1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "src/hydrogen.h"
6 
7 #include <algorithm>
8 
9 #include "src/v8.h"
10 
11 #include "src/allocation-site-scopes.h"
12 #include "src/codegen.h"
13 #include "src/full-codegen.h"
14 #include "src/hashmap.h"
15 #include "src/hydrogen-bce.h"
16 #include "src/hydrogen-bch.h"
17 #include "src/hydrogen-canonicalize.h"
18 #include "src/hydrogen-check-elimination.h"
19 #include "src/hydrogen-dce.h"
20 #include "src/hydrogen-dehoist.h"
21 #include "src/hydrogen-environment-liveness.h"
22 #include "src/hydrogen-escape-analysis.h"
23 #include "src/hydrogen-gvn.h"
24 #include "src/hydrogen-infer-representation.h"
25 #include "src/hydrogen-infer-types.h"
26 #include "src/hydrogen-load-elimination.h"
27 #include "src/hydrogen-mark-deoptimize.h"
28 #include "src/hydrogen-mark-unreachable.h"
29 #include "src/hydrogen-osr.h"
30 #include "src/hydrogen-range-analysis.h"
31 #include "src/hydrogen-redundant-phi.h"
32 #include "src/hydrogen-removable-simulates.h"
33 #include "src/hydrogen-representation-changes.h"
34 #include "src/hydrogen-sce.h"
35 #include "src/hydrogen-store-elimination.h"
36 #include "src/hydrogen-uint32-analysis.h"
37 #include "src/ic/call-optimization.h"
38 #include "src/ic/ic.h"
39 // GetRootConstructor
40 #include "src/ic/ic-inl.h"
41 #include "src/lithium-allocator.h"
42 #include "src/parser.h"
43 #include "src/runtime.h"
44 #include "src/scopeinfo.h"
45 #include "src/scopes.h"
46 #include "src/typing.h"
47 
48 #if V8_TARGET_ARCH_IA32
49 #include "src/ia32/lithium-codegen-ia32.h"  // NOLINT
50 #elif V8_TARGET_ARCH_X64
51 #include "src/x64/lithium-codegen-x64.h"  // NOLINT
52 #elif V8_TARGET_ARCH_ARM64
53 #include "src/arm64/lithium-codegen-arm64.h"  // NOLINT
54 #elif V8_TARGET_ARCH_ARM
55 #include "src/arm/lithium-codegen-arm.h"  // NOLINT
56 #elif V8_TARGET_ARCH_MIPS
57 #include "src/mips/lithium-codegen-mips.h"  // NOLINT
58 #elif V8_TARGET_ARCH_MIPS64
59 #include "src/mips64/lithium-codegen-mips64.h"  // NOLINT
60 #elif V8_TARGET_ARCH_X87
61 #include "src/x87/lithium-codegen-x87.h"  // NOLINT
62 #else
63 #error Unsupported target architecture.
64 #endif
65 
66 namespace v8 {
67 namespace internal {
68 
HBasicBlock(HGraph * graph)69 HBasicBlock::HBasicBlock(HGraph* graph)
70     : block_id_(graph->GetNextBlockID()),
71       graph_(graph),
72       phis_(4, graph->zone()),
73       first_(NULL),
74       last_(NULL),
75       end_(NULL),
76       loop_information_(NULL),
77       predecessors_(2, graph->zone()),
78       dominator_(NULL),
79       dominated_blocks_(4, graph->zone()),
80       last_environment_(NULL),
81       argument_count_(-1),
82       first_instruction_index_(-1),
83       last_instruction_index_(-1),
84       deleted_phis_(4, graph->zone()),
85       parent_loop_header_(NULL),
86       inlined_entry_block_(NULL),
87       is_inline_return_target_(false),
88       is_reachable_(true),
89       dominates_loop_successors_(false),
90       is_osr_entry_(false),
91       is_ordered_(false) { }
92 
93 
isolate() const94 Isolate* HBasicBlock::isolate() const {
95   return graph_->isolate();
96 }
97 
98 
MarkUnreachable()99 void HBasicBlock::MarkUnreachable() {
100   is_reachable_ = false;
101 }
102 
103 
AttachLoopInformation()104 void HBasicBlock::AttachLoopInformation() {
105   DCHECK(!IsLoopHeader());
106   loop_information_ = new(zone()) HLoopInformation(this, zone());
107 }
108 
109 
DetachLoopInformation()110 void HBasicBlock::DetachLoopInformation() {
111   DCHECK(IsLoopHeader());
112   loop_information_ = NULL;
113 }
114 
115 
AddPhi(HPhi * phi)116 void HBasicBlock::AddPhi(HPhi* phi) {
117   DCHECK(!IsStartBlock());
118   phis_.Add(phi, zone());
119   phi->SetBlock(this);
120 }
121 
122 
RemovePhi(HPhi * phi)123 void HBasicBlock::RemovePhi(HPhi* phi) {
124   DCHECK(phi->block() == this);
125   DCHECK(phis_.Contains(phi));
126   phi->Kill();
127   phis_.RemoveElement(phi);
128   phi->SetBlock(NULL);
129 }
130 
131 
AddInstruction(HInstruction * instr,HSourcePosition position)132 void HBasicBlock::AddInstruction(HInstruction* instr,
133                                  HSourcePosition position) {
134   DCHECK(!IsStartBlock() || !IsFinished());
135   DCHECK(!instr->IsLinked());
136   DCHECK(!IsFinished());
137 
138   if (!position.IsUnknown()) {
139     instr->set_position(position);
140   }
141   if (first_ == NULL) {
142     DCHECK(last_environment() != NULL);
143     DCHECK(!last_environment()->ast_id().IsNone());
144     HBlockEntry* entry = new(zone()) HBlockEntry();
145     entry->InitializeAsFirst(this);
146     if (!position.IsUnknown()) {
147       entry->set_position(position);
148     } else {
149       DCHECK(!FLAG_hydrogen_track_positions ||
150              !graph()->info()->IsOptimizing());
151     }
152     first_ = last_ = entry;
153   }
154   instr->InsertAfter(last_);
155 }
156 
157 
AddNewPhi(int merged_index)158 HPhi* HBasicBlock::AddNewPhi(int merged_index) {
159   if (graph()->IsInsideNoSideEffectsScope()) {
160     merged_index = HPhi::kInvalidMergedIndex;
161   }
162   HPhi* phi = new(zone()) HPhi(merged_index, zone());
163   AddPhi(phi);
164   return phi;
165 }
166 
167 
CreateSimulate(BailoutId ast_id,RemovableSimulate removable)168 HSimulate* HBasicBlock::CreateSimulate(BailoutId ast_id,
169                                        RemovableSimulate removable) {
170   DCHECK(HasEnvironment());
171   HEnvironment* environment = last_environment();
172   DCHECK(ast_id.IsNone() ||
173          ast_id == BailoutId::StubEntry() ||
174          environment->closure()->shared()->VerifyBailoutId(ast_id));
175 
176   int push_count = environment->push_count();
177   int pop_count = environment->pop_count();
178 
179   HSimulate* instr =
180       new(zone()) HSimulate(ast_id, pop_count, zone(), removable);
181 #ifdef DEBUG
182   instr->set_closure(environment->closure());
183 #endif
184   // Order of pushed values: newest (top of stack) first. This allows
185   // HSimulate::MergeWith() to easily append additional pushed values
186   // that are older (from further down the stack).
187   for (int i = 0; i < push_count; ++i) {
188     instr->AddPushedValue(environment->ExpressionStackAt(i));
189   }
190   for (GrowableBitVector::Iterator it(environment->assigned_variables(),
191                                       zone());
192        !it.Done();
193        it.Advance()) {
194     int index = it.Current();
195     instr->AddAssignedValue(index, environment->Lookup(index));
196   }
197   environment->ClearHistory();
198   return instr;
199 }
200 
201 
Finish(HControlInstruction * end,HSourcePosition position)202 void HBasicBlock::Finish(HControlInstruction* end, HSourcePosition position) {
203   DCHECK(!IsFinished());
204   AddInstruction(end, position);
205   end_ = end;
206   for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
207     it.Current()->RegisterPredecessor(this);
208   }
209 }
210 
211 
Goto(HBasicBlock * block,HSourcePosition position,FunctionState * state,bool add_simulate)212 void HBasicBlock::Goto(HBasicBlock* block,
213                        HSourcePosition position,
214                        FunctionState* state,
215                        bool add_simulate) {
216   bool drop_extra = state != NULL &&
217       state->inlining_kind() == NORMAL_RETURN;
218 
219   if (block->IsInlineReturnTarget()) {
220     HEnvironment* env = last_environment();
221     int argument_count = env->arguments_environment()->parameter_count();
222     AddInstruction(new(zone())
223                    HLeaveInlined(state->entry(), argument_count),
224                    position);
225     UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
226   }
227 
228   if (add_simulate) AddNewSimulate(BailoutId::None(), position);
229   HGoto* instr = new(zone()) HGoto(block);
230   Finish(instr, position);
231 }
232 
233 
AddLeaveInlined(HValue * return_value,FunctionState * state,HSourcePosition position)234 void HBasicBlock::AddLeaveInlined(HValue* return_value,
235                                   FunctionState* state,
236                                   HSourcePosition position) {
237   HBasicBlock* target = state->function_return();
238   bool drop_extra = state->inlining_kind() == NORMAL_RETURN;
239 
240   DCHECK(target->IsInlineReturnTarget());
241   DCHECK(return_value != NULL);
242   HEnvironment* env = last_environment();
243   int argument_count = env->arguments_environment()->parameter_count();
244   AddInstruction(new(zone()) HLeaveInlined(state->entry(), argument_count),
245                  position);
246   UpdateEnvironment(last_environment()->DiscardInlined(drop_extra));
247   last_environment()->Push(return_value);
248   AddNewSimulate(BailoutId::None(), position);
249   HGoto* instr = new(zone()) HGoto(target);
250   Finish(instr, position);
251 }
252 
253 
SetInitialEnvironment(HEnvironment * env)254 void HBasicBlock::SetInitialEnvironment(HEnvironment* env) {
255   DCHECK(!HasEnvironment());
256   DCHECK(first() == NULL);
257   UpdateEnvironment(env);
258 }
259 
260 
UpdateEnvironment(HEnvironment * env)261 void HBasicBlock::UpdateEnvironment(HEnvironment* env) {
262   last_environment_ = env;
263   graph()->update_maximum_environment_size(env->first_expression_index());
264 }
265 
266 
SetJoinId(BailoutId ast_id)267 void HBasicBlock::SetJoinId(BailoutId ast_id) {
268   int length = predecessors_.length();
269   DCHECK(length > 0);
270   for (int i = 0; i < length; i++) {
271     HBasicBlock* predecessor = predecessors_[i];
272     DCHECK(predecessor->end()->IsGoto());
273     HSimulate* simulate = HSimulate::cast(predecessor->end()->previous());
274     DCHECK(i != 0 ||
275            (predecessor->last_environment()->closure().is_null() ||
276             predecessor->last_environment()->closure()->shared()
277               ->VerifyBailoutId(ast_id)));
278     simulate->set_ast_id(ast_id);
279     predecessor->last_environment()->set_ast_id(ast_id);
280   }
281 }
282 
283 
Dominates(HBasicBlock * other) const284 bool HBasicBlock::Dominates(HBasicBlock* other) const {
285   HBasicBlock* current = other->dominator();
286   while (current != NULL) {
287     if (current == this) return true;
288     current = current->dominator();
289   }
290   return false;
291 }
292 
293 
EqualToOrDominates(HBasicBlock * other) const294 bool HBasicBlock::EqualToOrDominates(HBasicBlock* other) const {
295   if (this == other) return true;
296   return Dominates(other);
297 }
298 
299 
LoopNestingDepth() const300 int HBasicBlock::LoopNestingDepth() const {
301   const HBasicBlock* current = this;
302   int result  = (current->IsLoopHeader()) ? 1 : 0;
303   while (current->parent_loop_header() != NULL) {
304     current = current->parent_loop_header();
305     result++;
306   }
307   return result;
308 }
309 
310 
PostProcessLoopHeader(IterationStatement * stmt)311 void HBasicBlock::PostProcessLoopHeader(IterationStatement* stmt) {
312   DCHECK(IsLoopHeader());
313 
314   SetJoinId(stmt->EntryId());
315   if (predecessors()->length() == 1) {
316     // This is a degenerated loop.
317     DetachLoopInformation();
318     return;
319   }
320 
321   // Only the first entry into the loop is from outside the loop. All other
322   // entries must be back edges.
323   for (int i = 1; i < predecessors()->length(); ++i) {
324     loop_information()->RegisterBackEdge(predecessors()->at(i));
325   }
326 }
327 
328 
MarkSuccEdgeUnreachable(int succ)329 void HBasicBlock::MarkSuccEdgeUnreachable(int succ) {
330   DCHECK(IsFinished());
331   HBasicBlock* succ_block = end()->SuccessorAt(succ);
332 
333   DCHECK(succ_block->predecessors()->length() == 1);
334   succ_block->MarkUnreachable();
335 }
336 
337 
RegisterPredecessor(HBasicBlock * pred)338 void HBasicBlock::RegisterPredecessor(HBasicBlock* pred) {
339   if (HasPredecessor()) {
340     // Only loop header blocks can have a predecessor added after
341     // instructions have been added to the block (they have phis for all
342     // values in the environment, these phis may be eliminated later).
343     DCHECK(IsLoopHeader() || first_ == NULL);
344     HEnvironment* incoming_env = pred->last_environment();
345     if (IsLoopHeader()) {
346       DCHECK(phis()->length() == incoming_env->length());
347       for (int i = 0; i < phis_.length(); ++i) {
348         phis_[i]->AddInput(incoming_env->values()->at(i));
349       }
350     } else {
351       last_environment()->AddIncomingEdge(this, pred->last_environment());
352     }
353   } else if (!HasEnvironment() && !IsFinished()) {
354     DCHECK(!IsLoopHeader());
355     SetInitialEnvironment(pred->last_environment()->Copy());
356   }
357 
358   predecessors_.Add(pred, zone());
359 }
360 
361 
AddDominatedBlock(HBasicBlock * block)362 void HBasicBlock::AddDominatedBlock(HBasicBlock* block) {
363   DCHECK(!dominated_blocks_.Contains(block));
364   // Keep the list of dominated blocks sorted such that if there is two
365   // succeeding block in this list, the predecessor is before the successor.
366   int index = 0;
367   while (index < dominated_blocks_.length() &&
368          dominated_blocks_[index]->block_id() < block->block_id()) {
369     ++index;
370   }
371   dominated_blocks_.InsertAt(index, block, zone());
372 }
373 
374 
AssignCommonDominator(HBasicBlock * other)375 void HBasicBlock::AssignCommonDominator(HBasicBlock* other) {
376   if (dominator_ == NULL) {
377     dominator_ = other;
378     other->AddDominatedBlock(this);
379   } else if (other->dominator() != NULL) {
380     HBasicBlock* first = dominator_;
381     HBasicBlock* second = other;
382 
383     while (first != second) {
384       if (first->block_id() > second->block_id()) {
385         first = first->dominator();
386       } else {
387         second = second->dominator();
388       }
389       DCHECK(first != NULL && second != NULL);
390     }
391 
392     if (dominator_ != first) {
393       DCHECK(dominator_->dominated_blocks_.Contains(this));
394       dominator_->dominated_blocks_.RemoveElement(this);
395       dominator_ = first;
396       first->AddDominatedBlock(this);
397     }
398   }
399 }
400 
401 
AssignLoopSuccessorDominators()402 void HBasicBlock::AssignLoopSuccessorDominators() {
403   // Mark blocks that dominate all subsequent reachable blocks inside their
404   // loop. Exploit the fact that blocks are sorted in reverse post order. When
405   // the loop is visited in increasing block id order, if the number of
406   // non-loop-exiting successor edges at the dominator_candidate block doesn't
407   // exceed the number of previously encountered predecessor edges, there is no
408   // path from the loop header to any block with higher id that doesn't go
409   // through the dominator_candidate block. In this case, the
410   // dominator_candidate block is guaranteed to dominate all blocks reachable
411   // from it with higher ids.
412   HBasicBlock* last = loop_information()->GetLastBackEdge();
413   int outstanding_successors = 1;  // one edge from the pre-header
414   // Header always dominates everything.
415   MarkAsLoopSuccessorDominator();
416   for (int j = block_id(); j <= last->block_id(); ++j) {
417     HBasicBlock* dominator_candidate = graph_->blocks()->at(j);
418     for (HPredecessorIterator it(dominator_candidate); !it.Done();
419          it.Advance()) {
420       HBasicBlock* predecessor = it.Current();
421       // Don't count back edges.
422       if (predecessor->block_id() < dominator_candidate->block_id()) {
423         outstanding_successors--;
424       }
425     }
426 
427     // If more successors than predecessors have been seen in the loop up to
428     // now, it's not possible to guarantee that the current block dominates
429     // all of the blocks with higher IDs. In this case, assume conservatively
430     // that those paths through loop that don't go through the current block
431     // contain all of the loop's dependencies. Also be careful to record
432     // dominator information about the current loop that's being processed,
433     // and not nested loops, which will be processed when
434     // AssignLoopSuccessorDominators gets called on their header.
435     DCHECK(outstanding_successors >= 0);
436     HBasicBlock* parent_loop_header = dominator_candidate->parent_loop_header();
437     if (outstanding_successors == 0 &&
438         (parent_loop_header == this && !dominator_candidate->IsLoopHeader())) {
439       dominator_candidate->MarkAsLoopSuccessorDominator();
440     }
441     HControlInstruction* end = dominator_candidate->end();
442     for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
443       HBasicBlock* successor = it.Current();
444       // Only count successors that remain inside the loop and don't loop back
445       // to a loop header.
446       if (successor->block_id() > dominator_candidate->block_id() &&
447           successor->block_id() <= last->block_id()) {
448         // Backwards edges must land on loop headers.
449         DCHECK(successor->block_id() > dominator_candidate->block_id() ||
450                successor->IsLoopHeader());
451         outstanding_successors++;
452       }
453     }
454   }
455 }
456 
457 
PredecessorIndexOf(HBasicBlock * predecessor) const458 int HBasicBlock::PredecessorIndexOf(HBasicBlock* predecessor) const {
459   for (int i = 0; i < predecessors_.length(); ++i) {
460     if (predecessors_[i] == predecessor) return i;
461   }
462   UNREACHABLE();
463   return -1;
464 }
465 
466 
467 #ifdef DEBUG
Verify()468 void HBasicBlock::Verify() {
469   // Check that every block is finished.
470   DCHECK(IsFinished());
471   DCHECK(block_id() >= 0);
472 
473   // Check that the incoming edges are in edge split form.
474   if (predecessors_.length() > 1) {
475     for (int i = 0; i < predecessors_.length(); ++i) {
476       DCHECK(predecessors_[i]->end()->SecondSuccessor() == NULL);
477     }
478   }
479 }
480 #endif
481 
482 
RegisterBackEdge(HBasicBlock * block)483 void HLoopInformation::RegisterBackEdge(HBasicBlock* block) {
484   this->back_edges_.Add(block, block->zone());
485   AddBlock(block);
486 }
487 
488 
GetLastBackEdge() const489 HBasicBlock* HLoopInformation::GetLastBackEdge() const {
490   int max_id = -1;
491   HBasicBlock* result = NULL;
492   for (int i = 0; i < back_edges_.length(); ++i) {
493     HBasicBlock* cur = back_edges_[i];
494     if (cur->block_id() > max_id) {
495       max_id = cur->block_id();
496       result = cur;
497     }
498   }
499   return result;
500 }
501 
502 
AddBlock(HBasicBlock * block)503 void HLoopInformation::AddBlock(HBasicBlock* block) {
504   if (block == loop_header()) return;
505   if (block->parent_loop_header() == loop_header()) return;
506   if (block->parent_loop_header() != NULL) {
507     AddBlock(block->parent_loop_header());
508   } else {
509     block->set_parent_loop_header(loop_header());
510     blocks_.Add(block, block->zone());
511     for (int i = 0; i < block->predecessors()->length(); ++i) {
512       AddBlock(block->predecessors()->at(i));
513     }
514   }
515 }
516 
517 
518 #ifdef DEBUG
519 
520 // Checks reachability of the blocks in this graph and stores a bit in
521 // the BitVector "reachable()" for every block that can be reached
522 // from the start block of the graph. If "dont_visit" is non-null, the given
523 // block is treated as if it would not be part of the graph. "visited_count()"
524 // returns the number of reachable blocks.
525 class ReachabilityAnalyzer BASE_EMBEDDED {
526  public:
ReachabilityAnalyzer(HBasicBlock * entry_block,int block_count,HBasicBlock * dont_visit)527   ReachabilityAnalyzer(HBasicBlock* entry_block,
528                        int block_count,
529                        HBasicBlock* dont_visit)
530       : visited_count_(0),
531         stack_(16, entry_block->zone()),
532         reachable_(block_count, entry_block->zone()),
533         dont_visit_(dont_visit) {
534     PushBlock(entry_block);
535     Analyze();
536   }
537 
visited_count() const538   int visited_count() const { return visited_count_; }
reachable() const539   const BitVector* reachable() const { return &reachable_; }
540 
541  private:
PushBlock(HBasicBlock * block)542   void PushBlock(HBasicBlock* block) {
543     if (block != NULL && block != dont_visit_ &&
544         !reachable_.Contains(block->block_id())) {
545       reachable_.Add(block->block_id());
546       stack_.Add(block, block->zone());
547       visited_count_++;
548     }
549   }
550 
Analyze()551   void Analyze() {
552     while (!stack_.is_empty()) {
553       HControlInstruction* end = stack_.RemoveLast()->end();
554       for (HSuccessorIterator it(end); !it.Done(); it.Advance()) {
555         PushBlock(it.Current());
556       }
557     }
558   }
559 
560   int visited_count_;
561   ZoneList<HBasicBlock*> stack_;
562   BitVector reachable_;
563   HBasicBlock* dont_visit_;
564 };
565 
566 
Verify(bool do_full_verify) const567 void HGraph::Verify(bool do_full_verify) const {
568   Heap::RelocationLock relocation_lock(isolate()->heap());
569   AllowHandleDereference allow_deref;
570   AllowDeferredHandleDereference allow_deferred_deref;
571   for (int i = 0; i < blocks_.length(); i++) {
572     HBasicBlock* block = blocks_.at(i);
573 
574     block->Verify();
575 
576     // Check that every block contains at least one node and that only the last
577     // node is a control instruction.
578     HInstruction* current = block->first();
579     DCHECK(current != NULL && current->IsBlockEntry());
580     while (current != NULL) {
581       DCHECK((current->next() == NULL) == current->IsControlInstruction());
582       DCHECK(current->block() == block);
583       current->Verify();
584       current = current->next();
585     }
586 
587     // Check that successors are correctly set.
588     HBasicBlock* first = block->end()->FirstSuccessor();
589     HBasicBlock* second = block->end()->SecondSuccessor();
590     DCHECK(second == NULL || first != NULL);
591 
592     // Check that the predecessor array is correct.
593     if (first != NULL) {
594       DCHECK(first->predecessors()->Contains(block));
595       if (second != NULL) {
596         DCHECK(second->predecessors()->Contains(block));
597       }
598     }
599 
600     // Check that phis have correct arguments.
601     for (int j = 0; j < block->phis()->length(); j++) {
602       HPhi* phi = block->phis()->at(j);
603       phi->Verify();
604     }
605 
606     // Check that all join blocks have predecessors that end with an
607     // unconditional goto and agree on their environment node id.
608     if (block->predecessors()->length() >= 2) {
609       BailoutId id =
610           block->predecessors()->first()->last_environment()->ast_id();
611       for (int k = 0; k < block->predecessors()->length(); k++) {
612         HBasicBlock* predecessor = block->predecessors()->at(k);
613         DCHECK(predecessor->end()->IsGoto() ||
614                predecessor->end()->IsDeoptimize());
615         DCHECK(predecessor->last_environment()->ast_id() == id);
616       }
617     }
618   }
619 
620   // Check special property of first block to have no predecessors.
621   DCHECK(blocks_.at(0)->predecessors()->is_empty());
622 
623   if (do_full_verify) {
624     // Check that the graph is fully connected.
625     ReachabilityAnalyzer analyzer(entry_block_, blocks_.length(), NULL);
626     DCHECK(analyzer.visited_count() == blocks_.length());
627 
628     // Check that entry block dominator is NULL.
629     DCHECK(entry_block_->dominator() == NULL);
630 
631     // Check dominators.
632     for (int i = 0; i < blocks_.length(); ++i) {
633       HBasicBlock* block = blocks_.at(i);
634       if (block->dominator() == NULL) {
635         // Only start block may have no dominator assigned to.
636         DCHECK(i == 0);
637       } else {
638         // Assert that block is unreachable if dominator must not be visited.
639         ReachabilityAnalyzer dominator_analyzer(entry_block_,
640                                                 blocks_.length(),
641                                                 block->dominator());
642         DCHECK(!dominator_analyzer.reachable()->Contains(block->block_id()));
643       }
644     }
645   }
646 }
647 
648 #endif
649 
650 
GetConstant(SetOncePointer<HConstant> * pointer,int32_t value)651 HConstant* HGraph::GetConstant(SetOncePointer<HConstant>* pointer,
652                                int32_t value) {
653   if (!pointer->is_set()) {
654     // Can't pass GetInvalidContext() to HConstant::New, because that will
655     // recursively call GetConstant
656     HConstant* constant = HConstant::New(zone(), NULL, value);
657     constant->InsertAfter(entry_block()->first());
658     pointer->set(constant);
659     return constant;
660   }
661   return ReinsertConstantIfNecessary(pointer->get());
662 }
663 
664 
ReinsertConstantIfNecessary(HConstant * constant)665 HConstant* HGraph::ReinsertConstantIfNecessary(HConstant* constant) {
666   if (!constant->IsLinked()) {
667     // The constant was removed from the graph. Reinsert.
668     constant->ClearFlag(HValue::kIsDead);
669     constant->InsertAfter(entry_block()->first());
670   }
671   return constant;
672 }
673 
674 
GetConstant0()675 HConstant* HGraph::GetConstant0() {
676   return GetConstant(&constant_0_, 0);
677 }
678 
679 
GetConstant1()680 HConstant* HGraph::GetConstant1() {
681   return GetConstant(&constant_1_, 1);
682 }
683 
684 
GetConstantMinus1()685 HConstant* HGraph::GetConstantMinus1() {
686   return GetConstant(&constant_minus1_, -1);
687 }
688 
689 
690 #define DEFINE_GET_CONSTANT(Name, name, type, htype, boolean_value)            \
691 HConstant* HGraph::GetConstant##Name() {                                       \
692   if (!constant_##name##_.is_set()) {                                          \
693     HConstant* constant = new(zone()) HConstant(                               \
694         Unique<Object>::CreateImmovable(isolate()->factory()->name##_value()), \
695         Unique<Map>::CreateImmovable(isolate()->factory()->type##_map()),      \
696         false,                                                                 \
697         Representation::Tagged(),                                              \
698         htype,                                                                 \
699         true,                                                                  \
700         boolean_value,                                                         \
701         false,                                                                 \
702         ODDBALL_TYPE);                                                         \
703     constant->InsertAfter(entry_block()->first());                             \
704     constant_##name##_.set(constant);                                          \
705   }                                                                            \
706   return ReinsertConstantIfNecessary(constant_##name##_.get());                \
707 }
708 
709 
DEFINE_GET_CONSTANT(Undefined,undefined,undefined,HType::Undefined (),false)710 DEFINE_GET_CONSTANT(Undefined, undefined, undefined, HType::Undefined(), false)
711 DEFINE_GET_CONSTANT(True, true, boolean, HType::Boolean(), true)
712 DEFINE_GET_CONSTANT(False, false, boolean, HType::Boolean(), false)
713 DEFINE_GET_CONSTANT(Hole, the_hole, the_hole, HType::None(), false)
714 DEFINE_GET_CONSTANT(Null, null, null, HType::Null(), false)
715 
716 
717 #undef DEFINE_GET_CONSTANT
718 
719 #define DEFINE_IS_CONSTANT(Name, name)                                         \
720 bool HGraph::IsConstant##Name(HConstant* constant) {                           \
721   return constant_##name##_.is_set() && constant == constant_##name##_.get();  \
722 }
723 DEFINE_IS_CONSTANT(Undefined, undefined)
724 DEFINE_IS_CONSTANT(0, 0)
725 DEFINE_IS_CONSTANT(1, 1)
726 DEFINE_IS_CONSTANT(Minus1, minus1)
727 DEFINE_IS_CONSTANT(True, true)
728 DEFINE_IS_CONSTANT(False, false)
729 DEFINE_IS_CONSTANT(Hole, the_hole)
730 DEFINE_IS_CONSTANT(Null, null)
731 
732 #undef DEFINE_IS_CONSTANT
733 
734 
735 HConstant* HGraph::GetInvalidContext() {
736   return GetConstant(&constant_invalid_context_, 0xFFFFC0C7);
737 }
738 
739 
IsStandardConstant(HConstant * constant)740 bool HGraph::IsStandardConstant(HConstant* constant) {
741   if (IsConstantUndefined(constant)) return true;
742   if (IsConstant0(constant)) return true;
743   if (IsConstant1(constant)) return true;
744   if (IsConstantMinus1(constant)) return true;
745   if (IsConstantTrue(constant)) return true;
746   if (IsConstantFalse(constant)) return true;
747   if (IsConstantHole(constant)) return true;
748   if (IsConstantNull(constant)) return true;
749   return false;
750 }
751 
752 
IfBuilder()753 HGraphBuilder::IfBuilder::IfBuilder() : builder_(NULL), needs_compare_(true) {}
754 
755 
IfBuilder(HGraphBuilder * builder)756 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder)
757     : needs_compare_(true) {
758   Initialize(builder);
759 }
760 
761 
IfBuilder(HGraphBuilder * builder,HIfContinuation * continuation)762 HGraphBuilder::IfBuilder::IfBuilder(HGraphBuilder* builder,
763                                     HIfContinuation* continuation)
764     : needs_compare_(false), first_true_block_(NULL), first_false_block_(NULL) {
765   InitializeDontCreateBlocks(builder);
766   continuation->Continue(&first_true_block_, &first_false_block_);
767 }
768 
769 
InitializeDontCreateBlocks(HGraphBuilder * builder)770 void HGraphBuilder::IfBuilder::InitializeDontCreateBlocks(
771     HGraphBuilder* builder) {
772   builder_ = builder;
773   finished_ = false;
774   did_then_ = false;
775   did_else_ = false;
776   did_else_if_ = false;
777   did_and_ = false;
778   did_or_ = false;
779   captured_ = false;
780   pending_merge_block_ = false;
781   split_edge_merge_block_ = NULL;
782   merge_at_join_blocks_ = NULL;
783   normal_merge_at_join_block_count_ = 0;
784   deopt_merge_at_join_block_count_ = 0;
785 }
786 
787 
Initialize(HGraphBuilder * builder)788 void HGraphBuilder::IfBuilder::Initialize(HGraphBuilder* builder) {
789   InitializeDontCreateBlocks(builder);
790   HEnvironment* env = builder->environment();
791   first_true_block_ = builder->CreateBasicBlock(env->Copy());
792   first_false_block_ = builder->CreateBasicBlock(env->Copy());
793 }
794 
795 
AddCompare(HControlInstruction * compare)796 HControlInstruction* HGraphBuilder::IfBuilder::AddCompare(
797     HControlInstruction* compare) {
798   DCHECK(did_then_ == did_else_);
799   if (did_else_) {
800     // Handle if-then-elseif
801     did_else_if_ = true;
802     did_else_ = false;
803     did_then_ = false;
804     did_and_ = false;
805     did_or_ = false;
806     pending_merge_block_ = false;
807     split_edge_merge_block_ = NULL;
808     HEnvironment* env = builder()->environment();
809     first_true_block_ = builder()->CreateBasicBlock(env->Copy());
810     first_false_block_ = builder()->CreateBasicBlock(env->Copy());
811   }
812   if (split_edge_merge_block_ != NULL) {
813     HEnvironment* env = first_false_block_->last_environment();
814     HBasicBlock* split_edge = builder()->CreateBasicBlock(env->Copy());
815     if (did_or_) {
816       compare->SetSuccessorAt(0, split_edge);
817       compare->SetSuccessorAt(1, first_false_block_);
818     } else {
819       compare->SetSuccessorAt(0, first_true_block_);
820       compare->SetSuccessorAt(1, split_edge);
821     }
822     builder()->GotoNoSimulate(split_edge, split_edge_merge_block_);
823   } else {
824     compare->SetSuccessorAt(0, first_true_block_);
825     compare->SetSuccessorAt(1, first_false_block_);
826   }
827   builder()->FinishCurrentBlock(compare);
828   needs_compare_ = false;
829   return compare;
830 }
831 
832 
Or()833 void HGraphBuilder::IfBuilder::Or() {
834   DCHECK(!needs_compare_);
835   DCHECK(!did_and_);
836   did_or_ = true;
837   HEnvironment* env = first_false_block_->last_environment();
838   if (split_edge_merge_block_ == NULL) {
839     split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
840     builder()->GotoNoSimulate(first_true_block_, split_edge_merge_block_);
841     first_true_block_ = split_edge_merge_block_;
842   }
843   builder()->set_current_block(first_false_block_);
844   first_false_block_ = builder()->CreateBasicBlock(env->Copy());
845 }
846 
847 
And()848 void HGraphBuilder::IfBuilder::And() {
849   DCHECK(!needs_compare_);
850   DCHECK(!did_or_);
851   did_and_ = true;
852   HEnvironment* env = first_false_block_->last_environment();
853   if (split_edge_merge_block_ == NULL) {
854     split_edge_merge_block_ = builder()->CreateBasicBlock(env->Copy());
855     builder()->GotoNoSimulate(first_false_block_, split_edge_merge_block_);
856     first_false_block_ = split_edge_merge_block_;
857   }
858   builder()->set_current_block(first_true_block_);
859   first_true_block_ = builder()->CreateBasicBlock(env->Copy());
860 }
861 
862 
CaptureContinuation(HIfContinuation * continuation)863 void HGraphBuilder::IfBuilder::CaptureContinuation(
864     HIfContinuation* continuation) {
865   DCHECK(!did_else_if_);
866   DCHECK(!finished_);
867   DCHECK(!captured_);
868 
869   HBasicBlock* true_block = NULL;
870   HBasicBlock* false_block = NULL;
871   Finish(&true_block, &false_block);
872   DCHECK(true_block != NULL);
873   DCHECK(false_block != NULL);
874   continuation->Capture(true_block, false_block);
875   captured_ = true;
876   builder()->set_current_block(NULL);
877   End();
878 }
879 
880 
JoinContinuation(HIfContinuation * continuation)881 void HGraphBuilder::IfBuilder::JoinContinuation(HIfContinuation* continuation) {
882   DCHECK(!did_else_if_);
883   DCHECK(!finished_);
884   DCHECK(!captured_);
885   HBasicBlock* true_block = NULL;
886   HBasicBlock* false_block = NULL;
887   Finish(&true_block, &false_block);
888   merge_at_join_blocks_ = NULL;
889   if (true_block != NULL && !true_block->IsFinished()) {
890     DCHECK(continuation->IsTrueReachable());
891     builder()->GotoNoSimulate(true_block, continuation->true_branch());
892   }
893   if (false_block != NULL && !false_block->IsFinished()) {
894     DCHECK(continuation->IsFalseReachable());
895     builder()->GotoNoSimulate(false_block, continuation->false_branch());
896   }
897   captured_ = true;
898   End();
899 }
900 
901 
Then()902 void HGraphBuilder::IfBuilder::Then() {
903   DCHECK(!captured_);
904   DCHECK(!finished_);
905   did_then_ = true;
906   if (needs_compare_) {
907     // Handle if's without any expressions, they jump directly to the "else"
908     // branch. However, we must pretend that the "then" branch is reachable,
909     // so that the graph builder visits it and sees any live range extending
910     // constructs within it.
911     HConstant* constant_false = builder()->graph()->GetConstantFalse();
912     ToBooleanStub::Types boolean_type = ToBooleanStub::Types();
913     boolean_type.Add(ToBooleanStub::BOOLEAN);
914     HBranch* branch = builder()->New<HBranch>(
915         constant_false, boolean_type, first_true_block_, first_false_block_);
916     builder()->FinishCurrentBlock(branch);
917   }
918   builder()->set_current_block(first_true_block_);
919   pending_merge_block_ = true;
920 }
921 
922 
Else()923 void HGraphBuilder::IfBuilder::Else() {
924   DCHECK(did_then_);
925   DCHECK(!captured_);
926   DCHECK(!finished_);
927   AddMergeAtJoinBlock(false);
928   builder()->set_current_block(first_false_block_);
929   pending_merge_block_ = true;
930   did_else_ = true;
931 }
932 
933 
Deopt(const char * reason)934 void HGraphBuilder::IfBuilder::Deopt(const char* reason) {
935   DCHECK(did_then_);
936   builder()->Add<HDeoptimize>(reason, Deoptimizer::EAGER);
937   AddMergeAtJoinBlock(true);
938 }
939 
940 
Return(HValue * value)941 void HGraphBuilder::IfBuilder::Return(HValue* value) {
942   HValue* parameter_count = builder()->graph()->GetConstantMinus1();
943   builder()->FinishExitCurrentBlock(
944       builder()->New<HReturn>(value, parameter_count));
945   AddMergeAtJoinBlock(false);
946 }
947 
948 
AddMergeAtJoinBlock(bool deopt)949 void HGraphBuilder::IfBuilder::AddMergeAtJoinBlock(bool deopt) {
950   if (!pending_merge_block_) return;
951   HBasicBlock* block = builder()->current_block();
952   DCHECK(block == NULL || !block->IsFinished());
953   MergeAtJoinBlock* record = new (builder()->zone())
954       MergeAtJoinBlock(block, deopt, merge_at_join_blocks_);
955   merge_at_join_blocks_ = record;
956   if (block != NULL) {
957     DCHECK(block->end() == NULL);
958     if (deopt) {
959       normal_merge_at_join_block_count_++;
960     } else {
961       deopt_merge_at_join_block_count_++;
962     }
963   }
964   builder()->set_current_block(NULL);
965   pending_merge_block_ = false;
966 }
967 
968 
Finish()969 void HGraphBuilder::IfBuilder::Finish() {
970   DCHECK(!finished_);
971   if (!did_then_) {
972     Then();
973   }
974   AddMergeAtJoinBlock(false);
975   if (!did_else_) {
976     Else();
977     AddMergeAtJoinBlock(false);
978   }
979   finished_ = true;
980 }
981 
982 
Finish(HBasicBlock ** then_continuation,HBasicBlock ** else_continuation)983 void HGraphBuilder::IfBuilder::Finish(HBasicBlock** then_continuation,
984                                       HBasicBlock** else_continuation) {
985   Finish();
986 
987   MergeAtJoinBlock* else_record = merge_at_join_blocks_;
988   if (else_continuation != NULL) {
989     *else_continuation = else_record->block_;
990   }
991   MergeAtJoinBlock* then_record = else_record->next_;
992   if (then_continuation != NULL) {
993     *then_continuation = then_record->block_;
994   }
995   DCHECK(then_record->next_ == NULL);
996 }
997 
998 
End()999 void HGraphBuilder::IfBuilder::End() {
1000   if (captured_) return;
1001   Finish();
1002 
1003   int total_merged_blocks = normal_merge_at_join_block_count_ +
1004     deopt_merge_at_join_block_count_;
1005   DCHECK(total_merged_blocks >= 1);
1006   HBasicBlock* merge_block =
1007       total_merged_blocks == 1 ? NULL : builder()->graph()->CreateBasicBlock();
1008 
1009   // Merge non-deopt blocks first to ensure environment has right size for
1010   // padding.
1011   MergeAtJoinBlock* current = merge_at_join_blocks_;
1012   while (current != NULL) {
1013     if (!current->deopt_ && current->block_ != NULL) {
1014       // If there is only one block that makes it through to the end of the
1015       // if, then just set it as the current block and continue rather then
1016       // creating an unnecessary merge block.
1017       if (total_merged_blocks == 1) {
1018         builder()->set_current_block(current->block_);
1019         return;
1020       }
1021       builder()->GotoNoSimulate(current->block_, merge_block);
1022     }
1023     current = current->next_;
1024   }
1025 
1026   // Merge deopt blocks, padding when necessary.
1027   current = merge_at_join_blocks_;
1028   while (current != NULL) {
1029     if (current->deopt_ && current->block_ != NULL) {
1030       current->block_->FinishExit(HAbnormalExit::New(builder()->zone(), NULL),
1031                                   HSourcePosition::Unknown());
1032     }
1033     current = current->next_;
1034   }
1035   builder()->set_current_block(merge_block);
1036 }
1037 
1038 
LoopBuilder(HGraphBuilder * builder)1039 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder) {
1040   Initialize(builder, NULL, kWhileTrue, NULL);
1041 }
1042 
1043 
LoopBuilder(HGraphBuilder * builder,HValue * context,LoopBuilder::Direction direction)1044 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1045                                         LoopBuilder::Direction direction) {
1046   Initialize(builder, context, direction, builder->graph()->GetConstant1());
1047 }
1048 
1049 
LoopBuilder(HGraphBuilder * builder,HValue * context,LoopBuilder::Direction direction,HValue * increment_amount)1050 HGraphBuilder::LoopBuilder::LoopBuilder(HGraphBuilder* builder, HValue* context,
1051                                         LoopBuilder::Direction direction,
1052                                         HValue* increment_amount) {
1053   Initialize(builder, context, direction, increment_amount);
1054   increment_amount_ = increment_amount;
1055 }
1056 
1057 
Initialize(HGraphBuilder * builder,HValue * context,Direction direction,HValue * increment_amount)1058 void HGraphBuilder::LoopBuilder::Initialize(HGraphBuilder* builder,
1059                                             HValue* context,
1060                                             Direction direction,
1061                                             HValue* increment_amount) {
1062   builder_ = builder;
1063   context_ = context;
1064   direction_ = direction;
1065   increment_amount_ = increment_amount;
1066 
1067   finished_ = false;
1068   header_block_ = builder->CreateLoopHeaderBlock();
1069   body_block_ = NULL;
1070   exit_block_ = NULL;
1071   exit_trampoline_block_ = NULL;
1072 }
1073 
1074 
BeginBody(HValue * initial,HValue * terminating,Token::Value token)1075 HValue* HGraphBuilder::LoopBuilder::BeginBody(
1076     HValue* initial,
1077     HValue* terminating,
1078     Token::Value token) {
1079   DCHECK(direction_ != kWhileTrue);
1080   HEnvironment* env = builder_->environment();
1081   phi_ = header_block_->AddNewPhi(env->values()->length());
1082   phi_->AddInput(initial);
1083   env->Push(initial);
1084   builder_->GotoNoSimulate(header_block_);
1085 
1086   HEnvironment* body_env = env->Copy();
1087   HEnvironment* exit_env = env->Copy();
1088   // Remove the phi from the expression stack
1089   body_env->Pop();
1090   exit_env->Pop();
1091   body_block_ = builder_->CreateBasicBlock(body_env);
1092   exit_block_ = builder_->CreateBasicBlock(exit_env);
1093 
1094   builder_->set_current_block(header_block_);
1095   env->Pop();
1096   builder_->FinishCurrentBlock(builder_->New<HCompareNumericAndBranch>(
1097           phi_, terminating, token, body_block_, exit_block_));
1098 
1099   builder_->set_current_block(body_block_);
1100   if (direction_ == kPreIncrement || direction_ == kPreDecrement) {
1101     HValue* one = builder_->graph()->GetConstant1();
1102     if (direction_ == kPreIncrement) {
1103       increment_ = HAdd::New(zone(), context_, phi_, one);
1104     } else {
1105       increment_ = HSub::New(zone(), context_, phi_, one);
1106     }
1107     increment_->ClearFlag(HValue::kCanOverflow);
1108     builder_->AddInstruction(increment_);
1109     return increment_;
1110   } else {
1111     return phi_;
1112   }
1113 }
1114 
1115 
BeginBody(int drop_count)1116 void HGraphBuilder::LoopBuilder::BeginBody(int drop_count) {
1117   DCHECK(direction_ == kWhileTrue);
1118   HEnvironment* env = builder_->environment();
1119   builder_->GotoNoSimulate(header_block_);
1120   builder_->set_current_block(header_block_);
1121   env->Drop(drop_count);
1122 }
1123 
1124 
Break()1125 void HGraphBuilder::LoopBuilder::Break() {
1126   if (exit_trampoline_block_ == NULL) {
1127     // Its the first time we saw a break.
1128     if (direction_ == kWhileTrue) {
1129       HEnvironment* env = builder_->environment()->Copy();
1130       exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1131     } else {
1132       HEnvironment* env = exit_block_->last_environment()->Copy();
1133       exit_trampoline_block_ = builder_->CreateBasicBlock(env);
1134       builder_->GotoNoSimulate(exit_block_, exit_trampoline_block_);
1135     }
1136   }
1137 
1138   builder_->GotoNoSimulate(exit_trampoline_block_);
1139   builder_->set_current_block(NULL);
1140 }
1141 
1142 
EndBody()1143 void HGraphBuilder::LoopBuilder::EndBody() {
1144   DCHECK(!finished_);
1145 
1146   if (direction_ == kPostIncrement || direction_ == kPostDecrement) {
1147     if (direction_ == kPostIncrement) {
1148       increment_ = HAdd::New(zone(), context_, phi_, increment_amount_);
1149     } else {
1150       increment_ = HSub::New(zone(), context_, phi_, increment_amount_);
1151     }
1152     increment_->ClearFlag(HValue::kCanOverflow);
1153     builder_->AddInstruction(increment_);
1154   }
1155 
1156   if (direction_ != kWhileTrue) {
1157     // Push the new increment value on the expression stack to merge into
1158     // the phi.
1159     builder_->environment()->Push(increment_);
1160   }
1161   HBasicBlock* last_block = builder_->current_block();
1162   builder_->GotoNoSimulate(last_block, header_block_);
1163   header_block_->loop_information()->RegisterBackEdge(last_block);
1164 
1165   if (exit_trampoline_block_ != NULL) {
1166     builder_->set_current_block(exit_trampoline_block_);
1167   } else {
1168     builder_->set_current_block(exit_block_);
1169   }
1170   finished_ = true;
1171 }
1172 
1173 
CreateGraph()1174 HGraph* HGraphBuilder::CreateGraph() {
1175   graph_ = new(zone()) HGraph(info_);
1176   if (FLAG_hydrogen_stats) isolate()->GetHStatistics()->Initialize(info_);
1177   CompilationPhase phase("H_Block building", info_);
1178   set_current_block(graph()->entry_block());
1179   if (!BuildGraph()) return NULL;
1180   graph()->FinalizeUniqueness();
1181   return graph_;
1182 }
1183 
1184 
AddInstruction(HInstruction * instr)1185 HInstruction* HGraphBuilder::AddInstruction(HInstruction* instr) {
1186   DCHECK(current_block() != NULL);
1187   DCHECK(!FLAG_hydrogen_track_positions ||
1188          !position_.IsUnknown() ||
1189          !info_->IsOptimizing());
1190   current_block()->AddInstruction(instr, source_position());
1191   if (graph()->IsInsideNoSideEffectsScope()) {
1192     instr->SetFlag(HValue::kHasNoObservableSideEffects);
1193   }
1194   return instr;
1195 }
1196 
1197 
FinishCurrentBlock(HControlInstruction * last)1198 void HGraphBuilder::FinishCurrentBlock(HControlInstruction* last) {
1199   DCHECK(!FLAG_hydrogen_track_positions ||
1200          !info_->IsOptimizing() ||
1201          !position_.IsUnknown());
1202   current_block()->Finish(last, source_position());
1203   if (last->IsReturn() || last->IsAbnormalExit()) {
1204     set_current_block(NULL);
1205   }
1206 }
1207 
1208 
FinishExitCurrentBlock(HControlInstruction * instruction)1209 void HGraphBuilder::FinishExitCurrentBlock(HControlInstruction* instruction) {
1210   DCHECK(!FLAG_hydrogen_track_positions || !info_->IsOptimizing() ||
1211          !position_.IsUnknown());
1212   current_block()->FinishExit(instruction, source_position());
1213   if (instruction->IsReturn() || instruction->IsAbnormalExit()) {
1214     set_current_block(NULL);
1215   }
1216 }
1217 
1218 
AddIncrementCounter(StatsCounter * counter)1219 void HGraphBuilder::AddIncrementCounter(StatsCounter* counter) {
1220   if (FLAG_native_code_counters && counter->Enabled()) {
1221     HValue* reference = Add<HConstant>(ExternalReference(counter));
1222     HValue* old_value = Add<HLoadNamedField>(
1223         reference, static_cast<HValue*>(NULL), HObjectAccess::ForCounter());
1224     HValue* new_value = AddUncasted<HAdd>(old_value, graph()->GetConstant1());
1225     new_value->ClearFlag(HValue::kCanOverflow);  // Ignore counter overflow
1226     Add<HStoreNamedField>(reference, HObjectAccess::ForCounter(),
1227                           new_value, STORE_TO_INITIALIZED_ENTRY);
1228   }
1229 }
1230 
1231 
AddSimulate(BailoutId id,RemovableSimulate removable)1232 void HGraphBuilder::AddSimulate(BailoutId id,
1233                                 RemovableSimulate removable) {
1234   DCHECK(current_block() != NULL);
1235   DCHECK(!graph()->IsInsideNoSideEffectsScope());
1236   current_block()->AddNewSimulate(id, source_position(), removable);
1237 }
1238 
1239 
CreateBasicBlock(HEnvironment * env)1240 HBasicBlock* HGraphBuilder::CreateBasicBlock(HEnvironment* env) {
1241   HBasicBlock* b = graph()->CreateBasicBlock();
1242   b->SetInitialEnvironment(env);
1243   return b;
1244 }
1245 
1246 
CreateLoopHeaderBlock()1247 HBasicBlock* HGraphBuilder::CreateLoopHeaderBlock() {
1248   HBasicBlock* header = graph()->CreateBasicBlock();
1249   HEnvironment* entry_env = environment()->CopyAsLoopHeader(header);
1250   header->SetInitialEnvironment(entry_env);
1251   header->AttachLoopInformation();
1252   return header;
1253 }
1254 
1255 
BuildGetElementsKind(HValue * object)1256 HValue* HGraphBuilder::BuildGetElementsKind(HValue* object) {
1257   HValue* map = Add<HLoadNamedField>(object, static_cast<HValue*>(NULL),
1258                                      HObjectAccess::ForMap());
1259 
1260   HValue* bit_field2 = Add<HLoadNamedField>(map, static_cast<HValue*>(NULL),
1261                                             HObjectAccess::ForMapBitField2());
1262   return BuildDecodeField<Map::ElementsKindBits>(bit_field2);
1263 }
1264 
1265 
BuildCheckHeapObject(HValue * obj)1266 HValue* HGraphBuilder::BuildCheckHeapObject(HValue* obj) {
1267   if (obj->type().IsHeapObject()) return obj;
1268   return Add<HCheckHeapObject>(obj);
1269 }
1270 
1271 
FinishExitWithHardDeoptimization(const char * reason)1272 void HGraphBuilder::FinishExitWithHardDeoptimization(const char* reason) {
1273   Add<HDeoptimize>(reason, Deoptimizer::EAGER);
1274   FinishExitCurrentBlock(New<HAbnormalExit>());
1275 }
1276 
1277 
BuildCheckString(HValue * string)1278 HValue* HGraphBuilder::BuildCheckString(HValue* string) {
1279   if (!string->type().IsString()) {
1280     DCHECK(!string->IsConstant() ||
1281            !HConstant::cast(string)->HasStringValue());
1282     BuildCheckHeapObject(string);
1283     return Add<HCheckInstanceType>(string, HCheckInstanceType::IS_STRING);
1284   }
1285   return string;
1286 }
1287 
1288 
BuildWrapReceiver(HValue * object,HValue * function)1289 HValue* HGraphBuilder::BuildWrapReceiver(HValue* object, HValue* function) {
1290   if (object->type().IsJSObject()) return object;
1291   if (function->IsConstant() &&
1292       HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
1293     Handle<JSFunction> f = Handle<JSFunction>::cast(
1294         HConstant::cast(function)->handle(isolate()));
1295     SharedFunctionInfo* shared = f->shared();
1296     if (shared->strict_mode() == STRICT || shared->native()) return object;
1297   }
1298   return Add<HWrapReceiver>(object, function);
1299 }
1300 
1301 
BuildCheckForCapacityGrow(HValue * object,HValue * elements,ElementsKind kind,HValue * length,HValue * key,bool is_js_array,PropertyAccessType access_type)1302 HValue* HGraphBuilder::BuildCheckForCapacityGrow(
1303     HValue* object,
1304     HValue* elements,
1305     ElementsKind kind,
1306     HValue* length,
1307     HValue* key,
1308     bool is_js_array,
1309     PropertyAccessType access_type) {
1310   IfBuilder length_checker(this);
1311 
1312   Token::Value token = IsHoleyElementsKind(kind) ? Token::GTE : Token::EQ;
1313   length_checker.If<HCompareNumericAndBranch>(key, length, token);
1314 
1315   length_checker.Then();
1316 
1317   HValue* current_capacity = AddLoadFixedArrayLength(elements);
1318 
1319   IfBuilder capacity_checker(this);
1320 
1321   capacity_checker.If<HCompareNumericAndBranch>(key, current_capacity,
1322                                                 Token::GTE);
1323   capacity_checker.Then();
1324 
1325   HValue* max_gap = Add<HConstant>(static_cast<int32_t>(JSObject::kMaxGap));
1326   HValue* max_capacity = AddUncasted<HAdd>(current_capacity, max_gap);
1327 
1328   Add<HBoundsCheck>(key, max_capacity);
1329 
1330   HValue* new_capacity = BuildNewElementsCapacity(key);
1331   HValue* new_elements = BuildGrowElementsCapacity(object, elements,
1332                                                    kind, kind, length,
1333                                                    new_capacity);
1334 
1335   environment()->Push(new_elements);
1336   capacity_checker.Else();
1337 
1338   environment()->Push(elements);
1339   capacity_checker.End();
1340 
1341   if (is_js_array) {
1342     HValue* new_length = AddUncasted<HAdd>(key, graph_->GetConstant1());
1343     new_length->ClearFlag(HValue::kCanOverflow);
1344 
1345     Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(kind),
1346                           new_length);
1347   }
1348 
1349   if (access_type == STORE && kind == FAST_SMI_ELEMENTS) {
1350     HValue* checked_elements = environment()->Top();
1351 
1352     // Write zero to ensure that the new element is initialized with some smi.
1353     Add<HStoreKeyed>(checked_elements, key, graph()->GetConstant0(), kind);
1354   }
1355 
1356   length_checker.Else();
1357   Add<HBoundsCheck>(key, length);
1358 
1359   environment()->Push(elements);
1360   length_checker.End();
1361 
1362   return environment()->Pop();
1363 }
1364 
1365 
BuildCopyElementsOnWrite(HValue * object,HValue * elements,ElementsKind kind,HValue * length)1366 HValue* HGraphBuilder::BuildCopyElementsOnWrite(HValue* object,
1367                                                 HValue* elements,
1368                                                 ElementsKind kind,
1369                                                 HValue* length) {
1370   Factory* factory = isolate()->factory();
1371 
1372   IfBuilder cow_checker(this);
1373 
1374   cow_checker.If<HCompareMap>(elements, factory->fixed_cow_array_map());
1375   cow_checker.Then();
1376 
1377   HValue* capacity = AddLoadFixedArrayLength(elements);
1378 
1379   HValue* new_elements = BuildGrowElementsCapacity(object, elements, kind,
1380                                                    kind, length, capacity);
1381 
1382   environment()->Push(new_elements);
1383 
1384   cow_checker.Else();
1385 
1386   environment()->Push(elements);
1387 
1388   cow_checker.End();
1389 
1390   return environment()->Pop();
1391 }
1392 
1393 
BuildTransitionElementsKind(HValue * object,HValue * map,ElementsKind from_kind,ElementsKind to_kind,bool is_jsarray)1394 void HGraphBuilder::BuildTransitionElementsKind(HValue* object,
1395                                                 HValue* map,
1396                                                 ElementsKind from_kind,
1397                                                 ElementsKind to_kind,
1398                                                 bool is_jsarray) {
1399   DCHECK(!IsFastHoleyElementsKind(from_kind) ||
1400          IsFastHoleyElementsKind(to_kind));
1401 
1402   if (AllocationSite::GetMode(from_kind, to_kind) == TRACK_ALLOCATION_SITE) {
1403     Add<HTrapAllocationMemento>(object);
1404   }
1405 
1406   if (!IsSimpleMapChangeTransition(from_kind, to_kind)) {
1407     HInstruction* elements = AddLoadElements(object);
1408 
1409     HInstruction* empty_fixed_array = Add<HConstant>(
1410         isolate()->factory()->empty_fixed_array());
1411 
1412     IfBuilder if_builder(this);
1413 
1414     if_builder.IfNot<HCompareObjectEqAndBranch>(elements, empty_fixed_array);
1415 
1416     if_builder.Then();
1417 
1418     HInstruction* elements_length = AddLoadFixedArrayLength(elements);
1419 
1420     HInstruction* array_length = is_jsarray
1421         ? Add<HLoadNamedField>(object, static_cast<HValue*>(NULL),
1422                                HObjectAccess::ForArrayLength(from_kind))
1423         : elements_length;
1424 
1425     BuildGrowElementsCapacity(object, elements, from_kind, to_kind,
1426                               array_length, elements_length);
1427 
1428     if_builder.End();
1429   }
1430 
1431   Add<HStoreNamedField>(object, HObjectAccess::ForMap(), map);
1432 }
1433 
1434 
BuildJSObjectCheck(HValue * receiver,int bit_field_mask)1435 void HGraphBuilder::BuildJSObjectCheck(HValue* receiver,
1436                                        int bit_field_mask) {
1437   // Check that the object isn't a smi.
1438   Add<HCheckHeapObject>(receiver);
1439 
1440   // Get the map of the receiver.
1441   HValue* map = Add<HLoadNamedField>(receiver, static_cast<HValue*>(NULL),
1442                                      HObjectAccess::ForMap());
1443 
1444   // Check the instance type and if an access check is needed, this can be
1445   // done with a single load, since both bytes are adjacent in the map.
1446   HObjectAccess access(HObjectAccess::ForMapInstanceTypeAndBitField());
1447   HValue* instance_type_and_bit_field =
1448       Add<HLoadNamedField>(map, static_cast<HValue*>(NULL), access);
1449 
1450   HValue* mask = Add<HConstant>(0x00FF | (bit_field_mask << 8));
1451   HValue* and_result = AddUncasted<HBitwise>(Token::BIT_AND,
1452                                              instance_type_and_bit_field,
1453                                              mask);
1454   HValue* sub_result = AddUncasted<HSub>(and_result,
1455                                          Add<HConstant>(JS_OBJECT_TYPE));
1456   Add<HBoundsCheck>(sub_result,
1457                     Add<HConstant>(LAST_JS_OBJECT_TYPE + 1 - JS_OBJECT_TYPE));
1458 }
1459 
1460 
BuildKeyedIndexCheck(HValue * key,HIfContinuation * join_continuation)1461 void HGraphBuilder::BuildKeyedIndexCheck(HValue* key,
1462                                          HIfContinuation* join_continuation) {
1463   // The sometimes unintuitively backward ordering of the ifs below is
1464   // convoluted, but necessary.  All of the paths must guarantee that the
1465   // if-true of the continuation returns a smi element index and the if-false of
1466   // the continuation returns either a symbol or a unique string key. All other
1467   // object types cause a deopt to fall back to the runtime.
1468 
1469   IfBuilder key_smi_if(this);
1470   key_smi_if.If<HIsSmiAndBranch>(key);
1471   key_smi_if.Then();
1472   {
1473     Push(key);  // Nothing to do, just continue to true of continuation.
1474   }
1475   key_smi_if.Else();
1476   {
1477     HValue* map = Add<HLoadNamedField>(key, static_cast<HValue*>(NULL),
1478                                        HObjectAccess::ForMap());
1479     HValue* instance_type =
1480         Add<HLoadNamedField>(map, static_cast<HValue*>(NULL),
1481                              HObjectAccess::ForMapInstanceType());
1482 
1483     // Non-unique string, check for a string with a hash code that is actually
1484     // an index.
1485     STATIC_ASSERT(LAST_UNIQUE_NAME_TYPE == FIRST_NONSTRING_TYPE);
1486     IfBuilder not_string_or_name_if(this);
1487     not_string_or_name_if.If<HCompareNumericAndBranch>(
1488         instance_type,
1489         Add<HConstant>(LAST_UNIQUE_NAME_TYPE),
1490         Token::GT);
1491 
1492     not_string_or_name_if.Then();
1493     {
1494       // Non-smi, non-Name, non-String: Try to convert to smi in case of
1495       // HeapNumber.
1496       // TODO(danno): This could call some variant of ToString
1497       Push(AddUncasted<HForceRepresentation>(key, Representation::Smi()));
1498     }
1499     not_string_or_name_if.Else();
1500     {
1501       // String or Name: check explicitly for Name, they can short-circuit
1502       // directly to unique non-index key path.
1503       IfBuilder not_symbol_if(this);
1504       not_symbol_if.If<HCompareNumericAndBranch>(
1505           instance_type,
1506           Add<HConstant>(SYMBOL_TYPE),
1507           Token::NE);
1508 
1509       not_symbol_if.Then();
1510       {
1511         // String: check whether the String is a String of an index. If it is,
1512         // extract the index value from the hash.
1513         HValue* hash =
1514             Add<HLoadNamedField>(key, static_cast<HValue*>(NULL),
1515                                  HObjectAccess::ForNameHashField());
1516         HValue* not_index_mask = Add<HConstant>(static_cast<int>(
1517             String::kContainsCachedArrayIndexMask));
1518 
1519         HValue* not_index_test = AddUncasted<HBitwise>(
1520             Token::BIT_AND, hash, not_index_mask);
1521 
1522         IfBuilder string_index_if(this);
1523         string_index_if.If<HCompareNumericAndBranch>(not_index_test,
1524                                                      graph()->GetConstant0(),
1525                                                      Token::EQ);
1526         string_index_if.Then();
1527         {
1528           // String with index in hash: extract string and merge to index path.
1529           Push(BuildDecodeField<String::ArrayIndexValueBits>(hash));
1530         }
1531         string_index_if.Else();
1532         {
1533           // Key is a non-index String, check for uniqueness/internalization.
1534           // If it's not internalized yet, internalize it now.
1535           HValue* not_internalized_bit = AddUncasted<HBitwise>(
1536               Token::BIT_AND,
1537               instance_type,
1538               Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1539 
1540           IfBuilder internalized(this);
1541           internalized.If<HCompareNumericAndBranch>(not_internalized_bit,
1542                                                     graph()->GetConstant0(),
1543                                                     Token::EQ);
1544           internalized.Then();
1545           Push(key);
1546 
1547           internalized.Else();
1548           Add<HPushArguments>(key);
1549           HValue* intern_key = Add<HCallRuntime>(
1550               isolate()->factory()->empty_string(),
1551               Runtime::FunctionForId(Runtime::kInternalizeString), 1);
1552           Push(intern_key);
1553 
1554           internalized.End();
1555           // Key guaranteed to be a unique string
1556         }
1557         string_index_if.JoinContinuation(join_continuation);
1558       }
1559       not_symbol_if.Else();
1560       {
1561         Push(key);  // Key is symbol
1562       }
1563       not_symbol_if.JoinContinuation(join_continuation);
1564     }
1565     not_string_or_name_if.JoinContinuation(join_continuation);
1566   }
1567   key_smi_if.JoinContinuation(join_continuation);
1568 }
1569 
1570 
BuildNonGlobalObjectCheck(HValue * receiver)1571 void HGraphBuilder::BuildNonGlobalObjectCheck(HValue* receiver) {
1572   // Get the the instance type of the receiver, and make sure that it is
1573   // not one of the global object types.
1574   HValue* map = Add<HLoadNamedField>(receiver, static_cast<HValue*>(NULL),
1575                                      HObjectAccess::ForMap());
1576   HValue* instance_type =
1577     Add<HLoadNamedField>(map, static_cast<HValue*>(NULL),
1578                          HObjectAccess::ForMapInstanceType());
1579   STATIC_ASSERT(JS_BUILTINS_OBJECT_TYPE == JS_GLOBAL_OBJECT_TYPE + 1);
1580   HValue* min_global_type = Add<HConstant>(JS_GLOBAL_OBJECT_TYPE);
1581   HValue* max_global_type = Add<HConstant>(JS_BUILTINS_OBJECT_TYPE);
1582 
1583   IfBuilder if_global_object(this);
1584   if_global_object.If<HCompareNumericAndBranch>(instance_type,
1585                                                 max_global_type,
1586                                                 Token::LTE);
1587   if_global_object.And();
1588   if_global_object.If<HCompareNumericAndBranch>(instance_type,
1589                                                 min_global_type,
1590                                                 Token::GTE);
1591   if_global_object.ThenDeopt("receiver was a global object");
1592   if_global_object.End();
1593 }
1594 
1595 
BuildTestForDictionaryProperties(HValue * object,HIfContinuation * continuation)1596 void HGraphBuilder::BuildTestForDictionaryProperties(
1597     HValue* object,
1598     HIfContinuation* continuation) {
1599   HValue* properties = Add<HLoadNamedField>(
1600       object, static_cast<HValue*>(NULL),
1601       HObjectAccess::ForPropertiesPointer());
1602   HValue* properties_map =
1603       Add<HLoadNamedField>(properties, static_cast<HValue*>(NULL),
1604                            HObjectAccess::ForMap());
1605   HValue* hash_map = Add<HLoadRoot>(Heap::kHashTableMapRootIndex);
1606   IfBuilder builder(this);
1607   builder.If<HCompareObjectEqAndBranch>(properties_map, hash_map);
1608   builder.CaptureContinuation(continuation);
1609 }
1610 
1611 
BuildKeyedLookupCacheHash(HValue * object,HValue * key)1612 HValue* HGraphBuilder::BuildKeyedLookupCacheHash(HValue* object,
1613                                                  HValue* key) {
1614   // Load the map of the receiver, compute the keyed lookup cache hash
1615   // based on 32 bits of the map pointer and the string hash.
