Line data Source code
1 : // Copyright 2014 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include "src/compiler/js-inlining.h"
6 :
7 : #include "src/ast/ast.h"
8 : #include "src/compiler.h"
9 : #include "src/compiler/all-nodes.h"
10 : #include "src/compiler/bytecode-graph-builder.h"
11 : #include "src/compiler/common-operator.h"
12 : #include "src/compiler/compiler-source-position-table.h"
13 : #include "src/compiler/graph-reducer.h"
14 : #include "src/compiler/js-operator.h"
15 : #include "src/compiler/node-matchers.h"
16 : #include "src/compiler/node-properties.h"
17 : #include "src/compiler/operator-properties.h"
18 : #include "src/compiler/simplified-operator.h"
19 : #include "src/isolate-inl.h"
20 : #include "src/objects/feedback-cell-inl.h"
21 : #include "src/optimized-compilation-info.h"
22 : #include "src/parsing/parse-info.h"
23 :
24 : namespace v8 {
25 : namespace internal {
26 : namespace compiler {
27 :
28 : namespace {
29 : // This is just to avoid some corner cases, especially since we allow recursive
30 : // inlining.
31 : static const int kMaxDepthForInlining = 50;
32 : } // namespace
33 :
34 : #define TRACE(...) \
35 : do { \
36 : if (FLAG_trace_turbo_inlining) PrintF(__VA_ARGS__); \
37 : } while (false)
38 :
39 :
40 : // Provides convenience accessors for the common layout of nodes having either
41 : // the {JSCall} or the {JSConstruct} operator.
42 : class JSCallAccessor {
43 : public:
44 66115 : explicit JSCallAccessor(Node* call) : call_(call) {
45 : DCHECK(call->opcode() == IrOpcode::kJSCall ||
46 : call->opcode() == IrOpcode::kJSConstruct);
47 : }
48 :
49 : Node* target() {
50 : // Both, {JSCall} and {JSConstruct}, have same layout here.
51 3520 : return call_->InputAt(0);
52 : }
53 :
54 : Node* receiver() {
55 : DCHECK_EQ(IrOpcode::kJSCall, call_->opcode());
56 113705 : return call_->InputAt(1);
57 : }
58 :
59 5115 : Node* new_target() {
60 : DCHECK_EQ(IrOpcode::kJSConstruct, call_->opcode());
61 10230 : return call_->InputAt(formal_arguments() + 1);
62 : }
63 :
64 : Node* frame_state() {
65 : // Both, {JSCall} and {JSConstruct}, have frame state.
66 132217 : return NodeProperties::GetFrameStateInput(call_);
67 : }
68 :
69 : int formal_arguments() {
70 : // Both, {JSCall} and {JSConstruct}, have two extra inputs:
71 : // - JSConstruct: Includes target function and new target.
72 : // - JSCall: Includes target function and receiver.
73 169938 : return call_->op()->ValueInputCount() - 2;
74 : }
75 :
76 66104 : CallFrequency frequency() const {
77 66104 : return (call_->opcode() == IrOpcode::kJSCall)
78 60989 : ? CallParametersOf(call_->op()).frequency()
79 127093 : : ConstructParametersOf(call_->op()).frequency();
80 : }
81 :
82 : private:
83 : Node* call_;
84 : };
85 :
86 132208 : Reduction JSInliner::InlineCall(Node* call, Node* new_target, Node* context,
87 66104 : Node* frame_state, Node* start, Node* end,
88 : Node* exception_target,
89 23728 : const NodeVector& uncaught_subcalls) {
90 : // The scheduler is smart enough to place our code; we just ensure {control}
91 : // becomes the control input of the start of the inlinee, and {effect} becomes
92 : // the effect input of the start of the inlinee.
