Changeset 36821 in webkit for trunk/JavaScriptCore/VM/Machine.cpp

Timestamp:

Sep 23, 2008, 5:27:18 PM (17 years ago)

Author:

[email protected]

Message:

2008-09-23 Geoffrey Garen <​[email protected]>

Reviewed by Darin Adler.

Changed the layout of the call frame from

{ header, parameters, locals | constants, temporaries }

to

{ parameters, header | locals, constants, temporaries }

This simplifies function entry+exit, and enables a number of future
optimizations.

13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
empty call benchmark for CTI.

SunSpider says no change. SunSpider --v8 says 1% faster.

• VM/CTI.cpp:

Added a bit of abstraction for calculating whether a register is a
constant, since this patch changes that calculation:
(JSC::CTI::isConstant):
(JSC::CTI::getConstant):
(JSC::CTI::emitGetArg):
(JSC::CTI::emitGetPutArg):
(JSC::CTI::getConstantImmediateNumericArg):

Updated for changes to callframe header location:
(JSC::CTI::emitPutToCallFrameHeader):
(JSC::CTI::emitGetFromCallFrameHeader):
(JSC::CTI::printOpcodeOperandTypes):

Renamed to spite Oliver:
(JSC::CTI::emitInitRegister):

Added an abstraction for emitting a call through a register, so that
calls through registers generate exception info, too:
(JSC::CTI::emitCall):

Updated to match the new callframe header layout, and to support calls
through registers, which have no destination address:
(JSC::CTI::compileOpCall):
(JSC::CTI::privateCompileMainPass):
(JSC::CTI::privateCompileSlowCases):
(JSC::CTI::privateCompile):

• VM/CTI.h:

More of the above:
(JSC::CallRecord::CallRecord):

• VM/CodeBlock.cpp:

Updated for new register layout:
(JSC::registerName):
(JSC::CodeBlock::dump):

• VM/CodeBlock.h:

Updated CodeBlock to track slightly different information about the
register frame, and tweaked the style of an ASSERT_NOT_REACHED.
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::getStubInfo):

• VM/CodeGenerator.cpp:

Added some abstraction around constant register allocation, since this
patch changes it, changed codegen to account for the new callframe
layout, and added abstraction around register fetching code
that used to assume that all local registers lived at negative indices,
since vars now live at positive indices:
(JSC::CodeGenerator::generate):
(JSC::CodeGenerator::addVar):
(JSC::CodeGenerator::addGlobalVar):
(JSC::CodeGenerator::allocateConstants):
(JSC::CodeGenerator::CodeGenerator):
(JSC::CodeGenerator::addParameter):
(JSC::CodeGenerator::registerFor):
(JSC::CodeGenerator::constRegisterFor):
(JSC::CodeGenerator::newRegister):
(JSC::CodeGenerator::newTemporary):
(JSC::CodeGenerator::highestUsedRegister):
(JSC::CodeGenerator::addConstant):

ASSERT that our caller referenced the registers it passed to us.
Otherwise, we might overwrite them with parameters:
(JSC::CodeGenerator::emitCall):
(JSC::CodeGenerator::emitConstruct):

• VM/CodeGenerator.h:

Added some abstraction for getting a RegisterID for a given index,
since the rules are a little weird:
(JSC::CodeGenerator::registerFor):

• VM/Machine.cpp:

Utility function to transform a machine return PC to a virtual machine
return VPC, for the sake of stack unwinding, since both PCs are stored
in the same location now:
(JSC::vPCForPC):

Tweaked to account for new call frame:
(JSC::Machine::initializeCallFrame):

Tweaked to account for registerOffset supplied by caller:
(JSC::slideRegisterWindowForCall):

Tweaked to account for new register layout:
(JSC::scopeChainForCall):
(JSC::Machine::callEval):
(JSC::Machine::dumpRegisters):
(JSC::Machine::unwindCallFrame):
(JSC::Machine::execute):

Changed op_call and op_construct to implement the new calling convention:
(JSC::Machine::privateExecute):

Tweaked to account for the new register layout:
(JSC::Machine::retrieveArguments):
(JSC::Machine::retrieveCaller):
(JSC::Machine::retrieveLastCaller):
(JSC::Machine::callFrame):
(JSC::Machine::getArgumentsData):

Changed CTI call helpers to implement the new calling convention:
(JSC::Machine::cti_op_call_JSFunction):
(JSC::Machine::cti_op_call_NotJSFunction):
(JSC::Machine::cti_op_ret_activation):
(JSC::Machine::cti_op_ret_profiler):
(JSC::Machine::cti_op_construct_JSConstruct):
(JSC::Machine::cti_op_construct_NotJSConstruct):
(JSC::Machine::cti_op_call_eval):

• VM/Machine.h:

• VM/Opcode.h:

Renamed op_initialise_locals to op_init, because this opcode
doesn't initialize all locals, and it doesn't initialize only locals.
Also, to spite Oliver.

• VM/RegisterFile.h:

New call frame enumeration values:
(JSC::RegisterFile::):

Simplified the calculation of whether a RegisterID is a temporary,
since we can no longer assume that all positive non-constant registers
are temporaries:

• VM/RegisterID.h: (JSC::RegisterID::RegisterID): (JSC::RegisterID::setTemporary): (JSC::RegisterID::isTemporary):

Renamed firstArgumentIndex to firstParameterIndex because the assumption
that this variable pertained to the actual arguments supplied by the
caller caused me to write some buggy code:

• kjs/Arguments.cpp: (JSC::ArgumentsData::ArgumentsData): (JSC::Arguments::Arguments): (JSC::Arguments::fillArgList): (JSC::Arguments::getOwnPropertySlot): (JSC::Arguments::put):

Updated for new call frame layout:

• kjs/DebuggerCallFrame.cpp: (JSC::DebuggerCallFrame::functionName): (JSC::DebuggerCallFrame::type):
• kjs/DebuggerCallFrame.h:

Changed the activation object to account for the fact that a call frame
header now sits between parameters and local variables. This change
requires all variable objects to do their own marking, since they
now use their register storage differently:

• kjs/JSActivation.cpp: (JSC::JSActivation::mark): (JSC::JSActivation::copyRegisters): (JSC::JSActivation::createArgumentsObject):
• kjs/JSActivation.h:

