Restore CodeBlock jettison code to jettison when a CodeBlock has been alive for a...
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28
29 #include "ArrayConstructor.h"
30 #include "CallFrame.h"
31 #include "CommonSlowPaths.h"
32 #include "CommonSlowPathsExceptions.h"
33 #include "Error.h"
34 #include "ErrorHandlingScope.h"
35 #include "Exception.h"
36 #include "ExceptionFuzz.h"
37 #include "FunctionWhitelist.h"
38 #include "GetterSetter.h"
39 #include "HostCallReturnValue.h"
40 #include "Interpreter.h"
41 #include "JIT.h"
42 #include "JITExceptions.h"
43 #include "JITWorklist.h"
44 #include "JSLexicalEnvironment.h"
45 #include "JSCInlines.h"
46 #include "JSCJSValue.h"
47 #include "JSGeneratorFunction.h"
48 #include "JSGlobalObjectFunctions.h"
49 #include "JSString.h"
50 #include "JSWithScope.h"
51 #include "LLIntCommon.h"
52 #include "LLIntData.h"
53 #include "LLIntExceptions.h"
54 #include "LowLevelInterpreter.h"
55 #include "ObjectConstructor.h"
56 #include "ObjectPropertyConditionSet.h"
57 #include "ProtoCallFrame.h"
58 #include "ShadowChicken.h"
59 #include "StructureRareDataInlines.h"
60 #include "VMInlines.h"
61 #include <wtf/NeverDestroyed.h>
62 #include <wtf/StringPrintStream.h>
63
64 namespace JSC { namespace LLInt {
65
66 #define LLINT_BEGIN_NO_SET_PC() \
67     VM& vm = exec->vm();      \
68     NativeCallFrameTracer tracer(&vm, exec)
69
70 #ifndef NDEBUG
71 #define LLINT_SET_PC_FOR_STUBS() do { \
72         exec->codeBlock()->bytecodeOffset(pc); \
73         exec->setCurrentVPC(pc); \
74     } while (false)
75 #else
76 #define LLINT_SET_PC_FOR_STUBS() do { \
77         exec->setCurrentVPC(pc); \
78     } while (false)
79 #endif
80
81 #define LLINT_BEGIN()                           \
82     LLINT_BEGIN_NO_SET_PC();                    \
83     LLINT_SET_PC_FOR_STUBS()
84
85 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
86 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
87
88 #define LLINT_RETURN_TWO(first, second) do {       \
89         return encodeResult(first, second);        \
90     } while (false)
91
92 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0)
93
94 #define LLINT_THROW(exceptionToThrow) do {                        \
95         vm.throwException(exec, exceptionToThrow);                \
96         pc = returnToThrow(exec);                                 \
97         LLINT_END_IMPL();                                         \
98     } while (false)
99
100 #define LLINT_CHECK_EXCEPTION() do {                    \
101         doExceptionFuzzingIfEnabled(exec, "LLIntSlowPaths", pc);    \
102         if (UNLIKELY(vm.exception())) {                 \
103             pc = returnToThrow(exec);                   \
104             LLINT_END_IMPL();                           \
105         }                                               \
106     } while (false)
107
108 #define LLINT_END() do {                        \
109         LLINT_CHECK_EXCEPTION();                \
110         LLINT_END_IMPL();                       \
111     } while (false)
112
113 #define LLINT_BRANCH(opcode, condition) do {                      \
114         bool __b_condition = (condition);                         \
115         LLINT_CHECK_EXCEPTION();                                  \
116         if (__b_condition)                                        \
117             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
118         else                                                      \
119             pc += OPCODE_LENGTH(opcode);                          \
120         LLINT_END_IMPL();                                         \
121     } while (false)
122
123 #define LLINT_RETURN(value) do {                \
124         JSValue __r_returnValue = (value);      \
125         LLINT_CHECK_EXCEPTION();                \
126         LLINT_OP(1) = __r_returnValue;          \
127         LLINT_END_IMPL();                       \
128     } while (false)
129
130 #define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \
131         JSValue __r_returnValue = (value);      \
132         LLINT_CHECK_EXCEPTION();                \
133         LLINT_OP(1) = __r_returnValue;          \
134         pc += (pcAdjustment);                   \
135         LLINT_END_IMPL();                       \
136     } while (false)
137
138 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
139         JSValue __rp_returnValue = (value);                     \
140         LLINT_CHECK_EXCEPTION();                                \
141         LLINT_OP(1) = __rp_returnValue;                         \
142         LLINT_PROFILE_VALUE(opcode, __rp_returnValue);          \
143         LLINT_END_IMPL();                                       \
144     } while (false)
145
146 #define LLINT_PROFILE_VALUE(opcode, value) do { \
147         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
148         JSValue::encode(value);                  \
149     } while (false)
150
151 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
152
153 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
154         ExecState* __ct_exec = (exec);                                  \
155         vm.throwException(__ct_exec, exceptionToThrow);                 \
156         LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
157     } while (false)
158
159 #define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do {               \
160         ExecState* __cce_exec = (exec);                                 \
161         ExecState* __cce_execCallee = (execCallee);                     \
