[stubs] Enable graph verification for builtins.

src/code-stub-assembler.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "src/code-stub-assembler.h"
 #include "src/code-factory.h"
 #include "src/frames-inl.h"
 #include "src/frames.h"
 
 namespace v8 {
 namespace internal {
@@ skipping 108 matching lines @@
   return LoadAndUntagToWord32Root(Heap::kHashSeedRootIndex);
 }
 
 Node* CodeStubAssembler::StaleRegisterConstant() {
   return LoadRoot(Heap::kStaleRegisterRootIndex);
 }
 
 Node* CodeStubAssembler::IntPtrOrSmiConstant(int value, ParameterMode mode) {
   if (mode == SMI_PARAMETERS) {
     return SmiConstant(Smi::FromInt(value));
+  } else if (mode == INTPTR_PARAMETERS) {
+    return IntPtrConstant(value);
   } else {
-    DCHECK(mode == INTEGER_PARAMETERS || mode == INTPTR_PARAMETERS);
-    return IntPtrConstant(value);
+    DCHECK_EQ(INTEGER_PARAMETERS, mode);
+    return Int32Constant(value);
   }
 }
 
 Node* CodeStubAssembler::IntPtrAddFoldConstants(Node* left, Node* right) {
   int32_t left_constant;
   bool is_left_constant = ToInt32Constant(left, left_constant);
   int32_t right_constant;
   bool is_right_constant = ToInt32Constant(right, right_constant);
   if (is_left_constant) {
     if (is_right_constant) {
@@ skipping 577 matching lines @@
 
 void CodeStubAssembler::BranchIfFastJSArray(
     Node* object, Node* context, CodeStubAssembler::FastJSArrayAccessMode mode,
     Label* if_true, Label* if_false) {
   // Bailout if receiver is a Smi.
   GotoIf(TaggedIsSmi(object), if_false);
 
   Node* map = LoadMap(object);
 
   // Bailout if instance type is not JS_ARRAY_TYPE.
-  GotoIf(WordNotEqual(LoadMapInstanceType(map), Int32Constant(JS_ARRAY_TYPE)),
+  GotoIf(Word32NotEqual(LoadMapInstanceType(map), Int32Constant(JS_ARRAY_TYPE)),
          if_false);
 
   Node* elements_kind = LoadMapElementsKind(map);
 
   // Bailout if receiver has slow elements.
   GotoUnless(IsFastElementsKind(elements_kind), if_false);
 
   // Check prototype chain if receiver does not have packed elements.
   if (mode == FastJSArrayAccessMode::INBOUNDS_READ) {
     GotoUnless(IsHoleyFastElementsKind(elements_kind), if_true);
@@ skipping 714 matching lines @@
 }
 
 Node* CodeStubAssembler::BuildAppendJSArray(ElementsKind kind, Node* context,
                                             Node* array,
                                             CodeStubArguments& args,
                                             Variable& arg_index,
                                             Label* bailout) {
   Comment("BuildAppendJSArray: %s", ElementsKindToString(kind));
   Label pre_bailout(this);
   Label success(this);
-  Variable elements(this, MachineRepresentation::kTagged);
+  Variable var_elements(this, MachineRepresentation::kTagged);
+  Variable var_tagged_length(this, MachineRepresentation::kTagged);
   ParameterMode mode = OptimalParameterMode();
-  Variable length(this, OptimalParameterRepresentation());
-  length.Bind(UntagParameter(LoadJSArrayLength(array), mode));
-  elements.Bind(LoadElements(array));
+  Variable var_length(this, OptimalParameterRepresentation());
+  var_length.Bind(TaggedToParameter(LoadJSArrayLength(array), mode));
+  var_elements.Bind(LoadElements(array));
   Node* capacity =
-      UntagParameter(LoadFixedArrayBaseLength(elements.value()), mode);
+      TaggedToParameter(LoadFixedArrayBaseLength(var_elements.value()), mode);
 
