Unreviewed, rolling out r156474.
[WebKit-https.git] / Source / JavaScriptCore / bytecompiler / BytecodeGenerator.cpp
1 /*
2  * Copyright (C) 2008, 2009, 2012, 2013 Apple Inc. All rights reserved.
3  * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
4  * Copyright (C) 2012 Igalia, S.L.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1.  Redistributions of source code must retain the above copyright
11  *     notice, this list of conditions and the following disclaimer.
12  * 2.  Redistributions in binary form must reproduce the above copyright
13  *     notice, this list of conditions and the following disclaimer in the
14  *     documentation and/or other materials provided with the distribution.
15  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
16  *     its contributors may be used to endorse or promote products derived
17  *     from this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
20  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
23  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30
31 #include "config.h"
32 #include "BytecodeGenerator.h"
33
34 #include "Interpreter.h"
35 #include "JSActivation.h"
36 #include "JSFunction.h"
37 #include "JSNameScope.h"
38 #include "LowLevelInterpreter.h"
39 #include "Operations.h"
40 #include "Options.h"
41 #include "StrongInlines.h"
42 #include "UnlinkedCodeBlock.h"
43 #include <wtf/StdLibExtras.h>
44 #include <wtf/text/WTFString.h>
45
46 using namespace std;
47
48 namespace JSC {
49
50 void Label::setLocation(unsigned location)
51 {
52     m_location = location;
53     
54     unsigned size = m_unresolvedJumps.size();
55     for (unsigned i = 0; i < size; ++i)
56         m_generator->m_instructions[m_unresolvedJumps[i].second].u.operand = m_location - m_unresolvedJumps[i].first;
57 }
58
59 ParserError BytecodeGenerator::generate()
60 {
61     SamplingRegion samplingRegion("Bytecode Generation");
62     
63     m_codeBlock->setThisRegister(m_thisRegister.index());
64
65     m_scopeNode->emitBytecode(*this);
66
67     m_staticPropertyAnalyzer.kill();
68
69     for (unsigned i = 0; i < m_tryRanges.size(); ++i) {
70         TryRange& range = m_tryRanges[i];
71         int start = range.start->bind();
72         int end = range.end->bind();
73         
74         // This will happen for empty try blocks and for some cases of finally blocks:
75         //
76         // try {
77         //    try {
78         //    } finally {
79         //        return 42;
80         //        // *HERE*
81         //    }
82         // } finally {
83         //    print("things");
84         // }
85         //
86         // The return will pop scopes to execute the outer finally block. But this includes
87         // popping the try context for the inner try. The try context is live in the fall-through
88         // part of the finally block not because we will emit a handler that overlaps the finally,
89         // but because we haven't yet had a chance to plant the catch target. Then when we finish
90         // emitting code for the outer finally block, we repush the try contex, this time with a
91         // new start index. But that means that the start index for the try range corresponding
92         // to the inner-finally-following-the-return (marked as "*HERE*" above) will be greater
93         // than the end index of the try block. This is harmless since end < start handlers will
94         // never get matched in our logic, but we do the runtime a favor and choose to not emit
95         // such handlers at all.
96         if (end <= start)
97             continue;
98         
99         ASSERT(range.tryData->targetScopeDepth != UINT_MAX);
100         UnlinkedHandlerInfo info = {
101             static_cast<uint32_t>(start), static_cast<uint32_t>(end),
102             static_cast<uint32_t>(range.tryData->target->bind()),
103             range.tryData->targetScopeDepth
104         };
105         m_codeBlock->addExceptionHandler(info);
106     }
107     
108     m_codeBlock->instructions() = RefCountedArray<UnlinkedInstruction>(m_instructions);
109
110     m_codeBlock->shrinkToFit();
111
112     if (m_expressionTooDeep)
113         return ParserError(ParserError::OutOfMemory);
114     return ParserError(ParserError::ErrorNone);
115 }
116
117 bool BytecodeGenerator::addVar(const Identifier& ident, bool isConstant, RegisterID*& r0)
118 {
119     ConcurrentJITLocker locker(symbolTable().m_lock);
120     int index = localToOperand(m_calleeRegisters.size());
121     SymbolTableEntry newEntry(index, isConstant ? ReadOnly : 0);
122     SymbolTable::Map::AddResult result = symbolTable().add(locker, ident.impl(), newEntry);
123
124     if (!result.isNewEntry) {
125         r0 = &registerFor(result.iterator->value.getIndex());
126         return false;
127     }
128
129     r0 = addVar();
130     return true;
131 }
132
133 void BytecodeGenerator::preserveLastVar()
134 {
135     if ((m_firstConstantIndex = m_calleeRegisters.size()) != 0)
136         m_lastVar = &m_calleeRegisters.last();
137 }
138
139 BytecodeGenerator::BytecodeGenerator(VM& vm, ProgramNode* programNode, UnlinkedProgramCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode)
140     : m_shouldEmitDebugHooks(debuggerMode == DebuggerOn)
141     , m_shouldEmitProfileHooks(profilerMode == ProfilerOn)
142     , m_symbolTable(0)
143     , m_scopeNode(programNode)
144     , m_codeBlock(vm, codeBlock)
145     , m_thisRegister(CallFrame::thisArgumentOffset())
146     , m_emptyValueRegister(0)
147     , m_globalObjectRegister(0)
148     , m_finallyDepth(0)
149     , m_localScopeDepth(0)
150     , m_codeType(GlobalCode)
151     , m_nextConstantOffset(0)
152     , m_globalConstantIndex(0)
153     , m_hasCreatedActivation(true)
154     , m_firstLazyFunction(0)
155     , m_lastLazyFunction(0)
156     , m_staticPropertyAnalyzer(&m_instructions)
157     , m_vm(&vm)
158     , m_lastOpcodeID(op_end)
159 #ifndef NDEBUG
160     , m_lastOpcodePosition(0)
161 #endif
162     , m_stack(vm, wtfThreadData().stack())
163     , m_usesExceptions(false)
164     , m_expressionTooDeep(false)
165 {
166     if (m_shouldEmitDebugHooks)
167         m_codeBlock->setNeedsFullScopeChain(true);
168
169     m_codeBlock->setNumParameters(1); // Allocate space for "this"
170
171     emitOpcode(op_enter);
172
173     const VarStack& varStack = programNode->varStack();
174     const FunctionStack& functionStack = programNode->functionStack();
175
176     for (size_t i = 0; i < functionStack.size(); ++i) {
177         FunctionBodyNode* function = functionStack[i];
178         UnlinkedFunctionExecutable* unlinkedFunction = makeFunction(function);
179         codeBlock->addFunctionDeclaration(*m_vm, function->ident(), unlinkedFunction);
180     }
181
182     for (size_t i = 0; i < varStack.size(); ++i)
183         codeBlock->addVariableDeclaration(varStack[i].first, !!(varStack[i].second & DeclarationStacks::IsConstant));
184
185 }
186
187 BytecodeGenerator::BytecodeGenerator(VM& vm, FunctionBodyNode* functionBody, UnlinkedFunctionCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode)
188     : m_shouldEmitDebugHooks(debuggerMode == DebuggerOn)
189     , m_shouldEmitProfileHooks(profilerMode == ProfilerOn)
190     , m_symbolTable(codeBlock->symbolTable())
191     , m_scopeNode(functionBody)
192     , m_codeBlock(vm, codeBlock)
193     , m_activationRegister(0)
194     , m_emptyValueRegister(0)
195     , m_globalObjectRegister(0)
196     , m_finallyDepth(0)
197     , m_localScopeDepth(0)
198     , m_codeType(FunctionCode)
199     , m_nextConstantOffset(0)
200     , m_globalConstantIndex(0)
201     , m_hasCreatedActivation(false)
202     , m_firstLazyFunction(0)
203     , m_lastLazyFunction(0)
204     , m_staticPropertyAnalyzer(&m_instructions)
205     , m_vm(&vm)
206     , m_lastOpcodeID(op_end)
207 #ifndef NDEBUG
208     , m_lastOpcodePosition(0)
209 #endif
210     , m_stack(vm, wtfThreadData().stack())
211     , m_usesExceptions(false)
212     , m_expressionTooDeep(false)
213 {
214     if (m_shouldEmitDebugHooks)
215         m_codeBlock->setNeedsFullScopeChain(true);
216
217     m_symbolTable->setUsesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode());
218     Vector<Identifier> boundParameterProperties;
219     FunctionParameters& parameters = *functionBody->parameters();
220     for (size_t i = 0; i < parameters.size(); i++) {
221         auto pattern = parameters.at(i);
222         if (pattern->isBindingNode())
223             continue;
224         pattern->collectBoundIdentifiers(boundParameterProperties);
225         continue;
226     }
227     m_symbolTable->setParameterCountIncludingThis(functionBody->parameters()->size() + 1);
228
229     emitOpcode(op_enter);
230     if (m_codeBlock->needsFullScopeChain()) {
231         m_activationRegister = addVar();
232         emitInitLazyRegister(m_activationRegister);
233         m_codeBlock->setActivationRegister(m_activationRegister->index());
234     }
235
236     m_symbolTable->setCaptureStart(localToOperand(m_codeBlock->m_numVars));
237
238     if (functionBody->usesArguments() || codeBlock->usesEval()) { // May reify arguments object.
239         RegisterID* unmodifiedArgumentsRegister = addVar(); // Anonymous, so it can't be modified by user code.
240         RegisterID* argumentsRegister = addVar(propertyNames().arguments, false); // Can be changed by assigning to 'arguments'.
241
242         // We can save a little space by hard-coding the knowledge that the two
243         // 'arguments' values are stored in consecutive registers, and storing
244         // only the index of the assignable one.
245         codeBlock->setArgumentsRegister(argumentsRegister->index());
246         ASSERT_UNUSED(unmodifiedArgumentsRegister, unmodifiedArgumentsRegister->index() == JSC::unmodifiedArgumentsRegister(codeBlock->argumentsRegister()));
247
248         emitInitLazyRegister(argumentsRegister);
249         emitInitLazyRegister(unmodifiedArgumentsRegister);
250         
251         if (shouldTearOffArgumentsEagerly()) {
252             emitOpcode(op_create_arguments);
253             instructions().append(argumentsRegister->index());
254         }
255     }
256
257     bool shouldCaptureAllTheThings = m_shouldEmitDebugHooks || codeBlock->usesEval();
258
259     bool capturesAnyArgumentByName = false;
260     Vector<RegisterID*, 0, UnsafeVectorOverflow> capturedArguments;
261     if (functionBody->hasCapturedVariables() || shouldCaptureAllTheThings) {
262         FunctionParameters& parameters = *functionBody->parameters();
263         capturedArguments.resize(parameters.size());
264         for (size_t i = 0; i < parameters.size(); ++i) {
265             capturedArguments[i] = 0;
266             auto pattern = parameters.at(i);
267             if (!pattern->isBindingNode())
268                 continue;
269             const Identifier& ident = static_cast<const BindingNode*>(pattern)->boundProperty();
270             if (!functionBody->captures(ident) && !shouldCaptureAllTheThings)
271                 continue;
272             capturesAnyArgumentByName = true;
273             capturedArguments[i] = addVar();
274         }
275     }
276
277     if (capturesAnyArgumentByName && !shouldTearOffArgumentsEagerly()) {
278         size_t parameterCount = m_symbolTable->parameterCount();
279         auto slowArguments = std::make_unique<SlowArgument[]>(parameterCount);
280         for (size_t i = 0; i < parameterCount; ++i) {
281             if (!capturedArguments[i]) {
282                 ASSERT(slowArguments[i].status == SlowArgument::Normal);
283                 slowArguments[i].index = CallFrame::argumentOffset(i);
284                 continue;
285             }
286             slowArguments[i].status = SlowArgument::Captured;
287             slowArguments[i].index = capturedArguments[i]->index();
288         }
289         m_symbolTable->setSlowArguments(std::move(slowArguments));
290     }
291
292     RegisterID* calleeRegister = resolveCallee(functionBody); // May push to the scope chain and/or add a captured var.
