1 // Copyright 2016 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_CODEGEN_CODE_STUB_ASSEMBLER_H_ 6 #define V8_CODEGEN_CODE_STUB_ASSEMBLER_H_ 7 8 #include <functional> 9 10 #include "src/base/macros.h" 11 #include "src/codegen/bailout-reason.h" 12 #include "src/common/globals.h" 13 #include "src/common/message-template.h" 14 #include "src/compiler/code-assembler.h" 15 #include "src/objects/api-callbacks.h" 16 #include "src/objects/arguments.h" 17 #include "src/objects/bigint.h" 18 #include "src/objects/cell.h" 19 #include "src/objects/descriptor-array.h" 20 #include "src/objects/embedder-data-array.h" 21 #include "src/objects/feedback-cell.h" 22 #include "src/objects/feedback-vector.h" 23 #include "src/objects/free-space.h" 24 #include "src/objects/js-break-iterator.h" 25 #include "src/objects/js-collator.h" 26 #include "src/objects/js-date-time-format.h" 27 #include "src/objects/js-display-names.h" 28 #include "src/objects/js-generator.h" 29 #include "src/objects/js-list-format.h" 30 #include "src/objects/js-locale.h" 31 #include "src/objects/js-number-format.h" 32 #include "src/objects/js-promise.h" 33 #include "src/objects/js-plural-rules.h" 34 #include "src/objects/js-regexp-string-iterator.h" 35 #include "src/objects/js-relative-time-format.h" 36 #include "src/objects/js-segment-iterator.h" 37 #include "src/objects/js-segmenter.h" 38 #include "src/objects/js-weak-refs.h" 39 #include "src/objects/literal-objects.h" 40 #include "src/objects/objects.h" 41 #include "src/objects/promise.h" 42 #include "src/objects/property-cell.h" 43 #include "src/objects/prototype-info.h" 44 #include "src/objects/regexp-match-info.h" 45 #include "src/objects/scope-info.h" 46 #include "src/objects/shared-function-info.h" 47 #include "src/objects/smi.h" 48 #include "src/objects/source-text-module.h" 49 #include "src/objects/stack-frame-info.h" 50 #include "src/objects/synthetic-module.h" 51 #include "src/objects/tagged-index.h" 52 #include "src/objects/templates.h" 53 #include "src/objects/template-objects.h" 54 #include "src/roots/roots.h" 55 #include "src/wasm/wasm-objects.h" 56 57 #include "torque-generated/exported-macros-assembler-tq.h" 58 59 namespace v8 { 60 namespace internal { 61 62 class CallInterfaceDescriptor; 63 class CodeStubArguments; 64 class CodeStubAssembler; 65 class StatsCounter; 66 class StubCache; 67 68 enum class PrimitiveType { kBoolean, kNumber, kString, kSymbol }; 69 70 #define HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(V) \ 71 V(ArrayIteratorProtector, array_iterator_protector, ArrayIteratorProtector) \ 72 V(ArraySpeciesProtector, array_species_protector, ArraySpeciesProtector) \ 73 V(MapIteratorProtector, map_iterator_protector, MapIteratorProtector) \ 74 V(NoElementsProtector, no_elements_protector, NoElementsProtector) \ 75 V(NumberStringCache, number_string_cache, NumberStringCache) \ 76 V(PromiseResolveProtector, promise_resolve_protector, \ 77 PromiseResolveProtector) \ 78 V(PromiseSpeciesProtector, promise_species_protector, \ 79 PromiseSpeciesProtector) \ 80 V(PromiseThenProtector, promise_then_protector, PromiseThenProtector) \ 81 V(RegExpSpeciesProtector, regexp_species_protector, RegExpSpeciesProtector) \ 82 V(SetIteratorProtector, set_iterator_protector, SetIteratorProtector) \ 83 V(SingleCharacterStringCache, single_character_string_cache, \ 84 SingleCharacterStringCache) \ 85 V(StringIteratorProtector, string_iterator_protector, \ 86 StringIteratorProtector) \ 87 V(TypedArraySpeciesProtector, typed_array_species_protector, \ 88 TypedArraySpeciesProtector) 89 90 #define TORQUE_INTERNAL_CLASS_LIST_CSA_ADAPTER(V, NAME, Name, name) \ 91 V(Name##Map, name##_map, Name##Map) 92 93 #define HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(V) \ 94 V(AccessorInfoMap, accessor_info_map, AccessorInfoMap) \ 95 V(AccessorPairMap, accessor_pair_map, AccessorPairMap) \ 96 V(AllocationMementoMap, allocation_memento_map, AllocationMementoMap) \ 97 V(AllocationSiteWithoutWeakNextMap, allocation_site_without_weaknext_map, \ 98 AllocationSiteWithoutWeakNextMap) \ 99 V(AllocationSiteWithWeakNextMap, allocation_site_map, AllocationSiteMap) \ 100 V(arguments_to_string, arguments_to_string, ArgumentsToString) \ 101 V(ArrayBoilerplateDescriptionMap, array_boilerplate_description_map, \ 102 ArrayBoilerplateDescriptionMap) \ 103 V(Array_string, Array_string, ArrayString) \ 104 V(array_to_string, array_to_string, ArrayToString) \ 105 V(BooleanMap, boolean_map, BooleanMap) \ 106 V(boolean_to_string, boolean_to_string, BooleanToString) \ 107 V(CellMap, cell_map, CellMap) \ 108 V(CodeMap, code_map, CodeMap) \ 109 V(ConsOneByteStringMap, cons_one_byte_string_map, ConsOneByteStringMap) \ 110 V(ConsStringMap, cons_string_map, ConsStringMap) \ 111 V(constructor_string, constructor_string, ConstructorString) \ 112 V(CoverageInfoMap, coverage_info_map, CoverageInfoMap) \ 113 V(date_to_string, date_to_string, DateToString) \ 114 V(default_string, default_string, DefaultString) \ 115 V(EmptyByteArray, empty_byte_array, EmptyByteArray) \ 116 V(EmptyFixedArray, empty_fixed_array, EmptyFixedArray) \ 117 V(EmptyPropertyDictionary, empty_property_dictionary, \ 118 EmptyPropertyDictionary) \ 119 V(EmptySlowElementDictionary, empty_slow_element_dictionary, \ 120 EmptySlowElementDictionary) \ 121 V(empty_string, empty_string, EmptyString) \ 122 V(error_to_string, error_to_string, ErrorToString) \ 123 V(FalseValue, false_value, False) \ 124 V(FeedbackVectorMap, feedback_vector_map, FeedbackVectorMap) \ 125 V(FixedArrayMap, fixed_array_map, FixedArrayMap) \ 126 V(FixedCOWArrayMap, fixed_cow_array_map, FixedCOWArrayMap) \ 127 V(FixedDoubleArrayMap, fixed_double_array_map, FixedDoubleArrayMap) \ 128 V(Function_string, function_string, FunctionString) \ 129 V(FunctionTemplateInfoMap, function_template_info_map, \ 130 FunctionTemplateInfoMap) \ 131 V(function_to_string, function_to_string, FunctionToString) \ 132 V(GlobalPropertyCellMap, global_property_cell_map, PropertyCellMap) \ 133 V(has_instance_symbol, has_instance_symbol, HasInstanceSymbol) \ 134 V(HeapNumberMap, heap_number_map, HeapNumberMap) \ 135 V(Infinity_string, Infinity_string, InfinityString) \ 136 V(is_concat_spreadable_symbol, is_concat_spreadable_symbol, \ 137 IsConcatSpreadableSymbol) \ 138 V(iterator_symbol, iterator_symbol, IteratorSymbol) \ 139 V(length_string, length_string, LengthString) \ 140 V(ManyClosuresCellMap, many_closures_cell_map, ManyClosuresCellMap) \ 141 V(match_symbol, match_symbol, MatchSymbol) \ 142 V(megamorphic_symbol, megamorphic_symbol, MegamorphicSymbol) \ 143 V(MetaMap, meta_map, MetaMap) \ 144 V(minus_Infinity_string, minus_Infinity_string, MinusInfinityString) \ 145 V(MinusZeroValue, minus_zero_value, MinusZero) \ 146 V(name_string, name_string, NameString) \ 147 V(NanValue, nan_value, Nan) \ 148 V(NaN_string, NaN_string, NaNString) \ 149 V(next_string, next_string, NextString) \ 150 V(NoClosuresCellMap, no_closures_cell_map, NoClosuresCellMap) \ 151 V(null_to_string, null_to_string, NullToString) \ 152 V(NullValue, null_value, Null) \ 153 V(number_string, number_string, numberString) \ 154 V(number_to_string, number_to_string, NumberToString) \ 155 V(Object_string, Object_string, ObjectString) \ 156 V(object_to_string, object_to_string, ObjectToString) \ 157 V(OneByteStringMap, one_byte_string_map, OneByteStringMap) \ 158 V(OneClosureCellMap, one_closure_cell_map, OneClosureCellMap) \ 159 V(OnePointerFillerMap, one_pointer_filler_map, OnePointerFillerMap) \ 160 V(PreparseDataMap, preparse_data_map, PreparseDataMap) \ 161 V(PromiseCapabilityMap, promise_capability_map, PromiseCapabilityMap) \ 162 V(promise_forwarding_handler_symbol, promise_forwarding_handler_symbol, \ 163 PromiseForwardingHandlerSymbol) \ 164 V(PromiseFulfillReactionJobTaskMap, promise_fulfill_reaction_job_task_map, \ 165 PromiseFulfillReactionJobTaskMap) \ 166 V(promise_handled_by_symbol, promise_handled_by_symbol, \ 167 PromiseHandledBySymbol) \ 168 V(PromiseReactionMap, promise_reaction_map, PromiseReactionMap) \ 169 V(PromiseRejectReactionJobTaskMap, promise_reject_reaction_job_task_map, \ 170 PromiseRejectReactionJobTaskMap) \ 171 V(PromiseResolveThenableJobTaskMap, promise_resolve_thenable_job_task_map, \ 172 PromiseResolveThenableJobTaskMap) \ 173 V(prototype_string, prototype_string, PrototypeString) \ 174 V(PrototypeInfoMap, prototype_info_map, PrototypeInfoMap) \ 175 V(replace_symbol, replace_symbol, ReplaceSymbol) \ 176 V(regexp_to_string, regexp_to_string, RegexpToString) \ 177 V(resolve_string, resolve_string, ResolveString) \ 178 V(return_string, return_string, ReturnString) \ 179 V(SharedFunctionInfoMap, shared_function_info_map, SharedFunctionInfoMap) \ 180 V(SloppyArgumentsElementsMap, sloppy_arguments_elements_map, \ 181 SloppyArgumentsElementsMap) \ 182 V(SmallOrderedHashSetMap, small_ordered_hash_set_map, \ 183 SmallOrderedHashSetMap) \ 184 V(SmallOrderedHashMapMap, small_ordered_hash_map_map, \ 185 SmallOrderedHashMapMap) \ 186 V(SmallOrderedNameDictionaryMap, small_ordered_name_dictionary_map, \ 187 SmallOrderedNameDictionaryMap) \ 188 V(species_symbol, species_symbol, SpeciesSymbol) \ 189 V(StaleRegister, stale_register, StaleRegister) \ 190 V(StoreHandler0Map, store_handler0_map, StoreHandler0Map) \ 191 V(string_string, string_string, StringString) \ 192 V(string_to_string, string_to_string, StringToString) \ 193 V(StringMap, string_map, StringMap) \ 194 V(SymbolMap, symbol_map, SymbolMap) \ 195 V(TheHoleValue, the_hole_value, TheHole) \ 196 V(then_string, then_string, ThenString) \ 197 V(to_string_tag_symbol, to_string_tag_symbol, ToStringTagSymbol) \ 198 V(TransitionArrayMap, transition_array_map, TransitionArrayMap) \ 199 V(TrueValue, true_value, True) \ 200 V(Tuple2Map, tuple2_map, Tuple2Map) \ 201 V(BreakPointMap, break_point_map, BreakPointMap) \ 202 V(BreakPointInfoMap, break_point_info_map, BreakPointInfoMap) \ 203 V(CachedTemplateObjectMap, cached_template_object_map, \ 204 CachedTemplateObjectMap) \ 205 V(UncompiledDataWithoutPreparseDataMap, \ 206 uncompiled_data_without_preparse_data_map, \ 207 UncompiledDataWithoutPreparseDataMap) \ 208 V(UncompiledDataWithPreparseDataMap, uncompiled_data_with_preparse_data_map, \ 209 UncompiledDataWithPreparseDataMap) \ 210 V(undefined_to_string, undefined_to_string, UndefinedToString) \ 211 V(UndefinedValue, undefined_value, Undefined) \ 212 V(uninitialized_symbol, uninitialized_symbol, UninitializedSymbol) \ 213 V(WeakFixedArrayMap, weak_fixed_array_map, WeakFixedArrayMap) \ 214 V(zero_string, zero_string, ZeroString) \ 215 TORQUE_INTERNAL_CLASS_LIST_GENERATOR(TORQUE_INTERNAL_CLASS_LIST_CSA_ADAPTER, \ 216 V) 217 218 #define HEAP_IMMOVABLE_OBJECT_LIST(V) \ 219 HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(V) \ 220 HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(V) 221 222 #ifdef DEBUG 223 #define CSA_CHECK(csa, x) \ 224 (csa)->Check([&]() -> TNode<BoolT> { return x; }, #x, __FILE__, __LINE__) 225 #else 226 #define CSA_CHECK(csa, x) (csa)->FastCheck(x) 227 #endif 228 229 #ifdef DEBUG 230 // CSA_ASSERT_ARGS generates an 231 // std::initializer_list<CodeStubAssembler::ExtraNode> from __VA_ARGS__. It 232 // currently supports between 0 and 2 arguments. 233 234 // clang-format off 235 #define CSA_ASSERT_0_ARGS(...) {} 236 #define CSA_ASSERT_1_ARG(a, ...) {{a, #a}} 237 #define CSA_ASSERT_2_ARGS(a, b, ...) {{a, #a}, {b, #b}} 238 // clang-format on 239 #define SWITCH_CSA_ASSERT_ARGS(dummy, a, b, FUNC, ...) FUNC(a, b) 240 #define CSA_ASSERT_ARGS(...) \ 241 CALL(SWITCH_CSA_ASSERT_ARGS, (, ##__VA_ARGS__, CSA_ASSERT_2_ARGS, \ 242 CSA_ASSERT_1_ARG, CSA_ASSERT_0_ARGS)) 243 // Workaround for MSVC to skip comma in empty __VA_ARGS__. 244 #define CALL(x, y) x y 245 246 // CSA_ASSERT(csa, <condition>, <extra values to print...>) 247 248 #define CSA_ASSERT(csa, condition_node, ...) \ 249 (csa)->Assert(condition_node, #condition_node, __FILE__, __LINE__, \ 250 CSA_ASSERT_ARGS(__VA_ARGS__)) 251 252 // CSA_ASSERT_BRANCH(csa, [](Label* ok, Label* not_ok) {...}, 253 // <extra values to print...>) 254 255 #define CSA_ASSERT_BRANCH(csa, gen, ...) \ 256 (csa)->Assert(gen, #gen, __FILE__, __LINE__, CSA_ASSERT_ARGS(__VA_ARGS__)) 257 258 #define CSA_ASSERT_JS_ARGC_OP(csa, Op, op, expected) \ 259 (csa)->Assert( \ 260 [&]() -> TNode<BoolT> { \ 261 const TNode<Word32T> argc = UncheckedCast<Word32T>( \ 262 (csa)->Parameter(Descriptor::kJSActualArgumentsCount)); \ 263 return (csa)->Op(argc, (csa)->Int32Constant(expected)); \ 264 }, \ 265 "argc " #op " " #expected, __FILE__, __LINE__, \ 266 {{SmiFromInt32((csa)->Parameter(Descriptor::kJSActualArgumentsCount)), \ 267 "argc"}}) 268 269 #define CSA_ASSERT_JS_ARGC_EQ(csa, expected) \ 270 CSA_ASSERT_JS_ARGC_OP(csa, Word32Equal, ==, expected) 271 272 #define CSA_DEBUG_INFO(name) \ 273 { #name, __FILE__, __LINE__ } 274 #define BIND(label) Bind(label, CSA_DEBUG_INFO(label)) 275 #define VARIABLE(name, ...) \ 276 Variable name(this, CSA_DEBUG_INFO(name), __VA_ARGS__) 277 #define VARIABLE_CONSTRUCTOR(name, ...) \ 278 name(this, CSA_DEBUG_INFO(name), __VA_ARGS__) 279 #define TYPED_VARIABLE_DEF(type, name, ...) \ 280 TVariable<type> name(CSA_DEBUG_INFO(name), __VA_ARGS__) 281 #define TYPED_VARIABLE_CONSTRUCTOR(name, ...) \ 282 name(CSA_DEBUG_INFO(name), __VA_ARGS__) 283 #else // DEBUG 284 #define CSA_ASSERT(csa, ...) ((void)0) 285 #define CSA_ASSERT_BRANCH(csa, ...) ((void)0) 286 #define CSA_ASSERT_JS_ARGC_EQ(csa, expected) ((void)0) 287 #define BIND(label) Bind(label) 288 #define VARIABLE(name, ...) Variable name(this, __VA_ARGS__) 289 #define VARIABLE_CONSTRUCTOR(name, ...) name(this, __VA_ARGS__) 290 #define TYPED_VARIABLE_DEF(type, name, ...) TVariable<type> name(__VA_ARGS__) 291 #define TYPED_VARIABLE_CONSTRUCTOR(name, ...) name(__VA_ARGS__) 292 #endif // DEBUG 293 294 #define TVARIABLE(...) EXPAND(TYPED_VARIABLE_DEF(__VA_ARGS__, this)) 295 #define TVARIABLE_CONSTRUCTOR(...) \ 296 EXPAND(TYPED_VARIABLE_CONSTRUCTOR(__VA_ARGS__, this)) 297 298 #ifdef ENABLE_SLOW_DCHECKS 299 #define CSA_SLOW_ASSERT(csa, ...) \ 300 if (FLAG_enable_slow_asserts) { \ 301 CSA_ASSERT(csa, __VA_ARGS__); \ 302 } 303 #else 304 #define CSA_SLOW_ASSERT(csa, ...) ((void)0) 305 #endif 306 307 // Provides JavaScript-specific "macro-assembler" functionality on top of the 308 // CodeAssembler. By factoring the JavaScript-isms out of the CodeAssembler, 309 // it's possible to add JavaScript-specific useful CodeAssembler "macros" 310 // without modifying files in the compiler directory (and requiring a review 311 // from a compiler directory OWNER). 312 class V8_EXPORT_PRIVATE CodeStubAssembler 313 : public compiler::CodeAssembler, 314 public TorqueGeneratedExportedMacrosAssembler { 315 public: 316 using Node = compiler::Node; 317 using ScopedExceptionHandler = compiler::ScopedExceptionHandler; 318 319 template <typename T> 320 using LazyNode = std::function<TNode<T>()>; 321 322 explicit CodeStubAssembler(compiler::CodeAssemblerState* state); 323 324 enum AllocationFlag : uint8_t { 325 kNone = 0, 326 kDoubleAlignment = 1, 327 kPretenured = 1 << 1, 328 kAllowLargeObjectAllocation = 1 << 2, 329 }; 330 331 enum SlackTrackingMode { kWithSlackTracking, kNoSlackTracking }; 332 333 using AllocationFlags = base::Flags<AllocationFlag>; 334 335 enum ParameterMode { SMI_PARAMETERS, INTPTR_PARAMETERS }; 336 337 // On 32-bit platforms, there is a slight performance advantage to doing all 338 // of the array offset/index arithmetic with SMIs, since it's possible 339 // to save a few tag/untag operations without paying an extra expense when 340 // calculating array offset (the smi math can be folded away) and there are 341 // fewer live ranges. Thus only convert indices to untagged value on 64-bit 342 // platforms. OptimalParameterMode()343 ParameterMode OptimalParameterMode() const { 344 #if defined(BINT_IS_SMI) 345 return SMI_PARAMETERS; 346 #elif defined(BINT_IS_INTPTR) 347 return INTPTR_PARAMETERS; 348 #else 349 #error Unknown BInt type. 350 #endif 351 } 352 ParameterRepresentation(ParameterMode mode)353 MachineRepresentation ParameterRepresentation(ParameterMode mode) const { 354 return mode == INTPTR_PARAMETERS ? MachineType::PointerRepresentation() 355 : MachineRepresentation::kTaggedSigned; 356 } 357 OptimalParameterRepresentation()358 MachineRepresentation OptimalParameterRepresentation() const { 359 return ParameterRepresentation(OptimalParameterMode()); 360 } 361 ParameterToIntPtr(TNode<Smi> value)362 TNode<IntPtrT> ParameterToIntPtr(TNode<Smi> value) { return SmiUntag(value); } ParameterToIntPtr(TNode<IntPtrT> value)363 TNode<IntPtrT> ParameterToIntPtr(TNode<IntPtrT> value) { return value; } 364 // TODO(v8:9708): remove once all uses are ported. ParameterToIntPtr(Node * value,ParameterMode mode)365 TNode<IntPtrT> ParameterToIntPtr(Node* value, ParameterMode mode) { 366 if (mode == SMI_PARAMETERS) value = SmiUntag(value); 367 return UncheckedCast<IntPtrT>(value); 368 } 369 370 template <typename TIndex> 371 TNode<TIndex> IntPtrToParameter(TNode<IntPtrT> value); 372 IntPtrToParameter(SloppyTNode<IntPtrT> value,ParameterMode mode)373 Node* IntPtrToParameter(SloppyTNode<IntPtrT> value, ParameterMode mode) { 374 if (mode == SMI_PARAMETERS) return SmiTag(value); 375 return value; 376 } 377 Int32ToParameter(SloppyTNode<Int32T> value,ParameterMode mode)378 Node* Int32ToParameter(SloppyTNode<Int32T> value, ParameterMode mode) { 379 return IntPtrToParameter(ChangeInt32ToIntPtr(value), mode); 380 } 381 ParameterToTagged(Node * value,ParameterMode mode)382 TNode<Smi> ParameterToTagged(Node* value, ParameterMode mode) { 383 if (mode != SMI_PARAMETERS) return SmiTag(value); 384 return UncheckedCast<Smi>(value); 385 } 386 TaggedToParameter(SloppyTNode<Smi> value,ParameterMode mode)387 Node* TaggedToParameter(SloppyTNode<Smi> value, ParameterMode mode) { 388 if (mode != SMI_PARAMETERS) return SmiUntag(value); 389 return value; 390 } 391 ToParameterConstant(Node * node,intptr_t * out,ParameterMode mode)392 bool ToParameterConstant(Node* node, intptr_t* out, ParameterMode mode) { 393 if (mode == ParameterMode::SMI_PARAMETERS) { 394 Smi constant; 395 if (ToSmiConstant(node, &constant)) { 396 *out = static_cast<intptr_t>(constant.value()); 397 return true; 398 } 399 } else { 400 DCHECK_EQ(mode, ParameterMode::INTPTR_PARAMETERS); 401 intptr_t constant; 402 if (ToIntPtrConstant(node, &constant)) { 403 *out = constant; 404 return true; 405 } 406 } 407 408 return false; 409 } 410 411 #if defined(BINT_IS_SMI) BIntToSmi(TNode<BInt> source)412 TNode<Smi> BIntToSmi(TNode<BInt> source) { return source; } BIntToIntPtr(TNode<BInt> source)413 TNode<IntPtrT> BIntToIntPtr(TNode<BInt> source) { 414 return SmiToIntPtr(source); 415 } SmiToBInt(TNode<Smi> source)416 TNode<BInt> SmiToBInt(TNode<Smi> source) { return source; } IntPtrToBInt(TNode<IntPtrT> source)417 TNode<BInt> IntPtrToBInt(TNode<IntPtrT> source) { 418 return SmiFromIntPtr(source); 419 } 420 #elif defined(BINT_IS_INTPTR) BIntToSmi(TNode<BInt> source)421 TNode<Smi> BIntToSmi(TNode<BInt> source) { return SmiFromIntPtr(source); } BIntToIntPtr(TNode<BInt> source)422 TNode<IntPtrT> BIntToIntPtr(TNode<BInt> source) { return source; } SmiToBInt(TNode<Smi> source)423 TNode<BInt> SmiToBInt(TNode<Smi> source) { return SmiToIntPtr(source); } IntPtrToBInt(TNode<IntPtrT> source)424 TNode<BInt> IntPtrToBInt(TNode<IntPtrT> source) { return source; } 425 #else 426 #error Unknown architecture. 427 #endif 428 429 TNode<IntPtrT> TaggedIndexToIntPtr(TNode<TaggedIndex> value); 430 TNode<TaggedIndex> IntPtrToTaggedIndex(TNode<IntPtrT> value); 431 // TODO(v8:10047): Get rid of these convertions eventually. 432 TNode<Smi> TaggedIndexToSmi(TNode<TaggedIndex> value); 433 TNode<TaggedIndex> SmiToTaggedIndex(TNode<Smi> value); 434 435 // Pointer compression specific. Returns true if the upper 32 bits of a Smi 436 // contain the sign of a lower 32 bits (i.e. not corrupted) so that the Smi 437 // can be directly used as an index in element offset computation. 438 TNode<BoolT> IsValidSmiIndex(TNode<Smi> smi); 439 440 // Pointer compression specific. Ensures that the upper 32 bits of a Smi 441 // contain the sign of a lower 32 bits so that the Smi can be directly used 442 // as an index in element offset computation. 443 TNode<Smi> NormalizeSmiIndex(TNode<Smi> smi_index); 444 TaggedToSmi(TNode<Object> value,Label * fail)445 TNode<Smi> TaggedToSmi(TNode<Object> value, Label* fail) { 446 GotoIf(TaggedIsNotSmi(value), fail); 447 return UncheckedCast<Smi>(value); 448 } 449 TaggedToPositiveSmi(TNode<Object> value,Label * fail)450 TNode<Smi> TaggedToPositiveSmi(TNode<Object> value, Label* fail) { 451 GotoIfNot(TaggedIsPositiveSmi(value), fail); 452 return UncheckedCast<Smi>(value); 453 } 454 455 TNode<String> TaggedToDirectString(TNode<Object> value, Label* fail); 456 TaggedToNumber(TNode<Object> value,Label * fail)457 TNode<Number> TaggedToNumber(TNode<Object> value, Label* fail) { 458 GotoIfNot(IsNumber(value), fail); 459 return UncheckedCast<Number>(value); 460 } 461 TaggedToHeapObject(TNode<Object> value,Label * fail)462 TNode<HeapObject> TaggedToHeapObject(TNode<Object> value, Label* fail) { 463 GotoIf(TaggedIsSmi(value), fail); 464 return UncheckedCast<HeapObject>(value); 465 } 466 HeapObjectToJSArray(TNode<HeapObject> heap_object,Label * fail)467 TNode<JSArray> HeapObjectToJSArray(TNode<HeapObject> heap_object, 468 Label* fail) { 469 GotoIfNot(IsJSArray(heap_object), fail); 470 return UncheckedCast<JSArray>(heap_object); 471 } 472 HeapObjectToJSArrayBuffer(TNode<HeapObject> heap_object,Label * fail)473 TNode<JSArrayBuffer> HeapObjectToJSArrayBuffer(TNode<HeapObject> heap_object, 474 Label* fail) { 475 GotoIfNot(IsJSArrayBuffer(heap_object), fail); 476 return UncheckedCast<JSArrayBuffer>(heap_object); 477 } 478 TaggedToFastJSArray(TNode<Context> context,TNode<Object> value,Label * fail)479 TNode<JSArray> TaggedToFastJSArray(TNode<Context> context, 480 TNode<Object> value, Label* fail) { 481 GotoIf(TaggedIsSmi(value), fail); 482 TNode<HeapObject> heap_object = CAST(value); 483 GotoIfNot(IsFastJSArray(heap_object, context), fail); 484 return UncheckedCast<JSArray>(heap_object); 485 } 486 HeapObjectToJSDataView(TNode<HeapObject> heap_object,Label * fail)487 TNode<JSDataView> HeapObjectToJSDataView(TNode<HeapObject> heap_object, 488 Label* fail) { 489 GotoIfNot(IsJSDataView(heap_object), fail); 490 return CAST(heap_object); 491 } 492 HeapObjectToJSProxy(TNode<HeapObject> heap_object,Label * fail)493 TNode<JSProxy> HeapObjectToJSProxy(TNode<HeapObject> heap_object, 494 Label* fail) { 495 GotoIfNot(IsJSProxy(heap_object), fail); 496 return CAST(heap_object); 497 } 498 HeapObjectToJSStringIterator(TNode<HeapObject> heap_object,Label * fail)499 TNode<JSStringIterator> HeapObjectToJSStringIterator( 500 TNode<HeapObject> heap_object, Label* fail) { 501 GotoIfNot(IsJSStringIterator(heap_object), fail); 502 return CAST(heap_object); 503 } 504 HeapObjectToCallable(TNode<HeapObject> heap_object,Label * fail)505 TNode<JSReceiver> HeapObjectToCallable(TNode<HeapObject> heap_object, 506 Label* fail) { 507 GotoIfNot(IsCallable(heap_object), fail); 508 return CAST(heap_object); 509 } 510 HeapObjectToString(TNode<HeapObject> heap_object,Label * fail)511 TNode<String> HeapObjectToString(TNode<HeapObject> heap_object, Label* fail) { 512 GotoIfNot(IsString(heap_object), fail); 513 return CAST(heap_object); 514 } 515 HeapObjectToConstructor(TNode<HeapObject> heap_object,Label * fail)516 TNode<JSReceiver> HeapObjectToConstructor(TNode<HeapObject> heap_object, 517 Label* fail) { 518 GotoIfNot(IsConstructor(heap_object), fail); 519 return CAST(heap_object); 520 } 521 HeapObjectToJSFunctionWithPrototypeSlot(TNode<HeapObject> heap_object,Label * fail)522 TNode<JSFunction> HeapObjectToJSFunctionWithPrototypeSlot( 523 TNode<HeapObject> heap_object, Label* fail) { 524 GotoIfNot(IsJSFunctionWithPrototypeSlot(heap_object), fail); 525 return CAST(heap_object); 526 } 527 528 Node* MatchesParameterMode(Node* value, ParameterMode mode); 529 530 #define PARAMETER_BINOP(OpName, IntPtrOpName, SmiOpName) \ 531 /* TODO(v8:9708): remove once all uses are ported. */ \ 532 Node* OpName(Node* a, Node* b, ParameterMode mode) { \ 533 if (mode == SMI_PARAMETERS) { \ 534 return SmiOpName(CAST(a), CAST(b)); \ 535 } else { \ 536 DCHECK_EQ(INTPTR_PARAMETERS, mode); \ 537 return IntPtrOpName(UncheckedCast<IntPtrT>(a), \ 538 UncheckedCast<IntPtrT>(b)); \ 539 } \ 540 } \ 541 TNode<Smi> OpName(TNode<Smi> a, TNode<Smi> b) { return SmiOpName(a, b); } \ 542 TNode<IntPtrT> OpName(TNode<IntPtrT> a, TNode<IntPtrT> b) { \ 543 return IntPtrOpName(a, b); \ 544 } \ 545 TNode<UintPtrT> OpName(TNode<UintPtrT> a, TNode<UintPtrT> b) { \ 546 return Unsigned(IntPtrOpName(Signed(a), Signed(b))); \ 547 } \ 548 TNode<RawPtrT> OpName(TNode<RawPtrT> a, TNode<RawPtrT> b) { \ 549 return ReinterpretCast<RawPtrT>(IntPtrOpName( \ 550 ReinterpretCast<IntPtrT>(a), ReinterpretCast<IntPtrT>(b))); \ 551 } 552 // TODO(v8:9708): Define BInt operations once all uses are ported. PARAMETER_BINOP(IntPtrOrSmiMin,IntPtrMin,SmiMin)553 PARAMETER_BINOP(IntPtrOrSmiMin, IntPtrMin, SmiMin) 554 PARAMETER_BINOP(IntPtrOrSmiAdd, IntPtrAdd, SmiAdd) 555 PARAMETER_BINOP(IntPtrOrSmiSub, IntPtrSub, SmiSub) 556 #undef PARAMETER_BINOP 557 558 #define PARAMETER_BINOP(OpName, IntPtrOpName, SmiOpName) \ 559 /* TODO(v8:9708): remove once all uses are ported. */ \ 560 TNode<BoolT> OpName(Node* a, Node* b, ParameterMode mode) { \ 561 if (mode == SMI_PARAMETERS) { \ 562 return SmiOpName(CAST(a), CAST(b)); \ 563 } else { \ 564 DCHECK_EQ(INTPTR_PARAMETERS, mode); \ 565 return IntPtrOpName(UncheckedCast<IntPtrT>(a), \ 566 UncheckedCast<IntPtrT>(b)); \ 567 } \ 568 } \ 569 TNode<BoolT> OpName(TNode<Smi> a, TNode<Smi> b) { return SmiOpName(a, b); } \ 570 TNode<BoolT> OpName(TNode<IntPtrT> a, TNode<IntPtrT> b) { \ 571 return IntPtrOpName(a, b); \ 572 } \ 573 TNode<BoolT> OpName(TNode<UintPtrT> a, TNode<UintPtrT> b) { \ 574 return IntPtrOpName(Signed(a), Signed(b)); \ 575 } \ 576 TNode<BoolT> OpName(TNode<RawPtrT> a, TNode<RawPtrT> b) { \ 577 return IntPtrOpName(a, b); \ 578 } 579 // TODO(v8:9708): Define BInt operations once all uses are ported. 