Updated global object to use the new interfaces required by the change
to JSActivation above:

• kjs/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::mark): (JSC::JSGlobalObject::copyGlobalsFrom): (JSC::JSGlobalObject::copyGlobalsTo):
• kjs/JSGlobalObject.h: (JSC::JSGlobalObject::addStaticGlobals):

Updated static scope object to use the new interfaces required by the
change to JSActivation above:

• kjs/JSStaticScopeObject.cpp: (JSC::JSStaticScopeObject::mark): (JSC::JSStaticScopeObject::~JSStaticScopeObject):
• kjs/JSStaticScopeObject.h: (JSC::JSStaticScopeObject::JSStaticScopeObject): (JSC::JSStaticScopeObject::d):

Updated variable object to use the new interfaces required by the
change to JSActivation above:

• kjs/JSVariableObject.cpp: (JSC::JSVariableObject::copyRegisterArray): (JSC::JSVariableObject::setRegisters):
• kjs/JSVariableObject.h:

Changed the bit twiddling in symbol table not to assume that all indices
are negative, since they can be positive now:

• kjs/SymbolTable.h: (JSC::SymbolTableEntry::SymbolTableEntry): (JSC::SymbolTableEntry::isNull): (JSC::SymbolTableEntry::getIndex): (JSC::SymbolTableEntry::getAttributes): (JSC::SymbolTableEntry::setAttributes): (JSC::SymbolTableEntry::isReadOnly): (JSC::SymbolTableEntry::pack): (JSC::SymbolTableEntry::isValidIndex):

Changed call and construct nodes to ref their functions and/or bases,
so that emitCall/emitConstruct doesn't overwrite them with parameters.
Also, updated for rename to registerFor:

• kjs/nodes.cpp: (JSC::ResolveNode::emitCode): (JSC::NewExprNode::emitCode): (JSC::EvalFunctionCallNode::emitCode): (JSC::FunctionCallValueNode::emitCode): (JSC::FunctionCallResolveNode::emitCode): (JSC::FunctionCallBracketNode::emitCode): (JSC::FunctionCallDotNode::emitCode): (JSC::PostfixResolveNode::emitCode): (JSC::DeleteResolveNode::emitCode): (JSC::TypeOfResolveNode::emitCode): (JSC::PrefixResolveNode::emitCode): (JSC::ReadModifyResolveNode::emitCode): (JSC::AssignResolveNode::emitCode): (JSC::ConstDeclNode::emitCodeSingle): (JSC::ForInNode::emitCode):

Added abstraction for getting exception info out of a call through a
register:

• masm/X86Assembler.h: (JSC::X86Assembler::emitCall):

Removed duplicate #if:

• wtf/Platform.h:

File:

• trunk/JavaScriptCore/VM/Machine.cpp (modified) (54 diffs)

trunk/JavaScriptCore/VM/Machine.cpp

@@ -84 +84 @@
 #endif
 
+#if ENABLE(CTI)
+
+ALWAYS_INLINE static Instruction* vPCForPC(CodeBlock* codeBlock, void* pc)
+{
+    if (pc >= codeBlock->instructions.begin() && pc < codeBlock->instructions.end())
+        return static_cast<Instruction*>(pc);
+
+    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(pc));
+    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(pc);
+    return codeBlock->instructions.begin() + vPCIndex;
+}
+
+#else // #ENABLE(CTI)
+
+ALWAYS_INLINE static Instruction* vPCForPC(CodeBlock*, void* pc)
+{
+    return static_cast<Instruction*>(pc);
+}
+
+#endif // #ENABLE(CTI)
+
 // Returns the depth of the scope chain within a given call frame.
 static int depth(CodeBlock* codeBlock, ScopeChain& sc)
@@ -499 +520 @@
 }
 
-ALWAYS_INLINE void Machine::initializeCallFrame(Register* callFrame, CodeBlock* codeBlock, Instruction* vPC, ScopeChainNode* scopeChain, Register* r, int returnValueRegister, int argv, int argc, JSValue* function)
+ALWAYS_INLINE void Machine::initializeCallFrame(Register* callFrame, CodeBlock* codeBlock, Instruction* vPC, ScopeChainNode* scopeChain, Register* r, int returnValueRegister, int argc, JSValue* function)
 {
     callFrame[RegisterFile::CallerCodeBlock] = codeBlock;
-    callFrame[RegisterFile::ReturnVPC] = vPC + 1;
     callFrame[RegisterFile::CallerScopeChain] = scopeChain;
     callFrame[RegisterFile::CallerRegisters] = r;
+    callFrame[RegisterFile::ReturnPC] = vPC + 1;
     callFrame[RegisterFile::ReturnValueRegister] = returnValueRegister;
-    callFrame[RegisterFile::ArgumentStartRegister] = argv; // original argument vector (for the sake of the "arguments" object)
     callFrame[RegisterFile::ArgumentCount] = argc; // original argument count (for the sake of the "arguments" object)
     callFrame[RegisterFile::Callee] = function;
@@ -512 +532 @@
 }
 
-ALWAYS_INLINE Register* slideRegisterWindowForCall(ExecState* exec, CodeBlock* newCodeBlock, RegisterFile* registerFile, Register* registerBase, Register* r, int argv, int argc, JSValue*& exceptionValue)
-{
-    size_t registerOffset = argv + newCodeBlock->numLocals;
-    size_t size = r - registerBase + registerOffset + newCodeBlock->numConstants + newCodeBlock->numTemporaries;
+ALWAYS_INLINE Register* slideRegisterWindowForCall(ExecState* exec, CodeBlock* newCodeBlock, RegisterFile* registerFile, Register* registerBase, Register* r, size_t registerOffset, int argc, JSValue*& exceptionValue)
+{
+    size_t size = r - registerBase + registerOffset + newCodeBlock->numCalleeRegisters;
 
     if (argc == newCodeBlock->numParameters) { // correct number of arguments
@@ -524 +543 @@
         r += registerOffset;
     } else if (argc < newCodeBlock->numParameters) { // too few arguments -- fill in the blanks
+        size_t omittedArgCount = newCodeBlock->numParameters - argc;
+        registerOffset += omittedArgCount;
+        size += omittedArgCount;
         if (!registerFile->grow(size)) {
             exceptionValue = createStackOverflowError(exec);
@@ -530 +552 @@
         r += registerOffset;
 
