Changeset 46598 in webkit

Timestamp:

Jul 30, 2009, 1:57:44 PM (16 years ago)

Author:

[email protected]

Message:

Merged nitro-extreme branch into trunk.

Location:

trunk

Files:

• JavaScriptCore/API/APICast.h (modified) (3 diffs)
• JavaScriptCore/API/JSCallbackObjectFunctions.h (modified) (3 diffs)
• JavaScriptCore/API/tests/testapi.c (modified) (1 diff)
• JavaScriptCore/AllInOneFile.cpp (modified) (1 diff)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.exp (modified) (11 diffs)
• JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• JavaScriptCore/assembler/AbstractMacroAssembler.h (modified) (2 diffs)
• JavaScriptCore/assembler/MacroAssemblerX86.h (modified) (2 diffs)
• JavaScriptCore/assembler/MacroAssemblerX86Common.h (modified) (17 diffs)
• JavaScriptCore/assembler/MacroAssemblerX86_64.h (modified) (2 diffs)
• JavaScriptCore/assembler/X86Assembler.h (modified) (16 diffs)
• JavaScriptCore/bytecode/CodeBlock.cpp (modified) (5 diffs)
• JavaScriptCore/bytecode/CodeBlock.h (modified) (1 diff)
• JavaScriptCore/bytecode/Opcode.h (modified) (2 diffs)
• JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (5 diffs)
• JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (2 diffs)
• JavaScriptCore/interpreter/CallFrame.h (modified) (3 diffs)
• JavaScriptCore/interpreter/CallFrameClosure.h (modified) (1 diff)
• JavaScriptCore/interpreter/Interpreter.cpp (modified) (43 diffs)
• JavaScriptCore/interpreter/Register.h (modified) (7 diffs)
• JavaScriptCore/jit/JIT.cpp (modified) (18 diffs)
• JavaScriptCore/jit/JIT.h (modified) (8 diffs)
• JavaScriptCore/jit/JITArithmetic.cpp (modified) (64 diffs)
• JavaScriptCore/jit/JITCall.cpp (modified) (10 diffs)
• JavaScriptCore/jit/JITInlineMethods.h (modified) (3 diffs)
• JavaScriptCore/jit/JITOpcodes.cpp (modified) (59 diffs)
• JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (22 diffs)
• JavaScriptCore/jit/JITStubCall.h (modified) (4 diffs)
• JavaScriptCore/jit/JITStubs.cpp (modified) (52 diffs)
• JavaScriptCore/jit/JITStubs.h (modified) (10 diffs)
• JavaScriptCore/jsc.cpp (modified) (3 diffs)
• JavaScriptCore/parser/Nodes.cpp (modified) (8 diffs)
• JavaScriptCore/runtime/ArgList.h (modified) (1 diff)
• JavaScriptCore/runtime/Arguments.h (modified) (1 diff)
• JavaScriptCore/runtime/Collector.cpp (modified) (1 diff)
• JavaScriptCore/runtime/Collector.h (modified) (1 diff)
• JavaScriptCore/runtime/ExceptionHelpers.h (modified) (1 diff)
• JavaScriptCore/runtime/InitializeThreading.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSAPIValueWrapper.cpp (added)
• JavaScriptCore/runtime/JSAPIValueWrapper.h (added)
• JavaScriptCore/runtime/JSArray.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/JSCell.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSCell.h (modified) (7 diffs)
• JavaScriptCore/runtime/JSFunction.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSGlobalData.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSGlobalData.h (modified) (1 diff)
• JavaScriptCore/runtime/JSGlobalObject.h (modified) (2 diffs)
• JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSImmediate.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/JSImmediate.h (modified) (24 diffs)
• JavaScriptCore/runtime/JSNumberCell.cpp (modified) (4 diffs)
• JavaScriptCore/runtime/JSNumberCell.h (modified) (13 diffs)
• JavaScriptCore/runtime/JSObject.h (modified) (9 diffs)
• JavaScriptCore/runtime/JSString.h (modified) (2 diffs)
• JavaScriptCore/runtime/JSValue.cpp (modified) (4 diffs)
• JavaScriptCore/runtime/JSValue.h (modified) (12 diffs)
• JavaScriptCore/runtime/Operations.h (modified) (13 diffs)
• JavaScriptCore/runtime/PropertySlot.h (modified) (9 diffs)
• JavaScriptCore/runtime/StringPrototype.cpp (modified) (3 diffs)
• JavaScriptCore/wtf/MainThread.cpp (modified) (1 diff)
• JavaScriptCore/wtf/Platform.h (modified) (2 diffs)
• JavaScriptCore/wtf/StdLibExtras.h (modified) (1 diff)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/ForwardingHeaders/runtime/JSAPIValueWrapper.h (added)

trunk/JavaScriptCore/API/APICast.h

@@ -27 +27 @@
 #define APICast_h
 
-#include "JSNumberCell.h"
+#include "JSAPIValueWrapper.h"
 #include "JSValue.h"
 #include <wtf/Platform.h>
@@ -59 +59 @@
 }
 
-inline JSC::JSValue toJS(JSC::ExecState* exec, JSValueRef v)
+inline JSC::JSValue toJS(JSC::ExecState*, JSValueRef v)
 {
-    JSC::JSValue jsValue = JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
-#if USE(ALTERNATE_JSIMMEDIATE)
-    UNUSED_PARAM(exec);
+#if USE(JSVALUE32_64)
+    JSC::JSCell* jsCell = reinterpret_cast<JSC::JSCell*>(const_cast<OpaqueJSValue*>(v));
+    if (!jsCell)
+        return JSC::JSValue();
+    if (jsCell->isAPIValueWrapper())
+        return static_cast<JSC::JSAPIValueWrapper*>(jsCell)->value();
+    return jsCell;
 #else
-    if (jsValue && jsValue.isNumber()) {
-        ASSERT(jsValue.isAPIMangledNumber());
-        return JSC::jsNumber(exec, jsValue.uncheckedGetNumber());
-    }
+    return JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
 #endif
-    return jsValue;
 }
 
@@ -90 +90 @@
 inline JSValueRef toRef(JSC::ExecState* exec, JSC::JSValue v)
 {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE32_64)
+    if (!v)
+        return 0;
+    if (!v.isCell())
+        return reinterpret_cast<JSValueRef>(asCell(JSC::jsAPIValueWrapper(exec, v)));
+    return reinterpret_cast<JSValueRef>(asCell(v));
+#else
     UNUSED_PARAM(exec);
-#else
-    if (v && v.isNumber()) {
-        ASSERT(!v.isAPIMangledNumber());
-        return reinterpret_cast<JSValueRef>(JSC::JSValue::encode(JSC::jsAPIMangledNumber(exec, v.uncheckedGetNumber())));
-    }
+    return reinterpret_cast<JSValueRef>(JSC::JSValue::encode(v));
 #endif
-    return reinterpret_cast<JSValueRef>(JSC::JSValue::encode(v));
 }
 

trunk/JavaScriptCore/API/JSCallbackObjectFunctions.h

@@ -319 +319 @@
     for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
         if (JSObjectHasInstanceCallback hasInstance = jsClass->hasInstance) {
+            JSValueRef valueRef = toRef(exec, value);
             JSValueRef exception = 0;
             bool result;
             {
                 JSLock::DropAllLocks dropAllLocks(exec);
-                result = hasInstance(execRef, thisRef, toRef(exec, value), &exception);
+                result = hasInstance(execRef, thisRef, valueRef, &exception);
             }
             exec->setException(toJS(exec, exception));
@@ -429 +430 @@
                 value = convertToType(ctx, thisRef, kJSTypeNumber, &exception);
             }
-            exec->setException(toJS(exec, exception));
-            if (value) {
-                double dValue;
-                return toJS(exec, value).getNumber(dValue) ? dValue : NaN;
-            }
+            if (exception) {
+                exec->setException(toJS(exec, exception));
+                return 0;
+            }
+
+            double dValue;
+            return toJS(exec, value).getNumber(dValue) ? dValue : NaN;
         }
             
@@ -453 +456 @@
                 value = convertToType(ctx, thisRef, kJSTypeString, &exception);
             }
-            exec->setException(toJS(exec, exception));
-            if (value)
-                return toJS(exec, value).getString();
-            if (exception)
+            if (exception) {
+                exec->setException(toJS(exec, exception));
                 return "";
+            }
+            return toJS(exec, value).getString();
         }
             

trunk/JavaScriptCore/API/tests/testapi.c

@@ -384 +384 @@
         return NULL;
     JSValueRef value = JSObjectCallAsFunction(context, function, object, 0, NULL, exception);
-    if (!value)
-        return (JSValueRef)JSStringCreateWithUTF8CString("convertToType failed");
+    if (!value) {
+        JSStringRef errorString = JSStringCreateWithUTF8CString("convertToType failed"); 
+        JSValueRef errorStringRef = JSValueMakeString(context, errorString);
+        JSStringRelease(errorString);
+        return errorStringRef;
+    }
     return value;
 }

trunk/JavaScriptCore/AllInOneFile.cpp

@@ -35 +35 @@
 #include "runtime/JSFunction.cpp"
 #include "runtime/Arguments.cpp"
+#include "runtime/JSAPIValueWrapper.cpp"
 #include "runtime/JSGlobalObjectFunctions.cpp"
 #include "runtime/PrototypeFunction.cpp"

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+=== End merge of nitro-extreme branch 2009-07-30 ===
+
+2009-07-20  Geoffrey Garen  <[email protected]>
+
+        Fixed a post-review typo in r46066 that caused tons of test failures.
+        
+        SunSpider reports no change.
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray): Initialize the full vector capacity, to avoid
+        uninitialized members at the end.
+
+2009-07-20  Geoffrey Garen  <[email protected]>
+
+        Windows WebKit build fix: Added some missing exports.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-17  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Get the branch working on windows.
+        https://bugs.webkit.org/show_bug.cgi?id=27391
+        
+        SunSpider says 0.3% faster.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Updated
+        MSVC export lists to fix linker errors.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added / removed
+        new / old project files.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines): Used #pragma pack to tell
+        MSVC that these structures represent actual memory layout, and should not be
+        automatically aligned. Changed the return value load to load a 64bit quantity
+        into the canonical registers.
+
+        * jit/JIT.h: Moved OBJECT_OFFSETOF definition to StdLibExtras.h because
+        it's needed by more than just the JIT, and it supplements a standard library
+        macro (offsetof).
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame): Fixed an incorrectly signed
+        cast to resolve an MSVC warning.
+
+        * jit/JITStubs.h: Used #pragma pack to tell MSVC that these structures
+        represent actual memory layout, and should not be automatically aligned. 
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray): Replaced memset_pattern8 with a for loop, since
+        memset_pattern8 is not portable. (I verified that this version of the loop
+        gives the best performance / generated code in GCC.)
+
+        * runtime/JSObject.h:
+        (JSC::JSObject::JSObject): Removed accidental usage of FIELD_OFFSET --
+        OBJECT_OFFSETOF is our new macro name. (FIELD_OFFSET conflicts with a
+        definition in winnt.h.)
+
+        * runtime/JSValue.cpp: Added some headers needed by non-all-in-one builds.
+        
+        * runtime/JSValue.h:
+        (JSC::JSValue::): Made the tag signed, to match MSVC's signed enum values.
+        (GCC doesn't seem to care one way or the other.)
+
+        * wtf/MainThread.cpp: Moved the StdLibExtras.h #include -- I did this a
+        while ago to resolve a conflict with winnt.h. I can't remember if it's truly
+        still needed, but what the heck.
+
+        * wtf/StdLibExtras.h: Moved OBJECT_OFFSETOF definition here.
+
+2009-07-06  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig (?).
+        
+        Fixed an assertion seen during the stress test.
+        
+        Don't assume that, if op1 is constant, op2 is not, and vice versa. Sadly,
+        not all constants get folded.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+
+2009-07-06  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Include op_convert_this in result caching.
+        
+        No change on SunSpider or v8.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_convert_this):
+
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::): Made the op_convert_this JIT stub return an EncodedJSValue, so
+        to maintain the result caching contract that { tag, payload } can be
+        found in { regT1, regT0 }.
+
+2009-07-06  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented result chaining.
+        
+        1% faster on SunSpider. 4%-5% faster on v8.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::move):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movl_rr): Added an optimization to eliminate
+        no-op mov instructions, to simplify chaining.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        * jit/JIT.h: Added data members and helper functions for recording
+        chained results. We record both a mapping from virtual to machine register
+        and the opcode for which the mapping is valid, to help ensure that the
+        mapping isn't used after the mapped register has been stomped by other
+        instructions.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCallVarargsSlowCase):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase): Chain function call results.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadTag):
+        (JSC::JIT::emitLoadPayload):
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitLoad2):
+        (JSC::JIT::isLabeled):
+        (JSC::JIT::map):
+        (JSC::JIT::unmap):
+        (JSC::JIT::isMapped):
+        (JSC::JIT::getMappedPayload):
+        (JSC::JIT::getMappedTag): Use helper functions when loading virtual
+        registers into machine registers, in case the loads can be eliminated
+        by chaining.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_mov):
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_next_pname):
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emit_op_catch): Chain results from these opcodes.
+
+        (JSC::JIT::emit_op_profile_will_call):
+        (JSC::JIT::emit_op_profile_did_call): Load the profiler into regT2 to
+        avoid stomping a chained result.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_get_by_id): Chain results from these opcodes.
+
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument): Always use { regT1, regT0 }, to facilitate
+        chaining.
+
+        (JSC::JITStubCall::call): Unmap all mapped registers, since our callee
+        stub might stomp them.
+
+2009-07-01  Sam Weinig  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Don't reload values in emitBinaryDoubleOp.
+
+        SunSpider reports a 0.6% progression. 
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-07-01  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Convert op_div to load op1 and op2 up front.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_div):
+
+2009-07-01  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Don't emit code in emitBinaryDoubleOp if code is unreachable, observable
+        via an empty (unlinked) jumplist passed in.  This only effects op_jnless
+        and op_jnlesseq at present.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-07-01  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Converted op_mod to put { tag, payload } in { regT1, regT0 }, and
+        tidied up its constant case.
+        
+        SunSpider reports a 0.2% regression, but a micro-benchmark of op_mod
+        shows a 12% speedup, and the SunSpider test that uses op_mod most should
+        benefit a lot from result caching in the end, since it almost always
+        performs (expression) % constant.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+
+2009-06-30  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Converted some more arithmetic ops to put { tag, payload } in
+        { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Converted some more arithmetic ops to put { tag, payload } in
+        { regT1, regT0 }, and added a case for subtract constant.
+        
+        SunSpider says no change. v8 says 0.3% slower.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSub32Constant):
+        (JSC::JIT::emitSlow_op_sub):
+
+2009-06-30  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Remove more uses of addressFor(), load double constants directly from
+        the constantpool in the CodeBlock, rather than from the register file.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a bug in postfix ops, where we would treat x = x++ and x = x--
+        as a no-op, even if x were not an int, and the ++/-- could have side-effects.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Converted some arithmetic ops to put { tag, payload } in
+        { regT1, regT0 }.
+        
+        SunSpider says 0.7% faster. v8 says no change.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emit_op_bitxor):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::isOperandConstantImmediateInt):
+        (JSC::JIT::getOperandConstantImmediateInt):
+
+2009-06-30  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Start removing cases of addressFor().
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadDouble):
+        (JSC::JIT::emitLoadInt32ToDouble):
+        (JSC::JIT::emitStoreDouble):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Rolled back in my last patch with regression fixed.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emitSlow_op_resolve_global):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Rolled out my last patch because it was a 2% SunSpider regression.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Gavin "Sam Weinig" Barraclough.
+        
+        Standardized the rest of our opcodes to put { tag, payload } in
+        { regT1, regT0 } where possible.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emitSlow_op_resolve_global):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+
+2009-06-30  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Replace calls to store32(tagFor()) and store32(payloadFor())
+        with emitStoreInt32(), emitStoreBool(), and emitStoreCell().
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitBitAnd32Constant):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emitBitOr32Constant):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emitBitXor32Constant):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSub32ConstantLeft):
+        (JSC::JIT::emitSub32ConstantRight):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emit_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::emit_op_load_varargs):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitStoreInt32):
+        (JSC::JIT::emitStoreCell):
+        (JSC::JIT::emitStoreBool):
+        (JSC::JIT::emitStore):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::call):
+
+2009-06-30  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized the rest of the property access instructions to put { tag,
+        payload } in { regT1, regT0 }.
+
+        Small v8 speedup, 0.2% SunSpider slowdown.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitLoad2):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::patchPutByIdReplace):
+
+2009-06-29  Sam Weinig  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Various cleanups.
+        - Use fpRegT* instead of X86::xmm*.
+        - Use a switch statement in emitBinaryDoubleOp instead of a bunch of
+          if/elses.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div):
+
+2009-06-29  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add inline code dealing with doubles for op_jfalse and op_jtrue.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::):
+        (JSC::MacroAssemblerX86Common::zeroDouble):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-06-28  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Standardized op_get_by_id to put { tag, payload } in { regT1, regT0 }.
+        
+        SunSpider and v8 report maybe 0.2%-0.4% regressions, but the optimization
+        this enables will win much more than that back.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2009-06-26  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Standardized op_call to put { tag, payload } in { regT1, regT0 }.
+        
+        SunSpider and v8 report no change.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+
+2009-06-26  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Handle multiplying by zero a little better by
+        inlining the case that both operands are non-negative
+        into the slowpath.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::branchOr32):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+
+2009-06-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Optimize x++ to ++x inside for loops.
+        
+        Sadly, no measurable speedup, but this should help with result chaining.
+
+        * parser/Nodes.cpp:
+        (JSC::ForNode::emitBytecode):
+
+2009-06-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+
+2009-06-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+
+2009-06-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emitSlow_op_negate):
+        * jit/JITCall.cpp:
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emitSlow_op_construct_verify):
+
+2009-06-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_true):
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+
+2009-06-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig (sort of, maybe).
+        
+        Fixed some ASSERTs in http/tests/security.
+        
+        These ASSERTs were introduced by http://trac.webkit.org/changeset/45057,
+        but the underlying problem was actually older. http://trac.webkit.org/changeset/45057
+        just exposed the problem by enabling optimization in more cases.
+        
+        The ASSERTs fired because we tested PropertySlot::slotBase() for validity,
+        but slotBase() ASSERTs if it's invalid, so we would ASSERT before
+        the test could happen. Solution: Remove the ASSERT. Maybe it was valid
+        once, but it clearly goes against a pattern we've deployed of late.
+        
+        The underlying problem was that WebCore would re-use a PropertySlot in
+        the case of a forwarding access, and the second use would not completely
+        overwrite the first use. Solution: Make sure to overwrite m_offset when
+        setting a value on a PropertySlot. (Other values already get implicitly
+        overwritten during reuse.)
+
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot):
+        (JSC::PropertySlot::setValueSlot):
+        (JSC::PropertySlot::setValue):
+        (JSC::PropertySlot::setRegisterSlot):
+        (JSC::PropertySlot::setUndefined):
+        (JSC::PropertySlot::slotBase):
+        (JSC::PropertySlot::clearOffset):
+
+2009-06-24  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Geoff Garen.
+
+        Enable JIT_OPTIMIZE_METHOD_CALLS on the branch, implementation matches current implemenatation in ToT.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emitSlow_op_method_check):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::compileGetByIdSlowCase):
+
+2009-06-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Bit off a tiny bit more of standardizing opcode behavior to help with result
+        caching.
+        
+        SunSpider reports no change, v8 maybe a tiny speedup.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emitSlow_op_to_jsnumber):
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emitSlow_op_convert_this):
+
+2009-06-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Bit off a tiny bit more of standardizing opcode behavior to help with result
+        caching -- including removing my old enemy, op_resolve_function, because
+        it was non-standard, and removing it felt better than helping it limp along.
+        
+        SunSpider reports no change, v8 maybe a tiny speedup.
+        
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emitSlow_op_to_primitive):
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+        * parser/Nodes.cpp:
+        (JSC::FunctionCallResolveNode::emitBytecode):
+
+2009-06-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Bit off a tiny bit of standardizing opcode behavior to help with result
+        caching.
+        
+        0.6% SunSpider speedup. 0.3% v8 speedup.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoad): Accomodate a base register that overlaps with payload
+        by loading tag before payload, to avoid stomping base/payload.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_mov): Abide by the standard "tag in regT1, payload in
+        regT0" semantics.
+
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var): Ditto. Also, removed some irrelevent
+        loads while I was at it. The global object's "d" pointer never changes
+        after construction.
+
+2009-06-23  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Remove 'arguments' field from Register union (again).
+        This time do so without breaking tests (radical, I know).
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::optionalCalleeArguments):
+        (JSC::ExecState::setArgumentCount):
+        (JSC::ExecState::init):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * interpreter/Register.h:
+        (JSC::Register::withInt):
+        (JSC::Register::):
+        (JSC::Register::Register):
+        (JSC::Register::i):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        * runtime/Arguments.h:
+        (JSC::JSActivation::copyRegisters):
+        (JSC::Register::arguments):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+
+2009-06-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Removed some result register tracking cruft in preparation for a new
+        result tracking mechanism.
+        
+        SunSpider reports no change.
+
+        * assembler/AbstractMacroAssembler.h:
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::JmpDst::JmpDst): No need to track jump targets in
+        machine code; we already do this in bytecode.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        (JSC::JIT::emitTimeoutCheck): Make sure to save and restore the result
+        registers, so an opcode with a timeout check can still benefit from result
+        register caching.
+
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases): Removed calls to killLastResultRegister()
+        in preparation for something new.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
+        (JSC::JIT::emitGetFromCallFrameHeader32):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_jsr):
+        (JSC::JIT::emit_op_sret):
+        (JSC::JIT::emit_op_jmp_scopes): ditto
+
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::getArgument): added a mechanism for reloading an argument
+        you passed to a JIT stub, for use in emitTimeoutCheck.
+
+2009-06-23  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove now-useless inplace variants of binary ops.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emit_op_mul):
+
+2009-06-23  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Move off memory operands to aid in re-enabling result caching.
+
+        - No regression measured.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitBitAnd32Constant):
+        (JSC::JIT::emitBitAnd32InPlace):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emitBitOr32Constant):
+        (JSC::JIT::emitBitOr32InPlace):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emitBitXor32Constant):
+        (JSC::JIT::emitBitXor32InPlace):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitAdd32InPlace):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32Constant):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSub32ConstantLeft):
+        (JSC::JIT::emitSub32ConstantRight):
+        (JSC::JIT::emitSub32InPlaceLeft):
+        (JSC::JIT::emitSub32InPlaceRight):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitMul32InPlace):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emit_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emit_op_to_jsnumber):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+
+2009-06-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed some missing and/or misplaced labels in bytecode generation, so
+        we don't have to work around them in JIT code generation.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitJumpSubroutine):
+        * parser/Nodes.cpp:
+        (JSC::TryNode::emitBytecode):
+
+2009-06-22  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        For member function calls, emit "this" directly into the "this" slot
+        for the function call, instead of moving it there later. This reduces
+        time spent in op_mov during certain calls, like "a.b.c()".
+        
+        1%-2% speedup on v8, mostly richards and delta-blue.
+
+        * parser/Nodes.cpp:
+        (JSC::FunctionCallDotNode::emitBytecode):
+
+2009-06-22  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Remove 'arguments' field from Register union.  Having JSCell derived types in the union is
+        dangerous since it opens the possibility for the field to be written as a raw pointer but
+        then read as a JSValue.  This will lead to statle data being read for the tag, which may
+        be dangerous.  Having removed Arguments* types form Register, all arguments objects must
+        always explicitly be stored in the register file as JSValues.
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::optionalCalleeArguments):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * interpreter/Register.h:
+        (JSC::Register::):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        * runtime/Arguments.h:
+        (JSC::JSActivation::copyRegisters):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+
+2009-06-03  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add back known this value optimization by abstracting
+        slow case if not JSCell jumps.
+
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCallVarargsSlowCase):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::linkSlowCaseIfNotJSCell):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emitSlow_op_instanceof):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+
+2009-06-01  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed some of the regression in crypto-aes.js. (8.5% speedup in
+        crypto-aes.js.)
+        
+        SunSpider reports no change overall.
+        
+        Division was producing double results, which took the slow path through
+        array access code.
+        
+        Strangely, all my attempts at versions of this patch that modified array
+        access code to accept ints encoded as doubles along the fast or slow paths
+        were regressions. So I did this instead.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_div): When dividing an int by an int, go ahead and try
+        to turn the result into an int. Don't just do int division, though, because
+        testing shows it to be slower than SSE double division, and the corner
+        cases are pretty complicated / lengthy on top of that. Also, don't try
+        to canonicalize division of known tiny numerators into ints, since that's a
+        waste of time.
+
+2009-05-26  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a regression caused by my recent fix for NaN.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp): Actually do the comparison in reverse
+        order, like the ChangeLog said we would, bokay?
+
+2009-05-26  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig and Oliver Hunt.
+        
+        Fixed two edge cases in %:
+        
+        - Don't do -2147483648 % x as a fast case, since you might do -2147483648 % -1,
+        which will signal a hardware exception due to overflow.
+
+        - In the case of a zero remainder, be sure to store negative zero if the
+        dividend was zero.
+        
+        SunSpider reports no change.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+
+2009-05-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed a regression when comparing to NaN.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp): For op_jnless and op_jnless_eq, do the
+        comparison in reverse order, and jump if the result is below or 
+        below-or-equal. This ensures that we do jump in the case of NaN.
+
+2009-05-25  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Oliver Hunt.
+        
+        SunSpider says no change.
+        
+        Fixed regressions in fast/js/var-declarations-shadowing.html and
+        fast/js/equality.html, caused by recent == and != optimizations.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_eq): Don't treat "compare to string" as always
+        numeric or string comparison. If the second operand is an object, you
+        need to ToPrimitive it, and start all over again. Also, I wrote out each
+        of the possible cases explicitly, to cut down on redundant branching.
+
+2009-05-25  Sam Weinig  <[email protected]>
+
+        Reviewed by Mark Rowe.
+
+        Fix bug in fast/js/constant-folding.html where we were not negating
+        -0 properly.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+
+2009-05-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Oliver Hunt.
+        
+        Refactored new slow case codegen for == and !=.
+        
+        SunSpider reports no change, maybe a tiny speedup.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emitSlow_op_neq): Made a vptr comparison a *Ptr operation,
+        instead of *32, to make it portable to 64bit. Reorganized the string
+        and generic cases to make their control flow a little clearer.
+
+2009-05-23  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Optimized == and != for our new value representation -- especially for strings.
+        
+        14% speedup on date-format-tofte.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_eq_strings):
+        (JSC::JITStubs::cti_op_call_eval):
+        * jit/JITStubs.h:
+        (JSC::):
+        * runtime/JSValue.h:
+
+2009-05-22  Sam Weinig  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix non-SSE enabled builds.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_add): Don't early return here, we still need to call the JIT stub.
+        (JSC::JIT::emitSlow_op_sub): Ditto.
+
+2009-05-22  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Here's a thought: let's not take a jit stub call just to multiply by 1,
+        bokay?
+        
+        imul doesn't set the zero flag, so to test for a zero result, we need
+        an explicit instruction. (Luckily, it does set the overflow flag, so
+        we can still use that.)
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitMul32InPlace):
+
+2009-05-22  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey "Premature Commit" Garen.
+
+        Add back constant integer cases for op_add.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32Constant):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperandImmediateDouble):
+        (JSC::JIT::isOperandConstantImmediateDouble):
+
+2009-05-22  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Added fast double cases for op_jnless and op_jnlesseq.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::JumpList::jumps): New accesor, used by
+        addSlowCase.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::ucomisd_rm): New method for comparing register to
+        memory.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emit_op_div): Modified emitBinaryDoubleOp to accept comparison/jump
+        operations in addition to operations with explicit result registers.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::addSlowCase): Added an "addSlowCase" for JumpLists, so clients
+        can track multiple jumps to the same slow case condition together.
+
+2009-05-21  Sam Weinig  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Implement op_negate inline fast cases.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::neg32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::negl_m):
+        (JSC::X86Assembler::xorpd_rr):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emitSlow_op_negate):
+
+2009-05-20  Sam Weinig  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Update the patchOffsetGetByIdSlowCaseCall constant for the
+        case that OPCODE_SAMPLING is enabled.
+
+        * jit/JIT.h:
+
+2009-05-20  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Added support for inline subtraction of doubles.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSlowSub32InPlaceLeft):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-05-20  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Added support for inline division.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::divsd_rr):
+        (JSC::X86Assembler::divsd_mr):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitBinaryOp):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emitSlow_op_div):
+
+2009-05-20  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Added support for inline addition of doubles.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32InPlace):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+
+2009-05-20  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Factored inline double operations into a helper function, so that we
+        can reuse this code for other math operations.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+
+2009-05-20  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Added support for inline multiplication of doubles.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::cvtsi2sd_mr): New function, useful for loading an
+        int32 into a double register.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul): Filled out these cases for double arithmetic.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::addressFor): New function, useful for addressing a JSValue's
+        full 64bits as a double.
+
+2009-05-19  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement and enable optimized calls.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines): Add ENABLE(JIT_OPTIMIZE_CALL) guards
+        around the the optimize call only trampolines (virtualCallPreLink and virtualCallLink).
+        Update the trampolines to account for the new JSValue representation.
+        (JSC::JIT::unlinkCall): Use NULL instead of JSValue noValue. 
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall): Update to account for the new JSValue representation
+        (JSC::JIT::compileOpCallSlowCase): Ditto.
+
+        * jit/JITStubs.h: Remove incorrect !ENABLE(JIT_OPTIMIZE_CALL) guard.
+
+        * wtf/Platform.h: Enable ENABLE_JIT_OPTIMIZE_CALL.
+
+2009-05-19  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement and enable optimized property access.
+
+        * assembler/AbstractMacroAssembler.h: Fix comment.
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines): Remove array length trampoline
+        and implement the string length trampoline.
+        * jit/JIT.h: Add new constants for patch offsets.
+        * jit/JITInlineMethods.h: Remove FIELD_OFFSET which is now in StdLibExtras.h.
+        * jit/JITPropertyAccess.cpp: 
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::compilePutDirectOffset):
+        (JSC::JIT::compileGetDirectOffset):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument): Add version of addArgument that takes
+        two registers for the tag and payload.
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::JITStubs): Remove array length trampoline pointer.
+        (JSC::JITStubs::cti_op_get_by_id_self_fail): 
+        * jit/JITStubs.h:
+        * runtime/JSObject.h:
+        (JSC::JSObject::JSObject): Move m_inheritorID below the property storage
+        to align it to a 16 byte boundary.
+        * wtf/Platform.h: Enable ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
+        * wtf/StdLibExtras.h: Move FIELD_OFFSET here.
+
+2009-05-17  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove unneeded ExecState parameter from the number JSValue constructors.
+
+        * runtime/JSValue.h:
+        (JSC::jsNumber):
+        (JSC::jsNaN):
+        (JSC::JSValue::JSValue):
+
+2009-05-15  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented fast path for op_put_by_val when putting to arrays.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+
+2009-05-15  Geoffrey Garen  <[email protected]> (Mostly by Sam)
+
+        Reviewed by Sam Weinig.
+        
+        Implemented fast path for op_get_by_val when accessing array.
+
+        * jit/JIT.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a failure in fast/js/math-transforms.html caused by failing to
+        preserve -0 in multiplication.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::jz):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitMul32Constant):
+        (JSC::JIT::emitMul32InPlace): Check both for overflow and for zero when
+        doing multiplication. Use a slow case to get these right.
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a bug in the varargs calling convention.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs): Move the argument count into regT1,
+        since that's where ctiVirtualCall expects it to be.
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Fixed a small bug in instanceof's looping code.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof): NULL means the object has no prototype,
+        so only loop when *not* equal to NULL.
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a small bug in instanceof's result writing code.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof): Make sure to fill out the payload bits
+        in all cases.
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Removed an invalid assertion in cti_op_urshift which
+        depended on a fast path for op_urshift which has
+        never existed.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_urshift):
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed loop_if_true, which had the same reversed test that jtrue had.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_true):
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        In op_neq, we apparently want to check that one value
+        does *not* equal another.  Go figure.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_neq):
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        The slow case of op_mod should call op_mod's jit stub,
+        not op_mul.  That would be dumb.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_mod):
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed problems when using 'arguments' due to a half-initialized register.
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::setCalleeArguments):
+        (JSC::ExecState::init): Require a full JSValue when setting up the 
+        'arguments' virtual register, since this register is accessible from JIT
+        code and bytecode, and needs to be a true JSValue.
+
+        * interpreter/CallFrameClosure.h:
+        (JSC::CallFrameClosure::resetCallFrame): ditto
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute): ditto
+
+        * interpreter/Register.h: Removed the constructor that allowed assignment
+        of a JSArguments* to a register. That is not safe. See above.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_create_arguments):
+        (JSC::JITStubs::cti_op_create_arguments_no_params): ditto
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        We really want to go to the slow case in op_jfalse and
+        op_jtrue if the value is *not* boolean. 
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Flipped the condition when emitting a an op_loop_if_less or op_loop_if_lesseq
+        if the first operand is a constant.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Added missing return in op_jnless and op_jnlesseq. 
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+
+2009-05-14  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Load constants into the the register file as a temporary measure to
+        aid bring up.  This allows us to use to treat constants like any
+        other virtual register.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_enter):
+        (JSC::JIT::emit_op_enter_with_activation):
+
+2009-05-14  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_strict_eq. Original patch by Snowy, by way of Sam and Gavin.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::set8): Added set8, since it's slightly
+        faster than set32, and the new value representation usually doesn't
+        need set32.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadTag):
+        (JSC::JIT::emitLoadPayload): Added helper functions for dealing with
+        constants. Eventually, we should write special cases for all constants,
+        but these are helpful in the short term.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlow_op_stricteq):
+        (JSC::JIT::emitSlow_op_nstricteq): teh opcodez.
+
+        * runtime/JSValue.h:
+        (JSC::JSValue::):
+        (JSC::JSValue::isDouble): Added a LowestTag for clarity.
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed some bugs in host function calls.
+        
+        testapi now passes!
+
+        * jit/JIT.cpp: Changed some registers around to avoid overwriting edx:eax,
+        which is how JSValues are now returned. Also changed the code that
+        passes thisValue to pass the full 64bits of the value. Also added
+        an #error compiler directive to other platform builds, since the JSValue
+        return signature probably won't return in edx:eax on those platforms,
+        and we'll have to investigate a solution.
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Removed parameters from functions that are intended never to use their
+        parameters.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Ported op_instance_of from TOT. It's basically the same, but some register
+        stuff changed to memory stuff.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        (JSC::JIT::emitStore): Changed to use helper functions.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emitSlow_op_instanceof): Ported from TOT.
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+        
+        Added a comment to explain an exception-handling subtelty that we found
+        hard to remember when reviewing my last patch.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_catch):
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented try/catch.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_throw): Updated to use JITStackFrame abstraction.
+        (JSC::JIT::emit_op_catch): Filled out.
+
+2009-05-13  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented op_loop_if_true, op_jfalse, op_jtrue, op_jeq_null and op_jneq_null
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_instanceof): Moved from below to be next to its
+        fast brother.
+
+        (JSC::JIT::emit_op_loop_if_true): Similar to the old version
+        in that it tries to do the integer case first and reduce the
+        number of jumps you might need to take.
+        (JSC::JIT::emitSlow_op_loop_if_true):
+
+        (JSC::JIT::emit_op_jfalse): Very similar to op_loop_if_true, only
+        the inverse and without a timeout check.
+        (JSC::JIT::emitSlow_op_jfalse):
+
+        (JSC::JIT::emit_op_jtrue): Very similar to op_loop_if_true except
+        without the timeout check.
+        (JSC::JIT::emitSlow_op_jtrue):
+
+        (JSC::JIT::emit_op_jeq_null): Very similar to the implementation
+        of op_eq, except it takes jumps instead of copying the condition
+        to a dst.
+        (JSC::JIT::emit_op_jneq_null): Ditto but for op_neq.
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_call_varargs.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::emit_op_call):
+        (JSC::JIT::emit_op_call_eval):
+        (JSC::JIT::emit_op_load_varargs):
+        (JSC::JIT::emit_op_call_varargs):
+        (JSC::JIT::emit_op_construct):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jneq_ptr):
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_call_eval.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCall):
+        * jit/JITStubCall.h:
+        (JSC::CallEvalJITStub::CallEvalJITStub):
+
+2009-05-13  Sam Weinig  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Implemented op_not. (Gavin did most of the work!)
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emitSlow_op_not):
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_global_resolve.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq): Added back accidentally removed
+        early returns. 
+
+        (JSC::JIT::emit_op_resolve_global):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_resolve_global): Pretty similar to the old code,
+        but we need two reads and a TimesEight step in order to account for the
+        64bit value size.
+
+        * jit/JITStubs.h:
+        (JSC::): Slightly tweaked this code to specialize for a JSGlobalObject*,
+        to avoid having to pass an irrelevant tag pointer to the stub.
+
+2009-05-13  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented op_to_jsnumber.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emitSlow_op_to_jsnumber):
+
+2009-05-13  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented op_convert_this.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emitSlow_op_convert_this):
+
+2009-05-13  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Got basic JS function and constructor calls working.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emitSlow_op_construct_verify):
+        (JSC::JIT::emitSlow_op_call):
+        (JSC::JIT::emitSlow_op_call_eval):
+        (JSC::JIT::emitSlow_op_call_varargs):
+        (JSC::JIT::emitSlow_op_construct):
+        (JSC::JIT::compileOpCall): Filled out these cases, with call_eval #if'd out.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        (JSC::JIT::emitLoad): Restored some legacy "*CTIArg*" functions,
+        since I wanted to avoid the complexity of revamping the API here while
+        trying to bring it up. Eventually, we should re-remove all of these functions.
+
+        (JSC::JIT::recordJumpTarget): Removed unnecessary macro cruft. You will
+        not silence me, Sam Weinig! The world will know that you are a crufty,
+        crufty, crufty programmer!!!
+
+        * jit/JITOpcodes.cpp:
+        * jit/JITStubs.cpp:
+        (JSC::):
+        * jit/JITStubs.h: Changed up some offsets in the JITStackFrame class, since
+        and off-by-one error was causing stack misalignment.
+
+2009-05-13  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_eq_null and op_neq_null.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::set8):
+        (JSC::MacroAssemblerX86Common::setTest8):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_stricteq):
+        (JSC::JIT::emitSlow_op_stricteq):
+        (JSC::JIT::emit_op_nstricteq):
+        (JSC::JIT::emitSlow_op_nstricteq):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        * jsc.cpp:
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_new_error.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_new_error):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument): Add a version of addArgument
+        that takes a constant JSValue.
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove now unused emitGetVariableObjectRegister and emitPutVariableObjectRegister.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_to_primitive and op_next_pname.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_construct_verify):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emitSlow_op_to_primitive):
+        (JSC::JIT::emitSlow_op_loop_if_true):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_next_pname):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add op_get_global_var, op_put_global_var, emit_op_get_scoped_var, emit_op_put_scoped_var and
+        op_unexpected_load.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::tagFor):
+        (JSC::JIT::payloadFor):
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitStore):
+        (JSC::JIT::emitLoadReturnValue):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_unexpected_load):
+
+2009-05-12  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Added overflow handling to op_sub.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSlowSub32InPlaceLeft):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove a function call by folding op_get_by_id and op_put_by_id into
+        their respective compile functions.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Make JITStubCall work in 64bit by making the stack index
+        step dependent on the size of void*.
+
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::addArgument):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement simple version of property access opcodes
+        which just call a stub functions.
+
+        * jit/JITOpcodes.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emit_op_put_by_index):
+        (JSC::JIT::emit_op_put_getter):
+        (JSC::JIT::emit_op_put_setter):
+        (JSC::JIT::emit_op_del_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument):
+        * jsc.cpp:
+
+2009-05-12  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Added work-around for XCode debugging echo problem.
+
+        * jsc.cpp:
+        (runInteractive):
+
+2009-05-12  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Added overflow handling to op_add.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32InPlace):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add slow cases for op_jnless or emit_op_jnlesseq.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add implementations for op_jnless, emit_op_jnlesseq, op_loop_if_less and op_loop_if_lesseq.
+        No slow cases for op_jnless or emit_op_jnlesseq yet.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emitSlow_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emitSlow_op_loop_if_lesseq):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Turn the RECORD_JUMP_TARGET macro into an inline function.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::recordJumpTarget):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_jsr):
+        (JSC::JIT::emit_op_jmp_scopes):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Add MacroAssemblerX86Common::set8 to fix the build.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::set8):
+
+2009-05-12  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+        
+        Added overflow recovery for pre_inc and pre_dec.
+        
+        Turned some short-circuit code into early returns, as is the WebKit style.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_dec):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_jmp, op_loop, op_eq and op_neq.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_loop):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+        (JSC::JIT::emit_op_enter):
+        (JSC::JIT::emit_op_enter_with_activation):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement the slow cases for arithmetic opcodes.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_lshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emitSlow_op_bitand):
+        (JSC::JIT::emitSlow_op_bitor):
+        (JSC::JIT::emitSlow_op_bitxor):
+        (JSC::JIT::emitSlow_op_bitnot):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitSlow_op_mod):
+        (JSC::JIT::emit_op_mod):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_bitnot.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::not32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::notl_m):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_bitnot):
+
+2009-05-12  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add arithmetic opcode implementations from the old nitro-extreme branch.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emitSlow_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitBitAnd32Constant):
+        (JSC::JIT::emitBitAnd32InPlace):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emitSlow_op_bitor):
+        (JSC::JIT::emitBitOr32Constant):
+        (JSC::JIT::emitBitOr32InPlace):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emitSlow_op_bitxor):
+        (JSC::JIT::emitBitXor32Constant):
+        (JSC::JIT::emitBitXor32InPlace):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emitSlow_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitAdd32InPlace):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSub32ConstantLeft):
+        (JSC::JIT::emitSub32ConstantRight):
+        (JSC::JIT::emitSub32InPlaceLeft):
+        (JSC::JIT::emitSub32InPlaceRight):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitMul32Constant):
+        (JSC::JIT::emitMul32InPlace):
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+        * jit/JITOpcodes.cpp:
+
+2009-05-12  Geoffrey Garen  <[email protected]>
+
+        Removed JIT_OPTIMIZE_ARITHMETIC setting, since it was all about 32bit
+        value representations.
+        
+        Added JSAPIValueWrapper to the repository.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        * runtime/JSAPIValueWrapper.cpp: Added.
+        (JSC::JSAPIValueWrapper::toPrimitive):
+        (JSC::JSAPIValueWrapper::getPrimitiveNumber):
+        (JSC::JSAPIValueWrapper::toBoolean):
+        (JSC::JSAPIValueWrapper::toNumber):
+        (JSC::JSAPIValueWrapper::toString):
+        (JSC::JSAPIValueWrapper::toObject):
+        * runtime/JSAPIValueWrapper.h: Added.
+        (JSC::JSAPIValueWrapper::value):
+        (JSC::JSAPIValueWrapper::isAPIValueWrapper):
+        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+        (JSC::jsAPIValueWrapper):
+        * wtf/Platform.h:
+
+2009-05-12  Geoffrey Garen  <[email protected]>
+
+        Turned on the JIT and got it building and running the most trivial of
+        programs.
+        
+        All configurable optimizations are turned off, and a few opcodes are ad
+        hoc #if'd out.
+        
+        So far, I've only merged op_mov and op_end, but some stub-reliant
+        opcodes work as-is from TOT.
+        
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        * bytecode/CodeBlock.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emitSlow_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitSlow_op_bitand):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlow_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperandImmediateInt):
+        (JSC::JIT::isOperandConstantImmediateInt):
+        (JSC::JIT::emitInitRegister):
+        (JSC::JIT::addSlowCase):
+        (JSC::JIT::addJump):
+        (JSC::JIT::emitJumpSlowToHot):
+        (JSC::JIT::tagFor):
+        (JSC::JIT::payloadFor):
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitLoadReturnValue):
+        (JSC::JIT::emitStore):
+        (JSC::JIT::emitStoreReturnValue):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_mov):
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_loop):
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_tear_off_activation):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emit_op_loop_if_true):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_unexpected_load):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emit_op_throw):
+        (JSC::JIT::emit_op_next_pname):
+        (JSC::JIT::emit_op_push_scope):
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emit_op_push_new_scope):
+        (JSC::JIT::emit_op_catch):
+        (JSC::JIT::emit_op_switch_imm):
+        (JSC::JIT::emit_op_switch_char):
+        (JSC::JIT::emit_op_switch_string):
+        (JSC::JIT::emit_op_new_error):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emit_op_profile_will_call):
+        (JSC::JIT::emit_op_profile_did_call):
+        (JSC::JIT::emitSlow_op_construct_verify):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emitSlow_op_loop_if_less):
+        (JSC::JIT::emitSlow_op_loop_if_lesseq):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emitSlow_op_not):
+        (JSC::JIT::emitSlow_op_instanceof):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emit_op_put_by_index):
+        (JSC::JIT::emit_op_put_getter):
+        (JSC::JIT::emit_op_put_setter):
+        (JSC::JIT::emit_op_del_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::addArgument):
+        (JSC::JITStubCall::call):
+        (JSC::JITStubCall::):
+        (JSC::CallEvalJITStub::CallEvalJITStub):
+        * jit/JITStubs.cpp:
+        (JSC::):
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_post_dec):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_switch_imm):
+        * jit/JITStubs.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+        * runtime/JSValue.h:
+        (JSC::JSValue::payload):
+        * wtf/Platform.h:
+
+2009-05-07  Sam Weinig  <[email protected]>
+
+        Reviewed by Geoffrey Garen.
+
+        Add some new MacroAssembler and assembler functions that will be needed shortly.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::add32):
+        (JSC::MacroAssemblerX86Common::and32):
+        (JSC::MacroAssemblerX86Common::mul32):
+        (JSC::MacroAssemblerX86Common::neg32):
+        (JSC::MacroAssemblerX86Common::or32):
+        (JSC::MacroAssemblerX86Common::sub32):
+        (JSC::MacroAssemblerX86Common::xor32):
+        (JSC::MacroAssemblerX86Common::branchAdd32):
+        (JSC::MacroAssemblerX86Common::branchMul32):
+        (JSC::MacroAssemblerX86Common::branchSub32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::addl_rm):
+        (JSC::X86Assembler::andl_mr):
+        (JSC::X86Assembler::andl_rm):
+        (JSC::X86Assembler::andl_im):
+        (JSC::X86Assembler::negl_r):
+        (JSC::X86Assembler::notl_r):
+        (JSC::X86Assembler::orl_rm):
+        (JSC::X86Assembler::orl_im):
+        (JSC::X86Assembler::subl_rm):
+        (JSC::X86Assembler::xorl_mr):
+        (JSC::X86Assembler::xorl_rm):
+        (JSC::X86Assembler::xorl_im):
+        (JSC::X86Assembler::imull_mr):
+
+2009-05-11  Sam Weinig  <[email protected]>
+
+        Reviewed by Cameron Zwarich.
+
+        Remove the NumberHeap.
+
+        * JavaScriptCore.exp:
+        * runtime/Collector.cpp:
+        (JSC::Heap::Heap):
+        (JSC::Heap::destroy):
+        (JSC::Heap::recordExtraCost):
+        (JSC::Heap::heapAllocate):
+        (JSC::Heap::markConservatively):
+        (JSC::Heap::sweep):
+        (JSC::Heap::collect):
+        (JSC::Heap::objectCount):
+        (JSC::Heap::statistics):
+        (JSC::typeName):
+        (JSC::Heap::isBusy):
+        * runtime/Collector.h:
+        (JSC::Heap::globalData):
+        * runtime/JSCell.h:
+
+2009-05-11  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Land initial commit of new number representation for 32 bit platforms,
+        with JIT disabled.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::hasInstance):
+        (JSC::::toNumber):
+        (JSC::::toString):
+        * API/tests/testapi.c:
+        (EvilExceptionObject_convertToType):
+        * AllInOneFile.cpp:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::valueToSourceString):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitLoad):
+        (JSC::BytecodeGenerator::emitUnexpectedLoad):
+        (JSC::keyForImmediateSwitch):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::privateExecute):
+        * parser/Nodes.cpp:
+        (JSC::ArrayNode::emitBytecode):
+        (JSC::processClauseList):
+        * runtime/ArgList.h:
+        * runtime/Collector.h:
+        (JSC::sizeof):
+        * runtime/DateMath.cpp:
+        * runtime/ExceptionHelpers.h:
+        * runtime/InitializeThreading.cpp:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSCell.cpp:
+        * runtime/JSCell.h:
+        (JSC::JSCell::isAPIValueWrapper):
+        (JSC::JSValue::isString):
+        (JSC::JSValue::isGetterSetter):
+        (JSC::JSValue::isObject):
+        (JSC::JSValue::getString):
+        (JSC::JSValue::getObject):
+        (JSC::JSValue::getCallData):
+        (JSC::JSValue::getConstructData):
+        (JSC::JSValue::getUInt32):
+        (JSC::JSValue::marked):
+        (JSC::JSValue::toPrimitive):
+        (JSC::JSValue::getPrimitiveNumber):
+        (JSC::JSValue::toBoolean):
+        (JSC::JSValue::toNumber):
+        (JSC::JSValue::toString):
+        (JSC::JSValue::needsThisConversion):
+        (JSC::JSValue::toThisString):
+        (JSC::JSValue::getJSNumber):
+        (JSC::JSValue::toObject):
+        (JSC::JSValue::toThisObject):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.h:
+        (JSC::Structure::prototypeForLookup):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+        * runtime/JSImmediate.h:
+        * runtime/JSNumberCell.cpp: Removed.
+        * runtime/JSNumberCell.h: Removed.
+        * runtime/JSObject.h:
+        (JSC::JSValue::get):
+        (JSC::JSValue::put):
+        * runtime/JSString.h:
+        (JSC::JSValue::toThisJSString):
+        * runtime/JSValue.cpp:
+        (JSC::JSValue::toInteger):
+        (JSC::JSValue::toIntegerPreserveNaN):
+        (JSC::JSValue::toObjectSlowCase):
+        (JSC::JSValue::toThisObjectSlowCase):
+        (JSC::JSValue::synthesizeObject):
+        (JSC::JSValue::synthesizePrototype):
+        (JSC::JSValue::description):
+        (JSC::nonInlineNaN):
+        * runtime/JSValue.h:
+        (JSC::JSValue::):
+        (JSC::EncodedJSValueHashTraits::emptyValue):
+        (JSC::jsNaN):
+        (JSC::operator==):
+        (JSC::operator!=):
+        (JSC::toInt32):
+        (JSC::toUInt32):
+        (JSC::JSValue::encode):
+        (JSC::JSValue::decode):
+        (JSC::JSValue::JSValue):
+        (JSC::JSValue::operator bool):
+        (JSC::JSValue::operator==):
+        (JSC::JSValue::operator!=):
+        (JSC::JSValue::isUndefined):
+        (JSC::JSValue::isNull):
+        (JSC::JSValue::isUndefinedOrNull):
+        (JSC::JSValue::isCell):
+        (JSC::JSValue::isInt32):
+        (JSC::JSValue::isUInt32):
+        (JSC::JSValue::isDouble):
+        (JSC::JSValue::isTrue):
+        (JSC::JSValue::isFalse):
+        (JSC::JSValue::tag):
+        (JSC::JSValue::asInt32):
+        (JSC::JSValue::asUInt32):
+        (JSC::JSValue::asDouble):
+        (JSC::JSValue::asCell):
+        (JSC::JSValue::isNumber):
+        (JSC::JSValue::isBoolean):
+        (JSC::JSValue::getBoolean):
+        (JSC::JSValue::uncheckedGetNumber):
+        (JSC::JSValue::toJSNumber):
+        (JSC::JSValue::getNumber):
+        (JSC::JSValue::toInt32):
+        (JSC::JSValue::toUInt32):
+        * runtime/Operations.h:
+        (JSC::JSValue::equal):
+        (JSC::JSValue::equalSlowCaseInline):
+        (JSC::JSValue::strictEqual):
+        (JSC::JSValue::strictEqualSlowCaseInline):
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAdd):
+        * runtime/PropertySlot.h:
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncIndexOf):
+        * wtf/Platform.h:
+
+=== Start merge of nitro-extreme branch 2009-07-30 ===
+
 2009-07-29  Laszlo Gombos  <[email protected]>
 

trunk/JavaScriptCore/JavaScriptCore.exp

@@ -103 +103 @@
 __ZN3JSC11JSByteArray15createStructureENS_7JSValueE
 __ZN3JSC11JSByteArrayC1EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS3_9ByteArrayEPKNS_9ClassInfoE
-__ZN3JSC11JSImmediate12nonInlineNaNEv
-__ZN3JSC11JSImmediate12toThisObjectENS_7JSValueEPNS_9ExecStateE
-__ZN3JSC11JSImmediate8toObjectENS_7JSValueEPNS_9ExecStateE
-__ZN3JSC11JSImmediate8toStringENS_7JSValueE
-__ZN3JSC11JSImmediate9prototypeENS_7JSValueEPNS_9ExecStateE
 __ZN3JSC11ParserArena5resetEv
 __ZN3JSC11checkSyntaxEPNS_9ExecStateERKNS_10SourceCodeE
@@ -128 +123 @@
 __ZN3JSC12StringObjectC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEERKNS_7UStringE
 __ZN3JSC12jsNumberCellEPNS_9ExecStateEd
+__ZN3JSC12nonInlineNaNEv
 __ZN3JSC13SamplingFlags4stopEv
 __ZN3JSC13SamplingFlags5startEv
@@ -163 +159 @@
 __ZN3JSC17constructFunctionEPNS_9ExecStateERKNS_7ArgListERKNS_10IdentifierERKNS_7UStringEi
 __ZN3JSC18DebuggerActivationC1EPNS_8JSObjectE
-__ZN3JSC18jsAPIMangledNumberEPNS_9ExecStateEd
 __ZN3JSC19constructEmptyArrayEPNS_9ExecStateE
 __ZN3JSC19initializeThreadingEv
@@ -173 +168 @@
 __ZN3JSC25evaluateInGlobalCallFrameERKNS_7UStringERNS_7JSValueEPNS_14JSGlobalObjectE
 __ZN3JSC4Heap11objectCountEv
-__ZN3JSC4Heap14allocateNumberEm
 __ZN3JSC4Heap14primaryHeapEndEv
 __ZN3JSC4Heap15recordExtraCostEm
@@ -218 +212 @@
 __ZN3JSC7Profile7excludeEPKNS_11ProfileNodeE
 __ZN3JSC7Profile7forEachEMNS_11ProfileNodeEFvvE
-__ZN3JSC7UString3Rep12sharedBufferEv
 __ZN3JSC7UString3Rep11computeHashEPKci
 __ZN3JSC7UString3Rep11computeHashEPKti
+__ZN3JSC7UString3Rep12sharedBufferEv
+__ZN3JSC7UString3Rep14createFromUTF8EPKc
 __ZN3JSC7UString3Rep14nullBaseStringE
 __ZN3JSC7UString3Rep6createEPtiN3WTF10PassRefPtrINS3_21CrossThreadRefCountedINS3_16OwnFastMallocPtrItEEEEEE
 __ZN3JSC7UString3Rep7destroyEv
+__ZN3JSC7UString4fromEd
 __ZN3JSC7UString4fromEi
 __ZN3JSC7UString4fromEj
@@ -280 +276 @@
 __ZN3JSCgtERKNS_7UStringES2_
 __ZN3JSCltERKNS_7UStringES2_
-__ZN3JSC7UString3Rep14createFromUTF8EPKc
 __ZN3WTF10fastCallocEmm
 __ZN3WTF10fastMallocEm
@@ -291 +286 @@
 __ZN3WTF12randomNumberEv
 __ZN3WTF13currentThreadEv
-__ZN3WTF37parseDateFromNullTerminatedCharactersEPKc
 __ZN3WTF13tryFastCallocEmm
 __ZN3WTF15ThreadCondition4waitERNS_5MutexE
@@ -313 +307 @@
 __ZN3WTF28setMainThreadCallbacksPausedEb
 __ZN3WTF36lockAtomicallyInitializedStaticMutexEv
+__ZN3WTF37parseDateFromNullTerminatedCharactersEPKc
 __ZN3WTF38unlockAtomicallyInitializedStaticMutexEv
 __ZN3WTF5Mutex4lockEv
@@ -345 +340 @@
 __ZNK3JSC6JSCell12toThisStringEPNS_9ExecStateE
 __ZNK3JSC6JSCell14isGetterSetterEv
-__ZNK3JSC6JSCell17getTruncatedInt32ERi
-__ZNK3JSC6JSCell18getTruncatedUInt32ERj
 __ZNK3JSC6JSCell9classInfoEv
 __ZNK3JSC6JSCell9getStringERNS_7UStringE
@@ -352 +345 @@
 __ZNK3JSC6JSCell9getUInt32ERj
 __ZNK3JSC7ArgList8getSliceEiRS0_
+__ZNK3JSC7JSValue16toObjectSlowCaseEPNS_9ExecStateE
+__ZNK3JSC7JSValue19synthesizePrototypeEPNS_9ExecStateE
+__ZNK3JSC7JSValue20toThisObjectSlowCaseEPNS_9ExecStateE
 __ZNK3JSC7JSValue9toIntegerEPNS_9ExecStateE
 __ZNK3JSC7UString10UTF8StringEb
@@ -378 +374 @@
 __ZTVN3JSC16InternalFunctionE
 __ZTVN3JSC16JSVariableObjectE
+__ZTVN3JSC17JSAPIValueWrapperE
 __ZTVN3JSC8JSObjectE
 __ZTVN3JSC8JSStringE

trunk/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj

@@ -706 +706 @@
                         <File
                                 RelativePath="..\..\runtime\JSActivation.h"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\JSAPIValueWrapper.cpp"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\JSAPIValueWrapper.h"
                                 >
                         </File>

trunk/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -120 +120 @@
                 7E4EE70F0EBB7A5B005934AA /* StructureChain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7E4EE70E0EBB7A5B005934AA /* StructureChain.cpp */; };
                 7EFF00640EC05A9A00AA7C93 /* NodeInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 7EFF00630EC05A9A00AA7C93 /* NodeInfo.h */; };
+                840480131021A1D9008E7F01 /* JSAPIValueWrapper.h in Headers */ = {isa = PBXBuildFile; fileRef = BC0894D60FAFBA2D00001865 /* JSAPIValueWrapper.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 860161E30F3A83C100F84710 /* AbstractMacroAssembler.h in Headers */ = {isa = PBXBuildFile; fileRef = 860161DF0F3A83C100F84710 /* AbstractMacroAssembler.h */; };
                 860161E40F3A83C100F84710 /* MacroAssemblerX86.h in Headers */ = {isa = PBXBuildFile; fileRef = 860161E00F3A83C100F84710 /* MacroAssemblerX86.h */; };
@@ -770 +771 @@
                 BC02E9B80E184545000F9297 /* GetterSetter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GetterSetter.cpp; sourceTree = "<group>"; };
                 BC02E9B90E184580000F9297 /* JSNumberCell.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSNumberCell.cpp; sourceTree = "<group>"; };
+                BC0894D50FAFBA2D00001865 /* JSAPIValueWrapper.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = JSAPIValueWrapper.cpp; path = ../runtime/JSAPIValueWrapper.cpp; sourceTree = "<group>"; };
+                BC0894D60FAFBA2D00001865 /* JSAPIValueWrapper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = JSAPIValueWrapper.h; path = ../runtime/JSAPIValueWrapper.h; sourceTree = "<group>"; };
                 BC1166000E1997B1008066DD /* DateInstance.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DateInstance.cpp; sourceTree = "<group>"; };
                 BC1166010E1997B1008066DD /* DateInstance.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DateInstance.h; sourceTree = "<group>"; };
@@ -1079 +1082 @@
                                 1CAA8B4A0D32C39A0041BCFF /* JavaScript.h */,
                                 1CAA8B4B0D32C39A0041BCFF /* JavaScriptCore.h */,
+                                BC0894D50FAFBA2D00001865 /* JSAPIValueWrapper.cpp */,
+                                BC0894D60FAFBA2D00001865 /* JSAPIValueWrapper.h */,
                                 1421359A0A677F4F00A8195E /* JSBase.cpp */,
                                 142711380A460BBB0080EEEA /* JSBase.h */,
@@ -1723 +1728 @@
                                 14C5242B0F5355E900BA3D04 /* JITStubs.h in Headers */,
                                 BC18C4160E16F5CD00B34460 /* JSActivation.h in Headers */,
+                                840480131021A1D9008E7F01 /* JSAPIValueWrapper.h in Headers */,
                                 BC18C4170E16F5CD00B34460 /* JSArray.h in Headers */,
                                 BC18C4180E16F5CD00B34460 /* JSBase.h in Headers */,

trunk/JavaScriptCore/assembler/AbstractMacroAssembler.h

@@ -379 +379 @@
 
     public:
+        typedef Vector<Jump, 16> JumpVector;
+
         void link(AbstractMacroAssembler<AssemblerType>* masm)
         {
@@ -409 +411 @@
             return !m_jumps.size();
         }
+        
+        const JumpVector& jumps() { return m_jumps; }
 
     private:
-        Vector<Jump, 16> m_jumps;
+        JumpVector m_jumps;
     };
 

trunk/JavaScriptCore/assembler/MacroAssemblerX86.h

@@ -52 +52 @@
     using MacroAssemblerX86Common::branch32;
     using MacroAssemblerX86Common::call;
+    using MacroAssemblerX86Common::loadDouble;
+    using MacroAssemblerX86Common::convertInt32ToDouble;
 
     void add32(Imm32 imm, RegisterID src, RegisterID dest)
@@ -86 +88 @@
     {
         m_assembler.movl_mr(address, dest);
+    }
+
+    void loadDouble(void* address, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.movsd_mr(address, dest);
+    }
+
+    void convertInt32ToDouble(AbsoluteAddress src, FPRegisterID dest)
+    {
+        m_assembler.cvtsi2sd_mr(src.m_ptr, dest);
     }
 

trunk/JavaScriptCore/assembler/MacroAssemblerX86Common.h

@@ -58 +58 @@
     enum DoubleCondition {
         DoubleEqual = X86Assembler::ConditionE,
+        DoubleNotEqual = X86Assembler::ConditionNE,
         DoubleGreaterThan = X86Assembler::ConditionA,
         DoubleGreaterThanOrEqual = X86Assembler::ConditionAE,
@@ -92 +93 @@
         m_assembler.addl_mr(src.offset, src.base, dest);
     }
+
+    void add32(RegisterID src, Address dest)
+    {
+        m_assembler.addl_rm(src, dest.offset, dest.base);
+    }
     
     void and32(RegisterID src, RegisterID dest)
@@ -101 +107 @@
     {
         m_assembler.andl_ir(imm.m_value, dest);
+    }
+
+    void and32(RegisterID src, Address dest)
+    {
+        m_assembler.andl_rm(src, dest.offset, dest.base);
+    }
+
+    void and32(Address src, RegisterID dest)
+    {
+        m_assembler.andl_mr(src.offset, src.base, dest);
     }
 
