->map());
8694 // Try to inline calls like Math.* as operations in the calling function.
8696 case kStringCharCodeAt:
8698 if (argument_count == 2) {
8699 HValue* index = Pop();
8700 HValue* string = Pop();
8701 Drop(1); // Function.
8702 HInstruction* char_code =
8703 BuildStringCharCodeAt(string, index);
8704 if (id == kStringCharCodeAt) {
8705 ast_context()->ReturnInstruction(char_code, expr->id());
8708 AddInstruction(char_code);
8709 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
8710 ast_context()->ReturnInstruction(result, expr->id());
8714 case kStringFromCharCode:
8715 if (argument_count == 2) {
8716 HValue* argument = Pop();
8717 Drop(2); // Receiver and function.
8718 HInstruction* result = NewUncasted<HStringCharFromCode>(argument);
8719 ast_context()->ReturnInstruction(result, expr->id());
8724 if (!FLAG_fast_math) break;
8725 // Fall through if FLAG_fast_math.
8733 if (argument_count == 2) {
8734 HValue* argument = Pop();
8735 Drop(2); // Receiver and function.
8736 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8737 ast_context()->ReturnInstruction(op, expr->id());
8742 if (argument_count == 3) {
8743 HValue* right = Pop();
8744 HValue* left = Pop();
8745 Drop(2); // Receiver and function.
8746 HInstruction* result = NULL;
8747 // Use sqrt() if exponent is 0.5 or -0.5.
8748 if (right->IsConstant() && HConstant::cast(right)->HasDoubleValue()) {
8749 double exponent = HConstant::cast(right)->DoubleValue();
8750 if (exponent == 0.5) {
8751 result = NewUncasted<HUnaryMathOperation>(left, kMathPowHalf);
8752 } else if (exponent == -0.5) {
8753 HValue* one = graph()->GetConstant1();
8754 HInstruction* sqrt = AddUncasted<HUnaryMathOperation>(
8755 left, kMathPowHalf);
8756 // MathPowHalf doesn't have side effects so there's no need for
8757 // an environment simulation here.
8758 DCHECK(!sqrt->HasObservableSideEffects());
8759 result = NewUncasted<HDiv>(one, sqrt);
8760 } else if (exponent == 2.0) {
8761 result = NewUncasted<HMul>(left, left);
8765 if (result == NULL) {
8766 result = NewUncasted<HPower>(left, right);
8768 ast_context()->ReturnInstruction(result, expr->id());
8774 if (argument_count == 3) {
8775 HValue* right = Pop();
8776 HValue* left = Pop();
8777 Drop(2); // Receiver and function.
8778 HMathMinMax::Operation op = (id == kMathMin) ? HMathMinMax::kMathMin
8779 : HMathMinMax::kMathMax;
8780 HInstruction* result = NewUncasted<HMathMinMax>(left, right, op);
8781 ast_context()->ReturnInstruction(result, expr->id());
8786 if (argument_count == 3) {
8787 HValue* right = Pop();
8788 HValue* left = Pop();
8789 Drop(2); // Receiver and function.
8790 HInstruction* result =
8791 HMul::NewImul(isolate(), zone(), context(), left, right);
8792 ast_context()->ReturnInstruction(result, expr->id());
8797 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8798 ElementsKind elements_kind = receiver_map->elements_kind();
8800 Drop(args_count_no_receiver);
8802 HValue* reduced_length;
8803 HValue* receiver = Pop();
8805 HValue* checked_object = AddCheckMap(receiver, receiver_map);
8807 Add<HLoadNamedField>(checked_object, nullptr,
8808 HObjectAccess::ForArrayLength(elements_kind));
8810 Drop(1); // Function.
8812 { NoObservableSideEffectsScope scope(this);
8813 IfBuilder length_checker(this);
8815 HValue* bounds_check = length_checker.If<HCompareNumericAndBranch>(
8816 length, graph()->GetConstant0(), Token::EQ);
8817 length_checker.Then();
8819 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8821 length_checker.Else();
8822 HValue* elements = AddLoadElements(checked_object);
8823 // Ensure that we aren't popping from a copy-on-write array.
8824 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8825 elements = BuildCopyElementsOnWrite(checked_object, elements,
8826 elements_kind, length);
8828 reduced_length = AddUncasted<HSub>(length, graph()->GetConstant1());
8829 result = AddElementAccess(elements, reduced_length, NULL,
8830 bounds_check, elements_kind, LOAD);
8831 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
8832 ? graph()->GetConstantHole()
8833 : Add<HConstant>(HConstant::kHoleNaN);
8834 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8835 elements_kind = FAST_HOLEY_ELEMENTS;
8838 elements, reduced_length, hole, bounds_check, elements_kind, STORE);
8839 Add<HStoreNamedField>(
8840 checked_object, HObjectAccess::ForArrayLength(elements_kind),
8841 reduced_length, STORE_TO_INITIALIZED_ENTRY);
8843 if (!ast_context()->IsEffect()) Push(result);
8845 length_checker.End();
8847 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8848 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8849 if (!ast_context()->IsEffect()) Drop(1);
8851 ast_context()->ReturnValue(result);
8855 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8856 ElementsKind elements_kind = receiver_map->elements_kind();
8858 // If there may be elements accessors in the prototype chain, the fast
8859 // inlined version can't be used.
8860 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8861 // If there currently can be no elements accessors on the prototype chain,
8862 // it doesn't mean that there won't be any later. Install a full prototype
8863 // chain check to trap element accessors being installed on the prototype
8864 // chain, which would cause elements to go to dictionary mode and result
8866 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
8867 BuildCheckPrototypeMaps(prototype, Handle<JSObject>());
8869 // Protect against adding elements to the Array prototype, which needs to
8870 // route through appropriate bottlenecks.
8871 if (isolate()->IsFastArrayConstructorPrototypeChainIntact() &&
8872 !prototype->IsJSArray()) {
8876 const int argc = args_count_no_receiver;
8877 if (argc != 1) return false;
8879 HValue* value_to_push = Pop();
8880 HValue* array = Pop();
8881 Drop(1); // Drop function.
8883 HInstruction* new_size = NULL;
8884 HValue* length = NULL;
8887 NoObservableSideEffectsScope scope(this);
8889 length = Add<HLoadNamedField>(
8890 array, nullptr, HObjectAccess::ForArrayLength(elements_kind));
8892 new_size = AddUncasted<HAdd>(length, graph()->GetConstant1());
8894 bool is_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
8895 HValue* checked_array = Add<HCheckMaps>(array, receiver_map);
8896 BuildUncheckedMonomorphicElementAccess(
8897 checked_array, length, value_to_push, is_array, elements_kind,
8898 STORE, NEVER_RETURN_HOLE, STORE_AND_GROW_NO_TRANSITION);
8900 if (!ast_context()->IsEffect()) Push(new_size);
8901 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8902 if (!ast_context()->IsEffect()) Drop(1);
8905 ast_context()->ReturnValue(new_size);
8909 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8910 ElementsKind kind = receiver_map->elements_kind();
8912 // If there may be elements accessors in the prototype chain, the fast
8913 // inlined version can't be used.
8914 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8916 // If there currently can be no elements accessors on the prototype chain,
8917 // it doesn't mean that there won't be any later. Install a full prototype
8918 // chain check to trap element accessors being installed on the prototype
8919 // chain, which would cause elements to go to dictionary mode and result
8921 BuildCheckPrototypeMaps(
8922 handle(JSObject::cast(receiver_map->prototype()), isolate()),
8923 Handle<JSObject>::null());
8925 // Threshold for fast inlined Array.shift().
8926 HConstant* inline_threshold = Add<HConstant>(static_cast<int32_t>(16));
8928 Drop(args_count_no_receiver);
8929 HValue* receiver = Pop();
8930 HValue* function = Pop();
8934 NoObservableSideEffectsScope scope(this);
8936 HValue* length = Add<HLoadNamedField>(
8937 receiver, nullptr, HObjectAccess::ForArrayLength(kind));
8939 IfBuilder if_lengthiszero(this);
8940 HValue* lengthiszero = if_lengthiszero.If<HCompareNumericAndBranch>(
8941 length, graph()->GetConstant0(), Token::EQ);
8942 if_lengthiszero.Then();
8944 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8946 if_lengthiszero.Else();
8948 HValue* elements = AddLoadElements(receiver);
8950 // Check if we can use the fast inlined Array.shift().
8951 IfBuilder if_inline(this);
8952 if_inline.If<HCompareNumericAndBranch>(
8953 length, inline_threshold, Token::LTE);
8954 if (IsFastSmiOrObjectElementsKind(kind)) {
8955 // We cannot handle copy-on-write backing stores here.
8956 if_inline.AndIf<HCompareMap>(
8957 elements, isolate()->factory()->fixed_array_map());
8961 // Remember the result.
8962 if (!ast_context()->IsEffect()) {
8963 Push(AddElementAccess(elements, graph()->GetConstant0(), NULL,
8964 lengthiszero, kind, LOAD));
8967 // Compute the new length.
8968 HValue* new_length = AddUncasted<HSub>(
8969 length, graph()->GetConstant1());
8970 new_length->ClearFlag(HValue::kCanOverflow);
8972 // Copy the remaining elements.
8973 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
8975 HValue* new_key = loop.BeginBody(
8976 graph()->GetConstant0(), new_length, Token::LT);
8977 HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1());
8978 key->ClearFlag(HValue::kCanOverflow);
8979 ElementsKind copy_kind =
8980 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
8981 HValue* element = AddUncasted<HLoadKeyed>(
8982 elements, key, lengthiszero, copy_kind, ALLOW_RETURN_HOLE);
8983 HStoreKeyed* store =
8984 Add<HStoreKeyed>(elements, new_key, element, copy_kind);
8985 store->SetFlag(HValue::kAllowUndefinedAsNaN);
8989 // Put a hole at the end.
8990 HValue* hole = IsFastSmiOrObjectElementsKind(kind)
8991 ? graph()->GetConstantHole()
8992 : Add<HConstant>(HConstant::kHoleNaN);
8993 if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS;
8995 elements, new_length, hole, kind, INITIALIZING_STORE);
8997 // Remember new length.
8998 Add<HStoreNamedField>(
8999 receiver, HObjectAccess::ForArrayLength(kind),
9000 new_length, STORE_TO_INITIALIZED_ENTRY);
9004 Add<HPushArguments>(receiver);
9005 result = Add<HCallJSFunction>(function, 1, true);
9006 if (!ast_context()->IsEffect()) Push(result);
9010 if_lengthiszero.End();
9012 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
9013 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
9014 if (!ast_context()->IsEffect()) Drop(1);
9015 ast_context()->ReturnValue(result);
9019 case kArrayLastIndexOf: {
9020 if (receiver_map.is_null()) return false;
9021 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
9022 ElementsKind kind = receiver_map->elements_kind();
9023 if (!IsFastElementsKind(kind)) return false;
9024 if (receiver_map->is_observed()) return false;
9025 if (argument_count != 2) return false;
9026 if (!receiver_map->is_extensible()) return false;
9028 // If there may be elements accessors in the prototype chain, the fast
9029 // inlined version can't be used.
9030 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
9032 // If there currently can be no elements accessors on the prototype chain,
9033 // it doesn't mean that there won't be any later. Install a full prototype
9034 // chain check to trap element accessors being installed on the prototype
9035 // chain, which would cause elements to go to dictionary mode and result
9037 BuildCheckPrototypeMaps(
9038 handle(JSObject::cast(receiver_map->prototype()), isolate()),
9039 Handle<JSObject>::null());
9041 HValue* search_element = Pop();
9042 HValue* receiver = Pop();
9043 Drop(1); // Drop function.
9045 ArrayIndexOfMode mode = (id == kArrayIndexOf)
9046 ? kFirstIndexOf : kLastIndexOf;
9047 HValue* index = BuildArrayIndexOf(receiver, search_element, kind, mode);
9049 if (!ast_context()->IsEffect()) Push(index);
9050 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
9051 if (!ast_context()->IsEffect()) Drop(1);
9052 ast_context()->ReturnValue(index);
9056 // Not yet supported for inlining.
9063 bool HOptimizedGraphBuilder::TryInlineApiFunctionCall(Call* expr,
9065 Handle<JSFunction> function = expr->target();
9066 int argc = expr->arguments()->length();
9067 SmallMapList receiver_maps;
9068 return TryInlineApiCall(function,
9077 bool HOptimizedGraphBuilder::TryInlineApiMethodCall(
9080 SmallMapList* receiver_maps) {
9081 Handle<JSFunction> function = expr->target();
9082 int argc = expr->arguments()->length();
9083 return TryInlineApiCall(function,
9092 bool HOptimizedGraphBuilder::TryInlineApiGetter(Handle<JSFunction> function,
9093 Handle<Map> receiver_map,
9095 SmallMapList receiver_maps(1, zone());
9096 receiver_maps.Add(receiver_map, zone());
9097 return TryInlineApiCall(function,
9098 NULL, // Receiver is on expression stack.
9106 bool HOptimizedGraphBuilder::TryInlineApiSetter(Handle<JSFunction> function,
9107 Handle<Map> receiver_map,
9109 SmallMapList receiver_maps(1, zone());
9110 receiver_maps.Add(receiver_map, zone());
9111 return TryInlineApiCall(function,
9112 NULL, // Receiver is on expression stack.
9120 bool HOptimizedGraphBuilder::TryInlineApiCall(Handle<JSFunction> function,
9122 SmallMapList* receiver_maps,
9125 ApiCallType call_type) {
9126 if (function->context()->native_context() !=
9127 top_info()->closure()->context()->native_context()) {
9130 CallOptimization optimization(function);
9131 if (!optimization.is_simple_api_call()) return false;
9132 Handle<Map> holder_map;
9133 for (int i = 0; i < receiver_maps->length(); ++i) {
9134 auto map = receiver_maps->at(i);
9135 // Don't inline calls to receivers requiring accesschecks.
9136 if (map->is_access_check_needed()) return false;
9138 if (call_type == kCallApiFunction) {
9139 // Cannot embed a direct reference to the global proxy map
9140 // as it maybe dropped on deserialization.
9141 CHECK(!isolate()->serializer_enabled());
9142 DCHECK_EQ(0, receiver_maps->length());
9143 receiver_maps->Add(handle(function->global_proxy()->map()), zone());
9145 CallOptimization::HolderLookup holder_lookup =
9146 CallOptimization::kHolderNotFound;
9147 Handle<JSObject> api_holder = optimization.LookupHolderOfExpectedType(
9148 receiver_maps->first(), &holder_lookup);
9149 if (holder_lookup == CallOptimization::kHolderNotFound) return false;
9151 if (FLAG_trace_inlining) {
9152 PrintF("Inlining api function ");
9153 function->ShortPrint();
9157 bool is_function = false;
9158 bool is_store = false;
9159 switch (call_type) {
9160 case kCallApiFunction:
9161 case kCallApiMethod:
9162 // Need to check that none of the receiver maps could have changed.
9163 Add<HCheckMaps>(receiver, receiver_maps);
9164 // Need to ensure the chain between receiver and api_holder is intact.
9165 if (holder_lookup == CallOptimization::kHolderFound) {
9166 AddCheckPrototypeMaps(api_holder, receiver_maps->first());
9168 DCHECK_EQ(holder_lookup, CallOptimization::kHolderIsReceiver);
9170 // Includes receiver.
9171 PushArgumentsFromEnvironment(argc + 1);
9174 case kCallApiGetter:
9175 // Receiver and prototype chain cannot have changed.
9177 DCHECK_NULL(receiver);
9178 // Receiver is on expression stack.
9180 Add<HPushArguments>(receiver);
9182 case kCallApiSetter:
9185 // Receiver and prototype chain cannot have changed.
9187 DCHECK_NULL(receiver);
9188 // Receiver and value are on expression stack.
9189 HValue* value = Pop();
9191 Add<HPushArguments>(receiver, value);
9196 HValue* holder = NULL;
9197 switch (holder_lookup) {
9198 case CallOptimization::kHolderFound:
9199 holder = Add<HConstant>(api_holder);
9201 case CallOptimization::kHolderIsReceiver:
9204 case CallOptimization::kHolderNotFound:
9208 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
9209 Handle<Object> call_data_obj(api_call_info->data(), isolate());
9210 bool call_data_undefined = call_data_obj->IsUndefined();
9211 HValue* call_data = Add<HConstant>(call_data_obj);
9212 ApiFunction fun(v8::ToCData<Address>(api_call_info->callback()));
9213 ExternalReference ref = ExternalReference(&fun,
9214 ExternalReference::DIRECT_API_CALL,
9216 HValue* api_function_address = Add<HConstant>(ExternalReference(ref));
9218 HValue* op_vals[] = {context(), Add<HConstant>(function), call_data, holder,
9219 api_function_address, nullptr};
9221 HInstruction* call = nullptr;
9223 CallApiAccessorStub stub(isolate(), is_store, call_data_undefined);
9224 Handle<Code> code = stub.GetCode();
9225 HConstant* code_value = Add<HConstant>(code);
9226 ApiAccessorDescriptor descriptor(isolate());
9227 call = New<HCallWithDescriptor>(
9228 code_value, argc + 1, descriptor,
9229 Vector<HValue*>(op_vals, arraysize(op_vals) - 1));
9230 } else if (argc <= CallApiFunctionWithFixedArgsStub::kMaxFixedArgs) {
9231 CallApiFunctionWithFixedArgsStub stub(isolate(), argc, call_data_undefined);
9232 Handle<Code> code = stub.GetCode();
9233 HConstant* code_value = Add<HConstant>(code);
9234 ApiFunctionWithFixedArgsDescriptor descriptor(isolate());
9235 call = New<HCallWithDescriptor>(
9236 code_value, argc + 1, descriptor,
9237 Vector<HValue*>(op_vals, arraysize(op_vals) - 1));
9238 Drop(1); // Drop function.
9240 op_vals[arraysize(op_vals) - 1] = Add<HConstant>(argc);
9241 CallApiFunctionStub stub(isolate(), call_data_undefined);
9242 Handle<Code> code = stub.GetCode();
9243 HConstant* code_value = Add<HConstant>(code);
9244 ApiFunctionDescriptor descriptor(isolate());
9246 New<HCallWithDescriptor>(code_value, argc + 1, descriptor,
9247 Vector<HValue*>(op_vals, arraysize(op_vals)));
9248 Drop(1); // Drop function.
9251 ast_context()->ReturnInstruction(call, ast_id);
9256 void HOptimizedGraphBuilder::HandleIndirectCall(Call* expr, HValue* function,
9257 int arguments_count) {
9258 Handle<JSFunction> known_function;
9259 int args_count_no_receiver = arguments_count - 1;
9260 if (function->IsConstant() &&
9261 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9263 Handle<JSFunction>::cast(HConstant::cast(function)->handle(isolate()));
9264 if (TryInlineBuiltinMethodCall(expr, known_function, Handle<Map>(),
9265 args_count_no_receiver)) {
9266 if (FLAG_trace_inlining) {
9267 PrintF("Inlining builtin ");
9268 known_function->ShortPrint();
9274 if (TryInlineIndirectCall(known_function, expr, args_count_no_receiver)) {
9279 PushArgumentsFromEnvironment(arguments_count);
9280 HInvokeFunction* call =
9281 New<HInvokeFunction>(function, known_function, arguments_count);
9282 Drop(1); // Function
9283 ast_context()->ReturnInstruction(call, expr->id());
9287 bool HOptimizedGraphBuilder::TryIndirectCall(Call* expr) {
9288 DCHECK(expr->expression()->IsProperty());
9290 if (!expr->IsMonomorphic()) {
9293 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9294 if (function_map->instance_type() != JS_FUNCTION_TYPE ||
9295 !expr->target()->shared()->HasBuiltinFunctionId()) {
9299 switch (expr->target()->shared()->builtin_function_id()) {
9300 case kFunctionCall: {
9301 if (expr->arguments()->length() == 0) return false;
9302 BuildFunctionCall(expr);
9305 case kFunctionApply: {
9306 // For .apply, only the pattern f.apply(receiver, arguments)
9308 if (current_info()->scope()->arguments() == NULL) return false;
9310 if (!CanBeFunctionApplyArguments(expr)) return false;
9312 BuildFunctionApply(expr);
9315 default: { return false; }
9321 void HOptimizedGraphBuilder::BuildFunctionApply(Call* expr) {
9322 ZoneList<Expression*>* args = expr->arguments();
9323 CHECK_ALIVE(VisitForValue(args->at(0)));
9324 HValue* receiver = Pop(); // receiver
9325 HValue* function = Pop(); // f
9328 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9329 HValue* checked_function = AddCheckMap(function, function_map);
9331 if (function_state()->outer() == NULL) {
9332 HInstruction* elements = Add<HArgumentsElements>(false);
9333 HInstruction* length = Add<HArgumentsLength>(elements);
9334 HValue* wrapped_receiver = BuildWrapReceiver(receiver, checked_function);
9335 HInstruction* result = New<HApplyArguments>(function,
9339 ast_context()->ReturnInstruction(result, expr->id());
9341 // We are inside inlined function and we know exactly what is inside
9342 // arguments object. But we need to be able to materialize at deopt.
