Changeset 156237 in webkit for trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

Timestamp:

Sep 21, 2013, 5:24:36 PM (12 years ago)

Author:

[email protected]

Message:

Unreviewed, revert ​http://trac.webkit.org/changeset/156235. It won't work on Windows.

• CMakeLists.txt:
• GNUmakefile.list.am:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Target.pri:
• bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::unlink):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resetStubInternal):

• bytecode/StructureStubInfo.h:
• dfg/DFGCallArrayAllocatorSlowPathGenerator.h:

(JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
(JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):

• dfg/DFGJITCompiler.h:
• dfg/DFGOSRExitCompiler.h:
• dfg/DFGOperations.cpp:

(JSC::DFG::operationPutByValInternal):

• dfg/DFGOperations.h:

(JSC::DFG::operationNewTypedArrayWithSizeForType):
(JSC::DFG::operationNewTypedArrayWithOneArgumentForType):

• dfg/DFGRegisterSet.h: Added.

(JSC::DFG::RegisterSet::RegisterSet):
(JSC::DFG::RegisterSet::asPOD):
(JSC::DFG::RegisterSet::copyInfo):
(JSC::DFG::RegisterSet::set):
(JSC::DFG::RegisterSet::setGPRByIndex):
(JSC::DFG::RegisterSet::clear):
(JSC::DFG::RegisterSet::get):
(JSC::DFG::RegisterSet::getGPRByIndex):
(JSC::DFG::RegisterSet::getFreeGPR):
(JSC::DFG::RegisterSet::setFPRByIndex):
(JSC::DFG::RegisterSet::getFPRByIndex):
(JSC::DFG::RegisterSet::setByIndex):
(JSC::DFG::RegisterSet::getByIndex):
(JSC::DFG::RegisterSet::numberOfSetGPRs):
(JSC::DFG::RegisterSet::numberOfSetFPRs):
(JSC::DFG::RegisterSet::numberOfSetRegisters):
(JSC::DFG::RegisterSet::setBit):
(JSC::DFG::RegisterSet::clearBit):
(JSC::DFG::RegisterSet::getBit):

• dfg/DFGRepatch.cpp: Added.

(JSC::DFG::repatchCall):
(JSC::DFG::repatchByIdSelfAccess):
(JSC::DFG::addStructureTransitionCheck):
(JSC::DFG::replaceWithJump):
(JSC::DFG::emitRestoreScratch):
(JSC::DFG::linkRestoreScratch):
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::repatchGetByID):
(JSC::DFG::getPolymorphicStructureList):
(JSC::DFG::patchJumpToGetByIdStub):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::buildGetByIDList):
(JSC::DFG::appropriateGenericPutByIdFunction):
(JSC::DFG::appropriateListBuildingPutByIdFunction):
(JSC::DFG::emitPutReplaceStub):
(JSC::DFG::emitPutTransitionStub):
(JSC::DFG::tryCachePutByID):
(JSC::DFG::repatchPutByID):
(JSC::DFG::tryBuildPutByIdList):
(JSC::DFG::buildPutByIdList):
(JSC::DFG::tryRepatchIn):
(JSC::DFG::repatchIn):
(JSC::DFG::linkSlowFor):
(JSC::DFG::linkFor):
(JSC::DFG::linkClosureCall):
(JSC::DFG::resetGetByID):
(JSC::DFG::resetPutByID):
(JSC::DFG::resetIn):

• dfg/DFGRepatch.h: Added.

(JSC::DFG::resetGetByID):
(JSC::DFG::resetPutByID):
(JSC::DFG::resetIn):

• dfg/DFGScratchRegisterAllocator.h: Added.

(JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
(JSC::DFG::ScratchRegisterAllocator::lock):
(JSC::DFG::ScratchRegisterAllocator::allocateScratch):
(JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
(JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
(JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
(JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
(JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
(JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
(JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
(JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::writeBarrier):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compare):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGThunks.cpp:

(JSC::DFG::emitPointerValidation):
(JSC::DFG::throwExceptionFromCallSlowPathGenerator):
(JSC::DFG::slowPathFor):
(JSC::DFG::linkForThunkGenerator):
(JSC::DFG::linkCallThunkGenerator):
(JSC::DFG::linkConstructThunkGenerator):
(JSC::DFG::linkClosureCallThunkGenerator):
(JSC::DFG::virtualForThunkGenerator):
(JSC::DFG::virtualCallThunkGenerator):
(JSC::DFG::virtualConstructThunkGenerator):

• dfg/DFGThunks.h:
• ftl/FTLIntrinsicRepository.h:
• ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):

• ftl/FTLOSRExitCompiler.h:
• jit/AssemblyHelpers.h:
• jit/JIT.cpp:

(JSC::JIT::linkFor):
(JSC::JIT::linkSlowCall):

• jit/JITCall.cpp:

(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::privateCompileClosureCall):

• jit/JITCall32_64.cpp:

(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::privateCompileClosureCall):

• jit/JITOperationWrappers.h: Removed.
• jit/JITOperations.cpp: Removed.
• jit/JITOperations.h: Removed.
• jit/RegisterSet.h: Removed.
• jit/Repatch.cpp: Removed.
• jit/Repatch.h: Removed.
• jit/ScratchRegisterAllocator.h: Removed.
• jit/ThunkGenerators.cpp:

(JSC::generateSlowCaseFor):
(JSC::linkForGenerator):
(JSC::linkCallGenerator):
(JSC::linkConstructGenerator):
(JSC::linkClosureCallGenerator):
(JSC::virtualForGenerator):
(JSC::virtualCallGenerator):
(JSC::virtualConstructGenerator):

• jit/ThunkGenerators.h:

File:

• trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (modified) (97 diffs)

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -34 +34 @@
 #include "DFGDriver.h"
 #include "DFGOSRExit.h"
+#include "DFGRepatch.h"
 #include "DFGThunks.h"
 #include "DFGToFTLDeferredCompilationCallback.h"
@@ -45 +46 @@
 #include "JIT.h"
 #include "JITExceptions.h"
-#include "JITOperationWrappers.h"
 #include "JSActivation.h"
 #include "VM.h"
@@ -52 +52 @@
 #include "ObjectConstructor.h"
 #include "Operations.h"
-#include "Repatch.h"
 #include "StringConstructor.h"
 #include "TypedArrayInlines.h"
@@ -58 +57 @@
 
