V8 API Reference, 7.2.502.16 (for Deno 0.2.4)
code-stub-assembler.h
1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef V8_CODE_STUB_ASSEMBLER_H_
6 #define V8_CODE_STUB_ASSEMBLER_H_
7 
8 #include <functional>
9 
10 #include "src/bailout-reason.h"
11 #include "src/base/macros.h"
12 #include "src/compiler/code-assembler.h"
13 #include "src/globals.h"
14 #include "src/message-template.h"
15 #include "src/objects.h"
16 #include "src/objects/arguments.h"
17 #include "src/objects/bigint.h"
18 #include "src/objects/smi.h"
19 #include "src/roots.h"
20 
21 #include "torque-generated/builtins-base-from-dsl-gen.h"
22 
23 namespace v8 {
24 namespace internal {
25 
26 class CallInterfaceDescriptor;
27 class CodeStubArguments;
28 class CodeStubAssembler;
29 class StatsCounter;
30 class StubCache;
31 
32 enum class PrimitiveType { kBoolean, kNumber, kString, kSymbol };
33 
34 #define HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(V) \
35  V(ArraySpeciesProtector, array_species_protector, ArraySpeciesProtector) \
36  V(PromiseSpeciesProtector, promise_species_protector, \
37  PromiseSpeciesProtector) \
38  V(TypedArraySpeciesProtector, typed_array_species_protector, \
39  TypedArraySpeciesProtector) \
40  V(RegExpSpeciesProtector, regexp_species_protector, RegExpSpeciesProtector)
41 
42 #define HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(V) \
43  V(AccessorInfoMap, accessor_info_map, AccessorInfoMap) \
44  V(AccessorPairMap, accessor_pair_map, AccessorPairMap) \
45  V(AllocationSiteWithWeakNextMap, allocation_site_map, AllocationSiteMap) \
46  V(AllocationSiteWithoutWeakNextMap, allocation_site_without_weaknext_map, \
47  AllocationSiteWithoutWeakNextMap) \
48  V(BooleanMap, boolean_map, BooleanMap) \
49  V(CodeMap, code_map, CodeMap) \
50  V(EmptyFixedArray, empty_fixed_array, EmptyFixedArray) \
51  V(EmptyPropertyDictionary, empty_property_dictionary, \
52  EmptyPropertyDictionary) \
53  V(EmptySlowElementDictionary, empty_slow_element_dictionary, \
54  EmptySlowElementDictionary) \
55  V(empty_string, empty_string, EmptyString) \
56  V(FalseValue, false_value, False) \
57  V(FeedbackVectorMap, feedback_vector_map, FeedbackVectorMap) \
58  V(FixedArrayMap, fixed_array_map, FixedArrayMap) \
59  V(FixedCOWArrayMap, fixed_cow_array_map, FixedCOWArrayMap) \
60  V(FixedDoubleArrayMap, fixed_double_array_map, FixedDoubleArrayMap) \
61  V(FunctionTemplateInfoMap, function_template_info_map, \
62  FunctionTemplateInfoMap) \
63  V(GlobalPropertyCellMap, global_property_cell_map, PropertyCellMap) \
64  V(has_instance_symbol, has_instance_symbol, HasInstanceSymbol) \
65  V(HeapNumberMap, heap_number_map, HeapNumberMap) \
66  V(iterator_symbol, iterator_symbol, IteratorSymbol) \
67  V(length_string, length_string, LengthString) \
68  V(ManyClosuresCellMap, many_closures_cell_map, ManyClosuresCellMap) \
69  V(MetaMap, meta_map, MetaMap) \
70  V(MinusZeroValue, minus_zero_value, MinusZero) \
71  V(MutableHeapNumberMap, mutable_heap_number_map, MutableHeapNumberMap) \
72  V(NanValue, nan_value, Nan) \
73  V(NoClosuresCellMap, no_closures_cell_map, NoClosuresCellMap) \
74  V(NoFeedbackCellMap, no_feedback_cell_map, NoFeedbackCellMap) \
75  V(NullValue, null_value, Null) \
76  V(OneClosureCellMap, one_closure_cell_map, OneClosureCellMap) \
77  V(PreParsedScopeDataMap, pre_parsed_scope_data_map, PreParsedScopeDataMap) \
78  V(prototype_string, prototype_string, PrototypeString) \
79  V(SharedFunctionInfoMap, shared_function_info_map, SharedFunctionInfoMap) \
80  V(StoreHandler0Map, store_handler0_map, StoreHandler0Map) \
81  V(SymbolMap, symbol_map, SymbolMap) \
82  V(TheHoleValue, the_hole_value, TheHole) \
83  V(TransitionArrayMap, transition_array_map, TransitionArrayMap) \
84  V(TrueValue, true_value, True) \
85  V(Tuple2Map, tuple2_map, Tuple2Map) \
86  V(Tuple3Map, tuple3_map, Tuple3Map) \
87  V(ArrayBoilerplateDescriptionMap, array_boilerplate_description_map, \
88  ArrayBoilerplateDescriptionMap) \
89  V(UncompiledDataWithoutPreParsedScopeMap, \
90  uncompiled_data_without_pre_parsed_scope_map, \
91  UncompiledDataWithoutPreParsedScopeMap) \
92  V(UncompiledDataWithPreParsedScopeMap, \
93  uncompiled_data_with_pre_parsed_scope_map, \
94  UncompiledDataWithPreParsedScopeMap) \
95  V(UndefinedValue, undefined_value, Undefined) \
96  V(WeakFixedArrayMap, weak_fixed_array_map, WeakFixedArrayMap)
97 
98 #define HEAP_IMMOVABLE_OBJECT_LIST(V) \
99  HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(V) \
100  HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(V)
101 
102 #ifdef DEBUG
103 #define CSA_CHECK(csa, x) \
104  (csa)->Check( \
105  [&]() -> compiler::Node* { \
106  return implicit_cast<compiler::SloppyTNode<Word32T>>(x); \
107  }, \
108  #x, __FILE__, __LINE__)
109 #else
110 #define CSA_CHECK(csa, x) (csa)->FastCheck(x)
111 #endif
112 
113 #ifdef DEBUG
114 // Add stringified versions to the given values, except the first. That is,
115 // transform
116 // x, a, b, c, d, e, f
117 // to
118 // a, "a", b, "b", c, "c", d, "d", e, "e", f, "f"
119 //
120 // __VA_ARGS__ is ignored to allow the caller to pass through too many
121 // parameters, and the first element is ignored to support having no extra
122 // values without empty __VA_ARGS__ (which cause all sorts of problems with
123 // extra commas).
124 #define CSA_ASSERT_STRINGIFY_EXTRA_VALUES_5(_, v1, v2, v3, v4, v5, ...) \
125  v1, #v1, v2, #v2, v3, #v3, v4, #v4, v5, #v5
126 
127 // Stringify the given variable number of arguments. The arguments are trimmed
128 // to 5 if there are too many, and padded with nullptr if there are not enough.
129 #define CSA_ASSERT_STRINGIFY_EXTRA_VALUES(...) \
130  CSA_ASSERT_STRINGIFY_EXTRA_VALUES_5(__VA_ARGS__, nullptr, nullptr, nullptr, \
131  nullptr, nullptr)
132 
133 #define CSA_ASSERT_GET_FIRST(x, ...) (x)
134 #define CSA_ASSERT_GET_FIRST_STR(x, ...) #x
135 
136 // CSA_ASSERT(csa, <condition>, <extra values to print...>)
137 
138 // We have to jump through some hoops to allow <extra values to print...> to be
139 // empty.
140 #define CSA_ASSERT(csa, ...) \
141  (csa)->Assert( \
142  [&]() -> compiler::Node* { \
143  return implicit_cast<compiler::SloppyTNode<Word32T>>( \
144  EXPAND(CSA_ASSERT_GET_FIRST(__VA_ARGS__))); \
145  }, \
146  EXPAND(CSA_ASSERT_GET_FIRST_STR(__VA_ARGS__)), __FILE__, __LINE__, \
147  CSA_ASSERT_STRINGIFY_EXTRA_VALUES(__VA_ARGS__))
148 
149 // CSA_ASSERT_BRANCH(csa, [](Label* ok, Label* not_ok) {...},
150 // <extra values to print...>)
151 
152 #define CSA_ASSERT_BRANCH(csa, ...) \
153  (csa)->Assert(EXPAND(CSA_ASSERT_GET_FIRST(__VA_ARGS__)), \
154  EXPAND(CSA_ASSERT_GET_FIRST_STR(__VA_ARGS__)), __FILE__, \
155  __LINE__, CSA_ASSERT_STRINGIFY_EXTRA_VALUES(__VA_ARGS__))
156 
157 #define CSA_ASSERT_JS_ARGC_OP(csa, Op, op, expected) \
158  (csa)->Assert( \
159  [&]() -> compiler::Node* { \
160  compiler::Node* const argc = \
161  (csa)->Parameter(Descriptor::kJSActualArgumentsCount); \
162  return (csa)->Op(argc, (csa)->Int32Constant(expected)); \
163  }, \
164  "argc " #op " " #expected, __FILE__, __LINE__, \
165  SmiFromInt32((csa)->Parameter(Descriptor::kJSActualArgumentsCount)), \
166  "argc")
167 
168 #define CSA_ASSERT_JS_ARGC_EQ(csa, expected) \
169  CSA_ASSERT_JS_ARGC_OP(csa, Word32Equal, ==, expected)
170 
171 #define CSA_DEBUG_INFO(name) \
172  { #name, __FILE__, __LINE__ }
173 #define BIND(label) Bind(label, CSA_DEBUG_INFO(label))
174 #define VARIABLE(name, ...) \
175  Variable name(this, CSA_DEBUG_INFO(name), __VA_ARGS__)
176 #define VARIABLE_CONSTRUCTOR(name, ...) \
177  name(this, CSA_DEBUG_INFO(name), __VA_ARGS__)
178 #define TYPED_VARIABLE_DEF(type, name, ...) \
179  TVariable<type> name(CSA_DEBUG_INFO(name), __VA_ARGS__)
180 #else // DEBUG
181 #define CSA_ASSERT(csa, ...) ((void)0)
182 #define CSA_ASSERT_BRANCH(csa, ...) ((void)0)
183 #define CSA_ASSERT_JS_ARGC_EQ(csa, expected) ((void)0)
184 #define BIND(label) Bind(label)
185 #define VARIABLE(name, ...) Variable name(this, __VA_ARGS__)
186 #define VARIABLE_CONSTRUCTOR(name, ...) name(this, __VA_ARGS__)
187 #define TYPED_VARIABLE_DEF(type, name, ...) TVariable<type> name(__VA_ARGS__)
188 #endif // DEBUG
189 
190 #define TVARIABLE(...) EXPAND(TYPED_VARIABLE_DEF(__VA_ARGS__, this))
191 
192 #ifdef ENABLE_SLOW_DCHECKS
193 #define CSA_SLOW_ASSERT(csa, ...) \
194  if (FLAG_enable_slow_asserts) { \
195  CSA_ASSERT(csa, __VA_ARGS__); \
196  }
197 #else
198 #define CSA_SLOW_ASSERT(csa, ...) ((void)0)
199 #endif
200 
201 // Provides JavaScript-specific "macro-assembler" functionality on top of the
202 // CodeAssembler. By factoring the JavaScript-isms out of the CodeAssembler,
203 // it's possible to add JavaScript-specific useful CodeAssembler "macros"
204 // without modifying files in the compiler directory (and requiring a review
205 // from a compiler directory OWNER).
206 class V8_EXPORT_PRIVATE CodeStubAssembler
207  : public compiler::CodeAssembler,
208  public BaseBuiltinsFromDSLAssembler {
209  public:
210  using Node = compiler::Node;
211  template <class T>
212  using TNode = compiler::TNode<T>;
213  template <class T>
214  using SloppyTNode = compiler::SloppyTNode<T>;
215 
216  template <typename T>
217  using LazyNode = std::function<TNode<T>()>;
218 
219  CodeStubAssembler(compiler::CodeAssemblerState* state);
220 
221  enum AllocationFlag : uint8_t {
222  kNone = 0,
223  kDoubleAlignment = 1,
224  kPretenured = 1 << 1,
225  kAllowLargeObjectAllocation = 1 << 2,
226  };
227 
228  enum SlackTrackingMode { kWithSlackTracking, kNoSlackTracking };
229 
230  typedef base::Flags<AllocationFlag> AllocationFlags;
231 
232  enum ParameterMode { SMI_PARAMETERS, INTPTR_PARAMETERS };
233 
234  // On 32-bit platforms, there is a slight performance advantage to doing all
235  // of the array offset/index arithmetic with SMIs, since it's possible
236  // to save a few tag/untag operations without paying an extra expense when
237  // calculating array offset (the smi math can be folded away) and there are
238  // fewer live ranges. Thus only convert indices to untagged value on 64-bit
239  // platforms.
240  ParameterMode OptimalParameterMode() const {
241  return Is64() ? INTPTR_PARAMETERS : SMI_PARAMETERS;
242  }
243 
244  MachineRepresentation ParameterRepresentation(ParameterMode mode) const {
245  return mode == INTPTR_PARAMETERS ? MachineType::PointerRepresentation()
246  : MachineRepresentation::kTaggedSigned;
247  }
248 
249  MachineRepresentation OptimalParameterRepresentation() const {
250  return ParameterRepresentation(OptimalParameterMode());
251  }
252 
253  TNode<IntPtrT> ParameterToIntPtr(Node* value, ParameterMode mode) {
254  if (mode == SMI_PARAMETERS) value = SmiUntag(value);
255  return UncheckedCast<IntPtrT>(value);
256  }
257 
258  Node* IntPtrToParameter(SloppyTNode<IntPtrT> value, ParameterMode mode) {
259  if (mode == SMI_PARAMETERS) return SmiTag(value);
260  return value;
261  }
262 
263  Node* Int32ToParameter(SloppyTNode<Int32T> value, ParameterMode mode) {
264  return IntPtrToParameter(ChangeInt32ToIntPtr(value), mode);
265  }
266 
267  TNode<Smi> ParameterToTagged(Node* value, ParameterMode mode) {
268  if (mode != SMI_PARAMETERS) return SmiTag(value);
269  return UncheckedCast<Smi>(value);
270  }
271 
272  Node* TaggedToParameter(SloppyTNode<Smi> value, ParameterMode mode) {
273  if (mode != SMI_PARAMETERS) return SmiUntag(value);
274  return value;
275  }
276 
277  TNode<Smi> TaggedToSmi(TNode<Object> value, Label* fail) {
278  GotoIf(TaggedIsNotSmi(value), fail);
279  return UncheckedCast<Smi>(value);
280  }
281 
282  TNode<Number> TaggedToNumber(TNode<Object> value, Label* fail) {
283  GotoIfNot(IsNumber(value), fail);
284  return UncheckedCast<Number>(value);
285  }
286 
287  TNode<HeapObject> TaggedToHeapObject(TNode<Object> value, Label* fail) {
288  GotoIf(TaggedIsSmi(value), fail);
289  return UncheckedCast<HeapObject>(value);
290  }
291 
292  TNode<JSArray> HeapObjectToJSArray(TNode<HeapObject> heap_object,
293  Label* fail) {
294  GotoIfNot(IsJSArray(heap_object), fail);
295  return UncheckedCast<JSArray>(heap_object);
296  }
297 
298  TNode<JSArray> TaggedToFastJSArray(TNode<Context> context,
299  TNode<Object> value, Label* fail) {
300  GotoIf(TaggedIsSmi(value), fail);
301  TNode<HeapObject> heap_object = CAST(value);
302  GotoIfNot(IsFastJSArray(heap_object, context), fail);
303  return UncheckedCast<JSArray>(heap_object);
304  }
305 
306  TNode<JSDataView> HeapObjectToJSDataView(TNode<HeapObject> heap_object,
307  Label* fail) {
308  GotoIfNot(IsJSDataView(heap_object), fail);
309  return CAST(heap_object);
310  }
311 
312  TNode<JSReceiver> HeapObjectToCallable(TNode<HeapObject> heap_object,
313  Label* fail) {
314  GotoIfNot(IsCallable(heap_object), fail);
315  return CAST(heap_object);
316  }
317 
318  TNode<String> HeapObjectToString(TNode<HeapObject> heap_object, Label* fail) {
319  GotoIfNot(IsString(heap_object), fail);
320  return CAST(heap_object);
321  }
322 
323  TNode<JSReceiver> HeapObjectToConstructor(TNode<HeapObject> heap_object,
324  Label* fail) {
325  GotoIfNot(IsConstructor(heap_object), fail);
326  return CAST(heap_object);
327  }
328 
329  Node* MatchesParameterMode(Node* value, ParameterMode mode);
330 
331 #define PARAMETER_BINOP(OpName, IntPtrOpName, SmiOpName) \
332  Node* OpName(Node* a, Node* b, ParameterMode mode) { \
333  if (mode == SMI_PARAMETERS) { \
334  return SmiOpName(CAST(a), CAST(b)); \
335  } else { \
336  DCHECK_EQ(INTPTR_PARAMETERS, mode); \
337  return IntPtrOpName(a, b); \
338  } \
339  }
340  PARAMETER_BINOP(IntPtrOrSmiMin, IntPtrMin, SmiMin)
341  PARAMETER_BINOP(IntPtrOrSmiAdd, IntPtrAdd, SmiAdd)
342  PARAMETER_BINOP(IntPtrOrSmiSub, IntPtrSub, SmiSub)
343  PARAMETER_BINOP(IntPtrOrSmiLessThan, IntPtrLessThan, SmiLessThan)
344  PARAMETER_BINOP(IntPtrOrSmiLessThanOrEqual, IntPtrLessThanOrEqual,
345  SmiLessThanOrEqual)
346  PARAMETER_BINOP(IntPtrOrSmiGreaterThan, IntPtrGreaterThan, SmiGreaterThan)
347  PARAMETER_BINOP(IntPtrOrSmiGreaterThanOrEqual, IntPtrGreaterThanOrEqual,
348  SmiGreaterThanOrEqual)
349  PARAMETER_BINOP(UintPtrOrSmiLessThan, UintPtrLessThan, SmiBelow)
350  PARAMETER_BINOP(UintPtrOrSmiGreaterThanOrEqual, UintPtrGreaterThanOrEqual,
351  SmiAboveOrEqual)
352 #undef PARAMETER_BINOP
353 
354  TNode<Object> NoContextConstant();
355 
356 #define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name) \
357  compiler::TNode<std::remove_pointer<std::remove_reference<decltype( \
358  std::declval<ReadOnlyRoots>().rootAccessorName())>::type>::type> \
359  name##Constant();
360  HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_ACCESSOR)
361 #undef HEAP_CONSTANT_ACCESSOR
362 
363 #define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name) \
364  compiler::TNode<std::remove_pointer<std::remove_reference<decltype( \
365  std::declval<Heap>().rootAccessorName())>::type>::type> \
366  name##Constant();
367  HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_ACCESSOR)
368 #undef HEAP_CONSTANT_ACCESSOR
369 
370 #define HEAP_CONSTANT_TEST(rootIndexName, rootAccessorName, name) \
371  TNode<BoolT> Is##name(SloppyTNode<Object> value); \
372  TNode<BoolT> IsNot##name(SloppyTNode<Object> value);
373  HEAP_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_TEST)
374 #undef HEAP_CONSTANT_TEST
375 
376  Node* IntPtrOrSmiConstant(int value, ParameterMode mode);
377  TNode<Smi> LanguageModeConstant(LanguageMode mode) {
378  return SmiConstant(static_cast<int>(mode));
379  }
380 
381  bool IsIntPtrOrSmiConstantZero(Node* test, ParameterMode mode);
382  bool TryGetIntPtrOrSmiConstantValue(Node* maybe_constant, int* value,
383  ParameterMode mode);
384 
385  // Round the 32bits payload of the provided word up to the next power of two.
386  TNode<IntPtrT> IntPtrRoundUpToPowerOfTwo32(TNode<IntPtrT> value);
387  // Select the maximum of the two provided IntPtr values.
388  TNode<IntPtrT> IntPtrMax(SloppyTNode<IntPtrT> left,
389  SloppyTNode<IntPtrT> right);
390  // Select the minimum of the two provided IntPtr values.
391  TNode<IntPtrT> IntPtrMin(SloppyTNode<IntPtrT> left,
392  SloppyTNode<IntPtrT> right);
393 
394  // Float64 operations.
395  TNode<Float64T> Float64Ceil(SloppyTNode<Float64T> x);
396  TNode<Float64T> Float64Floor(SloppyTNode<Float64T> x);
397  TNode<Float64T> Float64Round(SloppyTNode<Float64T> x);
398  TNode<Float64T> Float64RoundToEven(SloppyTNode<Float64T> x);
399  TNode<Float64T> Float64Trunc(SloppyTNode<Float64T> x);
400  // Select the minimum of the two provided Number values.
401  TNode<Number> NumberMax(SloppyTNode<Number> left, SloppyTNode<Number> right);
402  // Select the minimum of the two provided Number values.
403  TNode<Number> NumberMin(SloppyTNode<Number> left, SloppyTNode<Number> right);
404 
405  // After converting an index to an integer, calculate a relative index: if
406  // index < 0, max(length + index, 0); else min(index, length)
407  TNode<IntPtrT> ConvertToRelativeIndex(TNode<Context> context,
408  TNode<Object> index,
409  TNode<IntPtrT> length);
410 
411  // Returns true iff the given value fits into smi range and is >= 0.
412  TNode<BoolT> IsValidPositiveSmi(TNode<IntPtrT> value);
413 
414  // Tag an IntPtr as a Smi value.
415  TNode<Smi> SmiTag(SloppyTNode<IntPtrT> value);
416  // Untag a Smi value as an IntPtr.
417  TNode<IntPtrT> SmiUntag(SloppyTNode<Smi> value);
418 
419  // Smi conversions.
420  TNode<Float64T> SmiToFloat64(SloppyTNode<Smi> value);
421  TNode<Smi> SmiFromIntPtr(SloppyTNode<IntPtrT> value) { return SmiTag(value); }
422  TNode<Smi> SmiFromInt32(SloppyTNode<Int32T> value);
423  TNode<IntPtrT> SmiToIntPtr(SloppyTNode<Smi> value) { return SmiUntag(value); }
424  TNode<Int32T> SmiToInt32(SloppyTNode<Smi> value);
425 
426  // Smi operations.