-        int omittedArgCount = newCodeBlock->numParameters - argc;
-        Register* endOfParams = r - newCodeBlock->numVars;
-        for (Register* it = endOfParams - omittedArgCount; it != endOfParams; ++it)
-            (*it) = jsUndefined();
-    } else { // too many arguments -- copy return info and expected arguments, leaving the extra arguments behind
-        int shift = argc + RegisterFile::CallFrameHeaderSize;
-        registerOffset += shift;
-        size += shift;
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
+        for (size_t i = 0; i < omittedArgCount; ++i)
+            argv[i] = jsUndefined();
+    } else { // too many arguments -- copy expected arguments, leaving the extra arguments behind
+        size_t numParameters = newCodeBlock->numParameters;
+        registerOffset += numParameters;
+        size += numParameters;
 
         if (!registerFile->grow(size)) {
@@ -545 +566 @@
         r += registerOffset;
 
-        Register* it = r - newCodeBlock->numLocals - RegisterFile::CallFrameHeaderSize - shift;
-        Register* end = it + RegisterFile::CallFrameHeaderSize + newCodeBlock->numParameters;
-        for ( ; it != end; ++it)
-            *(it + shift) = *it;
-    }
-    
-    // initialize local variable slots
-#if ENABLE(CTI)
-    if (!newCodeBlock->ctiCode)
-#endif
-    {
-
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argc;
+        for (size_t i = 0; i < numParameters; ++i)
+            argv[i + argc] = argv[i];
     }
 
@@ -566 +578 @@
     if (newCodeBlock->needsFullScopeChain) {
         JSActivation* activation = new (exec) JSActivation(exec, functionBodyNode, r);
-        r[RegisterFile::OptionalCalleeActivation - RegisterFile::CallFrameHeaderSize - newCodeBlock->numLocals] = activation;
+        r[RegisterFile::OptionalCalleeActivation] = activation;
 
         return callDataScopeChain->copy()->push(activation);
@@ -602 +614 @@
     JSValue* result = 0;
     if (evalNode)
-        result = exec->globalData().machine->execute(evalNode.get(), exec, thisObj, r - registerFile->base() + argv + argc, scopeChain, &exceptionValue);
+        result = exec->globalData().machine->execute(evalNode.get(), exec, thisObj, r - registerFile->base() + argv + 1 + RegisterFile::CallFrameHeaderSize, scopeChain, &exceptionValue);
 
     if (*profiler)
@@ -684 +696 @@
     }
     
-    it = r - codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
-    printf("[CallerCodeBlock]          | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ReturnVPC]                | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[CallerScopeChain]         | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[CallerRegisterOffset]     | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ReturnValueRegister]      | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ArgumentStartRegister]    | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ArgumentCount]            | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[Callee]                   | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[OptionalCalleeActivation] | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("----------------------------------------------------\n");
-
+    it = r - RegisterFile::CallFrameHeaderSize - codeBlock->numParameters;
     printf("[this]                     | %10p | %10p \n", it, (*it).v()); ++it;
     end = it + max(codeBlock->numParameters - 1, 0); // - 1 to skip "this"
@@ -706 +707 @@
     printf("----------------------------------------------------\n");
 
-    if (codeBlock->codeType != GlobalCode) {
-        end = it + codeBlock->numVars;
-        if (it != end) {
-            do {
-                printf("[var]                      | %10p | %10p \n", it, (*it).v());
-                ++it;
-            } while (it != end);
-        printf("----------------------------------------------------\n");
-        }
-    }
-
-    end = it + codeBlock->numTemporaries;
+    printf("[CallerCodeBlock]          | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[CallerScopeChain]         | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[CallerRegisters]          | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[ReturnPC]                 | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[ReturnValueRegister]      | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[ArgumentCount]            | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[Callee]                   | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("[OptionalCalleeActivation] | %10p | %10p \n", it, (*it).v()); ++it;
+    printf("----------------------------------------------------\n");
+
+    int registerCount = 0;
+
+    end = it + codeBlock->numVars;
     if (it != end) {
         do {
-            printf("[temp]                     | %10p | %10p \n", it, (*it).v());
+            printf("[r%2d]                      | %10p | %10p \n", registerCount, it, (*it).v());
             ++it;
+            ++registerCount;
         } while (it != end);
     }
+    printf("----------------------------------------------------\n");
+
+    end = it + codeBlock->numConstants;
+    if (it != end) {
+        do {
+            printf("[r%2d]                      | %10p | %10p \n", registerCount, it, (*it).v());
+            ++it;
+            ++registerCount;
+        } while (it != end);
+    }
+    printf("----------------------------------------------------\n");
+
+    end = it + codeBlock->numCalleeRegisters - codeBlock->numConstants - codeBlock->numVars;
+    if (it != end) {
+        do {
+            printf("[r%2d]                      | %10p | %10p \n", registerCount, it, (*it).v());
+            ++it;
+            ++registerCount;
+        } while (it != end);
+    }
+    printf("----------------------------------------------------\n");
 }
 
@@ -746 +770 @@
 {
     CodeBlock* oldCodeBlock = codeBlock;
-    Register* callFrame = r - oldCodeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
 
     if (Debugger* debugger = exec->dynamicGlobalObject()->debugger()) {
         DebuggerCallFrame debuggerCallFrame(exec, exec->dynamicGlobalObject(), codeBlock, scopeChain, r, exceptionValue);
-        if (callFrame[RegisterFile::Callee].jsValue(exec))
+        if (r[RegisterFile::Callee].jsValue(exec))
             debugger->returnEvent(debuggerCallFrame, codeBlock->ownerNode->sourceId(), codeBlock->ownerNode->lastLine());
         else
@@ -757 +780 @@
 
     if (Profiler* profiler = *Profiler::enabledProfilerReference()) {
-        if (callFrame[RegisterFile::Callee].jsValue(exec))
-            profiler->didExecute(exec, static_cast<JSObject*>(callFrame[RegisterFile::Callee].jsValue(exec)));
+        if (r[RegisterFile::Callee].jsValue(exec))
+            profiler->didExecute(exec, static_cast<JSObject*>(r[RegisterFile::Callee].jsValue(exec)));
         else
             profiler->didExecute(exec, codeBlock->ownerNode->sourceURL(), codeBlock->ownerNode->lineNo());
@@ -767 +790 @@
 
