builtins-arm.cc 57.3 KB
Newer Older
1
// Copyright 2011 the V8 project authors. All rights reserved.
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
//     * Redistributions of source code must retain the above copyright
//       notice, this list of conditions and the following disclaimer.
//     * Redistributions in binary form must reproduce the above
//       copyright notice, this list of conditions and the following
//       disclaimer in the documentation and/or other materials provided
//       with the distribution.
//     * Neither the name of Google Inc. nor the names of its
//       contributors may be used to endorse or promote products derived
//       from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "v8.h"

30 31
#if defined(V8_TARGET_ARCH_ARM)

32
#include "codegen.h"
33
#include "debug.h"
34 35
#include "deoptimizer.h"
#include "full-codegen.h"
36 37
#include "runtime.h"

38 39
namespace v8 {
namespace internal {
40 41


42
#define __ ACCESS_MASM(masm)
43 44


45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
void Builtins::Generate_Adaptor(MacroAssembler* masm,
                                CFunctionId id,
                                BuiltinExtraArguments extra_args) {
  // ----------- S t a t e -------------
  //  -- r0                 : number of arguments excluding receiver
  //  -- r1                 : called function (only guaranteed when
  //                          extra_args requires it)
  //  -- cp                 : context
  //  -- sp[0]              : last argument
  //  -- ...
  //  -- sp[4 * (argc - 1)] : first argument (argc == r0)
  //  -- sp[4 * argc]       : receiver
  // -----------------------------------

  // Insert extra arguments.
  int num_extra_args = 0;
  if (extra_args == NEEDS_CALLED_FUNCTION) {
    num_extra_args = 1;
    __ push(r1);
  } else {
    ASSERT(extra_args == NO_EXTRA_ARGUMENTS);
  }

serya@chromium.org's avatar
serya@chromium.org committed
68
  // JumpToExternalReference expects r0 to contain the number of arguments
69 70
  // including the receiver and the extra arguments.
  __ add(r0, r0, Operand(num_extra_args + 1));
71
  __ JumpToExternalReference(ExternalReference(id, masm->isolate()));
72 73 74
}


75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
// Load the built-in Array function from the current context.
static void GenerateLoadArrayFunction(MacroAssembler* masm, Register result) {
  // Load the global context.

  __ ldr(result, MemOperand(cp, Context::SlotOffset(Context::GLOBAL_INDEX)));
  __ ldr(result,
         FieldMemOperand(result, GlobalObject::kGlobalContextOffset));
  // Load the Array function from the global context.
  __ ldr(result,
         MemOperand(result,
                    Context::SlotOffset(Context::ARRAY_FUNCTION_INDEX)));
}


// This constant has the same value as JSArray::kPreallocatedArrayElements and
// if JSArray::kPreallocatedArrayElements is changed handling of loop unfolding
// below should be reconsidered.
static const int kLoopUnfoldLimit = 4;


// Allocate an empty JSArray. The allocated array is put into the result
// register. An elements backing store is allocated with size initial_capacity
// and filled with the hole values.
static void AllocateEmptyJSArray(MacroAssembler* masm,
                                 Register array_function,
                                 Register result,
                                 Register scratch1,
                                 Register scratch2,
                                 Register scratch3,
                                 int initial_capacity,
                                 Label* gc_required) {
  ASSERT(initial_capacity > 0);
  // Load the initial map from the array function.
  __ ldr(scratch1, FieldMemOperand(array_function,
                                   JSFunction::kPrototypeOrInitialMapOffset));

  // Allocate the JSArray object together with space for a fixed array with the
  // requested elements.
  int size = JSArray::kSize + FixedArray::SizeFor(initial_capacity);
114
  __ AllocateInNewSpace(size,
115 116 117 118 119
                        result,
                        scratch2,
                        scratch3,
                        gc_required,
                        TAG_OBJECT);
120 121 122 123 124 125 126 127 128 129

  // Allocated the JSArray. Now initialize the fields except for the elements
  // array.
  // result: JSObject
  // scratch1: initial map
  // scratch2: start of next object
  __ str(scratch1, FieldMemOperand(result, JSObject::kMapOffset));
  __ LoadRoot(scratch1, Heap::kEmptyFixedArrayRootIndex);
  __ str(scratch1, FieldMemOperand(result, JSArray::kPropertiesOffset));
  // Field JSArray::kElementsOffset is initialized later.
130
  __ mov(scratch3,  Operand(0, RelocInfo::NONE));
131 132 133 134 135 136
  __ str(scratch3, FieldMemOperand(result, JSArray::kLengthOffset));

  // Calculate the location of the elements array and set elements array member
  // of the JSArray.
  // result: JSObject
  // scratch2: start of next object
137
  __ add(scratch1, result, Operand(JSArray::kSize));
138 139 140
  __ str(scratch1, FieldMemOperand(result, JSArray::kElementsOffset));

  // Clear the heap tag on the elements array.
141 142
  ASSERT(kSmiTag == 0);
  __ sub(scratch1, scratch1, Operand(kHeapObjectTag));
143

144
  // Initialize the FixedArray and fill it with holes. FixedArray length is
145 146 147 148 149 150 151
  // stored as a smi.
  // result: JSObject
  // scratch1: elements array (untagged)
  // scratch2: start of next object
  __ LoadRoot(scratch3, Heap::kFixedArrayMapRootIndex);
  ASSERT_EQ(0 * kPointerSize, FixedArray::kMapOffset);
  __ str(scratch3, MemOperand(scratch1, kPointerSize, PostIndex));
152
  __ mov(scratch3,  Operand(Smi::FromInt(initial_capacity)));
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192
  ASSERT_EQ(1 * kPointerSize, FixedArray::kLengthOffset);
  __ str(scratch3, MemOperand(scratch1, kPointerSize, PostIndex));

  // Fill the FixedArray with the hole value.
  ASSERT_EQ(2 * kPointerSize, FixedArray::kHeaderSize);
  ASSERT(initial_capacity <= kLoopUnfoldLimit);
  __ LoadRoot(scratch3, Heap::kTheHoleValueRootIndex);
  for (int i = 0; i < initial_capacity; i++) {
    __ str(scratch3, MemOperand(scratch1, kPointerSize, PostIndex));
  }
}

// Allocate a JSArray with the number of elements stored in a register. The
// register array_function holds the built-in Array function and the register
// array_size holds the size of the array as a smi. The allocated array is put
// into the result register and beginning and end of the FixedArray elements
// storage is put into registers elements_array_storage and elements_array_end
// (see  below for when that is not the case). If the parameter fill_with_holes
// is true the allocated elements backing store is filled with the hole values
// otherwise it is left uninitialized. When the backing store is filled the
// register elements_array_storage is scratched.
static void AllocateJSArray(MacroAssembler* masm,
                            Register array_function,  // Array function.
                            Register array_size,  // As a smi.
                            Register result,
                            Register elements_array_storage,
                            Register elements_array_end,
                            Register scratch1,
                            Register scratch2,
                            bool fill_with_hole,
                            Label* gc_required) {
  Label not_empty, allocated;

  // Load the initial map from the array function.
  __ ldr(elements_array_storage,
         FieldMemOperand(array_function,
                         JSFunction::kPrototypeOrInitialMapOffset));

  // Check whether an empty sized array is requested.
  __ tst(array_size, array_size);
193
  __ b(ne, &not_empty);
194 195 196 197 198

  // If an empty array is requested allocate a small elements array anyway. This
  // keeps the code below free of special casing for the empty array.
  int size = JSArray::kSize +
             FixedArray::SizeFor(JSArray::kPreallocatedArrayElements);
199
  __ AllocateInNewSpace(size,
200 201 202 203 204
                        result,
                        elements_array_end,
                        scratch1,
                        gc_required,
                        TAG_OBJECT);
205 206 207 208 209 210 211 212 213 214 215
  __ jmp(&allocated);

  // Allocate the JSArray object together with space for a FixedArray with the
  // requested number of elements.
  __ bind(&not_empty);
  ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
  __ mov(elements_array_end,
         Operand((JSArray::kSize + FixedArray::kHeaderSize) / kPointerSize));
  __ add(elements_array_end,
         elements_array_end,
         Operand(array_size, ASR, kSmiTagSize));
216 217 218 219 220 221 222
  __ AllocateInNewSpace(
      elements_array_end,
      result,
      scratch1,
      scratch2,
      gc_required,
      static_cast<AllocationFlags>(TAG_OBJECT | SIZE_IN_WORDS));
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245