1616   HValue* object_map =
1617       Add<HLoadNamedField>(object, static_cast<HValue*>(NULL),
1618                            HObjectAccess::ForMapAsInteger32());
1619   HValue* shifted_map = AddUncasted<HShr>(
1620       object_map, Add<HConstant>(KeyedLookupCache::kMapHashShift));
1621   HValue* string_hash =
1622       Add<HLoadNamedField>(key, static_cast<HValue*>(NULL),
1623                            HObjectAccess::ForStringHashField());
1624   HValue* shifted_hash = AddUncasted<HShr>(
1625       string_hash, Add<HConstant>(String::kHashShift));
1626   HValue* xor_result = AddUncasted<HBitwise>(Token::BIT_XOR, shifted_map,
1627                                              shifted_hash);
1628   int mask = (KeyedLookupCache::kCapacityMask & KeyedLookupCache::kHashMask);
1629   return AddUncasted<HBitwise>(Token::BIT_AND, xor_result,
1630                                Add<HConstant>(mask));
1631 }
1632 
1633 
BuildElementIndexHash(HValue * index)1634 HValue* HGraphBuilder::BuildElementIndexHash(HValue* index) {
1635   int32_t seed_value = static_cast<uint32_t>(isolate()->heap()->HashSeed());
1636   HValue* seed = Add<HConstant>(seed_value);
1637   HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, index, seed);
1638 
1639   // hash = ~hash + (hash << 15);
1640   HValue* shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(15));
1641   HValue* not_hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash,
1642                                            graph()->GetConstantMinus1());
1643   hash = AddUncasted<HAdd>(shifted_hash, not_hash);
1644 
1645   // hash = hash ^ (hash >> 12);
1646   shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(12));
1647   hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1648 
1649   // hash = hash + (hash << 2);
1650   shifted_hash = AddUncasted<HShl>(hash, Add<HConstant>(2));
1651   hash = AddUncasted<HAdd>(hash, shifted_hash);
1652 
1653   // hash = hash ^ (hash >> 4);
1654   shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(4));
1655   hash = AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1656 
1657   // hash = hash * 2057;
1658   hash = AddUncasted<HMul>(hash, Add<HConstant>(2057));
1659   hash->ClearFlag(HValue::kCanOverflow);
1660 
1661   // hash = hash ^ (hash >> 16);
1662   shifted_hash = AddUncasted<HShr>(hash, Add<HConstant>(16));
1663   return AddUncasted<HBitwise>(Token::BIT_XOR, hash, shifted_hash);
1664 }
1665 
1666 
BuildUncheckedDictionaryElementLoad(HValue * receiver,HValue * elements,HValue * key,HValue * hash)1667 HValue* HGraphBuilder::BuildUncheckedDictionaryElementLoad(HValue* receiver,
1668                                                            HValue* elements,
1669                                                            HValue* key,
1670                                                            HValue* hash) {
1671   HValue* capacity = Add<HLoadKeyed>(
1672       elements,
1673       Add<HConstant>(NameDictionary::kCapacityIndex),
1674       static_cast<HValue*>(NULL),
1675       FAST_ELEMENTS);
1676 
1677   HValue* mask = AddUncasted<HSub>(capacity, graph()->GetConstant1());
1678   mask->ChangeRepresentation(Representation::Integer32());
1679   mask->ClearFlag(HValue::kCanOverflow);
1680 
1681   HValue* entry = hash;
1682   HValue* count = graph()->GetConstant1();
1683   Push(entry);
1684   Push(count);
1685 
1686   HIfContinuation return_or_loop_continuation(graph()->CreateBasicBlock(),
1687                                               graph()->CreateBasicBlock());
1688   HIfContinuation found_key_match_continuation(graph()->CreateBasicBlock(),
1689                                                graph()->CreateBasicBlock());
1690   LoopBuilder probe_loop(this);
1691   probe_loop.BeginBody(2);  // Drop entry, count from last environment to
1692                             // appease live range building without simulates.
1693 
1694   count = Pop();
1695   entry = Pop();
1696   entry = AddUncasted<HBitwise>(Token::BIT_AND, entry, mask);
1697   int entry_size = SeededNumberDictionary::kEntrySize;
1698   HValue* base_index = AddUncasted<HMul>(entry, Add<HConstant>(entry_size));
1699   base_index->ClearFlag(HValue::kCanOverflow);
1700   int start_offset = SeededNumberDictionary::kElementsStartIndex;
1701   HValue* key_index =
1702       AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset));
1703   key_index->ClearFlag(HValue::kCanOverflow);
1704 
1705   HValue* candidate_key = Add<HLoadKeyed>(
1706       elements, key_index, static_cast<HValue*>(NULL), FAST_ELEMENTS);
1707   IfBuilder if_undefined(this);
1708   if_undefined.If<HCompareObjectEqAndBranch>(candidate_key,
1709                                              graph()->GetConstantUndefined());
1710   if_undefined.Then();
1711   {
1712     // element == undefined means "not found". Call the runtime.
1713     // TODO(jkummerow): walk the prototype chain instead.
1714     Add<HPushArguments>(receiver, key);
1715     Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
1716                            Runtime::FunctionForId(Runtime::kKeyedGetProperty),
1717                            2));
1718   }
1719   if_undefined.Else();
1720   {
1721     IfBuilder if_match(this);
1722     if_match.If<HCompareObjectEqAndBranch>(candidate_key, key);
1723     if_match.Then();
1724     if_match.Else();
1725 
1726     // Update non-internalized string in the dictionary with internalized key?
1727     IfBuilder if_update_with_internalized(this);
1728     HValue* smi_check =
1729         if_update_with_internalized.IfNot<HIsSmiAndBranch>(candidate_key);
1730     if_update_with_internalized.And();
1731     HValue* map = AddLoadMap(candidate_key, smi_check);
1732     HValue* instance_type = Add<HLoadNamedField>(
1733         map, static_cast<HValue*>(NULL), HObjectAccess::ForMapInstanceType());
1734     HValue* not_internalized_bit = AddUncasted<HBitwise>(
1735         Token::BIT_AND, instance_type,
1736         Add<HConstant>(static_cast<int>(kIsNotInternalizedMask)));
1737     if_update_with_internalized.If<HCompareNumericAndBranch>(
1738         not_internalized_bit, graph()->GetConstant0(), Token::NE);
1739     if_update_with_internalized.And();
1740     if_update_with_internalized.IfNot<HCompareObjectEqAndBranch>(
1741         candidate_key, graph()->GetConstantHole());
1742     if_update_with_internalized.AndIf<HStringCompareAndBranch>(candidate_key,
1743                                                                key, Token::EQ);
1744     if_update_with_internalized.Then();
1745     // Replace a key that is a non-internalized string by the equivalent
1746     // internalized string for faster further lookups.
1747     Add<HStoreKeyed>(elements, key_index, key, FAST_ELEMENTS);
1748     if_update_with_internalized.Else();
1749 
1750     if_update_with_internalized.JoinContinuation(&found_key_match_continuation);
1751     if_match.JoinContinuation(&found_key_match_continuation);
1752 
1753     IfBuilder found_key_match(this, &found_key_match_continuation);
1754     found_key_match.Then();
1755     // Key at current probe matches. Relevant bits in the |details| field must
1756     // be zero, otherwise the dictionary element requires special handling.
1757     HValue* details_index =
1758         AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 2));
1759     details_index->ClearFlag(HValue::kCanOverflow);
1760     HValue* details = Add<HLoadKeyed>(
1761         elements, details_index, static_cast<HValue*>(NULL), FAST_ELEMENTS);
1762     int details_mask = PropertyDetails::TypeField::kMask |
1763                        PropertyDetails::DeletedField::kMask;
1764     details = AddUncasted<HBitwise>(Token::BIT_AND, details,
1765                                     Add<HConstant>(details_mask));
1766     IfBuilder details_compare(this);
1767     details_compare.If<HCompareNumericAndBranch>(
1768         details, graph()->GetConstant0(), Token::EQ);
1769     details_compare.Then();
1770     HValue* result_index =
1771         AddUncasted<HAdd>(base_index, Add<HConstant>(start_offset + 1));
1772     result_index->ClearFlag(HValue::kCanOverflow);
1773     Push(Add<HLoadKeyed>(elements, result_index, static_cast<HValue*>(NULL),
1774                          FAST_ELEMENTS));
1775     details_compare.Else();
1776     Add<HPushArguments>(receiver, key);
1777     Push(Add<HCallRuntime>(isolate()->factory()->empty_string(),
1778                            Runtime::FunctionForId(Runtime::kKeyedGetProperty),
1779                            2));
1780     details_compare.End();
1781 
1782     found_key_match.Else();
1783     found_key_match.JoinContinuation(&return_or_loop_continuation);
1784   }
1785   if_undefined.JoinContinuation(&return_or_loop_continuation);
1786 
1787   IfBuilder return_or_loop(this, &return_or_loop_continuation);
1788   return_or_loop.Then();
1789   probe_loop.Break();
1790 
1791   return_or_loop.Else();
1792   entry = AddUncasted<HAdd>(entry, count);
1793   entry->ClearFlag(HValue::kCanOverflow);
1794   count = AddUncasted<HAdd>(count, graph()->GetConstant1());
1795   count->ClearFlag(HValue::kCanOverflow);
1796   Push(entry);
1797   Push(count);
1798 
1799   probe_loop.EndBody();
1800 
1801   return_or_loop.End();
1802 
1803   return Pop();
1804 }
1805 
1806 
BuildRegExpConstructResult(HValue * length,HValue * index,HValue * input)1807 HValue* HGraphBuilder::BuildRegExpConstructResult(HValue* length,
1808                                                   HValue* index,
1809                                                   HValue* input) {
1810   NoObservableSideEffectsScope scope(this);
1811   HConstant* max_length = Add<HConstant>(JSObject::kInitialMaxFastElementArray);
1812   Add<HBoundsCheck>(length, max_length);
1813 
1814   // Generate size calculation code here in order to make it dominate
1815   // the JSRegExpResult allocation.
1816   ElementsKind elements_kind = FAST_ELEMENTS;
1817   HValue* size = BuildCalculateElementsSize(elements_kind, length);
1818 
1819   // Allocate the JSRegExpResult and the FixedArray in one step.
1820   HValue* result = Add<HAllocate>(
1821       Add<HConstant>(JSRegExpResult::kSize), HType::JSArray(),
1822       NOT_TENURED, JS_ARRAY_TYPE);
1823 
1824   // Initialize the JSRegExpResult header.
1825   HValue* global_object = Add<HLoadNamedField>(
1826       context(), static_cast<HValue*>(NULL),
1827       HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
1828   HValue* native_context = Add<HLoadNamedField>(
1829       global_object, static_cast<HValue*>(NULL),
1830       HObjectAccess::ForGlobalObjectNativeContext());
1831   Add<HStoreNamedField>(
1832       result, HObjectAccess::ForMap(),
1833       Add<HLoadNamedField>(
1834           native_context, static_cast<HValue*>(NULL),
1835           HObjectAccess::ForContextSlot(Context::REGEXP_RESULT_MAP_INDEX)));
1836   HConstant* empty_fixed_array =
1837       Add<HConstant>(isolate()->factory()->empty_fixed_array());
1838   Add<HStoreNamedField>(
1839       result, HObjectAccess::ForJSArrayOffset(JSArray::kPropertiesOffset),
1840       empty_fixed_array);
1841   Add<HStoreNamedField>(
1842       result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1843       empty_fixed_array);
1844   Add<HStoreNamedField>(
1845       result, HObjectAccess::ForJSArrayOffset(JSArray::kLengthOffset), length);
1846 
1847   // Initialize the additional fields.
1848   Add<HStoreNamedField>(
1849       result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kIndexOffset),
1850       index);
1851   Add<HStoreNamedField>(
1852       result, HObjectAccess::ForJSArrayOffset(JSRegExpResult::kInputOffset),
1853       input);
1854 
1855   // Allocate and initialize the elements header.
1856   HAllocate* elements = BuildAllocateElements(elements_kind, size);
1857   BuildInitializeElementsHeader(elements, elements_kind, length);
1858 
1859   if (!elements->has_size_upper_bound()) {
1860     HConstant* size_in_bytes_upper_bound = EstablishElementsAllocationSize(
1861         elements_kind, max_length->Integer32Value());
1862     elements->set_size_upper_bound(size_in_bytes_upper_bound);
1863   }
1864 
1865   Add<HStoreNamedField>(
1866       result, HObjectAccess::ForJSArrayOffset(JSArray::kElementsOffset),
1867       elements);
1868 
1869   // Initialize the elements contents with undefined.
1870   BuildFillElementsWithValue(
1871       elements, elements_kind, graph()->GetConstant0(), length,
1872       graph()->GetConstantUndefined());
1873 
1874   return result;
1875 }
1876 
1877 
BuildNumberToString(HValue * object,Type * type)1878 HValue* HGraphBuilder::BuildNumberToString(HValue* object, Type* type) {
1879   NoObservableSideEffectsScope scope(this);
1880 
1881   // Convert constant numbers at compile time.
1882   if (object->IsConstant() && HConstant::cast(object)->HasNumberValue()) {
1883     Handle<Object> number = HConstant::cast(object)->handle(isolate());
1884     Handle<String> result = isolate()->factory()->NumberToString(number);
1885     return Add<HConstant>(result);
1886   }
1887 
1888   // Create a joinable continuation.
1889   HIfContinuation found(graph()->CreateBasicBlock(),
1890                         graph()->CreateBasicBlock());
1891 
1892   // Load the number string cache.
1893   HValue* number_string_cache =
1894       Add<HLoadRoot>(Heap::kNumberStringCacheRootIndex);
1895 
1896   // Make the hash mask from the length of the number string cache. It
1897   // contains two elements (number and string) for each cache entry.
1898   HValue* mask = AddLoadFixedArrayLength(number_string_cache);
1899   mask->set_type(HType::Smi());
1900   mask = AddUncasted<HSar>(mask, graph()->GetConstant1());
1901   mask = AddUncasted<HSub>(mask, graph()->GetConstant1());
1902 
1903   // Check whether object is a smi.
1904   IfBuilder if_objectissmi(this);
1905   if_objectissmi.If<HIsSmiAndBranch>(object);
1906   if_objectissmi.Then();
1907   {
1908     // Compute hash for smi similar to smi_get_hash().
1909     HValue* hash = AddUncasted<HBitwise>(Token::BIT_AND, object, mask);
1910 
1911     // Load the key.
1912     HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1913     HValue* key = Add<HLoadKeyed>(number_string_cache, key_index,
1914                                   static_cast<HValue*>(NULL),
1915                                   FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1916 
1917     // Check if object == key.
1918     IfBuilder if_objectiskey(this);
1919     if_objectiskey.If<HCompareObjectEqAndBranch>(object, key);
1920     if_objectiskey.Then();
1921     {
1922       // Make the key_index available.
1923       Push(key_index);
1924     }
1925     if_objectiskey.JoinContinuation(&found);
1926   }
1927   if_objectissmi.Else();
1928   {
1929     if (type->Is(Type::SignedSmall())) {
1930       if_objectissmi.Deopt("Expected smi");
1931     } else {
1932       // Check if the object is a heap number.
1933       IfBuilder if_objectisnumber(this);
1934       HValue* objectisnumber = if_objectisnumber.If<HCompareMap>(
1935           object, isolate()->factory()->heap_number_map());
1936       if_objectisnumber.Then();
1937       {
1938         // Compute hash for heap number similar to double_get_hash().
1939         HValue* low = Add<HLoadNamedField>(
1940             object, objectisnumber,
1941             HObjectAccess::ForHeapNumberValueLowestBits());
1942         HValue* high = Add<HLoadNamedField>(
1943             object, objectisnumber,
1944             HObjectAccess::ForHeapNumberValueHighestBits());
1945         HValue* hash = AddUncasted<HBitwise>(Token::BIT_XOR, low, high);
1946         hash = AddUncasted<HBitwise>(Token::BIT_AND, hash, mask);
1947 
1948         // Load the key.
1949         HValue* key_index = AddUncasted<HShl>(hash, graph()->GetConstant1());
1950         HValue* key = Add<HLoadKeyed>(number_string_cache, key_index,
1951                                       static_cast<HValue*>(NULL),
1952                                       FAST_ELEMENTS, ALLOW_RETURN_HOLE);
1953 
1954         // Check if the key is a heap number and compare it with the object.
1955         IfBuilder if_keyisnotsmi(this);
1956         HValue* keyisnotsmi = if_keyisnotsmi.IfNot<HIsSmiAndBranch>(key);
1957         if_keyisnotsmi.Then();
1958         {
1959           IfBuilder if_keyisheapnumber(this);
1960           if_keyisheapnumber.If<HCompareMap>(
1961               key, isolate()->factory()->heap_number_map());
1962           if_keyisheapnumber.Then();
1963           {
1964             // Check if values of key and object match.
1965             IfBuilder if_keyeqobject(this);
1966             if_keyeqobject.If<HCompareNumericAndBranch>(
1967                 Add<HLoadNamedField>(key, keyisnotsmi,
1968                                      HObjectAccess::ForHeapNumberValue()),
1969                 Add<HLoadNamedField>(object, objectisnumber,
1970                                      HObjectAccess::ForHeapNumberValue()),
1971                 Token::EQ);
1972             if_keyeqobject.Then();
1973             {
1974               // Make the key_index available.
1975               Push(key_index);
1976             }
1977             if_keyeqobject.JoinContinuation(&found);
1978           }
1979           if_keyisheapnumber.JoinContinuation(&found);
1980         }
1981         if_keyisnotsmi.JoinContinuation(&found);
1982       }
1983       if_objectisnumber.Else();
1984       {
1985         if (type->Is(Type::Number())) {
1986           if_objectisnumber.Deopt("Expected heap number");
1987         }
1988       }
1989       if_objectisnumber.JoinContinuation(&found);
1990     }
1991   }
1992   if_objectissmi.JoinContinuation(&found);
1993 
1994   // Check for cache hit.
1995   IfBuilder if_found(this, &found);
1996   if_found.Then();
1997   {
1998     // Count number to string operation in native code.
1999     AddIncrementCounter(isolate()->counters()->number_to_string_native());
2000 
2001     // Load the value in case of cache hit.
2002     HValue* key_index = Pop();
2003     HValue* value_index = AddUncasted<HAdd>(key_index, graph()->GetConstant1());
2004     Push(Add<HLoadKeyed>(number_string_cache, value_index,
2005                          static_cast<HValue*>(NULL),
2006                          FAST_ELEMENTS, ALLOW_RETURN_HOLE));
2007   }
2008   if_found.Else();
2009   {
2010     // Cache miss, fallback to runtime.
2011     Add<HPushArguments>(object);
2012     Push(Add<HCallRuntime>(
2013             isolate()->factory()->empty_string(),
2014             Runtime::FunctionForId(Runtime::kNumberToStringSkipCache),
2015             1));
2016   }
2017   if_found.End();
2018 
2019   return Pop();
2020 }
2021 
2022 
BuildAllocate(HValue * object_size,HType type,InstanceType instance_type,HAllocationMode allocation_mode)2023 HAllocate* HGraphBuilder::BuildAllocate(
2024     HValue* object_size,
2025     HType type,
2026     InstanceType instance_type,
2027     HAllocationMode allocation_mode) {
2028   // Compute the effective allocation size.
2029   HValue* size = object_size;
2030   if (allocation_mode.CreateAllocationMementos()) {
2031     size = AddUncasted<HAdd>(size, Add<HConstant>(AllocationMemento::kSize));
2032     size->ClearFlag(HValue::kCanOverflow);
2033   }
2034 
2035   // Perform the actual allocation.
2036   HAllocate* object = Add<HAllocate>(
2037       size, type, allocation_mode.GetPretenureMode(),
2038       instance_type, allocation_mode.feedback_site());
2039 
2040   // Setup the allocation memento.
2041   if (allocation_mode.CreateAllocationMementos()) {
2042     BuildCreateAllocationMemento(
2043         object, object_size, allocation_mode.current_site());
2044   }
2045 
2046   return object;
2047 }
2048 
2049 
BuildAddStringLengths(HValue * left_length,HValue * right_length)2050 HValue* HGraphBuilder::BuildAddStringLengths(HValue* left_length,
2051                                              HValue* right_length) {
2052   // Compute the combined string length and check against max string length.
2053   HValue* length = AddUncasted<HAdd>(left_length, right_length);
2054   // Check that length <= kMaxLength <=> length < MaxLength + 1.
2055   HValue* max_length = Add<HConstant>(String::kMaxLength + 1);
2056   Add<HBoundsCheck>(length, max_length);
2057   return length;
2058 }
2059 
2060 
BuildCreateConsString(HValue * length,HValue * left,HValue * right,HAllocationMode allocation_mode)2061 HValue* HGraphBuilder::BuildCreateConsString(
2062     HValue* length,
2063     HValue* left,
2064     HValue* right,
2065     HAllocationMode allocation_mode) {
2066   // Determine the string instance types.
2067   HInstruction* left_instance_type = AddLoadStringInstanceType(left);
2068   HInstruction* right_instance_type = AddLoadStringInstanceType(right);
2069 
2070   // Allocate the cons string object. HAllocate does not care whether we
2071   // pass CONS_STRING_TYPE or CONS_ONE_BYTE_STRING_TYPE here, so we just use
2072   // CONS_STRING_TYPE here. Below we decide whether the cons string is
2073   // one-byte or two-byte and set the appropriate map.
2074   DCHECK(HAllocate::CompatibleInstanceTypes(CONS_STRING_TYPE,
2075                                             CONS_ONE_BYTE_STRING_TYPE));
2076   HAllocate* result = BuildAllocate(Add<HConstant>(ConsString::kSize),
2077                                     HType::String(), CONS_STRING_TYPE,
2078                                     allocation_mode);
2079 
2080   // Compute intersection and difference of instance types.
2081   HValue* anded_instance_types = AddUncasted<HBitwise>(
2082       Token::BIT_AND, left_instance_type, right_instance_type);
2083   HValue* xored_instance_types = AddUncasted<HBitwise>(
2084       Token::BIT_XOR, left_instance_type, right_instance_type);
2085 
2086   // We create a one-byte cons string if
2087   // 1. both strings are one-byte, or
2088   // 2. at least one of the strings is two-byte, but happens to contain only
2089   //    one-byte characters.
2090   // To do this, we check
2091   // 1. if both strings are one-byte, or if the one-byte data hint is set in
2092   //    both strings, or
2093   // 2. if one of the strings has the one-byte data hint set and the other
2094   //    string is one-byte.
2095   IfBuilder if_onebyte(this);
2096   STATIC_ASSERT(kOneByteStringTag != 0);
2097   STATIC_ASSERT(kOneByteDataHintMask != 0);
2098   if_onebyte.If<HCompareNumericAndBranch>(
2099       AddUncasted<HBitwise>(
2100           Token::BIT_AND, anded_instance_types,
2101           Add<HConstant>(static_cast<int32_t>(
2102                   kStringEncodingMask | kOneByteDataHintMask))),
2103       graph()->GetConstant0(), Token::NE);
2104   if_onebyte.Or();
2105   STATIC_ASSERT(kOneByteStringTag != 0 &&
2106                 kOneByteDataHintTag != 0 &&
2107                 kOneByteDataHintTag != kOneByteStringTag);
2108   if_onebyte.If<HCompareNumericAndBranch>(
2109       AddUncasted<HBitwise>(
2110           Token::BIT_AND, xored_instance_types,
2111           Add<HConstant>(static_cast<int32_t>(
2112                   kOneByteStringTag | kOneByteDataHintTag))),
2113       Add<HConstant>(static_cast<int32_t>(
2114               kOneByteStringTag | kOneByteDataHintTag)), Token::EQ);
2115   if_onebyte.Then();
2116   {
2117     // We can safely skip the write barrier for storing the map here.
2118     Add<HStoreNamedField>(
2119         result, HObjectAccess::ForMap(),
2120         Add<HConstant>(isolate()->factory()->cons_one_byte_string_map()));
2121   }
2122   if_onebyte.Else();
2123   {
2124     // We can safely skip the write barrier for storing the map here.
2125     Add<HStoreNamedField>(
2126         result, HObjectAccess::ForMap(),
2127         Add<HConstant>(isolate()->factory()->cons_string_map()));
2128   }
2129   if_onebyte.End();
2130 
2131   // Initialize the cons string fields.
2132   Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2133                         Add<HConstant>(String::kEmptyHashField));
2134   Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2135   Add<HStoreNamedField>(result, HObjectAccess::ForConsStringFirst(), left);
2136   Add<HStoreNamedField>(result, HObjectAccess::ForConsStringSecond(), right);
2137 
2138   // Count the native string addition.
2139   AddIncrementCounter(isolate()->counters()->string_add_native());
2140 
2141   return result;
2142 }
2143 
2144 
BuildCopySeqStringChars(HValue * src,HValue * src_offset,String::Encoding src_encoding,HValue * dst,HValue * dst_offset,String::Encoding dst_encoding,HValue * length)2145 void HGraphBuilder::BuildCopySeqStringChars(HValue* src,
2146                                             HValue* src_offset,
2147                                             String::Encoding src_encoding,
2148                                             HValue* dst,
2149                                             HValue* dst_offset,
2150                                             String::Encoding dst_encoding,
2151                                             HValue* length) {
2152   DCHECK(dst_encoding != String::ONE_BYTE_ENCODING ||
2153          src_encoding == String::ONE_BYTE_ENCODING);
2154   LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
2155   HValue* index = loop.BeginBody(graph()->GetConstant0(), length, Token::LT);
2156   {
2157     HValue* src_index = AddUncasted<HAdd>(src_offset, index);
2158     HValue* value =
2159         AddUncasted<HSeqStringGetChar>(src_encoding, src, src_index);
2160     HValue* dst_index = AddUncasted<HAdd>(dst_offset, index);
2161     Add<HSeqStringSetChar>(dst_encoding, dst, dst_index, value);
2162   }
2163   loop.EndBody();
2164 }
2165 
2166 
BuildObjectSizeAlignment(HValue * unaligned_size,int header_size)2167 HValue* HGraphBuilder::BuildObjectSizeAlignment(
2168     HValue* unaligned_size, int header_size) {
2169   DCHECK((header_size & kObjectAlignmentMask) == 0);
2170   HValue* size = AddUncasted<HAdd>(
2171       unaligned_size, Add<HConstant>(static_cast<int32_t>(
2172           header_size + kObjectAlignmentMask)));
2173   size->ClearFlag(HValue::kCanOverflow);
2174   return AddUncasted<HBitwise>(
2175       Token::BIT_AND, size, Add<HConstant>(static_cast<int32_t>(
2176           ~kObjectAlignmentMask)));
2177 }
2178 
2179 
BuildUncheckedStringAdd(HValue * left,HValue * right,HAllocationMode allocation_mode)2180 HValue* HGraphBuilder::BuildUncheckedStringAdd(
2181     HValue* left,
2182     HValue* right,
2183     HAllocationMode allocation_mode) {
2184   // Determine the string lengths.
2185   HValue* left_length = AddLoadStringLength(left);
2186   HValue* right_length = AddLoadStringLength(right);
2187 
2188   // Compute the combined string length.
2189   HValue* length = BuildAddStringLengths(left_length, right_length);
2190 
2191   // Do some manual constant folding here.
2192   if (left_length->IsConstant()) {
2193     HConstant* c_left_length = HConstant::cast(left_length);
2194     DCHECK_NE(0, c_left_length->Integer32Value());
2195     if (c_left_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2196       // The right string contains at least one character.
2197       return BuildCreateConsString(length, left, right, allocation_mode);
2198     }
2199   } else if (right_length->IsConstant()) {
2200     HConstant* c_right_length = HConstant::cast(right_length);
2201     DCHECK_NE(0, c_right_length->Integer32Value());
2202     if (c_right_length->Integer32Value() + 1 >= ConsString::kMinLength) {
2203       // The left string contains at least one character.
2204       return BuildCreateConsString(length, left, right, allocation_mode);
2205     }
2206   }
2207 
2208   // Check if we should create a cons string.
2209   IfBuilder if_createcons(this);
2210   if_createcons.If<HCompareNumericAndBranch>(
2211       length, Add<HConstant>(ConsString::kMinLength), Token::GTE);
2212   if_createcons.Then();
2213   {
2214     // Create a cons string.
2215     Push(BuildCreateConsString(length, left, right, allocation_mode));
2216   }
2217   if_createcons.Else();
2218   {
2219     // Determine the string instance types.
2220     HValue* left_instance_type = AddLoadStringInstanceType(left);
2221     HValue* right_instance_type = AddLoadStringInstanceType(right);
2222 
2223     // Compute union and difference of instance types.
2224     HValue* ored_instance_types = AddUncasted<HBitwise>(
2225         Token::BIT_OR, left_instance_type, right_instance_type);
2226     HValue* xored_instance_types = AddUncasted<HBitwise>(
2227         Token::BIT_XOR, left_instance_type, right_instance_type);
2228 
2229     // Check if both strings have the same encoding and both are
2230     // sequential.
2231     IfBuilder if_sameencodingandsequential(this);
2232     if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2233         AddUncasted<HBitwise>(
2234             Token::BIT_AND, xored_instance_types,
2235             Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2236         graph()->GetConstant0(), Token::EQ);
2237     if_sameencodingandsequential.And();
2238     STATIC_ASSERT(kSeqStringTag == 0);
2239     if_sameencodingandsequential.If<HCompareNumericAndBranch>(
2240         AddUncasted<HBitwise>(
2241             Token::BIT_AND, ored_instance_types,
2242             Add<HConstant>(static_cast<int32_t>(kStringRepresentationMask))),
2243         graph()->GetConstant0(), Token::EQ);
2244     if_sameencodingandsequential.Then();
2245     {
2246       HConstant* string_map =
2247           Add<HConstant>(isolate()->factory()->string_map());
2248       HConstant* one_byte_string_map =
2249           Add<HConstant>(isolate()->factory()->one_byte_string_map());
2250 
2251       // Determine map and size depending on whether result is one-byte string.
2252       IfBuilder if_onebyte(this);
2253       STATIC_ASSERT(kOneByteStringTag != 0);
2254       if_onebyte.If<HCompareNumericAndBranch>(
2255           AddUncasted<HBitwise>(
2256               Token::BIT_AND, ored_instance_types,
2257               Add<HConstant>(static_cast<int32_t>(kStringEncodingMask))),
2258           graph()->GetConstant0(), Token::NE);
2259       if_onebyte.Then();
2260       {
2261         // Allocate sequential one-byte string object.
2262         Push(length);
2263         Push(one_byte_string_map);
2264       }
2265       if_onebyte.Else();
2266       {
2267         // Allocate sequential two-byte string object.
2268         HValue* size = AddUncasted<HShl>(length, graph()->GetConstant1());
2269         size->ClearFlag(HValue::kCanOverflow);
2270         size->SetFlag(HValue::kUint32);
2271         Push(size);
2272         Push(string_map);
2273       }
2274       if_onebyte.End();
2275       HValue* map = Pop();
2276 
2277       // Calculate the number of bytes needed for the characters in the
2278       // string while observing object alignment.
2279       STATIC_ASSERT((SeqString::kHeaderSize & kObjectAlignmentMask) == 0);
2280       HValue* size = BuildObjectSizeAlignment(Pop(), SeqString::kHeaderSize);
2281 
2282       // Allocate the string object. HAllocate does not care whether we pass
2283       // STRING_TYPE or ONE_BYTE_STRING_TYPE here, so we just use STRING_TYPE.
2284       HAllocate* result = BuildAllocate(
2285           size, HType::String(), STRING_TYPE, allocation_mode);
2286       Add<HStoreNamedField>(result, HObjectAccess::ForMap(), map);
2287 
2288       // Initialize the string fields.
2289       Add<HStoreNamedField>(result, HObjectAccess::ForStringHashField(),
2290                             Add<HConstant>(String::kEmptyHashField));
2291       Add<HStoreNamedField>(result, HObjectAccess::ForStringLength(), length);
2292 
2293       // Copy characters to the result string.
2294       IfBuilder if_twobyte(this);
2295       if_twobyte.If<HCompareObjectEqAndBranch>(map, string_map);
2296       if_twobyte.Then();
2297       {
2298         // Copy characters from the left string.
2299         BuildCopySeqStringChars(
2300             left, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2301             result, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2302             left_length);
2303 
2304         // Copy characters from the right string.
2305         BuildCopySeqStringChars(
2306             right, graph()->GetConstant0(), String::TWO_BYTE_ENCODING,
2307             result, left_length, String::TWO_BYTE_ENCODING,
2308             right_length);
2309       }
2310       if_twobyte.Else();
2311       {
2312         // Copy characters from the left string.
2313         BuildCopySeqStringChars(
2314             left, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2315             result, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2316             left_length);
2317 
2318         // Copy characters from the right string.
2319         BuildCopySeqStringChars(
2320             right, graph()->GetConstant0(), String::ONE_BYTE_ENCODING,
2321             result, left_length, String::ONE_BYTE_ENCODING,
2322             right_length);
2323       }
2324       if_twobyte.End();
2325 
2326       // Count the native string addition.
2327       AddIncrementCounter(isolate()->counters()->string_add_native());
2328 
2329       // Return the sequential string.
2330       Push(result);
2331     }
2332     if_sameencodingandsequential.Else();
2333     {
2334       // Fallback to the runtime to add the two strings.
2335       Add<HPushArguments>(left, right);
2336       Push(Add<HCallRuntime>(
2337             isolate()->factory()->empty_string(),
2338             Runtime::FunctionForId(Runtime::kStringAdd),
2339             2));
2340     }
2341     if_sameencodingandsequential.End();
2342   }
2343   if_createcons.End();
2344 
2345   return Pop();
2346 }
2347 
2348 
BuildStringAdd(HValue * left,HValue * right,HAllocationMode allocation_mode)2349 HValue* HGraphBuilder::BuildStringAdd(
2350     HValue* left,
2351     HValue* right,
2352     HAllocationMode allocation_mode) {
2353   NoObservableSideEffectsScope no_effects(this);
2354 
2355   // Determine string lengths.
2356   HValue* left_length = AddLoadStringLength(left);
2357   HValue* right_length = AddLoadStringLength(right);
2358 
2359   // Check if left string is empty.
2360   IfBuilder if_leftempty(this);
2361   if_leftempty.If<HCompareNumericAndBranch>(
2362       left_length, graph()->GetConstant0(), Token::EQ);
2363   if_leftempty.Then();
2364   {
2365     // Count the native string addition.
2366     AddIncrementCounter(isolate()->counters()->string_add_native());
2367 
2368     // Just return the right string.
2369     Push(right);
2370   }
2371   if_leftempty.Else();
2372   {
2373     // Check if right string is empty.
2374     IfBuilder if_rightempty(this);
2375     if_rightempty.If<HCompareNumericAndBranch>(
2376         right_length, graph()->GetConstant0(), Token::EQ);
2377     if_rightempty.Then();
2378     {
2379       // Count the native string addition.
2380       AddIncrementCounter(isolate()->counters()->string_add_native());
2381 
2382       // Just return the left string.
2383       Push(left);
2384     }
2385     if_rightempty.Else();
2386     {
2387       // Add the two non-empty strings.
2388       Push(BuildUncheckedStringAdd(left, right, allocation_mode));
2389     }
2390     if_rightempty.End();
2391   }
2392   if_leftempty.End();
2393 
2394   return Pop();
2395 }
2396 
2397 
BuildUncheckedMonomorphicElementAccess(HValue * checked_object,HValue * key,HValue * val,bool is_js_array,ElementsKind elements_kind,PropertyAccessType access_type,LoadKeyedHoleMode load_mode,KeyedAccessStoreMode store_mode)2398 HInstruction* HGraphBuilder::BuildUncheckedMonomorphicElementAccess(
2399     HValue* checked_object,
2400     HValue* key,
2401     HValue* val,
2402     bool is_js_array,
2403     ElementsKind elements_kind,
2404     PropertyAccessType access_type,
2405     LoadKeyedHoleMode load_mode,
2406     KeyedAccessStoreMode store_mode) {
2407   DCHECK((!IsExternalArrayElementsKind(elements_kind) &&
2408               !IsFixedTypedArrayElementsKind(elements_kind)) ||
2409          !is_js_array);
2410   // No GVNFlag is necessary for ElementsKind if there is an explicit dependency
2411   // on a HElementsTransition instruction. The flag can also be removed if the
2412   // map to check has FAST_HOLEY_ELEMENTS, since there can be no further
2413   // ElementsKind transitions. Finally, the dependency can be removed for stores
2414   // for FAST_ELEMENTS, since a transition to HOLEY elements won't change the
2415   // generated store code.
2416   if ((elements_kind == FAST_HOLEY_ELEMENTS) ||
2417       (elements_kind == FAST_ELEMENTS && access_type == STORE)) {
2418     checked_object->ClearDependsOnFlag(kElementsKind);
2419   }
2420 
2421   bool fast_smi_only_elements = IsFastSmiElementsKind(elements_kind);
2422   bool fast_elements = IsFastObjectElementsKind(elements_kind);
2423   HValue* elements = AddLoadElements(checked_object);
2424   if (access_type == STORE && (fast_elements || fast_smi_only_elements) &&
2425       store_mode != STORE_NO_TRANSITION_HANDLE_COW) {
2426     HCheckMaps* check_cow_map = Add<HCheckMaps>(
2427         elements, isolate()->factory()->fixed_array_map());
2428     check_cow_map->ClearDependsOnFlag(kElementsKind);
2429   }
2430   HInstruction* length = NULL;
2431   if (is_js_array) {
2432     length = Add<HLoadNamedField>(
2433         checked_object->ActualValue(), checked_object,
2434         HObjectAccess::ForArrayLength(elements_kind));
2435   } else {
2436     length = AddLoadFixedArrayLength(elements);
2437   }
2438   length->set_type(HType::Smi());
2439   HValue* checked_key = NULL;
2440   if (IsExternalArrayElementsKind(elements_kind) ||
2441       IsFixedTypedArrayElementsKind(elements_kind)) {
2442     HValue* backing_store;
2443     if (IsExternalArrayElementsKind(elements_kind)) {
2444       backing_store = Add<HLoadNamedField>(
2445           elements, static_cast<HValue*>(NULL),
2446           HObjectAccess::ForExternalArrayExternalPointer());
2447     } else {
2448       backing_store = elements;
2449     }
2450     if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
2451       NoObservableSideEffectsScope no_effects(this);
2452       IfBuilder length_checker(this);
2453       length_checker.If<HCompareNumericAndBranch>(key, length, Token::LT);
2454       length_checker.Then();
2455       IfBuilder negative_checker(this);
2456       HValue* bounds_check = negative_checker.If<HCompareNumericAndBranch>(
2457           key, graph()->GetConstant0(), Token::GTE);
2458       negative_checker.Then();
2459       HInstruction* result = AddElementAccess(
2460           backing_store, key, val, bounds_check, elements_kind, access_type);
2461       negative_checker.ElseDeopt("Negative key encountered");
2462       negative_checker.End();
2463       length_checker.End();
2464       return result;
2465     } else {
2466       DCHECK(store_mode == STANDARD_STORE);
2467       checked_key = Add<HBoundsCheck>(key, length);
2468       return AddElementAccess(
2469           backing_store, checked_key, val,
2470           checked_object, elements_kind, access_type);
2471     }
2472   }
2473   DCHECK(fast_smi_only_elements ||
2474          fast_elements ||
2475          IsFastDoubleElementsKind(elements_kind));
2476 
2477   // In case val is stored into a fast smi array, assure that the value is a smi
2478   // before manipulating the backing store. Otherwise the actual store may
2479   // deopt, leaving the backing store in an invalid state.
2480   if (access_type == STORE && IsFastSmiElementsKind(elements_kind) &&
2481       !val->type().IsSmi()) {
2482     val = AddUncasted<HForceRepresentation>(val, Representation::Smi());
2483   }
2484 
2485   if (IsGrowStoreMode(store_mode)) {
2486     NoObservableSideEffectsScope no_effects(this);
2487     Representation representation = HStoreKeyed::RequiredValueRepresentation(
2488         elements_kind, STORE_TO_INITIALIZED_ENTRY);
2489     val = AddUncasted<HForceRepresentation>(val, representation);
2490     elements = BuildCheckForCapacityGrow(checked_object, elements,
2491                                          elements_kind, length, key,
2492                                          is_js_array, access_type);
2493     checked_key = key;
2494   } else {
2495     checked_key = Add<HBoundsCheck>(key, length);
2496 
2497     if (access_type == STORE && (fast_elements || fast_smi_only_elements)) {
2498       if (store_mode == STORE_NO_TRANSITION_HANDLE_COW) {
2499         NoObservableSideEffectsScope no_effects(this);
2500         elements = BuildCopyElementsOnWrite(checked_object, elements,
2501                                             elements_kind, length);
2502       } else {
2503         HCheckMaps* check_cow_map = Add<HCheckMaps>(
2504             elements, isolate()->factory()->fixed_array_map());
2505         check_cow_map->ClearDependsOnFlag(kElementsKind);
2506       }
2507     }
2508   }
2509   return AddElementAccess(elements, checked_key, val, checked_object,
2510                           elements_kind, access_type, load_mode);
2511 }
2512 
2513 
BuildAllocateArrayFromLength(JSArrayBuilder * array_builder,HValue * length_argument)2514 HValue* HGraphBuilder::BuildAllocateArrayFromLength(
2515     JSArrayBuilder* array_builder,
2516     HValue* length_argument) {
2517   if (length_argument->IsConstant() &&
2518       HConstant::cast(length_argument)->HasSmiValue()) {
2519     int array_length = HConstant::cast(length_argument)->Integer32Value();
2520     if (array_length == 0) {
2521       return array_builder->AllocateEmptyArray();
2522     } else {
2523       return array_builder->AllocateArray(length_argument,
2524                                           array_length,
2525                                           length_argument);
2526     }
2527   }
2528 
2529   HValue* constant_zero = graph()->GetConstant0();
2530   HConstant* max_alloc_length =
2531       Add<HConstant>(JSObject::kInitialMaxFastElementArray);
2532   HInstruction* checked_length = Add<HBoundsCheck>(length_argument,
2533                                                    max_alloc_length);
2534   IfBuilder if_builder(this);
2535   if_builder.If<HCompareNumericAndBranch>(checked_length, constant_zero,
2536                                           Token::EQ);
2537   if_builder.Then();
2538   const int initial_capacity = JSArray::kPreallocatedArrayElements;
2539   HConstant* initial_capacity_node = Add<HConstant>(initial_capacity);
2540   Push(initial_capacity_node);  // capacity
2541   Push(constant_zero);          // length
2542   if_builder.Else();
2543   if (!(top_info()->IsStub()) &&
2544       IsFastPackedElementsKind(array_builder->kind())) {
2545     // We'll come back later with better (holey) feedback.
2546     if_builder.Deopt("Holey array despite packed elements_kind feedback");
2547   } else {
2548     Push(checked_length);         // capacity
2549     Push(checked_length);         // length
2550   }
2551   if_builder.End();
2552 
2553   // Figure out total size
2554   HValue* length = Pop();
2555   HValue* capacity = Pop();
2556   return array_builder->AllocateArray(capacity, max_alloc_length, length);
2557 }
2558 
2559 
BuildCalculateElementsSize(ElementsKind kind,HValue * capacity)2560 HValue* HGraphBuilder::BuildCalculateElementsSize(ElementsKind kind,
2561                                                   HValue* capacity) {
2562   int elements_size = IsFastDoubleElementsKind(kind)
2563       ? kDoubleSize
2564       : kPointerSize;
2565 
2566   HConstant* elements_size_value = Add<HConstant>(elements_size);
2567   HInstruction* mul = HMul::NewImul(zone(), context(),
2568                                     capacity->ActualValue(),
2569                                     elements_size_value);
2570   AddInstruction(mul);
2571   mul->ClearFlag(HValue::kCanOverflow);
2572 
2573   STATIC_ASSERT(FixedDoubleArray::kHeaderSize == FixedArray::kHeaderSize);
2574 
2575   HConstant* header_size = Add<HConstant>(FixedArray::kHeaderSize);
2576   HValue* total_size = AddUncasted<HAdd>(mul, header_size);
2577   total_size->ClearFlag(HValue::kCanOverflow);
2578   return total_size;
2579 }
2580 
2581 
AllocateJSArrayObject(AllocationSiteMode mode)2582 HAllocate* HGraphBuilder::AllocateJSArrayObject(AllocationSiteMode mode) {
2583   int base_size = JSArray::kSize;
2584   if (mode == TRACK_ALLOCATION_SITE) {
2585     base_size += AllocationMemento::kSize;
2586   }
2587   HConstant* size_in_bytes = Add<HConstant>(base_size);
2588   return Add<HAllocate>(
2589       size_in_bytes, HType::JSArray(), NOT_TENURED, JS_OBJECT_TYPE);
2590 }
2591 
2592 
EstablishElementsAllocationSize(ElementsKind kind,int capacity)2593 HConstant* HGraphBuilder::EstablishElementsAllocationSize(
2594     ElementsKind kind,
2595     int capacity) {
2596   int base_size = IsFastDoubleElementsKind(kind)
2597       ? FixedDoubleArray::SizeFor(capacity)
2598       : FixedArray::SizeFor(capacity);
2599 
2600   return Add<HConstant>(base_size);
2601 }
2602 
2603 
BuildAllocateElements(ElementsKind kind,HValue * size_in_bytes)2604 HAllocate* HGraphBuilder::BuildAllocateElements(ElementsKind kind,
2605                                                 HValue* size_in_bytes) {
2606   InstanceType instance_type = IsFastDoubleElementsKind(kind)
2607       ? FIXED_DOUBLE_ARRAY_TYPE
2608       : FIXED_ARRAY_TYPE;
2609 
2610   return Add<HAllocate>(size_in_bytes, HType::HeapObject(), NOT_TENURED,
2611                         instance_type);
2612 }
2613 
2614 
BuildInitializeElementsHeader(HValue * elements,ElementsKind kind,HValue * capacity)2615 void HGraphBuilder::BuildInitializeElementsHeader(HValue* elements,
2616                                                   ElementsKind kind,
2617                                                   HValue* capacity) {
2618   Factory* factory = isolate()->factory();
2619   Handle<Map> map = IsFastDoubleElementsKind(kind)
2620       ? factory->fixed_double_array_map()
2621       : factory->fixed_array_map();
2622 
2623   Add<HStoreNamedField>(elements, HObjectAccess::ForMap(), Add<HConstant>(map));
2624   Add<HStoreNamedField>(elements, HObjectAccess::ForFixedArrayLength(),
2625                         capacity);
2626 }
2627 
2628 
BuildAllocateElementsAndInitializeElementsHeader(ElementsKind kind,HValue * capacity)2629 HValue* HGraphBuilder::BuildAllocateElementsAndInitializeElementsHeader(
2630     ElementsKind kind,
2631     HValue* capacity) {
2632   // The HForceRepresentation is to prevent possible deopt on int-smi
2633   // conversion after allocation but before the new object fields are set.
2634   capacity = AddUncasted<HForceRepresentation>(capacity, Representation::Smi());
2635   HValue* size_in_bytes = BuildCalculateElementsSize(kind, capacity);
2636   HValue* new_elements = BuildAllocateElements(kind, size_in_bytes);
2637   BuildInitializeElementsHeader(new_elements, kind, capacity);
2638   return new_elements;
2639 }
2640 
2641 
BuildJSArrayHeader(HValue * array,HValue * array_map,HValue * elements,AllocationSiteMode mode,ElementsKind elements_kind,HValue * allocation_site_payload,HValue * length_field)2642 void HGraphBuilder::BuildJSArrayHeader(HValue* array,
2643                                        HValue* array_map,
2644                                        HValue* elements,
2645                                        AllocationSiteMode mode,
2646                                        ElementsKind elements_kind,
2647                                        HValue* allocation_site_payload,
2648                                        HValue* length_field) {
2649   Add<HStoreNamedField>(array, HObjectAccess::ForMap(), array_map);
2650 
2651   HConstant* empty_fixed_array =
2652     Add<HConstant>(isolate()->factory()->empty_fixed_array());
2653 
2654   Add<HStoreNamedField>(
2655       array, HObjectAccess::ForPropertiesPointer(), empty_fixed_array);
2656 
2657   Add<HStoreNamedField>(
2658       array, HObjectAccess::ForElementsPointer(),
2659       elements != NULL ? elements : empty_fixed_array);
2660 
2661   Add<HStoreNamedField>(
2662       array, HObjectAccess::ForArrayLength(elements_kind), length_field);
2663 
2664   if (mode == TRACK_ALLOCATION_SITE) {
2665     BuildCreateAllocationMemento(
2666         array, Add<HConstant>(JSArray::kSize), allocation_site_payload);
2667   }
2668 }
2669 
2670 
AddElementAccess(HValue * elements,HValue * checked_key,HValue * val,HValue * dependency,ElementsKind elements_kind,PropertyAccessType access_type,LoadKeyedHoleMode load_mode)2671 HInstruction* HGraphBuilder::AddElementAccess(
2672     HValue* elements,
2673     HValue* checked_key,
2674     HValue* val,
2675     HValue* dependency,
2676     ElementsKind elements_kind,
2677     PropertyAccessType access_type,
2678     LoadKeyedHoleMode load_mode) {
2679   if (access_type == STORE) {
2680     DCHECK(val != NULL);
2681     if (elements_kind == EXTERNAL_UINT8_CLAMPED_ELEMENTS ||
2682         elements_kind == UINT8_CLAMPED_ELEMENTS) {
2683       val = Add<HClampToUint8>(val);
2684     }
2685     return Add<HStoreKeyed>(elements, checked_key, val, elements_kind,
2686                             STORE_TO_INITIALIZED_ENTRY);
2687   }
2688 
2689   DCHECK(access_type == LOAD);
2690   DCHECK(val == NULL);
2691   HLoadKeyed* load = Add<HLoadKeyed>(
2692       elements, checked_key, dependency, elements_kind, load_mode);
2693   if (FLAG_opt_safe_uint32_operations &&
2694       (elements_kind == EXTERNAL_UINT32_ELEMENTS ||
2695        elements_kind == UINT32_ELEMENTS)) {
2696     graph()->RecordUint32Instruction(load);
2697   }
2698   return load;
2699 }
2700 
2701 
AddLoadMap(HValue * object,HValue * dependency)2702 HLoadNamedField* HGraphBuilder::AddLoadMap(HValue* object,
2703                                            HValue* dependency) {
2704   return Add<HLoadNamedField>(object, dependency, HObjectAccess::ForMap());
2705 }
2706 
2707 
AddLoadElements(HValue * object,HValue * dependency)2708 HLoadNamedField* HGraphBuilder::AddLoadElements(HValue* object,
2709                                                 HValue* dependency) {
2710   return Add<HLoadNamedField>(
2711       object, dependency, HObjectAccess::ForElementsPointer());
2712 }
2713 
2714 
AddLoadFixedArrayLength(HValue * array,HValue * dependency)2715 HLoadNamedField* HGraphBuilder::AddLoadFixedArrayLength(
2716     HValue* array,
2717     HValue* dependency) {
2718   return Add<HLoadNamedField>(
2719       array, dependency, HObjectAccess::ForFixedArrayLength());
2720 }
2721 
2722 
AddLoadArrayLength(HValue * array,ElementsKind kind,HValue * dependency)2723 HLoadNamedField* HGraphBuilder::AddLoadArrayLength(HValue* array,
2724                                                    ElementsKind kind,
2725                                                    HValue* dependency) {
2726   return Add<HLoadNamedField>(
2727       array, dependency, HObjectAccess::ForArrayLength(kind));
2728 }
2729 
2730 
BuildNewElementsCapacity(HValue * old_capacity)2731 HValue* HGraphBuilder::BuildNewElementsCapacity(HValue* old_capacity) {
2732   HValue* half_old_capacity = AddUncasted<HShr>(old_capacity,
2733                                                 graph_->GetConstant1());
2734 
2735   HValue* new_capacity = AddUncasted<HAdd>(half_old_capacity, old_capacity);
2736   new_capacity->ClearFlag(HValue::kCanOverflow);
2737 
2738   HValue* min_growth = Add<HConstant>(16);
2739 
2740   new_capacity = AddUncasted<HAdd>(new_capacity, min_growth);
2741   new_capacity->ClearFlag(HValue::kCanOverflow);
2742 
2743   return new_capacity;
2744 }
2745 
2746 
BuildGrowElementsCapacity(HValue * object,HValue * elements,ElementsKind kind,ElementsKind new_kind,HValue * length,HValue * new_capacity)2747 HValue* HGraphBuilder::BuildGrowElementsCapacity(HValue* object,
2748                                                  HValue* elements,
2749                                                  ElementsKind kind,
2750                                                  ElementsKind new_kind,
2751                                                  HValue* length,
2752                                                  HValue* new_capacity) {
2753   Add<HBoundsCheck>(new_capacity, Add<HConstant>(
2754           (Page::kMaxRegularHeapObjectSize - FixedArray::kHeaderSize) >>
2755           ElementsKindToShiftSize(new_kind)));
2756 
2757   HValue* new_elements = BuildAllocateElementsAndInitializeElementsHeader(
2758       new_kind, new_capacity);
2759 
2760   BuildCopyElements(elements, kind, new_elements,
2761                     new_kind, length, new_capacity);
2762 
2763   Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
2764                         new_elements);
2765 
2766   return new_elements;
2767 }
2768 
2769 
BuildFillElementsWithValue(HValue * elements,ElementsKind elements_kind,HValue * from,HValue * to,HValue * value)2770 void HGraphBuilder::BuildFillElementsWithValue(HValue* elements,
2771                                                ElementsKind elements_kind,
2772                                                HValue* from,
2773                                                HValue* to,
2774                                                HValue* value) {
2775   if (to == NULL) {
2776     to = AddLoadFixedArrayLength(elements);
2777   }
2778 
2779   // Special loop unfolding case
2780   STATIC_ASSERT(JSArray::kPreallocatedArrayElements <=
2781                 kElementLoopUnrollThreshold);
2782   int initial_capacity = -1;
2783   if (from->IsInteger32Constant() && to->IsInteger32Constant()) {
2784     int constant_from = from->GetInteger32Constant();
2785     int constant_to = to->GetInteger32Constant();
2786 
2787     if (constant_from == 0 && constant_to <= kElementLoopUnrollThreshold) {
2788       initial_capacity = constant_to;
2789     }
2790   }
2791 
2792   // Since we're about to store a hole value, the store instruction below must
2793   // assume an elements kind that supports heap object values.
2794   if (IsFastSmiOrObjectElementsKind(elements_kind)) {
2795     elements_kind = FAST_HOLEY_ELEMENTS;
2796   }
2797 
2798   if (initial_capacity >= 0) {
2799     for (int i = 0; i < initial_capacity; i++) {
2800       HInstruction* key = Add<HConstant>(i);
2801       Add<HStoreKeyed>(elements, key, value, elements_kind);
2802     }
2803   } else {
2804     // Carefully loop backwards so that the "from" remains live through the loop
2805     // rather than the to. This often corresponds to keeping length live rather
2806     // then capacity, which helps register allocation, since length is used more
2807     // other than capacity after filling with holes.
2808     LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2809 
2810     HValue* key = builder.BeginBody(to, from, Token::GT);
2811 
2812     HValue* adjusted_key = AddUncasted<HSub>(key, graph()->GetConstant1());
2813     adjusted_key->ClearFlag(HValue::kCanOverflow);
2814 
2815     Add<HStoreKeyed>(elements, adjusted_key, value, elements_kind);
2816 
2817     builder.EndBody();
2818   }
2819 }
2820 
2821 
BuildFillElementsWithHole(HValue * elements,ElementsKind elements_kind,HValue * from,HValue * to)2822 void HGraphBuilder::BuildFillElementsWithHole(HValue* elements,
2823                                               ElementsKind elements_kind,
2824                                               HValue* from,
2825                                               HValue* to) {
2826   // Fast elements kinds need to be initialized in case statements below cause a
2827   // garbage collection.
2828   Factory* factory = isolate()->factory();
2829 
2830   double nan_double = FixedDoubleArray::hole_nan_as_double();
2831   HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
2832       ? Add<HConstant>(factory->the_hole_value())
2833       : Add<HConstant>(nan_double);
2834 
2835   BuildFillElementsWithValue(elements, elements_kind, from, to, hole);
2836 }
2837 
2838 
BuildCopyElements(HValue * from_elements,ElementsKind from_elements_kind,HValue * to_elements,ElementsKind to_elements_kind,HValue * length,HValue * capacity)2839 void HGraphBuilder::BuildCopyElements(HValue* from_elements,
2840                                       ElementsKind from_elements_kind,
2841                                       HValue* to_elements,
2842                                       ElementsKind to_elements_kind,
2843                                       HValue* length,
2844                                       HValue* capacity) {
2845   int constant_capacity = -1;
2846   if (capacity != NULL &&
2847       capacity->IsConstant() &&
2848       HConstant::cast(capacity)->HasInteger32Value()) {
2849     int constant_candidate = HConstant::cast(capacity)->Integer32Value();
2850     if (constant_candidate <= kElementLoopUnrollThreshold) {
2851       constant_capacity = constant_candidate;
2852     }
2853   }
2854 
2855   bool pre_fill_with_holes =
2856     IsFastDoubleElementsKind(from_elements_kind) &&
2857     IsFastObjectElementsKind(to_elements_kind);
2858   if (pre_fill_with_holes) {
2859     // If the copy might trigger a GC, make sure that the FixedArray is
2860     // pre-initialized with holes to make sure that it's always in a
2861     // consistent state.
2862     BuildFillElementsWithHole(to_elements, to_elements_kind,
2863                               graph()->GetConstant0(), NULL);
2864   }
2865 
2866   if (constant_capacity != -1) {
2867     // Unroll the loop for small elements kinds.
2868     for (int i = 0; i < constant_capacity; i++) {
2869       HValue* key_constant = Add<HConstant>(i);
2870       HInstruction* value = Add<HLoadKeyed>(from_elements, key_constant,
2871                                             static_cast<HValue*>(NULL),
2872                                             from_elements_kind);
2873       Add<HStoreKeyed>(to_elements, key_constant, value, to_elements_kind);
2874     }
2875   } else {
2876     if (!pre_fill_with_holes &&
2877         (capacity == NULL || !length->Equals(capacity))) {
2878       BuildFillElementsWithHole(to_elements, to_elements_kind,
2879                                 length, NULL);
2880     }
2881 
2882     if (capacity == NULL) {
2883       capacity = AddLoadFixedArrayLength(to_elements);
2884     }
2885 
2886     LoopBuilder builder(this, context(), LoopBuilder::kPostDecrement);
2887 
2888     HValue* key = builder.BeginBody(length, graph()->GetConstant0(),
2889                                     Token::GT);
2890 
2891     key = AddUncasted<HSub>(key, graph()->GetConstant1());
2892     key->ClearFlag(HValue::kCanOverflow);
2893 
2894     HValue* element = Add<HLoadKeyed>(from_elements, key,
2895                                       static_cast<HValue*>(NULL),
2896                                       from_elements_kind,
2897                                       ALLOW_RETURN_HOLE);
2898 
2899     ElementsKind kind = (IsHoleyElementsKind(from_elements_kind) &&
2900                          IsFastSmiElementsKind(to_elements_kind))
2901       ? FAST_HOLEY_ELEMENTS : to_elements_kind;
2902 
2903     if (IsHoleyElementsKind(from_elements_kind) &&
2904         from_elements_kind != to_elements_kind) {
2905       IfBuilder if_hole(this);
2906       if_hole.If<HCompareHoleAndBranch>(element);
2907       if_hole.Then();
2908       HConstant* hole_constant = IsFastDoubleElementsKind(to_elements_kind)
2909         ? Add<HConstant>(FixedDoubleArray::hole_nan_as_double())
2910         : graph()->GetConstantHole();
2911       Add<HStoreKeyed>(to_elements, key, hole_constant, kind);
2912       if_hole.Else();
2913       HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
2914       store->SetFlag(HValue::kAllowUndefinedAsNaN);
2915       if_hole.End();
2916     } else {
2917       HStoreKeyed* store = Add<HStoreKeyed>(to_elements, key, element, kind);
2918       store->SetFlag(HValue::kAllowUndefinedAsNaN);
2919     }
2920 
2921     builder.EndBody();
2922   }
2923 
2924   Counters* counters = isolate()->counters();
2925   AddIncrementCounter(counters->inlined_copied_elements());
2926 }
2927 
2928 
BuildCloneShallowArrayCow(HValue * boilerplate,HValue * allocation_site,AllocationSiteMode mode,ElementsKind kind)2929 HValue* HGraphBuilder::BuildCloneShallowArrayCow(HValue* boilerplate,
2930                                                  HValue* allocation_site,
2931                                                  AllocationSiteMode mode,
2932                                                  ElementsKind kind) {
2933   HAllocate* array = AllocateJSArrayObject(mode);
2934 
2935   HValue* map = AddLoadMap(boilerplate);
2936   HValue* elements = AddLoadElements(boilerplate);
2937   HValue* length = AddLoadArrayLength(boilerplate, kind);
2938 
2939   BuildJSArrayHeader(array,
2940                      map,
2941                      elements,
2942                      mode,
2943                      FAST_ELEMENTS,
2944                      allocation_site,
2945                      length);
2946   return array;
2947 }
2948 
2949 
BuildCloneShallowArrayEmpty(HValue * boilerplate,HValue * allocation_site,AllocationSiteMode mode)2950 HValue* HGraphBuilder::BuildCloneShallowArrayEmpty(HValue* boilerplate,
2951                                                    HValue* allocation_site,
2952                                                    AllocationSiteMode mode) {
2953   HAllocate* array = AllocateJSArrayObject(mode);
2954 
2955   HValue* map = AddLoadMap(boilerplate);
2956 
2957   BuildJSArrayHeader(array,
2958                      map,
2959                      NULL,  // set elements to empty fixed array
2960                      mode,
2961                      FAST_ELEMENTS,
2962                      allocation_site,
2963                      graph()->GetConstant0());
2964   return array;
2965 }
2966 
2967 
BuildCloneShallowArrayNonEmpty(HValue * boilerplate,HValue * allocation_site,AllocationSiteMode mode,ElementsKind kind)2968 HValue* HGraphBuilder::BuildCloneShallowArrayNonEmpty(HValue* boilerplate,
2969                                                       HValue* allocation_site,
2970                                                       AllocationSiteMode mode,
2971                                                       ElementsKind kind) {
2972   HValue* boilerplate_elements = AddLoadElements(boilerplate);
2973   HValue* capacity = AddLoadFixedArrayLength(boilerplate_elements);
2974 
2975   // Generate size calculation code here in order to make it dominate
2976   // the JSArray allocation.
2977   HValue* elements_size = BuildCalculateElementsSize(kind, capacity);
2978 
2979   // Create empty JSArray object for now, store elimination should remove
2980   // redundant initialization of elements and length fields and at the same
2981   // time the object will be fully prepared for GC if it happens during
2982   // elements allocation.
2983   HValue* result = BuildCloneShallowArrayEmpty(
2984       boilerplate, allocation_site, mode);
2985 
2986   HAllocate* elements = BuildAllocateElements(kind, elements_size);
2987 
2988   // This function implicitly relies on the fact that the
2989   // FastCloneShallowArrayStub is called only for literals shorter than
2990   // JSObject::kInitialMaxFastElementArray.
2991   // Can't add HBoundsCheck here because otherwise the stub will eager a frame.
2992   HConstant* size_upper_bound = EstablishElementsAllocationSize(
2993       kind, JSObject::kInitialMaxFastElementArray);
2994   elements->set_size_upper_bound(size_upper_bound);
2995 
2996   Add<HStoreNamedField>(result, HObjectAccess::ForElementsPointer(), elements);
2997 
2998   // The allocation for the cloned array above causes register pressure on
2999   // machines with low register counts. Force a reload of the boilerplate
3000   // elements here to free up a register for the allocation to avoid unnecessary
3001   // spillage.
3002   boilerplate_elements = AddLoadElements(boilerplate);
3003   boilerplate_elements->SetFlag(HValue::kCantBeReplaced);
3004 
3005   // Copy the elements array header.
3006   for (int i = 0; i < FixedArrayBase::kHeaderSize; i += kPointerSize) {
3007     HObjectAccess access = HObjectAccess::ForFixedArrayHeader(i);
3008     Add<HStoreNamedField>(elements, access,
3009         Add<HLoadNamedField>(boilerplate_elements,
3010                              static_cast<HValue*>(NULL), access));
3011   }
3012 
3013   // And the result of the length
3014   HValue* length = AddLoadArrayLength(boilerplate, kind);
3015   Add<HStoreNamedField>(result, HObjectAccess::ForArrayLength(kind), length);
3016 
3017   BuildCopyElements(boilerplate_elements, kind, elements,
3018                     kind, length, NULL);
3019   return result;
3020 }
3021 
3022 
BuildCompareNil(HValue * value,Type * type,HIfContinuation * continuation)3023 void HGraphBuilder::BuildCompareNil(
3024     HValue* value,
3025     Type* type,
3026     HIfContinuation* continuation) {
3027   IfBuilder if_nil(this);
3028   bool some_case_handled = false;
3029   bool some_case_missing = false;
3030 
3031   if (type->Maybe(Type::Null())) {
3032     if (some_case_handled) if_nil.Or();
3033     if_nil.If<HCompareObjectEqAndBranch>(value, graph()->GetConstantNull());
3034     some_case_handled = true;
3035   } else {
3036     some_case_missing = true;
3037   }
3038 
3039   if (type->Maybe(Type::Undefined())) {
3040     if (some_case_handled) if_nil.Or();
3041     if_nil.If<HCompareObjectEqAndBranch>(value,
3042                                          graph()->GetConstantUndefined());
3043     some_case_handled = true;
3044   } else {
3045     some_case_missing = true;
3046   }
3047 
3048   if (type->Maybe(Type::Undetectable())) {
3049     if (some_case_handled) if_nil.Or();
3050     if_nil.If<HIsUndetectableAndBranch>(value);
3051     some_case_handled = true;
3052   } else {
3053     some_case_missing = true;
3054   }
3055 
3056   if (some_case_missing) {
3057     if_nil.Then();
3058     if_nil.Else();
3059     if (type->NumClasses() == 1) {
3060       BuildCheckHeapObject(value);
3061       // For ICs, the map checked below is a sentinel map that gets replaced by
3062       // the monomorphic map when the code is used as a template to generate a
3063       // new IC. For optimized functions, there is no sentinel map, the map
3064       // emitted below is the actual monomorphic map.
3065       Add<HCheckMaps>(value, type->Classes().Current());
3066     } else {
3067       if_nil.Deopt("Too many undetectable types");
3068     }
3069   }
3070 
3071   if_nil.CaptureContinuation(continuation);
3072 }
3073 
3074 
BuildCreateAllocationMemento(HValue * previous_object,HValue * previous_object_size,HValue * allocation_site)3075 void HGraphBuilder::BuildCreateAllocationMemento(
3076     HValue* previous_object,
3077     HValue* previous_object_size,
3078     HValue* allocation_site) {
3079   DCHECK(allocation_site != NULL);
3080   HInnerAllocatedObject* allocation_memento = Add<HInnerAllocatedObject>(
3081       previous_object, previous_object_size, HType::HeapObject());
3082   AddStoreMapConstant(
3083       allocation_memento, isolate()->factory()->allocation_memento_map());
3084   Add<HStoreNamedField>(
3085       allocation_memento,
3086       HObjectAccess::ForAllocationMementoSite(),
3087       allocation_site);
3088   if (FLAG_allocation_site_pretenuring) {
3089     HValue* memento_create_count = Add<HLoadNamedField>(
3090         allocation_site, static_cast<HValue*>(NULL),
3091         HObjectAccess::ForAllocationSiteOffset(
3092             AllocationSite::kPretenureCreateCountOffset));
3093     memento_create_count = AddUncasted<HAdd>(
3094         memento_create_count, graph()->GetConstant1());
3095     // This smi value is reset to zero after every gc, overflow isn't a problem
3096     // since the counter is bounded by the new space size.