@@ -139 +155 @@
         m_assembler.imull_rr(src, dest);
     }
+
+    void mul32(Address src, RegisterID dest)
+    {
+        m_assembler.imull_mr(src.offset, src.base, dest);
+    }
     
     void mul32(Imm32 imm, RegisterID src, RegisterID dest)
@@ -144 +165 @@
         m_assembler.imull_i32r(src, imm.m_value, dest);
     }
-    
+
+    void neg32(RegisterID srcDest)
+    {
+        m_assembler.negl_r(srcDest);
+    }
+
+    void neg32(Address srcDest)
+    {
+        m_assembler.negl_m(srcDest.offset, srcDest.base);
+    }
+
     void not32(RegisterID srcDest)
     {
         m_assembler.notl_r(srcDest);
     }
+
+    void not32(Address srcDest)
+    {
+        m_assembler.notl_m(srcDest.offset, srcDest.base);
+    }
     
     void or32(RegisterID src, RegisterID dest)
@@ -158 +194 @@
     {
         m_assembler.orl_ir(imm.m_value, dest);
+    }
+
+    void or32(RegisterID src, Address dest)
+    {
+        m_assembler.orl_rm(src, dest.offset, dest.base);
+    }
+
+    void or32(Address src, RegisterID dest)
+    {
+        m_assembler.orl_mr(src.offset, src.base, dest);
     }
 
@@ -212 +258 @@
     }
 
+    void sub32(RegisterID src, Address dest)
+    {
+        m_assembler.subl_rm(src, dest.offset, dest.base);
+    }
+
+
     void xor32(RegisterID src, RegisterID dest)
     {
@@ -217 +269 @@
     }
 
-    void xor32(Imm32 imm, RegisterID srcDest)
-    {
-        m_assembler.xorl_ir(imm.m_value, srcDest);
+    void xor32(Imm32 imm, Address dest)
+    {
+        m_assembler.xorl_im(imm.m_value, dest.offset, dest.base);
+    }
+
+    void xor32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.xorl_ir(imm.m_value, dest);
+    }
+
+    void xor32(RegisterID src, Address dest)
+    {
+        m_assembler.xorl_rm(src, dest.offset, dest.base);
+    }
+
+    void xor32(Address src, RegisterID dest)
+    {
+        m_assembler.xorl_mr(src.offset, src.base, dest);
     }
     
@@ -301 +368 @@
     }
 
+    void divDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.divsd_rr(src, dest);
+    }
+
+    void divDouble(Address src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.divsd_mr(src.offset, src.base, dest);
+    }
+
     void subDouble(FPRegisterID src, FPRegisterID dest)
     {
@@ -331 +410 @@
     }
 
+    void convertInt32ToDouble(Address src, FPRegisterID dest)
+    {
+        m_assembler.cvtsi2sd_mr(src.offset, src.base, dest);
+    }
+
     Jump branchDouble(DoubleCondition cond, FPRegisterID left, FPRegisterID right)
     {
         ASSERT(isSSE2Present());
         m_assembler.ucomisd_rr(right, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchDouble(DoubleCondition cond, FPRegisterID left, Address right)
+    {
+        m_assembler.ucomisd_mr(right.offset, right.base, left);
         return Jump(m_assembler.jCC(x86Condition(cond)));
     }
@@ -347 +437 @@
         m_assembler.cvttsd2si_rr(src, dest);
         return branch32(Equal, dest, Imm32(0x80000000));
+    }
+
+    void zeroDouble(FPRegisterID srcDest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.xorpd_rr(srcDest, srcDest);
     }
 
@@ -398 +494 @@
         // Note: on 64-bit this is is a full register move; perhaps it would be
         // useful to have separate move32 & movePtr, with move32 zero extending?
-        m_assembler.movq_rr(src, dest);
+        if (src != dest)
+            m_assembler.movq_rr(src, dest);
     }
 
@@ -606 +703 @@
     }
     
+    Jump branchAdd32(Condition cond, Imm32 src, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchAdd32(Condition cond, RegisterID src, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchAdd32(Condition cond, Address src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
     Jump branchMul32(Condition cond, RegisterID src, RegisterID dest)
     {
@@ -612 +730 @@
         return Jump(m_assembler.jCC(x86Condition(cond)));
     }
+
+    Jump branchMul32(Condition cond, Address src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        mul32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
     
     Jump branchMul32(Condition cond, Imm32 imm, RegisterID src, RegisterID dest)
@@ -633 +758 @@
         return Jump(m_assembler.jCC(x86Condition(cond)));
     }
-    
+
+    Jump branchSub32(Condition cond, Imm32 imm, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        sub32(imm, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, RegisterID src, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        sub32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, Address src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        sub32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchOr32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Signed) || (cond == Zero) || (cond == NonZero));
+        or32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
 
     // Miscellaneous operations:
@@ -660 +813 @@
     {
         m_assembler.ret();
+    }
+
+    void set8(Condition cond, RegisterID left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmpl_rr(right, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
+    void set8(Condition cond, Address left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmpl_mr(left.offset, left.base, right);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
+    void set8(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        if (((cond == Equal) || (cond == NotEqual)) && !right.m_value)
+            m_assembler.testl_rr(left, left);
+        else
+            m_assembler.cmpl_ir(right.m_value, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
     }
 
@@ -683 +857 @@
     // dest-src, operations always have a dest? ... possibly not true, considering
     // asm ops like test, or pseudo ops like pop().
+
+    void setTest8(Condition cond, Address address, Imm32 mask, RegisterID dest)
+    {
+        if (mask.m_value == -1)
+            m_assembler.cmpl_im(0, address.offset, address.base);
+        else
+            m_assembler.testl_i32m(mask.m_value, address.offset, address.base);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
     void setTest32(Condition cond, Address address, Imm32 mask, RegisterID dest)
     {

trunk/JavaScriptCore/assembler/MacroAssemblerX86_64.h

@@ -51 +51 @@
     using MacroAssemblerX86Common::store32;
     using MacroAssemblerX86Common::call;
+    using MacroAssemblerX86Common::loadDouble;
+    using MacroAssemblerX86Common::convertInt32ToDouble;
 
     void add32(Imm32 imm, AbsoluteAddress address)
@@ -85 +87 @@
             swap(X86::eax, dest);
         }
+    }
+
+    void loadDouble(void* address, FPRegisterID dest)
+    {
+        move(ImmPtr(address), scratchRegister);
+        loadDouble(scratchRegister, dest);
+    }
+
+    void convertInt32ToDouble(AbsoluteAddress src, FPRegisterID dest)
+    {
+        move(Imm32(*static_cast<int32_t*>(src.m_ptr)), scratchRegister);
+        m_assembler.cvtsi2sd_rr(scratchRegister, dest);
     }
 

trunk/JavaScriptCore/assembler/X86Assembler.h

@@ -115 +115 @@
         OP_2BYTE_ESCAPE                 = 0x0F,
         OP_AND_EvGv                     = 0x21,
+        OP_AND_GvEv                     = 0x23,
         OP_SUB_EvGv                     = 0x29,
         OP_SUB_GvEv                     = 0x2B,
         PRE_PREDICT_BRANCH_NOT_TAKEN    = 0x2E,
         OP_XOR_EvGv                     = 0x31,
+        OP_XOR_GvEv                     = 0x33,
         OP_CMP_EvGv                     = 0x39,
         OP_CMP_GvEv                     = 0x3B,
@@ -170 +172 @@
         OP2_MULSD_VsdWsd    = 0x59,
         OP2_SUBSD_VsdWsd    = 0x5C,
+        OP2_DIVSD_VsdWsd    = 0x5E,
+        OP2_XORPD_VpdWpd    = 0x57,
         OP2_MOVD_VdEd       = 0x6E,
         OP2_MOVD_EdVd       = 0x7E,
@@ -206 +210 @@
         GROUP3_OP_TEST = 0,
         GROUP3_OP_NOT  = 2,
+        GROUP3_OP_NEG  = 3,
         GROUP3_OP_IDIV = 7,
 
@@ -320 +325 @@
     }
 
+    void addl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_ADD_EvGv, src, base, offset);
+    }
+
     void addl_ir(int imm, RegisterID dst)
     {
@@ -387 +397 @@
     }
 
+    void andl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_AND_GvEv, dst, base, offset);
+    }
+
+    void andl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_AND_EvGv, src, base, offset);
+    }
+
     void andl_ir(int imm, RegisterID dst)
     {
@@ -438 +458 @@
 #endif
 
+    void negl_r(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NEG, dst);
+    }
+
+    void negl_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NEG, base, offset);
+    }
+
     void notl_r(RegisterID dst)
     {
@@ -443 +473 @@
     }
 
+    void notl_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NOT, base, offset);
+    }
+
     void orl_rr(RegisterID src, RegisterID dst)
     {
@@ -451 +486 @@
     {
         m_formatter.oneByteOp(OP_OR_GvEv, dst, base, offset);
+    }
+
+    void orl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_OR_EvGv, src, base, offset);
     }
 
@@ -514 +554 @@
     }
 
+    void subl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_SUB_EvGv, src, base, offset);
+    }
+
     void subl_ir(int imm, RegisterID dst)
     {
@@ -568 +613 @@
     {
         m_formatter.oneByteOp(OP_XOR_EvGv, src, dst);
+    }
+
+    void xorl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_XOR_GvEv, dst, base, offset);
+    }
+
+    void xorl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_XOR_EvGv, src, base, offset);
+    }
+
+    void xorl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_XOR, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_XOR, base, offset);
+            m_formatter.immediate32(imm);
+        }
     }
 
@@ -650 +716 @@
         m_formatter.twoByteOp(OP2_IMUL_GvEv, dst, src);
     }
-    
+
+    void imull_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.twoByteOp(OP2_IMUL_GvEv, dst, base, offset);
+    }
+
     void imull_i32r(RegisterID src, int32_t value, RegisterID dst)
     {
@@ -1155 +1226 @@
     }
     
+    JmpSrc jz()
+    {
+        return je();
+    }
+
     JmpSrc jl()
     {
@@ -1247 +1323 @@
     }
 
+    void cvtsi2sd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_CVTSI2SD_VsdEd, (RegisterID)dst, base, offset);
+    }
+
+#if !PLATFORM(X86_64)
+    void cvtsi2sd_mr(void* address, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_CVTSI2SD_VsdEd, (RegisterID)dst, address);
+    }
+#endif
+
     void cvttsd2si_rr(XMMRegisterID src, RegisterID dst)
     {
@@ -1284 +1374 @@
         m_formatter.twoByteOp(OP2_MOVSD_VsdWsd, (RegisterID)dst, base, offset);
     }
+
+#if !PLATFORM(X86_64)
+    void movsd_mr(void* address, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_MOVSD_VsdWsd, (RegisterID)dst, address);
+    }
+#endif
 
     void mulsd_rr(XMMRegisterID src, XMMRegisterID dst)
@@ -1320 +1418 @@
         m_formatter.prefix(PRE_SSE_66);
         m_formatter.twoByteOp(OP2_UCOMISD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void ucomisd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_UCOMISD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void divsd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_DIVSD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void divsd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_DIVSD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void xorpd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_XORPD_VpdWpd, (RegisterID)dst, (RegisterID)src);
     }
 
@@ -1605 +1727 @@
             memoryModRM(reg, base, index, scale, offset);
         }
+
+#if !PLATFORM(X86_64)
+        void twoByteOp(TwoByteOpcodeID opcode, int reg, void* address)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, address);
+        }
+#endif
 
 #if PLATFORM(X86_64)

trunk/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -58 +58 @@
 static UString valueToSourceString(ExecState* exec, JSValue val)
 {
+    if (!val)
+        return "0";
+
     if (val.isString()) {
         UString result("\"");
@@ -596 +599 @@
         case op_div: {
             printBinaryOp(location, it, "div");
+            ++it;
             break;
         }
@@ -738 +742 @@
             int id0 = (++it)->u.operand;
             printf("[%4d] resolve_with_base %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), idName(id0, m_identifiers[id0]).c_str());
-            break;
-        }
-        case op_resolve_func: {
-            int r0 = (++it)->u.operand;
-            int r1 = (++it)->u.operand;
-            int id0 = (++it)->u.operand;
-            printf("[%4d] resolve_func\t %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), idName(id0, m_identifiers[id0]).c_str());
             break;
         }
@@ -1328 +1325 @@
     }
 
+#if ENABLE(JIT_OPTIMIZE_CALL)
     unlinkCallers();
 #endif
+
+#endif // !ENABLE(JIT)
 
 #if DUMP_CODE_BLOCK_STATISTICS
@@ -1336 +1336 @@
 }
 
-#if ENABLE(JIT) 
+#if ENABLE(JIT_OPTIMIZE_CALL)
 void CodeBlock::unlinkCallers()
 {

trunk/JavaScriptCore/bytecode/CodeBlock.h

@@ -235 +235 @@
         void refStructures(Instruction* vPC) const;
         void derefStructures(Instruction* vPC) const;
-#if ENABLE(JIT)
+#if ENABLE(JIT_OPTIMIZE_CALL)
         void unlinkCallers();
 #endif

trunk/JavaScriptCore/bytecode/Opcode.h

@@ -68 +68 @@
         macro(op_add, 5) \
         macro(op_mul, 5) \
-        macro(op_div, 4) \
+        macro(op_div, 5) \
         macro(op_mod, 4) \
         macro(op_sub, 5) \
@@ -99 +99 @@
         macro(op_resolve_base, 3) \
         macro(op_resolve_with_base, 4) \
-        macro(op_resolve_func, 4) \
         macro(op_get_by_id, 8) \
         macro(op_get_by_id_self, 8) \

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -328 +328 @@
         emitOpcode(op_enter);
 
-     if (usesArguments) {
+    if (usesArguments) {
         emitOpcode(op_init_arguments);
 
@@ -862 +862 @@
 
     if (opcodeID == op_bitor || opcodeID == op_bitand || opcodeID == op_bitxor ||
-        opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub) {
+        opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub || opcodeID == op_div)
         instructions().append(types.toInt());
-    }
 
     return dst;
@@ -1184 +1183 @@
 }
 
-RegisterID* BytecodeGenerator::emitResolveFunction(RegisterID* baseDst, RegisterID* funcDst, const Identifier& property)
-{
-    emitOpcode(op_resolve_func);
-    instructions().append(baseDst->index());
-    instructions().append(funcDst->index());
-    instructions().append(addConstant(property));
-    return baseDst;
-}
-
 void BytecodeGenerator::emitMethodCheck()
 {
@@ -1806 +1796 @@
     instructions().append(retAddrDst->index());
     instructions().append(finally->offsetFrom(instructions().size()));
+    emitLabel(newLabel().get()); // Record the fact that the next instruction is implicitly labeled, because op_sret will return to it.
     return finally;
 }
@@ -1859 +1850 @@
     double value = static_cast<NumberNode*>(node)->value();
     int32_t key = static_cast<int32_t>(value);
-    ASSERT(JSValue::makeInt32Fast(key) && (JSValue::makeInt32Fast(key).getInt32Fast() == value));
     ASSERT(key == value);
     ASSERT(key >= min);

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -277 +277 @@
         RegisterID* emitResolveBase(RegisterID* dst, const Identifier& property);
         RegisterID* emitResolveWithBase(RegisterID* baseDst, RegisterID* propDst, const Identifier& property);
-        RegisterID* emitResolveFunction(RegisterID* baseDst, RegisterID* funcDst, const Identifier& property);
 
         void emitMethodCheck();
@@ -356 +355 @@
         PassRefPtr<Label> emitComplexJumpScopes(Label* target, ControlFlowContext* topScope, ControlFlowContext* bottomScope);
 
-        typedef HashMap<EncodedJSValue, unsigned, PtrHash<EncodedJSValue>, JSValueHashTraits> JSValueMap;
+        typedef HashMap<EncodedJSValue, unsigned, EncodedJSValueHash, EncodedJSValueHashTraits> JSValueMap;
 
         struct IdentifierMapIndexHashTraits {

trunk/JavaScriptCore/interpreter/CallFrame.h

@@ -106 +106 @@
         Instruction* returnPC() const { return this[RegisterFile::ReturnPC].vPC(); }
 
-        void setCalleeArguments(Arguments* arguments) { this[RegisterFile::OptionalCalleeArguments] = arguments; }
+        void setCalleeArguments(JSValue arguments) { this[RegisterFile::OptionalCalleeArguments] = arguments; }
         void setCallerFrame(CallFrame* callerFrame) { this[RegisterFile::CallerFrame] = callerFrame; }
         void setScopeChain(ScopeChainNode* scopeChain) { this[RegisterFile::ScopeChain] = scopeChain; }
@@ -119 +119 @@
             setCallerFrame(callerFrame);
             this[RegisterFile::ReturnPC] = vPC; // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
-            this[RegisterFile::ReturnValueRegister] = returnValueRegister;
+            this[RegisterFile::ReturnValueRegister] = Register::withInt(returnValueRegister);
             setArgumentCount(argc); // original argument count (for the sake of the "arguments" object)
             setCallee(function);
-            setCalleeArguments(0);
+            setCalleeArguments(JSValue());
         }
 
@@ -136 +136 @@
 
     private:
-        void setArgumentCount(int count) { this[RegisterFile::ArgumentCount] = count; }
+        void setArgumentCount(int count) { this[RegisterFile::ArgumentCount] = Register::withInt(count); }
         void setCallee(JSFunction* callee) { this[RegisterFile::Callee] = callee; }
         void setCodeBlock(CodeBlock* codeBlock) { this[RegisterFile::CodeBlock] = codeBlock; }

trunk/JavaScriptCore/interpreter/CallFrameClosure.h

@@ -50 +50 @@
     {
         newCallFrame->setScopeChain(scopeChain);
-        newCallFrame->setCalleeArguments(0);
+        newCallFrame->setCalleeArguments(JSValue());
         for (int i = providedParams; i < expectedParams; ++i)
             newCallFrame[i - RegisterFile::CallFrameHeaderSize - expectedParams] = jsUndefined();

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -381 +381 @@
 {
     printf("Register frame: \n\n");
-    printf("----------------------------------------------------\n");
-    printf("            use            |   address  |   value   \n");
-    printf("----------------------------------------------------\n");
+    printf("-----------------------------------------------------------------------------\n");
+    printf("            use            |   address  |                value               \n");
+    printf("-----------------------------------------------------------------------------\n");
 
     CodeBlock* codeBlock = callFrame->codeBlock();
@@ -389 +389 @@
     const Register* it;
     const Register* end;
+    JSValue v;
 
     if (codeBlock->codeType() == GlobalCode) {
@@ -394 +395 @@
         end = it + registerFile->numGlobals();
         while (it != end) {
-            printf("[global var]               | %10p | %10p \n", it, (*it).v());
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[global var]               | %10p | %-16s 0x%llx \n", it, v.description(), JSValue::encode(v));
+#else
+            printf("[global var]               | %10p | %-16s %p \n", it, v.description(), JSValue::encode(v));
+#endif
             ++it;
         }
-        printf("----------------------------------------------------\n");
+        printf("-----------------------------------------------------------------------------\n");
     }
     
     it = callFrame->registers() - RegisterFile::CallFrameHeaderSize - codeBlock->m_numParameters;
-    printf("[this]                     | %10p | %10p \n", it, (*it).v()); ++it;
+    v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+    printf("[this]                     | %10p | %-16s 0x%llx \n", it, v.description(), JSValue::encode(v)); ++it;
+#else
+    printf("[this]                     | %10p | %-16s %p \n", it, v.description(), JSValue::encode(v)); ++it;
+#endif
     end = it + max(codeBlock->m_numParameters - 1, 0); // - 1 to skip "this"
     if (it != end) {
         do {
-            printf("[param]                    | %10p | %10p \n", it, (*it).v());
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[param]                    | %10p | %-16s 0x%llx \n", it, v.description(), JSValue::encode(v));
+#else
+            printf("[param]                    | %10p | %-16s %p \n", it, v.description(), JSValue::encode(v));
+#endif
             ++it;
         } while (it != end);
     }
-    printf("----------------------------------------------------\n");
-
-    printf("[CodeBlock]                | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ScopeChain]               | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[CallerRegisters]          | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ReturnPC]                 | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ReturnValueRegister]      | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[ArgumentCount]            | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[Callee]                   | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("[OptionalCalleeArguments]  | %10p | %10p \n", it, (*it).v()); ++it;
-    printf("----------------------------------------------------\n");
+    printf("-----------------------------------------------------------------------------\n");
+    printf("[CodeBlock]                | %10p | %p \n", it, (*it).codeBlock()); ++it;
+    printf("[ScopeChain]               | %10p | %p \n", it, (*it).scopeChain()); ++it;
+    printf("[CallerRegisters]          | %10p | %d \n", it, (*it).i()); ++it;
+    printf("[ReturnPC]                 | %10p | %p \n", it, (*it).vPC()); ++it;
+    printf("[ReturnValueRegister]      | %10p | %d \n", it, (*it).i()); ++it;
+    printf("[ArgumentCount]            | %10p | %d \n", it, (*it).i()); ++it;
+    printf("[Callee]                   | %10p | %p \n", it, (*it).function()); ++it;
+    printf("[OptionalCalleeArguments]  | %10p | %p \n", it, (*it).arguments()); ++it;
+    printf("-----------------------------------------------------------------------------\n");
 
     int registerCount = 0;
@@ -426 +441 @@
     if (it != end) {
         do {
-            printf("[r%2d]                      | %10p | %10p \n", registerCount, it, (*it).v());
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[r%2d]                      | %10p | %-16s 0x%llx \n", registerCount, it, v.description(), JSValue::encode(v));
+#else
+            printf("[r%2d]                      | %10p | %-16s %p \n", registerCount, it, v.description(), JSValue::encode(v));
+#endif
             ++it;
             ++registerCount;
         } while (it != end);
     }
-    printf("----------------------------------------------------\n");
+    printf("-----------------------------------------------------------------------------\n");
 
     end = it + codeBlock->m_numCalleeRegisters - codeBlock->m_numVars;
     if (it != end) {
         do {
-            printf("[r%2d]                      | %10p | %10p \n", registerCount, it, (*it).v());
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[r%2d]                      | %10p | %-16s 0x%llx \n", registerCount, it, v.description(), JSValue::encode(v));
+#else
+            printf("[r%2d]                      | %10p | %-16s %p \n", registerCount, it, v.description(), JSValue::encode(v));
+#endif
             ++it;
             ++registerCount;
         } while (it != end);
     }
-    printf("----------------------------------------------------\n");
+    printf("-----------------------------------------------------------------------------\n");
 }
 
@@ -1112 +1137 @@
 
 #if ENABLE(JIT)
-    // Currently with CTI enabled we never interpret functions
+    // Mixing Interpreter + JIT is not supported.
     ASSERT_NOT_REACHED();
 #endif
@@ -1242 +1267 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
-            callFrame->r(dst) = JSFastMath::equal(src1, src2);
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsBoolean(src1.asInt32() == src2.asInt32());
         else {
             JSValue result = jsBoolean(JSValue::equalSlowCase(callFrame, src1, src2));
@@ -1282 +1307 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
-            callFrame->r(dst) = JSFastMath::notEqual(src1, src2);
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsBoolean(src1.asInt32() != src2.asInt32());
         else {
             JSValue result = jsBoolean(!JSValue::equalSlowCase(callFrame, src1, src2));
@@ -1384 +1409 @@
         int srcDst = (++vPC)->u.operand;
         JSValue v = callFrame->r(srcDst).jsValue();
-        if (JSFastMath::canDoFastAdditiveOperations(v))
-            callFrame->r(srcDst) = JSValue(JSFastMath::incImmediateNumber(v));
+        if (v.isInt32() && v.asInt32() < INT_MAX)
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() + 1);
         else {
             JSValue result = jsNumber(callFrame, v.toNumber(callFrame) + 1);
@@ -1403 +1428 @@
         int srcDst = (++vPC)->u.operand;
         JSValue v = callFrame->r(srcDst).jsValue();
-        if (JSFastMath::canDoFastAdditiveOperations(v))
-            callFrame->r(srcDst) = JSValue(JSFastMath::decImmediateNumber(v));
+        if (v.isInt32() && v.asInt32() > INT_MIN)
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() - 1);
         else {
             JSValue result = jsNumber(callFrame, v.toNumber(callFrame) - 1);
@@ -1424 +1449 @@
         int srcDst = (++vPC)->u.operand;
         JSValue v = callFrame->r(srcDst).jsValue();
-        if (JSFastMath::canDoFastAdditiveOperations(v)) {
+        if (v.isInt32() && v.asInt32() < INT_MAX) {
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() + 1);
             callFrame->r(dst) = v;
-            callFrame->r(srcDst) = JSValue(JSFastMath::incImmediateNumber(v));
         } else {
             JSValue number = callFrame->r(srcDst).jsValue().toJSNumber(callFrame);
             CHECK_FOR_EXCEPTION();
+            callFrame->r(srcDst) = jsNumber(callFrame, number.uncheckedGetNumber() + 1);
             callFrame->r(dst) = number;
-            callFrame->r(srcDst) = JSValue(jsNumber(callFrame, number.uncheckedGetNumber() + 1));
         }
 
@@ -1447 +1472 @@
         int srcDst = (++vPC)->u.operand;
         JSValue v = callFrame->r(srcDst).jsValue();
-        if (JSFastMath::canDoFastAdditiveOperations(v)) {
+        if (v.isInt32() && v.asInt32() > INT_MIN) {
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() - 1);
             callFrame->r(dst) = v;
-            callFrame->r(srcDst) = JSValue(JSFastMath::decImmediateNumber(v));
         } else {
             JSValue number = callFrame->r(srcDst).jsValue().toJSNumber(callFrame);
             CHECK_FOR_EXCEPTION();
+            callFrame->r(srcDst) = jsNumber(callFrame, number.uncheckedGetNumber() - 1);
             callFrame->r(dst) = number;
-            callFrame->r(srcDst) = JSValue(jsNumber(callFrame, number.uncheckedGetNumber() - 1));
         }
 
@@ -1490 +1515 @@
         int dst = (++vPC)->u.operand;
         JSValue src = callFrame->r((++vPC)->u.operand).jsValue();
-        ++vPC;
-        double v;
-        if (src.getNumber(v))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, -v));
+        if (src.isInt32() && src.asInt32())
+            callFrame->r(dst) = jsNumber(callFrame, -src.asInt32());
         else {
             JSValue result = jsNumber(callFrame, -src.toNumber(callFrame));
@@ -1500 +1523 @@
         }
 
+        ++vPC;
         NEXT_INSTRUCTION();
     }
@@ -1512 +1536 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        if (JSFastMath::canDoFastAdditiveOperations(src1, src2))
-            callFrame->r(dst) = JSValue(JSFastMath::addImmediateNumbers(src1, src2));
+        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() & 0xc0000000)) // no overflow
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() + src2.asInt32());
         else {
             JSValue result = jsAdd(callFrame, src1, src2);
@@ -1531 +1555 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        double left;
-        double right;
-        if (JSValue::areBothInt32Fast(src1, src2)) {
-            int32_t left = src1.getInt32Fast();
-            int32_t right = src2.getInt32Fast();
-            if ((left | right) >> 15 == 0)
-                callFrame->r(dst) = JSValue(jsNumber(callFrame, left * right));
-            else
-                callFrame->r(dst) = JSValue(jsNumber(callFrame, static_cast<double>(left) * static_cast<double>(right)));
-        } else if (src1.getNumber(left) && src2.getNumber(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left * right));
+        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() >> 15)) // no overflow
+                callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() * src2.asInt32());
         else {
             JSValue result = jsNumber(callFrame, src1.toNumber(callFrame) * src2.toNumber(callFrame));
@@ -1561 +1576 @@
         JSValue dividend = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue divisor = callFrame->r((++vPC)->u.operand).jsValue();
-        double left;
-        double right;
-        if (dividend.getNumber(left) && divisor.getNumber(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left / right));
-        else {
-            JSValue result = jsNumber(callFrame, dividend.toNumber(callFrame) / divisor.toNumber(callFrame));
-            CHECK_FOR_EXCEPTION();
-            callFrame->r(dst) = result;
-        }
-        ++vPC;
+
+        JSValue result = jsNumber(callFrame, dividend.toNumber(callFrame) / divisor.toNumber(callFrame));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+
+        vPC += 2;
         NEXT_INSTRUCTION();
     }
@@ -1581 +1592 @@
         */
         int dst = (++vPC)->u.operand;
-        int dividend = (++vPC)->u.operand;
-        int divisor = (++vPC)->u.operand;
-
-        JSValue dividendValue = callFrame->r(dividend).jsValue();
-        JSValue divisorValue = callFrame->r(divisor).jsValue();
-
-        if (JSValue::areBothInt32Fast(dividendValue, divisorValue) && divisorValue != jsNumber(callFrame, 0)) {
-            // We expect the result of the modulus of a number that was representable as an int32 to also be representable
-            // as an int32.
-            JSValue result = JSValue::makeInt32Fast(dividendValue.getInt32Fast() % divisorValue.getInt32Fast());
+        JSValue dividend = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue divisor = callFrame->r((++vPC)->u.operand).jsValue();
+
+        if (dividend.isInt32() && divisor.isInt32() && divisor.asInt32() != 0) {
+            JSValue result = jsNumber(callFrame, dividend.asInt32() % divisor.asInt32());
             ASSERT(result);
             callFrame->r(dst) = result;
@@ -1597 +1603 @@
         }
 
-        double d = dividendValue.toNumber(callFrame);
-        JSValue result = jsNumber(callFrame, fmod(d, divisorValue.toNumber(callFrame)));
+        // Conversion to double must happen outside the call to fmod since the
+        // order of argument evaluation is not guaranteed.
+        double d1 = dividend.toNumber(callFrame);
+        double d2 = divisor.toNumber(callFrame);
+        JSValue result = jsNumber(callFrame, fmod(d1, d2));
         CHECK_FOR_EXCEPTION();
         callFrame->r(dst) = result;
@@ -1614 +1623 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        double left;
-        double right;
-        if (JSFastMath::canDoFastAdditiveOperations(src1, src2))
-            callFrame->r(dst) = JSValue(JSFastMath::subImmediateNumbers(src1, src2));
-        else if (src1.getNumber(left) && src2.getNumber(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left - right));
+        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() & 0xc0000000)) // no overflow
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() - src2.asInt32());
         else {
             JSValue result = jsNumber(callFrame, src1.toNumber(callFrame) - src2.toNumber(callFrame));
@@ -1638 +1643 @@
         JSValue val = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue shift = callFrame->r((++vPC)->u.operand).jsValue();
-        int32_t left;
-        uint32_t right;
-        if (JSValue::areBothInt32Fast(val, shift))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, val.getInt32Fast() << (shift.getInt32Fast() & 0x1f)));
-        else if (val.numberToInt32(left) && shift.numberToUInt32(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left << (right & 0x1f)));
+
+        if (val.isInt32() && shift.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, val.asInt32() << (shift.asInt32() & 0x1f));
         else {
             JSValue result = jsNumber(callFrame, (val.toInt32(callFrame)) << (shift.toUInt32(callFrame) & 0x1f));
@@ -1663 +1665 @@
         JSValue val = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue shift = callFrame->r((++vPC)->u.operand).jsValue();
-        int32_t left;
-        uint32_t right;
-        if (JSFastMath::canDoFastRshift(val, shift))
-            callFrame->r(dst) = JSValue(JSFastMath::rightShiftImmediateNumbers(val, shift));
-        else if (val.numberToInt32(left) && shift.numberToUInt32(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left >> (right & 0x1f)));
+
+        if (val.isInt32() && shift.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, val.asInt32() >> (shift.asInt32() & 0x1f));
         else {
             JSValue result = jsNumber(callFrame, (val.toInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
@@ -1688 +1687 @@
         JSValue val = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue shift = callFrame->r((++vPC)->u.operand).jsValue();
-        if (JSFastMath::canDoFastUrshift(val, shift))
-            callFrame->r(dst) = JSValue(JSFastMath::rightShiftImmediateNumbers(val, shift));
+        if (val.isUInt32() && shift.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, val.asInt32() >> (shift.asInt32() & 0x1f));
         else {
             JSValue result = jsNumber(callFrame, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
@@ -1709 +1708 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        int32_t left;
-        int32_t right;
-        if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
-            callFrame->r(dst) = JSValue(JSFastMath::andImmediateNumbers(src1, src2));
-        else if (src1.numberToInt32(left) && src2.numberToInt32(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left & right));
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() & src2.asInt32());
         else {
             JSValue result = jsNumber(callFrame, src1.toInt32(callFrame) & src2.toInt32(callFrame));
@@ -1734 +1729 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        int32_t left;
-        int32_t right;
-        if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
-            callFrame->r(dst) = JSValue(JSFastMath::xorImmediateNumbers(src1, src2));
-        else if (src1.numberToInt32(left) && src2.numberToInt32(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left ^ right));
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() ^ src2.asInt32());
         else {
             JSValue result = jsNumber(callFrame, src1.toInt32(callFrame) ^ src2.toInt32(callFrame));
@@ -1759 +1750 @@
         JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
         JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
-        int32_t left;
-        int32_t right;
-        if (JSFastMath::canDoFastBitwiseOperations(src1, src2))
-            callFrame->r(dst) = JSValue(JSFastMath::orImmediateNumbers(src1, src2));
-        else if (src1.numberToInt32(left) && src2.numberToInt32(right))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, left | right));
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() | src2.asInt32());
         else {
             JSValue result = jsNumber(callFrame, src1.toInt32(callFrame) | src2.toInt32(callFrame));
@@ -1782 +1769 @@
         int dst = (++vPC)->u.operand;
         JSValue src = callFrame->r((++vPC)->u.operand).jsValue();
-        int32_t value;
-        if (src.numberToInt32(value))
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, ~value));
+        if (src.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, ~src.asInt32());
         else {
             JSValue result = jsNumber(callFrame, ~src.toInt32(callFrame));
@@ -2118 +2104 @@
         NEXT_INSTRUCTION();
     }
-    DEFINE_OPCODE(op_resolve_func) {
-        /* resolve_func baseDst(r) funcDst(r) property(id)
-
-           Searches the scope chain for an object containing
-           identifier property, and if one is found, writes the
-           appropriate object to use as "this" when calling its
-           properties to register baseDst; and the retrieved property
-           value to register propDst. If the property is not found,
-           raises an exception.
-
-           This differs from resolve_with_base, because the
-           global this value will be substituted for activations or
-           the global object, which is the right behavior for function
-           calls but not for other property lookup.
-        */
-        if (UNLIKELY(!resolveBaseAndFunc(callFrame, vPC, exceptionValue)))
-            goto vm_throw;
-
-        vPC += 4;
-        NEXT_INSTRUCTION();
-    }
     DEFINE_OPCODE(op_get_by_id) {
         /* get_by_id dst(r) base(r) property(id) structure(sID) nop(n) nop(n) nop(n)
@@ -2319 +2284 @@
         if (LIKELY(isJSArray(globalData, baseValue))) {
             int dst = vPC[1].u.operand;
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, asArray(baseValue)->length()));
+            callFrame->r(dst) = jsNumber(callFrame, asArray(baseValue)->length());
             vPC += 8;
             NEXT_INSTRUCTION();
@@ -2339 +2304 @@
         if (LIKELY(isJSString(globalData, baseValue))) {
             int dst = vPC[1].u.operand;
-            callFrame->r(dst) = JSValue(jsNumber(callFrame, asString(baseValue)->value().size()));
+            callFrame->r(dst) = jsNumber(callFrame, asString(baseValue)->value().size());
             vPC += 8;
             NEXT_INSTRUCTION();
@@ -2517 +2482 @@
         JSValue result;
 
-        if (LIKELY(subscript.isUInt32Fast())) {
-            uint32_t i = subscript.getUInt32Fast();
+        if (LIKELY(subscript.isUInt32())) {
+            uint32_t i = subscript.asUInt32();
             if (isJSArray(globalData, baseValue)) {
                 JSArray* jsArray = asArray(baseValue);
@@ -2559 +2524 @@
         JSValue subscript = callFrame->r(property).jsValue();
 
-        if (LIKELY(subscript.isUInt32Fast())) {
-            uint32_t i = subscript.getUInt32Fast();
+        if (LIKELY(subscript.isUInt32())) {
+            uint32_t i = subscript.asUInt32();
             if (isJSArray(globalData, baseValue)) {
                 JSArray* jsArray = asArray(baseValue);
@@ -2571 +2536 @@
                 double dValue = 0;
                 JSValue jsValue = callFrame->r(value).jsValue();
-                if (jsValue.isInt32Fast())
-                    jsByteArray->setIndex(i, jsValue.getInt32Fast());
+                if (jsValue.isInt32())
+                    jsByteArray->setIndex(i, jsValue.asInt32());
                 else if (jsValue.getNumber(dValue))
                     jsByteArray->setIndex(i, dValue);
@@ -2892 +2857 @@
         int defaultOffset = (++vPC)->u.operand;
         JSValue scrutinee = callFrame->r((++vPC)->u.operand).jsValue();
-        if (scrutinee.isInt32Fast())
-            vPC += callFrame->codeBlock()->immediateSwitchJumpTable(tableIndex).offsetForValue(scrutinee.getInt32Fast(), defaultOffset);
+        if (scrutinee.isInt32())
+            vPC += callFrame->codeBlock()->immediateSwitchJumpTable(tableIndex).offsetForValue(scrutinee.asInt32(), defaultOffset);
         else {
             double value;
@@ -2956 +2921 @@
         int func = (++vPC)->u.operand;
 
-        callFrame->r(dst) = callFrame->codeBlock()->function(func)->makeFunction(callFrame, callFrame->scopeChain());
+        callFrame->r(dst) = JSValue(callFrame->codeBlock()->function(func)->makeFunction(callFrame, callFrame->scopeChain()));
 
         ++vPC;
@@ -2972 +2937 @@
         int func = (++vPC)->u.operand;
 
-        callFrame->r(dst) = callFrame->codeBlock()->functionExpression(func)->makeFunction(callFrame, callFrame->scopeChain());
+        callFrame->r(dst) = JSValue(callFrame->codeBlock()->functionExpression(func)->makeFunction(callFrame, callFrame->scopeChain()));
 
         ++vPC;
@@ -3080 +3045 @@
             CHECK_FOR_EXCEPTION();
 
-            callFrame->r(dst) = JSValue(returnValue);
+            callFrame->r(dst) = returnValue;
 
             vPC += 5;
@@ -3163 +3128 @@
         }
         CHECK_FOR_EXCEPTION();
-        callFrame->r(argCountDst) = argCount + 1;
+        callFrame->r(argCountDst) = Register::withInt(argCount + 1);
         ++vPC;
         NEXT_INSTRUCTION();
@@ -3234 +3199 @@
             CHECK_FOR_EXCEPTION();
             
-            callFrame->r(dst) = JSValue(returnValue);
+            callFrame->r(dst) = returnValue;
             
             vPC += 5;
@@ -3280 +3245 @@
 
         ASSERT(callFrame->codeBlock()->usesArguments() && !callFrame->codeBlock()->needsFullScopeChain());
+
         if (callFrame->optionalCalleeArguments())
             callFrame->optionalCalleeArguments()->copyRegisters();
@@ -3310 +3276 @@
             return returnValue;
 
-        callFrame->r(dst) = JSValue(returnValue);
+        callFrame->r(dst) = returnValue;
 
         NEXT_INSTRUCTION();
@@ -3355 +3321 @@
         int dst = (++vPC)->u.operand;
         JSActivation* activation = new (globalData) JSActivation(callFrame, static_cast<FunctionBodyNode*>(codeBlock->ownerNode()));
-        callFrame->r(dst) = activation;
+        callFrame->r(dst) = JSValue(activation);
         callFrame->setScopeChain(callFrame->scopeChain()->copy()->push(activation));
 
@@ -3406 +3372 @@
              Arguments* arguments = new (globalData) Arguments(callFrame);
              callFrame->setCalleeArguments(arguments);
-             callFrame->r(RegisterFile::ArgumentsRegister) = arguments;
+             callFrame->r(RegisterFile::ArgumentsRegister) = JSValue(arguments);
          }
         ++vPC;
@@ -3868 +3834 @@
         SymbolTable& symbolTable = codeBlock->symbolTable();
         int argumentsIndex = symbolTable.get(functionCallFrame->propertyNames().arguments.ustring().rep()).getIndex();
-        if (!functionCallFrame->r(argumentsIndex).arguments()) {
+        if (!functionCallFrame->r(argumentsIndex).jsValue()) {
             Arguments* arguments = new (callFrame) Arguments(functionCallFrame);
             functionCallFrame->setCalleeArguments(arguments);
-            functionCallFrame->r(RegisterFile::ArgumentsRegister) = arguments;
+            functionCallFrame->r(RegisterFile::ArgumentsRegister) = JSValue(arguments);
         }
         return functionCallFrame->r(argumentsIndex).jsValue();

trunk/JavaScriptCore/interpreter/Register.h

@@ -53 +53 @@
         Register();
         Register(JSValue);
-        Register(Arguments*);
 
         JSValue jsValue() const;
@@ -60 +59 @@
         void mark();
         
-        int32_t i() const;
-        void* v() const;
-
-    private:
-        friend class ExecState;
-        friend class Interpreter;
-
-        // Only CallFrame, Interpreter, and JITStubs should use these functions.
-
-        Register(intptr_t);
-
         Register(JSActivation*);
         Register(CallFrame*);
@@ -79 +67 @@
         Register(Instruction*);
 
+        int32_t i() const;
         JSActivation* activation() const;
         Arguments* arguments() const;
@@ -88 +77 @@
         Instruction* vPC() const;
 
+        static Register withInt(int32_t i)
+        {
+            return Register(i);
+        }
+
+    private:
+        Register(int32_t);
+
         union {
-            intptr_t i;
-            void* v;
+            int32_t i;
             EncodedJSValue value;
 
             JSActivation* activation;
-            Arguments* arguments;
             CallFrame* callFrame;
             CodeBlock* codeBlock;
@@ -133 +128 @@
     // Interpreter functions
 
-    ALWAYS_INLINE Register::Register(Arguments* arguments)
-    {
-        u.arguments = arguments;
-    }
-
     ALWAYS_INLINE Register::Register(JSActivation* activation)
     {
@@ -173 +163 @@
     }
 
-    ALWAYS_INLINE Register::Register(intptr_t i)
-    {
-        // See comment on 'i()' below.
-        ASSERT(i == static_cast<int32_t>(i));
+    ALWAYS_INLINE Register::Register(int32_t i)
+    {
         u.i = i;
     }
 
-    // Read 'i' as a 32-bit integer; we only use it to hold 32-bit values,
-    // and we only write 32-bits when writing the arg count from JIT code.
     ALWAYS_INLINE int32_t Register::i() const
     {
-        return static_cast<int32_t>(u.i);
-    }
-    
-    ALWAYS_INLINE void* Register::v() const
-    {
-        return u.v;
-    }
-
+        return u.i;
+    }
+    
     ALWAYS_INLINE JSActivation* Register::activation() const
     {
@@ -197 +178 @@
     }
     
-    ALWAYS_INLINE Arguments* Register::arguments() const
-    {
-        return u.arguments;
-    }
-    
     ALWAYS_INLINE CallFrame* Register::callFrame() const
     {

trunk/JavaScriptCore/jit/JIT.cpp

@@ -38 +38 @@
 #include "Interpreter.h"
 #include "JITInlineMethods.h"
+#include "JITStubs.h"
 #include "JITStubCall.h"
 #include "JSArray.h"
@@ -80 +81 @@
     , m_callStructureStubCompilationInfo(codeBlock ? codeBlock->numberOfCallLinkInfos() : 0)
     , m_bytecodeIndex((unsigned)-1)
+#if USE(JSVALUE32_64)
+    , m_jumpTargetIndex(0)
+    , m_mappedBytecodeIndex((unsigned)-1)
+    , m_mappedVirtualRegisterIndex((unsigned)-1)
+    , m_mappedTag((RegisterID)-1)
+    , m_mappedPayload((RegisterID)-1)
+#else
     , m_lastResultBytecodeRegister(std::numeric_limits<int>::max())
     , m_jumpTargetsPosition(0)
-{
-}
-
-void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
-{
-    unsigned dst = currentInstruction[1].u.operand;
-    unsigned src1 = currentInstruction[2].u.operand;
-    unsigned src2 = currentInstruction[3].u.operand;
-
-    emitGetVirtualRegisters(src1, regT0, src2, regT1);
-
-    // Jump to a slow case if either operand is a number, or if both are JSCell*s.
-    move(regT0, regT2);
-    orPtr(regT1, regT2);
-    addSlowCase(emitJumpIfJSCell(regT2));
-    addSlowCase(emitJumpIfImmediateNumber(regT2));
-
-    if (type == OpStrictEq)
-        set32(Equal, regT1, regT0, regT0);
-    else
-        set32(NotEqual, regT1, regT0, regT0);
-    emitTagAsBoolImmediate(regT0);
-
-    emitPutVirtualRegister(dst);
-}
-
+#endif
+{
+}
+
+#if USE(JSVALUE32_64)
 void JIT::emitTimeoutCheck()
 {
     Jump skipTimeout = branchSub32(NonZero, Imm32(1), timeoutCheckRegister);
-    JITStubCall(this, JITStubs::cti_timeout_check).call(timeoutCheckRegister);
+    JITStubCall stubCall(this, cti_timeout_check);
+    stubCall.addArgument(regT1, regT0); // save last result registers.
+    stubCall.call(timeoutCheckRegister);
+    stubCall.getArgument(0, regT1, regT0); // reload last result registers.
     skipTimeout.link(this);
+}
+#else
+void JIT::emitTimeoutCheck()
+{
+    Jump skipTimeout = branchSub32(NonZero, Imm32(1), timeoutCheckRegister);
+    JITStubCall(this, cti_timeout_check).call(timeoutCheckRegister);
+    skipTimeout.link(this);
 
     killLastResultRegister();
 }
-
+#endif
 
 #define NEXT_OPCODE(name) \
@@ -122 +119 @@
     break;
 
+#if USE(JSVALUE32_64)
 #define DEFINE_BINARY_OP(name) \
     case name: { \
-        JITStubCall stubCall(this, JITStubs::cti_##name); \
+        JITStubCall stubCall(this, cti_##name); \
+        stubCall.addArgument(currentInstruction[2].u.operand); \
+        stubCall.addArgument(currentInstruction[3].u.operand); \
+        stubCall.call(currentInstruction[1].u.operand); \
+        NEXT_OPCODE(name); \
+    }
+
+#define DEFINE_UNARY_OP(name) \
+    case name: { \
+        JITStubCall stubCall(this, cti_##name); \
+        stubCall.addArgument(currentInstruction[2].u.operand); \
+        stubCall.call(currentInstruction[1].u.operand); \
+        NEXT_OPCODE(name); \
+    }
+
+#else // USE(JSVALUE32_64)
+
+#define DEFINE_BINARY_OP(name) \
+    case name: { \
+        JITStubCall stubCall(this, cti_##name); \
         stubCall.addArgument(currentInstruction[2].u.operand, regT2); \
         stubCall.addArgument(currentInstruction[3].u.operand, regT2); \
@@ -133 +150 @@
 #define DEFINE_UNARY_OP(name) \
     case name: { \
-        JITStubCall stubCall(this, JITStubs::cti_##name); \
+        JITStubCall stubCall(this, cti_##name); \
         stubCall.addArgument(currentInstruction[2].u.operand, regT2); \
         stubCall.call(currentInstruction[1].u.operand); \
         NEXT_OPCODE(name); \
     }
+#endif // USE(JSVALUE32_64)
 
