Line data Source code
1 : // Copyright 2014 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include "src/compiler/js-inlining.h"
6 :
7 : #include "src/ast/ast.h"
8 : #include "src/compiler.h"
9 : #include "src/compiler/all-nodes.h"
10 : #include "src/compiler/bytecode-graph-builder.h"
11 : #include "src/compiler/common-operator.h"
12 : #include "src/compiler/compiler-source-position-table.h"
13 : #include "src/compiler/graph-reducer.h"
14 : #include "src/compiler/js-operator.h"
15 : #include "src/compiler/node-matchers.h"
16 : #include "src/compiler/node-properties.h"
17 : #include "src/compiler/operator-properties.h"
18 : #include "src/compiler/simplified-operator.h"
19 : #include "src/isolate-inl.h"
20 : #include "src/objects/feedback-cell-inl.h"
21 : #include "src/optimized-compilation-info.h"
22 : #include "src/parsing/parse-info.h"
23 :
24 : namespace v8 {
25 : namespace internal {
26 : namespace compiler {
27 :
28 : namespace {
29 : // This is just to avoid some corner cases, especially since we allow recursive
30 : // inlining.
31 : static const int kMaxDepthForInlining = 50;
32 : } // namespace
33 :
34 : #define TRACE(...) \
35 : do { \
36 : if (FLAG_trace_turbo_inlining) PrintF(__VA_ARGS__); \
37 : } while (false)
38 :
39 :
40 : // Provides convenience accessors for the common layout of nodes having either
41 : // the {JSCall} or the {JSConstruct} operator.
42 : class JSCallAccessor {
43 : public:
44 67012 : explicit JSCallAccessor(Node* call) : call_(call) {
45 : DCHECK(call->opcode() == IrOpcode::kJSCall ||
46 : call->opcode() == IrOpcode::kJSConstruct);
47 : }
48 :
49 : Node* target() {
50 : // Both, {JSCall} and {JSConstruct}, have same layout here.
51 3601 : return call_->InputAt(0);
52 : }
53 :
54 : Node* receiver() {
55 : DCHECK_EQ(IrOpcode::kJSCall, call_->opcode());
56 115294 : return call_->InputAt(1);
57 : }
58 :
59 : Node* new_target() {
60 : DCHECK_EQ(IrOpcode::kJSConstruct, call_->opcode());
61 5201 : return call_->InputAt(formal_arguments() + 1);
62 : }
63 :
64 : Node* frame_state() {
65 : // Both, {JSCall} and {JSConstruct}, have frame state.
66 133968 : return NodeProperties::GetFrameStateInput(call_);
67 : }
68 :
69 : int formal_arguments() {
70 : // Both, {JSCall} and {JSConstruct}, have two extra inputs:
71 : // - JSConstruct: Includes target function and new target.
72 : // - JSCall: Includes target function and receiver.
73 161966 : return call_->op()->ValueInputCount() - 2;
74 : }
75 :
76 66980 : CallFrequency frequency() const {
77 66980 : return (call_->opcode() == IrOpcode::kJSCall)
78 61779 : ? CallParametersOf(call_->op()).frequency()
79 128759 : : ConstructParametersOf(call_->op()).frequency();
80 : }
81 :
82 : private:
83 : Node* call_;
84 : };
85 :
86 133960 : Reduction JSInliner::InlineCall(Node* call, Node* new_target, Node* context,
87 66980 : Node* frame_state, Node* start, Node* end,
88 : Node* exception_target,
89 24470 : const NodeVector& uncaught_subcalls) {
90 : // The scheduler is smart enough to place our code; we just ensure {control}
91 : // becomes the control input of the start of the inlinee, and {effect} becomes
92 : // the effect input of the start of the inlinee.