580 PARAMETER_BINOP(IntPtrOrSmiEqual, WordEqual, SmiEqual) 581 PARAMETER_BINOP(IntPtrOrSmiNotEqual, WordNotEqual, SmiNotEqual) 582 PARAMETER_BINOP(IntPtrOrSmiLessThan, IntPtrLessThan, SmiLessThan) 583 PARAMETER_BINOP(IntPtrOrSmiLessThanOrEqual, IntPtrLessThanOrEqual, 584 SmiLessThanOrEqual) 585 PARAMETER_BINOP(IntPtrOrSmiGreaterThan, IntPtrGreaterThan, SmiGreaterThan) 586 PARAMETER_BINOP(IntPtrOrSmiGreaterThanOrEqual, IntPtrGreaterThanOrEqual, 587 SmiGreaterThanOrEqual) 588 PARAMETER_BINOP(UintPtrOrSmiLessThan, UintPtrLessThan, SmiBelow) 589 PARAMETER_BINOP(UintPtrOrSmiGreaterThanOrEqual, UintPtrGreaterThanOrEqual, 590 SmiAboveOrEqual) 591 #undef PARAMETER_BINOP 592 593 uintptr_t ConstexprUintPtrShl(uintptr_t a, int32_t b) { return a << b; } ConstexprUintPtrShr(uintptr_t a,int32_t b)594 uintptr_t ConstexprUintPtrShr(uintptr_t a, int32_t b) { return a >> b; } ConstexprIntPtrAdd(intptr_t a,intptr_t b)595 intptr_t ConstexprIntPtrAdd(intptr_t a, intptr_t b) { return a + b; } ConstexprUintPtrAdd(uintptr_t a,uintptr_t b)596 uintptr_t ConstexprUintPtrAdd(uintptr_t a, uintptr_t b) { return a + b; } ConstexprWordNot(intptr_t a)597 intptr_t ConstexprWordNot(intptr_t a) { return ~a; } ConstexprWordNot(uintptr_t a)598 uintptr_t ConstexprWordNot(uintptr_t a) { return ~a; } 599 TaggedEqual(TNode<AnyTaggedT> a,TNode<AnyTaggedT> b)600 TNode<BoolT> TaggedEqual(TNode<AnyTaggedT> a, TNode<AnyTaggedT> b) { 601 if (COMPRESS_POINTERS_BOOL) { 602 return Word32Equal(ReinterpretCast<Word32T>(a), 603 ReinterpretCast<Word32T>(b)); 604 } else { 605 return WordEqual(ReinterpretCast<WordT>(a), ReinterpretCast<WordT>(b)); 606 } 607 } 608 TaggedNotEqual(TNode<AnyTaggedT> a,TNode<AnyTaggedT> b)609 TNode<BoolT> TaggedNotEqual(TNode<AnyTaggedT> a, TNode<AnyTaggedT> b) { 610 return Word32BinaryNot(TaggedEqual(a, b)); 611 } 612 613 TNode<Smi> NoContextConstant(); 614 615 #define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name) \ 616 TNode<std::remove_pointer<std::remove_reference<decltype( \ 617 std::declval<ReadOnlyRoots>().rootAccessorName())>::type>::type> \ 618 name##Constant(); 619 HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_ACCESSOR) 620 #undef HEAP_CONSTANT_ACCESSOR 621 622 #define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name) \ 623 TNode<std::remove_pointer<std::remove_reference<decltype( \ 624 std::declval<Heap>().rootAccessorName())>::type>::type> \ 625 name##Constant(); 626 HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_ACCESSOR) 627 #undef HEAP_CONSTANT_ACCESSOR 628 629 #define HEAP_CONSTANT_TEST(rootIndexName, rootAccessorName, name) \ 630 TNode<BoolT> Is##name(SloppyTNode<Object> value); \ 631 TNode<BoolT> IsNot##name(SloppyTNode<Object> value); 632 HEAP_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_TEST) 633 #undef HEAP_CONSTANT_TEST 634 635 TNode<BInt> BIntConstant(int value); 636 637 template <typename TIndex> 638 TNode<TIndex> IntPtrOrSmiConstant(int value); 639 // TODO(v8:9708): remove once all uses are ported. 640 Node* IntPtrOrSmiConstant(int value, ParameterMode mode); 641 642 bool IsIntPtrOrSmiConstantZero(TNode<Smi> test); 643 bool IsIntPtrOrSmiConstantZero(TNode<IntPtrT> test); 644 // TODO(v8:9708): remove once all uses are ported. 645 bool IsIntPtrOrSmiConstantZero(Node* test, ParameterMode mode); 646 647 bool TryGetIntPtrOrSmiConstantValue(Node* maybe_constant, int* value, 648 ParameterMode mode); 649 650 // Round the 32bits payload of the provided word up to the next power of two. 651 TNode<IntPtrT> IntPtrRoundUpToPowerOfTwo32(TNode<IntPtrT> value); 652 // Select the maximum of the two provided IntPtr values. 653 TNode<IntPtrT> IntPtrMax(SloppyTNode<IntPtrT> left, 654 SloppyTNode<IntPtrT> right); 655 // Select the minimum of the two provided IntPtr values. 656 TNode<IntPtrT> IntPtrMin(SloppyTNode<IntPtrT> left, 657 SloppyTNode<IntPtrT> right); 658 TNode<UintPtrT> UintPtrMin(TNode<UintPtrT> left, TNode<UintPtrT> right); 659 660 // Float64 operations. 661 TNode<Float64T> Float64Ceil(SloppyTNode<Float64T> x); 662 TNode<Float64T> Float64Floor(SloppyTNode<Float64T> x); 663 TNode<Float64T> Float64Round(SloppyTNode<Float64T> x); 664 TNode<Float64T> Float64RoundToEven(SloppyTNode<Float64T> x); 665 TNode<Float64T> Float64Trunc(SloppyTNode<Float64T> x); 666 // Select the minimum of the two provided Number values. 667 TNode<Number> NumberMax(SloppyTNode<Number> left, SloppyTNode<Number> right); 668 // Select the minimum of the two provided Number values. 669 TNode<Number> NumberMin(SloppyTNode<Number> left, SloppyTNode<Number> right); 670 671 // Returns true iff the given value fits into smi range and is >= 0. 672 TNode<BoolT> IsValidPositiveSmi(TNode<IntPtrT> value); 673 674 // Tag an IntPtr as a Smi value. 675 TNode<Smi> SmiTag(SloppyTNode<IntPtrT> value); 676 // Untag a Smi value as an IntPtr. 677 TNode<IntPtrT> SmiUntag(SloppyTNode<Smi> value); 678 679 // Smi conversions. 680 TNode<Float64T> SmiToFloat64(SloppyTNode<Smi> value); SmiFromIntPtr(SloppyTNode<IntPtrT> value)681 TNode<Smi> SmiFromIntPtr(SloppyTNode<IntPtrT> value) { return SmiTag(value); } 682 TNode<Smi> SmiFromInt32(SloppyTNode<Int32T> value); 683 TNode<Smi> SmiFromUint32(TNode<Uint32T> value); SmiToIntPtr(SloppyTNode<Smi> value)684 TNode<IntPtrT> SmiToIntPtr(SloppyTNode<Smi> value) { return SmiUntag(value); } 685 TNode<Int32T> SmiToInt32(SloppyTNode<Smi> value); 686 687 // Smi operations. 688 #define SMI_ARITHMETIC_BINOP(SmiOpName, IntPtrOpName, Int32OpName) \ 689 TNode<Smi> SmiOpName(TNode<Smi> a, TNode<Smi> b) { \ 690 if (SmiValuesAre32Bits()) { \ 691 return BitcastWordToTaggedSigned( \ 692 IntPtrOpName(BitcastTaggedToWordForTagAndSmiBits(a), \ 693 BitcastTaggedToWordForTagAndSmiBits(b))); \ 694 } else { \ 695 DCHECK(SmiValuesAre31Bits()); \ 696 if (kSystemPointerSize == kInt64Size) { \ 697 CSA_ASSERT(this, IsValidSmi(a)); \ 698 CSA_ASSERT(this, IsValidSmi(b)); \ 699 } \ 700 return BitcastWordToTaggedSigned(ChangeInt32ToIntPtr(Int32OpName( \ 701 TruncateIntPtrToInt32(BitcastTaggedToWordForTagAndSmiBits(a)), \ 702 TruncateIntPtrToInt32(BitcastTaggedToWordForTagAndSmiBits(b))))); \ 703 } \ 704 } 705 SMI_ARITHMETIC_BINOP(SmiAdd, IntPtrAdd, Int32Add) 706 SMI_ARITHMETIC_BINOP(SmiSub, IntPtrSub, Int32Sub) 707 SMI_ARITHMETIC_BINOP(SmiAnd, WordAnd, Word32And) 708 SMI_ARITHMETIC_BINOP(SmiOr, WordOr, Word32Or) 709 #undef SMI_ARITHMETIC_BINOP 710 711 TNode<IntPtrT> TryIntPtrAdd(TNode<IntPtrT> a, TNode<IntPtrT> b, 712 Label* if_overflow); 713 TNode<IntPtrT> TryIntPtrSub(TNode<IntPtrT> a, TNode<IntPtrT> b, 714 Label* if_overflow); 715 TNode<Int32T> TryInt32Mul(TNode<Int32T> a, TNode<Int32T> b, 716 Label* if_overflow); 717 TNode<Smi> TrySmiAdd(TNode<Smi> a, TNode<Smi> b, Label* if_overflow); 718 TNode<Smi> TrySmiSub(TNode<Smi> a, TNode<Smi> b, Label* if_overflow); 719 TNode<Smi> TrySmiAbs(TNode<Smi> a, Label* if_overflow); 720 SmiShl(TNode<Smi> a,int shift)721 TNode<Smi> SmiShl(TNode<Smi> a, int shift) { 722 return BitcastWordToTaggedSigned( 723 WordShl(BitcastTaggedToWordForTagAndSmiBits(a), shift)); 724 } 725 SmiShr(TNode<Smi> a,int shift)726 TNode<Smi> SmiShr(TNode<Smi> a, int shift) { 727 if (kTaggedSize == kInt64Size) { 728 return BitcastWordToTaggedSigned( 729 WordAnd(WordShr(BitcastTaggedToWordForTagAndSmiBits(a), shift), 730 BitcastTaggedToWordForTagAndSmiBits(SmiConstant(-1)))); 731 } else { 732 // For pointer compressed Smis, we want to make sure that we truncate to 733 // int32 before shifting, to avoid the values of the top 32-bits from 734 // leaking into the sign bit of the smi. 735 return BitcastWordToTaggedSigned(WordAnd( 736 ChangeInt32ToIntPtr(Word32Shr( 737 TruncateWordToInt32(BitcastTaggedToWordForTagAndSmiBits(a)), 738 shift)), 739 BitcastTaggedToWordForTagAndSmiBits(SmiConstant(-1)))); 740 } 741 } 742 SmiSar(TNode<Smi> a,int shift)743 TNode<Smi> SmiSar(TNode<Smi> a, int shift) { 744 if (kTaggedSize == kInt64Size) { 745 return BitcastWordToTaggedSigned( 746 WordAnd(WordSar(BitcastTaggedToWordForTagAndSmiBits(a), shift), 747 BitcastTaggedToWordForTagAndSmiBits(SmiConstant(-1)))); 748 } else { 749 // For pointer compressed Smis, we want to make sure that we truncate to 750 // int32 before shifting, to avoid the values of the top 32-bits from 751 // changing the sign bit of the smi. 752 return BitcastWordToTaggedSigned(WordAnd( 753 ChangeInt32ToIntPtr(Word32Sar( 754 TruncateWordToInt32(BitcastTaggedToWordForTagAndSmiBits(a)), 755 shift)), 756 BitcastTaggedToWordForTagAndSmiBits(SmiConstant(-1)))); 757 } 758 } 759 WordOrSmiShl(Node * a,int shift,ParameterMode mode)760 Node* WordOrSmiShl(Node* a, int shift, ParameterMode mode) { 761 if (mode == SMI_PARAMETERS) { 762 return SmiShl(CAST(a), shift); 763 } else { 764 DCHECK_EQ(INTPTR_PARAMETERS, mode); 765 return WordShl(a, shift); 766 } 767 } 768 WordOrSmiShr(Node * a,int shift,ParameterMode mode)769 Node* WordOrSmiShr(Node* a, int shift, ParameterMode mode) { 770 if (mode == SMI_PARAMETERS) { 771 return SmiShr(CAST(a), shift); 772 } else { 773 DCHECK_EQ(INTPTR_PARAMETERS, mode); 774 return WordShr(a, shift); 775 } 776 } 777 778 #define SMI_COMPARISON_OP(SmiOpName, IntPtrOpName, Int32OpName) \ 779 TNode<BoolT> SmiOpName(TNode<Smi> a, TNode<Smi> b) { \ 780 if (kTaggedSize == kInt64Size) { \ 781 return IntPtrOpName(BitcastTaggedToWordForTagAndSmiBits(a), \ 782 BitcastTaggedToWordForTagAndSmiBits(b)); \ 783 } else { \ 784 DCHECK_EQ(kTaggedSize, kInt32Size); \ 785 DCHECK(SmiValuesAre31Bits()); \ 786 if (kSystemPointerSize == kInt64Size) { \ 787 CSA_ASSERT(this, IsValidSmi(a)); \ 788 CSA_ASSERT(this, IsValidSmi(b)); \ 789 } \ 790 return Int32OpName( \ 791 TruncateIntPtrToInt32(BitcastTaggedToWordForTagAndSmiBits(a)), \ 792 TruncateIntPtrToInt32(BitcastTaggedToWordForTagAndSmiBits(b))); \ 793 } \ 794 } 795 SMI_COMPARISON_OP(SmiEqual, WordEqual, Word32Equal) 796 SMI_COMPARISON_OP(SmiNotEqual, WordNotEqual, Word32NotEqual) 797 SMI_COMPARISON_OP(SmiAbove, UintPtrGreaterThan, Uint32GreaterThan) 798 SMI_COMPARISON_OP(SmiAboveOrEqual, UintPtrGreaterThanOrEqual, 799 Uint32GreaterThanOrEqual) 800 SMI_COMPARISON_OP(SmiBelow, UintPtrLessThan, Uint32LessThan) 801 SMI_COMPARISON_OP(SmiLessThan, IntPtrLessThan, Int32LessThan) 802 SMI_COMPARISON_OP(SmiLessThanOrEqual, IntPtrLessThanOrEqual, 803 Int32LessThanOrEqual) 804 SMI_COMPARISON_OP(SmiGreaterThan, IntPtrGreaterThan, Int32GreaterThan) 805 SMI_COMPARISON_OP(SmiGreaterThanOrEqual, IntPtrGreaterThanOrEqual, 806 Int32GreaterThanOrEqual) 807 #undef SMI_COMPARISON_OP 808 TNode<Smi> SmiMax(TNode<Smi> a, TNode<Smi> b); 809 TNode<Smi> SmiMin(TNode<Smi> a, TNode<Smi> b); 810 // Computes a % b for Smi inputs a and b; result is not necessarily a Smi. 811 TNode<Number> SmiMod(TNode<Smi> a, TNode<Smi> b); 812 // Computes a * b for Smi inputs a and b; result is not necessarily a Smi. 813 TNode<Number> SmiMul(TNode<Smi> a, TNode<Smi> b); 814 // Tries to compute dividend / divisor for Smi inputs; branching to bailout 815 // if the division needs to be performed as a floating point operation. 816 TNode<Smi> TrySmiDiv(TNode<Smi> dividend, TNode<Smi> divisor, Label* bailout); 817 818 // Compares two Smis a and b as if they were converted to strings and then 819 // compared lexicographically. Returns: 820 // -1 iff x < y. 821 // 0 iff x == y. 822 // 1 iff x > y. 823 TNode<Smi> SmiLexicographicCompare(TNode<Smi> x, TNode<Smi> y); 824 825 #ifdef BINT_IS_SMI 826 #define BINT_COMPARISON_OP(BIntOpName, SmiOpName, IntPtrOpName) \ 827 TNode<BoolT> BIntOpName(TNode<BInt> a, TNode<BInt> b) { \ 828 return SmiOpName(a, b); \ 829 } 830 #else 831 #define BINT_COMPARISON_OP(BIntOpName, SmiOpName, IntPtrOpName) \ 832 TNode<BoolT> BIntOpName(TNode<BInt> a, TNode<BInt> b) { \ 833 return IntPtrOpName(a, b); \ 834 } 835 #endif 836 BINT_COMPARISON_OP(BIntEqual, SmiEqual, WordEqual) 837 BINT_COMPARISON_OP(BIntNotEqual, SmiNotEqual, WordNotEqual) 838 BINT_COMPARISON_OP(BIntAbove, SmiAbove, UintPtrGreaterThan) 839 BINT_COMPARISON_OP(BIntAboveOrEqual, SmiAboveOrEqual, 840 UintPtrGreaterThanOrEqual) 841 BINT_COMPARISON_OP(BIntBelow, SmiBelow, UintPtrLessThan) 842 BINT_COMPARISON_OP(BIntLessThan, SmiLessThan, IntPtrLessThan) 843 BINT_COMPARISON_OP(BIntLessThanOrEqual, SmiLessThanOrEqual, 844 IntPtrLessThanOrEqual) 845 BINT_COMPARISON_OP(BIntGreaterThan, SmiGreaterThan, IntPtrGreaterThan) 846 BINT_COMPARISON_OP(BIntGreaterThanOrEqual, SmiGreaterThanOrEqual, 847 IntPtrGreaterThanOrEqual) 848 #undef BINT_COMPARISON_OP 849 850 // Smi | HeapNumber operations. 851 TNode<Number> NumberInc(SloppyTNode<Number> value); 852 TNode<Number> NumberDec(SloppyTNode<Number> value); 853 TNode<Number> NumberAdd(SloppyTNode<Number> a, SloppyTNode<Number> b); 854 TNode<Number> NumberSub(SloppyTNode<Number> a, SloppyTNode<Number> b); 855 void GotoIfNotNumber(TNode<Object> value, Label* is_not_number); 856 void GotoIfNumber(TNode<Object> value, Label* is_number); SmiToNumber(TNode<Smi> v)857 TNode<Number> SmiToNumber(TNode<Smi> v) { return v; } 858 859 TNode<Number> BitwiseOp(TNode<Word32T> left32, TNode<Word32T> right32, 860 Operation bitwise_op); 861 862 // Allocate an object of the given size. 863 TNode<HeapObject> AllocateInNewSpace(TNode<IntPtrT> size, 864 AllocationFlags flags = kNone); 865 TNode<HeapObject> AllocateInNewSpace(int size, AllocationFlags flags = kNone); 866 TNode<HeapObject> Allocate(TNode<IntPtrT> size, 867 AllocationFlags flags = kNone); AllocateAllowLOS(TNode<IntPtrT> size)868 TNode<HeapObject> AllocateAllowLOS(TNode<IntPtrT> size) { 869 return Allocate(size, AllocationFlag::kAllowLargeObjectAllocation); 870 } 871 872 TNode<HeapObject> Allocate(int size, AllocationFlags flags = kNone); 873 TNode<HeapObject> InnerAllocate(TNode<HeapObject> previous, int offset); 874 TNode<HeapObject> InnerAllocate(TNode<HeapObject> previous, 875 TNode<IntPtrT> offset); 876 877 TNode<BoolT> IsRegularHeapObjectSize(TNode<IntPtrT> size); 878 879 using BranchGenerator = std::function<void(Label*, Label*)>; 880 template <typename T> 881 using NodeGenerator = std::function<TNode<T>()>; 882 using ExtraNode = std::pair<TNode<Object>, const char*>; 883 884 void Assert(const BranchGenerator& branch, const char* message, 885 const char* file, int line, 886 std::initializer_list<ExtraNode> extra_nodes = {}); 887 void Assert(const NodeGenerator<BoolT>& condition_body, const char* message, 888 const char* file, int line, 889 std::initializer_list<ExtraNode> extra_nodes = {}); 890 void Assert(SloppyTNode<Word32T> condition_node, const char* message, 891 const char* file, int line, 892 std::initializer_list<ExtraNode> extra_nodes = {}); 893 void Check(const BranchGenerator& branch, const char* message, 894 const char* file, int line, 895 std::initializer_list<ExtraNode> extra_nodes = {}); 896 void Check(const NodeGenerator<BoolT>& condition_body, const char* message, 897 const char* file, int line, 898 std::initializer_list<ExtraNode> extra_nodes = {}); 899 void Check(SloppyTNode<Word32T> condition_node, const char* message, 900 const char* file, int line, 901 std::initializer_list<ExtraNode> extra_nodes = {}); 902 void FailAssert(const char* message, const char* file, int line, 903 std::initializer_list<ExtraNode> extra_nodes = {}); 904 905 void FastCheck(TNode<BoolT> condition); 906 907 // The following Call wrappers call an object according to the semantics that 908 // one finds in the EcmaScript spec, operating on an Callable (e.g. a 909 // JSFunction or proxy) rather than a Code object. 910 template <class... TArgs> Call(TNode<Context> context,TNode<Object> callable,TNode<JSReceiver> receiver,TArgs...args)911 TNode<Object> Call(TNode<Context> context, TNode<Object> callable, 912 TNode<JSReceiver> receiver, TArgs... args) { 913 return UncheckedCast<Object>(CallJS( 914 CodeFactory::Call(isolate(), ConvertReceiverMode::kNotNullOrUndefined), 915 context, callable, receiver, args...)); 916 } 917 template <class... TArgs> Call(TNode<Context> context,TNode<Object> callable,TNode<Object> receiver,TArgs...args)918 TNode<Object> Call(TNode<Context> context, TNode<Object> callable, 919 TNode<Object> receiver, TArgs... args) { 920 if (IsUndefinedConstant(receiver) || IsNullConstant(receiver)) { 921 return UncheckedCast<Object>(CallJS( 922 CodeFactory::Call(isolate(), ConvertReceiverMode::kNullOrUndefined), 923 context, callable, receiver, args...)); 924 } 925 return UncheckedCast<Object>(CallJS(CodeFactory::Call(isolate()), context, 926 callable, receiver, args...)); 927 } 928 929 TNode<Object> CallApiCallback(TNode<Object> context, TNode<RawPtrT> callback, 930 TNode<IntPtrT> argc, TNode<Object> data, 931 TNode<Object> holder, TNode<Object> receiver); 932 933 TNode<Object> CallApiCallback(TNode<Object> context, TNode<RawPtrT> callback, 934 TNode<IntPtrT> argc, TNode<Object> data, 935 TNode<Object> holder, TNode<Object> receiver, 936 TNode<Object> value); 937 938 TNode<Object> CallRuntimeNewArray(TNode<Context> context, 939 TNode<Object> receiver, 940 TNode<Object> length, 941 TNode<Object> new_target, 942 TNode<Object> allocation_site); 943 944 void TailCallRuntimeNewArray(TNode<Context> context, TNode<Object> receiver, 945 TNode<Object> length, TNode<Object> new_target, 946 TNode<Object> allocation_site); 947 948 template <class... TArgs> ConstructWithTarget(TNode<Context> context,TNode<JSReceiver> target,TNode<JSReceiver> new_target,TArgs...args)949 TNode<JSReceiver> ConstructWithTarget(TNode<Context> context, 950 TNode<JSReceiver> target, 951 TNode<JSReceiver> new_target, 952 TArgs... args) { 953 return CAST(ConstructJSWithTarget(CodeFactory::Construct(isolate()), 954 context, target, new_target, 955 implicit_cast<TNode<Object>>(args)...)); 956 } 957 template <class... TArgs> Construct(TNode<Context> context,TNode<JSReceiver> new_target,TArgs...args)958 TNode<JSReceiver> Construct(TNode<Context> context, 959 TNode<JSReceiver> new_target, TArgs... args) { 960 return ConstructWithTarget(context, new_target, new_target, args...); 961 } 962 963 template <typename T> Select(TNode<BoolT> condition,const NodeGenerator<T> & true_body,const NodeGenerator<T> & false_body)964 TNode<T> Select(TNode<BoolT> condition, const NodeGenerator<T>& true_body, 965 const NodeGenerator<T>& false_body) { 966 TVARIABLE(T, value); 967 Label vtrue(this), vfalse(this), end(this); 968 Branch(condition, &vtrue, &vfalse); 969 970 BIND(&vtrue); 971 { 972 value = true_body(); 973 Goto(&end); 974 } 975 BIND(&vfalse); 976 { 977 value = false_body(); 978 Goto(&end); 979 } 980 981 BIND(&end); 982 return value.value(); 983 } 984 985 template <class A> SelectConstant(TNode<BoolT> condition,TNode<A> true_value,TNode<A> false_value)986 TNode<A> SelectConstant(TNode<BoolT> condition, TNode<A> true_value, 987 TNode<A> false_value) { 988 return Select<A>( 989 condition, [=] { return true_value; }, [=] { return false_value; }); 990 } 991 992 TNode<Int32T> SelectInt32Constant(SloppyTNode<BoolT> condition, 993 int true_value, int false_value); 994 TNode<IntPtrT> SelectIntPtrConstant(SloppyTNode<BoolT> condition, 995 int true_value, int false_value); 996 TNode<Oddball> SelectBooleanConstant(SloppyTNode<BoolT> condition); 997 TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, Smi true_value, 998 Smi false_value); SelectSmiConstant(SloppyTNode<BoolT> condition,int true_value,Smi false_value)999 TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, int true_value, 1000 Smi false_value) { 1001 return SelectSmiConstant(condition, Smi::FromInt(true_value), false_value); 1002 } SelectSmiConstant(SloppyTNode<BoolT> condition,Smi true_value,int false_value)1003 TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, Smi true_value, 1004 int false_value) { 1005 return SelectSmiConstant(condition, true_value, Smi::FromInt(false_value)); 1006 } SelectSmiConstant(SloppyTNode<BoolT> condition,int true_value,int false_value)1007 TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, int true_value, 1008 int false_value) { 1009 return SelectSmiConstant(condition, Smi::FromInt(true_value), 1010 Smi::FromInt(false_value)); 1011 } 1012 SingleCharacterStringConstant(char const * single_char)1013 TNode<String> SingleCharacterStringConstant(char const* single_char) { 1014 DCHECK_EQ(strlen(single_char), 1); 1015 return HeapConstant( 1016 isolate()->factory()->LookupSingleCharacterStringFromCode( 1017 single_char[0])); 1018 } 1019 1020 TNode<Int32T> TruncateWordToInt32(SloppyTNode<WordT> value); 1021 TNode<Int32T> TruncateIntPtrToInt32(SloppyTNode<IntPtrT> value); 1022 1023 // Check a value for smi-ness 1024 TNode<BoolT> TaggedIsSmi(SloppyTNode<MaybeObject> a); 1025 TNode<BoolT> TaggedIsNotSmi(SloppyTNode<MaybeObject> a); 1026 1027 // Check that the value is a non-negative smi. 1028 TNode<BoolT> TaggedIsPositiveSmi(SloppyTNode<Object> a); 1029 // Check that a word has a word-aligned address. 1030 TNode<BoolT> WordIsAligned(SloppyTNode<WordT> word, size_t alignment); 1031 TNode<BoolT> WordIsPowerOfTwo(SloppyTNode<IntPtrT> value); 1032 1033 // Check if lower_limit <= value <= higher_limit. 1034 template <typename U> IsInRange(TNode<Word32T> value,U lower_limit,U higher_limit)1035 TNode<BoolT> IsInRange(TNode<Word32T> value, U lower_limit, U higher_limit) { 1036 DCHECK_LE(lower_limit, higher_limit); 1037 STATIC_ASSERT(sizeof(U) <= kInt32Size); 1038 return Uint32LessThanOrEqual(Int32Sub(value, Int32Constant(lower_limit)), 1039 Int32Constant(higher_limit - lower_limit)); 1040 } 1041 IsInRange(TNode<WordT> value,intptr_t lower_limit,intptr_t higher_limit)1042 TNode<BoolT> IsInRange(TNode<WordT> value, intptr_t lower_limit, 1043 intptr_t higher_limit) { 1044 DCHECK_LE(lower_limit, higher_limit); 1045 return UintPtrLessThanOrEqual(IntPtrSub(value, IntPtrConstant(lower_limit)), 1046 IntPtrConstant(higher_limit - lower_limit)); 1047 } 1048 1049 #if DEBUG 1050 void Bind(Label* label, AssemblerDebugInfo debug_info); 1051 #endif // DEBUG 1052 void Bind(Label* label); 1053 1054 template <class... T> Bind(compiler::CodeAssemblerParameterizedLabel<T...> * label,TNode<T> * ...phis)1055 void Bind(compiler::CodeAssemblerParameterizedLabel<T...>* label, 1056 TNode<T>*... phis) { 1057 CodeAssembler::Bind(label, phis...); 1058 } 1059 BranchIfSmiEqual(TNode<Smi> a,TNode<Smi> b,Label * if_true,Label * if_false)1060 void BranchIfSmiEqual(TNode<Smi> a, TNode<Smi> b, Label* if_true, 1061 Label* if_false) { 1062 Branch(SmiEqual(a, b), if_true, if_false); 1063 } 1064 BranchIfSmiLessThan(TNode<Smi> a,TNode<Smi> b,Label * if_true,Label * if_false)1065 void BranchIfSmiLessThan(TNode<Smi> a, TNode<Smi> b, Label* if_true, 1066 Label* if_false) { 1067 Branch(SmiLessThan(a, b), if_true, if_false); 1068 } 1069 BranchIfSmiLessThanOrEqual(TNode<Smi> a,TNode<Smi> b,Label * if_true,Label * if_false)1070 void BranchIfSmiLessThanOrEqual(TNode<Smi> a, TNode<Smi> b, Label* if_true, 1071 Label* if_false) { 1072 Branch(SmiLessThanOrEqual(a, b), if_true, if_false); 1073 } 1074 BranchIfFloat64IsNaN(TNode<Float64T> value,Label * if_true,Label * if_false)1075 void BranchIfFloat64IsNaN(TNode<Float64T> value, Label* if_true, 1076 Label* if_false) { 1077 Branch(Float64Equal(value, value), if_false, if_true); 1078 } 1079 1080 // Branches to {if_true} if ToBoolean applied to {value} yields true, 1081 // otherwise goes to {if_false}. 1082 void BranchIfToBooleanIsTrue(SloppyTNode<Object> value, Label* if_true, 1083 Label* if_false); 1084 1085 // Branches to {if_false} if ToBoolean applied to {value} yields false, 1086 // otherwise goes to {if_true}. BranchIfToBooleanIsFalse(SloppyTNode<Object> value,Label * if_false,Label * if_true)1087 void BranchIfToBooleanIsFalse(SloppyTNode<Object> value, Label* if_false, 1088 Label* if_true) { 1089 BranchIfToBooleanIsTrue(value, if_true, if_false); 1090 } 1091 1092 void BranchIfJSReceiver(SloppyTNode<Object> object, Label* if_true, 1093 Label* if_false); 1094 1095 // Branches to {if_true} when --force-slow-path flag has been passed. 