427 #define SMI_ARITHMETIC_BINOP(SmiOpName, IntPtrOpName, Int32OpName) \
428  TNode<Smi> SmiOpName(TNode<Smi> a, TNode<Smi> b) { \
429  if (SmiValuesAre32Bits()) { \
430  return BitcastWordToTaggedSigned( \
431  IntPtrOpName(BitcastTaggedToWord(a), BitcastTaggedToWord(b))); \
432  } else { \
433  DCHECK(SmiValuesAre31Bits()); \
434  if (kPointerSize == kInt64Size) { \
435  CSA_ASSERT(this, IsValidSmi(a)); \
436  CSA_ASSERT(this, IsValidSmi(b)); \
437  } \
438  return BitcastWordToTaggedSigned(ChangeInt32ToIntPtr( \
439  Int32OpName(TruncateIntPtrToInt32(BitcastTaggedToWord(a)), \
440  TruncateIntPtrToInt32(BitcastTaggedToWord(b))))); \
441  } \
442  }
443  SMI_ARITHMETIC_BINOP(SmiAdd, IntPtrAdd, Int32Add)
444  SMI_ARITHMETIC_BINOP(SmiSub, IntPtrSub, Int32Sub)
445  SMI_ARITHMETIC_BINOP(SmiAnd, WordAnd, Word32And)
446  SMI_ARITHMETIC_BINOP(SmiOr, WordOr, Word32Or)
447 #undef SMI_ARITHMETIC_BINOP
448  TNode<Smi> SmiInc(TNode<Smi> value) { return SmiAdd(value, SmiConstant(1)); }
449 
450  TNode<IntPtrT> TryIntPtrAdd(TNode<IntPtrT> a, TNode<IntPtrT> b,
451  Label* if_overflow);
452  TNode<Smi> TrySmiAdd(TNode<Smi> a, TNode<Smi> b, Label* if_overflow);
453  TNode<Smi> TrySmiSub(TNode<Smi> a, TNode<Smi> b, Label* if_overflow);
454 
455  TNode<Smi> SmiShl(TNode<Smi> a, int shift) {
456  return BitcastWordToTaggedSigned(WordShl(BitcastTaggedToWord(a), shift));
457  }
458 
459  TNode<Smi> SmiShr(TNode<Smi> a, int shift) {
460  return BitcastWordToTaggedSigned(
461  WordAnd(WordShr(BitcastTaggedToWord(a), shift),
462  BitcastTaggedToWord(SmiConstant(-1))));
463  }
464 
465  Node* WordOrSmiShl(Node* a, int shift, ParameterMode mode) {
466  if (mode == SMI_PARAMETERS) {
467  return SmiShl(CAST(a), shift);
468  } else {
469  DCHECK_EQ(INTPTR_PARAMETERS, mode);
470  return WordShl(a, shift);
471  }
472  }
473 
474  Node* WordOrSmiShr(Node* a, int shift, ParameterMode mode) {
475  if (mode == SMI_PARAMETERS) {
476  return SmiShr(CAST(a), shift);
477  } else {
478  DCHECK_EQ(INTPTR_PARAMETERS, mode);
479  return WordShr(a, shift);
480  }
481  }
482 
483 #define SMI_COMPARISON_OP(SmiOpName, IntPtrOpName, Int32OpName) \
484  TNode<BoolT> SmiOpName(TNode<Smi> a, TNode<Smi> b) { \
485  if (SmiValuesAre32Bits()) { \
486  return IntPtrOpName(BitcastTaggedToWord(a), BitcastTaggedToWord(b)); \
487  } else { \
488  DCHECK(SmiValuesAre31Bits()); \
489  if (kPointerSize == kInt64Size) { \
490  CSA_ASSERT(this, IsValidSmi(a)); \
491  CSA_ASSERT(this, IsValidSmi(b)); \
492  } \
493  return Int32OpName(TruncateIntPtrToInt32(BitcastTaggedToWord(a)), \
494  TruncateIntPtrToInt32(BitcastTaggedToWord(b))); \
495  } \
496  }
497  SMI_COMPARISON_OP(SmiEqual, WordEqual, Word32Equal)
498  SMI_COMPARISON_OP(SmiNotEqual, WordNotEqual, Word32NotEqual)
499  SMI_COMPARISON_OP(SmiAbove, UintPtrGreaterThan, Uint32GreaterThan)
500  SMI_COMPARISON_OP(SmiAboveOrEqual, UintPtrGreaterThanOrEqual,
501  Uint32GreaterThanOrEqual)
502  SMI_COMPARISON_OP(SmiBelow, UintPtrLessThan, Uint32LessThan)
503  SMI_COMPARISON_OP(SmiLessThan, IntPtrLessThan, Int32LessThan)
504  SMI_COMPARISON_OP(SmiLessThanOrEqual, IntPtrLessThanOrEqual,
505  Int32LessThanOrEqual)
506  SMI_COMPARISON_OP(SmiGreaterThan, IntPtrGreaterThan, Int32GreaterThan)
507  SMI_COMPARISON_OP(SmiGreaterThanOrEqual, IntPtrGreaterThanOrEqual,
508  Int32GreaterThanOrEqual)
509 #undef SMI_COMPARISON_OP
510  TNode<Smi> SmiMax(TNode<Smi> a, TNode<Smi> b);
511  TNode<Smi> SmiMin(TNode<Smi> a, TNode<Smi> b);
512  // Computes a % b for Smi inputs a and b; result is not necessarily a Smi.
513  TNode<Number> SmiMod(TNode<Smi> a, TNode<Smi> b);
514  // Computes a * b for Smi inputs a and b; result is not necessarily a Smi.
515  TNode<Number> SmiMul(TNode<Smi> a, TNode<Smi> b);
516  // Tries to compute dividend / divisor for Smi inputs; branching to bailout
517  // if the division needs to be performed as a floating point operation.
518  TNode<Smi> TrySmiDiv(TNode<Smi> dividend, TNode<Smi> divisor, Label* bailout);
519 
520  // Compares two Smis a and b as if they were converted to strings and then
521  // compared lexicographically. Returns:
522  // -1 iff x < y.
523  // 0 iff x == y.
524  // 1 iff x > y.
525  TNode<Smi> SmiLexicographicCompare(TNode<Smi> x, TNode<Smi> y);
526 
527  // Smi | HeapNumber operations.
528  TNode<Number> NumberInc(SloppyTNode<Number> value);
529  TNode<Number> NumberDec(SloppyTNode<Number> value);
530  TNode<Number> NumberAdd(SloppyTNode<Number> a, SloppyTNode<Number> b);
531  TNode<Number> NumberSub(SloppyTNode<Number> a, SloppyTNode<Number> b);
532  void GotoIfNotNumber(Node* value, Label* is_not_number);
533  void GotoIfNumber(Node* value, Label* is_number);
534  TNode<Number> SmiToNumber(TNode<Smi> v) { return v; }
535 
536  TNode<Number> BitwiseOp(Node* left32, Node* right32, Operation bitwise_op);
537 
538  // Allocate an object of the given size.
539  TNode<HeapObject> AllocateInNewSpace(TNode<IntPtrT> size,
540  AllocationFlags flags = kNone);
541  TNode<HeapObject> AllocateInNewSpace(int size, AllocationFlags flags = kNone);
542  TNode<HeapObject> Allocate(TNode<IntPtrT> size,
543  AllocationFlags flags = kNone);
544  TNode<HeapObject> Allocate(int size, AllocationFlags flags = kNone);
545  TNode<HeapObject> InnerAllocate(TNode<HeapObject> previous, int offset);
546  TNode<HeapObject> InnerAllocate(TNode<HeapObject> previous,
547  TNode<IntPtrT> offset);
548 
549  TNode<BoolT> IsRegularHeapObjectSize(TNode<IntPtrT> size);
550 
551  typedef std::function<void(Label*, Label*)> BranchGenerator;
552  typedef std::function<Node*()> NodeGenerator;
553 
554  void Assert(const BranchGenerator& branch, const char* message = nullptr,
555  const char* file = nullptr, int line = 0,
556  Node* extra_node1 = nullptr, const char* extra_node1_name = "",
557  Node* extra_node2 = nullptr, const char* extra_node2_name = "",
558  Node* extra_node3 = nullptr, const char* extra_node3_name = "",
559  Node* extra_node4 = nullptr, const char* extra_node4_name = "",
560  Node* extra_node5 = nullptr, const char* extra_node5_name = "");
561  void Assert(const NodeGenerator& condition_body,
562  const char* message = nullptr, const char* file = nullptr,
563  int line = 0, Node* extra_node1 = nullptr,
564  const char* extra_node1_name = "", Node* extra_node2 = nullptr,
565  const char* extra_node2_name = "", Node* extra_node3 = nullptr,
566  const char* extra_node3_name = "", Node* extra_node4 = nullptr,
567  const char* extra_node4_name = "", Node* extra_node5 = nullptr,
568  const char* extra_node5_name = "");
569  void Check(const BranchGenerator& branch, const char* message = nullptr,
570  const char* file = nullptr, int line = 0,
571  Node* extra_node1 = nullptr, const char* extra_node1_name = "",
572  Node* extra_node2 = nullptr, const char* extra_node2_name = "",
573  Node* extra_node3 = nullptr, const char* extra_node3_name = "",
574  Node* extra_node4 = nullptr, const char* extra_node4_name = "",
575  Node* extra_node5 = nullptr, const char* extra_node5_name = "");
576  void Check(const NodeGenerator& condition_body, const char* message = nullptr,
577  const char* file = nullptr, int line = 0,
578  Node* extra_node1 = nullptr, const char* extra_node1_name = "",
579  Node* extra_node2 = nullptr, const char* extra_node2_name = "",
580  Node* extra_node3 = nullptr, const char* extra_node3_name = "",
581  Node* extra_node4 = nullptr, const char* extra_node4_name = "",
582  Node* extra_node5 = nullptr, const char* extra_node5_name = "");
583  void FailAssert(
584  const char* message = nullptr, const char* file = nullptr, int line = 0,
585  Node* extra_node1 = nullptr, const char* extra_node1_name = "",
586  Node* extra_node2 = nullptr, const char* extra_node2_name = "",
587  Node* extra_node3 = nullptr, const char* extra_node3_name = "",
588  Node* extra_node4 = nullptr, const char* extra_node4_name = "",
589  Node* extra_node5 = nullptr, const char* extra_node5_name = "");
590 
591  void FastCheck(TNode<BoolT> condition);
592 
593  // The following Call wrappers call an object according to the semantics that
594  // one finds in the EcmaScript spec, operating on an Callable (e.g. a
595  // JSFunction or proxy) rather than a Code object.
596  template <class... TArgs>
597  TNode<Object> Call(TNode<Context> context, TNode<Object> callable,
598  TNode<JSReceiver> receiver, TArgs... args) {
599  return UncheckedCast<Object>(CallJS(
600  CodeFactory::Call(isolate(), ConvertReceiverMode::kNotNullOrUndefined),
601  context, callable, receiver, args...));
602  }
603  template <class... TArgs>
604  TNode<Object> Call(TNode<Context> context, TNode<Object> callable,
605  TNode<Object> receiver, TArgs... args) {
606  if (IsUndefinedConstant(receiver) || IsNullConstant(receiver)) {
607  return UncheckedCast<Object>(CallJS(
608  CodeFactory::Call(isolate(), ConvertReceiverMode::kNullOrUndefined),
609  context, callable, receiver, args...));
610  }
611  return UncheckedCast<Object>(CallJS(CodeFactory::Call(isolate()), context,
612  callable, receiver, args...));
613  }
614 
615  template <class... TArgs>
616  TNode<JSReceiver> Construct(TNode<Context> context,
617  TNode<JSReceiver> new_target, TArgs... args) {
618  return CAST(ConstructJS(CodeFactory::Construct(isolate()), context,
619  new_target, implicit_cast<TNode<Object>>(args)...));
620  }
621 
622  template <class A, class F, class G>
623  TNode<A> Select(SloppyTNode<BoolT> condition, const F& true_body,
624  const G& false_body) {
625  return UncheckedCast<A>(SelectImpl(
626  condition,
627  [&]() -> Node* { return implicit_cast<TNode<A>>(true_body()); },
628  [&]() -> Node* { return implicit_cast<TNode<A>>(false_body()); },
629  MachineRepresentationOf<A>::value));
630  }
631 
632  template <class A>
633  TNode<A> SelectConstant(TNode<BoolT> condition, TNode<A> true_value,
634  TNode<A> false_value) {
635  return Select<A>(condition, [=] { return true_value; },
636  [=] { return false_value; });
637  }
638 
639  TNode<Int32T> SelectInt32Constant(SloppyTNode<BoolT> condition,
640  int true_value, int false_value);
641  TNode<IntPtrT> SelectIntPtrConstant(SloppyTNode<BoolT> condition,
642  int true_value, int false_value);
643  TNode<Oddball> SelectBooleanConstant(SloppyTNode<BoolT> condition);
644  TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, Smi true_value,
645  Smi false_value);
646  TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, int true_value,
647  Smi false_value) {
648  return SelectSmiConstant(condition, Smi::FromInt(true_value), false_value);
649  }
650  TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, Smi true_value,
651  int false_value) {
652  return SelectSmiConstant(condition, true_value, Smi::FromInt(false_value));
653  }
654  TNode<Smi> SelectSmiConstant(SloppyTNode<BoolT> condition, int true_value,
655  int false_value) {
656  return SelectSmiConstant(condition, Smi::FromInt(true_value),
657  Smi::FromInt(false_value));
658  }
659 
660  TNode<Int32T> TruncateIntPtrToInt32(SloppyTNode<IntPtrT> value);
661 
662  // Check a value for smi-ness
663  TNode<BoolT> TaggedIsSmi(SloppyTNode<Object> a);
664  TNode<BoolT> TaggedIsSmi(TNode<MaybeObject> a);
665  TNode<BoolT> TaggedIsNotSmi(SloppyTNode<Object> a);
666  // Check that the value is a non-negative smi.
667  TNode<BoolT> TaggedIsPositiveSmi(SloppyTNode<Object> a);
668  // Check that a word has a word-aligned address.
669  TNode<BoolT> WordIsWordAligned(SloppyTNode<WordT> word);
670  TNode<BoolT> WordIsPowerOfTwo(SloppyTNode<IntPtrT> value);
671 
672 #if DEBUG
673  void Bind(Label* label, AssemblerDebugInfo debug_info);
674 #endif // DEBUG
675  void Bind(Label* label);
676 
677  template <class... T>
678  void Bind(compiler::CodeAssemblerParameterizedLabel<T...>* label,
679  TNode<T>*... phis) {
680  CodeAssembler::Bind(label, phis...);
681  }
682 
683  void BranchIfSmiEqual(TNode<Smi> a, TNode<Smi> b, Label* if_true,
684  Label* if_false) {
685  Branch(SmiEqual(a, b), if_true, if_false);
686  }
687 
688  void BranchIfSmiLessThan(TNode<Smi> a, TNode<Smi> b, Label* if_true,
689  Label* if_false) {
690  Branch(SmiLessThan(a, b), if_true, if_false);
691  }
692 
693  void BranchIfSmiLessThanOrEqual(TNode<Smi> a, TNode<Smi> b, Label* if_true,
694  Label* if_false) {
695  Branch(SmiLessThanOrEqual(a, b), if_true, if_false);
696  }
697 
698  void BranchIfFloat64IsNaN(Node* value, Label* if_true, Label* if_false) {
699  Branch(Float64Equal(value, value), if_false, if_true);
700  }
701 
702  // Branches to {if_true} if ToBoolean applied to {value} yields true,
703  // otherwise goes to {if_false}.
704  void BranchIfToBooleanIsTrue(Node* value, Label* if_true, Label* if_false);
705 
706  void BranchIfJSReceiver(Node* object, Label* if_true, Label* if_false);
707 
708  // Branches to {if_true} when --force-slow-path flag has been passed.
709  // It's used for testing to ensure that slow path implementation behave
710  // equivalent to corresponding fast paths (where applicable).
711  //
712  // Works only with V8_ENABLE_FORCE_SLOW_PATH compile time flag. Nop otherwise.
713  void GotoIfForceSlowPath(Label* if_true);
714 
715  // Branches to {if_true} when Debug::ExecutionMode is DebugInfo::kSideEffect.
716  void GotoIfDebugExecutionModeChecksSideEffects(Label* if_true);
717 
718  // Load value from current frame by given offset in bytes.
719  Node* LoadFromFrame(int offset, MachineType rep = MachineType::AnyTagged());
720  // Load value from current parent frame by given offset in bytes.
721  Node* LoadFromParentFrame(int offset,
722  MachineType rep = MachineType::AnyTagged());
723 
724  // Load target function from the current JS frame.
725  // This is an alternative way of getting the target function in addition to
726  // Parameter(Descriptor::kJSTarget). The latter should be used near the
727  // beginning of builtin code while the target value is still in the register
728  // and the former should be used in slow paths in order to reduce register
729  // pressure on the fast path.
730  TNode<JSFunction> LoadTargetFromFrame();
731 
732  // Load an object pointer from a buffer that isn't in the heap.
733  Node* LoadBufferObject(Node* buffer, int offset,
734  MachineType rep = MachineType::AnyTagged());
735  // Load a field from an object on the heap.
736  Node* LoadObjectField(SloppyTNode<HeapObject> object, int offset,
737  MachineType rep);
738  template <class T, typename std::enable_if<
739  std::is_convertible<TNode<T>, TNode<Object>>::value,
740  int>::type = 0>
741  TNode<T> LoadObjectField(TNode<HeapObject> object, int offset) {
742  return CAST(LoadObjectField(object, offset, MachineTypeOf<T>::value));
743  }
744  template <class T, typename std::enable_if<
745  std::is_convertible<TNode<T>, TNode<UntaggedT>>::value,
746  int>::type = 0>
747  TNode<T> LoadObjectField(TNode<HeapObject> object, int offset) {
748  return UncheckedCast<T>(
749  LoadObjectField(object, offset, MachineTypeOf<T>::value));
750  }
751  TNode<Object> LoadObjectField(SloppyTNode<HeapObject> object, int offset) {
752  return UncheckedCast<Object>(
753  LoadObjectField(object, offset, MachineType::AnyTagged()));
754  }
755  Node* LoadObjectField(SloppyTNode<HeapObject> object,
756  SloppyTNode<IntPtrT> offset, MachineType rep);
757  TNode<Object> LoadObjectField(SloppyTNode<HeapObject> object,
758  SloppyTNode<IntPtrT> offset) {
759  return UncheckedCast<Object>(
760  LoadObjectField(object, offset, MachineType::AnyTagged()));
761  }
762  template <class T, typename std::enable_if<
763  std::is_convertible<TNode<T>, TNode<UntaggedT>>::value,
764  int>::type = 0>
765  TNode<T> LoadObjectField(TNode<HeapObject> object, TNode<IntPtrT> offset) {
766  return UncheckedCast<T>(
767  LoadObjectField(object, offset, MachineTypeOf<T>::value));
768  }
769  // Load a SMI field and untag it.
770  TNode<IntPtrT> LoadAndUntagObjectField(SloppyTNode<HeapObject> object,
771  int offset);
772  // Load a SMI field, untag it, and convert to Word32.
773  TNode<Int32T> LoadAndUntagToWord32ObjectField(Node* object, int offset);
774  // Load a SMI and untag it.
775  TNode<IntPtrT> LoadAndUntagSmi(Node* base, int index);
776  // Load a SMI root, untag it, and convert to Word32.
777  TNode<Int32T> LoadAndUntagToWord32Root(RootIndex root_index);
778 
779  TNode<MaybeObject> LoadMaybeWeakObjectField(SloppyTNode<HeapObject> object,
780  int offset) {
781  return UncheckedCast<MaybeObject>(
782  LoadObjectField(object, offset, MachineType::AnyTagged()));
783  }
784 
785  // Tag a smi and store it.
786  Node* StoreAndTagSmi(Node* base, int offset, Node* value);
787 
788  // Load the floating point value of a HeapNumber.
789  TNode<Float64T> LoadHeapNumberValue(SloppyTNode<HeapNumber> object);
790  // Load the Map of an HeapObject.
791  TNode<Map> LoadMap(SloppyTNode<HeapObject> object);
792  // Load the instance type of an HeapObject.
793  TNode<Int32T> LoadInstanceType(SloppyTNode<HeapObject> object);
794  // Compare the instance the type of the object against the provided one.
795  TNode<BoolT> HasInstanceType(SloppyTNode<HeapObject> object,
796  InstanceType type);
797  TNode<BoolT> DoesntHaveInstanceType(SloppyTNode<HeapObject> object,
798  InstanceType type);
799  TNode<BoolT> TaggedDoesntHaveInstanceType(SloppyTNode<HeapObject> any_tagged,
800  InstanceType type);
801  // Load the properties backing store of a JSObject.
802  TNode<HeapObject> LoadSlowProperties(SloppyTNode<JSObject> object);
803  TNode<HeapObject> LoadFastProperties(SloppyTNode<JSObject> object);
804  // Load the elements backing store of a JSObject.
805  TNode<FixedArrayBase> LoadElements(SloppyTNode<JSObject> object);
806  // Load the length of a JSArray instance.
807  TNode<Object> LoadJSArgumentsObjectWithLength(
808  SloppyTNode<JSArgumentsObjectWithLength> array);
809  // Load the length of a JSArray instance.
810  TNode<Number> LoadJSArrayLength(SloppyTNode<JSArray> array);
811  // Load the length of a fast JSArray instance. Returns a positive Smi.
812  TNode<Smi> LoadFastJSArrayLength(SloppyTNode<JSArray> array);
813  // Load the length of a fixed array base instance.
814  TNode<Smi> LoadFixedArrayBaseLength(SloppyTNode<FixedArrayBase> array);
815  // Load the length of a fixed array base instance.
816  TNode<IntPtrT> LoadAndUntagFixedArrayBaseLength(
817  SloppyTNode<FixedArrayBase> array);
818  // Load the length of a WeakFixedArray.
819  TNode<Smi> LoadWeakFixedArrayLength(TNode<WeakFixedArray> array);
820  TNode<IntPtrT> LoadAndUntagWeakFixedArrayLength(
821  SloppyTNode<WeakFixedArray> array);
822  // Load the number of descriptors in DescriptorArray.
823  TNode<Int32T> LoadNumberOfDescriptors(TNode<DescriptorArray> array);
824  // Load the bit field of a Map.
825  TNode<Int32T> LoadMapBitField(SloppyTNode<Map> map);
826  // Load bit field 2 of a map.
827  TNode<Int32T> LoadMapBitField2(SloppyTNode<Map> map);
828  // Load bit field 3 of a map.
829  TNode<Uint32T> LoadMapBitField3(SloppyTNode<Map> map);
830  // Load the instance type of a map.
831  TNode<Int32T> LoadMapInstanceType(SloppyTNode<Map> map);
832  // Load the ElementsKind of a map.
833  TNode<Int32T> LoadMapElementsKind(SloppyTNode<Map> map);
834  TNode<Int32T> LoadElementsKind(SloppyTNode<HeapObject> object);
835  // Load the instance descriptors of a map.
836  TNode<DescriptorArray> LoadMapDescriptors(SloppyTNode<Map> map);
837  // Load the prototype of a map.
838  TNode<HeapObject> LoadMapPrototype(SloppyTNode<Map> map);
839  // Load the prototype info of a map. The result has to be checked if it is a
840  // prototype info object or not.
841  TNode<PrototypeInfo> LoadMapPrototypeInfo(SloppyTNode<Map> map,
842  Label* if_has_no_proto_info);
843  // Load the instance size of a Map.
