Merge V8 5.3.332.45. DO NOT MERGE
Test: Manual
FPIIM-449
Change-Id: Id3254828b068abdea3cb10442e0172a8c9a98e03
(cherry picked from commit 13e2dadd00298019ed862f2b2fc5068bba730bcf)
diff --git a/src/code-stub-assembler.h b/src/code-stub-assembler.h
index 891fd24..f10e3ad 100644
--- a/src/code-stub-assembler.h
+++ b/src/code-stub-assembler.h
@@ -12,6 +12,8 @@
namespace internal {
class CallInterfaceDescriptor;
+class StatsCounter;
+class StubCache;
// Provides JavaScript-specific "macro-assembler" functionality on top of the
// CodeAssembler. By factoring the JavaScript-isms out of the CodeAssembler,
@@ -40,6 +42,8 @@
compiler::Node* NoContextConstant();
compiler::Node* NullConstant();
compiler::Node* UndefinedConstant();
+ compiler::Node* TheHoleConstant();
+ compiler::Node* HashSeed();
compiler::Node* StaleRegisterConstant();
// Float64 operations.
@@ -55,6 +59,7 @@
// Smi conversions.
compiler::Node* SmiToFloat64(compiler::Node* value);
+ compiler::Node* SmiFromWord(compiler::Node* value) { return SmiTag(value); }
compiler::Node* SmiFromWord32(compiler::Node* value);
compiler::Node* SmiToWord(compiler::Node* value) { return SmiUntag(value); }
compiler::Node* SmiToWord32(compiler::Node* value);
@@ -77,6 +82,8 @@
compiler::Node* InnerAllocate(compiler::Node* previous,
compiler::Node* offset);
+ void Assert(compiler::Node* condition);
+
// Check a value for smi-ness
compiler::Node* WordIsSmi(compiler::Node* a);
// Check that the value is a positive smi.
@@ -97,18 +104,33 @@
BranchIfFloat64Equal(value, value, if_false, if_true);
}
+ // Load value from current frame by given offset in bytes.
+ compiler::Node* LoadFromFrame(int offset,
+ MachineType rep = MachineType::AnyTagged());
+ // Load value from current parent frame by given offset in bytes.
+ compiler::Node* LoadFromParentFrame(
+ int offset, MachineType rep = MachineType::AnyTagged());
+
// Load an object pointer from a buffer that isn't in the heap.
compiler::Node* LoadBufferObject(compiler::Node* buffer, int offset,
MachineType rep = MachineType::AnyTagged());
// Load a field from an object on the heap.
compiler::Node* LoadObjectField(compiler::Node* object, int offset,
MachineType rep = MachineType::AnyTagged());
+ compiler::Node* LoadObjectField(compiler::Node* object,
+ compiler::Node* offset,
+ MachineType rep = MachineType::AnyTagged());
+
// Load the floating point value of a HeapNumber.
compiler::Node* LoadHeapNumberValue(compiler::Node* object);
// Load the Map of an HeapObject.
compiler::Node* LoadMap(compiler::Node* object);
// Load the instance type of an HeapObject.
compiler::Node* LoadInstanceType(compiler::Node* object);
+ // Checks that given heap object has given instance type.
+ void AssertInstanceType(compiler::Node* object, InstanceType instance_type);
+ // Load the properties backing store of a JSObject.
+ compiler::Node* LoadProperties(compiler::Node* object);
// Load the elements backing store of a JSObject.
compiler::Node* LoadElements(compiler::Node* object);
// Load the length of a fixed array base instance.
@@ -125,11 +147,25 @@
compiler::Node* LoadMapDescriptors(compiler::Node* map);
// Load the prototype of a map.
compiler::Node* LoadMapPrototype(compiler::Node* map);
-
- // Load the hash field of a name.
- compiler::Node* LoadNameHash(compiler::Node* name);
// Load the instance size of a Map.
compiler::Node* LoadMapInstanceSize(compiler::Node* map);
+ // Load the inobject properties count of a Map (valid only for JSObjects).
+ compiler::Node* LoadMapInobjectProperties(compiler::Node* map);
+
+ // Load the hash field of a name.
+ compiler::Node* LoadNameHashField(compiler::Node* name);
+ // Load the hash value of a name. If {if_hash_not_computed} label
+ // is specified then it also checks if hash is actually computed.
+ compiler::Node* LoadNameHash(compiler::Node* name,
+ Label* if_hash_not_computed = nullptr);
+
+ // Load length field of a String object.
+ compiler::Node* LoadStringLength(compiler::Node* object);
+ // Load value field of a JSValue object.
