code-stubs-x64.cc 185 KB
Newer Older
1
// Copyright 2013 the V8 project authors. All rights reserved.
2 3
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
4

5
#if V8_TARGET_ARCH_X64
6

7
#include "src/code-stubs.h"
8 9
#include "src/api-arguments.h"
#include "src/bootstrapper.h"
10
#include "src/codegen.h"
11
#include "src/ic/handler-compiler.h"
12
#include "src/ic/ic.h"
13
#include "src/ic/stub-cache.h"
14
#include "src/isolate.h"
15 16
#include "src/regexp/jsregexp.h"
#include "src/regexp/regexp-macro-assembler.h"
17
#include "src/runtime/runtime.h"
18
#include "src/x64/code-stubs-x64.h"
19 20 21 22

namespace v8 {
namespace internal {

23
#define __ ACCESS_MASM(masm)
24

25 26 27 28 29 30 31 32
void ArrayNArgumentsConstructorStub::Generate(MacroAssembler* masm) {
  __ popq(rcx);
  __ movq(MemOperand(rsp, rax, times_8, 0), rdi);
  __ pushq(rdi);
  __ pushq(rbx);
  __ pushq(rcx);
  __ addq(rax, Immediate(3));
  __ TailCallRuntime(Runtime::kNewArray);
33 34
}

35 36 37 38
void FastArrayPushStub::InitializeDescriptor(CodeStubDescriptor* descriptor) {
  Address deopt_handler = Runtime::FunctionForId(Runtime::kArrayPush)->entry;
  descriptor->Initialize(rax, deopt_handler, -1, JS_FUNCTION_STUB_MODE);
}
39

40 41 42 43 44 45
void FastFunctionBindStub::InitializeDescriptor(
    CodeStubDescriptor* descriptor) {
  Address deopt_handler = Runtime::FunctionForId(Runtime::kFunctionBind)->entry;
  descriptor->Initialize(rax, deopt_handler, -1, JS_FUNCTION_STUB_MODE);
}

46 47
void HydrogenCodeStub::GenerateLightweightMiss(MacroAssembler* masm,
                                               ExternalReference miss) {
48
  // Update the static counter each time a new code stub is generated.
49
  isolate()->counters()->code_stubs()->Increment();
50

51
  CallInterfaceDescriptor descriptor = GetCallInterfaceDescriptor();
52
  int param_count = descriptor.GetRegisterParameterCount();
53 54 55
  {
    // Call the runtime system in a fresh internal frame.
    FrameScope scope(masm, StackFrame::INTERNAL);
56
    DCHECK(param_count == 0 ||
57
           rax.is(descriptor.GetRegisterParameter(param_count - 1)));
58 59
    // Push arguments
    for (int i = 0; i < param_count; ++i) {
60
      __ Push(descriptor.GetRegisterParameter(i));
61
    }
62
    __ CallExternalReference(miss, param_count);
63 64 65 66 67 68
  }

  __ Ret();
}


69
void StoreBufferOverflowStub::Generate(MacroAssembler* masm) {
70
  __ PushCallerSaved(save_doubles() ? kSaveFPRegs : kDontSaveFPRegs);
71 72
  const int argument_count = 1;
  __ PrepareCallCFunction(argument_count);
73
  __ LoadAddress(arg_reg_1,
74
                 ExternalReference::isolate_address(isolate()));
75 76 77

  AllowExternalCallThatCantCauseGC scope(masm);
  __ CallCFunction(
78
      ExternalReference::store_buffer_overflow_function(isolate()),
79
      argument_count);
80
  __ PopCallerSaved(save_doubles() ? kSaveFPRegs : kDontSaveFPRegs);
81 82 83 84
  __ ret(0);
}


85 86
class FloatingPointHelper : public AllStatic {
 public:
87 88 89 90
  enum ConvertUndefined {
    CONVERT_UNDEFINED_TO_ZERO,
    BAILOUT_ON_UNDEFINED
  };
91 92 93 94 95 96 97 98 99
  // Load the operands from rdx and rax into xmm0 and xmm1, as doubles.
  // If the operands are not both numbers, jump to not_numbers.
  // Leaves rdx and rax unchanged.  SmiOperands assumes both are smis.
  // NumberOperands assumes both are smis or heap numbers.
  static void LoadSSE2UnknownOperands(MacroAssembler* masm,
                                      Label* not_numbers);
};


100 101 102
void DoubleToIStub::Generate(MacroAssembler* masm) {
    Register input_reg = this->source();
    Register final_result_reg = this->destination();
103
    DCHECK(is_truncating());
104

105
    Label check_negative, process_64_bits, done;
106

107 108 109
    int double_offset = offset();

    // Account for return address and saved regs if input is rsp.
110
    if (input_reg.is(rsp)) double_offset += 3 * kRegisterSize;
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129

    MemOperand mantissa_operand(MemOperand(input_reg, double_offset));
    MemOperand exponent_operand(MemOperand(input_reg,
                                           double_offset + kDoubleSize / 2));

    Register scratch1;
    Register scratch_candidates[3] = { rbx, rdx, rdi };
    for (int i = 0; i < 3; i++) {
      scratch1 = scratch_candidates[i];
      if (!final_result_reg.is(scratch1) && !input_reg.is(scratch1)) break;
    }

    // Since we must use rcx for shifts below, use some other register (rax)
    // to calculate the result if ecx is the requested return register.
    Register result_reg = final_result_reg.is(rcx) ? rax : final_result_reg;
    // Save ecx if it isn't the return register and therefore volatile, or if it
    // is the return register, then save the temp register we use in its stead
    // for the result.
    Register save_reg = final_result_reg.is(rcx) ? rax : rcx;
130 131
    __ pushq(scratch1);
    __ pushq(save_reg);
132 133 134

    bool stash_exponent_copy = !input_reg.is(rsp);
    __ movl(scratch1, mantissa_operand);
135
    __ Movsd(kScratchDoubleReg, mantissa_operand);
136
    __ movl(rcx, exponent_operand);
137
    if (stash_exponent_copy) __ pushq(rcx);
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154

    __ andl(rcx, Immediate(HeapNumber::kExponentMask));
    __ shrl(rcx, Immediate(HeapNumber::kExponentShift));
    __ leal(result_reg, MemOperand(rcx, -HeapNumber::kExponentBias));
    __ cmpl(result_reg, Immediate(HeapNumber::kMantissaBits));
    __ j(below, &process_64_bits);

    // Result is entirely in lower 32-bits of mantissa
    int delta = HeapNumber::kExponentBias + Double::kPhysicalSignificandSize;
    __ subl(rcx, Immediate(delta));
    __ xorl(result_reg, result_reg);
    __ cmpl(rcx, Immediate(31));
    __ j(above, &done);
    __ shll_cl(scratch1);
    __ jmp(&check_negative);

    __ bind(&process_64_bits);
155
    __ Cvttsd2siq(result_reg, kScratchDoubleReg);
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171
    __ jmp(&done, Label::kNear);

    // If the double was negative, negate the integer result.
    __ bind(&check_negative);
    __ movl(result_reg, scratch1);
    __ negl(result_reg);
    if (stash_exponent_copy) {
        __ cmpl(MemOperand(rsp, 0), Immediate(0));
    } else {
        __ cmpl(exponent_operand, Immediate(0));
    }
    __ cmovl(greater, result_reg, scratch1);

    // Restore registers
    __ bind(&done);
    if (stash_exponent_copy) {
172
        __ addp(rsp, Immediate(kDoubleSize));
173 174
    }
    if (!final_result_reg.is(result_reg)) {
175
        DCHECK(final_result_reg.is(rcx));
176 177
        __ movl(final_result_reg, result_reg);
    }
178 179
    __ popq(save_reg);
    __ popq(scratch1);
180
    __ ret(0);
181 182 183
}


184 185 186 187 188 189
void FloatingPointHelper::LoadSSE2UnknownOperands(MacroAssembler* masm,
                                                  Label* not_numbers) {
  Label load_smi_rdx, load_nonsmi_rax, load_smi_rax, load_float_rax, done;
  // Load operand in rdx into xmm0, or branch to not_numbers.
  __ LoadRoot(rcx, Heap::kHeapNumberMapRootIndex);
  __ JumpIfSmi(rdx, &load_smi_rdx);
190
  __ cmpp(FieldOperand(rdx, HeapObject::kMapOffset), rcx);
191
  __ j(not_equal, not_numbers);  // Argument in rdx is not a number.
192
  __ Movsd(xmm0, FieldOperand(rdx, HeapNumber::kValueOffset));
193 194 195 196
  // Load operand in rax into xmm1, or branch to not_numbers.
  __ JumpIfSmi(rax, &load_smi_rax);

  __ bind(&load_nonsmi_rax);
197
  __ cmpp(FieldOperand(rax, HeapObject::kMapOffset), rcx);
198
  __ j(not_equal, not_numbers);
199
  __ Movsd(xmm1, FieldOperand(rax, HeapNumber::kValueOffset));
200 201 202 203
  __ jmp(&done);

  __ bind(&load_smi_rdx);
  __ SmiToInteger32(kScratchRegister, rdx);
204
  __ Cvtlsi2sd(xmm0, kScratchRegister);
205 206 207 208
  __ JumpIfNotSmi(rax, &load_nonsmi_rax);

  __ bind(&load_smi_rax);
  __ SmiToInteger32(kScratchRegister, rax);
209
  __ Cvtlsi2sd(xmm1, kScratchRegister);
210 211 212 213
  __ bind(&done);
}


214
void MathPowStub::Generate(MacroAssembler* masm) {
215 216
  const Register exponent = MathPowTaggedDescriptor::exponent();
  DCHECK(exponent.is(rdx));
217 218 219 220 221 222
  const Register scratch = rcx;
  const XMMRegister double_result = xmm3;
  const XMMRegister double_base = xmm2;
  const XMMRegister double_exponent = xmm1;
  const XMMRegister double_scratch = xmm4;

223
  Label call_runtime, done, exponent_not_smi, int_exponent;
224 225

  // Save 1 in double_result - we need this several times later on.
226
  __ movp(scratch, Immediate(1));
227
  __ Cvtlsi2sd(double_result, scratch);
228

229
  if (exponent_type() == TAGGED) {
230 231 232 233 234
    __ JumpIfNotSmi(exponent, &exponent_not_smi, Label::kNear);
    __ SmiToInteger32(exponent, exponent);
    __ jmp(&int_exponent);

    __ bind(&exponent_not_smi);
235
    __ Movsd(double_exponent, FieldOperand(exponent, HeapNumber::kValueOffset));
236
  }
237

238
  if (exponent_type() != INTEGER) {
239
    Label fast_power, try_arithmetic_simplification;
240
    // Detect integer exponents stored as double.
241
    __ DoubleToI(exponent, double_exponent, double_scratch,
242 243 244
                 TREAT_MINUS_ZERO_AS_ZERO, &try_arithmetic_simplification,
                 &try_arithmetic_simplification,
                 &try_arithmetic_simplification);
245 246 247
    __ jmp(&int_exponent);

    __ bind(&try_arithmetic_simplification);
248
    __ Cvttsd2si(exponent, double_exponent);
249
    // Skip to runtime if possibly NaN (indicated by the indefinite integer).
250 251
    __ cmpl(exponent, Immediate(0x1));
    __ j(overflow, &call_runtime);
252 253 254 255 256 257

    // Using FPU instructions to calculate power.
    Label fast_power_failed;
    __ bind(&fast_power);
    __ fnclex();  // Clear flags to catch exceptions later.
    // Transfer (B)ase and (E)xponent onto the FPU register stack.
258
    __ subp(rsp, Immediate(kDoubleSize));
259
    __ Movsd(Operand(rsp, 0), double_exponent);
260
    __ fld_d(Operand(rsp, 0));  // E
261
    __ Movsd(Operand(rsp, 0), double_base);
262 263 264 265 266 267 268 269 270 271 272 273 274
    __ fld_d(Operand(rsp, 0));  // B, E

    // Exponent is in st(1) and base is in st(0)
    // B ^ E = (2^(E * log2(B)) - 1) + 1 = (2^X - 1) + 1 for X = E * log2(B)
    // FYL2X calculates st(1) * log2(st(0))
    __ fyl2x();    // X
    __ fld(0);     // X, X
    __ frndint();  // rnd(X), X
    __ fsub(1);    // rnd(X), X-rnd(X)
    __ fxch(1);    // X - rnd(X), rnd(X)
    // F2XM1 calculates 2^st(0) - 1 for -1 < st(0) < 1
    __ f2xm1();    // 2^(X-rnd(X)) - 1, rnd(X)
    __ fld1();     // 1, 2^(X-rnd(X)) - 1, rnd(X)
275
    __ faddp(1);   // 2^(X-rnd(X)), rnd(X)
276 277 278 279 280 281 282 283
    // FSCALE calculates st(0) * 2^st(1)
    __ fscale();   // 2^X, rnd(X)
    __ fstp(1);
    // Bail out to runtime in case of exceptions in the status word.
    __ fnstsw_ax();
    __ testb(rax, Immediate(0x5F));  // Check for all but precision exception.
    __ j(not_zero, &fast_power_failed, Label::kNear);
    __ fstp_d(Operand(rsp, 0));
284
    __ Movsd(double_result, Operand(rsp, 0));
285
    __ addp(rsp, Immediate(kDoubleSize));
286
    __ jmp(&done);
287

288 289
    __ bind(&fast_power_failed);
    __ fninit();
290
    __ addp(rsp, Immediate(kDoubleSize));
291
    __ jmp(&call_runtime);
292
  }
293

294 295 296 297
  // Calculate power with integer exponent.
  __ bind(&int_exponent);
  const XMMRegister double_scratch2 = double_exponent;
  // Back up exponent as we need to check if exponent is negative later.
298
  __ movp(scratch, exponent);  // Back up exponent.
299 300
  __ Movsd(double_scratch, double_base);     // Back up base.
  __ Movsd(double_scratch2, double_result);  // Load double_exponent with 1.
301 302

  // Get absolute value of exponent.
303
  Label no_neg, while_true, while_false;
304 305 306 307
  __ testl(scratch, scratch);
  __ j(positive, &no_neg, Label::kNear);
  __ negl(scratch);
  __ bind(&no_neg);
308

309
  __ j(zero, &while_false, Label::kNear);
310
  __ shrl(scratch, Immediate(1));
311 312 313
  // Above condition means CF==0 && ZF==0.  This means that the
  // bit that has been shifted out is 0 and the result is not 0.
  __ j(above, &while_true, Label::kNear);
314
  __ Movsd(double_result, double_scratch);
315
  __ j(zero, &while_false, Label::kNear);
316

317 318
  __ bind(&while_true);
  __ shrl(scratch, Immediate(1));
319
  __ Mulsd(double_scratch, double_scratch);
320
  __ j(above, &while_true, Label::kNear);
321
  __ Mulsd(double_result, double_scratch);
322 323
  __ j(not_zero, &while_true);

324
  __ bind(&while_false);
325
  // If the exponent is negative, return 1/result.
326 327
  __ testl(exponent, exponent);
  __ j(greater, &done);
328
  __ Divsd(double_scratch2, double_result);
329
  __ Movsd(double_result, double_scratch2);
330 331
  // Test whether result is zero.  Bail out to check for subnormal result.
  // Due to subnormals, x^-y == (1/x)^y does not hold in all cases.
332
  __ Xorpd(double_scratch2, double_scratch2);
333
  __ Ucomisd(double_scratch2, double_result);
334 335 336 337
  // double_exponent aliased as double_scratch2 has already been overwritten
  // and may not have contained the exponent value in the first place when the
  // input was a smi.  We reset it with exponent value before bailing out.
  __ j(not_equal, &done);
338
  __ Cvtlsi2sd(double_exponent, exponent);
339 340

  // Returning or bailing out.
341 342 343 344 345 346 347 348 349
  __ bind(&call_runtime);
  // Move base to the correct argument register.  Exponent is already in xmm1.
  __ Movsd(xmm0, double_base);
  DCHECK(double_exponent.is(xmm1));
  {
    AllowExternalCallThatCantCauseGC scope(masm);
    __ PrepareCallCFunction(2);
    __ CallCFunction(ExternalReference::power_double_double_function(isolate()),
                     2);
350
  }
351 352 353 354 355
  // Return value is in xmm0.
  __ Movsd(double_result, xmm0);

  __ bind(&done);
  __ ret(0);
356 357 358
}


359 360
void FunctionPrototypeStub::Generate(MacroAssembler* masm) {
  Label miss;
361
  Register receiver = LoadDescriptor::ReceiverRegister();
362 363
  // Ensure that the vector and slot registers won't be clobbered before
  // calling the miss handler.
364 365
  DCHECK(!AreAliased(r8, r9, LoadWithVectorDescriptor::VectorRegister(),
                     LoadDescriptor::SlotRegister()));
366

367 368
  NamedLoadHandlerCompiler::GenerateLoadFunctionPrototype(masm, receiver, r8,
                                                          r9, &miss);
369
  __ bind(&miss);
370 371
  PropertyAccessCompiler::TailCallBuiltin(
      masm, PropertyAccessCompiler::MissBuiltin(Code::LOAD_IC));
372 373 374
}


375 376 377 378 379 380
void LoadIndexedStringStub::Generate(MacroAssembler* masm) {
  // Return address is on the stack.
  Label miss;

  Register receiver = LoadDescriptor::ReceiverRegister();
  Register index = LoadDescriptor::NameRegister();
381
  Register scratch = rdi;
382 383
  Register result = rax;
  DCHECK(!scratch.is(receiver) && !scratch.is(index));
384 385
  DCHECK(!scratch.is(LoadWithVectorDescriptor::VectorRegister()) &&
         result.is(LoadDescriptor::SlotRegister()));
386

387 388 389
  // StringCharAtGenerator doesn't use the result register until it's passed
  // the different miss possibilities. If it did, we would have a conflict
  // when FLAG_vector_ics is true.
390 391 392 393 394 395 396 397 398
  StringCharAtGenerator char_at_generator(receiver, index, scratch, result,
                                          &miss,  // When not a string.
                                          &miss,  // When not a number.
                                          &miss,  // When index out of range.
                                          RECEIVER_IS_STRING);
  char_at_generator.GenerateFast(masm);
  __ ret(0);

  StubRuntimeCallHelper call_helper;
399
  char_at_generator.GenerateSlow(masm, PART_OF_IC_HANDLER, call_helper);
400 401 402 403 404 405 406

  __ bind(&miss);
  PropertyAccessCompiler::TailCallBuiltin(
      masm, PropertyAccessCompiler::MissBuiltin(Code::KEYED_LOAD_IC));
}


407 408 409 410 411
void RegExpExecStub::Generate(MacroAssembler* masm) {
  // Just jump directly to runtime if native RegExp is not selected at compile
  // time or if regexp entry in generated code is turned off runtime switch or
  // at compilation.
#ifdef V8_INTERPRETED_REGEXP
412
  __ TailCallRuntime(Runtime::kRegExpExec);
413 414 415
#else  // V8_INTERPRETED_REGEXP

  // Stack frame on entry.
416 417 418 419 420
  //  rsp[0]  : return address
  //  rsp[8]  : last_match_info (expected JSArray)
  //  rsp[16] : previous index
  //  rsp[24] : subject string
  //  rsp[32] : JSRegExp object
421

422 423 424 425 426 427 428
  enum RegExpExecStubArgumentIndices {
    JS_REG_EXP_OBJECT_ARGUMENT_INDEX,
    SUBJECT_STRING_ARGUMENT_INDEX,
    PREVIOUS_INDEX_ARGUMENT_INDEX,
    LAST_MATCH_INFO_ARGUMENT_INDEX,
    REG_EXP_EXEC_ARGUMENT_COUNT
  };
429

430 431
  StackArgumentsAccessor args(rsp, REG_EXP_EXEC_ARGUMENT_COUNT,
                              ARGUMENTS_DONT_CONTAIN_RECEIVER);
432 433 434
  Label runtime;
  // Ensure that a RegExp stack is allocated.
  ExternalReference address_of_regexp_stack_memory_address =
435
      ExternalReference::address_of_regexp_stack_memory_address(isolate());
436
  ExternalReference address_of_regexp_stack_memory_size =
437
      ExternalReference::address_of_regexp_stack_memory_size(isolate());
438
  __ Load(kScratchRegister, address_of_regexp_stack_memory_size);
439
  __ testp(kScratchRegister, kScratchRegister);
440 441 442
  __ j(zero, &runtime);

  // Check that the first argument is a JSRegExp object.
443
  __ movp(rax, args.GetArgumentOperand(JS_REG_EXP_OBJECT_ARGUMENT_INDEX));
444 445 446
  __ JumpIfSmi(rax, &runtime);
  __ CmpObjectType(rax, JS_REGEXP_TYPE, kScratchRegister);
  __ j(not_equal, &runtime);
447

448
  // Check that the RegExp has been compiled (data contains a fixed array).
449
  __ movp(rax, FieldOperand(rax, JSRegExp::kDataOffset));
450
  if (FLAG_debug_code) {
451
    Condition is_smi = masm->CheckSmi(rax);
452
    __ Check(NegateCondition(is_smi),
453
        kUnexpectedTypeForRegExpDataFixedArrayExpected);
454
    __ CmpObjectType(rax, FIXED_ARRAY_TYPE, kScratchRegister);
455
    __ Check(equal, kUnexpectedTypeForRegExpDataFixedArrayExpected);
456 457
  }

458
  // rax: RegExp data (FixedArray)
459
  // Check the type of the RegExp. Only continue if type is JSRegExp::IRREGEXP.
460
  __ SmiToInteger32(rbx, FieldOperand(rax, JSRegExp::kDataTagOffset));
461 462 463
  __ cmpl(rbx, Immediate(JSRegExp::IRREGEXP));
  __ j(not_equal, &runtime);

464
  // rax: RegExp data (FixedArray)
465 466
  // Check that the number of captures fit in the static offsets vector buffer.
  __ SmiToInteger32(rdx,
467
                    FieldOperand(rax, JSRegExp::kIrregexpCaptureCountOffset));
468 469 470 471
  // Check (number_of_captures + 1) * 2 <= offsets vector size
  // Or              number_of_captures <= offsets vector size / 2 - 1
  STATIC_ASSERT(Isolate::kJSRegexpStaticOffsetsVectorSize >= 2);
  __ cmpl(rdx, Immediate(Isolate::kJSRegexpStaticOffsetsVectorSize / 2 - 1));
472 473
  __ j(above, &runtime);

474 475
  // Reset offset for possibly sliced string.
  __ Set(r14, 0);
476
  __ movp(rdi, args.GetArgumentOperand(SUBJECT_STRING_ARGUMENT_INDEX));
477
  __ JumpIfSmi(rdi, &runtime);
478
  __ movp(r15, rdi);  // Make a copy of the original subject string.
479 480 481 482 483
  // rax: RegExp data (FixedArray)
  // rdi: subject string
  // r15: subject string
  // Handle subject string according to its encoding and representation:
  // (1) Sequential two byte?  If yes, go to (9).
484 485 486 487 488
  // (2) Sequential one byte?  If yes, go to (5).
  // (3) Sequential or cons?  If not, go to (6).
  // (4) Cons string.  If the string is flat, replace subject with first string
  //     and go to (1). Otherwise bail out to runtime.
  // (5) One byte sequential.  Load regexp code for one byte.
489 490 491 492
  // (E) Carry on.
  /// [...]

  // Deferred code at the end of the stub:
493 494 495 496
  // (6) Long external string?  If not, go to (10).
  // (7) External string.  Make it, offset-wise, look like a sequential string.
  // (8) Is the external string one byte?  If yes, go to (5).
  // (9) Two byte sequential.  Load regexp code for two byte. Go to (E).
497
  // (10) Short external string or not a string?  If yes, bail out to runtime.
498 499 500 501 502
  // (11) Sliced string.  Replace subject with parent. Go to (1).

  Label seq_one_byte_string /* 5 */, seq_two_byte_string /* 9 */,
      external_string /* 7 */, check_underlying /* 1 */,
      not_seq_nor_cons /* 6 */, check_code /* E */, not_long_external /* 10 */;
503

504 505 506
  __ bind(&check_underlying);
  __ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
  __ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
507 508

  // (1) Sequential two byte?  If yes, go to (9).
509 510 511 512
  __ andb(rbx, Immediate(kIsNotStringMask |
                         kStringRepresentationMask |
                         kStringEncodingMask |
                         kShortExternalStringMask));
513
  STATIC_ASSERT((kStringTag | kSeqStringTag | kTwoByteStringTag) == 0);
514 515
  __ j(zero, &seq_two_byte_string);  // Go to (9).

516
  // (2) Sequential one byte?  If yes, go to (5).
517
  // Any other sequential string must be one byte.
518 519 520
  __ andb(rbx, Immediate(kIsNotStringMask |
                         kStringRepresentationMask |
                         kShortExternalStringMask));
521
  __ j(zero, &seq_one_byte_string, Label::kNear);  // Go to (5).
522

523
  // (3) Sequential or cons?  If not, go to (6).
524 525
  // We check whether the subject string is a cons, since sequential strings
  // have already been covered.
526 527
  STATIC_ASSERT(kConsStringTag < kExternalStringTag);
  STATIC_ASSERT(kSlicedStringTag > kExternalStringTag);
528
  STATIC_ASSERT(kIsNotStringMask > kExternalStringTag);
529
  STATIC_ASSERT(kShortExternalStringTag > kExternalStringTag);
530
  __ cmpp(rbx, Immediate(kExternalStringTag));
531
  __ j(greater_equal, &not_seq_nor_cons);  // Go to (6).
532

533 534
  // (4) Cons string.  Check that it's flat.
  // Replace subject with first string and reload instance type.
535
  __ CompareRoot(FieldOperand(rdi, ConsString::kSecondOffset),
536
                 Heap::kempty_stringRootIndex);
537
  __ j(not_equal, &runtime);
538
  __ movp(rdi, FieldOperand(rdi, ConsString::kFirstOffset));
539
  __ jmp(&check_underlying);
540

541
  // (5) One byte sequential.  Load regexp code for one byte.
542
  __ bind(&seq_one_byte_string);
543
  // rax: RegExp data (FixedArray)
544
  __ movp(r11, FieldOperand(rax, JSRegExp::kDataOneByteCodeOffset));
545
  __ Set(rcx, 1);  // Type is one byte.
546

547
  // (E) Carry on.  String handling is done.
548
  __ bind(&check_code);
549
  // r11: irregexp code
550 551
  // Check that the irregexp code has been generated for the actual string
  // encoding. If it has, the field contains a code object otherwise it contains
552 553
  // smi (code flushing support)
  __ JumpIfSmi(r11, &runtime);
554

555 556
  // rdi: sequential subject string (or look-alike, external string)
  // r15: original subject string
557
  // rcx: encoding of subject string (1 if one_byte, 0 if two_byte);
558 559 560
  // r11: code
  // Load used arguments before starting to push arguments for call to native
  // RegExp code to avoid handling changing stack height.
561 562 563
  // We have to use r15 instead of rdi to load the length because rdi might
  // have been only made to look like a sequential string when it actually
  // is an external string.
564
  __ movp(rbx, args.GetArgumentOperand(PREVIOUS_INDEX_ARGUMENT_INDEX));
565 566 567 568
  __ JumpIfNotSmi(rbx, &runtime);
  __ SmiCompare(rbx, FieldOperand(r15, String::kLengthOffset));
  __ j(above_equal, &runtime);
  __ SmiToInteger64(rbx, rbx);
569

570
  // rdi: subject string
571
  // rbx: previous index
572
  // rcx: encoding of subject string (1 if one_byte 0 if two_byte);
573 574
  // r11: code
  // All checks done. Now push arguments for native regexp code.
575
  Counters* counters = isolate()->counters();
576
  __ IncrementCounter(counters->regexp_entry_native(), 1);
577

578
  // Isolates: note we add an additional parameter here (isolate pointer).
579
  static const int kRegExpExecuteArguments = 9;
580 581
  int argument_slots_on_stack =
      masm->ArgumentStackSlotsForCFunctionCall(kRegExpExecuteArguments);
582
  __ EnterApiExitFrame(argument_slots_on_stack);
583

584
  // Argument 9: Pass current isolate address.
585
  __ LoadAddress(kScratchRegister,
586
                 ExternalReference::isolate_address(isolate()));
587
  __ movq(Operand(rsp, (argument_slots_on_stack - 1) * kRegisterSize),
588 589
          kScratchRegister);

590
  // Argument 8: Indicate that this is a direct call from JavaScript.
591
  __ movq(Operand(rsp, (argument_slots_on_stack - 2) * kRegisterSize),
592 593
          Immediate(1));

594
  // Argument 7: Start (high end) of backtracking stack memory area.
595
  __ Move(kScratchRegister, address_of_regexp_stack_memory_address);
596
  __ movp(r9, Operand(kScratchRegister, 0));
597
  __ Move(kScratchRegister, address_of_regexp_stack_memory_size);
598
  __ addp(r9, Operand(kScratchRegister, 0));
599
  __ movq(Operand(rsp, (argument_slots_on_stack - 3) * kRegisterSize), r9);
600 601 602 603 604

  // Argument 6: Set the number of capture registers to zero to force global
  // regexps to behave as non-global.  This does not affect non-global regexps.
  // Argument 6 is passed in r9 on Linux and on the stack on Windows.
#ifdef _WIN64
605
  __ movq(Operand(rsp, (argument_slots_on_stack - 4) * kRegisterSize),
606 607 608
          Immediate(0));
#else
  __ Set(r9, 0);
609 610 611
#endif

  // Argument 5: static offsets vector buffer.
612 613
  __ LoadAddress(
      r8, ExternalReference::address_of_static_offsets_vector(isolate()));
614 615
  // Argument 5 passed in r8 on Linux and on the stack on Windows.
#ifdef _WIN64
616
  __ movq(Operand(rsp, (argument_slots_on_stack - 5) * kRegisterSize), r8);
617 618
#endif

619
  // rdi: subject string
620
  // rbx: previous index
621
  // rcx: encoding of subject string (1 if one_byte 0 if two_byte);
622
  // r11: code
623 624 625 626
  // r14: slice offset
  // r15: original subject string