93 66980 : Node* control = NodeProperties::GetControlInput(call);
94 66980 : Node* effect = NodeProperties::GetEffectInput(call);
95 :
96 : int const inlinee_new_target_index =
97 133960 : static_cast<int>(start->op()->ValueOutputCount()) - 3;
98 : int const inlinee_arity_index =
99 66980 : static_cast<int>(start->op()->ValueOutputCount()) - 2;
100 : int const inlinee_context_index =
101 66980 : static_cast<int>(start->op()->ValueOutputCount()) - 1;
102 :
103 : // {inliner_inputs} counts JSFunction, receiver, arguments, but not
104 : // new target value, argument count, context, effect or control.
105 66980 : int inliner_inputs = call->op()->ValueInputCount();
106 : // Iterate over all uses of the start node.
107 2478648 : for (Edge edge : start->use_edges()) {
108 1172344 : Node* use = edge.from();
109 1172344 : switch (use->opcode()) {
110 : case IrOpcode::kParameter: {
111 340887 : int index = 1 + ParameterIndexOf(use->op());
112 : DCHECK_LE(index, inlinee_context_index);
113 340887 : if (index < inliner_inputs && index < inlinee_new_target_index) {
114 : // There is an input from the call, and the index is a value
115 : // projection but not the context, so rewire the input.
116 480372 : Replace(use, call->InputAt(index));
117 91328 : } else if (index == inlinee_new_target_index) {
118 : // The projection is requesting the new target value.
119 : Replace(use, new_target);
120 89137 : } else if (index == inlinee_arity_index) {
121 : // The projection is requesting the number of arguments.
122 0 : Replace(use, jsgraph()->Constant(inliner_inputs - 2));
123 89137 : } else if (index == inlinee_context_index) {
124 : // The projection is requesting the inlinee function context.
125 : Replace(use, context);
126 : } else {
127 : // Call has fewer arguments than required, fill with undefined.
128 22157 : Replace(use, jsgraph()->UndefinedConstant());
129 : }
130 : break;
131 : }
132 : default:
133 831457 : if (NodeProperties::IsEffectEdge(edge)) {
134 67941 : edge.UpdateTo(effect);
135 763516 : } else if (NodeProperties::IsControlEdge(edge)) {
136 220494 : edge.UpdateTo(control);
137 543022 : } else if (NodeProperties::IsFrameStateEdge(edge)) {
138 543022 : edge.UpdateTo(frame_state);
139 : } else {
140 0 : UNREACHABLE();
141 : }
142 : break;
143 : }
144 : }
145 :
146 66980 : if (exception_target != nullptr) {
147 : // Link uncaught calls in the inlinee to {exception_target}
148 7422 : int subcall_count = static_cast<int>(uncaught_subcalls.size());
149 3711 : if (subcall_count > 0) {
150 3582 : TRACE(
151 : "Inlinee contains %d calls without local exception handler; "
152 : "linking to surrounding exception handler\n",
153 : subcall_count);
154 : }
155 3711 : NodeVector on_exception_nodes(local_zone_);
156 26328 : for (Node* subcall : uncaught_subcalls) {
157 18906 : Node* on_success = graph()->NewNode(common()->IfSuccess(), subcall);
158 18906 : NodeProperties::ReplaceUses(subcall, subcall, subcall, on_success);
159 18906 : NodeProperties::ReplaceControlInput(on_success, subcall);
160 : Node* on_exception =
161 37812 : graph()->NewNode(common()->IfException(), subcall, subcall);
162 18906 : on_exception_nodes.push_back(on_exception);
163 : }
164 :
165 : DCHECK_EQ(subcall_count, static_cast<int>(on_exception_nodes.size()));
166 3711 : if (subcall_count > 0) {
167 : Node* control_output =
168 : graph()->NewNode(common()->Merge(subcall_count), subcall_count,
169 7164 : &on_exception_nodes.front());
170 3582 : NodeVector values_effects(local_zone_);
171 : values_effects = on_exception_nodes;
172 3582 : values_effects.push_back(control_output);
173 : Node* value_output = graph()->NewNode(
174 : common()->Phi(MachineRepresentation::kTagged, subcall_count),
175 10746 : subcall_count + 1, &values_effects.front());