     // If this call frame created an activation, tear it off.
-    if (JSActivation* activation = static_cast<JSActivation*>(callFrame[RegisterFile::OptionalCalleeActivation].jsValue(exec))) {
+    if (JSActivation* activation = static_cast<JSActivation*>(r[RegisterFile::OptionalCalleeActivation].jsValue(exec))) {
         ASSERT(activation->isActivationObject());
         activation->copyRegisters();
     }
     
-    codeBlock = callFrame[RegisterFile::CallerCodeBlock].codeBlock();
+    codeBlock = r[RegisterFile::CallerCodeBlock].codeBlock();
     if (!codeBlock)
         return false;
 
-    scopeChain = callFrame[RegisterFile::CallerScopeChain].scopeChain();
-    r = callFrame[RegisterFile::CallerRegisters].r();
-    exec->m_callFrame = r - oldCodeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
-    vPC = callFrame[RegisterFile::ReturnVPC].vPC();
+    scopeChain = r[RegisterFile::CallerScopeChain].scopeChain();
+    vPC = vPCForPC(codeBlock, r[RegisterFile::ReturnPC].v());
+    r = r[RegisterFile::CallerRegisters].r();
+    exec->m_callFrame = r;
 
     return true;
@@ -863 +886 @@
 
     size_t oldSize = m_registerFile.size();
-    size_t newSize = oldSize + RegisterFile::CallFrameHeaderSize + codeBlock->numVars + codeBlock->numConstants + codeBlock->numTemporaries;
+    size_t newSize = oldSize + codeBlock->numParameters + RegisterFile::CallFrameHeaderSize + codeBlock->numCalleeRegisters;
     if (!m_registerFile.grow(newSize)) {
         *exception = createStackOverflowError(exec);
@@ -873 +896 @@
     globalObject->copyGlobalsTo(m_registerFile);
 
-    Register* callFrame = m_registerFile.base() + oldSize;
-
-    // a 0 codeBlock indicates a built-in caller
-    initializeCallFrame(callFrame, 0, 0, 0, 0, 0, 0, 0, 0);
-
-    Register* r = callFrame + RegisterFile::CallFrameHeaderSize + codeBlock->numVars;
+    Register* r = m_registerFile.base() + oldSize + codeBlock->numParameters + RegisterFile::CallFrameHeaderSize;
     r[codeBlock->thisRegister] = thisObj;
-
-    for (size_t i = 0; i < codeBlock->constantRegisters.size(); ++i)
-        r[i] = codeBlock->constantRegisters[i];
+    initializeCallFrame(r, 0, 0, 0, 0, 0, 0, 0);
 
     if (codeBlock->needsFullScopeChain)
@@ -922 +938 @@
     }
 
-    int argv = RegisterFile::CallFrameHeaderSize;
-    int argc = args.size() + 1; // implicit "this" parameter
-
     size_t oldSize = m_registerFile.size();
-    if (!m_registerFile.grow(oldSize + RegisterFile::CallFrameHeaderSize + argc)) {
+    int argc = 1 + args.size(); // implicit "this" parameter
+
+    if (!m_registerFile.grow(oldSize + argc)) {
         *exception = createStackOverflowError(exec);
         return 0;
     }
 
-    Register* callFrame = m_registerFile.base() + oldSize;
-
-    // put args in place, including "this"
-    Register* dst = callFrame + RegisterFile::CallFrameHeaderSize;
-    (*dst) = thisObj;
+    Register* argv = m_registerFile.base() + oldSize;
+    size_t dst = 0;
+    argv[dst] = thisObj;
 
     ArgList::const_iterator end = args.end();
     for (ArgList::const_iterator it = args.begin(); it != end; ++it)
-        (*++dst) = *it;
-
-    // a 0 codeBlock indicates a built-in caller
-    initializeCallFrame(callFrame, 0, 0, 0, callFrame, 0, argv, argc, function);
+        argv[++dst] = *it;
 
     CodeBlock* newCodeBlock = &functionBodyNode->byteCode(scopeChain);
-    Register* r = slideRegisterWindowForCall(exec, newCodeBlock, &m_registerFile, m_registerFile.base(), callFrame, argv, argc, *exception);
-    if (*exception) {
+    Register* r = slideRegisterWindowForCall(exec, newCodeBlock, &m_registerFile, m_registerFile.base(), argv, argc + RegisterFile::CallFrameHeaderSize, argc, *exception);
+    if (UNLIKELY(*exception != 0)) {
         m_registerFile.shrink(oldSize);
         return 0;
     }
-
-    ExecState newExec(exec, &m_registerFile, scopeChain, callFrame);
+    // a 0 codeBlock indicates a built-in caller
+    initializeCallFrame(r, 0, 0, 0, argv, 0, argc, function);
+
+    ExecState newExec(exec, &m_registerFile, scopeChain, r);
 
     Profiler** profiler = Profiler::enabledProfilerReference();
@@ -974 +986 @@
 }
 
+JSValue* Machine::execute(EvalNode* evalNode, ExecState* exec, JSObject* thisObj, ScopeChainNode* scopeChain, JSValue** exception)
+{
+    return execute(evalNode, exec, thisObj, m_registerFile.size() + evalNode->byteCode(scopeChain).numParameters + RegisterFile::CallFrameHeaderSize, scopeChain, exception);
+}
+
 JSValue* Machine::execute(EvalNode* evalNode, ExecState* exec, JSObject* thisObj, int registerOffset, ScopeChainNode* scopeChain, JSValue** exception)
 {
@@ -1016 +1033 @@
 
     size_t oldSize = m_registerFile.size();
-    size_t newSize = registerOffset + codeBlock->numVars + codeBlock->numConstants + codeBlock->numTemporaries + RegisterFile::CallFrameHeaderSize;
+    size_t newSize = registerOffset + codeBlock->numCalleeRegisters;
     if (!m_registerFile.grow(newSize)) {
         *exception = createStackOverflowError(exec);
@@ -1022 +1039 @@
     }
 
