Upgrade V8 to version 4.9.385.28
https://chromium.googlesource.com/v8/v8/+/4.9.385.28
FPIIM-449
Change-Id: I4b2e74289d4bf3667f2f3dc8aa2e541f63e26eb4
diff --git a/src/compiler/js-inlining.cc b/src/compiler/js-inlining.cc
index d143382..99a1547 100644
--- a/src/compiler/js-inlining.cc
+++ b/src/compiler/js-inlining.cc
@@ -2,270 +2,187 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "src/ast.h"
-#include "src/ast-numbering.h"
-#include "src/compiler/access-builder.h"
+#include "src/compiler/js-inlining.h"
+
+#include "src/ast/ast.h"
+#include "src/ast/ast-numbering.h"
+#include "src/ast/scopes.h"
+#include "src/compiler.h"
+#include "src/compiler/all-nodes.h"
#include "src/compiler/ast-graph-builder.h"
#include "src/compiler/common-operator.h"
-#include "src/compiler/graph-inl.h"
-#include "src/compiler/graph-visualizer.h"
-#include "src/compiler/js-inlining.h"
-#include "src/compiler/js-intrinsic-builder.h"
+#include "src/compiler/graph-reducer.h"
#include "src/compiler/js-operator.h"
-#include "src/compiler/node-aux-data-inl.h"
#include "src/compiler/node-matchers.h"
-#include "src/compiler/node-properties-inl.h"
-#include "src/compiler/simplified-operator.h"
-#include "src/compiler/typer.h"
-#include "src/full-codegen.h"
-#include "src/parser.h"
-#include "src/rewriter.h"
-#include "src/scopes.h"
-
+#include "src/compiler/node-properties.h"
+#include "src/compiler/operator-properties.h"
+#include "src/isolate-inl.h"
+#include "src/parsing/parser.h"
+#include "src/parsing/rewriter.h"
namespace v8 {
namespace internal {
namespace compiler {
-class InlinerVisitor : public NullNodeVisitor {
- public:
- explicit InlinerVisitor(JSInliner* inliner) : inliner_(inliner) {}
+#define TRACE(...) \
+ do { \
+ if (FLAG_trace_turbo_inlining) PrintF(__VA_ARGS__); \
+ } while (false)
- void Post(Node* node) {
- switch (node->opcode()) {
- case IrOpcode::kJSCallFunction:
- inliner_->TryInlineJSCall(node);
- break;
- case IrOpcode::kJSCallRuntime:
- if (FLAG_turbo_inlining_intrinsics) {
- inliner_->TryInlineRuntimeCall(node);
- }
- break;
- default:
- break;
- }
+
+// Provides convenience accessors for the common layout of nodes having either
+// the {JSCallFunction} or the {JSCallConstruct} operator.
+class JSCallAccessor {
+ public:
+ explicit JSCallAccessor(Node* call) : call_(call) {
+ DCHECK(call->opcode() == IrOpcode::kJSCallFunction ||
+ call->opcode() == IrOpcode::kJSCallConstruct);
+ }
+
+ Node* target() {
+ // Both, {JSCallFunction} and {JSCallConstruct}, have same layout here.
+ return call_->InputAt(0);
+ }
+
+ Node* receiver() {
+ DCHECK_EQ(IrOpcode::kJSCallFunction, call_->opcode());
+ return call_->InputAt(1);
+ }
+
+ Node* new_target() {
+ DCHECK_EQ(IrOpcode::kJSCallConstruct, call_->opcode());
+ return call_->InputAt(formal_arguments() + 1);
+ }
+
+ Node* frame_state_before() {
+ return NodeProperties::GetFrameStateInput(call_, 1);
+ }
+
+ Node* frame_state_after() {
+ // Both, {JSCallFunction} and {JSCallConstruct}, have frame state after.
+ return NodeProperties::GetFrameStateInput(call_, 0);
+ }
+
+ int formal_arguments() {
+ // Both, {JSCallFunction} and {JSCallConstruct}, have two extra inputs:
+ // - JSCallConstruct: Includes target function and new target.
+ // - JSCallFunction: Includes target function and receiver.
+ return call_->op()->ValueInputCount() - 2;
}
private:
- JSInliner* inliner_;
+ Node* call_;
};
-void JSInliner::Inline() {
- InlinerVisitor visitor(this);
- jsgraph_->graph()->VisitNodeInputsFromEnd(&visitor);
-}
-
-
-// A facade on a JSFunction's graph to facilitate inlining. It assumes the
-// that the function graph has only one return statement, and provides
-// {UnifyReturn} to convert a function graph to that end.
