4b99a4a5a9a0809d0ead0ef5c615b01a27f456e1
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28
29 #include "ArrayConstructor.h"
30 #include "CallFrame.h"
31 #include "CommonSlowPaths.h"
32 #include "CommonSlowPathsExceptions.h"
33 #include "Error.h"
34 #include "ErrorHandlingScope.h"
35 #include "Exception.h"
36 #include "ExceptionFuzz.h"
37 #include "FunctionWhitelist.h"
38 #include "GetterSetter.h"
39 #include "HostCallReturnValue.h"
40 #include "Interpreter.h"
41 #include "JIT.h"
42 #include "JITExceptions.h"
43 #include "JITWorklist.h"
44 #include "JSLexicalEnvironment.h"
45 #include "JSCInlines.h"
46 #include "JSCJSValue.h"
47 #include "JSGeneratorFunction.h"
48 #include "JSGlobalObjectFunctions.h"
49 #include "JSString.h"
50 #include "JSWithScope.h"
51 #include "LLIntCommon.h"
52 #include "LLIntData.h"
53 #include "LLIntExceptions.h"
54 #include "LowLevelInterpreter.h"
55 #include "ObjectConstructor.h"
56 #include "ObjectPropertyConditionSet.h"
57 #include "ProtoCallFrame.h"
58 #include "ShadowChicken.h"
59 #include "StructureRareDataInlines.h"
60 #include "VMInlines.h"
61 #include <wtf/NeverDestroyed.h>
62 #include <wtf/StringPrintStream.h>
63
64 namespace JSC { namespace LLInt {
65
66 #define LLINT_BEGIN_NO_SET_PC() \
67     VM& vm = exec->vm();      \
68     NativeCallFrameTracer tracer(&vm, exec)
69
70 #ifndef NDEBUG
71 #define LLINT_SET_PC_FOR_STUBS() do { \
72         exec->codeBlock()->bytecodeOffset(pc); \
73         exec->setCurrentVPC(pc); \
74     } while (false)
75 #else
76 #define LLINT_SET_PC_FOR_STUBS() do { \
77         exec->setCurrentVPC(pc); \
78     } while (false)
79 #endif
80
81 #define LLINT_BEGIN()                           \
82     LLINT_BEGIN_NO_SET_PC();                    \
83     LLINT_SET_PC_FOR_STUBS()
84
85 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
86 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
87
88 #define LLINT_RETURN_TWO(first, second) do {       \
89         return encodeResult(first, second);        \
90     } while (false)
91
92 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0)
93
94 #define LLINT_THROW(exceptionToThrow) do {                        \
95         vm.throwException(exec, exceptionToThrow);                \
96         pc = returnToThrow(exec);                                 \
97         LLINT_END_IMPL();                                         \
98     } while (false)
99
100 #define LLINT_CHECK_EXCEPTION() do {                    \
101         doExceptionFuzzingIfEnabled(exec, "LLIntSlowPaths", pc);    \
102         if (UNLIKELY(vm.exception())) {                 \
103             pc = returnToThrow(exec);                   \
104             LLINT_END_IMPL();                           \
105         }                                               \
106     } while (false)
107
108 #define LLINT_END() do {                        \
109         LLINT_CHECK_EXCEPTION();                \
110         LLINT_END_IMPL();                       \
111     } while (false)
112
113 #define LLINT_BRANCH(opcode, condition) do {                      \
114         bool __b_condition = (condition);                         \
115         LLINT_CHECK_EXCEPTION();                                  \
116         if (__b_condition)                                        \
117             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
118         else                                                      \
119             pc += OPCODE_LENGTH(opcode);                          \
120         LLINT_END_IMPL();                                         \
121     } while (false)
122
123 #define LLINT_RETURN(value) do {                \
124         JSValue __r_returnValue = (value);      \
125         LLINT_CHECK_EXCEPTION();                \
126         LLINT_OP(1) = __r_returnValue;          \
127         LLINT_END_IMPL();                       \
128     } while (false)
129
130 #define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \
131         JSValue __r_returnValue = (value);      \
132         LLINT_CHECK_EXCEPTION();                \
133         LLINT_OP(1) = __r_returnValue;          \
134         pc += (pcAdjustment);                   \
135         LLINT_END_IMPL();                       \
136     } while (false)
137
138 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
139         JSValue __rp_returnValue = (value);                     \
140         LLINT_CHECK_EXCEPTION();                                \
141         LLINT_OP(1) = __rp_returnValue;                         \
142         LLINT_PROFILE_VALUE(opcode, __rp_returnValue);          \
143         LLINT_END_IMPL();                                       \
144     } while (false)
145
146 #define LLINT_PROFILE_VALUE(opcode, value) do { \
147         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
148         JSValue::encode(value);                  \
149     } while (false)
150
151 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
152
153 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
154         ExecState* __ct_exec = (exec);                                  \
155         vm.throwException(__ct_exec, exceptionToThrow);                 \
156         LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
157     } while (false)
158
159 #define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do {               \
160         ExecState* __cce_exec = (exec);                                 \
161         ExecState* __cce_execCallee = (execCallee);                     \
162         doExceptionFuzzingIfEnabled(__cce_exec, "LLIntSlowPaths/call", nullptr); \
163         if (UNLIKELY(vm.exception()))                                   \
164             LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
165     } while (false)
166
167 #define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
168         ExecState* __cr_exec = (exec);                                  \
169         ExecState* __cr_execCallee = (execCallee);                      \
170         void* __cr_callTarget = (callTarget);                           \
171         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
172         LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
173     } while (false)
174
175 #define LLINT_RETURN_CALLEE_FRAME(execCallee) do {                      \
176         ExecState* __rcf_exec = (execCallee);                           \
177         LLINT_RETURN_TWO(pc, __rcf_exec);                               \
178     } while (false)
179     
180 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
181 {
182     LLINT_BEGIN();
183     dataLogF("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
184             exec->codeBlock(),
185             exec,
186             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
187             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
188             fromWhere,
189             operand,
190             pc[operand].u.operand);
191     LLINT_END();
192 }
193
194 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
195 {
196     JSValue value = LLINT_OP_C(operand).jsValue();
197     union {
198         struct {
199             uint32_t tag;
200             uint32_t payload;
201         } bits;
202         EncodedJSValue asValue;
203     } u;
204     u.asValue = JSValue::encode(value);
205     dataLogF(
206         "%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
207         exec->codeBlock(),
208         exec,
209         static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
210         exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
211         fromWhere,
212         operand,
213         pc[operand].u.operand,
214         u.bits.tag,
215         u.bits.payload,
216         toCString(value).data());
217     LLINT_END_IMPL();
218 }
219
220 LLINT_SLOW_PATH_DECL(trace_prologue)
221 {
222     dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec);
223     LLINT_END_IMPL();
224 }
225
226 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
227 {
228     JSFunction* callee = jsCast<JSFunction*>(exec->callee());
229     FunctionExecutable* executable = callee->jsExecutable();
230     CodeBlock* codeBlock = executable->codeBlockFor(kind);
231     dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeLocals = %u, caller = %p.\n",
232             codeBlock, exec, comment, callee, executable,
233             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeLocals,
234             exec->callerFrame());
235 }
236
237 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
238 {
239     traceFunctionPrologue(exec, "call prologue", CodeForCall);
240     LLINT_END_IMPL();
241 }
242