176 : Node* effect_output =
177 : graph()->NewNode(common()->EffectPhi(subcall_count),
178 7164 : subcall_count + 1, &values_effects.front());
179 : ReplaceWithValue(exception_target, value_output, effect_output,
180 3582 : control_output);
181 : } else {
182 : ReplaceWithValue(exception_target, exception_target, exception_target,
183 129 : jsgraph()->Dead());
184 : }
185 : }
186 :
187 66980 : NodeVector values(local_zone_);
188 : NodeVector effects(local_zone_);
189 : NodeVector controls(local_zone_);
190 481094 : for (Node* const input : end->inputs()) {
191 173567 : switch (input->opcode()) {
192 : case IrOpcode::kReturn:
193 209546 : values.push_back(NodeProperties::GetValueInput(input, 1));
194 209546 : effects.push_back(NodeProperties::GetEffectInput(input));
195 209546 : controls.push_back(NodeProperties::GetControlInput(input));
196 104773 : break;
197 : case IrOpcode::kDeoptimize:
198 : case IrOpcode::kTerminate:
199 : case IrOpcode::kThrow:
200 68794 : NodeProperties::MergeControlToEnd(graph(), common(), input);
201 68794 : Revisit(graph()->end());
202 : break;
203 : default:
204 0 : UNREACHABLE();
205 : break;
206 : }
207 : }
208 : DCHECK_EQ(values.size(), effects.size());
209 : DCHECK_EQ(values.size(), controls.size());
210 :
211 : // Depending on whether the inlinee produces a value, we either replace value
212 : // uses with said value or kill value uses if no value can be returned.
213 133960 : if (values.size() > 0) {
214 132504 : int const input_count = static_cast<int>(controls.size());
215 : Node* control_output = graph()->NewNode(common()->Merge(input_count),
216 132504 : input_count, &controls.front());
217 66252 : values.push_back(control_output);
218 66252 : effects.push_back(control_output);
219 : Node* value_output = graph()->NewNode(
220 : common()->Phi(MachineRepresentation::kTagged, input_count),
221 265008 : static_cast<int>(values.size()), &values.front());
222 : Node* effect_output =
223 : graph()->NewNode(common()->EffectPhi(input_count),
224 265008 : static_cast<int>(effects.size()), &effects.front());
225 66252 : ReplaceWithValue(call, value_output, effect_output, control_output);
226 : return Changed(value_output);
227 : } else {
228 : ReplaceWithValue(call, jsgraph()->Dead(), jsgraph()->Dead(),
229 2184 : jsgraph()->Dead());
230 : return Changed(call);
231 : }
232 : }
233 :
234 32634 : Node* JSInliner::CreateArtificialFrameState(Node* node, Node* outer_frame_state,
235 : int parameter_count,
236 : BailoutId bailout_id,
237 : FrameStateType frame_state_type,
238 : Handle<SharedFunctionInfo> shared,
239 23832 : Node* context) {
240 : const FrameStateFunctionInfo* state_info =
241 : common()->CreateFrameStateFunctionInfo(frame_state_type,
242 65268 : parameter_count + 1, 0, shared);
243 :
244 : const Operator* op = common()->FrameState(
245 32634 : bailout_id, OutputFrameStateCombine::Ignore(), state_info);
246 32634 : const Operator* op0 = common()->StateValues(0, SparseInputMask::Dense());
247 : Node* node0 = graph()->NewNode(op0);
248 32634 : NodeVector params(local_zone_);
249 159662 : for (int parameter = 0; parameter < parameter_count + 1; ++parameter) {
250 283182 : params.push_back(node->InputAt(1 + parameter));
251 : }
252 : const Operator* op_param = common()->StateValues(
253 97902 : static_cast<int>(params.size()), SparseInputMask::Dense());
254 : Node* params_node = graph()->NewNode(
255 97902 : op_param, static_cast<int>(params.size()), ¶ms.front());
256 32634 : if (!context) {
257 23832 : context = jsgraph()->UndefinedConstant();
258 : }
259 : return graph()->NewNode(op, params_node, node0, node0, context,
260 32634 : node->InputAt(0), outer_frame_state);
261 : }
262 :
263 : namespace {
264 :
265 : // TODO(mstarzinger,verwaest): Move this predicate onto SharedFunctionInfo?