-class Inlinee {
- public:
- Inlinee(Node* start, Node* end) : start_(start), end_(end) {}
-
- // Returns the last regular control node, that is
- // the last control node before the end node.
- Node* end_block() { return NodeProperties::GetControlInput(unique_return()); }
-
- // Return the effect output of the graph,
- // that is the effect input of the return statement of the inlinee.
- Node* effect_output() {
- return NodeProperties::GetEffectInput(unique_return());
- }
- // Return the value output of the graph,
- // that is the value input of the return statement of the inlinee.
- Node* value_output() {
- return NodeProperties::GetValueInput(unique_return(), 0);
- }
- // Return the unique return statement of the graph.
- Node* unique_return() {
- Node* unique_return = NodeProperties::GetControlInput(end_);
- DCHECK_EQ(IrOpcode::kReturn, unique_return->opcode());
- return unique_return;
- }
-
- // Counts JSFunction, Receiver, arguments, context but not effect, control.
- size_t total_parameters() { return start_->op()->ValueOutputCount(); }
-
- // Counts only formal parameters.
- size_t formal_parameters() {
- DCHECK_GE(total_parameters(), 3);
- return total_parameters() - 3;
- }
-
- // Inline this graph at {call}, use {jsgraph} and its zone to create
- // any new nodes.
- void InlineAtCall(JSGraph* jsgraph, Node* call);
-
- // Ensure that only a single return reaches the end node.
- static void UnifyReturn(JSGraph* jsgraph);
-
- private:
- Node* start_;
- Node* end_;
-};
-
-
-void Inlinee::UnifyReturn(JSGraph* jsgraph) {
- Graph* graph = jsgraph->graph();
-
- Node* final_merge = NodeProperties::GetControlInput(graph->end(), 0);
- if (final_merge->opcode() == IrOpcode::kReturn) {
- // nothing to do
- return;
- }
- DCHECK_EQ(IrOpcode::kMerge, final_merge->opcode());
-
- int predecessors = final_merge->op()->ControlInputCount();
-
- const Operator* op_phi = jsgraph->common()->Phi(kMachAnyTagged, predecessors);
- const Operator* op_ephi = jsgraph->common()->EffectPhi(predecessors);
-
- NodeVector values(jsgraph->zone());
- NodeVector effects(jsgraph->zone());
- // Iterate over all control flow predecessors,
- // which must be return statements.
- for (Edge edge : final_merge->input_edges()) {
- Node* input = edge.to();
- switch (input->opcode()) {
- case IrOpcode::kReturn:
- values.push_back(NodeProperties::GetValueInput(input, 0));
- effects.push_back(NodeProperties::GetEffectInput(input));
- edge.UpdateTo(NodeProperties::GetControlInput(input));
- input->RemoveAllInputs();
- break;
- default:
- UNREACHABLE();
- break;
- }
- }
- values.push_back(final_merge);
- effects.push_back(final_merge);
- Node* phi =
- graph->NewNode(op_phi, static_cast<int>(values.size()), &values.front());
- Node* ephi = graph->NewNode(op_ephi, static_cast<int>(effects.size()),
- &effects.front());
- Node* new_return =
- graph->NewNode(jsgraph->common()->Return(), phi, ephi, final_merge);
- graph->end()->ReplaceInput(0, new_return);
-}
-
-
-class CopyVisitor : public NullNodeVisitor {
+class CopyVisitor {
public:
CopyVisitor(Graph* source_graph, Graph* target_graph, Zone* temp_zone)
- : copies_(source_graph->NodeCount(), NULL, temp_zone),
- sentinels_(source_graph->NodeCount(), NULL, temp_zone),
+ : sentinel_op_(IrOpcode::kDead, Operator::kNoProperties, "Sentinel", 0, 0,
+ 0, 0, 0, 0),
+ sentinel_(target_graph->NewNode(&sentinel_op_)),
+ copies_(source_graph->NodeCount(), sentinel_, temp_zone),
source_graph_(source_graph),
target_graph_(target_graph),
- temp_zone_(temp_zone),
- sentinel_op_(IrOpcode::kDead, Operator::kNoProperties, "sentinel", 0, 0,
- 0, 0, 0, 0) {}
+ temp_zone_(temp_zone) {}
- void Post(Node* original) {
- NodeVector inputs(temp_zone_);
- for (Node* const node : original->inputs()) {
- inputs.push_back(GetCopy(node));
- }
-
- // Reuse the operator in the copy. This assumes that op lives in a zone
- // that lives longer than graph()'s zone.
