3203d25d2ffd12fad2d25bbb770ad31e7733f9f9
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28
29 #if ENABLE(LLINT)
30
31 #include "Arguments.h"
32 #include "CallFrame.h"
33 #include "CommonSlowPaths.h"
34 #include "GetterSetter.h"
35 #include "HostCallReturnValue.h"
36 #include "Interpreter.h"
37 #include "JIT.h"
38 #include "JITDriver.h"
39 #include "JSActivation.h"
40 #include "JSByteArray.h"
41 #include "JSGlobalObjectFunctions.h"
42 #include "JSPropertyNameIterator.h"
43 #include "JSStaticScopeObject.h"
44 #include "JSString.h"
45 #include "JSValue.h"
46 #include "LLIntCommon.h"
47 #include "LLIntExceptions.h"
48 #include "LowLevelInterpreter.h"
49 #include "Operations.h"
50
51 namespace JSC { namespace LLInt {
52
53 #define LLINT_BEGIN_NO_SET_PC() \
54     JSGlobalData& globalData = exec->globalData();      \
55     NativeCallFrameTracer tracer(&globalData, exec)
56
57 #define LLINT_SET_PC_FOR_STUBS() \
58     exec->setCurrentVPC(pc + 1)
59
60 #define LLINT_BEGIN()                           \
61     LLINT_BEGIN_NO_SET_PC();                    \
62     LLINT_SET_PC_FOR_STUBS()
63
64 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
65 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
66
67 #define LLINT_RETURN_TWO(first, second) do {       \
68         union {                                    \
69             struct {                               \
70                 void* a;                           \
71                 void* b;                           \
72             } pair;                                \
73             int64_t i;                             \
74         } __rt_u;                                  \
75         __rt_u.pair.a = first;                     \
76         __rt_u.pair.b = second;                    \
77         return __rt_u.i;                           \
78     } while (false)
79
80 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, exec)
81
82 #define LLINT_THROW(exceptionToThrow) do {                        \
83         globalData.exception = (exceptionToThrow);                \
84         pc = returnToThrow(exec, pc);                             \
85         LLINT_END_IMPL();                                         \
86     } while (false)
87
88 #define LLINT_CHECK_EXCEPTION() do {                    \
89         if (UNLIKELY(globalData.exception)) {           \
90             pc = returnToThrow(exec, pc);               \
91             LLINT_END_IMPL();                           \
92         }                                               \
93     } while (false)
94
95 #define LLINT_END() do {                        \
96         LLINT_CHECK_EXCEPTION();                \
97         LLINT_END_IMPL();                       \
98     } while (false)
99
100 #define LLINT_BRANCH(opcode, condition) do {                      \
101         bool __b_condition = (condition);                         \
102         LLINT_CHECK_EXCEPTION();                                  \
103         if (__b_condition)                                        \
104             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
105         else                                                      \
106             pc += OPCODE_LENGTH(opcode);                          \
107         LLINT_END_IMPL();                                         \
108     } while (false)
109
110 #define LLINT_RETURN(value) do {                \
111         JSValue __r_returnValue = (value);      \
112         LLINT_CHECK_EXCEPTION();                \
113         LLINT_OP(1) = __r_returnValue;          \
114         LLINT_END_IMPL();                       \
115     } while (false)
116
117 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
118         JSValue __rp_returnValue = (value);                     \
119         LLINT_CHECK_EXCEPTION();                                \
120         LLINT_OP(1) = __rp_returnValue;                         \
121         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
122             JSValue::encode(__rp_returnValue);                  \
123         LLINT_END_IMPL();                                       \
124     } while (false)
125
126 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
127
128 #define LLINT_CALL_THROW(exec, pc, exceptionToThrow) do {               \
129         ExecState* __ct_exec = (exec);                                  \
130         Instruction* __ct_pc = (pc);                                    \
131         globalData.exception = (exceptionToThrow);                      \
132         LLINT_CALL_END_IMPL(__ct_exec, callToThrow(__ct_exec, __ct_pc)); \
133     } while (false)
134
135 #define LLINT_CALL_CHECK_EXCEPTION(exec, pc) do {                       \
136         ExecState* __cce_exec = (exec);                                 \
137         Instruction* __cce_pc = (pc);                                   \
138         if (UNLIKELY(globalData.exception))                              \
139             LLINT_CALL_END_IMPL(__cce_exec, callToThrow(__cce_exec, __cce_pc)); \
140     } while (false)
141
142 #define LLINT_CALL_RETURN(exec, pc, callTarget) do {                    \
143         ExecState* __cr_exec = (exec);                                  \
144         Instruction* __cr_pc = (pc);                                    \
145         void* __cr_callTarget = (callTarget);                           \
146         LLINT_CALL_CHECK_EXCEPTION(__cr_exec->callerFrame(), __cr_pc);  \
147         LLINT_CALL_END_IMPL(__cr_exec, __cr_callTarget);                \
148     } while (false)
149
150 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
151 {
152     LLINT_BEGIN();
153     dataLog("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
154             exec->codeBlock(),
155             exec,
156             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
157             exec->globalData().interpreter->getOpcodeID(pc[0].u.opcode),
158             fromWhere,
159             operand,
160             pc[operand].u.operand);
161     LLINT_END();
162 }
163
164 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
165 {
166     LLINT_BEGIN();
167     JSValue value = LLINT_OP_C(operand).jsValue();
168     union {
169         struct {
170             uint32_t tag;
171             uint32_t payload;
172         } bits;
173         EncodedJSValue asValue;
174     } u;
175     u.asValue = JSValue::encode(value);
176     dataLog("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
177             exec->codeBlock(),
178             exec,
179             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
180             exec->globalData().interpreter->getOpcodeID(pc[0].u.opcode),
181             fromWhere,
182             operand,
183             pc[operand].u.operand,
184             u.bits.tag,
185             u.bits.payload,
186             value.description());
187     LLINT_END();
188 }
189
190 LLINT_SLOW_PATH_DECL(trace_prologue)
191 {
192     LLINT_BEGIN();
193     dataLog("%p / %p: in prologue.\n", exec->codeBlock(), exec);
194     LLINT_END();
195 }
196
197 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
198 {
199     JSFunction* callee = asFunction(exec->callee());
200     FunctionExecutable* executable = callee->jsExecutable();
201     CodeBlock* codeBlock = &executable->generatedBytecodeFor(kind);
202     dataLog("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeRegisters = %u, caller = %p.\n",
203             codeBlock, exec, comment, callee, executable,
204             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeRegisters,
205             exec->callerFrame());
206 }
207
208 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
209 {
210     LLINT_BEGIN();
211     traceFunctionPrologue(exec, "call prologue", CodeForCall);
212     LLINT_END();
213 }
214
215 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
216 {
217     LLINT_BEGIN();
218     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
219     LLINT_END();
220 }
221
222 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
223 {
224     LLINT_BEGIN();
225     traceFunctionPrologue(exec, "call arity check", CodeForCall);
226     LLINT_END();
227 }
228
229 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
230 {
231     LLINT_BEGIN();
232     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
233     LLINT_END();
234 }
235
236 LLINT_SLOW_PATH_DECL(trace)
237 {
238     LLINT_BEGIN();
239     dataLog("%p / %p: executing bc#%zu, %s, scope %p\n",
240             exec->codeBlock(),
241             exec,
242             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
243             opcodeNames[exec->globalData().interpreter->getOpcodeID(pc[0].u.opcode)],
244             exec->scopeChain());
245     LLINT_END();
246 }
247
248 LLINT_SLOW_PATH_DECL(special_trace)
249 {
250     LLINT_BEGIN();
251     dataLog("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
252             exec->codeBlock(),
253             exec,
254             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
255             exec->globalData().interpreter->getOpcodeID(pc[0].u.opcode),
256             exec->returnPC().value());
257     LLINT_END();
258 }
259
260 inline bool shouldJIT(ExecState* exec)
261 {
262     // You can modify this to turn off JITting without rebuilding the world.