9343 DCHECK_EQ(environment()->arguments_environment()->parameter_count(),
9344 function_state()->entry()->arguments_object()->arguments_count());
9345 HArgumentsObject* args = function_state()->entry()->arguments_object();
9346 const ZoneList<HValue*>* arguments_values = args->arguments_values();
9347 int arguments_count = arguments_values->length();
9349 Push(BuildWrapReceiver(receiver, checked_function));
9350 for (int i = 1; i < arguments_count; i++) {
9351 Push(arguments_values->at(i));
9353 HandleIndirectCall(expr, function, arguments_count);
9359 void HOptimizedGraphBuilder::BuildFunctionCall(Call* expr) {
9360 HValue* function = Top(); // f
9361 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9362 HValue* checked_function = AddCheckMap(function, function_map);
9364 // f and call are on the stack in the unoptimized code
9365 // during evaluation of the arguments.
9366 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9368 int args_length = expr->arguments()->length();
9369 int receiver_index = args_length - 1;
9370 // Patch the receiver.
9371 HValue* receiver = BuildWrapReceiver(
9372 environment()->ExpressionStackAt(receiver_index), checked_function);
9373 environment()->SetExpressionStackAt(receiver_index, receiver);
9375 // Call must not be on the stack from now on.
9376 int call_index = args_length + 1;
9377 environment()->RemoveExpressionStackAt(call_index);
9379 HandleIndirectCall(expr, function, args_length);
9383 HValue* HOptimizedGraphBuilder::ImplicitReceiverFor(HValue* function,
9384 Handle<JSFunction> target) {
9385 SharedFunctionInfo* shared = target->shared();
9386 if (is_sloppy(shared->language_mode()) && !shared->native()) {
9387 // Cannot embed a direct reference to the global proxy
9388 // as is it dropped on deserialization.
9389 CHECK(!isolate()->serializer_enabled());
9390 Handle<JSObject> global_proxy(target->context()->global_proxy());
9391 return Add<HConstant>(global_proxy);
9393 return graph()->GetConstantUndefined();
9397 void HOptimizedGraphBuilder::BuildArrayCall(Expression* expression,
9398 int arguments_count,
9400 Handle<AllocationSite> site) {
9401 Add<HCheckValue>(function, array_function());
9403 if (IsCallArrayInlineable(arguments_count, site)) {
9404 BuildInlinedCallArray(expression, arguments_count, site);
9408 HInstruction* call = PreProcessCall(New<HCallNewArray>(
9409 function, arguments_count + 1, site->GetElementsKind(), site));
9410 if (expression->IsCall()) {
9413 ast_context()->ReturnInstruction(call, expression->id());
9417 HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver,
9418 HValue* search_element,
9420 ArrayIndexOfMode mode) {
9421 DCHECK(IsFastElementsKind(kind));
9423 NoObservableSideEffectsScope no_effects(this);
9425 HValue* elements = AddLoadElements(receiver);
9426 HValue* length = AddLoadArrayLength(receiver, kind);
9429 HValue* terminating;
9431 LoopBuilder::Direction direction;
9432 if (mode == kFirstIndexOf) {
9433 initial = graph()->GetConstant0();
9434 terminating = length;
9436 direction = LoopBuilder::kPostIncrement;
9438 DCHECK_EQ(kLastIndexOf, mode);
9440 terminating = graph()->GetConstant0();
9442 direction = LoopBuilder::kPreDecrement;
9445 Push(graph()->GetConstantMinus1());
9446 if (IsFastDoubleElementsKind(kind) || IsFastSmiElementsKind(kind)) {
9447 // Make sure that we can actually compare numbers correctly below, see
9448 // https://code.google.com/p/chromium/issues/detail?id=407946 for details.
9449 search_element = AddUncasted<HForceRepresentation>(
9450 search_element, IsFastSmiElementsKind(kind) ? Representation::Smi()
9451 : Representation::Double());
9453 LoopBuilder loop(this, context(), direction);
9455 HValue* index = loop.BeginBody(initial, terminating, token);
9456 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr, kind,
9458 IfBuilder if_issame(this);
9459 if_issame.If<HCompareNumericAndBranch>(element, search_element,
9471 IfBuilder if_isstring(this);
9472 if_isstring.If<HIsStringAndBranch>(search_element);
9475 LoopBuilder loop(this, context(), direction);
9477 HValue* index = loop.BeginBody(initial, terminating, token);
9478 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9479 kind, ALLOW_RETURN_HOLE);
9480 IfBuilder if_issame(this);
9481 if_issame.If<HIsStringAndBranch>(element);
9482 if_issame.AndIf<HStringCompareAndBranch>(
9483 element, search_element, Token::EQ_STRICT);
9496 IfBuilder if_isnumber(this);
9497 if_isnumber.If<HIsSmiAndBranch>(search_element);
9498 if_isnumber.OrIf<HCompareMap>(
9499 search_element, isolate()->factory()->heap_number_map());
9502 HValue* search_number =
9503 AddUncasted<HForceRepresentation>(search_element,
9504 Representation::Double());
9505 LoopBuilder loop(this, context(), direction);
9507 HValue* index = loop.BeginBody(initial, terminating, token);
9508 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9509 kind, ALLOW_RETURN_HOLE);
9511 IfBuilder if_element_isnumber(this);
9512 if_element_isnumber.If<HIsSmiAndBranch>(element);
9513 if_element_isnumber.OrIf<HCompareMap>(
9514 element, isolate()->factory()->heap_number_map());
9515 if_element_isnumber.Then();
9518 AddUncasted<HForceRepresentation>(element,
9519 Representation::Double());
9520 IfBuilder if_issame(this);
9521 if_issame.If<HCompareNumericAndBranch>(
9522 number, search_number, Token::EQ_STRICT);
9531 if_element_isnumber.End();
9537 LoopBuilder loop(this, context(), direction);
9539 HValue* index = loop.BeginBody(initial, terminating, token);
9540 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9541 kind, ALLOW_RETURN_HOLE);
9542 IfBuilder if_issame(this);
9543 if_issame.If<HCompareObjectEqAndBranch>(
9544 element, search_element);
9564 bool HOptimizedGraphBuilder::TryHandleArrayCall(Call* expr, HValue* function) {
9565 if (!array_function().is_identical_to(expr->target())) {
9569 Handle<AllocationSite> site = expr->allocation_site();
9570 if (site.is_null()) return false;
9572 BuildArrayCall(expr,
9573 expr->arguments()->length(),
9580 bool HOptimizedGraphBuilder::TryHandleArrayCallNew(CallNew* expr,
9582 if (!array_function().is_identical_to(expr->target())) {
9586 Handle<AllocationSite> site = expr->allocation_site();
9587 if (site.is_null()) return false;
9589 BuildArrayCall(expr, expr->arguments()->length(), function, site);
9594 bool HOptimizedGraphBuilder::CanBeFunctionApplyArguments(Call* expr) {
9595 ZoneList<Expression*>* args = expr->arguments();
9596 if (args->length() != 2) return false;
9597 VariableProxy* arg_two = args->at(1)->AsVariableProxy();
9598 if (arg_two == NULL || !arg_two->var()->IsStackAllocated()) return false;
9599 HValue* arg_two_value = LookupAndMakeLive(arg_two->var());
9600 if (!arg_two_value->CheckFlag(HValue::kIsArguments)) return false;
9605 void HOptimizedGraphBuilder::VisitCall(Call* expr) {
9606 DCHECK(!HasStackOverflow());
9607 DCHECK(current_block() != NULL);
9608 DCHECK(current_block()->HasPredecessor());
9609 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
9610 Expression* callee = expr->expression();
9611 int argument_count = expr->arguments()->length() + 1; // Plus receiver.
9612 HInstruction* call = NULL;
9614 Property* prop = callee->AsProperty();
9616 CHECK_ALIVE(VisitForValue(prop->obj()));
9617 HValue* receiver = Top();
9620 ComputeReceiverTypes(expr, receiver, &maps, zone());
9622 if (prop->key()->IsPropertyName() && maps->length() > 0) {
9623 Handle<String> name = prop->key()->AsLiteral()->AsPropertyName();
9624 PropertyAccessInfo info(this, LOAD, maps->first(), name);
9625 if (!info.CanAccessAsMonomorphic(maps)) {
9626 HandlePolymorphicCallNamed(expr, receiver, maps, name);
9631 if (!prop->key()->IsPropertyName()) {
9632 CHECK_ALIVE(VisitForValue(prop->key()));
9636 CHECK_ALIVE(PushLoad(prop, receiver, key));
9637 HValue* function = Pop();
9639 if (function->IsConstant() &&
9640 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9641 // Push the function under the receiver.
9642 environment()->SetExpressionStackAt(0, function);
9645 Handle<JSFunction> known_function = Handle<JSFunction>::cast(
9646 HConstant::cast(function)->handle(isolate()));
9647 expr->set_target(known_function);
9649 if (TryIndirectCall(expr)) return;
9650 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9652 Handle<Map> map = maps->length() == 1 ? maps->first() : Handle<Map>();
9653 if (TryInlineBuiltinMethodCall(expr, known_function, map,
9654 expr->arguments()->length())) {
9655 if (FLAG_trace_inlining) {
9656 PrintF("Inlining builtin ");
9657 known_function->ShortPrint();
9662 if (TryInlineApiMethodCall(expr, receiver, maps)) return;
9664 // Wrap the receiver if necessary.
9665 if (NeedsWrapping(maps->first(), known_function)) {
9666 // Since HWrapReceiver currently cannot actually wrap numbers and
9667 // strings, use the regular CallFunctionStub for method calls to wrap
9669 // TODO(verwaest): Support creation of value wrappers directly in
9671 call = New<HCallFunction>(
9672 function, argument_count, WRAP_AND_CALL);
9673 } else if (TryInlineCall(expr)) {
9676 call = BuildCallConstantFunction(known_function, argument_count);
9680 ArgumentsAllowedFlag arguments_flag = ARGUMENTS_NOT_ALLOWED;
9681 if (CanBeFunctionApplyArguments(expr) && expr->is_uninitialized()) {
9682 // We have to use EAGER deoptimization here because Deoptimizer::SOFT
9683 // gets ignored by the always-opt flag, which leads to incorrect code.
9685 Deoptimizer::kInsufficientTypeFeedbackForCallWithArguments,
9686 Deoptimizer::EAGER);
9687 arguments_flag = ARGUMENTS_FAKED;
9690 // Push the function under the receiver.
9691 environment()->SetExpressionStackAt(0, function);
9694 CHECK_ALIVE(VisitExpressions(expr->arguments(), arguments_flag));
9695 CallFunctionFlags flags = receiver->type().IsJSObject()
9696 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
9697 call = New<HCallFunction>(function, argument_count, flags);
9699 PushArgumentsFromEnvironment(argument_count);
9702 VariableProxy* proxy = expr->expression()->AsVariableProxy();
9703 if (proxy != NULL && proxy->var()->is_possibly_eval(isolate())) {
9704 return Bailout(kPossibleDirectCallToEval);
9707 // The function is on the stack in the unoptimized code during
9708 // evaluation of the arguments.
9709 CHECK_ALIVE(VisitForValue(expr->expression()));
9710 HValue* function = Top();
9711 if (function->IsConstant() &&
9712 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9713 Handle<Object> constant = HConstant::cast(function)->handle(isolate());
9714 Handle<JSFunction> target = Handle<JSFunction>::cast(constant);
9715 expr->SetKnownGlobalTarget(target);
9718 // Placeholder for the receiver.
9719 Push(graph()->GetConstantUndefined());
9720 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9722 if (expr->IsMonomorphic()) {
9723 Add<HCheckValue>(function, expr->target());
9725 // Patch the global object on the stack by the expected receiver.
9726 HValue* receiver = ImplicitReceiverFor(function, expr->target());
9727 const int receiver_index = argument_count - 1;
9728 environment()->SetExpressionStackAt(receiver_index, receiver);
9730 if (TryInlineBuiltinFunctionCall(expr)) {
9731 if (FLAG_trace_inlining) {
9732 PrintF("Inlining builtin ");
9733 expr->target()->ShortPrint();
9738 if (TryInlineApiFunctionCall(expr, receiver)) return;
9739 if (TryHandleArrayCall(expr, function)) return;
9740 if (TryInlineCall(expr)) return;
9742 PushArgumentsFromEnvironment(argument_count);
9743 call = BuildCallConstantFunction(expr->target(), argument_count);
9745 PushArgumentsFromEnvironment(argument_count);
9746 HCallFunction* call_function =
9747 New<HCallFunction>(function, argument_count);
9748 call = call_function;
9749 if (expr->is_uninitialized() &&
9750 expr->IsUsingCallFeedbackICSlot(isolate())) {
9751 // We've never seen this call before, so let's have Crankshaft learn
9752 // through the type vector.
9753 Handle<TypeFeedbackVector> vector =
9754 handle(current_feedback_vector(), isolate());
9755 FeedbackVectorICSlot slot = expr->CallFeedbackICSlot();
9756 call_function->SetVectorAndSlot(vector, slot);
9761 Drop(1); // Drop the function.
9762 return ast_context()->ReturnInstruction(call, expr->id());
9766 void HOptimizedGraphBuilder::BuildInlinedCallArray(
9767 Expression* expression,
9769 Handle<AllocationSite> site) {
9770 DCHECK(!site.is_null());
9771 DCHECK(argument_count >= 0 && argument_count <= 1);
9772 NoObservableSideEffectsScope no_effects(this);
9774 // We should at least have the constructor on the expression stack.
9775 HValue* constructor = environment()->ExpressionStackAt(argument_count);
9777 // Register on the site for deoptimization if the transition feedback changes.
9778 top_info()->dependencies()->AssumeTransitionStable(site);
9779 ElementsKind kind = site->GetElementsKind();
9780 HInstruction* site_instruction = Add<HConstant>(site);
9782 // In the single constant argument case, we may have to adjust elements kind
9783 // to avoid creating a packed non-empty array.
9784 if (argument_count == 1 && !IsHoleyElementsKind(kind)) {
9785 HValue* argument = environment()->Top();
9786 if (argument->IsConstant()) {
9787 HConstant* constant_argument = HConstant::cast(argument);
9788 DCHECK(constant_argument->HasSmiValue());
9789 int constant_array_size = constant_argument->Integer32Value();
9790 if (constant_array_size != 0) {
9791 kind = GetHoleyElementsKind(kind);
9797 JSArrayBuilder array_builder(this,
9801 DISABLE_ALLOCATION_SITES);
9802 HValue* new_object = argument_count == 0
9803 ? array_builder.AllocateEmptyArray()
9804 : BuildAllocateArrayFromLength(&array_builder, Top());
9806 int args_to_drop = argument_count + (expression->IsCall() ? 2 : 1);
9808 ast_context()->ReturnValue(new_object);
9812 // Checks whether allocation using the given constructor can be inlined.
9813 static bool IsAllocationInlineable(Handle<JSFunction> constructor) {
9814 return constructor->has_initial_map() &&
9815 constructor->initial_map()->instance_type() == JS_OBJECT_TYPE &&
9816 constructor->initial_map()->instance_size() <
9817 HAllocate::kMaxInlineSize;
9821 bool HOptimizedGraphBuilder::IsCallArrayInlineable(
9823 Handle<AllocationSite> site) {
9824 Handle<JSFunction> caller = current_info()->closure();
9825 Handle<JSFunction> target = array_function();
9826 // We should have the function plus array arguments on the environment stack.
9827 DCHECK(environment()->length() >= (argument_count + 1));
9828 DCHECK(!site.is_null());
9830 bool inline_ok = false;
9831 if (site->CanInlineCall()) {
9832 // We also want to avoid inlining in certain 1 argument scenarios.
9833 if (argument_count == 1) {
9834 HValue* argument = Top();
9835 if (argument->IsConstant()) {
9836 // Do not inline if the constant length argument is not a smi or
9837 // outside the valid range for unrolled loop initialization.
9838 HConstant* constant_argument = HConstant::cast(argument);
9839 if (constant_argument->HasSmiValue()) {
9840 int value = constant_argument->Integer32Value();
9841 inline_ok = value >= 0 && value <= kElementLoopUnrollThreshold;
9843 TraceInline(target, caller,
9844 "Constant length outside of valid inlining range.");
9848 TraceInline(target, caller,
9849 "Dont inline [new] Array(n) where n isn't constant.");
9851 } else if (argument_count == 0) {
9854 TraceInline(target, caller, "Too many arguments to inline.");
9857 TraceInline(target, caller, "AllocationSite requested no inlining.");
9861 TraceInline(target, caller, NULL);
9867 void HOptimizedGraphBuilder::VisitCallNew(CallNew* expr) {
9868 DCHECK(!HasStackOverflow());
9869 DCHECK(current_block() != NULL);
9870 DCHECK(current_block()->HasPredecessor());
9871 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
9872 int argument_count = expr->arguments()->length() + 1; // Plus constructor.
9873 Factory* factory = isolate()->factory();
9875 // The constructor function is on the stack in the unoptimized code
9876 // during evaluation of the arguments.
9877 CHECK_ALIVE(VisitForValue(expr->expression()));
9878 HValue* function = Top();
9879 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9881 if (function->IsConstant() &&
9882 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9883 Handle<Object> constant = HConstant::cast(function)->handle(isolate());
9884 expr->SetKnownGlobalTarget(Handle<JSFunction>::cast(constant));
9887 if (FLAG_inline_construct &&
9888 expr->IsMonomorphic() &&
9889 IsAllocationInlineable(expr->target())) {
9890 Handle<JSFunction> constructor = expr->target();
9891 HValue* check = Add<HCheckValue>(function, constructor);
9893 // Force completion of inobject slack tracking before generating
9894 // allocation code to finalize instance size.
9895 if (constructor->IsInobjectSlackTrackingInProgress()) {
9896 constructor->CompleteInobjectSlackTracking();
9899 // Calculate instance size from initial map of constructor.
9900 DCHECK(constructor->has_initial_map());
9901 Handle<Map> initial_map(constructor->initial_map());
9902 int instance_size = initial_map->instance_size();
9904 // Allocate an instance of the implicit receiver object.
9905 HValue* size_in_bytes = Add<HConstant>(instance_size);
9906 HAllocationMode allocation_mode;
9907 if (FLAG_pretenuring_call_new) {
9908 if (FLAG_allocation_site_pretenuring) {
9909 // Try to use pretenuring feedback.
9910 Handle<AllocationSite> allocation_site = expr->allocation_site();
9911 allocation_mode = HAllocationMode(allocation_site);
9912 // Take a dependency on allocation site.
9913 top_info()->dependencies()->AssumeTenuringDecision(allocation_site);
9917 HAllocate* receiver = BuildAllocate(
9918 size_in_bytes, HType::JSObject(), JS_OBJECT_TYPE, allocation_mode);
9919 receiver->set_known_initial_map(initial_map);
9921 // Initialize map and fields of the newly allocated object.
9922 { NoObservableSideEffectsScope no_effects(this);
9923 DCHECK(initial_map->instance_type() == JS_OBJECT_TYPE);
9924 Add<HStoreNamedField>(receiver,
9925 HObjectAccess::ForMapAndOffset(initial_map, JSObject::kMapOffset),
9926 Add<HConstant>(initial_map));
9927 HValue* empty_fixed_array = Add<HConstant>(factory->empty_fixed_array());
9928 Add<HStoreNamedField>(receiver,
9929 HObjectAccess::ForMapAndOffset(initial_map,
9930 JSObject::kPropertiesOffset),
9932 Add<HStoreNamedField>(receiver,
9933 HObjectAccess::ForMapAndOffset(initial_map,
9934 JSObject::kElementsOffset),
9936 BuildInitializeInobjectProperties(receiver, initial_map);
9939 // Replace the constructor function with a newly allocated receiver using
9940 // the index of the receiver from the top of the expression stack.
9941 const int receiver_index = argument_count - 1;
9942 DCHECK(environment()->ExpressionStackAt(receiver_index) == function);
9943 environment()->SetExpressionStackAt(receiver_index, receiver);
9945 if (TryInlineConstruct(expr, receiver)) {
9946 // Inlining worked, add a dependency on the initial map to make sure that
9947 // this code is deoptimized whenever the initial map of the constructor
9949 top_info()->dependencies()->AssumeInitialMapCantChange(initial_map);
9953 // TODO(mstarzinger): For now we remove the previous HAllocate and all
9954 // corresponding instructions and instead add HPushArguments for the
9955 // arguments in case inlining failed. What we actually should do is for
9956 // inlining to try to build a subgraph without mutating the parent graph.
9957 HInstruction* instr = current_block()->last();
9959 HInstruction* prev_instr = instr->previous();
9960 instr->DeleteAndReplaceWith(NULL);
9962 } while (instr != check);
9963 environment()->SetExpressionStackAt(receiver_index, function);
9964 HInstruction* call =
9965 PreProcessCall(New<HCallNew>(function, argument_count));
9966 return ast_context()->ReturnInstruction(call, expr->id());
9968 // The constructor function is both an operand to the instruction and an
9969 // argument to the construct call.
