1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "src/v8.h"
6 
7 #if V8_TARGET_ARCH_IA32
8 
9 #include "src/base/bits.h"
10 #include "src/bootstrapper.h"
11 #include "src/code-stubs.h"
12 #include "src/codegen.h"
13 #include "src/ic/handler-compiler.h"
14 #include "src/ic/ic.h"
15 #include "src/isolate.h"
16 #include "src/jsregexp.h"
17 #include "src/regexp-macro-assembler.h"
18 #include "src/runtime.h"
19 
20 namespace v8 {
21 namespace internal {
22 
23 
InitializeArrayConstructorDescriptor(Isolate * isolate,CodeStubDescriptor * descriptor,int constant_stack_parameter_count)24 static void InitializeArrayConstructorDescriptor(
25     Isolate* isolate, CodeStubDescriptor* descriptor,
26     int constant_stack_parameter_count) {
27   // register state
28   // eax -- number of arguments
29   // edi -- function
30   // ebx -- allocation site with elements kind
31   Address deopt_handler = Runtime::FunctionForId(
32       Runtime::kArrayConstructor)->entry;
33 
34   if (constant_stack_parameter_count == 0) {
35     descriptor->Initialize(deopt_handler, constant_stack_parameter_count,
36                            JS_FUNCTION_STUB_MODE);
37   } else {
38     descriptor->Initialize(eax, deopt_handler, constant_stack_parameter_count,
39                            JS_FUNCTION_STUB_MODE, PASS_ARGUMENTS);
40   }
41 }
42 
43 
InitializeInternalArrayConstructorDescriptor(Isolate * isolate,CodeStubDescriptor * descriptor,int constant_stack_parameter_count)44 static void InitializeInternalArrayConstructorDescriptor(
45     Isolate* isolate, CodeStubDescriptor* descriptor,
46     int constant_stack_parameter_count) {
47   // register state
48   // eax -- number of arguments
49   // edi -- constructor function
50   Address deopt_handler = Runtime::FunctionForId(
51       Runtime::kInternalArrayConstructor)->entry;
52 
53   if (constant_stack_parameter_count == 0) {
54     descriptor->Initialize(deopt_handler, constant_stack_parameter_count,
55                            JS_FUNCTION_STUB_MODE);
56   } else {
57     descriptor->Initialize(eax, deopt_handler, constant_stack_parameter_count,
58                            JS_FUNCTION_STUB_MODE, PASS_ARGUMENTS);
59   }
60 }
61 
62 
InitializeDescriptor(CodeStubDescriptor * descriptor)63 void ArrayNoArgumentConstructorStub::InitializeDescriptor(
64     CodeStubDescriptor* descriptor) {
65   InitializeArrayConstructorDescriptor(isolate(), descriptor, 0);
66 }
67 
68 
InitializeDescriptor(CodeStubDescriptor * descriptor)69 void ArraySingleArgumentConstructorStub::InitializeDescriptor(
70     CodeStubDescriptor* descriptor) {
71   InitializeArrayConstructorDescriptor(isolate(), descriptor, 1);
72 }
73 
74 
InitializeDescriptor(CodeStubDescriptor * descriptor)75 void ArrayNArgumentsConstructorStub::InitializeDescriptor(
76     CodeStubDescriptor* descriptor) {
77   InitializeArrayConstructorDescriptor(isolate(), descriptor, -1);
78 }
79 
80 
InitializeDescriptor(CodeStubDescriptor * descriptor)81 void InternalArrayNoArgumentConstructorStub::InitializeDescriptor(
82     CodeStubDescriptor* descriptor) {
83   InitializeInternalArrayConstructorDescriptor(isolate(), descriptor, 0);
84 }
85 
86 
InitializeDescriptor(CodeStubDescriptor * descriptor)87 void InternalArraySingleArgumentConstructorStub::InitializeDescriptor(
88     CodeStubDescriptor* descriptor) {
89   InitializeInternalArrayConstructorDescriptor(isolate(), descriptor, 1);
90 }
91 
92 
InitializeDescriptor(CodeStubDescriptor * descriptor)93 void InternalArrayNArgumentsConstructorStub::InitializeDescriptor(
94     CodeStubDescriptor* descriptor) {
95   InitializeInternalArrayConstructorDescriptor(isolate(), descriptor, -1);
96 }
97 
98 
99 #define __ ACCESS_MASM(masm)
100 
101 
GenerateLightweightMiss(MacroAssembler * masm,ExternalReference miss)102 void HydrogenCodeStub::GenerateLightweightMiss(MacroAssembler* masm,
103                                                ExternalReference miss) {
104   // Update the static counter each time a new code stub is generated.
105   isolate()->counters()->code_stubs()->Increment();
106 
107   CallInterfaceDescriptor descriptor = GetCallInterfaceDescriptor();
108   int param_count = descriptor.GetEnvironmentParameterCount();
109   {
110     // Call the runtime system in a fresh internal frame.
111     FrameScope scope(masm, StackFrame::INTERNAL);
112     DCHECK(param_count == 0 ||
113            eax.is(descriptor.GetEnvironmentParameterRegister(param_count - 1)));
114     // Push arguments
115     for (int i = 0; i < param_count; ++i) {
116       __ push(descriptor.GetEnvironmentParameterRegister(i));
117     }
118     __ CallExternalReference(miss, param_count);
119   }
120 
121   __ ret(0);
122 }
123 
124 
Generate(MacroAssembler * masm)125 void StoreBufferOverflowStub::Generate(MacroAssembler* masm) {
126   // We don't allow a GC during a store buffer overflow so there is no need to
127   // store the registers in any particular way, but we do have to store and
128   // restore them.
129   __ pushad();
130   if (save_doubles()) {
131     __ sub(esp, Immediate(kDoubleSize * XMMRegister::kMaxNumRegisters));
132     for (int i = 0; i < XMMRegister::kMaxNumRegisters; i++) {
133       XMMRegister reg = XMMRegister::from_code(i);
134       __ movsd(Operand(esp, i * kDoubleSize), reg);
135     }
136   }
137   const int argument_count = 1;
138 
139   AllowExternalCallThatCantCauseGC scope(masm);
140   __ PrepareCallCFunction(argument_count, ecx);
141   __ mov(Operand(esp, 0 * kPointerSize),
142          Immediate(ExternalReference::isolate_address(isolate())));
143   __ CallCFunction(
144       ExternalReference::store_buffer_overflow_function(isolate()),
145       argument_count);
146   if (save_doubles()) {
147     for (int i = 0; i < XMMRegister::kMaxNumRegisters; i++) {
148       XMMRegister reg = XMMRegister::from_code(i);
149       __ movsd(reg, Operand(esp, i * kDoubleSize));
150     }
151     __ add(esp, Immediate(kDoubleSize * XMMRegister::kMaxNumRegisters));
152   }
153   __ popad();
154   __ ret(0);
155 }
156 
157 
158 class FloatingPointHelper : public AllStatic {
159  public:
160   enum ArgLocation {
161     ARGS_ON_STACK,
162     ARGS_IN_REGISTERS
163   };
164 
165   // Code pattern for loading a floating point value. Input value must
166   // be either a smi or a heap number object (fp value). Requirements:
167   // operand in register number. Returns operand as floating point number
168   // on FPU stack.
169   static void LoadFloatOperand(MacroAssembler* masm, Register number);
170 
171   // Test if operands are smi or number objects (fp). Requirements:
172   // operand_1 in eax, operand_2 in edx; falls through on float
173   // operands, jumps to the non_float label otherwise.
174   static void CheckFloatOperands(MacroAssembler* masm,
175                                  Label* non_float,
176                                  Register scratch);
177 
178   // Test if operands are numbers (smi or HeapNumber objects), and load
179   // them into xmm0 and xmm1 if they are.  Jump to label not_numbers if
180   // either operand is not a number.  Operands are in edx and eax.
181   // Leaves operands unchanged.
182   static void LoadSSE2Operands(MacroAssembler* masm, Label* not_numbers);
183 };
184 
185 
Generate(MacroAssembler * masm)186 void DoubleToIStub::Generate(MacroAssembler* masm) {
187   Register input_reg = this->source();
188   Register final_result_reg = this->destination();
189   DCHECK(is_truncating());
190 
191   Label check_negative, process_64_bits, done, done_no_stash;
192 
193   int double_offset = offset();
194 
195   // Account for return address and saved regs if input is esp.
196   if (input_reg.is(esp)) double_offset += 3 * kPointerSize;
197 
198   MemOperand mantissa_operand(MemOperand(input_reg, double_offset));
199   MemOperand exponent_operand(MemOperand(input_reg,
200                                          double_offset + kDoubleSize / 2));
201 
202   Register scratch1;
203   {
204     Register scratch_candidates[3] = { ebx, edx, edi };
205     for (int i = 0; i < 3; i++) {
206       scratch1 = scratch_candidates[i];
207       if (!final_result_reg.is(scratch1) && !input_reg.is(scratch1)) break;
208     }
209   }
210   // Since we must use ecx for shifts below, use some other register (eax)
211   // to calculate the result if ecx is the requested return register.
212   Register result_reg = final_result_reg.is(ecx) ? eax : final_result_reg;
213   // Save ecx if it isn't the return register and therefore volatile, or if it
214   // is the return register, then save the temp register we use in its stead for
215   // the result.
216   Register save_reg = final_result_reg.is(ecx) ? eax : ecx;
217   __ push(scratch1);
218   __ push(save_reg);
219 
220   bool stash_exponent_copy = !input_reg.is(esp);
221   __ mov(scratch1, mantissa_operand);
222   if (CpuFeatures::IsSupported(SSE3)) {
223     CpuFeatureScope scope(masm, SSE3);
224     // Load x87 register with heap number.
225     __ fld_d(mantissa_operand);
226   }
227   __ mov(ecx, exponent_operand);
228   if (stash_exponent_copy) __ push(ecx);
229 
230   __ and_(ecx, HeapNumber::kExponentMask);
231   __ shr(ecx, HeapNumber::kExponentShift);
232   __ lea(result_reg, MemOperand(ecx, -HeapNumber::kExponentBias));
233   __ cmp(result_reg, Immediate(HeapNumber::kMantissaBits));
234   __ j(below, &process_64_bits);
235 
236   // Result is entirely in lower 32-bits of mantissa
237   int delta = HeapNumber::kExponentBias + Double::kPhysicalSignificandSize;
238   if (CpuFeatures::IsSupported(SSE3)) {
239     __ fstp(0);
240   }
241   __ sub(ecx, Immediate(delta));
242   __ xor_(result_reg, result_reg);
243   __ cmp(ecx, Immediate(31));
244   __ j(above, &done);
245   __ shl_cl(scratch1);
246   __ jmp(&check_negative);
247 
248   __ bind(&process_64_bits);
249   if (CpuFeatures::IsSupported(SSE3)) {
250     CpuFeatureScope scope(masm, SSE3);
251     if (stash_exponent_copy) {
252       // Already a copy of the exponent on the stack, overwrite it.
253       STATIC_ASSERT(kDoubleSize == 2 * kPointerSize);
254       __ sub(esp, Immediate(kDoubleSize / 2));
255     } else {
256       // Reserve space for 64 bit answer.
257       __ sub(esp, Immediate(kDoubleSize));  // Nolint.
258     }
259     // Do conversion, which cannot fail because we checked the exponent.
260     __ fisttp_d(Operand(esp, 0));
261     __ mov(result_reg, Operand(esp, 0));  // Load low word of answer as result
262     __ add(esp, Immediate(kDoubleSize));
263     __ jmp(&done_no_stash);
264   } else {
265     // Result must be extracted from shifted 32-bit mantissa
266     __ sub(ecx, Immediate(delta));
267     __ neg(ecx);
268     if (stash_exponent_copy) {
269       __ mov(result_reg, MemOperand(esp, 0));
270     } else {
271       __ mov(result_reg, exponent_operand);
272     }
273     __ and_(result_reg,
274             Immediate(static_cast<uint32_t>(Double::kSignificandMask >> 32)));
275     __ add(result_reg,
276            Immediate(static_cast<uint32_t>(Double::kHiddenBit >> 32)));
277     __ shrd(result_reg, scratch1);
278     __ shr_cl(result_reg);
279     __ test(ecx, Immediate(32));
280     __ cmov(not_equal, scratch1, result_reg);
281   }
282 
283   // If the double was negative, negate the integer result.
284   __ bind(&check_negative);
285   __ mov(result_reg, scratch1);
286   __ neg(result_reg);
287   if (stash_exponent_copy) {
288     __ cmp(MemOperand(esp, 0), Immediate(0));
289   } else {
290     __ cmp(exponent_operand, Immediate(0));
291   }
292     __ cmov(greater, result_reg, scratch1);
293 
294   // Restore registers
295   __ bind(&done);
296   if (stash_exponent_copy) {
297     __ add(esp, Immediate(kDoubleSize / 2));
298   }
299   __ bind(&done_no_stash);
300   if (!final_result_reg.is(result_reg)) {
301     DCHECK(final_result_reg.is(ecx));
302     __ mov(final_result_reg, result_reg);
303   }
304   __ pop(save_reg);
305   __ pop(scratch1);
306   __ ret(0);
307 }
308 
309 
LoadFloatOperand(MacroAssembler * masm,Register number)310 void FloatingPointHelper::LoadFloatOperand(MacroAssembler* masm,
311                                            Register number) {
312   Label load_smi, done;
313 
314   __ JumpIfSmi(number, &load_smi, Label::kNear);
315   __ fld_d(FieldOperand(number, HeapNumber::kValueOffset));
316   __ jmp(&done, Label::kNear);
317 
318   __ bind(&load_smi);
319   __ SmiUntag(number);
320   __ push(number);
321   __ fild_s(Operand(esp, 0));
322   __ pop(number);
323 
324   __ bind(&done);
325 }
326 
327 
LoadSSE2Operands(MacroAssembler * masm,Label * not_numbers)328 void FloatingPointHelper::LoadSSE2Operands(MacroAssembler* masm,
329                                            Label* not_numbers) {
330   Label load_smi_edx, load_eax, load_smi_eax, load_float_eax, done;
331   // Load operand in edx into xmm0, or branch to not_numbers.
332   __ JumpIfSmi(edx, &load_smi_edx, Label::kNear);
333   Factory* factory = masm->isolate()->factory();
334   __ cmp(FieldOperand(edx, HeapObject::kMapOffset), factory->heap_number_map());
335   __ j(not_equal, not_numbers);  // Argument in edx is not a number.
336   __ movsd(xmm0, FieldOperand(edx, HeapNumber::kValueOffset));
337   __ bind(&load_eax);
338   // Load operand in eax into xmm1, or branch to not_numbers.
339   __ JumpIfSmi(eax, &load_smi_eax, Label::kNear);
340   __ cmp(FieldOperand(eax, HeapObject::kMapOffset), factory->heap_number_map());
341   __ j(equal, &load_float_eax, Label::kNear);
342   __ jmp(not_numbers);  // Argument in eax is not a number.
343   __ bind(&load_smi_edx);
344   __ SmiUntag(edx);  // Untag smi before converting to float.
345   __ Cvtsi2sd(xmm0, edx);
346   __ SmiTag(edx);  // Retag smi for heap number overwriting test.
347   __ jmp(&load_eax);
348   __ bind(&load_smi_eax);
349   __ SmiUntag(eax);  // Untag smi before converting to float.
350   __ Cvtsi2sd(xmm1, eax);
351   __ SmiTag(eax);  // Retag smi for heap number overwriting test.
352   __ jmp(&done, Label::kNear);
353   __ bind(&load_float_eax);
354   __ movsd(xmm1, FieldOperand(eax, HeapNumber::kValueOffset));
355   __ bind(&done);
356 }
357 
358 
CheckFloatOperands(MacroAssembler * masm,Label * non_float,Register scratch)359 void FloatingPointHelper::CheckFloatOperands(MacroAssembler* masm,
360                                              Label* non_float,
361                                              Register scratch) {
362   Label test_other, done;
363   // Test if both operands are floats or smi -> scratch=k_is_float;
364   // Otherwise scratch = k_not_float.
365   __ JumpIfSmi(edx, &test_other, Label::kNear);
366   __ mov(scratch, FieldOperand(edx, HeapObject::kMapOffset));
367   Factory* factory = masm->isolate()->factory();
368   __ cmp(scratch, factory->heap_number_map());
369   __ j(not_equal, non_float);  // argument in edx is not a number -> NaN
370 
371   __ bind(&test_other);
372   __ JumpIfSmi(eax, &done, Label::kNear);
373   __ mov(scratch, FieldOperand(eax, HeapObject::kMapOffset));
374   __ cmp(scratch, factory->heap_number_map());
375   __ j(not_equal, non_float);  // argument in eax is not a number -> NaN
376 
377   // Fall-through: Both operands are numbers.
378   __ bind(&done);
379 }
380 
381 
Generate(MacroAssembler * masm)382 void MathPowStub::Generate(MacroAssembler* masm) {
383   Factory* factory = isolate()->factory();
384   const Register exponent = MathPowTaggedDescriptor::exponent();
385   DCHECK(exponent.is(eax));
386   const Register base = edx;
387   const Register scratch = ecx;
388   const XMMRegister double_result = xmm3;
389   const XMMRegister double_base = xmm2;
390   const XMMRegister double_exponent = xmm1;
391   const XMMRegister double_scratch = xmm4;
392 
393   Label call_runtime, done, exponent_not_smi, int_exponent;
394 
395   // Save 1 in double_result - we need this several times later on.
396   __ mov(scratch, Immediate(1));
397   __ Cvtsi2sd(double_result, scratch);
398 
399   if (exponent_type() == ON_STACK) {
400     Label base_is_smi, unpack_exponent;
401     // The exponent and base are supplied as arguments on the stack.
402     // This can only happen if the stub is called from non-optimized code.
403     // Load input parameters from stack.
404     __ mov(base, Operand(esp, 2 * kPointerSize));
405     __ mov(exponent, Operand(esp, 1 * kPointerSize));
406 
407     __ JumpIfSmi(base, &base_is_smi, Label::kNear);
408     __ cmp(FieldOperand(base, HeapObject::kMapOffset),
409            factory->heap_number_map());
410     __ j(not_equal, &call_runtime);
411 
412     __ movsd(double_base, FieldOperand(base, HeapNumber::kValueOffset));
413     __ jmp(&unpack_exponent, Label::kNear);
414 
415     __ bind(&base_is_smi);
416     __ SmiUntag(base);
417     __ Cvtsi2sd(double_base, base);
418 
419     __ bind(&unpack_exponent);
420     __ JumpIfNotSmi(exponent, &exponent_not_smi, Label::kNear);
421     __ SmiUntag(exponent);
422     __ jmp(&int_exponent);
423 
424     __ bind(&exponent_not_smi);
425     __ cmp(FieldOperand(exponent, HeapObject::kMapOffset),
426            factory->heap_number_map());
427     __ j(not_equal, &call_runtime);
428     __ movsd(double_exponent,
429               FieldOperand(exponent, HeapNumber::kValueOffset));
430   } else if (exponent_type() == TAGGED) {
431     __ JumpIfNotSmi(exponent, &exponent_not_smi, Label::kNear);
432     __ SmiUntag(exponent);
433     __ jmp(&int_exponent);
434 
435     __ bind(&exponent_not_smi);
436     __ movsd(double_exponent,
437               FieldOperand(exponent, HeapNumber::kValueOffset));
438   }
439 
440   if (exponent_type() != INTEGER) {
441     Label fast_power, try_arithmetic_simplification;
442     __ DoubleToI(exponent, double_exponent, double_scratch,
443                  TREAT_MINUS_ZERO_AS_ZERO, &try_arithmetic_simplification,
444                  &try_arithmetic_simplification,
445                  &try_arithmetic_simplification);
446     __ jmp(&int_exponent);
447 
448     __ bind(&try_arithmetic_simplification);
449     // Skip to runtime if possibly NaN (indicated by the indefinite integer).
450     __ cvttsd2si(exponent, Operand(double_exponent));
451     __ cmp(exponent, Immediate(0x1));
452     __ j(overflow, &call_runtime);
453 
454     if (exponent_type() == ON_STACK) {
455       // Detect square root case.  Crankshaft detects constant +/-0.5 at
456       // compile time and uses DoMathPowHalf instead.  We then skip this check
457       // for non-constant cases of +/-0.5 as these hardly occur.
458       Label continue_sqrt, continue_rsqrt, not_plus_half;
459       // Test for 0.5.
460       // Load double_scratch with 0.5.
461       __ mov(scratch, Immediate(0x3F000000u));
462       __ movd(double_scratch, scratch);
463       __ cvtss2sd(double_scratch, double_scratch);
464       // Already ruled out NaNs for exponent.
465       __ ucomisd(double_scratch, double_exponent);
466       __ j(not_equal, &not_plus_half, Label::kNear);
467 
468       // Calculates square root of base.  Check for the special case of
469       // Math.pow(-Infinity, 0.5) == Infinity (ECMA spec, 15.8.2.13).
470       // According to IEEE-754, single-precision -Infinity has the highest
471       // 9 bits set and the lowest 23 bits cleared.
472       __ mov(scratch, 0xFF800000u);
473       __ movd(double_scratch, scratch);
474       __ cvtss2sd(double_scratch, double_scratch);
475       __ ucomisd(double_base, double_scratch);
476       // Comparing -Infinity with NaN results in "unordered", which sets the
477       // zero flag as if both were equal.  However, it also sets the carry flag.
478       __ j(not_equal, &continue_sqrt, Label::kNear);
479       __ j(carry, &continue_sqrt, Label::kNear);
480 
481       // Set result to Infinity in the special case.
482       __ xorps(double_result, double_result);
483       __ subsd(double_result, double_scratch);
484       __ jmp(&done);
485 
486       __ bind(&continue_sqrt);
487       // sqrtsd returns -0 when input is -0.  ECMA spec requires +0.
488       __ xorps(double_scratch, double_scratch);
489       __ addsd(double_scratch, double_base);  // Convert -0 to +0.
490       __ sqrtsd(double_result, double_scratch);
491       __ jmp(&done);
492 
493       // Test for -0.5.
494       __ bind(&not_plus_half);
495       // Load double_exponent with -0.5 by substracting 1.
496       __ subsd(double_scratch, double_result);
497       // Already ruled out NaNs for exponent.
498       __ ucomisd(double_scratch, double_exponent);
499       __ j(not_equal, &fast_power, Label::kNear);
500 
501       // Calculates reciprocal of square root of base.  Check for the special
502       // case of Math.pow(-Infinity, -0.5) == 0 (ECMA spec, 15.8.2.13).
503       // According to IEEE-754, single-precision -Infinity has the highest
504       // 9 bits set and the lowest 23 bits cleared.
505       __ mov(scratch, 0xFF800000u);
506       __ movd(double_scratch, scratch);
507       __ cvtss2sd(double_scratch, double_scratch);
508       __ ucomisd(double_base, double_scratch);
509       // Comparing -Infinity with NaN results in "unordered", which sets the
510       // zero flag as if both were equal.  However, it also sets the carry flag.
511       __ j(not_equal, &continue_rsqrt, Label::kNear);
512       __ j(carry, &continue_rsqrt, Label::kNear);
513 
514       // Set result to 0 in the special case.
515       __ xorps(double_result, double_result);
516       __ jmp(&done);
517 
518       __ bind(&continue_rsqrt);
519       // sqrtsd returns -0 when input is -0.  ECMA spec requires +0.
520       __ xorps(double_exponent, double_exponent);
521       __ addsd(double_exponent, double_base);  // Convert -0 to +0.
522       __ sqrtsd(double_exponent, double_exponent);
523       __ divsd(double_result, double_exponent);
524       __ jmp(&done);
525     }
526 
527     // Using FPU instructions to calculate power.
528     Label fast_power_failed;
529     __ bind(&fast_power);
530     __ fnclex();  // Clear flags to catch exceptions later.
531     // Transfer (B)ase and (E)xponent onto the FPU register stack.
532     __ sub(esp, Immediate(kDoubleSize));
533     __ movsd(Operand(esp, 0), double_exponent);
534     __ fld_d(Operand(esp, 0));  // E
535     __ movsd(Operand(esp, 0), double_base);
536     __ fld_d(Operand(esp, 0));  // B, E
537 
538     // Exponent is in st(1) and base is in st(0)
539     // B ^ E = (2^(E * log2(B)) - 1) + 1 = (2^X - 1) + 1 for X = E * log2(B)
540     // FYL2X calculates st(1) * log2(st(0))
541     __ fyl2x();    // X
542     __ fld(0);     // X, X
543     __ frndint();  // rnd(X), X
544     __ fsub(1);    // rnd(X), X-rnd(X)
545     __ fxch(1);    // X - rnd(X), rnd(X)
546     // F2XM1 calculates 2^st(0) - 1 for -1 < st(0) < 1
547     __ f2xm1();    // 2^(X-rnd(X)) - 1, rnd(X)
548     __ fld1();     // 1, 2^(X-rnd(X)) - 1, rnd(X)
549     __ faddp(1);   // 2^(X-rnd(X)), rnd(X)
550     // FSCALE calculates st(0) * 2^st(1)
551     __ fscale();   // 2^X, rnd(X)
552     __ fstp(1);    // 2^X
553     // Bail out to runtime in case of exceptions in the status word.
554     __ fnstsw_ax();
555     __ test_b(eax, 0x5F);  // We check for all but precision exception.
556     __ j(not_zero, &fast_power_failed, Label::kNear);
557     __ fstp_d(Operand(esp, 0));
558     __ movsd(double_result, Operand(esp, 0));
559     __ add(esp, Immediate(kDoubleSize));
560     __ jmp(&done);
561 
562     __ bind(&fast_power_failed);
563     __ fninit();
564     __ add(esp, Immediate(kDoubleSize));
565     __ jmp(&call_runtime);
566   }
567 
568   // Calculate power with integer exponent.
569   __ bind(&int_exponent);
570   const XMMRegister double_scratch2 = double_exponent;
571   __ mov(scratch, exponent);  // Back up exponent.
572   __ movsd(double_scratch, double_base);  // Back up base.
573   __ movsd(double_scratch2, double_result);  // Load double_exponent with 1.
574 
575   // Get absolute value of exponent.
576   Label no_neg, while_true, while_false;
577   __ test(scratch, scratch);
578   __ j(positive, &no_neg, Label::kNear);
579   __ neg(scratch);
580   __ bind(&no_neg);
581 
582   __ j(zero, &while_false, Label::kNear);
583   __ shr(scratch, 1);
584   // Above condition means CF==0 && ZF==0.  This means that the
585   // bit that has been shifted out is 0 and the result is not 0.
586   __ j(above, &while_true, Label::kNear);
587   __ movsd(double_result, double_scratch);
588   __ j(zero, &while_false, Label::kNear);
589 
590   __ bind(&while_true);
591   __ shr(scratch, 1);
592   __ mulsd(double_scratch, double_scratch);
593   __ j(above, &while_true, Label::kNear);
594   __ mulsd(double_result, double_scratch);
595   __ j(not_zero, &while_true);
596 
597   __ bind(&while_false);
598   // scratch has the original value of the exponent - if the exponent is
599   // negative, return 1/result.