162         doExceptionFuzzingIfEnabled(__cce_exec, "LLIntSlowPaths/call", nullptr); \
163         if (UNLIKELY(vm.exception()))                                   \
164             LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
165     } while (false)
166
167 #define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
168         ExecState* __cr_exec = (exec);                                  \
169         ExecState* __cr_execCallee = (execCallee);                      \
170         void* __cr_callTarget = (callTarget);                           \
171         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
172         LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
173     } while (false)
174
175 #define LLINT_RETURN_CALLEE_FRAME(execCallee) do {                      \
176         ExecState* __rcf_exec = (execCallee);                           \
177         LLINT_RETURN_TWO(pc, __rcf_exec);                               \
178     } while (false)
179     
180 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
181 {
182     LLINT_BEGIN();
183     dataLogF("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
184             exec->codeBlock(),
185             exec,
186             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
187             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
188             fromWhere,
189             operand,
190             pc[operand].u.operand);
191     LLINT_END();
192 }
193
194 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
195 {
196     JSValue value = LLINT_OP_C(operand).jsValue();
197     union {
198         struct {
199             uint32_t tag;
200             uint32_t payload;
201         } bits;
202         EncodedJSValue asValue;
203     } u;
204     u.asValue = JSValue::encode(value);
205     dataLogF(
206         "%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
207         exec->codeBlock(),
208         exec,
209         static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
210         exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
211         fromWhere,
212         operand,
213         pc[operand].u.operand,
214         u.bits.tag,
215         u.bits.payload,
216         toCString(value).data());
217     LLINT_END_IMPL();
218 }
219
220 LLINT_SLOW_PATH_DECL(trace_prologue)
221 {
222     dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec);
223     LLINT_END_IMPL();
224 }
225
226 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
227 {
228     JSFunction* callee = jsCast<JSFunction*>(exec->callee());
229     FunctionExecutable* executable = callee->jsExecutable();
230     CodeBlock* codeBlock = executable->codeBlockFor(kind);
231     dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeLocals = %u, caller = %p.\n",
232             codeBlock, exec, comment, callee, executable,
233             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeLocals,
234             exec->callerFrame());
235 }
236
237 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
238 {
239     traceFunctionPrologue(exec, "call prologue", CodeForCall);
240     LLINT_END_IMPL();
241 }
242
243 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
244 {
245     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
246     LLINT_END_IMPL();
247 }
248
249 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
250 {
251     traceFunctionPrologue(exec, "call arity check", CodeForCall);
252     LLINT_END_IMPL();
253 }
254
255 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
256 {
257     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
258     LLINT_END_IMPL();
259 }
260
261 LLINT_SLOW_PATH_DECL(trace)
262 {
263     dataLogF("%p / %p: executing bc#%zu, %s, pc = %p\n",
264             exec->codeBlock(),
265             exec,
266             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
267             opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], pc);
268     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
269         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
270         *bitwise_cast<volatile char*>(exec->returnPC().value());
271     }
272     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
273         dataLogF("Will be returning to %p\n", exec->returnPC().value());
274         dataLogF("The new cfr will be %p\n", exec->callerFrame());
275     }
276     LLINT_END_IMPL();
277 }
278
279 LLINT_SLOW_PATH_DECL(special_trace)
280 {
281     dataLogF("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
282             exec->codeBlock(),
283             exec,
284             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
285             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
286             exec->returnPC().value());
287     LLINT_END_IMPL();
288 }
289
290 enum EntryKind { Prologue, ArityCheck };
291
292 #if ENABLE(JIT)
293 static FunctionWhitelist& ensureGlobalJITWhitelist()
294 {
295     static LazyNeverDestroyed<FunctionWhitelist> baselineWhitelist;
296     static std::once_flag initializeWhitelistFlag;
297     std::call_once(initializeWhitelistFlag, [] {
298         const char* functionWhitelistFile = Options::jitWhitelist();
299         baselineWhitelist.construct(functionWhitelistFile);
300     });
301     return baselineWhitelist;
302 }
303
304 inline bool shouldJIT(ExecState* exec, CodeBlock* codeBlock)
305 {
306     if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionCount())
307         || !ensureGlobalJITWhitelist().contains(codeBlock))
308         return false;
309
310     // You can modify this to turn off JITting without rebuilding the world.