1096 // It's used for testing to ensure that slow path implementation behave 1097 // equivalent to corresponding fast paths (where applicable). 1098 // 1099 // Works only with V8_ENABLE_FORCE_SLOW_PATH compile time flag. Nop otherwise. 1100 void GotoIfForceSlowPath(Label* if_true); 1101 1102 // Load value from current parent frame by given offset in bytes. 1103 TNode<Object> LoadFromParentFrame(int offset); 1104 1105 // Load an object pointer from a buffer that isn't in the heap. LoadBufferObject(TNode<RawPtrT> buffer,int offset)1106 TNode<Object> LoadBufferObject(TNode<RawPtrT> buffer, int offset) { 1107 return LoadFullTagged(buffer, IntPtrConstant(offset)); 1108 } 1109 template <typename T> LoadBufferData(TNode<RawPtrT> buffer,int offset)1110 TNode<T> LoadBufferData(TNode<RawPtrT> buffer, int offset) { 1111 return UncheckedCast<T>( 1112 Load(MachineTypeOf<T>::value, buffer, IntPtrConstant(offset))); 1113 } LoadBufferPointer(TNode<RawPtrT> buffer,int offset)1114 TNode<RawPtrT> LoadBufferPointer(TNode<RawPtrT> buffer, int offset) { 1115 return LoadBufferData<RawPtrT>(buffer, offset); 1116 } LoadBufferSmi(TNode<RawPtrT> buffer,int offset)1117 TNode<Smi> LoadBufferSmi(TNode<RawPtrT> buffer, int offset) { 1118 return CAST(LoadBufferObject(buffer, offset)); 1119 } 1120 // Load a field from an object on the heap. 1121 template <class T, typename std::enable_if< 1122 std::is_convertible<TNode<T>, TNode<Object>>::value, 1123 int>::type = 0> LoadObjectField(TNode<HeapObject> object,int offset)1124 TNode<T> LoadObjectField(TNode<HeapObject> object, int offset) { 1125 return CAST(LoadObjectField(object, offset, MachineTypeOf<T>::value)); 1126 } 1127 template <class T, typename std::enable_if< 1128 std::is_convertible<TNode<T>, TNode<UntaggedT>>::value, 1129 int>::type = 0> LoadObjectField(TNode<HeapObject> object,int offset)1130 TNode<T> LoadObjectField(TNode<HeapObject> object, int offset) { 1131 return UncheckedCast<T>( 1132 LoadObjectField(object, offset, MachineTypeOf<T>::value)); 1133 } LoadObjectField(SloppyTNode<HeapObject> object,int offset)1134 TNode<Object> LoadObjectField(SloppyTNode<HeapObject> object, int offset) { 1135 return UncheckedCast<Object>( 1136 LoadObjectField(object, offset, MachineType::AnyTagged())); 1137 } LoadObjectField(SloppyTNode<HeapObject> object,SloppyTNode<IntPtrT> offset)1138 TNode<Object> LoadObjectField(SloppyTNode<HeapObject> object, 1139 SloppyTNode<IntPtrT> offset) { 1140 return UncheckedCast<Object>( 1141 LoadObjectField(object, offset, MachineType::AnyTagged())); 1142 } 1143 template <class T, typename std::enable_if< 1144 std::is_convertible<TNode<T>, TNode<UntaggedT>>::value, 1145 int>::type = 0> LoadObjectField(TNode<HeapObject> object,TNode<IntPtrT> offset)1146 TNode<T> LoadObjectField(TNode<HeapObject> object, TNode<IntPtrT> offset) { 1147 return UncheckedCast<T>( 1148 LoadObjectField(object, offset, MachineTypeOf<T>::value)); 1149 } 1150 // Load a SMI field and untag it. 1151 TNode<IntPtrT> LoadAndUntagObjectField(SloppyTNode<HeapObject> object, 1152 int offset); 1153 // Load a SMI field, untag it, and convert to Word32. 1154 TNode<Int32T> LoadAndUntagToWord32ObjectField(SloppyTNode<HeapObject> object, 1155 int offset); 1156 LoadMaybeWeakObjectField(SloppyTNode<HeapObject> object,int offset)1157 TNode<MaybeObject> LoadMaybeWeakObjectField(SloppyTNode<HeapObject> object, 1158 int offset) { 1159 return UncheckedCast<MaybeObject>( 1160 LoadObjectField(object, offset, MachineType::AnyTagged())); 1161 } 1162 LoadConstructorOrBackPointer(TNode<Map> map)1163 TNode<Object> LoadConstructorOrBackPointer(TNode<Map> map) { 1164 return LoadObjectField(map, 1165 Map::kConstructorOrBackPointerOrNativeContextOffset); 1166 } 1167 1168 // Reference is the CSA-equivalent of a Torque reference value, 1169 // representing an inner pointer into a HeapObject. 1170 // TODO(gsps): Remove in favor of flattened {Load,Store}Reference interface 1171 struct Reference { 1172 TNode<HeapObject> object; 1173 TNode<IntPtrT> offset; 1174 FlattenReference1175 std::tuple<TNode<HeapObject>, TNode<IntPtrT>> Flatten() const { 1176 return std::make_tuple(object, offset); 1177 } 1178 }; 1179 1180 template <class T, typename std::enable_if< 1181 std::is_convertible<TNode<T>, TNode<Object>>::value, 1182 int>::type = 0> LoadReference(Reference reference)1183 TNode<T> LoadReference(Reference reference) { 1184 TNode<IntPtrT> offset = 1185 IntPtrSub(reference.offset, IntPtrConstant(kHeapObjectTag)); 1186 return CAST( 1187 LoadFromObject(MachineTypeOf<T>::value, reference.object, offset)); 1188 } 1189 template <class T, 1190 typename std::enable_if< 1191 std::is_convertible<TNode<T>, TNode<UntaggedT>>::value || 1192 std::is_same<T, MaybeObject>::value, 1193 int>::type = 0> LoadReference(Reference reference)1194 TNode<T> LoadReference(Reference reference) { 1195 TNode<IntPtrT> offset = 1196 IntPtrSub(reference.offset, IntPtrConstant(kHeapObjectTag)); 1197 return UncheckedCast<T>( 1198 LoadFromObject(MachineTypeOf<T>::value, reference.object, offset)); 1199 } 1200 template <class T, typename std::enable_if< 1201 std::is_convertible<TNode<T>, TNode<Object>>::value || 1202 std::is_same<T, MaybeObject>::value, 1203 int>::type = 0> StoreReference(Reference reference,TNode<T> value)1204 void StoreReference(Reference reference, TNode<T> value) { 1205 MachineRepresentation rep = MachineRepresentationOf<T>::value; 1206 StoreToObjectWriteBarrier write_barrier = StoreToObjectWriteBarrier::kFull; 1207 if (std::is_same<T, Smi>::value) { 1208 write_barrier = StoreToObjectWriteBarrier::kNone; 1209 } else if (std::is_same<T, Map>::value) { 1210 write_barrier = StoreToObjectWriteBarrier::kMap; 1211 } 1212 TNode<IntPtrT> offset = 1213 IntPtrSub(reference.offset, IntPtrConstant(kHeapObjectTag)); 1214 StoreToObject(rep, reference.object, offset, value, write_barrier); 1215 } 1216 template <class T, typename std::enable_if< 1217 std::is_convertible<TNode<T>, TNode<UntaggedT>>::value, 1218 int>::type = 0> StoreReference(Reference reference,TNode<T> value)1219 void StoreReference(Reference reference, TNode<T> value) { 1220 TNode<IntPtrT> offset = 1221 IntPtrSub(reference.offset, IntPtrConstant(kHeapObjectTag)); 1222 StoreToObject(MachineRepresentationOf<T>::value, reference.object, offset, 1223 value, StoreToObjectWriteBarrier::kNone); 1224 } 1225 1226 // Load the floating point value of a HeapNumber. 1227 TNode<Float64T> LoadHeapNumberValue(SloppyTNode<HeapObject> object); 1228 // Load the Map of an HeapObject. 1229 TNode<Map> LoadMap(SloppyTNode<HeapObject> object); 1230 // Load the instance type of an HeapObject. 1231 TNode<Uint16T> LoadInstanceType(SloppyTNode<HeapObject> object); 1232 // Compare the instance the type of the object against the provided one. 1233 TNode<BoolT> HasInstanceType(SloppyTNode<HeapObject> object, 1234 InstanceType type); 1235 TNode<BoolT> DoesntHaveInstanceType(SloppyTNode<HeapObject> object, 1236 InstanceType type); 1237 TNode<BoolT> TaggedDoesntHaveInstanceType(SloppyTNode<HeapObject> any_tagged, 1238 InstanceType type); 1239 1240 TNode<Word32T> IsStringWrapperElementsKind(TNode<Map> map); 1241 void GotoIfMapHasSlowProperties(TNode<Map> map, Label* if_slow); 1242 1243 // Load the properties backing store of a JSReceiver. 1244 TNode<HeapObject> LoadSlowProperties(SloppyTNode<JSReceiver> object); 1245 TNode<HeapObject> LoadFastProperties(SloppyTNode<JSReceiver> object); 1246 // Load the elements backing store of a JSObject. LoadElements(SloppyTNode<JSObject> object)1247 TNode<FixedArrayBase> LoadElements(SloppyTNode<JSObject> object) { 1248 return LoadJSObjectElements(object); 1249 } 1250 // Load the length of a JSArray instance. 1251 TNode<Object> LoadJSArgumentsObjectLength(TNode<Context> context, 1252 TNode<JSArgumentsObject> array); 1253 // Load the length of a fast JSArray instance. Returns a positive Smi. 1254 TNode<Smi> LoadFastJSArrayLength(SloppyTNode<JSArray> array); 1255 // Load the length of a fixed array base instance. 1256 TNode<Smi> LoadFixedArrayBaseLength(SloppyTNode<FixedArrayBase> array); 1257 // Load the length of a fixed array base instance. 1258 TNode<IntPtrT> LoadAndUntagFixedArrayBaseLength( 1259 SloppyTNode<FixedArrayBase> array); 1260 // Load the length of a WeakFixedArray. 1261 TNode<Smi> LoadWeakFixedArrayLength(TNode<WeakFixedArray> array); 1262 TNode<IntPtrT> LoadAndUntagWeakFixedArrayLength( 1263 SloppyTNode<WeakFixedArray> array); 1264 // Load the number of descriptors in DescriptorArray. 1265 TNode<Int32T> LoadNumberOfDescriptors(TNode<DescriptorArray> array); 1266 // Load the number of own descriptors of a map. 1267 TNode<Int32T> LoadNumberOfOwnDescriptors(TNode<Map> map); 1268 // Load the bit field of a Map. 1269 TNode<Int32T> LoadMapBitField(SloppyTNode<Map> map); 1270 // Load bit field 2 of a map. 1271 TNode<Int32T> LoadMapBitField2(SloppyTNode<Map> map); 1272 // Load bit field 3 of a map. 1273 TNode<Uint32T> LoadMapBitField3(SloppyTNode<Map> map); 1274 // Load the instance type of a map. 1275 TNode<Uint16T> LoadMapInstanceType(SloppyTNode<Map> map); 1276 // Load the ElementsKind of a map. 1277 TNode<Int32T> LoadMapElementsKind(SloppyTNode<Map> map); 1278 TNode<Int32T> LoadElementsKind(SloppyTNode<HeapObject> object); 1279 // Load the instance descriptors of a map. 1280 TNode<DescriptorArray> LoadMapDescriptors(SloppyTNode<Map> map); 1281 // Load the prototype of a map. 1282 TNode<HeapObject> LoadMapPrototype(SloppyTNode<Map> map); 1283 // Load the instance size of a Map. 1284 TNode<IntPtrT> LoadMapInstanceSizeInWords(SloppyTNode<Map> map); 1285 // Load the inobject properties start of a Map (valid only for JSObjects). 1286 TNode<IntPtrT> LoadMapInobjectPropertiesStartInWords(SloppyTNode<Map> map); 1287 // Load the constructor function index of a Map (only for primitive maps). 1288 TNode<IntPtrT> LoadMapConstructorFunctionIndex(SloppyTNode<Map> map); 1289 // Load the constructor of a Map (equivalent to Map::GetConstructor()). 1290 TNode<Object> LoadMapConstructor(SloppyTNode<Map> map); 1291 // Load the EnumLength of a Map. 1292 TNode<WordT> LoadMapEnumLength(SloppyTNode<Map> map); 1293 // Load the back-pointer of a Map. 1294 TNode<Object> LoadMapBackPointer(SloppyTNode<Map> map); 1295 // Checks that |map| has only simple properties, returns bitfield3. 1296 TNode<Uint32T> EnsureOnlyHasSimpleProperties(TNode<Map> map, 1297 TNode<Int32T> instance_type, 1298 Label* bailout); 1299 // Load the identity hash of a JSRececiver. 1300 TNode<IntPtrT> LoadJSReceiverIdentityHash(SloppyTNode<Object> receiver, 1301 Label* if_no_hash = nullptr); 1302 1303 // This is only used on a newly allocated PropertyArray which 1304 // doesn't have an existing hash. 1305 void InitializePropertyArrayLength(TNode<PropertyArray> property_array, 1306 Node* length, ParameterMode mode); 1307 1308 // Check if the map is set for slow properties. 1309 TNode<BoolT> IsDictionaryMap(SloppyTNode<Map> map); 1310 1311 // Load the hash field of a name as an uint32 value. 1312 TNode<Uint32T> LoadNameHashField(SloppyTNode<Name> name); 1313 // Load the hash value of a name as an uint32 value. 1314 // If {if_hash_not_computed} label is specified then it also checks if 1315 // hash is actually computed. 1316 TNode<Uint32T> LoadNameHash(SloppyTNode<Name> name, 1317 Label* if_hash_not_computed = nullptr); 1318 1319 // Load length field of a String object as Smi value. 1320 TNode<Smi> LoadStringLengthAsSmi(TNode<String> string); 1321 // Load length field of a String object as intptr_t value. 1322 TNode<IntPtrT> LoadStringLengthAsWord(SloppyTNode<String> string); 1323 // Load length field of a String object as uint32_t value. 1324 TNode<Uint32T> LoadStringLengthAsWord32(SloppyTNode<String> string); 1325 // Load value field of a JSPrimitiveWrapper object. 1326 TNode<Object> LoadJSPrimitiveWrapperValue(TNode<JSPrimitiveWrapper> object); 1327 1328 // Figures out whether the value of maybe_object is: 1329 // - a SMI (jump to "if_smi", "extracted" will be the SMI value) 1330 // - a cleared weak reference (jump to "if_cleared", "extracted" will be 1331 // untouched) 1332 // - a weak reference (jump to "if_weak", "extracted" will be the object 1333 // pointed to) 1334 // - a strong reference (jump to "if_strong", "extracted" will be the object 1335 // pointed to) 1336 void DispatchMaybeObject(TNode<MaybeObject> maybe_object, Label* if_smi, 1337 Label* if_cleared, Label* if_weak, Label* if_strong, 1338 TVariable<Object>* extracted); 1339 // See MaybeObject for semantics of these functions. 1340 TNode<BoolT> IsStrong(TNode<MaybeObject> value); 1341 TNode<HeapObject> GetHeapObjectIfStrong(TNode<MaybeObject> value, 1342 Label* if_not_strong); 1343 1344 TNode<BoolT> IsWeakOrCleared(TNode<MaybeObject> value); 1345 TNode<BoolT> IsCleared(TNode<MaybeObject> value); IsNotCleared(TNode<MaybeObject> value)1346 TNode<BoolT> IsNotCleared(TNode<MaybeObject> value) { 1347 return Word32BinaryNot(IsCleared(value)); 1348 } 1349 1350 // Removes the weak bit + asserts it was set. 1351 TNode<HeapObject> GetHeapObjectAssumeWeak(TNode<MaybeObject> value); 1352 1353 TNode<HeapObject> GetHeapObjectAssumeWeak(TNode<MaybeObject> value, 1354 Label* if_cleared); 1355 1356 // Checks if |maybe_object| is a weak reference to given |heap_object|. 1357 // Works for both any tagged |maybe_object| values. 1358 TNode<BoolT> IsWeakReferenceTo(TNode<MaybeObject> maybe_object, 1359 TNode<HeapObject> heap_object); 1360 // Returns true if the |object| is a HeapObject and |maybe_object| is a weak 1361 // reference to |object|. 1362 // The |maybe_object| must not be a Smi. 1363 TNode<BoolT> IsWeakReferenceToObject(TNode<MaybeObject> maybe_object, 1364 TNode<Object> object); 1365 1366 TNode<MaybeObject> MakeWeak(TNode<HeapObject> value); 1367 1368 void FixedArrayBoundsCheck(TNode<FixedArrayBase> array, Node* index, 1369 int additional_offset = 0, 1370 ParameterMode parameter_mode = INTPTR_PARAMETERS); 1371 1372 // Array is any array-like type that has a fixed header followed by 1373 // tagged elements. 1374 template <typename Array> 1375 TNode<IntPtrT> LoadArrayLength(TNode<Array> array); 1376 1377 // Array is any array-like type that has a fixed header followed by 1378 // tagged elements. 1379 template <typename Array, typename T = MaybeObject> 1380 TNode<T> LoadArrayElement( 1381 TNode<Array> array, int array_header_size, Node* index, 1382 int additional_offset = 0, 1383 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1384 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe); 1385 1386 TNode<Object> LoadFixedArrayElement( 1387 TNode<FixedArray> object, Node* index, int additional_offset = 0, 1388 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1389 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe, 1390 CheckBounds check_bounds = CheckBounds::kAlways); 1391 1392 // This doesn't emit a bounds-check. As part of the security-performance 1393 // tradeoff, only use it if it is performance critical. 1394 TNode<Object> UnsafeLoadFixedArrayElement( 1395 TNode<FixedArray> object, Node* index, int additional_offset = 0, 1396 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1397 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) { 1398 return LoadFixedArrayElement(object, index, additional_offset, 1399 parameter_mode, needs_poisoning, 1400 CheckBounds::kDebugOnly); 1401 } 1402 1403 TNode<Object> LoadFixedArrayElement( 1404 TNode<FixedArray> object, TNode<IntPtrT> index, 1405 LoadSensitivity needs_poisoning, 1406 CheckBounds check_bounds = CheckBounds::kAlways) { 1407 return LoadFixedArrayElement(object, index, 0, INTPTR_PARAMETERS, 1408 needs_poisoning, check_bounds); 1409 } 1410 // This doesn't emit a bounds-check. As part of the security-performance 1411 // tradeoff, only use it if it is performance critical. UnsafeLoadFixedArrayElement(TNode<FixedArray> object,TNode<IntPtrT> index,LoadSensitivity needs_poisoning)1412 TNode<Object> UnsafeLoadFixedArrayElement(TNode<FixedArray> object, 1413 TNode<IntPtrT> index, 1414 LoadSensitivity needs_poisoning) { 1415 return LoadFixedArrayElement(object, index, needs_poisoning, 1416 CheckBounds::kDebugOnly); 1417 } 1418 1419 TNode<Object> LoadFixedArrayElement( 1420 TNode<FixedArray> object, TNode<IntPtrT> index, int additional_offset = 0, 1421 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) { 1422 return LoadFixedArrayElement(object, index, additional_offset, 1423 INTPTR_PARAMETERS, needs_poisoning); 1424 } 1425 1426 TNode<Object> LoadFixedArrayElement( 1427 TNode<FixedArray> object, int index, int additional_offset = 0, 1428 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) { 1429 return LoadFixedArrayElement(object, IntPtrConstant(index), 1430 additional_offset, INTPTR_PARAMETERS, 1431 needs_poisoning); 1432 } 1433 // This doesn't emit a bounds-check. As part of the security-performance 1434 // tradeoff, only use it if it is performance critical. 1435 TNode<Object> UnsafeLoadFixedArrayElement( 1436 TNode<FixedArray> object, int index, int additional_offset = 0, 1437 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) { 1438 return LoadFixedArrayElement(object, IntPtrConstant(index), 1439 additional_offset, INTPTR_PARAMETERS, 1440 needs_poisoning, CheckBounds::kDebugOnly); 1441 } LoadFixedArrayElement(TNode<FixedArray> object,TNode<Smi> index)1442 TNode<Object> LoadFixedArrayElement(TNode<FixedArray> object, 1443 TNode<Smi> index) { 1444 return LoadFixedArrayElement(object, index, 0, SMI_PARAMETERS); 1445 } 1446 1447 TNode<Object> LoadPropertyArrayElement(TNode<PropertyArray> object, 1448 SloppyTNode<IntPtrT> index); 1449 TNode<IntPtrT> LoadPropertyArrayLength(TNode<PropertyArray> object); 1450 1451 // Load an element from an array and untag it and return it as Word32. 1452 // Array is any array-like type that has a fixed header followed by 1453 // tagged elements. 1454 template <typename Array> 1455 TNode<Int32T> LoadAndUntagToWord32ArrayElement( 1456 TNode<Array> array, int array_header_size, Node* index, 1457 int additional_offset = 0, 1458 ParameterMode parameter_mode = INTPTR_PARAMETERS); 1459 1460 // Load an array element from a FixedArray, untag it and return it as Word32. 1461 TNode<Int32T> LoadAndUntagToWord32FixedArrayElement( 1462 TNode<FixedArray> object, Node* index, int additional_offset = 0, 1463 ParameterMode parameter_mode = INTPTR_PARAMETERS); 1464 1465 TNode<Int32T> LoadAndUntagToWord32FixedArrayElement( 1466 TNode<FixedArray> object, int index, int additional_offset = 0) { 1467 return LoadAndUntagToWord32FixedArrayElement( 1468 object, IntPtrConstant(index), additional_offset, INTPTR_PARAMETERS); 1469 } 1470 1471 // Load an array element from a WeakFixedArray. 1472 TNode<MaybeObject> LoadWeakFixedArrayElement( 1473 TNode<WeakFixedArray> object, Node* index, int additional_offset = 0, 1474 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1475 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe); 1476 1477 TNode<MaybeObject> LoadWeakFixedArrayElement( 1478 TNode<WeakFixedArray> object, int index, int additional_offset = 0, 1479 LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) { 1480 return LoadWeakFixedArrayElement(object, IntPtrConstant(index), 1481 additional_offset, INTPTR_PARAMETERS, 1482 needs_poisoning); 1483 } 1484 1485 // Load an array element from a FixedDoubleArray. 1486 TNode<Float64T> LoadFixedDoubleArrayElement( 1487 SloppyTNode<FixedDoubleArray> object, Node* index, 1488 MachineType machine_type, int additional_offset = 0, 1489 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1490 Label* if_hole = nullptr); 1491 1492 TNode<Float64T> LoadFixedDoubleArrayElement(TNode<FixedDoubleArray> object, 1493 TNode<Smi> index, 1494 Label* if_hole = nullptr) { 1495 return LoadFixedDoubleArrayElement(object, index, MachineType::Float64(), 0, 1496 SMI_PARAMETERS, if_hole); 1497 } 1498 1499 TNode<Float64T> LoadFixedDoubleArrayElement(TNode<FixedDoubleArray> object, 1500 TNode<IntPtrT> index, 1501 Label* if_hole = nullptr) { 1502 return LoadFixedDoubleArrayElement(object, index, MachineType::Float64(), 0, 1503 INTPTR_PARAMETERS, if_hole); 1504 } 1505 1506 // Load an array element from a FixedArray, FixedDoubleArray or a 1507 // NumberDictionary (depending on the |elements_kind|) and return 1508 // it as a tagged value. Assumes that the |index| passed a length 1509 // check before. Bails out to |if_accessor| if the element that 1510 // was found is an accessor, or to |if_hole| if the element at 1511 // the given |index| is not found in |elements|. 1512 TNode<Object> LoadFixedArrayBaseElementAsTagged( 1513 TNode<FixedArrayBase> elements, TNode<IntPtrT> index, 1514 TNode<Int32T> elements_kind, Label* if_accessor, Label* if_hole); 1515 1516 // Load a feedback slot from a FeedbackVector. 1517 template <typename TIndex> 1518 TNode<MaybeObject> LoadFeedbackVectorSlot( 1519 TNode<FeedbackVector> feedback_vector, TNode<TIndex> slot, 1520 int additional_offset = 0); 1521 1522 TNode<IntPtrT> LoadFeedbackVectorLength(TNode<FeedbackVector>); 1523 TNode<Float64T> LoadDoubleWithHoleCheck(TNode<FixedDoubleArray> array, 1524 TNode<Smi> index, 1525 Label* if_hole = nullptr); 1526 TNode<Float64T> LoadDoubleWithHoleCheck(TNode<FixedDoubleArray> array, 1527 TNode<IntPtrT> index, 1528 Label* if_hole = nullptr); 1529 TNode<Float64T> LoadDoubleWithHoleCheck(TNode<FixedDoubleArray> array, 1530 TNode<UintPtrT> index, 1531 Label* if_hole = nullptr) { 1532 return LoadDoubleWithHoleCheck(array, Signed(index), if_hole); 1533 } 1534 1535 TNode<BoolT> IsDoubleHole(TNode<Object> base, TNode<IntPtrT> offset); 1536 // Load Float64 value by |base| + |offset| address. If the value is a double 1537 // hole then jump to |if_hole|. If |machine_type| is None then only the hole 1538 // check is generated. 1539 TNode<Float64T> LoadDoubleWithHoleCheck( 1540 SloppyTNode<Object> base, SloppyTNode<IntPtrT> offset, Label* if_hole, 1541 MachineType machine_type = MachineType::Float64()); 1542 TNode<Numeric> LoadFixedTypedArrayElementAsTagged(TNode<RawPtrT> data_pointer, 1543 TNode<UintPtrT> index, 1544 ElementsKind elements_kind); 1545 TNode<Numeric> LoadFixedTypedArrayElementAsTagged( 1546 TNode<RawPtrT> data_pointer, TNode<UintPtrT> index, 1547 TNode<Int32T> elements_kind); 1548 // Parts of the above, factored out for readability: 1549 TNode<BigInt> LoadFixedBigInt64ArrayElementAsTagged( 1550 SloppyTNode<RawPtrT> data_pointer, SloppyTNode<IntPtrT> offset); 1551 TNode<BigInt> LoadFixedBigUint64ArrayElementAsTagged( 1552 SloppyTNode<RawPtrT> data_pointer, SloppyTNode<IntPtrT> offset); 1553 // 64-bit platforms only: 1554 TNode<BigInt> BigIntFromInt64(TNode<IntPtrT> value); 1555 TNode<BigInt> BigIntFromUint64(TNode<UintPtrT> value); 1556 // 32-bit platforms only: 1557 TNode<BigInt> BigIntFromInt32Pair(TNode<IntPtrT> low, TNode<IntPtrT> high); 1558 TNode<BigInt> BigIntFromUint32Pair(TNode<UintPtrT> low, TNode<UintPtrT> high); 1559 1560 // ScopeInfo: 1561 TNode<ScopeInfo> LoadScopeInfo(TNode<Context> context); 1562 TNode<BoolT> LoadScopeInfoHasExtensionField(TNode<ScopeInfo> scope_info); 1563 1564 // Context manipulation: 1565 TNode<Object> LoadContextElement(SloppyTNode<Context> context, 1566 int slot_index); 1567 TNode<Object> LoadContextElement(SloppyTNode<Context> context, 1568 SloppyTNode<IntPtrT> slot_index); 1569 TNode<Object> LoadContextElement(TNode<Context> context, 1570 TNode<Smi> slot_index); 1571 void StoreContextElement(SloppyTNode<Context> context, int slot_index, 1572 SloppyTNode<Object> value); 1573 void StoreContextElement(SloppyTNode<Context> context, 1574 SloppyTNode<IntPtrT> slot_index, 1575 SloppyTNode<Object> value); 1576 void StoreContextElementNoWriteBarrier(SloppyTNode<Context> context, 1577 int slot_index, 1578 SloppyTNode<Object> value); 1579 TNode<NativeContext> LoadNativeContext(SloppyTNode<Context> context); 1580 // Calling this is only valid if there's a module context in the chain. 1581 TNode<Context> LoadModuleContext(SloppyTNode<Context> context); 1582 GotoIfContextElementEqual(SloppyTNode<Object> value,TNode<NativeContext> native_context,int slot_index,Label * if_equal)1583 void GotoIfContextElementEqual(SloppyTNode<Object> value, 1584 TNode<NativeContext> native_context, 1585 int slot_index, Label* if_equal) { 1586 GotoIf(TaggedEqual(value, LoadContextElement(native_context, slot_index)), 1587 if_equal); 1588 } 1589 1590 TNode<Map> LoadJSArrayElementsMap(ElementsKind kind, 1591 SloppyTNode<NativeContext> native_context); 1592 TNode<Map> LoadJSArrayElementsMap(SloppyTNode<Int32T> kind, 1593 SloppyTNode<NativeContext> native_context); 1594 1595 TNode<BoolT> IsJSFunctionWithPrototypeSlot(TNode<HeapObject> object); 1596 TNode<BoolT> IsGeneratorFunction(TNode<JSFunction> function); 1597 void BranchIfHasPrototypeProperty(TNode<JSFunction> function, 1598 TNode<Int32T> function_map_bit_field, 1599 Label* if_true, Label* if_false); 1600 void GotoIfPrototypeRequiresRuntimeLookup(TNode<JSFunction> function, 1601 TNode<Map> map, Label* runtime); 1602 // Load the "prototype" property of a JSFunction. 