3097     memento_create_count->ClearFlag(HValue::kCanOverflow);
3098     Add<HStoreNamedField>(
3099         allocation_site, HObjectAccess::ForAllocationSiteOffset(
3100             AllocationSite::kPretenureCreateCountOffset), memento_create_count);
3101   }
3102 }
3103 
3104 
BuildGetNativeContext(HValue * closure)3105 HInstruction* HGraphBuilder::BuildGetNativeContext(HValue* closure) {
3106   // Get the global context, then the native context
3107   HInstruction* context =
3108       Add<HLoadNamedField>(closure, static_cast<HValue*>(NULL),
3109                            HObjectAccess::ForFunctionContextPointer());
3110   HInstruction* global_object = Add<HLoadNamedField>(
3111       context, static_cast<HValue*>(NULL),
3112       HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3113   HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3114       GlobalObject::kNativeContextOffset);
3115   return Add<HLoadNamedField>(
3116       global_object, static_cast<HValue*>(NULL), access);
3117 }
3118 
3119 
BuildGetNativeContext()3120 HInstruction* HGraphBuilder::BuildGetNativeContext() {
3121   // Get the global context, then the native context
3122   HValue* global_object = Add<HLoadNamedField>(
3123       context(), static_cast<HValue*>(NULL),
3124       HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3125   return Add<HLoadNamedField>(
3126       global_object, static_cast<HValue*>(NULL),
3127       HObjectAccess::ForObservableJSObjectOffset(
3128           GlobalObject::kNativeContextOffset));
3129 }
3130 
3131 
BuildGetArrayFunction()3132 HInstruction* HGraphBuilder::BuildGetArrayFunction() {
3133   HInstruction* native_context = BuildGetNativeContext();
3134   HInstruction* index =
3135       Add<HConstant>(static_cast<int32_t>(Context::ARRAY_FUNCTION_INDEX));
3136   return Add<HLoadKeyed>(
3137       native_context, index, static_cast<HValue*>(NULL), FAST_ELEMENTS);
3138 }
3139 
3140 
JSArrayBuilder(HGraphBuilder * builder,ElementsKind kind,HValue * allocation_site_payload,HValue * constructor_function,AllocationSiteOverrideMode override_mode)3141 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3142     ElementsKind kind,
3143     HValue* allocation_site_payload,
3144     HValue* constructor_function,
3145     AllocationSiteOverrideMode override_mode) :
3146         builder_(builder),
3147         kind_(kind),
3148         allocation_site_payload_(allocation_site_payload),
3149         constructor_function_(constructor_function) {
3150   DCHECK(!allocation_site_payload->IsConstant() ||
3151          HConstant::cast(allocation_site_payload)->handle(
3152              builder_->isolate())->IsAllocationSite());
3153   mode_ = override_mode == DISABLE_ALLOCATION_SITES
3154       ? DONT_TRACK_ALLOCATION_SITE
3155       : AllocationSite::GetMode(kind);
3156 }
3157 
3158 
JSArrayBuilder(HGraphBuilder * builder,ElementsKind kind,HValue * constructor_function)3159 HGraphBuilder::JSArrayBuilder::JSArrayBuilder(HGraphBuilder* builder,
3160                                               ElementsKind kind,
3161                                               HValue* constructor_function) :
3162     builder_(builder),
3163     kind_(kind),
3164     mode_(DONT_TRACK_ALLOCATION_SITE),
3165     allocation_site_payload_(NULL),
3166     constructor_function_(constructor_function) {
3167 }
3168 
3169 
EmitMapCode()3170 HValue* HGraphBuilder::JSArrayBuilder::EmitMapCode() {
3171   if (!builder()->top_info()->IsStub()) {
3172     // A constant map is fine.
3173     Handle<Map> map(builder()->isolate()->get_initial_js_array_map(kind_),
3174                     builder()->isolate());
3175     return builder()->Add<HConstant>(map);
3176   }
3177 
3178   if (constructor_function_ != NULL && kind_ == GetInitialFastElementsKind()) {
3179     // No need for a context lookup if the kind_ matches the initial
3180     // map, because we can just load the map in that case.
3181     HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3182     return builder()->Add<HLoadNamedField>(
3183         constructor_function_, static_cast<HValue*>(NULL), access);
3184   }
3185 
3186   // TODO(mvstanton): we should always have a constructor function if we
3187   // are creating a stub.
3188   HInstruction* native_context = constructor_function_ != NULL
3189       ? builder()->BuildGetNativeContext(constructor_function_)
3190       : builder()->BuildGetNativeContext();
3191 
3192   HInstruction* index = builder()->Add<HConstant>(
3193       static_cast<int32_t>(Context::JS_ARRAY_MAPS_INDEX));
3194 
3195   HInstruction* map_array = builder()->Add<HLoadKeyed>(
3196       native_context, index, static_cast<HValue*>(NULL), FAST_ELEMENTS);
3197 
3198   HInstruction* kind_index = builder()->Add<HConstant>(kind_);
3199 
3200   return builder()->Add<HLoadKeyed>(
3201       map_array, kind_index, static_cast<HValue*>(NULL), FAST_ELEMENTS);
3202 }
3203 
3204 
EmitInternalMapCode()3205 HValue* HGraphBuilder::JSArrayBuilder::EmitInternalMapCode() {
3206   // Find the map near the constructor function
3207   HObjectAccess access = HObjectAccess::ForPrototypeOrInitialMap();
3208   return builder()->Add<HLoadNamedField>(
3209       constructor_function_, static_cast<HValue*>(NULL), access);
3210 }
3211 
3212 
AllocateEmptyArray()3213 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateEmptyArray() {
3214   HConstant* capacity = builder()->Add<HConstant>(initial_capacity());
3215   return AllocateArray(capacity,
3216                        capacity,
3217                        builder()->graph()->GetConstant0());
3218 }
3219 
3220 
AllocateArray(HValue * capacity,HConstant * capacity_upper_bound,HValue * length_field,FillMode fill_mode)3221 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3222     HValue* capacity,
3223     HConstant* capacity_upper_bound,
3224     HValue* length_field,
3225     FillMode fill_mode) {
3226   return AllocateArray(capacity,
3227                        capacity_upper_bound->GetInteger32Constant(),
3228                        length_field,
3229                        fill_mode);
3230 }
3231 
3232 
AllocateArray(HValue * capacity,int capacity_upper_bound,HValue * length_field,FillMode fill_mode)3233 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3234     HValue* capacity,
3235     int capacity_upper_bound,
3236     HValue* length_field,
3237     FillMode fill_mode) {
3238   HConstant* elememts_size_upper_bound = capacity->IsInteger32Constant()
3239       ? HConstant::cast(capacity)
3240       : builder()->EstablishElementsAllocationSize(kind_, capacity_upper_bound);
3241 
3242   HAllocate* array = AllocateArray(capacity, length_field, fill_mode);
3243   if (!elements_location_->has_size_upper_bound()) {
3244     elements_location_->set_size_upper_bound(elememts_size_upper_bound);
3245   }
3246   return array;
3247 }
3248 
3249 
AllocateArray(HValue * capacity,HValue * length_field,FillMode fill_mode)3250 HAllocate* HGraphBuilder::JSArrayBuilder::AllocateArray(
3251     HValue* capacity,
3252     HValue* length_field,
3253     FillMode fill_mode) {
3254   // These HForceRepresentations are because we store these as fields in the
3255   // objects we construct, and an int32-to-smi HChange could deopt. Accept
3256   // the deopt possibility now, before allocation occurs.
3257   capacity =
3258       builder()->AddUncasted<HForceRepresentation>(capacity,
3259                                                    Representation::Smi());
3260   length_field =
3261       builder()->AddUncasted<HForceRepresentation>(length_field,
3262                                                    Representation::Smi());
3263 
3264   // Generate size calculation code here in order to make it dominate
3265   // the JSArray allocation.
3266   HValue* elements_size =
3267       builder()->BuildCalculateElementsSize(kind_, capacity);
3268 
3269   // Allocate (dealing with failure appropriately)
3270   HAllocate* array_object = builder()->AllocateJSArrayObject(mode_);
3271 
3272   // Fill in the fields: map, properties, length
3273   HValue* map;
3274   if (allocation_site_payload_ == NULL) {
3275     map = EmitInternalMapCode();
3276   } else {
3277     map = EmitMapCode();
3278   }
3279 
3280   builder()->BuildJSArrayHeader(array_object,
3281                                 map,
3282                                 NULL,  // set elements to empty fixed array
3283                                 mode_,
3284                                 kind_,
3285                                 allocation_site_payload_,
3286                                 length_field);
3287 
3288   // Allocate and initialize the elements
3289   elements_location_ = builder()->BuildAllocateElements(kind_, elements_size);
3290 
3291   builder()->BuildInitializeElementsHeader(elements_location_, kind_, capacity);
3292 
3293   // Set the elements
3294   builder()->Add<HStoreNamedField>(
3295       array_object, HObjectAccess::ForElementsPointer(), elements_location_);
3296 
3297   if (fill_mode == FILL_WITH_HOLE) {
3298     builder()->BuildFillElementsWithHole(elements_location_, kind_,
3299                                          graph()->GetConstant0(), capacity);
3300   }
3301 
3302   return array_object;
3303 }
3304 
3305 
AddLoadJSBuiltin(Builtins::JavaScript builtin)3306 HValue* HGraphBuilder::AddLoadJSBuiltin(Builtins::JavaScript builtin) {
3307   HValue* global_object = Add<HLoadNamedField>(
3308       context(), static_cast<HValue*>(NULL),
3309       HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
3310   HObjectAccess access = HObjectAccess::ForObservableJSObjectOffset(
3311       GlobalObject::kBuiltinsOffset);
3312   HValue* builtins = Add<HLoadNamedField>(
3313       global_object, static_cast<HValue*>(NULL), access);
3314   HObjectAccess function_access = HObjectAccess::ForObservableJSObjectOffset(
3315           JSBuiltinsObject::OffsetOfFunctionWithId(builtin));
3316   return Add<HLoadNamedField>(
3317       builtins, static_cast<HValue*>(NULL), function_access);
3318 }
3319 
3320 
HOptimizedGraphBuilder(CompilationInfo * info)3321 HOptimizedGraphBuilder::HOptimizedGraphBuilder(CompilationInfo* info)
3322     : HGraphBuilder(info),
3323       function_state_(NULL),
3324       initial_function_state_(this, info, NORMAL_RETURN, 0),
3325       ast_context_(NULL),
3326       break_scope_(NULL),
3327       inlined_count_(0),
3328       globals_(10, info->zone()),
3329       osr_(new(info->zone()) HOsrBuilder(this)) {
3330   // This is not initialized in the initializer list because the
3331   // constructor for the initial state relies on function_state_ == NULL
3332   // to know it's the initial state.
3333   function_state_= &initial_function_state_;
3334   InitializeAstVisitor(info->zone());
3335   if (FLAG_hydrogen_track_positions) {
3336     SetSourcePosition(info->shared_info()->start_position());
3337   }
3338 }
3339 
3340 
CreateJoin(HBasicBlock * first,HBasicBlock * second,BailoutId join_id)3341 HBasicBlock* HOptimizedGraphBuilder::CreateJoin(HBasicBlock* first,
3342                                                 HBasicBlock* second,
3343                                                 BailoutId join_id) {
3344   if (first == NULL) {
3345     return second;
3346   } else if (second == NULL) {
3347     return first;
3348   } else {
3349     HBasicBlock* join_block = graph()->CreateBasicBlock();
3350     Goto(first, join_block);
3351     Goto(second, join_block);
3352     join_block->SetJoinId(join_id);
3353     return join_block;
3354   }
3355 }
3356 
3357 
JoinContinue(IterationStatement * statement,HBasicBlock * exit_block,HBasicBlock * continue_block)3358 HBasicBlock* HOptimizedGraphBuilder::JoinContinue(IterationStatement* statement,
3359                                                   HBasicBlock* exit_block,
3360                                                   HBasicBlock* continue_block) {
3361   if (continue_block != NULL) {
3362     if (exit_block != NULL) Goto(exit_block, continue_block);
3363     continue_block->SetJoinId(statement->ContinueId());
3364     return continue_block;
3365   }
3366   return exit_block;
3367 }
3368 
3369 
CreateLoop(IterationStatement * statement,HBasicBlock * loop_entry,HBasicBlock * body_exit,HBasicBlock * loop_successor,HBasicBlock * break_block)3370 HBasicBlock* HOptimizedGraphBuilder::CreateLoop(IterationStatement* statement,
3371                                                 HBasicBlock* loop_entry,
3372                                                 HBasicBlock* body_exit,
3373                                                 HBasicBlock* loop_successor,
3374                                                 HBasicBlock* break_block) {
3375   if (body_exit != NULL) Goto(body_exit, loop_entry);
3376   loop_entry->PostProcessLoopHeader(statement);
3377   if (break_block != NULL) {
3378     if (loop_successor != NULL) Goto(loop_successor, break_block);
3379     break_block->SetJoinId(statement->ExitId());
3380     return break_block;
3381   }
3382   return loop_successor;
3383 }
3384 
3385 
3386 // Build a new loop header block and set it as the current block.
BuildLoopEntry()3387 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry() {
3388   HBasicBlock* loop_entry = CreateLoopHeaderBlock();
3389   Goto(loop_entry);
3390   set_current_block(loop_entry);
3391   return loop_entry;
3392 }
3393 
3394 
BuildLoopEntry(IterationStatement * statement)3395 HBasicBlock* HOptimizedGraphBuilder::BuildLoopEntry(
3396     IterationStatement* statement) {
3397   HBasicBlock* loop_entry = osr()->HasOsrEntryAt(statement)
3398       ? osr()->BuildOsrLoopEntry(statement)
3399       : BuildLoopEntry();
3400   return loop_entry;
3401 }
3402 
3403 
FinishExit(HControlInstruction * instruction,HSourcePosition position)3404 void HBasicBlock::FinishExit(HControlInstruction* instruction,
3405                              HSourcePosition position) {
3406   Finish(instruction, position);
3407   ClearEnvironment();
3408 }
3409 
3410 
operator <<(OStream & os,const HBasicBlock & b)3411 OStream& operator<<(OStream& os, const HBasicBlock& b) {
3412   return os << "B" << b.block_id();
3413 }
3414 
3415 
HGraph(CompilationInfo * info)3416 HGraph::HGraph(CompilationInfo* info)
3417     : isolate_(info->isolate()),
3418       next_block_id_(0),
3419       entry_block_(NULL),
3420       blocks_(8, info->zone()),
3421       values_(16, info->zone()),
3422       phi_list_(NULL),
3423       uint32_instructions_(NULL),
3424       osr_(NULL),
3425       info_(info),
3426       zone_(info->zone()),
3427       is_recursive_(false),
3428       use_optimistic_licm_(false),
3429       depends_on_empty_array_proto_elements_(false),
3430       type_change_checksum_(0),
3431       maximum_environment_size_(0),
3432       no_side_effects_scope_count_(0),
3433       disallow_adding_new_values_(false),
3434       next_inline_id_(0),
3435       inlined_functions_(5, info->zone()) {
3436   if (info->IsStub()) {
3437     CallInterfaceDescriptor descriptor =
3438         info->code_stub()->GetCallInterfaceDescriptor();
3439     start_environment_ = new (zone_)
3440         HEnvironment(zone_, descriptor.GetEnvironmentParameterCount());
3441   } else {
3442     TraceInlinedFunction(info->shared_info(), HSourcePosition::Unknown());
3443     start_environment_ =
3444         new(zone_) HEnvironment(NULL, info->scope(), info->closure(), zone_);
3445   }
3446   start_environment_->set_ast_id(BailoutId::FunctionEntry());
3447   entry_block_ = CreateBasicBlock();
3448   entry_block_->SetInitialEnvironment(start_environment_);
3449 }
3450 
3451 
CreateBasicBlock()3452 HBasicBlock* HGraph::CreateBasicBlock() {
3453   HBasicBlock* result = new(zone()) HBasicBlock(this);
3454   blocks_.Add(result, zone());
3455   return result;
3456 }
3457 
3458 
FinalizeUniqueness()3459 void HGraph::FinalizeUniqueness() {
3460   DisallowHeapAllocation no_gc;
3461   DCHECK(!OptimizingCompilerThread::IsOptimizerThread(isolate()));
3462   for (int i = 0; i < blocks()->length(); ++i) {
3463     for (HInstructionIterator it(blocks()->at(i)); !it.Done(); it.Advance()) {
3464       it.Current()->FinalizeUniqueness();
3465     }
3466   }
3467 }
3468 
3469 
TraceInlinedFunction(Handle<SharedFunctionInfo> shared,HSourcePosition position)3470 int HGraph::TraceInlinedFunction(
3471     Handle<SharedFunctionInfo> shared,
3472     HSourcePosition position) {
3473   if (!FLAG_hydrogen_track_positions) {
3474     return 0;
3475   }
3476 
3477   int id = 0;
3478   for (; id < inlined_functions_.length(); id++) {
3479     if (inlined_functions_[id].shared().is_identical_to(shared)) {
3480       break;
3481     }
3482   }
3483 
3484   if (id == inlined_functions_.length()) {
3485     inlined_functions_.Add(InlinedFunctionInfo(shared), zone());
3486 
3487     if (!shared->script()->IsUndefined()) {
3488       Handle<Script> script(Script::cast(shared->script()));
3489       if (!script->source()->IsUndefined()) {
3490         CodeTracer::Scope tracing_scopex(isolate()->GetCodeTracer());
3491         OFStream os(tracing_scopex.file());
3492         os << "--- FUNCTION SOURCE (" << shared->DebugName()->ToCString().get()
3493            << ") id{" << info()->optimization_id() << "," << id << "} ---\n";
3494         {
3495           ConsStringIteratorOp op;
3496           StringCharacterStream stream(String::cast(script->source()),
3497                                        &op,
3498                                        shared->start_position());
3499           // fun->end_position() points to the last character in the stream. We
3500           // need to compensate by adding one to calculate the length.
3501           int source_len =
3502               shared->end_position() - shared->start_position() + 1;
3503           for (int i = 0; i < source_len; i++) {
3504             if (stream.HasMore()) {
3505               os << AsReversiblyEscapedUC16(stream.GetNext());
3506             }
3507           }
3508         }
3509 
3510         os << "\n--- END ---\n";
3511       }
3512     }
3513   }
3514 
3515   int inline_id = next_inline_id_++;
3516 
3517   if (inline_id != 0) {
3518     CodeTracer::Scope tracing_scope(isolate()->GetCodeTracer());
3519     OFStream os(tracing_scope.file());
3520     os << "INLINE (" << shared->DebugName()->ToCString().get() << ") id{"
3521        << info()->optimization_id() << "," << id << "} AS " << inline_id
3522        << " AT " << position << endl;
3523   }
3524 
3525   return inline_id;
3526 }
3527 
3528 
SourcePositionToScriptPosition(HSourcePosition pos)3529 int HGraph::SourcePositionToScriptPosition(HSourcePosition pos) {
3530   if (!FLAG_hydrogen_track_positions || pos.IsUnknown()) {
3531     return pos.raw();
3532   }
3533 
3534   return inlined_functions_[pos.inlining_id()].start_position() +
3535       pos.position();
3536 }
3537 
3538 
3539 // Block ordering was implemented with two mutually recursive methods,
3540 // HGraph::Postorder and HGraph::PostorderLoopBlocks.
3541 // The recursion could lead to stack overflow so the algorithm has been
3542 // implemented iteratively.
3543 // At a high level the algorithm looks like this:
3544 //
3545 // Postorder(block, loop_header) : {
3546 //   if (block has already been visited or is of another loop) return;
3547 //   mark block as visited;
3548 //   if (block is a loop header) {
3549 //     VisitLoopMembers(block, loop_header);
3550 //     VisitSuccessorsOfLoopHeader(block);
3551 //   } else {
3552 //     VisitSuccessors(block)
3553 //   }
3554 //   put block in result list;
3555 // }
3556 //
3557 // VisitLoopMembers(block, outer_loop_header) {
3558 //   foreach (block b in block loop members) {
3559 //     VisitSuccessorsOfLoopMember(b, outer_loop_header);
3560 //     if (b is loop header) VisitLoopMembers(b);
3561 //   }
3562 // }
3563 //
3564 // VisitSuccessorsOfLoopMember(block, outer_loop_header) {
3565 //   foreach (block b in block successors) Postorder(b, outer_loop_header)
3566 // }
3567 //
3568 // VisitSuccessorsOfLoopHeader(block) {
3569 //   foreach (block b in block successors) Postorder(b, block)
3570 // }
3571 //
3572 // VisitSuccessors(block, loop_header) {
3573 //   foreach (block b in block successors) Postorder(b, loop_header)
3574 // }
3575 //
3576 // The ordering is started calling Postorder(entry, NULL).
3577 //
3578 // Each instance of PostorderProcessor represents the "stack frame" of the
3579 // recursion, and particularly keeps the state of the loop (iteration) of the
3580 // "Visit..." function it represents.
3581 // To recycle memory we keep all the frames in a double linked list but
3582 // this means that we cannot use constructors to initialize the frames.
3583 //
3584 class PostorderProcessor : public ZoneObject {
3585  public:
3586   // Back link (towards the stack bottom).
parent()3587   PostorderProcessor* parent() {return father_; }
3588   // Forward link (towards the stack top).
child()3589   PostorderProcessor* child() {return child_; }
block()3590   HBasicBlock* block() { return block_; }
loop()3591   HLoopInformation* loop() { return loop_; }
loop_header()3592   HBasicBlock* loop_header() { return loop_header_; }
3593 
CreateEntryProcessor(Zone * zone,HBasicBlock * block)3594   static PostorderProcessor* CreateEntryProcessor(Zone* zone,
3595                                                   HBasicBlock* block) {
3596     PostorderProcessor* result = new(zone) PostorderProcessor(NULL);
3597     return result->SetupSuccessors(zone, block, NULL);
3598   }
3599 
PerformStep(Zone * zone,ZoneList<HBasicBlock * > * order)3600   PostorderProcessor* PerformStep(Zone* zone,
3601                                   ZoneList<HBasicBlock*>* order) {
3602     PostorderProcessor* next =
3603         PerformNonBacktrackingStep(zone, order);
3604     if (next != NULL) {
3605       return next;
3606     } else {
3607       return Backtrack(zone, order);
3608     }
3609   }
3610 
3611  private:
PostorderProcessor(PostorderProcessor * father)3612   explicit PostorderProcessor(PostorderProcessor* father)
3613       : father_(father), child_(NULL), successor_iterator(NULL) { }
3614 
3615   // Each enum value states the cycle whose state is kept by this instance.
3616   enum LoopKind {
3617     NONE,
3618     SUCCESSORS,
3619     SUCCESSORS_OF_LOOP_HEADER,
3620     LOOP_MEMBERS,
3621     SUCCESSORS_OF_LOOP_MEMBER
3622   };
3623 
3624   // Each "Setup..." method is like a constructor for a cycle state.
SetupSuccessors(Zone * zone,HBasicBlock * block,HBasicBlock * loop_header)3625   PostorderProcessor* SetupSuccessors(Zone* zone,
3626                                       HBasicBlock* block,
3627                                       HBasicBlock* loop_header) {
3628     if (block == NULL || block->IsOrdered() ||
3629         block->parent_loop_header() != loop_header) {
3630       kind_ = NONE;
3631       block_ = NULL;
3632       loop_ = NULL;
3633       loop_header_ = NULL;
3634       return this;
3635     } else {
3636       block_ = block;
3637       loop_ = NULL;
3638       block->MarkAsOrdered();
3639 
3640       if (block->IsLoopHeader()) {
3641         kind_ = SUCCESSORS_OF_LOOP_HEADER;
3642         loop_header_ = block;
3643         InitializeSuccessors();
3644         PostorderProcessor* result = Push(zone);
3645         return result->SetupLoopMembers(zone, block, block->loop_information(),
3646                                         loop_header);
3647       } else {
3648         DCHECK(block->IsFinished());
3649         kind_ = SUCCESSORS;
3650         loop_header_ = loop_header;
3651         InitializeSuccessors();
3652         return this;
3653       }
3654     }
3655   }
3656 
SetupLoopMembers(Zone * zone,HBasicBlock * block,HLoopInformation * loop,HBasicBlock * loop_header)3657   PostorderProcessor* SetupLoopMembers(Zone* zone,
3658                                        HBasicBlock* block,
3659                                        HLoopInformation* loop,
3660                                        HBasicBlock* loop_header) {
3661     kind_ = LOOP_MEMBERS;
3662     block_ = block;
3663     loop_ = loop;
3664     loop_header_ = loop_header;
3665     InitializeLoopMembers();
3666     return this;
3667   }
3668 
SetupSuccessorsOfLoopMember(HBasicBlock * block,HLoopInformation * loop,HBasicBlock * loop_header)3669   PostorderProcessor* SetupSuccessorsOfLoopMember(
3670       HBasicBlock* block,
3671       HLoopInformation* loop,
3672       HBasicBlock* loop_header) {
3673     kind_ = SUCCESSORS_OF_LOOP_MEMBER;
3674     block_ = block;
3675     loop_ = loop;
3676     loop_header_ = loop_header;
3677     InitializeSuccessors();
3678     return this;
3679   }
3680 
3681   // This method "allocates" a new stack frame.
Push(Zone * zone)3682   PostorderProcessor* Push(Zone* zone) {
3683     if (child_ == NULL) {
3684       child_ = new(zone) PostorderProcessor(this);
3685     }
3686     return child_;
3687   }
3688 
ClosePostorder(ZoneList<HBasicBlock * > * order,Zone * zone)3689   void ClosePostorder(ZoneList<HBasicBlock*>* order, Zone* zone) {
3690     DCHECK(block_->end()->FirstSuccessor() == NULL ||
3691            order->Contains(block_->end()->FirstSuccessor()) ||
3692            block_->end()->FirstSuccessor()->IsLoopHeader());
3693     DCHECK(block_->end()->SecondSuccessor() == NULL ||
3694            order->Contains(block_->end()->SecondSuccessor()) ||
3695            block_->end()->SecondSuccessor()->IsLoopHeader());
3696     order->Add(block_, zone);
3697   }
3698 
3699   // This method is the basic block to walk up the stack.
Pop(Zone * zone,ZoneList<HBasicBlock * > * order)3700   PostorderProcessor* Pop(Zone* zone,
3701                           ZoneList<HBasicBlock*>* order) {
3702     switch (kind_) {
3703       case SUCCESSORS:
3704       case SUCCESSORS_OF_LOOP_HEADER:
3705         ClosePostorder(order, zone);
3706         return father_;
3707       case LOOP_MEMBERS:
3708         return father_;
3709       case SUCCESSORS_OF_LOOP_MEMBER:
3710         if (block()->IsLoopHeader() && block() != loop_->loop_header()) {
3711           // In this case we need to perform a LOOP_MEMBERS cycle so we
3712           // initialize it and return this instead of father.
3713           return SetupLoopMembers(zone, block(),
3714                                   block()->loop_information(), loop_header_);
3715         } else {
3716           return father_;
3717         }
3718       case NONE:
3719         return father_;
3720     }
3721     UNREACHABLE();
3722     return NULL;
3723   }
3724 
3725   // Walks up the stack.
Backtrack(Zone * zone,ZoneList<HBasicBlock * > * order)3726   PostorderProcessor* Backtrack(Zone* zone,
3727                                 ZoneList<HBasicBlock*>* order) {
3728     PostorderProcessor* parent = Pop(zone, order);
3729     while (parent != NULL) {
3730       PostorderProcessor* next =
3731           parent->PerformNonBacktrackingStep(zone, order);
3732       if (next != NULL) {
3733         return next;
3734       } else {
3735         parent = parent->Pop(zone, order);
3736       }
3737     }
3738     return NULL;
3739   }
3740 
PerformNonBacktrackingStep(Zone * zone,ZoneList<HBasicBlock * > * order)3741   PostorderProcessor* PerformNonBacktrackingStep(
3742       Zone* zone,
3743       ZoneList<HBasicBlock*>* order) {
3744     HBasicBlock* next_block;
3745     switch (kind_) {
3746       case SUCCESSORS:
3747         next_block = AdvanceSuccessors();
3748         if (next_block != NULL) {
3749           PostorderProcessor* result = Push(zone);
3750           return result->SetupSuccessors(zone, next_block, loop_header_);
3751         }
3752         break;
3753       case SUCCESSORS_OF_LOOP_HEADER:
3754         next_block = AdvanceSuccessors();
3755         if (next_block != NULL) {
3756           PostorderProcessor* result = Push(zone);
3757           return result->SetupSuccessors(zone, next_block, block());
3758         }
3759         break;
3760       case LOOP_MEMBERS:
3761         next_block = AdvanceLoopMembers();
3762         if (next_block != NULL) {
3763           PostorderProcessor* result = Push(zone);
3764           return result->SetupSuccessorsOfLoopMember(next_block,
3765                                                      loop_, loop_header_);
3766         }
3767         break;
3768       case SUCCESSORS_OF_LOOP_MEMBER:
3769         next_block = AdvanceSuccessors();
3770         if (next_block != NULL) {
3771           PostorderProcessor* result = Push(zone);
3772           return result->SetupSuccessors(zone, next_block, loop_header_);
3773         }
3774         break;
3775       case NONE:
3776         return NULL;
3777     }
3778     return NULL;
3779   }
3780 
3781   // The following two methods implement a "foreach b in successors" cycle.
InitializeSuccessors()3782   void InitializeSuccessors() {
3783     loop_index = 0;
3784     loop_length = 0;
3785     successor_iterator = HSuccessorIterator(block_->end());
3786   }
3787 
AdvanceSuccessors()3788   HBasicBlock* AdvanceSuccessors() {
3789     if (!successor_iterator.Done()) {
3790       HBasicBlock* result = successor_iterator.Current();
3791       successor_iterator.Advance();
3792       return result;
3793     }
3794     return NULL;
3795   }
3796 
3797   // The following two methods implement a "foreach b in loop members" cycle.
InitializeLoopMembers()3798   void InitializeLoopMembers() {
3799     loop_index = 0;
3800     loop_length = loop_->blocks()->length();
3801   }
3802 
AdvanceLoopMembers()3803   HBasicBlock* AdvanceLoopMembers() {
3804     if (loop_index < loop_length) {
3805       HBasicBlock* result = loop_->blocks()->at(loop_index);
3806       loop_index++;
3807       return result;
3808     } else {
3809       return NULL;
3810     }
3811   }
3812 
3813   LoopKind kind_;
3814   PostorderProcessor* father_;
3815   PostorderProcessor* child_;
3816   HLoopInformation* loop_;
3817   HBasicBlock* block_;
3818   HBasicBlock* loop_header_;
3819   int loop_index;
3820   int loop_length;
3821   HSuccessorIterator successor_iterator;
3822 };
3823 
3824 
OrderBlocks()3825 void HGraph::OrderBlocks() {
3826   CompilationPhase phase("H_Block ordering", info());
3827 
3828 #ifdef DEBUG
3829   // Initially the blocks must not be ordered.
3830   for (int i = 0; i < blocks_.length(); ++i) {
3831     DCHECK(!blocks_[i]->IsOrdered());
3832   }
3833 #endif
3834 
3835   PostorderProcessor* postorder =
3836       PostorderProcessor::CreateEntryProcessor(zone(), blocks_[0]);
3837   blocks_.Rewind(0);
3838   while (postorder) {
3839     postorder = postorder->PerformStep(zone(), &blocks_);
3840   }
3841 
3842 #ifdef DEBUG
3843   // Now all blocks must be marked as ordered.
3844   for (int i = 0; i < blocks_.length(); ++i) {
3845     DCHECK(blocks_[i]->IsOrdered());
3846   }
3847 #endif
3848 
3849   // Reverse block list and assign block IDs.
3850   for (int i = 0, j = blocks_.length(); --j >= i; ++i) {
3851     HBasicBlock* bi = blocks_[i];
3852     HBasicBlock* bj = blocks_[j];
3853     bi->set_block_id(j);
3854     bj->set_block_id(i);
3855     blocks_[i] = bj;
3856     blocks_[j] = bi;
3857   }
3858 }
3859 
3860 
AssignDominators()3861 void HGraph::AssignDominators() {
3862   HPhase phase("H_Assign dominators", this);
3863   for (int i = 0; i < blocks_.length(); ++i) {
3864     HBasicBlock* block = blocks_[i];
3865     if (block->IsLoopHeader()) {
3866       // Only the first predecessor of a loop header is from outside the loop.
3867       // All others are back edges, and thus cannot dominate the loop header.
3868       block->AssignCommonDominator(block->predecessors()->first());
3869       block->AssignLoopSuccessorDominators();
3870     } else {
3871       for (int j = blocks_[i]->predecessors()->length() - 1; j >= 0; --j) {
3872         blocks_[i]->AssignCommonDominator(blocks_[i]->predecessors()->at(j));
3873       }
3874     }
3875   }
3876 }
3877 
3878 
CheckArgumentsPhiUses()3879 bool HGraph::CheckArgumentsPhiUses() {
3880   int block_count = blocks_.length();
3881   for (int i = 0; i < block_count; ++i) {
3882     for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3883       HPhi* phi = blocks_[i]->phis()->at(j);
3884       // We don't support phi uses of arguments for now.
3885       if (phi->CheckFlag(HValue::kIsArguments)) return false;
3886     }
3887   }
3888   return true;
3889 }
3890 
3891 
CheckConstPhiUses()3892 bool HGraph::CheckConstPhiUses() {
3893   int block_count = blocks_.length();
3894   for (int i = 0; i < block_count; ++i) {
3895     for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3896       HPhi* phi = blocks_[i]->phis()->at(j);
3897       // Check for the hole value (from an uninitialized const).
3898       for (int k = 0; k < phi->OperandCount(); k++) {
3899         if (phi->OperandAt(k) == GetConstantHole()) return false;
3900       }
3901     }
3902   }
3903   return true;
3904 }
3905 
3906 
CollectPhis()3907 void HGraph::CollectPhis() {
3908   int block_count = blocks_.length();
3909   phi_list_ = new(zone()) ZoneList<HPhi*>(block_count, zone());
3910   for (int i = 0; i < block_count; ++i) {
3911     for (int j = 0; j < blocks_[i]->phis()->length(); ++j) {
3912       HPhi* phi = blocks_[i]->phis()->at(j);
3913       phi_list_->Add(phi, zone());
3914     }
3915   }
3916 }
3917 
3918 
3919 // Implementation of utility class to encapsulate the translation state for
3920 // a (possibly inlined) function.
FunctionState(HOptimizedGraphBuilder * owner,CompilationInfo * info,InliningKind inlining_kind,int inlining_id)3921 FunctionState::FunctionState(HOptimizedGraphBuilder* owner,
3922                              CompilationInfo* info,
3923                              InliningKind inlining_kind,
3924                              int inlining_id)
3925     : owner_(owner),
3926       compilation_info_(info),
3927       call_context_(NULL),
3928       inlining_kind_(inlining_kind),
3929       function_return_(NULL),
3930       test_context_(NULL),
3931       entry_(NULL),
3932       arguments_object_(NULL),
3933       arguments_elements_(NULL),
3934       inlining_id_(inlining_id),
3935       outer_source_position_(HSourcePosition::Unknown()),
3936       outer_(owner->function_state()) {
3937   if (outer_ != NULL) {
3938     // State for an inline function.
3939     if (owner->ast_context()->IsTest()) {
3940       HBasicBlock* if_true = owner->graph()->CreateBasicBlock();
3941       HBasicBlock* if_false = owner->graph()->CreateBasicBlock();
3942       if_true->MarkAsInlineReturnTarget(owner->current_block());
3943       if_false->MarkAsInlineReturnTarget(owner->current_block());
3944       TestContext* outer_test_context = TestContext::cast(owner->ast_context());
3945       Expression* cond = outer_test_context->condition();
3946       // The AstContext constructor pushed on the context stack.  This newed
3947       // instance is the reason that AstContext can't be BASE_EMBEDDED.
3948       test_context_ = new TestContext(owner, cond, if_true, if_false);
3949     } else {
3950       function_return_ = owner->graph()->CreateBasicBlock();
3951       function_return()->MarkAsInlineReturnTarget(owner->current_block());
3952     }
3953     // Set this after possibly allocating a new TestContext above.
3954     call_context_ = owner->ast_context();
3955   }
3956 
3957   // Push on the state stack.
3958   owner->set_function_state(this);
3959 
3960   if (FLAG_hydrogen_track_positions) {
3961     outer_source_position_ = owner->source_position();
3962     owner->EnterInlinedSource(
3963       info->shared_info()->start_position(),
3964       inlining_id);
3965     owner->SetSourcePosition(info->shared_info()->start_position());
3966   }
3967 }
3968 
3969 
~FunctionState()3970 FunctionState::~FunctionState() {
3971   delete test_context_;
3972   owner_->set_function_state(outer_);
3973 
3974   if (FLAG_hydrogen_track_positions) {
3975     owner_->set_source_position(outer_source_position_);
3976     owner_->EnterInlinedSource(
3977       outer_->compilation_info()->shared_info()->start_position(),
3978       outer_->inlining_id());
3979   }
3980 }
3981 
3982 
3983 // Implementation of utility classes to represent an expression's context in
3984 // the AST.
AstContext(HOptimizedGraphBuilder * owner,Expression::Context kind)3985 AstContext::AstContext(HOptimizedGraphBuilder* owner, Expression::Context kind)
3986     : owner_(owner),
3987       kind_(kind),
3988       outer_(owner->ast_context()),
3989       for_typeof_(false) {
3990   owner->set_ast_context(this);  // Push.
3991 #ifdef DEBUG
3992   DCHECK(owner->environment()->frame_type() == JS_FUNCTION);
3993   original_length_ = owner->environment()->length();
3994 #endif
3995 }
3996 
3997 
~AstContext()3998 AstContext::~AstContext() {
3999   owner_->set_ast_context(outer_);  // Pop.
4000 }
4001 
4002 
~EffectContext()4003 EffectContext::~EffectContext() {
4004   DCHECK(owner()->HasStackOverflow() ||
4005          owner()->current_block() == NULL ||
4006          (owner()->environment()->length() == original_length_ &&
4007           owner()->environment()->frame_type() == JS_FUNCTION));
4008 }
4009 
4010 
~ValueContext()4011 ValueContext::~ValueContext() {
4012   DCHECK(owner()->HasStackOverflow() ||
4013          owner()->current_block() == NULL ||
4014          (owner()->environment()->length() == original_length_ + 1 &&
4015           owner()->environment()->frame_type() == JS_FUNCTION));
4016 }
4017 
4018 
ReturnValue(HValue * value)4019 void EffectContext::ReturnValue(HValue* value) {
4020   // The value is simply ignored.
4021 }
4022 
4023 
ReturnValue(HValue * value)4024 void ValueContext::ReturnValue(HValue* value) {
4025   // The value is tracked in the bailout environment, and communicated
4026   // through the environment as the result of the expression.
4027   if (!arguments_allowed() && value->CheckFlag(HValue::kIsArguments)) {
4028     owner()->Bailout(kBadValueContextForArgumentsValue);
4029   }
4030   owner()->Push(value);
4031 }
4032 
4033 
ReturnValue(HValue * value)4034 void TestContext::ReturnValue(HValue* value) {
4035   BuildBranch(value);
4036 }
4037 
4038 
ReturnInstruction(HInstruction * instr,BailoutId ast_id)4039 void EffectContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4040   DCHECK(!instr->IsControlInstruction());
4041   owner()->AddInstruction(instr);
4042   if (instr->HasObservableSideEffects()) {
4043     owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4044   }
4045 }
4046 
4047 
ReturnControl(HControlInstruction * instr,BailoutId ast_id)4048 void EffectContext::ReturnControl(HControlInstruction* instr,
4049                                   BailoutId ast_id) {
4050   DCHECK(!instr->HasObservableSideEffects());
4051   HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4052   HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4053   instr->SetSuccessorAt(0, empty_true);
4054   instr->SetSuccessorAt(1, empty_false);
4055   owner()->FinishCurrentBlock(instr);
4056   HBasicBlock* join = owner()->CreateJoin(empty_true, empty_false, ast_id);
4057   owner()->set_current_block(join);
4058 }
4059 
4060 
ReturnContinuation(HIfContinuation * continuation,BailoutId ast_id)4061 void EffectContext::ReturnContinuation(HIfContinuation* continuation,
4062                                        BailoutId ast_id) {
4063   HBasicBlock* true_branch = NULL;
4064   HBasicBlock* false_branch = NULL;
4065   continuation->Continue(&true_branch, &false_branch);
4066   if (!continuation->IsTrueReachable()) {
4067     owner()->set_current_block(false_branch);
4068   } else if (!continuation->IsFalseReachable()) {
4069     owner()->set_current_block(true_branch);
4070   } else {
4071     HBasicBlock* join = owner()->CreateJoin(true_branch, false_branch, ast_id);
4072     owner()->set_current_block(join);
4073   }
4074 }
4075 
4076 
ReturnInstruction(HInstruction * instr,BailoutId ast_id)4077 void ValueContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4078   DCHECK(!instr->IsControlInstruction());
4079   if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4080     return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4081   }
4082   owner()->AddInstruction(instr);
4083   owner()->Push(instr);
4084   if (instr->HasObservableSideEffects()) {
4085     owner()->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4086   }
4087 }
4088 
4089 
ReturnControl(HControlInstruction * instr,BailoutId ast_id)4090 void ValueContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4091   DCHECK(!instr->HasObservableSideEffects());
4092   if (!arguments_allowed() && instr->CheckFlag(HValue::kIsArguments)) {
4093     return owner()->Bailout(kBadValueContextForArgumentsObjectValue);
4094   }
4095   HBasicBlock* materialize_false = owner()->graph()->CreateBasicBlock();
4096   HBasicBlock* materialize_true = owner()->graph()->CreateBasicBlock();
4097   instr->SetSuccessorAt(0, materialize_true);
4098   instr->SetSuccessorAt(1, materialize_false);
4099   owner()->FinishCurrentBlock(instr);
4100   owner()->set_current_block(materialize_true);
4101   owner()->Push(owner()->graph()->GetConstantTrue());
4102   owner()->set_current_block(materialize_false);
4103   owner()->Push(owner()->graph()->GetConstantFalse());
4104   HBasicBlock* join =
4105     owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4106   owner()->set_current_block(join);
4107 }
4108 
4109 
ReturnContinuation(HIfContinuation * continuation,BailoutId ast_id)4110 void ValueContext::ReturnContinuation(HIfContinuation* continuation,
4111                                       BailoutId ast_id) {
4112   HBasicBlock* materialize_true = NULL;
4113   HBasicBlock* materialize_false = NULL;
4114   continuation->Continue(&materialize_true, &materialize_false);
4115   if (continuation->IsTrueReachable()) {
4116     owner()->set_current_block(materialize_true);
4117     owner()->Push(owner()->graph()->GetConstantTrue());
4118     owner()->set_current_block(materialize_true);
4119   }
4120   if (continuation->IsFalseReachable()) {
4121     owner()->set_current_block(materialize_false);
4122     owner()->Push(owner()->graph()->GetConstantFalse());
4123     owner()->set_current_block(materialize_false);
4124   }
4125   if (continuation->TrueAndFalseReachable()) {
4126     HBasicBlock* join =
4127         owner()->CreateJoin(materialize_true, materialize_false, ast_id);
4128     owner()->set_current_block(join);
4129   }
4130 }
4131 
4132 
ReturnInstruction(HInstruction * instr,BailoutId ast_id)4133 void TestContext::ReturnInstruction(HInstruction* instr, BailoutId ast_id) {
4134   DCHECK(!instr->IsControlInstruction());
4135   HOptimizedGraphBuilder* builder = owner();
4136   builder->AddInstruction(instr);
4137   // We expect a simulate after every expression with side effects, though
4138   // this one isn't actually needed (and wouldn't work if it were targeted).
4139   if (instr->HasObservableSideEffects()) {
4140     builder->Push(instr);
4141     builder->Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
4142     builder->Pop();
4143   }
4144   BuildBranch(instr);
4145 }
4146 
4147 
ReturnControl(HControlInstruction * instr,BailoutId ast_id)4148 void TestContext::ReturnControl(HControlInstruction* instr, BailoutId ast_id) {
4149   DCHECK(!instr->HasObservableSideEffects());
4150   HBasicBlock* empty_true = owner()->graph()->CreateBasicBlock();
4151   HBasicBlock* empty_false = owner()->graph()->CreateBasicBlock();
4152   instr->SetSuccessorAt(0, empty_true);
4153   instr->SetSuccessorAt(1, empty_false);
4154   owner()->FinishCurrentBlock(instr);
4155   owner()->Goto(empty_true, if_true(), owner()->function_state());
4156   owner()->Goto(empty_false, if_false(), owner()->function_state());
4157   owner()->set_current_block(NULL);
4158 }
4159 
4160 
ReturnContinuation(HIfContinuation * continuation,BailoutId ast_id)4161 void TestContext::ReturnContinuation(HIfContinuation* continuation,
4162                                      BailoutId ast_id) {
4163   HBasicBlock* true_branch = NULL;
4164   HBasicBlock* false_branch = NULL;
4165   continuation->Continue(&true_branch, &false_branch);
4166   if (continuation->IsTrueReachable()) {
4167     owner()->Goto(true_branch, if_true(), owner()->function_state());
4168   }
4169   if (continuation->IsFalseReachable()) {
4170     owner()->Goto(false_branch, if_false(), owner()->function_state());
4171   }
4172   owner()->set_current_block(NULL);
4173 }
4174 
4175 
BuildBranch(HValue * value)4176 void TestContext::BuildBranch(HValue* value) {
4177   // We expect the graph to be in edge-split form: there is no edge that
4178   // connects a branch node to a join node.  We conservatively ensure that
4179   // property by always adding an empty block on the outgoing edges of this
4180   // branch.
4181   HOptimizedGraphBuilder* builder = owner();
4182   if (value != NULL && value->CheckFlag(HValue::kIsArguments)) {
4183     builder->Bailout(kArgumentsObjectValueInATestContext);
4184   }
4185   ToBooleanStub::Types expected(condition()->to_boolean_types());
4186   ReturnControl(owner()->New<HBranch>(value, expected), BailoutId::None());
4187 }
4188 
4189 
4190 // HOptimizedGraphBuilder infrastructure for bailing out and checking bailouts.
4191 #define CHECK_BAILOUT(call)                     \
4192   do {                                          \
4193     call;                                       \
4194     if (HasStackOverflow()) return;             \
4195   } while (false)
4196 
4197 
4198 #define CHECK_ALIVE(call)                                       \
4199   do {                                                          \
4200     call;                                                       \
4201     if (HasStackOverflow() || current_block() == NULL) return;  \
4202   } while (false)
4203 
4204 
4205 #define CHECK_ALIVE_OR_RETURN(call, value)                            \
4206   do {                                                                \
4207     call;                                                             \
4208     if (HasStackOverflow() || current_block() == NULL) return value;  \
4209   } while (false)
4210 
4211 
Bailout(BailoutReason reason)4212 void HOptimizedGraphBuilder::Bailout(BailoutReason reason) {
4213   current_info()->AbortOptimization(reason);
4214   SetStackOverflow();
4215 }
4216 
4217 
VisitForEffect(Expression * expr)4218 void HOptimizedGraphBuilder::VisitForEffect(Expression* expr) {
4219   EffectContext for_effect(this);
4220   Visit(expr);
4221 }
4222 
4223 
VisitForValue(Expression * expr,ArgumentsAllowedFlag flag)4224 void HOptimizedGraphBuilder::VisitForValue(Expression* expr,
4225                                            ArgumentsAllowedFlag flag) {
4226   ValueContext for_value(this, flag);
4227   Visit(expr);
4228 }
4229 
4230 
VisitForTypeOf(Expression * expr)4231 void HOptimizedGraphBuilder::VisitForTypeOf(Expression* expr) {
4232   ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
4233   for_value.set_for_typeof(true);
4234   Visit(expr);
4235 }
4236 
4237 
VisitForControl(Expression * expr,HBasicBlock * true_block,HBasicBlock * false_block)4238 void HOptimizedGraphBuilder::VisitForControl(Expression* expr,
4239                                              HBasicBlock* true_block,
4240                                              HBasicBlock* false_block) {
4241   TestContext for_test(this, expr, true_block, false_block);
4242   Visit(expr);
4243 }
4244 
4245 
VisitExpressions(ZoneList<Expression * > * exprs)4246 void HOptimizedGraphBuilder::VisitExpressions(
4247     ZoneList<Expression*>* exprs) {
4248   for (int i = 0; i < exprs->length(); ++i) {
4249     CHECK_ALIVE(VisitForValue(exprs->at(i)));
4250   }
4251 }
4252 
4253 
BuildGraph()4254 bool HOptimizedGraphBuilder::BuildGraph() {
4255   if (current_info()->function()->is_generator()) {
4256     Bailout(kFunctionIsAGenerator);
4257     return false;
4258   }
4259   Scope* scope = current_info()->scope();
4260   if (scope->HasIllegalRedeclaration()) {
4261     Bailout(kFunctionWithIllegalRedeclaration);
4262     return false;
4263   }
4264   if (scope->calls_eval()) {
4265     Bailout(kFunctionCallsEval);
4266     return false;
4267   }
4268   SetUpScope(scope);
4269 
4270   // Add an edge to the body entry.  This is warty: the graph's start
4271   // environment will be used by the Lithium translation as the initial
4272   // environment on graph entry, but it has now been mutated by the
4273   // Hydrogen translation of the instructions in the start block.  This
4274   // environment uses values which have not been defined yet.  These
4275   // Hydrogen instructions will then be replayed by the Lithium
4276   // translation, so they cannot have an environment effect.  The edge to
4277   // the body's entry block (along with some special logic for the start
4278   // block in HInstruction::InsertAfter) seals the start block from
4279   // getting unwanted instructions inserted.
4280   //
4281   // TODO(kmillikin): Fix this.  Stop mutating the initial environment.
4282   // Make the Hydrogen instructions in the initial block into Hydrogen
4283   // values (but not instructions), present in the initial environment and
4284   // not replayed by the Lithium translation.
4285   HEnvironment* initial_env = environment()->CopyWithoutHistory();
4286   HBasicBlock* body_entry = CreateBasicBlock(initial_env);
4287   Goto(body_entry);
4288   body_entry->SetJoinId(BailoutId::FunctionEntry());
4289   set_current_block(body_entry);
4290 
4291   // Handle implicit declaration of the function name in named function
4292   // expressions before other declarations.
4293   if (scope->is_function_scope() && scope->function() != NULL) {
4294     VisitVariableDeclaration(scope->function());
4295   }
4296   VisitDeclarations(scope->declarations());
4297   Add<HSimulate>(BailoutId::Declarations());
4298 
4299   Add<HStackCheck>(HStackCheck::kFunctionEntry);
4300 
4301   VisitStatements(current_info()->function()->body());
4302   if (HasStackOverflow()) return false;
4303 
4304   if (current_block() != NULL) {
4305     Add<HReturn>(graph()->GetConstantUndefined());
4306     set_current_block(NULL);
4307   }
4308 
4309   // If the checksum of the number of type info changes is the same as the
4310   // last time this function was compiled, then this recompile is likely not
4311   // due to missing/inadequate type feedback, but rather too aggressive
4312   // optimization. Disable optimistic LICM in that case.
4313   Handle<Code> unoptimized_code(current_info()->shared_info()->code());
4314   DCHECK(unoptimized_code->kind() == Code::FUNCTION);
4315   Handle<TypeFeedbackInfo> type_info(
4316       TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
4317   int checksum = type_info->own_type_change_checksum();
4318   int composite_checksum = graph()->update_type_change_checksum(checksum);
4319   graph()->set_use_optimistic_licm(
4320       !type_info->matches_inlined_type_change_checksum(composite_checksum));
4321   type_info->set_inlined_type_change_checksum(composite_checksum);
4322 
4323   // Perform any necessary OSR-specific cleanups or changes to the graph.
4324   osr()->FinishGraph();
4325 
4326   return true;
4327 }
4328 
4329 
Optimize(BailoutReason * bailout_reason)4330 bool HGraph::Optimize(BailoutReason* bailout_reason) {
4331   OrderBlocks();
4332   AssignDominators();
4333 
4334   // We need to create a HConstant "zero" now so that GVN will fold every
4335   // zero-valued constant in the graph together.
4336   // The constant is needed to make idef-based bounds check work: the pass
4337   // evaluates relations with "zero" and that zero cannot be created after GVN.
4338   GetConstant0();
4339 
4340 #ifdef DEBUG
4341   // Do a full verify after building the graph and computing dominators.
4342   Verify(true);
4343 #endif
4344 
4345   if (FLAG_analyze_environment_liveness && maximum_environment_size() != 0) {
4346     Run<HEnvironmentLivenessAnalysisPhase>();
4347   }
4348 
4349   if (!CheckConstPhiUses()) {
4350     *bailout_reason = kUnsupportedPhiUseOfConstVariable;
4351     return false;
4352   }
4353   Run<HRedundantPhiEliminationPhase>();
4354   if (!CheckArgumentsPhiUses()) {
4355     *bailout_reason = kUnsupportedPhiUseOfArguments;
4356     return false;
4357   }
4358 
4359   // Find and mark unreachable code to simplify optimizations, especially gvn,
4360   // where unreachable code could unnecessarily defeat LICM.
4361   Run<HMarkUnreachableBlocksPhase>();
4362 
4363   if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4364   if (FLAG_use_escape_analysis) Run<HEscapeAnalysisPhase>();
4365 
4366   if (FLAG_load_elimination) Run<HLoadEliminationPhase>();
4367 
4368   CollectPhis();
4369 
4370   if (has_osr()) osr()->FinishOsrValues();
4371 
4372   Run<HInferRepresentationPhase>();
4373 
4374   // Remove HSimulate instructions that have turned out not to be needed
4375   // after all by folding them into the following HSimulate.
4376   // This must happen after inferring representations.
4377   Run<HMergeRemovableSimulatesPhase>();
4378 
4379   Run<HMarkDeoptimizeOnUndefinedPhase>();
4380   Run<HRepresentationChangesPhase>();
4381 
4382   Run<HInferTypesPhase>();
4383 
4384   // Must be performed before canonicalization to ensure that Canonicalize
4385   // will not remove semantically meaningful ToInt32 operations e.g. BIT_OR with
4386   // zero.
4387   if (FLAG_opt_safe_uint32_operations) Run<HUint32AnalysisPhase>();
4388 
4389   if (FLAG_use_canonicalizing) Run<HCanonicalizePhase>();
4390 
4391   if (FLAG_use_gvn) Run<HGlobalValueNumberingPhase>();
4392 
4393   if (FLAG_check_elimination) Run<HCheckEliminationPhase>();
4394 
4395   if (FLAG_store_elimination) Run<HStoreEliminationPhase>();
4396 
4397   Run<HRangeAnalysisPhase>();
4398 
4399   Run<HComputeChangeUndefinedToNaN>();
4400 
4401   // Eliminate redundant stack checks on backwards branches.
4402   Run<HStackCheckEliminationPhase>();
4403 
4404   if (FLAG_array_bounds_checks_elimination) Run<HBoundsCheckEliminationPhase>();
4405   if (FLAG_array_bounds_checks_hoisting) Run<HBoundsCheckHoistingPhase>();
4406   if (FLAG_array_index_dehoisting) Run<HDehoistIndexComputationsPhase>();
4407   if (FLAG_dead_code_elimination) Run<HDeadCodeEliminationPhase>();
4408 
4409   RestoreActualValues();
4410 
4411   // Find unreachable code a second time, GVN and other optimizations may have
4412   // made blocks unreachable that were previously reachable.
4413   Run<HMarkUnreachableBlocksPhase>();
4414 
4415   return true;
4416 }
4417 
4418 
RestoreActualValues()4419 void HGraph::RestoreActualValues() {
4420   HPhase phase("H_Restore actual values", this);
4421 
4422   for (int block_index = 0; block_index < blocks()->length(); block_index++) {
4423     HBasicBlock* block = blocks()->at(block_index);
4424 
4425 #ifdef DEBUG
4426     for (int i = 0; i < block->phis()->length(); i++) {
4427       HPhi* phi = block->phis()->at(i);
4428       DCHECK(phi->ActualValue() == phi);
4429     }
4430 #endif
4431 
4432     for (HInstructionIterator it(block); !it.Done(); it.Advance()) {
4433       HInstruction* instruction = it.Current();
4434       if (instruction->ActualValue() == instruction) continue;
4435       if (instruction->CheckFlag(HValue::kIsDead)) {
4436         // The instruction was marked as deleted but left in the graph
4437         // as a control flow dependency point for subsequent
4438         // instructions.
4439         instruction->DeleteAndReplaceWith(instruction->ActualValue());
4440       } else {
4441         DCHECK(instruction->IsInformativeDefinition());
4442         if (instruction->IsPurelyInformativeDefinition()) {
4443           instruction->DeleteAndReplaceWith(instruction->RedefinedOperand());
4444         } else {
4445           instruction->ReplaceAllUsesWith(instruction->ActualValue());
4446         }
4447       }
4448     }
4449   }
4450 }
4451 
4452 
PushArgumentsFromEnvironment(int count)4453 void HOptimizedGraphBuilder::PushArgumentsFromEnvironment(int count) {
4454   ZoneList<HValue*> arguments(count, zone());
4455   for (int i = 0; i < count; ++i) {
4456     arguments.Add(Pop(), zone());
4457   }
4458 
4459   HPushArguments* push_args = New<HPushArguments>();
4460   while (!arguments.is_empty()) {
4461     push_args->AddInput(arguments.RemoveLast());
4462   }
4463   AddInstruction(push_args);
4464 }
4465 
4466 
4467 template <class Instruction>
PreProcessCall(Instruction * call)4468 HInstruction* HOptimizedGraphBuilder::PreProcessCall(Instruction* call) {
4469   PushArgumentsFromEnvironment(call->argument_count());
4470   return call;
4471 }
4472 
4473 
SetUpScope(Scope * scope)4474 void HOptimizedGraphBuilder::SetUpScope(Scope* scope) {
4475   // First special is HContext.
4476   HInstruction* context = Add<HContext>();
4477   environment()->BindContext(context);
4478 
4479   // Create an arguments object containing the initial parameters.  Set the
4480   // initial values of parameters including "this" having parameter index 0.
4481   DCHECK_EQ(scope->num_parameters() + 1, environment()->parameter_count());
4482   HArgumentsObject* arguments_object =
4483       New<HArgumentsObject>(environment()->parameter_count());
4484   for (int i = 0; i < environment()->parameter_count(); ++i) {
4485     HInstruction* parameter = Add<HParameter>(i);
4486     arguments_object->AddArgument(parameter, zone());
4487     environment()->Bind(i, parameter);
4488   }
4489   AddInstruction(arguments_object);
4490   graph()->SetArgumentsObject(arguments_object);
4491 
4492   HConstant* undefined_constant = graph()->GetConstantUndefined();
4493   // Initialize specials and locals to undefined.
4494   for (int i = environment()->parameter_count() + 1;
4495        i < environment()->length();
4496        ++i) {
4497     environment()->Bind(i, undefined_constant);
4498   }
4499 
4500   // Handle the arguments and arguments shadow variables specially (they do
4501   // not have declarations).
4502   if (scope->arguments() != NULL) {
4503     if (!scope->arguments()->IsStackAllocated()) {
4504       return Bailout(kContextAllocatedArguments);
4505     }
4506 
4507     environment()->Bind(scope->arguments(),
4508                         graph()->GetArgumentsObject());
4509   }
4510 }
4511 
4512 
ToType(Handle<Map> map)4513 Type* HOptimizedGraphBuilder::ToType(Handle<Map> map) {
4514   return IC::MapToType<Type>(map, zone());
4515 }
4516 
4517 
VisitStatements(ZoneList<Statement * > * statements)4518 void HOptimizedGraphBuilder::VisitStatements(ZoneList<Statement*>* statements) {
4519   for (int i = 0; i < statements->length(); i++) {
4520     Statement* stmt = statements->at(i);
4521     CHECK_ALIVE(Visit(stmt));
4522     if (stmt->IsJump()) break;
4523   }
4524 }
4525 
4526 
VisitBlock(Block * stmt)4527 void HOptimizedGraphBuilder::VisitBlock(Block* stmt) {
4528   DCHECK(!HasStackOverflow());
4529   DCHECK(current_block() != NULL);
4530   DCHECK(current_block()->HasPredecessor());
4531 
4532   Scope* outer_scope = scope();
4533   Scope* scope = stmt->scope();
4534   BreakAndContinueInfo break_info(stmt, outer_scope);
4535 
4536   { BreakAndContinueScope push(&break_info, this);
4537     if (scope != NULL) {
4538       // Load the function object.
4539       Scope* declaration_scope = scope->DeclarationScope();
4540       HInstruction* function;
4541       HValue* outer_context = environment()->context();
4542       if (declaration_scope->is_global_scope() ||
4543           declaration_scope->is_eval_scope()) {
4544         function = new(zone()) HLoadContextSlot(
4545             outer_context, Context::CLOSURE_INDEX, HLoadContextSlot::kNoCheck);
4546       } else {
4547         function = New<HThisFunction>();
4548       }
4549       AddInstruction(function);
4550       // Allocate a block context and store it to the stack frame.
4551       HInstruction* inner_context = Add<HAllocateBlockContext>(
4552           outer_context, function, scope->GetScopeInfo());
4553       HInstruction* instr = Add<HStoreFrameContext>(inner_context);
4554       if (instr->HasObservableSideEffects()) {
4555         AddSimulate(stmt->EntryId(), REMOVABLE_SIMULATE);
4556       }
4557       set_scope(scope);
4558       environment()->BindContext(inner_context);
4559       VisitDeclarations(scope->declarations());
4560       AddSimulate(stmt->DeclsId(), REMOVABLE_SIMULATE);
4561     }
4562     CHECK_BAILOUT(VisitStatements(stmt->statements()));
4563   }
4564   set_scope(outer_scope);
4565   if (scope != NULL && current_block() != NULL) {
4566     HValue* inner_context = environment()->context();
4567     HValue* outer_context = Add<HLoadNamedField>(
4568         inner_context, static_cast<HValue*>(NULL),
4569         HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4570 
4571     HInstruction* instr = Add<HStoreFrameContext>(outer_context);
4572     if (instr->HasObservableSideEffects()) {
4573       AddSimulate(stmt->ExitId(), REMOVABLE_SIMULATE);
4574     }
4575     environment()->BindContext(outer_context);
4576   }
4577   HBasicBlock* break_block = break_info.break_block();
4578   if (break_block != NULL) {
4579     if (current_block() != NULL) Goto(break_block);
4580     break_block->SetJoinId(stmt->ExitId());
4581     set_current_block(break_block);
4582   }
4583 }
4584 
4585 
VisitExpressionStatement(ExpressionStatement * stmt)4586 void HOptimizedGraphBuilder::VisitExpressionStatement(
4587     ExpressionStatement* stmt) {
4588   DCHECK(!HasStackOverflow());
4589   DCHECK(current_block() != NULL);
4590   DCHECK(current_block()->HasPredecessor());
4591   VisitForEffect(stmt->expression());
4592 }
4593 
4594 
VisitEmptyStatement(EmptyStatement * stmt)4595 void HOptimizedGraphBuilder::VisitEmptyStatement(EmptyStatement* stmt) {
4596   DCHECK(!HasStackOverflow());
4597   DCHECK(current_block() != NULL);
4598   DCHECK(current_block()->HasPredecessor());
4599 }
4600 
4601 
VisitIfStatement(IfStatement * stmt)4602 void HOptimizedGraphBuilder::VisitIfStatement(IfStatement* stmt) {
4603   DCHECK(!HasStackOverflow());
4604   DCHECK(current_block() != NULL);
4605   DCHECK(current_block()->HasPredecessor());
4606   if (stmt->condition()->ToBooleanIsTrue()) {
4607     Add<HSimulate>(stmt->ThenId());
4608     Visit(stmt->then_statement());
4609   } else if (stmt->condition()->ToBooleanIsFalse()) {
4610     Add<HSimulate>(stmt->ElseId());
4611     Visit(stmt->else_statement());
4612   } else {
4613     HBasicBlock* cond_true = graph()->CreateBasicBlock();
4614     HBasicBlock* cond_false = graph()->CreateBasicBlock();
4615     CHECK_BAILOUT(VisitForControl(stmt->condition(), cond_true, cond_false));
4616 
4617     if (cond_true->HasPredecessor()) {
4618       cond_true->SetJoinId(stmt->ThenId());
4619       set_current_block(cond_true);
4620       CHECK_BAILOUT(Visit(stmt->then_statement()));
4621       cond_true = current_block();
4622     } else {
4623       cond_true = NULL;
4624     }
4625 
4626     if (cond_false->HasPredecessor()) {
4627       cond_false->SetJoinId(stmt->ElseId());
4628       set_current_block(cond_false);
4629       CHECK_BAILOUT(Visit(stmt->else_statement()));
4630       cond_false = current_block();
4631     } else {
4632       cond_false = NULL;
4633     }
4634 
4635     HBasicBlock* join = CreateJoin(cond_true, cond_false, stmt->IfId());
4636     set_current_block(join);
4637   }
4638 }
4639 
4640 
Get(BreakableStatement * stmt,BreakType type,Scope ** scope,int * drop_extra)4641 HBasicBlock* HOptimizedGraphBuilder::BreakAndContinueScope::Get(
4642     BreakableStatement* stmt,
4643     BreakType type,
4644     Scope** scope,
4645     int* drop_extra) {
4646   *drop_extra = 0;
4647   BreakAndContinueScope* current = this;
4648   while (current != NULL && current->info()->target() != stmt) {
4649     *drop_extra += current->info()->drop_extra();
4650     current = current->next();
4651   }
4652   DCHECK(current != NULL);  // Always found (unless stack is malformed).
4653   *scope = current->info()->scope();
4654 
4655   if (type == BREAK) {
4656     *drop_extra += current->info()->drop_extra();
4657   }
4658 
4659   HBasicBlock* block = NULL;
4660   switch (type) {
4661     case BREAK:
4662       block = current->info()->break_block();
4663       if (block == NULL) {
4664         block = current->owner()->graph()->CreateBasicBlock();
4665         current->info()->set_break_block(block);
4666       }
4667       break;
4668 
4669     case CONTINUE:
4670       block = current->info()->continue_block();
4671       if (block == NULL) {
4672         block = current->owner()->graph()->CreateBasicBlock();
4673         current->info()->set_continue_block(block);
4674       }
4675       break;
4676   }
4677 
4678   return block;
4679 }
4680 
4681 
VisitContinueStatement(ContinueStatement * stmt)4682 void HOptimizedGraphBuilder::VisitContinueStatement(
4683     ContinueStatement* stmt) {
4684   DCHECK(!HasStackOverflow());
4685   DCHECK(current_block() != NULL);
4686   DCHECK(current_block()->HasPredecessor());
4687   Scope* outer_scope = NULL;
4688   Scope* inner_scope = scope();
4689   int drop_extra = 0;
4690   HBasicBlock* continue_block = break_scope()->Get(
4691       stmt->target(), BreakAndContinueScope::CONTINUE,
4692       &outer_scope, &drop_extra);
4693   HValue* context = environment()->context();
4694   Drop(drop_extra);
4695   int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4696   if (context_pop_count > 0) {
4697     while (context_pop_count-- > 0) {
4698       HInstruction* context_instruction = Add<HLoadNamedField>(
4699           context, static_cast<HValue*>(NULL),
4700           HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4701       context = context_instruction;
4702     }
4703     HInstruction* instr = Add<HStoreFrameContext>(context);
4704     if (instr->HasObservableSideEffects()) {
4705       AddSimulate(stmt->target()->EntryId(), REMOVABLE_SIMULATE);
4706     }
4707     environment()->BindContext(context);
4708   }
4709 
4710   Goto(continue_block);
4711   set_current_block(NULL);
4712 }
4713 
4714 
VisitBreakStatement(BreakStatement * stmt)4715 void HOptimizedGraphBuilder::VisitBreakStatement(BreakStatement* stmt) {
4716   DCHECK(!HasStackOverflow());
4717   DCHECK(current_block() != NULL);
4718   DCHECK(current_block()->HasPredecessor());
4719   Scope* outer_scope = NULL;
4720   Scope* inner_scope = scope();
4721   int drop_extra = 0;
4722   HBasicBlock* break_block = break_scope()->Get(
4723       stmt->target(), BreakAndContinueScope::BREAK,
4724       &outer_scope, &drop_extra);
4725   HValue* context = environment()->context();
4726   Drop(drop_extra);
4727   int context_pop_count = inner_scope->ContextChainLength(outer_scope);
4728   if (context_pop_count > 0) {
4729     while (context_pop_count-- > 0) {
4730       HInstruction* context_instruction = Add<HLoadNamedField>(
4731           context, static_cast<HValue*>(NULL),
4732           HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
4733       context = context_instruction;
4734     }
4735     HInstruction* instr = Add<HStoreFrameContext>(context);
4736     if (instr->HasObservableSideEffects()) {
4737       AddSimulate(stmt->target()->ExitId(), REMOVABLE_SIMULATE);
4738     }
4739     environment()->BindContext(context);
4740   }
4741   Goto(break_block);
4742   set_current_block(NULL);
4743 }
4744 
4745 
VisitReturnStatement(ReturnStatement * stmt)4746 void HOptimizedGraphBuilder::VisitReturnStatement(ReturnStatement* stmt) {
4747   DCHECK(!HasStackOverflow());
4748   DCHECK(current_block() != NULL);
4749   DCHECK(current_block()->HasPredecessor());
4750   FunctionState* state = function_state();
4751   AstContext* context = call_context();
4752   if (context == NULL) {
4753     // Not an inlined return, so an actual one.