600   __ test(exponent, exponent);
601   __ j(positive, &done);
602   __ divsd(double_scratch2, double_result);
603   __ movsd(double_result, double_scratch2);
604   // Test whether result is zero.  Bail out to check for subnormal result.
605   // Due to subnormals, x^-y == (1/x)^y does not hold in all cases.
606   __ xorps(double_scratch2, double_scratch2);
607   __ ucomisd(double_scratch2, double_result);  // Result cannot be NaN.
608   // double_exponent aliased as double_scratch2 has already been overwritten
609   // and may not have contained the exponent value in the first place when the
610   // exponent is a smi.  We reset it with exponent value before bailing out.
611   __ j(not_equal, &done);
612   __ Cvtsi2sd(double_exponent, exponent);
613 
614   // Returning or bailing out.
615   Counters* counters = isolate()->counters();
616   if (exponent_type() == ON_STACK) {
617     // The arguments are still on the stack.
618     __ bind(&call_runtime);
619     __ TailCallRuntime(Runtime::kMathPowRT, 2, 1);
620 
621     // The stub is called from non-optimized code, which expects the result
622     // as heap number in exponent.
623     __ bind(&done);
624     __ AllocateHeapNumber(eax, scratch, base, &call_runtime);
625     __ movsd(FieldOperand(eax, HeapNumber::kValueOffset), double_result);
626     __ IncrementCounter(counters->math_pow(), 1);
627     __ ret(2 * kPointerSize);
628   } else {
629     __ bind(&call_runtime);
630     {
631       AllowExternalCallThatCantCauseGC scope(masm);
632       __ PrepareCallCFunction(4, scratch);
633       __ movsd(Operand(esp, 0 * kDoubleSize), double_base);
634       __ movsd(Operand(esp, 1 * kDoubleSize), double_exponent);
635       __ CallCFunction(
636           ExternalReference::power_double_double_function(isolate()), 4);
637     }
638     // Return value is in st(0) on ia32.
639     // Store it into the (fixed) result register.
640     __ sub(esp, Immediate(kDoubleSize));
641     __ fstp_d(Operand(esp, 0));
642     __ movsd(double_result, Operand(esp, 0));
643     __ add(esp, Immediate(kDoubleSize));
644 
645     __ bind(&done);
646     __ IncrementCounter(counters->math_pow(), 1);
647     __ ret(0);
648   }
649 }
650 
651 
Generate(MacroAssembler * masm)652 void FunctionPrototypeStub::Generate(MacroAssembler* masm) {
653   Label miss;
654   Register receiver = LoadDescriptor::ReceiverRegister();
655 
656   NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(masm, receiver, eax,
657                                                           ebx, &miss);
658   __ bind(&miss);
659   PropertyAccessCompiler::TailCallBuiltin(
660       masm, PropertyAccessCompiler::MissBuiltin(Code::LOAD_IC));
661 }
662 
663 
Generate(MacroAssembler * masm)664 void LoadIndexedInterceptorStub::Generate(MacroAssembler* masm) {
665   // Return address is on the stack.
666   Label slow;
667 
668   Register receiver = LoadDescriptor::ReceiverRegister();
669   Register key = LoadDescriptor::NameRegister();
670   Register scratch = eax;
671   DCHECK(!scratch.is(receiver) && !scratch.is(key));
672 
673   // Check that the key is an array index, that is Uint32.
674   __ test(key, Immediate(kSmiTagMask | kSmiSignMask));
675   __ j(not_zero, &slow);
676 
677   // Everything is fine, call runtime.
678   __ pop(scratch);
679   __ push(receiver);  // receiver
680   __ push(key);       // key
681   __ push(scratch);   // return address
682 
683   // Perform tail call to the entry.
684   ExternalReference ref = ExternalReference(
685       IC_Utility(IC::kLoadElementWithInterceptor), masm->isolate());
686   __ TailCallExternalReference(ref, 2, 1);
687 
688   __ bind(&slow);
689   PropertyAccessCompiler::TailCallBuiltin(
690       masm, PropertyAccessCompiler::MissBuiltin(Code::KEYED_LOAD_IC));
691 }
692 
693 
GenerateReadElement(MacroAssembler * masm)694 void ArgumentsAccessStub::GenerateReadElement(MacroAssembler* masm) {
695   // The key is in edx and the parameter count is in eax.
696   DCHECK(edx.is(ArgumentsAccessReadDescriptor::index()));
697   DCHECK(eax.is(ArgumentsAccessReadDescriptor::parameter_count()));
698 
699   // The displacement is used for skipping the frame pointer on the
700   // stack. It is the offset of the last parameter (if any) relative
701   // to the frame pointer.
702   static const int kDisplacement = 1 * kPointerSize;
703 
704   // Check that the key is a smi.
705   Label slow;
706   __ JumpIfNotSmi(edx, &slow, Label::kNear);
707 
708   // Check if the calling frame is an arguments adaptor frame.
709   Label adaptor;
710   __ mov(ebx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
711   __ mov(ecx, Operand(ebx, StandardFrameConstants::kContextOffset));
712   __ cmp(ecx, Immediate(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
713   __ j(equal, &adaptor, Label::kNear);
714 
715   // Check index against formal parameters count limit passed in
716   // through register eax. Use unsigned comparison to get negative
717   // check for free.
718   __ cmp(edx, eax);
719   __ j(above_equal, &slow, Label::kNear);
720 
721   // Read the argument from the stack and return it.
722   STATIC_ASSERT(kSmiTagSize == 1);
723   STATIC_ASSERT(kSmiTag == 0);  // Shifting code depends on these.
724   __ lea(ebx, Operand(ebp, eax, times_2, 0));
725   __ neg(edx);
726   __ mov(eax, Operand(ebx, edx, times_2, kDisplacement));
727   __ ret(0);
728 
729   // Arguments adaptor case: Check index against actual arguments
730   // limit found in the arguments adaptor frame. Use unsigned
731   // comparison to get negative check for free.
732   __ bind(&adaptor);
733   __ mov(ecx, Operand(ebx, ArgumentsAdaptorFrameConstants::kLengthOffset));
734   __ cmp(edx, ecx);
735   __ j(above_equal, &slow, Label::kNear);
736 
737   // Read the argument from the stack and return it.
738   STATIC_ASSERT(kSmiTagSize == 1);
739   STATIC_ASSERT(kSmiTag == 0);  // Shifting code depends on these.
740   __ lea(ebx, Operand(ebx, ecx, times_2, 0));
741   __ neg(edx);
742   __ mov(eax, Operand(ebx, edx, times_2, kDisplacement));
743   __ ret(0);
744 
745   // Slow-case: Handle non-smi or out-of-bounds access to arguments
746   // by calling the runtime system.
747   __ bind(&slow);
748   __ pop(ebx);  // Return address.
749   __ push(edx);
750   __ push(ebx);
751   __ TailCallRuntime(Runtime::kGetArgumentsProperty, 1, 1);
752 }
753 
754 
GenerateNewSloppySlow(MacroAssembler * masm)755 void ArgumentsAccessStub::GenerateNewSloppySlow(MacroAssembler* masm) {
756   // esp[0] : return address
757   // esp[4] : number of parameters
758   // esp[8] : receiver displacement
759   // esp[12] : function
760 
761   // Check if the calling frame is an arguments adaptor frame.
762   Label runtime;
763   __ mov(edx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
764   __ mov(ecx, Operand(edx, StandardFrameConstants::kContextOffset));
765   __ cmp(ecx, Immediate(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
766   __ j(not_equal, &runtime, Label::kNear);
767 
768   // Patch the arguments.length and the parameters pointer.
769   __ mov(ecx, Operand(edx, ArgumentsAdaptorFrameConstants::kLengthOffset));
770   __ mov(Operand(esp, 1 * kPointerSize), ecx);
771   __ lea(edx, Operand(edx, ecx, times_2,
772               StandardFrameConstants::kCallerSPOffset));
773   __ mov(Operand(esp, 2 * kPointerSize), edx);
774 
775   __ bind(&runtime);
776   __ TailCallRuntime(Runtime::kNewSloppyArguments, 3, 1);
777 }
778 
779 
GenerateNewSloppyFast(MacroAssembler * masm)780 void ArgumentsAccessStub::GenerateNewSloppyFast(MacroAssembler* masm) {
781   // esp[0] : return address
782   // esp[4] : number of parameters (tagged)
783   // esp[8] : receiver displacement
784   // esp[12] : function
785 
786   // ebx = parameter count (tagged)
787   __ mov(ebx, Operand(esp, 1 * kPointerSize));
788 
789   // Check if the calling frame is an arguments adaptor frame.
790   // TODO(rossberg): Factor out some of the bits that are shared with the other
791   // Generate* functions.
792   Label runtime;
793   Label adaptor_frame, try_allocate;
794   __ mov(edx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
795   __ mov(ecx, Operand(edx, StandardFrameConstants::kContextOffset));
796   __ cmp(ecx, Immediate(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
797   __ j(equal, &adaptor_frame, Label::kNear);
798 
799   // No adaptor, parameter count = argument count.
800   __ mov(ecx, ebx);
801   __ jmp(&try_allocate, Label::kNear);
802 
803   // We have an adaptor frame. Patch the parameters pointer.
804   __ bind(&adaptor_frame);
805   __ mov(ecx, Operand(edx, ArgumentsAdaptorFrameConstants::kLengthOffset));
806   __ lea(edx, Operand(edx, ecx, times_2,
807                       StandardFrameConstants::kCallerSPOffset));
808   __ mov(Operand(esp, 2 * kPointerSize), edx);
809 
810   // ebx = parameter count (tagged)
811   // ecx = argument count (smi-tagged)
812   // esp[4] = parameter count (tagged)
813   // esp[8] = address of receiver argument
814   // Compute the mapped parameter count = min(ebx, ecx) in ebx.
815   __ cmp(ebx, ecx);
816   __ j(less_equal, &try_allocate, Label::kNear);
817   __ mov(ebx, ecx);
818 
819   __ bind(&try_allocate);
820 
821   // Save mapped parameter count.
822   __ push(ebx);
823 
824   // Compute the sizes of backing store, parameter map, and arguments object.
825   // 1. Parameter map, has 2 extra words containing context and backing store.
826   const int kParameterMapHeaderSize =
827       FixedArray::kHeaderSize + 2 * kPointerSize;
828   Label no_parameter_map;
829   __ test(ebx, ebx);
830   __ j(zero, &no_parameter_map, Label::kNear);
831   __ lea(ebx, Operand(ebx, times_2, kParameterMapHeaderSize));
832   __ bind(&no_parameter_map);
833 
834   // 2. Backing store.
835   __ lea(ebx, Operand(ebx, ecx, times_2, FixedArray::kHeaderSize));
836 
837   // 3. Arguments object.
838   __ add(ebx, Immediate(Heap::kSloppyArgumentsObjectSize));
839 
840   // Do the allocation of all three objects in one go.
841   __ Allocate(ebx, eax, edx, edi, &runtime, TAG_OBJECT);
842 
843   // eax = address of new object(s) (tagged)
844   // ecx = argument count (smi-tagged)
845   // esp[0] = mapped parameter count (tagged)
846   // esp[8] = parameter count (tagged)
847   // esp[12] = address of receiver argument
848   // Get the arguments map from the current native context into edi.
849   Label has_mapped_parameters, instantiate;
850   __ mov(edi, Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
851   __ mov(edi, FieldOperand(edi, GlobalObject::kNativeContextOffset));
852   __ mov(ebx, Operand(esp, 0 * kPointerSize));
853   __ test(ebx, ebx);
854   __ j(not_zero, &has_mapped_parameters, Label::kNear);
855   __ mov(
856       edi,
857       Operand(edi, Context::SlotOffset(Context::SLOPPY_ARGUMENTS_MAP_INDEX)));
858   __ jmp(&instantiate, Label::kNear);
859 
860   __ bind(&has_mapped_parameters);
861   __ mov(
862       edi,
863       Operand(edi, Context::SlotOffset(Context::ALIASED_ARGUMENTS_MAP_INDEX)));
864   __ bind(&instantiate);
865 
866   // eax = address of new object (tagged)
867   // ebx = mapped parameter count (tagged)
868   // ecx = argument count (smi-tagged)
869   // edi = address of arguments map (tagged)
870   // esp[0] = mapped parameter count (tagged)
871   // esp[8] = parameter count (tagged)
872   // esp[12] = address of receiver argument
873   // Copy the JS object part.
874   __ mov(FieldOperand(eax, JSObject::kMapOffset), edi);
875   __ mov(FieldOperand(eax, JSObject::kPropertiesOffset),
876          masm->isolate()->factory()->empty_fixed_array());
877   __ mov(FieldOperand(eax, JSObject::kElementsOffset),
878          masm->isolate()->factory()->empty_fixed_array());
879 
880   // Set up the callee in-object property.
881   STATIC_ASSERT(Heap::kArgumentsCalleeIndex == 1);
882   __ mov(edx, Operand(esp, 4 * kPointerSize));
883   __ AssertNotSmi(edx);
884   __ mov(FieldOperand(eax, JSObject::kHeaderSize +
885                       Heap::kArgumentsCalleeIndex * kPointerSize),
886          edx);
887 
888   // Use the length (smi tagged) and set that as an in-object property too.
889   __ AssertSmi(ecx);
890   STATIC_ASSERT(Heap::kArgumentsLengthIndex == 0);
891   __ mov(FieldOperand(eax, JSObject::kHeaderSize +
892                       Heap::kArgumentsLengthIndex * kPointerSize),
893          ecx);
894 
895   // Set up the elements pointer in the allocated arguments object.
896   // If we allocated a parameter map, edi will point there, otherwise to the
897   // backing store.
898   __ lea(edi, Operand(eax, Heap::kSloppyArgumentsObjectSize));
899   __ mov(FieldOperand(eax, JSObject::kElementsOffset), edi);
900 
901   // eax = address of new object (tagged)
902   // ebx = mapped parameter count (tagged)
903   // ecx = argument count (tagged)
904   // edi = address of parameter map or backing store (tagged)
905   // esp[0] = mapped parameter count (tagged)
906   // esp[8] = parameter count (tagged)
907   // esp[12] = address of receiver argument
908   // Free a register.
909   __ push(eax);
910 
911   // Initialize parameter map. If there are no mapped arguments, we're done.
912   Label skip_parameter_map;
913   __ test(ebx, ebx);
914   __ j(zero, &skip_parameter_map);
915 
916   __ mov(FieldOperand(edi, FixedArray::kMapOffset),
917          Immediate(isolate()->factory()->sloppy_arguments_elements_map()));
918   __ lea(eax, Operand(ebx, reinterpret_cast<intptr_t>(Smi::FromInt(2))));
919   __ mov(FieldOperand(edi, FixedArray::kLengthOffset), eax);
920   __ mov(FieldOperand(edi, FixedArray::kHeaderSize + 0 * kPointerSize), esi);
921   __ lea(eax, Operand(edi, ebx, times_2, kParameterMapHeaderSize));
922   __ mov(FieldOperand(edi, FixedArray::kHeaderSize + 1 * kPointerSize), eax);
923 
924   // Copy the parameter slots and the holes in the arguments.
925   // We need to fill in mapped_parameter_count slots. They index the context,
926   // where parameters are stored in reverse order, at
927   //   MIN_CONTEXT_SLOTS .. MIN_CONTEXT_SLOTS+parameter_count-1
928   // The mapped parameter thus need to get indices
929   //   MIN_CONTEXT_SLOTS+parameter_count-1 ..
930   //       MIN_CONTEXT_SLOTS+parameter_count-mapped_parameter_count
931   // We loop from right to left.
932   Label parameters_loop, parameters_test;
933   __ push(ecx);
934   __ mov(eax, Operand(esp, 2 * kPointerSize));
935   __ mov(ebx, Immediate(Smi::FromInt(Context::MIN_CONTEXT_SLOTS)));
936   __ add(ebx, Operand(esp, 4 * kPointerSize));
937   __ sub(ebx, eax);
938   __ mov(ecx, isolate()->factory()->the_hole_value());
939   __ mov(edx, edi);
940   __ lea(edi, Operand(edi, eax, times_2, kParameterMapHeaderSize));
941   // eax = loop variable (tagged)
942   // ebx = mapping index (tagged)
943   // ecx = the hole value
944   // edx = address of parameter map (tagged)
945   // edi = address of backing store (tagged)
946   // esp[0] = argument count (tagged)
947   // esp[4] = address of new object (tagged)
948   // esp[8] = mapped parameter count (tagged)
949   // esp[16] = parameter count (tagged)
950   // esp[20] = address of receiver argument
951   __ jmp(&parameters_test, Label::kNear);
952 
953   __ bind(&parameters_loop);
954   __ sub(eax, Immediate(Smi::FromInt(1)));
955   __ mov(FieldOperand(edx, eax, times_2, kParameterMapHeaderSize), ebx);
956   __ mov(FieldOperand(edi, eax, times_2, FixedArray::kHeaderSize), ecx);
957   __ add(ebx, Immediate(Smi::FromInt(1)));
958   __ bind(&parameters_test);
959   __ test(eax, eax);
960   __ j(not_zero, &parameters_loop, Label::kNear);
961   __ pop(ecx);
962 
963   __ bind(&skip_parameter_map);
964 
965   // ecx = argument count (tagged)
966   // edi = address of backing store (tagged)
967   // esp[0] = address of new object (tagged)
968   // esp[4] = mapped parameter count (tagged)
969   // esp[12] = parameter count (tagged)
970   // esp[16] = address of receiver argument
971   // Copy arguments header and remaining slots (if there are any).
972   __ mov(FieldOperand(edi, FixedArray::kMapOffset),
973          Immediate(isolate()->factory()->fixed_array_map()));
974   __ mov(FieldOperand(edi, FixedArray::kLengthOffset), ecx);
975 
976   Label arguments_loop, arguments_test;
977   __ mov(ebx, Operand(esp, 1 * kPointerSize));
978   __ mov(edx, Operand(esp, 4 * kPointerSize));
979   __ sub(edx, ebx);  // Is there a smarter way to do negative scaling?
980   __ sub(edx, ebx);
981   __ jmp(&arguments_test, Label::kNear);
982 
983   __ bind(&arguments_loop);
984   __ sub(edx, Immediate(kPointerSize));
985   __ mov(eax, Operand(edx, 0));
986   __ mov(FieldOperand(edi, ebx, times_2, FixedArray::kHeaderSize), eax);
987   __ add(ebx, Immediate(Smi::FromInt(1)));
988 
989   __ bind(&arguments_test);
990   __ cmp(ebx, ecx);
991   __ j(less, &arguments_loop, Label::kNear);
992 
993   // Restore.
994   __ pop(eax);  // Address of arguments object.
995   __ pop(ebx);  // Parameter count.
996 
997   // Return and remove the on-stack parameters.
998   __ ret(3 * kPointerSize);
999 
1000   // Do the runtime call to allocate the arguments object.
1001   __ bind(&runtime);
1002   __ pop(eax);  // Remove saved parameter count.
1003   __ mov(Operand(esp, 1 * kPointerSize), ecx);  // Patch argument count.
1004   __ TailCallRuntime(Runtime::kNewSloppyArguments, 3, 1);
1005 }
1006 
1007 
GenerateNewStrict(MacroAssembler * masm)1008 void ArgumentsAccessStub::GenerateNewStrict(MacroAssembler* masm) {
1009   // esp[0] : return address
1010   // esp[4] : number of parameters
1011   // esp[8] : receiver displacement
1012   // esp[12] : function
1013 
1014   // Check if the calling frame is an arguments adaptor frame.
1015   Label adaptor_frame, try_allocate, runtime;
1016   __ mov(edx, Operand(ebp, StandardFrameConstants::kCallerFPOffset));
1017   __ mov(ecx, Operand(edx, StandardFrameConstants::kContextOffset));
1018   __ cmp(ecx, Immediate(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
1019   __ j(equal, &adaptor_frame, Label::kNear);
1020 
1021   // Get the length from the frame.
1022   __ mov(ecx, Operand(esp, 1 * kPointerSize));
1023   __ jmp(&try_allocate, Label::kNear);
1024 
1025   // Patch the arguments.length and the parameters pointer.
1026   __ bind(&adaptor_frame);
1027   __ mov(ecx, Operand(edx, ArgumentsAdaptorFrameConstants::kLengthOffset));
1028   __ mov(Operand(esp, 1 * kPointerSize), ecx);
1029   __ lea(edx, Operand(edx, ecx, times_2,
1030                       StandardFrameConstants::kCallerSPOffset));
1031   __ mov(Operand(esp, 2 * kPointerSize), edx);
1032 
1033   // Try the new space allocation. Start out with computing the size of
1034   // the arguments object and the elements array.
1035   Label add_arguments_object;
1036   __ bind(&try_allocate);
1037   __ test(ecx, ecx);
1038   __ j(zero, &add_arguments_object, Label::kNear);
1039   __ lea(ecx, Operand(ecx, times_2, FixedArray::kHeaderSize));
1040   __ bind(&add_arguments_object);
1041   __ add(ecx, Immediate(Heap::kStrictArgumentsObjectSize));
1042 
1043   // Do the allocation of both objects in one go.
1044   __ Allocate(ecx, eax, edx, ebx, &runtime, TAG_OBJECT);
1045 
1046   // Get the arguments map from the current native context.
1047   __ mov(edi, Operand(esi, Context::SlotOffset(Context::GLOBAL_OBJECT_INDEX)));
1048   __ mov(edi, FieldOperand(edi, GlobalObject::kNativeContextOffset));
1049   const int offset = Context::SlotOffset(Context::STRICT_ARGUMENTS_MAP_INDEX);
1050   __ mov(edi, Operand(edi, offset));
1051 
1052   __ mov(FieldOperand(eax, JSObject::kMapOffset), edi);
1053   __ mov(FieldOperand(eax, JSObject::kPropertiesOffset),
1054          masm->isolate()->factory()->empty_fixed_array());
1055   __ mov(FieldOperand(eax, JSObject::kElementsOffset),
1056          masm->isolate()->factory()->empty_fixed_array());
1057 
1058   // Get the length (smi tagged) and set that as an in-object property too.
1059   STATIC_ASSERT(Heap::kArgumentsLengthIndex == 0);
1060   __ mov(ecx, Operand(esp, 1 * kPointerSize));
1061   __ AssertSmi(ecx);
1062   __ mov(FieldOperand(eax, JSObject::kHeaderSize +
1063                       Heap::kArgumentsLengthIndex * kPointerSize),
1064          ecx);
1065 
1066   // If there are no actual arguments, we're done.
1067   Label done;
1068   __ test(ecx, ecx);
1069   __ j(zero, &done, Label::kNear);
1070 
1071   // Get the parameters pointer from the stack.
1072   __ mov(edx, Operand(esp, 2 * kPointerSize));
1073 
1074   // Set up the elements pointer in the allocated arguments object and
1075   // initialize the header in the elements fixed array.
1076   __ lea(edi, Operand(eax, Heap::kStrictArgumentsObjectSize));
1077   __ mov(FieldOperand(eax, JSObject::kElementsOffset), edi);
1078   __ mov(FieldOperand(edi, FixedArray::kMapOffset),
1079          Immediate(isolate()->factory()->fixed_array_map()));
1080 
1081   __ mov(FieldOperand(edi, FixedArray::kLengthOffset), ecx);
1082   // Untag the length for the loop below.
1083   __ SmiUntag(ecx);
1084 
1085   // Copy the fixed array slots.
1086   Label loop;
1087   __ bind(&loop);
1088   __ mov(ebx, Operand(edx, -1 * kPointerSize));  // Skip receiver.
1089   __ mov(FieldOperand(edi, FixedArray::kHeaderSize), ebx);
1090   __ add(edi, Immediate(kPointerSize));
1091   __ sub(edx, Immediate(kPointerSize));
1092   __ dec(ecx);
1093   __ j(not_zero, &loop);
1094 
1095   // Return and remove the on-stack parameters.
1096   __ bind(&done);
1097   __ ret(3 * kPointerSize);
1098 
1099   // Do the runtime call to allocate the arguments object.
1100   __ bind(&runtime);
1101   __ TailCallRuntime(Runtime::kNewStrictArguments, 3, 1);
1102 }
1103 
1104 
Generate(MacroAssembler * masm)1105 void RegExpExecStub::Generate(MacroAssembler* masm) {
1106   // Just jump directly to runtime if native RegExp is not selected at compile
1107   // time or if regexp entry in generated code is turned off runtime switch or
1108   // at compilation.
1109 #ifdef V8_INTERPRETED_REGEXP
1110   __ TailCallRuntime(Runtime::kRegExpExecRT, 4, 1);
1111 #else  // V8_INTERPRETED_REGEXP
1112 
1113   // Stack frame on entry.
1114   //  esp[0]: return address
1115   //  esp[4]: last_match_info (expected JSArray)
1116   //  esp[8]: previous index
1117   //  esp[12]: subject string
1118   //  esp[16]: JSRegExp object
1119 
1120   static const int kLastMatchInfoOffset = 1 * kPointerSize;
1121   static const int kPreviousIndexOffset = 2 * kPointerSize;
1122   static const int kSubjectOffset = 3 * kPointerSize;
1123   static const int kJSRegExpOffset = 4 * kPointerSize;
1124 
1125   Label runtime;
1126   Factory* factory = isolate()->factory();
1127 
1128   // Ensure that a RegExp stack is allocated.
1129   ExternalReference address_of_regexp_stack_memory_address =
1130       ExternalReference::address_of_regexp_stack_memory_address(isolate());
1131   ExternalReference address_of_regexp_stack_memory_size =
1132       ExternalReference::address_of_regexp_stack_memory_size(isolate());
1133   __ mov(ebx, Operand::StaticVariable(address_of_regexp_stack_memory_size));
1134   __ test(ebx, ebx);
1135   __ j(zero, &runtime);
1136 
1137   // Check that the first argument is a JSRegExp object.
1138   __ mov(eax, Operand(esp, kJSRegExpOffset));
1139   STATIC_ASSERT(kSmiTag == 0);
1140   __ JumpIfSmi(eax, &runtime);
1141   __ CmpObjectType(eax, JS_REGEXP_TYPE, ecx);
1142   __ j(not_equal, &runtime);
1143 
1144   // Check that the RegExp has been compiled (data contains a fixed array).
1145   __ mov(ecx, FieldOperand(eax, JSRegExp::kDataOffset));
1146   if (FLAG_debug_code) {
1147     __ test(ecx, Immediate(kSmiTagMask));
1148     __ Check(not_zero, kUnexpectedTypeForRegExpDataFixedArrayExpected);
1149     __ CmpObjectType(ecx, FIXED_ARRAY_TYPE, ebx);
1150     __ Check(equal, kUnexpectedTypeForRegExpDataFixedArrayExpected);
1151   }
1152 
1153   // ecx: RegExp data (FixedArray)
1154   // Check the type of the RegExp. Only continue if type is JSRegExp::IRREGEXP.