 #if ENABLE(JIT)
+
+#if CPU(MIPS)
+#if WTF_MIPS_PIC
+#define LOAD_FUNCTION_TO_T9(function) \
+        ".set noreorder" "\n" \
+        ".cpload $25" "\n" \
+        ".set reorder" "\n" \
+        "la $t9, " LOCAL_REFERENCE(function) "\n"
+#else
+#define LOAD_FUNCTION_TO_T9(function) "" "\n"
+#endif
+#endif
+
 #if ENABLE(DFG_JIT)
+
+#if COMPILER(GCC) && CPU(X86_64)
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, register) \
+    asm( \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "mov (%rsp), %" STRINGIZE(register) "\n" \
+        "jmp " LOCAL_REFERENCE(function##WithReturnAddress) "\n" \
+    );
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function)    FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, rsi)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, rcx)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, rcx)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, r8)
+
+#elif COMPILER(GCC) && CPU(X86)
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, offset) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "mov (%esp), %eax\n" \
+        "mov %eax, " STRINGIZE(offset) "(%esp)\n" \
+        "jmp " LOCAL_REFERENCE(function##WithReturnAddress) "\n" \
+    );
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function)    FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 8)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 16)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 20)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 24)
+
+#elif COMPILER(GCC) && CPU(ARM_THUMB2)
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function) \
+    asm ( \
+    ".text" "\n" \
+    ".align 2" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    ".thumb" "\n" \
+    ".thumb_func " THUMB_FUNC_PARAM(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "mov a2, lr" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function) \
+    asm ( \
+    ".text" "\n" \
+    ".align 2" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    ".thumb" "\n" \
+    ".thumb_func " THUMB_FUNC_PARAM(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "mov a4, lr" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned even-numbered register (r0, r2 or [sp]).
+// As a result, return address will be at a 4-byte further location in the following cases.
+#if COMPILER_SUPPORTS(EABI) && CPU(ARM)
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #4]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #8]"
+#else
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #0]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #4]"
+#endif
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function) \
+    asm ( \
+    ".text" "\n" \
+    ".align 2" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    ".thumb" "\n" \
+    ".thumb_func " THUMB_FUNC_PARAM(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        INSTRUCTION_STORE_RETURN_ADDRESS_EJI "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+    asm ( \
+    ".text" "\n" \
+    ".align 2" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    ".thumb" "\n" \
+    ".thumb_func " THUMB_FUNC_PARAM(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#elif COMPILER(GCC) && CPU(ARM_TRADITIONAL)
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function) \
+    asm ( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    INLINE_ARM_FUNCTION(function) \
+    SYMBOL_STRING(function) ":" "\n" \
+        "mov a2, lr" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function) \
+    asm ( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    INLINE_ARM_FUNCTION(function) \
+    SYMBOL_STRING(function) ":" "\n" \
+        "mov a4, lr" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned even-numbered register (r0, r2 or [sp]).
+// As a result, return address will be at a 4-byte further location in the following cases.
+#if COMPILER_SUPPORTS(EABI) && CPU(ARM)
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #4]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #8]"
+#else
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #0]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #4]"
+#endif
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function) \
+    asm ( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    INLINE_ARM_FUNCTION(function) \
+    SYMBOL_STRING(function) ":" "\n" \
+        INSTRUCTION_STORE_RETURN_ADDRESS_EJI "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+    asm ( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    INLINE_ARM_FUNCTION(function) \
+    SYMBOL_STRING(function) ":" "\n" \
+        INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#elif COMPILER(GCC) && CPU(MIPS)
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+    LOAD_FUNCTION_TO_T9(function##WithReturnAddress) \
+        "move $a1, $ra" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+    LOAD_FUNCTION_TO_T9(function##WithReturnAddress) \
+        "move $a3, $ra" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+    LOAD_FUNCTION_TO_T9(function##WithReturnAddress) \
+        "sw $ra, 20($sp)" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+    LOAD_FUNCTION_TO_T9(function##WithReturnAddress) \
+        "sw $ra, 24($sp)" "\n" \
+        "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+    );
+
+#elif COMPILER(GCC) && CPU(SH4)
+
+#define SH4_SCRATCH_REGISTER "r11"
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "sts pr, r5" "\n" \
+        "bra " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
+        "nop" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "sts pr, r7" "\n" \
+        "mov.l 2f, " SH4_SCRATCH_REGISTER "\n" \
+        "braf " SH4_SCRATCH_REGISTER "\n" \
+        "nop" "\n" \
+        "1: .balign 4" "\n" \
+        "2: .long " LOCAL_REFERENCE(function) "WithReturnAddress-1b" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, offset, scratch) \
+    asm( \
+    ".text" "\n" \
+    ".globl " SYMBOL_STRING(function) "\n" \
+    HIDE_SYMBOL(function) "\n" \
+    SYMBOL_STRING(function) ":" "\n" \
+        "sts pr, " scratch "\n" \
+        "mov.l " scratch ", @(" STRINGIZE(offset) ", r15)" "\n" \
+        "mov.l 2f, " scratch "\n" \
+        "braf " scratch "\n" \
+        "nop" "\n" \
+        "1: .balign 4" "\n" \
+        "2: .long " LOCAL_REFERENCE(function) "WithReturnAddress-1b" "\n" \
+    );
+
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 0, SH4_SCRATCH_REGISTER)
+#define FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 4, SH4_SCRATCH_REGISTER)
+
+#endif
+
+#define P_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function) \
+void* DFG_OPERATION function##WithReturnAddress(ExecState*, ReturnAddressPtr) REFERENCED_FROM_ASM WTF_INTERNAL; \
+FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function)
+
+#define J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function) \
+EncodedJSValue DFG_OPERATION function##WithReturnAddress(ExecState*, JSCell*, StringImpl*, ReturnAddressPtr) REFERENCED_FROM_ASM WTF_INTERNAL; \
+FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function)
+
+#define J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function) \
+EncodedJSValue DFG_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, StringImpl*, ReturnAddressPtr) REFERENCED_FROM_ASM WTF_INTERNAL; \
+FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)
+
+#define V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+void DFG_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, JSCell*, StringImpl*, ReturnAddressPtr) REFERENCED_FROM_ASM WTF_INTERNAL; \
+FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function)
 
 namespace JSC { namespace DFG {
@@ -83 +358 @@
 
 template<bool strict>
-ALWAYS_INLINE static void JIT_OPERATION operationPutByValInternal(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
+ALWAYS_INLINE static void DFG_OPERATION operationPutByValInternal(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -192 +467 @@
 extern "C" {
 
-EncodedJSValue JIT_OPERATION operationToThis(ExecState* exec, EncodedJSValue encodedOp)
+EncodedJSValue DFG_OPERATION operationToThis(ExecState* exec, EncodedJSValue encodedOp)
 {
     VM* vm = &exec->vm();
@@ -200 +475 @@
 }
 
-EncodedJSValue JIT_OPERATION operationToThisStrict(ExecState* exec, EncodedJSValue encodedOp)
+EncodedJSValue DFG_OPERATION operationToThisStrict(ExecState* exec, EncodedJSValue encodedOp)
 {
     VM* vm = &exec->vm();
@@ -208 +483 @@
 }
 
-JSCell* JIT_OPERATION operationCreateThis(ExecState* exec, JSObject* constructor, int32_t inlineCapacity)
+JSCell* DFG_OPERATION operationCreateThis(ExecState* exec, JSObject* constructor, int32_t inlineCapacity)
 {
     VM* vm = &exec->vm();
@@ -221 +496 @@
 }
 