311     return exec->vm().canUseJIT();
312 }
313
314 // Returns true if we should try to OSR.
315 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
316 {
317     VM& vm = exec->vm();
318     DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all.
319     
320     codeBlock->updateAllValueProfilePredictions();
321
322     if (!codeBlock->checkIfJITThresholdReached()) {
323         CODEBLOCK_LOG_EVENT(codeBlock, "delayJITCompile", ("threshold not reached, counter = ", codeBlock->llintExecuteCounter()));
324         if (Options::verboseOSR())
325             dataLogF("    JIT threshold should be lifted.\n");
326         return false;
327     }
328     
329     JITWorklist::instance()->poll(vm);
330     
331     switch (codeBlock->jitType()) {
332     case JITCode::BaselineJIT: {
333         if (Options::verboseOSR())
334             dataLogF("    Code was already compiled.\n");
335         codeBlock->jitSoon();
336         return true;
337     }
338     case JITCode::InterpreterThunk: {
339         JITWorklist::instance()->compileLater(codeBlock);
340         return codeBlock->jitType() == JITCode::BaselineJIT;
341     }
342     default:
343         dataLog("Unexpected code block in LLInt: ", *codeBlock, "\n");
344         RELEASE_ASSERT_NOT_REACHED();
345         return false;
346     }
347 }
348
349 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char *name, EntryKind kind)
350 {
351     if (Options::verboseOSR()) {
352         dataLog(
353             *codeBlock, ": Entered ", name, " with executeCounter = ",
354             codeBlock->llintExecuteCounter(), "\n");
355     }
356     
357     if (!shouldJIT(exec, codeBlock)) {
358         codeBlock->dontJITAnytimeSoon();
359         LLINT_RETURN_TWO(0, 0);
360     }
361     if (!jitCompileAndSetHeuristics(codeBlock, exec))
362         LLINT_RETURN_TWO(0, 0);
363     
364     CODEBLOCK_LOG_EVENT(codeBlock, "OSR entry", ("in prologue"));
365     
366     if (kind == Prologue)
367         LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0);
368     ASSERT(kind == ArityCheck);
369     LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(MustCheckArity).executableAddress(), 0);
370 }
371 #else // ENABLE(JIT)
372 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind)
373 {
374     codeBlock->dontJITAnytimeSoon();
375     LLINT_RETURN_TWO(0, exec);
376 }
377 #endif // ENABLE(JIT)
378
379 LLINT_SLOW_PATH_DECL(entry_osr)
380 {
381     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
382 }
383
384 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
385 {
386     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue);
387 }
388
389 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
390 {
391     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue);
392 }
393
394 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
395 {
396     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck);
397 }
398
399 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
400 {
401     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck);
402 }
403
404 LLINT_SLOW_PATH_DECL(loop_osr)
405 {
406     CodeBlock* codeBlock = exec->codeBlock();
407
408 #if ENABLE(JIT)
409     if (Options::verboseOSR()) {
410         dataLog(
411             *codeBlock, ": Entered loop_osr with executeCounter = ",
412             codeBlock->llintExecuteCounter(), "\n");
413     }
414     
415     if (!shouldJIT(exec, codeBlock)) {
416         codeBlock->dontJITAnytimeSoon();
417         LLINT_RETURN_TWO(0, 0);
418     }
419     
420     if (!jitCompileAndSetHeuristics(codeBlock, exec))
421         LLINT_RETURN_TWO(0, 0);
422     
423     CODEBLOCK_LOG_EVENT(codeBlock, "osrEntry", ("at bc#", pc - codeBlock->instructions().begin()));
424
425     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
426     
427     Vector<BytecodeAndMachineOffset> map;
428     codeBlock->jitCodeMap()->decode(map);
429     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
430     ASSERT(mapping);
431     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
432     
433     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
434     ASSERT(jumpTarget);