  // Allocated the JSArray. Now initialize the fields except for the elements
  // array.
  // result: JSObject
  // elements_array_storage: initial map
  // array_size: size of array (smi)
  __ bind(&allocated);
  __ str(elements_array_storage, FieldMemOperand(result, JSObject::kMapOffset));
  __ LoadRoot(elements_array_storage, Heap::kEmptyFixedArrayRootIndex);
  __ str(elements_array_storage,
         FieldMemOperand(result, JSArray::kPropertiesOffset));
  // Field JSArray::kElementsOffset is initialized later.
  __ str(array_size, FieldMemOperand(result, JSArray::kLengthOffset));

  // Calculate the location of the elements array and set elements array member
  // of the JSArray.
  // result: JSObject
  // array_size: size of array (smi)
  __ add(elements_array_storage, result, Operand(JSArray::kSize));
  __ str(elements_array_storage,
         FieldMemOperand(result, JSArray::kElementsOffset));

  // Clear the heap tag on the elements array.
246 247 248 249
  ASSERT(kSmiTag == 0);
  __ sub(elements_array_storage,
         elements_array_storage,
         Operand(kHeapObjectTag));
250
  // Initialize the fixed array and fill it with holes. FixedArray length is
251 252 253 254 255 256 257
  // stored as a smi.
  // result: JSObject
  // elements_array_storage: elements array (untagged)
  // array_size: size of array (smi)
  __ LoadRoot(scratch1, Heap::kFixedArrayMapRootIndex);
  ASSERT_EQ(0 * kPointerSize, FixedArray::kMapOffset);
  __ str(scratch1, MemOperand(elements_array_storage, kPointerSize, PostIndex));
258
  ASSERT(kSmiTag == 0);
259 260 261
  __ tst(array_size, array_size);
  // Length of the FixedArray is the number of pre-allocated elements if
  // the actual JSArray has length 0 and the size of the JSArray for non-empty
262 263 264 265 266
  // JSArrays. The length of a FixedArray is stored as a smi.
  __ mov(array_size,
         Operand(Smi::FromInt(JSArray::kPreallocatedArrayElements)),
         LeaveCC,
         eq);
267 268 269 270 271 272 273
  ASSERT_EQ(1 * kPointerSize, FixedArray::kLengthOffset);
  __ str(array_size,
         MemOperand(elements_array_storage, kPointerSize, PostIndex));

  // Calculate elements array and elements array end.
  // result: JSObject
  // elements_array_storage: elements array element storage
274 275
  // array_size: smi-tagged size of elements array
  ASSERT(kSmiTag == 0 && kSmiTagSize < kPointerSizeLog2);
276 277
  __ add(elements_array_end,
         elements_array_storage,
278
         Operand(array_size, LSL, kPointerSizeLog2 - kSmiTagSize));
279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311

  // Fill the allocated FixedArray with the hole value if requested.
  // result: JSObject
  // elements_array_storage: elements array element storage
  // elements_array_end: start of next object
  if (fill_with_hole) {
    Label loop, entry;
    __ LoadRoot(scratch1, Heap::kTheHoleValueRootIndex);
    __ jmp(&entry);
    __ bind(&loop);
    __ str(scratch1,
           MemOperand(elements_array_storage, kPointerSize, PostIndex));
    __ bind(&entry);
    __ cmp(elements_array_storage, elements_array_end);
    __ b(lt, &loop);
  }
}

// Create a new array for the built-in Array function. This function allocates
// the JSArray object and the FixedArray elements array and initializes these.
// If the Array cannot be constructed in native code the runtime is called. This
// function assumes the following state:
//   r0: argc
//   r1: constructor (built-in Array function)
//   lr: return address
//   sp[0]: last argument
// This function is used for both construct and normal calls of Array. The only
// difference between handling a construct call and a normal call is that for a
// construct call the constructor function in r1 needs to be preserved for
// entering the generic code. In both cases argc in r0 needs to be preserved.
// Both registers are preserved by this code so no need to differentiate between
// construct call and normal call.
static void ArrayNativeCode(MacroAssembler* masm,
312
                            Label* call_generic_code) {
313
  Counters* counters = masm->isolate()->counters();
314 315 316
  Label argc_one_or_more, argc_two_or_more;

  // Check for array construction with zero arguments or one.
317
  __ cmp(r0, Operand(0, RelocInfo::NONE));
318 319 320 321 322 323 324 325 326 327 328
  __ b(ne, &argc_one_or_more);

  // Handle construction of an empty array.
  AllocateEmptyJSArray(masm,
                       r1,
                       r2,
                       r3,
                       r4,
                       r5,
                       JSArray::kPreallocatedArrayElements,
                       call_generic_code);
329
  __ IncrementCounter(counters->array_function_native(), 1, r3, r4);
330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364
  // Setup return value, remove receiver from stack and return.
  __ mov(r0, r2);
  __ add(sp, sp, Operand(kPointerSize));
  __ Jump(lr);

  // Check for one argument. Bail out if argument is not smi or if it is
  // negative.
  __ bind(&argc_one_or_more);
  __ cmp(r0, Operand(1));
  __ b(ne, &argc_two_or_more);
  ASSERT(kSmiTag == 0);
  __ ldr(r2, MemOperand(sp));  // Get the argument from the stack.
  __ and_(r3, r2, Operand(kIntptrSignBit | kSmiTagMask), SetCC);
  __ b(ne, call_generic_code);

  // Handle construction of an empty array of a certain size. Bail out if size
  // is too large to actually allocate an elements array.
  ASSERT(kSmiTag == 0);
  __ cmp(r2, Operand(JSObject::kInitialMaxFastElementArray << kSmiTagSize));
  __ b(ge, call_generic_code);

  // r0: argc
  // r1: constructor
  // r2: array_size (smi)
  // sp[0]: argument
  AllocateJSArray(masm,
                  r1,
                  r2,
                  r3,
                  r4,
                  r5,
                  r6,
                  r7,
                  true,
                  call_generic_code);
365
  __ IncrementCounter(counters->array_function_native(), 1, r2, r4);
366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388
  // Setup return value, remove receiver and argument from stack and return.
  __ mov(r0, r3);
  __ add(sp, sp, Operand(2 * kPointerSize));
  __ Jump(lr);

  // Handle construction of an array from a list of arguments.
  __ bind(&argc_two_or_more);
  __ mov(r2, Operand(r0, LSL, kSmiTagSize));  // Convet argc to a smi.

  // r0: argc
  // r1: constructor
  // r2: array_size (smi)
  // sp[0]: last argument
  AllocateJSArray(masm,
                  r1,
                  r2,
                  r3,
                  r4,
                  r5,
                  r6,
                  r7,
                  false,
                  call_generic_code);
389
  __ IncrementCounter(counters->array_function_native(), 1, r2, r6);
390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419

  // Fill arguments as array elements. Copy from the top of the stack (last
  // element) to the array backing store filling it backwards. Note:
  // elements_array_end points after the backing store therefore PreIndex is
  // used when filling the backing store.
  // r0: argc
  // r3: JSArray
  // r4: elements_array storage start (untagged)
  // r5: elements_array_end (untagged)
  // sp[0]: last argument
  Label loop, entry;
  __ jmp(&entry);
  __ bind(&loop);
  __ ldr(r2, MemOperand(sp, kPointerSize, PostIndex));
  __ str(r2, MemOperand(r5, -kPointerSize, PreIndex));
  __ bind(&entry);
  __ cmp(r4, r5);
  __ b(lt, &loop);

  // Remove caller arguments and receiver from the stack, setup return value and
  // return.
  // r0: argc
  // r3: JSArray
  // sp[0]: receiver
  __ add(sp, sp, Operand(kPointerSize));
  __ mov(r0, r3);
  __ Jump(lr);
}


420
void Builtins::Generate_ArrayCode(MacroAssembler* masm) {
421 422 423 424 425 426 427 428 429 430 431
  // ----------- S t a t e -------------
  //  -- r0     : number of arguments
  //  -- lr     : return address
  //  -- sp[...]: constructor arguments
  // -----------------------------------
  Label generic_array_code, one_or_more_arguments, two_or_more_arguments;

  // Get the Array function.
  GenerateLoadArrayFunction(masm, r1);

  if (FLAG_debug_code) {
432
    // Initial map for the builtin Array functions should be maps.
433 434 435 436 437 438 439 440 441 442 443 444 445
    __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
    __ tst(r2, Operand(kSmiTagMask));
    __ Assert(ne, "Unexpected initial map for Array function");
    __ CompareObjectType(r2, r3, r4, MAP_TYPE);
    __ Assert(eq, "Unexpected initial map for Array function");
  }