- Node* copy =
- target_graph_->NewNode(original->op(), static_cast<int>(inputs.size()),
- (inputs.empty() ? NULL : &inputs.front()));
- copies_[original->id()] = copy;
- }
-
- Node* GetCopy(Node* original) {
- Node* copy = copies_[original->id()];
- if (copy == NULL) {
- copy = GetSentinel(original);
- }
- DCHECK_NE(NULL, copy);
- return copy;
- }
+ Node* GetCopy(Node* orig) { return copies_[orig->id()]; }
void CopyGraph() {
- source_graph_->VisitNodeInputsFromEnd(this);
- ReplaceSentinels();
+ NodeVector inputs(temp_zone_);
+ // TODO(bmeurer): AllNodes should be turned into something like
+ // Graph::CollectNodesReachableFromEnd() and the gray set stuff should be
+ // removed since it's only needed by the visualizer.
+ AllNodes all(temp_zone_, source_graph_);
+ // Copy all nodes reachable from end.
+ for (Node* orig : all.live) {
+ Node* copy = GetCopy(orig);
+ if (copy != sentinel_) {
+ // Mapping already exists.
+ continue;
+ }
+ // Copy the node.
+ inputs.clear();
+ for (Node* input : orig->inputs()) inputs.push_back(copies_[input->id()]);
+ copy = target_graph_->NewNode(orig->op(), orig->InputCount(),
+ inputs.empty() ? nullptr : &inputs[0]);
+ copies_[orig->id()] = copy;
+ }
+ // For missing inputs.
+ for (Node* orig : all.live) {
+ Node* copy = copies_[orig->id()];
+ for (int i = 0; i < copy->InputCount(); ++i) {
+ Node* input = copy->InputAt(i);
+ if (input == sentinel_) {
+ copy->ReplaceInput(i, GetCopy(orig->InputAt(i)));
+ }
+ }
+ }
}
- const NodeVector& copies() { return copies_; }
+ const NodeVector& copies() const { return copies_; }
private:
- void ReplaceSentinels() {
- for (NodeId id = 0; id < source_graph_->NodeCount(); ++id) {
- Node* sentinel = sentinels_[id];
- if (sentinel == NULL) continue;
- Node* copy = copies_[id];
- DCHECK_NE(NULL, copy);
- sentinel->ReplaceUses(copy);
- }
- }
-
- Node* GetSentinel(Node* original) {
- if (sentinels_[original->id()] == NULL) {
- sentinels_[original->id()] = target_graph_->NewNode(&sentinel_op_);
- }
- return sentinels_[original->id()];
- }
-
+ Operator const sentinel_op_;
+ Node* const sentinel_;
NodeVector copies_;
- NodeVector sentinels_;
- Graph* source_graph_;
- Graph* target_graph_;
- Zone* temp_zone_;
- Operator sentinel_op_;
+ Graph* const source_graph_;
+ Graph* const target_graph_;
+ Zone* const temp_zone_;
};
-void Inlinee::InlineAtCall(JSGraph* jsgraph, Node* call) {
+Reduction JSInliner::InlineCall(Node* call, Node* new_target, Node* context,
+ Node* frame_state, Node* start, Node* end) {
// The scheduler is smart enough to place our code; we just ensure {control}
- // becomes the control input of the start of the inlinee.
+ // becomes the control input of the start of the inlinee, and {effect} becomes
+ // the effect input of the start of the inlinee.
Node* control = NodeProperties::GetControlInput(call);
+ Node* effect = NodeProperties::GetEffectInput(call);
- // The inlinee uses the context from the JSFunction object. This will
- // also be the effect dependency for the inlinee as it produces an effect.
- SimplifiedOperatorBuilder simplified(jsgraph->zone());
- Node* context = jsgraph->graph()->NewNode(
- simplified.LoadField(AccessBuilder::ForJSFunctionContext()),
- NodeProperties::GetValueInput(call, 0),
- NodeProperties::GetEffectInput(call), control);
+ int const inlinee_new_target_index =
+ static_cast<int>(start->op()->ValueOutputCount()) - 3;
+ int const inlinee_arity_index =
+ static_cast<int>(start->op()->ValueOutputCount()) - 2;
+ int const inlinee_context_index =
+ static_cast<int>(start->op()->ValueOutputCount()) - 1;
- // Context is last argument.
- int inlinee_context_index = static_cast<int>(total_parameters()) - 1;
- // {inliner_inputs} counts JSFunction, Receiver, arguments, but not
- // context, effect, control.
+ // {inliner_inputs} counts JSFunction, receiver, arguments, but not
+ // new target value, argument count, context, effect or control.
int inliner_inputs = call->op()->ValueInputCount();
// Iterate over all uses of the start node.