93 66104 : Node* control = NodeProperties::GetControlInput(call);
94 66104 : Node* effect = NodeProperties::GetEffectInput(call);
95 :
96 : int const inlinee_new_target_index =
97 132208 : static_cast<int>(start->op()->ValueOutputCount()) - 3;
98 : int const inlinee_arity_index =
99 66104 : static_cast<int>(start->op()->ValueOutputCount()) - 2;
100 : int const inlinee_context_index =
101 66104 : static_cast<int>(start->op()->ValueOutputCount()) - 1;
102 :
103 : // {inliner_inputs} counts JSFunction, receiver, arguments, but not
104 : // new target value, argument count, context, effect or control.
105 66104 : int inliner_inputs = call->op()->ValueInputCount();
106 : // Iterate over all uses of the start node.
107 2442480 : for (Edge edge : start->use_edges()) {
108 1155136 : Node* use = edge.from();
109 1155136 : switch (use->opcode()) {
110 : case IrOpcode::kParameter: {
111 335827 : int index = 1 + ParameterIndexOf(use->op());
112 : DCHECK_LE(index, inlinee_context_index);
113 335827 : if (index < inliner_inputs && index < inlinee_new_target_index) {
114 : // There is an input from the call, and the index is a value
115 : // projection but not the context, so rewire the input.
116 474488 : Replace(use, call->InputAt(index));
117 89754 : } else if (index == inlinee_new_target_index) {
118 : // The projection is requesting the new target value.
119 : Replace(use, new_target);
120 87551 : } else if (index == inlinee_arity_index) {
121 : // The projection is requesting the number of arguments.
122 0 : Replace(use, jsgraph()->Constant(inliner_inputs - 2));
123 87551 : } else if (index == inlinee_context_index) {
124 : // The projection is requesting the inlinee function context.
125 : Replace(use, context);
126 : } else {
127 : // Call has fewer arguments than required, fill with undefined.
128 21447 : Replace(use, jsgraph()->UndefinedConstant());
129 : }
130 : break;
131 : }
132 : default:
133 819309 : if (NodeProperties::IsEffectEdge(edge)) {
134 67314 : edge.UpdateTo(effect);
135 751995 : } else if (NodeProperties::IsControlEdge(edge)) {
136 216994 : edge.UpdateTo(control);
137 535001 : } else if (NodeProperties::IsFrameStateEdge(edge)) {
138 535001 : edge.UpdateTo(frame_state);
139 : } else {
140 0 : UNREACHABLE();
141 : }
142 : break;
143 : }
144 : }
145 :
146 66104 : if (exception_target != nullptr) {
147 : // Link uncaught calls in the inlinee to {exception_target}
148 7900 : int subcall_count = static_cast<int>(uncaught_subcalls.size());
149 3950 : if (subcall_count > 0) {
150 3811 : TRACE(
151 : "Inlinee contains %d calls without local exception handler; "
152 : "linking to surrounding exception handler\n",
153 : subcall_count);
154 : }
155 3950 : NodeVector on_exception_nodes(local_zone_);
156 27989 : for (Node* subcall : uncaught_subcalls) {
157 20089 : Node* on_success = graph()->NewNode(common()->IfSuccess(), subcall);
158 20089 : NodeProperties::ReplaceUses(subcall, subcall, subcall, on_success);
159 20089 : NodeProperties::ReplaceControlInput(on_success, subcall);
160 : Node* on_exception =
161 40178 : graph()->NewNode(common()->IfException(), subcall, subcall);
162 20089 : on_exception_nodes.push_back(on_exception);
163 : }
164 :
165 : DCHECK_EQ(subcall_count, static_cast<int>(on_exception_nodes.size()));
166 3950 : if (subcall_count > 0) {
167 : Node* control_output =
168 : graph()->NewNode(common()->Merge(subcall_count), subcall_count,
169 7622 : &on_exception_nodes.front());
170 3811 : NodeVector values_effects(local_zone_);
171 : values_effects = on_exception_nodes;
172 3811 : values_effects.push_back(control_output);
173 : Node* value_output = graph()->NewNode(
174 : common()->Phi(MachineRepresentation::kTagged, subcall_count),
175 11433 : subcall_count + 1, &values_effects.front());