293
294     const DeclarationStacks::FunctionStack& functionStack = functionBody->functionStack();
295     const DeclarationStacks::VarStack& varStack = functionBody->varStack();
296
297     // Captured variables and functions go first so that activations don't have
298     // to step over the non-captured locals to mark them.
299     m_hasCreatedActivation = false;
300     if (functionBody->hasCapturedVariables()) {
301         for (size_t i = 0; i < functionStack.size(); ++i) {
302             FunctionBodyNode* function = functionStack[i];
303             const Identifier& ident = function->ident();
304             if (functionBody->captures(ident)) {
305                 if (!m_hasCreatedActivation) {
306                     m_hasCreatedActivation = true;
307                     emitOpcode(op_create_activation);
308                     instructions().append(m_activationRegister->index());
309                 }
310                 m_functions.add(ident.impl());
311                 emitNewFunction(addVar(ident, false), function);
312             }
313         }
314         for (size_t i = 0; i < varStack.size(); ++i) {
315             const Identifier& ident = varStack[i].first;
316             if (functionBody->captures(ident))
317                 addVar(ident, varStack[i].second & DeclarationStacks::IsConstant);
318         }
319     }
320     bool canLazilyCreateFunctions = !functionBody->needsActivationForMoreThanVariables() && !m_shouldEmitDebugHooks;
321     if (!canLazilyCreateFunctions && !m_hasCreatedActivation) {
322         m_hasCreatedActivation = true;
323         emitOpcode(op_create_activation);
324         instructions().append(m_activationRegister->index());
325     }
326
327     m_symbolTable->setCaptureEnd(localToOperand(codeBlock->m_numVars));
328
329     m_firstLazyFunction = codeBlock->m_numVars;
330     for (size_t i = 0; i < functionStack.size(); ++i) {
331         FunctionBodyNode* function = functionStack[i];
332         const Identifier& ident = function->ident();
333         if (!functionBody->captures(ident)) {
334             m_functions.add(ident.impl());
335             RefPtr<RegisterID> reg = addVar(ident, false);
336             // Don't lazily create functions that override the name 'arguments'
337             // as this would complicate lazy instantiation of actual arguments.
338             if (!canLazilyCreateFunctions || ident == propertyNames().arguments)
339                 emitNewFunction(reg.get(), function);
340             else {
341                 emitInitLazyRegister(reg.get());
342                 m_lazyFunctions.set(localToOperand(reg->index()), function);
343             }
344         }
345     }
346     m_lastLazyFunction = canLazilyCreateFunctions ? codeBlock->m_numVars : m_firstLazyFunction;
347     for (size_t i = 0; i < varStack.size(); ++i) {
348         const Identifier& ident = varStack[i].first;
349         if (!functionBody->captures(ident))
350             addVar(ident, varStack[i].second & DeclarationStacks::IsConstant);
351     }
352
353     if (shouldCaptureAllTheThings)
354         m_symbolTable->setCaptureEnd(localToOperand(codeBlock->m_numVars));
355
356     m_parameters.grow(parameters.size() + 1); // reserve space for "this"
357
358     // Add "this" as a parameter
359     int nextParameterIndex = CallFrame::thisArgumentOffset();
360     m_thisRegister.setIndex(nextParameterIndex++);
361     m_codeBlock->addParameter();
362     Vector<std::pair<RegisterID*, const DeconstructionPatternNode*>> deconstructedParameters;
363     for (size_t i = 0; i < parameters.size(); ++i, ++nextParameterIndex) {
364         int index = nextParameterIndex;
365         auto pattern = parameters.at(i);
366         if (!pattern->isBindingNode()) {
367             m_codeBlock->addParameter();
368             RegisterID& parameter = registerFor(index);
369             parameter.setIndex(index);
370             deconstructedParameters.append(make_pair(&parameter, pattern));
371             continue;
372         }
373         auto simpleParameter = static_cast<const BindingNode*>(pattern);
374         if (capturedArguments.size() && capturedArguments[i]) {
375             ASSERT((functionBody->hasCapturedVariables() && functionBody->captures(simpleParameter->boundProperty())) || shouldCaptureAllTheThings);
376             index = capturedArguments[i]->index();
377             RegisterID original(nextParameterIndex);
378             emitMove(capturedArguments[i], &original);
379         }
380         addParameter(simpleParameter->boundProperty(), index);
381     }
382     preserveLastVar();
383
384     // We declare the callee's name last because it should lose to a var, function, and/or parameter declaration.
385     addCallee(functionBody, calleeRegister);
386
387     if (isConstructor()) {
388         emitCreateThis(&m_thisRegister);
389     } else if (functionBody->usesThis() || codeBlock->usesEval() || m_shouldEmitDebugHooks) {
390         emitOpcode(op_to_this);
391         instructions().append(kill(&m_thisRegister));
392         instructions().append(0);
393     }
394     for (size_t i = 0; i < deconstructedParameters.size(); i++) {
395         auto& entry = deconstructedParameters[i];
396         entry.second->emitBytecode(*this, entry.first);
397     }
398 }
399
400 BytecodeGenerator::BytecodeGenerator(VM& vm, EvalNode* evalNode, UnlinkedEvalCodeBlock* codeBlock, DebuggerMode debuggerMode, ProfilerMode profilerMode)
401     : m_shouldEmitDebugHooks(debuggerMode == DebuggerOn)
402     , m_shouldEmitProfileHooks(profilerMode == ProfilerOn)
403     , m_symbolTable(codeBlock->symbolTable())
404     , m_scopeNode(evalNode)
405     , m_codeBlock(vm, codeBlock)
406     , m_thisRegister(CallFrame::thisArgumentOffset())
407     , m_emptyValueRegister(0)
408     , m_globalObjectRegister(0)
409     , m_finallyDepth(0)
410     , m_localScopeDepth(0)
411     , m_codeType(EvalCode)
412     , m_nextConstantOffset(0)
413     , m_globalConstantIndex(0)
414     , m_hasCreatedActivation(true)
415     , m_firstLazyFunction(0)
416     , m_lastLazyFunction(0)
417     , m_staticPropertyAnalyzer(&m_instructions)
418     , m_vm(&vm)
419     , m_lastOpcodeID(op_end)
420 #ifndef NDEBUG
421     , m_lastOpcodePosition(0)
422 #endif
423     , m_stack(vm, wtfThreadData().stack())
424     , m_usesExceptions(false)
425     , m_expressionTooDeep(false)
426 {
427     m_codeBlock->setNeedsFullScopeChain(true);
428
429     m_symbolTable->setUsesNonStrictEval(codeBlock->usesEval() && !codeBlock->isStrictMode());
430     m_codeBlock->setNumParameters(1);
431
432     emitOpcode(op_enter);
433
434     const DeclarationStacks::FunctionStack& functionStack = evalNode->functionStack();
435     for (size_t i = 0; i < functionStack.size(); ++i)
436         m_codeBlock->addFunctionDecl(makeFunction(functionStack[i]));
437
438     const DeclarationStacks::VarStack& varStack = evalNode->varStack();
439     unsigned numVariables = varStack.size();
440     Vector<Identifier, 0, UnsafeVectorOverflow> variables;
441     variables.reserveCapacity(numVariables);
442     for (size_t i = 0; i < numVariables; ++i) {
443         ASSERT(varStack[i].first.impl()->isIdentifier());
444         variables.append(varStack[i].first);
445     }
446     codeBlock->adoptVariables(variables);
447     preserveLastVar();
448 }
449
450 BytecodeGenerator::~BytecodeGenerator()
451 {
452 }
453
454 RegisterID* BytecodeGenerator::emitInitLazyRegister(RegisterID* reg)
455 {
456     emitOpcode(op_init_lazy_reg);
457     instructions().append(reg->index());
458     return reg;
459 }
460
461 RegisterID* BytecodeGenerator::resolveCallee(FunctionBodyNode* functionBodyNode)
462 {
463     if (functionBodyNode->ident().isNull() || !functionBodyNode->functionNameIsInScope())
464         return 0;
465
466     m_calleeRegister.setIndex(JSStack::Callee);
467
468     // If non-strict eval is in play, we use a separate object in the scope chain for the callee's name.
469     if ((m_codeBlock->usesEval() && !m_codeBlock->isStrictMode()) || m_shouldEmitDebugHooks)
470         emitPushNameScope(functionBodyNode->ident(), &m_calleeRegister, ReadOnly | DontDelete);
471
472     if (!functionBodyNode->captures(functionBodyNode->ident()))
473         return &m_calleeRegister;
474
475     // Move the callee into the captured section of the stack.
476     return emitMove(addVar(), &m_calleeRegister);
477 }
478
479 void BytecodeGenerator::addCallee(FunctionBodyNode* functionBodyNode, RegisterID* calleeRegister)
480 {
481     if (functionBodyNode->ident().isNull() || !functionBodyNode->functionNameIsInScope())
482         return;
483
484     // If non-strict eval is in play, we use a separate object in the scope chain for the callee's name.
485     if ((m_codeBlock->usesEval() && !m_codeBlock->isStrictMode()) || m_shouldEmitDebugHooks)
486         return;
487
488     ASSERT(calleeRegister);
489     symbolTable().add(functionBodyNode->ident().impl(), SymbolTableEntry(calleeRegister->index(), ReadOnly));
490 }
491
492 void BytecodeGenerator::addParameter(const Identifier& ident, int parameterIndex)
493 {
494     // Parameters overwrite var declarations, but not function declarations.
495     StringImpl* rep = ident.impl();
496     if (!m_functions.contains(rep)) {
497         symbolTable().set(rep, parameterIndex);
498         RegisterID& parameter = registerFor(parameterIndex);
499         parameter.setIndex(parameterIndex);
500     }
501
502     // To maintain the calling convention, we have to allocate unique space for
503     // each parameter, even if the parameter doesn't make it into the symbol table.
504     m_codeBlock->addParameter();
505 }
506
507 bool BytecodeGenerator::willResolveToArguments(const Identifier& ident)
508 {
509     if (ident != propertyNames().arguments)
510         return false;
511     
512     if (!shouldOptimizeLocals())
513         return false;
514     
515     SymbolTableEntry entry = symbolTable().get(ident.impl());
516     if (entry.isNull())
517         return false;
518
519     if (m_codeBlock->usesArguments() && m_codeType == FunctionCode)
520         return true;
521     
522     return false;
523 }
524
525 RegisterID* BytecodeGenerator::uncheckedRegisterForArguments()
526 {
527     ASSERT(willResolveToArguments(propertyNames().arguments));
528
529     SymbolTableEntry entry = symbolTable().get(propertyNames().arguments.impl());
530     ASSERT(!entry.isNull());
531     return &registerFor(entry.getIndex());
532 }
533
534 RegisterID* BytecodeGenerator::createLazyRegisterIfNecessary(RegisterID* reg)
535 {
536     int localVariableNumber = operandToLocal(reg->index());
537     
538     if (m_lastLazyFunction <= localVariableNumber || localVariableNumber < m_firstLazyFunction)
539         return reg;
540     emitLazyNewFunction(reg, m_lazyFunctions.get(localVariableNumber));
541     return reg;
542 }
543
544 RegisterID* BytecodeGenerator::newRegister()
545 {
546     m_calleeRegisters.append(localToOperand(m_calleeRegisters.size()));
547     m_codeBlock->m_numCalleeRegisters = max<int>(m_codeBlock->m_numCalleeRegisters, m_calleeRegisters.size());
548     return &m_calleeRegisters.last();
549 }
550
551 RegisterID* BytecodeGenerator::newTemporary()
552 {
553     // Reclaim free register IDs.