   // Resize the capacity of the fixed array if it doesn't fit.
-  Label fits(this, &elements);
+  Label fits(this, &var_elements);
   Node* first = arg_index.value();
   Node* growth = IntPtrSubFoldConstants(args.GetLength(), first);
-  Node* new_length = IntPtrAdd(
-      mode == INTPTR_PARAMETERS ? growth : SmiTag(growth), length.value());
-  GotoUnless(IntPtrGreaterThanOrEqual(new_length, capacity), &fits);
+  Node* new_length =
+      IntPtrOrSmiAdd(WordToParameter(growth, mode), var_length.value(), mode);
+  GotoUnless(IntPtrOrSmiGreaterThanOrEqual(new_length, capacity, mode), &fits);
   Node* new_capacity = CalculateNewElementsCapacity(
-      IntPtrAdd(new_length, IntPtrOrSmiConstant(1, mode)), mode);
-  elements.Bind(GrowElementsCapacity(array, elements.value(), kind, kind,
-                                     capacity, new_capacity, mode,
-                                     &pre_bailout));
+      IntPtrOrSmiAdd(new_length, IntPtrOrSmiConstant(1, mode), mode), mode);
+  var_elements.Bind(GrowElementsCapacity(array, var_elements.value(), kind,
+                                         kind, capacity, new_capacity, mode,
+                                         &pre_bailout));
   Goto(&fits);
   Bind(&fits);
+  Node* elements = var_elements.value();
 
   // Push each argument onto the end of the array now that there is enough
   // capacity.
-  CodeStubAssembler::VariableList push_vars({&length, &elements}, zone());
+  CodeStubAssembler::VariableList push_vars({&var_length}, zone());
   args.ForEach(
       push_vars,
-      [this, kind, mode, &length, &elements, &pre_bailout](Node* arg) {
+      [this, kind, mode, elements, &var_length, &pre_bailout](Node* arg) {
         if (IsFastSmiElementsKind(kind)) {
           GotoIf(TaggedIsNotSmi(arg), &pre_bailout);
         } else if (IsFastDoubleElementsKind(kind)) {
           GotoIfNotNumber(arg, &pre_bailout);
         }
         if (IsFastDoubleElementsKind(kind)) {
           Node* double_value = ChangeNumberToFloat64(arg);
-          StoreFixedDoubleArrayElement(elements.value(), length.value(),
+          StoreFixedDoubleArrayElement(elements, var_length.value(),
                                        Float64SilenceNaN(double_value), mode);
         } else {
           WriteBarrierMode barrier_mode = IsFastSmiElementsKind(kind)
                                               ? SKIP_WRITE_BARRIER
                                               : UPDATE_WRITE_BARRIER;
-          StoreFixedArrayElement(elements.value(), length.value(), arg,
+          StoreFixedArrayElement(elements, var_length.value(), arg,
                                  barrier_mode, 0, mode);
         }
-        Increment(length, 1, mode);
+        Increment(var_length, 1, mode);
       },
       first, nullptr);
-  length.Bind(TagParameter(length.value(), mode));
-  StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length.value());
-  Goto(&success);
+  {
+    Node* length = ParameterToTagged(var_length.value(), mode);
+    var_tagged_length.Bind(length);
+    StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length);
+    Goto(&success);
+  }
 
   Bind(&pre_bailout);
-  length.Bind(TagParameter(length.value(), mode));
-  Node* diff = SmiSub(length.value(), LoadJSArrayLength(array));
-  StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length.value());
-  arg_index.Bind(IntPtrAdd(arg_index.value(), SmiUntag(diff)));
-  Goto(bailout);
+  {
+    Node* length = ParameterToTagged(var_length.value(), mode);
+    var_tagged_length.Bind(length);
+    Node* diff = SmiSub(length, LoadJSArrayLength(array));
+    StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length);
+    arg_index.Bind(IntPtrAdd(arg_index.value(), SmiUntag(diff)));
+    Goto(bailout);
+  }
 
   Bind(&success);
-  return length.value();
+  return var_tagged_length.value();
 }
 
 Node* CodeStubAssembler::AllocateHeapNumber(MutableMode mode) {
   Node* result = Allocate(HeapNumber::kSize, kNone);
   Heap::RootListIndex heap_map_index =
       mode == IMMUTABLE ? Heap::kHeapNumberMapRootIndex
                         : Heap::kMutableHeapNumberMapRootIndex;
   StoreMapNoWriteBarrier(result, heap_map_index);
   return result;
 }
@@ skipping 36 matching lines @@
   Branch(IntPtrLessThanOrEqual(size, IntPtrConstant(kMaxRegularHeapObjectSize)),
          &if_sizeissmall, &if_notsizeissmall);
 
   Bind(&if_sizeissmall);
   {
     // Just allocate the SeqOneByteString in new space.
     Node* result = Allocate(size, flags);
     DCHECK(Heap::RootIsImmortalImmovable(Heap::kOneByteStringMapRootIndex));
     StoreMapNoWriteBarrier(result, Heap::kOneByteStringMapRootIndex);
     StoreObjectFieldNoWriteBarrier(result, SeqOneByteString::kLengthOffset,
-                                   TagParameter(length, mode));
+                                   ParameterToTagged(length, mode));
     // Initialize both used and unused parts of hash field slot at once.
     StoreObjectFieldNoWriteBarrier(result, SeqOneByteString::kHashFieldSlot,
                                    IntPtrConstant(String::kEmptyHashField),
                                    MachineType::PointerRepresentation());
     var_result.Bind(result);
     Goto(&if_join);
   }
 