+ compiler::Node* LoadJSValueValue(compiler::Node* object);
+ // Load value field of a WeakCell object.
+ compiler::Node* LoadWeakCellValue(compiler::Node* weak_cell,
+ Label* if_cleared = nullptr);
compiler::Node* AllocateUninitializedFixedArray(compiler::Node* length);
@@ -138,6 +174,11 @@
compiler::Node* object, compiler::Node* int32_index,
int additional_offset = 0,
ParameterMode parameter_mode = INTEGER_PARAMETERS);
+ // Load an array element from a FixedDoubleArray.
+ compiler::Node* LoadFixedDoubleArrayElement(
+ compiler::Node* object, compiler::Node* int32_index,
+ MachineType machine_type, int additional_offset = 0,
+ ParameterMode parameter_mode = INTEGER_PARAMETERS);
// Context manipulation
compiler::Node* LoadNativeContext(compiler::Node* context);
@@ -173,8 +214,12 @@
compiler::Node* AllocateHeapNumberWithValue(compiler::Node* value);
// Allocate a SeqOneByteString with the given length.
compiler::Node* AllocateSeqOneByteString(int length);
+ compiler::Node* AllocateSeqOneByteString(compiler::Node* context,
+ compiler::Node* length);
// Allocate a SeqTwoByteString with the given length.
compiler::Node* AllocateSeqTwoByteString(int length);
+ compiler::Node* AllocateSeqTwoByteString(compiler::Node* context,
+ compiler::Node* length);
// Allocated an JSArray
compiler::Node* AllocateJSArray(ElementsKind kind, compiler::Node* array_map,
compiler::Node* capacity,
@@ -221,19 +266,95 @@
compiler::Node* BitFieldDecode(compiler::Node* word32, uint32_t shift,
uint32_t mask);
+ void SetCounter(StatsCounter* counter, int value);
+ void IncrementCounter(StatsCounter* counter, int delta);
+ void DecrementCounter(StatsCounter* counter, int delta);
+
// Various building blocks for stubs doing property lookups.
void TryToName(compiler::Node* key, Label* if_keyisindex, Variable* var_index,
- Label* if_keyisunique, Label* call_runtime);
+ Label* if_keyisunique, Label* if_bailout);
+ // Calculates array index for given dictionary entry and entry field.
+ // See Dictionary::EntryToIndex().
+ template <typename Dictionary>
+ compiler::Node* EntryToIndex(compiler::Node* entry, int field_index);
+ template <typename Dictionary>
+ compiler::Node* EntryToIndex(compiler::Node* entry) {
+ return EntryToIndex<Dictionary>(entry, Dictionary::kEntryKeyIndex);
+ }
+
+ // Looks up an entry in a NameDictionaryBase successor. If the entry is found
+ // control goes to {if_found} and {var_name_index} contains an index of the
+ // key field of the entry found. If the key is not found control goes to
+ // {if_not_found}.
+ static const int kInlinedDictionaryProbes = 4;
+ template <typename Dictionary>
+ void NameDictionaryLookup(compiler::Node* dictionary,
+ compiler::Node* unique_name, Label* if_found,
+ Variable* var_name_index, Label* if_not_found,
+ int inlined_probes = kInlinedDictionaryProbes);
+
+ compiler::Node* ComputeIntegerHash(compiler::Node* key, compiler::Node* seed);
+
+ template <typename Dictionary>
+ void NumberDictionaryLookup(compiler::Node* dictionary, compiler::Node* key,
+ Label* if_found, Variable* var_entry,
+ Label* if_not_found);
+
+ // Tries to check if {object} has own {unique_name} property.
+ void TryHasOwnProperty(compiler::Node* object, compiler::Node* map,
+ compiler::Node* instance_type,
+ compiler::Node* unique_name, Label* if_found,
+ Label* if_not_found, Label* if_bailout);
+
+ // Tries to get {object}'s own {unique_name} property value. If the property
+ // is an accessor then it also calls a getter. If the property is a double
+ // field it re-wraps value in an immutable heap number.