844  TNode<IntPtrT> LoadMapInstanceSizeInWords(SloppyTNode<Map> map);
845  // Load the inobject properties start of a Map (valid only for JSObjects).
846  TNode<IntPtrT> LoadMapInobjectPropertiesStartInWords(SloppyTNode<Map> map);
847  // Load the constructor function index of a Map (only for primitive maps).
848  TNode<IntPtrT> LoadMapConstructorFunctionIndex(SloppyTNode<Map> map);
849  // Load the constructor of a Map (equivalent to Map::GetConstructor()).
850  TNode<Object> LoadMapConstructor(SloppyTNode<Map> map);
851  // Load the EnumLength of a Map.
852  Node* LoadMapEnumLength(SloppyTNode<Map> map);
853  // Load the back-pointer of a Map.
854  TNode<Object> LoadMapBackPointer(SloppyTNode<Map> map);
855  // Checks that |map| has only simple properties, returns bitfield3.
856  TNode<Uint32T> EnsureOnlyHasSimpleProperties(TNode<Map> map,
857  TNode<Int32T> instance_type,
858  Label* bailout);
859  // Load the identity hash of a JSRececiver.
860  TNode<IntPtrT> LoadJSReceiverIdentityHash(SloppyTNode<Object> receiver,
861  Label* if_no_hash = nullptr);
862 
863  // This is only used on a newly allocated PropertyArray which
864  // doesn't have an existing hash.
865  void InitializePropertyArrayLength(Node* property_array, Node* length,
866  ParameterMode mode);
867 
868  // Check if the map is set for slow properties.
869  TNode<BoolT> IsDictionaryMap(SloppyTNode<Map> map);
870 
871  // Load the hash field of a name as an uint32 value.
872  TNode<Uint32T> LoadNameHashField(SloppyTNode<Name> name);
873  // Load the hash value of a name as an uint32 value.
874  // If {if_hash_not_computed} label is specified then it also checks if
875  // hash is actually computed.
876  TNode<Uint32T> LoadNameHash(SloppyTNode<Name> name,
877  Label* if_hash_not_computed = nullptr);
878 
879  // Load length field of a String object as Smi value.
880  TNode<Smi> LoadStringLengthAsSmi(SloppyTNode<String> string);
881  // Load length field of a String object as intptr_t value.
882  TNode<IntPtrT> LoadStringLengthAsWord(SloppyTNode<String> string);
883  // Load length field of a String object as uint32_t value.
884  TNode<Uint32T> LoadStringLengthAsWord32(SloppyTNode<String> string);
885  // Loads a pointer to the sequential String char array.
886  Node* PointerToSeqStringData(Node* seq_string);
887  // Load value field of a JSValue object.
888  Node* LoadJSValueValue(Node* object);
889 
890  // Figures out whether the value of maybe_object is:
891  // - a SMI (jump to "if_smi", "extracted" will be the SMI value)
892  // - a cleared weak reference (jump to "if_cleared", "extracted" will be
893  // untouched)
894  // - a weak reference (jump to "if_weak", "extracted" will be the object
895  // pointed to)
896  // - a strong reference (jump to "if_strong", "extracted" will be the object
897  // pointed to)
898  void DispatchMaybeObject(TNode<MaybeObject> maybe_object, Label* if_smi,
899  Label* if_cleared, Label* if_weak, Label* if_strong,
900  TVariable<Object>* extracted);
901  // See MaybeObject for semantics of these functions.
902  TNode<BoolT> IsStrong(TNode<MaybeObject> value);
903  // This variant is for overzealous checking.
904  TNode<BoolT> IsStrong(TNode<Object> value) {
905  return IsStrong(ReinterpretCast<MaybeObject>(value));
906  }
907  TNode<HeapObject> GetHeapObjectIfStrong(TNode<MaybeObject> value,
908  Label* if_not_strong);
909 
910  TNode<BoolT> IsWeakOrCleared(TNode<MaybeObject> value);
911  TNode<BoolT> IsCleared(TNode<MaybeObject> value);
912  TNode<BoolT> IsNotCleared(TNode<MaybeObject> value);
913 
914  // Removes the weak bit + asserts it was set.
915  TNode<HeapObject> GetHeapObjectAssumeWeak(TNode<MaybeObject> value);
916 
917  TNode<HeapObject> GetHeapObjectAssumeWeak(TNode<MaybeObject> value,
918  Label* if_cleared);
919 
920  TNode<BoolT> IsWeakReferenceTo(TNode<MaybeObject> object,
921  TNode<Object> value);
922  TNode<BoolT> IsNotWeakReferenceTo(TNode<MaybeObject> object,
923  TNode<Object> value);
924  TNode<BoolT> IsStrongReferenceTo(TNode<MaybeObject> object,
925  TNode<Object> value);
926 
927  TNode<MaybeObject> MakeWeak(TNode<HeapObject> value);
928 
929  void FixedArrayBoundsCheck(TNode<FixedArrayBase> array, Node* index,
930  int additional_offset = 0,
931  ParameterMode parameter_mode = INTPTR_PARAMETERS);
932 
933  // Array is any array-like type that has a fixed header followed by
934  // tagged elements.
935  template <typename Array>
936  TNode<IntPtrT> LoadArrayLength(TNode<Array> array);
937 
938  // Array is any array-like type that has a fixed header followed by
939  // tagged elements.
940  template <typename Array>
941  TNode<MaybeObject> LoadArrayElement(
942  TNode<Array> array, int array_header_size, Node* index,
943  int additional_offset = 0,
944  ParameterMode parameter_mode = INTPTR_PARAMETERS,
945  LoadSensitivity needs_poisoning = LoadSensitivity::kSafe);
946 
947  TNode<Object> LoadFixedArrayElement(
948  TNode<FixedArray> object, Node* index, int additional_offset = 0,
949  ParameterMode parameter_mode = INTPTR_PARAMETERS,
950  LoadSensitivity needs_poisoning = LoadSensitivity::kSafe);
951 
952  TNode<Object> LoadFixedArrayElement(TNode<FixedArray> object,
953  TNode<IntPtrT> index,
954  LoadSensitivity needs_poisoning) {
955  return LoadFixedArrayElement(object, index, 0, INTPTR_PARAMETERS,
956  needs_poisoning);
957  }
958 
959  TNode<Object> LoadFixedArrayElement(
960  TNode<FixedArray> object, TNode<IntPtrT> index, int additional_offset = 0,
961  LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) {
962  return LoadFixedArrayElement(object, index, additional_offset,
963  INTPTR_PARAMETERS, needs_poisoning);
964  }
965 
966  TNode<Object> LoadFixedArrayElement(
967  TNode<FixedArray> object, int index, int additional_offset = 0,
968  LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) {
969  return LoadFixedArrayElement(object, IntPtrConstant(index),
970  additional_offset, INTPTR_PARAMETERS,
971  needs_poisoning);
972  }
973  TNode<Object> LoadFixedArrayElement(TNode<FixedArray> object,
974  TNode<Smi> index) {
975  return LoadFixedArrayElement(object, index, 0, SMI_PARAMETERS);
976  }
977 
978  TNode<Object> LoadPropertyArrayElement(TNode<PropertyArray> object,
979  SloppyTNode<IntPtrT> index);
980  TNode<IntPtrT> LoadPropertyArrayLength(TNode<PropertyArray> object);
981 
982  // Load an element from an array and untag it and return it as Word32.
983  // Array is any array-like type that has a fixed header followed by
984  // tagged elements.
985  template <typename Array>
986  TNode<Int32T> LoadAndUntagToWord32ArrayElement(
987  TNode<Array> array, int array_header_size, Node* index,
988  int additional_offset = 0,
989  ParameterMode parameter_mode = INTPTR_PARAMETERS);
990 
991  // Load an array element from a FixedArray, untag it and return it as Word32.
992  TNode<Int32T> LoadAndUntagToWord32FixedArrayElement(
993  TNode<FixedArray> object, Node* index, int additional_offset = 0,
994  ParameterMode parameter_mode = INTPTR_PARAMETERS);
995 
996  TNode<Int32T> LoadAndUntagToWord32FixedArrayElement(
997  TNode<FixedArray> object, int index, int additional_offset = 0) {
998  return LoadAndUntagToWord32FixedArrayElement(
999  object, IntPtrConstant(index), additional_offset, INTPTR_PARAMETERS);
1000  }
1001 
1002  // Load an array element from a WeakFixedArray.
1003  TNode<MaybeObject> LoadWeakFixedArrayElement(
1004  TNode<WeakFixedArray> object, Node* index, int additional_offset = 0,
1005  ParameterMode parameter_mode = INTPTR_PARAMETERS,
1006  LoadSensitivity needs_poisoning = LoadSensitivity::kSafe);
1007 
1008  TNode<MaybeObject> LoadWeakFixedArrayElement(
1009  TNode<WeakFixedArray> object, int index, int additional_offset = 0,
1010  LoadSensitivity needs_poisoning = LoadSensitivity::kSafe) {
1011  return LoadWeakFixedArrayElement(object, IntPtrConstant(index),
1012  additional_offset, INTPTR_PARAMETERS,
1013  needs_poisoning);
1014  }
1015 
1016  // Load an array element from a FixedDoubleArray.
1017  TNode<Float64T> LoadFixedDoubleArrayElement(
1018  SloppyTNode<FixedDoubleArray> object, Node* index,
1019  MachineType machine_type, int additional_offset = 0,
1020  ParameterMode parameter_mode = INTPTR_PARAMETERS,
1021  Label* if_hole = nullptr);
1022 
1023  Node* LoadFixedDoubleArrayElement(TNode<FixedDoubleArray> object,
1024  TNode<Smi> index,
1025  Label* if_hole = nullptr) {
1026  return LoadFixedDoubleArrayElement(object, index, MachineType::Float64(), 0,
1027  SMI_PARAMETERS, if_hole);
1028  }
1029 
1030  Node* LoadFixedDoubleArrayElement(TNode<FixedDoubleArray> object,
1031  TNode<IntPtrT> index,
1032  Label* if_hole = nullptr) {
1033  return LoadFixedDoubleArrayElement(object, index, MachineType::Float64(), 0,
1034  INTPTR_PARAMETERS, if_hole);
1035  }
1036 
1037  // Load an array element from a FixedArray, FixedDoubleArray or a
1038  // NumberDictionary (depending on the |elements_kind|) and return
1039  // it as a tagged value. Assumes that the |index| passed a length
1040  // check before. Bails out to |if_accessor| if the element that
1041  // was found is an accessor, or to |if_hole| if the element at
1042  // the given |index| is not found in |elements|.
1043  TNode<Object> LoadFixedArrayBaseElementAsTagged(
1044  TNode<FixedArrayBase> elements, TNode<IntPtrT> index,
1045  TNode<Int32T> elements_kind, Label* if_accessor, Label* if_hole);
1046 
1047  // Load a feedback slot from a FeedbackVector.
1048  TNode<MaybeObject> LoadFeedbackVectorSlot(
1049  Node* object, Node* index, int additional_offset = 0,
1050  ParameterMode parameter_mode = INTPTR_PARAMETERS);
1051 
1052  TNode<IntPtrT> LoadFeedbackVectorLength(TNode<FeedbackVector>);
1053  TNode<Float64T> LoadDoubleWithHoleCheck(TNode<FixedDoubleArray> array,
1054  TNode<Smi> index,
1055  Label* if_hole = nullptr);
1056  TNode<Float64T> LoadDoubleWithHoleCheck(TNode<FixedDoubleArray> array,
1057  TNode<IntPtrT> index,
1058  Label* if_hole = nullptr);
1059 
1060  // Load Float64 value by |base| + |offset| address. If the value is a double
1061  // hole then jump to |if_hole|. If |machine_type| is None then only the hole
1062  // check is generated.
1063  TNode<Float64T> LoadDoubleWithHoleCheck(
1064  SloppyTNode<Object> base, SloppyTNode<IntPtrT> offset, Label* if_hole,
1065  MachineType machine_type = MachineType::Float64());
1066  TNode<RawPtrT> LoadFixedTypedArrayBackingStore(
1067  TNode<FixedTypedArrayBase> typed_array);
1068  Node* LoadFixedTypedArrayElementAsTagged(
1069  Node* data_pointer, Node* index_node, ElementsKind elements_kind,
1070  ParameterMode parameter_mode = INTPTR_PARAMETERS);
1071  TNode<Numeric> LoadFixedTypedArrayElementAsTagged(
1072  TNode<WordT> data_pointer, TNode<Smi> index, TNode<Int32T> elements_kind);
1073  // Parts of the above, factored out for readability:
1074  Node* LoadFixedBigInt64ArrayElementAsTagged(Node* data_pointer, Node* offset);
1075  Node* LoadFixedBigUint64ArrayElementAsTagged(Node* data_pointer,
1076  Node* offset);
1077  // 64-bit platforms only:
1078  TNode<BigInt> BigIntFromInt64(TNode<IntPtrT> value);
1079  TNode<BigInt> BigIntFromUint64(TNode<UintPtrT> value);
1080  // 32-bit platforms only:
1081  TNode<BigInt> BigIntFromInt32Pair(TNode<IntPtrT> low, TNode<IntPtrT> high);
1082  TNode<BigInt> BigIntFromUint32Pair(TNode<UintPtrT> low, TNode<UintPtrT> high);
1083 
1084  void StoreFixedTypedArrayElementFromTagged(
1085  TNode<Context> context, TNode<FixedTypedArrayBase> elements,
1086  TNode<Object> index_node, TNode<Object> value, ElementsKind elements_kind,
1087  ParameterMode parameter_mode);
1088 
1089  // Context manipulation
1090  TNode<Object> LoadContextElement(SloppyTNode<Context> context,
1091  int slot_index);
1092  TNode<Object> LoadContextElement(SloppyTNode<Context> context,
1093  SloppyTNode<IntPtrT> slot_index);
1094  TNode<Object> LoadContextElement(TNode<Context> context,
1095  TNode<Smi> slot_index);
1096  void StoreContextElement(SloppyTNode<Context> context, int slot_index,
1097  SloppyTNode<Object> value);
1098  void StoreContextElement(SloppyTNode<Context> context,
1099  SloppyTNode<IntPtrT> slot_index,
1100  SloppyTNode<Object> value);
1101  void StoreContextElementNoWriteBarrier(SloppyTNode<Context> context,
1102  int slot_index,
1103  SloppyTNode<Object> value);
1104  TNode<Context> LoadNativeContext(SloppyTNode<Context> context);
1105  // Calling this is only valid if there's a module context in the chain.
1106  TNode<Context> LoadModuleContext(SloppyTNode<Context> context);
1107 
1108  void GotoIfContextElementEqual(Node* value, Node* native_context,
1109  int slot_index, Label* if_equal) {
1110  GotoIf(WordEqual(value, LoadContextElement(native_context, slot_index)),
1111  if_equal);
1112  }
1113 
1114  TNode<Map> LoadJSArrayElementsMap(ElementsKind kind,
1115  SloppyTNode<Context> native_context);
1116  TNode<Map> LoadJSArrayElementsMap(SloppyTNode<Int32T> kind,
1117  SloppyTNode<Context> native_context);
1118 
1119  TNode<BoolT> IsGeneratorFunction(TNode<JSFunction> function);
1120  TNode<BoolT> HasPrototypeProperty(TNode<JSFunction> function, TNode<Map> map);
1121  void GotoIfPrototypeRequiresRuntimeLookup(TNode<JSFunction> function,
1122  TNode<Map> map, Label* runtime);
1123  // Load the "prototype" property of a JSFunction.
1124  Node* LoadJSFunctionPrototype(Node* function, Label* if_bailout);
1125 
1126  TNode<BytecodeArray> LoadSharedFunctionInfoBytecodeArray(
1127  SloppyTNode<SharedFunctionInfo> shared);
1128 
1129  TNode<Object> LoadJSFunctionPrototypeOrInitialMap(
1130  TNode<JSFunction> function) {
1131  return LoadObjectField(function, JSFunction::kPrototypeOrInitialMapOffset);
1132  }
1133 
1134  void StoreObjectByteNoWriteBarrier(TNode<HeapObject> object, int offset,
1135  TNode<Word32T> value);
1136 
1137  // Store the floating point value of a HeapNumber.
1138  void StoreHeapNumberValue(SloppyTNode<HeapNumber> object,
1139  SloppyTNode<Float64T> value);
1140  void StoreMutableHeapNumberValue(SloppyTNode<MutableHeapNumber> object,
1141  SloppyTNode<Float64T> value);
1142  // Store a field to an object on the heap.
1143  Node* StoreObjectField(Node* object, int offset, Node* value);
1144  Node* StoreObjectField(Node* object, Node* offset, Node* value);
1145  Node* StoreObjectFieldNoWriteBarrier(
1146  Node* object, int offset, Node* value,
1147  MachineRepresentation rep = MachineRepresentation::kTagged);
1148  Node* StoreObjectFieldNoWriteBarrier(
1149  Node* object, Node* offset, Node* value,
1150  MachineRepresentation rep = MachineRepresentation::kTagged);
1151 
1152  template <class T = Object>
1153  TNode<T> StoreObjectFieldNoWriteBarrier(TNode<HeapObject> object,
1154  TNode<IntPtrT> offset,
1155  TNode<T> value) {
1156  return UncheckedCast<T>(StoreObjectFieldNoWriteBarrier(
1157  object, offset, value, MachineRepresentationOf<T>::value));
1158  }
1159 
1160  // Store the Map of an HeapObject.
1161  Node* StoreMap(Node* object, Node* map);
1162  Node* StoreMapNoWriteBarrier(Node* object, RootIndex map_root_index);
1163  Node* StoreMapNoWriteBarrier(Node* object, Node* map);
1164  Node* StoreObjectFieldRoot(Node* object, int offset, RootIndex root);
1165  // Store an array element to a FixedArray.
1166  void StoreFixedArrayElement(
1167  TNode<FixedArray> object, int index, SloppyTNode<Object> value,
1168  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER) {
1169  return StoreFixedArrayElement(object, IntPtrConstant(index), value,
1170  barrier_mode);
1171  }
1172  void StoreFixedArrayElement(TNode<FixedArray> object, int index,
1173  TNode<Smi> value) {
1174  return StoreFixedArrayElement(object, IntPtrConstant(index), value,
1175  SKIP_WRITE_BARRIER);
1176  }
1177 
1178  Node* StoreJSArrayLength(TNode<JSArray> array, TNode<Smi> length);
1179  Node* StoreElements(TNode<Object> object, TNode<FixedArrayBase> elements);
1180 
1181  void StoreFixedArrayOrPropertyArrayElement(
1182  Node* array, Node* index, Node* value,
1183  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1184  int additional_offset = 0,
1185  ParameterMode parameter_mode = INTPTR_PARAMETERS);
1186 
1187  void StoreFixedArrayElement(
1188  TNode<FixedArray> array, Node* index, SloppyTNode<Object> value,
1189  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1190  int additional_offset = 0,
1191  ParameterMode parameter_mode = INTPTR_PARAMETERS) {
1192  FixedArrayBoundsCheck(array, index, additional_offset, parameter_mode);
1193  StoreFixedArrayOrPropertyArrayElement(array, index, value, barrier_mode,
1194  additional_offset, parameter_mode);
1195  }
1196 
1197  void StorePropertyArrayElement(
1198  TNode<PropertyArray> array, Node* index, SloppyTNode<Object> value,
1199  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1200  int additional_offset = 0,
1201  ParameterMode parameter_mode = INTPTR_PARAMETERS) {
1202  StoreFixedArrayOrPropertyArrayElement(array, index, value, barrier_mode,
1203  additional_offset, parameter_mode);
1204  }
1205 
1206  void StoreFixedArrayElementSmi(
1207  TNode<FixedArray> array, TNode<Smi> index, TNode<Object> value,
1208  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER) {
1209  StoreFixedArrayElement(array, index, value, barrier_mode, 0,
1210  SMI_PARAMETERS);
1211  }
1212  void StoreFixedArrayElement(TNode<FixedArray> array, TNode<IntPtrT> index,
1213  TNode<Smi> value) {
1214  StoreFixedArrayElement(array, index, value, SKIP_WRITE_BARRIER, 0);
1215  }
1216 
1217  void StoreFixedDoubleArrayElement(
1218  TNode<FixedDoubleArray> object, Node* index, TNode<Float64T> value,
1219  ParameterMode parameter_mode = INTPTR_PARAMETERS);
1220 
1221  void StoreFixedDoubleArrayElementSmi(TNode<FixedDoubleArray> object,
1222  TNode<Smi> index,
1223  TNode<Float64T> value) {
1224  StoreFixedDoubleArrayElement(object, index, value, SMI_PARAMETERS);
1225  }
1226 
1227  void StoreFixedDoubleArrayHole(TNode<FixedDoubleArray> array, Node* index,
1228  ParameterMode mode = INTPTR_PARAMETERS);
1229  void StoreFixedDoubleArrayHoleSmi(TNode<FixedDoubleArray> array,
1230  TNode<Smi> index) {
1231  StoreFixedDoubleArrayHole(array, index, SMI_PARAMETERS);
1232  }
1233 
1234  Node* StoreFeedbackVectorSlot(
1235  Node* object, Node* index, Node* value,
1236  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1237  int additional_offset = 0,
1238  ParameterMode parameter_mode = INTPTR_PARAMETERS);
1239 
1240  void EnsureArrayLengthWritable(TNode<Map> map, Label* bailout);
1241 
1242  // EnsureArrayPushable verifies that receiver with this map is:
1243  // 1. Is not a prototype.
1244  // 2. Is not a dictionary.
1245  // 3. Has a writeable length property.
1246  // It returns ElementsKind as a node for further division into cases.
1247  TNode<Int32T> EnsureArrayPushable(TNode<Map> map, Label* bailout);
1248 
1249  void TryStoreArrayElement(ElementsKind kind, ParameterMode mode,
1250  Label* bailout, Node* elements, Node* index,
1251  Node* value);
1252  // Consumes args into the array, and returns tagged new length.
1253  TNode<Smi> BuildAppendJSArray(ElementsKind kind, SloppyTNode<JSArray> array,
1254  CodeStubArguments* args,
1255  TVariable<IntPtrT>* arg_index, Label* bailout);
1256  // Pushes value onto the end of array.
1257  void BuildAppendJSArray(ElementsKind kind, Node* array, Node* value,
1258  Label* bailout);
1259 
1260  void StoreFieldsNoWriteBarrier(Node* start_address, Node* end_address,
1261  Node* value);
1262 
1263  Node* AllocateCellWithValue(Node* value,
1264  WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
1265  Node* AllocateSmiCell(int value = 0) {
1266  return AllocateCellWithValue(SmiConstant(value), SKIP_WRITE_BARRIER);
1267  }
1268 
1269  Node* LoadCellValue(Node* cell);
1270 
1271  Node* StoreCellValue(Node* cell, Node* value,
1272  WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
1273 
1274  // Allocate a HeapNumber without initializing its value.
1275  TNode<HeapNumber> AllocateHeapNumber();
1276  // Allocate a HeapNumber with a specific value.