9970 if (TryHandleArrayCallNew(expr, function)) return;
9972 HInstruction* call =
9973 PreProcessCall(New<HCallNew>(function, argument_count));
9974 return ast_context()->ReturnInstruction(call, expr->id());
9979 void HOptimizedGraphBuilder::BuildInitializeInobjectProperties(
9980 HValue* receiver, Handle<Map> initial_map) {
9981 if (initial_map->inobject_properties() != 0) {
9982 HConstant* undefined = graph()->GetConstantUndefined();
9983 for (int i = 0; i < initial_map->inobject_properties(); i++) {
9984 int property_offset = initial_map->GetInObjectPropertyOffset(i);
9985 Add<HStoreNamedField>(receiver, HObjectAccess::ForMapAndOffset(
9986 initial_map, property_offset),
9993 HValue* HGraphBuilder::BuildAllocateEmptyArrayBuffer(HValue* byte_length) {
9994 // We HForceRepresentation here to avoid allocations during an *-to-tagged
9995 // HChange that could cause GC while the array buffer object is not fully
9997 HObjectAccess byte_length_access(HObjectAccess::ForJSArrayBufferByteLength());
9998 byte_length = AddUncasted<HForceRepresentation>(
9999 byte_length, byte_length_access.representation());
10000 HAllocate* result =
10001 BuildAllocate(Add<HConstant>(JSArrayBuffer::kSizeWithInternalFields),
10002 HType::JSObject(), JS_ARRAY_BUFFER_TYPE, HAllocationMode());
10004 HValue* global_object = Add<HLoadNamedField>(
10005 context(), nullptr,
10006 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
10007 HValue* native_context = Add<HLoadNamedField>(
10008 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
10009 Add<HStoreNamedField>(
10010 result, HObjectAccess::ForMap(),
10011 Add<HLoadNamedField>(
10012 native_context, nullptr,
10013 HObjectAccess::ForContextSlot(Context::ARRAY_BUFFER_MAP_INDEX)));
10015 HConstant* empty_fixed_array =
10016 Add<HConstant>(isolate()->factory()->empty_fixed_array());
10017 Add<HStoreNamedField>(
10018 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
10019 empty_fixed_array);
10020 Add<HStoreNamedField>(
10021 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
10022 empty_fixed_array);
10023 Add<HStoreNamedField>(
10024 result, HObjectAccess::ForJSArrayBufferBackingStore().WithRepresentation(
10025 Representation::Smi()),
10026 graph()->GetConstant0());
10027 Add<HStoreNamedField>(result, byte_length_access, byte_length);
10028 Add<HStoreNamedField>(result, HObjectAccess::ForJSArrayBufferBitFieldSlot(),
10029 graph()->GetConstant0());
10030 Add<HStoreNamedField>(
10031 result, HObjectAccess::ForJSArrayBufferBitField(),
10032 Add<HConstant>((1 << JSArrayBuffer::IsExternal::kShift) |
10033 (1 << JSArrayBuffer::IsNeuterable::kShift)));
10035 for (int field = 0; field < v8::ArrayBuffer::kInternalFieldCount; ++field) {
10036 Add<HStoreNamedField>(
10038 HObjectAccess::ForObservableJSObjectOffset(
10039 JSArrayBuffer::kSize + field * kPointerSize, Representation::Smi()),
10040 graph()->GetConstant0());
10047 template <class ViewClass>
10048 void HGraphBuilder::BuildArrayBufferViewInitialization(
10051 HValue* byte_offset,
10052 HValue* byte_length) {
10054 for (int offset = ViewClass::kSize;
10055 offset < ViewClass::kSizeWithInternalFields;
10056 offset += kPointerSize) {
10057 Add<HStoreNamedField>(obj,
10058 HObjectAccess::ForObservableJSObjectOffset(offset),
10059 graph()->GetConstant0());
10062 Add<HStoreNamedField>(
10064 HObjectAccess::ForJSArrayBufferViewByteOffset(),
10066 Add<HStoreNamedField>(
10068 HObjectAccess::ForJSArrayBufferViewByteLength(),
10070 Add<HStoreNamedField>(obj, HObjectAccess::ForJSArrayBufferViewBuffer(),
10075 void HOptimizedGraphBuilder::GenerateDataViewInitialize(
10076 CallRuntime* expr) {
10077 ZoneList<Expression*>* arguments = expr->arguments();
10079 DCHECK(arguments->length()== 4);
10080 CHECK_ALIVE(VisitForValue(arguments->at(0)));
10081 HValue* obj = Pop();
10083 CHECK_ALIVE(VisitForValue(arguments->at(1)));
10084 HValue* buffer = Pop();
10086 CHECK_ALIVE(VisitForValue(arguments->at(2)));
10087 HValue* byte_offset = Pop();
10089 CHECK_ALIVE(VisitForValue(arguments->at(3)));
10090 HValue* byte_length = Pop();
10093 NoObservableSideEffectsScope scope(this);
10094 BuildArrayBufferViewInitialization<JSDataView>(
10095 obj, buffer, byte_offset, byte_length);
10100 static Handle<Map> TypedArrayMap(Isolate* isolate,
10101 ExternalArrayType array_type,
10102 ElementsKind target_kind) {
10103 Handle<Context> native_context = isolate->native_context();
10104 Handle<JSFunction> fun;
10105 switch (array_type) {
10106 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
10107 case kExternal##Type##Array: \
10108 fun = Handle<JSFunction>(native_context->type##_array_fun()); \
10111 TYPED_ARRAYS(TYPED_ARRAY_CASE)
10112 #undef TYPED_ARRAY_CASE
10114 Handle<Map> map(fun->initial_map());
10115 return Map::AsElementsKind(map, target_kind);
10119 HValue* HOptimizedGraphBuilder::BuildAllocateExternalElements(
10120 ExternalArrayType array_type,
10121 bool is_zero_byte_offset,
10122 HValue* buffer, HValue* byte_offset, HValue* length) {
10123 Handle<Map> external_array_map(
10124 isolate()->heap()->MapForFixedTypedArray(array_type));
10126 // The HForceRepresentation is to prevent possible deopt on int-smi
10127 // conversion after allocation but before the new object fields are set.
10128 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
10129 HValue* elements = Add<HAllocate>(
10130 Add<HConstant>(FixedTypedArrayBase::kHeaderSize), HType::HeapObject(),
10131 NOT_TENURED, external_array_map->instance_type());
10133 AddStoreMapConstant(elements, external_array_map);
10134 Add<HStoreNamedField>(elements,
10135 HObjectAccess::ForFixedArrayLength(), length);
10137 HValue* backing_store = Add<HLoadNamedField>(
10138 buffer, nullptr, HObjectAccess::ForJSArrayBufferBackingStore());
10140 HValue* typed_array_start;
10141 if (is_zero_byte_offset) {
10142 typed_array_start = backing_store;
10144 HInstruction* external_pointer =
10145 AddUncasted<HAdd>(backing_store, byte_offset);
10146 // Arguments are checked prior to call to TypedArrayInitialize,
10147 // including byte_offset.
10148 external_pointer->ClearFlag(HValue::kCanOverflow);
10149 typed_array_start = external_pointer;
10152 Add<HStoreNamedField>(elements,
10153 HObjectAccess::ForFixedTypedArrayBaseBasePointer(),
10154 graph()->GetConstant0());
10155 Add<HStoreNamedField>(elements,
10156 HObjectAccess::ForFixedTypedArrayBaseExternalPointer(),
10157 typed_array_start);
10163 HValue* HOptimizedGraphBuilder::BuildAllocateFixedTypedArray(
10164 ExternalArrayType array_type, size_t element_size,
10165 ElementsKind fixed_elements_kind, HValue* byte_length, HValue* length,
10168 (FixedTypedArrayBase::kHeaderSize & kObjectAlignmentMask) == 0);
10169 HValue* total_size;
10171 // if fixed array's elements are not aligned to object's alignment,
10172 // we need to align the whole array to object alignment.
10173 if (element_size % kObjectAlignment != 0) {
10174 total_size = BuildObjectSizeAlignment(
10175 byte_length, FixedTypedArrayBase::kHeaderSize);
10177 total_size = AddUncasted<HAdd>(byte_length,
10178 Add<HConstant>(FixedTypedArrayBase::kHeaderSize));
10179 total_size->ClearFlag(HValue::kCanOverflow);
10182 // The HForceRepresentation is to prevent possible deopt on int-smi
10183 // conversion after allocation but before the new object fields are set.
10184 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
10185 Handle<Map> fixed_typed_array_map(
10186 isolate()->heap()->MapForFixedTypedArray(array_type));
10187 HAllocate* elements =
10188 Add<HAllocate>(total_size, HType::HeapObject(), NOT_TENURED,
10189 fixed_typed_array_map->instance_type());
10191 #ifndef V8_HOST_ARCH_64_BIT
10192 if (array_type == kExternalFloat64Array) {
10193 elements->MakeDoubleAligned();
10197 AddStoreMapConstant(elements, fixed_typed_array_map);
10199 Add<HStoreNamedField>(elements,
10200 HObjectAccess::ForFixedArrayLength(),
10202 Add<HStoreNamedField>(
10203 elements, HObjectAccess::ForFixedTypedArrayBaseBasePointer(), elements);
10205 Add<HStoreNamedField>(
10206 elements, HObjectAccess::ForFixedTypedArrayBaseExternalPointer(),
10207 Add<HConstant>(ExternalReference::fixed_typed_array_base_data_offset()));
10209 HValue* filler = Add<HConstant>(static_cast<int32_t>(0));
10212 LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
10214 HValue* backing_store = AddUncasted<HAdd>(
10215 Add<HConstant>(ExternalReference::fixed_typed_array_base_data_offset()),
10216 elements, Strength::WEAK, AddOfExternalAndTagged);
10218 HValue* key = builder.BeginBody(
10219 Add<HConstant>(static_cast<int32_t>(0)),
10220 length, Token::LT);
10221 Add<HStoreKeyed>(backing_store, key, filler, fixed_elements_kind);
10229 void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
10230 CallRuntime* expr) {
10231 ZoneList<Expression*>* arguments = expr->arguments();
10233 static const int kObjectArg = 0;
10234 static const int kArrayIdArg = 1;
10235 static const int kBufferArg = 2;
10236 static const int kByteOffsetArg = 3;
10237 static const int kByteLengthArg = 4;
10238 static const int kInitializeArg = 5;
10239 static const int kArgsLength = 6;
10240 DCHECK(arguments->length() == kArgsLength);
10243 CHECK_ALIVE(VisitForValue(arguments->at(kObjectArg)));
10244 HValue* obj = Pop();
10246 if (!arguments->at(kArrayIdArg)->IsLiteral()) {
10247 // This should never happen in real use, but can happen when fuzzing.
10249 Bailout(kNeedSmiLiteral);
10252 Handle<Object> value =
10253 static_cast<Literal*>(arguments->at(kArrayIdArg))->value();
10254 if (!value->IsSmi()) {
10255 // This should never happen in real use, but can happen when fuzzing.
10257 Bailout(kNeedSmiLiteral);
10260 int array_id = Smi::cast(*value)->value();
10263 if (!arguments->at(kBufferArg)->IsNullLiteral()) {
10264 CHECK_ALIVE(VisitForValue(arguments->at(kBufferArg)));
10270 HValue* byte_offset;
10271 bool is_zero_byte_offset;
10273 if (arguments->at(kByteOffsetArg)->IsLiteral()
10274 && Smi::FromInt(0) ==
10275 *static_cast<Literal*>(arguments->at(kByteOffsetArg))->value()) {
10276 byte_offset = Add<HConstant>(static_cast<int32_t>(0));
10277 is_zero_byte_offset = true;
10279 CHECK_ALIVE(VisitForValue(arguments->at(kByteOffsetArg)));
10280 byte_offset = Pop();
10281 is_zero_byte_offset = false;
10282 DCHECK(buffer != NULL);
10285 CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
10286 HValue* byte_length = Pop();
10288 CHECK(arguments->at(kInitializeArg)->IsLiteral());
10289 bool initialize = static_cast<Literal*>(arguments->at(kInitializeArg))
10293 NoObservableSideEffectsScope scope(this);
10294 IfBuilder byte_offset_smi(this);
10296 if (!is_zero_byte_offset) {
10297 byte_offset_smi.If<HIsSmiAndBranch>(byte_offset);
10298 byte_offset_smi.Then();
10301 ExternalArrayType array_type =
10302 kExternalInt8Array; // Bogus initialization.
10303 size_t element_size = 1; // Bogus initialization.
10304 ElementsKind fixed_elements_kind = // Bogus initialization.
10306 Runtime::ArrayIdToTypeAndSize(array_id,
10308 &fixed_elements_kind,
10312 { // byte_offset is Smi.
10313 HValue* allocated_buffer = buffer;
10314 if (buffer == NULL) {
10315 allocated_buffer = BuildAllocateEmptyArrayBuffer(byte_length);
10317 BuildArrayBufferViewInitialization<JSTypedArray>(obj, allocated_buffer,
10318 byte_offset, byte_length);
10321 HInstruction* length = AddUncasted<HDiv>(byte_length,
10322 Add<HConstant>(static_cast<int32_t>(element_size)));
10324 Add<HStoreNamedField>(obj,
10325 HObjectAccess::ForJSTypedArrayLength(),
10329 if (buffer != NULL) {
10330 elements = BuildAllocateExternalElements(
10331 array_type, is_zero_byte_offset, buffer, byte_offset, length);
10332 Handle<Map> obj_map =
10333 TypedArrayMap(isolate(), array_type, fixed_elements_kind);
10334 AddStoreMapConstant(obj, obj_map);
10336 DCHECK(is_zero_byte_offset);
10337 elements = BuildAllocateFixedTypedArray(array_type, element_size,
10338 fixed_elements_kind, byte_length,
10339 length, initialize);
10341 Add<HStoreNamedField>(
10342 obj, HObjectAccess::ForElementsPointer(), elements);
10345 if (!is_zero_byte_offset) {
10346 byte_offset_smi.Else();
10347 { // byte_offset is not Smi.
10349 CHECK_ALIVE(VisitForValue(arguments->at(kArrayIdArg)));
10353 CHECK_ALIVE(VisitForValue(arguments->at(kInitializeArg)));
10354 PushArgumentsFromEnvironment(kArgsLength);
10355 Add<HCallRuntime>(expr->name(), expr->function(), kArgsLength);
10358 byte_offset_smi.End();
10362 void HOptimizedGraphBuilder::GenerateMaxSmi(CallRuntime* expr) {
10363 DCHECK(expr->arguments()->length() == 0);
10364 HConstant* max_smi = New<HConstant>(static_cast<int32_t>(Smi::kMaxValue));
10365 return ast_context()->ReturnInstruction(max_smi, expr->id());
10369 void HOptimizedGraphBuilder::GenerateTypedArrayMaxSizeInHeap(
10370 CallRuntime* expr) {
10371 DCHECK(expr->arguments()->length() == 0);
10372 HConstant* result = New<HConstant>(static_cast<int32_t>(
10373 FLAG_typed_array_max_size_in_heap));
10374 return ast_context()->ReturnInstruction(result, expr->id());
10378 void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
10379 CallRuntime* expr) {
10380 DCHECK(expr->arguments()->length() == 1);
10381 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10382 HValue* buffer = Pop();
10383 HInstruction* result = New<HLoadNamedField>(
10384 buffer, nullptr, HObjectAccess::ForJSArrayBufferByteLength());
10385 return ast_context()->ReturnInstruction(result, expr->id());
10389 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteLength(
10390 CallRuntime* expr) {
10391 NoObservableSideEffectsScope scope(this);
10392 DCHECK(expr->arguments()->length() == 1);
10393 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10394 HValue* view = Pop();
10396 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10398 FieldIndex::ForInObjectOffset(JSArrayBufferView::kByteLengthOffset)));
10402 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteOffset(
10403 CallRuntime* expr) {
10404 NoObservableSideEffectsScope scope(this);
10405 DCHECK(expr->arguments()->length() == 1);
10406 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10407 HValue* view = Pop();
10409 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10411 FieldIndex::ForInObjectOffset(JSArrayBufferView::kByteOffsetOffset)));
10415 void HOptimizedGraphBuilder::GenerateTypedArrayGetLength(
10416 CallRuntime* expr) {
10417 NoObservableSideEffectsScope scope(this);
10418 DCHECK(expr->arguments()->length() == 1);
10419 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10420 HValue* view = Pop();
10422 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10424 FieldIndex::ForInObjectOffset(JSTypedArray::kLengthOffset)));
10428 void HOptimizedGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
10429 DCHECK(!HasStackOverflow());
10430 DCHECK(current_block() != NULL);
10431 DCHECK(current_block()->HasPredecessor());
10432 if (expr->is_jsruntime()) {
10433 return Bailout(kCallToAJavaScriptRuntimeFunction);
10436 const Runtime::Function* function = expr->function();
10437 DCHECK(function != NULL);
10438 switch (function->function_id) {
10439 #define CALL_INTRINSIC_GENERATOR(Name) \
10440 case Runtime::kInline##Name: \
10441 return Generate##Name(expr);
10443 FOR_EACH_HYDROGEN_INTRINSIC(CALL_INTRINSIC_GENERATOR)
10444 #undef CALL_INTRINSIC_GENERATOR
10446 Handle<String> name = expr->name();
10447 int argument_count = expr->arguments()->length();
10448 CHECK_ALIVE(VisitExpressions(expr->arguments()));
10449 PushArgumentsFromEnvironment(argument_count);
10450 HCallRuntime* call = New<HCallRuntime>(name, function, argument_count);
10451 return ast_context()->ReturnInstruction(call, expr->id());
10457 void HOptimizedGraphBuilder::VisitUnaryOperation(UnaryOperation* expr) {
10458 DCHECK(!HasStackOverflow());
10459 DCHECK(current_block() != NULL);
10460 DCHECK(current_block()->HasPredecessor());
10461 switch (expr->op()) {
10462 case Token::DELETE: return VisitDelete(expr);
10463 case Token::VOID: return VisitVoid(expr);
10464 case Token::TYPEOF: return VisitTypeof(expr);
10465 case Token::NOT: return VisitNot(expr);
10466 default: UNREACHABLE();
10471 void HOptimizedGraphBuilder::VisitDelete(UnaryOperation* expr) {
10472 Property* prop = expr->expression()->AsProperty();
10473 VariableProxy* proxy = expr->expression()->AsVariableProxy();
10474 if (prop != NULL) {
10475 CHECK_ALIVE(VisitForValue(prop->obj()));
10476 CHECK_ALIVE(VisitForValue(prop->key()));
10477 HValue* key = Pop();
10478 HValue* obj = Pop();
10479 HValue* function = AddLoadJSBuiltin(Builtins::DELETE);
10480 Add<HPushArguments>(obj, key, Add<HConstant>(function_language_mode()));
10481 // TODO(olivf) InvokeFunction produces a check for the parameter count,
10482 // even though we are certain to pass the correct number of arguments here.
10483 HInstruction* instr = New<HInvokeFunction>(function, 3);
10484 return ast_context()->ReturnInstruction(instr, expr->id());
10485 } else if (proxy != NULL) {
10486 Variable* var = proxy->var();
10487 if (var->IsUnallocatedOrGlobalSlot()) {
10488 Bailout(kDeleteWithGlobalVariable);
10489 } else if (var->IsStackAllocated() || var->IsContextSlot()) {
10490 // Result of deleting non-global variables is false. 'this' is not really
10491 // a variable, though we implement it as one. The subexpression does not
10492 // have side effects.
10493 HValue* value = var->HasThisName(isolate()) ? graph()->GetConstantTrue()
10494 : graph()->GetConstantFalse();
10495 return ast_context()->ReturnValue(value);
10497 Bailout(kDeleteWithNonGlobalVariable);
10500 // Result of deleting non-property, non-variable reference is true.
10501 // Evaluate the subexpression for side effects.
10502 CHECK_ALIVE(VisitForEffect(expr->expression()));
10503 return ast_context()->ReturnValue(graph()->GetConstantTrue());
10508 void HOptimizedGraphBuilder::VisitVoid(UnaryOperation* expr) {
10509 CHECK_ALIVE(VisitForEffect(expr->expression()));
10510 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
10514 void HOptimizedGraphBuilder::VisitTypeof(UnaryOperation* expr) {
10515 CHECK_ALIVE(VisitForTypeOf(expr->expression()));
10516 HValue* value = Pop();
10517 HInstruction* instr = New<HTypeof>(value);
10518 return ast_context()->ReturnInstruction(instr, expr->id());
10522 void HOptimizedGraphBuilder::VisitNot(UnaryOperation* expr) {
10523 if (ast_context()->IsTest()) {
10524 TestContext* context = TestContext::cast(ast_context());
10525 VisitForControl(expr->expression(),
10526 context->if_false(),
10527 context->if_true());
10531 if (ast_context()->IsEffect()) {
10532 VisitForEffect(expr->expression());
10536 DCHECK(ast_context()->IsValue());
10537 HBasicBlock* materialize_false = graph()->CreateBasicBlock();
10538 HBasicBlock* materialize_true = graph()->CreateBasicBlock();
10539 CHECK_BAILOUT(VisitForControl(expr->expression(),
10541 materialize_true));
10543 if (materialize_false->HasPredecessor()) {
10544 materialize_false->SetJoinId(expr->MaterializeFalseId());
10545 set_current_block(materialize_false);
10546 Push(graph()->GetConstantFalse());
10548 materialize_false = NULL;
10551 if (materialize_true->HasPredecessor()) {
10552 materialize_true->SetJoinId(expr->MaterializeTrueId());
10553 set_current_block(materialize_true);
10554 Push(graph()->GetConstantTrue());
10556 materialize_true = NULL;
10559 HBasicBlock* join =
10560 CreateJoin(materialize_false, materialize_true, expr->id());
10561 set_current_block(join);
10562 if (join != NULL) return ast_context()->ReturnValue(Pop());
10566 static Representation RepresentationFor(Type* type) {
10567 DisallowHeapAllocation no_allocation;
10568 if (type->Is(Type::None())) return Representation::None();
10569 if (type->Is(Type::SignedSmall())) return Representation::Smi();
10570 if (type->Is(Type::Signed32())) return Representation::Integer32();
10571 if (type->Is(Type::Number())) return Representation::Double();
10572 return Representation::Tagged();
10576 HInstruction* HOptimizedGraphBuilder::BuildIncrement(
10577 bool returns_original_input,
10578 CountOperation* expr) {
10579 // The input to the count operation is on top of the expression stack.