243 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
244 {
245     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
246     LLINT_END_IMPL();
247 }
248
249 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
250 {
251     traceFunctionPrologue(exec, "call arity check", CodeForCall);
252     LLINT_END_IMPL();
253 }
254
255 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
256 {
257     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
258     LLINT_END_IMPL();
259 }
260
261 LLINT_SLOW_PATH_DECL(trace)
262 {
263     dataLogF("%p / %p: executing bc#%zu, %s, pc = %p\n",
264             exec->codeBlock(),
265             exec,
266             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
267             opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], pc);
268     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
269         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
270         *bitwise_cast<volatile char*>(exec->returnPC().value());
271     }
272     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
273         dataLogF("Will be returning to %p\n", exec->returnPC().value());
274         dataLogF("The new cfr will be %p\n", exec->callerFrame());
275     }
276     LLINT_END_IMPL();
277 }
278
279 LLINT_SLOW_PATH_DECL(special_trace)
280 {
281     dataLogF("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
282             exec->codeBlock(),
283             exec,
284             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
285             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
286             exec->returnPC().value());
287     LLINT_END_IMPL();
288 }
289
290 enum EntryKind { Prologue, ArityCheck };
291
292 #if ENABLE(JIT)
293 static FunctionWhitelist& ensureGlobalJITWhitelist()
294 {
295     static LazyNeverDestroyed<FunctionWhitelist> baselineWhitelist;
296     static std::once_flag initializeWhitelistFlag;
297     std::call_once(initializeWhitelistFlag, [] {
298         const char* functionWhitelistFile = Options::jitWhitelist();
299         baselineWhitelist.construct(functionWhitelistFile);
300     });
301     return baselineWhitelist;
302 }
303
304 inline bool shouldJIT(ExecState* exec, CodeBlock* codeBlock)
305 {
306     if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionCount())
307         || !ensureGlobalJITWhitelist().contains(codeBlock))
308         return false;
309
310     // You can modify this to turn off JITting without rebuilding the world.
311     return exec->vm().canUseJIT();
312 }
313
314 // Returns true if we should try to OSR.
315 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
316 {
317     VM& vm = exec->vm();
318     DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all.
319     
320     codeBlock->updateAllValueProfilePredictions();
321
322     if (!codeBlock->checkIfJITThresholdReached()) {
323         CODEBLOCK_LOG_EVENT(codeBlock, "delayJITCompile", ("threshold not reached, counter = ", codeBlock->llintExecuteCounter()));
324         if (Options::verboseOSR())
325             dataLogF("    JIT threshold should be lifted.\n");
326         return false;
327     }
328     
329     JITWorklist::instance()->poll(vm);
330     
331     switch (codeBlock->jitType()) {
332     case JITCode::BaselineJIT: {
333         if (Options::verboseOSR())
334             dataLogF("    Code was already compiled.\n");
335         codeBlock->jitSoon();
336         return true;
337     }
338     case JITCode::InterpreterThunk: {
339         JITWorklist::instance()->compileLater(codeBlock);
340         return codeBlock->jitType() == JITCode::BaselineJIT;
341     }
342     default:
343         dataLog("Unexpected code block in LLInt: ", *codeBlock, "\n");
344         RELEASE_ASSERT_NOT_REACHED();
345         return false;
346     }
347 }
348
349 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char *name, EntryKind kind)
350 {
351     if (Options::verboseOSR()) {
352         dataLog(
353             *codeBlock, ": Entered ", name, " with executeCounter = ",
354             codeBlock->llintExecuteCounter(), "\n");
355     }
356     
357     if (!shouldJIT(exec, codeBlock)) {
358         codeBlock->dontJITAnytimeSoon();
359         LLINT_RETURN_TWO(0, 0);
360     }
361     if (!jitCompileAndSetHeuristics(codeBlock, exec))
362         LLINT_RETURN_TWO(0, 0);
363     
364     CODEBLOCK_LOG_EVENT(codeBlock, "OSR entry", ("in prologue"));
365     
366     if (kind == Prologue)
367         LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0);
368     ASSERT(kind == ArityCheck);
369     LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(MustCheckArity).executableAddress(), 0);
370 }
371 #else // ENABLE(JIT)
372 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind)
373 {
374     codeBlock->dontJITAnytimeSoon();
375     LLINT_RETURN_TWO(0, exec);
376 }
377 #endif // ENABLE(JIT)
378
379 LLINT_SLOW_PATH_DECL(entry_osr)
380 {
381     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
382 }
383
384 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
385 {
386     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue);
387 }
388
389 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
390 {
391     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue);
392 }
393
394 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
395 {
396     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck);
397 }
398
399 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
400 {
401     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck);
402 }
403
404 LLINT_SLOW_PATH_DECL(loop_osr)
405 {
406     CodeBlock* codeBlock = exec->codeBlock();
407
408 #if ENABLE(JIT)
409     if (Options::verboseOSR()) {
410         dataLog(
411             *codeBlock, ": Entered loop_osr with executeCounter = ",
412             codeBlock->llintExecuteCounter(), "\n");
413     }
414     
415     if (!shouldJIT(exec, codeBlock)) {
416         codeBlock->dontJITAnytimeSoon();
417         LLINT_RETURN_TWO(0, 0);
418     }
419     
420     if (!jitCompileAndSetHeuristics(codeBlock, exec))
421         LLINT_RETURN_TWO(0, 0);
422     
423     CODEBLOCK_LOG_EVENT(codeBlock, "osrEntry", ("at bc#", pc - codeBlock->instructions().begin()));
424
425     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
426     
427     Vector<BytecodeAndMachineOffset> map;
428     codeBlock->jitCodeMap()->decode(map);
429     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
430     ASSERT(mapping);
431     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
432     
433     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
434     ASSERT(jumpTarget);
435     
436     LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame());
437 #else // ENABLE(JIT)
438     UNUSED_PARAM(pc);
439     codeBlock->dontJITAnytimeSoon();
440     LLINT_RETURN_TWO(0, 0);
441 #endif // ENABLE(JIT)
442 }
443
444 LLINT_SLOW_PATH_DECL(replace)
445 {
446     CodeBlock* codeBlock = exec->codeBlock();
447
448 #if ENABLE(JIT)
449     if (Options::verboseOSR()) {
450         dataLog(
451             *codeBlock, ": Entered replace with executeCounter = ",
452             codeBlock->llintExecuteCounter(), "\n");
453     }
454     
455     if (shouldJIT(exec, codeBlock))
456         jitCompileAndSetHeuristics(codeBlock, exec);
457     else
458         codeBlock->dontJITAnytimeSoon();
459     LLINT_END_IMPL();
460 #else // ENABLE(JIT)
461     codeBlock->dontJITAnytimeSoon();
462     LLINT_END_IMPL();
463 #endif // ENABLE(JIT)
464 }
465
466 LLINT_SLOW_PATH_DECL(stack_check)
467 {
468     VM& vm = exec->vm();
469     VMEntryFrame* vmEntryFrame = vm.topVMEntryFrame;
470     CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
471     if (!callerFrame) {
472         callerFrame = exec;
473         vmEntryFrame = vm.topVMEntryFrame;
474     }
475     NativeCallFrameTracerWithRestore tracer(&vm, vmEntryFrame, callerFrame);
476
477     LLINT_SET_PC_FOR_STUBS();
478
479 #if LLINT_SLOW_PATH_TRACING
480     dataLogF("Checking stack height with exec = %p.\n", exec);
481     dataLogF("CodeBlock = %p.\n", exec->codeBlock());
482     dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeLocals);
483     dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars);
484
485     dataLogF("Current OS stack end is at %p.\n", exec->vm().softStackLimit());
486 #if !ENABLE(JIT)
487     dataLogF("Current C Loop stack end is at %p.\n", exec->vm().cloopStackLimit());
488 #endif
489
490 #endif
491     // If the stack check succeeds and we don't need to throw the error, then
492     // we'll return 0 instead. The prologue will check for a non-zero value
493     // when determining whether to set the callFrame or not.