 #define DEFINE_OP(name) \
@@ -169 +187 @@
 #endif
 
+#if !USE(JSVALUE32_64)
         if (m_labels[m_bytecodeIndex].isUsed())
             killLastResultRegister();
-        
+#endif
+
         m_labels[m_bytecodeIndex] = label();
 
         switch (m_interpreter->getOpcodeID(currentInstruction->u.opcode)) {
         DEFINE_BINARY_OP(op_del_by_val)
+#if !USE(JSVALUE32_64)
         DEFINE_BINARY_OP(op_div)
+#endif
         DEFINE_BINARY_OP(op_in)
         DEFINE_BINARY_OP(op_less)
@@ -188 +210 @@
         DEFINE_UNARY_OP(op_is_string)
         DEFINE_UNARY_OP(op_is_undefined)
+#if !USE(JSVALUE32_64)
         DEFINE_UNARY_OP(op_negate)
+#endif
         DEFINE_UNARY_OP(op_typeof)
 
@@ -207 +231 @@
         DEFINE_OP(op_debug)
         DEFINE_OP(op_del_by_id)
+#if USE(JSVALUE32_64)
+        DEFINE_OP(op_div)
+#endif
         DEFINE_OP(op_end)
         DEFINE_OP(op_enter)
@@ -237 +264 @@
         DEFINE_OP(op_mov)
         DEFINE_OP(op_mul)
+#if USE(JSVALUE32_64)
+        DEFINE_OP(op_negate)
+#endif
         DEFINE_OP(op_neq)
         DEFINE_OP(op_neq_null)
@@ -266 +296 @@
         DEFINE_OP(op_resolve)
         DEFINE_OP(op_resolve_base)
-        DEFINE_OP(op_resolve_func)
         DEFINE_OP(op_resolve_global)
         DEFINE_OP(op_resolve_skip)
@@ -323 +352 @@
 
     m_propertyAccessInstructionIndex = 0;
+#if USE(JSVALUE32_64)
+    m_globalResolveInfoIndex = 0;
+#endif
     m_callLinkInfoIndex = 0;
 
     for (Vector<SlowCaseEntry>::iterator iter = m_slowCases.begin(); iter != m_slowCases.end();) {
-        // FIXME: enable peephole optimizations for slow cases when applicable
+#if !USE(JSVALUE32_64)
         killLastResultRegister();
+#endif
 
         m_bytecodeIndex = iter->to;
@@ -347 +380 @@
         DEFINE_SLOWCASE_OP(op_construct_verify)
         DEFINE_SLOWCASE_OP(op_convert_this)
+#if USE(JSVALUE32_64)
+        DEFINE_SLOWCASE_OP(op_div)
+#endif
         DEFINE_SLOWCASE_OP(op_eq)
         DEFINE_SLOWCASE_OP(op_get_by_id)
@@ -359 +395 @@
         DEFINE_SLOWCASE_OP(op_loop_if_true)
         DEFINE_SLOWCASE_OP(op_lshift)
+        DEFINE_SLOWCASE_OP(op_method_check)
         DEFINE_SLOWCASE_OP(op_mod)
         DEFINE_SLOWCASE_OP(op_mul)
-        DEFINE_SLOWCASE_OP(op_method_check)
+#if USE(JSVALUE32_64)
+        DEFINE_SLOWCASE_OP(op_negate)
+#endif
         DEFINE_SLOWCASE_OP(op_neq)
         DEFINE_SLOWCASE_OP(op_not)
@@ -371 +410 @@
         DEFINE_SLOWCASE_OP(op_put_by_id)
         DEFINE_SLOWCASE_OP(op_put_by_val)
+#if USE(JSVALUE32_64)
+        DEFINE_SLOWCASE_OP(op_resolve_global)
+#endif
         DEFINE_SLOWCASE_OP(op_rshift)
         DEFINE_SLOWCASE_OP(op_stricteq)
@@ -428 +470 @@
         slowRegisterFileCheck.link(this);
         m_bytecodeIndex = 0;
-        JITStubCall(this, JITStubs::cti_register_file_check).call();
+        JITStubCall(this, cti_register_file_check).call();
 #ifndef NDEBUG
         m_bytecodeIndex = (unsigned)-1; // Reset this, in order to guard its use with ASSERTs.
@@ -514 +556 @@
 }
 
-void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, CodePtr* ctiArrayLengthTrampoline, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
-{
-#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
-    // (1) The first function provides fast property access for array length
-    Label arrayLengthBegin = align();
-
-    // Check eax is an array
-    Jump array_failureCases1 = emitJumpIfNotJSCell(regT0);
-    Jump array_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr));
-
-    // Checks out okay! - get the length from the storage
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT0);
-    load32(Address(regT0, OBJECT_OFFSETOF(ArrayStorage, m_length)), regT0);
-
-    Jump array_failureCases3 = branch32(Above, regT0, Imm32(JSImmediate::maxImmediateInt));
-
-    // regT0 contains a 64 bit value (is positive, is zero extended) so we don't need sign extend here.
-    emitFastArithIntToImmNoCheck(regT0, regT0);
-
-    ret();
-
-    // (2) The second function provides fast property access for string length
-    Label stringLengthBegin = align();
-
-    // Check eax is a string
-    Jump string_failureCases1 = emitJumpIfNotJSCell(regT0);
-    Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
-
-    // Checks out okay! - get the length from the Ustring.
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSString, m_value) + OBJECT_OFFSETOF(UString, m_rep)), regT0);
-    load32(Address(regT0, OBJECT_OFFSETOF(UString::Rep, len)), regT0);
-
-    Jump string_failureCases3 = branch32(Above, regT0, Imm32(JSImmediate::maxImmediateInt));
-
-    // regT0 contains a 64 bit value (is positive, is zero extended) so we don't need sign extend here.
-    emitFastArithIntToImmNoCheck(regT0, regT0);
-    
-    ret();
-#endif
-
-    // (3) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
-    COMPILE_ASSERT(sizeof(CodeType) == 4, CodeTypeEnumMustBe32Bit);
-
-    Label virtualCallPreLinkBegin = align();
-
-    // Load the callee CodeBlock* into eax
-    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3);
-    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT0);
-    Jump hasCodeBlock1 = branchTestPtr(NonZero, regT0);
-    preserveReturnAddressAfterCall(regT3);
-    restoreArgumentReference();
-    Call callJSFunction1 = call();
-    emitGetJITStubArg(1, regT2);
-    emitGetJITStubArg(3, regT1);
-    restoreReturnAddressBeforeReturn(regT3);
-    hasCodeBlock1.link(this);
-
-    Jump isNativeFunc1 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
-
-    // Check argCount matches callee arity.
-    Jump arityCheckOkay1 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
-    preserveReturnAddressAfterCall(regT3);
-    emitPutJITStubArg(regT3, 2);
-    emitPutJITStubArg(regT0, 4);
-    restoreArgumentReference();
-    Call callArityCheck1 = call();
-    move(regT1, callFrameRegister);
-    emitGetJITStubArg(1, regT2);
-    emitGetJITStubArg(3, regT1);
-    restoreReturnAddressBeforeReturn(regT3);
-    arityCheckOkay1.link(this);
-    isNativeFunc1.link(this);
-    
-    compileOpCallInitializeCallFrame();
-
-    preserveReturnAddressAfterCall(regT3);
-    emitPutJITStubArg(regT3, 2);
-    restoreArgumentReference();
-    Call callDontLazyLinkCall = call();
-    emitGetJITStubArg(1, regT2);
-    restoreReturnAddressBeforeReturn(regT3);
-
-    jump(regT0);
-
-    Label virtualCallLinkBegin = align();
-
-    // Load the callee CodeBlock* into eax
-    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3);
-    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT0);
-    Jump hasCodeBlock2 = branchTestPtr(NonZero, regT0);
-    preserveReturnAddressAfterCall(regT3);
-    restoreArgumentReference();
-    Call callJSFunction2 = call();
-    emitGetJITStubArg(1, regT2);
-    emitGetJITStubArg(3, regT1);
-    restoreReturnAddressBeforeReturn(regT3);
-    hasCodeBlock2.link(this);
-
-    Jump isNativeFunc2 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
-
-    // Check argCount matches callee arity.
-    Jump arityCheckOkay2 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
-    preserveReturnAddressAfterCall(regT3);
-    emitPutJITStubArg(regT3, 2);
-    emitPutJITStubArg(regT0, 4);
-    restoreArgumentReference();
-    Call callArityCheck2 = call();
-    move(regT1, callFrameRegister);
-    emitGetJITStubArg(1, regT2);
-    emitGetJITStubArg(3, regT1);
-    restoreReturnAddressBeforeReturn(regT3);
-    arityCheckOkay2.link(this);
-    isNativeFunc2.link(this);
-
-    compileOpCallInitializeCallFrame();
-
-    preserveReturnAddressAfterCall(regT3);
-    emitPutJITStubArg(regT3, 2);
-    restoreArgumentReference();
-    Call callLazyLinkCall = call();
-    restoreReturnAddressBeforeReturn(regT3);
-
-    jump(regT0);
-
-    Label virtualCallBegin = align();
-
-    // Load the callee CodeBlock* into eax
-    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3);
-    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT0);
-    Jump hasCodeBlock3 = branchTestPtr(NonZero, regT0);
-    preserveReturnAddressAfterCall(regT3);
-    restoreArgumentReference();
-    Call callJSFunction3 = call();
-    emitGetJITStubArg(1, regT2);
-    emitGetJITStubArg(3, regT1);
-    restoreReturnAddressBeforeReturn(regT3);
-    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3); // reload the function body nody, so we can reload the code pointer.
-    hasCodeBlock3.link(this);
-    
-    Jump isNativeFunc3 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
-
-    // Check argCount matches callee arity.
-    Jump arityCheckOkay3 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
-    preserveReturnAddressAfterCall(regT3);
-    emitPutJITStubArg(regT3, 2);
-    emitPutJITStubArg(regT0, 4);
-    restoreArgumentReference();
-    Call callArityCheck3 = call();
-    move(regT1, callFrameRegister);
-    emitGetJITStubArg(1, regT2);
-    emitGetJITStubArg(3, regT1);
-    restoreReturnAddressBeforeReturn(regT3);
-    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3); // reload the function body nody, so we can reload the code pointer.
-    arityCheckOkay3.link(this);
-    isNativeFunc3.link(this);
-
-    // load ctiCode from the new codeBlock.
-    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_jitCode)), regT0);
-    
-    compileOpCallInitializeCallFrame();
-    jump(regT0);
-
-    
-    Label nativeCallThunk = align();
-    preserveReturnAddressAfterCall(regT0);
-    emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
-
-    // Load caller frame's scope chain into this callframe so that whatever we call can
-    // get to its global data.
-    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
-    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
-    
-
-#if PLATFORM(X86_64)
-    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, X86::ecx);
-
-    // Allocate stack space for our arglist
-    subPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
-    COMPILE_ASSERT((sizeof(ArgList) & 0xf) == 0, ArgList_should_by_16byte_aligned);
-    
-    // Set up arguments
-    subPtr(Imm32(1), X86::ecx); // Don't include 'this' in argcount
-
-    // Push argcount
-    storePtr(X86::ecx, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_argCount)));
-
-    // Calculate the start of the callframe header, and store in edx
-    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int32_t)sizeof(Register)), callFrameRegister, X86::edx);
-    
-    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (ecx)
-    mul32(Imm32(sizeof(Register)), X86::ecx, X86::ecx);
-    subPtr(X86::ecx, X86::edx);
-
-    // push pointer to arguments
-    storePtr(X86::edx, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_args)));
-    
-    // ArgList is passed by reference so is stackPointerRegister
-    move(stackPointerRegister, X86::ecx);
-    
-    // edx currently points to the first argument, edx-sizeof(Register) points to 'this'
-    loadPtr(Address(X86::edx, -(int32_t)sizeof(Register)), X86::edx);
-    
-    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::esi);
-
-    move(callFrameRegister, X86::edi); 
-
-    call(Address(X86::esi, OBJECT_OFFSETOF(JSFunction, m_data)));
-    
-    addPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
-#elif PLATFORM(X86)
-    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
-
-    /* We have two structs that we use to describe the stackframe we set up for our
-     * call to native code.  NativeCallFrameStructure describes the how we set up the stack
-     * in advance of the call.  NativeFunctionCalleeSignature describes the callframe
-     * as the native code expects it.  We do this as we are using the fastcall calling
-     * convention which results in the callee popping its arguments off the stack, but
-     * not the rest of the callframe so we need a nice way to ensure we increment the
-     * stack pointer by the right amount after the call.
-     */
-#if COMPILER(MSVC) || PLATFORM(LINUX)
-    struct NativeCallFrameStructure {
-      //  CallFrame* callFrame; // passed in EDX
-        JSObject* callee;
-        JSValue thisValue;
-        ArgList* argPointer;
-        ArgList args;
-        JSValue result;
-    };
-    struct NativeFunctionCalleeSignature {
-        JSObject* callee;
-        JSValue thisValue;
-        ArgList* argPointer;
-    };
-#else
-    struct NativeCallFrameStructure {
-      //  CallFrame* callFrame; // passed in ECX
-      //  JSObject* callee; // passed in EDX
-        JSValue thisValue;
-        ArgList* argPointer;
-        ArgList args;
-    };
-    struct NativeFunctionCalleeSignature {
-        JSValue thisValue;
-        ArgList* argPointer;
-    };
-#endif
-    const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
-    // Allocate system stack frame
-    subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
-
-    // Set up arguments
-    subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
-
-    // push argcount
-    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
-    
-    // Calculate the start of the callframe header, and store in regT1
-    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
-    
-    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
-    mul32(Imm32(sizeof(Register)), regT0, regT0);
-    subPtr(regT0, regT1);
-    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
-
-    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
-    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
-    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
-
-    // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
-    loadPtr(Address(regT1, -(int)sizeof(Register)), regT1);
-    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue)));
-
-#if COMPILER(MSVC) || PLATFORM(LINUX)
-    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
-    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86::ecx);
-
-    // Plant callee
-    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::eax);
-    storePtr(X86::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
-
-    // Plant callframe
-    move(callFrameRegister, X86::edx);
-
-    call(Address(X86::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
-
-    // JSValue is a non-POD type
-    loadPtr(Address(X86::eax), X86::eax);
-#else
-    // Plant callee
-    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::edx);
-
-    // Plant callframe
-    move(callFrameRegister, X86::ecx);
-    call(Address(X86::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
-#endif
-
-    // We've put a few temporaries on the stack in addition to the actual arguments
-    // so pull them off now
-    addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
-
-#elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
-#error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
-#else
-    breakpoint();
-#endif
-
-    // Check for an exception
-    loadPtr(&(globalData->exception), regT2);
-    Jump exceptionHandler = branchTestPtr(NonZero, regT2);
-
-    // Grab the return address.
-    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
-    
-    // Restore our caller's "r".
-    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
-    
-    // Return.
-    restoreReturnAddressBeforeReturn(regT1);
-    ret();
-
-    // Handle an exception
-    exceptionHandler.link(this);
-    // Grab the return address.
-    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
-    move(ImmPtr(&globalData->exceptionLocation), regT2);
-    storePtr(regT1, regT2);
-    move(ImmPtr(reinterpret_cast<void*>(ctiVMThrowTrampoline)), regT2);
-    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
-    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
-    restoreReturnAddressBeforeReturn(regT2);
-    ret();
-    
-
-#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
-    Call array_failureCases1Call = makeTailRecursiveCall(array_failureCases1);
-    Call array_failureCases2Call = makeTailRecursiveCall(array_failureCases2);
-    Call array_failureCases3Call = makeTailRecursiveCall(array_failureCases3);
-    Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
-    Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
-    Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
-#endif
-
-    // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
-    LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
-
-#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
-    patchBuffer.link(array_failureCases1Call, FunctionPtr(JITStubs::cti_op_get_by_id_array_fail));
-    patchBuffer.link(array_failureCases2Call, FunctionPtr(JITStubs::cti_op_get_by_id_array_fail));
-    patchBuffer.link(array_failureCases3Call, FunctionPtr(JITStubs::cti_op_get_by_id_array_fail));
-    patchBuffer.link(string_failureCases1Call, FunctionPtr(JITStubs::cti_op_get_by_id_string_fail));
-    patchBuffer.link(string_failureCases2Call, FunctionPtr(JITStubs::cti_op_get_by_id_string_fail));
-    patchBuffer.link(string_failureCases3Call, FunctionPtr(JITStubs::cti_op_get_by_id_string_fail));
-#endif
-    patchBuffer.link(callArityCheck1, FunctionPtr(JITStubs::cti_op_call_arityCheck));
-    patchBuffer.link(callArityCheck2, FunctionPtr(JITStubs::cti_op_call_arityCheck));
-    patchBuffer.link(callArityCheck3, FunctionPtr(JITStubs::cti_op_call_arityCheck));
-    patchBuffer.link(callJSFunction1, FunctionPtr(JITStubs::cti_op_call_JSFunction));
-    patchBuffer.link(callJSFunction2, FunctionPtr(JITStubs::cti_op_call_JSFunction));
-    patchBuffer.link(callJSFunction3, FunctionPtr(JITStubs::cti_op_call_JSFunction));
-    patchBuffer.link(callDontLazyLinkCall, FunctionPtr(JITStubs::cti_vm_dontLazyLinkCall));
-    patchBuffer.link(callLazyLinkCall, FunctionPtr(JITStubs::cti_vm_lazyLinkCall));
-
-    CodeRef finalCode = patchBuffer.finalizeCode();
-    *executablePool = finalCode.m_executablePool;
-
-    *ctiVirtualCallPreLink = trampolineAt(finalCode, virtualCallPreLinkBegin);
-    *ctiVirtualCallLink = trampolineAt(finalCode, virtualCallLinkBegin);
-    *ctiVirtualCall = trampolineAt(finalCode, virtualCallBegin);
-    *ctiNativeCallThunk = trampolineAt(finalCode, nativeCallThunk);
-#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
-    *ctiArrayLengthTrampoline = trampolineAt(finalCode, arrayLengthBegin);
-    *ctiStringLengthTrampoline = trampolineAt(finalCode, stringLengthBegin);
-#else
-    UNUSED_PARAM(ctiArrayLengthTrampoline);
-    UNUSED_PARAM(ctiStringLengthTrampoline);
-#endif
-}
-
+#if !USE(JSVALUE32_64)
 void JIT::emitGetVariableObjectRegister(RegisterID variableObject, int index, RegisterID dst)
 {
@@ -907 +570 @@
     storePtr(src, Address(variableObject, index * sizeof(Register)));
 }
-
+#endif
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
 void JIT::unlinkCall(CallLinkInfo* callLinkInfo)
 {
@@ -914 +579 @@
     // match).  Reset the check so it no longer matches.
     RepatchBuffer repatchBuffer(callLinkInfo->ownerCodeBlock);
+#if USE(JSVALUE32_64)
+    repatchBuffer.repatch(callLinkInfo->hotPathBegin, 0);
+#else
     repatchBuffer.repatch(callLinkInfo->hotPathBegin, JSValue::encode(JSValue()));
+#endif
 }
 
@@ -937 +606 @@
     repatchBuffer.relink(callLinkInfo->callReturnLocation, globalData->jitStubs.ctiVirtualCall());
 }
+#endif // ENABLE(JIT_OPTIMIZE_CALL)
 
 } // namespace JSC

trunk/JavaScriptCore/jit/JIT.h

@@ -29 +29 @@
 #include <wtf/Platform.h>
 
-// OBJECT_OFFSETOF: Like the C++ offsetof macro, but you can use it with classes.
-// The magic number 0x4000 is insignificant. We use it to avoid using NULL, since
-// NULL can cause compiler problems, especially in cases of multiple inheritance.
-#define OBJECT_OFFSETOF(class, field) (reinterpret_cast<ptrdiff_t>(&(reinterpret_cast<class*>(0x4000)->field)) - 0x4000)
-
 #if ENABLE(JIT)
 
@@ -178 +173 @@
     class JIT : private MacroAssembler {
         friend class JITStubCall;
-        friend class CallEvalJITStub;
 
         using MacroAssembler::Jump;
@@ -257 +251 @@
         // will compress the displacement, and we may not be able to fit a patched offset.
         static const int patchGetByIdDefaultOffset = 256;
+
+    public:
+        static void compile(JSGlobalData* globalData, CodeBlock* codeBlock)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompile();
+        }
+
+        static void compileGetByIdProto(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdProto(stubInfo, structure, prototypeStructure, cachedOffset, returnAddress, callFrame);
+        }
+
+        static void compileGetByIdSelfList(JSGlobalData* globalData, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdSelfList(stubInfo, polymorphicStructures, currentIndex, structure, cachedOffset);
+        }
+        static void compileGetByIdProtoList(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructureList, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdProtoList(stubInfo, prototypeStructureList, currentIndex, structure, prototypeStructure, cachedOffset, callFrame);
+        }
+        static void compileGetByIdChainList(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructureList, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdChainList(stubInfo, prototypeStructureList, currentIndex, structure, chain, count, cachedOffset, callFrame);
+        }
+
+        static void compileGetByIdChain(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdChain(stubInfo, structure, chain, count, cachedOffset, returnAddress, callFrame);
+        }
+        
+        static void compilePutByIdTransition(JSGlobalData* globalData, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompilePutByIdTransition(stubInfo, oldStructure, newStructure, cachedOffset, chain, returnAddress);
+        }
+
+        static void compileCTIMachineTrampolines(JSGlobalData* globalData, RefPtr<ExecutablePool>* executablePool, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
+        {
+            JIT jit(globalData);
+            jit.privateCompileCTIMachineTrampolines(executablePool, globalData, ctiStringLengthTrampoline, ctiVirtualCallPreLink, ctiVirtualCallLink, ctiVirtualCall, ctiNativeCallThunk);
+        }
+
+        static void patchGetByIdSelf(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
+        static void patchPutByIdReplace(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
+        static void patchMethodCallProto(CodeBlock* codeblock, MethodCallLinkInfo&, JSFunction*, Structure*, JSObject*);
+
+        static void compilePatchGetArrayLength(JSGlobalData* globalData, CodeBlock* codeBlock, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            return jit.privateCompilePatchGetArrayLength(returnAddress);
+        }
+
+        static void linkCall(JSFunction* callee, CodeBlock* callerCodeBlock, CodeBlock* calleeCodeBlock, JITCode&, CallLinkInfo*, int callerArgCount, JSGlobalData*);
+        static void unlinkCall(CallLinkInfo*);
+
+    private:
+        struct JSRInfo {
+            DataLabelPtr storeLocation;
+            Label target;
+
+            JSRInfo(DataLabelPtr storeLocation, Label targetLocation)
+                : storeLocation(storeLocation)
+                , target(targetLocation)
+            {
+            }
+        };
+
+        JIT(JSGlobalData*, CodeBlock* = 0);
+
+        void privateCompileMainPass();
+        void privateCompileLinkPass();
+        void privateCompileSlowCases();
+        void privateCompile();
+        void privateCompileGetByIdProto(StructureStubInfo*, Structure*, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame);
+        void privateCompileGetByIdSelfList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, size_t cachedOffset);
+        void privateCompileGetByIdProtoList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame);
+        void privateCompileGetByIdChainList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame);
+        void privateCompileGetByIdChain(StructureStubInfo*, Structure*, StructureChain*, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame);
+        void privateCompilePutByIdTransition(StructureStubInfo*, Structure*, Structure*, size_t cachedOffset, StructureChain*, ReturnAddressPtr returnAddress);
+
+        void privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* data, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk);
+        void privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress);
+
+        void addSlowCase(Jump);
+        void addSlowCase(JumpList);
+        void addJump(Jump, int);
+        void emitJumpSlowToHot(Jump, int);
+
+        void compileOpCall(OpcodeID, Instruction* instruction, unsigned callLinkInfoIndex);
+        void compileOpCallVarargs(Instruction* instruction);
+        void compileOpCallInitializeCallFrame();
+        void compileOpCallSetupArgs(Instruction*);
+        void compileOpCallVarargsSetupArgs(Instruction*);
+        void compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned callLinkInfoIndex, OpcodeID opcodeID);
+        void compileOpCallVarargsSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter);
+        void compileOpConstructSetupArgs(Instruction*);
+
+        enum CompileOpStrictEqType { OpStrictEq, OpNStrictEq };
+        void compileOpStrictEq(Instruction* instruction, CompileOpStrictEqType type);
+
+#if USE(JSVALUE32_64)
+        Address tagFor(unsigned index, RegisterID base = callFrameRegister);
+        Address payloadFor(unsigned index, RegisterID base = callFrameRegister);
+        Address addressFor(unsigned index, RegisterID base = callFrameRegister);
+
+        bool getOperandConstantImmediateInt(unsigned op1, unsigned op2, unsigned& op, int32_t& constant);
+        bool isOperandConstantImmediateDouble(unsigned src);
+
+        void emitLoadTag(unsigned index, RegisterID tag);
+        void emitLoadPayload(unsigned index, RegisterID payload);
+
+        void emitLoad(const JSValue& v, RegisterID tag, RegisterID payload);
+        void emitLoad(unsigned index, RegisterID tag, RegisterID payload, RegisterID base = callFrameRegister);
+        void emitLoad2(unsigned index1, RegisterID tag1, RegisterID payload1, unsigned index2, RegisterID tag2, RegisterID payload2);
+        void emitLoadDouble(unsigned index, FPRegisterID value);
+        void emitLoadInt32ToDouble(unsigned index, FPRegisterID value);
+
+        void emitStore(unsigned index, RegisterID tag, RegisterID payload, RegisterID base = callFrameRegister);
+        void emitStore(unsigned index, const JSValue constant, RegisterID base = callFrameRegister);
+        void emitStoreInt32(unsigned index, RegisterID payload, bool indexIsInt32 = false);
+        void emitStoreInt32(unsigned index, Imm32 payload, bool indexIsInt32 = false);
+        void emitStoreCell(unsigned index, RegisterID payload, bool indexIsCell = false);
+        void emitStoreBool(unsigned index, RegisterID tag, bool indexIsBool = false);
+        void emitStoreDouble(unsigned index, FPRegisterID value);
+
+        bool isLabeled(unsigned bytecodeIndex);
+        void map(unsigned bytecodeIndex, unsigned virtualRegisterIndex, RegisterID tag, RegisterID payload);
+        void unmap(RegisterID);
+        void unmap();
+        bool isMapped(unsigned virtualRegisterIndex);
+        bool getMappedPayload(unsigned virtualRegisterIndex, RegisterID& payload);
+        bool getMappedTag(unsigned virtualRegisterIndex, RegisterID& tag);
+
+        void emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex);
+        void emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex, RegisterID tag);
+        void linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator&, unsigned virtualRegisterIndex);
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+        void compileGetByIdHotPath();
+        void compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck = false);
+#endif
+        void compileGetDirectOffset(RegisterID base, RegisterID resultTag, RegisterID resultPayload, Structure* structure, size_t cachedOffset);
+        void compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID resultTag, RegisterID resultPayload, size_t cachedOffset);
+        void compilePutDirectOffset(RegisterID base, RegisterID valueTag, RegisterID valuePayload, Structure* structure, size_t cachedOffset);
+
+        // Arithmetic opcode helpers
+        void emitAdd32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType);
+        void emitSub32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType);
+        void emitBinaryDoubleOp(OpcodeID, unsigned dst, unsigned op1, unsigned op2, OperandTypes, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters = true, bool op2IsInRegisters = true);
+
+#if PLATFORM(X86)
+        // These architecture specific value are used to enable patching - see comment on op_put_by_id.
+        static const int patchOffsetPutByIdStructure = 7;
+        static const int patchOffsetPutByIdExternalLoad = 13;
+        static const int patchLengthPutByIdExternalLoad = 3;
+        static const int patchOffsetPutByIdPropertyMapOffset1 = 22;
+        static const int patchOffsetPutByIdPropertyMapOffset2 = 28;
+        // These architecture specific value are used to enable patching - see comment on op_get_by_id.
+        static const int patchOffsetGetByIdStructure = 7;
+        static const int patchOffsetGetByIdBranchToSlowCase = 13;
+        static const int patchOffsetGetByIdExternalLoad = 13;
+        static const int patchLengthGetByIdExternalLoad = 3;
+        static const int patchOffsetGetByIdPropertyMapOffset1 = 22;
+        static const int patchOffsetGetByIdPropertyMapOffset2 = 28;
+        static const int patchOffsetGetByIdPutResult = 28;
+#if ENABLE(OPCODE_SAMPLING) && USE(JIT_STUB_ARGUMENT_VA_LIST)
+        static const int patchOffsetGetByIdSlowCaseCall = 35;
+#elif ENABLE(OPCODE_SAMPLING)
+        static const int patchOffsetGetByIdSlowCaseCall = 37;
+#elif USE(JIT_STUB_ARGUMENT_VA_LIST)
+        static const int patchOffsetGetByIdSlowCaseCall = 25;
+#else
+        static const int patchOffsetGetByIdSlowCaseCall = 27;
+#endif
+        static const int patchOffsetOpCallCompareToJump = 6;
+
+        static const int patchOffsetMethodCheckProtoObj = 11;
+        static const int patchOffsetMethodCheckProtoStruct = 18;
+        static const int patchOffsetMethodCheckPutFunction = 29;
+#else
+#error "JSVALUE32_64 not supported on this platform."
+#endif
+
+#else // USE(JSVALUE32_64)
+        void emitGetVirtualRegister(int src, RegisterID dst);
+        void emitGetVirtualRegisters(int src1, RegisterID dst1, int src2, RegisterID dst2);
+        void emitPutVirtualRegister(unsigned dst, RegisterID from = regT0);
+
+        int32_t getConstantOperandImmediateInt(unsigned src);
+
+        void emitGetVariableObjectRegister(RegisterID variableObject, int index, RegisterID dst);
+        void emitPutVariableObjectRegister(RegisterID src, RegisterID variableObject, int index);
+        
+        void killLastResultRegister();
+
+        Jump emitJumpIfJSCell(RegisterID);
+        Jump emitJumpIfBothJSCells(RegisterID, RegisterID, RegisterID);
+        void emitJumpSlowCaseIfJSCell(RegisterID);
+        Jump emitJumpIfNotJSCell(RegisterID);
+        void emitJumpSlowCaseIfNotJSCell(RegisterID);
+        void emitJumpSlowCaseIfNotJSCell(RegisterID, int VReg);
+#if USE(JSVALUE64)
+        JIT::Jump emitJumpIfImmediateNumber(RegisterID);
+        JIT::Jump emitJumpIfNotImmediateNumber(RegisterID);
+#else
+        JIT::Jump emitJumpIfImmediateNumber(RegisterID reg)
+        {
+            return emitJumpIfImmediateInteger(reg);
+        }
+        
+        JIT::Jump emitJumpIfNotImmediateNumber(RegisterID reg)
+        {
+            return emitJumpIfNotImmediateInteger(reg);
+        }
+#endif
+        JIT::Jump emitJumpIfImmediateInteger(RegisterID);
+        JIT::Jump emitJumpIfNotImmediateInteger(RegisterID);
+        JIT::Jump emitJumpIfNotImmediateIntegers(RegisterID, RegisterID, RegisterID);
+        void emitJumpSlowCaseIfNotImmediateInteger(RegisterID);
+        void emitJumpSlowCaseIfNotImmediateIntegers(RegisterID, RegisterID, RegisterID);
+
+#if !USE(JSVALUE64)
+        void emitFastArithDeTagImmediate(RegisterID);
+        Jump emitFastArithDeTagImmediateJumpIfZero(RegisterID);
+#endif
+        void emitFastArithReTagImmediate(RegisterID src, RegisterID dest);
+        void emitFastArithImmToInt(RegisterID);
+        void emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest);
+
+        void emitTagAsBoolImmediate(RegisterID reg);
+        void compileBinaryArithOp(OpcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes opi);
+        void compileBinaryArithOpSlowCase(OpcodeID, Vector<SlowCaseEntry>::iterator&, unsigned dst, unsigned src1, unsigned src2, OperandTypes opi);
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+        void compileGetByIdHotPath(int resultVReg, int baseVReg, Identifier* ident, unsigned propertyAccessInstructionIndex);
+        void compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck = false);
+#endif
+        void compileGetDirectOffset(RegisterID base, RegisterID result, Structure* structure, size_t cachedOffset);
+        void compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID result, size_t cachedOffset);
+        void compilePutDirectOffset(RegisterID base, RegisterID value, Structure* structure, size_t cachedOffset);
 
 #if PLATFORM(X86_64)
@@ -332 +572 @@
         static const int patchOffsetMethodCheckPutFunction = 46;
 #endif
-
-    public:
-        static void compile(JSGlobalData* globalData, CodeBlock* codeBlock)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompile();
-        }
-
-        static void compileGetByIdProto(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompileGetByIdProto(stubInfo, structure, prototypeStructure, cachedOffset, returnAddress, callFrame);
-        }
-
-        static void compileGetByIdSelfList(JSGlobalData* globalData, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompileGetByIdSelfList(stubInfo, polymorphicStructures, currentIndex, structure, cachedOffset);
-        }
-        static void compileGetByIdProtoList(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructureList, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompileGetByIdProtoList(stubInfo, prototypeStructureList, currentIndex, structure, prototypeStructure, cachedOffset, callFrame);
-        }
-        static void compileGetByIdChainList(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructureList, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompileGetByIdChainList(stubInfo, prototypeStructureList, currentIndex, structure, chain, count, cachedOffset, callFrame);
-        }
-
-        static void compileGetByIdChain(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompileGetByIdChain(stubInfo, structure, chain, count, cachedOffset, returnAddress, callFrame);
-        }
-        
-        static void compilePutByIdTransition(JSGlobalData* globalData, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
-        {
-            JIT jit(globalData, codeBlock);
-            jit.privateCompilePutByIdTransition(stubInfo, oldStructure, newStructure, cachedOffset, chain, returnAddress);
-        }
-
-        static void compileCTIMachineTrampolines(JSGlobalData* globalData, RefPtr<ExecutablePool>* executablePool, CodePtr* ctiArrayLengthTrampoline, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
-        {
-            JIT jit(globalData);
-            jit.privateCompileCTIMachineTrampolines(executablePool, globalData, ctiArrayLengthTrampoline, ctiStringLengthTrampoline, ctiVirtualCallPreLink, ctiVirtualCallLink, ctiVirtualCall, ctiNativeCallThunk);
-        }
-
-        static void patchGetByIdSelf(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
-        static void patchPutByIdReplace(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
-        static void patchMethodCallProto(CodeBlock* codeblock, MethodCallLinkInfo&, JSFunction*, Structure*, JSObject*);
-
-        static void compilePatchGetArrayLength(JSGlobalData* globalData, CodeBlock* codeBlock, ReturnAddressPtr returnAddress)
-        {
-            JIT jit(globalData, codeBlock);
-            return jit.privateCompilePatchGetArrayLength(returnAddress);
-        }
-
-        static void linkCall(JSFunction* callee, CodeBlock* callerCodeBlock, CodeBlock* calleeCodeBlock, JITCode&, CallLinkInfo*, int callerArgCount, JSGlobalData*);
-        static void unlinkCall(CallLinkInfo*);
-
-    private:
-        struct JSRInfo {
-            DataLabelPtr storeLocation;
-            Label target;
-
-            JSRInfo(DataLabelPtr storeLocation, Label targetLocation)
-                : storeLocation(storeLocation)
-                , target(targetLocation)
-            {
-            }
-        };
-
-        JIT(JSGlobalData*, CodeBlock* = 0);
-
-        void privateCompileMainPass();
-        void privateCompileLinkPass();
-        void privateCompileSlowCases();
-        void privateCompile();
-        void privateCompileGetByIdProto(StructureStubInfo*, Structure*, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame);
-        void privateCompileGetByIdSelfList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, size_t cachedOffset);
-        void privateCompileGetByIdProtoList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame);
-        void privateCompileGetByIdChainList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame);
-        void privateCompileGetByIdChain(StructureStubInfo*, Structure*, StructureChain*, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame);
-        void privateCompilePutByIdTransition(StructureStubInfo*, Structure*, Structure*, size_t cachedOffset, StructureChain*, ReturnAddressPtr returnAddress);
-
-        void privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* data, CodePtr* ctiArrayLengthTrampoline, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk);
-        void privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress);
-
-        void addSlowCase(Jump);
-        void addJump(Jump, int);
-        void emitJumpSlowToHot(Jump, int);
-
-#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
-        void compileGetByIdHotPath(int resultVReg, int baseVReg, Identifier* ident, unsigned propertyAccessInstructionIndex);
-        void compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, unsigned propertyAccessInstructionIndex, bool isMethodCheck = false);
-#endif
-        void compileOpCall(OpcodeID, Instruction* instruction, unsigned callLinkInfoIndex);
-        void compileOpCallVarargs(Instruction* instruction);
-        void compileOpCallInitializeCallFrame();
-        void compileOpCallSetupArgs(Instruction*);
-        void compileOpCallVarargsSetupArgs(Instruction*);
-        void compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned callLinkInfoIndex, OpcodeID opcodeID);
-        void compileOpCallVarargsSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter);
-        void compileOpConstructSetupArgs(Instruction*);
-        enum CompileOpStrictEqType { OpStrictEq, OpNStrictEq };
-        void compileOpStrictEq(Instruction* instruction, CompileOpStrictEqType type);
-
-        void compileGetDirectOffset(RegisterID base, RegisterID result, Structure* structure, size_t cachedOffset);
-        void compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID result, size_t cachedOffset);
-        void compilePutDirectOffset(RegisterID base, RegisterID value, Structure* structure, size_t cachedOffset);
-
-        // Arithmetic Ops
+#endif // USE(JSVALUE32_64)
 
         void emit_op_add(Instruction*);
-        void emit_op_sub(Instruction*);
-        void emit_op_mul(Instruction*);
-        void emit_op_mod(Instruction*);
         void emit_op_bitand(Instruction*);
-        void emit_op_lshift(Instruction*);
-        void emit_op_rshift(Instruction*);
+        void emit_op_bitnot(Instruction*);
+        void emit_op_bitor(Instruction*);
+        void emit_op_bitxor(Instruction*);
+        void emit_op_call(Instruction*);
+        void emit_op_call_eval(Instruction*);
+        void emit_op_call_varargs(Instruction*);
+        void emit_op_catch(Instruction*);
+        void emit_op_construct(Instruction*);
+        void emit_op_construct_verify(Instruction*);
+        void emit_op_convert_this(Instruction*);
+        void emit_op_create_arguments(Instruction*);
+        void emit_op_debug(Instruction*);
+        void emit_op_del_by_id(Instruction*);
+        void emit_op_div(Instruction*);
+        void emit_op_end(Instruction*);
+        void emit_op_enter(Instruction*);
+        void emit_op_enter_with_activation(Instruction*);
+        void emit_op_eq(Instruction*);
+        void emit_op_eq_null(Instruction*);
+        void emit_op_get_by_id(Instruction*);
+        void emit_op_get_by_val(Instruction*);
+        void emit_op_get_global_var(Instruction*);
+        void emit_op_get_scoped_var(Instruction*);
+        void emit_op_init_arguments(Instruction*);
+        void emit_op_instanceof(Instruction*);
+        void emit_op_jeq_null(Instruction*);
+        void emit_op_jfalse(Instruction*);
+        void emit_op_jmp(Instruction*);
+        void emit_op_jmp_scopes(Instruction*);
+        void emit_op_jneq_null(Instruction*);
+        void emit_op_jneq_ptr(Instruction*);
         void emit_op_jnless(Instruction*);
         void emit_op_jnlesseq(Instruction*);
-        void emit_op_pre_inc(Instruction*);
-        void emit_op_pre_dec(Instruction*);
-        void emit_op_post_inc(Instruction*);
-        void emit_op_post_dec(Instruction*);
-        void emitSlow_op_add(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_sub(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_mul(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_bitand(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_lshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_rshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_jnless(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_jnlesseq(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_pre_inc(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_pre_dec(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_post_inc(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_post_dec(Instruction*, Vector<SlowCaseEntry>::iterator&);
-
-        void emit_op_get_by_val(Instruction*);
-        void emit_op_put_by_val(Instruction*);
-        void emit_op_put_by_index(Instruction*);
-        void emit_op_put_getter(Instruction*);
-        void emit_op_put_setter(Instruction*);
-        void emit_op_del_by_id(Instruction*);
-
-        void emit_op_mov(Instruction*);
-        void emit_op_end(Instruction*);
-        void emit_op_jmp(Instruction*);
+        void emit_op_jsr(Instruction*);
+        void emit_op_jtrue(Instruction*);
+        void emit_op_load_varargs(Instruction*);
         void emit_op_loop(Instruction*);
         void emit_op_loop_if_less(Instruction*);
         void emit_op_loop_if_lesseq(Instruction*);
+        void emit_op_loop_if_true(Instruction*);
+        void emit_op_lshift(Instruction*);
+        void emit_op_method_check(Instruction*);
+        void emit_op_mod(Instruction*);
+        void emit_op_mov(Instruction*);
+        void emit_op_mul(Instruction*);
+        void emit_op_negate(Instruction*);
+        void emit_op_neq(Instruction*);
+        void emit_op_neq_null(Instruction*);
+        void emit_op_new_array(Instruction*);
+        void emit_op_new_error(Instruction*);
+        void emit_op_new_func(Instruction*);
+        void emit_op_new_func_exp(Instruction*);
         void emit_op_new_object(Instruction*);
+        void emit_op_new_regexp(Instruction*);
+        void emit_op_next_pname(Instruction*);
+        void emit_op_not(Instruction*);
+        void emit_op_nstricteq(Instruction*);
+        void emit_op_pop_scope(Instruction*);
+        void emit_op_post_dec(Instruction*);
+        void emit_op_post_inc(Instruction*);
+        void emit_op_pre_dec(Instruction*);
+        void emit_op_pre_inc(Instruction*);
+        void emit_op_profile_did_call(Instruction*);
+        void emit_op_profile_will_call(Instruction*);
+        void emit_op_push_new_scope(Instruction*);
+        void emit_op_push_scope(Instruction*);
         void emit_op_put_by_id(Instruction*);
-        void emit_op_get_by_id(Instruction*);
-        void emit_op_instanceof(Instruction*);
-        void emit_op_new_func(Instruction*);
-        void emit_op_call(Instruction*);
-        void emit_op_call_eval(Instruction*);
-        void emit_op_method_check(Instruction*);
-        void emit_op_load_varargs(Instruction*);
-        void emit_op_call_varargs(Instruction*);
-        void emit_op_construct(Instruction*);
-        void emit_op_get_global_var(Instruction*);
+        void emit_op_put_by_index(Instruction*);
+        void emit_op_put_by_val(Instruction*);
+        void emit_op_put_getter(Instruction*);
         void emit_op_put_global_var(Instruction*);
-        void emit_op_get_scoped_var(Instruction*);
         void emit_op_put_scoped_var(Instruction*);
+        void emit_op_put_setter(Instruction*);
+        void emit_op_resolve(Instruction*);
+        void emit_op_resolve_base(Instruction*);
+        void emit_op_resolve_global(Instruction*);
+        void emit_op_resolve_skip(Instruction*);
+        void emit_op_resolve_with_base(Instruction*);
+        void emit_op_ret(Instruction*);
+        void emit_op_rshift(Instruction*);
+        void emit_op_sret(Instruction*);
+        void emit_op_strcat(Instruction*);
+        void emit_op_stricteq(Instruction*);
+        void emit_op_sub(Instruction*);
+        void emit_op_switch_char(Instruction*);
+        void emit_op_switch_imm(Instruction*);
+        void emit_op_switch_string(Instruction*);
         void emit_op_tear_off_activation(Instruction*);
         void emit_op_tear_off_arguments(Instruction*);
-        void emit_op_ret(Instruction*);
-        void emit_op_new_array(Instruction*);
-        void emit_op_resolve(Instruction*);
-        void emit_op_construct_verify(Instruction*);
+        void emit_op_throw(Instruction*);
+        void emit_op_to_jsnumber(Instruction*);
         void emit_op_to_primitive(Instruction*);
-        void emit_op_strcat(Instruction*);
-        void emit_op_resolve_func(Instruction*);
-        void emit_op_loop_if_true(Instruction*);
-        void emit_op_resolve_base(Instruction*);
-        void emit_op_resolve_skip(Instruction*);
-        void emit_op_resolve_global(Instruction*);
-        void emit_op_not(Instruction*);
-        void emit_op_jfalse(Instruction*);
-        void emit_op_jeq_null(Instruction*);
-        void emit_op_jneq_null(Instruction*);
-        void emit_op_jneq_ptr(Instruction*);
         void emit_op_unexpected_load(Instruction*);
-        void emit_op_jsr(Instruction*);
-        void emit_op_sret(Instruction*);
-        void emit_op_eq(Instruction*);
-        void emit_op_bitnot(Instruction*);
-        void emit_op_resolve_with_base(Instruction*);
-        void emit_op_new_func_exp(Instruction*);
-        void emit_op_jtrue(Instruction*);
-        void emit_op_neq(Instruction*);
-        void emit_op_bitxor(Instruction*);
-        void emit_op_new_regexp(Instruction*);
-        void emit_op_bitor(Instruction*);
-        void emit_op_throw(Instruction*);
-        void emit_op_next_pname(Instruction*);
-        void emit_op_push_scope(Instruction*);
-        void emit_op_pop_scope(Instruction*);
-        void emit_op_stricteq(Instruction*);
-        void emit_op_nstricteq(Instruction*);
-        void emit_op_to_jsnumber(Instruction*);
-        void emit_op_push_new_scope(Instruction*);
-        void emit_op_catch(Instruction*);
-        void emit_op_jmp_scopes(Instruction*);
-        void emit_op_switch_imm(Instruction*);
-        void emit_op_switch_char(Instruction*);
-        void emit_op_switch_string(Instruction*);
-        void emit_op_new_error(Instruction*);
-        void emit_op_debug(Instruction*);
-        void emit_op_eq_null(Instruction*);
-        void emit_op_neq_null(Instruction*);
-        void emit_op_enter(Instruction*);
-        void emit_op_enter_with_activation(Instruction*);
-        void emit_op_init_arguments(Instruction*);
-        void emit_op_create_arguments(Instruction*);
-        void emit_op_convert_this(Instruction*);
-        void emit_op_profile_will_call(Instruction*);
-        void emit_op_profile_did_call(Instruction*);
-
-        void emitSlow_op_convert_this(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_construct_verify(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_to_primitive(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_loop_if_less(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_put_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_loop_if_lesseq(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_put_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_loop_if_true(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_not(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_jfalse(Instruction*, Vector<SlowCaseEntry>::iterator&);
+
+        void emitSlow_op_add(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_bitand(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_bitnot(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_jtrue(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_bitor(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_bitxor(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_bitor(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_eq(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_neq(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_stricteq(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_nstricteq(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_instanceof(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_call(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_call_eval(Instruction*, Vector<SlowCaseEntry>::iterator&);
-        void emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_call_varargs(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_construct(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_construct_verify(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_convert_this(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_div(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_eq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_instanceof(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jfalse(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jnless(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jnlesseq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jtrue(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_loop_if_less(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_loop_if_lesseq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_loop_if_true(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_lshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_mul(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_negate(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_neq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_not(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_nstricteq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_post_dec(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_post_inc(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_pre_dec(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_pre_inc(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_put_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_put_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_resolve_global(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_rshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_stricteq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_sub(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_to_jsnumber(Instruction*, Vector<SlowCaseEntry>::iterator&);
-
-#if ENABLE(JIT_OPTIMIZE_ARITHMETIC)
-        void compileBinaryArithOp(OpcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes opi);
-        void compileBinaryArithOpSlowCase(OpcodeID, Vector<SlowCaseEntry>::iterator&, unsigned dst, unsigned src1, unsigned src2, OperandTypes opi);
-#endif
-
-        void emitGetVirtualRegister(int src, RegisterID dst);
-        void emitGetVirtualRegisters(int src1, RegisterID dst1, int src2, RegisterID dst2);
-        void emitPutVirtualRegister(unsigned dst, RegisterID from = regT0);
-
+        void emitSlow_op_to_primitive(Instruction*, Vector<SlowCaseEntry>::iterator&);
+
+        /* These functions are deprecated: Please use JITStubCall instead. */
         void emitPutJITStubArg(RegisterID src, unsigned argumentNumber);
+#if USE(JSVALUE32_64)
+        void emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch1, RegisterID scratch2);
+#else
         void emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch);
+#endif
         void emitPutJITStubArgConstant(unsigned value, unsigned argumentNumber);
         void emitPutJITStubArgConstant(void* value, unsigned argumentNumber);
@@ -607 +733 @@
 
         JSValue getConstantOperand(unsigned src);
-        int32_t getConstantOperandImmediateInt(unsigned src);
         bool isOperandConstantImmediateInt(unsigned src);
-
-        Jump emitJumpIfJSCell(RegisterID);
-        Jump emitJumpIfBothJSCells(RegisterID, RegisterID, RegisterID);
-        void emitJumpSlowCaseIfJSCell(RegisterID);
-        Jump emitJumpIfNotJSCell(RegisterID);
-        void emitJumpSlowCaseIfNotJSCell(RegisterID);
-        void emitJumpSlowCaseIfNotJSCell(RegisterID, int VReg);
-#if USE(ALTERNATE_JSIMMEDIATE)
-        JIT::Jump emitJumpIfImmediateNumber(RegisterID);
-        JIT::Jump emitJumpIfNotImmediateNumber(RegisterID);
-#else
-        JIT::Jump emitJumpIfImmediateNumber(RegisterID reg)
-        {
-            return emitJumpIfImmediateInteger(reg);
-        }
-        
-        JIT::Jump emitJumpIfNotImmediateNumber(RegisterID reg)
-        {
-            return emitJumpIfNotImmediateInteger(reg);
-        }
-#endif
 
         Jump getSlowCase(Vector<SlowCaseEntry>::iterator& iter)
@@ -642 +746 @@
         void linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator&, int vReg);
 
-        JIT::Jump emitJumpIfImmediateInteger(RegisterID);
-        JIT::Jump emitJumpIfNotImmediateInteger(RegisterID);
-        JIT::Jump emitJumpIfNotImmediateIntegers(RegisterID, RegisterID, RegisterID);
-        void emitJumpSlowCaseIfNotImmediateInteger(RegisterID);
-        void emitJumpSlowCaseIfNotImmediateIntegers(RegisterID, RegisterID, RegisterID);
-
         Jump checkStructure(RegisterID reg, Structure* structure);
-
-#if !USE(ALTERNATE_JSIMMEDIATE)
-        void emitFastArithDeTagImmediate(RegisterID);
-        Jump emitFastArithDeTagImmediateJumpIfZero(RegisterID);
-#endif
-        void emitFastArithReTagImmediate(RegisterID src, RegisterID dest);
-        void emitFastArithImmToInt(RegisterID);
-        void emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest);
-
-        void emitTagAsBoolImmediate(RegisterID reg);
 
         void restoreArgumentReference();
@@ -664 +752 @@
 
         Call emitNakedCall(CodePtr function = CodePtr());
+
         void preserveReturnAddressAfterCall(RegisterID);
         void restoreReturnAddressBeforeReturn(RegisterID);
         void restoreReturnAddressBeforeReturn(Address);
 
-        void emitGetVariableObjectRegister(RegisterID variableObject, int index, RegisterID dst);
-        void emitPutVariableObjectRegister(RegisterID src, RegisterID variableObject, int index);
-        
         void emitTimeoutCheck();
 #ifndef NDEBUG
         void printBytecodeOperandTypes(unsigned src1, unsigned src2);
 #endif
-
-        void killLastResultRegister();
-
 
 #if ENABLE(SAMPLING_FLAGS)
@@ -714 +797 @@
         Vector<SwitchRecord> m_switches;
 
-        int m_lastResultBytecodeRegister;
-        unsigned m_jumpTargetsPosition;
-
         unsigned m_propertyAccessInstructionIndex;
         unsigned m_globalResolveInfoIndex;
         unsigned m_callLinkInfoIndex;
+
+#if USE(JSVALUE32_64)
+        unsigned m_jumpTargetIndex;
+        unsigned m_mappedBytecodeIndex;
+        unsigned m_mappedVirtualRegisterIndex;
+        RegisterID m_mappedTag;
+        RegisterID m_mappedPayload;
+#else
+        int m_lastResultBytecodeRegister;
+        unsigned m_jumpTargetsPosition;
+#endif
     } JIT_CLASS_ALIGNMENT;
-
-}
+} // namespace JSC
 
