Changeset 40963 in webkit for trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

Timestamp:

Feb 12, 2009, 8:22:02 PM (16 years ago)

Author:

[email protected]

Message:

2009-02-12 Gavin Barraclough <​[email protected]>

Reviewed by Sam Weinig.

Remove (/reduce) use of hard-wired register names from the JIT.
Currently there is no abstraction of registers used in the JIT,
which has a number of negative consequences. Hard-wiring x86
register names makes the JIT less portable to other platforms,
and prevents us from performing dynamic register allocation to
attempt to maintain more temporary values in machine registers.
(The latter will be more important on x86-64, where we have more
registers to make use of).

Also, remove MacroAssembler::mod32. This was not providing a
useful abstraction, and was not in keeping with the rest of the
MacroAssembler interface, in having specific register requirements.

• assembler/MacroAssemblerX86Common.h:
• jit/JIT.cpp: (JSC::JIT::compileOpStrictEq): (JSC::JIT::emitSlowScriptCheck): (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases): (JSC::JIT::privateCompile): (JSC::JIT::privateCompileCTIMachineTrampolines):
• jit/JIT.h:
• jit/JITArithmetic.cpp: (JSC::JIT::compileFastArith_op_lshift): (JSC::JIT::compileFastArithSlow_op_lshift): (JSC::JIT::compileFastArith_op_rshift): (JSC::JIT::compileFastArithSlow_op_rshift): (JSC::JIT::compileFastArith_op_bitand): (JSC::JIT::compileFastArithSlow_op_bitand): (JSC::JIT::compileFastArith_op_mod): (JSC::JIT::compileFastArithSlow_op_mod): (JSC::JIT::compileFastArith_op_post_inc): (JSC::JIT::compileFastArithSlow_op_post_inc): (JSC::JIT::compileFastArith_op_post_dec): (JSC::JIT::compileFastArithSlow_op_post_dec): (JSC::JIT::compileFastArith_op_pre_inc): (JSC::JIT::compileFastArithSlow_op_pre_inc): (JSC::JIT::compileFastArith_op_pre_dec): (JSC::JIT::compileFastArithSlow_op_pre_dec): (JSC::JIT::compileFastArith_op_add): (JSC::JIT::compileFastArith_op_mul): (JSC::JIT::compileFastArith_op_sub): (JSC::JIT::compileBinaryArithOp):
• jit/JITCall.cpp: (JSC::JIT::compileOpCallInitializeCallFrame): (JSC::JIT::compileOpCallSetupArgs): (JSC::JIT::compileOpCallEvalSetupArgs): (JSC::JIT::compileOpConstructSetupArgs): (JSC::JIT::compileOpCall): (JSC::JIT::compileOpCallSlowCase):
• jit/JITInlineMethods.h: (JSC::JIT::emitGetVirtualRegister): (JSC::JIT::emitPutVirtualRegister): (JSC::JIT::emitNakedCall): (JSC::JIT::restoreArgumentReference): (JSC::JIT::restoreArgumentReferenceForTrampoline):
• jit/JITPropertyAccess.cpp: (JSC::JIT::compileGetByIdHotPath): (JSC::JIT::compilePutByIdHotPath): (JSC::JIT::compileGetByIdSlowCase): (JSC::JIT::compilePutByIdSlowCase): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::privateCompilePatchGetArrayLength): (JSC::JIT::privateCompileGetByIdSelf): (JSC::JIT::privateCompileGetByIdProto): (JSC::JIT::privateCompileGetByIdSelfList): (JSC::JIT::privateCompileGetByIdProtoList): (JSC::JIT::privateCompileGetByIdChainList): (JSC::JIT::privateCompileGetByIdChain): (JSC::JIT::privateCompilePutByIdReplace):

File:

• trunk/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (30 diffs)

trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -54 +54 @@
     // to jump back to if one of these trampolies finds a match.
 
-    emitGetVirtualRegister(baseVReg, X86::eax);
-
-    emitPutJITStubArg(X86::eax, 1);
+    emitGetVirtualRegister(baseVReg, regT0);
+
+    emitPutJITStubArg(regT0, 1);
     emitPutJITStubArgConstant(ident, 2);
     emitCTICall(Interpreter::cti_op_get_by_id_generic);
@@ -74 +74 @@
     // such that the Structure & offset are always at the same distance from this.
 