494
495     // For JIT enabled builds which uses the C stack, the stack is not growable.
496     // Hence, if we get here, then we know a stack overflow is imminent. So, just
497     // throw the StackOverflowError unconditionally.
498 #if !ENABLE(JIT)
499     ASSERT(!vm.interpreter->cloopStack().containsAddress(exec->topOfFrame()));
500     if (LIKELY(vm.ensureStackCapacityFor(exec->topOfFrame())))
501         LLINT_RETURN_TWO(pc, 0);
502 #endif
503
504     ErrorHandlingScope errorScope(vm);
505     throwStackOverflowError(callerFrame);
506     pc = returnToThrow(callerFrame);
507     LLINT_RETURN_TWO(pc, exec);
508 }
509
510 LLINT_SLOW_PATH_DECL(slow_path_new_object)
511 {
512     LLINT_BEGIN();
513     LLINT_RETURN(constructEmptyObject(exec, pc[3].u.objectAllocationProfile->structure()));
514 }
515
516 LLINT_SLOW_PATH_DECL(slow_path_new_array)
517 {
518     LLINT_BEGIN();
519     LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
520 }
521
522 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
523 {
524     LLINT_BEGIN();
525     LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
526 }
527
528 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
529 {
530     LLINT_BEGIN();
531     LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
532 }
533
534 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
535 {
536     LLINT_BEGIN();
537     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
538     if (!regExp->isValid())
539         LLINT_THROW(createSyntaxError(exec, regExp->errorMessage()));
540     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
541 }
542
543 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
544 {
545     LLINT_BEGIN();
546     JSValue value = LLINT_OP_C(2).jsValue();
547     JSValue proto = LLINT_OP_C(3).jsValue();
548     LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
549 }
550
551 LLINT_SLOW_PATH_DECL(slow_path_instanceof_custom)
552 {
553     LLINT_BEGIN();
554
555     JSValue value = LLINT_OP_C(2).jsValue();
556     JSValue constructor = LLINT_OP_C(3).jsValue();
557     JSValue hasInstanceValue = LLINT_OP_C(4).jsValue();
558
559     ASSERT(constructor.isObject());
560     ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure()->typeInfo().implementsDefaultHasInstance());
561
562     JSValue result = jsBoolean(constructor.getObject()->hasInstance(exec, value, hasInstanceValue));
563     LLINT_RETURN(result);
564 }
565
566 LLINT_SLOW_PATH_DECL(slow_path_try_get_by_id)
567 {
568     LLINT_BEGIN();
569     CodeBlock* codeBlock = exec->codeBlock();
570     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
571     JSValue baseValue = LLINT_OP_C(2).jsValue();
572     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::VMInquiry);
573
574     baseValue.getPropertySlot(exec, ident, slot);
575     JSValue result = slot.getPureResult();
576
577     LLINT_RETURN_PROFILED(op_try_get_by_id, result);
578 }
579
580 static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc, JSCell* baseCell, PropertySlot& slot, const Identifier& ident)
581 {
582     CodeBlock* codeBlock = exec->codeBlock();
583     Structure* structure = baseCell->structure();
584
585     if (structure->typeInfo().prohibitsPropertyCaching())
586         return;
587     
588     if (structure->needImpurePropertyWatchpoint())
589         return;
590
591     if (structure->isDictionary()) {
592         if (structure->hasBeenFlattenedBefore())
593             return;
594         structure->flattenDictionaryStructure(vm, jsCast<JSObject*>(baseCell));
595     }
596
597     ObjectPropertyConditionSet conditions;
598     if (slot.isUnset())
599         conditions = generateConditionsForPropertyMiss(vm, codeBlock, exec, structure, ident.impl());
600     else
601         conditions = generateConditionsForPrototypePropertyHit(vm, codeBlock, exec, structure, slot.slotBase(), ident.impl());
602
603     if (!conditions.isValid())
604         return;
605
606     PropertyOffset offset = invalidOffset;
607     CodeBlock::StructureWatchpointMap& watchpointMap = codeBlock->llintGetByIdWatchpointMap();
608     auto result = watchpointMap.add(structure, Bag<LLIntPrototypeLoadAdaptiveStructureWatchpoint>());
609     for (ObjectPropertyCondition condition : conditions) {
610         if (!condition.isWatchable())
611             return;
612         if (condition.condition().kind() == PropertyCondition::Presence)
613             offset = condition.condition().offset();
614         result.iterator->value.add(condition, pc)->install();
615     }
616     ASSERT((offset == invalidOffset) == slot.isUnset());
617
618     ConcurrentJITLocker locker(codeBlock->m_lock);
619
620     if (slot.isUnset()) {
621         pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_unset);
622         pc[4].u.structureID = structure->id();
623         return;
624     }
625     ASSERT(slot.isValue());
626
627     pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_load);
628     pc[4].u.structureID = structure->id();
629     pc[5].u.operand = offset;
630     // We know that this pointer will remain valid because it will be cleared by either a watchpoint fire or
631     // during GC when we clear the LLInt caches.
