Context Navigation

← Previous Change
Next Change →

JIT.cpp

Timestamp:

Dec 4, 2008, 3:10:21 AM (16 years ago)

Author:

[email protected]

Message:

2008-12-04 Gavin Barraclough <[email protected]>

Reviewed by Oliver Hunt.

Allow JIT to function without property access repatching and arithmetic optimizations.
Controlled by ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS and ENABLE_JIT_OPTIMIZE_ARITHMETIC switches.

https://bugs.webkit.org/show_bug.cgi?id=22643

JavaScriptCore.xcodeproj/project.pbxproj:
jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases):
jit/JIT.h:
jit/JITArithmetic.cpp: Copied from jit/JIT.cpp. (JSC::JIT::compileBinaryArithOp): (JSC::JIT::compileBinaryArithOpSlowCase):
jit/JITPropertyAccess.cpp: Copied from jit/JIT.cpp. (JSC::JIT::compileGetByIdHotPath): (JSC::JIT::compileGetByIdSlowCase): (JSC::JIT::compilePutByIdHotPath): (JSC::JIT::compilePutByIdSlowCase): (JSC::resizePropertyStorage): (JSC::transitionWillNeedStorageRealloc): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::patchGetByIdSelf): (JSC::JIT::patchPutByIdReplace): (JSC::JIT::privateCompilePatchGetArrayLength):
wtf/Platform.h:

File:

: 1 edited

trunk/JavaScriptCore/jit/JIT.cpp (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/jit/JIT.cpp