  // Run the native code for the Array function called as a normal function.
  ArrayNativeCode(masm, &generic_array_code);

  // Jump to the generic array code if the specialized code cannot handle
  // the construction.
  __ bind(&generic_array_code);
446 447 448

  Handle<Code> array_code =
      masm->isolate()->builtins()->ArrayCodeGeneric();
449 450 451 452 453
  __ Jump(array_code, RelocInfo::CODE_TARGET);
}


void Builtins::Generate_ArrayConstructCode(MacroAssembler* masm) {
454 455 456 457 458 459 460 461 462
  // ----------- S t a t e -------------
  //  -- r0     : number of arguments
  //  -- r1     : constructor function
  //  -- lr     : return address
  //  -- sp[...]: constructor arguments
  // -----------------------------------
  Label generic_constructor;

  if (FLAG_debug_code) {
463 464
    // The array construct code is only set for the builtin and internal
    // Array functions which always have a map.
465 466 467 468 469 470 471 472 473 474 475 476 477 478
    // Initial map for the builtin Array function should be a map.
    __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
    __ tst(r2, Operand(kSmiTagMask));
    __ Assert(ne, "Unexpected initial map for Array function");
    __ CompareObjectType(r2, r3, r4, MAP_TYPE);
    __ Assert(eq, "Unexpected initial map for Array function");
  }

  // Run the native code for the Array function called as a constructor.
  ArrayNativeCode(masm, &generic_constructor);

  // Jump to the generic construct code in case the specialized code cannot
  // handle the construction.
  __ bind(&generic_constructor);
479 480
  Handle<Code> generic_construct_stub =
      masm->isolate()->builtins()->JSConstructStubGeneric();
481 482 483 484
  __ Jump(generic_construct_stub, RelocInfo::CODE_TARGET);
}


485
void Builtins::Generate_StringConstructCode(MacroAssembler* masm) {
486 487 488 489 490 491 492
  // ----------- S t a t e -------------
  //  -- r0                     : number of arguments
  //  -- r1                     : constructor function
  //  -- lr                     : return address
  //  -- sp[(argc - n - 1) * 4] : arg[n] (zero based)
  //  -- sp[argc * 4]           : receiver
  // -----------------------------------
493 494
  Counters* counters = masm->isolate()->counters();
  __ IncrementCounter(counters->string_ctor_calls(), 1, r2, r3);
495 496 497 498 499 500 501 502 503 504

  Register function = r1;
  if (FLAG_debug_code) {
    __ LoadGlobalFunction(Context::STRING_FUNCTION_INDEX, r2);
    __ cmp(function, Operand(r2));
    __ Assert(eq, "Unexpected String function");
  }

  // Load the first arguments in r0 and get rid of the rest.
  Label no_arguments;
505
  __ cmp(r0, Operand(0, RelocInfo::NONE));
506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523
  __ b(eq, &no_arguments);
  // First args = sp[(argc - 1) * 4].
  __ sub(r0, r0, Operand(1));
  __ ldr(r0, MemOperand(sp, r0, LSL, kPointerSizeLog2, PreIndex));
  // sp now point to args[0], drop args[0] + receiver.
  __ Drop(2);

  Register argument = r2;
  Label not_cached, argument_is_string;
  NumberToStringStub::GenerateLookupNumberStringCache(
      masm,
      r0,        // Input.
      argument,  // Result.
      r3,        // Scratch.
      r4,        // Scratch.
      r5,        // Scratch.
      false,     // Is it a Smi?
      &not_cached);
524
  __ IncrementCounter(counters->string_ctor_cached_number(), 1, r3, r4);
525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548
  __ bind(&argument_is_string);

  // ----------- S t a t e -------------
  //  -- r2     : argument converted to string
  //  -- r1     : constructor function
  //  -- lr     : return address
  // -----------------------------------

  Label gc_required;
  __ AllocateInNewSpace(JSValue::kSize,
                        r0,  // Result.
                        r3,  // Scratch.
                        r4,  // Scratch.
                        &gc_required,
                        TAG_OBJECT);

  // Initialising the String Object.
  Register map = r3;
  __ LoadGlobalFunctionInitialMap(function, map, r4);
  if (FLAG_debug_code) {
    __ ldrb(r4, FieldMemOperand(map, Map::kInstanceSizeOffset));
    __ cmp(r4, Operand(JSValue::kSize >> kPointerSizeLog2));
    __ Assert(eq, "Unexpected string wrapper instance size");
    __ ldrb(r4, FieldMemOperand(map, Map::kUnusedPropertyFieldsOffset));
549
    __ cmp(r4, Operand(0, RelocInfo::NONE));
550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568
    __ Assert(eq, "Unexpected unused properties of string wrapper");
  }
  __ str(map, FieldMemOperand(r0, HeapObject::kMapOffset));

  __ LoadRoot(r3, Heap::kEmptyFixedArrayRootIndex);
  __ str(r3, FieldMemOperand(r0, JSObject::kPropertiesOffset));
  __ str(r3, FieldMemOperand(r0, JSObject::kElementsOffset));

  __ str(argument, FieldMemOperand(r0, JSValue::kValueOffset));

  // Ensure the object is fully initialized.
  STATIC_ASSERT(JSValue::kSize == 4 * kPointerSize);

  __ Ret();

  // The argument was not found in the number to string cache. Check
  // if it's a string already before calling the conversion builtin.
  Label convert_argument;
  __ bind(&not_cached);
569
  __ JumpIfSmi(r0, &convert_argument);
570 571 572 573 574 575 576 577

  // Is it a String?
  __ ldr(r2, FieldMemOperand(r0, HeapObject::kMapOffset));
  __ ldrb(r3, FieldMemOperand(r2, Map::kInstanceTypeOffset));
  ASSERT(kNotStringTag != 0);
  __ tst(r3, Operand(kIsNotStringMask));
  __ b(ne, &convert_argument);
  __ mov(argument, r0);
578
  __ IncrementCounter(counters->string_ctor_conversions(), 1, r3, r4);
579 580 581 582 583
  __ b(&argument_is_string);

  // Invoke the conversion builtin and put the result into r2.
  __ bind(&convert_argument);
  __ push(function);  // Preserve the function.
584
  __ IncrementCounter(counters->string_ctor_conversions(), 1, r3, r4);
585 586 587 588
  __ EnterInternalFrame();
  __ push(r0);
  __ InvokeBuiltin(Builtins::TO_STRING, CALL_FUNCTION);
  __ LeaveInternalFrame();
589 590 591 592 593 594 595 596 597 598 599 600 601 602
  __ pop(function);
  __ mov(argument, r0);
  __ b(&argument_is_string);

  // Load the empty string into r2, remove the receiver from the
  // stack, and jump back to the case where the argument is a string.
  __ bind(&no_arguments);
  __ LoadRoot(argument, Heap::kEmptyStringRootIndex);
  __ Drop(1);
  __ b(&argument_is_string);

  // At this point the argument is already a string. Call runtime to
  // create a string wrapper.
  __ bind(&gc_required);
603
  __ IncrementCounter(counters->string_ctor_gc_required(), 1, r3, r4);
604 605 606 607
  __ EnterInternalFrame();
  __ push(argument);
  __ CallRuntime(Runtime::kNewStringWrapper, 1);
  __ LeaveInternalFrame();
608
  __ Ret();
609 610 611
}


612
void Builtins::Generate_JSConstructCall(MacroAssembler* masm) {
613 614 615 616 617 618 619
  // ----------- S t a t e -------------
  //  -- r0     : number of arguments
  //  -- r1     : constructor function
  //  -- lr     : return address
  //  -- sp[...]: constructor arguments
  // -----------------------------------

620 621
  Label non_function_call;
  // Check that the function is not a smi.
622
  __ JumpIfSmi(r1, &non_function_call);
623
  // Check that the function is a JSFunction.
624
  __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE);
625 626
  __ b(ne, &non_function_call);

627 628 629 630 631 632 633 634 635
  // Jump to the function-specific construct stub.
  __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
  __ ldr(r2, FieldMemOperand(r2, SharedFunctionInfo::kConstructStubOffset));
  __ add(pc, r2, Operand(Code::kHeaderSize - kHeapObjectTag));

  // r0: number of arguments
  // r1: called object
  __ bind(&non_function_call);
  // Set expected number of arguments to zero (not changing r0).
636
  __ mov(r2, Operand(0, RelocInfo::NONE));
637
  __ GetBuiltinEntry(r3, Builtins::CALL_NON_FUNCTION_AS_CONSTRUCTOR);
638
  __ SetCallKind(r5, CALL_AS_METHOD);
639 640
  __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
          RelocInfo::CODE_TARGET);
641 642 643
}


644
static void Generate_JSConstructStubHelper(MacroAssembler* masm,
645 646 647 648 649
                                           bool is_api_function,
                                           bool count_constructions) {
  // Should never count constructions for api objects.
  ASSERT(!is_api_function || !count_constructions);

650 651
  Isolate* isolate = masm->isolate();

652
  // Enter a construct frame.
653 654 655 656 657 658 659 660 661 662 663 664
  __ EnterConstructFrame();

  // Preserve the two incoming parameters on the stack.
  __ mov(r0, Operand(r0, LSL, kSmiTagSize));
  __ push(r0);  // Smi-tagged arguments count.
  __ push(r1);  // Constructor function.