176 : Node* effect_output =
177 : graph()->NewNode(common()->EffectPhi(subcall_count),
178 7622 : subcall_count + 1, &values_effects.front());
179 : ReplaceWithValue(exception_target, value_output, effect_output,
180 3811 : control_output);
181 : } else {
182 : ReplaceWithValue(exception_target, exception_target, exception_target,
183 139 : jsgraph()->Dead());
184 : }
185 : }
186 :
187 66104 : NodeVector values(local_zone_);
188 : NodeVector effects(local_zone_);
189 : NodeVector controls(local_zone_);
190 475570 : for (Node* const input : end->inputs()) {
191 171681 : switch (input->opcode()) {
192 : case IrOpcode::kReturn:
193 206148 : values.push_back(NodeProperties::GetValueInput(input, 1));
194 206148 : effects.push_back(NodeProperties::GetEffectInput(input));
195 206148 : controls.push_back(NodeProperties::GetControlInput(input));
196 103074 : break;
197 : case IrOpcode::kDeoptimize:
198 : case IrOpcode::kTerminate:
199 : case IrOpcode::kThrow:
200 68607 : NodeProperties::MergeControlToEnd(graph(), common(), input);
201 68607 : Revisit(graph()->end());
202 : break;
203 : default:
204 0 : UNREACHABLE();
205 : break;
206 : }
207 : }
208 : DCHECK_EQ(values.size(), effects.size());
209 : DCHECK_EQ(values.size(), controls.size());
210 :
211 : // Depending on whether the inlinee produces a value, we either replace value
212 : // uses with said value or kill value uses if no value can be returned.
213 132208 : if (values.size() > 0) {
214 130780 : int const input_count = static_cast<int>(controls.size());
215 : Node* control_output = graph()->NewNode(common()->Merge(input_count),
216 130780 : input_count, &controls.front());
217 65390 : values.push_back(control_output);
218 65390 : effects.push_back(control_output);
219 : Node* value_output = graph()->NewNode(
220 : common()->Phi(MachineRepresentation::kTagged, input_count),
221 261560 : static_cast<int>(values.size()), &values.front());
222 : Node* effect_output =
223 : graph()->NewNode(common()->EffectPhi(input_count),
224 261560 : static_cast<int>(effects.size()), &effects.front());
225 65390 : ReplaceWithValue(call, value_output, effect_output, control_output);
226 : return Changed(value_output);
227 : } else {
228 : ReplaceWithValue(call, jsgraph()->Dead(), jsgraph()->Dead(),
229 2142 : jsgraph()->Dead());
230 : return Changed(call);
231 : }
232 : }
233 :
234 31695 : Node* JSInliner::CreateArtificialFrameState(Node* node, Node* outer_frame_state,
235 : int parameter_count,
236 : BailoutId bailout_id,
237 : FrameStateType frame_state_type,
238 : Handle<SharedFunctionInfo> shared,
239 23060 : Node* context) {
240 : const FrameStateFunctionInfo* state_info =
241 : common()->CreateFrameStateFunctionInfo(frame_state_type,
242 63390 : parameter_count + 1, 0, shared);
243 :
244 : const Operator* op = common()->FrameState(
245 31695 : bailout_id, OutputFrameStateCombine::Ignore(), state_info);
246 31695 : const Operator* op0 = common()->StateValues(0, SparseInputMask::Dense());
247 : Node* node0 = graph()->NewNode(op0);
248 31695 : NodeVector params(local_zone_);
249 154927 : for (int parameter = 0; parameter < parameter_count + 1; ++parameter) {
250 274611 : params.push_back(node->InputAt(1 + parameter));
251 : }
252 : const Operator* op_param = common()->StateValues(
253 95085 : static_cast<int>(params.size()), SparseInputMask::Dense());
254 : Node* params_node = graph()->NewNode(
255 95085 : op_param, static_cast<int>(params.size()), ¶ms.front());
256 31695 : if (!context) {
257 23060 : context = jsgraph()->UndefinedConstant();
258 : }
259 : return graph()->NewNode(op, params_node, node0, node0, context,
260 31695 : node->InputAt(0), outer_frame_state);
261 : }
262 :
263 : namespace {
264 :
265 : // TODO(mstarzinger,verwaest): Move this predicate onto SharedFunctionInfo?