266 5201 : bool NeedsImplicitReceiver(Handle<SharedFunctionInfo> shared_info) {
267 : DisallowHeapAllocation no_gc;
268 5201 : if (!shared_info->construct_as_builtin()) {
269 5201 : return !IsDerivedConstructor(shared_info->kind());
270 : } else {
271 : return false;
272 : }
273 : }
274 :
275 : } // namespace
276 :
277 : // Determines whether the call target of the given call {node} is statically
278 : // known and can be used as an inlining candidate. The {SharedFunctionInfo} of
279 : // the call target is provided (the exact closure might be unknown).
280 67012 : bool JSInliner::DetermineCallTarget(
281 130120 : Node* node, Handle<SharedFunctionInfo>& shared_info_out) {
282 : DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
283 : HeapObjectMatcher match(node->InputAt(0));
284 :
285 : // This reducer can handle both normal function calls as well a constructor
286 : // calls whenever the target is a constant function object, as follows:
287 : // - JSCall(target:constant, receiver, args...)
288 : // - JSConstruct(target:constant, args..., new.target)
289 197178 : if (match.HasValue() && match.Value()->IsJSFunction()) {
290 65083 : Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
291 :
292 : // Don't inline if the function has never run.
293 65083 : if (!function->has_feedback_vector()) return false;
294 :
295 : // Disallow cross native-context inlining for now. This means that all parts
296 : // of the resulting code will operate on the same global object. This also
297 : // prevents cross context leaks, where we could inline functions from a
298 : // different context and hold on to that context (and closure) from the code
299 : // object.
300 : // TODO(turbofan): We might want to revisit this restriction later when we
301 : // have a need for this, and we know how to model different native contexts
302 : // in the same graph in a compositional way.
303 195180 : if (function->native_context() != info_->native_context()) {
304 : return false;
305 : }
306 :
307 : JSFunctionRef ref(broker(), function);
308 65060 : if (FLAG_concurrent_inlining && !ref.serialized_for_compilation()) {
309 0 : TRACE_BROKER(broker(), "Missed opportunity to inline a function ("
310 : << Brief(*match.Value()) << ")");
311 : }
312 :
313 130120 : shared_info_out = handle(function->shared(), isolate());
314 65060 : return true;
315 : }
316 :
317 : // This reducer can also handle calls where the target is statically known to
318 : // be the result of a closure instantiation operation, as follows:
319 : // - JSCall(JSCreateClosure[shared](context), receiver, args...)
320 : // - JSConstruct(JSCreateClosure[shared](context), args..., new.target)
321 1929 : if (match.IsJSCreateClosure()) {
322 1929 : CreateClosureParameters const& p = CreateClosureParametersOf(match.op());
323 :
324 : // Disallow inlining in case the instantiation site was never run and hence
325 : // the vector cell does not contain a valid feedback vector for the call
326 : // target.
327 : // TODO(turbofan): We might consider to eagerly create the feedback vector
328 : // in such a case (in {DetermineCallContext} below) eventually.
329 : Handle<FeedbackCell> cell = p.feedback_cell();
330 3858 : if (!cell->value()->IsFeedbackVector()) return false;
331 :
332 1928 : shared_info_out = p.shared_info();
333 1928 : return true;
334 : }
335 :
336 : return false;
337 : }
338 :
339 : // Determines statically known information about the call target (assuming that
340 : // the call target is known according to {DetermineCallTarget} above). The
341 : // following static information is provided:
342 : // - context : The context (as SSA value) bound by the call target.
343 : // - feedback_vector : The target is guaranteed to use this feedback vector.
344 66980 : void JSInliner::DetermineCallContext(
345 : Node* node, Node*& context_out,
346 197092 : Handle<FeedbackVector>& feedback_vector_out) {
347 : DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
348 : HeapObjectMatcher match(node->InputAt(0));
349 :
350 197092 : if (match.HasValue() && match.Value()->IsJSFunction()) {
351 65056 : Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
352 65056 : CHECK(function->has_feedback_vector());
353 :
354 : // The inlinee specializes to the context from the JSFunction object.