-JSCell* JIT_OPERATION operationNewObject(ExecState* exec, Structure* structure)
+JSCell* DFG_OPERATION operationNewObject(ExecState* exec, Structure* structure)
 {
     VM* vm = &exec->vm();
@@ -229 +504 @@
 }
 
-EncodedJSValue JIT_OPERATION operationValueAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+EncodedJSValue DFG_OPERATION operationValueAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -240 +515 @@
 }
 
-EncodedJSValue JIT_OPERATION operationValueAddNotNumber(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+EncodedJSValue DFG_OPERATION operationValueAddNotNumber(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -273 +548 @@
 }
 
-EncodedJSValue JIT_OPERATION operationGetByVal(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty)
+EncodedJSValue DFG_OPERATION operationGetByVal(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty)
 {
     VM* vm = &exec->vm();
@@ -304 +579 @@
 }
 
-EncodedJSValue JIT_OPERATION operationGetByValCell(ExecState* exec, JSCell* base, EncodedJSValue encodedProperty)
+EncodedJSValue DFG_OPERATION operationGetByValCell(ExecState* exec, JSCell* base, EncodedJSValue encodedProperty)
 {
     VM* vm = &exec->vm();
@@ -344 +619 @@
 }
 
-EncodedJSValue JIT_OPERATION operationGetByValArrayInt(ExecState* exec, JSArray* base, int32_t index)
+EncodedJSValue DFG_OPERATION operationGetByValArrayInt(ExecState* exec, JSArray* base, int32_t index)
 {
     return getByValCellInt(exec, base, index);
 }
 
-EncodedJSValue JIT_OPERATION operationGetByValStringInt(ExecState* exec, JSString* base, int32_t index)
+EncodedJSValue DFG_OPERATION operationGetByValStringInt(ExecState* exec, JSString* base, int32_t index)
 {
     return getByValCellInt(exec, base, index);
 }
 
-void JIT_OPERATION operationPutByValStrict(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
+EncodedJSValue DFG_OPERATION operationGetById(ExecState* exec, EncodedJSValue base, StringImpl* uid)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    JSValue baseValue = JSValue::decode(base);
+    PropertySlot slot(baseValue);
+    Identifier ident(vm, uid);
+    return JSValue::encode(baseValue.get(exec, ident, slot));
+}
+
+J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(operationGetByIdBuildList);
+EncodedJSValue DFG_OPERATION operationGetByIdBuildListWithReturnAddress(ExecState* exec, EncodedJSValue base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue baseValue = JSValue::decode(base);
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(exec, ident, slot);
+
+    if (accessType == static_cast<AccessType>(stubInfo.accessType))
+        buildGetByIDList(exec, baseValue, ident, slot, stubInfo);
+
+    return JSValue::encode(result);
+}
+
+J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(operationGetByIdOptimize);
+EncodedJSValue DFG_OPERATION operationGetByIdOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue baseValue = JSValue::decode(base);
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(exec, ident, slot);
+    
+    if (accessType == static_cast<AccessType>(stubInfo.accessType)) {
+        if (stubInfo.seen)
+            repatchGetByID(exec, baseValue, ident, slot, stubInfo);
+        else
+            stubInfo.seen = true;
+    }
+
+    return JSValue::encode(result);
+}
+
+J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(operationInOptimize);
+EncodedJSValue DFG_OPERATION operationInOptimizeWithReturnAddress(ExecState* exec, JSCell* base, StringImpl* key, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    if (!base->isObject()) {
+        vm->throwException(exec, createInvalidParameterError(exec, "in", base));
+        return JSValue::encode(jsUndefined());
+    }
+    
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    Identifier ident(vm, key);
+    PropertySlot slot(base);
+    bool result = asObject(base)->getPropertySlot(exec, ident, slot);
+    
+    RELEASE_ASSERT(accessType == stubInfo.accessType);
+    
+    if (stubInfo.seen)
+        repatchIn(exec, base, ident, result, slot, stubInfo);
+    else
+        stubInfo.seen = true;
+    
+    return JSValue::encode(jsBoolean(result));
+}
+
+EncodedJSValue DFG_OPERATION operationIn(ExecState* exec, JSCell* base, StringImpl* key)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    if (!base->isObject()) {
+        vm->throwException(exec, createInvalidParameterError(exec, "in", base));
+        return JSValue::encode(jsUndefined());
+    }
+
+    Identifier ident(vm, key);
+    return JSValue::encode(jsBoolean(asObject(base)->hasProperty(exec, ident)));
+}
+
+EncodedJSValue DFG_OPERATION operationGenericIn(ExecState* exec, JSCell* base, EncodedJSValue key)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    return JSValue::encode(jsBoolean(CommonSlowPaths::opIn(exec, JSValue::decode(key), base)));
+}
+
+EncodedJSValue DFG_OPERATION operationCallCustomGetter(ExecState* exec, JSCell* base, PropertySlot::GetValueFunc function, StringImpl* uid)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    
+    return JSValue::encode(function(exec, asObject(base), ident));
+}
+
+EncodedJSValue DFG_OPERATION operationCallGetter(ExecState* exec, JSCell* base, JSCell* getterSetter)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    return JSValue::encode(callGetter(exec, base, getterSetter));
+}
+
+void DFG_OPERATION operationPutByValStrict(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -362 +760 @@
 }
 
-void JIT_OPERATION operationPutByValNonStrict(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
+void DFG_OPERATION operationPutByValNonStrict(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -370 +768 @@
 }
 
-void JIT_OPERATION operationPutByValCellStrict(ExecState* exec, JSCell* cell, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
+void DFG_OPERATION operationPutByValCellStrict(ExecState* exec, JSCell* cell, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -378 +776 @@
 }
 
-void JIT_OPERATION operationPutByValCellNonStrict(ExecState* exec, JSCell* cell, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
+void DFG_OPERATION operationPutByValCellNonStrict(ExecState* exec, JSCell* cell, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -386 +784 @@
 }
 
-void JIT_OPERATION operationPutByValBeyondArrayBoundsStrict(ExecState* exec, JSObject* array, int32_t index, EncodedJSValue encodedValue)
+void DFG_OPERATION operationPutByValBeyondArrayBoundsStrict(ExecState* exec, JSObject* array, int32_t index, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -401 +799 @@
 }
 
-void JIT_OPERATION operationPutByValBeyondArrayBoundsNonStrict(ExecState* exec, JSObject* array, int32_t index, EncodedJSValue encodedValue)
+void DFG_OPERATION operationPutByValBeyondArrayBoundsNonStrict(ExecState* exec, JSObject* array, int32_t index, EncodedJSValue encodedValue)
 {
     VM* vm = &exec->vm();
@@ -416 +814 @@
 }
 