263     return exec->globalData().canUseJIT();
264 }
265
266 enum EntryKind { Prologue, ArityCheck };
267 static SlowPathReturnType entryOSR(ExecState* exec, Instruction* pc, CodeBlock* codeBlock, const char *name, EntryKind kind)
268 {
269 #if ENABLE(JIT_VERBOSE_OSR)
270     dataLog("%p: Entered %s with executeCounter = %d\n", codeBlock, name, codeBlock->llintExecuteCounter());
271 #endif
272     
273     if (!shouldJIT(exec)) {
274         codeBlock->dontJITAnytimeSoon();
275         LLINT_RETURN_TWO(0, exec);
276     }
277     if (!codeBlock->jitCompile(exec->globalData())) {
278 #if ENABLE(JIT_VERBOSE_OSR)
279         dataLog("    Code was already compiled.\n");
280 #endif
281     }
282     codeBlock->jitSoon();
283     if (kind == Prologue)
284         LLINT_RETURN_TWO(codeBlock->getJITCode().executableAddressAtOffset(0), exec);
285     ASSERT(kind == ArityCheck);
286     LLINT_RETURN_TWO(codeBlock->getJITCodeWithArityCheck().executableAddress(), exec);
287 }
288
289 LLINT_SLOW_PATH_DECL(entry_osr)
290 {
291     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
292 }
293
294 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
295 {
296     return entryOSR(exec, pc, &asFunction(exec->callee())->jsExecutable()->generatedBytecodeFor(CodeForCall), "entry_osr_function_for_call", Prologue);
297 }
298
299 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
300 {
301     return entryOSR(exec, pc, &asFunction(exec->callee())->jsExecutable()->generatedBytecodeFor(CodeForConstruct), "entry_osr_function_for_construct", Prologue);
302 }
303
304 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
305 {
306     return entryOSR(exec, pc, &asFunction(exec->callee())->jsExecutable()->generatedBytecodeFor(CodeForCall), "entry_osr_function_for_call_arityCheck", ArityCheck);
307 }
308
309 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
310 {
311     return entryOSR(exec, pc, &asFunction(exec->callee())->jsExecutable()->generatedBytecodeFor(CodeForConstruct), "entry_osr_function_for_construct_arityCheck", ArityCheck);
312 }
313
314 LLINT_SLOW_PATH_DECL(loop_osr)
315 {
316     CodeBlock* codeBlock = exec->codeBlock();
317     
318 #if ENABLE(JIT_VERBOSE_OSR)
319     dataLog("%p: Entered loop_osr with executeCounter = %d\n", codeBlock, codeBlock->llintExecuteCounter());
320 #endif
321     
322     if (!shouldJIT(exec)) {
323         codeBlock->dontJITAnytimeSoon();
324         LLINT_RETURN_TWO(0, exec);
325     }
326     
327     if (!codeBlock->jitCompile(exec->globalData())) {
328 #if ENABLE(JIT_VERBOSE_OSR)
329         dataLog("    Code was already compiled.\n");
330 #endif
331     }
332     codeBlock->jitSoon();
333     
334     ASSERT(codeBlock->getJITType() == JITCode::BaselineJIT);
335     
336     Vector<BytecodeAndMachineOffset> map;
337     codeBlock->jitCodeMap()->decode(map);
338     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned, BytecodeAndMachineOffset::getBytecodeIndex>(map.begin(), map.size(), pc - codeBlock->instructions().begin());
339     ASSERT(mapping);
340     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
341     
342     void* jumpTarget = codeBlock->getJITCode().executableAddressAtOffset(mapping->m_machineCodeOffset);
343     ASSERT(jumpTarget);
344     
345     LLINT_RETURN_TWO(jumpTarget, exec);
346 }
347
348 LLINT_SLOW_PATH_DECL(replace)
349 {
350     CodeBlock* codeBlock = exec->codeBlock();
351     
352 #if ENABLE(JIT_VERBOSE_OSR)
353     dataLog("%p: Entered replace with executeCounter = %d\n", codeBlock, codeBlock->llintExecuteCounter());
354 #endif
355     
356     if (shouldJIT(exec)) {
357         if (!codeBlock->jitCompile(exec->globalData())) {
358 #if ENABLE(JIT_VERBOSE_OSR)
359             dataLog("    Code was already compiled.\n");
360 #endif
361         }
362         codeBlock->jitSoon();
363     } else
364         codeBlock->dontJITAnytimeSoon();
365     LLINT_END_IMPL();
366 }
367
368 LLINT_SLOW_PATH_DECL(register_file_check)
369 {
370     LLINT_BEGIN();
371 #if LLINT_SLOW_PATH_TRACING
372     dataLog("Checking stack height with exec = %p.\n", exec);
373     dataLog("CodeBlock = %p.\n", exec->codeBlock());
374     dataLog("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeRegisters);
375     dataLog("Num vars = %u.\n", exec->codeBlock()->m_numVars);
376     dataLog("Current end is at %p.\n", exec->globalData().interpreter->registerFile().end());
377 #endif
378     ASSERT(&exec->registers()[exec->codeBlock()->m_numCalleeRegisters] > exec->globalData().interpreter->registerFile().end());
379     if (UNLIKELY(!globalData.interpreter->registerFile().grow(&exec->registers()[exec->codeBlock()->m_numCalleeRegisters]))) {
380         ReturnAddressPtr returnPC = exec->returnPC();
381         exec = exec->callerFrame();
382         globalData.exception = createStackOverflowError(exec);
383         interpreterThrowInCaller(exec, returnPC);
384         pc = returnToThrowForThrownException(exec);
385     }
386     LLINT_END_IMPL();
387 }
388
389 LLINT_SLOW_PATH_DECL(slow_path_call_arityCheck)
390 {
391     LLINT_BEGIN();
392     ExecState* newExec = CommonSlowPaths::arityCheckFor(exec, &globalData.interpreter->registerFile(), CodeForCall);
393     if (!newExec) {
394         ReturnAddressPtr returnPC = exec->returnPC();
395         exec = exec->callerFrame();
396         globalData.exception = createStackOverflowError(exec);
397         interpreterThrowInCaller(exec, returnPC);
398         LLINT_RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
399     }
400     LLINT_RETURN_TWO(0, newExec);
401 }
402
403 LLINT_SLOW_PATH_DECL(slow_path_construct_arityCheck)
404 {
405     LLINT_BEGIN();
406     ExecState* newExec = CommonSlowPaths::arityCheckFor(exec, &globalData.interpreter->registerFile(), CodeForConstruct);
407     if (!newExec) {
408         ReturnAddressPtr returnPC = exec->returnPC();
409         exec = exec->callerFrame();
410         globalData.exception = createStackOverflowError(exec);
411         interpreterThrowInCaller(exec, returnPC);
412         LLINT_RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
413     }
414     LLINT_RETURN_TWO(0, newExec);
415 }
416
417 LLINT_SLOW_PATH_DECL(slow_path_create_activation)
418 {
419     LLINT_BEGIN();
420 #if LLINT_SLOW_PATH_TRACING
421     dataLog("Creating an activation, exec = %p!\n", exec);
422 #endif
423     JSActivation* activation = JSActivation::create(globalData, exec, static_cast<FunctionExecutable*>(exec->codeBlock()->ownerExecutable()));
424     exec->setScopeChain(exec->scopeChain()->push(activation));
425     LLINT_RETURN(JSValue(activation));
426 }
427
428 LLINT_SLOW_PATH_DECL(slow_path_create_arguments)
429 {
430     LLINT_BEGIN();