   Bind(&if_notsizeissmall);
   {
     // We might need to allocate in large object space, go to the runtime.
     Node* result = CallRuntime(Runtime::kAllocateSeqOneByteString, context,
-                               TagParameter(length, mode));
+                               ParameterToTagged(length, mode));
     var_result.Bind(result);
     Goto(&if_join);
   }
 
   Bind(&if_join);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::AllocateSeqTwoByteString(int length,
                                                   AllocationFlags flags) {
@@ skipping 264 matching lines @@
                          SmiTag(capacity), SKIP_WRITE_BARRIER);
   // Initialize Dictionary fields.
   Node* filler = LoadRoot(Heap::kUndefinedValueRootIndex);
   StoreFixedArrayElement(result, NameDictionary::kMaxNumberKeyIndex, filler,
                          SKIP_WRITE_BARRIER);
   StoreFixedArrayElement(result, NameDictionary::kNextEnumerationIndexIndex,
                          SmiConstant(PropertyDetails::kInitialIndex),
                          SKIP_WRITE_BARRIER);
 
   // Initialize NameDictionary elements.
-  result = BitcastTaggedToWord(result);
+  Node* result_word = BitcastTaggedToWord(result);
   Node* start_address = IntPtrAdd(
-      result, IntPtrConstant(NameDictionary::OffsetOfElementAt(
-                                 NameDictionary::kElementsStartIndex) -
-                             kHeapObjectTag));
+      result_word, IntPtrConstant(NameDictionary::OffsetOfElementAt(
+                                      NameDictionary::kElementsStartIndex) -
+                                  kHeapObjectTag));
   Node* end_address = IntPtrAdd(
-      result,
+      result_word,
       IntPtrSubFoldConstants(store_size, IntPtrConstant(kHeapObjectTag)));
   StoreFieldsNoWriteBarrier(start_address, end_address, filler);
   return result;
 }
 
 Node* CodeStubAssembler::AllocateJSObjectFromMap(Node* map, Node* properties,
                                                  Node* elements) {
   CSA_ASSERT(this, IsMap(map));
   Node* size =
       IntPtrMul(LoadMapInstanceSize(map), IntPtrConstant(kPointerSize));
@@ skipping 25 matching lines @@
   }
   InitializeJSObjectBody(object, map, size, JSObject::kHeaderSize);
 }
 
 void CodeStubAssembler::InitializeJSObjectBody(Node* object, Node* map,
                                                Node* size, int start_offset) {
   // TODO(cbruni): activate in-object slack tracking machinery.
   Comment("InitializeJSObjectBody");
   Node* filler = LoadRoot(Heap::kUndefinedValueRootIndex);
   // Calculate the untagged field addresses.
+  object = BitcastTaggedToWord(object);
   Node* start_address =
       IntPtrAdd(object, IntPtrConstant(start_offset - kHeapObjectTag));
   Node* end_address =
       IntPtrSub(IntPtrAdd(object, size), IntPtrConstant(kHeapObjectTag));
   StoreFieldsNoWriteBarrier(start_address, end_address, filler);
 }
 
 void CodeStubAssembler::StoreFieldsNoWriteBarrier(Node* start_address,
                                                   Node* end_address,
                                                   Node* value) {
@@ skipping 78 matching lines @@
   Node *array, *elements;
   std::tie(array, elements) = AllocateUninitializedJSArrayWithElements(
       kind, array_map, length, allocation_site, capacity, capacity_mode);
   // Setup elements object.
   Heap::RootListIndex elements_map_index =
       IsFastDoubleElementsKind(kind) ? Heap::kFixedDoubleArrayMapRootIndex
                                      : Heap::kFixedArrayMapRootIndex;
   DCHECK(Heap::RootIsImmortalImmovable(elements_map_index));
   StoreMapNoWriteBarrier(elements, elements_map_index);
   StoreObjectFieldNoWriteBarrier(elements, FixedArray::kLengthOffset,
-                                 TagParameter(capacity, capacity_mode));
+                                 ParameterToTagged(capacity, capacity_mode));
 