-    emitGetVirtualRegisters(baseVReg, X86::eax, valueVReg, X86::edx);
+    emitGetVirtualRegisters(baseVReg, regT0, valueVReg, regT1);
 
     emitPutJITStubArgConstant(ident, 2);
-    emitPutJITStubArg(X86::eax, 1);
-    emitPutJITStubArg(X86::edx, 3);
+    emitPutJITStubArg(regT0, 1);
+    emitPutJITStubArg(regT1, 3);
     emitCTICall(Interpreter::cti_op_put_by_id_generic);
 }
@@ -96 +96 @@
     // to jump back to if one of these trampolies finds a match.
 
-    emitGetVirtualRegister(baseVReg, X86::eax);
-
-    emitJumpSlowCaseIfNotJSCell(X86::eax, baseVReg);
+    emitGetVirtualRegister(baseVReg, regT0);
+
+    emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
 
     Label hotPathBegin(this);
@@ -104 +104 @@
 
     DataLabelPtr structureToCompare;
-    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(X86::eax, FIELD_OFFSET(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, FIELD_OFFSET(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
     addSlowCase(structureCheck);
     ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetGetByIdStructure);
     ASSERT(differenceBetween(hotPathBegin, structureCheck) == patchOffsetGetByIdBranchToSlowCase);
 
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSObject, m_propertyStorage)), X86::eax);
-    DataLabel32 displacementLabel = loadPtrWithAddressOffsetPatch(Address(X86::eax, patchGetByIdDefaultOffset), X86::eax);
+    loadPtr(Address(regT0, FIELD_OFFSET(JSObject, m_propertyStorage)), regT0);
+    DataLabel32 displacementLabel = loadPtrWithAddressOffsetPatch(Address(regT0, patchGetByIdDefaultOffset), regT0);
     ASSERT(differenceBetween(hotPathBegin, displacementLabel) == patchOffsetGetByIdPropertyMapOffset);
 
@@ -133 +133 @@
     Label coldPathBegin(this);
 #endif
-    emitPutJITStubArg(X86::eax, 1);
+    emitPutJITStubArg(regT0, 1);
     emitPutJITStubArgConstant(ident, 2);
     Call call = emitCTICall(Interpreter::cti_op_get_by_id);
@@ -150 +150 @@
     // such that the Structure & offset are always at the same distance from this.
 
-    emitGetVirtualRegisters(baseVReg, X86::eax, valueVReg, X86::edx);
+    emitGetVirtualRegisters(baseVReg, regT0, valueVReg, regT1);
 
     // Jump to a slow case if either the base object is an immediate, or if the Structure does not match.
-    emitJumpSlowCaseIfNotJSCell(X86::eax, baseVReg);
+    emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
 
     Label hotPathBegin(this);
@@ -160 +160 @@
     // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
     DataLabelPtr structureToCompare;
-    addSlowCase(branchPtrWithPatch(NotEqual, Address(X86::eax, FIELD_OFFSET(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
+    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, FIELD_OFFSET(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
     ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetPutByIdStructure);
 
     // Plant a load from a bogus ofset in the object's property map; we will patch this later, if it is to be used.
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSObject, m_propertyStorage)), X86::eax);
-    DataLabel32 displacementLabel = storePtrWithAddressOffsetPatch(X86::edx, Address(X86::eax, patchGetByIdDefaultOffset));
+    loadPtr(Address(regT0, FIELD_OFFSET(JSObject, m_propertyStorage)), regT0);
+    DataLabel32 displacementLabel = storePtrWithAddressOffsetPatch(regT1, Address(regT0, patchGetByIdDefaultOffset));
     ASSERT(differenceBetween(hotPathBegin, displacementLabel) == patchOffsetPutByIdPropertyMapOffset);
 }
@@ -175 +175 @@
 
     emitPutJITStubArgConstant(ident, 2);
-    emitPutJITStubArg(X86::eax, 1);
-    emitPutJITStubArg(X86::edx, 3);
+    emitPutJITStubArg(regT0, 1);
+    emitPutJITStubArg(regT1, 3);
     Call call = emitCTICall(Interpreter::cti_op_put_by_id);
 
@@ -198 +198 @@
     JumpList failureCases;
     // Check eax is an object of the right Structure.
-    failureCases.append(emitJumpIfNotJSCell(X86::eax));
-    failureCases.append(branchPtr(NotEqual, Address(X86::eax, FIELD_OFFSET(JSCell, m_structure)), ImmPtr(oldStructure)));
+    failureCases.append(emitJumpIfNotJSCell(regT0));
+    failureCases.append(branchPtr(NotEqual, Address(regT0, FIELD_OFFSET(JSCell, m_structure)), ImmPtr(oldStructure)));
     JumpList successCases;
 