435     
436     LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame());
437 #else // ENABLE(JIT)
438     UNUSED_PARAM(pc);
439     codeBlock->dontJITAnytimeSoon();
440     LLINT_RETURN_TWO(0, 0);
441 #endif // ENABLE(JIT)
442 }
443
444 LLINT_SLOW_PATH_DECL(replace)
445 {
446     CodeBlock* codeBlock = exec->codeBlock();
447
448 #if ENABLE(JIT)
449     if (Options::verboseOSR()) {
450         dataLog(
451             *codeBlock, ": Entered replace with executeCounter = ",
452             codeBlock->llintExecuteCounter(), "\n");
453     }
454     
455     if (shouldJIT(exec, codeBlock))
456         jitCompileAndSetHeuristics(codeBlock, exec);
457     else
458         codeBlock->dontJITAnytimeSoon();
459     LLINT_END_IMPL();
460 #else // ENABLE(JIT)
461     codeBlock->dontJITAnytimeSoon();
462     LLINT_END_IMPL();
463 #endif // ENABLE(JIT)
464 }
465
466 LLINT_SLOW_PATH_DECL(stack_check)
467 {
468     VM& vm = exec->vm();
469     VMEntryFrame* vmEntryFrame = vm.topVMEntryFrame;
470     CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
471     if (!callerFrame) {
472         callerFrame = exec;
473         vmEntryFrame = vm.topVMEntryFrame;
474     }
475     NativeCallFrameTracerWithRestore tracer(&vm, vmEntryFrame, callerFrame);
476
477     LLINT_SET_PC_FOR_STUBS();
478
479 #if LLINT_SLOW_PATH_TRACING
480     dataLogF("Checking stack height with exec = %p.\n", exec);
481     dataLogF("CodeBlock = %p.\n", exec->codeBlock());
482     dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeLocals);
483     dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars);
484
485     dataLogF("Current OS stack end is at %p.\n", exec->vm().softStackLimit());
486 #if !ENABLE(JIT)
487     dataLogF("Current C Loop stack end is at %p.\n", exec->vm().cloopStackLimit());
488 #endif
489
490 #endif
491     // If the stack check succeeds and we don't need to throw the error, then
492     // we'll return 0 instead. The prologue will check for a non-zero value
493     // when determining whether to set the callFrame or not.
494
495     // For JIT enabled builds which uses the C stack, the stack is not growable.
496     // Hence, if we get here, then we know a stack overflow is imminent. So, just
497     // throw the StackOverflowError unconditionally.
498 #if !ENABLE(JIT)
499     ASSERT(!vm.interpreter->cloopStack().containsAddress(exec->topOfFrame()));
500     if (LIKELY(vm.ensureStackCapacityFor(exec->topOfFrame())))
501         LLINT_RETURN_TWO(pc, 0);
502 #endif
503
504     ErrorHandlingScope errorScope(vm);
505     throwStackOverflowError(callerFrame);
506     pc = returnToThrow(callerFrame);
507     LLINT_RETURN_TWO(pc, exec);
508 }
509
510 LLINT_SLOW_PATH_DECL(slow_path_new_object)
511 {
512     LLINT_BEGIN();
513     LLINT_RETURN(constructEmptyObject(exec, pc[3].u.objectAllocationProfile->structure()));
514 }
515
516 LLINT_SLOW_PATH_DECL(slow_path_new_array)
517 {
518     LLINT_BEGIN();
519     LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
520 }
521
522 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
523 {
524     LLINT_BEGIN();
525     LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
526 }
527
528 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
529 {
530     LLINT_BEGIN();
531     LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
532 }
533
534 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
535 {
536     LLINT_BEGIN();
537     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
538     if (!regExp->isValid())
539         LLINT_THROW(createSyntaxError(exec, regExp->errorMessage()));
540     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
541 }
542
543 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
544 {
545     LLINT_BEGIN();
546     JSValue value = LLINT_OP_C(2).jsValue();
547     JSValue proto = LLINT_OP_C(3).jsValue();
548     LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
549 }
550
551 LLINT_SLOW_PATH_DECL(slow_path_instanceof_custom)
552 {
553     LLINT_BEGIN();
554
555     JSValue value = LLINT_OP_C(2).jsValue();
556     JSValue constructor = LLINT_OP_C(3).jsValue();
557     JSValue hasInstanceValue = LLINT_OP_C(4).jsValue();