-              r38984
+              r38992
 namespace JSC {
-#if PLATFORM(MAC)
-static inline bool isSSE2Present()
+{
-    return true; // All X86 Macs are guaranteed to support at least SSE2
+}
-#else
-static bool isSSE2Present()
+{
-    static const int SSE2FeatureBit = 1 << 26;
-    struct SSE2Check {
-        SSE2Check()
+        {
-            int flags;
-#if COMPILER(MSVC)
-            _asm {
-                mov eax, 1 // cpuid function 1 gives us the standard feature set
-                cpuid;
-                mov flags, edx;
+            }
-#else
-            flags = 0;
-            // FIXME: Add GCC code to do above asm
-#endif
-            present = (flags & SSE2FeatureBit) != 0;
+        }
-        bool present;
-    };
-    static SSE2Check check;
-    return check.present;
+}
-#endif
 COMPILE_ASSERT(CTI_ARGS_code == 0xC, CTI_ARGS_code_is_C);
 …
+}
-/*
-  This is required since number representation is canonical - values representable as a JSImmediate should not be stored in a JSNumberCell.
-  In the common case, the double value from 'xmmSource' is written to the reusable JSNumberCell pointed to by 'jsNumberCell', then 'jsNumberCell'
-  is written to the output SF Register 'dst', and then a jump is planted (stored into *wroteJSNumberCell).
-  However if the value from xmmSource is representable as a JSImmediate, then the JSImmediate value will be written to the output, and flow
-  control will fall through from the code planted.
-*/
-void JIT::putDoubleResultToJSNumberCellOrJSImmediate(X86::XMMRegisterID xmmSource, X86::RegisterID jsNumberCell, unsigned dst, JmpSrc* wroteJSNumberCell,  X86::XMMRegisterID tempXmm, X86::RegisterID tempReg1, X86::RegisterID tempReg2)
+{
-    // convert (double -> JSImmediate -> double), and check if the value is unchanged - in which case the value is representable as a JSImmediate.
-    __ cvttsd2si_rr(xmmSource, tempReg1);
-    __ addl_rr(tempReg1, tempReg1);
-    __ sarl_i8r(1, tempReg1);
-    __ cvtsi2sd_rr(tempReg1, tempXmm);
-    // Compare & branch if immediate.
-    __ ucomis_rr(tempXmm, xmmSource);
-    JmpSrc resultIsImm = __ je();
-    JmpDst resultLookedLikeImmButActuallyIsnt = __ label();
-    // Store the result to the JSNumberCell and jump.
-    __ movsd_rm(xmmSource, FIELD_OFFSET(JSNumberCell, m_value), jsNumberCell);
-    if (jsNumberCell != X86::eax)
-        __ movl_rr(jsNumberCell, X86::eax);
-    emitPutVirtualRegister(dst);
-    *wroteJSNumberCell = __ jmp();
-    __ link(resultIsImm, __ label());
-    // value == (double)(JSImmediate)value... or at least, it looks that way...
-    // ucomi will report that (0 == -0), and will report true if either input in NaN (result is unordered).
-    __ link(__ jp(), resultLookedLikeImmButActuallyIsnt); // Actually was a NaN
-    __ pextrw_irr(3, xmmSource, tempReg2);
-    __ cmpl_i32r(0x8000, tempReg2);
-    __ link(__ je(), resultLookedLikeImmButActuallyIsnt); // Actually was -0
-    // Yes it really really really is representable as a JSImmediate.
-    emitFastArithIntToImmNoCheck(tempReg1);
-    if (tempReg1 != X86::eax)
-        __ movl_rr(tempReg1, X86::eax);
-    emitPutVirtualRegister(dst);
+}
-void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes types, unsigned i)
+{
-    Structure* numberStructure = m_globalData->numberStructure.get();
-    JmpSrc wasJSNumberCell1;
-    JmpSrc wasJSNumberCell1b;
-    JmpSrc wasJSNumberCell2;
-    JmpSrc wasJSNumberCell2b;
-    emitGetVirtualRegisters(src1, X86::eax, src2, X86::edx, i);
-    if (types.second().isReusable() && isSSE2Present()) {
-        ASSERT(types.second().mightBeNumber());
-        // Check op2 is a number
-        __ testl_i32r(JSImmediate::TagBitTypeInteger, X86::edx);
-        JmpSrc op2imm = __ jne();
-        if (!types.second().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(X86::edx, i, src2);
-            __ cmpl_i32m(reinterpret_cast<unsigned>(numberStructure), FIELD_OFFSET(JSCell, m_structure), X86::edx);
-            m_slowCases.append(SlowCaseEntry(__ jne(), i));
+        }
-        // (1) In this case src2 is a reusable number cell.
-        //     Slow case if src1 is not a number type.
-        __ testl_i32r(JSImmediate::TagBitTypeInteger, X86::eax);
-        JmpSrc op1imm = __ jne();
-        if (!types.first().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(X86::eax, i, src1);
-            __ cmpl_i32m(reinterpret_cast<unsigned>(numberStructure), FIELD_OFFSET(JSCell, m_structure), X86::eax);
-            m_slowCases.append(SlowCaseEntry(__ jne(), i));
+        }
-        // (1a) if we get here, src1 is also a number cell
-        __ movsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::eax, X86::xmm0);
-        JmpSrc loadedDouble = __ jmp();
-        // (1b) if we get here, src1 is an immediate
-        __ link(op1imm, __ label());
-        emitFastArithImmToInt(X86::eax);
-        __ cvtsi2sd_rr(X86::eax, X86::xmm0);
-        // (1c)
-        __ link(loadedDouble, __ label());
-        if (opcodeID == op_add)
-            __ addsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::edx, X86::xmm0);
-        else if (opcodeID == op_sub)
-            __ subsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::edx, X86::xmm0);
-        else {
-            ASSERT(opcodeID == op_mul);
-            __ mulsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::edx, X86::xmm0);
+        }
-        putDoubleResultToJSNumberCellOrJSImmediate(X86::xmm0, X86::edx, dst, &wasJSNumberCell2, X86::xmm1, X86::ecx, X86::eax);
-        wasJSNumberCell2b = __ jmp();
-        // (2) This handles cases where src2 is an immediate number.
-        //     Two slow cases - either src1 isn't an immediate, or the subtract overflows.
-        __ link(op2imm, __ label());
-        emitJumpSlowCaseIfNotImmNum(X86::eax, i);
-    } else if (types.first().isReusable() && isSSE2Present()) {