431     JSValue arguments = JSValue(Arguments::create(globalData, exec));
432     LLINT_CHECK_EXCEPTION();
433     exec->uncheckedR(pc[1].u.operand) = arguments;
434     exec->uncheckedR(unmodifiedArgumentsRegister(pc[1].u.operand)) = arguments;
435     LLINT_END();
436 }
437
438 LLINT_SLOW_PATH_DECL(slow_path_create_this)
439 {
440     LLINT_BEGIN();
441     JSFunction* constructor = asFunction(exec->callee());
442     
443 #if !ASSERT_DISABLED
444     ConstructData constructData;
445     ASSERT(constructor->methodTable()->getConstructData(constructor, constructData) == ConstructTypeJS);
446 #endif
447     
448     Structure* structure;
449     JSValue proto = LLINT_OP(2).jsValue();
450     if (proto.isObject())
451         structure = asObject(proto)->inheritorID(globalData);
452     else
453         structure = constructor->scope()->globalObject->emptyObjectStructure();
454     
455     LLINT_RETURN(constructEmptyObject(exec, structure));
456 }
457
458 LLINT_SLOW_PATH_DECL(slow_path_convert_this)
459 {
460     LLINT_BEGIN();
461     JSValue v1 = LLINT_OP(1).jsValue();
462     ASSERT(v1.isPrimitive());
463     LLINT_RETURN(v1.toThisObject(exec));
464 }
465
466 LLINT_SLOW_PATH_DECL(slow_path_new_object)
467 {
468     LLINT_BEGIN();
469     LLINT_RETURN(constructEmptyObject(exec));
470 }
471
472 LLINT_SLOW_PATH_DECL(slow_path_new_array)
473 {
474     LLINT_BEGIN();
475     LLINT_RETURN(constructArray(exec, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
476 }
477
478 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
479 {
480     LLINT_BEGIN();
481     LLINT_RETURN(constructArray(exec, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
482 }
483
484 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
485 {
486     LLINT_BEGIN();
487     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
488     if (!regExp->isValid())
489         LLINT_THROW(createSyntaxError(exec, "Invalid flag supplied to RegExp constructor."));
490     LLINT_RETURN(RegExpObject::create(globalData, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->regExpStructure(), regExp));
491 }
492
493 LLINT_SLOW_PATH_DECL(slow_path_not)
494 {
495     LLINT_BEGIN();
496     LLINT_RETURN(jsBoolean(!LLINT_OP_C(2).jsValue().toBoolean(exec)));
497 }
498
499 LLINT_SLOW_PATH_DECL(slow_path_eq)
500 {
501     LLINT_BEGIN();
502     LLINT_RETURN(jsBoolean(JSValue::equal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
503 }
504
505 LLINT_SLOW_PATH_DECL(slow_path_neq)
506 {
507     LLINT_BEGIN();
508     LLINT_RETURN(jsBoolean(!JSValue::equal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
509 }
510
511 LLINT_SLOW_PATH_DECL(slow_path_stricteq)
512 {
513     LLINT_BEGIN();
514     LLINT_RETURN(jsBoolean(JSValue::strictEqual(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
515 }
516
517 LLINT_SLOW_PATH_DECL(slow_path_nstricteq)
518 {
519     LLINT_BEGIN();
520     LLINT_RETURN(jsBoolean(!JSValue::strictEqual(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
521 }
522
523 LLINT_SLOW_PATH_DECL(slow_path_less)
524 {
525     LLINT_BEGIN();
526     LLINT_RETURN(jsBoolean(jsLess<true>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
527 }
528
529 LLINT_SLOW_PATH_DECL(slow_path_lesseq)
530 {
531     LLINT_BEGIN();
532     LLINT_RETURN(jsBoolean(jsLessEq<true>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
533 }
534
535 LLINT_SLOW_PATH_DECL(slow_path_greater)
536 {
537     LLINT_BEGIN();
538     LLINT_RETURN(jsBoolean(jsLess<false>(exec, LLINT_OP_C(3).jsValue(), LLINT_OP_C(2).jsValue())));
539 }
540
541 LLINT_SLOW_PATH_DECL(slow_path_greatereq)
542 {
543     LLINT_BEGIN();
544     LLINT_RETURN(jsBoolean(jsLessEq<false>(exec, LLINT_OP_C(3).jsValue(), LLINT_OP_C(2).jsValue())));
545 }
546
547 LLINT_SLOW_PATH_DECL(slow_path_pre_inc)
548 {
549     LLINT_BEGIN();
550     LLINT_RETURN(jsNumber(LLINT_OP(1).jsValue().toNumber(exec) + 1));
551 }
552
553 LLINT_SLOW_PATH_DECL(slow_path_pre_dec)
554 {
555     LLINT_BEGIN();
556     LLINT_RETURN(jsNumber(LLINT_OP(1).jsValue().toNumber(exec) - 1));
557 }
558
559 LLINT_SLOW_PATH_DECL(slow_path_post_inc)
560 {
561     LLINT_BEGIN();
562     double result = LLINT_OP(2).jsValue().toNumber(exec);
563     LLINT_OP(2) = jsNumber(result + 1);
564     LLINT_RETURN(jsNumber(result));
565 }
566
567 LLINT_SLOW_PATH_DECL(slow_path_post_dec)
568 {
569     LLINT_BEGIN();
570     double result = LLINT_OP(2).jsValue().toNumber(exec);
571     LLINT_OP(2) = jsNumber(result - 1);
572     LLINT_RETURN(jsNumber(result));
573 }
574
575 LLINT_SLOW_PATH_DECL(slow_path_to_jsnumber)
576 {
577     LLINT_BEGIN();
578     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toNumber(exec)));
579 }
580
581 LLINT_SLOW_PATH_DECL(slow_path_negate)
582 {
583     LLINT_BEGIN();
584     LLINT_RETURN(jsNumber(-LLINT_OP_C(2).jsValue().toNumber(exec)));
585 }
586
587 LLINT_SLOW_PATH_DECL(slow_path_add)
588 {
589     LLINT_BEGIN();
590     JSValue v1 = LLINT_OP_C(2).jsValue();
591     JSValue v2 = LLINT_OP_C(3).jsValue();
592     
593 #if LLINT_SLOW_PATH_TRACING
594     dataLog("Trying to add %s", v1.description());
595     dataLog(" to %s.\n", v2.description());
596 #endif
597     
598     if (v1.isString() && !v2.isObject())
599         LLINT_RETURN(jsString(exec, asString(v1), v2.toString(exec)));
600     
601     if (v1.isNumber() && v2.isNumber())
602         LLINT_RETURN(jsNumber(v1.asNumber() + v2.asNumber()));
603     
604     LLINT_RETURN(jsAddSlowCase(exec, v1, v2));
605 }
606
607 LLINT_SLOW_PATH_DECL(slow_path_mul)
608 {
609     LLINT_BEGIN();
610     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toNumber(exec) * LLINT_OP_C(3).jsValue().toNumber(exec)));
611 }
612
613 LLINT_SLOW_PATH_DECL(slow_path_sub)
614 {
615     LLINT_BEGIN();
616     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toNumber(exec) - LLINT_OP_C(3).jsValue().toNumber(exec)));
617 }
618
619 LLINT_SLOW_PATH_DECL(slow_path_div)
620 {
621     LLINT_BEGIN();
622     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toNumber(exec) / LLINT_OP_C(3).jsValue().toNumber(exec)));
623 }
624
625 LLINT_SLOW_PATH_DECL(slow_path_mod)
626 {
627     LLINT_BEGIN();
628     LLINT_RETURN(jsNumber(fmod(LLINT_OP_C(2).jsValue().toNumber(exec), LLINT_OP_C(3).jsValue().toNumber(exec))));
629 }
630
631 LLINT_SLOW_PATH_DECL(slow_path_lshift)
632 {
633     LLINT_BEGIN();
634     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toInt32(exec) << (LLINT_OP_C(3).jsValue().toUInt32(exec) & 31)));
635 }
636
637 LLINT_SLOW_PATH_DECL(slow_path_rshift)
638 {
639     LLINT_BEGIN();
640     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toInt32(exec) >> (LLINT_OP_C(3).jsValue().toUInt32(exec) & 31)));