632     pc[6].u.pointer = slot.slotBase();
633 }
634
635
636 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
637 {
638     LLINT_BEGIN();
639     CodeBlock* codeBlock = exec->codeBlock();
640     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
641     JSValue baseValue = LLINT_OP_C(2).jsValue();
642     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::Get);
643
644     JSValue result = baseValue.get(exec, ident, slot);
645     LLINT_CHECK_EXCEPTION();
646     LLINT_OP(1) = result;
647     
648     if (!LLINT_ALWAYS_ACCESS_SLOW
649         && baseValue.isCell()
650         && slot.isCacheable()) {
651
652         JSCell* baseCell = baseValue.asCell();
653         Structure* structure = baseCell->structure();
654         if (slot.isValue() && slot.slotBase() == baseValue) {
655             // Start out by clearing out the old cache.
656             pc[0].u.opcode = LLInt::getOpcode(op_get_by_id);
657             pc[4].u.pointer = nullptr; // old structure
658             pc[5].u.pointer = nullptr; // offset
659
660             // Prevent the prototype cache from ever happening.
661             pc[7].u.operand = 0;
662         
663             if (structure->propertyAccessesAreCacheable()) {
664                 vm.heap.writeBarrier(codeBlock);
665                 
666                 ConcurrentJITLocker locker(codeBlock->m_lock);
667
668                 pc[4].u.structureID = structure->id();
669                 pc[5].u.operand = slot.cachedOffset();
670             }
671         } else if (UNLIKELY(pc[7].u.operand && (slot.isValue() || slot.isUnset()))) {
672             ASSERT(slot.slotBase() != baseValue);
673
674             if (!(--pc[7].u.operand))
675                 setupGetByIdPrototypeCache(exec, vm, pc, baseCell, slot, ident);
676         }
677     } else if (!LLINT_ALWAYS_ACCESS_SLOW
678         && isJSArray(baseValue)
679         && ident == exec->propertyNames().length) {
680         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
681         ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
682         arrayProfile->observeStructure(baseValue.asCell()->structure());
683         pc[4].u.arrayProfile = arrayProfile;
684
685         // Prevent the prototype cache from ever happening.
686         pc[7].u.operand = 0;
687     }
688
689     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
690     LLINT_END();
691 }
692
693 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
694 {
695     LLINT_BEGIN();
696     CodeBlock* codeBlock = exec->codeBlock();
697     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
698     JSValue baseValue = LLINT_OP(2).jsValue();
699     PropertySlot slot(baseValue, PropertySlot::InternalMethodType::Get);
700     LLINT_RETURN(baseValue.get(exec, ident, slot));
701 }
702
703 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
704 {
705     LLINT_BEGIN();
706     CodeBlock* codeBlock = exec->codeBlock();
707     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
708     
709     JSValue baseValue = LLINT_OP_C(1).jsValue();
710     PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext());
711     if (pc[8].u.putByIdFlags & PutByIdIsDirect)
712         asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot);
713     else
714         baseValue.putInline(exec, ident, LLINT_OP_C(3).jsValue(), slot);
715     LLINT_CHECK_EXCEPTION();
716     
717     if (!LLINT_ALWAYS_ACCESS_SLOW
718         && baseValue.isCell()
719         && slot.isCacheablePut()) {
720
721         // Start out by clearing out the old cache.
722         pc[4].u.pointer = nullptr; // old structure
723         pc[5].u.pointer = nullptr; // offset
724         pc[6].u.pointer = nullptr; // new structure
725         pc[7].u.pointer = nullptr; // structure chain
726         pc[8].u.putByIdFlags =
727             static_cast<PutByIdFlags>(pc[8].u.putByIdFlags & PutByIdPersistentFlagsMask);
728         
729         JSCell* baseCell = baseValue.asCell();
730         Structure* structure = baseCell->structure();
731         
732         if (!structure->isUncacheableDictionary()
733             && !structure->typeInfo().prohibitsPropertyCaching()
734             && baseCell == slot.base()) {
735
736             vm.heap.writeBarrier(codeBlock);
737             
738             if (slot.type() == PutPropertySlot::NewProperty) {
739                 GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap);
740             
741                 if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) {
742                     ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
743
744                     if (normalizePrototypeChain(exec, structure) != InvalidPrototypeChain) {
745                         ASSERT(structure->previousID()->isObject());
746                         pc[4].u.structureID = structure->previousID()->id();
747                         pc[5].u.operand = slot.cachedOffset();
748                         pc[6].u.structureID = structure->id();
749                         if (!(pc[8].u.putByIdFlags & PutByIdIsDirect)) {
750                             StructureChain* chain = structure->prototypeChain(exec);
751                             ASSERT(chain);
752                             pc[7].u.structureChain.set(
753                                 vm, codeBlock, chain);
754                         }
755                         pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
756                             pc[8].u.putByIdFlags |
757                             structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
758                     }
759                 }
760             } else {
761                 structure->didCachePropertyReplacement(vm, slot.cachedOffset());
762                 pc[4].u.structureID = structure->id();
763                 pc[5].u.operand = slot.cachedOffset();
764                 pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
765                     pc[8].u.putByIdFlags |
766                     structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
767             }
768         }
769     }
770     
771     LLINT_END();
772 }
773
774 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
775 {
776     LLINT_BEGIN();
777     CodeBlock* codeBlock = exec->codeBlock();
778     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
779     LLINT_CHECK_EXCEPTION();
780     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
781     LLINT_CHECK_EXCEPTION();
782     if (!couldDelete && codeBlock->isStrictMode())
783         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
784     LLINT_RETURN(jsBoolean(couldDelete));
785 }
786
787 inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
788 {
789     if (LIKELY(baseValue.isCell() && subscript.isString())) {
790         VM& vm = exec->vm();
791         Structure& structure = *baseValue.asCell()->structure(vm);
792         if (JSCell::canUseFastGetOwnProperty(structure)) {
793             if (RefPtr<AtomicStringImpl> existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) {
794                 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get()))
795                     return result;
796             }
797         }
798     }
799     
800     if (subscript.isUInt32()) {
801         uint32_t i = subscript.asUInt32();
802         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
803             return asString(baseValue)->getIndex(exec, i);
804         
805         return baseValue.get(exec, i);
806     }
807
808     baseValue.requireObjectCoercible(exec);
809     if (exec->hadException())
810         return jsUndefined();
811     auto property = subscript.toPropertyKey(exec);
812     if (exec->hadException())
813         return jsUndefined();
814     return baseValue.get(exec, property);
815 }
816
817 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
818 {
819     LLINT_BEGIN();
820     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
821 }
822
823 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
824 {
825     LLINT_BEGIN();
826     
827     JSValue baseValue = LLINT_OP_C(1).jsValue();
828     JSValue subscript = LLINT_OP_C(2).jsValue();
829     JSValue value = LLINT_OP_C(3).jsValue();
830     
831     if (LIKELY(subscript.isUInt32())) {
832         uint32_t i = subscript.asUInt32();
833         if (baseValue.isObject()) {
834             JSObject* object = asObject(baseValue);
835             if (object->canSetIndexQuickly(i))
836                 object->setIndexQuickly(vm, i, value);
837             else
838                 object->methodTable()->putByIndex(object, exec, i, value, exec->codeBlock()->isStrictMode());
839             LLINT_END();
840         }
841         baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode());
842         LLINT_END();
843     }
844
845     auto property = subscript.toPropertyKey(exec);
846     LLINT_CHECK_EXCEPTION();
847     PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
848     baseValue.put(exec, property, value, slot);
849     LLINT_END();
850 }
851
852 LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct)
853 {
854     LLINT_BEGIN();
855     
856     JSValue baseValue = LLINT_OP_C(1).jsValue();
857     JSValue subscript = LLINT_OP_C(2).jsValue();
858     JSValue value = LLINT_OP_C(3).jsValue();
859     RELEASE_ASSERT(baseValue.isObject());
860     JSObject* baseObject = asObject(baseValue);
861     bool isStrictMode = exec->codeBlock()->isStrictMode();
862     if (LIKELY(subscript.isUInt32())) {
863         // Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices.