 #endif // ENABLE(JIT)

trunk/JavaScriptCore/jit/JITArithmetic.cpp

@@ -42 +42 @@
 #endif
 
-
 using namespace std;
 
 namespace JSC {
+
+#if USE(JSVALUE32_64)
+
+void JIT::emit_op_negate(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump srcNotInt = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branch32(Equal, regT0, Imm32(0)));
+
+    neg32(regT0);
+    emitStoreInt32(dst, regT0, (dst == src));
+
+    Jump end = jump();
+
+    srcNotInt.link(this);
+    addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+    xor32(Imm32(1 << 31), regT1);
+    store32(regT1, tagFor(dst));
+    if (dst != src)
+        store32(regT0, payloadFor(dst));
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_negate(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // 0 check
+    linkSlowCase(iter); // double check
+
+    JITStubCall stubCall(this, cti_op_negate);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_jnless(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    // Int32 less.
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT3, regT2);
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThanOrEqual, regT2, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+    } else {
+        emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThanOrEqual, regT0, regT2), target + 3);
+    }
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double less.
+    emitBinaryDoubleOp(op_jnless, target, op1, op2, OperandTypes(), notInt32Op1, notInt32Op2, !isOperandConstantImmediateInt(op1), isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2));
+    end.link(this);
+}
+
+void JIT::emitSlow_op_jnless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!supportsFloatingPoint()) {
+        if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+    } else {
+        if (!isOperandConstantImmediateInt(op1)) {
+            linkSlowCase(iter); // double check
+            linkSlowCase(iter); // int32 check
+        }
+        if (isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // double check
+    }
+
+    JITStubCall stubCall(this, cti_op_jless);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+}
+
+void JIT::emit_op_jnlesseq(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    // Int32 less.
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT3, regT2);
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThan, regT2, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThan, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+    } else {
+        emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThan, regT0, regT2), target + 3);
+    }
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double less.
+    emitBinaryDoubleOp(op_jnlesseq, target, op1, op2, OperandTypes(), notInt32Op1, notInt32Op2, !isOperandConstantImmediateInt(op1), isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2));
+    end.link(this);
+}
+
+void JIT::emitSlow_op_jnlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!supportsFloatingPoint()) {
+        if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+    } else {
+        if (!isOperandConstantImmediateInt(op1)) {
+            linkSlowCase(iter); // double check
+            linkSlowCase(iter); // int32 check
+        }
+        if (isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // double check
+    }
+
+    JITStubCall stubCall(this, cti_op_jlesseq);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+}
+
+// LeftShift (<<)
+
+void JIT::emit_op_lshift(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        lshift32(Imm32(getConstantOperand(op2).asInt32()), regT0);
+        emitStoreInt32(dst, regT0, dst == op1);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    if (!isOperandConstantImmediateInt(op1))
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    lshift32(regT2, regT0);
+    emitStoreInt32(dst, regT0, dst == op1 || dst == op2);
+}
+
+void JIT::emitSlow_op_lshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_lshift);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// RightShift (>>)
+
+void JIT::emit_op_rshift(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        rshift32(Imm32(getConstantOperand(op2).asInt32()), regT0);
+        emitStoreInt32(dst, regT0, dst == op1);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    if (!isOperandConstantImmediateInt(op1))
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    rshift32(regT2, regT0);
+    emitStoreInt32(dst, regT0, dst == op1 || dst == op2);
+}
+
+void JIT::emitSlow_op_rshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_rshift);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitAnd (&)
+
+void JIT::emit_op_bitand(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitLoad(op, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        and32(Imm32(constant), regT0);
+        emitStoreInt32(dst, regT0, (op == dst));
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    and32(regT2, regT0);
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+}
+
+void JIT::emitSlow_op_bitand(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitand);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitOr (|)
+
+void JIT::emit_op_bitor(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitLoad(op, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        or32(Imm32(constant), regT0);
+        emitStoreInt32(dst, regT0, (op == dst));
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    or32(regT2, regT0);
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+}
+
+void JIT::emitSlow_op_bitor(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitor);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitXor (^)
+
+void JIT::emit_op_bitxor(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitLoad(op, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        xor32(Imm32(constant), regT0);
+        emitStoreInt32(dst, regT0, (op == dst));
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    xor32(regT2, regT0);
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+}
+
+void JIT::emitSlow_op_bitxor(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitxor);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitNot (~)
+
+void JIT::emit_op_bitnot(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+
+    not32(regT0);
+    emitStoreInt32(dst, regT0, (dst == src));
+}
+
+void JIT::emitSlow_op_bitnot(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitnot);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+// PostInc (i++)
+
+void JIT::emit_op_post_inc(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+    
+    emitLoad(srcDst, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+
+    if (dst == srcDst) // x = x++ is a noop for ints.
+        return;
+
+    emitStoreInt32(dst, regT0);
+
+    addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_post_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    if (dst != srcDst)
+        linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_post_inc);
+    stubCall.addArgument(srcDst);
+    stubCall.addArgument(Imm32(srcDst));
+    stubCall.call(dst);
+}
+
+// PostDec (i--)
+
+void JIT::emit_op_post_dec(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    emitLoad(srcDst, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+
+    if (dst == srcDst) // x = x-- is a noop for ints.
+        return;
+
+    emitStoreInt32(dst, regT0);
+
+    addSlowCase(branchSub32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_post_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    if (dst != srcDst)
+        linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_post_dec);
+    stubCall.addArgument(srcDst);
+    stubCall.addArgument(Imm32(srcDst));
+    stubCall.call(dst);
+}
+
+// PreInc (++i)
+
+void JIT::emit_op_pre_inc(Instruction* currentInstruction)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    emitLoad(srcDst, regT1, regT0);
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_pre_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_pre_inc);
+    stubCall.addArgument(srcDst);
+    stubCall.call(srcDst);
+}
+
+// PreDec (--i)
+
+void JIT::emit_op_pre_dec(Instruction* currentInstruction)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    emitLoad(srcDst, regT1, regT0);
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branchSub32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_pre_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_pre_dec);
+    stubCall.addArgument(srcDst);
+    stubCall.call(srcDst);
+}
+
+// Addition (+)
+
+void JIT::emit_op_add(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitAdd32Constant(dst, op, constant, op == op1 ? types.first() : types.second());
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    // Int32 case.
+    addSlowCase(branchAdd32(Overflow, regT2, regT0));
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double case.
+    emitBinaryDoubleOp(op_add, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitAdd32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType)
+{
+    // Int32 case.
+    emitLoad(op, regT1, regT0);
+    Jump notInt32 = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branchAdd32(Overflow, Imm32(constant), regT0));
+    emitStoreInt32(dst, regT0, (op == dst));
+
+    // Double case.
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32);
+        return;
+    }
+    Jump end = jump();
+
+    notInt32.link(this);
+    if (!opType.definitelyIsNumber())
+        addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+    move(Imm32(constant), regT2);
+    convertInt32ToDouble(regT2, fpRegT0);
+    emitLoadDouble(op, fpRegT1);
+    addDouble(fpRegT1, fpRegT0);
+    emitStoreDouble(dst, fpRegT0);
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint()) {
+            linkSlowCase(iter); // non-sse case
+            return;
+        }
+
+        ResultType opType = op == op1 ? types.first() : types.second();
+        if (!opType.definitelyIsNumber())
+            linkSlowCase(iter); // double check
+    } else {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // int32 check
+        } else {
+            if (!types.first().definitelyIsNumber())
+                linkSlowCase(iter); // double check
+
+            if (!types.second().definitelyIsNumber()) {
+                linkSlowCase(iter); // int32 check
+                linkSlowCase(iter); // double check
+            }
+        }
+    }
+
+    JITStubCall stubCall(this, cti_op_add);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// Subtraction (-)
+
+void JIT::emit_op_sub(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitSub32Constant(dst, op1, getConstantOperand(op2).asInt32(), types.first());
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    // Int32 case.
+    addSlowCase(branchSub32(Overflow, regT2, regT0));
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double case.
+    emitBinaryDoubleOp(op_sub, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitSub32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType)
+{
+    // Int32 case.
+    emitLoad(op, regT1, regT0);
+    Jump notInt32 = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branchSub32(Overflow, Imm32(constant), regT0));
+    emitStoreInt32(dst, regT0, (op == dst));
+
+    // Double case.
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32);
+        return;
+    }
+    Jump end = jump();
+
+    notInt32.link(this);
+    if (!opType.definitelyIsNumber())
+        addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+    move(Imm32(constant), regT2);
+    convertInt32ToDouble(regT2, fpRegT0);
+    emitLoadDouble(op, fpRegT1);
+    subDouble(fpRegT0, fpRegT1);
+    emitStoreDouble(dst, fpRegT1);
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint() || !types.first().definitelyIsNumber())
+            linkSlowCase(iter); // int32 or double check
+    } else {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // int32 check
+        } else {
+            if (!types.first().definitelyIsNumber())
+                linkSlowCase(iter); // double check
+
+            if (!types.second().definitelyIsNumber()) {
+                linkSlowCase(iter); // int32 check
+                linkSlowCase(iter); // double check
+            }
+        }
+    }
+
+    JITStubCall stubCall(this, cti_op_sub);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+void JIT::emitBinaryDoubleOp(OpcodeID opcodeID, unsigned dst, unsigned op1, unsigned op2, OperandTypes types, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters, bool op2IsInRegisters)
+{
+    JumpList end;
+    
+    if (!notInt32Op1.empty()) {
+        // Double case 1: Op1 is not int32; Op2 is unknown.
+        notInt32Op1.link(this);
+
+        ASSERT(op1IsInRegisters);
+
+        // Verify Op1 is double.
+        if (!types.first().definitelyIsNumber())
+            addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+        if (!op2IsInRegisters)
+            emitLoad(op2, regT3, regT2);
+
+        Jump doubleOp2 = branch32(Below, regT3, Imm32(JSValue::LowestTag));
+
+        if (!types.second().definitelyIsNumber())
+            addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+        convertInt32ToDouble(regT2, fpRegT0);
+        Jump doTheMath = jump();
+
+        // Load Op2 as double into double register.
+        doubleOp2.link(this);
+        emitLoadDouble(op2, fpRegT0);
+
+        // Do the math.
+        doTheMath.link(this);
+        switch (opcodeID) {
+            case op_mul:
+                emitLoadDouble(op1, fpRegT2);
+                mulDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_add:
+                emitLoadDouble(op1, fpRegT2);
+                addDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_sub:
+                emitLoadDouble(op1, fpRegT1);
+                subDouble(fpRegT0, fpRegT1);
+                emitStoreDouble(dst, fpRegT1);
+                break;
+            case op_div:
+                emitLoadDouble(op1, fpRegT1);
+                divDouble(fpRegT0, fpRegT1);
+                emitStoreDouble(dst, fpRegT1);
+                break;
+            case op_jnless:
+                emitLoadDouble(op1, fpRegT2);
+                addJump(branchDouble(DoubleLessThanOrEqual, fpRegT0, fpRegT2), dst + 3);
+                break;
+            case op_jnlesseq:
+                emitLoadDouble(op1, fpRegT2);
+                addJump(branchDouble(DoubleLessThan, fpRegT0, fpRegT2), dst + 3);
+                break;
+            default:
+                ASSERT_NOT_REACHED();
+        }
+
+        if (!notInt32Op2.empty())
+            end.append(jump());
+    }
+
+    if (!notInt32Op2.empty()) {
+        // Double case 2: Op1 is int32; Op2 is not int32.
+        notInt32Op2.link(this);
+
+        ASSERT(op2IsInRegisters);
+
+        if (!op1IsInRegisters)
+            emitLoadPayload(op1, regT0);
+
+        convertInt32ToDouble(regT0, fpRegT0);
+
+        // Verify op2 is double.
+        if (!types.second().definitelyIsNumber())
+            addSlowCase(branch32(Above, regT3, Imm32(JSValue::LowestTag)));
+
+        // Do the math.
+        switch (opcodeID) {
+            case op_mul:
+                emitLoadDouble(op2, fpRegT2);
+                mulDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_add:
+                emitLoadDouble(op2, fpRegT2);
+                addDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_sub:
+                emitLoadDouble(op2, fpRegT2);
+                subDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_div:
+                emitLoadDouble(op2, fpRegT2);
+                divDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_jnless:
+                emitLoadDouble(op2, fpRegT1);
+                addJump(branchDouble(DoubleLessThanOrEqual, fpRegT1, fpRegT0), dst + 3);
+                break;
+            case op_jnlesseq:
+                emitLoadDouble(op2, fpRegT1);
+                addJump(branchDouble(DoubleLessThan, fpRegT1, fpRegT0), dst + 3);
+                break;
+            default:
+                ASSERT_NOT_REACHED();
+        }
+    }
+
+    end.link(this);
+}
+
+// Multiplication (*)
+
+void JIT::emit_op_mul(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    // Int32 case.
+    move(regT0, regT3);
+    addSlowCase(branchMul32(Overflow, regT2, regT0));
+    addSlowCase(branchTest32(Zero, regT0));
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double case.
+    emitBinaryDoubleOp(op_mul, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    Jump overflow = getSlowCase(iter); // overflow check
+    linkSlowCase(iter); // zero result check
+
+    Jump negZero = branchOr32(Signed, regT2, regT3);
+    emitStoreInt32(dst, Imm32(0), (op1 == dst || op2 == dst));
+
+    emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_mul));
+
+    negZero.link(this);
+    overflow.link(this);
+
+    if (!supportsFloatingPoint()) {
+        linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+    }
+
+    if (supportsFloatingPoint()) {
+        if (!types.first().definitelyIsNumber())
+            linkSlowCase(iter); // double check
+
+        if (!types.second().definitelyIsNumber()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // double check
+        }
+    }
+
+    Label jitStubCall(this);
+    JITStubCall stubCall(this, cti_op_mul);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// Division (/)
+
+void JIT::emit_op_div(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(jump());
+        return;
+    }
+
+    // Int32 divide.
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    JumpList end;
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    convertInt32ToDouble(regT0, fpRegT0);
+    convertInt32ToDouble(regT2, fpRegT1);
+    divDouble(fpRegT1, fpRegT0);
+
+    JumpList doubleResult;
+    if (!isOperandConstantImmediateInt(op1) || getConstantOperand(op1).asInt32() > 1) {
+        m_assembler.cvttsd2si_rr(fpRegT0, regT0);
+        convertInt32ToDouble(regT0, fpRegT1);
+        m_assembler.ucomisd_rr(fpRegT1, fpRegT0);
+
+        doubleResult.append(m_assembler.jne());
+        doubleResult.append(m_assembler.jp());
+        
+        doubleResult.append(branchTest32(Zero, regT0));
+
+        // Int32 result.
+        emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+        end.append(jump());
+    }
+
+    // Double result.
+    doubleResult.link(this);
+    emitStoreDouble(dst, fpRegT0);
+    end.append(jump());
+
+    // Double divide.
+    emitBinaryDoubleOp(op_div, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!supportsFloatingPoint())
+        linkSlowCase(iter);
+    else {
+        if (!types.first().definitelyIsNumber())
+            linkSlowCase(iter); // double check
+
+        if (!types.second().definitelyIsNumber()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // double check
+        }
+    }
+
+    JITStubCall stubCall(this, cti_op_div);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// Mod (%)
+
+/* ------------------------------ BEGIN: OP_MOD ------------------------------ */
+
+#if PLATFORM(X86) || PLATFORM(X86_64)
+
+void JIT::emit_op_mod(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2) && getConstantOperand(op2).asInt32() != 0) {
+        emitLoad(op1, X86::edx, X86::eax);
+        move(Imm32(getConstantOperand(op2).asInt32()), X86::ecx);
+        addSlowCase(branch32(NotEqual, X86::edx, Imm32(JSValue::Int32Tag)));
+        if (getConstantOperand(op2).asInt32() == -1)
+            addSlowCase(branch32(Equal, X86::eax, Imm32(0x80000000))); // -2147483648 / -1 => EXC_ARITHMETIC
+    } else {
+        emitLoad2(op1, X86::edx, X86::eax, op2, X86::ebx, X86::ecx);
+        addSlowCase(branch32(NotEqual, X86::edx, Imm32(JSValue::Int32Tag)));
+        addSlowCase(branch32(NotEqual, X86::ebx, Imm32(JSValue::Int32Tag)));
+
+        addSlowCase(branch32(Equal, X86::eax, Imm32(0x80000000))); // -2147483648 / -1 => EXC_ARITHMETIC
+        addSlowCase(branch32(Equal, X86::ecx, Imm32(0))); // divide by 0
+    }
+
+    move(X86::eax, X86::ebx); // Save dividend payload, in case of 0.
+    m_assembler.cdq();
+    m_assembler.idivl_r(X86::ecx);
+    
+    // If the remainder is zero and the dividend is negative, the result is -0.
+    Jump storeResult1 = branchTest32(NonZero, X86::edx);
+    Jump storeResult2 = branchTest32(Zero, X86::ebx, Imm32(0x80000000)); // not negative
+    emitStore(dst, jsNumber(m_globalData, -0.0));
+    Jump end = jump();
+
+    storeResult1.link(this);
+    storeResult2.link(this);
+    emitStoreInt32(dst, X86::edx, (op1 == dst || op2 == dst));
+    end.link(this);
+}
+
+void JIT::emitSlow_op_mod(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2) && getConstantOperand(op2).asInt32() != 0) {
+        linkSlowCase(iter); // int32 check
+        if (getConstantOperand(op2).asInt32() == -1)
+            linkSlowCase(iter); // 0x80000000 check
+    } else {
+        linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // 0 check
+        linkSlowCase(iter); // 0x80000000 check
+    }
+
+    JITStubCall stubCall(this, cti_op_mod);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+#else // PLATFORM(X86) || PLATFORM(X86_64)
+
+void JIT::emit_op_mod(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_mod);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+void JIT::emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+}
+
+#endif // PLATFORM(X86) || PLATFORM(X86_64)
+
+/* ------------------------------ END: OP_MOD ------------------------------ */
+
+#else // USE(JSVALUE32_64)
 
 void JIT::emit_op_lshift(Instruction* currentInstruction)
@@ -65 +1149 @@
 #endif
     lshift32(regT2, regT0);
-#if !USE(ALTERNATE_JSIMMEDIATE)
+#if !USE(JSVALUE64)
     addSlowCase(branchAdd32(Overflow, regT0, regT0));
     signExtend32ToPtr(regT0, regT0);
@@ -79 +1163 @@
     unsigned op2 = currentInstruction[3].u.operand;
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     UNUSED_PARAM(op1);
     UNUSED_PARAM(op2);
@@ -93 +1177 @@
     notImm2.link(this);
 #endif
-    JITStubCall stubCall(this, JITStubs::cti_op_lshift);
+    JITStubCall stubCall(this, cti_op_lshift);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT2);
@@ -110 +1194 @@
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
         // Mask with 0x1f as per ecma-262 11.7.2 step 7.
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         rshift32(Imm32(getConstantOperandImmediateInt(op2) & 0x1f), regT0);
 #else
@@ -119 +1203 @@
         if (supportsFloatingPointTruncate()) {
             Jump lhsIsInt = emitJumpIfImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
-            // supportsFloatingPoint() && USE(ALTERNATE_JSIMMEDIATE) => 3 SlowCases
+#if USE(JSVALUE64)
+            // supportsFloatingPoint() && USE(JSVALUE64) => 3 SlowCases
             addSlowCase(emitJumpIfNotImmediateNumber(regT0));
             addPtr(tagTypeNumberRegister, regT0);
@@ -126 +1210 @@
             addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
 #else
-            // supportsFloatingPoint() && !USE(ALTERNATE_JSIMMEDIATE) => 5 SlowCases (of which 1 IfNotJSCell)
+            // supportsFloatingPoint() && !USE(JSVALUE64) => 5 SlowCases (of which 1 IfNotJSCell)
             emitJumpSlowCaseIfNotJSCell(regT0, op1);
             addSlowCase(checkStructure(regT0, m_globalData->numberStructure.get()));
@@ -146 +1230 @@
         and32(Imm32(0x1f), regT2);
 #endif
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         rshift32(regT2, regT0);
 #else
@@ -152 +1236 @@
 #endif
     }
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     emitFastArithIntToImmNoCheck(regT0, regT0);
 #else
@@ -166 +1250 @@
     unsigned op2 = currentInstruction[3].u.operand;
 
-    JITStubCall stubCall(this, JITStubs::cti_op_rshift);
+    JITStubCall stubCall(this, cti_op_rshift);
 
     if (isOperandConstantImmediateInt(op2)) {
@@ -174 +1258 @@
     } else {
         if (supportsFloatingPointTruncate()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             linkSlowCase(iter);
             linkSlowCase(iter);
@@ -215 +1299 @@
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op2imm = getConstantOperandImmediateInt(op2);
 #else
@@ -224 +1308 @@
         emitGetVirtualRegister(op2, regT1);
         emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op1imm = getConstantOperandImmediateInt(op1);
 #else
@@ -254 +1338 @@
 
         if (supportsFloatingPoint()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             addPtr(tagTypeNumberRegister, regT0);
@@ -267 +1351 @@
 #endif
             
-            int32_t op2imm = getConstantOperand(op2).getInt32Fast();;
+            int32_t op2imm = getConstantOperand(op2).asInt32();;
                     
             move(Imm32(op2imm), regT1);
@@ -276 +1360 @@
             emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             fail1.link(this);
 #else
@@ -285 +1369 @@
         }
 
-        JITStubCall stubCall(this, JITStubs::cti_op_jless);
+        JITStubCall stubCall(this, cti_op_jless);
         stubCall.addArgument(regT0);
         stubCall.addArgument(op2, regT2);
@@ -295 +1379 @@
 
         if (supportsFloatingPoint()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
             addPtr(tagTypeNumberRegister, regT1);
@@ -308 +1392 @@
 #endif
             
-            int32_t op1imm = getConstantOperand(op1).getInt32Fast();;
+            int32_t op1imm = getConstantOperand(op1).asInt32();;
                     
             move(Imm32(op1imm), regT0);
@@ -317 +1401 @@
             emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             fail1.link(this);
 #else
@@ -326 +1410 @@
         }
 
-        JITStubCall stubCall(this, JITStubs::cti_op_jless);
+        JITStubCall stubCall(this, cti_op_jless);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(regT1);
@@ -336 +1420 @@
 
         if (supportsFloatingPoint()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
@@ -363 +1447 @@
             emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             fail1.link(this);
             fail2.link(this);
@@ -378 +1462 @@
 
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_jless);
+        JITStubCall stubCall(this, cti_op_jless);
         stubCall.addArgument(regT0);
         stubCall.addArgument(regT1);
@@ -400 +1484 @@
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op2imm = getConstantOperandImmediateInt(op2);
 #else
@@ -409 +1493 @@
         emitGetVirtualRegister(op2, regT1);
         emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op1imm = getConstantOperandImmediateInt(op1);
 #else
@@ -439 +1523 @@
 
         if (supportsFloatingPoint()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             addPtr(tagTypeNumberRegister, regT0);
@@ -452 +1536 @@
 #endif
             
-            int32_t op2imm = getConstantOperand(op2).getInt32Fast();;
+            int32_t op2imm = getConstantOperand(op2).asInt32();;
                     
             move(Imm32(op2imm), regT1);
@@ -461 +1545 @@
             emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             fail1.link(this);
 #else
@@ -470 +1554 @@
         }
 
-        JITStubCall stubCall(this, JITStubs::cti_op_jlesseq);
+        JITStubCall stubCall(this, cti_op_jlesseq);
         stubCall.addArgument(regT0);
         stubCall.addArgument(op2, regT2);
@@ -480 +1564 @@
 
         if (supportsFloatingPoint()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
             addPtr(tagTypeNumberRegister, regT1);
@@ -493 +1577 @@
 #endif
             
-            int32_t op1imm = getConstantOperand(op1).getInt32Fast();;
+            int32_t op1imm = getConstantOperand(op1).asInt32();;
                     
             move(Imm32(op1imm), regT0);
@@ -502 +1586 @@
             emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             fail1.link(this);
 #else
@@ -511 +1595 @@
         }
 
-        JITStubCall stubCall(this, JITStubs::cti_op_jlesseq);
+        JITStubCall stubCall(this, cti_op_jlesseq);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(regT1);
@@ -521 +1605 @@
 
         if (supportsFloatingPoint()) {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
             Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
@@ -548 +1632 @@
             emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             fail1.link(this);
             fail2.link(this);
@@ -563 +1647 @@
 
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_jlesseq);
+        JITStubCall stubCall(this, cti_op_jlesseq);
         stubCall.addArgument(regT0);
         stubCall.addArgument(regT1);
@@ -580 +1664 @@
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t imm = getConstantOperandImmediateInt(op1);
         andPtr(Imm32(imm), regT0);
@@ -591 +1675 @@
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t imm = getConstantOperandImmediateInt(op2);
         andPtr(Imm32(imm), regT0);
@@ -615 +1699 @@
     linkSlowCase(iter);
     if (isOperandConstantImmediateInt(op1)) {
-        JITStubCall stubCall(this, JITStubs::cti_op_bitand);
+        JITStubCall stubCall(this, cti_op_bitand);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(regT0);
         stubCall.call(result);
     } else if (isOperandConstantImmediateInt(op2)) {
-        JITStubCall stubCall(this, JITStubs::cti_op_bitand);
+        JITStubCall stubCall(this, cti_op_bitand);
         stubCall.addArgument(regT0);
         stubCall.addArgument(op2, regT2);
         stubCall.call(result);
     } else {
-        JITStubCall stubCall(this, JITStubs::cti_op_bitand);
+        JITStubCall stubCall(this, cti_op_bitand);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(regT1);
@@ -640 +1724 @@
     move(regT0, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     addSlowCase(branchAdd32(Overflow, Imm32(1), regT1));
     emitFastArithIntToImmNoCheck(regT1, regT1);
@@ -658 +1742 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_post_inc);
+    JITStubCall stubCall(this, cti_op_post_inc);
     stubCall.addArgument(regT0);
     stubCall.addArgument(Imm32(srcDst));
@@ -672 +1756 @@
     move(regT0, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     addSlowCase(branchSub32(Zero, Imm32(1), regT1));
     emitFastArithIntToImmNoCheck(regT1, regT1);
@@ -690 +1774 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_post_dec);
+    JITStubCall stubCall(this, cti_op_post_dec);
     stubCall.addArgument(regT0);
     stubCall.addArgument(Imm32(srcDst));
@@ -702 +1786 @@
     emitGetVirtualRegister(srcDst, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
     emitFastArithIntToImmNoCheck(regT0, regT0);
@@ -720 +1804 @@
     emitGetVirtualRegister(srcDst, regT0);
     notImm.link(this);
-    JITStubCall stubCall(this, JITStubs::cti_op_pre_inc);
+    JITStubCall stubCall(this, cti_op_pre_inc);
     stubCall.addArgument(regT0);
     stubCall.call(srcDst);
@@ -731 +1815 @@
     emitGetVirtualRegister(srcDst, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     addSlowCase(branchSub32(Zero, Imm32(1), regT0));
     emitFastArithIntToImmNoCheck(regT0, regT0);
@@ -749 +1833 @@
     emitGetVirtualRegister(srcDst, regT0);
     notImm.link(this);
-    JITStubCall stubCall(this, JITStubs::cti_op_pre_dec);
+    JITStubCall stubCall(this, cti_op_pre_dec);
     stubCall.addArgument(regT0);
     stubCall.call(srcDst);
@@ -767 +1851 @@
     emitJumpSlowCaseIfNotImmediateInteger(X86::eax);
     emitJumpSlowCaseIfNotImmediateInteger(X86::ecx);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     addSlowCase(branchPtr(Equal, X86::ecx, ImmPtr(JSValue::encode(jsNumber(m_globalData, 0)))));
     m_assembler.cdq();
@@ -786 +1870 @@
     unsigned result = currentInstruction[1].u.operand;
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     linkSlowCase(iter);
     linkSlowCase(iter);
@@ -799 +1883 @@
     notImm2.link(this);
 #endif
-    JITStubCall stubCall(this, JITStubs::cti_op_mod);
+    JITStubCall stubCall(this, cti_op_mod);
     stubCall.addArgument(X86::eax);
     stubCall.addArgument(X86::ecx);
@@ -813 +1897 @@
     unsigned op2 = currentInstruction[3].u.operand;
 
-    JITStubCall stubCall(this, JITStubs::cti_op_mod);
+    JITStubCall stubCall(this, cti_op_mod);
     stubCall.addArgument(op1, regT2);
     stubCall.addArgument(op2, regT2);
@@ -828 +1912 @@
 /* ------------------------------ END: OP_MOD ------------------------------ */
 
-#if !ENABLE(JIT_OPTIMIZE_ARITHMETIC)
-
-/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_ARITHMETIC) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
-
-void JIT::emit_op_add(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-    JITStubCall stubCall(this, JITStubs::cti_op_add);
-    stubCall.addArgument(op1, regT2);
-    stubCall.addArgument(op2, regT2);
-    stubCall.call(result);
-}
-
-void JIT::emitSlow_op_add(Instruction*, Vector<SlowCaseEntry>::iterator&)
-{
-    ASSERT_NOT_REACHED();
-}
-
-void JIT::emit_op_mul(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-    JITStubCall stubCall(this, JITStubs::cti_op_mul);
-    stubCall.addArgument(op1, regT2);
-    stubCall.addArgument(op2, regT2);
-    stubCall.call(result);
-}
-
-void JIT::emitSlow_op_mul(Instruction*, Vector<SlowCaseEntry>::iterator&)
-{
-    ASSERT_NOT_REACHED();
-}
-
-void JIT::emit_op_sub(Instruction* currentInstruction)
-{
-    unsigned result = currentInstruction[1].u.operand;
-    unsigned op1 = currentInstruction[2].u.operand;
-    unsigned op2 = currentInstruction[3].u.operand;
-
-    JITStubCall stubCall(this, JITStubs::cti_op_sub);
-    stubCall.addArgument(op1, regT2);
-    stubCall.addArgument(op2, regT2);
-    stubCall.call(result);
-}
-
-void JIT::emitSlow_op_sub(Instruction*, Vector<SlowCaseEntry>::iterator&)
-{
-    ASSERT_NOT_REACHED();
-}
-
-#elif USE(ALTERNATE_JSIMMEDIATE) // *AND* ENABLE(JIT_OPTIMIZE_ARITHMETIC)
-
-/* ------------------------------ BEGIN: USE(ALTERNATE_JSIMMEDIATE) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
+#if USE(JSVALUE64)
+
+/* ------------------------------ BEGIN: USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
 
 void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned, unsigned op1, unsigned op2, OperandTypes)
@@ -918 +1947 @@
 
     Label stubFunctionCall(this);
-    JITStubCall stubCall(this, opcodeID == op_add ? JITStubs::cti_op_add : opcodeID == op_sub ? JITStubs::cti_op_sub : JITStubs::cti_op_mul);
+    JITStubCall stubCall(this, opcodeID == op_add ? cti_op_add : opcodeID == op_sub ? cti_op_sub : cti_op_mul);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
@@ -969 +1998 @@
 
     if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        JITStubCall stubCall(this, JITStubs::cti_op_add);
+        JITStubCall stubCall(this, cti_op_add);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(op2, regT2);
@@ -1001 +2030 @@
         linkSlowCase(iter);
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_add);
+        JITStubCall stubCall(this, cti_op_add);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(op2, regT2);
@@ -1046 +2075 @@
         linkSlowCase(iter);
         // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
-        JITStubCall stubCall(this, JITStubs::cti_op_mul);
+        JITStubCall stubCall(this, cti_op_mul);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(op2, regT2);
@@ -1076 +2105 @@
 }
 
-#else // !ENABLE(JIT_OPTIMIZE_ARITHMETIC)
-
-/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_ARITHMETIC) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
+#else // USE(JSVALUE64)
+
+/* ------------------------------ BEGIN: !USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
 
 void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes types)
@@ -1245 +2274 @@
         linkSlowCase(iter);
 
-    JITStubCall stubCall(this, opcodeID == op_add ? JITStubs::cti_op_add : opcodeID == op_sub ? JITStubs::cti_op_sub : JITStubs::cti_op_mul);
+    JITStubCall stubCall(this, opcodeID == op_add ? cti_op_add : opcodeID == op_sub ? cti_op_sub : cti_op_mul);
     stubCall.addArgument(src1, regT2);
     stubCall.addArgument(src2, regT2);
@@ -1274 +2303 @@
             compileBinaryArithOp(op_add, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
         else {
-            JITStubCall stubCall(this, JITStubs::cti_op_add);
+            JITStubCall stubCall(this, cti_op_add);
             stubCall.addArgument(op1, regT2);
             stubCall.addArgument(op2, regT2);
@@ -1293 +2322 @@
         sub32(Imm32(getConstantOperandImmediateInt(op1) << JSImmediate::IntegerPayloadShift), regT0);
         notImm.link(this);
-        JITStubCall stubCall(this, JITStubs::cti_op_add);
+        JITStubCall stubCall(this, cti_op_add);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(regT0);
@@ -1302 +2331 @@
         sub32(Imm32(getConstantOperandImmediateInt(op2) << JSImmediate::IntegerPayloadShift), regT0);
         notImm.link(this);
-        JITStubCall stubCall(this, JITStubs::cti_op_add);
+        JITStubCall stubCall(this, cti_op_add);
         stubCall.addArgument(regT0);
         stubCall.addArgument(op2, regT2);
@@ -1352 +2381 @@
         linkSlowCase(iter);
         // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
-        JITStubCall stubCall(this, JITStubs::cti_op_mul);
+        JITStubCall stubCall(this, cti_op_mul);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(op2, regT2);
@@ -1370 +2399 @@
 }
 
-#endif // !ENABLE(JIT_OPTIMIZE_ARITHMETIC)
+#endif // USE(JSVALUE64)
 
 /* ------------------------------ END: OP_ADD, OP_SUB, OP_MUL ------------------------------ */
 
+#endif // USE(JSVALUE32_64)
+
 } // namespace JSC
 

trunk/JavaScriptCore/jit/JITCall.cpp

@@ -46 +46 @@
 namespace JSC {
 
+#if USE(JSVALUE32_64)
+
+void JIT::compileOpCallInitializeCallFrame()
+{
+    // regT0 holds callee, regT1 holds argCount
+    store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_data) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // scopeChain
+
+    emitStore(static_cast<unsigned>(RegisterFile::OptionalCalleeArguments), JSValue());
+    storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register)))); // callee
+    storePtr(regT1, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register)))); // scopeChain
+}
+
+void JIT::compileOpCallSetupArgs(Instruction* instruction)
+{
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    emitPutJITStubArg(regT0, 1);
+    emitPutJITStubArg(regT1, 2);
+    emitPutJITStubArgConstant(registerOffset, 3);
+    emitPutJITStubArgConstant(argCount, 5);
+}
+          
+void JIT::compileOpConstructSetupArgs(Instruction* instruction)
+{
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+    int proto = instruction[5].u.operand;
+    int thisRegister = instruction[6].u.operand;
+
+    emitPutJITStubArg(regT0, 1);
+    emitPutJITStubArg(regT1, 2);
+    emitPutJITStubArgConstant(registerOffset, 3);
+    emitPutJITStubArgConstant(argCount, 5);
+    emitPutJITStubArgFromVirtualRegister(proto, 7, regT2, regT3);
+    emitPutJITStubArgConstant(thisRegister, 9);
+}
+
+void JIT::compileOpCallVarargsSetupArgs(Instruction*)
+{
+    emitPutJITStubArg(regT0, 1);
+    emitPutJITStubArg(regT1, 2);
+    emitPutJITStubArg(regT3, 3); // registerOffset
+    emitPutJITStubArg(regT2, 5); // argCount
+}
+
+void JIT::compileOpCallVarargs(Instruction* instruction)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCountRegister = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    emitLoad(callee, regT1, regT0);
+    emitLoadPayload(argCountRegister, regT2); // argCount
+    addPtr(Imm32(registerOffset), regT2, regT3); // registerOffset
+
+    compileOpCallVarargsSetupArgs(instruction);
+
+    emitJumpSlowCaseIfNotJSCell(callee, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr)));
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    mul32(Imm32(sizeof(Register)), regT3, regT3);
+    addPtr(callFrameRegister, regT3);
+    storePtr(callFrameRegister, Address(regT3, RegisterFile::CallerFrame * static_cast<int>(sizeof(Register))));
+    move(regT3, callFrameRegister);
+
+    move(regT2, regT1); // argCount
+
+    emitNakedCall(m_globalData->jitStubs.ctiVirtualCall());
+
+    emitStore(dst, regT1, regT0);
+    
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallVarargsSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, callee);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_call_NotJSFunction);
+    stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
+
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_call_varargs), dst, regT1, regT0);
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::emit_op_ret(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
+    if (m_codeBlock->needsFullScopeChain())
+        JITStubCall(this, cti_op_ret_scopeChain).call();
+
+    emitLoad(dst, regT1, regT0);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT2);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+
+    restoreReturnAddressBeforeReturn(regT2);
+    ret();
+}
+
+void JIT::emit_op_construct_verify(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    emitLoad(dst, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addSlowCase(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
+}
+
+void JIT::emitSlow_op_construct_verify(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    emitLoad(src, regT1, regT0);
+    emitStore(dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_call(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_call);
+}
+
+void JIT::emitSlow_op_call_eval(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_call_eval);
+}
+
+void JIT::emitSlow_op_call_varargs(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallVarargsSlowCase(currentInstruction, iter);
+}
+
+void JIT::emitSlow_op_construct(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_construct);
+}
+
+void JIT::emit_op_call(Instruction* currentInstruction)
+{
+    compileOpCall(op_call, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_call_eval(Instruction* currentInstruction)
+{
+    compileOpCall(op_call_eval, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_load_varargs(Instruction* currentInstruction)
+{
+    int argCountDst = currentInstruction[1].u.operand;
+    int argsOffset = currentInstruction[2].u.operand;
+
+    JITStubCall stubCall(this, cti_op_load_varargs);
+    stubCall.addArgument(Imm32(argsOffset));
+    stubCall.call();
+    // Stores a naked int32 in the register file.
+    store32(returnValueRegister, Address(callFrameRegister, argCountDst * sizeof(Register)));
+}
+
+void JIT::emit_op_call_varargs(Instruction* currentInstruction)
+{
+    compileOpCallVarargs(currentInstruction);
+}
+
+void JIT::emit_op_construct(Instruction* currentInstruction)
+{
+    compileOpCall(op_construct, currentInstruction, m_callLinkInfoIndex++);
+}
+
+#if !ENABLE(JIT_OPTIMIZE_CALL)
+
+/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    Jump wasEval1;
+    Jump wasEval2;
+    if (opcodeID == op_call_eval) {
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
+        wasEval1 = branchTest32(NonZero, regT0);
+        wasEval2 = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    }
+
+    emitLoad(callee, regT1, regT2);
+
+    if (opcodeID == op_call)
+        compileOpCallSetupArgs(instruction);
+    else if (opcodeID == op_construct)
+        compileOpConstructSetupArgs(instruction);
+
+    emitJumpSlowCaseIfNotJSCell(callee, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsFunctionVPtr)));
+
+    // First, in the case of a construct, allocate the new object.
+    if (opcodeID == op_construct) {
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        emitLoad(callee, regT1, regT2);
+    }
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
+    move(Imm32(argCount), regT1);
+
+    emitNakedCall(m_globalData->jitStubs.ctiVirtualCall());
+
+    if (opcodeID == op_call_eval) {
+        wasEval1.link(this);
+        wasEval2.link(this);
+    }
+
+    emitStore(dst, regT1, regT0);;
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned, OpcodeID opcodeID)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, callee);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction);
+    stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+#else // !ENABLE(JIT_OPTIMIZE_CALL)
+
+/* ------------------------------ BEGIN: ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned callLinkInfoIndex)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    Jump wasEval1;
+    Jump wasEval2;
+    if (opcodeID == op_call_eval) {
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
+        wasEval1 = branchTest32(NonZero, regT0);
+        wasEval2 = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    }
+
+    emitLoad(callee, regT1, regT0);
+
+    DataLabelPtr addressOfLinkedFunctionCheck;
+    Jump jumpToSlow = branchPtrWithPatch(NotEqual, regT0, addressOfLinkedFunctionCheck, ImmPtr(0));
+    addSlowCase(jumpToSlow);
+    ASSERT(differenceBetween(addressOfLinkedFunctionCheck, jumpToSlow) == patchOffsetOpCallCompareToJump);
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+
+    // The following is the fast case, only used whan a callee can be linked.
+
+    // In the case of OpConstruct, call out to a cti_ function to create the new object.
+    if (opcodeID == op_construct) {
+        int proto = instruction[5].u.operand;
+        int thisRegister = instruction[6].u.operand;
+
+        JITStubCall stubCall(this, cti_op_construct_JSConstruct);
+        stubCall.addArgument(regT1, regT0);
+        stubCall.addArgument(Imm32(0)); // FIXME: Remove this unused JITStub argument.
+        stubCall.addArgument(Imm32(0)); // FIXME: Remove this unused JITStub argument.
+        stubCall.addArgument(proto);
+        stubCall.call(thisRegister);
+
+        emitLoad(callee, regT1, regT0);
+    }
+
+    // Fast version of stack frame initialization, directly relative to edi.
+    // Note that this omits to set up RegisterFile::CodeBlock, which is set in the callee
+    emitStore(registerOffset + RegisterFile::OptionalCalleeArguments, JSValue());
+    emitStore(registerOffset + RegisterFile::Callee, regT1, regT0);
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_data) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // newScopeChain
+    store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));
+    storePtr(callFrameRegister, Address(callFrameRegister, (registerOffset + RegisterFile::CallerFrame) * static_cast<int>(sizeof(Register))));
+    storePtr(regT1, Address(callFrameRegister, (registerOffset + RegisterFile::ScopeChain) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * sizeof(Register)), callFrameRegister);
+
+    // Call to the callee
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall();
+    
+    if (opcodeID == op_call_eval) {
+        wasEval1.link(this);
+        wasEval2.link(this);
+    }
+
+    // Put the return value in dst. In the interpreter, op_ret does this.
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + opcodeLengths[opcodeID], dst, regT1, regT0);
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned callLinkInfoIndex, OpcodeID opcodeID)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    // The arguments have been set up on the hot path for op_call_eval
+    if (opcodeID == op_call)
+        compileOpCallSetupArgs(instruction);
+    else if (opcodeID == op_construct)
+        compileOpConstructSetupArgs(instruction);
+
+    // Fast check for JS function.
+    Jump callLinkFailNotObject = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    Jump callLinkFailNotJSFunction = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr));
+
+    // First, in the case of a construct, allocate the new object.
+    if (opcodeID == op_construct) {
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        emitLoad(callee, regT1, regT0);
+    }
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
+    move(Imm32(argCount), regT1);
+
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].callReturnLocation = emitNakedCall(m_globalData->jitStubs.ctiVirtualCallPreLink());
+
+    // Put the return value in dst.
+    emitStore(dst, regT1, regT0);;
+    sampleCodeBlock(m_codeBlock);
+
+    // If not, we need an extra case in the if below!
+    ASSERT(OPCODE_LENGTH(op_call) == OPCODE_LENGTH(op_call_eval));
+
+    // Done! - return back to the hot path.
+    if (opcodeID == op_construct)
+        emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_construct));
+    else
+        emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_call));
+
+    // This handles host functions
+    callLinkFailNotObject.link(this);
+    callLinkFailNotJSFunction.link(this);
+    JITStubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction).call();
+
+    emitStore(dst, regT1, regT0);;
+    sampleCodeBlock(m_codeBlock);
+}
+
+/* ------------------------------ END: !ENABLE / ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+#endif // !ENABLE(JIT_OPTIMIZE_CALL)
+
+#else // USE(JSVALUE32_64)
+
 void JIT::compileOpCallInitializeCallFrame()
 {
@@ -129 +519 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_call_NotJSFunction);
+    JITStubCall stubCall(this, cti_op_call_NotJSFunction);
     stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
     
@@ -149 +539 @@
     Jump wasEval;
     if (opcodeID == op_call_eval) {
-        CallEvalJITStub(this, instruction).call();
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee, regT2);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
         wasEval = branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(JSValue())));
     }
@@ -166 +560 @@
     // First, in the case of a construct, allocate the new object.
     if (opcodeID == op_construct) {
-        JITStubCall(this, JITStubs::cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
         emitGetVirtualRegister(callee, regT2);
     }
@@ -192 +586 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, opcodeID == op_construct ? JITStubs::cti_op_construct_NotJSConstruct : JITStubs::cti_op_call_NotJSFunction);
+    JITStubCall stubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction);
     stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
 
@@ -212 +606 @@
     Jump wasEval;
     if (opcodeID == op_call_eval) {
-        CallEvalJITStub(this, instruction).call();
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee, regT2);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
         wasEval = branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(JSValue())));
     }
@@ -234 +632 @@
         emitPutJITStubArg(regT2, 1);
         emitPutJITStubArgFromVirtualRegister(proto, 4, regT0);
-        JITStubCall stubCall(this, JITStubs::cti_op_construct_JSConstruct);
+        JITStubCall stubCall(this, cti_op_construct_JSConstruct);
         stubCall.call(thisRegister);
         emitGetVirtualRegister(callee, regT2);
@@ -282 +680 @@
     // First, in the case of a construct, allocate the new object.
     if (opcodeID == op_construct) {
-        JITStubCall(this, JITStubs::cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
         emitGetVirtualRegister(callee, regT2);
     }
@@ -309 +707 @@
     callLinkFailNotObject.link(this);
     callLinkFailNotJSFunction.link(this);
-    JITStubCall(this, opcodeID == op_construct ? JITStubs::cti_op_construct_NotJSConstruct : JITStubs::cti_op_call_NotJSFunction).call();
+    JITStubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction).call();
 
     emitPutVirtualRegister(dst);
@@ -319 +717 @@
 #endif // !ENABLE(JIT_OPTIMIZE_CALL)
 
+#endif // USE(JSVALUE32_64)
+
 } // namespace JSC
 

trunk/JavaScriptCore/jit/JITInlineMethods.h

@@ -33 +33 @@
 namespace JSC {
 
+/* Deprecated: Please use JITStubCall instead. */
+
+// puts an arg onto the stack, as an arg to a context threaded function.
+ALWAYS_INLINE void JIT::emitPutJITStubArg(RegisterID src, unsigned argumentNumber)
+{
+    poke(src, argumentNumber);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(unsigned value, unsigned argumentNumber)
+{
+    poke(Imm32(value), argumentNumber);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(void* value, unsigned argumentNumber)
+{
+    poke(ImmPtr(value), argumentNumber);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitGetJITStubArg(unsigned argumentNumber, RegisterID dst)
+{
+    peek(dst, argumentNumber);
+}
+
+ALWAYS_INLINE JSValue JIT::getConstantOperand(unsigned src)
+{
+    ASSERT(m_codeBlock->isConstantRegisterIndex(src));
+    return m_codeBlock->getConstant(src);
+}
+
+ALWAYS_INLINE void JIT::emitPutToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry)
+{
+    storePtr(from, Address(callFrameRegister, entry * sizeof(Register)));
+}
+
+ALWAYS_INLINE void JIT::emitPutImmediateToCallFrameHeader(void* value, RegisterFile::CallFrameHeaderEntry entry)
+{
+    storePtr(ImmPtr(value), Address(callFrameRegister, entry * sizeof(Register)));
+}
+
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeaderPtr(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    loadPtr(Address(from, entry * sizeof(Register)), to);
+#if !USE(JSVALUE32_64)
+    killLastResultRegister();
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader32(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    load32(Address(from, entry * sizeof(Register)), to);
+#if !USE(JSVALUE32_64)
+    killLastResultRegister();
+#endif
+}
+
+ALWAYS_INLINE JIT::Call JIT::emitNakedCall(CodePtr function)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    Call nakedCall = nearCall();
+    m_calls.append(CallRecord(nakedCall, m_bytecodeIndex, function.executableAddress()));
+    return nakedCall;
+}
+
+#if PLATFORM(X86) || PLATFORM(X86_64)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    pop(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    push(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    push(address);
+}
+
+#elif PLATFORM_ARM_ARCH(7)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    move(linkRegister, reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    move(reg, linkRegister);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    loadPtr(address, linkRegister);
+}
+
+#endif
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+ALWAYS_INLINE void JIT::restoreArgumentReference()
+{
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+}
+ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline() {}
+#else
+ALWAYS_INLINE void JIT::restoreArgumentReference()
+{
+    move(stackPointerRegister, firstArgumentRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+}
+ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline()
+{
+#if PLATFORM(X86)
+    // Within a trampoline the return address will be on the stack at this point.
+    addPtr(Imm32(sizeof(void*)), stackPointerRegister, firstArgumentRegister);
+#elif PLATFORM_ARM_ARCH(7)
+    move(stackPointerRegister, firstArgumentRegister);
+#endif
+    // In the trampoline on x86-64, the first argument register is not overwritten.
+}
+#endif
+
+ALWAYS_INLINE JIT::Jump JIT::checkStructure(RegisterID reg, Structure* structure)
+{
+    return branchPtr(NotEqual, Address(reg, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(structure));
+}
+
+ALWAYS_INLINE void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, int vReg)
+{
+    if (!m_codeBlock->isKnownNotImmediate(vReg))
+        linkSlowCase(iter);
+}
+
+ALWAYS_INLINE void JIT::addSlowCase(Jump jump)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    m_slowCases.append(SlowCaseEntry(jump, m_bytecodeIndex));
+}
+
+ALWAYS_INLINE void JIT::addSlowCase(JumpList jumpList)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    const JumpList::JumpVector& jumpVector = jumpList.jumps();
+    size_t size = jumpVector.size();
+    for (size_t i = 0; i < size; ++i)
+        m_slowCases.append(SlowCaseEntry(jumpVector[i], m_bytecodeIndex));
+}
+
+ALWAYS_INLINE void JIT::addJump(Jump jump, int relativeOffset)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    m_jmpTable.append(JumpTable(jump, m_bytecodeIndex + relativeOffset));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowToHot(Jump jump, int relativeOffset)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    jump.linkTo(m_labels[m_bytecodeIndex + relativeOffset], this);
+}
+
+#if ENABLE(SAMPLING_FLAGS)
+ALWAYS_INLINE void JIT::setSamplingFlag(int32_t flag)
+{
+    ASSERT(flag >= 1);
+    ASSERT(flag <= 32);
+    or32(Imm32(1u << (flag - 1)), AbsoluteAddress(&SamplingFlags::s_flags));
+}
+
+ALWAYS_INLINE void JIT::clearSamplingFlag(int32_t flag)
+{
+    ASSERT(flag >= 1);
+    ASSERT(flag <= 32);
+    and32(Imm32(~(1u << (flag - 1))), AbsoluteAddress(&SamplingFlags::s_flags));
+}
+#endif
+
+#if ENABLE(SAMPLING_COUNTERS)
+ALWAYS_INLINE void JIT::emitCount(AbstractSamplingCounter& counter, uint32_t count)
+{
+#if PLATFORM(X86_64) // Or any other 64-bit plattform.
+    addPtr(Imm32(count), AbsoluteAddress(&counter.m_counter));
+#elif PLATFORM(X86) // Or any other little-endian 32-bit plattform.
+    intptr_t hiWord = reinterpret_cast<intptr_t>(&counter.m_counter) + sizeof(int32_t);
+    add32(Imm32(count), AbsoluteAddress(&counter.m_counter));
+    addWithCarry32(Imm32(0), AbsoluteAddress(reinterpret_cast<void*>(hiWord)));
+#else
+#error "SAMPLING_FLAGS not implemented on this platform."
+#endif
+}
+#endif
+
+#if ENABLE(OPCODE_SAMPLING)
+#if PLATFORM(X86_64)
+ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
+{
+    move(ImmPtr(m_interpreter->sampler()->sampleSlot()), X86::ecx);
+    storePtr(ImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), X86::ecx);
+}
+#else
+ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
+{
+    storePtr(ImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), m_interpreter->sampler()->sampleSlot());
+}
+#endif
+#endif
+
+#if ENABLE(CODEBLOCK_SAMPLING)
+#if PLATFORM(X86_64)
+ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
+{
+    move(ImmPtr(m_interpreter->sampler()->codeBlockSlot()), X86::ecx);
+    storePtr(ImmPtr(codeBlock), X86::ecx);
+}
+#else
+ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
+{
+    storePtr(ImmPtr(codeBlock), m_interpreter->sampler()->codeBlockSlot());
+}
+#endif
+#endif
+
+#if USE(JSVALUE32_64)
+
+inline JIT::Address JIT::tagFor(unsigned index, RegisterID base)
+{
+    return Address(base, (index * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.tag));
+}
+
+inline JIT::Address JIT::payloadFor(unsigned index, RegisterID base)
+{
+    return Address(base, (index * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.payload));
+}
+
+inline JIT::Address JIT::addressFor(unsigned index, RegisterID base)
+{
+    return Address(base, (index * sizeof(Register)));
+}
+
+inline void JIT::emitLoadTag(unsigned index, RegisterID tag)
+{
+    RegisterID mappedTag;
+    if (getMappedTag(index, mappedTag)) {
+        move(mappedTag, tag);
+        unmap(tag);
+        return;
+    }
+
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        move(Imm32(getConstantOperand(index).tag()), tag);
+        unmap(tag);
+        return;
+    }
+
+    load32(tagFor(index), tag);
+    unmap(tag);
+}
+
+inline void JIT::emitLoadPayload(unsigned index, RegisterID payload)
+{
+    RegisterID mappedPayload;
+    if (getMappedPayload(index, mappedPayload)) {
+        move(mappedPayload, payload);
+        unmap(payload);
+        return;
+    }
+
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        move(Imm32(getConstantOperand(index).payload()), payload);
+        unmap(payload);
+        return;
+    }
+
+    load32(payloadFor(index), payload);
+    unmap(payload);
+}
+
+inline void JIT::emitLoad(const JSValue& v, RegisterID tag, RegisterID payload)
+{
+    move(Imm32(v.payload()), payload);
+    move(Imm32(v.tag()), tag);
+}
+
+inline void JIT::emitLoad(unsigned index, RegisterID tag, RegisterID payload, RegisterID base)
+{
+    ASSERT(tag != payload);
+
+    if (base == callFrameRegister) {
+        ASSERT(payload != base);
+        emitLoadPayload(index, payload);
+        emitLoadTag(index, tag);
+        return;
+    }
+
+    if (payload == base) { // avoid stomping base
+        load32(tagFor(index, base), tag);
+        load32(payloadFor(index, base), payload);
+        return;
+    }
+
+    load32(payloadFor(index, base), payload);
+    load32(tagFor(index, base), tag);
+}
+
+inline void JIT::emitLoad2(unsigned index1, RegisterID tag1, RegisterID payload1, unsigned index2, RegisterID tag2, RegisterID payload2)
+{
+    if (isMapped(index1)) {
+        emitLoad(index1, tag1, payload1);
+        emitLoad(index2, tag2, payload2);
+        return;
+    }
+    emitLoad(index2, tag2, payload2);
+    emitLoad(index1, tag1, payload1);
+}
+
+inline void JIT::emitLoadDouble(unsigned index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        Register& inConstantPool = m_codeBlock->constantRegister(index);
+        loadDouble(&inConstantPool, value);
+    } else
+        loadDouble(addressFor(index), value);
+}
+
+inline void JIT::emitLoadInt32ToDouble(unsigned index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        Register& inConstantPool = m_codeBlock->constantRegister(index);
+        char* bytePointer = reinterpret_cast<char*>(&inConstantPool);
+        convertInt32ToDouble(AbsoluteAddress(bytePointer + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), value);
+    } else
+        convertInt32ToDouble(payloadFor(index), value);
+}
+
+inline void JIT::emitStore(unsigned index, RegisterID tag, RegisterID payload, RegisterID base)
+{
+    store32(payload, payloadFor(index, base));
+    store32(tag, tagFor(index, base));
+}
+
+inline void JIT::emitStoreInt32(unsigned index, RegisterID payload, bool indexIsInt32)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsInt32)
+        store32(Imm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreInt32(unsigned index, Imm32 payload, bool indexIsInt32)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsInt32)
+        store32(Imm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreCell(unsigned index, RegisterID payload, bool indexIsCell)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsCell)
+        store32(Imm32(JSValue::CellTag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreBool(unsigned index, RegisterID tag, bool indexIsBool)
+{
+    if (!indexIsBool)
+        store32(Imm32(0), payloadFor(index, callFrameRegister));
+    store32(tag, tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreDouble(unsigned index, FPRegisterID value)
+{
+    storeDouble(value, addressFor(index));
+}
+
+inline void JIT::emitStore(unsigned index, const JSValue constant, RegisterID base)
+{
+    store32(Imm32(constant.payload()), payloadFor(index, base));
+    store32(Imm32(constant.tag()), tagFor(index, base));
+}
+
+ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
+{
+    emitStore(dst, jsUndefined());
+}
+
+inline bool JIT::isLabeled(unsigned bytecodeIndex)
+{
+    for (size_t numberOfJumpTargets = m_codeBlock->numberOfJumpTargets(); m_jumpTargetIndex != numberOfJumpTargets; ++m_jumpTargetIndex) {
+        unsigned jumpTarget = m_codeBlock->jumpTarget(m_jumpTargetIndex);
+        if (jumpTarget == bytecodeIndex)
+            return true;
+        if (jumpTarget > bytecodeIndex)
+            return false;
+    }
+    return false;
+}
+
+inline void JIT::map(unsigned bytecodeIndex, unsigned virtualRegisterIndex, RegisterID tag, RegisterID payload)
+{
+    if (isLabeled(bytecodeIndex))
+        return;
+
+    m_mappedBytecodeIndex = bytecodeIndex;
+    m_mappedVirtualRegisterIndex = virtualRegisterIndex;
+    m_mappedTag = tag;
+    m_mappedPayload = payload;
+}
+
+inline void JIT::unmap(RegisterID registerID)
+{
+    if (m_mappedTag == registerID)
+        m_mappedTag = (RegisterID)-1;
+    else if (m_mappedPayload == registerID)
+        m_mappedPayload = (RegisterID)-1;
+}
+
+inline void JIT::unmap()
+{
+    m_mappedBytecodeIndex = (unsigned)-1;
+    m_mappedVirtualRegisterIndex = (unsigned)-1;
+    m_mappedTag = (RegisterID)-1;
+    m_mappedPayload = (RegisterID)-1;
+}
+
+inline bool JIT::isMapped(unsigned virtualRegisterIndex)
+{
+    if (m_mappedBytecodeIndex != m_bytecodeIndex)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    return true;
+}
+
+inline bool JIT::getMappedPayload(unsigned virtualRegisterIndex, RegisterID& payload)
+{
+    if (m_mappedBytecodeIndex != m_bytecodeIndex)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    if (m_mappedPayload == (RegisterID)-1)
+        return false;
+    payload = m_mappedPayload;
+    return true;
+}
+
+inline bool JIT::getMappedTag(unsigned virtualRegisterIndex, RegisterID& tag)
+{
+    if (m_mappedBytecodeIndex != m_bytecodeIndex)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    if (m_mappedTag == (RegisterID)-1)
+        return false;
+    tag = m_mappedTag;
+    return true;
+}
+
+inline void JIT::emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex))
+        addSlowCase(branch32(NotEqual, tagFor(virtualRegisterIndex), Imm32(JSValue::CellTag)));
+}
+
+inline void JIT::emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex, RegisterID tag)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex))
+        addSlowCase(branch32(NotEqual, tag, Imm32(JSValue::CellTag)));
+}
+
+inline void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, unsigned virtualRegisterIndex)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex))
+        linkSlowCase(iter);
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
+}
+
+ALWAYS_INLINE bool JIT::getOperandConstantImmediateInt(unsigned op1, unsigned op2, unsigned& op, int32_t& constant)
+{
+    if (isOperandConstantImmediateInt(op1)) {
+        constant = getConstantOperand(op1).asInt32();
+        op = op2;
+        return true;
+    }
+
+    if (isOperandConstantImmediateInt(op2)) {
+        constant = getConstantOperand(op2).asInt32();
+        op = op1;
+        return true;
+    }
+    
+    return false;
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateDouble(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isDouble();
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch1, RegisterID scratch2)
+{
+    if (m_codeBlock->isConstantRegisterIndex(src)) {
+        JSValue constant = m_codeBlock->getConstant(src);
+        poke(Imm32(constant.payload()), argumentNumber);
+        poke(Imm32(constant.tag()), argumentNumber + 1);
+    } else {
+        emitLoad(src, scratch1, scratch2);
+        poke(scratch2, argumentNumber);
+        poke(scratch1, argumentNumber + 1);
+    }
+}
+
+#else // USE(JSVALUE32_64)
+
 ALWAYS_INLINE void JIT::killLastResultRegister()
 {
@@ -83 +612 @@
 }
 