  // Try to allocate the object without transitioning into C code. If any of the
  // preconditions is not met, the code bails out to the runtime call.
  Label rt_call, allocated;
  if (FLAG_inline_new) {
    Label undo_allocation;
665
#ifdef ENABLE_DEBUGGER_SUPPORT
666 667 668 669 670 671
    ExternalReference debug_step_in_fp =
        ExternalReference::debug_step_in_fp_address(isolate);
    __ mov(r2, Operand(debug_step_in_fp));
    __ ldr(r2, MemOperand(r2));
    __ tst(r2, r2);
    __ b(ne, &rt_call);
672 673
#endif

674 675 676
    // Load the initial map and verify that it is in fact a map.
    // r1: constructor function
    __ ldr(r2, FieldMemOperand(r1, JSFunction::kPrototypeOrInitialMapOffset));
677
    __ JumpIfSmi(r2, &rt_call);
678 679
    __ CompareObjectType(r2, r3, r4, MAP_TYPE);
    __ b(ne, &rt_call);
680

681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710
    // Check that the constructor is not constructing a JSFunction (see comments
    // in Runtime_NewObject in runtime.cc). In which case the initial map's
    // instance type would be JS_FUNCTION_TYPE.
    // r1: constructor function
    // r2: initial map
    __ CompareInstanceType(r2, r3, JS_FUNCTION_TYPE);
    __ b(eq, &rt_call);

    if (count_constructions) {
      Label allocate;
      // Decrease generous allocation count.
      __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
      MemOperand constructor_count =
          FieldMemOperand(r3, SharedFunctionInfo::kConstructionCountOffset);
      __ ldrb(r4, constructor_count);
      __ sub(r4, r4, Operand(1), SetCC);
      __ strb(r4, constructor_count);
      __ b(ne, &allocate);

      __ Push(r1, r2);

      __ push(r1);  // constructor
      // The call will replace the stub, so the countdown is only done once.
      __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);

      __ pop(r2);
      __ pop(r1);

      __ bind(&allocate);
    }
711

712 713 714 715 716
    // Now allocate the JSObject on the heap.
    // r1: constructor function
    // r2: initial map
    __ ldrb(r3, FieldMemOperand(r2, Map::kInstanceSizeOffset));
    __ AllocateInNewSpace(r3, r4, r5, r6, &rt_call, SIZE_IN_WORDS);
717

718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746
    // Allocated the JSObject, now initialize the fields. Map is set to initial
    // map and properties and elements are set to empty fixed array.
    // r1: constructor function
    // r2: initial map
    // r3: object size
    // r4: JSObject (not tagged)
    __ LoadRoot(r6, Heap::kEmptyFixedArrayRootIndex);
    __ mov(r5, r4);
    ASSERT_EQ(0 * kPointerSize, JSObject::kMapOffset);
    __ str(r2, MemOperand(r5, kPointerSize, PostIndex));
    ASSERT_EQ(1 * kPointerSize, JSObject::kPropertiesOffset);
    __ str(r6, MemOperand(r5, kPointerSize, PostIndex));
    ASSERT_EQ(2 * kPointerSize, JSObject::kElementsOffset);
    __ str(r6, MemOperand(r5, kPointerSize, PostIndex));

    // Fill all the in-object properties with the appropriate filler.
    // r1: constructor function
    // r2: initial map
    // r3: object size (in words)
    // r4: JSObject (not tagged)
    // r5: First in-object property of JSObject (not tagged)
    __ add(r6, r4, Operand(r3, LSL, kPointerSizeLog2));  // End of object.
    ASSERT_EQ(3 * kPointerSize, JSObject::kHeaderSize);
    { Label loop, entry;
      if (count_constructions) {
        // To allow for truncation.
        __ LoadRoot(r7, Heap::kOnePointerFillerMapRootIndex);
      } else {
        __ LoadRoot(r7, Heap::kUndefinedValueRootIndex);
747
      }
748 749 750 751 752 753
      __ b(&entry);
      __ bind(&loop);
      __ str(r7, MemOperand(r5, kPointerSize, PostIndex));
      __ bind(&entry);
      __ cmp(r5, r6);
      __ b(lt, &loop);
754 755
    }

756 757 758 759 760
    // Add the object tag to make the JSObject real, so that we can continue and
    // jump into the continuation code at any time from now on. Any failures
    // need to undo the allocation, so that the heap is in a consistent state
    // and verifiable.
    __ add(r4, r4, Operand(kHeapObjectTag));
761

762 763 764
    // Check if a non-empty properties array is needed. Continue with allocated
    // object if not fall through to runtime call if it is.
    // r1: constructor function
765
    // r4: JSObject
766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808
    // r5: start of next object (not tagged)
    __ ldrb(r3, FieldMemOperand(r2, Map::kUnusedPropertyFieldsOffset));
    // The field instance sizes contains both pre-allocated property fields and
    // in-object properties.
    __ ldr(r0, FieldMemOperand(r2, Map::kInstanceSizesOffset));
    __ Ubfx(r6, r0, Map::kPreAllocatedPropertyFieldsByte * 8, 8);
    __ add(r3, r3, Operand(r6));
    __ Ubfx(r6, r0, Map::kInObjectPropertiesByte * 8, 8);
    __ sub(r3, r3, Operand(r6), SetCC);

    // Done if no extra properties are to be allocated.
    __ b(eq, &allocated);
    __ Assert(pl, "Property allocation count failed.");

    // Scale the number of elements by pointer size and add the header for
    // FixedArrays to the start of the next object calculation from above.
    // r1: constructor
    // r3: number of elements in properties array
    // r4: JSObject
    // r5: start of next object
    __ add(r0, r3, Operand(FixedArray::kHeaderSize / kPointerSize));
    __ AllocateInNewSpace(
        r0,
        r5,
        r6,
        r2,
        &undo_allocation,
        static_cast<AllocationFlags>(RESULT_CONTAINS_TOP | SIZE_IN_WORDS));

    // Initialize the FixedArray.
    // r1: constructor
    // r3: number of elements in properties array
    // r4: JSObject
    // r5: FixedArray (not tagged)
    __ LoadRoot(r6, Heap::kFixedArrayMapRootIndex);
    __ mov(r2, r5);
    ASSERT_EQ(0 * kPointerSize, JSObject::kMapOffset);
    __ str(r6, MemOperand(r2, kPointerSize, PostIndex));
    ASSERT_EQ(1 * kPointerSize, FixedArray::kLengthOffset);
    __ mov(r0, Operand(r3, LSL, kSmiTagSize));
    __ str(r0, MemOperand(r2, kPointerSize, PostIndex));

    // Initialize the fields to undefined.
809
    // r1: constructor function
810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833
    // r2: First element of FixedArray (not tagged)
    // r3: number of elements in properties array
    // r4: JSObject
    // r5: FixedArray (not tagged)
    __ add(r6, r2, Operand(r3, LSL, kPointerSizeLog2));  // End of object.
    ASSERT_EQ(2 * kPointerSize, FixedArray::kHeaderSize);
    { Label loop, entry;
      if (count_constructions) {
        __ LoadRoot(r7, Heap::kUndefinedValueRootIndex);
      } else if (FLAG_debug_code) {
        __ LoadRoot(r8, Heap::kUndefinedValueRootIndex);
        __ cmp(r7, r8);
        __ Assert(eq, "Undefined value not loaded.");
      }
      __ b(&entry);
      __ bind(&loop);
      __ str(r7, MemOperand(r2, kPointerSize, PostIndex));
      __ bind(&entry);
      __ cmp(r2, r6);
      __ b(lt, &loop);
    }

