Rename activation to be more in line with spec language
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28
29 #include "Arguments.h"
30 #include "ArrayConstructor.h"
31 #include "CallFrame.h"
32 #include "CommonSlowPaths.h"
33 #include "CommonSlowPathsExceptions.h"
34 #include "ErrorHandlingScope.h"
35 #include "ExceptionFuzz.h"
36 #include "GetterSetter.h"
37 #include "HostCallReturnValue.h"
38 #include "Interpreter.h"
39 #include "JIT.h"
40 #include "JITExceptions.h"
41 #include "JSLexicalEnvironment.h"
42 #include "JSCInlines.h"
43 #include "JSCJSValue.h"
44 #include "JSGlobalObjectFunctions.h"
45 #include "JSNameScope.h"
46 #include "JSStackInlines.h"
47 #include "JSString.h"
48 #include "JSWithScope.h"
49 #include "LLIntCommon.h"
50 #include "LLIntExceptions.h"
51 #include "LegacyProfiler.h"
52 #include "LowLevelInterpreter.h"
53 #include "ObjectConstructor.h"
54 #include "ProtoCallFrame.h"
55 #include "StructureRareDataInlines.h"
56 #include <wtf/StringPrintStream.h>
57
58 namespace JSC { namespace LLInt {
59
60 #define LLINT_BEGIN_NO_SET_PC() \
61     VM& vm = exec->vm();      \
62     NativeCallFrameTracer tracer(&vm, exec)
63
64 #ifndef NDEBUG
65 #define LLINT_SET_PC_FOR_STUBS() do { \
66         exec->codeBlock()->bytecodeOffset(pc); \
67         exec->setCurrentVPC(pc + 1); \
68     } while (false)
69 #else
70 #define LLINT_SET_PC_FOR_STUBS() do { \
71         exec->setCurrentVPC(pc + 1); \
72     } while (false)
73 #endif
74
75 #define LLINT_BEGIN()                           \
76     LLINT_BEGIN_NO_SET_PC();                    \
77     LLINT_SET_PC_FOR_STUBS()
78
79 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
80 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
81
82 #define LLINT_RETURN_TWO(first, second) do {       \
83         return encodeResult(first, second);        \
84     } while (false)
85
86 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0)
87
88 #define LLINT_THROW(exceptionToThrow) do {                        \
89         vm.throwException(exec, exceptionToThrow);                \
90         pc = returnToThrow(exec);                                 \
91         LLINT_END_IMPL();                                         \
92     } while (false)
93
94 #define LLINT_CHECK_EXCEPTION() do {                    \
95         doExceptionFuzzingIfEnabled(exec, "LLIntSlowPaths", pc);    \
96         if (UNLIKELY(vm.exception())) {                 \
97             pc = returnToThrow(exec);                   \
98             LLINT_END_IMPL();                           \
99         }                                               \
100     } while (false)
101
102 #define LLINT_END() do {                        \
103         LLINT_CHECK_EXCEPTION();                \
104         LLINT_END_IMPL();                       \
105     } while (false)
106
107 #define LLINT_BRANCH(opcode, condition) do {                      \
108         bool __b_condition = (condition);                         \
109         LLINT_CHECK_EXCEPTION();                                  \
110         if (__b_condition)                                        \
111             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
112         else                                                      \
113             pc += OPCODE_LENGTH(opcode);                          \
114         LLINT_END_IMPL();                                         \
115     } while (false)
116
117 #define LLINT_RETURN(value) do {                \
118         JSValue __r_returnValue = (value);      \
119         LLINT_CHECK_EXCEPTION();                \
120         LLINT_OP(1) = __r_returnValue;          \
121         LLINT_END_IMPL();                       \
122     } while (false)
123
124 #define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \
125         JSValue __r_returnValue = (value);      \
126         LLINT_CHECK_EXCEPTION();                \
127         LLINT_OP(1) = __r_returnValue;          \
128         pc += (pcAdjustment);                   \
129         LLINT_END_IMPL();                       \
130     } while (false)
131
132 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
133         JSValue __rp_returnValue = (value);                     \
134         LLINT_CHECK_EXCEPTION();                                \
135         LLINT_OP(1) = __rp_returnValue;                         \
136         LLINT_PROFILE_VALUE(opcode, __rp_returnValue);          \
137         LLINT_END_IMPL();                                       \
138     } while (false)
139
140 #define LLINT_PROFILE_VALUE(opcode, value) do { \
141         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
142         JSValue::encode(value);                  \
143     } while (false)
144
145 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
146
147 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
148         ExecState* __ct_exec = (exec);                                  \
149         vm.throwException(__ct_exec, exceptionToThrow);                 \
150         LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
151     } while (false)
152
153 #define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do {               \
154         ExecState* __cce_exec = (exec);                                 \
155         ExecState* __cce_execCallee = (execCallee);                     \
156         doExceptionFuzzingIfEnabled(__cce_exec, "LLIntSlowPaths/call", nullptr); \
157         if (UNLIKELY(vm.exception()))                                   \
158             LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
159     } while (false)
160
161 #define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
162         ExecState* __cr_exec = (exec);                                  \
163         ExecState* __cr_execCallee = (execCallee);                      \
164         void* __cr_callTarget = (callTarget);                           \
165         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
166         LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
167     } while (false)
168
169 #define LLINT_RETURN_CALLEE_FRAME(execCallee) do {                      \
170         ExecState* __rcf_exec = (execCallee);                           \
171         LLINT_RETURN_TWO(pc, __rcf_exec);                               \
172     } while (false)
173
174 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
175 {
176     LLINT_BEGIN();
177     dataLogF("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
178             exec->codeBlock(),
179             exec,
180             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
181             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
182             fromWhere,
183             operand,
184             pc[operand].u.operand);
185     LLINT_END();
186 }
187
188 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
189 {
190     JSValue value = LLINT_OP_C(operand).jsValue();
191     union {
192         struct {
193             uint32_t tag;
