1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "src/hydrogen.h"
11 #include "src/allocation-site-scopes.h"
12 #include "src/ast-numbering.h"
13 #include "src/full-codegen.h"
14 #include "src/hydrogen-bce.h"
15 #include "src/hydrogen-bch.h"
16 #include "src/hydrogen-canonicalize.h"
17 #include "src/hydrogen-check-elimination.h"
18 #include "src/hydrogen-dce.h"
19 #include "src/hydrogen-dehoist.h"
20 #include "src/hydrogen-environment-liveness.h"
21 #include "src/hydrogen-escape-analysis.h"
22 #include "src/hydrogen-gvn.h"
23 #include "src/hydrogen-infer-representation.h"
24 #include "src/hydrogen-infer-types.h"
25 #include "src/hydrogen-load-elimination.h"
26 #include "src/hydrogen-mark-deoptimize.h"
27 #include "src/hydrogen-mark-unreachable.h"
28 #include "src/hydrogen-osr.h"
29 #include "src/hydrogen-range-analysis.h"
30 #include "src/hydrogen-redundant-phi.h"
31 #include "src/hydrogen-removable-simulates.h"
32 #include "src/hydrogen-representation-changes.h"
33 #include "src/hydrogen-sce.h"
34 #include "src/hydrogen-store-elimination.h"
35 #include "src/hydrogen-uint32-analysis.h"
36 #include "src/ic/call-optimization.h"
37 #include "src/ic/ic.h"
39 #include "src/ic/ic-inl.h"
40 #include "src/lithium-allocator.h"
41 #include "src/parser.h"
42 #include "src/runtime/runtime.h"
43 #include "src/scopeinfo.h"
44 #include "src/typing.h"
46 #if V8_TARGET_ARCH_IA32
47 #include "src/ia32/lithium-codegen-ia32.h" // NOLINT
48 #elif V8_TARGET_ARCH_X64
49 #include "src/x64/lithium-codegen-x64.h" // NOLINT
50 #elif V8_TARGET_ARCH_ARM64
51 #include "src/arm64/lithium-codegen-arm64.h" // NOLINT
52 #elif V8_TARGET_ARCH_ARM
53 #include "src/arm/lithium-codegen-arm.h" // NOLINT
54 #elif V8_TARGET_ARCH_PPC
55 #include "src/ppc/lithium-codegen-ppc.h" // NOLINT
56 #elif V8_TARGET_ARCH_MIPS
57 #include "src/mips/lithium-codegen-mips.h" // NOLINT
58 #elif V8_TARGET_ARCH_MIPS64
59 #include "src/mips64/lithium-codegen-mips64.h" // NOLINT
60 #elif V8_TARGET_ARCH_X87
61 #include "src/x87/lithium-codegen-x87.h" // NOLINT
63 #error Unsupported target architecture.
69 HBasicBlock::HBasicBlock(HGraph* graph)
70 : block_id_(graph->GetNextBlockID()),
72 phis_(4, graph->zone()),
76 loop_information_(NULL),
77 predecessors_(2, graph->zone()),
79 dominated_blocks_(4, graph->zone()),
80 last_environment_(NULL),
82 first_instruction_index_(-1),
83 last_instruction_index_(-1),
84 deleted_phis_(4, graph->zone()),
85 parent_loop_header_(NULL),
86 inlined_entry_block_(NULL),
87 is_inline_return_target_(false),
89 dominates_loop_successors_(false),
91 is_ordered_(false) { }
94 Isolate* HBasicBlock::isolate() const {
95 return graph_->isolate();
99 void HBasicBlock::MarkUnreachable() {
100 is_reachable_ = false;
104 void HBasicBlock::AttachLoopInformation() {
105 DCHECK(!IsLoopHeader());
106 loop_information_ = new(zone()) HLoopInformation(this, zone());
110 void HBasicBlock::DetachLoopInformation() {
111 DCHECK(IsLoopHeader());
112 loop_information_ = NULL;
116 void HBasicBlock::AddPhi(HPhi* phi) {
117 DCHECK(!IsStartBlock());
118 phis_.Add(phi, zone());
123 void HBasicBlock::RemovePhi(HPhi* phi) {
124 DCHECK(phi->block() == this);
125 DCHECK(phis_.Contains(phi));
127 phis_.RemoveElement(phi);
132 void HBasicBlock::AddInstruction(HInstruction* instr, SourcePosition position) {
133 DCHECK(!IsStartBlock() || !IsFinished());
134 DCHECK(!instr->IsLinked());
135 DCHECK(!IsFinished());
137 if (!position.IsUnknown()) {
138 instr->set_position(position);
140 if (first_ == NULL) {
141 DCHECK(last_environment() != NULL);
142 DCHECK(!last_environment()->ast_id().IsNone());
143 HBlockEntry* entry = new(zone()) HBlockEntry();
144 entry->InitializeAsFirst(this);
145 if (!position.IsUnknown()) {
146 entry->set_position(position);
148 DCHECK(!FLAG_hydrogen_track_positions ||
149 !graph()->info()->IsOptimizing() || instr->IsAbnormalExit());
151 first_ = last_ = entry;
153 instr->InsertAfter(last_);
157 HPhi* HBasicBlock::AddNewPhi(int merged_index) {
158 if (graph()->IsInsideNoSideEffectsScope()) {
159 merged_index = HPhi::kInvalidMergedIndex;
161 HPhi* phi = new(zone()) HPhi(merged_index, zone());
167 HSimulate* HBasicBlock::CreateSimulate(BailoutId ast_id,
168 RemovableSimulate removable) {
169 DCHECK(HasEnvironment());
170 HEnvironment* environment = last_environment();
171 DCHECK(ast_id.IsNone() ||
172 ast_id == BailoutId::StubEntry() ||
173 environment->closure()->shared()->VerifyBailoutId(ast_id));
175 int push_count = environment->push_count();
176 int pop_count = environment->pop_count();
179 new(zone()) HSimulate(ast_id, pop_count, zone(), removable);
181 instr->set_closure(environment->closure());
183 // Order of pushed values: newest (top of stack) first. This allows
184 // HSimulate::MergeWith() to easily append additional pushed values
185 // that are older (from further down the stack).
186 for (int i = 0; i < push_count; ++i) {
187 instr->AddPushedValue(environment->ExpressionStackAt(i));
189 for (GrowableBitVector::Iterator it(environment->assigned_variables(),
193 int index = it.Current();
194 instr->AddAssignedValue(index, environment->Lookup(index));
196 environment->ClearHistory();
201 void HBasicBlock::Finish(HControlInstruction* end, SourcePosition position) {
202 DCHECK(!IsFinished());
203 AddInstruction(end, position);
205 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
206 it.Current()->RegisterPredecessor(this);
211 void HBasicBlock::Goto(HBasicBlock* block, SourcePosition position,
212 FunctionState* state, bool add_simulate) {
213 bool drop_extra = state != NULL &&
214 state->inlining_kind() == NORMAL_RETURN;
216 if (block->IsInlineReturnTarget()) {
217 HEnvironment* env = last_environment();
218 int argument_count = env->arguments_environment()->parameter_count();
219 AddInstruction(new(zone())
220 HLeaveInlined(state->entry(), argument_count),
222 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
225 if (add_simulate) AddNewSimulate(BailoutId::None(), position);
226 HGoto* instr = new(zone()) HGoto(block);
227 Finish(instr, position);
231 void HBasicBlock::AddLeaveInlined(HValue* return_value, FunctionState* state,
232 SourcePosition position) {
233 HBasicBlock* target = state->function_return();
234 bool drop_extra = state->inlining_kind() == NORMAL_RETURN;
236 DCHECK(target->IsInlineReturnTarget());
237 DCHECK(return_value != NULL);
238 HEnvironment* env = last_environment();
239 int argument_count = env->arguments_environment()->parameter_count();
240 AddInstruction(new(zone()) HLeaveInlined(state->entry(), argument_count),
242 UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
243 last_environment()->Push(return_value);
244 AddNewSimulate(BailoutId::None(), position);
245 HGoto* instr = new(zone()) HGoto(target);
246 Finish(instr, position);
250 void HBasicBlock::SetInitialEnvironment(HEnvironment* env) {
251 DCHECK(!HasEnvironment());
252 DCHECK(first() == NULL);
253 UpdateEnvironment(env);
257 void HBasicBlock::UpdateEnvironment(HEnvironment* env) {
258 last_environment_ = env;
259 graph()->update_maximum_environment_size(env->first_expression_index());
263 void HBasicBlock::SetJoinId(BailoutId ast_id) {
264 int length = predecessors_.length();
266 for (int i = 0; i < length; i++) {
267 HBasicBlock* predecessor = predecessors_[i];
268 DCHECK(predecessor->end()->IsGoto());
269 HSimulate* simulate = HSimulate::cast(predecessor->end()->previous());
271 (predecessor->last_environment()->closure().is_null() ||
272 predecessor->last_environment()->closure()->shared()
273 ->VerifyBailoutId(ast_id)));
274 simulate->set_ast_id(ast_id);
275 predecessor->last_environment()->set_ast_id(ast_id);
280 bool HBasicBlock::Dominates(HBasicBlock* other) const {
281 HBasicBlock* current = other->dominator();
282 while (current != NULL) {
283 if (current == this) return true;
284 current = current->dominator();
290 bool HBasicBlock::EqualToOrDominates(HBasicBlock* other) const {
291 if (this == other) return true;
292 return Dominates(other);
296 int HBasicBlock::LoopNestingDepth() const {
297 const HBasicBlock* current = this;
298 int result = (current->IsLoopHeader()) ? 1 : 0;
299 while (current->parent_loop_header() != NULL) {
300 current = current->parent_loop_header();
307 void HBasicBlock::PostProcessLoopHeader(IterationStatement* stmt) {
308 DCHECK(IsLoopHeader());
310 SetJoinId(stmt->EntryId());
311 if (predecessors()->length() == 1) {
312 // This is a degenerated loop.
313 DetachLoopInformation();
317 // Only the first entry into the loop is from outside the loop. All other
318 // entries must be back edges.
319 for (int i = 1; i < predecessors()->length(); ++i) {
320 loop_information()->RegisterBackEdge(predecessors()->at(i));
325 void HBasicBlock::MarkSuccEdgeUnreachable(int succ) {
326 DCHECK(IsFinished());
327 HBasicBlock* succ_block = end()->SuccessorAt(succ);
329 DCHECK(succ_block->predecessors()->length() == 1);
330 succ_block->MarkUnreachable();
334 void HBasicBlock::RegisterPredecessor(HBasicBlock* pred) {
335 if (HasPredecessor()) {
336 // Only loop header blocks can have a predecessor added after
337 // instructions have been added to the block (they have phis for all
338 // values in the environment, these phis may be eliminated later).
339 DCHECK(IsLoopHeader() || first_ == NULL);
340 HEnvironment* incoming_env = pred->last_environment();
341 if (IsLoopHeader()) {
342 DCHECK(phis()->length() == incoming_env->length());
343 for (int i = 0; i < phis_.length(); ++i) {
344 phis_[i]->AddInput(incoming_env->values()->at(i));
347 last_environment()->AddIncomingEdge(this, pred->last_environment());
349 } else if (!HasEnvironment() && !IsFinished()) {
350 DCHECK(!IsLoopHeader());
351 SetInitialEnvironment(pred->last_environment()->Copy());
354 predecessors_.Add(pred, zone());
358 void HBasicBlock::AddDominatedBlock(HBasicBlock* block) {
359 DCHECK(!dominated_blocks_.Contains(block));
360 // Keep the list of dominated blocks sorted such that if there is two
361 // succeeding block in this list, the predecessor is before the successor.
363 while (index < dominated_blocks_.length() &&
364 dominated_blocks_[index]->block_id() < block->block_id()) {
367 dominated_blocks_.InsertAt(index, block, zone());
371 void HBasicBlock::AssignCommonDominator(HBasicBlock* other) {
372 if (dominator_ == NULL) {
374 other->AddDominatedBlock(this);
375 } else if (other->dominator() != NULL) {
376 HBasicBlock* first = dominator_;
377 HBasicBlock* second = other;
379 while (first != second) {
380 if (first->block_id() > second->block_id()) {
381 first = first->dominator();
383 second = second->dominator();
385 DCHECK(first != NULL && second != NULL);
388 if (dominator_ != first) {
389 DCHECK(dominator_->dominated_blocks_.Contains(this));
390 dominator_->dominated_blocks_.RemoveElement(this);
392 first->AddDominatedBlock(this);
398 void HBasicBlock::AssignLoopSuccessorDominators() {
399 // Mark blocks that dominate all subsequent reachable blocks inside their
400 // loop. Exploit the fact that blocks are sorted in reverse post order. When
401 // the loop is visited in increasing block id order, if the number of
402 // non-loop-exiting successor edges at the dominator_candidate block doesn't
403 // exceed the number of previously encountered predecessor edges, there is no
404 // path from the loop header to any block with higher id that doesn't go
405 // through the dominator_candidate block. In this case, the
406 // dominator_candidate block is guaranteed to dominate all blocks reachable
407 // from it with higher ids.
408 HBasicBlock* last = loop_information()->GetLastBackEdge();
409 int outstanding_successors = 1; // one edge from the pre-header
410 // Header always dominates everything.
411 MarkAsLoopSuccessorDominator();
412 for (int j = block_id(); j <= last->block_id(); ++j) {
413 HBasicBlock* dominator_candidate = graph_->blocks()->at(j);
414 for (HPredecessorIterator it(dominator_candidate); !it.Done();
416 HBasicBlock* predecessor = it.Current();
417 // Don't count back edges.
418 if (predecessor->block_id() < dominator_candidate->block_id()) {
419 outstanding_successors--;
423 // If more successors than predecessors have been seen in the loop up to
424 // now, it's not possible to guarantee that the current block dominates
425 // all of the blocks with higher IDs. In this case, assume conservatively
426 // that those paths through loop that don't go through the current block
427 // contain all of the loop's dependencies. Also be careful to record
428 // dominator information about the current loop that's being processed,
429 // and not nested loops, which will be processed when
430 // AssignLoopSuccessorDominators gets called on their header.
431 DCHECK(outstanding_successors >= 0);
432 HBasicBlock* parent_loop_header = dominator_candidate->parent_loop_header();
433 if (outstanding_successors == 0 &&
434 (parent_loop_header == this && !dominator_candidate->IsLoopHeader())) {
435 dominator_candidate->MarkAsLoopSuccessorDominator();
437 HControlInstruction* end = dominator_candidate->end();
438 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
439 HBasicBlock* successor = it.Current();
440 // Only count successors that remain inside the loop and don't loop back
442 if (successor->block_id() > dominator_candidate->block_id() &&
443 successor->block_id() <= last->block_id()) {
444 // Backwards edges must land on loop headers.
445 DCHECK(successor->block_id() > dominator_candidate->block_id() ||
446 successor->IsLoopHeader());
447 outstanding_successors++;
454 int HBasicBlock::PredecessorIndexOf(HBasicBlock* predecessor) const {
455 for (int i = 0; i < predecessors_.length(); ++i) {
456 if (predecessors_[i] == predecessor) return i;
464 void HBasicBlock::Verify() {
465 // Check that every block is finished.
466 DCHECK(IsFinished());
467 DCHECK(block_id() >= 0);
469 // Check that the incoming edges are in edge split form.
470 if (predecessors_.length() > 1) {
471 for (int i = 0; i < predecessors_.length(); ++i) {
472 DCHECK(predecessors_[i]->end()->SecondSuccessor() == NULL);
479 void HLoopInformation::RegisterBackEdge(HBasicBlock* block) {
480 this->back_edges_.Add(block, block->zone());
485 HBasicBlock* HLoopInformation::GetLastBackEdge() const {
487 HBasicBlock* result = NULL;
488 for (int i = 0; i < back_edges_.length(); ++i) {
489 HBasicBlock* cur = back_edges_[i];
490 if (cur->block_id() > max_id) {
491 max_id = cur->block_id();
499 void HLoopInformation::AddBlock(HBasicBlock* block) {
500 if (block == loop_header()) return;
501 if (block->parent_loop_header() == loop_header()) return;
502 if (block->parent_loop_header() != NULL) {
503 AddBlock(block->parent_loop_header());
505 block->set_parent_loop_header(loop_header());
506 blocks_.Add(block, block->zone());
507 for (int i = 0; i < block->predecessors()->length(); ++i) {
508 AddBlock(block->predecessors()->at(i));
516 // Checks reachability of the blocks in this graph and stores a bit in
517 // the BitVector "reachable()" for every block that can be reached
518 // from the start block of the graph. If "dont_visit" is non-null, the given
519 // block is treated as if it would not be part of the graph. "visited_count()"
520 // returns the number of reachable blocks.
521 class ReachabilityAnalyzer BASE_EMBEDDED {
523 ReachabilityAnalyzer(HBasicBlock* entry_block,
525 HBasicBlock* dont_visit)
527 stack_(16, entry_block->zone()),
528 reachable_(block_count, entry_block->zone()),
529 dont_visit_(dont_visit) {
530 PushBlock(entry_block);
534 int visited_count() const { return visited_count_; }
535 const BitVector* reachable() const { return &reachable_; }
538 void PushBlock(HBasicBlock* block) {
539 if (block != NULL && block != dont_visit_ &&
540 !reachable_.Contains(block->block_id())) {
541 reachable_.Add(block->block_id());
542 stack_.Add(block, block->zone());
548 while (!stack_.is_empty()) {
549 HControlInstruction* end = stack_.RemoveLast()->end();
550 for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
551 PushBlock(it.Current());
557 ZoneList<HBasicBlock*> stack_;
558 BitVector reachable_;
559 HBasicBlock* dont_visit_;
563 void HGraph::Verify(bool do_full_verify) const {
564 Heap::RelocationLock relocation_lock(isolate()->heap());
565 AllowHandleDereference allow_deref;
566 AllowDeferredHandleDereference allow_deferred_deref;
567 for (int i = 0; i < blocks_.length(); i++) {
568 HBasicBlock* block = blocks_.at(i);
572 // Check that every block contains at least one node and that only the last
573 // node is a control instruction.
574 HInstruction* current = block->first();
575 DCHECK(current != NULL && current->IsBlockEntry());
576 while (current != NULL) {
577 DCHECK((current->next() == NULL) == current->IsControlInstruction());
578 DCHECK(current->block() == block);
580 current = current->next();
583 // Check that successors are correctly set.
584 HBasicBlock* first = block->end()->FirstSuccessor();
585 HBasicBlock* second = block->end()->SecondSuccessor();
586 DCHECK(second == NULL || first != NULL);
588 // Check that the predecessor array is correct.
590 DCHECK(first->predecessors()->Contains(block));
591 if (second != NULL) {
592 DCHECK(second->predecessors()->Contains(block));
596 // Check that phis have correct arguments.
597 for (int j = 0; j < block->phis()->length(); j++) {
598 HPhi* phi = block->phis()->at(j);
602 // Check that all join blocks have predecessors that end with an
603 // unconditional goto and agree on their environment node id.
604 if (block->predecessors()->length() >= 2) {
606 block->predecessors()->first()->last_environment()->ast_id();
607 for (int k = 0; k < block->predecessors()->length(); k++) {
608 HBasicBlock* predecessor = block->predecessors()->at(k);
609 DCHECK(predecessor->end()->IsGoto() ||
610 predecessor->end()->IsDeoptimize());
611 DCHECK(predecessor->last_environment()->ast_id() == id);
616 // Check special property of first block to have no predecessors.
617 DCHECK(blocks_.at(0)->predecessors()->is_empty());
619 if (do_full_verify) {
620 // Check that the graph is fully connected.
621 ReachabilityAnalyzer analyzer(entry_block_, blocks_.length(), NULL);
622 DCHECK(analyzer.visited_count() == blocks_.length());
624 // Check that entry block dominator is NULL.
625 DCHECK(entry_block_->dominator() == NULL);
628 for (int i = 0; i < blocks_.length(); ++i) {
629 HBasicBlock* block = blocks_.at(i);
630 if (block->dominator() == NULL) {
631 // Only start block may have no dominator assigned to.
634 // Assert that block is unreachable if dominator must not be visited.
635 ReachabilityAnalyzer dominator_analyzer(entry_block_,
638 DCHECK(!dominator_analyzer.reachable()->Contains(block->block_id()));
647 HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
649 if (!pointer->is_set()) {
650 // Can't pass GetInvalidContext() to HConstant::New, because that will
651 // recursively call GetConstant
652 HConstant* constant = HConstant::New(isolate(), zone(), NULL, value);
653 constant->InsertAfter(entry_block()->first());
654 pointer->set(constant);
657 return ReinsertConstantIfNecessary(pointer->get());
661 HConstant* HGraph::ReinsertConstantIfNecessary(HConstant* constant) {
662 if (!constant->IsLinked()) {
663 // The constant was removed from the graph. Reinsert.
664 constant->ClearFlag(HValue::kIsDead);
665 constant->InsertAfter(entry_block()->first());
671 HConstant* HGraph::GetConstant0() {
672 return GetConstant(&constant_0_, 0);
676 HConstant* HGraph::GetConstant1() {
677 return GetConstant(&constant_1_, 1);
681 HConstant* HGraph::GetConstantMinus1() {
682 return GetConstant(&constant_minus1_, -1);
686 #define DEFINE_GET_CONSTANT(Name, name, type, htype, boolean_value) \
687 HConstant* HGraph::GetConstant##Name() { \
688 if (!constant_##name##_.is_set()) { \
689 HConstant* constant = new(zone()) HConstant( \
690 Unique<Object>::CreateImmovable(isolate()->factory()->name##_value()), \
691 Unique<Map>::CreateImmovable(isolate()->factory()->type##_map()), \
693 Representation::Tagged(), \
699 constant->InsertAfter(entry_block()->first()); \
700 constant_##name##_.set(constant); \
702 return ReinsertConstantIfNecessary(constant_##name##_.get()); \
706 DEFINE_GET_CONSTANT(Undefined, undefined, undefined, HType::Undefined(), false)
707 DEFINE_GET_CONSTANT(True, true, boolean, HType::Boolean(), true)
708 DEFINE_GET_CONSTANT(False, false, boolean, HType::Boolean(), false)
709 DEFINE_GET_CONSTANT(Hole, the_hole, the_hole, HType::None(), false)
710 DEFINE_GET_CONSTANT(Null, null, null, HType::Null(), false)
713 #undef DEFINE_GET_CONSTANT
715 #define DEFINE_IS_CONSTANT(Name, name) \
716 bool HGraph::IsConstant##Name(HConstant* constant) { \
717 return constant_##name##_.is_set() && constant == constant_##name##_.get(); \
719 DEFINE_IS_CONSTANT(Undefined, undefined)
720 DEFINE_IS_CONSTANT(0, 0)
721 DEFINE_IS_CONSTANT(1, 1)
722 DEFINE_IS_CONSTANT(Minus1, minus1)
723 DEFINE_IS_CONSTANT(True, true)
724 DEFINE_IS_CONSTANT(False, false)
725 DEFINE_IS_CONSTANT(Hole, the_hole)
726 DEFINE_IS_CONSTANT(Null, null)
728 #undef DEFINE_IS_CONSTANT
731 HConstant* HGraph::GetInvalidContext() {
732 return GetConstant(&constant_invalid_context_, 0xFFFFC0C7);
736 bool HGraph::IsStandardConstant(HConstant* constant) {
737 if (IsConstantUndefined(constant)) return true;
738 if (IsConstant0(constant)) return true;
739 if (IsConstant1(constant)) return true;
740 if (IsConstantMinus1(constant)) return true;
741 if (IsConstantTrue(constant)) return true;
742 if (IsConstantFalse(constant)) return true;
743 if (IsConstantHole(constant)) return true;
744 if (IsConstantNull(constant)) return true;
749 HGraphBuilder::IfBuilder::IfBuilder() : builder_(NULL), needs_compare_(true) {}
752 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder)
753 : needs_compare_(true) {
758 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder,
759 HIfContinuation* continuation)
760 : needs_compare_(false), first_true_block_(NULL), first_false_block_(NULL) {
761 InitializeDontCreateBlocks(builder);
762 continuation->Continue(&first_true_block_, &first_false_block_);
766 void HGraphBuilder::IfBuilder::InitializeDontCreateBlocks(
767 HGraphBuilder* builder) {
772 did_else_if_ = false;
776 pending_merge_block_ = false;
777 split_edge_merge_block_ = NULL;
778 merge_at_join_blocks_ = NULL;
779 normal_merge_at_join_block_count_ = 0;
780 deopt_merge_at_join_block_count_ = 0;
784 void HGraphBuilder::IfBuilder::Initialize(HGraphBuilder* builder) {
785 InitializeDontCreateBlocks(builder);
786 HEnvironment* env = builder->environment();
787 first_true_block_ = builder->CreateBasicBlock(env->Copy());
788 first_false_block_ = builder->CreateBasicBlock(env->Copy());
792 HControlInstruction* HGraphBuilder::IfBuilder::AddCompare(
793 HControlInstruction* compare) {
794 DCHECK(did_then_ == did_else_);
796 // Handle if-then-elseif
802 pending_merge_block_ = false;
803 split_edge_merge_block_ = NULL;
804 HEnvironment* env = builder()->environment();
805 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
806 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
808 if (split_edge_merge_block_ != NULL) {
809 HEnvironment* env = first_false_block_->last_environment();
810 HBasicBlock* split_edge = builder()->CreateBasicBlock(env->Copy());
812 compare->SetSuccessorAt(0, split_edge);
813 compare->SetSuccessorAt(1, first_false_block_);
815 compare->SetSuccessorAt(0, first_true_block_);
816 compare->SetSuccessorAt(1, split_edge);
818 builder()->GotoNoSimulate(split_edge, split_edge_merge_block_);
820 compare->SetSuccessorAt(0, first_true_block_);
821 compare->SetSuccessorAt(1, first_false_block_);
823 builder()->FinishCurrentBlock(compare);
824 needs_compare_ = false;
829 void HGraphBuilder::IfBuilder::Or() {
830 DCHECK(!needs_compare_);
833 HEnvironment* env = first_false_block_->last_environment();
834 if (split_edge_merge_block_ == NULL) {
835 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
836 builder()->GotoNoSimulate(first_true_block_, split_edge_merge_block_);
837 first_true_block_ = split_edge_merge_block_;
839 builder()->set_current_block(first_false_block_);
840 first_false_block_ = builder()->CreateBasicBlock(env->Copy());
844 void HGraphBuilder::IfBuilder::And() {
845 DCHECK(!needs_compare_);
848 HEnvironment* env = first_false_block_->last_environment();
849 if (split_edge_merge_block_ == NULL) {
850 split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
851 builder()->GotoNoSimulate(first_false_block_, split_edge_merge_block_);
852 first_false_block_ = split_edge_merge_block_;
854 builder()->set_current_block(first_true_block_);
855 first_true_block_ = builder()->CreateBasicBlock(env->Copy());
859 void HGraphBuilder::IfBuilder::CaptureContinuation(
860 HIfContinuation* continuation) {
861 DCHECK(!did_else_if_);
865 HBasicBlock* true_block = NULL;
866 HBasicBlock* false_block = NULL;
867 Finish(&true_block, &false_block);
868 DCHECK(true_block != NULL);
869 DCHECK(false_block != NULL);
870 continuation->Capture(true_block, false_block);
872 builder()->set_current_block(NULL);
877 void HGraphBuilder::IfBuilder::JoinContinuation(HIfContinuation* continuation) {
878 DCHECK(!did_else_if_);
881 HBasicBlock* true_block = NULL;
882 HBasicBlock* false_block = NULL;
883 Finish(&true_block, &false_block);
884 merge_at_join_blocks_ = NULL;
885 if (true_block != NULL && !true_block->IsFinished()) {
886 DCHECK(continuation->IsTrueReachable());
887 builder()->GotoNoSimulate(true_block, continuation->true_branch());
889 if (false_block != NULL && !false_block->IsFinished()) {
890 DCHECK(continuation->IsFalseReachable());
891 builder()->GotoNoSimulate(false_block, continuation->false_branch());
898 void HGraphBuilder::IfBuilder::Then() {
902 if (needs_compare_) {
903 // Handle if's without any expressions, they jump directly to the "else"
904 // branch. However, we must pretend that the "then" branch is reachable,
905 // so that the graph builder visits it and sees any live range extending
906 // constructs within it.
907 HConstant* constant_false = builder()->graph()->GetConstantFalse();
908 ToBooleanStub::Types boolean_type = ToBooleanStub::Types();
909 boolean_type.Add(ToBooleanStub::BOOLEAN);
910 HBranch* branch = builder()->New<HBranch>(
911 constant_false, boolean_type, first_true_block_, first_false_block_);
912 builder()->FinishCurrentBlock(branch);
914 builder()->set_current_block(first_true_block_);
915 pending_merge_block_ = true;
919 void HGraphBuilder::IfBuilder::Else() {
923 AddMergeAtJoinBlock(false);
924 builder()->set_current_block(first_false_block_);
925 pending_merge_block_ = true;
930 void HGraphBuilder::IfBuilder::Deopt(Deoptimizer::DeoptReason reason) {
932 builder()->Add<HDeoptimize>(reason, Deoptimizer::EAGER);
933 AddMergeAtJoinBlock(true);
937 void HGraphBuilder::IfBuilder::Return(HValue* value) {
938 HValue* parameter_count = builder()->graph()->GetConstantMinus1();
939 builder()->FinishExitCurrentBlock(
940 builder()->New<HReturn>(value, parameter_count));
941 AddMergeAtJoinBlock(false);
945 void HGraphBuilder::IfBuilder::AddMergeAtJoinBlock(bool deopt) {
946 if (!pending_merge_block_) return;
947 HBasicBlock* block = builder()->current_block();
948 DCHECK(block == NULL || !block->IsFinished());
949 MergeAtJoinBlock* record = new (builder()->zone())
950 MergeAtJoinBlock(block, deopt, merge_at_join_blocks_);
951 merge_at_join_blocks_ = record;
953 DCHECK(block->end() == NULL);
955 normal_merge_at_join_block_count_++;
957 deopt_merge_at_join_block_count_++;
960 builder()->set_current_block(NULL);
961 pending_merge_block_ = false;
965 void HGraphBuilder::IfBuilder::Finish() {
970 AddMergeAtJoinBlock(false);
973 AddMergeAtJoinBlock(false);
979 void HGraphBuilder::IfBuilder::Finish(HBasicBlock** then_continuation,
980 HBasicBlock** else_continuation) {
983 MergeAtJoinBlock* else_record = merge_at_join_blocks_;
984 if (else_continuation != NULL) {
985 *else_continuation = else_record->block_;
987 MergeAtJoinBlock* then_record = else_record->next_;
988 if (then_continuation != NULL) {
989 *then_continuation = then_record->block_;
991 DCHECK(then_record->next_ == NULL);
995 void HGraphBuilder::IfBuilder::End() {
996 if (captured_) return;
999 int total_merged_blocks = normal_merge_at_join_block_count_ +
1000 deopt_merge_at_join_block_count_;
1001 DCHECK(total_merged_blocks >= 1);
1002 HBasicBlock* merge_block =
1003 total_merged_blocks == 1 ? NULL : builder()->graph()->CreateBasicBlock();
1005 // Merge non-deopt blocks first to ensure environment has right size for
1007 MergeAtJoinBlock* current = merge_at_join_blocks_;
1008 while (current != NULL) {
1009 if (!current->deopt_ && current->block_ != NULL) {
1010 // If there is only one block that makes it through to the end of the
1011 // if, then just set it as the current block and continue rather then
1012 // creating an unnecessary merge block.
1013 if (total_merged_blocks == 1) {
1014 builder()->set_current_block(current->block_);
1017 builder()->GotoNoSimulate(current->block_, merge_block);
1019 current = current->next_;
1022 // Merge deopt blocks, padding when necessary.
1023 current = merge_at_join_blocks_;
1024 while (current != NULL) {
1025 if (current->deopt_ && current->block_ != NULL) {
1026 current->block_->FinishExit(
1027 HAbnormalExit::New(builder()->isolate(), builder()->zone(), NULL),
1028 SourcePosition::Unknown());
1030 current = current->next_;
1032 builder()->set_current_block(merge_block);
1036 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder) {
1037 Initialize(builder, NULL, kWhileTrue, NULL);
1041 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1042 LoopBuilder::Direction direction) {
1043 Initialize(builder, context, direction, builder->graph()->GetConstant1());
1047 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1048 LoopBuilder::Direction direction,
1049 HValue* increment_amount) {
1050 Initialize(builder, context, direction, increment_amount);
1051 increment_amount_ = increment_amount;
1055 void HGraphBuilder::LoopBuilder::Initialize(HGraphBuilder* builder,
1057 Direction direction,
1058 HValue* increment_amount) {
1061 direction_ = direction;
1062 increment_amount_ = increment_amount;
1065 header_block_ = builder->CreateLoopHeaderBlock();
1068 exit_trampoline_block_ = NULL;
1072 HValue* HGraphBuilder::LoopBuilder::BeginBody(
1074 HValue* terminating,
1075 Token::Value token) {
1076 DCHECK(direction_ != kWhileTrue);
1077 HEnvironment* env = builder_->environment();
1078 phi_ = header_block_->AddNewPhi(env->values()->length());
1079 phi_->AddInput(initial);
1081 builder_->GotoNoSimulate(header_block_);
1083 HEnvironment* body_env = env->Copy();
1084 HEnvironment* exit_env = env->Copy();
1085 // Remove the phi from the expression stack
1088 body_block_ = builder_->CreateBasicBlock(body_env);
1089 exit_block_ = builder_->CreateBasicBlock(exit_env);
1091 builder_->set_current_block(header_block_);
1093 builder_->FinishCurrentBlock(builder_->New<HCompareNumericAndBranch>(
1094 phi_, terminating, token, body_block_, exit_block_));
1096 builder_->set_current_block(body_block_);
1097 if (direction_ == kPreIncrement || direction_ == kPreDecrement) {
1098 Isolate* isolate = builder_->isolate();
1099 HValue* one = builder_->graph()->GetConstant1();
1100 if (direction_ == kPreIncrement) {
1101 increment_ = HAdd::New(isolate, zone(), context_, phi_, one);
1103 increment_ = HSub::New(isolate, zone(), context_, phi_, one);
1105 increment_->ClearFlag(HValue::kCanOverflow);
1106 builder_->AddInstruction(increment_);
1114 void HGraphBuilder::LoopBuilder::BeginBody(int drop_count) {
1115 DCHECK(direction_ == kWhileTrue);
1116 HEnvironment* env = builder_->environment();
1117 builder_->GotoNoSimulate(header_block_);
1118 builder_->set_current_block(header_block_);
1119 env->Drop(drop_count);
1123 void HGraphBuilder::LoopBuilder::Break() {
1124 if (exit_trampoline_block_ == NULL) {
1125 // Its the first time we saw a break.
1126 if (direction_ == kWhileTrue) {
1127 HEnvironment* env = builder_->environment()->Copy();
1128 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1130 HEnvironment* env = exit_block_->last_environment()->Copy();
1131 exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1132 builder_->GotoNoSimulate(exit_block_, exit_trampoline_block_);
1136 builder_->GotoNoSimulate(exit_trampoline_block_);
1137 builder_->set_current_block(NULL);
1141 void HGraphBuilder::LoopBuilder::EndBody() {
1144 if (direction_ == kPostIncrement || direction_ == kPostDecrement) {
1145 Isolate* isolate = builder_->isolate();
1146 if (direction_ == kPostIncrement) {
1148 HAdd::New(isolate, zone(), context_, phi_, increment_amount_);
1151 HSub::New(isolate, zone(), context_, phi_, increment_amount_);
1153 increment_->ClearFlag(HValue::kCanOverflow);
1154 builder_->AddInstruction(increment_);
1157 if (direction_ != kWhileTrue) {
1158 // Push the new increment value on the expression stack to merge into
1160 builder_->environment()->Push(increment_);
1162 HBasicBlock* last_block = builder_->current_block();
1163 builder_->GotoNoSimulate(last_block, header_block_);
1164 header_block_->loop_information()->RegisterBackEdge(last_block);
1166 if (exit_trampoline_block_ != NULL) {
1167 builder_->set_current_block(exit_trampoline_block_);
1169 builder_->set_current_block(exit_block_);
1175 HGraph* HGraphBuilder::CreateGraph() {
1176 graph_ = new(zone()) HGraph(info_);
1177 if (FLAG_hydrogen_stats) isolate()->GetHStatistics()->Initialize(info_);
1178 CompilationPhase phase("H_Block building", info_);
1179 set_current_block(graph()->entry_block());
1180 if (!BuildGraph()) return NULL;
1181 graph()->FinalizeUniqueness();
1186 HInstruction* HGraphBuilder::AddInstruction(HInstruction* instr) {
1187 DCHECK(current_block() != NULL);
1188 DCHECK(!FLAG_hydrogen_track_positions ||
1189 !position_.IsUnknown() ||
1190 !info_->IsOptimizing());
1191 current_block()->AddInstruction(instr, source_position());
1192 if (graph()->IsInsideNoSideEffectsScope()) {
1193 instr->SetFlag(HValue::kHasNoObservableSideEffects);
1199 void HGraphBuilder::FinishCurrentBlock(HControlInstruction* last) {
1200 DCHECK(!FLAG_hydrogen_track_positions ||
1201 !info_->IsOptimizing() ||
1202 !position_.IsUnknown());
1203 current_block()->Finish(last, source_position());
1204 if (last->IsReturn() || last->IsAbnormalExit()) {
1205 set_current_block(NULL);
1210 void HGraphBuilder::FinishExitCurrentBlock(HControlInstruction* instruction) {
1211 DCHECK(!FLAG_hydrogen_track_positions || !info_->IsOptimizing() ||
1212 !position_.IsUnknown());
1213 current_block()->FinishExit(instruction, source_position());
1214 if (instruction->IsReturn() || instruction->IsAbnormalExit()) {
1215 set_current_block(NULL);
1220 void HGraphBuilder::AddIncrementCounter(StatsCounter* counter) {
1221 if (FLAG_native_code_counters && counter->Enabled()) {
1222 HValue* reference = Add<HConstant>(ExternalReference(counter));
1224 Add<HLoadNamedField>(reference, nullptr, HObjectAccess::ForCounter());
1225 HValue* new_value = AddUncasted<HAdd>(old_value, graph()->GetConstant1());
1226 new_value->ClearFlag(HValue::kCanOverflow); // Ignore counter overflow
1227 Add<HStoreNamedField>(reference, HObjectAccess::ForCounter(),
1228 new_value, STORE_TO_INITIALIZED_ENTRY);
1233 void HGraphBuilder::AddSimulate(BailoutId id,
1234 RemovableSimulate removable) {
1235 DCHECK(current_block() != NULL);
1236 DCHECK(!graph()->IsInsideNoSideEffectsScope());
1237 current_block()->AddNewSimulate(id, source_position(), removable);
1241 HBasicBlock* HGraphBuilder::CreateBasicBlock(HEnvironment* env) {
1242 HBasicBlock* b = graph()->CreateBasicBlock();
1243 b->SetInitialEnvironment(env);
1248 HBasicBlock* HGraphBuilder::CreateLoopHeaderBlock() {
1249 HBasicBlock* header = graph()->CreateBasicBlock();
1250 HEnvironment* entry_env = environment()->CopyAsLoopHeader(header);
1251 header->SetInitialEnvironment(entry_env);
1252 header->AttachLoopInformation();
1257 HValue* HGraphBuilder::BuildGetElementsKind(HValue* object) {
1258 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
1260 HValue* bit_field2 =
1261 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField2());
1262 return BuildDecodeField<Map::ElementsKindBits>(bit_field2);
1266 HValue* HGraphBuilder::BuildCheckHeapObject(HValue* obj) {
1267 if (obj->type().IsHeapObject()) return obj;
1268 return Add<HCheckHeapObject>(obj);
1272 void HGraphBuilder::FinishExitWithHardDeoptimization(
1273 Deoptimizer::DeoptReason reason) {
1274 Add<HDeoptimize>(reason, Deoptimizer::EAGER);
1275 FinishExitCurrentBlock(New<HAbnormalExit>());
1279 HValue* HGraphBuilder::BuildCheckString(HValue* string) {
1280 if (!string->type().IsString()) {
1281 DCHECK(!string->IsConstant() ||
1282 !HConstant::cast(string)->HasStringValue());
1283 BuildCheckHeapObject(string);
1284 return Add<HCheckInstanceType>(string, HCheckInstanceType::IS_STRING);
1290 HValue* HGraphBuilder::BuildWrapReceiver(HValue* object, HValue* function) {
1291 if (object->type().IsJSObject()) return object;
1292 if (function->IsConstant() &&
1293 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
1294 Handle<JSFunction> f = Handle<JSFunction>::cast(
1295 HConstant::cast(function)->handle(isolate()));
1296 SharedFunctionInfo* shared = f->shared();
1297 if (is_strict(shared->language_mode()) || shared->native()) return object;
1299 return Add<HWrapReceiver>(object, function);
1303 HValue* HGraphBuilder::BuildCheckAndGrowElementsCapacity(
1304 HValue* object, HValue* elements, ElementsKind kind, HValue* length,
1305 HValue* capacity, HValue* key) {
1306 HValue* max_gap = Add<HConstant>(static_cast<int32_t>(JSObject::kMaxGap));
1307 HValue* max_capacity = AddUncasted<HAdd>(capacity, max_gap);
1308 Add<HBoundsCheck>(key, max_capacity);
1310 HValue* new_capacity = BuildNewElementsCapacity(key);
1311 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind, kind,
1312 length, new_capacity);
1313 return new_elements;
1317 HValue* HGraphBuilder::BuildCheckForCapacityGrow(
1324 PropertyAccessType access_type) {
1325 IfBuilder length_checker(this);
1327 Token::Value token = IsHoleyElementsKind(kind) ? Token::GTE : Token::EQ;
1328 length_checker.If<HCompareNumericAndBranch>(key, length, token);
1330 length_checker.Then();
1332 HValue* current_capacity = AddLoadFixedArrayLength(elements);
1334 if (top_info()->IsStub()) {
1335 IfBuilder capacity_checker(this);
1336 capacity_checker.If<HCompareNumericAndBranch>(key, current_capacity,
1338 capacity_checker.Then();
1339 HValue* new_elements = BuildCheckAndGrowElementsCapacity(
1340 object, elements, kind, length, current_capacity, key);
1341 environment()->Push(new_elements);
1342 capacity_checker.Else();
1343 environment()->Push(elements);
1344 capacity_checker.End();
1346 HValue* result = Add<HMaybeGrowElements>(
1347 object, elements, key, current_capacity, is_js_array, kind);
1348 environment()->Push(result);
1352 HValue* new_length = AddUncasted<HAdd>(key, graph_->GetConstant1());
1353 new_length->ClearFlag(HValue::kCanOverflow);
1355 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(kind),
1359 if (access_type == STORE && kind == FAST_SMI_ELEMENTS) {
1360 HValue* checked_elements = environment()->Top();
1362 // Write zero to ensure that the new element is initialized with some smi.
1363 Add<HStoreKeyed>(checked_elements, key, graph()->GetConstant0(), kind);
1366 length_checker.Else();
1367 Add<HBoundsCheck>(key, length);
1369 environment()->Push(elements);
1370 length_checker.End();
1372 return environment()->Pop();
1376 HValue* HGraphBuilder::BuildCopyElementsOnWrite(HValue* object,
1380 Factory* factory = isolate()->factory();
1382 IfBuilder cow_checker(this);
1384 cow_checker.If<HCompareMap>(elements, factory->fixed_cow_array_map());
1387 HValue* capacity = AddLoadFixedArrayLength(elements);
1389 HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind,
1390 kind, length, capacity);
1392 environment()->Push(new_elements);
1396 environment()->Push(elements);
1400 return environment()->Pop();
1404 void HGraphBuilder::BuildTransitionElementsKind(HValue* object,
1406 ElementsKind from_kind,
1407 ElementsKind to_kind,
1409 DCHECK(!IsFastHoleyElementsKind(from_kind) ||
1410 IsFastHoleyElementsKind(to_kind));
1412 if (AllocationSite::GetMode(from_kind, to_kind) == TRACK_ALLOCATION_SITE) {
1413 Add<HTrapAllocationMemento>(object);
1416 if (!IsSimpleMapChangeTransition(from_kind, to_kind)) {
1417 HInstruction* elements = AddLoadElements(object);
1419 HInstruction* empty_fixed_array = Add<HConstant>(
1420 isolate()->factory()->empty_fixed_array());
1422 IfBuilder if_builder(this);
1424 if_builder.IfNot<HCompareObjectEqAndBranch>(elements, empty_fixed_array);
1428 HInstruction* elements_length = AddLoadFixedArrayLength(elements);
1430 HInstruction* array_length =
1432 ? Add<HLoadNamedField>(object, nullptr,
1433 HObjectAccess::ForArrayLength(from_kind))
1436 BuildGrowElementsCapacity(object, elements, from_kind, to_kind,
1437 array_length, elements_length);
1442 Add<HStoreNamedField>(object, HObjectAccess::ForMap(), map);
1446 void HGraphBuilder::BuildJSObjectCheck(HValue* receiver,
1447 int bit_field_mask) {
1448 // Check that the object isn't a smi.
1449 Add<HCheckHeapObject>(receiver);
1451 // Get the map of the receiver.
1453 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1455 // Check the instance type and if an access check is needed, this can be
1456 // done with a single load, since both bytes are adjacent in the map.
1457 HObjectAccess access(HObjectAccess::ForMapInstanceTypeAndBitField());
1458 HValue* instance_type_and_bit_field =
1459 Add<HLoadNamedField>(map, nullptr, access);
1461 HValue* mask = Add<HConstant>(0x00FF | (bit_field_mask << 8));
1462 HValue* and_result = AddUncasted<HBitwise>(Token::BIT_AND,
1463 instance_type_and_bit_field,
1465 HValue* sub_result = AddUncasted<HSub>(and_result,
1466 Add<HConstant>(JS_OBJECT_TYPE));
1467 Add<HBoundsCheck>(sub_result,
1468 Add<HConstant>(LAST_JS_OBJECT_TYPE + 1 - JS_OBJECT_TYPE));
1472 void HGraphBuilder::BuildKeyedIndexCheck(HValue* key,
1473 HIfContinuation* join_continuation) {
1474 // The sometimes unintuitively backward ordering of the ifs below is
1475 // convoluted, but necessary. All of the paths must guarantee that the
1476 // if-true of the continuation returns a smi element index and the if-false of
1477 // the continuation returns either a symbol or a unique string key. All other
1478 // object types cause a deopt to fall back to the runtime.
1480 IfBuilder key_smi_if(this);
1481 key_smi_if.If<HIsSmiAndBranch>(key);
1484 Push(key); // Nothing to do, just continue to true of continuation.
1488 HValue* map = Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForMap());
1489 HValue* instance_type =
1490 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1492 // Non-unique string, check for a string with a hash code that is actually
1494 STATIC_ASSERT(LAST_UNIQUE_NAME_TYPE == FIRST_NONSTRING_TYPE);
1495 IfBuilder not_string_or_name_if(this);
1496 not_string_or_name_if.If<HCompareNumericAndBranch>(
1498 Add<HConstant>(LAST_UNIQUE_NAME_TYPE),
1501 not_string_or_name_if.Then();
1503 // Non-smi, non-Name, non-String: Try to convert to smi in case of
1505 // TODO(danno): This could call some variant of ToString
1506 Push(AddUncasted<HForceRepresentation>(key, Representation::Smi()));
1508 not_string_or_name_if.Else();
1510 // String or Name: check explicitly for Name, they can short-circuit
1511 // directly to unique non-index key path.
1512 IfBuilder not_symbol_if(this);
1513 not_symbol_if.If<HCompareNumericAndBranch>(
1515 Add<HConstant>(SYMBOL_TYPE),
1518 not_symbol_if.Then();
1520 // String: check whether the String is a String of an index. If it is,
1521 // extract the index value from the hash.
1522 HValue* hash = Add<HLoadNamedField>(key, nullptr,
1523 HObjectAccess::ForNameHashField());
1524 HValue* not_index_mask = Add<HConstant>(static_cast<int>(
1525 String::kContainsCachedArrayIndexMask));
1527 HValue* not_index_test = AddUncasted<HBitwise>(
1528 Token::BIT_AND, hash, not_index_mask);
1530 IfBuilder string_index_if(this);
1531 string_index_if.If<HCompareNumericAndBranch>(not_index_test,
1532 graph()->GetConstant0(),
1534 string_index_if.Then();
1536 // String with index in hash: extract string and merge to index path.
1537 Push(BuildDecodeField<String::ArrayIndexValueBits>(hash));
1539 string_index_if.Else();
1541 // Key is a non-index String, check for uniqueness/internalization.
1542 // If it's not internalized yet, internalize it now.
1543 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1546 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1548 IfBuilder internalized(this);
1549 internalized.If<HCompareNumericAndBranch>(not_internalized_bit,
1550 graph()->GetConstant0(),
1552 internalized.Then();
1555 internalized.Else();
1556 Add<HPushArguments>(key);
1557 HValue* intern_key = Add<HCallRuntime>(
1558 isolate()->factory()->empty_string(),
1559 Runtime::FunctionForId(Runtime::kInternalizeString), 1);
1563 // Key guaranteed to be a unique string
1565 string_index_if.JoinContinuation(join_continuation);
1567 not_symbol_if.Else();
1569 Push(key); // Key is symbol
1571 not_symbol_if.JoinContinuation(join_continuation);
1573 not_string_or_name_if.JoinContinuation(join_continuation);
1575 key_smi_if.JoinContinuation(join_continuation);
1579 void HGraphBuilder::BuildNonGlobalObjectCheck(HValue* receiver) {
1580 // Get the the instance type of the receiver, and make sure that it is
1581 // not one of the global object types.
1583 Add<HLoadNamedField>(receiver, nullptr, HObjectAccess::ForMap());
1584 HValue* instance_type =
1585 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1586 STATIC_ASSERT(JS_BUILTINS_OBJECT_TYPE == JS_GLOBAL_OBJECT_TYPE + 1);
1587 HValue* min_global_type = Add<HConstant>(JS_GLOBAL_OBJECT_TYPE);
1588 HValue* max_global_type = Add<HConstant>(JS_BUILTINS_OBJECT_TYPE);
1590 IfBuilder if_global_object(this);
1591 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1594 if_global_object.And();
1595 if_global_object.If<HCompareNumericAndBranch>(instance_type,
1598 if_global_object.ThenDeopt(Deoptimizer::kReceiverWasAGlobalObject);
1599 if_global_object.End();
1603 void HGraphBuilder::BuildTestForDictionaryProperties(
1605 HIfContinuation* continuation) {
1606 HValue* properties = Add<HLoadNamedField>(
1607 object, nullptr, HObjectAccess::ForPropertiesPointer());
1608 HValue* properties_map =
1609 Add<HLoadNamedField>(properties, nullptr, HObjectAccess::ForMap());
1610 HValue* hash_map = Add<HLoadRoot>(Heap::kHashTableMapRootIndex);
1611 IfBuilder builder(this);
1612 builder.If<HCompareObjectEqAndBranch>(properties_map, hash_map);
1613 builder.CaptureContinuation(continuation);
1617 HValue* HGraphBuilder::BuildKeyedLookupCacheHash(HValue* object,
1619 // Load the map of the receiver, compute the keyed lookup cache hash
1620 // based on 32 bits of the map pointer and the string hash.
1621 HValue* object_map =
1622 Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMapAsInteger32());
1623 HValue* shifted_map = AddUncasted<HShr>(
1624 object_map, Add<HConstant>(KeyedLookupCache::kMapHashShift));
1625 HValue* string_hash =
1626 Add<HLoadNamedField>(key, nullptr, HObjectAccess::ForStringHashField());
1627 HValue* shifted_hash = AddUncasted<HShr>(
1628 string_hash, Add<HConstant>(String::kHashShift));
1629 HValue* xor_result = AddUncasted<HBitwise>(Token::BIT_XOR, shifted_map,
1631 int mask = (KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask);
1632 return AddUncasted<HBitwise>(Token::BIT_AND, xor_result,
1633 Add<HConstant>(mask));
1637 HValue* HGraphBuilder::BuildElementIndexHash(HValue* index) {
1638 int32_t seed_value = static_cast<uint32_t>(isolate()->heap()->HashSeed());
1639 HValue* seed = Add<HConstant>(seed_value);
1640 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, index, seed);
1642 // hash = ~hash + (hash << 15);
1643 HValue* shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(15));
1644 HValue* not_hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash,
1645 graph()->GetConstantMinus1());
1646 hash = AddUncasted<HAdd>(shifted_hash, not_hash);
1648 // hash = hash ^ (hash >> 12);
1649 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(12));
1650 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1652 // hash = hash + (hash << 2);
1653 shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(2));
1654 hash = AddUncasted<HAdd>(hash, shifted_hash);
1656 // hash = hash ^ (hash >> 4);
1657 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(4));
1658 hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1660 // hash = hash * 2057;
1661 hash = AddUncasted<HMul>(hash, Add<HConstant>(2057));
1662 hash->ClearFlag(HValue::kCanOverflow);
1664 // hash = hash ^ (hash >> 16);
1665 shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(16));
1666 return AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1670 HValue* HGraphBuilder::BuildUncheckedDictionaryElementLoad(HValue* receiver,
1675 Add<HLoadKeyed>(elements, Add<HConstant>(NameDictionary::kCapacityIndex),
1676 nullptr, FAST_ELEMENTS);
1678 HValue* mask = AddUncasted<HSub>(capacity, graph()->GetConstant1());
1679 mask->ChangeRepresentation(Representation::Integer32());
1680 mask->ClearFlag(HValue::kCanOverflow);
1682 HValue* entry = hash;
1683 HValue* count = graph()->GetConstant1();
1687 HIfContinuation return_or_loop_continuation(graph()->CreateBasicBlock(),
1688 graph()->CreateBasicBlock());
1689 HIfContinuation found_key_match_continuation(graph()->CreateBasicBlock(),
1690 graph()->CreateBasicBlock());
1691 LoopBuilder probe_loop(this);
1692 probe_loop.BeginBody(2); // Drop entry, count from last environment to
1693 // appease live range building without simulates.
1697 entry = AddUncasted<HBitwise>(Token::BIT_AND, entry, mask);
1698 int entry_size = SeededNumberDictionary::kEntrySize;
1699 HValue* base_index = AddUncasted<HMul>(entry, Add<HConstant>(entry_size));
1700 base_index->ClearFlag(HValue::kCanOverflow);
1701 int start_offset = SeededNumberDictionary::kElementsStartIndex;
1703 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset));
1704 key_index->ClearFlag(HValue::kCanOverflow);
1706 HValue* candidate_key =
1707 Add<HLoadKeyed>(elements, key_index, nullptr, FAST_ELEMENTS);
1708 IfBuilder if_undefined(this);
1709 if_undefined.If<HCompareObjectEqAndBranch>(candidate_key,
1710 graph()->GetConstantUndefined());
1711 if_undefined.Then();
1713 // element == undefined means "not found". Call the runtime.
1714 // TODO(jkummerow): walk the prototype chain instead.
1715 Add<HPushArguments>(receiver, key);
1716 Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
1717 Runtime::FunctionForId(Runtime::kKeyedGetProperty),
1720 if_undefined.Else();
1722 IfBuilder if_match(this);
1723 if_match.If<HCompareObjectEqAndBranch>(candidate_key, key);
1727 // Update non-internalized string in the dictionary with internalized key?
1728 IfBuilder if_update_with_internalized(this);
1730 if_update_with_internalized.IfNot<HIsSmiAndBranch>(candidate_key);
1731 if_update_with_internalized.And();
1732 HValue* map = AddLoadMap(candidate_key, smi_check);
1733 HValue* instance_type =
1734 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
1735 HValue* not_internalized_bit = AddUncasted<HBitwise>(
1736 Token::BIT_AND, instance_type,
1737 Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1738 if_update_with_internalized.If<HCompareNumericAndBranch>(
1739 not_internalized_bit, graph()->GetConstant0(), Token::NE);
1740 if_update_with_internalized.And();
1741 if_update_with_internalized.IfNot<HCompareObjectEqAndBranch>(
1742 candidate_key, graph()->GetConstantHole());
1743 if_update_with_internalized.AndIf<HStringCompareAndBranch>(candidate_key,
1745 if_update_with_internalized.Then();
1746 // Replace a key that is a non-internalized string by the equivalent
1747 // internalized string for faster further lookups.
1748 Add<HStoreKeyed>(elements, key_index, key, FAST_ELEMENTS);
1749 if_update_with_internalized.Else();
1751 if_update_with_internalized.JoinContinuation(&found_key_match_continuation);
1752 if_match.JoinContinuation(&found_key_match_continuation);
1754 IfBuilder found_key_match(this, &found_key_match_continuation);
1755 found_key_match.Then();
1756 // Key at current probe matches. Relevant bits in the |details| field must
1757 // be zero, otherwise the dictionary element requires special handling.