4754     CHECK_ALIVE(VisitForValue(stmt->expression()));
4755     HValue* result = environment()->Pop();
4756     Add<HReturn>(result);
4757   } else if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
4758     // Return from an inlined construct call. In a test context the return value
4759     // will always evaluate to true, in a value context the return value needs
4760     // to be a JSObject.
4761     if (context->IsTest()) {
4762       TestContext* test = TestContext::cast(context);
4763       CHECK_ALIVE(VisitForEffect(stmt->expression()));
4764       Goto(test->if_true(), state);
4765     } else if (context->IsEffect()) {
4766       CHECK_ALIVE(VisitForEffect(stmt->expression()));
4767       Goto(function_return(), state);
4768     } else {
4769       DCHECK(context->IsValue());
4770       CHECK_ALIVE(VisitForValue(stmt->expression()));
4771       HValue* return_value = Pop();
4772       HValue* receiver = environment()->arguments_environment()->Lookup(0);
4773       HHasInstanceTypeAndBranch* typecheck =
4774           New<HHasInstanceTypeAndBranch>(return_value,
4775                                          FIRST_SPEC_OBJECT_TYPE,
4776                                          LAST_SPEC_OBJECT_TYPE);
4777       HBasicBlock* if_spec_object = graph()->CreateBasicBlock();
4778       HBasicBlock* not_spec_object = graph()->CreateBasicBlock();
4779       typecheck->SetSuccessorAt(0, if_spec_object);
4780       typecheck->SetSuccessorAt(1, not_spec_object);
4781       FinishCurrentBlock(typecheck);
4782       AddLeaveInlined(if_spec_object, return_value, state);
4783       AddLeaveInlined(not_spec_object, receiver, state);
4784     }
4785   } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
4786     // Return from an inlined setter call. The returned value is never used, the
4787     // value of an assignment is always the value of the RHS of the assignment.
4788     CHECK_ALIVE(VisitForEffect(stmt->expression()));
4789     if (context->IsTest()) {
4790       HValue* rhs = environment()->arguments_environment()->Lookup(1);
4791       context->ReturnValue(rhs);
4792     } else if (context->IsEffect()) {
4793       Goto(function_return(), state);
4794     } else {
4795       DCHECK(context->IsValue());
4796       HValue* rhs = environment()->arguments_environment()->Lookup(1);
4797       AddLeaveInlined(rhs, state);
4798     }
4799   } else {
4800     // Return from a normal inlined function. Visit the subexpression in the
4801     // expression context of the call.
4802     if (context->IsTest()) {
4803       TestContext* test = TestContext::cast(context);
4804       VisitForControl(stmt->expression(), test->if_true(), test->if_false());
4805     } else if (context->IsEffect()) {
4806       // Visit in value context and ignore the result. This is needed to keep
4807       // environment in sync with full-codegen since some visitors (e.g.
4808       // VisitCountOperation) use the operand stack differently depending on
4809       // context.
4810       CHECK_ALIVE(VisitForValue(stmt->expression()));
4811       Pop();
4812       Goto(function_return(), state);
4813     } else {
4814       DCHECK(context->IsValue());
4815       CHECK_ALIVE(VisitForValue(stmt->expression()));
4816       AddLeaveInlined(Pop(), state);
4817     }
4818   }
4819   set_current_block(NULL);
4820 }
4821 
4822 
VisitWithStatement(WithStatement * stmt)4823 void HOptimizedGraphBuilder::VisitWithStatement(WithStatement* stmt) {
4824   DCHECK(!HasStackOverflow());
4825   DCHECK(current_block() != NULL);
4826   DCHECK(current_block()->HasPredecessor());
4827   return Bailout(kWithStatement);
4828 }
4829 
4830 
VisitSwitchStatement(SwitchStatement * stmt)4831 void HOptimizedGraphBuilder::VisitSwitchStatement(SwitchStatement* stmt) {
4832   DCHECK(!HasStackOverflow());
4833   DCHECK(current_block() != NULL);
4834   DCHECK(current_block()->HasPredecessor());
4835 
4836   ZoneList<CaseClause*>* clauses = stmt->cases();
4837   int clause_count = clauses->length();
4838   ZoneList<HBasicBlock*> body_blocks(clause_count, zone());
4839 
4840   CHECK_ALIVE(VisitForValue(stmt->tag()));
4841   Add<HSimulate>(stmt->EntryId());
4842   HValue* tag_value = Top();
4843   Type* tag_type = stmt->tag()->bounds().lower;
4844 
4845   // 1. Build all the tests, with dangling true branches
4846   BailoutId default_id = BailoutId::None();
4847   for (int i = 0; i < clause_count; ++i) {
4848     CaseClause* clause = clauses->at(i);
4849     if (clause->is_default()) {
4850       body_blocks.Add(NULL, zone());
4851       if (default_id.IsNone()) default_id = clause->EntryId();
4852       continue;
4853     }
4854 
4855     // Generate a compare and branch.
4856     CHECK_ALIVE(VisitForValue(clause->label()));
4857     HValue* label_value = Pop();
4858 
4859     Type* label_type = clause->label()->bounds().lower;
4860     Type* combined_type = clause->compare_type();
4861     HControlInstruction* compare = BuildCompareInstruction(
4862         Token::EQ_STRICT, tag_value, label_value, tag_type, label_type,
4863         combined_type,
4864         ScriptPositionToSourcePosition(stmt->tag()->position()),
4865         ScriptPositionToSourcePosition(clause->label()->position()),
4866         PUSH_BEFORE_SIMULATE, clause->id());
4867 
4868     HBasicBlock* next_test_block = graph()->CreateBasicBlock();
4869     HBasicBlock* body_block = graph()->CreateBasicBlock();
4870     body_blocks.Add(body_block, zone());
4871     compare->SetSuccessorAt(0, body_block);
4872     compare->SetSuccessorAt(1, next_test_block);
4873     FinishCurrentBlock(compare);
4874 
4875     set_current_block(body_block);
4876     Drop(1);  // tag_value
4877 
4878     set_current_block(next_test_block);
4879   }
4880 
4881   // Save the current block to use for the default or to join with the
4882   // exit.
4883   HBasicBlock* last_block = current_block();
4884   Drop(1);  // tag_value
4885 
4886   // 2. Loop over the clauses and the linked list of tests in lockstep,
4887   // translating the clause bodies.
4888   HBasicBlock* fall_through_block = NULL;
4889 
4890   BreakAndContinueInfo break_info(stmt, scope());
4891   { BreakAndContinueScope push(&break_info, this);
4892     for (int i = 0; i < clause_count; ++i) {
4893       CaseClause* clause = clauses->at(i);
4894 
4895       // Identify the block where normal (non-fall-through) control flow
4896       // goes to.
4897       HBasicBlock* normal_block = NULL;
4898       if (clause->is_default()) {
4899         if (last_block == NULL) continue;
4900         normal_block = last_block;
4901         last_block = NULL;  // Cleared to indicate we've handled it.
4902       } else {
4903         normal_block = body_blocks[i];
4904       }
4905 
4906       if (fall_through_block == NULL) {
4907         set_current_block(normal_block);
4908       } else {
4909         HBasicBlock* join = CreateJoin(fall_through_block,
4910                                        normal_block,
4911                                        clause->EntryId());
4912         set_current_block(join);
4913       }
4914 
4915       CHECK_BAILOUT(VisitStatements(clause->statements()));
4916       fall_through_block = current_block();
4917     }
4918   }
4919 
4920   // Create an up-to-3-way join.  Use the break block if it exists since
4921   // it's already a join block.
4922   HBasicBlock* break_block = break_info.break_block();
4923   if (break_block == NULL) {
4924     set_current_block(CreateJoin(fall_through_block,
4925                                  last_block,
4926                                  stmt->ExitId()));
4927   } else {
4928     if (fall_through_block != NULL) Goto(fall_through_block, break_block);
4929     if (last_block != NULL) Goto(last_block, break_block);
4930     break_block->SetJoinId(stmt->ExitId());
4931     set_current_block(break_block);
4932   }
4933 }
4934 
4935 
VisitLoopBody(IterationStatement * stmt,HBasicBlock * loop_entry)4936 void HOptimizedGraphBuilder::VisitLoopBody(IterationStatement* stmt,
4937                                            HBasicBlock* loop_entry) {
4938   Add<HSimulate>(stmt->StackCheckId());
4939   HStackCheck* stack_check =
4940       HStackCheck::cast(Add<HStackCheck>(HStackCheck::kBackwardsBranch));
4941   DCHECK(loop_entry->IsLoopHeader());
4942   loop_entry->loop_information()->set_stack_check(stack_check);
4943   CHECK_BAILOUT(Visit(stmt->body()));
4944 }
4945 
4946 
VisitDoWhileStatement(DoWhileStatement * stmt)4947 void HOptimizedGraphBuilder::VisitDoWhileStatement(DoWhileStatement* stmt) {
4948   DCHECK(!HasStackOverflow());
4949   DCHECK(current_block() != NULL);
4950   DCHECK(current_block()->HasPredecessor());
4951   DCHECK(current_block() != NULL);
4952   HBasicBlock* loop_entry = BuildLoopEntry(stmt);
4953 
4954   BreakAndContinueInfo break_info(stmt, scope());
4955   {
4956     BreakAndContinueScope push(&break_info, this);
4957     CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
4958   }
4959   HBasicBlock* body_exit =
4960       JoinContinue(stmt, current_block(), break_info.continue_block());
4961   HBasicBlock* loop_successor = NULL;
4962   if (body_exit != NULL && !stmt->cond()->ToBooleanIsTrue()) {
4963     set_current_block(body_exit);
4964     loop_successor = graph()->CreateBasicBlock();
4965     if (stmt->cond()->ToBooleanIsFalse()) {
4966       loop_entry->loop_information()->stack_check()->Eliminate();
4967       Goto(loop_successor);
4968       body_exit = NULL;
4969     } else {
4970       // The block for a true condition, the actual predecessor block of the
4971       // back edge.
4972       body_exit = graph()->CreateBasicBlock();
4973       CHECK_BAILOUT(VisitForControl(stmt->cond(), body_exit, loop_successor));
4974     }
4975     if (body_exit != NULL && body_exit->HasPredecessor()) {
4976       body_exit->SetJoinId(stmt->BackEdgeId());
4977     } else {
4978       body_exit = NULL;
4979     }
4980     if (loop_successor->HasPredecessor()) {
4981       loop_successor->SetJoinId(stmt->ExitId());
4982     } else {
4983       loop_successor = NULL;
4984     }
4985   }
4986   HBasicBlock* loop_exit = CreateLoop(stmt,
4987                                       loop_entry,
4988                                       body_exit,
4989                                       loop_successor,
4990                                       break_info.break_block());
4991   set_current_block(loop_exit);
4992 }
4993 
4994 
VisitWhileStatement(WhileStatement * stmt)4995 void HOptimizedGraphBuilder::VisitWhileStatement(WhileStatement* stmt) {
4996   DCHECK(!HasStackOverflow());
4997   DCHECK(current_block() != NULL);
4998   DCHECK(current_block()->HasPredecessor());
4999   DCHECK(current_block() != NULL);
5000   HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5001 
5002   // If the condition is constant true, do not generate a branch.
5003   HBasicBlock* loop_successor = NULL;
5004   if (!stmt->cond()->ToBooleanIsTrue()) {
5005     HBasicBlock* body_entry = graph()->CreateBasicBlock();
5006     loop_successor = graph()->CreateBasicBlock();
5007     CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5008     if (body_entry->HasPredecessor()) {
5009       body_entry->SetJoinId(stmt->BodyId());
5010       set_current_block(body_entry);
5011     }
5012     if (loop_successor->HasPredecessor()) {
5013       loop_successor->SetJoinId(stmt->ExitId());
5014     } else {
5015       loop_successor = NULL;
5016     }
5017   }
5018 
5019   BreakAndContinueInfo break_info(stmt, scope());
5020   if (current_block() != NULL) {
5021     BreakAndContinueScope push(&break_info, this);
5022     CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5023   }
5024   HBasicBlock* body_exit =
5025       JoinContinue(stmt, current_block(), break_info.continue_block());
5026   HBasicBlock* loop_exit = CreateLoop(stmt,
5027                                       loop_entry,
5028                                       body_exit,
5029                                       loop_successor,
5030                                       break_info.break_block());
5031   set_current_block(loop_exit);
5032 }
5033 
5034 
VisitForStatement(ForStatement * stmt)5035 void HOptimizedGraphBuilder::VisitForStatement(ForStatement* stmt) {
5036   DCHECK(!HasStackOverflow());
5037   DCHECK(current_block() != NULL);
5038   DCHECK(current_block()->HasPredecessor());
5039   if (stmt->init() != NULL) {
5040     CHECK_ALIVE(Visit(stmt->init()));
5041   }
5042   DCHECK(current_block() != NULL);
5043   HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5044 
5045   HBasicBlock* loop_successor = NULL;
5046   if (stmt->cond() != NULL) {
5047     HBasicBlock* body_entry = graph()->CreateBasicBlock();
5048     loop_successor = graph()->CreateBasicBlock();
5049     CHECK_BAILOUT(VisitForControl(stmt->cond(), body_entry, loop_successor));
5050     if (body_entry->HasPredecessor()) {
5051       body_entry->SetJoinId(stmt->BodyId());
5052       set_current_block(body_entry);
5053     }
5054     if (loop_successor->HasPredecessor()) {
5055       loop_successor->SetJoinId(stmt->ExitId());
5056     } else {
5057       loop_successor = NULL;
5058     }
5059   }
5060 
5061   BreakAndContinueInfo break_info(stmt, scope());
5062   if (current_block() != NULL) {
5063     BreakAndContinueScope push(&break_info, this);
5064     CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5065   }
5066   HBasicBlock* body_exit =
5067       JoinContinue(stmt, current_block(), break_info.continue_block());
5068 
5069   if (stmt->next() != NULL && body_exit != NULL) {
5070     set_current_block(body_exit);
5071     CHECK_BAILOUT(Visit(stmt->next()));
5072     body_exit = current_block();
5073   }
5074 
5075   HBasicBlock* loop_exit = CreateLoop(stmt,
5076                                       loop_entry,
5077                                       body_exit,
5078                                       loop_successor,
5079                                       break_info.break_block());
5080   set_current_block(loop_exit);
5081 }
5082 
5083 
VisitForInStatement(ForInStatement * stmt)5084 void HOptimizedGraphBuilder::VisitForInStatement(ForInStatement* stmt) {
5085   DCHECK(!HasStackOverflow());
5086   DCHECK(current_block() != NULL);
5087   DCHECK(current_block()->HasPredecessor());
5088 
5089   if (!FLAG_optimize_for_in) {
5090     return Bailout(kForInStatementOptimizationIsDisabled);
5091   }
5092 
5093   if (stmt->for_in_type() != ForInStatement::FAST_FOR_IN) {
5094     return Bailout(kForInStatementIsNotFastCase);
5095   }
5096 
5097   if (!stmt->each()->IsVariableProxy() ||
5098       !stmt->each()->AsVariableProxy()->var()->IsStackLocal()) {
5099     return Bailout(kForInStatementWithNonLocalEachVariable);
5100   }
5101 
5102   Variable* each_var = stmt->each()->AsVariableProxy()->var();
5103 
5104   CHECK_ALIVE(VisitForValue(stmt->enumerable()));
5105   HValue* enumerable = Top();  // Leave enumerable at the top.
5106 
5107   HInstruction* map = Add<HForInPrepareMap>(enumerable);
5108   Add<HSimulate>(stmt->PrepareId());
5109 
5110   HInstruction* array = Add<HForInCacheArray>(
5111       enumerable, map, DescriptorArray::kEnumCacheBridgeCacheIndex);
5112 
5113   HInstruction* enum_length = Add<HMapEnumLength>(map);
5114 
5115   HInstruction* start_index = Add<HConstant>(0);
5116 
5117   Push(map);
5118   Push(array);
5119   Push(enum_length);
5120   Push(start_index);
5121 
5122   HInstruction* index_cache = Add<HForInCacheArray>(
5123       enumerable, map, DescriptorArray::kEnumCacheBridgeIndicesCacheIndex);
5124   HForInCacheArray::cast(array)->set_index_cache(
5125       HForInCacheArray::cast(index_cache));
5126 
5127   HBasicBlock* loop_entry = BuildLoopEntry(stmt);
5128 
5129   HValue* index = environment()->ExpressionStackAt(0);
5130   HValue* limit = environment()->ExpressionStackAt(1);
5131 
5132   // Check that we still have more keys.
5133   HCompareNumericAndBranch* compare_index =
5134       New<HCompareNumericAndBranch>(index, limit, Token::LT);
5135   compare_index->set_observed_input_representation(
5136       Representation::Smi(), Representation::Smi());
5137 
5138   HBasicBlock* loop_body = graph()->CreateBasicBlock();
5139   HBasicBlock* loop_successor = graph()->CreateBasicBlock();
5140 
5141   compare_index->SetSuccessorAt(0, loop_body);
5142   compare_index->SetSuccessorAt(1, loop_successor);
5143   FinishCurrentBlock(compare_index);
5144 
5145   set_current_block(loop_successor);
5146   Drop(5);
5147 
5148   set_current_block(loop_body);
5149 
5150   HValue* key = Add<HLoadKeyed>(
5151       environment()->ExpressionStackAt(2),  // Enum cache.
5152       environment()->ExpressionStackAt(0),  // Iteration index.
5153       environment()->ExpressionStackAt(0),
5154       FAST_ELEMENTS);
5155 
5156   // Check if the expected map still matches that of the enumerable.
5157   // If not just deoptimize.
5158   Add<HCheckMapValue>(environment()->ExpressionStackAt(4),
5159                       environment()->ExpressionStackAt(3));
5160 
5161   Bind(each_var, key);
5162 
5163   BreakAndContinueInfo break_info(stmt, scope(), 5);
5164   {
5165     BreakAndContinueScope push(&break_info, this);
5166     CHECK_BAILOUT(VisitLoopBody(stmt, loop_entry));
5167   }
5168 
5169   HBasicBlock* body_exit =
5170       JoinContinue(stmt, current_block(), break_info.continue_block());
5171 
5172   if (body_exit != NULL) {
5173     set_current_block(body_exit);
5174 
5175     HValue* current_index = Pop();
5176     Push(AddUncasted<HAdd>(current_index, graph()->GetConstant1()));
5177     body_exit = current_block();
5178   }
5179 
5180   HBasicBlock* loop_exit = CreateLoop(stmt,
5181                                       loop_entry,
5182                                       body_exit,
5183                                       loop_successor,
5184                                       break_info.break_block());
5185 
5186   set_current_block(loop_exit);
5187 }
5188 
5189 
VisitForOfStatement(ForOfStatement * stmt)5190 void HOptimizedGraphBuilder::VisitForOfStatement(ForOfStatement* stmt) {
5191   DCHECK(!HasStackOverflow());
5192   DCHECK(current_block() != NULL);
5193   DCHECK(current_block()->HasPredecessor());
5194   return Bailout(kForOfStatement);
5195 }
5196 
5197 
VisitTryCatchStatement(TryCatchStatement * stmt)5198 void HOptimizedGraphBuilder::VisitTryCatchStatement(TryCatchStatement* stmt) {
5199   DCHECK(!HasStackOverflow());
5200   DCHECK(current_block() != NULL);
5201   DCHECK(current_block()->HasPredecessor());
5202   return Bailout(kTryCatchStatement);
5203 }
5204 
5205 
VisitTryFinallyStatement(TryFinallyStatement * stmt)5206 void HOptimizedGraphBuilder::VisitTryFinallyStatement(
5207     TryFinallyStatement* stmt) {
5208   DCHECK(!HasStackOverflow());
5209   DCHECK(current_block() != NULL);
5210   DCHECK(current_block()->HasPredecessor());
5211   return Bailout(kTryFinallyStatement);
5212 }
5213 
5214 
VisitDebuggerStatement(DebuggerStatement * stmt)5215 void HOptimizedGraphBuilder::VisitDebuggerStatement(DebuggerStatement* stmt) {
5216   DCHECK(!HasStackOverflow());
5217   DCHECK(current_block() != NULL);
5218   DCHECK(current_block()->HasPredecessor());
5219   return Bailout(kDebuggerStatement);
5220 }
5221 
5222 
VisitCaseClause(CaseClause * clause)5223 void HOptimizedGraphBuilder::VisitCaseClause(CaseClause* clause) {
5224   UNREACHABLE();
5225 }
5226 
5227 
VisitFunctionLiteral(FunctionLiteral * expr)5228 void HOptimizedGraphBuilder::VisitFunctionLiteral(FunctionLiteral* expr) {
5229   DCHECK(!HasStackOverflow());
5230   DCHECK(current_block() != NULL);
5231   DCHECK(current_block()->HasPredecessor());
5232   Handle<SharedFunctionInfo> shared_info = expr->shared_info();
5233   if (shared_info.is_null()) {
5234     shared_info =
5235         Compiler::BuildFunctionInfo(expr, current_info()->script(), top_info());
5236   }
5237   // We also have a stack overflow if the recursive compilation did.
5238   if (HasStackOverflow()) return;
5239   HFunctionLiteral* instr =
5240       New<HFunctionLiteral>(shared_info, expr->pretenure());
5241   return ast_context()->ReturnInstruction(instr, expr->id());
5242 }
5243 
5244 
VisitClassLiteral(ClassLiteral * lit)5245 void HOptimizedGraphBuilder::VisitClassLiteral(ClassLiteral* lit) {
5246   DCHECK(!HasStackOverflow());
5247   DCHECK(current_block() != NULL);
5248   DCHECK(current_block()->HasPredecessor());
5249   return Bailout(kClassLiteral);
5250 }
5251 
5252 
VisitNativeFunctionLiteral(NativeFunctionLiteral * expr)5253 void HOptimizedGraphBuilder::VisitNativeFunctionLiteral(
5254     NativeFunctionLiteral* expr) {
5255   DCHECK(!HasStackOverflow());
5256   DCHECK(current_block() != NULL);
5257   DCHECK(current_block()->HasPredecessor());
5258   return Bailout(kNativeFunctionLiteral);
5259 }
5260 
5261 
VisitConditional(Conditional * expr)5262 void HOptimizedGraphBuilder::VisitConditional(Conditional* expr) {
5263   DCHECK(!HasStackOverflow());
5264   DCHECK(current_block() != NULL);
5265   DCHECK(current_block()->HasPredecessor());
5266   HBasicBlock* cond_true = graph()->CreateBasicBlock();
5267   HBasicBlock* cond_false = graph()->CreateBasicBlock();
5268   CHECK_BAILOUT(VisitForControl(expr->condition(), cond_true, cond_false));
5269 
5270   // Visit the true and false subexpressions in the same AST context as the
5271   // whole expression.
5272   if (cond_true->HasPredecessor()) {
5273     cond_true->SetJoinId(expr->ThenId());
5274     set_current_block(cond_true);
5275     CHECK_BAILOUT(Visit(expr->then_expression()));
5276     cond_true = current_block();
5277   } else {
5278     cond_true = NULL;
5279   }
5280 
5281   if (cond_false->HasPredecessor()) {
5282     cond_false->SetJoinId(expr->ElseId());
5283     set_current_block(cond_false);
5284     CHECK_BAILOUT(Visit(expr->else_expression()));
5285     cond_false = current_block();
5286   } else {
5287     cond_false = NULL;
5288   }
5289 
5290   if (!ast_context()->IsTest()) {
5291     HBasicBlock* join = CreateJoin(cond_true, cond_false, expr->id());
5292     set_current_block(join);
5293     if (join != NULL && !ast_context()->IsEffect()) {
5294       return ast_context()->ReturnValue(Pop());
5295     }
5296   }
5297 }
5298 
5299 
5300 HOptimizedGraphBuilder::GlobalPropertyAccess
LookupGlobalProperty(Variable * var,LookupIterator * it,PropertyAccessType access_type)5301 HOptimizedGraphBuilder::LookupGlobalProperty(Variable* var, LookupIterator* it,
5302                                              PropertyAccessType access_type) {
5303   if (var->is_this() || !current_info()->has_global_object()) {
5304     return kUseGeneric;
5305   }
5306 
5307   switch (it->state()) {
5308     case LookupIterator::ACCESSOR:
5309     case LookupIterator::ACCESS_CHECK:
5310     case LookupIterator::INTERCEPTOR:
5311     case LookupIterator::NOT_FOUND:
5312       return kUseGeneric;
5313     case LookupIterator::DATA:
5314       if (access_type == STORE && it->IsReadOnly()) return kUseGeneric;
5315       return kUseCell;
5316     case LookupIterator::JSPROXY:
5317     case LookupIterator::TRANSITION:
5318       UNREACHABLE();
5319   }
5320   UNREACHABLE();
5321   return kUseGeneric;
5322 }
5323 
5324 
BuildContextChainWalk(Variable * var)5325 HValue* HOptimizedGraphBuilder::BuildContextChainWalk(Variable* var) {
5326   DCHECK(var->IsContextSlot());
5327   HValue* context = environment()->context();
5328   int length = scope()->ContextChainLength(var->scope());
5329   while (length-- > 0) {
5330     context = Add<HLoadNamedField>(
5331         context, static_cast<HValue*>(NULL),
5332         HObjectAccess::ForContextSlot(Context::PREVIOUS_INDEX));
5333   }
5334   return context;
5335 }
5336 
5337 
VisitVariableProxy(VariableProxy * expr)5338 void HOptimizedGraphBuilder::VisitVariableProxy(VariableProxy* expr) {
5339   if (expr->is_this()) {
5340     current_info()->set_this_has_uses(true);
5341   }
5342 
5343   DCHECK(!HasStackOverflow());
5344   DCHECK(current_block() != NULL);
5345   DCHECK(current_block()->HasPredecessor());
5346   Variable* variable = expr->var();
5347   switch (variable->location()) {
5348     case Variable::UNALLOCATED: {
5349       if (IsLexicalVariableMode(variable->mode())) {
5350         // TODO(rossberg): should this be an DCHECK?
5351         return Bailout(kReferenceToGlobalLexicalVariable);
5352       }
5353       // Handle known global constants like 'undefined' specially to avoid a
5354       // load from a global cell for them.
5355       Handle<Object> constant_value =
5356           isolate()->factory()->GlobalConstantFor(variable->name());
5357       if (!constant_value.is_null()) {
5358         HConstant* instr = New<HConstant>(constant_value);
5359         return ast_context()->ReturnInstruction(instr, expr->id());
5360       }
5361 
5362       Handle<GlobalObject> global(current_info()->global_object());
5363       LookupIterator it(global, variable->name(),
5364                         LookupIterator::OWN_SKIP_INTERCEPTOR);
5365       GlobalPropertyAccess type = LookupGlobalProperty(variable, &it, LOAD);
5366 
5367       if (type == kUseCell) {
5368         Handle<PropertyCell> cell = it.GetPropertyCell();
5369         if (cell->type()->IsConstant()) {
5370           PropertyCell::AddDependentCompilationInfo(cell, top_info());
5371           Handle<Object> constant_object = cell->type()->AsConstant()->Value();
5372           if (constant_object->IsConsString()) {
5373             constant_object =
5374                 String::Flatten(Handle<String>::cast(constant_object));
5375           }
5376           HConstant* constant = New<HConstant>(constant_object);
5377           return ast_context()->ReturnInstruction(constant, expr->id());
5378         } else {
5379           HLoadGlobalCell* instr =
5380               New<HLoadGlobalCell>(cell, it.property_details());
5381           return ast_context()->ReturnInstruction(instr, expr->id());
5382         }
5383       } else {
5384         HValue* global_object = Add<HLoadNamedField>(
5385             context(), static_cast<HValue*>(NULL),
5386             HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
5387         HLoadGlobalGeneric* instr =
5388             New<HLoadGlobalGeneric>(global_object,
5389                                     variable->name(),
5390                                     ast_context()->is_for_typeof());
5391         if (FLAG_vector_ics) {
5392           Handle<SharedFunctionInfo> current_shared =
5393               function_state()->compilation_info()->shared_info();
5394           instr->SetVectorAndSlot(
5395               handle(current_shared->feedback_vector(), isolate()),
5396               expr->VariableFeedbackSlot());
5397         }
5398         return ast_context()->ReturnInstruction(instr, expr->id());
5399       }
5400     }
5401 
5402     case Variable::PARAMETER:
5403     case Variable::LOCAL: {
5404       HValue* value = LookupAndMakeLive(variable);
5405       if (value == graph()->GetConstantHole()) {
5406         DCHECK(IsDeclaredVariableMode(variable->mode()) &&
5407                variable->mode() != VAR);
5408         return Bailout(kReferenceToUninitializedVariable);
5409       }
5410       return ast_context()->ReturnValue(value);
5411     }
5412 
5413     case Variable::CONTEXT: {
5414       HValue* context = BuildContextChainWalk(variable);
5415       HLoadContextSlot::Mode mode;
5416       switch (variable->mode()) {
5417         case LET:
5418         case CONST:
5419           mode = HLoadContextSlot::kCheckDeoptimize;
5420           break;
5421         case CONST_LEGACY:
5422           mode = HLoadContextSlot::kCheckReturnUndefined;
5423           break;
5424         default:
5425           mode = HLoadContextSlot::kNoCheck;
5426           break;
5427       }
5428       HLoadContextSlot* instr =
5429           new(zone()) HLoadContextSlot(context, variable->index(), mode);
5430       return ast_context()->ReturnInstruction(instr, expr->id());
5431     }
5432 
5433     case Variable::LOOKUP:
5434       return Bailout(kReferenceToAVariableWhichRequiresDynamicLookup);
5435   }
5436 }
5437 
5438 
VisitLiteral(Literal * expr)5439 void HOptimizedGraphBuilder::VisitLiteral(Literal* expr) {
5440   DCHECK(!HasStackOverflow());
5441   DCHECK(current_block() != NULL);
5442   DCHECK(current_block()->HasPredecessor());
5443   HConstant* instr = New<HConstant>(expr->value());
5444   return ast_context()->ReturnInstruction(instr, expr->id());
5445 }
5446 
5447 
VisitRegExpLiteral(RegExpLiteral * expr)5448 void HOptimizedGraphBuilder::VisitRegExpLiteral(RegExpLiteral* expr) {
5449   DCHECK(!HasStackOverflow());
5450   DCHECK(current_block() != NULL);
5451   DCHECK(current_block()->HasPredecessor());
5452   Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5453   Handle<FixedArray> literals(closure->literals());
5454   HRegExpLiteral* instr = New<HRegExpLiteral>(literals,
5455                                               expr->pattern(),
5456                                               expr->flags(),
5457                                               expr->literal_index());
5458   return ast_context()->ReturnInstruction(instr, expr->id());
5459 }
5460 
5461 
CanInlinePropertyAccess(Type * type)5462 static bool CanInlinePropertyAccess(Type* type) {
5463   if (type->Is(Type::NumberOrString())) return true;
5464   if (!type->IsClass()) return false;
5465   Handle<Map> map = type->AsClass()->Map();
5466   return map->IsJSObjectMap() &&
5467       !map->is_dictionary_map() &&
5468       !map->has_named_interceptor();
5469 }
5470 
5471 
5472 // Determines whether the given array or object literal boilerplate satisfies
5473 // all limits to be considered for fast deep-copying and computes the total
5474 // size of all objects that are part of the graph.
IsFastLiteral(Handle<JSObject> boilerplate,int max_depth,int * max_properties)5475 static bool IsFastLiteral(Handle<JSObject> boilerplate,
5476                           int max_depth,
5477                           int* max_properties) {
5478   if (boilerplate->map()->is_deprecated() &&
5479       !JSObject::TryMigrateInstance(boilerplate)) {
5480     return false;
5481   }
5482 
5483   DCHECK(max_depth >= 0 && *max_properties >= 0);
5484   if (max_depth == 0) return false;
5485 
5486   Isolate* isolate = boilerplate->GetIsolate();
5487   Handle<FixedArrayBase> elements(boilerplate->elements());
5488   if (elements->length() > 0 &&
5489       elements->map() != isolate->heap()->fixed_cow_array_map()) {
5490     if (boilerplate->HasFastObjectElements()) {
5491       Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
5492       int length = elements->length();
5493       for (int i = 0; i < length; i++) {
5494         if ((*max_properties)-- == 0) return false;
5495         Handle<Object> value(fast_elements->get(i), isolate);
5496         if (value->IsJSObject()) {
5497           Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5498           if (!IsFastLiteral(value_object,
5499                              max_depth - 1,
5500                              max_properties)) {
5501             return false;
5502           }
5503         }
5504       }
5505     } else if (!boilerplate->HasFastDoubleElements()) {
5506       return false;
5507     }
5508   }
5509 
5510   Handle<FixedArray> properties(boilerplate->properties());
5511   if (properties->length() > 0) {
5512     return false;
5513   } else {
5514     Handle<DescriptorArray> descriptors(
5515         boilerplate->map()->instance_descriptors());
5516     int limit = boilerplate->map()->NumberOfOwnDescriptors();
5517     for (int i = 0; i < limit; i++) {
5518       PropertyDetails details = descriptors->GetDetails(i);
5519       if (details.type() != FIELD) continue;
5520       int index = descriptors->GetFieldIndex(i);
5521       if ((*max_properties)-- == 0) return false;
5522       Handle<Object> value(boilerplate->InObjectPropertyAt(index), isolate);
5523       if (value->IsJSObject()) {
5524         Handle<JSObject> value_object = Handle<JSObject>::cast(value);
5525         if (!IsFastLiteral(value_object,
5526                            max_depth - 1,
5527                            max_properties)) {
5528           return false;
5529         }
5530       }
5531     }
5532   }
5533   return true;
5534 }
5535 
5536 
VisitObjectLiteral(ObjectLiteral * expr)5537 void HOptimizedGraphBuilder::VisitObjectLiteral(ObjectLiteral* expr) {
5538   DCHECK(!HasStackOverflow());
5539   DCHECK(current_block() != NULL);
5540   DCHECK(current_block()->HasPredecessor());
5541   expr->BuildConstantProperties(isolate());
5542   Handle<JSFunction> closure = function_state()->compilation_info()->closure();
5543   HInstruction* literal;
5544 
5545   // Check whether to use fast or slow deep-copying for boilerplate.
5546   int max_properties = kMaxFastLiteralProperties;
5547   Handle<Object> literals_cell(closure->literals()->get(expr->literal_index()),
5548                                isolate());
5549   Handle<AllocationSite> site;
5550   Handle<JSObject> boilerplate;
5551   if (!literals_cell->IsUndefined()) {
5552     // Retrieve the boilerplate
5553     site = Handle<AllocationSite>::cast(literals_cell);
5554     boilerplate = Handle<JSObject>(JSObject::cast(site->transition_info()),
5555                                    isolate());
5556   }
5557 
5558   if (!boilerplate.is_null() &&
5559       IsFastLiteral(boilerplate, kMaxFastLiteralDepth, &max_properties)) {
5560     AllocationSiteUsageContext usage_context(isolate(), site, false);
5561     usage_context.EnterNewScope();
5562     literal = BuildFastLiteral(boilerplate, &usage_context);
5563     usage_context.ExitScope(site, boilerplate);
5564   } else {
5565     NoObservableSideEffectsScope no_effects(this);
5566     Handle<FixedArray> closure_literals(closure->literals(), isolate());
5567     Handle<FixedArray> constant_properties = expr->constant_properties();
5568     int literal_index = expr->literal_index();
5569     int flags = expr->fast_elements()
5570         ? ObjectLiteral::kFastElements : ObjectLiteral::kNoFlags;
5571     flags |= expr->has_function()
5572         ? ObjectLiteral::kHasFunction : ObjectLiteral::kNoFlags;
5573 
5574     Add<HPushArguments>(Add<HConstant>(closure_literals),
5575                         Add<HConstant>(literal_index),
5576                         Add<HConstant>(constant_properties),
5577                         Add<HConstant>(flags));
5578 
5579     // TODO(mvstanton): Add a flag to turn off creation of any
5580     // AllocationMementos for this call: we are in crankshaft and should have
5581     // learned enough about transition behavior to stop emitting mementos.
5582     Runtime::FunctionId function_id = Runtime::kCreateObjectLiteral;
5583     literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5584                                 Runtime::FunctionForId(function_id),
5585                                 4);
5586   }
5587 
5588   // The object is expected in the bailout environment during computation
5589   // of the property values and is the value of the entire expression.
5590   Push(literal);
5591 
5592   expr->CalculateEmitStore(zone());
5593 
5594   for (int i = 0; i < expr->properties()->length(); i++) {
5595     ObjectLiteral::Property* property = expr->properties()->at(i);
5596     if (property->IsCompileTimeValue()) continue;
5597 
5598     Literal* key = property->key();
5599     Expression* value = property->value();
5600 
5601     switch (property->kind()) {
5602       case ObjectLiteral::Property::MATERIALIZED_LITERAL:
5603         DCHECK(!CompileTimeValue::IsCompileTimeValue(value));
5604         // Fall through.
5605       case ObjectLiteral::Property::COMPUTED:
5606         if (key->value()->IsInternalizedString()) {
5607           if (property->emit_store()) {
5608             CHECK_ALIVE(VisitForValue(value));
5609             HValue* value = Pop();
5610             Handle<Map> map = property->GetReceiverType();
5611             Handle<String> name = property->key()->AsPropertyName();
5612             HInstruction* store;
5613             if (map.is_null()) {
5614               // If we don't know the monomorphic type, do a generic store.
5615               CHECK_ALIVE(store = BuildNamedGeneric(
5616                   STORE, NULL, literal, name, value));
5617             } else {
5618               PropertyAccessInfo info(this, STORE, ToType(map), name);
5619               if (info.CanAccessMonomorphic()) {
5620                 HValue* checked_literal = Add<HCheckMaps>(literal, map);
5621                 DCHECK(!info.IsAccessor());
5622                 store = BuildMonomorphicAccess(
5623                     &info, literal, checked_literal, value,
5624                     BailoutId::None(), BailoutId::None());
5625               } else {
5626                 CHECK_ALIVE(store = BuildNamedGeneric(
5627                     STORE, NULL, literal, name, value));
5628               }
5629             }
5630             AddInstruction(store);
5631             if (store->HasObservableSideEffects()) {
5632               Add<HSimulate>(key->id(), REMOVABLE_SIMULATE);
5633             }
5634           } else {
5635             CHECK_ALIVE(VisitForEffect(value));
5636           }
5637           break;
5638         }
5639         // Fall through.
5640       case ObjectLiteral::Property::PROTOTYPE:
5641       case ObjectLiteral::Property::SETTER:
5642       case ObjectLiteral::Property::GETTER:
5643         return Bailout(kObjectLiteralWithComplexProperty);
5644       default: UNREACHABLE();
5645     }
5646   }
5647 
5648   if (expr->has_function()) {
5649     // Return the result of the transformation to fast properties
5650     // instead of the original since this operation changes the map
5651     // of the object. This makes sure that the original object won't
5652     // be used by other optimized code before it is transformed
5653     // (e.g. because of code motion).
5654     HToFastProperties* result = Add<HToFastProperties>(Pop());
5655     return ast_context()->ReturnValue(result);
5656   } else {
5657     return ast_context()->ReturnValue(Pop());
5658   }
5659 }
5660 
5661 
VisitArrayLiteral(ArrayLiteral * expr)5662 void HOptimizedGraphBuilder::VisitArrayLiteral(ArrayLiteral* expr) {
5663   DCHECK(!HasStackOverflow());
5664   DCHECK(current_block() != NULL);
5665   DCHECK(current_block()->HasPredecessor());
5666   expr->BuildConstantElements(isolate());
5667   ZoneList<Expression*>* subexprs = expr->values();
5668   int length = subexprs->length();
5669   HInstruction* literal;
5670 
5671   Handle<AllocationSite> site;
5672   Handle<FixedArray> literals(environment()->closure()->literals(), isolate());
5673   bool uninitialized = false;
5674   Handle<Object> literals_cell(literals->get(expr->literal_index()),
5675                                isolate());
5676   Handle<JSObject> boilerplate_object;
5677   if (literals_cell->IsUndefined()) {
5678     uninitialized = true;
5679     Handle<Object> raw_boilerplate;
5680     ASSIGN_RETURN_ON_EXCEPTION_VALUE(
5681         isolate(), raw_boilerplate,
5682         Runtime::CreateArrayLiteralBoilerplate(
5683             isolate(), literals, expr->constant_elements()),
5684         Bailout(kArrayBoilerplateCreationFailed));
5685 
5686     boilerplate_object = Handle<JSObject>::cast(raw_boilerplate);
5687     AllocationSiteCreationContext creation_context(isolate());
5688     site = creation_context.EnterNewScope();
5689     if (JSObject::DeepWalk(boilerplate_object, &creation_context).is_null()) {
5690       return Bailout(kArrayBoilerplateCreationFailed);
5691     }
5692     creation_context.ExitScope(site, boilerplate_object);
5693     literals->set(expr->literal_index(), *site);
5694 
5695     if (boilerplate_object->elements()->map() ==
5696         isolate()->heap()->fixed_cow_array_map()) {
5697       isolate()->counters()->cow_arrays_created_runtime()->Increment();
5698     }
5699   } else {
5700     DCHECK(literals_cell->IsAllocationSite());
5701     site = Handle<AllocationSite>::cast(literals_cell);
5702     boilerplate_object = Handle<JSObject>(
5703         JSObject::cast(site->transition_info()), isolate());
5704   }
5705 
5706   DCHECK(!boilerplate_object.is_null());
5707   DCHECK(site->SitePointsToLiteral());
5708 
5709   ElementsKind boilerplate_elements_kind =
5710       boilerplate_object->GetElementsKind();
5711 
5712   // Check whether to use fast or slow deep-copying for boilerplate.
5713   int max_properties = kMaxFastLiteralProperties;
5714   if (IsFastLiteral(boilerplate_object,
5715                     kMaxFastLiteralDepth,
5716                     &max_properties)) {
5717     AllocationSiteUsageContext usage_context(isolate(), site, false);
5718     usage_context.EnterNewScope();
5719     literal = BuildFastLiteral(boilerplate_object, &usage_context);
5720     usage_context.ExitScope(site, boilerplate_object);
5721   } else {
5722     NoObservableSideEffectsScope no_effects(this);
5723     // Boilerplate already exists and constant elements are never accessed,
5724     // pass an empty fixed array to the runtime function instead.
5725     Handle<FixedArray> constants = isolate()->factory()->empty_fixed_array();
5726     int literal_index = expr->literal_index();
5727     int flags = expr->depth() == 1
5728         ? ArrayLiteral::kShallowElements
5729         : ArrayLiteral::kNoFlags;
5730     flags |= ArrayLiteral::kDisableMementos;
5731 
5732     Add<HPushArguments>(Add<HConstant>(literals),
5733                         Add<HConstant>(literal_index),
5734                         Add<HConstant>(constants),
5735                         Add<HConstant>(flags));
5736 
5737     // TODO(mvstanton): Consider a flag to turn off creation of any
5738     // AllocationMementos for this call: we are in crankshaft and should have
5739     // learned enough about transition behavior to stop emitting mementos.
5740     Runtime::FunctionId function_id = Runtime::kCreateArrayLiteral;
5741     literal = Add<HCallRuntime>(isolate()->factory()->empty_string(),
5742                                 Runtime::FunctionForId(function_id),
5743                                 4);
5744 
5745     // De-opt if elements kind changed from boilerplate_elements_kind.
5746     Handle<Map> map = Handle<Map>(boilerplate_object->map(), isolate());
5747     literal = Add<HCheckMaps>(literal, map);
5748   }
5749 
5750   // The array is expected in the bailout environment during computation
5751   // of the property values and is the value of the entire expression.
5752   Push(literal);
5753   // The literal index is on the stack, too.
5754   Push(Add<HConstant>(expr->literal_index()));
5755 
5756   HInstruction* elements = NULL;
5757 
5758   for (int i = 0; i < length; i++) {
5759     Expression* subexpr = subexprs->at(i);
5760     // If the subexpression is a literal or a simple materialized literal it
5761     // is already set in the cloned array.
5762     if (CompileTimeValue::IsCompileTimeValue(subexpr)) continue;
5763 
5764     CHECK_ALIVE(VisitForValue(subexpr));
5765     HValue* value = Pop();
5766     if (!Smi::IsValid(i)) return Bailout(kNonSmiKeyInArrayLiteral);
5767 
5768     elements = AddLoadElements(literal);
5769 
5770     HValue* key = Add<HConstant>(i);
5771 
5772     switch (boilerplate_elements_kind) {
5773       case FAST_SMI_ELEMENTS:
5774       case FAST_HOLEY_SMI_ELEMENTS:
5775       case FAST_ELEMENTS:
5776       case FAST_HOLEY_ELEMENTS:
5777       case FAST_DOUBLE_ELEMENTS:
5778       case FAST_HOLEY_DOUBLE_ELEMENTS: {
5779         HStoreKeyed* instr = Add<HStoreKeyed>(elements, key, value,
5780                                               boilerplate_elements_kind);
5781         instr->SetUninitialized(uninitialized);
5782         break;
5783       }
5784       default:
5785         UNREACHABLE();
5786         break;
5787     }
5788 
5789     Add<HSimulate>(expr->GetIdForElement(i));
5790   }
5791 
5792   Drop(1);  // array literal index
5793   return ast_context()->ReturnValue(Pop());
5794 }
5795 
5796 
AddCheckMap(HValue * object,Handle<Map> map)5797 HCheckMaps* HOptimizedGraphBuilder::AddCheckMap(HValue* object,
5798                                                 Handle<Map> map) {
5799   BuildCheckHeapObject(object);
5800   return Add<HCheckMaps>(object, map);
5801 }
5802 
5803 
BuildLoadNamedField(PropertyAccessInfo * info,HValue * checked_object)5804 HInstruction* HOptimizedGraphBuilder::BuildLoadNamedField(
5805     PropertyAccessInfo* info,
5806     HValue* checked_object) {
5807   // See if this is a load for an immutable property
5808   if (checked_object->ActualValue()->IsConstant()) {
5809     Handle<Object> object(
5810         HConstant::cast(checked_object->ActualValue())->handle(isolate()));
5811 
5812     if (object->IsJSObject()) {
5813       LookupIterator it(object, info->name(),
5814                         LookupIterator::OWN_SKIP_INTERCEPTOR);
5815       Handle<Object> value = JSObject::GetDataProperty(&it);
5816       if (it.IsFound() && it.IsReadOnly() && !it.IsConfigurable()) {
5817         return New<HConstant>(value);
5818       }
5819     }
5820   }
5821 
5822   HObjectAccess access = info->access();
5823   if (access.representation().IsDouble()) {
5824     // Load the heap number.
5825     checked_object = Add<HLoadNamedField>(
5826         checked_object, static_cast<HValue*>(NULL),
5827         access.WithRepresentation(Representation::Tagged()));
5828     // Load the double value from it.
5829     access = HObjectAccess::ForHeapNumberValue();
5830   }
5831 
5832   SmallMapList* map_list = info->field_maps();
5833   if (map_list->length() == 0) {
5834     return New<HLoadNamedField>(checked_object, checked_object, access);
5835   }
5836 
5837   UniqueSet<Map>* maps = new(zone()) UniqueSet<Map>(map_list->length(), zone());
5838   for (int i = 0; i < map_list->length(); ++i) {
5839     maps->Add(Unique<Map>::CreateImmovable(map_list->at(i)), zone());
5840   }
5841   return New<HLoadNamedField>(
5842       checked_object, checked_object, access, maps, info->field_type());
5843 }
5844 
5845 
BuildStoreNamedField(PropertyAccessInfo * info,HValue * checked_object,HValue * value)5846 HInstruction* HOptimizedGraphBuilder::BuildStoreNamedField(
5847     PropertyAccessInfo* info,
5848     HValue* checked_object,
5849     HValue* value) {
5850   bool transition_to_field = info->IsTransition();
5851   // TODO(verwaest): Move this logic into PropertyAccessInfo.
5852   HObjectAccess field_access = info->access();
5853 
5854   HStoreNamedField *instr;
5855   if (field_access.representation().IsDouble()) {
5856     HObjectAccess heap_number_access =
5857         field_access.WithRepresentation(Representation::Tagged());
5858     if (transition_to_field) {
5859       // The store requires a mutable HeapNumber to be allocated.
5860       NoObservableSideEffectsScope no_side_effects(this);
5861       HInstruction* heap_number_size = Add<HConstant>(HeapNumber::kSize);
5862 
5863       // TODO(hpayer): Allocation site pretenuring support.
5864       HInstruction* heap_number = Add<HAllocate>(heap_number_size,
5865           HType::HeapObject(),
5866           NOT_TENURED,
5867           MUTABLE_HEAP_NUMBER_TYPE);
5868       AddStoreMapConstant(
5869           heap_number, isolate()->factory()->mutable_heap_number_map());
5870       Add<HStoreNamedField>(heap_number, HObjectAccess::ForHeapNumberValue(),
5871                             value);
5872       instr = New<HStoreNamedField>(checked_object->ActualValue(),
5873                                     heap_number_access,
5874                                     heap_number);
5875     } else {
5876       // Already holds a HeapNumber; load the box and write its value field.
5877       HInstruction* heap_number = Add<HLoadNamedField>(
5878           checked_object, static_cast<HValue*>(NULL), heap_number_access);
5879       instr = New<HStoreNamedField>(heap_number,
5880                                     HObjectAccess::ForHeapNumberValue(),
5881                                     value, STORE_TO_INITIALIZED_ENTRY);
5882     }
5883   } else {
5884     if (field_access.representation().IsHeapObject()) {
5885       BuildCheckHeapObject(value);
5886     }
5887 
5888     if (!info->field_maps()->is_empty()) {
5889       DCHECK(field_access.representation().IsHeapObject());
5890       value = Add<HCheckMaps>(value, info->field_maps());
5891     }
5892 
5893     // This is a normal store.
5894     instr = New<HStoreNamedField>(
5895         checked_object->ActualValue(), field_access, value,
5896         transition_to_field ? INITIALIZING_STORE : STORE_TO_INITIALIZED_ENTRY);
5897   }
5898 
5899   if (transition_to_field) {
5900     Handle<Map> transition(info->transition());
5901     DCHECK(!transition->is_deprecated());
5902     instr->SetTransition(Add<HConstant>(transition));
5903   }
5904   return instr;
5905 }
5906 
5907 
IsCompatible(PropertyAccessInfo * info)5908 bool HOptimizedGraphBuilder::PropertyAccessInfo::IsCompatible(
5909     PropertyAccessInfo* info) {
5910   if (!CanInlinePropertyAccess(type_)) return false;
5911 
5912   // Currently only handle Type::Number as a polymorphic case.
5913   // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
5914   // instruction.
5915   if (type_->Is(Type::Number())) return false;
5916 
5917   // Values are only compatible for monomorphic load if they all behave the same
5918   // regarding value wrappers.
5919   if (type_->Is(Type::NumberOrString())) {
5920     if (!info->type_->Is(Type::NumberOrString())) return false;
5921   } else {
5922     if (info->type_->Is(Type::NumberOrString())) return false;
5923   }
5924 
5925   if (!LookupDescriptor()) return false;
5926 
5927   if (!IsFound()) {
5928     return (!info->IsFound() || info->has_holder()) &&
5929            map()->prototype() == info->map()->prototype();
5930   }
5931 
5932   // Mismatch if the other access info found the property in the prototype
5933   // chain.
5934   if (info->has_holder()) return false;
5935 
5936   if (IsAccessor()) {
5937     return accessor_.is_identical_to(info->accessor_) &&
5938         api_holder_.is_identical_to(info->api_holder_);
5939   }
5940 
5941   if (IsConstant()) {
5942     return constant_.is_identical_to(info->constant_);
5943   }
5944 
5945   DCHECK(IsField());
5946   if (!info->IsField()) return false;
5947 
5948   Representation r = access_.representation();
5949   if (IsLoad()) {
5950     if (!info->access_.representation().IsCompatibleForLoad(r)) return false;
5951   } else {
5952     if (!info->access_.representation().IsCompatibleForStore(r)) return false;
5953   }
5954   if (info->access_.offset() != access_.offset()) return false;
5955   if (info->access_.IsInobject() != access_.IsInobject()) return false;
5956   if (IsLoad()) {
5957     if (field_maps_.is_empty()) {
5958       info->field_maps_.Clear();
5959     } else if (!info->field_maps_.is_empty()) {
5960       for (int i = 0; i < field_maps_.length(); ++i) {
5961         info->field_maps_.AddMapIfMissing(field_maps_.at(i), info->zone());
5962       }
5963       info->field_maps_.Sort();
5964     }
5965   } else {
5966     // We can only merge stores that agree on their field maps. The comparison
5967     // below is safe, since we keep the field maps sorted.
5968     if (field_maps_.length() != info->field_maps_.length()) return false;
5969     for (int i = 0; i < field_maps_.length(); ++i) {
5970       if (!field_maps_.at(i).is_identical_to(info->field_maps_.at(i))) {
5971         return false;
5972       }
5973     }
5974   }
5975   info->GeneralizeRepresentation(r);
5976   info->field_type_ = info->field_type_.Combine(field_type_);
5977   return true;
5978 }
5979 
5980 
LookupDescriptor()5981 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupDescriptor() {
5982   if (!type_->IsClass()) return true;
5983   map()->LookupDescriptor(NULL, *name_, &lookup_);
5984   return LoadResult(map());
5985 }
5986 
5987 
LoadResult(Handle<Map> map)5988 bool HOptimizedGraphBuilder::PropertyAccessInfo::LoadResult(Handle<Map> map) {
5989   if (!IsLoad() && IsProperty() && IsReadOnly()) {
5990     return false;
5991   }
5992 
5993   if (IsField()) {
5994     // Construct the object field access.
5995     int index = GetLocalFieldIndexFromMap(map);
5996     access_ = HObjectAccess::ForField(map, index, representation(), name_);
5997 
5998     // Load field map for heap objects.
5999     LoadFieldMaps(map);
6000   } else if (IsAccessor()) {
6001     Handle<Object> accessors = GetAccessorsFromMap(map);
6002     if (!accessors->IsAccessorPair()) return false;
6003     Object* raw_accessor =
6004         IsLoad() ? Handle<AccessorPair>::cast(accessors)->getter()
6005                  : Handle<AccessorPair>::cast(accessors)->setter();
6006     if (!raw_accessor->IsJSFunction()) return false;
6007     Handle<JSFunction> accessor = handle(JSFunction::cast(raw_accessor));
6008     if (accessor->shared()->IsApiFunction()) {
6009       CallOptimization call_optimization(accessor);
6010       if (call_optimization.is_simple_api_call()) {
6011         CallOptimization::HolderLookup holder_lookup;
6012         Handle<Map> receiver_map = this->map();
6013         api_holder_ = call_optimization.LookupHolderOfExpectedType(
6014             receiver_map, &holder_lookup);
6015       }
6016     }
6017     accessor_ = accessor;
6018   } else if (IsConstant()) {
6019     constant_ = GetConstantFromMap(map);
6020   }
6021 
6022   return true;
6023 }
6024 
6025 
LoadFieldMaps(Handle<Map> map)6026 void HOptimizedGraphBuilder::PropertyAccessInfo::LoadFieldMaps(
6027     Handle<Map> map) {
6028   // Clear any previously collected field maps/type.
6029   field_maps_.Clear();
6030   field_type_ = HType::Tagged();
6031 
6032   // Figure out the field type from the accessor map.
6033   Handle<HeapType> field_type = GetFieldTypeFromMap(map);
6034 
6035   // Collect the (stable) maps from the field type.
6036   int num_field_maps = field_type->NumClasses();
6037   if (num_field_maps == 0) return;
6038   DCHECK(access_.representation().IsHeapObject());
6039   field_maps_.Reserve(num_field_maps, zone());
6040   HeapType::Iterator<Map> it = field_type->Classes();
6041   while (!it.Done()) {
6042     Handle<Map> field_map = it.Current();
6043     if (!field_map->is_stable()) {
6044       field_maps_.Clear();
6045       return;
6046     }
6047     field_maps_.Add(field_map, zone());
6048     it.Advance();
6049   }
6050   field_maps_.Sort();
6051   DCHECK_EQ(num_field_maps, field_maps_.length());
6052 
6053   // Determine field HType from field HeapType.
6054   field_type_ = HType::FromType<HeapType>(field_type);
6055   DCHECK(field_type_.IsHeapObject());
6056 
6057   // Add dependency on the map that introduced the field.
6058   Map::AddDependentCompilationInfo(GetFieldOwnerFromMap(map),
6059                                    DependentCode::kFieldTypeGroup, top_info());
6060 }
6061 
6062 
LookupInPrototypes()6063 bool HOptimizedGraphBuilder::PropertyAccessInfo::LookupInPrototypes() {
6064   Handle<Map> map = this->map();
6065 
6066   while (map->prototype()->IsJSObject()) {
6067     holder_ = handle(JSObject::cast(map->prototype()));
6068     if (holder_->map()->is_deprecated()) {
6069       JSObject::TryMigrateInstance(holder_);
6070     }
6071     map = Handle<Map>(holder_->map());
6072     if (!CanInlinePropertyAccess(ToType(map))) {
6073       lookup_.NotFound();
6074       return false;
6075     }
6076     map->LookupDescriptor(*holder_, *name_, &lookup_);
6077     if (IsFound()) return LoadResult(map);
6078   }
6079   lookup_.NotFound();
6080   return true;
6081 }
6082 
6083 
CanAccessMonomorphic()6084 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessMonomorphic() {
6085   if (!CanInlinePropertyAccess(type_)) return false;
6086   if (IsJSObjectFieldAccessor()) return IsLoad();
6087   if (this->map()->function_with_prototype() &&
6088       !this->map()->has_non_instance_prototype() &&
6089       name_.is_identical_to(isolate()->factory()->prototype_string())) {
6090     return IsLoad();
6091   }
6092   if (!LookupDescriptor()) return false;
6093   if (IsFound()) return IsLoad() || !IsReadOnly();
6094   if (!LookupInPrototypes()) return false;
6095   if (IsLoad()) return true;
6096 
6097   if (IsAccessor()) return true;
6098   Handle<Map> map = this->map();
6099   map->LookupTransition(NULL, *name_, &lookup_);
6100   if (lookup_.IsTransitionToField() && map->unused_property_fields() > 0) {
6101     // Construct the object field access.
6102     int descriptor = transition()->LastAdded();
6103     int index =
6104         transition()->instance_descriptors()->GetFieldIndex(descriptor) -
6105         map->inobject_properties();
6106     PropertyDetails details =
6107         transition()->instance_descriptors()->GetDetails(descriptor);
6108     Representation representation = details.representation();
6109     access_ = HObjectAccess::ForField(map, index, representation, name_);
6110 
6111     // Load field map for heap objects.
6112     LoadFieldMaps(transition());
6113     return true;
6114   }
6115   return false;
6116 }
6117 
6118 
CanAccessAsMonomorphic(SmallMapList * types)6119 bool HOptimizedGraphBuilder::PropertyAccessInfo::CanAccessAsMonomorphic(
6120     SmallMapList* types) {
6121   DCHECK(type_->Is(ToType(types->first())));
6122   if (!CanAccessMonomorphic()) return false;
6123   STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6124   if (types->length() > kMaxLoadPolymorphism) return false;
6125 
6126   HObjectAccess access = HObjectAccess::ForMap();  // bogus default
6127   if (GetJSObjectFieldAccess(&access)) {
6128     for (int i = 1; i < types->length(); ++i) {
6129       PropertyAccessInfo test_info(
6130           builder_, access_type_, ToType(types->at(i)), name_);
6131       HObjectAccess test_access = HObjectAccess::ForMap();  // bogus default
6132       if (!test_info.GetJSObjectFieldAccess(&test_access)) return false;
6133       if (!access.Equals(test_access)) return false;
6134     }
6135     return true;
6136   }
6137 
6138   // Currently only handle Type::Number as a polymorphic case.
6139   // TODO(verwaest): Support monomorphic handling of numbers with a HCheckNumber
6140   // instruction.
6141   if (type_->Is(Type::Number())) return false;
6142 
6143   // Multiple maps cannot transition to the same target map.
6144   DCHECK(!IsLoad() || !IsTransition());
6145   if (IsTransition() && types->length() > 1) return false;
6146 
6147   for (int i = 1; i < types->length(); ++i) {
6148     PropertyAccessInfo test_info(
6149         builder_, access_type_, ToType(types->at(i)), name_);
6150     if (!test_info.IsCompatible(this)) return false;
6151   }
6152 
6153   return true;
6154 }
6155 
6156 
map()6157 Handle<Map> HOptimizedGraphBuilder::PropertyAccessInfo::map() {
6158   JSFunction* ctor = IC::GetRootConstructor(
6159       type_, current_info()->closure()->context()->native_context());
6160   if (ctor != NULL) return handle(ctor->initial_map());
6161   return type_->AsClass()->Map();
6162 }
6163 
6164 
NeedsWrappingFor(Type * type,Handle<JSFunction> target)6165 static bool NeedsWrappingFor(Type* type, Handle<JSFunction> target) {
6166   return type->Is(Type::NumberOrString()) &&
6167       target->shared()->strict_mode() == SLOPPY &&
6168       !target->shared()->native();
6169 }
6170 
6171 
BuildMonomorphicAccess(PropertyAccessInfo * info,HValue * object,HValue * checked_object,HValue * value,BailoutId ast_id,BailoutId return_id,bool can_inline_accessor)6172 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicAccess(
6173     PropertyAccessInfo* info,
6174     HValue* object,
6175     HValue* checked_object,
6176     HValue* value,
6177     BailoutId ast_id,
6178     BailoutId return_id,
6179     bool can_inline_accessor) {
6180 
6181   HObjectAccess access = HObjectAccess::ForMap();  // bogus default
6182   if (info->GetJSObjectFieldAccess(&access)) {
6183     DCHECK(info->IsLoad());
6184     return New<HLoadNamedField>(object, checked_object, access);
6185   }
6186 
6187   if (info->name().is_identical_to(isolate()->factory()->prototype_string()) &&
6188       info->map()->function_with_prototype()) {
6189     DCHECK(!info->map()->has_non_instance_prototype());
6190     return New<HLoadFunctionPrototype>(checked_object);
6191   }
6192 
6193   HValue* checked_holder = checked_object;
6194   if (info->has_holder()) {
6195     Handle<JSObject> prototype(JSObject::cast(info->map()->prototype()));
6196     checked_holder = BuildCheckPrototypeMaps(prototype, info->holder());
6197   }
6198 
6199   if (!info->IsFound()) {
6200     DCHECK(info->IsLoad());
6201     return graph()->GetConstantUndefined();
6202   }
6203 
6204   if (info->IsField()) {
6205     if (info->IsLoad()) {
6206       return BuildLoadNamedField(info, checked_holder);
6207     } else {
6208       return BuildStoreNamedField(info, checked_object, value);
6209     }
6210   }
6211 
6212   if (info->IsTransition()) {
6213     DCHECK(!info->IsLoad());
6214     return BuildStoreNamedField(info, checked_object, value);
6215   }
6216 
6217   if (info->IsAccessor()) {
6218     Push(checked_object);
6219     int argument_count = 1;
6220     if (!info->IsLoad()) {
6221       argument_count = 2;
6222       Push(value);
6223     }
6224 
6225     if (NeedsWrappingFor(info->type(), info->accessor())) {
6226       HValue* function = Add<HConstant>(info->accessor());
6227       PushArgumentsFromEnvironment(argument_count);
6228       return New<HCallFunction>(function, argument_count, WRAP_AND_CALL);
6229     } else if (FLAG_inline_accessors && can_inline_accessor) {
6230       bool success = info->IsLoad()
6231           ? TryInlineGetter(info->accessor(), info->map(), ast_id, return_id)
6232           : TryInlineSetter(
6233               info->accessor(), info->map(), ast_id, return_id, value);
6234       if (success || HasStackOverflow()) return NULL;
6235     }
6236 
6237     PushArgumentsFromEnvironment(argument_count);
6238     return BuildCallConstantFunction(info->accessor(), argument_count);
6239   }
6240 
6241   DCHECK(info->IsConstant());
6242   if (info->IsLoad()) {
6243     return New<HConstant>(info->constant());
6244   } else {
6245     return New<HCheckValue>(value, Handle<JSFunction>::cast(info->constant()));
6246   }
6247 }
6248 
6249 
HandlePolymorphicNamedFieldAccess(PropertyAccessType access_type,Expression * expr,BailoutId ast_id,BailoutId return_id,HValue * object,HValue * value,SmallMapList * types,Handle<String> name)6250 void HOptimizedGraphBuilder::HandlePolymorphicNamedFieldAccess(
6251     PropertyAccessType access_type,
6252     Expression* expr,
6253     BailoutId ast_id,
6254     BailoutId return_id,
6255     HValue* object,
6256     HValue* value,
6257     SmallMapList* types,
6258     Handle<String> name) {
6259   // Something did not match; must use a polymorphic load.