    // Store the initialized FixedArray into the properties field of
    // the JSObject
834
    // r1: constructor function
835 836 837 838
    // r4: JSObject
    // r5: FixedArray (not tagged)
    __ add(r5, r5, Operand(kHeapObjectTag));  // Add the heap tag.
    __ str(r5, FieldMemOperand(r4, JSObject::kPropertiesOffset));
839

840
    // Continue with JSObject being successfully allocated
841
    // r1: constructor function
842 843 844 845 846 847 848 849 850 851
    // r4: JSObject
    __ jmp(&allocated);

    // Undo the setting of the new top so that the heap is verifiable. For
    // example, the map's unused properties potentially do not match the
    // allocated objects unused properties.
    // r4: JSObject (previous new top)
    __ bind(&undo_allocation);
    __ UndoAllocationInNewSpace(r4, r5);
  }
852

853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883
  // Allocate the new receiver object using the runtime call.
  // r1: constructor function
  __ bind(&rt_call);
  __ push(r1);  // argument for Runtime_NewObject
  __ CallRuntime(Runtime::kNewObject, 1);
  __ mov(r4, r0);

  // Receiver for constructor call allocated.
  // r4: JSObject
  __ bind(&allocated);
  __ push(r4);

  // Push the function and the allocated receiver from the stack.
  // sp[0]: receiver (newly allocated object)
  // sp[1]: constructor function
  // sp[2]: number of arguments (smi-tagged)
  __ ldr(r1, MemOperand(sp, kPointerSize));
  __ push(r1);  // Constructor function.
  __ push(r4);  // Receiver.

  // Reload the number of arguments from the stack.
  // r1: constructor function
  // sp[0]: receiver
  // sp[1]: constructor function
  // sp[2]: receiver
  // sp[3]: constructor function
  // sp[4]: number of arguments (smi-tagged)
  __ ldr(r3, MemOperand(sp, 4 * kPointerSize));

  // Setup pointer to last argument.
  __ add(r2, fp, Operand(StandardFrameConstants::kCallerSPOffset));
884

885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920
  // Setup number of arguments for function call below
  __ mov(r0, Operand(r3, LSR, kSmiTagSize));

  // Copy arguments and receiver to the expression stack.
  // r0: number of arguments
  // r2: address of last argument (caller sp)
  // r1: constructor function
  // r3: number of arguments (smi-tagged)
  // sp[0]: receiver
  // sp[1]: constructor function
  // sp[2]: receiver
  // sp[3]: constructor function
  // sp[4]: number of arguments (smi-tagged)
  Label loop, entry;
  __ b(&entry);
  __ bind(&loop);
  __ ldr(ip, MemOperand(r2, r3, LSL, kPointerSizeLog2 - 1));
  __ push(ip);
  __ bind(&entry);
  __ sub(r3, r3, Operand(2), SetCC);
  __ b(ge, &loop);

  // Call the function.
  // r0: number of arguments
  // r1: constructor function
  if (is_api_function) {
    __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
    Handle<Code> code =
        masm->isolate()->builtins()->HandleApiCallConstruct();
    ParameterCount expected(0);
    __ InvokeCode(code, expected, expected,
                  RelocInfo::CODE_TARGET, CALL_FUNCTION, CALL_AS_METHOD);
  } else {
    ParameterCount actual(r0);
    __ InvokeFunction(r1, actual, CALL_FUNCTION,
                      NullCallWrapper(), CALL_AS_METHOD);
921
  }
922

923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946
  // Pop the function from the stack.
  // sp[0]: constructor function
  // sp[2]: receiver
  // sp[3]: constructor function
  // sp[4]: number of arguments (smi-tagged)
  __ pop();

  // Restore context from the frame.
  // r0: result
  // sp[0]: receiver
  // sp[1]: constructor function
  // sp[2]: number of arguments (smi-tagged)
  __ ldr(cp, MemOperand(fp, StandardFrameConstants::kContextOffset));

  // If the result is an object (in the ECMA sense), we should get rid
  // of the receiver and use the result; see ECMA-262 section 13.2.2-7
  // on page 74.
  Label use_receiver, exit;

  // If the result is a smi, it is *not* an object in the ECMA sense.
  // r0: result
  // sp[0]: receiver (newly allocated object)
  // sp[1]: constructor function
  // sp[2]: number of arguments (smi-tagged)
947
  __ JumpIfSmi(r0, &use_receiver);
948 949

  // If the type of the result (stored in its map) is less than
950 951
  // FIRST_SPEC_OBJECT_TYPE, it is not an object in the ECMA sense.
  __ CompareObjectType(r0, r3, r3, FIRST_SPEC_OBJECT_TYPE);
952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967
  __ b(ge, &exit);

  // Throw away the result of the constructor invocation and use the
  // on-stack receiver as the result.
  __ bind(&use_receiver);
  __ ldr(r0, MemOperand(sp));

  // Remove receiver from the stack, remove caller arguments, and
  // return.
  __ bind(&exit);
  // r0: result
  // sp[0]: receiver (newly allocated object)
  // sp[1]: constructor function
  // sp[2]: number of arguments (smi-tagged)
  __ ldr(r1, MemOperand(sp, 2 * kPointerSize));
  __ LeaveConstructFrame();
968 969
  __ add(sp, sp, Operand(r1, LSL, kPointerSizeLog2 - 1));
  __ add(sp, sp, Operand(kPointerSize));
970
  __ IncrementCounter(isolate->counters()->constructed_objects(), 1, r1, r2);
971
  __ Jump(lr);
972 973 974
}


975 976 977 978 979
void Builtins::Generate_JSConstructStubCountdown(MacroAssembler* masm) {
  Generate_JSConstructStubHelper(masm, false, true);
}


980
void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
981
  Generate_JSConstructStubHelper(masm, false, false);
982 983 984 985
}


void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {
986
  Generate_JSConstructStubHelper(masm, true, false);
987 988 989
}


990 991 992 993 994 995 996 997 998 999
static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
                                             bool is_construct) {
  // Called from Generate_JS_Entry
  // r0: code entry
  // r1: function
  // r2: receiver
  // r3: argc
  // r4: argv
  // r5-r7, cp may be clobbered

1000
  // Clear the context before we push it when entering the JS frame.
1001
  __ mov(cp, Operand(0, RelocInfo::NONE));
1002 1003

  // Enter an internal frame.
1004
  __ EnterInternalFrame();
1005

1006 1007
  // Set up the context from the function argument.
  __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
1008

1009 1010 1011 1012
  // Set up the roots register.
  ExternalReference roots_address =
      ExternalReference::roots_address(masm->isolate());
  __ mov(r10, Operand(roots_address));
1013

1014 1015 1016
  // Push the function and the receiver onto the stack.
  __ push(r1);
  __ push(r2);
1017

1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042
  // Copy arguments to the stack in a loop.
  // r1: function
  // r3: argc
  // r4: argv, i.e. points to first arg
  Label loop, entry;
  __ add(r2, r4, Operand(r3, LSL, kPointerSizeLog2));
  // r2 points past last arg.
  __ b(&entry);
  __ bind(&loop);
  __ ldr(r0, MemOperand(r4, kPointerSize, PostIndex));  // read next parameter
  __ ldr(r0, MemOperand(r0));  // dereference handle
  __ push(r0);  // push parameter
  __ bind(&entry);
  __ cmp(r4, r2);
  __ b(ne, &loop);

  // Initialize all JavaScript callee-saved registers, since they will be seen
  // by the garbage collector as part of handlers.
  __ LoadRoot(r4, Heap::kUndefinedValueRootIndex);
  __ mov(r5, Operand(r4));
  __ mov(r6, Operand(r4));
  __ mov(r7, Operand(r4));
  if (kR9Available == 1) {
    __ mov(r9, Operand(r4));
  }
1043

1044 1045 1046
  // Invoke the code and pass argc as r0.
  __ mov(r0, Operand(r3));
  if (is_construct) {
1047
    __ Call(masm->isolate()->builtins()->JSConstructCall());
1048 1049 1050 1051
  } else {
    ParameterCount actual(r0);
    __ InvokeFunction(r1, actual, CALL_FUNCTION,
                      NullCallWrapper(), CALL_AS_METHOD);
1052
  }
1053 1054 1055 1056

  // Exit the JS frame and remove the parameters (except function), and return.
  // Respect ABI stack constraint.
  __ LeaveInternalFrame();
1057
  __ Jump(lr);
1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072