     //  ecx = baseObject
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSCell, m_structure)), X86::ecx);
+    loadPtr(Address(regT0, FIELD_OFFSET(JSCell, m_structure)), regT2);
     // proto(ecx) = baseObject->structure()->prototype()
-    failureCases.append(branch32(NotEqual, Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo) + FIELD_OFFSET(TypeInfo, m_type)), Imm32(ObjectType)));
-
-    loadPtr(Address(X86::ecx, FIELD_OFFSET(Structure, m_prototype)), X86::ecx);
+    failureCases.append(branch32(NotEqual, Address(regT2, FIELD_OFFSET(Structure, m_typeInfo) + FIELD_OFFSET(TypeInfo, m_type)), Imm32(ObjectType)));
+
+    loadPtr(Address(regT2, FIELD_OFFSET(Structure, m_prototype)), regT2);
     
     // ecx = baseObject->m_structure
     for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
         // null check the prototype
-        successCases.append(branchPtr(Equal, X86::ecx, ImmPtr(JSValuePtr::encode(jsNull()))));
+        successCases.append(branchPtr(Equal, regT2, ImmPtr(JSValuePtr::encode(jsNull()))));
 
         // Check the structure id
-        failureCases.append(branchPtr(NotEqual, Address(X86::ecx, FIELD_OFFSET(JSCell, m_structure)), ImmPtr(it->get())));
+        failureCases.append(branchPtr(NotEqual, Address(regT2, FIELD_OFFSET(JSCell, m_structure)), ImmPtr(it->get())));
         
-        loadPtr(Address(X86::ecx, FIELD_OFFSET(JSCell, m_structure)), X86::ecx);
-        failureCases.append(branch32(NotEqual, Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo) + FIELD_OFFSET(TypeInfo, m_type)), Imm32(ObjectType)));
-        loadPtr(Address(X86::ecx, FIELD_OFFSET(Structure, m_prototype)), X86::ecx);
+        loadPtr(Address(regT2, FIELD_OFFSET(JSCell, m_structure)), regT2);
+        failureCases.append(branch32(NotEqual, Address(regT2, FIELD_OFFSET(Structure, m_typeInfo) + FIELD_OFFSET(TypeInfo, m_type)), Imm32(ObjectType)));
+        loadPtr(Address(regT2, FIELD_OFFSET(Structure, m_prototype)), regT2);
     }
 
@@ -230 +230 @@
         pop(X86::ebx);
 #if PLATFORM(X86_64)
-        move(Imm32(newStructure->propertyStorageCapacity()), X86::edx);
+        move(Imm32(newStructure->propertyStorageCapacity()), regT1);
         move(Imm32(oldStructure->propertyStorageCapacity()), X86::esi);
-        move(X86::eax, X86::edi);
+        move(regT0, X86::edi);
         callTarget = call();
 #else
         push(Imm32(newStructure->propertyStorageCapacity()));
         push(Imm32(oldStructure->propertyStorageCapacity()));
-        push(X86::eax);
+        push(regT0);
         callTarget = call();
         addPtr(Imm32(3 * sizeof(void*)), X86::esp);
 #endif
-        emitGetJITStubArg(3, X86::edx);
+        emitGetJITStubArg(3, regT1);
         push(X86::ebx);
     }
@@ -249 +249 @@
     sub32(Imm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
     add32(Imm32(1), AbsoluteAddress(newStructure->addressOfCount()));
-    storePtr(ImmPtr(newStructure), Address(X86::eax, FIELD_OFFSET(JSCell, m_structure)));
+    storePtr(ImmPtr(newStructure), Address(regT0, FIELD_OFFSET(JSCell, m_structure)));
 
     // write the value
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSObject, m_propertyStorage)), X86::eax);
-    storePtr(X86::edx, Address(X86::eax, cachedOffset * sizeof(JSValuePtr)));
+    loadPtr(Address(regT0, FIELD_OFFSET(JSObject, m_propertyStorage)), regT0);
+    storePtr(regT1, Address(regT0, cachedOffset * sizeof(JSValuePtr)));
 
     ret();
@@ -310 +310 @@
 
     // Check eax is an array
-    Jump failureCases1 = branchPtr(NotEqual, Address(X86::eax), ImmPtr(m_interpreter->m_jsArrayVptr));
+    Jump failureCases1 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_interpreter->m_jsArrayVptr));
 
