1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/compiler/js-inlining.h"
6
7 #include "src/ast/ast.h"
8 #include "src/compiler.h"
9 #include "src/compiler/all-nodes.h"
10 #include "src/compiler/bytecode-graph-builder.h"
11 #include "src/compiler/common-operator.h"
12 #include "src/compiler/compiler-source-position-table.h"
13 #include "src/compiler/graph-reducer.h"
14 #include "src/compiler/js-operator.h"
15 #include "src/compiler/node-matchers.h"
16 #include "src/compiler/node-properties.h"
17 #include "src/compiler/operator-properties.h"
18 #include "src/compiler/simplified-operator.h"
19 #include "src/isolate-inl.h"
20 #include "src/optimized-compilation-info.h"
21 #include "src/parsing/parse-info.h"
22
23 namespace v8 {
24 namespace internal {
25 namespace compiler {
26
27 namespace {
28 // This is just to avoid some corner cases, especially since we allow recursive
29 // inlining.
30 static const int kMaxDepthForInlining = 50;
31 } // namespace
32
33 #define TRACE(...) \
34 do { \
35 if (FLAG_trace_turbo_inlining) PrintF(__VA_ARGS__); \
36 } while (false)
37
38
39 // Provides convenience accessors for the common layout of nodes having either
40 // the {JSCall} or the {JSConstruct} operator.
41 class JSCallAccessor {
42 public:
JSCallAccessor(Node * call)43 explicit JSCallAccessor(Node* call) : call_(call) {
44 DCHECK(call->opcode() == IrOpcode::kJSCall ||
45 call->opcode() == IrOpcode::kJSConstruct);
46 }
47
target()48 Node* target() {
49 // Both, {JSCall} and {JSConstruct}, have same layout here.
50 return call_->InputAt(0);
51 }
52
receiver()53 Node* receiver() {
54 DCHECK_EQ(IrOpcode::kJSCall, call_->opcode());
55 return call_->InputAt(1);
56 }
57
new_target()58 Node* new_target() {
59 DCHECK_EQ(IrOpcode::kJSConstruct, call_->opcode());
60 return call_->InputAt(formal_arguments() + 1);
61 }
62
frame_state()63 Node* frame_state() {
64 // Both, {JSCall} and {JSConstruct}, have frame state.
65 return NodeProperties::GetFrameStateInput(call_);
66 }
67
formal_arguments()68 int formal_arguments() {
69 // Both, {JSCall} and {JSConstruct}, have two extra inputs:
70 // - JSConstruct: Includes target function and new target.
71 // - JSCall: Includes target function and receiver.
72 return call_->op()->ValueInputCount() - 2;
73 }
74
frequency() const75 CallFrequency frequency() const {
76 return (call_->opcode() == IrOpcode::kJSCall)
77 ? CallParametersOf(call_->op()).frequency()
78 : ConstructParametersOf(call_->op()).frequency();
79 }
80
81 private:
82 Node* call_;
83 };
84
InlineCall(Node * call,Node * new_target,Node * context,Node * frame_state,Node * start,Node * end,Node * exception_target,const NodeVector & uncaught_subcalls)85 Reduction JSInliner::InlineCall(Node* call, Node* new_target, Node* context,
86 Node* frame_state, Node* start, Node* end,
87 Node* exception_target,
88 const NodeVector& uncaught_subcalls) {
89 // The scheduler is smart enough to place our code; we just ensure {control}
90 // becomes the control input of the start of the inlinee, and {effect} becomes
91 // the effect input of the start of the inlinee.
92 Node* control = NodeProperties::GetControlInput(call);
93 Node* effect = NodeProperties::GetEffectInput(call);
94
95 int const inlinee_new_target_index =
96 static_cast<int>(start->op()->ValueOutputCount()) - 3;
97 int const inlinee_arity_index =
98 static_cast<int>(start->op()->ValueOutputCount()) - 2;
99 int const inlinee_context_index =
100 static_cast<int>(start->op()->ValueOutputCount()) - 1;
101
102 // {inliner_inputs} counts JSFunction, receiver, arguments, but not
103 // new target value, argument count, context, effect or control.
104 int inliner_inputs = call->op()->ValueInputCount();
105 // Iterate over all uses of the start node.