266 5115 : bool NeedsImplicitReceiver(Handle<SharedFunctionInfo> shared_info) {
267 : DisallowHeapAllocation no_gc;
268 5115 : if (!shared_info->construct_as_builtin()) {
269 5115 : return !IsDerivedConstructor(shared_info->kind());
270 : } else {
271 : return false;
272 : }
273 : }
274 :
275 : } // namespace
276 :
277 : // Determines whether the call target of the given call {node} is statically
278 : // known and can be used as an inlining candidate. The {SharedFunctionInfo} of
279 : // the call target is provided (the exact closure might be unknown).
280 66115 : bool JSInliner::DetermineCallTarget(
281 64293 : Node* node, Handle<SharedFunctionInfo>& shared_info_out) {
282 : DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
283 : HeapObjectMatcher match(node->InputAt(0));
284 :
285 : // This reducer can handle both normal function calls as well a constructor
286 : // calls whenever the target is a constant function object, as follows:
287 : // - JSCall(target:constant, receiver, args...)
288 : // - JSConstruct(target:constant, args..., new.target)
289 194703 : if (match.HasValue() && match.Value()->IsJSFunction()) {
290 64294 : Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
291 :
292 : // Don't inline if the function has never run.
293 64294 : if (!function->has_feedback_vector()) return false;
294 :
295 : // Disallow cross native-context inlining for now. This means that all parts
296 : // of the resulting code will operate on the same global object. This also
297 : // prevents cross context leaks, where we could inline functions from a
298 : // different context and hold on to that context (and closure) from the code
299 : // object.
300 : // TODO(turbofan): We might want to revisit this restriction later when we
301 : // have a need for this, and we know how to model different native contexts
302 : // in the same graph in a compositional way.
303 192879 : if (function->native_context() != info_->native_context()) {
304 : return false;
305 : }
306 :
307 128586 : shared_info_out = handle(function->shared(), isolate());
308 64293 : return true;
309 : }
310 :
311 : // This reducer can also handle calls where the target is statically known to
312 : // be the result of a closure instantiation operation, as follows:
313 : // - JSCall(JSCreateClosure[shared](context), receiver, args...)
314 : // - JSConstruct(JSCreateClosure[shared](context), args..., new.target)
315 1821 : if (match.IsJSCreateClosure()) {
316 1821 : CreateClosureParameters const& p = CreateClosureParametersOf(match.op());
317 :
318 : // Disallow inlining in case the instantiation site was never run and hence
319 : // the vector cell does not contain a valid feedback vector for the call
320 : // target.
321 : // TODO(turbofan): We might consider to eagerly create the feedback vector
322 : // in such a case (in {DetermineCallContext} below) eventually.
323 : Handle<FeedbackCell> cell = p.feedback_cell();
324 3642 : if (!cell->value()->IsFeedbackVector()) return false;
325 :
326 1820 : shared_info_out = p.shared_info();
327 1820 : return true;
328 : }
329 :
330 : return false;
331 : }
332 :
333 : // Determines statically known information about the call target (assuming that
334 : // the call target is known according to {DetermineCallTarget} above). The
335 : // following static information is provided:
336 : // - context : The context (as SSA value) bound by the call target.
337 : // - feedback_vector : The target is guaranteed to use this feedback vector.
338 66104 : void JSInliner::DetermineCallContext(
339 : Node* node, Node*& context_out,
340 194680 : Handle<FeedbackVector>& feedback_vector_out) {
341 : DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
342 : HeapObjectMatcher match(node->InputAt(0));
343 :
344 194680 : if (match.HasValue() && match.Value()->IsJSFunction()) {
345 64288 : Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
346 64288 : CHECK(function->has_feedback_vector());
347 :
348 : // The inlinee specializes to the context from the JSFunction object.