1603 TNode<HeapObject> LoadJSFunctionPrototype(TNode<JSFunction> function, 1604 Label* if_bailout); 1605 1606 TNode<BytecodeArray> LoadSharedFunctionInfoBytecodeArray( 1607 SloppyTNode<SharedFunctionInfo> shared); 1608 1609 void StoreObjectByteNoWriteBarrier(TNode<HeapObject> object, int offset, 1610 TNode<Word32T> value); 1611 1612 // Store the floating point value of a HeapNumber. 1613 void StoreHeapNumberValue(SloppyTNode<HeapNumber> object, 1614 SloppyTNode<Float64T> value); 1615 // Store a field to an object on the heap. 1616 void StoreObjectField(TNode<HeapObject> object, int offset, 1617 TNode<Object> value); 1618 void StoreObjectField(TNode<HeapObject> object, TNode<IntPtrT> offset, 1619 TNode<Object> value); 1620 template <class T> StoreObjectFieldNoWriteBarrier(TNode<HeapObject> object,SloppyTNode<IntPtrT> offset,TNode<T> value)1621 void StoreObjectFieldNoWriteBarrier(TNode<HeapObject> object, 1622 SloppyTNode<IntPtrT> offset, 1623 TNode<T> value) { 1624 int const_offset; 1625 if (ToInt32Constant(offset, &const_offset)) { 1626 return StoreObjectFieldNoWriteBarrier<T>(object, const_offset, value); 1627 } 1628 StoreNoWriteBarrier(MachineRepresentationOf<T>::value, object, 1629 IntPtrSub(offset, IntPtrConstant(kHeapObjectTag)), 1630 value); 1631 } 1632 template <class T> StoreObjectFieldNoWriteBarrier(TNode<HeapObject> object,int offset,TNode<T> value)1633 void StoreObjectFieldNoWriteBarrier(TNode<HeapObject> object, int offset, 1634 TNode<T> value) { 1635 if (CanBeTaggedPointer(MachineRepresentationOf<T>::value)) { 1636 OptimizedStoreFieldAssertNoWriteBarrier(MachineRepresentationOf<T>::value, 1637 object, offset, value); 1638 } else { 1639 OptimizedStoreFieldUnsafeNoWriteBarrier(MachineRepresentationOf<T>::value, 1640 object, offset, value); 1641 } 1642 } 1643 1644 void UnsafeStoreObjectFieldNoWriteBarrier(TNode<HeapObject> object, 1645 int offset, TNode<Object> value); 1646 1647 // Store the Map of an HeapObject. 1648 void StoreMap(TNode<HeapObject> object, TNode<Map> map); 1649 void StoreMapNoWriteBarrier(TNode<HeapObject> object, 1650 RootIndex map_root_index); 1651 void StoreMapNoWriteBarrier(TNode<HeapObject> object, TNode<Map> map); 1652 void StoreObjectFieldRoot(TNode<HeapObject> object, int offset, 1653 RootIndex root); 1654 // Store an array element to a FixedArray. 1655 void StoreFixedArrayElement( 1656 TNode<FixedArray> object, int index, SloppyTNode<Object> value, 1657 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 1658 CheckBounds check_bounds = CheckBounds::kAlways) { 1659 return StoreFixedArrayElement(object, IntPtrConstant(index), value, 1660 barrier_mode, 0, INTPTR_PARAMETERS, 1661 check_bounds); 1662 } 1663 // This doesn't emit a bounds-check. As part of the security-performance 1664 // tradeoff, only use it if it is performance critical. 1665 void UnsafeStoreFixedArrayElement( 1666 TNode<FixedArray> object, int index, SloppyTNode<Object> value, 1667 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER) { 1668 return StoreFixedArrayElement(object, index, value, barrier_mode, 1669 CheckBounds::kDebugOnly); 1670 } 1671 void UnsafeStoreFixedArrayElement( 1672 TNode<FixedArray> object, int index, TNode<Smi> value, 1673 WriteBarrierMode barrier_mode = SKIP_WRITE_BARRIER) { 1674 DCHECK_EQ(SKIP_WRITE_BARRIER, barrier_mode); 1675 return StoreFixedArrayElement(object, index, value, 1676 UNSAFE_SKIP_WRITE_BARRIER, 1677 CheckBounds::kDebugOnly); 1678 } 1679 void StoreFixedArrayElement(TNode<FixedArray> object, int index, 1680 TNode<Smi> value, 1681 CheckBounds check_bounds = CheckBounds::kAlways) { 1682 return StoreFixedArrayElement(object, IntPtrConstant(index), value, 1683 UNSAFE_SKIP_WRITE_BARRIER, 0, 1684 INTPTR_PARAMETERS, check_bounds); 1685 } 1686 // This doesn't emit a bounds-check. As part of the security-performance 1687 // tradeoff, only use it if it is performance critical. UnsafeStoreFixedArrayElement(TNode<FixedArray> object,int index,TNode<Smi> value)1688 void UnsafeStoreFixedArrayElement(TNode<FixedArray> object, int index, 1689 TNode<Smi> value) { 1690 return StoreFixedArrayElement(object, index, value, 1691 CheckBounds::kDebugOnly); 1692 } 1693 1694 void StoreFixedArrayElement( 1695 TNode<FixedArray> array, Node* index, SloppyTNode<Object> value, 1696 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 1697 int additional_offset = 0, 1698 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1699 CheckBounds check_bounds = CheckBounds::kAlways) { 1700 if (NeedsBoundsCheck(check_bounds)) { 1701 FixedArrayBoundsCheck(array, index, additional_offset, parameter_mode); 1702 } 1703 StoreFixedArrayOrPropertyArrayElement(array, index, value, barrier_mode, 1704 additional_offset, parameter_mode); 1705 } 1706 1707 // This doesn't emit a bounds-check. As part of the security-performance 1708 // tradeoff, only use it if it is performance critical. 1709 void UnsafeStoreFixedArrayElement( 1710 TNode<FixedArray> array, Node* index, SloppyTNode<Object> value, 1711 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 1712 int additional_offset = 0, 1713 ParameterMode parameter_mode = INTPTR_PARAMETERS) { 1714 return StoreFixedArrayElement(array, index, value, barrier_mode, 1715 additional_offset, parameter_mode, 1716 CheckBounds::kDebugOnly); 1717 } 1718 void UnsafeStoreFixedArrayElement( 1719 TNode<FixedArray> array, Node* index, TNode<Smi> value, 1720 WriteBarrierMode barrier_mode = SKIP_WRITE_BARRIER, 1721 int additional_offset = 0, 1722 ParameterMode parameter_mode = INTPTR_PARAMETERS) { 1723 DCHECK_EQ(SKIP_WRITE_BARRIER, barrier_mode); 1724 return StoreFixedArrayElement(array, index, value, 1725 UNSAFE_SKIP_WRITE_BARRIER, additional_offset, 1726 parameter_mode, CheckBounds::kDebugOnly); 1727 } 1728 1729 void StorePropertyArrayElement( 1730 TNode<PropertyArray> array, Node* index, SloppyTNode<Object> value, 1731 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 1732 int additional_offset = 0, 1733 ParameterMode parameter_mode = INTPTR_PARAMETERS) { 1734 StoreFixedArrayOrPropertyArrayElement(array, index, value, barrier_mode, 1735 additional_offset, parameter_mode); 1736 } 1737 1738 void StoreFixedArrayElement( 1739 TNode<FixedArray> array, TNode<Smi> index, TNode<Object> value, 1740 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER) { 1741 StoreFixedArrayElement(array, index, value, barrier_mode, 0, 1742 SMI_PARAMETERS); 1743 } 1744 void StoreFixedArrayElement( 1745 TNode<FixedArray> array, TNode<IntPtrT> index, TNode<Smi> value, 1746 WriteBarrierMode barrier_mode = SKIP_WRITE_BARRIER, 1747 int additional_offset = 0) { 1748 DCHECK_EQ(SKIP_WRITE_BARRIER, barrier_mode); 1749 StoreFixedArrayElement(array, index, TNode<Object>{value}, 1750 UNSAFE_SKIP_WRITE_BARRIER, additional_offset); 1751 } 1752 void StoreFixedArrayElement( 1753 TNode<FixedArray> array, TNode<Smi> index, TNode<Smi> value, 1754 WriteBarrierMode barrier_mode = SKIP_WRITE_BARRIER, 1755 int additional_offset = 0) { 1756 DCHECK_EQ(SKIP_WRITE_BARRIER, barrier_mode); 1757 StoreFixedArrayElement(array, index, TNode<Object>{value}, 1758 UNSAFE_SKIP_WRITE_BARRIER, additional_offset, 1759 SMI_PARAMETERS); 1760 } 1761 1762 void StoreFixedDoubleArrayElement( 1763 TNode<FixedDoubleArray> object, Node* index, TNode<Float64T> value, 1764 ParameterMode parameter_mode = INTPTR_PARAMETERS, 1765 CheckBounds check_bounds = CheckBounds::kAlways); 1766 // This doesn't emit a bounds-check. As part of the security-performance 1767 // tradeoff, only use it if it is performance critical. 1768 void UnsafeStoreFixedDoubleArrayElement( 1769 TNode<FixedDoubleArray> object, Node* index, TNode<Float64T> value, 1770 ParameterMode parameter_mode = INTPTR_PARAMETERS) { 1771 return StoreFixedDoubleArrayElement(object, index, value, parameter_mode, 1772 CheckBounds::kDebugOnly); 1773 } 1774 StoreFixedDoubleArrayElementSmi(TNode<FixedDoubleArray> object,TNode<Smi> index,TNode<Float64T> value)1775 void StoreFixedDoubleArrayElementSmi(TNode<FixedDoubleArray> object, 1776 TNode<Smi> index, 1777 TNode<Float64T> value) { 1778 StoreFixedDoubleArrayElement(object, index, value, SMI_PARAMETERS); 1779 } 1780 1781 void StoreDoubleHole(TNode<HeapObject> object, TNode<IntPtrT> offset); 1782 void StoreFixedDoubleArrayHole(TNode<FixedDoubleArray> array, Node* index, 1783 ParameterMode mode = INTPTR_PARAMETERS); StoreFixedDoubleArrayHoleSmi(TNode<FixedDoubleArray> array,TNode<Smi> index)1784 void StoreFixedDoubleArrayHoleSmi(TNode<FixedDoubleArray> array, 1785 TNode<Smi> index) { 1786 StoreFixedDoubleArrayHole(array, index, SMI_PARAMETERS); 1787 } 1788 1789 void StoreFeedbackVectorSlot( 1790 TNode<FeedbackVector> feedback_vector, TNode<UintPtrT> slot, 1791 TNode<AnyTaggedT> value, 1792 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 1793 int additional_offset = 0); 1794 1795 // EnsureArrayPushable verifies that receiver with this map is: 1796 // 1. Is not a prototype. 1797 // 2. Is not a dictionary. 1798 // 3. Has a writeable length property. 1799 // It returns ElementsKind as a node for further division into cases. 1800 TNode<Int32T> EnsureArrayPushable(TNode<Context> context, TNode<Map> map, 1801 Label* bailout); 1802 1803 void TryStoreArrayElement(ElementsKind kind, ParameterMode mode, 1804 Label* bailout, TNode<FixedArrayBase> elements, 1805 Node* index, TNode<Object> value); 1806 // Consumes args into the array, and returns tagged new length. 1807 TNode<Smi> BuildAppendJSArray(ElementsKind kind, TNode<JSArray> array, 1808 CodeStubArguments* args, 1809 TVariable<IntPtrT>* arg_index, Label* bailout); 1810 // Pushes value onto the end of array. 1811 void BuildAppendJSArray(ElementsKind kind, TNode<JSArray> array, 1812 TNode<Object> value, Label* bailout); 1813 1814 void StoreFieldsNoWriteBarrier(TNode<IntPtrT> start_address, 1815 TNode<IntPtrT> end_address, 1816 TNode<Object> value); 1817 1818 TNode<Cell> AllocateCellWithValue( 1819 TNode<Object> value, WriteBarrierMode mode = UPDATE_WRITE_BARRIER); 1820 TNode<Cell> AllocateSmiCell(int value = 0) { 1821 return AllocateCellWithValue(SmiConstant(value), SKIP_WRITE_BARRIER); 1822 } 1823 1824 TNode<Object> LoadCellValue(TNode<Cell> cell); 1825 1826 void StoreCellValue(TNode<Cell> cell, TNode<Object> value, 1827 WriteBarrierMode mode = UPDATE_WRITE_BARRIER); 1828 1829 // Allocate a HeapNumber without initializing its value. 1830 TNode<HeapNumber> AllocateHeapNumber(); 1831 // Allocate a HeapNumber with a specific value. 1832 TNode<HeapNumber> AllocateHeapNumberWithValue(SloppyTNode<Float64T> value); AllocateHeapNumberWithValue(double value)1833 TNode<HeapNumber> AllocateHeapNumberWithValue(double value) { 1834 return AllocateHeapNumberWithValue(Float64Constant(value)); 1835 } 1836 1837 // Allocate a BigInt with {length} digits. Sets the sign bit to {false}. 1838 // Does not initialize the digits. 1839 TNode<BigInt> AllocateBigInt(TNode<IntPtrT> length); 1840 // Like above, but allowing custom bitfield initialization. 1841 TNode<BigInt> AllocateRawBigInt(TNode<IntPtrT> length); 1842 void StoreBigIntBitfield(TNode<BigInt> bigint, TNode<Word32T> bitfield); 1843 void StoreBigIntDigit(TNode<BigInt> bigint, intptr_t digit_index, 1844 TNode<UintPtrT> digit); 1845 void StoreBigIntDigit(TNode<BigInt> bigint, TNode<IntPtrT> digit_index, 1846 TNode<UintPtrT> digit); 1847 1848 TNode<Word32T> LoadBigIntBitfield(TNode<BigInt> bigint); 1849 TNode<UintPtrT> LoadBigIntDigit(TNode<BigInt> bigint, intptr_t digit_index); 1850 TNode<UintPtrT> LoadBigIntDigit(TNode<BigInt> bigint, 1851 TNode<IntPtrT> digit_index); 1852 1853 // Allocate a ByteArray with the given length. 1854 TNode<ByteArray> AllocateByteArray(TNode<UintPtrT> length, 1855 AllocationFlags flags = kNone); 1856 1857 // Allocate a SeqOneByteString with the given length. 1858 TNode<String> AllocateSeqOneByteString(uint32_t length, 1859 AllocationFlags flags = kNone); 1860 using TorqueGeneratedExportedMacrosAssembler::AllocateSeqOneByteString; 1861 1862 // Allocate a SeqTwoByteString with the given length. 1863 TNode<String> AllocateSeqTwoByteString(uint32_t length, 1864 AllocationFlags flags = kNone); 1865 using TorqueGeneratedExportedMacrosAssembler::AllocateSeqTwoByteString; 1866 1867 // Allocate a SlicedOneByteString with the given length, parent and offset. 1868 // |length| and |offset| are expected to be tagged. 1869 1870 TNode<String> AllocateSlicedOneByteString(TNode<Uint32T> length, 1871 TNode<String> parent, 1872 TNode<Smi> offset); 1873 // Allocate a SlicedTwoByteString with the given length, parent and offset. 1874 // |length| and |offset| are expected to be tagged. 1875 TNode<String> AllocateSlicedTwoByteString(TNode<Uint32T> length, 1876 TNode<String> parent, 1877 TNode<Smi> offset); 1878 1879 TNode<NameDictionary> AllocateNameDictionary(int at_least_space_for); 1880 TNode<NameDictionary> AllocateNameDictionary( 1881 TNode<IntPtrT> at_least_space_for, AllocationFlags = kNone); 1882 TNode<NameDictionary> AllocateNameDictionaryWithCapacity( 1883 TNode<IntPtrT> capacity, AllocationFlags = kNone); 1884 TNode<NameDictionary> CopyNameDictionary(TNode<NameDictionary> dictionary, 1885 Label* large_object_fallback); 1886 1887 template <typename CollectionType> 1888 TNode<CollectionType> AllocateOrderedHashTable(); 1889 1890 TNode<JSObject> AllocateJSObjectFromMap( 1891 TNode<Map> map, 1892 base::Optional<TNode<HeapObject>> properties = base::nullopt, 1893 base::Optional<TNode<FixedArray>> elements = base::nullopt, 1894 AllocationFlags flags = kNone, 1895 SlackTrackingMode slack_tracking_mode = kNoSlackTracking); 1896 1897 void InitializeJSObjectFromMap( 1898 TNode<HeapObject> object, TNode<Map> map, TNode<IntPtrT> instance_size, 1899 base::Optional<TNode<HeapObject>> properties = base::nullopt, 1900 base::Optional<TNode<FixedArray>> elements = base::nullopt, 1901 SlackTrackingMode slack_tracking_mode = kNoSlackTracking); 1902 1903 void InitializeJSObjectBodyWithSlackTracking( 1904 SloppyTNode<HeapObject> object, SloppyTNode<Map> map, 1905 SloppyTNode<IntPtrT> instance_size); 1906 void InitializeJSObjectBodyNoSlackTracking( 1907 SloppyTNode<HeapObject> object, SloppyTNode<Map> map, 1908 SloppyTNode<IntPtrT> instance_size, 1909 int start_offset = JSObject::kHeaderSize); 1910 1911 TNode<BoolT> IsValidFastJSArrayCapacity(TNode<IntPtrT> capacity); 1912 1913 // 1914 // Allocate and return a JSArray with initialized header fields and its 1915 // uninitialized elements. 1916 // The ParameterMode argument is only used for the capacity parameter. 1917 std::pair<TNode<JSArray>, TNode<FixedArrayBase>> 1918 AllocateUninitializedJSArrayWithElements( 1919 ElementsKind kind, TNode<Map> array_map, TNode<Smi> length, 1920 TNode<AllocationSite> allocation_site, TNode<IntPtrT> capacity, 1921 AllocationFlags allocation_flags = kNone, 1922 int array_header_size = JSArray::kHeaderSize); 1923 1924 // Allocate a JSArray and fill elements with the hole. 1925 TNode<JSArray> AllocateJSArray(ElementsKind kind, TNode<Map> array_map, 1926 TNode<IntPtrT> capacity, TNode<Smi> length, 1927 TNode<AllocationSite> allocation_site, 1928 AllocationFlags allocation_flags = kNone); 1929 TNode<JSArray> AllocateJSArray(ElementsKind kind, TNode<Map> array_map, 1930 TNode<Smi> capacity, TNode<Smi> length, 1931 TNode<AllocationSite> allocation_site, 1932 AllocationFlags allocation_flags = kNone) { 1933 return AllocateJSArray(kind, array_map, SmiUntag(capacity), length, 1934 allocation_site, allocation_flags); 1935 } 1936 TNode<JSArray> AllocateJSArray(ElementsKind kind, TNode<Map> array_map, 1937 TNode<Smi> capacity, TNode<Smi> length, 1938 AllocationFlags allocation_flags = kNone) { 1939 return AllocateJSArray(kind, array_map, SmiUntag(capacity), length, {}, 1940 allocation_flags); 1941 } 1942 TNode<JSArray> AllocateJSArray(ElementsKind kind, TNode<Map> array_map, 1943 TNode<IntPtrT> capacity, TNode<Smi> length, 1944 AllocationFlags allocation_flags = kNone) { 1945 return AllocateJSArray(kind, array_map, capacity, length, {}, 1946 allocation_flags); 1947 } 1948 1949 // Allocate a JSArray and initialize the header fields. 1950 TNode<JSArray> AllocateJSArray(TNode<Map> array_map, 1951 TNode<FixedArrayBase> elements, 1952 TNode<Smi> length, 1953 TNode<AllocationSite> allocation_site = {}, 1954 int array_header_size = JSArray::kHeaderSize); 1955 1956 enum class HoleConversionMode { kDontConvert, kConvertToUndefined }; 1957 // Clone a fast JSArray |array| into a new fast JSArray. 1958 // |convert_holes| tells the function to convert holes into undefined or not. 1959 // If |convert_holes| is set to kConvertToUndefined, but the function did not 1960 // find any hole in |array|, the resulting array will have the same elements 1961 // kind as |array|. If the function did find a hole, it will convert holes in 1962 // |array| to undefined in the resulting array, who will now have 1963 // PACKED_ELEMENTS kind. 1964 // If |convert_holes| is set kDontConvert, holes are also copied to the 1965 // resulting array, who will have the same elements kind as |array|. The 1966 // function generates significantly less code in this case. 1967 TNode<JSArray> CloneFastJSArray( 1968 TNode<Context> context, TNode<JSArray> array, 1969 TNode<AllocationSite> allocation_site = {}, 1970 HoleConversionMode convert_holes = HoleConversionMode::kDontConvert); 1971 1972 TNode<JSArray> ExtractFastJSArray(TNode<Context> context, 1973 TNode<JSArray> array, Node* begin, 1974 Node* count, 1975 ParameterMode mode = INTPTR_PARAMETERS, 1976 Node* capacity = nullptr, 1977 TNode<AllocationSite> allocation_site = {}); 1978 1979 TNode<FixedArrayBase> AllocateFixedArray( 1980 ElementsKind kind, Node* capacity, ParameterMode mode = INTPTR_PARAMETERS, 1981 AllocationFlags flags = kNone, 1982 SloppyTNode<Map> fixed_array_map = nullptr); 1983 1984 TNode<FixedArrayBase> AllocateFixedArray( 1985 ElementsKind kind, TNode<IntPtrT> capacity, AllocationFlags flags, 1986 SloppyTNode<Map> fixed_array_map = nullptr) { 1987 return AllocateFixedArray(kind, capacity, INTPTR_PARAMETERS, flags, 1988 fixed_array_map); 1989 } 1990 1991 TNode<FixedArrayBase> AllocateFixedArray( 1992 ElementsKind kind, TNode<Smi> capacity, AllocationFlags flags, 1993 SloppyTNode<Map> fixed_array_map = nullptr) { 1994 return AllocateFixedArray(kind, capacity, SMI_PARAMETERS, flags, 1995 fixed_array_map); 1996 } 1997 1998 TNode<NativeContext> GetCreationContext(TNode<JSReceiver> receiver, 1999 Label* if_bailout); 2000 TNode<Object> GetConstructor(TNode<Map> map); 2001 2002 TNode<Map> GetInstanceTypeMap(InstanceType instance_type); 2003 AllocateUninitializedFixedArray(intptr_t capacity)2004 TNode<FixedArray> AllocateUninitializedFixedArray(intptr_t capacity) { 2005 return UncheckedCast<FixedArray>(AllocateFixedArray( 2006 PACKED_ELEMENTS, IntPtrConstant(capacity), AllocationFlag::kNone)); 2007 } 2008 AllocateZeroedFixedArray(TNode<IntPtrT> capacity)2009 TNode<FixedArray> AllocateZeroedFixedArray(TNode<IntPtrT> capacity) { 2010 TNode<FixedArray> result = UncheckedCast<FixedArray>( 2011 AllocateFixedArray(PACKED_ELEMENTS, capacity, 2012 AllocationFlag::kAllowLargeObjectAllocation)); 2013 FillFixedArrayWithSmiZero(result, capacity); 2014 return result; 2015 } 2016 AllocateZeroedFixedDoubleArray(TNode<IntPtrT> capacity)2017 TNode<FixedDoubleArray> AllocateZeroedFixedDoubleArray( 2018 TNode<IntPtrT> capacity) { 2019 TNode<FixedDoubleArray> result = UncheckedCast<FixedDoubleArray>( 2020 AllocateFixedArray(PACKED_DOUBLE_ELEMENTS, capacity, 2021 AllocationFlag::kAllowLargeObjectAllocation)); 2022 FillFixedDoubleArrayWithZero(result, capacity); 2023 return result; 2024 } 2025 AllocateFixedArrayWithHoles(TNode<IntPtrT> capacity,AllocationFlags flags)2026 TNode<FixedArray> AllocateFixedArrayWithHoles(TNode<IntPtrT> capacity, 2027 AllocationFlags flags) { 2028 TNode<FixedArray> result = UncheckedCast<FixedArray>( 2029 AllocateFixedArray(PACKED_ELEMENTS, capacity, flags)); 2030 FillFixedArrayWithValue(PACKED_ELEMENTS, result, IntPtrConstant(0), 2031 capacity, RootIndex::kTheHoleValue); 2032 return result; 2033 } 2034 AllocateFixedDoubleArrayWithHoles(TNode<IntPtrT> capacity,AllocationFlags flags)2035 TNode<FixedDoubleArray> AllocateFixedDoubleArrayWithHoles( 2036 TNode<IntPtrT> capacity, AllocationFlags flags) { 2037 TNode<FixedDoubleArray> result = UncheckedCast<FixedDoubleArray>( 2038 AllocateFixedArray(PACKED_DOUBLE_ELEMENTS, capacity, flags)); 2039 FillFixedArrayWithValue(PACKED_DOUBLE_ELEMENTS, result, IntPtrConstant(0), 2040 capacity, RootIndex::kTheHoleValue); 2041 return result; 2042 } 2043 2044 TNode<PropertyArray> AllocatePropertyArray( 2045 Node* capacity, ParameterMode mode = INTPTR_PARAMETERS, 2046 AllocationFlags flags = kNone); 2047 2048 // Perform CreateArrayIterator (ES #sec-createarrayiterator). 2049 TNode<JSArrayIterator> CreateArrayIterator(TNode<Context> context, 2050 TNode<Object> object, 2051 IterationKind mode); 2052 2053 // TODO(v8:9722): Return type should be JSIteratorResult 2054 TNode<JSObject> AllocateJSIteratorResult(SloppyTNode<Context> context, 2055 SloppyTNode<Object> value, 2056 SloppyTNode<Oddball> done); 2057 2058 // TODO(v8:9722): Return type should be JSIteratorResult 2059 TNode<JSObject> AllocateJSIteratorResultForEntry(TNode<Context> context, 2060 TNode<Object> key, 2061 SloppyTNode<Object> value); 2062 2063 TNode<JSReceiver> ArraySpeciesCreate(TNode<Context> context, 2064 TNode<Object> originalArray, 2065 TNode<Number> len); 2066 2067 void FillFixedArrayWithValue(ElementsKind kind, TNode<FixedArrayBase> array, 2068 Node* from_index, Node* to_index, 2069 RootIndex value_root_index, 2070 ParameterMode mode = INTPTR_PARAMETERS); 2071 2072 // Uses memset to effectively initialize the given FixedArray with zeroes. 2073 void FillFixedArrayWithSmiZero(TNode<FixedArray> array, 2074 TNode<IntPtrT> length); 2075 void FillFixedDoubleArrayWithZero(TNode<FixedDoubleArray> array, 2076 TNode<IntPtrT> length); 2077 2078 void FillPropertyArrayWithUndefined(TNode<PropertyArray> array, 2079 Node* from_index, Node* to_index, 2080 ParameterMode mode = INTPTR_PARAMETERS); 2081 2082 enum class DestroySource { kNo, kYes }; 2083 2084 // Collect the callable |maybe_target| feedback for either a CALL_IC or 2085 // an INSTANCEOF_IC in the |feedback_vector| at |slot_id|. There are 2086 // two modes for feedback collection: 2087 // 2088 // kCollectFeedbackCell - collect JSFunctions, but devolve to the 2089 // FeedbackCell as long as all JSFunctions 2090 // seen share the same one. 2091 // kDontCollectFeedbackCell - collect JSFunctions without devolving 2092 // to the FeedbackCell in case a 2093 // different JSFunction appears. Go directly 2094 // to the Megamorphic sentinel value in this 2095 // case. 2096 enum class CallableFeedbackMode { 2097 kCollectFeedbackCell, 2098 kDontCollectFeedbackCell 2099 }; 2100 void CollectCallableFeedback(TNode<Object> maybe_target, 2101 TNode<Context> context, 2102 TNode<FeedbackVector> feedback_vector, 2103 TNode<UintPtrT> slot_id, 2104 CallableFeedbackMode mode); 2105 2106 // Collect CALL_IC feedback for |maybe_target| function in the 2107 // |feedback_vector| at |slot_id|, and the call counts in 2108 // the |feedback_vector| at |slot_id+1|. 2109 void CollectCallFeedback(TNode<Object> maybe_target, TNode<Context> context, 2110 TNode<HeapObject> maybe_feedback_vector, 2111 TNode<UintPtrT> slot_id); 2112 2113 // Increment the call count for a CALL_IC or construct call. 2114 // The call count is located at feedback_vector[slot_id + 1]. 2115 void IncrementCallCount(TNode<FeedbackVector> feedback_vector, 2116 TNode<UintPtrT> slot_id); 2117 2118 // Specify DestroySource::kYes if {from_array} is being supplanted by 2119 // {to_array}. This offers a slight performance benefit by simply copying the 2120 // array word by word. The source may be destroyed at the end of this macro. 2121 // 2122 // Otherwise, specify DestroySource::kNo for operations where an Object is 2123 // being cloned, to ensure that mutable HeapNumbers are unique between the 2124 // source and cloned object. 2125 void CopyPropertyArrayValues(TNode<HeapObject> from_array, 2126 TNode<PropertyArray> to_array, Node* length, 2127 WriteBarrierMode barrier_mode, 2128 ParameterMode mode, 2129 DestroySource destroy_source); 2130 2131 // Copies all elements from |from_array| of |length| size to 2132 // |to_array| of the same size respecting the elements kind. 2133 void CopyFixedArrayElements( 2134 ElementsKind kind, TNode<FixedArrayBase> from_array, 2135 TNode<FixedArrayBase> to_array, Node* length, 2136 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 2137 ParameterMode mode = INTPTR_PARAMETERS) { 2138 CopyFixedArrayElements(kind, from_array, kind, to_array, 2139 IntPtrOrSmiConstant(0, mode), length, length, 2140 barrier_mode, mode); 2141 } 2142 2143 // Copies |element_count| elements from |from_array| starting from element 2144 // zero to |to_array| of |capacity| size respecting both array's elements 2145 // kinds. 