-// puts an arg onto the stack, as an arg to a context threaded function.
-ALWAYS_INLINE void JIT::emitPutJITStubArg(RegisterID src, unsigned argumentNumber)
-{
-    poke(src, argumentNumber);
-}
-
-ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(unsigned value, unsigned argumentNumber)
-{
-    poke(Imm32(value), argumentNumber);
-}
-
-ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(void* value, unsigned argumentNumber)
-{
-    poke(ImmPtr(value), argumentNumber);
-}
-
-ALWAYS_INLINE void JIT::emitGetJITStubArg(unsigned argumentNumber, RegisterID dst)
-{
-    peek(dst, argumentNumber);
-}
-
-ALWAYS_INLINE JSValue JIT::getConstantOperand(unsigned src)
-{
-    ASSERT(m_codeBlock->isConstantRegisterIndex(src));
-    return m_codeBlock->getConstant(src);
-}
-
 ALWAYS_INLINE int32_t JIT::getConstantOperandImmediateInt(unsigned src)
 {
-    return getConstantOperand(src).getInt32Fast();
+    return getConstantOperand(src).asInt32();
 }
 
 ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
 {
-    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32Fast();
-}
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
+}
+
+ALWAYS_INLINE void JIT::emitPutVirtualRegister(unsigned dst, RegisterID from)
+{
+    storePtr(from, Address(callFrameRegister, dst * sizeof(Register)));
+    m_lastResultBytecodeRegister = (from == cachedResultRegister) ? dst : std::numeric_limits<int>::max();
+}
+
+ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
+{
+    storePtr(ImmPtr(JSValue::encode(jsUndefined())), Address(callFrameRegister, dst * sizeof(Register)));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfJSCell(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchTestPtr(Zero, reg, tagMaskRegister);
+#else
+    return branchTest32(Zero, reg, Imm32(JSImmediate::TagMask));
+#endif
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfBothJSCells(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    move(reg1, scratch);
+    orPtr(reg2, scratch);
+    return emitJumpIfJSCell(scratch);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfJSCell(RegisterID reg)
+{
+    addSlowCase(emitJumpIfJSCell(reg));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotJSCell(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchTestPtr(NonZero, reg, tagMaskRegister);
+#else
+    return branchTest32(NonZero, reg, Imm32(JSImmediate::TagMask));
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotJSCell(reg));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg, int vReg)
+{
+    if (!m_codeBlock->isKnownNotImmediate(vReg))
+        emitJumpSlowCaseIfNotJSCell(reg);
+}
+
+#if USE(JSVALUE64)
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateNumber(RegisterID reg)
+{
+    return branchTestPtr(NonZero, reg, tagTypeNumberRegister);
+}
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateNumber(RegisterID reg)
+{
+    return branchTestPtr(Zero, reg, tagTypeNumberRegister);
+}
+#endif
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateInteger(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchPtr(AboveOrEqual, reg, tagTypeNumberRegister);
+#else
+    return branchTest32(NonZero, reg, Imm32(JSImmediate::TagTypeNumber));
+#endif
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateInteger(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchPtr(Below, reg, tagTypeNumberRegister);
+#else
+    return branchTest32(Zero, reg, Imm32(JSImmediate::TagTypeNumber));
+#endif
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    move(reg1, scratch);
+    andPtr(reg2, scratch);
+    return emitJumpIfNotImmediateInteger(scratch);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateInteger(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotImmediateInteger(reg));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    addSlowCase(emitJumpIfNotImmediateIntegers(reg1, reg2, scratch));
+}
+
+#if !USE(JSVALUE64)
+ALWAYS_INLINE void JIT::emitFastArithDeTagImmediate(RegisterID reg)
+{
+    subPtr(Imm32(JSImmediate::TagTypeNumber), reg);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitFastArithDeTagImmediateJumpIfZero(RegisterID reg)
+{
+    return branchSubPtr(Zero, Imm32(JSImmediate::TagTypeNumber), reg);
+}
+#endif
+
+ALWAYS_INLINE void JIT::emitFastArithReTagImmediate(RegisterID src, RegisterID dest)
+{
+#if USE(JSVALUE64)
+    emitFastArithIntToImmNoCheck(src, dest);
+#else
+    if (src != dest)
+        move(src, dest);
+    addPtr(Imm32(JSImmediate::TagTypeNumber), dest);
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitFastArithImmToInt(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    UNUSED_PARAM(reg);
+#else
+    rshiftPtr(Imm32(JSImmediate::IntegerPayloadShift), reg);
+#endif
+}
+
+// operand is int32_t, must have been zero-extended if register is 64-bit.
+ALWAYS_INLINE void JIT::emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest)
+{
+#if USE(JSVALUE64)
+    if (src != dest)
+        move(src, dest);
+    orPtr(tagTypeNumberRegister, dest);
+#else
+    signExtend32ToPtr(src, dest);
+    addPtr(dest, dest);
+    emitFastArithReTagImmediate(dest, dest);
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitTagAsBoolImmediate(RegisterID reg)
+{
+    lshift32(Imm32(JSImmediate::ExtendedPayloadShift), reg);
+    or32(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool)), reg);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
 
 // get arg puts an arg from the SF register array onto the stack, as an arg to a context threaded function.
@@ -134 +788 @@
 }
 
-ALWAYS_INLINE void JIT::emitPutToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry)
-{
-    storePtr(from, Address(callFrameRegister, entry * sizeof(Register)));
-}
-
-ALWAYS_INLINE void JIT::emitPutImmediateToCallFrameHeader(void* value, RegisterFile::CallFrameHeaderEntry entry)
-{
-    storePtr(ImmPtr(value), Address(callFrameRegister, entry * sizeof(Register)));
-}
-
-ALWAYS_INLINE void JIT::emitGetFromCallFrameHeaderPtr(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
-{
-    loadPtr(Address(from, entry * sizeof(Register)), to);
-    killLastResultRegister();
-}
-
-ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader32(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
-{
-    load32(Address(from, entry * sizeof(Register)), to);
-    killLastResultRegister();
-}
-
-ALWAYS_INLINE void JIT::emitPutVirtualRegister(unsigned dst, RegisterID from)
-{
-    storePtr(from, Address(callFrameRegister, dst * sizeof(Register)));
-    m_lastResultBytecodeRegister = (from == cachedResultRegister) ? dst : std::numeric_limits<int>::max();
-    // FIXME: #ifndef NDEBUG, Write the correct m_type to the register.
-}
-
-ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
-{
-    storePtr(ImmPtr(JSValue::encode(jsUndefined())), Address(callFrameRegister, dst * sizeof(Register)));
-    // FIXME: #ifndef NDEBUG, Write the correct m_type to the register.
-}
-
-ALWAYS_INLINE JIT::Call JIT::emitNakedCall(CodePtr function)
-{
-    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
-
-    Call nakedCall = nearCall();
-    m_calls.append(CallRecord(nakedCall, m_bytecodeIndex, function.executableAddress()));
-    return nakedCall;
-}
-
-#if PLATFORM(X86) || PLATFORM(X86_64)
-
-ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
-{
-    pop(reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
-{
-    push(reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
-{
-    push(address);
-}
-
-#elif PLATFORM_ARM_ARCH(7)
-
-ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
-{
-    move(linkRegister, reg);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
-{
-    move(reg, linkRegister);
-}
-
-ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
-{
-    loadPtr(address, linkRegister);
-}
-
-#endif
-
-#if USE(JIT_STUB_ARGUMENT_VA_LIST)
-ALWAYS_INLINE void JIT::restoreArgumentReference()
-{
-    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
-}
-ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline() {}
-#else
-ALWAYS_INLINE void JIT::restoreArgumentReference()
-{
-    move(stackPointerRegister, firstArgumentRegister);
-    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
-}
-ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline()
-{
-#if PLATFORM(X86)
-    // Within a trampoline the return address will be on the stack at this point.
-    addPtr(Imm32(sizeof(void*)), stackPointerRegister, firstArgumentRegister);
-#elif PLATFORM_ARM_ARCH(7)
-    move(stackPointerRegister, firstArgumentRegister);
-#endif
-    // In the trampoline on x86-64, the first argument register is not overwritten.
-}
-#endif
-
-ALWAYS_INLINE JIT::Jump JIT::checkStructure(RegisterID reg, Structure* structure)
-{
-    return branchPtr(NotEqual, Address(reg, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(structure));
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfJSCell(RegisterID reg)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    return branchTestPtr(Zero, reg, tagMaskRegister);
-#else
-    return branchTest32(Zero, reg, Imm32(JSImmediate::TagMask));
-#endif
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfBothJSCells(RegisterID reg1, RegisterID reg2, RegisterID scratch)
-{
-    move(reg1, scratch);
-    orPtr(reg2, scratch);
-    return emitJumpIfJSCell(scratch);
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfJSCell(RegisterID reg)
-{
-    addSlowCase(emitJumpIfJSCell(reg));
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotJSCell(RegisterID reg)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    return branchTestPtr(NonZero, reg, tagMaskRegister);
-#else
-    return branchTest32(NonZero, reg, Imm32(JSImmediate::TagMask));
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
-{
-    addSlowCase(emitJumpIfNotJSCell(reg));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg, int vReg)
-{
-    if (!m_codeBlock->isKnownNotImmediate(vReg))
-        emitJumpSlowCaseIfNotJSCell(reg);
-}
-
-ALWAYS_INLINE void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, int vReg)
-{
-    if (!m_codeBlock->isKnownNotImmediate(vReg))
-        linkSlowCase(iter);
-}
-
-#if USE(ALTERNATE_JSIMMEDIATE)
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateNumber(RegisterID reg)
-{
-    return branchTestPtr(NonZero, reg, tagTypeNumberRegister);
-}
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateNumber(RegisterID reg)
-{
-    return branchTestPtr(Zero, reg, tagTypeNumberRegister);
-}
-#endif
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateInteger(RegisterID reg)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    return branchPtr(AboveOrEqual, reg, tagTypeNumberRegister);
-#else
-    return branchTest32(NonZero, reg, Imm32(JSImmediate::TagTypeNumber));
-#endif
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateInteger(RegisterID reg)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    return branchPtr(Below, reg, tagTypeNumberRegister);
-#else
-    return branchTest32(Zero, reg, Imm32(JSImmediate::TagTypeNumber));
-#endif
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
-{
-    move(reg1, scratch);
-    andPtr(reg2, scratch);
-    return emitJumpIfNotImmediateInteger(scratch);
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateInteger(RegisterID reg)
-{
-    addSlowCase(emitJumpIfNotImmediateInteger(reg));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
-{
-    addSlowCase(emitJumpIfNotImmediateIntegers(reg1, reg2, scratch));
-}
-
-#if !USE(ALTERNATE_JSIMMEDIATE)
-ALWAYS_INLINE void JIT::emitFastArithDeTagImmediate(RegisterID reg)
-{
-    subPtr(Imm32(JSImmediate::TagTypeNumber), reg);
-}
-
-ALWAYS_INLINE JIT::Jump JIT::emitFastArithDeTagImmediateJumpIfZero(RegisterID reg)
-{
-    return branchSubPtr(Zero, Imm32(JSImmediate::TagTypeNumber), reg);
-}
-#endif
-
-ALWAYS_INLINE void JIT::emitFastArithReTagImmediate(RegisterID src, RegisterID dest)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    emitFastArithIntToImmNoCheck(src, dest);
-#else
-    if (src != dest)
-        move(src, dest);
-    addPtr(Imm32(JSImmediate::TagTypeNumber), dest);
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitFastArithImmToInt(RegisterID reg)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    UNUSED_PARAM(reg);
-#else
-    rshiftPtr(Imm32(JSImmediate::IntegerPayloadShift), reg);
-#endif
-}
-
-// operand is int32_t, must have been zero-extended if register is 64-bit.
-ALWAYS_INLINE void JIT::emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest)
-{
-#if USE(ALTERNATE_JSIMMEDIATE)
-    if (src != dest)
-        move(src, dest);
-    orPtr(tagTypeNumberRegister, dest);
-#else
-    signExtend32ToPtr(src, dest);
-    addPtr(dest, dest);
-    emitFastArithReTagImmediate(dest, dest);
-#endif
-}
-
-ALWAYS_INLINE void JIT::emitTagAsBoolImmediate(RegisterID reg)
-{
-    lshift32(Imm32(JSImmediate::ExtendedPayloadShift), reg);
-    or32(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool)), reg);
-}
-
-ALWAYS_INLINE void JIT::addSlowCase(Jump jump)
-{
-    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
-
-    m_slowCases.append(SlowCaseEntry(jump, m_bytecodeIndex));
-}
-
-ALWAYS_INLINE void JIT::addJump(Jump jump, int relativeOffset)
-{
-    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
-
-    m_jmpTable.append(JumpTable(jump, m_bytecodeIndex + relativeOffset));
-}
-
-ALWAYS_INLINE void JIT::emitJumpSlowToHot(Jump jump, int relativeOffset)
-{
-    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
-
-    jump.linkTo(m_labels[m_bytecodeIndex + relativeOffset], this);
-}
-
-#if ENABLE(SAMPLING_FLAGS)
-ALWAYS_INLINE void JIT::setSamplingFlag(int32_t flag)
-{
-    ASSERT(flag >= 1);
-    ASSERT(flag <= 32);
-    or32(Imm32(1u << (flag - 1)), AbsoluteAddress(&SamplingFlags::s_flags));
-}
-
-ALWAYS_INLINE void JIT::clearSamplingFlag(int32_t flag)
-{
-    ASSERT(flag >= 1);
-    ASSERT(flag <= 32);
-    and32(Imm32(~(1u << (flag - 1))), AbsoluteAddress(&SamplingFlags::s_flags));
-}
-#endif
-
-#if ENABLE(SAMPLING_COUNTERS)
-ALWAYS_INLINE void JIT::emitCount(AbstractSamplingCounter& counter, uint32_t count)
-{
-#if PLATFORM(X86_64) // Or any other 64-bit plattform.
-    addPtr(Imm32(count), AbsoluteAddress(&counter.m_counter));
-#elif PLATFORM(X86) // Or any other little-endian 32-bit plattform.
-    intptr_t hiWord = reinterpret_cast<intptr_t>(&counter.m_counter) + sizeof(int32_t);
-    add32(Imm32(count), AbsoluteAddress(&counter.m_counter));
-    addWithCarry32(Imm32(0), AbsoluteAddress(reinterpret_cast<void*>(hiWord)));
-#else
-#error "SAMPLING_FLAGS not implemented on this platform."
-#endif
-}
-#endif
-
-#if ENABLE(OPCODE_SAMPLING)
-#if PLATFORM(X86_64)
-ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
-{
-    move(ImmPtr(m_interpreter->sampler()->sampleSlot()), X86::ecx);
-    storePtr(ImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), X86::ecx);
-}
-#else
-ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
-{
-    storePtr(ImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), m_interpreter->sampler()->sampleSlot());
-}
-#endif
-#endif
-
-#if ENABLE(CODEBLOCK_SAMPLING)
-#if PLATFORM(X86_64)
-ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
-{
-    move(ImmPtr(m_interpreter->sampler()->codeBlockSlot()), X86::ecx);
-    storePtr(ImmPtr(codeBlock), X86::ecx);
-}
-#else
-ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
-{
-    storePtr(ImmPtr(codeBlock), m_interpreter->sampler()->codeBlockSlot());
-}
-#endif
-#endif
-}
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
 
 #endif // ENABLE(JIT)

trunk/JavaScriptCore/jit/JITOpcodes.cpp

@@ -33 +33 @@
 #include "JSArray.h"
 #include "JSCell.h"
+#include "JSFunction.h"
+#include "LinkBuffer.h"
 
 namespace JSC {
+
+#if USE(JSVALUE32_64)
+
+void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
+{
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    // (1) This function provides fast property access for string length
+    Label stringLengthBegin = align();
+    
+    // regT0 holds payload, regT1 holds tag
+    
+    Jump string_failureCases1 = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+
+    // Checks out okay! - get the length from the Ustring.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSString, m_value) + OBJECT_OFFSETOF(UString, m_rep)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(UString::Rep, len)), regT2);
+
+    Jump string_failureCases3 = branch32(Above, regT2, Imm32(INT_MAX));
+    move(regT2, regT0);
+    move(Imm32(JSValue::Int32Tag), regT1);
+
+    ret();
+#endif
+
+    // (2) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    /* VirtualCallPreLink Trampoline */
+    Label virtualCallPreLinkBegin = align();
+
+    // regT0 holds callee, regT1 holds argCount.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_body)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT2);
+    Jump hasCodeBlock1 = branchTestPtr(NonZero, regT2);
+
+    // Lazily generate a CodeBlock.
+    preserveReturnAddressAfterCall(regT3); // return address
+    restoreArgumentReference();
+    Call callJSFunction1 = call();
+    move(regT0, regT2);
+    emitGetJITStubArg(1, regT0); // callee
+    emitGetJITStubArg(5, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3); // return address
+    hasCodeBlock1.link(this);
+
+    // regT2 holds codeBlock.
+    Jump isNativeFunc1 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay1 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 3); // return address
+    emitPutJITStubArg(regT2, 7); // codeBlock
+    restoreArgumentReference();
+    Call callArityCheck1 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(1, regT0); // callee
+    emitGetJITStubArg(5, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3); // return address
+
+    arityCheckOkay1.link(this);
+    isNativeFunc1.link(this);
+    
+    compileOpCallInitializeCallFrame();
+
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 3);
+    restoreArgumentReference();
+    Call callDontLazyLinkCall = call();
+    restoreReturnAddressBeforeReturn(regT3);
+    jump(regT0);
+
+    /* VirtualCallLink Trampoline */
+    Label virtualCallLinkBegin = align();
+
+    // regT0 holds callee, regT1 holds argCount.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_body)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT2);
+    Jump hasCodeBlock2 = branchTestPtr(NonZero, regT2);
+
+    // Lazily generate a CodeBlock.
+    preserveReturnAddressAfterCall(regT3); // return address
+    restoreArgumentReference();
+    Call callJSFunction2 = call();
+    move(regT0, regT2);
+    emitGetJITStubArg(1, regT0); // callee
+    emitGetJITStubArg(5, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3); // return address
+    hasCodeBlock2.link(this);
+
+    // regT2 holds codeBlock.
+    Jump isNativeFunc2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 3); // return address
+    emitPutJITStubArg(regT2, 7); // codeBlock
+    restoreArgumentReference();
+    Call callArityCheck2 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(1, regT0); // callee
+    emitGetJITStubArg(5, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3); // return address
+
+    arityCheckOkay2.link(this);
+    isNativeFunc2.link(this);
+
+    compileOpCallInitializeCallFrame();
+
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 3);
+    restoreArgumentReference();
+    Call callLazyLinkCall = call();
+    restoreReturnAddressBeforeReturn(regT3);
+    jump(regT0);
+#endif // ENABLE(JIT_OPTIMIZE_CALL)
+
+    /* VirtualCall Trampoline */
+    Label virtualCallBegin = align();
+
+    // regT0 holds callee, regT1 holds argCount.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_body)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT2);
+    Jump hasCodeBlock3 = branchTestPtr(NonZero, regT2);
+
+    // Lazily generate a CodeBlock.
+    preserveReturnAddressAfterCall(regT3); // return address
+    restoreArgumentReference();
+    Call callJSFunction3 = call();
+    move(regT0, regT2);
+    emitGetJITStubArg(1, regT0); // callee
+    emitGetJITStubArg(5, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3); // return address
+    hasCodeBlock3.link(this);
+    
+    // regT2 holds codeBlock.
+    Jump isNativeFunc3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
+    
+    // Check argCount matches callee.
+    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 3); // return address
+    emitPutJITStubArg(regT2, 7); // codeBlock
+    restoreArgumentReference();
+    Call callArityCheck3 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(1, regT0); // callee
+    emitGetJITStubArg(5, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3); // return address
+
+    arityCheckOkay3.link(this);
+    isNativeFunc3.link(this);
+    compileOpCallInitializeCallFrame();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_body)), regT0);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(FunctionBodyNode, m_jitCode)), regT0);
+    jump(regT0);
+
+#if PLATFORM(X86)
+    Label nativeCallThunk = align();
+    preserveReturnAddressAfterCall(regT0);
+    emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
+
+    // Load caller frame's scope chain into this callframe so that whatever we call can
+    // get to its global data.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
+    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
+
+    /* We have two structs that we use to describe the stackframe we set up for our
+     * call to native code.  NativeCallFrameStructure describes the how we set up the stack
+     * in advance of the call.  NativeFunctionCalleeSignature describes the callframe
+     * as the native code expects it.  We do this as we are using the fastcall calling
+     * convention which results in the callee popping its arguments off the stack, but
+     * not the rest of the callframe so we need a nice way to ensure we increment the
+     * stack pointer by the right amount after the call.
+     */
+
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+#if COMPILER(MSVC)
+#pragma pack(push)
+#pragma pack(4)
+#endif // COMPILER(MSVC)
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in EDX
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+        JSValue result;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#if COMPILER(MSVC)
+#pragma pack(pop)
+#endif // COMPILER(MSVC)
+#else
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in ECX
+      //  JSObject* callee; // passed in EDX
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#endif
+    
+    const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
+    // Allocate system stack frame
+    subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
+
+    // Set up arguments
+    subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
+
+    // push argcount
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
+    
+    // Calculate the start of the callframe header, and store in regT1
+    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
+    
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
+    mul32(Imm32(sizeof(Register)), regT0, regT0);
+    subPtr(regT0, regT1);
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
+
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
+
+    // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
+    loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
+    loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT3);
+    storePtr(regT2, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+    storePtr(regT3, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86::ecx);
+
+    // Plant callee
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::eax);
+    storePtr(X86::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
+
+    // Plant callframe
+    move(callFrameRegister, X86::edx);
+
+    call(Address(X86::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
+
+    // JSValue is a non-POD type, so eax points to it
+    emitLoad(0, regT1, regT0, X86::eax);
+#else
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::edx); // callee
+    move(callFrameRegister, X86::ecx); // callFrame
+    call(Address(X86::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
+#endif
+
+    // We've put a few temporaries on the stack in addition to the actual arguments
+    // so pull them off now
+    addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
+
+    // Check for an exception
+    // FIXME: Maybe we can optimize this comparison to JSValue().
+    move(ImmPtr(&globalData->exception), regT2);
+    Jump sawException1 = branch32(NotEqual, tagFor(0, regT2), Imm32(JSValue::CellTag));
+    Jump sawException2 = branch32(NonZero, payloadFor(0, regT2), Imm32(0));
+
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT3);
+    
+    // Restore our caller's "r".
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    
+    // Return.
+    restoreReturnAddressBeforeReturn(regT3);
+    ret();
+
+    // Handle an exception
+    sawException1.link(this);
+    sawException2.link(this);
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+    move(ImmPtr(&globalData->exceptionLocation), regT2);
+    storePtr(regT1, regT2);
+    move(ImmPtr(reinterpret_cast<void*>(ctiVMThrowTrampoline)), regT2);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+    restoreReturnAddressBeforeReturn(regT2);
+    ret();
+
+#elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
+#error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
+#else
+    breakpoint();
+#endif
+    
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
+    Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
+    Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
+#endif
+
+    // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
+    LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    patchBuffer.link(string_failureCases1Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases2Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases3Call, FunctionPtr(cti_op_get_by_id_string_fail));
+#endif
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    patchBuffer.link(callArityCheck1, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction1, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callArityCheck2, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction2, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callDontLazyLinkCall, FunctionPtr(cti_vm_dontLazyLinkCall));
+    patchBuffer.link(callLazyLinkCall, FunctionPtr(cti_vm_lazyLinkCall));
+#endif
+    patchBuffer.link(callArityCheck3, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction3, FunctionPtr(cti_op_call_JSFunction));
+
+    CodeRef finalCode = patchBuffer.finalizeCode();
+    *executablePool = finalCode.m_executablePool;
+
+    *ctiVirtualCall = trampolineAt(finalCode, virtualCallBegin);
+    *ctiNativeCallThunk = trampolineAt(finalCode, nativeCallThunk);
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    *ctiStringLengthTrampoline = trampolineAt(finalCode, stringLengthBegin);
+#else
+    UNUSED_PARAM(ctiStringLengthTrampoline);
+#endif
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    *ctiVirtualCallPreLink = trampolineAt(finalCode, virtualCallPreLinkBegin);
+    *ctiVirtualCallLink = trampolineAt(finalCode, virtualCallLinkBegin);
+#else
+    UNUSED_PARAM(ctiVirtualCallPreLink);
+    UNUSED_PARAM(ctiVirtualCallLink);
+#endif
+}
+
+void JIT::emit_op_mov(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    if (m_codeBlock->isConstantRegisterIndex(src))
+        emitStore(dst, getConstantOperand(src));
+    else {
+        emitLoad(src, regT1, regT0);
+        emitStore(dst, regT1, regT0);
+        map(m_bytecodeIndex + OPCODE_LENGTH(op_mov), dst, regT1, regT0);
+    }
+}
+
+void JIT::emit_op_end(Instruction* currentInstruction)
+{
+    if (m_codeBlock->needsFullScopeChain())
+        JITStubCall(this, cti_op_end).call();
+    ASSERT(returnValueRegister != callFrameRegister);
+    emitLoad(currentInstruction[1].u.operand, regT1, regT0);
+    restoreReturnAddressBeforeReturn(Address(callFrameRegister, RegisterFile::ReturnPC * static_cast<int>(sizeof(Register))));
+    ret();
+}
+
+void JIT::emit_op_jmp(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[1].u.operand;
+    addJump(jump(), target + 1);
+}
+
+void JIT::emit_op_loop(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[1].u.operand;
+    emitTimeoutCheck();
+    addJump(jump(), target + 1);
+}
+
+void JIT::emit_op_loop_if_less(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emitTimeoutCheck();
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThan, regT0, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+        return;
+    }
+    
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThan, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    addJump(branch32(LessThan, regT0, regT2), target + 3);
+}
+
+void JIT::emitSlow_op_loop_if_less(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_loop_if_less);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+}
+
+void JIT::emit_op_loop_if_lesseq(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emitTimeoutCheck();
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+        return;
+    }
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThanOrEqual, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    addJump(branch32(LessThanOrEqual, regT0, regT2), target + 3);
+}
+
+void JIT::emitSlow_op_loop_if_lesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_loop_if_lesseq);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+}
+
+void JIT::emit_op_new_object(Instruction* currentInstruction)
+{
+    JITStubCall(this, cti_op_new_object).call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_instanceof(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned value = currentInstruction[2].u.operand;
+    unsigned baseVal = currentInstruction[3].u.operand;
+    unsigned proto = currentInstruction[4].u.operand;
+
+    // Load the operands (baseVal, proto, and value respectively) into registers.
+    // We use regT0 for baseVal since we will be done with this first, and we can then use it for the result.
+    emitLoadPayload(proto, regT1);
+    emitLoadPayload(baseVal, regT0);
+    emitLoadPayload(value, regT2);
+
+    // Check that baseVal & proto are cells.
+    emitJumpSlowCaseIfNotJSCell(proto);
+    emitJumpSlowCaseIfNotJSCell(baseVal);
+
+    // Check that baseVal is an object, that it 'ImplementsHasInstance' but that it does not 'OverridesHasInstance'.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    addSlowCase(branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType))); // FIXME: Maybe remove this test.
+    addSlowCase(branchTest32(Zero, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(ImplementsHasInstance))); // FIXME: TOT checks ImplementsDefaultHasInstance.
+
+    // If value is not an Object, return false.
+    emitLoadTag(value, regT0);
+    Jump valueIsImmediate = branch32(NotEqual, regT0, Imm32(JSValue::CellTag));
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    Jump valueIsNotObject = branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)); // FIXME: Maybe remove this test.
+
+    // Check proto is object.
+    loadPtr(Address(regT1, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    addSlowCase(branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)));
+
+    // Optimistically load the result true, and start looping.
+    // Initially, regT1 still contains proto and regT2 still contains value.
+    // As we loop regT2 will be updated with its prototype, recursively walking the prototype chain.
+    move(Imm32(JSValue::TrueTag), regT0);
+    Label loop(this);
+
+    // Load the prototype of the object in regT2.  If this is equal to regT1 - WIN!
+    // Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
+    Jump isInstance = branchPtr(Equal, regT2, regT1);
+    branch32(NotEqual, regT2, Imm32(0), loop);
+
+    // We get here either by dropping out of the loop, or if value was not an Object.  Result is false.
+    valueIsImmediate.link(this);
+    valueIsNotObject.link(this);
+    move(Imm32(JSValue::FalseTag), regT0);
+
+    // isInstance jumps right down to here, to skip setting the result to false (it has already set true).
+    isInstance.link(this);
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emitSlow_op_instanceof(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned value = currentInstruction[2].u.operand;
+    unsigned baseVal = currentInstruction[3].u.operand;
+    unsigned proto = currentInstruction[4].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, baseVal);
+    linkSlowCaseIfNotJSCell(iter, proto);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_instanceof);
+    stubCall.addArgument(value);
+    stubCall.addArgument(baseVal);
+    stubCall.addArgument(proto);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_new_func(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_func);
+    stubCall.addArgument(ImmPtr(m_codeBlock->function(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_get_global_var(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[2].u.jsCell);
+    ASSERT(globalObject->isGlobalObject());
+    int index = currentInstruction[3].u.operand;
+
+    loadPtr(&globalObject->d()->registers, regT2);
+
+    emitLoad(index, regT1, regT0, regT2);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_global_var), dst, regT1, regT0);
+}
+
+void JIT::emit_op_put_global_var(Instruction* currentInstruction)
+{
+    JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[1].u.jsCell);
+    ASSERT(globalObject->isGlobalObject());
+    int index = currentInstruction[2].u.operand;
+    int value = currentInstruction[3].u.operand;
+
+    emitLoad(value, regT1, regT0);
+
+    loadPtr(&globalObject->d()->registers, regT2);
+    emitStore(index, regT1, regT0, regT2);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_put_global_var), value, regT1, regT0);
+}
+
+void JIT::emit_op_get_scoped_var(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int index = currentInstruction[2].u.operand;
+    int skip = currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain();
+
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
+    while (skip--)
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
+
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
+
+    emitLoad(index, regT1, regT0, regT2);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_scoped_var), dst, regT1, regT0);
+}
+
+void JIT::emit_op_put_scoped_var(Instruction* currentInstruction)
+{
+    int index = currentInstruction[1].u.operand;
+    int skip = currentInstruction[2].u.operand + m_codeBlock->needsFullScopeChain();
+    int value = currentInstruction[3].u.operand;
+
+    emitLoad(value, regT1, regT0);
+
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
+    while (skip--)
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
+
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
+
+    emitStore(index, regT1, regT0, regT2);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_put_scoped_var), value, regT1, regT0);
+}
+
+void JIT::emit_op_tear_off_activation(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_tear_off_activation);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call();
+}
+
+void JIT::emit_op_tear_off_arguments(Instruction*)
+{
+    JITStubCall(this, cti_op_tear_off_arguments).call();
+}
+
+void JIT::emit_op_new_array(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_array);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_to_primitive(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isImm = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    isImm.link(this);
+
+    if (dst != src)
+        emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_to_primitive), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_to_primitive(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_to_primitive);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_strcat(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_strcat);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_loop_if_true(Instruction* currentInstruction)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitTimeoutCheck();
+
+    emitLoad(cond, regT1, regT0);
+
+    Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addJump(branch32(NotEqual, regT0, Imm32(0)), target + 2);
+    Jump isNotZero = jump();
+
+    isNotInteger.link(this);
+
+    addJump(branch32(Equal, regT1, Imm32(JSValue::TrueTag)), target + 2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::FalseTag)));
+
+    isNotZero.link(this);
+}
+
+void JIT::emitSlow_op_loop_if_true(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(cond);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 2);
+}
+
+void JIT::emit_op_resolve_base(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_skip(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_skip);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain()));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_global(Instruction* currentInstruction)
+{
+    // FIXME: Optimize to use patching instead of so many memory accesses.
+
+    unsigned dst = currentInstruction[1].u.operand;
+    void* globalObject = currentInstruction[2].u.jsCell;
+    
+    unsigned currentIndex = m_globalResolveInfoIndex++;
+    void* structureAddress = &(m_codeBlock->globalResolveInfo(currentIndex).structure);
+    void* offsetAddr = &(m_codeBlock->globalResolveInfo(currentIndex).offset);
+
+    // Verify structure.
+    move(ImmPtr(globalObject), regT0);
+    loadPtr(structureAddress, regT1);
+    addSlowCase(branchPtr(NotEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure))));
+
+    // Load property.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSGlobalObject, m_externalStorage)), regT2);
+    load32(offsetAddr, regT3);
+    load32(BaseIndex(regT2, regT3, TimesEight), regT0); // payload
+    load32(BaseIndex(regT2, regT3, TimesEight, 4), regT1); // tag
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_resolve_global(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    void* globalObject = currentInstruction[2].u.jsCell;
+    Identifier* ident = &m_codeBlock->identifier(currentInstruction[3].u.operand);
+
+    unsigned currentIndex = m_globalResolveInfoIndex++;
+
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_resolve_global);
+    stubCall.addArgument(ImmPtr(globalObject));
+    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(Imm32(currentIndex));
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_not(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoadTag(src, regT0);
+
+    xor32(Imm32(JSValue::FalseTag), regT0);
+    addSlowCase(branchTest32(NonZero, regT0, Imm32(~1)));
+    xor32(Imm32(JSValue::TrueTag), regT0);
+
+    emitStoreBool(dst, regT0, (dst == src));
+}
+
+void JIT::emitSlow_op_not(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_not);
+    stubCall.addArgument(src);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_jfalse(Instruction* currentInstruction)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(cond, regT1, regT0);
+
+    Jump isTrue = branch32(Equal, regT1, Imm32(JSValue::TrueTag));
+    addJump(branch32(Equal, regT1, Imm32(JSValue::FalseTag)), target + 2);
+
+    Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    Jump isTrue2 = branch32(NotEqual, regT0, Imm32(0));
+    addJump(jump(), target + 2);
+
+    isNotInteger.link(this);
+
+    addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+    zeroDouble(fpRegT0);
+    emitLoadDouble(cond, fpRegT1);
+    addJump(branchDouble(DoubleEqual, fpRegT0, fpRegT1), target + 2);
+    
+    isTrue.link(this);
+    isTrue2.link(this);
+}
+
+void JIT::emitSlow_op_jfalse(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(cond);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), target + 2); // Inverted.
+}
+
+void JIT::emit_op_jtrue(Instruction* currentInstruction)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(cond, regT1, regT0);
+
+    Jump isFalse = branch32(Equal, regT1, Imm32(JSValue::FalseTag));
+    addJump(branch32(Equal, regT1, Imm32(JSValue::TrueTag)), target + 2);
+
+    Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    Jump isFalse2 = branch32(Equal, regT0, Imm32(0));
+    addJump(jump(), target + 2);
+
+    isNotInteger.link(this);
+
+    addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+    zeroDouble(fpRegT0);
+    emitLoadDouble(cond, fpRegT1);
+    addJump(branchDouble(DoubleNotEqual, fpRegT0, fpRegT1), target + 2);
+    
+    isFalse.link(this);
+    isFalse2.link(this);
+}
+
+void JIT::emitSlow_op_jtrue(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(cond);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 2);
+}
+
+void JIT::emit_op_jeq_null(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addJump(branchTest32(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target + 2);
+
+    Jump wasNotImmediate = jump();
+
+    // Now handle the immediate cases - undefined & null
+    isImmediate.link(this);
+
+    set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
+    set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    or32(regT2, regT1);
+
+    addJump(branchTest32(NonZero, regT1), target + 2);
+
+    wasNotImmediate.link(this);
+}
+
+void JIT::emit_op_jneq_null(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addJump(branchTest32(Zero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target + 2);
+
+    Jump wasNotImmediate = jump();
+
+    // Now handle the immediate cases - undefined & null
+    isImmediate.link(this);
+
+    set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
+    set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    or32(regT2, regT1);
+
+    addJump(branchTest32(Zero, regT1), target + 2);
+
+    wasNotImmediate.link(this);
+}
+
+void JIT::emit_op_jneq_ptr(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    JSCell* ptr = currentInstruction[2].u.jsCell;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    addJump(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)), target + 3);
+    addJump(branchPtr(NotEqual, regT0, ImmPtr(ptr)), target + 3);
+}
+
+void JIT::emit_op_jsr(Instruction* currentInstruction)
+{
+    int retAddrDst = currentInstruction[1].u.operand;
+    int target = currentInstruction[2].u.operand;
+    DataLabelPtr storeLocation = storePtrWithPatch(ImmPtr(0), Address(callFrameRegister, sizeof(Register) * retAddrDst));
+    addJump(jump(), target + 2);
+    m_jsrSites.append(JSRInfo(storeLocation, label()));
+}
+
+void JIT::emit_op_sret(Instruction* currentInstruction)
+{
+    jump(Address(callFrameRegister, sizeof(Register) * currentInstruction[1].u.operand));
+}
+
+void JIT::emit_op_eq(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+    
+    emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, regT3));
+    addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
+    addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
+
+    set8(Equal, regT0, regT2, regT0);
+    or32(Imm32(JSValue::FalseTag), regT0);
+
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emitSlow_op_eq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    
+    JumpList storeResult;
+    JumpList genericCase;
+    
+    genericCase.append(getSlowCase(iter)); // tags not equal
+
+    linkSlowCase(iter); // tags equal and JSCell
+    genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
+
+    // String case.
+    JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
+    stubCallEqStrings.addArgument(regT0);
+    stubCallEqStrings.addArgument(regT2);
+    stubCallEqStrings.call();
+    storeResult.append(jump());
+
+    // Generic case.
+    genericCase.append(getSlowCase(iter)); // doubles
+    genericCase.link(this);
+    JITStubCall stubCallEq(this, cti_op_eq);
+    stubCallEq.addArgument(op1);
+    stubCallEq.addArgument(op2);
+    stubCallEq.call(regT0);
+
+    storeResult.link(this);
+    or32(Imm32(JSValue::FalseTag), regT0);
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emit_op_neq(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+    
+    emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, regT3));
+    addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
+    addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
+
+    set8(NotEqual, regT0, regT2, regT0);
+    or32(Imm32(JSValue::FalseTag), regT0);
+
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emitSlow_op_neq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    
+    JumpList storeResult;
+    JumpList genericCase;
+    
+    genericCase.append(getSlowCase(iter)); // tags not equal
+
+    linkSlowCase(iter); // tags equal and JSCell
+    genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
+
+    // String case.
+    JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
+    stubCallEqStrings.addArgument(regT0);
+    stubCallEqStrings.addArgument(regT2);
+    stubCallEqStrings.call(regT0);
+    storeResult.append(jump());
+
+    // Generic case.
+    genericCase.append(getSlowCase(iter)); // doubles
+    genericCase.link(this);
+    JITStubCall stubCallEq(this, cti_op_eq);
+    stubCallEq.addArgument(regT1, regT0);
+    stubCallEq.addArgument(regT3, regT2);
+    stubCallEq.call(regT0);
+
+    storeResult.link(this);
+    xor32(Imm32(0x1), regT0);
+    or32(Imm32(JSValue::FalseTag), regT0);
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    emitLoadTag(src1, regT0);
+    emitLoadTag(src2, regT1);
+
+    // Jump to a slow case if either operand is double, or if both operands are
+    // cells and/or Int32s.
+    move(regT0, regT2);
+    and32(regT1, regT2);
+    addSlowCase(branch32(Below, regT2, Imm32(JSValue::LowestTag)));
+    addSlowCase(branch32(AboveOrEqual, regT2, Imm32(JSValue::CellTag)));
+
+    if (type == OpStrictEq)
+        set8(Equal, regT0, regT1, regT0);
+    else
+        set8(NotEqual, regT0, regT1, regT0);
+
+    or32(Imm32(JSValue::FalseTag), regT0);
+
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emit_op_stricteq(Instruction* currentInstruction)
+{
+    compileOpStrictEq(currentInstruction, OpStrictEq);
+}
+
+void JIT::emitSlow_op_stricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_stricteq);
+    stubCall.addArgument(src1);
+    stubCall.addArgument(src2);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_nstricteq(Instruction* currentInstruction)
+{
+    compileOpStrictEq(currentInstruction, OpNStrictEq);
+}
+
+void JIT::emitSlow_op_nstricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_nstricteq);
+    stubCall.addArgument(src1);
+    stubCall.addArgument(src2);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_eq_null(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
+    setTest8(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
+
+    Jump wasNotImmediate = jump();
+
+    isImmediate.link(this);
+
+    set8(Equal, regT1, Imm32(JSValue::NullTag), regT2);
+    set8(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    or32(regT2, regT1);
+
+    wasNotImmediate.link(this);
+
+    or32(Imm32(JSValue::FalseTag), regT1);
+
+    emitStoreBool(dst, regT1);
+}
+
+void JIT::emit_op_neq_null(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
+    setTest8(Zero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
+
+    Jump wasNotImmediate = jump();
+
+    isImmediate.link(this);
+
+    set8(NotEqual, regT1, Imm32(JSValue::NullTag), regT2);
+    set8(NotEqual, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    and32(regT2, regT1);
+
+    wasNotImmediate.link(this);
+
+    or32(Imm32(JSValue::FalseTag), regT1);
+
+    emitStoreBool(dst, regT1);
+}
+
+void JIT::emit_op_resolve_with_base(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_with_base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call(currentInstruction[2].u.operand);
+}
+
+void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_func_exp);
+    stubCall.addArgument(ImmPtr(m_codeBlock->functionExpression(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_new_regexp(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_regexp);
+    stubCall.addArgument(ImmPtr(m_codeBlock->regexp(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_throw(Instruction* currentInstruction)
+{
+    unsigned exception = currentInstruction[1].u.operand;
+    JITStubCall stubCall(this, cti_op_throw);
+    stubCall.addArgument(exception);
+    stubCall.call();
+
+#ifndef NDEBUG
+    // cti_op_throw always changes it's return address,
+    // this point in the code should never be reached.
+    breakpoint();
+#endif
+}
+
+void JIT::emit_op_next_pname(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int iter = currentInstruction[2].u.operand;
+    int target = currentInstruction[3].u.operand;
+
+    load32(Address(callFrameRegister, (iter * sizeof(Register))), regT0);
+
+    JITStubCall stubCall(this, cti_op_next_pname);
+    stubCall.addArgument(regT0);
+    stubCall.call();
+
+    Jump endOfIter = branchTestPtr(Zero, regT0);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_next_pname), dst, regT1, regT0);
+    addJump(jump(), target + 3);
+    endOfIter.link(this);
+}
+
+void JIT::emit_op_push_scope(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_push_scope);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_pop_scope(Instruction*)
+{
+    JITStubCall(this, cti_op_pop_scope).call();
+}
+
+void JIT::emit_op_to_jsnumber(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isInt32 = branch32(Equal, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branch32(AboveOrEqual, regT1, Imm32(JSValue::DeletedValueTag)));
+    isInt32.link(this);
+
+    if (src != dst)
+        emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_to_jsnumber), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_to_jsnumber(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_to_jsnumber);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_push_new_scope(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_push_new_scope);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(currentInstruction[3].u.operand);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_catch(Instruction* currentInstruction)
+{
+    unsigned exception = currentInstruction[1].u.operand;
+
+    // This opcode only executes after a return from cti_op_throw.
+
+    // cti_op_throw may have taken us to a call frame further up the stack; reload
+    // the call frame pointer to adjust.
+    peek(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+
+    // Now store the exception returned by cti_op_throw.
+    emitStore(exception, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_catch), exception, regT1, regT0);
+}
+
+void JIT::emit_op_jmp_scopes(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_jmp_scopes);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call();
+    addJump(jump(), currentInstruction[2].u.operand + 2);
+}
+
+void JIT::emit_op_switch_imm(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    SimpleJumpTable* jumpTable = &m_codeBlock->immediateSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Immediate));
+    jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
+
+    JITStubCall stubCall(this, cti_op_switch_imm);
+    stubCall.addArgument(scrutinee);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_switch_char(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    SimpleJumpTable* jumpTable = &m_codeBlock->characterSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Character));
+    jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
+
+    JITStubCall stubCall(this, cti_op_switch_char);
+    stubCall.addArgument(scrutinee);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_switch_string(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    StringJumpTable* jumpTable = &m_codeBlock->stringSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset));
+
+    JITStubCall stubCall(this, cti_op_switch_string);
+    stubCall.addArgument(scrutinee);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_new_error(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned type = currentInstruction[2].u.operand;
+    unsigned message = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_new_error);
+    stubCall.addArgument(Imm32(type));
+    stubCall.addArgument(m_codeBlock->getConstant(message));
+    stubCall.addArgument(Imm32(m_bytecodeIndex));
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_debug(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_debug);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call();
+}
+
+
+void JIT::emit_op_enter(Instruction*)
+{
+    // Even though JIT code doesn't use them, we initialize our constant
+    // registers to zap stale pointers, to avoid unnecessarily prolonging
+    // object lifetime and increasing GC pressure.
+    for (int i = 0; i < m_codeBlock->m_numVars; ++i)
+        emitStore(i, jsUndefined());
+}
+
+void JIT::emit_op_enter_with_activation(Instruction* currentInstruction)
+{
+    emit_op_enter(currentInstruction);
+
+    JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_create_arguments(Instruction*)
+{
+    Jump argsNotCell = branch32(NotEqual, tagFor(RegisterFile::ArgumentsRegister, callFrameRegister), Imm32(JSValue::CellTag));
+    Jump argsNotNull = branchTestPtr(NonZero, payloadFor(RegisterFile::ArgumentsRegister, callFrameRegister));
+
+    // If we get here the arguments pointer is a null cell - i.e. arguments need lazy creation.
+    if (m_codeBlock->m_numParameters == 1)
+        JITStubCall(this, cti_op_create_arguments_no_params).call();
+    else
+        JITStubCall(this, cti_op_create_arguments).call();
+
+    argsNotCell.link(this);
+    argsNotNull.link(this);
+}
+    
+void JIT::emit_op_init_arguments(Instruction*)
+{
+    emitStore(RegisterFile::ArgumentsRegister, JSValue(), callFrameRegister);
+}
+
+void JIT::emit_op_convert_this(Instruction* currentInstruction)
+{
+    unsigned thisRegister = currentInstruction[1].u.operand;
+    
+    emitLoad(thisRegister, regT1, regT0);
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addSlowCase(branchTest32(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
+
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_convert_this), thisRegister, regT1, regT0);
+}
+
+void JIT::emitSlow_op_convert_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned thisRegister = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_convert_this);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(thisRegister);
+}
+
+void JIT::emit_op_profile_will_call(Instruction* currentInstruction)
+{
+    peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof (void*));
+    Jump noProfiler = branchTestPtr(Zero, Address(regT2));
+
+    JITStubCall stubCall(this, cti_op_profile_will_call);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call();
+    noProfiler.link(this);
+}
+
+void JIT::emit_op_profile_did_call(Instruction* currentInstruction)
+{
+    peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof (void*));
+    Jump noProfiler = branchTestPtr(Zero, Address(regT2));
+
+    JITStubCall stubCall(this, cti_op_profile_did_call);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call();
+    noProfiler.link(this);
+}
+
+#else // USE(JSVALUE32_64)
 