641 }
642
643 LLINT_SLOW_PATH_DECL(slow_path_urshift)
644 {
645     LLINT_BEGIN();
646     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toUInt32(exec) >> (LLINT_OP_C(3).jsValue().toUInt32(exec) & 31)));
647 }
648
649 LLINT_SLOW_PATH_DECL(slow_path_bitand)
650 {
651     LLINT_BEGIN();
652     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toInt32(exec) & LLINT_OP_C(3).jsValue().toInt32(exec)));
653 }
654
655 LLINT_SLOW_PATH_DECL(slow_path_bitor)
656 {
657     LLINT_BEGIN();
658     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toInt32(exec) | LLINT_OP_C(3).jsValue().toInt32(exec)));
659 }
660
661 LLINT_SLOW_PATH_DECL(slow_path_bitxor)
662 {
663     LLINT_BEGIN();
664     LLINT_RETURN(jsNumber(LLINT_OP_C(2).jsValue().toInt32(exec) ^ LLINT_OP_C(3).jsValue().toInt32(exec)));
665 }
666
667 LLINT_SLOW_PATH_DECL(slow_path_bitnot)
668 {
669     LLINT_BEGIN();
670     LLINT_RETURN(jsNumber(~LLINT_OP_C(2).jsValue().toInt32(exec)));
671 }
672
673 LLINT_SLOW_PATH_DECL(slow_path_check_has_instance)
674 {
675     LLINT_BEGIN();
676     JSValue baseVal = LLINT_OP_C(1).jsValue();
677 #ifndef NDEBUG
678     TypeInfo typeInfo(UnspecifiedType);
679     ASSERT(!baseVal.isObject()
680            || !(typeInfo = asObject(baseVal)->structure()->typeInfo()).implementsHasInstance());
681 #endif
682     LLINT_THROW(createInvalidParamError(exec, "instanceof", baseVal));
683 }
684
685 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
686 {
687     LLINT_BEGIN();
688     LLINT_RETURN(jsBoolean(CommonSlowPaths::opInstanceOfSlow(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue())));
689 }
690
691 LLINT_SLOW_PATH_DECL(slow_path_typeof)
692 {
693     LLINT_BEGIN();
694     LLINT_RETURN(jsTypeStringForValue(exec, LLINT_OP_C(2).jsValue()));
695 }
696
697 LLINT_SLOW_PATH_DECL(slow_path_is_undefined)
698 {
699     LLINT_BEGIN();
700     JSValue v = LLINT_OP_C(2).jsValue();
701     LLINT_RETURN(jsBoolean(v.isCell() ? v.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v.isUndefined()));
702 }
703
704 LLINT_SLOW_PATH_DECL(slow_path_is_boolean)
705 {
706     LLINT_BEGIN();
707     LLINT_RETURN(jsBoolean(LLINT_OP_C(2).jsValue().isBoolean()));
708 }
709
710 LLINT_SLOW_PATH_DECL(slow_path_is_number)
711 {
712     LLINT_BEGIN();
713     LLINT_RETURN(jsBoolean(LLINT_OP_C(2).jsValue().isNumber()));
714 }
715
716 LLINT_SLOW_PATH_DECL(slow_path_is_string)
717 {
718     LLINT_BEGIN();
719     LLINT_RETURN(jsBoolean(isJSString(LLINT_OP_C(2).jsValue())));
720 }
721
722 LLINT_SLOW_PATH_DECL(slow_path_is_object)
723 {
724     LLINT_BEGIN();
725     LLINT_RETURN(jsBoolean(jsIsObjectType(LLINT_OP_C(2).jsValue())));
726 }
727
728 LLINT_SLOW_PATH_DECL(slow_path_is_function)
729 {
730     LLINT_BEGIN();
731     LLINT_RETURN(jsBoolean(jsIsFunctionType(LLINT_OP_C(2).jsValue())));
732 }
733
734 LLINT_SLOW_PATH_DECL(slow_path_in)
735 {
736     LLINT_BEGIN();
737     LLINT_RETURN(jsBoolean(CommonSlowPaths::opIn(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue())));
738 }
739
740 LLINT_SLOW_PATH_DECL(slow_path_resolve)
741 {
742     LLINT_BEGIN();
743     LLINT_RETURN_PROFILED(op_resolve, CommonSlowPaths::opResolve(exec, exec->codeBlock()->identifier(pc[2].u.operand)));
744 }
745
746 LLINT_SLOW_PATH_DECL(slow_path_resolve_skip)
747 {
748     LLINT_BEGIN();
749     LLINT_RETURN_PROFILED(
750         op_resolve_skip,
751         CommonSlowPaths::opResolveSkip(
752             exec,
753             exec->codeBlock()->identifier(pc[2].u.operand),
754             pc[3].u.operand));
755 }
756
757 static JSValue resolveGlobal(ExecState* exec, Instruction* pc)
758 {
759     CodeBlock* codeBlock = exec->codeBlock();
760     JSGlobalObject* globalObject = codeBlock->globalObject();
761     ASSERT(globalObject->isGlobalObject());
762     int property = pc[2].u.operand;
763     Structure* structure = pc[3].u.structure.get();
764     
765     ASSERT_UNUSED(structure, structure != globalObject->structure());
766     
767     Identifier& ident = codeBlock->identifier(property);
768     PropertySlot slot(globalObject);
769     
770     if (globalObject->getPropertySlot(exec, ident, slot)) {
771         JSValue result = slot.getValue(exec, ident);
772         if (slot.isCacheableValue() && !globalObject->structure()->isUncacheableDictionary()
773             && slot.slotBase() == globalObject) {
774             pc[3].u.structure.set(
775                 exec->globalData(), codeBlock->ownerExecutable(), globalObject->structure());
776             pc[4] = slot.cachedOffset();
777         }
778         
779         return result;
780     }
781     
782     exec->globalData().exception = createUndefinedVariableError(exec, ident);
783     return JSValue();
784 }
785
786 LLINT_SLOW_PATH_DECL(slow_path_resolve_global)
787 {
788     LLINT_BEGIN();
789     LLINT_RETURN_PROFILED(op_resolve_global, resolveGlobal(exec, pc));
790 }
791
792 LLINT_SLOW_PATH_DECL(slow_path_resolve_global_dynamic)
793 {
794     LLINT_BEGIN();
795     LLINT_RETURN_PROFILED(op_resolve_global_dynamic, resolveGlobal(exec, pc));
796 }
797
798 LLINT_SLOW_PATH_DECL(slow_path_resolve_for_resolve_global_dynamic)
799 {
800     LLINT_BEGIN();
801     LLINT_RETURN_PROFILED(op_resolve_global_dynamic, CommonSlowPaths::opResolve(exec, exec->codeBlock()->identifier(pc[2].u.operand)));
802 }
803
804 LLINT_SLOW_PATH_DECL(slow_path_resolve_base)
805 {
806     LLINT_BEGIN();
807     Identifier& ident = exec->codeBlock()->identifier(pc[2].u.operand);
808     if (pc[3].u.operand) {
809         JSValue base = JSC::resolveBase(exec, ident, exec->scopeChain(), true);
810         if (!base)
811             LLINT_THROW(createErrorForInvalidGlobalAssignment(exec, ident.ustring()));
812         LLINT_RETURN(base);
813     }
814     
815     LLINT_RETURN_PROFILED(op_resolve_base, JSC::resolveBase(exec, ident, exec->scopeChain(), false));
816 }
817
818 LLINT_SLOW_PATH_DECL(slow_path_ensure_property_exists)
819 {
820     LLINT_BEGIN();
821     JSObject* object = asObject(LLINT_OP(1).jsValue());
822     PropertySlot slot(object);
823     Identifier& ident = exec->codeBlock()->identifier(pc[2].u.operand);
824     if (!object->getPropertySlot(exec, ident, slot))
825         LLINT_THROW(createErrorForInvalidGlobalAssignment(exec, ident.ustring()));
826     LLINT_END();
827 }
828
829 LLINT_SLOW_PATH_DECL(slow_path_resolve_with_base)
830 {
831     LLINT_BEGIN();
832     JSValue result = CommonSlowPaths::opResolveWithBase(exec, exec->codeBlock()->identifier(pc[3].u.operand), LLINT_OP(1));
833     LLINT_CHECK_EXCEPTION();
834     LLINT_OP(2) = result;
835     // FIXME: technically should have profiling, but we don't do it because the DFG won't use it.