194             uint32_t payload;
195         } bits;
196         EncodedJSValue asValue;
197     } u;
198     u.asValue = JSValue::encode(value);
199     dataLogF(
200         "%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
201         exec->codeBlock(),
202         exec,
203         static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
204         exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
205         fromWhere,
206         operand,
207         pc[operand].u.operand,
208         u.bits.tag,
209         u.bits.payload,
210         toCString(value).data());
211     LLINT_END_IMPL();
212 }
213
214 LLINT_SLOW_PATH_DECL(trace_prologue)
215 {
216     dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec);
217     LLINT_END_IMPL();
218 }
219
220 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
221 {
222     JSFunction* callee = jsCast<JSFunction*>(exec->callee());
223     FunctionExecutable* executable = callee->jsExecutable();
224     CodeBlock* codeBlock = executable->codeBlockFor(kind);
225     dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeRegisters = %u, caller = %p.\n",
226             codeBlock, exec, comment, callee, executable,
227             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeRegisters,
228             exec->callerFrame());
229 }
230
231 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
232 {
233     traceFunctionPrologue(exec, "call prologue", CodeForCall);
234     LLINT_END_IMPL();
235 }
236
237 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
238 {
239     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
240     LLINT_END_IMPL();
241 }
242
243 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
244 {
245     traceFunctionPrologue(exec, "call arity check", CodeForCall);
246     LLINT_END_IMPL();
247 }
248
249 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
250 {
251     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
252     LLINT_END_IMPL();
253 }
254
255 LLINT_SLOW_PATH_DECL(trace)
256 {
257     dataLogF("%p / %p: executing bc#%zu, %s, scope %p, pc = %p\n",
258             exec->codeBlock(),
259             exec,
260             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
261             opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)],
262             exec->scope(), pc);
263     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
264         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
265         *bitwise_cast<volatile char*>(exec->returnPC().value());
266     }
267     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
268         dataLogF("Will be returning to %p\n", exec->returnPC().value());
269         dataLogF("The new cfr will be %p\n", exec->callerFrame());
270     }
271     LLINT_END_IMPL();
272 }
273
274 LLINT_SLOW_PATH_DECL(special_trace)
275 {
276     dataLogF("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
277             exec->codeBlock(),
278             exec,
279             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
280             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
281             exec->returnPC().value());
282     LLINT_END_IMPL();
283 }
284
285 enum EntryKind { Prologue, ArityCheck };
286
287 #if ENABLE(JIT)
288 inline bool shouldJIT(ExecState* exec)
289 {
290     // You can modify this to turn off JITting without rebuilding the world.
291     return exec->vm().canUseJIT();
292 }
293
294 // Returns true if we should try to OSR.
295 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
296 {
297     VM& vm = exec->vm();
298     DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all.
299     
300     codeBlock->updateAllValueProfilePredictions();
301     
302     if (!codeBlock->checkIfJITThresholdReached()) {
303         if (Options::verboseOSR())
304             dataLogF("    JIT threshold should be lifted.\n");
305         return false;
306     }
307     
308     switch (codeBlock->jitType()) {
309     case JITCode::BaselineJIT: {
310         if (Options::verboseOSR())
311             dataLogF("    Code was already compiled.\n");
312         codeBlock->jitSoon();
313         return true;
314     }
315     case JITCode::InterpreterThunk: {
316         CompilationResult result = JIT::compile(&vm, codeBlock, JITCompilationCanFail);
317         switch (result) {
318         case CompilationFailed:
319             if (Options::verboseOSR())
320                 dataLogF("    JIT compilation failed.\n");
321             codeBlock->dontJITAnytimeSoon();
322             return false;
323         case CompilationSuccessful:
324             if (Options::verboseOSR())
325                 dataLogF("    JIT compilation successful.\n");
326             codeBlock->install();
327             codeBlock->jitSoon();
328             return true;
329         default:
330             RELEASE_ASSERT_NOT_REACHED();
331             return false;
332         }
333     }
334     default:
335         RELEASE_ASSERT_NOT_REACHED();
336         return false;
337     }
338 }
339
340 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char *name, EntryKind kind)
341 {
342     if (Options::verboseOSR()) {
343         dataLog(
344             *codeBlock, ": Entered ", name, " with executeCounter = ",
345             codeBlock->llintExecuteCounter(), "\n");
346     }
347     
348     if (!shouldJIT(exec)) {
349         codeBlock->dontJITAnytimeSoon();
350         LLINT_RETURN_TWO(0, 0);
351     }
352     if (!jitCompileAndSetHeuristics(codeBlock, exec))
353         LLINT_RETURN_TWO(0, 0);
354     
355     if (kind == Prologue)
356         LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0);
357     ASSERT(kind == ArityCheck);
358     LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(
359         *codeBlock->vm(), codeBlock->ownerExecutable(), MustCheckArity,
360         RegisterPreservationNotRequired).executableAddress(), 0);
361 }
362 #else // ENABLE(JIT)
363 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind)
364 {
365     codeBlock->dontJITAnytimeSoon();
366     LLINT_RETURN_TWO(0, exec);
367 }
368 #endif // ENABLE(JIT)
369
370 LLINT_SLOW_PATH_DECL(entry_osr)
371 {
372     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
373 }
374
375 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
376 {
377     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue);
378 }
379
380 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
381 {
382     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue);
383 }
384
385 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
386 {
387     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck);
388 }
389
390 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
391 {
392     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck);
393 }
394
395 LLINT_SLOW_PATH_DECL(loop_osr)
396 {
397     CodeBlock* codeBlock = exec->codeBlock();
398
399 #if ENABLE(JIT)
400     if (Options::verboseOSR()) {
401         dataLog(
402             *codeBlock, ": Entered loop_osr with executeCounter = ",