864         ASSERT(isIndex(subscript.asUInt32()));
865         baseObject->putDirectIndex(exec, subscript.asUInt32(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
866         LLINT_END();
867     }
868
869     if (subscript.isDouble()) {
870         double subscriptAsDouble = subscript.asDouble();
871         uint32_t subscriptAsUInt32 = static_cast<uint32_t>(subscriptAsDouble);
872         if (subscriptAsDouble == subscriptAsUInt32 && isIndex(subscriptAsUInt32)) {
873             baseObject->putDirectIndex(exec, subscriptAsUInt32, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
874             LLINT_END();
875         }
876     }
877
878     // Don't put to an object if toString threw an exception.
879     auto property = subscript.toPropertyKey(exec);
880     if (exec->vm().exception())
881         LLINT_END();
882
883     if (Optional<uint32_t> index = parseIndex(property))
884         baseObject->putDirectIndex(exec, index.value(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
885     else {
886         PutPropertySlot slot(baseObject, isStrictMode);
887         baseObject->putDirect(exec->vm(), property, value, slot);
888     }
889     LLINT_END();
890 }
891
892 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
893 {
894     LLINT_BEGIN();
895     JSValue baseValue = LLINT_OP_C(2).jsValue();
896     JSObject* baseObject = baseValue.toObject(exec);
897     LLINT_CHECK_EXCEPTION();
898
899     JSValue subscript = LLINT_OP_C(3).jsValue();
900     
901     bool couldDelete;
902     
903     uint32_t i;
904     if (subscript.getUInt32(i))
905         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
906     else {
907         LLINT_CHECK_EXCEPTION();
908         auto property = subscript.toPropertyKey(exec);
909         LLINT_CHECK_EXCEPTION();
910         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
911     }
912     
913     if (!couldDelete && exec->codeBlock()->isStrictMode())
914         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
915     
916     LLINT_RETURN(jsBoolean(couldDelete));
917 }
918
919 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
920 {
921     LLINT_BEGIN();
922     JSValue arrayValue = LLINT_OP_C(1).jsValue();
923     ASSERT(isJSArray(arrayValue));
924     asArray(arrayValue)->putDirectIndex(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
925     LLINT_END();
926 }
927
928 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_id)
929 {
930     LLINT_BEGIN();
931     ASSERT(LLINT_OP(1).jsValue().isObject());
932     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
933
934     unsigned options = pc[3].u.operand;
935
936     JSValue getter = LLINT_OP(4).jsValue();
937     ASSERT(getter.isObject());
938
939     baseObj->putGetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(getter), options);
940     LLINT_END();
941 }
942
943 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_id)
944 {
945     LLINT_BEGIN();
946     ASSERT(LLINT_OP(1).jsValue().isObject());
947     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
948
949     unsigned options = pc[3].u.operand;
950
951     JSValue setter = LLINT_OP(4).jsValue();
952     ASSERT(setter.isObject());
953
954     baseObj->putSetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(setter), options);
955     LLINT_END();
956 }
957
958 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter_by_id)
959 {
960     LLINT_BEGIN();
961     ASSERT(LLINT_OP(1).jsValue().isObject());
962     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
963     
964     GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject());
965     LLINT_CHECK_EXCEPTION();
966
967     JSValue getter = LLINT_OP(4).jsValue();
968     JSValue setter = LLINT_OP(5).jsValue();
969     ASSERT(getter.isObject() || getter.isUndefined());
970     ASSERT(setter.isObject() || setter.isUndefined());
971     ASSERT(getter.isObject() || setter.isObject());
972     
973     if (!getter.isUndefined())
974         accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter));
975     if (!setter.isUndefined())
976         accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter));
977     baseObj->putDirectAccessor(
978         exec,
979         exec->codeBlock()->identifier(pc[2].u.operand),
980         accessor, pc[3].u.operand);
981     LLINT_END();
982 }
983
984 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_val)
985 {
986     LLINT_BEGIN();
987     ASSERT(LLINT_OP(1).jsValue().isObject());
988     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
989     JSValue subscript = LLINT_OP_C(2).jsValue();
990
991     unsigned options = pc[3].u.operand;
992
993     JSValue getter = LLINT_OP(4).jsValue();
994     ASSERT(getter.isObject());
995
996     auto property = subscript.toPropertyKey(exec);
997     LLINT_CHECK_EXCEPTION();
998
999     baseObj->putGetter(exec, property, asObject(getter), options);
1000     LLINT_END();
1001 }
1002
1003 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_val)
1004 {
1005     LLINT_BEGIN();
1006     ASSERT(LLINT_OP(1).jsValue().isObject());
1007     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
1008     JSValue subscript = LLINT_OP_C(2).jsValue();
1009
1010     unsigned options = pc[3].u.operand;
1011
1012     JSValue setter = LLINT_OP(4).jsValue();
1013     ASSERT(setter.isObject());
1014
1015     auto property = subscript.toPropertyKey(exec);
1016     LLINT_CHECK_EXCEPTION();
1017
1018     baseObj->putSetter(exec, property, asObject(setter), options);
1019     LLINT_END();
1020 }
1021
1022 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
1023 {
1024     LLINT_BEGIN();
1025     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
1026 }
1027
1028 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
1029 {
1030     LLINT_BEGIN();
1031     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
1032 }
1033
1034 LLINT_SLOW_PATH_DECL(slow_path_jless)
1035 {
1036     LLINT_BEGIN();
1037     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1038 }
1039
1040 LLINT_SLOW_PATH_DECL(slow_path_jnless)
1041 {
1042     LLINT_BEGIN();
1043     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1044 }
1045
1046 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
1047 {
1048     LLINT_BEGIN();
1049     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1050 }
1051
1052 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
1053 {
1054     LLINT_BEGIN();
1055     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1056 }
1057
1058 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
1059 {
1060     LLINT_BEGIN();
1061     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1062 }
1063
1064 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
1065 {
1066     LLINT_BEGIN();
1067     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1068 }
1069
1070 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
1071 {
1072     LLINT_BEGIN();
1073     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1074 }
1075
1076 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
1077 {
1078     LLINT_BEGIN();
1079     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1080 }
1081
1082 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
1083 {
1084     LLINT_BEGIN();
1085     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1086     ASSERT(scrutinee.isDouble());
1087     double value = scrutinee.asDouble();
1088     int32_t intValue = static_cast<int32_t>(value);
1089     int defaultOffset = pc[2].u.operand;
1090     if (value == intValue) {
1091         CodeBlock* codeBlock = exec->codeBlock();
1092         pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
1093     } else
1094         pc += defaultOffset;
1095     LLINT_END();
1096 }
1097
1098 LLINT_SLOW_PATH_DECL(slow_path_switch_char)
1099 {
1100     LLINT_BEGIN();
1101     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1102     ASSERT(scrutinee.isString());