554     while (m_calleeRegisters.size() && !m_calleeRegisters.last().refCount())
555         m_calleeRegisters.removeLast();
556         
557     RegisterID* result = newRegister();
558     result->setTemporary();
559     return result;
560 }
561
562 LabelScopePtr BytecodeGenerator::newLabelScope(LabelScope::Type type, const Identifier* name)
563 {
564     // Reclaim free label scopes.
565     while (m_labelScopes.size() && !m_labelScopes.last().refCount())
566         m_labelScopes.removeLast();
567
568     // Allocate new label scope.
569     LabelScope scope(type, name, scopeDepth(), newLabel(), type == LabelScope::Loop ? newLabel() : PassRefPtr<Label>()); // Only loops have continue targets.
570     m_labelScopes.append(scope);
571     return LabelScopePtr(&m_labelScopes, m_labelScopes.size() - 1);
572 }
573
574 PassRefPtr<Label> BytecodeGenerator::newLabel()
575 {
576     // Reclaim free label IDs.
577     while (m_labels.size() && !m_labels.last().refCount())
578         m_labels.removeLast();
579
580     // Allocate new label ID.
581     m_labels.append(this);
582     return &m_labels.last();
583 }
584
585 PassRefPtr<Label> BytecodeGenerator::emitLabel(Label* l0)
586 {
587     unsigned newLabelIndex = instructions().size();
588     l0->setLocation(newLabelIndex);
589
590     if (m_codeBlock->numberOfJumpTargets()) {
591         unsigned lastLabelIndex = m_codeBlock->lastJumpTarget();
592         ASSERT(lastLabelIndex <= newLabelIndex);
593         if (newLabelIndex == lastLabelIndex) {
594             // Peephole optimizations have already been disabled by emitting the last label
595             return l0;
596         }
597     }
598
599     m_codeBlock->addJumpTarget(newLabelIndex);
600
601     // This disables peephole optimizations when an instruction is a jump target
602     m_lastOpcodeID = op_end;
603     return l0;
604 }
605
606 void BytecodeGenerator::emitOpcode(OpcodeID opcodeID)
607 {
608 #ifndef NDEBUG
609     size_t opcodePosition = instructions().size();
610     ASSERT(opcodePosition - m_lastOpcodePosition == opcodeLength(m_lastOpcodeID) || m_lastOpcodeID == op_end);
611     m_lastOpcodePosition = opcodePosition;
612 #endif
613     instructions().append(opcodeID);
614     m_lastOpcodeID = opcodeID;
615 }
616
617 UnlinkedArrayProfile BytecodeGenerator::newArrayProfile()
618 {
619 #if ENABLE(VALUE_PROFILER)
620     return m_codeBlock->addArrayProfile();
621 #else
622     return 0;
623 #endif
624 }
625
626 UnlinkedArrayAllocationProfile BytecodeGenerator::newArrayAllocationProfile()
627 {
628 #if ENABLE(VALUE_PROFILER)
629     return m_codeBlock->addArrayAllocationProfile();
630 #else
631     return 0;
632 #endif
633 }
634
635 UnlinkedObjectAllocationProfile BytecodeGenerator::newObjectAllocationProfile()
636 {
637     return m_codeBlock->addObjectAllocationProfile();
638 }
639
640 UnlinkedValueProfile BytecodeGenerator::emitProfiledOpcode(OpcodeID opcodeID)
641 {
642 #if ENABLE(VALUE_PROFILER)
643     UnlinkedValueProfile result = m_codeBlock->addValueProfile();
644 #else
645     UnlinkedValueProfile result = 0;
646 #endif
647     emitOpcode(opcodeID);
648     return result;
649 }
650
651 void BytecodeGenerator::emitLoopHint()
652 {
653     emitOpcode(op_loop_hint);
654 }
655
656 void BytecodeGenerator::retrieveLastBinaryOp(int& dstIndex, int& src1Index, int& src2Index)
657 {
658     ASSERT(instructions().size() >= 4);
659     size_t size = instructions().size();
660     dstIndex = instructions().at(size - 3).u.operand;
661     src1Index = instructions().at(size - 2).u.operand;
662     src2Index = instructions().at(size - 1).u.operand;
663 }
664
665 void BytecodeGenerator::retrieveLastUnaryOp(int& dstIndex, int& srcIndex)
666 {
667     ASSERT(instructions().size() >= 3);
668     size_t size = instructions().size();
669     dstIndex = instructions().at(size - 2).u.operand;
670     srcIndex = instructions().at(size - 1).u.operand;
671 }
672
673 void ALWAYS_INLINE BytecodeGenerator::rewindBinaryOp()
674 {
675     ASSERT(instructions().size() >= 4);
676     instructions().shrink(instructions().size() - 4);
677     m_lastOpcodeID = op_end;
678 }
679
680 void ALWAYS_INLINE BytecodeGenerator::rewindUnaryOp()
681 {
682     ASSERT(instructions().size() >= 3);
683     instructions().shrink(instructions().size() - 3);
684     m_lastOpcodeID = op_end;
685 }
686
687 PassRefPtr<Label> BytecodeGenerator::emitJump(Label* target)
688 {
689     size_t begin = instructions().size();
690     emitOpcode(op_jmp);
691     instructions().append(target->bind(begin, instructions().size()));
692     return target;
693 }
694
695 PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* target)
696 {
697     if (m_lastOpcodeID == op_less) {
698         int dstIndex;
699         int src1Index;
700         int src2Index;
701
702         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
703
704         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
705             rewindBinaryOp();
706
707             size_t begin = instructions().size();
708             emitOpcode(op_jless);
709             instructions().append(src1Index);
710             instructions().append(src2Index);
711             instructions().append(target->bind(begin, instructions().size()));
712             return target;
713         }
714     } else if (m_lastOpcodeID == op_lesseq) {
715         int dstIndex;
716         int src1Index;
717         int src2Index;
718
719         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
720
721         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
722             rewindBinaryOp();
723
724             size_t begin = instructions().size();
725             emitOpcode(op_jlesseq);
726             instructions().append(src1Index);
727             instructions().append(src2Index);
728             instructions().append(target->bind(begin, instructions().size()));
729             return target;
730         }
731     } else if (m_lastOpcodeID == op_greater) {
732         int dstIndex;
733         int src1Index;
734         int src2Index;
735
736         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
737
738         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
739             rewindBinaryOp();
740
741             size_t begin = instructions().size();
742             emitOpcode(op_jgreater);
743             instructions().append(src1Index);
744             instructions().append(src2Index);
745             instructions().append(target->bind(begin, instructions().size()));
746             return target;
747         }
748     } else if (m_lastOpcodeID == op_greatereq) {
749         int dstIndex;
750         int src1Index;
751         int src2Index;
752
753         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
754
755         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
756             rewindBinaryOp();
757
758             size_t begin = instructions().size();
759             emitOpcode(op_jgreatereq);
760             instructions().append(src1Index);
761             instructions().append(src2Index);
762             instructions().append(target->bind(begin, instructions().size()));
763             return target;
764         }
765     } else if (m_lastOpcodeID == op_eq_null && target->isForward()) {
766         int dstIndex;
767         int srcIndex;
768
769         retrieveLastUnaryOp(dstIndex, srcIndex);
770
771         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
772             rewindUnaryOp();
773
774             size_t begin = instructions().size();
775             emitOpcode(op_jeq_null);
776             instructions().append(srcIndex);
777             instructions().append(target->bind(begin, instructions().size()));
778             return target;
779         }
780     } else if (m_lastOpcodeID == op_neq_null && target->isForward()) {
781         int dstIndex;
782         int srcIndex;
783
784         retrieveLastUnaryOp(dstIndex, srcIndex);
785
786         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
787             rewindUnaryOp();
788
789             size_t begin = instructions().size();
790             emitOpcode(op_jneq_null);
791             instructions().append(srcIndex);
792             instructions().append(target->bind(begin, instructions().size()));
793             return target;
794         }
795     }
796
797     size_t begin = instructions().size();
798
799     emitOpcode(op_jtrue);
800     instructions().append(cond->index());
801     instructions().append(target->bind(begin, instructions().size()));
802     return target;
803 }
804
805 PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* target)
806 {
807     if (m_lastOpcodeID == op_less && target->isForward()) {
808         int dstIndex;
809         int src1Index;
810         int src2Index;
811
812         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
813
814         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
815             rewindBinaryOp();
816
817             size_t begin = instructions().size();
818             emitOpcode(op_jnless);
819             instructions().append(src1Index);
820             instructions().append(src2Index);
821             instructions().append(target->bind(begin, instructions().size()));
822             return target;
823         }
824     } else if (m_lastOpcodeID == op_lesseq && target->isForward()) {
825         int dstIndex;
826         int src1Index;
827         int src2Index;
828
829         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
830
831         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
832             rewindBinaryOp();
833
834             size_t begin = instructions().size();
835             emitOpcode(op_jnlesseq);
836             instructions().append(src1Index);
837             instructions().append(src2Index);
838             instructions().append(target->bind(begin, instructions().size()));
839             return target;
840         }
841     } else if (m_lastOpcodeID == op_greater && target->isForward()) {
842         int dstIndex;
843         int src1Index;
844         int src2Index;
845
846         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
847
848         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
849             rewindBinaryOp();
850
851             size_t begin = instructions().size();
852             emitOpcode(op_jngreater);
853             instructions().append(src1Index);
854             instructions().append(src2Index);
855             instructions().append(target->bind(begin, instructions().size()));
856             return target;
857         }
858     } else if (m_lastOpcodeID == op_greatereq && target->isForward()) {
859         int dstIndex;
860         int src1Index;
861         int src2Index;
862
863         retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
864
865         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
866             rewindBinaryOp();
867
868             size_t begin = instructions().size();
869             emitOpcode(op_jngreatereq);
870             instructions().append(src1Index);
871             instructions().append(src2Index);
872             instructions().append(target->bind(begin, instructions().size()));
873             return target;
874         }
875     } else if (m_lastOpcodeID == op_not) {
876         int dstIndex;
877         int srcIndex;
878
879         retrieveLastUnaryOp(dstIndex, srcIndex);
880
881         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
882             rewindUnaryOp();
883
884             size_t begin = instructions().size();
885             emitOpcode(op_jtrue);
886             instructions().append(srcIndex);
887             instructions().append(target->bind(begin, instructions().size()));
888             return target;
889         }
890     } else if (m_lastOpcodeID == op_eq_null && target->isForward()) {
891         int dstIndex;
892         int srcIndex;
893
894         retrieveLastUnaryOp(dstIndex, srcIndex);
895
896         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
897             rewindUnaryOp();
898
899             size_t begin = instructions().size();
900             emitOpcode(op_jneq_null);
901             instructions().append(srcIndex);
902             instructions().append(target->bind(begin, instructions().size()));
903             return target;
904         }
905     } else if (m_lastOpcodeID == op_neq_null && target->isForward()) {
906         int dstIndex;
907         int srcIndex;
908
909         retrieveLastUnaryOp(dstIndex, srcIndex);
910
911         if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
912             rewindUnaryOp();
913
914             size_t begin = instructions().size();
915             emitOpcode(op_jeq_null);
916             instructions().append(srcIndex);
917             instructions().append(target->bind(begin, instructions().size()));
918             return target;
919         }
920     }
921
922     size_t begin = instructions().size();
923     emitOpcode(op_jfalse);
924     instructions().append(cond->index());
925     instructions().append(target->bind(begin, instructions().size()));
926     return target;
927 }
928
929 PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionCall(RegisterID* cond, Label* target)
930 {
931     size_t begin = instructions().size();
932
933     emitOpcode(op_jneq_ptr);
934     instructions().append(cond->index());
935     instructions().append(Special::CallFunction);
936     instructions().append(target->bind(begin, instructions().size()));
937     return target;
938 }
939
940 PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionApply(RegisterID* cond, Label* target)
941 {
942     size_t begin = instructions().size();
943
944     emitOpcode(op_jneq_ptr);
945     instructions().append(cond->index());
946     instructions().append(Special::ApplyFunction);
947     instructions().append(target->bind(begin, instructions().size()));
948     return target;
949 }
950
951 unsigned BytecodeGenerator::addConstant(const Identifier& ident)
952 {
953     StringImpl* rep = ident.impl();
954     IdentifierMap::AddResult result = m_identifierMap.add(rep, m_codeBlock->numberOfIdentifiers());
955     if (result.isNewEntry)
956         m_codeBlock->addIdentifier(Identifier(m_vm, rep));
957
958     return result.iterator->value;
959 }
960
961 // We can't hash JSValue(), so we use a dedicated data member to cache it.