1758 HValue* details_index =
1759 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 2));
1760 details_index->ClearFlag(HValue::kCanOverflow);
1762 Add<HLoadKeyed>(elements, details_index, nullptr, FAST_ELEMENTS);
1763 int details_mask = PropertyDetails::TypeField::kMask;
1764 details = AddUncasted<HBitwise>(Token::BIT_AND, details,
1765 Add<HConstant>(details_mask));
1766 IfBuilder details_compare(this);
1767 details_compare.If<HCompareNumericAndBranch>(
1768 details, graph()->GetConstant0(), Token::EQ);
1769 details_compare.Then();
1770 HValue* result_index =
1771 AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 1));
1772 result_index->ClearFlag(HValue::kCanOverflow);
1773 Push(Add<HLoadKeyed>(elements, result_index, nullptr, FAST_ELEMENTS));
1774 details_compare.Else();
1775 Add<HPushArguments>(receiver, key);
1776 Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
1777 Runtime::FunctionForId(Runtime::kKeyedGetProperty),
1779 details_compare.End();
1781 found_key_match.Else();
1782 found_key_match.JoinContinuation(&return_or_loop_continuation);
1784 if_undefined.JoinContinuation(&return_or_loop_continuation);
1786 IfBuilder return_or_loop(this, &return_or_loop_continuation);
1787 return_or_loop.Then();
1790 return_or_loop.Else();
1791 entry = AddUncasted<HAdd>(entry, count);
1792 entry->ClearFlag(HValue::kCanOverflow);
1793 count = AddUncasted<HAdd>(count, graph()->GetConstant1());
1794 count->ClearFlag(HValue::kCanOverflow);
1798 probe_loop.EndBody();
1800 return_or_loop.End();
1806 HValue* HGraphBuilder::BuildRegExpConstructResult(HValue* length,
1809 NoObservableSideEffectsScope scope(this);
1810 HConstant* max_length = Add<HConstant>(JSObject::kInitialMaxFastElementArray);
1811 Add<HBoundsCheck>(length, max_length);
1813 // Generate size calculation code here in order to make it dominate
1814 // the JSRegExpResult allocation.
1815 ElementsKind elements_kind = FAST_ELEMENTS;
1816 HValue* size = BuildCalculateElementsSize(elements_kind, length);
1818 // Allocate the JSRegExpResult and the FixedArray in one step.
1819 HValue* result = Add<HAllocate>(
1820 Add<HConstant>(JSRegExpResult::kSize), HType::JSArray(),
1821 NOT_TENURED, JS_ARRAY_TYPE);
1823 // Initialize the JSRegExpResult header.
1824 HValue* global_object = Add<HLoadNamedField>(
1826 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
1827 HValue* native_context = Add<HLoadNamedField>(
1828 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
1829 Add<HStoreNamedField>(
1830 result, HObjectAccess::ForMap(),
1831 Add<HLoadNamedField>(
1832 native_context, nullptr,
1833 HObjectAccess::ForContextSlot(Context::REGEXP_RESULT_MAP_INDEX)));
1834 HConstant* empty_fixed_array =
1835 Add<HConstant>(isolate()->factory()->empty_fixed_array());
1836 Add<HStoreNamedField>(
1837 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
1839 Add<HStoreNamedField>(
1840 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1842 Add<HStoreNamedField>(
1843 result, HObjectAccess::ForJSArrayOffset(JSArray::kLengthOffset), length);
1845 // Initialize the additional fields.
1846 Add<HStoreNamedField>(
1847 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kIndexOffset),
1849 Add<HStoreNamedField>(
1850 result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kInputOffset),
1853 // Allocate and initialize the elements header.
1854 HAllocate* elements = BuildAllocateElements(elements_kind, size);
1855 BuildInitializeElementsHeader(elements, elements_kind, length);
1857 if (!elements->has_size_upper_bound()) {
1858 HConstant* size_in_bytes_upper_bound = EstablishElementsAllocationSize(
1859 elements_kind, max_length->Integer32Value());
1860 elements->set_size_upper_bound(size_in_bytes_upper_bound);
1863 Add<HStoreNamedField>(
1864 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1867 // Initialize the elements contents with undefined.
1868 BuildFillElementsWithValue(
1869 elements, elements_kind, graph()->GetConstant0(), length,
1870 graph()->GetConstantUndefined());
1876 HValue* HGraphBuilder::BuildNumberToString(HValue* object, Type* type) {
1877 NoObservableSideEffectsScope scope(this);
1879 // Convert constant numbers at compile time.
1880 if (object->IsConstant() && HConstant::cast(object)->HasNumberValue()) {
1881 Handle<Object> number = HConstant::cast(object)->handle(isolate());
1882 Handle<String> result = isolate()->factory()->NumberToString(number);
1883 return Add<HConstant>(result);
1886 // Create a joinable continuation.
1887 HIfContinuation found(graph()->CreateBasicBlock(),
1888 graph()->CreateBasicBlock());
1890 // Load the number string cache.
1891 HValue* number_string_cache =
1892 Add<HLoadRoot>(Heap::kNumberStringCacheRootIndex);
1894 // Make the hash mask from the length of the number string cache. It
1895 // contains two elements (number and string) for each cache entry.
1896 HValue* mask = AddLoadFixedArrayLength(number_string_cache);
1897 mask->set_type(HType::Smi());
1898 mask = AddUncasted<HSar>(mask, graph()->GetConstant1());
1899 mask = AddUncasted<HSub>(mask, graph()->GetConstant1());
1901 // Check whether object is a smi.
1902 IfBuilder if_objectissmi(this);
1903 if_objectissmi.If<HIsSmiAndBranch>(object);
1904 if_objectissmi.Then();
1906 // Compute hash for smi similar to smi_get_hash().
1907 HValue* hash = AddUncasted<HBitwise>(Token::BIT_AND, object, mask);
1910 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1911 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1912 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1914 // Check if object == key.
1915 IfBuilder if_objectiskey(this);
1916 if_objectiskey.If<HCompareObjectEqAndBranch>(object, key);
1917 if_objectiskey.Then();
1919 // Make the key_index available.
1922 if_objectiskey.JoinContinuation(&found);
1924 if_objectissmi.Else();
1926 if (type->Is(Type::SignedSmall())) {
1927 if_objectissmi.Deopt(Deoptimizer::kExpectedSmi);
1929 // Check if the object is a heap number.
1930 IfBuilder if_objectisnumber(this);
1931 HValue* objectisnumber = if_objectisnumber.If<HCompareMap>(
1932 object, isolate()->factory()->heap_number_map());
1933 if_objectisnumber.Then();
1935 // Compute hash for heap number similar to double_get_hash().
1936 HValue* low = Add<HLoadNamedField>(
1937 object, objectisnumber,
1938 HObjectAccess::ForHeapNumberValueLowestBits());
1939 HValue* high = Add<HLoadNamedField>(
1940 object, objectisnumber,
1941 HObjectAccess::ForHeapNumberValueHighestBits());
1942 HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, low, high);
1943 hash = AddUncasted<HBitwise>(Token::BIT_AND, hash, mask);
1946 HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1947 HValue* key = Add<HLoadKeyed>(number_string_cache, key_index, nullptr,
1948 FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1950 // Check if the key is a heap number and compare it with the object.
1951 IfBuilder if_keyisnotsmi(this);
1952 HValue* keyisnotsmi = if_keyisnotsmi.IfNot<HIsSmiAndBranch>(key);
1953 if_keyisnotsmi.Then();
1955 IfBuilder if_keyisheapnumber(this);
1956 if_keyisheapnumber.If<HCompareMap>(
1957 key, isolate()->factory()->heap_number_map());
1958 if_keyisheapnumber.Then();
1960 // Check if values of key and object match.
1961 IfBuilder if_keyeqobject(this);
1962 if_keyeqobject.If<HCompareNumericAndBranch>(
1963 Add<HLoadNamedField>(key, keyisnotsmi,
1964 HObjectAccess::ForHeapNumberValue()),
1965 Add<HLoadNamedField>(object, objectisnumber,
1966 HObjectAccess::ForHeapNumberValue()),
1968 if_keyeqobject.Then();
1970 // Make the key_index available.
1973 if_keyeqobject.JoinContinuation(&found);
1975 if_keyisheapnumber.JoinContinuation(&found);
1977 if_keyisnotsmi.JoinContinuation(&found);
1979 if_objectisnumber.Else();
1981 if (type->Is(Type::Number())) {
1982 if_objectisnumber.Deopt(Deoptimizer::kExpectedHeapNumber);
1985 if_objectisnumber.JoinContinuation(&found);
1988 if_objectissmi.JoinContinuation(&found);
1990 // Check for cache hit.
1991 IfBuilder if_found(this, &found);
1994 // Count number to string operation in native code.
1995 AddIncrementCounter(isolate()->counters()->number_to_string_native());
1997 // Load the value in case of cache hit.
1998 HValue* key_index = Pop();
1999 HValue* value_index = AddUncasted<HAdd>(key_index, graph()->GetConstant1());
2000 Push(Add<HLoadKeyed>(number_string_cache, value_index, nullptr,
2001 FAST_ELEMENTS, ALLOW_RETURN_HOLE));
2005 // Cache miss, fallback to runtime.
2006 Add<HPushArguments>(object);
2007 Push(Add<HCallRuntime>(
2008 isolate()->factory()->empty_string(),
2009 Runtime::FunctionForId(Runtime::kNumberToStringSkipCache),
2018 HAllocate* HGraphBuilder::BuildAllocate(
2019 HValue* object_size,
2021 InstanceType instance_type,
2022 HAllocationMode allocation_mode) {
2023 // Compute the effective allocation size.
2024 HValue* size = object_size;
2025 if (allocation_mode.CreateAllocationMementos()) {
2026 size = AddUncasted<HAdd>(size, Add<HConstant>(AllocationMemento::kSize));
2027 size->ClearFlag(HValue::kCanOverflow);
2030 // Perform the actual allocation.
2031 HAllocate* object = Add<HAllocate>(
2032 size, type, allocation_mode.GetPretenureMode(),
2033 instance_type, allocation_mode.feedback_site());
2035 // Setup the allocation memento.
2036 if (allocation_mode.CreateAllocationMementos()) {
2037 BuildCreateAllocationMemento(
2038 object, object_size, allocation_mode.current_site());
2045 HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
2046 HValue* right_length) {
2047 // Compute the combined string length and check against max string length.
2048 HValue* length = AddUncasted<HAdd>(left_length, right_length);
2049 // Check that length <= kMaxLength <=> length < MaxLength + 1.
2050 HValue* max_length = Add<HConstant>(String::kMaxLength + 1);
2051 Add<HBoundsCheck>(length, max_length);
2056 HValue* HGraphBuilder::BuildCreateConsString(
2060 HAllocationMode allocation_mode) {
2061 // Determine the string instance types.
2062 HInstruction* left_instance_type = AddLoadStringInstanceType(left);
2063 HInstruction* right_instance_type = AddLoadStringInstanceType(right);
2065 // Allocate the cons string object. HAllocate does not care whether we
2066 // pass CONS_STRING_TYPE or CONS_ONE_BYTE_STRING_TYPE here, so we just use
2067 // CONS_STRING_TYPE here. Below we decide whether the cons string is
2068 // one-byte or two-byte and set the appropriate map.
2069 DCHECK(HAllocate::CompatibleInstanceTypes(CONS_STRING_TYPE,
2070 CONS_ONE_BYTE_STRING_TYPE));
2071 HAllocate* result = BuildAllocate(Add<HConstant>(ConsString::kSize),
2072 HType::String(), CONS_STRING_TYPE,
2075 // Compute intersection and difference of instance types.
2076 HValue* anded_instance_types = AddUncasted<HBitwise>(
2077 Token::BIT_AND, left_instance_type, right_instance_type);
2078 HValue* xored_instance_types = AddUncasted<HBitwise>(
2079 Token::BIT_XOR, left_instance_type, right_instance_type);
2081 // We create a one-byte cons string if
2082 // 1. both strings are one-byte, or
2083 // 2. at least one of the strings is two-byte, but happens to contain only
2084 // one-byte characters.
2085 // To do this, we check
2086 // 1. if both strings are one-byte, or if the one-byte data hint is set in
2088 // 2. if one of the strings has the one-byte data hint set and the other
2089 // string is one-byte.
2090 IfBuilder if_onebyte(this);
2091 STATIC_ASSERT(kOneByteStringTag != 0);
2092 STATIC_ASSERT(kOneByteDataHintMask != 0);
2093 if_onebyte.If<HCompareNumericAndBranch>(
2094 AddUncasted<HBitwise>(
2095 Token::BIT_AND, anded_instance_types,
2096 Add<HConstant>(static_cast<int32_t>(
2097 kStringEncodingMask | kOneByteDataHintMask))),
2098 graph()->GetConstant0(), Token::NE);
2100 STATIC_ASSERT(kOneByteStringTag != 0 &&
2101 kOneByteDataHintTag != 0 &&
2102 kOneByteDataHintTag != kOneByteStringTag);
2103 if_onebyte.If<HCompareNumericAndBranch>(
2104 AddUncasted<HBitwise>(
2105 Token::BIT_AND, xored_instance_types,
2106 Add<HConstant>(static_cast<int32_t>(
2107 kOneByteStringTag | kOneByteDataHintTag))),
2108 Add<HConstant>(static_cast<int32_t>(
2109 kOneByteStringTag | kOneByteDataHintTag)), Token::EQ);
2112 // We can safely skip the write barrier for storing the map here.
2113 Add<HStoreNamedField>(
2114 result, HObjectAccess::ForMap(),
2115 Add<HConstant>(isolate()->factory()->cons_one_byte_string_map()));
2119 // We can safely skip the write barrier for storing the map here.
2120 Add<HStoreNamedField>(
2121 result, HObjectAccess::ForMap(),
2122 Add<HConstant>(isolate()->factory()->cons_string_map()));
2126 // Initialize the cons string fields.
2127 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2128 Add<HConstant>(String::kEmptyHashField));
2129 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2130 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringFirst(), left);
2131 Add<HStoreNamedField>(result, HObjectAccess::ForConsStringSecond(), right);
2133 // Count the native string addition.
2134 AddIncrementCounter(isolate()->counters()->string_add_native());
2140 void HGraphBuilder::BuildCopySeqStringChars(HValue* src,
2142 String::Encoding src_encoding,
2145 String::Encoding dst_encoding,
2147 DCHECK(dst_encoding != String::ONE_BYTE_ENCODING ||
2148 src_encoding == String::ONE_BYTE_ENCODING);
2149 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
2150 HValue* index = loop.BeginBody(graph()->GetConstant0(), length, Token::LT);
2152 HValue* src_index = AddUncasted<HAdd>(src_offset, index);
2154 AddUncasted<HSeqStringGetChar>(src_encoding, src, src_index);
2155 HValue* dst_index = AddUncasted<HAdd>(dst_offset, index);
2156 Add<HSeqStringSetChar>(dst_encoding, dst, dst_index, value);
2162 HValue* HGraphBuilder::BuildObjectSizeAlignment(
2163 HValue* unaligned_size, int header_size) {
2164 DCHECK((header_size & kObjectAlignmentMask) == 0);
2165 HValue* size = AddUncasted<HAdd>(
2166 unaligned_size, Add<HConstant>(static_cast<int32_t>(
2167 header_size + kObjectAlignmentMask)));
2168 size->ClearFlag(HValue::kCanOverflow);
2169 return AddUncasted<HBitwise>(
2170 Token::BIT_AND, size, Add<HConstant>(static_cast<int32_t>(
2171 ~kObjectAlignmentMask)));
2175 HValue* HGraphBuilder::BuildUncheckedStringAdd(
2178 HAllocationMode allocation_mode) {
2179 // Determine the string lengths.
2180 HValue* left_length = AddLoadStringLength(left);
2181 HValue* right_length = AddLoadStringLength(right);
2183 // Compute the combined string length.
2184 HValue* length = BuildAddStringLengths(left_length, right_length);
2186 // Do some manual constant folding here.
2187 if (left_length->IsConstant()) {
2188 HConstant* c_left_length = HConstant::cast(left_length);
2189 DCHECK_NE(0, c_left_length->Integer32Value());
2190 if (c_left_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2191 // The right string contains at least one character.
2192 return BuildCreateConsString(length, left, right, allocation_mode);
2194 } else if (right_length->IsConstant()) {
2195 HConstant* c_right_length = HConstant::cast(right_length);
2196 DCHECK_NE(0, c_right_length->Integer32Value());
2197 if (c_right_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2198 // The left string contains at least one character.
2199 return BuildCreateConsString(length, left, right, allocation_mode);
2203 // Check if we should create a cons string.
2204 IfBuilder if_createcons(this);
2205 if_createcons.If<HCompareNumericAndBranch>(
2206 length, Add<HConstant>(ConsString::kMinLength), Token::GTE);
2207 if_createcons.Then();
2209 // Create a cons string.
2210 Push(BuildCreateConsString(length, left, right, allocation_mode));
2212 if_createcons.Else();
2214 // Determine the string instance types.
2215 HValue* left_instance_type = AddLoadStringInstanceType(left);
2216 HValue* right_instance_type = AddLoadStringInstanceType(right);
2218 // Compute union and difference of instance types.
2219 HValue* ored_instance_types = AddUncasted<HBitwise>(
2220 Token::BIT_OR, left_instance_type, right_instance_type);
2221 HValue* xored_instance_types = AddUncasted<HBitwise>(
2222 Token::BIT_XOR, left_instance_type, right_instance_type);
2224 // Check if both strings have the same encoding and both are
2226 IfBuilder if_sameencodingandsequential(this);
2227 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2228 AddUncasted<HBitwise>(
2229 Token::BIT_AND, xored_instance_types,
2230 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2231 graph()->GetConstant0(), Token::EQ);
2232 if_sameencodingandsequential.And();
2233 STATIC_ASSERT(kSeqStringTag == 0);
2234 if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2235 AddUncasted<HBitwise>(
2236 Token::BIT_AND, ored_instance_types,
2237 Add<HConstant>(static_cast<int32_t>(kStringRepresentationMask))),
2238 graph()->GetConstant0(), Token::EQ);
2239 if_sameencodingandsequential.Then();
2241 HConstant* string_map =
2242 Add<HConstant>(isolate()->factory()->string_map());
2243 HConstant* one_byte_string_map =
2244 Add<HConstant>(isolate()->factory()->one_byte_string_map());
2246 // Determine map and size depending on whether result is one-byte string.
2247 IfBuilder if_onebyte(this);
2248 STATIC_ASSERT(kOneByteStringTag != 0);
2249 if_onebyte.If<HCompareNumericAndBranch>(
2250 AddUncasted<HBitwise>(
2251 Token::BIT_AND, ored_instance_types,
2252 Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2253 graph()->GetConstant0(), Token::NE);
2256 // Allocate sequential one-byte string object.
2258 Push(one_byte_string_map);
2262 // Allocate sequential two-byte string object.
2263 HValue* size = AddUncasted<HShl>(length, graph()->GetConstant1());
2264 size->ClearFlag(HValue::kCanOverflow);
2265 size->SetFlag(HValue::kUint32);
2270 HValue* map = Pop();
2272 // Calculate the number of bytes needed for the characters in the
2273 // string while observing object alignment.
2274 STATIC_ASSERT((SeqString::kHeaderSize & kObjectAlignmentMask) == 0);
2275 HValue* size = BuildObjectSizeAlignment(Pop(), SeqString::kHeaderSize);
2277 // Allocate the string object. HAllocate does not care whether we pass
2278 // STRING_TYPE or ONE_BYTE_STRING_TYPE here, so we just use STRING_TYPE.
2279 HAllocate* result = BuildAllocate(
2280 size, HType::String(), STRING_TYPE, allocation_mode);
2281 Add<HStoreNamedField>(result, HObjectAccess::ForMap(), map);
2283 // Initialize the string fields.
2284 Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2285 Add<HConstant>(String::kEmptyHashField));
2286 Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2288 // Copy characters to the result string.
2289 IfBuilder if_twobyte(this);
2290 if_twobyte.If<HCompareObjectEqAndBranch>(map, string_map);
2293 // Copy characters from the left string.
2294 BuildCopySeqStringChars(
2295 left, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2296 result, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2299 // Copy characters from the right string.
2300 BuildCopySeqStringChars(
2301 right, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2302 result, left_length, String::TWO_BYTE_ENCODING,
2307 // Copy characters from the left string.
2308 BuildCopySeqStringChars(
2309 left, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2310 result, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2313 // Copy characters from the right string.
2314 BuildCopySeqStringChars(
2315 right, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2316 result, left_length, String::ONE_BYTE_ENCODING,
2321 // Count the native string addition.
2322 AddIncrementCounter(isolate()->counters()->string_add_native());
2324 // Return the sequential string.
2327 if_sameencodingandsequential.Else();
2329 // Fallback to the runtime to add the two strings.
2330 Add<HPushArguments>(left, right);
2331 Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
2332 Runtime::FunctionForId(Runtime::kStringAddRT), 2));
2334 if_sameencodingandsequential.End();
2336 if_createcons.End();
2342 HValue* HGraphBuilder::BuildStringAdd(
2345 HAllocationMode allocation_mode) {
2346 NoObservableSideEffectsScope no_effects(this);
2348 // Determine string lengths.
2349 HValue* left_length = AddLoadStringLength(left);
2350 HValue* right_length = AddLoadStringLength(right);
2352 // Check if left string is empty.
2353 IfBuilder if_leftempty(this);
2354 if_leftempty.If<HCompareNumericAndBranch>(
2355 left_length, graph()->GetConstant0(), Token::EQ);
2356 if_leftempty.Then();
2358 // Count the native string addition.
2359 AddIncrementCounter(isolate()->counters()->string_add_native());
2361 // Just return the right string.
2364 if_leftempty.Else();
2366 // Check if right string is empty.
2367 IfBuilder if_rightempty(this);
2368 if_rightempty.If<HCompareNumericAndBranch>(
2369 right_length, graph()->GetConstant0(), Token::EQ);
2370 if_rightempty.Then();
2372 // Count the native string addition.
2373 AddIncrementCounter(isolate()->counters()->string_add_native());
2375 // Just return the left string.
2378 if_rightempty.Else();
2380 // Add the two non-empty strings.
2381 Push(BuildUncheckedStringAdd(left, right, allocation_mode));
2383 if_rightempty.End();
2391 HInstruction* HGraphBuilder::BuildUncheckedMonomorphicElementAccess(
2392 HValue* checked_object,
2396 ElementsKind elements_kind,
2397 PropertyAccessType access_type,
2398 LoadKeyedHoleMode load_mode,
2399 KeyedAccessStoreMode store_mode) {
2400 DCHECK(top_info()->IsStub() || checked_object->IsCompareMap() ||
2401 checked_object->IsCheckMaps());
2402 DCHECK((!IsExternalArrayElementsKind(elements_kind) &&
2403 !IsFixedTypedArrayElementsKind(elements_kind)) ||
2405 // No GVNFlag is necessary for ElementsKind if there is an explicit dependency
2406 // on a HElementsTransition instruction. The flag can also be removed if the
2407 // map to check has FAST_HOLEY_ELEMENTS, since there can be no further
2408 // ElementsKind transitions. Finally, the dependency can be removed for stores
2409 // for FAST_ELEMENTS, since a transition to HOLEY elements won't change the
2410 // generated store code.
2411 if ((elements_kind == FAST_HOLEY_ELEMENTS) ||
2412 (elements_kind == FAST_ELEMENTS && access_type == STORE)) {
2413 checked_object->ClearDependsOnFlag(kElementsKind);
2416 bool fast_smi_only_elements = IsFastSmiElementsKind(elements_kind);
2417 bool fast_elements = IsFastObjectElementsKind(elements_kind);
2418 HValue* elements = AddLoadElements(checked_object);
2419 if (access_type == STORE && (fast_elements || fast_smi_only_elements) &&
2420 store_mode != STORE_NO_TRANSITION_HANDLE_COW) {
2421 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2422 elements, isolate()->factory()->fixed_array_map());
2423 check_cow_map->ClearDependsOnFlag(kElementsKind);
2425 HInstruction* length = NULL;
2427 length = Add<HLoadNamedField>(
2428 checked_object->ActualValue(), checked_object,
2429 HObjectAccess::ForArrayLength(elements_kind));
2431 length = AddLoadFixedArrayLength(elements);
2433 length->set_type(HType::Smi());
2434 HValue* checked_key = NULL;
2435 if (IsExternalArrayElementsKind(elements_kind) ||
2436 IsFixedTypedArrayElementsKind(elements_kind)) {
2437 checked_object = Add<HCheckArrayBufferNotNeutered>(checked_object);
2439 HValue* backing_store;
2440 if (IsExternalArrayElementsKind(elements_kind)) {
2441 backing_store = Add<HLoadNamedField>(
2442 elements, nullptr, HObjectAccess::ForExternalArrayExternalPointer());
2444 backing_store = elements;
2446 if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
2447 NoObservableSideEffectsScope no_effects(this);
2448 IfBuilder length_checker(this);
2449 length_checker.If<HCompareNumericAndBranch>(key, length, Token::LT);
2450 length_checker.Then();
2451 IfBuilder negative_checker(this);
2452 HValue* bounds_check = negative_checker.If<HCompareNumericAndBranch>(
2453 key, graph()->GetConstant0(), Token::GTE);
2454 negative_checker.Then();
2455 HInstruction* result = AddElementAccess(
2456 backing_store, key, val, bounds_check, elements_kind, access_type);
2457 negative_checker.ElseDeopt(Deoptimizer::kNegativeKeyEncountered);
2458 negative_checker.End();
2459 length_checker.End();
2462 DCHECK(store_mode == STANDARD_STORE);
2463 checked_key = Add<HBoundsCheck>(key, length);
2464 return AddElementAccess(
2465 backing_store, checked_key, val,
2466 checked_object, elements_kind, access_type);
2469 DCHECK(fast_smi_only_elements ||
2471 IsFastDoubleElementsKind(elements_kind));
2473 // In case val is stored into a fast smi array, assure that the value is a smi
2474 // before manipulating the backing store. Otherwise the actual store may
2475 // deopt, leaving the backing store in an invalid state.
2476 if (access_type == STORE && IsFastSmiElementsKind(elements_kind) &&
2477 !val->type().IsSmi()) {
2478 val = AddUncasted<HForceRepresentation>(val, Representation::Smi());
2481 if (IsGrowStoreMode(store_mode)) {
2482 NoObservableSideEffectsScope no_effects(this);
2483 Representation representation = HStoreKeyed::RequiredValueRepresentation(
2484 elements_kind, STORE_TO_INITIALIZED_ENTRY);
2485 val = AddUncasted<HForceRepresentation>(val, representation);
2486 elements = BuildCheckForCapacityGrow(checked_object, elements,
2487 elements_kind, length, key,
2488 is_js_array, access_type);
2491 checked_key = Add<HBoundsCheck>(key, length);
2493 if (access_type == STORE && (fast_elements || fast_smi_only_elements)) {
2494 if (store_mode == STORE_NO_TRANSITION_HANDLE_COW) {
2495 NoObservableSideEffectsScope no_effects(this);
2496 elements = BuildCopyElementsOnWrite(checked_object, elements,
2497 elements_kind, length);
2499 HCheckMaps* check_cow_map = Add<HCheckMaps>(
2500 elements, isolate()->factory()->fixed_array_map());
2501 check_cow_map->ClearDependsOnFlag(kElementsKind);
2505 return AddElementAccess(elements, checked_key, val, checked_object,
2506 elements_kind, access_type, load_mode);
2510 HValue* HGraphBuilder::BuildAllocateArrayFromLength(
2511 JSArrayBuilder* array_builder,
2512 HValue* length_argument) {
2513 if (length_argument->IsConstant() &&
2514 HConstant::cast(length_argument)->HasSmiValue()) {
2515 int array_length = HConstant::cast(length_argument)->Integer32Value();
2516 if (array_length == 0) {
2517 return array_builder->AllocateEmptyArray();
2519 return array_builder->AllocateArray(length_argument,
2525 HValue* constant_zero = graph()->GetConstant0();
2526 HConstant* max_alloc_length =
2527 Add<HConstant>(JSObject::kInitialMaxFastElementArray);
2528 HInstruction* checked_length = Add<HBoundsCheck>(length_argument,
2530 IfBuilder if_builder(this);
2531 if_builder.If<HCompareNumericAndBranch>(checked_length, constant_zero,
2534 const int initial_capacity = JSArray::kPreallocatedArrayElements;
2535 HConstant* initial_capacity_node = Add<HConstant>(initial_capacity);
2536 Push(initial_capacity_node); // capacity
2537 Push(constant_zero); // length
2539 if (!(top_info()->IsStub()) &&
2540 IsFastPackedElementsKind(array_builder->kind())) {
2541 // We'll come back later with better (holey) feedback.
2543 Deoptimizer::kHoleyArrayDespitePackedElements_kindFeedback);
2545 Push(checked_length); // capacity
2546 Push(checked_length); // length
2550 // Figure out total size
2551 HValue* length = Pop();
2552 HValue* capacity = Pop();
2553 return array_builder->AllocateArray(capacity, max_alloc_length, length);
2557 HValue* HGraphBuilder::BuildCalculateElementsSize(ElementsKind kind,
2559 int elements_size = IsFastDoubleElementsKind(kind)
2563 HConstant* elements_size_value = Add<HConstant>(elements_size);
2565 HMul::NewImul(isolate(), zone(), context(), capacity->ActualValue(),
2566 elements_size_value);
2567 AddInstruction(mul);
2568 mul->ClearFlag(HValue::kCanOverflow);
2570 STATIC_ASSERT(FixedDoubleArray::kHeaderSize == FixedArray::kHeaderSize);
2572 HConstant* header_size = Add<HConstant>(FixedArray::kHeaderSize);
2573 HValue* total_size = AddUncasted<HAdd>(mul, header_size);
2574 total_size->ClearFlag(HValue::kCanOverflow);
2579 HAllocate* HGraphBuilder::AllocateJSArrayObject(AllocationSiteMode mode) {
2580 int base_size = JSArray::kSize;
2581 if (mode == TRACK_ALLOCATION_SITE) {
2582 base_size += AllocationMemento::kSize;
2584 HConstant* size_in_bytes = Add<HConstant>(base_size);
2585 return Add<HAllocate>(
2586 size_in_bytes, HType::JSArray(), NOT_TENURED, JS_OBJECT_TYPE);
2590 HConstant* HGraphBuilder::EstablishElementsAllocationSize(
2593 int base_size = IsFastDoubleElementsKind(kind)
2594 ? FixedDoubleArray::SizeFor(capacity)
2595 : FixedArray::SizeFor(capacity);
2597 return Add<HConstant>(base_size);
2601 HAllocate* HGraphBuilder::BuildAllocateElements(ElementsKind kind,
2602 HValue* size_in_bytes) {
2603 InstanceType instance_type = IsFastDoubleElementsKind(kind)
2604 ? FIXED_DOUBLE_ARRAY_TYPE
2607 return Add<HAllocate>(size_in_bytes, HType::HeapObject(), NOT_TENURED,
2612 void HGraphBuilder::BuildInitializeElementsHeader(HValue* elements,
2615 Factory* factory = isolate()->factory();
2616 Handle<Map> map = IsFastDoubleElementsKind(kind)
2617 ? factory->fixed_double_array_map()
2618 : factory->fixed_array_map();
2620 Add<HStoreNamedField>(elements, HObjectAccess::ForMap(), Add<HConstant>(map));
2621 Add<HStoreNamedField>(elements, HObjectAccess::ForFixedArrayLength(),
2626 HValue* HGraphBuilder::BuildAllocateAndInitializeArray(ElementsKind kind,
2628 // The HForceRepresentation is to prevent possible deopt on int-smi
2629 // conversion after allocation but before the new object fields are set.
2630 capacity = AddUncasted<HForceRepresentation>(capacity, Representation::Smi());
2631 HValue* size_in_bytes = BuildCalculateElementsSize(kind, capacity);
2632 HValue* new_array = BuildAllocateElements(kind, size_in_bytes);
2633 BuildInitializeElementsHeader(new_array, kind, capacity);
2638 void HGraphBuilder::BuildJSArrayHeader(HValue* array,
2641 AllocationSiteMode mode,
2642 ElementsKind elements_kind,
2643 HValue* allocation_site_payload,
2644 HValue* length_field) {
2645 Add<HStoreNamedField>(array, HObjectAccess::ForMap(), array_map);
2647 HConstant* empty_fixed_array =
2648 Add<HConstant>(isolate()->factory()->empty_fixed_array());
2650 Add<HStoreNamedField>(
2651 array, HObjectAccess::ForPropertiesPointer(), empty_fixed_array);
2653 Add<HStoreNamedField>(
2654 array, HObjectAccess::ForElementsPointer(),
2655 elements != NULL ? elements : empty_fixed_array);
2657 Add<HStoreNamedField>(
2658 array, HObjectAccess::ForArrayLength(elements_kind), length_field);
2660 if (mode == TRACK_ALLOCATION_SITE) {
2661 BuildCreateAllocationMemento(
2662 array, Add<HConstant>(JSArray::kSize), allocation_site_payload);
2667 HInstruction* HGraphBuilder::AddElementAccess(
2669 HValue* checked_key,
2672 ElementsKind elements_kind,
2673 PropertyAccessType access_type,
2674 LoadKeyedHoleMode load_mode) {
2675 if (access_type == STORE) {
2676 DCHECK(val != NULL);
2677 if (elements_kind == EXTERNAL_UINT8_CLAMPED_ELEMENTS ||
2678 elements_kind == UINT8_CLAMPED_ELEMENTS) {
2679 val = Add<HClampToUint8>(val);
2681 return Add<HStoreKeyed>(elements, checked_key, val, elements_kind,
2682 STORE_TO_INITIALIZED_ENTRY);
2685 DCHECK(access_type == LOAD);
2686 DCHECK(val == NULL);
2687 HLoadKeyed* load = Add<HLoadKeyed>(
2688 elements, checked_key, dependency, elements_kind, load_mode);
2689 if (elements_kind == EXTERNAL_UINT32_ELEMENTS ||
2690 elements_kind == UINT32_ELEMENTS) {
2691 graph()->RecordUint32Instruction(load);
2697 HLoadNamedField* HGraphBuilder::AddLoadMap(HValue* object,
2698 HValue* dependency) {
2699 return Add<HLoadNamedField>(object, dependency, HObjectAccess::ForMap());
2703 HLoadNamedField* HGraphBuilder::AddLoadElements(HValue* object,
2704 HValue* dependency) {
2705 return Add<HLoadNamedField>(
2706 object, dependency, HObjectAccess::ForElementsPointer());
2710 HLoadNamedField* HGraphBuilder::AddLoadFixedArrayLength(
2712 HValue* dependency) {
2713 return Add<HLoadNamedField>(
2714 array, dependency, HObjectAccess::ForFixedArrayLength());
2718 HLoadNamedField* HGraphBuilder::AddLoadArrayLength(HValue* array,
2720 HValue* dependency) {
2721 return Add<HLoadNamedField>(
2722 array, dependency, HObjectAccess::ForArrayLength(kind));
2726 HValue* HGraphBuilder::BuildNewElementsCapacity(HValue* old_capacity) {
2727 HValue* half_old_capacity = AddUncasted<HShr>(old_capacity,
2728 graph_->GetConstant1());
2730 HValue* new_capacity = AddUncasted<HAdd>(half_old_capacity, old_capacity);
2731 new_capacity->ClearFlag(HValue::kCanOverflow);
2733 HValue* min_growth = Add<HConstant>(16);
2735 new_capacity = AddUncasted<HAdd>(new_capacity, min_growth);
2736 new_capacity->ClearFlag(HValue::kCanOverflow);
2738 return new_capacity;
2742 HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
2745 ElementsKind new_kind,
2747 HValue* new_capacity) {
2748 Add<HBoundsCheck>(new_capacity, Add<HConstant>(
2749 (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
2750 ElementsKindToShiftSize(new_kind)));
2752 HValue* new_elements =
2753 BuildAllocateAndInitializeArray(new_kind, new_capacity);
2755 BuildCopyElements(elements, kind, new_elements,
2756 new_kind, length, new_capacity);
2758 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
2761 return new_elements;
2765 void HGraphBuilder::BuildFillElementsWithValue(HValue* elements,
2766 ElementsKind elements_kind,
2771 to = AddLoadFixedArrayLength(elements);
2774 // Special loop unfolding case
2775 STATIC_ASSERT(JSArray::kPreallocatedArrayElements <=
2776 kElementLoopUnrollThreshold);
2777 int initial_capacity = -1;
2778 if (from->IsInteger32Constant() && to->IsInteger32Constant()) {
2779 int constant_from = from->GetInteger32Constant();
2780 int constant_to = to->GetInteger32Constant();
2782 if (constant_from == 0 && constant_to <= kElementLoopUnrollThreshold) {
2783 initial_capacity = constant_to;
2787 if (initial_capacity >= 0) {
2788 for (int i = 0; i < initial_capacity; i++) {
2789 HInstruction* key = Add<HConstant>(i);
2790 Add<HStoreKeyed>(elements, key, value, elements_kind);
2793 // Carefully loop backwards so that the "from" remains live through the loop
2794 // rather than the to. This often corresponds to keeping length live rather
2795 // then capacity, which helps register allocation, since length is used more
2796 // other than capacity after filling with holes.
2797 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2799 HValue* key = builder.BeginBody(to, from, Token::GT);
2801 HValue* adjusted_key = AddUncasted<HSub>(key, graph()->GetConstant1());
2802 adjusted_key->ClearFlag(HValue::kCanOverflow);
2804 Add<HStoreKeyed>(elements, adjusted_key, value, elements_kind);
2811 void HGraphBuilder::BuildFillElementsWithHole(HValue* elements,
2812 ElementsKind elements_kind,
2815 // Fast elements kinds need to be initialized in case statements below cause a
2816 // garbage collection.
2818 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
2819 ? graph()->GetConstantHole()
2820 : Add<HConstant>(HConstant::kHoleNaN);
2822 // Since we're about to store a hole value, the store instruction below must
2823 // assume an elements kind that supports heap object values.
2824 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
2825 elements_kind = FAST_HOLEY_ELEMENTS;
2828 BuildFillElementsWithValue(elements, elements_kind, from, to, hole);
2832 void HGraphBuilder::BuildCopyProperties(HValue* from_properties,
2833 HValue* to_properties, HValue* length,
2835 ElementsKind kind = FAST_ELEMENTS;
2837 BuildFillElementsWithValue(to_properties, kind, length, capacity,
2838 graph()->GetConstantUndefined());
2840 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2842 HValue* key = builder.BeginBody(length, graph()->GetConstant0(), Token::GT);
2844 key = AddUncasted<HSub>(key, graph()->GetConstant1());
2845 key->ClearFlag(HValue::kCanOverflow);
2847 HValue* element = Add<HLoadKeyed>(from_properties, key, nullptr, kind);
2849 Add<HStoreKeyed>(to_properties, key, element, kind);
2855 void HGraphBuilder::BuildCopyElements(HValue* from_elements,
2856 ElementsKind from_elements_kind,
2857 HValue* to_elements,
2858 ElementsKind to_elements_kind,
2861 int constant_capacity = -1;
2862 if (capacity != NULL &&
2863 capacity->IsConstant() &&
2864 HConstant::cast(capacity)->HasInteger32Value()) {
2865 int constant_candidate = HConstant::cast(capacity)->Integer32Value();
2866 if (constant_candidate <= kElementLoopUnrollThreshold) {
2867 constant_capacity = constant_candidate;
2871 bool pre_fill_with_holes =
2872 IsFastDoubleElementsKind(from_elements_kind) &&
2873 IsFastObjectElementsKind(to_elements_kind);
2874 if (pre_fill_with_holes) {
2875 // If the copy might trigger a GC, make sure that the FixedArray is
2876 // pre-initialized with holes to make sure that it's always in a
2877 // consistent state.
2878 BuildFillElementsWithHole(to_elements, to_elements_kind,
2879 graph()->GetConstant0(), NULL);
2882 if (constant_capacity != -1) {
2883 // Unroll the loop for small elements kinds.
2884 for (int i = 0; i < constant_capacity; i++) {
2885 HValue* key_constant = Add<HConstant>(i);
2886 HInstruction* value = Add<HLoadKeyed>(from_elements, key_constant,
2887 nullptr, from_elements_kind);
2888 Add<HStoreKeyed>(to_elements, key_constant, value, to_elements_kind);
2891 if (!pre_fill_with_holes &&
2892 (capacity == NULL || !length->Equals(capacity))) {
2893 BuildFillElementsWithHole(to_elements, to_elements_kind,
2897 LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2899 HValue* key = builder.BeginBody(length, graph()->GetConstant0(),
2902 key = AddUncasted<HSub>(key, graph()->GetConstant1());
2903 key->ClearFlag(HValue::kCanOverflow);
2905 HValue* element = Add<HLoadKeyed>(from_elements, key, nullptr,
2906 from_elements_kind, ALLOW_RETURN_HOLE);
2908 ElementsKind kind = (IsHoleyElementsKind(from_elements_kind) &&
2909 IsFastSmiElementsKind(to_elements_kind))
2910 ? FAST_HOLEY_ELEMENTS : to_elements_kind;
2912 if (IsHoleyElementsKind(from_elements_kind) &&
2913 from_elements_kind != to_elements_kind) {
2914 IfBuilder if_hole(this);
2915 if_hole.If<HCompareHoleAndBranch>(element);
2917 HConstant* hole_constant = IsFastDoubleElementsKind(to_elements_kind)
2918 ? Add<HConstant>(HConstant::kHoleNaN)
2919 : graph()->GetConstantHole();
2920 Add<HStoreKeyed>(to_elements, key, hole_constant, kind);
2922 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
2923 store->SetFlag(HValue::kAllowUndefinedAsNaN);
2926 HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
2927 store->SetFlag(HValue::kAllowUndefinedAsNaN);
2933 Counters* counters = isolate()->counters();
2934 AddIncrementCounter(counters->inlined_copied_elements());
2938 HValue* HGraphBuilder::BuildCloneShallowArrayCow(HValue* boilerplate,
2939 HValue* allocation_site,
2940 AllocationSiteMode mode,
2941 ElementsKind kind) {
2942 HAllocate* array = AllocateJSArrayObject(mode);
2944 HValue* map = AddLoadMap(boilerplate);
2945 HValue* elements = AddLoadElements(boilerplate);
2946 HValue* length = AddLoadArrayLength(boilerplate, kind);
2948 BuildJSArrayHeader(array,
2959 HValue* HGraphBuilder::BuildCloneShallowArrayEmpty(HValue* boilerplate,
2960 HValue* allocation_site,
2961 AllocationSiteMode mode) {
2962 HAllocate* array = AllocateJSArrayObject(mode);
2964 HValue* map = AddLoadMap(boilerplate);
2966 BuildJSArrayHeader(array,
2968 NULL, // set elements to empty fixed array
2972 graph()->GetConstant0());
2977 HValue* HGraphBuilder::BuildCloneShallowArrayNonEmpty(HValue* boilerplate,
2978 HValue* allocation_site,
2979 AllocationSiteMode mode,
2980 ElementsKind kind) {
2981 HValue* boilerplate_elements = AddLoadElements(boilerplate);
2982 HValue* capacity = AddLoadFixedArrayLength(boilerplate_elements);
2984 // Generate size calculation code here in order to make it dominate
2985 // the JSArray allocation.
2986 HValue* elements_size = BuildCalculateElementsSize(kind, capacity);
2988 // Create empty JSArray object for now, store elimination should remove
2989 // redundant initialization of elements and length fields and at the same
2990 // time the object will be fully prepared for GC if it happens during
2991 // elements allocation.
2992 HValue* result = BuildCloneShallowArrayEmpty(
2993 boilerplate, allocation_site, mode);
2995 HAllocate* elements = BuildAllocateElements(kind, elements_size);
2997 // This function implicitly relies on the fact that the
2998 // FastCloneShallowArrayStub is called only for literals shorter than
2999 // JSObject::kInitialMaxFastElementArray.
3000 // Can't add HBoundsCheck here because otherwise the stub will eager a frame.
3001 HConstant* size_upper_bound = EstablishElementsAllocationSize(
3002 kind, JSObject::kInitialMaxFastElementArray);
3003 elements->set_size_upper_bound(size_upper_bound);
3005 Add<HStoreNamedField>(result, HObjectAccess::ForElementsPointer(), elements);
3007 // The allocation for the cloned array above causes register pressure on
3008 // machines with low register counts. Force a reload of the boilerplate
3009 // elements here to free up a register for the allocation to avoid unnecessary
3011 boilerplate_elements = AddLoadElements(boilerplate);
3012 boilerplate_elements->SetFlag(HValue::kCantBeReplaced);
3014 // Copy the elements array header.
3015 for (int i = 0; i < FixedArrayBase::kHeaderSize; i += kPointerSize) {
3016 HObjectAccess access = HObjectAccess::ForFixedArrayHeader(i);
3017 Add<HStoreNamedField>(
3019 Add<HLoadNamedField>(boilerplate_elements, nullptr, access));
3022 // And the result of the length
3023 HValue* length = AddLoadArrayLength(boilerplate, kind);
3024 Add<HStoreNamedField>(result, HObjectAccess::ForArrayLength(kind), length);
3026 BuildCopyElements(boilerplate_elements, kind, elements,
3027 kind, length, NULL);
3032 void HGraphBuilder::BuildCompareNil(HValue* value, Type* type,
3033 HIfContinuation* continuation,
3034 MapEmbedding map_embedding) {
3035 IfBuilder if_nil(this);
3036 bool some_case_handled = false;
3037 bool some_case_missing = false;
3039 if (type->Maybe(Type::Null())) {
3040 if (some_case_handled) if_nil.Or();
3041 if_nil.If<HCompareObjectEqAndBranch>(value, graph()->GetConstantNull());
3042 some_case_handled = true;
3044 some_case_missing = true;
3047 if (type->Maybe(Type::Undefined())) {
3048 if (some_case_handled) if_nil.Or();
3049 if_nil.If<HCompareObjectEqAndBranch>(value,
3050 graph()->GetConstantUndefined());
3051 some_case_handled = true;
3053 some_case_missing = true;
3056 if (type->Maybe(Type::Undetectable())) {
3057 if (some_case_handled) if_nil.Or();
3058 if_nil.If<HIsUndetectableAndBranch>(value);
3059 some_case_handled = true;
3061 some_case_missing = true;
3064 if (some_case_missing) {
3067 if (type->NumClasses() == 1) {
3068 BuildCheckHeapObject(value);
3069 // For ICs, the map checked below is a sentinel map that gets replaced by
3070 // the monomorphic map when the code is used as a template to generate a
3071 // new IC. For optimized functions, there is no sentinel map, the map
3072 // emitted below is the actual monomorphic map.
3073 if (map_embedding == kEmbedMapsViaWeakCells) {
3075 Add<HConstant>(Map::WeakCellForMap(type->Classes().Current()));
3076 HValue* expected_map = Add<HLoadNamedField>(
3077 cell, nullptr, HObjectAccess::ForWeakCellValue());
3079 Add<HLoadNamedField>(value, nullptr, HObjectAccess::ForMap());
3080 IfBuilder map_check(this);
3081 map_check.IfNot<HCompareObjectEqAndBranch>(expected_map, map);
3082 map_check.ThenDeopt(Deoptimizer::kUnknownMap);
3085 DCHECK(map_embedding == kEmbedMapsDirectly);
3086 Add<HCheckMaps>(value, type->Classes().Current());
3089 if_nil.Deopt(Deoptimizer::kTooManyUndetectableTypes);
3093 if_nil.CaptureContinuation(continuation);
3097 void HGraphBuilder::BuildCreateAllocationMemento(
3098 HValue* previous_object,
3099 HValue* previous_object_size,
3100 HValue* allocation_site) {
3101 DCHECK(allocation_site != NULL);
3102 HInnerAllocatedObject* allocation_memento = Add<HInnerAllocatedObject>(
3103 previous_object, previous_object_size, HType::HeapObject());
3104 AddStoreMapConstant(
3105 allocation_memento, isolate()->factory()->allocation_memento_map());
3106 Add<HStoreNamedField>(
3108 HObjectAccess::ForAllocationMementoSite(),
3110 if (FLAG_allocation_site_pretenuring) {
3111 HValue* memento_create_count =
3112 Add<HLoadNamedField>(allocation_site, nullptr,
3113 HObjectAccess::ForAllocationSiteOffset(
3114 AllocationSite::kPretenureCreateCountOffset));
3115 memento_create_count = AddUncasted<HAdd>(
3116 memento_create_count, graph()->GetConstant1());
3117 // This smi value is reset to zero after every gc, overflow isn't a problem
3118 // since the counter is bounded by the new space size.
3119 memento_create_count->ClearFlag(HValue::kCanOverflow);
3120 Add<HStoreNamedField>(
3121 allocation_site, HObjectAccess::ForAllocationSiteOffset(
3122 AllocationSite::kPretenureCreateCountOffset), memento_create_count);
3127 HInstruction* HGraphBuilder::BuildGetNativeContext(HValue* closure) {
3128 // Get the global object, then the native context
3129 HInstruction* context = Add<HLoadNamedField>(
3130 closure, nullptr, HObjectAccess::ForFunctionContextPointer());
3131 HInstruction* global_object = Add<HLoadNamedField>(
3133 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3134 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3135 GlobalObject::kNativeContextOffset);
3136 return Add<HLoadNamedField>(global_object, nullptr, access);
3140 HInstruction* HGraphBuilder::BuildGetScriptContext(int context_index) {
3141 HValue* native_context = BuildGetNativeContext();
3142 HValue* script_context_table = Add<HLoadNamedField>(
3143 native_context, nullptr,
3144 HObjectAccess::ForContextSlot(Context::SCRIPT_CONTEXT_TABLE_INDEX));
3145 return Add<HLoadNamedField>(script_context_table, nullptr,
3146 HObjectAccess::ForScriptContext(context_index));
3150 HInstruction* HGraphBuilder::BuildGetNativeContext() {
3151 // Get the global object, then the native context
3152 HValue* global_object = Add<HLoadNamedField>(
3154 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3155 return Add<HLoadNamedField>(global_object, nullptr,
3156 HObjectAccess::ForObservableJSObjectOffset(
3157 GlobalObject::kNativeContextOffset));
3161 HInstruction* HGraphBuilder::BuildGetArrayFunction() {
3162 HInstruction* native_context = BuildGetNativeContext();
3163 HInstruction* index =
3164 Add<HConstant>(static_cast<int32_t>(Context::ARRAY_FUNCTION_INDEX));
3165 return Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3169 HValue* HGraphBuilder::BuildArrayBufferViewFieldAccessor(HValue* object,
3170 HValue* checked_object,
3172 NoObservableSideEffectsScope scope(this);
3173 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3174 index.offset(), Representation::Tagged());
3175 HInstruction* buffer = Add<HLoadNamedField>(
3176 object, checked_object, HObjectAccess::ForJSArrayBufferViewBuffer());
3177 HInstruction* field = Add<HLoadNamedField>(object, checked_object, access);
3179 HInstruction* flags = Add<HLoadNamedField>(
3180 buffer, nullptr, HObjectAccess::ForJSArrayBufferBitField());
3181 HValue* was_neutered_mask =
3182 Add<HConstant>(1 << JSArrayBuffer::WasNeutered::kShift);
3183 HValue* was_neutered_test =
3184 AddUncasted<HBitwise>(Token::BIT_AND, flags, was_neutered_mask);
3186 IfBuilder if_was_neutered(this);
3187 if_was_neutered.If<HCompareNumericAndBranch>(
3188 was_neutered_test, graph()->GetConstant0(), Token::NE);
3189 if_was_neutered.Then();
3190 Push(graph()->GetConstant0());
3191 if_was_neutered.Else();
3193 if_was_neutered.End();
3199 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3201 HValue* allocation_site_payload,
3202 HValue* constructor_function,
3203 AllocationSiteOverrideMode override_mode) :
3206 allocation_site_payload_(allocation_site_payload),
3207 constructor_function_(constructor_function) {
3208 DCHECK(!allocation_site_payload->IsConstant() ||
3209 HConstant::cast(allocation_site_payload)->handle(
3210 builder_->isolate())->IsAllocationSite());
3211 mode_ = override_mode == DISABLE_ALLOCATION_SITES
3212 ? DONT_TRACK_ALLOCATION_SITE
3213 : AllocationSite::GetMode(kind);
3217 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3219 HValue* constructor_function) :
3222 mode_(DONT_TRACK_ALLOCATION_SITE),
3223 allocation_site_payload_(NULL),
3224 constructor_function_(constructor_function) {
3228 HValue* HGraphBuilder::JSArrayBuilder::EmitMapCode() {
3229 if (!builder()->top_info()->IsStub()) {
3230 // A constant map is fine.
3231 Handle<Map> map(builder()->isolate()->get_initial_js_array_map(kind_),
3232 builder()->isolate());
3233 return builder()->Add<HConstant>(map);
3236 if (constructor_function_ != NULL && kind_ == GetInitialFastElementsKind()) {
3237 // No need for a context lookup if the kind_ matches the initial
3238 // map, because we can just load the map in that case.
3239 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3240 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3244 // TODO(mvstanton): we should always have a constructor function if we
3245 // are creating a stub.
3246 HInstruction* native_context = constructor_function_ != NULL
3247 ? builder()->BuildGetNativeContext(constructor_function_)
3248 : builder()->BuildGetNativeContext();
3250 HInstruction* index = builder()->Add<HConstant>(
3251 static_cast<int32_t>(Context::JS_ARRAY_MAPS_INDEX));
3253 HInstruction* map_array =
3254 builder()->Add<HLoadKeyed>(native_context, index, nullptr, FAST_ELEMENTS);
3256 HInstruction* kind_index = builder()->Add<HConstant>(kind_);
3258 return builder()->Add<HLoadKeyed>(map_array, kind_index, nullptr,
3263 HValue* HGraphBuilder::JSArrayBuilder::EmitInternalMapCode() {
3264 // Find the map near the constructor function
3265 HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3266 return builder()->Add<HLoadNamedField>(constructor_function_, nullptr,
3271 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateEmptyArray() {
3272 HConstant* capacity = builder()->Add<HConstant>(initial_capacity());
3273 return AllocateArray(capacity,
3275 builder()->graph()->GetConstant0());
3279 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3281 HConstant* capacity_upper_bound,
3282 HValue* length_field,
3283 FillMode fill_mode) {
3284 return AllocateArray(capacity,
3285 capacity_upper_bound->GetInteger32Constant(),
3291 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3293 int capacity_upper_bound,
3294 HValue* length_field,
3295 FillMode fill_mode) {
3296 HConstant* elememts_size_upper_bound = capacity->IsInteger32Constant()
3297 ? HConstant::cast(capacity)
3298 : builder()->EstablishElementsAllocationSize(kind_, capacity_upper_bound);
3300 HAllocate* array = AllocateArray(capacity, length_field, fill_mode);
3301 if (!elements_location_->has_size_upper_bound()) {
3302 elements_location_->set_size_upper_bound(elememts_size_upper_bound);
3308 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3310 HValue* length_field,
3311 FillMode fill_mode) {
3312 // These HForceRepresentations are because we store these as fields in the
3313 // objects we construct, and an int32-to-smi HChange could deopt. Accept
3314 // the deopt possibility now, before allocation occurs.
3316 builder()->AddUncasted<HForceRepresentation>(capacity,
3317 Representation::Smi());
3319 builder()->AddUncasted<HForceRepresentation>(length_field,
3320 Representation::Smi());
3322 // Generate size calculation code here in order to make it dominate
3323 // the JSArray allocation.
3324 HValue* elements_size =
3325 builder()->BuildCalculateElementsSize(kind_, capacity);
3327 // Allocate (dealing with failure appropriately)
3328 HAllocate* array_object = builder()->AllocateJSArrayObject(mode_);
3330 // Fill in the fields: map, properties, length
3332 if (allocation_site_payload_ == NULL) {
3333 map = EmitInternalMapCode();
3335 map = EmitMapCode();
3338 builder()->BuildJSArrayHeader(array_object,
3340 NULL, // set elements to empty fixed array
3343 allocation_site_payload_,
3346 // Allocate and initialize the elements
3347 elements_location_ = builder()->BuildAllocateElements(kind_, elements_size);
3349 builder()->BuildInitializeElementsHeader(elements_location_, kind_, capacity);
3352 builder()->Add<HStoreNamedField>(
3353 array_object, HObjectAccess::ForElementsPointer(), elements_location_);
3355 if (fill_mode == FILL_WITH_HOLE) {
3356 builder()->BuildFillElementsWithHole(elements_location_, kind_,
3357 graph()->GetConstant0(), capacity);
3360 return array_object;
3364 HValue* HGraphBuilder::AddLoadJSBuiltin(Builtins::JavaScript builtin) {
3365 HValue* global_object = Add<HLoadNamedField>(
3367 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3368 HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3369 GlobalObject::kBuiltinsOffset);
3370 HValue* builtins = Add<HLoadNamedField>(global_object, nullptr, access);
3371 HObjectAccess function_access = HObjectAccess::ForObservableJSObjectOffset(
3372 JSBuiltinsObject::OffsetOfFunctionWithId(builtin));
3373 return Add<HLoadNamedField>(builtins, nullptr, function_access);
3377 HOptimizedGraphBuilder::HOptimizedGraphBuilder(CompilationInfo* info)
3378 : HGraphBuilder(info),
3379 function_state_(NULL),
3380 initial_function_state_(this, info, NORMAL_RETURN, 0),
3384 globals_(10, info->zone()),
3385 osr_(new(info->zone()) HOsrBuilder(this)) {
3386 // This is not initialized in the initializer list because the
3387 // constructor for the initial state relies on function_state_ == NULL
3388 // to know it's the initial state.