1155   __ mov(ebx, FieldOperand(ecx, JSRegExp::kDataTagOffset));
1156   __ cmp(ebx, Immediate(Smi::FromInt(JSRegExp::IRREGEXP)));
1157   __ j(not_equal, &runtime);
1158 
1159   // ecx: RegExp data (FixedArray)
1160   // Check that the number of captures fit in the static offsets vector buffer.
1161   __ mov(edx, FieldOperand(ecx, JSRegExp::kIrregexpCaptureCountOffset));
1162   // Check (number_of_captures + 1) * 2 <= offsets vector size
1163   // Or          number_of_captures * 2 <= offsets vector size - 2
1164   // Multiplying by 2 comes for free since edx is smi-tagged.
1165   STATIC_ASSERT(kSmiTag == 0);
1166   STATIC_ASSERT(kSmiTagSize + kSmiShiftSize == 1);
1167   STATIC_ASSERT(Isolate::kJSRegexpStaticOffsetsVectorSize >= 2);
1168   __ cmp(edx, Isolate::kJSRegexpStaticOffsetsVectorSize - 2);
1169   __ j(above, &runtime);
1170 
1171   // Reset offset for possibly sliced string.
1172   __ Move(edi, Immediate(0));
1173   __ mov(eax, Operand(esp, kSubjectOffset));
1174   __ JumpIfSmi(eax, &runtime);
1175   __ mov(edx, eax);  // Make a copy of the original subject string.
1176   __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
1177   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
1178 
1179   // eax: subject string
1180   // edx: subject string
1181   // ebx: subject string instance type
1182   // ecx: RegExp data (FixedArray)
1183   // Handle subject string according to its encoding and representation:
1184   // (1) Sequential two byte?  If yes, go to (9).
1185   // (2) Sequential one byte?  If yes, go to (6).
1186   // (3) Anything but sequential or cons?  If yes, go to (7).
1187   // (4) Cons string.  If the string is flat, replace subject with first string.
1188   //     Otherwise bailout.
1189   // (5a) Is subject sequential two byte?  If yes, go to (9).
1190   // (5b) Is subject external?  If yes, go to (8).
1191   // (6) One byte sequential.  Load regexp code for one byte.
1192   // (E) Carry on.
1193   /// [...]
1194 
1195   // Deferred code at the end of the stub:
1196   // (7) Not a long external string?  If yes, go to (10).
1197   // (8) External string.  Make it, offset-wise, look like a sequential string.
1198   // (8a) Is the external string one byte?  If yes, go to (6).
1199   // (9) Two byte sequential.  Load regexp code for one byte. Go to (E).
1200   // (10) Short external string or not a string?  If yes, bail out to runtime.
1201   // (11) Sliced string.  Replace subject with parent. Go to (5a).
1202 
1203   Label seq_one_byte_string /* 6 */, seq_two_byte_string /* 9 */,
1204         external_string /* 8 */, check_underlying /* 5a */,
1205         not_seq_nor_cons /* 7 */, check_code /* E */,
1206         not_long_external /* 10 */;
1207 
1208   // (1) Sequential two byte?  If yes, go to (9).
1209   __ and_(ebx, kIsNotStringMask |
1210                kStringRepresentationMask |
1211                kStringEncodingMask |
1212                kShortExternalStringMask);
1213   STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
1214   __ j(zero, &seq_two_byte_string);  // Go to (9).
1215 
1216   // (2) Sequential one byte?  If yes, go to (6).
1217   // Any other sequential string must be one byte.
1218   __ and_(ebx, Immediate(kIsNotStringMask |
1219                          kStringRepresentationMask |
1220                          kShortExternalStringMask));
1221   __ j(zero, &seq_one_byte_string, Label::kNear);  // Go to (6).
1222 
1223   // (3) Anything but sequential or cons?  If yes, go to (7).
1224   // We check whether the subject string is a cons, since sequential strings
1225   // have already been covered.
1226   STATIC_ASSERT(kConsStringTag < kExternalStringTag);
1227   STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
1228   STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
1229   STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
1230   __ cmp(ebx, Immediate(kExternalStringTag));
1231   __ j(greater_equal, &not_seq_nor_cons);  // Go to (7).
1232 
1233   // (4) Cons string.  Check that it's flat.
1234   // Replace subject with first string and reload instance type.
1235   __ cmp(FieldOperand(eax, ConsString::kSecondOffset), factory->empty_string());
1236   __ j(not_equal, &runtime);
1237   __ mov(eax, FieldOperand(eax, ConsString::kFirstOffset));
1238   __ bind(&check_underlying);
1239   __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
1240   __ mov(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
1241 
1242   // (5a) Is subject sequential two byte?  If yes, go to (9).
1243   __ test_b(ebx, kStringRepresentationMask | kStringEncodingMask);
1244   STATIC_ASSERT((kSeqStringTag | kTwoByteStringTag) == 0);
1245   __ j(zero, &seq_two_byte_string);  // Go to (9).
1246   // (5b) Is subject external?  If yes, go to (8).
1247   __ test_b(ebx, kStringRepresentationMask);
1248   // The underlying external string is never a short external string.
1249   STATIC_ASSERT(ExternalString::kMaxShortLength < ConsString::kMinLength);
1250   STATIC_ASSERT(ExternalString::kMaxShortLength < SlicedString::kMinLength);
1251   __ j(not_zero, &external_string);  // Go to (8).
1252 
1253   // eax: sequential subject string (or look-alike, external string)
1254   // edx: original subject string
1255   // ecx: RegExp data (FixedArray)
1256   // (6) One byte sequential.  Load regexp code for one byte.
1257   __ bind(&seq_one_byte_string);
1258   // Load previous index and check range before edx is overwritten.  We have
1259   // to use edx instead of eax here because it might have been only made to
1260   // look like a sequential string when it actually is an external string.
1261   __ mov(ebx, Operand(esp, kPreviousIndexOffset));
1262   __ JumpIfNotSmi(ebx, &runtime);
1263   __ cmp(ebx, FieldOperand(edx, String::kLengthOffset));
1264   __ j(above_equal, &runtime);
1265   __ mov(edx, FieldOperand(ecx, JSRegExp::kDataOneByteCodeOffset));
1266   __ Move(ecx, Immediate(1));  // Type is one byte.
1267 
1268   // (E) Carry on.  String handling is done.
1269   __ bind(&check_code);
1270   // edx: irregexp code
1271   // Check that the irregexp code has been generated for the actual string
1272   // encoding. If it has, the field contains a code object otherwise it contains
1273   // a smi (code flushing support).
1274   __ JumpIfSmi(edx, &runtime);
1275 
1276   // eax: subject string
1277   // ebx: previous index (smi)
1278   // edx: code
1279   // ecx: encoding of subject string (1 if one_byte, 0 if two_byte);
1280   // All checks done. Now push arguments for native regexp code.
1281   Counters* counters = isolate()->counters();
1282   __ IncrementCounter(counters->regexp_entry_native(), 1);
1283 
1284   // Isolates: note we add an additional parameter here (isolate pointer).
1285   static const int kRegExpExecuteArguments = 9;
1286   __ EnterApiExitFrame(kRegExpExecuteArguments);
1287 
1288   // Argument 9: Pass current isolate address.
1289   __ mov(Operand(esp, 8 * kPointerSize),
1290       Immediate(ExternalReference::isolate_address(isolate())));
1291 
1292   // Argument 8: Indicate that this is a direct call from JavaScript.
1293   __ mov(Operand(esp, 7 * kPointerSize), Immediate(1));
1294 
1295   // Argument 7: Start (high end) of backtracking stack memory area.
1296   __ mov(esi, Operand::StaticVariable(address_of_regexp_stack_memory_address));
1297   __ add(esi, Operand::StaticVariable(address_of_regexp_stack_memory_size));
1298   __ mov(Operand(esp, 6 * kPointerSize), esi);
1299 
1300   // Argument 6: Set the number of capture registers to zero to force global
1301   // regexps to behave as non-global.  This does not affect non-global regexps.
1302   __ mov(Operand(esp, 5 * kPointerSize), Immediate(0));
1303 
1304   // Argument 5: static offsets vector buffer.
1305   __ mov(Operand(esp, 4 * kPointerSize),
1306          Immediate(ExternalReference::address_of_static_offsets_vector(
1307              isolate())));
1308 
1309   // Argument 2: Previous index.
1310   __ SmiUntag(ebx);
1311   __ mov(Operand(esp, 1 * kPointerSize), ebx);
1312 
1313   // Argument 1: Original subject string.
1314   // The original subject is in the previous stack frame. Therefore we have to
1315   // use ebp, which points exactly to one pointer size below the previous esp.
1316   // (Because creating a new stack frame pushes the previous ebp onto the stack
1317   // and thereby moves up esp by one kPointerSize.)
1318   __ mov(esi, Operand(ebp, kSubjectOffset + kPointerSize));
1319   __ mov(Operand(esp, 0 * kPointerSize), esi);
1320 
1321   // esi: original subject string
1322   // eax: underlying subject string
1323   // ebx: previous index
1324   // ecx: encoding of subject string (1 if one_byte 0 if two_byte);
1325   // edx: code
1326   // Argument 4: End of string data
1327   // Argument 3: Start of string data
1328   // Prepare start and end index of the input.
1329   // Load the length from the original sliced string if that is the case.
1330   __ mov(esi, FieldOperand(esi, String::kLengthOffset));
1331   __ add(esi, edi);  // Calculate input end wrt offset.
1332   __ SmiUntag(edi);
1333   __ add(ebx, edi);  // Calculate input start wrt offset.
1334 
1335   // ebx: start index of the input string
1336   // esi: end index of the input string
1337   Label setup_two_byte, setup_rest;
1338   __ test(ecx, ecx);
1339   __ j(zero, &setup_two_byte, Label::kNear);
1340   __ SmiUntag(esi);
1341   __ lea(ecx, FieldOperand(eax, esi, times_1, SeqOneByteString::kHeaderSize));
1342   __ mov(Operand(esp, 3 * kPointerSize), ecx);  // Argument 4.
1343   __ lea(ecx, FieldOperand(eax, ebx, times_1, SeqOneByteString::kHeaderSize));
1344   __ mov(Operand(esp, 2 * kPointerSize), ecx);  // Argument 3.
1345   __ jmp(&setup_rest, Label::kNear);
1346 
1347   __ bind(&setup_two_byte);
1348   STATIC_ASSERT(kSmiTag == 0);
1349   STATIC_ASSERT(kSmiTagSize == 1);  // esi is smi (powered by 2).
1350   __ lea(ecx, FieldOperand(eax, esi, times_1, SeqTwoByteString::kHeaderSize));
1351   __ mov(Operand(esp, 3 * kPointerSize), ecx);  // Argument 4.
1352   __ lea(ecx, FieldOperand(eax, ebx, times_2, SeqTwoByteString::kHeaderSize));
1353   __ mov(Operand(esp, 2 * kPointerSize), ecx);  // Argument 3.
1354 
1355   __ bind(&setup_rest);
1356 
1357   // Locate the code entry and call it.
1358   __ add(edx, Immediate(Code::kHeaderSize - kHeapObjectTag));
1359   __ call(edx);
1360 
1361   // Drop arguments and come back to JS mode.
1362   __ LeaveApiExitFrame(true);
1363 
1364   // Check the result.
1365   Label success;
1366   __ cmp(eax, 1);
1367   // We expect exactly one result since we force the called regexp to behave
1368   // as non-global.
1369   __ j(equal, &success);
1370   Label failure;
1371   __ cmp(eax, NativeRegExpMacroAssembler::FAILURE);
1372   __ j(equal, &failure);
1373   __ cmp(eax, NativeRegExpMacroAssembler::EXCEPTION);
1374   // If not exception it can only be retry. Handle that in the runtime system.
1375   __ j(not_equal, &runtime);
1376   // Result must now be exception. If there is no pending exception already a
1377   // stack overflow (on the backtrack stack) was detected in RegExp code but
1378   // haven't created the exception yet. Handle that in the runtime system.
1379   // TODO(592): Rerunning the RegExp to get the stack overflow exception.
1380   ExternalReference pending_exception(Isolate::kPendingExceptionAddress,
1381                                       isolate());
1382   __ mov(edx, Immediate(isolate()->factory()->the_hole_value()));
1383   __ mov(eax, Operand::StaticVariable(pending_exception));
1384   __ cmp(edx, eax);
1385   __ j(equal, &runtime);
1386   // For exception, throw the exception again.
1387 
1388   // Clear the pending exception variable.
1389   __ mov(Operand::StaticVariable(pending_exception), edx);
1390 
1391   // Special handling of termination exceptions which are uncatchable
1392   // by javascript code.
1393   __ cmp(eax, factory->termination_exception());
1394   Label throw_termination_exception;
1395   __ j(equal, &throw_termination_exception, Label::kNear);
1396 
1397   // Handle normal exception by following handler chain.
1398   __ Throw(eax);
1399 
1400   __ bind(&throw_termination_exception);
1401   __ ThrowUncatchable(eax);
1402 
1403   __ bind(&failure);
1404   // For failure to match, return null.
1405   __ mov(eax, factory->null_value());
1406   __ ret(4 * kPointerSize);
1407 
1408   // Load RegExp data.
1409   __ bind(&success);
1410   __ mov(eax, Operand(esp, kJSRegExpOffset));
1411   __ mov(ecx, FieldOperand(eax, JSRegExp::kDataOffset));
1412   __ mov(edx, FieldOperand(ecx, JSRegExp::kIrregexpCaptureCountOffset));
1413   // Calculate number of capture registers (number_of_captures + 1) * 2.
1414   STATIC_ASSERT(kSmiTag == 0);
1415   STATIC_ASSERT(kSmiTagSize + kSmiShiftSize == 1);
1416   __ add(edx, Immediate(2));  // edx was a smi.
1417 
1418   // edx: Number of capture registers
1419   // Load last_match_info which is still known to be a fast case JSArray.
1420   // Check that the fourth object is a JSArray object.
1421   __ mov(eax, Operand(esp, kLastMatchInfoOffset));
1422   __ JumpIfSmi(eax, &runtime);
1423   __ CmpObjectType(eax, JS_ARRAY_TYPE, ebx);
1424   __ j(not_equal, &runtime);
1425   // Check that the JSArray is in fast case.
1426   __ mov(ebx, FieldOperand(eax, JSArray::kElementsOffset));
1427   __ mov(eax, FieldOperand(ebx, HeapObject::kMapOffset));
1428   __ cmp(eax, factory->fixed_array_map());
1429   __ j(not_equal, &runtime);
1430   // Check that the last match info has space for the capture registers and the
1431   // additional information.
1432   __ mov(eax, FieldOperand(ebx, FixedArray::kLengthOffset));
1433   __ SmiUntag(eax);
1434   __ sub(eax, Immediate(RegExpImpl::kLastMatchOverhead));
1435   __ cmp(edx, eax);
1436   __ j(greater, &runtime);
1437 
1438   // ebx: last_match_info backing store (FixedArray)
1439   // edx: number of capture registers
1440   // Store the capture count.
1441   __ SmiTag(edx);  // Number of capture registers to smi.
1442   __ mov(FieldOperand(ebx, RegExpImpl::kLastCaptureCountOffset), edx);
1443   __ SmiUntag(edx);  // Number of capture registers back from smi.
1444   // Store last subject and last input.
1445   __ mov(eax, Operand(esp, kSubjectOffset));
1446   __ mov(ecx, eax);
1447   __ mov(FieldOperand(ebx, RegExpImpl::kLastSubjectOffset), eax);
1448   __ RecordWriteField(ebx,
1449                       RegExpImpl::kLastSubjectOffset,
1450                       eax,
1451                       edi,
1452                       kDontSaveFPRegs);
1453   __ mov(eax, ecx);
1454   __ mov(FieldOperand(ebx, RegExpImpl::kLastInputOffset), eax);
1455   __ RecordWriteField(ebx,
1456                       RegExpImpl::kLastInputOffset,
1457                       eax,
1458                       edi,
1459                       kDontSaveFPRegs);
1460 
1461   // Get the static offsets vector filled by the native regexp code.
1462   ExternalReference address_of_static_offsets_vector =
1463       ExternalReference::address_of_static_offsets_vector(isolate());
1464   __ mov(ecx, Immediate(address_of_static_offsets_vector));
1465 
1466   // ebx: last_match_info backing store (FixedArray)
1467   // ecx: offsets vector
1468   // edx: number of capture registers
1469   Label next_capture, done;
1470   // Capture register counter starts from number of capture registers and
1471   // counts down until wraping after zero.
1472   __ bind(&next_capture);
1473   __ sub(edx, Immediate(1));
1474   __ j(negative, &done, Label::kNear);
1475   // Read the value from the static offsets vector buffer.
1476   __ mov(edi, Operand(ecx, edx, times_int_size, 0));
1477   __ SmiTag(edi);
1478   // Store the smi value in the last match info.
1479   __ mov(FieldOperand(ebx,
1480                       edx,
1481                       times_pointer_size,
1482                       RegExpImpl::kFirstCaptureOffset),
1483                       edi);
1484   __ jmp(&next_capture);
1485   __ bind(&done);
1486 
1487   // Return last match info.
1488   __ mov(eax, Operand(esp, kLastMatchInfoOffset));
1489   __ ret(4 * kPointerSize);
1490 
1491   // Do the runtime call to execute the regexp.
1492   __ bind(&runtime);
1493   __ TailCallRuntime(Runtime::kRegExpExecRT, 4, 1);
1494 
1495   // Deferred code for string handling.
1496   // (7) Not a long external string?  If yes, go to (10).
1497   __ bind(&not_seq_nor_cons);
1498   // Compare flags are still set from (3).
1499   __ j(greater, &not_long_external, Label::kNear);  // Go to (10).
1500 
1501   // (8) External string.  Short external strings have been ruled out.
1502   __ bind(&external_string);
1503   // Reload instance type.
1504   __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset));
1505   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
1506   if (FLAG_debug_code) {
1507     // Assert that we do not have a cons or slice (indirect strings) here.
1508     // Sequential strings have already been ruled out.
1509     __ test_b(ebx, kIsIndirectStringMask);
1510     __ Assert(zero, kExternalStringExpectedButNotFound);
1511   }
1512   __ mov(eax, FieldOperand(eax, ExternalString::kResourceDataOffset));
1513   // Move the pointer so that offset-wise, it looks like a sequential string.
1514   STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
1515   __ sub(eax, Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
1516   STATIC_ASSERT(kTwoByteStringTag == 0);
1517   // (8a) Is the external string one byte?  If yes, go to (6).
1518   __ test_b(ebx, kStringEncodingMask);
1519   __ j(not_zero, &seq_one_byte_string);  // Goto (6).
1520 
1521   // eax: sequential subject string (or look-alike, external string)
1522   // edx: original subject string
1523   // ecx: RegExp data (FixedArray)
1524   // (9) Two byte sequential.  Load regexp code for one byte. Go to (E).
1525   __ bind(&seq_two_byte_string);
1526   // Load previous index and check range before edx is overwritten.  We have
1527   // to use edx instead of eax here because it might have been only made to
1528   // look like a sequential string when it actually is an external string.
1529   __ mov(ebx, Operand(esp, kPreviousIndexOffset));
1530   __ JumpIfNotSmi(ebx, &runtime);
1531   __ cmp(ebx, FieldOperand(edx, String::kLengthOffset));
1532   __ j(above_equal, &runtime);
1533   __ mov(edx, FieldOperand(ecx, JSRegExp::kDataUC16CodeOffset));
1534   __ Move(ecx, Immediate(0));  // Type is two byte.
1535   __ jmp(&check_code);  // Go to (E).
1536 
1537   // (10) Not a string or a short external string?  If yes, bail out to runtime.
1538   __ bind(&not_long_external);
1539   // Catch non-string subject or short external string.
1540   STATIC_ASSERT(kNotStringTag != 0 && kShortExternalStringTag !=0);
1541   __ test(ebx, Immediate(kIsNotStringMask | kShortExternalStringTag));
1542   __ j(not_zero, &runtime);
1543 
1544   // (11) Sliced string.  Replace subject with parent.  Go to (5a).
1545   // Load offset into edi and replace subject string with parent.
1546   __ mov(edi, FieldOperand(eax, SlicedString::kOffsetOffset));
1547   __ mov(eax, FieldOperand(eax, SlicedString::kParentOffset));
1548   __ jmp(&check_underlying);  // Go to (5a).
1549 #endif  // V8_INTERPRETED_REGEXP
1550 }
1551 
1552 
NegativeComparisonResult(Condition cc)1553 static int NegativeComparisonResult(Condition cc) {
1554   DCHECK(cc != equal);
1555   DCHECK((cc == less) || (cc == less_equal)
1556       || (cc == greater) || (cc == greater_equal));
1557   return (cc == greater || cc == greater_equal) ? LESS : GREATER;
1558 }
1559 
1560 
CheckInputType(MacroAssembler * masm,Register input,CompareICState::State expected,Label * fail)1561 static void CheckInputType(MacroAssembler* masm, Register input,
1562                            CompareICState::State expected, Label* fail) {
1563   Label ok;
1564   if (expected == CompareICState::SMI) {
1565     __ JumpIfNotSmi(input, fail);
1566   } else if (expected == CompareICState::NUMBER) {
1567     __ JumpIfSmi(input, &ok);
1568     __ cmp(FieldOperand(input, HeapObject::kMapOffset),
1569            Immediate(masm->isolate()->factory()->heap_number_map()));
1570     __ j(not_equal, fail);
1571   }
1572   // We could be strict about internalized/non-internalized here, but as long as
1573   // hydrogen doesn't care, the stub doesn't have to care either.
1574   __ bind(&ok);
1575 }
1576 
1577 
BranchIfNotInternalizedString(MacroAssembler * masm,Label * label,Register object,Register scratch)1578 static void BranchIfNotInternalizedString(MacroAssembler* masm,
1579                                           Label* label,
1580                                           Register object,
1581                                           Register scratch) {
1582   __ JumpIfSmi(object, label);
1583   __ mov(scratch, FieldOperand(object, HeapObject::kMapOffset));
1584   __ movzx_b(scratch, FieldOperand(scratch, Map::kInstanceTypeOffset));
1585   STATIC_ASSERT(kInternalizedTag == 0 && kStringTag == 0);
1586   __ test(scratch, Immediate(kIsNotStringMask | kIsNotInternalizedMask));
1587   __ j(not_zero, label);
1588 }
1589 
1590 
GenerateGeneric(MacroAssembler * masm)1591 void CompareICStub::GenerateGeneric(MacroAssembler* masm) {
1592   Label check_unequal_objects;
1593   Condition cc = GetCondition();
1594 
1595   Label miss;
1596   CheckInputType(masm, edx, left(), &miss);
1597   CheckInputType(masm, eax, right(), &miss);
1598 
1599   // Compare two smis.
1600   Label non_smi, smi_done;
1601   __ mov(ecx, edx);
1602   __ or_(ecx, eax);
1603   __ JumpIfNotSmi(ecx, &non_smi, Label::kNear);
1604   __ sub(edx, eax);  // Return on the result of the subtraction.
1605   __ j(no_overflow, &smi_done, Label::kNear);
1606   __ not_(edx);  // Correct sign in case of overflow. edx is never 0 here.
1607   __ bind(&smi_done);
1608   __ mov(eax, edx);
1609   __ ret(0);
1610   __ bind(&non_smi);
1611 
1612   // NOTICE! This code is only reached after a smi-fast-case check, so
1613   // it is certain that at least one operand isn't a smi.
1614 
1615   // Identical objects can be compared fast, but there are some tricky cases
1616   // for NaN and undefined.
1617   Label generic_heap_number_comparison;
1618   {
1619     Label not_identical;
1620     __ cmp(eax, edx);
1621     __ j(not_equal, &not_identical);
1622 
1623     if (cc != equal) {
1624       // Check for undefined.  undefined OP undefined is false even though
1625       // undefined == undefined.
1626       Label check_for_nan;
1627       __ cmp(edx, isolate()->factory()->undefined_value());
1628       __ j(not_equal, &check_for_nan, Label::kNear);
1629       __ Move(eax, Immediate(Smi::FromInt(NegativeComparisonResult(cc))));
1630       __ ret(0);
1631       __ bind(&check_for_nan);
1632     }
1633 
1634     // Test for NaN. Compare heap numbers in a general way,
1635     // to hanlde NaNs correctly.
1636     __ cmp(FieldOperand(edx, HeapObject::kMapOffset),
1637            Immediate(isolate()->factory()->heap_number_map()));
1638     __ j(equal, &generic_heap_number_comparison, Label::kNear);
1639     if (cc != equal) {
1640       // Call runtime on identical JSObjects.  Otherwise return equal.
1641       __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
1642       __ j(above_equal, &not_identical);
1643     }
1644     __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
1645     __ ret(0);
1646 
1647 
1648     __ bind(&not_identical);
1649   }
1650 
1651   // Strict equality can quickly decide whether objects are equal.
1652   // Non-strict object equality is slower, so it is handled later in the stub.
1653   if (cc == equal && strict()) {
1654     Label slow;  // Fallthrough label.
1655     Label not_smis;
1656     // If we're doing a strict equality comparison, we don't have to do
1657     // type conversion, so we generate code to do fast comparison for objects
1658     // and oddballs. Non-smi numbers and strings still go through the usual
1659     // slow-case code.
1660     // If either is a Smi (we know that not both are), then they can only
1661     // be equal if the other is a HeapNumber. If so, use the slow case.
1662     STATIC_ASSERT(kSmiTag == 0);
1663     DCHECK_EQ(0, Smi::FromInt(0));
1664     __ mov(ecx, Immediate(kSmiTagMask));
1665     __ and_(ecx, eax);
1666     __ test(ecx, edx);
1667     __ j(not_zero, &not_smis, Label::kNear);
1668     // One operand is a smi.
1669 
1670     // Check whether the non-smi is a heap number.
1671     STATIC_ASSERT(kSmiTagMask == 1);
1672     // ecx still holds eax & kSmiTag, which is either zero or one.
1673     __ sub(ecx, Immediate(0x01));
1674     __ mov(ebx, edx);
1675     __ xor_(ebx, eax);
1676     __ and_(ebx, ecx);  // ebx holds either 0 or eax ^ edx.
1677     __ xor_(ebx, eax);
1678     // if eax was smi, ebx is now edx, else eax.
1679 
1680     // Check if the non-smi operand is a heap number.
1681     __ cmp(FieldOperand(ebx, HeapObject::kMapOffset),
1682            Immediate(isolate()->factory()->heap_number_map()));
1683     // If heap number, handle it in the slow case.
