1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/v8.h"
6
7 #if V8_TARGET_ARCH_ARM64
8
9 #include "src/codegen.h"
10 #include "src/debug.h"
11 #include "src/deoptimizer.h"
12 #include "src/full-codegen.h"
13 #include "src/runtime.h"
14
15 namespace v8 {
16 namespace internal {
17
18
19 #define __ ACCESS_MASM(masm)
20
21
22 // Load the built-in Array function from the current context.
GenerateLoadArrayFunction(MacroAssembler * masm,Register result)23 static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
24 // Load the native context.
25 __ Ldr(result, GlobalObjectMemOperand());
26 __ Ldr(result,
27 FieldMemOperand(result, GlobalObject::kNativeContextOffset));
28 // Load the InternalArray function from the native context.
29 __ Ldr(result,
30 MemOperand(result,
31 Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
32 }
33
34
35 // Load the built-in InternalArray function from the current context.
GenerateLoadInternalArrayFunction(MacroAssembler * masm,Register result)36 static void GenerateLoadInternalArrayFunction(MacroAssembler* masm,
37 Register result) {
38 // Load the native context.
39 __ Ldr(result, GlobalObjectMemOperand());
40 __ Ldr(result,
41 FieldMemOperand(result, GlobalObject::kNativeContextOffset));
42 // Load the InternalArray function from the native context.
43 __ Ldr(result, ContextMemOperand(result,
44 Context::INTERNAL_ARRAY_FUNCTION_INDEX));
45 }
46
47
Generate_Adaptor(MacroAssembler * masm,CFunctionId id,BuiltinExtraArguments extra_args)48 void Builtins::Generate_Adaptor(MacroAssembler* masm,
49 CFunctionId id,
50 BuiltinExtraArguments extra_args) {
51 // ----------- S t a t e -------------
52 // -- x0 : number of arguments excluding receiver
53 // -- x1 : called function (only guaranteed when
54 // extra_args requires it)
55 // -- cp : context
56 // -- sp[0] : last argument
57 // -- ...
58 // -- sp[4 * (argc - 1)] : first argument (argc == x0)
59 // -- sp[4 * argc] : receiver
60 // -----------------------------------
61
62 // Insert extra arguments.
63 int num_extra_args = 0;
64 if (extra_args == NEEDS_CALLED_FUNCTION) {
65 num_extra_args = 1;
66 __ Push(x1);
67 } else {
68 DCHECK(extra_args == NO_EXTRA_ARGUMENTS);
69 }
70
71 // JumpToExternalReference expects x0 to contain the number of arguments
72 // including the receiver and the extra arguments.
73 __ Add(x0, x0, num_extra_args + 1);
74 __ JumpToExternalReference(ExternalReference(id, masm->isolate()));
75 }
76
77
Generate_InternalArrayCode(MacroAssembler * masm)78 void Builtins::Generate_InternalArrayCode(MacroAssembler* masm) {
79 // ----------- S t a t e -------------
80 // -- x0 : number of arguments
81 // -- lr : return address
82 // -- sp[...]: constructor arguments
83 // -----------------------------------
84 ASM_LOCATION("Builtins::Generate_InternalArrayCode");
85 Label generic_array_code;
86
87 // Get the InternalArray function.
88 GenerateLoadInternalArrayFunction(masm, x1);
89
90 if (FLAG_debug_code) {
91 // Initial map for the builtin InternalArray functions should be maps.
92 __ Ldr(x10, FieldMemOperand(x1, JSFunction::kPrototypeOrInitialMapOffset));
93 __ Tst(x10, kSmiTagMask);
94 __ Assert(ne, kUnexpectedInitialMapForInternalArrayFunction);
95 __ CompareObjectType(x10, x11, x12, MAP_TYPE);
96 __ Assert(eq, kUnexpectedInitialMapForInternalArrayFunction);
97 }
98
99 // Run the native code for the InternalArray function called as a normal
100 // function.
101 InternalArrayConstructorStub stub(masm->isolate());
102 __ TailCallStub(&stub);
103 }
104
105
Generate_ArrayCode(MacroAssembler * masm)106 void Builtins::Generate_ArrayCode(MacroAssembler* masm) {
107 // ----------- S t a t e -------------
108 // -- x0 : number of arguments
109 // -- lr : return address
110 // -- sp[...]: constructor arguments
111 // -----------------------------------
112 ASM_LOCATION("Builtins::Generate_ArrayCode");
113 Label generic_array_code, one_or_more_arguments, two_or_more_arguments;
114
115 // Get the Array function.
116 GenerateLoadArrayFunction(masm, x1);
117
118 if (FLAG_debug_code) {
119 // Initial map for the builtin Array functions should be maps.
120 __ Ldr(x10, FieldMemOperand(x1, JSFunction::kPrototypeOrInitialMapOffset));
121 __ Tst(x10, kSmiTagMask);
122 __ Assert(ne, kUnexpectedInitialMapForArrayFunction);
123 __ CompareObjectType(x10, x11, x12, MAP_TYPE);
124 __ Assert(eq, kUnexpectedInitialMapForArrayFunction);
125 }
126
127 // Run the native code for the Array function called as a normal function.
128 __ LoadRoot(x2, Heap::kUndefinedValueRootIndex);
129 ArrayConstructorStub stub(masm->isolate());
130 __ TailCallStub(&stub);
131 }
132
133
Generate_StringConstructCode(MacroAssembler * masm)134 void Builtins::Generate_StringConstructCode(MacroAssembler* masm) {
135 // ----------- S t a t e -------------
136 // -- x0 : number of arguments
137 // -- x1 : constructor function
138 // -- lr : return address
139 // -- sp[(argc - n - 1) * 8] : arg[n] (zero based)
140 // -- sp[argc * 8] : receiver
141 // -----------------------------------
142 ASM_LOCATION("Builtins::Generate_StringConstructCode");
143 Counters* counters = masm->isolate()->counters();
144 __ IncrementCounter(counters->string_ctor_calls(), 1, x10, x11);
145
146 Register argc = x0;
147 Register function = x1;
148 if (FLAG_debug_code) {
149 __ LoadGlobalFunction(Context::STRING_FUNCTION_INDEX, x10);
150 __ Cmp(function, x10);
151 __ Assert(eq, kUnexpectedStringFunction);
152 }
153
154 // Load the first arguments in x0 and get rid of the rest.
155 Label no_arguments;
156 __ Cbz(argc, &no_arguments);
157 // First args = sp[(argc - 1) * 8].
158 __ Sub(argc, argc, 1);
159 __ Claim(argc, kXRegSize);
160 // jssp now point to args[0], load and drop args[0] + receiver.
161 Register arg = argc;
162 __ Ldr(arg, MemOperand(jssp, 2 * kPointerSize, PostIndex));
163 argc = NoReg;
164
165 Register argument = x2;
166 Label not_cached, argument_is_string;
167 __ LookupNumberStringCache(arg, // Input.
168 argument, // Result.
169 x10, // Scratch.
170 x11, // Scratch.
171 x12, // Scratch.
172 ¬_cached);
173 __ IncrementCounter(counters->string_ctor_cached_number(), 1, x10, x11);
174 __ Bind(&argument_is_string);
175
176 // ----------- S t a t e -------------
177 // -- x2 : argument converted to string
178 // -- x1 : constructor function
179 // -- lr : return address
180 // -----------------------------------
181
182 Label gc_required;
183 Register new_obj = x0;
184 __ Allocate(JSValue::kSize, new_obj, x10, x11, &gc_required, TAG_OBJECT);
185
186 // Initialize the String object.
187 Register map = x3;
188 __ LoadGlobalFunctionInitialMap(function, map, x10);
189 if (FLAG_debug_code) {
190 __ Ldrb(x4, FieldMemOperand(map, Map::kInstanceSizeOffset));
191 __ Cmp(x4, JSValue::kSize >> kPointerSizeLog2);
192 __ Assert(eq, kUnexpectedStringWrapperInstanceSize);
193 __ Ldrb(x4, FieldMemOperand(map, Map::kUnusedPropertyFieldsOffset));
194 __ Cmp(x4, 0);
195 __ Assert(eq, kUnexpectedUnusedPropertiesOfStringWrapper);
196 }
197 __ Str(map, FieldMemOperand(new_obj, HeapObject::kMapOffset));
198
199 Register empty = x3;
200 __ LoadRoot(empty, Heap::kEmptyFixedArrayRootIndex);
201 __ Str(empty, FieldMemOperand(new_obj, JSObject::kPropertiesOffset));
202 __ Str(empty, FieldMemOperand(new_obj, JSObject::kElementsOffset));
203
204 __ Str(argument, FieldMemOperand(new_obj, JSValue::kValueOffset));
205
206 // Ensure the object is fully initialized.