3389 function_state_ = &initial_function_state_;
3390 InitializeAstVisitor(info->isolate(), info->zone());
3391 if (top_info()->is_tracking_positions()) {
3392 SetSourcePosition(info->shared_info()->start_position());
3397 HBasicBlock* HOptimizedGraphBuilder::CreateJoin(HBasicBlock* first,
3398 HBasicBlock* second,
3399 BailoutId join_id) {
3400 if (first == NULL) {
3402 } else if (second == NULL) {
3405 HBasicBlock* join_block = graph()->CreateBasicBlock();
3406 Goto(first, join_block);
3407 Goto(second, join_block);
3408 join_block->SetJoinId(join_id);
3414 HBasicBlock* HOptimizedGraphBuilder::JoinContinue(IterationStatement* statement,
3415 HBasicBlock* exit_block,
3416 HBasicBlock* continue_block) {
3417 if (continue_block != NULL) {
3418 if (exit_block != NULL) Goto(exit_block, continue_block);
3419 continue_block->SetJoinId(statement->ContinueId());
3420 return continue_block;
3426 HBasicBlock* HOptimizedGraphBuilder::CreateLoop(IterationStatement* statement,
3427 HBasicBlock* loop_entry,
3428 HBasicBlock* body_exit,
3429 HBasicBlock* loop_successor,
3430 HBasicBlock* break_block) {
3431 if (body_exit != NULL) Goto(body_exit, loop_entry);
3432 loop_entry->PostProcessLoopHeader(statement);
3433 if (break_block != NULL) {
3434 if (loop_successor != NULL) Goto(loop_successor, break_block);
3435 break_block->SetJoinId(statement->ExitId());
3438 return loop_successor;
3442 // Build a new loop header block and set it as the current block.
3443 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry() {
3444 HBasicBlock* loop_entry = CreateLoopHeaderBlock();
3446 set_current_block(loop_entry);
3451 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry(
3452 IterationStatement* statement) {
3453 HBasicBlock* loop_entry = osr()->HasOsrEntryAt(statement)
3454 ? osr()->BuildOsrLoopEntry(statement)
3460 void HBasicBlock::FinishExit(HControlInstruction* instruction,
3461 SourcePosition position) {
3462 Finish(instruction, position);
3467 std::ostream& operator<<(std::ostream& os, const HBasicBlock& b) {
3468 return os << "B" << b.block_id();
3472 HGraph::HGraph(CompilationInfo* info)
3473 : isolate_(info->isolate()),
3476 blocks_(8, info->zone()),
3477 values_(16, info->zone()),
3479 uint32_instructions_(NULL),
3482 zone_(info->zone()),
3483 is_recursive_(false),
3484 use_optimistic_licm_(false),
3485 depends_on_empty_array_proto_elements_(false),
3486 type_change_checksum_(0),
3487 maximum_environment_size_(0),
3488 no_side_effects_scope_count_(0),
3489 disallow_adding_new_values_(false) {
3490 if (info->IsStub()) {
3491 CallInterfaceDescriptor descriptor =
3492 info->code_stub()->GetCallInterfaceDescriptor();
3493 start_environment_ = new (zone_)
3494 HEnvironment(zone_, descriptor.GetEnvironmentParameterCount());
3496 if (info->is_tracking_positions()) {
3497 info->TraceInlinedFunction(info->shared_info(), SourcePosition::Unknown(),
3498 InlinedFunctionInfo::kNoParentId);
3500 start_environment_ =
3501 new(zone_) HEnvironment(NULL, info->scope(), info->closure(), zone_);
3503 start_environment_->set_ast_id(BailoutId::FunctionEntry());
3504 entry_block_ = CreateBasicBlock();
3505 entry_block_->SetInitialEnvironment(start_environment_);
3509 HBasicBlock* HGraph::CreateBasicBlock() {
3510 HBasicBlock* result = new(zone()) HBasicBlock(this);
3511 blocks_.Add(result, zone());
3516 void HGraph::FinalizeUniqueness() {
3517 DisallowHeapAllocation no_gc;
3518 for (int i = 0; i < blocks()->length(); ++i) {
3519 for (HInstructionIterator it(blocks()->at(i)); !it.Done(); it.Advance()) {
3520 it.Current()->FinalizeUniqueness();
3526 int HGraph::SourcePositionToScriptPosition(SourcePosition pos) {
3527 return (FLAG_hydrogen_track_positions && !pos.IsUnknown())
3528 ? info()->start_position_for(pos.inlining_id()) + pos.position()
3533 // Block ordering was implemented with two mutually recursive methods,
3534 // HGraph::Postorder and HGraph::PostorderLoopBlocks.
3535 // The recursion could lead to stack overflow so the algorithm has been
3536 // implemented iteratively.
3537 // At a high level the algorithm looks like this:
3539 // Postorder(block, loop_header) : {
3540 // if (block has already been visited or is of another loop) return;
3541 // mark block as visited;
3542 // if (block is a loop header) {
3543 // VisitLoopMembers(block, loop_header);
3544 // VisitSuccessorsOfLoopHeader(block);
3546 // VisitSuccessors(block)
3548 // put block in result list;
3551 // VisitLoopMembers(block, outer_loop_header) {
3552 // foreach (block b in block loop members) {
3553 // VisitSuccessorsOfLoopMember(b, outer_loop_header);
3554 // if (b is loop header) VisitLoopMembers(b);
3558 // VisitSuccessorsOfLoopMember(block, outer_loop_header) {
3559 // foreach (block b in block successors) Postorder(b, outer_loop_header)
3562 // VisitSuccessorsOfLoopHeader(block) {
3563 // foreach (block b in block successors) Postorder(b, block)
3566 // VisitSuccessors(block, loop_header) {
3567 // foreach (block b in block successors) Postorder(b, loop_header)
3570 // The ordering is started calling Postorder(entry, NULL).
3572 // Each instance of PostorderProcessor represents the "stack frame" of the
3573 // recursion, and particularly keeps the state of the loop (iteration) of the
3574 // "Visit..." function it represents.
3575 // To recycle memory we keep all the frames in a double linked list but
3576 // this means that we cannot use constructors to initialize the frames.
3578 class PostorderProcessor : public ZoneObject {
3580 // Back link (towards the stack bottom).
3581 PostorderProcessor* parent() {return father_; }
3582 // Forward link (towards the stack top).
3583 PostorderProcessor* child() {return child_; }
3584 HBasicBlock* block() { return block_; }
3585 HLoopInformation* loop() { return loop_; }
3586 HBasicBlock* loop_header() { return loop_header_; }
3588 static PostorderProcessor* CreateEntryProcessor(Zone* zone,
3589 HBasicBlock* block) {
3590 PostorderProcessor* result = new(zone) PostorderProcessor(NULL);
3591 return result->SetupSuccessors(zone, block, NULL);
3594 PostorderProcessor* PerformStep(Zone* zone,
3595 ZoneList<HBasicBlock*>* order) {
3596 PostorderProcessor* next =
3597 PerformNonBacktrackingStep(zone, order);
3601 return Backtrack(zone, order);
3606 explicit PostorderProcessor(PostorderProcessor* father)
3607 : father_(father), child_(NULL), successor_iterator(NULL) { }
3609 // Each enum value states the cycle whose state is kept by this instance.
3613 SUCCESSORS_OF_LOOP_HEADER,
3615 SUCCESSORS_OF_LOOP_MEMBER
3618 // Each "Setup..." method is like a constructor for a cycle state.
3619 PostorderProcessor* SetupSuccessors(Zone* zone,
3621 HBasicBlock* loop_header) {
3622 if (block == NULL || block->IsOrdered() ||
3623 block->parent_loop_header() != loop_header) {
3627 loop_header_ = NULL;
3632 block->MarkAsOrdered();
3634 if (block->IsLoopHeader()) {
3635 kind_ = SUCCESSORS_OF_LOOP_HEADER;
3636 loop_header_ = block;
3637 InitializeSuccessors();
3638 PostorderProcessor* result = Push(zone);
3639 return result->SetupLoopMembers(zone, block, block->loop_information(),
3642 DCHECK(block->IsFinished());
3644 loop_header_ = loop_header;
3645 InitializeSuccessors();
3651 PostorderProcessor* SetupLoopMembers(Zone* zone,
3653 HLoopInformation* loop,
3654 HBasicBlock* loop_header) {
3655 kind_ = LOOP_MEMBERS;
3658 loop_header_ = loop_header;
3659 InitializeLoopMembers();
3663 PostorderProcessor* SetupSuccessorsOfLoopMember(
3665 HLoopInformation* loop,
3666 HBasicBlock* loop_header) {
3667 kind_ = SUCCESSORS_OF_LOOP_MEMBER;
3670 loop_header_ = loop_header;
3671 InitializeSuccessors();
3675 // This method "allocates" a new stack frame.
3676 PostorderProcessor* Push(Zone* zone) {
3677 if (child_ == NULL) {
3678 child_ = new(zone) PostorderProcessor(this);
3683 void ClosePostorder(ZoneList<HBasicBlock*>* order, Zone* zone) {
3684 DCHECK(block_->end()->FirstSuccessor() == NULL ||
3685 order->Contains(block_->end()->FirstSuccessor()) ||
3686 block_->end()->FirstSuccessor()->IsLoopHeader());
3687 DCHECK(block_->end()->SecondSuccessor() == NULL ||
3688 order->Contains(block_->end()->SecondSuccessor()) ||
3689 block_->end()->SecondSuccessor()->IsLoopHeader());
3690 order->Add(block_, zone);
3693 // This method is the basic block to walk up the stack.
3694 PostorderProcessor* Pop(Zone* zone,
3695 ZoneList<HBasicBlock*>* order) {
3698 case SUCCESSORS_OF_LOOP_HEADER:
3699 ClosePostorder(order, zone);
3703 case SUCCESSORS_OF_LOOP_MEMBER:
3704 if (block()->IsLoopHeader() && block() != loop_->loop_header()) {
3705 // In this case we need to perform a LOOP_MEMBERS cycle so we
3706 // initialize it and return this instead of father.
3707 return SetupLoopMembers(zone, block(),
3708 block()->loop_information(), loop_header_);
3719 // Walks up the stack.
3720 PostorderProcessor* Backtrack(Zone* zone,
3721 ZoneList<HBasicBlock*>* order) {
3722 PostorderProcessor* parent = Pop(zone, order);
3723 while (parent != NULL) {
3724 PostorderProcessor* next =
3725 parent->PerformNonBacktrackingStep(zone, order);
3729 parent = parent->Pop(zone, order);
3735 PostorderProcessor* PerformNonBacktrackingStep(
3737 ZoneList<HBasicBlock*>* order) {
3738 HBasicBlock* next_block;
3741 next_block = AdvanceSuccessors();
3742 if (next_block != NULL) {
3743 PostorderProcessor* result = Push(zone);
3744 return result->SetupSuccessors(zone, next_block, loop_header_);
3747 case SUCCESSORS_OF_LOOP_HEADER:
3748 next_block = AdvanceSuccessors();
3749 if (next_block != NULL) {
3750 PostorderProcessor* result = Push(zone);
3751 return result->SetupSuccessors(zone, next_block, block());
3755 next_block = AdvanceLoopMembers();
3756 if (next_block != NULL) {
3757 PostorderProcessor* result = Push(zone);
3758 return result->SetupSuccessorsOfLoopMember(next_block,
3759 loop_, loop_header_);
3762 case SUCCESSORS_OF_LOOP_MEMBER:
3763 next_block = AdvanceSuccessors();
3764 if (next_block != NULL) {
3765 PostorderProcessor* result = Push(zone);
3766 return result->SetupSuccessors(zone, next_block, loop_header_);
3775 // The following two methods implement a "foreach b in successors" cycle.
3776 void InitializeSuccessors() {
3779 successor_iterator = HSuccessorIterator(block_->end());
3782 HBasicBlock* AdvanceSuccessors() {
3783 if (!successor_iterator.Done()) {
3784 HBasicBlock* result = successor_iterator.Current();
3785 successor_iterator.Advance();
3791 // The following two methods implement a "foreach b in loop members" cycle.
3792 void InitializeLoopMembers() {
3794 loop_length = loop_->blocks()->length();
3797 HBasicBlock* AdvanceLoopMembers() {
3798 if (loop_index < loop_length) {
3799 HBasicBlock* result = loop_->blocks()->at(loop_index);
3808 PostorderProcessor* father_;
3809 PostorderProcessor* child_;
3810 HLoopInformation* loop_;
3811 HBasicBlock* block_;
3812 HBasicBlock* loop_header_;
3815 HSuccessorIterator successor_iterator;
3819 void HGraph::OrderBlocks() {
3820 CompilationPhase phase("H_Block ordering", info());
3823 // Initially the blocks must not be ordered.
3824 for (int i = 0; i < blocks_.length(); ++i) {
3825 DCHECK(!blocks_[i]->IsOrdered());
3829 PostorderProcessor* postorder =
3830 PostorderProcessor::CreateEntryProcessor(zone(), blocks_[0]);
3833 postorder = postorder->PerformStep(zone(), &blocks_);
3837 // Now all blocks must be marked as ordered.
3838 for (int i = 0; i < blocks_.length(); ++i) {
3839 DCHECK(blocks_[i]->IsOrdered());
3843 // Reverse block list and assign block IDs.
3844 for (int i = 0, j = blocks_.length(); --j >= i; ++i) {
3845 HBasicBlock* bi = blocks_[i];
3846 HBasicBlock* bj = blocks_[j];
3847 bi->set_block_id(j);
3848 bj->set_block_id(i);
3855 void HGraph::AssignDominators() {
3856 HPhase phase("H_Assign dominators", this);
3857 for (int i = 0; i < blocks_.length(); ++i) {
3858 HBasicBlock* block = blocks_[i];
3859 if (block->IsLoopHeader()) {
3860 // Only the first predecessor of a loop header is from outside the loop.
3861 // All others are back edges, and thus cannot dominate the loop header.
3862 block->AssignCommonDominator(block->predecessors()->first());
3863 block->AssignLoopSuccessorDominators();
3865 for (int j = blocks_[i]->predecessors()->length() - 1; j >= 0; --j) {
3866 blocks_[i]->AssignCommonDominator(blocks_[i]->predecessors()->at(j));
3873 bool HGraph::CheckArgumentsPhiUses() {
3874 int block_count = blocks_.length();
3875 for (int i = 0; i < block_count; ++i) {
3876 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3877 HPhi* phi = blocks_[i]->phis()->at(j);
3878 // We don't support phi uses of arguments for now.
3879 if (phi->CheckFlag(HValue::kIsArguments)) return false;
3886 bool HGraph::CheckConstPhiUses() {
3887 int block_count = blocks_.length();
3888 for (int i = 0; i < block_count; ++i) {
3889 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3890 HPhi* phi = blocks_[i]->phis()->at(j);
3891 // Check for the hole value (from an uninitialized const).
3892 for (int k = 0; k < phi->OperandCount(); k++) {
3893 if (phi->OperandAt(k) == GetConstantHole()) return false;
3901 void HGraph::CollectPhis() {
3902 int block_count = blocks_.length();
3903 phi_list_ = new(zone()) ZoneList<HPhi*>(block_count, zone());
3904 for (int i = 0; i < block_count; ++i) {
3905 for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3906 HPhi* phi = blocks_[i]->phis()->at(j);
3907 phi_list_->Add(phi, zone());
3913 // Implementation of utility class to encapsulate the translation state for
3914 // a (possibly inlined) function.
3915 FunctionState::FunctionState(HOptimizedGraphBuilder* owner,
3916 CompilationInfo* info, InliningKind inlining_kind,
3919 compilation_info_(info),
3920 call_context_(NULL),
3921 inlining_kind_(inlining_kind),
3922 function_return_(NULL),
3923 test_context_(NULL),
3925 arguments_object_(NULL),
3926 arguments_elements_(NULL),
3927 inlining_id_(inlining_id),
3928 outer_source_position_(SourcePosition::Unknown()),
3929 outer_(owner->function_state()) {
3930 if (outer_ != NULL) {
3931 // State for an inline function.
3932 if (owner->ast_context()->IsTest()) {
3933 HBasicBlock* if_true = owner->graph()->CreateBasicBlock();
3934 HBasicBlock* if_false = owner->graph()->CreateBasicBlock();
3935 if_true->MarkAsInlineReturnTarget(owner->current_block());
3936 if_false->MarkAsInlineReturnTarget(owner->current_block());
3937 TestContext* outer_test_context = TestContext::cast(owner->ast_context());
3938 Expression* cond = outer_test_context->condition();
3939 // The AstContext constructor pushed on the context stack. This newed
3940 // instance is the reason that AstContext can't be BASE_EMBEDDED.
3941 test_context_ = new TestContext(owner, cond, if_true, if_false);
3943 function_return_ = owner->graph()->CreateBasicBlock();
3944 function_return()->MarkAsInlineReturnTarget(owner->current_block());
3946 // Set this after possibly allocating a new TestContext above.
3947 call_context_ = owner->ast_context();
3950 // Push on the state stack.
3951 owner->set_function_state(this);
3953 if (compilation_info_->is_tracking_positions()) {
3954 outer_source_position_ = owner->source_position();
3955 owner->EnterInlinedSource(
3956 info->shared_info()->start_position(),
3958 owner->SetSourcePosition(info->shared_info()->start_position());
3963 FunctionState::~FunctionState() {
3964 delete test_context_;
3965 owner_->set_function_state(outer_);
3967 if (compilation_info_->is_tracking_positions()) {
3968 owner_->set_source_position(outer_source_position_);
3969 owner_->EnterInlinedSource(
3970 outer_->compilation_info()->shared_info()->start_position(),
3971 outer_->inlining_id());
3976 // Implementation of utility classes to represent an expression's context in
3978 AstContext::AstContext(HOptimizedGraphBuilder* owner, Expression::Context kind)
3981 outer_(owner->ast_context()),
3982 for_typeof_(false) {
3983 owner->set_ast_context(this); // Push.
3985 DCHECK(owner->environment()->frame_type() == JS_FUNCTION);
3986 original_length_ = owner->environment()->length();
3991 AstContext::~AstContext() {
3992 owner_->set_ast_context(outer_); // Pop.
3996 EffectContext::~EffectContext() {
3997 DCHECK(owner()->HasStackOverflow() ||
3998 owner()->current_block() == NULL ||
3999 (owner()->environment()->length() == original_length_ &&
4000 owner()->environment()->frame_type() == JS_FUNCTION));
4004 ValueContext::~ValueContext() {
4005 DCHECK(owner()->HasStackOverflow() ||
4006 owner()->current_block() == NULL ||
4007 (owner()->environment()->length() == original_length_ + 1 &&
4008 owner()->environment()->frame_type() == JS_FUNCTION));
4012 void EffectContext::ReturnValue(HValue* value) {
4013 // The value is simply ignored.
4017 void ValueContext::ReturnValue(HValue* value) {
4018 // The value is tracked in the bailout environment, and communicated
4019 // through the environment as the result of the expression.
4020 if (value->CheckFlag(HValue::kIsArguments)) {
4021 if (flag_ == ARGUMENTS_FAKED) {
4022 value = owner()->graph()->GetConstantUndefined();
4023 } else if (!arguments_allowed()) {
4024 owner()->Bailout(kBadValueContextForArgumentsValue);
4027 owner()->Push(value);
4031 void TestContext::ReturnValue(HValue* value) {
4036 void EffectContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4037 DCHECK(!instr->IsControlInstruction());
4038 owner()->AddInstruction(instr);
4039 if (instr->HasObservableSideEffects()) {
4040 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4045 void EffectContext::ReturnControl(HControlInstruction* instr,
4047 DCHECK(!instr->HasObservableSideEffects());
4048 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4049 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4050 instr->SetSuccessorAt(0, empty_true);
4051 instr->SetSuccessorAt(1, empty_false);
4052 owner()->FinishCurrentBlock(instr);
4053 HBasicBlock* join = owner()->CreateJoin(empty_true, empty_false, ast_id);
4054 owner()->set_current_block(join);
4058 void EffectContext::ReturnContinuation(HIfContinuation* continuation,
4060 HBasicBlock* true_branch = NULL;
4061 HBasicBlock* false_branch = NULL;
4062 continuation->Continue(&true_branch, &false_branch);
4063 if (!continuation->IsTrueReachable()) {
4064 owner()->set_current_block(false_branch);
4065 } else if (!continuation->IsFalseReachable()) {
4066 owner()->set_current_block(true_branch);
4068 HBasicBlock* join = owner()->CreateJoin(true_branch, false_branch, ast_id);
4069 owner()->set_current_block(join);
4074 void ValueContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4075 DCHECK(!instr->IsControlInstruction());
4076 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4077 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4079 owner()->AddInstruction(instr);
4080 owner()->Push(instr);
4081 if (instr->HasObservableSideEffects()) {
4082 owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4087 void ValueContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4088 DCHECK(!instr->HasObservableSideEffects());
4089 if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4090 return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4092 HBasicBlock* materialize_false = owner()->graph()->CreateBasicBlock();
4093 HBasicBlock* materialize_true = owner()->graph()->CreateBasicBlock();
4094 instr->SetSuccessorAt(0, materialize_true);
4095 instr->SetSuccessorAt(1, materialize_false);
4096 owner()->FinishCurrentBlock(instr);
4097 owner()->set_current_block(materialize_true);
4098 owner()->Push(owner()->graph()->GetConstantTrue());
4099 owner()->set_current_block(materialize_false);
4100 owner()->Push(owner()->graph()->GetConstantFalse());
4102 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4103 owner()->set_current_block(join);
4107 void ValueContext::ReturnContinuation(HIfContinuation* continuation,
4109 HBasicBlock* materialize_true = NULL;
4110 HBasicBlock* materialize_false = NULL;
4111 continuation->Continue(&materialize_true, &materialize_false);
4112 if (continuation->IsTrueReachable()) {
4113 owner()->set_current_block(materialize_true);
4114 owner()->Push(owner()->graph()->GetConstantTrue());
4115 owner()->set_current_block(materialize_true);
4117 if (continuation->IsFalseReachable()) {
4118 owner()->set_current_block(materialize_false);
4119 owner()->Push(owner()->graph()->GetConstantFalse());
4120 owner()->set_current_block(materialize_false);
4122 if (continuation->TrueAndFalseReachable()) {
4124 owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4125 owner()->set_current_block(join);
4130 void TestContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4131 DCHECK(!instr->IsControlInstruction());
4132 HOptimizedGraphBuilder* builder = owner();
4133 builder->AddInstruction(instr);
4134 // We expect a simulate after every expression with side effects, though
4135 // this one isn't actually needed (and wouldn't work if it were targeted).
4136 if (instr->HasObservableSideEffects()) {
4137 builder->Push(instr);
4138 builder->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4145 void TestContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4146 DCHECK(!instr->HasObservableSideEffects());
4147 HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4148 HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4149 instr->SetSuccessorAt(0, empty_true);
4150 instr->SetSuccessorAt(1, empty_false);
4151 owner()->FinishCurrentBlock(instr);
4152 owner()->Goto(empty_true, if_true(), owner()->function_state());
4153 owner()->Goto(empty_false, if_false(), owner()->function_state());
4154 owner()->set_current_block(NULL);
4158 void TestContext::ReturnContinuation(HIfContinuation* continuation,
4160 HBasicBlock* true_branch = NULL;
4161 HBasicBlock* false_branch = NULL;
4162 continuation->Continue(&true_branch, &false_branch);
4163 if (continuation->IsTrueReachable()) {
4164 owner()->Goto(true_branch, if_true(), owner()->function_state());
4166 if (continuation->IsFalseReachable()) {
4167 owner()->Goto(false_branch, if_false(), owner()->function_state());
4169 owner()->set_current_block(NULL);
4173 void TestContext::BuildBranch(HValue* value) {
4174 // We expect the graph to be in edge-split form: there is no edge that
4175 // connects a branch node to a join node. We conservatively ensure that
4176 // property by always adding an empty block on the outgoing edges of this
4178 HOptimizedGraphBuilder* builder = owner();
4179 if (value != NULL && value->CheckFlag(HValue::kIsArguments)) {
4180 builder->Bailout(kArgumentsObjectValueInATestContext);
4182 ToBooleanStub::Types expected(condition()->to_boolean_types());
4183 ReturnControl(owner()->New<HBranch>(value, expected), BailoutId::None());
4187 // HOptimizedGraphBuilder infrastructure for bailing out and checking bailouts.
4188 #define CHECK_BAILOUT(call) \
4191 if (HasStackOverflow()) return; \
4195 #define CHECK_ALIVE(call) \
4198 if (HasStackOverflow() || current_block() == NULL) return; \
4202 #define CHECK_ALIVE_OR_RETURN(call, value) \
4205 if (HasStackOverflow() || current_block() == NULL) return value; \
4209 void HOptimizedGraphBuilder::Bailout(BailoutReason reason) {
4210 current_info()->AbortOptimization(reason);
4215 void HOptimizedGraphBuilder::VisitForEffect(Expression* expr) {
4216 EffectContext for_effect(this);
4221 void HOptimizedGraphBuilder::VisitForValue(Expression* expr,
4222 ArgumentsAllowedFlag flag) {
4223 ValueContext for_value(this, flag);
4228 void HOptimizedGraphBuilder::VisitForTypeOf(Expression* expr) {
4229 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
4230 for_value.set_for_typeof(true);
4235 void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
4236 HBasicBlock* true_block,
4237 HBasicBlock* false_block) {
4238 TestContext for_test(this, expr, true_block, false_block);
4243 void HOptimizedGraphBuilder::VisitExpressions(
4244 ZoneList<Expression*>* exprs) {
4245 for (int i = 0; i < exprs->length(); ++i) {
4246 CHECK_ALIVE(VisitForValue(exprs->at(i)));
4251 void HOptimizedGraphBuilder::VisitExpressions(ZoneList<Expression*>* exprs,
4252 ArgumentsAllowedFlag flag) {
4253 for (int i = 0; i < exprs->length(); ++i) {
4254 CHECK_ALIVE(VisitForValue(exprs->at(i), flag));
4259 bool HOptimizedGraphBuilder::BuildGraph() {
4260 if (IsSubclassConstructor(current_info()->function()->kind())) {
4261 Bailout(kSuperReference);
4265 int slots = current_info()->num_heap_slots() - Context::MIN_CONTEXT_SLOTS;
4266 if (current_info()->scope()->is_script_scope() && slots > 0) {
4267 Bailout(kScriptContext);
4271 Scope* scope = current_info()->scope();
4274 // Add an edge to the body entry. This is warty: the graph's start
4275 // environment will be used by the Lithium translation as the initial
4276 // environment on graph entry, but it has now been mutated by the
4277 // Hydrogen translation of the instructions in the start block. This
4278 // environment uses values which have not been defined yet. These
4279 // Hydrogen instructions will then be replayed by the Lithium
4280 // translation, so they cannot have an environment effect. The edge to
4281 // the body's entry block (along with some special logic for the start
4282 // block in HInstruction::InsertAfter) seals the start block from
4283 // getting unwanted instructions inserted.
4285 // TODO(kmillikin): Fix this. Stop mutating the initial environment.
4286 // Make the Hydrogen instructions in the initial block into Hydrogen
4287 // values (but not instructions), present in the initial environment and
4288 // not replayed by the Lithium translation.
4289 HEnvironment* initial_env = environment()->CopyWithoutHistory();
4290 HBasicBlock* body_entry = CreateBasicBlock(initial_env);
4292 body_entry->SetJoinId(BailoutId::FunctionEntry());
4293 set_current_block(body_entry);
4295 // Handle implicit declaration of the function name in named function
4296 // expressions before other declarations.
4297 if (scope->is_function_scope() && scope->function() != NULL) {
4298 VisitVariableDeclaration(scope->function());
4300 VisitDeclarations(scope->declarations());
4301 Add<HSimulate>(BailoutId::Declarations());
4303 Add<HStackCheck>(HStackCheck::kFunctionEntry);
4305 VisitStatements(current_info()->function()->body());
4306 if (HasStackOverflow()) return false;
4308 if (current_block() != NULL) {
4309 Add<HReturn>(graph()->GetConstantUndefined());
4310 set_current_block(NULL);
4313 // If the checksum of the number of type info changes is the same as the
4314 // last time this function was compiled, then this recompile is likely not
4315 // due to missing/inadequate type feedback, but rather too aggressive
4316 // optimization. Disable optimistic LICM in that case.
4317 Handle<Code> unoptimized_code(current_info()->shared_info()->code());
4318 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
4319 Handle<TypeFeedbackInfo> type_info(
4320 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
4321 int checksum = type_info->own_type_change_checksum();
4322 int composite_checksum = graph()->update_type_change_checksum(checksum);
4323 graph()->set_use_optimistic_licm(
4324 !type_info->matches_inlined_type_change_checksum(composite_checksum));
4325 type_info->set_inlined_type_change_checksum(composite_checksum);
4327 // Perform any necessary OSR-specific cleanups or changes to the graph.
4328 osr()->FinishGraph();
4334 bool HGraph::Optimize(BailoutReason* bailout_reason) {
4338 // We need to create a HConstant "zero" now so that GVN will fold every
4339 // zero-valued constant in the graph together.
4340 // The constant is needed to make idef-based bounds check work: the pass
4341 // evaluates relations with "zero" and that zero cannot be created after GVN.
4345 // Do a full verify after building the graph and computing dominators.
4349 if (FLAG_analyze_environment_liveness && maximum_environment_size() != 0) {
4350 Run<HEnvironmentLivenessAnalysisPhase>();
4353 if (!CheckConstPhiUses()) {
4354 *bailout_reason = kUnsupportedPhiUseOfConstVariable;
4357 Run<HRedundantPhiEliminationPhase>();
4358 if (!CheckArgumentsPhiUses()) {
4359 *bailout_reason = kUnsupportedPhiUseOfArguments;
4363 // Find and mark unreachable code to simplify optimizations, especially gvn,
4364 // where unreachable code could unnecessarily defeat LICM.
4365 Run<HMarkUnreachableBlocksPhase>();
4367 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4368 if (FLAG_use_escape_analysis) Run<HEscapeAnalysisPhase>();
4370 if (FLAG_load_elimination) Run<HLoadEliminationPhase>();
4374 if (has_osr()) osr()->FinishOsrValues();
4376 Run<HInferRepresentationPhase>();
4378 // Remove HSimulate instructions that have turned out not to be needed
4379 // after all by folding them into the following HSimulate.
4380 // This must happen after inferring representations.
4381 Run<HMergeRemovableSimulatesPhase>();
4383 Run<HMarkDeoptimizeOnUndefinedPhase>();
4384 Run<HRepresentationChangesPhase>();
4386 Run<HInferTypesPhase>();
4388 // Must be performed before canonicalization to ensure that Canonicalize
4389 // will not remove semantically meaningful ToInt32 operations e.g. BIT_OR with
4391 Run<HUint32AnalysisPhase>();
4393 if (FLAG_use_canonicalizing) Run<HCanonicalizePhase>();
4395 if (FLAG_use_gvn) Run<HGlobalValueNumberingPhase>();
4397 if (FLAG_check_elimination) Run<HCheckEliminationPhase>();
4399 if (FLAG_store_elimination) Run<HStoreEliminationPhase>();
4401 Run<HRangeAnalysisPhase>();
4403 Run<HComputeChangeUndefinedToNaN>();
4405 // Eliminate redundant stack checks on backwards branches.
4406 Run<HStackCheckEliminationPhase>();
4408 if (FLAG_array_bounds_checks_elimination) Run<HBoundsCheckEliminationPhase>();
4409 if (FLAG_array_bounds_checks_hoisting) Run<HBoundsCheckHoistingPhase>();
4410 if (FLAG_array_index_dehoisting) Run<HDehoistIndexComputationsPhase>();
4411 if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4413 RestoreActualValues();
4415 // Find unreachable code a second time, GVN and other optimizations may have
4416 // made blocks unreachable that were previously reachable.
4417 Run<HMarkUnreachableBlocksPhase>();
4423 void HGraph::RestoreActualValues() {
4424 HPhase phase("H_Restore actual values", this);
4426 for (int block_index = 0; block_index < blocks()->length(); block_index++) {
4427 HBasicBlock* block = blocks()->at(block_index);
4430 for (int i = 0; i < block->phis()->length(); i++) {
4431 HPhi* phi = block->phis()->at(i);
4432 DCHECK(phi->ActualValue() == phi);
4436 for (HInstructionIterator it(block); !it.Done(); it.Advance()) {
4437 HInstruction* instruction = it.Current();
4438 if (instruction->ActualValue() == instruction) continue;
4439 if (instruction->CheckFlag(HValue::kIsDead)) {
4440 // The instruction was marked as deleted but left in the graph
4441 // as a control flow dependency point for subsequent
4443 instruction->DeleteAndReplaceWith(instruction->ActualValue());
4445 DCHECK(instruction->IsInformativeDefinition());
4446 if (instruction->IsPurelyInformativeDefinition()) {
4447 instruction->DeleteAndReplaceWith(instruction->RedefinedOperand());
4449 instruction->ReplaceAllUsesWith(instruction->ActualValue());
4457 void HOptimizedGraphBuilder::PushArgumentsFromEnvironment(int count) {
4458 ZoneList<HValue*> arguments(count, zone());
4459 for (int i = 0; i < count; ++i) {
4460 arguments.Add(Pop(), zone());
4463 HPushArguments* push_args = New<HPushArguments>();
4464 while (!arguments.is_empty()) {
4465 push_args->AddInput(arguments.RemoveLast());
4467 AddInstruction(push_args);
4471 template <class Instruction>
4472 HInstruction* HOptimizedGraphBuilder::PreProcessCall(Instruction* call) {
4473 PushArgumentsFromEnvironment(call->argument_count());
4478 void HOptimizedGraphBuilder::SetUpScope(Scope* scope) {
4479 // First special is HContext.
4480 HInstruction* context = Add<HContext>();
4481 environment()->BindContext(context);
4483 // Create an arguments object containing the initial parameters. Set the
4484 // initial values of parameters including "this" having parameter index 0.
4485 DCHECK_EQ(scope->num_parameters() + 1, environment()->parameter_count());
4486 HArgumentsObject* arguments_object =
4487 New<HArgumentsObject>(environment()->parameter_count());
4488 for (int i = 0; i < environment()->parameter_count(); ++i) {
4489 HInstruction* parameter = Add<HParameter>(i);
4490 arguments_object->AddArgument(parameter, zone());
4491 environment()->Bind(i, parameter);
4493 AddInstruction(arguments_object);
4494 graph()->SetArgumentsObject(arguments_object);
4496 HConstant* undefined_constant = graph()->GetConstantUndefined();
4497 // Initialize specials and locals to undefined.
4498 for (int i = environment()->parameter_count() + 1;
4499 i < environment()->length();
4501 environment()->Bind(i, undefined_constant);
4504 // Handle the arguments and arguments shadow variables specially (they do
4505 // not have declarations).
4506 if (scope->arguments() != NULL) {
4507 environment()->Bind(scope->arguments(),
4508 graph()->GetArgumentsObject());
4512 Variable* rest = scope->rest_parameter(&rest_index);
4514 return Bailout(kRestParameter);
4517 if (scope->this_function_var() != nullptr ||
4518 scope->new_target_var() != nullptr) {
4519 return Bailout(kSuperReference);
4524 void HOptimizedGraphBuilder::VisitStatements(ZoneList<Statement*>* statements) {
4525 for (int i = 0; i < statements->length(); i++) {
4526 Statement* stmt = statements->at(i);
4527 CHECK_ALIVE(Visit(stmt));
4528 if (stmt->IsJump()) break;
4533 void HOptimizedGraphBuilder::VisitBlock(Block* stmt) {
4534 DCHECK(!HasStackOverflow());
4535 DCHECK(current_block() != NULL);
4536 DCHECK(current_block()->HasPredecessor());
4538 Scope* outer_scope = scope();
4539 Scope* scope = stmt->scope();
4540 BreakAndContinueInfo break_info(stmt, outer_scope);
4542 { BreakAndContinueScope push(&break_info, this);
4543 if (scope != NULL) {
4544 if (scope->ContextLocalCount() > 0) {
4545 // Load the function object.
4546 Scope* declaration_scope = scope->DeclarationScope();
4547 HInstruction* function;
4548 HValue* outer_context = environment()->context();
4549 if (declaration_scope->is_script_scope() ||
4550 declaration_scope->is_eval_scope()) {
4551 function = new (zone())
4552 HLoadContextSlot(outer_context, Context::CLOSURE_INDEX,
4553 HLoadContextSlot::kNoCheck);
4555 function = New<HThisFunction>();
4557 AddInstruction(function);
4558 // Allocate a block context and store it to the stack frame.
4559 HInstruction* inner_context = Add<HAllocateBlockContext>(
4560 outer_context, function, scope->GetScopeInfo(isolate()));
4561 HInstruction* instr = Add<HStoreFrameContext>(inner_context);
4563 environment()->BindContext(inner_context);
4564 if (instr->HasObservableSideEffects()) {
4565 AddSimulate(stmt->EntryId(), REMOVABLE_SIMULATE);
4568 VisitDeclarations(scope->declarations());
4569 AddSimulate(stmt->DeclsId(), REMOVABLE_SIMULATE);
4571 CHECK_BAILOUT(VisitStatements(stmt->statements()));
4573 set_scope(outer_scope);
4574 if (scope != NULL && current_block() != NULL &&
4575 scope->ContextLocalCount() > 0) {
4576 HValue* inner_context = environment()->context();
4577 HValue* outer_context = Add<HLoadNamedField>(
4578 inner_context, nullptr,
4579 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4581 HInstruction* instr = Add<HStoreFrameContext>(outer_context);
4582 environment()->BindContext(outer_context);
4583 if (instr->HasObservableSideEffects()) {
4584 AddSimulate(stmt->ExitId(), REMOVABLE_SIMULATE);
4587 HBasicBlock* break_block = break_info.break_block();
4588 if (break_block != NULL) {
4589 if (current_block() != NULL) Goto(break_block);
4590 break_block->SetJoinId(stmt->ExitId());
4591 set_current_block(break_block);
4596 void HOptimizedGraphBuilder::VisitExpressionStatement(
4597 ExpressionStatement* stmt) {
4598 DCHECK(!HasStackOverflow());
4599 DCHECK(current_block() != NULL);
4600 DCHECK(current_block()->HasPredecessor());
4601 VisitForEffect(stmt->expression());
4605 void HOptimizedGraphBuilder::VisitEmptyStatement(EmptyStatement* stmt) {
4606 DCHECK(!HasStackOverflow());
4607 DCHECK(current_block() != NULL);
4608 DCHECK(current_block()->HasPredecessor());
4612 void HOptimizedGraphBuilder::VisitIfStatement(IfStatement* stmt) {
4613 DCHECK(!HasStackOverflow());
4614 DCHECK(current_block() != NULL);
4615 DCHECK(current_block()->HasPredecessor());
4616 if (stmt->condition()->ToBooleanIsTrue()) {
4617 Add<HSimulate>(stmt->ThenId());
4618 Visit(stmt->then_statement());
4619 } else if (stmt->condition()->ToBooleanIsFalse()) {
4620 Add<HSimulate>(stmt->ElseId());
4621 Visit(stmt->else_statement());
4623 HBasicBlock* cond_true = graph()->CreateBasicBlock();
4624 HBasicBlock* cond_false = graph()->CreateBasicBlock();
4625 CHECK_BAILOUT(VisitForControl(stmt->condition(), cond_true, cond_false));
4627 if (cond_true->HasPredecessor()) {
4628 cond_true->SetJoinId(stmt->ThenId());
4629 set_current_block(cond_true);
4630 CHECK_BAILOUT(Visit(stmt->then_statement()));
4631 cond_true = current_block();
4636 if (cond_false->HasPredecessor()) {
4637 cond_false->SetJoinId(stmt->ElseId());
4638 set_current_block(cond_false);
4639 CHECK_BAILOUT(Visit(stmt->else_statement()));
4640 cond_false = current_block();
4645 HBasicBlock* join = CreateJoin(cond_true, cond_false, stmt->IfId());
4646 set_current_block(join);
4651 HBasicBlock* HOptimizedGraphBuilder::BreakAndContinueScope::Get(
4652 BreakableStatement* stmt,
4657 BreakAndContinueScope* current = this;
4658 while (current != NULL && current->info()->target() != stmt) {
4659 *drop_extra += current->info()->drop_extra();
4660 current = current->next();
4662 DCHECK(current != NULL); // Always found (unless stack is malformed).
4663 *scope = current->info()->scope();
4665 if (type == BREAK) {
4666 *drop_extra += current->info()->drop_extra();
4669 HBasicBlock* block = NULL;
4672 block = current->info()->break_block();
4673 if (block == NULL) {
4674 block = current->owner()->graph()->CreateBasicBlock();
4675 current->info()->set_break_block(block);
4680 block = current->info()->continue_block();
4681 if (block == NULL) {
4682 block = current->owner()->graph()->CreateBasicBlock();
4683 current->info()->set_continue_block(block);
4692 void HOptimizedGraphBuilder::VisitContinueStatement(
4693 ContinueStatement* stmt) {
4694 DCHECK(!HasStackOverflow());
4695 DCHECK(current_block() != NULL);
4696 DCHECK(current_block()->HasPredecessor());
4697 Scope* outer_scope = NULL;
4698 Scope* inner_scope = scope();
4700 HBasicBlock* continue_block = break_scope()->Get(
4701 stmt->target(), BreakAndContinueScope::CONTINUE,
4702 &outer_scope, &drop_extra);
4703 HValue* context = environment()->context();
4705 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4706 if (context_pop_count > 0) {
4707 while (context_pop_count-- > 0) {
4708 HInstruction* context_instruction = Add<HLoadNamedField>(
4710 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4711 context = context_instruction;
4713 HInstruction* instr = Add<HStoreFrameContext>(context);
4714 if (instr->HasObservableSideEffects()) {
4715 AddSimulate(stmt->target()->EntryId(), REMOVABLE_SIMULATE);
4717 environment()->BindContext(context);
4720 Goto(continue_block);
4721 set_current_block(NULL);
4725 void HOptimizedGraphBuilder::VisitBreakStatement(BreakStatement* stmt) {
4726 DCHECK(!HasStackOverflow());
4727 DCHECK(current_block() != NULL);
4728 DCHECK(current_block()->HasPredecessor());
4729 Scope* outer_scope = NULL;
4730 Scope* inner_scope = scope();
4732 HBasicBlock* break_block = break_scope()->Get(
4733 stmt->target(), BreakAndContinueScope::BREAK,
4734 &outer_scope, &drop_extra);
4735 HValue* context = environment()->context();
4737 int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4738 if (context_pop_count > 0) {
4739 while (context_pop_count-- > 0) {
4740 HInstruction* context_instruction = Add<HLoadNamedField>(
4742 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4743 context = context_instruction;
4745 HInstruction* instr = Add<HStoreFrameContext>(context);
4746 if (instr->HasObservableSideEffects()) {
4747 AddSimulate(stmt->target()->ExitId(), REMOVABLE_SIMULATE);
4749 environment()->BindContext(context);
4752 set_current_block(NULL);
4756 void HOptimizedGraphBuilder::VisitReturnStatement(ReturnStatement* stmt) {
4757 DCHECK(!HasStackOverflow());
4758 DCHECK(current_block() != NULL);
4759 DCHECK(current_block()->HasPredecessor());
4760 FunctionState* state = function_state();
4761 AstContext* context = call_context();
4762 if (context == NULL) {
4763 // Not an inlined return, so an actual one.
4764 CHECK_ALIVE(VisitForValue(stmt->expression()));
4765 HValue* result = environment()->Pop();
4766 Add<HReturn>(result);
4767 } else if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
4768 // Return from an inlined construct call. In a test context the return value
4769 // will always evaluate to true, in a value context the return value needs
4770 // to be a JSObject.
4771 if (context->IsTest()) {
4772 TestContext* test = TestContext::cast(context);
4773 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4774 Goto(test->if_true(), state);
4775 } else if (context->IsEffect()) {
4776 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4777 Goto(function_return(), state);
4779 DCHECK(context->IsValue());
4780 CHECK_ALIVE(VisitForValue(stmt->expression()));
4781 HValue* return_value = Pop();
4782 HValue* receiver = environment()->arguments_environment()->Lookup(0);
4783 HHasInstanceTypeAndBranch* typecheck =
4784 New<HHasInstanceTypeAndBranch>(return_value,
4785 FIRST_SPEC_OBJECT_TYPE,
4786 LAST_SPEC_OBJECT_TYPE);
4787 HBasicBlock* if_spec_object = graph()->CreateBasicBlock();
4788 HBasicBlock* not_spec_object = graph()->CreateBasicBlock();
4789 typecheck->SetSuccessorAt(0, if_spec_object);
4790 typecheck->SetSuccessorAt(1, not_spec_object);
4791 FinishCurrentBlock(typecheck);
4792 AddLeaveInlined(if_spec_object, return_value, state);
4793 AddLeaveInlined(not_spec_object, receiver, state);
4795 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
4796 // Return from an inlined setter call. The returned value is never used, the
4797 // value of an assignment is always the value of the RHS of the assignment.
4798 CHECK_ALIVE(VisitForEffect(stmt->expression()));
4799 if (context->IsTest()) {
4800 HValue* rhs = environment()->arguments_environment()->Lookup(1);
4801 context->ReturnValue(rhs);
4802 } else if (context->IsEffect()) {
4803 Goto(function_return(), state);
4805 DCHECK(context->IsValue());
4806 HValue* rhs = environment()->arguments_environment()->Lookup(1);
4807 AddLeaveInlined(rhs, state);
4810 // Return from a normal inlined function. Visit the subexpression in the
4811 // expression context of the call.
4812 if (context->IsTest()) {
4813 TestContext* test = TestContext::cast(context);
4814 VisitForControl(stmt->expression(), test->if_true(), test->if_false());
4815 } else if (context->IsEffect()) {
4816 // Visit in value context and ignore the result. This is needed to keep
4817 // environment in sync with full-codegen since some visitors (e.g.
4818 // VisitCountOperation) use the operand stack differently depending on
4820 CHECK_ALIVE(VisitForValue(stmt->expression()));
4822 Goto(function_return(), state);
4824 DCHECK(context->IsValue());
4825 CHECK_ALIVE(VisitForValue(stmt->expression()));
4826 AddLeaveInlined(Pop(), state);
4829 set_current_block(NULL);
4833 void HOptimizedGraphBuilder::VisitWithStatement(WithStatement* stmt) {
4834 DCHECK(!HasStackOverflow());
4835 DCHECK(current_block() != NULL);
4836 DCHECK(current_block()->HasPredecessor());
4837 return Bailout(kWithStatement);
4841 void HOptimizedGraphBuilder::VisitSwitchStatement(SwitchStatement* stmt) {
4842 DCHECK(!HasStackOverflow());
4843 DCHECK(current_block() != NULL);
4844 DCHECK(current_block()->HasPredecessor());
4846 ZoneList<CaseClause*>* clauses = stmt->cases();
4847 int clause_count = clauses->length();
4848 ZoneList<HBasicBlock*> body_blocks(clause_count, zone());
4850 CHECK_ALIVE(VisitForValue(stmt->tag()));
4851 Add<HSimulate>(stmt->EntryId());
4852 HValue* tag_value = Top();
4853 Type* tag_type = stmt->tag()->bounds().lower;
4855 // 1. Build all the tests, with dangling true branches
4856 BailoutId default_id = BailoutId::None();
4857 for (int i = 0; i < clause_count; ++i) {
4858 CaseClause* clause = clauses->at(i);
4859 if (clause->is_default()) {
4860 body_blocks.Add(NULL, zone());
4861 if (default_id.IsNone()) default_id = clause->EntryId();
4865 // Generate a compare and branch.
4866 CHECK_ALIVE(VisitForValue(clause->label()));
4867 HValue* label_value = Pop();
4869 Type* label_type = clause->label()->bounds().lower;
4870 Type* combined_type = clause->compare_type();
4871 HControlInstruction* compare = BuildCompareInstruction(
4872 Token::EQ_STRICT, tag_value, label_value, tag_type, label_type,
4874 ScriptPositionToSourcePosition(stmt->tag()->position()),
4875 ScriptPositionToSourcePosition(clause->label()->position()),
4876 PUSH_BEFORE_SIMULATE, clause->id());
4878 HBasicBlock* next_test_block = graph()->CreateBasicBlock();
4879 HBasicBlock* body_block = graph()->CreateBasicBlock();
4880 body_blocks.Add(body_block, zone());
4881 compare->SetSuccessorAt(0, body_block);
4882 compare->SetSuccessorAt(1, next_test_block);
4883 FinishCurrentBlock(compare);
4885 set_current_block(body_block);
4886 Drop(1); // tag_value
4888 set_current_block(next_test_block);
4891 // Save the current block to use for the default or to join with the
4893 HBasicBlock* last_block = current_block();
4894 Drop(1); // tag_value
4896 // 2. Loop over the clauses and the linked list of tests in lockstep,
4897 // translating the clause bodies.
4898 HBasicBlock* fall_through_block = NULL;
4900 BreakAndContinueInfo break_info(stmt, scope());
4901 { BreakAndContinueScope push(&break_info, this);
4902 for (int i = 0; i < clause_count; ++i) {
4903 CaseClause* clause = clauses->at(i);
4905 // Identify the block where normal (non-fall-through) control flow
4907 HBasicBlock* normal_block = NULL;
4908 if (clause->is_default()) {
4909 if (last_block == NULL) continue;
4910 normal_block = last_block;
4911 last_block = NULL; // Cleared to indicate we've handled it.
4913 normal_block = body_blocks[i];
4916 if (fall_through_block == NULL) {
4917 set_current_block(normal_block);
4919 HBasicBlock* join = CreateJoin(fall_through_block,
4922 set_current_block(join);
4925 CHECK_BAILOUT(VisitStatements(clause->statements()));
4926 fall_through_block = current_block();
4930 // Create an up-to-3-way join. Use the break block if it exists since
4931 // it's already a join block.
4932 HBasicBlock* break_block = break_info.break_block();
4933 if (break_block == NULL) {
4934 set_current_block(CreateJoin(fall_through_block,
4938 if (fall_through_block != NULL) Goto(fall_through_block, break_block);
4939 if (last_block != NULL) Goto(last_block, break_block);
4940 break_block->SetJoinId(stmt->ExitId());
4941 set_current_block(break_block);
4946 void HOptimizedGraphBuilder::VisitLoopBody(IterationStatement* stmt,
4947 HBasicBlock* loop_entry) {
4948 Add<HSimulate>(stmt->StackCheckId());
4949 HStackCheck* stack_check =
4950 HStackCheck::cast(Add<HStackCheck>(HStackCheck::kBackwardsBranch));
4951 DCHECK(loop_entry->IsLoopHeader());
4952 loop_entry->loop_information()->set_stack_check(stack_check);
4953 CHECK_BAILOUT(Visit(stmt->body()));
4957 void HOptimizedGraphBuilder::VisitDoWhileStatement(DoWhileStatement* stmt) {
4958 DCHECK(!HasStackOverflow());
4959 DCHECK(current_block() != NULL);
4960 DCHECK(current_block()->HasPredecessor());
4961 DCHECK(current_block() != NULL);
4962 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
4964 BreakAndContinueInfo break_info(stmt, scope());
4966 BreakAndContinueScope push(&break_info, this);
4967 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
4969 HBasicBlock* body_exit =
4970 JoinContinue(stmt, current_block(), break_info.continue_block());
4971 HBasicBlock* loop_successor = NULL;
4972 if (body_exit != NULL && !stmt->cond()->ToBooleanIsTrue()) {
4973 set_current_block(body_exit);
4974 loop_successor = graph()->CreateBasicBlock();
4975 if (stmt->cond()->ToBooleanIsFalse()) {
4976 loop_entry->loop_information()->stack_check()->Eliminate();
4977 Goto(loop_successor);
4980 // The block for a true condition, the actual predecessor block of the
4982 body_exit = graph()->CreateBasicBlock();
4983 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_exit, loop_successor));
4985 if (body_exit != NULL && body_exit->HasPredecessor()) {
4986 body_exit->SetJoinId(stmt->BackEdgeId());
4990 if (loop_successor->HasPredecessor()) {
4991 loop_successor->SetJoinId(stmt->ExitId());
4993 loop_successor = NULL;
4996 HBasicBlock* loop_exit = CreateLoop(stmt,
5000 break_info.break_block());
5001 set_current_block(loop_exit);
5005 void HOptimizedGraphBuilder::VisitWhileStatement(WhileStatement* stmt) {
5006 DCHECK(!HasStackOverflow());
5007 DCHECK(current_block() != NULL);
5008 DCHECK(current_block()->HasPredecessor());
5009 DCHECK(current_block() != NULL);
5010 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5012 // If the condition is constant true, do not generate a branch.
5013 HBasicBlock* loop_successor = NULL;
5014 if (!stmt->cond()->ToBooleanIsTrue()) {
5015 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5016 loop_successor = graph()->CreateBasicBlock();
5017 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5018 if (body_entry->HasPredecessor()) {
5019 body_entry->SetJoinId(stmt->BodyId());
5020 set_current_block(body_entry);
5022 if (loop_successor->HasPredecessor()) {
5023 loop_successor->SetJoinId(stmt->ExitId());
5025 loop_successor = NULL;
5029 BreakAndContinueInfo break_info(stmt, scope());
5030 if (current_block() != NULL) {
5031 BreakAndContinueScope push(&break_info, this);
5032 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5034 HBasicBlock* body_exit =
5035 JoinContinue(stmt, current_block(), break_info.continue_block());
5036 HBasicBlock* loop_exit = CreateLoop(stmt,
5040 break_info.break_block());
5041 set_current_block(loop_exit);
5045 void HOptimizedGraphBuilder::VisitForStatement(ForStatement* stmt) {
5046 DCHECK(!HasStackOverflow());
5047 DCHECK(current_block() != NULL);
5048 DCHECK(current_block()->HasPredecessor());
5049 if (stmt->init() != NULL) {
5050 CHECK_ALIVE(Visit(stmt->init()));
5052 DCHECK(current_block() != NULL);
5053 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5055 HBasicBlock* loop_successor = NULL;
5056 if (stmt->cond() != NULL) {
5057 HBasicBlock* body_entry = graph()->CreateBasicBlock();
5058 loop_successor = graph()->CreateBasicBlock();
5059 CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5060 if (body_entry->HasPredecessor()) {
5061 body_entry->SetJoinId(stmt->BodyId());
5062 set_current_block(body_entry);
5064 if (loop_successor->HasPredecessor()) {
5065 loop_successor->SetJoinId(stmt->ExitId());
5067 loop_successor = NULL;
5071 BreakAndContinueInfo break_info(stmt, scope());
5072 if (current_block() != NULL) {
5073 BreakAndContinueScope push(&break_info, this);
5074 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5076 HBasicBlock* body_exit =
5077 JoinContinue(stmt, current_block(), break_info.continue_block());
5079 if (stmt->next() != NULL && body_exit != NULL) {
5080 set_current_block(body_exit);
5081 CHECK_BAILOUT(Visit(stmt->next()));
5082 body_exit = current_block();
5085 HBasicBlock* loop_exit = CreateLoop(stmt,
5089 break_info.break_block());
5090 set_current_block(loop_exit);
5094 void HOptimizedGraphBuilder::VisitForInStatement(ForInStatement* stmt) {
5095 DCHECK(!HasStackOverflow());
5096 DCHECK(current_block() != NULL);
5097 DCHECK(current_block()->HasPredecessor());
5099 if (!FLAG_optimize_for_in) {
5100 return Bailout(kForInStatementOptimizationIsDisabled);
5103 if (!stmt->each()->IsVariableProxy() ||
5104 !stmt->each()->AsVariableProxy()->var()->IsStackLocal()) {
5105 return Bailout(kForInStatementWithNonLocalEachVariable);
5108 Variable* each_var = stmt->each()->AsVariableProxy()->var();
5110 CHECK_ALIVE(VisitForValue(stmt->enumerable()));
5111 HValue* enumerable = Top(); // Leave enumerable at the top.
5113 IfBuilder if_undefined_or_null(this);
5114 if_undefined_or_null.If<HCompareObjectEqAndBranch>(
5115 enumerable, graph()->GetConstantUndefined());
5116 if_undefined_or_null.Or();
5117 if_undefined_or_null.If<HCompareObjectEqAndBranch>(
5118 enumerable, graph()->GetConstantNull());
5119 if_undefined_or_null.ThenDeopt(Deoptimizer::kUndefinedOrNullInForIn);
5120 if_undefined_or_null.End();
5121 BuildForInBody(stmt, each_var, enumerable);
5125 void HOptimizedGraphBuilder::BuildForInBody(ForInStatement* stmt,
5127 HValue* enumerable) {
5129 HInstruction* array;
5130 HInstruction* enum_length;
5131 bool fast = stmt->for_in_type() == ForInStatement::FAST_FOR_IN;
5133 map = Add<HForInPrepareMap>(enumerable);
5134 Add<HSimulate>(stmt->PrepareId());
5136 array = Add<HForInCacheArray>(enumerable, map,
5137 DescriptorArray::kEnumCacheBridgeCacheIndex);
5138 enum_length = Add<HMapEnumLength>(map);
5140 HInstruction* index_cache = Add<HForInCacheArray>(
5141 enumerable, map, DescriptorArray::kEnumCacheBridgeIndicesCacheIndex);
5142 HForInCacheArray::cast(array)
5143 ->set_index_cache(HForInCacheArray::cast(index_cache));
5145 Add<HSimulate>(stmt->PrepareId());
5147 NoObservableSideEffectsScope no_effects(this);
5148 BuildJSObjectCheck(enumerable, 0);
5150 Add<HSimulate>(stmt->ToObjectId());
5152 map = graph()->GetConstant1();
5153 Runtime::FunctionId function_id = Runtime::kGetPropertyNamesFast;
5154 Add<HPushArguments>(enumerable);
5155 array = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5156 Runtime::FunctionForId(function_id), 1);
5158 Add<HSimulate>(stmt->EnumId());
5160 Handle<Map> array_map = isolate()->factory()->fixed_array_map();
5161 HValue* check = Add<HCheckMaps>(array, array_map);
5162 enum_length = AddLoadFixedArrayLength(array, check);
5165 HInstruction* start_index = Add<HConstant>(0);
5172 HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5174 // Reload the values to ensure we have up-to-date values inside of the loop.