-    Register* callFrame = m_registerFile.base() + registerOffset;
+    Register* r = m_registerFile.base() + registerOffset;
 
     // a 0 codeBlock indicates a built-in caller
-    initializeCallFrame(callFrame, 0, 0, 0, 0, 0, 0, 0, 0);
-
-    Register* r = callFrame + RegisterFile::CallFrameHeaderSize + codeBlock->numVars;
     r[codeBlock->thisRegister] = thisObj;
-
-    for (size_t i = 0; i < codeBlock->constantRegisters.size(); ++i)
-        r[i] = codeBlock->constantRegisters[i];
+    initializeCallFrame(r, 0, 0, 0, 0, 0, 0, 0);
 
     if (codeBlock->needsFullScopeChain)
@@ -3180 +3192 @@
         int firstArg = (++vPC)->u.operand;
         int argCount = (++vPC)->u.operand;
+        ++vPC; // registerOffset
 
         JSValue* funcVal = r[func].jsValue(exec);
@@ -3199 +3212 @@
         // this instruction as a normal function call, supplying the proper 'this'
         // value.
-        vPC -= 5;
+        vPC -= 6;
         r[thisVal] = baseVal->toThisObject(exec);
 
@@ -3211 +3224 @@
     }
     BEGIN_OPCODE(op_call) {
-        /* call dst(r) func(r) thisVal(r) firstArg(r) argCount(n)
+        /* call dst(r) func(r) thisVal(r) firstArg(r) argCount(n) registerOffset(n)
 
            Perform a function call. Specifically, call register func
@@ -3252 +3265 @@
         int firstArg = (++vPC)->u.operand;
         int argCount = (++vPC)->u.operand;
+        int registerOffset = (++vPC)->u.operand;
 
         JSValue* v = r[func].jsValue(exec);
@@ -3258 +3272 @@
         CallType callType = v->getCallData(callData);
 
-        if (*enabledProfilerReference)
-            (*enabledProfilerReference)->willExecute(exec, static_cast<JSObject*>(v));
-
-        Register* callFrame = r + firstArg - RegisterFile::CallFrameHeaderSize;
-        initializeCallFrame(callFrame, codeBlock, vPC, scopeChain, r, dst, firstArg, argCount, v);
-        exec->m_callFrame = callFrame;
-
         if (callType == CallTypeJS) {
-
             ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
             FunctionBodyNode* functionBodyNode = callData.js.functionBody;
@@ -3272 +3278 @@
 
             r[firstArg] = thisVal == missingThisObjectMarker() ? exec->globalThisValue() : r[thisVal].jsValue(exec);
-
-            r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, firstArg, argCount, exceptionValue);
+            
+            Register* savedR = r;
+
+            r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, registerOffset, argCount, exceptionValue);
             if (UNLIKELY(exceptionValue != 0))
                 goto vm_throw;
+
+            initializeCallFrame(r, codeBlock, vPC, scopeChain, savedR, dst, argCount, v);
+            exec->m_callFrame = r;
+    
+            if (*enabledProfilerReference)
+                (*enabledProfilerReference)->willExecute(exec, static_cast<JSObject*>(v));
 
             codeBlock = newCodeBlock;
@@ -3284 +3298 @@
             OpcodeStats::resetLastInstruction();
 #endif
-            
+
             NEXT_OPCODE;
         }
@@ -3292 +3306 @@
             ArgList args(r + firstArg + 1, argCount - 1);
 
+            initializeCallFrame(r + registerOffset, codeBlock, vPC, scopeChain, r, dst, argCount, v);
+            exec->m_callFrame = r + registerOffset;
+
+            if (*enabledProfilerReference)
+                (*enabledProfilerReference)->willExecute(exec, static_cast<JSObject*>(v));
+
             MACHINE_SAMPLING_callingHostFunction();
 
             JSValue* returnValue = callData.native.function(exec, static_cast<JSObject*>(v), thisValue, args);
-            exec->m_callFrame = r - codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
+            exec->m_callFrame = r;
             VM_CHECK_EXCEPTION();
 
@@ -3310 +3330 @@
 
         exceptionValue = createNotAFunctionError(exec, v, vPC, codeBlock);
-        exec->m_callFrame = r - codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
         goto vm_throw;
     }
@@ -3325 +3344 @@
         int result = (++vPC)->u.operand;
 
-        Register* callFrame = r - codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
-        if (JSActivation* activation = static_cast<JSActivation*>(callFrame[RegisterFile::OptionalCalleeActivation].jsValue(exec))) {
+        if (JSActivation* activation = static_cast<JSActivation*>(r[RegisterFile::OptionalCalleeActivation].jsValue(exec))) {
             ASSERT(!codeBlock->needsFullScopeChain || scopeChain->object == activation);
             ASSERT(activation->isActivationObject());
@@ -3333 +3351 @@
 
         if (*enabledProfilerReference)
-            (*enabledProfilerReference)->didExecute(exec, static_cast<JSObject*>(callFrame[RegisterFile::Callee].jsValue(exec)));
+            (*enabledProfilerReference)->didExecute(exec, static_cast<JSObject*>(r[RegisterFile::Callee].jsValue(exec)));
 
         if (codeBlock->needsFullScopeChain)
@@ -3340 +3358 @@
         JSValue* returnValue = r[result].jsValue(exec);
 
-        codeBlock = callFrame[RegisterFile::CallerCodeBlock].codeBlock();
+        codeBlock = r[RegisterFile::CallerCodeBlock].codeBlock();
         if (!codeBlock)
             return returnValue;
 
-        vPC = callFrame[RegisterFile::ReturnVPC].vPC();
-        setScopeChain(exec, scopeChain, callFrame[RegisterFile::CallerScopeChain].scopeChain());
-        r = callFrame[RegisterFile::CallerRegisters].r();
-        exec->m_callFrame = r - codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
-        int dst = callFrame[RegisterFile::ReturnValueRegister].i();
+        vPC = r[RegisterFile::ReturnPC].vPC();
+        setScopeChain(exec, scopeChain, r[RegisterFile::CallerScopeChain].scopeChain());
+        int dst = r[RegisterFile::ReturnValueRegister].i();
+        r = r[RegisterFile::CallerRegisters].r();
+        exec->m_callFrame = r;
         r[dst] = returnValue;
 