     // Checks out okay! - get the length from the storage
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSArray, m_storage)), X86::ecx);
-    load32(Address(X86::ecx, FIELD_OFFSET(ArrayStorage, m_length)), X86::ecx);
-
-    Jump failureCases2 = branch32(Above, X86::ecx, Imm32(JSImmediate::maxImmediateInt));
-
-    emitFastArithIntToImmNoCheck(X86::ecx, X86::eax);
+    loadPtr(Address(regT0, FIELD_OFFSET(JSArray, m_storage)), regT2);
+    load32(Address(regT2, FIELD_OFFSET(ArrayStorage, m_length)), regT2);
+
+    Jump failureCases2 = branch32(Above, regT2, Imm32(JSImmediate::maxImmediateInt));
+
+    emitFastArithIntToImmNoCheck(regT2, regT0);
     Jump success = jump();
 
@@ -344 +344 @@
 {
     // Check eax is an object of the right Structure.
-    Jump failureCases1 = emitJumpIfNotJSCell(X86::eax);
-    Jump failureCases2 = checkStructure(X86::eax, structure);
+    Jump failureCases1 = emitJumpIfNotJSCell(regT0);
+    Jump failureCases2 = checkStructure(regT0, structure);
 
     // Checks out okay! - getDirectOffset
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSObject, m_propertyStorage)), X86::eax);
-    loadPtr(Address(X86::eax, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(Address(regT0, FIELD_OFFSET(JSObject, m_propertyStorage)), regT0);
+    loadPtr(Address(regT0, cachedOffset * sizeof(JSValuePtr)), regT0);
     ret();
 
@@ -373 +373 @@
     JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
     PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    loadPtr(static_cast<void*>(protoPropertyStorage), X86::edx);
-
-    // Check eax is an object of the right Structure.
-    Jump failureCases1 = checkStructure(X86::eax, structure);
+    loadPtr(static_cast<void*>(protoPropertyStorage), regT1);
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = checkStructure(regT0, structure);
 
     // Check the prototype object's Structure had not changed.
     Structure** prototypeStructureAddress = &(protoObject->m_structure);
 #if PLATFORM(X86_64)
-    move(ImmPtr(prototypeStructure), X86::ebx);
-    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), X86::ebx);
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
 #else
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
@@ -388 +388 @@
 
     // Checks out okay! - getDirectOffset
-    loadPtr(Address(X86::edx, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(Address(regT1, cachedOffset * sizeof(JSValuePtr)), regT0);
 
     Jump success = jump();
@@ -415 +415 @@
     JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
     PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    loadPtr(protoPropertyStorage, X86::edx);
-
-    // Check eax is an object of the right Structure.
-    Jump failureCases1 = emitJumpIfNotJSCell(X86::eax);
-    Jump failureCases2 = checkStructure(X86::eax, structure);
+    loadPtr(protoPropertyStorage, regT1);
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = emitJumpIfNotJSCell(regT0);
+    Jump failureCases2 = checkStructure(regT0, structure);
 
     // Check the prototype object's Structure had not changed.
@@ -426 +426 @@
 
     // Checks out okay! - getDirectOffset
-    loadPtr(Address(X86::edx, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(Address(regT1, cachedOffset * sizeof(JSValuePtr)), regT0);
 
     ret();
@@ -446 +446 @@
 void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
 {
-    Jump failureCase = checkStructure(X86::eax, structure);
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSObject, m_propertyStorage)), X86::eax);
-    loadPtr(Address(X86::eax, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    Jump failureCase = checkStructure(regT0, structure);
+    loadPtr(Address(regT0, FIELD_OFFSET(JSObject, m_propertyStorage)), regT0);
+    loadPtr(Address(regT0, cachedOffset * sizeof(JSValuePtr)), regT0);
     Jump success = jump();
 
@@ -481 +481 @@
     JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
     PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    loadPtr(protoPropertyStorage, X86::edx);
-
-    // Check eax is an object of the right Structure.
-    Jump failureCases1 = checkStructure(X86::eax, structure);
+    loadPtr(protoPropertyStorage, regT1);
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = checkStructure(regT0, structure);
 