-        ASSERT(types.first().mightBeNumber());
-        // Check op1 is a number
-        __ testl_i32r(JSImmediate::TagBitTypeInteger, X86::eax);
-        JmpSrc op1imm = __ jne();
-        if (!types.first().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(X86::eax, i, src1);
-            __ cmpl_i32m(reinterpret_cast<unsigned>(numberStructure), FIELD_OFFSET(JSCell, m_structure), X86::eax);
-            m_slowCases.append(SlowCaseEntry(__ jne(), i));
+        }
-        // (1) In this case src1 is a reusable number cell.
-        //     Slow case if src2 is not a number type.
-        __ testl_i32r(JSImmediate::TagBitTypeInteger, X86::edx);
-        JmpSrc op2imm = __ jne();
-        if (!types.second().definitelyIsNumber()) {
-            emitJumpSlowCaseIfNotJSCell(X86::edx, i, src2);
-            __ cmpl_i32m(reinterpret_cast<unsigned>(numberStructure), FIELD_OFFSET(JSCell, m_structure), X86::edx);
-            m_slowCases.append(SlowCaseEntry(__ jne(), i));
+        }
-        // (1a) if we get here, src2 is also a number cell
-        __ movsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::edx, X86::xmm1);
-        JmpSrc loadedDouble = __ jmp();
-        // (1b) if we get here, src2 is an immediate
-        __ link(op2imm, __ label());
-        emitFastArithImmToInt(X86::edx);
-        __ cvtsi2sd_rr(X86::edx, X86::xmm1);
-        // (1c)
-        __ link(loadedDouble, __ label());
-        __ movsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::eax, X86::xmm0);
-        if (opcodeID == op_add)
-            __ addsd_rr(X86::xmm1, X86::xmm0);
-        else if (opcodeID == op_sub)
-            __ subsd_rr(X86::xmm1, X86::xmm0);
-        else {
-            ASSERT(opcodeID == op_mul);
-            __ mulsd_rr(X86::xmm1, X86::xmm0);
+        }
-        __ movsd_rm(X86::xmm0, FIELD_OFFSET(JSNumberCell, m_value), X86::eax);
-        emitPutVirtualRegister(dst);
-        putDoubleResultToJSNumberCellOrJSImmediate(X86::xmm0, X86::eax, dst, &wasJSNumberCell1, X86::xmm1, X86::ecx, X86::edx);
-        wasJSNumberCell1b = __ jmp();
-        // (2) This handles cases where src1 is an immediate number.
-        //     Two slow cases - either src2 isn't an immediate, or the subtract overflows.
-        __ link(op1imm, __ label());
-        emitJumpSlowCaseIfNotImmNum(X86::edx, i);
-    } else
-        emitJumpSlowCaseIfNotImmNums(X86::eax, X86::edx, i);
-    if (opcodeID == op_add) {
-        emitFastArithDeTagImmediate(X86::eax);
-        __ addl_rr(X86::edx, X86::eax);
-        m_slowCases.append(SlowCaseEntry(__ jo(), i));
-    } else  if (opcodeID == op_sub) {
-        __ subl_rr(X86::edx, X86::eax);
-        m_slowCases.append(SlowCaseEntry(__ jo(), i));
-        emitFastArithReTagImmediate(X86::eax);
-    } else {
-        ASSERT(opcodeID == op_mul);
-        // convert eax & edx from JSImmediates to ints, and check if either are zero
-        emitFastArithImmToInt(X86::edx);
-        JmpSrc op1Zero = emitFastArithDeTagImmediateJumpIfZero(X86::eax);
-        __ testl_rr(X86::edx, X86::edx);
-        JmpSrc op2NonZero = __ jne();
-        __ link(op1Zero, __ label());
-        // if either input is zero, add the two together, and check if the result is < 0.
-        // If it is, we have a problem (N < 0), (N * 0) == -0, not representatble as a JSImmediate.
-        __ movl_rr(X86::eax, X86::ecx);
-        __ addl_rr(X86::edx, X86::ecx);
-        m_slowCases.append(SlowCaseEntry(__ js(), i));
-        // Skip the above check if neither input is zero
-        __ link(op2NonZero, __ label());
-        __ imull_rr(X86::edx, X86::eax);
-        m_slowCases.append(SlowCaseEntry(__ jo(), i));
-        emitFastArithReTagImmediate(X86::eax);
+    }
-    emitPutVirtualRegister(dst);
-    if (types.second().isReusable() && isSSE2Present()) {
-        __ link(wasJSNumberCell2, __ label());
-        __ link(wasJSNumberCell2b, __ label());
+    }
-    else if (types.first().isReusable() && isSSE2Present()) {
-        __ link(wasJSNumberCell1, __ label());
-        __ link(wasJSNumberCell1b, __ label());
+    }
+}
-void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, unsigned dst, unsigned src1, unsigned src2, OperandTypes types, unsigned i)
+{
-    JmpDst here = __ label();
-    __ link(iter->from, here);
-    if (types.second().isReusable() && isSSE2Present()) {
-        if (!types.first().definitelyIsNumber()) {
-            if (linkSlowCaseIfNotJSCell(++iter, src1))
-                ++iter;
-            __ link(iter->from, here);
+        }
-        if (!types.second().definitelyIsNumber()) {
-            if (linkSlowCaseIfNotJSCell(++iter, src2))
-                ++iter;
-            __ link(iter->from, here);
+        }
-        __ link((++iter)->from, here);
-    } else if (types.first().isReusable() && isSSE2Present()) {
-        if (!types.first().definitelyIsNumber()) {
-            if (linkSlowCaseIfNotJSCell(++iter, src1))
-                ++iter;
-            __ link(iter->from, here);
+        }
-        if (!types.second().definitelyIsNumber()) {
-            if (linkSlowCaseIfNotJSCell(++iter, src2))
-                ++iter;
-            __ link(iter->from, here);
+        }
-        __ link((++iter)->from, here);
-    } else
-        __ link((++iter)->from, here);
-    // additional entry point to handle -0 cases.
-    if (opcodeID == op_mul)
-        __ link((++iter)->from, here);
-    emitPutCTIArgFromVirtualRegister(src1, 0, X86::ecx);
-    emitPutCTIArgFromVirtualRegister(src2, 4, X86::ecx);
-    if (opcodeID == op_add)
-        emitCTICall(i, Interpreter::cti_op_add);
-    else if (opcodeID == op_sub)
-        emitCTICall(i, Interpreter::cti_op_sub);
-    else {
-        ASSERT(opcodeID == op_mul);
-        emitCTICall(i, Interpreter::cti_op_mul);
+    }
-    emitPutVirtualRegister(dst);
+}
 void JIT::privateCompileMainPass()
+{
 …
+        }
         case op_put_by_id: {