962 RegisterID* BytecodeGenerator::addConstantEmptyValue()
963 {
964     if (!m_emptyValueRegister) {
965         int index = m_nextConstantOffset;
966         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
967         ++m_nextConstantOffset;
968         m_codeBlock->addConstant(JSValue());
969         m_emptyValueRegister = &m_constantPoolRegisters[index];
970     }
971
972     return m_emptyValueRegister;
973 }
974
975 RegisterID* BytecodeGenerator::addConstantValue(JSValue v)
976 {
977     if (!v)
978         return addConstantEmptyValue();
979
980     int index = m_nextConstantOffset;
981     JSValueMap::AddResult result = m_jsValueMap.add(JSValue::encode(v), m_nextConstantOffset);
982     if (result.isNewEntry) {
983         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
984         ++m_nextConstantOffset;
985         m_codeBlock->addConstant(v);
986     } else
987         index = result.iterator->value;
988     return &m_constantPoolRegisters[index];
989 }
990
991 unsigned BytecodeGenerator::addRegExp(RegExp* r)
992 {
993     return m_codeBlock->addRegExp(r);
994 }
995
996 RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src)
997 {
998     m_staticPropertyAnalyzer.mov(dst->index(), src->index());
999
1000     emitOpcode(op_mov);
1001     instructions().append(dst->index());
1002     instructions().append(src->index());
1003     return dst;
1004 }
1005
1006 RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src)
1007 {
1008     emitOpcode(opcodeID);
1009     instructions().append(dst->index());
1010     instructions().append(src->index());
1011     return dst;
1012 }
1013
1014 RegisterID* BytecodeGenerator::emitInc(RegisterID* srcDst)
1015 {
1016     emitOpcode(op_inc);
1017     instructions().append(srcDst->index());
1018     return srcDst;
1019 }
1020
1021 RegisterID* BytecodeGenerator::emitDec(RegisterID* srcDst)
1022 {
1023     emitOpcode(op_dec);
1024     instructions().append(srcDst->index());
1025     return srcDst;
1026 }
1027
1028 RegisterID* BytecodeGenerator::emitBinaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes types)
1029 {
1030     emitOpcode(opcodeID);
1031     instructions().append(dst->index());
1032     instructions().append(src1->index());
1033     instructions().append(src2->index());
1034
1035     if (opcodeID == op_bitor || opcodeID == op_bitand || opcodeID == op_bitxor ||
1036         opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub || opcodeID == op_div)
1037         instructions().append(types.toInt());
1038
1039     return dst;
1040 }
1041
1042 RegisterID* BytecodeGenerator::emitEqualityOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2)
1043 {
1044     if (m_lastOpcodeID == op_typeof) {
1045         int dstIndex;
1046         int srcIndex;
1047
1048         retrieveLastUnaryOp(dstIndex, srcIndex);
1049
1050         if (src1->index() == dstIndex
1051             && src1->isTemporary()
1052             && m_codeBlock->isConstantRegisterIndex(src2->index())
1053             && m_codeBlock->constantRegister(src2->index()).get().isString()) {
1054             const String& value = asString(m_codeBlock->constantRegister(src2->index()).get())->tryGetValue();
1055             if (value == "undefined") {
1056                 rewindUnaryOp();
1057                 emitOpcode(op_is_undefined);
1058                 instructions().append(dst->index());
1059                 instructions().append(srcIndex);
1060                 return dst;
1061             }
1062             if (value == "boolean") {
1063                 rewindUnaryOp();
1064                 emitOpcode(op_is_boolean);
1065                 instructions().append(dst->index());
1066                 instructions().append(srcIndex);
1067                 return dst;
1068             }
1069             if (value == "number") {
1070                 rewindUnaryOp();
1071                 emitOpcode(op_is_number);
1072                 instructions().append(dst->index());
1073                 instructions().append(srcIndex);
1074                 return dst;
1075             }
1076             if (value == "string") {
1077                 rewindUnaryOp();
1078                 emitOpcode(op_is_string);
1079                 instructions().append(dst->index());
1080                 instructions().append(srcIndex);
1081                 return dst;
1082             }
1083             if (value == "object") {
1084                 rewindUnaryOp();
1085                 emitOpcode(op_is_object);
1086                 instructions().append(dst->index());
1087                 instructions().append(srcIndex);
1088                 return dst;
1089             }
1090             if (value == "function") {
1091                 rewindUnaryOp();
1092                 emitOpcode(op_is_function);
1093                 instructions().append(dst->index());
1094                 instructions().append(srcIndex);
1095                 return dst;
1096             }
1097         }
1098     }
1099
1100     emitOpcode(opcodeID);
1101     instructions().append(dst->index());
1102     instructions().append(src1->index());
1103     instructions().append(src2->index());
1104     return dst;
1105 }
1106
1107 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, bool b)
1108 {
1109     return emitLoad(dst, jsBoolean(b));
1110 }
1111
1112 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, double number)
1113 {
1114     // FIXME: Our hash tables won't hold infinity, so we make a new JSValue each time.
1115     // Later we can do the extra work to handle that like the other cases.  They also don't
1116     // work correctly with NaN as a key.
1117     if (std::isnan(number) || number == HashTraits<double>::emptyValue() || HashTraits<double>::isDeletedValue(number))
1118         return emitLoad(dst, jsNumber(number));
1119     JSValue& valueInMap = m_numberMap.add(number, JSValue()).iterator->value;
1120     if (!valueInMap)
1121         valueInMap = jsNumber(number);
1122     return emitLoad(dst, valueInMap);
1123 }
1124
1125 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, const Identifier& identifier)
1126 {
1127     JSString*& stringInMap = m_stringMap.add(identifier.impl(), nullptr).iterator->value;
1128     if (!stringInMap)
1129         stringInMap = jsOwnedString(vm(), identifier.string());
1130     return emitLoad(dst, JSValue(stringInMap));
1131 }
1132
1133 RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, JSValue v)
1134 {
1135     RegisterID* constantID = addConstantValue(v);
1136     if (dst)
1137         return emitMove(dst, constantID);
1138     return constantID;
1139 }
1140
1141 RegisterID* BytecodeGenerator::emitLoadGlobalObject(RegisterID* dst)
1142 {
1143     if (!m_globalObjectRegister) {
1144         int index = m_nextConstantOffset;
1145         m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
1146         ++m_nextConstantOffset;
1147         m_codeBlock->addConstant(JSValue());
1148         m_globalObjectRegister = &m_constantPoolRegisters[index];
1149         m_codeBlock->setGlobalObjectRegister(index);
1150     }
1151     if (dst)
1152         emitMove(dst, m_globalObjectRegister);
1153     return m_globalObjectRegister;
1154 }
1155
1156 Local BytecodeGenerator::local(const Identifier& property)
1157 {
1158     if (property == propertyNames().thisIdentifier)
1159         return Local(thisRegister(), ReadOnly);
1160
1161     if (property == propertyNames().arguments)
1162         createArgumentsIfNecessary();
1163
1164     if (!shouldOptimizeLocals())
1165         return Local();
1166
1167     SymbolTableEntry entry = symbolTable().get(property.impl());
1168     if (entry.isNull())
1169         return Local();
1170
1171     RegisterID* local = createLazyRegisterIfNecessary(&registerFor(entry.getIndex()));
1172     return Local(local, entry.getAttributes());
1173 }
1174
1175 Local BytecodeGenerator::constLocal(const Identifier& property)
1176 {
1177     if (m_codeType != FunctionCode)
1178         return Local();
1179
1180     SymbolTableEntry entry = symbolTable().get(property.impl());
1181     if (entry.isNull())
1182         return Local();
1183
1184     RegisterID* local = createLazyRegisterIfNecessary(&registerFor(entry.getIndex()));
1185     return Local(local, entry.getAttributes());
1186 }
1187
1188 void BytecodeGenerator::emitCheckHasInstance(RegisterID* dst, RegisterID* value, RegisterID* base, Label* target)
1189 {
1190     size_t begin = instructions().size();
1191     emitOpcode(op_check_has_instance);
1192     instructions().append(dst->index());
1193     instructions().append(value->index());
1194     instructions().append(base->index());
1195     instructions().append(target->bind(begin, instructions().size()));
1196 }
1197
1198 // Indicates the least upper bound of resolve type based on local scope. The bytecode linker
1199 // will start with this ResolveType and compute the least upper bound including intercepting scopes.