1103     JSString* string = asString(scrutinee);
1104     ASSERT(string->length() == 1);
1105     int defaultOffset = pc[2].u.operand;
1106     StringImpl* impl = string->value(exec).impl();
1107     CodeBlock* codeBlock = exec->codeBlock();
1108     pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
1109     LLINT_END();
1110 }
1111
1112 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
1113 {
1114     LLINT_BEGIN();
1115     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1116     int defaultOffset = pc[2].u.operand;
1117     if (!scrutinee.isString())
1118         pc += defaultOffset;
1119     else {
1120         CodeBlock* codeBlock = exec->codeBlock();
1121         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
1122     }
1123     LLINT_END();
1124 }
1125
1126 LLINT_SLOW_PATH_DECL(slow_path_new_func)
1127 {
1128     LLINT_BEGIN();
1129     CodeBlock* codeBlock = exec->codeBlock();
1130     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1131 #if LLINT_SLOW_PATH_TRACING
1132     dataLogF("Creating function!\n");
1133 #endif
1134     LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1135 }
1136
1137 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func)
1138 {
1139     LLINT_BEGIN();
1140     CodeBlock* codeBlock = exec->codeBlock();
1141     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1142 #if LLINT_SLOW_PATH_TRACING
1143     dataLogF("Creating function!\n");
1144 #endif
1145     LLINT_RETURN(JSGeneratorFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1146 }
1147
1148 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1149 {
1150     LLINT_BEGIN();
1151     
1152     CodeBlock* codeBlock = exec->codeBlock();
1153     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1154     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1155     
1156     LLINT_RETURN(JSFunction::create(vm, executable, scope));
1157 }
1158
1159 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func_exp)
1160 {
1161     LLINT_BEGIN();
1162
1163     CodeBlock* codeBlock = exec->codeBlock();
1164     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1165     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1166
1167     LLINT_RETURN(JSGeneratorFunction::create(vm, executable, scope));
1168 }
1169
1170 LLINT_SLOW_PATH_DECL(slow_path_set_function_name)
1171 {
1172     LLINT_BEGIN();
1173     JSFunction* func = jsCast<JSFunction*>(LLINT_OP(1).Register::unboxedCell());
1174     JSValue name = LLINT_OP_C(2).Register::jsValue();
1175     func->setFunctionName(exec, name);
1176     LLINT_END();
1177 }
1178
1179 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1180 {
1181     UNUSED_PARAM(pc);
1182
1183 #if LLINT_SLOW_PATH_TRACING
1184     dataLog("Performing host call.\n");
1185 #endif
1186     
1187     ExecState* exec = execCallee->callerFrame();
1188     VM& vm = exec->vm();
1189
1190     execCallee->setCodeBlock(0);
1191     execCallee->clearReturnPC();
1192
1193     if (kind == CodeForCall) {
1194         CallData callData;
1195         CallType callType = getCallData(callee, callData);
1196     
1197         ASSERT(callType != CallType::JS);
1198     
1199         if (callType == CallType::Host) {
1200             NativeCallFrameTracer tracer(&vm, execCallee);
1201             execCallee->setCallee(asObject(callee));
1202             vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1203             
1204             LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1205         }
1206         
1207 #if LLINT_SLOW_PATH_TRACING
1208         dataLog("Call callee is not a function: ", callee, "\n");
1209 #endif
1210
1211         ASSERT(callType == CallType::None);
1212         LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee));
1213     }
1214
1215     ASSERT(kind == CodeForConstruct);
1216     
1217     ConstructData constructData;
1218     ConstructType constructType = getConstructData(callee, constructData);
1219     
1220     ASSERT(constructType != ConstructType::JS);
1221     
1222     if (constructType == ConstructType::Host) {
1223         NativeCallFrameTracer tracer(&vm, execCallee);
1224         execCallee->setCallee(asObject(callee));
1225         vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1226
1227         LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1228     }
1229     
1230 #if LLINT_SLOW_PATH_TRACING
1231     dataLog("Constructor callee is not a function: ", callee, "\n");
1232 #endif
1233
1234     ASSERT(constructType == ConstructType::None);
1235     LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1236 }
1237
1238 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1239 {
1240     ExecState* exec = execCallee->callerFrame();
1241
1242 #if LLINT_SLOW_PATH_TRACING
1243     dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC());
1244 #endif
1245     
1246     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1247     if (!calleeAsFunctionCell)
1248         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1249     
1250     JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
1251     JSScope* scope = callee->scopeUnchecked();
1252     VM& vm = *scope->vm();
1253     ExecutableBase* executable = callee->executable();
1254
1255     MacroAssemblerCodePtr codePtr;
1256     CodeBlock* codeBlock = 0;
1257     bool isWebAssemblyExecutable = false;
1258 #if ENABLE(WEBASSEMBLY)
1259     isWebAssemblyExecutable = executable->isWebAssemblyExecutable();
1260 #endif
1261
1262     if (executable->isHostFunction()) {
1263         codePtr = executable->entrypointFor(kind, MustCheckArity);
1264     } else if (!isWebAssemblyExecutable) {
1265         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1266
1267         if (!isCall(kind) && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct)
1268             LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1269
1270         CodeBlock** codeBlockSlot = execCallee->addressOfCodeBlock();
1271         JSObject* error = functionExecutable->prepareForExecution<FunctionExecutable>(execCallee, callee, scope, kind, *codeBlockSlot);
1272         if (error)
1273             LLINT_CALL_THROW(exec, error);
1274         codeBlock = *codeBlockSlot;
1275         ASSERT(codeBlock);
1276         ArityCheckMode arity;
1277         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1278             arity = MustCheckArity;
1279         else
1280             arity = ArityCheckNotRequired;
1281         codePtr = functionExecutable->entrypointFor(kind, arity);
1282     } else {
1283 #if ENABLE(WEBASSEMBLY)
1284         WebAssemblyExecutable* webAssemblyExecutable = static_cast<WebAssemblyExecutable*>(executable);
1285         codeBlock = webAssemblyExecutable->codeBlockForCall();
1286         ASSERT(codeBlock);
1287         ArityCheckMode arity;
1288         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1289             arity = MustCheckArity;
1290         else
1291             arity = ArityCheckNotRequired;
1292         codePtr = webAssemblyExecutable->entrypointFor(kind, arity);
1293 #endif
1294     }
1295     
1296     ASSERT(!!codePtr);
1297     
1298     if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) {
1299         CodeBlock* callerCodeBlock = exec->codeBlock();
1300
1301         ConcurrentJITLocker locker(callerCodeBlock->m_lock);
1302         
1303         if (callLinkInfo->isOnList())
1304             callLinkInfo->remove();
1305         callLinkInfo->callee.set(vm, callerCodeBlock, callee);
1306         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, callee);
1307         callLinkInfo->machineCodeTarget = codePtr;
1308         if (codeBlock)
1309             codeBlock->linkIncomingCall(exec, callLinkInfo);
1310     }
1311
1312     LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
1313 }
1314
1315 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1316 {
1317     // This needs to:
1318     // - Set up a call frame.