+            // In order to be able to repatch both the Structure, and the object offset, we store one pointer,
+            // to just after the arguments have been loaded into registers 'hotPathBegin', and we generate code
+            // such that the Structure & offset are always at the same distance from this.
+            int baseVReg = instruction[i + 1].u.operand;
+            emitGetVirtualRegisters(baseVReg, X86::eax, instruction[i + 3].u.operand, X86::edx, i);
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].bytecodeIndex == i);
+            // Jump to a slow case if either the base object is an immediate, or if the Structure does not match.
+            emitJumpSlowCaseIfNotJSCell(X86::eax, i, baseVReg);
+            JmpDst hotPathBegin = __ label();
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+            ++propertyAccessInstructionIndex;
+            // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
+            __ cmpl_i32m(repatchGetByIdDefaultStructure, FIELD_OFFSET(JSCell, m_structure), X86::eax);
+            ASSERT(X86Assembler::getDifferenceBetweenLabels(hotPathBegin, __ label()) == repatchOffsetPutByIdStructure);
+            m_slowCases.append(SlowCaseEntry(__ jne(), i));
+            // Plant a load from a bogus ofset in the object's property map; we will patch this later, if it is to be used.
+            __ movl_mr(FIELD_OFFSET(JSObject, m_propertyStorage), X86::eax, X86::eax);
+            __ movl_rm(X86::edx, repatchGetByIdDefaultOffset, X86::eax);
+            ASSERT(X86Assembler::getDifferenceBetweenLabels(hotPathBegin, __ label()) == repatchOffsetPutByIdPropertyMapOffset);
+            compilePutByIdHotPath(instruction[i + 1].u.operand, &(m_codeBlock->identifiers[instruction[i + 2].u.operand]), instruction[i + 3].u.operand, i, propertyAccessInstructionIndex++);
             i += 8;
             break;
+        }
         case op_get_by_id: {
+            // As for put_by_id, get_by_id requires the offset of the Structure and the offset of the access to be repatched.
+            // Additionally, for get_by_id we need repatch the offset of the branch to the slow case (we repatch this to jump
+            // to array-length / prototype access tranpolines, and finally we also the the property-map access offset as a label
+            // to jump back to if one of these trampolies finds a match.
+            int baseVReg = instruction[i + 2].u.operand;
+            emitGetVirtualRegister(baseVReg, X86::eax, i);
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].bytecodeIndex == i);
+            emitJumpSlowCaseIfNotJSCell(X86::eax, i, baseVReg);
+            JmpDst hotPathBegin = __ label();
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+            ++propertyAccessInstructionIndex;
+            __ cmpl_i32m(repatchGetByIdDefaultStructure, FIELD_OFFSET(JSCell, m_structure), X86::eax);
+            ASSERT(X86Assembler::getDifferenceBetweenLabels(hotPathBegin, __ label()) == repatchOffsetGetByIdStructure);
+            m_slowCases.append(SlowCaseEntry(__ jne(), i));
+            ASSERT(X86Assembler::getDifferenceBetweenLabels(hotPathBegin, __ label()) == repatchOffsetGetByIdBranchToSlowCase);
+            __ movl_mr(FIELD_OFFSET(JSObject, m_propertyStorage), X86::eax, X86::eax);
+            __ movl_mr(repatchGetByIdDefaultOffset, X86::eax, X86::eax);
+            ASSERT(X86Assembler::getDifferenceBetweenLabels(hotPathBegin, __ label()) == repatchOffsetGetByIdPropertyMapOffset);
+            emitPutVirtualRegister(instruction[i + 1].u.operand);
+            compileGetByIdHotPath(instruction[i + 1].u.operand, instruction[i + 2].u.operand, &(m_codeBlock->identifiers[instruction[i + 3].u.operand]), i, propertyAccessInstructionIndex++);
             i += 8;
             break;
 …
+        }
         case op_put_by_id: {
+            if (linkSlowCaseIfNotJSCell(iter, instruction[i + 1].u.operand))
+                ++iter;
+            __ link(iter->from, __ label());
+            Identifier* ident = &(m_codeBlock->identifiers[instruction[i + 2].u.operand]);
+            emitPutCTIArgConstant(reinterpret_cast<unsigned>(ident), 4);
+            emitPutCTIArg(X86::eax, 0);
+            emitPutCTIArg(X86::edx, 8);
+            JmpSrc call = emitCTICall(i, Interpreter::cti_op_put_by_id);
+            // Track the location of the call; this will be used to recover repatch information.
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].bytecodeIndex == i);
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+            ++propertyAccessInstructionIndex;
+            compilePutByIdSlowCase(instruction[i + 1].u.operand, &(m_codeBlock->identifiers[instruction[i + 2].u.operand]), instruction[i + 3].u.operand, i, iter, propertyAccessInstructionIndex++);
             i += 8;
             break;
+        }
         case op_get_by_id: {
+            // As for the hot path of get_by_id, above, we ensure that we can use an architecture specific offset
+            // so that we only need track one pointer into the slow case code - we track a pointer to the location
+            // of the call (which we can use to look up the repatch information), but should a array-length or
+            // prototype access trampoline fail we want to bail out back to here.  To do so we can subtract back
+            // the distance from the call to the head of the slow case.
+            if (linkSlowCaseIfNotJSCell(iter, instruction[i + 2].u.operand))
+                ++iter;
+            __ link(iter->from, __ label());
+#ifndef NDEBUG
+            JmpDst coldPathBegin = __ label();
+#endif
+            emitPutCTIArg(X86::eax, 0);
+            Identifier* ident = &(m_codeBlock->identifiers[instruction[i + 3].u.operand]);
+            emitPutCTIArgConstant(reinterpret_cast<unsigned>(ident), 4);
+            JmpSrc call = emitCTICall(i, Interpreter::cti_op_get_by_id);