- for (Edge edge : start_->use_edges()) {
+ for (Edge edge : start->use_edges()) {
Node* use = edge.from();
switch (use->opcode()) {
case IrOpcode::kParameter: {
- int index = 1 + OpParameter<int>(use->op());
- if (index < inliner_inputs && index < inlinee_context_index) {
+ int index = 1 + ParameterIndexOf(use->op());
+ DCHECK_LE(index, inlinee_context_index);
+ if (index < inliner_inputs && index < inlinee_new_target_index) {
// There is an input from the call, and the index is a value
// projection but not the context, so rewire the input.
- NodeProperties::ReplaceWithValue(use, call->InputAt(index));
+ Replace(use, call->InputAt(index));
+ } else if (index == inlinee_new_target_index) {
+ // The projection is requesting the new target value.
+ Replace(use, new_target);
+ } else if (index == inlinee_arity_index) {
+ // The projection is requesting the number of arguments.
+ Replace(use, jsgraph_->Int32Constant(inliner_inputs - 2));
} else if (index == inlinee_context_index) {
- // This is the context projection, rewire it to the context from the
- // JSFunction object.
- NodeProperties::ReplaceWithValue(use, context);
- } else if (index < inlinee_context_index) {
- // Call has fewer arguments than required, fill with undefined.
- NodeProperties::ReplaceWithValue(use, jsgraph->UndefinedConstant());
+ // The projection is requesting the inlinee function context.
+ Replace(use, context);
} else {
- // We got too many arguments, discard for now.
- // TODO(sigurds): Fix to treat arguments array correctly.
+ // Call has fewer arguments than required, fill with undefined.
+ Replace(use, jsgraph_->UndefinedConstant());
}
break;
}
default:
if (NodeProperties::IsEffectEdge(edge)) {
- edge.UpdateTo(context);
+ edge.UpdateTo(effect);
} else if (NodeProperties::IsControlEdge(edge)) {
edge.UpdateTo(control);
+ } else if (NodeProperties::IsFrameStateEdge(edge)) {
+ edge.UpdateTo(frame_state);
} else {
UNREACHABLE();
}
@@ -273,65 +190,69 @@
}
}
- NodeProperties::ReplaceWithValue(call, value_output(), effect_output());
- call->RemoveAllInputs();
- DCHECK_EQ(0, call->UseCount());
+ NodeVector values(local_zone_);
+ NodeVector effects(local_zone_);
+ NodeVector controls(local_zone_);
+ for (Node* const input : end->inputs()) {
+ switch (input->opcode()) {
+ case IrOpcode::kReturn:
+ values.push_back(NodeProperties::GetValueInput(input, 0));
+ effects.push_back(NodeProperties::GetEffectInput(input));
+ controls.push_back(NodeProperties::GetControlInput(input));
+ break;
+ case IrOpcode::kDeoptimize:
+ case IrOpcode::kTerminate:
+ case IrOpcode::kThrow:
+ NodeProperties::MergeControlToEnd(jsgraph_->graph(), jsgraph_->common(),
+ input);
+ break;
+ default:
+ UNREACHABLE();
+ break;
+ }
+ }
+ DCHECK_EQ(values.size(), effects.size());
+ DCHECK_EQ(values.size(), controls.size());
+
+ // Depending on whether the inlinee produces a value, we either replace value
+ // uses with said value or kill value uses if no value can be returned.
+ if (values.size() > 0) {
+ int const input_count = static_cast<int>(controls.size());
+ Node* control_output = jsgraph_->graph()->NewNode(
+ jsgraph_->common()->Merge(input_count), input_count, &controls.front());
+ values.push_back(control_output);
+ effects.push_back(control_output);
+ Node* value_output = jsgraph_->graph()->NewNode(
+ jsgraph_->common()->Phi(MachineRepresentation::kTagged, input_count),
+ static_cast<int>(values.size()), &values.front());
+ Node* effect_output = jsgraph_->graph()->NewNode(
+ jsgraph_->common()->EffectPhi(input_count),
+ static_cast<int>(effects.size()), &effects.front());
+ ReplaceWithValue(call, value_output, effect_output, control_output);
+ return Changed(value_output);
+ } else {
+ ReplaceWithValue(call, call, call, jsgraph_->Dead());
+ return Changed(call);
+ }
}
-// TODO(turbofan) Provide such accessors for every node, possibly even
-// generate them.