   // Fill in the elements with holes.
   FillFixedArrayWithValue(kind, elements, IntPtrOrSmiConstant(0, capacity_mode),
                           capacity, Heap::kTheHoleValueRootIndex,
                           capacity_mode);
 
   return array;
 }
 
 Node* CodeStubAssembler::AllocateFixedArray(ElementsKind kind,
                                             Node* capacity_node,
                                             ParameterMode mode,
                                             AllocationFlags flags) {
   CSA_ASSERT(this, IntPtrOrSmiGreaterThan(capacity_node,
                                           IntPtrOrSmiConstant(0, mode), mode));
   Node* total_size = GetFixedArrayAllocationSize(capacity_node, kind, mode);
 
   // Allocate both array and elements object, and initialize the JSArray.
   Node* array = Allocate(total_size, flags);
   Heap::RootListIndex map_index = IsFastDoubleElementsKind(kind)
                                       ? Heap::kFixedDoubleArrayMapRootIndex
                                       : Heap::kFixedArrayMapRootIndex;
   DCHECK(Heap::RootIsImmortalImmovable(map_index));
   StoreMapNoWriteBarrier(array, map_index);
   StoreObjectFieldNoWriteBarrier(array, FixedArray::kLengthOffset,
-                                 TagParameter(capacity_node, mode));
+                                 ParameterToTagged(capacity_node, mode));
   return array;
 }
 
 void CodeStubAssembler::FillFixedArrayWithValue(
     ElementsKind kind, Node* array, Node* from_node, Node* to_node,
     Heap::RootListIndex value_root_index, ParameterMode mode) {
   bool is_double = IsFastDoubleElementsKind(kind);
   DCHECK(value_root_index == Heap::kTheHoleValueRootIndex ||
          value_root_index == Heap::kUndefinedValueRootIndex);
   DCHECK_IMPLIES(is_double, value_root_index == Heap::kTheHoleValueRootIndex);
@@ skipping 271 matching lines @@
     return unconditioned_result;
   }
 }
 
 Node* CodeStubAssembler::TryGrowElementsCapacity(Node* object, Node* elements,
                                                  ElementsKind kind, Node* key,
                                                  Label* bailout) {
   Node* capacity = LoadFixedArrayBaseLength(elements);
 
   ParameterMode mode = OptimalParameterMode();
-  capacity = UntagParameter(capacity, mode);
-  key = UntagParameter(key, mode);
+  capacity = TaggedToParameter(capacity, mode);
+  key = TaggedToParameter(key, mode);
 
   return TryGrowElementsCapacity(object, elements, kind, key, capacity, mode,
                                  bailout);
 }
 
 Node* CodeStubAssembler::TryGrowElementsCapacity(Node* object, Node* elements,
                                                  ElementsKind kind, Node* key,
                                                  Node* capacity,
                                                  ParameterMode mode,
                                                  Label* bailout) {
@@ skipping 355 matching lines @@
   Variable result(this, MachineRepresentation::kFloat64);
   Label smi(this);
   Label done(this, &result);
   GotoIf(TaggedIsSmi(value), &smi);
   result.Bind(
       LoadObjectField(value, HeapNumber::kValueOffset, MachineType::Float64()));
   Goto(&done);
 
   Bind(&smi);
   {
-    result.Bind(ChangeInt32ToFloat64(SmiUntag(value)));
+    result.Bind(SmiToFloat64(value));
     Goto(&done);
   }
 
   Bind(&done);
   return result.value();
 }
 
 Node* CodeStubAssembler::ToThisValue(Node* context, Node* value,
                                      PrimitiveType primitive_type,
                                      char const* method_name) {
@@ skipping 819 matching lines @@
 
 Node* CodeStubAssembler::StringIndexOfChar(Node* context, Node* string,
                                            Node* needle_char, Node* from) {
   CSA_ASSERT(this, IsString(string));
   Variable var_result(this, MachineRepresentation::kTagged);
 
   Label out(this), runtime(this, Label::kDeferred);
 
   // Let runtime handle non-one-byte {needle_char}.
 
-  Node* const one_byte_char_mask = IntPtrConstant(0xFF);
-  GotoUnless(WordEqual(WordAnd(needle_char, one_byte_char_mask), needle_char),
-             &runtime);
+  Node* const one_byte_char_mask = Int32Constant(0xFF);
+  GotoUnless(
+      Word32Equal(Word32And(needle_char, one_byte_char_mask), needle_char),
+      &runtime);
 
   // TODO(jgruber): Handle external and two-byte strings.
 
   Node* const one_byte_seq_mask = Int32Constant(
       kIsIndirectStringMask | kExternalStringTag | kStringEncodingMask);
   Node* const expected_masked = Int32Constant(kOneByteStringTag);
 
   Node* const string_instance_type = LoadInstanceType(string);
   GotoUnless(Word32Equal(Word32And(string_instance_type, one_byte_seq_mask),
                          expected_masked),
              &runtime);
 
   // If we reach this, {string} is a non-indirect, non-external one-byte string.
 