1277  TNode<HeapNumber> AllocateHeapNumberWithValue(SloppyTNode<Float64T> value);
1278  TNode<HeapNumber> AllocateHeapNumberWithValue(double value) {
1279  return AllocateHeapNumberWithValue(Float64Constant(value));
1280  }
1281 
1282  // Allocate a MutableHeapNumber with a specific value.
1283  TNode<MutableHeapNumber> AllocateMutableHeapNumberWithValue(
1284  SloppyTNode<Float64T> value);
1285 
1286  // Allocate a BigInt with {length} digits. Sets the sign bit to {false}.
1287  // Does not initialize the digits.
1288  TNode<BigInt> AllocateBigInt(TNode<IntPtrT> length);
1289  // Like above, but allowing custom bitfield initialization.
1290  TNode<BigInt> AllocateRawBigInt(TNode<IntPtrT> length);
1291  void StoreBigIntBitfield(TNode<BigInt> bigint, TNode<WordT> bitfield);
1292  void StoreBigIntDigit(TNode<BigInt> bigint, int digit_index,
1293  TNode<UintPtrT> digit);
1294  TNode<WordT> LoadBigIntBitfield(TNode<BigInt> bigint);
1295  TNode<UintPtrT> LoadBigIntDigit(TNode<BigInt> bigint, int digit_index);
1296 
1297  // Allocate a SeqOneByteString with the given length.
1298  TNode<String> AllocateSeqOneByteString(uint32_t length,
1299  AllocationFlags flags = kNone);
1300  TNode<String> AllocateSeqOneByteString(Node* context, TNode<Uint32T> length,
1301  AllocationFlags flags = kNone);
1302  // Allocate a SeqTwoByteString with the given length.
1303  TNode<String> AllocateSeqTwoByteString(uint32_t length,
1304  AllocationFlags flags = kNone);
1305  TNode<String> AllocateSeqTwoByteString(Node* context, TNode<Uint32T> length,
1306  AllocationFlags flags = kNone);
1307 
1308  // Allocate a SlicedOneByteString with the given length, parent and offset.
1309  // |length| and |offset| are expected to be tagged.
1310 
1311  TNode<String> AllocateSlicedOneByteString(TNode<Uint32T> length,
1312  TNode<String> parent,
1313  TNode<Smi> offset);
1314  // Allocate a SlicedTwoByteString with the given length, parent and offset.
1315  // |length| and |offset| are expected to be tagged.
1316  TNode<String> AllocateSlicedTwoByteString(TNode<Uint32T> length,
1317  TNode<String> parent,
1318  TNode<Smi> offset);
1319 
1320  // Allocate a one-byte ConsString with the given length, first and second
1321  // parts. |length| is expected to be tagged, and |first| and |second| are
1322  // expected to be one-byte strings.
1323  TNode<String> AllocateOneByteConsString(TNode<Uint32T> length,
1324  TNode<String> first,
1325  TNode<String> second,
1326  AllocationFlags flags = kNone);
1327  // Allocate a two-byte ConsString with the given length, first and second
1328  // parts. |length| is expected to be tagged, and |first| and |second| are
1329  // expected to be two-byte strings.
1330  TNode<String> AllocateTwoByteConsString(TNode<Uint32T> length,
1331  TNode<String> first,
1332  TNode<String> second,
1333  AllocationFlags flags = kNone);
1334 
1335  // Allocate an appropriate one- or two-byte ConsString with the first and
1336  // second parts specified by |left| and |right|.
1337  TNode<String> NewConsString(TNode<Uint32T> length, TNode<String> left,
1338  TNode<String> right,
1339  AllocationFlags flags = kNone);
1340 
1341  TNode<NameDictionary> AllocateNameDictionary(int at_least_space_for);
1342  TNode<NameDictionary> AllocateNameDictionary(
1343  TNode<IntPtrT> at_least_space_for);
1344  TNode<NameDictionary> AllocateNameDictionaryWithCapacity(
1345  TNode<IntPtrT> capacity);
1346  TNode<NameDictionary> CopyNameDictionary(TNode<NameDictionary> dictionary,
1347  Label* large_object_fallback);
1348 
1349  template <typename CollectionType>
1350  Node* AllocateOrderedHashTable();
1351 
1352  // Builds code that finds OrderedHashTable entry for a key with hash code
1353  // {hash} with using the comparison code generated by {key_compare}. The code
1354  // jumps to {entry_found} if the key is found, or to {not_found} if the key
1355  // was not found. In the {entry_found} branch, the variable
1356  // entry_start_position will be bound to the index of the entry (relative to
1357  // OrderedHashTable::kHashTableStartIndex).
1358  //
1359  // The {CollectionType} template parameter stands for the particular instance
1360  // of OrderedHashTable, it should be OrderedHashMap or OrderedHashSet.
1361  template <typename CollectionType>
1362  void FindOrderedHashTableEntry(
1363  Node* table, Node* hash,
1364  const std::function<void(Node*, Label*, Label*)>& key_compare,
1365  Variable* entry_start_position, Label* entry_found, Label* not_found);
1366 
1367  template <typename CollectionType>
1368  TNode<CollectionType> AllocateSmallOrderedHashTable(TNode<IntPtrT> capacity);
1369 
1370  Node* AllocateStruct(Node* map, AllocationFlags flags = kNone);
1371  void InitializeStructBody(Node* object, Node* map, Node* size,
1372  int start_offset = Struct::kHeaderSize);
1373 
1374  Node* AllocateJSObjectFromMap(
1375  Node* map, Node* properties = nullptr, Node* elements = nullptr,
1376  AllocationFlags flags = kNone,
1377  SlackTrackingMode slack_tracking_mode = kNoSlackTracking);
1378 
1379  void InitializeJSObjectFromMap(
1380  Node* object, Node* map, Node* instance_size, Node* properties = nullptr,
1381  Node* elements = nullptr,
1382  SlackTrackingMode slack_tracking_mode = kNoSlackTracking);
1383 
1384  void InitializeJSObjectBodyWithSlackTracking(Node* object, Node* map,
1385  Node* instance_size);
1386  void InitializeJSObjectBodyNoSlackTracking(
1387  Node* object, Node* map, Node* instance_size,
1388  int start_offset = JSObject::kHeaderSize);
1389 
1390  TNode<BoolT> IsValidFastJSArrayCapacity(Node* capacity,
1391  ParameterMode capacity_mode);
1392 
1393  // Allocate a JSArray without elements and initialize the header fields.
1394  TNode<JSArray> AllocateUninitializedJSArrayWithoutElements(
1395  TNode<Map> array_map, TNode<Smi> length, Node* allocation_site = nullptr);
1396  //
1397  // Allocate and return a JSArray with initialized header fields and its
1398  // uninitialized elements.
1399  // The ParameterMode argument is only used for the capacity parameter.
1400  std::pair<TNode<JSArray>, TNode<FixedArrayBase>>
1401  AllocateUninitializedJSArrayWithElements(
1402  ElementsKind kind, TNode<Map> array_map, TNode<Smi> length,
1403  Node* allocation_site, Node* capacity,
1404  ParameterMode capacity_mode = INTPTR_PARAMETERS,
1405  AllocationFlags allocation_flags = kNone);
1406 
1407  // Allocate a JSArray and fill elements with the hole.
1408  // The ParameterMode argument is only used for the capacity parameter.
1409  TNode<JSArray> AllocateJSArray(
1410  ElementsKind kind, TNode<Map> array_map, Node* capacity,
1411  TNode<Smi> length, Node* allocation_site = nullptr,
1412  ParameterMode capacity_mode = INTPTR_PARAMETERS,
1413  AllocationFlags allocation_flags = kNone);
1414 
1415  TNode<JSArray> AllocateJSArray(ElementsKind kind, TNode<Map> array_map,
1416  TNode<Smi> capacity, TNode<Smi> length) {
1417  return AllocateJSArray(kind, array_map, capacity, length, nullptr,
1418  SMI_PARAMETERS);
1419  }
1420 
1421  TNode<JSArray> AllocateJSArray(ElementsKind kind, TNode<Map> array_map,
1422  TNode<IntPtrT> capacity, TNode<Smi> length) {
1423  return AllocateJSArray(kind, array_map, capacity, length, nullptr,
1424  INTPTR_PARAMETERS);
1425  }
1426 
1427  enum class HoleConversionMode { kDontConvert, kConvertToUndefined };
1428  // Clone a fast JSArray |array| into a new fast JSArray.
1429  // |convert_holes| tells the function to convert holes into undefined or not.
1430  // If |convert_holes| is set to kConvertToUndefined, but the function did not
1431  // find any hole in |array|, the resulting array will have the same elements
1432  // kind as |array|. If the function did find a hole, it will convert holes in
1433  // |array| to undefined in the resulting array, who will now have
1434  // PACKED_ELEMENTS kind.
1435  // If |convert_holes| is set kDontConvert, holes are also copied to the
1436  // resulting array, who will have the same elements kind as |array|. The
1437  // function generates significantly less code in this case.
1438  Node* CloneFastJSArray(
1439  Node* context, Node* array, ParameterMode mode = INTPTR_PARAMETERS,
1440  Node* allocation_site = nullptr,
1441  HoleConversionMode convert_holes = HoleConversionMode::kDontConvert);
1442 
1443  Node* ExtractFastJSArray(Node* context, Node* array, Node* begin, Node* count,
1444  ParameterMode mode = INTPTR_PARAMETERS,
1445  Node* capacity = nullptr,
1446  Node* allocation_site = nullptr);
1447 
1448  TNode<FixedArrayBase> AllocateFixedArray(
1449  ElementsKind kind, Node* capacity, ParameterMode mode = INTPTR_PARAMETERS,
1450  AllocationFlags flags = kNone,
1451  SloppyTNode<Map> fixed_array_map = nullptr);
1452 
1453  TNode<FixedArrayBase> AllocateFixedArray(
1454  ElementsKind kind, TNode<IntPtrT> capacity, AllocationFlags flags,
1455  SloppyTNode<Map> fixed_array_map = nullptr) {
1456  return AllocateFixedArray(kind, capacity, INTPTR_PARAMETERS, flags,
1457  fixed_array_map);
1458  }
1459 
1460  TNode<FixedArray> AllocateZeroedFixedArray(TNode<IntPtrT> capacity) {
1461  TNode<FixedArray> result = UncheckedCast<FixedArray>(
1462  AllocateFixedArray(PACKED_ELEMENTS, capacity,
1463  AllocationFlag::kAllowLargeObjectAllocation));
1464  FillFixedArrayWithSmiZero(result, capacity);
1465  return result;
1466  }
1467 
1468  TNode<FixedDoubleArray> AllocateZeroedFixedDoubleArray(
1469  TNode<IntPtrT> capacity) {
1470  TNode<FixedDoubleArray> result = UncheckedCast<FixedDoubleArray>(
1471  AllocateFixedArray(PACKED_DOUBLE_ELEMENTS, capacity,
1472  AllocationFlag::kAllowLargeObjectAllocation));
1473  FillFixedDoubleArrayWithZero(result, capacity);
1474  return result;
1475  }
1476 
1477  TNode<FixedArray> AllocateFixedArrayWithHoles(TNode<IntPtrT> capacity,
1478  AllocationFlags flags) {
1479  TNode<FixedArray> result = UncheckedCast<FixedArray>(
1480  AllocateFixedArray(PACKED_ELEMENTS, capacity, flags));
1481  FillFixedArrayWithValue(PACKED_ELEMENTS, result, IntPtrConstant(0),
1482  capacity, RootIndex::kTheHoleValue);
1483  return result;
1484  }
1485 
1486  Node* AllocatePropertyArray(Node* capacity,
1487  ParameterMode mode = INTPTR_PARAMETERS,
1488  AllocationFlags flags = kNone);
1489 
1490  // Perform CreateArrayIterator (ES #sec-createarrayiterator).
1491  TNode<JSArrayIterator> CreateArrayIterator(TNode<Context> context,
1492  TNode<Object> object,
1493  IterationKind mode);
1494 
1495  Node* AllocateJSIteratorResult(Node* context, Node* value, Node* done);
1496  Node* AllocateJSIteratorResultForEntry(Node* context, Node* key, Node* value);
1497 
1498  TNode<JSReceiver> ArraySpeciesCreate(TNode<Context> context,
1499  TNode<Object> originalArray,
1500  TNode<Number> len);
1501  TNode<JSReceiver> InternalArrayCreate(TNode<Context> context,
1502  TNode<Number> len);
1503 
1504  void FillFixedArrayWithValue(ElementsKind kind, Node* array, Node* from_index,
1505  Node* to_index, RootIndex value_root_index,
1506  ParameterMode mode = INTPTR_PARAMETERS);
1507 
1508  // Uses memset to effectively initialize the given FixedArray with zeroes.
1509  void FillFixedArrayWithSmiZero(TNode<FixedArray> array,
1510  TNode<IntPtrT> length);
1511  void FillFixedDoubleArrayWithZero(TNode<FixedDoubleArray> array,
1512  TNode<IntPtrT> length);
1513 
1514  void FillPropertyArrayWithUndefined(Node* array, Node* from_index,
1515  Node* to_index,
1516  ParameterMode mode = INTPTR_PARAMETERS);
1517 
1518  enum class DestroySource { kNo, kYes };
1519 
1520  // Specify DestroySource::kYes if {from_array} is being supplanted by
1521  // {to_array}. This offers a slight performance benefit by simply copying the
1522  // array word by word. The source may be destroyed at the end of this macro.
1523  //
1524  // Otherwise, specify DestroySource::kNo for operations where an Object is
1525  // being cloned, to ensure that MutableHeapNumbers are unique between the
1526  // source and cloned object.
1527  void CopyPropertyArrayValues(Node* from_array, Node* to_array, Node* length,
1528  WriteBarrierMode barrier_mode,
1529  ParameterMode mode,
1530  DestroySource destroy_source);
1531 
1532  // Copies all elements from |from_array| of |length| size to
1533  // |to_array| of the same size respecting the elements kind.
1534  void CopyFixedArrayElements(
1535  ElementsKind kind, Node* from_array, Node* to_array, Node* length,
1536  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1537  ParameterMode mode = INTPTR_PARAMETERS) {
1538  CopyFixedArrayElements(kind, from_array, kind, to_array,
1539  IntPtrOrSmiConstant(0, mode), length, length,
1540  barrier_mode, mode);
1541  }
1542 
1543  // Copies |element_count| elements from |from_array| starting from element
1544  // zero to |to_array| of |capacity| size respecting both array's elements
1545  // kinds.
1546  void CopyFixedArrayElements(
1547  ElementsKind from_kind, Node* from_array, ElementsKind to_kind,
1548  Node* to_array, Node* element_count, Node* capacity,
1549  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1550  ParameterMode mode = INTPTR_PARAMETERS) {
1551  CopyFixedArrayElements(from_kind, from_array, to_kind, to_array,
1552  IntPtrOrSmiConstant(0, mode), element_count,
1553  capacity, barrier_mode, mode);
1554  }
1555 
1556  // Copies |element_count| elements from |from_array| starting from element
1557  // |first_element| to |to_array| of |capacity| size respecting both array's
1558  // elements kinds.
1559  // |convert_holes| tells the function whether to convert holes to undefined.
1560  // |var_holes_converted| can be used to signify that the conversion happened
1561  // (i.e. that there were holes). If |convert_holes_to_undefined| is
1562  // HoleConversionMode::kConvertToUndefined, then it must not be the case that
1563  // IsDoubleElementsKind(to_kind).
1564  void CopyFixedArrayElements(
1565  ElementsKind from_kind, Node* from_array, ElementsKind to_kind,
1566  Node* to_array, Node* first_element, Node* element_count, Node* capacity,
1567  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER,
1568  ParameterMode mode = INTPTR_PARAMETERS,
1569  HoleConversionMode convert_holes = HoleConversionMode::kDontConvert,
1570  TVariable<BoolT>* var_holes_converted = nullptr);
1571 
1572  void CopyFixedArrayElements(
1573  ElementsKind from_kind, TNode<FixedArrayBase> from_array,
1574  ElementsKind to_kind, TNode<FixedArrayBase> to_array,
1575  TNode<Smi> first_element, TNode<Smi> element_count, TNode<Smi> capacity,
1576  WriteBarrierMode barrier_mode = UPDATE_WRITE_BARRIER) {
1577  CopyFixedArrayElements(from_kind, from_array, to_kind, to_array,
1578  first_element, element_count, capacity, barrier_mode,
1579  SMI_PARAMETERS);
1580  }
1581 
1582  void JumpIfPointersFromHereAreInteresting(TNode<Object> object,
1583  Label* interesting);
1584 
1585  // Efficiently copy elements within a single array. The regions
1586  // [src_index, src_index + length) and [dst_index, dst_index + length)
1587  // can be overlapping.
1588  void MoveElements(ElementsKind kind, TNode<FixedArrayBase> elements,
1589  TNode<IntPtrT> dst_index, TNode<IntPtrT> src_index,
1590  TNode<IntPtrT> length);
1591 
1592  // Efficiently copy elements from one array to another. The ElementsKind
1593  // needs to be the same. Copy from src_elements at
1594  // [src_index, src_index + length) to dst_elements at
1595  // [dst_index, dst_index + length).
1596  // The function decides whether it can use memcpy. In case it cannot,
1597  // |write_barrier| can help it to skip write barrier. SKIP_WRITE_BARRIER is
1598  // only safe when copying to new space, or when copying to old space and the
1599  // array does not contain object pointers.
1600  void CopyElements(ElementsKind kind, TNode<FixedArrayBase> dst_elements,
1601  TNode<IntPtrT> dst_index,
1602  TNode<FixedArrayBase> src_elements,
1603  TNode<IntPtrT> src_index, TNode<IntPtrT> length,
1604  WriteBarrierMode write_barrier = UPDATE_WRITE_BARRIER);
1605 
1606  TNode<FixedArray> HeapObjectToFixedArray(TNode<HeapObject> base,
1607  Label* cast_fail);
1608 
1609  TNode<FixedDoubleArray> HeapObjectToFixedDoubleArray(TNode<HeapObject> base,
1610  Label* cast_fail) {
1611  GotoIf(
1612  WordNotEqual(LoadMap(base), LoadRoot(RootIndex::kFixedDoubleArrayMap)),
1613  cast_fail);
1614  return UncheckedCast<FixedDoubleArray>(base);
1615  }
1616 
1617  TNode<FixedArray> HeapObjectToSloppyArgumentsElements(TNode<HeapObject> base,
1618  Label* cast_fail) {
1619  GotoIf(WordNotEqual(LoadMap(base),
1620  LoadRoot(RootIndex::kSloppyArgumentsElementsMap)),
1621  cast_fail);
1622  return UncheckedCast<FixedArray>(base);
1623  }
1624 
1625  TNode<Int32T> ConvertElementsKindToInt(TNode<Int32T> elements_kind) {
1626  return UncheckedCast<Int32T>(elements_kind);
1627  }
1628 
1629  enum class ExtractFixedArrayFlag {
1630  kFixedArrays = 1,
1631  kFixedDoubleArrays = 2,
1632  kDontCopyCOW = 4,
1633  kNewSpaceAllocationOnly = 8,
1634  kAllFixedArrays = kFixedArrays | kFixedDoubleArrays,
1635  kAllFixedArraysDontCopyCOW = kAllFixedArrays | kDontCopyCOW
1636  };
1637 
1638  typedef base::Flags<ExtractFixedArrayFlag> ExtractFixedArrayFlags;
1639 
1640  // Copy a portion of an existing FixedArray or FixedDoubleArray into a new
1641  // array, including special appropriate handling for empty arrays and COW
1642  // arrays. The result array will be of the same type as the original array.
1643  //
1644  // * |source| is either a FixedArray or FixedDoubleArray from which to copy
1645  // elements.
1646  // * |first| is the starting element index to copy from, if nullptr is passed
1647  // then index zero is used by default.
1648  // * |count| is the number of elements to copy out of the source array
1649  // starting from and including the element indexed by |start|. If |count| is
1650  // nullptr, then all of the elements from |start| to the end of |source| are
1651  // copied.
1652  // * |capacity| determines the size of the allocated result array, with
1653  // |capacity| >= |count|. If |capacity| is nullptr, then |count| is used as
1654  // the destination array's capacity.
1655  // * |extract_flags| determines whether FixedArrays, FixedDoubleArrays or both
1656  // are detected and copied. Although it's always correct to pass
1657  // kAllFixedArrays, the generated code is more compact and efficient if the
1658  // caller can specify whether only FixedArrays or FixedDoubleArrays will be
1659  // passed as the |source| parameter.
1660  // * |parameter_mode| determines the parameter mode of |first|, |count| and
1661  // |capacity|.
1662  // * If |var_holes_converted| is given, any holes will be converted to
1663  // undefined and the variable will be set according to whether or not there
1664  // were any hole.
1665  // * If |source_elements_kind| is given, the function will try to use the
1666  // runtime elements kind of source to make copy faster. More specifically, it
1667  // can skip write barriers.
1668  TNode<FixedArrayBase> ExtractFixedArray(
1669  Node* source, Node* first, Node* count = nullptr,
1670  Node* capacity = nullptr,
1671  ExtractFixedArrayFlags extract_flags =
1672  ExtractFixedArrayFlag::kAllFixedArrays,
1673  ParameterMode parameter_mode = INTPTR_PARAMETERS,
1674  TVariable<BoolT>* var_holes_converted = nullptr,
1675  Node* source_elements_kind = nullptr);
1676 
1677  TNode<FixedArrayBase> ExtractFixedArray(
1678  TNode<FixedArrayBase> source, TNode<Smi> first, TNode<Smi> count,
1679  TNode<Smi> capacity,
1680  ExtractFixedArrayFlags extract_flags =
1681  ExtractFixedArrayFlag::kAllFixedArrays) {
1682  return ExtractFixedArray(source, first, count, capacity, extract_flags,
1683  SMI_PARAMETERS);
1684  }
1685 
1686  // Copy a portion of an existing FixedArray or FixedDoubleArray into a new
1687  // FixedArray, including special appropriate handling for COW arrays.
1688  // * |source| is either a FixedArray or FixedDoubleArray from which to copy
1689  // elements. |source| is assumed to be non-empty.
1690  // * |first| is the starting element index to copy from.
1691  // * |count| is the number of elements to copy out of the source array
1692  // starting from and including the element indexed by |start|.
1693  // * |capacity| determines the size of the allocated result array, with
1694  // |capacity| >= |count|.
1695  // * |source_map| is the map of the |source|.
1696  // * |from_kind| is the elements kind that is consistent with |source| being
1697  // a FixedArray or FixedDoubleArray. This function only cares about double vs.
1698  // non-double, so as to distinguish FixedDoubleArray vs. FixedArray. It does
1699  // not care about holeyness. For example, when |source| is a FixedArray,
1700  // PACKED/HOLEY_ELEMENTS can be used, but not PACKED_DOUBLE_ELEMENTS.