         NEXT_OPCODE;
     }
-    BEGIN_OPCODE(op_initialise_locals) {
-        for (Register* it = r - codeBlock->numVars + (codeBlock->codeType == EvalCode); it < r; ++it)
-            (*it) = jsUndefined();
-        for (size_t i = 0; i < codeBlock->constantRegisters.size(); ++i)
-            r[i] = codeBlock->constantRegisters[i];
+    BEGIN_OPCODE(op_init) {
+        size_t i = 0;
+
+        for (size_t count = codeBlock->numVars; i < count; ++i)
+            r[i] = jsUndefined();
+
+        for (size_t count = codeBlock->constantRegisters.size(), j = 0; j < count; ++i, ++j)
+            r[i] = codeBlock->constantRegisters[j];
+
         ++vPC;
         NEXT_OPCODE;
     }
     BEGIN_OPCODE(op_construct) {
-        /* construct dst(r) constr(r) constrProto(r) firstArg(r) argCount(n)
+        /* construct dst(r) constr(r) constrProto(r) firstArg(r) argCount(n) registerOffset(n)
 
            Invoke register "constr" as a constructor. For JS
@@ -3381 +3403 @@
         int firstArg = (++vPC)->u.operand;
         int argCount = (++vPC)->u.operand;
-
-        JSValue* constrVal = r[constr].jsValue(exec);
+        int registerOffset = (++vPC)->u.operand;
+
+        JSValue* v = r[constr].jsValue(exec);
 
         ConstructData constructData;
-        ConstructType constructType = constrVal->getConstructData(constructData);
-
-        // Removing this line of code causes a measurable regression on squirrelfish.
-        JSObject* constructor = static_cast<JSObject*>(constrVal);
+        ConstructType constructType = v->getConstructData(constructData);
 
         if (constructType == ConstructTypeJS) {
             if (*enabledProfilerReference)
-                (*enabledProfilerReference)->willExecute(exec, constructor);
+                (*enabledProfilerReference)->willExecute(exec, static_cast<JSObject*>(v));
 
             StructureID* structure;
@@ -3408 +3428 @@
             r[firstArg] = newObject; // "this" value
 
-            Register* callFrame = r + firstArg - RegisterFile::CallFrameHeaderSize;
-            initializeCallFrame(callFrame, codeBlock, vPC, scopeChain, r, dst, firstArg, argCount, constructor);
-            exec->m_callFrame = callFrame;
-
-            r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, firstArg, argCount, exceptionValue);
-            if (exceptionValue)
+            Register* savedR = r;
+
+            r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, registerOffset, argCount, exceptionValue);
+            if (UNLIKELY(exceptionValue != 0))
                 goto vm_throw;
+
+            initializeCallFrame(r, codeBlock, vPC, scopeChain, savedR, dst, argCount, v);
+            exec->m_callFrame = r;
+    
+            if (*enabledProfilerReference)
+                (*enabledProfilerReference)->didExecute(exec, static_cast<JSObject*>(v));
 
             codeBlock = newCodeBlock;
@@ -3420 +3444 @@
             vPC = codeBlock->instructions.begin();
 
+#if DUMP_OPCODE_STATS
+            OpcodeStats::resetLastInstruction();
+#endif
+
             NEXT_OPCODE;
         }
 
         if (constructType == ConstructTypeHost) {
+            ArgList args(r + firstArg + 1, argCount - 1);
+
+            initializeCallFrame(r + registerOffset, codeBlock, vPC, scopeChain, r, dst, argCount, v);
+            exec->m_callFrame = r + registerOffset;
+
             if (*enabledProfilerReference)
-                (*enabledProfilerReference)->willExecute(exec, constructor);
-
-            ArgList args(r + firstArg + 1, argCount - 1);
+                (*enabledProfilerReference)->willExecute(exec, static_cast<JSObject*>(v));
 
             MACHINE_SAMPLING_callingHostFunction();
 
-            JSValue* returnValue = constructData.native.function(exec, constructor, args);
+            JSValue* returnValue = constructData.native.function(exec, static_cast<JSObject*>(v), args);
+            exec->m_callFrame = r;
 
             VM_CHECK_EXCEPTION();
@@ -3437 +3469 @@
 
             if (*enabledProfilerReference)
-                (*enabledProfilerReference)->didExecute(exec, constructor);
+                (*enabledProfilerReference)->didExecute(exec, static_cast<JSObject*>(v));
 
             ++vPC;
@@ -3445 +3477 @@
         ASSERT(constructType == ConstructTypeNone);
 
-        exceptionValue = createNotAConstructorError(exec, constrVal, vPC, codeBlock);
+        exceptionValue = createNotAConstructorError(exec, v, vPC, codeBlock);
         goto vm_throw;
     }
@@ -3777 +3809 @@
     JSActivation* activation = static_cast<JSActivation*>(callFrame[RegisterFile::OptionalCalleeActivation].jsValue(exec));
     if (!activation) {
-        CodeBlock* codeBlock = &function->m_body->generatedByteCode();
-        activation = new (exec) JSActivation(exec, function->m_body, callFrame + RegisterFile::CallFrameHeaderSize + codeBlock->numLocals);
+        activation = new (exec) JSActivation(exec, function->m_body, callFrame);
         callFrame[RegisterFile::OptionalCalleeActivation] = activation;
     }
@@ -3795 +3826 @@
         return jsNull();
 
-    Register* callerCallFrame = callFrame[RegisterFile::CallerRegisters].r() - callerCodeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
+    Register* callerCallFrame = callFrame[RegisterFile::CallerRegisters].r();
     if (JSValue* caller = callerCallFrame[RegisterFile::Callee].jsValue(exec))
         return caller;
@@ -3816 +3847 @@
         return;
 
-    Instruction* vPC = callFrame[RegisterFile::ReturnVPC].vPC();
+    Instruction* vPC = vPCForPC(callerCodeBlock, callFrame[RegisterFile::ReturnPC].v());
     lineNumber = callerCodeBlock->lineNumberForVPC(vPC - 1);
     sourceId = callerCodeBlock->ownerNode->sourceId();
@@ -3847 +3878 @@
         }
         