6260   int count = 0;
6261   HBasicBlock* join = NULL;
6262   HBasicBlock* number_block = NULL;
6263   bool handled_string = false;
6264 
6265   bool handle_smi = false;
6266   STATIC_ASSERT(kMaxLoadPolymorphism == kMaxStorePolymorphism);
6267   int i;
6268   for (i = 0; i < types->length() && count < kMaxLoadPolymorphism; ++i) {
6269     PropertyAccessInfo info(this, access_type, ToType(types->at(i)), name);
6270     if (info.type()->Is(Type::String())) {
6271       if (handled_string) continue;
6272       handled_string = true;
6273     }
6274     if (info.CanAccessMonomorphic()) {
6275       count++;
6276       if (info.type()->Is(Type::Number())) {
6277         handle_smi = true;
6278         break;
6279       }
6280     }
6281   }
6282 
6283   if (i < types->length()) {
6284     count = -1;
6285     types->Clear();
6286   } else {
6287     count = 0;
6288   }
6289   HControlInstruction* smi_check = NULL;
6290   handled_string = false;
6291 
6292   for (int i = 0; i < types->length() && count < kMaxLoadPolymorphism; ++i) {
6293     PropertyAccessInfo info(this, access_type, ToType(types->at(i)), name);
6294     if (info.type()->Is(Type::String())) {
6295       if (handled_string) continue;
6296       handled_string = true;
6297     }
6298     if (!info.CanAccessMonomorphic()) continue;
6299 
6300     if (count == 0) {
6301       join = graph()->CreateBasicBlock();
6302       if (handle_smi) {
6303         HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
6304         HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
6305         number_block = graph()->CreateBasicBlock();
6306         smi_check = New<HIsSmiAndBranch>(
6307             object, empty_smi_block, not_smi_block);
6308         FinishCurrentBlock(smi_check);
6309         GotoNoSimulate(empty_smi_block, number_block);
6310         set_current_block(not_smi_block);
6311       } else {
6312         BuildCheckHeapObject(object);
6313       }
6314     }
6315     ++count;
6316     HBasicBlock* if_true = graph()->CreateBasicBlock();
6317     HBasicBlock* if_false = graph()->CreateBasicBlock();
6318     HUnaryControlInstruction* compare;
6319 
6320     HValue* dependency;
6321     if (info.type()->Is(Type::Number())) {
6322       Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
6323       compare = New<HCompareMap>(object, heap_number_map, if_true, if_false);
6324       dependency = smi_check;
6325     } else if (info.type()->Is(Type::String())) {
6326       compare = New<HIsStringAndBranch>(object, if_true, if_false);
6327       dependency = compare;
6328     } else {
6329       compare = New<HCompareMap>(object, info.map(), if_true, if_false);
6330       dependency = compare;
6331     }
6332     FinishCurrentBlock(compare);
6333 
6334     if (info.type()->Is(Type::Number())) {
6335       GotoNoSimulate(if_true, number_block);
6336       if_true = number_block;
6337     }
6338 
6339     set_current_block(if_true);
6340 
6341     HInstruction* access = BuildMonomorphicAccess(
6342         &info, object, dependency, value, ast_id,
6343         return_id, FLAG_polymorphic_inlining);
6344 
6345     HValue* result = NULL;
6346     switch (access_type) {
6347       case LOAD:
6348         result = access;
6349         break;
6350       case STORE:
6351         result = value;
6352         break;
6353     }
6354 
6355     if (access == NULL) {
6356       if (HasStackOverflow()) return;
6357     } else {
6358       if (!access->IsLinked()) AddInstruction(access);
6359       if (!ast_context()->IsEffect()) Push(result);
6360     }
6361 
6362     if (current_block() != NULL) Goto(join);
6363     set_current_block(if_false);
6364   }
6365 
6366   // Finish up.  Unconditionally deoptimize if we've handled all the maps we
6367   // know about and do not want to handle ones we've never seen.  Otherwise
6368   // use a generic IC.
6369   if (count == types->length() && FLAG_deoptimize_uncommon_cases) {
6370     FinishExitWithHardDeoptimization("Uknown map in polymorphic access");
6371   } else {
6372     HInstruction* instr = BuildNamedGeneric(access_type, expr, object, name,
6373                                             value);
6374     AddInstruction(instr);
6375     if (!ast_context()->IsEffect()) Push(access_type == LOAD ? instr : value);
6376 
6377     if (join != NULL) {
6378       Goto(join);
6379     } else {
6380       Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6381       if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6382       return;
6383     }
6384   }
6385 
6386   DCHECK(join != NULL);
6387   if (join->HasPredecessor()) {
6388     join->SetJoinId(ast_id);
6389     set_current_block(join);
6390     if (!ast_context()->IsEffect()) ast_context()->ReturnValue(Pop());
6391   } else {
6392     set_current_block(NULL);
6393   }
6394 }
6395 
6396 
ComputeReceiverTypes(Expression * expr,HValue * receiver,SmallMapList ** t,Zone * zone)6397 static bool ComputeReceiverTypes(Expression* expr,
6398                                  HValue* receiver,
6399                                  SmallMapList** t,
6400                                  Zone* zone) {
6401   SmallMapList* types = expr->GetReceiverTypes();
6402   *t = types;
6403   bool monomorphic = expr->IsMonomorphic();
6404   if (types != NULL && receiver->HasMonomorphicJSObjectType()) {
6405     Map* root_map = receiver->GetMonomorphicJSObjectMap()->FindRootMap();
6406     types->FilterForPossibleTransitions(root_map);
6407     monomorphic = types->length() == 1;
6408   }
6409   return monomorphic &&
6410          CanInlinePropertyAccess(IC::MapToType<Type>(types->first(), zone));
6411 }
6412 
6413 
AreStringTypes(SmallMapList * types)6414 static bool AreStringTypes(SmallMapList* types) {
6415   for (int i = 0; i < types->length(); i++) {
6416     if (types->at(i)->instance_type() >= FIRST_NONSTRING_TYPE) return false;
6417   }
6418   return true;
6419 }
6420 
6421 
BuildStore(Expression * expr,Property * prop,BailoutId ast_id,BailoutId return_id,bool is_uninitialized)6422 void HOptimizedGraphBuilder::BuildStore(Expression* expr,
6423                                         Property* prop,
6424                                         BailoutId ast_id,
6425                                         BailoutId return_id,
6426                                         bool is_uninitialized) {
6427   if (!prop->key()->IsPropertyName()) {
6428     // Keyed store.
6429     HValue* value = Pop();
6430     HValue* key = Pop();
6431     HValue* object = Pop();
6432     bool has_side_effects = false;
6433     HValue* result = HandleKeyedElementAccess(
6434         object, key, value, expr, ast_id, return_id, STORE, &has_side_effects);
6435     if (has_side_effects) {
6436       if (!ast_context()->IsEffect()) Push(value);
6437       Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6438       if (!ast_context()->IsEffect()) Drop(1);
6439     }
6440     if (result == NULL) return;
6441     return ast_context()->ReturnValue(value);
6442   }
6443 
6444   // Named store.
6445   HValue* value = Pop();
6446   HValue* object = Pop();
6447 
6448   Literal* key = prop->key()->AsLiteral();
6449   Handle<String> name = Handle<String>::cast(key->value());
6450   DCHECK(!name.is_null());
6451 
6452   HInstruction* instr = BuildNamedAccess(STORE, ast_id, return_id, expr,
6453                                          object, name, value, is_uninitialized);
6454   if (instr == NULL) return;
6455 
6456   if (!ast_context()->IsEffect()) Push(value);
6457   AddInstruction(instr);
6458   if (instr->HasObservableSideEffects()) {
6459     Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6460   }
6461   if (!ast_context()->IsEffect()) Drop(1);
6462   return ast_context()->ReturnValue(value);
6463 }
6464 
6465 
HandlePropertyAssignment(Assignment * expr)6466 void HOptimizedGraphBuilder::HandlePropertyAssignment(Assignment* expr) {
6467   Property* prop = expr->target()->AsProperty();
6468   DCHECK(prop != NULL);
6469   CHECK_ALIVE(VisitForValue(prop->obj()));
6470   if (!prop->key()->IsPropertyName()) {
6471     CHECK_ALIVE(VisitForValue(prop->key()));
6472   }
6473   CHECK_ALIVE(VisitForValue(expr->value()));
6474   BuildStore(expr, prop, expr->id(),
6475              expr->AssignmentId(), expr->IsUninitialized());
6476 }
6477 
6478 
6479 // Because not every expression has a position and there is not common
6480 // superclass of Assignment and CountOperation, we cannot just pass the
6481 // owning expression instead of position and ast_id separately.
HandleGlobalVariableAssignment(Variable * var,HValue * value,BailoutId ast_id)6482 void HOptimizedGraphBuilder::HandleGlobalVariableAssignment(
6483     Variable* var,
6484     HValue* value,
6485     BailoutId ast_id) {
6486   Handle<GlobalObject> global(current_info()->global_object());
6487   LookupIterator it(global, var->name(), LookupIterator::OWN_SKIP_INTERCEPTOR);
6488   GlobalPropertyAccess type = LookupGlobalProperty(var, &it, STORE);
6489   if (type == kUseCell) {
6490     Handle<PropertyCell> cell = it.GetPropertyCell();
6491     if (cell->type()->IsConstant()) {
6492       Handle<Object> constant = cell->type()->AsConstant()->Value();
6493       if (value->IsConstant()) {
6494         HConstant* c_value = HConstant::cast(value);
6495         if (!constant.is_identical_to(c_value->handle(isolate()))) {
6496           Add<HDeoptimize>("Constant global variable assignment",
6497                            Deoptimizer::EAGER);
6498         }
6499       } else {
6500         HValue* c_constant = Add<HConstant>(constant);
6501         IfBuilder builder(this);
6502         if (constant->IsNumber()) {
6503           builder.If<HCompareNumericAndBranch>(value, c_constant, Token::EQ);
6504         } else {
6505           builder.If<HCompareObjectEqAndBranch>(value, c_constant);
6506         }
6507         builder.Then();
6508         builder.Else();
6509         Add<HDeoptimize>("Constant global variable assignment",
6510                          Deoptimizer::EAGER);
6511         builder.End();
6512       }
6513     }
6514     HInstruction* instr =
6515         Add<HStoreGlobalCell>(value, cell, it.property_details());
6516     if (instr->HasObservableSideEffects()) {
6517       Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6518     }
6519   } else {
6520     HValue* global_object = Add<HLoadNamedField>(
6521         context(), static_cast<HValue*>(NULL),
6522         HObjectAccess::ForContextSlot(Context::GLOBAL_OBJECT_INDEX));
6523     HStoreNamedGeneric* instr =
6524         Add<HStoreNamedGeneric>(global_object, var->name(),
6525                                  value, function_strict_mode());
6526     USE(instr);
6527     DCHECK(instr->HasObservableSideEffects());
6528     Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
6529   }
6530 }
6531 
6532 
HandleCompoundAssignment(Assignment * expr)6533 void HOptimizedGraphBuilder::HandleCompoundAssignment(Assignment* expr) {
6534   Expression* target = expr->target();
6535   VariableProxy* proxy = target->AsVariableProxy();
6536   Property* prop = target->AsProperty();
6537   DCHECK(proxy == NULL || prop == NULL);
6538 
6539   // We have a second position recorded in the FullCodeGenerator to have
6540   // type feedback for the binary operation.
6541   BinaryOperation* operation = expr->binary_operation();
6542 
6543   if (proxy != NULL) {
6544     Variable* var = proxy->var();
6545     if (var->mode() == LET)  {
6546       return Bailout(kUnsupportedLetCompoundAssignment);
6547     }
6548 
6549     CHECK_ALIVE(VisitForValue(operation));
6550 
6551     switch (var->location()) {
6552       case Variable::UNALLOCATED:
6553         HandleGlobalVariableAssignment(var,
6554                                        Top(),
6555                                        expr->AssignmentId());
6556         break;
6557 
6558       case Variable::PARAMETER:
6559       case Variable::LOCAL:
6560         if (var->mode() == CONST_LEGACY)  {
6561           return Bailout(kUnsupportedConstCompoundAssignment);
6562         }
6563         BindIfLive(var, Top());
6564         break;
6565 
6566       case Variable::CONTEXT: {
6567         // Bail out if we try to mutate a parameter value in a function
6568         // using the arguments object.  We do not (yet) correctly handle the
6569         // arguments property of the function.
6570         if (current_info()->scope()->arguments() != NULL) {
6571           // Parameters will be allocated to context slots.  We have no
6572           // direct way to detect that the variable is a parameter so we do
6573           // a linear search of the parameter variables.
6574           int count = current_info()->scope()->num_parameters();
6575           for (int i = 0; i < count; ++i) {
6576             if (var == current_info()->scope()->parameter(i)) {
6577               Bailout(kAssignmentToParameterFunctionUsesArgumentsObject);
6578             }
6579           }
6580         }
6581 
6582         HStoreContextSlot::Mode mode;
6583 
6584         switch (var->mode()) {
6585           case LET:
6586             mode = HStoreContextSlot::kCheckDeoptimize;
6587             break;
6588           case CONST:
6589             // This case is checked statically so no need to
6590             // perform checks here
6591             UNREACHABLE();
6592           case CONST_LEGACY:
6593             return ast_context()->ReturnValue(Pop());
6594           default:
6595             mode = HStoreContextSlot::kNoCheck;
6596         }
6597 
6598         HValue* context = BuildContextChainWalk(var);
6599         HStoreContextSlot* instr = Add<HStoreContextSlot>(
6600             context, var->index(), mode, Top());
6601         if (instr->HasObservableSideEffects()) {
6602           Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
6603         }
6604         break;
6605       }
6606 
6607       case Variable::LOOKUP:
6608         return Bailout(kCompoundAssignmentToLookupSlot);
6609     }
6610     return ast_context()->ReturnValue(Pop());
6611 
6612   } else if (prop != NULL) {
6613     CHECK_ALIVE(VisitForValue(prop->obj()));
6614     HValue* object = Top();
6615     HValue* key = NULL;
6616     if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
6617       CHECK_ALIVE(VisitForValue(prop->key()));
6618       key = Top();
6619     }
6620 
6621     CHECK_ALIVE(PushLoad(prop, object, key));
6622 
6623     CHECK_ALIVE(VisitForValue(expr->value()));
6624     HValue* right = Pop();
6625     HValue* left = Pop();
6626 
6627     Push(BuildBinaryOperation(operation, left, right, PUSH_BEFORE_SIMULATE));
6628 
6629     BuildStore(expr, prop, expr->id(),
6630                expr->AssignmentId(), expr->IsUninitialized());
6631   } else {
6632     return Bailout(kInvalidLhsInCompoundAssignment);
6633   }
6634 }
6635 
6636 
VisitAssignment(Assignment * expr)6637 void HOptimizedGraphBuilder::VisitAssignment(Assignment* expr) {
6638   DCHECK(!HasStackOverflow());
6639   DCHECK(current_block() != NULL);
6640   DCHECK(current_block()->HasPredecessor());
6641   VariableProxy* proxy = expr->target()->AsVariableProxy();
6642   Property* prop = expr->target()->AsProperty();
6643   DCHECK(proxy == NULL || prop == NULL);
6644 
6645   if (expr->is_compound()) {
6646     HandleCompoundAssignment(expr);
6647     return;
6648   }
6649 
6650   if (prop != NULL) {
6651     HandlePropertyAssignment(expr);
6652   } else if (proxy != NULL) {
6653     Variable* var = proxy->var();
6654 
6655     if (var->mode() == CONST) {
6656       if (expr->op() != Token::INIT_CONST) {
6657         return Bailout(kNonInitializerAssignmentToConst);
6658       }
6659     } else if (var->mode() == CONST_LEGACY) {
6660       if (expr->op() != Token::INIT_CONST_LEGACY) {
6661         CHECK_ALIVE(VisitForValue(expr->value()));
6662         return ast_context()->ReturnValue(Pop());
6663       }
6664 
6665       if (var->IsStackAllocated()) {
6666         // We insert a use of the old value to detect unsupported uses of const
6667         // variables (e.g. initialization inside a loop).
6668         HValue* old_value = environment()->Lookup(var);
6669         Add<HUseConst>(old_value);
6670       }
6671     }
6672 
6673     if (proxy->IsArguments()) return Bailout(kAssignmentToArguments);
6674 
6675     // Handle the assignment.
6676     switch (var->location()) {
6677       case Variable::UNALLOCATED:
6678         CHECK_ALIVE(VisitForValue(expr->value()));
6679         HandleGlobalVariableAssignment(var,
6680                                        Top(),
6681                                        expr->AssignmentId());
6682         return ast_context()->ReturnValue(Pop());
6683 
6684       case Variable::PARAMETER:
6685       case Variable::LOCAL: {
6686         // Perform an initialization check for let declared variables
6687         // or parameters.
6688         if (var->mode() == LET && expr->op() == Token::ASSIGN) {
6689           HValue* env_value = environment()->Lookup(var);
6690           if (env_value == graph()->GetConstantHole()) {
6691             return Bailout(kAssignmentToLetVariableBeforeInitialization);
6692           }
6693         }
6694         // We do not allow the arguments object to occur in a context where it
6695         // may escape, but assignments to stack-allocated locals are
6696         // permitted.
6697         CHECK_ALIVE(VisitForValue(expr->value(), ARGUMENTS_ALLOWED));
6698         HValue* value = Pop();
6699         BindIfLive(var, value);
6700         return ast_context()->ReturnValue(value);
6701       }
6702 
6703       case Variable::CONTEXT: {
6704         // Bail out if we try to mutate a parameter value in a function using
6705         // the arguments object.  We do not (yet) correctly handle the
6706         // arguments property of the function.
6707         if (current_info()->scope()->arguments() != NULL) {
6708           // Parameters will rewrite to context slots.  We have no direct way
6709           // to detect that the variable is a parameter.
6710           int count = current_info()->scope()->num_parameters();
6711           for (int i = 0; i < count; ++i) {
6712             if (var == current_info()->scope()->parameter(i)) {
6713               return Bailout(kAssignmentToParameterInArgumentsObject);
6714             }
6715           }
6716         }
6717 
6718         CHECK_ALIVE(VisitForValue(expr->value()));
6719         HStoreContextSlot::Mode mode;
6720         if (expr->op() == Token::ASSIGN) {
6721           switch (var->mode()) {
6722             case LET:
6723               mode = HStoreContextSlot::kCheckDeoptimize;
6724               break;
6725             case CONST:
6726               // This case is checked statically so no need to
6727               // perform checks here
6728               UNREACHABLE();
6729             case CONST_LEGACY:
6730               return ast_context()->ReturnValue(Pop());
6731             default:
6732               mode = HStoreContextSlot::kNoCheck;
6733           }
6734         } else if (expr->op() == Token::INIT_VAR ||
6735                    expr->op() == Token::INIT_LET ||
6736                    expr->op() == Token::INIT_CONST) {
6737           mode = HStoreContextSlot::kNoCheck;
6738         } else {
6739           DCHECK(expr->op() == Token::INIT_CONST_LEGACY);
6740 
6741           mode = HStoreContextSlot::kCheckIgnoreAssignment;
6742         }
6743 
6744         HValue* context = BuildContextChainWalk(var);
6745         HStoreContextSlot* instr = Add<HStoreContextSlot>(
6746             context, var->index(), mode, Top());
6747         if (instr->HasObservableSideEffects()) {
6748           Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
6749         }
6750         return ast_context()->ReturnValue(Pop());
6751       }
6752 
6753       case Variable::LOOKUP:
6754         return Bailout(kAssignmentToLOOKUPVariable);
6755     }
6756   } else {
6757     return Bailout(kInvalidLeftHandSideInAssignment);
6758   }
6759 }
6760 
6761 
VisitYield(Yield * expr)6762 void HOptimizedGraphBuilder::VisitYield(Yield* expr) {
6763   // Generators are not optimized, so we should never get here.
6764   UNREACHABLE();
6765 }
6766 
6767 
VisitThrow(Throw * expr)6768 void HOptimizedGraphBuilder::VisitThrow(Throw* expr) {
6769   DCHECK(!HasStackOverflow());
6770   DCHECK(current_block() != NULL);
6771   DCHECK(current_block()->HasPredecessor());
6772   if (!ast_context()->IsEffect()) {
6773     // The parser turns invalid left-hand sides in assignments into throw
6774     // statements, which may not be in effect contexts. We might still try
6775     // to optimize such functions; bail out now if we do.
6776     return Bailout(kInvalidLeftHandSideInAssignment);
6777   }
6778   CHECK_ALIVE(VisitForValue(expr->exception()));
6779 
6780   HValue* value = environment()->Pop();
6781   if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
6782   Add<HPushArguments>(value);
6783   Add<HCallRuntime>(isolate()->factory()->empty_string(),
6784                     Runtime::FunctionForId(Runtime::kThrow), 1);
6785   Add<HSimulate>(expr->id());
6786 
6787   // If the throw definitely exits the function, we can finish with a dummy
6788   // control flow at this point.  This is not the case if the throw is inside
6789   // an inlined function which may be replaced.
6790   if (call_context() == NULL) {
6791     FinishExitCurrentBlock(New<HAbnormalExit>());
6792   }
6793 }
6794 
6795 
AddLoadStringInstanceType(HValue * string)6796 HInstruction* HGraphBuilder::AddLoadStringInstanceType(HValue* string) {
6797   if (string->IsConstant()) {
6798     HConstant* c_string = HConstant::cast(string);
6799     if (c_string->HasStringValue()) {
6800       return Add<HConstant>(c_string->StringValue()->map()->instance_type());
6801     }
6802   }
6803   return Add<HLoadNamedField>(
6804       Add<HLoadNamedField>(string, static_cast<HValue*>(NULL),
6805                            HObjectAccess::ForMap()),
6806       static_cast<HValue*>(NULL), HObjectAccess::ForMapInstanceType());
6807 }
6808 
6809 
AddLoadStringLength(HValue * string)6810 HInstruction* HGraphBuilder::AddLoadStringLength(HValue* string) {
6811   if (string->IsConstant()) {
6812     HConstant* c_string = HConstant::cast(string);
6813     if (c_string->HasStringValue()) {
6814       return Add<HConstant>(c_string->StringValue()->length());
6815     }
6816   }
6817   return Add<HLoadNamedField>(string, static_cast<HValue*>(NULL),
6818                               HObjectAccess::ForStringLength());
6819 }
6820 
6821 
BuildNamedGeneric(PropertyAccessType access_type,Expression * expr,HValue * object,Handle<String> name,HValue * value,bool is_uninitialized)6822 HInstruction* HOptimizedGraphBuilder::BuildNamedGeneric(
6823     PropertyAccessType access_type,
6824     Expression* expr,
6825     HValue* object,
6826     Handle<String> name,
6827     HValue* value,
6828     bool is_uninitialized) {
6829   if (is_uninitialized) {
6830     Add<HDeoptimize>("Insufficient type feedback for generic named access",
6831                      Deoptimizer::SOFT);
6832   }
6833   if (access_type == LOAD) {
6834     HLoadNamedGeneric* result = New<HLoadNamedGeneric>(object, name);
6835     if (FLAG_vector_ics) {
6836       Handle<SharedFunctionInfo> current_shared =
6837           function_state()->compilation_info()->shared_info();
6838       result->SetVectorAndSlot(
6839           handle(current_shared->feedback_vector(), isolate()),
6840           expr->AsProperty()->PropertyFeedbackSlot());
6841     }
6842     return result;
6843   } else {
6844     return New<HStoreNamedGeneric>(object, name, value, function_strict_mode());
6845   }
6846 }
6847 
6848 
6849 
BuildKeyedGeneric(PropertyAccessType access_type,Expression * expr,HValue * object,HValue * key,HValue * value)6850 HInstruction* HOptimizedGraphBuilder::BuildKeyedGeneric(
6851     PropertyAccessType access_type,
6852     Expression* expr,
6853     HValue* object,
6854     HValue* key,
6855     HValue* value) {
6856   if (access_type == LOAD) {
6857     HLoadKeyedGeneric* result = New<HLoadKeyedGeneric>(object, key);
6858     if (FLAG_vector_ics) {
6859       Handle<SharedFunctionInfo> current_shared =
6860           function_state()->compilation_info()->shared_info();
6861       result->SetVectorAndSlot(
6862           handle(current_shared->feedback_vector(), isolate()),
6863           expr->AsProperty()->PropertyFeedbackSlot());
6864     }
6865     return result;
6866   } else {
6867     return New<HStoreKeyedGeneric>(object, key, value, function_strict_mode());
6868   }
6869 }
6870 
6871 
BuildKeyedHoleMode(Handle<Map> map)6872 LoadKeyedHoleMode HOptimizedGraphBuilder::BuildKeyedHoleMode(Handle<Map> map) {
6873   // Loads from a "stock" fast holey double arrays can elide the hole check.
6874   LoadKeyedHoleMode load_mode = NEVER_RETURN_HOLE;
6875   if (*map == isolate()->get_initial_js_array_map(FAST_HOLEY_DOUBLE_ELEMENTS) &&
6876       isolate()->IsFastArrayConstructorPrototypeChainIntact()) {
6877     Handle<JSObject> prototype(JSObject::cast(map->prototype()), isolate());
6878     Handle<JSObject> object_prototype = isolate()->initial_object_prototype();
6879     BuildCheckPrototypeMaps(prototype, object_prototype);
6880     load_mode = ALLOW_RETURN_HOLE;
6881     graph()->MarkDependsOnEmptyArrayProtoElements();
6882   }
6883 
6884   return load_mode;
6885 }
6886 
6887 
BuildMonomorphicElementAccess(HValue * object,HValue * key,HValue * val,HValue * dependency,Handle<Map> map,PropertyAccessType access_type,KeyedAccessStoreMode store_mode)6888 HInstruction* HOptimizedGraphBuilder::BuildMonomorphicElementAccess(
6889     HValue* object,
6890     HValue* key,
6891     HValue* val,
6892     HValue* dependency,
6893     Handle<Map> map,
6894     PropertyAccessType access_type,
6895     KeyedAccessStoreMode store_mode) {
6896   HCheckMaps* checked_object = Add<HCheckMaps>(object, map, dependency);
6897   if (dependency) {
6898     checked_object->ClearDependsOnFlag(kElementsKind);
6899   }
6900 
6901   if (access_type == STORE && map->prototype()->IsJSObject()) {
6902     // monomorphic stores need a prototype chain check because shape
6903     // changes could allow callbacks on elements in the chain that
6904     // aren't compatible with monomorphic keyed stores.
6905     PrototypeIterator iter(map);
6906     JSObject* holder = NULL;
6907     while (!iter.IsAtEnd()) {
6908       holder = JSObject::cast(*PrototypeIterator::GetCurrent(iter));
6909       iter.Advance();
6910     }
6911     DCHECK(holder && holder->IsJSObject());
6912 
6913     BuildCheckPrototypeMaps(handle(JSObject::cast(map->prototype())),
6914                             Handle<JSObject>(holder));
6915   }
6916 
6917   LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
6918   return BuildUncheckedMonomorphicElementAccess(
6919       checked_object, key, val,
6920       map->instance_type() == JS_ARRAY_TYPE,
6921       map->elements_kind(), access_type,
6922       load_mode, store_mode);
6923 }
6924 
6925 
TryBuildConsolidatedElementLoad(HValue * object,HValue * key,HValue * val,SmallMapList * maps)6926 HInstruction* HOptimizedGraphBuilder::TryBuildConsolidatedElementLoad(
6927     HValue* object,
6928     HValue* key,
6929     HValue* val,
6930     SmallMapList* maps) {
6931   // For polymorphic loads of similar elements kinds (i.e. all tagged or all
6932   // double), always use the "worst case" code without a transition.  This is
6933   // much faster than transitioning the elements to the worst case, trading a
6934   // HTransitionElements for a HCheckMaps, and avoiding mutation of the array.
6935   bool has_double_maps = false;
6936   bool has_smi_or_object_maps = false;
6937   bool has_js_array_access = false;
6938   bool has_non_js_array_access = false;
6939   bool has_seen_holey_elements = false;
6940   Handle<Map> most_general_consolidated_map;
6941   for (int i = 0; i < maps->length(); ++i) {
6942     Handle<Map> map = maps->at(i);
6943     if (!map->IsJSObjectMap()) return NULL;
6944     // Don't allow mixing of JSArrays with JSObjects.
6945     if (map->instance_type() == JS_ARRAY_TYPE) {
6946       if (has_non_js_array_access) return NULL;
6947       has_js_array_access = true;
6948     } else if (has_js_array_access) {
6949       return NULL;
6950     } else {
6951       has_non_js_array_access = true;
6952     }
6953     // Don't allow mixed, incompatible elements kinds.
6954     if (map->has_fast_double_elements()) {
6955       if (has_smi_or_object_maps) return NULL;
6956       has_double_maps = true;
6957     } else if (map->has_fast_smi_or_object_elements()) {
6958       if (has_double_maps) return NULL;
6959       has_smi_or_object_maps = true;
6960     } else {
6961       return NULL;
6962     }
6963     // Remember if we've ever seen holey elements.
6964     if (IsHoleyElementsKind(map->elements_kind())) {
6965       has_seen_holey_elements = true;
6966     }
6967     // Remember the most general elements kind, the code for its load will
6968     // properly handle all of the more specific cases.
6969     if ((i == 0) || IsMoreGeneralElementsKindTransition(
6970             most_general_consolidated_map->elements_kind(),
6971             map->elements_kind())) {
6972       most_general_consolidated_map = map;
6973     }
6974   }
6975   if (!has_double_maps && !has_smi_or_object_maps) return NULL;
6976 
6977   HCheckMaps* checked_object = Add<HCheckMaps>(object, maps);
6978   // FAST_ELEMENTS is considered more general than FAST_HOLEY_SMI_ELEMENTS.
6979   // If we've seen both, the consolidated load must use FAST_HOLEY_ELEMENTS.
6980   ElementsKind consolidated_elements_kind = has_seen_holey_elements
6981       ? GetHoleyElementsKind(most_general_consolidated_map->elements_kind())
6982       : most_general_consolidated_map->elements_kind();
6983   HInstruction* instr = BuildUncheckedMonomorphicElementAccess(
6984       checked_object, key, val,
6985       most_general_consolidated_map->instance_type() == JS_ARRAY_TYPE,
6986       consolidated_elements_kind,
6987       LOAD, NEVER_RETURN_HOLE, STANDARD_STORE);
6988   return instr;
6989 }
6990 
6991 
HandlePolymorphicElementAccess(Expression * expr,HValue * object,HValue * key,HValue * val,SmallMapList * maps,PropertyAccessType access_type,KeyedAccessStoreMode store_mode,bool * has_side_effects)6992 HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
6993     Expression* expr,
6994     HValue* object,
6995     HValue* key,
6996     HValue* val,
6997     SmallMapList* maps,
6998     PropertyAccessType access_type,
6999     KeyedAccessStoreMode store_mode,
7000     bool* has_side_effects) {
7001   *has_side_effects = false;
7002   BuildCheckHeapObject(object);
7003 
7004   if (access_type == LOAD) {
7005     HInstruction* consolidated_load =
7006         TryBuildConsolidatedElementLoad(object, key, val, maps);
7007     if (consolidated_load != NULL) {
7008       *has_side_effects |= consolidated_load->HasObservableSideEffects();
7009       return consolidated_load;
7010     }
7011   }
7012 
7013   // Elements_kind transition support.
7014   MapHandleList transition_target(maps->length());
7015   // Collect possible transition targets.
7016   MapHandleList possible_transitioned_maps(maps->length());
7017   for (int i = 0; i < maps->length(); ++i) {
7018     Handle<Map> map = maps->at(i);
7019     ElementsKind elements_kind = map->elements_kind();
7020     if (IsFastElementsKind(elements_kind) &&
7021         elements_kind != GetInitialFastElementsKind()) {
7022       possible_transitioned_maps.Add(map);
7023     }
7024     if (elements_kind == SLOPPY_ARGUMENTS_ELEMENTS) {
7025       HInstruction* result = BuildKeyedGeneric(access_type, expr, object, key,
7026                                                val);
7027       *has_side_effects = result->HasObservableSideEffects();
7028       return AddInstruction(result);
7029     }
7030   }
7031   // Get transition target for each map (NULL == no transition).
7032   for (int i = 0; i < maps->length(); ++i) {
7033     Handle<Map> map = maps->at(i);
7034     Handle<Map> transitioned_map =
7035         map->FindTransitionedMap(&possible_transitioned_maps);
7036     transition_target.Add(transitioned_map);
7037   }
7038 
7039   MapHandleList untransitionable_maps(maps->length());
7040   HTransitionElementsKind* transition = NULL;
7041   for (int i = 0; i < maps->length(); ++i) {
7042     Handle<Map> map = maps->at(i);
7043     DCHECK(map->IsMap());
7044     if (!transition_target.at(i).is_null()) {
7045       DCHECK(Map::IsValidElementsTransition(
7046           map->elements_kind(),
7047           transition_target.at(i)->elements_kind()));
7048       transition = Add<HTransitionElementsKind>(object, map,
7049                                                 transition_target.at(i));
7050     } else {
7051       untransitionable_maps.Add(map);
7052     }
7053   }
7054 
7055   // If only one map is left after transitioning, handle this case
7056   // monomorphically.
7057   DCHECK(untransitionable_maps.length() >= 1);
7058   if (untransitionable_maps.length() == 1) {
7059     Handle<Map> untransitionable_map = untransitionable_maps[0];
7060     HInstruction* instr = NULL;
7061     if (untransitionable_map->has_slow_elements_kind() ||
7062         !untransitionable_map->IsJSObjectMap()) {
7063       instr = AddInstruction(BuildKeyedGeneric(access_type, expr, object, key,
7064                                                val));
7065     } else {
7066       instr = BuildMonomorphicElementAccess(
7067           object, key, val, transition, untransitionable_map, access_type,
7068           store_mode);
7069     }
7070     *has_side_effects |= instr->HasObservableSideEffects();
7071     return access_type == STORE ? val : instr;
7072   }
7073 
7074   HBasicBlock* join = graph()->CreateBasicBlock();
7075 
7076   for (int i = 0; i < untransitionable_maps.length(); ++i) {
7077     Handle<Map> map = untransitionable_maps[i];
7078     if (!map->IsJSObjectMap()) continue;
7079     ElementsKind elements_kind = map->elements_kind();
7080     HBasicBlock* this_map = graph()->CreateBasicBlock();
7081     HBasicBlock* other_map = graph()->CreateBasicBlock();
7082     HCompareMap* mapcompare =
7083         New<HCompareMap>(object, map, this_map, other_map);
7084     FinishCurrentBlock(mapcompare);
7085 
7086     set_current_block(this_map);
7087     HInstruction* access = NULL;
7088     if (IsDictionaryElementsKind(elements_kind)) {
7089       access = AddInstruction(BuildKeyedGeneric(access_type, expr, object, key,
7090                                                 val));
7091     } else {
7092       DCHECK(IsFastElementsKind(elements_kind) ||
7093              IsExternalArrayElementsKind(elements_kind) ||
7094              IsFixedTypedArrayElementsKind(elements_kind));
7095       LoadKeyedHoleMode load_mode = BuildKeyedHoleMode(map);
7096       // Happily, mapcompare is a checked object.
7097       access = BuildUncheckedMonomorphicElementAccess(
7098           mapcompare, key, val,
7099           map->instance_type() == JS_ARRAY_TYPE,
7100           elements_kind, access_type,
7101           load_mode,
7102           store_mode);
7103     }
7104     *has_side_effects |= access->HasObservableSideEffects();
7105     // The caller will use has_side_effects and add a correct Simulate.
7106     access->SetFlag(HValue::kHasNoObservableSideEffects);
7107     if (access_type == LOAD) {
7108       Push(access);
7109     }
7110     NoObservableSideEffectsScope scope(this);
7111     GotoNoSimulate(join);
7112     set_current_block(other_map);
7113   }
7114 
7115   // Ensure that we visited at least one map above that goes to join. This is
7116   // necessary because FinishExitWithHardDeoptimization does an AbnormalExit
7117   // rather than joining the join block. If this becomes an issue, insert a
7118   // generic access in the case length() == 0.
7119   DCHECK(join->predecessors()->length() > 0);
7120   // Deopt if none of the cases matched.
7121   NoObservableSideEffectsScope scope(this);
7122   FinishExitWithHardDeoptimization("Unknown map in polymorphic element access");
7123   set_current_block(join);
7124   return access_type == STORE ? val : Pop();
7125 }
7126 
7127 
HandleKeyedElementAccess(HValue * obj,HValue * key,HValue * val,Expression * expr,BailoutId ast_id,BailoutId return_id,PropertyAccessType access_type,bool * has_side_effects)7128 HValue* HOptimizedGraphBuilder::HandleKeyedElementAccess(
7129     HValue* obj, HValue* key, HValue* val, Expression* expr, BailoutId ast_id,
7130     BailoutId return_id, PropertyAccessType access_type,
7131     bool* has_side_effects) {
7132   if (key->ActualValue()->IsConstant()) {
7133     Handle<Object> constant =
7134         HConstant::cast(key->ActualValue())->handle(isolate());
7135     uint32_t array_index;
7136     if (constant->IsString() &&
7137         !Handle<String>::cast(constant)->AsArrayIndex(&array_index)) {
7138       if (!constant->IsUniqueName()) {
7139         constant = isolate()->factory()->InternalizeString(
7140             Handle<String>::cast(constant));
7141       }
7142       HInstruction* instr =
7143           BuildNamedAccess(access_type, ast_id, return_id, expr, obj,
7144                            Handle<String>::cast(constant), val, false);
7145       if (instr == NULL || instr->IsLinked()) {
7146         *has_side_effects = false;
7147       } else {
7148         AddInstruction(instr);
7149         *has_side_effects = instr->HasObservableSideEffects();
7150       }
7151       return instr;
7152     }
7153   }
7154 
7155   DCHECK(!expr->IsPropertyName());
7156   HInstruction* instr = NULL;
7157 
7158   SmallMapList* types;
7159   bool monomorphic = ComputeReceiverTypes(expr, obj, &types, zone());
7160 
7161   bool force_generic = false;
7162   if (access_type == STORE &&
7163       (monomorphic || (types != NULL && !types->is_empty()))) {
7164     // Stores can't be mono/polymorphic if their prototype chain has dictionary
7165     // elements. However a receiver map that has dictionary elements itself
7166     // should be left to normal mono/poly behavior (the other maps may benefit
7167     // from highly optimized stores).
7168     for (int i = 0; i < types->length(); i++) {
7169       Handle<Map> current_map = types->at(i);
7170       if (current_map->DictionaryElementsInPrototypeChainOnly()) {
7171         force_generic = true;
7172         monomorphic = false;
7173         break;
7174       }
7175     }
7176   }
7177 
7178   if (monomorphic) {
7179     Handle<Map> map = types->first();
7180     if (map->has_slow_elements_kind() || !map->IsJSObjectMap()) {
7181       instr = AddInstruction(BuildKeyedGeneric(access_type, expr, obj, key,
7182                                                val));
7183     } else {
7184       BuildCheckHeapObject(obj);
7185       instr = BuildMonomorphicElementAccess(
7186           obj, key, val, NULL, map, access_type, expr->GetStoreMode());
7187     }
7188   } else if (!force_generic && (types != NULL && !types->is_empty())) {
7189     return HandlePolymorphicElementAccess(
7190         expr, obj, key, val, types, access_type,
7191         expr->GetStoreMode(), has_side_effects);
7192   } else {
7193     if (access_type == STORE) {
7194       if (expr->IsAssignment() &&
7195           expr->AsAssignment()->HasNoTypeInformation()) {
7196         Add<HDeoptimize>("Insufficient type feedback for keyed store",
7197                          Deoptimizer::SOFT);
7198       }
7199     } else {
7200       if (expr->AsProperty()->HasNoTypeInformation()) {
7201         Add<HDeoptimize>("Insufficient type feedback for keyed load",
7202                          Deoptimizer::SOFT);
7203       }
7204     }
7205     instr = AddInstruction(BuildKeyedGeneric(access_type, expr, obj, key, val));
7206   }
7207   *has_side_effects = instr->HasObservableSideEffects();
7208   return instr;
7209 }
7210 
7211 
EnsureArgumentsArePushedForAccess()7212 void HOptimizedGraphBuilder::EnsureArgumentsArePushedForAccess() {
7213   // Outermost function already has arguments on the stack.
7214   if (function_state()->outer() == NULL) return;
7215 
7216   if (function_state()->arguments_pushed()) return;
7217 
7218   // Push arguments when entering inlined function.
7219   HEnterInlined* entry = function_state()->entry();
7220   entry->set_arguments_pushed();
7221 
7222   HArgumentsObject* arguments = entry->arguments_object();
7223   const ZoneList<HValue*>* arguments_values = arguments->arguments_values();
7224 
7225   HInstruction* insert_after = entry;
7226   for (int i = 0; i < arguments_values->length(); i++) {
7227     HValue* argument = arguments_values->at(i);
7228     HInstruction* push_argument = New<HPushArguments>(argument);
7229     push_argument->InsertAfter(insert_after);
7230     insert_after = push_argument;
7231   }
7232 
7233   HArgumentsElements* arguments_elements = New<HArgumentsElements>(true);
7234   arguments_elements->ClearFlag(HValue::kUseGVN);
7235   arguments_elements->InsertAfter(insert_after);
7236   function_state()->set_arguments_elements(arguments_elements);
7237 }
7238 
7239 
TryArgumentsAccess(Property * expr)7240 bool HOptimizedGraphBuilder::TryArgumentsAccess(Property* expr) {
7241   VariableProxy* proxy = expr->obj()->AsVariableProxy();
7242   if (proxy == NULL) return false;
7243   if (!proxy->var()->IsStackAllocated()) return false;
7244   if (!environment()->Lookup(proxy->var())->CheckFlag(HValue::kIsArguments)) {
7245     return false;
7246   }
7247 
7248   HInstruction* result = NULL;
7249   if (expr->key()->IsPropertyName()) {
7250     Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7251     if (!String::Equals(name, isolate()->factory()->length_string())) {
7252       return false;
7253     }
7254 
7255     if (function_state()->outer() == NULL) {
7256       HInstruction* elements = Add<HArgumentsElements>(false);
7257       result = New<HArgumentsLength>(elements);
7258     } else {
7259       // Number of arguments without receiver.
7260       int argument_count = environment()->
7261           arguments_environment()->parameter_count() - 1;
7262       result = New<HConstant>(argument_count);
7263     }
7264   } else {
7265     Push(graph()->GetArgumentsObject());
7266     CHECK_ALIVE_OR_RETURN(VisitForValue(expr->key()), true);
7267     HValue* key = Pop();
7268     Drop(1);  // Arguments object.
7269     if (function_state()->outer() == NULL) {
7270       HInstruction* elements = Add<HArgumentsElements>(false);
7271       HInstruction* length = Add<HArgumentsLength>(elements);
7272       HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7273       result = New<HAccessArgumentsAt>(elements, length, checked_key);
7274     } else {
7275       EnsureArgumentsArePushedForAccess();
7276 
7277       // Number of arguments without receiver.
7278       HInstruction* elements = function_state()->arguments_elements();
7279       int argument_count = environment()->
7280           arguments_environment()->parameter_count() - 1;
7281       HInstruction* length = Add<HConstant>(argument_count);
7282       HInstruction* checked_key = Add<HBoundsCheck>(key, length);
7283       result = New<HAccessArgumentsAt>(elements, length, checked_key);
7284     }
7285   }
7286   ast_context()->ReturnInstruction(result, expr->id());
7287   return true;
7288 }
7289 
7290 
BuildNamedAccess(PropertyAccessType access,BailoutId ast_id,BailoutId return_id,Expression * expr,HValue * object,Handle<String> name,HValue * value,bool is_uninitialized)7291 HInstruction* HOptimizedGraphBuilder::BuildNamedAccess(
7292     PropertyAccessType access,
7293     BailoutId ast_id,
7294     BailoutId return_id,
7295     Expression* expr,
7296     HValue* object,
7297     Handle<String> name,
7298     HValue* value,
7299     bool is_uninitialized) {
7300   SmallMapList* types;
7301   ComputeReceiverTypes(expr, object, &types, zone());
7302   DCHECK(types != NULL);
7303 
7304   if (types->length() > 0) {
7305     PropertyAccessInfo info(this, access, ToType(types->first()), name);
7306     if (!info.CanAccessAsMonomorphic(types)) {
7307       HandlePolymorphicNamedFieldAccess(
7308           access, expr, ast_id, return_id, object, value, types, name);
7309       return NULL;
7310     }
7311 
7312     HValue* checked_object;
7313     // Type::Number() is only supported by polymorphic load/call handling.
7314     DCHECK(!info.type()->Is(Type::Number()));
7315     BuildCheckHeapObject(object);
7316     if (AreStringTypes(types)) {
7317       checked_object =
7318           Add<HCheckInstanceType>(object, HCheckInstanceType::IS_STRING);
7319     } else {
7320       checked_object = Add<HCheckMaps>(object, types);
7321     }
7322     return BuildMonomorphicAccess(
7323         &info, object, checked_object, value, ast_id, return_id);
7324   }
7325 
7326   return BuildNamedGeneric(access, expr, object, name, value, is_uninitialized);
7327 }
7328 
7329 
PushLoad(Property * expr,HValue * object,HValue * key)7330 void HOptimizedGraphBuilder::PushLoad(Property* expr,
7331                                       HValue* object,
7332                                       HValue* key) {
7333   ValueContext for_value(this, ARGUMENTS_NOT_ALLOWED);
7334   Push(object);
7335   if (key != NULL) Push(key);
7336   BuildLoad(expr, expr->LoadId());
7337 }
7338 
7339 
BuildLoad(Property * expr,BailoutId ast_id)7340 void HOptimizedGraphBuilder::BuildLoad(Property* expr,
7341                                        BailoutId ast_id) {
7342   HInstruction* instr = NULL;
7343   if (expr->IsStringAccess()) {
7344     HValue* index = Pop();
7345     HValue* string = Pop();
7346     HInstruction* char_code = BuildStringCharCodeAt(string, index);
7347     AddInstruction(char_code);
7348     instr = NewUncasted<HStringCharFromCode>(char_code);
7349 
7350   } else if (expr->key()->IsPropertyName()) {
7351     Handle<String> name = expr->key()->AsLiteral()->AsPropertyName();
7352     HValue* object = Pop();
7353 
7354     instr = BuildNamedAccess(LOAD, ast_id, expr->LoadId(), expr,
7355                              object, name, NULL, expr->IsUninitialized());
7356     if (instr == NULL) return;
7357     if (instr->IsLinked()) return ast_context()->ReturnValue(instr);
7358 
7359   } else {
7360     HValue* key = Pop();
7361     HValue* obj = Pop();
7362 
7363     bool has_side_effects = false;
7364     HValue* load = HandleKeyedElementAccess(
7365         obj, key, NULL, expr, ast_id, expr->LoadId(), LOAD, &has_side_effects);
7366     if (has_side_effects) {
7367       if (ast_context()->IsEffect()) {
7368         Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7369       } else {
7370         Push(load);
7371         Add<HSimulate>(ast_id, REMOVABLE_SIMULATE);
7372         Drop(1);
7373       }
7374     }
7375     if (load == NULL) return;
7376     return ast_context()->ReturnValue(load);
7377   }
7378   return ast_context()->ReturnInstruction(instr, ast_id);
7379 }
7380 
7381 
VisitProperty(Property * expr)7382 void HOptimizedGraphBuilder::VisitProperty(Property* expr) {
7383   DCHECK(!HasStackOverflow());
7384   DCHECK(current_block() != NULL);
7385   DCHECK(current_block()->HasPredecessor());
7386 
7387   if (TryArgumentsAccess(expr)) return;
7388 
7389   CHECK_ALIVE(VisitForValue(expr->obj()));
7390   if (!expr->key()->IsPropertyName() || expr->IsStringAccess()) {
7391     CHECK_ALIVE(VisitForValue(expr->key()));
7392   }
7393 
7394   BuildLoad(expr, expr->id());
7395 }
7396 
7397 
BuildConstantMapCheck(Handle<JSObject> constant)7398 HInstruction* HGraphBuilder::BuildConstantMapCheck(Handle<JSObject> constant) {
7399   HCheckMaps* check = Add<HCheckMaps>(
7400       Add<HConstant>(constant), handle(constant->map()));
7401   check->ClearDependsOnFlag(kElementsKind);
7402   return check;
7403 }
7404 
7405 
BuildCheckPrototypeMaps(Handle<JSObject> prototype,Handle<JSObject> holder)7406 HInstruction* HGraphBuilder::BuildCheckPrototypeMaps(Handle<JSObject> prototype,
7407                                                      Handle<JSObject> holder) {
7408   PrototypeIterator iter(isolate(), prototype,
7409                          PrototypeIterator::START_AT_RECEIVER);
7410   while (holder.is_null() ||
7411          !PrototypeIterator::GetCurrent(iter).is_identical_to(holder)) {
7412     BuildConstantMapCheck(
7413         Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7414     iter.Advance();
7415     if (iter.IsAtEnd()) {
7416       return NULL;
7417     }
7418   }
7419   return BuildConstantMapCheck(
7420       Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)));
7421 }
7422 
7423 
AddCheckPrototypeMaps(Handle<JSObject> holder,Handle<Map> receiver_map)7424 void HOptimizedGraphBuilder::AddCheckPrototypeMaps(Handle<JSObject> holder,
7425                                                    Handle<Map> receiver_map) {
7426   if (!holder.is_null()) {
7427     Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
7428     BuildCheckPrototypeMaps(prototype, holder);
7429   }
7430 }
7431 
7432 
NewPlainFunctionCall(HValue * fun,int argument_count,bool pass_argument_count)7433 HInstruction* HOptimizedGraphBuilder::NewPlainFunctionCall(
7434     HValue* fun, int argument_count, bool pass_argument_count) {
7435   return New<HCallJSFunction>(
7436       fun, argument_count, pass_argument_count);
7437 }
7438 
7439 
NewArgumentAdaptorCall(HValue * fun,HValue * context,int argument_count,HValue * expected_param_count)7440 HInstruction* HOptimizedGraphBuilder::NewArgumentAdaptorCall(
7441     HValue* fun, HValue* context,
7442     int argument_count, HValue* expected_param_count) {
7443   ArgumentAdaptorDescriptor descriptor(isolate());
7444   HValue* arity = Add<HConstant>(argument_count - 1);
7445 
7446   HValue* op_vals[] = { context, fun, arity, expected_param_count };
7447 
7448   Handle<Code> adaptor =
7449       isolate()->builtins()->ArgumentsAdaptorTrampoline();
7450   HConstant* adaptor_value = Add<HConstant>(adaptor);
7451 
7452   return New<HCallWithDescriptor>(
7453       adaptor_value, argument_count, descriptor,
7454       Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
7455 }
7456 
7457 
BuildCallConstantFunction(Handle<JSFunction> jsfun,int argument_count)7458 HInstruction* HOptimizedGraphBuilder::BuildCallConstantFunction(
7459     Handle<JSFunction> jsfun, int argument_count) {
7460   HValue* target = Add<HConstant>(jsfun);
7461   // For constant functions, we try to avoid calling the
7462   // argument adaptor and instead call the function directly
7463   int formal_parameter_count = jsfun->shared()->formal_parameter_count();
7464   bool dont_adapt_arguments =
7465       (formal_parameter_count ==
7466        SharedFunctionInfo::kDontAdaptArgumentsSentinel);
7467   int arity = argument_count - 1;
7468   bool can_invoke_directly =
7469       dont_adapt_arguments || formal_parameter_count == arity;
7470   if (can_invoke_directly) {
7471     if (jsfun.is_identical_to(current_info()->closure())) {
7472       graph()->MarkRecursive();
7473     }
7474     return NewPlainFunctionCall(target, argument_count, dont_adapt_arguments);
7475   } else {
7476     HValue* param_count_value = Add<HConstant>(formal_parameter_count);
7477     HValue* context = Add<HLoadNamedField>(
7478         target, static_cast<HValue*>(NULL),
7479         HObjectAccess::ForFunctionContextPointer());
7480     return NewArgumentAdaptorCall(target, context,
7481         argument_count, param_count_value);
7482   }
7483   UNREACHABLE();
7484   return NULL;
7485 }
7486 
7487 
7488 class FunctionSorter {
7489  public:
FunctionSorter(int index=0,int ticks=0,int size=0)7490   explicit FunctionSorter(int index = 0, int ticks = 0, int size = 0)
7491       : index_(index), ticks_(ticks), size_(size) {}
7492 
index() const7493   int index() const { return index_; }
ticks() const7494   int ticks() const { return ticks_; }
size() const7495   int size() const { return size_; }
7496 
7497  private:
7498   int index_;
7499   int ticks_;
7500   int size_;
7501 };
7502 
7503 
operator <(const FunctionSorter & lhs,const FunctionSorter & rhs)7504 inline bool operator<(const FunctionSorter& lhs, const FunctionSorter& rhs) {
7505   int diff = lhs.ticks() - rhs.ticks();
7506   if (diff != 0) return diff > 0;
7507   return lhs.size() < rhs.size();
7508 }
7509 
7510 
HandlePolymorphicCallNamed(Call * expr,HValue * receiver,SmallMapList * types,Handle<String> name)7511 void HOptimizedGraphBuilder::HandlePolymorphicCallNamed(
7512     Call* expr,
7513     HValue* receiver,
7514     SmallMapList* types,
7515     Handle<String> name) {
7516   int argument_count = expr->arguments()->length() + 1;  // Includes receiver.
7517   FunctionSorter order[kMaxCallPolymorphism];
7518 
7519   bool handle_smi = false;
7520   bool handled_string = false;
7521   int ordered_functions = 0;
7522 
7523   int i;
7524   for (i = 0; i < types->length() && ordered_functions < kMaxCallPolymorphism;
7525        ++i) {
7526     PropertyAccessInfo info(this, LOAD, ToType(types->at(i)), name);
7527     if (info.CanAccessMonomorphic() && info.IsConstant() &&
7528         info.constant()->IsJSFunction()) {
7529       if (info.type()->Is(Type::String())) {
7530         if (handled_string) continue;
7531         handled_string = true;
7532       }
7533       Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
7534       if (info.type()->Is(Type::Number())) {
7535         handle_smi = true;
7536       }
7537       expr->set_target(target);
7538       order[ordered_functions++] = FunctionSorter(
7539           i, target->shared()->profiler_ticks(), InliningAstSize(target));
7540     }
7541   }
7542 
7543   std::sort(order, order + ordered_functions);
7544 
7545   if (i < types->length()) {
7546     types->Clear();
7547     ordered_functions = -1;
7548   }
7549 
7550   HBasicBlock* number_block = NULL;
7551   HBasicBlock* join = NULL;
7552   handled_string = false;
7553   int count = 0;
7554 
7555   for (int fn = 0; fn < ordered_functions; ++fn) {
7556     int i = order[fn].index();
7557     PropertyAccessInfo info(this, LOAD, ToType(types->at(i)), name);
7558     if (info.type()->Is(Type::String())) {
7559       if (handled_string) continue;
7560       handled_string = true;
7561     }
7562     // Reloads the target.
7563     info.CanAccessMonomorphic();
7564     Handle<JSFunction> target = Handle<JSFunction>::cast(info.constant());
7565 
7566     expr->set_target(target);
7567     if (count == 0) {
7568       // Only needed once.
7569       join = graph()->CreateBasicBlock();
7570       if (handle_smi) {
7571         HBasicBlock* empty_smi_block = graph()->CreateBasicBlock();
7572         HBasicBlock* not_smi_block = graph()->CreateBasicBlock();
7573         number_block = graph()->CreateBasicBlock();
7574         FinishCurrentBlock(New<HIsSmiAndBranch>(
7575                 receiver, empty_smi_block, not_smi_block));
7576         GotoNoSimulate(empty_smi_block, number_block);
7577         set_current_block(not_smi_block);
7578       } else {
7579         BuildCheckHeapObject(receiver);
7580       }
7581     }
7582     ++count;
7583     HBasicBlock* if_true = graph()->CreateBasicBlock();
7584     HBasicBlock* if_false = graph()->CreateBasicBlock();
7585     HUnaryControlInstruction* compare;
7586 
7587     Handle<Map> map = info.map();
7588     if (info.type()->Is(Type::Number())) {
7589       Handle<Map> heap_number_map = isolate()->factory()->heap_number_map();
7590       compare = New<HCompareMap>(receiver, heap_number_map, if_true, if_false);
7591     } else if (info.type()->Is(Type::String())) {
7592       compare = New<HIsStringAndBranch>(receiver, if_true, if_false);
7593     } else {
7594       compare = New<HCompareMap>(receiver, map, if_true, if_false);
7595     }
7596     FinishCurrentBlock(compare);
7597 
7598     if (info.type()->Is(Type::Number())) {
7599       GotoNoSimulate(if_true, number_block);
7600       if_true = number_block;
7601     }
7602 
7603     set_current_block(if_true);
7604 
7605     AddCheckPrototypeMaps(info.holder(), map);
7606 
7607     HValue* function = Add<HConstant>(expr->target());
7608     environment()->SetExpressionStackAt(0, function);
7609     Push(receiver);
7610     CHECK_ALIVE(VisitExpressions(expr->arguments()));
7611     bool needs_wrapping = NeedsWrappingFor(info.type(), target);
7612     bool try_inline = FLAG_polymorphic_inlining && !needs_wrapping;
7613     if (FLAG_trace_inlining && try_inline) {
7614       Handle<JSFunction> caller = current_info()->closure();
7615       SmartArrayPointer<char> caller_name =
7616           caller->shared()->DebugName()->ToCString();
7617       PrintF("Trying to inline the polymorphic call to %s from %s\n",
7618              name->ToCString().get(),
7619              caller_name.get());
7620     }
7621     if (try_inline && TryInlineCall(expr)) {
7622       // Trying to inline will signal that we should bailout from the
7623       // entire compilation by setting stack overflow on the visitor.
7624       if (HasStackOverflow()) return;
7625     } else {
7626       // Since HWrapReceiver currently cannot actually wrap numbers and strings,
7627       // use the regular CallFunctionStub for method calls to wrap the receiver.
7628       // TODO(verwaest): Support creation of value wrappers directly in
7629       // HWrapReceiver.
7630       HInstruction* call = needs_wrapping
7631           ? NewUncasted<HCallFunction>(
7632               function, argument_count, WRAP_AND_CALL)
7633           : BuildCallConstantFunction(target, argument_count);
7634       PushArgumentsFromEnvironment(argument_count);
7635       AddInstruction(call);
7636       Drop(1);  // Drop the function.
7637       if (!ast_context()->IsEffect()) Push(call);
7638     }
7639 
7640     if (current_block() != NULL) Goto(join);
7641     set_current_block(if_false);
7642   }
7643 
7644   // Finish up.  Unconditionally deoptimize if we've handled all the maps we
7645   // know about and do not want to handle ones we've never seen.  Otherwise
7646   // use a generic IC.
7647   if (ordered_functions == types->length() && FLAG_deoptimize_uncommon_cases) {
7648     FinishExitWithHardDeoptimization("Unknown map in polymorphic call");
7649   } else {
7650     Property* prop = expr->expression()->AsProperty();
7651     HInstruction* function = BuildNamedGeneric(
7652         LOAD, prop, receiver, name, NULL, prop->IsUninitialized());
7653     AddInstruction(function);
7654     Push(function);
7655     AddSimulate(prop->LoadId(), REMOVABLE_SIMULATE);
7656 
7657     environment()->SetExpressionStackAt(1, function);
7658     environment()->SetExpressionStackAt(0, receiver);
7659     CHECK_ALIVE(VisitExpressions(expr->arguments()));
7660 
7661     CallFunctionFlags flags = receiver->type().IsJSObject()
7662         ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
7663     HInstruction* call = New<HCallFunction>(
7664         function, argument_count, flags);
7665 
7666     PushArgumentsFromEnvironment(argument_count);
7667 
7668     Drop(1);  // Function.
7669 
7670     if (join != NULL) {
7671       AddInstruction(call);
7672       if (!ast_context()->IsEffect()) Push(call);
7673       Goto(join);
7674     } else {
7675       return ast_context()->ReturnInstruction(call, expr->id());
7676     }
7677   }
7678 
7679   // We assume that control flow is always live after an expression.  So
7680   // even without predecessors to the join block, we set it as the exit
7681   // block and continue by adding instructions there.
7682   DCHECK(join != NULL);
7683   if (join->HasPredecessor()) {
7684     set_current_block(join);
7685     join->SetJoinId(expr->id());
7686     if (!ast_context()->IsEffect()) return ast_context()->ReturnValue(Pop());
7687   } else {
7688     set_current_block(NULL);
7689   }
7690 }
7691 
7692 
TraceInline(Handle<JSFunction> target,Handle<JSFunction> caller,const char * reason)7693 void HOptimizedGraphBuilder::TraceInline(Handle<JSFunction> target,
7694                                          Handle<JSFunction> caller,
7695                                          const char* reason) {
7696   if (FLAG_trace_inlining) {
7697     SmartArrayPointer<char> target_name =
7698         target->shared()->DebugName()->ToCString();
7699     SmartArrayPointer<char> caller_name =
7700         caller->shared()->DebugName()->ToCString();
7701     if (reason == NULL) {
7702       PrintF("Inlined %s called from %s.\n", target_name.get(),
7703              caller_name.get());
7704     } else {
7705       PrintF("Did not inline %s called from %s (%s).\n",
7706              target_name.get(), caller_name.get(), reason);
7707     }
7708   }
7709 }
7710 
7711 
7712 static const int kNotInlinable = 1000000000;
7713 
7714 
InliningAstSize(Handle<JSFunction> target)7715 int HOptimizedGraphBuilder::InliningAstSize(Handle<JSFunction> target) {
7716   if (!FLAG_use_inlining) return kNotInlinable;
7717 
7718   // Precondition: call is monomorphic and we have found a target with the
7719   // appropriate arity.
7720   Handle<JSFunction> caller = current_info()->closure();
7721   Handle<SharedFunctionInfo> target_shared(target->shared());
7722 
7723   // Always inline builtins marked for inlining.
7724   if (target->IsBuiltin()) {
7725     return target_shared->inline_builtin() ? 0 : kNotInlinable;
7726   }
7727 
7728   if (target_shared->IsApiFunction()) {
7729     TraceInline(target, caller, "target is api function");
7730     return kNotInlinable;
7731   }
7732 
7733   // Do a quick check on source code length to avoid parsing large
7734   // inlining candidates.
7735   if (target_shared->SourceSize() >
7736       Min(FLAG_max_inlined_source_size, kUnlimitedMaxInlinedSourceSize)) {
7737     TraceInline(target, caller, "target text too big");
7738     return kNotInlinable;
7739   }
7740 
7741   // Target must be inlineable.
7742   if (!target_shared->IsInlineable()) {
7743     TraceInline(target, caller, "target not inlineable");
7744     return kNotInlinable;
7745   }
7746   if (target_shared->DisableOptimizationReason() != kNoReason) {
7747     TraceInline(target, caller, "target contains unsupported syntax [early]");
7748     return kNotInlinable;
7749   }
7750 
7751   int nodes_added = target_shared->ast_node_count();
7752   return nodes_added;
7753 }
7754 
7755 
TryInline(Handle<JSFunction> target,int arguments_count,HValue * implicit_return_value,BailoutId ast_id,BailoutId return_id,InliningKind inlining_kind,HSourcePosition position)7756 bool HOptimizedGraphBuilder::TryInline(Handle<JSFunction> target,
7757                                        int arguments_count,
7758                                        HValue* implicit_return_value,
7759                                        BailoutId ast_id,
7760                                        BailoutId return_id,
7761                                        InliningKind inlining_kind,
7762                                        HSourcePosition position) {
7763   int nodes_added = InliningAstSize(target);
7764   if (nodes_added == kNotInlinable) return false;
7765 
7766   Handle<JSFunction> caller = current_info()->closure();
7767 
7768   if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
7769     TraceInline(target, caller, "target AST is too large [early]");
7770     return false;
7771   }
7772 
7773   // Don't inline deeper than the maximum number of inlining levels.
7774   HEnvironment* env = environment();
7775   int current_level = 1;
7776   while (env->outer() != NULL) {
7777     if (current_level == FLAG_max_inlining_levels) {
7778       TraceInline(target, caller, "inline depth limit reached");
7779       return false;
7780     }
7781     if (env->outer()->frame_type() == JS_FUNCTION) {
7782       current_level++;
7783     }
7784     env = env->outer();
7785   }
7786 
7787   // Don't inline recursive functions.
7788   for (FunctionState* state = function_state();
7789        state != NULL;
7790        state = state->outer()) {
7791     if (*state->compilation_info()->closure() == *target) {
7792       TraceInline(target, caller, "target is recursive");
7793       return false;
7794     }
7795   }
7796 
7797   // We don't want to add more than a certain number of nodes from inlining.
7798   if (inlined_count_ > Min(FLAG_max_inlined_nodes_cumulative,
7799                            kUnlimitedMaxInlinedNodesCumulative)) {
7800     TraceInline(target, caller, "cumulative AST node limit reached");
7801     return false;
7802   }
7803 
7804   // Parse and allocate variables.
7805   CompilationInfo target_info(target, zone());
7806   // Use the same AstValueFactory for creating strings in the sub-compilation
7807   // step, but don't transfer ownership to target_info.
7808   target_info.SetAstValueFactory(top_info()->ast_value_factory(), false);
7809   Handle<SharedFunctionInfo> target_shared(target->shared());
7810   if (!Parser::Parse(&target_info) || !Scope::Analyze(&target_info)) {
7811     if (target_info.isolate()->has_pending_exception()) {
7812       // Parse or scope error, never optimize this function.
7813       SetStackOverflow();
7814       target_shared->DisableOptimization(kParseScopeError);
7815     }
7816     TraceInline(target, caller, "parse failure");
7817     return false;
7818   }
7819 
7820   if (target_info.scope()->num_heap_slots() > 0) {
7821     TraceInline(target, caller, "target has context-allocated variables");
7822     return false;
7823   }
7824   FunctionLiteral* function = target_info.function();
7825 
7826   // The following conditions must be checked again after re-parsing, because
7827   // earlier the information might not have been complete due to lazy parsing.
7828   nodes_added = function->ast_node_count();
7829   if (nodes_added > Min(FLAG_max_inlined_nodes, kUnlimitedMaxInlinedNodes)) {
7830     TraceInline(target, caller, "target AST is too large [late]");
7831     return false;
7832   }
7833   if (function->dont_optimize()) {
7834     TraceInline(target, caller, "target contains unsupported syntax [late]");
7835     return false;
7836   }
7837 
7838   // If the function uses the arguments object check that inlining of functions
7839   // with arguments object is enabled and the arguments-variable is
7840   // stack allocated.
7841   if (function->scope()->arguments() != NULL) {
7842     if (!FLAG_inline_arguments) {
7843       TraceInline(target, caller, "target uses arguments object");
7844       return false;
7845     }
7846 
7847     if (!function->scope()->arguments()->IsStackAllocated()) {
7848       TraceInline(target,
7849                   caller,
7850                   "target uses non-stackallocated arguments object");
7851       return false;
7852     }
7853   }
7854 
7855   // All declarations must be inlineable.
7856   ZoneList<Declaration*>* decls = target_info.scope()->declarations();
7857   int decl_count = decls->length();
7858   for (int i = 0; i < decl_count; ++i) {
7859     if (!decls->at(i)->IsInlineable()) {
7860       TraceInline(target, caller, "target has non-trivial declaration");
7861       return false;
7862     }
7863   }
7864 
7865   // Generate the deoptimization data for the unoptimized version of
7866   // the target function if we don't already have it.
7867   if (!Compiler::EnsureDeoptimizationSupport(&target_info)) {
7868     TraceInline(target, caller, "could not generate deoptimization info");
7869     return false;
7870   }
7871 
7872   // ----------------------------------------------------------------
7873   // After this point, we've made a decision to inline this function (so
7874   // TryInline should always return true).
7875 
7876   // Type-check the inlined function.
7877   DCHECK(target_shared->has_deoptimization_support());
7878   AstTyper::Run(&target_info);
7879 
7880   int function_id = graph()->TraceInlinedFunction(target_shared, position);
7881 
7882   // Save the pending call context. Set up new one for the inlined function.
7883   // The function state is new-allocated because we need to delete it
7884   // in two different places.