1319     // - Figure out what to call and compile it if necessary.
1320     // - If possible, link the call's inline cache.
1321     // - Return a tuple of machine code address to call and the new call frame.
1322     
1323     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1324     
1325     ExecState* execCallee = exec - pc[4].u.operand;
1326     
1327     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1328     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1329     execCallee->setCallerFrame(exec);
1330     
1331     ASSERT(pc[5].u.callLinkInfo);
1332     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[5].u.callLinkInfo);
1333 }
1334
1335 LLINT_SLOW_PATH_DECL(slow_path_call)
1336 {
1337     LLINT_BEGIN_NO_SET_PC();
1338     return genericCall(exec, pc, CodeForCall);
1339 }
1340
1341 LLINT_SLOW_PATH_DECL(slow_path_construct)
1342 {
1343     LLINT_BEGIN_NO_SET_PC();
1344     return genericCall(exec, pc, CodeForConstruct);
1345 }
1346
1347 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs)
1348 {
1349     LLINT_BEGIN();
1350     // This needs to:
1351     // - Set up a call frame while respecting the variable arguments.
1352     
1353     unsigned numUsedStackSlots = -pc[5].u.operand;
1354     unsigned length = sizeFrameForVarargs(exec, vm,
1355         LLINT_OP_C(4).jsValue(), numUsedStackSlots, pc[6].u.operand);
1356     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1357     
1358     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, length + 1);
1359     vm.varargsLength = length;
1360     vm.newCallFrameReturnValue = execCallee;
1361
1362     LLINT_RETURN_CALLEE_FRAME(execCallee);
1363 }
1364
1365 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_forward_arguments)
1366 {
1367     LLINT_BEGIN();
1368     // This needs to:
1369     // - Set up a call frame with the same arguments as the current frame.
1370
1371     unsigned numUsedStackSlots = -pc[5].u.operand;
1372
1373     unsigned arguments = sizeFrameForForwardArguments(exec, vm, numUsedStackSlots);
1374     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1375
1376     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, arguments + 1);
1377
1378     vm.varargsLength = arguments;
1379     vm.newCallFrameReturnValue = execCallee;
1380
1381     LLINT_RETURN_CALLEE_FRAME(execCallee);
1382 }
1383
1384 enum class SetArgumentsWith {
1385     Object,
1386     CurrentArguments
1387 };
1388
1389 inline SlowPathReturnType varargsSetup(ExecState* exec, Instruction* pc, CodeSpecializationKind kind, SetArgumentsWith set)
1390 {
1391     LLINT_BEGIN_NO_SET_PC();
1392     // This needs to:
1393     // - Figure out what to call and compile it if necessary.
1394     // - Return a tuple of machine code address to call and the new call frame.
1395
1396     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1397
1398     ExecState* execCallee = vm.newCallFrameReturnValue;
1399
1400     if (set == SetArgumentsWith::Object) {
1401         setupVarargsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand, vm.varargsLength);
1402         LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1403     } else
1404         setupForwardArgumentsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), vm.varargsLength);
1405
1406     execCallee->setCallerFrame(exec);
1407     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1408     exec->setCurrentVPC(pc);
1409
1410     return setUpCall(execCallee, pc, kind, calleeAsValue);
1411 }
1412
1413 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1414 {
1415     return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::Object);
1416 }
1417
1418 LLINT_SLOW_PATH_DECL(slow_path_tail_call_forward_arguments)
1419 {
1420     return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::CurrentArguments);
1421 }
1422
1423 LLINT_SLOW_PATH_DECL(slow_path_construct_varargs)
1424 {
1425     return varargsSetup(exec, pc, CodeForConstruct, SetArgumentsWith::Object);
1426 }
1427
1428     
1429 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1430 {
1431     LLINT_BEGIN_NO_SET_PC();
1432     JSValue calleeAsValue = LLINT_OP(2).jsValue();
1433     
1434     ExecState* execCallee = exec - pc[4].u.operand;
1435     
1436     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1437     execCallee->setCallerFrame(exec);
1438     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1439     execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
1440     execCallee->setCodeBlock(0);
1441     exec->setCurrentVPC(pc);
1442     
1443     if (!isHostFunction(calleeAsValue, globalFuncEval))
1444         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1445     
1446     vm.hostCallReturnValue = eval(execCallee);
1447     LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1448 }
1449
1450 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1451 {
1452     LLINT_BEGIN();
1453     LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand));
1454 }
1455
1456 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1457 {
1458     LLINT_BEGIN();
1459     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1460 }
1461
1462 LLINT_SLOW_PATH_DECL(slow_path_throw)
1463 {
1464     LLINT_BEGIN();
1465     LLINT_THROW(LLINT_OP_C(1).jsValue());
1466 }
1467
1468 LLINT_SLOW_PATH_DECL(slow_path_throw_static_error)
1469 {
1470     LLINT_BEGIN();
1471     JSValue errorMessageValue = LLINT_OP_C(1).jsValue();
1472     RELEASE_ASSERT(errorMessageValue.isString());
1473     String errorMessage = asString(errorMessageValue)->value(exec);
1474     if (pc[2].u.operand)
1475         LLINT_THROW(createReferenceError(exec, errorMessage));
1476     else
1477         LLINT_THROW(createTypeError(exec, errorMessage));
1478 }
1479
1480 LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)
1481 {
1482     LLINT_BEGIN_NO_SET_PC();
1483     ASSERT(vm.watchdog());
1484     if (UNLIKELY(vm.shouldTriggerTermination(exec)))
1485         LLINT_THROW(createTerminatedExecutionException(&vm));
1486     LLINT_RETURN_TWO(0, exec);
1487 }
1488
1489 LLINT_SLOW_PATH_DECL(slow_path_debug)
1490 {
1491     LLINT_BEGIN();
1492     int debugHookID = pc[1].u.operand;
1493     vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID));
1494     
1495     LLINT_END();
1496 }
1497
1498 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
1499 {
1500     LLINT_BEGIN_NO_SET_PC();
1501     genericUnwind(&vm, exec);
1502     LLINT_END_IMPL();
1503 }
1504
1505 LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
1506 {
1507     LLINT_BEGIN();
1508
1509     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
1510     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
1511     GetPutInfo getPutInfo(pc[4].u.operand);
1512
1513     // ModuleVar is always converted to ClosureVar for get_from_scope.