-        callFrame = callFrame[RegisterFile::CallerRegisters].r() - callerCodeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
-    }
-}
-
-void Machine::getArgumentsData(Register* callFrame, JSFunction*& function, Register*& argv, int& argc)
+        callFrame = callFrame[RegisterFile::CallerRegisters].r();
+    }
+}
+
+void Machine::getArgumentsData(Register* callFrame, JSFunction*& function, int& firstParameterIndex, Register*& argv, int& argc)
 {
     function = static_cast<JSFunction*>(callFrame[RegisterFile::Callee].getJSValue());
     ASSERT(function->inherits(&JSFunction::info));
-
-    argv = callFrame[RegisterFile::CallerRegisters].r() + callFrame[RegisterFile::ArgumentStartRegister].i() + 1; //  + 1 to skip "this"
-    argc = callFrame[RegisterFile::ArgumentCount].i() - 1; // - 1 to skip "this"
+    
+    CodeBlock* codeBlock = &function->m_body->generatedByteCode();
+    int numParameters = codeBlock->numParameters;
+    argc = callFrame[RegisterFile::ArgumentCount].i();
+
+    if (argc <= numParameters)
+        argv = callFrame - RegisterFile::CallFrameHeaderSize - numParameters + 1; // + 1 to skip "this"
+    else
+        argv = callFrame - RegisterFile::CallFrameHeaderSize - numParameters - argc + 1; // + 1 to skip "this"
+
+    argc -= 1; // - 1 to skip "this"
+    firstParameterIndex = -RegisterFile::CallFrameHeaderSize - numParameters + 1; // + 1 to skip "this"
 }
 
@@ -4370 +4410 @@
     Register* r = ARG_r;
 
-    JSValue* exceptionValue = 0;
     Register* registerBase = registerFile->base();
     
     JSValue* funcVal = ARG_src1;
-    JSValue* thisValue = ARG_src2;
-    int firstArg = ARG_int3;
-    int argCount = ARG_int4;
-
-    // In the JIT code before entering this function we wil have checked the vptr,
-    // and know this is an object of type JSFunction.
+    int registerOffset = ARG_int2;
+    int argCount = ARG_int3;
+
 #ifndef NDEBUG
     CallData callData;
+    ASSERT(funcVal->getCallData(callData) == CallTypeJS);
 #endif
-    ASSERT(funcVal->getCallData(callData) == CallTypeJS);
 
     if (*ARG_profilerReference)
@@ -4392 +4428 @@
 
     CodeBlock* newCodeBlock = &functionBodyNode->byteCode(callDataScopeChain);
-
-    r[firstArg] = thisValue;
-
-    Register* callFrame = r + firstArg - RegisterFile::CallFrameHeaderSize;
-    exec->m_callFrame = callFrame;
-
-    r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, firstArg, argCount, exceptionValue);
+    
+    Register* savedR = r;
+
+    JSValue* exceptionValue = 0;
+    r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, registerOffset, argCount, exceptionValue);
     JSVALUE_VM_CHECK_EXCEPTION_ARG(exceptionValue);
-    
+
+    // RegisterFile::CallerCodeBlock is set by caller
+    r[RegisterFile::CallerScopeChain] = ARG_scopeChain;
+    r[RegisterFile::CallerRegisters] = savedR;
+    // RegisterFile::ReturnPC is set by callee
+    // RegisterFile::ReturnValueRegister is set by caller
+    r[RegisterFile::ArgumentCount] = argCount; // original argument count (for the sake of the "arguments" object)
+    r[RegisterFile::Callee] = funcVal;
+    r[RegisterFile::OptionalCalleeActivation] = nullJSValue;
+
+    exec->m_callFrame = r;
     exec->m_scopeChain = callDataScopeChain;
 
@@ -4434 +4478 @@
 {
     ExecState* exec = ARG_exec;
-    Register* r = ARG_r;
 
     JSValue* funcVal = ARG_src1;
-    JSValue* thisValue = ARG_src2;
-    int firstArg = ARG_int3;
-    int argCount = ARG_int4;
 
     CallData callData;
@@ -4447 +4487 @@
 
     if (callType == CallTypeHost) {
-        Register* oldCallFrame = exec->m_callFrame;
-        Register* callFrame = r + firstArg - RegisterFile::CallFrameHeaderSize;
-        exec->m_callFrame = callFrame;
+        int registerOffset = ARG_int2;
+        int argCount = ARG_int3;
+        Register* r = ARG_r + registerOffset;
+        
+        initializeCallFrame(r, ARG_codeBlock, ARG_instr4, ARG_scopeChain, ARG_r, 0, argCount, funcVal);
+        exec->m_callFrame = r;
 
         if (*ARG_profilerReference)
             (*ARG_profilerReference)->willExecute(exec, static_cast<JSObject*>(funcVal));
 
-        ArgList argList(r + firstArg + 1, argCount - 1);
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - argCount;
+        ArgList argList(argv + 1, argCount - 1);
 
         CTI_MACHINE_SAMPLING_callingHostFunction();
 
-        JSValue* returnValue = callData.native.function(exec, static_cast<JSObject*>(funcVal), thisValue, argList);
-        exec->m_callFrame = oldCallFrame;
+        JSValue* returnValue = callData.native.function(exec, static_cast<JSObject*>(funcVal), argv[0].jsValue(exec), argList);
         VM_CHECK_EXCEPTION(JSValue*);
 
@@ -4465 +4508 @@
             (*ARG_profilerReference)->didExecute(exec, static_cast<JSObject*>(funcVal));
 
+        exec->m_callFrame = ARG_r;
         return returnValue;
-
     }
 
     ASSERT(callType == CallTypeNone);
 
-    exec->setException(createNotAFunctionError(exec, funcVal, ARG_instr5, ARG_codeBlock));
+    exec->setException(createNotAFunctionError(exec, funcVal, ARG_instr4, ARG_codeBlock));
     VM_CHECK_EXCEPTION_AT_END();
     return 0;
@@ -4479 +4522 @@
 {
     ExecState* exec = ARG_exec;
-    Register* callFrame = ARG_r - ARG_codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
+    Register* callFrame = ARG_r;
 