355 130112 : context_out = jsgraph()->Constant(handle(function->context(), isolate()));
356 130112 : feedback_vector_out = handle(function->feedback_vector(), isolate());
357 : return;
358 : }
359 :
360 1924 : if (match.IsJSCreateClosure()) {
361 1924 : CreateClosureParameters const& p = CreateClosureParametersOf(match.op());
362 :
363 : // Load the feedback vector of the target by looking up its vector cell at
364 : // the instantiation site (we only decide to inline if it's populated).
365 : Handle<FeedbackCell> cell = p.feedback_cell();
366 : DCHECK(cell->value()->IsFeedbackVector());
367 :
368 : // The inlinee uses the locally provided context at instantiation.
369 1924 : context_out = NodeProperties::GetContextInput(match.node());
370 : feedback_vector_out =
371 3848 : handle(FeedbackVector::cast(cell->value()), isolate());
372 : return;
373 : }
374 :
375 : // Must succeed.
376 0 : UNREACHABLE();
377 : }
378 :
379 0 : Reduction JSInliner::Reduce(Node* node) {
380 0 : if (!IrOpcode::IsInlineeOpcode(node->opcode())) return NoChange();
381 0 : return ReduceJSCall(node);
382 : }
383 :
384 66980 : Handle<Context> JSInliner::native_context() const {
385 133960 : return handle(info_->native_context(), isolate());
386 : }
387 :
388 769163 : Reduction JSInliner::ReduceJSCall(Node* node) {
389 : DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
390 : Handle<SharedFunctionInfo> shared_info;
391 : JSCallAccessor call(node);
392 :
393 : // Determine the call target.
394 67012 : if (!DetermineCallTarget(node, shared_info)) return NoChange();
395 :
396 : DCHECK(shared_info->IsInlineable());
397 :
398 : // Constructor must be constructable.
399 72189 : if (node->opcode() == IrOpcode::kJSConstruct &&
400 5201 : !IsConstructable(shared_info->kind())) {
401 0 : TRACE("Not inlining %s into %s because constructor is not constructable.\n",
402 : shared_info->DebugName()->ToCString().get(),
403 : info_->shared_info()->DebugName()->ToCString().get());
404 : return NoChange();
405 : }
406 :
407 : // Class constructors are callable, but [[Call]] will raise an exception.
408 : // See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
409 128775 : if (node->opcode() == IrOpcode::kJSCall &&
410 : IsClassConstructor(shared_info->kind())) {
411 0 : TRACE("Not inlining %s into %s because callee is a class constructor.\n",
412 : shared_info->DebugName()->ToCString().get(),
413 : info_->shared_info()->DebugName()->ToCString().get());
414 : return NoChange();
415 : }
416 :
417 : // Function contains break points.
418 66988 : if (shared_info->HasBreakInfo()) {
419 0 : TRACE("Not inlining %s into %s because callee may contain break points\n",
420 : shared_info->DebugName()->ToCString().get(),
421 : info_->shared_info()->DebugName()->ToCString().get());
422 : return NoChange();
423 : }
424 :
425 : // To ensure inlining always terminates, we have an upper limit on inlining
426 : // the nested calls.
427 : int nesting_level = 0;
428 497300 : for (Node* frame_state = call.frame_state();
429 : frame_state->opcode() == IrOpcode::kFrameState;
430 : frame_state = frame_state->InputAt(kFrameStateOuterStateInput)) {
431 148176 : nesting_level++;
432 148176 : if (nesting_level > kMaxDepthForInlining) {
433 8 : TRACE(
434 : "Not inlining %s into %s because call has exceeded the maximum depth "
435 : "for function inlining\n",
436 : shared_info->DebugName()->ToCString().get(),
437 : info_->shared_info()->DebugName()->ToCString().get());
438 : return NoChange();
439 : }
440 : }
441 :
442 : // Calls surrounded by a local try-block are only inlined if the appropriate
443 : // flag is active. We also discover the {IfException} projection this way.