1200 ResolveType BytecodeGenerator::resolveType()
1201 {
1202     if (m_localScopeDepth)
1203         return Dynamic;
1204     if (m_symbolTable && m_symbolTable->usesNonStrictEval())
1205         return GlobalPropertyWithVarInjectionChecks;
1206     return GlobalProperty;
1207 }
1208
1209 RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Identifier& identifier)
1210 {
1211     ASSERT(!m_symbolTable || !m_symbolTable->contains(identifier.impl()) || resolveType() == Dynamic);
1212
1213     // resolve_scope dst, id, ResolveType, depth
1214     emitOpcode(op_resolve_scope);
1215     instructions().append(kill(dst));
1216     instructions().append(addConstant(identifier));
1217     instructions().append(resolveType());
1218     instructions().append(0);
1219     return dst;
1220 }
1221
1222 RegisterID* BytecodeGenerator::emitGetFromScope(RegisterID* dst, RegisterID* scope, const Identifier& identifier, ResolveMode resolveMode)
1223 {
1224     m_codeBlock->addPropertyAccessInstruction(instructions().size());
1225
1226     // get_from_scope dst, scope, id, ResolveModeAndType, Structure, Operand
1227     UnlinkedValueProfile profile = emitProfiledOpcode(op_get_from_scope);
1228     instructions().append(kill(dst));
1229     instructions().append(scope->index());
1230     instructions().append(addConstant(identifier));
1231     instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
1232     instructions().append(0);
1233     instructions().append(0);
1234     instructions().append(profile);
1235     return dst;
1236 }
1237
1238 RegisterID* BytecodeGenerator::emitPutToScope(RegisterID* scope, const Identifier& identifier, RegisterID* value, ResolveMode resolveMode)
1239 {
1240     m_codeBlock->addPropertyAccessInstruction(instructions().size());
1241
1242     // put_to_scope scope, id, value, ResolveModeAndType, Structure, Operand
1243     emitOpcode(op_put_to_scope);
1244     instructions().append(scope->index());
1245     instructions().append(addConstant(identifier));
1246     instructions().append(value->index());
1247     instructions().append(ResolveModeAndType(resolveMode, resolveType()).operand());
1248     instructions().append(0);
1249     instructions().append(0);
1250     return value;
1251 }
1252
1253 RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* basePrototype)
1254
1255     emitOpcode(op_instanceof);
1256     instructions().append(dst->index());
1257     instructions().append(value->index());
1258     instructions().append(basePrototype->index());
1259     return dst;
1260 }
1261
1262 RegisterID* BytecodeGenerator::emitInitGlobalConst(const Identifier& identifier, RegisterID* value)
1263 {
1264     ASSERT(m_codeType == GlobalCode);
1265     emitOpcode(op_init_global_const_nop);
1266     instructions().append(0);
1267     instructions().append(value->index());
1268     instructions().append(0);
1269     instructions().append(addConstant(identifier));
1270     return value;
1271 }
1272
1273 RegisterID* BytecodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property)
1274 {
1275     m_codeBlock->addPropertyAccessInstruction(instructions().size());
1276
1277     UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_id);
1278     instructions().append(kill(dst));
1279     instructions().append(base->index());
1280     instructions().append(addConstant(property));
1281     instructions().append(0);
1282     instructions().append(0);
1283     instructions().append(0);
1284     instructions().append(0);
1285     instructions().append(profile);
1286     return dst;
1287 }
1288
1289 RegisterID* BytecodeGenerator::emitGetArgumentsLength(RegisterID* dst, RegisterID* base)
1290 {
1291     emitOpcode(op_get_arguments_length);
1292     instructions().append(dst->index());
1293     ASSERT(base->index() == m_codeBlock->argumentsRegister());
1294     instructions().append(base->index());
1295     instructions().append(addConstant(propertyNames().length));
1296     return dst;
1297 }
1298
1299 RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, const Identifier& property, RegisterID* value)
1300 {
1301     unsigned propertyIndex = addConstant(property);
1302
1303     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
1304
1305     m_codeBlock->addPropertyAccessInstruction(instructions().size());
1306
1307     emitOpcode(op_put_by_id);
1308     instructions().append(base->index());
1309     instructions().append(propertyIndex);
1310     instructions().append(value->index());
1311     instructions().append(0);
1312     instructions().append(0);
1313     instructions().append(0);
1314     instructions().append(0);
1315     instructions().append(0);
1316     return value;
1317 }
1318
1319 RegisterID* BytecodeGenerator::emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value)
1320 {
1321     unsigned propertyIndex = addConstant(property);
1322
1323     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
1324
1325     m_codeBlock->addPropertyAccessInstruction(instructions().size());
1326     
1327     emitOpcode(op_put_by_id);
1328     instructions().append(base->index());
1329     instructions().append(propertyIndex);
1330     instructions().append(value->index());
1331     instructions().append(0);
1332     instructions().append(0);
1333     instructions().append(0);
1334     instructions().append(0);
1335     instructions().append(
1336         property != m_vm->propertyNames->underscoreProto
1337         && PropertyName(property).asIndex() == PropertyName::NotAnIndex);
1338     return value;
1339 }
1340
1341 void BytecodeGenerator::emitPutGetterSetter(RegisterID* base, const Identifier& property, RegisterID* getter, RegisterID* setter)
1342 {
1343     unsigned propertyIndex = addConstant(property);
1344
1345     m_staticPropertyAnalyzer.putById(base->index(), propertyIndex);
1346
1347     emitOpcode(op_put_getter_setter);
1348     instructions().append(base->index());
1349     instructions().append(propertyIndex);
1350     instructions().append(getter->index());
1351     instructions().append(setter->index());
1352 }
1353
1354 RegisterID* BytecodeGenerator::emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier& property)
1355 {
1356     emitOpcode(op_del_by_id);
1357     instructions().append(dst->index());
1358     instructions().append(base->index());
1359     instructions().append(addConstant(property));
1360     return dst;
1361 }
1362
1363 RegisterID* BytecodeGenerator::emitGetArgumentByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
1364 {
1365     UnlinkedArrayProfile arrayProfile = newArrayProfile();
1366     UnlinkedValueProfile profile = emitProfiledOpcode(op_get_argument_by_val);
1367     instructions().append(kill(dst));
1368     ASSERT(base->index() == m_codeBlock->argumentsRegister());
1369     instructions().append(base->index());
1370     instructions().append(property->index());
1371     instructions().append(arrayProfile);
1372     instructions().append(profile);
1373     return dst;
1374 }
1375
1376 RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
1377 {
1378     for (size_t i = m_forInContextStack.size(); i > 0; i--) {
1379         ForInContext& context = m_forInContextStack[i - 1];
1380         if (context.propertyRegister == property) {
1381             emitOpcode(op_get_by_pname);
1382             instructions().append(dst->index());
1383             instructions().append(base->index());
1384             instructions().append(property->index());
1385             instructions().append(context.expectedSubscriptRegister->index());
1386             instructions().append(context.iterRegister->index());
1387             instructions().append(context.indexRegister->index());
1388             return dst;
1389         }
1390     }
1391     UnlinkedArrayProfile arrayProfile = newArrayProfile();
1392     UnlinkedValueProfile profile = emitProfiledOpcode(op_get_by_val);
1393     instructions().append(kill(dst));
1394     instructions().append(base->index());
1395     instructions().append(property->index());
1396     instructions().append(arrayProfile);
1397     instructions().append(profile);
1398     return dst;
1399 }
1400
1401 RegisterID* BytecodeGenerator::emitPutByVal(RegisterID* base, RegisterID* property, RegisterID* value)
1402 {
1403     UnlinkedArrayProfile arrayProfile = newArrayProfile();
1404     emitOpcode(op_put_by_val);
1405     instructions().append(base->index());
1406     instructions().append(property->index());
1407     instructions().append(value->index());
1408     instructions().append(arrayProfile);
1409     return value;
1410 }
1411
1412 RegisterID* BytecodeGenerator::emitDeleteByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
1413 {
1414     emitOpcode(op_del_by_val);
1415     instructions().append(dst->index());
1416     instructions().append(base->index());
1417     instructions().append(property->index());
1418     return dst;
1419 }
1420
1421 RegisterID* BytecodeGenerator::emitPutByIndex(RegisterID* base, unsigned index, RegisterID* value)
1422 {
1423     emitOpcode(op_put_by_index);
1424     instructions().append(base->index());
1425     instructions().append(index);
1426     instructions().append(value->index());
1427     return value;
1428 }
1429
1430 RegisterID* BytecodeGenerator::emitCreateThis(RegisterID* dst)
1431 {
1432     RefPtr<RegisterID> func = newTemporary(); 
1433
1434     emitOpcode(op_get_callee);
1435     instructions().append(func->index());
1436     instructions().append(0);
1437
1438     size_t begin = instructions().size();
1439     m_staticPropertyAnalyzer.createThis(m_thisRegister.index(), begin + 3);
1440
1441     emitOpcode(op_create_this); 
1442     instructions().append(m_thisRegister.index()); 
1443     instructions().append(func->index()); 
1444     instructions().append(0);
1445     return dst;
1446 }
1447
1448 RegisterID* BytecodeGenerator::emitNewObject(RegisterID* dst)
1449 {
1450     size_t begin = instructions().size();
1451     m_staticPropertyAnalyzer.newObject(dst->index(), begin + 2);
1452
1453     emitOpcode(op_new_object);
1454     instructions().append(dst->index());
1455     instructions().append(0);
1456     instructions().append(newObjectAllocationProfile());
1457     return dst;
1458 }
1459
1460 unsigned BytecodeGenerator::addConstantBuffer(unsigned length)
1461 {
1462     return m_codeBlock->addConstantBuffer(length);
1463 }
1464
1465 JSString* BytecodeGenerator::addStringConstant(const Identifier& identifier)
1466 {
1467     JSString*& stringInMap = m_stringMap.add(identifier.impl(), nullptr).iterator->value;
1468     if (!stringInMap) {
1469         stringInMap = jsString(vm(), identifier.string());
1470         addConstantValue(stringInMap);
1471     }
1472     return stringInMap;
1473 }
1474
1475 RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elements, unsigned length)
1476 {
1477 #if !ASSERT_DISABLED
1478     unsigned checkLength = 0;
1479 #endif
1480     bool hadVariableExpression = false;
1481     if (length) {
1482         for (ElementNode* n = elements; n; n = n->next()) {
1483             if (!n->value()->isConstant()) {
1484                 hadVariableExpression = true;
1485                 break;
1486             }
1487             if (n->elision())
1488                 break;
1489 #if !ASSERT_DISABLED
1490             checkLength++;
1491 #endif
1492         }
1493         if (!hadVariableExpression) {
1494             ASSERT(length == checkLength);
1495             unsigned constantBufferIndex = addConstantBuffer(length);
1496             JSValue* constantBuffer = m_codeBlock->constantBuffer(constantBufferIndex).data();
1497             unsigned index = 0;
1498             for (ElementNode* n = elements; index < length; n = n->next()) {
1499                 ASSERT(n->value()->isConstant());
1500                 constantBuffer[index++] = static_cast<ConstantNode*>(n->value())->jsValue(*this);
1501             }
1502             emitOpcode(op_new_array_buffer);
1503             instructions().append(dst->index());
1504             instructions().append(constantBufferIndex);
1505             instructions().append(length);
1506             instructions().append(newArrayAllocationProfile());
1507             return dst;
1508         }
1509     }
1510
1511     Vector<RefPtr<RegisterID>, 16, UnsafeVectorOverflow> argv;
1512     for (ElementNode* n = elements; n; n = n->next()) {
1513         if (n->elision())