558
559     ASSERT(constructor.isObject());
560     ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure()->typeInfo().implementsDefaultHasInstance());
561
562     JSValue result = jsBoolean(constructor.getObject()->hasInstance(exec, value, hasInstanceValue));
563     LLINT_RETURN(result);
564 }
565
566 LLINT_SLOW_PATH_DECL(slow_path_try_get_by_id)
567 {
568     LLINT_BEGIN();
569     CodeBlock* codeBlock = exec->codeBlock();
570     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
571     JSValue baseValue = LLINT_OP_C(2).jsValue();
572     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::VMInquiry);
573
574     baseValue.getPropertySlot(exec, ident, slot);
575
576     LLINT_RETURN(slot.getPureResult());
577 }
578
579 static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc, JSCell* baseCell, PropertySlot& slot, const Identifier& ident)
580 {
581     CodeBlock* codeBlock = exec->codeBlock();
582     Structure* structure = baseCell->structure();
583
584     if (structure->typeInfo().prohibitsPropertyCaching())
585         return;
586     
587     if (structure->needImpurePropertyWatchpoint())
588         return;
589
590     if (structure->isDictionary()) {
591         if (structure->hasBeenFlattenedBefore())
592             return;
593         structure->flattenDictionaryStructure(vm, jsCast<JSObject*>(baseCell));
594     }
595
596     ObjectPropertyConditionSet conditions;
597     if (slot.isUnset())
598         conditions = generateConditionsForPropertyMiss(vm, codeBlock, exec, structure, ident.impl());
599     else
600         conditions = generateConditionsForPrototypePropertyHit(vm, codeBlock, exec, structure, slot.slotBase(), ident.impl());
601
602     if (!conditions.isValid())
603         return;
604
605     PropertyOffset offset = invalidOffset;
606     CodeBlock::StructureWatchpointMap& watchpointMap = codeBlock->llintGetByIdWatchpointMap();
607     auto result = watchpointMap.add(structure, Bag<LLIntPrototypeLoadAdaptiveStructureWatchpoint>());
608     for (ObjectPropertyCondition condition : conditions) {
609         if (!condition.isWatchable())
610             return;
611         if (condition.condition().kind() == PropertyCondition::Presence)
612             offset = condition.condition().offset();
613         result.iterator->value.add(condition, pc)->install();
614     }
615     ASSERT((offset == invalidOffset) == slot.isUnset());
616
617     ConcurrentJITLocker locker(codeBlock->m_lock);
618
619     if (slot.isUnset()) {
620         pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_unset);
621         pc[4].u.structureID = structure->id();
622         return;
623     }
624     ASSERT(slot.isValue());
625
626     pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_load);
627     pc[4].u.structureID = structure->id();
628     pc[5].u.operand = offset;
629     // We know that this pointer will remain valid because it will be cleared by either a watchpoint fire or
630     // during GC when we clear the LLInt caches.
631     pc[6].u.pointer = slot.slotBase();
632 }
633
634
635 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
636 {
637     LLINT_BEGIN();
638     CodeBlock* codeBlock = exec->codeBlock();
639     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
640     JSValue baseValue = LLINT_OP_C(2).jsValue();
641     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::Get);
642
643     JSValue result = baseValue.get(exec, ident, slot);
644     LLINT_CHECK_EXCEPTION();
645     LLINT_OP(1) = result;
646     
647     if (!LLINT_ALWAYS_ACCESS_SLOW
648         && baseValue.isCell()
649         && slot.isCacheable()) {
650
651         JSCell* baseCell = baseValue.asCell();
652         Structure* structure = baseCell->structure();
653         if (slot.isValue() && slot.slotBase() == baseValue) {
654             // Start out by clearing out the old cache.
655             pc[0].u.opcode = LLInt::getOpcode(op_get_by_id);
656             pc[4].u.pointer = nullptr; // old structure
657             pc[5].u.pointer = nullptr; // offset
658
659             // Prevent the prototype cache from ever happening.