207 STATIC_ASSERT(JSValue::kSize == (4 * kPointerSize));
208
209 __ Ret();
210
211 // The argument was not found in the number to string cache. Check
212 // if it's a string already before calling the conversion builtin.
213 Label convert_argument;
214 __ Bind(¬_cached);
215 __ JumpIfSmi(arg, &convert_argument);
216
217 // Is it a String?
218 __ Ldr(x10, FieldMemOperand(x0, HeapObject::kMapOffset));
219 __ Ldrb(x11, FieldMemOperand(x10, Map::kInstanceTypeOffset));
220 __ Tbnz(x11, MaskToBit(kIsNotStringMask), &convert_argument);
221 __ Mov(argument, arg);
222 __ IncrementCounter(counters->string_ctor_string_value(), 1, x10, x11);
223 __ B(&argument_is_string);
224
225 // Invoke the conversion builtin and put the result into x2.
226 __ Bind(&convert_argument);
227 __ Push(function); // Preserve the function.
228 __ IncrementCounter(counters->string_ctor_conversions(), 1, x10, x11);
229 {
230 FrameScope scope(masm, StackFrame::INTERNAL);
231 __ Push(arg);
232 __ InvokeBuiltin(Builtins::TO_STRING, CALL_FUNCTION);
233 }
234 __ Pop(function);
235 __ Mov(argument, x0);
236 __ B(&argument_is_string);
237
238 // Load the empty string into x2, remove the receiver from the
239 // stack, and jump back to the case where the argument is a string.
240 __ Bind(&no_arguments);
241 __ LoadRoot(argument, Heap::kempty_stringRootIndex);
242 __ Drop(1);
243 __ B(&argument_is_string);
244
245 // At this point the argument is already a string. Call runtime to create a
246 // string wrapper.
247 __ Bind(&gc_required);
248 __ IncrementCounter(counters->string_ctor_gc_required(), 1, x10, x11);
249 {
250 FrameScope scope(masm, StackFrame::INTERNAL);
251 __ Push(argument);
252 __ CallRuntime(Runtime::kNewStringWrapper, 1);
253 }
254 __ Ret();
255 }
256
257
CallRuntimePassFunction(MacroAssembler * masm,Runtime::FunctionId function_id)258 static void CallRuntimePassFunction(MacroAssembler* masm,
259 Runtime::FunctionId function_id) {
260 FrameScope scope(masm, StackFrame::INTERNAL);
261 // - Push a copy of the function onto the stack.
262 // - Push another copy as a parameter to the runtime call.
263 __ Push(x1, x1);
264
265 __ CallRuntime(function_id, 1);
266
267 // - Restore receiver.
268 __ Pop(x1);
269 }
270
271
GenerateTailCallToSharedCode(MacroAssembler * masm)272 static void GenerateTailCallToSharedCode(MacroAssembler* masm) {
273 __ Ldr(x2, FieldMemOperand(x1, JSFunction::kSharedFunctionInfoOffset));
274 __ Ldr(x2, FieldMemOperand(x2, SharedFunctionInfo::kCodeOffset));
275 __ Add(x2, x2, Code::kHeaderSize - kHeapObjectTag);
276 __ Br(x2);
277 }
278
279
GenerateTailCallToReturnedCode(MacroAssembler * masm)280 static void GenerateTailCallToReturnedCode(MacroAssembler* masm) {
281 __ Add(x0, x0, Code::kHeaderSize - kHeapObjectTag);
282 __ Br(x0);
283 }
284
285
Generate_InOptimizationQueue(MacroAssembler * masm)286 void Builtins::Generate_InOptimizationQueue(MacroAssembler* masm) {
287 // Checking whether the queued function is ready for install is optional,
288 // since we come across interrupts and stack checks elsewhere. However, not
289 // checking may delay installing ready functions, and always checking would be
290 // quite expensive. A good compromise is to first check against stack limit as
291 // a cue for an interrupt signal.
292 Label ok;
293 __ CompareRoot(masm->StackPointer(), Heap::kStackLimitRootIndex);
294 __ B(hs, &ok);
295
296 CallRuntimePassFunction(masm, Runtime::kTryInstallOptimizedCode);
297 GenerateTailCallToReturnedCode(masm);
298
299 __ Bind(&ok);
300 GenerateTailCallToSharedCode(masm);
301 }
302
303
Generate_JSConstructStubHelper(MacroAssembler * masm,bool is_api_function,bool create_memento)304 static void Generate_JSConstructStubHelper(MacroAssembler* masm,
305 bool is_api_function,
306 bool create_memento) {
307 // ----------- S t a t e -------------
308 // -- x0 : number of arguments
309 // -- x1 : constructor function
310 // -- x2 : allocation site or undefined
311 // -- lr : return address
312 // -- sp[...]: constructor arguments
313 // -----------------------------------
314
315 ASM_LOCATION("Builtins::Generate_JSConstructStubHelper");
316 // Should never create mementos for api functions.
317 DCHECK(!is_api_function || !create_memento);
318
319 Isolate* isolate = masm->isolate();
320
321 // Enter a construct frame.
322 {
323 FrameScope scope(masm, StackFrame::CONSTRUCT);
324
325 // Preserve the three incoming parameters on the stack.
326 if (create_memento) {
327 __ AssertUndefinedOrAllocationSite(x2, x10);
328 __ Push(x2);
329 }
330
331 Register argc = x0;
332 Register constructor = x1;
333 // x1: constructor function
334 __ SmiTag(argc);
335 __ Push(argc, constructor);
336 // sp[0] : Constructor function.
337 // sp[1]: number of arguments (smi-tagged)
338
339 // Try to allocate the object without transitioning into C code. If any of
340 // the preconditions is not met, the code bails out to the runtime call.
341 Label rt_call, allocated;
342 if (FLAG_inline_new) {
343 Label undo_allocation;
344 ExternalReference debug_step_in_fp =
345 ExternalReference::debug_step_in_fp_address(isolate);
346 __ Mov(x2, Operand(debug_step_in_fp));
347 __ Ldr(x2, MemOperand(x2));
348 __ Cbnz(x2, &rt_call);
349 // Load the initial map and verify that it is in fact a map.
350 Register init_map = x2;
351 __ Ldr(init_map,
352 FieldMemOperand(constructor,
353 JSFunction::kPrototypeOrInitialMapOffset));
354 __ JumpIfSmi(init_map, &rt_call);
355 __ JumpIfNotObjectType(init_map, x10, x11, MAP_TYPE, &rt_call);
356
357 // Check that the constructor is not constructing a JSFunction (see
358 // comments in Runtime_NewObject in runtime.cc). In which case the initial
359 // map's instance type would be JS_FUNCTION_TYPE.
360 __ CompareInstanceType(init_map, x10, JS_FUNCTION_TYPE);
361 __ B(eq, &rt_call);
362
363 Register constructon_count = x14;
364 if (!is_api_function) {
365 Label allocate;
366 MemOperand bit_field3 =
367 FieldMemOperand(init_map, Map::kBitField3Offset);
368 // Check if slack tracking is enabled.
369 __ Ldr(x4, bit_field3);
370 __ DecodeField<Map::ConstructionCount>(constructon_count, x4);
371 __ Cmp(constructon_count, Operand(JSFunction::kNoSlackTracking));
372 __ B(eq, &allocate);
373 // Decrease generous allocation count.
374 __ Subs(x4, x4, Operand(1 << Map::ConstructionCount::kShift));
375 __ Str(x4, bit_field3);
376 __ Cmp(constructon_count, Operand(JSFunction::kFinishSlackTracking));
377 __ B(ne, &allocate);
378
379 // Push the constructor and map to the stack, and the constructor again
380 // as argument to the runtime call.
381 __ Push(constructor, init_map, constructor);
382 __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
383 __ Pop(init_map, constructor);
384 __ Mov(constructon_count, Operand(JSFunction::kNoSlackTracking));
385 __ Bind(&allocate);
386 }
387
388 // Now allocate the JSObject on the heap.
389 Register obj_size = x3;
390 Register new_obj = x4;
391 __ Ldrb(obj_size, FieldMemOperand(init_map, Map::kInstanceSizeOffset));
392 if (create_memento) {
393 __ Add(x7, obj_size,
394 Operand(AllocationMemento::kSize / kPointerSize));
395 __ Allocate(x7, new_obj, x10, x11, &rt_call, SIZE_IN_WORDS);
396 } else {
397 __ Allocate(obj_size, new_obj, x10, x11, &rt_call, SIZE_IN_WORDS);
398 }
399
400 // Allocated the JSObject, now initialize the fields. Map is set to
401 // initial map and properties and elements are set to empty fixed array.