  // Argument 2: Previous index.
627
  __ movp(arg_reg_2, rbx);
628 629 630

  // Argument 4: End of string data
  // Argument 3: Start of string data
631 632 633
  Label setup_two_byte, setup_rest, got_length, length_not_from_slice;
  // Prepare start and end index of the input.
  // Load the length from the original sliced string if that is the case.
634
  __ addp(rbx, r14);
635
  __ SmiToInteger32(arg_reg_3, FieldOperand(r15, String::kLengthOffset));
636
  __ addp(r14, arg_reg_3);  // Using arg3 as scratch.
637 638 639 640

  // rbx: start index of the input
  // r14: end index of the input
  // r15: original subject string
641
  __ testb(rcx, rcx);  // Last use of rcx as encoding of subject string.
642
  __ j(zero, &setup_two_byte, Label::kNear);
643
  __ leap(arg_reg_4,
644
         FieldOperand(rdi, r14, times_1, SeqOneByteString::kHeaderSize));
645
  __ leap(arg_reg_3,
646
         FieldOperand(rdi, rbx, times_1, SeqOneByteString::kHeaderSize));
647
  __ jmp(&setup_rest, Label::kNear);
648
  __ bind(&setup_two_byte);
649
  __ leap(arg_reg_4,
650
         FieldOperand(rdi, r14, times_2, SeqTwoByteString::kHeaderSize));
651
  __ leap(arg_reg_3,
652
         FieldOperand(rdi, rbx, times_2, SeqTwoByteString::kHeaderSize));
653 654
  __ bind(&setup_rest);

655 656 657 658 659
  // Argument 1: Original subject string.
  // The original subject is in the previous stack frame. Therefore we have to
  // use rbp, which points exactly to one pointer size below the previous rsp.
  // (Because creating a new stack frame pushes the previous rbp onto the stack
  // and thereby moves up rsp by one kPointerSize.)
660
  __ movp(arg_reg_1, r15);
661 662

  // Locate the code entry and call it.
663
  __ addp(r11, Immediate(Code::kHeaderSize - kHeapObjectTag));
664
  __ call(r11);
665

666
  __ LeaveApiExitFrame(true);
667 668

  // Check the result.
669
  Label success;
670
  Label exception;
671 672 673
  __ cmpl(rax, Immediate(1));
  // We expect exactly one result since we force the called regexp to behave
  // as non-global.
674
  __ j(equal, &success, Label::kNear);
675
  __ cmpl(rax, Immediate(NativeRegExpMacroAssembler::EXCEPTION));
676 677 678 679
  __ j(equal, &exception);
  __ cmpl(rax, Immediate(NativeRegExpMacroAssembler::FAILURE));
  // If none of the above, it can only be retry.
  // Handle that in the runtime system.
680
  __ j(not_equal, &runtime);
681 682 683

  // For failure return null.
  __ LoadRoot(rax, Heap::kNullValueRootIndex);
684
  __ ret(REG_EXP_EXEC_ARGUMENT_COUNT * kPointerSize);
685 686 687

  // Load RegExp data.
  __ bind(&success);
688 689
  __ movp(rax, args.GetArgumentOperand(JS_REG_EXP_OBJECT_ARGUMENT_INDEX));
  __ movp(rcx, FieldOperand(rax, JSRegExp::kDataOffset));
690 691 692 693 694 695
  __ SmiToInteger32(rax,
                    FieldOperand(rcx, JSRegExp::kIrregexpCaptureCountOffset));
  // Calculate number of capture registers (number_of_captures + 1) * 2.
  __ leal(rdx, Operand(rax, rax, times_1, 2));

  // rdx: Number of capture registers
696
  // Check that the fourth object is a JSObject.
697
  __ movp(r15, args.GetArgumentOperand(LAST_MATCH_INFO_ARGUMENT_INDEX));
698
  __ JumpIfSmi(r15, &runtime);
699
  __ CmpObjectType(r15, JS_OBJECT_TYPE, kScratchRegister);
700
  __ j(not_equal, &runtime);
701
  // Check that the object has fast elements.
702 703
  __ movp(rbx, FieldOperand(r15, JSArray::kElementsOffset));
  __ movp(rax, FieldOperand(rbx, HeapObject::kMapOffset));
704 705 706 707 708 709 710 711 712
  __ CompareRoot(rax, Heap::kFixedArrayMapRootIndex);
  __ j(not_equal, &runtime);
  // Check that the last match info has space for the capture registers and the
  // additional information. Ensure no overflow in add.
  STATIC_ASSERT(FixedArray::kMaxLength < kMaxInt - FixedArray::kLengthOffset);
  __ SmiToInteger32(rax, FieldOperand(rbx, FixedArray::kLengthOffset));
  __ subl(rax, Immediate(RegExpImpl::kLastMatchOverhead));
  __ cmpl(rdx, rax);
  __ j(greater, &runtime);
713 714 715 716 717

  // rbx: last_match_info backing store (FixedArray)
  // rdx: number of capture registers
  // Store the capture count.
  __ Integer32ToSmi(kScratchRegister, rdx);
718
  __ movp(FieldOperand(rbx, RegExpImpl::kLastCaptureCountOffset),
719 720
          kScratchRegister);
  // Store last subject and last input.
721 722 723
  __ movp(rax, args.GetArgumentOperand(SUBJECT_STRING_ARGUMENT_INDEX));
  __ movp(FieldOperand(rbx, RegExpImpl::kLastSubjectOffset), rax);
  __ movp(rcx, rax);
724 725 726 727 728
  __ RecordWriteField(rbx,
                      RegExpImpl::kLastSubjectOffset,
                      rax,
                      rdi,
                      kDontSaveFPRegs);
729 730
  __ movp(rax, rcx);
  __ movp(FieldOperand(rbx, RegExpImpl::kLastInputOffset), rax);
731 732 733 734 735
  __ RecordWriteField(rbx,
                      RegExpImpl::kLastInputOffset,
                      rax,
                      rdi,
                      kDontSaveFPRegs);
736 737

  // Get the static offsets vector filled by the native regexp code.
738 739
  __ LoadAddress(
      rcx, ExternalReference::address_of_static_offsets_vector(isolate()));
740 741 742 743

  // rbx: last_match_info backing store (FixedArray)
  // rcx: offsets vector
  // rdx: number of capture registers
744
  Label next_capture, done;
745 746 747
  // Capture register counter starts from number of capture registers and
  // counts down until wraping after zero.
  __ bind(&next_capture);
748
  __ subp(rdx, Immediate(1));
749
  __ j(negative, &done, Label::kNear);
750 751
  // Read the value from the static offsets vector buffer and make it a smi.
  __ movl(rdi, Operand(rcx, rdx, times_int_size, 0));
752
  __ Integer32ToSmi(rdi, rdi);
753
  // Store the smi value in the last match info.
754
  __ movp(FieldOperand(rbx,
755 756 757 758 759 760 761 762
                       rdx,
                       times_pointer_size,
                       RegExpImpl::kFirstCaptureOffset),
          rdi);
  __ jmp(&next_capture);
  __ bind(&done);

  // Return last match info.
763
  __ movp(rax, r15);
764
  __ ret(REG_EXP_EXEC_ARGUMENT_COUNT * kPointerSize);
765

766
  __ bind(&exception);
767 768 769 770
  // Result must now be exception. If there is no pending exception already a
  // stack overflow (on the backtrack stack) was detected in RegExp code but
  // haven't created the exception yet. Handle that in the runtime system.
  // TODO(592): Rerunning the RegExp to get the stack overflow exception.
771
  ExternalReference pending_exception_address(
772
      Isolate::kPendingExceptionAddress, isolate());
773 774
  Operand pending_exception_operand =
      masm->ExternalOperand(pending_exception_address, rbx);
775
  __ movp(rax, pending_exception_operand);
776 777 778
  __ LoadRoot(rdx, Heap::kTheHoleValueRootIndex);
  __ cmpp(rax, rdx);
  __ j(equal, &runtime);
779

780
  // For exception, throw the exception again.
781
  __ TailCallRuntime(Runtime::kRegExpExecReThrow);
782

783 784
  // Do the runtime call to execute the regexp.
  __ bind(&runtime);
785
  __ TailCallRuntime(Runtime::kRegExpExec);
786 787

  // Deferred code for string handling.
788
  // (6) Long external string?  If not, go to (10).
789 790 791 792
  __ bind(&not_seq_nor_cons);
  // Compare flags are still set from (3).
  __ j(greater, &not_long_external, Label::kNear);  // Go to (10).

793
  // (7) External string.  Short external strings have been ruled out.
794
  __ bind(&external_string);
795
  __ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
796 797 798 799 800
  __ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
  if (FLAG_debug_code) {
    // Assert that we do not have a cons or slice (indirect strings) here.
    // Sequential strings have already been ruled out.
    __ testb(rbx, Immediate(kIsIndirectStringMask));
801
    __ Assert(zero, kExternalStringExpectedButNotFound);
802
  }
803
  __ movp(rdi, FieldOperand(rdi, ExternalString::kResourceDataOffset));
804
  // Move the pointer so that offset-wise, it looks like a sequential string.
805
  STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
806
  __ subp(rdi, Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
807
  STATIC_ASSERT(kTwoByteStringTag == 0);
808
  // (8) Is the external string one byte?  If yes, go to (5).
809
  __ testb(rbx, Immediate(kStringEncodingMask));
810
  __ j(not_zero, &seq_one_byte_string);  // Go to (5).
811

812 813
  // rdi: subject string (flat two-byte)
  // rax: RegExp data (FixedArray)
814
  // (9) Two byte sequential.  Load regexp code for two byte.  Go to (E).
815
  __ bind(&seq_two_byte_string);
816
  __ movp(r11, FieldOperand(rax, JSRegExp::kDataUC16CodeOffset));
817 818 819 820 821 822 823 824 825 826
  __ Set(rcx, 0);  // Type is two byte.
  __ jmp(&check_code);  // Go to (E).

  // (10) Not a string or a short external string?  If yes, bail out to runtime.
  __ bind(&not_long_external);
  // Catch non-string subject or short external string.
  STATIC_ASSERT(kNotStringTag != 0 && kShortExternalStringTag !=0);
  __ testb(rbx, Immediate(kIsNotStringMask | kShortExternalStringMask));
  __ j(not_zero, &runtime);

827
  // (11) Sliced string.  Replace subject with parent. Go to (1).
828 829
  // Load offset into r14 and replace subject string with parent.
  __ SmiToInteger32(r14, FieldOperand(rdi, SlicedString::kOffsetOffset));
830
  __ movp(rdi, FieldOperand(rdi, SlicedString::kParentOffset));
831
  __ jmp(&check_underlying);
832 833 834 835 836
#endif  // V8_INTERPRETED_REGEXP
}


static int NegativeComparisonResult(Condition cc) {
837 838
  DCHECK(cc != equal);
  DCHECK((cc == less) || (cc == less_equal)
839 840 841 842 843
      || (cc == greater) || (cc == greater_equal));
  return (cc == greater || cc == greater_equal) ? LESS : GREATER;
}


844 845
static void CheckInputType(MacroAssembler* masm, Register input,
                           CompareICState::State expected, Label* fail) {
846
  Label ok;
847
  if (expected == CompareICState::SMI) {
848
    __ JumpIfNotSmi(input, fail);
849
  } else if (expected == CompareICState::NUMBER) {
850
    __ JumpIfSmi(input, &ok);
851
    __ CompareMap(input, masm->isolate()->factory()->heap_number_map());
852 853
    __ j(not_equal, fail);
  }
854
  // We could be strict about internalized/non-internalized here, but as long as
855 856 857 858 859
  // hydrogen doesn't care, the stub doesn't have to care either.
  __ bind(&ok);
}


860 861 862 863
static void BranchIfNotInternalizedString(MacroAssembler* masm,
                                          Label* label,
                                          Register object,
                                          Register scratch) {
864
  __ JumpIfSmi(object, label);
865
  __ movp(scratch, FieldOperand(object, HeapObject::kMapOffset));
866
  __ movzxbp(scratch,
867
             FieldOperand(scratch, Map::kInstanceTypeOffset));
868 869 870
  STATIC_ASSERT(kInternalizedTag == 0 && kStringTag == 0);
  __ testb(scratch, Immediate(kIsNotStringMask | kIsNotInternalizedMask));
  __ j(not_zero, label);
871 872
}

873

874
void CompareICStub::GenerateGeneric(MacroAssembler* masm) {
875
  Label runtime_call, check_unequal_objects, done;
876
  Condition cc = GetCondition();
877
  Factory* factory = isolate()->factory();
878

879
  Label miss;
880 881
  CheckInputType(masm, rdx, left(), &miss);
  CheckInputType(masm, rax, right(), &miss);
882 883 884 885

  // Compare two smis.
  Label non_smi, smi_done;
  __ JumpIfNotBothSmi(rax, rdx, &non_smi);
886
  __ subp(rdx, rax);
887
  __ j(no_overflow, &smi_done);
888
  __ notp(rdx);  // Correct sign in case of overflow. rdx cannot be 0 here.
889
  __ bind(&smi_done);
890
  __ movp(rax, rdx);
891 892
  __ ret(0);
  __ bind(&non_smi);
893

894 895 896 897 898 899 900
  // The compare stub returns a positive, negative, or zero 64-bit integer
  // value in rax, corresponding to result of comparing the two inputs.
  // NOTICE! This code is only reached after a smi-fast-case check, so
  // it is certain that at least one operand isn't a smi.

  // Two identical objects are equal unless they are both NaN or undefined.
  {
901
    Label not_identical;
902
    __ cmpp(rax, rdx);
903
    __ j(not_equal, &not_identical, Label::kNear);
904

905
    if (cc != equal) {
906 907 908
      // Check for undefined.  undefined OP undefined is false even though
      // undefined == undefined.
      __ CompareRoot(rdx, Heap::kUndefinedValueRootIndex);
909 910 911 912 913
      Label check_for_nan;
      __ j(not_equal, &check_for_nan, Label::kNear);
      __ Set(rax, NegativeComparisonResult(cc));
      __ ret(0);
      __ bind(&check_for_nan);
914 915
    }

916
    // Test for NaN. Sadly, we can't just compare to Factory::nan_value(),
917
    // so we do the second best thing - test it ourselves.
918 919 920 921 922 923
    Label heap_number;
    // If it's not a heap number, then return equal for (in)equality operator.
    __ Cmp(FieldOperand(rdx, HeapObject::kMapOffset),
           factory->heap_number_map());
    __ j(equal, &heap_number, Label::kNear);
    if (cc != equal) {
924 925
      __ movp(rcx, FieldOperand(rax, HeapObject::kMapOffset));
      __ movzxbl(rcx, FieldOperand(rcx, Map::kInstanceTypeOffset));
926
      // Call runtime on identical objects.  Otherwise return equal.
927
      __ cmpb(rcx, Immediate(static_cast<uint8_t>(FIRST_JS_RECEIVER_TYPE)));
928
      __ j(above_equal, &runtime_call, Label::kFar);
929
      // Call runtime on identical symbols since we need to throw a TypeError.
930 931
      __ cmpb(rcx, Immediate(static_cast<uint8_t>(SYMBOL_TYPE)));
      __ j(equal, &runtime_call, Label::kFar);
932
      // Call runtime on identical SIMD values since we must throw a TypeError.
933 934
      __ cmpb(rcx, Immediate(static_cast<uint8_t>(SIMD128_VALUE_TYPE)));
      __ j(equal, &runtime_call, Label::kFar);
935 936 937
    }
    __ Set(rax, EQUAL);
    __ ret(0);
938

939 940 941 942 943 944
    __ bind(&heap_number);
    // It is a heap number, so return  equal if it's not NaN.
    // For NaN, return 1 for every condition except greater and
    // greater-equal.  Return -1 for them, so the comparison yields
    // false for all conditions except not-equal.
    __ Set(rax, EQUAL);
945
    __ Movsd(xmm0, FieldOperand(rdx, HeapNumber::kValueOffset));
946
    __ Ucomisd(xmm0, xmm0);
947 948 949
    __ setcc(parity_even, rax);
    // rax is 0 for equal non-NaN heapnumbers, 1 for NaNs.
    if (cc == greater_equal || cc == greater) {
950
      __ negp(rax);
951
    }
952
    __ ret(0);
953 954 955 956

    __ bind(&not_identical);
  }

957
  if (cc == equal) {  // Both strict and non-strict.
958 959 960 961 962 963
    Label slow;  // Fallthrough label.

    // If we're doing a strict equality comparison, we don't have to do
    // type conversion, so we generate code to do fast comparison for objects
    // and oddballs. Non-smi numbers and strings still go through the usual
    // slow-case code.
964
    if (strict()) {
965 966 967 968 969 970 971 972
      // If either is a Smi (we know that not both are), then they can only
      // be equal if the other is a HeapNumber. If so, use the slow case.
      {
        Label not_smis;
        __ SelectNonSmi(rbx, rax, rdx, &not_smis);

        // Check if the non-smi operand is a heap number.
        __ Cmp(FieldOperand(rbx, HeapObject::kMapOffset),
973
               factory->heap_number_map());
974 975 976
        // If heap number, handle it in the slow case.
        __ j(equal, &slow);
        // Return non-equal.  ebx (the lower half of rbx) is not zero.
977
        __ movp(rax, rbx);
978 979 980 981 982 983 984 985 986 987
        __ ret(0);

        __ bind(&not_smis);
      }

      // If either operand is a JSObject or an oddball value, then they are not
      // equal since their pointers are different
      // There is no test for undetectability in strict equality.

      // If the first object is a JS object, we have done pointer comparison.
988
      STATIC_ASSERT(LAST_TYPE == LAST_JS_RECEIVER_TYPE);
989
      Label first_non_object;
990
      __ CmpObjectType(rax, FIRST_JS_RECEIVER_TYPE, rcx);
991
      __ j(below, &first_non_object, Label::kNear);
992
      // Return non-zero (rax (not rax) is not zero)
993 994 995 996 997 998 999 1000 1001 1002
      Label return_not_equal;
      STATIC_ASSERT(kHeapObjectTag != 0);
      __ bind(&return_not_equal);
      __ ret(0);

      __ bind(&first_non_object);
      // Check for oddballs: true, false, null, undefined.
      __ CmpInstanceType(rcx, ODDBALL_TYPE);
      __ j(equal, &return_not_equal);

1003
      __ CmpObjectType(rdx, FIRST_JS_RECEIVER_TYPE, rcx);
1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015
      __ j(above_equal, &return_not_equal);

      // Check for oddballs: true, false, null, undefined.
      __ CmpInstanceType(rcx, ODDBALL_TYPE);
      __ j(equal, &return_not_equal);

      // Fall through to the general case.
    }
    __ bind(&slow);
  }

  // Generate the number comparison code.
1016 1017 1018 1019 1020
  Label non_number_comparison;
  Label unordered;
  FloatingPointHelper::LoadSSE2UnknownOperands(masm, &non_number_comparison);
  __ xorl(rax, rax);
  __ xorl(rcx, rcx);
1021
  __ Ucomisd(xmm0, xmm1);
1022

1023 1024 1025 1026 1027
  // Don't base result on EFLAGS when a NaN is involved.
  __ j(parity_even, &unordered, Label::kNear);
  // Return a result of -1, 0, or 1, based on EFLAGS.
  __ setcc(above, rax);
  __ setcc(below, rcx);
1028
  __ subp(rax, rcx);
1029
  __ ret(0);
1030

1031 1032 1033
  // If one of the numbers was NaN, then the result is always false.
  // The cc is never not-equal.
  __ bind(&unordered);
1034
  DCHECK(cc != not_equal);
1035 1036 1037 1038
  if (cc == less || cc == less_equal) {
    __ Set(rax, 1);
  } else {
    __ Set(rax, -1);
1039
  }
1040 1041 1042 1043
  __ ret(0);

  // The number comparison code did not provide a valid result.
  __ bind(&non_number_comparison);
1044

1045
  // Fast negative check for internalized-to-internalized equality.
1046
  Label check_for_strings;
1047
  if (cc == equal) {
1048 1049 1050 1051 1052 1053
    BranchIfNotInternalizedString(
        masm, &check_for_strings, rax, kScratchRegister);
    BranchIfNotInternalizedString(
        masm, &check_for_strings, rdx, kScratchRegister);

    // We've already checked for object identity, so if both operands are
1054
    // internalized strings they aren't equal. Register rax (not rax) already
1055
    // holds a non-zero value, which indicates not equal, so just return.
1056 1057 1058 1059 1060
    __ ret(0);
  }

  __ bind(&check_for_strings);

1061 1062
  __ JumpIfNotBothSequentialOneByteStrings(rdx, rax, rcx, rbx,
                                           &check_unequal_objects);
1063

1064
  // Inline comparison of one-byte strings.
1065
  if (cc == equal) {
1066
    StringHelper::GenerateFlatOneByteStringEquals(masm, rdx, rax, rcx, rbx);
1067
  } else {
1068 1069
    StringHelper::GenerateCompareFlatOneByteStrings(masm, rdx, rax, rcx, rbx,
                                                    rdi, r8);
1070
  }
1071 1072

#ifdef DEBUG
1073
  __ Abort(kUnexpectedFallThroughFromStringComparison);
1074 1075 1076
#endif

  __ bind(&check_unequal_objects);
1077
  if (cc == equal && !strict()) {
1078 1079 1080
    // Not strict equality.  Objects are unequal if
    // they are both JSObjects and not undetectable,
    // and their pointers are different.
1081
    Label return_equal, return_unequal, undetectable;
1082 1083 1084 1085 1086
    // At most one is a smi, so we can test for smi by adding the two.
    // A smi plus a heap object has the low bit set, a heap object plus
    // a heap object has the low bit clear.
    STATIC_ASSERT(kSmiTag == 0);
    STATIC_ASSERT(kSmiTagMask == 1);
1087
    __ leap(rcx, Operand(rax, rdx, times_1, 0));
1088
    __ testb(rcx, Immediate(kSmiTagMask));
1089
    __ j(not_zero, &runtime_call, Label::kNear);
1090 1091 1092

    __ movp(rbx, FieldOperand(rax, HeapObject::kMapOffset));
    __ movp(rcx, FieldOperand(rdx, HeapObject::kMapOffset));
1093 1094
    __ testb(FieldOperand(rbx, Map::kBitFieldOffset),
             Immediate(1 << Map::kIsUndetectable));
1095
    __ j(not_zero, &undetectable, Label::kNear);
1096 1097
    __ testb(FieldOperand(rcx, Map::kBitFieldOffset),
             Immediate(1 << Map::kIsUndetectable));
1098
    __ j(not_zero, &return_unequal, Label::kNear);
1099 1100 1101 1102 1103 1104

    __ CmpInstanceType(rbx, FIRST_JS_RECEIVER_TYPE);
    __ j(below, &runtime_call, Label::kNear);
    __ CmpInstanceType(rcx, FIRST_JS_RECEIVER_TYPE);
    __ j(below, &runtime_call, Label::kNear);

1105
    __ bind(&return_unequal);
1106 1107 1108 1109 1110 1111
    // Return non-equal by returning the non-zero object pointer in rax.
    __ ret(0);

    __ bind(&undetectable);
    __ testb(FieldOperand(rcx, Map::kBitFieldOffset),
             Immediate(1 << Map::kIsUndetectable));
1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122
    __ j(zero, &return_unequal, Label::kNear);

    // If both sides are JSReceivers, then the result is false according to
    // the HTML specification, which says that only comparisons with null or
    // undefined are affected by special casing for document.all.
    __ CmpInstanceType(rbx, ODDBALL_TYPE);
    __ j(zero, &return_equal, Label::kNear);
    __ CmpInstanceType(rcx, ODDBALL_TYPE);
    __ j(not_zero, &return_unequal, Label::kNear);

    __ bind(&return_equal);
1123
    __ Set(rax, EQUAL);
1124 1125
    __ ret(0);
  }
1126
  __ bind(&runtime_call);
1127

1128
  if (cc == equal) {
1129 1130 1131 1132
    {
      FrameScope scope(masm, StackFrame::INTERNAL);
      __ Push(rdx);
      __ Push(rax);
1133
      __ CallRuntime(strict() ? Runtime::kStrictEqual : Runtime::kEqual);
1134 1135 1136 1137 1138 1139
    }
    // Turn true into 0 and false into some non-zero value.
    STATIC_ASSERT(EQUAL == 0);
    __ LoadRoot(rdx, Heap::kTrueValueRootIndex);
    __ subp(rax, rdx);
    __ Ret();
1140
  } else {
1141 1142 1143 1144
    // Push arguments below the return address to prepare jump to builtin.
    __ PopReturnAddressTo(rcx);
    __ Push(rdx);
    __ Push(rax);
1145
    __ Push(Smi::FromInt(NegativeComparisonResult(cc)));
1146
    __ PushReturnAddressFrom(rcx);
1147
    __ TailCallRuntime(Runtime::kCompare);
1148
  }
1149

1150 1151
  __ bind(&miss);
  GenerateMiss(masm);
1152 1153 1154
}


1155
static void CallStubInRecordCallTarget(MacroAssembler* masm, CodeStub* stub) {
1156 1157 1158 1159
  // rax : number of arguments to the construct function
  // rbx : feedback vector
  // rdx : slot in feedback vector (Smi)
  // rdi : the function to call
1160 1161
  FrameScope scope(masm, StackFrame::INTERNAL);

1162
  // Number-of-arguments register must be smi-tagged to call out.
1163 1164 1165 1166 1167 1168
  __ Integer32ToSmi(rax, rax);
  __ Push(rax);
  __ Push(rdi);
  __ Integer32ToSmi(rdx, rdx);
  __ Push(rdx);
  __ Push(rbx);
1169
  __ Push(rsi);
1170 1171 1172

  __ CallStub(stub);

1173
  __ Pop(rsi);
1174 1175 1176 1177 1178 1179 1180 1181
  __ Pop(rbx);
  __ Pop(rdx);
  __ Pop(rdi);
  __ Pop(rax);
  __ SmiToInteger32(rax, rax);
}


1182
static void GenerateRecordCallTarget(MacroAssembler* masm) {
1183
  // Cache the called function in a feedback vector slot.  Cache states
1184 1185
  // are uninitialized, monomorphic (indicated by a JSFunction), and
  // megamorphic.
1186
  // rax : number of arguments to the construct function
1187
  // rbx : feedback vector
1188
  // rdx : slot in feedback vector (Smi)
1189 1190
  // rdi : the function to call
  Isolate* isolate = masm->isolate();
1191 1192
  Label initialize, done, miss, megamorphic, not_array_function;
  Label done_initialize_count, done_increment_count;
1193

1194
  // Load the cache state into r11.
1195
  __ SmiToInteger32(rdx, rdx);
1196 1197
  __ movp(r11,
          FieldOperand(rbx, rdx, times_pointer_size, FixedArray::kHeaderSize));
1198 1199 1200

  // A monomorphic cache hit or an already megamorphic state: invoke the
  // function without changing the state.
1201
  // We don't know if r11 is a WeakCell or a Symbol, but it's harmless to read
1202 1203
  // at this position in a symbol (see static asserts in
  // type-feedback-vector.h).
1204
  Label check_allocation_site;
1205
  __ cmpp(rdi, FieldOperand(r11, WeakCell::kValueOffset));
1206
  __ j(equal, &done_increment_count, Label::kFar);
1207
  __ CompareRoot(r11, Heap::kmegamorphic_symbolRootIndex);
1208
  __ j(equal, &done, Label::kFar);
1209
  __ CompareRoot(FieldOperand(r11, HeapObject::kMapOffset),
1210
                 Heap::kWeakCellMapRootIndex);
1211
  __ j(not_equal, &check_allocation_site);
1212

1213
  // If the weak cell is cleared, we have a new chance to become monomorphic.
1214
  __ CheckSmi(FieldOperand(r11, WeakCell::kValueOffset));
1215 1216
  __ j(equal, &initialize);
  __ jmp(&megamorphic);
1217

1218 1219 1220 1221 1222 1223 1224 1225 1226
  __ bind(&check_allocation_site);
  // If we came here, we need to see if we are the array function.
  // If we didn't have a matching function, and we didn't find the megamorph
  // sentinel, then we have in the slot either some other function or an
  // AllocationSite.
  __ CompareRoot(FieldOperand(r11, 0), Heap::kAllocationSiteMapRootIndex);
  __ j(not_equal, &miss);

  // Make sure the function is the Array() function
1227
  __ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, r11);
1228 1229
  __ cmpp(rdi, r11);
  __ j(not_equal, &megamorphic);
1230
  __ jmp(&done_increment_count);
1231

1232
  __ bind(&miss);
1233

1234 1235
  // A monomorphic miss (i.e, here the cache is not uninitialized) goes
  // megamorphic.
1236
  __ CompareRoot(r11, Heap::kuninitialized_symbolRootIndex);
1237 1238 1239
  __ j(equal, &initialize);
  // MegamorphicSentinel is an immortal immovable object (undefined) so no
  // write-barrier is needed.
1240
  __ bind(&megamorphic);
1241
  __ Move(FieldOperand(rbx, rdx, times_pointer_size, FixedArray::kHeaderSize),
1242
          TypeFeedbackVector::MegamorphicSentinel(isolate));
1243
  __ jmp(&done);
1244

1245 1246 1247 1248
  // An uninitialized cache is patched with the function or sentinel to
  // indicate the ElementsKind if function is the Array constructor.
  __ bind(&initialize);

1249
  // Make sure the function is the Array() function
1250
  __ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, r11);
1251 1252
  __ cmpp(rdi, r11);
  __ j(not_equal, &not_array_function);
1253

1254
  CreateAllocationSiteStub create_stub(isolate);
1255
  CallStubInRecordCallTarget(masm, &create_stub);
1256
  __ jmp(&done_initialize_count);
1257

1258 1259
  __ bind(&not_array_function);
  CreateWeakCellStub weak_cell_stub(isolate);
1260
  CallStubInRecordCallTarget(masm, &weak_cell_stub);
1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275