2146 void CopyFixedArrayElements( 2147 ElementsKind from_kind, TNode<FixedArrayBase> from_array, 2148 ElementsKind to_kind, TNode<FixedArrayBase> to_array, 2149 TNode<IntPtrT> element_count, TNode<IntPtrT> capacity, 2150 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 2151 ParameterMode mode = INTPTR_PARAMETERS) { 2152 CopyFixedArrayElements(from_kind, from_array, to_kind, to_array, 2153 IntPtrOrSmiConstant(0, mode), element_count, 2154 capacity, barrier_mode, mode); 2155 } 2156 2157 // Copies |element_count| elements from |from_array| starting from element 2158 // |first_element| to |to_array| of |capacity| size respecting both array's 2159 // elements kinds. 2160 // |convert_holes| tells the function whether to convert holes to undefined. 2161 // |var_holes_converted| can be used to signify that the conversion happened 2162 // (i.e. that there were holes). If |convert_holes_to_undefined| is 2163 // HoleConversionMode::kConvertToUndefined, then it must not be the case that 2164 // IsDoubleElementsKind(to_kind). 2165 void CopyFixedArrayElements( 2166 ElementsKind from_kind, TNode<FixedArrayBase> from_array, 2167 ElementsKind to_kind, TNode<FixedArrayBase> to_array, Node* first_element, 2168 Node* element_count, Node* capacity, 2169 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 2170 ParameterMode mode = INTPTR_PARAMETERS, 2171 HoleConversionMode convert_holes = HoleConversionMode::kDontConvert, 2172 TVariable<BoolT>* var_holes_converted = nullptr); 2173 2174 void CopyFixedArrayElements( 2175 ElementsKind from_kind, TNode<FixedArrayBase> from_array, 2176 ElementsKind to_kind, TNode<FixedArrayBase> to_array, 2177 TNode<Smi> first_element, TNode<Smi> element_count, TNode<Smi> capacity, 2178 WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER) { 2179 CopyFixedArrayElements(from_kind, from_array, to_kind, to_array, 2180 first_element, element_count, capacity, barrier_mode, 2181 SMI_PARAMETERS); 2182 } 2183 2184 void JumpIfPointersFromHereAreInteresting(TNode<Object> object, 2185 Label* interesting); 2186 2187 // Efficiently copy elements within a single array. The regions 2188 // [src_index, src_index + length) and [dst_index, dst_index + length) 2189 // can be overlapping. 2190 void MoveElements(ElementsKind kind, TNode<FixedArrayBase> elements, 2191 TNode<IntPtrT> dst_index, TNode<IntPtrT> src_index, 2192 TNode<IntPtrT> length); 2193 2194 // Efficiently copy elements from one array to another. The ElementsKind 2195 // needs to be the same. Copy from src_elements at 2196 // [src_index, src_index + length) to dst_elements at 2197 // [dst_index, dst_index + length). 2198 // The function decides whether it can use memcpy. In case it cannot, 2199 // |write_barrier| can help it to skip write barrier. SKIP_WRITE_BARRIER is 2200 // only safe when copying to new space, or when copying to old space and the 2201 // array does not contain object pointers. 2202 void CopyElements(ElementsKind kind, TNode<FixedArrayBase> dst_elements, 2203 TNode<IntPtrT> dst_index, 2204 TNode<FixedArrayBase> src_elements, 2205 TNode<IntPtrT> src_index, TNode<IntPtrT> length, 2206 WriteBarrierMode write_barrier = UPDATE_WRITE_BARRIER); 2207 2208 TNode<FixedArray> HeapObjectToFixedArray(TNode<HeapObject> base, 2209 Label* cast_fail); 2210 HeapObjectToFixedDoubleArray(TNode<HeapObject> base,Label * cast_fail)2211 TNode<FixedDoubleArray> HeapObjectToFixedDoubleArray(TNode<HeapObject> base, 2212 Label* cast_fail) { 2213 GotoIf(TaggedNotEqual(LoadMap(base), FixedDoubleArrayMapConstant()), 2214 cast_fail); 2215 return UncheckedCast<FixedDoubleArray>(base); 2216 } 2217 HeapObjectToSloppyArgumentsElements(TNode<HeapObject> base,Label * cast_fail)2218 TNode<SloppyArgumentsElements> HeapObjectToSloppyArgumentsElements( 2219 TNode<HeapObject> base, Label* cast_fail) { 2220 GotoIf(TaggedNotEqual(LoadMap(base), SloppyArgumentsElementsMapConstant()), 2221 cast_fail); 2222 return UncheckedCast<SloppyArgumentsElements>(base); 2223 } 2224 ConvertElementsKindToInt(TNode<Int32T> elements_kind)2225 TNode<Int32T> ConvertElementsKindToInt(TNode<Int32T> elements_kind) { 2226 return UncheckedCast<Int32T>(elements_kind); 2227 } 2228 2229 enum class ExtractFixedArrayFlag { 2230 kFixedArrays = 1, 2231 kFixedDoubleArrays = 2, 2232 kDontCopyCOW = 4, 2233 kNewSpaceAllocationOnly = 8, 2234 kAllFixedArrays = kFixedArrays | kFixedDoubleArrays, 2235 kAllFixedArraysDontCopyCOW = kAllFixedArrays | kDontCopyCOW 2236 }; 2237 2238 using ExtractFixedArrayFlags = base::Flags<ExtractFixedArrayFlag>; 2239 2240 // Copy a portion of an existing FixedArray or FixedDoubleArray into a new 2241 // array, including special appropriate handling for empty arrays and COW 2242 // arrays. The result array will be of the same type as the original array. 2243 // 2244 // * |source| is either a FixedArray or FixedDoubleArray from which to copy 2245 // elements. 2246 // * |first| is the starting element index to copy from, if nullptr is passed 2247 // then index zero is used by default. 2248 // * |count| is the number of elements to copy out of the source array 2249 // starting from and including the element indexed by |start|. If |count| is 2250 // nullptr, then all of the elements from |start| to the end of |source| are 2251 // copied. 2252 // * |capacity| determines the size of the allocated result array, with 2253 // |capacity| >= |count|. If |capacity| is nullptr, then |count| is used as 2254 // the destination array's capacity. 2255 // * |extract_flags| determines whether FixedArrays, FixedDoubleArrays or both 2256 // are detected and copied. Although it's always correct to pass 2257 // kAllFixedArrays, the generated code is more compact and efficient if the 2258 // caller can specify whether only FixedArrays or FixedDoubleArrays will be 2259 // passed as the |source| parameter. 2260 // * |parameter_mode| determines the parameter mode of |first|, |count| and 2261 // |capacity|. 2262 // * If |var_holes_converted| is given, any holes will be converted to 2263 // undefined and the variable will be set according to whether or not there 2264 // were any hole. 2265 // * If |source_elements_kind| is given, the function will try to use the 2266 // runtime elements kind of source to make copy faster. More specifically, it 2267 // can skip write barriers. 2268 TNode<FixedArrayBase> ExtractFixedArray( 2269 TNode<FixedArrayBase> source, Node* first, Node* count = nullptr, 2270 Node* capacity = nullptr, 2271 ExtractFixedArrayFlags extract_flags = 2272 ExtractFixedArrayFlag::kAllFixedArrays, 2273 ParameterMode parameter_mode = INTPTR_PARAMETERS, 2274 TVariable<BoolT>* var_holes_converted = nullptr, 2275 base::Optional<TNode<Int32T>> source_elements_kind = base::nullopt); 2276 2277 TNode<FixedArrayBase> ExtractFixedArray( 2278 TNode<FixedArrayBase> source, TNode<Smi> first, TNode<Smi> count, 2279 TNode<Smi> capacity, 2280 ExtractFixedArrayFlags extract_flags = 2281 ExtractFixedArrayFlag::kAllFixedArrays) { 2282 return ExtractFixedArray(source, first, count, capacity, extract_flags, 2283 SMI_PARAMETERS); 2284 } 2285 2286 TNode<FixedArray> ExtractFixedArray( 2287 TNode<FixedArray> source, TNode<IntPtrT> first, TNode<IntPtrT> count, 2288 TNode<IntPtrT> capacity, 2289 ExtractFixedArrayFlags extract_flags = 2290 ExtractFixedArrayFlag::kAllFixedArrays) { 2291 return CAST(ExtractFixedArray(source, first, count, capacity, extract_flags, 2292 INTPTR_PARAMETERS)); 2293 } 2294 2295 // Copy a portion of an existing FixedArray or FixedDoubleArray into a new 2296 // FixedArray, including special appropriate handling for COW arrays. 2297 // * |source| is either a FixedArray or FixedDoubleArray from which to copy 2298 // elements. |source| is assumed to be non-empty. 2299 // * |first| is the starting element index to copy from. 2300 // * |count| is the number of elements to copy out of the source array 2301 // starting from and including the element indexed by |start|. 2302 // * |capacity| determines the size of the allocated result array, with 2303 // |capacity| >= |count|. 2304 // * |source_map| is the map of the |source|. 2305 // * |from_kind| is the elements kind that is consistent with |source| being 2306 // a FixedArray or FixedDoubleArray. This function only cares about double vs. 2307 // non-double, so as to distinguish FixedDoubleArray vs. FixedArray. It does 2308 // not care about holeyness. For example, when |source| is a FixedArray, 2309 // PACKED/HOLEY_ELEMENTS can be used, but not PACKED_DOUBLE_ELEMENTS. 2310 // * |allocation_flags| and |extract_flags| influence how the target 2311 // FixedArray is allocated. 2312 // * |parameter_mode| determines the parameter mode of |first|, |count| and 2313 // |capacity|. 2314 // * |convert_holes| is used to signify that the target array should use 2315 // undefined in places of holes. 2316 // * If |convert_holes| is true and |var_holes_converted| not nullptr, then 2317 // |var_holes_converted| is used to signal whether any holes were found and 2318 // converted. The caller should use this information to decide which map is 2319 // compatible with the result array. For example, if the input was of 2320 // HOLEY_SMI_ELEMENTS kind, and a conversion took place, the result will be 2321 // compatible only with HOLEY_ELEMENTS and PACKED_ELEMENTS. 2322 TNode<FixedArray> ExtractToFixedArray( 2323 SloppyTNode<FixedArrayBase> source, Node* first, Node* count, 2324 Node* capacity, SloppyTNode<Map> source_map, 2325 ElementsKind from_kind = PACKED_ELEMENTS, 2326 AllocationFlags allocation_flags = AllocationFlag::kNone, 2327 ExtractFixedArrayFlags extract_flags = 2328 ExtractFixedArrayFlag::kAllFixedArrays, 2329 ParameterMode parameter_mode = INTPTR_PARAMETERS, 2330 HoleConversionMode convert_holes = HoleConversionMode::kDontConvert, 2331 TVariable<BoolT>* var_holes_converted = nullptr, 2332 base::Optional<TNode<Int32T>> source_runtime_kind = base::nullopt); 2333 2334 // Attempt to copy a FixedDoubleArray to another FixedDoubleArray. In the case 2335 // where the source array has a hole, produce a FixedArray instead where holes 2336 // are replaced with undefined. 2337 // * |source| is a FixedDoubleArray from which to copy elements. 2338 // * |first| is the starting element index to copy from. 2339 // * |count| is the number of elements to copy out of the source array 2340 // starting from and including the element indexed by |start|. 2341 // * |capacity| determines the size of the allocated result array, with 2342 // |capacity| >= |count|. 2343 // * |source_map| is the map of |source|. It will be used as the map of the 2344 // target array if the target can stay a FixedDoubleArray. Otherwise if the 2345 // target array needs to be a FixedArray, the FixedArrayMap will be used. 2346 // * |var_holes_converted| is used to signal whether a FixedAray 2347 // is produced or not. 2348 // * |allocation_flags| and |extract_flags| influence how the target array is 2349 // allocated. 2350 // * |parameter_mode| determines the parameter mode of |first|, |count| and 2351 // |capacity|. 2352 TNode<FixedArrayBase> ExtractFixedDoubleArrayFillingHoles( 2353 TNode<FixedArrayBase> source, Node* first, Node* count, Node* capacity, 2354 TNode<Map> source_map, TVariable<BoolT>* var_holes_converted, 2355 AllocationFlags allocation_flags, 2356 ExtractFixedArrayFlags extract_flags = 2357 ExtractFixedArrayFlag::kAllFixedArrays, 2358 ParameterMode parameter_mode = INTPTR_PARAMETERS); 2359 2360 // Copy the entire contents of a FixedArray or FixedDoubleArray to a new 2361 // array, including special appropriate handling for empty arrays and COW 2362 // arrays. 2363 // 2364 // * |source| is either a FixedArray or FixedDoubleArray from which to copy 2365 // elements. 2366 // * |extract_flags| determines whether FixedArrays, FixedDoubleArrays or both 2367 // are detected and copied. Although it's always correct to pass 2368 // kAllFixedArrays, the generated code is more compact and efficient if the 2369 // caller can specify whether only FixedArrays or FixedDoubleArrays will be 2370 // passed as the |source| parameter. 2371 TNode<FixedArrayBase> CloneFixedArray( 2372 TNode<FixedArrayBase> source, 2373 ExtractFixedArrayFlags flags = 2374 ExtractFixedArrayFlag::kAllFixedArraysDontCopyCOW) { 2375 ParameterMode mode = OptimalParameterMode(); 2376 return ExtractFixedArray(source, IntPtrOrSmiConstant(0, mode), nullptr, 2377 nullptr, flags, mode); 2378 } 2379 2380 // Loads an element from |array| of |from_kind| elements by given |offset| 2381 // (NOTE: not index!), does a hole check if |if_hole| is provided and 2382 // converts the value so that it becomes ready for storing to array of 2383 // |to_kind| elements. 2384 Node* LoadElementAndPrepareForStore(Node* array, Node* offset, 2385 ElementsKind from_kind, 2386 ElementsKind to_kind, Label* if_hole); 2387 2388 Node* CalculateNewElementsCapacity(Node* old_capacity, 2389 ParameterMode mode = INTPTR_PARAMETERS); 2390 CalculateNewElementsCapacity(TNode<Smi> old_capacity)2391 TNode<Smi> CalculateNewElementsCapacity(TNode<Smi> old_capacity) { 2392 return CAST(CalculateNewElementsCapacity(old_capacity, SMI_PARAMETERS)); 2393 } CalculateNewElementsCapacity(TNode<IntPtrT> old_capacity)2394 TNode<IntPtrT> CalculateNewElementsCapacity(TNode<IntPtrT> old_capacity) { 2395 return UncheckedCast<IntPtrT>( 2396 CalculateNewElementsCapacity(old_capacity, INTPTR_PARAMETERS)); 2397 } 2398 2399 // Tries to grow the |elements| array of given |object| to store the |key| 2400 // or bails out if the growing gap is too big. Returns new elements. 2401 TNode<FixedArrayBase> TryGrowElementsCapacity(TNode<HeapObject> object, 2402 TNode<FixedArrayBase> elements, 2403 ElementsKind kind, 2404 TNode<Smi> key, Label* bailout); 2405 2406 // Tries to grow the |capacity|-length |elements| array of given |object| 2407 // to store the |key| or bails out if the growing gap is too big. Returns 2408 // new elements. 2409 TNode<FixedArrayBase> TryGrowElementsCapacity(TNode<HeapObject> object, 2410 TNode<FixedArrayBase> elements, 2411 ElementsKind kind, Node* key, 2412 Node* capacity, 2413 ParameterMode mode, 2414 Label* bailout); 2415 2416 // Grows elements capacity of given object. Returns new elements. 2417 TNode<FixedArrayBase> GrowElementsCapacity( 2418 TNode<HeapObject> object, TNode<FixedArrayBase> elements, 2419 ElementsKind from_kind, ElementsKind to_kind, Node* capacity, 2420 Node* new_capacity, ParameterMode mode, Label* bailout); 2421 2422 // Given a need to grow by |growth|, allocate an appropriate new capacity 2423 // if necessary, and return a new elements FixedArray object. Label |bailout| 2424 // is followed for allocation failure. 2425 void PossiblyGrowElementsCapacity(ParameterMode mode, ElementsKind kind, 2426 TNode<HeapObject> array, Node* length, 2427 TVariable<FixedArrayBase>* var_elements, 2428 Node* growth, Label* bailout); 2429 2430 // Allocation site manipulation 2431 void InitializeAllocationMemento(TNode<HeapObject> base, 2432 TNode<IntPtrT> base_allocation_size, 2433 TNode<AllocationSite> allocation_site); 2434 2435 TNode<Float64T> TryTaggedToFloat64(TNode<Object> value, 2436 Label* if_valueisnotnumber); 2437 TNode<Float64T> TruncateTaggedToFloat64(SloppyTNode<Context> context, 2438 SloppyTNode<Object> value); 2439 TNode<Word32T> TruncateTaggedToWord32(SloppyTNode<Context> context, 2440 SloppyTNode<Object> value); 2441 void TaggedToWord32OrBigInt(TNode<Context> context, TNode<Object> value, 2442 Label* if_number, TVariable<Word32T>* var_word32, 2443 Label* if_bigint, 2444 TVariable<BigInt>* var_maybe_bigint); 2445 void TaggedToWord32OrBigIntWithFeedback(TNode<Context> context, 2446 TNode<Object> value, Label* if_number, 2447 TVariable<Word32T>* var_word32, 2448 Label* if_bigint, 2449 TVariable<BigInt>* var_maybe_bigint, 2450 TVariable<Smi>* var_feedback); 2451 2452 // Truncate the floating point value of a HeapNumber to an Int32. 2453 TNode<Int32T> TruncateHeapNumberValueToWord32(TNode<HeapNumber> object); 2454 2455 // Conversions. 2456 void TryHeapNumberToSmi(TNode<HeapNumber> number, TVariable<Smi>* output, 2457 Label* if_smi); 2458 void TryFloat64ToSmi(TNode<Float64T> number, TVariable<Smi>* output, 2459 Label* if_smi); 2460 TNode<Number> ChangeFloat64ToTagged(SloppyTNode<Float64T> value); 2461 TNode<Number> ChangeInt32ToTagged(SloppyTNode<Int32T> value); 2462 TNode<Number> ChangeUint32ToTagged(SloppyTNode<Uint32T> value); 2463 TNode<Number> ChangeUintPtrToTagged(TNode<UintPtrT> value); 2464 TNode<Uint32T> ChangeNumberToUint32(TNode<Number> value); 2465 TNode<Float64T> ChangeNumberToFloat64(TNode<Number> value); 2466 2467 void TaggedToNumeric(TNode<Context> context, TNode<Object> value, 2468 TVariable<Numeric>* var_numeric); 2469 void TaggedToNumericWithFeedback(TNode<Context> context, TNode<Object> value, 2470 TVariable<Numeric>* var_numeric, 2471 TVariable<Smi>* var_feedback); 2472 2473 TNode<WordT> TimesSystemPointerSize(SloppyTNode<WordT> value); TimesSystemPointerSize(TNode<IntPtrT> value)2474 TNode<IntPtrT> TimesSystemPointerSize(TNode<IntPtrT> value) { 2475 return Signed(TimesSystemPointerSize(implicit_cast<TNode<WordT>>(value))); 2476 } TimesSystemPointerSize(TNode<UintPtrT> value)2477 TNode<UintPtrT> TimesSystemPointerSize(TNode<UintPtrT> value) { 2478 return Unsigned(TimesSystemPointerSize(implicit_cast<TNode<WordT>>(value))); 2479 } 2480 2481 TNode<WordT> TimesTaggedSize(SloppyTNode<WordT> value); TimesTaggedSize(TNode<IntPtrT> value)2482 TNode<IntPtrT> TimesTaggedSize(TNode<IntPtrT> value) { 2483 return Signed(TimesTaggedSize(implicit_cast<TNode<WordT>>(value))); 2484 } TimesTaggedSize(TNode<UintPtrT> value)2485 TNode<UintPtrT> TimesTaggedSize(TNode<UintPtrT> value) { 2486 return Unsigned(TimesTaggedSize(implicit_cast<TNode<WordT>>(value))); 2487 } 2488 2489 TNode<WordT> TimesDoubleSize(SloppyTNode<WordT> value); TimesDoubleSize(TNode<UintPtrT> value)2490 TNode<UintPtrT> TimesDoubleSize(TNode<UintPtrT> value) { 2491 return Unsigned(TimesDoubleSize(implicit_cast<TNode<WordT>>(value))); 2492 } TimesDoubleSize(TNode<IntPtrT> value)2493 TNode<IntPtrT> TimesDoubleSize(TNode<IntPtrT> value) { 2494 return Signed(TimesDoubleSize(implicit_cast<TNode<WordT>>(value))); 2495 } 2496 2497 // Type conversions. 2498 // Throws a TypeError for {method_name} if {value} is not coercible to Object, 2499 // or returns the {value} converted to a String otherwise. 2500 TNode<String> ToThisString(TNode<Context> context, TNode<Object> value, 2501 TNode<String> method_name); ToThisString(TNode<Context> context,TNode<Object> value,char const * method_name)2502 TNode<String> ToThisString(TNode<Context> context, TNode<Object> value, 2503 char const* method_name) { 2504 return ToThisString(context, value, StringConstant(method_name)); 2505 } 2506 2507 // Throws a TypeError for {method_name} if {value} is neither of the given 2508 // {primitive_type} nor a JSPrimitiveWrapper wrapping a value of 2509 // {primitive_type}, or returns the {value} (or wrapped value) otherwise. 2510 TNode<Object> ToThisValue(TNode<Context> context, TNode<Object> value, 2511 PrimitiveType primitive_type, 2512 char const* method_name); 2513 2514 // Throws a TypeError for {method_name} if {value} is not of the given 2515 // instance type. 2516 void ThrowIfNotInstanceType(TNode<Context> context, TNode<Object> value, 2517 InstanceType instance_type, 2518 char const* method_name); 2519 // Throws a TypeError for {method_name} if {value} is not a JSReceiver. 2520 void ThrowIfNotJSReceiver(TNode<Context> context, TNode<Object> value, 2521 MessageTemplate msg_template, 2522 const char* method_name); 2523 void ThrowIfNotCallable(TNode<Context> context, TNode<Object> value, 2524 const char* method_name); 2525 2526 void ThrowRangeError(TNode<Context> context, MessageTemplate message, 2527 base::Optional<TNode<Object>> arg0 = base::nullopt, 2528 base::Optional<TNode<Object>> arg1 = base::nullopt, 2529 base::Optional<TNode<Object>> arg2 = base::nullopt); 2530 void ThrowTypeError(TNode<Context> context, MessageTemplate message, 2531 char const* arg0 = nullptr, char const* arg1 = nullptr); 2532 void ThrowTypeError(TNode<Context> context, MessageTemplate message, 2533 base::Optional<TNode<Object>> arg0, 2534 base::Optional<TNode<Object>> arg1 = base::nullopt, 2535 base::Optional<TNode<Object>> arg2 = base::nullopt); 2536 2537 // Type checks. 2538 // Check whether the map is for an object with special properties, such as a 2539 // JSProxy or an object with interceptors. 2540 TNode<BoolT> InstanceTypeEqual(SloppyTNode<Int32T> instance_type, int type); 2541 TNode<BoolT> IsAccessorInfo(SloppyTNode<HeapObject> object); 2542 TNode<BoolT> IsAccessorPair(SloppyTNode<HeapObject> object); 2543 TNode<BoolT> IsAllocationSite(SloppyTNode<HeapObject> object); 2544 TNode<BoolT> IsNoElementsProtectorCellInvalid(); 2545 TNode<BoolT> IsArrayIteratorProtectorCellInvalid(); 2546 TNode<BoolT> IsBigIntInstanceType(SloppyTNode<Int32T> instance_type); 2547 TNode<BoolT> IsBigInt(SloppyTNode<HeapObject> object); 2548 TNode<BoolT> IsBoolean(SloppyTNode<HeapObject> object); 2549 TNode<BoolT> IsCallableMap(SloppyTNode<Map> map); 2550 TNode<BoolT> IsCallable(SloppyTNode<HeapObject> object); 2551 TNode<BoolT> TaggedIsCallable(TNode<Object> object); 2552 TNode<BoolT> IsCell(SloppyTNode<HeapObject> object); 2553 TNode<BoolT> IsCode(SloppyTNode<HeapObject> object); 2554 TNode<BoolT> IsConsStringInstanceType(SloppyTNode<Int32T> instance_type); 2555 TNode<BoolT> IsConstructorMap(SloppyTNode<Map> map); 2556 TNode<BoolT> IsConstructor(SloppyTNode<HeapObject> object); 2557 TNode<BoolT> IsCoverageInfo(TNode<HeapObject> object); 2558 TNode<BoolT> IsDebugInfo(TNode<HeapObject> object); 2559 TNode<BoolT> IsDeprecatedMap(SloppyTNode<Map> map); 2560 TNode<BoolT> IsNameDictionary(SloppyTNode<HeapObject> object); 2561 TNode<BoolT> IsGlobalDictionary(SloppyTNode<HeapObject> object); 2562 TNode<BoolT> IsExtensibleMap(SloppyTNode<Map> map); 2563 TNode<BoolT> IsExtensibleNonPrototypeMap(TNode<Map> map); 2564 TNode<BoolT> IsExternalStringInstanceType(SloppyTNode<Int32T> instance_type); 2565 TNode<BoolT> IsFeedbackCell(SloppyTNode<HeapObject> object); 2566 TNode<BoolT> IsFeedbackVector(SloppyTNode<HeapObject> object); 2567 TNode<BoolT> IsContext(SloppyTNode<HeapObject> object); 2568 TNode<BoolT> IsFixedArray(SloppyTNode<HeapObject> object); 2569 TNode<BoolT> IsFixedArraySubclass(SloppyTNode<HeapObject> object); 2570 TNode<BoolT> IsFixedArrayWithKind(SloppyTNode<HeapObject> object, 2571 ElementsKind kind); 2572 TNode<BoolT> IsFixedArrayWithKindOrEmpty(SloppyTNode<FixedArrayBase> object, 2573 ElementsKind kind); 2574 TNode<BoolT> IsFixedDoubleArray(SloppyTNode<HeapObject> object); 2575 TNode<BoolT> IsFunctionWithPrototypeSlotMap(SloppyTNode<Map> map); 2576 TNode<BoolT> IsHashTable(SloppyTNode<HeapObject> object); 2577 TNode<BoolT> IsEphemeronHashTable(SloppyTNode<HeapObject> object); 2578 TNode<BoolT> IsHeapNumber(SloppyTNode<HeapObject> object); 2579 TNode<BoolT> IsHeapNumberInstanceType(SloppyTNode<Int32T> instance_type); 2580 TNode<BoolT> IsOddball(SloppyTNode<HeapObject> object); 2581 TNode<BoolT> IsOddballInstanceType(SloppyTNode<Int32T> instance_type); 2582 TNode<BoolT> IsIndirectStringInstanceType(SloppyTNode<Int32T> instance_type); 2583 TNode<BoolT> IsJSArrayBuffer(SloppyTNode<HeapObject> object); 2584 TNode<BoolT> IsJSDataView(TNode<HeapObject> object); 2585 TNode<BoolT> IsJSArrayInstanceType(SloppyTNode<Int32T> instance_type); 2586 TNode<BoolT> IsJSArrayMap(SloppyTNode<Map> map); 2587 TNode<BoolT> IsJSArray(SloppyTNode<HeapObject> object); 2588 TNode<BoolT> IsJSArrayIterator(SloppyTNode<HeapObject> object); 2589 TNode<BoolT> IsJSAsyncGeneratorObject(SloppyTNode<HeapObject> object); 2590 TNode<BoolT> IsJSFunctionInstanceType(SloppyTNode<Int32T> instance_type); 2591 TNode<BoolT> IsAllocationSiteInstanceType(SloppyTNode<Int32T> instance_type); 2592 TNode<BoolT> IsJSFunctionMap(SloppyTNode<Map> map); 2593 TNode<BoolT> IsJSFunction(SloppyTNode<HeapObject> object); 2594 TNode<BoolT> IsJSBoundFunction(SloppyTNode<HeapObject> object); 2595 TNode<BoolT> IsJSGeneratorObject(TNode<HeapObject> object); 2596 TNode<BoolT> IsJSGlobalProxyInstanceType(SloppyTNode<Int32T> instance_type); 2597 TNode<BoolT> IsJSGlobalProxyMap(SloppyTNode<Map> map); 2598 TNode<BoolT> IsJSGlobalProxy(SloppyTNode<HeapObject> object); 2599 TNode<BoolT> IsJSObjectInstanceType(SloppyTNode<Int32T> instance_type); 2600 TNode<BoolT> IsJSObjectMap(SloppyTNode<Map> map); 2601 TNode<BoolT> IsJSObject(SloppyTNode<HeapObject> object); 2602 TNode<BoolT> IsJSPromiseMap(SloppyTNode<Map> map); 2603 TNode<BoolT> IsJSPromise(SloppyTNode<HeapObject> object); 2604 TNode<BoolT> IsJSProxy(SloppyTNode<HeapObject> object); 2605 TNode<BoolT> IsJSStringIterator(SloppyTNode<HeapObject> object); 2606 TNode<BoolT> IsJSRegExpStringIterator(SloppyTNode<HeapObject> object); 2607 TNode<BoolT> IsJSReceiverInstanceType(SloppyTNode<Int32T> instance_type); 2608 TNode<BoolT> IsJSReceiverMap(SloppyTNode<Map> map); 2609 TNode<BoolT> IsJSReceiver(SloppyTNode<HeapObject> object); 2610 TNode<BoolT> IsJSRegExp(SloppyTNode<HeapObject> object); 2611 TNode<BoolT> IsJSTypedArrayInstanceType(SloppyTNode<Int32T> instance_type); 2612 TNode<BoolT> IsJSTypedArrayMap(SloppyTNode<Map> map); 2613 TNode<BoolT> IsJSTypedArray(SloppyTNode<HeapObject> object); 2614 TNode<BoolT> IsJSGeneratorMap(TNode<Map> map); 2615 TNode<BoolT> IsJSPrimitiveWrapperInstanceType( 2616 SloppyTNode<Int32T> instance_type); 2617 TNode<BoolT> IsJSPrimitiveWrapperMap(SloppyTNode<Map> map); 2618 TNode<BoolT> IsJSPrimitiveWrapper(SloppyTNode<HeapObject> object); 2619 TNode<BoolT> IsMap(SloppyTNode<HeapObject> object); 2620 TNode<BoolT> IsName(SloppyTNode<HeapObject> object); 2621 TNode<BoolT> IsNameInstanceType(SloppyTNode<Int32T> instance_type); 2622 TNode<BoolT> IsNativeContext(SloppyTNode<HeapObject> object); 2623 TNode<BoolT> IsNullOrJSReceiver(SloppyTNode<HeapObject> object); 2624 TNode<BoolT> IsNullOrUndefined(SloppyTNode<Object> object); 2625 TNode<BoolT> IsNumberDictionary(SloppyTNode<HeapObject> object); 2626 TNode<BoolT> IsOneByteStringInstanceType(TNode<Int32T> instance_type); 2627 TNode<BoolT> IsPrimitiveInstanceType(SloppyTNode<Int32T> instance_type); 2628 TNode<BoolT> IsPrivateSymbol(SloppyTNode<HeapObject> object); 2629 TNode<BoolT> IsPrivateName(SloppyTNode<Symbol> symbol); 2630 TNode<BoolT> IsPromiseCapability(SloppyTNode<HeapObject> object); 2631 TNode<BoolT> IsPropertyArray(SloppyTNode<HeapObject> object); 2632 TNode<BoolT> IsPropertyCell(SloppyTNode<HeapObject> object); 2633 TNode<BoolT> IsPromiseReaction(SloppyTNode<HeapObject> object); 2634 TNode<BoolT> IsPromiseReactionJobTask(TNode<HeapObject> object); 2635 TNode<BoolT> IsPromiseRejectReactionJobTask(SloppyTNode<HeapObject> object); 2636 TNode<BoolT> IsPromiseFulfillReactionJobTask(SloppyTNode<HeapObject> object); 2637 TNode<BoolT> IsPrototypeInitialArrayPrototype(SloppyTNode<Context> context, 2638 SloppyTNode<Map> map); 2639 TNode<BoolT> IsPrototypeTypedArrayPrototype(SloppyTNode<Context> context, 2640 SloppyTNode<Map> map); 2641 2642 TNode<BoolT> IsFastAliasedArgumentsMap(TNode<Context> context, 2643 TNode<Map> map); 2644 TNode<BoolT> IsSlowAliasedArgumentsMap(TNode<Context> context, 2645 TNode<Map> map); 2646 TNode<BoolT> IsSloppyArgumentsMap(TNode<Context> context, TNode<Map> map); 2647 TNode<BoolT> IsStrictArgumentsMap(TNode<Context> context, TNode<Map> map); 2648 2649 TNode<BoolT> IsSequentialStringInstanceType( 2650 SloppyTNode<Int32T> instance_type); 2651 TNode<BoolT> IsUncachedExternalStringInstanceType( 2652 SloppyTNode<Int32T> instance_type); 2653 TNode<BoolT> IsSpecialReceiverInstanceType(TNode<Int32T> instance_type); 2654 TNode<BoolT> IsCustomElementsReceiverInstanceType( 2655 TNode<Int32T> instance_type); 2656 TNode<BoolT> IsSpecialReceiverMap(SloppyTNode<Map> map); 2657 // Returns true if the map corresponds to non-special fast or dictionary 2658 // object. 