  // r0: result
}


void Builtins::Generate_JSEntryTrampoline(MacroAssembler* masm) {
  Generate_JSEntryTrampolineHelper(masm, false);
}


void Builtins::Generate_JSConstructEntryTrampoline(MacroAssembler* masm) {
  Generate_JSEntryTrampolineHelper(masm, true);
}


1073 1074
void Builtins::Generate_LazyCompile(MacroAssembler* masm) {
  // Enter an internal frame.
1075
  __ EnterInternalFrame();
1076

1077 1078 1079 1080
  // Preserve the function.
  __ push(r1);
  // Push call kind information.
  __ push(r5);
1081

1082 1083 1084 1085 1086
  // Push the function on the stack as the argument to the runtime function.
  __ push(r1);
  __ CallRuntime(Runtime::kLazyCompile, 1);
  // Calculate the entry point.
  __ add(r2, r0, Operand(Code::kHeaderSize - kHeapObjectTag));
1087

1088 1089 1090 1091
  // Restore call kind information.
  __ pop(r5);
  // Restore saved function.
  __ pop(r1);
1092

1093 1094
  // Tear down temporary frame.
  __ LeaveInternalFrame();
1095 1096 1097 1098 1099 1100

  // Do a tail-call of the compiled function.
  __ Jump(r2);
}


1101 1102
void Builtins::Generate_LazyRecompile(MacroAssembler* masm) {
  // Enter an internal frame.
1103
  __ EnterInternalFrame();
1104

1105 1106 1107 1108
  // Preserve the function.
  __ push(r1);
  // Push call kind information.
  __ push(r5);
1109

1110 1111 1112 1113 1114
  // Push the function on the stack as the argument to the runtime function.
  __ push(r1);
  __ CallRuntime(Runtime::kLazyRecompile, 1);
  // Calculate the entry point.
  __ add(r2, r0, Operand(Code::kHeaderSize - kHeapObjectTag));
1115

1116 1117 1118 1119
  // Restore call kind information.
  __ pop(r5);
  // Restore saved function.
  __ pop(r1);
1120

1121 1122
  // Tear down temporary frame.
  __ LeaveInternalFrame();
1123 1124 1125 1126 1127 1128 1129 1130

  // Do a tail-call of the compiled function.
  __ Jump(r2);
}


static void Generate_NotifyDeoptimizedHelper(MacroAssembler* masm,
                                             Deoptimizer::BailoutType type) {
1131 1132 1133 1134 1135 1136
  __ EnterInternalFrame();
  // Pass the function and deoptimization type to the runtime system.
  __ mov(r0, Operand(Smi::FromInt(static_cast<int>(type))));
  __ push(r0);
  __ CallRuntime(Runtime::kNotifyDeoptimized, 1);
  __ LeaveInternalFrame();
1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170

  // Get the full codegen state from the stack and untag it -> r6.
  __ ldr(r6, MemOperand(sp, 0 * kPointerSize));
  __ SmiUntag(r6);
  // Switch on the state.
  Label with_tos_register, unknown_state;
  __ cmp(r6, Operand(FullCodeGenerator::NO_REGISTERS));
  __ b(ne, &with_tos_register);
  __ add(sp, sp, Operand(1 * kPointerSize));  // Remove state.
  __ Ret();

  __ bind(&with_tos_register);
  __ ldr(r0, MemOperand(sp, 1 * kPointerSize));
  __ cmp(r6, Operand(FullCodeGenerator::TOS_REG));
  __ b(ne, &unknown_state);
  __ add(sp, sp, Operand(2 * kPointerSize));  // Remove state.
  __ Ret();

  __ bind(&unknown_state);
  __ stop("no cases left");
}


void Builtins::Generate_NotifyDeoptimized(MacroAssembler* masm) {
  Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::EAGER);
}


void Builtins::Generate_NotifyLazyDeoptimized(MacroAssembler* masm) {
  Generate_NotifyDeoptimizedHelper(masm, Deoptimizer::LAZY);
}


void Builtins::Generate_NotifyOSR(MacroAssembler* masm) {
1171 1172 1173 1174 1175
  // For now, we are relying on the fact that Runtime::NotifyOSR
  // doesn't do any garbage collection which allows us to save/restore
  // the registers without worrying about which of them contain
  // pointers. This seems a bit fragile.
  __ stm(db_w, sp, kJSCallerSaved | kCalleeSaved | lr.bit() | fp.bit());
1176 1177 1178
  __ EnterInternalFrame();
  __ CallRuntime(Runtime::kNotifyOSR, 0);
  __ LeaveInternalFrame();
1179 1180
  __ ldm(ia_w, sp, kJSCallerSaved | kCalleeSaved | lr.bit() | fp.bit());
  __ Ret();
1181 1182 1183 1184
}


void Builtins::Generate_OnStackReplacement(MacroAssembler* masm) {
1185 1186 1187 1188 1189
  CpuFeatures::TryForceFeatureScope scope(VFP3);
  if (!CpuFeatures::IsSupported(VFP3)) {
    __ Abort("Unreachable code: Cannot optimize without VFP3 support.");
    return;
  }
1190 1191 1192 1193

  // Lookup the function in the JavaScript frame and push it as an
  // argument to the on-stack replacement function.
  __ ldr(r0, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
1194 1195 1196 1197
  __ EnterInternalFrame();
  __ push(r0);
  __ CallRuntime(Runtime::kCompileForOnStackReplacement, 1);
  __ LeaveInternalFrame();
1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214

  // If the result was -1 it means that we couldn't optimize the
  // function. Just return and continue in the unoptimized version.
  Label skip;
  __ cmp(r0, Operand(Smi::FromInt(-1)));
  __ b(ne, &skip);
  __ Ret();

  __ bind(&skip);
  // Untag the AST id and push it on the stack.
  __ SmiUntag(r0);
  __ push(r0);

  // Generate the code for doing the frame-to-frame translation using
  // the deoptimizer infrastructure.
  Deoptimizer::EntryGenerator generator(masm, Deoptimizer::OSR);
  generator.Generate();
1215 1216 1217
}


1218 1219
void Builtins::Generate_FunctionCall(MacroAssembler* masm) {
  // 1. Make sure we have at least one argument.
1220
  // r0: actual number of arguments
1221 1222 1223
  { Label done;
    __ tst(r0, Operand(r0));
    __ b(ne, &done);
1224
    __ LoadRoot(r2, Heap::kUndefinedValueRootIndex);
1225 1226 1227 1228 1229
    __ push(r2);
    __ add(r0, r0, Operand(1));
    __ bind(&done);
  }

1230 1231
  // 2. Get the function to call (passed as receiver) from the stack, check
  //    if it is a function.
1232
  // r0: actual number of arguments
1233 1234
  Label non_function;
  __ ldr(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));
1235
  __ JumpIfSmi(r1, &non_function);
1236 1237
  __ CompareObjectType(r1, r2, r2, JS_FUNCTION_TYPE);
  __ b(ne, &non_function);
1238

1239
  // 3a. Patch the first argument if necessary when calling a function.
1240 1241
  // r0: actual number of arguments
  // r1: function
1242 1243 1244 1245 1246
  Label shift_arguments;
  { Label convert_to_object, use_global_receiver, patch_receiver;
    // Change context eagerly in case we need the global receiver.
    __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));

1247 1248
    // Do not transform the receiver for strict mode functions.
    __ ldr(r2, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
1249 1250
    __ ldr(r3, FieldMemOperand(r2, SharedFunctionInfo::kCompilerHintsOffset));
    __ tst(r3, Operand(1 << (SharedFunctionInfo::kStrictModeFunction +
1251 1252 1253
                             kSmiTagSize)));
    __ b(ne, &shift_arguments);

1254
    // Do not transform the receiver for native (Compilerhints already in r3).
1255
    __ tst(r3, Operand(1 << (SharedFunctionInfo::kNative + kSmiTagSize)));
1256
    __ b(ne, &shift_arguments);
1257

1258
    // Compute the receiver in non-strict mode.
1259 1260 1261 1262 1263
    __ add(r2, sp, Operand(r0, LSL, kPointerSizeLog2));
    __ ldr(r2, MemOperand(r2, -kPointerSize));
    // r0: actual number of arguments
    // r1: function
    // r2: first argument
1264
    __ JumpIfSmi(r2, &convert_to_object);
1265