10580 Representation rep = RepresentationFor(expr->type());
10581 if (rep.IsNone() || rep.IsTagged()) {
10582 rep = Representation::Smi();
10585 if (returns_original_input && !is_strong(function_language_mode())) {
10586 // We need an explicit HValue representing ToNumber(input). The
10587 // actual HChange instruction we need is (sometimes) added in a later
10588 // phase, so it is not available now to be used as an input to HAdd and
10589 // as the return value.
10590 HInstruction* number_input = AddUncasted<HForceRepresentation>(Pop(), rep);
10591 if (!rep.IsDouble()) {
10592 number_input->SetFlag(HInstruction::kFlexibleRepresentation);
10593 number_input->SetFlag(HInstruction::kCannotBeTagged);
10595 Push(number_input);
10598 // The addition has no side effects, so we do not need
10599 // to simulate the expression stack after this instruction.
10600 // Any later failures deopt to the load of the input or earlier.
10601 HConstant* delta = (expr->op() == Token::INC)
10602 ? graph()->GetConstant1()
10603 : graph()->GetConstantMinus1();
10604 HInstruction* instr =
10605 AddUncasted<HAdd>(Top(), delta, strength(function_language_mode()));
10606 if (instr->IsAdd()) {
10607 HAdd* add = HAdd::cast(instr);
10608 add->set_observed_input_representation(1, rep);
10609 add->set_observed_input_representation(2, Representation::Smi());
10611 if (!is_strong(function_language_mode())) {
10612 instr->ClearAllSideEffects();
10614 Add<HSimulate>(expr->ToNumberId(), REMOVABLE_SIMULATE);
10616 instr->SetFlag(HInstruction::kCannotBeTagged);
10621 void HOptimizedGraphBuilder::BuildStoreForEffect(
10622 Expression* expr, Property* prop, FeedbackVectorICSlot slot,
10623 BailoutId ast_id, BailoutId return_id, HValue* object, HValue* key,
10625 EffectContext for_effect(this);
10627 if (key != NULL) Push(key);
10629 BuildStore(expr, prop, slot, ast_id, return_id);
10633 void HOptimizedGraphBuilder::VisitCountOperation(CountOperation* expr) {
10634 DCHECK(!HasStackOverflow());
10635 DCHECK(current_block() != NULL);
10636 DCHECK(current_block()->HasPredecessor());
10637 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
10638 Expression* target = expr->expression();
10639 VariableProxy* proxy = target->AsVariableProxy();
10640 Property* prop = target->AsProperty();
10641 if (proxy == NULL && prop == NULL) {
10642 return Bailout(kInvalidLhsInCountOperation);
10645 // Match the full code generator stack by simulating an extra stack
10646 // element for postfix operations in a non-effect context. The return
10647 // value is ToNumber(input).
10648 bool returns_original_input =
10649 expr->is_postfix() && !ast_context()->IsEffect();
10650 HValue* input = NULL; // ToNumber(original_input).
10651 HValue* after = NULL; // The result after incrementing or decrementing.
10653 if (proxy != NULL) {
10654 Variable* var = proxy->var();
10655 if (var->mode() == CONST_LEGACY) {
10656 return Bailout(kUnsupportedCountOperationWithConst);
10658 if (var->mode() == CONST) {
10659 return Bailout(kNonInitializerAssignmentToConst);
10661 // Argument of the count operation is a variable, not a property.
10662 DCHECK(prop == NULL);
10663 CHECK_ALIVE(VisitForValue(target));
10665 after = BuildIncrement(returns_original_input, expr);
10666 input = returns_original_input ? Top() : Pop();
10669 switch (var->location()) {
10670 case VariableLocation::GLOBAL:
10671 case VariableLocation::UNALLOCATED:
10672 HandleGlobalVariableAssignment(var, after, expr->CountSlot(),
10673 expr->AssignmentId());
10676 case VariableLocation::PARAMETER:
10677 case VariableLocation::LOCAL:
10678 BindIfLive(var, after);
10681 case VariableLocation::CONTEXT: {
10682 // Bail out if we try to mutate a parameter value in a function
10683 // using the arguments object. We do not (yet) correctly handle the
10684 // arguments property of the function.
10685 if (current_info()->scope()->arguments() != NULL) {
10686 // Parameters will rewrite to context slots. We have no direct
10687 // way to detect that the variable is a parameter so we use a
10688 // linear search of the parameter list.
10689 int count = current_info()->scope()->num_parameters();
10690 for (int i = 0; i < count; ++i) {
10691 if (var == current_info()->scope()->parameter(i)) {
10692 return Bailout(kAssignmentToParameterInArgumentsObject);
10697 HValue* context = BuildContextChainWalk(var);
10698 HStoreContextSlot::Mode mode = IsLexicalVariableMode(var->mode())
10699 ? HStoreContextSlot::kCheckDeoptimize : HStoreContextSlot::kNoCheck;
10700 HStoreContextSlot* instr = Add<HStoreContextSlot>(context, var->index(),
10702 if (instr->HasObservableSideEffects()) {
10703 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
10708 case VariableLocation::LOOKUP:
10709 return Bailout(kLookupVariableInCountOperation);
10712 Drop(returns_original_input ? 2 : 1);
10713 return ast_context()->ReturnValue(expr->is_postfix() ? input : after);
10716 // Argument of the count operation is a property.
10717 DCHECK(prop != NULL);
10718 if (returns_original_input) Push(graph()->GetConstantUndefined());
10720 CHECK_ALIVE(VisitForValue(prop->obj()));
10721 HValue* object = Top();
10723 HValue* key = NULL;
10724 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
10725 CHECK_ALIVE(VisitForValue(prop->key()));
10729 CHECK_ALIVE(PushLoad(prop, object, key));
10731 after = BuildIncrement(returns_original_input, expr);
10733 if (returns_original_input) {
10735 // Drop object and key to push it again in the effect context below.
10736 Drop(key == NULL ? 1 : 2);
10737 environment()->SetExpressionStackAt(0, input);
10738 CHECK_ALIVE(BuildStoreForEffect(expr, prop, expr->CountSlot(), expr->id(),
10739 expr->AssignmentId(), object, key, after));
10740 return ast_context()->ReturnValue(Pop());
10743 environment()->SetExpressionStackAt(0, after);
10744 return BuildStore(expr, prop, expr->CountSlot(), expr->id(),
10745 expr->AssignmentId());
10749 HInstruction* HOptimizedGraphBuilder::BuildStringCharCodeAt(
10752 if (string->IsConstant() && index->IsConstant()) {
10753 HConstant* c_string = HConstant::cast(string);
10754 HConstant* c_index = HConstant::cast(index);
10755 if (c_string->HasStringValue() && c_index->HasNumberValue()) {
10756 int32_t i = c_index->NumberValueAsInteger32();
10757 Handle<String> s = c_string->StringValue();
10758 if (i < 0 || i >= s->length()) {
10759 return New<HConstant>(std::numeric_limits<double>::quiet_NaN());
10761 return New<HConstant>(s->Get(i));
10764 string = BuildCheckString(string);
10765 index = Add<HBoundsCheck>(index, AddLoadStringLength(string));
10766 return New<HStringCharCodeAt>(string, index);
10770 // Checks if the given shift amounts have following forms:
10771 // (N1) and (N2) with N1 + N2 = 32; (sa) and (32 - sa).
10772 static bool ShiftAmountsAllowReplaceByRotate(HValue* sa,
10773 HValue* const32_minus_sa) {
10774 if (sa->IsConstant() && const32_minus_sa->IsConstant()) {
10775 const HConstant* c1 = HConstant::cast(sa);
10776 const HConstant* c2 = HConstant::cast(const32_minus_sa);
10777 return c1->HasInteger32Value() && c2->HasInteger32Value() &&
10778 (c1->Integer32Value() + c2->Integer32Value() == 32);
10780 if (!const32_minus_sa->IsSub()) return false;
10781 HSub* sub = HSub::cast(const32_minus_sa);
10782 return sub->left()->EqualsInteger32Constant(32) && sub->right() == sa;
10786 // Checks if the left and the right are shift instructions with the oposite
10787 // directions that can be replaced by one rotate right instruction or not.
10788 // Returns the operand and the shift amount for the rotate instruction in the
10790 bool HGraphBuilder::MatchRotateRight(HValue* left,
10793 HValue** shift_amount) {
10796 if (left->IsShl() && right->IsShr()) {
10797 shl = HShl::cast(left);
10798 shr = HShr::cast(right);
10799 } else if (left->IsShr() && right->IsShl()) {
10800 shl = HShl::cast(right);
10801 shr = HShr::cast(left);
10805 if (shl->left() != shr->left()) return false;
10807 if (!ShiftAmountsAllowReplaceByRotate(shl->right(), shr->right()) &&
10808 !ShiftAmountsAllowReplaceByRotate(shr->right(), shl->right())) {
10811 *operand = shr->left();
10812 *shift_amount = shr->right();
10817 bool CanBeZero(HValue* right) {
10818 if (right->IsConstant()) {
10819 HConstant* right_const = HConstant::cast(right);
10820 if (right_const->HasInteger32Value() &&
10821 (right_const->Integer32Value() & 0x1f) != 0) {
10829 HValue* HGraphBuilder::EnforceNumberType(HValue* number,
10831 if (expected->Is(Type::SignedSmall())) {
10832 return AddUncasted<HForceRepresentation>(number, Representation::Smi());
10834 if (expected->Is(Type::Signed32())) {
10835 return AddUncasted<HForceRepresentation>(number,
10836 Representation::Integer32());
10842 HValue* HGraphBuilder::TruncateToNumber(HValue* value, Type** expected) {
10843 if (value->IsConstant()) {
10844 HConstant* constant = HConstant::cast(value);
10845 Maybe<HConstant*> number =
10846 constant->CopyToTruncatedNumber(isolate(), zone());
10847 if (number.IsJust()) {
10848 *expected = Type::Number(zone());
10849 return AddInstruction(number.FromJust());
10853 // We put temporary values on the stack, which don't correspond to anything
10854 // in baseline code. Since nothing is observable we avoid recording those
10855 // pushes with a NoObservableSideEffectsScope.
10856 NoObservableSideEffectsScope no_effects(this);
10858 Type* expected_type = *expected;
10860 // Separate the number type from the rest.
10861 Type* expected_obj =
10862 Type::Intersect(expected_type, Type::NonNumber(zone()), zone());
10863 Type* expected_number =
10864 Type::Intersect(expected_type, Type::Number(zone()), zone());
10866 // We expect to get a number.
10867 // (We need to check first, since Type::None->Is(Type::Any()) == true.
10868 if (expected_obj->Is(Type::None())) {
10869 DCHECK(!expected_number->Is(Type::None(zone())));
10873 if (expected_obj->Is(Type::Undefined(zone()))) {
10874 // This is already done by HChange.
10875 *expected = Type::Union(expected_number, Type::Number(zone()), zone());
10883 HValue* HOptimizedGraphBuilder::BuildBinaryOperation(
10884 BinaryOperation* expr,
10887 PushBeforeSimulateBehavior push_sim_result) {
10888 Type* left_type = expr->left()->bounds().lower;
10889 Type* right_type = expr->right()->bounds().lower;
10890 Type* result_type = expr->bounds().lower;
10891 Maybe<int> fixed_right_arg = expr->fixed_right_arg();
10892 Handle<AllocationSite> allocation_site = expr->allocation_site();
10894 HAllocationMode allocation_mode;
10895 if (FLAG_allocation_site_pretenuring && !allocation_site.is_null()) {
10896 allocation_mode = HAllocationMode(allocation_site);
10898 HValue* result = HGraphBuilder::BuildBinaryOperation(
10899 expr->op(), left, right, left_type, right_type, result_type,
10900 fixed_right_arg, allocation_mode, strength(function_language_mode()),
10902 // Add a simulate after instructions with observable side effects, and
10903 // after phis, which are the result of BuildBinaryOperation when we
10904 // inlined some complex subgraph.
10905 if (result->HasObservableSideEffects() || result->IsPhi()) {
10906 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
10908 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10911 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10918 HValue* HGraphBuilder::BuildBinaryOperation(
10919 Token::Value op, HValue* left, HValue* right, Type* left_type,
10920 Type* right_type, Type* result_type, Maybe<int> fixed_right_arg,
10921 HAllocationMode allocation_mode, Strength strength, BailoutId opt_id) {
10922 bool maybe_string_add = false;
10923 if (op == Token::ADD) {
10924 // If we are adding constant string with something for which we don't have
10925 // a feedback yet, assume that it's also going to be a string and don't
10926 // generate deopt instructions.
10927 if (!left_type->IsInhabited() && right->IsConstant() &&
10928 HConstant::cast(right)->HasStringValue()) {
10929 left_type = Type::String();
10932 if (!right_type->IsInhabited() && left->IsConstant() &&
10933 HConstant::cast(left)->HasStringValue()) {
10934 right_type = Type::String();
10937 maybe_string_add = (left_type->Maybe(Type::String()) ||
10938 left_type->Maybe(Type::Receiver()) ||
10939 right_type->Maybe(Type::String()) ||
10940 right_type->Maybe(Type::Receiver()));
10943 Representation left_rep = RepresentationFor(left_type);
10944 Representation right_rep = RepresentationFor(right_type);
10946 if (!left_type->IsInhabited()) {
10948 Deoptimizer::kInsufficientTypeFeedbackForLHSOfBinaryOperation,
10949 Deoptimizer::SOFT);
10950 left_type = Type::Any(zone());
10951 left_rep = RepresentationFor(left_type);
10952 maybe_string_add = op == Token::ADD;
10955 if (!right_type->IsInhabited()) {
10957 Deoptimizer::kInsufficientTypeFeedbackForRHSOfBinaryOperation,
10958 Deoptimizer::SOFT);
10959 right_type = Type::Any(zone());
10960 right_rep = RepresentationFor(right_type);
10961 maybe_string_add = op == Token::ADD;
10964 if (!maybe_string_add && !is_strong(strength)) {
10965 left = TruncateToNumber(left, &left_type);
10966 right = TruncateToNumber(right, &right_type);
10969 // Special case for string addition here.
10970 if (op == Token::ADD &&
10971 (left_type->Is(Type::String()) || right_type->Is(Type::String()))) {
10972 // Validate type feedback for left argument.
10973 if (left_type->Is(Type::String())) {
10974 left = BuildCheckString(left);
10977 // Validate type feedback for right argument.
10978 if (right_type->Is(Type::String())) {
10979 right = BuildCheckString(right);
10982 // Convert left argument as necessary.
10983 if (left_type->Is(Type::Number()) && !is_strong(strength)) {
10984 DCHECK(right_type->Is(Type::String()));
10985 left = BuildNumberToString(left, left_type);
10986 } else if (!left_type->Is(Type::String())) {
10987 DCHECK(right_type->Is(Type::String()));
10988 HValue* function = AddLoadJSBuiltin(
10989 is_strong(strength) ? Builtins::STRING_ADD_RIGHT_STRONG
10990 : Builtins::STRING_ADD_RIGHT);
10991 Add<HPushArguments>(left, right);
10992 return AddUncasted<HInvokeFunction>(function, 2);
10995 // Convert right argument as necessary.
10996 if (right_type->Is(Type::Number()) && !is_strong(strength)) {
10997 DCHECK(left_type->Is(Type::String()));
10998 right = BuildNumberToString(right, right_type);
10999 } else if (!right_type->Is(Type::String())) {
11000 DCHECK(left_type->Is(Type::String()));
11001 HValue* function = AddLoadJSBuiltin(is_strong(strength)
11002 ? Builtins::STRING_ADD_LEFT_STRONG
11003 : Builtins::STRING_ADD_LEFT);
11004 Add<HPushArguments>(left, right);
11005 return AddUncasted<HInvokeFunction>(function, 2);
11008 // Fast paths for empty constant strings.
11009 Handle<String> left_string =
11010 left->IsConstant() && HConstant::cast(left)->HasStringValue()
11011 ? HConstant::cast(left)->StringValue()
11012 : Handle<String>();
11013 Handle<String> right_string =
11014 right->IsConstant() && HConstant::cast(right)->HasStringValue()
11015 ? HConstant::cast(right)->StringValue()
11016 : Handle<String>();
11017 if (!left_string.is_null() && left_string->length() == 0) return right;
11018 if (!right_string.is_null() && right_string->length() == 0) return left;
11019 if (!left_string.is_null() && !right_string.is_null()) {
11020 return AddUncasted<HStringAdd>(
11021 left, right, strength, allocation_mode.GetPretenureMode(),
11022 STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
11025 // Register the dependent code with the allocation site.
11026 if (!allocation_mode.feedback_site().is_null()) {
11027 DCHECK(!graph()->info()->IsStub());
11028 Handle<AllocationSite> site(allocation_mode.feedback_site());
11029 top_info()->dependencies()->AssumeTenuringDecision(site);
11032 // Inline the string addition into the stub when creating allocation
11033 // mementos to gather allocation site feedback, or if we can statically
11034 // infer that we're going to create a cons string.
11035 if ((graph()->info()->IsStub() &&
11036 allocation_mode.CreateAllocationMementos()) ||
11037 (left->IsConstant() &&
11038 HConstant::cast(left)->HasStringValue() &&
11039 HConstant::cast(left)->StringValue()->length() + 1 >=
11040 ConsString::kMinLength) ||
11041 (right->IsConstant() &&
11042 HConstant::cast(right)->HasStringValue() &&
11043 HConstant::cast(right)->StringValue()->length() + 1 >=
11044 ConsString::kMinLength)) {
11045 return BuildStringAdd(left, right, allocation_mode);
11048 // Fallback to using the string add stub.
11049 return AddUncasted<HStringAdd>(
11050 left, right, strength, allocation_mode.GetPretenureMode(),
11051 STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
11054 if (graph()->info()->IsStub()) {
11055 left = EnforceNumberType(left, left_type);
11056 right = EnforceNumberType(right, right_type);
11059 Representation result_rep = RepresentationFor(result_type);
11061 bool is_non_primitive = (left_rep.IsTagged() && !left_rep.IsSmi()) ||
11062 (right_rep.IsTagged() && !right_rep.IsSmi());
11064 HInstruction* instr = NULL;
11065 // Only the stub is allowed to call into the runtime, since otherwise we would
11066 // inline several instructions (including the two pushes) for every tagged
11067 // operation in optimized code, which is more expensive, than a stub call.
11068 if (graph()->info()->IsStub() && is_non_primitive) {
11070 AddLoadJSBuiltin(BinaryOpIC::TokenToJSBuiltin(op, strength));
11071 Add<HPushArguments>(left, right);
11072 instr = AddUncasted<HInvokeFunction>(function, 2);
11074 if (is_strong(strength) && Token::IsBitOp(op)) {
11075 // TODO(conradw): This is not efficient, but is necessary to prevent
11076 // conversion of oddball values to numbers in strong mode. It would be
11077 // better to prevent the conversion rather than adding a runtime check.
11078 IfBuilder if_builder(this);
11079 if_builder.If<HHasInstanceTypeAndBranch>(left, ODDBALL_TYPE);
11080 if_builder.OrIf<HHasInstanceTypeAndBranch>(right, ODDBALL_TYPE);
11083 isolate()->factory()->empty_string(),
11084 Runtime::FunctionForId(Runtime::kThrowStrongModeImplicitConversion),
11086 if (!graph()->info()->IsStub()) {
11087 Add<HSimulate>(opt_id, REMOVABLE_SIMULATE);
11093 instr = AddUncasted<HAdd>(left, right, strength);
11096 instr = AddUncasted<HSub>(left, right, strength);
11099 instr = AddUncasted<HMul>(left, right, strength);
11102 if (fixed_right_arg.IsJust() &&
11103 !right->EqualsInteger32Constant(fixed_right_arg.FromJust())) {
11104 HConstant* fixed_right =
11105 Add<HConstant>(static_cast<int>(fixed_right_arg.FromJust()));
11106 IfBuilder if_same(this);
11107 if_same.If<HCompareNumericAndBranch>(right, fixed_right, Token::EQ);
11109 if_same.ElseDeopt(Deoptimizer::kUnexpectedRHSOfBinaryOperation);
11110 right = fixed_right;
11112 instr = AddUncasted<HMod>(left, right, strength);
11116 instr = AddUncasted<HDiv>(left, right, strength);
11118 case Token::BIT_XOR:
11119 case Token::BIT_AND:
11120 instr = AddUncasted<HBitwise>(op, left, right, strength);
11122 case Token::BIT_OR: {
11123 HValue* operand, *shift_amount;
11124 if (left_type->Is(Type::Signed32()) &&
11125 right_type->Is(Type::Signed32()) &&
11126 MatchRotateRight(left, right, &operand, &shift_amount)) {
11127 instr = AddUncasted<HRor>(operand, shift_amount, strength);
11129 instr = AddUncasted<HBitwise>(op, left, right, strength);
11134 instr = AddUncasted<HSar>(left, right, strength);
11137 instr = AddUncasted<HShr>(left, right, strength);
11138 if (instr->IsShr() && CanBeZero(right)) {
11139 graph()->RecordUint32Instruction(instr);
11143 instr = AddUncasted<HShl>(left, right, strength);
11150 if (instr->IsBinaryOperation()) {
11151 HBinaryOperation* binop = HBinaryOperation::cast(instr);
11152 binop->set_observed_input_representation(1, left_rep);
11153 binop->set_observed_input_representation(2, right_rep);
11154 binop->initialize_output_representation(result_rep);
11155 if (graph()->info()->IsStub()) {
11156 // Stub should not call into stub.