1701  // * |allocation_flags| and |extract_flags| influence how the target
1702  // FixedArray is allocated.
1703  // * |parameter_mode| determines the parameter mode of |first|, |count| and
1704  // |capacity|.
1705  // * |convert_holes| is used to signify that the target array should use
1706  // undefined in places of holes.
1707  // * If |convert_holes| is true and |var_holes_converted| not nullptr, then
1708  // |var_holes_converted| is used to signal whether any holes were found and
1709  // converted. The caller should use this information to decide which map is
1710  // compatible with the result array. For example, if the input was of
1711  // HOLEY_SMI_ELEMENTS kind, and a conversion took place, the result will be
1712  // compatible only with HOLEY_ELEMENTS and PACKED_ELEMENTS.
1713  TNode<FixedArray> ExtractToFixedArray(
1714  Node* source, Node* first, Node* count, Node* capacity, Node* source_map,
1715  ElementsKind from_kind = PACKED_ELEMENTS,
1716  AllocationFlags allocation_flags = AllocationFlag::kNone,
1717  ExtractFixedArrayFlags extract_flags =
1718  ExtractFixedArrayFlag::kAllFixedArrays,
1719  ParameterMode parameter_mode = INTPTR_PARAMETERS,
1720  HoleConversionMode convert_holes = HoleConversionMode::kDontConvert,
1721  TVariable<BoolT>* var_holes_converted = nullptr,
1722  Node* source_runtime_kind = nullptr);
1723 
1724  // Attempt to copy a FixedDoubleArray to another FixedDoubleArray. In the case
1725  // where the source array has a hole, produce a FixedArray instead where holes
1726  // are replaced with undefined.
1727  // * |source| is a FixedDoubleArray from which to copy elements.
1728  // * |first| is the starting element index to copy from.
1729  // * |count| is the number of elements to copy out of the source array
1730  // starting from and including the element indexed by |start|.
1731  // * |capacity| determines the size of the allocated result array, with
1732  // |capacity| >= |count|.
1733  // * |source_map| is the map of |source|. It will be used as the map of the
1734  // target array if the target can stay a FixedDoubleArray. Otherwise if the
1735  // target array needs to be a FixedArray, the FixedArrayMap will be used.
1736  // * |var_holes_converted| is used to signal whether a FixedAray
1737  // is produced or not.
1738  // * |allocation_flags| and |extract_flags| influence how the target array is
1739  // allocated.
1740  // * |parameter_mode| determines the parameter mode of |first|, |count| and
1741  // |capacity|.
1742  TNode<FixedArrayBase> ExtractFixedDoubleArrayFillingHoles(
1743  Node* source, Node* first, Node* count, Node* capacity, Node* source_map,
1744  TVariable<BoolT>* var_holes_converted, AllocationFlags allocation_flags,
1745  ExtractFixedArrayFlags extract_flags =
1746  ExtractFixedArrayFlag::kAllFixedArrays,
1747  ParameterMode parameter_mode = INTPTR_PARAMETERS);
1748 
1749  // Copy the entire contents of a FixedArray or FixedDoubleArray to a new
1750  // array, including special appropriate handling for empty arrays and COW
1751  // arrays.
1752  //
1753  // * |source| is either a FixedArray or FixedDoubleArray from which to copy
1754  // elements.
1755  // * |extract_flags| determines whether FixedArrays, FixedDoubleArrays or both
1756  // are detected and copied. Although it's always correct to pass
1757  // kAllFixedArrays, the generated code is more compact and efficient if the
1758  // caller can specify whether only FixedArrays or FixedDoubleArrays will be
1759  // passed as the |source| parameter.
1760  Node* CloneFixedArray(Node* source,
1761  ExtractFixedArrayFlags flags =
1762  ExtractFixedArrayFlag::kAllFixedArraysDontCopyCOW) {
1763  ParameterMode mode = OptimalParameterMode();
1764  return ExtractFixedArray(source, IntPtrOrSmiConstant(0, mode), nullptr,
1765  nullptr, flags, mode);
1766  }
1767 
1768  // Copies |character_count| elements from |from_string| to |to_string|
1769  // starting at the |from_index|'th character. |from_string| and |to_string|
1770  // can either be one-byte strings or two-byte strings, although if
1771  // |from_string| is two-byte, then |to_string| must be two-byte.
1772  // |from_index|, |to_index| and |character_count| must be intptr_ts s.t. 0 <=
1773  // |from_index| <= |from_index| + |character_count| <= from_string.length and
1774  // 0 <= |to_index| <= |to_index| + |character_count| <= to_string.length.
1775  void CopyStringCharacters(Node* from_string, Node* to_string,
1776  TNode<IntPtrT> from_index, TNode<IntPtrT> to_index,
1777  TNode<IntPtrT> character_count,
1778  String::Encoding from_encoding,
1779  String::Encoding to_encoding);
1780 
1781  // Loads an element from |array| of |from_kind| elements by given |offset|
1782  // (NOTE: not index!), does a hole check if |if_hole| is provided and
1783  // converts the value so that it becomes ready for storing to array of
1784  // |to_kind| elements.
1785  Node* LoadElementAndPrepareForStore(Node* array, Node* offset,
1786  ElementsKind from_kind,
1787  ElementsKind to_kind, Label* if_hole);
1788 
1789  Node* CalculateNewElementsCapacity(Node* old_capacity,
1790  ParameterMode mode = INTPTR_PARAMETERS);
1791 
1792  TNode<Smi> CalculateNewElementsCapacity(TNode<Smi> old_capacity) {
1793  return CAST(CalculateNewElementsCapacity(old_capacity, SMI_PARAMETERS));
1794  }
1795 
1796  // Tries to grow the |elements| array of given |object| to store the |key|
1797  // or bails out if the growing gap is too big. Returns new elements.
1798  Node* TryGrowElementsCapacity(Node* object, Node* elements, ElementsKind kind,
1799  Node* key, Label* bailout);
1800 
1801  // Tries to grow the |capacity|-length |elements| array of given |object|
1802  // to store the |key| or bails out if the growing gap is too big. Returns
1803  // new elements.
1804  Node* TryGrowElementsCapacity(Node* object, Node* elements, ElementsKind kind,
1805  Node* key, Node* capacity, ParameterMode mode,
1806  Label* bailout);
1807 
1808  // Grows elements capacity of given object. Returns new elements.
1809  Node* GrowElementsCapacity(Node* object, Node* elements,
1810  ElementsKind from_kind, ElementsKind to_kind,
1811  Node* capacity, Node* new_capacity,
1812  ParameterMode mode, Label* bailout);
1813 
1814  // Given a need to grow by |growth|, allocate an appropriate new capacity
1815  // if necessary, and return a new elements FixedArray object. Label |bailout|
1816  // is followed for allocation failure.
1817  void PossiblyGrowElementsCapacity(ParameterMode mode, ElementsKind kind,
1818  Node* array, Node* length,
1819  Variable* var_elements, Node* growth,
1820  Label* bailout);
1821 
1822  // Allocation site manipulation
1823  void InitializeAllocationMemento(Node* base_allocation,
1824  Node* base_allocation_size,
1825  Node* allocation_site);
1826 
1827  Node* TryTaggedToFloat64(Node* value, Label* if_valueisnotnumber);
1828  Node* TruncateTaggedToFloat64(Node* context, Node* value);
1829  Node* TruncateTaggedToWord32(Node* context, Node* value);
1830  void TaggedToWord32OrBigInt(Node* context, Node* value, Label* if_number,
1831  Variable* var_word32, Label* if_bigint,
1832  Variable* var_bigint);
1833  void TaggedToWord32OrBigIntWithFeedback(
1834  Node* context, Node* value, Label* if_number, Variable* var_word32,
1835  Label* if_bigint, Variable* var_bigint, Variable* var_feedback);
1836 
1837  // Truncate the floating point value of a HeapNumber to an Int32.
1838  Node* TruncateHeapNumberValueToWord32(Node* object);
1839 
1840  // Conversions.
1841  void TryHeapNumberToSmi(TNode<HeapNumber> number, TVariable<Smi>& output,
1842  Label* if_smi);
1843  void TryFloat64ToSmi(TNode<Float64T> number, TVariable<Smi>& output,
1844  Label* if_smi);
1845  TNode<Number> ChangeFloat64ToTagged(SloppyTNode<Float64T> value);
1846  TNode<Number> ChangeInt32ToTagged(SloppyTNode<Int32T> value);
1847  TNode<Number> ChangeUint32ToTagged(SloppyTNode<Uint32T> value);
1848  TNode<Number> ChangeUintPtrToTagged(TNode<UintPtrT> value);
1849  TNode<Uint32T> ChangeNumberToUint32(TNode<Number> value);
1850  TNode<Float64T> ChangeNumberToFloat64(SloppyTNode<Number> value);
1851  TNode<UintPtrT> ChangeNonnegativeNumberToUintPtr(TNode<Number> value);
1852 
1853  void TaggedToNumeric(Node* context, Node* value, Label* done,
1854  Variable* var_numeric);
1855  void TaggedToNumericWithFeedback(Node* context, Node* value, Label* done,
1856  Variable* var_numeric,
1857  Variable* var_feedback);
1858 
1859  TNode<WordT> TimesPointerSize(SloppyTNode<WordT> value);
1860  TNode<IntPtrT> TimesPointerSize(TNode<IntPtrT> value) {
1861  return Signed(TimesPointerSize(implicit_cast<TNode<WordT>>(value)));
1862  }
1863  TNode<UintPtrT> TimesPointerSize(TNode<UintPtrT> value) {
1864  return Unsigned(TimesPointerSize(implicit_cast<TNode<WordT>>(value)));
1865  }
1866  TNode<WordT> TimesDoubleSize(SloppyTNode<WordT> value);
1867  TNode<UintPtrT> TimesDoubleSize(TNode<UintPtrT> value) {
1868  return Unsigned(TimesDoubleSize(implicit_cast<TNode<WordT>>(value)));
1869  }
1870  TNode<IntPtrT> TimesDoubleSize(TNode<IntPtrT> value) {
1871  return Signed(TimesDoubleSize(implicit_cast<TNode<WordT>>(value)));
1872  }
1873 
1874  // Type conversions.
1875  // Throws a TypeError for {method_name} if {value} is not coercible to Object,
1876  // or returns the {value} converted to a String otherwise.
1877  TNode<String> ToThisString(Node* context, Node* value,
1878  char const* method_name);
1879  // Throws a TypeError for {method_name} if {value} is neither of the given
1880  // {primitive_type} nor a JSValue wrapping a value of {primitive_type}, or
1881  // returns the {value} (or wrapped value) otherwise.
1882  Node* ToThisValue(Node* context, Node* value, PrimitiveType primitive_type,
1883  char const* method_name);
1884 
1885  // Throws a TypeError for {method_name} if {value} is not of the given
1886  // instance type. Returns {value}'s map.
1887  Node* ThrowIfNotInstanceType(Node* context, Node* value,
1888  InstanceType instance_type,
1889  char const* method_name);
1890  // Throws a TypeError for {method_name} if {value} is not a JSReceiver.
1891  // Returns the {value}'s map.
1892  Node* ThrowIfNotJSReceiver(Node* context, Node* value,
1893  MessageTemplate msg_template,
1894  const char* method_name = nullptr);
1895 
1896  void ThrowRangeError(Node* context, MessageTemplate message,
1897  Node* arg0 = nullptr, Node* arg1 = nullptr,
1898  Node* arg2 = nullptr);
1899  void ThrowTypeError(Node* context, MessageTemplate message,
1900  char const* arg0 = nullptr, char const* arg1 = nullptr);
1901  void ThrowTypeError(Node* context, MessageTemplate message, Node* arg0,
1902  Node* arg1 = nullptr, Node* arg2 = nullptr);
1903 
1904  // Type checks.
1905  // Check whether the map is for an object with special properties, such as a
1906  // JSProxy or an object with interceptors.
1907  TNode<BoolT> InstanceTypeEqual(SloppyTNode<Int32T> instance_type, int type);
1908  TNode<BoolT> IsAccessorInfo(SloppyTNode<HeapObject> object);
1909  TNode<BoolT> IsAccessorPair(SloppyTNode<HeapObject> object);
1910  TNode<BoolT> IsAllocationSite(SloppyTNode<HeapObject> object);
1911  TNode<BoolT> IsAnyHeapNumber(SloppyTNode<HeapObject> object);
1912  TNode<BoolT> IsNoElementsProtectorCellInvalid();
1913  TNode<BoolT> IsArrayIteratorProtectorCellInvalid();
1914  TNode<BoolT> IsBigIntInstanceType(SloppyTNode<Int32T> instance_type);
1915  TNode<BoolT> IsBigInt(SloppyTNode<HeapObject> object);
1916  TNode<BoolT> IsBoolean(SloppyTNode<HeapObject> object);
1917  TNode<BoolT> IsCallableMap(SloppyTNode<Map> map);
1918  TNode<BoolT> IsCallable(SloppyTNode<HeapObject> object);
1919  TNode<BoolT> TaggedIsCallable(TNode<Object> object);
1920  TNode<BoolT> IsCell(SloppyTNode<HeapObject> object);
1921  TNode<BoolT> IsCode(SloppyTNode<HeapObject> object);
1922  TNode<BoolT> IsConsStringInstanceType(SloppyTNode<Int32T> instance_type);
1923  TNode<BoolT> IsConstructorMap(SloppyTNode<Map> map);
1924  TNode<BoolT> IsConstructor(SloppyTNode<HeapObject> object);
1925  TNode<BoolT> IsDeprecatedMap(SloppyTNode<Map> map);
1926  TNode<BoolT> IsNameDictionary(SloppyTNode<HeapObject> object);
1927  TNode<BoolT> IsGlobalDictionary(SloppyTNode<HeapObject> object);
1928  TNode<BoolT> IsExtensibleMap(SloppyTNode<Map> map);
1929  TNode<BoolT> IsExtensibleNonPrototypeMap(TNode<Map> map);
1930  TNode<BoolT> IsExternalStringInstanceType(SloppyTNode<Int32T> instance_type);
1931  TNode<BoolT> IsFeedbackCell(SloppyTNode<HeapObject> object);
1932  TNode<BoolT> IsFeedbackVector(SloppyTNode<HeapObject> object);
1933  TNode<BoolT> IsContext(SloppyTNode<HeapObject> object);
1934  TNode<BoolT> IsFixedArray(SloppyTNode<HeapObject> object);
1935  TNode<BoolT> IsFixedArraySubclass(SloppyTNode<HeapObject> object);
1936  TNode<BoolT> IsFixedArrayWithKind(SloppyTNode<HeapObject> object,
1937  ElementsKind kind);
1938  TNode<BoolT> IsFixedArrayWithKindOrEmpty(SloppyTNode<HeapObject> object,
1939  ElementsKind kind);
1940  TNode<BoolT> IsFixedDoubleArray(SloppyTNode<HeapObject> object);
1941  TNode<BoolT> IsFixedTypedArray(SloppyTNode<HeapObject> object);
1942  TNode<BoolT> IsFunctionWithPrototypeSlotMap(SloppyTNode<Map> map);
1943  TNode<BoolT> IsHashTable(SloppyTNode<HeapObject> object);
1944  TNode<BoolT> IsEphemeronHashTable(SloppyTNode<HeapObject> object);
1945  TNode<BoolT> IsHeapNumber(SloppyTNode<HeapObject> object);
1946  TNode<BoolT> IsHeapNumberInstanceType(SloppyTNode<Int32T> instance_type);
1947  TNode<BoolT> IsOddball(SloppyTNode<HeapObject> object);
1948  TNode<BoolT> IsOddballInstanceType(SloppyTNode<Int32T> instance_type);
1949  TNode<BoolT> IsIndirectStringInstanceType(SloppyTNode<Int32T> instance_type);
1950  TNode<BoolT> IsJSArrayBuffer(SloppyTNode<HeapObject> object);
1951  TNode<BoolT> IsJSDataView(TNode<HeapObject> object);
1952  TNode<BoolT> IsJSArrayInstanceType(SloppyTNode<Int32T> instance_type);
1953  TNode<BoolT> IsJSArrayMap(SloppyTNode<Map> map);
1954  TNode<BoolT> IsJSArray(SloppyTNode<HeapObject> object);
1955  TNode<BoolT> IsJSArrayIterator(SloppyTNode<HeapObject> object);
1956  TNode<BoolT> IsJSAsyncGeneratorObject(SloppyTNode<HeapObject> object);
1957  TNode<BoolT> IsJSFunctionInstanceType(SloppyTNode<Int32T> instance_type);
1958  TNode<BoolT> IsAllocationSiteInstanceType(SloppyTNode<Int32T> instance_type);
1959  TNode<BoolT> IsJSFunctionMap(SloppyTNode<Map> map);
1960  TNode<BoolT> IsJSFunction(SloppyTNode<HeapObject> object);
1961  TNode<BoolT> IsJSGeneratorObject(SloppyTNode<HeapObject> object);
1962  TNode<BoolT> IsJSGlobalProxyInstanceType(SloppyTNode<Int32T> instance_type);
1963  TNode<BoolT> IsJSGlobalProxy(SloppyTNode<HeapObject> object);
1964  TNode<BoolT> IsJSObjectInstanceType(SloppyTNode<Int32T> instance_type);
1965  TNode<BoolT> IsJSObjectMap(SloppyTNode<Map> map);
1966  TNode<BoolT> IsJSObject(SloppyTNode<HeapObject> object);
1967  TNode<BoolT> IsJSPromiseMap(SloppyTNode<Map> map);
1968  TNode<BoolT> IsJSPromise(SloppyTNode<HeapObject> object);
1969  TNode<BoolT> IsJSProxy(SloppyTNode<HeapObject> object);
1970  TNode<BoolT> IsJSReceiverInstanceType(SloppyTNode<Int32T> instance_type);
1971  TNode<BoolT> IsJSReceiverMap(SloppyTNode<Map> map);
1972  TNode<BoolT> IsJSReceiver(SloppyTNode<HeapObject> object);
1973  TNode<BoolT> IsJSRegExp(SloppyTNode<HeapObject> object);
1974  TNode<BoolT> IsJSTypedArray(SloppyTNode<HeapObject> object);
1975  TNode<BoolT> IsJSValueInstanceType(SloppyTNode<Int32T> instance_type);
1976  TNode<BoolT> IsJSValueMap(SloppyTNode<Map> map);
1977  TNode<BoolT> IsJSValue(SloppyTNode<HeapObject> object);
1978  TNode<BoolT> IsMap(SloppyTNode<HeapObject> object);
1979  TNode<BoolT> IsMutableHeapNumber(SloppyTNode<HeapObject> object);
1980  TNode<BoolT> IsName(SloppyTNode<HeapObject> object);
1981  TNode<BoolT> IsNameInstanceType(SloppyTNode<Int32T> instance_type);
1982  TNode<BoolT> IsNativeContext(SloppyTNode<HeapObject> object);
1983  TNode<BoolT> IsNullOrJSReceiver(SloppyTNode<HeapObject> object);
1984  TNode<BoolT> IsNullOrUndefined(SloppyTNode<Object> object);
1985  TNode<BoolT> IsNumberDictionary(SloppyTNode<HeapObject> object);
1986  TNode<BoolT> IsOneByteStringInstanceType(SloppyTNode<Int32T> instance_type);
1987  TNode<BoolT> HasOnlyOneByteChars(TNode<Int32T> instance_type);
1988  TNode<BoolT> IsPrimitiveInstanceType(SloppyTNode<Int32T> instance_type);
1989  TNode<BoolT> IsPrivateSymbol(SloppyTNode<HeapObject> object);
1990  TNode<BoolT> IsPromiseCapability(SloppyTNode<HeapObject> object);
1991  TNode<BoolT> IsPropertyArray(SloppyTNode<HeapObject> object);
1992  TNode<BoolT> IsPropertyCell(SloppyTNode<HeapObject> object);
1993  TNode<BoolT> IsPrototypeInitialArrayPrototype(SloppyTNode<Context> context,
1994  SloppyTNode<Map> map);
1995  TNode<BoolT> IsPrototypeTypedArrayPrototype(SloppyTNode<Context> context,
1996  SloppyTNode<Map> map);
1997 
1998  TNode<BoolT> IsFastAliasedArgumentsMap(TNode<Context> context,
1999  TNode<Map> map);
2000  TNode<BoolT> IsSlowAliasedArgumentsMap(TNode<Context> context,
2001  TNode<Map> map);
2002  TNode<BoolT> IsSloppyArgumentsMap(TNode<Context> context, TNode<Map> map);
2003  TNode<BoolT> IsStrictArgumentsMap(TNode<Context> context, TNode<Map> map);
2004 
2005  TNode<BoolT> IsSequentialStringInstanceType(
2006  SloppyTNode<Int32T> instance_type);
2007  TNode<BoolT> IsUncachedExternalStringInstanceType(
2008  SloppyTNode<Int32T> instance_type);
2009  TNode<BoolT> IsSpecialReceiverInstanceType(TNode<Int32T> instance_type);
2010  TNode<BoolT> IsCustomElementsReceiverInstanceType(
2011  TNode<Int32T> instance_type);
2012  TNode<BoolT> IsSpecialReceiverMap(SloppyTNode<Map> map);
2013  // Returns true if the map corresponds to non-special fast or dictionary
2014  // object.
2015  TNode<BoolT> IsSimpleObjectMap(TNode<Map> map);
2016  TNode<BoolT> IsStringInstanceType(SloppyTNode<Int32T> instance_type);
2017  TNode<BoolT> IsString(SloppyTNode<HeapObject> object);
2018  TNode<BoolT> IsSymbolInstanceType(SloppyTNode<Int32T> instance_type);
2019  TNode<BoolT> IsSymbol(SloppyTNode<HeapObject> object);
2020  TNode<BoolT> IsUndetectableMap(SloppyTNode<Map> map);
2021  TNode<BoolT> IsNotWeakFixedArraySubclass(SloppyTNode<HeapObject> object);
2022  TNode<BoolT> IsZeroOrContext(SloppyTNode<Object> object);
2023 
2024  inline Node* IsSharedFunctionInfo(Node* object) {
2025  return IsSharedFunctionInfoMap(LoadMap(object));
2026  }
2027 
2028  TNode<BoolT> IsPromiseResolveProtectorCellInvalid();
2029  TNode<BoolT> IsPromiseThenProtectorCellInvalid();
2030  TNode<BoolT> IsArraySpeciesProtectorCellInvalid();
2031  TNode<BoolT> IsTypedArraySpeciesProtectorCellInvalid();
2032  TNode<BoolT> IsRegExpSpeciesProtectorCellInvalid();
2033  TNode<BoolT> IsPromiseSpeciesProtectorCellInvalid();
2034 
2035  // True iff |object| is a Smi or a HeapNumber.
2036  TNode<BoolT> IsNumber(SloppyTNode<Object> object);
2037  // True iff |object| is a Smi or a HeapNumber or a BigInt.
2038  TNode<BoolT> IsNumeric(SloppyTNode<Object> object);
2039 
2040  // True iff |number| is either a Smi, or a HeapNumber whose value is not
2041  // within Smi range.