403             codeBlock->llintExecuteCounter(), "\n");
404     }
405     
406     if (!shouldJIT(exec)) {
407         codeBlock->dontJITAnytimeSoon();
408         LLINT_RETURN_TWO(0, 0);
409     }
410     
411     if (!jitCompileAndSetHeuristics(codeBlock, exec))
412         LLINT_RETURN_TWO(0, 0);
413     
414     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
415     
416     Vector<BytecodeAndMachineOffset> map;
417     codeBlock->jitCodeMap()->decode(map);
418     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
419     ASSERT(mapping);
420     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
421     
422     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
423     ASSERT(jumpTarget);
424     
425     LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame());
426 #else // ENABLE(JIT)
427     UNUSED_PARAM(pc);
428     codeBlock->dontJITAnytimeSoon();
429     LLINT_RETURN_TWO(0, 0);
430 #endif // ENABLE(JIT)
431 }
432
433 LLINT_SLOW_PATH_DECL(replace)
434 {
435     CodeBlock* codeBlock = exec->codeBlock();
436
437 #if ENABLE(JIT)
438     if (Options::verboseOSR()) {
439         dataLog(
440             *codeBlock, ": Entered replace with executeCounter = ",
441             codeBlock->llintExecuteCounter(), "\n");
442     }
443     
444     if (shouldJIT(exec))
445         jitCompileAndSetHeuristics(codeBlock, exec);
446     else
447         codeBlock->dontJITAnytimeSoon();
448     LLINT_END_IMPL();
449 #else // ENABLE(JIT)
450     codeBlock->dontJITAnytimeSoon();
451     LLINT_END_IMPL();
452 #endif // ENABLE(JIT)
453 }
454
455 LLINT_SLOW_PATH_DECL(stack_check)
456 {
457     LLINT_BEGIN();
458 #if LLINT_SLOW_PATH_TRACING
459     dataLogF("Checking stack height with exec = %p.\n", exec);
460     dataLogF("CodeBlock = %p.\n", exec->codeBlock());
461     dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeRegisters);
462     dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars);
463
464 #if ENABLE(LLINT_C_LOOP)
465     dataLogF("Current end is at %p.\n", exec->vm().jsStackLimit());
466 #else
467     dataLogF("Current end is at %p.\n", exec->vm().stackLimit());
468 #endif
469
470 #endif
471     // This stack check is done in the prologue for a function call, and the
472     // CallFrame is not completely set up yet. For example, if the frame needs
473     // a lexical environment object, the lexical environment object will only be
474     // set up after we start executing the function. If we need to throw a
475     // StackOverflowError here, then we need to tell the prologue to start the
476     // stack unwinding from the caller frame (which is fully set up) instead.
477     // To do that, we return the caller's CallFrame in the second return value.
478     //
479     // If the stack check succeeds and we don't need to throw the error, then
480     // we'll return 0 instead. The prologue will check for a non-zero value
481     // when determining whether to set the callFrame or not.
482
483     // For JIT enabled builds which uses the C stack, the stack is not growable.
484     // Hence, if we get here, then we know a stack overflow is imminent. So, just
485     // throw the StackOverflowError unconditionally.
486 #if !ENABLE(JIT)
487     ASSERT(!vm.interpreter->stack().containsAddress(exec->topOfFrame()));
488     if (LIKELY(vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
489         LLINT_RETURN_TWO(pc, 0);
490 #endif
491
492     exec = exec->callerFrame();
493     vm.topCallFrame = exec;
494     ErrorHandlingScope errorScope(vm);
495     CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
496     pc = returnToThrowForThrownException(exec);
497     LLINT_RETURN_TWO(pc, exec);
498 }
499
500 LLINT_SLOW_PATH_DECL(slow_path_create_lexical_environment)
501 {
502     LLINT_BEGIN();
503 #if LLINT_SLOW_PATH_TRACING
504     dataLogF("Creating an lexicalEnvironment, exec = %p!\n", exec);
505 #endif
506     JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->codeBlock());
507     exec->setScope(lexicalEnvironment);
508     LLINT_RETURN(JSValue(lexicalEnvironment));
509 }
510
511 LLINT_SLOW_PATH_DECL(slow_path_new_object)
512 {
513     LLINT_BEGIN();
514     LLINT_RETURN(constructEmptyObject(exec, pc[3].u.objectAllocationProfile->structure()));
515 }
516
517 LLINT_SLOW_PATH_DECL(slow_path_new_array)
518 {
519     LLINT_BEGIN();
520     LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
521 }
522
523 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
524 {
525     LLINT_BEGIN();
526     LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
527 }
528
529 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
530 {
531     LLINT_BEGIN();
532     LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
533 }
534
535 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
536 {
537     LLINT_BEGIN();
538     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
539     if (!regExp->isValid())
540         LLINT_THROW(createSyntaxError(exec, "Invalid flag supplied to RegExp constructor."));
541     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
542 }
543
544 LLINT_SLOW_PATH_DECL(slow_path_check_has_instance)
545 {
546     LLINT_BEGIN();
547     
548     JSValue value = LLINT_OP_C(2).jsValue();
549     JSValue baseVal = LLINT_OP_C(3).jsValue();
550     if (baseVal.isObject()) {
551         JSObject* baseObject = asObject(baseVal);
552         ASSERT(!baseObject->structure()->typeInfo().implementsDefaultHasInstance());
553         if (baseObject->structure()->typeInfo().implementsHasInstance()) {
554             JSValue result = jsBoolean(baseObject->methodTable()->customHasInstance(baseObject, exec, value));
555             LLINT_RETURN_WITH_PC_ADJUSTMENT(result, pc[4].u.operand);
556         }
557     }
558     LLINT_THROW(createInvalidParameterError(exec, "instanceof", baseVal));
559 }
560
561 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
562 {
563     LLINT_BEGIN();
564     JSValue value = LLINT_OP_C(2).jsValue();
565     JSValue proto = LLINT_OP_C(3).jsValue();
566     ASSERT(!value.isObject() || !proto.isObject());
567     LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
568 }
569
570 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
571 {
572     LLINT_BEGIN();
573     CodeBlock* codeBlock = exec->codeBlock();
574     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
575     JSValue baseValue = LLINT_OP_C(2).jsValue();
576     PropertySlot slot(baseValue);
577
578     JSValue result = baseValue.get(exec, ident, slot);
579     LLINT_CHECK_EXCEPTION();
580     LLINT_OP(1) = result;
581     
582     if (!LLINT_ALWAYS_ACCESS_SLOW
583         && baseValue.isCell()
584         && slot.isCacheable()
585         && slot.slotBase() == baseValue
586         && slot.isCacheableValue()) {
587         
588         JSCell* baseCell = baseValue.asCell();
589         Structure* structure = baseCell->structure();
590         
591         if (!structure->isUncacheableDictionary()
592             && !structure->typeInfo().prohibitsPropertyCaching()