349 128576 : context_out = jsgraph()->Constant(handle(function->context(), isolate()));
350 128576 : feedback_vector_out = handle(function->feedback_vector(), isolate());
351 : return;
352 : }
353 :
354 1816 : if (match.IsJSCreateClosure()) {
355 1816 : CreateClosureParameters const& p = CreateClosureParametersOf(match.op());
356 :
357 : // Load the feedback vector of the target by looking up its vector cell at
358 : // the instantiation site (we only decide to inline if it's populated).
359 : Handle<FeedbackCell> cell = p.feedback_cell();
360 : DCHECK(cell->value()->IsFeedbackVector());
361 :
362 : // The inlinee uses the locally provided context at instantiation.
363 1816 : context_out = NodeProperties::GetContextInput(match.node());
364 : feedback_vector_out =
365 3632 : handle(FeedbackVector::cast(cell->value()), isolate());
366 : return;
367 : }
368 :
369 : // Must succeed.
370 0 : UNREACHABLE();
371 : }
372 :
373 0 : Reduction JSInliner::Reduce(Node* node) {
374 0 : if (!IrOpcode::IsInlineeOpcode(node->opcode())) return NoChange();
375 0 : return ReduceJSCall(node);
376 : }
377 :
378 66104 : Handle<Context> JSInliner::native_context() const {
379 132208 : return handle(info_->native_context(), isolate());
380 : }
381 :
382 759600 : Reduction JSInliner::ReduceJSCall(Node* node) {
383 : DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
384 : Handle<SharedFunctionInfo> shared_info;
385 : JSCallAccessor call(node);
386 :
387 : // Determine the call target.
388 66115 : if (!DetermineCallTarget(node, shared_info)) return NoChange();
389 :
390 : DCHECK(shared_info->IsInlineable());
391 :
392 : // Constructor must be constructable.
393 71229 : if (node->opcode() == IrOpcode::kJSConstruct &&
394 : !IsConstructable(shared_info->kind())) {
395 0 : TRACE("Not inlining %s into %s because constructor is not constructable.\n",
396 : shared_info->DebugName()->ToCString().get(),
397 : info_->shared_info()->DebugName()->ToCString().get());
398 : return NoChange();
399 : }
400 :
401 : // Class constructors are callable, but [[Call]] will raise an exception.
402 : // See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
403 127110 : if (node->opcode() == IrOpcode::kJSCall &&
404 : IsClassConstructor(shared_info->kind())) {
405 0 : TRACE("Not inlining %s into %s because callee is a class constructor.\n",
406 : shared_info->DebugName()->ToCString().get(),
407 : info_->shared_info()->DebugName()->ToCString().get());
408 : return NoChange();
409 : }
410 :
411 : // To ensure inlining always terminates, we have an upper limit on inlining
412 : // the nested calls.
413 : int nesting_level = 0;
414 494045 : for (Node* frame_state = call.frame_state();
415 : frame_state->opcode() == IrOpcode::kFrameState;
416 : frame_state = frame_state->InputAt(kFrameStateOuterStateInput)) {
417 147862 : nesting_level++;
418 147862 : if (nesting_level > kMaxDepthForInlining) {
419 9 : TRACE(
420 : "Not inlining %s into %s because call has exceeded the maximum depth "
421 : "for function inlining\n",
422 : shared_info->DebugName()->ToCString().get(),
423 : info_->shared_info()->DebugName()->ToCString().get());
424 : return NoChange();
425 : }
426 : }
427 :
428 : // Calls surrounded by a local try-block are only inlined if the appropriate
429 : // flag is active. We also discover the {IfException} projection this way.