5175 // This is relevant especially for OSR where the values don't come from the
5176 // computation above, but from the OSR entry block.
5177 enumerable = environment()->ExpressionStackAt(4);
5178 HValue* index = environment()->ExpressionStackAt(0);
5179 HValue* limit = environment()->ExpressionStackAt(1);
5181 // Check that we still have more keys.
5182 HCompareNumericAndBranch* compare_index =
5183 New<HCompareNumericAndBranch>(index, limit, Token::LT);
5184 compare_index->set_observed_input_representation(
5185 Representation::Smi(), Representation::Smi());
5187 HBasicBlock* loop_body = graph()->CreateBasicBlock();
5188 HBasicBlock* loop_successor = graph()->CreateBasicBlock();
5190 compare_index->SetSuccessorAt(0, loop_body);
5191 compare_index->SetSuccessorAt(1, loop_successor);
5192 FinishCurrentBlock(compare_index);
5194 set_current_block(loop_successor);
5197 set_current_block(loop_body);
5200 Add<HLoadKeyed>(environment()->ExpressionStackAt(2), // Enum cache.
5201 index, index, FAST_ELEMENTS);
5204 // Check if the expected map still matches that of the enumerable.
5205 // If not just deoptimize.
5206 Add<HCheckMapValue>(enumerable, environment()->ExpressionStackAt(3));
5207 Bind(each_var, key);
5209 Add<HPushArguments>(enumerable, key);
5210 Runtime::FunctionId function_id = Runtime::kForInFilter;
5211 key = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5212 Runtime::FunctionForId(function_id), 2);
5213 Bind(each_var, key);
5214 Add<HSimulate>(stmt->AssignmentId());
5215 IfBuilder if_undefined(this);
5216 if_undefined.If<HCompareObjectEqAndBranch>(key,
5217 graph()->GetConstantUndefined());
5218 if_undefined.ThenDeopt(Deoptimizer::kUndefined);
5222 BreakAndContinueInfo break_info(stmt, scope(), 5);
5224 BreakAndContinueScope push(&break_info, this);
5225 CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5228 HBasicBlock* body_exit =
5229 JoinContinue(stmt, current_block(), break_info.continue_block());
5231 if (body_exit != NULL) {
5232 set_current_block(body_exit);
5234 HValue* current_index = Pop();
5235 Push(AddUncasted<HAdd>(current_index, graph()->GetConstant1()));
5236 body_exit = current_block();
5239 HBasicBlock* loop_exit = CreateLoop(stmt,
5243 break_info.break_block());
5245 set_current_block(loop_exit);
5249 void HOptimizedGraphBuilder::VisitForOfStatement(ForOfStatement* stmt) {
5250 DCHECK(!HasStackOverflow());
5251 DCHECK(current_block() != NULL);
5252 DCHECK(current_block()->HasPredecessor());
5253 return Bailout(kForOfStatement);
5257 void HOptimizedGraphBuilder::VisitTryCatchStatement(TryCatchStatement* stmt) {
5258 DCHECK(!HasStackOverflow());
5259 DCHECK(current_block() != NULL);
5260 DCHECK(current_block()->HasPredecessor());
5261 return Bailout(kTryCatchStatement);
5265 void HOptimizedGraphBuilder::VisitTryFinallyStatement(
5266 TryFinallyStatement* stmt) {
5267 DCHECK(!HasStackOverflow());
5268 DCHECK(current_block() != NULL);
5269 DCHECK(current_block()->HasPredecessor());
5270 return Bailout(kTryFinallyStatement);
5274 void HOptimizedGraphBuilder::VisitDebuggerStatement(DebuggerStatement* stmt) {
5275 DCHECK(!HasStackOverflow());
5276 DCHECK(current_block() != NULL);
5277 DCHECK(current_block()->HasPredecessor());
5278 return Bailout(kDebuggerStatement);
5282 void HOptimizedGraphBuilder::VisitCaseClause(CaseClause* clause) {
5287 void HOptimizedGraphBuilder::VisitFunctionLiteral(FunctionLiteral* expr) {
5288 DCHECK(!HasStackOverflow());
5289 DCHECK(current_block() != NULL);
5290 DCHECK(current_block()->HasPredecessor());
5291 Handle<SharedFunctionInfo> shared_info = expr->shared_info();
5292 if (shared_info.is_null()) {
5294 Compiler::BuildFunctionInfo(expr, current_info()->script(), top_info());
5296 // We also have a stack overflow if the recursive compilation did.
5297 if (HasStackOverflow()) return;
5298 HFunctionLiteral* instr =
5299 New<HFunctionLiteral>(shared_info, expr->pretenure());
5300 return ast_context()->ReturnInstruction(instr, expr->id());
5304 void HOptimizedGraphBuilder::VisitClassLiteral(ClassLiteral* lit) {
5305 DCHECK(!HasStackOverflow());
5306 DCHECK(current_block() != NULL);
5307 DCHECK(current_block()->HasPredecessor());
5308 return Bailout(kClassLiteral);
5312 void HOptimizedGraphBuilder::VisitNativeFunctionLiteral(
5313 NativeFunctionLiteral* expr) {
5314 DCHECK(!HasStackOverflow());
5315 DCHECK(current_block() != NULL);
5316 DCHECK(current_block()->HasPredecessor());
5317 return Bailout(kNativeFunctionLiteral);
5321 void HOptimizedGraphBuilder::VisitConditional(Conditional* expr) {
5322 DCHECK(!HasStackOverflow());
5323 DCHECK(current_block() != NULL);
5324 DCHECK(current_block()->HasPredecessor());
5325 HBasicBlock* cond_true = graph()->CreateBasicBlock();
5326 HBasicBlock* cond_false = graph()->CreateBasicBlock();
5327 CHECK_BAILOUT(VisitForControl(expr->condition(), cond_true, cond_false));
5329 // Visit the true and false subexpressions in the same AST context as the
5330 // whole expression.
5331 if (cond_true->HasPredecessor()) {
5332 cond_true->SetJoinId(expr->ThenId());
5333 set_current_block(cond_true);
5334 CHECK_BAILOUT(Visit(expr->then_expression()));
5335 cond_true = current_block();
5340 if (cond_false->HasPredecessor()) {
5341 cond_false->SetJoinId(expr->ElseId());
5342 set_current_block(cond_false);
5343 CHECK_BAILOUT(Visit(expr->else_expression()));
5344 cond_false = current_block();
5349 if (!ast_context()->IsTest()) {
5350 HBasicBlock* join = CreateJoin(cond_true, cond_false, expr->id());
5351 set_current_block(join);
5352 if (join != NULL && !ast_context()->IsEffect()) {
5353 return ast_context()->ReturnValue(Pop());
5359 HOptimizedGraphBuilder::GlobalPropertyAccess
5360 HOptimizedGraphBuilder::LookupGlobalProperty(Variable* var, LookupIterator* it,
5361 PropertyAccessType access_type) {
5362 if (var->is_this() || !current_info()->has_global_object()) {
5366 switch (it->state()) {
5367 case LookupIterator::ACCESSOR:
5368 case LookupIterator::ACCESS_CHECK:
5369 case LookupIterator::INTERCEPTOR:
5370 case LookupIterator::INTEGER_INDEXED_EXOTIC:
5371 case LookupIterator::NOT_FOUND:
5373 case LookupIterator::DATA:
5374 if (access_type == STORE && it->IsReadOnly()) return kUseGeneric;
5376 case LookupIterator::JSPROXY:
5377 case LookupIterator::TRANSITION:
5385 HValue* HOptimizedGraphBuilder::BuildContextChainWalk(Variable* var) {
5386 DCHECK(var->IsContextSlot());
5387 HValue* context = environment()->context();
5388 int length = scope()->ContextChainLength(var->scope());
5389 while (length-- > 0) {
5390 context = Add<HLoadNamedField>(
5392 HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
5398 void HOptimizedGraphBuilder::VisitVariableProxy(VariableProxy* expr) {
5399 DCHECK(!HasStackOverflow());
5400 DCHECK(current_block() != NULL);
5401 DCHECK(current_block()->HasPredecessor());
5402 Variable* variable = expr->var();
5403 switch (variable->location()) {
5404 case Variable::UNALLOCATED: {
5405 if (IsLexicalVariableMode(variable->mode())) {
5406 // TODO(rossberg): should this be an DCHECK?
5407 return Bailout(kReferenceToGlobalLexicalVariable);
5409 // Handle known global constants like 'undefined' specially to avoid a
5410 // load from a global cell for them.
5411 Handle<Object> constant_value =
5412 isolate()->factory()->GlobalConstantFor(variable->name());
5413 if (!constant_value.is_null()) {
5414 HConstant* instr = New<HConstant>(constant_value);
5415 return ast_context()->ReturnInstruction(instr, expr->id());
5418 Handle<GlobalObject> global(current_info()->global_object());
5420 // Lookup in script contexts.
5422 Handle<ScriptContextTable> script_contexts(
5423 global->native_context()->script_context_table());
5424 ScriptContextTable::LookupResult lookup;
5425 if (ScriptContextTable::Lookup(script_contexts, variable->name(),
5427 Handle<Context> script_context = ScriptContextTable::GetContext(
5428 script_contexts, lookup.context_index);
5429 Handle<Object> current_value =
5430 FixedArray::get(script_context, lookup.slot_index);
5432 // If the values is not the hole, it will stay initialized,
5433 // so no need to generate a check.
5434 if (*current_value == *isolate()->factory()->the_hole_value()) {
5435 return Bailout(kReferenceToUninitializedVariable);
5437 HInstruction* result = New<HLoadNamedField>(
5438 Add<HConstant>(script_context), nullptr,
5439 HObjectAccess::ForContextSlot(lookup.slot_index));
5440 return ast_context()->ReturnInstruction(result, expr->id());
5444 LookupIterator it(global, variable->name(), LookupIterator::OWN);
5445 GlobalPropertyAccess type = LookupGlobalProperty(variable, &it, LOAD);
5447 if (type == kUseCell) {
5448 Handle<PropertyCell> cell = it.GetPropertyCell();
5449 top_info()->dependencies()->AssumePropertyCell(cell);
5450 auto cell_type = it.property_details().cell_type();
5451 if (cell_type == PropertyCellType::kConstant ||
5452 cell_type == PropertyCellType::kUndefined) {
5453 Handle<Object> constant_object(cell->value(), isolate());
5454 if (constant_object->IsConsString()) {
5456 String::Flatten(Handle<String>::cast(constant_object));
5458 HConstant* constant = New<HConstant>(constant_object);
5459 return ast_context()->ReturnInstruction(constant, expr->id());
5461 auto access = HObjectAccess::ForPropertyCellValue();
5462 UniqueSet<Map>* field_maps = nullptr;
5463 if (cell_type == PropertyCellType::kConstantType) {
5464 switch (cell->GetConstantType()) {
5465 case PropertyCellConstantType::kSmi:
5466 access = access.WithRepresentation(Representation::Smi());
5468 case PropertyCellConstantType::kStableMap: {
5469 // Check that the map really is stable. The heap object could
5470 // have mutated without the cell updating state. In that case,
5471 // make no promises about the loaded value except that it's a
5474 access.WithRepresentation(Representation::HeapObject());
5475 Handle<Map> map(HeapObject::cast(cell->value())->map());
5476 if (map->is_stable()) {
5477 field_maps = new (zone())
5478 UniqueSet<Map>(Unique<Map>::CreateImmovable(map), zone());
5484 HConstant* cell_constant = Add<HConstant>(cell);
5485 HLoadNamedField* instr;
5486 if (field_maps == nullptr) {
5487 instr = New<HLoadNamedField>(cell_constant, nullptr, access);
5489 instr = New<HLoadNamedField>(cell_constant, nullptr, access,
5490 field_maps, HType::HeapObject());
5492 instr->ClearDependsOnFlag(kInobjectFields);
5493 instr->SetDependsOnFlag(kGlobalVars);
5494 return ast_context()->ReturnInstruction(instr, expr->id());
5497 HValue* global_object = Add<HLoadNamedField>(
5499 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
5500 HLoadGlobalGeneric* instr =
5501 New<HLoadGlobalGeneric>(global_object,
5503 ast_context()->is_for_typeof());
5504 instr->SetVectorAndSlot(handle(current_feedback_vector(), isolate()),
5505 expr->VariableFeedbackSlot());
5506 return ast_context()->ReturnInstruction(instr, expr->id());
5510 case Variable::PARAMETER:
5511 case Variable::LOCAL: {
5512 HValue* value = LookupAndMakeLive(variable);
5513 if (value == graph()->GetConstantHole()) {
5514 DCHECK(IsDeclaredVariableMode(variable->mode()) &&
5515 variable->mode() != VAR);
5516 return Bailout(kReferenceToUninitializedVariable);
5518 return ast_context()->ReturnValue(value);
5521 case Variable::CONTEXT: {
5522 HValue* context = BuildContextChainWalk(variable);
5523 HLoadContextSlot::Mode mode;
5524 switch (variable->mode()) {
5527 mode = HLoadContextSlot::kCheckDeoptimize;
5530 mode = HLoadContextSlot::kCheckReturnUndefined;
5533 mode = HLoadContextSlot::kNoCheck;
5536 HLoadContextSlot* instr =
5537 new(zone()) HLoadContextSlot(context, variable->index(), mode);
5538 return ast_context()->ReturnInstruction(instr, expr->id());
5541 case Variable::LOOKUP:
5542 return Bailout(kReferenceToAVariableWhichRequiresDynamicLookup);
5547 void HOptimizedGraphBuilder::VisitLiteral(Literal* expr) {
5548 DCHECK(!HasStackOverflow());
5549 DCHECK(current_block() != NULL);
5550 DCHECK(current_block()->HasPredecessor());
5551 HConstant* instr = New<HConstant>(expr->value());
5552 return ast_context()->ReturnInstruction(instr, expr->id());
5556 void HOptimizedGraphBuilder::VisitRegExpLiteral(RegExpLiteral* expr) {
5557 DCHECK(!HasStackOverflow());
5558 DCHECK(current_block() != NULL);
5559 DCHECK(current_block()->HasPredecessor());
5560 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5561 Handle<FixedArray> literals(closure->literals());
5562 HRegExpLiteral* instr = New<HRegExpLiteral>(literals,
5565 expr->literal_index());
5566 return ast_context()->ReturnInstruction(instr, expr->id());
5570 static bool CanInlinePropertyAccess(Handle<Map> map) {
5571 if (map->instance_type() == HEAP_NUMBER_TYPE) return true;
5572 if (map->instance_type() < FIRST_NONSTRING_TYPE) return true;
5573 return map->IsJSObjectMap() && !map->is_dictionary_map() &&
5574 !map->has_named_interceptor() &&
5575 // TODO(verwaest): Whitelist contexts to which we have access.
5576 !map->is_access_check_needed();
5580 // Determines whether the given array or object literal boilerplate satisfies
5581 // all limits to be considered for fast deep-copying and computes the total
5582 // size of all objects that are part of the graph.
5583 static bool IsFastLiteral(Handle<JSObject> boilerplate,
5585 int* max_properties) {
5586 if (boilerplate->map()->is_deprecated() &&
5587 !JSObject::TryMigrateInstance(boilerplate)) {
5591 DCHECK(max_depth >= 0 && *max_properties >= 0);
5592 if (max_depth == 0) return false;
5594 Isolate* isolate = boilerplate->GetIsolate();
5595 Handle<FixedArrayBase> elements(boilerplate->elements());
5596 if (elements->length() > 0 &&
5597 elements->map() != isolate->heap()->fixed_cow_array_map()) {
5598 if (boilerplate->HasFastSmiOrObjectElements()) {
5599 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
5600 int length = elements->length();
5601 for (int i = 0; i < length; i++) {
5602 if ((*max_properties)-- == 0) return false;
5603 Handle<Object> value(fast_elements->get(i), isolate);
5604 if (value->IsJSObject()) {
5605 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5606 if (!IsFastLiteral(value_object,
5613 } else if (!boilerplate->HasFastDoubleElements()) {
5618 Handle<FixedArray> properties(boilerplate->properties());
5619 if (properties->length() > 0) {
5622 Handle<DescriptorArray> descriptors(
5623 boilerplate->map()->instance_descriptors());
5624 int limit = boilerplate->map()->NumberOfOwnDescriptors();
5625 for (int i = 0; i < limit; i++) {
5626 PropertyDetails details = descriptors->GetDetails(i);
5627 if (details.type() != DATA) continue;
5628 if ((*max_properties)-- == 0) return false;
5629 FieldIndex field_index = FieldIndex::ForDescriptor(boilerplate->map(), i);
5630 if (boilerplate->IsUnboxedDoubleField(field_index)) continue;
5631 Handle<Object> value(boilerplate->RawFastPropertyAt(field_index),
5633 if (value->IsJSObject()) {
5634 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5635 if (!IsFastLiteral(value_object,
5647 void HOptimizedGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
5648 DCHECK(!HasStackOverflow());
5649 DCHECK(current_block() != NULL);
5650 DCHECK(current_block()->HasPredecessor());
5652 Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5653 HInstruction* literal;
5655 // Check whether to use fast or slow deep-copying for boilerplate.
5656 int max_properties = kMaxFastLiteralProperties;
5657 Handle<Object> literals_cell(closure->literals()->get(expr->literal_index()),
5659 Handle<AllocationSite> site;
5660 Handle<JSObject> boilerplate;
5661 if (!literals_cell->IsUndefined()) {
5662 // Retrieve the boilerplate
5663 site = Handle<AllocationSite>::cast(literals_cell);
5664 boilerplate = Handle<JSObject>(JSObject::cast(site->transition_info()),
5668 if (!boilerplate.is_null() &&
5669 IsFastLiteral(boilerplate, kMaxFastLiteralDepth, &max_properties)) {
5670 AllocationSiteUsageContext site_context(isolate(), site, false);
5671 site_context.EnterNewScope();
5672 literal = BuildFastLiteral(boilerplate, &site_context);
5673 site_context.ExitScope(site, boilerplate);
5675 NoObservableSideEffectsScope no_effects(this);
5676 Handle<FixedArray> closure_literals(closure->literals(), isolate());
5677 Handle<FixedArray> constant_properties = expr->constant_properties();
5678 int literal_index = expr->literal_index();
5679 int flags = expr->ComputeFlags(true);
5681 Add<HPushArguments>(Add<HConstant>(closure_literals),
5682 Add<HConstant>(literal_index),
5683 Add<HConstant>(constant_properties),
5684 Add<HConstant>(flags));
5686 Runtime::FunctionId function_id = Runtime::kCreateObjectLiteral;
5687 literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5688 Runtime::FunctionForId(function_id),
5692 // The object is expected in the bailout environment during computation
5693 // of the property values and is the value of the entire expression.
5696 for (int i = 0; i < expr->properties()->length(); i++) {
5697 ObjectLiteral::Property* property = expr->properties()->at(i);
5698 if (property->is_computed_name()) return Bailout(kComputedPropertyName);
5699 if (property->IsCompileTimeValue()) continue;
5701 Literal* key = property->key()->AsLiteral();
5702 Expression* value = property->value();
5704 switch (property->kind()) {
5705 case ObjectLiteral::Property::MATERIALIZED_LITERAL:
5706 DCHECK(!CompileTimeValue::IsCompileTimeValue(value));
5708 case ObjectLiteral::Property::COMPUTED:
5709 // It is safe to use [[Put]] here because the boilerplate already
5710 // contains computed properties with an uninitialized value.
5711 if (key->value()->IsInternalizedString()) {
5712 if (property->emit_store()) {
5713 CHECK_ALIVE(VisitForValue(value));
5714 HValue* value = Pop();
5716 // Add [[HomeObject]] to function literals.
5717 if (FunctionLiteral::NeedsHomeObject(property->value())) {
5718 Handle<Symbol> sym = isolate()->factory()->home_object_symbol();
5719 HInstruction* store_home = BuildKeyedGeneric(
5720 STORE, NULL, value, Add<HConstant>(sym), literal);
5721 AddInstruction(store_home);
5722 DCHECK(store_home->HasObservableSideEffects());
5723 Add<HSimulate>(property->value()->id(), REMOVABLE_SIMULATE);
5726 Handle<Map> map = property->GetReceiverType();
5727 Handle<String> name = key->AsPropertyName();
5729 if (map.is_null()) {
5730 // If we don't know the monomorphic type, do a generic store.
5731 CHECK_ALIVE(store = BuildNamedGeneric(
5732 STORE, NULL, literal, name, value));
5734 PropertyAccessInfo info(this, STORE, map, name);
5735 if (info.CanAccessMonomorphic()) {
5736 HValue* checked_literal = Add<HCheckMaps>(literal, map);
5737 DCHECK(!info.IsAccessorConstant());
5738 store = BuildMonomorphicAccess(
5739 &info, literal, checked_literal, value,
5740 BailoutId::None(), BailoutId::None());
5742 CHECK_ALIVE(store = BuildNamedGeneric(
5743 STORE, NULL, literal, name, value));
5746 if (store->IsInstruction()) {
5747 AddInstruction(HInstruction::cast(store));
5749 DCHECK(store->HasObservableSideEffects());
5750 Add<HSimulate>(key->id(), REMOVABLE_SIMULATE);
5752 CHECK_ALIVE(VisitForEffect(value));
5757 case ObjectLiteral::Property::PROTOTYPE:
5758 case ObjectLiteral::Property::SETTER:
5759 case ObjectLiteral::Property::GETTER:
5760 return Bailout(kObjectLiteralWithComplexProperty);
5761 default: UNREACHABLE();
5765 if (expr->has_function()) {
5766 // Return the result of the transformation to fast properties
5767 // instead of the original since this operation changes the map
5768 // of the object. This makes sure that the original object won't
5769 // be used by other optimized code before it is transformed
5770 // (e.g. because of code motion).
5771 HToFastProperties* result = Add<HToFastProperties>(Pop());
5772 return ast_context()->ReturnValue(result);
5774 return ast_context()->ReturnValue(Pop());
5779 void HOptimizedGraphBuilder::VisitArrayLiteral(ArrayLiteral* expr) {
5780 DCHECK(!HasStackOverflow());
5781 DCHECK(current_block() != NULL);
5782 DCHECK(current_block()->HasPredecessor());
5783 expr->BuildConstantElements(isolate());
5784 ZoneList<Expression*>* subexprs = expr->values();
5785 int length = subexprs->length();
5786 HInstruction* literal;
5788 Handle<AllocationSite> site;
5789 Handle<FixedArray> literals(environment()->closure()->literals(), isolate());
5790 bool uninitialized = false;
5791 Handle<Object> literals_cell(literals->get(expr->literal_index()),
5793 Handle<JSObject> boilerplate_object;
5794 if (literals_cell->IsUndefined()) {
5795 uninitialized = true;
5796 Handle<Object> raw_boilerplate;
5797 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
5798 isolate(), raw_boilerplate,
5799 Runtime::CreateArrayLiteralBoilerplate(
5800 isolate(), literals, expr->constant_elements(),
5801 is_strong(function_language_mode())),
5802 Bailout(kArrayBoilerplateCreationFailed));
5804 boilerplate_object = Handle<JSObject>::cast(raw_boilerplate);
5805 AllocationSiteCreationContext creation_context(isolate());
5806 site = creation_context.EnterNewScope();
5807 if (JSObject::DeepWalk(boilerplate_object, &creation_context).is_null()) {
5808 return Bailout(kArrayBoilerplateCreationFailed);
5810 creation_context.ExitScope(site, boilerplate_object);
5811 literals->set(expr->literal_index(), *site);
5813 if (boilerplate_object->elements()->map() ==
5814 isolate()->heap()->fixed_cow_array_map()) {
5815 isolate()->counters()->cow_arrays_created_runtime()->Increment();
5818 DCHECK(literals_cell->IsAllocationSite());
5819 site = Handle<AllocationSite>::cast(literals_cell);
5820 boilerplate_object = Handle<JSObject>(
5821 JSObject::cast(site->transition_info()), isolate());
5824 DCHECK(!boilerplate_object.is_null());
5825 DCHECK(site->SitePointsToLiteral());
5827 ElementsKind boilerplate_elements_kind =
5828 boilerplate_object->GetElementsKind();
5830 // Check whether to use fast or slow deep-copying for boilerplate.
5831 int max_properties = kMaxFastLiteralProperties;
5832 if (IsFastLiteral(boilerplate_object,
5833 kMaxFastLiteralDepth,
5835 AllocationSiteUsageContext site_context(isolate(), site, false);
5836 site_context.EnterNewScope();
5837 literal = BuildFastLiteral(boilerplate_object, &site_context);
5838 site_context.ExitScope(site, boilerplate_object);
5840 NoObservableSideEffectsScope no_effects(this);
5841 // Boilerplate already exists and constant elements are never accessed,
5842 // pass an empty fixed array to the runtime function instead.
5843 Handle<FixedArray> constants = isolate()->factory()->empty_fixed_array();
5844 int literal_index = expr->literal_index();
5845 int flags = expr->ComputeFlags(true);
5847 Add<HPushArguments>(Add<HConstant>(literals),
5848 Add<HConstant>(literal_index),
5849 Add<HConstant>(constants),
5850 Add<HConstant>(flags));
5852 Runtime::FunctionId function_id = Runtime::kCreateArrayLiteral;
5853 literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5854 Runtime::FunctionForId(function_id),
5857 // Register to deopt if the boilerplate ElementsKind changes.
5858 top_info()->dependencies()->AssumeTransitionStable(site);
5861 // The array is expected in the bailout environment during computation
5862 // of the property values and is the value of the entire expression.
5864 // The literal index is on the stack, too.
5865 Push(Add<HConstant>(expr->literal_index()));
5867 HInstruction* elements = NULL;
5869 for (int i = 0; i < length; i++) {
5870 Expression* subexpr = subexprs->at(i);
5871 if (subexpr->IsSpread()) {
5872 return Bailout(kSpread);
5875 // If the subexpression is a literal or a simple materialized literal it
5876 // is already set in the cloned array.
5877 if (CompileTimeValue::IsCompileTimeValue(subexpr)) continue;
5879 CHECK_ALIVE(VisitForValue(subexpr));
5880 HValue* value = Pop();
5881 if (!Smi::IsValid(i)) return Bailout(kNonSmiKeyInArrayLiteral);
5883 elements = AddLoadElements(literal);
5885 HValue* key = Add<HConstant>(i);
5887 switch (boilerplate_elements_kind) {
5888 case FAST_SMI_ELEMENTS:
5889 case FAST_HOLEY_SMI_ELEMENTS:
5891 case FAST_HOLEY_ELEMENTS:
5892 case FAST_DOUBLE_ELEMENTS:
5893 case FAST_HOLEY_DOUBLE_ELEMENTS: {
5894 HStoreKeyed* instr = Add<HStoreKeyed>(elements, key, value,
5895 boilerplate_elements_kind);
5896 instr->SetUninitialized(uninitialized);
5904 Add<HSimulate>(expr->GetIdForElement(i));
5907 Drop(1); // array literal index
5908 return ast_context()->ReturnValue(Pop());
5912 HCheckMaps* HOptimizedGraphBuilder::AddCheckMap(HValue* object,
5914 BuildCheckHeapObject(object);
5915 return Add<HCheckMaps>(object, map);
5919 HInstruction* HOptimizedGraphBuilder::BuildLoadNamedField(
5920 PropertyAccessInfo* info,
5921 HValue* checked_object) {
5922 // See if this is a load for an immutable property
5923 if (checked_object->ActualValue()->IsConstant()) {
5924 Handle<Object> object(
5925 HConstant::cast(checked_object->ActualValue())->handle(isolate()));
5927 if (object->IsJSObject()) {
5928 LookupIterator it(object, info->name(),
5929 LookupIterator::OWN_SKIP_INTERCEPTOR);
5930 Handle<Object> value = JSReceiver::GetDataProperty(&it);
5931 if (it.IsFound() && it.IsReadOnly() && !it.IsConfigurable()) {
5932 return New<HConstant>(value);
5937 HObjectAccess access = info->access();
5938 if (access.representation().IsDouble() &&
5939 (!FLAG_unbox_double_fields || !access.IsInobject())) {
5940 // Load the heap number.
5941 checked_object = Add<HLoadNamedField>(
5942 checked_object, nullptr,
5943 access.WithRepresentation(Representation::Tagged()));
5944 // Load the double value from it.
5945 access = HObjectAccess::ForHeapNumberValue();
5948 SmallMapList* map_list = info->field_maps();
5949 if (map_list->length() == 0) {
5950 return New<HLoadNamedField>(checked_object, checked_object, access);
5953 UniqueSet<Map>* maps = new(zone()) UniqueSet<Map>(map_list->length(), zone());
5954 for (int i = 0; i < map_list->length(); ++i) {
5955 maps->Add(Unique<Map>::CreateImmovable(map_list->at(i)), zone());
5957 return New<HLoadNamedField>(
5958 checked_object, checked_object, access, maps, info->field_type());
5962 HInstruction* HOptimizedGraphBuilder::BuildStoreNamedField(
5963 PropertyAccessInfo* info,
5964 HValue* checked_object,
5966 bool transition_to_field = info->IsTransition();
5967 // TODO(verwaest): Move this logic into PropertyAccessInfo.
5968 HObjectAccess field_access = info->access();
5970 HStoreNamedField *instr;
5971 if (field_access.representation().IsDouble() &&
5972 (!FLAG_unbox_double_fields || !field_access.IsInobject())) {
5973 HObjectAccess heap_number_access =
5974 field_access.WithRepresentation(Representation::Tagged());
5975 if (transition_to_field) {
5976 // The store requires a mutable HeapNumber to be allocated.
5977 NoObservableSideEffectsScope no_side_effects(this);
5978 HInstruction* heap_number_size = Add<HConstant>(HeapNumber::kSize);
5980 // TODO(hpayer): Allocation site pretenuring support.
5981 HInstruction* heap_number = Add<HAllocate>(heap_number_size,
5982 HType::HeapObject(),
5984 MUTABLE_HEAP_NUMBER_TYPE);
5985 AddStoreMapConstant(
5986 heap_number, isolate()->factory()->mutable_heap_number_map());
5987 Add<HStoreNamedField>(heap_number, HObjectAccess::ForHeapNumberValue(),
5989 instr = New<HStoreNamedField>(checked_object->ActualValue(),
5993 // Already holds a HeapNumber; load the box and write its value field.
5994 HInstruction* heap_number =
5995 Add<HLoadNamedField>(checked_object, nullptr, heap_number_access);
5996 instr = New<HStoreNamedField>(heap_number,
5997 HObjectAccess::ForHeapNumberValue(),
5998 value, STORE_TO_INITIALIZED_ENTRY);
6001 if (field_access.representation().IsHeapObject()) {
6002 BuildCheckHeapObject(value);
6005 if (!info->field_maps()->is_empty()) {
6006 DCHECK(field_access.representation().IsHeapObject());
6007 value = Add<HCheckMaps>(value, info->field_maps());
6010 // This is a normal store.
6011 instr = New<HStoreNamedField>(
6012 checked_object->ActualValue(), field_access, value,
6013 transition_to_field ? INITIALIZING_STORE : STORE_TO_INITIALIZED_ENTRY);
6016 if (transition_to_field) {
6017 Handle<Map> transition(info->transition());
6018 DCHECK(!transition->is_deprecated());
6019 instr->SetTransition(Add<HConstant>(transition));
6025 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsCompatible(
6026 PropertyAccessInfo* info) {
6027 if (!CanInlinePropertyAccess(map_)) return false;
6029 // Currently only handle Type::Number as a polymorphic case.
6030 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6032 if (IsNumberType()) return false;
6034 // Values are only compatible for monomorphic load if they all behave the same
6035 // regarding value wrappers.
6036 if (IsValueWrapped() != info->IsValueWrapped()) return false;
6038 if (!LookupDescriptor()) return false;
6041 return (!info->IsFound() || info->has_holder()) &&
6042 map()->prototype() == info->map()->prototype();
6045 // Mismatch if the other access info found the property in the prototype
6047 if (info->has_holder()) return false;
6049 if (IsAccessorConstant()) {
6050 return accessor_.is_identical_to(info->accessor_) &&
6051 api_holder_.is_identical_to(info->api_holder_);
6054 if (IsDataConstant()) {
6055 return constant_.is_identical_to(info->constant_);
6059 if (!info->IsData()) return false;
6061 Representation r = access_.representation();
6063 if (!info->access_.representation().IsCompatibleForLoad(r)) return false;
6065 if (!info->access_.representation().IsCompatibleForStore(r)) return false;
6067 if (info->access_.offset() != access_.offset()) return false;
6068 if (info->access_.IsInobject() != access_.IsInobject()) return false;
6070 if (field_maps_.is_empty()) {
6071 info->field_maps_.Clear();
6072 } else if (!info->field_maps_.is_empty()) {
6073 for (int i = 0; i < field_maps_.length(); ++i) {
6074 info->field_maps_.AddMapIfMissing(field_maps_.at(i), info->zone());
6076 info->field_maps_.Sort();
6079 // We can only merge stores that agree on their field maps. The comparison
6080 // below is safe, since we keep the field maps sorted.
6081 if (field_maps_.length() != info->field_maps_.length()) return false;
6082 for (int i = 0; i < field_maps_.length(); ++i) {
6083 if (!field_maps_.at(i).is_identical_to(info->field_maps_.at(i))) {
6088 info->GeneralizeRepresentation(r);
6089 info->field_type_ = info->field_type_.Combine(field_type_);
6094 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupDescriptor() {
6095 if (!map_->IsJSObjectMap()) return true;
6096 LookupDescriptor(*map_, *name_);
6097 return LoadResult(map_);
6101 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadResult(Handle<Map> map) {
6102 if (!IsLoad() && IsProperty() && IsReadOnly()) {
6107 // Construct the object field access.
6108 int index = GetLocalFieldIndexFromMap(map);
6109 access_ = HObjectAccess::ForField(map, index, representation(), name_);
6111 // Load field map for heap objects.
6112 return LoadFieldMaps(map);
6113 } else if (IsAccessorConstant()) {
6114 Handle<Object> accessors = GetAccessorsFromMap(map);
6115 if (!accessors->IsAccessorPair()) return false;
6116 Object* raw_accessor =
6117 IsLoad() ? Handle<AccessorPair>::cast(accessors)->getter()
6118 : Handle<AccessorPair>::cast(accessors)->setter();
6119 if (!raw_accessor->IsJSFunction()) return false;
6120 Handle<JSFunction> accessor = handle(JSFunction::cast(raw_accessor));
6121 if (accessor->shared()->IsApiFunction()) {
6122 CallOptimization call_optimization(accessor);
6123 if (call_optimization.is_simple_api_call()) {
6124 CallOptimization::HolderLookup holder_lookup;
6126 call_optimization.LookupHolderOfExpectedType(map_, &holder_lookup);
6129 accessor_ = accessor;
6130 } else if (IsDataConstant()) {
6131 constant_ = GetConstantFromMap(map);
6138 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadFieldMaps(
6140 // Clear any previously collected field maps/type.
6141 field_maps_.Clear();
6142 field_type_ = HType::Tagged();
6144 // Figure out the field type from the accessor map.
6145 Handle<HeapType> field_type = GetFieldTypeFromMap(map);
6147 // Collect the (stable) maps from the field type.
6148 int num_field_maps = field_type->NumClasses();
6149 if (num_field_maps > 0) {
6150 DCHECK(access_.representation().IsHeapObject());
6151 field_maps_.Reserve(num_field_maps, zone());
6152 HeapType::Iterator<Map> it = field_type->Classes();
6153 while (!it.Done()) {
6154 Handle<Map> field_map = it.Current();
6155 if (!field_map->is_stable()) {
6156 field_maps_.Clear();
6159 field_maps_.Add(field_map, zone());
6164 if (field_maps_.is_empty()) {
6165 // Store is not safe if the field map was cleared.
6166 return IsLoad() || !field_type->Is(HeapType::None());
6170 DCHECK_EQ(num_field_maps, field_maps_.length());
6172 // Determine field HType from field HeapType.
6173 field_type_ = HType::FromType<HeapType>(field_type);
6174 DCHECK(field_type_.IsHeapObject());
6176 // Add dependency on the map that introduced the field.
6177 top_info()->dependencies()->AssumeFieldType(GetFieldOwnerFromMap(map));
6182 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupInPrototypes() {
6183 Handle<Map> map = this->map();
6185 while (map->prototype()->IsJSObject()) {
6186 holder_ = handle(JSObject::cast(map->prototype()));
6187 if (holder_->map()->is_deprecated()) {
6188 JSObject::TryMigrateInstance(holder_);
6190 map = Handle<Map>(holder_->map());
6191 if (!CanInlinePropertyAccess(map)) {
6195 LookupDescriptor(*map, *name_);
6196 if (IsFound()) return LoadResult(map);
6200 return !map->prototype()->IsJSReceiver();
6204 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsIntegerIndexedExotic() {
6205 InstanceType instance_type = map_->instance_type();
6206 return instance_type == JS_TYPED_ARRAY_TYPE &&
6207 IsSpecialIndex(isolate()->unicode_cache(), *name_);
6211 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessMonomorphic() {
6212 if (!CanInlinePropertyAccess(map_)) return false;
6213 if (IsJSObjectFieldAccessor()) return IsLoad();
6214 if (IsJSArrayBufferViewFieldAccessor()) return IsLoad();
6215 if (map_->function_with_prototype() && !map_->has_non_instance_prototype() &&
6216 name_.is_identical_to(isolate()->factory()->prototype_string())) {
6219 if (!LookupDescriptor()) return false;
6220 if (IsFound()) return IsLoad() || !IsReadOnly();
6221 if (IsIntegerIndexedExotic()) return false;
6222 if (!LookupInPrototypes()) return false;
6223 if (IsLoad()) return true;
6225 if (IsAccessorConstant()) return true;
6226 LookupTransition(*map_, *name_, NONE);
6227 if (IsTransitionToData() && map_->unused_property_fields() > 0) {
6228 // Construct the object field access.
6229 int descriptor = transition()->LastAdded();
6231 transition()->instance_descriptors()->GetFieldIndex(descriptor) -
6232 map_->inobject_properties();
6233 PropertyDetails details =
6234 transition()->instance_descriptors()->GetDetails(descriptor);
6235 Representation representation = details.representation();
6236 access_ = HObjectAccess::ForField(map_, index, representation, name_);
6238 // Load field map for heap objects.
6239 return LoadFieldMaps(transition());
6245 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessAsMonomorphic(
6246 SmallMapList* maps) {
6247 DCHECK(map_.is_identical_to(maps->first()));
6248 if (!CanAccessMonomorphic()) return false;
6249 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6250 if (maps->length() > kMaxLoadPolymorphism) return false;
6252 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6253 if (GetJSObjectFieldAccess(&access)) {
6254 for (int i = 1; i < maps->length(); ++i) {
6255 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6256 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6257 if (!test_info.GetJSObjectFieldAccess(&test_access)) return false;
6258 if (!access.Equals(test_access)) return false;
6263 if (GetJSArrayBufferViewFieldAccess(&access)) {
6264 for (int i = 1; i < maps->length(); ++i) {
6265 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6266 HObjectAccess test_access = HObjectAccess::ForMap(); // bogus default
6267 if (!test_info.GetJSArrayBufferViewFieldAccess(&test_access)) {
6270 if (!access.Equals(test_access)) return false;
6275 // Currently only handle numbers as a polymorphic case.
6276 // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6278 if (IsNumberType()) return false;
6280 // Multiple maps cannot transition to the same target map.
6281 DCHECK(!IsLoad() || !IsTransition());
6282 if (IsTransition() && maps->length() > 1) return false;
6284 for (int i = 1; i < maps->length(); ++i) {
6285 PropertyAccessInfo test_info(builder_, access_type_, maps->at(i), name_);
6286 if (!test_info.IsCompatible(this)) return false;
6293 Handle<Map> HOptimizedGraphBuilder::PropertyAccessInfo::map() {
6294 JSFunction* ctor = IC::GetRootConstructor(
6295 *map_, current_info()->closure()->context()->native_context());
6296 if (ctor != NULL) return handle(ctor->initial_map());
6301 static bool NeedsWrapping(Handle<Map> map, Handle<JSFunction> target) {
6302 return !map->IsJSObjectMap() &&
6303 is_sloppy(target->shared()->language_mode()) &&
6304 !target->shared()->native();
6308 bool HOptimizedGraphBuilder::PropertyAccessInfo::NeedsWrappingFor(
6309 Handle<JSFunction> target) const {
6310 return NeedsWrapping(map_, target);
6314 HValue* HOptimizedGraphBuilder::BuildMonomorphicAccess(
6315 PropertyAccessInfo* info, HValue* object, HValue* checked_object,
6316 HValue* value, BailoutId ast_id, BailoutId return_id,
6317 bool can_inline_accessor) {
6318 HObjectAccess access = HObjectAccess::ForMap(); // bogus default
6319 if (info->GetJSObjectFieldAccess(&access)) {
6320 DCHECK(info->IsLoad());
6321 return New<HLoadNamedField>(object, checked_object, access);
6324 if (info->GetJSArrayBufferViewFieldAccess(&access)) {
6325 DCHECK(info->IsLoad());
6326 checked_object = Add<HCheckArrayBufferNotNeutered>(checked_object);
6327 return New<HLoadNamedField>(object, checked_object, access);
6330 if (info->name().is_identical_to(isolate()->factory()->prototype_string()) &&
6331 info->map()->function_with_prototype()) {
6332 DCHECK(!info->map()->has_non_instance_prototype());
6333 return New<HLoadFunctionPrototype>(checked_object);
6336 HValue* checked_holder = checked_object;
6337 if (info->has_holder()) {
6338 Handle<JSObject> prototype(JSObject::cast(info->map()->prototype()));
6339 checked_holder = BuildCheckPrototypeMaps(prototype, info->holder());
6342 if (!info->IsFound()) {
6343 DCHECK(info->IsLoad());
6344 return graph()->GetConstantUndefined();
6347 if (info->IsData()) {
6348 if (info->IsLoad()) {
6349 return BuildLoadNamedField(info, checked_holder);
6351 return BuildStoreNamedField(info, checked_object, value);
6355 if (info->IsTransition()) {
6356 DCHECK(!info->IsLoad());
6357 return BuildStoreNamedField(info, checked_object, value);
6360 if (info->IsAccessorConstant()) {
6361 Push(checked_object);
6362 int argument_count = 1;
6363 if (!info->IsLoad()) {
6368 if (info->NeedsWrappingFor(info->accessor())) {
6369 HValue* function = Add<HConstant>(info->accessor());
6370 PushArgumentsFromEnvironment(argument_count);
6371 return New<HCallFunction>(function, argument_count, WRAP_AND_CALL);
6372 } else if (FLAG_inline_accessors && can_inline_accessor) {
6373 bool success = info->IsLoad()
6374 ? TryInlineGetter(info->accessor(), info->map(), ast_id, return_id)
6376 info->accessor(), info->map(), ast_id, return_id, value);
6377 if (success || HasStackOverflow()) return NULL;
6380 PushArgumentsFromEnvironment(argument_count);
6381 return BuildCallConstantFunction(info->accessor(), argument_count);
6384 DCHECK(info->IsDataConstant());
6385 if (info->IsLoad()) {
6386 return New<HConstant>(info->constant());
6388 return New<HCheckValue>(value, Handle<JSFunction>::cast(info->constant()));
6393 void HOptimizedGraphBuilder::HandlePolymorphicNamedFieldAccess(
6394 PropertyAccessType access_type, Expression* expr, BailoutId ast_id,
6395 BailoutId return_id, HValue* object, HValue* value, SmallMapList* maps,
6396 Handle<String> name) {
6397 // Something did not match; must use a polymorphic load.
6399 HBasicBlock* join = NULL;
6400 HBasicBlock* number_block = NULL;
6401 bool handled_string = false;
6403 bool handle_smi = false;
6404 STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6406 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6407 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6408 if (info.IsStringType()) {
6409 if (handled_string) continue;
6410 handled_string = true;
6412 if (info.CanAccessMonomorphic()) {
6414 if (info.IsNumberType()) {
6421 if (i < maps->length()) {
6427 HControlInstruction* smi_check = NULL;
6428 handled_string = false;
6430 for (i = 0; i < maps->length() && count < kMaxLoadPolymorphism; ++i) {
6431 PropertyAccessInfo info(this, access_type, maps->at(i), name);
6432 if (info.IsStringType()) {
6433 if (handled_string) continue;
6434 handled_string = true;
6436 if (!info.CanAccessMonomorphic()) continue;
6439 join = graph()->CreateBasicBlock();
6441 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
6442 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
6443 number_block = graph()->CreateBasicBlock();
6444 smi_check = New<HIsSmiAndBranch>(
6445 object, empty_smi_block, not_smi_block);
6446 FinishCurrentBlock(smi_check);
6447 GotoNoSimulate(empty_smi_block, number_block);
6448 set_current_block(not_smi_block);
6450 BuildCheckHeapObject(object);
6454 HBasicBlock* if_true = graph()->CreateBasicBlock();
6455 HBasicBlock* if_false = graph()->CreateBasicBlock();
6456 HUnaryControlInstruction* compare;
6459 if (info.IsNumberType()) {
6460 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
6461 compare = New<HCompareMap>(object, heap_number_map, if_true, if_false);
6462 dependency = smi_check;
6463 } else if (info.IsStringType()) {
6464 compare = New<HIsStringAndBranch>(object, if_true, if_false);
6465 dependency = compare;
6467 compare = New<HCompareMap>(object, info.map(), if_true, if_false);
6468 dependency = compare;
6470 FinishCurrentBlock(compare);
6472 if (info.IsNumberType()) {
6473 GotoNoSimulate(if_true, number_block);
6474 if_true = number_block;
6477 set_current_block(if_true);
6480 BuildMonomorphicAccess(&info, object, dependency, value, ast_id,
6481 return_id, FLAG_polymorphic_inlining);
6483 HValue* result = NULL;
6484 switch (access_type) {
6493 if (access == NULL) {
6494 if (HasStackOverflow()) return;
6496 if (access->IsInstruction()) {
6497 HInstruction* instr = HInstruction::cast(access);
6498 if (!instr->IsLinked()) AddInstruction(instr);
6500 if (!ast_context()->IsEffect()) Push(result);
6503 if (current_block() != NULL) Goto(join);
6504 set_current_block(if_false);
6507 // Finish up. Unconditionally deoptimize if we've handled all the maps we
6508 // know about and do not want to handle ones we've never seen. Otherwise
6509 // use a generic IC.
6510 if (count == maps->length() && FLAG_deoptimize_uncommon_cases) {
6511 FinishExitWithHardDeoptimization(
6512 Deoptimizer::kUnknownMapInPolymorphicAccess);
6514 HInstruction* instr = BuildNamedGeneric(access_type, expr, object, name,
6516 AddInstruction(instr);
6517 if (!ast_context()->IsEffect()) Push(access_type == LOAD ? instr : value);
6522 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6523 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6528 DCHECK(join != NULL);
6529 if (join->HasPredecessor()) {
6530 join->SetJoinId(ast_id);
6531 set_current_block(join);
6532 if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6534 set_current_block(NULL);
6539 static bool ComputeReceiverTypes(Expression* expr,
6543 SmallMapList* maps = expr->GetReceiverTypes();
6545 bool monomorphic = expr->IsMonomorphic();
6546 if (maps != NULL && receiver->HasMonomorphicJSObjectType()) {
6547 Map* root_map = receiver->GetMonomorphicJSObjectMap()->FindRootMap();
6548 maps->FilterForPossibleTransitions(root_map);
6549 monomorphic = maps->length() == 1;
6551 return monomorphic && CanInlinePropertyAccess(maps->first());
6555 static bool AreStringTypes(SmallMapList* maps) {
6556 for (int i = 0; i < maps->length(); i++) {
6557 if (maps->at(i)->instance_type() >= FIRST_NONSTRING_TYPE) return false;
6563 void HOptimizedGraphBuilder::BuildStore(Expression* expr,
6566 BailoutId return_id,
6567 bool is_uninitialized) {
6568 if (!prop->key()->IsPropertyName()) {
6570 HValue* value = Pop();
6571 HValue* key = Pop();
6572 HValue* object = Pop();
6573 bool has_side_effects = false;
6574 HValue* result = HandleKeyedElementAccess(
6575 object, key, value, expr, ast_id, return_id, STORE, &has_side_effects);
6576 if (has_side_effects) {
6577 if (!ast_context()->IsEffect()) Push(value);
6578 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6579 if (!ast_context()->IsEffect()) Drop(1);
6581 if (result == NULL) return;
6582 return ast_context()->ReturnValue(value);
6586 HValue* value = Pop();
6587 HValue* object = Pop();
6589 Literal* key = prop->key()->AsLiteral();
6590 Handle<String> name = Handle<String>::cast(key->value());
6591 DCHECK(!name.is_null());
6593 HValue* access = BuildNamedAccess(STORE, ast_id, return_id, expr, object,
6594 name, value, is_uninitialized);
6595 if (access == NULL) return;
6597 if (!ast_context()->IsEffect()) Push(value);
6598 if (access->IsInstruction()) AddInstruction(HInstruction::cast(access));
6599 if (access->HasObservableSideEffects()) {
6600 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6602 if (!ast_context()->IsEffect()) Drop(1);
6603 return ast_context()->ReturnValue(value);
6607 void HOptimizedGraphBuilder::HandlePropertyAssignment(Assignment* expr) {
6608 Property* prop = expr->target()->AsProperty();
6609 DCHECK(prop != NULL);
6610 CHECK_ALIVE(VisitForValue(prop->obj()));
6611 if (!prop->key()->IsPropertyName()) {
6612 CHECK_ALIVE(VisitForValue(prop->key()));
6614 CHECK_ALIVE(VisitForValue(expr->value()));
6615 BuildStore(expr, prop, expr->id(),
6616 expr->AssignmentId(), expr->IsUninitialized());
6620 // Because not every expression has a position and there is not common
6621 // superclass of Assignment and CountOperation, we cannot just pass the
6622 // owning expression instead of position and ast_id separately.
6623 void HOptimizedGraphBuilder::HandleGlobalVariableAssignment(
6627 Handle<GlobalObject> global(current_info()->global_object());
6629 // Lookup in script contexts.
6631 Handle<ScriptContextTable> script_contexts(
6632 global->native_context()->script_context_table());
6633 ScriptContextTable::LookupResult lookup;
6634 if (ScriptContextTable::Lookup(script_contexts, var->name(), &lookup)) {
6635 if (lookup.mode == CONST) {
6636 return Bailout(kNonInitializerAssignmentToConst);
6638 Handle<Context> script_context =
6639 ScriptContextTable::GetContext(script_contexts, lookup.context_index);
6641 Handle<Object> current_value =
6642 FixedArray::get(script_context, lookup.slot_index);
6644 // If the values is not the hole, it will stay initialized,
6645 // so no need to generate a check.
6646 if (*current_value == *isolate()->factory()->the_hole_value()) {
6647 return Bailout(kReferenceToUninitializedVariable);
6650 HStoreNamedField* instr = Add<HStoreNamedField>(
6651 Add<HConstant>(script_context),
6652 HObjectAccess::ForContextSlot(lookup.slot_index), value);
6654 DCHECK(instr->HasObservableSideEffects());
6655 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6660 LookupIterator it(global, var->name(), LookupIterator::OWN);
6661 GlobalPropertyAccess type = LookupGlobalProperty(var, &it, STORE);
6662 if (type == kUseCell) {
6663 Handle<PropertyCell> cell = it.GetPropertyCell();
6664 top_info()->dependencies()->AssumePropertyCell(cell);
6665 auto cell_type = it.property_details().cell_type();
6666 if (cell_type == PropertyCellType::kConstant ||
6667 cell_type == PropertyCellType::kUndefined) {
6668 Handle<Object> constant(cell->value(), isolate());
6669 if (value->IsConstant()) {
6670 HConstant* c_value = HConstant::cast(value);
6671 if (!constant.is_identical_to(c_value->handle(isolate()))) {
6672 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6673 Deoptimizer::EAGER);
6676 HValue* c_constant = Add<HConstant>(constant);
6677 IfBuilder builder(this);
6678 if (constant->IsNumber()) {
6679 builder.If<HCompareNumericAndBranch>(value, c_constant, Token::EQ);
6681 builder.If<HCompareObjectEqAndBranch>(value, c_constant);
6685 Add<HDeoptimize>(Deoptimizer::kConstantGlobalVariableAssignment,
6686 Deoptimizer::EAGER);
6690 HConstant* cell_constant = Add<HConstant>(cell);
6691 auto access = HObjectAccess::ForPropertyCellValue();
6692 if (cell_type == PropertyCellType::kConstantType) {
6693 switch (cell->GetConstantType()) {
6694 case PropertyCellConstantType::kSmi:
6695 access = access.WithRepresentation(Representation::Smi());
6697 case PropertyCellConstantType::kStableMap: {
6698 // The map may no longer be stable, deopt if it's ever different from
6699 // what is currently there, which will allow for restablization.
6700 Handle<Map> map(HeapObject::cast(cell->value())->map());
6701 Add<HCheckHeapObject>(value);
6702 value = Add<HCheckMaps>(value, map);
6703 access = access.WithRepresentation(Representation::HeapObject());
6708 HInstruction* instr = Add<HStoreNamedField>(cell_constant, access, value);
6709 instr->ClearChangesFlag(kInobjectFields);
6710 instr->SetChangesFlag(kGlobalVars);
6711 if (instr->HasObservableSideEffects()) {
6712 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6715 HValue* global_object = Add<HLoadNamedField>(
6717 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
6718 HStoreNamedGeneric* instr =
6719 Add<HStoreNamedGeneric>(global_object, var->name(), value,
6720 function_language_mode(), PREMONOMORPHIC);
6722 DCHECK(instr->HasObservableSideEffects());
6723 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6728 void HOptimizedGraphBuilder::HandleCompoundAssignment(Assignment* expr) {
6729 Expression* target = expr->target();
6730 VariableProxy* proxy = target->AsVariableProxy();
6731 Property* prop = target->AsProperty();
6732 DCHECK(proxy == NULL || prop == NULL);
6734 // We have a second position recorded in the FullCodeGenerator to have
6735 // type feedback for the binary operation.