2659 TNode<BoolT> IsSimpleObjectMap(TNode<Map> map); 2660 TNode<BoolT> IsStringInstanceType(SloppyTNode<Int32T> instance_type); 2661 TNode<BoolT> IsString(SloppyTNode<HeapObject> object); 2662 TNode<BoolT> IsSymbolInstanceType(SloppyTNode<Int32T> instance_type); 2663 TNode<BoolT> IsSymbol(SloppyTNode<HeapObject> object); 2664 TNode<BoolT> IsInternalizedStringInstanceType(TNode<Int32T> instance_type); 2665 TNode<BoolT> IsUniqueName(TNode<HeapObject> object); 2666 TNode<BoolT> IsUniqueNameNoIndex(TNode<HeapObject> object); 2667 TNode<BoolT> IsUniqueNameNoCachedIndex(TNode<HeapObject> object); 2668 TNode<BoolT> IsUndetectableMap(SloppyTNode<Map> map); 2669 TNode<BoolT> IsNotWeakFixedArraySubclass(SloppyTNode<HeapObject> object); 2670 TNode<BoolT> IsZeroOrContext(SloppyTNode<Object> object); 2671 IsSharedFunctionInfo(TNode<HeapObject> object)2672 inline TNode<BoolT> IsSharedFunctionInfo(TNode<HeapObject> object) { 2673 return IsSharedFunctionInfoMap(LoadMap(object)); 2674 } 2675 2676 TNode<BoolT> IsPromiseResolveProtectorCellInvalid(); 2677 TNode<BoolT> IsPromiseThenProtectorCellInvalid(); 2678 TNode<BoolT> IsArraySpeciesProtectorCellInvalid(); 2679 TNode<BoolT> IsTypedArraySpeciesProtectorCellInvalid(); 2680 TNode<BoolT> IsRegExpSpeciesProtectorCellInvalid(); 2681 TNode<BoolT> IsPromiseSpeciesProtectorCellInvalid(); 2682 IsMockArrayBufferAllocatorFlag()2683 TNode<BoolT> IsMockArrayBufferAllocatorFlag() { 2684 TNode<Word32T> flag_value = UncheckedCast<Word32T>(Load( 2685 MachineType::Uint8(), 2686 ExternalConstant( 2687 ExternalReference::address_of_mock_arraybuffer_allocator_flag()))); 2688 return Word32NotEqual(Word32And(flag_value, Int32Constant(0xFF)), 2689 Int32Constant(0)); 2690 } 2691 2692 // True iff |object| is a Smi or a HeapNumber. 2693 TNode<BoolT> IsNumber(SloppyTNode<Object> object); 2694 // True iff |object| is a Smi or a HeapNumber or a BigInt. 2695 TNode<BoolT> IsNumeric(SloppyTNode<Object> object); 2696 2697 // True iff |number| is either a Smi, or a HeapNumber whose value is not 2698 // within Smi range. 2699 TNode<BoolT> IsNumberNormalized(SloppyTNode<Number> number); 2700 TNode<BoolT> IsNumberPositive(SloppyTNode<Number> number); 2701 TNode<BoolT> IsHeapNumberPositive(TNode<HeapNumber> number); 2702 2703 // True iff {number} is non-negative and less or equal than 2**53-1. 2704 TNode<BoolT> IsNumberNonNegativeSafeInteger(TNode<Number> number); 2705 2706 // True iff {number} represents an integer value. 2707 TNode<BoolT> IsInteger(TNode<Object> number); 2708 TNode<BoolT> IsInteger(TNode<HeapNumber> number); 2709 2710 // True iff abs({number}) <= 2**53 -1 2711 TNode<BoolT> IsSafeInteger(TNode<Object> number); 2712 TNode<BoolT> IsSafeInteger(TNode<HeapNumber> number); 2713 2714 // True iff {number} represents a valid uint32t value. 2715 TNode<BoolT> IsHeapNumberUint32(TNode<HeapNumber> number); 2716 2717 // True iff {number} is a positive number and a valid array index in the range 2718 // [0, 2^32-1). 2719 TNode<BoolT> IsNumberArrayIndex(TNode<Number> number); 2720 2721 TNode<BoolT> FixedArraySizeDoesntFitInNewSpace( 2722 Node* element_count, int base_size = FixedArray::kHeaderSize, 2723 ParameterMode mode = INTPTR_PARAMETERS); 2724 2725 // ElementsKind helpers: ElementsKindEqual(TNode<Int32T> a,TNode<Int32T> b)2726 TNode<BoolT> ElementsKindEqual(TNode<Int32T> a, TNode<Int32T> b) { 2727 return Word32Equal(a, b); 2728 } ElementsKindEqual(ElementsKind a,ElementsKind b)2729 bool ElementsKindEqual(ElementsKind a, ElementsKind b) { return a == b; } 2730 TNode<BoolT> IsFastElementsKind(TNode<Int32T> elements_kind); IsFastElementsKind(ElementsKind kind)2731 bool IsFastElementsKind(ElementsKind kind) { 2732 return v8::internal::IsFastElementsKind(kind); 2733 } IsDictionaryElementsKind(TNode<Int32T> elements_kind)2734 TNode<BoolT> IsDictionaryElementsKind(TNode<Int32T> elements_kind) { 2735 return ElementsKindEqual(elements_kind, Int32Constant(DICTIONARY_ELEMENTS)); 2736 } 2737 TNode<BoolT> IsDoubleElementsKind(TNode<Int32T> elements_kind); IsDoubleElementsKind(ElementsKind kind)2738 bool IsDoubleElementsKind(ElementsKind kind) { 2739 return v8::internal::IsDoubleElementsKind(kind); 2740 } 2741 TNode<BoolT> IsFastSmiOrTaggedElementsKind(TNode<Int32T> elements_kind); 2742 TNode<BoolT> IsFastSmiElementsKind(SloppyTNode<Int32T> elements_kind); 2743 TNode<BoolT> IsHoleyFastElementsKind(TNode<Int32T> elements_kind); 2744 TNode<BoolT> IsHoleyFastElementsKindForRead(TNode<Int32T> elements_kind); 2745 TNode<BoolT> IsElementsKindGreaterThan(TNode<Int32T> target_kind, 2746 ElementsKind reference_kind); 2747 TNode<BoolT> IsElementsKindLessThanOrEqual(TNode<Int32T> target_kind, 2748 ElementsKind reference_kind); 2749 // Check if lower_reference_kind <= target_kind <= higher_reference_kind. IsElementsKindInRange(TNode<Int32T> target_kind,ElementsKind lower_reference_kind,ElementsKind higher_reference_kind)2750 TNode<BoolT> IsElementsKindInRange(TNode<Int32T> target_kind, 2751 ElementsKind lower_reference_kind, 2752 ElementsKind higher_reference_kind) { 2753 return IsInRange(target_kind, lower_reference_kind, higher_reference_kind); 2754 } 2755 2756 // String helpers. 2757 // Load a character from a String (might flatten a ConsString). 2758 TNode<Int32T> StringCharCodeAt(TNode<String> string, TNode<UintPtrT> index); 2759 // Return the single character string with only {code}. 2760 TNode<String> StringFromSingleCharCode(TNode<Int32T> code); 2761 2762 // Type conversion helpers. 2763 enum class BigIntHandling { kConvertToNumber, kThrow }; 2764 // Convert a String to a Number. 2765 TNode<Number> StringToNumber(TNode<String> input); 2766 // Convert a Number to a String. 2767 TNode<String> NumberToString(TNode<Number> input); 2768 TNode<String> NumberToString(TNode<Number> input, Label* bailout); 2769 2770 // Convert a Non-Number object to a Number. 2771 TNode<Number> NonNumberToNumber( 2772 SloppyTNode<Context> context, SloppyTNode<HeapObject> input, 2773 BigIntHandling bigint_handling = BigIntHandling::kThrow); 2774 // Convert a Non-Number object to a Numeric. 2775 TNode<Numeric> NonNumberToNumeric(SloppyTNode<Context> context, 2776 SloppyTNode<HeapObject> input); 2777 // Convert any object to a Number. 2778 // Conforms to ES#sec-tonumber if {bigint_handling} == kThrow. 2779 // With {bigint_handling} == kConvertToNumber, matches behavior of 2780 // tc39.github.io/proposal-bigint/#sec-number-constructor-number-value. 2781 TNode<Number> ToNumber( 2782 SloppyTNode<Context> context, SloppyTNode<Object> input, 2783 BigIntHandling bigint_handling = BigIntHandling::kThrow); 2784 TNode<Number> ToNumber_Inline(SloppyTNode<Context> context, 2785 SloppyTNode<Object> input); 2786 2787 // Try to convert an object to a BigInt. Throws on failure (e.g. for Numbers). 2788 // https://tc39.github.io/proposal-bigint/#sec-to-bigint 2789 TNode<BigInt> ToBigInt(TNode<Context> context, TNode<Object> input); 2790 2791 // Converts |input| to one of 2^32 integer values in the range 0 through 2792 // 2^32-1, inclusive. 2793 // ES#sec-touint32 2794 TNode<Number> ToUint32(SloppyTNode<Context> context, 2795 SloppyTNode<Object> input); 2796 2797 // Convert any object to a String. 2798 TNode<String> ToString_Inline(SloppyTNode<Context> context, 2799 SloppyTNode<Object> input); 2800 2801 TNode<JSReceiver> ToObject(SloppyTNode<Context> context, 2802 SloppyTNode<Object> input); 2803 2804 // Same as ToObject but avoids the Builtin call if |input| is already a 2805 // JSReceiver. 2806 TNode<JSReceiver> ToObject_Inline(TNode<Context> context, 2807 TNode<Object> input); 2808 2809 // ES6 7.1.15 ToLength, but with inlined fast path. 2810 TNode<Number> ToLength_Inline(SloppyTNode<Context> context, 2811 SloppyTNode<Object> input); 2812 2813 // Returns a node that contains a decoded (unsigned!) value of a bit 2814 // field |BitField| in |word32|. Returns result as an uint32 node. 2815 template <typename BitField> DecodeWord32(SloppyTNode<Word32T> word32)2816 TNode<Uint32T> DecodeWord32(SloppyTNode<Word32T> word32) { 2817 return DecodeWord32(word32, BitField::kShift, BitField::kMask); 2818 } 2819 2820 // Returns a node that contains a decoded (unsigned!) value of a bit 2821 // field |BitField| in |word|. Returns result as a word-size node. 2822 template <typename BitField> DecodeWord(SloppyTNode<WordT> word)2823 TNode<UintPtrT> DecodeWord(SloppyTNode<WordT> word) { 2824 return DecodeWord(word, BitField::kShift, BitField::kMask); 2825 } 2826 2827 // Returns a node that contains a decoded (unsigned!) value of a bit 2828 // field |BitField| in |word32|. Returns result as a word-size node. 2829 template <typename BitField> DecodeWordFromWord32(SloppyTNode<Word32T> word32)2830 TNode<UintPtrT> DecodeWordFromWord32(SloppyTNode<Word32T> word32) { 2831 return DecodeWord<BitField>(ChangeUint32ToWord(word32)); 2832 } 2833 2834 // Returns a node that contains a decoded (unsigned!) value of a bit 2835 // field |BitField| in |word|. Returns result as an uint32 node. 2836 template <typename BitField> DecodeWord32FromWord(SloppyTNode<WordT> word)2837 TNode<Uint32T> DecodeWord32FromWord(SloppyTNode<WordT> word) { 2838 return UncheckedCast<Uint32T>( 2839 TruncateIntPtrToInt32(Signed(DecodeWord<BitField>(word)))); 2840 } 2841 2842 // Decodes an unsigned (!) value from |word32| to an uint32 node. 2843 TNode<Uint32T> DecodeWord32(SloppyTNode<Word32T> word32, uint32_t shift, 2844 uint32_t mask); 2845 2846 // Decodes an unsigned (!) value from |word| to a word-size node. 2847 TNode<UintPtrT> DecodeWord(SloppyTNode<WordT> word, uint32_t shift, 2848 uint32_t mask); 2849 2850 // Returns a node that contains the updated values of a |BitField|. 2851 template <typename BitField> UpdateWord32(TNode<Word32T> word,TNode<Uint32T> value)2852 TNode<Word32T> UpdateWord32(TNode<Word32T> word, TNode<Uint32T> value) { 2853 return UpdateWord32(word, value, BitField::kShift, BitField::kMask); 2854 } 2855 2856 // Returns a node that contains the updated values of a |BitField|. 2857 template <typename BitField> UpdateWord(TNode<WordT> word,TNode<UintPtrT> value)2858 TNode<WordT> UpdateWord(TNode<WordT> word, TNode<UintPtrT> value) { 2859 return UpdateWord(word, value, BitField::kShift, BitField::kMask); 2860 } 2861 2862 // Returns a node that contains the updated values of a |BitField|. 2863 template <typename BitField> UpdateWordInWord32(TNode<Word32T> word,TNode<UintPtrT> value)2864 TNode<Word32T> UpdateWordInWord32(TNode<Word32T> word, 2865 TNode<UintPtrT> value) { 2866 return UncheckedCast<Uint32T>(TruncateIntPtrToInt32( 2867 Signed(UpdateWord<BitField>(ChangeUint32ToWord(word), value)))); 2868 } 2869 2870 // Returns a node that contains the updated values of a |BitField|. 2871 template <typename BitField> UpdateWord32InWord(TNode<WordT> word,TNode<Uint32T> value)2872 TNode<WordT> UpdateWord32InWord(TNode<WordT> word, TNode<Uint32T> value) { 2873 return UpdateWord<BitField>(word, ChangeUint32ToWord(value)); 2874 } 2875 2876 // Returns a node that contains the updated {value} inside {word} starting 2877 // at {shift} and fitting in {mask}. 2878 TNode<Word32T> UpdateWord32(TNode<Word32T> word, TNode<Uint32T> value, 2879 uint32_t shift, uint32_t mask); 2880 2881 // Returns a node that contains the updated {value} inside {word} starting 2882 // at {shift} and fitting in {mask}. 2883 TNode<WordT> UpdateWord(TNode<WordT> word, TNode<UintPtrT> value, 2884 uint32_t shift, uint32_t mask); 2885 2886 // Returns true if any of the |T|'s bits in given |word32| are set. 2887 template <typename T> IsSetWord32(SloppyTNode<Word32T> word32)2888 TNode<BoolT> IsSetWord32(SloppyTNode<Word32T> word32) { 2889 return IsSetWord32(word32, T::kMask); 2890 } 2891 2892 // Returns true if any of the mask's bits in given |word32| are set. IsSetWord32(SloppyTNode<Word32T> word32,uint32_t mask)2893 TNode<BoolT> IsSetWord32(SloppyTNode<Word32T> word32, uint32_t mask) { 2894 return Word32NotEqual(Word32And(word32, Int32Constant(mask)), 2895 Int32Constant(0)); 2896 } 2897 2898 // Returns true if none of the mask's bits in given |word32| are set. IsNotSetWord32(SloppyTNode<Word32T> word32,uint32_t mask)2899 TNode<BoolT> IsNotSetWord32(SloppyTNode<Word32T> word32, uint32_t mask) { 2900 return Word32Equal(Word32And(word32, Int32Constant(mask)), 2901 Int32Constant(0)); 2902 } 2903 2904 // Returns true if all of the mask's bits in a given |word32| are set. IsAllSetWord32(SloppyTNode<Word32T> word32,uint32_t mask)2905 TNode<BoolT> IsAllSetWord32(SloppyTNode<Word32T> word32, uint32_t mask) { 2906 TNode<Int32T> const_mask = Int32Constant(mask); 2907 return Word32Equal(Word32And(word32, const_mask), const_mask); 2908 } 2909 2910 // Returns true if the bit field |BitField| in |word32| is equal to a given. 2911 // constant |value|. Avoids a shift compared to using DecodeWord32. 2912 template <typename BitField> IsEqualInWord32(TNode<Word32T> word32,typename BitField::FieldType value)2913 TNode<BoolT> IsEqualInWord32(TNode<Word32T> word32, 2914 typename BitField::FieldType value) { 2915 TNode<Word32T> masked_word32 = 2916 Word32And(word32, Int32Constant(BitField::kMask)); 2917 return Word32Equal(masked_word32, Int32Constant(BitField::encode(value))); 2918 } 2919 2920 // Returns true if any of the |T|'s bits in given |word| are set. 2921 template <typename T> IsSetWord(SloppyTNode<WordT> word)2922 TNode<BoolT> IsSetWord(SloppyTNode<WordT> word) { 2923 return IsSetWord(word, T::kMask); 2924 } 2925 2926 // Returns true if any of the mask's bits in given |word| are set. IsSetWord(SloppyTNode<WordT> word,uint32_t mask)2927 TNode<BoolT> IsSetWord(SloppyTNode<WordT> word, uint32_t mask) { 2928 return WordNotEqual(WordAnd(word, IntPtrConstant(mask)), IntPtrConstant(0)); 2929 } 2930 2931 // Returns true if any of the mask's bit are set in the given Smi. 2932 // Smi-encoding of the mask is performed implicitly! IsSetSmi(SloppyTNode<Smi> smi,int untagged_mask)2933 TNode<BoolT> IsSetSmi(SloppyTNode<Smi> smi, int untagged_mask) { 2934 intptr_t mask_word = bit_cast<intptr_t>(Smi::FromInt(untagged_mask)); 2935 return WordNotEqual(WordAnd(BitcastTaggedToWordForTagAndSmiBits(smi), 2936 IntPtrConstant(mask_word)), 2937 IntPtrConstant(0)); 2938 } 2939 2940 // Returns true if all of the |T|'s bits in given |word32| are clear. 2941 template <typename T> IsClearWord32(SloppyTNode<Word32T> word32)2942 TNode<BoolT> IsClearWord32(SloppyTNode<Word32T> word32) { 2943 return IsClearWord32(word32, T::kMask); 2944 } 2945 2946 // Returns true if all of the mask's bits in given |word32| are clear. IsClearWord32(SloppyTNode<Word32T> word32,uint32_t mask)2947 TNode<BoolT> IsClearWord32(SloppyTNode<Word32T> word32, uint32_t mask) { 2948 return Word32Equal(Word32And(word32, Int32Constant(mask)), 2949 Int32Constant(0)); 2950 } 2951 2952 // Returns true if all of the |T|'s bits in given |word| are clear. 2953 template <typename T> IsClearWord(SloppyTNode<WordT> word)2954 TNode<BoolT> IsClearWord(SloppyTNode<WordT> word) { 2955 return IsClearWord(word, T::kMask); 2956 } 2957 2958 // Returns true if all of the mask's bits in given |word| are clear. IsClearWord(SloppyTNode<WordT> word,uint32_t mask)2959 TNode<BoolT> IsClearWord(SloppyTNode<WordT> word, uint32_t mask) { 2960 return IntPtrEqual(WordAnd(word, IntPtrConstant(mask)), IntPtrConstant(0)); 2961 } 2962 2963 void SetCounter(StatsCounter* counter, int value); 2964 void IncrementCounter(StatsCounter* counter, int delta); 2965 void DecrementCounter(StatsCounter* counter, int delta); 2966 2967 template <typename TIndex> 2968 void Increment(TVariable<TIndex>* variable, int value = 1); 2969 2970 template <typename TIndex> 2971 void Decrement(TVariable<TIndex>* variable, int value = 1) { 2972 Increment(variable, -value); 2973 } 2974 2975 // Generates "if (false) goto label" code. Useful for marking a label as 2976 // "live" to avoid assertion failures during graph building. In the resulting 2977 // code this check will be eliminated. 2978 void Use(Label* label); 2979 2980 // Various building blocks for stubs doing property lookups. 2981 2982 // |if_notinternalized| is optional; |if_bailout| will be used by default. 2983 // Note: If |key| does not yet have a hash, |if_notinternalized| will be taken 2984 // even if |key| is an array index. |if_keyisunique| will never 2985 // be taken for array indices. 2986 void TryToName(SloppyTNode<Object> key, Label* if_keyisindex, 2987 TVariable<IntPtrT>* var_index, Label* if_keyisunique, 2988 TVariable<Name>* var_unique, Label* if_bailout, 2989 Label* if_notinternalized = nullptr); 2990 2991 // Performs a hash computation and string table lookup for the given string, 2992 // and jumps to: 2993 // - |if_index| if the string is an array index like "123"; |var_index| 2994 // will contain the intptr representation of that index. 2995 // - |if_internalized| if the string exists in the string table; the 2996 // internalized version will be in |var_internalized|. 2997 // - |if_not_internalized| if the string is not in the string table (but 2998 // does not add it). 2999 // - |if_bailout| for unsupported cases (e.g. uncachable array index). 3000 void TryInternalizeString(SloppyTNode<String> string, Label* if_index, 3001 TVariable<IntPtrT>* var_index, 3002 Label* if_internalized, 3003 TVariable<Name>* var_internalized, 3004 Label* if_not_internalized, Label* if_bailout); 3005 3006 // Calculates array index for given dictionary entry and entry field. 3007 // See Dictionary::EntryToIndex(). 3008 template <typename Dictionary> 3009 TNode<IntPtrT> EntryToIndex(TNode<IntPtrT> entry, int field_index); 3010 template <typename Dictionary> EntryToIndex(TNode<IntPtrT> entry)3011 TNode<IntPtrT> EntryToIndex(TNode<IntPtrT> entry) { 3012 return EntryToIndex<Dictionary>(entry, Dictionary::kEntryKeyIndex); 3013 } 3014 3015 // Loads the details for the entry with the given key_index. 3016 // Returns an untagged int32. 3017 template <class ContainerType> LoadDetailsByKeyIndex(TNode<ContainerType> container,TNode<IntPtrT> key_index)3018 TNode<Uint32T> LoadDetailsByKeyIndex(TNode<ContainerType> container, 3019 TNode<IntPtrT> key_index) { 3020 static_assert(!std::is_same<ContainerType, DescriptorArray>::value, 3021 "Use the non-templatized version for DescriptorArray"); 3022 const int kKeyToDetailsOffset = 3023 (ContainerType::kEntryDetailsIndex - ContainerType::kEntryKeyIndex) * 3024 kTaggedSize; 3025 return Unsigned(LoadAndUntagToWord32FixedArrayElement(container, key_index, 3026 kKeyToDetailsOffset)); 3027 } 3028 3029 // Loads the value for the entry with the given key_index. 3030 // Returns a tagged value. 3031 template <class ContainerType> LoadValueByKeyIndex(TNode<ContainerType> container,TNode<IntPtrT> key_index)3032 TNode<Object> LoadValueByKeyIndex(TNode<ContainerType> container, 3033 TNode<IntPtrT> key_index) { 3034 static_assert(!std::is_same<ContainerType, DescriptorArray>::value, 3035 "Use the non-templatized version for DescriptorArray"); 3036 const int kKeyToValueOffset = 3037 (ContainerType::kEntryValueIndex - ContainerType::kEntryKeyIndex) * 3038 kTaggedSize; 3039 return LoadFixedArrayElement(container, key_index, kKeyToValueOffset); 3040 } 3041 3042 // Stores the details for the entry with the given key_index. 3043 // |details| must be a Smi. 3044 template <class ContainerType> StoreDetailsByKeyIndex(TNode<ContainerType> container,TNode<IntPtrT> key_index,TNode<Smi> details)3045 void StoreDetailsByKeyIndex(TNode<ContainerType> container, 3046 TNode<IntPtrT> key_index, TNode<Smi> details) { 3047 const int kKeyToDetailsOffset = 3048 (ContainerType::kEntryDetailsIndex - ContainerType::kEntryKeyIndex) * 3049 kTaggedSize; 3050 StoreFixedArrayElement(container, key_index, details, SKIP_WRITE_BARRIER, 3051 kKeyToDetailsOffset); 3052 } 3053 3054 // Stores the value for the entry with the given key_index. 3055 template <class ContainerType> 3056 void StoreValueByKeyIndex( 3057 TNode<ContainerType> container, TNode<IntPtrT> key_index, 3058 TNode<Object> value, 3059 WriteBarrierMode write_barrier = UPDATE_WRITE_BARRIER) { 3060 const int kKeyToValueOffset = 3061 (ContainerType::kEntryValueIndex - ContainerType::kEntryKeyIndex) * 3062 kTaggedSize; 3063 StoreFixedArrayElement(container, key_index, value, write_barrier, 3064 kKeyToValueOffset); 3065 } 3066 3067 // Calculate a valid size for the a hash table. 