-void JIT_OPERATION operationPutDoubleByValBeyondArrayBoundsStrict(ExecState* exec, JSObject* array, int32_t index, double value)
+void DFG_OPERATION operationPutDoubleByValBeyondArrayBoundsStrict(ExecState* exec, JSObject* array, int32_t index, double value)
 {
     VM* vm = &exec->vm();
@@ -433 +831 @@
 }
 
-void JIT_OPERATION operationPutDoubleByValBeyondArrayBoundsNonStrict(ExecState* exec, JSObject* array, int32_t index, double value)
+void DFG_OPERATION operationPutDoubleByValBeyondArrayBoundsNonStrict(ExecState* exec, JSObject* array, int32_t index, double value)
 {
     VM* vm = &exec->vm();
@@ -450 +848 @@
 }
 
-EncodedJSValue JIT_OPERATION operationArrayPush(ExecState* exec, EncodedJSValue encodedValue, JSArray* array)
+EncodedJSValue DFG_OPERATION operationArrayPush(ExecState* exec, EncodedJSValue encodedValue, JSArray* array)
 {
     VM* vm = &exec->vm();
@@ -459 +857 @@
 }
 
-EncodedJSValue JIT_OPERATION operationArrayPushDouble(ExecState* exec, double value, JSArray* array)
+EncodedJSValue DFG_OPERATION operationArrayPushDouble(ExecState* exec, double value, JSArray* array)
 {
     VM* vm = &exec->vm();
@@ -468 +866 @@
 }
 
-EncodedJSValue JIT_OPERATION operationArrayPop(ExecState* exec, JSArray* array)
+EncodedJSValue DFG_OPERATION operationArrayPop(ExecState* exec, JSArray* array)
 {
     VM* vm = &exec->vm();
@@ -476 +874 @@
 }
         
-EncodedJSValue JIT_OPERATION operationArrayPopAndRecoverLength(ExecState* exec, JSArray* array)
+EncodedJSValue DFG_OPERATION operationArrayPopAndRecoverLength(ExecState* exec, JSArray* array)
 {
     VM* vm = &exec->vm();
@@ -486 +884 @@
 }
         
-EncodedJSValue JIT_OPERATION operationRegExpExec(ExecState* exec, JSCell* base, JSCell* argument)
+EncodedJSValue DFG_OPERATION operationRegExpExec(ExecState* exec, JSCell* base, JSCell* argument)
 {
     VM& vm = exec->vm();
@@ -499 +897 @@
 }
         
-size_t JIT_OPERATION operationRegExpTest(ExecState* exec, JSCell* base, JSCell* argument)
+size_t DFG_OPERATION operationRegExpTest(ExecState* exec, JSCell* base, JSCell* argument)
 {
     VM& vm = exec->vm();
@@ -514 +912 @@
 }
         
-size_t JIT_OPERATION operationCompareLess(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+void DFG_OPERATION operationPutByIdStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
+    base->methodTable()->put(base, exec, ident, JSValue::decode(encodedValue), slot);
+}
+
+void DFG_OPERATION operationPutByIdNonStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
+    base->methodTable()->put(base, exec, ident, JSValue::decode(encodedValue), slot);
+}
+
+void DFG_OPERATION operationPutByIdDirectStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
+    ASSERT(base->isObject());
+    asObject(base)->putDirect(exec->vm(), ident, JSValue::decode(encodedValue), slot);
+}
+
+void DFG_OPERATION operationPutByIdDirectNonStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
+    ASSERT(base->isObject());
+    asObject(base)->putDirect(exec->vm(), ident, JSValue::decode(encodedValue), slot);
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdStrictOptimize);
+void DFG_OPERATION operationPutByIdStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue baseValue(base);
+    PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
+    
+    baseValue.put(exec, ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    if (stubInfo.seen)
+        repatchPutByID(exec, baseValue, ident, slot, stubInfo, NotDirect);
+    else
+        stubInfo.seen = true;
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdNonStrictOptimize);
+void DFG_OPERATION operationPutByIdNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue baseValue(base);
+    PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
+    
+    baseValue.put(exec, ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    if (stubInfo.seen)
+        repatchPutByID(exec, baseValue, ident, slot, stubInfo, NotDirect);
+    else
+        stubInfo.seen = true;
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectStrictOptimize);
+void DFG_OPERATION operationPutByIdDirectStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
+    
+    ASSERT(base->isObject());
+    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    if (stubInfo.seen)
+        repatchPutByID(exec, base, ident, slot, stubInfo, Direct);
+    else
+        stubInfo.seen = true;
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectNonStrictOptimize);
+void DFG_OPERATION operationPutByIdDirectNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
+    
+    ASSERT(base->isObject());
+    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    if (stubInfo.seen)
+        repatchPutByID(exec, base, ident, slot, stubInfo, Direct);
+    else
+        stubInfo.seen = true;
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdStrictBuildList);
+void DFG_OPERATION operationPutByIdStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue baseValue(base);
+    PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
+    
+    baseValue.put(exec, ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    buildPutByIdList(exec, baseValue, ident, slot, stubInfo, NotDirect);
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdNonStrictBuildList);
+void DFG_OPERATION operationPutByIdNonStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue baseValue(base);
+    PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
+    
+    baseValue.put(exec, ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    buildPutByIdList(exec, baseValue, ident, slot, stubInfo, NotDirect);
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectStrictBuildList);
+void DFG_OPERATION operationPutByIdDirectStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+    
+    JSValue value = JSValue::decode(encodedValue);
+    PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
+    
+    ASSERT(base->isObject());
+    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    buildPutByIdList(exec, base, ident, slot, stubInfo, Direct);
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectNonStrictBuildList);
+void DFG_OPERATION operationPutByIdDirectNonStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    Identifier ident(vm, uid);
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    AccessType accessType = static_cast<AccessType>(stubInfo.accessType);
+
+    JSValue value = JSValue::decode(encodedValue);
+    PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
+    
+    ASSERT(base->isObject());
+    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    
+    if (accessType != static_cast<AccessType>(stubInfo.accessType))
+        return;
+    
+    buildPutByIdList(exec, base, ident, slot, stubInfo, Direct);
+}
+
+size_t DFG_OPERATION operationCompareLess(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -522 +1150 @@
 }
 
-size_t JIT_OPERATION operationCompareLessEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+size_t DFG_OPERATION operationCompareLessEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -530 +1158 @@
 }
 
-size_t JIT_OPERATION operationCompareGreater(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+size_t DFG_OPERATION operationCompareGreater(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -538 +1166 @@
 }
 
-size_t JIT_OPERATION operationCompareGreaterEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+size_t DFG_OPERATION operationCompareGreaterEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -546 +1174 @@
 }
 
-size_t JIT_OPERATION operationCompareEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+size_t DFG_OPERATION operationCompareEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -555 +1183 @@
 