106 for (Edge edge : start->use_edges()) {
107 Node* use = edge.from();
108 switch (use->opcode()) {
109 case IrOpcode::kParameter: {
110 int index = 1 + ParameterIndexOf(use->op());
111 DCHECK_LE(index, inlinee_context_index);
112 if (index < inliner_inputs && index < inlinee_new_target_index) {
113 // There is an input from the call, and the index is a value
114 // projection but not the context, so rewire the input.
115 Replace(use, call->InputAt(index));
116 } else if (index == inlinee_new_target_index) {
117 // The projection is requesting the new target value.
118 Replace(use, new_target);
119 } else if (index == inlinee_arity_index) {
120 // The projection is requesting the number of arguments.
121 Replace(use, jsgraph()->Constant(inliner_inputs - 2));
122 } else if (index == inlinee_context_index) {
123 // The projection is requesting the inlinee function context.
124 Replace(use, context);
125 } else {
126 // Call has fewer arguments than required, fill with undefined.
127 Replace(use, jsgraph()->UndefinedConstant());
128 }
129 break;
130 }
131 default:
132 if (NodeProperties::IsEffectEdge(edge)) {
133 edge.UpdateTo(effect);
134 } else if (NodeProperties::IsControlEdge(edge)) {
135 edge.UpdateTo(control);
136 } else if (NodeProperties::IsFrameStateEdge(edge)) {
137 edge.UpdateTo(frame_state);
138 } else {
139 UNREACHABLE();
140 }
141 break;
142 }
143 }
144
145 if (exception_target != nullptr) {
146 // Link uncaught calls in the inlinee to {exception_target}
147 int subcall_count = static_cast<int>(uncaught_subcalls.size());
148 if (subcall_count > 0) {
149 TRACE(
150 "Inlinee contains %d calls without local exception handler; "
151 "linking to surrounding exception handler\n",
152 subcall_count);
153 }
154 NodeVector on_exception_nodes(local_zone_);
155 for (Node* subcall : uncaught_subcalls) {
156 Node* on_success = graph()->NewNode(common()->IfSuccess(), subcall);
157 NodeProperties::ReplaceUses(subcall, subcall, subcall, on_success);
158 NodeProperties::ReplaceControlInput(on_success, subcall);
159 Node* on_exception =
160 graph()->NewNode(common()->IfException(), subcall, subcall);
161 on_exception_nodes.push_back(on_exception);
162 }
163
164 DCHECK_EQ(subcall_count, static_cast<int>(on_exception_nodes.size()));
165 if (subcall_count > 0) {
166 Node* control_output =
167 graph()->NewNode(common()->Merge(subcall_count), subcall_count,
168 &on_exception_nodes.front());
169 NodeVector values_effects(local_zone_);
170 values_effects = on_exception_nodes;
171 values_effects.push_back(control_output);
172 Node* value_output = graph()->NewNode(
173 common()->Phi(MachineRepresentation::kTagged, subcall_count),
174 subcall_count + 1, &values_effects.front());
175 Node* effect_output =
176 graph()->NewNode(common()->EffectPhi(subcall_count),
177 subcall_count + 1, &values_effects.front());
178 ReplaceWithValue(exception_target, value_output, effect_output,
179 control_output);
180 } else {
181 ReplaceWithValue(exception_target, exception_target, exception_target,
182 jsgraph()->Dead());
183 }
184 }
185
186 NodeVector values(local_zone_);
187 NodeVector effects(local_zone_);
188 NodeVector controls(local_zone_);
189 for (Node* const input : end->inputs()) {
190 switch (input->opcode()) {
191 case IrOpcode::kReturn:
192 values.push_back(NodeProperties::GetValueInput(input, 1));
193 effects.push_back(NodeProperties::GetEffectInput(input));
194 controls.push_back(NodeProperties::GetControlInput(input));
195 break;
196 case IrOpcode::kDeoptimize:
197 case IrOpcode::kTerminate:
198 case IrOpcode::kThrow:
199 NodeProperties::MergeControlToEnd(graph(), common(), input);
200 Revisit(graph()->end());
201 break;
202 default:
203 UNREACHABLE();
204 break;
205 }
206 }
207 DCHECK_EQ(values.size(), effects.size());
208 DCHECK_EQ(values.size(), controls.size());
209
210 // Depending on whether the inlinee produces a value, we either replace value
211 // uses with said value or kill value uses if no value can be returned.