593             && !structure->typeInfo().newImpurePropertyFiresWatchpoints()) {
594             ConcurrentJITLocker locker(codeBlock->m_lock);
595
596             pc[4].u.structure.set(
597                 vm, codeBlock->ownerExecutable(), structure);
598             if (isInlineOffset(slot.cachedOffset())) {
599                 pc[0].u.opcode = LLInt::getOpcode(op_get_by_id);
600                 pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage();
601             } else {
602                 pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_out_of_line);
603                 pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue);
604             }
605         }
606     }
607
608     if (!LLINT_ALWAYS_ACCESS_SLOW
609         && isJSArray(baseValue)
610         && ident == exec->propertyNames().length) {
611         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
612         ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
613         arrayProfile->observeStructure(baseValue.asCell()->structure());
614         pc[4].u.arrayProfile = arrayProfile;
615     }
616
617     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
618     LLINT_END();
619 }
620
621 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
622 {
623     LLINT_BEGIN();
624     CodeBlock* codeBlock = exec->codeBlock();
625     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
626     JSValue baseValue = LLINT_OP(2).jsValue();
627     PropertySlot slot(baseValue);
628     LLINT_RETURN(baseValue.get(exec, ident, slot));
629 }
630
631 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
632 {
633     LLINT_BEGIN();
634     CodeBlock* codeBlock = exec->codeBlock();
635     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
636     
637     JSValue baseValue = LLINT_OP_C(1).jsValue();
638     PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext());
639     if (pc[8].u.operand)
640         asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot);
641     else
642         baseValue.put(exec, ident, LLINT_OP_C(3).jsValue(), slot);
643     LLINT_CHECK_EXCEPTION();
644     
645     if (!LLINT_ALWAYS_ACCESS_SLOW
646         && baseValue.isCell()
647         && slot.isCacheablePut()) {
648         
649         JSCell* baseCell = baseValue.asCell();
650         Structure* structure = baseCell->structure();
651         
652         if (!structure->isUncacheableDictionary()
653             && !structure->typeInfo().prohibitsPropertyCaching()
654             && baseCell == slot.base()) {
655             
656             if (slot.type() == PutPropertySlot::NewProperty) {
657                 GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap);
658             
659                 if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) {
660                     ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
661                     
662                     // This is needed because some of the methods we call
663                     // below may GC.
664                     pc[0].u.opcode = LLInt::getOpcode(op_put_by_id);
665
666                     if (normalizePrototypeChain(exec, baseCell) != InvalidPrototypeChain) {
667                         ASSERT(structure->previousID()->isObject());
668                         pc[4].u.structure.set(
669                             vm, codeBlock->ownerExecutable(), structure->previousID());
670                         if (isInlineOffset(slot.cachedOffset()))
671                             pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage();
672                         else
673                             pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue);
674                         pc[6].u.structure.set(
675                             vm, codeBlock->ownerExecutable(), structure);
676                         StructureChain* chain = structure->prototypeChain(exec);
677                         ASSERT(chain);
678                         pc[7].u.structureChain.set(
679                             vm, codeBlock->ownerExecutable(), chain);
680                     
681                         if (pc[8].u.operand) {
682                             if (isInlineOffset(slot.cachedOffset()))
683                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_direct);
684                             else
685                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_direct_out_of_line);
686                         } else {
687                             if (isInlineOffset(slot.cachedOffset()))
688                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_normal);
689                             else
690                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_normal_out_of_line);
691                         }
692                     }
693                 }
694             } else {
695                 structure->didCachePropertyReplacement(vm, slot.cachedOffset());
696                 pc[4].u.structure.set(
697                     vm, codeBlock->ownerExecutable(), structure);
698                 if (isInlineOffset(slot.cachedOffset())) {
699                     pc[0].u.opcode = LLInt::getOpcode(op_put_by_id);
700                     pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage();
701                 } else {
702                     pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_out_of_line);
703                     pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue);
704                 }
705             }
706         }
707     }
708     
709     LLINT_END();
710 }
711
712 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
713 {
714     LLINT_BEGIN();
715     CodeBlock* codeBlock = exec->codeBlock();
716     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
717     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
718     LLINT_CHECK_EXCEPTION();
719     if (!couldDelete && codeBlock->isStrictMode())
720         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
721     LLINT_RETURN(jsBoolean(couldDelete));
722 }
723
724 inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
725 {
726     if (LIKELY(baseValue.isCell() && subscript.isString())) {
727         VM& vm = exec->vm();
728         Structure& structure = *baseValue.asCell()->structure(vm);
729         if (JSCell::canUseFastGetOwnProperty(structure)) {
730             if (AtomicStringImpl* existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) {
731                 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString))
732                     return result;
733             }
734         }
735     }
736     
737     if (subscript.isUInt32()) {
738         uint32_t i = subscript.asUInt32();
739         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
740             return asString(baseValue)->getIndex(exec, i);
741         
742         return baseValue.get(exec, i);
743     }
744
745     if (isName(subscript))