+ void TryGetOwnProperty(compiler::Node* context, compiler::Node* receiver,
+ compiler::Node* object, compiler::Node* map,
+ compiler::Node* instance_type,
+ compiler::Node* unique_name, Label* if_found,
+ Variable* var_value, Label* if_not_found,
+ Label* if_bailout);
+
+ void LoadPropertyFromFastObject(compiler::Node* object, compiler::Node* map,
+ compiler::Node* descriptors,
+ compiler::Node* name_index,
+ Variable* var_details, Variable* var_value);
+
+ void LoadPropertyFromNameDictionary(compiler::Node* dictionary,
+ compiler::Node* entry,
+ Variable* var_details,
+ Variable* var_value);
+
+ void LoadPropertyFromGlobalDictionary(compiler::Node* dictionary,
+ compiler::Node* entry,
+ Variable* var_details,
+ Variable* var_value, Label* if_deleted);
+
+ // Generic property lookup generator. If the {object} is fast and
+ // {unique_name} property is found then the control goes to {if_found_fast}
+ // label and {var_meta_storage} and {var_name_index} will contain
+ // DescriptorArray and an index of the descriptor's name respectively.
+ // If the {object} is slow or global then the control goes to {if_found_dict}
+ // or {if_found_global} and the {var_meta_storage} and {var_name_index} will
+ // contain a dictionary and an index of the key field of the found entry.
+ // If property is not found or given lookup is not supported then
+ // the control goes to {if_not_found} or {if_bailout} respectively.
+ //
+ // Note: this code does not check if the global dictionary points to deleted
+ // entry! This has to be done by the caller.
void TryLookupProperty(compiler::Node* object, compiler::Node* map,
- compiler::Node* instance_type, compiler::Node* name,
- Label* if_found, Label* if_not_found,
- Label* call_runtime);
+ compiler::Node* instance_type,
+ compiler::Node* unique_name, Label* if_found_fast,
+ Label* if_found_dict, Label* if_found_global,
+ Variable* var_meta_storage, Variable* var_name_index,
+ Label* if_not_found, Label* if_bailout);
void TryLookupElement(compiler::Node* object, compiler::Node* map,
compiler::Node* instance_type, compiler::Node* index,
Label* if_found, Label* if_not_found,
- Label* call_runtime);
+ Label* if_bailout);
// Instanceof helpers.
// ES6 section 7.3.19 OrdinaryHasInstance (C, O)
@@ -241,6 +362,66 @@
compiler::Node* callable,
compiler::Node* object);
+ // LoadIC helpers.
+ struct LoadICParameters {
+ LoadICParameters(compiler::Node* context, compiler::Node* receiver,
+ compiler::Node* name, compiler::Node* slot,
+ compiler::Node* vector)
+ : context(context),
+ receiver(receiver),
+ name(name),
+ slot(slot),
+ vector(vector) {}
+
+ compiler::Node* context;
+ compiler::Node* receiver;
+ compiler::Node* name;
+ compiler::Node* slot;
+ compiler::Node* vector;
+ };
+
+ // Load type feedback vector from the stub caller's frame.
+ compiler::Node* LoadTypeFeedbackVectorForStub();
+
+ compiler::Node* LoadReceiverMap(compiler::Node* receiver);
+
+ // Checks monomorphic case. Returns {feedback} entry of the vector.
+ compiler::Node* TryMonomorphicCase(const LoadICParameters* p,
+ compiler::Node* receiver_map,
+ Label* if_handler, Variable* var_handler,
+ Label* if_miss);
+ void HandlePolymorphicCase(const LoadICParameters* p,
+ compiler::Node* receiver_map,
+ compiler::Node* feedback, Label* if_handler,
+ Variable* var_handler, Label* if_miss,
+ int unroll_count);
+
+ compiler::Node* StubCachePrimaryOffset(compiler::Node* name,
+ Code::Flags flags,
+ compiler::Node* map);
+
+ compiler::Node* StubCacheSecondaryOffset(compiler::Node* name,
+ Code::Flags flags,
+ compiler::Node* seed);
+
+ // This enum is used here as a replacement for StubCache::Table to avoid
+ // including stub cache header.
+ enum StubCacheTable : int;
+
+ void TryProbeStubCacheTable(StubCache* stub_cache, StubCacheTable table_id,
+ compiler::Node* entry_offset,
+ compiler::Node* name, Code::Flags flags,
+ compiler::Node* map, Label* if_handler,
+ Variable* var_handler, Label* if_miss);
+
+ void TryProbeStubCache(StubCache* stub_cache, Code::Flags flags,
+ compiler::Node* receiver, compiler::Node* name,
+ Label* if_handler, Variable* var_handler,
+ Label* if_miss);
+
+ void LoadIC(const LoadICParameters* p);
+ void LoadGlobalIC(const LoadICParameters* p);
+
private:
compiler::Node* ElementOffsetFromIndex(compiler::Node* index,
ElementsKind kind, ParameterMode mode,
@@ -260,5 +441,4 @@
} // namespace internal
} // namespace v8
-
#endif // V8_CODE_STUB_ASSEMBLER_H_