212 if (values.size() > 0) {
213 int const input_count = static_cast<int>(controls.size());
214 Node* control_output = graph()->NewNode(common()->Merge(input_count),
215 input_count, &controls.front());
216 values.push_back(control_output);
217 effects.push_back(control_output);
218 Node* value_output = graph()->NewNode(
219 common()->Phi(MachineRepresentation::kTagged, input_count),
220 static_cast<int>(values.size()), &values.front());
221 Node* effect_output =
222 graph()->NewNode(common()->EffectPhi(input_count),
223 static_cast<int>(effects.size()), &effects.front());
224 ReplaceWithValue(call, value_output, effect_output, control_output);
225 return Changed(value_output);
226 } else {
227 ReplaceWithValue(call, jsgraph()->Dead(), jsgraph()->Dead(),
228 jsgraph()->Dead());
229 return Changed(call);
230 }
231 }
232
CreateArtificialFrameState(Node * node,Node * outer_frame_state,int parameter_count,BailoutId bailout_id,FrameStateType frame_state_type,Handle<SharedFunctionInfo> shared)233 Node* JSInliner::CreateArtificialFrameState(Node* node, Node* outer_frame_state,
234 int parameter_count,
235 BailoutId bailout_id,
236 FrameStateType frame_state_type,
237 Handle<SharedFunctionInfo> shared) {
238 const FrameStateFunctionInfo* state_info =
239 common()->CreateFrameStateFunctionInfo(frame_state_type,
240 parameter_count + 1, 0, shared);
241
242 const Operator* op = common()->FrameState(
243 bailout_id, OutputFrameStateCombine::Ignore(), state_info);
244 const Operator* op0 = common()->StateValues(0, SparseInputMask::Dense());
245 Node* node0 = graph()->NewNode(op0);
246 NodeVector params(local_zone_);
247 for (int parameter = 0; parameter < parameter_count + 1; ++parameter) {
248 params.push_back(node->InputAt(1 + parameter));
249 }
250 const Operator* op_param = common()->StateValues(
251 static_cast<int>(params.size()), SparseInputMask::Dense());
252 Node* params_node = graph()->NewNode(
253 op_param, static_cast<int>(params.size()), ¶ms.front());
254 return graph()->NewNode(op, params_node, node0, node0,
255 jsgraph()->UndefinedConstant(), node->InputAt(0),
256 outer_frame_state);
257 }
258
259 namespace {
260
261 // TODO(mstarzinger,verwaest): Move this predicate onto SharedFunctionInfo?
NeedsImplicitReceiver(Handle<SharedFunctionInfo> shared_info)262 bool NeedsImplicitReceiver(Handle<SharedFunctionInfo> shared_info) {
263 DisallowHeapAllocation no_gc;
264 if (!shared_info->construct_as_builtin()) {
265 return !IsDerivedConstructor(shared_info->kind());
266 } else {
267 return false;
268 }
269 }
270
271 } // namespace
272
273 // Determines whether the call target of the given call {node} is statically
274 // known and can be used as an inlining candidate. The {SharedFunctionInfo} of
275 // the call target is provided (the exact closure might be unknown).
DetermineCallTarget(Node * node,Handle<SharedFunctionInfo> & shared_info_out)276 bool JSInliner::DetermineCallTarget(
277 Node* node, Handle<SharedFunctionInfo>& shared_info_out) {
278 DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
279 HeapObjectMatcher match(node->InputAt(0));
280
281 // This reducer can handle both normal function calls as well a constructor
282 // calls whenever the target is a constant function object, as follows:
283 // - JSCall(target:constant, receiver, args...)
284 // - JSConstruct(target:constant, args..., new.target)
285 if (match.HasValue() && match.Value()->IsJSFunction()) {
286 Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
287
288 // Disallow cross native-context inlining for now. This means that all parts
289 // of the resulting code will operate on the same global object. This also
290 // prevents cross context leaks, where we could inline functions from a
291 // different context and hold on to that context (and closure) from the code
292 // object.