444 66980 : Node* exception_target = nullptr;
445 70691 : if (NodeProperties::IsExceptionalCall(node, &exception_target) &&
446 3711 : !FLAG_inline_into_try) {
447 0 : TRACE(
448 : "Try block surrounds #%d:%s and --no-inline-into-try active, so not "
449 : "inlining %s into %s.\n",
450 : exception_target->id(), exception_target->op()->mnemonic(),
451 : shared_info->DebugName()->ToCString().get(),
452 : info_->shared_info()->DebugName()->ToCString().get());
453 : return NoChange();
454 : }
455 :
456 66980 : IsCompiledScope is_compiled_scope(shared_info->is_compiled_scope());
457 66980 : if (!is_compiled_scope.is_compiled() &&
458 : !Compiler::Compile(shared_info, Compiler::CLEAR_EXCEPTION,
459 0 : &is_compiled_scope)) {
460 0 : TRACE("Not inlining %s into %s because bytecode generation failed\n",
461 : shared_info->DebugName()->ToCString().get(),
462 : info_->shared_info()->DebugName()->ToCString().get());
463 : return NoChange();
464 : }
465 :
466 : // ----------------------------------------------------------------
467 : // After this point, we've made a decision to inline this function.
468 : // We shall not bailout from inlining if we got here.
469 :
470 66980 : TRACE("Inlining %s into %s%s\n", shared_info->DebugName()->ToCString().get(),
471 : info_->shared_info()->DebugName()->ToCString().get(),
472 : (exception_target != nullptr) ? " (inside try-block)" : "");
473 :
474 : // Get the bytecode array.
475 : Handle<BytecodeArray> bytecode_array =
476 133960 : handle(shared_info->GetBytecodeArray(), isolate());
477 :
478 : // Determine the targets feedback vector and its context.
479 : Node* context;
480 : Handle<FeedbackVector> feedback_vector;
481 66980 : DetermineCallContext(node, context, feedback_vector);
482 :
483 : // Remember that we inlined this function.
484 : int inlining_id = info_->AddInlinedFunction(
485 66980 : shared_info, bytecode_array, source_positions_->GetSourcePosition(node));
486 :
487 : // Create the subgraph for the inlinee.
488 : Node* start;
489 : Node* end;
490 : {
491 : // Run the BytecodeGraphBuilder to create the subgraph.
492 : Graph::SubgraphScope scope(graph());
493 : JSTypeHintLowering::Flags flags = JSTypeHintLowering::kNoFlags;
494 133960 : if (info_->is_bailout_on_uninitialized()) {
495 : flags |= JSTypeHintLowering::kBailoutOnUninitialized;
496 : }
497 66980 : CallFrequency frequency = call.frequency();
498 : BytecodeGraphBuilder graph_builder(
499 : zone(), bytecode_array, shared_info, feedback_vector, BailoutId::None(),
500 : jsgraph(), frequency, source_positions_, native_context(), inlining_id,
501 267920 : flags, false, info_->is_analyze_environment_liveness());
502 66980 : graph_builder.CreateGraph();
503 :
504 : // Extract the inlinee start/end nodes.
505 66980 : start = graph()->start();
506 66980 : end = graph()->end();
507 : }
508 :
509 : // If we are inlining into a surrounding exception handler, we collect all
510 : // potentially throwing nodes within the inlinee that are not handled locally
511 : // by the inlinee itself. They are later wired into the surrounding handler.
512 66980 : NodeVector uncaught_subcalls(local_zone_);
513 66980 : if (exception_target != nullptr) {
514 : // Find all uncaught 'calls' in the inlinee.
515 3711 : AllNodes inlined_nodes(local_zone_, end, graph());
516 215157 : for (Node* subnode : inlined_nodes.reachable) {
517 : // Every possibly throwing node should get {IfSuccess} and {IfException}
518 : // projections, unless there already is local exception handling.