660             pc[7].u.operand = 0;
661         
662             if (structure->propertyAccessesAreCacheable()) {
663                 vm.heap.writeBarrier(codeBlock);
664                 
665                 ConcurrentJITLocker locker(codeBlock->m_lock);
666
667                 pc[4].u.structureID = structure->id();
668                 pc[5].u.operand = slot.cachedOffset();
669             }
670         } else if (UNLIKELY(pc[7].u.operand && (slot.isValue() || slot.isUnset()))) {
671             ASSERT(slot.slotBase() != baseValue);
672
673             if (!(--pc[7].u.operand))
674                 setupGetByIdPrototypeCache(exec, vm, pc, baseCell, slot, ident);
675         }
676     } else if (!LLINT_ALWAYS_ACCESS_SLOW
677         && isJSArray(baseValue)
678         && ident == exec->propertyNames().length) {
679         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
680         ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
681         arrayProfile->observeStructure(baseValue.asCell()->structure());
682         pc[4].u.arrayProfile = arrayProfile;
683
684         // Prevent the prototype cache from ever happening.
685         pc[7].u.operand = 0;
686     }
687
688     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
689     LLINT_END();
690 }
691
692 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
693 {
694     LLINT_BEGIN();
695     CodeBlock* codeBlock = exec->codeBlock();
696     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
697     JSValue baseValue = LLINT_OP(2).jsValue();
698     PropertySlot slot(baseValue, PropertySlot::InternalMethodType::Get);
699     LLINT_RETURN(baseValue.get(exec, ident, slot));
700 }
701
702 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
703 {
704     LLINT_BEGIN();
705     CodeBlock* codeBlock = exec->codeBlock();
706     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
707     
708     JSValue baseValue = LLINT_OP_C(1).jsValue();
709     PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext());
710     if (pc[8].u.putByIdFlags & PutByIdIsDirect)
711         asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot);
712     else
713         baseValue.putInline(exec, ident, LLINT_OP_C(3).jsValue(), slot);
714     LLINT_CHECK_EXCEPTION();
715     
716     if (!LLINT_ALWAYS_ACCESS_SLOW
717         && baseValue.isCell()
718         && slot.isCacheablePut()) {
719
720         // Start out by clearing out the old cache.
721         pc[4].u.pointer = nullptr; // old structure
722         pc[5].u.pointer = nullptr; // offset
723         pc[6].u.pointer = nullptr; // new structure
724         pc[7].u.pointer = nullptr; // structure chain
725         pc[8].u.putByIdFlags =
726             static_cast<PutByIdFlags>(pc[8].u.putByIdFlags & PutByIdPersistentFlagsMask);
727         
728         JSCell* baseCell = baseValue.asCell();
729         Structure* structure = baseCell->structure();
730         
731         if (!structure->isUncacheableDictionary()
732             && !structure->typeInfo().prohibitsPropertyCaching()
733             && baseCell == slot.base()) {
734
735             vm.heap.writeBarrier(codeBlock);
736             
737             if (slot.type() == PutPropertySlot::NewProperty) {
738                 GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap);
739             
740                 if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) {
741                     ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
742
743                     if (normalizePrototypeChain(exec, structure) != InvalidPrototypeChain) {
744                         ASSERT(structure->previousID()->isObject());
745                         pc[4].u.structureID = structure->previousID()->id();
746                         pc[5].u.operand = slot.cachedOffset();
747                         pc[6].u.structureID = structure->id();
748                         if (!(pc[8].u.putByIdFlags & PutByIdIsDirect)) {
749                             StructureChain* chain = structure->prototypeChain(exec);
750                             ASSERT(chain);
751                             pc[7].u.structureChain.set(
752                                 vm, codeBlock, chain);
753                         }
754                         pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
755                             pc[8].u.putByIdFlags |
756                             structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
757                     }
758                 }
759             } else {
760                 structure->didCachePropertyReplacement(vm, slot.cachedOffset());
761                 pc[4].u.structureID = structure->id();
762                 pc[5].u.operand = slot.cachedOffset();
763                 pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
764                     pc[8].u.putByIdFlags |
765                     structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
766             }
767         }
768     }
769     
770     LLINT_END();
771 }
772
773 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
774 {
775     LLINT_BEGIN();
776     CodeBlock* codeBlock = exec->codeBlock();
777     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
778     LLINT_CHECK_EXCEPTION();
779     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
780     LLINT_CHECK_EXCEPTION();