 #define RECORD_JUMP_TARGET(targetOffset) \
    do { m_labels[m_bytecodeIndex + (targetOffset)].used(); } while (false)
+
+void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallPreLink, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
+{
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    // (2) The second function provides fast property access for string length
+    Label stringLengthBegin = align();
+
+    // Check eax is a string
+    Jump string_failureCases1 = emitJumpIfNotJSCell(regT0);
+    Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+
+    // Checks out okay! - get the length from the Ustring.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSString, m_value) + OBJECT_OFFSETOF(UString, m_rep)), regT0);
+    load32(Address(regT0, OBJECT_OFFSETOF(UString::Rep, len)), regT0);
+
+    Jump string_failureCases3 = branch32(Above, regT0, Imm32(JSImmediate::maxImmediateInt));
+
+    // regT0 contains a 64 bit value (is positive, is zero extended) so we don't need sign extend here.
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+    
+    ret();
+#endif
+
+    // (3) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
+    COMPILE_ASSERT(sizeof(CodeType) == 4, CodeTypeEnumMustBe32Bit);
+
+    Label virtualCallPreLinkBegin = align();
+
+    // Load the callee CodeBlock* into eax
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3);
+    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT0);
+    Jump hasCodeBlock1 = branchTestPtr(NonZero, regT0);
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction1 = call();
+    emitGetJITStubArg(1, regT2);
+    emitGetJITStubArg(3, regT1);
+    restoreReturnAddressBeforeReturn(regT3);
+    hasCodeBlock1.link(this);
+
+    Jump isNativeFunc1 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay1 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 2);
+    emitPutJITStubArg(regT0, 4);
+    restoreArgumentReference();
+    Call callArityCheck1 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(1, regT2);
+    emitGetJITStubArg(3, regT1);
+    restoreReturnAddressBeforeReturn(regT3);
+    arityCheckOkay1.link(this);
+    isNativeFunc1.link(this);
+    
+    compileOpCallInitializeCallFrame();
+
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 2);
+    restoreArgumentReference();
+    Call callDontLazyLinkCall = call();
+    emitGetJITStubArg(1, regT2);
+    restoreReturnAddressBeforeReturn(regT3);
+
+    jump(regT0);
+
+    Label virtualCallLinkBegin = align();
+
+    // Load the callee CodeBlock* into eax
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3);
+    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT0);
+    Jump hasCodeBlock2 = branchTestPtr(NonZero, regT0);
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction2 = call();
+    emitGetJITStubArg(1, regT2);
+    emitGetJITStubArg(3, regT1);
+    restoreReturnAddressBeforeReturn(regT3);
+    hasCodeBlock2.link(this);
+
+    Jump isNativeFunc2 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay2 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 2);
+    emitPutJITStubArg(regT0, 4);
+    restoreArgumentReference();
+    Call callArityCheck2 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(1, regT2);
+    emitGetJITStubArg(3, regT1);
+    restoreReturnAddressBeforeReturn(regT3);
+    arityCheckOkay2.link(this);
+    isNativeFunc2.link(this);
+
+    compileOpCallInitializeCallFrame();
+
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 2);
+    restoreArgumentReference();
+    Call callLazyLinkCall = call();
+    restoreReturnAddressBeforeReturn(regT3);
+
+    jump(regT0);
+
+    Label virtualCallBegin = align();
+
+    // Load the callee CodeBlock* into eax
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3);
+    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_code)), regT0);
+    Jump hasCodeBlock3 = branchTestPtr(NonZero, regT0);
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction3 = call();
+    emitGetJITStubArg(1, regT2);
+    emitGetJITStubArg(3, regT1);
+    restoreReturnAddressBeforeReturn(regT3);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3); // reload the function body nody, so we can reload the code pointer.
+    hasCodeBlock3.link(this);
+    
+    Jump isNativeFunc3 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_codeType)), Imm32(NativeCode));
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay3 = branch32(Equal, Address(regT0, OBJECT_OFFSETOF(CodeBlock, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 2);
+    emitPutJITStubArg(regT0, 4);
+    restoreArgumentReference();
+    Call callArityCheck3 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(1, regT2);
+    emitGetJITStubArg(3, regT1);
+    restoreReturnAddressBeforeReturn(regT3);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_body)), regT3); // reload the function body nody, so we can reload the code pointer.
+    arityCheckOkay3.link(this);
+    isNativeFunc3.link(this);
+
+    // load ctiCode from the new codeBlock.
+    loadPtr(Address(regT3, OBJECT_OFFSETOF(FunctionBodyNode, m_jitCode)), regT0);
+    
+    compileOpCallInitializeCallFrame();
+    jump(regT0);
+
+    
+    Label nativeCallThunk = align();
+    preserveReturnAddressAfterCall(regT0);
+    emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
+
+    // Load caller frame's scope chain into this callframe so that whatever we call can
+    // get to its global data.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
+    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    
+
+#if PLATFORM(X86_64)
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, X86::ecx);
+
+    // Allocate stack space for our arglist
+    subPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
+    COMPILE_ASSERT((sizeof(ArgList) & 0xf) == 0, ArgList_should_by_16byte_aligned);
+    
+    // Set up arguments
+    subPtr(Imm32(1), X86::ecx); // Don't include 'this' in argcount
+
+    // Push argcount
+    storePtr(X86::ecx, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_argCount)));
+
+    // Calculate the start of the callframe header, and store in edx
+    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int32_t)sizeof(Register)), callFrameRegister, X86::edx);
+    
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (ecx)
+    mul32(Imm32(sizeof(Register)), X86::ecx, X86::ecx);
+    subPtr(X86::ecx, X86::edx);
+
+    // push pointer to arguments
+    storePtr(X86::edx, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_args)));
+    
+    // ArgList is passed by reference so is stackPointerRegister
+    move(stackPointerRegister, X86::ecx);
+    
+    // edx currently points to the first argument, edx-sizeof(Register) points to 'this'
+    loadPtr(Address(X86::edx, -(int32_t)sizeof(Register)), X86::edx);
+    
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::esi);
+
+    move(callFrameRegister, X86::edi); 
+
+    call(Address(X86::esi, OBJECT_OFFSETOF(JSFunction, m_data)));
+    
+    addPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
+#elif PLATFORM(X86)
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
+
+    /* We have two structs that we use to describe the stackframe we set up for our
+     * call to native code.  NativeCallFrameStructure describes the how we set up the stack
+     * in advance of the call.  NativeFunctionCalleeSignature describes the callframe
+     * as the native code expects it.  We do this as we are using the fastcall calling
+     * convention which results in the callee popping its arguments off the stack, but
+     * not the rest of the callframe so we need a nice way to ensure we increment the
+     * stack pointer by the right amount after the call.
+     */
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in EDX
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+        JSValue result;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#else
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in ECX
+      //  JSObject* callee; // passed in EDX
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#endif
+    const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
+    // Allocate system stack frame
+    subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
+
+    // Set up arguments
+    subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
+
+    // push argcount
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
+    
+    // Calculate the start of the callframe header, and store in regT1
+    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
+    
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
+    mul32(Imm32(sizeof(Register)), regT0, regT0);
+    subPtr(regT0, regT1);
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
+
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
+
+    // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
+    loadPtr(Address(regT1, -(int)sizeof(Register)), regT1);
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue)));
+
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86::ecx);
+
+    // Plant callee
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::eax);
+    storePtr(X86::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
+
+    // Plant callframe
+    move(callFrameRegister, X86::edx);
+
+    call(Address(X86::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
+
+    // JSValue is a non-POD type
+    loadPtr(Address(X86::eax), X86::eax);
+#else
+    // Plant callee
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86::edx);
+
+    // Plant callframe
+    move(callFrameRegister, X86::ecx);
+    call(Address(X86::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
+#endif
+
+    // We've put a few temporaries on the stack in addition to the actual arguments
+    // so pull them off now
+    addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
+
+#elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
+#error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
+#else
+    breakpoint();
+#endif
+
+    // Check for an exception
+    loadPtr(&(globalData->exception), regT2);
+    Jump exceptionHandler = branchTestPtr(NonZero, regT2);
+
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+    
+    // Restore our caller's "r".
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    
+    // Return.
+    restoreReturnAddressBeforeReturn(regT1);
+    ret();
+
+    // Handle an exception
+    exceptionHandler.link(this);
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+    move(ImmPtr(&globalData->exceptionLocation), regT2);
+    storePtr(regT1, regT2);
+    move(ImmPtr(reinterpret_cast<void*>(ctiVMThrowTrampoline)), regT2);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+    restoreReturnAddressBeforeReturn(regT2);
+    ret();
+    
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
+    Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
+    Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
+#endif
+
+    // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
+    LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    patchBuffer.link(string_failureCases1Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases2Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases3Call, FunctionPtr(cti_op_get_by_id_string_fail));
+#endif
+    patchBuffer.link(callArityCheck1, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callArityCheck2, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callArityCheck3, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction1, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callJSFunction2, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callJSFunction3, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callDontLazyLinkCall, FunctionPtr(cti_vm_dontLazyLinkCall));
+    patchBuffer.link(callLazyLinkCall, FunctionPtr(cti_vm_lazyLinkCall));
+
+    CodeRef finalCode = patchBuffer.finalizeCode();
+    *executablePool = finalCode.m_executablePool;
+
+    *ctiVirtualCallPreLink = trampolineAt(finalCode, virtualCallPreLinkBegin);
+    *ctiVirtualCallLink = trampolineAt(finalCode, virtualCallLinkBegin);
+    *ctiVirtualCall = trampolineAt(finalCode, virtualCallBegin);
+    *ctiNativeCallThunk = trampolineAt(finalCode, nativeCallThunk);
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    *ctiStringLengthTrampoline = trampolineAt(finalCode, stringLengthBegin);
+#else
+    UNUSED_PARAM(ctiStringLengthTrampoline);
+#endif
+}
 
 void JIT::emit_op_mov(Instruction* currentInstruction)
@@ -63 +1888 @@
 {
     if (m_codeBlock->needsFullScopeChain())
-        JITStubCall(this, JITStubs::cti_op_end).call();
+        JITStubCall(this, cti_op_end).call();
     ASSERT(returnValueRegister != callFrameRegister);
     emitGetVirtualRegister(currentInstruction[1].u.operand, returnValueRegister);
@@ -95 +1920 @@
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op2imm = getConstantOperandImmediateInt(op2);
 #else
@@ -104 +1929 @@
         emitGetVirtualRegister(op2, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op1imm = getConstantOperandImmediateInt(op1);
 #else
@@ -128 +1953 @@
         emitGetVirtualRegister(op1, regT0);
         emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         int32_t op2imm = getConstantOperandImmediateInt(op2);
 #else
@@ -144 +1969 @@
 void JIT::emit_op_new_object(Instruction* currentInstruction)
 {
-    JITStubCall(this, JITStubs::cti_op_new_object).call(currentInstruction[1].u.operand);
+    JITStubCall(this, cti_op_new_object).call(currentInstruction[1].u.operand);
 }
 
@@ -198 +2023 @@
 void JIT::emit_op_new_func(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_new_func);
+    JITStubCall stubCall(this, cti_op_new_func);
     stubCall.addArgument(ImmPtr(m_codeBlock->function(currentInstruction[2].u.operand)));
     stubCall.call(currentInstruction[1].u.operand);
@@ -215 +2040 @@
 void JIT::emit_op_load_varargs(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_load_varargs);
-    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
-    stubCall.call(currentInstruction[1].u.operand);
+    int argCountDst = currentInstruction[1].u.operand;
+    int argsOffset = currentInstruction[2].u.operand;
+
+    JITStubCall stubCall(this, cti_op_load_varargs);
+    stubCall.addArgument(Imm32(argsOffset));
+    stubCall.call();
+    // Stores a naked int32 in the register file.
+    store32(returnValueRegister, Address(callFrameRegister, argCountDst * sizeof(Register)));
 }
 
@@ -274 +2104 @@
 void JIT::emit_op_tear_off_activation(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_tear_off_activation);
+    JITStubCall stubCall(this, cti_op_tear_off_activation);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
     stubCall.call();
@@ -281 +2111 @@
 void JIT::emit_op_tear_off_arguments(Instruction*)
 {
-    JITStubCall(this, JITStubs::cti_op_tear_off_arguments).call();
+    JITStubCall(this, cti_op_tear_off_arguments).call();
 }
 
@@ -288 +2118 @@
     // We could JIT generate the deref, only calling out to C when the refcount hits zero.
     if (m_codeBlock->needsFullScopeChain())
-        JITStubCall(this, JITStubs::cti_op_ret_scopeChain).call();
+        JITStubCall(this, cti_op_ret_scopeChain).call();
 
     ASSERT(callFrameRegister != regT1);
@@ -310 +2140 @@
 void JIT::emit_op_new_array(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_new_array);
+    JITStubCall stubCall(this, cti_op_new_array);
     stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
     stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
@@ -318 +2148 @@
 void JIT::emit_op_resolve(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_resolve);
+    JITStubCall stubCall(this, cti_op_resolve);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
     stubCall.call(currentInstruction[1].u.operand);
@@ -351 +2181 @@
 void JIT::emit_op_strcat(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_strcat);
+    JITStubCall stubCall(this, cti_op_strcat);
     stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
     stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
     stubCall.call(currentInstruction[1].u.operand);
-}
-
-void JIT::emit_op_resolve_func(Instruction* currentInstruction)
-{
-    JITStubCall stubCall(this, JITStubs::cti_op_resolve_func);
-    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
-    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
-    stubCall.call(currentInstruction[2].u.operand);
 }
 
@@ -382 +2204 @@
 void JIT::emit_op_resolve_base(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_resolve_base);
+    JITStubCall stubCall(this, cti_op_resolve_base);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
     stubCall.call(currentInstruction[1].u.operand);
@@ -389 +2211 @@
 void JIT::emit_op_resolve_skip(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_resolve_skip);
+    JITStubCall stubCall(this, cti_op_resolve_skip);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
     stubCall.addArgument(Imm32(currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain()));
@@ -420 +2242 @@
     // Slow case
     noMatch.link(this);
-    JITStubCall stubCall(this, JITStubs::cti_op_resolve_global);
+    JITStubCall stubCall(this, cti_op_resolve_global);
     stubCall.addArgument(ImmPtr(globalObject));
     stubCall.addArgument(ImmPtr(ident));
@@ -536 +2358 @@
     emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
     emitJumpSlowCaseIfNotImmediateInteger(regT0);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     not32(regT0);
     emitFastArithIntToImmNoCheck(regT0, regT0);
@@ -547 +2369 @@
 void JIT::emit_op_resolve_with_base(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_resolve_with_base);
+    JITStubCall stubCall(this, cti_op_resolve_with_base);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
     stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
@@ -555 +2377 @@
 void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_new_func_exp);
+    JITStubCall stubCall(this, cti_op_new_func_exp);
     stubCall.addArgument(ImmPtr(m_codeBlock->functionExpression(currentInstruction[2].u.operand)));
     stubCall.call(currentInstruction[1].u.operand);
@@ -597 +2419 @@
 void JIT::emit_op_new_regexp(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_new_regexp);
+    JITStubCall stubCall(this, cti_op_new_regexp);
     stubCall.addArgument(ImmPtr(m_codeBlock->regexp(currentInstruction[2].u.operand)));
     stubCall.call(currentInstruction[1].u.operand);
@@ -612 +2434 @@
 void JIT::emit_op_throw(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_throw);
+    JITStubCall stubCall(this, cti_op_throw);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
     stubCall.call();
@@ -625 +2447 @@
 void JIT::emit_op_next_pname(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_next_pname);
+    JITStubCall stubCall(this, cti_op_next_pname);
     stubCall.addArgument(currentInstruction[2].u.operand, regT2);
     stubCall.call();
@@ -636 +2458 @@
 void JIT::emit_op_push_scope(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_push_scope);
+    JITStubCall stubCall(this, cti_op_push_scope);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
     stubCall.call(currentInstruction[1].u.operand);
@@ -643 +2465 @@
 void JIT::emit_op_pop_scope(Instruction*)
 {
-    JITStubCall(this, JITStubs::cti_op_pop_scope).call();
+    JITStubCall(this, cti_op_pop_scope).call();
+}
+
+void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(src1, regT0, src2, regT1);
+
+    // Jump to a slow case if either operand is a number, or if both are JSCell*s.
+    move(regT0, regT2);
+    orPtr(regT1, regT2);
+    addSlowCase(emitJumpIfJSCell(regT2));
+    addSlowCase(emitJumpIfImmediateNumber(regT2));
+
+    if (type == OpStrictEq)
+        set32(Equal, regT1, regT0, regT0);
+    else
+        set32(NotEqual, regT1, regT0, regT0);
+    emitTagAsBoolImmediate(regT0);
+
+    emitPutVirtualRegister(dst);
 }
 
@@ -674 +2519 @@
 void JIT::emit_op_push_new_scope(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_push_new_scope);
+    JITStubCall stubCall(this, cti_op_push_new_scope);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
     stubCall.addArgument(currentInstruction[3].u.operand, regT2);
@@ -689 +2534 @@
 void JIT::emit_op_jmp_scopes(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_jmp_scopes);
+    JITStubCall stubCall(this, cti_op_jmp_scopes);
     stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
     stubCall.call();
@@ -707 +2552 @@
     jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
 
-    JITStubCall stubCall(this, JITStubs::cti_op_switch_imm);
+    JITStubCall stubCall(this, cti_op_switch_imm);
     stubCall.addArgument(scrutinee, regT2);
     stubCall.addArgument(Imm32(tableIndex));
@@ -725 +2570 @@
     jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
 
-    JITStubCall stubCall(this, JITStubs::cti_op_switch_char);
+    JITStubCall stubCall(this, cti_op_switch_char);
     stubCall.addArgument(scrutinee, regT2);
     stubCall.addArgument(Imm32(tableIndex));
@@ -742 +2587 @@
     m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset));
 
-    JITStubCall stubCall(this, JITStubs::cti_op_switch_string);
+    JITStubCall stubCall(this, cti_op_switch_string);
     stubCall.addArgument(scrutinee, regT2);
     stubCall.addArgument(Imm32(tableIndex));
@@ -751 +2596 @@
 void JIT::emit_op_new_error(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_new_error);
+    JITStubCall stubCall(this, cti_op_new_error);
     stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
     stubCall.addArgument(ImmPtr(JSValue::encode(m_codeBlock->getConstant(currentInstruction[3].u.operand))));
@@ -760 +2605 @@
 void JIT::emit_op_debug(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_debug);
+    JITStubCall stubCall(this, cti_op_debug);
     stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
     stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
@@ -837 +2682 @@
         emitInitRegister(j);
 
-    JITStubCall(this, JITStubs::cti_op_push_activation).call(currentInstruction[1].u.operand);
+    JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand);
 }
 
@@ -844 +2689 @@
     Jump argsCreated = branchTestPtr(NonZero, Address(callFrameRegister, sizeof(Register) * RegisterFile::ArgumentsRegister));
     if (m_codeBlock->m_numParameters == 1)
-        JITStubCall(this, JITStubs::cti_op_create_arguments_no_params).call();
+        JITStubCall(this, cti_op_create_arguments_no_params).call();
     else
-        JITStubCall(this, JITStubs::cti_op_create_arguments).call();
+        JITStubCall(this, cti_op_create_arguments).call();
     argsCreated.link(this);
 }
@@ -870 +2715 @@
     Jump noProfiler = branchTestPtr(Zero, Address(regT1));
 
-    JITStubCall stubCall(this, JITStubs::cti_op_profile_will_call);
+    JITStubCall stubCall(this, cti_op_profile_will_call);
     stubCall.addArgument(currentInstruction[1].u.operand, regT1);
     stubCall.call();
@@ -882 +2727 @@
     Jump noProfiler = branchTestPtr(Zero, Address(regT1));
 
-    JITStubCall stubCall(this, JITStubs::cti_op_profile_did_call);
+    JITStubCall stubCall(this, cti_op_profile_did_call);
     stubCall.addArgument(currentInstruction[1].u.operand, regT1);
     stubCall.call();
@@ -895 +2740 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_convert_this);
+    JITStubCall stubCall(this, cti_op_convert_this);
     stubCall.addArgument(regT0);
     stubCall.call(currentInstruction[1].u.operand);
@@ -912 +2757 @@
     linkSlowCase(iter);
 
-    JITStubCall stubCall(this, JITStubs::cti_op_to_primitive);
+    JITStubCall stubCall(this, cti_op_to_primitive);
     stubCall.addArgument(regT0);
     stubCall.call(currentInstruction[1].u.operand);
@@ -928 +2773 @@
 
     notImm.link(this);
-    JITStubCall stubCall(this, JITStubs::cti_op_get_by_val);
+    JITStubCall stubCall(this, cti_op_get_by_val);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
@@ -954 +2799 @@
     if (isOperandConstantImmediateInt(op2)) {
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_loop_if_less);
+        JITStubCall stubCall(this, cti_op_loop_if_less);
         stubCall.addArgument(regT0);
         stubCall.addArgument(op2, regT2);
@@ -961 +2806 @@
     } else if (isOperandConstantImmediateInt(op1)) {
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_loop_if_less);
+        JITStubCall stubCall(this, cti_op_loop_if_less);
         stubCall.addArgument(op1, regT2);
         stubCall.addArgument(regT0);
@@ -969 +2814 @@
         linkSlowCase(iter);
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_loop_if_less);
+        JITStubCall stubCall(this, cti_op_loop_if_less);
         stubCall.addArgument(regT0);
         stubCall.addArgument(regT1);
@@ -983 +2828 @@
     if (isOperandConstantImmediateInt(op2)) {
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_loop_if_lesseq);
+        JITStubCall stubCall(this, cti_op_loop_if_lesseq);
         stubCall.addArgument(regT0);
         stubCall.addArgument(currentInstruction[2].u.operand, regT2);
@@ -991 +2836 @@
         linkSlowCase(iter);
         linkSlowCase(iter);
-        JITStubCall stubCall(this, JITStubs::cti_op_loop_if_lesseq);
+        JITStubCall stubCall(this, cti_op_loop_if_lesseq);
         stubCall.addArgument(regT0);
         stubCall.addArgument(regT1);
@@ -1008 +2853 @@
 
     notImm.link(this); {
-        JITStubCall stubCall(this, JITStubs::cti_op_put_by_val);
+        JITStubCall stubCall(this, cti_op_put_by_val);
         stubCall.addArgument(regT0);
         stubCall.addArgument(regT1);
@@ -1019 +2864 @@
     linkSlowCase(iter);
     linkSlowCase(iter); {
-        JITStubCall stubCall(this, JITStubs::cti_op_put_by_val_array);
+        JITStubCall stubCall(this, cti_op_put_by_val_array);
         stubCall.addArgument(regT0);
         stubCall.addArgument(regT1);
@@ -1030 +2875 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_jtrue);
+    JITStubCall stubCall(this, cti_op_jtrue);
     stubCall.addArgument(regT0);
     stubCall.call();
@@ -1040 +2885 @@
     linkSlowCase(iter);
     xorPtr(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool)), regT0);
-    JITStubCall stubCall(this, JITStubs::cti_op_not);
+    JITStubCall stubCall(this, cti_op_not);
     stubCall.addArgument(regT0);
     stubCall.call(currentInstruction[1].u.operand);
@@ -1048 +2893 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_jtrue);
+    JITStubCall stubCall(this, cti_op_jtrue);
     stubCall.addArgument(regT0);
     stubCall.call();
@@ -1057 +2902 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_bitnot);
+    JITStubCall stubCall(this, cti_op_bitnot);
     stubCall.addArgument(regT0);
     stubCall.call(currentInstruction[1].u.operand);
@@ -1065 +2910 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_jtrue);
+    JITStubCall stubCall(this, cti_op_jtrue);
     stubCall.addArgument(regT0);
     stubCall.call();
@@ -1074 +2919 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_bitxor);
+    JITStubCall stubCall(this, cti_op_bitxor);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
@@ -1083 +2928 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_bitor);
+    JITStubCall stubCall(this, cti_op_bitor);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
@@ -1092 +2937 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_eq);
+    JITStubCall stubCall(this, cti_op_eq);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
-    stubCall.call(currentInstruction[1].u.operand);
+    stubCall.call();
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
 }
 
@@ -1101 +2948 @@
 {
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_neq);
+    JITStubCall stubCall(this, cti_op_eq);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
-    stubCall.call(currentInstruction[1].u.operand);
+    stubCall.call();
+    xor32(Imm32(0x1), regT0);
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
 }
 
@@ -1111 +2961 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_stricteq);
+    JITStubCall stubCall(this, cti_op_stricteq);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
@@ -1121 +2971 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_nstricteq);
+    JITStubCall stubCall(this, cti_op_nstricteq);
     stubCall.addArgument(regT0);
     stubCall.addArgument(regT1);
@@ -1134 +2984 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, JITStubs::cti_op_instanceof);
+    JITStubCall stubCall(this, cti_op_instanceof);
     stubCall.addArgument(currentInstruction[2].u.operand, regT2);
     stubCall.addArgument(currentInstruction[3].u.operand, regT2);
@@ -1166 +3016 @@
     linkSlowCase(iter);
 
-    JITStubCall stubCall(this, JITStubs::cti_op_to_jsnumber);
+    JITStubCall stubCall(this, cti_op_to_jsnumber);
     stubCall.addArgument(regT0);
     stubCall.call(currentInstruction[1].u.operand);
 }
 
+#endif // USE(JSVALUE32_64)
 
 } // namespace JSC

trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -48 +48 @@
 namespace JSC {
 
+#if USE(JSVALUE32_64)
+
+void JIT::emit_op_put_by_index(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_by_index);
+    stubCall.addArgument(base);
+    stubCall.addArgument(Imm32(property));
+    stubCall.addArgument(value);
+    stubCall.call();
+}
+
+void JIT::emit_op_put_getter(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned function = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_getter);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(property)));
+    stubCall.addArgument(function);
+    stubCall.call();
+}
+
+void JIT::emit_op_put_setter(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned function = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_setter);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(property)));
+    stubCall.addArgument(function);
+    stubCall.call();
+}
+
+void JIT::emit_op_del_by_id(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_del_by_id);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(property)));
+    stubCall.call(dst);
+}
+
+
+#if !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+// Treat these as nops - the call will be handed as a regular get_by_id/op_call pair.
+void JIT::emit_op_method_check(Instruction*) {}
+void JIT::emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&) { ASSERT_NOT_REACHED(); }
+#if ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+#error "JIT_OPTIMIZE_METHOD_CALLS requires JIT_OPTIMIZE_PROPERTY_ACCESS"
+#endif
+
+void JIT::emit_op_get_by_val(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_get_by_val);
+    stubCall.addArgument(base);
+    stubCall.addArgument(property);
+    stubCall.call(dst);
+}
+
+void JIT::emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_put_by_val(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_by_val);
+    stubCall.addArgument(base);
+    stubCall.addArgument(property);
+    stubCall.addArgument(value);
+    stubCall.call();
+}
+
+void JIT::emitSlow_op_put_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_get_by_id(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int ident = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_get_by_id_generic);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&(m_codeBlock->identifier(ident))));
+    stubCall.call(dst);
+
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    m_propertyAccessInstructionIndex++;
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_put_by_id(Instruction* currentInstruction)
+{
+    int base = currentInstruction[1].u.operand;
+    int ident = currentInstruction[2].u.operand;
+    int value = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_by_id_generic);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&(m_codeBlock->identifier(ident))));
+    stubCall.addArgument(value);
+    stubCall.call();
+
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emitSlow_op_put_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    m_propertyAccessInstructionIndex++;
+    ASSERT_NOT_REACHED();
+}
+
+#else // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+/* ------------------------------ BEGIN: ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+#if ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+
+void JIT::emit_op_method_check(Instruction* currentInstruction)
+{
+    // Assert that the following instruction is a get_by_id.
+    ASSERT(m_interpreter->getOpcodeID((currentInstruction + OPCODE_LENGTH(op_method_check))->u.opcode) == op_get_by_id);
+
+    currentInstruction += OPCODE_LENGTH(op_method_check);
+
+    // Do the method check - check the object & its prototype's structure inline (this is the common case).
+    m_methodCallCompilationInfo.append(MethodCallCompilationInfo(m_propertyAccessInstructionIndex));
+    MethodCallCompilationInfo& info = m_methodCallCompilationInfo.last();
+
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+
+    emitLoad(base, regT1, regT0);
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), info.structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    DataLabelPtr protoStructureToCompare, protoObj = moveWithPatch(ImmPtr(0), regT2);
+    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), protoStructureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+
+    // This will be relinked to load the function without doing a load.
+    DataLabelPtr putFunction = moveWithPatch(ImmPtr(0), regT0);
+    move(Imm32(JSValue::CellTag), regT1);
+    Jump match = jump();
+
+    ASSERT(differenceBetween(info.structureToCompare, protoObj) == patchOffsetMethodCheckProtoObj);
+    ASSERT(differenceBetween(info.structureToCompare, protoStructureToCompare) == patchOffsetMethodCheckProtoStruct);
+    ASSERT(differenceBetween(info.structureToCompare, putFunction) == patchOffsetMethodCheckPutFunction);
+
+    // Link the failure cases here.
+    structureCheck.link(this);
+    protoStructureCheck.link(this);
+
+    // Do a regular(ish) get_by_id (the slow case will be link to
+    // cti_op_get_by_id_method_check instead of cti_op_get_by_id.
+    compileGetByIdHotPath();
+
+    match.link(this);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_method_check), dst, regT1, regT0);
+
+    // We've already generated the following get_by_id, so make sure it's skipped over.
+    m_bytecodeIndex += OPCODE_LENGTH(op_get_by_id);
+}
+
+void JIT::emitSlow_op_method_check(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    currentInstruction += OPCODE_LENGTH(op_method_check);
+
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int ident = currentInstruction[3].u.operand;
+
+    compileGetByIdSlowCase(dst, base, &(m_codeBlock->identifier(ident)), iter, true);
+
+    // We've already generated the following get_by_id, so make sure it's skipped over.
+    m_bytecodeIndex += OPCODE_LENGTH(op_get_by_id);
+}
+
+#else //!ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+
+// Treat these as nops - the call will be handed as a regular get_by_id/op_call pair.
+void JIT::emit_op_method_check(Instruction*) {}
+void JIT::emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&) { ASSERT_NOT_REACHED(); }
+
+#endif
+
+void JIT::emit_op_get_by_val(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+    
+    emitLoad2(base, regT1, regT0, property, regT3, regT2);
+
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+    addSlowCase(branch32(AboveOrEqual, regT2, Address(regT0, OBJECT_OFFSETOF(JSArray, m_fastAccessCutoff))));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT0);
+    load32(BaseIndex(regT0, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4), regT1); // tag
+    load32(BaseIndex(regT0, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])), regT0); // payload
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_by_val), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    // The slow void JIT::emitSlow_that handles accesses to arrays (below) may jump back up to here. 
+    Label callGetByValJITStub(this);
+
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    linkSlowCase(iter); // base array check
+
+    JITStubCall stubCall(this, cti_op_get_by_val);
+    stubCall.addArgument(base);
+    stubCall.addArgument(property);
+    stubCall.call(dst);
+
+    emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
+
+    linkSlowCase(iter); // array fast cut-off check
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT0);
+    branch32(AboveOrEqual, regT2, Address(regT0, OBJECT_OFFSETOF(ArrayStorage, m_vectorLength)), callGetByValJITStub);
+
+    // Missed the fast region, but it is still in the vector.
+    load32(BaseIndex(regT0, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4), regT1); // tag
+    load32(BaseIndex(regT0, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])), regT0); // payload
+
+    // FIXME: Maybe we can optimize this comparison to JSValue().
+    Jump skip = branch32(NotEqual, regT0, Imm32(0));
+    branch32(Equal, regT1, Imm32(JSValue::CellTag), callGetByValJITStub);
+
+    skip.link(this);
+    emitStore(dst, regT1, regT0);
+}
+
+void JIT::emit_op_put_by_val(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    emitLoad2(base, regT1, regT0, property, regT3, regT2);
+
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT3);
+
+    Jump inFastVector = branch32(Below, regT2, Address(regT0, OBJECT_OFFSETOF(JSArray, m_fastAccessCutoff)));
+
+    // Check if the access is within the vector.
+    addSlowCase(branch32(AboveOrEqual, regT2, Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_vectorLength))));
+
+    // This is a write to the slow part of the vector; first, we have to check if this would be the first write to this location.
+    // FIXME: should be able to handle initial write to array; increment the the number of items in the array, and potentially update fast access cutoff. 
+    Jump skip = branch32(NotEqual, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4), Imm32(JSValue::CellTag));
+    addSlowCase(branch32(Equal, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])), Imm32(0)));
+    skip.link(this);
+
+    inFastVector.link(this);
+
+    emitLoad(value, regT1, regT0);
+    store32(regT0, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]))); // payload
+    store32(regT1, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4)); // tag
+}
+
+void JIT::emitSlow_op_put_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    linkSlowCase(iter); // base not array check
+
+    JITStubCall stubPutByValCall(this, cti_op_put_by_val);
+    stubPutByValCall.addArgument(base);
+    stubPutByValCall.addArgument(property);
+    stubPutByValCall.addArgument(value);
+    stubPutByValCall.call();
+
+    emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
+
+    // Slow cases for immediate int accesses to arrays.
+    linkSlowCase(iter); // in vector check
+    linkSlowCase(iter); // written to slot check
+
+    JITStubCall stubCall(this, cti_op_put_by_val_array);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.addArgument(regT2);
+    stubCall.addArgument(value);
+    stubCall.call();
+}
+
+void JIT::emit_op_get_by_id(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    
+    emitLoad(base, regT1, regT0);
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+    compileGetByIdHotPath();
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_by_id), dst, regT1, regT0);
+}
+
+void JIT::compileGetByIdHotPath()
+{
+    // As for put_by_id, get_by_id requires the offset of the Structure and the offset of the access to be patched.
+    // Additionally, for get_by_id we need patch the offset of the branch to the slow case (we patch this to jump
+    // to array-length / prototype access tranpolines, and finally we also the the property-map access offset as a label
+    // to jump back to if one of these trampolies finds a match.
+    Label hotPathBegin(this);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+    m_propertyAccessInstructionIndex++;
+
+    DataLabelPtr structureToCompare;
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    addSlowCase(structureCheck);
+    ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetGetByIdStructure);
+    ASSERT(differenceBetween(hotPathBegin, structureCheck) == patchOffsetGetByIdBranchToSlowCase);
+
+    Label externalLoad = loadPtrWithPatchToLEA(Address(regT0, OBJECT_OFFSETOF(JSObject, m_externalStorage)), regT2);
+    Label externalLoadComplete(this);
+    ASSERT(differenceBetween(hotPathBegin, externalLoad) == patchOffsetGetByIdExternalLoad);
+    ASSERT(differenceBetween(externalLoad, externalLoadComplete) == patchLengthGetByIdExternalLoad);
+
+    DataLabel32 displacementLabel1 = loadPtrWithAddressOffsetPatch(Address(regT2, patchGetByIdDefaultOffset), regT0); // payload
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel1) == patchOffsetGetByIdPropertyMapOffset1);
+    DataLabel32 displacementLabel2 = loadPtrWithAddressOffsetPatch(Address(regT2, patchGetByIdDefaultOffset), regT1); // tag
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel2) == patchOffsetGetByIdPropertyMapOffset2);
+
+    Label putResult(this);
+    ASSERT(differenceBetween(hotPathBegin, putResult) == patchOffsetGetByIdPutResult);
+}
+
+void JIT::emitSlow_op_get_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int ident = currentInstruction[3].u.operand;
+
+    compileGetByIdSlowCase(dst, base, &(m_codeBlock->identifier(ident)), iter);
+}
+
+void JIT::compileGetByIdSlowCase(int dst, int base, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck)
+{
+    // As for the hot path of get_by_id, above, we ensure that we can use an architecture specific offset
+    // so that we only need track one pointer into the slow case code - we track a pointer to the location
+    // of the call (which we can use to look up the patch information), but should a array-length or
+    // prototype access trampoline fail we want to bail out back to here.  To do so we can subtract back
+    // the distance from the call to the head of the slow case.
+    linkSlowCaseIfNotJSCell(iter, base);
+    linkSlowCase(iter);
+
+    Label coldPathBegin(this);
+
+    JITStubCall stubCall(this, isMethodCheck ? cti_op_get_by_id_method_check : cti_op_get_by_id);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.addArgument(ImmPtr(ident));
+    Call call = stubCall.call(dst);
+
+    ASSERT(differenceBetween(coldPathBegin, call) == patchOffsetGetByIdSlowCaseCall);
+
+    // Track the location of the call; this will be used to recover patch information.
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emit_op_put_by_id(Instruction* currentInstruction)
+{
+    // In order to be able to patch both the Structure, and the object offset, we store one pointer,
+    // to just after the arguments have been loaded into registers 'hotPathBegin', and we generate code
+    // such that the Structure & offset are always at the same distance from this.
+
+    int base = currentInstruction[1].u.operand;
+    int value = currentInstruction[3].u.operand;
+
+    emitLoad2(base, regT1, regT0, value, regT3, regT2);
+
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+
+    Label hotPathBegin(this);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+    m_propertyAccessInstructionIndex++;
+
+    // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
+    DataLabelPtr structureToCompare;
+    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
+    ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetPutByIdStructure);
+
+    // Plant a load from a bogus ofset in the object's property map; we will patch this later, if it is to be used.
+    Label externalLoad = loadPtrWithPatchToLEA(Address(regT0, OBJECT_OFFSETOF(JSObject, m_externalStorage)), regT0);
+    Label externalLoadComplete(this);
+    ASSERT(differenceBetween(hotPathBegin, externalLoad) == patchOffsetPutByIdExternalLoad);
+    ASSERT(differenceBetween(externalLoad, externalLoadComplete) == patchLengthPutByIdExternalLoad);
+
+    DataLabel32 displacementLabel1 = storePtrWithAddressOffsetPatch(regT2, Address(regT0, patchGetByIdDefaultOffset)); // payload
+    DataLabel32 displacementLabel2 = storePtrWithAddressOffsetPatch(regT3, Address(regT0, patchGetByIdDefaultOffset)); // tag
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel1) == patchOffsetPutByIdPropertyMapOffset1);
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel2) == patchOffsetPutByIdPropertyMapOffset2);
+}
+
+void JIT::emitSlow_op_put_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int base = currentInstruction[1].u.operand;
+    int ident = currentInstruction[2].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, base);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_put_by_id);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.addArgument(ImmPtr(&(m_codeBlock->identifier(ident))));
+    stubCall.addArgument(regT3, regT2); 
+    Call call = stubCall.call();
+
+    // Track the location of the call; this will be used to recover patch information.
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessInstructionIndex++;
+}
+
+// Compile a store into an object's property storage.  May overwrite base.
+void JIT::compilePutDirectOffset(RegisterID base, RegisterID valueTag, RegisterID valuePayload, Structure* structure, size_t cachedOffset)
+{
+    int offset = cachedOffset;
+    if (structure->isUsingInlineStorage())
+        offset += OBJECT_OFFSETOF(JSObject, m_inlineStorage) /  sizeof(Register);
+    else
+        loadPtr(Address(base, OBJECT_OFFSETOF(JSObject, m_externalStorage)), base);
+    emitStore(offset, valueTag, valuePayload, base);
+}
+
+// Compile a load from an object's property storage.  May overwrite base.
+void JIT::compileGetDirectOffset(RegisterID base, RegisterID resultTag, RegisterID resultPayload, Structure* structure, size_t cachedOffset)
+{
+    int offset = cachedOffset;
+    if (structure->isUsingInlineStorage())
+        offset += OBJECT_OFFSETOF(JSObject, m_inlineStorage) / sizeof(Register);
+    else
+        loadPtr(Address(base, OBJECT_OFFSETOF(JSObject, m_externalStorage)), base);
+    emitLoad(offset, resultTag, resultPayload, base);
+}
+
+void JIT::compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID resultTag, RegisterID resultPayload, size_t cachedOffset)
+{
+    if (base->isUsingInlineStorage()) {
+        load32(reinterpret_cast<char*>(&base->m_inlineStorage[cachedOffset]), resultPayload);
+        load32(reinterpret_cast<char*>(&base->m_inlineStorage[cachedOffset]) + 4, resultTag);
+        return;
+    }
+
+    size_t offset = cachedOffset * sizeof(JSValue);
+
+    PropertyStorage* protoPropertyStorage = &base->m_externalStorage;
+    loadPtr(static_cast<void*>(protoPropertyStorage), temp);
+    load32(Address(temp, offset), resultPayload);
+    load32(Address(temp, offset + 4), resultTag);
+}
+
+void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
+{
+    // It is assumed that regT0 contains the basePayload and regT1 contains the baseTag.  The value can be found on the stack.
+
+    JumpList failureCases;
+    failureCases.append(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    failureCases.append(branchPtr(NotEqual, regT2, ImmPtr(oldStructure)));
+
+    // Verify that nothing in the prototype chain has a setter for this property. 
+    for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+        failureCases.append(branchPtr(NotEqual, regT2, ImmPtr(it->get())));
+    }
+
+    // Reallocate property storage if needed.
+    Call callTarget;
+    bool willNeedStorageRealloc = oldStructure->propertyStorageCapacity() != newStructure->propertyStorageCapacity();
+    if (willNeedStorageRealloc) {
+        // This trampoline was called to like a JIT stub; before we can can call again we need to
+        // remove the return address from the stack, to prevent the stack from becoming misaligned.
+        preserveReturnAddressAfterCall(regT3);
+ 
+        JITStubCall stubCall(this, cti_op_put_by_id_transition_realloc);
+        stubCall.skipArgument(); // base
+        stubCall.skipArgument(); // ident
+        stubCall.skipArgument(); // value
+        stubCall.addArgument(Imm32(oldStructure->propertyStorageCapacity()));
+        stubCall.addArgument(Imm32(newStructure->propertyStorageCapacity()));
+        stubCall.call(regT0);
+
+        restoreReturnAddressBeforeReturn(regT3);
+    }
+
+    sub32(Imm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
+    add32(Imm32(1), AbsoluteAddress(newStructure->addressOfCount()));
+    storePtr(ImmPtr(newStructure), Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)));
+ 
+    load32(Address(stackPointerRegister, offsetof(struct JITStackFrame, args[2]) + sizeof(void*)), regT3);
+    load32(Address(stackPointerRegister, offsetof(struct JITStackFrame, args[2]) + sizeof(void*) + 4), regT2);
+
+    // Write the value
+    compilePutDirectOffset(regT0, regT2, regT3, newStructure, cachedOffset);
+
+    ret();
+    
+    ASSERT(!failureCases.empty());
+    failureCases.link(this);
+    restoreArgumentReferenceForTrampoline();
+    Call failureCall = tailRecursiveCall();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    patchBuffer.link(failureCall, FunctionPtr(cti_op_put_by_id_fail));
+
+    if (willNeedStorageRealloc) {
+        ASSERT(m_calls.size() == 1);
+        patchBuffer.link(m_calls[0].from, FunctionPtr(cti_op_put_by_id_transition_realloc));
+    }
+    
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relinkCallerToTrampoline(returnAddress, entryLabel);
+}
+
+void JIT::patchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    // We don't want to patch more than once - in future go to cti_op_get_by_id_generic.
+    // Should probably go to JITStubs::cti_op_get_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_self_fail));
+
+    int offset = sizeof(JSValue) * cachedOffset;
+
+    // If we're patching to use inline storage, convert the initial load to a lea; this avoids the extra load
+    // and makes the subsequent load's offset automatically correct
+    if (structure->isUsingInlineStorage())
+        repatchBuffer.repatchLoadPtrToLEA(stubInfo->hotPathBegin.instructionAtOffset(patchOffsetGetByIdExternalLoad));
+
+    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(patchOffsetGetByIdStructure), structure);
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset1), offset); // payload
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset2), offset + 4); // tag
+}
+
+void JIT::patchMethodCallProto(CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    ASSERT(!methodCallLinkInfo.cachedStructure);
+    methodCallLinkInfo.cachedStructure = structure;
+    structure->ref();
+
+    Structure* prototypeStructure = proto->structure();
+    ASSERT(!methodCallLinkInfo.cachedPrototypeStructure);
+    methodCallLinkInfo.cachedPrototypeStructure = prototypeStructure;
+    prototypeStructure->ref();
+
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel, structure);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoObj), proto);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoStruct), prototypeStructure);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckPutFunction), callee);
+}
+
+void JIT::patchPutByIdReplace(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    // Should probably go to cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+
+    int offset = sizeof(JSValue) * cachedOffset;
+
+    // If we're patching to use inline storage, convert the initial load to a lea; this avoids the extra load
+    // and makes the subsequent load's offset automatically correct
+    if (structure->isUsingInlineStorage())
+        repatchBuffer.repatchLoadPtrToLEA(stubInfo->hotPathBegin.instructionAtOffset(patchOffsetPutByIdExternalLoad));
+
+    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(patchOffsetPutByIdStructure), structure);
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetPutByIdPropertyMapOffset1), offset); // payload
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetPutByIdPropertyMapOffset2), offset + 4); // tag
+}
+
+void JIT::privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress)
+{
+    StructureStubInfo* stubInfo = &m_codeBlock->getStubInfo(returnAddress);
+    
+    // regT0 holds a JSCell*
+
+    // Check for array
+    Jump failureCases1 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr));
+
+    // Checks out okay! - get the length from the storage
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length)), regT2);
+
+    Jump failureCases2 = branch32(Above, regT2, Imm32(INT_MAX));
+    move(regT2, regT0);
+    move(Imm32(JSValue::Int32Tag), regT1);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel slowCaseBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+    patchBuffer.link(failureCases1, slowCaseBegin);
+    patchBuffer.link(failureCases2, slowCaseBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_array_fail));
+}
+
+void JIT::privateCompileGetByIdProto(StructureStubInfo* stubInfo, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+
+    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
+    // referencing the prototype object - let's speculatively load it's table nice and early!)
+    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+
+    Jump failureCases1 = checkStructure(regT0, structure);
+
+    // Check the prototype object's Structure had not changed.
+    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
+#else
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+#endif
+
+    // Checks out okay! - getDirectOffset
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel slowCaseBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+    patchBuffer.link(failureCases1, slowCaseBegin);
+    patchBuffer.link(failureCases2, slowCaseBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
+}
+
+
+void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
+{
+    // regT0 holds a JSCell*
+    
+    Jump failureCase = checkStructure(regT0, structure);
+    compileGetDirectOffset(regT0, regT1, regT0, structure, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = polymorphicStructures->list[currentIndex - 1].stubRoutine;
+    if (!lastProtoBegin)
+        lastProtoBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+
+    patchBuffer.link(failureCase, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    structure->ref();
+    polymorphicStructures->list[currentIndex].set(entryLabel, structure);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+    
+    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
+    // referencing the prototype object - let's speculatively load it's table nice and early!)
+    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = checkStructure(regT0, structure);
+
+    // Check the prototype object's Structure had not changed.
+    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
+#else
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+#endif
+
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
+    patchBuffer.link(failureCases1, lastProtoBegin);
+    patchBuffer.link(failureCases2, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    structure->ref();
+    prototypeStructure->ref();
+    prototypeStructures->list[currentIndex].set(entryLabel, structure, prototypeStructure);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+    
+    ASSERT(count);
+    
+    JumpList bucketsOfFail;
+
+    // Check eax is an object of the right Structure.
+    bucketsOfFail.append(checkStructure(regT0, structure));
+
+    Structure* currStructure = structure;
+    RefPtr<Structure>* chainEntries = chain->head();
+    JSObject* protoObject = 0;
+    for (unsigned i = 0; i < count; ++i) {
+        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
+        currStructure = chainEntries[i].get();
+
+        // Check the prototype object's Structure had not changed.
+        Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
+#else
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
+#endif
+    }
+    ASSERT(protoObject);
+
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
+
+    patchBuffer.link(bucketsOfFail, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    // Track the stub we have created so that it will be deleted later.
+    structure->ref();
+    chain->ref();
+    prototypeStructures->list[currentIndex].set(entryLabel, structure, chain);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdChain(StructureStubInfo* stubInfo, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+    
+    ASSERT(count);
+    
+    JumpList bucketsOfFail;
+
+    // Check eax is an object of the right Structure.
+    bucketsOfFail.append(checkStructure(regT0, structure));
+
+    Structure* currStructure = structure;
+    RefPtr<Structure>* chainEntries = chain->head();
+    JSObject* protoObject = 0;
+    for (unsigned i = 0; i < count; ++i) {
+        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
+        currStructure = chainEntries[i].get();
+
+        // Check the prototype object's Structure had not changed.
+        Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
+#else
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
+#endif
+    }
+    ASSERT(protoObject);
+
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    patchBuffer.link(bucketsOfFail, stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall));
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
+}
+
+/* ------------------------------ END: !ENABLE / ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+#endif // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+#else // USE(JSVALUE32_64)
+
 void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 {
     emitGetVirtualRegisters(currentInstruction[2].u.operand, regT0, currentInstruction[3].u.operand, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     // This is technically incorrect - we're zero-extending an int32.  On the hot path this doesn't matter.
     // We check the value as if it was a uint32 against the m_fastAccessCutoff - which will always fail if
@@ -79 +986 @@
     emitGetVirtualRegisters(currentInstruction[1].u.operand, regT0, currentInstruction[2].u.operand, regT1);
     emitJumpSlowCaseIfNotImmediateInteger(regT1);
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     // See comment in op_get_by_val.
     zeroExtend32ToPtr(regT1, regT1);
@@ -106 +1013 @@
 void JIT::emit_op_put_by_index(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_put_by_index);
+    JITStubCall stubCall(this, cti_op_put_by_index);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
     stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
@@ -115 +1022 @@
 void JIT::emit_op_put_getter(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_put_getter);
+    JITStubCall stubCall(this, cti_op_put_getter);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
@@ -124 +1031 @@
 void JIT::emit_op_put_setter(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_put_setter);
+    JITStubCall stubCall(this, cti_op_put_setter);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
@@ -133 +1040 @@
 void JIT::emit_op_del_by_id(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, JITStubs::cti_op_del_by_id);
+    JITStubCall stubCall(this, cti_op_del_by_id);
     stubCall.addArgument(currentInstruction[2].u.operand, regT2);
     stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
@@ -158 +1065 @@
 
     emitGetVirtualRegister(baseVReg, regT0);
-    JITStubCall stubCall(this, JITStubs::cti_op_get_by_id_generic);
+    JITStubCall stubCall(this, cti_op_get_by_id_generic);
     stubCall.addArgument(regT0);
     stubCall.addArgument(ImmPtr(ident));
@@ -179 +1086 @@
     emitGetVirtualRegisters(baseVReg, regT0, valueVReg, regT1);
 
-    JITStubCall stubCall(this, JITStubs::cti_op_put_by_id_generic);
+    JITStubCall stubCall(this, cti_op_put_by_id_generic);
     stubCall.addArgument(regT0);
     stubCall.addArgument(ImmPtr(ident));
@@ -250 +1157 @@
     Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
 
-    compileGetByIdSlowCase(resultVReg, baseVReg, ident, iter, m_propertyAccessInstructionIndex++, true);
+    compileGetByIdSlowCase(resultVReg, baseVReg, ident, iter, true);
 
     // We've already generated the following get_by_id, so make sure it's skipped over.
@@ -311 +1218 @@
     Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
 
-    compileGetByIdSlowCase(resultVReg, baseVReg, ident, iter, m_propertyAccessInstructionIndex++, false);
-}
-
-void JIT::compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, unsigned propertyAccessInstructionIndex, bool isMethodCheck)
+    compileGetByIdSlowCase(resultVReg, baseVReg, ident, iter, false);
+}
+
+void JIT::compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck)
 {
     // As for the hot path of get_by_id, above, we ensure that we can use an architecture specific offset
@@ -328 +1235 @@
     Label coldPathBegin(this);
 #endif
-    JITStubCall stubCall(this, isMethodCheck ? JITStubs::cti_op_get_by_id_method_check : JITStubs::cti_op_get_by_id);
+    JITStubCall stubCall(this, isMethodCheck ? cti_op_get_by_id_method_check : cti_op_get_by_id);
     stubCall.addArgument(regT0);
     stubCall.addArgument(ImmPtr(ident));
@@ -336 +1243 @@
 
     // Track the location of the call; this will be used to recover patch information.
-    m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessInstructionIndex++;
 }
 
@@ -383 +1291 @@
     linkSlowCase(iter);
 
-    JITStubCall stubCall(this, JITStubs::cti_op_put_by_id);
+    JITStubCall stubCall(this, cti_op_put_by_id);
     stubCall.addArgument(regT0);
     stubCall.addArgument(ImmPtr(ident));
@@ -466 +1374 @@
         preserveReturnAddressAfterCall(regT3);
  
-        JITStubCall stubCall(this, JITStubs::cti_op_put_by_id_transition_realloc);
-        stubCall.addArgument(regT0);
+        JITStubCall stubCall(this, cti_op_put_by_id_transition_realloc);
+        stubCall.skipArgument(); // base
+        stubCall.skipArgument(); // ident
+        stubCall.skipArgument(); // value
         stubCall.addArgument(Imm32(oldStructure->propertyStorageCapacity()));
         stubCall.addArgument(Imm32(newStructure->propertyStorageCapacity()));
-        stubCall.addArgument(regT1); // This argument is not used in the stub; we set it up on the stack so that it can be restored, below.
         stubCall.call(regT0);
-        emitGetJITStubArg(4, regT1);
+        emitGetJITStubArg(3, regT1);
 
         restoreReturnAddressBeforeReturn(regT3);
@@ -495 +1404 @@
     LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
 
-    patchBuffer.link(failureCall, FunctionPtr(JITStubs::cti_op_put_by_id_fail));
+    patchBuffer.link(failureCall, FunctionPtr(cti_op_put_by_id_fail));
 
     if (willNeedStorageRealloc) {
         ASSERT(m_calls.size() == 1);
-        patchBuffer.link(m_calls[0].from, FunctionPtr(JITStubs::cti_op_put_by_id_transition_realloc));
+        patchBuffer.link(m_calls[0].from, FunctionPtr(cti_op_put_by_id_transition_realloc));
     }
     
@@ -513 +1422 @@
 
     // We don't want to patch more than once - in future go to cti_op_get_by_id_generic.
-    // Should probably go to JITStubs::cti_op_get_by_id_fail, but that doesn't do anything interesting right now.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_self_fail));
+    // Should probably go to cti_op_get_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_self_fail));
 
     int offset = sizeof(JSValue) * cachedOffset;
@@ -552 +1461 @@
 
     // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
-    // Should probably go to JITStubs::cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(JITStubs::cti_op_put_by_id_generic));
+    // Should probably go to cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_put_by_id_generic));
 
     int offset = sizeof(JSValue) * cachedOffset;
@@ -603 +1512 @@
 
     // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_array_fail));
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_array_fail));
 }
 
@@ -649 +1558 @@
 
     // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_proto_list));
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
 }
 
@@ -828 +1737 @@
 
     // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_proto_list));
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
 }
 
@@ -835 +1744 @@
 #endif // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
 
+#endif // USE(JSVALUE32_64)
+
 } // namespace JSC
 

trunk/JavaScriptCore/jit/JITStubCall.h

@@ -38 +38 @@
             : m_jit(jit)
             , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Cell)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, JSPropertyNameIterator* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Cell)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, void* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(VoidPtr)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, int (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Int)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, bool (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Int)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, void (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Void)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+#if USE(JSVALUE32_64)
+        JITStubCall(JIT* jit, EncodedJSValue (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
             , m_returnType(Value)
-            , m_argumentIndex(1) // Index 0 is reserved for restoreArgumentReference();
-        {
-        }
-
-        JITStubCall(JIT* jit, JSPropertyNameIterator* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
-            : m_jit(jit)
-            , m_stub(reinterpret_cast<void*>(stub))
-            , m_returnType(Value)
-            , m_argumentIndex(1) // Index 0 is reserved for restoreArgumentReference();
-        {
-        }
-
-        JITStubCall(JIT* jit, void* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
-            : m_jit(jit)
-            , m_stub(reinterpret_cast<void*>(stub))
-            , m_returnType(Value)
-            , m_argumentIndex(1) // Index 0 is reserved for restoreArgumentReference();
-        {
-        }
-
-        JITStubCall(JIT* jit, int (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
-            : m_jit(jit)
-            , m_stub(reinterpret_cast<void*>(stub))
-            , m_returnType(Value)
-            , m_argumentIndex(1) // Index 0 is reserved for restoreArgumentReference();
-        {
-        }
-
-        JITStubCall(JIT* jit, void (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
-            : m_jit(jit)
-            , m_stub(reinterpret_cast<void*>(stub))
-            , m_returnType(Void)
-            , m_argumentIndex(1) // Index 0 is reserved for restoreArgumentReference();
-        {
-        }
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+#endif
 
         // Arguments are added first to last.
 