836     LLINT_END();
837 }
838
839 LLINT_SLOW_PATH_DECL(slow_path_resolve_with_this)
840 {
841     LLINT_BEGIN();
842     JSValue result = CommonSlowPaths::opResolveWithThis(exec, exec->codeBlock()->identifier(pc[3].u.operand), LLINT_OP(1));
843     LLINT_CHECK_EXCEPTION();
844     LLINT_OP(2) = result;
845     // FIXME: technically should have profiling, but we don't do it because the DFG won't use it.
846     LLINT_END();
847 }
848
849 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
850 {
851     LLINT_BEGIN();
852     CodeBlock* codeBlock = exec->codeBlock();
853     Identifier& ident = codeBlock->identifier(pc[3].u.operand);
854     JSValue baseValue = LLINT_OP_C(2).jsValue();
855     PropertySlot slot(baseValue);
856
857     JSValue result = baseValue.get(exec, ident, slot);
858     LLINT_CHECK_EXCEPTION();
859     LLINT_OP(1) = result;
860
861     if (baseValue.isCell()
862         && slot.isCacheable()
863         && slot.slotBase() == baseValue
864         && slot.cachedPropertyType() == PropertySlot::Value) {
865         
866         JSCell* baseCell = baseValue.asCell();
867         Structure* structure = baseCell->structure();
868         
869         if (!structure->isUncacheableDictionary()
870             && !structure->typeInfo().prohibitsPropertyCaching()) {
871             pc[4].u.structure.set(
872                 globalData, codeBlock->ownerExecutable(), structure);
873             pc[5].u.operand = slot.cachedOffset() * sizeof(JSValue);
874         }
875     }
876     
877     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
878     LLINT_END();
879 }
880
881 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
882 {
883     LLINT_BEGIN();
884     CodeBlock* codeBlock = exec->codeBlock();
885     Identifier& ident = codeBlock->identifier(pc[3].u.operand);
886     JSValue baseValue = LLINT_OP(2).jsValue();
887     PropertySlot slot(baseValue);
888     LLINT_RETURN(baseValue.get(exec, ident, slot));
889 }
890
891 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
892 {
893     LLINT_BEGIN();
894     CodeBlock* codeBlock = exec->codeBlock();
895     Identifier& ident = codeBlock->identifier(pc[2].u.operand);
896     
897     JSValue baseValue = LLINT_OP_C(1).jsValue();
898     PutPropertySlot slot(codeBlock->isStrictMode());
899     if (pc[8].u.operand)
900         asObject(baseValue)->putDirect(globalData, ident, LLINT_OP_C(3).jsValue(), slot);
901     else
902         baseValue.put(exec, ident, LLINT_OP_C(3).jsValue(), slot);
903     LLINT_CHECK_EXCEPTION();
904     
905     if (baseValue.isCell()
906         && slot.isCacheable()) {
907         
908         JSCell* baseCell = baseValue.asCell();
909         Structure* structure = baseCell->structure();
910         
911         if (!structure->isUncacheableDictionary()
912             && !structure->typeInfo().prohibitsPropertyCaching()
913             && baseCell == slot.base()) {
914             
915             if (slot.type() == PutPropertySlot::NewProperty) {
916                 if (!structure->isDictionary() && structure->previousID()->propertyStorageCapacity() == structure->propertyStorageCapacity()) {
917                     // This is needed because some of the methods we call
918                     // below may GC.