3068 TNode<IntPtrT> HashTableComputeCapacity(TNode<IntPtrT> at_least_space_for); 3069 3070 template <class Dictionary> GetNumberOfElements(TNode<Dictionary> dictionary)3071 TNode<Smi> GetNumberOfElements(TNode<Dictionary> dictionary) { 3072 return CAST( 3073 LoadFixedArrayElement(dictionary, Dictionary::kNumberOfElementsIndex)); 3074 } 3075 GetNumberDictionaryNumberOfElements(TNode<NumberDictionary> dictionary)3076 TNode<Smi> GetNumberDictionaryNumberOfElements( 3077 TNode<NumberDictionary> dictionary) { 3078 return GetNumberOfElements<NumberDictionary>(dictionary); 3079 } 3080 3081 template <class Dictionary> SetNumberOfElements(TNode<Dictionary> dictionary,TNode<Smi> num_elements_smi)3082 void SetNumberOfElements(TNode<Dictionary> dictionary, 3083 TNode<Smi> num_elements_smi) { 3084 StoreFixedArrayElement(dictionary, Dictionary::kNumberOfElementsIndex, 3085 num_elements_smi, SKIP_WRITE_BARRIER); 3086 } 3087 3088 template <class Dictionary> GetNumberOfDeletedElements(TNode<Dictionary> dictionary)3089 TNode<Smi> GetNumberOfDeletedElements(TNode<Dictionary> dictionary) { 3090 return CAST(LoadFixedArrayElement( 3091 dictionary, Dictionary::kNumberOfDeletedElementsIndex)); 3092 } 3093 3094 template <class Dictionary> SetNumberOfDeletedElements(TNode<Dictionary> dictionary,TNode<Smi> num_deleted_smi)3095 void SetNumberOfDeletedElements(TNode<Dictionary> dictionary, 3096 TNode<Smi> num_deleted_smi) { 3097 StoreFixedArrayElement(dictionary, 3098 Dictionary::kNumberOfDeletedElementsIndex, 3099 num_deleted_smi, SKIP_WRITE_BARRIER); 3100 } 3101 3102 template <class Dictionary> GetCapacity(TNode<Dictionary> dictionary)3103 TNode<Smi> GetCapacity(TNode<Dictionary> dictionary) { 3104 return CAST( 3105 UnsafeLoadFixedArrayElement(dictionary, Dictionary::kCapacityIndex)); 3106 } 3107 3108 template <class Dictionary> GetNextEnumerationIndex(TNode<Dictionary> dictionary)3109 TNode<Smi> GetNextEnumerationIndex(TNode<Dictionary> dictionary) { 3110 return CAST(LoadFixedArrayElement(dictionary, 3111 Dictionary::kNextEnumerationIndexIndex)); 3112 } 3113 3114 template <class Dictionary> SetNextEnumerationIndex(TNode<Dictionary> dictionary,TNode<Smi> next_enum_index_smi)3115 void SetNextEnumerationIndex(TNode<Dictionary> dictionary, 3116 TNode<Smi> next_enum_index_smi) { 3117 StoreFixedArrayElement(dictionary, Dictionary::kNextEnumerationIndexIndex, 3118 next_enum_index_smi, SKIP_WRITE_BARRIER); 3119 } 3120 3121 // Looks up an entry in a NameDictionaryBase successor. If the entry is found 3122 // control goes to {if_found} and {var_name_index} contains an index of the 3123 // key field of the entry found. If the key is not found control goes to 3124 // {if_not_found}. 3125 enum LookupMode { kFindExisting, kFindInsertionIndex }; 3126 3127 template <typename Dictionary> 3128 TNode<HeapObject> LoadName(TNode<HeapObject> key); 3129 3130 template <typename Dictionary> 3131 void NameDictionaryLookup(TNode<Dictionary> dictionary, 3132 TNode<Name> unique_name, Label* if_found, 3133 TVariable<IntPtrT>* var_name_index, 3134 Label* if_not_found, 3135 LookupMode mode = kFindExisting); 3136 3137 TNode<Word32T> ComputeSeededHash(TNode<IntPtrT> key); 3138 3139 void NumberDictionaryLookup(TNode<NumberDictionary> dictionary, 3140 TNode<IntPtrT> intptr_index, Label* if_found, 3141 TVariable<IntPtrT>* var_entry, 3142 Label* if_not_found); 3143 3144 TNode<Object> BasicLoadNumberDictionaryElement( 3145 TNode<NumberDictionary> dictionary, TNode<IntPtrT> intptr_index, 3146 Label* not_data, Label* if_hole); 3147 3148 template <class Dictionary> 3149 void FindInsertionEntry(TNode<Dictionary> dictionary, TNode<Name> key, 3150 TVariable<IntPtrT>* var_key_index); 3151 3152 template <class Dictionary> 3153 void InsertEntry(TNode<Dictionary> dictionary, TNode<Name> key, 3154 TNode<Object> value, TNode<IntPtrT> index, 3155 TNode<Smi> enum_index); 3156 3157 template <class Dictionary> 3158 void Add(TNode<Dictionary> dictionary, TNode<Name> key, TNode<Object> value, 3159 Label* bailout); 3160 3161 // Tries to check if {object} has own {unique_name} property. 3162 void TryHasOwnProperty(TNode<HeapObject> object, TNode<Map> map, 3163 TNode<Int32T> instance_type, TNode<Name> unique_name, 3164 Label* if_found, Label* if_not_found, 3165 Label* if_bailout); 3166 3167 // Operating mode for TryGetOwnProperty and CallGetterIfAccessor 3168 // kReturnAccessorPair is used when we're only getting the property descriptor 3169 enum GetOwnPropertyMode { kCallJSGetter, kReturnAccessorPair }; 3170 // Tries to get {object}'s own {unique_name} property value. If the property 3171 // is an accessor then it also calls a getter. If the property is a double 3172 // field it re-wraps value in an immutable heap number. {unique_name} must be 3173 // a unique name (Symbol or InternalizedString) that is not an array index. 3174 void TryGetOwnProperty(TNode<Context> context, TNode<HeapObject> receiver, 3175 TNode<JSReceiver> object, TNode<Map> map, 3176 TNode<Int32T> instance_type, TNode<Name> unique_name, 3177 Label* if_found_value, TVariable<Object>* var_value, 3178 Label* if_not_found, Label* if_bailout); 3179 void TryGetOwnProperty(TNode<Context> context, TNode<HeapObject> receiver, 3180 TNode<JSReceiver> object, TNode<Map> map, 3181 TNode<Int32T> instance_type, TNode<Name> unique_name, 3182 Label* if_found_value, TVariable<Object>* var_value, 3183 TVariable<Uint32T>* var_details, 3184 TVariable<Object>* var_raw_value, Label* if_not_found, 3185 Label* if_bailout, GetOwnPropertyMode mode); 3186 GetProperty(SloppyTNode<Context> context,SloppyTNode<Object> receiver,Handle<Name> name)3187 TNode<Object> GetProperty(SloppyTNode<Context> context, 3188 SloppyTNode<Object> receiver, Handle<Name> name) { 3189 return GetProperty(context, receiver, HeapConstant(name)); 3190 } 3191 GetProperty(SloppyTNode<Context> context,SloppyTNode<Object> receiver,SloppyTNode<Object> name)3192 TNode<Object> GetProperty(SloppyTNode<Context> context, 3193 SloppyTNode<Object> receiver, 3194 SloppyTNode<Object> name) { 3195 return CallBuiltin(Builtins::kGetProperty, context, receiver, name); 3196 } 3197 SetPropertyStrict(TNode<Context> context,TNode<Object> receiver,TNode<Object> key,TNode<Object> value)3198 TNode<Object> SetPropertyStrict(TNode<Context> context, 3199 TNode<Object> receiver, TNode<Object> key, 3200 TNode<Object> value) { 3201 return CallBuiltin(Builtins::kSetProperty, context, receiver, key, value); 3202 } 3203 SetPropertyInLiteral(TNode<Context> context,TNode<JSObject> receiver,TNode<Object> key,TNode<Object> value)3204 TNode<Object> SetPropertyInLiteral(TNode<Context> context, 3205 TNode<JSObject> receiver, 3206 TNode<Object> key, TNode<Object> value) { 3207 return CallBuiltin(Builtins::kSetPropertyInLiteral, context, receiver, key, 3208 value); 3209 } 3210 3211 TNode<Object> GetMethod(TNode<Context> context, TNode<Object> object, 3212 Handle<Name> name, Label* if_null_or_undefined); 3213 3214 TNode<Object> GetIteratorMethod(TNode<Context> context, 3215 TNode<HeapObject> heap_obj, 3216 Label* if_iteratorundefined); 3217 3218 template <class... TArgs> CallBuiltin(Builtins::Name id,SloppyTNode<Object> context,TArgs...args)3219 TNode<Object> CallBuiltin(Builtins::Name id, SloppyTNode<Object> context, 3220 TArgs... args) { 3221 return CallStub<Object>(Builtins::CallableFor(isolate(), id), context, 3222 args...); 3223 } 3224 3225 template <class... TArgs> TailCallBuiltin(Builtins::Name id,SloppyTNode<Object> context,TArgs...args)3226 void TailCallBuiltin(Builtins::Name id, SloppyTNode<Object> context, 3227 TArgs... args) { 3228 return TailCallStub(Builtins::CallableFor(isolate(), id), context, args...); 3229 } 3230 3231 void LoadPropertyFromFastObject(TNode<HeapObject> object, TNode<Map> map, 3232 TNode<DescriptorArray> descriptors, 3233 TNode<IntPtrT> name_index, 3234 TVariable<Uint32T>* var_details, 3235 TVariable<Object>* var_value); 3236 3237 void LoadPropertyFromFastObject(TNode<HeapObject> object, TNode<Map> map, 3238 TNode<DescriptorArray> descriptors, 3239 TNode<IntPtrT> name_index, TNode<Uint32T>, 3240 TVariable<Object>* var_value); 3241 3242 void LoadPropertyFromNameDictionary(TNode<NameDictionary> dictionary, 3243 TNode<IntPtrT> name_index, 3244 TVariable<Uint32T>* var_details, 3245 TVariable<Object>* var_value); 3246 void LoadPropertyFromGlobalDictionary(TNode<GlobalDictionary> dictionary, 3247 TNode<IntPtrT> name_index, 3248 TVariable<Uint32T>* var_details, 3249 TVariable<Object>* var_value, 3250 Label* if_deleted); 3251 3252 // Generic property lookup generator. If the {object} is fast and 3253 // {unique_name} property is found then the control goes to {if_found_fast} 3254 // label and {var_meta_storage} and {var_name_index} will contain 3255 // DescriptorArray and an index of the descriptor's name respectively. 3256 // If the {object} is slow or global then the control goes to {if_found_dict} 3257 // or {if_found_global} and the {var_meta_storage} and {var_name_index} will 3258 // contain a dictionary and an index of the key field of the found entry. 3259 // If property is not found or given lookup is not supported then 3260 // the control goes to {if_not_found} or {if_bailout} respectively. 3261 // 3262 // Note: this code does not check if the global dictionary points to deleted 3263 // entry! This has to be done by the caller. 3264 void TryLookupProperty(SloppyTNode<HeapObject> object, SloppyTNode<Map> map, 3265 SloppyTNode<Int32T> instance_type, 3266 SloppyTNode<Name> unique_name, Label* if_found_fast, 3267 Label* if_found_dict, Label* if_found_global, 3268 TVariable<HeapObject>* var_meta_storage, 3269 TVariable<IntPtrT>* var_name_index, 3270 Label* if_not_found, Label* if_bailout); 3271 3272 // This is a building block for TryLookupProperty() above. Supports only 3273 // non-special fast and dictionary objects. 3274 void TryLookupPropertyInSimpleObject(TNode<JSObject> object, TNode<Map> map, 3275 TNode<Name> unique_name, 3276 Label* if_found_fast, 3277 Label* if_found_dict, 3278 TVariable<HeapObject>* var_meta_storage, 3279 TVariable<IntPtrT>* var_name_index, 3280 Label* if_not_found); 3281 3282 // This method jumps to if_found if the element is known to exist. To 3283 // if_absent if it's known to not exist. To if_not_found if the prototype 3284 // chain needs to be checked. And if_bailout if the lookup is unsupported. 3285 void TryLookupElement(TNode<HeapObject> object, TNode<Map> map, 3286 SloppyTNode<Int32T> instance_type, 3287 SloppyTNode<IntPtrT> intptr_index, Label* if_found, 3288 Label* if_absent, Label* if_not_found, 3289 Label* if_bailout); 3290 3291 // For integer indexed exotic cases, check if the given string cannot be a 3292 // special index. If we are not sure that the given string is not a special 3293 // index with a simple check, return False. Note that "False" return value 3294 // does not mean that the name_string is a special index in the current 3295 // implementation. 3296 void BranchIfMaybeSpecialIndex(TNode<String> name_string, 3297 Label* if_maybe_special_index, 3298 Label* if_not_special_index); 3299 3300 // This is a type of a lookup property in holder generator function. The {key} 3301 // is guaranteed to be an unique name. 3302 using LookupPropertyInHolder = std::function<void( 3303 TNode<HeapObject> receiver, TNode<HeapObject> holder, TNode<Map> map, 3304 TNode<Int32T> instance_type, TNode<Name> key, Label* next_holder, 3305 Label* if_bailout)>; 3306 3307 // This is a type of a lookup element in holder generator function. The {key} 3308 // is an Int32 index. 3309 using LookupElementInHolder = std::function<void( 3310 TNode<HeapObject> receiver, TNode<HeapObject> holder, TNode<Map> map, 3311 TNode<Int32T> instance_type, TNode<IntPtrT> key, Label* next_holder, 3312 Label* if_bailout)>; 3313 3314 // Generic property prototype chain lookup generator. 3315 // For properties it generates lookup using given {lookup_property_in_holder} 3316 // and for elements it uses {lookup_element_in_holder}. 3317 // Upon reaching the end of prototype chain the control goes to {if_end}. 3318 // If it can't handle the case {receiver}/{key} case then the control goes 3319 // to {if_bailout}. 3320 // If {if_proxy} is nullptr, proxies go to if_bailout. 3321 void TryPrototypeChainLookup( 3322 TNode<Object> receiver, TNode<Object> object, TNode<Object> key, 3323 const LookupPropertyInHolder& lookup_property_in_holder, 3324 const LookupElementInHolder& lookup_element_in_holder, Label* if_end, 3325 Label* if_bailout, Label* if_proxy); 3326 3327 // Instanceof helpers. 3328 // Returns true if {object} has {prototype} somewhere in it's prototype 3329 // chain, otherwise false is returned. Might cause arbitrary side effects 3330 // due to [[GetPrototypeOf]] invocations. 3331 TNode<Oddball> HasInPrototypeChain(TNode<Context> context, 3332 TNode<HeapObject> object, 3333 TNode<Object> prototype); 3334 // ES6 section 7.3.19 OrdinaryHasInstance (C, O) 3335 TNode<Oddball> OrdinaryHasInstance(TNode<Context> context, 3336 TNode<Object> callable, 3337 TNode<Object> object); 3338 3339 // Load type feedback vector from the stub caller's frame. 3340 TNode<FeedbackVector> LoadFeedbackVectorForStub(); 3341 3342 // Load the value from closure's feedback cell. 3343 TNode<HeapObject> LoadFeedbackCellValue(SloppyTNode<JSFunction> closure); 3344 3345 // Load the object from feedback vector cell for the given closure. 3346 // The returned object could be undefined if the closure does not have 3347 // a feedback vector associated with it. 3348 TNode<HeapObject> LoadFeedbackVector(SloppyTNode<JSFunction> closure); 3349 3350 // Load the ClosureFeedbackCellArray that contains the feedback cells 3351 // used when creating closures from this function. This array could be 3352 // directly hanging off the FeedbackCell when there is no feedback vector 3353 // or available from the feedback vector's header. 3354 TNode<ClosureFeedbackCellArray> LoadClosureFeedbackArray( 3355 SloppyTNode<JSFunction> closure); 3356 3357 // Update the type feedback vector. 3358 void UpdateFeedback(TNode<Smi> feedback, 3359 TNode<HeapObject> maybe_feedback_vector, 3360 TNode<UintPtrT> slot_id); 3361 3362 // Report that there was a feedback update, performing any tasks that should 3363 // be done after a feedback update. 3364 void ReportFeedbackUpdate(TNode<FeedbackVector> feedback_vector, 3365 SloppyTNode<UintPtrT> slot_id, const char* reason); 3366 3367 // Combine the new feedback with the existing_feedback. Do nothing if 3368 // existing_feedback is nullptr. 3369 void CombineFeedback(TVariable<Smi>* existing_feedback, int feedback); 3370 void CombineFeedback(TVariable<Smi>* existing_feedback, TNode<Smi> feedback); 3371 3372 // Overwrite the existing feedback with new_feedback. Do nothing if 3373 // existing_feedback is nullptr. 3374 void OverwriteFeedback(TVariable<Smi>* existing_feedback, int new_feedback); 3375 3376 // Check if a property name might require protector invalidation when it is 3377 // used for a property store or deletion. 3378 void CheckForAssociatedProtector(SloppyTNode<Name> name, Label* if_protector); 3379 3380 TNode<Map> LoadReceiverMap(SloppyTNode<Object> receiver); 3381 3382 // Loads script context from the script context table. 3383 TNode<Context> LoadScriptContext(TNode<Context> context, 3384 TNode<IntPtrT> context_index); 3385 3386 TNode<Uint8T> Int32ToUint8Clamped(TNode<Int32T> int32_value); 3387 TNode<Uint8T> Float64ToUint8Clamped(TNode<Float64T> float64_value); 3388 3389 Node* PrepareValueForWriteToTypedArray(TNode<Object> input, 3390 ElementsKind elements_kind, 3391 TNode<Context> context); 3392 3393 // Store value to an elements array with given elements kind. 3394 // TODO(turbofan): For BIGINT64_ELEMENTS and BIGUINT64_ELEMENTS 3395 // we pass {value} as BigInt object instead of int64_t. We should 3396 // teach TurboFan to handle int64_t on 32-bit platforms eventually. 3397 void StoreElement(Node* elements, ElementsKind kind, Node* index, Node* value, 3398 ParameterMode mode); StoreElement(TNode<RawPtrT> elements,ElementsKind kind,TNode<UintPtrT> index,Node * value)3399 void StoreElement(TNode<RawPtrT> elements, ElementsKind kind, 3400 TNode<UintPtrT> index, Node* value) { 3401 return StoreElement(elements, kind, index, value, INTPTR_PARAMETERS); 3402 } 3403 3404 // Implements the BigInt part of 3405 // https://tc39.github.io/proposal-bigint/#sec-numbertorawbytes, 3406 // including truncation to 64 bits (i.e. modulo 2^64). 3407 // {var_high} is only used on 32-bit platforms. 3408 void BigIntToRawBytes(TNode<BigInt> bigint, TVariable<UintPtrT>* var_low, 3409 TVariable<UintPtrT>* var_high); 3410 3411 void EmitElementStore(TNode<JSObject> object, TNode<Object> key, 3412 TNode<Object> value, ElementsKind elements_kind, 3413 KeyedAccessStoreMode store_mode, Label* bailout, 3414 TNode<Context> context, 3415 TVariable<Object>* maybe_converted_value = nullptr); 3416 3417 Node* CheckForCapacityGrow(TNode<JSObject> object, 3418 TNode<FixedArrayBase> elements, ElementsKind kind, 3419 TNode<UintPtrT> length, TNode<IntPtrT> key, 3420 Label* bailout); 3421 3422 TNode<FixedArrayBase> CopyElementsOnWrite(TNode<HeapObject> object, 3423 TNode<FixedArrayBase> elements, 3424 ElementsKind kind, Node* length, 3425 ParameterMode mode, Label* bailout); 3426 3427 void TransitionElementsKind(TNode<JSObject> object, TNode<Map> map, 3428 ElementsKind from_kind, ElementsKind to_kind, 3429 Label* bailout); 3430 3431 void TrapAllocationMemento(TNode<JSObject> object, Label* memento_found); 3432 3433 TNode<IntPtrT> PageFromAddress(TNode<IntPtrT> address); 3434 3435 // Store a weak in-place reference into the FeedbackVector. 3436 TNode<MaybeObject> StoreWeakReferenceInFeedbackVector( 3437 TNode<FeedbackVector> feedback_vector, TNode<UintPtrT> slot, 3438 TNode<HeapObject> value, int additional_offset = 0); 3439 3440 // Create a new AllocationSite and install it into a feedback vector. 3441 TNode<AllocationSite> CreateAllocationSiteInFeedbackVector( 3442 TNode<FeedbackVector> feedback_vector, TNode<UintPtrT> slot); 3443 3444 // TODO(ishell, cbruni): Change to HasBoilerplate. 3445 TNode<BoolT> NotHasBoilerplate(TNode<Object> maybe_literal_site); 3446 TNode<Smi> LoadTransitionInfo(TNode<AllocationSite> allocation_site); 3447 TNode<JSObject> LoadBoilerplate(TNode<AllocationSite> allocation_site); 3448 TNode<Int32T> LoadElementsKind(TNode<AllocationSite> allocation_site); 3449 3450 enum class IndexAdvanceMode { kPre, kPost }; 3451 3452 template <typename TIndex> 3453 using FastLoopBody = std::function<void(TNode<TIndex> index)>; 3454 3455 template <typename TIndex> 3456 TNode<TIndex> BuildFastLoop( 3457 const VariableList& var_list, TNode<TIndex> start_index, 3458 TNode<TIndex> end_index, const FastLoopBody<TIndex>& body, int increment, 3459 IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre); 3460 3461 template <typename TIndex> 3462 TNode<TIndex> BuildFastLoop( 3463 TNode<TIndex> start_index, TNode<TIndex> end_index, 3464 const FastLoopBody<TIndex>& body, int increment, 3465 IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre) { 3466 return BuildFastLoop(VariableList(0, zone()), start_index, end_index, body, 3467 increment, advance_mode); 3468 } 3469 3470 enum class ForEachDirection { kForward, kReverse }; 3471 3472 using FastFixedArrayForEachBody = 3473 std::function<void(Node* fixed_array, Node* offset)>; 3474 3475 void BuildFastFixedArrayForEach( 3476 const CodeStubAssembler::VariableList& vars, Node* fixed_array, 3477 ElementsKind kind, Node* first_element_inclusive, 3478 Node* last_element_exclusive, const FastFixedArrayForEachBody& body, 3479 ParameterMode mode = INTPTR_PARAMETERS, 3480 ForEachDirection direction = ForEachDirection::kReverse); 3481 3482 void BuildFastFixedArrayForEach( 3483 Node* fixed_array, ElementsKind kind, Node* first_element_inclusive, 3484 Node* last_element_exclusive, const FastFixedArrayForEachBody& body, 3485 ParameterMode mode = INTPTR_PARAMETERS, 3486 ForEachDirection direction = ForEachDirection::kReverse) { 3487 CodeStubAssembler::VariableList list(0, zone()); 3488 BuildFastFixedArrayForEach(list, fixed_array, kind, first_element_inclusive, 3489 last_element_exclusive, body, mode, direction); 3490 } 3491 GetArrayAllocationSize(TNode<IntPtrT> element_count,ElementsKind kind,int header_size)3492 TNode<IntPtrT> GetArrayAllocationSize(TNode<IntPtrT> element_count, 3493 ElementsKind kind, int header_size) { 3494 return ElementOffsetFromIndex(element_count, kind, header_size); 3495 } 3496 3497 // TODO(v8:9708): remove once all uses are ported. GetArrayAllocationSize(Node * element_count,ElementsKind kind,ParameterMode mode,int header_size)3498 TNode<IntPtrT> GetArrayAllocationSize(Node* element_count, ElementsKind kind, 3499 ParameterMode mode, int header_size) { 3500 return ElementOffsetFromIndex(element_count, kind, mode, header_size); 3501 } 3502 GetFixedArrayAllocationSize(Node * element_count,ElementsKind kind,ParameterMode mode)3503 TNode<IntPtrT> GetFixedArrayAllocationSize(Node* element_count, 3504 ElementsKind kind, 3505 ParameterMode mode) { 3506 return GetArrayAllocationSize(element_count, kind, mode, 3507 FixedArray::kHeaderSize); 3508 } 3509 GetPropertyArrayAllocationSize(Node * element_count,ParameterMode mode)3510 TNode<IntPtrT> GetPropertyArrayAllocationSize(Node* element_count, 3511 ParameterMode mode) { 3512 return GetArrayAllocationSize(element_count, PACKED_ELEMENTS, mode, 3513 PropertyArray::kHeaderSize); 3514 } 3515 3516 void GotoIfFixedArraySizeDoesntFitInNewSpace(Node* element_count, 3517 Label* doesnt_fit, int base_size, 3518 ParameterMode mode); 3519 3520 void InitializeFieldsWithRoot(TNode<HeapObject> object, 3521 TNode<IntPtrT> start_offset, 3522 TNode<IntPtrT> end_offset, RootIndex root); 3523 3524 TNode<Oddball> RelationalComparison( 3525 Operation op, TNode<Object> left, TNode<Object> right, 3526 TNode<Context> context, TVariable<Smi>* var_type_feedback = nullptr); 3527 3528 void BranchIfNumberRelationalComparison(Operation op, 3529 SloppyTNode<Number> left, 3530 SloppyTNode<Number> right, 3531 Label* if_true, Label* if_false); 3532 BranchIfNumberEqual(TNode<Number> left,TNode<Number> right,Label * if_true,Label * if_false)3533 void BranchIfNumberEqual(TNode<Number> left, TNode<Number> right, 3534 Label* if_true, Label* if_false) { 3535 BranchIfNumberRelationalComparison(Operation::kEqual, left, right, if_true, 3536 if_false); 3537 } 3538 BranchIfNumberNotEqual(TNode<Number> left,TNode<Number> right,Label * if_true,Label * if_false)3539 void BranchIfNumberNotEqual(TNode<Number> left, TNode<Number> right, 3540 Label* if_true, Label* if_false) { 3541 BranchIfNumberEqual(left, right, if_false, if_true); 3542 } 3543 BranchIfNumberLessThan(TNode<Number> left,TNode<Number> right,Label * if_true,Label * if_false)3544 void BranchIfNumberLessThan(TNode<Number> left, TNode<Number> right, 3545 Label* if_true, Label* if_false) { 3546 BranchIfNumberRelationalComparison(Operation::kLessThan, left, right, 3547 if_true, if_false); 3548 } 3549 BranchIfNumberLessThanOrEqual(TNode<Number> left,TNode<Number> right,Label * if_true,Label * if_false)3550 void BranchIfNumberLessThanOrEqual(TNode<Number> left, TNode<Number> right, 3551 Label* if_true, Label* if_false) { 3552 BranchIfNumberRelationalComparison(Operation::kLessThanOrEqual, left, right, 3553 if_true, if_false); 3554 } 3555 BranchIfNumberGreaterThan(TNode<Number> left,TNode<Number> right,Label * if_true,Label * if_false)3556 void BranchIfNumberGreaterThan(TNode<Number> left, TNode<Number> right, 3557 Label* if_true, Label* if_false) { 3558 BranchIfNumberRelationalComparison(Operation::kGreaterThan, left, right, 3559 if_true, if_false); 3560 } 3561 BranchIfNumberGreaterThanOrEqual(TNode<Number> left,TNode<Number> right,Label * if_true,Label * if_false)3562 void BranchIfNumberGreaterThanOrEqual(TNode<Number> left, TNode<Number> right, 3563 Label* if_true, Label* if_false) { 3564 BranchIfNumberRelationalComparison(Operation::kGreaterThanOrEqual, left, 3565 right, if_true, if_false); 3566 } 3567 BranchIfAccessorPair(TNode<Object> value,Label * if_accessor_pair,Label * if_not_accessor_pair)3568 void BranchIfAccessorPair(TNode<Object> value, Label* if_accessor_pair, 3569 Label* if_not_accessor_pair) { 3570 GotoIf(TaggedIsSmi(value), if_not_accessor_pair); 3571 Branch(IsAccessorPair(CAST(value)), if_accessor_pair, if_not_accessor_pair); 3572 } 3573 3574 void GotoIfNumberGreaterThanOrEqual(SloppyTNode<Number> left, 3575 SloppyTNode<Number> right, 3576 Label* if_false); 3577 3578 TNode<Oddball> Equal(SloppyTNode<Object> lhs, SloppyTNode<Object> rhs, 3579 SloppyTNode<Context> context, 3580 TVariable<Smi>* var_type_feedback = nullptr); 3581 3582 TNode<Oddball> StrictEqual(SloppyTNode<Object> lhs, SloppyTNode<Object> rhs, 3583 TVariable<Smi>* var_type_feedback = nullptr); 3584 3585 // ECMA#sec-samevalue 3586 // Similar to StrictEqual except that NaNs are treated as equal and minus zero 3587 // differs from positive zero. 3588 enum class SameValueMode { kNumbersOnly, kFull }; 3589 void BranchIfSameValue(SloppyTNode<Object> lhs, SloppyTNode<Object> rhs, 3590 Label* if_true, Label* if_false, 3591 SameValueMode mode = SameValueMode::kFull); 3592 // A part of BranchIfSameValue() that handles two double values. 3593 // Treats NaN == NaN and +0 != -0. 