402 // NB. the object pointer is not tagged, so MemOperand is used.
403 Register empty = x5;
404 __ LoadRoot(empty, Heap::kEmptyFixedArrayRootIndex);
405 __ Str(init_map, MemOperand(new_obj, JSObject::kMapOffset));
406 STATIC_ASSERT(JSObject::kElementsOffset ==
407 (JSObject::kPropertiesOffset + kPointerSize));
408 __ Stp(empty, empty, MemOperand(new_obj, JSObject::kPropertiesOffset));
409
410 Register first_prop = x5;
411 __ Add(first_prop, new_obj, JSObject::kHeaderSize);
412
413 // Fill all of the in-object properties with the appropriate filler.
414 Register filler = x7;
415 __ LoadRoot(filler, Heap::kUndefinedValueRootIndex);
416
417 // Obtain number of pre-allocated property fields and in-object
418 // properties.
419 Register prealloc_fields = x10;
420 Register inobject_props = x11;
421 Register inst_sizes = x11;
422 __ Ldr(inst_sizes, FieldMemOperand(init_map, Map::kInstanceSizesOffset));
423 __ Ubfx(prealloc_fields, inst_sizes,
424 Map::kPreAllocatedPropertyFieldsByte * kBitsPerByte,
425 kBitsPerByte);
426 __ Ubfx(inobject_props, inst_sizes,
427 Map::kInObjectPropertiesByte * kBitsPerByte, kBitsPerByte);
428
429 // Calculate number of property fields in the object.
430 Register prop_fields = x6;
431 __ Sub(prop_fields, obj_size, JSObject::kHeaderSize / kPointerSize);
432
433 if (!is_api_function) {
434 Label no_inobject_slack_tracking;
435
436 // Check if slack tracking is enabled.
437 __ Cmp(constructon_count, Operand(JSFunction::kNoSlackTracking));
438 __ B(eq, &no_inobject_slack_tracking);
439 constructon_count = NoReg;
440
441 // Fill the pre-allocated fields with undef.
442 __ FillFields(first_prop, prealloc_fields, filler);
443
444 // Update first_prop register to be the offset of the first field after
445 // pre-allocated fields.
446 __ Add(first_prop, first_prop,
447 Operand(prealloc_fields, LSL, kPointerSizeLog2));
448
449 if (FLAG_debug_code) {
450 Register obj_end = x14;
451 __ Add(obj_end, new_obj, Operand(obj_size, LSL, kPointerSizeLog2));
452 __ Cmp(first_prop, obj_end);
453 __ Assert(le, kUnexpectedNumberOfPreAllocatedPropertyFields);
454 }
455
456 // Fill the remaining fields with one pointer filler map.
457 __ LoadRoot(filler, Heap::kOnePointerFillerMapRootIndex);
458 __ Sub(prop_fields, prop_fields, prealloc_fields);
459
460 __ bind(&no_inobject_slack_tracking);
461 }
462 if (create_memento) {
463 // Fill the pre-allocated fields with undef.
464 __ FillFields(first_prop, prop_fields, filler);
465 __ Add(first_prop, new_obj, Operand(obj_size, LSL, kPointerSizeLog2));
466 __ LoadRoot(x14, Heap::kAllocationMementoMapRootIndex);
467 DCHECK_EQ(0 * kPointerSize, AllocationMemento::kMapOffset);
468 __ Str(x14, MemOperand(first_prop, kPointerSize, PostIndex));
469 // Load the AllocationSite
470 __ Peek(x14, 2 * kXRegSize);
471 DCHECK_EQ(1 * kPointerSize, AllocationMemento::kAllocationSiteOffset);
472 __ Str(x14, MemOperand(first_prop, kPointerSize, PostIndex));
473 first_prop = NoReg;
474 } else {
475 // Fill all of the property fields with undef.
476 __ FillFields(first_prop, prop_fields, filler);
477 first_prop = NoReg;
478 prop_fields = NoReg;
479 }
480
481 // Add the object tag to make the JSObject real, so that we can continue
482 // and jump into the continuation code at any time from now on. Any
483 // failures need to undo the allocation, so that the heap is in a
484 // consistent state and verifiable.
485 __ Add(new_obj, new_obj, kHeapObjectTag);
486
487 // Check if a non-empty properties array is needed. Continue with
488 // allocated object if not, or fall through to runtime call if it is.
489 Register element_count = x3;
490 __ Ldrb(element_count,
491 FieldMemOperand(init_map, Map::kUnusedPropertyFieldsOffset));
492 // The field instance sizes contains both pre-allocated property fields
493 // and in-object properties.
494 __ Add(element_count, element_count, prealloc_fields);
495 __ Subs(element_count, element_count, inobject_props);
496
497 // Done if no extra properties are to be allocated.
498 __ B(eq, &allocated);
499 __ Assert(pl, kPropertyAllocationCountFailed);
500
501 // Scale the number of elements by pointer size and add the header for
502 // FixedArrays to the start of the next object calculation from above.
503 Register new_array = x5;
504 Register array_size = x6;
505 __ Add(array_size, element_count, FixedArray::kHeaderSize / kPointerSize);
506 __ Allocate(array_size, new_array, x11, x12, &undo_allocation,
507 static_cast<AllocationFlags>(RESULT_CONTAINS_TOP |
508 SIZE_IN_WORDS));
509
510 Register array_map = x10;
511 __ LoadRoot(array_map, Heap::kFixedArrayMapRootIndex);
512 __ Str(array_map, MemOperand(new_array, FixedArray::kMapOffset));
513 __ SmiTag(x0, element_count);
514 __ Str(x0, MemOperand(new_array, FixedArray::kLengthOffset));
515
516 // Initialize the fields to undefined.
517 Register elements = x10;
518 __ Add(elements, new_array, FixedArray::kHeaderSize);
519 __ FillFields(elements, element_count, filler);
520
521 // Store the initialized FixedArray into the properties field of the
522 // JSObject.
523 __ Add(new_array, new_array, kHeapObjectTag);
524 __ Str(new_array, FieldMemOperand(new_obj, JSObject::kPropertiesOffset));
525
526 // Continue with JSObject being successfully allocated.
527 __ B(&allocated);
528
529 // Undo the setting of the new top so that the heap is verifiable. For
530 // example, the map's unused properties potentially do not match the
531 // allocated objects unused properties.
532 __ Bind(&undo_allocation);
533 __ UndoAllocationInNewSpace(new_obj, x14);
534 }
535
536 // Allocate the new receiver object using the runtime call.
537 __ Bind(&rt_call);
538 Label count_incremented;
539 if (create_memento) {
540 // Get the cell or allocation site.
541 __ Peek(x4, 2 * kXRegSize);
542 __ Push(x4);
543 __ Push(constructor); // Argument for Runtime_NewObject.
544 __ CallRuntime(Runtime::kNewObjectWithAllocationSite, 2);
545 __ Mov(x4, x0);
546 // If we ended up using the runtime, and we want a memento, then the
547 // runtime call made it for us, and we shouldn't do create count
548 // increment.
549 __ jmp(&count_incremented);
550 } else {
551 __ Push(constructor); // Argument for Runtime_NewObject.
552 __ CallRuntime(Runtime::kNewObject, 1);
553 __ Mov(x4, x0);
554 }
555
556 // Receiver for constructor call allocated.
557 // x4: JSObject
558 __ Bind(&allocated);
559
560 if (create_memento) {
561 __ Peek(x10, 2 * kXRegSize);
562 __ JumpIfRoot(x10, Heap::kUndefinedValueRootIndex, &count_incremented);
563 // r2 is an AllocationSite. We are creating a memento from it, so we
564 // need to increment the memento create count.
565 __ Ldr(x5, FieldMemOperand(x10,
566 AllocationSite::kPretenureCreateCountOffset));
567 __ Add(x5, x5, Operand(Smi::FromInt(1)));
568 __ Str(x5, FieldMemOperand(x10,
569 AllocationSite::kPretenureCreateCountOffset));
570 __ bind(&count_incremented);
571 }
572
573 __ Push(x4, x4);
574
575 // Reload the number of arguments from the stack.
576 // Set it up in x0 for the function call below.
577 // jssp[0]: receiver
578 // jssp[1]: receiver
579 // jssp[2]: constructor function
580 // jssp[3]: number of arguments (smi-tagged)
581 __ Peek(constructor, 2 * kXRegSize); // Load constructor.
582 __ Peek(argc, 3 * kXRegSize); // Load number of arguments.
583 __ SmiUntag(argc);
584
585 // Set up pointer to last argument.