  __ bind(&done_initialize_count);
  // Initialize the call counter.
  __ SmiToInteger32(rdx, rdx);
  __ Move(FieldOperand(rbx, rdx, times_pointer_size,
                       FixedArray::kHeaderSize + kPointerSize),
          Smi::FromInt(1));
  __ jmp(&done);

  __ bind(&done_increment_count);

  // Increment the call count for monomorphic function calls.
  __ SmiAddConstant(FieldOperand(rbx, rdx, times_pointer_size,
                                 FixedArray::kHeaderSize + kPointerSize),
                    Smi::FromInt(1));
1276

1277
  __ bind(&done);
1278
  __ Integer32ToSmi(rdx, rdx);
1279 1280 1281
}


1282
void CallConstructStub::Generate(MacroAssembler* masm) {
1283
  // rax : number of arguments
1284
  // rbx : feedback vector
1285
  // rdx : slot in feedback vector (Smi)
1286 1287
  // rdi : constructor function

1288 1289 1290 1291
  Label non_function;
  // Check that the constructor is not a smi.
  __ JumpIfSmi(rdi, &non_function);
  // Check that constructor is a JSFunction.
1292
  __ CmpObjectType(rdi, JS_FUNCTION_TYPE, r11);
1293
  __ j(not_equal, &non_function);
1294

1295
  GenerateRecordCallTarget(masm);
1296

1297 1298 1299 1300 1301 1302 1303 1304 1305
  __ SmiToInteger32(rdx, rdx);
  Label feedback_register_initialized;
  // Put the AllocationSite from the feedback vector into rbx, or undefined.
  __ movp(rbx,
          FieldOperand(rbx, rdx, times_pointer_size, FixedArray::kHeaderSize));
  __ CompareRoot(FieldOperand(rbx, 0), Heap::kAllocationSiteMapRootIndex);
  __ j(equal, &feedback_register_initialized, Label::kNear);
  __ LoadRoot(rbx, Heap::kUndefinedValueRootIndex);
  __ bind(&feedback_register_initialized);
1306

1307
  __ AssertUndefinedOrAllocationSite(rbx);
1308

1309
  // Pass new target to construct stub.
1310
  __ movp(rdx, rdi);
1311

1312 1313 1314 1315 1316 1317
  // Tail call to the function-specific construct stub (still in the caller
  // context at this point).
  __ movp(rcx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
  __ movp(rcx, FieldOperand(rcx, SharedFunctionInfo::kConstructStubOffset));
  __ leap(rcx, FieldOperand(rcx, Code::kHeaderSize));
  __ jmp(rcx);
1318

1319 1320 1321
  __ bind(&non_function);
  __ movp(rdx, rdi);
  __ Jump(isolate()->builtins()->Construct(), RelocInfo::CODE_TARGET);
1322 1323 1324
}


1325
void CallICStub::HandleArrayCase(MacroAssembler* masm, Label* miss) {
1326
  // rdi - function
1327
  // rdx - slot id
1328
  // rbx - vector
1329
  // rcx - allocation site (loaded from vector[slot]).
1330
  __ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, r8);
1331 1332
  __ cmpp(rdi, r8);
  __ j(not_equal, miss);
1333

1334 1335
  __ movp(rax, Immediate(arg_count()));

1336
  // Increment the call count for monomorphic function calls.
1337 1338
  __ SmiAddConstant(FieldOperand(rbx, rdx, times_pointer_size,
                                 FixedArray::kHeaderSize + kPointerSize),
1339
                    Smi::FromInt(1));
1340

1341 1342
  __ movp(rbx, rcx);
  __ movp(rdx, rdi);
1343 1344
  ArrayConstructorStub stub(masm->isolate(), arg_count());
  __ TailCallStub(&stub);
1345 1346 1347
}


1348
void CallICStub::Generate(MacroAssembler* masm) {
1349 1350 1351 1352 1353
  // ----------- S t a t e -------------
  // -- rdi - function
  // -- rdx - slot id
  // -- rbx - vector
  // -----------------------------------
1354
  Isolate* isolate = masm->isolate();
1355
  Label extra_checks_or_miss, call, call_function;
1356 1357 1358
  int argc = arg_count();
  StackArgumentsAccessor args(rsp, argc);
  ParameterCount actual(argc);
1359 1360 1361

  // The checks. First, does rdi match the recorded monomorphic target?
  __ SmiToInteger32(rdx, rdx);
1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379
  __ movp(rcx,
          FieldOperand(rbx, rdx, times_pointer_size, FixedArray::kHeaderSize));

  // We don't know that we have a weak cell. We might have a private symbol
  // or an AllocationSite, but the memory is safe to examine.
  // AllocationSite::kTransitionInfoOffset - contains a Smi or pointer to
  // FixedArray.
  // WeakCell::kValueOffset - contains a JSFunction or Smi(0)
  // Symbol::kHashFieldSlot - if the low bit is 1, then the hash is not
  // computed, meaning that it can't appear to be a pointer. If the low bit is
  // 0, then hash is computed, but the 0 bit prevents the field from appearing
  // to be a pointer.
  STATIC_ASSERT(WeakCell::kSize >= kPointerSize);
  STATIC_ASSERT(AllocationSite::kTransitionInfoOffset ==
                    WeakCell::kValueOffset &&
                WeakCell::kValueOffset == Symbol::kHashFieldSlot);

  __ cmpp(rdi, FieldOperand(rcx, WeakCell::kValueOffset));
1380 1381
  __ j(not_equal, &extra_checks_or_miss);

1382 1383 1384 1385
  // The compare above could have been a SMI/SMI comparison. Guard against this
  // convincing us that we have a monomorphic JSFunction.
  __ JumpIfSmi(rdi, &extra_checks_or_miss);

1386 1387 1388
  // Increment the call count for monomorphic function calls.
  __ SmiAddConstant(FieldOperand(rbx, rdx, times_pointer_size,
                                 FixedArray::kHeaderSize + kPointerSize),
1389
                    Smi::FromInt(1));
1390

1391
  __ bind(&call_function);
1392
  __ Set(rax, argc);
ishell's avatar
ishell committed
1393 1394
  __ Jump(masm->isolate()->builtins()->CallFunction(convert_mode(),
                                                    tail_call_mode()),
1395
          RelocInfo::CODE_TARGET);
1396 1397

  __ bind(&extra_checks_or_miss);
1398
  Label uninitialized, miss, not_allocation_site;
1399

1400
  __ Cmp(rcx, TypeFeedbackVector::MegamorphicSentinel(isolate));
1401
  __ j(equal, &call);
1402

1403 1404 1405 1406 1407 1408 1409 1410 1411 1412
  // Check if we have an allocation site.
  __ CompareRoot(FieldOperand(rcx, HeapObject::kMapOffset),
                 Heap::kAllocationSiteMapRootIndex);
  __ j(not_equal, &not_allocation_site);

  // We have an allocation site.
  HandleArrayCase(masm, &miss);

  __ bind(&not_allocation_site);

1413 1414 1415 1416 1417 1418
  // The following cases attempt to handle MISS cases without going to the
  // runtime.
  if (FLAG_trace_ic) {
    __ jmp(&miss);
  }

1419
  __ Cmp(rcx, TypeFeedbackVector::UninitializedSentinel(isolate));
1420 1421 1422 1423 1424 1425 1426 1427 1428
  __ j(equal, &uninitialized);

  // We are going megamorphic. If the feedback is a JSFunction, it is fine
  // to handle it here. More complex cases are dealt with in the runtime.
  __ AssertNotSmi(rcx);
  __ CmpObjectType(rcx, JS_FUNCTION_TYPE, rcx);
  __ j(not_equal, &miss);
  __ Move(FieldOperand(rbx, rdx, times_pointer_size, FixedArray::kHeaderSize),
          TypeFeedbackVector::MegamorphicSentinel(isolate));
1429 1430

  __ bind(&call);
1431
  __ Set(rax, argc);
ishell's avatar
ishell committed
1432
  __ Jump(masm->isolate()->builtins()->Call(convert_mode(), tail_call_mode()),
1433
          RelocInfo::CODE_TARGET);
1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445

  __ bind(&uninitialized);

  // We are going monomorphic, provided we actually have a JSFunction.
  __ JumpIfSmi(rdi, &miss);

  // Goto miss case if we do not have a function.
  __ CmpObjectType(rdi, JS_FUNCTION_TYPE, rcx);
  __ j(not_equal, &miss);

  // Make sure the function is not the Array() function, which requires special
  // behavior on MISS.
1446
  __ LoadNativeContextSlot(Context::ARRAY_FUNCTION_INDEX, rcx);
1447
  __ cmpp(rdi, rcx);
1448 1449
  __ j(equal, &miss);

1450
  // Make sure the function belongs to the same native context.
1451
  __ movp(rcx, FieldOperand(rdi, JSFunction::kContextOffset));
1452 1453
  __ movp(rcx, ContextOperand(rcx, Context::NATIVE_CONTEXT_INDEX));
  __ cmpp(rcx, NativeContextOperand());
1454 1455
  __ j(not_equal, &miss);

1456 1457 1458
  // Initialize the call counter.
  __ Move(FieldOperand(rbx, rdx, times_pointer_size,
                       FixedArray::kHeaderSize + kPointerSize),
1459
          Smi::FromInt(1));
1460

1461 1462 1463 1464 1465 1466 1467 1468 1469 1470
  // Store the function. Use a stub since we need a frame for allocation.
  // rbx - vector
  // rdx - slot (needs to be in smi form)
  // rdi - function
  {
    FrameScope scope(masm, StackFrame::INTERNAL);
    CreateWeakCellStub create_stub(isolate);

    __ Integer32ToSmi(rdx, rdx);
    __ Push(rdi);
1471
    __ Push(rsi);
1472
    __ CallStub(&create_stub);
1473
    __ Pop(rsi);
1474 1475
    __ Pop(rdi);
  }
1476

1477
  __ jmp(&call_function);
1478

1479 1480
  // We are here because tracing is on or we encountered a MISS case we can't
  // handle here.
1481
  __ bind(&miss);
1482
  GenerateMiss(masm);
1483

1484
  __ jmp(&call);
1485 1486 1487 1488 1489 1490

  // Unreachable
  __ int3();
}


1491
void CallICStub::GenerateMiss(MacroAssembler* masm) {
1492
  FrameScope scope(masm, StackFrame::INTERNAL);
1493

1494 1495 1496 1497 1498
  // Push the receiver and the function and feedback info.
  __ Push(rdi);
  __ Push(rbx);
  __ Integer32ToSmi(rdx, rdx);
  __ Push(rdx);
1499

1500
  // Call the entry.
1501
  __ CallRuntime(Runtime::kCallIC_Miss);
1502

1503 1504
  // Move result to edi and exit the internal frame.
  __ movp(rdi, rax);
1505 1506 1507
}


1508 1509 1510 1511 1512
bool CEntryStub::NeedsImmovableCode() {
  return false;
}


1513 1514 1515
void CodeStub::GenerateStubsAheadOfTime(Isolate* isolate) {
  CEntryStub::GenerateAheadOfTime(isolate);
  StoreBufferOverflowStub::GenerateFixedRegStubsAheadOfTime(isolate);
1516
  StubFailureTrampolineStub::GenerateAheadOfTime(isolate);
1517
  // It is important that the store buffer overflow stubs are generated first.
1518
  CommonArrayConstructorStub::GenerateStubsAheadOfTime(isolate);
1519
  CreateAllocationSiteStub::GenerateAheadOfTime(isolate);
1520
  CreateWeakCellStub::GenerateAheadOfTime(isolate);
1521
  BinaryOpICStub::GenerateAheadOfTime(isolate);
1522
  BinaryOpICWithAllocationSiteStub::GenerateAheadOfTime(isolate);
1523
  StoreFastElementStub::GenerateAheadOfTime(isolate);
1524 1525 1526
}


1527
void CodeStub::GenerateFPStubs(Isolate* isolate) {
1528 1529 1530
}


1531
void CEntryStub::GenerateAheadOfTime(Isolate* isolate) {
1532
  CEntryStub stub(isolate, 1, kDontSaveFPRegs);
1533
  stub.GetCode();
1534
  CEntryStub save_doubles(isolate, 1, kSaveFPRegs);
1535
  save_doubles.GetCode();
1536 1537 1538
}


1539 1540 1541 1542 1543 1544
void CEntryStub::Generate(MacroAssembler* masm) {
  // rax: number of arguments including receiver
  // rbx: pointer to C function  (C callee-saved)
  // rbp: frame pointer of calling JS frame (restored after C call)
  // rsp: stack pointer  (restored after C call)
  // rsi: current context (restored)
1545 1546 1547
  //
  // If argv_in_register():
  // r15: pointer to the first argument
1548 1549 1550 1551

  ProfileEntryHookStub::MaybeCallEntryHook(masm);

#ifdef _WIN64
1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572
  // Windows 64-bit ABI passes arguments in rcx, rdx, r8, r9. It requires the
  // stack to be aligned to 16 bytes. It only allows a single-word to be
  // returned in register rax. Larger return sizes must be written to an address
  // passed as a hidden first argument.
  const Register kCCallArg0 = rcx;
  const Register kCCallArg1 = rdx;
  const Register kCCallArg2 = r8;
  const Register kCCallArg3 = r9;
  const int kArgExtraStackSpace = 2;
  const int kMaxRegisterResultSize = 1;
#else
  // GCC / Clang passes arguments in rdi, rsi, rdx, rcx, r8, r9. Simple results
  // are returned in rax, and a struct of two pointers are returned in rax+rdx.
  // Larger return sizes must be written to an address passed as a hidden first
  // argument.
  const Register kCCallArg0 = rdi;
  const Register kCCallArg1 = rsi;
  const Register kCCallArg2 = rdx;
  const Register kCCallArg3 = rcx;
  const int kArgExtraStackSpace = 0;
  const int kMaxRegisterResultSize = 2;
1573
#endif  // _WIN64
1574 1575 1576 1577 1578

  // Enter the exit frame that transitions from JavaScript to C++.
  int arg_stack_space =
      kArgExtraStackSpace +
      (result_size() <= kMaxRegisterResultSize ? 0 : result_size());
1579 1580
  if (argv_in_register()) {
    DCHECK(!save_doubles());
1581
    DCHECK(!is_builtin_exit());
1582 1583 1584 1585
    __ EnterApiExitFrame(arg_stack_space);
    // Move argc into r14 (argv is already in r15).
    __ movp(r14, rax);
  } else {
1586 1587 1588
    __ EnterExitFrame(
        arg_stack_space, save_doubles(),
        is_builtin_exit() ? StackFrame::BUILTIN_EXIT : StackFrame::EXIT);
1589
  }
1590 1591 1592 1593

  // rbx: pointer to builtin function  (C callee-saved).
  // rbp: frame pointer of exit frame  (restored after C call).
  // rsp: stack pointer (restored after C call).
1594
  // r14: number of arguments including receiver (C callee-saved).
1595
  // r15: argv pointer (C callee-saved).
1596 1597 1598 1599 1600 1601

  // Check stack alignment.
  if (FLAG_debug_code) {
    __ CheckStackAlignment();
  }

1602 1603 1604
  // Call C function. The arguments object will be created by stubs declared by
  // DECLARE_RUNTIME_FUNCTION().
  if (result_size() <= kMaxRegisterResultSize) {
1605
    // Pass a pointer to the Arguments object as the first argument.
1606 1607 1608 1609
    // Return result in single register (rax), or a register pair (rax, rdx).
    __ movp(kCCallArg0, r14);  // argc.
    __ movp(kCCallArg1, r15);  // argv.
    __ Move(kCCallArg2, ExternalReference::isolate_address(isolate()));
1610
  } else {
1611
    DCHECK_LE(result_size(), 3);
1612
    // Pass a pointer to the result location as the first argument.
1613
    __ leap(kCCallArg0, StackSpaceOperand(kArgExtraStackSpace));
1614
    // Pass a pointer to the Arguments object as the second argument.
1615 1616 1617
    __ movp(kCCallArg1, r14);  // argc.
    __ movp(kCCallArg2, r15);  // argv.
    __ Move(kCCallArg3, ExternalReference::isolate_address(isolate()));
1618 1619 1620
  }
  __ call(rbx);

1621
  if (result_size() > kMaxRegisterResultSize) {
1622
    // Read result values stored on stack. Result is stored
1623 1624 1625 1626 1627 1628 1629
    // above the the two Arguments object slots on Win64.
    DCHECK_LE(result_size(), 3);
    __ movq(kReturnRegister0, StackSpaceOperand(kArgExtraStackSpace + 0));
    __ movq(kReturnRegister1, StackSpaceOperand(kArgExtraStackSpace + 1));
    if (result_size() > 2) {
      __ movq(kReturnRegister2, StackSpaceOperand(kArgExtraStackSpace + 2));
    }
1630
  }
1631
  // Result is in rax, rdx:rax or r8:rdx:rax - do not destroy these registers!
1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642

  // Check result for exception sentinel.
  Label exception_returned;
  __ CompareRoot(rax, Heap::kExceptionRootIndex);
  __ j(equal, &exception_returned);

  // Check that there is no pending exception, otherwise we
  // should have returned the exception sentinel.
  if (FLAG_debug_code) {
    Label okay;
    __ LoadRoot(r14, Heap::kTheHoleValueRootIndex);
1643 1644
    ExternalReference pending_exception_address(
        Isolate::kPendingExceptionAddress, isolate());
1645 1646 1647 1648 1649 1650 1651
    Operand pending_exception_operand =
        masm->ExternalOperand(pending_exception_address);
    __ cmpp(r14, pending_exception_operand);
    __ j(equal, &okay, Label::kNear);
    __ int3();
    __ bind(&okay);
  }
1652 1653

  // Exit the JavaScript to C++ exit frame.
1654
  __ LeaveExitFrame(save_doubles(), !argv_in_register());
1655 1656
  __ ret(0);

1657 1658
  // Handling of exception.
  __ bind(&exception_returned);
1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672

  ExternalReference pending_handler_context_address(
      Isolate::kPendingHandlerContextAddress, isolate());
  ExternalReference pending_handler_code_address(
      Isolate::kPendingHandlerCodeAddress, isolate());
  ExternalReference pending_handler_offset_address(
      Isolate::kPendingHandlerOffsetAddress, isolate());
  ExternalReference pending_handler_fp_address(
      Isolate::kPendingHandlerFPAddress, isolate());
  ExternalReference pending_handler_sp_address(
      Isolate::kPendingHandlerSPAddress, isolate());

  // Ask the runtime for help to determine the handler. This will set rax to
  // contain the current pending exception, don't clobber it.
1673 1674
  ExternalReference find_handler(Runtime::kUnwindAndFindExceptionHandler,
                                 isolate());
1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688
  {
    FrameScope scope(masm, StackFrame::MANUAL);
    __ movp(arg_reg_1, Immediate(0));  // argc.
    __ movp(arg_reg_2, Immediate(0));  // argv.
    __ Move(arg_reg_3, ExternalReference::isolate_address(isolate()));
    __ PrepareCallCFunction(3);
    __ CallCFunction(find_handler, 3);
  }

  // Retrieve the handler context, SP and FP.
  __ movp(rsi, masm->ExternalOperand(pending_handler_context_address));
  __ movp(rsp, masm->ExternalOperand(pending_handler_sp_address));
  __ movp(rbp, masm->ExternalOperand(pending_handler_fp_address));

1689 1690
  // If the handler is a JS frame, restore the context to the frame. Note that
  // the context will be set to (rsi == 0) for non-JS frames.
1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701
  Label skip;
  __ testp(rsi, rsi);
  __ j(zero, &skip, Label::kNear);
  __ movp(Operand(rbp, StandardFrameConstants::kContextOffset), rsi);
  __ bind(&skip);

  // Compute the handler entry address and jump to it.
  __ movp(rdi, masm->ExternalOperand(pending_handler_code_address));
  __ movp(rdx, masm->ExternalOperand(pending_handler_offset_address));
  __ leap(rdi, FieldOperand(rdi, rdx, times_1, Code::kHeaderSize));
  __ jmp(rdi);
1702 1703 1704
}


1705
void JSEntryStub::Generate(MacroAssembler* masm) {
1706
  Label invoke, handler_entry, exit;
1707
  Label not_outermost_js, not_outermost_js_2;
1708

1709 1710
  ProfileEntryHookStub::MaybeCallEntryHook(masm);

1711 1712
  {  // NOLINT. Scope block confuses linter.
    MacroAssembler::NoRootArrayScope uninitialized_root_register(masm);
1713
    // Set up frame.
1714
    __ pushq(rbp);
1715
    __ movp(rbp, rsp);
1716

1717
    // Push the stack frame type.
1718
    int marker = type();
1719 1720 1721 1722
    __ Push(Smi::FromInt(marker));  // context slot
    ExternalReference context_address(Isolate::kContextAddress, isolate());
    __ Load(kScratchRegister, context_address);
    __ Push(kScratchRegister);  // context
1723 1724 1725 1726 1727
    // Save callee-saved registers (X64/X32/Win64 calling conventions).
    __ pushq(r12);
    __ pushq(r13);
    __ pushq(r14);
    __ pushq(r15);
1728
#ifdef _WIN64
1729 1730
    __ pushq(rdi);  // Only callee save in Win64 ABI, argument in AMD64 ABI.
    __ pushq(rsi);  // Only callee save in Win64 ABI, argument in AMD64 ABI.
1731
#endif
1732
    __ pushq(rbx);
1733 1734 1735

#ifdef _WIN64
    // On Win64 XMM6-XMM15 are callee-save
1736
    __ subp(rsp, Immediate(EntryFrameConstants::kXMMRegistersBlockSize));
1737 1738 1739 1740 1741 1742 1743 1744 1745 1746
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 0), xmm6);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 1), xmm7);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 2), xmm8);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 3), xmm9);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 4), xmm10);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 5), xmm11);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 6), xmm12);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 7), xmm13);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 8), xmm14);
    __ movdqu(Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 9), xmm15);
1747
#endif
1748 1749 1750 1751 1752

    // Set up the roots and smi constant registers.
    // Needs to be done before any further smi loads.
    __ InitializeRootRegister();
  }
1753 1754

  // Save copies of the top frame descriptor on the stack.
1755
  ExternalReference c_entry_fp(Isolate::kCEntryFPAddress, isolate());
1756 1757
  {
    Operand c_entry_fp_operand = masm->ExternalOperand(c_entry_fp);
1758
    __ Push(c_entry_fp_operand);
1759
  }
1760 1761

  // If this is the outermost JS call, set js_entry_sp value.
1762
  ExternalReference js_entry_sp(Isolate::kJSEntrySPAddress, isolate());
1763
  __ Load(rax, js_entry_sp);
1764
  __ testp(rax, rax);
1765
  __ j(not_zero, &not_outermost_js);
1766
  __ Push(Smi::FromInt(StackFrame::OUTERMOST_JSENTRY_FRAME));
1767
  __ movp(rax, rbp);
1768
  __ Store(js_entry_sp, rax);
1769 1770
  Label cont;
  __ jmp(&cont);
1771
  __ bind(&not_outermost_js);
1772 1773
  __ Push(Smi::FromInt(StackFrame::INNER_JSENTRY_FRAME));
  __ bind(&cont);
1774

1775 1776 1777 1778 1779 1780 1781
  // Jump to a faked try block that does the invoke, with a faked catch
  // block that sets the pending exception.
  __ jmp(&invoke);
  __ bind(&handler_entry);
  handler_offset_ = handler_entry.pos();
  // Caught exception: Store result (exception) in the pending exception
  // field in the JSEnv and return a failure sentinel.
1782
  ExternalReference pending_exception(Isolate::kPendingExceptionAddress,
1783
                                      isolate());
1784
  __ Store(pending_exception, rax);
1785
  __ LoadRoot(rax, Heap::kExceptionRootIndex);
1786 1787
  __ jmp(&exit);

1788
  // Invoke: Link this frame into the handler chain.
1789
  __ bind(&invoke);
1790
  __ PushStackHandler();
1791 1792

  // Fake a receiver (NULL).
1793
  __ Push(Immediate(0));  // receiver
1794

1795 1796 1797 1798 1799
  // Invoke the function by calling through JS entry trampoline builtin and
  // pop the faked function when we return. We load the address from an
  // external reference instead of inlining the call target address directly
  // in the code, because the builtin stubs may not have been generated yet
  // at the time this code is generated.
1800
  if (type() == StackFrame::ENTRY_CONSTRUCT) {
1801
    ExternalReference construct_entry(Builtins::kJSConstructEntryTrampoline,
1802
                                      isolate());
1803
    __ Load(rax, construct_entry);
1804
  } else {
1805
    ExternalReference entry(Builtins::kJSEntryTrampoline, isolate());
1806
    __ Load(rax, entry);
1807
  }
1808
  __ leap(kScratchRegister, FieldOperand(rax, Code::kHeaderSize));
1809 1810 1811
  __ call(kScratchRegister);

  // Unlink this frame from the handler chain.
1812
  __ PopStackHandler();
1813

1814 1815
  __ bind(&exit);
  // Check if the current stack frame is marked as the outermost JS frame.
1816
  __ Pop(rbx);
1817
  __ Cmp(rbx, Smi::FromInt(StackFrame::OUTERMOST_JSENTRY_FRAME));
1818
  __ j(not_equal, &not_outermost_js_2);
1819
  __ Move(kScratchRegister, js_entry_sp);
1820
  __ movp(Operand(kScratchRegister, 0), Immediate(0));
1821 1822 1823
  __ bind(&not_outermost_js_2);

  // Restore the top frame descriptor from the stack.
1824
  { Operand c_entry_fp_operand = masm->ExternalOperand(c_entry_fp);
1825
    __ Pop(c_entry_fp_operand);
1826
  }
1827 1828

  // Restore callee-saved registers (X64 conventions).
1829 1830
#ifdef _WIN64
  // On Win64 XMM6-XMM15 are callee-save
1831 1832 1833
  __ movdqu(xmm6, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 0));
  __ movdqu(xmm7, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 1));
  __ movdqu(xmm8, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 2));
1834
  __ movdqu(xmm9, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 3));
1835 1836 1837 1838 1839 1840
  __ movdqu(xmm10, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 4));
  __ movdqu(xmm11, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 5));
  __ movdqu(xmm12, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 6));
  __ movdqu(xmm13, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 7));
  __ movdqu(xmm14, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 8));
  __ movdqu(xmm15, Operand(rsp, EntryFrameConstants::kXMMRegisterSize * 9));
1841
  __ addp(rsp, Immediate(EntryFrameConstants::kXMMRegistersBlockSize));
1842 1843
#endif

1844
  __ popq(rbx);
1845 1846
#ifdef _WIN64
  // Callee save on in Win64 ABI, arguments/volatile in AMD64 ABI.
1847 1848
  __ popq(rsi);
  __ popq(rdi);
1849
#endif
1850 1851 1852 1853
  __ popq(r15);
  __ popq(r14);
  __ popq(r13);
  __ popq(r12);
1854
  __ addp(rsp, Immediate(2 * kPointerSize));  // remove markers
1855 1856

  // Restore frame pointer and return.
1857
  __ popq(rbp);
1858 1859 1860 1861 1862 1863 1864 1865 1866
  __ ret(0);
}


// -------------------------------------------------------------------------
// StringCharCodeAtGenerator

void StringCharCodeAtGenerator::GenerateFast(MacroAssembler* masm) {
  // If the receiver is a smi trigger the non-string case.
1867 1868 1869 1870 1871 1872 1873 1874 1875 1876
  if (check_mode_ == RECEIVER_IS_UNKNOWN) {
    __ JumpIfSmi(object_, receiver_not_string_);

    // Fetch the instance type of the receiver into result register.
    __ movp(result_, FieldOperand(object_, HeapObject::kMapOffset));
    __ movzxbl(result_, FieldOperand(result_, Map::kInstanceTypeOffset));
    // If the receiver is not a string trigger the non-string case.
    __ testb(result_, Immediate(kIsNotStringMask));
    __ j(not_zero, receiver_not_string_);
  }
1877 1878 1879 1880 1881 1882

  // If the index is non-smi trigger the non-smi case.
  __ JumpIfNotSmi(index_, &index_not_smi_);
  __ bind(&got_smi_index_);

  // Check for index out of range.
1883
  __ SmiCompare(index_, FieldOperand(object_, String::kLengthOffset));
1884 1885
  __ j(above_equal, index_out_of_range_);

1886
  __ SmiToInteger32(index_, index_);
1887 1888 1889 1890

  StringCharLoadGenerator::Generate(
      masm, object_, index_, result_, &call_runtime_);

1891 1892 1893 1894 1895 1896
  __ Integer32ToSmi(result_, result_);
  __ bind(&exit_);
}


void StringCharCodeAtGenerator::GenerateSlow(
1897
    MacroAssembler* masm, EmbedMode embed_mode,
1898
    const RuntimeCallHelper& call_helper) {
1899
  __ Abort(kUnexpectedFallthroughToCharCodeAtSlowCase);
1900

1901
  Factory* factory = masm->isolate()->factory();
1902 1903 1904
  // Index is not a smi.
  __ bind(&index_not_smi_);
  // If index is a heap number, try converting it to an integer.
1905 1906 1907 1908
  __ CheckMap(index_,
              factory->heap_number_map(),
              index_not_number_,
              DONT_DO_SMI_CHECK);
1909
  call_helper.BeforeCall(masm);
1910
  if (embed_mode == PART_OF_IC_HANDLER) {
1911 1912
    __ Push(LoadWithVectorDescriptor::VectorRegister());
    __ Push(LoadDescriptor::SlotRegister());
1913
  }
1914 1915
  __ Push(object_);
  __ Push(index_);  // Consumed by runtime conversion function.
1916
  __ CallRuntime(Runtime::kNumberToSmi);
1917
  if (!index_.is(rax)) {
1918 1919
    // Save the conversion result before the pop instructions below
    // have a chance to overwrite it.
1920
    __ movp(index_, rax);
1921
  }
1922
  __ Pop(object_);
1923
  if (embed_mode == PART_OF_IC_HANDLER) {
1924 1925
    __ Pop(LoadDescriptor::SlotRegister());
    __ Pop(LoadWithVectorDescriptor::VectorRegister());
1926
  }
1927
  // Reload the instance type.
1928
  __ movp(result_, FieldOperand(object_, HeapObject::kMapOffset));
1929 1930 1931
  __ movzxbl(result_, FieldOperand(result_, Map::kInstanceTypeOffset));
  call_helper.AfterCall(masm);
  // If index is still not a smi, it must be out of range.
1932
  __ JumpIfNotSmi(index_, index_out_of_range_);
1933 1934 1935 1936 1937 1938 1939 1940
  // Otherwise, return to the fast path.
  __ jmp(&got_smi_index_);