 #if USE(JSVALUE64)
-EncodedJSValue JIT_OPERATION operationCompareStringEq(ExecState* exec, JSCell* left, JSCell* right)
+EncodedJSValue DFG_OPERATION operationCompareStringEq(ExecState* exec, JSCell* left, JSCell* right)
 #else
-size_t JIT_OPERATION operationCompareStringEq(ExecState* exec, JSCell* left, JSCell* right)
+size_t DFG_OPERATION operationCompareStringEq(ExecState* exec, JSCell* left, JSCell* right)
 #endif
 {
@@ -571 +1199 @@
 }
 
-size_t JIT_OPERATION operationCompareStrictEqCell(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+size_t DFG_OPERATION operationCompareStrictEqCell(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -585 +1213 @@
 }
 
-size_t JIT_OPERATION operationCompareStrictEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
+size_t DFG_OPERATION operationCompareStrictEq(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {
     VM* vm = &exec->vm();
@@ -596 +1224 @@
 }
 
-EncodedJSValue JIT_OPERATION operationToPrimitive(ExecState* exec, EncodedJSValue value)
+static void* handleHostCall(ExecState* execCallee, JSValue callee, CodeSpecializationKind kind)
+{
+    ExecState* exec = execCallee->callerFrame();
+    VM* vm = &exec->vm();
+
+    execCallee->setScope(exec->scope());
+    execCallee->setCodeBlock(0);
+
+    if (kind == CodeForCall) {
+        CallData callData;
+        CallType callType = getCallData(callee, callData);
+    
+        ASSERT(callType != CallTypeJS);
+    
+        if (callType == CallTypeHost) {
+            NativeCallFrameTracer tracer(vm, execCallee);
+            execCallee->setCallee(asObject(callee));
+            vm->hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
+            if (vm->exception())
+                return vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress();
+
+            return reinterpret_cast<void*>(getHostCallReturnValue);
+        }
+    
+        ASSERT(callType == CallTypeNone);
+        exec->vm().throwException(exec, createNotAFunctionError(exec, callee));
+        return vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress();
+    }
+
+    ASSERT(kind == CodeForConstruct);
+    
+    ConstructData constructData;
+    ConstructType constructType = getConstructData(callee, constructData);
+    
+    ASSERT(constructType != ConstructTypeJS);
+    
+    if (constructType == ConstructTypeHost) {
+        NativeCallFrameTracer tracer(vm, execCallee);
+        execCallee->setCallee(asObject(callee));
+        vm->hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
+        if (vm->exception())
+            return vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress();
+
+        return reinterpret_cast<void*>(getHostCallReturnValue);
+    }
+    
+    ASSERT(constructType == ConstructTypeNone);
+    exec->vm().throwException(exec, createNotAConstructorError(exec, callee));
+    return vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress();
+}
+
+inline char* linkFor(ExecState* execCallee, CodeSpecializationKind kind)
+{
+    ExecState* exec = execCallee->callerFrame();
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+    
+    JSValue calleeAsValue = execCallee->calleeAsValue();
+    JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
+    if (!calleeAsFunctionCell)
+        return reinterpret_cast<char*>(handleHostCall(execCallee, calleeAsValue, kind));
+
+    JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
+    execCallee->setScope(callee->scopeUnchecked());
+    ExecutableBase* executable = callee->executable();
+
+    MacroAssemblerCodePtr codePtr;
+    CodeBlock* codeBlock = 0;
+    if (executable->isHostFunction())
+        codePtr = executable->generatedJITCodeFor(kind)->addressForCall();
+    else {
+        FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
+        JSObject* error = functionExecutable->prepareForExecution(execCallee, callee->scope(), kind);
+        if (error) {
+            vm->throwException(exec, createStackOverflowError(exec));
+            return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
+        }
+        codeBlock = functionExecutable->codeBlockFor(kind);
+        if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
+            codePtr = functionExecutable->generatedJITCodeWithArityCheckFor(kind);
+        else
+            codePtr = functionExecutable->generatedJITCodeFor(kind)->addressForCall();
+    }
+    CallLinkInfo& callLinkInfo = exec->codeBlock()->getCallLinkInfo(execCallee->returnPC());
+    if (!callLinkInfo.seenOnce())
+        callLinkInfo.setSeen();
+    else
+        linkFor(execCallee, callLinkInfo, codeBlock, callee, codePtr, kind);
+    return reinterpret_cast<char*>(codePtr.executableAddress());
+}
+
+char* DFG_OPERATION operationLinkCall(ExecState* execCallee)
+{
+    return linkFor(execCallee, CodeForCall);
+}
+
+char* DFG_OPERATION operationLinkConstruct(ExecState* execCallee)
+{
+    return linkFor(execCallee, CodeForConstruct);
+}
+
+inline char* virtualForWithFunction(ExecState* execCallee, CodeSpecializationKind kind, JSCell*& calleeAsFunctionCell)
+{
+    ExecState* exec = execCallee->callerFrame();
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    JSValue calleeAsValue = execCallee->calleeAsValue();
+    calleeAsFunctionCell = getJSFunction(calleeAsValue);
+    if (UNLIKELY(!calleeAsFunctionCell))
+        return reinterpret_cast<char*>(handleHostCall(execCallee, calleeAsValue, kind));
+    
+    JSFunction* function = jsCast<JSFunction*>(calleeAsFunctionCell);
+    execCallee->setScope(function->scopeUnchecked());
+    ExecutableBase* executable = function->executable();
+    if (UNLIKELY(!executable->hasJITCodeFor(kind))) {
+        FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
+        JSObject* error = functionExecutable->prepareForExecution(execCallee, function->scope(), kind);
+        if (error) {
+            exec->vm().throwException(execCallee, error);
+            return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
+        }
+    }
+    return reinterpret_cast<char*>(executable->generatedJITCodeWithArityCheckFor(kind).executableAddress());
+}
+
+inline char* virtualFor(ExecState* execCallee, CodeSpecializationKind kind)
+{
+    JSCell* calleeAsFunctionCellIgnored;
+    return virtualForWithFunction(execCallee, kind, calleeAsFunctionCellIgnored);
+}
+
+static bool attemptToOptimizeClosureCall(ExecState* execCallee, JSCell* calleeAsFunctionCell, CallLinkInfo& callLinkInfo)
+{
+    if (!calleeAsFunctionCell)
+        return false;
+    
+    JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
+    JSFunction* oldCallee = callLinkInfo.callee.get();
+    
+    if (!oldCallee
+        || oldCallee->structure() != callee->structure()
+        || oldCallee->executable() != callee->executable())
+        return false;
+    
+    ASSERT(callee->executable()->hasJITCodeForCall());
+    MacroAssemblerCodePtr codePtr = callee->executable()->generatedJITCodeForCall()->addressForCall();
+    
+    CodeBlock* codeBlock;
+    if (callee->executable()->isHostFunction())
+        codeBlock = 0;
+    else {
+        codeBlock = jsCast<FunctionExecutable*>(callee->executable())->codeBlockForCall();
+        if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
+            return false;
+    }
+    
+    linkClosureCall(
+        execCallee, callLinkInfo, codeBlock,
+        callee->structure(), callee->executable(), codePtr);
+    
+    return true;
+}
+
+char* DFG_OPERATION operationLinkClosureCall(ExecState* execCallee)
+{
+    JSCell* calleeAsFunctionCell;
+    char* result = virtualForWithFunction(execCallee, CodeForCall, calleeAsFunctionCell);
+    CallLinkInfo& callLinkInfo = execCallee->callerFrame()->codeBlock()->getCallLinkInfo(execCallee->returnPC());
+
+    if (!attemptToOptimizeClosureCall(execCallee, calleeAsFunctionCell, callLinkInfo))
+        linkSlowFor(execCallee, callLinkInfo, CodeForCall);
+    
+    return result;
+}
+
+char* DFG_OPERATION operationVirtualCall(ExecState* execCallee)
+{    
+    return virtualFor(execCallee, CodeForCall);
+}
+
+char* DFG_OPERATION operationVirtualConstruct(ExecState* execCallee)
+{
+    return virtualFor(execCallee, CodeForConstruct);
+}
+
+EncodedJSValue DFG_OPERATION operationToPrimitive(ExecState* exec, EncodedJSValue value)
 {
     VM* vm = &exec->vm();
@@ -604 +1418 @@
 }
 