1514     ASSERT(getPutInfo.resolveType() != ModuleVar);
1515
1516     LLINT_RETURN(scope->getPropertySlot(exec, ident, [&] (bool found, PropertySlot& slot) -> JSValue {
1517         if (!found) {
1518             if (getPutInfo.resolveMode() == ThrowIfNotFound)
1519                 return exec->vm().throwException(exec, createUndefinedVariableError(exec, ident));
1520             return jsUndefined();
1521         }
1522
1523         JSValue result = JSValue();
1524         if (scope->isGlobalLexicalEnvironment()) {
1525             // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1526             result = slot.getValue(exec, ident);
1527             if (result == jsTDZValue())
1528                 return exec->vm().throwException(exec, createTDZError(exec));
1529         }
1530
1531         CommonSlowPaths::tryCacheGetFromScopeGlobal(exec, vm, pc, scope, slot, ident);
1532
1533         if (!result)
1534             return slot.getValue(exec, ident);
1535         return result;
1536     }));
1537 }
1538
1539 LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
1540 {
1541     LLINT_BEGIN();
1542
1543     CodeBlock* codeBlock = exec->codeBlock();
1544     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
1545     JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue());
1546     JSValue value = LLINT_OP_C(3).jsValue();
1547     GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand);
1548     if (getPutInfo.resolveType() == LocalClosureVar) {
1549         JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
1550         environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
1551         
1552         // Have to do this *after* the write, because if this puts the set into IsWatched, then we need
1553         // to have already changed the value of the variable. Otherwise we might watch and constant-fold
1554         // to the Undefined value from before the assignment.
1555         if (WatchpointSet* set = pc[5].u.watchpointSet)
1556             set->touch(vm, "Executed op_put_scope<LocalClosureVar>");
1557         LLINT_END();
1558     }
1559
1560     bool hasProperty = scope->hasProperty(exec, ident);
1561     if (hasProperty
1562         && scope->isGlobalLexicalEnvironment()
1563         && !isInitialization(getPutInfo.initializationMode())) {
1564         // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1565         PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
1566         JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
1567         if (slot.getValue(exec, ident) == jsTDZValue())
1568             LLINT_THROW(createTDZError(exec));
1569     }
1570
1571     if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty)
1572         LLINT_THROW(createUndefinedVariableError(exec, ident));
1573
1574     PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
1575     scope->methodTable()->put(scope, exec, ident, value, slot);
1576     
1577     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, getPutInfo, slot, ident);
1578
1579     LLINT_END();
1580 }
1581
1582 LLINT_SLOW_PATH_DECL(slow_path_check_if_exception_is_uncatchable_and_notify_profiler)
1583 {
1584     LLINT_BEGIN();
1585     RELEASE_ASSERT(!!vm.exception());
1586
1587     if (isTerminatedExecutionException(vm.exception()))
1588         LLINT_RETURN_TWO(pc, bitwise_cast<void*>(static_cast<uintptr_t>(1)));
1589     LLINT_RETURN_TWO(pc, 0);
1590 }
1591
1592 LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_prologue)
1593 {
1594     LLINT_BEGIN();
1595     
1596     JSScope* scope = exec->uncheckedR(pc[1].u.operand).Register::scope();
1597     vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::prologue(exec->callee(), exec, exec->callerFrame(), scope));
1598     
1599     LLINT_END();
1600 }
1601
1602 LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_tail)
1603 {
1604     LLINT_BEGIN();
1605
1606     JSValue thisValue = LLINT_OP(1).jsValue();
1607     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1608     
1609 #if USE(JSVALUE64)
1610     CallSiteIndex callSiteIndex(exec->codeBlock()->bytecodeOffset(pc));
1611 #else
1612     CallSiteIndex callSiteIndex(pc);
1613 #endif
1614     vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::tail(exec, thisValue, scope, exec->codeBlock(), callSiteIndex));
1615     
1616     LLINT_END();
1617 }
1618
1619 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame)
1620 {
1621     ExecState* exec = vm->topCallFrame;
1622     if (!exec)
1623         exec = protoFrame->callee()->globalObject()->globalExec();
1624     throwStackOverflowError(exec);
1625     return encodeResult(0, 0);
1626 }
1627
1628 #if !ENABLE(JIT)
1629 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
1630 {
1631     bool success = vm->ensureStackCapacityFor(newTopOfStack);
1632     return encodeResult(reinterpret_cast<void*>(success), 0);
1633 }
1634 #endif
1635
1636 extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell)
1637 {
1638     VM& vm = exec->vm();
1639     vm.heap.writeBarrier(cell);
1640 }
1641
1642 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash()
1643 {
1644     CRASH();
1645 }
1646
1647 #if ENABLE(LLINT_STATS)
1648
1649 LLINT_SLOW_PATH_DECL(count_opcode)
1650 {
1651     OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode);
1652     Data::opcodeStats(opcodeID).count++;
1653     LLINT_END_IMPL();
1654 }
1655
1656 LLINT_SLOW_PATH_DECL(count_opcode_slow_path)
1657 {
1658     OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode);
1659     Data::opcodeStats(opcodeID).slowPathCount++;
1660     LLINT_END_IMPL();
1661 }
1662
1663 #endif // ENABLE(LLINT_STATS)
1664
1665 } } // namespace JSC::LLInt