919                     pc[0].u.opcode = bitwise_cast<void*>(&llint_op_put_by_id);
920
921                     normalizePrototypeChain(exec, baseCell);
922                     
923                     ASSERT(structure->previousID()->isObject());
924                     pc[4].u.structure.set(
925                         globalData, codeBlock->ownerExecutable(), structure->previousID());
926                     pc[5].u.operand = slot.cachedOffset() * sizeof(JSValue);
927                     pc[6].u.structure.set(
928                         globalData, codeBlock->ownerExecutable(), structure);
929                     StructureChain* chain = structure->prototypeChain(exec);
930                     ASSERT(chain);
931                     pc[7].u.structureChain.set(
932                         globalData, codeBlock->ownerExecutable(), chain);
933                     
934                     if (pc[8].u.operand)
935                         pc[0].u.opcode = bitwise_cast<void*>(&llint_op_put_by_id_transition_direct);
936                     else
937                         pc[0].u.opcode = bitwise_cast<void*>(&llint_op_put_by_id_transition_normal);
938                 }
939             } else {
940                 pc[0].u.opcode = bitwise_cast<void*>(&llint_op_put_by_id);
941                 pc[4].u.structure.set(
942                     globalData, codeBlock->ownerExecutable(), structure);
943                 pc[5].u.operand = slot.cachedOffset() * sizeof(JSValue);
944             }
945         }
946     }
947     
948     LLINT_END();
949 }
950
951 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
952 {
953     LLINT_BEGIN();
954     CodeBlock* codeBlock = exec->codeBlock();
955     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
956     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
957     LLINT_CHECK_EXCEPTION();
958     if (!couldDelete && codeBlock->isStrictMode())
959         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
960     LLINT_RETURN(jsBoolean(couldDelete));
961 }
962
963 inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
964 {
965     if (LIKELY(baseValue.isCell() && subscript.isString())) {
966         if (JSValue result = baseValue.asCell()->fastGetOwnProperty(exec, asString(subscript)->value(exec)))
967             return result;
968     }
969     
970     if (subscript.isUInt32()) {
971         uint32_t i = subscript.asUInt32();
972         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
973             return asString(baseValue)->getIndex(exec, i);
974         
975         if (isJSByteArray(baseValue) && asByteArray(baseValue)->canAccessIndex(i))
976             return asByteArray(baseValue)->getIndex(exec, i);
977         
978         return baseValue.get(exec, i);
979     }
980     
981     Identifier property(exec, subscript.toString(exec)->value(exec));
982     return baseValue.get(exec, property);
983 }
984
985 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
986 {
987     LLINT_BEGIN();
988     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
989 }
990
991 LLINT_SLOW_PATH_DECL(slow_path_get_argument_by_val)
992 {
993     LLINT_BEGIN();
994     JSValue arguments = LLINT_OP(2).jsValue();
995     if (!arguments) {
996         arguments = Arguments::create(globalData, exec);
997         LLINT_CHECK_EXCEPTION();
998         LLINT_OP(2) = arguments;
999         exec->uncheckedR(unmodifiedArgumentsRegister(pc[2].u.operand)) = arguments;
1000     }
1001     
1002     LLINT_RETURN(getByVal(exec, arguments, LLINT_OP_C(3).jsValue()));
1003 }
1004
1005 LLINT_SLOW_PATH_DECL(slow_path_get_by_pname)
1006 {
1007     LLINT_BEGIN();
1008     LLINT_RETURN(getByVal(exec, LLINT_OP(2).jsValue(), LLINT_OP(3).jsValue()));
1009 }
1010
1011 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
1012 {
1013     LLINT_BEGIN();
1014     
1015     JSValue baseValue = LLINT_OP_C(1).jsValue();
1016     JSValue subscript = LLINT_OP_C(2).jsValue();
1017     JSValue value = LLINT_OP_C(3).jsValue();
1018     
1019     if (LIKELY(subscript.isUInt32())) {
1020         uint32_t i = subscript.asUInt32();
1021         if (isJSArray(baseValue)) {
1022             JSArray* jsArray = asArray(baseValue);
1023             if (jsArray->canSetIndex(i))
1024                 jsArray->setIndex(globalData, i, value);
1025             else
1026                 JSArray::putByIndex(jsArray, exec, i, value);
1027             LLINT_END();
1028         }
1029         if (isJSByteArray(baseValue)
1030             && asByteArray(baseValue)->canAccessIndex(i)) {
1031             JSByteArray* jsByteArray = asByteArray(baseValue);
1032             if (value.isInt32()) {
1033                 jsByteArray->setIndex(i, value.asInt32());
1034                 LLINT_END();
1035             }
1036             if (value.isNumber()) {
1037                 jsByteArray->setIndex(i, value.asNumber());
1038                 LLINT_END();
1039             }
1040         }
1041         baseValue.put(exec, i, value);
1042         LLINT_END();
1043     }
1044     
1045     Identifier property(exec, subscript.toString(exec)->value(exec));
1046     LLINT_CHECK_EXCEPTION();
1047     PutPropertySlot slot(exec->codeBlock()->isStrictMode());
1048     baseValue.put(exec, property, value, slot);
1049     LLINT_END();
1050 }
1051
1052 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
1053 {
1054     LLINT_BEGIN();
1055     JSValue baseValue = LLINT_OP_C(2).jsValue();
1056     JSObject* baseObject = baseValue.toObject(exec);
1057     
1058     JSValue subscript = LLINT_OP_C(3).jsValue();
1059     
1060     bool couldDelete;
1061     
1062     uint32_t i;
1063     if (subscript.getUInt32(i))
1064         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
1065     else {
1066         LLINT_CHECK_EXCEPTION();
1067         Identifier property(exec, subscript.toString(exec)->value(exec));
1068         LLINT_CHECK_EXCEPTION();
1069         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
1070     }
1071     
1072     if (!couldDelete && exec->codeBlock()->isStrictMode())
1073         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
1074     
1075     LLINT_RETURN(jsBoolean(couldDelete));
1076 }
1077
1078 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
1079 {
1080     LLINT_BEGIN();
1081     LLINT_OP_C(1).jsValue().put(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
1082     LLINT_END();
1083 }
1084
1085 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter)
1086 {
1087     LLINT_BEGIN();
1088     ASSERT(LLINT_OP(1).jsValue().isObject());
1089     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
1090     
1091     GetterSetter* accessor = GetterSetter::create(exec);
1092     LLINT_CHECK_EXCEPTION();
1093     
1094     JSValue getter = LLINT_OP(3).jsValue();
1095     JSValue setter = LLINT_OP(4).jsValue();
1096     ASSERT(getter.isObject() || getter.isUndefined());
1097     ASSERT(setter.isObject() || setter.isUndefined());
1098     ASSERT(getter.isObject() || setter.isObject());
1099     
1100     if (!getter.isUndefined())
1101         accessor->setGetter(globalData, asObject(getter));
1102     if (!setter.isUndefined())
1103         accessor->setSetter(globalData, asObject(setter));
1104     baseObj->putDirectAccessor(
1105         globalData,
1106         exec->codeBlock()->identifier(pc[2].u.operand),
1107         accessor, Accessor);
1108     LLINT_END();
1109 }
1110
1111 LLINT_SLOW_PATH_DECL(slow_path_jmp_scopes)
1112 {
1113     LLINT_BEGIN();
1114     unsigned count = pc[1].u.operand;
1115     ScopeChainNode* tmp = exec->scopeChain();
1116     while (count--)
1117         tmp = tmp->pop();
1118     exec->setScopeChain(tmp);
1119     pc += pc[2].u.operand;
1120     LLINT_END();
1121 }
1122
1123 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
1124 {
1125     LLINT_BEGIN();
1126     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
1127 }
1128
1129 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
1130 {
1131     LLINT_BEGIN();
1132     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
1133 }
1134
1135 LLINT_SLOW_PATH_DECL(slow_path_jless)
1136 {
1137     LLINT_BEGIN();
1138     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1139 }
1140
1141 LLINT_SLOW_PATH_DECL(slow_path_jnless)
1142 {
1143     LLINT_BEGIN();
1144     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1145 }
1146
1147 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
1148 {
1149     LLINT_BEGIN();
1150     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1151 }