  // Call runtime. We get here when the receiver is a string and the
  // index is a number, but the code of getting the actual character
  // is too complex (e.g., when the string needs to be flattened).
  __ bind(&call_runtime_);
  call_helper.BeforeCall(masm);
1941
  __ Push(object_);
1942
  __ Integer32ToSmi(index_, index_);
1943
  __ Push(index_);
1944
  __ CallRuntime(Runtime::kStringCharCodeAtRT);
1945
  if (!result_.is(rax)) {
1946
    __ movp(result_, rax);
1947 1948 1949 1950
  }
  call_helper.AfterCall(masm);
  __ jmp(&exit_);

1951
  __ Abort(kUnexpectedFallthroughFromCharCodeAtSlowCase);
1952 1953 1954 1955 1956 1957 1958 1959 1960
}


// -------------------------------------------------------------------------
// StringCharFromCodeGenerator

void StringCharFromCodeGenerator::GenerateFast(MacroAssembler* masm) {
  // Fast case of Heap::LookupSingleCharacterStringFromCode.
  __ JumpIfNotSmi(code_, &slow_case_);
1961
  __ SmiCompare(code_, Smi::FromInt(String::kMaxOneByteCharCode));
1962 1963 1964 1965
  __ j(above, &slow_case_);

  __ LoadRoot(result_, Heap::kSingleCharacterStringCacheRootIndex);
  SmiIndex index = masm->SmiToIndex(kScratchRegister, code_, kPointerSizeLog2);
1966
  __ movp(result_, FieldOperand(result_, index.reg, index.scale,
1967 1968 1969 1970 1971 1972 1973 1974
                                FixedArray::kHeaderSize));
  __ CompareRoot(result_, Heap::kUndefinedValueRootIndex);
  __ j(equal, &slow_case_);
  __ bind(&exit_);
}


void StringCharFromCodeGenerator::GenerateSlow(
1975 1976
    MacroAssembler* masm,
    const RuntimeCallHelper& call_helper) {
1977
  __ Abort(kUnexpectedFallthroughToCharFromCodeSlowCase);
1978 1979 1980

  __ bind(&slow_case_);
  call_helper.BeforeCall(masm);
1981
  __ Push(code_);
1982
  __ CallRuntime(Runtime::kStringCharFromCode);
1983
  if (!result_.is(rax)) {
1984
    __ movp(result_, rax);
1985 1986 1987 1988
  }
  call_helper.AfterCall(masm);
  __ jmp(&exit_);

1989
  __ Abort(kUnexpectedFallthroughFromCharFromCodeSlowCase);
1990 1991 1992
}


1993 1994 1995 1996 1997
void StringHelper::GenerateCopyCharacters(MacroAssembler* masm,
                                          Register dest,
                                          Register src,
                                          Register count,
                                          String::Encoding encoding) {
1998
  // Nothing to do for zero characters.
1999
  Label done;
2000
  __ testl(count, count);
2001
  __ j(zero, &done, Label::kNear);
2002 2003

  // Make count the number of bytes to copy.
2004
  if (encoding == String::TWO_BYTE_ENCODING) {
2005 2006 2007 2008 2009 2010 2011 2012 2013
    STATIC_ASSERT(2 == sizeof(uc16));
    __ addl(count, count);
  }

  // Copy remaining characters.
  Label loop;
  __ bind(&loop);
  __ movb(kScratchRegister, Operand(src, 0));
  __ movb(Operand(dest, 0), kScratchRegister);
2014 2015
  __ incp(src);
  __ incp(dest);
2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
  __ decl(count);
  __ j(not_zero, &loop);

  __ bind(&done);
}


void SubStringStub::Generate(MacroAssembler* masm) {
  Label runtime;

  // Stack frame on entry.
2027 2028 2029 2030
  //  rsp[0]  : return address
  //  rsp[8]  : to
  //  rsp[16] : from
  //  rsp[24] : string
2031

2032 2033 2034 2035 2036 2037 2038 2039 2040
  enum SubStringStubArgumentIndices {
    STRING_ARGUMENT_INDEX,
    FROM_ARGUMENT_INDEX,
    TO_ARGUMENT_INDEX,
    SUB_STRING_ARGUMENT_COUNT
  };

  StackArgumentsAccessor args(rsp, SUB_STRING_ARGUMENT_COUNT,
                              ARGUMENTS_DONT_CONTAIN_RECEIVER);
2041 2042

  // Make sure first argument is a string.
2043
  __ movp(rax, args.GetArgumentOperand(STRING_ARGUMENT_INDEX));
2044 2045 2046 2047 2048 2049 2050 2051 2052
  STATIC_ASSERT(kSmiTag == 0);
  __ testl(rax, Immediate(kSmiTagMask));
  __ j(zero, &runtime);
  Condition is_string = masm->IsObjectStringType(rax, rbx, rbx);
  __ j(NegateCondition(is_string), &runtime);

  // rax: string
  // rbx: instance type
  // Calculate length of sub string using the smi values.
2053 2054
  __ movp(rcx, args.GetArgumentOperand(TO_ARGUMENT_INDEX));
  __ movp(rdx, args.GetArgumentOperand(FROM_ARGUMENT_INDEX));
2055
  __ JumpUnlessBothNonNegativeSmi(rcx, rdx, &runtime);
2056

2057
  __ SmiSub(rcx, rcx, rdx);  // Overflow doesn't happen.
2058
  __ cmpp(rcx, FieldOperand(rax, String::kLengthOffset));
2059
  Label not_original_string;
2060 2061 2062 2063 2064
  // Shorter than original string's length: an actual substring.
  __ j(below, &not_original_string, Label::kNear);
  // Longer than original string's length or negative: unsafe arguments.
  __ j(above, &runtime);
  // Return original string.
2065
  Counters* counters = isolate()->counters();
2066
  __ IncrementCounter(counters->sub_string_native(), 1);
2067
  __ ret(SUB_STRING_ARGUMENT_COUNT * kPointerSize);
2068
  __ bind(&not_original_string);
2069 2070 2071 2072 2073

  Label single_char;
  __ SmiCompare(rcx, Smi::FromInt(1));
  __ j(equal, &single_char);

2074
  __ SmiToInteger32(rcx, rcx);
2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093

  // rax: string
  // rbx: instance type
  // rcx: sub string length
  // rdx: from index (smi)
  // Deal with different string types: update the index if necessary
  // and put the underlying string into edi.
  Label underlying_unpacked, sliced_string, seq_or_external_string;
  // If the string is not indirect, it can only be sequential or external.
  STATIC_ASSERT(kIsIndirectStringMask == (kSlicedStringTag & kConsStringTag));
  STATIC_ASSERT(kIsIndirectStringMask != 0);
  __ testb(rbx, Immediate(kIsIndirectStringMask));
  __ j(zero, &seq_or_external_string, Label::kNear);

  __ testb(rbx, Immediate(kSlicedNotConsMask));
  __ j(not_zero, &sliced_string, Label::kNear);
  // Cons string.  Check whether it is flat, then fetch first part.
  // Flat cons strings have an empty second part.
  __ CompareRoot(FieldOperand(rax, ConsString::kSecondOffset),
2094
                 Heap::kempty_stringRootIndex);
2095
  __ j(not_equal, &runtime);
2096
  __ movp(rdi, FieldOperand(rax, ConsString::kFirstOffset));
2097
  // Update instance type.
2098
  __ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
2099 2100 2101 2102 2103
  __ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
  __ jmp(&underlying_unpacked, Label::kNear);

  __ bind(&sliced_string);
  // Sliced string.  Fetch parent and correct start index by offset.
2104
  __ addp(rdx, FieldOperand(rax, SlicedString::kOffsetOffset));
2105
  __ movp(rdi, FieldOperand(rax, SlicedString::kParentOffset));
2106
  // Update instance type.
2107
  __ movp(rbx, FieldOperand(rdi, HeapObject::kMapOffset));
2108
  __ movzxbl(rbx, FieldOperand(rbx, Map::kInstanceTypeOffset));
2109 2110 2111 2112
  __ jmp(&underlying_unpacked, Label::kNear);

  __ bind(&seq_or_external_string);
  // Sequential or external string.  Just move string to the correct register.
2113
  __ movp(rdi, rax);
2114 2115

  __ bind(&underlying_unpacked);
2116

2117 2118
  if (FLAG_string_slices) {
    Label copy_routine;
2119 2120 2121 2122
    // rdi: underlying subject string
    // rbx: instance type of underlying subject string
    // rdx: adjusted start index (smi)
    // rcx: length
2123 2124
    // If coming from the make_two_character_string path, the string
    // is too short to be sliced anyways.
2125
    __ cmpp(rcx, Immediate(SlicedString::kMinLength));
2126 2127 2128 2129 2130 2131 2132 2133
    // Short slice.  Copy instead of slicing.
    __ j(less, &copy_routine);
    // Allocate new sliced string.  At this point we do not reload the instance
    // type including the string encoding because we simply rely on the info
    // provided by the original string.  It does not matter if the original
    // string's encoding is wrong because we always have to recheck encoding of
    // the newly created string's parent anyways due to externalized strings.
    Label two_byte_slice, set_slice_header;
2134
    STATIC_ASSERT((kStringEncodingMask & kOneByteStringTag) != 0);
2135 2136
    STATIC_ASSERT((kStringEncodingMask & kTwoByteStringTag) == 0);
    __ testb(rbx, Immediate(kStringEncodingMask));
2137
    __ j(zero, &two_byte_slice, Label::kNear);
2138
    __ AllocateOneByteSlicedString(rax, rbx, r14, &runtime);
2139
    __ jmp(&set_slice_header, Label::kNear);
2140
    __ bind(&two_byte_slice);
2141
    __ AllocateTwoByteSlicedString(rax, rbx, r14, &runtime);
2142 2143
    __ bind(&set_slice_header);
    __ Integer32ToSmi(rcx, rcx);
2144 2145
    __ movp(FieldOperand(rax, SlicedString::kLengthOffset), rcx);
    __ movp(FieldOperand(rax, SlicedString::kHashFieldOffset),
2146
           Immediate(String::kEmptyHashField));
2147 2148
    __ movp(FieldOperand(rax, SlicedString::kParentOffset), rdi);
    __ movp(FieldOperand(rax, SlicedString::kOffsetOffset), rdx);
2149
    __ IncrementCounter(counters->sub_string_native(), 1);
2150
    __ ret(3 * kPointerSize);
2151 2152 2153

    __ bind(&copy_routine);
  }
2154

2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168
  // rdi: underlying subject string
  // rbx: instance type of underlying subject string
  // rdx: adjusted start index (smi)
  // rcx: length
  // The subject string can only be external or sequential string of either
  // encoding at this point.
  Label two_byte_sequential, sequential_string;
  STATIC_ASSERT(kExternalStringTag != 0);
  STATIC_ASSERT(kSeqStringTag == 0);
  __ testb(rbx, Immediate(kExternalStringTag));
  __ j(zero, &sequential_string);

  // Handle external string.
  // Rule out short external strings.
2169
  STATIC_ASSERT(kShortExternalStringTag != 0);
2170 2171
  __ testb(rbx, Immediate(kShortExternalStringMask));
  __ j(not_zero, &runtime);
2172
  __ movp(rdi, FieldOperand(rdi, ExternalString::kResourceDataOffset));
2173
  // Move the pointer so that offset-wise, it looks like a sequential string.
2174
  STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
2175
  __ subp(rdi, Immediate(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
2176 2177

  __ bind(&sequential_string);
2178
  STATIC_ASSERT((kOneByteStringTag & kStringEncodingMask) != 0);
2179 2180
  __ testb(rbx, Immediate(kStringEncodingMask));
  __ j(zero, &two_byte_sequential);
2181 2182

  // Allocate the result.
2183
  __ AllocateOneByteString(rax, rcx, r11, r14, r15, &runtime);
2184 2185 2186

  // rax: result string
  // rcx: result string length
2187 2188
  {  // Locate character of sub string start.
    SmiIndex smi_as_index = masm->SmiToIndex(rdx, rdx, times_1);
2189
    __ leap(r14, Operand(rdi, smi_as_index.reg, smi_as_index.scale,
2190
                        SeqOneByteString::kHeaderSize - kHeapObjectTag));
2191
  }
2192
  // Locate first character of result.
2193
  __ leap(rdi, FieldOperand(rax, SeqOneByteString::kHeaderSize));
2194 2195 2196

  // rax: result string
  // rcx: result length
2197
  // r14: first character of result
2198
  // rsi: character of sub string start
2199 2200
  StringHelper::GenerateCopyCharacters(
      masm, rdi, r14, rcx, String::ONE_BYTE_ENCODING);
2201
  __ IncrementCounter(counters->sub_string_native(), 1);
2202
  __ ret(SUB_STRING_ARGUMENT_COUNT * kPointerSize);
2203

2204
  __ bind(&two_byte_sequential);
2205
  // Allocate the result.
2206
  __ AllocateTwoByteString(rax, rcx, r11, r14, r15, &runtime);
2207 2208 2209

  // rax: result string
  // rcx: result string length
2210 2211
  {  // Locate character of sub string start.
    SmiIndex smi_as_index = masm->SmiToIndex(rdx, rdx, times_2);
2212
    __ leap(r14, Operand(rdi, smi_as_index.reg, smi_as_index.scale,
2213
                        SeqOneByteString::kHeaderSize - kHeapObjectTag));
2214
  }
2215
  // Locate first character of result.
2216
  __ leap(rdi, FieldOperand(rax, SeqTwoByteString::kHeaderSize));
2217 2218 2219 2220

  // rax: result string
  // rcx: result length
  // rdi: first character of result
2221 2222 2223
  // r14: character of sub string start
  StringHelper::GenerateCopyCharacters(
      masm, rdi, r14, rcx, String::TWO_BYTE_ENCODING);
2224
  __ IncrementCounter(counters->sub_string_native(), 1);
2225
  __ ret(SUB_STRING_ARGUMENT_COUNT * kPointerSize);
2226 2227 2228

  // Just jump to runtime to create the sub string.
  __ bind(&runtime);
2229
  __ TailCallRuntime(Runtime::kSubString);
2230 2231 2232 2233 2234 2235

  __ bind(&single_char);
  // rax: string
  // rbx: instance type
  // rcx: sub string length (smi)
  // rdx: from index (smi)
2236
  StringCharAtGenerator generator(rax, rdx, rcx, rax, &runtime, &runtime,
2237
                                  &runtime, RECEIVER_IS_STRING);
2238
  generator.GenerateFast(masm);
2239
  __ ret(SUB_STRING_ARGUMENT_COUNT * kPointerSize);
2240
  generator.SkipSlow(masm, &runtime);
2241 2242
}

2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256
void ToStringStub::Generate(MacroAssembler* masm) {
  // The ToString stub takes one argument in rax.
  Label is_number;
  __ JumpIfSmi(rax, &is_number, Label::kNear);

  Label not_string;
  __ CmpObjectType(rax, FIRST_NONSTRING_TYPE, rdi);
  // rax: receiver
  // rdi: receiver map
  __ j(above_equal, &not_string, Label::kNear);
  __ Ret();
  __ bind(&not_string);

  Label not_heap_number;
2257
  __ CompareRoot(rdi, Heap::kHeapNumberMapRootIndex);
2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273
  __ j(not_equal, &not_heap_number, Label::kNear);
  __ bind(&is_number);
  NumberToStringStub stub(isolate());
  __ TailCallStub(&stub);
  __ bind(&not_heap_number);

  Label not_oddball;
  __ CmpInstanceType(rdi, ODDBALL_TYPE);
  __ j(not_equal, &not_oddball, Label::kNear);
  __ movp(rax, FieldOperand(rax, Oddball::kToStringOffset));
  __ Ret();
  __ bind(&not_oddball);

  __ PopReturnAddressTo(rcx);     // Pop return address.
  __ Push(rax);                   // Push argument.
  __ PushReturnAddressFrom(rcx);  // Push return address.
2274
  __ TailCallRuntime(Runtime::kToString);
2275 2276
}

2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312
void ToNameStub::Generate(MacroAssembler* masm) {
  // The ToName stub takes one argument in rax.
  Label is_number;
  __ JumpIfSmi(rax, &is_number, Label::kNear);

  Label not_name;
  STATIC_ASSERT(FIRST_NAME_TYPE == FIRST_TYPE);
  __ CmpObjectType(rax, LAST_NAME_TYPE, rdi);
  // rax: receiver
  // rdi: receiver map
  __ j(above, &not_name, Label::kNear);
  __ Ret();
  __ bind(&not_name);

  Label not_heap_number;
  __ CompareRoot(rdi, Heap::kHeapNumberMapRootIndex);
  __ j(not_equal, &not_heap_number, Label::kNear);
  __ bind(&is_number);
  NumberToStringStub stub(isolate());
  __ TailCallStub(&stub);
  __ bind(&not_heap_number);

  Label not_oddball;
  __ CmpInstanceType(rdi, ODDBALL_TYPE);
  __ j(not_equal, &not_oddball, Label::kNear);
  __ movp(rax, FieldOperand(rax, Oddball::kToStringOffset));
  __ Ret();
  __ bind(&not_oddball);

  __ PopReturnAddressTo(rcx);     // Pop return address.
  __ Push(rax);                   // Push argument.
  __ PushReturnAddressFrom(rcx);  // Push return address.
  __ TailCallRuntime(Runtime::kToName);
}


2313 2314 2315 2316 2317
void StringHelper::GenerateFlatOneByteStringEquals(MacroAssembler* masm,
                                                   Register left,
                                                   Register right,
                                                   Register scratch1,
                                                   Register scratch2) {
2318 2319 2320
  Register length = scratch1;

  // Compare lengths.
2321
  Label check_zero_length;
2322
  __ movp(length, FieldOperand(left, String::kLengthOffset));
2323
  __ SmiCompare(length, FieldOperand(right, String::kLengthOffset));
2324
  __ j(equal, &check_zero_length, Label::kNear);
2325 2326 2327 2328
  __ Move(rax, Smi::FromInt(NOT_EQUAL));
  __ ret(0);

  // Check if the length is zero.
2329
  Label compare_chars;
2330 2331 2332
  __ bind(&check_zero_length);
  STATIC_ASSERT(kSmiTag == 0);
  __ SmiTest(length);
2333
  __ j(not_zero, &compare_chars, Label::kNear);
2334 2335 2336 2337 2338
  __ Move(rax, Smi::FromInt(EQUAL));
  __ ret(0);

  // Compare characters.
  __ bind(&compare_chars);
2339
  Label strings_not_equal;
2340 2341
  GenerateOneByteCharsCompareLoop(masm, left, right, length, scratch2,
                                  &strings_not_equal, Label::kNear);
2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353

  // Characters are equal.
  __ Move(rax, Smi::FromInt(EQUAL));
  __ ret(0);

  // Characters are not equal.
  __ bind(&strings_not_equal);
  __ Move(rax, Smi::FromInt(NOT_EQUAL));
  __ ret(0);
}


2354
void StringHelper::GenerateCompareFlatOneByteStrings(
2355 2356
    MacroAssembler* masm, Register left, Register right, Register scratch1,
    Register scratch2, Register scratch3, Register scratch4) {
2357 2358 2359 2360 2361
  // Ensure that you can always subtract a string length from a non-negative
  // number (e.g. another length).
  STATIC_ASSERT(String::kMaxLength < 0x7fffffff);

  // Find minimum length and length difference.
2362 2363
  __ movp(scratch1, FieldOperand(left, String::kLengthOffset));
  __ movp(scratch4, scratch1);
2364 2365
  __ SmiSub(scratch4,
            scratch4,
2366
            FieldOperand(right, String::kLengthOffset));
2367 2368
  // Register scratch4 now holds left.length - right.length.
  const Register length_difference = scratch4;
2369 2370
  Label left_shorter;
  __ j(less, &left_shorter, Label::kNear);
2371 2372 2373
  // The right string isn't longer that the left one.
  // Get the right string's length by subtracting the (non-negative) difference
  // from the left string's length.
2374
  __ SmiSub(scratch1, scratch1, length_difference);
2375 2376 2377 2378
  __ bind(&left_shorter);
  // Register scratch1 now holds Min(left.length, right.length).
  const Register min_length = scratch1;

2379
  Label compare_lengths;
2380 2381
  // If min-length is zero, go directly to comparing lengths.
  __ SmiTest(min_length);
2382
  __ j(zero, &compare_lengths, Label::kNear);
2383

2384
  // Compare loop.
2385
  Label result_not_equal;
2386 2387 2388 2389 2390
  GenerateOneByteCharsCompareLoop(
      masm, left, right, min_length, scratch2, &result_not_equal,
      // In debug-code mode, SmiTest below might push
      // the target label outside the near range.
      Label::kFar);
2391

2392 2393 2394 2395
  // Completed loop without finding different characters.
  // Compare lengths (precomputed).
  __ bind(&compare_lengths);
  __ SmiTest(length_difference);
2396 2397
  Label length_not_equal;
  __ j(not_zero, &length_not_equal, Label::kNear);
2398 2399 2400 2401 2402

  // Result is EQUAL.
  __ Move(rax, Smi::FromInt(EQUAL));
  __ ret(0);

2403
  Label result_greater;
2404 2405 2406 2407
  Label result_less;
  __ bind(&length_not_equal);
  __ j(greater, &result_greater, Label::kNear);
  __ jmp(&result_less, Label::kNear);
2408 2409
  __ bind(&result_not_equal);
  // Unequal comparison of left to right, either character or length.
2410 2411
  __ j(above, &result_greater, Label::kNear);
  __ bind(&result_less);
2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423

  // Result is LESS.
  __ Move(rax, Smi::FromInt(LESS));
  __ ret(0);

  // Result is GREATER.
  __ bind(&result_greater);
  __ Move(rax, Smi::FromInt(GREATER));
  __ ret(0);
}


2424
void StringHelper::GenerateOneByteCharsCompareLoop(
2425 2426
    MacroAssembler* masm, Register left, Register right, Register length,
    Register scratch, Label* chars_not_equal, Label::Distance near_jump) {
2427 2428 2429 2430
  // Change index to run from -length to -1 by adding length to string
  // start. This means that loop ends when index reaches zero, which
  // doesn't need an additional compare.
  __ SmiToInteger32(length, length);
2431
  __ leap(left,
2432
         FieldOperand(left, length, times_1, SeqOneByteString::kHeaderSize));
2433
  __ leap(right,
2434
         FieldOperand(right, length, times_1, SeqOneByteString::kHeaderSize));
2435
  __ negq(length);
2436 2437 2438
  Register index = length;  // index = -length;

  // Compare loop.
2439
  Label loop;
2440 2441 2442
  __ bind(&loop);
  __ movb(scratch, Operand(left, index, times_1, 0));
  __ cmpb(scratch, Operand(right, index, times_1, 0));
2443
  __ j(not_equal, chars_not_equal, near_jump);
2444
  __ incq(index);
2445 2446 2447 2448
  __ j(not_zero, &loop);
}


2449 2450 2451 2452 2453 2454 2455 2456 2457 2458
void BinaryOpICWithAllocationSiteStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
  //  -- rdx    : left
  //  -- rax    : right
  //  -- rsp[0] : return address
  // -----------------------------------

  // Load rcx with the allocation site.  We stick an undefined dummy value here
  // and replace it with the real allocation site later when we instantiate this
  // stub in BinaryOpICWithAllocationSiteStub::GetCodeCopyFromTemplate().
2459
  __ Move(rcx, isolate()->factory()->undefined_value());
2460 2461 2462 2463

  // Make sure that we actually patched the allocation site.
  if (FLAG_debug_code) {
    __ testb(rcx, Immediate(kSmiTagMask));
2464
    __ Assert(not_equal, kExpectedAllocationSite);
2465
    __ Cmp(FieldOperand(rcx, HeapObject::kMapOffset),
2466
           isolate()->factory()->allocation_site_map());
2467 2468 2469 2470 2471
    __ Assert(equal, kExpectedAllocationSite);
  }

  // Tail call into the stub that handles binary operations with allocation
  // sites.
2472
  BinaryOpWithAllocationSiteStub stub(isolate(), state());
2473 2474 2475 2476
  __ TailCallStub(&stub);
}


2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488
void CompareICStub::GenerateBooleans(MacroAssembler* masm) {
  DCHECK_EQ(CompareICState::BOOLEAN, state());
  Label miss;
  Label::Distance const miss_distance =
      masm->emit_debug_code() ? Label::kFar : Label::kNear;

  __ JumpIfSmi(rdx, &miss, miss_distance);
  __ movp(rcx, FieldOperand(rdx, HeapObject::kMapOffset));
  __ JumpIfSmi(rax, &miss, miss_distance);
  __ movp(rbx, FieldOperand(rax, HeapObject::kMapOffset));
  __ JumpIfNotRoot(rcx, Heap::kBooleanMapRootIndex, &miss, miss_distance);
  __ JumpIfNotRoot(rbx, Heap::kBooleanMapRootIndex, &miss, miss_distance);
2489 2490 2491 2492 2493 2494 2495 2496
  if (!Token::IsEqualityOp(op())) {
    __ movp(rax, FieldOperand(rax, Oddball::kToNumberOffset));
    __ AssertSmi(rax);
    __ movp(rdx, FieldOperand(rdx, Oddball::kToNumberOffset));
    __ AssertSmi(rdx);
    __ pushq(rax);
    __ movq(rax, rdx);
    __ popq(rdx);
2497
  }
2498 2499
  __ subp(rax, rdx);
  __ Ret();
2500 2501 2502 2503 2504 2505

  __ bind(&miss);
  GenerateMiss(masm);
}


2506
void CompareICStub::GenerateSmis(MacroAssembler* masm) {
2507
  DCHECK(state() == CompareICState::SMI);
2508 2509
  Label miss;
  __ JumpIfNotBothSmi(rdx, rax, &miss, Label::kNear);
2510 2511 2512

  if (GetCondition() == equal) {
    // For equality we do not care about the sign of the result.
2513
    __ subp(rax, rdx);
2514
  } else {
2515
    Label done;
2516
    __ subp(rdx, rax);
2517
    __ j(no_overflow, &done, Label::kNear);
2518
    // Correct sign of result in case of overflow.
2519
    __ notp(rdx);
2520
    __ bind(&done);
2521
    __ movp(rax, rdx);
2522 2523 2524 2525 2526
  }
  __ ret(0);

  __ bind(&miss);
  GenerateMiss(masm);
2527 2528 2529
}


2530
void CompareICStub::GenerateNumbers(MacroAssembler* masm) {
2531
  DCHECK(state() == CompareICState::NUMBER);
2532

2533
  Label generic_stub;
2534
  Label unordered, maybe_undefined1, maybe_undefined2;
2535
  Label miss;
2536

2537
  if (left() == CompareICState::SMI) {
2538 2539
    __ JumpIfNotSmi(rdx, &miss);
  }
2540
  if (right() == CompareICState::SMI) {
2541 2542 2543 2544 2545 2546
    __ JumpIfNotSmi(rax, &miss);
  }

  // Load left and right operand.
  Label done, left, left_smi, right_smi;
  __ JumpIfSmi(rax, &right_smi, Label::kNear);
2547
  __ CompareMap(rax, isolate()->factory()->heap_number_map());
2548
  __ j(not_equal, &maybe_undefined1, Label::kNear);
2549
  __ Movsd(xmm1, FieldOperand(rax, HeapNumber::kValueOffset));
2550 2551 2552
  __ jmp(&left, Label::kNear);
  __ bind(&right_smi);
  __ SmiToInteger32(rcx, rax);  // Can't clobber rax yet.
2553
  __ Cvtlsi2sd(xmm1, rcx);
2554 2555 2556

  __ bind(&left);
  __ JumpIfSmi(rdx, &left_smi, Label::kNear);
2557
  __ CompareMap(rdx, isolate()->factory()->heap_number_map());
2558
  __ j(not_equal, &maybe_undefined2, Label::kNear);
2559
  __ Movsd(xmm0, FieldOperand(rdx, HeapNumber::kValueOffset));
2560 2561 2562
  __ jmp(&done);
  __ bind(&left_smi);
  __ SmiToInteger32(rcx, rdx);  // Can't clobber rdx yet.
2563
  __ Cvtlsi2sd(xmm0, rcx);
2564

2565
  __ bind(&done);
2566
  // Compare operands
2567
  __ Ucomisd(xmm0, xmm1);
2568 2569

  // Don't base result on EFLAGS when a NaN is involved.
2570
  __ j(parity_even, &unordered, Label::kNear);
2571 2572 2573 2574 2575 2576

  // Return a result of -1, 0, or 1, based on EFLAGS.
  // Performing mov, because xor would destroy the flag register.
  __ movl(rax, Immediate(0));
  __ movl(rcx, Immediate(0));
  __ setcc(above, rax);  // Add one to zero if carry clear and not equal.
2577
  __ sbbp(rax, rcx);  // Subtract one if below (aka. carry set).
2578 2579 2580 2581
  __ ret(0);

  __ bind(&unordered);
  __ bind(&generic_stub);
2582
  CompareICStub stub(isolate(), op(), CompareICState::GENERIC,
2583
                     CompareICState::GENERIC, CompareICState::GENERIC);
2584
  __ jmp(stub.GetCode(), RelocInfo::CODE_TARGET);
2585