+            ASSERT(X86Assembler::getDifferenceBetweenLabels(coldPathBegin, call) == repatchOffsetGetByIdSlowCaseCall);
+            emitPutVirtualRegister(instruction[i + 1].u.operand);
+            // Track the location of the call; this will be used to recover repatch information.
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].bytecodeIndex == i);
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+            ++propertyAccessInstructionIndex;
+            compileGetByIdSlowCase(instruction[i + 1].u.operand, instruction[i + 2].u.operand, &(m_codeBlock->identifiers[instruction[i + 3].u.operand]), i, iter, propertyAccessInstructionIndex++);
             i += 8;
             break;
 …
+}
-void JIT::privateCompileGetByIdSelf(Structure* structure, size_t cachedOffset, void* returnAddress)
+{
-    // Check eax is an object of the right Structure.
-    __ testl_i32r(JSImmediate::TagMask, X86::eax);
-    JmpSrc failureCases1 = __ jne();
-    JmpSrc failureCases2 = checkStructure(X86::eax, structure);
-    // Checks out okay! - getDirectOffset
-    __ movl_mr(FIELD_OFFSET(JSObject, m_propertyStorage), X86::eax, X86::eax);
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::eax, X86::eax);
-    __ ret();
-    void* code = __ executableCopy();
-    X86Assembler::link(code, failureCases1, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_self_fail));
-    X86Assembler::link(code, failureCases2, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_self_fail));
-    m_codeBlock->getStubInfo(returnAddress).stubRoutine = code;
-    ctiRepatchCallByReturnAddress(returnAddress, code);
+}
-void JIT::privateCompileGetByIdProto(Structure* structure, Structure* prototypeStructure, size_t cachedOffset, void* returnAddress, CallFrame* callFrame)
+{
-#if USE(CTI_REPATCH_PIC)
-    StructureStubInfo& info = m_codeBlock->getStubInfo(returnAddress);
-    // We don't want to repatch more than once - in future go to cti_op_put_by_id_generic.
-    ctiRepatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_proto_list));
-    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
-    // referencing the prototype object - let's speculatively load it's table nice and early!)
-    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
-    PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    __ movl_mr(static_cast<void*>(protoPropertyStorage), X86::edx);
-    // Check eax is an object of the right Structure.
-    JmpSrc failureCases1 = checkStructure(X86::eax, structure);
-    // Check the prototype object's Structure had not changed.
-    Structure** prototypeStructureAddress = &(protoObject->m_structure);
-    __ cmpl_i32m(reinterpret_cast<uint32_t>(prototypeStructure), prototypeStructureAddress);
-    JmpSrc failureCases2 = __ jne();
-    // Checks out okay! - getDirectOffset
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::edx, X86::eax);
-    JmpSrc success = __ jmp();
-    void* code = __ executableCopy();
-    // Use the repatch information to link the failure cases back to the original slow case routine.
-    void* slowCaseBegin = reinterpret_cast<char*>(info.callReturnLocation) - repatchOffsetGetByIdSlowCaseCall;
-    X86Assembler::link(code, failureCases1, slowCaseBegin);
-    X86Assembler::link(code, failureCases2, slowCaseBegin);
-    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
-    intptr_t successDest = reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset;
-    X86Assembler::link(code, success, reinterpret_cast<void*>(successDest));
-    // Track the stub we have created so that it will be deleted later.
-    info.stubRoutine = code;
-    // Finally repatch the jump to slow case back in the hot path to jump here instead.
-    intptr_t jmpLocation = reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdBranchToSlowCase;
-    X86Assembler::repatchBranchOffset(jmpLocation, code);
-#else
-    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
-    // referencing the prototype object - let's speculatively load it's table nice and early!)
-    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
-    PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    __ movl_mr(static_cast<void*>(protoPropertyStorage), X86::edx);
-    // Check eax is an object of the right Structure.
-    __ testl_i32r(JSImmediate::TagMask, X86::eax);
-    JmpSrc failureCases1 = __ jne();
-    JmpSrc failureCases2 = checkStructure(X86::eax, structure);
-    // Check the prototype object's Structure had not changed.
-    Structure** prototypeStructureAddress = &(protoObject->m_structure);
-    __ cmpl_i32m(reinterpret_cast<uint32_t>(prototypeStructure), prototypeStructureAddress);
-    JmpSrc failureCases3 = __ jne();
-    // Checks out okay! - getDirectOffset
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::edx, X86::eax);
-    __ ret();
-    void* code = __ executableCopy();
-    X86Assembler::link(code, failureCases1, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_proto_fail));
-    X86Assembler::link(code, failureCases2, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_proto_fail));
-    X86Assembler::link(code, failureCases3, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_proto_fail));
-    m_codeBlock->getStubInfo(returnAddress).stubRoutine = code;
-    ctiRepatchCallByReturnAddress(returnAddress, code);
-#endif
+}
-#if USE(CTI_REPATCH_PIC)
-void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
+{
-    JmpSrc failureCase = checkStructure(X86::eax, structure);
-    __ movl_mr(FIELD_OFFSET(JSObject, m_propertyStorage), X86::eax, X86::eax);
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::eax, X86::eax);
-    JmpSrc success = __ jmp();
-    void* code = __ executableCopy();
-    ASSERT(code);
-    // Use the repatch information to link the failure cases back to the original slow case routine.