6736 BinaryOperation* operation = expr->binary_operation();
6738 if (proxy != NULL) {
6739 Variable* var = proxy->var();
6740 if (var->mode() == LET) {
6741 return Bailout(kUnsupportedLetCompoundAssignment);
6744 CHECK_ALIVE(VisitForValue(operation));
6746 switch (var->location()) {
6747 case Variable::UNALLOCATED:
6748 HandleGlobalVariableAssignment(var,
6750 expr->AssignmentId());
6753 case Variable::PARAMETER:
6754 case Variable::LOCAL:
6755 if (var->mode() == CONST_LEGACY) {
6756 return Bailout(kUnsupportedConstCompoundAssignment);
6758 if (var->mode() == CONST) {
6759 return Bailout(kNonInitializerAssignmentToConst);
6761 BindIfLive(var, Top());
6764 case Variable::CONTEXT: {
6765 // Bail out if we try to mutate a parameter value in a function
6766 // using the arguments object. We do not (yet) correctly handle the
6767 // arguments property of the function.
6768 if (current_info()->scope()->arguments() != NULL) {
6769 // Parameters will be allocated to context slots. We have no
6770 // direct way to detect that the variable is a parameter so we do
6771 // a linear search of the parameter variables.
6772 int count = current_info()->scope()->num_parameters();
6773 for (int i = 0; i < count; ++i) {
6774 if (var == current_info()->scope()->parameter(i)) {
6775 Bailout(kAssignmentToParameterFunctionUsesArgumentsObject);
6780 HStoreContextSlot::Mode mode;
6782 switch (var->mode()) {
6784 mode = HStoreContextSlot::kCheckDeoptimize;
6787 return Bailout(kNonInitializerAssignmentToConst);
6789 return ast_context()->ReturnValue(Pop());
6791 mode = HStoreContextSlot::kNoCheck;
6794 HValue* context = BuildContextChainWalk(var);
6795 HStoreContextSlot* instr = Add<HStoreContextSlot>(
6796 context, var->index(), mode, Top());
6797 if (instr->HasObservableSideEffects()) {
6798 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
6803 case Variable::LOOKUP:
6804 return Bailout(kCompoundAssignmentToLookupSlot);
6806 return ast_context()->ReturnValue(Pop());
6808 } else if (prop != NULL) {
6809 CHECK_ALIVE(VisitForValue(prop->obj()));
6810 HValue* object = Top();
6812 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
6813 CHECK_ALIVE(VisitForValue(prop->key()));
6817 CHECK_ALIVE(PushLoad(prop, object, key));
6819 CHECK_ALIVE(VisitForValue(expr->value()));
6820 HValue* right = Pop();
6821 HValue* left = Pop();
6823 Push(BuildBinaryOperation(operation, left, right, PUSH_BEFORE_SIMULATE));
6825 BuildStore(expr, prop, expr->id(),
6826 expr->AssignmentId(), expr->IsUninitialized());
6828 return Bailout(kInvalidLhsInCompoundAssignment);
6833 void HOptimizedGraphBuilder::VisitAssignment(Assignment* expr) {
6834 DCHECK(!HasStackOverflow());
6835 DCHECK(current_block() != NULL);
6836 DCHECK(current_block()->HasPredecessor());
6837 VariableProxy* proxy = expr->target()->AsVariableProxy();
6838 Property* prop = expr->target()->AsProperty();
6839 DCHECK(proxy == NULL || prop == NULL);
6841 if (expr->is_compound()) {
6842 HandleCompoundAssignment(expr);
6847 HandlePropertyAssignment(expr);
6848 } else if (proxy != NULL) {
6849 Variable* var = proxy->var();
6851 if (var->mode() == CONST) {
6852 if (expr->op() != Token::INIT_CONST) {
6853 return Bailout(kNonInitializerAssignmentToConst);
6855 } else if (var->mode() == CONST_LEGACY) {
6856 if (expr->op() != Token::INIT_CONST_LEGACY) {
6857 CHECK_ALIVE(VisitForValue(expr->value()));
6858 return ast_context()->ReturnValue(Pop());
6861 if (var->IsStackAllocated()) {
6862 // We insert a use of the old value to detect unsupported uses of const
6863 // variables (e.g. initialization inside a loop).
6864 HValue* old_value = environment()->Lookup(var);
6865 Add<HUseConst>(old_value);
6869 if (proxy->IsArguments()) return Bailout(kAssignmentToArguments);
6871 // Handle the assignment.
6872 switch (var->location()) {
6873 case Variable::UNALLOCATED:
6874 CHECK_ALIVE(VisitForValue(expr->value()));
6875 HandleGlobalVariableAssignment(var,
6877 expr->AssignmentId());
6878 return ast_context()->ReturnValue(Pop());
6880 case Variable::PARAMETER:
6881 case Variable::LOCAL: {
6882 // Perform an initialization check for let declared variables
6884 if (var->mode() == LET && expr->op() == Token::ASSIGN) {
6885 HValue* env_value = environment()->Lookup(var);
6886 if (env_value == graph()->GetConstantHole()) {
6887 return Bailout(kAssignmentToLetVariableBeforeInitialization);
6890 // We do not allow the arguments object to occur in a context where it
6891 // may escape, but assignments to stack-allocated locals are
6893 CHECK_ALIVE(VisitForValue(expr->value(), ARGUMENTS_ALLOWED));
6894 HValue* value = Pop();
6895 BindIfLive(var, value);
6896 return ast_context()->ReturnValue(value);
6899 case Variable::CONTEXT: {
6900 // Bail out if we try to mutate a parameter value in a function using
6901 // the arguments object. We do not (yet) correctly handle the
6902 // arguments property of the function.
6903 if (current_info()->scope()->arguments() != NULL) {
6904 // Parameters will rewrite to context slots. We have no direct way
6905 // to detect that the variable is a parameter.
6906 int count = current_info()->scope()->num_parameters();
6907 for (int i = 0; i < count; ++i) {
6908 if (var == current_info()->scope()->parameter(i)) {
6909 return Bailout(kAssignmentToParameterInArgumentsObject);
6914 CHECK_ALIVE(VisitForValue(expr->value()));
6915 HStoreContextSlot::Mode mode;
6916 if (expr->op() == Token::ASSIGN) {
6917 switch (var->mode()) {
6919 mode = HStoreContextSlot::kCheckDeoptimize;
6922 // This case is checked statically so no need to
6923 // perform checks here
6926 return ast_context()->ReturnValue(Pop());
6928 mode = HStoreContextSlot::kNoCheck;
6930 } else if (expr->op() == Token::INIT_VAR ||
6931 expr->op() == Token::INIT_LET ||
6932 expr->op() == Token::INIT_CONST) {
6933 mode = HStoreContextSlot::kNoCheck;
6935 DCHECK(expr->op() == Token::INIT_CONST_LEGACY);
6937 mode = HStoreContextSlot::kCheckIgnoreAssignment;
6940 HValue* context = BuildContextChainWalk(var);
6941 HStoreContextSlot* instr = Add<HStoreContextSlot>(
6942 context, var->index(), mode, Top());
6943 if (instr->HasObservableSideEffects()) {
6944 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
6946 return ast_context()->ReturnValue(Pop());
6949 case Variable::LOOKUP:
6950 return Bailout(kAssignmentToLOOKUPVariable);
6953 return Bailout(kInvalidLeftHandSideInAssignment);
6958 void HOptimizedGraphBuilder::VisitYield(Yield* expr) {
6959 // Generators are not optimized, so we should never get here.
6964 void HOptimizedGraphBuilder::VisitThrow(Throw* expr) {
6965 DCHECK(!HasStackOverflow());
6966 DCHECK(current_block() != NULL);
6967 DCHECK(current_block()->HasPredecessor());
6968 if (!ast_context()->IsEffect()) {
6969 // The parser turns invalid left-hand sides in assignments into throw
6970 // statements, which may not be in effect contexts. We might still try
6971 // to optimize such functions; bail out now if we do.
6972 return Bailout(kInvalidLeftHandSideInAssignment);
6974 CHECK_ALIVE(VisitForValue(expr->exception()));
6976 HValue* value = environment()->Pop();
6977 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
6978 Add<HPushArguments>(value);
6979 Add<HCallRuntime>(isolate()->factory()->empty_string(),
6980 Runtime::FunctionForId(Runtime::kThrow), 1);
6981 Add<HSimulate>(expr->id());
6983 // If the throw definitely exits the function, we can finish with a dummy
6984 // control flow at this point. This is not the case if the throw is inside
6985 // an inlined function which may be replaced.
6986 if (call_context() == NULL) {
6987 FinishExitCurrentBlock(New<HAbnormalExit>());
6992 HInstruction* HGraphBuilder::AddLoadStringInstanceType(HValue* string) {
6993 if (string->IsConstant()) {
6994 HConstant* c_string = HConstant::cast(string);
6995 if (c_string->HasStringValue()) {
6996 return Add<HConstant>(c_string->StringValue()->map()->instance_type());
6999 return Add<HLoadNamedField>(
7000 Add<HLoadNamedField>(string, nullptr, HObjectAccess::ForMap()), nullptr,
7001 HObjectAccess::ForMapInstanceType());
7005 HInstruction* HGraphBuilder::AddLoadStringLength(HValue* string) {
7006 return AddInstruction(BuildLoadStringLength(string));
7010 HInstruction* HGraphBuilder::BuildLoadStringLength(HValue* string) {
7011 if (string->IsConstant()) {
7012 HConstant* c_string = HConstant::cast(string);
7013 if (c_string->HasStringValue()) {
7014 return New<HConstant>(c_string->StringValue()->length());
7017 return New<HLoadNamedField>(string, nullptr,
7018 HObjectAccess::ForStringLength());
7022 HInstruction* HOptimizedGraphBuilder::BuildNamedGeneric(
7023 PropertyAccessType access_type, Expression* expr, HValue* object,
7024 Handle<String> name, HValue* value, bool is_uninitialized) {
7025 if (is_uninitialized) {
7027 Deoptimizer::kInsufficientTypeFeedbackForGenericNamedAccess,
7030 if (access_type == LOAD) {
7031 Handle<TypeFeedbackVector> vector =
7032 handle(current_feedback_vector(), isolate());
7033 FeedbackVectorICSlot slot = expr->AsProperty()->PropertyFeedbackSlot();
7035 if (!expr->AsProperty()->key()->IsPropertyName()) {
7036 // It's possible that a keyed load of a constant string was converted
7037 // to a named load. Here, at the last minute, we need to make sure to
7038 // use a generic Keyed Load if we are using the type vector, because
7039 // it has to share information with full code.
7040 HConstant* key = Add<HConstant>(name);
7041 HLoadKeyedGeneric* result =
7042 New<HLoadKeyedGeneric>(object, key, PREMONOMORPHIC);
7043 result->SetVectorAndSlot(vector, slot);
7047 HLoadNamedGeneric* result =
7048 New<HLoadNamedGeneric>(object, name, PREMONOMORPHIC);
7049 result->SetVectorAndSlot(vector, slot);
7052 return New<HStoreNamedGeneric>(object, name, value,
7053 function_language_mode(), PREMONOMORPHIC);
7059 HInstruction* HOptimizedGraphBuilder::BuildKeyedGeneric(
7060 PropertyAccessType access_type,
7065 if (access_type == LOAD) {
7066 InlineCacheState initial_state = expr->AsProperty()->GetInlineCacheState();
7067 HLoadKeyedGeneric* result =
7068 New<HLoadKeyedGeneric>(object, key, initial_state);
7069 // HLoadKeyedGeneric with vector ics benefits from being encoded as
7070 // MEGAMORPHIC because the vector/slot combo becomes unnecessary.
7071 if (initial_state != MEGAMORPHIC) {
7072 // We need to pass vector information.
7073 Handle<TypeFeedbackVector> vector =
7074 handle(current_feedback_vector(), isolate());
7075 FeedbackVectorICSlot slot = expr->AsProperty()->PropertyFeedbackSlot();
7076 result->SetVectorAndSlot(vector, slot);
7080 return New<HStoreKeyedGeneric>(object, key, value, function_language_mode(),
7086 LoadKeyedHoleMode HOptimizedGraphBuilder::BuildKeyedHoleMode(Handle<Map> map) {
7087 // Loads from a "stock" fast holey double arrays can elide the hole check.
7088 // Loads from a "stock" fast holey array can convert the hole to undefined
7090 LoadKeyedHoleMode load_mode = NEVER_RETURN_HOLE;
7091 bool holey_double_elements =
7092 *map == isolate()->get_initial_js_array_map(FAST_HOLEY_DOUBLE_ELEMENTS);
7093 bool holey_elements =
7094 *map == isolate()->get_initial_js_array_map(FAST_HOLEY_ELEMENTS);
7095 if ((holey_double_elements || holey_elements) &&
7096 isolate()->IsFastArrayConstructorPrototypeChainIntact()) {
7098 holey_double_elements ? ALLOW_RETURN_HOLE : CONVERT_HOLE_TO_UNDEFINED;
7100 Handle<JSObject> prototype(JSObject::cast(map->prototype()), isolate());
7101 Handle<JSObject> object_prototype = isolate()->initial_object_prototype();
7102 BuildCheckPrototypeMaps(prototype, object_prototype);
7103 graph()->MarkDependsOnEmptyArrayProtoElements();
7109 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicElementAccess(
7115 PropertyAccessType access_type,
7116 KeyedAccessStoreMode store_mode) {
7117 HCheckMaps* checked_object = Add<HCheckMaps>(object, map, dependency);
7119 if (access_type == STORE && map->prototype()->IsJSObject()) {
7120 // monomorphic stores need a prototype chain check because shape
7121 // changes could allow callbacks on elements in the chain that
7122 // aren't compatible with monomorphic keyed stores.
7123 PrototypeIterator iter(map);
7124 JSObject* holder = NULL;
7125 while (!iter.IsAtEnd()) {
7126 holder = JSObject::cast(*PrototypeIterator::GetCurrent(iter));
7129 DCHECK(holder && holder->IsJSObject());
7131 BuildCheckPrototypeMaps(handle(JSObject::cast(map->prototype())),
7132 Handle<JSObject>(holder));
7135 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7136 return BuildUncheckedMonomorphicElementAccess(
7137 checked_object, key, val,
7138 map->instance_type() == JS_ARRAY_TYPE,
7139 map->elements_kind(), access_type,
7140 load_mode, store_mode);
7144 static bool CanInlineElementAccess(Handle<Map> map) {
7145 return map->IsJSObjectMap() && !map->has_slow_elements_kind() &&
7146 !map->has_indexed_interceptor() && !map->is_access_check_needed();
7150 HInstruction* HOptimizedGraphBuilder::TryBuildConsolidatedElementLoad(
7154 SmallMapList* maps) {
7155 // For polymorphic loads of similar elements kinds (i.e. all tagged or all
7156 // double), always use the "worst case" code without a transition. This is
7157 // much faster than transitioning the elements to the worst case, trading a
7158 // HTransitionElements for a HCheckMaps, and avoiding mutation of the array.
7159 bool has_double_maps = false;
7160 bool has_smi_or_object_maps = false;
7161 bool has_js_array_access = false;
7162 bool has_non_js_array_access = false;
7163 bool has_seen_holey_elements = false;
7164 Handle<Map> most_general_consolidated_map;
7165 for (int i = 0; i < maps->length(); ++i) {
7166 Handle<Map> map = maps->at(i);
7167 if (!CanInlineElementAccess(map)) return NULL;
7168 // Don't allow mixing of JSArrays with JSObjects.
7169 if (map->instance_type() == JS_ARRAY_TYPE) {
7170 if (has_non_js_array_access) return NULL;
7171 has_js_array_access = true;
7172 } else if (has_js_array_access) {
7175 has_non_js_array_access = true;
7177 // Don't allow mixed, incompatible elements kinds.
7178 if (map->has_fast_double_elements()) {
7179 if (has_smi_or_object_maps) return NULL;
7180 has_double_maps = true;
7181 } else if (map->has_fast_smi_or_object_elements()) {
7182 if (has_double_maps) return NULL;
7183 has_smi_or_object_maps = true;
7187 // Remember if we've ever seen holey elements.
7188 if (IsHoleyElementsKind(map->elements_kind())) {
7189 has_seen_holey_elements = true;
7191 // Remember the most general elements kind, the code for its load will
7192 // properly handle all of the more specific cases.
7193 if ((i == 0) || IsMoreGeneralElementsKindTransition(
7194 most_general_consolidated_map->elements_kind(),
7195 map->elements_kind())) {
7196 most_general_consolidated_map = map;
7199 if (!has_double_maps && !has_smi_or_object_maps) return NULL;
7201 HCheckMaps* checked_object = Add<HCheckMaps>(object, maps);
7202 // FAST_ELEMENTS is considered more general than FAST_HOLEY_SMI_ELEMENTS.
7203 // If we've seen both, the consolidated load must use FAST_HOLEY_ELEMENTS.
7204 ElementsKind consolidated_elements_kind = has_seen_holey_elements
7205 ? GetHoleyElementsKind(most_general_consolidated_map->elements_kind())
7206 : most_general_consolidated_map->elements_kind();
7207 HInstruction* instr = BuildUncheckedMonomorphicElementAccess(
7208 checked_object, key, val,
7209 most_general_consolidated_map->instance_type() == JS_ARRAY_TYPE,
7210 consolidated_elements_kind,
7211 LOAD, NEVER_RETURN_HOLE, STANDARD_STORE);
7216 HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
7222 PropertyAccessType access_type,
7223 KeyedAccessStoreMode store_mode,
7224 bool* has_side_effects) {
7225 *has_side_effects = false;
7226 BuildCheckHeapObject(object);
7228 if (access_type == LOAD) {
7229 HInstruction* consolidated_load =
7230 TryBuildConsolidatedElementLoad(object, key, val, maps);
7231 if (consolidated_load != NULL) {
7232 *has_side_effects |= consolidated_load->HasObservableSideEffects();
7233 return consolidated_load;
7237 // Elements_kind transition support.
7238 MapHandleList transition_target(maps->length());
7239 // Collect possible transition targets.
7240 MapHandleList possible_transitioned_maps(maps->length());
7241 for (int i = 0; i < maps->length(); ++i) {
7242 Handle<Map> map = maps->at(i);
7243 // Loads from strings or loads with a mix of string and non-string maps
7244 // shouldn't be handled polymorphically.
7245 DCHECK(access_type != LOAD || !map->IsStringMap());
7246 ElementsKind elements_kind = map->elements_kind();
7247 if (CanInlineElementAccess(map) && IsFastElementsKind(elements_kind) &&
7248 elements_kind != GetInitialFastElementsKind()) {
7249 possible_transitioned_maps.Add(map);
7251 if (elements_kind == SLOPPY_ARGUMENTS_ELEMENTS) {
7252 HInstruction* result = BuildKeyedGeneric(access_type, expr, object, key,
7254 *has_side_effects = result->HasObservableSideEffects();
7255 return AddInstruction(result);
7258 // Get transition target for each map (NULL == no transition).
7259 for (int i = 0; i < maps->length(); ++i) {
7260 Handle<Map> map = maps->at(i);
7261 Handle<Map> transitioned_map =
7262 map->FindTransitionedMap(&possible_transitioned_maps);
7263 transition_target.Add(transitioned_map);
7266 MapHandleList untransitionable_maps(maps->length());
7267 HTransitionElementsKind* transition = NULL;
7268 for (int i = 0; i < maps->length(); ++i) {
7269 Handle<Map> map = maps->at(i);
7270 DCHECK(map->IsMap());
7271 if (!transition_target.at(i).is_null()) {
7272 DCHECK(Map::IsValidElementsTransition(
7273 map->elements_kind(),
7274 transition_target.at(i)->elements_kind()));
7275 transition = Add<HTransitionElementsKind>(object, map,
7276 transition_target.at(i));
7278 untransitionable_maps.Add(map);
7282 // If only one map is left after transitioning, handle this case
7284 DCHECK(untransitionable_maps.length() >= 1);
7285 if (untransitionable_maps.length() == 1) {
7286 Handle<Map> untransitionable_map = untransitionable_maps[0];
7287 HInstruction* instr = NULL;
7288 if (!CanInlineElementAccess(untransitionable_map)) {
7289 instr = AddInstruction(BuildKeyedGeneric(access_type, expr, object, key,
7292 instr = BuildMonomorphicElementAccess(
7293 object, key, val, transition, untransitionable_map, access_type,
7296 *has_side_effects |= instr->HasObservableSideEffects();
7297 return access_type == STORE ? val : instr;
7300 HBasicBlock* join = graph()->CreateBasicBlock();
7302 for (int i = 0; i < untransitionable_maps.length(); ++i) {
7303 Handle<Map> map = untransitionable_maps[i];
7304 ElementsKind elements_kind = map->elements_kind();
7305 HBasicBlock* this_map = graph()->CreateBasicBlock();
7306 HBasicBlock* other_map = graph()->CreateBasicBlock();
7307 HCompareMap* mapcompare =
7308 New<HCompareMap>(object, map, this_map, other_map);
7309 FinishCurrentBlock(mapcompare);
7311 set_current_block(this_map);
7312 HInstruction* access = NULL;
7313 if (!CanInlineElementAccess(map)) {
7314 access = AddInstruction(BuildKeyedGeneric(access_type, expr, object, key,
7317 DCHECK(IsFastElementsKind(elements_kind) ||
7318 IsExternalArrayElementsKind(elements_kind) ||
7319 IsFixedTypedArrayElementsKind(elements_kind));
7320 LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7321 // Happily, mapcompare is a checked object.
7322 access = BuildUncheckedMonomorphicElementAccess(
7323 mapcompare, key, val,
7324 map->instance_type() == JS_ARRAY_TYPE,
7325 elements_kind, access_type,
7329 *has_side_effects |= access->HasObservableSideEffects();
7330 // The caller will use has_side_effects and add a correct Simulate.
7331 access->SetFlag(HValue::kHasNoObservableSideEffects);
7332 if (access_type == LOAD) {
7335 NoObservableSideEffectsScope scope(this);
7336 GotoNoSimulate(join);
7337 set_current_block(other_map);
7340 // Ensure that we visited at least one map above that goes to join. This is
7341 // necessary because FinishExitWithHardDeoptimization does an AbnormalExit
7342 // rather than joining the join block. If this becomes an issue, insert a
7343 // generic access in the case length() == 0.
7344 DCHECK(join->predecessors()->length() > 0);
7345 // Deopt if none of the cases matched.
7346 NoObservableSideEffectsScope scope(this);
7347 FinishExitWithHardDeoptimization(
7348 Deoptimizer::kUnknownMapInPolymorphicElementAccess);
7349 set_current_block(join);
7350 return access_type == STORE ? val : Pop();
7354 HValue* HOptimizedGraphBuilder::HandleKeyedElementAccess(
7355 HValue* obj, HValue* key, HValue* val, Expression* expr, BailoutId ast_id,
7356 BailoutId return_id, PropertyAccessType access_type,
7357 bool* has_side_effects) {
7358 if (key->ActualValue()->IsConstant()) {
7359 Handle<Object> constant =
7360 HConstant::cast(key->ActualValue())->handle(isolate());
7361 uint32_t array_index;
7362 if (constant->IsString() &&
7363 !Handle<String>::cast(constant)->AsArrayIndex(&array_index)) {
7364 if (!constant->IsUniqueName()) {
7365 constant = isolate()->factory()->InternalizeString(
7366 Handle<String>::cast(constant));
7369 BuildNamedAccess(access_type, ast_id, return_id, expr, obj,
7370 Handle<String>::cast(constant), val, false);
7371 if (access == NULL || access->IsPhi() ||
7372 HInstruction::cast(access)->IsLinked()) {
7373 *has_side_effects = false;
7375 HInstruction* instr = HInstruction::cast(access);
7376 AddInstruction(instr);
7377 *has_side_effects = instr->HasObservableSideEffects();
7383 DCHECK(!expr->IsPropertyName());
7384 HInstruction* instr = NULL;
7387 bool monomorphic = ComputeReceiverTypes(expr, obj, &maps, zone());
7389 bool force_generic = false;
7390 if (expr->GetKeyType() == PROPERTY) {
7391 // Non-Generic accesses assume that elements are being accessed, and will
7392 // deopt for non-index keys, which the IC knows will occur.
7393 // TODO(jkummerow): Consider adding proper support for property accesses.
7394 force_generic = true;
7395 monomorphic = false;
7396 } else if (access_type == STORE &&
7397 (monomorphic || (maps != NULL && !maps->is_empty()))) {
7398 // Stores can't be mono/polymorphic if their prototype chain has dictionary
7399 // elements. However a receiver map that has dictionary elements itself
7400 // should be left to normal mono/poly behavior (the other maps may benefit
7401 // from highly optimized stores).
7402 for (int i = 0; i < maps->length(); i++) {
7403 Handle<Map> current_map = maps->at(i);
7404 if (current_map->DictionaryElementsInPrototypeChainOnly()) {
7405 force_generic = true;
7406 monomorphic = false;
7410 } else if (access_type == LOAD && !monomorphic &&
7411 (maps != NULL && !maps->is_empty())) {
7412 // Polymorphic loads have to go generic if any of the maps are strings.
7413 // If some, but not all of the maps are strings, we should go generic
7414 // because polymorphic access wants to key on ElementsKind and isn't
7415 // compatible with strings.
7416 for (int i = 0; i < maps->length(); i++) {
7417 Handle<Map> current_map = maps->at(i);
7418 if (current_map->IsStringMap()) {
7419 force_generic = true;
7426 Handle<Map> map = maps->first();
7427 if (!CanInlineElementAccess(map)) {
7428 instr = AddInstruction(BuildKeyedGeneric(access_type, expr, obj, key,
7431 BuildCheckHeapObject(obj);
7432 instr = BuildMonomorphicElementAccess(
7433 obj, key, val, NULL, map, access_type, expr->GetStoreMode());
7435 } else if (!force_generic && (maps != NULL && !maps->is_empty())) {
7436 return HandlePolymorphicElementAccess(expr, obj, key, val, maps,
7437 access_type, expr->GetStoreMode(),
7440 if (access_type == STORE) {
7441 if (expr->IsAssignment() &&
7442 expr->AsAssignment()->HasNoTypeInformation()) {
7443 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedStore,
7447 if (expr->AsProperty()->HasNoTypeInformation()) {
7448 Add<HDeoptimize>(Deoptimizer::kInsufficientTypeFeedbackForKeyedLoad,
7452 instr = AddInstruction(BuildKeyedGeneric(access_type, expr, obj, key, val));
7454 *has_side_effects = instr->HasObservableSideEffects();
7459 void HOptimizedGraphBuilder::EnsureArgumentsArePushedForAccess() {
7460 // Outermost function already has arguments on the stack.
7461 if (function_state()->outer() == NULL) return;
7463 if (function_state()->arguments_pushed()) return;
7465 // Push arguments when entering inlined function.
7466 HEnterInlined* entry = function_state()->entry();
7467 entry->set_arguments_pushed();
7469 HArgumentsObject* arguments = entry->arguments_object();
7470 const ZoneList<HValue*>* arguments_values = arguments->arguments_values();
7472 HInstruction* insert_after = entry;
7473 for (int i = 0; i < arguments_values->length(); i++) {
7474 HValue* argument = arguments_values->at(i);
7475 HInstruction* push_argument = New<HPushArguments>(argument);
7476 push_argument->InsertAfter(insert_after);
7477 insert_after = push_argument;
7480 HArgumentsElements* arguments_elements = New<HArgumentsElements>(true);
7481 arguments_elements->ClearFlag(HValue::kUseGVN);
7482 arguments_elements->InsertAfter(insert_after);
7483 function_state()->set_arguments_elements(arguments_elements);
7487 bool HOptimizedGraphBuilder::TryArgumentsAccess(Property* expr) {
7488 VariableProxy* proxy = expr->obj()->AsVariableProxy();
7489 if (proxy == NULL) return false;
7490 if (!proxy->var()->IsStackAllocated()) return false;
7491 if (!environment()->Lookup(proxy->var())->CheckFlag(HValue::kIsArguments)) {
7495 HInstruction* result = NULL;
7496 if (expr->key()->IsPropertyName()) {
7497 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7498 if (!String::Equals(name, isolate()->factory()->length_string())) {
7502 if (function_state()->outer() == NULL) {
7503 HInstruction* elements = Add<HArgumentsElements>(false);
7504 result = New<HArgumentsLength>(elements);
7506 // Number of arguments without receiver.
7507 int argument_count = environment()->
7508 arguments_environment()->parameter_count() - 1;
7509 result = New<HConstant>(argument_count);
7512 Push(graph()->GetArgumentsObject());
7513 CHECK_ALIVE_OR_RETURN(VisitForValue(expr->key()), true);
7514 HValue* key = Pop();
7515 Drop(1); // Arguments object.
7516 if (function_state()->outer() == NULL) {
7517 HInstruction* elements = Add<HArgumentsElements>(false);
7518 HInstruction* length = Add<HArgumentsLength>(elements);
7519 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7520 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7522 EnsureArgumentsArePushedForAccess();
7524 // Number of arguments without receiver.
7525 HInstruction* elements = function_state()->arguments_elements();
7526 int argument_count = environment()->
7527 arguments_environment()->parameter_count() - 1;
7528 HInstruction* length = Add<HConstant>(argument_count);
7529 HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7530 result = New<HAccessArgumentsAt>(elements, length, checked_key);
7533 ast_context()->ReturnInstruction(result, expr->id());
7538 HValue* HOptimizedGraphBuilder::BuildNamedAccess(
7539 PropertyAccessType access, BailoutId ast_id, BailoutId return_id,
7540 Expression* expr, HValue* object, Handle<String> name, HValue* value,
7541 bool is_uninitialized) {
7543 ComputeReceiverTypes(expr, object, &maps, zone());
7544 DCHECK(maps != NULL);
7546 if (maps->length() > 0) {
7547 PropertyAccessInfo info(this, access, maps->first(), name);
7548 if (!info.CanAccessAsMonomorphic(maps)) {
7549 HandlePolymorphicNamedFieldAccess(access, expr, ast_id, return_id, object,
7554 HValue* checked_object;
7555 // Type::Number() is only supported by polymorphic load/call handling.
7556 DCHECK(!info.IsNumberType());
7557 BuildCheckHeapObject(object);
7558 if (AreStringTypes(maps)) {
7560 Add<HCheckInstanceType>(object, HCheckInstanceType::IS_STRING);
7562 checked_object = Add<HCheckMaps>(object, maps);
7564 return BuildMonomorphicAccess(
7565 &info, object, checked_object, value, ast_id, return_id);
7568 return BuildNamedGeneric(access, expr, object, name, value, is_uninitialized);
7572 void HOptimizedGraphBuilder::PushLoad(Property* expr,
7575 ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
7577 if (key != NULL) Push(key);
7578 BuildLoad(expr, expr->LoadId());
7582 void HOptimizedGraphBuilder::BuildLoad(Property* expr,
7584 HInstruction* instr = NULL;
7585 if (expr->IsStringAccess()) {
7586 HValue* index = Pop();
7587 HValue* string = Pop();
7588 HInstruction* char_code = BuildStringCharCodeAt(string, index);
7589 AddInstruction(char_code);
7590 instr = NewUncasted<HStringCharFromCode>(char_code);
7592 } else if (expr->key()->IsPropertyName()) {
7593 Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7594 HValue* object = Pop();
7596 HValue* value = BuildNamedAccess(LOAD, ast_id, expr->LoadId(), expr, object,
7597 name, NULL, expr->IsUninitialized());
7598 if (value == NULL) return;
7599 if (value->IsPhi()) return ast_context()->ReturnValue(value);
7600 instr = HInstruction::cast(value);
7601 if (instr->IsLinked()) return ast_context()->ReturnValue(instr);
7604 HValue* key = Pop();
7605 HValue* obj = Pop();
7607 bool has_side_effects = false;
7608 HValue* load = HandleKeyedElementAccess(
7609 obj, key, NULL, expr, ast_id, expr->LoadId(), LOAD, &has_side_effects);
7610 if (has_side_effects) {
7611 if (ast_context()->IsEffect()) {
7612 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7615 Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7619 if (load == NULL) return;
7620 return ast_context()->ReturnValue(load);
7622 return ast_context()->ReturnInstruction(instr, ast_id);
7626 void HOptimizedGraphBuilder::VisitProperty(Property* expr) {
7627 DCHECK(!HasStackOverflow());
7628 DCHECK(current_block() != NULL);
7629 DCHECK(current_block()->HasPredecessor());
7631 if (TryArgumentsAccess(expr)) return;
7633 CHECK_ALIVE(VisitForValue(expr->obj()));
7634 if (!expr->key()->IsPropertyName() || expr->IsStringAccess()) {
7635 CHECK_ALIVE(VisitForValue(expr->key()));
7638 BuildLoad(expr, expr->id());
7642 HInstruction* HGraphBuilder::BuildConstantMapCheck(Handle<JSObject> constant) {
7643 HCheckMaps* check = Add<HCheckMaps>(
7644 Add<HConstant>(constant), handle(constant->map()));
7645 check->ClearDependsOnFlag(kElementsKind);
7650 HInstruction* HGraphBuilder::BuildCheckPrototypeMaps(Handle<JSObject> prototype,
7651 Handle<JSObject> holder) {
7652 PrototypeIterator iter(isolate(), prototype,
7653 PrototypeIterator::START_AT_RECEIVER);
7654 while (holder.is_null() ||
7655 !PrototypeIterator::GetCurrent(iter).is_identical_to(holder)) {
7656 BuildConstantMapCheck(
7657 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7659 if (iter.IsAtEnd()) {
7663 return BuildConstantMapCheck(
7664 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7668 void HOptimizedGraphBuilder::AddCheckPrototypeMaps(Handle<JSObject> holder,
7669 Handle<Map> receiver_map) {
7670 if (!holder.is_null()) {
7671 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
7672 BuildCheckPrototypeMaps(prototype, holder);
7677 HInstruction* HOptimizedGraphBuilder::NewPlainFunctionCall(
7678 HValue* fun, int argument_count, bool pass_argument_count) {
7679 return New<HCallJSFunction>(fun, argument_count, pass_argument_count);
7683 HInstruction* HOptimizedGraphBuilder::NewArgumentAdaptorCall(
7684 HValue* fun, HValue* context,
7685 int argument_count, HValue* expected_param_count) {
7686 ArgumentAdaptorDescriptor descriptor(isolate());
7687 HValue* arity = Add<HConstant>(argument_count - 1);
7689 HValue* op_vals[] = { context, fun, arity, expected_param_count };
7691 Handle<Code> adaptor =
7692 isolate()->builtins()->ArgumentsAdaptorTrampoline();
7693 HConstant* adaptor_value = Add<HConstant>(adaptor);
7695 return New<HCallWithDescriptor>(
7696 adaptor_value, argument_count, descriptor,
7697 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
7701 HInstruction* HOptimizedGraphBuilder::BuildCallConstantFunction(
7702 Handle<JSFunction> jsfun, int argument_count) {
7703 HValue* target = Add<HConstant>(jsfun);
7704 // For constant functions, we try to avoid calling the
7705 // argument adaptor and instead call the function directly
7706 int formal_parameter_count =
7707 jsfun->shared()->internal_formal_parameter_count();
7708 bool dont_adapt_arguments =
7709 (formal_parameter_count ==
7710 SharedFunctionInfo::kDontAdaptArgumentsSentinel);
7711 int arity = argument_count - 1;
7712 bool can_invoke_directly =
7713 dont_adapt_arguments || formal_parameter_count == arity;
7714 if (can_invoke_directly) {
7715 if (jsfun.is_identical_to(current_info()->closure())) {
7716 graph()->MarkRecursive();
7718 return NewPlainFunctionCall(target, argument_count, dont_adapt_arguments);
7720 HValue* param_count_value = Add<HConstant>(formal_parameter_count);
7721 HValue* context = Add<HLoadNamedField>(
7722 target, nullptr, HObjectAccess::ForFunctionContextPointer());
7723 return NewArgumentAdaptorCall(target, context,
7724 argument_count, param_count_value);
7731 class FunctionSorter {
7733 explicit FunctionSorter(int index = 0, int ticks = 0, int size = 0)
7734 : index_(index), ticks_(ticks), size_(size) {}
7736 int index() const { return index_; }
7737 int ticks() const { return ticks_; }
7738 int size() const { return size_; }
7747 inline bool operator<(const FunctionSorter& lhs, const FunctionSorter& rhs) {
7748 int diff = lhs.ticks() - rhs.ticks();
7749 if (diff != 0) return diff > 0;
7750 return lhs.size() < rhs.size();
7754 void HOptimizedGraphBuilder::HandlePolymorphicCallNamed(Call* expr,
7757 Handle<String> name) {
7758 int argument_count = expr->arguments()->length() + 1; // Includes receiver.
7759 FunctionSorter order[kMaxCallPolymorphism];
7761 bool handle_smi = false;
7762 bool handled_string = false;
7763 int ordered_functions = 0;
7766 for (i = 0; i < maps->length() && ordered_functions < kMaxCallPolymorphism;
7768 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
7769 if (info.CanAccessMonomorphic() && info.IsDataConstant() &&
7770 info.constant()->IsJSFunction()) {
7771 if (info.IsStringType()) {
7772 if (handled_string) continue;
7773 handled_string = true;
7775 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
7776 if (info.IsNumberType()) {
7779 expr->set_target(target);
7780 order[ordered_functions++] = FunctionSorter(
7781 i, target->shared()->profiler_ticks(), InliningAstSize(target));
7785 std::sort(order, order + ordered_functions);
7787 if (i < maps->length()) {
7789 ordered_functions = -1;
7792 HBasicBlock* number_block = NULL;
7793 HBasicBlock* join = NULL;
7794 handled_string = false;
7797 for (int fn = 0; fn < ordered_functions; ++fn) {
7798 int i = order[fn].index();
7799 PropertyAccessInfo info(this, LOAD, maps->at(i), name);
7800 if (info.IsStringType()) {
7801 if (handled_string) continue;
7802 handled_string = true;
7804 // Reloads the target.
7805 info.CanAccessMonomorphic();
7806 Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
7808 expr->set_target(target);
7810 // Only needed once.
7811 join = graph()->CreateBasicBlock();
7813 HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
7814 HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
7815 number_block = graph()->CreateBasicBlock();
7816 FinishCurrentBlock(New<HIsSmiAndBranch>(
7817 receiver, empty_smi_block, not_smi_block));
7818 GotoNoSimulate(empty_smi_block, number_block);
7819 set_current_block(not_smi_block);
7821 BuildCheckHeapObject(receiver);
7825 HBasicBlock* if_true = graph()->CreateBasicBlock();
7826 HBasicBlock* if_false = graph()->CreateBasicBlock();
7827 HUnaryControlInstruction* compare;
7829 Handle<Map> map = info.map();
7830 if (info.IsNumberType()) {
7831 Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
7832 compare = New<HCompareMap>(receiver, heap_number_map, if_true, if_false);
7833 } else if (info.IsStringType()) {
7834 compare = New<HIsStringAndBranch>(receiver, if_true, if_false);
7836 compare = New<HCompareMap>(receiver, map, if_true, if_false);
7838 FinishCurrentBlock(compare);
7840 if (info.IsNumberType()) {
7841 GotoNoSimulate(if_true, number_block);
7842 if_true = number_block;
7845 set_current_block(if_true);
7847 AddCheckPrototypeMaps(info.holder(), map);
7849 HValue* function = Add<HConstant>(expr->target());
7850 environment()->SetExpressionStackAt(0, function);
7852 CHECK_ALIVE(VisitExpressions(expr->arguments()));
7853 bool needs_wrapping = info.NeedsWrappingFor(target);
7854 bool try_inline = FLAG_polymorphic_inlining && !needs_wrapping;
7855 if (FLAG_trace_inlining && try_inline) {
7856 Handle<JSFunction> caller = current_info()->closure();
7857 SmartArrayPointer<char> caller_name =
7858 caller->shared()->DebugName()->ToCString();
7859 PrintF("Trying to inline the polymorphic call to %s from %s\n",
7860 name->ToCString().get(),
7863 if (try_inline && TryInlineCall(expr)) {
7864 // Trying to inline will signal that we should bailout from the
7865 // entire compilation by setting stack overflow on the visitor.
7866 if (HasStackOverflow()) return;
7868 // Since HWrapReceiver currently cannot actually wrap numbers and strings,
7869 // use the regular CallFunctionStub for method calls to wrap the receiver.
7870 // TODO(verwaest): Support creation of value wrappers directly in
7872 HInstruction* call = needs_wrapping
7873 ? NewUncasted<HCallFunction>(
7874 function, argument_count, WRAP_AND_CALL)
7875 : BuildCallConstantFunction(target, argument_count);
7876 PushArgumentsFromEnvironment(argument_count);
7877 AddInstruction(call);
7878 Drop(1); // Drop the function.
7879 if (!ast_context()->IsEffect()) Push(call);
7882 if (current_block() != NULL) Goto(join);
7883 set_current_block(if_false);
7886 // Finish up. Unconditionally deoptimize if we've handled all the maps we
7887 // know about and do not want to handle ones we've never seen. Otherwise
7888 // use a generic IC.
7889 if (ordered_functions == maps->length() && FLAG_deoptimize_uncommon_cases) {
7890 FinishExitWithHardDeoptimization(Deoptimizer::kUnknownMapInPolymorphicCall);
7892 Property* prop = expr->expression()->AsProperty();
7893 HInstruction* function = BuildNamedGeneric(
7894 LOAD, prop, receiver, name, NULL, prop->IsUninitialized());
7895 AddInstruction(function);
7897 AddSimulate(prop->LoadId(), REMOVABLE_SIMULATE);
7899 environment()->SetExpressionStackAt(1, function);
7900 environment()->SetExpressionStackAt(0, receiver);
7901 CHECK_ALIVE(VisitExpressions(expr->arguments()));
7903 CallFunctionFlags flags = receiver->type().IsJSObject()
7904 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
7905 HInstruction* call = New<HCallFunction>(
7906 function, argument_count, flags);
7908 PushArgumentsFromEnvironment(argument_count);
7910 Drop(1); // Function.
7913 AddInstruction(call);
7914 if (!ast_context()->IsEffect()) Push(call);
7917 return ast_context()->ReturnInstruction(call, expr->id());
7921 // We assume that control flow is always live after an expression. So
7922 // even without predecessors to the join block, we set it as the exit
7923 // block and continue by adding instructions there.
7924 DCHECK(join != NULL);
7925 if (join->HasPredecessor()) {
7926 set_current_block(join);
7927 join->SetJoinId(expr->id());
7928 if (!ast_context()->IsEffect()) return ast_context()->ReturnValue(Pop());
7930 set_current_block(NULL);
7935 void HOptimizedGraphBuilder::TraceInline(Handle<JSFunction> target,
7936 Handle<JSFunction> caller,
7937 const char* reason) {
7938 if (FLAG_trace_inlining) {
7939 SmartArrayPointer<char> target_name =
7940 target->shared()->DebugName()->ToCString();
7941 SmartArrayPointer<char> caller_name =
7942 caller->shared()->DebugName()->ToCString();
7943 if (reason == NULL) {
7944 PrintF("Inlined %s called from %s.\n", target_name.get(),
7947 PrintF("Did not inline %s called from %s (%s).\n",
7948 target_name.get(), caller_name.get(), reason);
7954 static const int kNotInlinable = 1000000000;
7957 int HOptimizedGraphBuilder::InliningAstSize(Handle<JSFunction> target) {
7958 if (!FLAG_use_inlining) return kNotInlinable;
7960 // Precondition: call is monomorphic and we have found a target with the
7961 // appropriate arity.
7962 Handle<JSFunction> caller = current_info()->closure();
7963 Handle<SharedFunctionInfo> target_shared(target->shared());
7965 // Always inline functions that force inlining.
7966 if (target_shared->force_inline()) {
7969 if (target->IsBuiltin()) {
7970 return kNotInlinable;
7973 if (target_shared->IsApiFunction()) {
7974 TraceInline(target, caller, "target is api function");
7975 return kNotInlinable;
7978 // Do a quick check on source code length to avoid parsing large
7979 // inlining candidates.
7980 if (target_shared->SourceSize() >
7981 Min(FLAG_max_inlined_source_size, kUnlimitedMaxInlinedSourceSize)) {
7982 TraceInline(target, caller, "target text too big");
7983 return kNotInlinable;
7986 // Target must be inlineable.
7987 if (!target_shared->IsInlineable()) {
7988 TraceInline(target, caller, "target not inlineable");
7989 return kNotInlinable;
7991 if (target_shared->disable_optimization_reason() != kNoReason) {
7992 TraceInline(target, caller, "target contains unsupported syntax [early]");
7993 return kNotInlinable;
7996 int nodes_added = target_shared->ast_node_count();
8001 bool HOptimizedGraphBuilder::TryInline(Handle<JSFunction> target,
8002 int arguments_count,
8003 HValue* implicit_return_value,
8004 BailoutId ast_id, BailoutId return_id,
8005 InliningKind inlining_kind) {
8006 if (target->context()->native_context() !=
8007 top_info()->closure()->context()->native_context()) {
8010 int nodes_added = InliningAstSize(target);
8011 if (nodes_added == kNotInlinable) return false;
8013 Handle<JSFunction> caller = current_info()->closure();
8015 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
8016 TraceInline(target, caller, "target AST is too large [early]");
8020 // Don't inline deeper than the maximum number of inlining levels.
8021 HEnvironment* env = environment();
8022 int current_level = 1;
8023 while (env->outer() != NULL) {
8024 if (current_level == FLAG_max_inlining_levels) {
8025 TraceInline(target, caller, "inline depth limit reached");
8028 if (env->outer()->frame_type() == JS_FUNCTION) {
8034 // Don't inline recursive functions.
8035 for (FunctionState* state = function_state();
8037 state = state->outer()) {
8038 if (*state->compilation_info()->closure() == *target) {
8039 TraceInline(target, caller, "target is recursive");
8044 // We don't want to add more than a certain number of nodes from inlining.
8045 // Always inline small methods (<= 10 nodes).
8046 if (inlined_count_ > Min(FLAG_max_inlined_nodes_cumulative,
8047 kUnlimitedMaxInlinedNodesCumulative)) {
8048 TraceInline(target, caller, "cumulative AST node limit reached");
8052 // Parse and allocate variables.
8053 // Use the same AstValueFactory for creating strings in the sub-compilation
8054 // step, but don't transfer ownership to target_info.
8055 ParseInfo parse_info(zone(), target);
8056 parse_info.set_ast_value_factory(
8057 top_info()->parse_info()->ast_value_factory());
8058 parse_info.set_ast_value_factory_owned(false);
8060 CompilationInfo target_info(&parse_info);
8061 Handle<SharedFunctionInfo> target_shared(target->shared());
8062 if (!Compiler::ParseAndAnalyze(target_info.parse_info())) {
8063 if (target_info.isolate()->has_pending_exception()) {
8064 // Parse or scope error, never optimize this function.
8066 target_shared->DisableOptimization(kParseScopeError);
8068 TraceInline(target, caller, "parse failure");
8072 if (target_info.scope()->num_heap_slots() > 0) {
8073 TraceInline(target, caller, "target has context-allocated variables");
8076 FunctionLiteral* function = target_info.function();
8078 // The following conditions must be checked again after re-parsing, because
8079 // earlier the information might not have been complete due to lazy parsing.
8080 nodes_added = function->ast_node_count();
8081 if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
8082 TraceInline(target, caller, "target AST is too large [late]");
8085 if (function->dont_optimize()) {
8086 TraceInline(target, caller, "target contains unsupported syntax [late]");
8090 // If the function uses the arguments object check that inlining of functions
8091 // with arguments object is enabled and the arguments-variable is
8093 if (function->scope()->arguments() != NULL) {
8094 if (!FLAG_inline_arguments) {
8095 TraceInline(target, caller, "target uses arguments object");
8100 // All declarations must be inlineable.
8101 ZoneList<Declaration*>* decls = target_info.scope()->declarations();
8102 int decl_count = decls->length();
8103 for (int i = 0; i < decl_count; ++i) {
8104 if (!decls->at(i)->IsInlineable()) {
8105 TraceInline(target, caller, "target has non-trivial declaration");
8110 // Generate the deoptimization data for the unoptimized version of
8111 // the target function if we don't already have it.
8112 if (!Compiler::EnsureDeoptimizationSupport(&target_info)) {
8113 TraceInline(target, caller, "could not generate deoptimization info");
8117 // In strong mode it is an error to call a function with too few arguments.
8118 // In that case do not inline because then the arity check would be skipped.
8119 if (is_strong(function->language_mode()) &&
8120 arguments_count < function->parameter_count()) {
8121 TraceInline(target, caller,
8122 "too few arguments passed to a strong function");
8126 // ----------------------------------------------------------------
8127 // After this point, we've made a decision to inline this function (so
8128 // TryInline should always return true).
8130 // Type-check the inlined function.
8131 DCHECK(target_shared->has_deoptimization_support());
8132 AstTyper::Run(&target_info);
8134 int inlining_id = 0;
8135 if (top_info()->is_tracking_positions()) {
8136 inlining_id = top_info()->TraceInlinedFunction(
8137 target_shared, source_position(), function_state()->inlining_id());
8140 // Save the pending call context. Set up new one for the inlined function.
8141 // The function state is new-allocated because we need to delete it
8142 // in two different places.
8143 FunctionState* target_state =
8144 new FunctionState(this, &target_info, inlining_kind, inlining_id);
8146 HConstant* undefined = graph()->GetConstantUndefined();
8148 HEnvironment* inner_env =
8149 environment()->CopyForInlining(target,
8153 function_state()->inlining_kind());
8155 HConstant* context = Add<HConstant>(Handle<Context>(target->context()));
8156 inner_env->BindContext(context);
8158 // Create a dematerialized arguments object for the function, also copy the
8159 // current arguments values to use them for materialization.
8160 HEnvironment* arguments_env = inner_env->arguments_environment();
8161 int parameter_count = arguments_env->parameter_count();
8162 HArgumentsObject* arguments_object = Add<HArgumentsObject>(parameter_count);
8163 for (int i = 0; i < parameter_count; i++) {
8164 arguments_object->AddArgument(arguments_env->Lookup(i), zone());
8167 // If the function uses arguments object then bind bind one.
8168 if (function->scope()->arguments() != NULL) {
8169 DCHECK(function->scope()->arguments()->IsStackAllocated());
8170 inner_env->Bind(function->scope()->arguments(), arguments_object);
8173 // Capture the state before invoking the inlined function for deopt in the
8174 // inlined function. This simulate has no bailout-id since it's not directly
8175 // reachable for deopt, and is only used to capture the state. If the simulate
8176 // becomes reachable by merging, the ast id of the simulate merged into it is
8178 Add<HSimulate>(BailoutId::None());
8180 current_block()->UpdateEnvironment(inner_env);
8181 Scope* saved_scope = scope();
8182 set_scope(target_info.scope());
8183 HEnterInlined* enter_inlined =
8184 Add<HEnterInlined>(return_id, target, context, arguments_count, function,
8185 function_state()->inlining_kind(),
8186 function->scope()->arguments(), arguments_object);
8187 if (top_info()->is_tracking_positions()) {
8188 enter_inlined->set_inlining_id(inlining_id);
8190 function_state()->set_entry(enter_inlined);
8192 VisitDeclarations(target_info.scope()->declarations());
8193 VisitStatements(function->body());
8194 set_scope(saved_scope);
8195 if (HasStackOverflow()) {
8196 // Bail out if the inline function did, as we cannot residualize a call
8197 // instead, but do not disable optimization for the outer function.
8198 TraceInline(target, caller, "inline graph construction failed");
8199 target_shared->DisableOptimization(kInliningBailedOut);
8200 current_info()->RetryOptimization(kInliningBailedOut);
8201 delete target_state;
8205 // Update inlined nodes count.
8206 inlined_count_ += nodes_added;
8208 Handle<Code> unoptimized_code(target_shared->code());
8209 DCHECK(unoptimized_code->kind() == Code::FUNCTION);
8210 Handle<TypeFeedbackInfo> type_info(
8211 TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
8212 graph()->update_type_change_checksum(type_info->own_type_change_checksum());
8214 TraceInline(target, caller, NULL);
8216 if (current_block() != NULL) {
8217 FunctionState* state = function_state();
8218 if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
8219 // Falling off the end of an inlined construct call. In a test context the
8220 // return value will always evaluate to true, in a value context the
8221 // return value is the newly allocated receiver.
8222 if (call_context()->IsTest()) {
8223 Goto(inlined_test_context()->if_true(), state);
8224 } else if (call_context()->IsEffect()) {
8225 Goto(function_return(), state);
8227 DCHECK(call_context()->IsValue());
8228 AddLeaveInlined(implicit_return_value, state);
8230 } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
8231 // Falling off the end of an inlined setter call. The returned value is
8232 // never used, the value of an assignment is always the value of the RHS
8233 // of the assignment.
8234 if (call_context()->IsTest()) {
8235 inlined_test_context()->ReturnValue(implicit_return_value);
8236 } else if (call_context()->IsEffect()) {
8237 Goto(function_return(), state);
8239 DCHECK(call_context()->IsValue());
8240 AddLeaveInlined(implicit_return_value, state);
8243 // Falling off the end of a normal inlined function. This basically means
8244 // returning undefined.
8245 if (call_context()->IsTest()) {
8246 Goto(inlined_test_context()->if_false(), state);
8247 } else if (call_context()->IsEffect()) {
8248 Goto(function_return(), state);
8250 DCHECK(call_context()->IsValue());
8251 AddLeaveInlined(undefined, state);
8256 // Fix up the function exits.
8257 if (inlined_test_context() != NULL) {
8258 HBasicBlock* if_true = inlined_test_context()->if_true();
8259 HBasicBlock* if_false = inlined_test_context()->if_false();
8261 HEnterInlined* entry = function_state()->entry();
8263 // Pop the return test context from the expression context stack.
8264 DCHECK(ast_context() == inlined_test_context());
8265 ClearInlinedTestContext();
8266 delete target_state;
8268 // Forward to the real test context.
8269 if (if_true->HasPredecessor()) {
8270 entry->RegisterReturnTarget(if_true, zone());
8271 if_true->SetJoinId(ast_id);
8272 HBasicBlock* true_target = TestContext::cast(ast_context())->if_true();
8273 Goto(if_true, true_target, function_state());
8275 if (if_false->HasPredecessor()) {
8276 entry->RegisterReturnTarget(if_false, zone());
8277 if_false->SetJoinId(ast_id);
8278 HBasicBlock* false_target = TestContext::cast(ast_context())->if_false();
8279 Goto(if_false, false_target, function_state());
8281 set_current_block(NULL);
8284 } else if (function_return()->HasPredecessor()) {
8285 function_state()->entry()->RegisterReturnTarget(function_return(), zone());
8286 function_return()->SetJoinId(ast_id);
8287 set_current_block(function_return());
8289 set_current_block(NULL);
8291 delete target_state;
8296 bool HOptimizedGraphBuilder::TryInlineCall(Call* expr) {
8297 return TryInline(expr->target(), expr->arguments()->length(), NULL,
8298 expr->id(), expr->ReturnId(), NORMAL_RETURN);
8302 bool HOptimizedGraphBuilder::TryInlineConstruct(CallNew* expr,
8303 HValue* implicit_return_value) {
8304 return TryInline(expr->target(), expr->arguments()->length(),
8305 implicit_return_value, expr->id(), expr->ReturnId(),
8306 CONSTRUCT_CALL_RETURN);
8310 bool HOptimizedGraphBuilder::TryInlineGetter(Handle<JSFunction> getter,
8311 Handle<Map> receiver_map,
8313 BailoutId return_id) {
8314 if (TryInlineApiGetter(getter, receiver_map, ast_id)) return true;
8315 return TryInline(getter, 0, NULL, ast_id, return_id, GETTER_CALL_RETURN);
8319 bool HOptimizedGraphBuilder::TryInlineSetter(Handle<JSFunction> setter,
8320 Handle<Map> receiver_map,
8322 BailoutId assignment_id,
8323 HValue* implicit_return_value) {
8324 if (TryInlineApiSetter(setter, receiver_map, id)) return true;
8325 return TryInline(setter, 1, implicit_return_value, id, assignment_id,
8326 SETTER_CALL_RETURN);
8330 bool HOptimizedGraphBuilder::TryInlineIndirectCall(Handle<JSFunction> function,
8332 int arguments_count) {
8333 return TryInline(function, arguments_count, NULL, expr->id(),
8334 expr->ReturnId(), NORMAL_RETURN);
8338 bool HOptimizedGraphBuilder::TryInlineBuiltinFunctionCall(Call* expr) {
8339 if (!expr->target()->shared()->HasBuiltinFunctionId()) return false;
8340 BuiltinFunctionId id = expr->target()->shared()->builtin_function_id();
8343 if (!FLAG_fast_math) break;
8344 // Fall through if FLAG_fast_math.
8352 if (expr->arguments()->length() == 1) {
8353 HValue* argument = Pop();
8354 Drop(2); // Receiver and function.
8355 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8356 ast_context()->ReturnInstruction(op, expr->id());
8361 if (expr->arguments()->length() == 2) {
8362 HValue* right = Pop();
8363 HValue* left = Pop();
8364 Drop(2); // Receiver and function.
8366 HMul::NewImul(isolate(), zone(), context(), left, right);
8367 ast_context()->ReturnInstruction(op, expr->id());
8372 // Not supported for inlining yet.