2586
  __ bind(&maybe_undefined1);
2587
  if (Token::IsOrderedRelationalCompareOp(op())) {
2588
    __ Cmp(rax, isolate()->factory()->undefined_value());
2589
    __ j(not_equal, &miss);
2590
    __ JumpIfSmi(rdx, &unordered);
2591 2592 2593 2594 2595 2596
    __ CmpObjectType(rdx, HEAP_NUMBER_TYPE, rcx);
    __ j(not_equal, &maybe_undefined2, Label::kNear);
    __ jmp(&unordered);
  }

  __ bind(&maybe_undefined2);
2597
  if (Token::IsOrderedRelationalCompareOp(op())) {
2598
    __ Cmp(rdx, isolate()->factory()->undefined_value());
2599 2600 2601
    __ j(equal, &unordered);
  }

2602 2603
  __ bind(&miss);
  GenerateMiss(masm);
2604 2605 2606
}


2607
void CompareICStub::GenerateInternalizedStrings(MacroAssembler* masm) {
2608
  DCHECK(state() == CompareICState::INTERNALIZED_STRING);
2609
  DCHECK(GetCondition() == equal);
2610 2611 2612 2613 2614 2615 2616 2617

  // Registers containing left and right operands respectively.
  Register left = rdx;
  Register right = rax;
  Register tmp1 = rcx;
  Register tmp2 = rbx;

  // Check that both operands are heap objects.
2618
  Label miss;
2619
  Condition cond = masm->CheckEitherSmi(left, right, tmp1);
2620
  __ j(cond, &miss, Label::kNear);
2621

2622
  // Check that both operands are internalized strings.
2623 2624
  __ movp(tmp1, FieldOperand(left, HeapObject::kMapOffset));
  __ movp(tmp2, FieldOperand(right, HeapObject::kMapOffset));
2625 2626
  __ movzxbp(tmp1, FieldOperand(tmp1, Map::kInstanceTypeOffset));
  __ movzxbp(tmp2, FieldOperand(tmp2, Map::kInstanceTypeOffset));
2627
  STATIC_ASSERT(kInternalizedTag == 0 && kStringTag == 0);
2628
  __ orp(tmp1, tmp2);
2629 2630
  __ testb(tmp1, Immediate(kIsNotStringMask | kIsNotInternalizedMask));
  __ j(not_zero, &miss, Label::kNear);
2631

2632
  // Internalized strings are compared by identity.
2633
  Label done;
2634
  __ cmpp(left, right);
2635 2636
  // Make sure rax is non-zero. At this point input operands are
  // guaranteed to be non-zero.
2637
  DCHECK(right.is(rax));
2638
  __ j(not_equal, &done, Label::kNear);
2639 2640 2641 2642 2643 2644
  STATIC_ASSERT(EQUAL == 0);
  STATIC_ASSERT(kSmiTag == 0);
  __ Move(rax, Smi::FromInt(EQUAL));
  __ bind(&done);
  __ ret(0);

2645 2646 2647 2648 2649
  __ bind(&miss);
  GenerateMiss(masm);
}


2650
void CompareICStub::GenerateUniqueNames(MacroAssembler* masm) {
2651
  DCHECK(state() == CompareICState::UNIQUE_NAME);
2652
  DCHECK(GetCondition() == equal);
2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666

  // Registers containing left and right operands respectively.
  Register left = rdx;
  Register right = rax;
  Register tmp1 = rcx;
  Register tmp2 = rbx;

  // Check that both operands are heap objects.
  Label miss;
  Condition cond = masm->CheckEitherSmi(left, right, tmp1);
  __ j(cond, &miss, Label::kNear);

  // Check that both operands are unique names. This leaves the instance
  // types loaded in tmp1 and tmp2.
2667 2668
  __ movp(tmp1, FieldOperand(left, HeapObject::kMapOffset));
  __ movp(tmp2, FieldOperand(right, HeapObject::kMapOffset));
2669 2670
  __ movzxbp(tmp1, FieldOperand(tmp1, Map::kInstanceTypeOffset));
  __ movzxbp(tmp2, FieldOperand(tmp2, Map::kInstanceTypeOffset));
2671

2672 2673
  __ JumpIfNotUniqueNameInstanceType(tmp1, &miss, Label::kNear);
  __ JumpIfNotUniqueNameInstanceType(tmp2, &miss, Label::kNear);
2674 2675 2676

  // Unique names are compared by identity.
  Label done;
2677
  __ cmpp(left, right);
2678 2679
  // Make sure rax is non-zero. At this point input operands are
  // guaranteed to be non-zero.
2680
  DCHECK(right.is(rax));
2681 2682 2683 2684 2685 2686 2687
  __ j(not_equal, &done, Label::kNear);
  STATIC_ASSERT(EQUAL == 0);
  STATIC_ASSERT(kSmiTag == 0);
  __ Move(rax, Smi::FromInt(EQUAL));
  __ bind(&done);
  __ ret(0);

2688 2689 2690 2691 2692
  __ bind(&miss);
  GenerateMiss(masm);
}


2693
void CompareICStub::GenerateStrings(MacroAssembler* masm) {
2694
  DCHECK(state() == CompareICState::STRING);
2695 2696
  Label miss;

2697
  bool equality = Token::IsEqualityOp(op());
2698

2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711
  // Registers containing left and right operands respectively.
  Register left = rdx;
  Register right = rax;
  Register tmp1 = rcx;
  Register tmp2 = rbx;
  Register tmp3 = rdi;

  // Check that both operands are heap objects.
  Condition cond = masm->CheckEitherSmi(left, right, tmp1);
  __ j(cond, &miss);

  // Check that both operands are strings. This leaves the instance
  // types loaded in tmp1 and tmp2.
2712 2713
  __ movp(tmp1, FieldOperand(left, HeapObject::kMapOffset));
  __ movp(tmp2, FieldOperand(right, HeapObject::kMapOffset));
2714 2715
  __ movzxbp(tmp1, FieldOperand(tmp1, Map::kInstanceTypeOffset));
  __ movzxbp(tmp2, FieldOperand(tmp2, Map::kInstanceTypeOffset));
2716
  __ movp(tmp3, tmp1);
2717
  STATIC_ASSERT(kNotStringTag != 0);
2718
  __ orp(tmp3, tmp2);
2719
  __ testb(tmp3, Immediate(kIsNotStringMask));
2720 2721 2722
  __ j(not_zero, &miss);

  // Fast check for identical strings.
2723
  Label not_same;
2724
  __ cmpp(left, right);
2725
  __ j(not_equal, &not_same, Label::kNear);
2726 2727 2728 2729 2730 2731 2732 2733
  STATIC_ASSERT(EQUAL == 0);
  STATIC_ASSERT(kSmiTag == 0);
  __ Move(rax, Smi::FromInt(EQUAL));
  __ ret(0);

  // Handle not identical strings.
  __ bind(&not_same);

2734
  // Check that both strings are internalized strings. If they are, we're done
2735 2736
  // because we already know they are not identical. We also know they are both
  // strings.
2737 2738
  if (equality) {
    Label do_compare;
2739
    STATIC_ASSERT(kInternalizedTag == 0);
2740
    __ orp(tmp1, tmp2);
2741 2742
    __ testb(tmp1, Immediate(kIsNotInternalizedMask));
    __ j(not_zero, &do_compare, Label::kNear);
2743 2744
    // Make sure rax is non-zero. At this point input operands are
    // guaranteed to be non-zero.
2745
    DCHECK(right.is(rax));
2746 2747 2748
    __ ret(0);
    __ bind(&do_compare);
  }
2749

2750
  // Check that both strings are sequential one-byte.
2751
  Label runtime;
2752
  __ JumpIfNotBothSequentialOneByteStrings(left, right, tmp1, tmp2, &runtime);
2753

2754
  // Compare flat one-byte strings. Returns when done.
2755
  if (equality) {
2756 2757
    StringHelper::GenerateFlatOneByteStringEquals(masm, left, right, tmp1,
                                                  tmp2);
2758
  } else {
2759 2760
    StringHelper::GenerateCompareFlatOneByteStrings(
        masm, left, right, tmp1, tmp2, tmp3, kScratchRegister);
2761
  }
2762 2763 2764

  // Handle more complex cases in runtime.
  __ bind(&runtime);
2765
  if (equality) {
2766 2767 2768 2769 2770 2771 2772 2773 2774
    {
      FrameScope scope(masm, StackFrame::INTERNAL);
      __ Push(left);
      __ Push(right);
      __ CallRuntime(Runtime::kStringEqual);
    }
    __ LoadRoot(rdx, Heap::kTrueValueRootIndex);
    __ subp(rax, rdx);
    __ Ret();
2775
  } else {
2776 2777 2778 2779
    __ PopReturnAddressTo(tmp1);
    __ Push(left);
    __ Push(right);
    __ PushReturnAddressFrom(tmp1);
2780
    __ TailCallRuntime(Runtime::kStringCompare);
2781
  }
2782 2783 2784 2785 2786 2787

  __ bind(&miss);
  GenerateMiss(masm);
}


2788 2789
void CompareICStub::GenerateReceivers(MacroAssembler* masm) {
  DCHECK_EQ(CompareICState::RECEIVER, state());
2790
  Label miss;
2791
  Condition either_smi = masm->CheckEitherSmi(rdx, rax);
2792
  __ j(either_smi, &miss, Label::kNear);
2793

2794 2795 2796 2797 2798
  STATIC_ASSERT(LAST_TYPE == LAST_JS_RECEIVER_TYPE);
  __ CmpObjectType(rax, FIRST_JS_RECEIVER_TYPE, rcx);
  __ j(below, &miss, Label::kNear);
  __ CmpObjectType(rdx, FIRST_JS_RECEIVER_TYPE, rcx);
  __ j(below, &miss, Label::kNear);
2799

2800
  DCHECK_EQ(equal, GetCondition());
2801
  __ subp(rax, rdx);
2802 2803 2804 2805
  __ ret(0);

  __ bind(&miss);
  GenerateMiss(masm);
2806 2807 2808
}


2809
void CompareICStub::GenerateKnownReceivers(MacroAssembler* masm) {
2810
  Label miss;
2811
  Handle<WeakCell> cell = Map::WeakCellForMap(known_map_);
2812 2813 2814
  Condition either_smi = masm->CheckEitherSmi(rdx, rax);
  __ j(either_smi, &miss, Label::kNear);

2815
  __ GetWeakValue(rdi, cell);
2816
  __ cmpp(FieldOperand(rdx, HeapObject::kMapOffset), rdi);
2817
  __ j(not_equal, &miss, Label::kNear);
2818
  __ cmpp(FieldOperand(rax, HeapObject::kMapOffset), rdi);
2819 2820
  __ j(not_equal, &miss, Label::kNear);

2821 2822 2823 2824 2825 2826 2827 2828 2829
  if (Token::IsEqualityOp(op())) {
    __ subp(rax, rdx);
    __ ret(0);
  } else {
    __ PopReturnAddressTo(rcx);
    __ Push(rdx);
    __ Push(rax);
    __ Push(Smi::FromInt(NegativeComparisonResult(GetCondition())));
    __ PushReturnAddressFrom(rcx);
2830
    __ TailCallRuntime(Runtime::kCompare);
2831
  }
2832 2833 2834 2835 2836

  __ bind(&miss);
  GenerateMiss(masm);
}

2837

2838
void CompareICStub::GenerateMiss(MacroAssembler* masm) {
2839
  {
2840
    // Call the runtime system in a fresh internal frame.
2841
    FrameScope scope(masm, StackFrame::INTERNAL);
2842 2843 2844 2845
    __ Push(rdx);
    __ Push(rax);
    __ Push(rdx);
    __ Push(rax);
2846
    __ Push(Smi::FromInt(op()));
2847
    __ CallRuntime(Runtime::kCompareIC_Miss);
2848

2849
    // Compute the entry point of the rewritten stub.
2850
    __ leap(rdi, FieldOperand(rax, Code::kHeaderSize));
2851 2852
    __ Pop(rax);
    __ Pop(rdx);
2853
  }
2854 2855 2856

  // Do a tail call to the rewritten stub.
  __ jmp(rdi);
2857 2858
}

2859

2860 2861 2862 2863 2864 2865
void NameDictionaryLookupStub::GenerateNegativeLookup(MacroAssembler* masm,
                                                      Label* miss,
                                                      Label* done,
                                                      Register properties,
                                                      Handle<Name> name,
                                                      Register r0) {
2866
  DCHECK(name->IsUniqueName());
2867 2868 2869 2870
  // If names of slots in range from 1 to kProbes - 1 for the hash value are
  // not equal to the name and kProbes-th slot is not used (its name is the
  // undefined value), it guarantees the hash table doesn't contain the
  // property. It's true even if some slots represent deleted properties
2871
  // (their names are the hole value).
2872 2873 2874 2875 2876 2877 2878
  for (int i = 0; i < kInlinedProbes; i++) {
    // r0 points to properties hash.
    // Compute the masked index: (hash + i + i * i) & mask.
    Register index = r0;
    // Capacity is smi 2^n.
    __ SmiToInteger32(index, FieldOperand(properties, kCapacityOffset));
    __ decl(index);
2879
    __ andp(index,
2880
            Immediate(name->Hash() + NameDictionary::GetProbeOffset(i)));
2881 2882

    // Scale the index by multiplying by the entry size.
2883
    STATIC_ASSERT(NameDictionary::kEntrySize == 3);
2884
    __ leap(index, Operand(index, index, times_2, 0));  // index *= 3.
2885 2886 2887

    Register entity_name = r0;
    // Having undefined at this place means the name is not contained.
2888
    STATIC_ASSERT(kSmiTagSize == 1);
2889
    __ movp(entity_name, Operand(properties,
2890 2891 2892 2893 2894 2895 2896
                                 index,
                                 times_pointer_size,
                                 kElementsStartOffset - kHeapObjectTag));
    __ Cmp(entity_name, masm->isolate()->factory()->undefined_value());
    __ j(equal, done);

    // Stop if found the property.
2897
    __ Cmp(entity_name, Handle<Name>(name));
2898 2899
    __ j(equal, miss);

2900
    Label good;
2901 2902
    // Check for the hole and skip.
    __ CompareRoot(entity_name, Heap::kTheHoleValueRootIndex);
2903
    __ j(equal, &good, Label::kNear);
2904

2905
    // Check if the entry name is not a unique name.
2906
    __ movp(entity_name, FieldOperand(entity_name, HeapObject::kMapOffset));
2907 2908
    __ JumpIfNotUniqueNameInstanceType(
        FieldOperand(entity_name, Map::kInstanceTypeOffset), miss);
2909
    __ bind(&good);
2910 2911
  }

2912 2913
  NameDictionaryLookupStub stub(masm->isolate(), properties, r0, r0,
                                NEGATIVE_LOOKUP);
2914
  __ Push(Handle<Object>(name));
2915
  __ Push(Immediate(name->Hash()));
2916
  __ CallStub(&stub);
2917
  __ testp(r0, r0);
2918 2919 2920 2921 2922
  __ j(not_zero, miss);
  __ jmp(done);
}


2923
// Probe the name dictionary in the |elements| register. Jump to the
2924 2925 2926
// |done| label if a property with the given name is found leaving the
// index into the dictionary in |r1|. Jump to the |miss| label
// otherwise.
2927 2928 2929 2930 2931 2932 2933
void NameDictionaryLookupStub::GeneratePositiveLookup(MacroAssembler* masm,
                                                      Label* miss,
                                                      Label* done,
                                                      Register elements,
                                                      Register name,
                                                      Register r0,
                                                      Register r1) {
2934 2935 2936 2937
  DCHECK(!elements.is(r0));
  DCHECK(!elements.is(r1));
  DCHECK(!name.is(r0));
  DCHECK(!name.is(r1));
2938

2939
  __ AssertName(name);
2940 2941 2942 2943 2944 2945

  __ SmiToInteger32(r0, FieldOperand(elements, kCapacityOffset));
  __ decl(r0);

  for (int i = 0; i < kInlinedProbes; i++) {
    // Compute the masked index: (hash + i + i * i) & mask.
2946 2947
    __ movl(r1, FieldOperand(name, Name::kHashFieldOffset));
    __ shrl(r1, Immediate(Name::kHashShift));
2948
    if (i > 0) {
2949
      __ addl(r1, Immediate(NameDictionary::GetProbeOffset(i)));
2950
    }
2951
    __ andp(r1, r0);
2952 2953

    // Scale the index by multiplying by the entry size.
2954
    STATIC_ASSERT(NameDictionary::kEntrySize == 3);
2955
    __ leap(r1, Operand(r1, r1, times_2, 0));  // r1 = r1 * 3
2956 2957

    // Check if the key is identical to the name.
2958
    __ cmpp(name, Operand(elements, r1, times_pointer_size,
2959 2960 2961 2962
                          kElementsStartOffset - kHeapObjectTag));
    __ j(equal, done);
  }

2963 2964
  NameDictionaryLookupStub stub(masm->isolate(), elements, r0, r1,
                                POSITIVE_LOOKUP);
2965
  __ Push(name);
2966 2967
  __ movl(r0, FieldOperand(name, Name::kHashFieldOffset));
  __ shrl(r0, Immediate(Name::kHashShift));
2968
  __ Push(r0);
2969 2970
  __ CallStub(&stub);

2971
  __ testp(r0, r0);
2972 2973 2974 2975 2976
  __ j(zero, miss);
  __ jmp(done);
}


2977
void NameDictionaryLookupStub::Generate(MacroAssembler* masm) {
2978 2979
  // This stub overrides SometimesSetsUpAFrame() to return false.  That means
  // we cannot call anything that could cause a GC from this stub.
2980
  // Stack frame on entry:
2981 2982 2983
  //  rsp[0 * kPointerSize] : return address.
  //  rsp[1 * kPointerSize] : key's hash.
  //  rsp[2 * kPointerSize] : key.
2984
  // Registers:
2985
  //  dictionary_: NameDictionary to probe.
2986 2987 2988 2989 2990 2991 2992 2993
  //  result_: used as scratch.
  //  index_: will hold an index of entry if lookup is successful.
  //          might alias with result_.
  // Returns:
  //  result_ is zero if lookup failed, non zero otherwise.

  Label in_dictionary, maybe_in_dictionary, not_in_dictionary;

2994
  Register scratch = result();
2995

2996
  __ SmiToInteger32(scratch, FieldOperand(dictionary(), kCapacityOffset));
2997
  __ decl(scratch);
2998
  __ Push(scratch);
2999 3000 3001 3002 3003 3004

  // If names of slots in range from 1 to kProbes - 1 for the hash value are
  // not equal to the name and kProbes-th slot is not used (its name is the
  // undefined value), it guarantees the hash table doesn't contain the
  // property. It's true even if some slots represent deleted properties
  // (their names are the null value).
3005 3006
  StackArgumentsAccessor args(rsp, 2, ARGUMENTS_DONT_CONTAIN_RECEIVER,
                              kPointerSize);
3007 3008
  for (int i = kInlinedProbes; i < kTotalProbes; i++) {
    // Compute the masked index: (hash + i + i * i) & mask.
3009
    __ movp(scratch, args.GetArgumentOperand(1));
3010
    if (i > 0) {
3011
      __ addl(scratch, Immediate(NameDictionary::GetProbeOffset(i)));
3012
    }
3013
    __ andp(scratch, Operand(rsp, 0));
3014 3015

    // Scale the index by multiplying by the entry size.
3016
    STATIC_ASSERT(NameDictionary::kEntrySize == 3);
3017
    __ leap(index(), Operand(scratch, scratch, times_2, 0));  // index *= 3.
3018 3019

    // Having undefined at this place means the name is not contained.
3020
    __ movp(scratch, Operand(dictionary(), index(), times_pointer_size,
3021 3022
                             kElementsStartOffset - kHeapObjectTag));

3023
    __ Cmp(scratch, isolate()->factory()->undefined_value());
3024 3025 3026
    __ j(equal, &not_in_dictionary);

    // Stop if found the property.
3027
    __ cmpp(scratch, args.GetArgumentOperand(0));
3028 3029
    __ j(equal, &in_dictionary);

3030
    if (i != kTotalProbes - 1 && mode() == NEGATIVE_LOOKUP) {
3031 3032
      // If we hit a key that is not a unique name during negative
      // lookup we have to bailout as this key might be equal to the
3033 3034
      // key we are looking for.

3035
      // Check if the entry name is not a unique name.
3036
      __ movp(scratch, FieldOperand(scratch, HeapObject::kMapOffset));
3037 3038 3039
      __ JumpIfNotUniqueNameInstanceType(
          FieldOperand(scratch, Map::kInstanceTypeOffset),
          &maybe_in_dictionary);
3040 3041 3042 3043 3044 3045 3046
    }
  }

  __ bind(&maybe_in_dictionary);
  // If we are doing negative lookup then probing failure should be
  // treated as a lookup success. For positive lookup probing failure
  // should be treated as lookup failure.
3047
  if (mode() == POSITIVE_LOOKUP) {
3048
    __ movp(scratch, Immediate(0));
3049 3050 3051 3052 3053
    __ Drop(1);
    __ ret(2 * kPointerSize);
  }

  __ bind(&in_dictionary);
3054
  __ movp(scratch, Immediate(1));
3055 3056 3057 3058
  __ Drop(1);
  __ ret(2 * kPointerSize);

  __ bind(&not_in_dictionary);
3059
  __ movp(scratch, Immediate(0));
3060 3061 3062 3063 3064
  __ Drop(1);
  __ ret(2 * kPointerSize);
}


3065 3066
void StoreBufferOverflowStub::GenerateFixedRegStubsAheadOfTime(
    Isolate* isolate) {
3067
  StoreBufferOverflowStub stub1(isolate, kDontSaveFPRegs);
3068
  stub1.GetCode();
3069
  StoreBufferOverflowStub stub2(isolate, kSaveFPRegs);
3070
  stub2.GetCode();
3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089
}


// Takes the input in 3 registers: address_ value_ and object_.  A pointer to
// the value has just been written into the object, now this stub makes sure
// we keep the GC informed.  The word in the object where the value has been
// written is in the address register.
void RecordWriteStub::Generate(MacroAssembler* masm) {
  Label skip_to_incremental_noncompacting;
  Label skip_to_incremental_compacting;

  // The first two instructions are generated with labels so as to get the
  // offset fixed up correctly by the bind(Label*) call.  We patch it back and
  // forth between a compare instructions (a nop in this position) and the
  // real branch when we start and stop incremental heap marking.
  // See RecordWriteStub::Patch for details.
  __ jmp(&skip_to_incremental_noncompacting, Label::kNear);
  __ jmp(&skip_to_incremental_compacting, Label::kFar);

3090 3091
  if (remembered_set_action() == EMIT_REMEMBERED_SET) {
    __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
3092
                           MacroAssembler::kReturnAtEnd);
3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112
  } else {
    __ ret(0);
  }

  __ bind(&skip_to_incremental_noncompacting);
  GenerateIncremental(masm, INCREMENTAL);

  __ bind(&skip_to_incremental_compacting);
  GenerateIncremental(masm, INCREMENTAL_COMPACTION);

  // Initial mode of the stub is expected to be STORE_BUFFER_ONLY.
  // Will be checked in IncrementalMarking::ActivateGeneratedStub.
  masm->set_byte_at(0, kTwoByteNopInstruction);
  masm->set_byte_at(2, kFiveByteNopInstruction);
}


void RecordWriteStub::GenerateIncremental(MacroAssembler* masm, Mode mode) {
  regs_.Save(masm);

3113
  if (remembered_set_action() == EMIT_REMEMBERED_SET) {
3114 3115
    Label dont_need_remembered_set;

3116
    __ movp(regs_.scratch0(), Operand(regs_.address(), 0));
3117 3118 3119 3120
    __ JumpIfNotInNewSpace(regs_.scratch0(),
                           regs_.scratch0(),
                           &dont_need_remembered_set);

ulan's avatar
ulan committed
3121 3122
    __ JumpIfInNewSpace(regs_.object(), regs_.scratch0(),
                        &dont_need_remembered_set);
3123 3124 3125 3126 3127

    // First notify the incremental marker if necessary, then update the
    // remembered set.
    CheckNeedsToInformIncrementalMarker(
        masm, kUpdateRememberedSetOnNoNeedToInformIncrementalMarker, mode);
3128
    InformIncrementalMarker(masm);
3129
    regs_.Restore(masm);
3130
    __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
3131
                           MacroAssembler::kReturnAtEnd);
3132 3133 3134 3135 3136 3137

    __ bind(&dont_need_remembered_set);
  }

  CheckNeedsToInformIncrementalMarker(
      masm, kReturnOnNoNeedToInformIncrementalMarker, mode);
3138
  InformIncrementalMarker(masm);
3139 3140 3141 3142 3143
  regs_.Restore(masm);
  __ ret(0);
}


3144
void RecordWriteStub::InformIncrementalMarker(MacroAssembler* masm) {
3145
  regs_.SaveCallerSaveRegisters(masm, save_fp_regs_mode());
3146
  Register address =
3147
      arg_reg_1.is(regs_.address()) ? kScratchRegister : regs_.address();
3148 3149
  DCHECK(!address.is(regs_.object()));
  DCHECK(!address.is(arg_reg_1));
3150
  __ Move(address, regs_.address());
3151
  __ Move(arg_reg_1, regs_.object());
3152
  // TODO(gc) Can we just set address arg2 in the beginning?
3153 3154
  __ Move(arg_reg_2, address);
  __ LoadAddress(arg_reg_3,
3155
                 ExternalReference::isolate_address(isolate()));
3156 3157 3158 3159
  int argument_count = 3;

  AllowExternalCallThatCantCauseGC scope(masm);
  __ PrepareCallCFunction(argument_count);
3160
  __ CallCFunction(
3161
      ExternalReference::incremental_marking_record_write_function(isolate()),
3162
      argument_count);
3163
  regs_.RestoreCallerSaveRegisters(masm, save_fp_regs_mode());
3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174
}


void RecordWriteStub::CheckNeedsToInformIncrementalMarker(
    MacroAssembler* masm,
    OnNoNeedToInformIncrementalMarker on_no_need,
    Mode mode) {
  Label on_black;
  Label need_incremental;
  Label need_incremental_pop_object;

3175
  __ movp(regs_.scratch0(), Immediate(~Page::kPageAlignmentMask));
3176
  __ andp(regs_.scratch0(), regs_.object());
3177
  __ movp(regs_.scratch1(),
3178 3179
         Operand(regs_.scratch0(),
                 MemoryChunk::kWriteBarrierCounterOffset));
3180
  __ subp(regs_.scratch1(), Immediate(1));
3181
  __ movp(Operand(regs_.scratch0(),
3182 3183 3184 3185
                 MemoryChunk::kWriteBarrierCounterOffset),
         regs_.scratch1());
  __ j(negative, &need_incremental);

3186 3187 3188 3189 3190 3191 3192 3193 3194 3195
  // Let's look at the color of the object:  If it is not black we don't have
  // to inform the incremental marker.
  __ JumpIfBlack(regs_.object(),
                 regs_.scratch0(),
                 regs_.scratch1(),
                 &on_black,
                 Label::kNear);

  regs_.Restore(masm);
  if (on_no_need == kUpdateRememberedSetOnNoNeedToInformIncrementalMarker) {
3196
    __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
3197
                           MacroAssembler::kReturnAtEnd);
3198 3199 3200 3201 3202 3203 3204
  } else {
    __ ret(0);
  }

  __ bind(&on_black);

  // Get the value from the slot.
3205
  __ movp(regs_.scratch0(), Operand(regs_.address(), 0));
3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227

  if (mode == INCREMENTAL_COMPACTION) {
    Label ensure_not_white;

    __ CheckPageFlag(regs_.scratch0(),  // Contains value.
                     regs_.scratch1(),  // Scratch.
                     MemoryChunk::kEvacuationCandidateMask,
                     zero,
                     &ensure_not_white,
                     Label::kNear);

    __ CheckPageFlag(regs_.object(),
                     regs_.scratch1(),  // Scratch.
                     MemoryChunk::kSkipEvacuationSlotsRecordingMask,
                     zero,
                     &need_incremental);

    __ bind(&ensure_not_white);
  }

  // We need an extra register for this, so we push the object register
  // temporarily.
3228
  __ Push(regs_.object());
hpayer's avatar
hpayer committed
3229 3230 3231 3232
  __ JumpIfWhite(regs_.scratch0(),  // The value.
                 regs_.scratch1(),  // Scratch.
                 regs_.object(),    // Scratch.
                 &need_incremental_pop_object, Label::kNear);
3233
  __ Pop(regs_.object());
3234 3235 3236

  regs_.Restore(masm);
  if (on_no_need == kUpdateRememberedSetOnNoNeedToInformIncrementalMarker) {
3237
    __ RememberedSetHelper(object(), address(), value(), save_fp_regs_mode(),
3238
                           MacroAssembler::kReturnAtEnd);
3239 3240 3241 3242 3243
  } else {
    __ ret(0);
  }

  __ bind(&need_incremental_pop_object);
3244
  __ Pop(regs_.object());
3245 3246 3247 3248 3249 3250

  __ bind(&need_incremental);

  // Fall through when we need to inform the incremental marker.
}

3251

3252
void StubFailureTrampolineStub::Generate(MacroAssembler* masm) {
3253
  CEntryStub ces(isolate(), 1, kSaveFPRegs);
3254
  __ Call(ces.GetCode(), RelocInfo::CODE_TARGET);
3255
  int parameter_count_offset =
3256
      StubFailureTrampolineFrameConstants::kArgumentsLengthOffset;
3257
  __ movp(rbx, MemOperand(rbp, parameter_count_offset));
3258
  masm->LeaveFrame(StackFrame::STUB_FAILURE_TRAMPOLINE);
3259
  __ PopReturnAddressTo(rcx);
3260 3261
  int additional_offset =
      function_mode() == JS_FUNCTION_STUB_MODE ? kPointerSize : 0;
3262
  __ leap(rsp, MemOperand(rsp, rbx, times_pointer_size, additional_offset));
3263
  __ jmp(rcx);  // Return to IC Miss stub, continuation still on stack.
3264 3265 3266
}