7885   FunctionState* target_state = new FunctionState(
7886       this, &target_info, inlining_kind, function_id);
7887 
7888   HConstant* undefined = graph()->GetConstantUndefined();
7889 
7890   HEnvironment* inner_env =
7891       environment()->CopyForInlining(target,
7892                                      arguments_count,
7893                                      function,
7894                                      undefined,
7895                                      function_state()->inlining_kind());
7896 
7897   HConstant* context = Add<HConstant>(Handle<Context>(target->context()));
7898   inner_env->BindContext(context);
7899 
7900   // Create a dematerialized arguments object for the function, also copy the
7901   // current arguments values to use them for materialization.
7902   HEnvironment* arguments_env = inner_env->arguments_environment();
7903   int parameter_count = arguments_env->parameter_count();
7904   HArgumentsObject* arguments_object = Add<HArgumentsObject>(parameter_count);
7905   for (int i = 0; i < parameter_count; i++) {
7906     arguments_object->AddArgument(arguments_env->Lookup(i), zone());
7907   }
7908 
7909   // If the function uses arguments object then bind bind one.
7910   if (function->scope()->arguments() != NULL) {
7911     DCHECK(function->scope()->arguments()->IsStackAllocated());
7912     inner_env->Bind(function->scope()->arguments(), arguments_object);
7913   }
7914 
7915   // Capture the state before invoking the inlined function for deopt in the
7916   // inlined function. This simulate has no bailout-id since it's not directly
7917   // reachable for deopt, and is only used to capture the state. If the simulate
7918   // becomes reachable by merging, the ast id of the simulate merged into it is
7919   // adopted.
7920   Add<HSimulate>(BailoutId::None());
7921 
7922   current_block()->UpdateEnvironment(inner_env);
7923   Scope* saved_scope = scope();
7924   set_scope(target_info.scope());
7925   HEnterInlined* enter_inlined =
7926       Add<HEnterInlined>(return_id, target, context, arguments_count, function,
7927                          function_state()->inlining_kind(),
7928                          function->scope()->arguments(), arguments_object);
7929   function_state()->set_entry(enter_inlined);
7930 
7931   VisitDeclarations(target_info.scope()->declarations());
7932   VisitStatements(function->body());
7933   set_scope(saved_scope);
7934   if (HasStackOverflow()) {
7935     // Bail out if the inline function did, as we cannot residualize a call
7936     // instead, but do not disable optimization for the outer function.
7937     TraceInline(target, caller, "inline graph construction failed");
7938     target_shared->DisableOptimization(kInliningBailedOut);
7939     current_info()->RetryOptimization(kInliningBailedOut);
7940     delete target_state;
7941     return true;
7942   }
7943 
7944   // Update inlined nodes count.
7945   inlined_count_ += nodes_added;
7946 
7947   Handle<Code> unoptimized_code(target_shared->code());
7948   DCHECK(unoptimized_code->kind() == Code::FUNCTION);
7949   Handle<TypeFeedbackInfo> type_info(
7950       TypeFeedbackInfo::cast(unoptimized_code->type_feedback_info()));
7951   graph()->update_type_change_checksum(type_info->own_type_change_checksum());
7952 
7953   TraceInline(target, caller, NULL);
7954 
7955   if (current_block() != NULL) {
7956     FunctionState* state = function_state();
7957     if (state->inlining_kind() == CONSTRUCT_CALL_RETURN) {
7958       // Falling off the end of an inlined construct call. In a test context the
7959       // return value will always evaluate to true, in a value context the
7960       // return value is the newly allocated receiver.
7961       if (call_context()->IsTest()) {
7962         Goto(inlined_test_context()->if_true(), state);
7963       } else if (call_context()->IsEffect()) {
7964         Goto(function_return(), state);
7965       } else {
7966         DCHECK(call_context()->IsValue());
7967         AddLeaveInlined(implicit_return_value, state);
7968       }
7969     } else if (state->inlining_kind() == SETTER_CALL_RETURN) {
7970       // Falling off the end of an inlined setter call. The returned value is
7971       // never used, the value of an assignment is always the value of the RHS
7972       // of the assignment.
7973       if (call_context()->IsTest()) {
7974         inlined_test_context()->ReturnValue(implicit_return_value);
7975       } else if (call_context()->IsEffect()) {
7976         Goto(function_return(), state);
7977       } else {
7978         DCHECK(call_context()->IsValue());
7979         AddLeaveInlined(implicit_return_value, state);
7980       }
7981     } else {
7982       // Falling off the end of a normal inlined function. This basically means
7983       // returning undefined.
7984       if (call_context()->IsTest()) {
7985         Goto(inlined_test_context()->if_false(), state);
7986       } else if (call_context()->IsEffect()) {
7987         Goto(function_return(), state);
7988       } else {
7989         DCHECK(call_context()->IsValue());
7990         AddLeaveInlined(undefined, state);
7991       }
7992     }
7993   }
7994 
7995   // Fix up the function exits.
7996   if (inlined_test_context() != NULL) {
7997     HBasicBlock* if_true = inlined_test_context()->if_true();
7998     HBasicBlock* if_false = inlined_test_context()->if_false();
7999 
8000     HEnterInlined* entry = function_state()->entry();
8001 
8002     // Pop the return test context from the expression context stack.
8003     DCHECK(ast_context() == inlined_test_context());
8004     ClearInlinedTestContext();
8005     delete target_state;
8006 
8007     // Forward to the real test context.
8008     if (if_true->HasPredecessor()) {
8009       entry->RegisterReturnTarget(if_true, zone());
8010       if_true->SetJoinId(ast_id);
8011       HBasicBlock* true_target = TestContext::cast(ast_context())->if_true();
8012       Goto(if_true, true_target, function_state());
8013     }
8014     if (if_false->HasPredecessor()) {
8015       entry->RegisterReturnTarget(if_false, zone());
8016       if_false->SetJoinId(ast_id);
8017       HBasicBlock* false_target = TestContext::cast(ast_context())->if_false();
8018       Goto(if_false, false_target, function_state());
8019     }
8020     set_current_block(NULL);
8021     return true;
8022 
8023   } else if (function_return()->HasPredecessor()) {
8024     function_state()->entry()->RegisterReturnTarget(function_return(), zone());
8025     function_return()->SetJoinId(ast_id);
8026     set_current_block(function_return());
8027   } else {
8028     set_current_block(NULL);
8029   }
8030   delete target_state;
8031   return true;
8032 }
8033 
8034 
TryInlineCall(Call * expr)8035 bool HOptimizedGraphBuilder::TryInlineCall(Call* expr) {
8036   return TryInline(expr->target(),
8037                    expr->arguments()->length(),
8038                    NULL,
8039                    expr->id(),
8040                    expr->ReturnId(),
8041                    NORMAL_RETURN,
8042                    ScriptPositionToSourcePosition(expr->position()));
8043 }
8044 
8045 
TryInlineConstruct(CallNew * expr,HValue * implicit_return_value)8046 bool HOptimizedGraphBuilder::TryInlineConstruct(CallNew* expr,
8047                                                 HValue* implicit_return_value) {
8048   return TryInline(expr->target(),
8049                    expr->arguments()->length(),
8050                    implicit_return_value,
8051                    expr->id(),
8052                    expr->ReturnId(),
8053                    CONSTRUCT_CALL_RETURN,
8054                    ScriptPositionToSourcePosition(expr->position()));
8055 }
8056 
8057 
TryInlineGetter(Handle<JSFunction> getter,Handle<Map> receiver_map,BailoutId ast_id,BailoutId return_id)8058 bool HOptimizedGraphBuilder::TryInlineGetter(Handle<JSFunction> getter,
8059                                              Handle<Map> receiver_map,
8060                                              BailoutId ast_id,
8061                                              BailoutId return_id) {
8062   if (TryInlineApiGetter(getter, receiver_map, ast_id)) return true;
8063   return TryInline(getter,
8064                    0,
8065                    NULL,
8066                    ast_id,
8067                    return_id,
8068                    GETTER_CALL_RETURN,
8069                    source_position());
8070 }
8071 
8072 
TryInlineSetter(Handle<JSFunction> setter,Handle<Map> receiver_map,BailoutId id,BailoutId assignment_id,HValue * implicit_return_value)8073 bool HOptimizedGraphBuilder::TryInlineSetter(Handle<JSFunction> setter,
8074                                              Handle<Map> receiver_map,
8075                                              BailoutId id,
8076                                              BailoutId assignment_id,
8077                                              HValue* implicit_return_value) {
8078   if (TryInlineApiSetter(setter, receiver_map, id)) return true;
8079   return TryInline(setter,
8080                    1,
8081                    implicit_return_value,
8082                    id, assignment_id,
8083                    SETTER_CALL_RETURN,
8084                    source_position());
8085 }
8086 
8087 
TryInlineApply(Handle<JSFunction> function,Call * expr,int arguments_count)8088 bool HOptimizedGraphBuilder::TryInlineApply(Handle<JSFunction> function,
8089                                             Call* expr,
8090                                             int arguments_count) {
8091   return TryInline(function,
8092                    arguments_count,
8093                    NULL,
8094                    expr->id(),
8095                    expr->ReturnId(),
8096                    NORMAL_RETURN,
8097                    ScriptPositionToSourcePosition(expr->position()));
8098 }
8099 
8100 
TryInlineBuiltinFunctionCall(Call * expr)8101 bool HOptimizedGraphBuilder::TryInlineBuiltinFunctionCall(Call* expr) {
8102   if (!expr->target()->shared()->HasBuiltinFunctionId()) return false;
8103   BuiltinFunctionId id = expr->target()->shared()->builtin_function_id();
8104   switch (id) {
8105     case kMathExp:
8106       if (!FLAG_fast_math) break;
8107       // Fall through if FLAG_fast_math.
8108     case kMathRound:
8109     case kMathFround:
8110     case kMathFloor:
8111     case kMathAbs:
8112     case kMathSqrt:
8113     case kMathLog:
8114     case kMathClz32:
8115       if (expr->arguments()->length() == 1) {
8116         HValue* argument = Pop();
8117         Drop(2);  // Receiver and function.
8118         HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8119         ast_context()->ReturnInstruction(op, expr->id());
8120         return true;
8121       }
8122       break;
8123     case kMathImul:
8124       if (expr->arguments()->length() == 2) {
8125         HValue* right = Pop();
8126         HValue* left = Pop();
8127         Drop(2);  // Receiver and function.
8128         HInstruction* op = HMul::NewImul(zone(), context(), left, right);
8129         ast_context()->ReturnInstruction(op, expr->id());
8130         return true;
8131       }
8132       break;
8133     default:
8134       // Not supported for inlining yet.
8135       break;
8136   }
8137   return false;
8138 }
8139 
8140 
TryInlineBuiltinMethodCall(Call * expr,HValue * receiver,Handle<Map> receiver_map)8141 bool HOptimizedGraphBuilder::TryInlineBuiltinMethodCall(
8142     Call* expr,
8143     HValue* receiver,
8144     Handle<Map> receiver_map) {
8145   // Try to inline calls like Math.* as operations in the calling function.
8146   if (!expr->target()->shared()->HasBuiltinFunctionId()) return false;
8147   BuiltinFunctionId id = expr->target()->shared()->builtin_function_id();
8148   int argument_count = expr->arguments()->length() + 1;  // Plus receiver.
8149   switch (id) {
8150     case kStringCharCodeAt:
8151     case kStringCharAt:
8152       if (argument_count == 2) {
8153         HValue* index = Pop();
8154         HValue* string = Pop();
8155         Drop(1);  // Function.
8156         HInstruction* char_code =
8157             BuildStringCharCodeAt(string, index);
8158         if (id == kStringCharCodeAt) {
8159           ast_context()->ReturnInstruction(char_code, expr->id());
8160           return true;
8161         }
8162         AddInstruction(char_code);
8163         HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
8164         ast_context()->ReturnInstruction(result, expr->id());
8165         return true;
8166       }
8167       break;
8168     case kStringFromCharCode:
8169       if (argument_count == 2) {
8170         HValue* argument = Pop();
8171         Drop(2);  // Receiver and function.
8172         HInstruction* result = NewUncasted<HStringCharFromCode>(argument);
8173         ast_context()->ReturnInstruction(result, expr->id());
8174         return true;
8175       }
8176       break;
8177     case kMathExp:
8178       if (!FLAG_fast_math) break;
8179       // Fall through if FLAG_fast_math.
8180     case kMathRound:
8181     case kMathFround:
8182     case kMathFloor:
8183     case kMathAbs:
8184     case kMathSqrt:
8185     case kMathLog:
8186     case kMathClz32:
8187       if (argument_count == 2) {
8188         HValue* argument = Pop();
8189         Drop(2);  // Receiver and function.
8190         HInstruction* op = NewUncasted<HUnaryMathOperation>(argument, id);
8191         ast_context()->ReturnInstruction(op, expr->id());
8192         return true;
8193       }
8194       break;
8195     case kMathPow:
8196       if (argument_count == 3) {
8197         HValue* right = Pop();
8198         HValue* left = Pop();
8199         Drop(2);  // Receiver and function.
8200         HInstruction* result = NULL;
8201         // Use sqrt() if exponent is 0.5 or -0.5.
8202         if (right->IsConstant() && HConstant::cast(right)->HasDoubleValue()) {
8203           double exponent = HConstant::cast(right)->DoubleValue();
8204           if (exponent == 0.5) {
8205             result = NewUncasted<HUnaryMathOperation>(left, kMathPowHalf);
8206           } else if (exponent == -0.5) {
8207             HValue* one = graph()->GetConstant1();
8208             HInstruction* sqrt = AddUncasted<HUnaryMathOperation>(
8209                 left, kMathPowHalf);
8210             // MathPowHalf doesn't have side effects so there's no need for
8211             // an environment simulation here.
8212             DCHECK(!sqrt->HasObservableSideEffects());
8213             result = NewUncasted<HDiv>(one, sqrt);
8214           } else if (exponent == 2.0) {
8215             result = NewUncasted<HMul>(left, left);
8216           }
8217         }
8218 
8219         if (result == NULL) {
8220           result = NewUncasted<HPower>(left, right);
8221         }
8222         ast_context()->ReturnInstruction(result, expr->id());
8223         return true;
8224       }
8225       break;
8226     case kMathMax:
8227     case kMathMin:
8228       if (argument_count == 3) {
8229         HValue* right = Pop();
8230         HValue* left = Pop();
8231         Drop(2);  // Receiver and function.
8232         HMathMinMax::Operation op = (id == kMathMin) ? HMathMinMax::kMathMin
8233                                                      : HMathMinMax::kMathMax;
8234         HInstruction* result = NewUncasted<HMathMinMax>(left, right, op);
8235         ast_context()->ReturnInstruction(result, expr->id());
8236         return true;
8237       }
8238       break;
8239     case kMathImul:
8240       if (argument_count == 3) {
8241         HValue* right = Pop();
8242         HValue* left = Pop();
8243         Drop(2);  // Receiver and function.
8244         HInstruction* result = HMul::NewImul(zone(), context(), left, right);
8245         ast_context()->ReturnInstruction(result, expr->id());
8246         return true;
8247       }
8248       break;
8249     case kArrayPop: {
8250       if (receiver_map.is_null()) return false;
8251       if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
8252       ElementsKind elements_kind = receiver_map->elements_kind();
8253       if (!IsFastElementsKind(elements_kind)) return false;
8254       if (receiver_map->is_observed()) return false;
8255       if (!receiver_map->is_extensible()) return false;
8256 
8257       Drop(expr->arguments()->length());
8258       HValue* result;
8259       HValue* reduced_length;
8260       HValue* receiver = Pop();
8261 
8262       HValue* checked_object = AddCheckMap(receiver, receiver_map);
8263       HValue* length = Add<HLoadNamedField>(
8264           checked_object, static_cast<HValue*>(NULL),
8265           HObjectAccess::ForArrayLength(elements_kind));
8266 
8267       Drop(1);  // Function.
8268 
8269       { NoObservableSideEffectsScope scope(this);
8270         IfBuilder length_checker(this);
8271 
8272         HValue* bounds_check = length_checker.If<HCompareNumericAndBranch>(
8273             length, graph()->GetConstant0(), Token::EQ);
8274         length_checker.Then();
8275 
8276         if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8277 
8278         length_checker.Else();
8279         HValue* elements = AddLoadElements(checked_object);
8280         // Ensure that we aren't popping from a copy-on-write array.
8281         if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8282           elements = BuildCopyElementsOnWrite(checked_object, elements,
8283                                               elements_kind, length);
8284         }
8285         reduced_length = AddUncasted<HSub>(length, graph()->GetConstant1());
8286         result = AddElementAccess(elements, reduced_length, NULL,
8287                                   bounds_check, elements_kind, LOAD);
8288         Factory* factory = isolate()->factory();
8289         double nan_double = FixedDoubleArray::hole_nan_as_double();
8290         HValue* hole = IsFastSmiOrObjectElementsKind(elements_kind)
8291             ? Add<HConstant>(factory->the_hole_value())
8292             : Add<HConstant>(nan_double);
8293         if (IsFastSmiOrObjectElementsKind(elements_kind)) {
8294           elements_kind = FAST_HOLEY_ELEMENTS;
8295         }
8296         AddElementAccess(
8297             elements, reduced_length, hole, bounds_check, elements_kind, STORE);
8298         Add<HStoreNamedField>(
8299             checked_object, HObjectAccess::ForArrayLength(elements_kind),
8300             reduced_length, STORE_TO_INITIALIZED_ENTRY);
8301 
8302         if (!ast_context()->IsEffect()) Push(result);
8303 
8304         length_checker.End();
8305       }
8306       result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8307       Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8308       if (!ast_context()->IsEffect()) Drop(1);
8309 
8310       ast_context()->ReturnValue(result);
8311       return true;
8312     }
8313     case kArrayPush: {
8314       if (receiver_map.is_null()) return false;
8315       if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
8316       ElementsKind elements_kind = receiver_map->elements_kind();
8317       if (!IsFastElementsKind(elements_kind)) return false;
8318       if (receiver_map->is_observed()) return false;
8319       if (JSArray::IsReadOnlyLengthDescriptor(receiver_map)) return false;
8320       if (!receiver_map->is_extensible()) return false;
8321 
8322       // If there may be elements accessors in the prototype chain, the fast
8323       // inlined version can't be used.
8324       if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8325       // If there currently can be no elements accessors on the prototype chain,
8326       // it doesn't mean that there won't be any later. Install a full prototype
8327       // chain check to trap element accessors being installed on the prototype
8328       // chain, which would cause elements to go to dictionary mode and result
8329       // in a map change.
8330       Handle<JSObject> prototype(JSObject::cast(receiver_map->prototype()));
8331       BuildCheckPrototypeMaps(prototype, Handle<JSObject>());
8332 
8333       const int argc = expr->arguments()->length();
8334       if (argc != 1) return false;
8335 
8336       HValue* value_to_push = Pop();
8337       HValue* array = Pop();
8338       Drop(1);  // Drop function.
8339 
8340       HInstruction* new_size = NULL;
8341       HValue* length = NULL;
8342 
8343       {
8344         NoObservableSideEffectsScope scope(this);
8345 
8346         length = Add<HLoadNamedField>(array, static_cast<HValue*>(NULL),
8347           HObjectAccess::ForArrayLength(elements_kind));
8348 
8349         new_size = AddUncasted<HAdd>(length, graph()->GetConstant1());
8350 
8351         bool is_array = receiver_map->instance_type() == JS_ARRAY_TYPE;
8352         BuildUncheckedMonomorphicElementAccess(array, length,
8353                                                value_to_push, is_array,
8354                                                elements_kind, STORE,
8355                                                NEVER_RETURN_HOLE,
8356                                                STORE_AND_GROW_NO_TRANSITION);
8357 
8358         if (!ast_context()->IsEffect()) Push(new_size);
8359         Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8360         if (!ast_context()->IsEffect()) Drop(1);
8361       }
8362 
8363       ast_context()->ReturnValue(new_size);
8364       return true;
8365     }
8366     case kArrayShift: {
8367       if (receiver_map.is_null()) return false;
8368       if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
8369       ElementsKind kind = receiver_map->elements_kind();
8370       if (!IsFastElementsKind(kind)) return false;
8371       if (receiver_map->is_observed()) return false;
8372       if (!receiver_map->is_extensible()) return false;
8373 
8374       // If there may be elements accessors in the prototype chain, the fast
8375       // inlined version can't be used.
8376       if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8377 
8378       // If there currently can be no elements accessors on the prototype chain,
8379       // it doesn't mean that there won't be any later. Install a full prototype
8380       // chain check to trap element accessors being installed on the prototype
8381       // chain, which would cause elements to go to dictionary mode and result
8382       // in a map change.
8383       BuildCheckPrototypeMaps(
8384           handle(JSObject::cast(receiver_map->prototype()), isolate()),
8385           Handle<JSObject>::null());
8386 
8387       // Threshold for fast inlined Array.shift().
8388       HConstant* inline_threshold = Add<HConstant>(static_cast<int32_t>(16));
8389 
8390       Drop(expr->arguments()->length());
8391       HValue* receiver = Pop();
8392       HValue* function = Pop();
8393       HValue* result;
8394 
8395       {
8396         NoObservableSideEffectsScope scope(this);
8397 
8398         HValue* length = Add<HLoadNamedField>(
8399             receiver, static_cast<HValue*>(NULL),
8400             HObjectAccess::ForArrayLength(kind));
8401 
8402         IfBuilder if_lengthiszero(this);
8403         HValue* lengthiszero = if_lengthiszero.If<HCompareNumericAndBranch>(
8404             length, graph()->GetConstant0(), Token::EQ);
8405         if_lengthiszero.Then();
8406         {
8407           if (!ast_context()->IsEffect()) Push(graph()->GetConstantUndefined());
8408         }
8409         if_lengthiszero.Else();
8410         {
8411           HValue* elements = AddLoadElements(receiver);
8412 
8413           // Check if we can use the fast inlined Array.shift().
8414           IfBuilder if_inline(this);
8415           if_inline.If<HCompareNumericAndBranch>(
8416               length, inline_threshold, Token::LTE);
8417           if (IsFastSmiOrObjectElementsKind(kind)) {
8418             // We cannot handle copy-on-write backing stores here.
8419             if_inline.AndIf<HCompareMap>(
8420                 elements, isolate()->factory()->fixed_array_map());
8421           }
8422           if_inline.Then();
8423           {
8424             // Remember the result.
8425             if (!ast_context()->IsEffect()) {
8426               Push(AddElementAccess(elements, graph()->GetConstant0(), NULL,
8427                                     lengthiszero, kind, LOAD));
8428             }
8429 
8430             // Compute the new length.
8431             HValue* new_length = AddUncasted<HSub>(
8432                 length, graph()->GetConstant1());
8433             new_length->ClearFlag(HValue::kCanOverflow);
8434 
8435             // Copy the remaining elements.
8436             LoopBuilder loop(this, context(), LoopBuilder::kPostIncrement);
8437             {
8438               HValue* new_key = loop.BeginBody(
8439                   graph()->GetConstant0(), new_length, Token::LT);
8440               HValue* key = AddUncasted<HAdd>(new_key, graph()->GetConstant1());
8441               key->ClearFlag(HValue::kCanOverflow);
8442               HValue* element = AddUncasted<HLoadKeyed>(
8443                   elements, key, lengthiszero, kind, ALLOW_RETURN_HOLE);
8444               HStoreKeyed* store = Add<HStoreKeyed>(
8445                   elements, new_key, element, kind);
8446               store->SetFlag(HValue::kAllowUndefinedAsNaN);
8447             }
8448             loop.EndBody();
8449 
8450             // Put a hole at the end.
8451             HValue* hole = IsFastSmiOrObjectElementsKind(kind)
8452                 ? Add<HConstant>(isolate()->factory()->the_hole_value())
8453                 : Add<HConstant>(FixedDoubleArray::hole_nan_as_double());
8454             if (IsFastSmiOrObjectElementsKind(kind)) kind = FAST_HOLEY_ELEMENTS;
8455             Add<HStoreKeyed>(
8456                 elements, new_length, hole, kind, INITIALIZING_STORE);
8457 
8458             // Remember new length.
8459             Add<HStoreNamedField>(
8460                 receiver, HObjectAccess::ForArrayLength(kind),
8461                 new_length, STORE_TO_INITIALIZED_ENTRY);
8462           }
8463           if_inline.Else();
8464           {
8465             Add<HPushArguments>(receiver);
8466             result = Add<HCallJSFunction>(function, 1, true);
8467             if (!ast_context()->IsEffect()) Push(result);
8468           }
8469           if_inline.End();
8470         }
8471         if_lengthiszero.End();
8472       }
8473       result = ast_context()->IsEffect() ? graph()->GetConstant0() : Top();
8474       Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8475       if (!ast_context()->IsEffect()) Drop(1);
8476       ast_context()->ReturnValue(result);
8477       return true;
8478     }
8479     case kArrayIndexOf:
8480     case kArrayLastIndexOf: {
8481       if (receiver_map.is_null()) return false;
8482       if (receiver_map->instance_type() != JS_ARRAY_TYPE) return false;
8483       ElementsKind kind = receiver_map->elements_kind();
8484       if (!IsFastElementsKind(kind)) return false;
8485       if (receiver_map->is_observed()) return false;
8486       if (argument_count != 2) return false;
8487       if (!receiver_map->is_extensible()) return false;
8488 
8489       // If there may be elements accessors in the prototype chain, the fast
8490       // inlined version can't be used.
8491       if (receiver_map->DictionaryElementsInPrototypeChainOnly()) return false;
8492 
8493       // If there currently can be no elements accessors on the prototype chain,
8494       // it doesn't mean that there won't be any later. Install a full prototype
8495       // chain check to trap element accessors being installed on the prototype
8496       // chain, which would cause elements to go to dictionary mode and result
8497       // in a map change.
8498       BuildCheckPrototypeMaps(
8499           handle(JSObject::cast(receiver_map->prototype()), isolate()),
8500           Handle<JSObject>::null());
8501 
8502       HValue* search_element = Pop();
8503       HValue* receiver = Pop();
8504       Drop(1);  // Drop function.
8505 
8506       ArrayIndexOfMode mode = (id == kArrayIndexOf)
8507           ? kFirstIndexOf : kLastIndexOf;
8508       HValue* index = BuildArrayIndexOf(receiver, search_element, kind, mode);
8509 
8510       if (!ast_context()->IsEffect()) Push(index);
8511       Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
8512       if (!ast_context()->IsEffect()) Drop(1);
8513       ast_context()->ReturnValue(index);
8514       return true;
8515     }
8516     default:
8517       // Not yet supported for inlining.
8518       break;
8519   }
8520   return false;
8521 }
8522 
8523 
TryInlineApiFunctionCall(Call * expr,HValue * receiver)8524 bool HOptimizedGraphBuilder::TryInlineApiFunctionCall(Call* expr,
8525                                                       HValue* receiver) {
8526   Handle<JSFunction> function = expr->target();
8527   int argc = expr->arguments()->length();
8528   SmallMapList receiver_maps;
8529   return TryInlineApiCall(function,
8530                           receiver,
8531                           &receiver_maps,
8532                           argc,
8533                           expr->id(),
8534                           kCallApiFunction);
8535 }
8536 
8537 
TryInlineApiMethodCall(Call * expr,HValue * receiver,SmallMapList * receiver_maps)8538 bool HOptimizedGraphBuilder::TryInlineApiMethodCall(
8539     Call* expr,
8540     HValue* receiver,
8541     SmallMapList* receiver_maps) {
8542   Handle<JSFunction> function = expr->target();
8543   int argc = expr->arguments()->length();
8544   return TryInlineApiCall(function,
8545                           receiver,
8546                           receiver_maps,
8547                           argc,
8548                           expr->id(),
8549                           kCallApiMethod);
8550 }
8551 
8552 
TryInlineApiGetter(Handle<JSFunction> function,Handle<Map> receiver_map,BailoutId ast_id)8553 bool HOptimizedGraphBuilder::TryInlineApiGetter(Handle<JSFunction> function,
8554                                                 Handle<Map> receiver_map,
8555                                                 BailoutId ast_id) {
8556   SmallMapList receiver_maps(1, zone());
8557   receiver_maps.Add(receiver_map, zone());
8558   return TryInlineApiCall(function,
8559                           NULL,  // Receiver is on expression stack.
8560                           &receiver_maps,
8561                           0,
8562                           ast_id,
8563                           kCallApiGetter);
8564 }
8565 
8566 
TryInlineApiSetter(Handle<JSFunction> function,Handle<Map> receiver_map,BailoutId ast_id)8567 bool HOptimizedGraphBuilder::TryInlineApiSetter(Handle<JSFunction> function,
8568                                                 Handle<Map> receiver_map,
8569                                                 BailoutId ast_id) {
8570   SmallMapList receiver_maps(1, zone());
8571   receiver_maps.Add(receiver_map, zone());
8572   return TryInlineApiCall(function,
8573                           NULL,  // Receiver is on expression stack.
8574                           &receiver_maps,
8575                           1,
8576                           ast_id,
8577                           kCallApiSetter);
8578 }
8579 
8580 
TryInlineApiCall(Handle<JSFunction> function,HValue * receiver,SmallMapList * receiver_maps,int argc,BailoutId ast_id,ApiCallType call_type)8581 bool HOptimizedGraphBuilder::TryInlineApiCall(Handle<JSFunction> function,
8582                                                HValue* receiver,
8583                                                SmallMapList* receiver_maps,
8584                                                int argc,
8585                                                BailoutId ast_id,
8586                                                ApiCallType call_type) {
8587   CallOptimization optimization(function);
8588   if (!optimization.is_simple_api_call()) return false;
8589   Handle<Map> holder_map;
8590   if (call_type == kCallApiFunction) {
8591     // Cannot embed a direct reference to the global proxy map
8592     // as it maybe dropped on deserialization.
8593     CHECK(!isolate()->serializer_enabled());
8594     DCHECK_EQ(0, receiver_maps->length());
8595     receiver_maps->Add(handle(function->global_proxy()->map()), zone());
8596   }
8597   CallOptimization::HolderLookup holder_lookup =
8598       CallOptimization::kHolderNotFound;
8599   Handle<JSObject> api_holder = optimization.LookupHolderOfExpectedType(
8600       receiver_maps->first(), &holder_lookup);
8601   if (holder_lookup == CallOptimization::kHolderNotFound) return false;
8602 
8603   if (FLAG_trace_inlining) {
8604     PrintF("Inlining api function ");
8605     function->ShortPrint();
8606     PrintF("\n");
8607   }
8608 
8609   bool drop_extra = false;
8610   bool is_store = false;
8611   switch (call_type) {
8612     case kCallApiFunction:
8613     case kCallApiMethod:
8614       // Need to check that none of the receiver maps could have changed.
8615       Add<HCheckMaps>(receiver, receiver_maps);
8616       // Need to ensure the chain between receiver and api_holder is intact.
8617       if (holder_lookup == CallOptimization::kHolderFound) {
8618         AddCheckPrototypeMaps(api_holder, receiver_maps->first());
8619       } else {
8620         DCHECK_EQ(holder_lookup, CallOptimization::kHolderIsReceiver);
8621       }
8622       // Includes receiver.
8623       PushArgumentsFromEnvironment(argc + 1);
8624       // Drop function after call.
8625       drop_extra = true;
8626       break;
8627     case kCallApiGetter:
8628       // Receiver and prototype chain cannot have changed.
8629       DCHECK_EQ(0, argc);
8630       DCHECK_EQ(NULL, receiver);
8631       // Receiver is on expression stack.
8632       receiver = Pop();
8633       Add<HPushArguments>(receiver);
8634       break;
8635     case kCallApiSetter:
8636       {
8637         is_store = true;
8638         // Receiver and prototype chain cannot have changed.
8639         DCHECK_EQ(1, argc);
8640         DCHECK_EQ(NULL, receiver);
8641         // Receiver and value are on expression stack.
8642         HValue* value = Pop();
8643         receiver = Pop();
8644         Add<HPushArguments>(receiver, value);
8645         break;
8646      }
8647   }
8648 
8649   HValue* holder = NULL;
8650   switch (holder_lookup) {
8651     case CallOptimization::kHolderFound:
8652       holder = Add<HConstant>(api_holder);
8653       break;
8654     case CallOptimization::kHolderIsReceiver:
8655       holder = receiver;
8656       break;
8657     case CallOptimization::kHolderNotFound:
8658       UNREACHABLE();
8659       break;
8660   }
8661   Handle<CallHandlerInfo> api_call_info = optimization.api_call_info();
8662   Handle<Object> call_data_obj(api_call_info->data(), isolate());
8663   bool call_data_is_undefined = call_data_obj->IsUndefined();
8664   HValue* call_data = Add<HConstant>(call_data_obj);
8665   ApiFunction fun(v8::ToCData<Address>(api_call_info->callback()));
8666   ExternalReference ref = ExternalReference(&fun,
8667                                             ExternalReference::DIRECT_API_CALL,
8668                                             isolate());
8669   HValue* api_function_address = Add<HConstant>(ExternalReference(ref));
8670 
8671   HValue* op_vals[] = {
8672     context(),
8673     Add<HConstant>(function),
8674     call_data,
8675     holder,
8676     api_function_address
8677   };
8678 
8679   ApiFunctionDescriptor descriptor(isolate());
8680   CallApiFunctionStub stub(isolate(), is_store, call_data_is_undefined, argc);
8681   Handle<Code> code = stub.GetCode();
8682   HConstant* code_value = Add<HConstant>(code);
8683 
8684   DCHECK((sizeof(op_vals) / kPointerSize) == descriptor.GetEnvironmentLength());
8685 
8686   HInstruction* call = New<HCallWithDescriptor>(
8687       code_value, argc + 1, descriptor,
8688       Vector<HValue*>(op_vals, descriptor.GetEnvironmentLength()));
8689 
8690   if (drop_extra) Drop(1);  // Drop function.
8691   ast_context()->ReturnInstruction(call, ast_id);
8692   return true;
8693 }
8694 
8695 
TryCallApply(Call * expr)8696 bool HOptimizedGraphBuilder::TryCallApply(Call* expr) {
8697   DCHECK(expr->expression()->IsProperty());
8698 
8699   if (!expr->IsMonomorphic()) {
8700     return false;
8701   }
8702   Handle<Map> function_map = expr->GetReceiverTypes()->first();
8703   if (function_map->instance_type() != JS_FUNCTION_TYPE ||
8704       !expr->target()->shared()->HasBuiltinFunctionId() ||
8705       expr->target()->shared()->builtin_function_id() != kFunctionApply) {
8706     return false;
8707   }
8708 
8709   if (current_info()->scope()->arguments() == NULL) return false;
8710 
8711   ZoneList<Expression*>* args = expr->arguments();
8712   if (args->length() != 2) return false;
8713 
8714   VariableProxy* arg_two = args->at(1)->AsVariableProxy();
8715   if (arg_two == NULL || !arg_two->var()->IsStackAllocated()) return false;
8716   HValue* arg_two_value = LookupAndMakeLive(arg_two->var());
8717   if (!arg_two_value->CheckFlag(HValue::kIsArguments)) return false;
8718 
8719   // Found pattern f.apply(receiver, arguments).
8720   CHECK_ALIVE_OR_RETURN(VisitForValue(args->at(0)), true);
8721   HValue* receiver = Pop();  // receiver
8722   HValue* function = Pop();  // f
8723   Drop(1);  // apply
8724 
8725   HValue* checked_function = AddCheckMap(function, function_map);
8726 
8727   if (function_state()->outer() == NULL) {
8728     HInstruction* elements = Add<HArgumentsElements>(false);
8729     HInstruction* length = Add<HArgumentsLength>(elements);
8730     HValue* wrapped_receiver = BuildWrapReceiver(receiver, checked_function);
8731     HInstruction* result = New<HApplyArguments>(function,
8732                                                 wrapped_receiver,
8733                                                 length,
8734                                                 elements);
8735     ast_context()->ReturnInstruction(result, expr->id());
8736     return true;
8737   } else {
8738     // We are inside inlined function and we know exactly what is inside
8739     // arguments object. But we need to be able to materialize at deopt.
8740     DCHECK_EQ(environment()->arguments_environment()->parameter_count(),
8741               function_state()->entry()->arguments_object()->arguments_count());
8742     HArgumentsObject* args = function_state()->entry()->arguments_object();
8743     const ZoneList<HValue*>* arguments_values = args->arguments_values();
8744     int arguments_count = arguments_values->length();
8745     Push(function);
8746     Push(BuildWrapReceiver(receiver, checked_function));
8747     for (int i = 1; i < arguments_count; i++) {
8748       Push(arguments_values->at(i));
8749     }
8750 
8751     Handle<JSFunction> known_function;
8752     if (function->IsConstant() &&
8753         HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
8754       known_function = Handle<JSFunction>::cast(
8755           HConstant::cast(function)->handle(isolate()));
8756       int args_count = arguments_count - 1;  // Excluding receiver.
8757       if (TryInlineApply(known_function, expr, args_count)) return true;
8758     }
8759 
8760     PushArgumentsFromEnvironment(arguments_count);
8761     HInvokeFunction* call = New<HInvokeFunction>(
8762         function, known_function, arguments_count);
8763     Drop(1);  // Function.
8764     ast_context()->ReturnInstruction(call, expr->id());
8765     return true;
8766   }
8767 }
8768 
8769 
ImplicitReceiverFor(HValue * function,Handle<JSFunction> target)8770 HValue* HOptimizedGraphBuilder::ImplicitReceiverFor(HValue* function,
8771                                                     Handle<JSFunction> target) {
8772   SharedFunctionInfo* shared = target->shared();
8773   if (shared->strict_mode() == SLOPPY && !shared->native()) {
8774     // Cannot embed a direct reference to the global proxy
8775     // as is it dropped on deserialization.
8776     CHECK(!isolate()->serializer_enabled());
8777     Handle<JSObject> global_proxy(target->context()->global_proxy());
8778     return Add<HConstant>(global_proxy);
8779   }
8780   return graph()->GetConstantUndefined();
8781 }
8782 
8783 
BuildArrayCall(Expression * expression,int arguments_count,HValue * function,Handle<AllocationSite> site)8784 void HOptimizedGraphBuilder::BuildArrayCall(Expression* expression,
8785                                             int arguments_count,
8786                                             HValue* function,
8787                                             Handle<AllocationSite> site) {
8788   Add<HCheckValue>(function, array_function());
8789 
8790   if (IsCallArrayInlineable(arguments_count, site)) {
8791     BuildInlinedCallArray(expression, arguments_count, site);
8792     return;
8793   }
8794 
8795   HInstruction* call = PreProcessCall(New<HCallNewArray>(
8796       function, arguments_count + 1, site->GetElementsKind()));
8797   if (expression->IsCall()) {
8798     Drop(1);
8799   }
8800   ast_context()->ReturnInstruction(call, expression->id());
8801 }
8802 
8803 
BuildArrayIndexOf(HValue * receiver,HValue * search_element,ElementsKind kind,ArrayIndexOfMode mode)8804 HValue* HOptimizedGraphBuilder::BuildArrayIndexOf(HValue* receiver,
8805                                                   HValue* search_element,
8806                                                   ElementsKind kind,
8807                                                   ArrayIndexOfMode mode) {
8808   DCHECK(IsFastElementsKind(kind));
8809 
8810   NoObservableSideEffectsScope no_effects(this);
8811 
8812   HValue* elements = AddLoadElements(receiver);
8813   HValue* length = AddLoadArrayLength(receiver, kind);
8814 
8815   HValue* initial;
8816   HValue* terminating;
8817   Token::Value token;
8818   LoopBuilder::Direction direction;
8819   if (mode == kFirstIndexOf) {
8820     initial = graph()->GetConstant0();
8821     terminating = length;
8822     token = Token::LT;
8823     direction = LoopBuilder::kPostIncrement;
8824   } else {
8825     DCHECK_EQ(kLastIndexOf, mode);
8826     initial = length;
8827     terminating = graph()->GetConstant0();
8828     token = Token::GT;
8829     direction = LoopBuilder::kPreDecrement;
8830   }
8831 
8832   Push(graph()->GetConstantMinus1());
8833   if (IsFastDoubleElementsKind(kind) || IsFastSmiElementsKind(kind)) {
8834     // Make sure that we can actually compare numbers correctly below, see
8835     // https://code.google.com/p/chromium/issues/detail?id=407946 for details.
8836     search_element = AddUncasted<HForceRepresentation>(
8837         search_element, IsFastSmiElementsKind(kind) ? Representation::Smi()
8838                                                     : Representation::Double());
8839 
8840     LoopBuilder loop(this, context(), direction);
8841     {
8842       HValue* index = loop.BeginBody(initial, terminating, token);
8843       HValue* element = AddUncasted<HLoadKeyed>(
8844           elements, index, static_cast<HValue*>(NULL),
8845           kind, ALLOW_RETURN_HOLE);
8846       IfBuilder if_issame(this);
8847       if_issame.If<HCompareNumericAndBranch>(element, search_element,
8848                                              Token::EQ_STRICT);
8849       if_issame.Then();
8850       {
8851         Drop(1);
8852         Push(index);
8853         loop.Break();
8854       }
8855       if_issame.End();
8856     }
8857     loop.EndBody();
8858   } else {
8859     IfBuilder if_isstring(this);
8860     if_isstring.If<HIsStringAndBranch>(search_element);
8861     if_isstring.Then();
8862     {
8863       LoopBuilder loop(this, context(), direction);
8864       {
8865         HValue* index = loop.BeginBody(initial, terminating, token);
8866         HValue* element = AddUncasted<HLoadKeyed>(
8867             elements, index, static_cast<HValue*>(NULL),
8868             kind, ALLOW_RETURN_HOLE);
8869         IfBuilder if_issame(this);
8870         if_issame.If<HIsStringAndBranch>(element);
8871         if_issame.AndIf<HStringCompareAndBranch>(
8872             element, search_element, Token::EQ_STRICT);
8873         if_issame.Then();
8874         {
8875           Drop(1);
8876           Push(index);
8877           loop.Break();
8878         }
8879         if_issame.End();
8880       }
8881       loop.EndBody();
8882     }
8883     if_isstring.Else();
8884     {
8885       IfBuilder if_isnumber(this);
8886       if_isnumber.If<HIsSmiAndBranch>(search_element);
8887       if_isnumber.OrIf<HCompareMap>(
8888           search_element, isolate()->factory()->heap_number_map());
8889       if_isnumber.Then();
8890       {
8891         HValue* search_number =
8892             AddUncasted<HForceRepresentation>(search_element,
8893                                               Representation::Double());
8894         LoopBuilder loop(this, context(), direction);
8895         {
8896           HValue* index = loop.BeginBody(initial, terminating, token);
8897           HValue* element = AddUncasted<HLoadKeyed>(
8898               elements, index, static_cast<HValue*>(NULL),
8899               kind, ALLOW_RETURN_HOLE);
8900 
8901           IfBuilder if_element_isnumber(this);
8902           if_element_isnumber.If<HIsSmiAndBranch>(element);
8903           if_element_isnumber.OrIf<HCompareMap>(
8904               element, isolate()->factory()->heap_number_map());
8905           if_element_isnumber.Then();
8906           {
8907             HValue* number =
8908                 AddUncasted<HForceRepresentation>(element,
8909                                                   Representation::Double());
8910             IfBuilder if_issame(this);
8911             if_issame.If<HCompareNumericAndBranch>(
8912                 number, search_number, Token::EQ_STRICT);
8913             if_issame.Then();
8914             {
8915               Drop(1);
8916               Push(index);
8917               loop.Break();
8918             }
8919             if_issame.End();
8920           }
8921           if_element_isnumber.End();
8922         }
8923         loop.EndBody();
8924       }
8925       if_isnumber.Else();
8926       {
8927         LoopBuilder loop(this, context(), direction);
8928         {
8929           HValue* index = loop.BeginBody(initial, terminating, token);
8930           HValue* element = AddUncasted<HLoadKeyed>(
8931               elements, index, static_cast<HValue*>(NULL),
8932               kind, ALLOW_RETURN_HOLE);
8933           IfBuilder if_issame(this);
8934           if_issame.If<HCompareObjectEqAndBranch>(
8935               element, search_element);
8936           if_issame.Then();
8937           {
8938             Drop(1);
8939             Push(index);
8940             loop.Break();
8941           }
8942           if_issame.End();
8943         }
8944         loop.EndBody();
8945       }
8946       if_isnumber.End();
8947     }
8948     if_isstring.End();
8949   }
8950 
8951   return Pop();
8952 }
8953 
8954 
TryHandleArrayCall(Call * expr,HValue * function)8955 bool HOptimizedGraphBuilder::TryHandleArrayCall(Call* expr, HValue* function) {
8956   if (!array_function().is_identical_to(expr->target())) {
8957     return false;
8958   }
8959 
8960   Handle<AllocationSite> site = expr->allocation_site();
8961   if (site.is_null()) return false;
8962 
8963   BuildArrayCall(expr,
8964                  expr->arguments()->length(),
8965                  function,
8966                  site);
8967   return true;
8968 }
8969 
8970 
TryHandleArrayCallNew(CallNew * expr,HValue * function)8971 bool HOptimizedGraphBuilder::TryHandleArrayCallNew(CallNew* expr,
8972                                                    HValue* function) {
8973   if (!array_function().is_identical_to(expr->target())) {
8974     return false;
8975   }
8976 
8977   BuildArrayCall(expr,
8978                  expr->arguments()->length(),
8979                  function,
8980                  expr->allocation_site());
8981   return true;
8982 }
8983 
8984 
VisitCall(Call * expr)8985 void HOptimizedGraphBuilder::VisitCall(Call* expr) {
8986   DCHECK(!HasStackOverflow());
8987   DCHECK(current_block() != NULL);
8988   DCHECK(current_block()->HasPredecessor());
8989   Expression* callee = expr->expression();
8990   int argument_count = expr->arguments()->length() + 1;  // Plus receiver.
8991   HInstruction* call = NULL;
8992 
8993   Property* prop = callee->AsProperty();
8994   if (prop != NULL) {
8995     CHECK_ALIVE(VisitForValue(prop->obj()));
8996     HValue* receiver = Top();
8997 
8998     SmallMapList* types;
8999     ComputeReceiverTypes(expr, receiver, &types, zone());
9000 
9001     if (prop->key()->IsPropertyName() && types->length() > 0) {
9002       Handle<String> name = prop->key()->AsLiteral()->AsPropertyName();
9003       PropertyAccessInfo info(this, LOAD, ToType(types->first()), name);
9004       if (!info.CanAccessAsMonomorphic(types)) {
9005         HandlePolymorphicCallNamed(expr, receiver, types, name);
9006         return;
9007       }
9008     }
9009 
9010     HValue* key = NULL;
9011     if (!prop->key()->IsPropertyName()) {
9012       CHECK_ALIVE(VisitForValue(prop->key()));
9013       key = Pop();
9014     }
9015 
9016     CHECK_ALIVE(PushLoad(prop, receiver, key));
9017     HValue* function = Pop();
9018 
9019     if (FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
9020 
9021     // Push the function under the receiver.
9022     environment()->SetExpressionStackAt(0, function);
9023 
9024     Push(receiver);
9025 
9026     if (function->IsConstant() &&
9027         HConstant::cast(function)->handle(isolate())->IsJSFunction()) {
9028       Handle<JSFunction> known_function = Handle<JSFunction>::cast(
9029           HConstant::cast(function)->handle(isolate()));
9030       expr->set_target(known_function);
9031 
9032       if (TryCallApply(expr)) return;
9033       CHECK_ALIVE(VisitExpressions(expr->arguments()));
9034 
9035       Handle<Map> map = types->length() == 1 ? types->first() : Handle<Map>();
9036       if (TryInlineBuiltinMethodCall(expr, receiver, map)) {
9037         if (FLAG_trace_inlining) {
9038           PrintF("Inlining builtin ");
9039           known_function->ShortPrint();
9040           PrintF("\n");
9041         }
9042         return;
9043       }
9044       if (TryInlineApiMethodCall(expr, receiver, types)) return;
9045 
9046       // Wrap the receiver if necessary.
9047       if (NeedsWrappingFor(ToType(types->first()), known_function)) {
9048         // Since HWrapReceiver currently cannot actually wrap numbers and
9049         // strings, use the regular CallFunctionStub for method calls to wrap
9050         // the receiver.
9051         // TODO(verwaest): Support creation of value wrappers directly in
9052         // HWrapReceiver.
9053         call = New<HCallFunction>(
9054             function, argument_count, WRAP_AND_CALL);
9055       } else if (TryInlineCall(expr)) {
9056         return;
9057       } else {
9058         call = BuildCallConstantFunction(known_function, argument_count);
9059       }
9060 
9061     } else {
9062       CHECK_ALIVE(VisitExpressions(expr->arguments()));
9063       CallFunctionFlags flags = receiver->type().IsJSObject()
9064           ? NO_CALL_FUNCTION_FLAGS : CALL_AS_METHOD;
9065       call = New<HCallFunction>(function, argument_count, flags);
9066     }
9067     PushArgumentsFromEnvironment(argument_count);
9068 
9069   } else {
9070     VariableProxy* proxy = expr->expression()->AsVariableProxy();
9071     if (proxy != NULL && proxy->var()->is_possibly_eval(isolate())) {
9072       return Bailout(kPossibleDirectCallToEval);
9073     }
9074 
9075     // The function is on the stack in the unoptimized code during
9076     // evaluation of the arguments.
9077     CHECK_ALIVE(VisitForValue(expr->expression()));
9078     HValue* function = Top();
9079     if (expr->global_call()) {
9080       Variable* var = proxy->var();
9081       bool known_global_function = false;
9082       // If there is a global property cell for the name at compile time and
9083       // access check is not enabled we assume that the function will not change
9084       // and generate optimized code for calling the function.
9085       Handle<GlobalObject> global(current_info()->global_object());
9086       LookupIterator it(global, var->name(),
9087                         LookupIterator::OWN_SKIP_INTERCEPTOR);
9088       GlobalPropertyAccess type = LookupGlobalProperty(var, &it, LOAD);
9089       if (type == kUseCell) {
9090         Handle<GlobalObject> global(current_info()->global_object());
9091         known_global_function = expr->ComputeGlobalTarget(global, &it);
9092       }
9093       if (known_global_function) {
9094         Add<HCheckValue>(function, expr->target());
9095 
9096         // Placeholder for the receiver.
9097         Push(graph()->GetConstantUndefined());
9098         CHECK_ALIVE(VisitExpressions(expr->arguments()));
9099 
9100         // Patch the global object on the stack by the expected receiver.
9101         HValue* receiver = ImplicitReceiverFor(function, expr->target());
9102         const int receiver_index = argument_count - 1;
9103         environment()->SetExpressionStackAt(receiver_index, receiver);
9104 
9105         if (TryInlineBuiltinFunctionCall(expr)) {
9106           if (FLAG_trace_inlining) {
9107             PrintF("Inlining builtin ");
9108             expr->target()->ShortPrint();
9109             PrintF("\n");
9110           }
9111           return;
9112         }
9113         if (TryInlineApiFunctionCall(expr, receiver)) return;
9114         if (TryHandleArrayCall(expr, function)) return;
9115         if (TryInlineCall(expr)) return;
9116 
9117         PushArgumentsFromEnvironment(argument_count);
9118         call = BuildCallConstantFunction(expr->target(), argument_count);
9119       } else {
9120         Push(graph()->GetConstantUndefined());
9121         CHECK_ALIVE(VisitExpressions(expr->arguments()));
9122         PushArgumentsFromEnvironment(argument_count);
9123         call = New<HCallFunction>(function, argument_count);
9124       }
9125 
9126     } else if (expr->IsMonomorphic()) {
9127       Add<HCheckValue>(function, expr->target());
9128 
9129       Push(graph()->GetConstantUndefined());
9130       CHECK_ALIVE(VisitExpressions(expr->arguments()));
9131 
9132       HValue* receiver = ImplicitReceiverFor(function, expr->target());
9133       const int receiver_index = argument_count - 1;
9134       environment()->SetExpressionStackAt(receiver_index, receiver);
9135 
9136       if (TryInlineBuiltinFunctionCall(expr)) {
9137         if (FLAG_trace_inlining) {
9138           PrintF("Inlining builtin ");
9139           expr->target()->ShortPrint();
9140           PrintF("\n");
9141         }
9142         return;
9143       }
9144       if (TryInlineApiFunctionCall(expr, receiver)) return;
9145 
9146       if (TryInlineCall(expr)) return;
9147 
9148       call = PreProcessCall(New<HInvokeFunction>(
9149           function, expr->target(), argument_count));
9150 
9151     } else {
9152       Push(graph()->GetConstantUndefined());
9153       CHECK_ALIVE(VisitExpressions(expr->arguments()));
9154       PushArgumentsFromEnvironment(argument_count);
9155       call = New<HCallFunction>(function, argument_count);
9156     }
9157   }
9158 
9159   Drop(1);  // Drop the function.
9160   return ast_context()->ReturnInstruction(call, expr->id());
9161 }
9162 
9163 
BuildInlinedCallArray(Expression * expression,int argument_count,Handle<AllocationSite> site)9164 void HOptimizedGraphBuilder::BuildInlinedCallArray(
9165     Expression* expression,
9166     int argument_count,
9167     Handle<AllocationSite> site) {
9168   DCHECK(!site.is_null());
9169   DCHECK(argument_count >= 0 && argument_count <= 1);
9170   NoObservableSideEffectsScope no_effects(this);
9171 
9172   // We should at least have the constructor on the expression stack.
9173   HValue* constructor = environment()->ExpressionStackAt(argument_count);
9174 
9175   // Register on the site for deoptimization if the transition feedback changes.
9176   AllocationSite::AddDependentCompilationInfo(
9177       site, AllocationSite::TRANSITIONS, top_info());
9178   ElementsKind kind = site->GetElementsKind();
9179   HInstruction* site_instruction = Add<HConstant>(site);
9180 
9181   // In the single constant argument case, we may have to adjust elements kind
9182   // to avoid creating a packed non-empty array.
9183   if (argument_count == 1 && !IsHoleyElementsKind(kind)) {
9184     HValue* argument = environment()->Top();
9185     if (argument->IsConstant()) {
9186       HConstant* constant_argument = HConstant::cast(argument);
9187       DCHECK(constant_argument->HasSmiValue());
9188       int constant_array_size = constant_argument->Integer32Value();
9189       if (constant_array_size != 0) {
9190         kind = GetHoleyElementsKind(kind);
9191       }
9192     }
9193   }
9194 
9195   // Build the array.
9196   JSArrayBuilder array_builder(this,
9197                                kind,
9198                                site_instruction,
9199                                constructor,
9200                                DISABLE_ALLOCATION_SITES);
9201   HValue* new_object = argument_count == 0
9202       ? array_builder.AllocateEmptyArray()
9203       : BuildAllocateArrayFromLength(&array_builder, Top());
9204 
9205   int args_to_drop = argument_count + (expression->IsCall() ? 2 : 1);
9206   Drop(args_to_drop);
9207   ast_context()->ReturnValue(new_object);
9208 }
9209 
9210 
9211 // Checks whether allocation using the given constructor can be inlined.
IsAllocationInlineable(Handle<JSFunction> constructor)9212 static bool IsAllocationInlineable(Handle<JSFunction> constructor) {
9213   return constructor->has_initial_map() &&
9214       constructor->initial_map()->instance_type() == JS_OBJECT_TYPE &&
9215       constructor->initial_map()->instance_size() < HAllocate::kMaxInlineSize &&
9216       constructor->initial_map()->InitialPropertiesLength() == 0;
9217 }
9218 
9219 
IsCallArrayInlineable(int argument_count,Handle<AllocationSite> site)9220 bool HOptimizedGraphBuilder::IsCallArrayInlineable(
9221     int argument_count,
9222     Handle<AllocationSite> site) {
9223   Handle<JSFunction> caller = current_info()->closure();
9224   Handle<JSFunction> target = array_function();
9225   // We should have the function plus array arguments on the environment stack.
9226   DCHECK(environment()->length() >= (argument_count + 1));
9227   DCHECK(!site.is_null());
9228 
9229   bool inline_ok = false;
9230   if (site->CanInlineCall()) {
9231     // We also want to avoid inlining in certain 1 argument scenarios.
9232     if (argument_count == 1) {
9233       HValue* argument = Top();
9234       if (argument->IsConstant()) {
9235         // Do not inline if the constant length argument is not a smi or
9236         // outside the valid range for unrolled loop initialization.
9237         HConstant* constant_argument = HConstant::cast(argument);
9238         if (constant_argument->HasSmiValue()) {
9239           int value = constant_argument->Integer32Value();
9240           inline_ok = value >= 0 && value <= kElementLoopUnrollThreshold;
9241           if (!inline_ok) {
9242             TraceInline(target, caller,
9243                         "Constant length outside of valid inlining range.");
9244           }
9245         }
9246       } else {
9247         TraceInline(target, caller,
9248                     "Dont inline [new] Array(n) where n isn't constant.");
9249       }
9250     } else if (argument_count == 0) {
9251       inline_ok = true;
9252     } else {
9253       TraceInline(target, caller, "Too many arguments to inline.");
9254     }
9255   } else {
9256     TraceInline(target, caller, "AllocationSite requested no inlining.");
9257   }
9258 
9259   if (inline_ok) {
9260     TraceInline(target, caller, NULL);
9261   }
9262   return inline_ok;
9263 }
9264 
9265 
VisitCallNew(CallNew * expr)9266 void HOptimizedGraphBuilder::VisitCallNew(CallNew* expr) {
9267   DCHECK(!HasStackOverflow());
9268   DCHECK(current_block() != NULL);
9269   DCHECK(current_block()->HasPredecessor());
9270   if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
9271   int argument_count = expr->arguments()->length() + 1;  // Plus constructor.
9272   Factory* factory = isolate()->factory();
9273 
9274   // The constructor function is on the stack in the unoptimized code
9275   // during evaluation of the arguments.
9276   CHECK_ALIVE(VisitForValue(expr->expression()));
9277   HValue* function = Top();
9278   CHECK_ALIVE(VisitExpressions(expr->arguments()));
9279 
9280   if (FLAG_inline_construct &&
9281       expr->IsMonomorphic() &&
9282       IsAllocationInlineable(expr->target())) {
9283     Handle<JSFunction> constructor = expr->target();
9284     HValue* check = Add<HCheckValue>(function, constructor);
9285 
9286     // Force completion of inobject slack tracking before generating
9287     // allocation code to finalize instance size.
9288     if (constructor->IsInobjectSlackTrackingInProgress()) {
9289       constructor->CompleteInobjectSlackTracking();
9290     }
9291 
9292     // Calculate instance size from initial map of constructor.
9293     DCHECK(constructor->has_initial_map());
9294     Handle<Map> initial_map(constructor->initial_map());
9295     int instance_size = initial_map->instance_size();
9296     DCHECK(initial_map->InitialPropertiesLength() == 0);
9297 
9298     // Allocate an instance of the implicit receiver object.
9299     HValue* size_in_bytes = Add<HConstant>(instance_size);
9300     HAllocationMode allocation_mode;
9301     if (FLAG_pretenuring_call_new) {
9302       if (FLAG_allocation_site_pretenuring) {
9303         // Try to use pretenuring feedback.
9304         Handle<AllocationSite> allocation_site = expr->allocation_site();
9305         allocation_mode = HAllocationMode(allocation_site);
9306         // Take a dependency on allocation site.
9307         AllocationSite::AddDependentCompilationInfo(allocation_site,
9308                                                     AllocationSite::TENURING,
9309                                                     top_info());
9310       }
9311     }
9312 
9313     HAllocate* receiver = BuildAllocate(
9314         size_in_bytes, HType::JSObject(), JS_OBJECT_TYPE, allocation_mode);
9315     receiver->set_known_initial_map(initial_map);
9316 
9317     // Initialize map and fields of the newly allocated object.
9318     { NoObservableSideEffectsScope no_effects(this);
9319       DCHECK(initial_map->instance_type() == JS_OBJECT_TYPE);
9320       Add<HStoreNamedField>(receiver,
9321           HObjectAccess::ForMapAndOffset(initial_map, JSObject::kMapOffset),
9322           Add<HConstant>(initial_map));
9323       HValue* empty_fixed_array = Add<HConstant>(factory->empty_fixed_array());
9324       Add<HStoreNamedField>(receiver,
9325           HObjectAccess::ForMapAndOffset(initial_map,
9326                                          JSObject::kPropertiesOffset),
9327           empty_fixed_array);
9328       Add<HStoreNamedField>(receiver,
9329           HObjectAccess::ForMapAndOffset(initial_map,
9330                                          JSObject::kElementsOffset),
9331           empty_fixed_array);
9332       if (initial_map->inobject_properties() != 0) {
9333         HConstant* undefined = graph()->GetConstantUndefined();
9334         for (int i = 0; i < initial_map->inobject_properties(); i++) {
9335           int property_offset = initial_map->GetInObjectPropertyOffset(i);
9336           Add<HStoreNamedField>(receiver,
9337               HObjectAccess::ForMapAndOffset(initial_map, property_offset),
9338               undefined);
9339         }
9340       }
9341     }
9342 
9343     // Replace the constructor function with a newly allocated receiver using
9344     // the index of the receiver from the top of the expression stack.
9345     const int receiver_index = argument_count - 1;
9346     DCHECK(environment()->ExpressionStackAt(receiver_index) == function);
9347     environment()->SetExpressionStackAt(receiver_index, receiver);
9348 
9349     if (TryInlineConstruct(expr, receiver)) {
9350       // Inlining worked, add a dependency on the initial map to make sure that
9351       // this code is deoptimized whenever the initial map of the constructor
9352       // changes.
9353       Map::AddDependentCompilationInfo(
9354           initial_map, DependentCode::kInitialMapChangedGroup, top_info());
9355       return;
9356     }
9357 
9358     // TODO(mstarzinger): For now we remove the previous HAllocate and all
9359     // corresponding instructions and instead add HPushArguments for the
9360     // arguments in case inlining failed.  What we actually should do is for
9361     // inlining to try to build a subgraph without mutating the parent graph.
9362     HInstruction* instr = current_block()->last();
9363     do {
9364       HInstruction* prev_instr = instr->previous();
9365       instr->DeleteAndReplaceWith(NULL);
9366       instr = prev_instr;
9367     } while (instr != check);
9368     environment()->SetExpressionStackAt(receiver_index, function);
9369     HInstruction* call =
9370       PreProcessCall(New<HCallNew>(function, argument_count));
9371     return ast_context()->ReturnInstruction(call, expr->id());
9372   } else {
9373     // The constructor function is both an operand to the instruction and an
9374     // argument to the construct call.
9375     if (TryHandleArrayCallNew(expr, function)) return;
9376 
9377     HInstruction* call =
9378         PreProcessCall(New<HCallNew>(function, argument_count));
9379     return ast_context()->ReturnInstruction(call, expr->id());
9380   }
9381 }
9382 
9383 
9384 // Support for generating inlined runtime functions.
9385 
9386 // Lookup table for generators for runtime calls that are generated inline.
9387 // Elements of the table are member pointers to functions of
9388 // HOptimizedGraphBuilder.
9389 #define INLINE_FUNCTION_GENERATOR_ADDRESS(Name, argc, ressize)  \
9390     &HOptimizedGraphBuilder::Generate##Name,
9391 
9392 const HOptimizedGraphBuilder::InlineFunctionGenerator
9393     HOptimizedGraphBuilder::kInlineFunctionGenerators[] = {
9394         INLINE_FUNCTION_LIST(INLINE_FUNCTION_GENERATOR_ADDRESS)
9395         INLINE_OPTIMIZED_FUNCTION_LIST(INLINE_FUNCTION_GENERATOR_ADDRESS)
9396 };
9397 #undef INLINE_FUNCTION_GENERATOR_ADDRESS
9398 
9399 
9400 template <class ViewClass>
BuildArrayBufferViewInitialization(HValue * obj,HValue * buffer,HValue * byte_offset,HValue * byte_length)9401 void HGraphBuilder::BuildArrayBufferViewInitialization(
9402     HValue* obj,
9403     HValue* buffer,
9404     HValue* byte_offset,
9405     HValue* byte_length) {
9406 
9407   for (int offset = ViewClass::kSize;
9408        offset < ViewClass::kSizeWithInternalFields;
9409        offset += kPointerSize) {
9410     Add<HStoreNamedField>(obj,
9411         HObjectAccess::ForObservableJSObjectOffset(offset),
9412         graph()->GetConstant0());
9413   }
9414 
9415   Add<HStoreNamedField>(
9416       obj,
9417       HObjectAccess::ForJSArrayBufferViewByteOffset(),
9418       byte_offset);
9419   Add<HStoreNamedField>(
9420       obj,
9421       HObjectAccess::ForJSArrayBufferViewByteLength(),
9422       byte_length);
9423 
9424   if (buffer != NULL) {
9425     Add<HStoreNamedField>(
9426         obj,
9427         HObjectAccess::ForJSArrayBufferViewBuffer(), buffer);
9428     HObjectAccess weak_first_view_access =
9429         HObjectAccess::ForJSArrayBufferWeakFirstView();
9430     Add<HStoreNamedField>(obj,
9431         HObjectAccess::ForJSArrayBufferViewWeakNext(),
9432         Add<HLoadNamedField>(buffer,
9433                              static_cast<HValue*>(NULL),
9434                              weak_first_view_access));
9435     Add<HStoreNamedField>(buffer, weak_first_view_access, obj);
9436   } else {
9437     Add<HStoreNamedField>(
9438         obj,
9439         HObjectAccess::ForJSArrayBufferViewBuffer(),
9440         Add<HConstant>(static_cast<int32_t>(0)));
9441     Add<HStoreNamedField>(obj,
9442         HObjectAccess::ForJSArrayBufferViewWeakNext(),
9443         graph()->GetConstantUndefined());
9444   }
9445 }
9446 
9447 
GenerateDataViewInitialize(CallRuntime * expr)9448 void HOptimizedGraphBuilder::GenerateDataViewInitialize(
9449     CallRuntime* expr) {
9450   ZoneList<Expression*>* arguments = expr->arguments();
9451 
9452   DCHECK(arguments->length()== 4);
9453   CHECK_ALIVE(VisitForValue(arguments->at(0)));
9454   HValue* obj = Pop();
9455 
9456   CHECK_ALIVE(VisitForValue(arguments->at(1)));
9457   HValue* buffer = Pop();
9458 
9459   CHECK_ALIVE(VisitForValue(arguments->at(2)));
9460   HValue* byte_offset = Pop();
9461 
9462   CHECK_ALIVE(VisitForValue(arguments->at(3)));
9463   HValue* byte_length = Pop();
9464 
9465   {
9466     NoObservableSideEffectsScope scope(this);
9467     BuildArrayBufferViewInitialization<JSDataView>(
9468         obj, buffer, byte_offset, byte_length);
9469   }
9470 }
9471 
9472 
TypedArrayMap(Isolate * isolate,ExternalArrayType array_type,ElementsKind target_kind)9473 static Handle<Map> TypedArrayMap(Isolate* isolate,
9474                                  ExternalArrayType array_type,
9475                                  ElementsKind target_kind) {
9476   Handle<Context> native_context = isolate->native_context();
9477   Handle<JSFunction> fun;
9478   switch (array_type) {
9479 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size)                       \
9480     case kExternal##Type##Array:                                              \
9481       fun = Handle<JSFunction>(native_context->type##_array_fun());           \
9482       break;
9483 
9484     TYPED_ARRAYS(TYPED_ARRAY_CASE)
9485 #undef TYPED_ARRAY_CASE
9486   }
9487   Handle<Map> map(fun->initial_map());
9488   return Map::AsElementsKind(map, target_kind);
9489 }
9490 
9491 
BuildAllocateExternalElements(ExternalArrayType array_type,bool is_zero_byte_offset,HValue * buffer,HValue * byte_offset,HValue * length)9492 HValue* HOptimizedGraphBuilder::BuildAllocateExternalElements(
9493     ExternalArrayType array_type,
9494     bool is_zero_byte_offset,
9495     HValue* buffer, HValue* byte_offset, HValue* length) {
9496   Handle<Map> external_array_map(
9497       isolate()->heap()->MapForExternalArrayType(array_type));
9498 
9499   // The HForceRepresentation is to prevent possible deopt on int-smi
9500   // conversion after allocation but before the new object fields are set.