1684     __ j(equal, &slow, Label::kNear);
1685     // Return non-equal (ebx is not zero)
1686     __ mov(eax, ebx);
1687     __ ret(0);
1688 
1689     __ bind(&not_smis);
1690     // If either operand is a JSObject or an oddball value, then they are not
1691     // equal since their pointers are different
1692     // There is no test for undetectability in strict equality.
1693 
1694     // Get the type of the first operand.
1695     // If the first object is a JS object, we have done pointer comparison.
1696     Label first_non_object;
1697     STATIC_ASSERT(LAST_TYPE == LAST_SPEC_OBJECT_TYPE);
1698     __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
1699     __ j(below, &first_non_object, Label::kNear);
1700 
1701     // Return non-zero (eax is not zero)
1702     Label return_not_equal;
1703     STATIC_ASSERT(kHeapObjectTag != 0);
1704     __ bind(&return_not_equal);
1705     __ ret(0);
1706 
1707     __ bind(&first_non_object);
1708     // Check for oddballs: true, false, null, undefined.
1709     __ CmpInstanceType(ecx, ODDBALL_TYPE);
1710     __ j(equal, &return_not_equal);
1711 
1712     __ CmpObjectType(edx, FIRST_SPEC_OBJECT_TYPE, ecx);
1713     __ j(above_equal, &return_not_equal);
1714 
1715     // Check for oddballs: true, false, null, undefined.
1716     __ CmpInstanceType(ecx, ODDBALL_TYPE);
1717     __ j(equal, &return_not_equal);
1718 
1719     // Fall through to the general case.
1720     __ bind(&slow);
1721   }
1722 
1723   // Generate the number comparison code.
1724   Label non_number_comparison;
1725   Label unordered;
1726   __ bind(&generic_heap_number_comparison);
1727 
1728   FloatingPointHelper::LoadSSE2Operands(masm, &non_number_comparison);
1729   __ ucomisd(xmm0, xmm1);
1730   // Don't base result on EFLAGS when a NaN is involved.
1731   __ j(parity_even, &unordered, Label::kNear);
1732 
1733   __ mov(eax, 0);  // equal
1734   __ mov(ecx, Immediate(Smi::FromInt(1)));
1735   __ cmov(above, eax, ecx);
1736   __ mov(ecx, Immediate(Smi::FromInt(-1)));
1737   __ cmov(below, eax, ecx);
1738   __ ret(0);
1739 
1740   // If one of the numbers was NaN, then the result is always false.
1741   // The cc is never not-equal.
1742   __ bind(&unordered);
1743   DCHECK(cc != not_equal);
1744   if (cc == less || cc == less_equal) {
1745     __ mov(eax, Immediate(Smi::FromInt(1)));
1746   } else {
1747     __ mov(eax, Immediate(Smi::FromInt(-1)));
1748   }
1749   __ ret(0);
1750 
1751   // The number comparison code did not provide a valid result.
1752   __ bind(&non_number_comparison);
1753 
1754   // Fast negative check for internalized-to-internalized equality.
1755   Label check_for_strings;
1756   if (cc == equal) {
1757     BranchIfNotInternalizedString(masm, &check_for_strings, eax, ecx);
1758     BranchIfNotInternalizedString(masm, &check_for_strings, edx, ecx);
1759 
1760     // We've already checked for object identity, so if both operands
1761     // are internalized they aren't equal. Register eax already holds a
1762     // non-zero value, which indicates not equal, so just return.
1763     __ ret(0);
1764   }
1765 
1766   __ bind(&check_for_strings);
1767 
1768   __ JumpIfNotBothSequentialOneByteStrings(edx, eax, ecx, ebx,
1769                                            &check_unequal_objects);
1770 
1771   // Inline comparison of one-byte strings.
1772   if (cc == equal) {
1773     StringHelper::GenerateFlatOneByteStringEquals(masm, edx, eax, ecx, ebx);
1774   } else {
1775     StringHelper::GenerateCompareFlatOneByteStrings(masm, edx, eax, ecx, ebx,
1776                                                     edi);
1777   }
1778 #ifdef DEBUG
1779   __ Abort(kUnexpectedFallThroughFromStringComparison);
1780 #endif
1781 
1782   __ bind(&check_unequal_objects);
1783   if (cc == equal && !strict()) {
1784     // Non-strict equality.  Objects are unequal if
1785     // they are both JSObjects and not undetectable,
1786     // and their pointers are different.
1787     Label not_both_objects;
1788     Label return_unequal;
1789     // At most one is a smi, so we can test for smi by adding the two.
1790     // A smi plus a heap object has the low bit set, a heap object plus
1791     // a heap object has the low bit clear.
1792     STATIC_ASSERT(kSmiTag == 0);
1793     STATIC_ASSERT(kSmiTagMask == 1);
1794     __ lea(ecx, Operand(eax, edx, times_1, 0));
1795     __ test(ecx, Immediate(kSmiTagMask));
1796     __ j(not_zero, &not_both_objects, Label::kNear);
1797     __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
1798     __ j(below, &not_both_objects, Label::kNear);
1799     __ CmpObjectType(edx, FIRST_SPEC_OBJECT_TYPE, ebx);
1800     __ j(below, &not_both_objects, Label::kNear);
1801     // We do not bail out after this point.  Both are JSObjects, and
1802     // they are equal if and only if both are undetectable.
1803     // The and of the undetectable flags is 1 if and only if they are equal.
1804     __ test_b(FieldOperand(ecx, Map::kBitFieldOffset),
1805               1 << Map::kIsUndetectable);
1806     __ j(zero, &return_unequal, Label::kNear);
1807     __ test_b(FieldOperand(ebx, Map::kBitFieldOffset),
1808               1 << Map::kIsUndetectable);
1809     __ j(zero, &return_unequal, Label::kNear);
1810     // The objects are both undetectable, so they both compare as the value
1811     // undefined, and are equal.
1812     __ Move(eax, Immediate(EQUAL));
1813     __ bind(&return_unequal);
1814     // Return non-equal by returning the non-zero object pointer in eax,
1815     // or return equal if we fell through to here.
1816     __ ret(0);  // rax, rdx were pushed
1817     __ bind(&not_both_objects);
1818   }
1819 
1820   // Push arguments below the return address.
1821   __ pop(ecx);
1822   __ push(edx);
1823   __ push(eax);
1824 
1825   // Figure out which native to call and setup the arguments.
1826   Builtins::JavaScript builtin;
1827   if (cc == equal) {
1828     builtin = strict() ? Builtins::STRICT_EQUALS : Builtins::EQUALS;
1829   } else {
1830     builtin = Builtins::COMPARE;
1831     __ push(Immediate(Smi::FromInt(NegativeComparisonResult(cc))));
1832   }
1833 
1834   // Restore return address on the stack.
1835   __ push(ecx);
1836 
1837   // Call the native; it returns -1 (less), 0 (equal), or 1 (greater)
1838   // tagged as a small integer.
1839   __ InvokeBuiltin(builtin, JUMP_FUNCTION);
1840 
1841   __ bind(&miss);
1842   GenerateMiss(masm);
1843 }
1844 
1845 
GenerateRecordCallTarget(MacroAssembler * masm)1846 static void GenerateRecordCallTarget(MacroAssembler* masm) {
1847   // Cache the called function in a feedback vector slot.  Cache states
1848   // are uninitialized, monomorphic (indicated by a JSFunction), and
1849   // megamorphic.
1850   // eax : number of arguments to the construct function
1851   // ebx : Feedback vector
1852   // edx : slot in feedback vector (Smi)
1853   // edi : the function to call
1854   Isolate* isolate = masm->isolate();
1855   Label initialize, done, miss, megamorphic, not_array_function;
1856 
1857   // Load the cache state into ecx.
1858   __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
1859                            FixedArray::kHeaderSize));
1860 
1861   // A monomorphic cache hit or an already megamorphic state: invoke the
1862   // function without changing the state.
1863   __ cmp(ecx, edi);
1864   __ j(equal, &done, Label::kFar);
1865   __ cmp(ecx, Immediate(TypeFeedbackVector::MegamorphicSentinel(isolate)));
1866   __ j(equal, &done, Label::kFar);
1867 
1868   if (!FLAG_pretenuring_call_new) {
1869     // If we came here, we need to see if we are the array function.
1870     // If we didn't have a matching function, and we didn't find the megamorph
1871     // sentinel, then we have in the slot either some other function or an
1872     // AllocationSite. Do a map check on the object in ecx.
1873     Handle<Map> allocation_site_map = isolate->factory()->allocation_site_map();
1874     __ cmp(FieldOperand(ecx, 0), Immediate(allocation_site_map));
1875     __ j(not_equal, &miss);
1876 
1877     // Make sure the function is the Array() function
1878     __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx);
1879     __ cmp(edi, ecx);
1880     __ j(not_equal, &megamorphic);
1881     __ jmp(&done, Label::kFar);
1882   }
1883 
1884   __ bind(&miss);
1885 
1886   // A monomorphic miss (i.e, here the cache is not uninitialized) goes
1887   // megamorphic.
1888   __ cmp(ecx, Immediate(TypeFeedbackVector::UninitializedSentinel(isolate)));
1889   __ j(equal, &initialize);
1890   // MegamorphicSentinel is an immortal immovable object (undefined) so no
1891   // write-barrier is needed.
1892   __ bind(&megamorphic);
1893   __ mov(
1894       FieldOperand(ebx, edx, times_half_pointer_size, FixedArray::kHeaderSize),
1895       Immediate(TypeFeedbackVector::MegamorphicSentinel(isolate)));
1896   __ jmp(&done, Label::kFar);
1897 
1898   // An uninitialized cache is patched with the function or sentinel to
1899   // indicate the ElementsKind if function is the Array constructor.
1900   __ bind(&initialize);
1901   if (!FLAG_pretenuring_call_new) {
1902     // Make sure the function is the Array() function
1903     __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx);
1904     __ cmp(edi, ecx);
1905     __ j(not_equal, &not_array_function);
1906 
1907     // The target function is the Array constructor,
1908     // Create an AllocationSite if we don't already have it, store it in the
1909     // slot.
1910     {
1911       FrameScope scope(masm, StackFrame::INTERNAL);
1912 
1913       // Arguments register must be smi-tagged to call out.
1914       __ SmiTag(eax);
1915       __ push(eax);
1916       __ push(edi);
1917       __ push(edx);
1918       __ push(ebx);
1919 
1920       CreateAllocationSiteStub create_stub(isolate);
1921       __ CallStub(&create_stub);
1922 
1923       __ pop(ebx);
1924       __ pop(edx);
1925       __ pop(edi);
1926       __ pop(eax);
1927       __ SmiUntag(eax);
1928     }
1929     __ jmp(&done);
1930 
1931     __ bind(&not_array_function);
1932   }
1933 
1934   __ mov(FieldOperand(ebx, edx, times_half_pointer_size,
1935                       FixedArray::kHeaderSize),
1936          edi);
1937   // We won't need edx or ebx anymore, just save edi
1938   __ push(edi);
1939   __ push(ebx);
1940   __ push(edx);
1941   __ RecordWriteArray(ebx, edi, edx, kDontSaveFPRegs,
1942                       EMIT_REMEMBERED_SET, OMIT_SMI_CHECK);
1943   __ pop(edx);
1944   __ pop(ebx);
1945   __ pop(edi);
1946 
1947   __ bind(&done);
1948 }
1949 
1950 
EmitContinueIfStrictOrNative(MacroAssembler * masm,Label * cont)1951 static void EmitContinueIfStrictOrNative(MacroAssembler* masm, Label* cont) {
1952   // Do not transform the receiver for strict mode functions.
1953   __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
1954   __ test_b(FieldOperand(ecx, SharedFunctionInfo::kStrictModeByteOffset),
1955             1 << SharedFunctionInfo::kStrictModeBitWithinByte);
1956   __ j(not_equal, cont);
1957 
1958   // Do not transform the receiver for natives (shared already in ecx).
1959   __ test_b(FieldOperand(ecx, SharedFunctionInfo::kNativeByteOffset),
1960             1 << SharedFunctionInfo::kNativeBitWithinByte);
1961   __ j(not_equal, cont);
1962 }
1963 
1964 
EmitSlowCase(Isolate * isolate,MacroAssembler * masm,int argc,Label * non_function)1965 static void EmitSlowCase(Isolate* isolate,
1966                          MacroAssembler* masm,
1967                          int argc,
1968                          Label* non_function) {
1969   // Check for function proxy.
1970   __ CmpInstanceType(ecx, JS_FUNCTION_PROXY_TYPE);
1971   __ j(not_equal, non_function);
1972   __ pop(ecx);
1973   __ push(edi);  // put proxy as additional argument under return address
1974   __ push(ecx);
1975   __ Move(eax, Immediate(argc + 1));
1976   __ Move(ebx, Immediate(0));
1977   __ GetBuiltinEntry(edx, Builtins::CALL_FUNCTION_PROXY);
1978   {
1979     Handle<Code> adaptor = isolate->builtins()->ArgumentsAdaptorTrampoline();
1980     __ jmp(adaptor, RelocInfo::CODE_TARGET);
1981   }
1982 
1983   // CALL_NON_FUNCTION expects the non-function callee as receiver (instead
1984   // of the original receiver from the call site).
1985   __ bind(non_function);
1986   __ mov(Operand(esp, (argc + 1) * kPointerSize), edi);
1987   __ Move(eax, Immediate(argc));
1988   __ Move(ebx, Immediate(0));
1989   __ GetBuiltinEntry(edx, Builtins::CALL_NON_FUNCTION);
1990   Handle<Code> adaptor = isolate->builtins()->ArgumentsAdaptorTrampoline();
1991   __ jmp(adaptor, RelocInfo::CODE_TARGET);
1992 }
1993 
1994 
EmitWrapCase(MacroAssembler * masm,int argc,Label * cont)1995 static void EmitWrapCase(MacroAssembler* masm, int argc, Label* cont) {
1996   // Wrap the receiver and patch it back onto the stack.
1997   { FrameScope frame_scope(masm, StackFrame::INTERNAL);
1998     __ push(edi);
1999     __ push(eax);
2000     __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
2001     __ pop(edi);
2002   }
2003   __ mov(Operand(esp, (argc + 1) * kPointerSize), eax);
2004   __ jmp(cont);
2005 }
2006 
2007 
CallFunctionNoFeedback(MacroAssembler * masm,int argc,bool needs_checks,bool call_as_method)2008 static void CallFunctionNoFeedback(MacroAssembler* masm,
2009                                    int argc, bool needs_checks,
2010                                    bool call_as_method) {
2011   // edi : the function to call
2012   Label slow, non_function, wrap, cont;
2013 
2014   if (needs_checks) {
2015     // Check that the function really is a JavaScript function.
2016     __ JumpIfSmi(edi, &non_function);
2017 
2018     // Goto slow case if we do not have a function.
2019     __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
2020     __ j(not_equal, &slow);
2021   }
2022 
2023   // Fast-case: Just invoke the function.
2024   ParameterCount actual(argc);
2025 
2026   if (call_as_method) {
2027     if (needs_checks) {
2028       EmitContinueIfStrictOrNative(masm, &cont);
2029     }
2030 
2031     // Load the receiver from the stack.
2032     __ mov(eax, Operand(esp, (argc + 1) * kPointerSize));
2033 
2034     if (needs_checks) {
2035       __ JumpIfSmi(eax, &wrap);
2036 
2037       __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
2038       __ j(below, &wrap);
2039     } else {
2040       __ jmp(&wrap);
2041     }
2042 
2043     __ bind(&cont);
2044   }
2045 
2046   __ InvokeFunction(edi, actual, JUMP_FUNCTION, NullCallWrapper());
2047 
2048   if (needs_checks) {
2049     // Slow-case: Non-function called.
2050     __ bind(&slow);
2051     // (non_function is bound in EmitSlowCase)
2052     EmitSlowCase(masm->isolate(), masm, argc, &non_function);
2053   }
2054 
2055   if (call_as_method) {
2056     __ bind(&wrap);
2057     EmitWrapCase(masm, argc, &cont);
2058   }
2059 }
2060 
2061 
Generate(MacroAssembler * masm)2062 void CallFunctionStub::Generate(MacroAssembler* masm) {
2063   CallFunctionNoFeedback(masm, argc(), NeedsChecks(), CallAsMethod());
2064 }
2065 
2066 
Generate(MacroAssembler * masm)2067 void CallConstructStub::Generate(MacroAssembler* masm) {
2068   // eax : number of arguments
2069   // ebx : feedback vector
2070   // edx : (only if ebx is not the megamorphic symbol) slot in feedback
2071   //       vector (Smi)
2072   // edi : constructor function
2073   Label slow, non_function_call;
2074 
2075   // Check that function is not a smi.
2076   __ JumpIfSmi(edi, &non_function_call);
2077   // Check that function is a JSFunction.
2078   __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
2079   __ j(not_equal, &slow);
2080 
2081   if (RecordCallTarget()) {
2082     GenerateRecordCallTarget(masm);
2083 
2084     if (FLAG_pretenuring_call_new) {
2085       // Put the AllocationSite from the feedback vector into ebx.
2086       // By adding kPointerSize we encode that we know the AllocationSite
2087       // entry is at the feedback vector slot given by edx + 1.
2088       __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size,
2089                                FixedArray::kHeaderSize + kPointerSize));
2090     } else {
2091       Label feedback_register_initialized;
2092       // Put the AllocationSite from the feedback vector into ebx, or undefined.
2093       __ mov(ebx, FieldOperand(ebx, edx, times_half_pointer_size,
2094                                FixedArray::kHeaderSize));
2095       Handle<Map> allocation_site_map =
2096           isolate()->factory()->allocation_site_map();
2097       __ cmp(FieldOperand(ebx, 0), Immediate(allocation_site_map));
2098       __ j(equal, &feedback_register_initialized);
2099       __ mov(ebx, isolate()->factory()->undefined_value());
2100       __ bind(&feedback_register_initialized);
2101     }
2102 
2103     __ AssertUndefinedOrAllocationSite(ebx);
2104   }
2105 
2106   // Jump to the function-specific construct stub.
2107   Register jmp_reg = ecx;
2108   __ mov(jmp_reg, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
2109   __ mov(jmp_reg, FieldOperand(jmp_reg,
2110                                SharedFunctionInfo::kConstructStubOffset));
2111   __ lea(jmp_reg, FieldOperand(jmp_reg, Code::kHeaderSize));
2112   __ jmp(jmp_reg);
2113 
2114   // edi: called object
2115   // eax: number of arguments
2116   // ecx: object map
2117   Label do_call;
2118   __ bind(&slow);
2119   __ CmpInstanceType(ecx, JS_FUNCTION_PROXY_TYPE);
2120   __ j(not_equal, &non_function_call);
2121   __ GetBuiltinEntry(edx, Builtins::CALL_FUNCTION_PROXY_AS_CONSTRUCTOR);
2122   __ jmp(&do_call);
2123 
2124   __ bind(&non_function_call);
2125   __ GetBuiltinEntry(edx, Builtins::CALL_NON_FUNCTION_AS_CONSTRUCTOR);
2126   __ bind(&do_call);
2127   // Set expected number of arguments to zero (not changing eax).
2128   __ Move(ebx, Immediate(0));
2129   Handle<Code> arguments_adaptor =
2130       isolate()->builtins()->ArgumentsAdaptorTrampoline();
2131   __ jmp(arguments_adaptor, RelocInfo::CODE_TARGET);
2132 }
2133 
2134 
EmitLoadTypeFeedbackVector(MacroAssembler * masm,Register vector)2135 static void EmitLoadTypeFeedbackVector(MacroAssembler* masm, Register vector) {
2136   __ mov(vector, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
2137   __ mov(vector, FieldOperand(vector, JSFunction::kSharedFunctionInfoOffset));
2138   __ mov(vector, FieldOperand(vector,
2139                               SharedFunctionInfo::kFeedbackVectorOffset));
2140 }
2141 
2142 
Generate(MacroAssembler * masm)2143 void CallIC_ArrayStub::Generate(MacroAssembler* masm) {
2144   // edi - function
2145   // edx - slot id
2146   Label miss;
2147   int argc = arg_count();
2148   ParameterCount actual(argc);
2149 
2150   EmitLoadTypeFeedbackVector(masm, ebx);
2151 
2152   __ LoadGlobalFunction(Context::ARRAY_FUNCTION_INDEX, ecx);
2153   __ cmp(edi, ecx);
2154   __ j(not_equal, &miss);
2155 
2156   __ mov(eax, arg_count());
2157   __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
2158                            FixedArray::kHeaderSize));
2159 
2160   // Verify that ecx contains an AllocationSite
2161   Factory* factory = masm->isolate()->factory();
2162   __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
2163          factory->allocation_site_map());
2164   __ j(not_equal, &miss);
2165 
2166   __ mov(ebx, ecx);
2167   ArrayConstructorStub stub(masm->isolate(), arg_count());
2168   __ TailCallStub(&stub);
2169 
2170   __ bind(&miss);
2171   GenerateMiss(masm);
2172 
2173   // The slow case, we need this no matter what to complete a call after a miss.
2174   CallFunctionNoFeedback(masm,
2175                          arg_count(),
2176                          true,
2177                          CallAsMethod());
2178 
2179   // Unreachable.
2180   __ int3();
2181 }
2182 
2183 
Generate(MacroAssembler * masm)2184 void CallICStub::Generate(MacroAssembler* masm) {
2185   // edi - function
2186   // edx - slot id
2187   Isolate* isolate = masm->isolate();
2188   Label extra_checks_or_miss, slow_start;
2189   Label slow, non_function, wrap, cont;
2190   Label have_js_function;
2191   int argc = arg_count();
2192   ParameterCount actual(argc);
2193 
2194   EmitLoadTypeFeedbackVector(masm, ebx);
2195 
2196   // The checks. First, does edi match the recorded monomorphic target?
2197   __ cmp(edi, FieldOperand(ebx, edx, times_half_pointer_size,
2198                            FixedArray::kHeaderSize));
2199   __ j(not_equal, &extra_checks_or_miss);
2200 
2201   __ bind(&have_js_function);
2202   if (CallAsMethod()) {
2203     EmitContinueIfStrictOrNative(masm, &cont);
2204 
2205     // Load the receiver from the stack.
2206     __ mov(eax, Operand(esp, (argc + 1) * kPointerSize));
2207 
2208     __ JumpIfSmi(eax, &wrap);
2209 
2210     __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
2211     __ j(below, &wrap);
2212 
2213     __ bind(&cont);
2214   }
2215 
2216   __ InvokeFunction(edi, actual, JUMP_FUNCTION, NullCallWrapper());
2217 
2218   __ bind(&slow);
2219   EmitSlowCase(isolate, masm, argc, &non_function);
2220 
2221   if (CallAsMethod()) {
2222     __ bind(&wrap);
2223     EmitWrapCase(masm, argc, &cont);
2224   }
2225 
2226   __ bind(&extra_checks_or_miss);
2227   Label miss;
2228 
2229   __ mov(ecx, FieldOperand(ebx, edx, times_half_pointer_size,
2230                            FixedArray::kHeaderSize));
2231   __ cmp(ecx, Immediate(TypeFeedbackVector::MegamorphicSentinel(isolate)));
2232   __ j(equal, &slow_start);
2233   __ cmp(ecx, Immediate(TypeFeedbackVector::UninitializedSentinel(isolate)));
2234   __ j(equal, &miss);
2235 
2236   if (!FLAG_trace_ic) {
2237     // We are going megamorphic. If the feedback is a JSFunction, it is fine
2238     // to handle it here. More complex cases are dealt with in the runtime.
2239     __ AssertNotSmi(ecx);
2240     __ CmpObjectType(ecx, JS_FUNCTION_TYPE, ecx);
2241     __ j(not_equal, &miss);
2242     __ mov(FieldOperand(ebx, edx, times_half_pointer_size,
2243                         FixedArray::kHeaderSize),
2244            Immediate(TypeFeedbackVector::MegamorphicSentinel(isolate)));
2245     __ jmp(&slow_start);
2246   }
2247 
2248   // We are here because tracing is on or we are going monomorphic.
2249   __ bind(&miss);
2250   GenerateMiss(masm);
2251 
2252   // the slow case
2253   __ bind(&slow_start);
2254 
2255   // Check that the function really is a JavaScript function.
2256   __ JumpIfSmi(edi, &non_function);
2257 
2258   // Goto slow case if we do not have a function.
2259   __ CmpObjectType(edi, JS_FUNCTION_TYPE, ecx);
2260   __ j(not_equal, &slow);
2261   __ jmp(&have_js_function);
2262 
2263   // Unreachable
2264   __ int3();
2265 }
2266 
2267 
GenerateMiss(MacroAssembler * masm)2268 void CallICStub::GenerateMiss(MacroAssembler* masm) {
2269   // Get the receiver of the function from the stack; 1 ~ return address.
2270   __ mov(ecx, Operand(esp, (arg_count() + 1) * kPointerSize));
2271 
2272   {
2273     FrameScope scope(masm, StackFrame::INTERNAL);
2274 
2275     // Push the receiver and the function and feedback info.
2276     __ push(ecx);
2277     __ push(edi);
2278     __ push(ebx);
2279     __ push(edx);
2280 
2281     // Call the entry.
2282     IC::UtilityId id = GetICState() == DEFAULT ? IC::kCallIC_Miss
2283                                                : IC::kCallIC_Customization_Miss;
2284 
2285     ExternalReference miss = ExternalReference(IC_Utility(id),
2286                                                masm->isolate());
2287     __ CallExternalReference(miss, 4);
2288 
2289     // Move result to edi and exit the internal frame.
2290     __ mov(edi, eax);
2291   }
2292 }
2293 
2294 
NeedsImmovableCode()2295 bool CEntryStub::NeedsImmovableCode() {
2296   return false;
2297 }
2298 
2299 
GenerateStubsAheadOfTime(Isolate * isolate)2300 void CodeStub::GenerateStubsAheadOfTime(Isolate* isolate) {
2301   CEntryStub::GenerateAheadOfTime(isolate);
2302   StoreBufferOverflowStub::GenerateFixedRegStubsAheadOfTime(isolate);
2303   StubFailureTrampolineStub::GenerateAheadOfTime(isolate);
2304   // It is important that the store buffer overflow stubs are generated first.
2305   ArrayConstructorStubBase::GenerateStubsAheadOfTime(isolate);
2306   CreateAllocationSiteStub::GenerateAheadOfTime(isolate);
2307   BinaryOpICStub::GenerateAheadOfTime(isolate);
2308   BinaryOpICWithAllocationSiteStub::GenerateAheadOfTime(isolate);
2309 }
2310 
2311 
GenerateFPStubs(Isolate * isolate)2312 void CodeStub::GenerateFPStubs(Isolate* isolate) {
2313   // Generate if not already in cache.