746         return baseValue.get(exec, jsCast<NameInstance*>(subscript.asCell())->privateName());
747     
748     Identifier property = subscript.toString(exec)->toIdentifier(exec);
749     return baseValue.get(exec, property);
750 }
751
752 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
753 {
754     LLINT_BEGIN();
755     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
756 }
757
758 LLINT_SLOW_PATH_DECL(slow_path_get_argument_by_val)
759 {
760     LLINT_BEGIN();
761     JSValue arguments = LLINT_OP(2).jsValue();
762     if (!arguments) {
763         arguments = Arguments::create(vm, exec);
764         LLINT_CHECK_EXCEPTION();
765         LLINT_OP(2) = arguments;
766         exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[2].u.operand)).offset()) = arguments;
767     }
768     
769     LLINT_RETURN_PROFILED(op_get_argument_by_val, getByVal(exec, arguments, LLINT_OP_C(3).jsValue()));
770 }
771
772 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
773 {
774     LLINT_BEGIN();
775     
776     JSValue baseValue = LLINT_OP_C(1).jsValue();
777     JSValue subscript = LLINT_OP_C(2).jsValue();
778     JSValue value = LLINT_OP_C(3).jsValue();
779     
780     if (LIKELY(subscript.isUInt32())) {
781         uint32_t i = subscript.asUInt32();
782         if (baseValue.isObject()) {
783             JSObject* object = asObject(baseValue);
784             if (object->canSetIndexQuickly(i))
785                 object->setIndexQuickly(vm, i, value);
786             else
787                 object->methodTable()->putByIndex(object, exec, i, value, exec->codeBlock()->isStrictMode());
788             LLINT_END();
789         }
790         baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode());
791         LLINT_END();
792     }
793
794     if (isName(subscript)) {
795         PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
796         baseValue.put(exec, jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot);
797         LLINT_END();
798     }
799
800     Identifier property = subscript.toString(exec)->toIdentifier(exec);
801     LLINT_CHECK_EXCEPTION();
802     PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
803     baseValue.put(exec, property, value, slot);
804     LLINT_END();
805 }
806
807 LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct)
808 {
809     LLINT_BEGIN();
810     
811     JSValue baseValue = LLINT_OP_C(1).jsValue();
812     JSValue subscript = LLINT_OP_C(2).jsValue();
813     JSValue value = LLINT_OP_C(3).jsValue();
814     RELEASE_ASSERT(baseValue.isObject());
815     JSObject* baseObject = asObject(baseValue);
816     if (LIKELY(subscript.isUInt32())) {
817         uint32_t i = subscript.asUInt32();
818         baseObject->putDirectIndex(exec, i, value);
819     } else if (isName(subscript)) {
820         PutPropertySlot slot(baseObject, exec->codeBlock()->isStrictMode());
821         baseObject->putDirect(exec->vm(), jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot);
822     } else {
823         Identifier property = subscript.toString(exec)->toIdentifier(exec);
824         if (!exec->vm().exception()) { // Don't put to an object if toString threw an exception.
825             PutPropertySlot slot(baseObject, exec->codeBlock()->isStrictMode());
826             baseObject->putDirect(exec->vm(), property, value, slot);
827         }
828     }
829     LLINT_END();
830 }
831
832 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
833 {
834     LLINT_BEGIN();
835     JSValue baseValue = LLINT_OP_C(2).jsValue();
836     JSObject* baseObject = baseValue.toObject(exec);
837     
838     JSValue subscript = LLINT_OP_C(3).jsValue();
839     
840     bool couldDelete;
841     
842     uint32_t i;
843     if (subscript.getUInt32(i))
844         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
845     else if (isName(subscript))
846         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, jsCast<NameInstance*>(subscript.asCell())->privateName());
847     else {
848         LLINT_CHECK_EXCEPTION();
849         Identifier property = subscript.toString(exec)->toIdentifier(exec);
850         LLINT_CHECK_EXCEPTION();
851         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
852     }
853     
854     if (!couldDelete && exec->codeBlock()->isStrictMode())
855         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
856     
857     LLINT_RETURN(jsBoolean(couldDelete));
858 }
859
860 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
861 {
862     LLINT_BEGIN();
863     JSValue arrayValue = LLINT_OP_C(1).jsValue();
864     ASSERT(isJSArray(arrayValue));
865     asArray(arrayValue)->putDirectIndex(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
866     LLINT_END();
867 }
868
869 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter)
870 {
871     LLINT_BEGIN();
872     ASSERT(LLINT_OP(1).jsValue().isObject());
873     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
874     
875     GetterSetter* accessor = GetterSetter::create(vm);
876     LLINT_CHECK_EXCEPTION();
877     
878     JSValue getter = LLINT_OP(3).jsValue();
879     JSValue setter = LLINT_OP(4).jsValue();
880     ASSERT(getter.isObject() || getter.isUndefined());
881     ASSERT(setter.isObject() || setter.isUndefined());
882     ASSERT(getter.isObject() || setter.isObject());
883     
884     if (!getter.isUndefined())
885         accessor->setGetter(vm, asObject(getter));
886     if (!setter.isUndefined())
887         accessor->setSetter(vm, asObject(setter));
888     baseObj->putDirectAccessor(
889         exec,
890         exec->codeBlock()->identifier(pc[2].u.operand),
891         accessor, Accessor);
892     LLINT_END();
893 }
894
895 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
896 {
897     LLINT_BEGIN();
898     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
899 }
900
901 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
902 {
903     LLINT_BEGIN();
904     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
905 }
906
907 LLINT_SLOW_PATH_DECL(slow_path_jless)
908 {
909     LLINT_BEGIN();
910     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
911 }
912
913 LLINT_SLOW_PATH_DECL(slow_path_jnless)
914 {
915     LLINT_BEGIN();
916     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
917 }
918
919 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
920 {
921     LLINT_BEGIN();
922     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
923 }
924
925 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
926 {
927     LLINT_BEGIN();
928     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
929 }
930
931 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
932 {
933     LLINT_BEGIN();
934     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
935 }
936
937 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
938 {
939     LLINT_BEGIN();
940     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
941 }
942
943 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
944 {
945     LLINT_BEGIN();