11157 instr->SetFlag(HValue::kCannotBeTagged);
11158 // And should truncate on HForceRepresentation already.
11159 if (left->IsForceRepresentation()) {
11160 left->CopyFlag(HValue::kTruncatingToSmi, instr);
11161 left->CopyFlag(HValue::kTruncatingToInt32, instr);
11163 if (right->IsForceRepresentation()) {
11164 right->CopyFlag(HValue::kTruncatingToSmi, instr);
11165 right->CopyFlag(HValue::kTruncatingToInt32, instr);
11173 // Check for the form (%_ClassOf(foo) === 'BarClass').
11174 static bool IsClassOfTest(CompareOperation* expr) {
11175 if (expr->op() != Token::EQ_STRICT) return false;
11176 CallRuntime* call = expr->left()->AsCallRuntime();
11177 if (call == NULL) return false;
11178 Literal* literal = expr->right()->AsLiteral();
11179 if (literal == NULL) return false;
11180 if (!literal->value()->IsString()) return false;
11181 if (!call->name()->IsOneByteEqualTo(STATIC_CHAR_VECTOR("_ClassOf"))) {
11184 DCHECK(call->arguments()->length() == 1);
11189 void HOptimizedGraphBuilder::VisitBinaryOperation(BinaryOperation* expr) {
11190 DCHECK(!HasStackOverflow());
11191 DCHECK(current_block() != NULL);
11192 DCHECK(current_block()->HasPredecessor());
11193 switch (expr->op()) {
11195 return VisitComma(expr);
11198 return VisitLogicalExpression(expr);
11200 return VisitArithmeticExpression(expr);
11205 void HOptimizedGraphBuilder::VisitComma(BinaryOperation* expr) {
11206 CHECK_ALIVE(VisitForEffect(expr->left()));
11207 // Visit the right subexpression in the same AST context as the entire
11209 Visit(expr->right());
11213 void HOptimizedGraphBuilder::VisitLogicalExpression(BinaryOperation* expr) {
11214 bool is_logical_and = expr->op() == Token::AND;
11215 if (ast_context()->IsTest()) {
11216 TestContext* context = TestContext::cast(ast_context());
11217 // Translate left subexpression.
11218 HBasicBlock* eval_right = graph()->CreateBasicBlock();
11219 if (is_logical_and) {
11220 CHECK_BAILOUT(VisitForControl(expr->left(),
11222 context->if_false()));
11224 CHECK_BAILOUT(VisitForControl(expr->left(),
11225 context->if_true(),
11229 // Translate right subexpression by visiting it in the same AST
11230 // context as the entire expression.
11231 if (eval_right->HasPredecessor()) {
11232 eval_right->SetJoinId(expr->RightId());
11233 set_current_block(eval_right);
11234 Visit(expr->right());
11237 } else if (ast_context()->IsValue()) {
11238 CHECK_ALIVE(VisitForValue(expr->left()));
11239 DCHECK(current_block() != NULL);
11240 HValue* left_value = Top();
11242 // Short-circuit left values that always evaluate to the same boolean value.
11243 if (expr->left()->ToBooleanIsTrue() || expr->left()->ToBooleanIsFalse()) {
11244 // l (evals true) && r -> r
11245 // l (evals true) || r -> l
11246 // l (evals false) && r -> l
11247 // l (evals false) || r -> r
11248 if (is_logical_and == expr->left()->ToBooleanIsTrue()) {
11250 CHECK_ALIVE(VisitForValue(expr->right()));
11252 return ast_context()->ReturnValue(Pop());
11255 // We need an extra block to maintain edge-split form.
11256 HBasicBlock* empty_block = graph()->CreateBasicBlock();
11257 HBasicBlock* eval_right = graph()->CreateBasicBlock();
11258 ToBooleanStub::Types expected(expr->left()->to_boolean_types());
11259 HBranch* test = is_logical_and
11260 ? New<HBranch>(left_value, expected, eval_right, empty_block)
11261 : New<HBranch>(left_value, expected, empty_block, eval_right);
11262 FinishCurrentBlock(test);
11264 set_current_block(eval_right);
11265 Drop(1); // Value of the left subexpression.
11266 CHECK_BAILOUT(VisitForValue(expr->right()));
11268 HBasicBlock* join_block =
11269 CreateJoin(empty_block, current_block(), expr->id());
11270 set_current_block(join_block);
11271 return ast_context()->ReturnValue(Pop());
11274 DCHECK(ast_context()->IsEffect());
11275 // In an effect context, we don't need the value of the left subexpression,
11276 // only its control flow and side effects. We need an extra block to
11277 // maintain edge-split form.
11278 HBasicBlock* empty_block = graph()->CreateBasicBlock();
11279 HBasicBlock* right_block = graph()->CreateBasicBlock();
11280 if (is_logical_and) {
11281 CHECK_BAILOUT(VisitForControl(expr->left(), right_block, empty_block));
11283 CHECK_BAILOUT(VisitForControl(expr->left(), empty_block, right_block));
11286 // TODO(kmillikin): Find a way to fix this. It's ugly that there are
11287 // actually two empty blocks (one here and one inserted by
11288 // TestContext::BuildBranch, and that they both have an HSimulate though the
11289 // second one is not a merge node, and that we really have no good AST ID to
11290 // put on that first HSimulate.
11292 if (empty_block->HasPredecessor()) {
11293 empty_block->SetJoinId(expr->id());
11295 empty_block = NULL;
11298 if (right_block->HasPredecessor()) {
11299 right_block->SetJoinId(expr->RightId());
11300 set_current_block(right_block);
11301 CHECK_BAILOUT(VisitForEffect(expr->right()));
11302 right_block = current_block();
11304 right_block = NULL;
11307 HBasicBlock* join_block =
11308 CreateJoin(empty_block, right_block, expr->id());
11309 set_current_block(join_block);
11310 // We did not materialize any value in the predecessor environments,
11311 // so there is no need to handle it here.
11316 void HOptimizedGraphBuilder::VisitArithmeticExpression(BinaryOperation* expr) {
11317 CHECK_ALIVE(VisitForValue(expr->left()));
11318 CHECK_ALIVE(VisitForValue(expr->right()));
11319 SetSourcePosition(expr->position());
11320 HValue* right = Pop();
11321 HValue* left = Pop();
11323 BuildBinaryOperation(expr, left, right,
11324 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
11325 : PUSH_BEFORE_SIMULATE);
11326 if (top_info()->is_tracking_positions() && result->IsBinaryOperation()) {
11327 HBinaryOperation::cast(result)->SetOperandPositions(
11329 ScriptPositionToSourcePosition(expr->left()->position()),
11330 ScriptPositionToSourcePosition(expr->right()->position()));
11332 return ast_context()->ReturnValue(result);
11336 void HOptimizedGraphBuilder::HandleLiteralCompareTypeof(CompareOperation* expr,
11337 Expression* sub_expr,
11338 Handle<String> check) {
11339 CHECK_ALIVE(VisitForTypeOf(sub_expr));
11340 SetSourcePosition(expr->position());
11341 HValue* value = Pop();
11342 HTypeofIsAndBranch* instr = New<HTypeofIsAndBranch>(value, check);
11343 return ast_context()->ReturnControl(instr, expr->id());
11347 static bool IsLiteralCompareBool(Isolate* isolate,
11351 return op == Token::EQ_STRICT &&
11352 ((left->IsConstant() &&
11353 HConstant::cast(left)->handle(isolate)->IsBoolean()) ||
11354 (right->IsConstant() &&
11355 HConstant::cast(right)->handle(isolate)->IsBoolean()));
11359 void HOptimizedGraphBuilder::VisitCompareOperation(CompareOperation* expr) {
11360 DCHECK(!HasStackOverflow());
11361 DCHECK(current_block() != NULL);
11362 DCHECK(current_block()->HasPredecessor());
11364 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
11366 // Check for a few fast cases. The AST visiting behavior must be in sync
11367 // with the full codegen: We don't push both left and right values onto
11368 // the expression stack when one side is a special-case literal.
11369 Expression* sub_expr = NULL;
11370 Handle<String> check;
11371 if (expr->IsLiteralCompareTypeof(&sub_expr, &check)) {
11372 return HandleLiteralCompareTypeof(expr, sub_expr, check);
11374 if (expr->IsLiteralCompareUndefined(&sub_expr, isolate())) {
11375 return HandleLiteralCompareNil(expr, sub_expr, kUndefinedValue);
11377 if (expr->IsLiteralCompareNull(&sub_expr)) {
11378 return HandleLiteralCompareNil(expr, sub_expr, kNullValue);
11381 if (IsClassOfTest(expr)) {
11382 CallRuntime* call = expr->left()->AsCallRuntime();
11383 DCHECK(call->arguments()->length() == 1);
11384 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11385 HValue* value = Pop();
11386 Literal* literal = expr->right()->AsLiteral();
11387 Handle<String> rhs = Handle<String>::cast(literal->value());
11388 HClassOfTestAndBranch* instr = New<HClassOfTestAndBranch>(value, rhs);
11389 return ast_context()->ReturnControl(instr, expr->id());
11392 Type* left_type = expr->left()->bounds().lower;
11393 Type* right_type = expr->right()->bounds().lower;
11394 Type* combined_type = expr->combined_type();
11396 CHECK_ALIVE(VisitForValue(expr->left()));
11397 CHECK_ALIVE(VisitForValue(expr->right()));
11399 HValue* right = Pop();
11400 HValue* left = Pop();
11401 Token::Value op = expr->op();
11403 if (IsLiteralCompareBool(isolate(), left, op, right)) {
11404 HCompareObjectEqAndBranch* result =
11405 New<HCompareObjectEqAndBranch>(left, right);
11406 return ast_context()->ReturnControl(result, expr->id());
11409 if (op == Token::INSTANCEOF) {
11410 // Check to see if the rhs of the instanceof is a known function.
11411 if (right->IsConstant() &&
11412 HConstant::cast(right)->handle(isolate())->IsJSFunction()) {
11413 Handle<Object> function = HConstant::cast(right)->handle(isolate());
11414 Handle<JSFunction> target = Handle<JSFunction>::cast(function);
11415 HInstanceOfKnownGlobal* result =
11416 New<HInstanceOfKnownGlobal>(left, target);
11417 return ast_context()->ReturnInstruction(result, expr->id());
11420 HInstanceOf* result = New<HInstanceOf>(left, right);
11421 return ast_context()->ReturnInstruction(result, expr->id());
11423 } else if (op == Token::IN) {
11424 HValue* function = AddLoadJSBuiltin(Builtins::IN);
11425 Add<HPushArguments>(left, right);
11426 // TODO(olivf) InvokeFunction produces a check for the parameter count,
11427 // even though we are certain to pass the correct number of arguments here.
11428 HInstruction* result = New<HInvokeFunction>(function, 2);
11429 return ast_context()->ReturnInstruction(result, expr->id());
11432 PushBeforeSimulateBehavior push_behavior =
11433 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
11434 : PUSH_BEFORE_SIMULATE;
11435 HControlInstruction* compare = BuildCompareInstruction(
11436 op, left, right, left_type, right_type, combined_type,
11437 ScriptPositionToSourcePosition(expr->left()->position()),
11438 ScriptPositionToSourcePosition(expr->right()->position()),
11439 push_behavior, expr->id());
11440 if (compare == NULL) return; // Bailed out.
11441 return ast_context()->ReturnControl(compare, expr->id());
11445 HControlInstruction* HOptimizedGraphBuilder::BuildCompareInstruction(
11446 Token::Value op, HValue* left, HValue* right, Type* left_type,
11447 Type* right_type, Type* combined_type, SourcePosition left_position,
11448 SourcePosition right_position, PushBeforeSimulateBehavior push_sim_result,
11449 BailoutId bailout_id) {
11450 // Cases handled below depend on collected type feedback. They should
11451 // soft deoptimize when there is no type feedback.
11452 if (!combined_type->IsInhabited()) {
11454 Deoptimizer::kInsufficientTypeFeedbackForCombinedTypeOfBinaryOperation,
11455 Deoptimizer::SOFT);
11456 combined_type = left_type = right_type = Type::Any(zone());
11459 Representation left_rep = RepresentationFor(left_type);
11460 Representation right_rep = RepresentationFor(right_type);
11461 Representation combined_rep = RepresentationFor(combined_type);
11463 if (combined_type->Is(Type::Receiver())) {
11464 if (Token::IsEqualityOp(op)) {
11465 // HCompareObjectEqAndBranch can only deal with object, so
11466 // exclude numbers.
11467 if ((left->IsConstant() &&
11468 HConstant::cast(left)->HasNumberValue()) ||
11469 (right->IsConstant() &&
11470 HConstant::cast(right)->HasNumberValue())) {
11471 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
11472 Deoptimizer::SOFT);
11473 // The caller expects a branch instruction, so make it happy.
11474 return New<HBranch>(graph()->GetConstantTrue());
11476 // Can we get away with map check and not instance type check?
11477 HValue* operand_to_check =
11478 left->block()->block_id() < right->block()->block_id() ? left : right;
11479 if (combined_type->IsClass()) {
11480 Handle<Map> map = combined_type->AsClass()->Map();
11481 AddCheckMap(operand_to_check, map);
11482 HCompareObjectEqAndBranch* result =
11483 New<HCompareObjectEqAndBranch>(left, right);
11484 if (top_info()->is_tracking_positions()) {
11485 result->set_operand_position(zone(), 0, left_position);
11486 result->set_operand_position(zone(), 1, right_position);
11490 BuildCheckHeapObject(operand_to_check);
11491 Add<HCheckInstanceType>(operand_to_check,
11492 HCheckInstanceType::IS_SPEC_OBJECT);
11493 HCompareObjectEqAndBranch* result =
11494 New<HCompareObjectEqAndBranch>(left, right);
11498 Bailout(kUnsupportedNonPrimitiveCompare);
11501 } else if (combined_type->Is(Type::InternalizedString()) &&
11502 Token::IsEqualityOp(op)) {
11503 // If we have a constant argument, it should be consistent with the type
11504 // feedback (otherwise we fail assertions in HCompareObjectEqAndBranch).
11505 if ((left->IsConstant() &&
11506 !HConstant::cast(left)->HasInternalizedStringValue()) ||
11507 (right->IsConstant() &&
11508 !HConstant::cast(right)->HasInternalizedStringValue())) {
11509 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
11510 Deoptimizer::SOFT);
11511 // The caller expects a branch instruction, so make it happy.
11512 return New<HBranch>(graph()->GetConstantTrue());
11514 BuildCheckHeapObject(left);
11515 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_INTERNALIZED_STRING);
11516 BuildCheckHeapObject(right);
11517 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_INTERNALIZED_STRING);
11518 HCompareObjectEqAndBranch* result =
11519 New<HCompareObjectEqAndBranch>(left, right);
11521 } else if (combined_type->Is(Type::String())) {
11522 BuildCheckHeapObject(left);
11523 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_STRING);
11524 BuildCheckHeapObject(right);
11525 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_STRING);
11526 HStringCompareAndBranch* result =
11527 New<HStringCompareAndBranch>(left, right, op);
11530 if (combined_rep.IsTagged() || combined_rep.IsNone()) {
11531 HCompareGeneric* result = Add<HCompareGeneric>(
11532 left, right, op, strength(function_language_mode()));
11533 result->set_observed_input_representation(1, left_rep);
11534 result->set_observed_input_representation(2, right_rep);
11535 if (result->HasObservableSideEffects()) {
11536 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
11538 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11541 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11544 // TODO(jkummerow): Can we make this more efficient?
11545 HBranch* branch = New<HBranch>(result);
11548 HCompareNumericAndBranch* result = New<HCompareNumericAndBranch>(
11549 left, right, op, strength(function_language_mode()));
11550 result->set_observed_input_representation(left_rep, right_rep);
11551 if (top_info()->is_tracking_positions()) {
11552 result->SetOperandPositions(zone(), left_position, right_position);
11560 void HOptimizedGraphBuilder::HandleLiteralCompareNil(CompareOperation* expr,
11561 Expression* sub_expr,
11563 DCHECK(!HasStackOverflow());
11564 DCHECK(current_block() != NULL);
11565 DCHECK(current_block()->HasPredecessor());
11566 DCHECK(expr->op() == Token::EQ || expr->op() == Token::EQ_STRICT);
11567 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
11568 CHECK_ALIVE(VisitForValue(sub_expr));
11569 HValue* value = Pop();
11570 if (expr->op() == Token::EQ_STRICT) {
11571 HConstant* nil_constant = nil == kNullValue
11572 ? graph()->GetConstantNull()
11573 : graph()->GetConstantUndefined();
11574 HCompareObjectEqAndBranch* instr =
11575 New<HCompareObjectEqAndBranch>(value, nil_constant);
11576 return ast_context()->ReturnControl(instr, expr->id());
11578 DCHECK_EQ(Token::EQ, expr->op());
11579 Type* type = expr->combined_type()->Is(Type::None())
11580 ? Type::Any(zone()) : expr->combined_type();
11581 HIfContinuation continuation;
11582 BuildCompareNil(value, type, &continuation);
11583 return ast_context()->ReturnContinuation(&continuation, expr->id());
11588 void HOptimizedGraphBuilder::VisitSpread(Spread* expr) { UNREACHABLE(); }
11591 HInstruction* HOptimizedGraphBuilder::BuildThisFunction() {
11592 // If we share optimized code between different closures, the
11593 // this-function is not a constant, except inside an inlined body.
11594 if (function_state()->outer() != NULL) {
11595 return New<HConstant>(
11596 function_state()->compilation_info()->closure());
11598 return New<HThisFunction>();
11603 HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
11604 Handle<JSObject> boilerplate_object,
11605 AllocationSiteUsageContext* site_context) {
11606 NoObservableSideEffectsScope no_effects(this);
11607 Handle<Map> initial_map(boilerplate_object->map());
11608 InstanceType instance_type = initial_map->instance_type();
11609 DCHECK(instance_type == JS_ARRAY_TYPE || instance_type == JS_OBJECT_TYPE);
11611 HType type = instance_type == JS_ARRAY_TYPE
11612 ? HType::JSArray() : HType::JSObject();
11613 HValue* object_size_constant = Add<HConstant>(initial_map->instance_size());
11615 PretenureFlag pretenure_flag = NOT_TENURED;
11616 Handle<AllocationSite> top_site(*site_context->top(), isolate());
11617 if (FLAG_allocation_site_pretenuring) {
11618 pretenure_flag = top_site->GetPretenureMode();
11621 Handle<AllocationSite> current_site(*site_context->current(), isolate());
11622 if (*top_site == *current_site) {
11623 // We install a dependency for pretenuring only on the outermost literal.
11624 top_info()->dependencies()->AssumeTenuringDecision(top_site);
11626 top_info()->dependencies()->AssumeTransitionStable(current_site);
11628 HInstruction* object = Add<HAllocate>(
11629 object_size_constant, type, pretenure_flag, instance_type, top_site);
11631 // If allocation folding reaches Page::kMaxRegularHeapObjectSize the
11632 // elements array may not get folded into the object. Hence, we set the
11633 // elements pointer to empty fixed array and let store elimination remove
11634 // this store in the folding case.
11635 HConstant* empty_fixed_array = Add<HConstant>(
11636 isolate()->factory()->empty_fixed_array());
11637 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11638 empty_fixed_array);
11640 BuildEmitObjectHeader(boilerplate_object, object);
11642 // Similarly to the elements pointer, there is no guarantee that all
11643 // property allocations can get folded, so pre-initialize all in-object
11644 // properties to a safe value.
11645 BuildInitializeInobjectProperties(object, initial_map);
11647 Handle<FixedArrayBase> elements(boilerplate_object->elements());
11648 int elements_size = (elements->length() > 0 &&
11649 elements->map() != isolate()->heap()->fixed_cow_array_map()) ?
11650 elements->Size() : 0;
11652 if (pretenure_flag == TENURED &&
11653 elements->map() == isolate()->heap()->fixed_cow_array_map() &&
11654 isolate()->heap()->InNewSpace(*elements)) {
11655 // If we would like to pretenure a fixed cow array, we must ensure that the
11656 // array is already in old space, otherwise we'll create too many old-to-
11657 // new-space pointers (overflowing the store buffer).
11658 elements = Handle<FixedArrayBase>(
11659 isolate()->factory()->CopyAndTenureFixedCOWArray(
11660 Handle<FixedArray>::cast(elements)));
11661 boilerplate_object->set_elements(*elements);
11664 HInstruction* object_elements = NULL;
11665 if (elements_size > 0) {
11666 HValue* object_elements_size = Add<HConstant>(elements_size);
11667 InstanceType instance_type = boilerplate_object->HasFastDoubleElements()
11668 ? FIXED_DOUBLE_ARRAY_TYPE : FIXED_ARRAY_TYPE;
11669 object_elements = Add<HAllocate>(object_elements_size, HType::HeapObject(),
11670 pretenure_flag, instance_type, top_site);
11671 BuildEmitElements(boilerplate_object, elements, object_elements,
11673 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11676 Handle<Object> elements_field =
11677 Handle<Object>(boilerplate_object->elements(), isolate());
11678 HInstruction* object_elements_cow = Add<HConstant>(elements_field);
11679 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11680 object_elements_cow);
11683 // Copy in-object properties.