2314   CEntryStub(isolate, 1, kSaveFPRegs).GetCode();
2315   isolate->set_fp_stubs_generated(true);
2316 }
2317 
2318 
GenerateAheadOfTime(Isolate * isolate)2319 void CEntryStub::GenerateAheadOfTime(Isolate* isolate) {
2320   CEntryStub stub(isolate, 1, kDontSaveFPRegs);
2321   stub.GetCode();
2322 }
2323 
2324 
Generate(MacroAssembler * masm)2325 void CEntryStub::Generate(MacroAssembler* masm) {
2326   // eax: number of arguments including receiver
2327   // ebx: pointer to C function  (C callee-saved)
2328   // ebp: frame pointer  (restored after C call)
2329   // esp: stack pointer  (restored after C call)
2330   // esi: current context (C callee-saved)
2331   // edi: JS function of the caller (C callee-saved)
2332 
2333   ProfileEntryHookStub::MaybeCallEntryHook(masm);
2334 
2335   // Enter the exit frame that transitions from JavaScript to C++.
2336   __ EnterExitFrame(save_doubles());
2337 
2338   // ebx: pointer to C function  (C callee-saved)
2339   // ebp: frame pointer  (restored after C call)
2340   // esp: stack pointer  (restored after C call)
2341   // edi: number of arguments including receiver  (C callee-saved)
2342   // esi: pointer to the first argument (C callee-saved)
2343 
2344   // Result returned in eax, or eax+edx if result size is 2.
2345 
2346   // Check stack alignment.
2347   if (FLAG_debug_code) {
2348     __ CheckStackAlignment();
2349   }
2350 
2351   // Call C function.
2352   __ mov(Operand(esp, 0 * kPointerSize), edi);  // argc.
2353   __ mov(Operand(esp, 1 * kPointerSize), esi);  // argv.
2354   __ mov(Operand(esp, 2 * kPointerSize),
2355          Immediate(ExternalReference::isolate_address(isolate())));
2356   __ call(ebx);
2357   // Result is in eax or edx:eax - do not destroy these registers!
2358 
2359   // Runtime functions should not return 'the hole'.  Allowing it to escape may
2360   // lead to crashes in the IC code later.
2361   if (FLAG_debug_code) {
2362     Label okay;
2363     __ cmp(eax, isolate()->factory()->the_hole_value());
2364     __ j(not_equal, &okay, Label::kNear);
2365     __ int3();
2366     __ bind(&okay);
2367   }
2368 
2369   // Check result for exception sentinel.
2370   Label exception_returned;
2371   __ cmp(eax, isolate()->factory()->exception());
2372   __ j(equal, &exception_returned);
2373 
2374   ExternalReference pending_exception_address(
2375       Isolate::kPendingExceptionAddress, isolate());
2376 
2377   // Check that there is no pending exception, otherwise we
2378   // should have returned the exception sentinel.
2379   if (FLAG_debug_code) {
2380     __ push(edx);
2381     __ mov(edx, Immediate(isolate()->factory()->the_hole_value()));
2382     Label okay;
2383     __ cmp(edx, Operand::StaticVariable(pending_exception_address));
2384     // Cannot use check here as it attempts to generate call into runtime.
2385     __ j(equal, &okay, Label::kNear);
2386     __ int3();
2387     __ bind(&okay);
2388     __ pop(edx);
2389   }
2390 
2391   // Exit the JavaScript to C++ exit frame.
2392   __ LeaveExitFrame(save_doubles());
2393   __ ret(0);
2394 
2395   // Handling of exception.
2396   __ bind(&exception_returned);
2397 
2398   // Retrieve the pending exception.
2399   __ mov(eax, Operand::StaticVariable(pending_exception_address));
2400 
2401   // Clear the pending exception.
2402   __ mov(edx, Immediate(isolate()->factory()->the_hole_value()));
2403   __ mov(Operand::StaticVariable(pending_exception_address), edx);
2404 
2405   // Special handling of termination exceptions which are uncatchable
2406   // by javascript code.
2407   Label throw_termination_exception;
2408   __ cmp(eax, isolate()->factory()->termination_exception());
2409   __ j(equal, &throw_termination_exception);
2410 
2411   // Handle normal exception.
2412   __ Throw(eax);
2413 
2414   __ bind(&throw_termination_exception);
2415   __ ThrowUncatchable(eax);
2416 }
2417 
2418 
Generate(MacroAssembler * masm)2419 void JSEntryStub::Generate(MacroAssembler* masm) {
2420   Label invoke, handler_entry, exit;
2421   Label not_outermost_js, not_outermost_js_2;
2422 
2423   ProfileEntryHookStub::MaybeCallEntryHook(masm);
2424 
2425   // Set up frame.
2426   __ push(ebp);
2427   __ mov(ebp, esp);
2428 
2429   // Push marker in two places.
2430   int marker = type();
2431   __ push(Immediate(Smi::FromInt(marker)));  // context slot
2432   __ push(Immediate(Smi::FromInt(marker)));  // function slot
2433   // Save callee-saved registers (C calling conventions).
2434   __ push(edi);
2435   __ push(esi);
2436   __ push(ebx);
2437 
2438   // Save copies of the top frame descriptor on the stack.
2439   ExternalReference c_entry_fp(Isolate::kCEntryFPAddress, isolate());
2440   __ push(Operand::StaticVariable(c_entry_fp));
2441 
2442   // If this is the outermost JS call, set js_entry_sp value.
2443   ExternalReference js_entry_sp(Isolate::kJSEntrySPAddress, isolate());
2444   __ cmp(Operand::StaticVariable(js_entry_sp), Immediate(0));
2445   __ j(not_equal, &not_outermost_js, Label::kNear);
2446   __ mov(Operand::StaticVariable(js_entry_sp), ebp);
2447   __ push(Immediate(Smi::FromInt(StackFrame::OUTERMOST_JSENTRY_FRAME)));
2448   __ jmp(&invoke, Label::kNear);
2449   __ bind(&not_outermost_js);
2450   __ push(Immediate(Smi::FromInt(StackFrame::INNER_JSENTRY_FRAME)));
2451 
2452   // Jump to a faked try block that does the invoke, with a faked catch
2453   // block that sets the pending exception.
2454   __ jmp(&invoke);
2455   __ bind(&handler_entry);
2456   handler_offset_ = handler_entry.pos();
2457   // Caught exception: Store result (exception) in the pending exception
2458   // field in the JSEnv and return a failure sentinel.
2459   ExternalReference pending_exception(Isolate::kPendingExceptionAddress,
2460                                       isolate());
2461   __ mov(Operand::StaticVariable(pending_exception), eax);
2462   __ mov(eax, Immediate(isolate()->factory()->exception()));
2463   __ jmp(&exit);
2464 
2465   // Invoke: Link this frame into the handler chain.  There's only one
2466   // handler block in this code object, so its index is 0.
2467   __ bind(&invoke);
2468   __ PushTryHandler(StackHandler::JS_ENTRY, 0);
2469 
2470   // Clear any pending exceptions.
2471   __ mov(edx, Immediate(isolate()->factory()->the_hole_value()));
2472   __ mov(Operand::StaticVariable(pending_exception), edx);
2473 
2474   // Fake a receiver (NULL).
2475   __ push(Immediate(0));  // receiver
2476 
2477   // Invoke the function by calling through JS entry trampoline builtin and
2478   // pop the faked function when we return. Notice that we cannot store a
2479   // reference to the trampoline code directly in this stub, because the
2480   // builtin stubs may not have been generated yet.
2481   if (type() == StackFrame::ENTRY_CONSTRUCT) {
2482     ExternalReference construct_entry(Builtins::kJSConstructEntryTrampoline,
2483                                       isolate());
2484     __ mov(edx, Immediate(construct_entry));
2485   } else {
2486     ExternalReference entry(Builtins::kJSEntryTrampoline, isolate());
2487     __ mov(edx, Immediate(entry));
2488   }
2489   __ mov(edx, Operand(edx, 0));  // deref address
2490   __ lea(edx, FieldOperand(edx, Code::kHeaderSize));
2491   __ call(edx);
2492 
2493   // Unlink this frame from the handler chain.
2494   __ PopTryHandler();
2495 
2496   __ bind(&exit);
2497   // Check if the current stack frame is marked as the outermost JS frame.
2498   __ pop(ebx);
2499   __ cmp(ebx, Immediate(Smi::FromInt(StackFrame::OUTERMOST_JSENTRY_FRAME)));
2500   __ j(not_equal, &not_outermost_js_2);
2501   __ mov(Operand::StaticVariable(js_entry_sp), Immediate(0));
2502   __ bind(&not_outermost_js_2);
2503 
2504   // Restore the top frame descriptor from the stack.
2505   __ pop(Operand::StaticVariable(ExternalReference(
2506       Isolate::kCEntryFPAddress, isolate())));
2507 
2508   // Restore callee-saved registers (C calling conventions).
2509   __ pop(ebx);
2510   __ pop(esi);
2511   __ pop(edi);
2512   __ add(esp, Immediate(2 * kPointerSize));  // remove markers
2513 
2514   // Restore frame pointer and return.
2515   __ pop(ebp);
2516   __ ret(0);
2517 }
2518 
2519 
2520 // Generate stub code for instanceof.
2521 // This code can patch a call site inlined cache of the instance of check,
2522 // which looks like this.
2523 //
2524 //   81 ff XX XX XX XX   cmp    edi, <the hole, patched to a map>
2525 //   75 0a               jne    <some near label>
2526 //   b8 XX XX XX XX      mov    eax, <the hole, patched to either true or false>
2527 //
2528 // If call site patching is requested the stack will have the delta from the
2529 // return address to the cmp instruction just below the return address. This
2530 // also means that call site patching can only take place with arguments in
2531 // registers. TOS looks like this when call site patching is requested
2532 //
2533 //   esp[0] : return address
2534 //   esp[4] : delta from return address to cmp instruction
2535 //
Generate(MacroAssembler * masm)2536 void InstanceofStub::Generate(MacroAssembler* masm) {
2537   // Call site inlining and patching implies arguments in registers.
2538   DCHECK(HasArgsInRegisters() || !HasCallSiteInlineCheck());
2539 
2540   // Fixed register usage throughout the stub.
2541   Register object = eax;  // Object (lhs).
2542   Register map = ebx;  // Map of the object.
2543   Register function = edx;  // Function (rhs).
2544   Register prototype = edi;  // Prototype of the function.
2545   Register scratch = ecx;
2546 
2547   // Constants describing the call site code to patch.
2548   static const int kDeltaToCmpImmediate = 2;
2549   static const int kDeltaToMov = 8;
2550   static const int kDeltaToMovImmediate = 9;
2551   static const int8_t kCmpEdiOperandByte1 = bit_cast<int8_t, uint8_t>(0x3b);
2552   static const int8_t kCmpEdiOperandByte2 = bit_cast<int8_t, uint8_t>(0x3d);
2553   static const int8_t kMovEaxImmediateByte = bit_cast<int8_t, uint8_t>(0xb8);
2554 
2555   DCHECK_EQ(object.code(), InstanceofStub::left().code());
2556   DCHECK_EQ(function.code(), InstanceofStub::right().code());
2557 
2558   // Get the object and function - they are always both needed.
2559   Label slow, not_js_object;
2560   if (!HasArgsInRegisters()) {
2561     __ mov(object, Operand(esp, 2 * kPointerSize));
2562     __ mov(function, Operand(esp, 1 * kPointerSize));
2563   }
2564 
2565   // Check that the left hand is a JS object.
2566   __ JumpIfSmi(object, &not_js_object);
2567   __ IsObjectJSObjectType(object, map, scratch, &not_js_object);
2568 
2569   // If there is a call site cache don't look in the global cache, but do the
2570   // real lookup and update the call site cache.
2571   if (!HasCallSiteInlineCheck() && !ReturnTrueFalseObject()) {
2572     // Look up the function and the map in the instanceof cache.
2573     Label miss;
2574     __ CompareRoot(function, scratch, Heap::kInstanceofCacheFunctionRootIndex);
2575     __ j(not_equal, &miss, Label::kNear);
2576     __ CompareRoot(map, scratch, Heap::kInstanceofCacheMapRootIndex);
2577     __ j(not_equal, &miss, Label::kNear);
2578     __ LoadRoot(eax, Heap::kInstanceofCacheAnswerRootIndex);
2579     __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2580     __ bind(&miss);
2581   }
2582 
2583   // Get the prototype of the function.
2584   __ TryGetFunctionPrototype(function, prototype, scratch, &slow, true);
2585 
2586   // Check that the function prototype is a JS object.
2587   __ JumpIfSmi(prototype, &slow);
2588   __ IsObjectJSObjectType(prototype, scratch, scratch, &slow);
2589 
2590   // Update the global instanceof or call site inlined cache with the current
2591   // map and function. The cached answer will be set when it is known below.
2592   if (!HasCallSiteInlineCheck()) {
2593     __ StoreRoot(map, scratch, Heap::kInstanceofCacheMapRootIndex);
2594     __ StoreRoot(function, scratch, Heap::kInstanceofCacheFunctionRootIndex);
2595   } else {
2596     // The constants for the code patching are based on no push instructions
2597     // at the call site.
2598     DCHECK(HasArgsInRegisters());
2599     // Get return address and delta to inlined map check.
2600     __ mov(scratch, Operand(esp, 0 * kPointerSize));
2601     __ sub(scratch, Operand(esp, 1 * kPointerSize));
2602     if (FLAG_debug_code) {
2603       __ cmpb(Operand(scratch, 0), kCmpEdiOperandByte1);
2604       __ Assert(equal, kInstanceofStubUnexpectedCallSiteCacheCmp1);
2605       __ cmpb(Operand(scratch, 1), kCmpEdiOperandByte2);
2606       __ Assert(equal, kInstanceofStubUnexpectedCallSiteCacheCmp2);
2607     }
2608     __ mov(scratch, Operand(scratch, kDeltaToCmpImmediate));
2609     __ mov(Operand(scratch, 0), map);
2610   }
2611 
2612   // Loop through the prototype chain of the object looking for the function
2613   // prototype.
2614   __ mov(scratch, FieldOperand(map, Map::kPrototypeOffset));
2615   Label loop, is_instance, is_not_instance;
2616   __ bind(&loop);
2617   __ cmp(scratch, prototype);
2618   __ j(equal, &is_instance, Label::kNear);
2619   Factory* factory = isolate()->factory();
2620   __ cmp(scratch, Immediate(factory->null_value()));
2621   __ j(equal, &is_not_instance, Label::kNear);
2622   __ mov(scratch, FieldOperand(scratch, HeapObject::kMapOffset));
2623   __ mov(scratch, FieldOperand(scratch, Map::kPrototypeOffset));
2624   __ jmp(&loop);
2625 
2626   __ bind(&is_instance);
2627   if (!HasCallSiteInlineCheck()) {
2628     __ mov(eax, Immediate(0));
2629     __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex);
2630     if (ReturnTrueFalseObject()) {
2631       __ mov(eax, factory->true_value());
2632     }
2633   } else {
2634     // Get return address and delta to inlined map check.
2635     __ mov(eax, factory->true_value());
2636     __ mov(scratch, Operand(esp, 0 * kPointerSize));
2637     __ sub(scratch, Operand(esp, 1 * kPointerSize));
2638     if (FLAG_debug_code) {
2639       __ cmpb(Operand(scratch, kDeltaToMov), kMovEaxImmediateByte);
2640       __ Assert(equal, kInstanceofStubUnexpectedCallSiteCacheMov);
2641     }
2642     __ mov(Operand(scratch, kDeltaToMovImmediate), eax);
2643     if (!ReturnTrueFalseObject()) {
2644       __ Move(eax, Immediate(0));
2645     }
2646   }
2647   __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2648 
2649   __ bind(&is_not_instance);
2650   if (!HasCallSiteInlineCheck()) {
2651     __ mov(eax, Immediate(Smi::FromInt(1)));
2652     __ StoreRoot(eax, scratch, Heap::kInstanceofCacheAnswerRootIndex);
2653     if (ReturnTrueFalseObject()) {
2654       __ mov(eax, factory->false_value());
2655     }
2656   } else {
2657     // Get return address and delta to inlined map check.
2658     __ mov(eax, factory->false_value());
2659     __ mov(scratch, Operand(esp, 0 * kPointerSize));
2660     __ sub(scratch, Operand(esp, 1 * kPointerSize));
2661     if (FLAG_debug_code) {
2662       __ cmpb(Operand(scratch, kDeltaToMov), kMovEaxImmediateByte);
2663       __ Assert(equal, kInstanceofStubUnexpectedCallSiteCacheMov);
2664     }
2665     __ mov(Operand(scratch, kDeltaToMovImmediate), eax);
2666     if (!ReturnTrueFalseObject()) {
2667       __ Move(eax, Immediate(Smi::FromInt(1)));
2668     }
2669   }
2670   __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2671 
2672   Label object_not_null, object_not_null_or_smi;
2673   __ bind(&not_js_object);
2674   // Before null, smi and string value checks, check that the rhs is a function
2675   // as for a non-function rhs an exception needs to be thrown.
2676   __ JumpIfSmi(function, &slow, Label::kNear);
2677   __ CmpObjectType(function, JS_FUNCTION_TYPE, scratch);
2678   __ j(not_equal, &slow, Label::kNear);
2679 
2680   // Null is not instance of anything.
2681   __ cmp(object, factory->null_value());
2682   __ j(not_equal, &object_not_null, Label::kNear);
2683   if (ReturnTrueFalseObject()) {
2684     __ mov(eax, factory->false_value());
2685   } else {
2686     __ Move(eax, Immediate(Smi::FromInt(1)));
2687   }
2688   __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2689 
2690   __ bind(&object_not_null);
2691   // Smi values is not instance of anything.
2692   __ JumpIfNotSmi(object, &object_not_null_or_smi, Label::kNear);
2693   if (ReturnTrueFalseObject()) {
2694     __ mov(eax, factory->false_value());
2695   } else {
2696     __ Move(eax, Immediate(Smi::FromInt(1)));
2697   }
2698   __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2699 
2700   __ bind(&object_not_null_or_smi);
2701   // String values is not instance of anything.
2702   Condition is_string = masm->IsObjectStringType(object, scratch, scratch);
2703   __ j(NegateCondition(is_string), &slow, Label::kNear);
2704   if (ReturnTrueFalseObject()) {
2705     __ mov(eax, factory->false_value());
2706   } else {
2707     __ Move(eax, Immediate(Smi::FromInt(1)));
2708   }
2709   __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2710 
2711   // Slow-case: Go through the JavaScript implementation.
2712   __ bind(&slow);
2713   if (!ReturnTrueFalseObject()) {
2714     // Tail call the builtin which returns 0 or 1.
2715     if (HasArgsInRegisters()) {
2716       // Push arguments below return address.
2717       __ pop(scratch);
2718       __ push(object);
2719       __ push(function);
2720       __ push(scratch);
2721     }
2722     __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);
2723   } else {
2724     // Call the builtin and convert 0/1 to true/false.
2725     {
2726       FrameScope scope(masm, StackFrame::INTERNAL);
2727       __ push(object);
2728       __ push(function);
2729       __ InvokeBuiltin(Builtins::INSTANCE_OF, CALL_FUNCTION);
2730     }
2731     Label true_value, done;
2732     __ test(eax, eax);
2733     __ j(zero, &true_value, Label::kNear);
2734     __ mov(eax, factory->false_value());
2735     __ jmp(&done, Label::kNear);
2736     __ bind(&true_value);
2737     __ mov(eax, factory->true_value());
2738     __ bind(&done);
2739     __ ret((HasArgsInRegisters() ? 0 : 2) * kPointerSize);
2740   }
2741 }
2742 
2743 
2744 // -------------------------------------------------------------------------
2745 // StringCharCodeAtGenerator
2746 
GenerateFast(MacroAssembler * masm)2747 void StringCharCodeAtGenerator::GenerateFast(MacroAssembler* masm) {
2748   // If the receiver is a smi trigger the non-string case.
2749   STATIC_ASSERT(kSmiTag == 0);
2750   __ JumpIfSmi(object_, receiver_not_string_);
2751 
2752   // Fetch the instance type of the receiver into result register.
2753   __ mov(result_, FieldOperand(object_, HeapObject::kMapOffset));
2754   __ movzx_b(result_, FieldOperand(result_, Map::kInstanceTypeOffset));
2755   // If the receiver is not a string trigger the non-string case.
2756   __ test(result_, Immediate(kIsNotStringMask));
2757   __ j(not_zero, receiver_not_string_);
2758 
2759   // If the index is non-smi trigger the non-smi case.
2760   STATIC_ASSERT(kSmiTag == 0);
2761   __ JumpIfNotSmi(index_, &index_not_smi_);
2762   __ bind(&got_smi_index_);
2763 
2764   // Check for index out of range.
2765   __ cmp(index_, FieldOperand(object_, String::kLengthOffset));
2766   __ j(above_equal, index_out_of_range_);
2767 
2768   __ SmiUntag(index_);
2769 
2770   Factory* factory = masm->isolate()->factory();
2771   StringCharLoadGenerator::Generate(
2772       masm, factory, object_, index_, result_, &call_runtime_);
2773 
2774   __ SmiTag(result_);
2775   __ bind(&exit_);
2776 }
2777 
2778 
GenerateSlow(MacroAssembler * masm,const RuntimeCallHelper & call_helper)2779 void StringCharCodeAtGenerator::GenerateSlow(
2780     MacroAssembler* masm,
2781     const RuntimeCallHelper& call_helper) {
2782   __ Abort(kUnexpectedFallthroughToCharCodeAtSlowCase);
2783 
2784   // Index is not a smi.
2785   __ bind(&index_not_smi_);
2786   // If index is a heap number, try converting it to an integer.
2787   __ CheckMap(index_,
2788               masm->isolate()->factory()->heap_number_map(),
2789               index_not_number_,
2790               DONT_DO_SMI_CHECK);
2791   call_helper.BeforeCall(masm);
2792   __ push(object_);
2793   __ push(index_);  // Consumed by runtime conversion function.
2794   if (index_flags_ == STRING_INDEX_IS_NUMBER) {
2795     __ CallRuntime(Runtime::kNumberToIntegerMapMinusZero, 1);
2796   } else {
2797     DCHECK(index_flags_ == STRING_INDEX_IS_ARRAY_INDEX);
2798     // NumberToSmi discards numbers that are not exact integers.
2799     __ CallRuntime(Runtime::kNumberToSmi, 1);
2800   }
2801   if (!index_.is(eax)) {
2802     // Save the conversion result before the pop instructions below
2803     // have a chance to overwrite it.
2804     __ mov(index_, eax);
2805   }
2806   __ pop(object_);
2807   // Reload the instance type.
2808   __ mov(result_, FieldOperand(object_, HeapObject::kMapOffset));
2809   __ movzx_b(result_, FieldOperand(result_, Map::kInstanceTypeOffset));
2810   call_helper.AfterCall(masm);
2811   // If index is still not a smi, it must be out of range.
2812   STATIC_ASSERT(kSmiTag == 0);
2813   __ JumpIfNotSmi(index_, index_out_of_range_);
2814   // Otherwise, return to the fast path.
2815   __ jmp(&got_smi_index_);
2816 
2817   // Call runtime. We get here when the receiver is a string and the
2818   // index is a number, but the code of getting the actual character
2819   // is too complex (e.g., when the string needs to be flattened).
2820   __ bind(&call_runtime_);
2821   call_helper.BeforeCall(masm);
2822   __ push(object_);
2823   __ SmiTag(index_);
2824   __ push(index_);
2825   __ CallRuntime(Runtime::kStringCharCodeAtRT, 2);
2826   if (!result_.is(eax)) {
2827     __ mov(result_, eax);
2828   }
2829   call_helper.AfterCall(masm);
2830   __ jmp(&exit_);
2831 
2832   __ Abort(kUnexpectedFallthroughFromCharCodeAtSlowCase);
2833 }
2834 
2835 
2836 // -------------------------------------------------------------------------
2837 // StringCharFromCodeGenerator
2838 
GenerateFast(MacroAssembler * masm)2839 void StringCharFromCodeGenerator::GenerateFast(MacroAssembler* masm) {
2840   // Fast case of Heap::LookupSingleCharacterStringFromCode.
2841   STATIC_ASSERT(kSmiTag == 0);
2842   STATIC_ASSERT(kSmiShiftSize == 0);
2843   DCHECK(base::bits::IsPowerOfTwo32(String::kMaxOneByteCharCode + 1));
2844   __ test(code_,
2845           Immediate(kSmiTagMask |
2846                     ((~String::kMaxOneByteCharCode) << kSmiTagSize)));
2847   __ j(not_zero, &slow_case_);
2848 
2849   Factory* factory = masm->isolate()->factory();
2850   __ Move(result_, Immediate(factory->single_character_string_cache()));
2851   STATIC_ASSERT(kSmiTag == 0);
2852   STATIC_ASSERT(kSmiTagSize == 1);
2853   STATIC_ASSERT(kSmiShiftSize == 0);
2854   // At this point code register contains smi tagged one byte char code.
2855   __ mov(result_, FieldOperand(result_,
2856                                code_, times_half_pointer_size,
2857                                FixedArray::kHeaderSize));
2858   __ cmp(result_, factory->undefined_value());
2859   __ j(equal, &slow_case_);
2860   __ bind(&exit_);
2861 }
2862 
2863 
GenerateSlow(MacroAssembler * masm,const RuntimeCallHelper & call_helper)2864 void StringCharFromCodeGenerator::GenerateSlow(
2865     MacroAssembler* masm,
2866     const RuntimeCallHelper& call_helper) {
2867   __ Abort(kUnexpectedFallthroughToCharFromCodeSlowCase);
2868 
2869   __ bind(&slow_case_);
2870   call_helper.BeforeCall(masm);
2871   __ push(code_);
2872   __ CallRuntime(Runtime::kCharFromCode, 1);
2873   if (!result_.is(eax)) {
2874     __ mov(result_, eax);
2875   }
2876   call_helper.AfterCall(masm);
2877   __ jmp(&exit_);
2878 
2879   __ Abort(kUnexpectedFallthroughFromCharFromCodeSlowCase);
2880 }
2881 
2882 
GenerateCopyCharacters(MacroAssembler * masm,Register dest,Register src,Register count,Register scratch,String::Encoding encoding)2883 void StringHelper::GenerateCopyCharacters(MacroAssembler* masm,
2884                                           Register dest,
2885                                           Register src,
2886                                           Register count,
2887                                           Register scratch,
2888                                           String::Encoding encoding) {
2889   DCHECK(!scratch.is(dest));
2890   DCHECK(!scratch.is(src));
2891   DCHECK(!scratch.is(count));
2892 
2893   // Nothing to do for zero characters.
2894   Label done;
2895   __ test(count, count);
2896   __ j(zero, &done);
2897 
2898   // Make count the number of bytes to copy.