-    void* lastProtoBegin = polymorphicStructures->list[currentIndex - 1].stubRoutine;
-    if (!lastProtoBegin)
-        lastProtoBegin = reinterpret_cast<char*>(stubInfo->callReturnLocation) - repatchOffsetGetByIdSlowCaseCall;
-    X86Assembler::link(code, failureCase, lastProtoBegin);
-    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
-    intptr_t successDest = reinterpret_cast<intptr_t>(stubInfo->hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset;
-    X86Assembler::link(code, success, reinterpret_cast<void*>(successDest));
-    structure->ref();
-    polymorphicStructures->list[currentIndex].set(cachedOffset, code, structure);
-    // Finally repatch the jump to slow case back in the hot path to jump here instead.
-    intptr_t jmpLocation = reinterpret_cast<intptr_t>(stubInfo->hotPathBegin) + repatchOffsetGetByIdBranchToSlowCase;
-    X86Assembler::repatchBranchOffset(jmpLocation, code);
+}
-void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame)
+{
-    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
-    // referencing the prototype object - let's speculatively load it's table nice and early!)
-    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
-    PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    __ movl_mr(static_cast<void*>(protoPropertyStorage), X86::edx);
-    // Check eax is an object of the right Structure.
-    JmpSrc failureCases1 = checkStructure(X86::eax, structure);
-    // Check the prototype object's Structure had not changed.
-    Structure** prototypeStructureAddress = &(protoObject->m_structure);
-    __ cmpl_i32m(reinterpret_cast<uint32_t>(prototypeStructure), prototypeStructureAddress);
-    JmpSrc failureCases2 = __ jne();
-    // Checks out okay! - getDirectOffset
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::edx, X86::eax);
-    JmpSrc success = __ jmp();
-    void* code = __ executableCopy();
-    // Use the repatch information to link the failure cases back to the original slow case routine.
-    void* lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
-    X86Assembler::link(code, failureCases1, lastProtoBegin);
-    X86Assembler::link(code, failureCases2, lastProtoBegin);
-    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
-    intptr_t successDest = reinterpret_cast<intptr_t>(stubInfo->hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset;
-    X86Assembler::link(code, success, reinterpret_cast<void*>(successDest));
-    structure->ref();
-    prototypeStructure->ref();
-    prototypeStructures->list[currentIndex].set(cachedOffset, code, structure, prototypeStructure);
-    // Finally repatch the jump to slow case back in the hot path to jump here instead.
-    intptr_t jmpLocation = reinterpret_cast<intptr_t>(stubInfo->hotPathBegin) + repatchOffsetGetByIdBranchToSlowCase;
-    X86Assembler::repatchBranchOffset(jmpLocation, code);
+}
-void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame)
+{
-    ASSERT(count);
-    Vector<JmpSrc> bucketsOfFail;
-    // Check eax is an object of the right Structure.
-    bucketsOfFail.append(checkStructure(X86::eax, structure));
-    Structure* currStructure = structure;
-    RefPtr<Structure>* chainEntries = chain->head();
-    JSObject* protoObject = 0;
-    for (unsigned i = 0; i < count; ++i) {
-        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
-        currStructure = chainEntries[i].get();
-        // Check the prototype object's Structure had not changed.
-        Structure** prototypeStructureAddress = &(protoObject->m_structure);
-        __ cmpl_i32m(reinterpret_cast<uint32_t>(currStructure), prototypeStructureAddress);
-        bucketsOfFail.append(__ jne());
+    }
-    ASSERT(protoObject);
-    PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    __ movl_mr(static_cast<void*>(protoPropertyStorage), X86::edx);
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::edx, X86::eax);
-    JmpSrc success = __ jmp();
-    void* code = __ executableCopy();
-    // Use the repatch information to link the failure cases back to the original slow case routine.
-    void* lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
-    for (unsigned i = 0; i < bucketsOfFail.size(); ++i)
-        X86Assembler::link(code, bucketsOfFail[i], lastProtoBegin);
-    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
-    intptr_t successDest = reinterpret_cast<intptr_t>(stubInfo->hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset;
-    X86Assembler::link(code, success, reinterpret_cast<void*>(successDest));
-    // Track the stub we have created so that it will be deleted later.
-    structure->ref();
-    chain->ref();
-    prototypeStructures->list[currentIndex].set(cachedOffset, code, structure, chain);
-    // Finally repatch the jump to slow case back in the hot path to jump here instead.
-    intptr_t jmpLocation = reinterpret_cast<intptr_t>(stubInfo->hotPathBegin) + repatchOffsetGetByIdBranchToSlowCase;
-    X86Assembler::repatchBranchOffset(jmpLocation, code);
+}
-#endif
-void JIT::privateCompileGetByIdChain(Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, void* returnAddress, CallFrame* callFrame)
+{
-#if USE(CTI_REPATCH_PIC)
-    StructureStubInfo& info = m_codeBlock->getStubInfo(returnAddress);
-    // We don't want to repatch more than once - in future go to cti_op_put_by_id_generic.
-    ctiRepatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_proto_list));
-    ASSERT(count);
-    Vector<JmpSrc> bucketsOfFail;
-    // Check eax is an object of the right Structure.
-    bucketsOfFail.append(checkStructure(X86::eax, structure));
-    Structure* currStructure = structure;
-    RefPtr<Structure>* chainEntries = chain->head();
-    JSObject* protoObject = 0;
-    for (unsigned i = 0; i < count; ++i) {
-        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
-        currStructure = chainEntries[i].get();