8380 bool HOptimizedGraphBuilder::IsReadOnlyLengthDescriptor(
8381 Handle<Map> jsarray_map) {
8382 DCHECK(!jsarray_map->is_dictionary_map());
8383 Isolate* isolate = jsarray_map->GetIsolate();
8384 Handle<Name> length_string = isolate->factory()->length_string();
8385 DescriptorArray* descriptors = jsarray_map->instance_descriptors();
8386 int number = descriptors->SearchWithCache(*length_string, *jsarray_map);
8387 DCHECK_NE(DescriptorArray::kNotFound, number);
8388 return descriptors->GetDetails(number).IsReadOnly();
8393 bool HOptimizedGraphBuilder::CanInlineArrayResizeOperation(
8394 Handle<Map> receiver_map) {
8395 return !receiver_map.is_null() &&
8396 receiver_map->instance_type() == JS_ARRAY_TYPE &&
8397 IsFastElementsKind(receiver_map->elements_kind()) &&
8398 !receiver_map->is_dictionary_map() &&
8399 !IsReadOnlyLengthDescriptor(receiver_map) &&
8400 !receiver_map->is_observed() && receiver_map->is_extensible();
8404 bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
8405 Call* expr, Handle<JSFunction> function, Handle<Map> receiver_map,
8406 int args_count_no_receiver) {
8407 if (!function->shared()->HasBuiltinFunctionId()) return false;
8408 BuiltinFunctionId id = function->shared()->builtin_function_id();
8409 int argument_count = args_count_no_receiver + 1; // Plus receiver.
8411 if (receiver_map.is_null()) {
8412 HValue* receiver = environment()->ExpressionStackAt(args_count_no_receiver);
8413 if (receiver->IsConstant() &&
8414 HConstant::cast(receiver)->handle(isolate())->IsHeapObject()) {
8416 handle(Handle<HeapObject>::cast(
8417 HConstant::cast(receiver)->handle(isolate()))->map());
8420 // Try to inline calls like Math.* as operations in the calling function.
8422 case kStringCharCodeAt:
8424 if (argument_count == 2) {
8425 HValue* index = Pop();
8426 HValue* string = Pop();
8427 Drop(1); // Function.
8428 HInstruction* char_code =
8429 BuildStringCharCodeAt(string, index);
8430 if (id == kStringCharCodeAt) {
8431 ast_context()->ReturnInstruction(char_code, expr->id());
8434 AddInstruction(char_code);
8435 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
8436 ast_context()->ReturnInstruction(result, expr->id());
8440 case kStringFromCharCode:
8441 if (argument_count == 2) {
8442 HValue* argument = Pop();
8443 Drop(2); // Receiver and function.
8444 HInstruction* result = NewUncasted<HStringCharFromCode>(argument);
8445 ast_context()->ReturnInstruction(result, expr->id());
8450 if (!FLAG_fast_math) break;
8451 // Fall through if FLAG_fast_math.
8459 if (argument_count == 2) {
8460 HValue* argument = Pop();
8461 Drop(2); // Receiver and function.
8462 HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8463 ast_context()->ReturnInstruction(op, expr->id());
8468 if (argument_count == 3) {
8469 HValue* right = Pop();
8470 HValue* left = Pop();
8471 Drop(2); // Receiver and function.
8472 HInstruction* result = NULL;
8473 // Use sqrt() if exponent is 0.5 or -0.5.
8474 if (right->IsConstant() && HConstant::cast(right)->HasDoubleValue()) {
8475 double exponent = HConstant::cast(right)->DoubleValue();
8476 if (exponent == 0.5) {
8477 result = NewUncasted<HUnaryMathOperation>(left, kMathPowHalf);
8478 } else if (exponent == -0.5) {
8479 HValue* one = graph()->GetConstant1();
8480 HInstruction* sqrt = AddUncasted<HUnaryMathOperation>(
8481 left, kMathPowHalf);
8482 // MathPowHalf doesn't have side effects so there's no need for
8483 // an environment simulation here.
8484 DCHECK(!sqrt->HasObservableSideEffects());
8485 result = NewUncasted<HDiv>(one, sqrt);
8486 } else if (exponent == 2.0) {
8487 result = NewUncasted<HMul>(left, left);
8491 if (result == NULL) {
8492 result = NewUncasted<HPower>(left, right);
8494 ast_context()->ReturnInstruction(result, expr->id());
8500 if (argument_count == 3) {
8501 HValue* right = Pop();
8502 HValue* left = Pop();
8503 Drop(2); // Receiver and function.
8504 HMathMinMax::Operation op = (id == kMathMin) ? HMathMinMax::kMathMin
8505 : HMathMinMax::kMathMax;
8506 HInstruction* result = NewUncasted<HMathMinMax>(left, right, op);
8507 ast_context()->ReturnInstruction(result, expr->id());
8512 if (argument_count == 3) {
8513 HValue* right = Pop();
8514 HValue* left = Pop();
8515 Drop(2); // Receiver and function.
8516 HInstruction* result =
8517 HMul::NewImul(isolate(), zone(), context(), left, right);
8518 ast_context()->ReturnInstruction(result, expr->id());
8523 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8524 ElementsKind elements_kind = receiver_map->elements_kind();
8526 Drop(args_count_no_receiver);
8528 HValue* reduced_length;
8529 HValue* receiver = Pop();
8531 HValue* checked_object = AddCheckMap(receiver, receiver_map);
8533 Add<HLoadNamedField>(checked_object, nullptr,
8534 HObjectAccess::ForArrayLength(elements_kind));
8536 Drop(1); // Function.
8538 { NoObservableSideEffectsScope scope(this);
8539 IfBuilder length_checker(this);
8541 HValue* bounds_check = length_checker.If<HCompareNumericAndBranch>(
8542 length, graph()->GetConstant0(), Token::EQ);
8543 length_checker.Then();
8545 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8547 length_checker.Else();
8548 HValue* elements = AddLoadElements(checked_object);
8549 // Ensure that we aren't popping from a copy-on-write array.
8550 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8551 elements = BuildCopyElementsOnWrite(checked_object, elements,
8552 elements_kind, length);
8554 reduced_length = AddUncasted<HSub>(length, graph()->GetConstant1());
8555 result = AddElementAccess(elements, reduced_length, NULL,
8556 bounds_check, elements_kind, LOAD);
8557 HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
8558 ? graph()->GetConstantHole()
8559 : Add<HConstant>(HConstant::kHoleNaN);
8560 if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8561 elements_kind = FAST_HOLEY_ELEMENTS;
8564 elements, reduced_length, hole, bounds_check, elements_kind, STORE);
8565 Add<HStoreNamedField>(
8566 checked_object, HObjectAccess::ForArrayLength(elements_kind),
8567 reduced_length, STORE_TO_INITIALIZED_ENTRY);
8569 if (!ast_context()->IsEffect()) Push(result);
8571 length_checker.End();
8573 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8574 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8575 if (!ast_context()->IsEffect()) Drop(1);
8577 ast_context()->ReturnValue(result);
8581 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8582 ElementsKind elements_kind = receiver_map->elements_kind();
8584 // If there may be elements accessors in the prototype chain, the fast
8585 // inlined version can't be used.
8586 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8587 // If there currently can be no elements accessors on the prototype chain,
8588 // it doesn't mean that there won't be any later. Install a full prototype
8589 // chain check to trap element accessors being installed on the prototype
8590 // chain, which would cause elements to go to dictionary mode and result
8592 Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
8593 BuildCheckPrototypeMaps(prototype, Handle<JSObject>());
8595 // Protect against adding elements to the Array prototype, which needs to
8596 // route through appropriate bottlenecks.
8597 if (isolate()->IsFastArrayConstructorPrototypeChainIntact() &&
8598 !prototype->IsJSArray()) {
8602 const int argc = args_count_no_receiver;
8603 if (argc != 1) return false;
8605 HValue* value_to_push = Pop();
8606 HValue* array = Pop();
8607 Drop(1); // Drop function.
8609 HInstruction* new_size = NULL;
8610 HValue* length = NULL;
8613 NoObservableSideEffectsScope scope(this);
8615 length = Add<HLoadNamedField>(
8616 array, nullptr, HObjectAccess::ForArrayLength(elements_kind));
8618 new_size = AddUncasted<HAdd>(length, graph()->GetConstant1());
8620 bool is_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
8621 HValue* checked_array = Add<HCheckMaps>(array, receiver_map);
8622 BuildUncheckedMonomorphicElementAccess(
8623 checked_array, length, value_to_push, is_array, elements_kind,
8624 STORE, NEVER_RETURN_HOLE, STORE_AND_GROW_NO_TRANSITION);
8626 if (!ast_context()->IsEffect()) Push(new_size);
8627 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8628 if (!ast_context()->IsEffect()) Drop(1);
8631 ast_context()->ReturnValue(new_size);
8635 if (!CanInlineArrayResizeOperation(receiver_map)) return false;
8636 ElementsKind kind = receiver_map->elements_kind();
8638 // If there may be elements accessors in the prototype chain, the fast
8639 // inlined version can't be used.
8640 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8642 // If there currently can be no elements accessors on the prototype chain,
8643 // it doesn't mean that there won't be any later. Install a full prototype
8644 // chain check to trap element accessors being installed on the prototype
8645 // chain, which would cause elements to go to dictionary mode and result
8647 BuildCheckPrototypeMaps(
8648 handle(JSObject::cast(receiver_map->prototype()), isolate()),
8649 Handle<JSObject>::null());
8651 // Threshold for fast inlined Array.shift().
8652 HConstant* inline_threshold = Add<HConstant>(static_cast<int32_t>(16));
8654 Drop(args_count_no_receiver);
8655 HValue* receiver = Pop();
8656 HValue* function = Pop();
8660 NoObservableSideEffectsScope scope(this);
8662 HValue* length = Add<HLoadNamedField>(
8663 receiver, nullptr, HObjectAccess::ForArrayLength(kind));
8665 IfBuilder if_lengthiszero(this);
8666 HValue* lengthiszero = if_lengthiszero.If<HCompareNumericAndBranch>(
8667 length, graph()->GetConstant0(), Token::EQ);
8668 if_lengthiszero.Then();
8670 if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8672 if_lengthiszero.Else();
8674 HValue* elements = AddLoadElements(receiver);
8676 // Check if we can use the fast inlined Array.shift().
8677 IfBuilder if_inline(this);
8678 if_inline.If<HCompareNumericAndBranch>(
8679 length, inline_threshold, Token::LTE);
8680 if (IsFastSmiOrObjectElementsKind(kind)) {
8681 // We cannot handle copy-on-write backing stores here.
8682 if_inline.AndIf<HCompareMap>(
8683 elements, isolate()->factory()->fixed_array_map());
8687 // Remember the result.
8688 if (!ast_context()->IsEffect()) {
8689 Push(AddElementAccess(elements, graph()->GetConstant0(), NULL,
8690 lengthiszero, kind, LOAD));
8693 // Compute the new length.
8694 HValue* new_length = AddUncasted<HSub>(
8695 length, graph()->GetConstant1());
8696 new_length->ClearFlag(HValue::kCanOverflow);
8698 // Copy the remaining elements.
8699 LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
8701 HValue* new_key = loop.BeginBody(
8702 graph()->GetConstant0(), new_length, Token::LT);
8703 HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1());
8704 key->ClearFlag(HValue::kCanOverflow);
8705 ElementsKind copy_kind =
8706 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
8707 HValue* element = AddUncasted<HLoadKeyed>(
8708 elements, key, lengthiszero, copy_kind, ALLOW_RETURN_HOLE);
8709 HStoreKeyed* store =
8710 Add<HStoreKeyed>(elements, new_key, element, copy_kind);
8711 store->SetFlag(HValue::kAllowUndefinedAsNaN);
8715 // Put a hole at the end.
8716 HValue* hole = IsFastSmiOrObjectElementsKind(kind)
8717 ? graph()->GetConstantHole()
8718 : Add<HConstant>(HConstant::kHoleNaN);
8719 if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS;
8721 elements, new_length, hole, kind, INITIALIZING_STORE);
8723 // Remember new length.
8724 Add<HStoreNamedField>(
8725 receiver, HObjectAccess::ForArrayLength(kind),
8726 new_length, STORE_TO_INITIALIZED_ENTRY);
8730 Add<HPushArguments>(receiver);
8731 result = Add<HCallJSFunction>(function, 1, true);
8732 if (!ast_context()->IsEffect()) Push(result);
8736 if_lengthiszero.End();
8738 result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8739 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8740 if (!ast_context()->IsEffect()) Drop(1);
8741 ast_context()->ReturnValue(result);
8745 case kArrayLastIndexOf: {
8746 if (receiver_map.is_null()) return false;
8747 if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
8748 ElementsKind kind = receiver_map->elements_kind();
8749 if (!IsFastElementsKind(kind)) return false;
8750 if (receiver_map->is_observed()) return false;
8751 if (argument_count != 2) return false;
8752 if (!receiver_map->is_extensible()) return false;
8754 // If there may be elements accessors in the prototype chain, the fast
8755 // inlined version can't be used.
8756 if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8758 // If there currently can be no elements accessors on the prototype chain,
8759 // it doesn't mean that there won't be any later. Install a full prototype
8760 // chain check to trap element accessors being installed on the prototype
8761 // chain, which would cause elements to go to dictionary mode and result
8763 BuildCheckPrototypeMaps(
8764 handle(JSObject::cast(receiver_map->prototype()), isolate()),
8765 Handle<JSObject>::null());
8767 HValue* search_element = Pop();
8768 HValue* receiver = Pop();
8769 Drop(1); // Drop function.
8771 ArrayIndexOfMode mode = (id == kArrayIndexOf)
8772 ? kFirstIndexOf : kLastIndexOf;
8773 HValue* index = BuildArrayIndexOf(receiver, search_element, kind, mode);
8775 if (!ast_context()->IsEffect()) Push(index);
8776 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8777 if (!ast_context()->IsEffect()) Drop(1);
8778 ast_context()->ReturnValue(index);
8782 // Not yet supported for inlining.
8789 bool HOptimizedGraphBuilder::TryInlineApiFunctionCall(Call* expr,
8791 Handle<JSFunction> function = expr->target();
8792 int argc = expr->arguments()->length();
8793 SmallMapList receiver_maps;
8794 return TryInlineApiCall(function,
8803 bool HOptimizedGraphBuilder::TryInlineApiMethodCall(
8806 SmallMapList* receiver_maps) {
8807 Handle<JSFunction> function = expr->target();
8808 int argc = expr->arguments()->length();
8809 return TryInlineApiCall(function,
8818 bool HOptimizedGraphBuilder::TryInlineApiGetter(Handle<JSFunction> function,
8819 Handle<Map> receiver_map,
8821 SmallMapList receiver_maps(1, zone());
8822 receiver_maps.Add(receiver_map, zone());
8823 return TryInlineApiCall(function,
8824 NULL, // Receiver is on expression stack.
8832 bool HOptimizedGraphBuilder::TryInlineApiSetter(Handle<JSFunction> function,
8833 Handle<Map> receiver_map,
8835 SmallMapList receiver_maps(1, zone());
8836 receiver_maps.Add(receiver_map, zone());
8837 return TryInlineApiCall(function,
8838 NULL, // Receiver is on expression stack.
8846 bool HOptimizedGraphBuilder::TryInlineApiCall(Handle<JSFunction> function,
8848 SmallMapList* receiver_maps,
8851 ApiCallType call_type) {
8852 if (function->context()->native_context() !=
8853 top_info()->closure()->context()->native_context()) {
8856 CallOptimization optimization(function);
8857 if (!optimization.is_simple_api_call()) return false;
8858 Handle<Map> holder_map;
8859 for (int i = 0; i < receiver_maps->length(); ++i) {
8860 auto map = receiver_maps->at(i);
8861 // Don't inline calls to receivers requiring accesschecks.
8862 if (map->is_access_check_needed()) return false;
8864 if (call_type == kCallApiFunction) {
8865 // Cannot embed a direct reference to the global proxy map
8866 // as it maybe dropped on deserialization.
8867 CHECK(!isolate()->serializer_enabled());
8868 DCHECK_EQ(0, receiver_maps->length());
8869 receiver_maps->Add(handle(function->global_proxy()->map()), zone());
8871 CallOptimization::HolderLookup holder_lookup =
8872 CallOptimization::kHolderNotFound;
8873 Handle<JSObject> api_holder = optimization.LookupHolderOfExpectedType(
8874 receiver_maps->first(), &holder_lookup);
8875 if (holder_lookup == CallOptimization::kHolderNotFound) return false;
8877 if (FLAG_trace_inlining) {
8878 PrintF("Inlining api function ");
8879 function->ShortPrint();
8883 bool is_function = false;
8884 bool is_store = false;
8885 switch (call_type) {
8886 case kCallApiFunction:
8887 case kCallApiMethod:
8888 // Need to check that none of the receiver maps could have changed.
8889 Add<HCheckMaps>(receiver, receiver_maps);
8890 // Need to ensure the chain between receiver and api_holder is intact.
8891 if (holder_lookup == CallOptimization::kHolderFound) {
8892 AddCheckPrototypeMaps(api_holder, receiver_maps->first());
8894 DCHECK_EQ(holder_lookup, CallOptimization::kHolderIsReceiver);
8896 // Includes receiver.
8897 PushArgumentsFromEnvironment(argc + 1);
8900 case kCallApiGetter:
8901 // Receiver and prototype chain cannot have changed.
8903 DCHECK_NULL(receiver);
8904 // Receiver is on expression stack.
8906 Add<HPushArguments>(receiver);
8908 case kCallApiSetter:
8911 // Receiver and prototype chain cannot have changed.
8913 DCHECK_NULL(receiver);
8914 // Receiver and value are on expression stack.
8915 HValue* value = Pop();
8917 Add<HPushArguments>(receiver, value);
8922 HValue* holder = NULL;
8923 switch (holder_lookup) {
8924 case CallOptimization::kHolderFound:
8925 holder = Add<HConstant>(api_holder);
8927 case CallOptimization::kHolderIsReceiver:
8930 case CallOptimization::kHolderNotFound:
8934 Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
8935 Handle<Object> call_data_obj(api_call_info->data(), isolate());
8936 bool call_data_undefined = call_data_obj->IsUndefined();
8937 HValue* call_data = Add<HConstant>(call_data_obj);
8938 ApiFunction fun(v8::ToCData<Address>(api_call_info->callback()));
8939 ExternalReference ref = ExternalReference(&fun,
8940 ExternalReference::DIRECT_API_CALL,
8942 HValue* api_function_address = Add<HConstant>(ExternalReference(ref));
8944 HValue* op_vals[] = {context(), Add<HConstant>(function), call_data, holder,
8945 api_function_address, nullptr};
8947 HInstruction* call = nullptr;
8949 CallApiAccessorStub stub(isolate(), is_store, call_data_undefined);
8950 Handle<Code> code = stub.GetCode();
8951 HConstant* code_value = Add<HConstant>(code);
8952 ApiAccessorDescriptor descriptor(isolate());
8953 DCHECK(arraysize(op_vals) - 1 == descriptor.GetEnvironmentLength());
8954 call = New<HCallWithDescriptor>(
8955 code_value, argc + 1, descriptor,
8956 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8957 } else if (argc <= CallApiFunctionWithFixedArgsStub::kMaxFixedArgs) {
8958 CallApiFunctionWithFixedArgsStub stub(isolate(), argc, call_data_undefined);
8959 Handle<Code> code = stub.GetCode();
8960 HConstant* code_value = Add<HConstant>(code);
8961 ApiFunctionWithFixedArgsDescriptor descriptor(isolate());
8962 DCHECK(arraysize(op_vals) - 1 == descriptor.GetEnvironmentLength());
8963 call = New<HCallWithDescriptor>(
8964 code_value, argc + 1, descriptor,
8965 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8966 Drop(1); // Drop function.
8968 op_vals[arraysize(op_vals) - 1] = Add<HConstant>(argc);
8969 CallApiFunctionStub stub(isolate(), call_data_undefined);
8970 Handle<Code> code = stub.GetCode();
8971 HConstant* code_value = Add<HConstant>(code);
8972 ApiFunctionDescriptor descriptor(isolate());
8973 DCHECK(arraysize(op_vals) == descriptor.GetEnvironmentLength());
8974 call = New<HCallWithDescriptor>(
8975 code_value, argc + 1, descriptor,
8976 Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8977 Drop(1); // Drop function.
8980 ast_context()->ReturnInstruction(call, ast_id);
8985 void HOptimizedGraphBuilder::HandleIndirectCall(Call* expr, HValue* function,
8986 int arguments_count) {
8987 Handle<JSFunction> known_function;
8988 int args_count_no_receiver = arguments_count - 1;
8989 if (function->IsConstant() &&
8990 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
8992 Handle<JSFunction>::cast(HConstant::cast(function)->handle(isolate()));
8993 if (TryInlineBuiltinMethodCall(expr, known_function, Handle<Map>(),
8994 args_count_no_receiver)) {
8995 if (FLAG_trace_inlining) {
8996 PrintF("Inlining builtin ");
8997 known_function->ShortPrint();
9003 if (TryInlineIndirectCall(known_function, expr, args_count_no_receiver)) {
9008 PushArgumentsFromEnvironment(arguments_count);
9009 HInvokeFunction* call =
9010 New<HInvokeFunction>(function, known_function, arguments_count);
9011 Drop(1); // Function
9012 ast_context()->ReturnInstruction(call, expr->id());
9016 bool HOptimizedGraphBuilder::TryIndirectCall(Call* expr) {
9017 DCHECK(expr->expression()->IsProperty());
9019 if (!expr->IsMonomorphic()) {
9022 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9023 if (function_map->instance_type() != JS_FUNCTION_TYPE ||
9024 !expr->target()->shared()->HasBuiltinFunctionId()) {
9028 switch (expr->target()->shared()->builtin_function_id()) {
9029 case kFunctionCall: {
9030 if (expr->arguments()->length() == 0) return false;
9031 BuildFunctionCall(expr);
9034 case kFunctionApply: {
9035 // For .apply, only the pattern f.apply(receiver, arguments)
9037 if (current_info()->scope()->arguments() == NULL) return false;
9039 if (!CanBeFunctionApplyArguments(expr)) return false;
9041 BuildFunctionApply(expr);
9044 default: { return false; }
9050 void HOptimizedGraphBuilder::BuildFunctionApply(Call* expr) {
9051 ZoneList<Expression*>* args = expr->arguments();
9052 CHECK_ALIVE(VisitForValue(args->at(0)));
9053 HValue* receiver = Pop(); // receiver
9054 HValue* function = Pop(); // f
9057 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9058 HValue* checked_function = AddCheckMap(function, function_map);
9060 if (function_state()->outer() == NULL) {
9061 HInstruction* elements = Add<HArgumentsElements>(false);
9062 HInstruction* length = Add<HArgumentsLength>(elements);
9063 HValue* wrapped_receiver = BuildWrapReceiver(receiver, checked_function);
9064 HInstruction* result = New<HApplyArguments>(function,
9068 ast_context()->ReturnInstruction(result, expr->id());
9070 // We are inside inlined function and we know exactly what is inside
9071 // arguments object. But we need to be able to materialize at deopt.
9072 DCHECK_EQ(environment()->arguments_environment()->parameter_count(),
9073 function_state()->entry()->arguments_object()->arguments_count());
9074 HArgumentsObject* args = function_state()->entry()->arguments_object();
9075 const ZoneList<HValue*>* arguments_values = args->arguments_values();
9076 int arguments_count = arguments_values->length();
9078 Push(BuildWrapReceiver(receiver, checked_function));
9079 for (int i = 1; i < arguments_count; i++) {
9080 Push(arguments_values->at(i));
9082 HandleIndirectCall(expr, function, arguments_count);
9088 void HOptimizedGraphBuilder::BuildFunctionCall(Call* expr) {
9089 HValue* function = Top(); // f
9090 Handle<Map> function_map = expr->GetReceiverTypes()->first();
9091 HValue* checked_function = AddCheckMap(function, function_map);
9093 // f and call are on the stack in the unoptimized code
9094 // during evaluation of the arguments.
9095 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9097 int args_length = expr->arguments()->length();
9098 int receiver_index = args_length - 1;
9099 // Patch the receiver.
9100 HValue* receiver = BuildWrapReceiver(
9101 environment()->ExpressionStackAt(receiver_index), checked_function);
9102 environment()->SetExpressionStackAt(receiver_index, receiver);
9104 // Call must not be on the stack from now on.
9105 int call_index = args_length + 1;
9106 environment()->RemoveExpressionStackAt(call_index);
9108 HandleIndirectCall(expr, function, args_length);
9112 HValue* HOptimizedGraphBuilder::ImplicitReceiverFor(HValue* function,
9113 Handle<JSFunction> target) {
9114 SharedFunctionInfo* shared = target->shared();
9115 if (is_sloppy(shared->language_mode()) && !shared->native()) {
9116 // Cannot embed a direct reference to the global proxy
9117 // as is it dropped on deserialization.
9118 CHECK(!isolate()->serializer_enabled());
9119 Handle<JSObject> global_proxy(target->context()->global_proxy());
9120 return Add<HConstant>(global_proxy);
9122 return graph()->GetConstantUndefined();
9126 void HOptimizedGraphBuilder::BuildArrayCall(Expression* expression,
9127 int arguments_count,
9129 Handle<AllocationSite> site) {
9130 Add<HCheckValue>(function, array_function());
9132 if (IsCallArrayInlineable(arguments_count, site)) {
9133 BuildInlinedCallArray(expression, arguments_count, site);
9137 HInstruction* call = PreProcessCall(New<HCallNewArray>(
9138 function, arguments_count + 1, site->GetElementsKind(), site));
9139 if (expression->IsCall()) {
9142 ast_context()->ReturnInstruction(call, expression->id());
9146 HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver,
9147 HValue* search_element,
9149 ArrayIndexOfMode mode) {
9150 DCHECK(IsFastElementsKind(kind));
9152 NoObservableSideEffectsScope no_effects(this);
9154 HValue* elements = AddLoadElements(receiver);
9155 HValue* length = AddLoadArrayLength(receiver, kind);
9158 HValue* terminating;
9160 LoopBuilder::Direction direction;
9161 if (mode == kFirstIndexOf) {
9162 initial = graph()->GetConstant0();
9163 terminating = length;
9165 direction = LoopBuilder::kPostIncrement;
9167 DCHECK_EQ(kLastIndexOf, mode);
9169 terminating = graph()->GetConstant0();
9171 direction = LoopBuilder::kPreDecrement;
9174 Push(graph()->GetConstantMinus1());
9175 if (IsFastDoubleElementsKind(kind) || IsFastSmiElementsKind(kind)) {
9176 // Make sure that we can actually compare numbers correctly below, see
9177 // https://code.google.com/p/chromium/issues/detail?id=407946 for details.
9178 search_element = AddUncasted<HForceRepresentation>(
9179 search_element, IsFastSmiElementsKind(kind) ? Representation::Smi()
9180 : Representation::Double());
9182 LoopBuilder loop(this, context(), direction);
9184 HValue* index = loop.BeginBody(initial, terminating, token);
9185 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr, kind,
9187 IfBuilder if_issame(this);
9188 if_issame.If<HCompareNumericAndBranch>(element, search_element,
9200 IfBuilder if_isstring(this);
9201 if_isstring.If<HIsStringAndBranch>(search_element);
9204 LoopBuilder loop(this, context(), direction);
9206 HValue* index = loop.BeginBody(initial, terminating, token);
9207 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9208 kind, ALLOW_RETURN_HOLE);
9209 IfBuilder if_issame(this);
9210 if_issame.If<HIsStringAndBranch>(element);
9211 if_issame.AndIf<HStringCompareAndBranch>(
9212 element, search_element, Token::EQ_STRICT);
9225 IfBuilder if_isnumber(this);
9226 if_isnumber.If<HIsSmiAndBranch>(search_element);
9227 if_isnumber.OrIf<HCompareMap>(
9228 search_element, isolate()->factory()->heap_number_map());
9231 HValue* search_number =
9232 AddUncasted<HForceRepresentation>(search_element,
9233 Representation::Double());
9234 LoopBuilder loop(this, context(), direction);
9236 HValue* index = loop.BeginBody(initial, terminating, token);
9237 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9238 kind, ALLOW_RETURN_HOLE);
9240 IfBuilder if_element_isnumber(this);
9241 if_element_isnumber.If<HIsSmiAndBranch>(element);
9242 if_element_isnumber.OrIf<HCompareMap>(
9243 element, isolate()->factory()->heap_number_map());
9244 if_element_isnumber.Then();
9247 AddUncasted<HForceRepresentation>(element,
9248 Representation::Double());
9249 IfBuilder if_issame(this);
9250 if_issame.If<HCompareNumericAndBranch>(
9251 number, search_number, Token::EQ_STRICT);
9260 if_element_isnumber.End();
9266 LoopBuilder loop(this, context(), direction);
9268 HValue* index = loop.BeginBody(initial, terminating, token);
9269 HValue* element = AddUncasted<HLoadKeyed>(elements, index, nullptr,
9270 kind, ALLOW_RETURN_HOLE);
9271 IfBuilder if_issame(this);
9272 if_issame.If<HCompareObjectEqAndBranch>(
9273 element, search_element);
9293 bool HOptimizedGraphBuilder::TryHandleArrayCall(Call* expr, HValue* function) {
9294 if (!array_function().is_identical_to(expr->target())) {
9298 Handle<AllocationSite> site = expr->allocation_site();
9299 if (site.is_null()) return false;
9301 BuildArrayCall(expr,
9302 expr->arguments()->length(),
9309 bool HOptimizedGraphBuilder::TryHandleArrayCallNew(CallNew* expr,
9311 if (!array_function().is_identical_to(expr->target())) {
9315 Handle<AllocationSite> site = expr->allocation_site();
9316 if (site.is_null()) return false;
9318 BuildArrayCall(expr, expr->arguments()->length(), function, site);
9323 bool HOptimizedGraphBuilder::CanBeFunctionApplyArguments(Call* expr) {
9324 ZoneList<Expression*>* args = expr->arguments();
9325 if (args->length() != 2) return false;
9326 VariableProxy* arg_two = args->at(1)->AsVariableProxy();
9327 if (arg_two == NULL || !arg_two->var()->IsStackAllocated()) return false;
9328 HValue* arg_two_value = LookupAndMakeLive(arg_two->var());
9329 if (!arg_two_value->CheckFlag(HValue::kIsArguments)) return false;
9334 void HOptimizedGraphBuilder::VisitCall(Call* expr) {
9335 DCHECK(!HasStackOverflow());
9336 DCHECK(current_block() != NULL);
9337 DCHECK(current_block()->HasPredecessor());
9338 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
9339 Expression* callee = expr->expression();
9340 int argument_count = expr->arguments()->length() + 1; // Plus receiver.
9341 HInstruction* call = NULL;
9343 Property* prop = callee->AsProperty();
9345 CHECK_ALIVE(VisitForValue(prop->obj()));
9346 HValue* receiver = Top();
9349 ComputeReceiverTypes(expr, receiver, &maps, zone());
9351 if (prop->key()->IsPropertyName() && maps->length() > 0) {
9352 Handle<String> name = prop->key()->AsLiteral()->AsPropertyName();
9353 PropertyAccessInfo info(this, LOAD, maps->first(), name);
9354 if (!info.CanAccessAsMonomorphic(maps)) {
9355 HandlePolymorphicCallNamed(expr, receiver, maps, name);
9361 if (!prop->key()->IsPropertyName()) {
9362 CHECK_ALIVE(VisitForValue(prop->key()));
9366 CHECK_ALIVE(PushLoad(prop, receiver, key));
9367 HValue* function = Pop();
9369 if (function->IsConstant() &&
9370 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9371 // Push the function under the receiver.
9372 environment()->SetExpressionStackAt(0, function);
9375 Handle<JSFunction> known_function = Handle<JSFunction>::cast(
9376 HConstant::cast(function)->handle(isolate()));
9377 expr->set_target(known_function);
9379 if (TryIndirectCall(expr)) return;
9380 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9382 Handle<Map> map = maps->length() == 1 ? maps->first() : Handle<Map>();
9383 if (TryInlineBuiltinMethodCall(expr, known_function, map,
9384 expr->arguments()->length())) {
9385 if (FLAG_trace_inlining) {
9386 PrintF("Inlining builtin ");
9387 known_function->ShortPrint();
9392 if (TryInlineApiMethodCall(expr, receiver, maps)) return;
9394 // Wrap the receiver if necessary.
9395 if (NeedsWrapping(maps->first(), known_function)) {
9396 // Since HWrapReceiver currently cannot actually wrap numbers and
9397 // strings, use the regular CallFunctionStub for method calls to wrap
9399 // TODO(verwaest): Support creation of value wrappers directly in
9401 call = New<HCallFunction>(
9402 function, argument_count, WRAP_AND_CALL);
9403 } else if (TryInlineCall(expr)) {
9406 call = BuildCallConstantFunction(known_function, argument_count);
9410 ArgumentsAllowedFlag arguments_flag = ARGUMENTS_NOT_ALLOWED;
9411 if (CanBeFunctionApplyArguments(expr) && expr->is_uninitialized()) {
9412 // We have to use EAGER deoptimization here because Deoptimizer::SOFT
9413 // gets ignored by the always-opt flag, which leads to incorrect code.
9415 Deoptimizer::kInsufficientTypeFeedbackForCallWithArguments,
9416 Deoptimizer::EAGER);
9417 arguments_flag = ARGUMENTS_FAKED;
9420 // Push the function under the receiver.
9421 environment()->SetExpressionStackAt(0, function);
9424 CHECK_ALIVE(VisitExpressions(expr->arguments(), arguments_flag));
9425 CallFunctionFlags flags = receiver->type().IsJSObject()
9426 ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
9427 call = New<HCallFunction>(function, argument_count, flags);
9429 PushArgumentsFromEnvironment(argument_count);
9432 VariableProxy* proxy = expr->expression()->AsVariableProxy();
9433 if (proxy != NULL && proxy->var()->is_possibly_eval(isolate())) {
9434 return Bailout(kPossibleDirectCallToEval);
9437 // The function is on the stack in the unoptimized code during
9438 // evaluation of the arguments.
9439 CHECK_ALIVE(VisitForValue(expr->expression()));
9440 HValue* function = Top();
9441 if (function->IsConstant() &&
9442 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9443 Handle<Object> constant = HConstant::cast(function)->handle(isolate());
9444 Handle<JSFunction> target = Handle<JSFunction>::cast(constant);
9445 expr->SetKnownGlobalTarget(target);
9448 // Placeholder for the receiver.
9449 Push(graph()->GetConstantUndefined());
9450 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9452 if (expr->IsMonomorphic()) {
9453 Add<HCheckValue>(function, expr->target());
9455 // Patch the global object on the stack by the expected receiver.
9456 HValue* receiver = ImplicitReceiverFor(function, expr->target());
9457 const int receiver_index = argument_count - 1;
9458 environment()->SetExpressionStackAt(receiver_index, receiver);
9460 if (TryInlineBuiltinFunctionCall(expr)) {
9461 if (FLAG_trace_inlining) {
9462 PrintF("Inlining builtin ");
9463 expr->target()->ShortPrint();
9468 if (TryInlineApiFunctionCall(expr, receiver)) return;
9469 if (TryHandleArrayCall(expr, function)) return;
9470 if (TryInlineCall(expr)) return;
9472 PushArgumentsFromEnvironment(argument_count);
9473 call = BuildCallConstantFunction(expr->target(), argument_count);
9475 PushArgumentsFromEnvironment(argument_count);
9476 HCallFunction* call_function =
9477 New<HCallFunction>(function, argument_count);
9478 call = call_function;
9479 if (expr->is_uninitialized() &&
9480 expr->IsUsingCallFeedbackICSlot(isolate())) {
9481 // We've never seen this call before, so let's have Crankshaft learn
9482 // through the type vector.
9483 Handle<TypeFeedbackVector> vector =
9484 handle(current_feedback_vector(), isolate());
9485 FeedbackVectorICSlot slot = expr->CallFeedbackICSlot();
9486 call_function->SetVectorAndSlot(vector, slot);
9491 Drop(1); // Drop the function.
9492 return ast_context()->ReturnInstruction(call, expr->id());
9496 void HOptimizedGraphBuilder::BuildInlinedCallArray(
9497 Expression* expression,
9499 Handle<AllocationSite> site) {
9500 DCHECK(!site.is_null());
9501 DCHECK(argument_count >= 0 && argument_count <= 1);
9502 NoObservableSideEffectsScope no_effects(this);
9504 // We should at least have the constructor on the expression stack.
9505 HValue* constructor = environment()->ExpressionStackAt(argument_count);
9507 // Register on the site for deoptimization if the transition feedback changes.
9508 top_info()->dependencies()->AssumeTransitionStable(site);
9509 ElementsKind kind = site->GetElementsKind();
9510 HInstruction* site_instruction = Add<HConstant>(site);
9512 // In the single constant argument case, we may have to adjust elements kind
9513 // to avoid creating a packed non-empty array.
9514 if (argument_count == 1 && !IsHoleyElementsKind(kind)) {
9515 HValue* argument = environment()->Top();
9516 if (argument->IsConstant()) {
9517 HConstant* constant_argument = HConstant::cast(argument);
9518 DCHECK(constant_argument->HasSmiValue());
9519 int constant_array_size = constant_argument->Integer32Value();
9520 if (constant_array_size != 0) {
9521 kind = GetHoleyElementsKind(kind);
9527 JSArrayBuilder array_builder(this,
9531 DISABLE_ALLOCATION_SITES);
9532 HValue* new_object = argument_count == 0
9533 ? array_builder.AllocateEmptyArray()
9534 : BuildAllocateArrayFromLength(&array_builder, Top());
9536 int args_to_drop = argument_count + (expression->IsCall() ? 2 : 1);
9538 ast_context()->ReturnValue(new_object);
9542 // Checks whether allocation using the given constructor can be inlined.
9543 static bool IsAllocationInlineable(Handle<JSFunction> constructor) {
9544 return constructor->has_initial_map() &&
9545 constructor->initial_map()->instance_type() == JS_OBJECT_TYPE &&
9546 constructor->initial_map()->instance_size() < HAllocate::kMaxInlineSize &&
9547 constructor->initial_map()->InitialPropertiesLength() == 0;
9551 bool HOptimizedGraphBuilder::IsCallArrayInlineable(
9553 Handle<AllocationSite> site) {
9554 Handle<JSFunction> caller = current_info()->closure();
9555 Handle<JSFunction> target = array_function();
9556 // We should have the function plus array arguments on the environment stack.
9557 DCHECK(environment()->length() >= (argument_count + 1));
9558 DCHECK(!site.is_null());
9560 bool inline_ok = false;
9561 if (site->CanInlineCall()) {
9562 // We also want to avoid inlining in certain 1 argument scenarios.
9563 if (argument_count == 1) {
9564 HValue* argument = Top();
9565 if (argument->IsConstant()) {
9566 // Do not inline if the constant length argument is not a smi or
9567 // outside the valid range for unrolled loop initialization.
9568 HConstant* constant_argument = HConstant::cast(argument);
9569 if (constant_argument->HasSmiValue()) {
9570 int value = constant_argument->Integer32Value();
9571 inline_ok = value >= 0 && value <= kElementLoopUnrollThreshold;
9573 TraceInline(target, caller,
9574 "Constant length outside of valid inlining range.");
9578 TraceInline(target, caller,
9579 "Dont inline [new] Array(n) where n isn't constant.");
9581 } else if (argument_count == 0) {
9584 TraceInline(target, caller, "Too many arguments to inline.");
9587 TraceInline(target, caller, "AllocationSite requested no inlining.");
9591 TraceInline(target, caller, NULL);
9597 void HOptimizedGraphBuilder::VisitCallNew(CallNew* expr) {
9598 DCHECK(!HasStackOverflow());
9599 DCHECK(current_block() != NULL);
9600 DCHECK(current_block()->HasPredecessor());
9601 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
9602 int argument_count = expr->arguments()->length() + 1; // Plus constructor.
9603 Factory* factory = isolate()->factory();
9605 // The constructor function is on the stack in the unoptimized code
9606 // during evaluation of the arguments.
9607 CHECK_ALIVE(VisitForValue(expr->expression()));
9608 HValue* function = Top();
9609 CHECK_ALIVE(VisitExpressions(expr->arguments()));
9611 if (function->IsConstant() &&
9612 HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9613 Handle<Object> constant = HConstant::cast(function)->handle(isolate());
9614 expr->SetKnownGlobalTarget(Handle<JSFunction>::cast(constant));
9617 if (FLAG_inline_construct &&
9618 expr->IsMonomorphic() &&
9619 IsAllocationInlineable(expr->target())) {
9620 Handle<JSFunction> constructor = expr->target();
9621 HValue* check = Add<HCheckValue>(function, constructor);
9623 // Force completion of inobject slack tracking before generating
9624 // allocation code to finalize instance size.
9625 if (constructor->IsInobjectSlackTrackingInProgress()) {
9626 constructor->CompleteInobjectSlackTracking();
9629 // Calculate instance size from initial map of constructor.
9630 DCHECK(constructor->has_initial_map());
9631 Handle<Map> initial_map(constructor->initial_map());
9632 int instance_size = initial_map->instance_size();
9633 DCHECK(initial_map->InitialPropertiesLength() == 0);
9635 // Allocate an instance of the implicit receiver object.
9636 HValue* size_in_bytes = Add<HConstant>(instance_size);
9637 HAllocationMode allocation_mode;
9638 if (FLAG_pretenuring_call_new) {
9639 if (FLAG_allocation_site_pretenuring) {
9640 // Try to use pretenuring feedback.
9641 Handle<AllocationSite> allocation_site = expr->allocation_site();
9642 allocation_mode = HAllocationMode(allocation_site);
9643 // Take a dependency on allocation site.
9644 top_info()->dependencies()->AssumeTenuringDecision(allocation_site);
9648 HAllocate* receiver = BuildAllocate(
9649 size_in_bytes, HType::JSObject(), JS_OBJECT_TYPE, allocation_mode);
9650 receiver->set_known_initial_map(initial_map);
9652 // Initialize map and fields of the newly allocated object.
9653 { NoObservableSideEffectsScope no_effects(this);
9654 DCHECK(initial_map->instance_type() == JS_OBJECT_TYPE);
9655 Add<HStoreNamedField>(receiver,
9656 HObjectAccess::ForMapAndOffset(initial_map, JSObject::kMapOffset),
9657 Add<HConstant>(initial_map));
9658 HValue* empty_fixed_array = Add<HConstant>(factory->empty_fixed_array());
9659 Add<HStoreNamedField>(receiver,
9660 HObjectAccess::ForMapAndOffset(initial_map,
9661 JSObject::kPropertiesOffset),
9663 Add<HStoreNamedField>(receiver,
9664 HObjectAccess::ForMapAndOffset(initial_map,
9665 JSObject::kElementsOffset),
9667 if (initial_map->inobject_properties() != 0) {
9668 HConstant* undefined = graph()->GetConstantUndefined();
9669 for (int i = 0; i < initial_map->inobject_properties(); i++) {
9670 int property_offset = initial_map->GetInObjectPropertyOffset(i);
9671 Add<HStoreNamedField>(receiver,
9672 HObjectAccess::ForMapAndOffset(initial_map, property_offset),
9678 // Replace the constructor function with a newly allocated receiver using
9679 // the index of the receiver from the top of the expression stack.
9680 const int receiver_index = argument_count - 1;
9681 DCHECK(environment()->ExpressionStackAt(receiver_index) == function);
9682 environment()->SetExpressionStackAt(receiver_index, receiver);
9684 if (TryInlineConstruct(expr, receiver)) {
9685 // Inlining worked, add a dependency on the initial map to make sure that
9686 // this code is deoptimized whenever the initial map of the constructor
9688 top_info()->dependencies()->AssumeInitialMapCantChange(initial_map);
9692 // TODO(mstarzinger): For now we remove the previous HAllocate and all
9693 // corresponding instructions and instead add HPushArguments for the
9694 // arguments in case inlining failed. What we actually should do is for
9695 // inlining to try to build a subgraph without mutating the parent graph.
9696 HInstruction* instr = current_block()->last();
9698 HInstruction* prev_instr = instr->previous();
9699 instr->DeleteAndReplaceWith(NULL);
9701 } while (instr != check);
9702 environment()->SetExpressionStackAt(receiver_index, function);
9703 HInstruction* call =
9704 PreProcessCall(New<HCallNew>(function, argument_count));
9705 return ast_context()->ReturnInstruction(call, expr->id());
9707 // The constructor function is both an operand to the instruction and an
9708 // argument to the construct call.
9709 if (TryHandleArrayCallNew(expr, function)) return;
9711 HInstruction* call =
9712 PreProcessCall(New<HCallNew>(function, argument_count));
9713 return ast_context()->ReturnInstruction(call, expr->id());
9718 HValue* HGraphBuilder::BuildAllocateEmptyArrayBuffer(HValue* byte_length) {
9720 BuildAllocate(Add<HConstant>(JSArrayBuffer::kSizeWithInternalFields),
9721 HType::JSObject(), JS_ARRAY_BUFFER_TYPE, HAllocationMode());
9723 HValue* global_object = Add<HLoadNamedField>(
9725 HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
9726 HValue* native_context = Add<HLoadNamedField>(
9727 global_object, nullptr, HObjectAccess::ForGlobalObjectNativeContext());
9728 Add<HStoreNamedField>(
9729 result, HObjectAccess::ForMap(),
9730 Add<HLoadNamedField>(
9731 native_context, nullptr,
9732 HObjectAccess::ForContextSlot(Context::ARRAY_BUFFER_MAP_INDEX)));
9734 HConstant* empty_fixed_array =
9735 Add<HConstant>(isolate()->factory()->empty_fixed_array());
9736 Add<HStoreNamedField>(
9737 result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
9739 Add<HStoreNamedField>(
9740 result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
9742 Add<HStoreNamedField>(
9743 result, HObjectAccess::ForJSArrayBufferBackingStore().WithRepresentation(
9744 Representation::Smi()),
9745 graph()->GetConstant0());
9746 Add<HStoreNamedField>(result, HObjectAccess::ForJSArrayBufferByteLength(),
9748 Add<HStoreNamedField>(result, HObjectAccess::ForJSArrayBufferBitFieldSlot(),
9749 graph()->GetConstant0());
9750 Add<HStoreNamedField>(
9751 result, HObjectAccess::ForJSArrayBufferBitField(),
9752 Add<HConstant>((1 << JSArrayBuffer::IsExternal::kShift) |
9753 (1 << JSArrayBuffer::IsNeuterable::kShift)));
9755 for (int field = 0; field < v8::ArrayBuffer::kInternalFieldCount; ++field) {
9756 Add<HStoreNamedField>(
9758 HObjectAccess::ForObservableJSObjectOffset(
9759 JSArrayBuffer::kSize + field * kPointerSize, Representation::Smi()),
9760 graph()->GetConstant0());
9767 template <class ViewClass>
9768 void HGraphBuilder::BuildArrayBufferViewInitialization(
9771 HValue* byte_offset,
9772 HValue* byte_length) {
9774 for (int offset = ViewClass::kSize;
9775 offset < ViewClass::kSizeWithInternalFields;
9776 offset += kPointerSize) {
9777 Add<HStoreNamedField>(obj,
9778 HObjectAccess::ForObservableJSObjectOffset(offset),
9779 graph()->GetConstant0());
9782 Add<HStoreNamedField>(
9784 HObjectAccess::ForJSArrayBufferViewByteOffset(),
9786 Add<HStoreNamedField>(
9788 HObjectAccess::ForJSArrayBufferViewByteLength(),
9790 Add<HStoreNamedField>(obj, HObjectAccess::ForJSArrayBufferViewBuffer(),
9795 void HOptimizedGraphBuilder::GenerateDataViewInitialize(
9796 CallRuntime* expr) {
9797 ZoneList<Expression*>* arguments = expr->arguments();
9799 DCHECK(arguments->length()== 4);
9800 CHECK_ALIVE(VisitForValue(arguments->at(0)));
9801 HValue* obj = Pop();
9803 CHECK_ALIVE(VisitForValue(arguments->at(1)));
9804 HValue* buffer = Pop();
9806 CHECK_ALIVE(VisitForValue(arguments->at(2)));
9807 HValue* byte_offset = Pop();
9809 CHECK_ALIVE(VisitForValue(arguments->at(3)));
9810 HValue* byte_length = Pop();
9813 NoObservableSideEffectsScope scope(this);
9814 BuildArrayBufferViewInitialization<JSDataView>(
9815 obj, buffer, byte_offset, byte_length);
9820 static Handle<Map> TypedArrayMap(Isolate* isolate,
9821 ExternalArrayType array_type,
9822 ElementsKind target_kind) {
9823 Handle<Context> native_context = isolate->native_context();
9824 Handle<JSFunction> fun;
9825 switch (array_type) {
9826 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
9827 case kExternal##Type##Array: \
9828 fun = Handle<JSFunction>(native_context->type##_array_fun()); \
9831 TYPED_ARRAYS(TYPED_ARRAY_CASE)
9832 #undef TYPED_ARRAY_CASE
9834 Handle<Map> map(fun->initial_map());
9835 return Map::AsElementsKind(map, target_kind);
9839 HValue* HOptimizedGraphBuilder::BuildAllocateExternalElements(
9840 ExternalArrayType array_type,
9841 bool is_zero_byte_offset,
9842 HValue* buffer, HValue* byte_offset, HValue* length) {
9843 Handle<Map> external_array_map(
9844 isolate()->heap()->MapForExternalArrayType(array_type));
9846 // The HForceRepresentation is to prevent possible deopt on int-smi
9847 // conversion after allocation but before the new object fields are set.
9848 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
9850 Add<HAllocate>(Add<HConstant>(ExternalArray::kSize), HType::HeapObject(),
9851 NOT_TENURED, external_array_map->instance_type());
9853 AddStoreMapConstant(elements, external_array_map);
9854 Add<HStoreNamedField>(elements,
9855 HObjectAccess::ForFixedArrayLength(), length);
9857 HValue* backing_store = Add<HLoadNamedField>(
9858 buffer, nullptr, HObjectAccess::ForJSArrayBufferBackingStore());
9860 HValue* typed_array_start;
9861 if (is_zero_byte_offset) {
9862 typed_array_start = backing_store;
9864 HInstruction* external_pointer =
9865 AddUncasted<HAdd>(backing_store, byte_offset);
9866 // Arguments are checked prior to call to TypedArrayInitialize,
9867 // including byte_offset.
9868 external_pointer->ClearFlag(HValue::kCanOverflow);
9869 typed_array_start = external_pointer;
9872 Add<HStoreNamedField>(elements,
9873 HObjectAccess::ForExternalArrayExternalPointer(),
9880 HValue* HOptimizedGraphBuilder::BuildAllocateFixedTypedArray(
9881 ExternalArrayType array_type, size_t element_size,
9882 ElementsKind fixed_elements_kind, HValue* byte_length, HValue* length,
9885 (FixedTypedArrayBase::kHeaderSize & kObjectAlignmentMask) == 0);
9888 // if fixed array's elements are not aligned to object's alignment,
9889 // we need to align the whole array to object alignment.
9890 if (element_size % kObjectAlignment != 0) {
9891 total_size = BuildObjectSizeAlignment(
9892 byte_length, FixedTypedArrayBase::kHeaderSize);
9894 total_size = AddUncasted<HAdd>(byte_length,
9895 Add<HConstant>(FixedTypedArrayBase::kHeaderSize));
9896 total_size->ClearFlag(HValue::kCanOverflow);
9899 // The HForceRepresentation is to prevent possible deopt on int-smi
9900 // conversion after allocation but before the new object fields are set.
9901 length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
9902 Handle<Map> fixed_typed_array_map(
9903 isolate()->heap()->MapForFixedTypedArray(array_type));
9904 HAllocate* elements =
9905 Add<HAllocate>(total_size, HType::HeapObject(), NOT_TENURED,
9906 fixed_typed_array_map->instance_type());
9908 #ifndef V8_HOST_ARCH_64_BIT
9909 if (array_type == kExternalFloat64Array) {
9910 elements->MakeDoubleAligned();
9914 AddStoreMapConstant(elements, fixed_typed_array_map);
9916 Add<HStoreNamedField>(elements,
9917 HObjectAccess::ForFixedArrayLength(),
9920 HValue* filler = Add<HConstant>(static_cast<int32_t>(0));
9923 LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
9925 HValue* key = builder.BeginBody(
9926 Add<HConstant>(static_cast<int32_t>(0)),
9928 Add<HStoreKeyed>(elements, key, filler, fixed_elements_kind);
9936 void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
9937 CallRuntime* expr) {
9938 ZoneList<Expression*>* arguments = expr->arguments();
9940 static const int kObjectArg = 0;
9941 static const int kArrayIdArg = 1;
9942 static const int kBufferArg = 2;
9943 static const int kByteOffsetArg = 3;
9944 static const int kByteLengthArg = 4;
9945 static const int kInitializeArg = 5;
9946 static const int kArgsLength = 6;
9947 DCHECK(arguments->length() == kArgsLength);
9950 CHECK_ALIVE(VisitForValue(arguments->at(kObjectArg)));
9951 HValue* obj = Pop();
9953 if (!arguments->at(kArrayIdArg)->IsLiteral()) {
9954 // This should never happen in real use, but can happen when fuzzing.
9956 Bailout(kNeedSmiLiteral);
9959 Handle<Object> value =
9960 static_cast<Literal*>(arguments->at(kArrayIdArg))->value();
9961 if (!value->IsSmi()) {
9962 // This should never happen in real use, but can happen when fuzzing.
9964 Bailout(kNeedSmiLiteral);
9967 int array_id = Smi::cast(*value)->value();
9970 if (!arguments->at(kBufferArg)->IsNullLiteral()) {
9971 CHECK_ALIVE(VisitForValue(arguments->at(kBufferArg)));
9977 HValue* byte_offset;
9978 bool is_zero_byte_offset;
9980 if (arguments->at(kByteOffsetArg)->IsLiteral()
9981 && Smi::FromInt(0) ==
9982 *static_cast<Literal*>(arguments->at(kByteOffsetArg))->value()) {
9983 byte_offset = Add<HConstant>(static_cast<int32_t>(0));
9984 is_zero_byte_offset = true;
9986 CHECK_ALIVE(VisitForValue(arguments->at(kByteOffsetArg)));
9987 byte_offset = Pop();
9988 is_zero_byte_offset = false;
9989 DCHECK(buffer != NULL);
9992 CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
9993 HValue* byte_length = Pop();
9995 CHECK(arguments->at(kInitializeArg)->IsLiteral());
9996 bool initialize = static_cast<Literal*>(arguments->at(kInitializeArg))
10000 NoObservableSideEffectsScope scope(this);
10001 IfBuilder byte_offset_smi(this);
10003 if (!is_zero_byte_offset) {
10004 byte_offset_smi.If<HIsSmiAndBranch>(byte_offset);
10005 byte_offset_smi.Then();
10008 ExternalArrayType array_type =
10009 kExternalInt8Array; // Bogus initialization.
10010 size_t element_size = 1; // Bogus initialization.
10011 ElementsKind external_elements_kind = // Bogus initialization.
10012 EXTERNAL_INT8_ELEMENTS;
10013 ElementsKind fixed_elements_kind = // Bogus initialization.
10015 Runtime::ArrayIdToTypeAndSize(array_id,
10017 &external_elements_kind,
10018 &fixed_elements_kind,
10022 { // byte_offset is Smi.
10023 HValue* allocated_buffer = buffer;
10024 if (buffer == NULL) {
10025 allocated_buffer = BuildAllocateEmptyArrayBuffer(byte_length);
10027 BuildArrayBufferViewInitialization<JSTypedArray>(obj, allocated_buffer,
10028 byte_offset, byte_length);
10031 HInstruction* length = AddUncasted<HDiv>(byte_length,
10032 Add<HConstant>(static_cast<int32_t>(element_size)));
10034 Add<HStoreNamedField>(obj,
10035 HObjectAccess::ForJSTypedArrayLength(),
10039 if (buffer != NULL) {
10040 elements = BuildAllocateExternalElements(
10041 array_type, is_zero_byte_offset, buffer, byte_offset, length);
10042 Handle<Map> obj_map = TypedArrayMap(
10043 isolate(), array_type, external_elements_kind);
10044 AddStoreMapConstant(obj, obj_map);
10046 DCHECK(is_zero_byte_offset);
10047 elements = BuildAllocateFixedTypedArray(array_type, element_size,
10048 fixed_elements_kind, byte_length,
10049 length, initialize);
10051 Add<HStoreNamedField>(
10052 obj, HObjectAccess::ForElementsPointer(), elements);
10055 if (!is_zero_byte_offset) {
10056 byte_offset_smi.Else();
10057 { // byte_offset is not Smi.