293 // TODO(turbofan): We might want to revisit this restriction later when we
294 // have a need for this, and we know how to model different native contexts
295 // in the same graph in a compositional way.
296 if (function->context()->native_context() !=
297 info_->context()->native_context()) {
298 return false;
299 }
300
301 shared_info_out = handle(function->shared(), isolate());
302 return true;
303 }
304
305 // This reducer can also handle calls where the target is statically known to
306 // be the result of a closure instantiation operation, as follows:
307 // - JSCall(JSCreateClosure[shared](context), receiver, args...)
308 // - JSConstruct(JSCreateClosure[shared](context), args..., new.target)
309 if (match.IsJSCreateClosure()) {
310 CreateClosureParameters const& p = CreateClosureParametersOf(match.op());
311
312 // Disallow inlining in case the instantiation site was never run and hence
313 // the vector cell does not contain a valid feedback vector for the call
314 // target.
315 // TODO(turbofan): We might consider to eagerly create the feedback vector
316 // in such a case (in {DetermineCallContext} below) eventually.
317 Handle<FeedbackCell> cell = p.feedback_cell();
318 if (!cell->value()->IsFeedbackVector()) return false;
319
320 shared_info_out = p.shared_info();
321 return true;
322 }
323
324 return false;
325 }
326
327 // Determines statically known information about the call target (assuming that
328 // the call target is known according to {DetermineCallTarget} above). The
329 // following static information is provided:
330 // - context : The context (as SSA value) bound by the call target.
331 // - feedback_vector : The target is guaranteed to use this feedback vector.
DetermineCallContext(Node * node,Node * & context_out,Handle<FeedbackVector> & feedback_vector_out)332 void JSInliner::DetermineCallContext(
333 Node* node, Node*& context_out,
334 Handle<FeedbackVector>& feedback_vector_out) {
335 DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
336 HeapObjectMatcher match(node->InputAt(0));
337
338 if (match.HasValue() && match.Value()->IsJSFunction()) {
339 Handle<JSFunction> function = Handle<JSFunction>::cast(match.Value());
340
341 // If the target function was never invoked, its feedback cell array might
342 // not contain a feedback vector. We ensure at this point that it's created.
343 JSFunction::EnsureFeedbackVector(function);
344
345 // The inlinee specializes to the context from the JSFunction object.
346 context_out = jsgraph()->Constant(handle(function->context(), isolate()));
347 feedback_vector_out = handle(function->feedback_vector(), isolate());
348 return;
349 }
350
351 if (match.IsJSCreateClosure()) {
352 CreateClosureParameters const& p = CreateClosureParametersOf(match.op());
353
354 // Load the feedback vector of the target by looking up its vector cell at
355 // the instantiation site (we only decide to inline if it's populated).
356 Handle<FeedbackCell> cell = p.feedback_cell();
357 DCHECK(cell->value()->IsFeedbackVector());
358
359 // The inlinee uses the locally provided context at instantiation.
360 context_out = NodeProperties::GetContextInput(match.node());
361 feedback_vector_out =
362 handle(FeedbackVector::cast(cell->value()), isolate());
363 return;
364 }
365
366 // Must succeed.
367 UNREACHABLE();
368 }
369
Reduce(Node * node)370 Reduction JSInliner::Reduce(Node* node) {
371 if (!IrOpcode::IsInlineeOpcode(node->opcode())) return NoChange();
372 return ReduceJSCall(node);
373 }
374
native_context() const375 Handle<Context> JSInliner::native_context() const {
376 return handle(info_->context()->native_context(), isolate());
377 }
378
ReduceJSCall(Node * node)379 Reduction JSInliner::ReduceJSCall(Node* node) {
380 DCHECK(IrOpcode::IsInlineeOpcode(node->opcode()));
381 Handle<SharedFunctionInfo> shared_info;
382 JSCallAccessor call(node);
383
384 // Determine the call target.
385 if (!DetermineCallTarget(node, shared_info)) return NoChange();
386
387 // Function must be inlineable.
388 if (!shared_info->IsInlineable()) {
389 TRACE("Not inlining %s into %s because callee is not inlineable\n",
390 shared_info->DebugName()->ToCString().get(),
391 info_->shared_info()->DebugName()->ToCString().get());
392 return NoChange();
393 }
394
395 // Constructor must be constructable.