430 66104 : Node* exception_target = nullptr;
431 70054 : if (NodeProperties::IsExceptionalCall(node, &exception_target) &&
432 3950 : !FLAG_inline_into_try) {
433 0 : TRACE(
434 : "Try block surrounds #%d:%s and --no-inline-into-try active, so not "
435 : "inlining %s into %s.\n",
436 : exception_target->id(), exception_target->op()->mnemonic(),
437 : shared_info->DebugName()->ToCString().get(),
438 : info_->shared_info()->DebugName()->ToCString().get());
439 : return NoChange();
440 : }
441 :
442 66104 : IsCompiledScope is_compiled_scope(shared_info->is_compiled_scope());
443 66104 : if (!is_compiled_scope.is_compiled() &&
444 : !Compiler::Compile(shared_info, Compiler::CLEAR_EXCEPTION,
445 0 : &is_compiled_scope)) {
446 0 : TRACE("Not inlining %s into %s because bytecode generation failed\n",
447 : shared_info->DebugName()->ToCString().get(),
448 : info_->shared_info()->DebugName()->ToCString().get());
449 : return NoChange();
450 : }
451 :
452 132208 : if (info_->is_source_positions_enabled()) {
453 575 : SharedFunctionInfo::EnsureSourcePositionsAvailable(isolate(), shared_info);
454 : }
455 :
456 : // ----------------------------------------------------------------
457 : // After this point, we've made a decision to inline this function.
458 : // We shall not bailout from inlining if we got here.
459 :
460 66104 : TRACE("Inlining %s into %s%s\n", shared_info->DebugName()->ToCString().get(),
461 : info_->shared_info()->DebugName()->ToCString().get(),
462 : (exception_target != nullptr) ? " (inside try-block)" : "");
463 :
464 : // Determine the targets feedback vector and its context.
465 : Node* context;
466 : Handle<FeedbackVector> feedback_vector;
467 66104 : DetermineCallContext(node, context, feedback_vector);
468 :
469 66104 : if (FLAG_concurrent_inlining) {
470 : SharedFunctionInfoRef sfi(broker(), shared_info);
471 : FeedbackVectorRef feedback(broker(), feedback_vector);
472 60 : if (!sfi.IsSerializedForCompilation(feedback)) {
473 0 : TRACE_BROKER(broker(),
474 : "Would have missed opportunity to inline a function ("
475 : << Brief(*sfi.object()) << " with "
476 : << Brief(*feedback.object()) << ")");
477 : }
478 : }
479 :
480 : Handle<BytecodeArray> bytecode_array =
481 132208 : handle(shared_info->GetBytecodeArray(), isolate());
482 :
483 : // Remember that we inlined this function.
484 : int inlining_id = info_->AddInlinedFunction(
485 66104 : shared_info, bytecode_array, source_positions_->GetSourcePosition(node));
486 :
487 : // Create the subgraph for the inlinee.
488 : Node* start;
489 : Node* end;
490 : {
491 : // Run the BytecodeGraphBuilder to create the subgraph.
492 : Graph::SubgraphScope scope(graph());
493 : JSTypeHintLowering::Flags flags = JSTypeHintLowering::kNoFlags;
494 132208 : if (info_->is_bailout_on_uninitialized()) {
495 : flags |= JSTypeHintLowering::kBailoutOnUninitialized;
496 : }
497 66104 : CallFrequency frequency = call.frequency();
498 : BytecodeGraphBuilder graph_builder(
499 : zone(), bytecode_array, shared_info, feedback_vector, BailoutId::None(),
500 : jsgraph(), frequency, source_positions_, native_context(), inlining_id,
501 264416 : flags, false, info_->is_analyze_environment_liveness());
502 66104 : graph_builder.CreateGraph();
503 :
504 : // Extract the inlinee start/end nodes.
505 66104 : start = graph()->start();
506 66104 : end = graph()->end();
507 : }
508 :
509 : // If we are inlining into a surrounding exception handler, we collect all
510 : // potentially throwing nodes within the inlinee that are not handled locally
511 : // by the inlinee itself. They are later wired into the surrounding handler.
512 66104 : NodeVector uncaught_subcalls(local_zone_);
513 66104 : if (exception_target != nullptr) {
514 : // Find all uncaught 'calls' in the inlinee.
515 3950 : AllNodes inlined_nodes(local_zone_, end, graph());
516 229802 : for (Node* subnode : inlined_nodes.reachable) {
517 : // Every possibly throwing node should get {IfSuccess} and {IfException}
518 : // projections, unless there already is local exception handling.