9501   length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
9502   HValue* elements =
9503       Add<HAllocate>(
9504           Add<HConstant>(ExternalArray::kAlignedSize),
9505           HType::HeapObject(),
9506           NOT_TENURED,
9507           external_array_map->instance_type());
9508 
9509   AddStoreMapConstant(elements, external_array_map);
9510   Add<HStoreNamedField>(elements,
9511       HObjectAccess::ForFixedArrayLength(), length);
9512 
9513   HValue* backing_store = Add<HLoadNamedField>(
9514       buffer, static_cast<HValue*>(NULL),
9515       HObjectAccess::ForJSArrayBufferBackingStore());
9516 
9517   HValue* typed_array_start;
9518   if (is_zero_byte_offset) {
9519     typed_array_start = backing_store;
9520   } else {
9521     HInstruction* external_pointer =
9522         AddUncasted<HAdd>(backing_store, byte_offset);
9523     // Arguments are checked prior to call to TypedArrayInitialize,
9524     // including byte_offset.
9525     external_pointer->ClearFlag(HValue::kCanOverflow);
9526     typed_array_start = external_pointer;
9527   }
9528 
9529   Add<HStoreNamedField>(elements,
9530       HObjectAccess::ForExternalArrayExternalPointer(),
9531       typed_array_start);
9532 
9533   return elements;
9534 }
9535 
9536 
BuildAllocateFixedTypedArray(ExternalArrayType array_type,size_t element_size,ElementsKind fixed_elements_kind,HValue * byte_length,HValue * length)9537 HValue* HOptimizedGraphBuilder::BuildAllocateFixedTypedArray(
9538     ExternalArrayType array_type, size_t element_size,
9539     ElementsKind fixed_elements_kind,
9540     HValue* byte_length, HValue* length) {
9541   STATIC_ASSERT(
9542       (FixedTypedArrayBase::kHeaderSize & kObjectAlignmentMask) == 0);
9543   HValue* total_size;
9544 
9545   // if fixed array's elements are not aligned to object's alignment,
9546   // we need to align the whole array to object alignment.
9547   if (element_size % kObjectAlignment != 0) {
9548     total_size = BuildObjectSizeAlignment(
9549         byte_length, FixedTypedArrayBase::kHeaderSize);
9550   } else {
9551     total_size = AddUncasted<HAdd>(byte_length,
9552         Add<HConstant>(FixedTypedArrayBase::kHeaderSize));
9553     total_size->ClearFlag(HValue::kCanOverflow);
9554   }
9555 
9556   // The HForceRepresentation is to prevent possible deopt on int-smi
9557   // conversion after allocation but before the new object fields are set.
9558   length = AddUncasted<HForceRepresentation>(length, Representation::Smi());
9559   Handle<Map> fixed_typed_array_map(
9560       isolate()->heap()->MapForFixedTypedArray(array_type));
9561   HValue* elements =
9562       Add<HAllocate>(total_size, HType::HeapObject(),
9563                      NOT_TENURED, fixed_typed_array_map->instance_type());
9564   AddStoreMapConstant(elements, fixed_typed_array_map);
9565 
9566   Add<HStoreNamedField>(elements,
9567       HObjectAccess::ForFixedArrayLength(),
9568       length);
9569 
9570   HValue* filler = Add<HConstant>(static_cast<int32_t>(0));
9571 
9572   {
9573     LoopBuilder builder(this, context(), LoopBuilder::kPostIncrement);
9574 
9575     HValue* key = builder.BeginBody(
9576         Add<HConstant>(static_cast<int32_t>(0)),
9577         length, Token::LT);
9578     Add<HStoreKeyed>(elements, key, filler, fixed_elements_kind);
9579 
9580     builder.EndBody();
9581   }
9582   return elements;
9583 }
9584 
9585 
GenerateTypedArrayInitialize(CallRuntime * expr)9586 void HOptimizedGraphBuilder::GenerateTypedArrayInitialize(
9587     CallRuntime* expr) {
9588   ZoneList<Expression*>* arguments = expr->arguments();
9589 
9590   static const int kObjectArg = 0;
9591   static const int kArrayIdArg = 1;
9592   static const int kBufferArg = 2;
9593   static const int kByteOffsetArg = 3;
9594   static const int kByteLengthArg = 4;
9595   static const int kArgsLength = 5;
9596   DCHECK(arguments->length() == kArgsLength);
9597 
9598 
9599   CHECK_ALIVE(VisitForValue(arguments->at(kObjectArg)));
9600   HValue* obj = Pop();
9601 
9602   if (arguments->at(kArrayIdArg)->IsLiteral()) {
9603     // This should never happen in real use, but can happen when fuzzing.
9604     // Just bail out.
9605     Bailout(kNeedSmiLiteral);
9606     return;
9607   }
9608   Handle<Object> value =
9609       static_cast<Literal*>(arguments->at(kArrayIdArg))->value();
9610   if (!value->IsSmi()) {
9611     // This should never happen in real use, but can happen when fuzzing.
9612     // Just bail out.
9613     Bailout(kNeedSmiLiteral);
9614     return;
9615   }
9616   int array_id = Smi::cast(*value)->value();
9617 
9618   HValue* buffer;
9619   if (!arguments->at(kBufferArg)->IsNullLiteral()) {
9620     CHECK_ALIVE(VisitForValue(arguments->at(kBufferArg)));
9621     buffer = Pop();
9622   } else {
9623     buffer = NULL;
9624   }
9625 
9626   HValue* byte_offset;
9627   bool is_zero_byte_offset;
9628 
9629   if (arguments->at(kByteOffsetArg)->IsLiteral()
9630       && Smi::FromInt(0) ==
9631       *static_cast<Literal*>(arguments->at(kByteOffsetArg))->value()) {
9632     byte_offset = Add<HConstant>(static_cast<int32_t>(0));
9633     is_zero_byte_offset = true;
9634   } else {
9635     CHECK_ALIVE(VisitForValue(arguments->at(kByteOffsetArg)));
9636     byte_offset = Pop();
9637     is_zero_byte_offset = false;
9638     DCHECK(buffer != NULL);
9639   }
9640 
9641   CHECK_ALIVE(VisitForValue(arguments->at(kByteLengthArg)));
9642   HValue* byte_length = Pop();
9643 
9644   NoObservableSideEffectsScope scope(this);
9645   IfBuilder byte_offset_smi(this);
9646 
9647   if (!is_zero_byte_offset) {
9648     byte_offset_smi.If<HIsSmiAndBranch>(byte_offset);
9649     byte_offset_smi.Then();
9650   }
9651 
9652   ExternalArrayType array_type =
9653       kExternalInt8Array;  // Bogus initialization.
9654   size_t element_size = 1;  // Bogus initialization.
9655   ElementsKind external_elements_kind =  // Bogus initialization.
9656       EXTERNAL_INT8_ELEMENTS;
9657   ElementsKind fixed_elements_kind =  // Bogus initialization.
9658       INT8_ELEMENTS;
9659   Runtime::ArrayIdToTypeAndSize(array_id,
9660       &array_type,
9661       &external_elements_kind,
9662       &fixed_elements_kind,
9663       &element_size);
9664 
9665 
9666   { //  byte_offset is Smi.
9667     BuildArrayBufferViewInitialization<JSTypedArray>(
9668         obj, buffer, byte_offset, byte_length);
9669 
9670 
9671     HInstruction* length = AddUncasted<HDiv>(byte_length,
9672         Add<HConstant>(static_cast<int32_t>(element_size)));
9673 
9674     Add<HStoreNamedField>(obj,
9675         HObjectAccess::ForJSTypedArrayLength(),
9676         length);
9677 
9678     HValue* elements;
9679     if (buffer != NULL) {
9680       elements = BuildAllocateExternalElements(
9681           array_type, is_zero_byte_offset, buffer, byte_offset, length);
9682       Handle<Map> obj_map = TypedArrayMap(
9683           isolate(), array_type, external_elements_kind);
9684       AddStoreMapConstant(obj, obj_map);
9685     } else {
9686       DCHECK(is_zero_byte_offset);
9687       elements = BuildAllocateFixedTypedArray(
9688           array_type, element_size, fixed_elements_kind,
9689           byte_length, length);
9690     }
9691     Add<HStoreNamedField>(
9692         obj, HObjectAccess::ForElementsPointer(), elements);
9693   }
9694 
9695   if (!is_zero_byte_offset) {
9696     byte_offset_smi.Else();
9697     { //  byte_offset is not Smi.
9698       Push(obj);
9699       CHECK_ALIVE(VisitForValue(arguments->at(kArrayIdArg)));
9700       Push(buffer);
9701       Push(byte_offset);
9702       Push(byte_length);
9703       PushArgumentsFromEnvironment(kArgsLength);
9704       Add<HCallRuntime>(expr->name(), expr->function(), kArgsLength);
9705     }
9706   }
9707   byte_offset_smi.End();
9708 }
9709 
9710 
GenerateMaxSmi(CallRuntime * expr)9711 void HOptimizedGraphBuilder::GenerateMaxSmi(CallRuntime* expr) {
9712   DCHECK(expr->arguments()->length() == 0);
9713   HConstant* max_smi = New<HConstant>(static_cast<int32_t>(Smi::kMaxValue));
9714   return ast_context()->ReturnInstruction(max_smi, expr->id());
9715 }
9716 
9717 
GenerateTypedArrayMaxSizeInHeap(CallRuntime * expr)9718 void HOptimizedGraphBuilder::GenerateTypedArrayMaxSizeInHeap(
9719     CallRuntime* expr) {
9720   DCHECK(expr->arguments()->length() == 0);
9721   HConstant* result = New<HConstant>(static_cast<int32_t>(
9722         FLAG_typed_array_max_size_in_heap));
9723   return ast_context()->ReturnInstruction(result, expr->id());
9724 }
9725 
9726 
GenerateArrayBufferGetByteLength(CallRuntime * expr)9727 void HOptimizedGraphBuilder::GenerateArrayBufferGetByteLength(
9728     CallRuntime* expr) {
9729   DCHECK(expr->arguments()->length() == 1);
9730   CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9731   HValue* buffer = Pop();
9732   HInstruction* result = New<HLoadNamedField>(
9733     buffer,
9734     static_cast<HValue*>(NULL),
9735     HObjectAccess::ForJSArrayBufferByteLength());
9736   return ast_context()->ReturnInstruction(result, expr->id());
9737 }
9738 
9739 
GenerateArrayBufferViewGetByteLength(CallRuntime * expr)9740 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteLength(
9741     CallRuntime* expr) {
9742   DCHECK(expr->arguments()->length() == 1);
9743   CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9744   HValue* buffer = Pop();
9745   HInstruction* result = New<HLoadNamedField>(
9746     buffer,
9747     static_cast<HValue*>(NULL),
9748     HObjectAccess::ForJSArrayBufferViewByteLength());
9749   return ast_context()->ReturnInstruction(result, expr->id());
9750 }
9751 
9752 
GenerateArrayBufferViewGetByteOffset(CallRuntime * expr)9753 void HOptimizedGraphBuilder::GenerateArrayBufferViewGetByteOffset(
9754     CallRuntime* expr) {
9755   DCHECK(expr->arguments()->length() == 1);
9756   CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9757   HValue* buffer = Pop();
9758   HInstruction* result = New<HLoadNamedField>(
9759     buffer,
9760     static_cast<HValue*>(NULL),
9761     HObjectAccess::ForJSArrayBufferViewByteOffset());
9762   return ast_context()->ReturnInstruction(result, expr->id());
9763 }
9764 
9765 
GenerateTypedArrayGetLength(CallRuntime * expr)9766 void HOptimizedGraphBuilder::GenerateTypedArrayGetLength(
9767     CallRuntime* expr) {
9768   DCHECK(expr->arguments()->length() == 1);
9769   CHECK_ALIVE(VisitForValue(expr->arguments()->at(0)));
9770   HValue* buffer = Pop();
9771   HInstruction* result = New<HLoadNamedField>(
9772     buffer,
9773     static_cast<HValue*>(NULL),
9774     HObjectAccess::ForJSTypedArrayLength());
9775   return ast_context()->ReturnInstruction(result, expr->id());
9776 }
9777 
9778 
VisitCallRuntime(CallRuntime * expr)9779 void HOptimizedGraphBuilder::VisitCallRuntime(CallRuntime* expr) {
9780   DCHECK(!HasStackOverflow());
9781   DCHECK(current_block() != NULL);
9782   DCHECK(current_block()->HasPredecessor());
9783   if (expr->is_jsruntime()) {
9784     return Bailout(kCallToAJavaScriptRuntimeFunction);
9785   }
9786 
9787   const Runtime::Function* function = expr->function();
9788   DCHECK(function != NULL);
9789 
9790   if (function->intrinsic_type == Runtime::INLINE ||
9791       function->intrinsic_type == Runtime::INLINE_OPTIMIZED) {
9792     DCHECK(expr->name()->length() > 0);
9793     DCHECK(expr->name()->Get(0) == '_');
9794     // Call to an inline function.
9795     int lookup_index = static_cast<int>(function->function_id) -
9796         static_cast<int>(Runtime::kFirstInlineFunction);
9797     DCHECK(lookup_index >= 0);
9798     DCHECK(static_cast<size_t>(lookup_index) <
9799            arraysize(kInlineFunctionGenerators));
9800     InlineFunctionGenerator generator = kInlineFunctionGenerators[lookup_index];
9801 
9802     // Call the inline code generator using the pointer-to-member.
9803     (this->*generator)(expr);
9804   } else {
9805     DCHECK(function->intrinsic_type == Runtime::RUNTIME);
9806     Handle<String> name = expr->name();
9807     int argument_count = expr->arguments()->length();
9808     CHECK_ALIVE(VisitExpressions(expr->arguments()));
9809     PushArgumentsFromEnvironment(argument_count);
9810     HCallRuntime* call = New<HCallRuntime>(name, function,
9811                                            argument_count);
9812     return ast_context()->ReturnInstruction(call, expr->id());
9813   }
9814 }
9815 
9816 
VisitUnaryOperation(UnaryOperation * expr)9817 void HOptimizedGraphBuilder::VisitUnaryOperation(UnaryOperation* expr) {
9818   DCHECK(!HasStackOverflow());
9819   DCHECK(current_block() != NULL);
9820   DCHECK(current_block()->HasPredecessor());
9821   switch (expr->op()) {
9822     case Token::DELETE: return VisitDelete(expr);
9823     case Token::VOID: return VisitVoid(expr);
9824     case Token::TYPEOF: return VisitTypeof(expr);
9825     case Token::NOT: return VisitNot(expr);
9826     default: UNREACHABLE();
9827   }
9828 }
9829 
9830 
VisitDelete(UnaryOperation * expr)9831 void HOptimizedGraphBuilder::VisitDelete(UnaryOperation* expr) {
9832   Property* prop = expr->expression()->AsProperty();
9833   VariableProxy* proxy = expr->expression()->AsVariableProxy();
9834   if (prop != NULL) {
9835     CHECK_ALIVE(VisitForValue(prop->obj()));
9836     CHECK_ALIVE(VisitForValue(prop->key()));
9837     HValue* key = Pop();
9838     HValue* obj = Pop();
9839     HValue* function = AddLoadJSBuiltin(Builtins::DELETE);
9840     Add<HPushArguments>(obj, key, Add<HConstant>(function_strict_mode()));
9841     // TODO(olivf) InvokeFunction produces a check for the parameter count,
9842     // even though we are certain to pass the correct number of arguments here.
9843     HInstruction* instr = New<HInvokeFunction>(function, 3);
9844     return ast_context()->ReturnInstruction(instr, expr->id());
9845   } else if (proxy != NULL) {
9846     Variable* var = proxy->var();
9847     if (var->IsUnallocated()) {
9848       Bailout(kDeleteWithGlobalVariable);
9849     } else if (var->IsStackAllocated() || var->IsContextSlot()) {
9850       // Result of deleting non-global variables is false.  'this' is not
9851       // really a variable, though we implement it as one.  The
9852       // subexpression does not have side effects.
9853       HValue* value = var->is_this()
9854           ? graph()->GetConstantTrue()
9855           : graph()->GetConstantFalse();
9856       return ast_context()->ReturnValue(value);
9857     } else {
9858       Bailout(kDeleteWithNonGlobalVariable);
9859     }
9860   } else {
9861     // Result of deleting non-property, non-variable reference is true.
9862     // Evaluate the subexpression for side effects.
9863     CHECK_ALIVE(VisitForEffect(expr->expression()));
9864     return ast_context()->ReturnValue(graph()->GetConstantTrue());
9865   }
9866 }
9867 
9868 
VisitVoid(UnaryOperation * expr)9869 void HOptimizedGraphBuilder::VisitVoid(UnaryOperation* expr) {
9870   CHECK_ALIVE(VisitForEffect(expr->expression()));
9871   return ast_context()->ReturnValue(graph()->GetConstantUndefined());
9872 }
9873 
9874 
VisitTypeof(UnaryOperation * expr)9875 void HOptimizedGraphBuilder::VisitTypeof(UnaryOperation* expr) {
9876   CHECK_ALIVE(VisitForTypeOf(expr->expression()));
9877   HValue* value = Pop();
9878   HInstruction* instr = New<HTypeof>(value);
9879   return ast_context()->ReturnInstruction(instr, expr->id());
9880 }
9881 
9882 
VisitNot(UnaryOperation * expr)9883 void HOptimizedGraphBuilder::VisitNot(UnaryOperation* expr) {
9884   if (ast_context()->IsTest()) {
9885     TestContext* context = TestContext::cast(ast_context());
9886     VisitForControl(expr->expression(),
9887                     context->if_false(),
9888                     context->if_true());
9889     return;
9890   }
9891 
9892   if (ast_context()->IsEffect()) {
9893     VisitForEffect(expr->expression());
9894     return;
9895   }
9896 
9897   DCHECK(ast_context()->IsValue());
9898   HBasicBlock* materialize_false = graph()->CreateBasicBlock();
9899   HBasicBlock* materialize_true = graph()->CreateBasicBlock();
9900   CHECK_BAILOUT(VisitForControl(expr->expression(),
9901                                 materialize_false,
9902                                 materialize_true));
9903 
9904   if (materialize_false->HasPredecessor()) {
9905     materialize_false->SetJoinId(expr->MaterializeFalseId());
9906     set_current_block(materialize_false);
9907     Push(graph()->GetConstantFalse());
9908   } else {
9909     materialize_false = NULL;
9910   }
9911 
9912   if (materialize_true->HasPredecessor()) {
9913     materialize_true->SetJoinId(expr->MaterializeTrueId());
9914     set_current_block(materialize_true);
9915     Push(graph()->GetConstantTrue());
9916   } else {
9917     materialize_true = NULL;
9918   }
9919 
9920   HBasicBlock* join =
9921     CreateJoin(materialize_false, materialize_true, expr->id());
9922   set_current_block(join);
9923   if (join != NULL) return ast_context()->ReturnValue(Pop());
9924 }
9925 
9926 
BuildIncrement(bool returns_original_input,CountOperation * expr)9927 HInstruction* HOptimizedGraphBuilder::BuildIncrement(
9928     bool returns_original_input,
9929     CountOperation* expr) {
9930   // The input to the count operation is on top of the expression stack.
9931   Representation rep = Representation::FromType(expr->type());
9932   if (rep.IsNone() || rep.IsTagged()) {
9933     rep = Representation::Smi();
9934   }
9935 
9936   if (returns_original_input) {
9937     // We need an explicit HValue representing ToNumber(input).  The
9938     // actual HChange instruction we need is (sometimes) added in a later
9939     // phase, so it is not available now to be used as an input to HAdd and
9940     // as the return value.
9941     HInstruction* number_input = AddUncasted<HForceRepresentation>(Pop(), rep);
9942     if (!rep.IsDouble()) {
9943       number_input->SetFlag(HInstruction::kFlexibleRepresentation);
9944       number_input->SetFlag(HInstruction::kCannotBeTagged);
9945     }
9946     Push(number_input);
9947   }
9948 
9949   // The addition has no side effects, so we do not need
9950   // to simulate the expression stack after this instruction.
9951   // Any later failures deopt to the load of the input or earlier.
9952   HConstant* delta = (expr->op() == Token::INC)
9953       ? graph()->GetConstant1()
9954       : graph()->GetConstantMinus1();
9955   HInstruction* instr = AddUncasted<HAdd>(Top(), delta);
9956   if (instr->IsAdd()) {
9957     HAdd* add = HAdd::cast(instr);
9958     add->set_observed_input_representation(1, rep);
9959     add->set_observed_input_representation(2, Representation::Smi());
9960   }
9961   instr->SetFlag(HInstruction::kCannotBeTagged);
9962   instr->ClearAllSideEffects();
9963   return instr;
9964 }
9965 
9966 
BuildStoreForEffect(Expression * expr,Property * prop,BailoutId ast_id,BailoutId return_id,HValue * object,HValue * key,HValue * value)9967 void HOptimizedGraphBuilder::BuildStoreForEffect(Expression* expr,
9968                                                  Property* prop,
9969                                                  BailoutId ast_id,
9970                                                  BailoutId return_id,
9971                                                  HValue* object,
9972                                                  HValue* key,
9973                                                  HValue* value) {
9974   EffectContext for_effect(this);
9975   Push(object);
9976   if (key != NULL) Push(key);
9977   Push(value);
9978   BuildStore(expr, prop, ast_id, return_id);
9979 }
9980 
9981 
VisitCountOperation(CountOperation * expr)9982 void HOptimizedGraphBuilder::VisitCountOperation(CountOperation* expr) {
9983   DCHECK(!HasStackOverflow());
9984   DCHECK(current_block() != NULL);
9985   DCHECK(current_block()->HasPredecessor());
9986   if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
9987   Expression* target = expr->expression();
9988   VariableProxy* proxy = target->AsVariableProxy();
9989   Property* prop = target->AsProperty();
9990   if (proxy == NULL && prop == NULL) {
9991     return Bailout(kInvalidLhsInCountOperation);
9992   }
9993 
9994   // Match the full code generator stack by simulating an extra stack
9995   // element for postfix operations in a non-effect context.  The return
9996   // value is ToNumber(input).
9997   bool returns_original_input =
9998       expr->is_postfix() && !ast_context()->IsEffect();
9999   HValue* input = NULL;  // ToNumber(original_input).
10000   HValue* after = NULL;  // The result after incrementing or decrementing.
10001 
10002   if (proxy != NULL) {
10003     Variable* var = proxy->var();
10004     if (var->mode() == CONST_LEGACY)  {
10005       return Bailout(kUnsupportedCountOperationWithConst);
10006     }
10007     // Argument of the count operation is a variable, not a property.
10008     DCHECK(prop == NULL);
10009     CHECK_ALIVE(VisitForValue(target));
10010 
10011     after = BuildIncrement(returns_original_input, expr);
10012     input = returns_original_input ? Top() : Pop();
10013     Push(after);
10014 
10015     switch (var->location()) {
10016       case Variable::UNALLOCATED:
10017         HandleGlobalVariableAssignment(var,
10018                                        after,
10019                                        expr->AssignmentId());
10020         break;
10021 
10022       case Variable::PARAMETER:
10023       case Variable::LOCAL:
10024         BindIfLive(var, after);
10025         break;
10026 
10027       case Variable::CONTEXT: {
10028         // Bail out if we try to mutate a parameter value in a function
10029         // using the arguments object.  We do not (yet) correctly handle the
10030         // arguments property of the function.
10031         if (current_info()->scope()->arguments() != NULL) {
10032           // Parameters will rewrite to context slots.  We have no direct
10033           // way to detect that the variable is a parameter so we use a
10034           // linear search of the parameter list.
10035           int count = current_info()->scope()->num_parameters();
10036           for (int i = 0; i < count; ++i) {
10037             if (var == current_info()->scope()->parameter(i)) {
10038               return Bailout(kAssignmentToParameterInArgumentsObject);
10039             }
10040           }
10041         }
10042 
10043         HValue* context = BuildContextChainWalk(var);
10044         HStoreContextSlot::Mode mode = IsLexicalVariableMode(var->mode())
10045             ? HStoreContextSlot::kCheckDeoptimize : HStoreContextSlot::kNoCheck;
10046         HStoreContextSlot* instr = Add<HStoreContextSlot>(context, var->index(),
10047                                                           mode, after);
10048         if (instr->HasObservableSideEffects()) {
10049           Add<HSimulate>(expr->AssignmentId(), REMOVABLE_SIMULATE);
10050         }
10051         break;
10052       }
10053 
10054       case Variable::LOOKUP:
10055         return Bailout(kLookupVariableInCountOperation);
10056     }
10057 
10058     Drop(returns_original_input ? 2 : 1);
10059     return ast_context()->ReturnValue(expr->is_postfix() ? input : after);
10060   }
10061 
10062   // Argument of the count operation is a property.
10063   DCHECK(prop != NULL);
10064   if (returns_original_input) Push(graph()->GetConstantUndefined());
10065 
10066   CHECK_ALIVE(VisitForValue(prop->obj()));
10067   HValue* object = Top();
10068 
10069   HValue* key = NULL;
10070   if (!prop->key()->IsPropertyName() || prop->IsStringAccess()) {
10071     CHECK_ALIVE(VisitForValue(prop->key()));
10072     key = Top();
10073   }
10074 
10075   CHECK_ALIVE(PushLoad(prop, object, key));
10076 
10077   after = BuildIncrement(returns_original_input, expr);
10078 
10079   if (returns_original_input) {
10080     input = Pop();
10081     // Drop object and key to push it again in the effect context below.
10082     Drop(key == NULL ? 1 : 2);
10083     environment()->SetExpressionStackAt(0, input);
10084     CHECK_ALIVE(BuildStoreForEffect(
10085         expr, prop, expr->id(), expr->AssignmentId(), object, key, after));
10086     return ast_context()->ReturnValue(Pop());
10087   }
10088 
10089   environment()->SetExpressionStackAt(0, after);
10090   return BuildStore(expr, prop, expr->id(), expr->AssignmentId());
10091 }
10092 
10093 
BuildStringCharCodeAt(HValue * string,HValue * index)10094 HInstruction* HOptimizedGraphBuilder::BuildStringCharCodeAt(
10095     HValue* string,
10096     HValue* index) {
10097   if (string->IsConstant() && index->IsConstant()) {
10098     HConstant* c_string = HConstant::cast(string);
10099     HConstant* c_index = HConstant::cast(index);
10100     if (c_string->HasStringValue() && c_index->HasNumberValue()) {
10101       int32_t i = c_index->NumberValueAsInteger32();
10102       Handle<String> s = c_string->StringValue();
10103       if (i < 0 || i >= s->length()) {
10104         return New<HConstant>(base::OS::nan_value());
10105       }
10106       return New<HConstant>(s->Get(i));
10107     }
10108   }
10109   string = BuildCheckString(string);
10110   index = Add<HBoundsCheck>(index, AddLoadStringLength(string));
10111   return New<HStringCharCodeAt>(string, index);
10112 }
10113 
10114 
10115 // Checks if the given shift amounts have following forms:
10116 // (N1) and (N2) with N1 + N2 = 32; (sa) and (32 - sa).
ShiftAmountsAllowReplaceByRotate(HValue * sa,HValue * const32_minus_sa)10117 static bool ShiftAmountsAllowReplaceByRotate(HValue* sa,
10118                                              HValue* const32_minus_sa) {
10119   if (sa->IsConstant() && const32_minus_sa->IsConstant()) {
10120     const HConstant* c1 = HConstant::cast(sa);
10121     const HConstant* c2 = HConstant::cast(const32_minus_sa);
10122     return c1->HasInteger32Value() && c2->HasInteger32Value() &&
10123         (c1->Integer32Value() + c2->Integer32Value() == 32);
10124   }
10125   if (!const32_minus_sa->IsSub()) return false;
10126   HSub* sub = HSub::cast(const32_minus_sa);
10127   return sub->left()->EqualsInteger32Constant(32) && sub->right() == sa;
10128 }
10129 
10130 
10131 // Checks if the left and the right are shift instructions with the oposite
10132 // directions that can be replaced by one rotate right instruction or not.
10133 // Returns the operand and the shift amount for the rotate instruction in the
10134 // former case.
MatchRotateRight(HValue * left,HValue * right,HValue ** operand,HValue ** shift_amount)10135 bool HGraphBuilder::MatchRotateRight(HValue* left,
10136                                      HValue* right,
10137                                      HValue** operand,
10138                                      HValue** shift_amount) {
10139   HShl* shl;
10140   HShr* shr;
10141   if (left->IsShl() && right->IsShr()) {
10142     shl = HShl::cast(left);
10143     shr = HShr::cast(right);
10144   } else if (left->IsShr() && right->IsShl()) {
10145     shl = HShl::cast(right);
10146     shr = HShr::cast(left);
10147   } else {
10148     return false;
10149   }
10150   if (shl->left() != shr->left()) return false;
10151 
10152   if (!ShiftAmountsAllowReplaceByRotate(shl->right(), shr->right()) &&
10153       !ShiftAmountsAllowReplaceByRotate(shr->right(), shl->right())) {
10154     return false;
10155   }
10156   *operand= shr->left();
10157   *shift_amount = shr->right();
10158   return true;
10159 }
10160 
10161 
CanBeZero(HValue * right)10162 bool CanBeZero(HValue* right) {
10163   if (right->IsConstant()) {
10164     HConstant* right_const = HConstant::cast(right);
10165     if (right_const->HasInteger32Value() &&
10166        (right_const->Integer32Value() & 0x1f) != 0) {
10167       return false;
10168     }
10169   }
10170   return true;
10171 }
10172 
10173 
EnforceNumberType(HValue * number,Type * expected)10174 HValue* HGraphBuilder::EnforceNumberType(HValue* number,
10175                                          Type* expected) {
10176   if (expected->Is(Type::SignedSmall())) {
10177     return AddUncasted<HForceRepresentation>(number, Representation::Smi());
10178   }
10179   if (expected->Is(Type::Signed32())) {
10180     return AddUncasted<HForceRepresentation>(number,
10181                                              Representation::Integer32());
10182   }
10183   return number;
10184 }
10185 
10186 
TruncateToNumber(HValue * value,Type ** expected)10187 HValue* HGraphBuilder::TruncateToNumber(HValue* value, Type** expected) {
10188   if (value->IsConstant()) {
10189     HConstant* constant = HConstant::cast(value);
10190     Maybe<HConstant*> number = constant->CopyToTruncatedNumber(zone());
10191     if (number.has_value) {
10192       *expected = Type::Number(zone());
10193       return AddInstruction(number.value);
10194     }
10195   }
10196 
10197   // We put temporary values on the stack, which don't correspond to anything
10198   // in baseline code. Since nothing is observable we avoid recording those
10199   // pushes with a NoObservableSideEffectsScope.
10200   NoObservableSideEffectsScope no_effects(this);
10201 
10202   Type* expected_type = *expected;
10203 
10204   // Separate the number type from the rest.
10205   Type* expected_obj =
10206       Type::Intersect(expected_type, Type::NonNumber(zone()), zone());
10207   Type* expected_number =
10208       Type::Intersect(expected_type, Type::Number(zone()), zone());
10209 
10210   // We expect to get a number.
10211   // (We need to check first, since Type::None->Is(Type::Any()) == true.
10212   if (expected_obj->Is(Type::None())) {
10213     DCHECK(!expected_number->Is(Type::None(zone())));
10214     return value;
10215   }
10216 
10217   if (expected_obj->Is(Type::Undefined(zone()))) {
10218     // This is already done by HChange.
10219     *expected = Type::Union(expected_number, Type::Number(zone()), zone());
10220     return value;
10221   }
10222 
10223   return value;
10224 }
10225 
10226 
BuildBinaryOperation(BinaryOperation * expr,HValue * left,HValue * right,PushBeforeSimulateBehavior push_sim_result)10227 HValue* HOptimizedGraphBuilder::BuildBinaryOperation(
10228     BinaryOperation* expr,
10229     HValue* left,
10230     HValue* right,
10231     PushBeforeSimulateBehavior push_sim_result) {
10232   Type* left_type = expr->left()->bounds().lower;
10233   Type* right_type = expr->right()->bounds().lower;
10234   Type* result_type = expr->bounds().lower;
10235   Maybe<int> fixed_right_arg = expr->fixed_right_arg();
10236   Handle<AllocationSite> allocation_site = expr->allocation_site();
10237 
10238   HAllocationMode allocation_mode;
10239   if (FLAG_allocation_site_pretenuring && !allocation_site.is_null()) {
10240     allocation_mode = HAllocationMode(allocation_site);
10241   }
10242 
10243   HValue* result = HGraphBuilder::BuildBinaryOperation(
10244       expr->op(), left, right, left_type, right_type, result_type,
10245       fixed_right_arg, allocation_mode);
10246   // Add a simulate after instructions with observable side effects, and
10247   // after phis, which are the result of BuildBinaryOperation when we
10248   // inlined some complex subgraph.
10249   if (result->HasObservableSideEffects() || result->IsPhi()) {
10250     if (push_sim_result == PUSH_BEFORE_SIMULATE) {
10251       Push(result);
10252       Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10253       Drop(1);
10254     } else {
10255       Add<HSimulate>(expr->id(), REMOVABLE_SIMULATE);
10256     }
10257   }
10258   return result;
10259 }
10260 
10261 
BuildBinaryOperation(Token::Value op,HValue * left,HValue * right,Type * left_type,Type * right_type,Type * result_type,Maybe<int> fixed_right_arg,HAllocationMode allocation_mode)10262 HValue* HGraphBuilder::BuildBinaryOperation(
10263     Token::Value op,
10264     HValue* left,
10265     HValue* right,
10266     Type* left_type,
10267     Type* right_type,
10268     Type* result_type,
10269     Maybe<int> fixed_right_arg,
10270     HAllocationMode allocation_mode) {
10271 
10272   Representation left_rep = Representation::FromType(left_type);
10273   Representation right_rep = Representation::FromType(right_type);
10274 
10275   bool maybe_string_add = op == Token::ADD &&
10276                           (left_type->Maybe(Type::String()) ||
10277                            left_type->Maybe(Type::Receiver()) ||
10278                            right_type->Maybe(Type::String()) ||
10279                            right_type->Maybe(Type::Receiver()));
10280 
10281   if (!left_type->IsInhabited()) {
10282     Add<HDeoptimize>("Insufficient type feedback for LHS of binary operation",
10283                      Deoptimizer::SOFT);
10284     // TODO(rossberg): we should be able to get rid of non-continuous
10285     // defaults.
10286     left_type = Type::Any(zone());
10287   } else {
10288     if (!maybe_string_add) left = TruncateToNumber(left, &left_type);
10289     left_rep = Representation::FromType(left_type);
10290   }
10291 
10292   if (!right_type->IsInhabited()) {
10293     Add<HDeoptimize>("Insufficient type feedback for RHS of binary operation",
10294                      Deoptimizer::SOFT);
10295     right_type = Type::Any(zone());
10296   } else {
10297     if (!maybe_string_add) right = TruncateToNumber(right, &right_type);
10298     right_rep = Representation::FromType(right_type);
10299   }
10300 
10301   // Special case for string addition here.
10302   if (op == Token::ADD &&
10303       (left_type->Is(Type::String()) || right_type->Is(Type::String()))) {
10304     // Validate type feedback for left argument.
10305     if (left_type->Is(Type::String())) {
10306       left = BuildCheckString(left);
10307     }
10308 
10309     // Validate type feedback for right argument.
10310     if (right_type->Is(Type::String())) {
10311       right = BuildCheckString(right);
10312     }
10313 
10314     // Convert left argument as necessary.
10315     if (left_type->Is(Type::Number())) {
10316       DCHECK(right_type->Is(Type::String()));
10317       left = BuildNumberToString(left, left_type);
10318     } else if (!left_type->Is(Type::String())) {
10319       DCHECK(right_type->Is(Type::String()));
10320       HValue* function = AddLoadJSBuiltin(Builtins::STRING_ADD_RIGHT);
10321       Add<HPushArguments>(left, right);
10322       return AddUncasted<HInvokeFunction>(function, 2);
10323     }
10324 
10325     // Convert right argument as necessary.
10326     if (right_type->Is(Type::Number())) {
10327       DCHECK(left_type->Is(Type::String()));
10328       right = BuildNumberToString(right, right_type);
10329     } else if (!right_type->Is(Type::String())) {
10330       DCHECK(left_type->Is(Type::String()));
10331       HValue* function = AddLoadJSBuiltin(Builtins::STRING_ADD_LEFT);
10332       Add<HPushArguments>(left, right);
10333       return AddUncasted<HInvokeFunction>(function, 2);
10334     }
10335 
10336     // Fast path for empty constant strings.
10337     if (left->IsConstant() &&
10338         HConstant::cast(left)->HasStringValue() &&
10339         HConstant::cast(left)->StringValue()->length() == 0) {
10340       return right;
10341     }
10342     if (right->IsConstant() &&
10343         HConstant::cast(right)->HasStringValue() &&
10344         HConstant::cast(right)->StringValue()->length() == 0) {
10345       return left;
10346     }
10347 
10348     // Register the dependent code with the allocation site.
10349     if (!allocation_mode.feedback_site().is_null()) {
10350       DCHECK(!graph()->info()->IsStub());
10351       Handle<AllocationSite> site(allocation_mode.feedback_site());
10352       AllocationSite::AddDependentCompilationInfo(
10353           site, AllocationSite::TENURING, top_info());
10354     }
10355 
10356     // Inline the string addition into the stub when creating allocation
10357     // mementos to gather allocation site feedback, or if we can statically
10358     // infer that we're going to create a cons string.
10359     if ((graph()->info()->IsStub() &&
10360          allocation_mode.CreateAllocationMementos()) ||
10361         (left->IsConstant() &&
10362          HConstant::cast(left)->HasStringValue() &&
10363          HConstant::cast(left)->StringValue()->length() + 1 >=
10364            ConsString::kMinLength) ||
10365         (right->IsConstant() &&
10366          HConstant::cast(right)->HasStringValue() &&
10367          HConstant::cast(right)->StringValue()->length() + 1 >=
10368            ConsString::kMinLength)) {
10369       return BuildStringAdd(left, right, allocation_mode);
10370     }
10371 
10372     // Fallback to using the string add stub.
10373     return AddUncasted<HStringAdd>(
10374         left, right, allocation_mode.GetPretenureMode(),
10375         STRING_ADD_CHECK_NONE, allocation_mode.feedback_site());
10376   }
10377 
10378   if (graph()->info()->IsStub()) {
10379     left = EnforceNumberType(left, left_type);
10380     right = EnforceNumberType(right, right_type);
10381   }
10382 
10383   Representation result_rep = Representation::FromType(result_type);
10384 
10385   bool is_non_primitive = (left_rep.IsTagged() && !left_rep.IsSmi()) ||
10386                           (right_rep.IsTagged() && !right_rep.IsSmi());
10387 
10388   HInstruction* instr = NULL;
10389   // Only the stub is allowed to call into the runtime, since otherwise we would
10390   // inline several instructions (including the two pushes) for every tagged
10391   // operation in optimized code, which is more expensive, than a stub call.
10392   if (graph()->info()->IsStub() && is_non_primitive) {
10393     HValue* function = AddLoadJSBuiltin(BinaryOpIC::TokenToJSBuiltin(op));
10394     Add<HPushArguments>(left, right);
10395     instr = AddUncasted<HInvokeFunction>(function, 2);
10396   } else {
10397     switch (op) {
10398       case Token::ADD:
10399         instr = AddUncasted<HAdd>(left, right);
10400         break;
10401       case Token::SUB:
10402         instr = AddUncasted<HSub>(left, right);
10403         break;
10404       case Token::MUL:
10405         instr = AddUncasted<HMul>(left, right);
10406         break;
10407       case Token::MOD: {
10408         if (fixed_right_arg.has_value &&
10409             !right->EqualsInteger32Constant(fixed_right_arg.value)) {
10410           HConstant* fixed_right = Add<HConstant>(
10411               static_cast<int>(fixed_right_arg.value));
10412           IfBuilder if_same(this);
10413           if_same.If<HCompareNumericAndBranch>(right, fixed_right, Token::EQ);
10414           if_same.Then();
10415           if_same.ElseDeopt("Unexpected RHS of binary operation");
10416           right = fixed_right;
10417         }
10418         instr = AddUncasted<HMod>(left, right);
10419         break;
10420       }
10421       case Token::DIV:
10422         instr = AddUncasted<HDiv>(left, right);
10423         break;
10424       case Token::BIT_XOR:
10425       case Token::BIT_AND:
10426         instr = AddUncasted<HBitwise>(op, left, right);
10427         break;
10428       case Token::BIT_OR: {
10429         HValue* operand, *shift_amount;
10430         if (left_type->Is(Type::Signed32()) &&
10431             right_type->Is(Type::Signed32()) &&
10432             MatchRotateRight(left, right, &operand, &shift_amount)) {
10433           instr = AddUncasted<HRor>(operand, shift_amount);
10434         } else {
10435           instr = AddUncasted<HBitwise>(op, left, right);
10436         }
10437         break;
10438       }
10439       case Token::SAR:
10440         instr = AddUncasted<HSar>(left, right);
10441         break;
10442       case Token::SHR:
10443         instr = AddUncasted<HShr>(left, right);
10444         if (FLAG_opt_safe_uint32_operations && instr->IsShr() &&
10445             CanBeZero(right)) {
10446           graph()->RecordUint32Instruction(instr);
10447         }
10448         break;
10449       case Token::SHL:
10450         instr = AddUncasted<HShl>(left, right);
10451         break;
10452       default:
10453         UNREACHABLE();
10454     }
10455   }
10456 
10457   if (instr->IsBinaryOperation()) {
10458     HBinaryOperation* binop = HBinaryOperation::cast(instr);
10459     binop->set_observed_input_representation(1, left_rep);
10460     binop->set_observed_input_representation(2, right_rep);
10461     binop->initialize_output_representation(result_rep);
10462     if (graph()->info()->IsStub()) {
10463       // Stub should not call into stub.
10464       instr->SetFlag(HValue::kCannotBeTagged);
10465       // And should truncate on HForceRepresentation already.
10466       if (left->IsForceRepresentation()) {
10467         left->CopyFlag(HValue::kTruncatingToSmi, instr);
10468         left->CopyFlag(HValue::kTruncatingToInt32, instr);
10469       }
10470       if (right->IsForceRepresentation()) {
10471         right->CopyFlag(HValue::kTruncatingToSmi, instr);
10472         right->CopyFlag(HValue::kTruncatingToInt32, instr);
10473       }
10474     }
10475   }
10476   return instr;
10477 }
10478 
10479 
10480 // Check for the form (%_ClassOf(foo) === 'BarClass').
IsClassOfTest(CompareOperation * expr)10481 static bool IsClassOfTest(CompareOperation* expr) {
10482   if (expr->op() != Token::EQ_STRICT) return false;
10483   CallRuntime* call = expr->left()->AsCallRuntime();
10484   if (call == NULL) return false;
10485   Literal* literal = expr->right()->AsLiteral();
10486   if (literal == NULL) return false;
10487   if (!literal->value()->IsString()) return false;
10488   if (!call->name()->IsOneByteEqualTo(STATIC_CHAR_VECTOR("_ClassOf"))) {
10489     return false;
10490   }
10491   DCHECK(call->arguments()->length() == 1);
10492   return true;
10493 }
10494 
10495 
VisitBinaryOperation(BinaryOperation * expr)10496 void HOptimizedGraphBuilder::VisitBinaryOperation(BinaryOperation* expr) {
10497   DCHECK(!HasStackOverflow());
10498   DCHECK(current_block() != NULL);
10499   DCHECK(current_block()->HasPredecessor());
10500   switch (expr->op()) {
10501     case Token::COMMA:
10502       return VisitComma(expr);
10503     case Token::OR:
10504     case Token::AND:
10505       return VisitLogicalExpression(expr);
10506     default:
10507       return VisitArithmeticExpression(expr);
10508   }
10509 }
10510 
10511 
VisitComma(BinaryOperation * expr)10512 void HOptimizedGraphBuilder::VisitComma(BinaryOperation* expr) {
10513   CHECK_ALIVE(VisitForEffect(expr->left()));
10514   // Visit the right subexpression in the same AST context as the entire
10515   // expression.
10516   Visit(expr->right());
10517 }
10518 
10519 
VisitLogicalExpression(BinaryOperation * expr)10520 void HOptimizedGraphBuilder::VisitLogicalExpression(BinaryOperation* expr) {
10521   bool is_logical_and = expr->op() == Token::AND;
10522   if (ast_context()->IsTest()) {
10523     TestContext* context = TestContext::cast(ast_context());
10524     // Translate left subexpression.
10525     HBasicBlock* eval_right = graph()->CreateBasicBlock();
10526     if (is_logical_and) {
10527       CHECK_BAILOUT(VisitForControl(expr->left(),
10528                                     eval_right,
10529                                     context->if_false()));
10530     } else {
10531       CHECK_BAILOUT(VisitForControl(expr->left(),
10532                                     context->if_true(),
10533                                     eval_right));
10534     }
10535 
10536     // Translate right subexpression by visiting it in the same AST
10537     // context as the entire expression.
10538     if (eval_right->HasPredecessor()) {
10539       eval_right->SetJoinId(expr->RightId());
10540       set_current_block(eval_right);
10541       Visit(expr->right());
10542     }
10543 
10544   } else if (ast_context()->IsValue()) {
10545     CHECK_ALIVE(VisitForValue(expr->left()));
10546     DCHECK(current_block() != NULL);
10547     HValue* left_value = Top();
10548 
10549     // Short-circuit left values that always evaluate to the same boolean value.
10550     if (expr->left()->ToBooleanIsTrue() || expr->left()->ToBooleanIsFalse()) {
10551       // l (evals true)  && r -> r
10552       // l (evals true)  || r -> l
10553       // l (evals false) && r -> l
10554       // l (evals false) || r -> r
10555       if (is_logical_and == expr->left()->ToBooleanIsTrue()) {
10556         Drop(1);
10557         CHECK_ALIVE(VisitForValue(expr->right()));
10558       }
10559       return ast_context()->ReturnValue(Pop());
10560     }
10561 
10562     // We need an extra block to maintain edge-split form.
10563     HBasicBlock* empty_block = graph()->CreateBasicBlock();
10564     HBasicBlock* eval_right = graph()->CreateBasicBlock();
10565     ToBooleanStub::Types expected(expr->left()->to_boolean_types());
10566     HBranch* test = is_logical_and
10567         ? New<HBranch>(left_value, expected, eval_right, empty_block)
10568         : New<HBranch>(left_value, expected, empty_block, eval_right);
10569     FinishCurrentBlock(test);
10570 
10571     set_current_block(eval_right);
10572     Drop(1);  // Value of the left subexpression.
10573     CHECK_BAILOUT(VisitForValue(expr->right()));
10574 
10575     HBasicBlock* join_block =
10576       CreateJoin(empty_block, current_block(), expr->id());
10577     set_current_block(join_block);
10578     return ast_context()->ReturnValue(Pop());
10579 
10580   } else {
10581     DCHECK(ast_context()->IsEffect());
10582     // In an effect context, we don't need the value of the left subexpression,
10583     // only its control flow and side effects.  We need an extra block to
10584     // maintain edge-split form.
10585     HBasicBlock* empty_block = graph()->CreateBasicBlock();
10586     HBasicBlock* right_block = graph()->CreateBasicBlock();
10587     if (is_logical_and) {
10588       CHECK_BAILOUT(VisitForControl(expr->left(), right_block, empty_block));
10589     } else {
10590       CHECK_BAILOUT(VisitForControl(expr->left(), empty_block, right_block));
10591     }
10592 
10593     // TODO(kmillikin): Find a way to fix this.  It's ugly that there are
10594     // actually two empty blocks (one here and one inserted by
10595     // TestContext::BuildBranch, and that they both have an HSimulate though the
10596     // second one is not a merge node, and that we really have no good AST ID to
10597     // put on that first HSimulate.
10598 
10599     if (empty_block->HasPredecessor()) {
10600       empty_block->SetJoinId(expr->id());
10601     } else {
10602       empty_block = NULL;
10603     }
10604 
10605     if (right_block->HasPredecessor()) {
10606       right_block->SetJoinId(expr->RightId());
10607       set_current_block(right_block);
10608       CHECK_BAILOUT(VisitForEffect(expr->right()));
10609       right_block = current_block();
10610     } else {
10611       right_block = NULL;
10612     }
10613 
10614     HBasicBlock* join_block =
10615       CreateJoin(empty_block, right_block, expr->id());
10616     set_current_block(join_block);
10617     // We did not materialize any value in the predecessor environments,
10618     // so there is no need to handle it here.
10619   }
10620 }
10621 
10622 
VisitArithmeticExpression(BinaryOperation * expr)10623 void HOptimizedGraphBuilder::VisitArithmeticExpression(BinaryOperation* expr) {
10624   CHECK_ALIVE(VisitForValue(expr->left()));
10625   CHECK_ALIVE(VisitForValue(expr->right()));
10626   SetSourcePosition(expr->position());
10627   HValue* right = Pop();
10628   HValue* left = Pop();
10629   HValue* result =
10630       BuildBinaryOperation(expr, left, right,
10631           ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
10632                                     : PUSH_BEFORE_SIMULATE);
10633   if (FLAG_hydrogen_track_positions && result->IsBinaryOperation()) {
10634     HBinaryOperation::cast(result)->SetOperandPositions(
10635         zone(),
10636         ScriptPositionToSourcePosition(expr->left()->position()),
10637         ScriptPositionToSourcePosition(expr->right()->position()));
10638   }
10639   return ast_context()->ReturnValue(result);
10640 }
10641 
10642 
HandleLiteralCompareTypeof(CompareOperation * expr,Expression * sub_expr,Handle<String> check)10643 void HOptimizedGraphBuilder::HandleLiteralCompareTypeof(CompareOperation* expr,
10644                                                         Expression* sub_expr,
10645                                                         Handle<String> check) {
10646   CHECK_ALIVE(VisitForTypeOf(sub_expr));
10647   SetSourcePosition(expr->position());
10648   HValue* value = Pop();
10649   HTypeofIsAndBranch* instr = New<HTypeofIsAndBranch>(value, check);
10650   return ast_context()->ReturnControl(instr, expr->id());
10651 }
10652 
10653 
IsLiteralCompareBool(Isolate * isolate,HValue * left,Token::Value op,HValue * right)10654 static bool IsLiteralCompareBool(Isolate* isolate,
10655                                  HValue* left,
10656                                  Token::Value op,
10657                                  HValue* right) {
10658   return op == Token::EQ_STRICT &&
10659       ((left->IsConstant() &&
10660           HConstant::cast(left)->handle(isolate)->IsBoolean()) ||
10661        (right->IsConstant() &&
10662            HConstant::cast(right)->handle(isolate)->IsBoolean()));
10663 }
10664 
10665 
VisitCompareOperation(CompareOperation * expr)10666 void HOptimizedGraphBuilder::VisitCompareOperation(CompareOperation* expr) {
10667   DCHECK(!HasStackOverflow());
10668   DCHECK(current_block() != NULL);
10669   DCHECK(current_block()->HasPredecessor());
10670 
10671   if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
10672 
10673   // Check for a few fast cases. The AST visiting behavior must be in sync
10674   // with the full codegen: We don't push both left and right values onto
10675   // the expression stack when one side is a special-case literal.
10676   Expression* sub_expr = NULL;
10677   Handle<String> check;
10678   if (expr->IsLiteralCompareTypeof(&sub_expr, &check)) {
10679     return HandleLiteralCompareTypeof(expr, sub_expr, check);
10680   }
10681   if (expr->IsLiteralCompareUndefined(&sub_expr, isolate())) {
10682     return HandleLiteralCompareNil(expr, sub_expr, kUndefinedValue);
10683   }
10684   if (expr->IsLiteralCompareNull(&sub_expr)) {
10685     return HandleLiteralCompareNil(expr, sub_expr, kNullValue);
10686   }
10687 
10688   if (IsClassOfTest(expr)) {
10689     CallRuntime* call = expr->left()->AsCallRuntime();
10690     DCHECK(call->arguments()->length() == 1);
10691     CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
10692     HValue* value = Pop();
10693     Literal* literal = expr->right()->AsLiteral();
10694     Handle<String> rhs = Handle<String>::cast(literal->value());
10695     HClassOfTestAndBranch* instr = New<HClassOfTestAndBranch>(value, rhs);
10696     return ast_context()->ReturnControl(instr, expr->id());
10697   }
10698 
10699   Type* left_type = expr->left()->bounds().lower;
10700   Type* right_type = expr->right()->bounds().lower;
10701   Type* combined_type = expr->combined_type();
10702 
10703   CHECK_ALIVE(VisitForValue(expr->left()));
10704   CHECK_ALIVE(VisitForValue(expr->right()));
10705 
10706   if (FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
10707 
10708   HValue* right = Pop();
10709   HValue* left = Pop();
10710   Token::Value op = expr->op();
10711 
10712   if (IsLiteralCompareBool(isolate(), left, op, right)) {
10713     HCompareObjectEqAndBranch* result =
10714         New<HCompareObjectEqAndBranch>(left, right);
10715     return ast_context()->ReturnControl(result, expr->id());
10716   }
10717 
10718   if (op == Token::INSTANCEOF) {
10719     // Check to see if the rhs of the instanceof is a global function not
10720     // residing in new space. If it is we assume that the function will stay the
10721     // same.
10722     Handle<JSFunction> target = Handle<JSFunction>::null();
10723     VariableProxy* proxy = expr->right()->AsVariableProxy();
10724     bool global_function = (proxy != NULL) && proxy->var()->IsUnallocated();
10725     if (global_function && current_info()->has_global_object()) {
10726       Handle<String> name = proxy->name();
10727       Handle<GlobalObject> global(current_info()->global_object());
10728       LookupIterator it(global, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
10729       Handle<Object> value = JSObject::GetDataProperty(&it);
10730       if (it.IsFound() && value->IsJSFunction()) {
10731         Handle<JSFunction> candidate = Handle<JSFunction>::cast(value);
10732         // If the function is in new space we assume it's more likely to
10733         // change and thus prefer the general IC code.
10734         if (!isolate()->heap()->InNewSpace(*candidate)) {
10735           target = candidate;
10736         }
10737       }
10738     }
10739 
10740     // If the target is not null we have found a known global function that is
10741     // assumed to stay the same for this instanceof.
10742     if (target.is_null()) {
10743       HInstanceOf* result = New<HInstanceOf>(left, right);
10744       return ast_context()->ReturnInstruction(result, expr->id());
10745     } else {
10746       Add<HCheckValue>(right, target);
10747       HInstanceOfKnownGlobal* result =
10748         New<HInstanceOfKnownGlobal>(left, target);
10749       return ast_context()->ReturnInstruction(result, expr->id());
10750     }
10751 
10752     // Code below assumes that we don't fall through.
10753     UNREACHABLE();
10754   } else if (op == Token::IN) {
10755     HValue* function = AddLoadJSBuiltin(Builtins::IN);
10756     Add<HPushArguments>(left, right);
10757     // TODO(olivf) InvokeFunction produces a check for the parameter count,
10758     // even though we are certain to pass the correct number of arguments here.
10759     HInstruction* result = New<HInvokeFunction>(function, 2);
10760     return ast_context()->ReturnInstruction(result, expr->id());
10761   }
10762 
10763   PushBeforeSimulateBehavior push_behavior =
10764     ast_context()->IsEffect() ? NO_PUSH_BEFORE_SIMULATE
10765                               : PUSH_BEFORE_SIMULATE;
10766   HControlInstruction* compare = BuildCompareInstruction(
10767       op, left, right, left_type, right_type, combined_type,
10768       ScriptPositionToSourcePosition(expr->left()->position()),
10769       ScriptPositionToSourcePosition(expr->right()->position()),
10770       push_behavior, expr->id());
10771   if (compare == NULL) return;  // Bailed out.
10772   return ast_context()->ReturnControl(compare, expr->id());
10773 }
10774 
10775 
BuildCompareInstruction(Token::Value op,HValue * left,HValue * right,Type * left_type,Type * right_type,Type * combined_type,HSourcePosition left_position,HSourcePosition right_position,PushBeforeSimulateBehavior push_sim_result,BailoutId bailout_id)10776 HControlInstruction* HOptimizedGraphBuilder::BuildCompareInstruction(
10777     Token::Value op,
10778     HValue* left,
10779     HValue* right,
10780     Type* left_type,
10781     Type* right_type,
10782     Type* combined_type,
10783     HSourcePosition left_position,
10784     HSourcePosition right_position,
10785     PushBeforeSimulateBehavior push_sim_result,
10786     BailoutId bailout_id) {
10787   // Cases handled below depend on collected type feedback. They should
10788   // soft deoptimize when there is no type feedback.
10789   if (!combined_type->IsInhabited()) {
10790     Add<HDeoptimize>("Insufficient type feedback for combined type "
10791                      "of binary operation",
10792                      Deoptimizer::SOFT);
10793     combined_type = left_type = right_type = Type::Any(zone());
10794   }
10795 
10796   Representation left_rep = Representation::FromType(left_type);
10797   Representation right_rep = Representation::FromType(right_type);
10798   Representation combined_rep = Representation::FromType(combined_type);
10799 
10800   if (combined_type->Is(Type::Receiver())) {
10801     if (Token::IsEqualityOp(op)) {
10802       // HCompareObjectEqAndBranch can only deal with object, so
10803       // exclude numbers.
10804       if ((left->IsConstant() &&
10805            HConstant::cast(left)->HasNumberValue()) ||
10806           (right->IsConstant() &&
10807            HConstant::cast(right)->HasNumberValue())) {
10808         Add<HDeoptimize>("Type mismatch between feedback and constant",
10809                          Deoptimizer::SOFT);
10810         // The caller expects a branch instruction, so make it happy.
10811         return New<HBranch>(graph()->GetConstantTrue());
10812       }
10813       // Can we get away with map check and not instance type check?
10814       HValue* operand_to_check =
10815           left->block()->block_id() < right->block()->block_id() ? left : right;
10816       if (combined_type->IsClass()) {
10817         Handle<Map> map = combined_type->AsClass()->Map();
10818         AddCheckMap(operand_to_check, map);
10819         HCompareObjectEqAndBranch* result =
10820             New<HCompareObjectEqAndBranch>(left, right);
10821         if (FLAG_hydrogen_track_positions) {
10822           result->set_operand_position(zone(), 0, left_position);
10823           result->set_operand_position(zone(), 1, right_position);
10824         }
10825         return result;
10826       } else {
10827         BuildCheckHeapObject(operand_to_check);
10828         Add<HCheckInstanceType>(operand_to_check,
10829                                 HCheckInstanceType::IS_SPEC_OBJECT);
10830         HCompareObjectEqAndBranch* result =
10831             New<HCompareObjectEqAndBranch>(left, right);
10832         return result;
10833       }
10834     } else {
10835       Bailout(kUnsupportedNonPrimitiveCompare);
10836       return NULL;
10837     }
10838   } else if (combined_type->Is(Type::InternalizedString()) &&
10839              Token::IsEqualityOp(op)) {
10840     // If we have a constant argument, it should be consistent with the type
10841     // feedback (otherwise we fail assertions in HCompareObjectEqAndBranch).
10842     if ((left->IsConstant() &&
10843          !HConstant::cast(left)->HasInternalizedStringValue()) ||
10844         (right->IsConstant() &&
10845          !HConstant::cast(right)->HasInternalizedStringValue())) {
10846       Add<HDeoptimize>("Type mismatch between feedback and constant",
10847                        Deoptimizer::SOFT);
10848       // The caller expects a branch instruction, so make it happy.
10849       return New<HBranch>(graph()->GetConstantTrue());
10850     }
10851     BuildCheckHeapObject(left);
10852     Add<HCheckInstanceType>(left, HCheckInstanceType::IS_INTERNALIZED_STRING);
10853     BuildCheckHeapObject(right);
10854     Add<HCheckInstanceType>(right, HCheckInstanceType::IS_INTERNALIZED_STRING);
10855     HCompareObjectEqAndBranch* result =
10856         New<HCompareObjectEqAndBranch>(left, right);
10857     return result;
10858   } else if (combined_type->Is(Type::String())) {
10859     BuildCheckHeapObject(left);
10860     Add<HCheckInstanceType>(left, HCheckInstanceType::IS_STRING);
10861     BuildCheckHeapObject(right);
10862     Add<HCheckInstanceType>(right, HCheckInstanceType::IS_STRING);
10863     HStringCompareAndBranch* result =
10864         New<HStringCompareAndBranch>(left, right, op);
10865     return result;
10866   } else {
10867     if (combined_rep.IsTagged() || combined_rep.IsNone()) {
10868       HCompareGeneric* result = Add<HCompareGeneric>(left, right, op);
10869       result->set_observed_input_representation(1, left_rep);
10870       result->set_observed_input_representation(2, right_rep);
10871       if (result->HasObservableSideEffects()) {
10872         if (push_sim_result == PUSH_BEFORE_SIMULATE) {
10873           Push(result);
10874           AddSimulate(bailout_id, REMOVABLE_SIMULATE);
10875           Drop(1);
10876         } else {
10877           AddSimulate(bailout_id, REMOVABLE_SIMULATE);
10878         }
10879       }
10880       // TODO(jkummerow): Can we make this more efficient?
10881       HBranch* branch = New<HBranch>(result);
10882       return branch;
10883     } else {
10884       HCompareNumericAndBranch* result =
10885           New<HCompareNumericAndBranch>(left, right, op);
10886       result->set_observed_input_representation(left_rep, right_rep);
10887       if (FLAG_hydrogen_track_positions) {
10888         result->SetOperandPositions(zone(), left_position, right_position);
10889       }
10890       return result;
10891     }
10892   }
10893 }
10894 
10895 
HandleLiteralCompareNil(CompareOperation * expr,Expression * sub_expr,NilValue nil)10896 void HOptimizedGraphBuilder::HandleLiteralCompareNil(CompareOperation* expr,
10897                                                      Expression* sub_expr,
10898                                                      NilValue nil) {
10899   DCHECK(!HasStackOverflow());
10900   DCHECK(current_block() != NULL);
10901   DCHECK(current_block()->HasPredecessor());
10902   DCHECK(expr->op() == Token::EQ || expr->op() == Token::EQ_STRICT);
10903   if (!FLAG_hydrogen_track_positions) SetSourcePosition(expr->position());
10904   CHECK_ALIVE(VisitForValue(sub_expr));
10905   HValue* value = Pop();
10906   if (expr->op() == Token::EQ_STRICT) {
10907     HConstant* nil_constant = nil == kNullValue
10908         ? graph()->GetConstantNull()
10909         : graph()->GetConstantUndefined();
10910     HCompareObjectEqAndBranch* instr =
10911         New<HCompareObjectEqAndBranch>(value, nil_constant);
10912     return ast_context()->ReturnControl(instr, expr->id());
10913   } else {
10914     DCHECK_EQ(Token::EQ, expr->op());
10915     Type* type = expr->combined_type()->Is(Type::None())
10916         ? Type::Any(zone()) : expr->combined_type();
10917     HIfContinuation continuation;
10918     BuildCompareNil(value, type, &continuation);
10919     return ast_context()->ReturnContinuation(&continuation, expr->id());
10920   }
10921 }
10922 
10923 
BuildThisFunction()10924 HInstruction* HOptimizedGraphBuilder::BuildThisFunction() {
10925   // If we share optimized code between different closures, the
10926   // this-function is not a constant, except inside an inlined body.
10927   if (function_state()->outer() != NULL) {
10928       return New<HConstant>(
10929           function_state()->compilation_info()->closure());
10930   } else {
10931       return New<HThisFunction>();
10932   }
10933 }
10934 
10935 
BuildFastLiteral(Handle<JSObject> boilerplate_object,AllocationSiteUsageContext * site_context)10936 HInstruction* HOptimizedGraphBuilder::BuildFastLiteral(
10937     Handle<JSObject> boilerplate_object,
10938     AllocationSiteUsageContext* site_context) {
10939   NoObservableSideEffectsScope no_effects(this);
10940   InstanceType instance_type = boilerplate_object->map()->instance_type();
10941   DCHECK(instance_type == JS_ARRAY_TYPE || instance_type == JS_OBJECT_TYPE);
10942 
10943   HType type = instance_type == JS_ARRAY_TYPE
10944       ? HType::JSArray() : HType::JSObject();
10945   HValue* object_size_constant = Add<HConstant>(
10946       boilerplate_object->map()->instance_size());
10947 
10948   PretenureFlag pretenure_flag = NOT_TENURED;
10949   if (FLAG_allocation_site_pretenuring) {
10950     pretenure_flag = site_context->current()->GetPretenureMode();
10951     Handle<AllocationSite> site(site_context->current());
10952     AllocationSite::AddDependentCompilationInfo(
10953         site, AllocationSite::TENURING, top_info());
10954   }
10955 
10956   HInstruction* object = Add<HAllocate>(object_size_constant, type,
10957       pretenure_flag, instance_type, site_context->current());
10958 
10959   // If allocation folding reaches Page::kMaxRegularHeapObjectSize the
10960   // elements array may not get folded into the object. Hence, we set the
10961   // elements pointer to empty fixed array and let store elimination remove
10962   // this store in the folding case.
10963   HConstant* empty_fixed_array = Add<HConstant>(
10964       isolate()->factory()->empty_fixed_array());
10965   Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
10966       empty_fixed_array);
10967 
10968   BuildEmitObjectHeader(boilerplate_object, object);
10969 
10970   Handle<FixedArrayBase> elements(boilerplate_object->elements());
10971   int elements_size = (elements->length() > 0 &&
10972       elements->map() != isolate()->heap()->fixed_cow_array_map()) ?
10973           elements->Size() : 0;
10974 
10975   if (pretenure_flag == TENURED &&
10976       elements->map() == isolate()->heap()->fixed_cow_array_map() &&
10977       isolate()->heap()->InNewSpace(*elements)) {
10978     // If we would like to pretenure a fixed cow array, we must ensure that the
10979     // array is already in old space, otherwise we'll create too many old-to-
10980     // new-space pointers (overflowing the store buffer).
10981     elements = Handle<FixedArrayBase>(
10982         isolate()->factory()->CopyAndTenureFixedCOWArray(
10983             Handle<FixedArray>::cast(elements)));
10984     boilerplate_object->set_elements(*elements);
10985   }
10986 
10987   HInstruction* object_elements = NULL;
10988   if (elements_size > 0) {
10989     HValue* object_elements_size = Add<HConstant>(elements_size);
10990     InstanceType instance_type = boilerplate_object->HasFastDoubleElements()
10991         ? FIXED_DOUBLE_ARRAY_TYPE : FIXED_ARRAY_TYPE;
10992     object_elements = Add<HAllocate>(
10993         object_elements_size, HType::HeapObject(),
10994         pretenure_flag, instance_type, site_context->current());
10995   }
10996   BuildInitElementsInObjectHeader(boilerplate_object, object, object_elements);
10997 
10998   // Copy object elements if non-COW.