1152
1153 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
1154 {
1155     LLINT_BEGIN();
1156     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1157 }
1158
1159 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
1160 {
1161     LLINT_BEGIN();
1162     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1163 }
1164
1165 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
1166 {
1167     LLINT_BEGIN();
1168     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1169 }
1170
1171 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
1172 {
1173     LLINT_BEGIN();
1174     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1175 }
1176
1177 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
1178 {
1179     LLINT_BEGIN();
1180     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1181 }
1182
1183 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
1184 {
1185     LLINT_BEGIN();
1186     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1187     ASSERT(scrutinee.isDouble());
1188     double value = scrutinee.asDouble();
1189     int32_t intValue = static_cast<int32_t>(value);
1190     int defaultOffset = pc[2].u.operand;
1191     if (value == intValue) {
1192         CodeBlock* codeBlock = exec->codeBlock();
1193         pc += codeBlock->immediateSwitchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
1194     } else
1195         pc += defaultOffset;
1196     LLINT_END();
1197 }
1198
1199 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
1200 {
1201     LLINT_BEGIN();
1202     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1203     int defaultOffset = pc[2].u.operand;
1204     if (!scrutinee.isString())
1205         pc += defaultOffset;
1206     else {
1207         CodeBlock* codeBlock = exec->codeBlock();
1208         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
1209     }
1210     LLINT_END();
1211 }
1212
1213 LLINT_SLOW_PATH_DECL(slow_path_new_func)
1214 {
1215     LLINT_BEGIN();
1216     CodeBlock* codeBlock = exec->codeBlock();
1217     ASSERT(codeBlock->codeType() != FunctionCode
1218            || !codeBlock->needsFullScopeChain()
1219            || exec->uncheckedR(codeBlock->activationRegister()).jsValue());
1220 #if LLINT_SLOW_PATH_TRACING
1221     dataLog("Creating function!\n");
1222 #endif
1223     LLINT_RETURN(codeBlock->functionDecl(pc[2].u.operand)->make(exec, exec->scopeChain()));
1224 }
1225
1226 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1227 {
1228     LLINT_BEGIN();
1229     CodeBlock* codeBlock = exec->codeBlock();
1230     FunctionExecutable* function = codeBlock->functionExpr(pc[2].u.operand);
1231     JSFunction* func = function->make(exec, exec->scopeChain());
1232     
1233     if (!function->name().isNull()) {
1234         JSStaticScopeObject* functionScopeObject = JSStaticScopeObject::create(exec, function->name(), func, ReadOnly | DontDelete);
1235         func->setScope(globalData, func->scope()->push(functionScopeObject));
1236     }
1237     
1238     LLINT_RETURN(func);
1239 }
1240
1241 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1242 {
1243     ExecState* exec = execCallee->callerFrame();
1244     JSGlobalData& globalData = exec->globalData();
1245     
1246     execCallee->setScopeChain(exec->scopeChain());
1247     execCallee->setCodeBlock(0);
1248     execCallee->clearReturnPC();
1249
1250     if (kind == CodeForCall) {
1251         CallData callData;
1252         CallType callType = getCallData(callee, callData);
1253     
1254         ASSERT(callType != CallTypeJS);
1255     
1256         if (callType == CallTypeHost) {
1257             globalData.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1258             
1259             LLINT_CALL_RETURN(execCallee, pc, reinterpret_cast<void*>(getHostCallReturnValue));
1260         }
1261         
1262 #if LLINT_SLOW_PATH_TRACING
1263         dataLog("Call callee is not a function: %s\n", callee.description());
1264 #endif
1265
1266         ASSERT(callType == CallTypeNone);
1267         LLINT_CALL_THROW(exec, pc, createNotAFunctionError(exec, callee));
1268     }
1269
1270     ASSERT(kind == CodeForConstruct);
1271     
1272     ConstructData constructData;
1273     ConstructType constructType = getConstructData(callee, constructData);
1274     
1275     ASSERT(constructType != ConstructTypeJS);
1276     
1277     if (constructType == ConstructTypeHost) {
1278         globalData.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1279
1280         LLINT_CALL_RETURN(execCallee, pc, reinterpret_cast<void*>(getHostCallReturnValue));
1281     }
1282     
1283 #if LLINT_SLOW_PATH_TRACING
1284     dataLog("Constructor callee is not a function: %s\n", callee.description());
1285 #endif
1286
1287     ASSERT(constructType == ConstructTypeNone);
1288     LLINT_CALL_THROW(exec, pc, createNotAConstructorError(exec, callee));
1289 }
1290
1291 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1292 {
1293 #if LLINT_SLOW_PATH_TRACING
1294     dataLog("Performing call with recorded PC = %p\n", execCallee->callerFrame()->currentVPC());
1295 #endif
1296
1297     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1298     if (!calleeAsFunctionCell)
1299         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1300     
1301     JSFunction* callee = asFunction(calleeAsFunctionCell);
1302     ScopeChainNode* scope = callee->scopeUnchecked();
1303     JSGlobalData& globalData = *scope->globalData;
1304     execCallee->setScopeChain(scope);
1305     ExecutableBase* executable = callee->executable();
1306     
1307     MacroAssemblerCodePtr codePtr;
1308     CodeBlock* codeBlock = 0;
1309     if (executable->isHostFunction())
1310         codePtr = executable->generatedJITCodeFor(kind).addressForCall();
1311     else {
1312         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1313         JSObject* error = functionExecutable->compileFor(execCallee, callee->scope(), kind);
1314         if (error)
1315             LLINT_CALL_THROW(execCallee->callerFrame(), pc, error);
1316         codeBlock = &functionExecutable->generatedBytecodeFor(kind);
1317         ASSERT(codeBlock);
1318         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1319             codePtr = functionExecutable->generatedJITCodeWithArityCheckFor(kind);
1320         else
1321             codePtr = functionExecutable->generatedJITCodeFor(kind).addressForCall();
1322     }
1323     
1324     if (callLinkInfo) {
1325         if (callLinkInfo->isOnList())
1326             callLinkInfo->remove();
1327         ExecState* execCaller = execCallee->callerFrame();
1328         callLinkInfo->callee.set(globalData, execCaller->codeBlock()->ownerExecutable(), callee);
1329         callLinkInfo->lastSeenCallee.set(globalData, execCaller->codeBlock()->ownerExecutable(), callee);
1330         callLinkInfo->machineCodeTarget = codePtr;
1331         if (codeBlock)
1332             codeBlock->linkIncomingCall(callLinkInfo);
1333     }
1334     
1335     LLINT_CALL_RETURN(execCallee, pc, codePtr.executableAddress());
1336 }
1337
1338 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1339 {
1340     // This needs to:
1341     // - Set up a call frame.
1342     // - Figure out what to call and compile it if necessary.
1343     // - If possible, link the call's inline cache.
1344     // - Return a tuple of machine code address to call and the new call frame.
1345     
1346     JSValue calleeAsValue = LLINT_OP_C(1).jsValue();
1347     
1348     ExecState* execCallee = exec + pc[3].u.operand;
1349     
1350     execCallee->setArgumentCountIncludingThis(pc[2].u.operand);
1351     execCallee->uncheckedR(RegisterFile::Callee) = calleeAsValue;
1352     execCallee->setCallerFrame(exec);
1353     
1354     ASSERT(pc[4].u.callLinkInfo);
1355     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[4].u.callLinkInfo);
1356 }
1357
1358 LLINT_SLOW_PATH_DECL(slow_path_call)
1359 {
1360     LLINT_BEGIN_NO_SET_PC();
1361     return genericCall(exec, pc, CodeForCall);
1362 }
1363
1364 LLINT_SLOW_PATH_DECL(slow_path_construct)
1365 {
1366     LLINT_BEGIN_NO_SET_PC();
1367     return genericCall(exec, pc, CodeForConstruct);
1368 }
1369
1370 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1371 {
1372     LLINT_BEGIN();
1373     // This needs to:
1374     // - Set up a call frame while respecting the variable arguments.
1375     // - Figure out what to call and compile it if necessary.
1376     // - Return a tuple of machine code address to call and the new call frame.