11684 if (initial_map->NumberOfFields() != 0 ||
11685 initial_map->unused_property_fields() > 0) {
11686 BuildEmitInObjectProperties(boilerplate_object, object, site_context,
11693 void HOptimizedGraphBuilder::BuildEmitObjectHeader(
11694 Handle<JSObject> boilerplate_object,
11695 HInstruction* object) {
11696 DCHECK(boilerplate_object->properties()->length() == 0);
11698 Handle<Map> boilerplate_object_map(boilerplate_object->map());
11699 AddStoreMapConstant(object, boilerplate_object_map);
11701 Handle<Object> properties_field =
11702 Handle<Object>(boilerplate_object->properties(), isolate());
11703 DCHECK(*properties_field == isolate()->heap()->empty_fixed_array());
11704 HInstruction* properties = Add<HConstant>(properties_field);
11705 HObjectAccess access = HObjectAccess::ForPropertiesPointer();
11706 Add<HStoreNamedField>(object, access, properties);
11708 if (boilerplate_object->IsJSArray()) {
11709 Handle<JSArray> boilerplate_array =
11710 Handle<JSArray>::cast(boilerplate_object);
11711 Handle<Object> length_field =
11712 Handle<Object>(boilerplate_array->length(), isolate());
11713 HInstruction* length = Add<HConstant>(length_field);
11715 DCHECK(boilerplate_array->length()->IsSmi());
11716 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(
11717 boilerplate_array->GetElementsKind()), length);
11722 void HOptimizedGraphBuilder::BuildEmitInObjectProperties(
11723 Handle<JSObject> boilerplate_object,
11724 HInstruction* object,
11725 AllocationSiteUsageContext* site_context,
11726 PretenureFlag pretenure_flag) {
11727 Handle<Map> boilerplate_map(boilerplate_object->map());
11728 Handle<DescriptorArray> descriptors(boilerplate_map->instance_descriptors());
11729 int limit = boilerplate_map->NumberOfOwnDescriptors();
11731 int copied_fields = 0;
11732 for (int i = 0; i < limit; i++) {
11733 PropertyDetails details = descriptors->GetDetails(i);
11734 if (details.type() != DATA) continue;
11736 FieldIndex field_index = FieldIndex::ForDescriptor(*boilerplate_map, i);
11739 int property_offset = field_index.offset();
11740 Handle<Name> name(descriptors->GetKey(i));
11742 // The access for the store depends on the type of the boilerplate.
11743 HObjectAccess access = boilerplate_object->IsJSArray() ?
11744 HObjectAccess::ForJSArrayOffset(property_offset) :
11745 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11747 if (boilerplate_object->IsUnboxedDoubleField(field_index)) {
11748 CHECK(!boilerplate_object->IsJSArray());
11749 double value = boilerplate_object->RawFastDoublePropertyAt(field_index);
11750 access = access.WithRepresentation(Representation::Double());
11751 Add<HStoreNamedField>(object, access, Add<HConstant>(value));
11754 Handle<Object> value(boilerplate_object->RawFastPropertyAt(field_index),
11757 if (value->IsJSObject()) {
11758 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11759 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11760 HInstruction* result =
11761 BuildFastLiteral(value_object, site_context);
11762 site_context->ExitScope(current_site, value_object);
11763 Add<HStoreNamedField>(object, access, result);
11765 Representation representation = details.representation();
11766 HInstruction* value_instruction;
11768 if (representation.IsDouble()) {
11769 // Allocate a HeapNumber box and store the value into it.
11770 HValue* heap_number_constant = Add<HConstant>(HeapNumber::kSize);
11771 HInstruction* double_box =
11772 Add<HAllocate>(heap_number_constant, HType::HeapObject(),
11773 pretenure_flag, MUTABLE_HEAP_NUMBER_TYPE);
11774 AddStoreMapConstant(double_box,
11775 isolate()->factory()->mutable_heap_number_map());
11776 // Unwrap the mutable heap number from the boilerplate.
11777 HValue* double_value =
11778 Add<HConstant>(Handle<HeapNumber>::cast(value)->value());
11779 Add<HStoreNamedField>(
11780 double_box, HObjectAccess::ForHeapNumberValue(), double_value);
11781 value_instruction = double_box;
11782 } else if (representation.IsSmi()) {
11783 value_instruction = value->IsUninitialized()
11784 ? graph()->GetConstant0()
11785 : Add<HConstant>(value);
11786 // Ensure that value is stored as smi.
11787 access = access.WithRepresentation(representation);
11789 value_instruction = Add<HConstant>(value);
11792 Add<HStoreNamedField>(object, access, value_instruction);
11796 int inobject_properties = boilerplate_object->map()->inobject_properties();
11797 HInstruction* value_instruction =
11798 Add<HConstant>(isolate()->factory()->one_pointer_filler_map());
11799 for (int i = copied_fields; i < inobject_properties; i++) {
11800 DCHECK(boilerplate_object->IsJSObject());
11801 int property_offset = boilerplate_object->GetInObjectPropertyOffset(i);
11802 HObjectAccess access =
11803 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11804 Add<HStoreNamedField>(object, access, value_instruction);
11809 void HOptimizedGraphBuilder::BuildEmitElements(
11810 Handle<JSObject> boilerplate_object,
11811 Handle<FixedArrayBase> elements,
11812 HValue* object_elements,
11813 AllocationSiteUsageContext* site_context) {
11814 ElementsKind kind = boilerplate_object->map()->elements_kind();
11815 int elements_length = elements->length();
11816 HValue* object_elements_length = Add<HConstant>(elements_length);
11817 BuildInitializeElementsHeader(object_elements, kind, object_elements_length);
11819 // Copy elements backing store content.
11820 if (elements->IsFixedDoubleArray()) {
11821 BuildEmitFixedDoubleArray(elements, kind, object_elements);
11822 } else if (elements->IsFixedArray()) {
11823 BuildEmitFixedArray(elements, kind, object_elements,
11831 void HOptimizedGraphBuilder::BuildEmitFixedDoubleArray(
11832 Handle<FixedArrayBase> elements,
11834 HValue* object_elements) {
11835 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11836 int elements_length = elements->length();
11837 for (int i = 0; i < elements_length; i++) {
11838 HValue* key_constant = Add<HConstant>(i);
11839 HInstruction* value_instruction = Add<HLoadKeyed>(
11840 boilerplate_elements, key_constant, nullptr, kind, ALLOW_RETURN_HOLE);
11841 HInstruction* store = Add<HStoreKeyed>(object_elements, key_constant,
11842 value_instruction, kind);
11843 store->SetFlag(HValue::kAllowUndefinedAsNaN);
11848 void HOptimizedGraphBuilder::BuildEmitFixedArray(
11849 Handle<FixedArrayBase> elements,
11851 HValue* object_elements,
11852 AllocationSiteUsageContext* site_context) {
11853 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11854 int elements_length = elements->length();
11855 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
11856 for (int i = 0; i < elements_length; i++) {
11857 Handle<Object> value(fast_elements->get(i), isolate());
11858 HValue* key_constant = Add<HConstant>(i);
11859 if (value->IsJSObject()) {
11860 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11861 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11862 HInstruction* result =
11863 BuildFastLiteral(value_object, site_context);
11864 site_context->ExitScope(current_site, value_object);
11865 Add<HStoreKeyed>(object_elements, key_constant, result, kind);
11867 ElementsKind copy_kind =
11868 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
11869 HInstruction* value_instruction =
11870 Add<HLoadKeyed>(boilerplate_elements, key_constant, nullptr,
11871 copy_kind, ALLOW_RETURN_HOLE);
11872 Add<HStoreKeyed>(object_elements, key_constant, value_instruction,
11879 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) {
11880 DCHECK(!HasStackOverflow());
11881 DCHECK(current_block() != NULL);
11882 DCHECK(current_block()->HasPredecessor());
11883 HInstruction* instr = BuildThisFunction();
11884 return ast_context()->ReturnInstruction(instr, expr->id());
11888 void HOptimizedGraphBuilder::VisitSuperPropertyReference(
11889 SuperPropertyReference* expr) {
11890 DCHECK(!HasStackOverflow());
11891 DCHECK(current_block() != NULL);
11892 DCHECK(current_block()->HasPredecessor());
11893 return Bailout(kSuperReference);
11897 void HOptimizedGraphBuilder::VisitSuperCallReference(SuperCallReference* expr) {
11898 DCHECK(!HasStackOverflow());
11899 DCHECK(current_block() != NULL);
11900 DCHECK(current_block()->HasPredecessor());
11901 return Bailout(kSuperReference);
11905 void HOptimizedGraphBuilder::VisitDeclarations(
11906 ZoneList<Declaration*>* declarations) {
11907 DCHECK(globals_.is_empty());
11908 AstVisitor::VisitDeclarations(declarations);
11909 if (!globals_.is_empty()) {
11910 Handle<FixedArray> array =
11911 isolate()->factory()->NewFixedArray(globals_.length(), TENURED);
11912 for (int i = 0; i < globals_.length(); ++i) array->set(i, *globals_.at(i));
11914 DeclareGlobalsEvalFlag::encode(current_info()->is_eval()) |
11915 DeclareGlobalsNativeFlag::encode(current_info()->is_native()) |
11916 DeclareGlobalsLanguageMode::encode(current_info()->language_mode());
11917 Add<HDeclareGlobals>(array, flags);
11918 globals_.Rewind(0);
11923 void HOptimizedGraphBuilder::VisitVariableDeclaration(
11924 VariableDeclaration* declaration) {
11925 VariableProxy* proxy = declaration->proxy();
11926 VariableMode mode = declaration->mode();
11927 Variable* variable = proxy->var();
11928 bool hole_init = mode == LET || mode == CONST || mode == CONST_LEGACY;
11929 switch (variable->location()) {
11930 case VariableLocation::GLOBAL:
11931 case VariableLocation::UNALLOCATED:
11932 globals_.Add(variable->name(), zone());
11933 globals_.Add(variable->binding_needs_init()
11934 ? isolate()->factory()->the_hole_value()
11935 : isolate()->factory()->undefined_value(), zone());
11937 case VariableLocation::PARAMETER:
11938 case VariableLocation::LOCAL:
11940 HValue* value = graph()->GetConstantHole();
11941 environment()->Bind(variable, value);
11944 case VariableLocation::CONTEXT:
11946 HValue* value = graph()->GetConstantHole();
11947 HValue* context = environment()->context();
11948 HStoreContextSlot* store = Add<HStoreContextSlot>(
11949 context, variable->index(), HStoreContextSlot::kNoCheck, value);
11950 if (store->HasObservableSideEffects()) {
11951 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11955 case VariableLocation::LOOKUP:
11956 return Bailout(kUnsupportedLookupSlotInDeclaration);
11961 void HOptimizedGraphBuilder::VisitFunctionDeclaration(
11962 FunctionDeclaration* declaration) {
11963 VariableProxy* proxy = declaration->proxy();
11964 Variable* variable = proxy->var();
11965 switch (variable->location()) {
11966 case VariableLocation::GLOBAL:
11967 case VariableLocation::UNALLOCATED: {
11968 globals_.Add(variable->name(), zone());
11969 Handle<SharedFunctionInfo> function = Compiler::GetSharedFunctionInfo(
11970 declaration->fun(), current_info()->script(), top_info());
11971 // Check for stack-overflow exception.
11972 if (function.is_null()) return SetStackOverflow();
11973 globals_.Add(function, zone());
11976 case VariableLocation::PARAMETER:
11977 case VariableLocation::LOCAL: {
11978 CHECK_ALIVE(VisitForValue(declaration->fun()));
11979 HValue* value = Pop();
11980 BindIfLive(variable, value);
11983 case VariableLocation::CONTEXT: {
11984 CHECK_ALIVE(VisitForValue(declaration->fun()));
11985 HValue* value = Pop();
11986 HValue* context = environment()->context();
11987 HStoreContextSlot* store = Add<HStoreContextSlot>(
11988 context, variable->index(), HStoreContextSlot::kNoCheck, value);
11989 if (store->HasObservableSideEffects()) {
11990 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11994 case VariableLocation::LOOKUP:
11995 return Bailout(kUnsupportedLookupSlotInDeclaration);
12000 void HOptimizedGraphBuilder::VisitImportDeclaration(
12001 ImportDeclaration* declaration) {
12006 void HOptimizedGraphBuilder::VisitExportDeclaration(
12007 ExportDeclaration* declaration) {
12012 // Generators for inline runtime functions.
12013 // Support for types.
12014 void HOptimizedGraphBuilder::GenerateIsSmi(CallRuntime* call) {
12015 DCHECK(call->arguments()->length() == 1);
12016 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12017 HValue* value = Pop();
12018 HIsSmiAndBranch* result = New<HIsSmiAndBranch>(value);
12019 return ast_context()->ReturnControl(result, call->id());
12023 void HOptimizedGraphBuilder::GenerateIsSpecObject(CallRuntime* call) {
12024 DCHECK(call->arguments()->length() == 1);
12025 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12026 HValue* value = Pop();
12027 HHasInstanceTypeAndBranch* result =
12028 New<HHasInstanceTypeAndBranch>(value,
12029 FIRST_SPEC_OBJECT_TYPE,
12030 LAST_SPEC_OBJECT_TYPE);
12031 return ast_context()->ReturnControl(result, call->id());
12035 void HOptimizedGraphBuilder::GenerateIsFunction(CallRuntime* call) {
12036 DCHECK(call->arguments()->length() == 1);
12037 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12038 HValue* value = Pop();
12039 HHasInstanceTypeAndBranch* result =
12040 New<HHasInstanceTypeAndBranch>(value, JS_FUNCTION_TYPE);
12041 return ast_context()->ReturnControl(result, call->id());
12045 void HOptimizedGraphBuilder::GenerateIsMinusZero(CallRuntime* call) {
12046 DCHECK(call->arguments()->length() == 1);
12047 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12048 HValue* value = Pop();
12049 HCompareMinusZeroAndBranch* result = New<HCompareMinusZeroAndBranch>(value);
12050 return ast_context()->ReturnControl(result, call->id());
12054 void HOptimizedGraphBuilder::GenerateHasCachedArrayIndex(CallRuntime* call) {
12055 DCHECK(call->arguments()->length() == 1);
12056 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12057 HValue* value = Pop();
12058 HHasCachedArrayIndexAndBranch* result =
12059 New<HHasCachedArrayIndexAndBranch>(value);
12060 return ast_context()->ReturnControl(result, call->id());
12064 void HOptimizedGraphBuilder::GenerateIsArray(CallRuntime* call) {
12065 DCHECK(call->arguments()->length() == 1);
12066 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12067 HValue* value = Pop();
12068 HHasInstanceTypeAndBranch* result =
12069 New<HHasInstanceTypeAndBranch>(value, JS_ARRAY_TYPE);
12070 return ast_context()->ReturnControl(result, call->id());
12074 void HOptimizedGraphBuilder::GenerateIsTypedArray(CallRuntime* call) {
12075 DCHECK(call->arguments()->length() == 1);
12076 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12077 HValue* value = Pop();
12078 HHasInstanceTypeAndBranch* result =
12079 New<HHasInstanceTypeAndBranch>(value, JS_TYPED_ARRAY_TYPE);
12080 return ast_context()->ReturnControl(result, call->id());
12084 void HOptimizedGraphBuilder::GenerateIsRegExp(CallRuntime* call) {
12085 DCHECK(call->arguments()->length() == 1);
12086 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12087 HValue* value = Pop();
12088 HHasInstanceTypeAndBranch* result =
12089 New<HHasInstanceTypeAndBranch>(value, JS_REGEXP_TYPE);
12090 return ast_context()->ReturnControl(result, call->id());
12094 void HOptimizedGraphBuilder::GenerateIsObject(CallRuntime* call) {
12095 DCHECK(call->arguments()->length() == 1);
12096 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12097 HValue* value = Pop();
12098 HIsObjectAndBranch* result = New<HIsObjectAndBranch>(value);
12099 return ast_context()->ReturnControl(result, call->id());
12103 void HOptimizedGraphBuilder::GenerateIsJSProxy(CallRuntime* call) {
12104 DCHECK(call->arguments()->length() == 1);
12105 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12106 HValue* value = Pop();
12107 HIfContinuation continuation;
12108 IfBuilder if_proxy(this);
12110 HValue* smicheck = if_proxy.IfNot<HIsSmiAndBranch>(value);
12112 HValue* map = Add<HLoadNamedField>(value, smicheck, HObjectAccess::ForMap());
12113 HValue* instance_type =
12114 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
12115 if_proxy.If<HCompareNumericAndBranch>(
12116 instance_type, Add<HConstant>(FIRST_JS_PROXY_TYPE), Token::GTE);
12118 if_proxy.If<HCompareNumericAndBranch>(
12119 instance_type, Add<HConstant>(LAST_JS_PROXY_TYPE), Token::LTE);
12121 if_proxy.CaptureContinuation(&continuation);
12122 return ast_context()->ReturnContinuation(&continuation, call->id());
12126 void HOptimizedGraphBuilder::GenerateHasFastPackedElements(CallRuntime* call) {
12127 DCHECK(call->arguments()->length() == 1);
12128 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12129 HValue* object = Pop();
12130 HIfContinuation continuation(graph()->CreateBasicBlock(),
12131 graph()->CreateBasicBlock());
12132 IfBuilder if_not_smi(this);
12133 if_not_smi.IfNot<HIsSmiAndBranch>(object);
12136 NoObservableSideEffectsScope no_effects(this);
12138 IfBuilder if_fast_packed(this);
12139 HValue* elements_kind = BuildGetElementsKind(object);
12140 if_fast_packed.If<HCompareNumericAndBranch>(
12141 elements_kind, Add<HConstant>(FAST_SMI_ELEMENTS), Token::EQ);
12142 if_fast_packed.Or();
12143 if_fast_packed.If<HCompareNumericAndBranch>(
12144 elements_kind, Add<HConstant>(FAST_ELEMENTS), Token::EQ);
12145 if_fast_packed.Or();
12146 if_fast_packed.If<HCompareNumericAndBranch>(
12147 elements_kind, Add<HConstant>(FAST_DOUBLE_ELEMENTS), Token::EQ);
12148 if_fast_packed.JoinContinuation(&continuation);
12150 if_not_smi.JoinContinuation(&continuation);
12151 return ast_context()->ReturnContinuation(&continuation, call->id());
12155 void HOptimizedGraphBuilder::GenerateIsUndetectableObject(CallRuntime* call) {
12156 DCHECK(call->arguments()->length() == 1);
12157 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12158 HValue* value = Pop();
12159 HIsUndetectableAndBranch* result = New<HIsUndetectableAndBranch>(value);
12160 return ast_context()->ReturnControl(result, call->id());
12164 // Support for construct call checks.
12165 void HOptimizedGraphBuilder::GenerateIsConstructCall(CallRuntime* call) {
12166 DCHECK(call->arguments()->length() == 0);
12167 if (function_state()->outer() != NULL) {
12168 // We are generating graph for inlined function.
12169 HValue* value = function_state()->inlining_kind() == CONSTRUCT_CALL_RETURN
12170 ? graph()->GetConstantTrue()
12171 : graph()->GetConstantFalse();
12172 return ast_context()->ReturnValue(value);
12174 return ast_context()->ReturnControl(New<HIsConstructCallAndBranch>(),
12180 // Support for arguments.length and arguments[?].
12181 void HOptimizedGraphBuilder::GenerateArgumentsLength(CallRuntime* call) {
12182 DCHECK(call->arguments()->length() == 0);
12183 HInstruction* result = NULL;
12184 if (function_state()->outer() == NULL) {
12185 HInstruction* elements = Add<HArgumentsElements>(false);
12186 result = New<HArgumentsLength>(elements);
12188 // Number of arguments without receiver.
12189 int argument_count = environment()->
12190 arguments_environment()->parameter_count() - 1;
12191 result = New<HConstant>(argument_count);
12193 return ast_context()->ReturnInstruction(result, call->id());
12197 void HOptimizedGraphBuilder::GenerateArguments(CallRuntime* call) {
12198 DCHECK(call->arguments()->length() == 1);
12199 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12200 HValue* index = Pop();
12201 HInstruction* result = NULL;
12202 if (function_state()->outer() == NULL) {
12203 HInstruction* elements = Add<HArgumentsElements>(false);
12204 HInstruction* length = Add<HArgumentsLength>(elements);
12205 HInstruction* checked_index = Add<HBoundsCheck>(index, length);
12206 result = New<HAccessArgumentsAt>(elements, length, checked_index);
12208 EnsureArgumentsArePushedForAccess();
12210 // Number of arguments without receiver.
12211 HInstruction* elements = function_state()->arguments_elements();
12212 int argument_count = environment()->
12213 arguments_environment()->parameter_count() - 1;
12214 HInstruction* length = Add<HConstant>(argument_count);
12215 HInstruction* checked_key = Add<HBoundsCheck>(index, length);
12216 result = New<HAccessArgumentsAt>(elements, length, checked_key);
12218 return ast_context()->ReturnInstruction(result, call->id());
12222 void HOptimizedGraphBuilder::GenerateValueOf(CallRuntime* call) {
12223 DCHECK(call->arguments()->length() == 1);
12224 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12225 HValue* object = Pop();
12227 IfBuilder if_objectisvalue(this);
12228 HValue* objectisvalue = if_objectisvalue.If<HHasInstanceTypeAndBranch>(
12229 object, JS_VALUE_TYPE);
12230 if_objectisvalue.Then();
12232 // Return the actual value.