586 __ Add(x2, fp, StandardFrameConstants::kCallerSPOffset);
587
588 // Copy arguments and receiver to the expression stack.
589 // Copy 2 values every loop to use ldp/stp.
590 // x0: number of arguments
591 // x1: constructor function
592 // x2: address of last argument (caller sp)
593 // jssp[0]: receiver
594 // jssp[1]: receiver
595 // jssp[2]: constructor function
596 // jssp[3]: number of arguments (smi-tagged)
597 // Compute the start address of the copy in x3.
598 __ Add(x3, x2, Operand(argc, LSL, kPointerSizeLog2));
599 Label loop, entry, done_copying_arguments;
600 __ B(&entry);
601 __ Bind(&loop);
602 __ Ldp(x10, x11, MemOperand(x3, -2 * kPointerSize, PreIndex));
603 __ Push(x11, x10);
604 __ Bind(&entry);
605 __ Cmp(x3, x2);
606 __ B(gt, &loop);
607 // Because we copied values 2 by 2 we may have copied one extra value.
608 // Drop it if that is the case.
609 __ B(eq, &done_copying_arguments);
610 __ Drop(1);
611 __ Bind(&done_copying_arguments);
612
613 // Call the function.
614 // x0: number of arguments
615 // x1: constructor function
616 if (is_api_function) {
617 __ Ldr(cp, FieldMemOperand(constructor, JSFunction::kContextOffset));
618 Handle<Code> code =
619 masm->isolate()->builtins()->HandleApiCallConstruct();
620 __ Call(code, RelocInfo::CODE_TARGET);
621 } else {
622 ParameterCount actual(argc);
623 __ InvokeFunction(constructor, actual, CALL_FUNCTION, NullCallWrapper());
624 }
625
626 // Store offset of return address for deoptimizer.
627 if (!is_api_function) {
628 masm->isolate()->heap()->SetConstructStubDeoptPCOffset(masm->pc_offset());
629 }
630
631 // Restore the context from the frame.
632 // x0: result
633 // jssp[0]: receiver
634 // jssp[1]: constructor function
635 // jssp[2]: number of arguments (smi-tagged)
636 __ Ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));
637
638 // If the result is an object (in the ECMA sense), we should get rid
639 // of the receiver and use the result; see ECMA-262 section 13.2.2-7
640 // on page 74.
641 Label use_receiver, exit;
642
643 // If the result is a smi, it is *not* an object in the ECMA sense.
644 // x0: result
645 // jssp[0]: receiver (newly allocated object)
646 // jssp[1]: constructor function
647 // jssp[2]: number of arguments (smi-tagged)
648 __ JumpIfSmi(x0, &use_receiver);
649
650 // If the type of the result (stored in its map) is less than
651 // FIRST_SPEC_OBJECT_TYPE, it is not an object in the ECMA sense.
652 __ JumpIfObjectType(x0, x1, x3, FIRST_SPEC_OBJECT_TYPE, &exit, ge);
653
654 // Throw away the result of the constructor invocation and use the
655 // on-stack receiver as the result.
656 __ Bind(&use_receiver);
657 __ Peek(x0, 0);
658
659 // Remove the receiver from the stack, remove caller arguments, and
660 // return.
661 __ Bind(&exit);
662 // x0: result
663 // jssp[0]: receiver (newly allocated object)
664 // jssp[1]: constructor function
665 // jssp[2]: number of arguments (smi-tagged)
666 __ Peek(x1, 2 * kXRegSize);
667
668 // Leave construct frame.
669 }
670
671 __ DropBySMI(x1);
672 __ Drop(1);
673 __ IncrementCounter(isolate->counters()->constructed_objects(), 1, x1, x2);
674 __ Ret();
675 }
676
677
Generate_JSConstructStubGeneric(MacroAssembler * masm)678 void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
679 Generate_JSConstructStubHelper(masm, false, FLAG_pretenuring_call_new);
680 }
681
682
Generate_JSConstructStubApi(MacroAssembler * masm)683 void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {
684 Generate_JSConstructStubHelper(masm, true, false);
685 }
686
687
688 // Input:
689 // x0: code entry.
690 // x1: function.
691 // x2: receiver.
692 // x3: argc.
693 // x4: argv.
694 // Output:
695 // x0: result.
Generate_JSEntryTrampolineHelper(MacroAssembler * masm,bool is_construct)696 static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
697 bool is_construct) {
698 // Called from JSEntryStub::GenerateBody().
699 Register function = x1;
700 Register receiver = x2;
701 Register argc = x3;
702 Register argv = x4;
703
704 ProfileEntryHookStub::MaybeCallEntryHook(masm);
705
706 // Clear the context before we push it when entering the internal frame.
707 __ Mov(cp, 0);
708
709 {
710 // Enter an internal frame.
711 FrameScope scope(masm, StackFrame::INTERNAL);
712
713 // Set up the context from the function argument.
714 __ Ldr(cp, FieldMemOperand(function, JSFunction::kContextOffset));
715
716 __ InitializeRootRegister();
717
718 // Push the function and the receiver onto the stack.
719 __ Push(function, receiver);
720
721 // Copy arguments to the stack in a loop, in reverse order.
722 // x3: argc.
723 // x4: argv.
724 Label loop, entry;
725 // Compute the copy end address.
726 __ Add(x10, argv, Operand(argc, LSL, kPointerSizeLog2));
727
728 __ B(&entry);
729 __ Bind(&loop);
730 __ Ldr(x11, MemOperand(argv, kPointerSize, PostIndex));
731 __ Ldr(x12, MemOperand(x11)); // Dereference the handle.
732 __ Push(x12); // Push the argument.
733 __ Bind(&entry);
734 __ Cmp(x10, argv);
735 __ B(ne, &loop);
736
737 // Initialize all JavaScript callee-saved registers, since they will be seen
738 // by the garbage collector as part of handlers.
739 // The original values have been saved in JSEntryStub::GenerateBody().
740 __ LoadRoot(x19, Heap::kUndefinedValueRootIndex);
741 __ Mov(x20, x19);
742 __ Mov(x21, x19);
743 __ Mov(x22, x19);
744 __ Mov(x23, x19);
745 __ Mov(x24, x19);
746 __ Mov(x25, x19);
747 // Don't initialize the reserved registers.
748 // x26 : root register (root).
749 // x27 : context pointer (cp).
750 // x28 : JS stack pointer (jssp).
751 // x29 : frame pointer (fp).
752
753 __ Mov(x0, argc);
754 if (is_construct) {
755 // No type feedback cell is available.
756 __ LoadRoot(x2, Heap::kUndefinedValueRootIndex);
757
758 CallConstructStub stub(masm->isolate(), NO_CALL_CONSTRUCTOR_FLAGS);
759 __ CallStub(&stub);
760 } else {
761 ParameterCount actual(x0);
762 __ InvokeFunction(function, actual, CALL_FUNCTION, NullCallWrapper());
763 }
764 // Exit the JS internal frame and remove the parameters (except function),
765 // and return.
766 }
767
768 // Result is in x0. Return.
769 __ Ret();
770 }
771
772
Generate_JSEntryTrampoline(MacroAssembler * masm)773 void Builtins::Generate_JSEntryTrampoline(MacroAssembler* masm) {
774 Generate_JSEntryTrampolineHelper(masm, false);
775 }
776
777
Generate_JSConstructEntryTrampoline(MacroAssembler * masm)778 void Builtins::Generate_JSConstructEntryTrampoline(MacroAssembler* masm) {
779 Generate_JSEntryTrampolineHelper(masm, true);
780 }
781
782
Generate_CompileLazy(MacroAssembler * masm)783 void Builtins::Generate_CompileLazy(MacroAssembler* masm) {
784 CallRuntimePassFunction(masm, Runtime::kCompileLazy);
785 GenerateTailCallToReturnedCode(masm);
786 }
787
788
CallCompileOptimized(MacroAssembler * masm,bool concurrent)789 static void CallCompileOptimized(MacroAssembler* masm, bool concurrent) {
790 FrameScope scope(masm, StackFrame::INTERNAL);
791 Register function = x1;
792
793 // Preserve function. At the same time, push arguments for
794 // kCompileOptimized.
795 __ LoadObject(x10, masm->isolate()->factory()->ToBoolean(concurrent));
796 __ Push(function, function, x10);
797
798 __ CallRuntime(Runtime::kCompileOptimized, 2);
799
800 // Restore receiver.