3267
void LoadICTrampolineStub::Generate(MacroAssembler* masm) {
3268
  __ EmitLoadTypeFeedbackVector(LoadWithVectorDescriptor::VectorRegister());
ishell's avatar
ishell committed
3269
  LoadICStub stub(isolate());
3270
  stub.GenerateForTrampoline(masm);
3271 3272 3273 3274
}


void KeyedLoadICTrampolineStub::Generate(MacroAssembler* masm) {
3275
  __ EmitLoadTypeFeedbackVector(LoadWithVectorDescriptor::VectorRegister());
ishell's avatar
ishell committed
3276
  KeyedLoadICStub stub(isolate());
3277 3278 3279 3280
  stub.GenerateForTrampoline(masm);
}


3281 3282 3283 3284
static void HandleArrayCases(MacroAssembler* masm, Register feedback,
                             Register receiver_map, Register scratch1,
                             Register scratch2, Register scratch3,
                             bool is_polymorphic, Label* miss) {
3285 3286 3287 3288
  // feedback initially contains the feedback array
  Label next_loop, prepare_next;
  Label start_polymorphic;

3289 3290 3291
  Register counter = scratch1;
  Register length = scratch2;
  Register cached_map = scratch3;
3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334

  __ movp(cached_map, FieldOperand(feedback, FixedArray::OffsetOfElementAt(0)));
  __ cmpp(receiver_map, FieldOperand(cached_map, WeakCell::kValueOffset));
  __ j(not_equal, &start_polymorphic);

  // found, now call handler.
  Register handler = feedback;
  __ movp(handler, FieldOperand(feedback, FixedArray::OffsetOfElementAt(1)));
  __ leap(handler, FieldOperand(handler, Code::kHeaderSize));
  __ jmp(handler);

  // Polymorphic, we have to loop from 2 to N
  __ bind(&start_polymorphic);
  __ SmiToInteger32(length, FieldOperand(feedback, FixedArray::kLengthOffset));
  if (!is_polymorphic) {
    // If the IC could be monomorphic we have to make sure we don't go past the
    // end of the feedback array.
    __ cmpl(length, Immediate(2));
    __ j(equal, miss);
  }
  __ movl(counter, Immediate(2));

  __ bind(&next_loop);
  __ movp(cached_map, FieldOperand(feedback, counter, times_pointer_size,
                                   FixedArray::kHeaderSize));
  __ cmpp(receiver_map, FieldOperand(cached_map, WeakCell::kValueOffset));
  __ j(not_equal, &prepare_next);
  __ movp(handler, FieldOperand(feedback, counter, times_pointer_size,
                                FixedArray::kHeaderSize + kPointerSize));
  __ leap(handler, FieldOperand(handler, Code::kHeaderSize));
  __ jmp(handler);

  __ bind(&prepare_next);
  __ addl(counter, Immediate(2));
  __ cmpl(counter, length);
  __ j(less, &next_loop);

  // We exhausted our array of map handler pairs.
  __ jmp(miss);
}


static void HandleMonomorphicCase(MacroAssembler* masm, Register receiver,
3335 3336 3337 3338 3339 3340
                                  Register receiver_map, Register feedback,
                                  Register vector, Register integer_slot,
                                  Label* compare_map, Label* load_smi_map,
                                  Label* try_array) {
  __ JumpIfSmi(receiver, load_smi_map);
  __ movp(receiver_map, FieldOperand(receiver, 0));
3341

3342 3343 3344 3345
  __ bind(compare_map);
  __ cmpp(receiver_map, FieldOperand(feedback, WeakCell::kValueOffset));
  __ j(not_equal, try_array);
  Register handler = feedback;
3346 3347 3348 3349 3350 3351 3352
  __ movp(handler, FieldOperand(vector, integer_slot, times_pointer_size,
                                FixedArray::kHeaderSize + kPointerSize));
  __ leap(handler, FieldOperand(handler, Code::kHeaderSize));
  __ jmp(handler);
}


3353
void LoadICStub::Generate(MacroAssembler* masm) { GenerateImpl(masm, false); }
3354 3355


3356
void LoadICStub::GenerateForTrampoline(MacroAssembler* masm) {
3357 3358 3359 3360
  GenerateImpl(masm, true);
}


3361 3362 3363 3364 3365
void LoadICStub::GenerateImpl(MacroAssembler* masm, bool in_frame) {
  Register receiver = LoadWithVectorDescriptor::ReceiverRegister();  // rdx
  Register name = LoadWithVectorDescriptor::NameRegister();          // rcx
  Register vector = LoadWithVectorDescriptor::VectorRegister();      // rbx
  Register slot = LoadWithVectorDescriptor::SlotRegister();          // rax
3366 3367
  Register feedback = rdi;
  Register integer_slot = r8;
3368
  Register receiver_map = r9;
3369 3370 3371 3372 3373

  __ SmiToInteger32(integer_slot, slot);
  __ movp(feedback, FieldOperand(vector, integer_slot, times_pointer_size,
                                 FixedArray::kHeaderSize));

3374 3375 3376 3377 3378 3379 3380
  // Try to quickly handle the monomorphic case without knowing for sure
  // if we have a weak cell in feedback. We do know it's safe to look
  // at WeakCell::kValueOffset.
  Label try_array, load_smi_map, compare_map;
  Label not_array, miss;
  HandleMonomorphicCase(masm, receiver, receiver_map, feedback, vector,
                        integer_slot, &compare_map, &load_smi_map, &try_array);
3381 3382 3383 3384 3385

  // Is it a fixed array?
  __ bind(&try_array);
  __ CompareRoot(FieldOperand(feedback, 0), Heap::kFixedArrayMapRootIndex);
  __ j(not_equal, &not_array);
3386 3387
  HandleArrayCases(masm, feedback, receiver_map, integer_slot, r11, r15, true,
                   &miss);
3388 3389 3390 3391

  __ bind(&not_array);
  __ CompareRoot(feedback, Heap::kmegamorphic_symbolRootIndex);
  __ j(not_equal, &miss);
3392 3393
  masm->isolate()->load_stub_cache()->GenerateProbe(masm, receiver, name,
                                                    feedback, no_reg);
3394 3395

  __ bind(&miss);
3396
  LoadIC::GenerateMiss(masm);
3397 3398 3399 3400

  __ bind(&load_smi_map);
  __ LoadRoot(receiver_map, Heap::kHeapNumberMapRootIndex);
  __ jmp(&compare_map);
3401 3402 3403
}


3404
void KeyedLoadICStub::Generate(MacroAssembler* masm) {
3405 3406 3407 3408
  GenerateImpl(masm, false);
}


3409
void KeyedLoadICStub::GenerateForTrampoline(MacroAssembler* masm) {
3410 3411 3412 3413
  GenerateImpl(masm, true);
}


3414 3415 3416 3417 3418
void KeyedLoadICStub::GenerateImpl(MacroAssembler* masm, bool in_frame) {
  Register receiver = LoadWithVectorDescriptor::ReceiverRegister();  // rdx
  Register key = LoadWithVectorDescriptor::NameRegister();           // rcx
  Register vector = LoadWithVectorDescriptor::VectorRegister();      // rbx
  Register slot = LoadWithVectorDescriptor::SlotRegister();          // rax
3419 3420
  Register feedback = rdi;
  Register integer_slot = r8;
3421
  Register receiver_map = r9;
3422 3423 3424 3425 3426

  __ SmiToInteger32(integer_slot, slot);
  __ movp(feedback, FieldOperand(vector, integer_slot, times_pointer_size,
                                 FixedArray::kHeaderSize));

3427 3428 3429 3430 3431 3432 3433
  // Try to quickly handle the monomorphic case without knowing for sure
  // if we have a weak cell in feedback. We do know it's safe to look
  // at WeakCell::kValueOffset.
  Label try_array, load_smi_map, compare_map;
  Label not_array, miss;
  HandleMonomorphicCase(masm, receiver, receiver_map, feedback, vector,
                        integer_slot, &compare_map, &load_smi_map, &try_array);
3434 3435 3436 3437 3438 3439

  __ bind(&try_array);
  // Is it a fixed array?
  __ CompareRoot(FieldOperand(feedback, 0), Heap::kFixedArrayMapRootIndex);
  __ j(not_equal, &not_array);

3440
  // We have a polymorphic element handler.
3441 3442
  Label polymorphic, try_poly_name;
  __ bind(&polymorphic);
3443 3444
  HandleArrayCases(masm, feedback, receiver_map, integer_slot, r11, r15, true,
                   &miss);
3445 3446 3447 3448 3449 3450

  __ bind(&not_array);
  // Is it generic?
  __ CompareRoot(feedback, Heap::kmegamorphic_symbolRootIndex);
  __ j(not_equal, &try_poly_name);
  Handle<Code> megamorphic_stub =
3451
      KeyedLoadIC::ChooseMegamorphicStub(masm->isolate(), GetExtraICState());
3452 3453 3454 3455 3456 3457 3458 3459 3460 3461
  __ jmp(megamorphic_stub, RelocInfo::CODE_TARGET);

  __ bind(&try_poly_name);
  // We might have a name in feedback, and a fixed array in the next slot.
  __ cmpp(key, feedback);
  __ j(not_equal, &miss);
  // If the name comparison succeeded, we know we have a fixed array with
  // at least one map/handler pair.
  __ movp(feedback, FieldOperand(vector, integer_slot, times_pointer_size,
                                 FixedArray::kHeaderSize + kPointerSize));
3462 3463
  HandleArrayCases(masm, feedback, receiver_map, integer_slot, r11, r15, false,
                   &miss);
3464 3465 3466

  __ bind(&miss);
  KeyedLoadIC::GenerateMiss(masm);
3467 3468 3469 3470

  __ bind(&load_smi_map);
  __ LoadRoot(receiver_map, Heap::kHeapNumberMapRootIndex);
  __ jmp(&compare_map);
3471 3472
}

3473
void StoreICTrampolineStub::Generate(MacroAssembler* masm) {
3474
  __ EmitLoadTypeFeedbackVector(StoreWithVectorDescriptor::VectorRegister());
3475
  StoreICStub stub(isolate(), state());
3476 3477 3478
  stub.GenerateForTrampoline(masm);
}

3479
void KeyedStoreICTrampolineStub::Generate(MacroAssembler* masm) {
3480
  __ EmitLoadTypeFeedbackVector(StoreWithVectorDescriptor::VectorRegister());
3481
  KeyedStoreICStub stub(isolate(), state());
3482 3483 3484
  stub.GenerateForTrampoline(masm);
}

3485
void StoreICStub::Generate(MacroAssembler* masm) { GenerateImpl(masm, false); }
3486

3487
void StoreICStub::GenerateForTrampoline(MacroAssembler* masm) {
3488 3489 3490
  GenerateImpl(masm, true);
}

3491
void StoreICStub::GenerateImpl(MacroAssembler* masm, bool in_frame) {
3492 3493 3494 3495 3496
  Register receiver = StoreWithVectorDescriptor::ReceiverRegister();  // rdx
  Register key = StoreWithVectorDescriptor::NameRegister();           // rcx
  Register vector = StoreWithVectorDescriptor::VectorRegister();      // rbx
  Register slot = StoreWithVectorDescriptor::SlotRegister();          // rdi
  DCHECK(StoreWithVectorDescriptor::ValueRegister().is(rax));         // rax
3497 3498 3499 3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523 3524
  Register feedback = r8;
  Register integer_slot = r9;
  Register receiver_map = r11;
  DCHECK(!AreAliased(feedback, integer_slot, vector, slot, receiver_map));

  __ SmiToInteger32(integer_slot, slot);
  __ movp(feedback, FieldOperand(vector, integer_slot, times_pointer_size,
                                 FixedArray::kHeaderSize));

  // Try to quickly handle the monomorphic case without knowing for sure
  // if we have a weak cell in feedback. We do know it's safe to look
  // at WeakCell::kValueOffset.
  Label try_array, load_smi_map, compare_map;
  Label not_array, miss;
  HandleMonomorphicCase(masm, receiver, receiver_map, feedback, vector,
                        integer_slot, &compare_map, &load_smi_map, &try_array);

  // Is it a fixed array?
  __ bind(&try_array);
  __ CompareRoot(FieldOperand(feedback, 0), Heap::kFixedArrayMapRootIndex);
  __ j(not_equal, &not_array);
  HandleArrayCases(masm, feedback, receiver_map, integer_slot, r14, r15, true,
                   &miss);

  __ bind(&not_array);
  __ CompareRoot(feedback, Heap::kmegamorphic_symbolRootIndex);
  __ j(not_equal, &miss);

3525 3526
  masm->isolate()->store_stub_cache()->GenerateProbe(masm, receiver, key,
                                                     feedback, no_reg);
3527 3528 3529

  __ bind(&miss);
  StoreIC::GenerateMiss(masm);
3530 3531 3532 3533

  __ bind(&load_smi_map);
  __ LoadRoot(receiver_map, Heap::kHeapNumberMapRootIndex);
  __ jmp(&compare_map);
3534 3535
}

3536
void KeyedStoreICStub::Generate(MacroAssembler* masm) {
3537 3538 3539
  GenerateImpl(masm, false);
}

3540
void KeyedStoreICStub::GenerateForTrampoline(MacroAssembler* masm) {
3541 3542 3543 3544
  GenerateImpl(masm, true);
}


3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596
static void HandlePolymorphicKeyedStoreCase(MacroAssembler* masm,
                                            Register receiver_map,
                                            Register feedback, Register scratch,
                                            Register scratch1,
                                            Register scratch2, Label* miss) {
  // feedback initially contains the feedback array
  Label next, next_loop, prepare_next;
  Label transition_call;

  Register cached_map = scratch;
  Register counter = scratch1;
  Register length = scratch2;

  // Polymorphic, we have to loop from 0 to N - 1
  __ movp(counter, Immediate(0));
  __ movp(length, FieldOperand(feedback, FixedArray::kLengthOffset));
  __ SmiToInteger32(length, length);

  __ bind(&next_loop);
  __ movp(cached_map, FieldOperand(feedback, counter, times_pointer_size,
                                   FixedArray::kHeaderSize));
  __ cmpp(receiver_map, FieldOperand(cached_map, WeakCell::kValueOffset));
  __ j(not_equal, &prepare_next);
  __ movp(cached_map, FieldOperand(feedback, counter, times_pointer_size,
                                   FixedArray::kHeaderSize + kPointerSize));
  __ CompareRoot(cached_map, Heap::kUndefinedValueRootIndex);
  __ j(not_equal, &transition_call);
  __ movp(feedback, FieldOperand(feedback, counter, times_pointer_size,
                                 FixedArray::kHeaderSize + 2 * kPointerSize));
  __ leap(feedback, FieldOperand(feedback, Code::kHeaderSize));
  __ jmp(feedback);

  __ bind(&transition_call);
  DCHECK(receiver_map.is(VectorStoreTransitionDescriptor::MapRegister()));
  __ movp(receiver_map, FieldOperand(cached_map, WeakCell::kValueOffset));
  // The weak cell may have been cleared.
  __ JumpIfSmi(receiver_map, miss);
  // Get the handler in value.
  __ movp(feedback, FieldOperand(feedback, counter, times_pointer_size,
                                 FixedArray::kHeaderSize + 2 * kPointerSize));
  __ leap(feedback, FieldOperand(feedback, Code::kHeaderSize));
  __ jmp(feedback);

  __ bind(&prepare_next);
  __ addl(counter, Immediate(3));
  __ cmpl(counter, length);
  __ j(less, &next_loop);

  // We exhausted our array of map handler pairs.
  __ jmp(miss);
}

3597
void KeyedStoreICStub::GenerateImpl(MacroAssembler* masm, bool in_frame) {
3598 3599 3600 3601 3602
  Register receiver = StoreWithVectorDescriptor::ReceiverRegister();  // rdx
  Register key = StoreWithVectorDescriptor::NameRegister();           // rcx
  Register vector = StoreWithVectorDescriptor::VectorRegister();      // rbx
  Register slot = StoreWithVectorDescriptor::SlotRegister();          // rdi
  DCHECK(StoreWithVectorDescriptor::ValueRegister().is(rax));         // rax
3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645
  Register feedback = r8;
  Register integer_slot = r9;
  Register receiver_map = r11;
  DCHECK(!AreAliased(feedback, integer_slot, vector, slot, receiver_map));

  __ SmiToInteger32(integer_slot, slot);
  __ movp(feedback, FieldOperand(vector, integer_slot, times_pointer_size,
                                 FixedArray::kHeaderSize));

  // Try to quickly handle the monomorphic case without knowing for sure
  // if we have a weak cell in feedback. We do know it's safe to look
  // at WeakCell::kValueOffset.
  Label try_array, load_smi_map, compare_map;
  Label not_array, miss;
  HandleMonomorphicCase(masm, receiver, receiver_map, feedback, vector,
                        integer_slot, &compare_map, &load_smi_map, &try_array);

  // Is it a fixed array?
  __ bind(&try_array);
  __ CompareRoot(FieldOperand(feedback, 0), Heap::kFixedArrayMapRootIndex);
  __ j(not_equal, &not_array);
  HandlePolymorphicKeyedStoreCase(masm, receiver_map, feedback, integer_slot,
                                  r15, r14, &miss);

  __ bind(&not_array);
  Label try_poly_name;
  __ CompareRoot(feedback, Heap::kmegamorphic_symbolRootIndex);
  __ j(not_equal, &try_poly_name);

  Handle<Code> megamorphic_stub =
      KeyedStoreIC::ChooseMegamorphicStub(masm->isolate(), GetExtraICState());
  __ jmp(megamorphic_stub, RelocInfo::CODE_TARGET);

  __ bind(&try_poly_name);
  // We might have a name in feedback, and a fixed array in the next slot.
  __ cmpp(key, feedback);
  __ j(not_equal, &miss);
  // If the name comparison succeeded, we know we have a fixed array with
  // at least one map/handler pair.
  __ movp(feedback, FieldOperand(vector, integer_slot, times_pointer_size,
                                 FixedArray::kHeaderSize + kPointerSize));
  HandleArrayCases(masm, feedback, receiver_map, integer_slot, r14, r15, false,
                   &miss);
3646 3647 3648

  __ bind(&miss);
  KeyedStoreIC::GenerateMiss(masm);
3649 3650 3651 3652

  __ bind(&load_smi_map);
  __ LoadRoot(receiver_map, Heap::kHeapNumberMapRootIndex);
  __ jmp(&compare_map);
3653 3654 3655
}


3656
void CallICTrampolineStub::Generate(MacroAssembler* masm) {
3657
  __ EmitLoadTypeFeedbackVector(rbx);
3658 3659 3660 3661 3662
  CallICStub stub(isolate(), state());
  __ jmp(stub.GetCode(), RelocInfo::CODE_TARGET);
}


3663
void ProfileEntryHookStub::MaybeCallEntryHook(MacroAssembler* masm) {
3664
  if (masm->isolate()->function_entry_hook() != NULL) {
3665
    ProfileEntryHookStub stub(masm->isolate());
3666 3667 3668 3669 3670 3671
    masm->CallStub(&stub);
  }
}


void ProfileEntryHookStub::Generate(MacroAssembler* masm) {
3672 3673 3674
  // This stub can be called from essentially anywhere, so it needs to save
  // all volatile and callee-save registers.
  const size_t kNumSavedRegisters = 2;
3675 3676
  __ pushq(arg_reg_1);
  __ pushq(arg_reg_2);
3677 3678

  // Calculate the original stack pointer and store it in the second arg.
3679
  __ leap(arg_reg_2,
3680
         Operand(rsp, kNumSavedRegisters * kRegisterSize + kPCOnStackSize));
3681 3682

  // Calculate the function address to the first arg.
3683
  __ movp(arg_reg_1, Operand(rsp, kNumSavedRegisters * kRegisterSize));
3684
  __ subp(arg_reg_1, Immediate(Assembler::kShortCallInstructionLength));
3685 3686 3687

  // Save the remainder of the volatile registers.
  masm->PushCallerSaved(kSaveFPRegs, arg_reg_1, arg_reg_2);
3688 3689

  // Call the entry hook function.
3690
  __ Move(rax, FUNCTION_ADDR(isolate()->function_entry_hook()),
3691
          Assembler::RelocInfoNone());
3692 3693 3694 3695 3696 3697 3698 3699

  AllowExternalCallThatCantCauseGC scope(masm);

  const int kArgumentCount = 2;
  __ PrepareCallCFunction(kArgumentCount);
  __ CallCFunction(rax, kArgumentCount);

  // Restore volatile regs.
3700
  masm->PopCallerSaved(kSaveFPRegs, arg_reg_1, arg_reg_2);
3701 3702
  __ popq(arg_reg_2);
  __ popq(arg_reg_1);
3703 3704 3705 3706

  __ Ret();
}

3707 3708

template<class T>
3709 3710 3711
static void CreateArrayDispatch(MacroAssembler* masm,
                                AllocationSiteOverrideMode mode) {
  if (mode == DISABLE_ALLOCATION_SITES) {
3712
    T stub(masm->isolate(), GetInitialFastElementsKind(), mode);
3713
    __ TailCallStub(&stub);
3714 3715 3716 3717 3718 3719 3720 3721
  } else if (mode == DONT_OVERRIDE) {
    int last_index = GetSequenceIndexFromFastElementsKind(
        TERMINAL_FAST_ELEMENTS_KIND);
    for (int i = 0; i <= last_index; ++i) {
      Label next;
      ElementsKind kind = GetFastElementsKindFromSequenceIndex(i);
      __ cmpl(rdx, Immediate(kind));
      __ j(not_equal, &next);
3722
      T stub(masm->isolate(), kind);
3723 3724 3725
      __ TailCallStub(&stub);
      __ bind(&next);
    }
3726

3727 3728 3729 3730 3731
    // If we reached this point there is a problem.
    __ Abort(kUnexpectedElementsKindInArrayConstructor);
  } else {
    UNREACHABLE();
  }
3732 3733 3734
}


3735 3736
static void CreateArrayDispatchOneArgument(MacroAssembler* masm,
                                           AllocationSiteOverrideMode mode) {
3737
  // rbx - allocation site (if mode != DISABLE_ALLOCATION_SITES)
3738
  // rdx - kind (if mode != DISABLE_ALLOCATION_SITES)
3739 3740
  // rax - number of arguments
  // rdi - constructor?
3741 3742
  // rsp[0] - return address
  // rsp[8] - last argument
3743 3744

  Label normal_sequence;
3745
  if (mode == DONT_OVERRIDE) {
3746 3747 3748 3749 3750 3751
    STATIC_ASSERT(FAST_SMI_ELEMENTS == 0);
    STATIC_ASSERT(FAST_HOLEY_SMI_ELEMENTS == 1);
    STATIC_ASSERT(FAST_ELEMENTS == 2);
    STATIC_ASSERT(FAST_HOLEY_ELEMENTS == 3);
    STATIC_ASSERT(FAST_DOUBLE_ELEMENTS == 4);
    STATIC_ASSERT(FAST_HOLEY_DOUBLE_ELEMENTS == 5);
3752 3753 3754 3755 3756

    // is the low bit set? If so, we are holey and that is good.
    __ testb(rdx, Immediate(1));
    __ j(not_zero, &normal_sequence);
  }
3757 3758

  // look at the first argument
3759
  StackArgumentsAccessor args(rsp, 1, ARGUMENTS_DONT_CONTAIN_RECEIVER);
3760
  __ movp(rcx, args.GetArgumentOperand(0));
3761
  __ testp(rcx, rcx);
3762 3763
  __ j(zero, &normal_sequence);

3764 3765 3766
  if (mode == DISABLE_ALLOCATION_SITES) {
    ElementsKind initial = GetInitialFastElementsKind();
    ElementsKind holey_initial = GetHoleyElementsKind(initial);
3767

3768 3769
    ArraySingleArgumentConstructorStub stub_holey(masm->isolate(),
                                                  holey_initial,
3770 3771
                                                  DISABLE_ALLOCATION_SITES);
    __ TailCallStub(&stub_holey);
3772

3773
    __ bind(&normal_sequence);
3774 3775
    ArraySingleArgumentConstructorStub stub(masm->isolate(),
                                            initial,
3776
                                            DISABLE_ALLOCATION_SITES);
3777
    __ TailCallStub(&stub);
3778 3779
  } else if (mode == DONT_OVERRIDE) {
    // We are going to create a holey array, but our kind is non-holey.
3780
    // Fix kind and retry (only if we have an allocation site in the slot).
3781
    __ incl(rdx);
3782

3783
    if (FLAG_debug_code) {
3784 3785
      Handle<Map> allocation_site_map =
          masm->isolate()->factory()->allocation_site_map();
3786 3787
      __ Cmp(FieldOperand(rbx, 0), allocation_site_map);
      __ Assert(equal, kExpectedAllocationSite);
3788
    }
3789

3790 3791 3792 3793
    // Save the resulting elements kind in type info. We can't just store r3
    // in the AllocationSite::transition_info field because elements kind is
    // restricted to a portion of the field...upper bits need to be left alone.
    STATIC_ASSERT(AllocationSite::ElementsKindBits::kShift == 0);
3794
    __ SmiAddConstant(FieldOperand(rbx, AllocationSite::kTransitionInfoOffset),
3795
                      Smi::FromInt(kFastElementsKindPackedToHoley));
3796 3797 3798 3799 3800 3801 3802 3803 3804

    __ bind(&normal_sequence);
    int last_index = GetSequenceIndexFromFastElementsKind(
        TERMINAL_FAST_ELEMENTS_KIND);
    for (int i = 0; i <= last_index; ++i) {
      Label next;
      ElementsKind kind = GetFastElementsKindFromSequenceIndex(i);
      __ cmpl(rdx, Immediate(kind));
      __ j(not_equal, &next);
3805
      ArraySingleArgumentConstructorStub stub(masm->isolate(), kind);
3806 3807 3808 3809 3810 3811 3812 3813 3814
      __ TailCallStub(&stub);
      __ bind(&next);
    }

    // If we reached this point there is a problem.
    __ Abort(kUnexpectedElementsKindInArrayConstructor);
  } else {
    UNREACHABLE();
  }
3815 3816 3817 3818 3819 3820 3821 3822 3823
}


template<class T>
static void ArrayConstructorStubAheadOfTimeHelper(Isolate* isolate) {
  int to_index = GetSequenceIndexFromFastElementsKind(
      TERMINAL_FAST_ELEMENTS_KIND);
  for (int i = 0; i <= to_index; ++i) {
    ElementsKind kind = GetFastElementsKindFromSequenceIndex(i);
3824
    T stub(isolate, kind);
3825
    stub.GetCode();
3826
    if (AllocationSite::GetMode(kind) != DONT_TRACK_ALLOCATION_SITE) {
3827
      T stub1(isolate, kind, DISABLE_ALLOCATION_SITES);
3828
      stub1.GetCode();
3829
    }
3830 3831 3832
  }
}

3833
void CommonArrayConstructorStub::GenerateStubsAheadOfTime(Isolate* isolate) {
3834 3835 3836 3837
  ArrayConstructorStubAheadOfTimeHelper<ArrayNoArgumentConstructorStub>(
      isolate);
  ArrayConstructorStubAheadOfTimeHelper<ArraySingleArgumentConstructorStub>(
      isolate);
3838 3839
  ArrayNArgumentsConstructorStub stub(isolate);
  stub.GetCode();
3840

3841 3842 3843
  ElementsKind kinds[2] = { FAST_ELEMENTS, FAST_HOLEY_ELEMENTS };
  for (int i = 0; i < 2; i++) {
    // For internal arrays we only need a few things
3844
    InternalArrayNoArgumentConstructorStub stubh1(isolate, kinds[i]);
3845
    stubh1.GetCode();
3846
    InternalArraySingleArgumentConstructorStub stubh2(isolate, kinds[i]);
3847
    stubh2.GetCode();
3848 3849 3850
  }
}

3851

3852 3853 3854
void ArrayConstructorStub::GenerateDispatchToArrayStub(
    MacroAssembler* masm,
    AllocationSiteOverrideMode mode) {
3855
  if (argument_count() == ANY) {
3856
    Label not_zero_case, not_one_case;
3857
    __ testp(rax, rax);
3858 3859 3860 3861 3862 3863 3864 3865 3866
    __ j(not_zero, &not_zero_case);
    CreateArrayDispatch<ArrayNoArgumentConstructorStub>(masm, mode);

    __ bind(&not_zero_case);
    __ cmpl(rax, Immediate(1));
    __ j(greater, &not_one_case);
    CreateArrayDispatchOneArgument(masm, mode);

    __ bind(&not_one_case);
3867 3868
    ArrayNArgumentsConstructorStub stub(masm->isolate());
    __ TailCallStub(&stub);
3869
  } else if (argument_count() == NONE) {
3870
    CreateArrayDispatch<ArrayNoArgumentConstructorStub>(masm, mode);
3871
  } else if (argument_count() == ONE) {
3872
    CreateArrayDispatchOneArgument(masm, mode);
3873
  } else if (argument_count() == MORE_THAN_ONE) {
3874 3875
    ArrayNArgumentsConstructorStub stub(masm->isolate());
    __ TailCallStub(&stub);
3876 3877 3878 3879 3880 3881
  } else {
    UNREACHABLE();
  }
}


3882 3883
void ArrayConstructorStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
3884
  //  -- rax    : argc
3885
  //  -- rbx    : AllocationSite or undefined
3886
  //  -- rdi    : constructor
3887
  //  -- rdx    : new target
3888
  //  -- rsp[0] : return address
3889
  //  -- rsp[8] : last argument
3890 3891 3892 3893 3894 3895
  // -----------------------------------
  if (FLAG_debug_code) {
    // The array construct code is only set for the global and natives
    // builtin Array functions which always have maps.