12233 Push(Add<HLoadNamedField>(
12234 object, objectisvalue,
12235 HObjectAccess::ForObservableJSObjectOffset(
12236 JSValue::kValueOffset)));
12237 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12239 if_objectisvalue.Else();
12241 // If the object is not a value return the object.
12243 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12245 if_objectisvalue.End();
12246 return ast_context()->ReturnValue(Pop());
12250 void HOptimizedGraphBuilder::GenerateJSValueGetValue(CallRuntime* call) {
12251 DCHECK(call->arguments()->length() == 1);
12252 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12253 HValue* value = Pop();
12254 HInstruction* result = Add<HLoadNamedField>(
12256 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset));
12257 return ast_context()->ReturnInstruction(result, call->id());
12261 void HOptimizedGraphBuilder::GenerateIsDate(CallRuntime* call) {
12262 DCHECK_EQ(1, call->arguments()->length());
12263 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12264 HValue* value = Pop();
12265 HHasInstanceTypeAndBranch* result =
12266 New<HHasInstanceTypeAndBranch>(value, JS_DATE_TYPE);
12267 return ast_context()->ReturnControl(result, call->id());
12271 void HOptimizedGraphBuilder::GenerateThrowNotDateError(CallRuntime* call) {
12272 DCHECK_EQ(0, call->arguments()->length());
12273 Add<HDeoptimize>(Deoptimizer::kNotADateObject, Deoptimizer::EAGER);
12274 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12275 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12279 void HOptimizedGraphBuilder::GenerateDateField(CallRuntime* call) {
12280 DCHECK(call->arguments()->length() == 2);
12281 DCHECK_NOT_NULL(call->arguments()->at(1)->AsLiteral());
12282 Smi* index = Smi::cast(*(call->arguments()->at(1)->AsLiteral()->value()));
12283 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12284 HValue* date = Pop();
12285 HDateField* result = New<HDateField>(date, index);
12286 return ast_context()->ReturnInstruction(result, call->id());
12290 void HOptimizedGraphBuilder::GenerateOneByteSeqStringSetChar(
12291 CallRuntime* call) {
12292 DCHECK(call->arguments()->length() == 3);
12293 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12294 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12295 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12296 HValue* string = Pop();
12297 HValue* value = Pop();
12298 HValue* index = Pop();
12299 Add<HSeqStringSetChar>(String::ONE_BYTE_ENCODING, string,
12301 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12302 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12306 void HOptimizedGraphBuilder::GenerateTwoByteSeqStringSetChar(
12307 CallRuntime* call) {
12308 DCHECK(call->arguments()->length() == 3);
12309 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12310 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12311 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12312 HValue* string = Pop();
12313 HValue* value = Pop();
12314 HValue* index = Pop();
12315 Add<HSeqStringSetChar>(String::TWO_BYTE_ENCODING, string,
12317 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12318 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12322 void HOptimizedGraphBuilder::GenerateSetValueOf(CallRuntime* call) {
12323 DCHECK(call->arguments()->length() == 2);
12324 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12325 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12326 HValue* value = Pop();
12327 HValue* object = Pop();
12329 // Check if object is a JSValue.
12330 IfBuilder if_objectisvalue(this);
12331 if_objectisvalue.If<HHasInstanceTypeAndBranch>(object, JS_VALUE_TYPE);
12332 if_objectisvalue.Then();
12334 // Create in-object property store to kValueOffset.
12335 Add<HStoreNamedField>(object,
12336 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset),
12338 if (!ast_context()->IsEffect()) {
12341 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12343 if_objectisvalue.Else();
12345 // Nothing to do in this case.
12346 if (!ast_context()->IsEffect()) {
12349 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12351 if_objectisvalue.End();
12352 if (!ast_context()->IsEffect()) {
12355 return ast_context()->ReturnValue(value);
12359 // Fast support for charCodeAt(n).
12360 void HOptimizedGraphBuilder::GenerateStringCharCodeAt(CallRuntime* call) {
12361 DCHECK(call->arguments()->length() == 2);
12362 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12363 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12364 HValue* index = Pop();
12365 HValue* string = Pop();
12366 HInstruction* result = BuildStringCharCodeAt(string, index);
12367 return ast_context()->ReturnInstruction(result, call->id());
12371 // Fast support for string.charAt(n) and string[n].
12372 void HOptimizedGraphBuilder::GenerateStringCharFromCode(CallRuntime* call) {
12373 DCHECK(call->arguments()->length() == 1);
12374 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12375 HValue* char_code = Pop();
12376 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
12377 return ast_context()->ReturnInstruction(result, call->id());
12381 // Fast support for string.charAt(n) and string[n].
12382 void HOptimizedGraphBuilder::GenerateStringCharAt(CallRuntime* call) {
12383 DCHECK(call->arguments()->length() == 2);
12384 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12385 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12386 HValue* index = Pop();
12387 HValue* string = Pop();
12388 HInstruction* char_code = BuildStringCharCodeAt(string, index);
12389 AddInstruction(char_code);
12390 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
12391 return ast_context()->ReturnInstruction(result, call->id());
12395 // Fast support for object equality testing.
12396 void HOptimizedGraphBuilder::GenerateObjectEquals(CallRuntime* call) {
12397 DCHECK(call->arguments()->length() == 2);
12398 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12399 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12400 HValue* right = Pop();
12401 HValue* left = Pop();
12402 HCompareObjectEqAndBranch* result =
12403 New<HCompareObjectEqAndBranch>(left, right);
12404 return ast_context()->ReturnControl(result, call->id());
12408 // Fast support for StringAdd.
12409 void HOptimizedGraphBuilder::GenerateStringAdd(CallRuntime* call) {
12410 DCHECK_EQ(2, call->arguments()->length());
12411 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12412 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12413 HValue* right = Pop();
12414 HValue* left = Pop();
12415 HInstruction* result =
12416 NewUncasted<HStringAdd>(left, right, strength(function_language_mode()));
12417 return ast_context()->ReturnInstruction(result, call->id());
12421 // Fast support for SubString.
12422 void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
12423 DCHECK_EQ(3, call->arguments()->length());
12424 CHECK_ALIVE(VisitExpressions(call->arguments()));
12425 PushArgumentsFromEnvironment(call->arguments()->length());
12426 HCallStub* result = New<HCallStub>(CodeStub::SubString, 3);
12427 return ast_context()->ReturnInstruction(result, call->id());
12431 // Fast support for StringCompare.
12432 void HOptimizedGraphBuilder::GenerateStringCompare(CallRuntime* call) {
12433 DCHECK_EQ(2, call->arguments()->length());
12434 CHECK_ALIVE(VisitExpressions(call->arguments()));
12435 PushArgumentsFromEnvironment(call->arguments()->length());
12436 HCallStub* result = New<HCallStub>(CodeStub::StringCompare, 2);
12437 return ast_context()->ReturnInstruction(result, call->id());
12441 void HOptimizedGraphBuilder::GenerateStringGetLength(CallRuntime* call) {
12442 DCHECK(call->arguments()->length() == 1);
12443 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12444 HValue* string = Pop();
12445 HInstruction* result = BuildLoadStringLength(string);
12446 return ast_context()->ReturnInstruction(result, call->id());
12450 // Support for direct calls from JavaScript to native RegExp code.
12451 void HOptimizedGraphBuilder::GenerateRegExpExec(CallRuntime* call) {
12452 DCHECK_EQ(4, call->arguments()->length());
12453 CHECK_ALIVE(VisitExpressions(call->arguments()));
12454 PushArgumentsFromEnvironment(call->arguments()->length());
12455 HCallStub* result = New<HCallStub>(CodeStub::RegExpExec, 4);
12456 return ast_context()->ReturnInstruction(result, call->id());
12460 void HOptimizedGraphBuilder::GenerateDoubleLo(CallRuntime* call) {
12461 DCHECK_EQ(1, call->arguments()->length());
12462 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12463 HValue* value = Pop();
12464 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::LOW);
12465 return ast_context()->ReturnInstruction(result, call->id());
12469 void HOptimizedGraphBuilder::GenerateDoubleHi(CallRuntime* call) {
12470 DCHECK_EQ(1, call->arguments()->length());
12471 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12472 HValue* value = Pop();
12473 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::HIGH);
12474 return ast_context()->ReturnInstruction(result, call->id());
12478 void HOptimizedGraphBuilder::GenerateConstructDouble(CallRuntime* call) {
12479 DCHECK_EQ(2, call->arguments()->length());
12480 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12481 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12482 HValue* lo = Pop();
12483 HValue* hi = Pop();
12484 HInstruction* result = NewUncasted<HConstructDouble>(hi, lo);
12485 return ast_context()->ReturnInstruction(result, call->id());
12489 // Construct a RegExp exec result with two in-object properties.
12490 void HOptimizedGraphBuilder::GenerateRegExpConstructResult(CallRuntime* call) {
12491 DCHECK_EQ(3, call->arguments()->length());
12492 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12493 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12494 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12495 HValue* input = Pop();
12496 HValue* index = Pop();
12497 HValue* length = Pop();
12498 HValue* result = BuildRegExpConstructResult(length, index, input);
12499 return ast_context()->ReturnValue(result);
12503 // Fast support for number to string.
12504 void HOptimizedGraphBuilder::GenerateNumberToString(CallRuntime* call) {
12505 DCHECK_EQ(1, call->arguments()->length());
12506 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12507 HValue* number = Pop();
12508 HValue* result = BuildNumberToString(number, Type::Any(zone()));
12509 return ast_context()->ReturnValue(result);
12513 // Fast call for custom callbacks.
12514 void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
12515 // 1 ~ The function to call is not itself an argument to the call.
12516 int arg_count = call->arguments()->length() - 1;
12517 DCHECK(arg_count >= 1); // There's always at least a receiver.
12519 CHECK_ALIVE(VisitExpressions(call->arguments()));
12520 // The function is the last argument
12521 HValue* function = Pop();
12522 // Push the arguments to the stack
12523 PushArgumentsFromEnvironment(arg_count);
12525 IfBuilder if_is_jsfunction(this);
12526 if_is_jsfunction.If<HHasInstanceTypeAndBranch>(function, JS_FUNCTION_TYPE);
12528 if_is_jsfunction.Then();
12530 HInstruction* invoke_result =
12531 Add<HInvokeFunction>(function, arg_count);
12532 if (!ast_context()->IsEffect()) {
12533 Push(invoke_result);
12535 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12538 if_is_jsfunction.Else();
12540 HInstruction* call_result =
12541 Add<HCallFunction>(function, arg_count);
12542 if (!ast_context()->IsEffect()) {
12545 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12547 if_is_jsfunction.End();
12549 if (ast_context()->IsEffect()) {
12550 // EffectContext::ReturnValue ignores the value, so we can just pass
12551 // 'undefined' (as we do not have the call result anymore).
12552 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12554 return ast_context()->ReturnValue(Pop());
12559 // Fast call to math functions.
12560 void HOptimizedGraphBuilder::GenerateMathPow(CallRuntime* call) {
12561 DCHECK_EQ(2, call->arguments()->length());
12562 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12563 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12564 HValue* right = Pop();
12565 HValue* left = Pop();
12566 HInstruction* result = NewUncasted<HPower>(left, right);
12567 return ast_context()->ReturnInstruction(result, call->id());
12571 void HOptimizedGraphBuilder::GenerateMathClz32(CallRuntime* call) {
12572 DCHECK(call->arguments()->length() == 1);
12573 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12574 HValue* value = Pop();
12575 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathClz32);
12576 return ast_context()->ReturnInstruction(result, call->id());
12580 void HOptimizedGraphBuilder::GenerateMathFloor(CallRuntime* call) {
12581 DCHECK(call->arguments()->length() == 1);
12582 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12583 HValue* value = Pop();
12584 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathFloor);
12585 return ast_context()->ReturnInstruction(result, call->id());
12589 void HOptimizedGraphBuilder::GenerateMathLogRT(CallRuntime* call) {
12590 DCHECK(call->arguments()->length() == 1);
12591 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12592 HValue* value = Pop();
12593 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathLog);
12594 return ast_context()->ReturnInstruction(result, call->id());
12598 void HOptimizedGraphBuilder::GenerateMathSqrt(CallRuntime* call) {
12599 DCHECK(call->arguments()->length() == 1);
12600 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12601 HValue* value = Pop();
12602 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathSqrt);
12603 return ast_context()->ReturnInstruction(result, call->id());
12607 void HOptimizedGraphBuilder::GenerateLikely(CallRuntime* call) {
12608 DCHECK(call->arguments()->length() == 1);
12609 Visit(call->arguments()->at(0));
12613 void HOptimizedGraphBuilder::GenerateUnlikely(CallRuntime* call) {
12614 return GenerateLikely(call);
12618 void HOptimizedGraphBuilder::GenerateFixedArrayGet(CallRuntime* call) {
12619 DCHECK(call->arguments()->length() == 2);
12620 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12621 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12622 HValue* index = Pop();
12623 HValue* object = Pop();
12624 HInstruction* result = New<HLoadKeyed>(
12625 object, index, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE);
12626 return ast_context()->ReturnInstruction(result, call->id());
12630 void HOptimizedGraphBuilder::GenerateFixedArraySet(CallRuntime* call) {
12631 DCHECK(call->arguments()->length() == 3);
12632 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12633 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12634 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12635 HValue* value = Pop();
12636 HValue* index = Pop();
12637 HValue* object = Pop();
12638 NoObservableSideEffectsScope no_effects(this);
12639 Add<HStoreKeyed>(object, index, value, FAST_HOLEY_ELEMENTS);
12640 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12644 void HOptimizedGraphBuilder::GenerateTheHole(CallRuntime* call) {
12645 DCHECK(call->arguments()->length() == 0);
12646 return ast_context()->ReturnValue(graph()->GetConstantHole());
12650 void HOptimizedGraphBuilder::GenerateJSCollectionGetTable(CallRuntime* call) {
12651 DCHECK(call->arguments()->length() == 1);
12652 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12653 HValue* receiver = Pop();
12654 HInstruction* result = New<HLoadNamedField>(
12655 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12656 return ast_context()->ReturnInstruction(result, call->id());
12660 void HOptimizedGraphBuilder::GenerateStringGetRawHashField(CallRuntime* call) {
12661 DCHECK(call->arguments()->length() == 1);
12662 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12663 HValue* object = Pop();
12664 HInstruction* result = New<HLoadNamedField>(
12665 object, nullptr, HObjectAccess::ForStringHashField());
12666 return ast_context()->ReturnInstruction(result, call->id());
12670 template <typename CollectionType>
12671 HValue* HOptimizedGraphBuilder::BuildAllocateOrderedHashTable() {
12672 static const int kCapacity = CollectionType::kMinCapacity;
12673 static const int kBucketCount = kCapacity / CollectionType::kLoadFactor;
12674 static const int kFixedArrayLength = CollectionType::kHashTableStartIndex +
12676 (kCapacity * CollectionType::kEntrySize);
12677 static const int kSizeInBytes =
12678 FixedArray::kHeaderSize + (kFixedArrayLength * kPointerSize);
12680 // Allocate the table and add the proper map.
12682 Add<HAllocate>(Add<HConstant>(kSizeInBytes), HType::HeapObject(),
12683 NOT_TENURED, FIXED_ARRAY_TYPE);
12684 AddStoreMapConstant(table, isolate()->factory()->ordered_hash_table_map());
12686 // Initialize the FixedArray...
12687 HValue* length = Add<HConstant>(kFixedArrayLength);
12688 Add<HStoreNamedField>(table, HObjectAccess::ForFixedArrayLength(), length);
12690 // ...and the OrderedHashTable fields.
12691 Add<HStoreNamedField>(
12693 HObjectAccess::ForOrderedHashTableNumberOfBuckets<CollectionType>(),
12694 Add<HConstant>(kBucketCount));
12695 Add<HStoreNamedField>(
12697 HObjectAccess::ForOrderedHashTableNumberOfElements<CollectionType>(),
12698 graph()->GetConstant0());
12699 Add<HStoreNamedField>(
12700 table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12702 graph()->GetConstant0());
12704 // Fill the buckets with kNotFound.
12705 HValue* not_found = Add<HConstant>(CollectionType::kNotFound);
12706 for (int i = 0; i < kBucketCount; ++i) {
12707 Add<HStoreNamedField>(
12708 table, HObjectAccess::ForOrderedHashTableBucket<CollectionType>(i),
12712 // Fill the data table with undefined.
12713 HValue* undefined = graph()->GetConstantUndefined();
12714 for (int i = 0; i < (kCapacity * CollectionType::kEntrySize); ++i) {
12715 Add<HStoreNamedField>(table,
12716 HObjectAccess::ForOrderedHashTableDataTableIndex<
12717 CollectionType, kBucketCount>(i),
12725 void HOptimizedGraphBuilder::GenerateSetInitialize(CallRuntime* call) {
12726 DCHECK(call->arguments()->length() == 1);
12727 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12728 HValue* receiver = Pop();
12730 NoObservableSideEffectsScope no_effects(this);
12731 HValue* table = BuildAllocateOrderedHashTable<OrderedHashSet>();
12732 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12733 return ast_context()->ReturnValue(receiver);
12737 void HOptimizedGraphBuilder::GenerateMapInitialize(CallRuntime* call) {
12738 DCHECK(call->arguments()->length() == 1);
12739 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12740 HValue* receiver = Pop();
12742 NoObservableSideEffectsScope no_effects(this);
12743 HValue* table = BuildAllocateOrderedHashTable<OrderedHashMap>();
12744 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12745 return ast_context()->ReturnValue(receiver);
12749 template <typename CollectionType>
12750 void HOptimizedGraphBuilder::BuildOrderedHashTableClear(HValue* receiver) {
12751 HValue* old_table = Add<HLoadNamedField>(
12752 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12753 HValue* new_table = BuildAllocateOrderedHashTable<CollectionType>();
12754 Add<HStoreNamedField>(
12755 old_table, HObjectAccess::ForOrderedHashTableNextTable<CollectionType>(),
12757 Add<HStoreNamedField>(
12758 old_table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12760 Add<HConstant>(CollectionType::kClearedTableSentinel));
12761 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(),
12766 void HOptimizedGraphBuilder::GenerateSetClear(CallRuntime* call) {
12767 DCHECK(call->arguments()->length() == 1);
12768 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12769 HValue* receiver = Pop();
12771 NoObservableSideEffectsScope no_effects(this);
12772 BuildOrderedHashTableClear<OrderedHashSet>(receiver);
12773 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12777 void HOptimizedGraphBuilder::GenerateMapClear(CallRuntime* call) {
12778 DCHECK(call->arguments()->length() == 1);
12779 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12780 HValue* receiver = Pop();
12782 NoObservableSideEffectsScope no_effects(this);
12783 BuildOrderedHashTableClear<OrderedHashMap>(receiver);
12784 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12788 void HOptimizedGraphBuilder::GenerateGetCachedArrayIndex(CallRuntime* call) {
12789 DCHECK(call->arguments()->length() == 1);
12790 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12791 HValue* value = Pop();
12792 HGetCachedArrayIndex* result = New<HGetCachedArrayIndex>(value);
12793 return ast_context()->ReturnInstruction(result, call->id());
12797 void HOptimizedGraphBuilder::GenerateFastOneByteArrayJoin(CallRuntime* call) {
12798 // Simply returning undefined here would be semantically correct and even
12799 // avoid the bailout. Nevertheless, some ancient benchmarks like SunSpider's
12800 // string-fasta would tank, because fullcode contains an optimized version.