2042  TNode<BoolT> IsNumberNormalized(SloppyTNode<Number> number);
2043  TNode<BoolT> IsNumberPositive(SloppyTNode<Number> number);
2044  TNode<BoolT> IsHeapNumberPositive(TNode<HeapNumber> number);
2045 
2046  // True iff {number} is non-negative and less or equal than 2**53-1.
2047  TNode<BoolT> IsNumberNonNegativeSafeInteger(TNode<Number> number);
2048 
2049  // True iff {number} represents an integer value.
2050  TNode<BoolT> IsInteger(TNode<Object> number);
2051  TNode<BoolT> IsInteger(TNode<HeapNumber> number);
2052 
2053  // True iff abs({number}) <= 2**53 -1
2054  TNode<BoolT> IsSafeInteger(TNode<Object> number);
2055  TNode<BoolT> IsSafeInteger(TNode<HeapNumber> number);
2056 
2057  // True iff {number} represents a valid uint32t value.
2058  TNode<BoolT> IsHeapNumberUint32(TNode<HeapNumber> number);
2059 
2060  // True iff {number} is a positive number and a valid array index in the range
2061  // [0, 2^32-1).
2062  TNode<BoolT> IsNumberArrayIndex(TNode<Number> number);
2063 
2064  Node* FixedArraySizeDoesntFitInNewSpace(
2065  Node* element_count, int base_size = FixedArray::kHeaderSize,
2066  ParameterMode mode = INTPTR_PARAMETERS);
2067 
2068  // ElementsKind helpers:
2069  TNode<BoolT> ElementsKindEqual(TNode<Int32T> a, TNode<Int32T> b) {
2070  return Word32Equal(a, b);
2071  }
2072  bool ElementsKindEqual(ElementsKind a, ElementsKind b) { return a == b; }
2073  Node* IsFastElementsKind(Node* elements_kind);
2074  bool IsFastElementsKind(ElementsKind kind) {
2075  return v8::internal::IsFastElementsKind(kind);
2076  }
2077  TNode<BoolT> IsDictionaryElementsKind(TNode<Int32T> elements_kind) {
2078  return ElementsKindEqual(elements_kind, Int32Constant(DICTIONARY_ELEMENTS));
2079  }
2080  TNode<BoolT> IsDoubleElementsKind(TNode<Int32T> elements_kind);
2081  bool IsDoubleElementsKind(ElementsKind kind) {
2082  return v8::internal::IsDoubleElementsKind(kind);
2083  }
2084  Node* IsFastSmiOrTaggedElementsKind(Node* elements_kind);
2085  Node* IsFastSmiElementsKind(Node* elements_kind);
2086  Node* IsHoleyFastElementsKind(Node* elements_kind);
2087  Node* IsElementsKindGreaterThan(Node* target_kind,
2088  ElementsKind reference_kind);
2089  TNode<BoolT> IsElementsKindLessThanOrEqual(TNode<Int32T> target_kind,
2090  ElementsKind reference_kind);
2091 
2092  // String helpers.
2093  // Load a character from a String (might flatten a ConsString).
2094  TNode<Int32T> StringCharCodeAt(SloppyTNode<String> string,
2095  SloppyTNode<IntPtrT> index);
2096  // Return the single character string with only {code}.
2097  TNode<String> StringFromSingleCharCode(TNode<Int32T> code);
2098 
2099  // Return a new string object which holds a substring containing the range
2100  // [from,to[ of string.
2101  TNode<String> SubString(TNode<String> string, TNode<IntPtrT> from,
2102  TNode<IntPtrT> to);
2103 
2104  // Return a new string object produced by concatenating |first| with |second|.
2105  TNode<String> StringAdd(Node* context, TNode<String> first,
2106  TNode<String> second, AllocationFlags flags = kNone);
2107 
2108  // Check if |string| is an indirect (thin or flat cons) string type that can
2109  // be dereferenced by DerefIndirectString.
2110  void BranchIfCanDerefIndirectString(Node* string, Node* instance_type,
2111  Label* can_deref, Label* cannot_deref);
2112  // Unpack an indirect (thin or flat cons) string type.
2113  void DerefIndirectString(Variable* var_string, Node* instance_type);
2114  // Check if |var_string| has an indirect (thin or flat cons) string type,
2115  // and unpack it if so.
2116  void MaybeDerefIndirectString(Variable* var_string, Node* instance_type,
2117  Label* did_deref, Label* cannot_deref);
2118  // Check if |var_left| or |var_right| has an indirect (thin or flat cons)
2119  // string type, and unpack it/them if so. Fall through if nothing was done.
2120  void MaybeDerefIndirectStrings(Variable* var_left, Node* left_instance_type,
2121  Variable* var_right, Node* right_instance_type,
2122  Label* did_something);
2123  Node* DerefIndirectString(TNode<String> string, TNode<Int32T> instance_type,
2124  Label* cannot_deref);
2125 
2126  TNode<String> StringFromSingleCodePoint(TNode<Int32T> codepoint,
2127  UnicodeEncoding encoding);
2128 
2129  // Type conversion helpers.
2130  enum class BigIntHandling { kConvertToNumber, kThrow };
2131  // Convert a String to a Number.
2132  TNode<Number> StringToNumber(TNode<String> input);
2133  // Convert a Number to a String.
2134  TNode<String> NumberToString(TNode<Number> input);
2135  // Convert a Non-Number object to a Number.
2136  TNode<Number> NonNumberToNumber(
2137  SloppyTNode<Context> context, SloppyTNode<HeapObject> input,
2138  BigIntHandling bigint_handling = BigIntHandling::kThrow);
2139  // Convert a Non-Number object to a Numeric.
2140  TNode<Numeric> NonNumberToNumeric(SloppyTNode<Context> context,
2141  SloppyTNode<HeapObject> input);
2142  // Convert any object to a Number.
2143  // Conforms to ES#sec-tonumber if {bigint_handling} == kThrow.
2144  // With {bigint_handling} == kConvertToNumber, matches behavior of
2145  // tc39.github.io/proposal-bigint/#sec-number-constructor-number-value.
2146  TNode<Number> ToNumber(
2147  SloppyTNode<Context> context, SloppyTNode<Object> input,
2148  BigIntHandling bigint_handling = BigIntHandling::kThrow);
2149  TNode<Number> ToNumber_Inline(SloppyTNode<Context> context,
2150  SloppyTNode<Object> input);
2151 
2152  // Try to convert an object to a BigInt. Throws on failure (e.g. for Numbers).
2153  // https://tc39.github.io/proposal-bigint/#sec-to-bigint
2154  TNode<BigInt> ToBigInt(SloppyTNode<Context> context,
2155  SloppyTNode<Object> input);
2156 
2157  // Converts |input| to one of 2^32 integer values in the range 0 through
2158  // 2^32-1, inclusive.
2159  // ES#sec-touint32
2160  TNode<Number> ToUint32(SloppyTNode<Context> context,
2161  SloppyTNode<Object> input);
2162 
2163  // Convert any object to a String.
2164  TNode<String> ToString(SloppyTNode<Context> context,
2165  SloppyTNode<Object> input);
2166  TNode<String> ToString_Inline(SloppyTNode<Context> context,
2167  SloppyTNode<Object> input);
2168 
2169  // Convert any object to a Primitive.
2170  Node* JSReceiverToPrimitive(Node* context, Node* input);
2171 
2172  TNode<JSReceiver> ToObject(SloppyTNode<Context> context,
2173  SloppyTNode<Object> input);
2174 
2175  // Same as ToObject but avoids the Builtin call if |input| is already a
2176  // JSReceiver.
2177  TNode<JSReceiver> ToObject_Inline(TNode<Context> context,
2178  TNode<Object> input);
2179 
2180  enum ToIntegerTruncationMode {
2181  kNoTruncation,
2182  kTruncateMinusZero,
2183  };
2184 
2185  // ES6 7.1.17 ToIndex, but jumps to range_error if the result is not a Smi.
2186  TNode<Smi> ToSmiIndex(TNode<Object> input, TNode<Context> context,
2187  Label* range_error);
2188 
2189  // ES6 7.1.15 ToLength, but jumps to range_error if the result is not a Smi.
2190  TNode<Smi> ToSmiLength(TNode<Object> input, TNode<Context> context,
2191  Label* range_error);
2192 
2193  // ES6 7.1.15 ToLength, but with inlined fast path.
2194  TNode<Number> ToLength_Inline(SloppyTNode<Context> context,
2195  SloppyTNode<Object> input);
2196 
2197  // ES6 7.1.4 ToInteger ( argument )
2198  TNode<Number> ToInteger_Inline(SloppyTNode<Context> context,
2199  SloppyTNode<Object> input,
2200  ToIntegerTruncationMode mode = kNoTruncation);
2201  TNode<Number> ToInteger(SloppyTNode<Context> context,
2202  SloppyTNode<Object> input,
2203  ToIntegerTruncationMode mode = kNoTruncation);
2204 
2205  // Returns a node that contains a decoded (unsigned!) value of a bit
2206  // field |BitField| in |word32|. Returns result as an uint32 node.
2207  template <typename BitField>
2208  TNode<Uint32T> DecodeWord32(SloppyTNode<Word32T> word32) {
2209  return DecodeWord32(word32, BitField::kShift, BitField::kMask);
2210  }
2211 
2212  // Returns a node that contains a decoded (unsigned!) value of a bit
2213  // field |BitField| in |word|. Returns result as a word-size node.
2214  template <typename BitField>
2215  TNode<UintPtrT> DecodeWord(SloppyTNode<WordT> word) {
2216  return DecodeWord(word, BitField::kShift, BitField::kMask);
2217  }
2218 
2219  // Returns a node that contains a decoded (unsigned!) value of a bit
2220  // field |BitField| in |word32|. Returns result as a word-size node.
2221  template <typename BitField>
2222  TNode<UintPtrT> DecodeWordFromWord32(SloppyTNode<Word32T> word32) {
2223  return DecodeWord<BitField>(ChangeUint32ToWord(word32));
2224  }
2225 
2226  // Returns a node that contains a decoded (unsigned!) value of a bit
2227  // field |BitField| in |word|. Returns result as an uint32 node.
2228  template <typename BitField>
2229  TNode<Uint32T> DecodeWord32FromWord(SloppyTNode<WordT> word) {
2230  return UncheckedCast<Uint32T>(
2231  TruncateIntPtrToInt32(Signed(DecodeWord<BitField>(word))));
2232  }
2233 
2234  // Decodes an unsigned (!) value from |word32| to an uint32 node.
2235  TNode<Uint32T> DecodeWord32(SloppyTNode<Word32T> word32, uint32_t shift,
2236  uint32_t mask);
2237 
2238  // Decodes an unsigned (!) value from |word| to a word-size node.
2239  TNode<UintPtrT> DecodeWord(SloppyTNode<WordT> word, uint32_t shift,
2240  uint32_t mask);
2241 
2242  // Returns a node that contains the updated values of a |BitField|.
2243  template <typename BitField>
2244  TNode<WordT> UpdateWord(TNode<WordT> word, TNode<WordT> value) {
2245  return UpdateWord(word, value, BitField::kShift, BitField::kMask);
2246  }
2247 
2248  // Returns a node that contains the updated {value} inside {word} starting
2249  // at {shift} and fitting in {mask}.
2250  TNode<WordT> UpdateWord(TNode<WordT> word, TNode<WordT> value, uint32_t shift,
2251  uint32_t mask);
2252 
2253  // Returns true if any of the |T|'s bits in given |word32| are set.
2254  template <typename T>
2255  TNode<BoolT> IsSetWord32(SloppyTNode<Word32T> word32) {
2256  return IsSetWord32(word32, T::kMask);
2257  }
2258 
2259  // Returns true if any of the mask's bits in given |word32| are set.
2260  TNode<BoolT> IsSetWord32(SloppyTNode<Word32T> word32, uint32_t mask) {
2261  return Word32NotEqual(Word32And(word32, Int32Constant(mask)),
2262  Int32Constant(0));
2263  }
2264 
2265  // Returns true if none of the mask's bits in given |word32| are set.
2266  TNode<BoolT> IsNotSetWord32(SloppyTNode<Word32T> word32, uint32_t mask) {
2267  return Word32Equal(Word32And(word32, Int32Constant(mask)),
2268  Int32Constant(0));
2269  }
2270 
2271  // Returns true if all of the mask's bits in a given |word32| are set.
2272  TNode<BoolT> IsAllSetWord32(SloppyTNode<Word32T> word32, uint32_t mask) {
2273  TNode<Int32T> const_mask = Int32Constant(mask);
2274  return Word32Equal(Word32And(word32, const_mask), const_mask);
2275  }
2276 
2277  // Returns true if any of the |T|'s bits in given |word| are set.
2278  template <typename T>
2279  TNode<BoolT> IsSetWord(SloppyTNode<WordT> word) {
2280  return IsSetWord(word, T::kMask);
2281  }
2282 
2283  // Returns true if any of the mask's bits in given |word| are set.
2284  TNode<BoolT> IsSetWord(SloppyTNode<WordT> word, uint32_t mask) {
2285  return WordNotEqual(WordAnd(word, IntPtrConstant(mask)), IntPtrConstant(0));
2286  }
2287 
2288  // Returns true if any of the mask's bit are set in the given Smi.
2289  // Smi-encoding of the mask is performed implicitly!
2290  TNode<BoolT> IsSetSmi(SloppyTNode<Smi> smi, int untagged_mask) {
2291  intptr_t mask_word = bit_cast<intptr_t>(Smi::FromInt(untagged_mask));
2292  return WordNotEqual(
2293  WordAnd(BitcastTaggedToWord(smi), IntPtrConstant(mask_word)),
2294  IntPtrConstant(0));
2295  }
2296 
2297  // Returns true if all of the |T|'s bits in given |word32| are clear.
2298  template <typename T>
2299  TNode<BoolT> IsClearWord32(SloppyTNode<Word32T> word32) {
2300  return IsClearWord32(word32, T::kMask);
2301  }
2302 
2303  // Returns true if all of the mask's bits in given |word32| are clear.
2304  TNode<BoolT> IsClearWord32(SloppyTNode<Word32T> word32, uint32_t mask) {
2305  return Word32Equal(Word32And(word32, Int32Constant(mask)),
2306  Int32Constant(0));
2307  }
2308 
2309  // Returns true if all of the |T|'s bits in given |word| are clear.
2310  template <typename T>
2311  TNode<BoolT> IsClearWord(SloppyTNode<WordT> word) {
2312  return IsClearWord(word, T::kMask);
2313  }
2314 
2315  // Returns true if all of the mask's bits in given |word| are clear.
2316  TNode<BoolT> IsClearWord(SloppyTNode<WordT> word, uint32_t mask) {
2317  return WordEqual(WordAnd(word, IntPtrConstant(mask)), IntPtrConstant(0));
2318  }
2319 
2320  void SetCounter(StatsCounter* counter, int value);
2321  void IncrementCounter(StatsCounter* counter, int delta);
2322  void DecrementCounter(StatsCounter* counter, int delta);
2323 
2324  void Increment(Variable* variable, int value = 1,
2325  ParameterMode mode = INTPTR_PARAMETERS);
2326  void Decrement(Variable* variable, int value = 1,
2327  ParameterMode mode = INTPTR_PARAMETERS) {
2328  Increment(variable, -value, mode);
2329  }
2330 
2331  // Generates "if (false) goto label" code. Useful for marking a label as
2332  // "live" to avoid assertion failures during graph building. In the resulting
2333  // code this check will be eliminated.
2334  void Use(Label* label);
2335 
2336  // Various building blocks for stubs doing property lookups.
2337 
2338  // |if_notinternalized| is optional; |if_bailout| will be used by default.
2339  void TryToName(Node* key, Label* if_keyisindex, Variable* var_index,
2340  Label* if_keyisunique, Variable* var_unique, Label* if_bailout,
2341  Label* if_notinternalized = nullptr);
2342 
2343  // Performs a hash computation and string table lookup for the given string,
2344  // and jumps to:
2345  // - |if_index| if the string is an array index like "123"; |var_index|
2346  // will contain the intptr representation of that index.
2347  // - |if_internalized| if the string exists in the string table; the
2348  // internalized version will be in |var_internalized|.
2349  // - |if_not_internalized| if the string is not in the string table (but
2350  // does not add it).
2351  // - |if_bailout| for unsupported cases (e.g. uncachable array index).
2352  void TryInternalizeString(Node* string, Label* if_index, Variable* var_index,
2353  Label* if_internalized, Variable* var_internalized,
2354  Label* if_not_internalized, Label* if_bailout);
2355 
2356  // Calculates array index for given dictionary entry and entry field.
2357  // See Dictionary::EntryToIndex().
2358  template <typename Dictionary>
2359  TNode<IntPtrT> EntryToIndex(TNode<IntPtrT> entry, int field_index);
2360  template <typename Dictionary>
2361  TNode<IntPtrT> EntryToIndex(TNode<IntPtrT> entry) {
2362  return EntryToIndex<Dictionary>(entry, Dictionary::kEntryKeyIndex);
2363  }
2364 
2365  // Loads the details for the entry with the given key_index.
2366  // Returns an untagged int32.
2367  template <class ContainerType>
2368  TNode<Uint32T> LoadDetailsByKeyIndex(Node* container, Node* key_index) {
2369  static_assert(!std::is_same<ContainerType, DescriptorArray>::value,
2370  "Use the non-templatized version for DescriptorArray");
2371  const int kKeyToDetailsOffset =
2372  (ContainerType::kEntryDetailsIndex - ContainerType::kEntryKeyIndex) *
2373  kPointerSize;
2374  return Unsigned(LoadAndUntagToWord32FixedArrayElement(
2375  CAST(container), key_index, kKeyToDetailsOffset));
2376  }
2377 
2378  // Loads the value for the entry with the given key_index.
2379  // Returns a tagged value.
2380  template <class ContainerType>
2381  TNode<Object> LoadValueByKeyIndex(Node* container, Node* key_index) {
2382  static_assert(!std::is_same<ContainerType, DescriptorArray>::value,
2383  "Use the non-templatized version for DescriptorArray");
2384  const int kKeyToValueOffset =
2385  (ContainerType::kEntryValueIndex - ContainerType::kEntryKeyIndex) *
2386  kPointerSize;
2387  return LoadFixedArrayElement(CAST(container), key_index, kKeyToValueOffset);
2388  }
2389 
2390  // Stores the details for the entry with the given key_index.
2391  // |details| must be a Smi.
2392  template <class ContainerType>
2393  void StoreDetailsByKeyIndex(TNode<ContainerType> container,
2394  TNode<IntPtrT> key_index, TNode<Smi> details) {
2395  const int kKeyToDetailsOffset =
2396  (ContainerType::kEntryDetailsIndex - ContainerType::kEntryKeyIndex) *
2397  kPointerSize;
2398  StoreFixedArrayElement(container, key_index, details, SKIP_WRITE_BARRIER,
2399  kKeyToDetailsOffset);
2400  }
2401 
2402  // Stores the value for the entry with the given key_index.
2403  template <class ContainerType>
2404  void StoreValueByKeyIndex(
2405  TNode<ContainerType> container, TNode<IntPtrT> key_index,
2406  TNode<Object> value,
2407  WriteBarrierMode write_barrier = UPDATE_WRITE_BARRIER) {
2408  const int kKeyToValueOffset =
2409  (ContainerType::kEntryValueIndex - ContainerType::kEntryKeyIndex) *
2410  kPointerSize;
2411  StoreFixedArrayElement(container, key_index, value, write_barrier,
2412  kKeyToValueOffset);
2413  }
2414 
2415  // Calculate a valid size for the a hash table.
2416  TNode<IntPtrT> HashTableComputeCapacity(TNode<IntPtrT> at_least_space_for);
2417 
2418  template <class Dictionary>
2419  TNode<Smi> GetNumberOfElements(TNode<Dictionary> dictionary) {
2420  return CAST(
2421  LoadFixedArrayElement(dictionary, Dictionary::kNumberOfElementsIndex));
2422  }
2423 
2424  TNode<Smi> GetNumberDictionaryNumberOfElements(
2425  TNode<NumberDictionary> dictionary) {
2426  return GetNumberOfElements<NumberDictionary>(dictionary);
2427  }
2428 
2429  template <class Dictionary>
2430  void SetNumberOfElements(TNode<Dictionary> dictionary,
2431  TNode<Smi> num_elements_smi) {
2432  StoreFixedArrayElement(dictionary, Dictionary::kNumberOfElementsIndex,
2433  num_elements_smi, SKIP_WRITE_BARRIER);
2434  }
2435 
2436  template <class Dictionary>
2437  TNode<Smi> GetNumberOfDeletedElements(TNode<Dictionary> dictionary) {
2438  return CAST(LoadFixedArrayElement(
2439  dictionary, Dictionary::kNumberOfDeletedElementsIndex));
2440  }
2441 
2442  template <class Dictionary>
2443  void SetNumberOfDeletedElements(TNode<Dictionary> dictionary,
2444  TNode<Smi> num_deleted_smi) {
2445  StoreFixedArrayElement(dictionary,
2446  Dictionary::kNumberOfDeletedElementsIndex,
2447  num_deleted_smi, SKIP_WRITE_BARRIER);
2448  }
2449 
2450  template <class Dictionary>
2451  TNode<Smi> GetCapacity(TNode<Dictionary> dictionary) {
2452  return CAST(LoadFixedArrayElement(dictionary, Dictionary::kCapacityIndex));
2453  }
2454 
2455  template <class Dictionary>
2456  TNode<Smi> GetNextEnumerationIndex(TNode<Dictionary> dictionary) {
2457  return CAST(LoadFixedArrayElement(dictionary,
2458  Dictionary::kNextEnumerationIndexIndex));
2459  }
2460 
2461  template <class Dictionary>
2462  void SetNextEnumerationIndex(TNode<Dictionary> dictionary,
2463  TNode<Smi> next_enum_index_smi) {
2464  StoreFixedArrayElement(dictionary, Dictionary::kNextEnumerationIndexIndex,
2465  next_enum_index_smi, SKIP_WRITE_BARRIER);
2466  }
2467 
2468  // Looks up an entry in a NameDictionaryBase successor. If the entry is found
2469  // control goes to {if_found} and {var_name_index} contains an index of the
2470  // key field of the entry found. If the key is not found control goes to
2471  // {if_not_found}.