1266
    __ LoadRoot(r3, Heap::kUndefinedValueRootIndex);
1267 1268
    __ cmp(r2, r3);
    __ b(eq, &use_global_receiver);
1269
    __ LoadRoot(r3, Heap::kNullValueRootIndex);
1270 1271 1272
    __ cmp(r2, r3);
    __ b(eq, &use_global_receiver);

1273 1274
    STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
    __ CompareObjectType(r2, r3, r3, FIRST_SPEC_OBJECT_TYPE);
1275
    __ b(ge, &shift_arguments);
1276

1277
    __ bind(&convert_to_object);
1278 1279 1280
    __ EnterInternalFrame();  // In order to preserve argument count.
    __ mov(r0, Operand(r0, LSL, kSmiTagSize));  // Smi-tagged.
    __ push(r0);
1281

1282 1283 1284
    __ push(r2);
    __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
    __ mov(r2, r0);
1285

1286 1287 1288
    __ pop(r0);
    __ mov(r0, Operand(r0, ASR, kSmiTagSize));
    __ LeaveInternalFrame();
1289 1290 1291
    // Restore the function to r1.
    __ ldr(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));
    __ jmp(&patch_receiver);
1292

1293 1294
    // Use the global receiver object from the called function as the
    // receiver.
1295 1296 1297 1298
    __ bind(&use_global_receiver);
    const int kGlobalIndex =
        Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize;
    __ ldr(r2, FieldMemOperand(cp, kGlobalIndex));
1299 1300
    __ ldr(r2, FieldMemOperand(r2, GlobalObject::kGlobalContextOffset));
    __ ldr(r2, FieldMemOperand(r2, kGlobalIndex));
1301
    __ ldr(r2, FieldMemOperand(r2, GlobalObject::kGlobalReceiverOffset));
1302 1303 1304 1305 1306

    __ bind(&patch_receiver);
    __ add(r3, sp, Operand(r0, LSL, kPointerSizeLog2));
    __ str(r2, MemOperand(r3, -kPointerSize));

1307
    __ jmp(&shift_arguments);
1308 1309
  }

1310 1311 1312 1313 1314
  // 3b. Patch the first argument when calling a non-function.  The
  //     CALL_NON_FUNCTION builtin expects the non-function callee as
  //     receiver, so overwrite the first argument which will ultimately
  //     become the receiver.
  // r0: actual number of arguments
1315
  // r1: function
1316 1317 1318 1319
  __ bind(&non_function);
  __ add(r2, sp, Operand(r0, LSL, kPointerSizeLog2));
  __ str(r1, MemOperand(r2, -kPointerSize));
  // Clear r1 to indicate a non-function being called.
1320
  __ mov(r1, Operand(0, RelocInfo::NONE));
1321 1322 1323 1324 1325 1326 1327

  // 4. Shift arguments and return address one slot down on the stack
  //    (overwriting the original receiver).  Adjust argument count to make
  //    the original first argument the new receiver.
  // r0: actual number of arguments
  // r1: function
  __ bind(&shift_arguments);
1328 1329 1330 1331 1332 1333 1334 1335 1336 1337
  { Label loop;
    // Calculate the copy start address (destination). Copy end address is sp.
    __ add(r2, sp, Operand(r0, LSL, kPointerSizeLog2));

    __ bind(&loop);
    __ ldr(ip, MemOperand(r2, -kPointerSize));
    __ str(ip, MemOperand(r2));
    __ sub(r2, r2, Operand(kPointerSize));
    __ cmp(r2, sp);
    __ b(ne, &loop);
1338 1339
    // Adjust the actual number of arguments and remove the top element
    // (which is a copy of the last argument).
1340 1341
    __ sub(r0, r0, Operand(1));
    __ pop();
1342 1343
  }

1344 1345 1346 1347 1348 1349
  // 5a. Call non-function via tail call to CALL_NON_FUNCTION builtin.
  // r0: actual number of arguments
  // r1: function
  { Label function;
    __ tst(r1, r1);
    __ b(ne, &function);
1350 1351
    // Expected number of arguments is 0 for CALL_NON_FUNCTION.
    __ mov(r2, Operand(0, RelocInfo::NONE));
1352
    __ GetBuiltinEntry(r3, Builtins::CALL_NON_FUNCTION);
1353
    __ SetCallKind(r5, CALL_AS_METHOD);
1354 1355
    __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
            RelocInfo::CODE_TARGET);
1356 1357 1358 1359 1360 1361
    __ bind(&function);
  }

  // 5b. Get the code to call from the function and check that the number of
  //     expected arguments matches what we're providing.  If so, jump
  //     (tail-call) to the code in register edx without checking arguments.
1362 1363
  // r0: actual number of arguments
  // r1: function
1364 1365 1366
  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
  __ ldr(r2,
         FieldMemOperand(r3, SharedFunctionInfo::kFormalParameterCountOffset));
1367
  __ mov(r2, Operand(r2, ASR, kSmiTagSize));
1368
  __ ldr(r3, FieldMemOperand(r1, JSFunction::kCodeEntryOffset));
1369
  __ SetCallKind(r5, CALL_AS_METHOD);
1370
  __ cmp(r2, r0);  // Check formal and actual parameter counts.
1371 1372 1373
  __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
          RelocInfo::CODE_TARGET,
          ne);
1374

1375
  ParameterCount expected(0);
1376 1377
  __ InvokeCode(r3, expected, expected, JUMP_FUNCTION,
                NullCallWrapper(), CALL_AS_METHOD);
1378 1379 1380
}


1381
void Builtins::Generate_FunctionApply(MacroAssembler* masm) {
1382 1383 1384 1385 1386 1387
  const int kIndexOffset    = -5 * kPointerSize;
  const int kLimitOffset    = -4 * kPointerSize;
  const int kArgsOffset     =  2 * kPointerSize;
  const int kRecvOffset     =  3 * kPointerSize;
  const int kFunctionOffset =  4 * kPointerSize;

1388
  __ EnterInternalFrame();
1389

1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441
  __ ldr(r0, MemOperand(fp, kFunctionOffset));  // get the function
  __ push(r0);
  __ ldr(r0, MemOperand(fp, kArgsOffset));  // get the args array
  __ push(r0);
  __ InvokeBuiltin(Builtins::APPLY_PREPARE, CALL_FUNCTION);

  // Check the stack for overflow. We are not trying need to catch
  // interruptions (e.g. debug break and preemption) here, so the "real stack
  // limit" is checked.
  Label okay;
  __ LoadRoot(r2, Heap::kRealStackLimitRootIndex);
  // Make r2 the space we have left. The stack might already be overflowed
  // here which will cause r2 to become negative.
  __ sub(r2, sp, r2);
  // Check if the arguments will overflow the stack.
  __ cmp(r2, Operand(r0, LSL, kPointerSizeLog2 - kSmiTagSize));
  __ b(gt, &okay);  // Signed comparison.

  // Out of stack space.
  __ ldr(r1, MemOperand(fp, kFunctionOffset));
  __ push(r1);
  __ push(r0);
  __ InvokeBuiltin(Builtins::APPLY_OVERFLOW, CALL_FUNCTION);
  // End of stack check.

  // Push current limit and index.
  __ bind(&okay);
  __ push(r0);  // limit
  __ mov(r1, Operand(0, RelocInfo::NONE));  // initial index
  __ push(r1);

  // Change context eagerly to get the right global object if necessary.
  __ ldr(r0, MemOperand(fp, kFunctionOffset));
  __ ldr(cp, FieldMemOperand(r0, JSFunction::kContextOffset));
  // Load the shared function info while the function is still in r0.
  __ ldr(r1, FieldMemOperand(r0, JSFunction::kSharedFunctionInfoOffset));

  // Compute the receiver.
  Label call_to_object, use_global_receiver, push_receiver;
  __ ldr(r0, MemOperand(fp, kRecvOffset));

  // Do not transform the receiver for strict mode functions.
  __ ldr(r2, FieldMemOperand(r1, SharedFunctionInfo::kCompilerHintsOffset));
  __ tst(r2, Operand(1 << (SharedFunctionInfo::kStrictModeFunction +
                           kSmiTagSize)));
  __ b(ne, &push_receiver);

  // Do not transform the receiver for strict mode functions.
  __ tst(r2, Operand(1 << (SharedFunctionInfo::kNative + kSmiTagSize)));
  __ b(ne, &push_receiver);