-class JSCallFunctionAccessor {
- public:
- explicit JSCallFunctionAccessor(Node* call) : call_(call) {
- DCHECK_EQ(IrOpcode::kJSCallFunction, call->opcode());
- }
+Node* JSInliner::CreateArtificialFrameState(Node* node, Node* outer_frame_state,
+ int parameter_count,
+ FrameStateType frame_state_type,
+ Handle<SharedFunctionInfo> shared) {
+ const FrameStateFunctionInfo* state_info =
+ jsgraph_->common()->CreateFrameStateFunctionInfo(
+ frame_state_type, parameter_count + 1, 0, shared,
+ CALL_MAINTAINS_NATIVE_CONTEXT);
- Node* jsfunction() { return call_->InputAt(0); }
-
- Node* receiver() { return call_->InputAt(1); }
-
- Node* formal_argument(size_t index) {
- DCHECK(index < formal_arguments());
- return call_->InputAt(static_cast<int>(2 + index));
- }
-
- size_t formal_arguments() {
- // {value_inputs} includes jsfunction and receiver.
- size_t value_inputs = call_->op()->ValueInputCount();
- DCHECK_GE(call_->InputCount(), 2);
- return value_inputs - 2;
- }
-
- Node* frame_state() { return NodeProperties::GetFrameStateInput(call_); }
-
- private:
- Node* call_;
-};
-
-
-void JSInliner::AddClosureToFrameState(Node* frame_state,
- Handle<JSFunction> jsfunction) {
- FrameStateCallInfo call_info = OpParameter<FrameStateCallInfo>(frame_state);
const Operator* op = jsgraph_->common()->FrameState(
- FrameStateType::JS_FRAME, call_info.bailout_id(),
- call_info.state_combine(), jsfunction);
- frame_state->set_op(op);
-}
-
-
-Node* JSInliner::CreateArgumentsAdaptorFrameState(JSCallFunctionAccessor* call,
- Handle<JSFunction> jsfunction,
- Zone* temp_zone) {
- const Operator* op = jsgraph_->common()->FrameState(
- FrameStateType::ARGUMENTS_ADAPTOR, BailoutId(-1),
- OutputFrameStateCombine::Ignore(), jsfunction);
+ BailoutId(-1), OutputFrameStateCombine::Ignore(), state_info);
const Operator* op0 = jsgraph_->common()->StateValues(0);
Node* node0 = jsgraph_->graph()->NewNode(op0);
- NodeVector params(temp_zone);
- params.push_back(call->receiver());
- for (size_t argument = 0; argument != call->formal_arguments(); ++argument) {
- params.push_back(call->formal_argument(argument));
+ NodeVector params(local_zone_);
+ for (int parameter = 0; parameter < parameter_count + 1; ++parameter) {
+ params.push_back(node->InputAt(1 + parameter));
}
const Operator* op_param =
jsgraph_->common()->StateValues(static_cast<int>(params.size()));
@@ -339,151 +260,261 @@
op_param, static_cast<int>(params.size()), ¶ms.front());
return jsgraph_->graph()->NewNode(op, params_node, node0, node0,
jsgraph_->UndefinedConstant(),
- call->frame_state());
+ node->InputAt(0), outer_frame_state);
}
-void JSInliner::TryInlineJSCall(Node* call_node) {
- JSCallFunctionAccessor call(call_node);
+namespace {
- HeapObjectMatcher<JSFunction> match(call.jsfunction());
- if (!match.HasValue()) {
- return;
+// TODO(mstarzinger,verwaest): Move this predicate onto SharedFunctionInfo?
+bool NeedsImplicitReceiver(Handle<JSFunction> function, Isolate* isolate) {
+ Code* construct_stub = function->shared()->construct_stub();
+ return construct_stub != *isolate->builtins()->JSBuiltinsConstructStub() &&
+ construct_stub != *isolate->builtins()->ConstructedNonConstructable();
+}
+
+} // namespace
+
+
+Reduction JSInliner::Reduce(Node* node) {
+ if (!IrOpcode::IsInlineeOpcode(node->opcode())) return NoChange();
+
+ // This reducer can handle both normal function calls as well a constructor
+ // calls whenever the target is a constant function object, as follows:
+ // - JSCallFunction(target:constant, receiver, args...)
+ // - JSCallConstruct(target:constant, args..., new.target)
+ HeapObjectMatcher match(node->InputAt(0));
+ if (!match.HasValue() || !match.Value()->IsJSFunction()) return NoChange();
+ Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
+
+ return ReduceJSCall(node, function);
+}
+
+
+Reduction JSInliner::ReduceJSCall(Node* node, Handle<JSFunction> function) {
+ DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
+ JSCallAccessor call(node);
+
+ // Function must be inlineable.
+ if (!function->shared()->IsInlineable()) {
+ TRACE("Not inlining %s into %s because callee is not inlineable\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
}
- Handle<JSFunction> function = match.Value().handle();
+ // Constructor must be constructable.