396 if (node->opcode() == IrOpcode::kJSConstruct &&
397 !IsConstructable(shared_info->kind())) {
398 TRACE("Not inlining %s into %s because constructor is not constructable.\n",
399 shared_info->DebugName()->ToCString().get(),
400 info_->shared_info()->DebugName()->ToCString().get());
401 return NoChange();
402 }
403
404 // Class constructors are callable, but [[Call]] will raise an exception.
405 // See ES6 section 9.2.1 [[Call]] ( thisArgument, argumentsList ).
406 if (node->opcode() == IrOpcode::kJSCall &&
407 IsClassConstructor(shared_info->kind())) {
408 TRACE("Not inlining %s into %s because callee is a class constructor.\n",
409 shared_info->DebugName()->ToCString().get(),
410 info_->shared_info()->DebugName()->ToCString().get());
411 return NoChange();
412 }
413
414 // Function contains break points.
415 if (shared_info->HasBreakInfo()) {
416 TRACE("Not inlining %s into %s because callee may contain break points\n",
417 shared_info->DebugName()->ToCString().get(),
418 info_->shared_info()->DebugName()->ToCString().get());
419 return NoChange();
420 }
421
422 // To ensure inlining always terminates, we have an upper limit on inlining
423 // the nested calls.
424 int nesting_level = 0;
425 for (Node* frame_state = call.frame_state();
426 frame_state->opcode() == IrOpcode::kFrameState;
427 frame_state = frame_state->InputAt(kFrameStateOuterStateInput)) {
428 nesting_level++;
429 if (nesting_level > kMaxDepthForInlining) {
430 TRACE(
431 "Not inlining %s into %s because call has exceeded the maximum depth "
432 "for function inlining\n",
433 shared_info->DebugName()->ToCString().get(),
434 info_->shared_info()->DebugName()->ToCString().get());
435 return NoChange();
436 }
437 }
438
439 // Calls surrounded by a local try-block are only inlined if the appropriate
440 // flag is active. We also discover the {IfException} projection this way.
441 Node* exception_target = nullptr;
442 if (NodeProperties::IsExceptionalCall(node, &exception_target) &&
443 !FLAG_inline_into_try) {
444 TRACE(
445 "Try block surrounds #%d:%s and --no-inline-into-try active, so not "
446 "inlining %s into %s.\n",
447 exception_target->id(), exception_target->op()->mnemonic(),
448 shared_info->DebugName()->ToCString().get(),
449 info_->shared_info()->DebugName()->ToCString().get());
450 return NoChange();
451 }
452
453 if (!shared_info->is_compiled() &&
454 !Compiler::Compile(shared_info, Compiler::CLEAR_EXCEPTION)) {
455 TRACE("Not inlining %s into %s because bytecode generation failed\n",
456 shared_info->DebugName()->ToCString().get(),
457 info_->shared_info()->DebugName()->ToCString().get());
458 return NoChange();
459 }
460
461 // ----------------------------------------------------------------
462 // After this point, we've made a decision to inline this function.
463 // We shall not bailout from inlining if we got here.
464
465 TRACE("Inlining %s into %s%s\n", shared_info->DebugName()->ToCString().get(),
466 info_->shared_info()->DebugName()->ToCString().get(),
467 (exception_target != nullptr) ? " (inside try-block)" : "");
468
469 // Determine the targets feedback vector and its context.
470 Node* context;
471 Handle<FeedbackVector> feedback_vector;
472 DetermineCallContext(node, context, feedback_vector);
473
474 // Remember that we inlined this function.
475 int inlining_id = info_->AddInlinedFunction(
476 shared_info, source_positions_->GetSourcePosition(node));
477
478 // Create the subgraph for the inlinee.
479 Node* start;
480 Node* end;
481 {
482 // Run the BytecodeGraphBuilder to create the subgraph.