+        void skipArgument()
+        {
+            m_stackIndex += stackIndexStep;
+        }
+
         void addArgument(JIT::Imm32 argument)
         {
-            m_jit->poke(argument, m_argumentIndex);
-            ++m_argumentIndex;
+            m_jit->poke(argument, m_stackIndex);
+            m_stackIndex += stackIndexStep;
         }
 
         void addArgument(JIT::ImmPtr argument)
         {
-            m_jit->poke(argument, m_argumentIndex);
-            ++m_argumentIndex;
+            m_jit->poke(argument, m_stackIndex);
+            m_stackIndex += stackIndexStep;
         }
 
         void addArgument(JIT::RegisterID argument)
         {
-            m_jit->poke(argument, m_argumentIndex);
-            ++m_argumentIndex;
-        }
-
+            m_jit->poke(argument, m_stackIndex);
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(const JSValue& value)
+        {
+            m_jit->poke(JIT::Imm32(value.payload()), m_stackIndex);
+            m_jit->poke(JIT::Imm32(value.tag()), m_stackIndex + 1);
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(JIT::RegisterID tag, JIT::RegisterID payload)
+        {
+            m_jit->poke(payload, m_stackIndex);
+            m_jit->poke(tag, m_stackIndex + 1);
+            m_stackIndex += stackIndexStep;
+        }
+
+#if USE(JSVALUE32_64)
+        void addArgument(unsigned srcVirtualRegister)
+        {
+            if (m_jit->m_codeBlock->isConstantRegisterIndex(srcVirtualRegister)) {
+                addArgument(m_jit->getConstantOperand(srcVirtualRegister));
+                return;
+            }
+
+            m_jit->emitLoad(srcVirtualRegister, JIT::regT1, JIT::regT0);
+            addArgument(JIT::regT1, JIT::regT0);
+        }
+
+        void getArgument(size_t argumentNumber, JIT::RegisterID tag, JIT::RegisterID payload)
+        {
+            size_t stackIndex = stackIndexStart + (argumentNumber * stackIndexStep);
+            m_jit->peek(payload, stackIndex);
+            m_jit->peek(tag, stackIndex + 1);
+        }
+#else
         void addArgument(unsigned src, JIT::RegisterID scratchRegister) // src is a virtual register.
         {
@@ -105 +161 @@
             m_jit->killLastResultRegister();
         }
+#endif
 
         JIT::Call call()
@@ -122 +179 @@
 #endif
 
+#if USE(JSVALUE32_64)
+            m_jit->unmap();
+#else
             m_jit->killLastResultRegister();
-            return call;
-        }
-
+#endif
+            return call;
+        }
+
+#if USE(JSVALUE32_64)
         JIT::Call call(unsigned dst) // dst is a virtual register.
         {
-            ASSERT(m_returnType == Value);
+            ASSERT(m_returnType == Value || m_returnType == Cell);
+            JIT::Call call = this->call();
+            if (m_returnType == Value)
+                m_jit->emitStore(dst, JIT::regT1, JIT::regT0);
+            else
+                m_jit->emitStoreCell(dst, JIT::returnValueRegister);
+            return call;
+        }
+#else
+        JIT::Call call(unsigned dst) // dst is a virtual register.
+        {
+            ASSERT(m_returnType == VoidPtr || m_returnType == Cell);
             JIT::Call call = this->call();
             m_jit->emitPutVirtualRegister(dst);
             return call;
         }
-
-        JIT::Call call(JIT::RegisterID dst)
-        {
-            ASSERT(m_returnType == Value);
+#endif
+
+        JIT::Call call(JIT::RegisterID dst) // dst is a machine register.
+        {
+#if USE(JSVALUE32_64)
+            ASSERT(m_returnType == Value || m_returnType == VoidPtr || m_returnType == Int || m_returnType == Cell);
+#else
+            ASSERT(m_returnType == VoidPtr || m_returnType == Int || m_returnType == Cell);
+#endif
             JIT::Call call = this->call();
             if (dst != JIT::returnValueRegister)
@@ -144 +222 @@
 
     private:
+        static const size_t stackIndexStep = sizeof(EncodedJSValue) == 2 * sizeof(void*) ? 2 : 1;
+        static const size_t stackIndexStart = 1; // Index 0 is reserved for restoreArgumentReference().
+
         JIT* m_jit;
         void* m_stub;
-        enum { Value, Void } m_returnType;
-        size_t m_argumentIndex;
-    };
-
-    class CallEvalJITStub : public JITStubCall {
-    public:
-        CallEvalJITStub(JIT* jit, Instruction* instruction)
-            : JITStubCall(jit, JITStubs::cti_op_call_eval)
-        {
-            int callee = instruction[2].u.operand;
-            int argCount = instruction[3].u.operand;
-            int registerOffset = instruction[4].u.operand;
-
-            addArgument(callee, JIT::regT2);
-            addArgument(JIT::Imm32(registerOffset));
-            addArgument(JIT::Imm32(argCount));
-        }
+        enum { Void, VoidPtr, Int, Value, Cell } m_returnType;
+        size_t m_stackIndex;
     };
 }

trunk/JavaScriptCore/jit/JITStubs.cpp

@@ -63 +63 @@
 namespace JSC {
 
-
 #if PLATFORM(DARWIN) || PLATFORM(WIN_OS)
 #define SYMBOL_STRING(name) "_" #name
@@ -70 +69 @@
 #endif
 
+#if USE(JSVALUE32_64)
+
 #if COMPILER(GCC) && PLATFORM(X86)
 
 // These ASSERTs remind you that, if you change the layout of JITStackFrame, you
 // need to change the assembly trampolines below to match.
-COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x38, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
-COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x30, JITStackFrame_code_offset_matches_ctiTrampoline);
-COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x1c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) % 16 == 0x0, JITStackFrame_maintains_16byte_stack_alignment);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x3c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x58, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x50, JITStackFrame_code_offset_matches_ctiTrampoline);
 
 asm volatile (
@@ -86 +88 @@
     "pushl %edi" "\n"
     "pushl %ebx" "\n"
-    "subl $0x1c, %esp" "\n"
+    "subl $0x3c, %esp" "\n"
     "movl $512, %esi" "\n"
-    "movl 0x38(%esp), %edi" "\n"
-    "call *0x30(%esp)" "\n"
-    "addl $0x1c, %esp" "\n"
+    "movl 0x58(%esp), %edi" "\n"
+    "call *0x50(%esp)" "\n"
+    "addl $0x3c, %esp" "\n"
     "popl %ebx" "\n"
     "popl %edi" "\n"
@@ -105 +107 @@
 #endif
     "call " SYMBOL_STRING(cti_vm_throw) "\n"
-    "addl $0x1c, %esp" "\n"
+    "addl $0x3c, %esp" "\n"
     "popl %ebx" "\n"
     "popl %edi" "\n"
@@ -116 +118 @@
 ".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
 SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
-    "addl $0x1c, %esp" "\n"
+    "addl $0x3c, %esp" "\n"
     "popl %ebx" "\n"
     "popl %edi" "\n"
@@ -132 +134 @@
 // These ASSERTs remind you that, if you change the layout of JITStackFrame, you
 // need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) % 32 == 0x0, JITStackFrame_maintains_32byte_stack_alignment);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedRBX) == 0x48, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
 COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x90, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
 COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x80, JITStackFrame_code_offset_matches_ctiTrampoline);
-COMPILE_ASSERT(offsetof(struct JITStackFrame, savedRBX) == 0x48, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
 
 asm volatile (
@@ -262 +265 @@
 // These ASSERTs remind you that, if you change the layout of JITStackFrame, you
 // need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) % 16 == 0x0, JITStackFrame_maintains_16byte_stack_alignment);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x3c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x58, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x50, JITStackFrame_code_offset_matches_ctiTrampoline);
+
+extern "C" {
+
+    __declspec(naked) EncodedJSValue ctiTrampoline(void* code, RegisterFile*, CallFrame*, JSValue* exception, Profiler**, JSGlobalData*)
+    {
+        __asm {
+            push ebp;
+            mov ebp, esp;
+            push esi;
+            push edi;
+            push ebx;
+            sub esp, 0x3c;
+            mov esi, 512;
+            mov ecx, esp;
+            mov edi, [esp + 0x58];
+            call [esp + 0x50];
+            add esp, 0x3c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+
+    __declspec(naked) void ctiVMThrowTrampoline()
+    {
+        __asm {
+            mov ecx, esp;
+            call cti_vm_throw;
+            add esp, 0x3c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+
+    __declspec(naked) void ctiOpThrowNotCaught()
+    {
+        __asm {
+            add esp, 0x3c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+}
+
+#endif // COMPILER(GCC) && PLATFORM(X86)
+
+#else // USE(JSVALUE32_64)
+
+#if COMPILER(GCC) && PLATFORM(X86)
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x38, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x30, JITStackFrame_code_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x1c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "pushl %ebp" "\n"
+    "movl %esp, %ebp" "\n"
+    "pushl %esi" "\n"
+    "pushl %edi" "\n"
+    "pushl %ebx" "\n"
+    "subl $0x1c, %esp" "\n"
+    "movl $512, %esi" "\n"
+    "movl 0x38(%esp), %edi" "\n"
+    "call *0x30(%esp)" "\n"
+    "addl $0x1c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+#if !USE(JIT_STUB_ARGUMENT_VA_LIST)
+    "movl %esp, %ecx" "\n"
+#endif
+    "call " SYMBOL_STRING(cti_vm_throw) "\n"
+    "addl $0x1c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+    
+asm volatile (
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "addl $0x1c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+    
+#elif COMPILER(GCC) && PLATFORM(X86_64)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST not supported on x86-64."
+#endif
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x90, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x80, JITStackFrame_code_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedRBX) == 0x48, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "pushq %rbp" "\n"
+    "movq %rsp, %rbp" "\n"
+    "pushq %r12" "\n"
+    "pushq %r13" "\n"
+    "pushq %r14" "\n"
+    "pushq %r15" "\n"
+    "pushq %rbx" "\n"
+    "subq $0x48, %rsp" "\n"
+    "movq $512, %r12" "\n"
+    "movq $0xFFFF000000000000, %r14" "\n"
+    "movq $0xFFFF000000000002, %r15" "\n"
+    "movq 0x90(%rsp), %r13" "\n"
+    "call *0x80(%rsp)" "\n"
+    "addq $0x48, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "movq %rsp, %rdi" "\n"
+    "call " SYMBOL_STRING(cti_vm_throw) "\n"
+    "addq $0x48, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "addq $0x48, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+#elif COMPILER(GCC) && PLATFORM_ARM_ARCH(7)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST not supported on ARMv7."
+#endif
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+".thumb" "\n"
+".thumb_func " SYMBOL_STRING(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "sub sp, sp, #0x3c" "\n"
+    "str lr, [sp, #0x20]" "\n"
+    "str r4, [sp, #0x24]" "\n"
+    "str r5, [sp, #0x28]" "\n"
+    "str r6, [sp, #0x2c]" "\n"
+    "str r1, [sp, #0x30]" "\n"
+    "str r2, [sp, #0x34]" "\n"
+    "str r3, [sp, #0x38]" "\n"
+    "cpy r5, r2" "\n"
+    "mov r6, #512" "\n"
+    "blx r0" "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+".thumb" "\n"
+".thumb_func " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "cpy r0, sp" "\n"
+    "bl " SYMBOL_STRING(cti_vm_throw) "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+".thumb" "\n"
+".thumb_func " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+#elif COMPILER(MSVC)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST configuration not supported on MSVC."
+#endif
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
 COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x38, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
 COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x30, JITStackFrame_code_offset_matches_ctiTrampoline);
@@ -294 +549 @@
         __asm {
             mov ecx, esp;
-            call JITStubs::cti_vm_throw;
+            call cti_vm_throw;
             add esp, 0x1c;
             pop ebx;
@@ -317 +572 @@
 }
 
-#endif
+#endif // COMPILER(GCC) && PLATFORM(X86)
+
+#endif // USE(JSVALUE32_64)
 
 #if ENABLE(OPCODE_SAMPLING)
@@ -327 +584 @@
 JITThunks::JITThunks(JSGlobalData* globalData)
 {
-    JIT::compileCTIMachineTrampolines(globalData, &m_executablePool, &m_ctiArrayLengthTrampoline, &m_ctiStringLengthTrampoline, &m_ctiVirtualCallPreLink, &m_ctiVirtualCallLink, &m_ctiVirtualCall, &m_ctiNativeCallThunk);
+    JIT::compileCTIMachineTrampolines(globalData, &m_executablePool, &m_ctiStringLengthTrampoline, &m_ctiVirtualCallPreLink, &m_ctiVirtualCallLink, &m_ctiVirtualCall, &m_ctiNativeCallThunk);
 
 #if PLATFORM_ARM_ARCH(7)
@@ -359 +616 @@
     // Uncacheable: give up.
     if (!slot.isCacheable()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_put_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
         return;
     }
@@ -367 +624 @@
 
     if (structure->isDictionary()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_put_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
         return;
     }
@@ -373 +630 @@
     // If baseCell != base, then baseCell must be a proxy for another object.
     if (baseCell != slot.base()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_put_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
         return;
     }
@@ -385 +642 @@
         StructureChain* prototypeChain = structure->prototypeChain(callFrame);
         if (!prototypeChain->isCacheable()) {
-            ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_put_by_id_generic));
+            ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
             return;
         }
@@ -405 +662 @@
     // FIXME: Cache property access for immediates.
     if (!baseValue.isCell()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
         return;
     }
@@ -425 +682 @@
     // Uncacheable: give up.
     if (!slot.isCacheable()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
         return;
     }
@@ -433 +690 @@
 
     if (structure->isDictionary()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
         return;
     }
@@ -476 +733 @@
     StructureChain* prototypeChain = structure->prototypeChain(callFrame);
     if (!prototypeChain->isCacheable()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(JITStubs::cti_op_get_by_id_generic));
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
         return;
     }
@@ -483 +740 @@
 }
 
-#endif
+#endif // ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
 
 #if USE(JIT_STUB_ARGUMENT_VA_LIST)
@@ -560 +817 @@
 #define CHECK_FOR_EXCEPTION() \
     do { \
-        if (UNLIKELY(stackFrame.globalData->exception != JSValue())) \
+        if (UNLIKELY(stackFrame.globalData->exception)) \
             VM_THROW_EXCEPTION(); \
     } while (0)
 #define CHECK_FOR_EXCEPTION_AT_END() \
     do { \
-        if (UNLIKELY(stackFrame.globalData->exception != JSValue())) \
+        if (UNLIKELY(stackFrame.globalData->exception)) \
             VM_THROW_EXCEPTION_AT_END(); \
     } while (0)
 #define CHECK_FOR_EXCEPTION_VOID() \
     do { \
-        if (UNLIKELY(stackFrame.globalData->exception != JSValue())) { \
+        if (UNLIKELY(stackFrame.globalData->exception)) { \
             VM_THROW_EXCEPTION_AT_END(); \
             return; \
         } \
     } while (0)
-
-namespace JITStubs {
 
 #if PLATFORM_ARM_ARCH(7)
@@ -602 +857 @@
 #endif
 
-DEFINE_STUB_FUNCTION(JSObject*, op_convert_this)
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_convert_this)
 {
     STUB_INIT_STACK_FRAME(stackFrame);
@@ -611 +866 @@
     JSObject* result = v1.toThisObject(callFrame);
     CHECK_FOR_EXCEPTION_AT_END();
-    return result;
+    return JSValue::encode(result);
 }
 
@@ -651 +906 @@
 
     if (rightIsNumber & leftIsString) {
-        RefPtr<UString::Rep> value = v2.isInt32Fast() ?
-            concatenate(asString(v1)->value().rep(), v2.getInt32Fast()) :
+        RefPtr<UString::Rep> value = v2.isInt32() ?
+            concatenate(asString(v1)->value().rep(), v2.asInt32()) :
             concatenate(asString(v1)->value().rep(), right);
 
@@ -806 +1061 @@
 }
 
-
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_put_by_id_transition_realloc)
+DEFINE_STUB_FUNCTION(JSObject*, op_put_by_id_transition_realloc)
 {
     STUB_INIT_STACK_FRAME(stackFrame);
 
     JSValue baseValue = stackFrame.args[0].jsValue();
-    int32_t oldSize = stackFrame.args[1].int32();
-    int32_t newSize = stackFrame.args[2].int32();
+    int32_t oldSize = stackFrame.args[3].int32();
+    int32_t newSize = stackFrame.args[4].int32();
 
     ASSERT(baseValue.isObject());
-    asObject(baseValue)->allocatePropertyStorage(oldSize, newSize);
-
-    return JSValue::encode(baseValue);
+    JSObject* base = asObject(baseValue);
+    base->allocatePropertyStorage(oldSize, newSize);
+
+    return base;
 }
 
@@ -1117 +1372 @@
 }
 
-#endif
+#endif // ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
 
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_instanceof)
@@ -1264 +1519 @@
 }
 
+#if ENABLE(JIT_OPTIMIZE_CALL)
 DEFINE_STUB_FUNCTION(void*, vm_dontLazyLinkCall)
 {
@@ -1294 +1550 @@
     return jitCode.addressForCall().executableAddress();
 }
+#endif // !ENABLE(JIT_OPTIMIZE_CALL)
 
 DEFINE_STUB_FUNCTION(JSObject*, op_push_activation)
@@ -1359 +1616 @@
     Arguments* arguments = new (stackFrame.globalData) Arguments(stackFrame.callFrame);
     stackFrame.callFrame->setCalleeArguments(arguments);
-    stackFrame.callFrame[RegisterFile::ArgumentsRegister] = arguments;
+    stackFrame.callFrame[RegisterFile::ArgumentsRegister] = JSValue(arguments);
 }
 
@@ -1368 +1625 @@
     Arguments* arguments = new (stackFrame.globalData) Arguments(stackFrame.callFrame, Arguments::NoParameters);
     stackFrame.callFrame->setCalleeArguments(arguments);
-    stackFrame.callFrame[RegisterFile::ArgumentsRegister] = arguments;
+    stackFrame.callFrame[RegisterFile::ArgumentsRegister] = JSValue(arguments);
 }
 
@@ -1520 +1777 @@
     JSValue result;
 
-    if (LIKELY(subscript.isUInt32Fast())) {
-        uint32_t i = subscript.getUInt32Fast();
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
         if (isJSArray(globalData, baseValue)) {
             JSArray* jsArray = asArray(baseValue);
@@ -1559 +1816 @@
     JSValue result;
     
-    if (LIKELY(subscript.isUInt32Fast())) {
-        uint32_t i = subscript.getUInt32Fast();
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
         if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i))
             result = asString(baseValue)->getIndex(stackFrame.globalData, i);
@@ -1577 +1834 @@
 }
     
-
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_val_byte_array)
 {
@@ -1590 +1846 @@
     JSValue result;
 
-    if (LIKELY(subscript.isUInt32Fast())) {
-        uint32_t i = subscript.getUInt32Fast();
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
         if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
@@ -1609 +1865 @@
 }
 
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_func)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    ScopeChainNode* scopeChain = callFrame->scopeChain();
-
-    ScopeChainIterator iter = scopeChain->begin();
-    ScopeChainIterator end = scopeChain->end();
-
-    // FIXME: add scopeDepthIsZero optimization
-
-    ASSERT(iter != end);
-
-    Identifier& ident = stackFrame.args[0].identifier();
-    JSObject* base;
-    do {
-        base = *iter;
-        PropertySlot slot(base);
-        if (base->getPropertySlot(callFrame, ident, slot)) {            
-            // ECMA 11.2.3 says that if we hit an activation the this value should be null.
-            // However, section 10.2.3 says that in the case where the value provided
-            // by the caller is null, the global object should be used. It also says
-            // that the section does not apply to internal functions, but for simplicity
-            // of implementation we use the global object anyway here. This guarantees
-            // that in host objects you always get a valid object for this.
-            // We also handle wrapper substitution for the global object at the same time.
-            JSObject* thisObj = base->toThisObject(callFrame);
-            JSValue result = slot.getValue(callFrame, ident);
-            CHECK_FOR_EXCEPTION_AT_END();
-
-            callFrame->registers()[stackFrame.args[1].int32()] = JSValue(thisObj);
-            return JSValue::encode(result);
-        }
-        ++iter;
-    } while (iter != end);
-
-    CodeBlock* codeBlock = callFrame->codeBlock();
-    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
-    stackFrame.globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
-    VM_THROW_EXCEPTION_AT_END();
-    return JSValue::encode(JSValue());
-}
-
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_sub)
 {
@@ -1682 +1894 @@
     JSValue value = stackFrame.args[2].jsValue();
 
-    if (LIKELY(subscript.isUInt32Fast())) {
-        uint32_t i = subscript.getUInt32Fast();
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
         if (isJSArray(globalData, baseValue)) {
             JSArray* jsArray = asArray(baseValue);
@@ -1694 +1906 @@
             ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_put_by_val_byte_array));
             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
-            if (value.isInt32Fast()) {
-                jsByteArray->setIndex(i, value.getInt32Fast());
+            if (value.isInt32()) {
+                jsByteArray->setIndex(i, value.asInt32());
                 return;
             } else {
@@ -1733 +1945 @@
         asArray(baseValue)->JSArray::put(callFrame, i, value);
     else {
-        // This should work since we're re-boxing an immediate unboxed in JIT code.
-        ASSERT(JSValue::makeInt32Fast(i));
-        Identifier property(callFrame, JSValue::makeInt32Fast(i).toString(callFrame));
-        // FIXME: can toString throw an exception here?
-        if (!stackFrame.globalData->exception) { // Don't put to an object if toString threw an exception.
-            PutPropertySlot slot;
-            baseValue.put(callFrame, property, value, slot);
-        }
+        Identifier property(callFrame, UString::from(i));
+        PutPropertySlot slot;
+        baseValue.put(callFrame, property, value, slot);
     }
 
@@ -1757 +1964 @@
     JSValue value = stackFrame.args[2].jsValue();
     
-    if (LIKELY(subscript.isUInt32Fast())) {
-        uint32_t i = subscript.getUInt32Fast();
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
         if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
             JSByteArray* jsByteArray = asByteArray(baseValue);
             
             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
-            if (value.isInt32Fast()) {
-                jsByteArray->setIndex(i, value.getInt32Fast());
+            if (value.isInt32()) {
+                jsByteArray->setIndex(i, value.asInt32());
                 return;
             } else {
@@ -1815 +2022 @@
 {
     STUB_INIT_STACK_FRAME(stackFrame);
+
     CallFrame* callFrame = stackFrame.callFrame;
     RegisterFile* registerFile = stackFrame.registerFile;
@@ -1829 +2037 @@
             VM_THROW_EXCEPTION();
         }
-        int32_t expectedParams = asFunction(callFrame->registers()[RegisterFile::Callee].jsValue())->body()->parameterCount();
+        int32_t expectedParams = callFrame->callee()->body()->parameterCount();
         int32_t inplaceArgs = min(providedParams, expectedParams);
         
@@ -1961 +2169 @@
 
     CallFrame* callFrame = stackFrame.callFrame;
-    JSGlobalObject* globalObject = asGlobalObject(stackFrame.args[0].jsValue());
+    JSGlobalObject* globalObject = stackFrame.args[0].globalObject();
     Identifier& ident = stackFrame.args[1].identifier();
     unsigned globalResolveInfoIndex = stackFrame.args[2].int32();
@@ -2085 +2293 @@
 }
 
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_eq)
+#if USE(JSVALUE32_64)
+
+DEFINE_STUB_FUNCTION(bool, op_eq)
 {
     STUB_INIT_STACK_FRAME(stackFrame);
@@ -2092 +2302 @@
     JSValue src2 = stackFrame.args[1].jsValue();
 
-    CallFrame* callFrame = stackFrame.callFrame;
-
-    ASSERT(!JSValue::areBothInt32Fast(src1, src2));
-    JSValue result = jsBoolean(JSValue::equalSlowCaseInline(callFrame, src1, src2));
-    CHECK_FOR_EXCEPTION_AT_END();
-    return JSValue::encode(result);
-}
+    start:
+    if (src2.isUndefined()) {
+        return src1.isNull() || 
+               (src1.isCell() && asCell(src1)->structure()->typeInfo().masqueradesAsUndefined()) ||
+               src1.isUndefined();
+    }
+    
+    if (src2.isNull()) {
+        return src1.isUndefined() || 
+               (src1.isCell() && asCell(src1)->structure()->typeInfo().masqueradesAsUndefined()) ||
+               src1.isNull();
+    }
+
+    if (src1.isInt32()) {
+        if (src2.isDouble())
+            return src1.asInt32() == src2.asDouble();
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return src1.asInt32() == d;
+    }
+
+    if (src1.isDouble()) {
+        if (src2.isInt32())
+            return src1.asDouble() == src2.asInt32();
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return src1.asDouble() == d;
+    }
+
+    if (src1.isTrue()) {
+        if (src2.isFalse())
+            return false;
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return d == 1.0;
+    }
+
+    if (src1.isFalse()) {
+        if (src2.isTrue())
+            return false;
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return d == 0.0;
+    }
+    
+    if (src1.isUndefined())
+        return src2.isCell() && asCell(src2)->structure()->typeInfo().masqueradesAsUndefined();
+    
+    if (src1.isNull())
+        return src2.isCell() && asCell(src2)->structure()->typeInfo().masqueradesAsUndefined();
+
+    ASSERT(src1.isCell());
+
+    JSCell* cell1 = asCell(src1);
+
+    if (cell1->isString()) {
+        if (src2.isInt32())
+            return static_cast<JSString*>(cell1)->value().toDouble() == src2.asInt32();
+            
+        if (src2.isDouble())
+            return static_cast<JSString*>(cell1)->value().toDouble() == src2.asDouble();
+
+        if (src2.isTrue())
+            return static_cast<JSString*>(cell1)->value().toDouble() == 1.0;
+
+        if (src2.isFalse())
+            return static_cast<JSString*>(cell1)->value().toDouble() == 0.0;
+
+        ASSERT(src2.isCell());
+        JSCell* cell2 = asCell(src2);
+        if (cell2->isString())
+            return static_cast<JSString*>(cell1)->value() == static_cast<JSString*>(cell2)->value();
+
+        ASSERT(cell2->isObject());
+        src2 = static_cast<JSObject*>(cell2)->toPrimitive(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        goto start;
+    }
+
+    ASSERT(cell1->isObject());
+    if (src2.isObject())
+        return static_cast<JSObject*>(cell1) == asObject(src2);
+    src1 = static_cast<JSObject*>(cell1)->toPrimitive(stackFrame.callFrame);
+    CHECK_FOR_EXCEPTION();
+    goto start;
+}
+
+DEFINE_STUB_FUNCTION(bool, op_eq_strings)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSString* string1 = stackFrame.args[0].jsString();
+    JSString* string2 = stackFrame.args[1].jsString();
+
+    ASSERT(string1->isString());
+    ASSERT(string2->isString());
+    return string1->value() == string2->value();
+}
+
+#else // USE(JSVALUE32_64)
+
+DEFINE_STUB_FUNCTION(bool, op_eq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = JSValue::equalSlowCaseInline(callFrame, src1, src2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+#endif // USE(JSVALUE32_64)
 
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_lshift)
@@ -2107 +2426 @@
     JSValue shift = stackFrame.args[1].jsValue();
 
-    int32_t left;
-    uint32_t right;
-    if (JSValue::areBothInt32Fast(val, shift))
-        return JSValue::encode(jsNumber(stackFrame.globalData, val.getInt32Fast() << (shift.getInt32Fast() & 0x1f)));
-    if (val.numberToInt32(left) && shift.numberToUInt32(right))
-        return JSValue::encode(jsNumber(stackFrame.globalData, left << (right & 0x1f)));
-
     CallFrame* callFrame = stackFrame.callFrame;
     JSValue result = jsNumber(stackFrame.globalData, (val.toInt32(callFrame)) << (shift.toUInt32(callFrame) & 0x1f));
@@ -2127 +2439 @@
     JSValue src2 = stackFrame.args[1].jsValue();
 
-    int32_t left;
-    int32_t right;
-    if (src1.numberToInt32(left) && src2.numberToInt32(right))
-        return JSValue::encode(jsNumber(stackFrame.globalData, left & right));
-
+    ASSERT(!src1.isInt32() || !src2.isInt32());
     CallFrame* callFrame = stackFrame.callFrame;
     JSValue result = jsNumber(stackFrame.globalData, src1.toInt32(callFrame) & src2.toInt32(callFrame));
@@ -2145 +2453 @@
     JSValue shift = stackFrame.args[1].jsValue();
 
-    int32_t left;
-    uint32_t right;
-    if (JSFastMath::canDoFastRshift(val, shift))
-        return JSValue::encode(JSFastMath::rightShiftImmediateNumbers(val, shift));
-    if (val.numberToInt32(left) && shift.numberToUInt32(right))
-        return JSValue::encode(jsNumber(stackFrame.globalData, left >> (right & 0x1f)));
-
     CallFrame* callFrame = stackFrame.callFrame;
     JSValue result = jsNumber(stackFrame.globalData, (val.toInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
+
     CHECK_FOR_EXCEPTION_AT_END();
     return JSValue::encode(result);
@@ -2164 +2466 @@
     JSValue src = stackFrame.args[0].jsValue();
 
-    int value;
-    if (src.numberToInt32(value))
-        return JSValue::encode(jsNumber(stackFrame.globalData, ~value));
-
+    ASSERT(!src.isInt32());
     CallFrame* callFrame = stackFrame.callFrame;
     JSValue result = jsNumber(stackFrame.globalData, ~src.toInt32(callFrame));
@@ -2241 +2540 @@
 }
 
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_neq)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    JSValue src1 = stackFrame.args[0].jsValue();
-    JSValue src2 = stackFrame.args[1].jsValue();
-
-    ASSERT(!JSValue::areBothInt32Fast(src1, src2));
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    JSValue result = jsBoolean(!JSValue::equalSlowCaseInline(callFrame, src1, src2));
-    CHECK_FOR_EXCEPTION_AT_END();
-    return JSValue::encode(result);
-}
-
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_post_dec)
 {
@@ -2279 +2563 @@
 
     CallFrame* callFrame = stackFrame.callFrame;
-
-    if (JSFastMath::canDoFastUrshift(val, shift))
-        return JSValue::encode(JSFastMath::rightShiftImmediateNumbers(val, shift));
-    else {
-        JSValue result = jsNumber(stackFrame.globalData, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
-        CHECK_FOR_EXCEPTION_AT_END();
-        return JSValue::encode(result);
-    }
+    JSValue result = jsNumber(stackFrame.globalData, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
 }
 
@@ -2345 +2624 @@
         JSValue exceptionValue;
         JSValue result = interpreter->callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
-        if (UNLIKELY(exceptionValue != JSValue())) {
+        if (UNLIKELY(exceptionValue)) {
             stackFrame.globalData->exception = exceptionValue;
             VM_THROW_EXCEPTION_AT_END();
@@ -2583 +2862 @@
     CodeBlock* codeBlock = callFrame->codeBlock();
 
-    if (scrutinee.isInt32Fast())
-        return codeBlock->immediateSwitchJumpTable(tableIndex).ctiForValue(scrutinee.getInt32Fast()).executableAddress();
+    if (scrutinee.isInt32())
+        return codeBlock->immediateSwitchJumpTable(tableIndex).ctiForValue(scrutinee.asInt32()).executableAddress();
     else {
         double value;
@@ -2738 +3017 @@
 }
 
-} // namespace JITStubs
-
 } // namespace JSC
 

trunk/JavaScriptCore/jit/JITStubs.h

@@ -54 +54 @@
     class FuncDeclNode;
     class FuncExprNode;
+    class JSGlobalObject;
     class RegExp;
 
@@ -69 +70 @@
         RegExp* regExp() { return static_cast<RegExp*>(asPointer); }
         JSPropertyNameIterator* propertyNameIterator() { return static_cast<JSPropertyNameIterator*>(asPointer); }
+        JSGlobalObject* globalObject() { return static_cast<JSGlobalObject*>(asPointer); }
+        JSString* jsString() { return static_cast<JSString*>(asPointer); }
         ReturnAddressPtr returnAddress() { return ReturnAddressPtr(asPointer); }
     };
@@ -74 +77 @@
 #if PLATFORM(X86_64)
     struct JITStackFrame {
-        JITStubArg padding; // Unused
-        JITStubArg args[8];
+        void* reserved; // Unused
+        JITStubArg args[6];
+        void* padding[2]; // Maintain 32-byte stack alignment (possibly overkill).
 
         void* savedRBX;
@@ -96 +100 @@
     };
 #elif PLATFORM(X86)
+#if COMPILER(MSVC)
+#pragma pack(push)
+#pragma pack(4)
+#endif // COMPILER(MSVC)
     struct JITStackFrame {
-        JITStubArg padding; // Unused
+        void* reserved; // Unused
         JITStubArg args[6];
+#if USE(JSVALUE32_64)
+        void* padding[2]; // Maintain 16-byte stack alignment.
+#endif
 
         void* savedEBX;
@@ -116 +127 @@
         ReturnAddressPtr* returnAddressSlot() { return reinterpret_cast<ReturnAddressPtr*>(this) - 1; }
     };
+#if COMPILER(MSVC)
+#pragma pack(pop)
+#endif // COMPILER(MSVC)
 #elif PLATFORM_ARM_ARCH(7)
     struct JITStackFrame {
-        JITStubArg padding; // Unused
+        void* reserved; // Unused
         JITStubArg args[6];
+#if USE(JSVALUE32_64)
+        void* padding[2]; // Maintain 16-byte stack alignment.
+#endif
 
         ReturnAddressPtr thunkReturnAddress;
@@ -199 +216 @@
         static void tryCachePutByID(CallFrame*, CodeBlock*, ReturnAddressPtr returnAddress, JSValue baseValue, const PutPropertySlot&);
         
-        MacroAssemblerCodePtr ctiArrayLengthTrampoline() { return m_ctiArrayLengthTrampoline; }
         MacroAssemblerCodePtr ctiStringLengthTrampoline() { return m_ctiStringLengthTrampoline; }
         MacroAssemblerCodePtr ctiVirtualCallPreLink() { return m_ctiVirtualCallPreLink; }
@@ -209 +225 @@
         RefPtr<ExecutablePool> m_executablePool;
 
-        MacroAssemblerCodePtr m_ctiArrayLengthTrampoline;
         MacroAssemblerCodePtr m_ctiStringLengthTrampoline;
         MacroAssemblerCodePtr m_ctiVirtualCallPreLink;
@@ -217 +232 @@
     };
 
-namespace JITStubs { extern "C" {
-
+extern "C" {
+    EncodedJSValue JIT_STUB cti_op_add(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitand(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitnot(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitor(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitxor(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_call_NotJSFunction(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_call_eval(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_construct_NotJSConstruct(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_convert_this(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_del_by_id(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_del_by_val(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_div(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_array_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_generic(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_method_check(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_method_check_second(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_list(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_list_full(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_second(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_self_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_string_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_val(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_val_byte_array(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_val_string(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_in(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_instanceof(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_boolean(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_function(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_number(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_object(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_string(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_undefined(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_less(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_lesseq(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_lshift(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_mod(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_mul(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_negate(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_next_pname(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_not(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_nstricteq(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_post_dec(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_post_inc(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_pre_dec(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_pre_inc(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_base(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_global(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_skip(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_with_base(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_rshift(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_strcat(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_stricteq(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_sub(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_throw(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_to_jsnumber(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_to_primitive(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_typeof(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_urshift(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_vm_throw(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_construct_JSConstruct(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_array(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_error(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_func(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_func_exp(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_object(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_regexp(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_push_activation(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_push_new_scope(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_push_scope(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_put_by_id_transition_realloc(STUB_ARGS_DECLARATION);
+    JSPropertyNameIterator* JIT_STUB cti_op_get_pnames(STUB_ARGS_DECLARATION);
+    VoidPtrPair JIT_STUB cti_op_call_arityCheck(STUB_ARGS_DECLARATION);
+    bool JIT_STUB cti_op_eq(STUB_ARGS_DECLARATION);
+#if USE(JSVALUE32_64)
+    bool JIT_STUB cti_op_eq_strings(STUB_ARGS_DECLARATION);
+#endif
+    int JIT_STUB cti_op_jless(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_jlesseq(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_jtrue(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_load_varargs(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_loop_if_less(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_loop_if_lesseq(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_loop_if_true(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_timeout_check(STUB_ARGS_DECLARATION);
     void JIT_STUB cti_op_create_arguments(STUB_ARGS_DECLARATION);
     void JIT_STUB cti_op_create_arguments_no_params(STUB_ARGS_DECLARATION);
@@ -241 +342 @@
     void JIT_STUB cti_op_tear_off_arguments(STUB_ARGS_DECLARATION);
     void JIT_STUB cti_register_file_check(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_jless(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_jlesseq(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_jtrue(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_load_varargs(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_loop_if_less(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_loop_if_lesseq(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_op_loop_if_true(STUB_ARGS_DECLARATION);
-    int JIT_STUB cti_timeout_check(STUB_ARGS_DECLARATION);
     void* JIT_STUB cti_op_call_JSFunction(STUB_ARGS_DECLARATION);
     void* JIT_STUB cti_op_switch_char(STUB_ARGS_DECLARATION);
@@ -255 +348 @@
     void* JIT_STUB cti_vm_dontLazyLinkCall(STUB_ARGS_DECLARATION);
     void* JIT_STUB cti_vm_lazyLinkCall(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_construct_JSConstruct(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_convert_this(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_new_array(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_new_error(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_new_func(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_new_func_exp(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_new_object(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_new_regexp(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_push_activation(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_push_new_scope(STUB_ARGS_DECLARATION);
-    JSObject* JIT_STUB cti_op_push_scope(STUB_ARGS_DECLARATION);
-    JSPropertyNameIterator* JIT_STUB cti_op_get_pnames(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_add(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_bitand(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_bitnot(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_bitor(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_bitxor(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_call_NotJSFunction(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_call_eval(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_construct_NotJSConstruct(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_del_by_id(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_del_by_val(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_div(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_eq(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_method_check(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_method_check_second(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_array_fail(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_generic(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_fail(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_list(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_list_full(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_second(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_self_fail(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_id_string_fail(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_val(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_val_byte_array(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_get_by_val_string(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_put_by_id_transition_realloc(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_in(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_instanceof(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_is_boolean(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_is_function(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_is_number(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_is_object(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_is_string(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_is_undefined(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_less(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_lesseq(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_lshift(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_mod(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_mul(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_negate(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_neq(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_next_pname(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_not(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_nstricteq(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_pre_dec(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_pre_inc(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_resolve(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_resolve_base(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_resolve_global(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_resolve_skip(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_rshift(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_strcat(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_stricteq(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_sub(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_throw(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_to_jsnumber(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_to_primitive(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_typeof(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_urshift(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_vm_throw(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_post_dec(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_post_inc(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_resolve_func(STUB_ARGS_DECLARATION);
-    EncodedJSValue JIT_STUB cti_op_resolve_with_base(STUB_ARGS_DECLARATION);
-    VoidPtrPair JIT_STUB cti_op_call_arityCheck(STUB_ARGS_DECLARATION);
-
-}; } // extern "C" namespace JITStubs
+} // extern "C"
 
 } // namespace JSC

trunk/JavaScriptCore/jsc.cpp

@@ -444 +444 @@
 }
 
-static
-#if !HAVE(READLINE)
-NO_RETURN
-#endif
-void runInteractive(GlobalObject* globalObject)
+#define RUNNING_FROM_XCODE 0
+
+static void runInteractive(GlobalObject* globalObject)
 {
     while (true) {
-#if HAVE(READLINE)
+#if HAVE(READLINE) && !RUNNING_FROM_XCODE
         char* line = readline(interactivePrompt);
         if (!line)
@@ -460 +458 @@
         free(line);
 #else
-        puts(interactivePrompt);
+        printf("%s", interactivePrompt);
         Vector<char, 256> line;
         int c;
@@ -469 +467 @@
             line.append(c);
         }
+        if (line.isEmpty())
+            break;
         line.append('\0');
         Completion completion = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), makeSource(line.data(), interpreterName));

trunk/JavaScriptCore/parser/Nodes.cpp

@@ -356 +356 @@
     int identifierStart = divot() - startOffset();
     generator.emitExpressionInfo(identifierStart + m_ident.size(), m_ident.size(), 0);
-    generator.emitResolveFunction(thisRegister.get(), func.get(), m_ident);
+    generator.emitResolveWithBase(thisRegister.get(), func.get(), m_ident);
     return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
 }
@@ -376 +376 @@
 RegisterID* FunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
 {
-    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    RefPtr<RegisterID> function = generator.tempDestination(dst);
+    RefPtr<RegisterID> thisRegister = generator.newTemporary();
+    generator.emitNode(thisRegister.get(), m_base);
     generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
     generator.emitMethodCheck();
-    RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident);
-    RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
+    generator.emitGetById(function.get(), thisRegister.get(), m_ident);
     return generator.emitCall(generator.finalDestination(dst, function.get()), function.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
 }
@@ -1374 +1375 @@
 RegisterID* ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
 {
-    if (dst == generator.ignoredResult())
-        dst = 0;
-
     RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Loop);
 
@@ -1564 +1562 @@
         if (clauseExpression->isNumber()) {
             double value = static_cast<NumberNode*>(clauseExpression)->value();
-            JSValue jsValue = JSValue::makeInt32Fast(static_cast<int32_t>(value));
-            if ((typeForTable & ~SwitchNumber) || !jsValue || (jsValue.getInt32Fast() != value)) {
+            int32_t intVal = static_cast<int32_t>(value);
+            if ((typeForTable & ~SwitchNumber) || (intVal != value)) {
                 typeForTable = SwitchNeither;
                 break;
             }
-            int32_t intVal = static_cast<int32_t>(value);
-            ASSERT(intVal == value);
             if (intVal < min_num)
                 min_num = intVal;
@@ -1741 +1737 @@
 RegisterID* TryNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
 {
+    // NOTE: The catch and finally blocks must be labeled explicitly, so the
+    // optimizer knows they may be jumped to from anywhere.
+
     generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine());
 
     RefPtr<Label> tryStartLabel = generator.newLabel();
-    RefPtr<Label> tryEndLabel = generator.newLabel();
     RefPtr<Label> finallyStart;
     RefPtr<RegisterID> finallyReturnAddr;
@@ -1752 +1750 @@
         generator.pushFinallyContext(finallyStart.get(), finallyReturnAddr.get());
     }
+
     generator.emitLabel(tryStartLabel.get());
     generator.emitNode(dst, m_tryBlock);
-    generator.emitLabel(tryEndLabel.get());
 
     if (m_catchBlock) {
-        RefPtr<Label> handlerEndLabel = generator.newLabel();
-        generator.emitJump(handlerEndLabel.get());
-        RefPtr<RegisterID> exceptionRegister = generator.emitCatch(generator.newTemporary(), tryStartLabel.get(), tryEndLabel.get());
+        RefPtr<Label> catchEndLabel = generator.newLabel();
+        
+        // Normal path: jump over the catch block.
+        generator.emitJump(catchEndLabel.get());
+
+        // Uncaught exception path: the catch block.
+        RefPtr<Label> here = generator.emitLabel(generator.newLabel().get());
+        RefPtr<RegisterID> exceptionRegister = generator.emitCatch(generator.newTemporary(), tryStartLabel.get(), here.get());
         if (m_catchHasEval) {
             RefPtr<RegisterID> dynamicScopeObject = generator.emitNewObject(generator.newTemporary());
@@ -1769 +1772 @@
         generator.emitNode(dst, m_catchBlock);
         generator.emitPopScope();
-        generator.emitLabel(handlerEndLabel.get());
+        generator.emitLabel(catchEndLabel.get());
     }
 
@@ -1780 +1783 @@
         RefPtr<RegisterID> highestUsedRegister = generator.highestUsedRegister();
         RefPtr<Label> finallyEndLabel = generator.newLabel();
+
+        // Normal path: invoke the finally block, then jump over it.
         generator.emitJumpSubroutine(finallyReturnAddr.get(), finallyStart.get());
-        // Use a label to record the subtle fact that sret will return to the
-        // next instruction. sret is the only way to jump without an explicit label.
-        generator.emitLabel(generator.newLabel().get());
         generator.emitJump(finallyEndLabel.get());
 
-        // Finally block for exception path
-        RefPtr<RegisterID> tempExceptionRegister = generator.emitCatch(generator.newTemporary(), tryStartLabel.get(), generator.emitLabel(generator.newLabel().get()).get());
+        // Uncaught exception path: invoke the finally block, then re-throw the exception.
+        RefPtr<Label> here = generator.emitLabel(generator.newLabel().get());
+        RefPtr<RegisterID> tempExceptionRegister = generator.emitCatch(generator.newTemporary(), tryStartLabel.get(), here.get());
         generator.emitJumpSubroutine(finallyReturnAddr.get(), finallyStart.get());
-        // Use a label to record the subtle fact that sret will return to the
-        // next instruction. sret is the only way to jump without an explicit label.
-        generator.emitLabel(generator.newLabel().get());
         generator.emitThrow(tempExceptionRegister.get());
 
-        // emit the finally block itself
+        // The finally block.
         generator.emitLabel(finallyStart.get());
         generator.emitNode(dst, m_finallyBlock);

trunk/JavaScriptCore/runtime/ArgList.h

@@ -23 +23 @@
 #define ArgList_h
 
-#include "JSImmediate.h"
 #include "Register.h"
 

trunk/JavaScriptCore/runtime/Arguments.h

@@ -231 +231 @@
     }
 
+    ALWAYS_INLINE Arguments* Register::arguments() const
+    {
+        if (jsValue() == JSValue())
+            return 0;
+        return asArguments(jsValue());
+    }
+    
+
 } // namespace JSC
 

trunk/JavaScriptCore/runtime/Collector.cpp

@@ -1183 +1183 @@
     if (cell->isString())
         return "string";
+#if USE(JSVALUE32)
     if (cell->isNumber())
         return "number";
+#endif
     if (cell->isGetterSetter())
         return "gettersetter";

trunk/JavaScriptCore/runtime/Collector.h

@@ -168 +168 @@
 
     // cell size needs to be a power of two for certain optimizations in collector.cpp
-    template<> struct CellSize<sizeof(uint32_t)> { static const size_t m_value = 32; }; // 32-bit
-    template<> struct CellSize<sizeof(uint64_t)> { static const size_t m_value = 64; }; // 64-bit
+#if USE(JSVALUE32)
+    template<> struct CellSize<sizeof(uint32_t)> { static const size_t m_value = 32; };
+#else
+    template<> struct CellSize<sizeof(uint32_t)> { static const size_t m_value = 64; };
+#endif
+    template<> struct CellSize<sizeof(uint64_t)> { static const size_t m_value = 64; };
+
     const size_t BLOCK_SIZE = 16 * 4096; // 64k
 

trunk/JavaScriptCore/runtime/ExceptionHelpers.h

@@ -30 +30 @@
 #define ExceptionHelpers_h
 
-#include "JSImmediate.h"
 
 namespace JSC {

trunk/JavaScriptCore/runtime/InitializeThreading.cpp

@@ -30 +30 @@
 #include "InitializeThreading.h"
 
-#include "JSImmediate.h"
 #include "Collector.h"
 #include "dtoa.h"

trunk/JavaScriptCore/runtime/JSArray.cpp

@@ -135 +135 @@
 
     m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
+    m_storage->m_vectorLength = initialCapacity;
+
     m_fastAccessCutoff = 0;
-    m_storage->m_vectorLength = initialCapacity;
-    m_storage->m_length = 0;
 
     checkConsistency();
@@ -147 +147 @@
     unsigned initialCapacity = min(initialLength, MIN_SPARSE_ARRAY_INDEX);
 
-    m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
+    m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
+    m_storage->m_length = initialLength;
+    m_storage->m_vectorLength = initialCapacity;
+    m_storage->m_numValuesInVector = 0;
+    m_storage->m_sparseValueMap = 0;
+    m_storage->lazyCreationData = 0;
+
+    JSValue* vector = m_storage->m_vector;
+    for (size_t i = 0; i < initialCapacity; ++i)
+        vector[i] = JSValue();
+
     m_fastAccessCutoff = 0;
-    m_storage->m_vectorLength = initialCapacity;
-    m_storage->m_length = initialLength;
+
+    checkConsistency();
 
     Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue));
-
-    checkConsistency();
 }
 
@@ -160 +168 @@
     : JSObject(structure)
 {
-    unsigned length = list.size();
-
-    m_fastAccessCutoff = length;
-
-    ArrayStorage* storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(length)));
-
-    storage->m_vectorLength = length;
-    storage->m_numValuesInVector = length;
-    storage->m_sparseValueMap = 0;
-    storage->m_length = length;
+    unsigned initialCapacity = list.size();
+
+    m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
+    m_storage->m_length = initialCapacity;
+    m_storage->m_vectorLength = initialCapacity;
+    m_storage->m_numValuesInVector = initialCapacity;
+    m_storage->m_sparseValueMap = 0;
 
     size_t i = 0;
     ArgList::const_iterator end = list.end();
     for (ArgList::const_iterator it = list.begin(); it != end; ++it, ++i)
-        storage->m_vector[i] = *it;
-
-    m_storage = storage;
-
-    Heap::heap(this)->reportExtraMemoryCost(storageSize(length));
-
-    checkConsistency();
+        m_storage->m_vector[i] = *it;
+
+    m_fastAccessCutoff = initialCapacity;
+
+    checkConsistency();
+
+    Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
 }
 

trunk/JavaScriptCore/runtime/JSCell.cpp

@@ -91 +91 @@
 }
 
-bool JSCell::getTruncatedInt32(int32_t&) const
-{
-    return false;
-}
-
-bool JSCell::getTruncatedUInt32(uint32_t&) const
-{
-    return false;
-}
-
 bool JSCell::getString(UString&stringValue) const
 {

trunk/JavaScriptCore/runtime/JSCell.h

@@ -41 +41 @@
         friend class JSString;
         friend class JSValue;
+        friend class JSAPIValueWrapper;
         friend struct VPtrSet;
 
@@ -49 +50 @@
     public:
         // Querying the type.
+#if USE(JSVALUE32)
         bool isNumber() const;
+#endif
         bool isString() const;
         bool isObject() const;
         virtual bool isGetterSetter() const;
         virtual bool isObject(const ClassInfo*) const;
+        virtual bool isAPIValueWrapper() const { return false; }
 
         Structure* structure() const;
@@ -69 +73 @@
         // FIXME: remove these methods, can check isNumberCell in JSValue && then call asNumberCell::*.
         virtual bool getUInt32(uint32_t&) const;
-        virtual bool getTruncatedInt32(int32_t&) const;
-        virtual bool getTruncatedUInt32(uint32_t&) const;
 
         // Basic conversions.
@@ -125 +127 @@
     }
 
+#if USE(JSVALUE32)
     inline bool JSCell::isNumber() const
     {
         return Heap::isNumber(const_cast<JSCell*>(this));
     }
+#endif
 
     inline bool JSCell::isObject() const
@@ -153 +157 @@
     {
         return Heap::markCell(this);
-    }
-
-    ALWAYS_INLINE JSCell* JSValue::asCell() const
-    {
-        ASSERT(isCell());
-        return m_ptr;
     }
 
@@ -174 +172 @@
     inline bool JSValue::isString() const
     {
-        return !JSImmediate::isImmediate(asValue()) && asCell()->isString();
+        return isCell() && asCell()->isString();
     }
 
     inline bool JSValue::isGetterSetter() const
     {
-        return !JSImmediate::isImmediate(asValue()) && asCell()->isGetterSetter();
+        return isCell() && asCell()->isGetterSetter();
     }
 
     inline bool JSValue::isObject() const
     {
-        return !JSImmediate::isImmediate(asValue()) && asCell()->isObject();
+        return isCell() && asCell()->isObject();
     }
 
     inline bool JSValue::getString(UString& s) const
     {
-        return !JSImmediate::isImmediate(asValue()) && asCell()->getString(s);
+        return isCell() && asCell()->getString(s);
     }
 
     inline UString JSValue::getString() const
     {
-        return JSImmediate::isImmediate(asValue()) ? UString() : asCell()->getString();
+        return isCell() ? asCell()->getString() : UString();
     }
 
     inline JSObject* JSValue::getObject() const
     {
-        return JSImmediate::isImmediate(asValue()) ? 0 : asCell()->getObject();
+        return isCell() ? asCell()->getObject() : 0;
     }
 
     inline CallType JSValue::getCallData(CallData& callData)
     {
-        return JSImmediate::isImmediate(asValue()) ? CallTypeNone : asCell()->getCallData(callData);
+        return isCell() ? asCell()->getCallData(callData) : CallTypeNone;
     }
 
     inline ConstructType JSValue::getConstructData(ConstructData& constructData)
     {
-        return JSImmediate::isImmediate(asValue()) ? ConstructTypeNone : asCell()->getConstructData(constructData);
+        return isCell() ? asCell()->getConstructData(constructData) : ConstructTypeNone;
     }
 
     ALWAYS_INLINE bool JSValue::getUInt32(uint32_t& v) const
     {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::getUInt32(asValue(), v) : asCell()->getUInt32(v);
-    }
-
-    ALWAYS_INLINE bool JSValue::getTruncatedInt32(int32_t& v) const
-    {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::getTruncatedInt32(asValue(), v) : asCell()->getTruncatedInt32(v);
-    }
-
-    inline bool JSValue::getTruncatedUInt32(uint32_t& v) const
-    {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::getTruncatedUInt32(asValue(), v) : asCell()->getTruncatedUInt32(v);
+        if (isInt32()) {
+            int32_t i = asInt32();
+            v = static_cast<uint32_t>(i);
+            return i >= 0;
+        }
+        if (isDouble()) {
+            double d = asDouble();
+            v = static_cast<uint32_t>(d);
+            return v == d;
+        }
+        return false;
     }
 
@@ -234 +232 @@
     inline bool JSValue::marked() const
     {
-        return JSImmediate::isImmediate(asValue()) || asCell()->marked();
-    }
+        return !isCell() || asCell()->marked();
+    }
+
+#if !USE(JSVALUE32_64)
+    ALWAYS_INLINE JSCell* JSValue::asCell() const
+    {
+        ASSERT(isCell());
+        return m_ptr;
+    }
+#endif // !USE(JSVALUE32_64)
 
     inline JSValue JSValue::toPrimitive(ExecState* exec, PreferredPrimitiveType preferredType) const
     {
-        return JSImmediate::isImmediate(asValue()) ? asValue() : asCell()->toPrimitive(exec, preferredType);
+        return isCell() ? asCell()->toPrimitive(exec, preferredType) : asValue();
     }
 
     inline bool JSValue::getPrimitiveNumber(ExecState* exec, double& number, JSValue& value)
     {
-        if (JSImmediate::isImmediate(asValue())) {
-            number = JSImmediate::toDouble(asValue());
-            value = asValue();
-            return true;
-        }
-        return asCell()->getPrimitiveNumber(exec, number, value);
+        if (isInt32()) {
+            number = asInt32();
+            value = *this;
+            return true;
+        }
+        if (isDouble()) {
+            number = asDouble();
+            value = *this;
+            return true;
+        }
+        if (isCell())
+            return asCell()->getPrimitiveNumber(exec, number, value);
+        if (isTrue()) {
+            number = 1.0;
+            value = *this;
+            return true;
+        }
+        if (isFalse() || isNull()) {
+            number = 0.0;
+            value = *this;
+            return true;
+        }
+        ASSERT(isUndefined());
+        number = nonInlineNaN();
+        value = *this;
+        return true;
     }
 
     inline bool JSValue::toBoolean(ExecState* exec) const
     {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toBoolean(asValue()) : asCell()->toBoolean(exec);
+        if (isInt32())
+            return asInt32() != 0;
+        if (isDouble())
+            return asDouble() > 0.0 || asDouble() < 0.0; // false for NaN
+        if (isCell())
+            return asCell()->toBoolean(exec);
+        return isTrue(); // false, null, and undefined all convert to false.
     }
 
     ALWAYS_INLINE double JSValue::toNumber(ExecState* exec) const
     {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toDouble(asValue()) : asCell()->toNumber(exec);
+        if (isInt32())
+            return asInt32();
+        if (isDouble())
+            return asDouble();
+        if (isCell())
+            return asCell()->toNumber(exec);
+        if (isTrue())
+            return 1.0;
+        return isUndefined() ? nonInlineNaN() : 0; // null and false both convert to 0.
     }
 
     inline UString JSValue::toString(ExecState* exec) const
     {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toString(asValue()) : asCell()->toString(exec);
+        if (isCell())
+            return asCell()->toString(exec);
+        if (isInt32())
+            return UString::from(asInt32());
+        if (isDouble())
+            return asDouble() == 0.0 ? "0" : UString::from(asDouble());
+        if (isTrue())
+            return "true";
+        if (isFalse())
+            return "false";
+        if (isNull())
+            return "null";
+        ASSERT(isUndefined());
+        return "undefined";
+    }
+
+    inline bool JSValue::needsThisConversion() const
+    {
+        if (UNLIKELY(!isCell()))
+            return true;
+        return asCell()->structure()->typeInfo().needsThisConversion();
+    }
+
+    inline UString JSValue::toThisString(ExecState* exec) const
+    {
+        return isCell() ? asCell()->toThisString(exec) : toString(exec);
+    }
+
+    inline JSValue JSValue::getJSNumber()
+    {
+        if (isInt32() || isDouble())
+            return *this;
+        if (isCell())
+            return asCell()->getJSNumber();
+        return JSValue();
     }
 
     inline JSObject* JSValue::toObject(ExecState* exec) const
     {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toObject(asValue(), exec) : asCell()->toObject(exec);
+        return isCell() ? asCell()->toObject(exec) : toObjectSlowCase(exec);
     }
 
     inline JSObject* JSValue::toThisObject(ExecState* exec) const
     {
-        if (UNLIKELY(JSImmediate::isImmediate(asValue())))
-            return JSImmediate::toThisObject(asValue(), exec);
-        return asCell()->toThisObject(exec);
-    }
-
-    inline bool JSValue::needsThisConversion() const
-    {
-        if (UNLIKELY(JSImmediate::isImmediate(asValue())))
-            return true;
-        return asCell()->structure()->typeInfo().needsThisConversion();
-    }
-
-    inline UString JSValue::toThisString(ExecState* exec) const
-    {
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toString(asValue()) : asCell()->toThisString(exec);
-    }
-
-    inline JSValue JSValue::getJSNumber()
-    {
-        return JSImmediate::isNumber(asValue()) ? asValue() : JSImmediate::isImmediate(asValue()) ? JSValue() : asCell()->getJSNumber();
+        return isCell() ? asCell()->toThisObject(exec) : toThisObjectSlowCase(exec);
     }
 

trunk/JavaScriptCore/runtime/JSFunction.cpp

@@ -73 +73 @@
 JSFunction::~JSFunction()
 {
-#if ENABLE(JIT) 
     // JIT code for other functions may have had calls linked directly to the code for this function; these links
     // are based on a check for the this pointer value for this JSFunction - which will no longer be valid once
     // this memory is freed and may be reused (potentially for another, different JSFunction).
+#if ENABLE(JIT_OPTIMIZE_CALL)
     if (m_body && m_body->isGenerated())
         m_body->generatedBytecode().unlinkCallers();
 #endif
     if (!isHostFunction())
-        scopeChain().~ScopeChain();
+        scopeChain().~ScopeChain(); // FIXME: Don't we need to do this in the interpreter too?
 }
 

trunk/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -119 +119 @@
     , notAnObjectErrorStubStructure(JSNotAnObjectErrorStub::createStructure(jsNull()))
     , notAnObjectStructure(JSNotAnObject::createStructure(jsNull()))
-#if !USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE32)
     , numberStructure(JSNumberCell::createStructure(jsNull()))
 #endif

trunk/JavaScriptCore/runtime/JSGlobalData.h

@@ -98 +98 @@
         RefPtr<Structure> notAnObjectErrorStubStructure;
         RefPtr<Structure> notAnObjectStructure;
-#if !USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE32)
         RefPtr<Structure> numberStructure;
 #endif

trunk/JavaScriptCore/runtime/JSGlobalObject.h

@@ -348 +348 @@
             return m_prototype;
 