  // Compute the receiver in non-strict mode.
1442
  __ JumpIfSmi(r0, &call_to_object);
1443 1444 1445 1446 1447 1448 1449 1450 1451
  __ LoadRoot(r1, Heap::kNullValueRootIndex);
  __ cmp(r0, r1);
  __ b(eq, &use_global_receiver);
  __ LoadRoot(r1, Heap::kUndefinedValueRootIndex);
  __ cmp(r0, r1);
  __ b(eq, &use_global_receiver);

  // Check if the receiver is already a JavaScript object.
  // r0: receiver
1452 1453
  STATIC_ASSERT(LAST_SPEC_OBJECT_TYPE == LAST_TYPE);
  __ CompareObjectType(r0, r1, r1, FIRST_SPEC_OBJECT_TYPE);
1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475
  __ b(ge, &push_receiver);

  // Convert the receiver to a regular object.
  // r0: receiver
  __ bind(&call_to_object);
  __ push(r0);
  __ InvokeBuiltin(Builtins::TO_OBJECT, CALL_FUNCTION);
  __ b(&push_receiver);

  // Use the current global receiver object as the receiver.
  __ bind(&use_global_receiver);
  const int kGlobalOffset =
      Context::kHeaderSize + Context::GLOBAL_INDEX * kPointerSize;
  __ ldr(r0, FieldMemOperand(cp, kGlobalOffset));
  __ ldr(r0, FieldMemOperand(r0, GlobalObject::kGlobalContextOffset));
  __ ldr(r0, FieldMemOperand(r0, kGlobalOffset));
  __ ldr(r0, FieldMemOperand(r0, GlobalObject::kGlobalReceiverOffset));

  // Push the receiver.
  // r0: receiver
  __ bind(&push_receiver);
  __ push(r0);
1476

1477 1478 1479 1480
  // Copy all arguments from the array to the stack.
  Label entry, loop;
  __ ldr(r0, MemOperand(fp, kIndexOffset));
  __ b(&entry);
1481

1482 1483 1484 1485 1486 1487 1488
  // Load the current argument from the arguments array and push it to the
  // stack.
  // r0: current argument index
  __ bind(&loop);
  __ ldr(r1, MemOperand(fp, kArgsOffset));
  __ push(r1);
  __ push(r0);
1489

1490 1491 1492
  // Call the runtime to access the property in the arguments array.
  __ CallRuntime(Runtime::kGetProperty, 2);
  __ push(r0);
1493

1494 1495 1496 1497
  // Use inline caching to access the arguments.
  __ ldr(r0, MemOperand(fp, kIndexOffset));
  __ add(r0, r0, Operand(1 << kSmiTagSize));
  __ str(r0, MemOperand(fp, kIndexOffset));
1498

1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514
  // Test if the copy loop has finished copying all the elements from the
  // arguments object.
  __ bind(&entry);
  __ ldr(r1, MemOperand(fp, kLimitOffset));
  __ cmp(r0, r1);
  __ b(ne, &loop);

  // Invoke the function.
  ParameterCount actual(r0);
  __ mov(r0, Operand(r0, ASR, kSmiTagSize));
  __ ldr(r1, MemOperand(fp, kFunctionOffset));
  __ InvokeFunction(r1, actual, CALL_FUNCTION,
                    NullCallWrapper(), CALL_AS_METHOD);

  // Tear down the internal frame and remove function, receiver and args.
  __ LeaveInternalFrame();
1515
  __ add(sp, sp, Operand(3 * kPointerSize));
1516
  __ Jump(lr);
1517 1518 1519 1520 1521
}


static void EnterArgumentsAdaptorFrame(MacroAssembler* masm) {
  __ mov(r0, Operand(r0, LSL, kSmiTagSize));
1522
  __ mov(r4, Operand(Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR)));
1523 1524 1525 1526 1527
  __ stm(db_w, sp, r0.bit() | r1.bit() | r4.bit() | fp.bit() | lr.bit());
  __ add(fp, sp, Operand(3 * kPointerSize));
}


1528
static void LeaveArgumentsAdaptorFrame(MacroAssembler* masm) {
1529 1530 1531 1532 1533 1534 1535 1536 1537 1538
  // ----------- S t a t e -------------
  //  -- r0 : result being passed through
  // -----------------------------------
  // Get the number of arguments passed (as a smi), tear down the frame and
  // then tear down the parameters.
  __ ldr(r1, MemOperand(fp, -3 * kPointerSize));
  __ mov(sp, fp);
  __ ldm(ia_w, sp, fp.bit() | lr.bit());
  __ add(sp, sp, Operand(r1, LSL, kPointerSizeLog2 - kSmiTagSize));
  __ add(sp, sp, Operand(kPointerSize));  // adjust for receiver
1539 1540 1541 1542
}


void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
1543 1544 1545 1546 1547
  // ----------- S t a t e -------------
  //  -- r0 : actual number of arguments
  //  -- r1 : function (passed through to callee)
  //  -- r2 : expected number of arguments
  //  -- r3 : code entry to call
1548
  //  -- r5 : call kind information
1549 1550
  // -----------------------------------

1551
  Label invoke, dont_adapt_arguments;
1552 1553

  Label enough, too_few;
1554
  __ cmp(r0, r2);
1555
  __ b(lt, &too_few);
1556 1557
  __ cmp(r2, Operand(SharedFunctionInfo::kDontAdaptArgumentsSentinel));
  __ b(eq, &dont_adapt_arguments);
1558

1559
  {  // Enough parameters: actual >= expected
1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618
    __ bind(&enough);
    EnterArgumentsAdaptorFrame(masm);

    // Calculate copy start address into r0 and copy end address into r2.
    // r0: actual number of arguments as a smi
    // r1: function
    // r2: expected number of arguments
    // r3: code entry to call
    __ add(r0, fp, Operand(r0, LSL, kPointerSizeLog2 - kSmiTagSize));
    // adjust for return address and receiver
    __ add(r0, r0, Operand(2 * kPointerSize));
    __ sub(r2, r0, Operand(r2, LSL, kPointerSizeLog2));

    // Copy the arguments (including the receiver) to the new stack frame.
    // r0: copy start address
    // r1: function
    // r2: copy end address
    // r3: code entry to call

    Label copy;
    __ bind(&copy);
    __ ldr(ip, MemOperand(r0, 0));
    __ push(ip);
    __ cmp(r0, r2);  // Compare before moving to next argument.
    __ sub(r0, r0, Operand(kPointerSize));
    __ b(ne, &copy);

    __ b(&invoke);
  }

  {  // Too few parameters: Actual < expected
    __ bind(&too_few);
    EnterArgumentsAdaptorFrame(masm);

    // Calculate copy start address into r0 and copy end address is fp.
    // r0: actual number of arguments as a smi
    // r1: function
    // r2: expected number of arguments
    // r3: code entry to call
    __ add(r0, fp, Operand(r0, LSL, kPointerSizeLog2 - kSmiTagSize));

    // Copy the arguments (including the receiver) to the new stack frame.
    // r0: copy start address
    // r1: function
    // r2: expected number of arguments
    // r3: code entry to call
    Label copy;
    __ bind(&copy);
    // Adjust load for return address and receiver.
    __ ldr(ip, MemOperand(r0, 2 * kPointerSize));
    __ push(ip);
    __ cmp(r0, fp);  // Compare before moving to next argument.
    __ sub(r0, r0, Operand(kPointerSize));
    __ b(ne, &copy);

    // Fill the remaining expected arguments with undefined.
    // r1: function
    // r2: expected number of arguments
    // r3: code entry to call
1619
    __ LoadRoot(ip, Heap::kUndefinedValueRootIndex);
1620 1621 1622 1623 1624 1625 1626 1627 1628
    __ sub(r2, fp, Operand(r2, LSL, kPointerSizeLog2));
    __ sub(r2, r2, Operand(4 * kPointerSize));  // Adjust for frame.

    Label fill;
    __ bind(&fill);
    __ push(ip);
    __ cmp(sp, r2);
    __ b(ne, &fill);
  }
1629

1630 1631 1632
  // Call the entry point.
  __ bind(&invoke);
  __ Call(r3);
1633

1634 1635
  // Exit frame and return.
  LeaveArgumentsAdaptorFrame(masm);
1636
  __ Jump(lr);
1637 1638 1639


  // -------------------------------------------
1640
  // Dont adapt arguments.
1641
  // -------------------------------------------
1642
  __ bind(&dont_adapt_arguments);
1643
  __ Jump(r3);
1644 1645 1646 1647 1648 1649
}


#undef __

} }  // namespace v8::internal
1650 1651

#endif  // V8_TARGET_ARCH_ARM