801 __ Pop(function);
802 }
803
804
Generate_CompileOptimized(MacroAssembler * masm)805 void Builtins::Generate_CompileOptimized(MacroAssembler* masm) {
806 CallCompileOptimized(masm, false);
807 GenerateTailCallToReturnedCode(masm);
808 }
809
810
Generate_CompileOptimizedConcurrent(MacroAssembler * masm)811 void Builtins::Generate_CompileOptimizedConcurrent(MacroAssembler* masm) {
812 CallCompileOptimized(masm, true);
813 GenerateTailCallToReturnedCode(masm);
814 }
815
816
GenerateMakeCodeYoungAgainCommon(MacroAssembler * masm)817 static void GenerateMakeCodeYoungAgainCommon(MacroAssembler* masm) {
818 // For now, we are relying on the fact that make_code_young doesn't do any
819 // garbage collection which allows us to save/restore the registers without
820 // worrying about which of them contain pointers. We also don't build an
821 // internal frame to make the code fast, since we shouldn't have to do stack
822 // crawls in MakeCodeYoung. This seems a bit fragile.
823
824 // The following caller-saved registers must be saved and restored when
825 // calling through to the runtime:
826 // x0 - The address from which to resume execution.
827 // x1 - isolate
828 // lr - The return address for the JSFunction itself. It has not yet been
829 // preserved on the stack because the frame setup code was replaced
830 // with a call to this stub, to handle code ageing.
831 {
832 FrameScope scope(masm, StackFrame::MANUAL);
833 __ Push(x0, x1, fp, lr);
834 __ Mov(x1, ExternalReference::isolate_address(masm->isolate()));
835 __ CallCFunction(
836 ExternalReference::get_make_code_young_function(masm->isolate()), 2);
837 __ Pop(lr, fp, x1, x0);
838 }
839
840 // The calling function has been made young again, so return to execute the
841 // real frame set-up code.
842 __ Br(x0);
843 }
844
845 #define DEFINE_CODE_AGE_BUILTIN_GENERATOR(C) \
846 void Builtins::Generate_Make##C##CodeYoungAgainEvenMarking( \
847 MacroAssembler* masm) { \
848 GenerateMakeCodeYoungAgainCommon(masm); \
849 } \
850 void Builtins::Generate_Make##C##CodeYoungAgainOddMarking( \
851 MacroAssembler* masm) { \
852 GenerateMakeCodeYoungAgainCommon(masm); \
853 }
CODE_AGE_LIST(DEFINE_CODE_AGE_BUILTIN_GENERATOR)854 CODE_AGE_LIST(DEFINE_CODE_AGE_BUILTIN_GENERATOR)
855 #undef DEFINE_CODE_AGE_BUILTIN_GENERATOR
856
857
858 void Builtins::Generate_MarkCodeAsExecutedOnce(MacroAssembler* masm) {
859 // For now, as in GenerateMakeCodeYoungAgainCommon, we are relying on the fact
860 // that make_code_young doesn't do any garbage collection which allows us to
861 // save/restore the registers without worrying about which of them contain
862 // pointers.
863
864 // The following caller-saved registers must be saved and restored when
865 // calling through to the runtime:
866 // x0 - The address from which to resume execution.
867 // x1 - isolate
868 // lr - The return address for the JSFunction itself. It has not yet been
869 // preserved on the stack because the frame setup code was replaced
870 // with a call to this stub, to handle code ageing.
871 {
872 FrameScope scope(masm, StackFrame::MANUAL);
873 __ Push(x0, x1, fp, lr);
874 __ Mov(x1, ExternalReference::isolate_address(masm->isolate()));
875 __ CallCFunction(
876 ExternalReference::get_mark_code_as_executed_function(
877 masm->isolate()), 2);
878 __ Pop(lr, fp, x1, x0);
879
880 // Perform prologue operations usually performed by the young code stub.
881 __ EmitFrameSetupForCodeAgePatching(masm);
882 }
883
884 // Jump to point after the code-age stub.
885 __ Add(x0, x0, kNoCodeAgeSequenceLength);
886 __ Br(x0);
887 }
888
889
Generate_MarkCodeAsExecutedTwice(MacroAssembler * masm)890 void Builtins::Generate_MarkCodeAsExecutedTwice(MacroAssembler* masm) {
891 GenerateMakeCodeYoungAgainCommon(masm);
892 }
893
894
Generate_NotifyStubFailureHelper(MacroAssembler * masm,SaveFPRegsMode save_doubles)895 static void Generate_NotifyStubFailureHelper(MacroAssembler* masm,
896 SaveFPRegsMode save_doubles) {
897 {
898 FrameScope scope(masm, StackFrame::INTERNAL);
899
900 // Preserve registers across notification, this is important for compiled
901 // stubs that tail call the runtime on deopts passing their parameters in
902 // registers.
903 // TODO(jbramley): Is it correct (and appropriate) to use safepoint
904 // registers here? According to the comment above, we should only need to
905 // preserve the registers with parameters.
906 __ PushXRegList(kSafepointSavedRegisters);
907 // Pass the function and deoptimization type to the runtime system.
908 __ CallRuntime(Runtime::kNotifyStubFailure, 0, save_doubles);
909 __ PopXRegList(kSafepointSavedRegisters);
910 }
911
912 // Ignore state (pushed by Deoptimizer::EntryGenerator::Generate).
913 __ Drop(1);
914
915 // Jump to the miss handler. Deoptimizer::EntryGenerator::Generate loads this
916 // into lr before it jumps here.
917 __ Br(lr);
918 }
919
920
Generate_NotifyStubFailure(MacroAssembler * masm)921 void Builtins::Generate_NotifyStubFailure(MacroAssembler* masm) {
922 Generate_NotifyStubFailureHelper(masm, kDontSaveFPRegs);
923 }
924
925
Generate_NotifyStubFailureSaveDoubles(MacroAssembler * masm)926 void Builtins::Generate_NotifyStubFailureSaveDoubles(MacroAssembler* masm) {
927 Generate_NotifyStubFailureHelper(masm, kSaveFPRegs);
928 }
929
930
Generate_NotifyDeoptimizedHelper(MacroAssembler * masm,Deoptimizer::BailoutType type)931 static void Generate_NotifyDeoptimizedHelper(MacroAssembler* masm,
932 Deoptimizer::BailoutType type) {
933 {
934 FrameScope scope(masm, StackFrame::INTERNAL);
935 // Pass the deoptimization type to the runtime system.
936 __ Mov(x0, Smi::FromInt(static_cast<int>(type)));
937 __ Push(x0);
938 __ CallRuntime(Runtime::kNotifyDeoptimized, 1);
939 }
940
941 // Get the full codegen state from the stack and untag it.
942 Register state = x6;
943 __ Peek(state, 0);
944 __ SmiUntag(state);
945
946 // Switch on the state.
947 Label with_tos_register, unknown_state;
948 __ CompareAndBranch(
949 state, FullCodeGenerator::NO_REGISTERS, ne, &with_tos_register);
950 __ Drop(1); // Remove state.
951 __ Ret();
952
953 __ Bind(&with_tos_register);
954 // Reload TOS register.
955 __ Peek(x0, kPointerSize);
956 __ CompareAndBranch(state, FullCodeGenerator::TOS_REG, ne, &unknown_state);
957 __ Drop(2); // Remove state and TOS.
958 __ Ret();
959
960 __ Bind(&unknown_state);
961 __ Abort(kInvalidFullCodegenState);
962 }
963
964
Generate_NotifyDeoptimized(MacroAssembler * masm)965 void Builtins::Generate_NotifyDeoptimized(MacroAssembler* masm) {
966 Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::EAGER);
967 }
968
969
Generate_NotifyLazyDeoptimized(MacroAssembler * masm)970 void Builtins::Generate_NotifyLazyDeoptimized(MacroAssembler* masm) {
971 Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::LAZY);
972 }
973
974
Generate_NotifySoftDeoptimized(MacroAssembler * masm)975 void Builtins::Generate_NotifySoftDeoptimized(MacroAssembler* masm) {
976 Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::SOFT);
977 }
978
979
Generate_OnStackReplacement(MacroAssembler * masm)980 void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) {
981 // Lookup the function in the JavaScript frame.
982 __ Ldr(x0, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
983 {
984 FrameScope scope(masm, StackFrame::INTERNAL);
985 // Pass function as argument.
986 __ Push(x0);
987 __ CallRuntime(Runtime::kCompileForOnStackReplacement, 1);
988 }
989
990 // If the code object is null, just return to the unoptimized code.
991 Label skip;
992 __ CompareAndBranch(x0, Smi::FromInt(0), ne, &skip);
993 __ Ret();
994
995 __ Bind(&skip);
996
997 // Load deoptimization data from the code object.