   Node* const length = LoadStringLength(string);
   Node* const search_range_length = SmiUntag(SmiSub(length, from));
 
   const int offset = SeqOneByteString::kHeaderSize - kHeapObjectTag;
   Node* const begin = IntPtrConstant(offset);
   Node* const cursor = IntPtrAdd(begin, SmiUntag(from));
   Node* const end = IntPtrAdd(cursor, search_range_length);
 
   var_result.Bind(SmiConstant(Smi::FromInt(-1)));
 
   BuildFastLoop(
       MachineType::PointerRepresentation(), cursor, end,
       [this, string, needle_char, begin, &var_result, &out](Node* cursor) {
         Label next(this);
         Node* value = Load(MachineType::Uint8(), string, cursor);
-        GotoUnless(WordEqual(value, needle_char), &next);
+        GotoUnless(Word32Equal(value, needle_char), &next);
 
         // Found a match.
         Node* index = SmiTag(IntPtrSub(cursor, begin));
         var_result.Bind(index);
         Goto(&out);
 
         Bind(&next);
       },
       1, IndexAdvanceMode::kPost);
   Goto(&out);
@@ skipping 638 matching lines @@
   }
 }
 
 void CodeStubAssembler::Increment(Variable& variable, int value,
                                   ParameterMode mode) {
   DCHECK_IMPLIES(mode == INTPTR_PARAMETERS,
                  variable.rep() == MachineType::PointerRepresentation());
   DCHECK_IMPLIES(mode == SMI_PARAMETERS,
                  variable.rep() == MachineRepresentation::kTagged ||
                      variable.rep() == MachineRepresentation::kTaggedSigned);
-  variable.Bind(IntPtrAdd(variable.value(), IntPtrOrSmiConstant(value, mode)));
+  variable.Bind(
+      IntPtrOrSmiAdd(variable.value(), IntPtrOrSmiConstant(value, mode), mode));
 }
 
 void CodeStubAssembler::Use(Label* label) {
   GotoIf(Word32Equal(Int32Constant(0), Int32Constant(1)), label);
 }
 
 void CodeStubAssembler::TryToName(Node* key, Label* if_keyisindex,
                                   Variable* var_index, Label* if_keyisunique,
                                   Label* if_bailout) {
   DCHECK_EQ(MachineType::PointerRepresentation(), var_index->rep());
@@ skipping 1207 matching lines @@
 
   Bind(&done);
   return var_intptr_key.value();
 }
 
 void CodeStubAssembler::ExtendPropertiesBackingStore(Node* object) {
   Node* properties = LoadProperties(object);
   Node* length = LoadFixedArrayBaseLength(properties);
 
   ParameterMode mode = OptimalParameterMode();
-  length = UntagParameter(length, mode);
+  length = TaggedToParameter(length, mode);
 
   Node* delta = IntPtrOrSmiConstant(JSObject::kFieldsAdded, mode);
   Node* new_capacity = IntPtrOrSmiAdd(length, delta, mode);
 
   // Grow properties array.
   ElementsKind kind = FAST_ELEMENTS;
   DCHECK(kMaxNumberOfDescriptors + JSObject::kFieldsAdded <
          FixedArrayBase::GetMaxLengthForNewSpaceAllocation(kind));
   // The size of a new properties backing store is guaranteed to be small
   // enough that the new backing store will be allocated in new space.
@@ skipping 366 matching lines @@
 
     value = PrepareValueForWriteToTypedArray(value, elements_kind, bailout);
 
     // There must be no allocations between the buffer load and
     // and the actual store to backing store, because GC may decide that
     // the buffer is not alive or move the elements.
     // TODO(ishell): introduce DisallowHeapAllocationCode scope here.
 
     // Check if buffer has been neutered.
     Node* buffer = LoadObjectField(object, JSArrayBufferView::kBufferOffset);
-    Node* bitfield = LoadObjectField(buffer, JSArrayBuffer::kBitFieldOffset,
-                                     MachineType::Uint32());
-    Node* neutered_bit =
-        Word32And(bitfield, Int32Constant(JSArrayBuffer::WasNeutered::kMask));
-    GotoUnless(Word32Equal(neutered_bit, Int32Constant(0)), bailout);
+    GotoIf(IsDetachedBuffer(buffer), bailout);
 