483 Graph::SubgraphScope scope(graph());
484 JSTypeHintLowering::Flags flags = JSTypeHintLowering::kNoFlags;
485 if (info_->is_bailout_on_uninitialized()) {
486 flags |= JSTypeHintLowering::kBailoutOnUninitialized;
487 }
488 CallFrequency frequency = call.frequency();
489 BytecodeGraphBuilder graph_builder(
490 zone(), shared_info, feedback_vector, BailoutId::None(), jsgraph(),
491 frequency, source_positions_, native_context(), inlining_id,
492 flags, false, info_->is_analyze_environment_liveness());
493 graph_builder.CreateGraph();
494
495 // Extract the inlinee start/end nodes.
496 start = graph()->start();
497 end = graph()->end();
498 }
499
500 // If we are inlining into a surrounding exception handler, we collect all
501 // potentially throwing nodes within the inlinee that are not handled locally
502 // by the inlinee itself. They are later wired into the surrounding handler.
503 NodeVector uncaught_subcalls(local_zone_);
504 if (exception_target != nullptr) {
505 // Find all uncaught 'calls' in the inlinee.
506 AllNodes inlined_nodes(local_zone_, end, graph());
507 for (Node* subnode : inlined_nodes.reachable) {
508 // Every possibly throwing node should get {IfSuccess} and {IfException}
509 // projections, unless there already is local exception handling.
510 if (subnode->op()->HasProperty(Operator::kNoThrow)) continue;
511 if (!NodeProperties::IsExceptionalCall(subnode)) {
512 DCHECK_EQ(2, subnode->op()->ControlOutputCount());
513 uncaught_subcalls.push_back(subnode);
514 }
515 }
516 }
517
518 Node* frame_state = call.frame_state();
519 Node* new_target = jsgraph()->UndefinedConstant();
520
521 // Inline {JSConstruct} requires some additional magic.
522 if (node->opcode() == IrOpcode::kJSConstruct) {
523 // Swizzle the inputs of the {JSConstruct} node to look like inputs to a
524 // normal {JSCall} node so that the rest of the inlining machinery
525 // behaves as if we were dealing with a regular function invocation.
526 new_target = call.new_target(); // Retrieve new target value input.
527 node->RemoveInput(call.formal_arguments() + 1); // Drop new target.
528 node->InsertInput(graph()->zone(), 1, new_target);
529
530 // Insert nodes around the call that model the behavior required for a
531 // constructor dispatch (allocate implicit receiver and check return value).
532 // This models the behavior usually accomplished by our {JSConstructStub}.
533 // Note that the context has to be the callers context (input to call node).
534 // Also note that by splitting off the {JSCreate} piece of the constructor
535 // call, we create an observable deoptimization point after the receiver
536 // instantiation but before the invocation (i.e. inside {JSConstructStub}
537 // where execution continues at {construct_stub_create_deopt_pc_offset}).
538 Node* receiver = jsgraph()->TheHoleConstant(); // Implicit receiver.
539 if (NeedsImplicitReceiver(shared_info)) {
540 Node* effect = NodeProperties::GetEffectInput(node);
541 Node* control = NodeProperties::GetControlInput(node);
542 Node* context = NodeProperties::GetContextInput(node);
543 Node* frame_state_inside = CreateArtificialFrameState(
544 node, frame_state, call.formal_arguments(),
545 BailoutId::ConstructStubCreate(), FrameStateType::kConstructStub,
546 shared_info);
547 Node* create =
548 graph()->NewNode(javascript()->Create(), call.target(), new_target,
549 context, frame_state_inside, effect, control);
550 uncaught_subcalls.push_back(create); // Adds {IfSuccess} & {IfException}.
551 NodeProperties::ReplaceControlInput(node, create);
552 NodeProperties::ReplaceEffectInput(node, create);
553 // Placeholder to hold {node}'s value dependencies while {node} is
554 // replaced.
555 Node* dummy = graph()->NewNode(common()->Dead());
556 NodeProperties::ReplaceUses(node, dummy, node, node, node);
557 Node* result;
558 // Insert a check of the return value to determine whether the return
559 // value or the implicit receiver should be selected as a result of the
560 // call.
561 Node* check = graph()->NewNode(simplified()->ObjectIsReceiver(), node);
562 result =
563 graph()->NewNode(common()->Select(MachineRepresentation::kTagged),
564 check, node, create);
565 receiver = create; // The implicit receiver.