12801 // Obviously the fullcode => Crankshaft => bailout => fullcode dance is
12802 // faster... *sigh*
12803 return Bailout(kInlinedRuntimeFunctionFastOneByteArrayJoin);
12807 void HOptimizedGraphBuilder::GenerateDebugBreakInOptimizedCode(
12808 CallRuntime* call) {
12809 Add<HDebugBreak>();
12810 return ast_context()->ReturnValue(graph()->GetConstant0());
12814 void HOptimizedGraphBuilder::GenerateDebugIsActive(CallRuntime* call) {
12815 DCHECK(call->arguments()->length() == 0);
12817 Add<HConstant>(ExternalReference::debug_is_active_address(isolate()));
12819 Add<HLoadNamedField>(ref, nullptr, HObjectAccess::ForExternalUInteger8());
12820 return ast_context()->ReturnValue(value);
12824 void HOptimizedGraphBuilder::GenerateGetPrototype(CallRuntime* call) {
12825 DCHECK(call->arguments()->length() == 1);
12826 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12827 HValue* object = Pop();
12829 NoObservableSideEffectsScope no_effects(this);
12831 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
12832 HValue* bit_field =
12833 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField());
12834 HValue* is_access_check_needed_mask =
12835 Add<HConstant>(1 << Map::kIsAccessCheckNeeded);
12836 HValue* is_access_check_needed_test = AddUncasted<HBitwise>(
12837 Token::BIT_AND, bit_field, is_access_check_needed_mask);
12840 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForPrototype());
12841 HValue* proto_map =
12842 Add<HLoadNamedField>(proto, nullptr, HObjectAccess::ForMap());
12843 HValue* proto_bit_field =
12844 Add<HLoadNamedField>(proto_map, nullptr, HObjectAccess::ForMapBitField());
12845 HValue* is_hidden_prototype_mask =
12846 Add<HConstant>(1 << Map::kIsHiddenPrototype);
12847 HValue* is_hidden_prototype_test = AddUncasted<HBitwise>(
12848 Token::BIT_AND, proto_bit_field, is_hidden_prototype_mask);
12851 IfBuilder needs_runtime(this);
12852 needs_runtime.If<HCompareNumericAndBranch>(
12853 is_access_check_needed_test, graph()->GetConstant0(), Token::NE);
12854 needs_runtime.OrIf<HCompareNumericAndBranch>(
12855 is_hidden_prototype_test, graph()->GetConstant0(), Token::NE);
12857 needs_runtime.Then();
12859 Add<HPushArguments>(object);
12860 Push(Add<HCallRuntime>(
12861 call->name(), Runtime::FunctionForId(Runtime::kGetPrototype), 1));
12864 needs_runtime.Else();
12867 return ast_context()->ReturnValue(Pop());
12871 #undef CHECK_BAILOUT
12875 HEnvironment::HEnvironment(HEnvironment* outer,
12877 Handle<JSFunction> closure,
12879 : closure_(closure),
12881 frame_type_(JS_FUNCTION),
12882 parameter_count_(0),
12883 specials_count_(1),
12889 ast_id_(BailoutId::None()),
12891 Scope* declaration_scope = scope->DeclarationScope();
12892 Initialize(declaration_scope->num_parameters() + 1,
12893 declaration_scope->num_stack_slots(), 0);
12897 HEnvironment::HEnvironment(Zone* zone, int parameter_count)
12898 : values_(0, zone),
12900 parameter_count_(parameter_count),
12901 specials_count_(1),
12907 ast_id_(BailoutId::None()),
12909 Initialize(parameter_count, 0, 0);
12913 HEnvironment::HEnvironment(const HEnvironment* other, Zone* zone)
12914 : values_(0, zone),
12915 frame_type_(JS_FUNCTION),
12916 parameter_count_(0),
12917 specials_count_(0),
12923 ast_id_(other->ast_id()),
12929 HEnvironment::HEnvironment(HEnvironment* outer,
12930 Handle<JSFunction> closure,
12931 FrameType frame_type,
12934 : closure_(closure),
12935 values_(arguments, zone),
12936 frame_type_(frame_type),
12937 parameter_count_(arguments),
12938 specials_count_(0),
12944 ast_id_(BailoutId::None()),
12949 void HEnvironment::Initialize(int parameter_count,
12951 int stack_height) {
12952 parameter_count_ = parameter_count;
12953 local_count_ = local_count;
12955 // Avoid reallocating the temporaries' backing store on the first Push.
12956 int total = parameter_count + specials_count_ + local_count + stack_height;
12957 values_.Initialize(total + 4, zone());
12958 for (int i = 0; i < total; ++i) values_.Add(NULL, zone());
12962 void HEnvironment::Initialize(const HEnvironment* other) {
12963 closure_ = other->closure();
12964 values_.AddAll(other->values_, zone());
12965 assigned_variables_.Union(other->assigned_variables_, zone());
12966 frame_type_ = other->frame_type_;
12967 parameter_count_ = other->parameter_count_;
12968 local_count_ = other->local_count_;
12969 if (other->outer_ != NULL) outer_ = other->outer_->Copy(); // Deep copy.
12970 entry_ = other->entry_;
12971 pop_count_ = other->pop_count_;
12972 push_count_ = other->push_count_;
12973 specials_count_ = other->specials_count_;
12974 ast_id_ = other->ast_id_;
12978 void HEnvironment::AddIncomingEdge(HBasicBlock* block, HEnvironment* other) {
12979 DCHECK(!block->IsLoopHeader());
12980 DCHECK(values_.length() == other->values_.length());
12982 int length = values_.length();
12983 for (int i = 0; i < length; ++i) {
12984 HValue* value = values_[i];
12985 if (value != NULL && value->IsPhi() && value->block() == block) {
12986 // There is already a phi for the i'th value.
12987 HPhi* phi = HPhi::cast(value);
12988 // Assert index is correct and that we haven't missed an incoming edge.
12989 DCHECK(phi->merged_index() == i || !phi->HasMergedIndex());
12990 DCHECK(phi->OperandCount() == block->predecessors()->length());
12991 phi->AddInput(other->values_[i]);
12992 } else if (values_[i] != other->values_[i]) {
12993 // There is a fresh value on the incoming edge, a phi is needed.
12994 DCHECK(values_[i] != NULL && other->values_[i] != NULL);
12995 HPhi* phi = block->AddNewPhi(i);
12996 HValue* old_value = values_[i];
12997 for (int j = 0; j < block->predecessors()->length(); j++) {
12998 phi->AddInput(old_value);
13000 phi->AddInput(other->values_[i]);
13001 this->values_[i] = phi;
13007 void HEnvironment::Bind(int index, HValue* value) {
13008 DCHECK(value != NULL);
13009 assigned_variables_.Add(index, zone());
13010 values_[index] = value;
13014 bool HEnvironment::HasExpressionAt(int index) const {
13015 return index >= parameter_count_ + specials_count_ + local_count_;
13019 bool HEnvironment::ExpressionStackIsEmpty() const {
13020 DCHECK(length() >= first_expression_index());
13021 return length() == first_expression_index();
13025 void HEnvironment::SetExpressionStackAt(int index_from_top, HValue* value) {
13026 int count = index_from_top + 1;
13027 int index = values_.length() - count;
13028 DCHECK(HasExpressionAt(index));
13029 // The push count must include at least the element in question or else
13030 // the new value will not be included in this environment's history.
13031 if (push_count_ < count) {
13032 // This is the same effect as popping then re-pushing 'count' elements.
13033 pop_count_ += (count - push_count_);
13034 push_count_ = count;
13036 values_[index] = value;
13040 HValue* HEnvironment::RemoveExpressionStackAt(int index_from_top) {
13041 int count = index_from_top + 1;
13042 int index = values_.length() - count;
13043 DCHECK(HasExpressionAt(index));
13044 // Simulate popping 'count' elements and then
13045 // pushing 'count - 1' elements back.
13046 pop_count_ += Max(count - push_count_, 0);
13047 push_count_ = Max(push_count_ - count, 0) + (count - 1);
13048 return values_.Remove(index);
13052 void HEnvironment::Drop(int count) {
13053 for (int i = 0; i < count; ++i) {
13059 HEnvironment* HEnvironment::Copy() const {
13060 return new(zone()) HEnvironment(this, zone());
13064 HEnvironment* HEnvironment::CopyWithoutHistory() const {
13065 HEnvironment* result = Copy();
13066 result->ClearHistory();
13071 HEnvironment* HEnvironment::CopyAsLoopHeader(HBasicBlock* loop_header) const {
13072 HEnvironment* new_env = Copy();
13073 for (int i = 0; i < values_.length(); ++i) {
13074 HPhi* phi = loop_header->AddNewPhi(i);
13075 phi->AddInput(values_[i]);
13076 new_env->values_[i] = phi;
13078 new_env->ClearHistory();
13083 HEnvironment* HEnvironment::CreateStubEnvironment(HEnvironment* outer,
13084 Handle<JSFunction> target,
13085 FrameType frame_type,
13086 int arguments) const {
13087 HEnvironment* new_env =
13088 new(zone()) HEnvironment(outer, target, frame_type,
13089 arguments + 1, zone());
13090 for (int i = 0; i <= arguments; ++i) { // Include receiver.
13091 new_env->Push(ExpressionStackAt(arguments - i));
13093 new_env->ClearHistory();
13098 HEnvironment* HEnvironment::CopyForInlining(
13099 Handle<JSFunction> target,
13101 FunctionLiteral* function,
13102 HConstant* undefined,
13103 InliningKind inlining_kind) const {
13104 DCHECK(frame_type() == JS_FUNCTION);
13106 // Outer environment is a copy of this one without the arguments.
13107 int arity = function->scope()->num_parameters();
13109 HEnvironment* outer = Copy();
13110 outer->Drop(arguments + 1); // Including receiver.
13111 outer->ClearHistory();
13113 if (inlining_kind == CONSTRUCT_CALL_RETURN) {
13114 // Create artificial constructor stub environment. The receiver should
13115 // actually be the constructor function, but we pass the newly allocated
13116 // object instead, DoComputeConstructStubFrame() relies on that.
13117 outer = CreateStubEnvironment(outer, target, JS_CONSTRUCT, arguments);
13118 } else if (inlining_kind == GETTER_CALL_RETURN) {
13119 // We need an additional StackFrame::INTERNAL frame for restoring the
13120 // correct context.
13121 outer = CreateStubEnvironment(outer, target, JS_GETTER, arguments);
13122 } else if (inlining_kind == SETTER_CALL_RETURN) {
13123 // We need an additional StackFrame::INTERNAL frame for temporarily saving
13124 // the argument of the setter, see StoreStubCompiler::CompileStoreViaSetter.
13125 outer = CreateStubEnvironment(outer, target, JS_SETTER, arguments);
13128 if (arity != arguments) {
13129 // Create artificial arguments adaptation environment.
13130 outer = CreateStubEnvironment(outer, target, ARGUMENTS_ADAPTOR, arguments);
13133 HEnvironment* inner =
13134 new(zone()) HEnvironment(outer, function->scope(), target, zone());
13135 // Get the argument values from the original environment.
13136 for (int i = 0; i <= arity; ++i) { // Include receiver.
13137 HValue* push = (i <= arguments) ?
13138 ExpressionStackAt(arguments - i) : undefined;
13139 inner->SetValueAt(i, push);
13141 inner->SetValueAt(arity + 1, context());
13142 for (int i = arity + 2; i < inner->length(); ++i) {
13143 inner->SetValueAt(i, undefined);
13146 inner->set_ast_id(BailoutId::FunctionEntry());
13151 std::ostream& operator<<(std::ostream& os, const HEnvironment& env) {
13152 for (int i = 0; i < env.length(); i++) {
13153 if (i == 0) os << "parameters\n";
13154 if (i == env.parameter_count()) os << "specials\n";
13155 if (i == env.parameter_count() + env.specials_count()) os << "locals\n";
13156 if (i == env.parameter_count() + env.specials_count() + env.local_count()) {
13157 os << "expressions\n";
13159 HValue* val = env.values()->at(i);
13172 void HTracer::TraceCompilation(CompilationInfo* info) {
13173 Tag tag(this, "compilation");
13174 if (info->IsOptimizing()) {
13175 Handle<String> name = info->function()->debug_name();
13176 PrintStringProperty("name", name->ToCString().get());
13178 trace_.Add("method \"%s:%d\"\n",
13179 name->ToCString().get(),
13180 info->optimization_id());
13182 CodeStub::Major major_key = info->code_stub()->MajorKey();
13183 PrintStringProperty("name", CodeStub::MajorName(major_key, false));
13184 PrintStringProperty("method", "stub");
13186 PrintLongProperty("date",
13187 static_cast<int64_t>(base::OS::TimeCurrentMillis()));
13191 void HTracer::TraceLithium(const char* name, LChunk* chunk) {
13192 DCHECK(!chunk->isolate()->concurrent_recompilation_enabled());
13193 AllowHandleDereference allow_deref;
13194 AllowDeferredHandleDereference allow_deferred_deref;
13195 Trace(name, chunk->graph(), chunk);
13199 void HTracer::TraceHydrogen(const char* name, HGraph* graph) {
13200 DCHECK(!graph->isolate()->concurrent_recompilation_enabled());
13201 AllowHandleDereference allow_deref;
13202 AllowDeferredHandleDereference allow_deferred_deref;
13203 Trace(name, graph, NULL);
13207 void HTracer::Trace(const char* name, HGraph* graph, LChunk* chunk) {
13208 Tag tag(this, "cfg");
13209 PrintStringProperty("name", name);
13210 const ZoneList<HBasicBlock*>* blocks = graph->blocks();
13211 for (int i = 0; i < blocks->length(); i++) {
13212 HBasicBlock* current = blocks->at(i);
13213 Tag block_tag(this, "block");
13214 PrintBlockProperty("name", current->block_id());
13215 PrintIntProperty("from_bci", -1);
13216 PrintIntProperty("to_bci", -1);
13218 if (!current->predecessors()->is_empty()) {
13220 trace_.Add("predecessors");
13221 for (int j = 0; j < current->predecessors()->length(); ++j) {
13222 trace_.Add(" \"B%d\"", current->predecessors()->at(j)->block_id());
13226 PrintEmptyProperty("predecessors");
13229 if (current->end()->SuccessorCount() == 0) {
13230 PrintEmptyProperty("successors");
13233 trace_.Add("successors");
13234 for (HSuccessorIterator it(current->end()); !it.Done(); it.Advance()) {
13235 trace_.Add(" \"B%d\"", it.Current()->block_id());
13240 PrintEmptyProperty("xhandlers");
13244 trace_.Add("flags");
13245 if (current->IsLoopSuccessorDominator()) {
13246 trace_.Add(" \"dom-loop-succ\"");
13248 if (current->IsUnreachable()) {
13249 trace_.Add(" \"dead\"");
13251 if (current->is_osr_entry()) {
13252 trace_.Add(" \"osr\"");
13257 if (current->dominator() != NULL) {
13258 PrintBlockProperty("dominator", current->dominator()->block_id());
13261 PrintIntProperty("loop_depth", current->LoopNestingDepth());
13263 if (chunk != NULL) {
13264 int first_index = current->first_instruction_index();
13265 int last_index = current->last_instruction_index();
13268 LifetimePosition::FromInstructionIndex(first_index).Value());
13271 LifetimePosition::FromInstructionIndex(last_index).Value());
13275 Tag states_tag(this, "states");
13276 Tag locals_tag(this, "locals");
13277 int total = current->phis()->length();
13278 PrintIntProperty("size", current->phis()->length());
13279 PrintStringProperty("method", "None");
13280 for (int j = 0; j < total; ++j) {
13281 HPhi* phi = current->phis()->at(j);
13283 std::ostringstream os;
13284 os << phi->merged_index() << " " << NameOf(phi) << " " << *phi << "\n";
13285 trace_.Add(os.str().c_str());
13290 Tag HIR_tag(this, "HIR");
13291 for (HInstructionIterator it(current); !it.Done(); it.Advance()) {
13292 HInstruction* instruction = it.Current();
13293 int uses = instruction->UseCount();
13295 std::ostringstream os;
13296 os << "0 " << uses << " " << NameOf(instruction) << " " << *instruction;
13297 if (graph->info()->is_tracking_positions() &&
13298 instruction->has_position() && instruction->position().raw() != 0) {
13299 const SourcePosition pos = instruction->position();
13301 if (pos.inlining_id() != 0) os << pos.inlining_id() << "_";
13302 os << pos.position();
13305 trace_.Add(os.str().c_str());
13310 if (chunk != NULL) {
13311 Tag LIR_tag(this, "LIR");
13312 int first_index = current->first_instruction_index();
13313 int last_index = current->last_instruction_index();
13314 if (first_index != -1 && last_index != -1) {
13315 const ZoneList<LInstruction*>* instructions = chunk->instructions();
13316 for (int i = first_index; i <= last_index; ++i) {
13317 LInstruction* linstr = instructions->at(i);
13318 if (linstr != NULL) {
13321 LifetimePosition::FromInstructionIndex(i).Value());
13322 linstr->PrintTo(&trace_);
13323 std::ostringstream os;
13324 os << " [hir:" << NameOf(linstr->hydrogen_value()) << "] <|@\n";
13325 trace_.Add(os.str().c_str());
13334 void HTracer::TraceLiveRanges(const char* name, LAllocator* allocator) {
13335 Tag tag(this, "intervals");
13336 PrintStringProperty("name", name);
13338 const Vector<LiveRange*>* fixed_d = allocator->fixed_double_live_ranges();
13339 for (int i = 0; i < fixed_d->length(); ++i) {
13340 TraceLiveRange(fixed_d->at(i), "fixed", allocator->zone());
13343 const Vector<LiveRange*>* fixed = allocator->fixed_live_ranges();
13344 for (int i = 0; i < fixed->length(); ++i) {
13345 TraceLiveRange(fixed->at(i), "fixed", allocator->zone());
13348 const ZoneList<LiveRange*>* live_ranges = allocator->live_ranges();
13349 for (int i = 0; i < live_ranges->length(); ++i) {
13350 TraceLiveRange(live_ranges->at(i), "object", allocator->zone());
13355 void HTracer::TraceLiveRange(LiveRange* range, const char* type,
13357 if (range != NULL && !range->IsEmpty()) {
13359 trace_.Add("%d %s", range->id(), type);
13360 if (range->HasRegisterAssigned()) {
13361 LOperand* op = range->CreateAssignedOperand(zone);
13362 int assigned_reg = op->index();
13363 if (op->IsDoubleRegister()) {
13364 trace_.Add(" \"%s\"",
13365 DoubleRegister::AllocationIndexToString(assigned_reg));
13367 DCHECK(op->IsRegister());
13368 trace_.Add(" \"%s\"", Register::AllocationIndexToString(assigned_reg));
13370 } else if (range->IsSpilled()) {
13371 LOperand* op = range->TopLevel()->GetSpillOperand();
13372 if (op->IsDoubleStackSlot()) {
13373 trace_.Add(" \"double_stack:%d\"", op->index());
13375 DCHECK(op->IsStackSlot());
13376 trace_.Add(" \"stack:%d\"", op->index());
13379 int parent_index = -1;
13380 if (range->IsChild()) {
13381 parent_index = range->parent()->id();
13383 parent_index = range->id();
13385 LOperand* op = range->FirstHint();
13386 int hint_index = -1;
13387 if (op != NULL && op->IsUnallocated()) {
13388 hint_index = LUnallocated::cast(op)->virtual_register();
13390 trace_.Add(" %d %d", parent_index, hint_index);
13391 UseInterval* cur_interval = range->first_interval();
13392 while (cur_interval != NULL && range->Covers(cur_interval->start())) {
13393 trace_.Add(" [%d, %d[",
13394 cur_interval->start().Value(),
13395 cur_interval->end().Value());
13396 cur_interval = cur_interval->next();
13399 UsePosition* current_pos = range->first_pos();
13400 while (current_pos != NULL) {
13401 if (current_pos->RegisterIsBeneficial() || FLAG_trace_all_uses) {
13402 trace_.Add(" %d M", current_pos->pos().Value());
13404 current_pos = current_pos->next();
13407 trace_.Add(" \"\"\n");
13412 void HTracer::FlushToFile() {
13413 AppendChars(filename_.start(), trace_.ToCString().get(), trace_.length(),
13419 void HStatistics::Initialize(CompilationInfo* info) {
13420 if (info->shared_info().is_null()) return;
13421 source_size_ += info->shared_info()->SourceSize();
13425 void HStatistics::Print() {
13428 "----------------------------------------"
13429 "----------------------------------------\n"
13430 "--- Hydrogen timing results:\n"
13431 "----------------------------------------"
13432 "----------------------------------------\n");
13433 base::TimeDelta sum;
13434 for (int i = 0; i < times_.length(); ++i) {
13438 for (int i = 0; i < names_.length(); ++i) {
13439 PrintF("%33s", names_[i]);
13440 double ms = times_[i].InMillisecondsF();
13441 double percent = times_[i].PercentOf(sum);
13442 PrintF(" %8.3f ms / %4.1f %% ", ms, percent);
13444 size_t size = sizes_[i];
13445 double size_percent = static_cast<double>(size) * 100 / total_size_;
13446 PrintF(" %9zu bytes / %4.1f %%\n", size, size_percent);
13450 "----------------------------------------"
13451 "----------------------------------------\n");
13452 base::TimeDelta total = create_graph_ + optimize_graph_ + generate_code_;
13453 PrintF("%33s %8.3f ms / %4.1f %% \n", "Create graph",
13454 create_graph_.InMillisecondsF(), create_graph_.PercentOf(total));
13455 PrintF("%33s %8.3f ms / %4.1f %% \n", "Optimize graph",
13456 optimize_graph_.InMillisecondsF(), optimize_graph_.PercentOf(total));
13457 PrintF("%33s %8.3f ms / %4.1f %% \n", "Generate and install code",
13458 generate_code_.InMillisecondsF(), generate_code_.PercentOf(total));
13460 "----------------------------------------"
13461 "----------------------------------------\n");
13462 PrintF("%33s %8.3f ms %9zu bytes\n", "Total",
13463 total.InMillisecondsF(), total_size_);
13464 PrintF("%33s (%.1f times slower than full code gen)\n", "",
13465 total.TimesOf(full_code_gen_));
13467 double source_size_in_kb = static_cast<double>(source_size_) / 1024;
13468 double normalized_time = source_size_in_kb > 0
13469 ? total.InMillisecondsF() / source_size_in_kb
13471 double normalized_size_in_kb =
13472 source_size_in_kb > 0
13473 ? static_cast<double>(total_size_) / 1024 / source_size_in_kb
13475 PrintF("%33s %8.3f ms %7.3f kB allocated\n",
13476 "Average per kB source", normalized_time, normalized_size_in_kb);
13480 void HStatistics::SaveTiming(const char* name, base::TimeDelta time,
13482 total_size_ += size;
13483 for (int i = 0; i < names_.length(); ++i) {
13484 if (strcmp(names_[i], name) == 0) {
13496 HPhase::~HPhase() {
13497 if (ShouldProduceTraceOutput()) {
13498 isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
13502 graph_->Verify(false); // No full verify.
13506 } // namespace internal
projects / platform / upstream / v8.git / blob