+ if (node->opcode() == IrOpcode::kJSCallConstruct &&
+ !function->IsConstructor()) {
+ TRACE("Not inlining %s into %s because constructor is not constructable.\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
+ }
- if (function->shared()->native()) {
- if (FLAG_trace_turbo_inlining) {
- SmartArrayPointer<char> name =
- function->shared()->DebugName()->ToCString();
- PrintF("Not Inlining %s into %s because inlinee is native\n", name.get(),
- info_->shared_info()->DebugName()->ToCString().get());
+ // Class constructors are callable, but [[Call]] will raise an exception.
+ // See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
+ if (node->opcode() == IrOpcode::kJSCallFunction &&
+ IsClassConstructor(function->shared()->kind())) {
+ TRACE("Not inlining %s into %s because callee is a class constructor.\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
+ }
+
+ // Function contains break points.
+ if (function->shared()->HasDebugInfo()) {
+ TRACE("Not inlining %s into %s because callee may contain break points\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
+ }
+
+ // Disallow cross native-context inlining for now. This means that all parts
+ // of the resulting code will operate on the same global object.
+ // This also prevents cross context leaks for asm.js code, where we could
+ // inline functions from a different context and hold on to that context (and
+ // closure) from the code object.
+ // TODO(turbofan): We might want to revisit this restriction later when we
+ // have a need for this, and we know how to model different native contexts
+ // in the same graph in a compositional way.
+ if (function->context()->native_context() !=
+ info_->context()->native_context()) {
+ TRACE("Not inlining %s into %s because of different native contexts\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
+ }
+
+ // TODO(turbofan): TranslatedState::GetAdaptedArguments() currently relies on
+ // not inlining recursive functions. We might want to relax that at some
+ // point.
+ for (Node* frame_state = call.frame_state_after();
+ frame_state->opcode() == IrOpcode::kFrameState;
+ frame_state = frame_state->InputAt(kFrameStateOuterStateInput)) {
+ FrameStateInfo const& info = OpParameter<FrameStateInfo>(frame_state);
+ Handle<SharedFunctionInfo> shared_info;
+ if (info.shared_info().ToHandle(&shared_info) &&
+ *shared_info == function->shared()) {
+ TRACE("Not inlining %s into %s because call is recursive\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
}
- return;
}
- CompilationInfoWithZone info(function);
- // TODO(wingo): ParseAndAnalyze can fail due to stack overflow.
- CHECK(Compiler::ParseAndAnalyze(&info));
- CHECK(Compiler::EnsureDeoptimizationSupport(&info));
+ // TODO(turbofan): Inlining into a try-block is not yet supported.
+ if (NodeProperties::IsExceptionalCall(node)) {
+ TRACE("Not inlining %s into %s because of surrounding try-block\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
+ }
- if (info.scope()->arguments() != NULL && info.strict_mode() != STRICT) {
- // For now do not inline functions that use their arguments array.
- SmartArrayPointer<char> name = function->shared()->DebugName()->ToCString();
- if (FLAG_trace_turbo_inlining) {
- PrintF(
- "Not Inlining %s into %s because inlinee uses arguments "
- "array\n",
- name.get(), info_->shared_info()->DebugName()->ToCString().get());
+ Zone zone;
+ ParseInfo parse_info(&zone, function);
+ CompilationInfo info(&parse_info);
+ if (info_->is_deoptimization_enabled()) {
+ info.MarkAsDeoptimizationEnabled();
+ }
+
+ if (!Compiler::ParseAndAnalyze(info.parse_info())) {
+ TRACE("Not inlining %s into %s because parsing failed\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ if (info_->isolate()->has_pending_exception()) {
+ info_->isolate()->clear_pending_exception();
}
- return;
+ return NoChange();
}
- if (FLAG_trace_turbo_inlining) {
- SmartArrayPointer<char> name = function->shared()->DebugName()->ToCString();
- PrintF("Inlining %s into %s\n", name.get(),
- info_->shared_info()->DebugName()->ToCString().get());
+ // In strong mode, in case of too few arguments we need to throw a TypeError
+ // so we must not inline this call.
+ int parameter_count = info.literal()->parameter_count();
+ if (is_strong(info.language_mode()) &&
+ call.formal_arguments() < parameter_count) {
+ TRACE("Not inlining %s into %s because too few arguments for strong mode\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
}
- Graph graph(info.zone());
- JSGraph jsgraph(&graph, jsgraph_->common(), jsgraph_->javascript(),
+ if (!Compiler::EnsureDeoptimizationSupport(&info)) {
+ TRACE("Not inlining %s into %s because deoptimization support failed\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+ return NoChange();
+ }
+ // Remember that we inlined this function. This needs to be called right
+ // after we ensure deoptimization support so that the code flusher
+ // does not remove the code with the deoptimization support.