    // Initial map for the builtin Array function should be a map.
3896
    __ movp(rcx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
3897 3898 3899
    // Will both indicate a NULL and a Smi.
    STATIC_ASSERT(kSmiTag == 0);
    Condition not_smi = NegateCondition(masm->CheckSmi(rcx));
3900
    __ Check(not_smi, kUnexpectedInitialMapForArrayFunction);
3901
    __ CmpObjectType(rcx, MAP_TYPE, rcx);
3902
    __ Check(equal, kUnexpectedInitialMapForArrayFunction);
3903

3904 3905
    // We should either have undefined in rbx or a valid AllocationSite
    __ AssertUndefinedOrAllocationSite(rbx);
3906 3907
  }

3908 3909 3910
  // Enter the context of the Array function.
  __ movp(rsi, FieldOperand(rdi, JSFunction::kContextOffset));

dslomov's avatar
dslomov committed
3911 3912 3913 3914
  Label subclassing;
  __ cmpp(rdi, rdx);
  __ j(not_equal, &subclassing);

3915
  Label no_info;
3916 3917
  // If the feedback vector is the undefined value call an array constructor
  // that doesn't use AllocationSites.
3918
  __ CompareRoot(rbx, Heap::kUndefinedValueRootIndex);
3919
  __ j(equal, &no_info);
3920

3921
  // Only look at the lower 16 bits of the transition info.
3922
  __ movp(rdx, FieldOperand(rbx, AllocationSite::kTransitionInfoOffset));
3923
  __ SmiToInteger32(rdx, rdx);
3924
  STATIC_ASSERT(AllocationSite::ElementsKindBits::kShift == 0);
3925
  __ andp(rdx, Immediate(AllocationSite::ElementsKindBits::kMask));
3926
  GenerateDispatchToArrayStub(masm, DONT_OVERRIDE);
3927

3928 3929
  __ bind(&no_info);
  GenerateDispatchToArrayStub(masm, DISABLE_ALLOCATION_SITES);
dslomov's avatar
dslomov committed
3930

3931
  // Subclassing
dslomov's avatar
dslomov committed
3932
  __ bind(&subclassing);
3933 3934
  switch (argument_count()) {
    case ANY:
3935 3936 3937 3938
    case MORE_THAN_ONE: {
      StackArgumentsAccessor args(rsp, rax);
      __ movp(args.GetReceiverOperand(), rdi);
      __ addp(rax, Immediate(3));
3939
      break;
3940 3941 3942 3943 3944
    }
    case NONE: {
      StackArgumentsAccessor args(rsp, 0);
      __ movp(args.GetReceiverOperand(), rdi);
      __ Set(rax, 3);
3945
      break;
3946 3947 3948 3949 3950
    }
    case ONE: {
      StackArgumentsAccessor args(rsp, 1);
      __ movp(args.GetReceiverOperand(), rdi);
      __ Set(rax, 4);
3951
      break;
3952
    }
3953
  }
3954 3955 3956 3957
  __ PopReturnAddressTo(rcx);
  __ Push(rdx);
  __ Push(rbx);
  __ PushReturnAddressFrom(rcx);
3958
  __ JumpToExternalReference(ExternalReference(Runtime::kNewArray, isolate()));
3959 3960 3961
}


3962 3963 3964 3965 3966
void InternalArrayConstructorStub::GenerateCase(
    MacroAssembler* masm, ElementsKind kind) {
  Label not_zero_case, not_one_case;
  Label normal_sequence;

3967
  __ testp(rax, rax);
3968
  __ j(not_zero, &not_zero_case);
3969
  InternalArrayNoArgumentConstructorStub stub0(isolate(), kind);
3970 3971 3972 3973 3974 3975 3976 3977 3978
  __ TailCallStub(&stub0);

  __ bind(&not_zero_case);
  __ cmpl(rax, Immediate(1));
  __ j(greater, &not_one_case);

  if (IsFastPackedElementsKind(kind)) {
    // We might need to create a holey array
    // look at the first argument
3979
    StackArgumentsAccessor args(rsp, 1, ARGUMENTS_DONT_CONTAIN_RECEIVER);
3980
    __ movp(rcx, args.GetArgumentOperand(0));
3981
    __ testp(rcx, rcx);
3982 3983 3984
    __ j(zero, &normal_sequence);

    InternalArraySingleArgumentConstructorStub
3985
        stub1_holey(isolate(), GetHoleyElementsKind(kind));
3986 3987 3988 3989
    __ TailCallStub(&stub1_holey);
  }

  __ bind(&normal_sequence);
3990
  InternalArraySingleArgumentConstructorStub stub1(isolate(), kind);
3991 3992 3993
  __ TailCallStub(&stub1);

  __ bind(&not_one_case);
3994
  ArrayNArgumentsConstructorStub stubN(isolate());
3995 3996 3997 3998 3999 4000
  __ TailCallStub(&stubN);
}


void InternalArrayConstructorStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
4001 4002 4003 4004
  //  -- rax    : argc
  //  -- rdi    : constructor
  //  -- rsp[0] : return address
  //  -- rsp[8] : last argument
4005 4006 4007 4008 4009 4010 4011
  // -----------------------------------

  if (FLAG_debug_code) {
    // The array construct code is only set for the global and natives
    // builtin Array functions which always have maps.

    // Initial map for the builtin Array function should be a map.
4012
    __ movp(rcx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
4013 4014 4015
    // Will both indicate a NULL and a Smi.
    STATIC_ASSERT(kSmiTag == 0);
    Condition not_smi = NegateCondition(masm->CheckSmi(rcx));
4016
    __ Check(not_smi, kUnexpectedInitialMapForArrayFunction);
4017
    __ CmpObjectType(rcx, MAP_TYPE, rcx);
4018
    __ Check(equal, kUnexpectedInitialMapForArrayFunction);
4019 4020
  }

4021
  // Figure out the right elements kind
4022
  __ movp(rcx, FieldOperand(rdi, JSFunction::kPrototypeOrInitialMapOffset));
4023

4024 4025
  // Load the map's "bit field 2" into |result|. We only need the first byte,
  // but the following masking takes care of that anyway.
4026
  __ movzxbp(rcx, FieldOperand(rcx, Map::kBitField2Offset));
4027
  // Retrieve elements_kind from bit field 2.
4028
  __ DecodeField<Map::ElementsKindBits>(rcx);
4029

4030 4031
  if (FLAG_debug_code) {
    Label done;
4032
    __ cmpl(rcx, Immediate(FAST_ELEMENTS));
4033 4034 4035
    __ j(equal, &done);
    __ cmpl(rcx, Immediate(FAST_HOLEY_ELEMENTS));
    __ Assert(equal,
4036
              kInvalidElementsKindForInternalArrayOrInternalPackedArray);
4037 4038
    __ bind(&done);
  }
4039

4040 4041 4042 4043
  Label fast_elements_case;
  __ cmpl(rcx, Immediate(FAST_ELEMENTS));
  __ j(equal, &fast_elements_case);
  GenerateCase(masm, FAST_HOLEY_ELEMENTS);
4044

4045 4046
  __ bind(&fast_elements_case);
  GenerateCase(masm, FAST_ELEMENTS);
4047 4048 4049
}


4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083
void FastNewObjectStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
  //  -- rdi    : target
  //  -- rdx    : new target
  //  -- rsi    : context
  //  -- rsp[0] : return address
  // -----------------------------------
  __ AssertFunction(rdi);
  __ AssertReceiver(rdx);

  // Verify that the new target is a JSFunction.
  Label new_object;
  __ CmpObjectType(rdx, JS_FUNCTION_TYPE, rbx);
  __ j(not_equal, &new_object);

  // Load the initial map and verify that it's in fact a map.
  __ movp(rcx, FieldOperand(rdx, JSFunction::kPrototypeOrInitialMapOffset));
  __ JumpIfSmi(rcx, &new_object);
  __ CmpObjectType(rcx, MAP_TYPE, rbx);
  __ j(not_equal, &new_object);

  // Fall back to runtime if the target differs from the new target's
  // initial map constructor.
  __ cmpp(rdi, FieldOperand(rcx, Map::kConstructorOrBackPointerOffset));
  __ j(not_equal, &new_object);

  // Allocate the JSObject on the heap.
  Label allocate, done_allocate;
  __ movzxbl(rbx, FieldOperand(rcx, Map::kInstanceSizeOffset));
  __ leal(rbx, Operand(rbx, times_pointer_size, 0));
  __ Allocate(rbx, rax, rdi, no_reg, &allocate, NO_ALLOCATION_FLAGS);
  __ bind(&done_allocate);

  // Initialize the JSObject fields.
4084
  __ movp(FieldOperand(rax, JSObject::kMapOffset), rcx);
4085
  __ LoadRoot(rbx, Heap::kEmptyFixedArrayRootIndex);
4086 4087
  __ movp(FieldOperand(rax, JSObject::kPropertiesOffset), rbx);
  __ movp(FieldOperand(rax, JSObject::kElementsOffset), rbx);
4088
  STATIC_ASSERT(JSObject::kHeaderSize == 3 * kPointerSize);
4089
  __ leap(rbx, FieldOperand(rax, JSObject::kHeaderSize));
4090 4091

  // ----------- S t a t e -------------
4092
  //  -- rax    : result (tagged)
4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158 4159 4160
  //  -- rbx    : result fields (untagged)
  //  -- rdi    : result end (untagged)
  //  -- rcx    : initial map
  //  -- rsi    : context
  //  -- rsp[0] : return address
  // -----------------------------------

  // Perform in-object slack tracking if requested.
  Label slack_tracking;
  STATIC_ASSERT(Map::kNoSlackTracking == 0);
  __ LoadRoot(r11, Heap::kUndefinedValueRootIndex);
  __ testl(FieldOperand(rcx, Map::kBitField3Offset),
           Immediate(Map::ConstructionCounter::kMask));
  __ j(not_zero, &slack_tracking, Label::kNear);
  {
    // Initialize all in-object fields with undefined.
    __ InitializeFieldsWithFiller(rbx, rdi, r11);
    __ Ret();
  }
  __ bind(&slack_tracking);
  {
    // Decrease generous allocation count.
    STATIC_ASSERT(Map::ConstructionCounter::kNext == 32);
    __ subl(FieldOperand(rcx, Map::kBitField3Offset),
            Immediate(1 << Map::ConstructionCounter::kShift));

    // Initialize the in-object fields with undefined.
    __ movzxbl(rdx, FieldOperand(rcx, Map::kUnusedPropertyFieldsOffset));
    __ negp(rdx);
    __ leap(rdx, Operand(rdi, rdx, times_pointer_size, 0));
    __ InitializeFieldsWithFiller(rbx, rdx, r11);

    // Initialize the remaining (reserved) fields with one pointer filler map.
    __ LoadRoot(r11, Heap::kOnePointerFillerMapRootIndex);
    __ InitializeFieldsWithFiller(rdx, rdi, r11);

    // Check if we can finalize the instance size.
    Label finalize;
    STATIC_ASSERT(Map::kSlackTrackingCounterEnd == 1);
    __ testl(FieldOperand(rcx, Map::kBitField3Offset),
             Immediate(Map::ConstructionCounter::kMask));
    __ j(zero, &finalize, Label::kNear);
    __ Ret();

    // Finalize the instance size.
    __ bind(&finalize);
    {
      FrameScope scope(masm, StackFrame::INTERNAL);
      __ Push(rax);
      __ Push(rcx);
      __ CallRuntime(Runtime::kFinalizeInstanceSize);
      __ Pop(rax);
    }
    __ Ret();
  }

  // Fall back to %AllocateInNewSpace.
  __ bind(&allocate);
  {
    FrameScope scope(masm, StackFrame::INTERNAL);
    __ Integer32ToSmi(rbx, rbx);
    __ Push(rcx);
    __ Push(rbx);
    __ CallRuntime(Runtime::kAllocateInNewSpace);
    __ Pop(rcx);
  }
  __ movzxbl(rbx, FieldOperand(rcx, Map::kInstanceSizeOffset));
  __ leap(rdi, Operand(rax, rbx, times_pointer_size, 0));
4161 4162
  STATIC_ASSERT(kHeapObjectTag == 1);
  __ decp(rdi);  // Remove the tag from the end address.
4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174
  __ jmp(&done_allocate);

  // Fall back to %NewObject.
  __ bind(&new_object);
  __ PopReturnAddressTo(rcx);
  __ Push(rdi);
  __ Push(rdx);
  __ PushReturnAddressFrom(rcx);
  __ TailCallRuntime(Runtime::kNewObject);
}


4175 4176 4177 4178 4179 4180 4181 4182 4183
void FastNewRestParameterStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
  //  -- rdi    : function
  //  -- rsi    : context
  //  -- rbp    : frame pointer
  //  -- rsp[0] : return address
  // -----------------------------------
  __ AssertFunction(rdi);

4184 4185 4186 4187 4188
  // Make rdx point to the JavaScript frame.
  __ movp(rdx, rbp);
  if (skip_stub_frame()) {
    // For Ignition we need to skip the handler/stub frame to reach the
    // JavaScript frame for the function.
4189
    __ movp(rdx, Operand(rdx, StandardFrameConstants::kCallerFPOffset));
4190 4191 4192
  }
  if (FLAG_debug_code) {
    Label ok;
4193
    __ cmpp(rdi, Operand(rdx, StandardFrameConstants::kFunctionOffset));
4194 4195 4196
    __ j(equal, &ok);
    __ Abort(kInvalidFrameForFastNewRestArgumentsStub);
    __ bind(&ok);
4197 4198 4199 4200 4201 4202
  }

  // Check if we have rest parameters (only possible if we have an
  // arguments adaptor frame below the function frame).
  Label no_rest_parameters;
  __ movp(rbx, Operand(rdx, StandardFrameConstants::kCallerFPOffset));
4203
  __ Cmp(Operand(rbx, CommonFrameConstants::kContextOrFrameTypeOffset),
4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227
         Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
  __ j(not_equal, &no_rest_parameters, Label::kNear);

  // Check if the arguments adaptor frame contains more arguments than
  // specified by the function's internal formal parameter count.
  Label rest_parameters;
  __ movp(rcx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
  __ LoadSharedFunctionInfoSpecialField(
      rcx, rcx, SharedFunctionInfo::kFormalParameterCountOffset);
  __ SmiToInteger32(
      rax, Operand(rbx, ArgumentsAdaptorFrameConstants::kLengthOffset));
  __ subl(rax, rcx);
  __ j(greater, &rest_parameters);

  // Return an empty rest parameter array.
  __ bind(&no_rest_parameters);
  {
    // ----------- S t a t e -------------
    //  -- rsi    : context
    //  -- rsp[0] : return address
    // -----------------------------------

    // Allocate an empty rest parameter array.
    Label allocate, done_allocate;
4228
    __ Allocate(JSArray::kSize, rax, rdx, rcx, &allocate, NO_ALLOCATION_FLAGS);
4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258
    __ bind(&done_allocate);

    // Setup the rest parameter array in rax.
    __ LoadNativeContextSlot(Context::JS_ARRAY_FAST_ELEMENTS_MAP_INDEX, rcx);
    __ movp(FieldOperand(rax, JSArray::kMapOffset), rcx);
    __ LoadRoot(rcx, Heap::kEmptyFixedArrayRootIndex);
    __ movp(FieldOperand(rax, JSArray::kPropertiesOffset), rcx);
    __ movp(FieldOperand(rax, JSArray::kElementsOffset), rcx);
    __ movp(FieldOperand(rax, JSArray::kLengthOffset), Immediate(0));
    STATIC_ASSERT(JSArray::kSize == 4 * kPointerSize);
    __ Ret();

    // Fall back to %AllocateInNewSpace.
    __ bind(&allocate);
    {
      FrameScope scope(masm, StackFrame::INTERNAL);
      __ Push(Smi::FromInt(JSArray::kSize));
      __ CallRuntime(Runtime::kAllocateInNewSpace);
    }
    __ jmp(&done_allocate);
  }

  __ bind(&rest_parameters);
  {
    // Compute the pointer to the first rest parameter (skippping the receiver).
    __ leap(rbx, Operand(rbx, rax, times_pointer_size,
                         StandardFrameConstants::kCallerSPOffset -
                             1 * kPointerSize));

    // ----------- S t a t e -------------
4259
    //  -- rdi    : function
4260 4261 4262 4263 4264 4265 4266 4267 4268 4269
    //  -- rsi    : context
    //  -- rax    : number of rest parameters
    //  -- rbx    : pointer to first rest parameters
    //  -- rsp[0] : return address
    // -----------------------------------

    // Allocate space for the rest parameter array plus the backing store.
    Label allocate, done_allocate;
    __ leal(rcx, Operand(rax, times_pointer_size,
                         JSArray::kSize + FixedArray::kHeaderSize));
4270
    __ Allocate(rcx, rdx, r8, no_reg, &allocate, NO_ALLOCATION_FLAGS);
4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307
    __ bind(&done_allocate);

    // Compute the arguments.length in rdi.
    __ Integer32ToSmi(rdi, rax);

    // Setup the elements array in rdx.
    __ LoadRoot(rcx, Heap::kFixedArrayMapRootIndex);
    __ movp(FieldOperand(rdx, FixedArray::kMapOffset), rcx);
    __ movp(FieldOperand(rdx, FixedArray::kLengthOffset), rdi);
    {
      Label loop, done_loop;
      __ Set(rcx, 0);
      __ bind(&loop);
      __ cmpl(rcx, rax);
      __ j(equal, &done_loop, Label::kNear);
      __ movp(kScratchRegister, Operand(rbx, 0 * kPointerSize));
      __ movp(
          FieldOperand(rdx, rcx, times_pointer_size, FixedArray::kHeaderSize),
          kScratchRegister);
      __ subp(rbx, Immediate(1 * kPointerSize));
      __ addl(rcx, Immediate(1));
      __ jmp(&loop);
      __ bind(&done_loop);
    }

    // Setup the rest parameter array in rax.
    __ leap(rax,
            Operand(rdx, rax, times_pointer_size, FixedArray::kHeaderSize));
    __ LoadNativeContextSlot(Context::JS_ARRAY_FAST_ELEMENTS_MAP_INDEX, rcx);
    __ movp(FieldOperand(rax, JSArray::kMapOffset), rcx);
    __ LoadRoot(rcx, Heap::kEmptyFixedArrayRootIndex);
    __ movp(FieldOperand(rax, JSArray::kPropertiesOffset), rcx);
    __ movp(FieldOperand(rax, JSArray::kElementsOffset), rdx);
    __ movp(FieldOperand(rax, JSArray::kLengthOffset), rdi);
    STATIC_ASSERT(JSArray::kSize == 4 * kPointerSize);
    __ Ret();

4308 4309
    // Fall back to %AllocateInNewSpace (if not too big).
    Label too_big_for_new_space;
4310
    __ bind(&allocate);
4311
    __ cmpl(rcx, Immediate(kMaxRegularHeapObjectSize));
4312
    __ j(greater, &too_big_for_new_space);
4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326
    {
      FrameScope scope(masm, StackFrame::INTERNAL);
      __ Integer32ToSmi(rax, rax);
      __ Integer32ToSmi(rcx, rcx);
      __ Push(rax);
      __ Push(rbx);
      __ Push(rcx);
      __ CallRuntime(Runtime::kAllocateInNewSpace);
      __ movp(rdx, rax);
      __ Pop(rbx);
      __ Pop(rax);
      __ SmiToInteger32(rax, rax);
    }
    __ jmp(&done_allocate);
4327 4328 4329 4330 4331 4332 4333

    // Fall back to %NewRestParameter.
    __ bind(&too_big_for_new_space);
    __ PopReturnAddressTo(kScratchRegister);
    __ Push(rdi);
    __ PushReturnAddressFrom(kScratchRegister);
    __ TailCallRuntime(Runtime::kNewRestParameter);
4334 4335 4336 4337
  }
}


4338 4339 4340 4341 4342 4343 4344 4345 4346
void FastNewSloppyArgumentsStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
  //  -- rdi    : function
  //  -- rsi    : context
  //  -- rbp    : frame pointer
  //  -- rsp[0] : return address
  // -----------------------------------
  __ AssertFunction(rdi);

4347 4348 4349 4350 4351
  // Make r9 point to the JavaScript frame.
  __ movp(r9, rbp);
  if (skip_stub_frame()) {
    // For Ignition we need to skip the handler/stub frame to reach the
    // JavaScript frame for the function.
4352
    __ movp(r9, Operand(r9, StandardFrameConstants::kCallerFPOffset));
4353 4354 4355
  }
  if (FLAG_debug_code) {
    Label ok;
4356
    __ cmpp(rdi, Operand(r9, StandardFrameConstants::kFunctionOffset));
4357 4358 4359
    __ j(equal, &ok);
    __ Abort(kInvalidFrameForFastNewRestArgumentsStub);
    __ bind(&ok);
4360 4361
  }

4362 4363 4364 4365
  // TODO(bmeurer): Cleanup to match the FastNewStrictArgumentsStub.
  __ movp(rcx, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
  __ LoadSharedFunctionInfoSpecialField(
      rcx, rcx, SharedFunctionInfo::kFormalParameterCountOffset);
4366
  __ leap(rdx, Operand(r9, rcx, times_pointer_size,
4367 4368 4369 4370 4371 4372 4373
                       StandardFrameConstants::kCallerSPOffset));
  __ Integer32ToSmi(rcx, rcx);

  // rcx : number of parameters (tagged)
  // rdx : parameters pointer
  // rdi : function
  // rsp[0] : return address
4374
  // r9  : JavaScript frame pointer.
4375 4376 4377 4378 4379 4380 4381 4382 4383 4384
  // Registers used over the whole function:
  //  rbx: the mapped parameter count (untagged)
  //  rax: the allocated object (tagged).
  Factory* factory = isolate()->factory();

  __ SmiToInteger64(rbx, rcx);
  // rbx = parameter count (untagged)

  // Check if the calling frame is an arguments adaptor frame.
  Label adaptor_frame, try_allocate, runtime;
4385
  __ movp(rax, Operand(r9, StandardFrameConstants::kCallerFPOffset));
4386
  __ movp(r8, Operand(rax, CommonFrameConstants::kContextOrFrameTypeOffset));
4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427
  __ Cmp(r8, Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
  __ j(equal, &adaptor_frame);

  // No adaptor, parameter count = argument count.
  __ movp(r11, rbx);
  __ jmp(&try_allocate, Label::kNear);

  // We have an adaptor frame. Patch the parameters pointer.
  __ bind(&adaptor_frame);
  __ SmiToInteger64(
      r11, Operand(rax, ArgumentsAdaptorFrameConstants::kLengthOffset));
  __ leap(rdx, Operand(rax, r11, times_pointer_size,
                       StandardFrameConstants::kCallerSPOffset));

  // rbx = parameter count (untagged)
  // r11 = argument count (untagged)
  // Compute the mapped parameter count = min(rbx, r11) in rbx.
  __ cmpp(rbx, r11);
  __ j(less_equal, &try_allocate, Label::kNear);
  __ movp(rbx, r11);

  __ bind(&try_allocate);

  // Compute the sizes of backing store, parameter map, and arguments object.
  // 1. Parameter map, has 2 extra words containing context and backing store.
  const int kParameterMapHeaderSize =
      FixedArray::kHeaderSize + 2 * kPointerSize;
  Label no_parameter_map;
  __ xorp(r8, r8);
  __ testp(rbx, rbx);
  __ j(zero, &no_parameter_map, Label::kNear);
  __ leap(r8, Operand(rbx, times_pointer_size, kParameterMapHeaderSize));
  __ bind(&no_parameter_map);

  // 2. Backing store.
  __ leap(r8, Operand(r8, r11, times_pointer_size, FixedArray::kHeaderSize));

  // 3. Arguments object.
  __ addp(r8, Immediate(JSSloppyArgumentsObject::kSize));

  // Do the allocation of all three objects in one go.
4428
  __ Allocate(r8, rax, r9, no_reg, &runtime, NO_ALLOCATION_FLAGS);
4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571

  // rax = address of new object(s) (tagged)
  // r11 = argument count (untagged)
  // Get the arguments map from the current native context into r9.
  Label has_mapped_parameters, instantiate;
  __ movp(r9, NativeContextOperand());
  __ testp(rbx, rbx);
  __ j(not_zero, &has_mapped_parameters, Label::kNear);

  const int kIndex = Context::SLOPPY_ARGUMENTS_MAP_INDEX;
  __ movp(r9, Operand(r9, Context::SlotOffset(kIndex)));
  __ jmp(&instantiate, Label::kNear);

  const int kAliasedIndex = Context::FAST_ALIASED_ARGUMENTS_MAP_INDEX;
  __ bind(&has_mapped_parameters);
  __ movp(r9, Operand(r9, Context::SlotOffset(kAliasedIndex)));
  __ bind(&instantiate);

  // rax = address of new object (tagged)
  // rbx = mapped parameter count (untagged)
  // r11 = argument count (untagged)
  // r9 = address of arguments map (tagged)
  __ movp(FieldOperand(rax, JSObject::kMapOffset), r9);
  __ LoadRoot(kScratchRegister, Heap::kEmptyFixedArrayRootIndex);
  __ movp(FieldOperand(rax, JSObject::kPropertiesOffset), kScratchRegister);
  __ movp(FieldOperand(rax, JSObject::kElementsOffset), kScratchRegister);

  // Set up the callee in-object property.
  __ AssertNotSmi(rdi);
  __ movp(FieldOperand(rax, JSSloppyArgumentsObject::kCalleeOffset), rdi);

  // Use the length (smi tagged) and set that as an in-object property too.
  // Note: r11 is tagged from here on.
  __ Integer32ToSmi(r11, r11);
  __ movp(FieldOperand(rax, JSSloppyArgumentsObject::kLengthOffset), r11);

  // Set up the elements pointer in the allocated arguments object.
  // If we allocated a parameter map, rdi will point there, otherwise to the
  // backing store.
  __ leap(rdi, Operand(rax, JSSloppyArgumentsObject::kSize));
  __ movp(FieldOperand(rax, JSObject::kElementsOffset), rdi);

  // rax = address of new object (tagged)
  // rbx = mapped parameter count (untagged)
  // r11 = argument count (tagged)
  // rdi = address of parameter map or backing store (tagged)

  // Initialize parameter map. If there are no mapped arguments, we're done.
  Label skip_parameter_map;
  __ testp(rbx, rbx);
  __ j(zero, &skip_parameter_map);

  __ LoadRoot(kScratchRegister, Heap::kSloppyArgumentsElementsMapRootIndex);
  // rbx contains the untagged argument count. Add 2 and tag to write.
  __ movp(FieldOperand(rdi, FixedArray::kMapOffset), kScratchRegister);
  __ Integer64PlusConstantToSmi(r9, rbx, 2);
  __ movp(FieldOperand(rdi, FixedArray::kLengthOffset), r9);
  __ movp(FieldOperand(rdi, FixedArray::kHeaderSize + 0 * kPointerSize), rsi);
  __ leap(r9, Operand(rdi, rbx, times_pointer_size, kParameterMapHeaderSize));
  __ movp(FieldOperand(rdi, FixedArray::kHeaderSize + 1 * kPointerSize), r9);

  // Copy the parameter slots and the holes in the arguments.
  // We need to fill in mapped_parameter_count slots. They index the context,
  // where parameters are stored in reverse order, at
  //   MIN_CONTEXT_SLOTS .. MIN_CONTEXT_SLOTS+parameter_count-1
  // The mapped parameter thus need to get indices
  //   MIN_CONTEXT_SLOTS+parameter_count-1 ..
  //       MIN_CONTEXT_SLOTS+parameter_count-mapped_parameter_count
  // We loop from right to left.
  Label parameters_loop, parameters_test;

  // Load tagged parameter count into r9.
  __ Integer32ToSmi(r9, rbx);
  __ Move(r8, Smi::FromInt(Context::MIN_CONTEXT_SLOTS));
  __ addp(r8, rcx);
  __ subp(r8, r9);
  __ movp(rcx, rdi);
  __ leap(rdi, Operand(rdi, rbx, times_pointer_size, kParameterMapHeaderSize));
  __ SmiToInteger64(r9, r9);
  // r9 = loop variable (untagged)
  // r8 = mapping index (tagged)
  // rcx = address of parameter map (tagged)
  // rdi = address of backing store (tagged)
  __ jmp(&parameters_test, Label::kNear);

  __ bind(&parameters_loop);
  __ subp(r9, Immediate(1));
  __ LoadRoot(kScratchRegister, Heap::kTheHoleValueRootIndex);
  __ movp(FieldOperand(rcx, r9, times_pointer_size, kParameterMapHeaderSize),
          r8);
  __ movp(FieldOperand(rdi, r9, times_pointer_size, FixedArray::kHeaderSize),
          kScratchRegister);
  __ SmiAddConstant(r8, r8, Smi::FromInt(1));
  __ bind(&parameters_test);
  __ testp(r9, r9);
  __ j(not_zero, &parameters_loop, Label::kNear);

  __ bind(&skip_parameter_map);

  // r11 = argument count (tagged)
  // rdi = address of backing store (tagged)
  // Copy arguments header and remaining slots (if there are any).
  __ Move(FieldOperand(rdi, FixedArray::kMapOffset),
          factory->fixed_array_map());
  __ movp(FieldOperand(rdi, FixedArray::kLengthOffset), r11);

  Label arguments_loop, arguments_test;
  __ movp(r8, rbx);
  // Untag r11 for the loop below.
  __ SmiToInteger64(r11, r11);
  __ leap(kScratchRegister, Operand(r8, times_pointer_size, 0));
  __ subp(rdx, kScratchRegister);
  __ jmp(&arguments_test, Label::kNear);

  __ bind(&arguments_loop);
  __ subp(rdx, Immediate(kPointerSize));
  __ movp(r9, Operand(rdx, 0));
  __ movp(FieldOperand(rdi, r8,
                       times_pointer_size,
                       FixedArray::kHeaderSize),
          r9);
  __ addp(r8, Immediate(1));

  __ bind(&arguments_test);
  __ cmpp(r8, r11);
  __ j(less, &arguments_loop, Label::kNear);

  // Return.
  __ ret(0);

  // Do the runtime call to allocate the arguments object.
  // r11 = argument count (untagged)
  __ bind(&runtime);
  __ Integer32ToSmi(r11, r11);
  __ PopReturnAddressTo(rax);
  __ Push(rdi);  // Push function.
  __ Push(rdx);  // Push parameters pointer.
  __ Push(r11);  // Push parameter count.
  __ PushReturnAddressFrom(rax);
  __ TailCallRuntime(Runtime::kNewSloppyArguments);
}