     // Check the prototype object's Structure had not changed.
     Structure** prototypeStructureAddress = &(protoObject->m_structure);
 #if PLATFORM(X86_64)
-    move(ImmPtr(prototypeStructure), X86::ebx);
-    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), X86::ebx);
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
 #else
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
@@ -496 +496 @@
 
     // Checks out okay! - getDirectOffset
-    loadPtr(Address(X86::edx, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(Address(regT1, cachedOffset * sizeof(JSValuePtr)), regT0);
 
     Jump success = jump();
@@ -529 +529 @@
 
     // Check eax is an object of the right Structure.
-    Jump baseObjectCheck = checkStructure(X86::eax, structure);
+    Jump baseObjectCheck = checkStructure(regT0, structure);
     bucketsOfFail.append(baseObjectCheck);
 
@@ -542 +542 @@
         Structure** prototypeStructureAddress = &(protoObject->m_structure);
 #if PLATFORM(X86_64)
-        move(ImmPtr(currStructure), X86::ebx);
-        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), X86::ebx));
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
 #else
         bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
@@ -551 +551 @@
 
     PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    loadPtr(protoPropertyStorage, X86::edx);
-    loadPtr(Address(X86::edx, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(protoPropertyStorage, regT1);
+    loadPtr(Address(regT1, cachedOffset * sizeof(JSValuePtr)), regT0);
     Jump success = jump();
 
@@ -590 +590 @@
 
     // Check eax is an object of the right Structure.
-    bucketsOfFail.append(checkStructure(X86::eax, structure));
+    bucketsOfFail.append(checkStructure(regT0, structure));
 
     Structure* currStructure = structure;
@@ -602 +602 @@
         Structure** prototypeStructureAddress = &(protoObject->m_structure);
 #if PLATFORM(X86_64)
-        move(ImmPtr(currStructure), X86::ebx);
-        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), X86::ebx));
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
 #else
         bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
@@ -611 +611 @@
 
     PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    loadPtr(protoPropertyStorage, X86::edx);
-    loadPtr(Address(X86::edx, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(protoPropertyStorage, regT1);
+    loadPtr(Address(regT1, cachedOffset * sizeof(JSValuePtr)), regT0);
     Jump success = jump();
 
@@ -637 +637 @@
 
     // Check eax is an object of the right Structure.
-    bucketsOfFail.append(emitJumpIfNotJSCell(X86::eax));
-    bucketsOfFail.append(checkStructure(X86::eax, structure));
+    bucketsOfFail.append(emitJumpIfNotJSCell(regT0));
+    bucketsOfFail.append(checkStructure(regT0, structure));
 
     Structure* currStructure = structure;
@@ -650 +650 @@
         Structure** prototypeStructureAddress = &(protoObject->m_structure);
 #if PLATFORM(X86_64)
-        move(ImmPtr(currStructure), X86::ebx);
-        bucketsOfFail.append(branchPtr(NotEqual, X86::ebx, AbsoluteAddress(prototypeStructureAddress)));
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, regT3, AbsoluteAddress(prototypeStructureAddress)));
 #else
         bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
@@ -659 +659 @@
 
     PropertyStorage* protoPropertyStorage = &protoObject->m_propertyStorage;
-    loadPtr(protoPropertyStorage, X86::edx);
-    loadPtr(Address(X86::edx, cachedOffset * sizeof(JSValuePtr)), X86::eax);
+    loadPtr(protoPropertyStorage, regT1);
+    loadPtr(Address(regT1, cachedOffset * sizeof(JSValuePtr)), regT0);
     ret();
 
@@ -676 +676 @@
 {
     // Check eax is an object of the right Structure.
-    Jump failureCases1 = emitJumpIfNotJSCell(X86::eax);
-    Jump failureCases2 = checkStructure(X86::eax, structure);
+    Jump failureCases1 = emitJumpIfNotJSCell(regT0);
+    Jump failureCases2 = checkStructure(regT0, structure);
 
     // checks out okay! - putDirectOffset
-    loadPtr(Address(X86::eax, FIELD_OFFSET(JSObject, m_propertyStorage)), X86::eax);
-    storePtr(X86::edx, Address(X86::eax, cachedOffset * sizeof(JSValuePtr)));
+    loadPtr(Address(regT0, FIELD_OFFSET(JSObject, m_propertyStorage)), regT0);
+    storePtr(regT1, Address(regT0, cachedOffset * sizeof(JSValuePtr)));
     ret();