946     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
947 }
948
949 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
950 {
951     LLINT_BEGIN();
952     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
953 }
954
955 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
956 {
957     LLINT_BEGIN();
958     JSValue scrutinee = LLINT_OP_C(3).jsValue();
959     ASSERT(scrutinee.isDouble());
960     double value = scrutinee.asDouble();
961     int32_t intValue = static_cast<int32_t>(value);
962     int defaultOffset = pc[2].u.operand;
963     if (value == intValue) {
964         CodeBlock* codeBlock = exec->codeBlock();
965         pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
966     } else
967         pc += defaultOffset;
968     LLINT_END();
969 }
970
971 LLINT_SLOW_PATH_DECL(slow_path_switch_char)
972 {
973     LLINT_BEGIN();
974     JSValue scrutinee = LLINT_OP_C(3).jsValue();
975     ASSERT(scrutinee.isString());
976     JSString* string = asString(scrutinee);
977     ASSERT(string->length() == 1);
978     int defaultOffset = pc[2].u.operand;
979     StringImpl* impl = string->value(exec).impl();
980     CodeBlock* codeBlock = exec->codeBlock();
981     pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
982     LLINT_END();
983 }
984
985 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
986 {
987     LLINT_BEGIN();
988     JSValue scrutinee = LLINT_OP_C(3).jsValue();
989     int defaultOffset = pc[2].u.operand;
990     if (!scrutinee.isString())
991         pc += defaultOffset;
992     else {
993         CodeBlock* codeBlock = exec->codeBlock();
994         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
995     }
996     LLINT_END();
997 }
998
999 LLINT_SLOW_PATH_DECL(slow_path_new_func)
1000 {
1001     LLINT_BEGIN();
1002     CodeBlock* codeBlock = exec->codeBlock();
1003     ASSERT(codeBlock->codeType() != FunctionCode || !codeBlock->needsActivation() || exec->hasActivation());
1004 #if LLINT_SLOW_PATH_TRACING
1005     dataLogF("Creating function!\n");
1006 #endif
1007     LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[2].u.operand), exec->scope()));
1008 }
1009
1010 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1011 {
1012     LLINT_BEGIN();
1013     CodeBlock* codeBlock = exec->codeBlock();
1014     FunctionExecutable* function = codeBlock->functionExpr(pc[2].u.operand);
1015     JSFunction* func = JSFunction::create(vm, function, exec->scope());
1016     
1017     LLINT_RETURN(func);
1018 }
1019
1020 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1021 {
1022     UNUSED_PARAM(pc);
1023
1024 #if LLINT_SLOW_PATH_TRACING
1025     dataLog("Performing host call.\n");
1026 #endif
1027     
1028     ExecState* exec = execCallee->callerFrame();
1029     VM& vm = exec->vm();
1030
1031     execCallee->setScope(exec->scope());
1032     execCallee->setCodeBlock(0);
1033     execCallee->clearReturnPC();
1034
1035     if (kind == CodeForCall) {
1036         CallData callData;
1037         CallType callType = getCallData(callee, callData);
1038     
1039         ASSERT(callType != CallTypeJS);
1040     
1041         if (callType == CallTypeHost) {
1042             NativeCallFrameTracer tracer(&vm, execCallee);
1043             execCallee->setCallee(asObject(callee));
1044             vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1045             
1046             LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1047         }
1048         
1049 #if LLINT_SLOW_PATH_TRACING
1050         dataLog("Call callee is not a function: ", callee, "\n");
1051 #endif
1052
1053         ASSERT(callType == CallTypeNone);
1054         LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee));
1055     }
1056
1057     ASSERT(kind == CodeForConstruct);
1058     
1059     ConstructData constructData;
1060     ConstructType constructType = getConstructData(callee, constructData);
1061     
1062     ASSERT(constructType != ConstructTypeJS);
1063     
1064     if (constructType == ConstructTypeHost) {
1065         NativeCallFrameTracer tracer(&vm, execCallee);
1066         execCallee->setCallee(asObject(callee));
1067         vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1068
1069         LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1070     }
1071     
1072 #if LLINT_SLOW_PATH_TRACING
1073     dataLog("Constructor callee is not a function: ", callee, "\n");
1074 #endif
1075
1076     ASSERT(constructType == ConstructTypeNone);
1077     LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1078 }
1079
1080 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1081 {
1082     ExecState* exec = execCallee->callerFrame();
1083
1084 #if LLINT_SLOW_PATH_TRACING
1085     dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC());
1086 #endif
1087     
1088     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1089     if (!calleeAsFunctionCell)
1090         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1091     
1092     JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
1093     JSScope* scope = callee->scopeUnchecked();
1094     VM& vm = *scope->vm();
1095     execCallee->setScope(scope);
1096     ExecutableBase* executable = callee->executable();
1097     
1098     MacroAssemblerCodePtr codePtr;
1099     CodeBlock* codeBlock = 0;
1100     if (executable->isHostFunction())
1101         codePtr = executable->entrypointFor(vm, kind, MustCheckArity, RegisterPreservationNotRequired);
1102     else {
1103         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1104         JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
1105         execCallee->setScope(scope);
1106         if (error)
1107             LLINT_CALL_THROW(exec, error);
1108         codeBlock = functionExecutable->codeBlockFor(kind);
1109         ASSERT(codeBlock);
1110         ArityCheckMode arity;
1111         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1112             arity = MustCheckArity;
1113         else
1114             arity = ArityCheckNotRequired;
1115         codePtr = functionExecutable->entrypointFor(vm, kind, arity, RegisterPreservationNotRequired);
1116     }
1117     
1118     ASSERT(!!codePtr);
1119     
1120     if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) {
1121         CodeBlock* callerCodeBlock = exec->codeBlock();
1122
1123         ConcurrentJITLocker locker(callerCodeBlock->m_lock);
1124         
1125         if (callLinkInfo->isOnList())
1126             callLinkInfo->remove();
1127         callLinkInfo->callee.set(vm, callerCodeBlock->ownerExecutable(), callee);
1128         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock->ownerExecutable(), callee);
1129         callLinkInfo->machineCodeTarget = codePtr;
1130         if (codeBlock)
1131             codeBlock->linkIncomingCall(exec, callLinkInfo);
1132     }
1133
1134     LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
1135 }
1136
1137 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1138 {
1139     // This needs to:
1140     // - Set up a call frame.