2472  static const int kInlinedDictionaryProbes = 4;
2473  enum LookupMode { kFindExisting, kFindInsertionIndex };
2474 
2475  template <typename Dictionary>
2476  TNode<HeapObject> LoadName(TNode<HeapObject> key);
2477 
2478  template <typename Dictionary>
2479  void NameDictionaryLookup(TNode<Dictionary> dictionary,
2480  TNode<Name> unique_name, Label* if_found,
2481  TVariable<IntPtrT>* var_name_index,
2482  Label* if_not_found,
2483  int inlined_probes = kInlinedDictionaryProbes,
2484  LookupMode mode = kFindExisting);
2485 
2486  Node* ComputeUnseededHash(Node* key);
2487  Node* ComputeSeededHash(Node* key);
2488 
2489  void NumberDictionaryLookup(TNode<NumberDictionary> dictionary,
2490  TNode<IntPtrT> intptr_index, Label* if_found,
2491  TVariable<IntPtrT>* var_entry,
2492  Label* if_not_found);
2493 
2494  TNode<Object> BasicLoadNumberDictionaryElement(
2495  TNode<NumberDictionary> dictionary, TNode<IntPtrT> intptr_index,
2496  Label* not_data, Label* if_hole);
2497  void BasicStoreNumberDictionaryElement(TNode<NumberDictionary> dictionary,
2498  TNode<IntPtrT> intptr_index,
2499  TNode<Object> value, Label* not_data,
2500  Label* if_hole, Label* read_only);
2501 
2502  template <class Dictionary>
2503  void FindInsertionEntry(TNode<Dictionary> dictionary, TNode<Name> key,
2504  TVariable<IntPtrT>* var_key_index);
2505 
2506  template <class Dictionary>
2507  void InsertEntry(TNode<Dictionary> dictionary, TNode<Name> key,
2508  TNode<Object> value, TNode<IntPtrT> index,
2509  TNode<Smi> enum_index);
2510 
2511  template <class Dictionary>
2512  void Add(TNode<Dictionary> dictionary, TNode<Name> key, TNode<Object> value,
2513  Label* bailout);
2514 
2515  // Tries to check if {object} has own {unique_name} property.
2516  void TryHasOwnProperty(Node* object, Node* map, Node* instance_type,
2517  Node* unique_name, Label* if_found,
2518  Label* if_not_found, Label* if_bailout);
2519 
2520  // Operating mode for TryGetOwnProperty and CallGetterIfAccessor
2521  // kReturnAccessorPair is used when we're only getting the property descriptor
2522  enum GetOwnPropertyMode { kCallJSGetter, kReturnAccessorPair };
2523  // Tries to get {object}'s own {unique_name} property value. If the property
2524  // is an accessor then it also calls a getter. If the property is a double
2525  // field it re-wraps value in an immutable heap number.
2526  void TryGetOwnProperty(Node* context, Node* receiver, Node* object, Node* map,
2527  Node* instance_type, Node* unique_name,
2528  Label* if_found, Variable* var_value,
2529  Label* if_not_found, Label* if_bailout);
2530  void TryGetOwnProperty(Node* context, Node* receiver, Node* object, Node* map,
2531  Node* instance_type, Node* unique_name,
2532  Label* if_found, Variable* var_value,
2533  Variable* var_details, Variable* var_raw_value,
2534  Label* if_not_found, Label* if_bailout,
2535  GetOwnPropertyMode mode);
2536 
2537  TNode<Object> GetProperty(SloppyTNode<Context> context,
2538  SloppyTNode<Object> receiver, Handle<Name> name) {
2539  return GetProperty(context, receiver, HeapConstant(name));
2540  }
2541 
2542  TNode<Object> GetProperty(SloppyTNode<Context> context,
2543  SloppyTNode<Object> receiver,
2544  SloppyTNode<Object> name) {
2545  return CallBuiltin(Builtins::kGetProperty, context, receiver, name);
2546  }
2547 
2548  TNode<Object> SetPropertyStrict(TNode<Context> context,
2549  TNode<Object> receiver, TNode<Object> key,
2550  TNode<Object> value) {
2551  return CallBuiltin(Builtins::kSetProperty, context, receiver, key, value);
2552  }
2553 
2554  TNode<Object> SetPropertyInLiteral(TNode<Context> context,
2555  TNode<JSObject> receiver,
2556  TNode<Object> key, TNode<Object> value) {
2557  return CallBuiltin(Builtins::kSetPropertyInLiteral, context, receiver, key,
2558  value);
2559  }
2560 
2561  Node* GetMethod(Node* context, Node* object, Handle<Name> name,
2562  Label* if_null_or_undefined);
2563 
2564  template <class... TArgs>
2565  TNode<Object> CallBuiltin(Builtins::Name id, SloppyTNode<Object> context,
2566  TArgs... args) {
2567  return CallStub<Object>(Builtins::CallableFor(isolate(), id), context,
2568  args...);
2569  }
2570 
2571  template <class... TArgs>
2572  void TailCallBuiltin(Builtins::Name id, SloppyTNode<Object> context,
2573  TArgs... args) {
2574  return TailCallStub(Builtins::CallableFor(isolate(), id), context, args...);
2575  }
2576 
2577  void LoadPropertyFromFastObject(Node* object, Node* map,
2578  TNode<DescriptorArray> descriptors,
2579  Node* name_index, Variable* var_details,
2580  Variable* var_value);
2581 
2582  void LoadPropertyFromFastObject(Node* object, Node* map,
2583  TNode<DescriptorArray> descriptors,
2584  Node* name_index, Node* details,
2585  Variable* var_value);
2586 
2587  void LoadPropertyFromNameDictionary(Node* dictionary, Node* entry,
2588  Variable* var_details,
2589  Variable* var_value);
2590 
2591  void LoadPropertyFromGlobalDictionary(Node* dictionary, Node* entry,
2592  Variable* var_details,
2593  Variable* var_value, Label* if_deleted);
2594 
2595  // Generic property lookup generator. If the {object} is fast and
2596  // {unique_name} property is found then the control goes to {if_found_fast}
2597  // label and {var_meta_storage} and {var_name_index} will contain
2598  // DescriptorArray and an index of the descriptor's name respectively.
2599  // If the {object} is slow or global then the control goes to {if_found_dict}
2600  // or {if_found_global} and the {var_meta_storage} and {var_name_index} will
2601  // contain a dictionary and an index of the key field of the found entry.
2602  // If property is not found or given lookup is not supported then
2603  // the control goes to {if_not_found} or {if_bailout} respectively.
2604  //
2605  // Note: this code does not check if the global dictionary points to deleted
2606  // entry! This has to be done by the caller.
2607  void TryLookupProperty(SloppyTNode<JSObject> object, SloppyTNode<Map> map,
2608  SloppyTNode<Int32T> instance_type,
2609  SloppyTNode<Name> unique_name, Label* if_found_fast,
2610  Label* if_found_dict, Label* if_found_global,
2611  TVariable<HeapObject>* var_meta_storage,
2612  TVariable<IntPtrT>* var_name_index,
2613  Label* if_not_found, Label* if_bailout);
2614 
2615  // This is a building block for TryLookupProperty() above. Supports only
2616  // non-special fast and dictionary objects.
2617  void TryLookupPropertyInSimpleObject(TNode<JSObject> object, TNode<Map> map,
2618  TNode<Name> unique_name,
2619  Label* if_found_fast,
2620  Label* if_found_dict,
2621  TVariable<HeapObject>* var_meta_storage,
2622  TVariable<IntPtrT>* var_name_index,
2623  Label* if_not_found);
2624 
2625  // This method jumps to if_found if the element is known to exist. To
2626  // if_absent if it's known to not exist. To if_not_found if the prototype
2627  // chain needs to be checked. And if_bailout if the lookup is unsupported.
2628  void TryLookupElement(Node* object, Node* map,
2629  SloppyTNode<Int32T> instance_type,
2630  SloppyTNode<IntPtrT> intptr_index, Label* if_found,
2631  Label* if_absent, Label* if_not_found,
2632  Label* if_bailout);
2633 
2634  // This is a type of a lookup in holder generator function. In case of a
2635  // property lookup the {key} is guaranteed to be an unique name and in case of
2636  // element lookup the key is an Int32 index.
2637  typedef std::function<void(Node* receiver, Node* holder, Node* map,
2638  Node* instance_type, Node* key, Label* next_holder,
2639  Label* if_bailout)>
2640  LookupInHolder;
2641 
2642  // For integer indexed exotic cases, check if the given string cannot be a
2643  // special index. If we are not sure that the given string is not a special
2644  // index with a simple check, return False. Note that "False" return value
2645  // does not mean that the name_string is a special index in the current
2646  // implementation.
2647  void BranchIfMaybeSpecialIndex(TNode<String> name_string,
2648  Label* if_maybe_special_index,
2649  Label* if_not_special_index);
2650 
2651  // Generic property prototype chain lookup generator.
2652  // For properties it generates lookup using given {lookup_property_in_holder}
2653  // and for elements it uses {lookup_element_in_holder}.
2654  // Upon reaching the end of prototype chain the control goes to {if_end}.
2655  // If it can't handle the case {receiver}/{key} case then the control goes
2656  // to {if_bailout}.
2657  // If {if_proxy} is nullptr, proxies go to if_bailout.
2658  void TryPrototypeChainLookup(Node* receiver, Node* key,
2659  const LookupInHolder& lookup_property_in_holder,
2660  const LookupInHolder& lookup_element_in_holder,
2661  Label* if_end, Label* if_bailout,
2662  Label* if_proxy = nullptr);
2663 
2664  // Instanceof helpers.
2665  // Returns true if {object} has {prototype} somewhere in it's prototype
2666  // chain, otherwise false is returned. Might cause arbitrary side effects
2667  // due to [[GetPrototypeOf]] invocations.
2668  Node* HasInPrototypeChain(Node* context, Node* object, Node* prototype);
2669  // ES6 section 7.3.19 OrdinaryHasInstance (C, O)
2670  Node* OrdinaryHasInstance(Node* context, Node* callable, Node* object);
2671 
2672  // Load type feedback vector from the stub caller's frame.
2673  TNode<FeedbackVector> LoadFeedbackVectorForStub();
2674 
2675  // Load type feedback vector for the given closure.
2676  TNode<FeedbackVector> LoadFeedbackVector(SloppyTNode<JSFunction> closure,
2677  Label* if_undefined = nullptr);
2678 
2679  // Load the object from feedback vector cell for the given closure.
2680  // The returned object could be undefined if the closure does not have
2681  // a feedback vector associated with it.
2682  TNode<Object> LoadFeedbackVectorUnchecked(SloppyTNode<JSFunction> closure);
2683 
2684  // Update the type feedback vector.
2685  void UpdateFeedback(Node* feedback, Node* feedback_vector, Node* slot_id);
2686 
2687  // Report that there was a feedback update, performing any tasks that should
2688  // be done after a feedback update.
2689  void ReportFeedbackUpdate(SloppyTNode<FeedbackVector> feedback_vector,
2690  SloppyTNode<IntPtrT> slot_id, const char* reason);
2691 
2692  // Combine the new feedback with the existing_feedback. Do nothing if
2693  // existing_feedback is nullptr.
2694  void CombineFeedback(Variable* existing_feedback, int feedback);
2695  void CombineFeedback(Variable* existing_feedback, Node* feedback);
2696 
2697  // Overwrite the existing feedback with new_feedback. Do nothing if
2698  // existing_feedback is nullptr.
2699  void OverwriteFeedback(Variable* existing_feedback, int new_feedback);
2700 
2701  // Check if a property name might require protector invalidation when it is
2702  // used for a property store or deletion.
2703  void CheckForAssociatedProtector(Node* name, Label* if_protector);
2704 
2705  TNode<Map> LoadReceiverMap(SloppyTNode<Object> receiver);
2706 
2707  // Emits keyed sloppy arguments load. Returns either the loaded value.
2708  Node* LoadKeyedSloppyArguments(Node* receiver, Node* key, Label* bailout) {
2709  return EmitKeyedSloppyArguments(receiver, key, nullptr, bailout);
2710  }
2711 
2712  // Emits keyed sloppy arguments store.
2713  void StoreKeyedSloppyArguments(Node* receiver, Node* key, Node* value,
2714  Label* bailout) {
2715  DCHECK_NOT_NULL(value);
2716  EmitKeyedSloppyArguments(receiver, key, value, bailout);
2717  }
2718 
2719  // Loads script context from the script context table.
2720  TNode<Context> LoadScriptContext(TNode<Context> context,
2721  TNode<IntPtrT> context_index);
2722 
2723  Node* Int32ToUint8Clamped(Node* int32_value);
2724  Node* Float64ToUint8Clamped(Node* float64_value);
2725 
2726  Node* PrepareValueForWriteToTypedArray(TNode<Object> input,
2727  ElementsKind elements_kind,
2728  TNode<Context> context);
2729 
2730  // Store value to an elements array with given elements kind.
2731  void StoreElement(Node* elements, ElementsKind kind, Node* index, Node* value,
2732  ParameterMode mode);
2733 
2734  void EmitBigTypedArrayElementStore(TNode<JSTypedArray> object,
2735  TNode<FixedTypedArrayBase> elements,
2736  TNode<IntPtrT> intptr_key,
2737  TNode<Object> value,
2738  TNode<Context> context,
2739  Label* opt_if_neutered);
2740  // Part of the above, refactored out to reuse in another place.
2741  void EmitBigTypedArrayElementStore(TNode<FixedTypedArrayBase> elements,
2742  TNode<RawPtrT> backing_store,
2743  TNode<IntPtrT> offset,
2744  TNode<BigInt> bigint_value);
2745  // Implements the BigInt part of
2746  // https://tc39.github.io/proposal-bigint/#sec-numbertorawbytes,
2747  // including truncation to 64 bits (i.e. modulo 2^64).
2748  // {var_high} is only used on 32-bit platforms.
2749  void BigIntToRawBytes(TNode<BigInt> bigint, TVariable<UintPtrT>* var_low,
2750  TVariable<UintPtrT>* var_high);
2751 
2752  void EmitElementStore(Node* object, Node* key, Node* value,
2753  ElementsKind elements_kind,
2754  KeyedAccessStoreMode store_mode, Label* bailout,
2755  Node* context);
2756 
2757  Node* CheckForCapacityGrow(Node* object, Node* elements, ElementsKind kind,
2758  Node* length, Node* key, ParameterMode mode,
2759  Label* bailout);
2760 
2761  Node* CopyElementsOnWrite(Node* object, Node* elements, ElementsKind kind,
2762  Node* length, ParameterMode mode, Label* bailout);
2763 
2764  void TransitionElementsKind(Node* object, Node* map, ElementsKind from_kind,
2765  ElementsKind to_kind, Label* bailout);
2766 
2767  void TrapAllocationMemento(Node* object, Label* memento_found);
2768 
2769  TNode<IntPtrT> PageFromAddress(TNode<IntPtrT> address);
2770 
2771  // Store a weak in-place reference into the FeedbackVector.
2772  TNode<MaybeObject> StoreWeakReferenceInFeedbackVector(
2773  SloppyTNode<FeedbackVector> feedback_vector, Node* slot,
2774  SloppyTNode<HeapObject> value, int additional_offset = 0,
2775  ParameterMode parameter_mode = INTPTR_PARAMETERS);
2776 
2777  // Create a new AllocationSite and install it into a feedback vector.
2778  TNode<AllocationSite> CreateAllocationSiteInFeedbackVector(
2779  SloppyTNode<FeedbackVector> feedback_vector, TNode<Smi> slot);
2780 
2781  // TODO(ishell, cbruni): Change to HasBoilerplate.
2782  TNode<BoolT> NotHasBoilerplate(TNode<Object> maybe_literal_site);
2783  TNode<Smi> LoadTransitionInfo(TNode<AllocationSite> allocation_site);
2784  TNode<JSObject> LoadBoilerplate(TNode<AllocationSite> allocation_site);
2785  TNode<Int32T> LoadElementsKind(TNode<AllocationSite> allocation_site);
2786 
2787  enum class IndexAdvanceMode { kPre, kPost };
2788 
2789  typedef std::function<void(Node* index)> FastLoopBody;
2790 
2791  Node* BuildFastLoop(const VariableList& var_list, Node* start_index,
2792  Node* end_index, const FastLoopBody& body, int increment,
2793  ParameterMode parameter_mode,
2794  IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre);
2795 
2796  Node* BuildFastLoop(Node* start_index, Node* end_index,
2797  const FastLoopBody& body, int increment,
2798  ParameterMode parameter_mode,
2799  IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre) {
2800  return BuildFastLoop(VariableList(0, zone()), start_index, end_index, body,
2801  increment, parameter_mode, advance_mode);
2802  }
2803 
2804  enum class ForEachDirection { kForward, kReverse };
2805 
2806  typedef std::function<void(Node* fixed_array, Node* offset)>
2807  FastFixedArrayForEachBody;
2808 
2809  void BuildFastFixedArrayForEach(
2810  const CodeStubAssembler::VariableList& vars, Node* fixed_array,
2811  ElementsKind kind, Node* first_element_inclusive,
2812  Node* last_element_exclusive, const FastFixedArrayForEachBody& body,
2813  ParameterMode mode = INTPTR_PARAMETERS,
2814  ForEachDirection direction = ForEachDirection::kReverse);
2815 
2816  void BuildFastFixedArrayForEach(
2817  Node* fixed_array, ElementsKind kind, Node* first_element_inclusive,
2818  Node* last_element_exclusive, const FastFixedArrayForEachBody& body,
2819  ParameterMode mode = INTPTR_PARAMETERS,
2820  ForEachDirection direction = ForEachDirection::kReverse) {
2821  CodeStubAssembler::VariableList list(0, zone());
2822  BuildFastFixedArrayForEach(list, fixed_array, kind, first_element_inclusive,
2823  last_element_exclusive, body, mode, direction);
2824  }
2825 
2826  TNode<IntPtrT> GetArrayAllocationSize(Node* element_count, ElementsKind kind,
2827  ParameterMode mode, int header_size) {
2828  return ElementOffsetFromIndex(element_count, kind, mode, header_size);
2829  }
2830 
2831  TNode<IntPtrT> GetFixedArrayAllocationSize(Node* element_count,
2832  ElementsKind kind,
2833  ParameterMode mode) {
2834  return GetArrayAllocationSize(element_count, kind, mode,
2835  FixedArray::kHeaderSize);
2836  }
2837 
2838  TNode<IntPtrT> GetPropertyArrayAllocationSize(Node* element_count,
2839  ParameterMode mode) {
2840  return GetArrayAllocationSize(element_count, PACKED_ELEMENTS, mode,
2841  PropertyArray::kHeaderSize);
2842  }
2843 
2844  void GotoIfFixedArraySizeDoesntFitInNewSpace(Node* element_count,
2845  Label* doesnt_fit, int base_size,
2846  ParameterMode mode);
2847 
2848  void InitializeFieldsWithRoot(Node* object, Node* start_offset,
2849  Node* end_offset, RootIndex root);
2850 
2851  Node* RelationalComparison(Operation op, Node* left, Node* right,
2852  Node* context,
2853  Variable* var_type_feedback = nullptr);
2854 
2855  void BranchIfNumberRelationalComparison(Operation op, Node* left, Node* right,
2856  Label* if_true, Label* if_false);
2857 
2858  void BranchIfNumberEqual(TNode<Number> left, TNode<Number> right,
2859  Label* if_true, Label* if_false) {
2860  BranchIfNumberRelationalComparison(Operation::kEqual, left, right, if_true,
2861  if_false);
2862  }
2863 
2864  void BranchIfNumberNotEqual(TNode<Number> left, TNode<Number> right,
2865  Label* if_true, Label* if_false) {
2866  BranchIfNumberEqual(left, right, if_false, if_true);
2867  }
2868 
2869  void BranchIfNumberLessThan(TNode<Number> left, TNode<Number> right,
2870  Label* if_true, Label* if_false) {
2871  BranchIfNumberRelationalComparison(Operation::kLessThan, left, right,
2872  if_true, if_false);
2873  }
2874 
2875  void BranchIfNumberLessThanOrEqual(TNode<Number> left, TNode<Number> right,
2876  Label* if_true, Label* if_false) {
2877  BranchIfNumberRelationalComparison(Operation::kLessThanOrEqual, left, right,
2878  if_true, if_false);
2879  }
2880 
2881  void BranchIfNumberGreaterThan(TNode<Number> left, TNode<Number> right,
2882  Label* if_true, Label* if_false) {
2883  BranchIfNumberRelationalComparison(Operation::kGreaterThan, left, right,
2884  if_true, if_false);
2885  }
2886 
2887  void BranchIfNumberGreaterThanOrEqual(TNode<Number> left, TNode<Number> right,
2888  Label* if_true, Label* if_false) {
2889  BranchIfNumberRelationalComparison(Operation::kGreaterThanOrEqual, left,
2890  right, if_true, if_false);
2891  }
2892 
2893  void BranchIfAccessorPair(Node* value, Label* if_accessor_pair,
2894  Label* if_not_accessor_pair) {
2895  GotoIf(TaggedIsSmi(value), if_not_accessor_pair);
2896  Branch(IsAccessorPair(value), if_accessor_pair, if_not_accessor_pair);
2897  }
2898 
2899  void GotoIfNumberGreaterThanOrEqual(Node* left, Node* right, Label* if_false);
2900 
2901  Node* Equal(Node* lhs, Node* rhs, Node* context,
2902  Variable* var_type_feedback = nullptr);
2903 
2904  Node* StrictEqual(Node* lhs, Node* rhs,
2905  Variable* var_type_feedback = nullptr);
2906 
2907  // ECMA#sec-samevalue
2908  // Similar to StrictEqual except that NaNs are treated as equal and minus zero
2909  // differs from positive zero.
2910  void BranchIfSameValue(Node* lhs, Node* rhs, Label* if_true, Label* if_false);
2911 
2912  enum HasPropertyLookupMode { kHasProperty, kForInHasProperty };
2913 
2914  TNode<Oddball> HasProperty(SloppyTNode<Context> context,
2915  SloppyTNode<Object> object,
2916  SloppyTNode<Object> key,
2917  HasPropertyLookupMode mode);
2918 
2919  // Due to naming conflict with the builtin function namespace.
2920  TNode<Oddball> HasProperty_Inline(TNode<Context> context,
2921  TNode<JSReceiver> object,
2922  TNode<Object> key) {
2923  return HasProperty(context, object, key,
2924  HasPropertyLookupMode::kHasProperty);
2925  }
2926 
2927  Node* Typeof(Node* value);
2928 
2929  TNode<Object> GetSuperConstructor(SloppyTNode<Context> context,
2930  SloppyTNode<JSFunction> active_function);
2931 
2932  TNode<JSReceiver> SpeciesConstructor(
2933  SloppyTNode<Context> context, SloppyTNode<Object> object,
2934  SloppyTNode<JSReceiver> default_constructor);
2935 
2936  Node* InstanceOf(Node* object, Node* callable, Node* context);
2937 
2938  // Debug helpers
2939  Node* IsDebugActive();
2940 
2941  TNode<BoolT> IsRuntimeCallStatsEnabled();
2942 
2943  // JSArrayBuffer helpers
2944  TNode<Uint32T> LoadJSArrayBufferBitField(TNode<JSArrayBuffer> array_buffer);
2945  TNode<RawPtrT> LoadJSArrayBufferBackingStore(
2946  TNode<JSArrayBuffer> array_buffer);
2947  Node* IsDetachedBuffer(Node* buffer);
2948  void ThrowIfArrayBufferIsDetached(SloppyTNode<Context> context,
2949  TNode<JSArrayBuffer> array_buffer,
2950  const char* method_name);
2951 
2952  // JSArrayBufferView helpers
2953  TNode<JSArrayBuffer> LoadJSArrayBufferViewBuffer(
2954  TNode<JSArrayBufferView> array_buffer_view);
2955  TNode<UintPtrT> LoadJSArrayBufferViewByteLength(
2956  TNode<JSArrayBufferView> array_buffer_view);
2957  TNode<UintPtrT> LoadJSArrayBufferViewByteOffset(
2958  TNode<JSArrayBufferView> array_buffer_view);
2959  void ThrowIfArrayBufferViewBufferIsDetached(
2960  SloppyTNode<Context> context, TNode<JSArrayBufferView> array_buffer_view,
2961  const char* method_name);
2962 
2963  // JSTypedArray helpers
2964  TNode<Smi> LoadJSTypedArrayLength(TNode<JSTypedArray> typed_array);
2965 
2966  TNode<IntPtrT> ElementOffsetFromIndex(Node* index, ElementsKind kind,
2967  ParameterMode mode, int base_size = 0);
2968 
2969  // Check that a field offset is within the bounds of the an object.