998 // <deopt_data> = <code>[#deoptimization_data_offset]
999 __ Ldr(x1, MemOperand(x0, Code::kDeoptimizationDataOffset - kHeapObjectTag));
1000
1001 // Load the OSR entrypoint offset from the deoptimization data.
1002 // <osr_offset> = <deopt_data>[#header_size + #osr_pc_offset]
1003 __ Ldrsw(w1, UntagSmiFieldMemOperand(x1, FixedArray::OffsetOfElementAt(
1004 DeoptimizationInputData::kOsrPcOffsetIndex)));
1005
1006 // Compute the target address = code_obj + header_size + osr_offset
1007 // <entry_addr> = <code_obj> + #header_size + <osr_offset>
1008 __ Add(x0, x0, x1);
1009 __ Add(lr, x0, Code::kHeaderSize - kHeapObjectTag);
1010
1011 // And "return" to the OSR entry point of the function.
1012 __ Ret();
1013 }
1014
1015
Generate_OsrAfterStackCheck(MacroAssembler * masm)1016 void Builtins::Generate_OsrAfterStackCheck(MacroAssembler* masm) {
1017 // We check the stack limit as indicator that recompilation might be done.
1018 Label ok;
1019 __ CompareRoot(jssp, Heap::kStackLimitRootIndex);
1020 __ B(hs, &ok);
1021 {
1022 FrameScope scope(masm, StackFrame::INTERNAL);
1023 __ CallRuntime(Runtime::kStackGuard, 0);
1024 }
1025 __ Jump(masm->isolate()->builtins()->OnStackReplacement(),
1026 RelocInfo::CODE_TARGET);
1027
1028 __ Bind(&ok);
1029 __ Ret();
1030 }
1031
1032
Generate_FunctionCall(MacroAssembler * masm)1033 void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
1034 enum {
1035 call_type_JS_func = 0,
1036 call_type_func_proxy = 1,
1037 call_type_non_func = 2
1038 };
1039 Register argc = x0;
1040 Register function = x1;
1041 Register call_type = x4;
1042 Register scratch1 = x10;
1043 Register scratch2 = x11;
1044 Register receiver_type = x13;
1045
1046 ASM_LOCATION("Builtins::Generate_FunctionCall");
1047 // 1. Make sure we have at least one argument.
1048 { Label done;
1049 __ Cbnz(argc, &done);
1050 __ LoadRoot(scratch1, Heap::kUndefinedValueRootIndex);
1051 __ Push(scratch1);
1052 __ Mov(argc, 1);
1053 __ Bind(&done);
1054 }
1055
1056 // 2. Get the function to call (passed as receiver) from the stack, check
1057 // if it is a function.
1058 Label slow, non_function;
1059 __ Peek(function, Operand(argc, LSL, kXRegSizeLog2));
1060 __ JumpIfSmi(function, &non_function);
1061 __ JumpIfNotObjectType(function, scratch1, receiver_type,
1062 JS_FUNCTION_TYPE, &slow);
1063
1064 // 3a. Patch the first argument if necessary when calling a function.
1065 Label shift_arguments;
1066 __ Mov(call_type, static_cast<int>(call_type_JS_func));
1067 { Label convert_to_object, use_global_proxy, patch_receiver;
1068 // Change context eagerly in case we need the global receiver.
1069 __ Ldr(cp, FieldMemOperand(function, JSFunction::kContextOffset));
1070
1071 // Do not transform the receiver for strict mode functions.
1072 // Also do not transform the receiver for native (Compilerhints already in
1073 // x3).
1074 __ Ldr(scratch1,
1075 FieldMemOperand(function, JSFunction::kSharedFunctionInfoOffset));
1076 __ Ldr(scratch2.W(),
1077 FieldMemOperand(scratch1, SharedFunctionInfo::kCompilerHintsOffset));
1078 __ TestAndBranchIfAnySet(
1079 scratch2.W(),
1080 (1 << SharedFunctionInfo::kStrictModeFunction) |
1081 (1 << SharedFunctionInfo::kNative),
1082 &shift_arguments);
1083
1084 // Compute the receiver in sloppy mode.
1085 Register receiver = x2;
1086 __ Sub(scratch1, argc, 1);
1087 __ Peek(receiver, Operand(scratch1, LSL, kXRegSizeLog2));
1088 __ JumpIfSmi(receiver, &convert_to_object);
1089
1090 __ JumpIfRoot(receiver, Heap::kUndefinedValueRootIndex,
1091 &use_global_proxy);
1092 __ JumpIfRoot(receiver, Heap::kNullValueRootIndex, &use_global_proxy);
1093
1094 STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
1095 __ JumpIfObjectType(receiver, scratch1, scratch2,
1096 FIRST_SPEC_OBJECT_TYPE, &shift_arguments, ge);
1097
1098 __ Bind(&convert_to_object);
1099
1100 {
1101 // Enter an internal frame in order to preserve argument count.
1102 FrameScope scope(masm, StackFrame::INTERNAL);
1103 __ SmiTag(argc);
1104
1105 __ Push(argc, receiver);
1106 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
1107 __ Mov(receiver, x0);
1108
1109 __ Pop(argc);
1110 __ SmiUntag(argc);
1111
1112 // Exit the internal frame.
1113 }
1114
1115 // Restore the function and flag in the registers.
1116 __ Peek(function, Operand(argc, LSL, kXRegSizeLog2));
1117 __ Mov(call_type, static_cast<int>(call_type_JS_func));
1118 __ B(&patch_receiver);
1119
1120 __ Bind(&use_global_proxy);
1121 __ Ldr(receiver, GlobalObjectMemOperand());
1122 __ Ldr(receiver,
1123 FieldMemOperand(receiver, GlobalObject::kGlobalProxyOffset));
1124
1125
1126 __ Bind(&patch_receiver);
1127 __ Sub(scratch1, argc, 1);
1128 __ Poke(receiver, Operand(scratch1, LSL, kXRegSizeLog2));
1129
1130 __ B(&shift_arguments);
1131 }
1132
1133 // 3b. Check for function proxy.
1134 __ Bind(&slow);
1135 __ Mov(call_type, static_cast<int>(call_type_func_proxy));
1136 __ Cmp(receiver_type, JS_FUNCTION_PROXY_TYPE);
1137 __ B(eq, &shift_arguments);
1138 __ Bind(&non_function);
1139 __ Mov(call_type, static_cast<int>(call_type_non_func));
1140
1141 // 3c. Patch the first argument when calling a non-function. The
1142 // CALL_NON_FUNCTION builtin expects the non-function callee as
1143 // receiver, so overwrite the first argument which will ultimately
1144 // become the receiver.
1145 // call type (0: JS function, 1: function proxy, 2: non-function)
1146 __ Sub(scratch1, argc, 1);
1147 __ Poke(function, Operand(scratch1, LSL, kXRegSizeLog2));
1148
1149 // 4. Shift arguments and return address one slot down on the stack
1150 // (overwriting the original receiver). Adjust argument count to make
1151 // the original first argument the new receiver.
1152 // call type (0: JS function, 1: function proxy, 2: non-function)
1153 __ Bind(&shift_arguments);
1154 { Label loop;
1155 // Calculate the copy start address (destination). Copy end address is jssp.
1156 __ Add(scratch2, jssp, Operand(argc, LSL, kPointerSizeLog2));
1157 __ Sub(scratch1, scratch2, kPointerSize);
1158
1159 __ Bind(&loop);
1160 __ Ldr(x12, MemOperand(scratch1, -kPointerSize, PostIndex));
1161 __ Str(x12, MemOperand(scratch2, -kPointerSize, PostIndex));
1162 __ Cmp(scratch1, jssp);
1163 __ B(ge, &loop);
1164 // Adjust the actual number of arguments and remove the top element
1165 // (which is a copy of the last argument).
1166 __ Sub(argc, argc, 1);
1167 __ Drop(1);
1168 }
1169
1170 // 5a. Call non-function via tail call to CALL_NON_FUNCTION builtin,
1171 // or a function proxy via CALL_FUNCTION_PROXY.
1172 // call type (0: JS function, 1: function proxy, 2: non-function)
1173 { Label js_function, non_proxy;
1174 __ Cbz(call_type, &js_function);
1175 // Expected number of arguments is 0 for CALL_NON_FUNCTION.
1176 __ Mov(x2, 0);
1177 __ Cmp(call_type, static_cast<int>(call_type_func_proxy));
1178 __ B(ne, &non_proxy);
1179
1180 __ Push(function); // Re-add proxy object as additional argument.