519 415470 : if (subnode->op()->HasProperty(Operator::kNoThrow)) continue;
520 20222 : if (!NodeProperties::IsExceptionalCall(subnode)) {
521 : DCHECK_EQ(2, subnode->op()->ControlOutputCount());
522 18442 : uncaught_subcalls.push_back(subnode);
523 : }
524 : }
525 : }
526 :
527 : Node* frame_state = call.frame_state();
528 66980 : Node* new_target = jsgraph()->UndefinedConstant();
529 :
530 : // Inline {JSConstruct} requires some additional magic.
531 66980 : if (node->opcode() == IrOpcode::kJSConstruct) {
532 : // Swizzle the inputs of the {JSConstruct} node to look like inputs to a
533 : // normal {JSCall} node so that the rest of the inlining machinery
534 : // behaves as if we were dealing with a regular function invocation.
535 : new_target = call.new_target(); // Retrieve new target value input.
536 5201 : node->RemoveInput(call.formal_arguments() + 1); // Drop new target.
537 5201 : node->InsertInput(graph()->zone(), 1, new_target);
538 :
539 : // Insert nodes around the call that model the behavior required for a
540 : // constructor dispatch (allocate implicit receiver and check return value).
541 : // This models the behavior usually accomplished by our {JSConstructStub}.
542 : // Note that the context has to be the callers context (input to call node).
543 : // Also note that by splitting off the {JSCreate} piece of the constructor
544 : // call, we create an observable deoptimization point after the receiver
545 : // instantiation but before the invocation (i.e. inside {JSConstructStub}
546 : // where execution continues at {construct_stub_create_deopt_pc_offset}).
547 5201 : Node* receiver = jsgraph()->TheHoleConstant(); // Implicit receiver.
548 5201 : Node* context = NodeProperties::GetContextInput(node);
549 5201 : if (NeedsImplicitReceiver(shared_info)) {
550 3601 : Node* effect = NodeProperties::GetEffectInput(node);
551 3601 : Node* control = NodeProperties::GetControlInput(node);
552 : Node* frame_state_inside = CreateArtificialFrameState(
553 : node, frame_state, call.formal_arguments(),
554 : BailoutId::ConstructStubCreate(), FrameStateType::kConstructStub,
555 3601 : shared_info, context);
556 : Node* create =
557 : graph()->NewNode(javascript()->Create(), call.target(), new_target,
558 7202 : context, frame_state_inside, effect, control);
559 3601 : uncaught_subcalls.push_back(create); // Adds {IfSuccess} & {IfException}.
560 3601 : NodeProperties::ReplaceControlInput(node, create);
561 3601 : NodeProperties::ReplaceEffectInput(node, create);
562 : // Placeholder to hold {node}'s value dependencies while {node} is
563 : // replaced.
564 3601 : Node* dummy = graph()->NewNode(common()->Dead());
565 3601 : NodeProperties::ReplaceUses(node, dummy, node, node, node);
566 : Node* result;
567 : // Insert a check of the return value to determine whether the return
568 : // value or the implicit receiver should be selected as a result of the
569 : // call.
570 3601 : Node* check = graph()->NewNode(simplified()->ObjectIsReceiver(), node);
571 : result =
572 : graph()->NewNode(common()->Select(MachineRepresentation::kTagged),
573 7202 : check, node, create);
574 3601 : receiver = create; // The implicit receiver.