-        // Check the prototype object's Structure had not changed.
-        Structure** prototypeStructureAddress = &(protoObject->m_structure);
-        __ cmpl_i32m(reinterpret_cast<uint32_t>(currStructure), prototypeStructureAddress);
-        bucketsOfFail.append(__ jne());
+    }
-    ASSERT(protoObject);
-    PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    __ movl_mr(static_cast<void*>(protoPropertyStorage), X86::edx);
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::edx, X86::eax);
-    JmpSrc success = __ jmp();
-    void* code = __ executableCopy();
-    // Use the repatch information to link the failure cases back to the original slow case routine.
-    void* slowCaseBegin = reinterpret_cast<char*>(info.callReturnLocation) - repatchOffsetGetByIdSlowCaseCall;
-    for (unsigned i = 0; i < bucketsOfFail.size(); ++i)
-        X86Assembler::link(code, bucketsOfFail[i], slowCaseBegin);
-    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
-    intptr_t successDest = reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset;
-    X86Assembler::link(code, success, reinterpret_cast<void*>(successDest));
-    // Track the stub we have created so that it will be deleted later.
-    info.stubRoutine = code;
-    // Finally repatch the jump to slow case back in the hot path to jump here instead.
-    intptr_t jmpLocation = reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdBranchToSlowCase;
-    X86Assembler::repatchBranchOffset(jmpLocation, code);
-#else
-    ASSERT(count);
-    Vector<JmpSrc> bucketsOfFail;
-    // Check eax is an object of the right Structure.
-    __ testl_i32r(JSImmediate::TagMask, X86::eax);
-    bucketsOfFail.append(__ jne());
-    bucketsOfFail.append(checkStructure(X86::eax, structure));
-    Structure* currStructure = structure;
-    RefPtr<Structure>* chainEntries = chain->head();
-    JSObject* protoObject = 0;
-    for (unsigned i = 0; i < count; ++i) {
-        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
-        currStructure = chainEntries[i].get();
-        // Check the prototype object's Structure had not changed.
-        Structure** prototypeStructureAddress = &(protoObject->m_structure);
-        __ cmpl_i32m(reinterpret_cast<uint32_t>(currStructure), prototypeStructureAddress);
-        bucketsOfFail.append(__ jne());
+    }
-    ASSERT(protoObject);
-    PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    __ movl_mr(static_cast<void*>(protoPropertyStorage), X86::edx);
-    __ movl_mr(cachedOffset * sizeof(JSValue*), X86::edx, X86::eax);
-    __ ret();
-    void* code = __ executableCopy();
-    for (unsigned i = 0; i < bucketsOfFail.size(); ++i)
-        X86Assembler::link(code, bucketsOfFail[i], reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_proto_fail));
-    m_codeBlock->getStubInfo(returnAddress).stubRoutine = code;
-    ctiRepatchCallByReturnAddress(returnAddress, code);
-#endif
+}
-void JIT::privateCompilePutByIdReplace(Structure* structure, size_t cachedOffset, void* returnAddress)
+{
-    // Check eax is an object of the right Structure.
-    __ testl_i32r(JSImmediate::TagMask, X86::eax);
-    JmpSrc failureCases1 = __ jne();
-    JmpSrc failureCases2 = checkStructure(X86::eax, structure);
-    // checks out okay! - putDirectOffset
-    __ movl_mr(FIELD_OFFSET(JSObject, m_propertyStorage), X86::eax, X86::eax);
-    __ movl_rm(X86::edx, cachedOffset * sizeof(JSValue*), X86::eax);
-    __ ret();
-    void* code = __ executableCopy();
-    X86Assembler::link(code, failureCases1, reinterpret_cast<void*>(Interpreter::cti_op_put_by_id_fail));
-    X86Assembler::link(code, failureCases2, reinterpret_cast<void*>(Interpreter::cti_op_put_by_id_fail));
-    m_codeBlock->getStubInfo(returnAddress).stubRoutine = code;
-    ctiRepatchCallByReturnAddress(returnAddress, code);
+}
-extern "C" {
-    static JSObject* resizePropertyStorage(JSObject* baseObject, size_t oldSize, size_t newSize)
+    {
-        baseObject->allocatePropertyStorageInline(oldSize, newSize);
-        return baseObject;
+    }
+}
-static inline bool transitionWillNeedStorageRealloc(Structure* oldStructure, Structure* newStructure)
+{
-    return oldStructure->propertyStorageCapacity() != newStructure->propertyStorageCapacity();
+}
-void JIT::privateCompilePutByIdTransition(Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, void* returnAddress)
+{
-    Vector<JmpSrc, 16> failureCases;
-    // Check eax is an object of the right Structure.
-    __ testl_i32r(JSImmediate::TagMask, X86::eax);
-    failureCases.append(__ jne());
-    __ cmpl_i32m(reinterpret_cast<uint32_t>(oldStructure), FIELD_OFFSET(JSCell, m_structure), X86::eax);
-    failureCases.append(__ jne());
-    Vector<JmpSrc> successCases;
-    //  ecx = baseObject
-    __ movl_mr(FIELD_OFFSET(JSCell, m_structure), X86::eax, X86::ecx);
-    // proto(ecx) = baseObject->structure()->prototype()
-    __ cmpl_i32m(ObjectType, FIELD_OFFSET(Structure, m_typeInfo) + FIELD_OFFSET(TypeInfo, m_type), X86::ecx);
-    failureCases.append(__ jne());
-    __ movl_mr(FIELD_OFFSET(Structure, m_prototype), X86::ecx, X86::ecx);
-    // ecx = baseObject->m_structure
-    for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
-        // null check the prototype
-        __ cmpl_i32r(asInteger(jsNull()), X86::ecx);
-        successCases.append(__ je());
-        // Check the structure id
-        __ cmpl_i32m(reinterpret_cast<uint32_t>(it->get()), FIELD_OFFSET(JSCell, m_structure), X86::ecx);
-        failureCases.append(__ jne());
-        __ movl_mr(FIELD_OFFSET(JSCell, m_structure), X86::ecx, X86::ecx);
-        __ cmpl_i32m(ObjectType, FIELD_OFFSET(Structure, m_typeInfo) + FIELD_OFFSET(TypeInfo, m_type), X86::ecx);
-        failureCases.append(__ jne());
-        __ movl_mr(FIELD_OFFSET(Structure, m_prototype), X86::ecx, X86::ecx);
+    }
-    failureCases.append(__ jne());