566 ReplaceWithValue(dummy, result);
567 } else if (IsDerivedConstructor(shared_info->kind())) {
568 Node* node_success =
569 NodeProperties::FindSuccessfulControlProjection(node);
570 Node* is_receiver =
571 graph()->NewNode(simplified()->ObjectIsReceiver(), node);
572 Node* branch_is_receiver =
573 graph()->NewNode(common()->Branch(), is_receiver, node_success);
574 Node* branch_is_receiver_true =
575 graph()->NewNode(common()->IfTrue(), branch_is_receiver);
576 Node* branch_is_receiver_false =
577 graph()->NewNode(common()->IfFalse(), branch_is_receiver);
578 branch_is_receiver_false =
579 graph()->NewNode(javascript()->CallRuntime(
580 Runtime::kThrowConstructorReturnedNonObject),
581 context, NodeProperties::GetFrameStateInput(node),
582 node, branch_is_receiver_false);
583 uncaught_subcalls.push_back(branch_is_receiver_false);
584 branch_is_receiver_false =
585 graph()->NewNode(common()->Throw(), branch_is_receiver_false,
586 branch_is_receiver_false);
587 NodeProperties::MergeControlToEnd(graph(), common(),
588 branch_is_receiver_false);
589
590 ReplaceWithValue(node_success, node_success, node_success,
591 branch_is_receiver_true);
592 // Fix input destroyed by the above {ReplaceWithValue} call.
593 NodeProperties::ReplaceControlInput(branch_is_receiver, node_success, 0);
594 }
595 node->ReplaceInput(1, receiver);
596 // Insert a construct stub frame into the chain of frame states. This will
597 // reconstruct the proper frame when deoptimizing within the constructor.
598 frame_state =
599 CreateArtificialFrameState(node, frame_state, call.formal_arguments(),
600 BailoutId::ConstructStubInvoke(),
601 FrameStateType::kConstructStub, shared_info);
602 }
603
604 // Insert a JSConvertReceiver node for sloppy callees. Note that the context
605 // passed into this node has to be the callees context (loaded above).
606 if (node->opcode() == IrOpcode::kJSCall &&
607 is_sloppy(shared_info->language_mode()) && !shared_info->native()) {
608 Node* effect = NodeProperties::GetEffectInput(node);
609 if (NodeProperties::CanBePrimitive(isolate(), call.receiver(), effect)) {
610 CallParameters const& p = CallParametersOf(node->op());
611 Node* global_proxy = jsgraph()->HeapConstant(
612 handle(info_->native_context()->global_proxy(), isolate()));
613 Node* receiver = effect =
614 graph()->NewNode(simplified()->ConvertReceiver(p.convert_mode()),
615 call.receiver(), global_proxy, effect, start);
616 NodeProperties::ReplaceValueInput(node, receiver, 1);
617 NodeProperties::ReplaceEffectInput(node, effect);
618 }
619 }
620
621 // Insert argument adaptor frame if required. The callees formal parameter
622 // count (i.e. value outputs of start node minus target, receiver, new target,
623 // arguments count and context) have to match the number of arguments passed
624 // to the call.
625 int parameter_count = shared_info->internal_formal_parameter_count();
626 DCHECK_EQ(parameter_count, start->op()->ValueOutputCount() - 5);
627 if (call.formal_arguments() != parameter_count) {
628 frame_state = CreateArtificialFrameState(
629 node, frame_state, call.formal_arguments(), BailoutId::None(),
630 FrameStateType::kArgumentsAdaptor, shared_info);
631 }
632
633 return InlineCall(node, new_target, context, frame_state, start, end,
634 exception_target, uncaught_subcalls);
635 }
636
graph() const637 Graph* JSInliner::graph() const { return jsgraph()->graph(); }
638
javascript() const639 JSOperatorBuilder* JSInliner::javascript() const {
640 return jsgraph()->javascript();
641 }
642
common() const643 CommonOperatorBuilder* JSInliner::common() const { return jsgraph()->common(); }
644
simplified() const645 SimplifiedOperatorBuilder* JSInliner::simplified() const {
646 return jsgraph()->simplified();
647 }
648
649 #undef TRACE
650
651 } // namespace compiler
652 } // namespace internal
653 } // namespace v8
654