1514             break;
1515         argv.append(newTemporary());
1516         // op_new_array requires the initial values to be a sequential range of registers
1517         ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() - 1);
1518         emitNode(argv.last().get(), n->value());
1519     }
1520     emitOpcode(op_new_array);
1521     instructions().append(dst->index());
1522     instructions().append(argv.size() ? argv[0]->index() : 0); // argv
1523     instructions().append(argv.size()); // argc
1524     instructions().append(newArrayAllocationProfile());
1525     return dst;
1526 }
1527
1528 RegisterID* BytecodeGenerator::emitNewFunction(RegisterID* dst, FunctionBodyNode* function)
1529 {
1530     return emitNewFunctionInternal(dst, m_codeBlock->addFunctionDecl(makeFunction(function)), false);
1531 }
1532
1533 RegisterID* BytecodeGenerator::emitLazyNewFunction(RegisterID* dst, FunctionBodyNode* function)
1534 {
1535     FunctionOffsetMap::AddResult ptr = m_functionOffsets.add(function, 0);
1536     if (ptr.isNewEntry)
1537         ptr.iterator->value = m_codeBlock->addFunctionDecl(makeFunction(function));
1538     return emitNewFunctionInternal(dst, ptr.iterator->value, true);
1539 }
1540
1541 RegisterID* BytecodeGenerator::emitNewFunctionInternal(RegisterID* dst, unsigned index, bool doNullCheck)
1542 {
1543     createActivationIfNecessary();
1544     emitOpcode(op_new_func);
1545     instructions().append(dst->index());
1546     instructions().append(index);
1547     instructions().append(doNullCheck);
1548     return dst;
1549 }
1550
1551 RegisterID* BytecodeGenerator::emitNewRegExp(RegisterID* dst, RegExp* regExp)
1552 {
1553     emitOpcode(op_new_regexp);
1554     instructions().append(dst->index());
1555     instructions().append(addRegExp(regExp));
1556     return dst;
1557 }
1558
1559 RegisterID* BytecodeGenerator::emitNewFunctionExpression(RegisterID* r0, FuncExprNode* n)
1560 {
1561     FunctionBodyNode* function = n->body();
1562     unsigned index = m_codeBlock->addFunctionExpr(makeFunction(function));
1563     
1564     createActivationIfNecessary();
1565     emitOpcode(op_new_func_exp);
1566     instructions().append(r0->index());
1567     instructions().append(index);
1568     return r0;
1569 }
1570
1571 RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
1572 {
1573     return emitCall(op_call, dst, func, expectedFunction, callArguments, divot, divotStart, divotEnd);
1574 }
1575
1576 void BytecodeGenerator::createArgumentsIfNecessary()
1577 {
1578     if (m_codeType != FunctionCode)
1579         return;
1580     
1581     if (!m_codeBlock->usesArguments())
1582         return;
1583
1584     if (shouldTearOffArgumentsEagerly())
1585         return;
1586
1587     emitOpcode(op_create_arguments);
1588     instructions().append(m_codeBlock->argumentsRegister());
1589 }
1590
1591 void BytecodeGenerator::createActivationIfNecessary()
1592 {
1593     if (m_hasCreatedActivation)
1594         return;
1595     if (!m_codeBlock->needsFullScopeChain())
1596         return;
1597     emitOpcode(op_create_activation);
1598     instructions().append(m_activationRegister->index());
1599 }
1600
1601 RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
1602 {
1603     return emitCall(op_call_eval, dst, func, NoExpectedFunction, callArguments, divot, divotStart, divotEnd);
1604 }
1605
1606 ExpectedFunction BytecodeGenerator::expectedFunctionForIdentifier(const Identifier& identifier)
1607 {
1608     if (identifier == m_vm->propertyNames->Object)
1609         return ExpectObjectConstructor;
1610     if (identifier == m_vm->propertyNames->Array)
1611         return ExpectArrayConstructor;
1612     return NoExpectedFunction;
1613 }
1614
1615 ExpectedFunction BytecodeGenerator::emitExpectedFunctionSnippet(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, Label* done)
1616 {
1617     RefPtr<Label> realCall = newLabel();
1618     switch (expectedFunction) {
1619     case ExpectObjectConstructor: {
1620         // If the number of arguments is non-zero, then we can't do anything interesting.
1621         if (callArguments.argumentCountIncludingThis() >= 2)
1622             return NoExpectedFunction;
1623         
1624         size_t begin = instructions().size();
1625         emitOpcode(op_jneq_ptr);
1626         instructions().append(func->index());
1627         instructions().append(Special::ObjectConstructor);
1628         instructions().append(realCall->bind(begin, instructions().size()));
1629         
1630         if (dst != ignoredResult())
1631             emitNewObject(dst);
1632         break;
1633     }
1634         
1635     case ExpectArrayConstructor: {
1636         // If you're doing anything other than "new Array()" or "new Array(foo)" then we
1637         // don't do inline it, for now. The only reason is that call arguments are in
1638         // the opposite order of what op_new_array expects, so we'd either need to change
1639         // how op_new_array works or we'd need an op_new_array_reverse. Neither of these
1640         // things sounds like it's worth it.
1641         if (callArguments.argumentCountIncludingThis() > 2)
1642             return NoExpectedFunction;
1643         
1644         size_t begin = instructions().size();
1645         emitOpcode(op_jneq_ptr);
1646         instructions().append(func->index());
1647         instructions().append(Special::ArrayConstructor);
1648         instructions().append(realCall->bind(begin, instructions().size()));
1649         
1650         if (dst != ignoredResult()) {
1651             if (callArguments.argumentCountIncludingThis() == 2) {
1652                 emitOpcode(op_new_array_with_size);
1653                 instructions().append(dst->index());
1654                 instructions().append(callArguments.argumentRegister(0)->index());
1655                 instructions().append(newArrayAllocationProfile());
1656             } else {
1657                 ASSERT(callArguments.argumentCountIncludingThis() == 1);
1658                 emitOpcode(op_new_array);
1659                 instructions().append(dst->index());
1660                 instructions().append(0);
1661                 instructions().append(0);
1662                 instructions().append(newArrayAllocationProfile());
1663             }
1664         }
1665         break;
1666     }
1667         
1668     default:
1669         ASSERT(expectedFunction == NoExpectedFunction);
1670         return NoExpectedFunction;
1671     }
1672     
1673     size_t begin = instructions().size();
1674     emitOpcode(op_jmp);
1675     instructions().append(done->bind(begin, instructions().size()));
1676     emitLabel(realCall.get());
1677     
1678     return expectedFunction;
1679 }
1680
1681 RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
1682 {
1683     ASSERT(opcodeID == op_call || opcodeID == op_call_eval);
1684     ASSERT(func->refCount());
1685
1686     if (m_shouldEmitProfileHooks)
1687         emitMove(callArguments.profileHookRegister(), func);
1688
1689     // Generate code for arguments.
1690     unsigned argument = 0;
1691     for (ArgumentListNode* n = callArguments.argumentsNode()->m_listNode; n; n = n->m_next)
1692         emitNode(callArguments.argumentRegister(argument++), n);
1693
1694     // Reserve space for call frame.
1695     Vector<RefPtr<RegisterID>, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow> callFrame;
1696     for (int i = 0; i < JSStack::CallFrameHeaderSize; ++i)
1697         callFrame.append(newTemporary());
1698
1699     if (m_shouldEmitProfileHooks) {
1700         emitOpcode(op_profile_will_call);
1701         instructions().append(callArguments.profileHookRegister()->index());
1702     }
1703
1704     emitExpressionInfo(divot, divotStart, divotEnd);
1705
1706     RefPtr<Label> done = newLabel();
1707     expectedFunction = emitExpectedFunctionSnippet(dst, func, expectedFunction, callArguments, done.get());
1708     
1709     // Emit call.
1710     UnlinkedArrayProfile arrayProfile = newArrayProfile();
1711     UnlinkedValueProfile profile = emitProfiledOpcode(opcodeID);
1712     ASSERT(dst);
1713     ASSERT(dst != ignoredResult());
1714     instructions().append(dst->index()); // result
1715     instructions().append(func->index()); // func
1716     instructions().append(callArguments.argumentCountIncludingThis()); // argCount
1717     instructions().append(callArguments.registerOffset()); // registerOffset
1718 #if ENABLE(LLINT)
1719     instructions().append(m_codeBlock->addLLIntCallLinkInfo());
1720 #else
1721     instructions().append(0);
1722 #endif
1723     instructions().append(arrayProfile);
1724     instructions().append(profile);
1725     
1726     if (expectedFunction != NoExpectedFunction)
1727         emitLabel(done.get());
1728
1729     if (m_shouldEmitProfileHooks) {
1730         emitOpcode(op_profile_did_call);
1731         instructions().append(callArguments.profileHookRegister()->index());
1732     }
1733
1734     return dst;
1735 }
1736
1737 RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
1738 {
1739     if (m_shouldEmitProfileHooks) {
1740         emitMove(profileHookRegister, func);
1741         emitOpcode(op_profile_will_call);
1742         instructions().append(profileHookRegister->index());
1743     }
1744     
1745     emitExpressionInfo(divot, divotStart, divotEnd);
1746
1747     // Emit call.
1748     UnlinkedValueProfile profile = emitProfiledOpcode(op_call_varargs);
1749     ASSERT(dst != ignoredResult());
1750     instructions().append(dst->index());
1751     instructions().append(func->index());
1752     instructions().append(thisRegister->index());
1753     instructions().append(arguments->index());
1754     instructions().append(firstFreeRegister->index());
1755     instructions().append(0); // Pad to make it as big as an op_call.
1756     instructions().append(profile);
1757     if (m_shouldEmitProfileHooks) {
1758         emitOpcode(op_profile_did_call);
1759         instructions().append(profileHookRegister->index());
1760     }
1761     return dst;
1762 }
1763
1764 RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
1765 {
1766     if (m_codeBlock->needsFullScopeChain()) {
1767         emitOpcode(op_tear_off_activation);
1768         instructions().append(m_activationRegister->index());
1769     }
1770
1771     if (m_codeBlock->usesArguments() && m_codeBlock->numParameters() != 1 && !isStrictMode()) {
1772         emitOpcode(op_tear_off_arguments);
1773         instructions().append(m_codeBlock->argumentsRegister());
1774         instructions().append(m_activationRegister ? m_activationRegister->index() : emitLoad(0, JSValue())->index());
1775     }
1776
1777     // Constructors use op_ret_object_or_this to check the result is an
1778     // object, unless we can trivially determine the check is not
1779     // necessary (currently, if the return value is 'this').
1780     if (isConstructor() && (src->index() != m_thisRegister.index())) {
1781         emitOpcode(op_ret_object_or_this);
1782         instructions().append(src->index());
1783         instructions().append(m_thisRegister.index());
1784         return src;
1785     }
1786     return emitUnaryNoDstOp(op_ret, src);
1787 }
1788
1789 RegisterID* BytecodeGenerator::emitUnaryNoDstOp(OpcodeID opcodeID, RegisterID* src)
1790 {
1791     emitOpcode(opcodeID);
1792     instructions().append(src->index());
1793     return src;
1794 }
1795
1796 RegisterID* BytecodeGenerator::emitConstruct(RegisterID* dst, RegisterID* func, ExpectedFunction expectedFunction, CallArguments& callArguments, const JSTextPosition& divot, const JSTextPosition& divotStart, const JSTextPosition& divotEnd)
1797 {
1798     ASSERT(func->refCount());
1799
1800     if (m_shouldEmitProfileHooks)
1801         emitMove(callArguments.profileHookRegister(), func);
1802
1803     // Generate code for arguments.
1804     unsigned argument = 0;
1805     if (ArgumentsNode* argumentsNode = callArguments.argumentsNode()) {
1806         for (ArgumentListNode* n = argumentsNode->m_listNode; n; n = n->m_next)
1807             emitNode(callArguments.argumentRegister(argument++), n);
1808     }
1809
1810     if (m_shouldEmitProfileHooks) {
1811         emitOpcode(op_profile_will_call);
1812         instructions().append(callArguments.profileHookRegister()->index());
1813     }
1814
1815     // Reserve space for call frame.