1141     // - Figure out what to call and compile it if necessary.
1142     // - If possible, link the call's inline cache.
1143     // - Return a tuple of machine code address to call and the new call frame.
1144     
1145     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1146     
1147     ExecState* execCallee = exec - pc[4].u.operand;
1148     
1149     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1150     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1151     execCallee->setCallerFrame(exec);
1152     
1153     ASSERT(pc[5].u.callLinkInfo);
1154     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[5].u.callLinkInfo);
1155 }
1156
1157 LLINT_SLOW_PATH_DECL(slow_path_call)
1158 {
1159     LLINT_BEGIN_NO_SET_PC();
1160     return genericCall(exec, pc, CodeForCall);
1161 }
1162
1163 LLINT_SLOW_PATH_DECL(slow_path_construct)
1164 {
1165     LLINT_BEGIN_NO_SET_PC();
1166     return genericCall(exec, pc, CodeForConstruct);
1167 }
1168
1169 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs)
1170 {
1171     LLINT_BEGIN();
1172     // This needs to:
1173     // - Set up a call frame while respecting the variable arguments.
1174     
1175     ExecState* execCallee = sizeFrameForVarargs(exec, &vm.interpreter->stack(),
1176         LLINT_OP_C(4).jsValue(), pc[5].u.operand, pc[6].u.operand);
1177     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1178     
1179     vm.newCallFrameReturnValue = execCallee;
1180
1181     LLINT_RETURN_CALLEE_FRAME(execCallee);
1182 }
1183
1184 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1185 {
1186     LLINT_BEGIN_NO_SET_PC();
1187     // This needs to:
1188     // - Figure out what to call and compile it if necessary.
1189     // - Return a tuple of machine code address to call and the new call frame.
1190     
1191     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1192     
1193     ExecState* execCallee = vm.newCallFrameReturnValue;
1194
1195     loadVarargs(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand);
1196     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1197     
1198     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1199     execCallee->setCallerFrame(exec);
1200     exec->setCurrentVPC(pc);
1201     
1202     return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1203 }
1204     
1205 LLINT_SLOW_PATH_DECL(slow_path_construct_varargs)
1206 {
1207     LLINT_BEGIN_NO_SET_PC();
1208     // This needs to:
1209     // - Figure out what to call and compile it if necessary.
1210     // - Return a tuple of machine code address to call and the new call frame.
1211     
1212     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1213     
1214     ExecState* execCallee = vm.newCallFrameReturnValue;
1215     
1216     loadVarargs(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand);
1217     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1218     
1219     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1220     execCallee->setCallerFrame(exec);
1221     exec->setCurrentVPC(pc);
1222     
1223     return setUpCall(execCallee, pc, CodeForConstruct, calleeAsValue);
1224 }
1225     
1226 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1227 {
1228     LLINT_BEGIN_NO_SET_PC();
1229     JSValue calleeAsValue = LLINT_OP(2).jsValue();
1230     
1231     ExecState* execCallee = exec - pc[4].u.operand;
1232     
1233     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1234     execCallee->setCallerFrame(exec);
1235     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1236     execCallee->setScope(exec->scope());
1237     execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
1238     execCallee->setCodeBlock(0);
1239     exec->setCurrentVPC(pc);
1240     
1241     if (!isHostFunction(calleeAsValue, globalFuncEval))
1242         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1243     
1244     vm.hostCallReturnValue = eval(execCallee);
1245     LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1246 }
1247
1248 LLINT_SLOW_PATH_DECL(slow_path_tear_off_lexical_environment)
1249 {
1250     LLINT_BEGIN();
1251     ASSERT(exec->codeBlock()->needsActivation());
1252     jsCast<JSLexicalEnvironment*>(LLINT_OP(1).jsValue())->tearOff(vm);
1253     LLINT_END();
1254 }
1255
1256 LLINT_SLOW_PATH_DECL(slow_path_tear_off_arguments)
1257 {
1258     LLINT_BEGIN();
1259     ASSERT(exec->codeBlock()->usesArguments());
1260     Arguments* arguments = jsCast<Arguments*>(exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[1].u.operand)).offset()).jsValue());
1261     if (JSValue activationValue = LLINT_OP_C(2).jsValue())
1262         arguments->didTearOffActivation(exec, jsCast<JSLexicalEnvironment*>(activationValue));
1263     else
1264         arguments->tearOff(exec);
1265     LLINT_END();
1266 }
1267
1268 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1269 {
1270     LLINT_BEGIN();
1271     LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand));
1272 }
1273
1274 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1275 {
1276     LLINT_BEGIN();
1277     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1278 }
1279
1280 LLINT_SLOW_PATH_DECL(slow_path_push_with_scope)
1281 {
1282     LLINT_BEGIN();
1283     JSValue v = LLINT_OP_C(1).jsValue();
1284     JSObject* o = v.toObject(exec);
1285     LLINT_CHECK_EXCEPTION();
1286     
1287     exec->setScope(JSWithScope::create(exec, o));
1288     
1289     LLINT_END();
1290 }
1291
1292 LLINT_SLOW_PATH_DECL(slow_path_pop_scope)
1293 {
1294     LLINT_BEGIN();
1295     exec->setScope(exec->scope()->next());