2899   if (encoding == String::TWO_BYTE_ENCODING) {
2900     __ shl(count, 1);
2901   }
2902 
2903   Label loop;
2904   __ bind(&loop);
2905   __ mov_b(scratch, Operand(src, 0));
2906   __ mov_b(Operand(dest, 0), scratch);
2907   __ inc(src);
2908   __ inc(dest);
2909   __ dec(count);
2910   __ j(not_zero, &loop);
2911 
2912   __ bind(&done);
2913 }
2914 
2915 
Generate(MacroAssembler * masm)2916 void SubStringStub::Generate(MacroAssembler* masm) {
2917   Label runtime;
2918 
2919   // Stack frame on entry.
2920   //  esp[0]: return address
2921   //  esp[4]: to
2922   //  esp[8]: from
2923   //  esp[12]: string
2924 
2925   // Make sure first argument is a string.
2926   __ mov(eax, Operand(esp, 3 * kPointerSize));
2927   STATIC_ASSERT(kSmiTag == 0);
2928   __ JumpIfSmi(eax, &runtime);
2929   Condition is_string = masm->IsObjectStringType(eax, ebx, ebx);
2930   __ j(NegateCondition(is_string), &runtime);
2931 
2932   // eax: string
2933   // ebx: instance type
2934 
2935   // Calculate length of sub string using the smi values.
2936   __ mov(ecx, Operand(esp, 1 * kPointerSize));  // To index.
2937   __ JumpIfNotSmi(ecx, &runtime);
2938   __ mov(edx, Operand(esp, 2 * kPointerSize));  // From index.
2939   __ JumpIfNotSmi(edx, &runtime);
2940   __ sub(ecx, edx);
2941   __ cmp(ecx, FieldOperand(eax, String::kLengthOffset));
2942   Label not_original_string;
2943   // Shorter than original string's length: an actual substring.
2944   __ j(below, &not_original_string, Label::kNear);
2945   // Longer than original string's length or negative: unsafe arguments.
2946   __ j(above, &runtime);
2947   // Return original string.
2948   Counters* counters = isolate()->counters();
2949   __ IncrementCounter(counters->sub_string_native(), 1);
2950   __ ret(3 * kPointerSize);
2951   __ bind(&not_original_string);
2952 
2953   Label single_char;
2954   __ cmp(ecx, Immediate(Smi::FromInt(1)));
2955   __ j(equal, &single_char);
2956 
2957   // eax: string
2958   // ebx: instance type
2959   // ecx: sub string length (smi)
2960   // edx: from index (smi)
2961   // Deal with different string types: update the index if necessary
2962   // and put the underlying string into edi.
2963   Label underlying_unpacked, sliced_string, seq_or_external_string;
2964   // If the string is not indirect, it can only be sequential or external.
2965   STATIC_ASSERT(kIsIndirectStringMask == (kSlicedStringTag & kConsStringTag));
2966   STATIC_ASSERT(kIsIndirectStringMask != 0);
2967   __ test(ebx, Immediate(kIsIndirectStringMask));
2968   __ j(zero, &seq_or_external_string, Label::kNear);
2969 
2970   Factory* factory = isolate()->factory();
2971   __ test(ebx, Immediate(kSlicedNotConsMask));
2972   __ j(not_zero, &sliced_string, Label::kNear);
2973   // Cons string.  Check whether it is flat, then fetch first part.
2974   // Flat cons strings have an empty second part.
2975   __ cmp(FieldOperand(eax, ConsString::kSecondOffset),
2976          factory->empty_string());
2977   __ j(not_equal, &runtime);
2978   __ mov(edi, FieldOperand(eax, ConsString::kFirstOffset));
2979   // Update instance type.
2980   __ mov(ebx, FieldOperand(edi, HeapObject::kMapOffset));
2981   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
2982   __ jmp(&underlying_unpacked, Label::kNear);
2983 
2984   __ bind(&sliced_string);
2985   // Sliced string.  Fetch parent and adjust start index by offset.
2986   __ add(edx, FieldOperand(eax, SlicedString::kOffsetOffset));
2987   __ mov(edi, FieldOperand(eax, SlicedString::kParentOffset));
2988   // Update instance type.
2989   __ mov(ebx, FieldOperand(edi, HeapObject::kMapOffset));
2990   __ movzx_b(ebx, FieldOperand(ebx, Map::kInstanceTypeOffset));
2991   __ jmp(&underlying_unpacked, Label::kNear);
2992 
2993   __ bind(&seq_or_external_string);
2994   // Sequential or external string.  Just move string to the expected register.
2995   __ mov(edi, eax);
2996 
2997   __ bind(&underlying_unpacked);
2998 
2999   if (FLAG_string_slices) {
3000     Label copy_routine;
3001     // edi: underlying subject string
3002     // ebx: instance type of underlying subject string
3003     // edx: adjusted start index (smi)
3004     // ecx: length (smi)
3005     __ cmp(ecx, Immediate(Smi::FromInt(SlicedString::kMinLength)));
3006     // Short slice.  Copy instead of slicing.
3007     __ j(less, &copy_routine);
3008     // Allocate new sliced string.  At this point we do not reload the instance
3009     // type including the string encoding because we simply rely on the info
3010     // provided by the original string.  It does not matter if the original
3011     // string's encoding is wrong because we always have to recheck encoding of
3012     // the newly created string's parent anyways due to externalized strings.
3013     Label two_byte_slice, set_slice_header;
3014     STATIC_ASSERT((kStringEncodingMask & kOneByteStringTag) != 0);
3015     STATIC_ASSERT((kStringEncodingMask & kTwoByteStringTag) == 0);
3016     __ test(ebx, Immediate(kStringEncodingMask));
3017     __ j(zero, &two_byte_slice, Label::kNear);
3018     __ AllocateOneByteSlicedString(eax, ebx, no_reg, &runtime);
3019     __ jmp(&set_slice_header, Label::kNear);
3020     __ bind(&two_byte_slice);
3021     __ AllocateTwoByteSlicedString(eax, ebx, no_reg, &runtime);
3022     __ bind(&set_slice_header);
3023     __ mov(FieldOperand(eax, SlicedString::kLengthOffset), ecx);
3024     __ mov(FieldOperand(eax, SlicedString::kHashFieldOffset),
3025            Immediate(String::kEmptyHashField));
3026     __ mov(FieldOperand(eax, SlicedString::kParentOffset), edi);
3027     __ mov(FieldOperand(eax, SlicedString::kOffsetOffset), edx);
3028     __ IncrementCounter(counters->sub_string_native(), 1);
3029     __ ret(3 * kPointerSize);
3030 
3031     __ bind(&copy_routine);
3032   }
3033 
3034   // edi: underlying subject string
3035   // ebx: instance type of underlying subject string
3036   // edx: adjusted start index (smi)
3037   // ecx: length (smi)
3038   // The subject string can only be external or sequential string of either
3039   // encoding at this point.
3040   Label two_byte_sequential, runtime_drop_two, sequential_string;
3041   STATIC_ASSERT(kExternalStringTag != 0);
3042   STATIC_ASSERT(kSeqStringTag == 0);
3043   __ test_b(ebx, kExternalStringTag);
3044   __ j(zero, &sequential_string);
3045 
3046   // Handle external string.
3047   // Rule out short external strings.
3048   STATIC_ASSERT(kShortExternalStringTag != 0);
3049   __ test_b(ebx, kShortExternalStringMask);
3050   __ j(not_zero, &runtime);
3051   __ mov(edi, FieldOperand(edi, ExternalString::kResourceDataOffset));
3052   // Move the pointer so that offset-wise, it looks like a sequential string.
3053   STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
3054   __ sub(edi, Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
3055 
3056   __ bind(&sequential_string);
3057   // Stash away (adjusted) index and (underlying) string.
3058   __ push(edx);
3059   __ push(edi);
3060   __ SmiUntag(ecx);
3061   STATIC_ASSERT((kOneByteStringTag & kStringEncodingMask) != 0);
3062   __ test_b(ebx, kStringEncodingMask);
3063   __ j(zero, &two_byte_sequential);
3064 
3065   // Sequential one byte string.  Allocate the result.
3066   __ AllocateOneByteString(eax, ecx, ebx, edx, edi, &runtime_drop_two);
3067 
3068   // eax: result string
3069   // ecx: result string length
3070   // Locate first character of result.
3071   __ mov(edi, eax);
3072   __ add(edi, Immediate(SeqOneByteString::kHeaderSize - kHeapObjectTag));
3073   // Load string argument and locate character of sub string start.
3074   __ pop(edx);
3075   __ pop(ebx);
3076   __ SmiUntag(ebx);
3077   __ lea(edx, FieldOperand(edx, ebx, times_1, SeqOneByteString::kHeaderSize));
3078 
3079   // eax: result string
3080   // ecx: result length
3081   // edi: first character of result
3082   // edx: character of sub string start
3083   StringHelper::GenerateCopyCharacters(
3084       masm, edi, edx, ecx, ebx, String::ONE_BYTE_ENCODING);
3085   __ IncrementCounter(counters->sub_string_native(), 1);
3086   __ ret(3 * kPointerSize);
3087 
3088   __ bind(&two_byte_sequential);
3089   // Sequential two-byte string.  Allocate the result.
3090   __ AllocateTwoByteString(eax, ecx, ebx, edx, edi, &runtime_drop_two);
3091 
3092   // eax: result string
3093   // ecx: result string length
3094   // Locate first character of result.
3095   __ mov(edi, eax);
3096   __ add(edi,
3097          Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
3098   // Load string argument and locate character of sub string start.
3099   __ pop(edx);
3100   __ pop(ebx);
3101   // As from is a smi it is 2 times the value which matches the size of a two
3102   // byte character.
3103   STATIC_ASSERT(kSmiTag == 0);
3104   STATIC_ASSERT(kSmiTagSize + kSmiShiftSize == 1);
3105   __ lea(edx, FieldOperand(edx, ebx, times_1, SeqTwoByteString::kHeaderSize));
3106 
3107   // eax: result string
3108   // ecx: result length
3109   // edi: first character of result
3110   // edx: character of sub string start
3111   StringHelper::GenerateCopyCharacters(
3112       masm, edi, edx, ecx, ebx, String::TWO_BYTE_ENCODING);
3113   __ IncrementCounter(counters->sub_string_native(), 1);
3114   __ ret(3 * kPointerSize);
3115 
3116   // Drop pushed values on the stack before tail call.
3117   __ bind(&runtime_drop_two);
3118   __ Drop(2);
3119 
3120   // Just jump to runtime to create the sub string.
3121   __ bind(&runtime);
3122   __ TailCallRuntime(Runtime::kSubString, 3, 1);
3123 
3124   __ bind(&single_char);
3125   // eax: string
3126   // ebx: instance type
3127   // ecx: sub string length (smi)
3128   // edx: from index (smi)
3129   StringCharAtGenerator generator(
3130       eax, edx, ecx, eax, &runtime, &runtime, &runtime, STRING_INDEX_IS_NUMBER);
3131   generator.GenerateFast(masm);
3132   __ ret(3 * kPointerSize);
3133   generator.SkipSlow(masm, &runtime);
3134 }
3135 
3136 
GenerateFlatOneByteStringEquals(MacroAssembler * masm,Register left,Register right,Register scratch1,Register scratch2)3137 void StringHelper::GenerateFlatOneByteStringEquals(MacroAssembler* masm,
3138                                                    Register left,
3139                                                    Register right,
3140                                                    Register scratch1,
3141                                                    Register scratch2) {
3142   Register length = scratch1;
3143 
3144   // Compare lengths.
3145   Label strings_not_equal, check_zero_length;
3146   __ mov(length, FieldOperand(left, String::kLengthOffset));
3147   __ cmp(length, FieldOperand(right, String::kLengthOffset));
3148   __ j(equal, &check_zero_length, Label::kNear);
3149   __ bind(&strings_not_equal);
3150   __ Move(eax, Immediate(Smi::FromInt(NOT_EQUAL)));
3151   __ ret(0);
3152 
3153   // Check if the length is zero.
3154   Label compare_chars;
3155   __ bind(&check_zero_length);
3156   STATIC_ASSERT(kSmiTag == 0);
3157   __ test(length, length);
3158   __ j(not_zero, &compare_chars, Label::kNear);
3159   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3160   __ ret(0);
3161 
3162   // Compare characters.
3163   __ bind(&compare_chars);
3164   GenerateOneByteCharsCompareLoop(masm, left, right, length, scratch2,
3165                                   &strings_not_equal, Label::kNear);
3166 
3167   // Characters are equal.
3168   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3169   __ ret(0);
3170 }
3171 
3172 
GenerateCompareFlatOneByteStrings(MacroAssembler * masm,Register left,Register right,Register scratch1,Register scratch2,Register scratch3)3173 void StringHelper::GenerateCompareFlatOneByteStrings(
3174     MacroAssembler* masm, Register left, Register right, Register scratch1,
3175     Register scratch2, Register scratch3) {
3176   Counters* counters = masm->isolate()->counters();
3177   __ IncrementCounter(counters->string_compare_native(), 1);
3178 
3179   // Find minimum length.
3180   Label left_shorter;
3181   __ mov(scratch1, FieldOperand(left, String::kLengthOffset));
3182   __ mov(scratch3, scratch1);
3183   __ sub(scratch3, FieldOperand(right, String::kLengthOffset));
3184 
3185   Register length_delta = scratch3;
3186 
3187   __ j(less_equal, &left_shorter, Label::kNear);
3188   // Right string is shorter. Change scratch1 to be length of right string.
3189   __ sub(scratch1, length_delta);
3190   __ bind(&left_shorter);
3191 
3192   Register min_length = scratch1;
3193 
3194   // If either length is zero, just compare lengths.
3195   Label compare_lengths;
3196   __ test(min_length, min_length);
3197   __ j(zero, &compare_lengths, Label::kNear);
3198 
3199   // Compare characters.
3200   Label result_not_equal;
3201   GenerateOneByteCharsCompareLoop(masm, left, right, min_length, scratch2,
3202                                   &result_not_equal, Label::kNear);
3203 
3204   // Compare lengths -  strings up to min-length are equal.
3205   __ bind(&compare_lengths);
3206   __ test(length_delta, length_delta);
3207   Label length_not_equal;
3208   __ j(not_zero, &length_not_equal, Label::kNear);
3209 
3210   // Result is EQUAL.
3211   STATIC_ASSERT(EQUAL == 0);
3212   STATIC_ASSERT(kSmiTag == 0);
3213   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3214   __ ret(0);
3215 
3216   Label result_greater;
3217   Label result_less;
3218   __ bind(&length_not_equal);
3219   __ j(greater, &result_greater, Label::kNear);
3220   __ jmp(&result_less, Label::kNear);
3221   __ bind(&result_not_equal);
3222   __ j(above, &result_greater, Label::kNear);
3223   __ bind(&result_less);
3224 
3225   // Result is LESS.
3226   __ Move(eax, Immediate(Smi::FromInt(LESS)));
3227   __ ret(0);
3228 
3229   // Result is GREATER.
3230   __ bind(&result_greater);
3231   __ Move(eax, Immediate(Smi::FromInt(GREATER)));
3232   __ ret(0);
3233 }
3234 
3235 
GenerateOneByteCharsCompareLoop(MacroAssembler * masm,Register left,Register right,Register length,Register scratch,Label * chars_not_equal,Label::Distance chars_not_equal_near)3236 void StringHelper::GenerateOneByteCharsCompareLoop(
3237     MacroAssembler* masm, Register left, Register right, Register length,
3238     Register scratch, Label* chars_not_equal,
3239     Label::Distance chars_not_equal_near) {
3240   // Change index to run from -length to -1 by adding length to string
3241   // start. This means that loop ends when index reaches zero, which
3242   // doesn't need an additional compare.
3243   __ SmiUntag(length);
3244   __ lea(left,
3245          FieldOperand(left, length, times_1, SeqOneByteString::kHeaderSize));
3246   __ lea(right,
3247          FieldOperand(right, length, times_1, SeqOneByteString::kHeaderSize));
3248   __ neg(length);
3249   Register index = length;  // index = -length;
3250 
3251   // Compare loop.
3252   Label loop;
3253   __ bind(&loop);
3254   __ mov_b(scratch, Operand(left, index, times_1, 0));
3255   __ cmpb(scratch, Operand(right, index, times_1, 0));
3256   __ j(not_equal, chars_not_equal, chars_not_equal_near);
3257   __ inc(index);
3258   __ j(not_zero, &loop);
3259 }
3260 
3261 
Generate(MacroAssembler * masm)3262 void StringCompareStub::Generate(MacroAssembler* masm) {
3263   Label runtime;
3264 
3265   // Stack frame on entry.
3266   //  esp[0]: return address
3267   //  esp[4]: right string
3268   //  esp[8]: left string
3269 
3270   __ mov(edx, Operand(esp, 2 * kPointerSize));  // left
3271   __ mov(eax, Operand(esp, 1 * kPointerSize));  // right
3272 
3273   Label not_same;
3274   __ cmp(edx, eax);
3275   __ j(not_equal, &not_same, Label::kNear);
3276   STATIC_ASSERT(EQUAL == 0);
3277   STATIC_ASSERT(kSmiTag == 0);
3278   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3279   __ IncrementCounter(isolate()->counters()->string_compare_native(), 1);
3280   __ ret(2 * kPointerSize);
3281 
3282   __ bind(&not_same);
3283 
3284   // Check that both objects are sequential one-byte strings.
3285   __ JumpIfNotBothSequentialOneByteStrings(edx, eax, ecx, ebx, &runtime);
3286 
3287   // Compare flat one-byte strings.
3288   // Drop arguments from the stack.
3289   __ pop(ecx);
3290   __ add(esp, Immediate(2 * kPointerSize));
3291   __ push(ecx);
3292   StringHelper::GenerateCompareFlatOneByteStrings(masm, edx, eax, ecx, ebx,
3293                                                   edi);
3294 
3295   // Call the runtime; it returns -1 (less), 0 (equal), or 1 (greater)
3296   // tagged as a small integer.
3297   __ bind(&runtime);
3298   __ TailCallRuntime(Runtime::kStringCompare, 2, 1);
3299 }
3300 
3301 
Generate(MacroAssembler * masm)3302 void BinaryOpICWithAllocationSiteStub::Generate(MacroAssembler* masm) {
3303   // ----------- S t a t e -------------
3304   //  -- edx    : left
3305   //  -- eax    : right
3306   //  -- esp[0] : return address
3307   // -----------------------------------
3308 
3309   // Load ecx with the allocation site.  We stick an undefined dummy value here
3310   // and replace it with the real allocation site later when we instantiate this
3311   // stub in BinaryOpICWithAllocationSiteStub::GetCodeCopyFromTemplate().
3312   __ mov(ecx, handle(isolate()->heap()->undefined_value()));
3313 
3314   // Make sure that we actually patched the allocation site.
3315   if (FLAG_debug_code) {
3316     __ test(ecx, Immediate(kSmiTagMask));
3317     __ Assert(not_equal, kExpectedAllocationSite);
3318     __ cmp(FieldOperand(ecx, HeapObject::kMapOffset),
3319            isolate()->factory()->allocation_site_map());
3320     __ Assert(equal, kExpectedAllocationSite);
3321   }
3322 
3323   // Tail call into the stub that handles binary operations with allocation
3324   // sites.
3325   BinaryOpWithAllocationSiteStub stub(isolate(), state());
3326   __ TailCallStub(&stub);
3327 }
3328 
3329 
GenerateSmis(MacroAssembler * masm)3330 void CompareICStub::GenerateSmis(MacroAssembler* masm) {
3331   DCHECK(state() == CompareICState::SMI);
3332   Label miss;
3333   __ mov(ecx, edx);
3334   __ or_(ecx, eax);
3335   __ JumpIfNotSmi(ecx, &miss, Label::kNear);
3336 
3337   if (GetCondition() == equal) {
3338     // For equality we do not care about the sign of the result.
3339     __ sub(eax, edx);
3340   } else {
3341     Label done;
3342     __ sub(edx, eax);
3343     __ j(no_overflow, &done, Label::kNear);
3344     // Correct sign of result in case of overflow.
3345     __ not_(edx);
3346     __ bind(&done);
3347     __ mov(eax, edx);
3348   }
3349   __ ret(0);
3350 
3351   __ bind(&miss);
3352   GenerateMiss(masm);
3353 }
3354 
3355 
GenerateNumbers(MacroAssembler * masm)3356 void CompareICStub::GenerateNumbers(MacroAssembler* masm) {
3357   DCHECK(state() == CompareICState::NUMBER);
3358 
3359   Label generic_stub;
3360   Label unordered, maybe_undefined1, maybe_undefined2;
3361   Label miss;
3362 
3363   if (left() == CompareICState::SMI) {
3364     __ JumpIfNotSmi(edx, &miss);
3365   }
3366   if (right() == CompareICState::SMI) {
3367     __ JumpIfNotSmi(eax, &miss);
3368   }
3369 
3370   // Load left and right operand.
3371   Label done, left, left_smi, right_smi;
3372   __ JumpIfSmi(eax, &right_smi, Label::kNear);
3373   __ cmp(FieldOperand(eax, HeapObject::kMapOffset),
3374          isolate()->factory()->heap_number_map());
3375   __ j(not_equal, &maybe_undefined1, Label::kNear);
3376   __ movsd(xmm1, FieldOperand(eax, HeapNumber::kValueOffset));
3377   __ jmp(&left, Label::kNear);
3378   __ bind(&right_smi);
3379   __ mov(ecx, eax);  // Can't clobber eax because we can still jump away.
3380   __ SmiUntag(ecx);
3381   __ Cvtsi2sd(xmm1, ecx);
3382 
3383   __ bind(&left);
3384   __ JumpIfSmi(edx, &left_smi, Label::kNear);
3385   __ cmp(FieldOperand(edx, HeapObject::kMapOffset),
3386          isolate()->factory()->heap_number_map());
3387   __ j(not_equal, &maybe_undefined2, Label::kNear);
3388   __ movsd(xmm0, FieldOperand(edx, HeapNumber::kValueOffset));
3389   __ jmp(&done);
3390   __ bind(&left_smi);
3391   __ mov(ecx, edx);  // Can't clobber edx because we can still jump away.
3392   __ SmiUntag(ecx);
3393   __ Cvtsi2sd(xmm0, ecx);
3394 
3395   __ bind(&done);
3396   // Compare operands.
3397   __ ucomisd(xmm0, xmm1);
3398 
3399   // Don't base result on EFLAGS when a NaN is involved.
3400   __ j(parity_even, &unordered, Label::kNear);
3401 
3402   // Return a result of -1, 0, or 1, based on EFLAGS.
3403   // Performing mov, because xor would destroy the flag register.
3404   __ mov(eax, 0);  // equal
3405   __ mov(ecx, Immediate(Smi::FromInt(1)));
3406   __ cmov(above, eax, ecx);
3407   __ mov(ecx, Immediate(Smi::FromInt(-1)));
3408   __ cmov(below, eax, ecx);
3409   __ ret(0);
3410 
3411   __ bind(&unordered);
3412   __ bind(&generic_stub);
3413   CompareICStub stub(isolate(), op(), CompareICState::GENERIC,
3414                      CompareICState::GENERIC, CompareICState::GENERIC);
3415   __ jmp(stub.GetCode(), RelocInfo::CODE_TARGET);
3416 
3417   __ bind(&maybe_undefined1);
3418   if (Token::IsOrderedRelationalCompareOp(op())) {
3419     __ cmp(eax, Immediate(isolate()->factory()->undefined_value()));
3420     __ j(not_equal, &miss);
3421     __ JumpIfSmi(edx, &unordered);
3422     __ CmpObjectType(edx, HEAP_NUMBER_TYPE, ecx);
3423     __ j(not_equal, &maybe_undefined2, Label::kNear);
3424     __ jmp(&unordered);
3425   }
3426 
3427   __ bind(&maybe_undefined2);
3428   if (Token::IsOrderedRelationalCompareOp(op())) {
3429     __ cmp(edx, Immediate(isolate()->factory()->undefined_value()));
3430     __ j(equal, &unordered);
3431   }
3432 
3433   __ bind(&miss);
3434   GenerateMiss(masm);
3435 }
3436 
3437 
GenerateInternalizedStrings(MacroAssembler * masm)3438 void CompareICStub::GenerateInternalizedStrings(MacroAssembler* masm) {
3439   DCHECK(state() == CompareICState::INTERNALIZED_STRING);
3440   DCHECK(GetCondition() == equal);
3441 
3442   // Registers containing left and right operands respectively.
3443   Register left = edx;
3444   Register right = eax;
3445   Register tmp1 = ecx;
3446   Register tmp2 = ebx;
3447 
3448   // Check that both operands are heap objects.
3449   Label miss;
3450   __ mov(tmp1, left);
3451   STATIC_ASSERT(kSmiTag == 0);
3452   __ and_(tmp1, right);
3453   __ JumpIfSmi(tmp1, &miss, Label::kNear);
3454 
3455   // Check that both operands are internalized strings.
3456   __ mov(tmp1, FieldOperand(left, HeapObject::kMapOffset));
3457   __ mov(tmp2, FieldOperand(right, HeapObject::kMapOffset));
3458   __ movzx_b(tmp1, FieldOperand(tmp1, Map::kInstanceTypeOffset));
3459   __ movzx_b(tmp2, FieldOperand(tmp2, Map::kInstanceTypeOffset));
3460   STATIC_ASSERT(kInternalizedTag == 0 && kStringTag == 0);
3461   __ or_(tmp1, tmp2);
3462   __ test(tmp1, Immediate(kIsNotStringMask | kIsNotInternalizedMask));
3463   __ j(not_zero, &miss, Label::kNear);
3464 
3465   // Internalized strings are compared by identity.
3466   Label done;
3467   __ cmp(left, right);
3468   // Make sure eax is non-zero. At this point input operands are
3469   // guaranteed to be non-zero.
3470   DCHECK(right.is(eax));
3471   __ j(not_equal, &done, Label::kNear);
3472   STATIC_ASSERT(EQUAL == 0);
3473   STATIC_ASSERT(kSmiTag == 0);
3474   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3475   __ bind(&done);
3476   __ ret(0);
3477 
3478   __ bind(&miss);
3479   GenerateMiss(masm);
3480 }
3481 
3482 
GenerateUniqueNames(MacroAssembler * masm)3483 void CompareICStub::GenerateUniqueNames(MacroAssembler* masm) {
3484   DCHECK(state() == CompareICState::UNIQUE_NAME);
3485   DCHECK(GetCondition() == equal);
3486 
3487   // Registers containing left and right operands respectively.
3488   Register left = edx;
3489   Register right = eax;
3490   Register tmp1 = ecx;
3491   Register tmp2 = ebx;
3492 
3493   // Check that both operands are heap objects.
3494   Label miss;
3495   __ mov(tmp1, left);
3496   STATIC_ASSERT(kSmiTag == 0);
3497   __ and_(tmp1, right);
3498   __ JumpIfSmi(tmp1, &miss, Label::kNear);
3499 
3500   // Check that both operands are unique names. This leaves the instance
3501   // types loaded in tmp1 and tmp2.