2970  TNode<BoolT> IsOffsetInBounds(SloppyTNode<IntPtrT> offset,
2971  SloppyTNode<IntPtrT> length, int header_size,
2972  ElementsKind kind = HOLEY_ELEMENTS);
2973 
2974  // Load a builtin's code from the builtin array in the isolate.
2975  TNode<Code> LoadBuiltin(TNode<Smi> builtin_id);
2976 
2977  // Figure out the SFI's code object using its data field.
2978  // If |if_compile_lazy| is provided then the execution will go to the given
2979  // label in case of an CompileLazy code object.
2980  TNode<Code> GetSharedFunctionInfoCode(
2981  SloppyTNode<SharedFunctionInfo> shared_info,
2982  Label* if_compile_lazy = nullptr);
2983 
2984  Node* AllocateFunctionWithMapAndContext(Node* map, Node* shared_info,
2985  Node* context);
2986 
2987  // Promise helpers
2988  Node* IsPromiseHookEnabled();
2989  Node* HasAsyncEventDelegate();
2990  Node* IsPromiseHookEnabledOrHasAsyncEventDelegate();
2991  Node* IsPromiseHookEnabledOrDebugIsActiveOrHasAsyncEventDelegate();
2992 
2993  // Helpers for StackFrame markers.
2994  Node* MarkerIsFrameType(Node* marker_or_function,
2995  StackFrame::Type frame_type);
2996  Node* MarkerIsNotFrameType(Node* marker_or_function,
2997  StackFrame::Type frame_type);
2998 
2999  // for..in helpers
3000  void CheckPrototypeEnumCache(Node* receiver, Node* receiver_map,
3001  Label* if_fast, Label* if_slow);
3002  Node* CheckEnumCache(Node* receiver, Label* if_empty, Label* if_runtime);
3003 
3004  TNode<IntPtrT> GetArgumentsLength(CodeStubArguments* args);
3005  TNode<Object> GetArgumentValue(CodeStubArguments* args, TNode<IntPtrT> index);
3006 
3007  // Support for printf-style debugging
3008  void Print(const char* s);
3009  void Print(const char* prefix, Node* tagged_value);
3010  inline void Print(SloppyTNode<Object> tagged_value) {
3011  return Print(nullptr, tagged_value);
3012  }
3013  inline void Print(TNode<MaybeObject> tagged_value) {
3014  return Print(nullptr, tagged_value);
3015  }
3016 
3017  template <class... TArgs>
3018  Node* MakeTypeError(MessageTemplate message, Node* context, TArgs... args) {
3019  STATIC_ASSERT(sizeof...(TArgs) <= 3);
3020  Node* const make_type_error = LoadContextElement(
3021  LoadNativeContext(context), Context::MAKE_TYPE_ERROR_INDEX);
3022  return CallJS(CodeFactory::Call(isolate()), context, make_type_error,
3023  UndefinedConstant(), SmiConstant(message), args...);
3024  }
3025 
3026  void Abort(AbortReason reason) {
3027  CallRuntime(Runtime::kAbort, NoContextConstant(), SmiConstant(reason));
3028  Unreachable();
3029  }
3030 
3031  bool ConstexprBoolNot(bool value) { return !value; }
3032 
3033  bool ConstexprInt31Equal(int31_t a, int31_t b) { return a == b; }
3034  uint32_t ConstexprUint32Add(uint32_t a, uint32_t b) { return a + b; }
3035 
3036  void PerformStackCheck(TNode<Context> context);
3037 
3038  void SetPropertyLength(TNode<Context> context, TNode<Object> array,
3039  TNode<Number> length);
3040 
3041  // Checks that {object_map}'s prototype map is the {initial_prototype_map} and
3042  // makes sure that the field with name at index {descriptor} is still
3043  // constant. If it is not, go to label {if_modified}.
3044  //
3045  // To make the checks robust, the method also asserts that the descriptor has
3046  // the right key, the caller must pass the root index of the key
3047  // in {field_name_root_index}.
3048  //
3049  // This is useful for checking that given function has not been patched
3050  // on the prototype.
3051  void GotoIfInitialPrototypePropertyModified(TNode<Map> object_map,
3052  TNode<Map> initial_prototype_map,
3053  int descfriptor,
3054  RootIndex field_name_root_index,
3055  Label* if_modified);
3056  struct DescriptorIndexAndName {
3057  DescriptorIndexAndName() {}
3058  DescriptorIndexAndName(int descriptor_index, RootIndex name_root_index)
3059  : descriptor_index(descriptor_index),
3060  name_root_index(name_root_index) {}
3061 
3062  int descriptor_index;
3063  RootIndex name_root_index;
3064  };
3065  void GotoIfInitialPrototypePropertiesModified(
3066  TNode<Map> object_map, TNode<Map> initial_prototype_map,
3067  Vector<DescriptorIndexAndName> properties, Label* if_modified);
3068 
3069  // Implements DescriptorArray::Search().
3070  void DescriptorLookup(SloppyTNode<Name> unique_name,
3071  SloppyTNode<DescriptorArray> descriptors,
3072  SloppyTNode<Uint32T> bitfield3, Label* if_found,
3073  TVariable<IntPtrT>* var_name_index,
3074  Label* if_not_found);
3075 
3076  // Implements TransitionArray::SearchName() - searches for first transition
3077  // entry with given name (note that there could be multiple entries with
3078  // the same name).
3079  void TransitionLookup(SloppyTNode<Name> unique_name,
3080  SloppyTNode<TransitionArray> transitions,
3081  Label* if_found, TVariable<IntPtrT>* var_name_index,
3082  Label* if_not_found);
3083 
3084  // Implements generic search procedure like i::Search<Array>().
3085  template <typename Array>
3086  void Lookup(TNode<Name> unique_name, TNode<Array> array,
3087  TNode<Uint32T> number_of_valid_entries, Label* if_found,
3088  TVariable<IntPtrT>* var_name_index, Label* if_not_found);
3089 
3090  // Implements generic linear search procedure like i::LinearSearch<Array>().
3091  template <typename Array>
3092  void LookupLinear(TNode<Name> unique_name, TNode<Array> array,
3093  TNode<Uint32T> number_of_valid_entries, Label* if_found,
3094  TVariable<IntPtrT>* var_name_index, Label* if_not_found);
3095 
3096  // Implements generic binary search procedure like i::BinarySearch<Array>().
3097  template <typename Array>
3098  void LookupBinary(TNode<Name> unique_name, TNode<Array> array,
3099  TNode<Uint32T> number_of_valid_entries, Label* if_found,
3100  TVariable<IntPtrT>* var_name_index, Label* if_not_found);
3101 
3102  // Converts [Descriptor/Transition]Array entry number to a fixed array index.
3103  template <typename Array>
3104  TNode<IntPtrT> EntryIndexToIndex(TNode<Uint32T> entry_index);
3105 
3106  // Implements [Descriptor/Transition]Array::ToKeyIndex.
3107  template <typename Array>
3108  TNode<IntPtrT> ToKeyIndex(TNode<Uint32T> entry_index);
3109 
3110  // Implements [Descriptor/Transition]Array::GetKey.
3111  template <typename Array>
3112  TNode<Name> GetKey(TNode<Array> array, TNode<Uint32T> entry_index);
3113 
3114  // Implements DescriptorArray::GetDetails.
3115  TNode<Uint32T> DescriptorArrayGetDetails(TNode<DescriptorArray> descriptors,
3116  TNode<Uint32T> descriptor_number);
3117 
3118  typedef std::function<void(TNode<IntPtrT> descriptor_key_index)>
3119  ForEachDescriptorBodyFunction;
3120 
3121  void DescriptorArrayForEach(VariableList& variable_list,
3122  TNode<Uint32T> start_descriptor,
3123  TNode<Uint32T> end_descriptor,
3124  const ForEachDescriptorBodyFunction& body);
3125 
3126  // Descriptor array accessors based on key_index, which is equal to
3127  // DescriptorArray::ToKeyIndex(descriptor).
3128  TNode<Name> LoadKeyByKeyIndex(TNode<DescriptorArray> container,
3129  TNode<IntPtrT> key_index);
3130  TNode<Uint32T> LoadDetailsByKeyIndex(TNode<DescriptorArray> container,
3131  TNode<IntPtrT> key_index);
3132  TNode<Object> LoadValueByKeyIndex(TNode<DescriptorArray> container,
3133  TNode<IntPtrT> key_index);
3134  TNode<MaybeObject> LoadFieldTypeByKeyIndex(TNode<DescriptorArray> container,
3135  TNode<IntPtrT> key_index);
3136 
3137  TNode<IntPtrT> DescriptorEntryToIndex(TNode<IntPtrT> descriptor);
3138 
3139  // Descriptor array accessors based on descriptor.
3140  TNode<Name> LoadKeyByDescriptorEntry(TNode<DescriptorArray> descriptors,
3141  TNode<IntPtrT> descriptor);
3142  TNode<Name> LoadKeyByDescriptorEntry(TNode<DescriptorArray> descriptors,
3143  int descriptor);
3144  TNode<Uint32T> LoadDetailsByDescriptorEntry(
3145  TNode<DescriptorArray> descriptors, TNode<IntPtrT> descriptor);
3146  TNode<Uint32T> LoadDetailsByDescriptorEntry(
3147  TNode<DescriptorArray> descriptors, int descriptor);
3148  TNode<Object> LoadValueByDescriptorEntry(TNode<DescriptorArray> descriptors,
3149  int descriptor);
3150  TNode<MaybeObject> LoadFieldTypeByDescriptorEntry(
3151  TNode<DescriptorArray> descriptors, TNode<IntPtrT> descriptor);
3152 
3153  typedef std::function<void(TNode<Name> key, TNode<Object> value)>
3154  ForEachKeyValueFunction;
3155 
3156  // For each JSObject property (in DescriptorArray order), check if the key is
3157  // enumerable, and if so, load the value from the receiver and evaluate the
3158  // closure.
3159  void ForEachEnumerableOwnProperty(TNode<Context> context, TNode<Map> map,
3160  TNode<JSObject> object,
3161  const ForEachKeyValueFunction& body,
3162  Label* bailout);
3163 
3164  TNode<Object> CallGetterIfAccessor(Node* value, Node* details, Node* context,
3165  Node* receiver, Label* if_bailout,
3166  GetOwnPropertyMode mode = kCallJSGetter);
3167 
3168  TNode<IntPtrT> TryToIntptr(Node* key, Label* miss);
3169 
3170  void BranchIfPrototypesHaveNoElements(Node* receiver_map,
3171  Label* definitely_no_elements,
3172  Label* possibly_elements);
3173 
3174  void InitializeFunctionContext(Node* native_context, Node* context,
3175  int slots);
3176 
3177  TNode<JSArray> ArrayCreate(TNode<Context> context, TNode<Number> length);
3178 
3179  // Allocate a clone of a mutable primitive, if {object} is a
3180  // MutableHeapNumber.
3181  TNode<Object> CloneIfMutablePrimitive(TNode<Object> object);
3182 
3183  private:
3184  friend class CodeStubArguments;
3185 
3186  void HandleBreakOnNode();
3187 
3188  TNode<HeapObject> AllocateRawDoubleAligned(TNode<IntPtrT> size_in_bytes,
3189  AllocationFlags flags,
3190  TNode<RawPtrT> top_address,
3191  TNode<RawPtrT> limit_address);
3192  TNode<HeapObject> AllocateRawUnaligned(TNode<IntPtrT> size_in_bytes,
3193  AllocationFlags flags,
3194  TNode<RawPtrT> top_address,
3195  TNode<RawPtrT> limit_address);
3196  TNode<HeapObject> AllocateRaw(TNode<IntPtrT> size_in_bytes,
3197  AllocationFlags flags,
3198  TNode<RawPtrT> top_address,
3199  TNode<RawPtrT> limit_address);
3200 
3201  // Allocate and return a JSArray of given total size in bytes with header
3202  // fields initialized.
3203  TNode<JSArray> AllocateUninitializedJSArray(TNode<Map> array_map,
3204  TNode<Smi> length,
3205  Node* allocation_site,
3206  TNode<IntPtrT> size_in_bytes);
3207 
3208  TNode<BoolT> IsValidSmi(TNode<Smi> smi);
3209  Node* SmiShiftBitsConstant();
3210 
3211  // Emits keyed sloppy arguments load if the |value| is nullptr or store
3212  // otherwise. Returns either the loaded value or |value|.
3213  Node* EmitKeyedSloppyArguments(Node* receiver, Node* key, Node* value,
3214  Label* bailout);
3215 
3216  TNode<String> AllocateSlicedString(RootIndex map_root_index,
3217  TNode<Uint32T> length,
3218  TNode<String> parent, TNode<Smi> offset);
3219 
3220  TNode<String> AllocateConsString(RootIndex map_root_index,
3221  TNode<Uint32T> length, TNode<String> first,
3222  TNode<String> second, AllocationFlags flags);
3223 
3224  // Allocate a MutableHeapNumber without initializing its value.
3225  TNode<MutableHeapNumber> AllocateMutableHeapNumber();
3226 
3227  Node* SelectImpl(TNode<BoolT> condition, const NodeGenerator& true_body,
3228  const NodeGenerator& false_body, MachineRepresentation rep);
3229 
3230  // Implements [Descriptor/Transition]Array::number_of_entries.
3231  template <typename Array>
3232  TNode<Uint32T> NumberOfEntries(TNode<Array> array);
3233 
3234  // Implements [Descriptor/Transition]Array::GetSortedKeyIndex.
3235  template <typename Array>
3236  TNode<Uint32T> GetSortedKeyIndex(TNode<Array> descriptors,
3237  TNode<Uint32T> entry_index);
3238 
3239  TNode<Smi> CollectFeedbackForString(SloppyTNode<Int32T> instance_type);
3240  void GenerateEqual_Same(Node* value, Label* if_equal, Label* if_notequal,
3241  Variable* var_type_feedback = nullptr);
3242  TNode<String> AllocAndCopyStringCharacters(Node* from,
3243  Node* from_instance_type,
3244  TNode<IntPtrT> from_index,
3245  TNode<IntPtrT> character_count);
3246 
3247  static const int kElementLoopUnrollThreshold = 8;
3248 
3249  // {convert_bigint} is only meaningful when {mode} == kToNumber.
3250  Node* NonNumberToNumberOrNumeric(
3251  Node* context, Node* input, Object::Conversion mode,
3252  BigIntHandling bigint_handling = BigIntHandling::kThrow);
3253 
3254  void TaggedToNumeric(Node* context, Node* value, Label* done,
3255  Variable* var_numeric, Variable* var_feedback);
3256 
3257  template <Object::Conversion conversion>
3258  void TaggedToWord32OrBigIntImpl(Node* context, Node* value, Label* if_number,
3259  Variable* var_word32,
3260  Label* if_bigint = nullptr,
3261  Variable* var_bigint = nullptr,
3262  Variable* var_feedback = nullptr);
3263 
3264  private:
3265  // Low-level accessors for Descriptor arrays.
3266  TNode<MaybeObject> LoadDescriptorArrayElement(TNode<DescriptorArray> object,
3267  Node* index,
3268  int additional_offset = 0);
3269 };
3270 
3271 class CodeStubArguments {
3272  public:
3273  typedef compiler::Node Node;
3274  template <class T>
3275  using TNode = compiler::TNode<T>;
3276  template <class T>
3277  using SloppyTNode = compiler::SloppyTNode<T>;
3278  enum ReceiverMode { kHasReceiver, kNoReceiver };
3279 
3280  // |argc| is an intptr value which specifies the number of arguments passed
3281  // to the builtin excluding the receiver. The arguments will include a
3282  // receiver iff |receiver_mode| is kHasReceiver.
3283  CodeStubArguments(CodeStubAssembler* assembler, Node* argc,
3284  ReceiverMode receiver_mode = ReceiverMode::kHasReceiver)
3285  : CodeStubArguments(assembler, argc, nullptr,
3286  CodeStubAssembler::INTPTR_PARAMETERS, receiver_mode) {
3287  }
3288 
3289  // |argc| is either a smi or intptr depending on |param_mode|. The arguments
3290  // include a receiver iff |receiver_mode| is kHasReceiver.
3291  CodeStubArguments(CodeStubAssembler* assembler, Node* argc, Node* fp,
3292  CodeStubAssembler::ParameterMode param_mode,
3293  ReceiverMode receiver_mode = ReceiverMode::kHasReceiver);
3294 
3295  TNode<Object> GetReceiver() const;
3296  // Replaces receiver argument on the expression stack. Should be used only
3297  // for manipulating arguments in trampoline builtins before tail calling
3298  // further with passing all the JS arguments as is.
3299  void SetReceiver(TNode<Object> object) const;
3300 
3301  TNode<RawPtr<Object>> AtIndexPtr(
3302  Node* index, CodeStubAssembler::ParameterMode mode =
3303  CodeStubAssembler::INTPTR_PARAMETERS) const;
3304 
3305  // |index| is zero-based and does not include the receiver
3306  TNode<Object> AtIndex(Node* index,
3307  CodeStubAssembler::ParameterMode mode =
3308  CodeStubAssembler::INTPTR_PARAMETERS) const;
3309 
3310  TNode<Object> AtIndex(int index) const;
3311 
3312  TNode<Object> GetOptionalArgumentValue(int index) {
3313  return GetOptionalArgumentValue(index, assembler_->UndefinedConstant());
3314  }
3315  TNode<Object> GetOptionalArgumentValue(int index,
3316  TNode<Object> default_value);
3317 
3318  Node* GetLength(CodeStubAssembler::ParameterMode mode) const {
3319  DCHECK_EQ(mode, argc_mode_);
3320  return argc_;
3321  }
3322 
3323  TNode<Object> GetOptionalArgumentValue(TNode<IntPtrT> index) {
3324  return GetOptionalArgumentValue(index, assembler_->UndefinedConstant());
3325  }
3326  TNode<Object> GetOptionalArgumentValue(TNode<IntPtrT> index,
3327  TNode<Object> default_value);
3328  TNode<IntPtrT> GetLength() const {
3329  DCHECK_EQ(argc_mode_, CodeStubAssembler::INTPTR_PARAMETERS);
3330  return assembler_->UncheckedCast<IntPtrT>(argc_);
3331  }
3332 
3333  typedef std::function<void(Node* arg)> ForEachBodyFunction;
3334 
3335  // Iteration doesn't include the receiver. |first| and |last| are zero-based.
3336  void ForEach(const ForEachBodyFunction& body, Node* first = nullptr,
3337  Node* last = nullptr,
3338  CodeStubAssembler::ParameterMode mode =
3339  CodeStubAssembler::INTPTR_PARAMETERS) {
3340  CodeStubAssembler::VariableList list(0, assembler_->zone());
3341  ForEach(list, body, first, last);
3342  }
3343 
3344  // Iteration doesn't include the receiver. |first| and |last| are zero-based.
3345  void ForEach(const CodeStubAssembler::VariableList& vars,
3346  const ForEachBodyFunction& body, Node* first = nullptr,
3347  Node* last = nullptr,
3348  CodeStubAssembler::ParameterMode mode =
3349  CodeStubAssembler::INTPTR_PARAMETERS);
3350 
3351  void PopAndReturn(Node* value);
3352 
3353  private:
3354  Node* GetArguments();
3355 
3356  CodeStubAssembler* assembler_;
3357  CodeStubAssembler::ParameterMode argc_mode_;
3358  ReceiverMode receiver_mode_;
3359  Node* argc_;
3360  TNode<RawPtr<Object>> arguments_;
3361  Node* fp_;
3362 };
3363 
3364 class ToDirectStringAssembler : public CodeStubAssembler {
3365  private:
3366  enum StringPointerKind { PTR_TO_DATA, PTR_TO_STRING };
3367 
3368  public:
3369  enum Flag {
3370  kDontUnpackSlicedStrings = 1 << 0,
3371  };
3372  typedef base::Flags<Flag> Flags;
3373 
3374  ToDirectStringAssembler(compiler::CodeAssemblerState* state, Node* string,
3375  Flags flags = Flags());
3376 
3377  // Converts flat cons, thin, and sliced strings and returns the direct
3378  // string. The result can be either a sequential or external string.
3379  // Jumps to if_bailout if the string if the string is indirect and cannot
3380  // be unpacked.
3381  TNode<String> TryToDirect(Label* if_bailout);
3382 
3383  // Returns a pointer to the beginning of the string data.
3384  // Jumps to if_bailout if the external string cannot be unpacked.
3385  TNode<RawPtrT> PointerToData(Label* if_bailout) {
3386  return TryToSequential(PTR_TO_DATA, if_bailout);
3387  }
3388 
3389  // Returns a pointer that, offset-wise, looks like a String.
3390  // Jumps to if_bailout if the external string cannot be unpacked.
3391  TNode<RawPtrT> PointerToString(Label* if_bailout) {
3392  return TryToSequential(PTR_TO_STRING, if_bailout);
3393  }
3394 
3395  Node* string() { return var_string_.value(); }
3396  Node* instance_type() { return var_instance_type_.value(); }
3397  TNode<IntPtrT> offset() {
3398  return UncheckedCast<IntPtrT>(var_offset_.value());
3399  }
3400  Node* is_external() { return var_is_external_.value(); }
3401 
3402  private:
3403  TNode<RawPtrT> TryToSequential(StringPointerKind ptr_kind, Label* if_bailout);
3404 
3405  Variable var_string_;
3406  Variable var_instance_type_;
3407  Variable var_offset_;
3408  Variable var_is_external_;
3409 
3410  const Flags flags_;
3411 };
3412 
3413 DEFINE_OPERATORS_FOR_FLAGS(CodeStubAssembler::AllocationFlags);
3414 
3415 } // namespace internal
3416 } // namespace v8
3417 #endif // V8_CODE_STUB_ASSEMBLER_H_
v8
Definition: libplatform.h:13
uint32_t
v8::internal::int31_t
Definition: code-assembler.h:250