1296     LLINT_END();
1297 }
1298
1299 LLINT_SLOW_PATH_DECL(slow_path_push_name_scope)
1300 {
1301     LLINT_BEGIN();
1302     CodeBlock* codeBlock = exec->codeBlock();
1303     JSNameScope* scope = JSNameScope::create(exec, codeBlock->identifier(pc[1].u.operand), LLINT_OP(2).jsValue(), pc[3].u.operand);
1304     exec->setScope(scope);
1305     LLINT_END();
1306 }
1307
1308 LLINT_SLOW_PATH_DECL(slow_path_throw)
1309 {
1310     LLINT_BEGIN();
1311     LLINT_THROW(LLINT_OP_C(1).jsValue());
1312 }
1313
1314 LLINT_SLOW_PATH_DECL(slow_path_throw_static_error)
1315 {
1316     LLINT_BEGIN();
1317     if (pc[2].u.operand)
1318         LLINT_THROW(createReferenceError(exec, errorDescriptionForValue(exec, LLINT_OP_C(1).jsValue())->value(exec)));
1319     else
1320         LLINT_THROW(createTypeError(exec, errorDescriptionForValue(exec, LLINT_OP_C(1).jsValue())->value(exec)));
1321 }
1322
1323 LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)
1324 {
1325     LLINT_BEGIN_NO_SET_PC();
1326     ASSERT(vm.watchdog);
1327     if (UNLIKELY(vm.watchdog->didFire(exec)))
1328         LLINT_THROW(createTerminatedExecutionException(&vm));
1329     LLINT_RETURN_TWO(0, exec);
1330 }
1331
1332 LLINT_SLOW_PATH_DECL(slow_path_debug)
1333 {
1334     LLINT_BEGIN();
1335     int debugHookID = pc[1].u.operand;
1336     vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID));
1337     
1338     LLINT_END();
1339 }
1340
1341 LLINT_SLOW_PATH_DECL(slow_path_profile_will_call)
1342 {
1343     LLINT_BEGIN();
1344     if (LegacyProfiler* profiler = vm.enabledProfiler())
1345         profiler->willExecute(exec, LLINT_OP(1).jsValue());
1346     LLINT_END();
1347 }
1348
1349 LLINT_SLOW_PATH_DECL(slow_path_profile_did_call)
1350 {
1351     LLINT_BEGIN();
1352     if (LegacyProfiler* profiler = vm.enabledProfiler())
1353         profiler->didExecute(exec, LLINT_OP(1).jsValue());
1354     LLINT_END();
1355 }
1356
1357 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
1358 {
1359     LLINT_BEGIN_NO_SET_PC();
1360     ASSERT(vm.exception());
1361     genericUnwind(&vm, exec, vm.exception());
1362     LLINT_END_IMPL();
1363 }
1364
1365 LLINT_SLOW_PATH_DECL(slow_path_resolve_scope)
1366 {
1367     LLINT_BEGIN();
1368     const Identifier& ident = exec->codeBlock()->identifier(pc[2].u.operand);
1369     LLINT_RETURN(JSScope::resolve(exec, exec->scope(), ident));
1370 }
1371
1372 LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
1373 {
1374     LLINT_BEGIN();
1375
1376     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
1377     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
1378     ResolveModeAndType modeAndType(pc[4].u.operand);
1379
1380     PropertySlot slot(scope);
1381     if (!scope->getPropertySlot(exec, ident, slot)) {
1382         if (modeAndType.mode() == ThrowIfNotFound)
1383             LLINT_RETURN(exec->vm().throwException(exec, createUndefinedVariableError(exec, ident)));
1384         LLINT_RETURN(jsUndefined());
1385     }
1386
1387     // Covers implicit globals. Since they don't exist until they first execute, we didn't know how to cache them at compile time.
1388     if (slot.isCacheableValue() && slot.slotBase() == scope && scope->structure()->propertyAccessesAreCacheable()) {
1389         if (modeAndType.type() == GlobalProperty || modeAndType.type() == GlobalPropertyWithVarInjectionChecks) {
1390             CodeBlock* codeBlock = exec->codeBlock();
1391             Structure* structure = scope->structure(vm);
1392             {
1393                 ConcurrentJITLocker locker(codeBlock->m_lock);
1394                 pc[5].u.structure.set(exec->vm(), codeBlock->ownerExecutable(), structure);
1395                 pc[6].u.operand = slot.cachedOffset();
1396             }
1397             structure->startWatchingPropertyForReplacements(vm, slot.cachedOffset());
1398         }
1399     }
1400
1401     LLINT_RETURN(slot.getValue(exec, ident));
1402 }
1403
1404 LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
1405 {
1406     LLINT_BEGIN();
1407
1408     CodeBlock* codeBlock = exec->codeBlock();
1409     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
1410     JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue());
1411     JSValue value = LLINT_OP_C(3).jsValue();
1412     ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand);
1413
1414     if (modeAndType.mode() == ThrowIfNotFound && !scope->hasProperty(exec, ident))
1415         LLINT_THROW(createUndefinedVariableError(exec, ident));
1416
1417     PutPropertySlot slot(scope, codeBlock->isStrictMode());
1418     scope->methodTable()->put(scope, exec, ident, value, slot);
1419     
1420     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, modeAndType, slot);
1421
1422     LLINT_END();
1423 }
1424
1425 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame)
1426 {
1427     ExecState* exec = vm->topCallFrame;
1428     if (!exec)
1429         exec = protoFrame->scope()->globalObject()->globalExec();
1430     throwStackOverflowError(exec);
1431     return encodeResult(0, 0);
1432 }
1433
1434 #if !ENABLE(JIT)
1435 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
1436 {
1437     bool success = vm->interpreter->stack().ensureCapacityFor(newTopOfStack);
1438     return encodeResult(reinterpret_cast<void*>(success), 0);
1439 }
1440 #endif
1441
1442 extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell)
1443 {
1444     VM& vm = exec->vm();
1445     vm.heap.writeBarrier(cell);
1446 }
1447
1448 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash()
1449 {
1450     CRASH();
1451 }
1452
1453 } } // namespace JSC::LLInt