+ info_->AddInlinedFunction(info.shared_info());
+
+ // ----------------------------------------------------------------
+ // After this point, we've made a decision to inline this function.
+ // We shall not bailout from inlining if we got here.
+
+ TRACE("Inlining %s into %s\n",
+ function->shared()->DebugName()->ToCString().get(),
+ info_->shared_info()->DebugName()->ToCString().get());
+
+ // TODO(mstarzinger): We could use the temporary zone for the graph because
+ // nodes are copied. This however leads to Zone-Types being allocated in the
+ // wrong zone and makes the engine explode at high speeds. Explosion bad!
+ Graph graph(jsgraph_->zone());
+ JSGraph jsgraph(info.isolate(), &graph, jsgraph_->common(),
+ jsgraph_->javascript(), jsgraph_->simplified(),
jsgraph_->machine());
-
AstGraphBuilder graph_builder(local_zone_, &info, &jsgraph);
- graph_builder.CreateGraph();
- Inlinee::UnifyReturn(&jsgraph);
+ graph_builder.CreateGraph(false);
- CopyVisitor visitor(&graph, jsgraph_->graph(), info.zone());
+ CopyVisitor visitor(&graph, jsgraph_->graph(), &zone);
visitor.CopyGraph();
- Inlinee inlinee(visitor.GetCopy(graph.start()), visitor.GetCopy(graph.end()));
+ Node* start = visitor.GetCopy(graph.start());
+ Node* end = visitor.GetCopy(graph.end());
+ Node* frame_state = call.frame_state_after();
+ Node* new_target = jsgraph_->UndefinedConstant();
- if (FLAG_turbo_deoptimization) {
- Node* outer_frame_state = call.frame_state();
- // Insert argument adaptor frame if required.
- if (call.formal_arguments() != inlinee.formal_parameters()) {
- outer_frame_state =
- CreateArgumentsAdaptorFrameState(&call, function, info.zone());
- }
-
- for (NodeVectorConstIter it = visitor.copies().begin();
- it != visitor.copies().end(); ++it) {
- Node* node = *it;
- if (node != NULL && node->opcode() == IrOpcode::kFrameState) {
- AddClosureToFrameState(node, function);
- NodeProperties::ReplaceFrameStateInput(node, outer_frame_state);
- }
- }
+ // Insert nodes around the call that model the behavior required for a
+ // constructor dispatch (allocate implicit receiver and check return value).
+ // This models the behavior usually accomplished by our {JSConstructStub}.
+ // Note that the context has to be the callers context (input to call node).
+ Node* receiver = jsgraph_->UndefinedConstant(); // Implicit receiver.
+ if (node->opcode() == IrOpcode::kJSCallConstruct &&
+ NeedsImplicitReceiver(function, info_->isolate())) {
+ Node* effect = NodeProperties::GetEffectInput(node);
+ Node* context = NodeProperties::GetContextInput(node);
+ Node* create = jsgraph_->graph()->NewNode(
+ jsgraph_->javascript()->Create(), call.target(), call.new_target(),
+ context, call.frame_state_before(), effect);
+ NodeProperties::ReplaceEffectInput(node, create);
+ // Insert a check of the return value to determine whether the return value
+ // or the implicit receiver should be selected as a result of the call.
+ Node* check = jsgraph_->graph()->NewNode(
+ jsgraph_->javascript()->CallRuntime(Runtime::kInlineIsJSReceiver, 1),
+ node, context, node, start);
+ Node* select = jsgraph_->graph()->NewNode(
+ jsgraph_->common()->Select(MachineRepresentation::kTagged), check, node,
+ create);
+ NodeProperties::ReplaceUses(node, select, check, node, node);
+ NodeProperties::ReplaceValueInput(select, node, 1);
+ NodeProperties::ReplaceValueInput(check, node, 0);
+ NodeProperties::ReplaceEffectInput(check, node);
+ receiver = create; // The implicit receiver.
}
- inlinee.InlineAtCall(jsgraph_, call_node);
+ // Swizzle the inputs of the {JSCallConstruct} node to look like inputs to a
+ // normal {JSCallFunction} node so that the rest of the inlining machinery
+ // behaves as if we were dealing with a regular function invocation.
+ if (node->opcode() == IrOpcode::kJSCallConstruct) {
+ new_target = call.new_target(); // Retrieve new target value input.
+ node->RemoveInput(call.formal_arguments() + 1); // Drop new target.