4572 4573 4574 4575 4576 4577 4578 4579 4580
void FastNewStrictArgumentsStub::Generate(MacroAssembler* masm) {
  // ----------- S t a t e -------------
  //  -- rdi    : function
  //  -- rsi    : context
  //  -- rbp    : frame pointer
  //  -- rsp[0] : return address
  // -----------------------------------
  __ AssertFunction(rdi);

4581 4582 4583 4584 4585
  // Make rdx point to the JavaScript frame.
  __ movp(rdx, rbp);
  if (skip_stub_frame()) {
    // For Ignition we need to skip the handler/stub frame to reach the
    // JavaScript frame for the function.
4586
    __ movp(rdx, Operand(rdx, StandardFrameConstants::kCallerFPOffset));
4587 4588 4589
  }
  if (FLAG_debug_code) {
    Label ok;
4590
    __ cmpp(rdi, Operand(rdx, StandardFrameConstants::kFunctionOffset));
4591 4592 4593
    __ j(equal, &ok);
    __ Abort(kInvalidFrameForFastNewRestArgumentsStub);
    __ bind(&ok);
4594 4595 4596 4597 4598
  }

  // Check if we have an arguments adaptor frame below the function frame.
  Label arguments_adaptor, arguments_done;
  __ movp(rbx, Operand(rdx, StandardFrameConstants::kCallerFPOffset));
4599
  __ Cmp(Operand(rbx, CommonFrameConstants::kContextOrFrameTypeOffset),
4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623
         Smi::FromInt(StackFrame::ARGUMENTS_ADAPTOR));
  __ j(equal, &arguments_adaptor, Label::kNear);
  {
    __ movp(rax, FieldOperand(rdi, JSFunction::kSharedFunctionInfoOffset));
    __ LoadSharedFunctionInfoSpecialField(
        rax, rax, SharedFunctionInfo::kFormalParameterCountOffset);
    __ leap(rbx, Operand(rdx, rax, times_pointer_size,
                         StandardFrameConstants::kCallerSPOffset -
                             1 * kPointerSize));
  }
  __ jmp(&arguments_done, Label::kNear);
  __ bind(&arguments_adaptor);
  {
    __ SmiToInteger32(
        rax, Operand(rbx, ArgumentsAdaptorFrameConstants::kLengthOffset));
    __ leap(rbx, Operand(rbx, rax, times_pointer_size,
                         StandardFrameConstants::kCallerSPOffset -
                             1 * kPointerSize));
  }
  __ bind(&arguments_done);

  // ----------- S t a t e -------------
  //  -- rax    : number of arguments
  //  -- rbx    : pointer to the first argument
4624
  //  -- rdi    : function
4625 4626 4627 4628 4629 4630 4631 4632
  //  -- rsi    : context
  //  -- rsp[0] : return address
  // -----------------------------------

  // Allocate space for the strict arguments object plus the backing store.
  Label allocate, done_allocate;
  __ leal(rcx, Operand(rax, times_pointer_size, JSStrictArgumentsObject::kSize +
                                                    FixedArray::kHeaderSize));
4633
  __ Allocate(rcx, rdx, r8, no_reg, &allocate, NO_ALLOCATION_FLAGS);
4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670
  __ bind(&done_allocate);

  // Compute the arguments.length in rdi.
  __ Integer32ToSmi(rdi, rax);

  // Setup the elements array in rdx.
  __ LoadRoot(rcx, Heap::kFixedArrayMapRootIndex);
  __ movp(FieldOperand(rdx, FixedArray::kMapOffset), rcx);
  __ movp(FieldOperand(rdx, FixedArray::kLengthOffset), rdi);
  {
    Label loop, done_loop;
    __ Set(rcx, 0);
    __ bind(&loop);
    __ cmpl(rcx, rax);
    __ j(equal, &done_loop, Label::kNear);
    __ movp(kScratchRegister, Operand(rbx, 0 * kPointerSize));
    __ movp(
        FieldOperand(rdx, rcx, times_pointer_size, FixedArray::kHeaderSize),
        kScratchRegister);
    __ subp(rbx, Immediate(1 * kPointerSize));
    __ addl(rcx, Immediate(1));
    __ jmp(&loop);
    __ bind(&done_loop);
  }

  // Setup the strict arguments object in rax.
  __ leap(rax,
          Operand(rdx, rax, times_pointer_size, FixedArray::kHeaderSize));
  __ LoadNativeContextSlot(Context::STRICT_ARGUMENTS_MAP_INDEX, rcx);
  __ movp(FieldOperand(rax, JSStrictArgumentsObject::kMapOffset), rcx);
  __ LoadRoot(rcx, Heap::kEmptyFixedArrayRootIndex);
  __ movp(FieldOperand(rax, JSStrictArgumentsObject::kPropertiesOffset), rcx);
  __ movp(FieldOperand(rax, JSStrictArgumentsObject::kElementsOffset), rdx);
  __ movp(FieldOperand(rax, JSStrictArgumentsObject::kLengthOffset), rdi);
  STATIC_ASSERT(JSStrictArgumentsObject::kSize == 4 * kPointerSize);
  __ Ret();

4671 4672
  // Fall back to %AllocateInNewSpace (if not too big).
  Label too_big_for_new_space;
4673
  __ bind(&allocate);
4674
  __ cmpl(rcx, Immediate(kMaxRegularHeapObjectSize));
4675
  __ j(greater, &too_big_for_new_space);
4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689
  {
    FrameScope scope(masm, StackFrame::INTERNAL);
    __ Integer32ToSmi(rax, rax);
    __ Integer32ToSmi(rcx, rcx);
    __ Push(rax);
    __ Push(rbx);
    __ Push(rcx);
    __ CallRuntime(Runtime::kAllocateInNewSpace);
    __ movp(rdx, rax);
    __ Pop(rbx);
    __ Pop(rax);
    __ SmiToInteger32(rax, rax);
  }
  __ jmp(&done_allocate);
4690 4691 4692 4693 4694 4695 4696

  // Fall back to %NewStrictArguments.
  __ bind(&too_big_for_new_space);
  __ PopReturnAddressTo(kScratchRegister);
  __ Push(rdi);
  __ PushReturnAddressFrom(kScratchRegister);
  __ TailCallRuntime(Runtime::kNewStrictArguments);
4697 4698 4699
}


4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722
void StoreGlobalViaContextStub::Generate(MacroAssembler* masm) {
  Register context_reg = rsi;
  Register slot_reg = rbx;
  Register value_reg = rax;
  Register cell_reg = r8;
  Register cell_details_reg = rdx;
  Register cell_value_reg = r9;
  Label fast_heapobject_case, fast_smi_case, slow_case;

  if (FLAG_debug_code) {
    __ CompareRoot(value_reg, Heap::kTheHoleValueRootIndex);
    __ Check(not_equal, kUnexpectedValue);
  }

  // Go up context chain to the script context.
  for (int i = 0; i < depth(); ++i) {
    __ movp(rdi, ContextOperand(context_reg, Context::PREVIOUS_INDEX));
    context_reg = rdi;
  }

  // Load the PropertyCell at the specified slot.
  __ movp(cell_reg, ContextOperand(context_reg, slot_reg));

4723 4724
  // Load PropertyDetails for the cell (actually only the cell_type, kind and
  // READ_ONLY bit of attributes).
4725 4726 4727 4728
  __ SmiToInteger32(cell_details_reg,
                    FieldOperand(cell_reg, PropertyCell::kDetailsOffset));
  __ andl(cell_details_reg,
          Immediate(PropertyDetails::PropertyCellTypeField::kMask |
4729 4730
                    PropertyDetails::KindField::kMask |
                    PropertyDetails::kAttributesReadOnlyMask));
4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752

  // Check if PropertyCell holds mutable data.
  Label not_mutable_data;
  __ cmpl(cell_details_reg,
          Immediate(PropertyDetails::PropertyCellTypeField::encode(
                        PropertyCellType::kMutable) |
                    PropertyDetails::KindField::encode(kData)));
  __ j(not_equal, &not_mutable_data);
  __ JumpIfSmi(value_reg, &fast_smi_case);
  __ bind(&fast_heapobject_case);
  __ movp(FieldOperand(cell_reg, PropertyCell::kValueOffset), value_reg);
  __ RecordWriteField(cell_reg, PropertyCell::kValueOffset, value_reg,
                      cell_value_reg, kDontSaveFPRegs, EMIT_REMEMBERED_SET,
                      OMIT_SMI_CHECK);
  // RecordWriteField clobbers the value register, so we need to reload.
  __ movp(value_reg, FieldOperand(cell_reg, PropertyCell::kValueOffset));
  __ Ret();
  __ bind(&not_mutable_data);

  // Check if PropertyCell value matches the new value (relevant for Constant,
  // ConstantType and Undefined cells).
  Label not_same_value;
4753
  __ movp(cell_value_reg, FieldOperand(cell_reg, PropertyCell::kValueOffset));
4754 4755 4756
  __ cmpp(cell_value_reg, value_reg);
  __ j(not_equal, &not_same_value,
       FLAG_debug_code ? Label::kFar : Label::kNear);
4757 4758 4759 4760
  // Make sure the PropertyCell is not marked READ_ONLY.
  __ testl(cell_details_reg,
           Immediate(PropertyDetails::kAttributesReadOnlyMask));
  __ j(not_zero, &slow_case);
4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784
  if (FLAG_debug_code) {
    Label done;
    // This can only be true for Constant, ConstantType and Undefined cells,
    // because we never store the_hole via this stub.
    __ cmpl(cell_details_reg,
            Immediate(PropertyDetails::PropertyCellTypeField::encode(
                          PropertyCellType::kConstant) |
                      PropertyDetails::KindField::encode(kData)));
    __ j(equal, &done);
    __ cmpl(cell_details_reg,
            Immediate(PropertyDetails::PropertyCellTypeField::encode(
                          PropertyCellType::kConstantType) |
                      PropertyDetails::KindField::encode(kData)));
    __ j(equal, &done);
    __ cmpl(cell_details_reg,
            Immediate(PropertyDetails::PropertyCellTypeField::encode(
                          PropertyCellType::kUndefined) |
                      PropertyDetails::KindField::encode(kData)));
    __ Check(equal, kUnexpectedValue);
    __ bind(&done);
  }
  __ Ret();
  __ bind(&not_same_value);

4785 4786
  // Check if PropertyCell contains data with constant type (and is not
  // READ_ONLY).
4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818
  __ cmpl(cell_details_reg,
          Immediate(PropertyDetails::PropertyCellTypeField::encode(
                        PropertyCellType::kConstantType) |
                    PropertyDetails::KindField::encode(kData)));
  __ j(not_equal, &slow_case, Label::kNear);

  // Now either both old and new values must be SMIs or both must be heap
  // objects with same map.
  Label value_is_heap_object;
  __ JumpIfNotSmi(value_reg, &value_is_heap_object, Label::kNear);
  __ JumpIfNotSmi(cell_value_reg, &slow_case, Label::kNear);
  // Old and new values are SMIs, no need for a write barrier here.
  __ bind(&fast_smi_case);
  __ movp(FieldOperand(cell_reg, PropertyCell::kValueOffset), value_reg);
  __ Ret();
  __ bind(&value_is_heap_object);
  __ JumpIfSmi(cell_value_reg, &slow_case, Label::kNear);
  Register cell_value_map_reg = cell_value_reg;
  __ movp(cell_value_map_reg,
          FieldOperand(cell_value_reg, HeapObject::kMapOffset));
  __ cmpp(cell_value_map_reg, FieldOperand(value_reg, HeapObject::kMapOffset));
  __ j(equal, &fast_heapobject_case);

  // Fallback to the runtime.
  __ bind(&slow_case);
  __ Integer32ToSmi(slot_reg, slot_reg);
  __ PopReturnAddressTo(kScratchRegister);
  __ Push(slot_reg);
  __ Push(value_reg);
  __ Push(kScratchRegister);
  __ TailCallRuntime(is_strict(language_mode())
                         ? Runtime::kStoreGlobalViaContext_Strict
4819
                         : Runtime::kStoreGlobalViaContext_Sloppy);
4820 4821 4822
}


4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 4926 4927 4928 4929
static int Offset(ExternalReference ref0, ExternalReference ref1) {
  int64_t offset = (ref0.address() - ref1.address());
  // Check that fits into int.
  DCHECK(static_cast<int>(offset) == offset);
  return static_cast<int>(offset);
}


// Prepares stack to put arguments (aligns and so on).  WIN64 calling
// convention requires to put the pointer to the return value slot into
// rcx (rcx must be preserverd until CallApiFunctionAndReturn).  Saves
// context (rsi).  Clobbers rax.  Allocates arg_stack_space * kPointerSize
// inside the exit frame (not GCed) accessible via StackSpaceOperand.
static void PrepareCallApiFunction(MacroAssembler* masm, int arg_stack_space) {
  __ EnterApiExitFrame(arg_stack_space);
}


// Calls an API function.  Allocates HandleScope, extracts returned value
// from handle and propagates exceptions.  Clobbers r14, r15, rbx and
// caller-save registers.  Restores context.  On return removes
// stack_space * kPointerSize (GCed).
static void CallApiFunctionAndReturn(MacroAssembler* masm,
                                     Register function_address,
                                     ExternalReference thunk_ref,
                                     Register thunk_last_arg, int stack_space,
                                     Operand* stack_space_operand,
                                     Operand return_value_operand,
                                     Operand* context_restore_operand) {
  Label prologue;
  Label promote_scheduled_exception;
  Label delete_allocated_handles;
  Label leave_exit_frame;
  Label write_back;

  Isolate* isolate = masm->isolate();
  Factory* factory = isolate->factory();
  ExternalReference next_address =
      ExternalReference::handle_scope_next_address(isolate);
  const int kNextOffset = 0;
  const int kLimitOffset = Offset(
      ExternalReference::handle_scope_limit_address(isolate), next_address);
  const int kLevelOffset = Offset(
      ExternalReference::handle_scope_level_address(isolate), next_address);
  ExternalReference scheduled_exception_address =
      ExternalReference::scheduled_exception_address(isolate);

  DCHECK(rdx.is(function_address) || r8.is(function_address));
  // Allocate HandleScope in callee-save registers.
  Register prev_next_address_reg = r14;
  Register prev_limit_reg = rbx;
  Register base_reg = r15;
  __ Move(base_reg, next_address);
  __ movp(prev_next_address_reg, Operand(base_reg, kNextOffset));
  __ movp(prev_limit_reg, Operand(base_reg, kLimitOffset));
  __ addl(Operand(base_reg, kLevelOffset), Immediate(1));

  if (FLAG_log_timer_events) {
    FrameScope frame(masm, StackFrame::MANUAL);
    __ PushSafepointRegisters();
    __ PrepareCallCFunction(1);
    __ LoadAddress(arg_reg_1, ExternalReference::isolate_address(isolate));
    __ CallCFunction(ExternalReference::log_enter_external_function(isolate),
                     1);
    __ PopSafepointRegisters();
  }

  Label profiler_disabled;
  Label end_profiler_check;
  __ Move(rax, ExternalReference::is_profiling_address(isolate));
  __ cmpb(Operand(rax, 0), Immediate(0));
  __ j(zero, &profiler_disabled);

  // Third parameter is the address of the actual getter function.
  __ Move(thunk_last_arg, function_address);
  __ Move(rax, thunk_ref);
  __ jmp(&end_profiler_check);

  __ bind(&profiler_disabled);
  // Call the api function!
  __ Move(rax, function_address);

  __ bind(&end_profiler_check);

  // Call the api function!
  __ call(rax);

  if (FLAG_log_timer_events) {
    FrameScope frame(masm, StackFrame::MANUAL);
    __ PushSafepointRegisters();
    __ PrepareCallCFunction(1);
    __ LoadAddress(arg_reg_1, ExternalReference::isolate_address(isolate));
    __ CallCFunction(ExternalReference::log_leave_external_function(isolate),
                     1);
    __ PopSafepointRegisters();
  }

  // Load the value from ReturnValue
  __ movp(rax, return_value_operand);
  __ bind(&prologue);

  // No more valid handles (the result handle was the last one). Restore
  // previous handle scope.
  __ subl(Operand(base_reg, kLevelOffset), Immediate(1));
  __ movp(Operand(base_reg, kNextOffset), prev_next_address_reg);
  __ cmpp(prev_limit_reg, Operand(base_reg, kLimitOffset));
  __ j(not_equal, &delete_allocated_handles);
4930 4931

  // Leave the API exit frame.
4932
  __ bind(&leave_exit_frame);
4933 4934 4935 4936 4937 4938 4939 4940
  bool restore_context = context_restore_operand != NULL;
  if (restore_context) {
    __ movp(rsi, *context_restore_operand);
  }
  if (stack_space_operand != nullptr) {
    __ movp(rbx, *stack_space_operand);
  }
  __ LeaveApiExitFrame(!restore_context);
4941 4942

  // Check if the function scheduled an exception.
4943 4944
  __ Move(rdi, scheduled_exception_address);
  __ Cmp(Operand(rdi, 0), factory->the_hole_value());
4945 4946 4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958
  __ j(not_equal, &promote_scheduled_exception);

#if DEBUG
  // Check if the function returned a valid JavaScript value.
  Label ok;
  Register return_value = rax;
  Register map = rcx;

  __ JumpIfSmi(return_value, &ok, Label::kNear);
  __ movp(map, FieldOperand(return_value, HeapObject::kMapOffset));

  __ CmpInstanceType(map, LAST_NAME_TYPE);
  __ j(below_equal, &ok, Label::kNear);

4959
  __ CmpInstanceType(map, FIRST_JS_RECEIVER_TYPE);
4960 4961 4962 4963 4964 4965 4966 4967 4968 4969 4970 4971 4972 4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984 4985 4986 4987 4988 4989 4990
  __ j(above_equal, &ok, Label::kNear);

  __ CompareRoot(map, Heap::kHeapNumberMapRootIndex);
  __ j(equal, &ok, Label::kNear);

  __ CompareRoot(return_value, Heap::kUndefinedValueRootIndex);
  __ j(equal, &ok, Label::kNear);

  __ CompareRoot(return_value, Heap::kTrueValueRootIndex);
  __ j(equal, &ok, Label::kNear);

  __ CompareRoot(return_value, Heap::kFalseValueRootIndex);
  __ j(equal, &ok, Label::kNear);

  __ CompareRoot(return_value, Heap::kNullValueRootIndex);
  __ j(equal, &ok, Label::kNear);

  __ Abort(kAPICallReturnedInvalidObject);

  __ bind(&ok);
#endif

  if (stack_space_operand != nullptr) {
    DCHECK_EQ(stack_space, 0);
    __ PopReturnAddressTo(rcx);
    __ addq(rsp, rbx);
    __ jmp(rcx);
  } else {
    __ ret(stack_space * kPointerSize);
  }

4991
  // Re-throw by promoting a scheduled exception.
4992
  __ bind(&promote_scheduled_exception);
4993
  __ TailCallRuntime(Runtime::kPromoteScheduledException);
4994 4995 4996 4997 4998 4999 5000 5001 5002 5003 5004 5005 5006

  // HandleScope limit has changed. Delete allocated extensions.
  __ bind(&delete_allocated_handles);
  __ movp(Operand(base_reg, kLimitOffset), prev_limit_reg);
  __ movp(prev_limit_reg, rax);
  __ LoadAddress(arg_reg_1, ExternalReference::isolate_address(isolate));
  __ LoadAddress(rax,
                 ExternalReference::delete_handle_scope_extensions(isolate));
  __ call(rax);
  __ movp(rax, prev_limit_reg);
  __ jmp(&leave_exit_frame);
}

vogelheim's avatar
vogelheim committed
5007
void CallApiCallbackStub::Generate(MacroAssembler* masm) {
5008
  // ----------- S t a t e -------------
5009
  //  -- rdi                 : callee
5010 5011 5012 5013
  //  -- rbx                 : call_data
  //  -- rcx                 : holder
  //  -- rdx                 : api_function_address
  //  -- rsi                 : context
5014
  //  -- rax                 : number of arguments if argc is a register
5015 5016 5017 5018 5019 5020 5021
  //  -- rsp[0]              : return address
  //  -- rsp[8]              : last argument
  //  -- ...
  //  -- rsp[argc * 8]       : first argument
  //  -- rsp[(argc + 1) * 8] : receiver
  // -----------------------------------

5022
  Register callee = rdi;
5023 5024 5025 5026
  Register call_data = rbx;
  Register holder = rcx;
  Register api_function_address = rdx;
  Register context = rsi;
5027
  Register return_address = r8;
5028 5029 5030

  typedef FunctionCallbackArguments FCA;

5031 5032
  STATIC_ASSERT(FCA::kContextSaveIndex == 6);
  STATIC_ASSERT(FCA::kCalleeIndex == 5);
5033 5034 5035 5036 5037
  STATIC_ASSERT(FCA::kDataIndex == 4);
  STATIC_ASSERT(FCA::kReturnValueOffset == 3);
  STATIC_ASSERT(FCA::kReturnValueDefaultValueIndex == 2);
  STATIC_ASSERT(FCA::kIsolateIndex == 1);
  STATIC_ASSERT(FCA::kHolderIndex == 0);
5038 5039
  STATIC_ASSERT(FCA::kNewTargetIndex == 7);
  STATIC_ASSERT(FCA::kArgsLength == 8);
5040

5041 5042
  __ PopReturnAddressTo(return_address);

5043 5044 5045
  // new target
  __ PushRoot(Heap::kUndefinedValueRootIndex);

5046 5047
  // context save
  __ Push(context);
5048

5049 5050 5051
  // callee
  __ Push(callee);

5052
  // call data
5053
  __ Push(call_data);
5054
  Register scratch = call_data;
vogelheim's avatar
vogelheim committed
5055
  if (!this->call_data_undefined()) {
5056 5057 5058
    __ LoadRoot(scratch, Heap::kUndefinedValueRootIndex);
  }
  // return value
5059
  __ Push(scratch);
5060
  // return value default
5061
  __ Push(scratch);
5062
  // isolate
5063
  __ Move(scratch, ExternalReference::isolate_address(masm->isolate()));
5064
  __ Push(scratch);
5065
  // holder
5066
  __ Push(holder);
5067 5068 5069

  __ movp(scratch, rsp);
  // Push return address back on stack.
5070
  __ PushReturnAddressFrom(return_address);
5071

vogelheim's avatar
vogelheim committed
5072
  if (!this->is_lazy()) {
5073 5074 5075
    // load context from callee
    __ movp(context, FieldOperand(callee, JSFunction::kContextOffset));
  }
5076 5077 5078

  // Allocate the v8::Arguments structure in the arguments' space since
  // it's not controlled by GC.
5079
  const int kApiStackSpace = 3;
5080

5081
  PrepareCallApiFunction(masm, kApiStackSpace);
5082 5083

  // FunctionCallbackInfo::implicit_args_.
vogelheim's avatar
vogelheim committed
5084
  int argc = this->argc();
5085
  __ movp(StackSpaceOperand(0), scratch);
vogelheim's avatar
vogelheim committed
5086 5087 5088 5089 5090
  __ addp(scratch, Immediate((argc + FCA::kArgsLength - 1) * kPointerSize));
  // FunctionCallbackInfo::values_.
  __ movp(StackSpaceOperand(1), scratch);
  // FunctionCallbackInfo::length_.
  __ Set(StackSpaceOperand(2), argc);
5091 5092 5093 5094 5095 5096 5097 5098 5099

#if defined(__MINGW64__) || defined(_WIN64)
  Register arguments_arg = rcx;
  Register callback_arg = rdx;
#else
  Register arguments_arg = rdi;
  Register callback_arg = rsi;
#endif

5100
  // It's okay if api_function_address == callback_arg
5101
  // but not arguments_arg
5102
  DCHECK(!api_function_address.is(arguments_arg));
5103 5104

  // v8::InvocationCallback's argument.
5105
  __ leap(arguments_arg, StackSpaceOperand(0));
5106

5107
  ExternalReference thunk_ref =
5108
      ExternalReference::invoke_function_callback(masm->isolate());
5109

5110 5111
  // Accessor for FunctionCallbackInfo and first js arg.
  StackArgumentsAccessor args_from_rbp(rbp, FCA::kArgsLength + 1,
5112 5113
                                       ARGUMENTS_DONT_CONTAIN_RECEIVER);
  Operand context_restore_operand = args_from_rbp.GetArgumentOperand(
5114
      FCA::kArgsLength - FCA::kContextSaveIndex);
5115
  Operand length_operand = StackSpaceOperand(2);
5116
  Operand return_value_operand = args_from_rbp.GetArgumentOperand(
vogelheim's avatar
vogelheim committed
5117
      this->is_store() ? 0 : FCA::kArgsLength - FCA::kReturnValueOffset);
5118
  int stack_space = 0;
5119
  Operand* stack_space_operand = &length_operand;
vogelheim's avatar
vogelheim committed
5120 5121
  stack_space = argc + FCA::kArgsLength + 1;
  stack_space_operand = nullptr;
5122 5123 5124
  CallApiFunctionAndReturn(masm, api_function_address, thunk_ref, callback_arg,
                           stack_space, stack_space_operand,
                           return_value_operand, &context_restore_operand);
5125 5126 5127
}


dcarney@chromium.org's avatar
dcarney@chromium.org committed
5128 5129 5130 5131 5132 5133 5134 5135 5136 5137
void CallApiGetterStub::Generate(MacroAssembler* masm) {
#if defined(__MINGW64__) || defined(_WIN64)
  Register getter_arg = r8;
  Register accessor_info_arg = rdx;
  Register name_arg = rcx;
#else
  Register getter_arg = rdx;
  Register accessor_info_arg = rsi;
  Register name_arg = rdi;
#endif
5138 5139 5140 5141
  Register api_function_address = r8;
  Register receiver = ApiGetterDescriptor::ReceiverRegister();
  Register holder = ApiGetterDescriptor::HolderRegister();
  Register callback = ApiGetterDescriptor::CallbackRegister();
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5142
  Register scratch = rax;
5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167
  DCHECK(!AreAliased(receiver, holder, callback, scratch));

  // Build v8::PropertyCallbackInfo::args_ array on the stack and push property
  // name below the exit frame to make GC aware of them.
  STATIC_ASSERT(PropertyCallbackArguments::kShouldThrowOnErrorIndex == 0);
  STATIC_ASSERT(PropertyCallbackArguments::kHolderIndex == 1);
  STATIC_ASSERT(PropertyCallbackArguments::kIsolateIndex == 2);
  STATIC_ASSERT(PropertyCallbackArguments::kReturnValueDefaultValueIndex == 3);
  STATIC_ASSERT(PropertyCallbackArguments::kReturnValueOffset == 4);
  STATIC_ASSERT(PropertyCallbackArguments::kDataIndex == 5);
  STATIC_ASSERT(PropertyCallbackArguments::kThisIndex == 6);
  STATIC_ASSERT(PropertyCallbackArguments::kArgsLength == 7);

  // Insert additional parameters into the stack frame above return address.
  __ PopReturnAddressTo(scratch);
  __ Push(receiver);
  __ Push(FieldOperand(callback, AccessorInfo::kDataOffset));
  __ LoadRoot(kScratchRegister, Heap::kUndefinedValueRootIndex);
  __ Push(kScratchRegister);  // return value
  __ Push(kScratchRegister);  // return value default
  __ PushAddress(ExternalReference::isolate_address(isolate()));
  __ Push(holder);
  __ Push(Smi::FromInt(0));  // should_throw_on_error -> false
  __ Push(FieldOperand(callback, AccessorInfo::kNameOffset));
  __ PushReturnAddressFrom(scratch);
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5168

5169 5170
  // v8::PropertyCallbackInfo::args_ array and name handle.
  const int kStackUnwindSpace = PropertyCallbackArguments::kArgsLength + 1;
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5171

5172
  // Allocate v8::PropertyCallbackInfo in non-GCed stack space.
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5173 5174
  const int kArgStackSpace = 1;

5175 5176
  // Load address of v8::PropertyAccessorInfo::args_ array.
  __ leap(scratch, Operand(rsp, 2 * kPointerSize));
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5177

5178
  PrepareCallApiFunction(masm, kArgStackSpace);
5179 5180 5181 5182
  // Create v8::PropertyCallbackInfo object on the stack and initialize
  // it's args_ field.
  Operand info_object = StackSpaceOperand(0);
  __ movp(info_object, scratch);
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5183

5184
  __ leap(name_arg, Operand(scratch, -kPointerSize));
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5185 5186
  // The context register (rsi) has been saved in PrepareCallApiFunction and
  // could be used to pass arguments.
5187
  __ leap(accessor_info_arg, info_object);
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5188

5189 5190
  ExternalReference thunk_ref =
      ExternalReference::invoke_accessor_getter_callback(isolate());
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5191 5192 5193

  // It's okay if api_function_address == getter_arg
  // but not accessor_info_arg or name_arg
5194 5195 5196 5197 5198
  DCHECK(!api_function_address.is(accessor_info_arg));
  DCHECK(!api_function_address.is(name_arg));
  __ movp(scratch, FieldOperand(callback, AccessorInfo::kJsGetterOffset));
  __ movp(api_function_address,
          FieldOperand(scratch, Foreign::kForeignAddressOffset));
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5199

5200 5201 5202
  // +3 is to skip prolog, return address and name handle.
  Operand return_value_operand(
      rbp, (PropertyCallbackArguments::kReturnValueOffset + 3) * kPointerSize);
5203
  CallApiFunctionAndReturn(masm, api_function_address, thunk_ref, getter_arg,
5204 5205
                           kStackUnwindSpace, nullptr, return_value_operand,
                           NULL);
dcarney@chromium.org's avatar
dcarney@chromium.org committed
5206 5207
}

5208 5209
#undef __

5210 5211
}  // namespace internal
}  // namespace v8
5212 5213

#endif  // V8_TARGET_ARCH_X64