1181 __ Add(argc, argc, 1);
1182 __ GetBuiltinFunction(function, Builtins::CALL_FUNCTION_PROXY);
1183 __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
1184 RelocInfo::CODE_TARGET);
1185
1186 __ Bind(&non_proxy);
1187 __ GetBuiltinFunction(function, Builtins::CALL_NON_FUNCTION);
1188 __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
1189 RelocInfo::CODE_TARGET);
1190 __ Bind(&js_function);
1191 }
1192
1193 // 5b. Get the code to call from the function and check that the number of
1194 // expected arguments matches what we're providing. If so, jump
1195 // (tail-call) to the code in register edx without checking arguments.
1196 __ Ldr(x3, FieldMemOperand(function, JSFunction::kSharedFunctionInfoOffset));
1197 __ Ldrsw(x2,
1198 FieldMemOperand(x3,
1199 SharedFunctionInfo::kFormalParameterCountOffset));
1200 Label dont_adapt_args;
1201 __ Cmp(x2, argc); // Check formal and actual parameter counts.
1202 __ B(eq, &dont_adapt_args);
1203 __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
1204 RelocInfo::CODE_TARGET);
1205 __ Bind(&dont_adapt_args);
1206
1207 __ Ldr(x3, FieldMemOperand(function, JSFunction::kCodeEntryOffset));
1208 ParameterCount expected(0);
1209 __ InvokeCode(x3, expected, expected, JUMP_FUNCTION, NullCallWrapper());
1210 }
1211
1212
Generate_FunctionApply(MacroAssembler * masm)1213 void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
1214 ASM_LOCATION("Builtins::Generate_FunctionApply");
1215 const int kIndexOffset =
1216 StandardFrameConstants::kExpressionsOffset - (2 * kPointerSize);
1217 const int kLimitOffset =
1218 StandardFrameConstants::kExpressionsOffset - (1 * kPointerSize);
1219 const int kArgsOffset = 2 * kPointerSize;
1220 const int kReceiverOffset = 3 * kPointerSize;
1221 const int kFunctionOffset = 4 * kPointerSize;
1222
1223 {
1224 FrameScope frame_scope(masm, StackFrame::INTERNAL);
1225
1226 Register args = x12;
1227 Register receiver = x14;
1228 Register function = x15;
1229
1230 // Get the length of the arguments via a builtin call.
1231 __ Ldr(function, MemOperand(fp, kFunctionOffset));
1232 __ Ldr(args, MemOperand(fp, kArgsOffset));
1233 __ Push(function, args);
1234 __ InvokeBuiltin(Builtins::APPLY_PREPARE, CALL_FUNCTION);
1235 Register argc = x0;
1236
1237 // Check the stack for overflow.
1238 // We are not trying to catch interruptions (e.g. debug break and
1239 // preemption) here, so the "real stack limit" is checked.
1240 Label enough_stack_space;
1241 __ LoadRoot(x10, Heap::kRealStackLimitRootIndex);
1242 __ Ldr(function, MemOperand(fp, kFunctionOffset));
1243 // Make x10 the space we have left. The stack might already be overflowed
1244 // here which will cause x10 to become negative.
1245 // TODO(jbramley): Check that the stack usage here is safe.
1246 __ Sub(x10, jssp, x10);
1247 // Check if the arguments will overflow the stack.
1248 __ Cmp(x10, Operand::UntagSmiAndScale(argc, kPointerSizeLog2));
1249 __ B(gt, &enough_stack_space);
1250 // There is not enough stack space, so use a builtin to throw an appropriate
1251 // error.
1252 __ Push(function, argc);
1253 __ InvokeBuiltin(Builtins::STACK_OVERFLOW, CALL_FUNCTION);
1254 // We should never return from the APPLY_OVERFLOW builtin.
1255 if (__ emit_debug_code()) {
1256 __ Unreachable();
1257 }
1258
1259 __ Bind(&enough_stack_space);
1260 // Push current limit and index.
1261 __ Mov(x1, 0); // Initial index.
1262 __ Push(argc, x1);
1263
1264 Label push_receiver;
1265 __ Ldr(receiver, MemOperand(fp, kReceiverOffset));
1266
1267 // Check that the function is a JS function. Otherwise it must be a proxy.
1268 // When it is not the function proxy will be invoked later.
1269 __ JumpIfNotObjectType(function, x10, x11, JS_FUNCTION_TYPE,
1270 &push_receiver);
1271
1272 // Change context eagerly to get the right global object if necessary.
1273 __ Ldr(cp, FieldMemOperand(function, JSFunction::kContextOffset));
1274 // Load the shared function info.
1275 __ Ldr(x2, FieldMemOperand(function,
1276 JSFunction::kSharedFunctionInfoOffset));
1277
1278 // Compute and push the receiver.
1279 // Do not transform the receiver for strict mode functions.
1280 Label convert_receiver_to_object, use_global_proxy;
1281 __ Ldr(w10, FieldMemOperand(x2, SharedFunctionInfo::kCompilerHintsOffset));
1282 __ Tbnz(x10, SharedFunctionInfo::kStrictModeFunction, &push_receiver);
1283 // Do not transform the receiver for native functions.
1284 __ Tbnz(x10, SharedFunctionInfo::kNative, &push_receiver);
1285
1286 // Compute the receiver in sloppy mode.
1287 __ JumpIfSmi(receiver, &convert_receiver_to_object);
1288 __ JumpIfRoot(receiver, Heap::kNullValueRootIndex, &use_global_proxy);
1289 __ JumpIfRoot(receiver, Heap::kUndefinedValueRootIndex,
1290 &use_global_proxy);
1291
1292 // Check if the receiver is already a JavaScript object.
1293 STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
1294 __ JumpIfObjectType(receiver, x10, x11, FIRST_SPEC_OBJECT_TYPE,
1295 &push_receiver, ge);
1296
1297 // Call a builtin to convert the receiver to a regular object.
1298 __ Bind(&convert_receiver_to_object);
1299 __ Push(receiver);
1300 __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
1301 __ Mov(receiver, x0);
1302 __ B(&push_receiver);
1303
1304 __ Bind(&use_global_proxy);
1305 __ Ldr(x10, GlobalObjectMemOperand());
1306 __ Ldr(receiver, FieldMemOperand(x10, GlobalObject::kGlobalProxyOffset));
1307
1308 // Push the receiver
1309 __ Bind(&push_receiver);
1310 __ Push(receiver);
1311
1312 // Copy all arguments from the array to the stack.
1313 Label entry, loop;
1314 Register current = x0;
1315 __ Ldr(current, MemOperand(fp, kIndexOffset));
1316 __ B(&entry);
1317
1318 __ Bind(&loop);
1319 // Load the current argument from the arguments array and push it.
1320 // TODO(all): Couldn't we optimize this for JS arrays?
1321
1322 __ Ldr(x1, MemOperand(fp, kArgsOffset));
1323 __ Push(x1, current);
1324
1325 // Call the runtime to access the property in the arguments array.
1326 __ CallRuntime(Runtime::kGetProperty, 2);
1327 __ Push(x0);
1328
1329 // Use inline caching to access the arguments.
1330 __ Ldr(current, MemOperand(fp, kIndexOffset));
1331 __ Add(current, current, Smi::FromInt(1));
1332 __ Str(current, MemOperand(fp, kIndexOffset));
1333
1334 // Test if the copy loop has finished copying all the elements from the
1335 // arguments object.
1336 __ Bind(&entry);
1337 __ Ldr(x1, MemOperand(fp, kLimitOffset));
1338 __ Cmp(current, x1);
1339 __ B(ne, &loop);
1340
1341 // At the end of the loop, the number of arguments is stored in 'current',
1342 // represented as a smi.
1343
1344 function = x1; // From now on we want the function to be kept in x1;
1345 __ Ldr(function, MemOperand(fp, kFunctionOffset));
1346
1347 // Call the function.
1348 Label call_proxy;
1349 ParameterCount actual(current);
1350 __ SmiUntag(current);
1351 __ JumpIfNotObjectType(function, x10, x11, JS_FUNCTION_TYPE, &call_proxy);
1352 __ InvokeFunction(function, actual, CALL_FUNCTION, NullCallWrapper());
1353 frame_scope.GenerateLeaveFrame();
1354 __ Drop(3);
1355 __ Ret();
1356
1357 // Call the function proxy.
1358 __ Bind(&call_proxy);
1359 // x0 : argc
1360 // x1 : function
1361 __ Push(function); // Add function proxy as last argument.