519 443804 : if (subnode->op()->HasProperty(Operator::kNoThrow)) continue;
520 21327 : if (!NodeProperties::IsExceptionalCall(subnode)) {
521 : DCHECK_EQ(2, subnode->op()->ControlOutputCount());
522 19628 : uncaught_subcalls.push_back(subnode);
523 : }
524 : }
525 : }
526 :
527 : Node* frame_state = call.frame_state();
528 66104 : Node* new_target = jsgraph()->UndefinedConstant();
529 :
530 : // Inline {JSConstruct} requires some additional magic.
531 66104 : if (node->opcode() == IrOpcode::kJSConstruct) {
532 : // Swizzle the inputs of the {JSConstruct} node to look like inputs to a
533 : // normal {JSCall} node so that the rest of the inlining machinery
534 : // behaves as if we were dealing with a regular function invocation.
535 5115 : new_target = call.new_target(); // Retrieve new target value input.
536 5115 : node->RemoveInput(call.formal_arguments() + 1); // Drop new target.
537 5115 : node->InsertInput(graph()->zone(), 1, new_target);
538 :
539 : // Insert nodes around the call that model the behavior required for a
540 : // constructor dispatch (allocate implicit receiver and check return value).
541 : // This models the behavior usually accomplished by our {JSConstructStub}.
542 : // Note that the context has to be the callers context (input to call node).
543 : // Also note that by splitting off the {JSCreate} piece of the constructor
544 : // call, we create an observable deoptimization point after the receiver
545 : // instantiation but before the invocation (i.e. inside {JSConstructStub}
546 : // where execution continues at {construct_stub_create_deopt_pc_offset}).
547 5115 : Node* receiver = jsgraph()->TheHoleConstant(); // Implicit receiver.
548 5115 : Node* context = NodeProperties::GetContextInput(node);
549 5115 : if (NeedsImplicitReceiver(shared_info)) {
550 3520 : Node* effect = NodeProperties::GetEffectInput(node);
551 3520 : Node* control = NodeProperties::GetControlInput(node);
552 : Node* frame_state_inside = CreateArtificialFrameState(
553 : node, frame_state, call.formal_arguments(),
554 : BailoutId::ConstructStubCreate(), FrameStateType::kConstructStub,
555 3520 : shared_info, context);
556 : Node* create =
557 : graph()->NewNode(javascript()->Create(), call.target(), new_target,
558 7040 : context, frame_state_inside, effect, control);
559 3520 : uncaught_subcalls.push_back(create); // Adds {IfSuccess} & {IfException}.
560 3520 : NodeProperties::ReplaceControlInput(node, create);
561 3520 : NodeProperties::ReplaceEffectInput(node, create);
562 : // Placeholder to hold {node}'s value dependencies while {node} is
563 : // replaced.
564 3520 : Node* dummy = graph()->NewNode(common()->Dead());
565 3520 : NodeProperties::ReplaceUses(node, dummy, node, node, node);
566 : Node* result;
567 : // Insert a check of the return value to determine whether the return
568 : // value or the implicit receiver should be selected as a result of the
569 : // call.
570 3520 : Node* check = graph()->NewNode(simplified()->ObjectIsReceiver(), node);
571 : result =
572 : graph()->NewNode(common()->Select(MachineRepresentation::kTagged),
573 7040 : check, node, create);
574 3520 : receiver = create; // The implicit receiver.