-char* JIT_OPERATION operationNewArray(ExecState* exec, Structure* arrayStructure, void* buffer, size_t size)
+char* DFG_OPERATION operationNewArray(ExecState* exec, Structure* arrayStructure, void* buffer, size_t size)
 {
     VM* vm = &exec->vm();
@@ -612 +1426 @@
 }
 
-char* JIT_OPERATION operationNewEmptyArray(ExecState* exec, Structure* arrayStructure)
+char* DFG_OPERATION operationNewEmptyArray(ExecState* exec, Structure* arrayStructure)
 {
     VM* vm = &exec->vm();
@@ -620 +1434 @@
 }
 
-char* JIT_OPERATION operationNewArrayWithSize(ExecState* exec, Structure* arrayStructure, int32_t size)
+char* DFG_OPERATION operationNewArrayWithSize(ExecState* exec, Structure* arrayStructure, int32_t size)
 {
     VM* vm = &exec->vm();
@@ -631 +1445 @@
 }
 
-char* JIT_OPERATION operationNewArrayBuffer(ExecState* exec, Structure* arrayStructure, size_t start, size_t size)
+char* DFG_OPERATION operationNewArrayBuffer(ExecState* exec, Structure* arrayStructure, size_t start, size_t size)
 {
     VM& vm = exec->vm();
@@ -638 +1452 @@
 }
 
-char* JIT_OPERATION operationNewInt8ArrayWithSize(
+char* DFG_OPERATION operationNewInt8ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -644 +1458 @@
 }
 
-char* JIT_OPERATION operationNewInt8ArrayWithOneArgument(
+char* DFG_OPERATION operationNewInt8ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -650 +1464 @@
 }
 
-char* JIT_OPERATION operationNewInt16ArrayWithSize(
+char* DFG_OPERATION operationNewInt16ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -656 +1470 @@
 }
 
-char* JIT_OPERATION operationNewInt16ArrayWithOneArgument(
+char* DFG_OPERATION operationNewInt16ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -662 +1476 @@
 }
 
-char* JIT_OPERATION operationNewInt32ArrayWithSize(
+char* DFG_OPERATION operationNewInt32ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -668 +1482 @@
 }
 
-char* JIT_OPERATION operationNewInt32ArrayWithOneArgument(
+char* DFG_OPERATION operationNewInt32ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -674 +1488 @@
 }
 
-char* JIT_OPERATION operationNewUint8ArrayWithSize(
+char* DFG_OPERATION operationNewUint8ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -680 +1494 @@
 }
 
-char* JIT_OPERATION operationNewUint8ArrayWithOneArgument(
+char* DFG_OPERATION operationNewUint8ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -686 +1500 @@
 }
 
-char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(
+char* DFG_OPERATION operationNewUint8ClampedArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -692 +1506 @@
 }
 
-char* JIT_OPERATION operationNewUint8ClampedArrayWithOneArgument(
+char* DFG_OPERATION operationNewUint8ClampedArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -698 +1512 @@
 }
 
-char* JIT_OPERATION operationNewUint16ArrayWithSize(
+char* DFG_OPERATION operationNewUint16ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -704 +1518 @@
 }
 
-char* JIT_OPERATION operationNewUint16ArrayWithOneArgument(
+char* DFG_OPERATION operationNewUint16ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -710 +1524 @@
 }
 
-char* JIT_OPERATION operationNewUint32ArrayWithSize(
+char* DFG_OPERATION operationNewUint32ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -716 +1530 @@
 }
 
-char* JIT_OPERATION operationNewUint32ArrayWithOneArgument(
+char* DFG_OPERATION operationNewUint32ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -722 +1536 @@
 }
 
-char* JIT_OPERATION operationNewFloat32ArrayWithSize(
+char* DFG_OPERATION operationNewFloat32ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -728 +1542 @@
 }
 
-char* JIT_OPERATION operationNewFloat32ArrayWithOneArgument(
+char* DFG_OPERATION operationNewFloat32ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -734 +1548 @@
 }
 
-char* JIT_OPERATION operationNewFloat64ArrayWithSize(
+char* DFG_OPERATION operationNewFloat64ArrayWithSize(
     ExecState* exec, Structure* structure, int32_t length)
 {
@@ -740 +1554 @@
 }
 
-char* JIT_OPERATION operationNewFloat64ArrayWithOneArgument(
+char* DFG_OPERATION operationNewFloat64ArrayWithOneArgument(
     ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
 {
@@ -746 +1560 @@
 }
 
-EncodedJSValue JIT_OPERATION operationNewRegexp(ExecState* exec, void* regexpPtr)
+EncodedJSValue DFG_OPERATION operationNewRegexp(ExecState* exec, void* regexpPtr)
 {
     VM& vm = exec->vm();
@@ -759 +1573 @@
 }
 
-JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec)
+JSCell* DFG_OPERATION operationCreateActivation(ExecState* exec)
 {
     VM& vm = exec->vm();
@@ -768 +1582 @@
 }
 
-JSCell* JIT_OPERATION operationCreateArguments(ExecState* exec)
+JSCell* DFG_OPERATION operationCreateArguments(ExecState* exec)
 {
     VM& vm = exec->vm();
@@ -779 +1593 @@
 }
 
-JSCell* JIT_OPERATION operationCreateInlinedArguments(
+JSCell* DFG_OPERATION operationCreateInlinedArguments(
     ExecState* exec, InlineCallFrame* inlineCallFrame)
 {
@@ -791 +1605 @@
 }
 