     // Bounds check.
-    Node* length = UntagParameter(
+    Node* length = TaggedToParameter(
         LoadObjectField(object, JSTypedArray::kLengthOffset), parameter_mode);
 
     if (store_mode == STORE_NO_TRANSITION_IGNORE_OUT_OF_BOUNDS) {
       // Skip the store if we write beyond the length.
       GotoUnless(IntPtrLessThan(key, length), &done);
       // ... but bailout if the key is negative.
     } else {
       DCHECK_EQ(STANDARD_STORE, store_mode);
     }
     GotoUnless(UintPtrLessThan(key, length), bailout);
 
     // Backing store = external_pointer + base_pointer.
     Node* external_pointer =
         LoadObjectField(elements, FixedTypedArrayBase::kExternalPointerOffset,
                         MachineType::Pointer());
     Node* base_pointer =
         LoadObjectField(elements, FixedTypedArrayBase::kBasePointerOffset);
-    Node* backing_store = IntPtrAdd(external_pointer, base_pointer);
+    Node* backing_store =
+        IntPtrAdd(external_pointer, BitcastTaggedToWord(base_pointer));
     StoreElement(backing_store, elements_kind, key, value, parameter_mode);
     Goto(&done);
 
     Bind(&done);
     return;
   }
   DCHECK(IsFastSmiOrObjectElementsKind(elements_kind) ||
          IsFastDoubleElementsKind(elements_kind));
 
   Node* length = is_jsarray ? LoadObjectField(object, JSArray::kLengthOffset)
                             : LoadFixedArrayBaseLength(elements);
-  length = UntagParameter(length, parameter_mode);
+  length = TaggedToParameter(length, parameter_mode);
 
   // In case value is stored into a fast smi array, assure that the value is
   // a smi before manipulating the backing store. Otherwise the backing store
   // may be left in an invalid state.
   if (IsFastSmiElementsKind(elements_kind)) {
     GotoUnless(TaggedIsSmi(value), bailout);
   } else if (IsFastDoubleElementsKind(elements_kind)) {
     value = TryTaggedToFloat64(value, bailout);
   }
 
@@ skipping 24 matching lines @@
   if (IsHoleyElementsKind(kind)) {
     condition = UintPtrGreaterThanOrEqual(key, length);
   } else {
     condition = WordEqual(key, length);
   }
   Branch(condition, &grow_case, &no_grow_case);
 
   Bind(&grow_case);
   {
     Node* current_capacity =
-        UntagParameter(LoadFixedArrayBaseLength(elements), mode);
+        TaggedToParameter(LoadFixedArrayBaseLength(elements), mode);
 
     checked_elements.Bind(elements);
 
     Label fits_capacity(this);
     GotoIf(UintPtrLessThan(key, current_capacity), &fits_capacity);
     {
       Node* new_elements = TryGrowElementsCapacity(
           object, elements, kind, key, current_capacity, mode, bailout);
 
       checked_elements.Bind(new_elements);
       Goto(&fits_capacity);
     }
     Bind(&fits_capacity);
 
     if (is_js_array) {
       Node* new_length = IntPtrAdd(key, IntPtrOrSmiConstant(1, mode));
       StoreObjectFieldNoWriteBarrier(object, JSArray::kLengthOffset,
-                                     TagParameter(new_length, mode));
+                                     ParameterToTagged(new_length, mode));
     }
     Goto(&done);
   }
 
   Bind(&no_grow_case);
   {
     GotoUnless(UintPtrLessThan(key, length), bailout);
     checked_elements.Bind(elements);
     Goto(&done);
   }
 
   Bind(&done);
   return checked_elements.value();
 }
 
 Node* CodeStubAssembler::CopyElementsOnWrite(Node* object, Node* elements,
                                              ElementsKind kind, Node* length,
                                              ParameterMode mode,
                                              Label* bailout) {
   Variable new_elements_var(this, MachineRepresentation::kTagged);
   Label done(this);
 
   new_elements_var.Bind(elements);
   GotoUnless(
       WordEqual(LoadMap(elements), LoadRoot(Heap::kFixedCOWArrayMapRootIndex)),
       &done);
   {
-    Node* capacity = UntagParameter(LoadFixedArrayBaseLength(elements), mode);
+    Node* capacity =
+        TaggedToParameter(LoadFixedArrayBaseLength(elements), mode);
     Node* new_elements = GrowElementsCapacity(object, elements, kind, kind,
                                               length, capacity, mode, bailout);
 
     new_elements_var.Bind(new_elements);
     Goto(&done);
   }
 
   Bind(&done);
   return new_elements_var.value();
 }
@@ skipping 1535 matching lines @@
   }
 