1362 __ Add(x0, x0, 1);
1363 __ Mov(x2, 0);
1364 __ GetBuiltinFunction(x1, Builtins::CALL_FUNCTION_PROXY);
1365 __ Call(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
1366 RelocInfo::CODE_TARGET);
1367 }
1368 __ Drop(3);
1369 __ Ret();
1370 }
1371
1372
ArgumentAdaptorStackCheck(MacroAssembler * masm,Label * stack_overflow)1373 static void ArgumentAdaptorStackCheck(MacroAssembler* masm,
1374 Label* stack_overflow) {
1375 // ----------- S t a t e -------------
1376 // -- x0 : actual number of arguments
1377 // -- x1 : function (passed through to callee)
1378 // -- x2 : expected number of arguments
1379 // -----------------------------------
1380 // Check the stack for overflow.
1381 // We are not trying to catch interruptions (e.g. debug break and
1382 // preemption) here, so the "real stack limit" is checked.
1383 Label enough_stack_space;
1384 __ LoadRoot(x10, Heap::kRealStackLimitRootIndex);
1385 // Make x10 the space we have left. The stack might already be overflowed
1386 // here which will cause x10 to become negative.
1387 __ Sub(x10, jssp, x10);
1388 // Check if the arguments will overflow the stack.
1389 __ Cmp(x10, Operand(x2, LSL, kPointerSizeLog2));
1390 __ B(le, stack_overflow);
1391 }
1392
1393
EnterArgumentsAdaptorFrame(MacroAssembler * masm)1394 static void EnterArgumentsAdaptorFrame(MacroAssembler* masm) {
1395 __ SmiTag(x10, x0);
1396 __ Mov(x11, Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
1397 __ Push(lr, fp);
1398 __ Push(x11, x1, x10);
1399 __ Add(fp, jssp,
1400 StandardFrameConstants::kFixedFrameSizeFromFp + kPointerSize);
1401 }
1402
1403
LeaveArgumentsAdaptorFrame(MacroAssembler * masm)1404 static void LeaveArgumentsAdaptorFrame(MacroAssembler* masm) {
1405 // ----------- S t a t e -------------
1406 // -- x0 : result being passed through
1407 // -----------------------------------
1408 // Get the number of arguments passed (as a smi), tear down the frame and
1409 // then drop the parameters and the receiver.
1410 __ Ldr(x10, MemOperand(fp, -(StandardFrameConstants::kFixedFrameSizeFromFp +
1411 kPointerSize)));
1412 __ Mov(jssp, fp);
1413 __ Pop(fp, lr);
1414 __ DropBySMI(x10, kXRegSize);
1415 __ Drop(1);
1416 }
1417
1418
Generate_ArgumentsAdaptorTrampoline(MacroAssembler * masm)1419 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
1420 ASM_LOCATION("Builtins::Generate_ArgumentsAdaptorTrampoline");
1421 // ----------- S t a t e -------------
1422 // -- x0 : actual number of arguments
1423 // -- x1 : function (passed through to callee)
1424 // -- x2 : expected number of arguments
1425 // -----------------------------------
1426
1427 Label stack_overflow;
1428 ArgumentAdaptorStackCheck(masm, &stack_overflow);
1429
1430 Register argc_actual = x0; // Excluding the receiver.
1431 Register argc_expected = x2; // Excluding the receiver.
1432 Register function = x1;
1433 Register code_entry = x3;
1434
1435 Label invoke, dont_adapt_arguments;
1436
1437 Label enough, too_few;
1438 __ Ldr(code_entry, FieldMemOperand(function, JSFunction::kCodeEntryOffset));
1439 __ Cmp(argc_actual, argc_expected);
1440 __ B(lt, &too_few);
1441 __ Cmp(argc_expected, SharedFunctionInfo::kDontAdaptArgumentsSentinel);
1442 __ B(eq, &dont_adapt_arguments);
1443
1444 { // Enough parameters: actual >= expected
1445 EnterArgumentsAdaptorFrame(masm);
1446
1447 Register copy_start = x10;
1448 Register copy_end = x11;
1449 Register copy_to = x12;
1450 Register scratch1 = x13, scratch2 = x14;
1451
1452 __ Lsl(argc_expected, argc_expected, kPointerSizeLog2);
1453
1454 // Adjust for fp, lr, and the receiver.
1455 __ Add(copy_start, fp, 3 * kPointerSize);
1456 __ Add(copy_start, copy_start, Operand(argc_actual, LSL, kPointerSizeLog2));
1457 __ Sub(copy_end, copy_start, argc_expected);
1458 __ Sub(copy_end, copy_end, kPointerSize);
1459 __ Mov(copy_to, jssp);
1460
1461 // Claim space for the arguments, the receiver, and one extra slot.
1462 // The extra slot ensures we do not write under jssp. It will be popped
1463 // later.
1464 __ Add(scratch1, argc_expected, 2 * kPointerSize);
1465 __ Claim(scratch1, 1);
1466
1467 // Copy the arguments (including the receiver) to the new stack frame.
1468 Label copy_2_by_2;
1469 __ Bind(©_2_by_2);
1470 __ Ldp(scratch1, scratch2,
1471 MemOperand(copy_start, - 2 * kPointerSize, PreIndex));
1472 __ Stp(scratch1, scratch2,
1473 MemOperand(copy_to, - 2 * kPointerSize, PreIndex));
1474 __ Cmp(copy_start, copy_end);
1475 __ B(hi, ©_2_by_2);
1476
1477 // Correct the space allocated for the extra slot.
1478 __ Drop(1);
1479
1480 __ B(&invoke);
1481 }
1482
1483 { // Too few parameters: Actual < expected
1484 __ Bind(&too_few);
1485 EnterArgumentsAdaptorFrame(masm);
1486
1487 Register copy_from = x10;
1488 Register copy_end = x11;
1489 Register copy_to = x12;
1490 Register scratch1 = x13, scratch2 = x14;
1491
1492 __ Lsl(argc_expected, argc_expected, kPointerSizeLog2);
1493 __ Lsl(argc_actual, argc_actual, kPointerSizeLog2);
1494
1495 // Adjust for fp, lr, and the receiver.
1496 __ Add(copy_from, fp, 3 * kPointerSize);
1497 __ Add(copy_from, copy_from, argc_actual);
1498 __ Mov(copy_to, jssp);
1499 __ Sub(copy_end, copy_to, 1 * kPointerSize); // Adjust for the receiver.
1500 __ Sub(copy_end, copy_end, argc_actual);
1501
1502 // Claim space for the arguments, the receiver, and one extra slot.
1503 // The extra slot ensures we do not write under jssp. It will be popped
1504 // later.
1505 __ Add(scratch1, argc_expected, 2 * kPointerSize);
1506 __ Claim(scratch1, 1);
1507
1508 // Copy the arguments (including the receiver) to the new stack frame.
1509 Label copy_2_by_2;
1510 __ Bind(©_2_by_2);
1511 __ Ldp(scratch1, scratch2,
1512 MemOperand(copy_from, - 2 * kPointerSize, PreIndex));
1513 __ Stp(scratch1, scratch2,
1514 MemOperand(copy_to, - 2 * kPointerSize, PreIndex));
1515 __ Cmp(copy_to, copy_end);
1516 __ B(hi, ©_2_by_2);
1517
1518 __ Mov(copy_to, copy_end);
1519
1520 // Fill the remaining expected arguments with undefined.
1521 __ LoadRoot(scratch1, Heap::kUndefinedValueRootIndex);
1522 __ Add(copy_end, jssp, kPointerSize);
1523
1524 Label fill;
1525 __ Bind(&fill);
1526 __ Stp(scratch1, scratch1,
1527 MemOperand(copy_to, - 2 * kPointerSize, PreIndex));
1528 __ Cmp(copy_to, copy_end);
1529 __ B(hi, &fill);
1530
1531 // Correct the space allocated for the extra slot.
1532 __ Drop(1);
1533 }
1534
1535 // Arguments have been adapted. Now call the entry point.
1536 __ Bind(&invoke);
1537 __ Call(code_entry);
1538
1539 // Store offset of return address for deoptimizer.
1540 masm->isolate()->heap()->SetArgumentsAdaptorDeoptPCOffset(masm->pc_offset());
1541
1542 // Exit frame and return.
1543 LeaveArgumentsAdaptorFrame(masm);
1544 __ Ret();
1545
1546 // Call the entry point without adapting the arguments.
1547 __ Bind(&dont_adapt_arguments);
1548 __ Jump(code_entry);
1549
1550 __ Bind(&stack_overflow);
1551 {
1552 FrameScope frame(masm, StackFrame::MANUAL);
1553 EnterArgumentsAdaptorFrame(masm);
1554 __ InvokeBuiltin(Builtins::STACK_OVERFLOW, CALL_FUNCTION);
1555 __ Unreachable();
1556 }
1557 }
1558
1559
1560 #undef __
1561
1562 } } // namespace v8::internal
1563
1564 #endif // V8_TARGET_ARCH_ARM
1565