1377     
1378     JSValue calleeAsValue = LLINT_OP_C(1).jsValue();
1379     
1380     ExecState* execCallee = loadVarargs(
1381         exec, &globalData.interpreter->registerFile(),
1382         LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue(), pc[4].u.operand);
1383     LLINT_CALL_CHECK_EXCEPTION(exec, pc);
1384     
1385     execCallee->uncheckedR(RegisterFile::Callee) = calleeAsValue;
1386     execCallee->setCallerFrame(exec);
1387     exec->uncheckedR(RegisterFile::ArgumentCount).tag() = bitwise_cast<int32_t>(pc + OPCODE_LENGTH(op_call_varargs));
1388     
1389     return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1390 }
1391
1392 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1393 {
1394     LLINT_BEGIN_NO_SET_PC();
1395     JSValue calleeAsValue = LLINT_OP(1).jsValue();
1396     
1397     ExecState* execCallee = exec + pc[3].u.operand;
1398     
1399     execCallee->setArgumentCountIncludingThis(pc[2].u.operand);
1400     execCallee->setCallerFrame(exec);
1401     execCallee->uncheckedR(RegisterFile::Callee) = calleeAsValue;
1402     execCallee->setScopeChain(exec->scopeChain());
1403     execCallee->setReturnPC(bitwise_cast<Instruction*>(&llint_generic_return_point));
1404     execCallee->setCodeBlock(0);
1405     exec->uncheckedR(RegisterFile::ArgumentCount).tag() = bitwise_cast<int32_t>(pc + OPCODE_LENGTH(op_call_eval));
1406     
1407     if (!isHostFunction(calleeAsValue, globalFuncEval))
1408         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1409     
1410     globalData.hostCallReturnValue = eval(execCallee);
1411     LLINT_CALL_RETURN(execCallee, pc, reinterpret_cast<void*>(getHostCallReturnValue));
1412 }
1413
1414 LLINT_SLOW_PATH_DECL(slow_path_tear_off_activation)
1415 {
1416     LLINT_BEGIN();
1417     ASSERT(exec->codeBlock()->needsFullScopeChain());
1418     JSValue activationValue = LLINT_OP(1).jsValue();
1419     if (!activationValue) {
1420         if (JSValue v = exec->uncheckedR(unmodifiedArgumentsRegister(pc[2].u.operand)).jsValue()) {
1421             if (!exec->codeBlock()->isStrictMode())
1422                 asArguments(v)->tearOff(exec);
1423         }
1424         LLINT_END();
1425     }
1426     JSActivation* activation = asActivation(activationValue);
1427     activation->tearOff(globalData);
1428     if (JSValue v = exec->uncheckedR(unmodifiedArgumentsRegister(pc[2].u.operand)).jsValue())
1429         asArguments(v)->didTearOffActivation(globalData, activation);
1430     LLINT_END();
1431 }
1432
1433 LLINT_SLOW_PATH_DECL(slow_path_tear_off_arguments)
1434 {
1435     LLINT_BEGIN();
1436     ASSERT(exec->codeBlock()->usesArguments() && !exec->codeBlock()->needsFullScopeChain());
1437     asArguments(exec->uncheckedR(unmodifiedArgumentsRegister(pc[1].u.operand)).jsValue())->tearOff(exec);
1438     LLINT_END();
1439 }
1440
1441 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1442 {
1443     LLINT_BEGIN();
1444     LLINT_RETURN(jsString(exec, &LLINT_OP(2), pc[3].u.operand));
1445 }
1446
1447 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1448 {
1449     LLINT_BEGIN();
1450     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1451 }
1452
1453 LLINT_SLOW_PATH_DECL(slow_path_get_pnames)
1454 {
1455     LLINT_BEGIN();
1456     JSValue v = LLINT_OP(2).jsValue();
1457     if (v.isUndefinedOrNull()) {
1458         pc += pc[5].u.operand;
1459         LLINT_END();
1460     }
1461     
1462     JSObject* o = v.toObject(exec);
1463     Structure* structure = o->structure();
1464     JSPropertyNameIterator* jsPropertyNameIterator = structure->enumerationCache();
1465     if (!jsPropertyNameIterator || jsPropertyNameIterator->cachedPrototypeChain() != structure->prototypeChain(exec))
1466         jsPropertyNameIterator = JSPropertyNameIterator::create(exec, o);
1467     
1468     LLINT_OP(1) = JSValue(jsPropertyNameIterator);
1469     LLINT_OP(2) = JSValue(o);
1470     LLINT_OP(3) = Register::withInt(0);
1471     LLINT_OP(4) = Register::withInt(jsPropertyNameIterator->size());
1472     
1473     pc += OPCODE_LENGTH(op_get_pnames);
1474     LLINT_END();
1475 }
1476
1477 LLINT_SLOW_PATH_DECL(slow_path_next_pname)
1478 {
1479     LLINT_BEGIN();
1480     JSObject* base = asObject(LLINT_OP(2).jsValue());
1481     JSString* property = asString(LLINT_OP(1).jsValue());
1482     if (base->hasProperty(exec, Identifier(exec, property->value(exec)))) {
1483         // Go to target.
1484         pc += pc[6].u.operand;
1485     } // Else, don't change the PC, so the interpreter will reloop.
1486     LLINT_END();
1487 }
1488
1489 LLINT_SLOW_PATH_DECL(slow_path_push_scope)
1490 {
1491     LLINT_BEGIN();
1492     JSValue v = LLINT_OP(1).jsValue();
1493     JSObject* o = v.toObject(exec);
1494     LLINT_CHECK_EXCEPTION();
1495     
1496     LLINT_OP(1) = o;
1497     exec->setScopeChain(exec->scopeChain()->push(o));
1498     
1499     LLINT_END();
1500 }
1501
1502 LLINT_SLOW_PATH_DECL(slow_path_pop_scope)
1503 {
1504     LLINT_BEGIN();
1505     exec->setScopeChain(exec->scopeChain()->pop());
1506     LLINT_END();
1507 }
1508
1509 LLINT_SLOW_PATH_DECL(slow_path_push_new_scope)
1510 {
1511     LLINT_BEGIN();
1512     CodeBlock* codeBlock = exec->codeBlock();
1513     JSObject* scope = JSStaticScopeObject::create(exec, codeBlock->identifier(pc[2].u.operand), LLINT_OP(3).jsValue(), DontDelete);
1514     exec->setScopeChain(exec->scopeChain()->push(scope));
1515     LLINT_RETURN(scope);
1516 }
1517
1518 LLINT_SLOW_PATH_DECL(slow_path_throw)
1519 {
1520     LLINT_BEGIN();
1521     LLINT_THROW(LLINT_OP_C(1).jsValue());
1522 }
1523
1524 LLINT_SLOW_PATH_DECL(slow_path_throw_reference_error)
1525 {
1526     LLINT_BEGIN();
1527     LLINT_THROW(createReferenceError(exec, LLINT_OP_C(1).jsValue().toString(exec)->value(exec)));
1528 }
1529
1530 LLINT_SLOW_PATH_DECL(slow_path_debug)
1531 {
1532     LLINT_BEGIN();
1533     int debugHookID = pc[1].u.operand;
1534     int firstLine = pc[2].u.operand;
1535     int lastLine = pc[3].u.operand;
1536     
1537     globalData.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID), firstLine, lastLine);
1538     
1539     LLINT_END();
1540 }
1541
1542 LLINT_SLOW_PATH_DECL(slow_path_profile_will_call)
1543 {
1544     LLINT_BEGIN();
1545     (*Profiler::enabledProfilerReference())->willExecute(exec, LLINT_OP(1).jsValue());
1546     LLINT_END();
1547 }
1548
1549 LLINT_SLOW_PATH_DECL(slow_path_profile_did_call)
1550 {
1551     LLINT_BEGIN();
1552     (*Profiler::enabledProfilerReference())->didExecute(exec, LLINT_OP(1).jsValue());
1553     LLINT_END();
1554 }
1555
1556 } } // namespace JSC::LLInt
1557
1558 #endif // ENABLE(LLINT)