   Bind(&end);
   return result.value();
 }
 
 // ECMA#sec-samevalue
 // This algorithm differs from the Strict Equality Comparison Algorithm in its
 // treatment of signed zeroes and NaNs.
 Node* CodeStubAssembler::SameValue(Node* lhs, Node* rhs, Node* context) {
-  Variable var_result(this, MachineType::PointerRepresentation());
+  Variable var_result(this, MachineRepresentation::kWord32);
   Label strict_equal(this), out(this);
 
-  Node* const int_false = IntPtrConstant(0);
-  Node* const int_true = IntPtrConstant(1);
+  Node* const int_false = Int32Constant(0);
+  Node* const int_true = Int32Constant(1);
 
   Label if_equal(this), if_notequal(this);
   Branch(WordEqual(lhs, rhs), &if_equal, &if_notequal);
 
   Bind(&if_equal);
   {
     // This covers the case when {lhs} == {rhs}. We can simply return true
     // because SameValue considers two NaNs to be equal.
 
     var_result.Bind(int_true);
@@ skipping 10 matching lines @@
 
     Label if_lhsisnan(this), if_lhsnotnan(this);
     BranchIfFloat64IsNaN(lhs_float, &if_lhsisnan, &if_lhsnotnan);
 
     Bind(&if_lhsisnan);
     {
       // Return true iff {rhs} is NaN.
 
       Node* const result =
           SelectConstant(Float64Equal(rhs_float, rhs_float), int_false,
-                         int_true, MachineType::PointerRepresentation());
+                         int_true, MachineRepresentation::kWord32);
       var_result.Bind(result);
       Goto(&out);
     }
 
     Bind(&if_lhsnotnan);
     {
       Label if_floatisequal(this), if_floatnotequal(this);
       Branch(Float64Equal(lhs_float, rhs_float), &if_floatisequal,
              &if_floatnotequal);
 
@@ skipping 248 matching lines @@
     Node* one = SmiConstant(Smi::FromInt(1));
     Node* pair = IntPtrAddWithOverflow(BitcastTaggedToWord(value),
                                        BitcastTaggedToWord(one));
     Node* overflow = Projection(1, pair);
 
     // Check if the Smi addition overflowed.
     Label if_overflow(this), if_notoverflow(this);
     Branch(overflow, &if_overflow, &if_notoverflow);
 
     Bind(&if_notoverflow);
-    var_result.Bind(Projection(0, pair));
+    var_result.Bind(BitcastWordToTaggedSigned(Projection(0, pair)));
     Goto(&end);
 
     Bind(&if_overflow);
     {
       var_finc_value.Bind(SmiToFloat64(value));
       Goto(&do_finc);
     }
   }
 
   Bind(&if_isnotsmi);
@@ skipping 163 matching lines @@
           GotoUnless(WordEqual(prototype, object_prototype), &if_isslow);
 
           map = LoadMap(prototype);
           prototype = LoadMapPrototype(map);
           Branch(IsNull(prototype), &if_ispacked, &if_isslow);
         }
         Bind(&if_ispacked);
         {
           Node* map_index =
               IntPtrAdd(IntPtrConstant(kBaseMapIndex + kFastIteratorOffset),
-                        LoadMapElementsKind(array_map));
+                        ChangeUint32ToWord(LoadMapElementsKind(array_map)));
           CSA_ASSERT(this, IntPtrGreaterThanOrEqual(
                                map_index, IntPtrConstant(kBaseMapIndex +
                                                          kFastIteratorOffset)));
           CSA_ASSERT(this, IntPtrLessThan(map_index,
                                           IntPtrConstant(kBaseMapIndex +
                                                          kSlowIteratorOffset)));
 
           var_map_index.Bind(map_index);
           var_array_map.Bind(array_map);
           Goto(&allocate_iterator);
         }
       }
 
       Bind(&if_isslow);
       {
         Node* map_index = IntPtrAdd(IntPtrConstant(kBaseMapIndex),
                                     IntPtrConstant(kSlowIteratorOffset));
         var_map_index.Bind(map_index);
         var_array_map.Bind(UndefinedConstant());
         Goto(&allocate_iterator);
       }
     }
 
     Bind(&if_istypedarray);
     {
       Node* map_index =
           IntPtrAdd(IntPtrConstant(kBaseMapIndex - UINT8_ELEMENTS),
-                    LoadMapElementsKind(array_map));
+                    ChangeUint32ToWord(LoadMapElementsKind(array_map)));
       CSA_ASSERT(
           this, IntPtrLessThan(map_index, IntPtrConstant(kBaseMapIndex +
                                                          kFastIteratorOffset)));
       CSA_ASSERT(this, IntPtrGreaterThanOrEqual(map_index,
                                                 IntPtrConstant(kBaseMapIndex)));
       var_map_index.Bind(map_index);
       var_array_map.Bind(UndefinedConstant());
       Goto(&allocate_iterator);
     }
   }
@@ skipping 26 matching lines @@
   StoreObjectFieldNoWriteBarrier(
       iterator, JSArrayIterator::kIteratedObjectMapOffset, array_map);
   return iterator;
 }
 