1816     Vector<RefPtr<RegisterID>, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow> callFrame;
1817     for (int i = 0; i < JSStack::CallFrameHeaderSize; ++i)
1818         callFrame.append(newTemporary());
1819
1820     emitExpressionInfo(divot, divotStart, divotEnd);
1821     
1822     RefPtr<Label> done = newLabel();
1823     expectedFunction = emitExpectedFunctionSnippet(dst, func, expectedFunction, callArguments, done.get());
1824
1825     UnlinkedValueProfile profile = emitProfiledOpcode(op_construct);
1826     ASSERT(dst != ignoredResult());
1827     instructions().append(dst->index());
1828     instructions().append(func->index()); // func
1829     instructions().append(callArguments.argumentCountIncludingThis()); // argCount
1830     instructions().append(callArguments.registerOffset()); // registerOffset
1831 #if ENABLE(LLINT)
1832     instructions().append(m_codeBlock->addLLIntCallLinkInfo());
1833 #else
1834     instructions().append(0);
1835 #endif
1836     instructions().append(0);
1837     instructions().append(profile);
1838
1839     if (expectedFunction != NoExpectedFunction)
1840         emitLabel(done.get());
1841
1842     if (m_shouldEmitProfileHooks) {
1843         emitOpcode(op_profile_did_call);
1844         instructions().append(callArguments.profileHookRegister()->index());
1845     }
1846
1847     return dst;
1848 }
1849
1850 RegisterID* BytecodeGenerator::emitStrcat(RegisterID* dst, RegisterID* src, int count)
1851 {
1852     emitOpcode(op_strcat);
1853     instructions().append(dst->index());
1854     instructions().append(src->index());
1855     instructions().append(count);
1856
1857     return dst;
1858 }
1859
1860 void BytecodeGenerator::emitToPrimitive(RegisterID* dst, RegisterID* src)
1861 {
1862     emitOpcode(op_to_primitive);
1863     instructions().append(dst->index());
1864     instructions().append(src->index());
1865 }
1866
1867 RegisterID* BytecodeGenerator::emitPushWithScope(RegisterID* scope)
1868 {
1869     ControlFlowContext context;
1870     context.isFinallyBlock = false;
1871     m_scopeContextStack.append(context);
1872     m_localScopeDepth++;
1873
1874     return emitUnaryNoDstOp(op_push_with_scope, scope);
1875 }
1876
1877 void BytecodeGenerator::emitPopScope()
1878 {
1879     ASSERT(m_scopeContextStack.size());
1880     ASSERT(!m_scopeContextStack.last().isFinallyBlock);
1881
1882     emitOpcode(op_pop_scope);
1883
1884     m_scopeContextStack.removeLast();
1885     m_localScopeDepth--;
1886 }
1887
1888 void BytecodeGenerator::emitDebugHook(DebugHookID debugHookID, unsigned line, unsigned charOffset, unsigned lineStart)
1889 {
1890 #if ENABLE(DEBUG_WITH_BREAKPOINT)
1891     if (debugHookID != DidReachBreakpoint)
1892         return;
1893 #else
1894     if (!m_shouldEmitDebugHooks)
1895         return;
1896 #endif
1897     JSTextPosition divot(line, charOffset, lineStart);
1898     emitExpressionInfo(divot, divot, divot);
1899     emitOpcode(op_debug);
1900     instructions().append(debugHookID);
1901 }
1902
1903 void BytecodeGenerator::pushFinallyContext(StatementNode* finallyBlock)
1904 {
1905     ControlFlowContext scope;
1906     scope.isFinallyBlock = true;
1907     FinallyContext context = {
1908         finallyBlock,
1909         static_cast<unsigned>(m_scopeContextStack.size()),
1910         static_cast<unsigned>(m_switchContextStack.size()),
1911         static_cast<unsigned>(m_forInContextStack.size()),
1912         static_cast<unsigned>(m_tryContextStack.size()),
1913         static_cast<unsigned>(m_labelScopes.size()),
1914         m_finallyDepth,
1915         m_localScopeDepth
1916     };
1917     scope.finallyContext = context;
1918     m_scopeContextStack.append(scope);
1919     m_finallyDepth++;
1920 }
1921
1922 void BytecodeGenerator::popFinallyContext()
1923 {
1924     ASSERT(m_scopeContextStack.size());
1925     ASSERT(m_scopeContextStack.last().isFinallyBlock);
1926     ASSERT(m_finallyDepth > 0);
1927     m_scopeContextStack.removeLast();
1928     m_finallyDepth--;
1929 }
1930
1931 LabelScope* BytecodeGenerator::breakTarget(const Identifier& name)
1932 {
1933     // Reclaim free label scopes.
1934     //
1935     // The condition was previously coded as 'm_labelScopes.size() && !m_labelScopes.last().refCount()',
1936     // however sometimes this appears to lead to GCC going a little haywire and entering the loop with
1937     // size 0, leading to segfaulty badness.  We are yet to identify a valid cause within our code to
1938     // cause the GCC codegen to misbehave in this fashion, and as such the following refactoring of the
1939     // loop condition is a workaround.
1940     while (m_labelScopes.size()) {
1941         if  (m_labelScopes.last().refCount())
1942             break;
1943         m_labelScopes.removeLast();
1944     }
1945
1946     if (!m_labelScopes.size())
1947         return 0;
1948
1949     // We special-case the following, which is a syntax error in Firefox:
1950     // label:
1951     //     break;
1952     if (name.isEmpty()) {
1953         for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
1954             LabelScope* scope = &m_labelScopes[i];
1955             if (scope->type() != LabelScope::NamedLabel) {
1956                 ASSERT(scope->breakTarget());
1957                 return scope;
1958             }
1959         }
1960         return 0;
1961     }
1962
1963     for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
1964         LabelScope* scope = &m_labelScopes[i];
1965         if (scope->name() && *scope->name() == name) {
1966             ASSERT(scope->breakTarget());
1967             return scope;
1968         }
1969     }
1970     return 0;
1971 }
1972
1973 LabelScope* BytecodeGenerator::continueTarget(const Identifier& name)
1974 {
1975     // Reclaim free label scopes.
1976     while (m_labelScopes.size() && !m_labelScopes.last().refCount())
1977         m_labelScopes.removeLast();
1978
1979     if (!m_labelScopes.size())
1980         return 0;
1981
1982     if (name.isEmpty()) {
1983         for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
1984             LabelScope* scope = &m_labelScopes[i];
1985             if (scope->type() == LabelScope::Loop) {
1986                 ASSERT(scope->continueTarget());
1987                 return scope;
1988             }
1989         }
1990         return 0;
1991     }
1992
1993     // Continue to the loop nested nearest to the label scope that matches
1994     // 'name'.
1995     LabelScope* result = 0;
1996     for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
1997         LabelScope* scope = &m_labelScopes[i];
1998         if (scope->type() == LabelScope::Loop) {
1999             ASSERT(scope->continueTarget());
2000             result = scope;
2001         }
2002         if (scope->name() && *scope->name() == name)
2003             return result; // may be 0
2004     }
2005     return 0;
2006 }
2007
2008 void BytecodeGenerator::emitComplexPopScopes(ControlFlowContext* topScope, ControlFlowContext* bottomScope)
2009 {
2010     while (topScope > bottomScope) {
2011         // First we count the number of dynamic scopes we need to remove to get
2012         // to a finally block.
2013         int nNormalScopes = 0;
2014         while (topScope > bottomScope) {
2015             if (topScope->isFinallyBlock)
2016                 break;
2017             ++nNormalScopes;
2018             --topScope;
2019         }
2020
2021         if (nNormalScopes) {
2022             // We need to remove a number of dynamic scopes to get to the next
2023             // finally block
2024             while (nNormalScopes--)
2025                 emitOpcode(op_pop_scope);
2026
2027             // If topScope == bottomScope then there isn't a finally block left to emit.
2028             if (topScope == bottomScope)
2029                 return;
2030         }
2031         
2032         Vector<ControlFlowContext> savedScopeContextStack;
2033         Vector<SwitchInfo> savedSwitchContextStack;
2034         Vector<ForInContext> savedForInContextStack;
2035         Vector<TryContext> poppedTryContexts;
2036         LabelScopeStore savedLabelScopes;
2037         while (topScope > bottomScope && topScope->isFinallyBlock) {
2038             RefPtr<Label> beforeFinally = emitLabel(newLabel().get());
2039             
2040             // Save the current state of the world while instating the state of the world
2041             // for the finally block.
2042             FinallyContext finallyContext = topScope->finallyContext;
2043             bool flipScopes = finallyContext.scopeContextStackSize != m_scopeContextStack.size();
2044             bool flipSwitches = finallyContext.switchContextStackSize != m_switchContextStack.size();
2045             bool flipForIns = finallyContext.forInContextStackSize != m_forInContextStack.size();
2046             bool flipTries = finallyContext.tryContextStackSize != m_tryContextStack.size();
2047             bool flipLabelScopes = finallyContext.labelScopesSize != m_labelScopes.size();
2048             int topScopeIndex = -1;
2049             int bottomScopeIndex = -1;
2050             if (flipScopes) {
2051                 topScopeIndex = topScope - m_scopeContextStack.begin();
2052                 bottomScopeIndex = bottomScope - m_scopeContextStack.begin();
2053                 savedScopeContextStack = m_scopeContextStack;
2054                 m_scopeContextStack.shrink(finallyContext.scopeContextStackSize);
2055             }
2056             if (flipSwitches) {
2057                 savedSwitchContextStack = m_switchContextStack;
2058                 m_switchContextStack.shrink(finallyContext.switchContextStackSize);
2059             }
2060             if (flipForIns) {
2061                 savedForInContextStack = m_forInContextStack;
2062                 m_forInContextStack.shrink(finallyContext.forInContextStackSize);
2063             }
2064             if (flipTries) {
2065                 while (m_tryContextStack.size() != finallyContext.tryContextStackSize) {
2066                     ASSERT(m_tryContextStack.size() > finallyContext.tryContextStackSize);
2067                     TryContext context = m_tryContextStack.last();
2068                     m_tryContextStack.removeLast();
2069                     TryRange range;
2070                     range.start = context.start;
2071                     range.end = beforeFinally;
2072                     range.tryData = context.tryData;
2073                     m_tryRanges.append(range);
2074                     poppedTryContexts.append(context);
2075                 }
2076             }
2077             if (flipLabelScopes) {
2078                 savedLabelScopes = m_labelScopes;
2079                 while (m_labelScopes.size() > finallyContext.labelScopesSize)
2080                     m_labelScopes.removeLast();
2081             }
2082             int savedFinallyDepth = m_finallyDepth;
2083             m_finallyDepth = finallyContext.finallyDepth;
2084             int savedDynamicScopeDepth = m_localScopeDepth;
2085             m_localScopeDepth = finallyContext.dynamicScopeDepth;
2086             
2087             // Emit the finally block.
2088             emitNode(finallyContext.finallyBlock);
2089             
2090             RefPtr<Label> afterFinally = emitLabel(newLabel().get());
2091             
2092             // Restore the state of the world.
2093             if (flipScopes) {
2094                 m_scopeContextStack = savedScopeContextStack;
2095                 topScope = &m_scopeContextStack[topScopeIndex]; // assert it's within bounds
2096                 bottomScope = m_scopeContextStack.begin() + bottomScopeIndex; // don't assert, since it the index might be -1.