575 5201 : ReplaceWithValue(dummy, result);
576 1600 : } else if (IsDerivedConstructor(shared_info->kind())) {
577 : Node* node_success =
578 1600 : NodeProperties::FindSuccessfulControlProjection(node);
579 : Node* is_receiver =
580 1600 : graph()->NewNode(simplified()->ObjectIsReceiver(), node);
581 : Node* branch_is_receiver =
582 1600 : graph()->NewNode(common()->Branch(), is_receiver, node_success);
583 : Node* branch_is_receiver_true =
584 1600 : graph()->NewNode(common()->IfTrue(), branch_is_receiver);
585 : Node* branch_is_receiver_false =
586 3200 : graph()->NewNode(common()->IfFalse(), branch_is_receiver);
587 : branch_is_receiver_false =
588 : graph()->NewNode(javascript()->CallRuntime(
589 : Runtime::kThrowConstructorReturnedNonObject),
590 : context, NodeProperties::GetFrameStateInput(node),
591 4800 : node, branch_is_receiver_false);
592 1600 : uncaught_subcalls.push_back(branch_is_receiver_false);
593 : branch_is_receiver_false =
594 : graph()->NewNode(common()->Throw(), branch_is_receiver_false,
595 4800 : branch_is_receiver_false);
596 : NodeProperties::MergeControlToEnd(graph(), common(),
597 1600 : branch_is_receiver_false);
598 :
599 : ReplaceWithValue(node_success, node_success, node_success,
600 : branch_is_receiver_true);
601 : // Fix input destroyed by the above {ReplaceWithValue} call.
602 1600 : NodeProperties::ReplaceControlInput(branch_is_receiver, node_success, 0);
603 : }
604 5201 : node->ReplaceInput(1, receiver);
605 : // Insert a construct stub frame into the chain of frame states. This will
606 : // reconstruct the proper frame when deoptimizing within the constructor.
607 : frame_state = CreateArtificialFrameState(
608 : node, frame_state, call.formal_arguments(),
609 : BailoutId::ConstructStubInvoke(), FrameStateType::kConstructStub,
610 5201 : shared_info, context);
611 : }
612 :
613 : // Insert a JSConvertReceiver node for sloppy callees. Note that the context
614 : // passed into this node has to be the callees context (loaded above).
615 133960 : if (node->opcode() == IrOpcode::kJSCall &&
616 249442 : is_sloppy(shared_info->language_mode()) && !shared_info->native()) {
617 58904 : Node* effect = NodeProperties::GetEffectInput(node);
618 58904 : if (NodeProperties::CanBePrimitive(broker(), call.receiver(), effect)) {
619 112780 : CallParameters const& p = CallParametersOf(node->op());
620 : Node* global_proxy = jsgraph()->HeapConstant(
621 112780 : handle(info_->native_context()->global_proxy(), isolate()));
622 : Node* receiver = effect =
623 : graph()->NewNode(simplified()->ConvertReceiver(p.convert_mode()),
624 56390 : call.receiver(), global_proxy, effect, start);
625 56390 : NodeProperties::ReplaceValueInput(node, receiver, 1);
626 56390 : NodeProperties::ReplaceEffectInput(node, effect);
627 : }
628 : }
629 :
630 : // Insert argument adaptor frame if required. The callees formal parameter
631 : // count (i.e. value outputs of start node minus target, receiver, new target,
632 : // arguments count and context) have to match the number of arguments passed
633 : // to the call.
634 66980 : int parameter_count = shared_info->internal_formal_parameter_count();
635 : DCHECK_EQ(parameter_count, start->op()->ValueOutputCount() - 5);
636 66980 : if (call.formal_arguments() != parameter_count) {
637 : frame_state = CreateArtificialFrameState(
638 : node, frame_state, call.formal_arguments(), BailoutId::None(),
639 23832 : FrameStateType::kArgumentsAdaptor, shared_info);
640 : }
641 :
642 : return InlineCall(node, new_target, context, frame_state, start, end,
643 66980 : exception_target, uncaught_subcalls);
644 : }
645 :
646 707670 : Graph* JSInliner::graph() const { return jsgraph()->graph(); }
647 :
648 5201 : JSOperatorBuilder* JSInliner::javascript() const {
649 5201 : return jsgraph()->javascript();
650 : }
651 :
652 461846 : CommonOperatorBuilder* JSInliner::common() const { return jsgraph()->common(); }
653 :
654 61591 : SimplifiedOperatorBuilder* JSInliner::simplified() const {
655 61591 : return jsgraph()->simplified();
656 : }
657 :
658 : #undef TRACE
659 :
660 : } // namespace compiler
661 : } // namespace internal
662 183867 : } // namespace v8
|