+#if USE(JSVALUE32)
         if (typeInfo().type() == StringType)
             return exec->lexicalGlobalObject()->stringPrototype();
@@ -353 +354 @@
         ASSERT(typeInfo().type() == NumberType);
         return exec->lexicalGlobalObject()->numberPrototype();
+#else
+        ASSERT(typeInfo().type() == StringType);
+        return exec->lexicalGlobalObject()->stringPrototype();
+#endif
     }
 

trunk/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -304 +304 @@
     int32_t radix = args.at(1).toInt32(exec);
 
-    if (value.isNumber() && (radix == 0 || radix == 10)) {
-        if (value.isInt32Fast())
-            return value;
-        double d = value.uncheckedGetNumber();
+    if (radix != 0 && radix != 10)
+        return jsNumber(exec, parseInt(value.toString(exec), radix));
+
+    if (value.isInt32())
+        return value;
+
+    if (value.isDouble()) {
+        double d = value.asDouble();
         if (isfinite(d))
             return jsNumber(exec, (d > 0) ? floor(d) : ceil(d));
         if (isnan(d) || isinf(d))
-            return jsNaN(&exec->globalData());
+            return jsNaN(exec);
         return jsNumber(exec, 0);
     }

trunk/JavaScriptCore/runtime/JSImmediate.cpp

@@ -21 +21 @@
 #include "config.h"
 #include "JSImmediate.h"
+
+#if !USE(JSVALUE32_64)
 
 #include "BooleanConstructor.h"
@@ -70 +72 @@
 }
 
-UString JSImmediate::toString(JSValue v)
-{
-    ASSERT(isImmediate(v));
-    if (isIntegerNumber(v))
-        return UString::from(getTruncatedInt32(v));
-#if USE(ALTERNATE_JSIMMEDIATE)
-    if (isNumber(v)) {
-        ASSERT(isDoubleNumber(v));
-        double value = doubleValue(v);
-        if (value == 0.0) // +0.0 or -0.0
-            return "0";
-        return UString::from(value);
-    }
-#else
-        ASSERT(!isNumber(v));
-#endif
-    if (jsBoolean(false) == v)
-        return "false";
-    if (jsBoolean(true) == v)
-        return "true";
-    if (v.isNull())
-        return "null";
-    ASSERT(v.isUndefined());
-    return "undefined";
-}
+} // namespace JSC
 
-NEVER_INLINE double JSImmediate::nonInlineNaN()
-{
-    return std::numeric_limits<double>::quiet_NaN();
-}
-
-} // namespace JSC
+#endif // !USE(JSVALUE32_64)

trunk/JavaScriptCore/runtime/JSImmediate.h

@@ -23 +23 @@
 #define JSImmediate_h
 
+#include <wtf/Platform.h>
+
+#if !USE(JSVALUE32_64)
+
 #include <wtf/Assertions.h>
 #include <wtf/AlwaysInline.h>
@@ -43 +47 @@
     class UString;
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     inline intptr_t reinterpretDoubleToIntptr(double value)
     {
@@ -99 +103 @@
     /*
      * On 64-bit platforms, we support an alternative encoding form for immediates, if
-     * USE(ALTERNATE_JSIMMEDIATE) is defined.  When this format is used, double precision
+     * USE(JSVALUE64) is defined.  When this format is used, double precision
      * floating point values may also be encoded as JSImmediates.
      *
@@ -156 +160 @@
         friend JSValue jsNumber(JSGlobalData* globalData, unsigned long long i);
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         // If all bits in the mask are set, this indicates an integer number,
         // if any but not all are set this value is a double precision number.
@@ -178 +182 @@
         static const intptr_t FullTagTypeNull      = TagBitTypeOther;
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         static const int32_t IntegerPayloadShift  = 0;
 #else
@@ -201 +205 @@
         static ALWAYS_INLINE bool isIntegerNumber(JSValue v)
         {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             return (rawValue(v) & TagTypeNumber) == TagTypeNumber;
 #else
@@ -208 +212 @@
         }
 
-#if USE(ALTERNATE_JSIMMEDIATE)
-        static ALWAYS_INLINE bool isDoubleNumber(JSValue v)
+#if USE(JSVALUE64)
+        static ALWAYS_INLINE bool isDouble(JSValue v)
         {
             return isNumber(v) && !isIntegerNumber(v);
@@ -257 +261 @@
         static ALWAYS_INLINE bool areBothImmediateIntegerNumbers(JSValue v1, JSValue v2)
         {
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             return (rawValue(v1) & rawValue(v2) & TagTypeNumber) == TagTypeNumber;
 #else
@@ -268 +272 @@
         static JSObject* toObject(JSValue, ExecState*);
         static JSObject* toThisObject(JSValue, ExecState*);
-        static UString toString(JSValue);
 
         static bool getUInt32(JSValue, uint32_t&);
@@ -287 +290 @@
 
     private:
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         static const int minImmediateInt = ((-INT_MAX) - 1);
         static const int maxImmediateInt = INT_MAX;
@@ -301 +304 @@
         }
 
-        // With USE(ALTERNATE_JSIMMEDIATE) we want the argument to be zero extended, so the
+        // With USE(JSVALUE64) we want the argument to be zero extended, so the
         // integer doesn't interfere with the tag bits in the upper word.  In the default encoding,
         // if intptr_t id larger then int32_t we sign extend the value through the upper word.
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         static ALWAYS_INLINE JSValue makeInt(uint32_t value)
 #else
@@ -313 +316 @@
         }
         
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         static ALWAYS_INLINE JSValue makeDouble(double value)
         {
@@ -338 +341 @@
         static JSValue fromNumberOutsideIntegerRange(T);
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         static ALWAYS_INLINE double doubleValue(JSValue v)
         {
@@ -364 +367 @@
             return v.immediateValue();
         }
-
-        static double nonInlineNaN();
     };
 
@@ -375 +376 @@
     ALWAYS_INLINE JSValue JSImmediate::oneImmediate() { return makeInt(1); }
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     inline bool doubleToBoolean(double value)
     {
@@ -402 +403 @@
     }
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
     template<typename T>
     inline JSValue JSImmediate::fromNumberOutsideIntegerRange(T value)
@@ -443 +444 @@
     ALWAYS_INLINE JSValue JSImmediate::from(int i)
     {
-#if !USE(ALTERNATE_JSIMMEDIATE)
+#if !USE(JSVALUE64)
         if ((i < minImmediateInt) | (i > maxImmediateInt))
             return fromNumberOutsideIntegerRange(i);
@@ -509 +510 @@
             return intValue(v);
 
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
         if (isNumber(v)) {
-            ASSERT(isDoubleNumber(v));
+            ASSERT(isDouble(v));
             return doubleValue(v);
         }
@@ -542 +543 @@
     }
 
-    // These are identical logic to the JSValue functions above, and faster than jsNumber(number).toInt32().
-    int32_t toInt32(double);
-    uint32_t toUInt32(double);
-    int32_t toInt32SlowCase(double, bool& ok);
-    uint32_t toUInt32SlowCase(double, bool& ok);
-
     inline JSValue::JSValue(JSNullTag)
     {
@@ -576 +571 @@
     {
         return JSImmediate::isBoolean(asValue());
+    }
+
+    inline bool JSValue::isTrue() const
+    {
+        return asValue() == JSImmediate::trueImmediate();
+    }
+
+    inline bool JSValue::isFalse() const
+    {
+        return asValue() == JSImmediate::falseImmediate();
     }
 
@@ -593 +598 @@
     }
 
-    ALWAYS_INLINE int32_t JSValue::toInt32(ExecState* exec) const
-    {
-        int32_t i;
-        if (getTruncatedInt32(i))
-            return i;
-        bool ignored;
-        return toInt32SlowCase(toNumber(exec), ignored);
-    }
-
-    inline uint32_t JSValue::toUInt32(ExecState* exec) const
-    {
-        uint32_t i;
-        if (getTruncatedUInt32(i))
-            return i;
-        bool ignored;
-        return toUInt32SlowCase(toNumber(exec), ignored);
-    }
-
-    inline int32_t toInt32(double val)
-    {
-        if (!(val >= -2147483648.0 && val < 2147483648.0)) {
-            bool ignored;
-            return toInt32SlowCase(val, ignored);
-        }
-        return static_cast<int32_t>(val);
-    }
-
-    inline uint32_t toUInt32(double val)
-    {
-        if (!(val >= 0.0 && val < 4294967296.0)) {
-            bool ignored;
-            return toUInt32SlowCase(val, ignored);
-        }
-        return static_cast<uint32_t>(val);
-    }
-
-    inline int32_t JSValue::toInt32(ExecState* exec, bool& ok) const
-    {
-        int32_t i;
-        if (getTruncatedInt32(i)) {
-            ok = true;
-            return i;
-        }
-        return toInt32SlowCase(toNumber(exec), ok);
-    }
-
-    inline uint32_t JSValue::toUInt32(ExecState* exec, bool& ok) const
-    {
-        uint32_t i;
-        if (getTruncatedUInt32(i)) {
-            ok = true;
-            return i;
-        }
-        return toUInt32SlowCase(toNumber(exec), ok);
-    }
-
     inline bool JSValue::isCell() const
     {
@@ -654 +603 @@
     }
 
-    inline bool JSValue::isInt32Fast() const
+    inline bool JSValue::isInt32() const
     {
         return JSImmediate::isIntegerNumber(asValue());
     }
 
-    inline int32_t JSValue::getInt32Fast() const
-    {
-        ASSERT(isInt32Fast());
+    inline int32_t JSValue::asInt32() const
+    {
+        ASSERT(isInt32());
         return JSImmediate::getTruncatedInt32(asValue());
     }
 
-    inline bool JSValue::isUInt32Fast() const
+    inline bool JSValue::isUInt32() const
     {
         return JSImmediate::isPositiveIntegerNumber(asValue());
     }
 
-    inline uint32_t JSValue::getUInt32Fast() const
-    {
-        ASSERT(isUInt32Fast());
+    inline uint32_t JSValue::asUInt32() const
+    {
+        ASSERT(isUInt32());
         return JSImmediate::getTruncatedUInt32(asValue());
-    }
-
-    inline JSValue JSValue::makeInt32Fast(int32_t i)
-    {
-        return JSImmediate::from(i);
-    }
-
-    inline bool JSValue::areBothInt32Fast(JSValue v1, JSValue v2)
-    {
-        return JSImmediate::areBothImmediateIntegerNumbers(v1, v2);
     }
 
@@ -736 +675 @@
         {
             ASSERT(canDoFastRshift(val, shift) || canDoFastUrshift(val, shift));
-#if USE(ALTERNATE_JSIMMEDIATE)
+#if USE(JSVALUE64)
             return JSImmediate::makeValue(static_cast<intptr_t>(static_cast<uint32_t>(static_cast<int32_t>(JSImmediate::rawValue(val)) >> ((JSImmediate::rawValue(shift) >> JSImmediate::IntegerPayloadShift) & 0x1f))) | JSImmediate::TagTypeNumber);
 #else
@@ -784 +723 @@
 } // namespace JSC
 
+#endif // !USE(JSVALUE32_64)
+
 #endif // JSImmediate_h

trunk/JavaScriptCore/runtime/JSNumberCell.cpp

@@ -24 +24 @@
 #include "JSNumberCell.h"
 
+#if USE(JSVALUE32)
+
 #include "NumberObject.h"
 #include "UString.h"
 
 namespace JSC {
-
-#if !USE(ALTERNATE_JSIMMEDIATE)
 
 JSValue JSNumberCell::toPrimitive(ExecState*, PreferredPrimitiveType) const
@@ -83 +83 @@
 }
 
-bool JSNumberCell::getTruncatedInt32(int32_t& int32) const
-{
-    if (!(m_value >= -2147483648.0 && m_value < 2147483648.0))
-        return false;
-    int32 = static_cast<int32_t>(m_value);
-    return true;
-}
-
-bool JSNumberCell::getTruncatedUInt32(uint32_t& uint32) const
-{
-    if (!(m_value >= 0.0 && m_value < 4294967296.0))
-        return false;
-    uint32 = static_cast<uint32_t>(m_value);
-    return true;
-}
-
 JSValue JSNumberCell::getJSNumber()
 {
@@ -114 +98 @@
 }
 
-JSValue jsAPIMangledNumber(ExecState* exec, double d)
-{
-    return new (exec) JSNumberCell(JSNumberCell::APIMangled, d);
-}
+} // namespace JSC
 
-#else
+#else // USE(JSVALUE32)
+
+// Keep our exported symbols lists happy.
+namespace JSC {
+
+JSValue jsNumberCell(ExecState*, double);
 
 JSValue jsNumberCell(ExecState*, double)
@@ -127 +113 @@
 }
 
-JSValue jsAPIMangledNumber(ExecState*, double)
-{
-    ASSERT_NOT_REACHED();
-    return JSValue();
-}
+} // namespace JSC
 
-#endif
-
-} // namespace JSC
+#endif // USE(JSVALUE32)

trunk/JavaScriptCore/runtime/JSNumberCell.h

@@ -36 +36 @@
     extern const double Inf;
 
+#if USE(JSVALUE32)
     JSValue jsNumberCell(ExecState*, double);
-    JSValue jsAPIMangledNumber(ExecState*, double);
-
-#if !USE(ALTERNATE_JSIMMEDIATE)
 
     class Identifier;
@@ -54 +52 @@
         friend JSValue jsNumberCell(JSGlobalData*, double);
         friend JSValue jsNumberCell(ExecState*, double);
-        friend JSValue jsAPIMangledNumber(ExecState*, double);
+
     public:
         double value() const { return m_value; }
@@ -68 +66 @@
         virtual JSObject* toThisObject(ExecState*) const;
         virtual JSValue getJSNumber();
-
-        static const uintptr_t JSAPIMangledMagicNumber = 0xbbadbeef;
-        bool isAPIMangledNumber() const { return m_structure == reinterpret_cast<Structure*>(JSAPIMangledMagicNumber); }
 
         void* operator new(size_t size, ExecState* exec)
@@ -105 +100 @@
         }
 
-        enum APIMangledTag { APIMangled };
-        JSNumberCell(APIMangledTag, double value)
-            : JSCell(reinterpret_cast<Structure*>(JSAPIMangledMagicNumber))
-            , m_value(value)
-        {
-        }
-
         virtual bool getUInt32(uint32_t&) const;
-        virtual bool getTruncatedInt32(int32_t&) const;
-        virtual bool getTruncatedUInt32(uint32_t&) const;
 
         double m_value;
@@ -132 +118 @@
     }
 
-
     inline JSValue::JSValue(ExecState* exec, double d)
     {
@@ -193 +178 @@
     }
 
-    inline JSValue::JSValue(JSGlobalData* globalData, long i)
-    {
-        JSValue v = JSImmediate::from(i);
-        *this = v ? v : jsNumberCell(globalData, i);
-    }
-
-    inline JSValue::JSValue(JSGlobalData* globalData, unsigned long i)
-    {
-        JSValue v = JSImmediate::from(i);
-        *this = v ? v : jsNumberCell(globalData, i);
-    }
-
-    inline JSValue::JSValue(JSGlobalData* globalData, long long i)
-    {
-        JSValue v = JSImmediate::from(i);
-        *this = v ? v : jsNumberCell(globalData, static_cast<double>(i));
-    }
-
-    inline JSValue::JSValue(JSGlobalData* globalData, unsigned long long i)
-    {
-        JSValue v = JSImmediate::from(i);
-        *this = v ? v : jsNumberCell(globalData, static_cast<double>(i));
-    }
-
-    inline bool JSValue::isDoubleNumber() const
+    inline bool JSValue::isDouble() const
     {
         return isNumberCell(asValue());
     }
 
-    inline double JSValue::getDoubleNumber() const
+    inline double JSValue::asDouble() const
     {
         return asNumberCell(asValue())->value();
@@ -229 +190 @@
     inline bool JSValue::isNumber() const
     {
-        return JSImmediate::isNumber(asValue()) || isDoubleNumber();
+        return JSImmediate::isNumber(asValue()) || isDouble();
     }
 
@@ -235 +196 @@
     {
         ASSERT(isNumber());
-        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toDouble(asValue()) : getDoubleNumber();
-    }
-
-    inline bool JSValue::isAPIMangledNumber()
-    {
-        ASSERT(isNumber());
-        return JSImmediate::isImmediate(asValue()) ? false : asNumberCell(asValue())->isAPIMangledNumber();
-    }
-
-#else
-
+        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toDouble(asValue()) : asDouble();
+    }
+
+#endif // USE(JSVALUE32)
+
+#if USE(JSVALUE64)
     inline JSValue::JSValue(ExecState*, double d)
     {
@@ -316 +272 @@
     }
 
-    inline JSValue::JSValue(JSGlobalData*, long i)
-    {
-        JSValue v = JSImmediate::from(i);
-        ASSERT(v);
-        *this = v;
-    }
-
-    inline JSValue::JSValue(JSGlobalData*, unsigned long i)
-    {
-        JSValue v = JSImmediate::from(i);
-        ASSERT(v);
-        *this = v;
-    }
-
-    inline JSValue::JSValue(JSGlobalData*, long long i)
-    {
-        JSValue v = JSImmediate::from(static_cast<double>(i));
-        ASSERT(v);
-        *this = v;
-    }
-
-    inline JSValue::JSValue(JSGlobalData*, unsigned long long i)
-    {
-        JSValue v = JSImmediate::from(static_cast<double>(i));
-        ASSERT(v);
-        *this = v;
-    }
-
-    inline bool JSValue::isDoubleNumber() const
-    {
-        return JSImmediate::isDoubleNumber(asValue());
-    }
-
-    inline double JSValue::getDoubleNumber() const
+    inline bool JSValue::isDouble() const
+    {
+        return JSImmediate::isDouble(asValue());
+    }
+
+    inline double JSValue::asDouble() const
     {
         return JSImmediate::doubleValue(asValue());
@@ -365 +293 @@
     }
 
-#endif
+#endif // USE(JSVALUE64)
+
+#if USE(JSVALUE32) || USE(JSVALUE64)
 
     inline JSValue::JSValue(ExecState*, char i)
@@ -391 +321 @@
     }
 
-    inline JSValue::JSValue(JSGlobalData*, char i)
-    {
-        ASSERT(JSImmediate::from(i));
-        *this = JSImmediate::from(i);
-    }
-
-    inline JSValue::JSValue(JSGlobalData*, unsigned char i)
-    {
-        ASSERT(JSImmediate::from(i));
-        *this = JSImmediate::from(i);
-    }
-
-    inline JSValue::JSValue(JSGlobalData*, short i)
-    {
-        ASSERT(JSImmediate::from(i));
-        *this = JSImmediate::from(i);
-    }
-
-    inline JSValue::JSValue(JSGlobalData*, unsigned short i)
-    {
-        ASSERT(JSImmediate::from(i));
-        *this = JSImmediate::from(i);
-    }
-
     inline JSValue jsNaN(ExecState* exec)
     {
@@ -434 +340 @@
     inline bool JSValue::getNumber(double &result) const
     {
-        if (isInt32Fast())
-            result = getInt32Fast();
-        else if (LIKELY(isDoubleNumber()))
-            result = getDoubleNumber();
+        if (isInt32())
+            result = asInt32();
+        else if (LIKELY(isDouble()))
+            result = asDouble();
         else {
             ASSERT(!isNumber());
@@ -445 +351 @@
     }
 
-    inline bool JSValue::numberToInt32(int32_t& arg)
-    {
-        if (isInt32Fast())
-            arg = getInt32Fast();
-        else if (LIKELY(isDoubleNumber()))
-            arg = JSC::toInt32(getDoubleNumber());
-        else {
-            ASSERT(!isNumber());
-            return false;
-        }
-        return true;
-    }
-
-    inline bool JSValue::numberToUInt32(uint32_t& arg)
-    {
-        if (isUInt32Fast())
-            arg = getUInt32Fast();
-        else if (LIKELY(isDoubleNumber()))
-            arg = JSC::toUInt32(getDoubleNumber());
-        else if (isInt32Fast()) {
-            // FIXME: I think this case can be merged with the uint case; toUInt32SlowCase
-            // on a negative value is equivalent to simple static_casting.
-            bool ignored;
-            arg = toUInt32SlowCase(getInt32Fast(), ignored);
-        } else {
-            ASSERT(!isNumber());
-            return false;
-        }
-        return true;
-    }
+#endif // USE(JSVALUE32) || USE(JSVALUE64)
 
 } // namespace JSC

trunk/JavaScriptCore/runtime/JSObject.h

@@ -34 +34 @@
 #include "Structure.h"
 #include "JSGlobalData.h"
+#include <wtf/StdLibExtras.h>
 
 namespace JSC {
@@ -196 +197 @@
         bool isUsingInlineStorage() const { return m_structure->isUsingInlineStorage(); }
 
-        static const size_t inlineStorageCapacity = 3;
+        static const size_t inlineStorageCapacity = sizeof(EncodedJSValue) == 2 * sizeof(void*) ? 4 : 3;
         static const size_t nonInlineBaseStorageCapacity = 16;
 
@@ -226 +227 @@
         const HashEntry* findPropertyHashEntry(ExecState*, const Identifier& propertyName) const;
         Structure* createInheritorID();
-
-        RefPtr<Structure> m_inheritorID;
 
         union {
@@ -233 +232 @@
             EncodedJSValue m_inlineStorage[inlineStorageCapacity];
         };
+
+        RefPtr<Structure> m_inheritorID;
     };
-
-    JSObject* asObject(JSValue);
-
-    JSObject* constructEmptyObject(ExecState*);
+    
+JSObject* constructEmptyObject(ExecState*);
 
 inline JSObject* asObject(JSValue value)
@@ -252 +251 @@
     ASSERT(m_structure->isEmpty());
     ASSERT(prototype().isNull() || Heap::heap(this) == Heap::heap(prototype()));
+#if USE(JSVALUE64) || USE(JSVALUE32_64)
+    ASSERT(OBJECT_OFFSETOF(JSObject, m_inlineStorage) % sizeof(double) == 0);
+#endif
 }
 
@@ -543 +545 @@
 {
     if (UNLIKELY(!isCell())) {
-        JSObject* prototype = JSImmediate::prototype(asValue(), exec);
+        JSObject* prototype = synthesizePrototype(exec);
         if (propertyName == exec->propertyNames().underscoreProto)
             return prototype;
@@ -571 +573 @@
 {
     if (UNLIKELY(!isCell())) {
-        JSObject* prototype = JSImmediate::prototype(asValue(), exec);
+        JSObject* prototype = synthesizePrototype(exec);
         if (!prototype->getPropertySlot(exec, propertyName, slot))
             return jsUndefined();
@@ -591 +593 @@
 {
     if (UNLIKELY(!isCell())) {
-        JSImmediate::toObject(asValue(), exec)->put(exec, propertyName, value, slot);
+        synthesizeObject(exec)->put(exec, propertyName, value, slot);
         return;
     }
@@ -600 +602 @@
 {
     if (UNLIKELY(!isCell())) {
-        JSImmediate::toObject(asValue(), exec)->put(exec, propertyName, value);
+        synthesizeObject(exec)->put(exec, propertyName, value);
         return;
     }

trunk/JavaScriptCore/runtime/JSString.h

@@ -24 +24 @@
 #define JSString_h
 
+#include "CallFrame.h"
 #include "CommonIdentifiers.h"
-#include "CallFrame.h"
 #include "Identifier.h"
 #include "JSNumberCell.h"
@@ -209 +209 @@
     inline JSString* JSValue::toThisJSString(ExecState* exec)
     {
-        return JSImmediate::isImmediate(asValue()) ? jsString(exec, JSImmediate::toString(asValue())) : asCell()->toThisJSString(exec);
+        return isCell() ? asCell()->toThisJSString(exec) : jsString(exec, toString(exec));
     }
 

trunk/JavaScriptCore/runtime/JSValue.cpp

@@ -24 +24 @@
 #include "JSValue.h"
 
+#include "BooleanConstructor.h"
+#include "BooleanPrototype.h"
+#include "ExceptionHelpers.h"
+#include "JSGlobalObject.h"
 #include "JSFunction.h"
+#include "JSNotAnObject.h"
+#include "NumberObject.h"
 #include <wtf/MathExtras.h>
+#include <wtf/StringExtras.h>
 
 namespace JSC {
@@ -34 +41 @@
 double JSValue::toInteger(ExecState* exec) const
 {
-    if (isInt32Fast())
-        return getInt32Fast();
+    if (isInt32())
+        return asInt32();
     double d = toNumber(exec);
     return isnan(d) ? 0.0 : trunc(d);
@@ -42 +49 @@
 double JSValue::toIntegerPreserveNaN(ExecState* exec) const
 {
-    if (isInt32Fast())
-        return getInt32Fast();
+    if (isInt32())
+        return asInt32();
     return trunc(toNumber(exec));
 }
+
+JSObject* JSValue::toObjectSlowCase(ExecState* exec) const
+{
+    ASSERT(!isCell());
+
+    if (isInt32() || isDouble())
+        return constructNumber(exec, asValue());
+    if (isTrue() || isFalse())
+        return constructBooleanFromImmediateBoolean(exec, asValue());
+    ASSERT(isUndefinedOrNull());
+    JSNotAnObjectErrorStub* exception = createNotAnObjectErrorStub(exec, isNull());
+    exec->setException(exception);
+    return new (exec) JSNotAnObject(exec, exception);
+}
+
+JSObject* JSValue::toThisObjectSlowCase(ExecState* exec) const
+{
+    ASSERT(!isCell());
+
+    if (isInt32() || isDouble())
+        return constructNumber(exec, asValue());
+    if (isTrue() || isFalse())
+        return constructBooleanFromImmediateBoolean(exec, asValue());
+    ASSERT(isUndefinedOrNull());
+    return exec->globalThisValue();
+}
+
+JSObject* JSValue::synthesizeObject(ExecState* exec) const
+{
+    ASSERT(!isCell());
+    if (isNumber())
+        return constructNumber(exec, asValue());
+    if (isBoolean())
+        return constructBooleanFromImmediateBoolean(exec, asValue());
+    
+    JSNotAnObjectErrorStub* exception = createNotAnObjectErrorStub(exec, isNull());
+    exec->setException(exception);
+    return new (exec) JSNotAnObject(exec, exception);
+}
+
+JSObject* JSValue::synthesizePrototype(ExecState* exec) const
+{
+    ASSERT(!isCell());
+    if (isNumber())
+        return exec->lexicalGlobalObject()->numberPrototype();
+    if (isBoolean())
+        return exec->lexicalGlobalObject()->booleanPrototype();
+
+    JSNotAnObjectErrorStub* exception = createNotAnObjectErrorStub(exec, isNull());
+    exec->setException(exception);
+    return new (exec) JSNotAnObject(exec, exception);
+}
+
+#ifndef NDEBUG
+char* JSValue::description()
+{
+    static const size_t size = 32;
+    static char description[size];
+    if (isInt32())
+        snprintf(description, size, "Int32: %d", asInt32());
+    else if (isDouble())
+        snprintf(description, size, "Double: %lf", asDouble());
+    else if (isCell())
+        snprintf(description, size, "Cell: %p", asCell());
+    else if (isTrue())
+        snprintf(description, size, "True");
+    else if (isFalse())
+        snprintf(description, size, "False");
+    else if (isNull())
+        snprintf(description, size, "Null");
+    else {
+        ASSERT(isUndefined());
+        snprintf(description, size, "Undefined");
+    }
+
+    return description;
+}
+#endif
 
 int32_t toInt32SlowCase(double d, bool& ok)
@@ -85 +170 @@
 }
 
+NEVER_INLINE double nonInlineNaN()
+{
+    return std::numeric_limits<double>::quiet_NaN();
+}
+
 } // namespace JSC

trunk/JavaScriptCore/runtime/JSValue.h

@@ -29 +29 @@
 #include "CallData.h"
 #include "ConstructData.h"
+#include <math.h>
+#include <wtf/AlwaysInline.h>
+#include <wtf/Assertions.h>
 #include <wtf/HashTraits.h>
-#include <wtf/AlwaysInline.h>
+#include <wtf/MathExtras.h>
 
 namespace JSC {
@@ -49 +52 @@
     enum PreferredPrimitiveType { NoPreference, PreferNumber, PreferString };
 
+#if USE(JSVALUE32_64)
+    typedef int64_t EncodedJSValue;
+#else
     typedef void* EncodedJSValue;
+#endif
+
+    double nonInlineNaN();
+    int32_t toInt32SlowCase(double, bool& ok);
+    uint32_t toUInt32SlowCase(double, bool& ok);
 
     class JSValue {
         friend class JSImmediate;
-        friend struct JSValueHashTraits;
-
-        static JSValue makeImmediate(intptr_t value)
-        {
-            return JSValue(reinterpret_cast<JSCell*>(value));
-        }
-
-        intptr_t immediateValue()
-        {
-            return reinterpret_cast<intptr_t>(m_ptr);
-        }
-        
+        friend struct EncodedJSValueHashTraits;
+        friend class JIT;
+        friend class JITStubs;
+        friend class JITStubCall;
+
     public:
+        static EncodedJSValue encode(JSValue value);
+        static JSValue decode(EncodedJSValue ptr);
+#if !USE(JSVALUE32_64)
+    private:
+        static JSValue makeImmediate(intptr_t value);
+        intptr_t immediateValue();
+    public:
+#endif
         enum JSNullTag { JSNull };
         enum JSUndefinedTag { JSUndefined };
         enum JSTrueTag { JSTrue };
         enum JSFalseTag { JSFalse };
-
-        static EncodedJSValue encode(JSValue value);
-        static JSValue decode(EncodedJSValue ptr);
 
         JSValue();
@@ -95 +104 @@
         JSValue(ExecState*, unsigned long long);
         JSValue(JSGlobalData*, double);
-        JSValue(JSGlobalData*, char);
-        JSValue(JSGlobalData*, unsigned char);
-        JSValue(JSGlobalData*, short);
-        JSValue(JSGlobalData*, unsigned short);
         JSValue(JSGlobalData*, int);
         JSValue(JSGlobalData*, unsigned);
-        JSValue(JSGlobalData*, long);
-        JSValue(JSGlobalData*, unsigned long);
-        JSValue(JSGlobalData*, long long);
-        JSValue(JSGlobalData*, unsigned long long);
 
         operator bool() const;
-        bool operator==(const JSValue other) const;
-        bool operator!=(const JSValue other) const;
+        bool operator==(const JSValue& other) const;
+        bool operator!=(const JSValue& other) const;
+
+        bool isInt32() const;
+        bool isUInt32() const;
+        bool isDouble() const;
+        bool isTrue() const;
+        bool isFalse() const;
+
+        int32_t asInt32() const;
+        uint32_t asUInt32() const;
+        double asDouble() const;
 
         // Querying the type.
@@ -135 +146 @@
         // Extracting integer values.
         bool getUInt32(uint32_t&) const;
-        bool getTruncatedInt32(int32_t&) const;
-        bool getTruncatedUInt32(uint32_t&) const;
         
         // Basic conversions.
@@ -152 +161 @@
 
         // Integer conversions.
-        // 'x.numberToInt32(output)' is equivalent to 'x.isNumber() && x.toInt32(output)'
         double toInteger(ExecState*) const;
         double toIntegerPreserveNaN(ExecState*) const;
         int32_t toInt32(ExecState*) const;
         int32_t toInt32(ExecState*, bool& ok) const;
-        bool numberToInt32(int32_t& arg);
         uint32_t toUInt32(ExecState*) const;
         uint32_t toUInt32(ExecState*, bool& ok) const;
-        bool numberToUInt32(uint32_t& arg);
-
-        // Fast integer operations; these values return results where the value is trivially available
-        // in a convenient form, for use in optimizations.  No assumptions should be made based on the
-        // results of these operations, for example !isInt32Fast() does not necessarily indicate the
-        // result of getNumber will not be 0.
-        bool isInt32Fast() const;
-        int32_t getInt32Fast() const;
-        bool isUInt32Fast() const;
-        uint32_t getUInt32Fast() const;
-        static JSValue makeInt32Fast(int32_t);
-        static bool areBothInt32Fast(JSValue, JSValue);
 
         // Floating point conversions (this is a convenience method for webcore;
         // signle precision float is not a representation used in JS or JSC).
         float toFloat(ExecState* exec) const { return static_cast<float>(toNumber(exec)); }
-
-        // API Mangled Numbers
-        bool isAPIMangledNumber();
 
         // Garbage collection.
@@ -209 +201 @@
         JSCell* asCell() const;
 
+#ifndef NDEBUG
+        char* description();
+#endif
+
     private:
         enum HashTableDeletedValueTag { HashTableDeletedValue };
@@ -214 +210 @@
 
         inline const JSValue asValue() const { return *this; }
-
-        bool isDoubleNumber() const;
-        double getDoubleNumber() const;
-
+        JSObject* toObjectSlowCase(ExecState*) const;
+        JSObject* toThisObjectSlowCase(ExecState*) const;
+
+        enum { Int32Tag =        0xffffffff };
+        enum { CellTag =         0xfffffffe };
+        enum { TrueTag =         0xfffffffd };
+        enum { FalseTag =        0xfffffffc };
+        enum { NullTag =         0xfffffffb };
+        enum { UndefinedTag =    0xfffffffa };
+        enum { DeletedValueTag = 0xfffffff9 };
+
+        enum { LowestTag =  DeletedValueTag };
+
+        uint32_t tag() const;
+        int32_t payload() const;
+
+        JSObject* synthesizePrototype(ExecState*) const;
+        JSObject* synthesizeObject(ExecState*) const;
+
+#if USE(JSVALUE32_64)
+        union {
+            EncodedJSValue asEncodedJSValue;
+            double asDouble;
+#if PLATFORM(BIG_ENDIAN)
+            struct {
+                int32_t tag;
+                int32_t payload;
+            } asBits;
+#else
+            struct {
+                int32_t payload;
+                int32_t tag;
+            } asBits;
+#endif
+        } u;
+#else // USE(JSVALUE32_64)
         JSCell* m_ptr;
+#endif // USE(JSVALUE32_64)
     };
 
-    struct JSValueHashTraits : HashTraits<EncodedJSValue> {
+#if USE(JSVALUE32_64)
+    typedef IntHash<EncodedJSValue> EncodedJSValueHash;
+
+    struct EncodedJSValueHashTraits : HashTraits<EncodedJSValue> {
+        static const bool emptyValueIsZero = false;
+        static EncodedJSValue emptyValue() { return JSValue::encode(JSValue()); }
         static void constructDeletedValue(EncodedJSValue& slot) { slot = JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
         static bool isDeletedValue(EncodedJSValue value) { return value == JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
     };
+#else
+    typedef PtrHash<EncodedJSValue> EncodedJSValueHash;
+
+    struct EncodedJSValueHashTraits : HashTraits<EncodedJSValue> {
+        static void constructDeletedValue(EncodedJSValue& slot) { slot = JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
+        static bool isDeletedValue(EncodedJSValue value) { return value == JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
+    };
+#endif
 
     // Stand-alone helper functions.
@@ -302 +344 @@
     }
 
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, char i)
+    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, int i)
     {
         return JSValue(globalData, i);
     }
 
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, unsigned char i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, short i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, unsigned short i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, int i)
-    {
-        return JSValue(globalData, i);
-    }
-
     ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, unsigned i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, long i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, unsigned long i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, long long i)
-    {
-        return JSValue(globalData, i);
-    }
-
-    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, unsigned long long i)
     {
         return JSValue(globalData, i);
@@ -358 +360 @@
     inline bool operator!=(const JSCell* a, const JSValue b) { return JSValue(a) != b; }
 
+    inline int32_t toInt32(double val)
+    {
+        if (!(val >= -2147483648.0 && val < 2147483648.0)) {
+            bool ignored;
+            return toInt32SlowCase(val, ignored);
+        }
+        return static_cast<int32_t>(val);
+    }
+
+    inline uint32_t toUInt32(double val)
+    {
+        if (!(val >= 0.0 && val < 4294967296.0)) {
+            bool ignored;
+            return toUInt32SlowCase(val, ignored);
+        }
+        return static_cast<uint32_t>(val);
+    }
+
+    ALWAYS_INLINE int32_t JSValue::toInt32(ExecState* exec) const
+    {
+        if (isInt32())
+            return asInt32();
+        bool ignored;
+        return toInt32SlowCase(toNumber(exec), ignored);
+    }
+
+    inline uint32_t JSValue::toUInt32(ExecState* exec) const
+    {
+        if (isUInt32())
+            return asInt32();
+        bool ignored;
+        return toUInt32SlowCase(toNumber(exec), ignored);
+    }
+
+    inline int32_t JSValue::toInt32(ExecState* exec, bool& ok) const
+    {
+        if (isInt32()) {
+            ok = true;
+            return asInt32();
+        }
+        return toInt32SlowCase(toNumber(exec), ok);
+    }
+
+    inline uint32_t JSValue::toUInt32(ExecState* exec, bool& ok) const
+    {
+        if (isUInt32()) {
+            ok = true;
+            return asInt32();
+        }
+        return toUInt32SlowCase(toNumber(exec), ok);
+    }
+
+#if USE(JSVALUE32_64)
+    inline JSValue jsNaN(ExecState* exec)
+    {
+        return JSValue(exec, nonInlineNaN());
+    }
+
     // JSValue member functions.
     inline EncodedJSValue JSValue::encode(JSValue value)
     {
+        return value.u.asEncodedJSValue;
+    }
+
+    inline JSValue JSValue::decode(EncodedJSValue encodedJSValue)
+    {
+        JSValue v;
+        v.u.asEncodedJSValue = encodedJSValue;
+        return v;
+    }
+
+    inline JSValue::JSValue()
+    {
+        u.asBits.tag = CellTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(JSNullTag)
+    {
+        u.asBits.tag = NullTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSUndefinedTag)
+    {
+        u.asBits.tag = UndefinedTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSTrueTag)
+    {
+        u.asBits.tag = TrueTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSFalseTag)
+    {
+        u.asBits.tag = FalseTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(HashTableDeletedValueTag)
+    {
+        u.asBits.tag = DeletedValueTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(JSCell* ptr)
+    {
+        u.asBits.tag = CellTag;
+        u.asBits.payload = reinterpret_cast<int32_t>(ptr);
+    }
+
+    inline JSValue::JSValue(const JSCell* ptr)
+    {
+        u.asBits.tag = CellTag;
+        u.asBits.payload = reinterpret_cast<int32_t>(const_cast<JSCell*>(ptr));
+    }
+
+    inline JSValue::operator bool() const
+    {
+        return u.asBits.payload || tag() != CellTag;
+    }
+
+    inline bool JSValue::operator==(const JSValue& other) const
+    {
+        return u.asEncodedJSValue == other.u.asEncodedJSValue;
+    }
+
+    inline bool JSValue::operator!=(const JSValue& other) const
+    {
+        return u.asEncodedJSValue != other.u.asEncodedJSValue;
+    }
+
+    inline bool JSValue::isUndefined() const
+    {
+        return tag() == UndefinedTag;
+    }
+
+    inline bool JSValue::isNull() const
+    {
+        return tag() == NullTag;
+    }
+
+    inline bool JSValue::isUndefinedOrNull() const
+    {
+        return isUndefined() || isNull();
+    }
+
+    inline bool JSValue::isCell() const
+    {
+        return tag() == CellTag;
+    }
+
+    inline bool JSValue::isInt32() const
+    {
+        return tag() == Int32Tag;
+    }
+
+    inline bool JSValue::isUInt32() const
+    {
+        return tag() == Int32Tag && asInt32() > -1;
+    }
+
+    inline bool JSValue::isDouble() const
+    {
+        return tag() < LowestTag;
+    }
+
+    inline bool JSValue::isTrue() const
+    {
+        return tag() == TrueTag;
+    }
+
+    inline bool JSValue::isFalse() const
+    {
+        return tag() == FalseTag;
+    }
+
+    inline uint32_t JSValue::tag() const
+    {
+        return u.asBits.tag;
+    }
+    
+    inline int32_t JSValue::payload() const
+    {
+        return u.asBits.payload;
+    }
+    
+    inline int32_t JSValue::asInt32() const
+    {
+        ASSERT(isInt32());
+        return u.asBits.payload;
+    }
+    
+    inline uint32_t JSValue::asUInt32() const
+    {
+        ASSERT(isUInt32());
+        return u.asBits.payload;
+    }
+    
+    inline double JSValue::asDouble() const
+    {
+        ASSERT(isDouble());
+        return u.asDouble;
+    }
+    
+    ALWAYS_INLINE JSCell* JSValue::asCell() const
+    {
+        ASSERT(isCell());
+        return reinterpret_cast<JSCell*>(u.asBits.payload);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, double d)
+    {
+        const int32_t asInt32 = static_cast<int32_t>(d);
+        if (asInt32 != d || (!asInt32 && signbit(d))) { // true for -0.0
+            u.asDouble = d;
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(d));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, char i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned char i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, short i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned short i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState*, int i)
+    {
+        u.asBits.tag = Int32Tag;
+        u.asBits.payload = i;
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned i)
+    {
+        if (static_cast<int32_t>(i) < 0) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, long i)
+    {
+        if (static_cast<int32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned long i)
+    {
+        if (static_cast<uint32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<uint32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, long long i)
+    {
+        if (static_cast<int32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned long long i)
+    {
+        if (static_cast<uint32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<uint32_t>(i));
+    }
+
+    inline JSValue::JSValue(JSGlobalData* globalData, double d)
+    {
+        const int32_t asInt32 = static_cast<int32_t>(d);
+        if (asInt32 != d || (!asInt32 && signbit(d))) { // true for -0.0
+            u.asDouble = d;
+            return;
+        }
+        *this = JSValue(globalData, static_cast<int32_t>(d));
+    }
+    
+    inline JSValue::JSValue(JSGlobalData*, int i)
+    {
+        u.asBits.tag = Int32Tag;
+        u.asBits.payload = i;
+    }
+    
+    inline JSValue::JSValue(JSGlobalData* globalData, unsigned i)
+    {
+        if (static_cast<int32_t>(i) < 0) {
+            *this = JSValue(globalData, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(globalData, static_cast<int32_t>(i));
+    }
+
+    inline bool JSValue::isNumber() const
+    {
+        return isInt32() || isDouble();
+    }
+
+    inline bool JSValue::isBoolean() const
+    {
+        return isTrue() || isFalse();
+    }
+
+    inline bool JSValue::getBoolean(bool& v) const
+    {
+        if (isTrue()) {
+            v = true;
+            return true;
+        }
+        if (isFalse()) {
+            v = false;
+            return true;
+        }
+        
+        return false;
+    }
+
+    inline bool JSValue::getBoolean() const
+    {
+        ASSERT(isBoolean());
+        return tag() == TrueTag;
+    }
+
+    inline double JSValue::uncheckedGetNumber() const
+    {
+        ASSERT(isNumber());
+        return isInt32() ? asInt32() : asDouble();
+    }
+
+    ALWAYS_INLINE JSValue JSValue::toJSNumber(ExecState* exec) const
+    {
+        return isNumber() ? asValue() : jsNumber(exec, this->toNumber(exec));
+    }
+
+    inline bool JSValue::getNumber(double& result) const
+    {
+        if (isInt32()) {
+            result = asInt32();
+            return true;
+        }
+        if (isDouble()) {
+            result = asDouble();
+            return true;
+        }
+        return false;
+    }
+
+#else // USE(JSVALUE32_64)
+
+    // JSValue member functions.
+    inline EncodedJSValue JSValue::encode(JSValue value)
+    {
         return reinterpret_cast<EncodedJSValue>(value.m_ptr);
     }
@@ -369 +746 @@
     }
 
+    inline JSValue JSValue::makeImmediate(intptr_t value)
+    {
+        return JSValue(reinterpret_cast<JSCell*>(value));
+    }
+
+    inline intptr_t JSValue::immediateValue()
+    {
+        return reinterpret_cast<intptr_t>(m_ptr);
+    }
+    
     // 0x0 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x0, which is in the (invalid) zero page.
     inline JSValue::JSValue()
@@ -396 +783 @@
     }
 
-    inline bool JSValue::operator==(const JSValue other) const
+    inline bool JSValue::operator==(const JSValue& other) const
     {
         return m_ptr == other.m_ptr;
     }
 
-    inline bool JSValue::operator!=(const JSValue other) const
+    inline bool JSValue::operator!=(const JSValue& other) const
     {
         return m_ptr != other.m_ptr;
@@ -415 +802 @@
         return asValue() == jsNull();
     }
+#endif // USE(JSVALUE32_64)
 
 } // namespace JSC

trunk/JavaScriptCore/runtime/Operations.h

@@ -39 +39 @@
     inline bool JSValue::equal(ExecState* exec, JSValue v1, JSValue v2)
     {
-        if (JSImmediate::areBothImmediateIntegerNumbers(v1, v2))
+        if (v1.isInt32() && v2.isInt32())
             return v1 == v2;
 
@@ -47 +47 @@
     ALWAYS_INLINE bool JSValue::equalSlowCaseInline(ExecState* exec, JSValue v1, JSValue v2)
     {
-        ASSERT(!JSImmediate::areBothImmediateIntegerNumbers(v1, v2));
-
         do {
             if (v1.isNumber() && v2.isNumber())
@@ -61 +59 @@
                 if (v2.isUndefinedOrNull())
                     return true;
-                if (JSImmediate::isImmediate(v2))
+                if (!v2.isCell())
                     return false;
                 return v2.asCell()->structure()->typeInfo().masqueradesAsUndefined();
@@ -67 +65 @@
 
             if (v2.isUndefinedOrNull()) {
-                if (JSImmediate::isImmediate(v1))
+                if (!v1.isCell())
                     return false;
                 return v1.asCell()->structure()->typeInfo().masqueradesAsUndefined();
@@ -79 +77 @@
                     return false;
                 v1 = p1;
-                if (JSImmediate::areBothImmediateIntegerNumbers(v1, v2))
+                if (v1.isInt32() && v2.isInt32())
                     return v1 == v2;
                 continue;
@@ -89 +87 @@
                     return false;
                 v2 = p2;
-                if (JSImmediate::areBothImmediateIntegerNumbers(v1, v2))
+                if (v1.isInt32() && v2.isInt32())
                     return v1 == v2;
                 continue;
@@ -115 +113 @@
     ALWAYS_INLINE bool JSValue::strictEqualSlowCaseInline(JSValue v1, JSValue v2)
     {
-        ASSERT(!JSImmediate::isEitherImmediate(v1, v2));
+        ASSERT(v1.isCell() && v2.isCell());
 
         if (v1.asCell()->isString() && v2.asCell()->isString())
@@ -125 +123 @@
     inline bool JSValue::strictEqual(JSValue v1, JSValue v2)
     {
-        if (JSImmediate::areBothImmediateIntegerNumbers(v1, v2))
+        if (v1.isInt32() && v2.isInt32())
             return v1 == v2;
 
@@ -131 +129 @@
             return v1.uncheckedGetNumber() == v2.uncheckedGetNumber();
 
-        if (JSImmediate::isEitherImmediate(v1, v2))
+        if (!v1.isCell() || !v2.isCell())
             return v1 == v2;
 
@@ -139 +137 @@
     inline bool jsLess(CallFrame* callFrame, JSValue v1, JSValue v2)
     {
-        if (JSValue::areBothInt32Fast(v1, v2))
-            return v1.getInt32Fast() < v2.getInt32Fast();
+        if (v1.isInt32() && v2.isInt32())
+            return v1.asInt32() < v2.asInt32();
 
         double n1;
@@ -164 +162 @@
     inline bool jsLessEq(CallFrame* callFrame, JSValue v1, JSValue v2)
     {
-        if (JSValue::areBothInt32Fast(v1, v2))
-            return v1.getInt32Fast() <= v2.getInt32Fast();
+        if (v1.isInt32() && v2.isInt32())
+            return v1.asInt32() <= v2.asInt32();
 
         double n1;
@@ -214 +212 @@
 
         if (rightIsNumber & leftIsString) {
-            RefPtr<UString::Rep> value = v2.isInt32Fast() ?
-                concatenate(asString(v1)->value().rep(), v2.getInt32Fast()) :
+            RefPtr<UString::Rep> value = v2.isInt32() ?
+                concatenate(asString(v1)->value().rep(), v2.asInt32()) :
                 concatenate(asString(v1)->value().rep(), right);
 
@@ -316 +314 @@
             if (LIKELY(v.isString()))
                 result.append(asString(v)->value());
-            else if (v.isInt32Fast())
-                result.appendNumeric(v.getInt32Fast());
+            else if (v.isInt32())
+                result.appendNumeric(v.asInt32());
             else {
                 double d;

trunk/JavaScriptCore/runtime/PropertySlot.h

@@ -24 +24 @@
 #include "Identifier.h"
 #include "JSValue.h"
-#include "JSImmediate.h"
 #include "Register.h"
 #include <wtf/Assertions.h>
@@ -40 +39 @@
     public:
         PropertySlot()
-            : m_offset(WTF::notFound)
-        {
-            clearBase();
+        {
+            clearBase();
+            clearOffset();
             clearValue();
         }
@@ -48 +47 @@
         explicit PropertySlot(const JSValue base)
             : m_slotBase(base)
-            , m_offset(WTF::notFound)
-        {
+        {
+            clearOffset();
             clearValue();
         }
@@ -83 +82 @@
         {
             ASSERT(valueSlot);
-            m_getValue = JSC_VALUE_SLOT_MARKER;
-            clearBase();
+            clearBase();
+            clearOffset();
+            m_getValue = JSC_VALUE_SLOT_MARKER;
             m_data.valueSlot = valueSlot;
         }
@@ -108 +108 @@
         {
             ASSERT(value);
-            m_getValue = JSC_VALUE_SLOT_MARKER;
-            clearBase();
+            clearBase();
+            clearOffset();
+            m_getValue = JSC_VALUE_SLOT_MARKER;
             m_value = value;
             m_data.valueSlot = &m_value;
@@ -117 +118 @@
         {
             ASSERT(registerSlot);
+            clearBase();
+            clearOffset();
             m_getValue = JSC_REGISTER_SLOT_MARKER;
-            clearBase();
             m_data.registerSlot = registerSlot;
         }
@@ -148 +150 @@
         void setUndefined()
         {
-            clearBase();
             setValue(jsUndefined());
         }
@@ -154 +155 @@
         JSValue slotBase() const
         {
-            ASSERT(m_slotBase);
             return m_slotBase;
         }
@@ -177 +177 @@
             m_value = JSValue();
 #endif
+        }
+
+        void clearOffset()
+        {
+            // Clear offset even in release builds, in case this PropertySlot has been used before.
+            // (For other data members, we don't need to clear anything because reuse would meaningfully overwrite them.)
+            m_offset = WTF::notFound;
         }
 

trunk/JavaScriptCore/runtime/StringPrototype.cpp

@@ -377 +377 @@
     unsigned len = s.size();
     JSValue a0 = args.at(0);
-    if (a0.isUInt32Fast()) {
-        uint32_t i = a0.getUInt32Fast();
+    if (a0.isUInt32()) {
+        uint32_t i = a0.asUInt32();
         if (i < len)
             return jsSingleCharacterSubstring(exec, s, i);
@@ -394 +394 @@
     unsigned len = s.size();
     JSValue a0 = args.at(0);
-    if (a0.isUInt32Fast()) {
-        uint32_t i = a0.getUInt32Fast();
+    if (a0.isUInt32()) {
+        uint32_t i = a0.asUInt32();
         if (i < len)
             return jsNumber(exec, s.data()[i]);
@@ -427 +427 @@
     if (a1.isUndefined())
         pos = 0;
-    else if (a1.isUInt32Fast())
-        pos = min<uint32_t>(a1.getUInt32Fast(), len);
+    else if (a1.isUInt32())
+        pos = min<uint32_t>(a1.asUInt32(), len);
     else {
         double dpos = a1.toInteger(exec);

trunk/JavaScriptCore/wtf/MainThread.cpp

@@ -30 +30 @@
 #include "MainThread.h"
 
+#include "StdLibExtras.h"
 #include "CurrentTime.h"
 #include "Deque.h"
-#include "StdLibExtras.h"
 #include "Threading.h"
 

trunk/JavaScriptCore/wtf/Platform.h

@@ -558 +558 @@
 #endif
 
-#if !defined(WTF_USE_ALTERNATE_JSIMMEDIATE) && PLATFORM(X86_64) && PLATFORM(MAC)
-#define WTF_USE_ALTERNATE_JSIMMEDIATE 1
-#endif
+#if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
+#if PLATFORM(X86_64) && PLATFORM(MAC)
+#define WTF_USE_JSVALUE64 1
+#else
+#define WTF_USE_JSVALUE32 1
+#endif
+#endif // !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
 
 #if !defined(ENABLE_REPAINT_THROTTLING)
@@ -609 +613 @@
 #define ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS 1
 #endif
-#ifndef ENABLE_JIT_OPTIMIZE_ARITHMETIC
-#define ENABLE_JIT_OPTIMIZE_ARITHMETIC 1
-#endif
 #ifndef ENABLE_JIT_OPTIMIZE_METHOD_CALLS
 #define ENABLE_JIT_OPTIMIZE_METHOD_CALLS 1

trunk/JavaScriptCore/wtf/StdLibExtras.h

@@ -42 +42 @@
 #endif
 
+// OBJECT_OFFSETOF: Like the C++ offsetof macro, but you can use it with classes.
+// The magic number 0x4000 is insignificant. We use it to avoid using NULL, since
+// NULL can cause compiler problems, especially in cases of multiple inheritance.
+#define OBJECT_OFFSETOF(class, field) (reinterpret_cast<ptrdiff_t>(&(reinterpret_cast<class*>(0x4000)->field)) - 0x4000)
+
 namespace WTF {
 

trunk/WebCore/ChangeLog

@@ +1 @@
+=== End merge of nitro-extreme branch 2009-07-30 ===
+
+2009-05-11  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Make WebCore compile with the new JS number representation.
+
+        * ForwardingHeaders/runtime/JSAPIValueWrapper.h: Added.
+        * ForwardingHeaders/runtime/JSNumberCell.h: Removed.
+        * bindings/js/ScriptEventListener.cpp:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        * bridge/c/c_instance.cpp:
+
+=== Start merge of nitro-extreme branch 2009-07-30 ===
+
 2009-07-30  Dean McNamee  <[email protected]>