     JSActivation* activation = static_cast<JSActivation*>(callFrame[RegisterFile::OptionalCalleeActivation].jsValue(exec));
@@ -4493 +4536 @@
     ExecState* exec = ARG_exec;
 
-    Register* callFrame = ARG_r - ARG_codeBlock->numLocals - RegisterFile::CallFrameHeaderSize;
+    Register* callFrame = ARG_r;
     ASSERT(*ARG_profilerReference);
     (*ARG_profilerReference)->didExecute(exec, static_cast<JSObject*>(callFrame[RegisterFile::Callee].jsValue(exec)));
@@ -4544 +4587 @@
     RegisterFile* registerFile = ARG_registerFile;
     Register* r = ARG_r;
-    ScopeChainNode* scopeChain = ARG_scopeChain;
-
-    JSValue* exceptionValue = 0;
+
     Register* registerBase = registerFile->base();
     
@@ -4552 +4593 @@
     JSValue* constrProtoVal = ARG_src2;
     int firstArg = ARG_int3;
-    int argCount = ARG_int4;
-
+    int registerOffset = ARG_int4;
+    int argCount = ARG_int5;
+
+#ifndef NDEBUG
     ConstructData constructData;
-#ifndef NDEBUG
-    ConstructType constructType =
+    ASSERT(constrVal->getConstructData(constructData) == ConstructTypeJS);
 #endif
-        constrVal->getConstructData(constructData);
-
-    // Removing this line of code causes a measurable regression on sunspider.
-    JSObject* constructor = static_cast<JSObject*>(constrVal);
-
-    ASSERT(constructType == ConstructTypeJS);
+
+    JSFunction* constructor = static_cast<JSFunction*>(constrVal);
 
     if (*ARG_profilerReference)
@@ -4572 +4610 @@
         structure = static_cast<JSObject*>(constrProtoVal)->inheritorID();
     else
-        structure = scopeChain->globalObject()->emptyObjectStructure();
+        structure = ARG_scopeChain->globalObject()->emptyObjectStructure();
     JSObject* newObject = new (exec) JSObject(structure);
 
-    ScopeChainNode* callDataScopeChain = constructData.js.scopeChain;
-    FunctionBodyNode* functionBodyNode = constructData.js.functionBody;
+    ScopeChainNode* callDataScopeChain = constructor->m_scopeChain.node();
+    FunctionBodyNode* functionBodyNode = constructor->m_body.get();
     CodeBlock* newCodeBlock = &functionBodyNode->byteCode(callDataScopeChain);
 
     r[firstArg] = newObject; // "this" value
 
-    Register* callFrame = r + firstArg - RegisterFile::CallFrameHeaderSize;
-    exec->m_callFrame = callFrame;
-
-    r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, firstArg, argCount, exceptionValue);
+    Register* savedR = r;
+
+    JSValue* exceptionValue = 0;
+    r = slideRegisterWindowForCall(exec, newCodeBlock, registerFile, registerBase, r, registerOffset, argCount, exceptionValue);
     JSVALUE_VM_CHECK_EXCEPTION_ARG(exceptionValue);
 
+    // RegisterFile::CallerCodeBlock is set by caller
+    r[RegisterFile::CallerScopeChain] = ARG_scopeChain;
+    r[RegisterFile::CallerRegisters] = savedR;
+    // RegisterFile::ReturnPC is set by callee
+    // RegisterFile::ReturnValueRegister is set by caller
+    r[RegisterFile::ArgumentCount] = argCount; // original argument count (for the sake of the "arguments" object)
+    r[RegisterFile::Callee] = constructor;
+    r[RegisterFile::OptionalCalleeActivation] = nullJSValue;
+
+    exec->m_callFrame = r;
     exec->m_scopeChain = callDataScopeChain;
 
@@ -4602 +4650 @@
     JSValue* constrVal = ARG_src1;
     int firstArg = ARG_int3;
-    int argCount = ARG_int4;
+    int argCount = ARG_int5;
 
     ConstructData constructData;
     ConstructType constructType = constrVal->getConstructData(constructData);
 
-    // Removing this line of code causes a measurable regression on squirrelfish.
     JSObject* constructor = static_cast<JSObject*>(constrVal);
 
-    ASSERT(constructType != ConstructTypeJS);
-
     if (constructType == ConstructTypeHost) {
-        Register* oldCallFrame = exec->m_callFrame;
-        Register* callFrame = r + firstArg - RegisterFile::CallFrameHeaderSize;
-        exec->m_callFrame = callFrame;
-
         if (*ARG_profilerReference)
             (*ARG_profilerReference)->willExecute(exec, constructor);
@@ -4625 +4666 @@
 
         JSValue* returnValue = constructData.native.function(exec, constructor, argList);
-        exec->m_callFrame = oldCallFrame;
         VM_CHECK_EXCEPTION(JSValue*);
 
@@ -4636 +4676 @@
     ASSERT(constructType == ConstructTypeNone);
 
-    exec->setException(createNotAConstructorError(exec, constrVal, ARG_instr5, ARG_codeBlock));
+    exec->setException(createNotAConstructorError(exec, constrVal, ARG_instr6, ARG_codeBlock));
     VM_CHECK_EXCEPTION_AT_END();
     return 0;
@@ -5194 +5234 @@
 
     Machine* machine = exec->machine();
-    JSValue* exceptionValue = 0;
     
     JSValue* funcVal = ARG_src1;
-    JSValue* baseVal = ARG_src2;
-    int firstArg = ARG_int3;
-    int argCount = ARG_int4;
+    int registerOffset = ARG_int2;
+    int argCount = ARG_int3;
+    JSValue* baseVal = ARG_src5;
 
     if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
         JSObject* thisObject = static_cast<JSObject*>(r[codeBlock->thisRegister].jsValue(exec));
-        JSValue* result = machine->callEval(exec, codeBlock, thisObject, scopeChain, registerFile,  r, firstArg, argCount, exceptionValue);
+        JSValue* exceptionValue = 0;
+        JSValue* result = machine->callEval(exec, codeBlock, thisObject, scopeChain, registerFile,  r, registerOffset - RegisterFile::CallFrameHeaderSize - argCount, argCount, exceptionValue);
         JSVALUE_VM_CHECK_EXCEPTION_ARG(exceptionValue);
         return result;