+ node->InsertInput(jsgraph_->graph()->zone(), 1, receiver);
+ // Insert a construct stub frame into the chain of frame states. This will
+ // reconstruct the proper frame when deoptimizing within the constructor.
+ frame_state = CreateArtificialFrameState(
+ node, frame_state, call.formal_arguments(),
+ FrameStateType::kConstructStub, info.shared_info());
+ }
+
+ // The inlinee specializes to the context from the JSFunction object.
+ // TODO(turbofan): We might want to load the context from the JSFunction at
+ // runtime in case we only know the SharedFunctionInfo once we have dynamic
+ // type feedback in the compiler.
+ Node* context = jsgraph_->Constant(handle(function->context()));
+
+ // Insert a JSConvertReceiver node for sloppy callees. Note that the context
+ // passed into this node has to be the callees context (loaded above). Note
+ // that the frame state passed to the JSConvertReceiver must be the frame
+ // state _before_ the call; it is not necessary to fiddle with the receiver
+ // in that frame state tho, as the conversion of the receiver can be repeated
+ // any number of times, it's not observable.
+ if (node->opcode() == IrOpcode::kJSCallFunction &&
+ is_sloppy(info.language_mode()) && !function->shared()->native()) {
+ const CallFunctionParameters& p = CallFunctionParametersOf(node->op());
+ Node* effect = NodeProperties::GetEffectInput(node);
+ Node* convert = jsgraph_->graph()->NewNode(
+ jsgraph_->javascript()->ConvertReceiver(p.convert_mode()),
+ call.receiver(), context, call.frame_state_before(), effect, start);
+ NodeProperties::ReplaceValueInput(node, convert, 1);
+ NodeProperties::ReplaceEffectInput(node, convert);
+ }
+
+ // Insert argument adaptor frame if required. The callees formal parameter
+ // count (i.e. value outputs of start node minus target, receiver, new target,
+ // arguments count and context) have to match the number of arguments passed
+ // to the call.
+ DCHECK_EQ(parameter_count, start->op()->ValueOutputCount() - 5);
+ if (call.formal_arguments() != parameter_count) {
+ frame_state = CreateArtificialFrameState(
+ node, frame_state, call.formal_arguments(),
+ FrameStateType::kArgumentsAdaptor, info.shared_info());
+ }
+
+ return InlineCall(node, new_target, context, frame_state, start, end);
}
-
-class JSCallRuntimeAccessor {
- public:
- explicit JSCallRuntimeAccessor(Node* call) : call_(call) {
- DCHECK_EQ(IrOpcode::kJSCallRuntime, call->opcode());
- }
-
- Node* formal_argument(size_t index) {
- DCHECK(index < formal_arguments());
- return call_->InputAt(static_cast<int>(index));
- }
-
- size_t formal_arguments() {
- size_t value_inputs = call_->op()->ValueInputCount();
- return value_inputs;
- }
-
- Node* frame_state() const {
- return NodeProperties::GetFrameStateInput(call_);
- }
- Node* context() const { return NodeProperties::GetContextInput(call_); }
- Node* control() const { return NodeProperties::GetControlInput(call_); }
- Node* effect() const { return NodeProperties::GetEffectInput(call_); }
-
- const Runtime::Function* function() const {
- return Runtime::FunctionForId(CallRuntimeParametersOf(call_->op()).id());
- }
-
- NodeVector inputs(Zone* zone) const {
- NodeVector inputs(zone);
- for (Node* const node : call_->inputs()) {
- inputs.push_back(node);
- }
- return inputs;
- }
-
- private:
- Node* call_;
-};
-
-
-void JSInliner::TryInlineRuntimeCall(Node* call_node) {
- JSCallRuntimeAccessor call(call_node);
- const Runtime::Function* f = call.function();
-
- if (f->intrinsic_type != Runtime::IntrinsicType::INLINE) {
- return;
- }
-
- JSIntrinsicBuilder intrinsic_builder(jsgraph_);
-
- ResultAndEffect r = intrinsic_builder.BuildGraphFor(
- f->function_id, call.inputs(jsgraph_->zone()));
-
- if (r.first != NULL) {
- if (FLAG_trace_turbo_inlining) {
- PrintF("Inlining %s into %s\n", f->name,
- info_->shared_info()->DebugName()->ToCString().get());
- }
- NodeProperties::ReplaceWithValue(call_node, r.first, r.second);
- call_node->RemoveAllInputs();
- DCHECK_EQ(0, call_node->UseCount());
- }
-}
-}
-}
-} // namespace v8::internal::compiler
+} // namespace compiler
+} // namespace internal
+} // namespace v8