2097             }
2098             if (flipSwitches)
2099                 m_switchContextStack = savedSwitchContextStack;
2100             if (flipForIns)
2101                 m_forInContextStack = savedForInContextStack;
2102             if (flipTries) {
2103                 ASSERT(m_tryContextStack.size() == finallyContext.tryContextStackSize);
2104                 for (unsigned i = poppedTryContexts.size(); i--;) {
2105                     TryContext context = poppedTryContexts[i];
2106                     context.start = afterFinally;
2107                     m_tryContextStack.append(context);
2108                 }
2109                 poppedTryContexts.clear();
2110             }
2111             if (flipLabelScopes)
2112                 m_labelScopes = savedLabelScopes;
2113             m_finallyDepth = savedFinallyDepth;
2114             m_localScopeDepth = savedDynamicScopeDepth;
2115             
2116             --topScope;
2117         }
2118     }
2119 }
2120
2121 void BytecodeGenerator::emitPopScopes(int targetScopeDepth)
2122 {
2123     ASSERT(scopeDepth() - targetScopeDepth >= 0);
2124
2125     size_t scopeDelta = scopeDepth() - targetScopeDepth;
2126     ASSERT(scopeDelta <= m_scopeContextStack.size());
2127     if (!scopeDelta)
2128         return;
2129
2130     if (!m_finallyDepth) {
2131         while (scopeDelta--)
2132             emitOpcode(op_pop_scope);
2133         return;
2134     }
2135
2136     emitComplexPopScopes(&m_scopeContextStack.last(), &m_scopeContextStack.last() - scopeDelta);
2137 }
2138
2139 RegisterID* BytecodeGenerator::emitGetPropertyNames(RegisterID* dst, RegisterID* base, RegisterID* i, RegisterID* size, Label* breakTarget)
2140 {
2141     size_t begin = instructions().size();
2142
2143     emitOpcode(op_get_pnames);
2144     instructions().append(dst->index());
2145     instructions().append(base->index());
2146     instructions().append(i->index());
2147     instructions().append(size->index());
2148     instructions().append(breakTarget->bind(begin, instructions().size()));
2149     return dst;
2150 }
2151
2152 RegisterID* BytecodeGenerator::emitNextPropertyName(RegisterID* dst, RegisterID* base, RegisterID* i, RegisterID* size, RegisterID* iter, Label* target)
2153 {
2154     size_t begin = instructions().size();
2155
2156     emitOpcode(op_next_pname);
2157     instructions().append(dst->index());
2158     instructions().append(base->index());
2159     instructions().append(i->index());
2160     instructions().append(size->index());
2161     instructions().append(iter->index());
2162     instructions().append(target->bind(begin, instructions().size()));
2163     return dst;
2164 }
2165
2166 TryData* BytecodeGenerator::pushTry(Label* start)
2167 {
2168     TryData tryData;
2169     tryData.target = newLabel();
2170     tryData.targetScopeDepth = UINT_MAX;
2171     m_tryData.append(tryData);
2172     TryData* result = &m_tryData.last();
2173     
2174     TryContext tryContext;
2175     tryContext.start = start;
2176     tryContext.tryData = result;
2177     
2178     m_tryContextStack.append(tryContext);
2179     
2180     return result;
2181 }
2182
2183 RegisterID* BytecodeGenerator::popTryAndEmitCatch(TryData* tryData, RegisterID* targetRegister, Label* end)
2184 {
2185     m_usesExceptions = true;
2186     
2187     ASSERT_UNUSED(tryData, m_tryContextStack.last().tryData == tryData);
2188     
2189     TryRange tryRange;
2190     tryRange.start = m_tryContextStack.last().start;
2191     tryRange.end = end;
2192     tryRange.tryData = m_tryContextStack.last().tryData;
2193     m_tryRanges.append(tryRange);
2194     m_tryContextStack.removeLast();
2195     
2196     emitLabel(tryRange.tryData->target.get());
2197     tryRange.tryData->targetScopeDepth = m_localScopeDepth;
2198
2199     emitOpcode(op_catch);
2200     instructions().append(targetRegister->index());
2201     return targetRegister;
2202 }
2203
2204 void BytecodeGenerator::emitThrowReferenceError(const String& message)
2205 {
2206     emitOpcode(op_throw_static_error);
2207     instructions().append(addConstantValue(addStringConstant(Identifier(m_vm, message)))->index());
2208     instructions().append(true);
2209 }
2210
2211 void BytecodeGenerator::emitPushNameScope(const Identifier& property, RegisterID* value, unsigned attributes)
2212 {
2213     ControlFlowContext context;
2214     context.isFinallyBlock = false;
2215     m_scopeContextStack.append(context);
2216     m_localScopeDepth++;
2217
2218     emitOpcode(op_push_name_scope);
2219     instructions().append(addConstant(property));
2220     instructions().append(value->index());
2221     instructions().append(attributes);
2222 }
2223
2224 void BytecodeGenerator::beginSwitch(RegisterID* scrutineeRegister, SwitchInfo::SwitchType type)
2225 {
2226     SwitchInfo info = { static_cast<uint32_t>(instructions().size()), type };
2227     switch (type) {
2228         case SwitchInfo::SwitchImmediate:
2229             emitOpcode(op_switch_imm);
2230             break;
2231         case SwitchInfo::SwitchCharacter:
2232             emitOpcode(op_switch_char);
2233             break;
2234         case SwitchInfo::SwitchString:
2235             emitOpcode(op_switch_string);
2236             break;
2237         default:
2238             RELEASE_ASSERT_NOT_REACHED();
2239     }
2240
2241     instructions().append(0); // place holder for table index
2242     instructions().append(0); // place holder for default target    
2243     instructions().append(scrutineeRegister->index());
2244     m_switchContextStack.append(info);
2245 }
2246
2247 static int32_t keyForImmediateSwitch(ExpressionNode* node, int32_t min, int32_t max)
2248 {
2249     UNUSED_PARAM(max);
2250     ASSERT(node->isNumber());
2251     double value = static_cast<NumberNode*>(node)->value();
2252     int32_t key = static_cast<int32_t>(value);
2253     ASSERT(key == value);
2254     ASSERT(key >= min);
2255     ASSERT(key <= max);
2256     return key - min;
2257 }
2258
2259 static int32_t keyForCharacterSwitch(ExpressionNode* node, int32_t min, int32_t max)
2260 {
2261     UNUSED_PARAM(max);
2262     ASSERT(node->isString());
2263     StringImpl* clause = static_cast<StringNode*>(node)->value().impl();
2264     ASSERT(clause->length() == 1);
2265     
2266     int32_t key = (*clause)[0];
2267     ASSERT(key >= min);
2268     ASSERT(key <= max);
2269     return key - min;
2270 }
2271
2272 static void prepareJumpTableForSwitch(
2273     UnlinkedSimpleJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount,
2274     RefPtr<Label>* labels, ExpressionNode** nodes, int32_t min, int32_t max,
2275     int32_t (*keyGetter)(ExpressionNode*, int32_t min, int32_t max))
2276 {
2277     jumpTable.min = min;
2278     jumpTable.branchOffsets.resize(max - min + 1);
2279     jumpTable.branchOffsets.fill(0);
2280     for (uint32_t i = 0; i < clauseCount; ++i) {
2281         // We're emitting this after the clause labels should have been fixed, so 
2282         // the labels should not be "forward" references
2283         ASSERT(!labels[i]->isForward());
2284         jumpTable.add(keyGetter(nodes[i], min, max), labels[i]->bind(switchAddress, switchAddress + 3)); 
2285     }
2286 }
2287
2288 static void prepareJumpTableForStringSwitch(UnlinkedStringJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes)
2289 {
2290     for (uint32_t i = 0; i < clauseCount; ++i) {
2291         // We're emitting this after the clause labels should have been fixed, so 
2292         // the labels should not be "forward" references
2293         ASSERT(!labels[i]->isForward());
2294         
2295         ASSERT(nodes[i]->isString());
2296         StringImpl* clause = static_cast<StringNode*>(nodes[i])->value().impl();
2297         jumpTable.offsetTable.add(clause, labels[i]->bind(switchAddress, switchAddress + 3));
2298     }
2299 }
2300
2301 void BytecodeGenerator::endSwitch(uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes, Label* defaultLabel, int32_t min, int32_t max)
2302 {
2303     SwitchInfo switchInfo = m_switchContextStack.last();
2304     m_switchContextStack.removeLast();
2305     
2306     switch (switchInfo.switchType) {
2307     case SwitchInfo::SwitchImmediate:
2308     case SwitchInfo::SwitchCharacter: {
2309         instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfSwitchJumpTables();
2310         instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->bind(switchInfo.bytecodeOffset, switchInfo.bytecodeOffset + 3);
2311
2312         UnlinkedSimpleJumpTable& jumpTable = m_codeBlock->addSwitchJumpTable();
2313         prepareJumpTableForSwitch(
2314             jumpTable, switchInfo.bytecodeOffset, clauseCount, labels, nodes, min, max,
2315             switchInfo.switchType == SwitchInfo::SwitchImmediate
2316                 ? keyForImmediateSwitch
2317                 : keyForCharacterSwitch); 
2318         break;
2319     }
2320         
2321     case SwitchInfo::SwitchString: {
2322         instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfStringSwitchJumpTables();
2323         instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->bind(switchInfo.bytecodeOffset, switchInfo.bytecodeOffset + 3);
2324
2325         UnlinkedStringJumpTable& jumpTable = m_codeBlock->addStringSwitchJumpTable();
2326         prepareJumpTableForStringSwitch(jumpTable, switchInfo.bytecodeOffset, clauseCount, labels, nodes);
2327         break;
2328     }
2329         
2330     default:
2331         RELEASE_ASSERT_NOT_REACHED();
2332         break;
2333     }
2334 }
2335
2336 RegisterID* BytecodeGenerator::emitThrowExpressionTooDeepException()
2337 {
2338     // It would be nice to do an even better job of identifying exactly where the expression is.
2339     // And we could make the caller pass the node pointer in, if there was some way of getting
2340     // that from an arbitrary node. However, calling emitExpressionInfo without any useful data
2341     // is still good enough to get us an accurate line number.
2342     m_expressionTooDeep = true;
2343     return newTemporary();
2344 }
2345
2346 void BytecodeGenerator::setIsNumericCompareFunction(bool isNumericCompareFunction)
2347 {
2348     m_codeBlock->setIsNumericCompareFunction(isNumericCompareFunction);
2349 }
2350
2351 bool BytecodeGenerator::isArgumentNumber(const Identifier& ident, int argumentNumber)
2352 {
2353     RegisterID* registerID = local(ident).get();
2354     if (!registerID || registerID->index() >= 0)
2355          return 0;
2356     return registerID->index() == CallFrame::argumentOffset(argumentNumber);
2357 }
2358
2359 void BytecodeGenerator::emitReadOnlyExceptionIfNeeded()
2360 {
2361     if (!isStrictMode())
2362         return;
2363     emitOpcode(op_throw_static_error);
2364     instructions().append(addConstantValue(addStringConstant(Identifier(m_vm, StrictModeReadonlyPropertyWriteError)))->index());
2365     instructions().append(false);
2366 }
2367
2368 } // namespace JSC