-void JIT_OPERATION operationTearOffArguments(ExecState* exec, JSCell* argumentsCell, JSCell* activationCell)
+void DFG_OPERATION operationTearOffArguments(ExecState* exec, JSCell* argumentsCell, JSCell* activationCell)
 {
     ASSERT(exec->codeBlock()->usesArguments());
@@ -801 +1615 @@
 }
 
-void JIT_OPERATION operationTearOffInlinedArguments(
+void DFG_OPERATION operationTearOffInlinedArguments(
     ExecState* exec, JSCell* argumentsCell, JSCell* activationCell, InlineCallFrame* inlineCallFrame)
 {
@@ -808 +1622 @@
 }
 
-EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState* exec, int32_t argumentsRegister)
+EncodedJSValue DFG_OPERATION operationGetArgumentsLength(ExecState* exec, int32_t argumentsRegister)
 {
     VM& vm = exec->vm();
@@ -820 +1634 @@
 }
 
-EncodedJSValue JIT_OPERATION operationGetArgumentByVal(ExecState* exec, int32_t argumentsRegister, int32_t index)
+EncodedJSValue DFG_OPERATION operationGetArgumentByVal(ExecState* exec, int32_t argumentsRegister, int32_t index)
 {
     VM& vm = exec->vm();
@@ -835 +1649 @@
 }
 
-EncodedJSValue JIT_OPERATION operationGetInlinedArgumentByVal(
+EncodedJSValue DFG_OPERATION operationGetInlinedArgumentByVal(
     ExecState* exec, int32_t argumentsRegister, InlineCallFrame* inlineCallFrame, int32_t index)
 {
@@ -853 +1667 @@
 }
 
-JSCell* JIT_OPERATION operationNewFunctionNoCheck(ExecState* exec, JSCell* functionExecutable)
+JSCell* DFG_OPERATION operationNewFunctionNoCheck(ExecState* exec, JSCell* functionExecutable)
 {
     ASSERT(functionExecutable->inherits(FunctionExecutable::info()));
@@ -861 +1675 @@
 }
 
-EncodedJSValue JIT_OPERATION operationNewFunction(ExecState* exec, JSCell* functionExecutable)
+EncodedJSValue DFG_OPERATION operationNewFunction(ExecState* exec, JSCell* functionExecutable)
 {
     ASSERT(functionExecutable->inherits(FunctionExecutable::info()));
@@ -869 +1683 @@
 }
 
-JSCell* JIT_OPERATION operationNewFunctionExpression(ExecState* exec, JSCell* functionExecutableAsCell)
+JSCell* DFG_OPERATION operationNewFunctionExpression(ExecState* exec, JSCell* functionExecutableAsCell)
 {
     ASSERT(functionExecutableAsCell->inherits(FunctionExecutable::info()));
@@ -881 +1695 @@
 }
 
-size_t JIT_OPERATION operationIsObject(ExecState* exec, EncodedJSValue value)
+size_t DFG_OPERATION operationIsObject(ExecState* exec, EncodedJSValue value)
 {
     return jsIsObjectType(exec, JSValue::decode(value));
 }
 
-size_t JIT_OPERATION operationIsFunction(EncodedJSValue value)
+size_t DFG_OPERATION operationIsFunction(EncodedJSValue value)
 {
     return jsIsFunctionType(JSValue::decode(value));
 }
 
-JSCell* JIT_OPERATION operationTypeOf(ExecState* exec, JSCell* value)
+JSCell* DFG_OPERATION operationTypeOf(ExecState* exec, JSCell* value)
 {
     return jsTypeStringForValue(exec, JSValue(value)).asCell();
 }
 
-char* JIT_OPERATION operationAllocatePropertyStorageWithInitialCapacity(ExecState* exec)
+void DFG_OPERATION operationReallocateStorageAndFinishPut(ExecState* exec, JSObject* base, Structure* structure, PropertyOffset offset, EncodedJSValue value)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+
+    ASSERT(structure->outOfLineCapacity() > base->structure()->outOfLineCapacity());
+    ASSERT(!vm.heap.storageAllocator().fastPathShouldSucceed(structure->outOfLineCapacity() * sizeof(JSValue)));
+    base->setStructureAndReallocateStorageIfNecessary(vm, structure);
+    base->putDirect(vm, offset, JSValue::decode(value));
+}
+
+char* DFG_OPERATION operationAllocatePropertyStorageWithInitialCapacity(ExecState* exec)
 {
     VM& vm = exec->vm();
@@ -905 +1730 @@
 }
 
-char* JIT_OPERATION operationAllocatePropertyStorage(ExecState* exec, size_t newSize)
+char* DFG_OPERATION operationAllocatePropertyStorage(ExecState* exec, size_t newSize)
 {
     VM& vm = exec->vm();
@@ -914 +1739 @@
 }
 
-char* JIT_OPERATION operationReallocateButterflyToHavePropertyStorageWithInitialCapacity(ExecState* exec, JSObject* object)
+char* DFG_OPERATION operationReallocateButterflyToHavePropertyStorageWithInitialCapacity(ExecState* exec, JSObject* object)
 {
     VM& vm = exec->vm();
@@ -925 +1750 @@
 }
 
-char* JIT_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState* exec, JSObject* object, size_t newSize)
+char* DFG_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState* exec, JSObject* object, size_t newSize)
 {
     VM& vm = exec->vm();
@@ -935 +1760 @@
 }
 
-char* JIT_OPERATION operationEnsureInt32(ExecState* exec, JSCell* cell)
+char* DFG_OPERATION operationEnsureInt32(ExecState* exec, JSCell* cell)
 {
     VM& vm = exec->vm();
@@ -946 +1771 @@
 }
 
-char* JIT_OPERATION operationEnsureDouble(ExecState* exec, JSCell* cell)
+char* DFG_OPERATION operationEnsureDouble(ExecState* exec, JSCell* cell)
 {
     VM& vm = exec->vm();
@@ -957 +1782 @@
 }
 
-char* JIT_OPERATION operationEnsureContiguous(ExecState* exec, JSCell* cell)
+char* DFG_OPERATION operationEnsureContiguous(ExecState* exec, JSCell* cell)
 {
     VM& vm = exec->vm();
@@ -968 +1793 @@
 }
 
-char* JIT_OPERATION operationRageEnsureContiguous(ExecState* exec, JSCell* cell)
+char* DFG_OPERATION operationRageEnsureContiguous(ExecState* exec, JSCell* cell)
 {
     VM& vm = exec->vm();
@@ -979 +1804 @@
 }
 
-char* JIT_OPERATION operationEnsureArrayStorage(ExecState* exec, JSCell* cell)
+char* DFG_OPERATION operationEnsureArrayStorage(ExecState* exec, JSCell* cell)
 {
     VM& vm = exec->vm();
@@ -990 +1815 @@
 }
 
-StringImpl* JIT_OPERATION operationResolveRope(ExecState* exec, JSString* string)
+StringImpl* DFG_OPERATION operationResolveRope(ExecState* exec, JSString* string)
 {
     VM& vm = exec->vm();
@@ -998 +1823 @@
 }
 