-    for (unsigned i = 0; i < successCases.size(); ++i)
-        __ link(successCases[i], __ label());
-    JmpSrc callTarget;
-    // emit a call only if storage realloc is needed
-    if (transitionWillNeedStorageRealloc(oldStructure, newStructure)) {
-        __ pushl_r(X86::edx);
-        __ pushl_i32(newStructure->propertyStorageCapacity());
-        __ pushl_i32(oldStructure->propertyStorageCapacity());
-        __ pushl_r(X86::eax);
-        callTarget = __ call();
-        __ addl_i32r(3 * sizeof(void*), X86::esp);
-        __ popl_r(X86::edx);
+    }
-    // Assumes m_refCount can be decremented easily, refcount decrement is safe as
-    // codeblock should ensure oldStructure->m_refCount > 0
-    __ subl_i8m(1, reinterpret_cast<void*>(oldStructure));
-    __ addl_i8m(1, reinterpret_cast<void*>(newStructure));
-    __ movl_i32m(reinterpret_cast<uint32_t>(newStructure), FIELD_OFFSET(JSCell, m_structure), X86::eax);
-    // write the value
-    __ movl_mr(FIELD_OFFSET(JSObject, m_propertyStorage), X86::eax, X86::eax);
-    __ movl_rm(X86::edx, cachedOffset * sizeof(JSValue*), X86::eax);
-    __ ret();
-    JmpSrc failureJump;
-    if (failureCases.size()) {
-        for (unsigned i = 0; i < failureCases.size(); ++i)
-            __ link(failureCases[i], __ label());
-        __ restoreArgumentReferenceForTrampoline();
-        failureJump = __ jmp();
+    }
-    void* code = __ executableCopy();
-    if (failureCases.size())
-        X86Assembler::link(code, failureJump, reinterpret_cast<void*>(Interpreter::cti_op_put_by_id_fail));
-    if (transitionWillNeedStorageRealloc(oldStructure, newStructure))
-        X86Assembler::link(code, callTarget, reinterpret_cast<void*>(resizePropertyStorage));
-    m_codeBlock->getStubInfo(returnAddress).stubRoutine = code;
-    ctiRepatchCallByReturnAddress(returnAddress, code);
+}
 void JIT::privateCompileCTIMachineTrampolines()
+{
 …
+}
-void JIT::patchGetByIdSelf(CodeBlock* codeBlock, Structure* structure, size_t cachedOffset, void* returnAddress)
+{
-    StructureStubInfo& info = codeBlock->getStubInfo(returnAddress);
-    // We don't want to repatch more than once - in future go to cti_op_get_by_id_generic.
-    // Should probably go to Interpreter::cti_op_get_by_id_fail, but that doesn't do anything interesting right now.
-    ctiRepatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_self_fail));
-    // Repatch the offset into the propoerty map to load from, then repatch the Structure to look for.
-    X86Assembler::repatchDisplacement(reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset, cachedOffset * sizeof(JSValue*));
-    X86Assembler::repatchImmediate(reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdStructure, reinterpret_cast<uint32_t>(structure));
+}
-void JIT::patchPutByIdReplace(CodeBlock* codeBlock, Structure* structure, size_t cachedOffset, void* returnAddress)
+{
-    StructureStubInfo& info = codeBlock->getStubInfo(returnAddress);
-    // We don't want to repatch more than once - in future go to cti_op_put_by_id_generic.
-    // Should probably go to Interpreter::cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
-    ctiRepatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(Interpreter::cti_op_put_by_id_generic));
-    // Repatch the offset into the propoerty map to load from, then repatch the Structure to look for.
-    X86Assembler::repatchDisplacement(reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetPutByIdPropertyMapOffset, cachedOffset * sizeof(JSValue*));
-    X86Assembler::repatchImmediate(reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetPutByIdStructure, reinterpret_cast<uint32_t>(structure));
+}
-void JIT::privateCompilePatchGetArrayLength(void* returnAddress)
+{
-    StructureStubInfo& info = m_codeBlock->getStubInfo(returnAddress);
-    // We don't want to repatch more than once - in future go to cti_op_put_by_id_generic.
-    ctiRepatchCallByReturnAddress(returnAddress, reinterpret_cast<void*>(Interpreter::cti_op_get_by_id_array_fail));
-    // Check eax is an array
-    __ cmpl_i32m(reinterpret_cast<unsigned>(m_interpreter->m_jsArrayVptr), X86::eax);
-    JmpSrc failureCases1 = __ jne();
-    // Checks out okay! - get the length from the storage
-    __ movl_mr(FIELD_OFFSET(JSArray, m_storage), X86::eax, X86::ecx);
-    __ movl_mr(FIELD_OFFSET(ArrayStorage, m_length), X86::ecx, X86::ecx);
-    __ cmpl_i32r(JSImmediate::maxImmediateInt, X86::ecx);
-    JmpSrc failureCases2 = __ ja();
-    __ addl_rr(X86::ecx, X86::ecx);
-    __ addl_i8r(1, X86::ecx);
-    __ movl_rr(X86::ecx, X86::eax);
-    JmpSrc success = __ jmp();
-    void* code = __ executableCopy();
-    // Use the repatch information to link the failure cases back to the original slow case routine.
-    void* slowCaseBegin = reinterpret_cast<char*>(info.callReturnLocation) - repatchOffsetGetByIdSlowCaseCall;
-    X86Assembler::link(code, failureCases1, slowCaseBegin);
-    X86Assembler::link(code, failureCases2, slowCaseBegin);
-    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
-    intptr_t successDest = reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdPropertyMapOffset;
-    X86Assembler::link(code, success, reinterpret_cast<void*>(successDest));
-    // Track the stub we have created so that it will be deleted later.
-    m_codeBlock->getStubInfo(returnAddress).stubRoutine = code;
-    // Finally repatch the jump to sow case back in the hot path to jump here instead.
-    intptr_t jmpLocation = reinterpret_cast<intptr_t>(info.hotPathBegin) + repatchOffsetGetByIdBranchToSlowCase;
-    X86Assembler::repatchBranchOffset(jmpLocation, code);
+}
 void JIT::emitGetVariableObjectRegister(RegisterID variableObject, int index, RegisterID dst)
+{

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 38992 in webkit for trunk/JavaScriptCore/jit/JIT.cpp

Legend:

trunk/JavaScriptCore/jit/JIT.cpp

Download in other formats: