Changeset 82130 in webkit for trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

Timestamp:

Mar 28, 2011, 10:14:57 AM (14 years ago)

Author:

[email protected]

Message:

2011-03-27 Oliver Hunt <​[email protected]>

Reviewed by Maciej Stachowiak.

Add additional immediate types to allow us to distinguish the source of a JIT immediate
​https://bugs.webkit.org/show_bug.cgi?id=57190

Allow us to distinguish whether a JIT immediate is a value that we
control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled
or influenced by code we are compiling. Currently we do nothing with this
information -- this change is large and mechanical but would obscure any
logic changes that we would have made.

• assembler/AbstractMacroAssembler.h: (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr): (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr): (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32): (JSC::AbstractMacroAssembler::Imm32::Imm32):
• assembler/MacroAssembler.h: (JSC::MacroAssembler::pop): (JSC::MacroAssembler::poke): (JSC::MacroAssembler::branchPtr): (JSC::MacroAssembler::branch32): (JSC::MacroAssembler::addPtr): (JSC::MacroAssembler::andPtr): (JSC::MacroAssembler::orPtr): (JSC::MacroAssembler::subPtr): (JSC::MacroAssembler::xorPtr): (JSC::MacroAssembler::setPtr): (JSC::MacroAssembler::storePtr): (JSC::MacroAssembler::branchTestPtr): (JSC::MacroAssembler::branchSubPtr): (JSC::MacroAssembler::branchTest8):
• assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::add32): (JSC::MacroAssemblerARM::and32): (JSC::MacroAssemblerARM::lshift32): (JSC::MacroAssemblerARM::mul32): (JSC::MacroAssemblerARM::or32): (JSC::MacroAssemblerARM::rshift32): (JSC::MacroAssemblerARM::urshift32): (JSC::MacroAssemblerARM::sub32): (JSC::MacroAssemblerARM::xor32): (JSC::MacroAssemblerARM::store32): (JSC::MacroAssemblerARM::push): (JSC::MacroAssemblerARM::move): (JSC::MacroAssemblerARM::branch8): (JSC::MacroAssemblerARM::branch32): (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords): (JSC::MacroAssemblerARM::branch16): (JSC::MacroAssemblerARM::branchTest8): (JSC::MacroAssemblerARM::branchTest32): (JSC::MacroAssemblerARM::branchAdd32): (JSC::MacroAssemblerARM::branchMul32): (JSC::MacroAssemblerARM::branchSub32): (JSC::MacroAssemblerARM::set32Compare32): (JSC::MacroAssemblerARM::set8Compare32): (JSC::MacroAssemblerARM::set32Test32): (JSC::MacroAssemblerARM::set32Test8): (JSC::MacroAssemblerARM::moveWithPatch): (JSC::MacroAssemblerARM::branchPtrWithPatch): (JSC::MacroAssemblerARM::storePtrWithPatch):
• assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::add32): (JSC::MacroAssemblerARMv7::and32): (JSC::MacroAssemblerARMv7::lshift32): (JSC::MacroAssemblerARMv7::mul32): (JSC::MacroAssemblerARMv7::or32): (JSC::MacroAssemblerARMv7::rshift32): (JSC::MacroAssemblerARMv7::urshift32): (JSC::MacroAssemblerARMv7::sub32): (JSC::MacroAssemblerARMv7::xor32): (JSC::MacroAssemblerARMv7::load32): (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch): (JSC::MacroAssemblerARMv7::load16): (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch): (JSC::MacroAssemblerARMv7::store32): (JSC::MacroAssemblerARMv7::loadDouble): (JSC::MacroAssemblerARMv7::storeDouble): (JSC::MacroAssemblerARMv7::push): (JSC::MacroAssemblerARMv7::move): (JSC::MacroAssemblerARMv7::compare32): (JSC::MacroAssemblerARMv7::test32): (JSC::MacroAssemblerARMv7::branch32): (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords): (JSC::MacroAssemblerARMv7::branch16): (JSC::MacroAssemblerARMv7::branch8): (JSC::MacroAssemblerARMv7::branchTest32): (JSC::MacroAssemblerARMv7::branchTest8): (JSC::MacroAssemblerARMv7::branchAdd32): (JSC::MacroAssemblerARMv7::branchMul32): (JSC::MacroAssemblerARMv7::branchSub32): (JSC::MacroAssemblerARMv7::nearCall): (JSC::MacroAssemblerARMv7::call): (JSC::MacroAssemblerARMv7::set32Compare32): (JSC::MacroAssemblerARMv7::set8Compare32): (JSC::MacroAssemblerARMv7::set32Test32): (JSC::MacroAssemblerARMv7::set32Test8): (JSC::MacroAssemblerARMv7::moveWithPatch): (JSC::MacroAssemblerARMv7::branchPtrWithPatch): (JSC::MacroAssemblerARMv7::storePtrWithPatch): (JSC::MacroAssemblerARMv7::tailRecursiveCall): (JSC::MacroAssemblerARMv7::makeJump): (JSC::MacroAssemblerARMv7::makeBranch): (JSC::MacroAssemblerARMv7::setupArmAddress): (JSC::MacroAssemblerARMv7::makeBaseIndexBase): (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
• assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::add32): (JSC::MacroAssemblerMIPS::and32): (JSC::MacroAssemblerMIPS::lshift32): (JSC::MacroAssemblerMIPS::mul32): (JSC::MacroAssemblerMIPS::or32): (JSC::MacroAssemblerMIPS::rshift32): (JSC::MacroAssemblerMIPS::urshift32): (JSC::MacroAssemblerMIPS::sub32): (JSC::MacroAssemblerMIPS::xor32): (JSC::MacroAssemblerMIPS::load32): (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch): (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch): (JSC::MacroAssemblerMIPS::store32): (JSC::MacroAssemblerMIPS::push): (JSC::MacroAssemblerMIPS::move): (JSC::MacroAssemblerMIPS::branch8): (JSC::MacroAssemblerMIPS::branch32): (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords): (JSC::MacroAssemblerMIPS::branch16): (JSC::MacroAssemblerMIPS::branchTest32): (JSC::MacroAssemblerMIPS::branchTest8): (JSC::MacroAssemblerMIPS::branchAdd32): (JSC::MacroAssemblerMIPS::branchMul32): (JSC::MacroAssemblerMIPS::branchSub32): (JSC::MacroAssemblerMIPS::set8Compare32): (JSC::MacroAssemblerMIPS::set32Compare32): (JSC::MacroAssemblerMIPS::set32Test8): (JSC::MacroAssemblerMIPS::set32Test32): (JSC::MacroAssemblerMIPS::moveWithPatch): (JSC::MacroAssemblerMIPS::branchPtrWithPatch): (JSC::MacroAssemblerMIPS::storePtrWithPatch): (JSC::MacroAssemblerMIPS::tailRecursiveCall): (JSC::MacroAssemblerMIPS::loadDouble): (JSC::MacroAssemblerMIPS::storeDouble): (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
• assembler/MacroAssemblerX86.h: (JSC::MacroAssemblerX86::add32): (JSC::MacroAssemblerX86::addWithCarry32): (JSC::MacroAssemblerX86::and32): (JSC::MacroAssemblerX86::or32): (JSC::MacroAssemblerX86::sub32): (JSC::MacroAssemblerX86::store32): (JSC::MacroAssemblerX86::branch32): (JSC::MacroAssemblerX86::moveWithPatch): (JSC::MacroAssemblerX86::branchPtrWithPatch): (JSC::MacroAssemblerX86::storePtrWithPatch):
• assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::add32): (JSC::MacroAssemblerX86Common::and32): (JSC::MacroAssemblerX86Common::lshift32): (JSC::MacroAssemblerX86Common::mul32): (JSC::MacroAssemblerX86Common::or32): (JSC::MacroAssemblerX86Common::rshift32): (JSC::MacroAssemblerX86Common::urshift32): (JSC::MacroAssemblerX86Common::sub32): (JSC::MacroAssemblerX86Common::xor32): (JSC::MacroAssemblerX86Common::store32): (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32): (JSC::MacroAssemblerX86Common::push): (JSC::MacroAssemblerX86Common::move): (JSC::MacroAssemblerX86Common::branch8): (JSC::MacroAssemblerX86Common::branch32): (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords): (JSC::MacroAssemblerX86Common::branch16): (JSC::MacroAssemblerX86Common::branchTest32): (JSC::MacroAssemblerX86Common::branchTest8): (JSC::MacroAssemblerX86Common::branchAdd32): (JSC::MacroAssemblerX86Common::branchMul32): (JSC::MacroAssemblerX86Common::branchSub32): (JSC::MacroAssemblerX86Common::set8Compare32): (JSC::MacroAssemblerX86Common::set32Compare32): (JSC::MacroAssemblerX86Common::set32Test8): (JSC::MacroAssemblerX86Common::set32Test32):
• assembler/MacroAssemblerX86_64.h: (JSC::MacroAssemblerX86_64::add32): (JSC::MacroAssemblerX86_64::and32): (JSC::MacroAssemblerX86_64::or32): (JSC::MacroAssemblerX86_64::sub32): (JSC::MacroAssemblerX86_64::loadDouble): (JSC::MacroAssemblerX86_64::addDouble): (JSC::MacroAssemblerX86_64::convertInt32ToDouble): (JSC::MacroAssemblerX86_64::store32): (JSC::MacroAssemblerX86_64::call): (JSC::MacroAssemblerX86_64::tailRecursiveCall): (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): (JSC::MacroAssemblerX86_64::addPtr): (JSC::MacroAssemblerX86_64::andPtr): (JSC::MacroAssemblerX86_64::orPtr): (JSC::MacroAssemblerX86_64::subPtr): (JSC::MacroAssemblerX86_64::xorPtr): (JSC::MacroAssemblerX86_64::storePtr): (JSC::MacroAssemblerX86_64::setPtr): (JSC::MacroAssemblerX86_64::branchPtr): (JSC::MacroAssemblerX86_64::branchTestPtr): (JSC::MacroAssemblerX86_64::branchSubPtr): (JSC::MacroAssemblerX86_64::moveWithPatch): (JSC::MacroAssemblerX86_64::branchPtrWithPatch): (JSC::MacroAssemblerX86_64::storePtrWithPatch): (JSC::MacroAssemblerX86_64::branchTest8):
• dfg/DFGJITCodeGenerator.h: (JSC::DFG::JITCodeGenerator::callOperation):
• dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::jitAssertIsInt32): (JSC::DFG::JITCompiler::emitCount):
• dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
• dfg/DFGNonSpeculativeJIT.cpp: (JSC::DFG::NonSpeculativeJIT::compile):
• dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::compile):
• jit/JIT.cpp: (JSC::JIT::emitTimeoutCheck): (JSC::JIT::privateCompile):
• jit/JIT.h:
• jit/JITArithmetic.cpp: (JSC::JIT::emit_op_urshift): (JSC::JIT::emitSlow_op_urshift): (JSC::JIT::emit_op_post_inc): (JSC::JIT::emit_op_post_dec): (JSC::JIT::emit_op_pre_inc): (JSC::JIT::emit_op_pre_dec): (JSC::JIT::emit_op_mod):
• jit/JITArithmetic32_64.cpp: (JSC::JIT::emit_op_negate): (JSC::JIT::emit_op_jnless): (JSC::JIT::emit_op_jless): (JSC::JIT::emit_op_jlesseq): (JSC::JIT::emit_op_lshift): (JSC::JIT::emitRightShift): (JSC::JIT::emitRightShiftSlowCase): (JSC::JIT::emit_op_bitand): (JSC::JIT::emit_op_bitor): (JSC::JIT::emit_op_bitxor): (JSC::JIT::emit_op_bitnot): (JSC::JIT::emit_op_post_inc): (JSC::JIT::emit_op_post_dec): (JSC::JIT::emitSlow_op_post_dec): (JSC::JIT::emit_op_pre_inc): (JSC::JIT::emit_op_pre_dec): (JSC::JIT::emit_op_add): (JSC::JIT::emitAdd32Constant): (JSC::JIT::emit_op_sub): (JSC::JIT::emitSub32Constant): (JSC::JIT::emitBinaryDoubleOp): (JSC::JIT::emit_op_mul): (JSC::JIT::emitSlow_op_mul): (JSC::JIT::emit_op_div): (JSC::JIT::emit_op_mod):
• jit/JITCall.cpp: (JSC::JIT::compileOpCallVarargs): (JSC::JIT::compileOpCall): (JSC::JIT::compileOpCallSlowCase):
• jit/JITCall32_64.cpp: (JSC::JIT::compileOpCallVarargs): (JSC::JIT::emit_op_ret_object_or_this): (JSC::JIT::compileOpCall): (JSC::JIT::compileOpCallSlowCase):
• jit/JITInlineMethods.h: (JSC::JIT::emitPutCellToCallFrameHeader): (JSC::JIT::emitPutIntToCallFrameHeader): (JSC::JIT::emitPutImmediateToCallFrameHeader): (JSC::JIT::emitLoadCharacterString): (JSC::JIT::restoreArgumentReferenceForTrampoline): (JSC::JIT::checkStructure): (JSC::JIT::setSamplingFlag): (JSC::JIT::clearSamplingFlag): (JSC::JIT::emitCount): (JSC::JIT::sampleInstruction): (JSC::JIT::sampleCodeBlock): (JSC::JIT::emitStoreInt32): (JSC::JIT::emitStoreCell): (JSC::JIT::emitStoreBool): (JSC::JIT::emitJumpSlowCaseIfNotJSCell): (JSC::JIT::emitInitRegister): (JSC::JIT::emitJumpIfJSCell): (JSC::JIT::emitJumpIfNotJSCell): (JSC::JIT::emitJumpIfImmediateInteger): (JSC::JIT::emitJumpIfNotImmediateInteger): (JSC::JIT::emitFastArithDeTagImmediate): (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero): (JSC::JIT::emitFastArithReTagImmediate): (JSC::JIT::emitTagAsBoolImmediate):
• jit/JITOpcodes.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines): (JSC::JIT::privateCompileCTINativeCall): (JSC::JIT::emit_op_check_has_instance): (JSC::JIT::emit_op_instanceof): (JSC::JIT::emit_op_ret_object_or_this): (JSC::JIT::emit_op_resolve): (JSC::JIT::emit_op_to_primitive): (JSC::JIT::emit_op_resolve_base): (JSC::JIT::emit_op_ensure_property_exists): (JSC::JIT::emit_op_resolve_skip): (JSC::JIT::emit_op_resolve_global): (JSC::JIT::emitSlow_op_resolve_global): (JSC::JIT::emit_op_not): (JSC::JIT::emit_op_jfalse): (JSC::JIT::emit_op_jeq_null): (JSC::JIT::emit_op_jneq_null): (JSC::JIT::emit_op_jneq_ptr): (JSC::JIT::emit_op_jsr): (JSC::JIT::emit_op_resolve_with_base): (JSC::JIT::emit_op_new_func_exp): (JSC::JIT::emit_op_jtrue): (JSC::JIT::emit_op_get_pnames): (JSC::JIT::emit_op_next_pname): (JSC::JIT::emit_op_to_jsnumber): (JSC::JIT::emit_op_push_new_scope): (JSC::JIT::emit_op_catch): (JSC::JIT::emit_op_eq_null): (JSC::JIT::emit_op_neq_null): (JSC::JIT::emit_op_init_lazy_reg): (JSC::JIT::emit_op_convert_this): (JSC::JIT::emit_op_convert_this_strict): (JSC::JIT::emitSlow_op_not): (JSC::JIT::emitSlow_op_neq): (JSC::JIT::emit_op_get_arguments_length): (JSC::JIT::emitSlow_op_get_arguments_length): (JSC::JIT::emit_op_get_argument_by_val): (JSC::JIT::emitSlow_op_resolve_global_dynamic): (JSC::JIT::emit_op_new_regexp): (JSC::JIT::emit_op_load_varargs): (JSC::JIT::emitSlow_op_load_varargs): (JSC::JIT::emit_op_new_func):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines): (JSC::JIT::privateCompileCTINativeCall): (JSC::JIT::emit_op_loop_if_lesseq): (JSC::JIT::emit_op_check_has_instance): (JSC::JIT::emit_op_instanceof): (JSC::JIT::emit_op_get_scoped_var): (JSC::JIT::emit_op_put_scoped_var): (JSC::JIT::emit_op_tear_off_activation): (JSC::JIT::emit_op_tear_off_arguments): (JSC::JIT::emit_op_resolve): (JSC::JIT::emit_op_to_primitive): (JSC::JIT::emit_op_resolve_base): (JSC::JIT::emit_op_ensure_property_exists): (JSC::JIT::emit_op_resolve_skip): (JSC::JIT::emit_op_resolve_global): (JSC::JIT::emitSlow_op_resolve_global): (JSC::JIT::emit_op_not): (JSC::JIT::emit_op_jfalse): (JSC::JIT::emit_op_jtrue): (JSC::JIT::emit_op_jeq_null): (JSC::JIT::emit_op_jneq_null): (JSC::JIT::emit_op_jneq_ptr): (JSC::JIT::emit_op_jsr): (JSC::JIT::emit_op_eq): (JSC::JIT::emitSlow_op_eq): (JSC::JIT::emit_op_neq): (JSC::JIT::emitSlow_op_neq): (JSC::JIT::compileOpStrictEq): (JSC::JIT::emit_op_eq_null): (JSC::JIT::emit_op_neq_null): (JSC::JIT::emit_op_resolve_with_base): (JSC::JIT::emit_op_new_func_exp): (JSC::JIT::emit_op_get_pnames): (JSC::JIT::emit_op_next_pname): (JSC::JIT::emit_op_to_jsnumber): (JSC::JIT::emit_op_push_new_scope): (JSC::JIT::emit_op_catch): (JSC::JIT::emit_op_create_activation): (JSC::JIT::emit_op_create_arguments): (JSC::JIT::emit_op_convert_this): (JSC::JIT::emit_op_convert_this_strict): (JSC::JIT::emit_op_get_arguments_length): (JSC::JIT::emitSlow_op_get_arguments_length): (JSC::JIT::emit_op_get_argument_by_val): (JSC::JIT::softModulo):
• jit/JITPropertyAccess.cpp: (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::emit_op_get_by_val): (JSC::JIT::emitSlow_op_get_by_val): (JSC::JIT::emit_op_get_by_pname): (JSC::JIT::emit_op_put_by_val): (JSC::JIT::emit_op_put_by_index): (JSC::JIT::emit_op_put_getter): (JSC::JIT::emit_op_put_setter): (JSC::JIT::emit_op_del_by_id): (JSC::JIT::emit_op_get_by_id): (JSC::JIT::emit_op_put_by_id): (JSC::JIT::emit_op_method_check): (JSC::JIT::compileGetByIdHotPath): (JSC::JIT::compileGetByIdSlowCase): (JSC::JIT::emitSlow_op_put_by_id): (JSC::JIT::testPrototype): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::privateCompilePatchGetArrayLength): (JSC::JIT::privateCompileGetByIdProto): (JSC::JIT::privateCompileGetByIdSelfList): (JSC::JIT::privateCompileGetByIdProtoList): (JSC::JIT::privateCompileGetByIdChainList): (JSC::JIT::privateCompileGetByIdChain):
• jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emit_op_put_getter): (JSC::JIT::emit_op_put_setter): (JSC::JIT::emit_op_del_by_id): (JSC::JIT::emit_op_get_by_id): (JSC::JIT::emit_op_put_by_id): (JSC::JIT::emit_op_method_check): (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::emit_op_get_by_val): (JSC::JIT::emitSlow_op_get_by_val): (JSC::JIT::emit_op_put_by_val): (JSC::JIT::compileGetByIdHotPath): (JSC::JIT::compileGetByIdSlowCase): (JSC::JIT::emitSlow_op_put_by_id): (JSC::JIT::testPrototype): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::privateCompilePatchGetArrayLength): (JSC::JIT::privateCompileGetByIdProto): (JSC::JIT::privateCompileGetByIdSelfList): (JSC::JIT::privateCompileGetByIdProtoList): (JSC::JIT::privateCompileGetByIdChainList): (JSC::JIT::privateCompileGetByIdChain): (JSC::JIT::emit_op_get_by_pname):
• jit/JITStubCall.h: (JSC::JITStubCall::addArgument):
• jit/JITStubs.cpp: (JSC::getPolymorphicAccessStructureListSlot): (JSC::DEFINE_STUB_FUNCTION):
• jit/JSInterfaceJIT.h: (JSC::JSInterfaceJIT::emitJumpIfNotJSCell): (JSC::JSInterfaceJIT::emitLoadInt32): (JSC::JSInterfaceJIT::emitLoadDouble):
• jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::SpecializedThunkJIT): (JSC::SpecializedThunkJIT::loadJSStringArgument): (JSC::SpecializedThunkJIT::tagReturnAsInt32): (JSC::SpecializedThunkJIT::tagReturnAsJSCell):
• jit/ThunkGenerators.cpp: (JSC::charToString): (JSC::powThunkGenerator):
• yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::matchCharacterClass): (JSC::Yarr::YarrGenerator::storeToFrame): (JSC::Yarr::YarrGenerator::storeToFrameWithPatch): (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode): (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle): (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy): (JSC::Yarr::YarrGenerator::generateCharacterClassFixed): (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy): (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy): (JSC::Yarr::YarrGenerator::generateParenthesesSingle): (JSC::Yarr::YarrGenerator::generateDisjunction):

File:

• trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (32 diffs)

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -55 +55 @@
     JSInterfaceJIT jit;
     JumpList failures;
-    failures.append(jit.branchPtr(NotEqual, Address(regT0), ImmPtr(globalData->jsStringVPtr)));
+    failures.append(jit.branchPtr(NotEqual, Address(regT0), TrustedImmPtr(globalData->jsStringVPtr)));
     failures.append(jit.branchTest32(NonZero, Address(regT0, OBJECT_OFFSETOF(JSString, m_fiberCount))));
 
@@ -69 +69 @@
     jit.load16(BaseIndex(regT0, regT1, TimesTwo, 0), regT0);
     
-    failures.append(jit.branch32(AboveOrEqual, regT0, Imm32(0x100)));
-    jit.move(ImmPtr(globalData->smallStrings.singleCharacterStrings()), regT1);
+    failures.append(jit.branch32(AboveOrEqual, regT0, TrustedImm32(0x100)));
+    jit.move(TrustedImmPtr(globalData->smallStrings.singleCharacterStrings()), regT1);
     jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
     jit.ret();
     
     failures.link(&jit);
-    jit.move(Imm32(0), regT0);
+    jit.move(TrustedImm32(0), regT0);
     jit.ret();
     
@@ -100 +100 @@
 
     emitJumpSlowCaseIfNotJSCell(regT0, base);
-    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+    addSlowCase(branchPtr(NotEqual, Address(regT0), TrustedImmPtr(m_globalData->jsArrayVPtr)));
 
     loadPtr(Address(regT0, JSArray::storageOffset()), regT2);
@@ -121 +121 @@
     Jump nonCell = jump();
     linkSlowCase(iter); // base array check
-    Jump notString = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+    Jump notString = branchPtr(NotEqual, Address(regT0), TrustedImmPtr(m_globalData->jsStringVPtr));
     emitNakedCall(m_globalData->getCTIStub(stringGetByValStubGenerator));
     Jump failed = branchTestPtr(Zero, regT0);
@@ -163 +163 @@
     addSlowCase(branchPtr(NotEqual, regT2, Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_cachedStructure))));
     load32(addressFor(i), regT3);
-    sub32(Imm32(1), regT3);
+    sub32(TrustedImm32(1), regT3);
     addSlowCase(branch32(AboveOrEqual, regT3, Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_numCacheableSlots))));
     compileGetDirectOffset(regT0, regT0, regT3, regT1);
@@ -198 +198 @@
     zeroExtend32ToPtr(regT1, regT1);
     emitJumpSlowCaseIfNotJSCell(regT0, base);
-    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+    addSlowCase(branchPtr(NotEqual, Address(regT0), TrustedImmPtr(m_globalData->jsArrayVPtr)));
     addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, JSArray::vectorLengthOffset())));
 
@@ -210 +210 @@
     
     empty.link(this);
-    add32(Imm32(1), Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
+    add32(TrustedImm32(1), Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
     branch32(Below, regT1, Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length))).linkTo(storeResult, this);
 
     move(regT1, regT0);
-    add32(Imm32(1), regT0);
+    add32(TrustedImm32(1), regT0);
     store32(regT0, Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length)));
     jump().linkTo(storeResult, this);
@@ -225 +225 @@
     JITStubCall stubCall(this, cti_op_put_by_index);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
-    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(TrustedImm32(currentInstruction[2].u.operand));
     stubCall.addArgument(currentInstruction[3].u.operand, regT2);
     stubCall.call();
@@ -234 +234 @@
     JITStubCall stubCall(this, cti_op_put_getter);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
-    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(TrustedImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
     stubCall.addArgument(currentInstruction[3].u.operand, regT2);
     stubCall.call();
@@ -243 +243 @@
     JITStubCall stubCall(this, cti_op_put_setter);
     stubCall.addArgument(currentInstruction[1].u.operand, regT2);
-    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(TrustedImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
     stubCall.addArgument(currentInstruction[3].u.operand, regT2);
     stubCall.call();
@@ -252 +252 @@
     JITStubCall stubCall(this, cti_op_del_by_id);
     stubCall.addArgument(currentInstruction[2].u.operand, regT2);
-    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
+    stubCall.addArgument(TrustedImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
     stubCall.call(currentInstruction[1].u.operand);
 }
@@ -277 +277 @@
     JITStubCall stubCall(this, cti_op_get_by_id_generic);
     stubCall.addArgument(regT0);
-    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(TrustedImmPtr(ident));
     stubCall.call(resultVReg);
 
@@ -299 +299 @@
     JITStubCall stubCall(this, direct ? cti_op_put_by_id_direct_generic, cti_op_put_by_id_generic);
     stubCall.addArgument(regT0);
-    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(TrustedImmPtr(ident));
     stubCall.addArgument(regT1);
     stubCall.call();
@@ -337 +337 @@
     BEGIN_UNINTERRUPTED_SEQUENCE(sequenceMethodCheck);
 
-    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), info.structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
-    DataLabelPtr protoStructureToCompare, protoObj = moveWithPatch(ImmPtr(0), regT1);
-    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT1, JSCell::structureOffset()), protoStructureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), info.structureToCompare, TrustedImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    DataLabelPtr protoStructureToCompare, protoObj = moveWithPatch(TrustedImmPtr(0), regT1);
+    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT1, JSCell::structureOffset()), protoStructureToCompare, TrustedImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
 
     // This will be relinked to load the function without doing a load.
-    DataLabelPtr putFunction = moveWithPatch(ImmPtr(0), regT0);
+    DataLabelPtr putFunction = moveWithPatch(TrustedImmPtr(0), regT0);
 
     END_UNINTERRUPTED_SEQUENCE(sequenceMethodCheck);
@@ -415 +415 @@
 
     DataLabelPtr structureToCompare;
-    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, TrustedImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
     addSlowCase(structureCheck);
     ASSERT_JIT_OFFSET(differenceBetween(hotPathBegin, structureToCompare), patchOffsetGetByIdStructure);
@@ -458 +458 @@
     JITStubCall stubCall(this, isMethodCheck ? cti_op_get_by_id_method_check : cti_op_get_by_id);
     stubCall.addArgument(regT0);
-    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(TrustedImmPtr(ident));
     Call call = stubCall.call(resultVReg);
 
@@ -493 +493 @@
     // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
     DataLabelPtr structureToCompare;
-    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
+    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, TrustedImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
     ASSERT_JIT_OFFSET(differenceBetween(hotPathBegin, structureToCompare), patchOffsetPutByIdStructure);
 
@@ -517 +517 @@
     JITStubCall stubCall(this, direct ? cti_op_put_by_id_direct : cti_op_put_by_id);
     stubCall.addArgument(regT0);
-    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(TrustedImmPtr(ident));
     stubCall.addArgument(regT1);
     Call call = stubCall.call();
@@ -565 +565 @@
     // two less instructions and doesn't require any scratch registers.
 #if CPU(X86_64)
-    move(ImmPtr(prototype.asCell()->structure()), regT3);
+    move(TrustedImmPtr(prototype.asCell()->structure()), regT3);
     failureCases.append(branchPtr(NotEqual, AbsoluteAddress(prototype.asCell()->addressOfStructure()), regT3));
 #else
-    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(prototype.asCell()->addressOfStructure()), ImmPtr(prototype.asCell()->structure())));
+    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(prototype.asCell()->addressOfStructure()), TrustedImmPtr(prototype.asCell()->structure())));
 #endif
 }
@@ -577 +577 @@
     // Check eax is an object of the right Structure.
     failureCases.append(emitJumpIfNotJSCell(regT0));
-    failureCases.append(branchPtr(NotEqual, Address(regT0, JSCell::structureOffset()), ImmPtr(oldStructure)));
+    failureCases.append(branchPtr(NotEqual, Address(regT0, JSCell::structureOffset()), TrustedImmPtr(oldStructure)));
     testPrototype(oldStructure->storedPrototype(), failureCases);
 
@@ -599 +599 @@
         stubCall.skipArgument(); // ident
         stubCall.skipArgument(); // value
-        stubCall.addArgument(Imm32(oldStructure->propertyStorageCapacity()));
-        stubCall.addArgument(Imm32(newStructure->propertyStorageCapacity()));
+        stubCall.addArgument(TrustedImm32(oldStructure->propertyStorageCapacity()));
+        stubCall.addArgument(TrustedImm32(newStructure->propertyStorageCapacity()));
         stubCall.call(regT0);
         emitGetJITStubArg(2, regT1);
@@ -609 +609 @@
     // Assumes m_refCount can be decremented easily, refcount decrement is safe as 
     // codeblock should ensure oldStructure->m_refCount > 0
-    sub32(Imm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
-    add32(Imm32(1), AbsoluteAddress(newStructure->addressOfCount()));
-    storePtr(ImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
+    sub32(TrustedImm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
+    add32(TrustedImm32(1), AbsoluteAddress(newStructure->addressOfCount()));
+    storePtr(TrustedImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
 
     // write the value
@@ -693 +693 @@
 
     // Check eax is an array
-    Jump failureCases1 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr));
+    Jump failureCases1 = branchPtr(NotEqual, Address(regT0), TrustedImmPtr(m_globalData->jsArrayVPtr));
 
     // Checks out okay! - get the length from the storage
     loadPtr(Address(regT0, JSArray::storageOffset()), regT3);
     load32(Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_length)), regT2);
-    Jump failureCases2 = branch32(Above, regT2, Imm32(JSImmediate::maxImmediateInt));
+    Jump failureCases2 = branch32(Above, regT2, TrustedImm32(JSImmediate::maxImmediateInt));
 
     emitFastArithIntToImmNoCheck(regT2, regT0);
@@ -738 +738 @@
     Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
-    move(ImmPtr(prototypeStructure), regT3);
+    move(TrustedImmPtr(prototypeStructure), regT3);
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
 #else
-    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), TrustedImmPtr(prototypeStructure));
 #endif
 
@@ -753 +753 @@
         stubCall.addArgument(regT1);
         stubCall.addArgument(regT0);
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else if (slot.cachedPropertyType() == PropertySlot::Custom) {
         needsStubLink = true;
         JITStubCall stubCall(this, cti_op_get_by_id_custom_stub);
-        stubCall.addArgument(ImmPtr(protoObject));
-        stubCall.addArgument(ImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
-        stubCall.addArgument(ImmPtr(const_cast<Identifier*>(&ident)));
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(protoObject));
+        stubCall.addArgument(TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(const_cast<Identifier*>(&ident)));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else
@@ -805 +805 @@
         stubCall.addArgument(regT1);
         stubCall.addArgument(regT0);
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else if (slot.cachedPropertyType() == PropertySlot::Custom) {
@@ -811 +811 @@
         JITStubCall stubCall(this, cti_op_get_by_id_custom_stub);
         stubCall.addArgument(regT0);
-        stubCall.addArgument(ImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
-        stubCall.addArgument(ImmPtr(const_cast<Identifier*>(&ident)));
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(const_cast<Identifier*>(&ident)));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else
@@ -861 +861 @@
     Structure* const * prototypeStructureAddress = protoObject->addressOfStructure();
 #if CPU(X86_64)
-    move(ImmPtr(prototypeStructure), regT3);
+    move(TrustedImmPtr(prototypeStructure), regT3);
     Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
 #else
-    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), TrustedImmPtr(prototypeStructure));
 #endif
 
@@ -875 +875 @@
         stubCall.addArgument(regT1);
         stubCall.addArgument(regT0);
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else if (slot.cachedPropertyType() == PropertySlot::Custom) {
         needsStubLink = true;
         JITStubCall stubCall(this, cti_op_get_by_id_custom_stub);
-        stubCall.addArgument(ImmPtr(protoObject));
-        stubCall.addArgument(ImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
-        stubCall.addArgument(ImmPtr(const_cast<Identifier*>(&ident)));
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(protoObject));
+        stubCall.addArgument(TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(const_cast<Identifier*>(&ident)));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else
@@ -945 +945 @@
         stubCall.addArgument(regT1);
         stubCall.addArgument(regT0);
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else if (slot.cachedPropertyType() == PropertySlot::Custom) {
         needsStubLink = true;
         JITStubCall stubCall(this, cti_op_get_by_id_custom_stub);
-        stubCall.addArgument(ImmPtr(protoObject));
-        stubCall.addArgument(ImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
-        stubCall.addArgument(ImmPtr(const_cast<Identifier*>(&ident)));
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(protoObject));
+        stubCall.addArgument(TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(const_cast<Identifier*>(&ident)));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else
@@ -980 +980 @@
     // Track the stub we have created so that it will be deleted later.
     structure->ref();
-    chain->ref();
     prototypeStructures->list[currentIndex].set(entryLabel, structure, chain);
 
@@ -1015 +1014 @@
         stubCall.addArgument(regT1);
         stubCall.addArgument(regT0);
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else if (slot.cachedPropertyType() == PropertySlot::Custom) {
         needsStubLink = true;
         JITStubCall stubCall(this, cti_op_get_by_id_custom_stub);
-        stubCall.addArgument(ImmPtr(protoObject));
-        stubCall.addArgument(ImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
-        stubCall.addArgument(ImmPtr(const_cast<Identifier*>(&ident)));
-        stubCall.addArgument(ImmPtr(stubInfo->callReturnLocation.executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(protoObject));
+        stubCall.addArgument(TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()));
+        stubCall.addArgument(TrustedImmPtr(const_cast<Identifier*>(&ident)));
+        stubCall.addArgument(TrustedImmPtr(stubInfo->callReturnLocation.executableAddress()));
         stubCall.call();
     } else