575 5115 : ReplaceWithValue(dummy, result);
576 1595 : } else if (IsDerivedConstructor(shared_info->kind())) {
577 : Node* node_success =
578 1595 : NodeProperties::FindSuccessfulControlProjection(node);
579 : Node* is_receiver =
580 1595 : graph()->NewNode(simplified()->ObjectIsReceiver(), node);
581 : Node* branch_is_receiver =
582 1595 : graph()->NewNode(common()->Branch(), is_receiver, node_success);
583 : Node* branch_is_receiver_true =
584 1595 : graph()->NewNode(common()->IfTrue(), branch_is_receiver);
585 : Node* branch_is_receiver_false =
586 3190 : graph()->NewNode(common()->IfFalse(), branch_is_receiver);
587 : branch_is_receiver_false =
588 : graph()->NewNode(javascript()->CallRuntime(
589 : Runtime::kThrowConstructorReturnedNonObject),
590 : context, NodeProperties::GetFrameStateInput(node),
591 4785 : node, branch_is_receiver_false);
592 1595 : uncaught_subcalls.push_back(branch_is_receiver_false);
593 : branch_is_receiver_false =
594 : graph()->NewNode(common()->Throw(), branch_is_receiver_false,
595 4785 : branch_is_receiver_false);
596 : NodeProperties::MergeControlToEnd(graph(), common(),
597 1595 : branch_is_receiver_false);
598 :
599 : ReplaceWithValue(node_success, node_success, node_success,
600 : branch_is_receiver_true);
601 : // Fix input destroyed by the above {ReplaceWithValue} call.
602 1595 : NodeProperties::ReplaceControlInput(branch_is_receiver, node_success, 0);
603 : }
604 5115 : node->ReplaceInput(1, receiver);
605 : // Insert a construct stub frame into the chain of frame states. This will
606 : // reconstruct the proper frame when deoptimizing within the constructor.
607 : frame_state = CreateArtificialFrameState(
608 : node, frame_state, call.formal_arguments(),
609 : BailoutId::ConstructStubInvoke(), FrameStateType::kConstructStub,
610 5115 : shared_info, context);
611 : }
612 :
613 : // Insert a JSConvertReceiver node for sloppy callees. Note that the context
614 : // passed into this node has to be the callees context (loaded above).
615 132208 : if (node->opcode() == IrOpcode::kJSCall &&
616 246175 : is_sloppy(shared_info->language_mode()) && !shared_info->native()) {
617 58093 : Node* effect = NodeProperties::GetEffectInput(node);
618 58093 : if (NodeProperties::CanBePrimitive(broker(), call.receiver(), effect)) {
619 111224 : CallParameters const& p = CallParametersOf(node->op());
620 : Node* global_proxy = jsgraph()->HeapConstant(
621 111224 : handle(info_->native_context()->global_proxy(), isolate()));
622 : Node* receiver = effect =
623 : graph()->NewNode(simplified()->ConvertReceiver(p.convert_mode()),
624 55612 : call.receiver(), global_proxy, effect, start);
625 55612 : NodeProperties::ReplaceValueInput(node, receiver, 1);
626 55612 : NodeProperties::ReplaceEffectInput(node, effect);
627 : }
628 : }
629 :
630 : // Insert argument adaptor frame if required. The callees formal parameter
631 : // count (i.e. value outputs of start node minus target, receiver, new target,
632 : // arguments count and context) have to match the number of arguments passed
633 : // to the call.
634 66104 : int parameter_count = shared_info->internal_formal_parameter_count();
635 : DCHECK_EQ(parameter_count, start->op()->ValueOutputCount() - 5);
636 66104 : if (call.formal_arguments() != parameter_count) {
637 : frame_state = CreateArtificialFrameState(
638 : node, frame_state, call.formal_arguments(), BailoutId::None(),
639 23060 : FrameStateType::kArgumentsAdaptor, shared_info);
640 : }
641 :
642 : return InlineCall(node, new_target, context, frame_state, start, end,
643 66104 : exception_target, uncaught_subcalls);
644 : }
645 :
646 702210 : Graph* JSInliner::graph() const { return jsgraph()->graph(); }
647 :
648 5115 : JSOperatorBuilder* JSInliner::javascript() const {
649 5115 : return jsgraph()->javascript();
650 : }
651 :
652 458183 : CommonOperatorBuilder* JSInliner::common() const { return jsgraph()->common(); }
653 :
654 60727 : SimplifiedOperatorBuilder* JSInliner::simplified() const {
655 60727 : return jsgraph()->simplified();
656 : }
657 :
658 : #undef TRACE
659 :
660 : } // namespace compiler
661 : } // namespace internal
662 178779 : } // namespace v8
|