10999   if (object_elements != NULL) {
11000     BuildEmitElements(boilerplate_object, elements, object_elements,
11001                       site_context);
11002   }
11003 
11004   // Copy in-object properties.
11005   if (boilerplate_object->map()->NumberOfFields() != 0 ||
11006       boilerplate_object->map()->unused_property_fields() > 0) {
11007     BuildEmitInObjectProperties(boilerplate_object, object, site_context,
11008                                 pretenure_flag);
11009   }
11010   return object;
11011 }
11012 
11013 
BuildEmitObjectHeader(Handle<JSObject> boilerplate_object,HInstruction * object)11014 void HOptimizedGraphBuilder::BuildEmitObjectHeader(
11015     Handle<JSObject> boilerplate_object,
11016     HInstruction* object) {
11017   DCHECK(boilerplate_object->properties()->length() == 0);
11018 
11019   Handle<Map> boilerplate_object_map(boilerplate_object->map());
11020   AddStoreMapConstant(object, boilerplate_object_map);
11021 
11022   Handle<Object> properties_field =
11023       Handle<Object>(boilerplate_object->properties(), isolate());
11024   DCHECK(*properties_field == isolate()->heap()->empty_fixed_array());
11025   HInstruction* properties = Add<HConstant>(properties_field);
11026   HObjectAccess access = HObjectAccess::ForPropertiesPointer();
11027   Add<HStoreNamedField>(object, access, properties);
11028 
11029   if (boilerplate_object->IsJSArray()) {
11030     Handle<JSArray> boilerplate_array =
11031         Handle<JSArray>::cast(boilerplate_object);
11032     Handle<Object> length_field =
11033         Handle<Object>(boilerplate_array->length(), isolate());
11034     HInstruction* length = Add<HConstant>(length_field);
11035 
11036     DCHECK(boilerplate_array->length()->IsSmi());
11037     Add<HStoreNamedField>(object, HObjectAccess::ForArrayLength(
11038         boilerplate_array->GetElementsKind()), length);
11039   }
11040 }
11041 
11042 
BuildInitElementsInObjectHeader(Handle<JSObject> boilerplate_object,HInstruction * object,HInstruction * object_elements)11043 void HOptimizedGraphBuilder::BuildInitElementsInObjectHeader(
11044     Handle<JSObject> boilerplate_object,
11045     HInstruction* object,
11046     HInstruction* object_elements) {
11047   DCHECK(boilerplate_object->properties()->length() == 0);
11048   if (object_elements == NULL) {
11049     Handle<Object> elements_field =
11050         Handle<Object>(boilerplate_object->elements(), isolate());
11051     object_elements = Add<HConstant>(elements_field);
11052   }
11053   Add<HStoreNamedField>(object, HObjectAccess::ForElementsPointer(),
11054       object_elements);
11055 }
11056 
11057 
BuildEmitInObjectProperties(Handle<JSObject> boilerplate_object,HInstruction * object,AllocationSiteUsageContext * site_context,PretenureFlag pretenure_flag)11058 void HOptimizedGraphBuilder::BuildEmitInObjectProperties(
11059     Handle<JSObject> boilerplate_object,
11060     HInstruction* object,
11061     AllocationSiteUsageContext* site_context,
11062     PretenureFlag pretenure_flag) {
11063   Handle<Map> boilerplate_map(boilerplate_object->map());
11064   Handle<DescriptorArray> descriptors(boilerplate_map->instance_descriptors());
11065   int limit = boilerplate_map->NumberOfOwnDescriptors();
11066 
11067   int copied_fields = 0;
11068   for (int i = 0; i < limit; i++) {
11069     PropertyDetails details = descriptors->GetDetails(i);
11070     if (details.type() != FIELD) continue;
11071     copied_fields++;
11072     int index = descriptors->GetFieldIndex(i);
11073     int property_offset = boilerplate_object->GetInObjectPropertyOffset(index);
11074     Handle<Name> name(descriptors->GetKey(i));
11075     Handle<Object> value =
11076         Handle<Object>(boilerplate_object->InObjectPropertyAt(index),
11077         isolate());
11078 
11079     // The access for the store depends on the type of the boilerplate.
11080     HObjectAccess access = boilerplate_object->IsJSArray() ?
11081         HObjectAccess::ForJSArrayOffset(property_offset) :
11082         HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11083 
11084     if (value->IsJSObject()) {
11085       Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11086       Handle<AllocationSite> current_site = site_context->EnterNewScope();
11087       HInstruction* result =
11088           BuildFastLiteral(value_object, site_context);
11089       site_context->ExitScope(current_site, value_object);
11090       Add<HStoreNamedField>(object, access, result);
11091     } else {
11092       Representation representation = details.representation();
11093       HInstruction* value_instruction;
11094 
11095       if (representation.IsDouble()) {
11096         // Allocate a HeapNumber box and store the value into it.
11097         HValue* heap_number_constant = Add<HConstant>(HeapNumber::kSize);
11098         // This heap number alloc does not have a corresponding
11099         // AllocationSite. That is okay because
11100         // 1) it's a child object of another object with a valid allocation site
11101         // 2) we can just use the mode of the parent object for pretenuring
11102         HInstruction* double_box =
11103             Add<HAllocate>(heap_number_constant, HType::HeapObject(),
11104                 pretenure_flag, MUTABLE_HEAP_NUMBER_TYPE);
11105         AddStoreMapConstant(double_box,
11106             isolate()->factory()->mutable_heap_number_map());
11107         // Unwrap the mutable heap number from the boilerplate.
11108         HValue* double_value =
11109             Add<HConstant>(Handle<HeapNumber>::cast(value)->value());
11110         Add<HStoreNamedField>(
11111             double_box, HObjectAccess::ForHeapNumberValue(), double_value);
11112         value_instruction = double_box;
11113       } else if (representation.IsSmi()) {
11114         value_instruction = value->IsUninitialized()
11115             ? graph()->GetConstant0()
11116             : Add<HConstant>(value);
11117         // Ensure that value is stored as smi.
11118         access = access.WithRepresentation(representation);
11119       } else {
11120         value_instruction = Add<HConstant>(value);
11121       }
11122 
11123       Add<HStoreNamedField>(object, access, value_instruction);
11124     }
11125   }
11126 
11127   int inobject_properties = boilerplate_object->map()->inobject_properties();
11128   HInstruction* value_instruction =
11129       Add<HConstant>(isolate()->factory()->one_pointer_filler_map());
11130   for (int i = copied_fields; i < inobject_properties; i++) {
11131     DCHECK(boilerplate_object->IsJSObject());
11132     int property_offset = boilerplate_object->GetInObjectPropertyOffset(i);
11133     HObjectAccess access =
11134         HObjectAccess::ForMapAndOffset(boilerplate_map, property_offset);
11135     Add<HStoreNamedField>(object, access, value_instruction);
11136   }
11137 }
11138 
11139 
BuildEmitElements(Handle<JSObject> boilerplate_object,Handle<FixedArrayBase> elements,HValue * object_elements,AllocationSiteUsageContext * site_context)11140 void HOptimizedGraphBuilder::BuildEmitElements(
11141     Handle<JSObject> boilerplate_object,
11142     Handle<FixedArrayBase> elements,
11143     HValue* object_elements,
11144     AllocationSiteUsageContext* site_context) {
11145   ElementsKind kind = boilerplate_object->map()->elements_kind();
11146   int elements_length = elements->length();
11147   HValue* object_elements_length = Add<HConstant>(elements_length);
11148   BuildInitializeElementsHeader(object_elements, kind, object_elements_length);
11149 
11150   // Copy elements backing store content.
11151   if (elements->IsFixedDoubleArray()) {
11152     BuildEmitFixedDoubleArray(elements, kind, object_elements);
11153   } else if (elements->IsFixedArray()) {
11154     BuildEmitFixedArray(elements, kind, object_elements,
11155                         site_context);
11156   } else {
11157     UNREACHABLE();
11158   }
11159 }
11160 
11161 
BuildEmitFixedDoubleArray(Handle<FixedArrayBase> elements,ElementsKind kind,HValue * object_elements)11162 void HOptimizedGraphBuilder::BuildEmitFixedDoubleArray(
11163     Handle<FixedArrayBase> elements,
11164     ElementsKind kind,
11165     HValue* object_elements) {
11166   HInstruction* boilerplate_elements = Add<HConstant>(elements);
11167   int elements_length = elements->length();
11168   for (int i = 0; i < elements_length; i++) {
11169     HValue* key_constant = Add<HConstant>(i);
11170     HInstruction* value_instruction =
11171         Add<HLoadKeyed>(boilerplate_elements, key_constant,
11172                         static_cast<HValue*>(NULL), kind,
11173                         ALLOW_RETURN_HOLE);
11174     HInstruction* store = Add<HStoreKeyed>(object_elements, key_constant,
11175                                            value_instruction, kind);
11176     store->SetFlag(HValue::kAllowUndefinedAsNaN);
11177   }
11178 }
11179 
11180 
BuildEmitFixedArray(Handle<FixedArrayBase> elements,ElementsKind kind,HValue * object_elements,AllocationSiteUsageContext * site_context)11181 void HOptimizedGraphBuilder::BuildEmitFixedArray(
11182     Handle<FixedArrayBase> elements,
11183     ElementsKind kind,
11184     HValue* object_elements,
11185     AllocationSiteUsageContext* site_context) {
11186   HInstruction* boilerplate_elements = Add<HConstant>(elements);
11187   int elements_length = elements->length();
11188   Handle<FixedArray> fast_elements = Handle<FixedArray>::cast(elements);
11189   for (int i = 0; i < elements_length; i++) {
11190     Handle<Object> value(fast_elements->get(i), isolate());
11191     HValue* key_constant = Add<HConstant>(i);
11192     if (value->IsJSObject()) {
11193       Handle<JSObject> value_object = Handle<JSObject>::cast(value);
11194       Handle<AllocationSite> current_site = site_context->EnterNewScope();
11195       HInstruction* result =
11196           BuildFastLiteral(value_object, site_context);
11197       site_context->ExitScope(current_site, value_object);
11198       Add<HStoreKeyed>(object_elements, key_constant, result, kind);
11199     } else {
11200       HInstruction* value_instruction =
11201           Add<HLoadKeyed>(boilerplate_elements, key_constant,
11202                           static_cast<HValue*>(NULL), kind,
11203                           ALLOW_RETURN_HOLE);
11204       Add<HStoreKeyed>(object_elements, key_constant, value_instruction, kind);
11205     }
11206   }
11207 }
11208 
11209 
VisitThisFunction(ThisFunction * expr)11210 void HOptimizedGraphBuilder::VisitThisFunction(ThisFunction* expr) {
11211   DCHECK(!HasStackOverflow());
11212   DCHECK(current_block() != NULL);
11213   DCHECK(current_block()->HasPredecessor());
11214   HInstruction* instr = BuildThisFunction();
11215   return ast_context()->ReturnInstruction(instr, expr->id());
11216 }
11217 
11218 
VisitSuperReference(SuperReference * expr)11219 void HOptimizedGraphBuilder::VisitSuperReference(SuperReference* expr) {
11220   DCHECK(!HasStackOverflow());
11221   DCHECK(current_block() != NULL);
11222   DCHECK(current_block()->HasPredecessor());
11223   return Bailout(kSuperReference);
11224 }
11225 
11226 
VisitDeclarations(ZoneList<Declaration * > * declarations)11227 void HOptimizedGraphBuilder::VisitDeclarations(
11228     ZoneList<Declaration*>* declarations) {
11229   DCHECK(globals_.is_empty());
11230   AstVisitor::VisitDeclarations(declarations);
11231   if (!globals_.is_empty()) {
11232     Handle<FixedArray> array =
11233        isolate()->factory()->NewFixedArray(globals_.length(), TENURED);
11234     for (int i = 0; i < globals_.length(); ++i) array->set(i, *globals_.at(i));
11235     int flags = DeclareGlobalsEvalFlag::encode(current_info()->is_eval()) |
11236         DeclareGlobalsNativeFlag::encode(current_info()->is_native()) |
11237         DeclareGlobalsStrictMode::encode(current_info()->strict_mode());
11238     Add<HDeclareGlobals>(array, flags);
11239     globals_.Rewind(0);
11240   }
11241 }
11242 
11243 
VisitVariableDeclaration(VariableDeclaration * declaration)11244 void HOptimizedGraphBuilder::VisitVariableDeclaration(
11245     VariableDeclaration* declaration) {
11246   VariableProxy* proxy = declaration->proxy();
11247   VariableMode mode = declaration->mode();
11248   Variable* variable = proxy->var();
11249   bool hole_init = mode == LET || mode == CONST || mode == CONST_LEGACY;
11250   switch (variable->location()) {
11251     case Variable::UNALLOCATED:
11252       globals_.Add(variable->name(), zone());
11253       globals_.Add(variable->binding_needs_init()
11254                        ? isolate()->factory()->the_hole_value()
11255                        : isolate()->factory()->undefined_value(), zone());
11256       return;
11257     case Variable::PARAMETER:
11258     case Variable::LOCAL:
11259       if (hole_init) {
11260         HValue* value = graph()->GetConstantHole();
11261         environment()->Bind(variable, value);
11262       }
11263       break;
11264     case Variable::CONTEXT:
11265       if (hole_init) {
11266         HValue* value = graph()->GetConstantHole();
11267         HValue* context = environment()->context();
11268         HStoreContextSlot* store = Add<HStoreContextSlot>(
11269             context, variable->index(), HStoreContextSlot::kNoCheck, value);
11270         if (store->HasObservableSideEffects()) {
11271           Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11272         }
11273       }
11274       break;
11275     case Variable::LOOKUP:
11276       return Bailout(kUnsupportedLookupSlotInDeclaration);
11277   }
11278 }
11279 
11280 
VisitFunctionDeclaration(FunctionDeclaration * declaration)11281 void HOptimizedGraphBuilder::VisitFunctionDeclaration(
11282     FunctionDeclaration* declaration) {
11283   VariableProxy* proxy = declaration->proxy();
11284   Variable* variable = proxy->var();
11285   switch (variable->location()) {
11286     case Variable::UNALLOCATED: {
11287       globals_.Add(variable->name(), zone());
11288       Handle<SharedFunctionInfo> function = Compiler::BuildFunctionInfo(
11289           declaration->fun(), current_info()->script(), top_info());
11290       // Check for stack-overflow exception.
11291       if (function.is_null()) return SetStackOverflow();
11292       globals_.Add(function, zone());
11293       return;
11294     }
11295     case Variable::PARAMETER:
11296     case Variable::LOCAL: {
11297       CHECK_ALIVE(VisitForValue(declaration->fun()));
11298       HValue* value = Pop();
11299       BindIfLive(variable, value);
11300       break;
11301     }
11302     case Variable::CONTEXT: {
11303       CHECK_ALIVE(VisitForValue(declaration->fun()));
11304       HValue* value = Pop();
11305       HValue* context = environment()->context();
11306       HStoreContextSlot* store = Add<HStoreContextSlot>(
11307           context, variable->index(), HStoreContextSlot::kNoCheck, value);
11308       if (store->HasObservableSideEffects()) {
11309         Add<HSimulate>(proxy->id(), REMOVABLE_SIMULATE);
11310       }
11311       break;
11312     }
11313     case Variable::LOOKUP:
11314       return Bailout(kUnsupportedLookupSlotInDeclaration);
11315   }
11316 }
11317 
11318 
VisitModuleDeclaration(ModuleDeclaration * declaration)11319 void HOptimizedGraphBuilder::VisitModuleDeclaration(
11320     ModuleDeclaration* declaration) {
11321   UNREACHABLE();
11322 }
11323 
11324 
VisitImportDeclaration(ImportDeclaration * declaration)11325 void HOptimizedGraphBuilder::VisitImportDeclaration(
11326     ImportDeclaration* declaration) {
11327   UNREACHABLE();
11328 }
11329 
11330 
VisitExportDeclaration(ExportDeclaration * declaration)11331 void HOptimizedGraphBuilder::VisitExportDeclaration(
11332     ExportDeclaration* declaration) {
11333   UNREACHABLE();
11334 }
11335 
11336 
VisitModuleLiteral(ModuleLiteral * module)11337 void HOptimizedGraphBuilder::VisitModuleLiteral(ModuleLiteral* module) {
11338   UNREACHABLE();
11339 }
11340 
11341 
VisitModuleVariable(ModuleVariable * module)11342 void HOptimizedGraphBuilder::VisitModuleVariable(ModuleVariable* module) {
11343   UNREACHABLE();
11344 }
11345 
11346 
VisitModulePath(ModulePath * module)11347 void HOptimizedGraphBuilder::VisitModulePath(ModulePath* module) {
11348   UNREACHABLE();
11349 }
11350 
11351 
VisitModuleUrl(ModuleUrl * module)11352 void HOptimizedGraphBuilder::VisitModuleUrl(ModuleUrl* module) {
11353   UNREACHABLE();
11354 }
11355 
11356 
VisitModuleStatement(ModuleStatement * stmt)11357 void HOptimizedGraphBuilder::VisitModuleStatement(ModuleStatement* stmt) {
11358   UNREACHABLE();
11359 }
11360 
11361 
11362 // Generators for inline runtime functions.
11363 // Support for types.
GenerateIsSmi(CallRuntime * call)11364 void HOptimizedGraphBuilder::GenerateIsSmi(CallRuntime* call) {
11365   DCHECK(call->arguments()->length() == 1);
11366   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11367   HValue* value = Pop();
11368   HIsSmiAndBranch* result = New<HIsSmiAndBranch>(value);
11369   return ast_context()->ReturnControl(result, call->id());
11370 }
11371 
11372 
GenerateIsSpecObject(CallRuntime * call)11373 void HOptimizedGraphBuilder::GenerateIsSpecObject(CallRuntime* call) {
11374   DCHECK(call->arguments()->length() == 1);
11375   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11376   HValue* value = Pop();
11377   HHasInstanceTypeAndBranch* result =
11378       New<HHasInstanceTypeAndBranch>(value,
11379                                      FIRST_SPEC_OBJECT_TYPE,
11380                                      LAST_SPEC_OBJECT_TYPE);
11381   return ast_context()->ReturnControl(result, call->id());
11382 }
11383 
11384 
GenerateIsFunction(CallRuntime * call)11385 void HOptimizedGraphBuilder::GenerateIsFunction(CallRuntime* call) {
11386   DCHECK(call->arguments()->length() == 1);
11387   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11388   HValue* value = Pop();
11389   HHasInstanceTypeAndBranch* result =
11390       New<HHasInstanceTypeAndBranch>(value, JS_FUNCTION_TYPE);
11391   return ast_context()->ReturnControl(result, call->id());
11392 }
11393 
11394 
GenerateIsMinusZero(CallRuntime * call)11395 void HOptimizedGraphBuilder::GenerateIsMinusZero(CallRuntime* call) {
11396   DCHECK(call->arguments()->length() == 1);
11397   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11398   HValue* value = Pop();
11399   HCompareMinusZeroAndBranch* result = New<HCompareMinusZeroAndBranch>(value);
11400   return ast_context()->ReturnControl(result, call->id());
11401 }
11402 
11403 
GenerateHasCachedArrayIndex(CallRuntime * call)11404 void HOptimizedGraphBuilder::GenerateHasCachedArrayIndex(CallRuntime* call) {
11405   DCHECK(call->arguments()->length() == 1);
11406   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11407   HValue* value = Pop();
11408   HHasCachedArrayIndexAndBranch* result =
11409       New<HHasCachedArrayIndexAndBranch>(value);
11410   return ast_context()->ReturnControl(result, call->id());
11411 }
11412 
11413 
GenerateIsArray(CallRuntime * call)11414 void HOptimizedGraphBuilder::GenerateIsArray(CallRuntime* call) {
11415   DCHECK(call->arguments()->length() == 1);
11416   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11417   HValue* value = Pop();
11418   HHasInstanceTypeAndBranch* result =
11419       New<HHasInstanceTypeAndBranch>(value, JS_ARRAY_TYPE);
11420   return ast_context()->ReturnControl(result, call->id());
11421 }
11422 
11423 
GenerateIsRegExp(CallRuntime * call)11424 void HOptimizedGraphBuilder::GenerateIsRegExp(CallRuntime* call) {
11425   DCHECK(call->arguments()->length() == 1);
11426   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11427   HValue* value = Pop();
11428   HHasInstanceTypeAndBranch* result =
11429       New<HHasInstanceTypeAndBranch>(value, JS_REGEXP_TYPE);
11430   return ast_context()->ReturnControl(result, call->id());
11431 }
11432 
11433 
GenerateIsObject(CallRuntime * call)11434 void HOptimizedGraphBuilder::GenerateIsObject(CallRuntime* call) {
11435   DCHECK(call->arguments()->length() == 1);
11436   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11437   HValue* value = Pop();
11438   HIsObjectAndBranch* result = New<HIsObjectAndBranch>(value);
11439   return ast_context()->ReturnControl(result, call->id());
11440 }
11441 
11442 
GenerateIsNonNegativeSmi(CallRuntime * call)11443 void HOptimizedGraphBuilder::GenerateIsNonNegativeSmi(CallRuntime* call) {
11444   return Bailout(kInlinedRuntimeFunctionIsNonNegativeSmi);
11445 }
11446 
11447 
GenerateIsUndetectableObject(CallRuntime * call)11448 void HOptimizedGraphBuilder::GenerateIsUndetectableObject(CallRuntime* call) {
11449   DCHECK(call->arguments()->length() == 1);
11450   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11451   HValue* value = Pop();
11452   HIsUndetectableAndBranch* result = New<HIsUndetectableAndBranch>(value);
11453   return ast_context()->ReturnControl(result, call->id());
11454 }
11455 
11456 
GenerateIsStringWrapperSafeForDefaultValueOf(CallRuntime * call)11457 void HOptimizedGraphBuilder::GenerateIsStringWrapperSafeForDefaultValueOf(
11458     CallRuntime* call) {
11459   return Bailout(kInlinedRuntimeFunctionIsStringWrapperSafeForDefaultValueOf);
11460 }
11461 
11462 
11463 // Support for construct call checks.
GenerateIsConstructCall(CallRuntime * call)11464 void HOptimizedGraphBuilder::GenerateIsConstructCall(CallRuntime* call) {
11465   DCHECK(call->arguments()->length() == 0);
11466   if (function_state()->outer() != NULL) {
11467     // We are generating graph for inlined function.
11468     HValue* value = function_state()->inlining_kind() == CONSTRUCT_CALL_RETURN
11469         ? graph()->GetConstantTrue()
11470         : graph()->GetConstantFalse();
11471     return ast_context()->ReturnValue(value);
11472   } else {
11473     return ast_context()->ReturnControl(New<HIsConstructCallAndBranch>(),
11474                                         call->id());
11475   }
11476 }
11477 
11478 
11479 // Support for arguments.length and arguments[?].
GenerateArgumentsLength(CallRuntime * call)11480 void HOptimizedGraphBuilder::GenerateArgumentsLength(CallRuntime* call) {
11481   DCHECK(call->arguments()->length() == 0);
11482   HInstruction* result = NULL;
11483   if (function_state()->outer() == NULL) {
11484     HInstruction* elements = Add<HArgumentsElements>(false);
11485     result = New<HArgumentsLength>(elements);
11486   } else {
11487     // Number of arguments without receiver.
11488     int argument_count = environment()->
11489         arguments_environment()->parameter_count() - 1;
11490     result = New<HConstant>(argument_count);
11491   }
11492   return ast_context()->ReturnInstruction(result, call->id());
11493 }
11494 
11495 
GenerateArguments(CallRuntime * call)11496 void HOptimizedGraphBuilder::GenerateArguments(CallRuntime* call) {
11497   DCHECK(call->arguments()->length() == 1);
11498   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11499   HValue* index = Pop();
11500   HInstruction* result = NULL;
11501   if (function_state()->outer() == NULL) {
11502     HInstruction* elements = Add<HArgumentsElements>(false);
11503     HInstruction* length = Add<HArgumentsLength>(elements);
11504     HInstruction* checked_index = Add<HBoundsCheck>(index, length);
11505     result = New<HAccessArgumentsAt>(elements, length, checked_index);
11506   } else {
11507     EnsureArgumentsArePushedForAccess();
11508 
11509     // Number of arguments without receiver.
11510     HInstruction* elements = function_state()->arguments_elements();
11511     int argument_count = environment()->
11512         arguments_environment()->parameter_count() - 1;
11513     HInstruction* length = Add<HConstant>(argument_count);
11514     HInstruction* checked_key = Add<HBoundsCheck>(index, length);
11515     result = New<HAccessArgumentsAt>(elements, length, checked_key);
11516   }
11517   return ast_context()->ReturnInstruction(result, call->id());
11518 }
11519 
11520 
11521 // Support for accessing the class and value fields of an object.
GenerateClassOf(CallRuntime * call)11522 void HOptimizedGraphBuilder::GenerateClassOf(CallRuntime* call) {
11523   // The special form detected by IsClassOfTest is detected before we get here
11524   // and does not cause a bailout.
11525   return Bailout(kInlinedRuntimeFunctionClassOf);
11526 }
11527 
11528 
GenerateValueOf(CallRuntime * call)11529 void HOptimizedGraphBuilder::GenerateValueOf(CallRuntime* call) {
11530   DCHECK(call->arguments()->length() == 1);
11531   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11532   HValue* object = Pop();
11533 
11534   IfBuilder if_objectisvalue(this);
11535   HValue* objectisvalue = if_objectisvalue.If<HHasInstanceTypeAndBranch>(
11536       object, JS_VALUE_TYPE);
11537   if_objectisvalue.Then();
11538   {
11539     // Return the actual value.
11540     Push(Add<HLoadNamedField>(
11541             object, objectisvalue,
11542             HObjectAccess::ForObservableJSObjectOffset(
11543                 JSValue::kValueOffset)));
11544     Add<HSimulate>(call->id(), FIXED_SIMULATE);
11545   }
11546   if_objectisvalue.Else();
11547   {
11548     // If the object is not a value return the object.
11549     Push(object);
11550     Add<HSimulate>(call->id(), FIXED_SIMULATE);
11551   }
11552   if_objectisvalue.End();
11553   return ast_context()->ReturnValue(Pop());
11554 }
11555 
11556 
GenerateDateField(CallRuntime * call)11557 void HOptimizedGraphBuilder::GenerateDateField(CallRuntime* call) {
11558   DCHECK(call->arguments()->length() == 2);
11559   DCHECK_NE(NULL, call->arguments()->at(1)->AsLiteral());
11560   Smi* index = Smi::cast(*(call->arguments()->at(1)->AsLiteral()->value()));
11561   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11562   HValue* date = Pop();
11563   HDateField* result = New<HDateField>(date, index);
11564   return ast_context()->ReturnInstruction(result, call->id());
11565 }
11566 
11567 
GenerateOneByteSeqStringSetChar(CallRuntime * call)11568 void HOptimizedGraphBuilder::GenerateOneByteSeqStringSetChar(
11569     CallRuntime* call) {
11570   DCHECK(call->arguments()->length() == 3);
11571   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11572   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11573   CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11574   HValue* string = Pop();
11575   HValue* value = Pop();
11576   HValue* index = Pop();
11577   Add<HSeqStringSetChar>(String::ONE_BYTE_ENCODING, string,
11578                          index, value);
11579   Add<HSimulate>(call->id(), FIXED_SIMULATE);
11580   return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11581 }
11582 
11583 
GenerateTwoByteSeqStringSetChar(CallRuntime * call)11584 void HOptimizedGraphBuilder::GenerateTwoByteSeqStringSetChar(
11585     CallRuntime* call) {
11586   DCHECK(call->arguments()->length() == 3);
11587   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11588   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11589   CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11590   HValue* string = Pop();
11591   HValue* value = Pop();
11592   HValue* index = Pop();
11593   Add<HSeqStringSetChar>(String::TWO_BYTE_ENCODING, string,
11594                          index, value);
11595   Add<HSimulate>(call->id(), FIXED_SIMULATE);
11596   return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11597 }
11598 
11599 
GenerateSetValueOf(CallRuntime * call)11600 void HOptimizedGraphBuilder::GenerateSetValueOf(CallRuntime* call) {
11601   DCHECK(call->arguments()->length() == 2);
11602   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11603   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11604   HValue* value = Pop();
11605   HValue* object = Pop();
11606 
11607   // Check if object is a JSValue.
11608   IfBuilder if_objectisvalue(this);
11609   if_objectisvalue.If<HHasInstanceTypeAndBranch>(object, JS_VALUE_TYPE);
11610   if_objectisvalue.Then();
11611   {
11612     // Create in-object property store to kValueOffset.
11613     Add<HStoreNamedField>(object,
11614         HObjectAccess::ForObservableJSObjectOffset(JSValue::kValueOffset),
11615         value);
11616     if (!ast_context()->IsEffect()) {
11617       Push(value);
11618     }
11619     Add<HSimulate>(call->id(), FIXED_SIMULATE);
11620   }
11621   if_objectisvalue.Else();
11622   {
11623     // Nothing to do in this case.
11624     if (!ast_context()->IsEffect()) {
11625       Push(value);
11626     }
11627     Add<HSimulate>(call->id(), FIXED_SIMULATE);
11628   }
11629   if_objectisvalue.End();
11630   if (!ast_context()->IsEffect()) {
11631     Drop(1);
11632   }
11633   return ast_context()->ReturnValue(value);
11634 }
11635 
11636 
11637 // Fast support for charCodeAt(n).
GenerateStringCharCodeAt(CallRuntime * call)11638 void HOptimizedGraphBuilder::GenerateStringCharCodeAt(CallRuntime* call) {
11639   DCHECK(call->arguments()->length() == 2);
11640   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11641   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11642   HValue* index = Pop();
11643   HValue* string = Pop();
11644   HInstruction* result = BuildStringCharCodeAt(string, index);
11645   return ast_context()->ReturnInstruction(result, call->id());
11646 }
11647 
11648 
11649 // Fast support for string.charAt(n) and string[n].
GenerateStringCharFromCode(CallRuntime * call)11650 void HOptimizedGraphBuilder::GenerateStringCharFromCode(CallRuntime* call) {
11651   DCHECK(call->arguments()->length() == 1);
11652   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11653   HValue* char_code = Pop();
11654   HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
11655   return ast_context()->ReturnInstruction(result, call->id());
11656 }
11657 
11658 
11659 // Fast support for string.charAt(n) and string[n].
GenerateStringCharAt(CallRuntime * call)11660 void HOptimizedGraphBuilder::GenerateStringCharAt(CallRuntime* call) {
11661   DCHECK(call->arguments()->length() == 2);
11662   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11663   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11664   HValue* index = Pop();
11665   HValue* string = Pop();
11666   HInstruction* char_code = BuildStringCharCodeAt(string, index);
11667   AddInstruction(char_code);
11668   HInstruction* result = NewUncasted<HStringCharFromCode>(char_code);
11669   return ast_context()->ReturnInstruction(result, call->id());
11670 }
11671 
11672 
11673 // Fast support for object equality testing.
GenerateObjectEquals(CallRuntime * call)11674 void HOptimizedGraphBuilder::GenerateObjectEquals(CallRuntime* call) {
11675   DCHECK(call->arguments()->length() == 2);
11676   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11677   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11678   HValue* right = Pop();
11679   HValue* left = Pop();
11680   HCompareObjectEqAndBranch* result =
11681       New<HCompareObjectEqAndBranch>(left, right);
11682   return ast_context()->ReturnControl(result, call->id());
11683 }
11684 
11685 
11686 // Fast support for StringAdd.
GenerateStringAdd(CallRuntime * call)11687 void HOptimizedGraphBuilder::GenerateStringAdd(CallRuntime* call) {
11688   DCHECK_EQ(2, call->arguments()->length());
11689   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11690   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11691   HValue* right = Pop();
11692   HValue* left = Pop();
11693   HInstruction* result = NewUncasted<HStringAdd>(left, right);
11694   return ast_context()->ReturnInstruction(result, call->id());
11695 }
11696 
11697 
11698 // Fast support for SubString.
GenerateSubString(CallRuntime * call)11699 void HOptimizedGraphBuilder::GenerateSubString(CallRuntime* call) {
11700   DCHECK_EQ(3, call->arguments()->length());
11701   CHECK_ALIVE(VisitExpressions(call->arguments()));
11702   PushArgumentsFromEnvironment(call->arguments()->length());
11703   HCallStub* result = New<HCallStub>(CodeStub::SubString, 3);
11704   return ast_context()->ReturnInstruction(result, call->id());
11705 }
11706 
11707 
11708 // Fast support for StringCompare.
GenerateStringCompare(CallRuntime * call)11709 void HOptimizedGraphBuilder::GenerateStringCompare(CallRuntime* call) {
11710   DCHECK_EQ(2, call->arguments()->length());
11711   CHECK_ALIVE(VisitExpressions(call->arguments()));
11712   PushArgumentsFromEnvironment(call->arguments()->length());
11713   HCallStub* result = New<HCallStub>(CodeStub::StringCompare, 2);
11714   return ast_context()->ReturnInstruction(result, call->id());
11715 }
11716 
11717 
11718 // Support for direct calls from JavaScript to native RegExp code.
GenerateRegExpExec(CallRuntime * call)11719 void HOptimizedGraphBuilder::GenerateRegExpExec(CallRuntime* call) {
11720   DCHECK_EQ(4, call->arguments()->length());
11721   CHECK_ALIVE(VisitExpressions(call->arguments()));
11722   PushArgumentsFromEnvironment(call->arguments()->length());
11723   HCallStub* result = New<HCallStub>(CodeStub::RegExpExec, 4);
11724   return ast_context()->ReturnInstruction(result, call->id());
11725 }
11726 
11727 
GenerateDoubleLo(CallRuntime * call)11728 void HOptimizedGraphBuilder::GenerateDoubleLo(CallRuntime* call) {
11729   DCHECK_EQ(1, call->arguments()->length());
11730   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11731   HValue* value = Pop();
11732   HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::LOW);
11733   return ast_context()->ReturnInstruction(result, call->id());
11734 }
11735 
11736 
GenerateDoubleHi(CallRuntime * call)11737 void HOptimizedGraphBuilder::GenerateDoubleHi(CallRuntime* call) {
11738   DCHECK_EQ(1, call->arguments()->length());
11739   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11740   HValue* value = Pop();
11741   HInstruction* result = NewUncasted<HDoubleBits>(value, HDoubleBits::HIGH);
11742   return ast_context()->ReturnInstruction(result, call->id());
11743 }
11744 
11745 
GenerateConstructDouble(CallRuntime * call)11746 void HOptimizedGraphBuilder::GenerateConstructDouble(CallRuntime* call) {
11747   DCHECK_EQ(2, call->arguments()->length());
11748   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11749   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11750   HValue* lo = Pop();
11751   HValue* hi = Pop();
11752   HInstruction* result = NewUncasted<HConstructDouble>(hi, lo);
11753   return ast_context()->ReturnInstruction(result, call->id());
11754 }
11755 
11756 
11757 // Construct a RegExp exec result with two in-object properties.
GenerateRegExpConstructResult(CallRuntime * call)11758 void HOptimizedGraphBuilder::GenerateRegExpConstructResult(CallRuntime* call) {
11759   DCHECK_EQ(3, call->arguments()->length());
11760   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11761   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11762   CHECK_ALIVE(VisitForValue(call->arguments()->at(2)));
11763   HValue* input = Pop();
11764   HValue* index = Pop();
11765   HValue* length = Pop();
11766   HValue* result = BuildRegExpConstructResult(length, index, input);
11767   return ast_context()->ReturnValue(result);
11768 }
11769 
11770 
11771 // Support for fast native caches.
GenerateGetFromCache(CallRuntime * call)11772 void HOptimizedGraphBuilder::GenerateGetFromCache(CallRuntime* call) {
11773   return Bailout(kInlinedRuntimeFunctionGetFromCache);
11774 }
11775 
11776 
11777 // Fast support for number to string.
GenerateNumberToString(CallRuntime * call)11778 void HOptimizedGraphBuilder::GenerateNumberToString(CallRuntime* call) {
11779   DCHECK_EQ(1, call->arguments()->length());
11780   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11781   HValue* number = Pop();
11782   HValue* result = BuildNumberToString(number, Type::Any(zone()));
11783   return ast_context()->ReturnValue(result);
11784 }
11785 
11786 
11787 // Fast call for custom callbacks.
GenerateCallFunction(CallRuntime * call)11788 void HOptimizedGraphBuilder::GenerateCallFunction(CallRuntime* call) {
11789   // 1 ~ The function to call is not itself an argument to the call.
11790   int arg_count = call->arguments()->length() - 1;
11791   DCHECK(arg_count >= 1);  // There's always at least a receiver.
11792 
11793   CHECK_ALIVE(VisitExpressions(call->arguments()));
11794   // The function is the last argument
11795   HValue* function = Pop();
11796   // Push the arguments to the stack
11797   PushArgumentsFromEnvironment(arg_count);
11798 
11799   IfBuilder if_is_jsfunction(this);
11800   if_is_jsfunction.If<HHasInstanceTypeAndBranch>(function, JS_FUNCTION_TYPE);
11801 
11802   if_is_jsfunction.Then();
11803   {
11804     HInstruction* invoke_result =
11805         Add<HInvokeFunction>(function, arg_count);
11806     if (!ast_context()->IsEffect()) {
11807       Push(invoke_result);
11808     }
11809     Add<HSimulate>(call->id(), FIXED_SIMULATE);
11810   }
11811 
11812   if_is_jsfunction.Else();
11813   {
11814     HInstruction* call_result =
11815         Add<HCallFunction>(function, arg_count);
11816     if (!ast_context()->IsEffect()) {
11817       Push(call_result);
11818     }
11819     Add<HSimulate>(call->id(), FIXED_SIMULATE);
11820   }
11821   if_is_jsfunction.End();
11822 
11823   if (ast_context()->IsEffect()) {
11824     // EffectContext::ReturnValue ignores the value, so we can just pass
11825     // 'undefined' (as we do not have the call result anymore).
11826     return ast_context()->ReturnValue(graph()->GetConstantUndefined());
11827   } else {
11828     return ast_context()->ReturnValue(Pop());
11829   }
11830 }
11831 
11832 
11833 // Fast call to math functions.
GenerateMathPow(CallRuntime * call)11834 void HOptimizedGraphBuilder::GenerateMathPow(CallRuntime* call) {
11835   DCHECK_EQ(2, call->arguments()->length());
11836   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11837   CHECK_ALIVE(VisitForValue(call->arguments()->at(1)));
11838   HValue* right = Pop();
11839   HValue* left = Pop();
11840   HInstruction* result = NewUncasted<HPower>(left, right);
11841   return ast_context()->ReturnInstruction(result, call->id());
11842 }
11843 
11844 
GenerateMathLogRT(CallRuntime * call)11845 void HOptimizedGraphBuilder::GenerateMathLogRT(CallRuntime* call) {
11846   DCHECK(call->arguments()->length() == 1);
11847   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11848   HValue* value = Pop();
11849   HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathLog);
11850   return ast_context()->ReturnInstruction(result, call->id());
11851 }
11852 
11853 
GenerateMathSqrtRT(CallRuntime * call)11854 void HOptimizedGraphBuilder::GenerateMathSqrtRT(CallRuntime* call) {
11855   DCHECK(call->arguments()->length() == 1);
11856   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11857   HValue* value = Pop();
11858   HInstruction* result = NewUncasted<HUnaryMathOperation>(value, kMathSqrt);
11859   return ast_context()->ReturnInstruction(result, call->id());
11860 }
11861 
11862 
GenerateGetCachedArrayIndex(CallRuntime * call)11863 void HOptimizedGraphBuilder::GenerateGetCachedArrayIndex(CallRuntime* call) {
11864   DCHECK(call->arguments()->length() == 1);
11865   CHECK_ALIVE(VisitForValue(call->arguments()->at(0)));
11866   HValue* value = Pop();
11867   HGetCachedArrayIndex* result = New<HGetCachedArrayIndex>(value);
11868   return ast_context()->ReturnInstruction(result, call->id());
11869 }
11870 
11871 
GenerateFastOneByteArrayJoin(CallRuntime * call)11872 void HOptimizedGraphBuilder::GenerateFastOneByteArrayJoin(CallRuntime* call) {
11873   return Bailout(kInlinedRuntimeFunctionFastOneByteArrayJoin);
11874 }
11875 
11876 
11877 // Support for generators.
GenerateGeneratorNext(CallRuntime * call)11878 void HOptimizedGraphBuilder::GenerateGeneratorNext(CallRuntime* call) {
11879   return Bailout(kInlinedRuntimeFunctionGeneratorNext);
11880 }
11881 
11882 
GenerateGeneratorThrow(CallRuntime * call)11883 void HOptimizedGraphBuilder::GenerateGeneratorThrow(CallRuntime* call) {
11884   return Bailout(kInlinedRuntimeFunctionGeneratorThrow);
11885 }
11886 
11887 
GenerateDebugBreakInOptimizedCode(CallRuntime * call)11888 void HOptimizedGraphBuilder::GenerateDebugBreakInOptimizedCode(
11889     CallRuntime* call) {
11890   Add<HDebugBreak>();
11891   return ast_context()->ReturnValue(graph()->GetConstant0());
11892 }
11893 
11894 
GenerateDebugIsActive(CallRuntime * call)11895 void HOptimizedGraphBuilder::GenerateDebugIsActive(CallRuntime* call) {
11896   DCHECK(call->arguments()->length() == 0);
11897   HValue* ref =
11898       Add<HConstant>(ExternalReference::debug_is_active_address(isolate()));
11899   HValue* value = Add<HLoadNamedField>(
11900       ref, static_cast<HValue*>(NULL), HObjectAccess::ForExternalUInteger8());
11901   return ast_context()->ReturnValue(value);
11902 }
11903 
11904 
11905 #undef CHECK_BAILOUT
11906 #undef CHECK_ALIVE
11907 
11908 
HEnvironment(HEnvironment * outer,Scope * scope,Handle<JSFunction> closure,Zone * zone)11909 HEnvironment::HEnvironment(HEnvironment* outer,
11910                            Scope* scope,
11911                            Handle<JSFunction> closure,
11912                            Zone* zone)
11913     : closure_(closure),
11914       values_(0, zone),
11915       frame_type_(JS_FUNCTION),
11916       parameter_count_(0),
11917       specials_count_(1),
11918       local_count_(0),
11919       outer_(outer),
11920       entry_(NULL),
11921       pop_count_(0),
11922       push_count_(0),
11923       ast_id_(BailoutId::None()),
11924       zone_(zone) {
11925   Scope* declaration_scope = scope->DeclarationScope();
11926   Initialize(declaration_scope->num_parameters() + 1,
11927              declaration_scope->num_stack_slots(), 0);
11928 }
11929 
11930 
HEnvironment(Zone * zone,int parameter_count)11931 HEnvironment::HEnvironment(Zone* zone, int parameter_count)
11932     : values_(0, zone),
11933       frame_type_(STUB),
11934       parameter_count_(parameter_count),
11935       specials_count_(1),
11936       local_count_(0),
11937       outer_(NULL),
11938       entry_(NULL),
11939       pop_count_(0),
11940       push_count_(0),
11941       ast_id_(BailoutId::None()),
11942       zone_(zone) {
11943   Initialize(parameter_count, 0, 0);
11944 }
11945 
11946 
HEnvironment(const HEnvironment * other,Zone * zone)11947 HEnvironment::HEnvironment(const HEnvironment* other, Zone* zone)
11948     : values_(0, zone),
11949       frame_type_(JS_FUNCTION),
11950       parameter_count_(0),
11951       specials_count_(0),
11952       local_count_(0),
11953       outer_(NULL),
11954       entry_(NULL),
11955       pop_count_(0),
11956       push_count_(0),
11957       ast_id_(other->ast_id()),
11958       zone_(zone) {
11959   Initialize(other);
11960 }
11961 
11962 
HEnvironment(HEnvironment * outer,Handle<JSFunction> closure,FrameType frame_type,int arguments,Zone * zone)11963 HEnvironment::HEnvironment(HEnvironment* outer,
11964                            Handle<JSFunction> closure,
11965                            FrameType frame_type,
11966                            int arguments,
11967                            Zone* zone)
11968     : closure_(closure),
11969       values_(arguments, zone),
11970       frame_type_(frame_type),
11971       parameter_count_(arguments),
11972       specials_count_(0),
11973       local_count_(0),
11974       outer_(outer),
11975       entry_(NULL),
11976       pop_count_(0),
11977       push_count_(0),
11978       ast_id_(BailoutId::None()),
11979       zone_(zone) {
11980 }
11981 
11982 
Initialize(int parameter_count,int local_count,int stack_height)11983 void HEnvironment::Initialize(int parameter_count,
11984                               int local_count,
11985                               int stack_height) {
11986   parameter_count_ = parameter_count;
11987   local_count_ = local_count;
11988 
11989   // Avoid reallocating the temporaries' backing store on the first Push.
11990   int total = parameter_count + specials_count_ + local_count + stack_height;
11991   values_.Initialize(total + 4, zone());
11992   for (int i = 0; i < total; ++i) values_.Add(NULL, zone());
11993 }
11994 
11995 
Initialize(const HEnvironment * other)11996 void HEnvironment::Initialize(const HEnvironment* other) {
11997   closure_ = other->closure();
11998   values_.AddAll(other->values_, zone());
11999   assigned_variables_.Union(other->assigned_variables_, zone());
12000   frame_type_ = other->frame_type_;
12001   parameter_count_ = other->parameter_count_;
12002   local_count_ = other->local_count_;
12003   if (other->outer_ != NULL) outer_ = other->outer_->Copy();  // Deep copy.
12004   entry_ = other->entry_;
12005   pop_count_ = other->pop_count_;
12006   push_count_ = other->push_count_;
12007   specials_count_ = other->specials_count_;
12008   ast_id_ = other->ast_id_;
12009 }
12010 
12011 
AddIncomingEdge(HBasicBlock * block,HEnvironment * other)12012 void HEnvironment::AddIncomingEdge(HBasicBlock* block, HEnvironment* other) {
12013   DCHECK(!block->IsLoopHeader());
12014   DCHECK(values_.length() == other->values_.length());
12015 
12016   int length = values_.length();
12017   for (int i = 0; i < length; ++i) {
12018     HValue* value = values_[i];
12019     if (value != NULL && value->IsPhi() && value->block() == block) {
12020       // There is already a phi for the i'th value.
12021       HPhi* phi = HPhi::cast(value);
12022       // Assert index is correct and that we haven't missed an incoming edge.
12023       DCHECK(phi->merged_index() == i || !phi->HasMergedIndex());
12024       DCHECK(phi->OperandCount() == block->predecessors()->length());
12025       phi->AddInput(other->values_[i]);
12026     } else if (values_[i] != other->values_[i]) {
12027       // There is a fresh value on the incoming edge, a phi is needed.
12028       DCHECK(values_[i] != NULL && other->values_[i] != NULL);
12029       HPhi* phi = block->AddNewPhi(i);
12030       HValue* old_value = values_[i];
12031       for (int j = 0; j < block->predecessors()->length(); j++) {
12032         phi->AddInput(old_value);
12033       }
12034       phi->AddInput(other->values_[i]);
12035       this->values_[i] = phi;
12036     }
12037   }
12038 }
12039 
12040 
Bind(int index,HValue * value)12041 void HEnvironment::Bind(int index, HValue* value) {
12042   DCHECK(value != NULL);
12043   assigned_variables_.Add(index, zone());
12044   values_[index] = value;
12045 }
12046 
12047 
HasExpressionAt(int index) const12048 bool HEnvironment::HasExpressionAt(int index) const {
12049   return index >= parameter_count_ + specials_count_ + local_count_;
12050 }
12051 
12052 
ExpressionStackIsEmpty() const12053 bool HEnvironment::ExpressionStackIsEmpty() const {
12054   DCHECK(length() >= first_expression_index());
12055   return length() == first_expression_index();
12056 }
12057 
12058 
SetExpressionStackAt(int index_from_top,HValue * value)12059 void HEnvironment::SetExpressionStackAt(int index_from_top, HValue* value) {
12060   int count = index_from_top + 1;
12061   int index = values_.length() - count;
12062   DCHECK(HasExpressionAt(index));
12063   // The push count must include at least the element in question or else
12064   // the new value will not be included in this environment's history.
12065   if (push_count_ < count) {
12066     // This is the same effect as popping then re-pushing 'count' elements.
12067     pop_count_ += (count - push_count_);
12068     push_count_ = count;
12069   }
12070   values_[index] = value;
12071 }
12072 
12073 
Drop(int count)12074 void HEnvironment::Drop(int count) {
12075   for (int i = 0; i < count; ++i) {
12076     Pop();
12077   }
12078 }
12079 
12080 
Copy() const12081 HEnvironment* HEnvironment::Copy() const {
12082   return new(zone()) HEnvironment(this, zone());
12083 }
12084 
12085 
CopyWithoutHistory() const12086 HEnvironment* HEnvironment::CopyWithoutHistory() const {
12087   HEnvironment* result = Copy();
12088   result->ClearHistory();
12089   return result;
12090 }
12091 
12092 
CopyAsLoopHeader(HBasicBlock * loop_header) const12093 HEnvironment* HEnvironment::CopyAsLoopHeader(HBasicBlock* loop_header) const {
12094   HEnvironment* new_env = Copy();
12095   for (int i = 0; i < values_.length(); ++i) {
12096     HPhi* phi = loop_header->AddNewPhi(i);
12097     phi->AddInput(values_[i]);
12098     new_env->values_[i] = phi;
12099   }
12100   new_env->ClearHistory();
12101   return new_env;
12102 }
12103 
12104 
CreateStubEnvironment(HEnvironment * outer,Handle<JSFunction> target,FrameType frame_type,int arguments) const12105 HEnvironment* HEnvironment::CreateStubEnvironment(HEnvironment* outer,
12106                                                   Handle<JSFunction> target,
12107                                                   FrameType frame_type,
12108                                                   int arguments) const {
12109   HEnvironment* new_env =
12110       new(zone()) HEnvironment(outer, target, frame_type,
12111                                arguments + 1, zone());
12112   for (int i = 0; i <= arguments; ++i) {  // Include receiver.
12113     new_env->Push(ExpressionStackAt(arguments - i));
12114   }
12115   new_env->ClearHistory();
12116   return new_env;
12117 }
12118 
12119 
CopyForInlining(Handle<JSFunction> target,int arguments,FunctionLiteral * function,HConstant * undefined,InliningKind inlining_kind) const12120 HEnvironment* HEnvironment::CopyForInlining(
12121     Handle<JSFunction> target,
12122     int arguments,
12123     FunctionLiteral* function,
12124     HConstant* undefined,
12125     InliningKind inlining_kind) const {
12126   DCHECK(frame_type() == JS_FUNCTION);
12127 
12128   // Outer environment is a copy of this one without the arguments.
12129   int arity = function->scope()->num_parameters();
12130 
12131   HEnvironment* outer = Copy();
12132   outer->Drop(arguments + 1);  // Including receiver.
12133   outer->ClearHistory();
12134 
12135   if (inlining_kind == CONSTRUCT_CALL_RETURN) {
12136     // Create artificial constructor stub environment.  The receiver should
12137     // actually be the constructor function, but we pass the newly allocated
12138     // object instead, DoComputeConstructStubFrame() relies on that.
12139     outer = CreateStubEnvironment(outer, target, JS_CONSTRUCT, arguments);
12140   } else if (inlining_kind == GETTER_CALL_RETURN) {
12141     // We need an additional StackFrame::INTERNAL frame for restoring the
12142     // correct context.
12143     outer = CreateStubEnvironment(outer, target, JS_GETTER, arguments);
12144   } else if (inlining_kind == SETTER_CALL_RETURN) {
12145     // We need an additional StackFrame::INTERNAL frame for temporarily saving
12146     // the argument of the setter, see StoreStubCompiler::CompileStoreViaSetter.
12147     outer = CreateStubEnvironment(outer, target, JS_SETTER, arguments);
12148   }
12149 
12150   if (arity != arguments) {
12151     // Create artificial arguments adaptation environment.
12152     outer = CreateStubEnvironment(outer, target, ARGUMENTS_ADAPTOR, arguments);
12153   }
12154 
12155   HEnvironment* inner =
12156       new(zone()) HEnvironment(outer, function->scope(), target, zone());
12157   // Get the argument values from the original environment.
12158   for (int i = 0; i <= arity; ++i) {  // Include receiver.
12159     HValue* push = (i <= arguments) ?
12160         ExpressionStackAt(arguments - i) : undefined;
12161     inner->SetValueAt(i, push);
12162   }
12163   inner->SetValueAt(arity + 1, context());
12164   for (int i = arity + 2; i < inner->length(); ++i) {
12165     inner->SetValueAt(i, undefined);
12166   }
12167 
12168   inner->set_ast_id(BailoutId::FunctionEntry());
12169   return inner;
12170 }
12171 
12172 
operator <<(OStream & os,const HEnvironment & env)12173 OStream& operator<<(OStream& os, const HEnvironment& env) {
12174   for (int i = 0; i < env.length(); i++) {
12175     if (i == 0) os << "parameters\n";
12176     if (i == env.parameter_count()) os << "specials\n";
12177     if (i == env.parameter_count() + env.specials_count()) os << "locals\n";
12178     if (i == env.parameter_count() + env.specials_count() + env.local_count()) {
12179       os << "expressions\n";
12180     }
12181     HValue* val = env.values()->at(i);
12182     os << i << ": ";
12183     if (val != NULL) {
12184       os << val;
12185     } else {
12186       os << "NULL";
12187     }
12188     os << "\n";
12189   }
12190   return os << "\n";
12191 }
12192 
12193 
TraceCompilation(CompilationInfo * info)12194 void HTracer::TraceCompilation(CompilationInfo* info) {
12195   Tag tag(this, "compilation");
12196   if (info->IsOptimizing()) {
12197     Handle<String> name = info->function()->debug_name();
12198     PrintStringProperty("name", name->ToCString().get());
12199     PrintIndent();
12200     trace_.Add("method \"%s:%d\"\n",
12201                name->ToCString().get(),
12202                info->optimization_id());
12203   } else {
12204     CodeStub::Major major_key = info->code_stub()->MajorKey();
12205     PrintStringProperty("name", CodeStub::MajorName(major_key, false));
12206     PrintStringProperty("method", "stub");
12207   }
12208   PrintLongProperty("date",
12209                     static_cast<int64_t>(base::OS::TimeCurrentMillis()));
12210 }
12211 
12212 
TraceLithium(const char * name,LChunk * chunk)12213 void HTracer::TraceLithium(const char* name, LChunk* chunk) {
12214   DCHECK(!chunk->isolate()->concurrent_recompilation_enabled());
12215   AllowHandleDereference allow_deref;
12216   AllowDeferredHandleDereference allow_deferred_deref;
12217   Trace(name, chunk->graph(), chunk);
12218 }
12219 
12220 
TraceHydrogen(const char * name,HGraph * graph)12221 void HTracer::TraceHydrogen(const char* name, HGraph* graph) {
12222   DCHECK(!graph->isolate()->concurrent_recompilation_enabled());
12223   AllowHandleDereference allow_deref;
12224   AllowDeferredHandleDereference allow_deferred_deref;
12225   Trace(name, graph, NULL);
12226 }
12227 
12228 
Trace(const char * name,HGraph * graph,LChunk * chunk)12229 void HTracer::Trace(const char* name, HGraph* graph, LChunk* chunk) {
12230   Tag tag(this, "cfg");
12231   PrintStringProperty("name", name);
12232   const ZoneList<HBasicBlock*>* blocks = graph->blocks();
12233   for (int i = 0; i < blocks->length(); i++) {
12234     HBasicBlock* current = blocks->at(i);
12235     Tag block_tag(this, "block");
12236     PrintBlockProperty("name", current->block_id());
12237     PrintIntProperty("from_bci", -1);
12238     PrintIntProperty("to_bci", -1);
12239 
12240     if (!current->predecessors()->is_empty()) {
12241       PrintIndent();
12242       trace_.Add("predecessors");
12243       for (int j = 0; j < current->predecessors()->length(); ++j) {
12244         trace_.Add(" \"B%d\"", current->predecessors()->at(j)->block_id());
12245       }
12246       trace_.Add("\n");
12247     } else {
12248       PrintEmptyProperty("predecessors");
12249     }
12250 
12251     if (current->end()->SuccessorCount() == 0) {
12252       PrintEmptyProperty("successors");
12253     } else  {
12254       PrintIndent();
12255       trace_.Add("successors");
12256       for (HSuccessorIterator it(current->end()); !it.Done(); it.Advance()) {
12257         trace_.Add(" \"B%d\"", it.Current()->block_id());
12258       }
12259       trace_.Add("\n");
12260     }
12261 
12262     PrintEmptyProperty("xhandlers");
12263 
12264     {
12265       PrintIndent();
12266       trace_.Add("flags");
12267       if (current->IsLoopSuccessorDominator()) {
12268         trace_.Add(" \"dom-loop-succ\"");
12269       }
12270       if (current->IsUnreachable()) {
12271         trace_.Add(" \"dead\"");
12272       }
12273       if (current->is_osr_entry()) {
12274         trace_.Add(" \"osr\"");
12275       }
12276       trace_.Add("\n");
12277     }
12278 
12279     if (current->dominator() != NULL) {
12280       PrintBlockProperty("dominator", current->dominator()->block_id());
12281     }
12282 
12283     PrintIntProperty("loop_depth", current->LoopNestingDepth());
12284 
12285     if (chunk != NULL) {
12286       int first_index = current->first_instruction_index();
12287       int last_index = current->last_instruction_index();
12288       PrintIntProperty(
12289           "first_lir_id",
12290           LifetimePosition::FromInstructionIndex(first_index).Value());
12291       PrintIntProperty(
12292           "last_lir_id",
12293           LifetimePosition::FromInstructionIndex(last_index).Value());
12294     }
12295 
12296     {
12297       Tag states_tag(this, "states");
12298       Tag locals_tag(this, "locals");
12299       int total = current->phis()->length();
12300       PrintIntProperty("size", current->phis()->length());
12301       PrintStringProperty("method", "None");
12302       for (int j = 0; j < total; ++j) {
12303         HPhi* phi = current->phis()->at(j);
12304         PrintIndent();
12305         OStringStream os;
12306         os << phi->merged_index() << " " << NameOf(phi) << " " << *phi << "\n";
12307         trace_.Add(os.c_str());
12308       }
12309     }
12310 
12311     {
12312       Tag HIR_tag(this, "HIR");
12313       for (HInstructionIterator it(current); !it.Done(); it.Advance()) {
12314         HInstruction* instruction = it.Current();
12315         int uses = instruction->UseCount();
12316         PrintIndent();
12317         OStringStream os;
12318         os << "0 " << uses << " " << NameOf(instruction) << " " << *instruction;
12319         if (FLAG_hydrogen_track_positions &&
12320             instruction->has_position() &&
12321             instruction->position().raw() != 0) {
12322           const HSourcePosition pos = instruction->position();
12323           os << " pos:";
12324           if (pos.inlining_id() != 0) os << pos.inlining_id() << "_";
12325           os << pos.position();
12326         }
12327         os << " <|@\n";
12328         trace_.Add(os.c_str());
12329       }
12330     }
12331 
12332 
12333     if (chunk != NULL) {
12334       Tag LIR_tag(this, "LIR");
12335       int first_index = current->first_instruction_index();
12336       int last_index = current->last_instruction_index();
12337       if (first_index != -1 && last_index != -1) {
12338         const ZoneList<LInstruction*>* instructions = chunk->instructions();
12339         for (int i = first_index; i <= last_index; ++i) {
12340           LInstruction* linstr = instructions->at(i);
12341           if (linstr != NULL) {
12342             PrintIndent();
12343             trace_.Add("%d ",
12344                        LifetimePosition::FromInstructionIndex(i).Value());
12345             linstr->PrintTo(&trace_);
12346             OStringStream os;
12347             os << " [hir:" << NameOf(linstr->hydrogen_value()) << "] <|@\n";
12348             trace_.Add(os.c_str());
12349           }
12350         }
12351       }
12352     }
12353   }
12354 }
12355 
12356 
TraceLiveRanges(const char * name,LAllocator * allocator)12357 void HTracer::TraceLiveRanges(const char* name, LAllocator* allocator) {
12358   Tag tag(this, "intervals");
12359   PrintStringProperty("name", name);
12360 
12361   const Vector<LiveRange*>* fixed_d = allocator->fixed_double_live_ranges();
12362   for (int i = 0; i < fixed_d->length(); ++i) {
12363     TraceLiveRange(fixed_d->at(i), "fixed", allocator->zone());
12364   }
12365 
12366   const Vector<LiveRange*>* fixed = allocator->fixed_live_ranges();
12367   for (int i = 0; i < fixed->length(); ++i) {
12368     TraceLiveRange(fixed->at(i), "fixed", allocator->zone());
12369   }
12370 
12371   const ZoneList<LiveRange*>* live_ranges = allocator->live_ranges();
12372   for (int i = 0; i < live_ranges->length(); ++i) {
12373     TraceLiveRange(live_ranges->at(i), "object", allocator->zone());
12374   }
12375 }
12376 
12377 
TraceLiveRange(LiveRange * range,const char * type,Zone * zone)12378 void HTracer::TraceLiveRange(LiveRange* range, const char* type,
12379                              Zone* zone) {
12380   if (range != NULL && !range->IsEmpty()) {
12381     PrintIndent();
12382     trace_.Add("%d %s", range->id(), type);
12383     if (range->HasRegisterAssigned()) {
12384       LOperand* op = range->CreateAssignedOperand(zone);
12385       int assigned_reg = op->index();
12386       if (op->IsDoubleRegister()) {
12387         trace_.Add(" \"%s\"",
12388                    DoubleRegister::AllocationIndexToString(assigned_reg));
12389       } else {
12390         DCHECK(op->IsRegister());
12391         trace_.Add(" \"%s\"", Register::AllocationIndexToString(assigned_reg));
12392       }
12393     } else if (range->IsSpilled()) {
12394       LOperand* op = range->TopLevel()->GetSpillOperand();
12395       if (op->IsDoubleStackSlot()) {
12396         trace_.Add(" \"double_stack:%d\"", op->index());
12397       } else {
12398         DCHECK(op->IsStackSlot());
12399         trace_.Add(" \"stack:%d\"", op->index());
12400       }
12401     }
12402     int parent_index = -1;
12403     if (range->IsChild()) {
12404       parent_index = range->parent()->id();
12405     } else {
12406       parent_index = range->id();
12407     }
12408     LOperand* op = range->FirstHint();
12409     int hint_index = -1;
12410     if (op != NULL && op->IsUnallocated()) {
12411       hint_index = LUnallocated::cast(op)->virtual_register();
12412     }
12413     trace_.Add(" %d %d", parent_index, hint_index);
12414     UseInterval* cur_interval = range->first_interval();
12415     while (cur_interval != NULL && range->Covers(cur_interval->start())) {
12416       trace_.Add(" [%d, %d[",
12417                  cur_interval->start().Value(),
12418                  cur_interval->end().Value());
12419       cur_interval = cur_interval->next();
12420     }
12421 
12422     UsePosition* current_pos = range->first_pos();
12423     while (current_pos != NULL) {
12424       if (current_pos->RegisterIsBeneficial() || FLAG_trace_all_uses) {
12425         trace_.Add(" %d M", current_pos->pos().Value());
12426       }
12427       current_pos = current_pos->next();
12428     }
12429 
12430     trace_.Add(" \"\"\n");
12431   }
12432 }
12433 
12434 
FlushToFile()12435 void HTracer::FlushToFile() {
12436   AppendChars(filename_.start(), trace_.ToCString().get(), trace_.length(),
12437               false);
12438   trace_.Reset();
12439 }
12440 
12441 
Initialize(CompilationInfo * info)12442 void HStatistics::Initialize(CompilationInfo* info) {
12443   if (info->shared_info().is_null()) return;
12444   source_size_ += info->shared_info()->SourceSize();
12445 }
12446 
12447 
Print(const char * stats_name)12448 void HStatistics::Print(const char* stats_name) {
12449   PrintF(
12450       "\n"
12451       "----------------------------------------"
12452       "----------------------------------------\n"
12453       "--- %s timing results:\n"
12454       "----------------------------------------"
12455       "----------------------------------------\n",
12456       stats_name);
12457   base::TimeDelta sum;
12458   for (int i = 0; i < times_.length(); ++i) {
12459     sum += times_[i];
12460   }
12461 
12462   for (int i = 0; i < names_.length(); ++i) {
12463     PrintF("%33s", names_[i]);
12464     double ms = times_[i].InMillisecondsF();
12465     double percent = times_[i].PercentOf(sum);
12466     PrintF(" %8.3f ms / %4.1f %% ", ms, percent);
12467 
12468     unsigned size = sizes_[i];
12469     double size_percent = static_cast<double>(size) * 100 / total_size_;
12470     PrintF(" %9u bytes / %4.1f %%\n", size, size_percent);
12471   }
12472 
12473   PrintF(
12474       "----------------------------------------"
12475       "----------------------------------------\n");
12476   base::TimeDelta total = create_graph_ + optimize_graph_ + generate_code_;
12477   PrintF("%33s %8.3f ms / %4.1f %% \n", "Create graph",
12478          create_graph_.InMillisecondsF(), create_graph_.PercentOf(total));
12479   PrintF("%33s %8.3f ms / %4.1f %% \n", "Optimize graph",
12480          optimize_graph_.InMillisecondsF(), optimize_graph_.PercentOf(total));
12481   PrintF("%33s %8.3f ms / %4.1f %% \n", "Generate and install code",
12482          generate_code_.InMillisecondsF(), generate_code_.PercentOf(total));
12483   PrintF(
12484       "----------------------------------------"
12485       "----------------------------------------\n");
12486   PrintF("%33s %8.3f ms           %9u bytes\n", "Total",
12487          total.InMillisecondsF(), total_size_);
12488   PrintF("%33s     (%.1f times slower than full code gen)\n", "",
12489          total.TimesOf(full_code_gen_));
12490 
12491   double source_size_in_kb = static_cast<double>(source_size_) / 1024;
12492   double normalized_time =  source_size_in_kb > 0
12493       ? total.InMillisecondsF() / source_size_in_kb
12494       : 0;
12495   double normalized_size_in_kb = source_size_in_kb > 0
12496       ? total_size_ / 1024 / source_size_in_kb
12497       : 0;
12498   PrintF("%33s %8.3f ms           %7.3f kB allocated\n",
12499          "Average per kB source", normalized_time, normalized_size_in_kb);
12500 }
12501 
12502 
SaveTiming(const char * name,base::TimeDelta time,unsigned size)12503 void HStatistics::SaveTiming(const char* name, base::TimeDelta time,
12504                              unsigned size) {
12505   total_size_ += size;
12506   for (int i = 0; i < names_.length(); ++i) {
12507     if (strcmp(names_[i], name) == 0) {
12508       times_[i] += time;
12509       sizes_[i] += size;
12510       return;
12511     }
12512   }
12513   names_.Add(name);
12514   times_.Add(time);
12515   sizes_.Add(size);
12516 }
12517 
12518 
~HPhase()12519 HPhase::~HPhase() {
12520   if (ShouldProduceTraceOutput()) {
12521     isolate()->GetHTracer()->TraceHydrogen(name(), graph_);
12522   }
12523 
12524 #ifdef DEBUG
12525   graph_->Verify(false);  // No full verify.
12526 #endif
12527 }
12528 
12529 } }  // namespace v8::internal
12530