10059 CHECK_ALIVE(VisitForValue(arguments->at(kArrayIdArg)));
10063 CHECK_ALIVE(VisitForValue(arguments->at(kInitializeArg)));
10064 PushArgumentsFromEnvironment(kArgsLength);
10065 Add<HCallRuntime>(expr->name(), expr->function(), kArgsLength);
10068 byte_offset_smi.End();
10072 void HOptimizedGraphBuilder::GenerateMaxSmi(CallRuntime* expr) {
10073 DCHECK(expr->arguments()->length() == 0);
10074 HConstant* max_smi = New<HConstant>(static_cast<int32_t>(Smi::kMaxValue));
10075 return ast_context()->ReturnInstruction(max_smi, expr->id());
10079 void HOptimizedGraphBuilder::GenerateTypedArrayMaxSizeInHeap(
10080 CallRuntime* expr) {
10081 DCHECK(expr->arguments()->length() == 0);
10082 HConstant* result = New<HConstant>(static_cast<int32_t>(
10083 FLAG_typed_array_max_size_in_heap));
10084 return ast_context()->ReturnInstruction(result, expr->id());
10088 void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
10089 CallRuntime* expr) {
10090 DCHECK(expr->arguments()->length() == 1);
10091 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10092 HValue* buffer = Pop();
10093 HInstruction* result = New<HLoadNamedField>(
10094 buffer, nullptr, HObjectAccess::ForJSArrayBufferByteLength());
10095 return ast_context()->ReturnInstruction(result, expr->id());
10099 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteLength(
10100 CallRuntime* expr) {
10101 NoObservableSideEffectsScope scope(this);
10102 DCHECK(expr->arguments()->length() == 1);
10103 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10104 HValue* view = Pop();
10106 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10108 FieldIndex::ForInObjectOffset(JSArrayBufferView::kByteLengthOffset)));
10112 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteOffset(
10113 CallRuntime* expr) {
10114 NoObservableSideEffectsScope scope(this);
10115 DCHECK(expr->arguments()->length() == 1);
10116 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10117 HValue* view = Pop();
10119 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10121 FieldIndex::ForInObjectOffset(JSArrayBufferView::kByteOffsetOffset)));
10125 void HOptimizedGraphBuilder::GenerateTypedArrayGetLength(
10126 CallRuntime* expr) {
10127 NoObservableSideEffectsScope scope(this);
10128 DCHECK(expr->arguments()->length() == 1);
10129 CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
10130 HValue* view = Pop();
10132 return ast_context()->ReturnValue(BuildArrayBufferViewFieldAccessor(
10134 FieldIndex::ForInObjectOffset(JSTypedArray::kLengthOffset)));
10138 void HOptimizedGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
10139 DCHECK(!HasStackOverflow());
10140 DCHECK(current_block() != NULL);
10141 DCHECK(current_block()->HasPredecessor());
10142 if (expr->is_jsruntime()) {
10143 return Bailout(kCallToAJavaScriptRuntimeFunction);
10146 const Runtime::Function* function = expr->function();
10147 DCHECK(function != NULL);
10148 switch (function->function_id) {
10149 #define CALL_INTRINSIC_GENERATOR(Name) \
10150 case Runtime::kInline##Name: \
10151 return Generate##Name(expr);
10153 FOR_EACH_HYDROGEN_INTRINSIC(CALL_INTRINSIC_GENERATOR)
10154 #undef CALL_INTRINSIC_GENERATOR
10156 Handle<String> name = expr->name();
10157 int argument_count = expr->arguments()->length();
10158 CHECK_ALIVE(VisitExpressions(expr->arguments()));
10159 PushArgumentsFromEnvironment(argument_count);
10160 HCallRuntime* call = New<HCallRuntime>(name, function, argument_count);
10161 return ast_context()->ReturnInstruction(call, expr->id());
10167 void HOptimizedGraphBuilder::VisitUnaryOperation(UnaryOperation* expr) {
10168 DCHECK(!HasStackOverflow());
10169 DCHECK(current_block() != NULL);
10170 DCHECK(current_block()->HasPredecessor());
10171 switch (expr->op()) {
10172 case Token::DELETE: return VisitDelete(expr);
10173 case Token::VOID: return VisitVoid(expr);
10174 case Token::TYPEOF: return VisitTypeof(expr);
10175 case Token::NOT: return VisitNot(expr);
10176 default: UNREACHABLE();
10181 void HOptimizedGraphBuilder::VisitDelete(UnaryOperation* expr) {
10182 Property* prop = expr->expression()->AsProperty();
10183 VariableProxy* proxy = expr->expression()->AsVariableProxy();
10184 if (prop != NULL) {
10185 CHECK_ALIVE(VisitForValue(prop->obj()));
10186 CHECK_ALIVE(VisitForValue(prop->key()));
10187 HValue* key = Pop();
10188 HValue* obj = Pop();
10189 HValue* function = AddLoadJSBuiltin(Builtins::DELETE);
10190 Add<HPushArguments>(obj, key, Add<HConstant>(function_language_mode()));
10191 // TODO(olivf) InvokeFunction produces a check for the parameter count,
10192 // even though we are certain to pass the correct number of arguments here.
10193 HInstruction* instr = New<HInvokeFunction>(function, 3);
10194 return ast_context()->ReturnInstruction(instr, expr->id());
10195 } else if (proxy != NULL) {
10196 Variable* var = proxy->var();
10197 if (var->IsUnallocated()) {
10198 Bailout(kDeleteWithGlobalVariable);
10199 } else if (var->IsStackAllocated() || var->IsContextSlot()) {
10200 // Result of deleting non-global variables is false. 'this' is not
10201 // really a variable, though we implement it as one. The
10202 // subexpression does not have side effects.
10203 HValue* value = var->is_this()
10204 ? graph()->GetConstantTrue()
10205 : graph()->GetConstantFalse();
10206 return ast_context()->ReturnValue(value);
10208 Bailout(kDeleteWithNonGlobalVariable);
10211 // Result of deleting non-property, non-variable reference is true.
10212 // Evaluate the subexpression for side effects.
10213 CHECK_ALIVE(VisitForEffect(expr->expression()));
10214 return ast_context()->ReturnValue(graph()->GetConstantTrue());
10219 void HOptimizedGraphBuilder::VisitVoid(UnaryOperation* expr) {
10220 CHECK_ALIVE(VisitForEffect(expr->expression()));
10221 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
10225 void HOptimizedGraphBuilder::VisitTypeof(UnaryOperation* expr) {
10226 CHECK_ALIVE(VisitForTypeOf(expr->expression()));
10227 HValue* value = Pop();
10228 HInstruction* instr = New<HTypeof>(value);
10229 return ast_context()->ReturnInstruction(instr, expr->id());
10233 void HOptimizedGraphBuilder::VisitNot(UnaryOperation* expr) {
10234 if (ast_context()->IsTest()) {
10235 TestContext* context = TestContext::cast(ast_context());
10236 VisitForControl(expr->expression(),
10237 context->if_false(),
10238 context->if_true());
10242 if (ast_context()->IsEffect()) {
10243 VisitForEffect(expr->expression());
10247 DCHECK(ast_context()->IsValue());
10248 HBasicBlock* materialize_false = graph()->CreateBasicBlock();
10249 HBasicBlock* materialize_true = graph()->CreateBasicBlock();
10250 CHECK_BAILOUT(VisitForControl(expr->expression(),
10252 materialize_true));
10254 if (materialize_false->HasPredecessor()) {
10255 materialize_false->SetJoinId(expr->MaterializeFalseId());
10256 set_current_block(materialize_false);
10257 Push(graph()->GetConstantFalse());
10259 materialize_false = NULL;
10262 if (materialize_true->HasPredecessor()) {
10263 materialize_true->SetJoinId(expr->MaterializeTrueId());
10264 set_current_block(materialize_true);
10265 Push(graph()->GetConstantTrue());
10267 materialize_true = NULL;
10270 HBasicBlock* join =
10271 CreateJoin(materialize_false, materialize_true, expr->id());
10272 set_current_block(join);
10273 if (join != NULL) return ast_context()->ReturnValue(Pop());
10277 static Representation RepresentationFor(Type* type) {
10278 DisallowHeapAllocation no_allocation;
10279 if (type->Is(Type::None())) return Representation::None();
10280 if (type->Is(Type::SignedSmall())) return Representation::Smi();
10281 if (type->Is(Type::Signed32())) return Representation::Integer32();
10282 if (type->Is(Type::Number())) return Representation::Double();
10283 return Representation::Tagged();
10287 HInstruction* HOptimizedGraphBuilder::BuildIncrement(
10288 bool returns_original_input,
10289 CountOperation* expr) {
10290 // The input to the count operation is on top of the expression stack.
10291 Representation rep = RepresentationFor(expr->type());
10292 if (rep.IsNone() || rep.IsTagged()) {
10293 rep = Representation::Smi();
10296 if (returns_original_input) {
10297 // We need an explicit HValue representing ToNumber(input). The
10298 // actual HChange instruction we need is (sometimes) added in a later
10299 // phase, so it is not available now to be used as an input to HAdd and
10300 // as the return value.
10301 HInstruction* number_input = AddUncasted<HForceRepresentation>(Pop(), rep);
10302 if (!rep.IsDouble()) {
10303 number_input->SetFlag(HInstruction::kFlexibleRepresentation);
10304 number_input->SetFlag(HInstruction::kCannotBeTagged);
10306 Push(number_input);
10309 // The addition has no side effects, so we do not need
10310 // to simulate the expression stack after this instruction.
10311 // Any later failures deopt to the load of the input or earlier.
10312 HConstant* delta = (expr->op() == Token::INC)
10313 ? graph()->GetConstant1()
10314 : graph()->GetConstantMinus1();
10315 HInstruction* instr =
10316 AddUncasted<HAdd>(Top(), delta, strength(function_language_mode()));
10317 if (instr->IsAdd()) {
10318 HAdd* add = HAdd::cast(instr);
10319 add->set_observed_input_representation(1, rep);
10320 add->set_observed_input_representation(2, Representation::Smi());
10322 instr->SetFlag(HInstruction::kCannotBeTagged);
10323 instr->ClearAllSideEffects();
10328 void HOptimizedGraphBuilder::BuildStoreForEffect(Expression* expr,
10331 BailoutId return_id,
10335 EffectContext for_effect(this);
10337 if (key != NULL) Push(key);
10339 BuildStore(expr, prop, ast_id, return_id);
10343 void HOptimizedGraphBuilder::VisitCountOperation(CountOperation* expr) {
10344 DCHECK(!HasStackOverflow());
10345 DCHECK(current_block() != NULL);
10346 DCHECK(current_block()->HasPredecessor());
10347 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
10348 Expression* target = expr->expression();
10349 VariableProxy* proxy = target->AsVariableProxy();
10350 Property* prop = target->AsProperty();
10351 if (proxy == NULL && prop == NULL) {
10352 return Bailout(kInvalidLhsInCountOperation);
10355 // Match the full code generator stack by simulating an extra stack
10356 // element for postfix operations in a non-effect context. The return
10357 // value is ToNumber(input).
10358 bool returns_original_input =
10359 expr->is_postfix() && !ast_context()->IsEffect();
10360 HValue* input = NULL; // ToNumber(original_input).
10361 HValue* after = NULL; // The result after incrementing or decrementing.
10363 if (proxy != NULL) {
10364 Variable* var = proxy->var();
10365 if (var->mode() == CONST_LEGACY) {
10366 return Bailout(kUnsupportedCountOperationWithConst);
10368 if (var->mode() == CONST) {
10369 return Bailout(kNonInitializerAssignmentToConst);
10371 // Argument of the count operation is a variable, not a property.
10372 DCHECK(prop == NULL);
10373 CHECK_ALIVE(VisitForValue(target));
10375 after = BuildIncrement(returns_original_input, expr);
10376 input = returns_original_input ? Top() : Pop();
10379 switch (var->location()) {
10380 case Variable::UNALLOCATED:
10381 HandleGlobalVariableAssignment(var,
10383 expr->AssignmentId());
10386 case Variable::PARAMETER:
10387 case Variable::LOCAL:
10388 BindIfLive(var, after);
10391 case Variable::CONTEXT: {
10392 // Bail out if we try to mutate a parameter value in a function
10393 // using the arguments object. We do not (yet) correctly handle the
10394 // arguments property of the function.
10395 if (current_info()->scope()->arguments() != NULL) {
10396 // Parameters will rewrite to context slots. We have no direct
10397 // way to detect that the variable is a parameter so we use a
10398 // linear search of the parameter list.
10399 int count = current_info()->scope()->num_parameters();
10400 for (int i = 0; i < count; ++i) {
10401 if (var == current_info()->scope()->parameter(i)) {
10402 return Bailout(kAssignmentToParameterInArgumentsObject);
10407 HValue* context = BuildContextChainWalk(var);
10408 HStoreContextSlot::Mode mode = IsLexicalVariableMode(var->mode())
10409 ? HStoreContextSlot::kCheckDeoptimize : HStoreContextSlot::kNoCheck;
10410 HStoreContextSlot* instr = Add<HStoreContextSlot>(context, var->index(),
10412 if (instr->HasObservableSideEffects()) {
10413 Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
10418 case Variable::LOOKUP:
10419 return Bailout(kLookupVariableInCountOperation);
10422 Drop(returns_original_input ? 2 : 1);
10423 return ast_context()->ReturnValue(expr->is_postfix() ? input : after);
10426 // Argument of the count operation is a property.
10427 DCHECK(prop != NULL);
10428 if (returns_original_input) Push(graph()->GetConstantUndefined());
10430 CHECK_ALIVE(VisitForValue(prop->obj()));
10431 HValue* object = Top();
10433 HValue* key = NULL;
10434 if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
10435 CHECK_ALIVE(VisitForValue(prop->key()));
10439 CHECK_ALIVE(PushLoad(prop, object, key));
10441 after = BuildIncrement(returns_original_input, expr);
10443 if (returns_original_input) {
10445 // Drop object and key to push it again in the effect context below.
10446 Drop(key == NULL ? 1 : 2);
10447 environment()->SetExpressionStackAt(0, input);
10448 CHECK_ALIVE(BuildStoreForEffect(
10449 expr, prop, expr->id(), expr->AssignmentId(), object, key, after));
10450 return ast_context()->ReturnValue(Pop());
10453 environment()->SetExpressionStackAt(0, after);
10454 return BuildStore(expr, prop, expr->id(), expr->AssignmentId());
10458 HInstruction* HOptimizedGraphBuilder::BuildStringCharCodeAt(
10461 if (string->IsConstant() && index->IsConstant()) {
10462 HConstant* c_string = HConstant::cast(string);
10463 HConstant* c_index = HConstant::cast(index);
10464 if (c_string->HasStringValue() && c_index->HasNumberValue()) {
10465 int32_t i = c_index->NumberValueAsInteger32();
10466 Handle<String> s = c_string->StringValue();
10467 if (i < 0 || i >= s->length()) {
10468 return New<HConstant>(std::numeric_limits<double>::quiet_NaN());
10470 return New<HConstant>(s->Get(i));
10473 string = BuildCheckString(string);
10474 index = Add<HBoundsCheck>(index, AddLoadStringLength(string));
10475 return New<HStringCharCodeAt>(string, index);
10479 // Checks if the given shift amounts have following forms:
10480 // (N1) and (N2) with N1 + N2 = 32; (sa) and (32 - sa).
10481 static bool ShiftAmountsAllowReplaceByRotate(HValue* sa,
10482 HValue* const32_minus_sa) {
10483 if (sa->IsConstant() && const32_minus_sa->IsConstant()) {
10484 const HConstant* c1 = HConstant::cast(sa);
10485 const HConstant* c2 = HConstant::cast(const32_minus_sa);
10486 return c1->HasInteger32Value() && c2->HasInteger32Value() &&
10487 (c1->Integer32Value() + c2->Integer32Value() == 32);
10489 if (!const32_minus_sa->IsSub()) return false;
10490 HSub* sub = HSub::cast(const32_minus_sa);
10491 return sub->left()->EqualsInteger32Constant(32) && sub->right() == sa;
10495 // Checks if the left and the right are shift instructions with the oposite
10496 // directions that can be replaced by one rotate right instruction or not.
10497 // Returns the operand and the shift amount for the rotate instruction in the
10499 bool HGraphBuilder::MatchRotateRight(HValue* left,
10502 HValue** shift_amount) {
10505 if (left->IsShl() && right->IsShr()) {
10506 shl = HShl::cast(left);
10507 shr = HShr::cast(right);
10508 } else if (left->IsShr() && right->IsShl()) {
10509 shl = HShl::cast(right);
10510 shr = HShr::cast(left);
10514 if (shl->left() != shr->left()) return false;
10516 if (!ShiftAmountsAllowReplaceByRotate(shl->right(), shr->right()) &&
10517 !ShiftAmountsAllowReplaceByRotate(shr->right(), shl->right())) {
10520 *operand = shr->left();
10521 *shift_amount = shr->right();
10526 bool CanBeZero(HValue* right) {
10527 if (right->IsConstant()) {
10528 HConstant* right_const = HConstant::cast(right);
10529 if (right_const->HasInteger32Value() &&
10530 (right_const->Integer32Value() & 0x1f) != 0) {
10538 HValue* HGraphBuilder::EnforceNumberType(HValue* number,
10540 if (expected->Is(Type::SignedSmall())) {
10541 return AddUncasted<HForceRepresentation>(number, Representation::Smi());
10543 if (expected->Is(Type::Signed32())) {
10544 return AddUncasted<HForceRepresentation>(number,
10545 Representation::Integer32());
10551 HValue* HGraphBuilder::TruncateToNumber(HValue* value, Type** expected) {
10552 if (value->IsConstant()) {
10553 HConstant* constant = HConstant::cast(value);
10554 Maybe<HConstant*> number =
10555 constant->CopyToTruncatedNumber(isolate(), zone());
10556 if (number.IsJust()) {
10557 *expected = Type::Number(zone());
10558 return AddInstruction(number.FromJust());
10562 // We put temporary values on the stack, which don't correspond to anything
10563 // in baseline code. Since nothing is observable we avoid recording those
10564 // pushes with a NoObservableSideEffectsScope.
10565 NoObservableSideEffectsScope no_effects(this);
10567 Type* expected_type = *expected;
10569 // Separate the number type from the rest.
10570 Type* expected_obj =
10571 Type::Intersect(expected_type, Type::NonNumber(zone()), zone());
10572 Type* expected_number =
10573 Type::Intersect(expected_type, Type::Number(zone()), zone());
10575 // We expect to get a number.
10576 // (We need to check first, since Type::None->Is(Type::Any()) == true.
10577 if (expected_obj->Is(Type::None())) {
10578 DCHECK(!expected_number->Is(Type::None(zone())));
10582 if (expected_obj->Is(Type::Undefined(zone()))) {
10583 // This is already done by HChange.
10584 *expected = Type::Union(expected_number, Type::Number(zone()), zone());
10592 HValue* HOptimizedGraphBuilder::BuildBinaryOperation(
10593 BinaryOperation* expr,
10596 PushBeforeSimulateBehavior push_sim_result) {
10597 Type* left_type = expr->left()->bounds().lower;
10598 Type* right_type = expr->right()->bounds().lower;
10599 Type* result_type = expr->bounds().lower;
10600 Maybe<int> fixed_right_arg = expr->fixed_right_arg();
10601 Handle<AllocationSite> allocation_site = expr->allocation_site();
10603 HAllocationMode allocation_mode;
10604 if (FLAG_allocation_site_pretenuring && !allocation_site.is_null()) {
10605 allocation_mode = HAllocationMode(allocation_site);
10608 HValue* result = HGraphBuilder::BuildBinaryOperation(
10609 expr->op(), left, right, left_type, right_type, result_type,
10610 fixed_right_arg, allocation_mode, strength(function_language_mode()));
10611 // Add a simulate after instructions with observable side effects, and
10612 // after phis, which are the result of BuildBinaryOperation when we
10613 // inlined some complex subgraph.
10614 if (result->HasObservableSideEffects() || result->IsPhi()) {
10615 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
10617 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10620 Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10627 HValue* HGraphBuilder::BuildBinaryOperation(Token::Value op, HValue* left,
10628 HValue* right, Type* left_type,
10629 Type* right_type, Type* result_type,
10630 Maybe<int> fixed_right_arg,
10631 HAllocationMode allocation_mode,
10632 Strength strength) {
10633 bool maybe_string_add = false;
10634 if (op == Token::ADD) {
10635 // If we are adding constant string with something for which we don't have
10636 // a feedback yet, assume that it's also going to be a string and don't
10637 // generate deopt instructions.
10638 if (!left_type->IsInhabited() && right->IsConstant() &&
10639 HConstant::cast(right)->HasStringValue()) {
10640 left_type = Type::String();
10643 if (!right_type->IsInhabited() && left->IsConstant() &&
10644 HConstant::cast(left)->HasStringValue()) {
10645 right_type = Type::String();
10648 maybe_string_add = (left_type->Maybe(Type::String()) ||
10649 left_type->Maybe(Type::Receiver()) ||
10650 right_type->Maybe(Type::String()) ||
10651 right_type->Maybe(Type::Receiver()));
10654 Representation left_rep = RepresentationFor(left_type);
10655 Representation right_rep = RepresentationFor(right_type);
10657 if (!left_type->IsInhabited()) {
10659 Deoptimizer::kInsufficientTypeFeedbackForLHSOfBinaryOperation,
10660 Deoptimizer::SOFT);
10661 left_type = Type::Any(zone());
10662 left_rep = RepresentationFor(left_type);
10663 maybe_string_add = op == Token::ADD;
10666 if (!right_type->IsInhabited()) {
10668 Deoptimizer::kInsufficientTypeFeedbackForRHSOfBinaryOperation,
10669 Deoptimizer::SOFT);
10670 right_type = Type::Any(zone());
10671 right_rep = RepresentationFor(right_type);
10672 maybe_string_add = op == Token::ADD;
10675 if (!maybe_string_add) {
10676 left = TruncateToNumber(left, &left_type);
10677 right = TruncateToNumber(right, &right_type);
10680 // Special case for string addition here.
10681 if (op == Token::ADD &&
10682 (left_type->Is(Type::String()) || right_type->Is(Type::String()))) {
10683 // Validate type feedback for left argument.
10684 if (left_type->Is(Type::String())) {
10685 left = BuildCheckString(left);
10688 // Validate type feedback for right argument.
10689 if (right_type->Is(Type::String())) {
10690 right = BuildCheckString(right);
10693 // Convert left argument as necessary.
10694 if (left_type->Is(Type::Number()) && !is_strong(strength)) {
10695 DCHECK(right_type->Is(Type::String()));
10696 left = BuildNumberToString(left, left_type);
10697 } else if (!left_type->Is(Type::String())) {
10698 DCHECK(right_type->Is(Type::String()));
10699 HValue* function = AddLoadJSBuiltin(
10700 is_strong(strength) ? Builtins::STRING_ADD_RIGHT_STRONG
10701 : Builtins::STRING_ADD_RIGHT);
10702 Add<HPushArguments>(left, right);
10703 return AddUncasted<HInvokeFunction>(function, 2);
10706 // Convert right argument as necessary.
10707 if (right_type->Is(Type::Number()) && !is_strong(strength)) {
10708 DCHECK(left_type->Is(Type::String()));
10709 right = BuildNumberToString(right, right_type);
10710 } else if (!right_type->Is(Type::String())) {
10711 DCHECK(left_type->Is(Type::String()));
10712 HValue* function = AddLoadJSBuiltin(is_strong(strength)
10713 ? Builtins::STRING_ADD_LEFT_STRONG
10714 : Builtins::STRING_ADD_LEFT);
10715 Add<HPushArguments>(left, right);
10716 return AddUncasted<HInvokeFunction>(function, 2);
10719 // Fast paths for empty constant strings.
10720 Handle<String> left_string =
10721 left->IsConstant() && HConstant::cast(left)->HasStringValue()
10722 ? HConstant::cast(left)->StringValue()
10723 : Handle<String>();
10724 Handle<String> right_string =
10725 right->IsConstant() && HConstant::cast(right)->HasStringValue()
10726 ? HConstant::cast(right)->StringValue()
10727 : Handle<String>();
10728 if (!left_string.is_null() && left_string->length() == 0) return right;
10729 if (!right_string.is_null() && right_string->length() == 0) return left;
10730 if (!left_string.is_null() && !right_string.is_null()) {
10731 return AddUncasted<HStringAdd>(
10732 left, right, strength, allocation_mode.GetPretenureMode(),
10733 STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
10736 // Register the dependent code with the allocation site.
10737 if (!allocation_mode.feedback_site().is_null()) {
10738 DCHECK(!graph()->info()->IsStub());
10739 Handle<AllocationSite> site(allocation_mode.feedback_site());
10740 top_info()->dependencies()->AssumeTenuringDecision(site);
10743 // Inline the string addition into the stub when creating allocation
10744 // mementos to gather allocation site feedback, or if we can statically
10745 // infer that we're going to create a cons string.
10746 if ((graph()->info()->IsStub() &&
10747 allocation_mode.CreateAllocationMementos()) ||
10748 (left->IsConstant() &&
10749 HConstant::cast(left)->HasStringValue() &&
10750 HConstant::cast(left)->StringValue()->length() + 1 >=
10751 ConsString::kMinLength) ||
10752 (right->IsConstant() &&
10753 HConstant::cast(right)->HasStringValue() &&
10754 HConstant::cast(right)->StringValue()->length() + 1 >=
10755 ConsString::kMinLength)) {
10756 return BuildStringAdd(left, right, allocation_mode);
10759 // Fallback to using the string add stub.
10760 return AddUncasted<HStringAdd>(
10761 left, right, strength, allocation_mode.GetPretenureMode(),
10762 STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
10765 if (graph()->info()->IsStub()) {
10766 left = EnforceNumberType(left, left_type);
10767 right = EnforceNumberType(right, right_type);
10770 Representation result_rep = RepresentationFor(result_type);
10772 bool is_non_primitive = (left_rep.IsTagged() && !left_rep.IsSmi()) ||
10773 (right_rep.IsTagged() && !right_rep.IsSmi());
10775 HInstruction* instr = NULL;
10776 // Only the stub is allowed to call into the runtime, since otherwise we would
10777 // inline several instructions (including the two pushes) for every tagged
10778 // operation in optimized code, which is more expensive, than a stub call.
10779 if (graph()->info()->IsStub() && is_non_primitive) {
10781 AddLoadJSBuiltin(BinaryOpIC::TokenToJSBuiltin(op, strength));
10782 Add<HPushArguments>(left, right);
10783 instr = AddUncasted<HInvokeFunction>(function, 2);
10787 instr = AddUncasted<HAdd>(left, right, strength);
10790 instr = AddUncasted<HSub>(left, right, strength);
10793 instr = AddUncasted<HMul>(left, right, strength);
10796 if (fixed_right_arg.IsJust() &&
10797 !right->EqualsInteger32Constant(fixed_right_arg.FromJust())) {
10798 HConstant* fixed_right =
10799 Add<HConstant>(static_cast<int>(fixed_right_arg.FromJust()));
10800 IfBuilder if_same(this);
10801 if_same.If<HCompareNumericAndBranch>(right, fixed_right, Token::EQ);
10803 if_same.ElseDeopt(Deoptimizer::kUnexpectedRHSOfBinaryOperation);
10804 right = fixed_right;
10806 instr = AddUncasted<HMod>(left, right, strength);
10810 instr = AddUncasted<HDiv>(left, right, strength);
10812 case Token::BIT_XOR:
10813 case Token::BIT_AND:
10814 instr = AddUncasted<HBitwise>(op, left, right, strength);
10816 case Token::BIT_OR: {
10817 HValue* operand, *shift_amount;
10818 if (left_type->Is(Type::Signed32()) &&
10819 right_type->Is(Type::Signed32()) &&
10820 MatchRotateRight(left, right, &operand, &shift_amount)) {
10821 instr = AddUncasted<HRor>(operand, shift_amount, strength);
10823 instr = AddUncasted<HBitwise>(op, left, right, strength);
10828 instr = AddUncasted<HSar>(left, right, strength);
10831 instr = AddUncasted<HShr>(left, right, strength);
10832 if (instr->IsShr() && CanBeZero(right)) {
10833 graph()->RecordUint32Instruction(instr);
10837 instr = AddUncasted<HShl>(left, right, strength);
10844 if (instr->IsBinaryOperation()) {
10845 HBinaryOperation* binop = HBinaryOperation::cast(instr);
10846 binop->set_observed_input_representation(1, left_rep);
10847 binop->set_observed_input_representation(2, right_rep);
10848 binop->initialize_output_representation(result_rep);
10849 if (graph()->info()->IsStub()) {
10850 // Stub should not call into stub.
10851 instr->SetFlag(HValue::kCannotBeTagged);
10852 // And should truncate on HForceRepresentation already.
10853 if (left->IsForceRepresentation()) {
10854 left->CopyFlag(HValue::kTruncatingToSmi, instr);
10855 left->CopyFlag(HValue::kTruncatingToInt32, instr);
10857 if (right->IsForceRepresentation()) {
10858 right->CopyFlag(HValue::kTruncatingToSmi, instr);
10859 right->CopyFlag(HValue::kTruncatingToInt32, instr);
10867 // Check for the form (%_ClassOf(foo) === 'BarClass').
10868 static bool IsClassOfTest(CompareOperation* expr) {
10869 if (expr->op() != Token::EQ_STRICT) return false;
10870 CallRuntime* call = expr->left()->AsCallRuntime();
10871 if (call == NULL) return false;
10872 Literal* literal = expr->right()->AsLiteral();
10873 if (literal == NULL) return false;
10874 if (!literal->value()->IsString()) return false;
10875 if (!call->name()->IsOneByteEqualTo(STATIC_CHAR_VECTOR("_ClassOf"))) {
10878 DCHECK(call->arguments()->length() == 1);
10883 void HOptimizedGraphBuilder::VisitBinaryOperation(BinaryOperation* expr) {
10884 DCHECK(!HasStackOverflow());
10885 DCHECK(current_block() != NULL);
10886 DCHECK(current_block()->HasPredecessor());
10887 switch (expr->op()) {
10889 return VisitComma(expr);
10892 return VisitLogicalExpression(expr);
10894 return VisitArithmeticExpression(expr);
10899 void HOptimizedGraphBuilder::VisitComma(BinaryOperation* expr) {
10900 CHECK_ALIVE(VisitForEffect(expr->left()));
10901 // Visit the right subexpression in the same AST context as the entire
10903 Visit(expr->right());
10907 void HOptimizedGraphBuilder::VisitLogicalExpression(BinaryOperation* expr) {
10908 bool is_logical_and = expr->op() == Token::AND;
10909 if (ast_context()->IsTest()) {
10910 TestContext* context = TestContext::cast(ast_context());
10911 // Translate left subexpression.
10912 HBasicBlock* eval_right = graph()->CreateBasicBlock();
10913 if (is_logical_and) {
10914 CHECK_BAILOUT(VisitForControl(expr->left(),
10916 context->if_false()));
10918 CHECK_BAILOUT(VisitForControl(expr->left(),
10919 context->if_true(),
10923 // Translate right subexpression by visiting it in the same AST
10924 // context as the entire expression.
10925 if (eval_right->HasPredecessor()) {
10926 eval_right->SetJoinId(expr->RightId());
10927 set_current_block(eval_right);
10928 Visit(expr->right());
10931 } else if (ast_context()->IsValue()) {
10932 CHECK_ALIVE(VisitForValue(expr->left()));
10933 DCHECK(current_block() != NULL);
10934 HValue* left_value = Top();
10936 // Short-circuit left values that always evaluate to the same boolean value.
10937 if (expr->left()->ToBooleanIsTrue() || expr->left()->ToBooleanIsFalse()) {
10938 // l (evals true) && r -> r
10939 // l (evals true) || r -> l
10940 // l (evals false) && r -> l
10941 // l (evals false) || r -> r
10942 if (is_logical_and == expr->left()->ToBooleanIsTrue()) {
10944 CHECK_ALIVE(VisitForValue(expr->right()));
10946 return ast_context()->ReturnValue(Pop());
10949 // We need an extra block to maintain edge-split form.
10950 HBasicBlock* empty_block = graph()->CreateBasicBlock();
10951 HBasicBlock* eval_right = graph()->CreateBasicBlock();
10952 ToBooleanStub::Types expected(expr->left()->to_boolean_types());
10953 HBranch* test = is_logical_and
10954 ? New<HBranch>(left_value, expected, eval_right, empty_block)
10955 : New<HBranch>(left_value, expected, empty_block, eval_right);
10956 FinishCurrentBlock(test);
10958 set_current_block(eval_right);
10959 Drop(1); // Value of the left subexpression.
10960 CHECK_BAILOUT(VisitForValue(expr->right()));
10962 HBasicBlock* join_block =
10963 CreateJoin(empty_block, current_block(), expr->id());
10964 set_current_block(join_block);
10965 return ast_context()->ReturnValue(Pop());
10968 DCHECK(ast_context()->IsEffect());
10969 // In an effect context, we don't need the value of the left subexpression,
10970 // only its control flow and side effects. We need an extra block to
10971 // maintain edge-split form.
10972 HBasicBlock* empty_block = graph()->CreateBasicBlock();
10973 HBasicBlock* right_block = graph()->CreateBasicBlock();
10974 if (is_logical_and) {
10975 CHECK_BAILOUT(VisitForControl(expr->left(), right_block, empty_block));
10977 CHECK_BAILOUT(VisitForControl(expr->left(), empty_block, right_block));
10980 // TODO(kmillikin): Find a way to fix this. It's ugly that there are
10981 // actually two empty blocks (one here and one inserted by
10982 // TestContext::BuildBranch, and that they both have an HSimulate though the
10983 // second one is not a merge node, and that we really have no good AST ID to
10984 // put on that first HSimulate.
10986 if (empty_block->HasPredecessor()) {
10987 empty_block->SetJoinId(expr->id());
10989 empty_block = NULL;
10992 if (right_block->HasPredecessor()) {
10993 right_block->SetJoinId(expr->RightId());
10994 set_current_block(right_block);
10995 CHECK_BAILOUT(VisitForEffect(expr->right()));
10996 right_block = current_block();
10998 right_block = NULL;
11001 HBasicBlock* join_block =
11002 CreateJoin(empty_block, right_block, expr->id());
11003 set_current_block(join_block);
11004 // We did not materialize any value in the predecessor environments,
11005 // so there is no need to handle it here.
11010 void HOptimizedGraphBuilder::VisitArithmeticExpression(BinaryOperation* expr) {
11011 CHECK_ALIVE(VisitForValue(expr->left()));
11012 CHECK_ALIVE(VisitForValue(expr->right()));
11013 SetSourcePosition(expr->position());
11014 HValue* right = Pop();
11015 HValue* left = Pop();
11017 BuildBinaryOperation(expr, left, right,
11018 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
11019 : PUSH_BEFORE_SIMULATE);
11020 if (top_info()->is_tracking_positions() && result->IsBinaryOperation()) {
11021 HBinaryOperation::cast(result)->SetOperandPositions(
11023 ScriptPositionToSourcePosition(expr->left()->position()),
11024 ScriptPositionToSourcePosition(expr->right()->position()));
11026 return ast_context()->ReturnValue(result);
11030 void HOptimizedGraphBuilder::HandleLiteralCompareTypeof(CompareOperation* expr,
11031 Expression* sub_expr,
11032 Handle<String> check) {
11033 CHECK_ALIVE(VisitForTypeOf(sub_expr));
11034 SetSourcePosition(expr->position());
11035 HValue* value = Pop();
11036 HTypeofIsAndBranch* instr = New<HTypeofIsAndBranch>(value, check);
11037 return ast_context()->ReturnControl(instr, expr->id());
11041 static bool IsLiteralCompareBool(Isolate* isolate,
11045 return op == Token::EQ_STRICT &&
11046 ((left->IsConstant() &&
11047 HConstant::cast(left)->handle(isolate)->IsBoolean()) ||
11048 (right->IsConstant() &&
11049 HConstant::cast(right)->handle(isolate)->IsBoolean()));
11053 void HOptimizedGraphBuilder::VisitCompareOperation(CompareOperation* expr) {
11054 DCHECK(!HasStackOverflow());
11055 DCHECK(current_block() != NULL);
11056 DCHECK(current_block()->HasPredecessor());
11058 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
11060 // Check for a few fast cases. The AST visiting behavior must be in sync
11061 // with the full codegen: We don't push both left and right values onto
11062 // the expression stack when one side is a special-case literal.
11063 Expression* sub_expr = NULL;
11064 Handle<String> check;
11065 if (expr->IsLiteralCompareTypeof(&sub_expr, &check)) {
11066 return HandleLiteralCompareTypeof(expr, sub_expr, check);
11068 if (expr->IsLiteralCompareUndefined(&sub_expr, isolate())) {
11069 return HandleLiteralCompareNil(expr, sub_expr, kUndefinedValue);
11071 if (expr->IsLiteralCompareNull(&sub_expr)) {
11072 return HandleLiteralCompareNil(expr, sub_expr, kNullValue);
11075 if (IsClassOfTest(expr)) {
11076 CallRuntime* call = expr->left()->AsCallRuntime();
11077 DCHECK(call->arguments()->length() == 1);
11078 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11079 HValue* value = Pop();
11080 Literal* literal = expr->right()->AsLiteral();
11081 Handle<String> rhs = Handle<String>::cast(literal->value());
11082 HClassOfTestAndBranch* instr = New<HClassOfTestAndBranch>(value, rhs);
11083 return ast_context()->ReturnControl(instr, expr->id());
11086 Type* left_type = expr->left()->bounds().lower;
11087 Type* right_type = expr->right()->bounds().lower;
11088 Type* combined_type = expr->combined_type();
11090 CHECK_ALIVE(VisitForValue(expr->left()));
11091 CHECK_ALIVE(VisitForValue(expr->right()));
11093 HValue* right = Pop();
11094 HValue* left = Pop();
11095 Token::Value op = expr->op();
11097 if (IsLiteralCompareBool(isolate(), left, op, right)) {
11098 HCompareObjectEqAndBranch* result =
11099 New<HCompareObjectEqAndBranch>(left, right);
11100 return ast_context()->ReturnControl(result, expr->id());
11103 if (op == Token::INSTANCEOF) {
11104 // Check to see if the rhs of the instanceof is a known function.
11105 if (right->IsConstant() &&
11106 HConstant::cast(right)->handle(isolate())->IsJSFunction()) {
11107 Handle<Object> function = HConstant::cast(right)->handle(isolate());
11108 Handle<JSFunction> target = Handle<JSFunction>::cast(function);
11109 HInstanceOfKnownGlobal* result =
11110 New<HInstanceOfKnownGlobal>(left, target);
11111 return ast_context()->ReturnInstruction(result, expr->id());
11114 HInstanceOf* result = New<HInstanceOf>(left, right);
11115 return ast_context()->ReturnInstruction(result, expr->id());
11117 } else if (op == Token::IN) {
11118 HValue* function = AddLoadJSBuiltin(Builtins::IN);
11119 Add<HPushArguments>(left, right);
11120 // TODO(olivf) InvokeFunction produces a check for the parameter count,
11121 // even though we are certain to pass the correct number of arguments here.
11122 HInstruction* result = New<HInvokeFunction>(function, 2);
11123 return ast_context()->ReturnInstruction(result, expr->id());
11126 PushBeforeSimulateBehavior push_behavior =
11127 ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
11128 : PUSH_BEFORE_SIMULATE;
11129 HControlInstruction* compare = BuildCompareInstruction(
11130 op, left, right, left_type, right_type, combined_type,
11131 ScriptPositionToSourcePosition(expr->left()->position()),
11132 ScriptPositionToSourcePosition(expr->right()->position()),
11133 push_behavior, expr->id());
11134 if (compare == NULL) return; // Bailed out.
11135 return ast_context()->ReturnControl(compare, expr->id());
11139 HControlInstruction* HOptimizedGraphBuilder::BuildCompareInstruction(
11140 Token::Value op, HValue* left, HValue* right, Type* left_type,
11141 Type* right_type, Type* combined_type, SourcePosition left_position,
11142 SourcePosition right_position, PushBeforeSimulateBehavior push_sim_result,
11143 BailoutId bailout_id) {
11144 // Cases handled below depend on collected type feedback. They should
11145 // soft deoptimize when there is no type feedback.
11146 if (!combined_type->IsInhabited()) {
11148 Deoptimizer::kInsufficientTypeFeedbackForCombinedTypeOfBinaryOperation,
11149 Deoptimizer::SOFT);
11150 combined_type = left_type = right_type = Type::Any(zone());
11153 Representation left_rep = RepresentationFor(left_type);
11154 Representation right_rep = RepresentationFor(right_type);
11155 Representation combined_rep = RepresentationFor(combined_type);
11157 if (combined_type->Is(Type::Receiver())) {
11158 if (Token::IsEqualityOp(op)) {
11159 // HCompareObjectEqAndBranch can only deal with object, so
11160 // exclude numbers.
11161 if ((left->IsConstant() &&
11162 HConstant::cast(left)->HasNumberValue()) ||
11163 (right->IsConstant() &&
11164 HConstant::cast(right)->HasNumberValue())) {
11165 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
11166 Deoptimizer::SOFT);
11167 // The caller expects a branch instruction, so make it happy.
11168 return New<HBranch>(graph()->GetConstantTrue());
11170 // Can we get away with map check and not instance type check?
11171 HValue* operand_to_check =
11172 left->block()->block_id() < right->block()->block_id() ? left : right;
11173 if (combined_type->IsClass()) {
11174 Handle<Map> map = combined_type->AsClass()->Map();
11175 AddCheckMap(operand_to_check, map);
11176 HCompareObjectEqAndBranch* result =
11177 New<HCompareObjectEqAndBranch>(left, right);
11178 if (top_info()->is_tracking_positions()) {
11179 result->set_operand_position(zone(), 0, left_position);
11180 result->set_operand_position(zone(), 1, right_position);
11184 BuildCheckHeapObject(operand_to_check);
11185 Add<HCheckInstanceType>(operand_to_check,
11186 HCheckInstanceType::IS_SPEC_OBJECT);
11187 HCompareObjectEqAndBranch* result =
11188 New<HCompareObjectEqAndBranch>(left, right);
11192 Bailout(kUnsupportedNonPrimitiveCompare);
11195 } else if (combined_type->Is(Type::InternalizedString()) &&
11196 Token::IsEqualityOp(op)) {
11197 // If we have a constant argument, it should be consistent with the type
11198 // feedback (otherwise we fail assertions in HCompareObjectEqAndBranch).
11199 if ((left->IsConstant() &&
11200 !HConstant::cast(left)->HasInternalizedStringValue()) ||
11201 (right->IsConstant() &&
11202 !HConstant::cast(right)->HasInternalizedStringValue())) {
11203 Add<HDeoptimize>(Deoptimizer::kTypeMismatchBetweenFeedbackAndConstant,
11204 Deoptimizer::SOFT);
11205 // The caller expects a branch instruction, so make it happy.
11206 return New<HBranch>(graph()->GetConstantTrue());
11208 BuildCheckHeapObject(left);
11209 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_INTERNALIZED_STRING);
11210 BuildCheckHeapObject(right);
11211 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_INTERNALIZED_STRING);
11212 HCompareObjectEqAndBranch* result =
11213 New<HCompareObjectEqAndBranch>(left, right);
11215 } else if (combined_type->Is(Type::String())) {
11216 BuildCheckHeapObject(left);
11217 Add<HCheckInstanceType>(left, HCheckInstanceType::IS_STRING);
11218 BuildCheckHeapObject(right);
11219 Add<HCheckInstanceType>(right, HCheckInstanceType::IS_STRING);
11220 HStringCompareAndBranch* result =
11221 New<HStringCompareAndBranch>(left, right, op);
11224 if (combined_rep.IsTagged() || combined_rep.IsNone()) {
11225 HCompareGeneric* result = Add<HCompareGeneric>(
11226 left, right, op, strength(function_language_mode()));
11227 result->set_observed_input_representation(1, left_rep);
11228 result->set_observed_input_representation(2, right_rep);
11229 if (result->HasObservableSideEffects()) {
11230 if (push_sim_result == PUSH_BEFORE_SIMULATE) {
11232 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11235 AddSimulate(bailout_id, REMOVABLE_SIMULATE);
11238 // TODO(jkummerow): Can we make this more efficient?
11239 HBranch* branch = New<HBranch>(result);
11242 HCompareNumericAndBranch* result =
11243 New<HCompareNumericAndBranch>(left, right, op);
11244 result->set_observed_input_representation(left_rep, right_rep);
11245 if (top_info()->is_tracking_positions()) {
11246 result->SetOperandPositions(zone(), left_position, right_position);
11254 void HOptimizedGraphBuilder::HandleLiteralCompareNil(CompareOperation* expr,
11255 Expression* sub_expr,
11257 DCHECK(!HasStackOverflow());
11258 DCHECK(current_block() != NULL);
11259 DCHECK(current_block()->HasPredecessor());
11260 DCHECK(expr->op() == Token::EQ || expr->op() == Token::EQ_STRICT);
11261 if (!top_info()->is_tracking_positions()) SetSourcePosition(expr->position());
11262 CHECK_ALIVE(VisitForValue(sub_expr));
11263 HValue* value = Pop();
11264 if (expr->op() == Token::EQ_STRICT) {
11265 HConstant* nil_constant = nil == kNullValue
11266 ? graph()->GetConstantNull()
11267 : graph()->GetConstantUndefined();
11268 HCompareObjectEqAndBranch* instr =
11269 New<HCompareObjectEqAndBranch>(value, nil_constant);
11270 return ast_context()->ReturnControl(instr, expr->id());
11272 DCHECK_EQ(Token::EQ, expr->op());
11273 Type* type = expr->combined_type()->Is(Type::None())
11274 ? Type::Any(zone()) : expr->combined_type();
11275 HIfContinuation continuation;
11276 BuildCompareNil(value, type, &continuation);
11277 return ast_context()->ReturnContinuation(&continuation, expr->id());
11282 void HOptimizedGraphBuilder::VisitSpread(Spread* expr) { UNREACHABLE(); }
11285 HInstruction* HOptimizedGraphBuilder::BuildThisFunction() {
11286 // If we share optimized code between different closures, the
11287 // this-function is not a constant, except inside an inlined body.
11288 if (function_state()->outer() != NULL) {
11289 return New<HConstant>(
11290 function_state()->compilation_info()->closure());
11292 return New<HThisFunction>();
11297 HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
11298 Handle<JSObject> boilerplate_object,
11299 AllocationSiteUsageContext* site_context) {
11300 NoObservableSideEffectsScope no_effects(this);
11301 InstanceType instance_type = boilerplate_object->map()->instance_type();
11302 DCHECK(instance_type == JS_ARRAY_TYPE || instance_type == JS_OBJECT_TYPE);
11304 HType type = instance_type == JS_ARRAY_TYPE
11305 ? HType::JSArray() : HType::JSObject();
11306 HValue* object_size_constant = Add<HConstant>(
11307 boilerplate_object->map()->instance_size());
11309 PretenureFlag pretenure_flag = NOT_TENURED;
11310 Handle<AllocationSite> current_site(*site_context->current(), isolate());
11311 if (FLAG_allocation_site_pretenuring) {
11312 pretenure_flag = current_site->GetPretenureMode();
11313 top_info()->dependencies()->AssumeTenuringDecision(current_site);
11316 top_info()->dependencies()->AssumeTransitionStable(current_site);
11318 HInstruction* object = Add<HAllocate>(
11319 object_size_constant, type, pretenure_flag, instance_type, current_site);
11321 // If allocation folding reaches Page::kMaxRegularHeapObjectSize the
11322 // elements array may not get folded into the object. Hence, we set the
11323 // elements pointer to empty fixed array and let store elimination remove
11324 // this store in the folding case.
11325 HConstant* empty_fixed_array = Add<HConstant>(
11326 isolate()->factory()->empty_fixed_array());
11327 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11328 empty_fixed_array);
11330 BuildEmitObjectHeader(boilerplate_object, object);
11332 Handle<FixedArrayBase> elements(boilerplate_object->elements());
11333 int elements_size = (elements->length() > 0 &&
11334 elements->map() != isolate()->heap()->fixed_cow_array_map()) ?
11335 elements->Size() : 0;
11337 if (pretenure_flag == TENURED &&
11338 elements->map() == isolate()->heap()->fixed_cow_array_map() &&
11339 isolate()->heap()->InNewSpace(*elements)) {
11340 // If we would like to pretenure a fixed cow array, we must ensure that the
11341 // array is already in old space, otherwise we'll create too many old-to-
11342 // new-space pointers (overflowing the store buffer).
11343 elements = Handle<FixedArrayBase>(
11344 isolate()->factory()->CopyAndTenureFixedCOWArray(
11345 Handle<FixedArray>::cast(elements)));
11346 boilerplate_object->set_elements(*elements);
11349 HInstruction* object_elements = NULL;
11350 if (elements_size > 0) {
11351 HValue* object_elements_size = Add<HConstant>(elements_size);
11352 InstanceType instance_type = boilerplate_object->HasFastDoubleElements()
11353 ? FIXED_DOUBLE_ARRAY_TYPE : FIXED_ARRAY_TYPE;
11355 Add<HAllocate>(object_elements_size, HType::HeapObject(),
11356 pretenure_flag, instance_type, current_site);
11357 BuildEmitElements(boilerplate_object, elements, object_elements,
11359 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11362 Handle<Object> elements_field =
11363 Handle<Object>(boilerplate_object->elements(), isolate());
11364 HInstruction* object_elements_cow = Add<HConstant>(elements_field);
11365 Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11366 object_elements_cow);
11369 // Copy in-object properties.
11370 if (boilerplate_object->map()->NumberOfFields() != 0 ||
11371 boilerplate_object->map()->unused_property_fields() > 0) {
11372 BuildEmitInObjectProperties(boilerplate_object, object, site_context,
11379 void HOptimizedGraphBuilder::BuildEmitObjectHeader(
11380 Handle<JSObject> boilerplate_object,
11381 HInstruction* object) {
11382 DCHECK(boilerplate_object->properties()->length() == 0);
11384 Handle<Map> boilerplate_object_map(boilerplate_object->map());
11385 AddStoreMapConstant(object, boilerplate_object_map);
11387 Handle<Object> properties_field =
11388 Handle<Object>(boilerplate_object->properties(), isolate());
11389 DCHECK(*properties_field == isolate()->heap()->empty_fixed_array());
11390 HInstruction* properties = Add<HConstant>(properties_field);
11391 HObjectAccess access = HObjectAccess::ForPropertiesPointer();
11392 Add<HStoreNamedField>(object, access, properties);
11394 if (boilerplate_object->IsJSArray()) {
11395 Handle<JSArray> boilerplate_array =
11396 Handle<JSArray>::cast(boilerplate_object);
11397 Handle<Object> length_field =
11398 Handle<Object>(boilerplate_array->length(), isolate());
11399 HInstruction* length = Add<HConstant>(length_field);
11401 DCHECK(boilerplate_array->length()->IsSmi());
11402 Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(
11403 boilerplate_array->GetElementsKind()), length);
11408 void HOptimizedGraphBuilder::BuildEmitInObjectProperties(
11409 Handle<JSObject> boilerplate_object,
11410 HInstruction* object,
11411 AllocationSiteUsageContext* site_context,
11412 PretenureFlag pretenure_flag) {
11413 Handle<Map> boilerplate_map(boilerplate_object->map());
11414 Handle<DescriptorArray> descriptors(boilerplate_map->instance_descriptors());
11415 int limit = boilerplate_map->NumberOfOwnDescriptors();
11417 int copied_fields = 0;
11418 for (int i = 0; i < limit; i++) {
11419 PropertyDetails details = descriptors->GetDetails(i);
11420 if (details.type() != DATA) continue;
11422 FieldIndex field_index = FieldIndex::ForDescriptor(*boilerplate_map, i);
11425 int property_offset = field_index.offset();
11426 Handle<Name> name(descriptors->GetKey(i));
11428 // The access for the store depends on the type of the boilerplate.
11429 HObjectAccess access = boilerplate_object->IsJSArray() ?
11430 HObjectAccess::ForJSArrayOffset(property_offset) :
11431 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11433 if (boilerplate_object->IsUnboxedDoubleField(field_index)) {
11434 CHECK(!boilerplate_object->IsJSArray());
11435 double value = boilerplate_object->RawFastDoublePropertyAt(field_index);
11436 access = access.WithRepresentation(Representation::Double());
11437 Add<HStoreNamedField>(object, access, Add<HConstant>(value));
11440 Handle<Object> value(boilerplate_object->RawFastPropertyAt(field_index),
11443 if (value->IsJSObject()) {
11444 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11445 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11446 HInstruction* result =
11447 BuildFastLiteral(value_object, site_context);
11448 site_context->ExitScope(current_site, value_object);
11449 Add<HStoreNamedField>(object, access, result);
11451 Representation representation = details.representation();
11452 HInstruction* value_instruction;
11454 if (representation.IsDouble()) {
11455 // Allocate a HeapNumber box and store the value into it.
11456 HValue* heap_number_constant = Add<HConstant>(HeapNumber::kSize);
11457 // This heap number alloc does not have a corresponding
11458 // AllocationSite. That is okay because
11459 // 1) it's a child object of another object with a valid allocation site
11460 // 2) we can just use the mode of the parent object for pretenuring
11461 HInstruction* double_box =
11462 Add<HAllocate>(heap_number_constant, HType::HeapObject(),
11463 pretenure_flag, MUTABLE_HEAP_NUMBER_TYPE);
11464 AddStoreMapConstant(double_box,
11465 isolate()->factory()->mutable_heap_number_map());
11466 // Unwrap the mutable heap number from the boilerplate.
11467 HValue* double_value =
11468 Add<HConstant>(Handle<HeapNumber>::cast(value)->value());
11469 Add<HStoreNamedField>(
11470 double_box, HObjectAccess::ForHeapNumberValue(), double_value);
11471 value_instruction = double_box;
11472 } else if (representation.IsSmi()) {
11473 value_instruction = value->IsUninitialized()
11474 ? graph()->GetConstant0()
11475 : Add<HConstant>(value);
11476 // Ensure that value is stored as smi.
11477 access = access.WithRepresentation(representation);
11479 value_instruction = Add<HConstant>(value);
11482 Add<HStoreNamedField>(object, access, value_instruction);
11486 int inobject_properties = boilerplate_object->map()->inobject_properties();
11487 HInstruction* value_instruction =
11488 Add<HConstant>(isolate()->factory()->one_pointer_filler_map());
11489 for (int i = copied_fields; i < inobject_properties; i++) {
11490 DCHECK(boilerplate_object->IsJSObject());
11491 int property_offset = boilerplate_object->GetInObjectPropertyOffset(i);
11492 HObjectAccess access =
11493 HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11494 Add<HStoreNamedField>(object, access, value_instruction);
11499 void HOptimizedGraphBuilder::BuildEmitElements(
11500 Handle<JSObject> boilerplate_object,
11501 Handle<FixedArrayBase> elements,
11502 HValue* object_elements,
11503 AllocationSiteUsageContext* site_context) {
11504 ElementsKind kind = boilerplate_object->map()->elements_kind();
11505 int elements_length = elements->length();
11506 HValue* object_elements_length = Add<HConstant>(elements_length);
11507 BuildInitializeElementsHeader(object_elements, kind, object_elements_length);
11509 // Copy elements backing store content.