-JSString* JIT_OPERATION operationSingleCharacterString(ExecState* exec, int32_t character)
+JSString* DFG_OPERATION operationSingleCharacterString(ExecState* exec, int32_t character)
 {
     VM& vm = exec->vm();
@@ -1006 +1831 @@
 }
 
-JSCell* JIT_OPERATION operationNewStringObject(ExecState* exec, JSString* string, Structure* structure)
+JSCell* DFG_OPERATION operationNewStringObject(ExecState* exec, JSString* string, Structure* structure)
 {
     VM& vm = exec->vm();
@@ -1014 +1839 @@
 }
 
-JSCell* JIT_OPERATION operationToStringOnCell(ExecState* exec, JSCell* cell)
+JSCell* DFG_OPERATION operationToStringOnCell(ExecState* exec, JSCell* cell)
 {
     VM& vm = exec->vm();
@@ -1022 +1847 @@
 }
 
-JSCell* JIT_OPERATION operationToString(ExecState* exec, EncodedJSValue value)
+JSCell* DFG_OPERATION operationToString(ExecState* exec, EncodedJSValue value)
 {
     VM& vm = exec->vm();
@@ -1030 +1855 @@
 }
 
-JSCell* JIT_OPERATION operationMakeRope2(ExecState* exec, JSString* left, JSString* right)
+JSCell* DFG_OPERATION operationMakeRope2(ExecState* exec, JSString* left, JSString* right)
 {
     VM& vm = exec->vm();
@@ -1038 +1863 @@
 }
 
-JSCell* JIT_OPERATION operationMakeRope3(ExecState* exec, JSString* a, JSString* b, JSString* c)
+JSCell* DFG_OPERATION operationMakeRope3(ExecState* exec, JSString* a, JSString* b, JSString* c)
 {
     VM& vm = exec->vm();
@@ -1046 +1871 @@
 }
 
-char* JIT_OPERATION operationFindSwitchImmTargetForDouble(
+char* DFG_OPERATION operationFindSwitchImmTargetForDouble(
     ExecState* exec, EncodedJSValue encodedValue, size_t tableIndex)
 {
@@ -1060 +1885 @@
 }
 
-char* JIT_OPERATION operationSwitchString(ExecState* exec, size_t tableIndex, JSString* string)
+char* DFG_OPERATION operationSwitchString(ExecState* exec, size_t tableIndex, JSString* string)
 {
     VM& vm = exec->vm();
@@ -1068 +1893 @@
 }
 
-double JIT_OPERATION operationFModOnInts(int32_t a, int32_t b)
+double DFG_OPERATION operationFModOnInts(int32_t a, int32_t b)
 {
     return fmod(a, b);
 }
 
-JSCell* JIT_OPERATION operationStringFromCharCode(ExecState* exec, int32_t op1)
+JSCell* DFG_OPERATION operationStringFromCharCode(ExecState* exec, int32_t op1)
 {
     VM* vm = &exec->vm();
@@ -1080 +1905 @@
 }
 
-size_t JIT_OPERATION dfgConvertJSValueToInt32(ExecState* exec, EncodedJSValue value)
+DFGHandlerEncoded DFG_OPERATION lookupExceptionHandler(ExecState* exec, uint32_t callIndex)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    JSValue exceptionValue = exec->exception();
+    ASSERT(exceptionValue);
+    
+    unsigned vPCIndex = exec->codeBlock()->bytecodeOffsetForCallAtIndex(callIndex);
+    ExceptionHandler handler = genericUnwind(vm, exec, exceptionValue, vPCIndex);
+    ASSERT(handler.catchRoutine);
+    return dfgHandlerEncoded(handler.callFrame, handler.catchRoutine);
+}
+
+DFGHandlerEncoded DFG_OPERATION lookupExceptionHandlerInStub(ExecState* exec, StructureStubInfo* stubInfo)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    JSValue exceptionValue = exec->exception();
+    ASSERT(exceptionValue);
+    
+    CodeOrigin codeOrigin = stubInfo->codeOrigin;
+    while (codeOrigin.inlineCallFrame)
+        codeOrigin = codeOrigin.inlineCallFrame->caller;
+    
+    ExceptionHandler handler = genericUnwind(vm, exec, exceptionValue, codeOrigin.bytecodeIndex);
+    ASSERT(handler.catchRoutine);
+    return dfgHandlerEncoded(handler.callFrame, handler.catchRoutine);
+}
+
+size_t DFG_OPERATION dfgConvertJSValueToInt32(ExecState* exec, EncodedJSValue value)
 {
     VM* vm = &exec->vm();
@@ -1089 +1945 @@
 }
 
-size_t JIT_OPERATION dfgConvertJSValueToBoolean(ExecState* exec, EncodedJSValue encodedOp)
+size_t DFG_OPERATION dfgConvertJSValueToBoolean(ExecState* exec, EncodedJSValue encodedOp)
 {
     VM* vm = &exec->vm();
@@ -1097 +1953 @@
 }
 
-void JIT_OPERATION debugOperationPrintSpeculationFailure(ExecState* exec, void* debugInfoRaw, void* scratch)
+void DFG_OPERATION debugOperationPrintSpeculationFailure(ExecState* exec, void* debugInfoRaw, void* scratch)
 {
     VM* vm = &exec->vm();
@@ -1135 +1991 @@
 }
 
-extern "C" void JIT_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock)
+extern "C" void DFG_OPERATION triggerReoptimizationNow(CodeBlock* codeBlock)
 {
     // It's sort of preferable that we don't GC while in here. Anyways, doing so wouldn't
@@ -1179 +2035 @@
 
 #if ENABLE(FTL_JIT)
-void JIT_OPERATION triggerTierUpNow(ExecState* exec)
+void DFG_OPERATION triggerTierUpNow(ExecState* exec)
 {
     VM* vm = &exec->vm();
@@ -1241 +2097 @@
 }
 
-char* JIT_OPERATION triggerOSREntryNow(
+char* DFG_OPERATION triggerOSREntryNow(
     ExecState* exec, int32_t bytecodeIndex, int32_t streamIndex)
 {
@@ -1360 +2216 @@
 // FIXME: Make calls work well. Currently they're a pure regression.
 // https://bugs.webkit.org/show_bug.cgi?id=113621
-EncodedJSValue JIT_OPERATION operationFTLCall(ExecState* exec)
+EncodedJSValue DFG_OPERATION operationFTLCall(ExecState* exec)
 {
     ExecState* callerExec = exec->callerFrame();
@@ -1380 +2236 @@
 // FIXME: Make calls work well. Currently they're a pure regression.
 // https://bugs.webkit.org/show_bug.cgi?id=113621
-EncodedJSValue JIT_OPERATION operationFTLConstruct(ExecState* exec)
+EncodedJSValue DFG_OPERATION operationFTLConstruct(ExecState* exec)
 {
     ExecState* callerExec = exec->callerFrame();