3594 void BranchIfSameNumberValue(TNode<Float64T> lhs_value, 3595 TNode<Float64T> rhs_value, Label* if_true, 3596 Label* if_false); 3597 3598 enum HasPropertyLookupMode { kHasProperty, kForInHasProperty }; 3599 3600 TNode<Oddball> HasProperty(SloppyTNode<Context> context, 3601 SloppyTNode<Object> object, 3602 SloppyTNode<Object> key, 3603 HasPropertyLookupMode mode); 3604 3605 // Due to naming conflict with the builtin function namespace. HasProperty_Inline(TNode<Context> context,TNode<JSReceiver> object,TNode<Object> key)3606 TNode<Oddball> HasProperty_Inline(TNode<Context> context, 3607 TNode<JSReceiver> object, 3608 TNode<Object> key) { 3609 return HasProperty(context, object, key, 3610 HasPropertyLookupMode::kHasProperty); 3611 } 3612 3613 TNode<String> Typeof(SloppyTNode<Object> value); 3614 3615 TNode<Object> GetSuperConstructor(TNode<Context> context, 3616 TNode<JSFunction> active_function); 3617 3618 TNode<JSReceiver> SpeciesConstructor( 3619 SloppyTNode<Context> context, SloppyTNode<Object> object, 3620 SloppyTNode<JSReceiver> default_constructor); 3621 3622 TNode<Oddball> InstanceOf(TNode<Object> object, TNode<Object> callable, 3623 TNode<Context> context); 3624 3625 // Debug helpers 3626 TNode<BoolT> IsDebugActive(); 3627 3628 // JSArrayBuffer helpers 3629 TNode<Uint32T> LoadJSArrayBufferBitField(TNode<JSArrayBuffer> array_buffer); 3630 TNode<RawPtrT> LoadJSArrayBufferBackingStore( 3631 TNode<JSArrayBuffer> array_buffer); 3632 void ThrowIfArrayBufferIsDetached(SloppyTNode<Context> context, 3633 TNode<JSArrayBuffer> array_buffer, 3634 const char* method_name); 3635 3636 // JSArrayBufferView helpers 3637 TNode<JSArrayBuffer> LoadJSArrayBufferViewBuffer( 3638 TNode<JSArrayBufferView> array_buffer_view); 3639 TNode<UintPtrT> LoadJSArrayBufferViewByteLength( 3640 TNode<JSArrayBufferView> array_buffer_view); 3641 TNode<UintPtrT> LoadJSArrayBufferViewByteOffset( 3642 TNode<JSArrayBufferView> array_buffer_view); 3643 void ThrowIfArrayBufferViewBufferIsDetached( 3644 SloppyTNode<Context> context, TNode<JSArrayBufferView> array_buffer_view, 3645 const char* method_name); 3646 3647 // JSTypedArray helpers 3648 TNode<UintPtrT> LoadJSTypedArrayLength(TNode<JSTypedArray> typed_array); 3649 TNode<RawPtrT> LoadJSTypedArrayDataPtr(TNode<JSTypedArray> typed_array); 3650 3651 template <typename TIndex> 3652 TNode<IntPtrT> ElementOffsetFromIndex(TNode<TIndex> index, ElementsKind kind, 3653 int base_size = 0); 3654 // TODO(v8:9708): remove once all uses are ported. 3655 TNode<IntPtrT> ElementOffsetFromIndex(Node* index, ElementsKind kind, 3656 ParameterMode mode, int base_size = 0); 3657 3658 // Check that a field offset is within the bounds of the an object. 3659 TNode<BoolT> IsOffsetInBounds(SloppyTNode<IntPtrT> offset, 3660 SloppyTNode<IntPtrT> length, int header_size, 3661 ElementsKind kind = HOLEY_ELEMENTS); 3662 3663 // Load a builtin's code from the builtin array in the isolate. 3664 TNode<Code> LoadBuiltin(TNode<Smi> builtin_id); 3665 3666 // Figure out the SFI's code object using its data field. 3667 // If |if_compile_lazy| is provided then the execution will go to the given 3668 // label in case of an CompileLazy code object. 3669 TNode<Code> GetSharedFunctionInfoCode( 3670 SloppyTNode<SharedFunctionInfo> shared_info, 3671 Label* if_compile_lazy = nullptr); 3672 3673 TNode<JSFunction> AllocateFunctionWithMapAndContext( 3674 TNode<Map> map, TNode<SharedFunctionInfo> shared_info, 3675 TNode<Context> context); 3676 3677 // Promise helpers 3678 TNode<BoolT> IsPromiseHookEnabled(); 3679 TNode<BoolT> HasAsyncEventDelegate(); 3680 TNode<BoolT> IsPromiseHookEnabledOrHasAsyncEventDelegate(); 3681 TNode<BoolT> IsPromiseHookEnabledOrDebugIsActiveOrHasAsyncEventDelegate(); 3682 3683 // for..in helpers 3684 void CheckPrototypeEnumCache(TNode<JSReceiver> receiver, 3685 TNode<Map> receiver_map, Label* if_fast, 3686 Label* if_slow); 3687 TNode<Map> CheckEnumCache(TNode<JSReceiver> receiver, Label* if_empty, 3688 Label* if_runtime); 3689 3690 TNode<Object> GetArgumentValue(TorqueStructArguments args, 3691 TNode<IntPtrT> index); 3692 3693 TorqueStructArguments GetFrameArguments(TNode<RawPtrT> frame, 3694 TNode<IntPtrT> argc); 3695 3696 // Support for printf-style debugging 3697 void Print(const char* s); 3698 void Print(const char* prefix, SloppyTNode<MaybeObject> tagged_value); Print(SloppyTNode<MaybeObject> tagged_value)3699 void Print(SloppyTNode<MaybeObject> tagged_value) { 3700 return Print(nullptr, tagged_value); 3701 } 3702 3703 template <class... TArgs> MakeTypeError(MessageTemplate message,TNode<Context> context,TArgs...args)3704 TNode<HeapObject> MakeTypeError(MessageTemplate message, 3705 TNode<Context> context, TArgs... args) { 3706 STATIC_ASSERT(sizeof...(TArgs) <= 3); 3707 const TNode<Object> make_type_error = LoadContextElement( 3708 LoadNativeContext(context), Context::MAKE_TYPE_ERROR_INDEX); 3709 return CAST(Call(context, make_type_error, UndefinedConstant(), 3710 SmiConstant(message), args...)); 3711 } 3712 Abort(AbortReason reason)3713 void Abort(AbortReason reason) { 3714 CallRuntime(Runtime::kAbort, NoContextConstant(), SmiConstant(reason)); 3715 Unreachable(); 3716 } 3717 ConstexprBoolNot(bool value)3718 bool ConstexprBoolNot(bool value) { return !value; } 3719 ConstexprInt31Equal(int31_t a,int31_t b)3720 bool ConstexprInt31Equal(int31_t a, int31_t b) { return a == b; } ConstexprInt31NotEqual(int31_t a,int31_t b)3721 bool ConstexprInt31NotEqual(int31_t a, int31_t b) { return a != b; } ConstexprInt31GreaterThanEqual(int31_t a,int31_t b)3722 bool ConstexprInt31GreaterThanEqual(int31_t a, int31_t b) { return a >= b; } ConstexprInt32Equal(int32_t a,int32_t b)3723 bool ConstexprInt32Equal(int32_t a, int32_t b) { return a == b; } ConstexprInt32NotEqual(int32_t a,int32_t b)3724 bool ConstexprInt32NotEqual(int32_t a, int32_t b) { return a != b; } ConstexprInt32GreaterThanEqual(int32_t a,int32_t b)3725 bool ConstexprInt32GreaterThanEqual(int32_t a, int32_t b) { return a >= b; } ConstexprUint32Add(uint32_t a,uint32_t b)3726 uint32_t ConstexprUint32Add(uint32_t a, uint32_t b) { return a + b; } ConstexprInt31Add(int31_t a,int31_t b)3727 int31_t ConstexprInt31Add(int31_t a, int31_t b) { 3728 int32_t val; 3729 CHECK(!base::bits::SignedAddOverflow32(a, b, &val)); 3730 return val; 3731 } ConstexprInt31Mul(int31_t a,int31_t b)3732 int31_t ConstexprInt31Mul(int31_t a, int31_t b) { 3733 int32_t val; 3734 CHECK(!base::bits::SignedMulOverflow32(a, b, &val)); 3735 return val; 3736 } 3737 ConstexprUintPtrLessThan(uintptr_t a,uintptr_t b)3738 bool ConstexprUintPtrLessThan(uintptr_t a, uintptr_t b) { return a < b; } 3739 3740 // CSA does not support 64-bit types on 32-bit platforms so as a workaround 3741 // the kMaxSafeIntegerUint64 is defined as uintptr and allowed to be used only 3742 // inside if constexpr (Is64()) i.e. on 64-bit architectures. MaxSafeIntegerUintPtr()3743 static uintptr_t MaxSafeIntegerUintPtr() { 3744 #if defined(V8_HOST_ARCH_64_BIT) 3745 // This ifdef is required to avoid build issues on 32-bit MSVC which 3746 // complains about static_cast<uintptr_t>(kMaxSafeIntegerUint64). 3747 return kMaxSafeIntegerUint64; 3748 #else 3749 UNREACHABLE(); 3750 #endif 3751 } 3752 3753 void PerformStackCheck(TNode<Context> context); 3754 3755 void SetPropertyLength(TNode<Context> context, TNode<Object> array, 3756 TNode<Number> length); 3757 3758 // Implements DescriptorArray::Search(). 3759 void DescriptorLookup(SloppyTNode<Name> unique_name, 3760 SloppyTNode<DescriptorArray> descriptors, 3761 SloppyTNode<Uint32T> bitfield3, Label* if_found, 3762 TVariable<IntPtrT>* var_name_index, 3763 Label* if_not_found); 3764 3765 // Implements TransitionArray::SearchName() - searches for first transition 3766 // entry with given name (note that there could be multiple entries with 3767 // the same name). 3768 void TransitionLookup(SloppyTNode<Name> unique_name, 3769 SloppyTNode<TransitionArray> transitions, 3770 Label* if_found, TVariable<IntPtrT>* var_name_index, 3771 Label* if_not_found); 3772 3773 // Implements generic search procedure like i::Search<Array>(). 3774 template <typename Array> 3775 void Lookup(TNode<Name> unique_name, TNode<Array> array, 3776 TNode<Uint32T> number_of_valid_entries, Label* if_found, 3777 TVariable<IntPtrT>* var_name_index, Label* if_not_found); 3778 3779 // Implements generic linear search procedure like i::LinearSearch<Array>(). 3780 template <typename Array> 3781 void LookupLinear(TNode<Name> unique_name, TNode<Array> array, 3782 TNode<Uint32T> number_of_valid_entries, Label* if_found, 3783 TVariable<IntPtrT>* var_name_index, Label* if_not_found); 3784 3785 // Implements generic binary search procedure like i::BinarySearch<Array>(). 3786 template <typename Array> 3787 void LookupBinary(TNode<Name> unique_name, TNode<Array> array, 3788 TNode<Uint32T> number_of_valid_entries, Label* if_found, 3789 TVariable<IntPtrT>* var_name_index, Label* if_not_found); 3790 3791 // Converts [Descriptor/Transition]Array entry number to a fixed array index. 3792 template <typename Array> 3793 TNode<IntPtrT> EntryIndexToIndex(TNode<Uint32T> entry_index); 3794 3795 // Implements [Descriptor/Transition]Array::ToKeyIndex. 3796 template <typename Array> 3797 TNode<IntPtrT> ToKeyIndex(TNode<Uint32T> entry_index); 3798 3799 // Implements [Descriptor/Transition]Array::GetKey. 3800 template <typename Array> 3801 TNode<Name> GetKey(TNode<Array> array, TNode<Uint32T> entry_index); 3802 3803 // Implements DescriptorArray::GetDetails. 3804 TNode<Uint32T> DescriptorArrayGetDetails(TNode<DescriptorArray> descriptors, 3805 TNode<Uint32T> descriptor_number); 3806 3807 using ForEachDescriptorBodyFunction = 3808 std::function<void(TNode<IntPtrT> descriptor_key_index)>; 3809 3810 // Descriptor array accessors based on key_index, which is equal to 3811 // DescriptorArray::ToKeyIndex(descriptor). 3812 TNode<Name> LoadKeyByKeyIndex(TNode<DescriptorArray> container, 3813 TNode<IntPtrT> key_index); 3814 TNode<Uint32T> LoadDetailsByKeyIndex(TNode<DescriptorArray> container, 3815 TNode<IntPtrT> key_index); 3816 TNode<Object> LoadValueByKeyIndex(TNode<DescriptorArray> container, 3817 TNode<IntPtrT> key_index); 3818 TNode<MaybeObject> LoadFieldTypeByKeyIndex(TNode<DescriptorArray> container, 3819 TNode<IntPtrT> key_index); 3820 3821 TNode<IntPtrT> DescriptorEntryToIndex(TNode<IntPtrT> descriptor); 3822 3823 // Descriptor array accessors based on descriptor. 3824 TNode<Name> LoadKeyByDescriptorEntry(TNode<DescriptorArray> descriptors, 3825 TNode<IntPtrT> descriptor); 3826 TNode<Name> LoadKeyByDescriptorEntry(TNode<DescriptorArray> descriptors, 3827 int descriptor); 3828 TNode<Uint32T> LoadDetailsByDescriptorEntry( 3829 TNode<DescriptorArray> descriptors, TNode<IntPtrT> descriptor); 3830 TNode<Uint32T> LoadDetailsByDescriptorEntry( 3831 TNode<DescriptorArray> descriptors, int descriptor); 3832 TNode<Object> LoadValueByDescriptorEntry(TNode<DescriptorArray> descriptors, 3833 int descriptor); 3834 TNode<MaybeObject> LoadFieldTypeByDescriptorEntry( 3835 TNode<DescriptorArray> descriptors, TNode<IntPtrT> descriptor); 3836 3837 using ForEachKeyValueFunction = 3838 std::function<void(TNode<Name> key, TNode<Object> value)>; 3839 3840 enum ForEachEnumerationMode { 3841 // String and then Symbol properties according to the spec 3842 // ES#sec-object.assign 3843 kEnumerationOrder, 3844 // Order of property addition 3845 kPropertyAdditionOrder, 3846 }; 3847 3848 // For each JSObject property (in DescriptorArray order), check if the key is 3849 // enumerable, and if so, load the value from the receiver and evaluate the 3850 // closure. 3851 void ForEachEnumerableOwnProperty(TNode<Context> context, TNode<Map> map, 3852 TNode<JSObject> object, 3853 ForEachEnumerationMode mode, 3854 const ForEachKeyValueFunction& body, 3855 Label* bailout); 3856 3857 TNode<Object> CallGetterIfAccessor(TNode<Object> value, 3858 TNode<Uint32T> details, 3859 TNode<Context> context, 3860 TNode<Object> receiver, Label* if_bailout, 3861 GetOwnPropertyMode mode = kCallJSGetter); 3862 3863 TNode<IntPtrT> TryToIntptr(SloppyTNode<Object> key, Label* if_not_intptr, 3864 TVariable<Int32T>* var_instance_type = nullptr); 3865 3866 TNode<Context> AllocateSyntheticFunctionContext( 3867 TNode<NativeContext> native_context, int slots); 3868 void InitializeSyntheticFunctionContext(TNode<NativeContext> native_context, 3869 TNode<HeapObject> context_heap_object, 3870 int slots); 3871 3872 TNode<JSArray> ArrayCreate(TNode<Context> context, TNode<Number> length); 3873 3874 // Allocate a clone of a mutable primitive, if {object} is a mutable 3875 // HeapNumber. 3876 TNode<Object> CloneIfMutablePrimitive(TNode<Object> object); 3877 3878 TNode<Smi> RefillMathRandom(TNode<NativeContext> native_context); 3879 3880 private: 3881 friend class CodeStubArguments; 3882 3883 void HandleBreakOnNode(); 3884 3885 TNode<HeapObject> AllocateRawDoubleAligned(TNode<IntPtrT> size_in_bytes, 3886 AllocationFlags flags, 3887 TNode<RawPtrT> top_address, 3888 TNode<RawPtrT> limit_address); 3889 TNode<HeapObject> AllocateRawUnaligned(TNode<IntPtrT> size_in_bytes, 3890 AllocationFlags flags, 3891 TNode<RawPtrT> top_address, 3892 TNode<RawPtrT> limit_address); 3893 TNode<HeapObject> AllocateRaw(TNode<IntPtrT> size_in_bytes, 3894 AllocationFlags flags, 3895 TNode<RawPtrT> top_address, 3896 TNode<RawPtrT> limit_address); 3897 3898 // Allocate and return a JSArray of given total size in bytes with header 3899 // fields initialized. 3900 TNode<JSArray> AllocateUninitializedJSArray( 3901 TNode<Map> array_map, TNode<Smi> length, 3902 TNode<AllocationSite> allocation_site, TNode<IntPtrT> size_in_bytes); 3903 3904 TNode<BoolT> IsValidSmi(TNode<Smi> smi); 3905 SmiShiftBitsConstant()3906 TNode<IntPtrT> SmiShiftBitsConstant() { 3907 return IntPtrConstant(kSmiShiftSize + kSmiTagSize); 3908 } SmiShiftBitsConstant32()3909 TNode<Int32T> SmiShiftBitsConstant32() { 3910 return Int32Constant(kSmiShiftSize + kSmiTagSize); 3911 } 3912 3913 TNode<String> AllocateSlicedString(RootIndex map_root_index, 3914 TNode<Uint32T> length, 3915 TNode<String> parent, TNode<Smi> offset); 3916 3917 // Implements [Descriptor/Transition]Array::number_of_entries. 3918 template <typename Array> 3919 TNode<Uint32T> NumberOfEntries(TNode<Array> array); 3920 3921 // Implements [Descriptor/Transition]Array::GetSortedKeyIndex. 3922 template <typename Array> 3923 TNode<Uint32T> GetSortedKeyIndex(TNode<Array> descriptors, 3924 TNode<Uint32T> entry_index); 3925 3926 TNode<Smi> CollectFeedbackForString(SloppyTNode<Int32T> instance_type); 3927 void GenerateEqual_Same(SloppyTNode<Object> value, Label* if_equal, 3928 Label* if_notequal, 3929 TVariable<Smi>* var_type_feedback = nullptr); 3930 3931 static const int kElementLoopUnrollThreshold = 8; 3932 3933 // {convert_bigint} is only meaningful when {mode} == kToNumber. 3934 TNode<Numeric> NonNumberToNumberOrNumeric( 3935 TNode<Context> context, TNode<HeapObject> input, Object::Conversion mode, 3936 BigIntHandling bigint_handling = BigIntHandling::kThrow); 3937 3938 void TaggedToNumeric(TNode<Context> context, TNode<Object> value, 3939 TVariable<Numeric>* var_numeric, 3940 TVariable<Smi>* var_feedback); 3941 3942 template <Object::Conversion conversion> 3943 void TaggedToWord32OrBigIntImpl(TNode<Context> context, TNode<Object> value, 3944 Label* if_number, 3945 TVariable<Word32T>* var_word32, 3946 Label* if_bigint = nullptr, 3947 TVariable<BigInt>* var_maybe_bigint = nullptr, 3948 TVariable<Smi>* var_feedback = nullptr); 3949 3950 Node* LoadObjectField(SloppyTNode<HeapObject> object, int offset, 3951 MachineType type); 3952 Node* LoadObjectField(SloppyTNode<HeapObject> object, 3953 SloppyTNode<IntPtrT> offset, MachineType type); 3954 3955 // Low-level accessors for Descriptor arrays. 3956 template <typename T> 3957 TNode<T> LoadDescriptorArrayElement(TNode<DescriptorArray> object, 3958 TNode<IntPtrT> index, 3959 int additional_offset); 3960 3961 // Hide LoadRoot for subclasses of CodeStubAssembler. If you get an error 3962 // complaining about this method, don't make it public, add your root to 3963 // HEAP_(IM)MUTABLE_IMMOVABLE_OBJECT_LIST instead. If you *really* need 3964 // LoadRoot, use CodeAssembler::LoadRoot. LoadRoot(RootIndex root_index)3965 TNode<Object> LoadRoot(RootIndex root_index) { 3966 return CodeAssembler::LoadRoot(root_index); 3967 } 3968 3969 void StoreFixedArrayOrPropertyArrayElement( 3970 TNode<UnionT<FixedArray, PropertyArray>> array, Node* index, 3971 TNode<Object> value, WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER, 3972 int additional_offset = 0, 3973 ParameterMode parameter_mode = INTPTR_PARAMETERS); 3974 }; 3975 3976 // template <typename TIndex> 3977 class V8_EXPORT_PRIVATE CodeStubArguments { 3978 public: 3979 using Node = compiler::Node; 3980 enum ReceiverMode { kHasReceiver, kNoReceiver }; 3981 3982 // |argc| specifies the number of arguments passed to the builtin excluding 3983 // the receiver. The arguments will include a receiver iff |receiver_mode| 3984 // is kHasReceiver. 3985 CodeStubArguments(CodeStubAssembler* assembler, TNode<IntPtrT> argc, 3986 ReceiverMode receiver_mode = ReceiverMode::kHasReceiver) CodeStubArguments(assembler,argc,TNode<RawPtrT> (),receiver_mode)3987 : CodeStubArguments(assembler, argc, TNode<RawPtrT>(), receiver_mode) {} 3988 3989 CodeStubArguments(CodeStubAssembler* assembler, TNode<Int32T> argc, 3990 ReceiverMode receiver_mode = ReceiverMode::kHasReceiver) 3991 : CodeStubArguments(assembler, assembler->ChangeInt32ToIntPtr(argc), 3992 TNode<RawPtrT>(), receiver_mode) {} 3993 3994 // TODO(v8:9708): Consider removing this variant 3995 CodeStubArguments(CodeStubAssembler* assembler, TNode<Smi> argc, 3996 ReceiverMode receiver_mode = ReceiverMode::kHasReceiver) 3997 : CodeStubArguments(assembler, assembler->ParameterToIntPtr(argc), 3998 TNode<RawPtrT>(), receiver_mode) {} 3999 4000 // |argc| specifies the number of arguments passed to the builtin excluding 4001 // the receiver. The arguments will include a receiver iff |receiver_mode| 4002 // is kHasReceiver. 4003 CodeStubArguments(CodeStubAssembler* assembler, TNode<IntPtrT> argc, 4004 TNode<RawPtrT> fp, 4005 ReceiverMode receiver_mode = ReceiverMode::kHasReceiver); 4006 4007 CodeStubArguments(CodeStubAssembler* assembler, TNode<Smi> argc, 4008 TNode<RawPtrT> fp, 4009 ReceiverMode receiver_mode = ReceiverMode::kHasReceiver) 4010 : CodeStubArguments(assembler, assembler->ParameterToIntPtr(argc), fp, 4011 receiver_mode) {} 4012 4013 // Used by Torque to construct arguments based on a Torque-defined 4014 // struct of values. CodeStubArguments(CodeStubAssembler * assembler,TorqueStructArguments torque_arguments)4015 CodeStubArguments(CodeStubAssembler* assembler, 4016 TorqueStructArguments torque_arguments) 4017 : assembler_(assembler), 4018 receiver_mode_(ReceiverMode::kHasReceiver), 4019 argc_(torque_arguments.length), 4020 base_(torque_arguments.base), 4021 fp_(torque_arguments.frame) {} 4022 4023 TNode<Object> GetReceiver() const; 4024 // Replaces receiver argument on the expression stack. Should be used only 4025 // for manipulating arguments in trampoline builtins before tail calling 4026 // further with passing all the JS arguments as is. 4027 void SetReceiver(TNode<Object> object) const; 4028 4029 // Computes address of the index'th argument. 4030 TNode<RawPtrT> AtIndexPtr(TNode<IntPtrT> index) const; AtIndexPtr(TNode<Smi> index)4031 TNode<RawPtrT> AtIndexPtr(TNode<Smi> index) const { 4032 return AtIndexPtr(assembler_->ParameterToIntPtr(index)); 4033 } 4034 4035 // |index| is zero-based and does not include the receiver 4036 TNode<Object> AtIndex(TNode<IntPtrT> index) const; 4037 // TODO(v8:9708): Consider removing this variant AtIndex(TNode<Smi> index)4038 TNode<Object> AtIndex(TNode<Smi> index) const { 4039 return AtIndex(assembler_->ParameterToIntPtr(index)); 4040 } 4041 4042 TNode<Object> AtIndex(int index) const; 4043 GetOptionalArgumentValue(int index)4044 TNode<Object> GetOptionalArgumentValue(int index) { 4045 return GetOptionalArgumentValue(index, assembler_->UndefinedConstant()); 4046 } 4047 TNode<Object> GetOptionalArgumentValue(int index, 4048 TNode<Object> default_value); 4049 GetLength()4050 TNode<IntPtrT> GetLength() const { return argc_; } 4051 GetTorqueArguments()4052 TorqueStructArguments GetTorqueArguments() const { 4053 return TorqueStructArguments{fp_, base_, argc_}; 4054 } 4055 GetOptionalArgumentValue(TNode<IntPtrT> index)4056 TNode<Object> GetOptionalArgumentValue(TNode<IntPtrT> index) { 4057 return GetOptionalArgumentValue(index, assembler_->UndefinedConstant()); 4058 } 4059 TNode<Object> GetOptionalArgumentValue(TNode<IntPtrT> index, 4060 TNode<Object> default_value); 4061 4062 using ForEachBodyFunction = std::function<void(TNode<Object> arg)>; 4063 4064 // Iteration doesn't include the receiver. |first| and |last| are zero-based. 4065 template <typename TIndex> 4066 void ForEach(const ForEachBodyFunction& body, TNode<TIndex> first = {}, 4067 TNode<TIndex> last = {}) const { 4068 CodeStubAssembler::VariableList list(0, assembler_->zone()); 4069 ForEach(list, body, first, last); 4070 } 4071 4072 // Iteration doesn't include the receiver. |first| and |last| are zero-based. 4073 void ForEach(const CodeStubAssembler::VariableList& vars, 4074 const ForEachBodyFunction& body, TNode<IntPtrT> first = {}, 4075 TNode<IntPtrT> last = {}) const; 4076 4077 void ForEach(const CodeStubAssembler::VariableList& vars, 4078 const ForEachBodyFunction& body, TNode<Smi> first, 4079 TNode<Smi> last = {}) const { 4080 TNode<IntPtrT> first_intptr = assembler_->ParameterToIntPtr(first); 4081 TNode<IntPtrT> last_intptr; 4082 if (last != nullptr) { 4083 last_intptr = assembler_->ParameterToIntPtr(last); 4084 } 4085 return ForEach(vars, body, first_intptr, last_intptr); 4086 } 4087 4088 void PopAndReturn(TNode<Object> value); 4089 4090 private: 4091 CodeStubAssembler* assembler_; 4092 ReceiverMode receiver_mode_; 4093 TNode<IntPtrT> argc_; 4094 TNode<RawPtrT> base_; 4095 TNode<RawPtrT> fp_; 4096 }; 4097 4098 class ToDirectStringAssembler : public CodeStubAssembler { 4099 private: 4100 enum StringPointerKind { PTR_TO_DATA, PTR_TO_STRING }; 4101 4102 public: 4103 enum Flag { 4104 kDontUnpackSlicedStrings = 1 << 0, 4105 }; 4106 using Flags = base::Flags<Flag>; 4107 4108 ToDirectStringAssembler(compiler::CodeAssemblerState* state, 4109 TNode<String> string, Flags flags = Flags()); 4110 4111 // Converts flat cons, thin, and sliced strings and returns the direct 4112 // string. The result can be either a sequential or external string. 4113 // Jumps to if_bailout if the string if the string is indirect and cannot 4114 // be unpacked. 4115 TNode<String> TryToDirect(Label* if_bailout); 4116 4117 // Returns a pointer to the beginning of the string data. 4118 // Jumps to if_bailout if the external string cannot be unpacked. PointerToData(Label * if_bailout)4119 TNode<RawPtrT> PointerToData(Label* if_bailout) { 4120 return TryToSequential(PTR_TO_DATA, if_bailout); 4121 } 4122 4123 // Returns a pointer that, offset-wise, looks like a String. 4124 // Jumps to if_bailout if the external string cannot be unpacked. PointerToString(Label * if_bailout)4125 TNode<RawPtrT> PointerToString(Label* if_bailout) { 4126 return TryToSequential(PTR_TO_STRING, if_bailout); 4127 } 4128 string()4129 TNode<String> string() { return var_string_.value(); } instance_type()4130 TNode<Int32T> instance_type() { return var_instance_type_.value(); } offset()4131 TNode<IntPtrT> offset() { return var_offset_.value(); } is_external()4132 TNode<Word32T> is_external() { return var_is_external_.value(); } 4133 4134 private: 4135 TNode<RawPtrT> TryToSequential(StringPointerKind ptr_kind, Label* if_bailout); 4136 4137 TVariable<String> var_string_; 4138 TVariable<Int32T> var_instance_type_; 4139 // TODO(v8:9880): Use UintPtrT here. 4140 TVariable<IntPtrT> var_offset_; 4141 TVariable<Word32T> var_is_external_; 4142 4143 const Flags flags_; 4144 }; 4145 4146 // Performs checks on a given prototype (e.g. map identity, property 4147 // verification), intended for use in fast path checks. 4148 class PrototypeCheckAssembler : public CodeStubAssembler { 4149 public: 4150 enum Flag { 4151 kCheckPrototypePropertyConstness = 1 << 0, 4152 kCheckPrototypePropertyIdentity = 1 << 1, 4153 kCheckFull = 4154 kCheckPrototypePropertyConstness | kCheckPrototypePropertyIdentity, 4155 }; 4156 using Flags = base::Flags<Flag>; 4157 4158 // A tuple describing a relevant property. It contains the descriptor index of 4159 // the property (within the descriptor array), the property's expected name 4160 // (stored as a root), and the property's expected value (stored on the native 4161 // context). 4162 struct DescriptorIndexNameValue { 4163 int descriptor_index; 4164 RootIndex name_root_index; 4165 int expected_value_context_index; 4166 }; 4167 4168 PrototypeCheckAssembler(compiler::CodeAssemblerState* state, Flags flags, 4169 TNode<NativeContext> native_context, 4170 TNode<Map> initial_prototype_map, 4171 Vector<DescriptorIndexNameValue> properties); 4172 4173 void CheckAndBranch(TNode<HeapObject> prototype, Label* if_unmodified, 4174 Label* if_modified); 4175 4176 private: 4177 const Flags flags_; 4178 const TNode<NativeContext> native_context_; 4179 const TNode<Map> initial_prototype_map_; 4180 const Vector<DescriptorIndexNameValue> properties_; 4181 }; 4182 4183 DEFINE_OPERATORS_FOR_FLAGS(CodeStubAssembler::AllocationFlags) 4184 4185 } // namespace internal 4186 } // namespace v8 4187 #endif // V8_CODEGEN_CODE_STUB_ASSEMBLER_H_ 4188