3502   __ mov(tmp1, FieldOperand(left, HeapObject::kMapOffset));
3503   __ mov(tmp2, FieldOperand(right, HeapObject::kMapOffset));
3504   __ movzx_b(tmp1, FieldOperand(tmp1, Map::kInstanceTypeOffset));
3505   __ movzx_b(tmp2, FieldOperand(tmp2, Map::kInstanceTypeOffset));
3506 
3507   __ JumpIfNotUniqueNameInstanceType(tmp1, &miss, Label::kNear);
3508   __ JumpIfNotUniqueNameInstanceType(tmp2, &miss, Label::kNear);
3509 
3510   // Unique names are compared by identity.
3511   Label done;
3512   __ cmp(left, right);
3513   // Make sure eax is non-zero. At this point input operands are
3514   // guaranteed to be non-zero.
3515   DCHECK(right.is(eax));
3516   __ j(not_equal, &done, Label::kNear);
3517   STATIC_ASSERT(EQUAL == 0);
3518   STATIC_ASSERT(kSmiTag == 0);
3519   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3520   __ bind(&done);
3521   __ ret(0);
3522 
3523   __ bind(&miss);
3524   GenerateMiss(masm);
3525 }
3526 
3527 
GenerateStrings(MacroAssembler * masm)3528 void CompareICStub::GenerateStrings(MacroAssembler* masm) {
3529   DCHECK(state() == CompareICState::STRING);
3530   Label miss;
3531 
3532   bool equality = Token::IsEqualityOp(op());
3533 
3534   // Registers containing left and right operands respectively.
3535   Register left = edx;
3536   Register right = eax;
3537   Register tmp1 = ecx;
3538   Register tmp2 = ebx;
3539   Register tmp3 = edi;
3540 
3541   // Check that both operands are heap objects.
3542   __ mov(tmp1, left);
3543   STATIC_ASSERT(kSmiTag == 0);
3544   __ and_(tmp1, right);
3545   __ JumpIfSmi(tmp1, &miss);
3546 
3547   // Check that both operands are strings. This leaves the instance
3548   // types loaded in tmp1 and tmp2.
3549   __ mov(tmp1, FieldOperand(left, HeapObject::kMapOffset));
3550   __ mov(tmp2, FieldOperand(right, HeapObject::kMapOffset));
3551   __ movzx_b(tmp1, FieldOperand(tmp1, Map::kInstanceTypeOffset));
3552   __ movzx_b(tmp2, FieldOperand(tmp2, Map::kInstanceTypeOffset));
3553   __ mov(tmp3, tmp1);
3554   STATIC_ASSERT(kNotStringTag != 0);
3555   __ or_(tmp3, tmp2);
3556   __ test(tmp3, Immediate(kIsNotStringMask));
3557   __ j(not_zero, &miss);
3558 
3559   // Fast check for identical strings.
3560   Label not_same;
3561   __ cmp(left, right);
3562   __ j(not_equal, &not_same, Label::kNear);
3563   STATIC_ASSERT(EQUAL == 0);
3564   STATIC_ASSERT(kSmiTag == 0);
3565   __ Move(eax, Immediate(Smi::FromInt(EQUAL)));
3566   __ ret(0);
3567 
3568   // Handle not identical strings.
3569   __ bind(&not_same);
3570 
3571   // Check that both strings are internalized. If they are, we're done
3572   // because we already know they are not identical.  But in the case of
3573   // non-equality compare, we still need to determine the order. We
3574   // also know they are both strings.
3575   if (equality) {
3576     Label do_compare;
3577     STATIC_ASSERT(kInternalizedTag == 0);
3578     __ or_(tmp1, tmp2);
3579     __ test(tmp1, Immediate(kIsNotInternalizedMask));
3580     __ j(not_zero, &do_compare, Label::kNear);
3581     // Make sure eax is non-zero. At this point input operands are
3582     // guaranteed to be non-zero.
3583     DCHECK(right.is(eax));
3584     __ ret(0);
3585     __ bind(&do_compare);
3586   }
3587 
3588   // Check that both strings are sequential one-byte.
3589   Label runtime;
3590   __ JumpIfNotBothSequentialOneByteStrings(left, right, tmp1, tmp2, &runtime);
3591 
3592   // Compare flat one byte strings. Returns when done.
3593   if (equality) {
3594     StringHelper::GenerateFlatOneByteStringEquals(masm, left, right, tmp1,
3595                                                   tmp2);
3596   } else {
3597     StringHelper::GenerateCompareFlatOneByteStrings(masm, left, right, tmp1,
3598                                                     tmp2, tmp3);
3599   }
3600 
3601   // Handle more complex cases in runtime.
3602   __ bind(&runtime);
3603   __ pop(tmp1);  // Return address.
3604   __ push(left);
3605   __ push(right);
3606   __ push(tmp1);
3607   if (equality) {
3608     __ TailCallRuntime(Runtime::kStringEquals, 2, 1);
3609   } else {
3610     __ TailCallRuntime(Runtime::kStringCompare, 2, 1);
3611   }
3612 
3613   __ bind(&miss);
3614   GenerateMiss(masm);
3615 }
3616 
3617 
GenerateObjects(MacroAssembler * masm)3618 void CompareICStub::GenerateObjects(MacroAssembler* masm) {
3619   DCHECK(state() == CompareICState::OBJECT);
3620   Label miss;
3621   __ mov(ecx, edx);
3622   __ and_(ecx, eax);
3623   __ JumpIfSmi(ecx, &miss, Label::kNear);
3624 
3625   __ CmpObjectType(eax, JS_OBJECT_TYPE, ecx);
3626   __ j(not_equal, &miss, Label::kNear);
3627   __ CmpObjectType(edx, JS_OBJECT_TYPE, ecx);
3628   __ j(not_equal, &miss, Label::kNear);
3629 
3630   DCHECK(GetCondition() == equal);
3631   __ sub(eax, edx);
3632   __ ret(0);
3633 
3634   __ bind(&miss);
3635   GenerateMiss(masm);
3636 }
3637 
3638 
GenerateKnownObjects(MacroAssembler * masm)3639 void CompareICStub::GenerateKnownObjects(MacroAssembler* masm) {
3640   Label miss;
3641   __ mov(ecx, edx);
3642   __ and_(ecx, eax);
3643   __ JumpIfSmi(ecx, &miss, Label::kNear);
3644 
3645   __ mov(ecx, FieldOperand(eax, HeapObject::kMapOffset));
3646   __ mov(ebx, FieldOperand(edx, HeapObject::kMapOffset));
3647   __ cmp(ecx, known_map_);
3648   __ j(not_equal, &miss, Label::kNear);
3649   __ cmp(ebx, known_map_);
3650   __ j(not_equal, &miss, Label::kNear);
3651 
3652   __ sub(eax, edx);
3653   __ ret(0);
3654 
3655   __ bind(&miss);
3656   GenerateMiss(masm);
3657 }
3658 
3659 
GenerateMiss(MacroAssembler * masm)3660 void CompareICStub::GenerateMiss(MacroAssembler* masm) {
3661   {
3662     // Call the runtime system in a fresh internal frame.
3663     ExternalReference miss = ExternalReference(IC_Utility(IC::kCompareIC_Miss),
3664                                                isolate());
3665     FrameScope scope(masm, StackFrame::INTERNAL);
3666     __ push(edx);  // Preserve edx and eax.
3667     __ push(eax);
3668     __ push(edx);  // And also use them as the arguments.
3669     __ push(eax);
3670     __ push(Immediate(Smi::FromInt(op())));
3671     __ CallExternalReference(miss, 3);
3672     // Compute the entry point of the rewritten stub.
3673     __ lea(edi, FieldOperand(eax, Code::kHeaderSize));
3674     __ pop(eax);
3675     __ pop(edx);
3676   }
3677 
3678   // Do a tail call to the rewritten stub.
3679   __ jmp(edi);
3680 }
3681 
3682 
3683 // Helper function used to check that the dictionary doesn't contain
3684 // the property. This function may return false negatives, so miss_label
3685 // must always call a backup property check that is complete.
3686 // This function is safe to call if the receiver has fast properties.
3687 // Name must be a unique name and receiver must be a heap object.
GenerateNegativeLookup(MacroAssembler * masm,Label * miss,Label * done,Register properties,Handle<Name> name,Register r0)3688 void NameDictionaryLookupStub::GenerateNegativeLookup(MacroAssembler* masm,
3689                                                       Label* miss,
3690                                                       Label* done,
3691                                                       Register properties,
3692                                                       Handle<Name> name,
3693                                                       Register r0) {
3694   DCHECK(name->IsUniqueName());
3695 
3696   // If names of slots in range from 1 to kProbes - 1 for the hash value are
3697   // not equal to the name and kProbes-th slot is not used (its name is the
3698   // undefined value), it guarantees the hash table doesn't contain the
3699   // property. It's true even if some slots represent deleted properties
3700   // (their names are the hole value).
3701   for (int i = 0; i < kInlinedProbes; i++) {
3702     // Compute the masked index: (hash + i + i * i) & mask.
3703     Register index = r0;
3704     // Capacity is smi 2^n.
3705     __ mov(index, FieldOperand(properties, kCapacityOffset));
3706     __ dec(index);
3707     __ and_(index,
3708             Immediate(Smi::FromInt(name->Hash() +
3709                                    NameDictionary::GetProbeOffset(i))));
3710 
3711     // Scale the index by multiplying by the entry size.
3712     DCHECK(NameDictionary::kEntrySize == 3);
3713     __ lea(index, Operand(index, index, times_2, 0));  // index *= 3.
3714     Register entity_name = r0;
3715     // Having undefined at this place means the name is not contained.
3716     DCHECK_EQ(kSmiTagSize, 1);
3717     __ mov(entity_name, Operand(properties, index, times_half_pointer_size,
3718                                 kElementsStartOffset - kHeapObjectTag));
3719     __ cmp(entity_name, masm->isolate()->factory()->undefined_value());
3720     __ j(equal, done);
3721 
3722     // Stop if found the property.
3723     __ cmp(entity_name, Handle<Name>(name));
3724     __ j(equal, miss);
3725 
3726     Label good;
3727     // Check for the hole and skip.
3728     __ cmp(entity_name, masm->isolate()->factory()->the_hole_value());
3729     __ j(equal, &good, Label::kNear);
3730 
3731     // Check if the entry name is not a unique name.
3732     __ mov(entity_name, FieldOperand(entity_name, HeapObject::kMapOffset));
3733     __ JumpIfNotUniqueNameInstanceType(
3734         FieldOperand(entity_name, Map::kInstanceTypeOffset), miss);
3735     __ bind(&good);
3736   }
3737 
3738   NameDictionaryLookupStub stub(masm->isolate(), properties, r0, r0,
3739                                 NEGATIVE_LOOKUP);
3740   __ push(Immediate(Handle<Object>(name)));
3741   __ push(Immediate(name->Hash()));
3742   __ CallStub(&stub);
3743   __ test(r0, r0);
3744   __ j(not_zero, miss);
3745   __ jmp(done);
3746 }
3747 
3748 
3749 // Probe the name dictionary in the |elements| register. Jump to the
3750 // |done| label if a property with the given name is found leaving the
3751 // index into the dictionary in |r0|. Jump to the |miss| label
3752 // otherwise.
GeneratePositiveLookup(MacroAssembler * masm,Label * miss,Label * done,Register elements,Register name,Register r0,Register r1)3753 void NameDictionaryLookupStub::GeneratePositiveLookup(MacroAssembler* masm,
3754                                                       Label* miss,
3755                                                       Label* done,
3756                                                       Register elements,
3757                                                       Register name,
3758                                                       Register r0,
3759                                                       Register r1) {
3760   DCHECK(!elements.is(r0));
3761   DCHECK(!elements.is(r1));
3762   DCHECK(!name.is(r0));
3763   DCHECK(!name.is(r1));
3764 
3765   __ AssertName(name);
3766 
3767   __ mov(r1, FieldOperand(elements, kCapacityOffset));
3768   __ shr(r1, kSmiTagSize);  // convert smi to int
3769   __ dec(r1);
3770 
3771   // Generate an unrolled loop that performs a few probes before
3772   // giving up. Measurements done on Gmail indicate that 2 probes
3773   // cover ~93% of loads from dictionaries.
3774   for (int i = 0; i < kInlinedProbes; i++) {
3775     // Compute the masked index: (hash + i + i * i) & mask.
3776     __ mov(r0, FieldOperand(name, Name::kHashFieldOffset));
3777     __ shr(r0, Name::kHashShift);
3778     if (i > 0) {
3779       __ add(r0, Immediate(NameDictionary::GetProbeOffset(i)));
3780     }
3781     __ and_(r0, r1);
3782 
3783     // Scale the index by multiplying by the entry size.
3784     DCHECK(NameDictionary::kEntrySize == 3);
3785     __ lea(r0, Operand(r0, r0, times_2, 0));  // r0 = r0 * 3
3786 
3787     // Check if the key is identical to the name.
3788     __ cmp(name, Operand(elements,
3789                          r0,
3790                          times_4,
3791                          kElementsStartOffset - kHeapObjectTag));
3792     __ j(equal, done);
3793   }
3794 
3795   NameDictionaryLookupStub stub(masm->isolate(), elements, r1, r0,
3796                                 POSITIVE_LOOKUP);
3797   __ push(name);
3798   __ mov(r0, FieldOperand(name, Name::kHashFieldOffset));
3799   __ shr(r0, Name::kHashShift);
3800   __ push(r0);
3801   __ CallStub(&stub);
3802 
3803   __ test(r1, r1);
3804   __ j(zero, miss);
3805   __ jmp(done);
3806 }
3807 
3808 
Generate(MacroAssembler * masm)3809 void NameDictionaryLookupStub::Generate(MacroAssembler* masm) {
3810   // This stub overrides SometimesSetsUpAFrame() to return false.  That means
3811   // we cannot call anything that could cause a GC from this stub.
3812   // Stack frame on entry:
3813   //  esp[0 * kPointerSize]: return address.
3814   //  esp[1 * kPointerSize]: key's hash.
3815   //  esp[2 * kPointerSize]: key.
3816   // Registers:
3817   //  dictionary_: NameDictionary to probe.
3818   //  result_: used as scratch.
3819   //  index_: will hold an index of entry if lookup is successful.
3820   //          might alias with result_.
3821   // Returns:
3822   //  result_ is zero if lookup failed, non zero otherwise.
3823 
3824   Label in_dictionary, maybe_in_dictionary, not_in_dictionary;
3825 
3826   Register scratch = result();
3827 
3828   __ mov(scratch, FieldOperand(dictionary(), kCapacityOffset));
3829   __ dec(scratch);
3830   __ SmiUntag(scratch);
3831   __ push(scratch);
3832 
3833   // If names of slots in range from 1 to kProbes - 1 for the hash value are
3834   // not equal to the name and kProbes-th slot is not used (its name is the
3835   // undefined value), it guarantees the hash table doesn't contain the
3836   // property. It's true even if some slots represent deleted properties
3837   // (their names are the null value).
3838   for (int i = kInlinedProbes; i < kTotalProbes; i++) {
3839     // Compute the masked index: (hash + i + i * i) & mask.
3840     __ mov(scratch, Operand(esp, 2 * kPointerSize));
3841     if (i > 0) {
3842       __ add(scratch, Immediate(NameDictionary::GetProbeOffset(i)));
3843     }
3844     __ and_(scratch, Operand(esp, 0));
3845 
3846     // Scale the index by multiplying by the entry size.
3847     DCHECK(NameDictionary::kEntrySize == 3);
3848     __ lea(index(), Operand(scratch, scratch, times_2, 0));  // index *= 3.
3849 
3850     // Having undefined at this place means the name is not contained.
3851     DCHECK_EQ(kSmiTagSize, 1);
3852     __ mov(scratch, Operand(dictionary(), index(), times_pointer_size,
3853                             kElementsStartOffset - kHeapObjectTag));
3854     __ cmp(scratch, isolate()->factory()->undefined_value());
3855     __ j(equal, &not_in_dictionary);
3856 
3857     // Stop if found the property.
3858     __ cmp(scratch, Operand(esp, 3 * kPointerSize));
3859     __ j(equal, &in_dictionary);
3860 
3861     if (i != kTotalProbes - 1 && mode() == NEGATIVE_LOOKUP) {
3862       // If we hit a key that is not a unique name during negative
3863       // lookup we have to bailout as this key might be equal to the
3864       // key we are looking for.
3865 
3866       // Check if the entry name is not a unique name.
3867       __ mov(scratch, FieldOperand(scratch, HeapObject::kMapOffset));
3868       __ JumpIfNotUniqueNameInstanceType(
3869           FieldOperand(scratch, Map::kInstanceTypeOffset),
3870           &maybe_in_dictionary);
3871     }
3872   }
3873 
3874   __ bind(&maybe_in_dictionary);
3875   // If we are doing negative lookup then probing failure should be
3876   // treated as a lookup success. For positive lookup probing failure
3877   // should be treated as lookup failure.
3878   if (mode() == POSITIVE_LOOKUP) {
3879     __ mov(result(), Immediate(0));
3880     __ Drop(1);
3881     __ ret(2 * kPointerSize);
3882   }
3883 
3884   __ bind(&in_dictionary);
3885   __ mov(result(), Immediate(1));
3886   __ Drop(1);
3887   __ ret(2 * kPointerSize);
3888 
3889   __ bind(&not_in_dictionary);
3890   __ mov(result(), Immediate(0));
3891   __ Drop(1);
3892   __ ret(2 * kPointerSize);
3893 }
3894 
3895 
GenerateFixedRegStubsAheadOfTime(Isolate * isolate)3896 void StoreBufferOverflowStub::GenerateFixedRegStubsAheadOfTime(
3897     Isolate* isolate) {
3898   StoreBufferOverflowStub stub(isolate, kDontSaveFPRegs);
3899   stub.GetCode();
3900   StoreBufferOverflowStub stub2(isolate, kSaveFPRegs);
3901   stub2.GetCode();
3902 }
3903 
3904 
3905 // Takes the input in 3 registers: address_ value_ and object_.  A pointer to
3906 // the value has just been written into the object, now this stub makes sure
3907 // we keep the GC informed.  The word in the object where the value has been
3908 // written is in the address register.
Generate(MacroAssembler * masm)3909 void RecordWriteStub::Generate(MacroAssembler* masm) {
3910   Label skip_to_incremental_noncompacting;
3911   Label skip_to_incremental_compacting;
3912 
3913   // The first two instructions are generated with labels so as to get the
3914   // offset fixed up correctly by the bind(Label*) call.  We patch it back and
3915   // forth between a compare instructions (a nop in this position) and the
3916   // real branch when we start and stop incremental heap marking.
3917   __ jmp(&skip_to_incremental_noncompacting, Label::kNear);
3918   __ jmp(&skip_to_incremental_compacting, Label::kFar);
3919 
3920   if (remembered_set_action() == EMIT_REMEMBERED_SET) {
3921     __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
3922                            MacroAssembler::kReturnAtEnd);
3923   } else {
3924     __ ret(0);
3925   }
3926 
3927   __ bind(&skip_to_incremental_noncompacting);
3928   GenerateIncremental(masm, INCREMENTAL);
3929 
3930   __ bind(&skip_to_incremental_compacting);
3931   GenerateIncremental(masm, INCREMENTAL_COMPACTION);
3932 
3933   // Initial mode of the stub is expected to be STORE_BUFFER_ONLY.
3934   // Will be checked in IncrementalMarking::ActivateGeneratedStub.
3935   masm->set_byte_at(0, kTwoByteNopInstruction);
3936   masm->set_byte_at(2, kFiveByteNopInstruction);
3937 }
3938 
3939 
GenerateIncremental(MacroAssembler * masm,Mode mode)3940 void RecordWriteStub::GenerateIncremental(MacroAssembler* masm, Mode mode) {
3941   regs_.Save(masm);
3942 
3943   if (remembered_set_action() == EMIT_REMEMBERED_SET) {
3944     Label dont_need_remembered_set;
3945 
3946     __ mov(regs_.scratch0(), Operand(regs_.address(), 0));
3947     __ JumpIfNotInNewSpace(regs_.scratch0(),  // Value.
3948                            regs_.scratch0(),
3949                            &dont_need_remembered_set);
3950 
3951     __ CheckPageFlag(regs_.object(),
3952                      regs_.scratch0(),
3953                      1 << MemoryChunk::SCAN_ON_SCAVENGE,
3954                      not_zero,
3955                      &dont_need_remembered_set);
3956 
3957     // First notify the incremental marker if necessary, then update the
3958     // remembered set.
3959     CheckNeedsToInformIncrementalMarker(
3960         masm,
3961         kUpdateRememberedSetOnNoNeedToInformIncrementalMarker,
3962         mode);
3963     InformIncrementalMarker(masm);
3964     regs_.Restore(masm);
3965     __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
3966                            MacroAssembler::kReturnAtEnd);
3967 
3968     __ bind(&dont_need_remembered_set);
3969   }
3970 
3971   CheckNeedsToInformIncrementalMarker(
3972       masm,
3973       kReturnOnNoNeedToInformIncrementalMarker,
3974       mode);
3975   InformIncrementalMarker(masm);
3976   regs_.Restore(masm);
3977   __ ret(0);
3978 }
3979 
3980 
InformIncrementalMarker(MacroAssembler * masm)3981 void RecordWriteStub::InformIncrementalMarker(MacroAssembler* masm) {
3982   regs_.SaveCallerSaveRegisters(masm, save_fp_regs_mode());
3983   int argument_count = 3;
3984   __ PrepareCallCFunction(argument_count, regs_.scratch0());
3985   __ mov(Operand(esp, 0 * kPointerSize), regs_.object());
3986   __ mov(Operand(esp, 1 * kPointerSize), regs_.address());  // Slot.
3987   __ mov(Operand(esp, 2 * kPointerSize),
3988          Immediate(ExternalReference::isolate_address(isolate())));
3989 
3990   AllowExternalCallThatCantCauseGC scope(masm);
3991   __ CallCFunction(
3992       ExternalReference::incremental_marking_record_write_function(isolate()),
3993       argument_count);
3994 
3995   regs_.RestoreCallerSaveRegisters(masm, save_fp_regs_mode());
3996 }
3997 
3998 
CheckNeedsToInformIncrementalMarker(MacroAssembler * masm,OnNoNeedToInformIncrementalMarker on_no_need,Mode mode)3999 void RecordWriteStub::CheckNeedsToInformIncrementalMarker(
4000     MacroAssembler* masm,
4001     OnNoNeedToInformIncrementalMarker on_no_need,
4002     Mode mode) {
4003   Label object_is_black, need_incremental, need_incremental_pop_object;
4004 
4005   __ mov(regs_.scratch0(), Immediate(~Page::kPageAlignmentMask));
4006   __ and_(regs_.scratch0(), regs_.object());
4007   __ mov(regs_.scratch1(),
4008          Operand(regs_.scratch0(),
4009                  MemoryChunk::kWriteBarrierCounterOffset));
4010   __ sub(regs_.scratch1(), Immediate(1));
4011   __ mov(Operand(regs_.scratch0(),
4012                  MemoryChunk::kWriteBarrierCounterOffset),
4013          regs_.scratch1());
4014   __ j(negative, &need_incremental);
4015 
4016   // Let's look at the color of the object:  If it is not black we don't have
4017   // to inform the incremental marker.
4018   __ JumpIfBlack(regs_.object(),
4019                  regs_.scratch0(),
4020                  regs_.scratch1(),
4021                  &object_is_black,
4022                  Label::kNear);
4023 
4024   regs_.Restore(masm);
4025   if (on_no_need == kUpdateRememberedSetOnNoNeedToInformIncrementalMarker) {
4026     __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
4027                            MacroAssembler::kReturnAtEnd);
4028   } else {
4029     __ ret(0);
4030   }
4031 
4032   __ bind(&object_is_black);
4033 
4034   // Get the value from the slot.
4035   __ mov(regs_.scratch0(), Operand(regs_.address(), 0));
4036 
4037   if (mode == INCREMENTAL_COMPACTION) {
4038     Label ensure_not_white;
4039 
4040     __ CheckPageFlag(regs_.scratch0(),  // Contains value.
4041                      regs_.scratch1(),  // Scratch.
4042                      MemoryChunk::kEvacuationCandidateMask,
4043                      zero,
4044                      &ensure_not_white,
4045                      Label::kNear);
4046 
4047     __ CheckPageFlag(regs_.object(),
4048                      regs_.scratch1(),  // Scratch.
4049                      MemoryChunk::kSkipEvacuationSlotsRecordingMask,
4050                      not_zero,
4051                      &ensure_not_white,
4052                      Label::kNear);
4053 
4054     __ jmp(&need_incremental);
4055 
4056     __ bind(&ensure_not_white);
4057   }
4058 
4059   // We need an extra register for this, so we push the object register
4060   // temporarily.
4061   __ push(regs_.object());
4062   __ EnsureNotWhite(regs_.scratch0(),  // The value.
4063                     regs_.scratch1(),  // Scratch.
4064                     regs_.object(),  // Scratch.
4065                     &need_incremental_pop_object,
4066                     Label::kNear);
4067   __ pop(regs_.object());
4068 
4069   regs_.Restore(masm);
4070   if (on_no_need == kUpdateRememberedSetOnNoNeedToInformIncrementalMarker) {
4071     __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
4072                            MacroAssembler::kReturnAtEnd);
4073   } else {
4074     __ ret(0);
4075   }
4076 
4077   __ bind(&need_incremental_pop_object);
4078   __ pop(regs_.object());
4079 
4080   __ bind(&need_incremental);
4081 
4082   // Fall through when we need to inform the incremental marker.
4083 }
4084 
4085 
Generate(MacroAssembler * masm)4086 void StoreArrayLiteralElementStub::Generate(MacroAssembler* masm) {
4087   // ----------- S t a t e -------------
4088   //  -- eax    : element value to store
4089   //  -- ecx    : element index as smi
4090   //  -- esp[0] : return address
4091   //  -- esp[4] : array literal index in function
4092   //  -- esp[8] : array literal
4093   // clobbers ebx, edx, edi
4094   // -----------------------------------
4095 
4096   Label element_done;
4097   Label double_elements;
4098   Label smi_element;
4099   Label slow_elements;
4100   Label slow_elements_from_double;
4101   Label fast_elements;
4102 
4103   // Get array literal index, array literal and its map.
4104   __ mov(edx, Operand(esp, 1 * kPointerSize));
4105   __ mov(ebx, Operand(esp, 2 * kPointerSize));
4106   __ mov(edi, FieldOperand(ebx, JSObject::kMapOffset));
4107 
4108   __ CheckFastElements(edi, &double_elements);
4109 
4110   // Check for FAST_*_SMI_ELEMENTS or FAST_*_ELEMENTS elements
4111   __ JumpIfSmi(eax, &smi_element);
4112   __ CheckFastSmiElements(edi, &fast_elements, Label::kNear);
4113 
4114   // Store into the array literal requires a elements transition. Call into
4115   // the runtime.