 Node* CodeStubAssembler::IsDetachedBuffer(Node* buffer) {
   CSA_ASSERT(this, HasInstanceType(buffer, JS_ARRAY_BUFFER_TYPE));
 
   Node* buffer_bit_field = LoadObjectField(
       buffer, JSArrayBuffer::kBitFieldOffset, MachineType::Uint32());
-  Node* was_neutered_mask = Int32Constant(JSArrayBuffer::WasNeutered::kMask);
-
-  return Word32NotEqual(Word32And(buffer_bit_field, was_neutered_mask),
-                        Int32Constant(0));
+  return IsSetWord32<JSArrayBuffer::WasNeutered>(buffer_bit_field);
 }
 
-CodeStubArguments::CodeStubArguments(CodeStubAssembler* assembler, Node* argc,
-                                     CodeStubAssembler::ParameterMode mode)
+CodeStubArguments::CodeStubArguments(CodeStubAssembler* assembler, Node* argc)
     : assembler_(assembler),
       argc_(argc),
       arguments_(nullptr),
       fp_(assembler->LoadFramePointer()) {
+  argc_ = assembler->ChangeUint32ToWord(argc_);
   Node* offset = assembler->ElementOffsetFromIndex(
-      argc_, FAST_ELEMENTS, mode,
+      argc_, FAST_ELEMENTS, CodeStubAssembler::INTPTR_PARAMETERS,
       (StandardFrameConstants::kFixedSlotCountAboveFp - 1) * kPointerSize);
   arguments_ = assembler_->IntPtrAddFoldConstants(fp_, offset);
-  if (mode == CodeStubAssembler::INTEGER_PARAMETERS) {
-    argc_ = assembler->ChangeInt32ToIntPtr(argc_);
-  } else if (mode == CodeStubAssembler::SMI_PARAMETERS) {
-    argc_ = assembler->SmiUntag(argc_);
-  }
 }
 
 Node* CodeStubArguments::GetReceiver() const {
   return assembler_->Load(MachineType::AnyTagged(), arguments_,
                           assembler_->IntPtrConstant(kPointerSize));
 }
 
 Node* CodeStubArguments::AtIndex(Node* index,
                                  CodeStubAssembler::ParameterMode mode) const {
   typedef compiler::Node Node;
@@ skipping 56 matching lines @@
 
   // Check prototype chain if receiver does not have packed elements.
   Node* holey_elements = Word32And(elements_kind, Int32Constant(1));
   return Word32Equal(holey_elements, Int32Constant(1));
 }
 
 Node* CodeStubAssembler::IsDebugActive() {
   Node* is_debug_active = Load(
       MachineType::Uint8(),
       ExternalConstant(ExternalReference::debug_is_active_address(isolate())));
-  return WordNotEqual(is_debug_active, Int32Constant(0));
+  return Word32NotEqual(is_debug_active, Int32Constant(0));
 }
 
 Node* CodeStubAssembler::IsPromiseHookEnabled() {
   Node* const is_promisehook_enabled =
       Load(MachineType::Uint8(),
            ExternalConstant(
                ExternalReference::is_promisehook_enabled_address(isolate())));
-  return WordNotEqual(is_promisehook_enabled, Int32Constant(0));
+  return Word32NotEqual(is_promisehook_enabled, Int32Constant(0));
 }
 
 Node* CodeStubAssembler::AllocateJSPromise(Node* context) {
   Node* const native_context = LoadNativeContext(context);
   Node* const promise_fun =
       LoadContextElement(native_context, Context::PROMISE_FUNCTION_INDEX);
   Node* const initial_map =
       LoadObjectField(promise_fun, JSFunction::kPrototypeOrInitialMapOffset);
   Node* const instance = AllocateJSObjectFromMap(initial_map);
 
@@ skipping 29 matching lines @@
                        Heap::kUndefinedValueRootIndex);
   StoreObjectFieldRoot(result, PromiseReactionJobInfo::kDebugNameOffset,
                        Heap::kUndefinedValueRootIndex);
   StoreObjectFieldNoWriteBarrier(result, PromiseReactionJobInfo::kContextOffset,
                                  context);
   return result;
 }
 
 }  // namespace internal
 }  // namespace v8