11510 if (elements->IsFixedDoubleArray()) {
11511 BuildEmitFixedDoubleArray(elements, kind, object_elements);
11512 } else if (elements->IsFixedArray()) {
11513 BuildEmitFixedArray(elements, kind, object_elements,
11521 void HOptimizedGraphBuilder::BuildEmitFixedDoubleArray(
11522 Handle<FixedArrayBase> elements,
11524 HValue* object_elements) {
11525 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11526 int elements_length = elements->length();
11527 for (int i = 0; i < elements_length; i++) {
11528 HValue* key_constant = Add<HConstant>(i);
11529 HInstruction* value_instruction = Add<HLoadKeyed>(
11530 boilerplate_elements, key_constant, nullptr, kind, ALLOW_RETURN_HOLE);
11531 HInstruction* store = Add<HStoreKeyed>(object_elements, key_constant,
11532 value_instruction, kind);
11533 store->SetFlag(HValue::kAllowUndefinedAsNaN);
11538 void HOptimizedGraphBuilder::BuildEmitFixedArray(
11539 Handle<FixedArrayBase> elements,
11541 HValue* object_elements,
11542 AllocationSiteUsageContext* site_context) {
11543 HInstruction* boilerplate_elements = Add<HConstant>(elements);
11544 int elements_length = elements->length();
11545 Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
11546 for (int i = 0; i < elements_length; i++) {
11547 Handle<Object> value(fast_elements->get(i), isolate());
11548 HValue* key_constant = Add<HConstant>(i);
11549 if (value->IsJSObject()) {
11550 Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11551 Handle<AllocationSite> current_site = site_context->EnterNewScope();
11552 HInstruction* result =
11553 BuildFastLiteral(value_object, site_context);
11554 site_context->ExitScope(current_site, value_object);
11555 Add<HStoreKeyed>(object_elements, key_constant, result, kind);
11557 ElementsKind copy_kind =
11558 kind == FAST_HOLEY_SMI_ELEMENTS ? FAST_HOLEY_ELEMENTS : kind;
11559 HInstruction* value_instruction =
11560 Add<HLoadKeyed>(boilerplate_elements, key_constant, nullptr,
11561 copy_kind, ALLOW_RETURN_HOLE);
11562 Add<HStoreKeyed>(object_elements, key_constant, value_instruction,
11569 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) {
11570 DCHECK(!HasStackOverflow());
11571 DCHECK(current_block() != NULL);
11572 DCHECK(current_block()->HasPredecessor());
11573 HInstruction* instr = BuildThisFunction();
11574 return ast_context()->ReturnInstruction(instr, expr->id());
11578 void HOptimizedGraphBuilder::VisitSuperPropertyReference(
11579 SuperPropertyReference* expr) {
11580 DCHECK(!HasStackOverflow());
11581 DCHECK(current_block() != NULL);
11582 DCHECK(current_block()->HasPredecessor());
11583 return Bailout(kSuperReference);
11587 void HOptimizedGraphBuilder::VisitSuperCallReference(SuperCallReference* expr) {
11588 DCHECK(!HasStackOverflow());
11589 DCHECK(current_block() != NULL);
11590 DCHECK(current_block()->HasPredecessor());
11591 return Bailout(kSuperReference);
11595 void HOptimizedGraphBuilder::VisitDeclarations(
11596 ZoneList<Declaration*>* declarations) {
11597 DCHECK(globals_.is_empty());
11598 AstVisitor::VisitDeclarations(declarations);
11599 if (!globals_.is_empty()) {
11600 Handle<FixedArray> array =
11601 isolate()->factory()->NewFixedArray(globals_.length(), TENURED);
11602 for (int i = 0; i < globals_.length(); ++i) array->set(i, *globals_.at(i));
11604 DeclareGlobalsEvalFlag::encode(current_info()->is_eval()) |
11605 DeclareGlobalsNativeFlag::encode(current_info()->is_native()) |
11606 DeclareGlobalsLanguageMode::encode(current_info()->language_mode());
11607 Add<HDeclareGlobals>(array, flags);
11608 globals_.Rewind(0);
11613 void HOptimizedGraphBuilder::VisitVariableDeclaration(
11614 VariableDeclaration* declaration) {
11615 VariableProxy* proxy = declaration->proxy();
11616 VariableMode mode = declaration->mode();
11617 Variable* variable = proxy->var();
11618 bool hole_init = mode == LET || mode == CONST || mode == CONST_LEGACY;
11619 switch (variable->location()) {
11620 case Variable::UNALLOCATED:
11621 globals_.Add(variable->name(), zone());
11622 globals_.Add(variable->binding_needs_init()
11623 ? isolate()->factory()->the_hole_value()
11624 : isolate()->factory()->undefined_value(), zone());
11626 case Variable::PARAMETER:
11627 case Variable::LOCAL:
11629 HValue* value = graph()->GetConstantHole();
11630 environment()->Bind(variable, value);
11633 case Variable::CONTEXT:
11635 HValue* value = graph()->GetConstantHole();
11636 HValue* context = environment()->context();
11637 HStoreContextSlot* store = Add<HStoreContextSlot>(
11638 context, variable->index(), HStoreContextSlot::kNoCheck, value);
11639 if (store->HasObservableSideEffects()) {
11640 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11644 case Variable::LOOKUP:
11645 return Bailout(kUnsupportedLookupSlotInDeclaration);
11650 void HOptimizedGraphBuilder::VisitFunctionDeclaration(
11651 FunctionDeclaration* declaration) {
11652 VariableProxy* proxy = declaration->proxy();
11653 Variable* variable = proxy->var();
11654 switch (variable->location()) {
11655 case Variable::UNALLOCATED: {
11656 globals_.Add(variable->name(), zone());
11657 Handle<SharedFunctionInfo> function = Compiler::BuildFunctionInfo(
11658 declaration->fun(), current_info()->script(), top_info());
11659 // Check for stack-overflow exception.
11660 if (function.is_null()) return SetStackOverflow();
11661 globals_.Add(function, zone());
11664 case Variable::PARAMETER:
11665 case Variable::LOCAL: {
11666 CHECK_ALIVE(VisitForValue(declaration->fun()));
11667 HValue* value = Pop();
11668 BindIfLive(variable, value);
11671 case Variable::CONTEXT: {
11672 CHECK_ALIVE(VisitForValue(declaration->fun()));
11673 HValue* value = Pop();
11674 HValue* context = environment()->context();
11675 HStoreContextSlot* store = Add<HStoreContextSlot>(
11676 context, variable->index(), HStoreContextSlot::kNoCheck, value);
11677 if (store->HasObservableSideEffects()) {
11678 Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11682 case Variable::LOOKUP:
11683 return Bailout(kUnsupportedLookupSlotInDeclaration);
11688 void HOptimizedGraphBuilder::VisitImportDeclaration(
11689 ImportDeclaration* declaration) {
11694 void HOptimizedGraphBuilder::VisitExportDeclaration(
11695 ExportDeclaration* declaration) {
11700 // Generators for inline runtime functions.
11701 // Support for types.
11702 void HOptimizedGraphBuilder::GenerateIsSmi(CallRuntime* call) {
11703 DCHECK(call->arguments()->length() == 1);
11704 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11705 HValue* value = Pop();
11706 HIsSmiAndBranch* result = New<HIsSmiAndBranch>(value);
11707 return ast_context()->ReturnControl(result, call->id());
11711 void HOptimizedGraphBuilder::GenerateIsSpecObject(CallRuntime* call) {
11712 DCHECK(call->arguments()->length() == 1);
11713 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11714 HValue* value = Pop();
11715 HHasInstanceTypeAndBranch* result =
11716 New<HHasInstanceTypeAndBranch>(value,
11717 FIRST_SPEC_OBJECT_TYPE,
11718 LAST_SPEC_OBJECT_TYPE);
11719 return ast_context()->ReturnControl(result, call->id());
11723 void HOptimizedGraphBuilder::GenerateIsFunction(CallRuntime* call) {
11724 DCHECK(call->arguments()->length() == 1);
11725 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11726 HValue* value = Pop();
11727 HHasInstanceTypeAndBranch* result =
11728 New<HHasInstanceTypeAndBranch>(value, JS_FUNCTION_TYPE);
11729 return ast_context()->ReturnControl(result, call->id());
11733 void HOptimizedGraphBuilder::GenerateIsMinusZero(CallRuntime* call) {
11734 DCHECK(call->arguments()->length() == 1);
11735 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11736 HValue* value = Pop();
11737 HCompareMinusZeroAndBranch* result = New<HCompareMinusZeroAndBranch>(value);
11738 return ast_context()->ReturnControl(result, call->id());
11742 void HOptimizedGraphBuilder::GenerateHasCachedArrayIndex(CallRuntime* call) {
11743 DCHECK(call->arguments()->length() == 1);
11744 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11745 HValue* value = Pop();
11746 HHasCachedArrayIndexAndBranch* result =
11747 New<HHasCachedArrayIndexAndBranch>(value);
11748 return ast_context()->ReturnControl(result, call->id());
11752 void HOptimizedGraphBuilder::GenerateIsArray(CallRuntime* call) {
11753 DCHECK(call->arguments()->length() == 1);
11754 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11755 HValue* value = Pop();
11756 HHasInstanceTypeAndBranch* result =
11757 New<HHasInstanceTypeAndBranch>(value, JS_ARRAY_TYPE);
11758 return ast_context()->ReturnControl(result, call->id());
11762 void HOptimizedGraphBuilder::GenerateIsRegExp(CallRuntime* call) {
11763 DCHECK(call->arguments()->length() == 1);
11764 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11765 HValue* value = Pop();
11766 HHasInstanceTypeAndBranch* result =
11767 New<HHasInstanceTypeAndBranch>(value, JS_REGEXP_TYPE);
11768 return ast_context()->ReturnControl(result, call->id());
11772 void HOptimizedGraphBuilder::GenerateIsObject(CallRuntime* call) {
11773 DCHECK(call->arguments()->length() == 1);
11774 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11775 HValue* value = Pop();
11776 HIsObjectAndBranch* result = New<HIsObjectAndBranch>(value);
11777 return ast_context()->ReturnControl(result, call->id());
11781 void HOptimizedGraphBuilder::GenerateIsJSProxy(CallRuntime* call) {
11782 DCHECK(call->arguments()->length() == 1);
11783 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11784 HValue* value = Pop();
11785 HIfContinuation continuation;
11786 IfBuilder if_proxy(this);
11788 HValue* smicheck = if_proxy.IfNot<HIsSmiAndBranch>(value);
11790 HValue* map = Add<HLoadNamedField>(value, smicheck, HObjectAccess::ForMap());
11791 HValue* instance_type =
11792 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapInstanceType());
11793 if_proxy.If<HCompareNumericAndBranch>(
11794 instance_type, Add<HConstant>(FIRST_JS_PROXY_TYPE), Token::GTE);
11796 if_proxy.If<HCompareNumericAndBranch>(
11797 instance_type, Add<HConstant>(LAST_JS_PROXY_TYPE), Token::LTE);
11799 if_proxy.CaptureContinuation(&continuation);
11800 return ast_context()->ReturnContinuation(&continuation, call->id());
11804 void HOptimizedGraphBuilder::GenerateHasFastPackedElements(CallRuntime* call) {
11805 DCHECK(call->arguments()->length() == 1);
11806 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11807 HValue* object = Pop();
11808 HIfContinuation continuation(graph()->CreateBasicBlock(),
11809 graph()->CreateBasicBlock());
11810 IfBuilder if_not_smi(this);
11811 if_not_smi.IfNot<HIsSmiAndBranch>(object);
11814 NoObservableSideEffectsScope no_effects(this);
11816 IfBuilder if_fast_packed(this);
11817 HValue* elements_kind = BuildGetElementsKind(object);
11818 if_fast_packed.If<HCompareNumericAndBranch>(
11819 elements_kind, Add<HConstant>(FAST_SMI_ELEMENTS), Token::EQ);
11820 if_fast_packed.Or();
11821 if_fast_packed.If<HCompareNumericAndBranch>(
11822 elements_kind, Add<HConstant>(FAST_ELEMENTS), Token::EQ);
11823 if_fast_packed.Or();
11824 if_fast_packed.If<HCompareNumericAndBranch>(
11825 elements_kind, Add<HConstant>(FAST_DOUBLE_ELEMENTS), Token::EQ);
11826 if_fast_packed.JoinContinuation(&continuation);
11828 if_not_smi.JoinContinuation(&continuation);
11829 return ast_context()->ReturnContinuation(&continuation, call->id());
11833 void HOptimizedGraphBuilder::GenerateIsUndetectableObject(CallRuntime* call) {
11834 DCHECK(call->arguments()->length() == 1);
11835 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11836 HValue* value = Pop();
11837 HIsUndetectableAndBranch* result = New<HIsUndetectableAndBranch>(value);
11838 return ast_context()->ReturnControl(result, call->id());
11842 // Support for construct call checks.
11843 void HOptimizedGraphBuilder::GenerateIsConstructCall(CallRuntime* call) {
11844 DCHECK(call->arguments()->length() == 0);
11845 if (function_state()->outer() != NULL) {
11846 // We are generating graph for inlined function.
11847 HValue* value = function_state()->inlining_kind() == CONSTRUCT_CALL_RETURN
11848 ? graph()->GetConstantTrue()
11849 : graph()->GetConstantFalse();
11850 return ast_context()->ReturnValue(value);
11852 return ast_context()->ReturnControl(New<HIsConstructCallAndBranch>(),
11858 // Support for arguments.length and arguments[?].
11859 void HOptimizedGraphBuilder::GenerateArgumentsLength(CallRuntime* call) {
11860 DCHECK(call->arguments()->length() == 0);
11861 HInstruction* result = NULL;
11862 if (function_state()->outer() == NULL) {
11863 HInstruction* elements = Add<HArgumentsElements>(false);
11864 result = New<HArgumentsLength>(elements);
11866 // Number of arguments without receiver.
11867 int argument_count = environment()->
11868 arguments_environment()->parameter_count() - 1;
11869 result = New<HConstant>(argument_count);
11871 return ast_context()->ReturnInstruction(result, call->id());
11875 void HOptimizedGraphBuilder::GenerateArguments(CallRuntime* call) {
11876 DCHECK(call->arguments()->length() == 1);
11877 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11878 HValue* index = Pop();
11879 HInstruction* result = NULL;
11880 if (function_state()->outer() == NULL) {
11881 HInstruction* elements = Add<HArgumentsElements>(false);
11882 HInstruction* length = Add<HArgumentsLength>(elements);
11883 HInstruction* checked_index = Add<HBoundsCheck>(index, length);
11884 result = New<HAccessArgumentsAt>(elements, length, checked_index);
11886 EnsureArgumentsArePushedForAccess();
11888 // Number of arguments without receiver.
11889 HInstruction* elements = function_state()->arguments_elements();
11890 int argument_count = environment()->
11891 arguments_environment()->parameter_count() - 1;
11892 HInstruction* length = Add<HConstant>(argument_count);
11893 HInstruction* checked_key = Add<HBoundsCheck>(index, length);
11894 result = New<HAccessArgumentsAt>(elements, length, checked_key);
11896 return ast_context()->ReturnInstruction(result, call->id());
11900 void HOptimizedGraphBuilder::GenerateValueOf(CallRuntime* call) {
11901 DCHECK(call->arguments()->length() == 1);
11902 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11903 HValue* object = Pop();
11905 IfBuilder if_objectisvalue(this);
11906 HValue* objectisvalue = if_objectisvalue.If<HHasInstanceTypeAndBranch>(
11907 object, JS_VALUE_TYPE);
11908 if_objectisvalue.Then();
11910 // Return the actual value.
11911 Push(Add<HLoadNamedField>(
11912 object, objectisvalue,
11913 HObjectAccess::ForObservableJSObjectOffset(
11914 JSValue::kValueOffset)));
11915 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11917 if_objectisvalue.Else();
11919 // If the object is not a value return the object.
11921 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11923 if_objectisvalue.End();
11924 return ast_context()->ReturnValue(Pop());
11928 void HOptimizedGraphBuilder::GenerateJSValueGetValue(CallRuntime* call) {
11929 DCHECK(call->arguments()->length() == 1);
11930 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11931 HValue* value = Pop();
11932 HInstruction* result = Add<HLoadNamedField>(
11934 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset));
11935 return ast_context()->ReturnInstruction(result, call->id());
11939 void HOptimizedGraphBuilder::GenerateThrowIfNotADate(CallRuntime* call) {
11940 DCHECK_EQ(1, call->arguments()->length());
11941 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11942 HValue* obj = Pop();
11943 BuildCheckHeapObject(obj);
11944 HCheckInstanceType* check =
11945 New<HCheckInstanceType>(obj, HCheckInstanceType::IS_JS_DATE);
11946 return ast_context()->ReturnInstruction(check, call->id());
11950 void HOptimizedGraphBuilder::GenerateDateField(CallRuntime* call) {
11951 DCHECK(call->arguments()->length() == 2);
11952 DCHECK_NOT_NULL(call->arguments()->at(1)->AsLiteral());
11953 Smi* index = Smi::cast(*(call->arguments()->at(1)->AsLiteral()->value()));
11954 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11955 HValue* date = Pop();
11956 HDateField* result = New<HDateField>(date, index);
11957 return ast_context()->ReturnInstruction(result, call->id());
11961 void HOptimizedGraphBuilder::GenerateOneByteSeqStringSetChar(
11962 CallRuntime* call) {
11963 DCHECK(call->arguments()->length() == 3);
11964 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11965 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11966 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11967 HValue* string = Pop();
11968 HValue* value = Pop();
11969 HValue* index = Pop();
11970 Add<HSeqStringSetChar>(String::ONE_BYTE_ENCODING, string,
11972 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11973 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11977 void HOptimizedGraphBuilder::GenerateTwoByteSeqStringSetChar(
11978 CallRuntime* call) {
11979 DCHECK(call->arguments()->length() == 3);
11980 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11981 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11982 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11983 HValue* string = Pop();
11984 HValue* value = Pop();
11985 HValue* index = Pop();
11986 Add<HSeqStringSetChar>(String::TWO_BYTE_ENCODING, string,
11988 Add<HSimulate>(call->id(), FIXED_SIMULATE);
11989 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11993 void HOptimizedGraphBuilder::GenerateSetValueOf(CallRuntime* call) {
11994 DCHECK(call->arguments()->length() == 2);
11995 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11996 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11997 HValue* value = Pop();
11998 HValue* object = Pop();
12000 // Check if object is a JSValue.
12001 IfBuilder if_objectisvalue(this);
12002 if_objectisvalue.If<HHasInstanceTypeAndBranch>(object, JS_VALUE_TYPE);
12003 if_objectisvalue.Then();
12005 // Create in-object property store to kValueOffset.
12006 Add<HStoreNamedField>(object,
12007 HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset),
12009 if (!ast_context()->IsEffect()) {
12012 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12014 if_objectisvalue.Else();
12016 // Nothing to do in this case.
12017 if (!ast_context()->IsEffect()) {
12020 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12022 if_objectisvalue.End();
12023 if (!ast_context()->IsEffect()) {
12026 return ast_context()->ReturnValue(value);
12030 // Fast support for charCodeAt(n).
12031 void HOptimizedGraphBuilder::GenerateStringCharCodeAt(CallRuntime* call) {
12032 DCHECK(call->arguments()->length() == 2);
12033 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12034 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12035 HValue* index = Pop();
12036 HValue* string = Pop();
12037 HInstruction* result = BuildStringCharCodeAt(string, index);
12038 return ast_context()->ReturnInstruction(result, call->id());
12042 // Fast support for string.charAt(n) and string[n].
12043 void HOptimizedGraphBuilder::GenerateStringCharFromCode(CallRuntime* call) {
12044 DCHECK(call->arguments()->length() == 1);
12045 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12046 HValue* char_code = Pop();
12047 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
12048 return ast_context()->ReturnInstruction(result, call->id());
12052 // Fast support for string.charAt(n) and string[n].
12053 void HOptimizedGraphBuilder::GenerateStringCharAt(CallRuntime* call) {
12054 DCHECK(call->arguments()->length() == 2);
12055 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12056 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12057 HValue* index = Pop();
12058 HValue* string = Pop();
12059 HInstruction* char_code = BuildStringCharCodeAt(string, index);
12060 AddInstruction(char_code);
12061 HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
12062 return ast_context()->ReturnInstruction(result, call->id());
12066 // Fast support for object equality testing.
12067 void HOptimizedGraphBuilder::GenerateObjectEquals(CallRuntime* call) {
12068 DCHECK(call->arguments()->length() == 2);
12069 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12070 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12071 HValue* right = Pop();
12072 HValue* left = Pop();
12073 HCompareObjectEqAndBranch* result =
12074 New<HCompareObjectEqAndBranch>(left, right);
12075 return ast_context()->ReturnControl(result, call->id());
12079 // Fast support for StringAdd.
12080 void HOptimizedGraphBuilder::GenerateStringAdd(CallRuntime* call) {
12081 DCHECK_EQ(2, call->arguments()->length());
12082 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12083 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12084 HValue* right = Pop();
12085 HValue* left = Pop();
12086 HInstruction* result =
12087 NewUncasted<HStringAdd>(left, right, strength(function_language_mode()));
12088 return ast_context()->ReturnInstruction(result, call->id());
12092 // Fast support for SubString.
12093 void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
12094 DCHECK_EQ(3, call->arguments()->length());
12095 CHECK_ALIVE(VisitExpressions(call->arguments()));
12096 PushArgumentsFromEnvironment(call->arguments()->length());
12097 HCallStub* result = New<HCallStub>(CodeStub::SubString, 3);
12098 return ast_context()->ReturnInstruction(result, call->id());
12102 // Fast support for StringCompare.
12103 void HOptimizedGraphBuilder::GenerateStringCompare(CallRuntime* call) {
12104 DCHECK_EQ(2, call->arguments()->length());
12105 CHECK_ALIVE(VisitExpressions(call->arguments()));
12106 PushArgumentsFromEnvironment(call->arguments()->length());
12107 HCallStub* result = New<HCallStub>(CodeStub::StringCompare, 2);
12108 return ast_context()->ReturnInstruction(result, call->id());
12112 void HOptimizedGraphBuilder::GenerateStringGetLength(CallRuntime* call) {
12113 DCHECK(call->arguments()->length() == 1);
12114 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12115 HValue* string = Pop();
12116 HInstruction* result = BuildLoadStringLength(string);
12117 return ast_context()->ReturnInstruction(result, call->id());
12121 // Support for direct calls from JavaScript to native RegExp code.
12122 void HOptimizedGraphBuilder::GenerateRegExpExec(CallRuntime* call) {
12123 DCHECK_EQ(4, call->arguments()->length());
12124 CHECK_ALIVE(VisitExpressions(call->arguments()));
12125 PushArgumentsFromEnvironment(call->arguments()->length());
12126 HCallStub* result = New<HCallStub>(CodeStub::RegExpExec, 4);
12127 return ast_context()->ReturnInstruction(result, call->id());
12131 void HOptimizedGraphBuilder::GenerateDoubleLo(CallRuntime* call) {
12132 DCHECK_EQ(1, call->arguments()->length());
12133 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12134 HValue* value = Pop();
12135 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::LOW);
12136 return ast_context()->ReturnInstruction(result, call->id());
12140 void HOptimizedGraphBuilder::GenerateDoubleHi(CallRuntime* call) {
12141 DCHECK_EQ(1, call->arguments()->length());
12142 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12143 HValue* value = Pop();
12144 HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::HIGH);
12145 return ast_context()->ReturnInstruction(result, call->id());
12149 void HOptimizedGraphBuilder::GenerateConstructDouble(CallRuntime* call) {
12150 DCHECK_EQ(2, call->arguments()->length());
12151 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12152 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12153 HValue* lo = Pop();
12154 HValue* hi = Pop();
12155 HInstruction* result = NewUncasted<HConstructDouble>(hi, lo);
12156 return ast_context()->ReturnInstruction(result, call->id());
12160 // Construct a RegExp exec result with two in-object properties.
12161 void HOptimizedGraphBuilder::GenerateRegExpConstructResult(CallRuntime* call) {
12162 DCHECK_EQ(3, call->arguments()->length());
12163 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12164 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12165 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12166 HValue* input = Pop();
12167 HValue* index = Pop();
12168 HValue* length = Pop();
12169 HValue* result = BuildRegExpConstructResult(length, index, input);
12170 return ast_context()->ReturnValue(result);
12174 // Support for fast native caches.
12175 void HOptimizedGraphBuilder::GenerateGetFromCache(CallRuntime* call) {
12176 return Bailout(kInlinedRuntimeFunctionGetFromCache);
12180 // Fast support for number to string.
12181 void HOptimizedGraphBuilder::GenerateNumberToString(CallRuntime* call) {
12182 DCHECK_EQ(1, call->arguments()->length());
12183 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12184 HValue* number = Pop();
12185 HValue* result = BuildNumberToString(number, Type::Any(zone()));
12186 return ast_context()->ReturnValue(result);
12190 // Fast call for custom callbacks.
12191 void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
12192 // 1 ~ The function to call is not itself an argument to the call.
12193 int arg_count = call->arguments()->length() - 1;
12194 DCHECK(arg_count >= 1); // There's always at least a receiver.
12196 CHECK_ALIVE(VisitExpressions(call->arguments()));
12197 // The function is the last argument
12198 HValue* function = Pop();
12199 // Push the arguments to the stack
12200 PushArgumentsFromEnvironment(arg_count);
12202 IfBuilder if_is_jsfunction(this);
12203 if_is_jsfunction.If<HHasInstanceTypeAndBranch>(function, JS_FUNCTION_TYPE);
12205 if_is_jsfunction.Then();
12207 HInstruction* invoke_result =
12208 Add<HInvokeFunction>(function, arg_count);
12209 if (!ast_context()->IsEffect()) {
12210 Push(invoke_result);
12212 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12215 if_is_jsfunction.Else();
12217 HInstruction* call_result =
12218 Add<HCallFunction>(function, arg_count);
12219 if (!ast_context()->IsEffect()) {
12222 Add<HSimulate>(call->id(), FIXED_SIMULATE);
12224 if_is_jsfunction.End();
12226 if (ast_context()->IsEffect()) {
12227 // EffectContext::ReturnValue ignores the value, so we can just pass
12228 // 'undefined' (as we do not have the call result anymore).
12229 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12231 return ast_context()->ReturnValue(Pop());
12236 // Fast call to math functions.
12237 void HOptimizedGraphBuilder::GenerateMathPow(CallRuntime* call) {
12238 DCHECK_EQ(2, call->arguments()->length());
12239 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12240 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12241 HValue* right = Pop();
12242 HValue* left = Pop();
12243 HInstruction* result = NewUncasted<HPower>(left, right);
12244 return ast_context()->ReturnInstruction(result, call->id());
12248 void HOptimizedGraphBuilder::GenerateMathClz32(CallRuntime* call) {
12249 DCHECK(call->arguments()->length() == 1);
12250 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12251 HValue* value = Pop();
12252 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathClz32);
12253 return ast_context()->ReturnInstruction(result, call->id());
12257 void HOptimizedGraphBuilder::GenerateMathFloor(CallRuntime* call) {
12258 DCHECK(call->arguments()->length() == 1);
12259 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12260 HValue* value = Pop();
12261 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathFloor);
12262 return ast_context()->ReturnInstruction(result, call->id());
12266 void HOptimizedGraphBuilder::GenerateMathLogRT(CallRuntime* call) {
12267 DCHECK(call->arguments()->length() == 1);
12268 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12269 HValue* value = Pop();
12270 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathLog);
12271 return ast_context()->ReturnInstruction(result, call->id());
12275 void HOptimizedGraphBuilder::GenerateMathSqrt(CallRuntime* call) {
12276 DCHECK(call->arguments()->length() == 1);
12277 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12278 HValue* value = Pop();
12279 HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathSqrt);
12280 return ast_context()->ReturnInstruction(result, call->id());
12284 void HOptimizedGraphBuilder::GenerateLikely(CallRuntime* call) {
12285 DCHECK(call->arguments()->length() == 1);
12286 Visit(call->arguments()->at(0));
12290 void HOptimizedGraphBuilder::GenerateUnlikely(CallRuntime* call) {
12291 return GenerateLikely(call);
12295 void HOptimizedGraphBuilder::GenerateFixedArrayGet(CallRuntime* call) {
12296 DCHECK(call->arguments()->length() == 2);
12297 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12298 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12299 HValue* index = Pop();
12300 HValue* object = Pop();
12301 HInstruction* result = New<HLoadKeyed>(
12302 object, index, nullptr, FAST_HOLEY_ELEMENTS, ALLOW_RETURN_HOLE);
12303 return ast_context()->ReturnInstruction(result, call->id());
12307 void HOptimizedGraphBuilder::GenerateFixedArraySet(CallRuntime* call) {
12308 DCHECK(call->arguments()->length() == 3);
12309 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12310 CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
12311 CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
12312 HValue* value = Pop();
12313 HValue* index = Pop();
12314 HValue* object = Pop();
12315 NoObservableSideEffectsScope no_effects(this);
12316 Add<HStoreKeyed>(object, index, value, FAST_HOLEY_ELEMENTS);
12317 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12321 void HOptimizedGraphBuilder::GenerateTheHole(CallRuntime* call) {
12322 DCHECK(call->arguments()->length() == 0);
12323 return ast_context()->ReturnValue(graph()->GetConstantHole());
12327 void HOptimizedGraphBuilder::GenerateJSCollectionGetTable(CallRuntime* call) {
12328 DCHECK(call->arguments()->length() == 1);
12329 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12330 HValue* receiver = Pop();
12331 HInstruction* result = New<HLoadNamedField>(
12332 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12333 return ast_context()->ReturnInstruction(result, call->id());
12337 void HOptimizedGraphBuilder::GenerateStringGetRawHashField(CallRuntime* call) {
12338 DCHECK(call->arguments()->length() == 1);
12339 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12340 HValue* object = Pop();
12341 HInstruction* result = New<HLoadNamedField>(
12342 object, nullptr, HObjectAccess::ForStringHashField());
12343 return ast_context()->ReturnInstruction(result, call->id());
12347 template <typename CollectionType>
12348 HValue* HOptimizedGraphBuilder::BuildAllocateOrderedHashTable() {
12349 static const int kCapacity = CollectionType::kMinCapacity;
12350 static const int kBucketCount = kCapacity / CollectionType::kLoadFactor;
12351 static const int kFixedArrayLength = CollectionType::kHashTableStartIndex +
12353 (kCapacity * CollectionType::kEntrySize);
12354 static const int kSizeInBytes =
12355 FixedArray::kHeaderSize + (kFixedArrayLength * kPointerSize);
12357 // Allocate the table and add the proper map.
12359 Add<HAllocate>(Add<HConstant>(kSizeInBytes), HType::HeapObject(),
12360 NOT_TENURED, FIXED_ARRAY_TYPE);
12361 AddStoreMapConstant(table, isolate()->factory()->ordered_hash_table_map());
12363 // Initialize the FixedArray...
12364 HValue* length = Add<HConstant>(kFixedArrayLength);
12365 Add<HStoreNamedField>(table, HObjectAccess::ForFixedArrayLength(), length);
12367 // ...and the OrderedHashTable fields.
12368 Add<HStoreNamedField>(
12370 HObjectAccess::ForOrderedHashTableNumberOfBuckets<CollectionType>(),
12371 Add<HConstant>(kBucketCount));
12372 Add<HStoreNamedField>(
12374 HObjectAccess::ForOrderedHashTableNumberOfElements<CollectionType>(),
12375 graph()->GetConstant0());
12376 Add<HStoreNamedField>(
12377 table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12379 graph()->GetConstant0());
12381 // Fill the buckets with kNotFound.
12382 HValue* not_found = Add<HConstant>(CollectionType::kNotFound);
12383 for (int i = 0; i < kBucketCount; ++i) {
12384 Add<HStoreNamedField>(
12385 table, HObjectAccess::ForOrderedHashTableBucket<CollectionType>(i),
12389 // Fill the data table with undefined.
12390 HValue* undefined = graph()->GetConstantUndefined();
12391 for (int i = 0; i < (kCapacity * CollectionType::kEntrySize); ++i) {
12392 Add<HStoreNamedField>(table,
12393 HObjectAccess::ForOrderedHashTableDataTableIndex<
12394 CollectionType, kBucketCount>(i),
12402 void HOptimizedGraphBuilder::GenerateSetInitialize(CallRuntime* call) {
12403 DCHECK(call->arguments()->length() == 1);
12404 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12405 HValue* receiver = Pop();
12407 NoObservableSideEffectsScope no_effects(this);
12408 HValue* table = BuildAllocateOrderedHashTable<OrderedHashSet>();
12409 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12410 return ast_context()->ReturnValue(receiver);
12414 void HOptimizedGraphBuilder::GenerateMapInitialize(CallRuntime* call) {
12415 DCHECK(call->arguments()->length() == 1);
12416 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12417 HValue* receiver = Pop();
12419 NoObservableSideEffectsScope no_effects(this);
12420 HValue* table = BuildAllocateOrderedHashTable<OrderedHashMap>();
12421 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(), table);
12422 return ast_context()->ReturnValue(receiver);
12426 template <typename CollectionType>
12427 void HOptimizedGraphBuilder::BuildOrderedHashTableClear(HValue* receiver) {
12428 HValue* old_table = Add<HLoadNamedField>(
12429 receiver, nullptr, HObjectAccess::ForJSCollectionTable());
12430 HValue* new_table = BuildAllocateOrderedHashTable<CollectionType>();
12431 Add<HStoreNamedField>(
12432 old_table, HObjectAccess::ForOrderedHashTableNextTable<CollectionType>(),
12434 Add<HStoreNamedField>(
12435 old_table, HObjectAccess::ForOrderedHashTableNumberOfDeletedElements<
12437 Add<HConstant>(CollectionType::kClearedTableSentinel));
12438 Add<HStoreNamedField>(receiver, HObjectAccess::ForJSCollectionTable(),
12443 void HOptimizedGraphBuilder::GenerateSetClear(CallRuntime* call) {
12444 DCHECK(call->arguments()->length() == 1);
12445 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12446 HValue* receiver = Pop();
12448 NoObservableSideEffectsScope no_effects(this);
12449 BuildOrderedHashTableClear<OrderedHashSet>(receiver);
12450 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12454 void HOptimizedGraphBuilder::GenerateMapClear(CallRuntime* call) {
12455 DCHECK(call->arguments()->length() == 1);
12456 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12457 HValue* receiver = Pop();
12459 NoObservableSideEffectsScope no_effects(this);
12460 BuildOrderedHashTableClear<OrderedHashMap>(receiver);
12461 return ast_context()->ReturnValue(graph()->GetConstantUndefined());
12465 void HOptimizedGraphBuilder::GenerateGetCachedArrayIndex(CallRuntime* call) {
12466 DCHECK(call->arguments()->length() == 1);
12467 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12468 HValue* value = Pop();
12469 HGetCachedArrayIndex* result = New<HGetCachedArrayIndex>(value);
12470 return ast_context()->ReturnInstruction(result, call->id());
12474 void HOptimizedGraphBuilder::GenerateFastOneByteArrayJoin(CallRuntime* call) {
12475 // Simply returning undefined here would be semantically correct and even
12476 // avoid the bailout. Nevertheless, some ancient benchmarks like SunSpider's
12477 // string-fasta would tank, because fullcode contains an optimized version.
12478 // Obviously the fullcode => Crankshaft => bailout => fullcode dance is
12479 // faster... *sigh*
12480 return Bailout(kInlinedRuntimeFunctionFastOneByteArrayJoin);
12484 void HOptimizedGraphBuilder::GenerateDebugBreakInOptimizedCode(
12485 CallRuntime* call) {
12486 Add<HDebugBreak>();
12487 return ast_context()->ReturnValue(graph()->GetConstant0());
12491 void HOptimizedGraphBuilder::GenerateDebugIsActive(CallRuntime* call) {
12492 DCHECK(call->arguments()->length() == 0);
12494 Add<HConstant>(ExternalReference::debug_is_active_address(isolate()));
12496 Add<HLoadNamedField>(ref, nullptr, HObjectAccess::ForExternalUInteger8());
12497 return ast_context()->ReturnValue(value);
12501 void HOptimizedGraphBuilder::GenerateGetPrototype(CallRuntime* call) {
12502 DCHECK(call->arguments()->length() == 1);
12503 CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
12504 HValue* object = Pop();
12506 NoObservableSideEffectsScope no_effects(this);
12508 HValue* map = Add<HLoadNamedField>(object, nullptr, HObjectAccess::ForMap());
12509 HValue* bit_field =
12510 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForMapBitField());
12511 HValue* is_access_check_needed_mask =
12512 Add<HConstant>(1 << Map::kIsAccessCheckNeeded);
12513 HValue* is_access_check_needed_test = AddUncasted<HBitwise>(
12514 Token::BIT_AND, bit_field, is_access_check_needed_mask);
12517 Add<HLoadNamedField>(map, nullptr, HObjectAccess::ForPrototype());
12518 HValue* proto_map =
12519 Add<HLoadNamedField>(proto, nullptr, HObjectAccess::ForMap());
12520 HValue* proto_bit_field =
12521 Add<HLoadNamedField>(proto_map, nullptr, HObjectAccess::ForMapBitField());
12522 HValue* is_hidden_prototype_mask =
12523 Add<HConstant>(1 << Map::kIsHiddenPrototype);
12524 HValue* is_hidden_prototype_test = AddUncasted<HBitwise>(
12525 Token::BIT_AND, proto_bit_field, is_hidden_prototype_mask);
12528 IfBuilder needs_runtime(this);
12529 needs_runtime.If<HCompareNumericAndBranch>(
12530 is_access_check_needed_test, graph()->GetConstant0(), Token::NE);
12531 needs_runtime.OrIf<HCompareNumericAndBranch>(
12532 is_hidden_prototype_test, graph()->GetConstant0(), Token::NE);
12534 needs_runtime.Then();
12536 Add<HPushArguments>(object);
12537 Push(Add<HCallRuntime>(
12538 call->name(), Runtime::FunctionForId(Runtime::kGetPrototype), 1));
12541 needs_runtime.Else();
12544 return ast_context()->ReturnValue(Pop());
12548 #undef CHECK_BAILOUT
12552 HEnvironment::HEnvironment(HEnvironment* outer,
12554 Handle<JSFunction> closure,
12556 : closure_(closure),
12558 frame_type_(JS_FUNCTION),
12559 parameter_count_(0),
12560 specials_count_(1),
12566 ast_id_(BailoutId::None()),
12568 Scope* declaration_scope = scope->DeclarationScope();
12569 Initialize(declaration_scope->num_parameters() + 1,
12570 declaration_scope->num_stack_slots(), 0);
12574 HEnvironment::HEnvironment(Zone* zone, int parameter_count)
12575 : values_(0, zone),
12577 parameter_count_(parameter_count),
12578 specials_count_(1),
12584 ast_id_(BailoutId::None()),
12586 Initialize(parameter_count, 0, 0);
12590 HEnvironment::HEnvironment(const HEnvironment* other, Zone* zone)
12591 : values_(0, zone),
12592 frame_type_(JS_FUNCTION),
12593 parameter_count_(0),
12594 specials_count_(0),
12600 ast_id_(other->ast_id()),
12606 HEnvironment::HEnvironment(HEnvironment* outer,
12607 Handle<JSFunction> closure,
12608 FrameType frame_type,
12611 : closure_(closure),
12612 values_(arguments, zone),
12613 frame_type_(frame_type),
12614 parameter_count_(arguments),
12615 specials_count_(0),
12621 ast_id_(BailoutId::None()),
12626 void HEnvironment::Initialize(int parameter_count,
12628 int stack_height) {
12629 parameter_count_ = parameter_count;
12630 local_count_ = local_count;
12632 // Avoid reallocating the temporaries' backing store on the first Push.
12633 int total = parameter_count + specials_count_ + local_count + stack_height;
12634 values_.Initialize(total + 4, zone());
12635 for (int i = 0; i < total; ++i) values_.Add(NULL, zone());
12639 void HEnvironment::Initialize(const HEnvironment* other) {
12640 closure_ = other->closure();
12641 values_.AddAll(other->values_, zone());
12642 assigned_variables_.Union(other->assigned_variables_, zone());
12643 frame_type_ = other->frame_type_;
12644 parameter_count_ = other->parameter_count_;
12645 local_count_ = other->local_count_;
12646 if (other->outer_ != NULL) outer_ = other->outer_->Copy(); // Deep copy.
12647 entry_ = other->entry_;
12648 pop_count_ = other->pop_count_;
12649 push_count_ = other->push_count_;
12650 specials_count_ = other->specials_count_;
12651 ast_id_ = other->ast_id_;
12655 void HEnvironment::AddIncomingEdge(HBasicBlock* block, HEnvironment* other) {
12656 DCHECK(!block->IsLoopHeader());
12657 DCHECK(values_.length() == other->values_.length());
12659 int length = values_.length();
12660 for (int i = 0; i < length; ++i) {
12661 HValue* value = values_[i];
12662 if (value != NULL && value->IsPhi() && value->block() == block) {
12663 // There is already a phi for the i'th value.
12664 HPhi* phi = HPhi::cast(value);
12665 // Assert index is correct and that we haven't missed an incoming edge.
12666 DCHECK(phi->merged_index() == i || !phi->HasMergedIndex());
12667 DCHECK(phi->OperandCount() == block->predecessors()->length());
12668 phi->AddInput(other->values_[i]);
12669 } else if (values_[i] != other->values_[i]) {
12670 // There is a fresh value on the incoming edge, a phi is needed.
12671 DCHECK(values_[i] != NULL && other->values_[i] != NULL);
12672 HPhi* phi = block->AddNewPhi(i);
12673 HValue* old_value = values_[i];
12674 for (int j = 0; j < block->predecessors()->length(); j++) {
12675 phi->AddInput(old_value);
12677 phi->AddInput(other->values_[i]);
12678 this->values_[i] = phi;
12684 void HEnvironment::Bind(int index, HValue* value) {
12685 DCHECK(value != NULL);
12686 assigned_variables_.Add(index, zone());
12687 values_[index] = value;
12691 bool HEnvironment::HasExpressionAt(int index) const {
12692 return index >= parameter_count_ + specials_count_ + local_count_;
12696 bool HEnvironment::ExpressionStackIsEmpty() const {
12697 DCHECK(length() >= first_expression_index());
12698 return length() == first_expression_index();
12702 void HEnvironment::SetExpressionStackAt(int index_from_top, HValue* value) {
12703 int count = index_from_top + 1;
12704 int index = values_.length() - count;
12705 DCHECK(HasExpressionAt(index));
12706 // The push count must include at least the element in question or else
12707 // the new value will not be included in this environment's history.
12708 if (push_count_ < count) {
12709 // This is the same effect as popping then re-pushing 'count' elements.
12710 pop_count_ += (count - push_count_);
12711 push_count_ = count;
12713 values_[index] = value;
12717 HValue* HEnvironment::RemoveExpressionStackAt(int index_from_top) {
12718 int count = index_from_top + 1;
12719 int index = values_.length() - count;
12720 DCHECK(HasExpressionAt(index));
12721 // Simulate popping 'count' elements and then
12722 // pushing 'count - 1' elements back.
12723 pop_count_ += Max(count - push_count_, 0);
12724 push_count_ = Max(push_count_ - count, 0) + (count - 1);
12725 return values_.Remove(index);
12729 void HEnvironment::Drop(int count) {
12730 for (int i = 0; i < count; ++i) {
12736 HEnvironment* HEnvironment::Copy() const {
12737 return new(zone()) HEnvironment(this, zone());
12741 HEnvironment* HEnvironment::CopyWithoutHistory() const {
12742 HEnvironment* result = Copy();
12743 result->ClearHistory();
12748 HEnvironment* HEnvironment::CopyAsLoopHeader(HBasicBlock* loop_header) const {
12749 HEnvironment* new_env = Copy();
12750 for (int i = 0; i < values_.length(); ++i) {
12751 HPhi* phi = loop_header->AddNewPhi(i);
12752 phi->AddInput(values_[i]);
12753 new_env->values_[i] = phi;
12755 new_env->ClearHistory();
12760 HEnvironment* HEnvironment::CreateStubEnvironment(HEnvironment* outer,
12761 Handle<JSFunction> target,
12762 FrameType frame_type,
12763 int arguments) const {
12764 HEnvironment* new_env =
12765 new(zone()) HEnvironment(outer, target, frame_type,
12766 arguments + 1, zone());
12767 for (int i = 0; i <= arguments; ++i) { // Include receiver.
12768 new_env->Push(ExpressionStackAt(arguments - i));
12770 new_env->ClearHistory();
12775 HEnvironment* HEnvironment::CopyForInlining(
12776 Handle<JSFunction> target,
12778 FunctionLiteral* function,
12779 HConstant* undefined,
12780 InliningKind inlining_kind) const {
12781 DCHECK(frame_type() == JS_FUNCTION);
12783 // Outer environment is a copy of this one without the arguments.
12784 int arity = function->scope()->num_parameters();
12786 HEnvironment* outer = Copy();
12787 outer->Drop(arguments + 1); // Including receiver.
12788 outer->ClearHistory();
12790 if (inlining_kind == CONSTRUCT_CALL_RETURN) {
12791 // Create artificial constructor stub environment. The receiver should
12792 // actually be the constructor function, but we pass the newly allocated
12793 // object instead, DoComputeConstructStubFrame() relies on that.
12794 outer = CreateStubEnvironment(outer, target, JS_CONSTRUCT, arguments);
12795 } else if (inlining_kind == GETTER_CALL_RETURN) {
12796 // We need an additional StackFrame::INTERNAL frame for restoring the
12797 // correct context.
12798 outer = CreateStubEnvironment(outer, target, JS_GETTER, arguments);
12799 } else if (inlining_kind == SETTER_CALL_RETURN) {
12800 // We need an additional StackFrame::INTERNAL frame for temporarily saving
12801 // the argument of the setter, see StoreStubCompiler::CompileStoreViaSetter.
12802 outer = CreateStubEnvironment(outer, target, JS_SETTER, arguments);
12805 if (arity != arguments) {
12806 // Create artificial arguments adaptation environment.
12807 outer = CreateStubEnvironment(outer, target, ARGUMENTS_ADAPTOR, arguments);
12810 HEnvironment* inner =
12811 new(zone()) HEnvironment(outer, function->scope(), target, zone());
12812 // Get the argument values from the original environment.
12813 for (int i = 0; i <= arity; ++i) { // Include receiver.
12814 HValue* push = (i <= arguments) ?
12815 ExpressionStackAt(arguments - i) : undefined;
12816 inner->SetValueAt(i, push);
12818 inner->SetValueAt(arity + 1, context());
12819 for (int i = arity + 2; i < inner->length(); ++i) {
12820 inner->SetValueAt(i, undefined);
12823 inner->set_ast_id(BailoutId::FunctionEntry());
12828 std::ostream& operator<<(std::ostream& os, const HEnvironment& env) {
12829 for (int i = 0; i < env.length(); i++) {
12830 if (i == 0) os << "parameters\n";
12831 if (i == env.parameter_count()) os << "specials\n";
12832 if (i == env.parameter_count() + env.specials_count()) os << "locals\n";
12833 if (i == env.parameter_count() + env.specials_count() + env.local_count()) {
12834 os << "expressions\n";
12836 HValue* val = env.values()->at(i);
12849 void HTracer::TraceCompilation(CompilationInfo* info) {
12850 Tag tag(this, "compilation");
12851 if (info->IsOptimizing()) {
12852 Handle<String> name = info->function()->debug_name();
12853 PrintStringProperty("name", name->ToCString().get());
12855 trace_.Add("method \"%s:%d\"\n",
12856 name->ToCString().get(),
12857 info->optimization_id());
12859 CodeStub::Major major_key = info->code_stub()->MajorKey();
12860 PrintStringProperty("name", CodeStub::MajorName(major_key, false));
12861 PrintStringProperty("method", "stub");
12863 PrintLongProperty("date",
12864 static_cast<int64_t>(base::OS::TimeCurrentMillis()));
12868 void HTracer::TraceLithium(const char* name, LChunk* chunk) {
12869 DCHECK(!chunk->isolate()->concurrent_recompilation_enabled());
12870 AllowHandleDereference allow_deref;
12871 AllowDeferredHandleDereference allow_deferred_deref;
12872 Trace(name, chunk->graph(), chunk);
12876 void HTracer::TraceHydrogen(const char* name, HGraph* graph) {
12877 DCHECK(!graph->isolate()->concurrent_recompilation_enabled());
12878 AllowHandleDereference allow_deref;
12879 AllowDeferredHandleDereference allow_deferred_deref;
12880 Trace(name, graph, NULL);
12884 void HTracer::Trace(const char* name, HGraph* graph, LChunk* chunk) {
12885 Tag tag(this, "cfg");
12886 PrintStringProperty("name", name);
12887 const ZoneList<HBasicBlock*>* blocks = graph->blocks();
12888 for (int i = 0; i < blocks->length(); i++) {
12889 HBasicBlock* current = blocks->at(i);
12890 Tag block_tag(this, "block");
12891 PrintBlockProperty("name", current->block_id());
12892 PrintIntProperty("from_bci", -1);
12893 PrintIntProperty("to_bci", -1);
12895 if (!current->predecessors()->is_empty()) {
12897 trace_.Add("predecessors");
12898 for (int j = 0; j < current->predecessors()->length(); ++j) {
12899 trace_.Add(" \"B%d\"", current->predecessors()->at(j)->block_id());
12903 PrintEmptyProperty("predecessors");
12906 if (current->end()->SuccessorCount() == 0) {
12907 PrintEmptyProperty("successors");
12910 trace_.Add("successors");
12911 for (HSuccessorIterator it(current->end()); !it.Done(); it.Advance()) {
12912 trace_.Add(" \"B%d\"", it.Current()->block_id());
12917 PrintEmptyProperty("xhandlers");
12921 trace_.Add("flags");
12922 if (current->IsLoopSuccessorDominator()) {
12923 trace_.Add(" \"dom-loop-succ\"");
12925 if (current->IsUnreachable()) {
12926 trace_.Add(" \"dead\"");
12928 if (current->is_osr_entry()) {
12929 trace_.Add(" \"osr\"");
12934 if (current->dominator() != NULL) {
12935 PrintBlockProperty("dominator", current->dominator()->block_id());
12938 PrintIntProperty("loop_depth", current->LoopNestingDepth());
12940 if (chunk != NULL) {
12941 int first_index = current->first_instruction_index();
12942 int last_index = current->last_instruction_index();
12945 LifetimePosition::FromInstructionIndex(first_index).Value());
12948 LifetimePosition::FromInstructionIndex(last_index).Value());
12952 Tag states_tag(this, "states");
12953 Tag locals_tag(this, "locals");
12954 int total = current->phis()->length();
12955 PrintIntProperty("size", current->phis()->length());
12956 PrintStringProperty("method", "None");
12957 for (int j = 0; j < total; ++j) {
12958 HPhi* phi = current->phis()->at(j);
12960 std::ostringstream os;
12961 os << phi->merged_index() << " " << NameOf(phi) << " " << *phi << "\n";
12962 trace_.Add(os.str().c_str());
12967 Tag HIR_tag(this, "HIR");
12968 for (HInstructionIterator it(current); !it.Done(); it.Advance()) {
12969 HInstruction* instruction = it.Current();
12970 int uses = instruction->UseCount();
12972 std::ostringstream os;
12973 os << "0 " << uses << " " << NameOf(instruction) << " " << *instruction;
12974 if (graph->info()->is_tracking_positions() &&
12975 instruction->has_position() && instruction->position().raw() != 0) {
12976 const SourcePosition pos = instruction->position();
12978 if (pos.inlining_id() != 0) os << pos.inlining_id() << "_";
12979 os << pos.position();
12982 trace_.Add(os.str().c_str());
12987 if (chunk != NULL) {
12988 Tag LIR_tag(this, "LIR");
12989 int first_index = current->first_instruction_index();
12990 int last_index = current->last_instruction_index();
12991 if (first_index != -1 && last_index != -1) {
12992 const ZoneList<LInstruction*>* instructions = chunk->instructions();
12993 for (int i = first_index; i <= last_index; ++i) {
12994 LInstruction* linstr = instructions->at(i);
12995 if (linstr != NULL) {
12998 LifetimePosition::FromInstructionIndex(i).Value());
12999 linstr->PrintTo(&trace_);
13000 std::ostringstream os;
13001 os << " [hir:" << NameOf(linstr->hydrogen_value()) << "] <|@\n";
13002 trace_.Add(os.str().c_str());
13011 void HTracer::TraceLiveRanges(const char* name, LAllocator* allocator) {
13012 Tag tag(this, "intervals");
13013 PrintStringProperty("name", name);
13015 const Vector<LiveRange*>* fixed_d = allocator->fixed_double_live_ranges();
13016 for (int i = 0; i < fixed_d->length(); ++i) {
13017 TraceLiveRange(fixed_d->at(i), "fixed", allocator->zone());
13020 const Vector<LiveRange*>* fixed = allocator->fixed_live_ranges();
13021 for (int i = 0; i < fixed->length(); ++i) {
13022 TraceLiveRange(fixed->at(i), "fixed", allocator->zone());
13025 const ZoneList<LiveRange*>* live_ranges = allocator->live_ranges();
13026 for (int i = 0; i < live_ranges->length(); ++i) {
13027 TraceLiveRange(live_ranges->at(i), "object", allocator->zone());
13032 void HTracer::TraceLiveRange(LiveRange* range, const char* type,
13034 if (range != NULL && !range->IsEmpty()) {
13036 trace_.Add("%d %s", range->id(), type);
13037 if (range->HasRegisterAssigned()) {
13038 LOperand* op = range->CreateAssignedOperand(zone);
13039 int assigned_reg = op->index();
13040 if (op->IsDoubleRegister()) {
13041 trace_.Add(" \"%s\"",
13042 DoubleRegister::AllocationIndexToString(assigned_reg));
13044 DCHECK(op->IsRegister());
13045 trace_.Add(" \"%s\"", Register::AllocationIndexToString(assigned_reg));
13047 } else if (range->IsSpilled()) {
13048 LOperand* op = range->TopLevel()->GetSpillOperand();
13049 if (op->IsDoubleStackSlot()) {
13050 trace_.Add(" \"double_stack:%d\"", op->index());
13052 DCHECK(op->IsStackSlot());
13053 trace_.Add(" \"stack:%d\"", op->index());
13056 int parent_index = -1;
13057 if (range->IsChild()) {
13058 parent_index = range->parent()->id();
13060 parent_index = range->id();
13062 LOperand* op = range->FirstHint();
13063 int hint_index = -1;
13064 if (op != NULL && op->IsUnallocated()) {
13065 hint_index = LUnallocated::cast(op)->virtual_register();
13067 trace_.Add(" %d %d", parent_index, hint_index);
13068 UseInterval* cur_interval = range->first_interval();
13069 while (cur_interval != NULL && range->Covers(cur_interval->start())) {
13070 trace_.Add(" [%d, %d[",
13071 cur_interval->start().Value(),
13072 cur_interval->end().Value());
13073 cur_interval = cur_interval->next();
13076 UsePosition* current_pos = range->first_pos();
13077 while (current_pos != NULL) {
13078 if (current_pos->RegisterIsBeneficial() || FLAG_trace_all_uses) {
13079 trace_.Add(" %d M", current_pos->pos().Value());
13081 current_pos = current_pos->next();
13084 trace_.Add(" \"\"\n");
13089 void HTracer::FlushToFile() {
13090 AppendChars(filename_.start(), trace_.ToCString().get(), trace_.length(),
13096 void HStatistics::Initialize(CompilationInfo* info) {
13097 if (info->shared_info().is_null()) return;
13098 source_size_ += info->shared_info()->SourceSize();
13102 void HStatistics::Print() {
13105 "----------------------------------------"
13106 "----------------------------------------\n"
13107 "--- Hydrogen timing results:\n"
13108 "----------------------------------------"
13109 "----------------------------------------\n");
13110 base::TimeDelta sum;
13111 for (int i = 0; i < times_.length(); ++i) {
13115 for (int i = 0; i < names_.length(); ++i) {
13116 PrintF("%33s", names_[i]);
13117 double ms = times_[i].InMillisecondsF();
13118 double percent = times_[i].PercentOf(sum);
13119 PrintF(" %8.3f ms / %4.1f %% ", ms, percent);
13121 size_t size = sizes_[i];
13122 double size_percent = static_cast<double>(size) * 100 / total_size_;
13123 PrintF(" %9zu bytes / %4.1f %%\n", size, size_percent);
13127 "----------------------------------------"
13128 "----------------------------------------\n");
13129 base::TimeDelta total = create_graph_ + optimize_graph_ + generate_code_;
13130 PrintF("%33s %8.3f ms / %4.1f %% \n", "Create graph",
13131 create_graph_.InMillisecondsF(), create_graph_.PercentOf(total));
13132 PrintF("%33s %8.3f ms / %4.1f %% \n", "Optimize graph",
13133 optimize_graph_.InMillisecondsF(), optimize_graph_.PercentOf(total));
13134 PrintF("%33s %8.3f ms / %4.1f %% \n", "Generate and install code",
13135 generate_code_.InMillisecondsF(), generate_code_.PercentOf(total));
13137 "----------------------------------------"
13138 "----------------------------------------\n");
13139 PrintF("%33s %8.3f ms %9zu bytes\n", "Total",
13140 total.InMillisecondsF(), total_size_);
13141 PrintF("%33s (%.1f times slower than full code gen)\n", "",
13142 total.TimesOf(full_code_gen_));
13144 double source_size_in_kb = static_cast<double>(source_size_) / 1024;
13145 double normalized_time = source_size_in_kb > 0
13146 ? total.InMillisecondsF() / source_size_in_kb
13148 double normalized_size_in_kb =
13149 source_size_in_kb > 0
13150 ? static_cast<double>(total_size_) / 1024 / source_size_in_kb
13152 PrintF("%33s %8.3f ms %7.3f kB allocated\n",
13153 "Average per kB source", normalized_time, normalized_size_in_kb);
13157 void HStatistics::SaveTiming(const char* name, base::TimeDelta time,
13159 total_size_ += size;
13160 for (int i = 0; i < names_.length(); ++i) {
13161 if (strcmp(names_[i], name) == 0) {
13173 HPhase::~HPhase() {
13174 if (ShouldProduceTraceOutput()) {
13175 isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
13179 graph_->Verify(false); // No full verify.
13183 } // namespace internal
projects / platform / upstream / v8.git / blob