4116 
4117   __ bind(&slow_elements);
4118   __ pop(edi);  // Pop return address and remember to put back later for tail
4119                 // call.
4120   __ push(ebx);
4121   __ push(ecx);
4122   __ push(eax);
4123   __ mov(ebx, Operand(ebp, JavaScriptFrameConstants::kFunctionOffset));
4124   __ push(FieldOperand(ebx, JSFunction::kLiteralsOffset));
4125   __ push(edx);
4126   __ push(edi);  // Return return address so that tail call returns to right
4127                  // place.
4128   __ TailCallRuntime(Runtime::kStoreArrayLiteralElement, 5, 1);
4129 
4130   __ bind(&slow_elements_from_double);
4131   __ pop(edx);
4132   __ jmp(&slow_elements);
4133 
4134   // Array literal has ElementsKind of FAST_*_ELEMENTS and value is an object.
4135   __ bind(&fast_elements);
4136   __ mov(ebx, FieldOperand(ebx, JSObject::kElementsOffset));
4137   __ lea(ecx, FieldOperand(ebx, ecx, times_half_pointer_size,
4138                            FixedArrayBase::kHeaderSize));
4139   __ mov(Operand(ecx, 0), eax);
4140   // Update the write barrier for the array store.
4141   __ RecordWrite(ebx, ecx, eax,
4142                  kDontSaveFPRegs,
4143                  EMIT_REMEMBERED_SET,
4144                  OMIT_SMI_CHECK);
4145   __ ret(0);
4146 
4147   // Array literal has ElementsKind of FAST_*_SMI_ELEMENTS or FAST_*_ELEMENTS,
4148   // and value is Smi.
4149   __ bind(&smi_element);
4150   __ mov(ebx, FieldOperand(ebx, JSObject::kElementsOffset));
4151   __ mov(FieldOperand(ebx, ecx, times_half_pointer_size,
4152                       FixedArrayBase::kHeaderSize), eax);
4153   __ ret(0);
4154 
4155   // Array literal has ElementsKind of FAST_*_DOUBLE_ELEMENTS.
4156   __ bind(&double_elements);
4157 
4158   __ push(edx);
4159   __ mov(edx, FieldOperand(ebx, JSObject::kElementsOffset));
4160   __ StoreNumberToDoubleElements(eax,
4161                                  edx,
4162                                  ecx,
4163                                  edi,
4164                                  xmm0,
4165                                  &slow_elements_from_double);
4166   __ pop(edx);
4167   __ ret(0);
4168 }
4169 
4170 
Generate(MacroAssembler * masm)4171 void StubFailureTrampolineStub::Generate(MacroAssembler* masm) {
4172   CEntryStub ces(isolate(), 1, kSaveFPRegs);
4173   __ call(ces.GetCode(), RelocInfo::CODE_TARGET);
4174   int parameter_count_offset =
4175       StubFailureTrampolineFrame::kCallerStackParameterCountFrameOffset;
4176   __ mov(ebx, MemOperand(ebp, parameter_count_offset));
4177   masm->LeaveFrame(StackFrame::STUB_FAILURE_TRAMPOLINE);
4178   __ pop(ecx);
4179   int additional_offset =
4180       function_mode() == JS_FUNCTION_STUB_MODE ? kPointerSize : 0;
4181   __ lea(esp, MemOperand(esp, ebx, times_pointer_size, additional_offset));
4182   __ jmp(ecx);  // Return to IC Miss stub, continuation still on stack.
4183 }
4184 
4185 
Generate(MacroAssembler * masm)4186 void LoadICTrampolineStub::Generate(MacroAssembler* masm) {
4187   EmitLoadTypeFeedbackVector(masm, VectorLoadICDescriptor::VectorRegister());
4188   VectorLoadStub stub(isolate(), state());
4189   __ jmp(stub.GetCode(), RelocInfo::CODE_TARGET);
4190 }
4191 
4192 
Generate(MacroAssembler * masm)4193 void KeyedLoadICTrampolineStub::Generate(MacroAssembler* masm) {
4194   EmitLoadTypeFeedbackVector(masm, VectorLoadICDescriptor::VectorRegister());
4195   VectorKeyedLoadStub stub(isolate());
4196   __ jmp(stub.GetCode(), RelocInfo::CODE_TARGET);
4197 }
4198 
4199 
MaybeCallEntryHook(MacroAssembler * masm)4200 void ProfileEntryHookStub::MaybeCallEntryHook(MacroAssembler* masm) {
4201   if (masm->isolate()->function_entry_hook() != NULL) {
4202     ProfileEntryHookStub stub(masm->isolate());
4203     masm->CallStub(&stub);
4204   }
4205 }
4206 
4207 
Generate(MacroAssembler * masm)4208 void ProfileEntryHookStub::Generate(MacroAssembler* masm) {
4209   // Save volatile registers.
4210   const int kNumSavedRegisters = 3;
4211   __ push(eax);
4212   __ push(ecx);
4213   __ push(edx);
4214 
4215   // Calculate and push the original stack pointer.
4216   __ lea(eax, Operand(esp, (kNumSavedRegisters + 1) * kPointerSize));
4217   __ push(eax);
4218 
4219   // Retrieve our return address and use it to calculate the calling
4220   // function's address.
4221   __ mov(eax, Operand(esp, (kNumSavedRegisters + 1) * kPointerSize));
4222   __ sub(eax, Immediate(Assembler::kCallInstructionLength));
4223   __ push(eax);
4224 
4225   // Call the entry hook.
4226   DCHECK(isolate()->function_entry_hook() != NULL);
4227   __ call(FUNCTION_ADDR(isolate()->function_entry_hook()),
4228           RelocInfo::RUNTIME_ENTRY);
4229   __ add(esp, Immediate(2 * kPointerSize));
4230 
4231   // Restore ecx.
4232   __ pop(edx);
4233   __ pop(ecx);
4234   __ pop(eax);
4235 
4236   __ ret(0);
4237 }
4238 
4239 
4240 template<class T>
CreateArrayDispatch(MacroAssembler * masm,AllocationSiteOverrideMode mode)4241 static void CreateArrayDispatch(MacroAssembler* masm,
4242                                 AllocationSiteOverrideMode mode) {
4243   if (mode == DISABLE_ALLOCATION_SITES) {
4244     T stub(masm->isolate(),
4245            GetInitialFastElementsKind(),
4246            mode);
4247     __ TailCallStub(&stub);
4248   } else if (mode == DONT_OVERRIDE) {
4249     int last_index = GetSequenceIndexFromFastElementsKind(
4250         TERMINAL_FAST_ELEMENTS_KIND);
4251     for (int i = 0; i <= last_index; ++i) {
4252       Label next;
4253       ElementsKind kind = GetFastElementsKindFromSequenceIndex(i);
4254       __ cmp(edx, kind);
4255       __ j(not_equal, &next);
4256       T stub(masm->isolate(), kind);
4257       __ TailCallStub(&stub);
4258       __ bind(&next);
4259     }
4260 
4261     // If we reached this point there is a problem.
4262     __ Abort(kUnexpectedElementsKindInArrayConstructor);
4263   } else {
4264     UNREACHABLE();
4265   }
4266 }
4267 
4268 
CreateArrayDispatchOneArgument(MacroAssembler * masm,AllocationSiteOverrideMode mode)4269 static void CreateArrayDispatchOneArgument(MacroAssembler* masm,
4270                                            AllocationSiteOverrideMode mode) {
4271   // ebx - allocation site (if mode != DISABLE_ALLOCATION_SITES)
4272   // edx - kind (if mode != DISABLE_ALLOCATION_SITES)
4273   // eax - number of arguments
4274   // edi - constructor?
4275   // esp[0] - return address
4276   // esp[4] - last argument
4277   Label normal_sequence;
4278   if (mode == DONT_OVERRIDE) {
4279     DCHECK(FAST_SMI_ELEMENTS == 0);
4280     DCHECK(FAST_HOLEY_SMI_ELEMENTS == 1);
4281     DCHECK(FAST_ELEMENTS == 2);
4282     DCHECK(FAST_HOLEY_ELEMENTS == 3);
4283     DCHECK(FAST_DOUBLE_ELEMENTS == 4);
4284     DCHECK(FAST_HOLEY_DOUBLE_ELEMENTS == 5);
4285 
4286     // is the low bit set? If so, we are holey and that is good.
4287     __ test_b(edx, 1);
4288     __ j(not_zero, &normal_sequence);
4289   }
4290 
4291   // look at the first argument
4292   __ mov(ecx, Operand(esp, kPointerSize));
4293   __ test(ecx, ecx);
4294   __ j(zero, &normal_sequence);
4295 
4296   if (mode == DISABLE_ALLOCATION_SITES) {
4297     ElementsKind initial = GetInitialFastElementsKind();
4298     ElementsKind holey_initial = GetHoleyElementsKind(initial);
4299 
4300     ArraySingleArgumentConstructorStub stub_holey(masm->isolate(),
4301                                                   holey_initial,
4302                                                   DISABLE_ALLOCATION_SITES);
4303     __ TailCallStub(&stub_holey);
4304 
4305     __ bind(&normal_sequence);
4306     ArraySingleArgumentConstructorStub stub(masm->isolate(),
4307                                             initial,
4308                                             DISABLE_ALLOCATION_SITES);
4309     __ TailCallStub(&stub);
4310   } else if (mode == DONT_OVERRIDE) {
4311     // We are going to create a holey array, but our kind is non-holey.
4312     // Fix kind and retry.
4313     __ inc(edx);
4314 
4315     if (FLAG_debug_code) {
4316       Handle<Map> allocation_site_map =
4317           masm->isolate()->factory()->allocation_site_map();
4318       __ cmp(FieldOperand(ebx, 0), Immediate(allocation_site_map));
4319       __ Assert(equal, kExpectedAllocationSite);
4320     }
4321 
4322     // Save the resulting elements kind in type info. We can't just store r3
4323     // in the AllocationSite::transition_info field because elements kind is
4324     // restricted to a portion of the field...upper bits need to be left alone.
4325     STATIC_ASSERT(AllocationSite::ElementsKindBits::kShift == 0);
4326     __ add(FieldOperand(ebx, AllocationSite::kTransitionInfoOffset),
4327            Immediate(Smi::FromInt(kFastElementsKindPackedToHoley)));
4328 
4329     __ bind(&normal_sequence);
4330     int last_index = GetSequenceIndexFromFastElementsKind(
4331         TERMINAL_FAST_ELEMENTS_KIND);
4332     for (int i = 0; i <= last_index; ++i) {
4333       Label next;
4334       ElementsKind kind = GetFastElementsKindFromSequenceIndex(i);
4335       __ cmp(edx, kind);
4336       __ j(not_equal, &next);
4337       ArraySingleArgumentConstructorStub stub(masm->isolate(), kind);
4338       __ TailCallStub(&stub);
4339       __ bind(&next);
4340     }
4341 
4342     // If we reached this point there is a problem.
4343     __ Abort(kUnexpectedElementsKindInArrayConstructor);
4344   } else {
4345     UNREACHABLE();
4346   }
4347 }
4348 
4349 
4350 template<class T>
ArrayConstructorStubAheadOfTimeHelper(Isolate * isolate)4351 static void ArrayConstructorStubAheadOfTimeHelper(Isolate* isolate) {
4352   int to_index = GetSequenceIndexFromFastElementsKind(
4353       TERMINAL_FAST_ELEMENTS_KIND);
4354   for (int i = 0; i <= to_index; ++i) {
4355     ElementsKind kind = GetFastElementsKindFromSequenceIndex(i);
4356     T stub(isolate, kind);
4357     stub.GetCode();
4358     if (AllocationSite::GetMode(kind) != DONT_TRACK_ALLOCATION_SITE) {
4359       T stub1(isolate, kind, DISABLE_ALLOCATION_SITES);
4360       stub1.GetCode();
4361     }
4362   }
4363 }
4364 
4365 
GenerateStubsAheadOfTime(Isolate * isolate)4366 void ArrayConstructorStubBase::GenerateStubsAheadOfTime(Isolate* isolate) {
4367   ArrayConstructorStubAheadOfTimeHelper<ArrayNoArgumentConstructorStub>(
4368       isolate);
4369   ArrayConstructorStubAheadOfTimeHelper<ArraySingleArgumentConstructorStub>(
4370       isolate);
4371   ArrayConstructorStubAheadOfTimeHelper<ArrayNArgumentsConstructorStub>(
4372       isolate);
4373 }
4374 
4375 
GenerateStubsAheadOfTime(Isolate * isolate)4376 void InternalArrayConstructorStubBase::GenerateStubsAheadOfTime(
4377     Isolate* isolate) {
4378   ElementsKind kinds[2] = { FAST_ELEMENTS, FAST_HOLEY_ELEMENTS };
4379   for (int i = 0; i < 2; i++) {
4380     // For internal arrays we only need a few things
4381     InternalArrayNoArgumentConstructorStub stubh1(isolate, kinds[i]);
4382     stubh1.GetCode();
4383     InternalArraySingleArgumentConstructorStub stubh2(isolate, kinds[i]);
4384     stubh2.GetCode();
4385     InternalArrayNArgumentsConstructorStub stubh3(isolate, kinds[i]);
4386     stubh3.GetCode();
4387   }
4388 }
4389 
4390 
GenerateDispatchToArrayStub(MacroAssembler * masm,AllocationSiteOverrideMode mode)4391 void ArrayConstructorStub::GenerateDispatchToArrayStub(
4392     MacroAssembler* masm,
4393     AllocationSiteOverrideMode mode) {
4394   if (argument_count() == ANY) {
4395     Label not_zero_case, not_one_case;
4396     __ test(eax, eax);
4397     __ j(not_zero, &not_zero_case);
4398     CreateArrayDispatch<ArrayNoArgumentConstructorStub>(masm, mode);
4399 
4400     __ bind(&not_zero_case);
4401     __ cmp(eax, 1);
4402     __ j(greater, &not_one_case);
4403     CreateArrayDispatchOneArgument(masm, mode);
4404 
4405     __ bind(&not_one_case);
4406     CreateArrayDispatch<ArrayNArgumentsConstructorStub>(masm, mode);
4407   } else if (argument_count() == NONE) {
4408     CreateArrayDispatch<ArrayNoArgumentConstructorStub>(masm, mode);
4409   } else if (argument_count() == ONE) {
4410     CreateArrayDispatchOneArgument(masm, mode);
4411   } else if (argument_count() == MORE_THAN_ONE) {
4412     CreateArrayDispatch<ArrayNArgumentsConstructorStub>(masm, mode);
4413   } else {
4414     UNREACHABLE();
4415   }
4416 }
4417 
4418 
Generate(MacroAssembler * masm)4419 void ArrayConstructorStub::Generate(MacroAssembler* masm) {
4420   // ----------- S t a t e -------------
4421   //  -- eax : argc (only if argument_count() == ANY)
4422   //  -- ebx : AllocationSite or undefined
4423   //  -- edi : constructor
4424   //  -- esp[0] : return address
4425   //  -- esp[4] : last argument
4426   // -----------------------------------
4427   if (FLAG_debug_code) {
4428     // The array construct code is only set for the global and natives
4429     // builtin Array functions which always have maps.
4430 
4431     // Initial map for the builtin Array function should be a map.
4432     __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
4433     // Will both indicate a NULL and a Smi.
4434     __ test(ecx, Immediate(kSmiTagMask));
4435     __ Assert(not_zero, kUnexpectedInitialMapForArrayFunction);
4436     __ CmpObjectType(ecx, MAP_TYPE, ecx);
4437     __ Assert(equal, kUnexpectedInitialMapForArrayFunction);
4438 
4439     // We should either have undefined in ebx or a valid AllocationSite
4440     __ AssertUndefinedOrAllocationSite(ebx);
4441   }
4442 
4443   Label no_info;
4444   // If the feedback vector is the undefined value call an array constructor
4445   // that doesn't use AllocationSites.
4446   __ cmp(ebx, isolate()->factory()->undefined_value());
4447   __ j(equal, &no_info);
4448 
4449   // Only look at the lower 16 bits of the transition info.
4450   __ mov(edx, FieldOperand(ebx, AllocationSite::kTransitionInfoOffset));
4451   __ SmiUntag(edx);
4452   STATIC_ASSERT(AllocationSite::ElementsKindBits::kShift == 0);
4453   __ and_(edx, Immediate(AllocationSite::ElementsKindBits::kMask));
4454   GenerateDispatchToArrayStub(masm, DONT_OVERRIDE);
4455 
4456   __ bind(&no_info);
4457   GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES);
4458 }
4459 
4460 
GenerateCase(MacroAssembler * masm,ElementsKind kind)4461 void InternalArrayConstructorStub::GenerateCase(
4462     MacroAssembler* masm, ElementsKind kind) {
4463   Label not_zero_case, not_one_case;
4464   Label normal_sequence;
4465 
4466   __ test(eax, eax);
4467   __ j(not_zero, &not_zero_case);
4468   InternalArrayNoArgumentConstructorStub stub0(isolate(), kind);
4469   __ TailCallStub(&stub0);
4470 
4471   __ bind(&not_zero_case);
4472   __ cmp(eax, 1);
4473   __ j(greater, &not_one_case);
4474 
4475   if (IsFastPackedElementsKind(kind)) {
4476     // We might need to create a holey array
4477     // look at the first argument
4478     __ mov(ecx, Operand(esp, kPointerSize));
4479     __ test(ecx, ecx);
4480     __ j(zero, &normal_sequence);
4481 
4482     InternalArraySingleArgumentConstructorStub
4483         stub1_holey(isolate(), GetHoleyElementsKind(kind));
4484     __ TailCallStub(&stub1_holey);
4485   }
4486 
4487   __ bind(&normal_sequence);
4488   InternalArraySingleArgumentConstructorStub stub1(isolate(), kind);
4489   __ TailCallStub(&stub1);
4490 
4491   __ bind(&not_one_case);
4492   InternalArrayNArgumentsConstructorStub stubN(isolate(), kind);
4493   __ TailCallStub(&stubN);
4494 }
4495 
4496 
Generate(MacroAssembler * masm)4497 void InternalArrayConstructorStub::Generate(MacroAssembler* masm) {
4498   // ----------- S t a t e -------------
4499   //  -- eax : argc
4500   //  -- edi : constructor
4501   //  -- esp[0] : return address
4502   //  -- esp[4] : last argument
4503   // -----------------------------------
4504 
4505   if (FLAG_debug_code) {
4506     // The array construct code is only set for the global and natives
4507     // builtin Array functions which always have maps.
4508 
4509     // Initial map for the builtin Array function should be a map.
4510     __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
4511     // Will both indicate a NULL and a Smi.
4512     __ test(ecx, Immediate(kSmiTagMask));
4513     __ Assert(not_zero, kUnexpectedInitialMapForArrayFunction);
4514     __ CmpObjectType(ecx, MAP_TYPE, ecx);
4515     __ Assert(equal, kUnexpectedInitialMapForArrayFunction);
4516   }
4517 
4518   // Figure out the right elements kind
4519   __ mov(ecx, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
4520 
4521   // Load the map's "bit field 2" into |result|. We only need the first byte,
4522   // but the following masking takes care of that anyway.
4523   __ mov(ecx, FieldOperand(ecx, Map::kBitField2Offset));
4524   // Retrieve elements_kind from bit field 2.
4525   __ DecodeField<Map::ElementsKindBits>(ecx);
4526 
4527   if (FLAG_debug_code) {
4528     Label done;
4529     __ cmp(ecx, Immediate(FAST_ELEMENTS));
4530     __ j(equal, &done);
4531     __ cmp(ecx, Immediate(FAST_HOLEY_ELEMENTS));
4532     __ Assert(equal,
4533               kInvalidElementsKindForInternalArrayOrInternalPackedArray);
4534     __ bind(&done);
4535   }
4536 
4537   Label fast_elements_case;
4538   __ cmp(ecx, Immediate(FAST_ELEMENTS));
4539   __ j(equal, &fast_elements_case);
4540   GenerateCase(masm, FAST_HOLEY_ELEMENTS);
4541 
4542   __ bind(&fast_elements_case);
4543   GenerateCase(masm, FAST_ELEMENTS);
4544 }
4545 
4546 
Generate(MacroAssembler * masm)4547 void CallApiFunctionStub::Generate(MacroAssembler* masm) {
4548   // ----------- S t a t e -------------
4549   //  -- eax                 : callee
4550   //  -- ebx                 : call_data
4551   //  -- ecx                 : holder
4552   //  -- edx                 : api_function_address
4553   //  -- esi                 : context
4554   //  --
4555   //  -- esp[0]              : return address
4556   //  -- esp[4]              : last argument
4557   //  -- ...
4558   //  -- esp[argc * 4]       : first argument
4559   //  -- esp[(argc + 1) * 4] : receiver
4560   // -----------------------------------
4561 
4562   Register callee = eax;
4563   Register call_data = ebx;
4564   Register holder = ecx;
4565   Register api_function_address = edx;
4566   Register return_address = edi;
4567   Register context = esi;
4568 
4569   int argc = this->argc();
4570   bool is_store = this->is_store();
4571   bool call_data_undefined = this->call_data_undefined();
4572 
4573   typedef FunctionCallbackArguments FCA;
4574 
4575   STATIC_ASSERT(FCA::kContextSaveIndex == 6);
4576   STATIC_ASSERT(FCA::kCalleeIndex == 5);
4577   STATIC_ASSERT(FCA::kDataIndex == 4);
4578   STATIC_ASSERT(FCA::kReturnValueOffset == 3);
4579   STATIC_ASSERT(FCA::kReturnValueDefaultValueIndex == 2);
4580   STATIC_ASSERT(FCA::kIsolateIndex == 1);
4581   STATIC_ASSERT(FCA::kHolderIndex == 0);
4582   STATIC_ASSERT(FCA::kArgsLength == 7);
4583 
4584   __ pop(return_address);
4585 
4586   // context save
4587   __ push(context);
4588   // load context from callee
4589   __ mov(context, FieldOperand(callee, JSFunction::kContextOffset));
4590 
4591   // callee
4592   __ push(callee);
4593 
4594   // call data
4595   __ push(call_data);
4596 
4597   Register scratch = call_data;
4598   if (!call_data_undefined) {
4599     // return value
4600     __ push(Immediate(isolate()->factory()->undefined_value()));
4601     // return value default
4602     __ push(Immediate(isolate()->factory()->undefined_value()));
4603   } else {
4604     // return value
4605     __ push(scratch);
4606     // return value default
4607     __ push(scratch);
4608   }
4609   // isolate
4610   __ push(Immediate(reinterpret_cast<int>(isolate())));
4611   // holder
4612   __ push(holder);
4613 
4614   __ mov(scratch, esp);
4615 
4616   // return address
4617   __ push(return_address);
4618 
4619   // API function gets reference to the v8::Arguments. If CPU profiler
4620   // is enabled wrapper function will be called and we need to pass
4621   // address of the callback as additional parameter, always allocate
4622   // space for it.
4623   const int kApiArgc = 1 + 1;
4624 
4625   // Allocate the v8::Arguments structure in the arguments' space since
4626   // it's not controlled by GC.
4627   const int kApiStackSpace = 4;
4628 
4629   __ PrepareCallApiFunction(kApiArgc + kApiStackSpace);
4630 
4631   // FunctionCallbackInfo::implicit_args_.
4632   __ mov(ApiParameterOperand(2), scratch);
4633   __ add(scratch, Immediate((argc + FCA::kArgsLength - 1) * kPointerSize));
4634   // FunctionCallbackInfo::values_.
4635   __ mov(ApiParameterOperand(3), scratch);
4636   // FunctionCallbackInfo::length_.
4637   __ Move(ApiParameterOperand(4), Immediate(argc));
4638   // FunctionCallbackInfo::is_construct_call_.
4639   __ Move(ApiParameterOperand(5), Immediate(0));
4640 
4641   // v8::InvocationCallback's argument.
4642   __ lea(scratch, ApiParameterOperand(2));
4643   __ mov(ApiParameterOperand(0), scratch);
4644 
4645   ExternalReference thunk_ref =
4646       ExternalReference::invoke_function_callback(isolate());
4647 
4648   Operand context_restore_operand(ebp,
4649                                   (2 + FCA::kContextSaveIndex) * kPointerSize);
4650   // Stores return the first js argument
4651   int return_value_offset = 0;
4652   if (is_store) {
4653     return_value_offset = 2 + FCA::kArgsLength;
4654   } else {
4655     return_value_offset = 2 + FCA::kReturnValueOffset;
4656   }
4657   Operand return_value_operand(ebp, return_value_offset * kPointerSize);
4658   __ CallApiFunctionAndReturn(api_function_address,
4659                               thunk_ref,
4660                               ApiParameterOperand(1),
4661                               argc + FCA::kArgsLength + 1,
4662                               return_value_operand,
4663                               &context_restore_operand);
4664 }
4665 
4666 
Generate(MacroAssembler * masm)4667 void CallApiGetterStub::Generate(MacroAssembler* masm) {
4668   // ----------- S t a t e -------------
4669   //  -- esp[0]                  : return address
4670   //  -- esp[4]                  : name
4671   //  -- esp[8 - kArgsLength*4]  : PropertyCallbackArguments object
4672   //  -- ...
4673   //  -- edx                    : api_function_address
4674   // -----------------------------------
4675   DCHECK(edx.is(ApiGetterDescriptor::function_address()));
4676 
4677   // array for v8::Arguments::values_, handler for name and pointer
4678   // to the values (it considered as smi in GC).
4679   const int kStackSpace = PropertyCallbackArguments::kArgsLength + 2;
4680   // Allocate space for opional callback address parameter in case
4681   // CPU profiler is active.
4682   const int kApiArgc = 2 + 1;
4683 
4684   Register api_function_address = edx;
4685   Register scratch = ebx;
4686 
4687   // load address of name
4688   __ lea(scratch, Operand(esp, 1 * kPointerSize));
4689 
4690   __ PrepareCallApiFunction(kApiArgc);
4691   __ mov(ApiParameterOperand(0), scratch);  // name.
4692   __ add(scratch, Immediate(kPointerSize));
4693   __ mov(ApiParameterOperand(1), scratch);  // arguments pointer.
4694 
4695   ExternalReference thunk_ref =
4696       ExternalReference::invoke_accessor_getter_callback(isolate());
4697 
4698   __ CallApiFunctionAndReturn(api_function_address,
4699                               thunk_ref,
4700                               ApiParameterOperand(2),
4701                               kStackSpace,
4702                               Operand(ebp, 7 * kPointerSize),
4703                               NULL);
4704 }
4705 
4706 
4707 #undef __
4708 
4709 } }  // namespace v8::internal
4710 
4711 #endif  // V8_TARGET_ARCH_IA32
4712