781     if (!couldDelete && codeBlock->isStrictMode())
782         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
783     LLINT_RETURN(jsBoolean(couldDelete));
784 }
785
786 inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
787 {
788     if (LIKELY(baseValue.isCell() && subscript.isString())) {
789         VM& vm = exec->vm();
790         Structure& structure = *baseValue.asCell()->structure(vm);
791         if (JSCell::canUseFastGetOwnProperty(structure)) {
792             if (RefPtr<AtomicStringImpl> existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) {
793                 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get()))
794                     return result;
795             }
796         }
797     }
798     
799     if (subscript.isUInt32()) {
800         uint32_t i = subscript.asUInt32();
801         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
802             return asString(baseValue)->getIndex(exec, i);
803         
804         return baseValue.get(exec, i);
805     }
806
807     baseValue.requireObjectCoercible(exec);
808     if (exec->hadException())
809         return jsUndefined();
810     auto property = subscript.toPropertyKey(exec);
811     if (exec->hadException())
812         return jsUndefined();
813     return baseValue.get(exec, property);
814 }
815
816 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
817 {
818     LLINT_BEGIN();
819     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
820 }
821
822 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
823 {
824     LLINT_BEGIN();
825     
826     JSValue baseValue = LLINT_OP_C(1).jsValue();
827     JSValue subscript = LLINT_OP_C(2).jsValue();
828     JSValue value = LLINT_OP_C(3).jsValue();
829     
830     if (LIKELY(subscript.isUInt32())) {
831         uint32_t i = subscript.asUInt32();
832         if (baseValue.isObject()) {
833             JSObject* object = asObject(baseValue);
834             if (object->canSetIndexQuickly(i))
835                 object->setIndexQuickly(vm, i, value);
836             else
837                 object->methodTable()->putByIndex(object, exec, i, value, exec->codeBlock()->isStrictMode());
838             LLINT_END();
839         }
840         baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode());
841         LLINT_END();
842     }
843
844     auto property = subscript.toPropertyKey(exec);
845     LLINT_CHECK_EXCEPTION();
846     PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
847     baseValue.put(exec, property, value, slot);
848     LLINT_END();
849 }
850
851 LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct)
852 {
853     LLINT_BEGIN();
854     
855     JSValue baseValue = LLINT_OP_C(1).jsValue();
856     JSValue subscript = LLINT_OP_C(2).jsValue();
857     JSValue value = LLINT_OP_C(3).jsValue();
858     RELEASE_ASSERT(baseValue.isObject());
859     JSObject* baseObject = asObject(baseValue);
860     bool isStrictMode = exec->codeBlock()->isStrictMode();
861     if (LIKELY(subscript.isUInt32())) {
862         // Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices.
863         ASSERT(isIndex(subscript.asUInt32()));
864         baseObject->putDirectIndex(exec, subscript.asUInt32(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
865         LLINT_END();
866     }
867
868     if (subscript.isDouble()) {
869         double subscriptAsDouble = subscript.asDouble();
870         uint32_t subscriptAsUInt32 = static_cast<uint32_t>(subscriptAsDouble);
871         if (subscriptAsDouble == subscriptAsUInt32 && isIndex(subscriptAsUInt32)) {
872             baseObject->putDirectIndex(exec, subscriptAsUInt32, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
873             LLINT_END();
874         }
875     }
876
877     // Don't put to an object if toString threw an exception.
878     auto property = subscript.toPropertyKey(exec);
879     if (exec->vm().exception())
880         LLINT_END();
881
882     if (Optional<uint32_t> index = parseIndex(property))
883         baseObject->putDirectIndex(exec, index.value(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
884     else {
885         PutPropertySlot slot(baseObject, isStrictMode);
886         baseObject->putDirect(exec->vm(), property, value, slot);
887     }
888     LLINT_END();
889 }
890
891 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
892 {
893     LLINT_BEGIN();
894     JSValue baseValue = LLINT_OP_C(2).jsValue();
895     JSObject* baseObject = baseValue.toObject(exec);
896     LLINT_CHECK_EXCEPTION();
897
898     JSValue subscript = LLINT_OP_C(3).jsValue();
899     
900     bool couldDelete;
901     
902     uint32_t i;
903     if (subscript.getUInt32(i))
904         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
905     else {
906         LLINT_CHECK_EXCEPTION();
907         auto property = subscript.toPropertyKey(exec);
908         LLINT_CHECK_EXCEPTION();
909         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
910     }
911     
912     if (!couldDelete && exec->codeBlock()->isStrictMode())
913         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
914     
915     LLINT_RETURN(jsBoolean(couldDelete));
916 }
917
918 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
919 {
920     LLINT_BEGIN();
921     JSValue arrayValue = LLINT_OP_C(1).jsValue();
922     ASSERT(isJSArray(arrayValue));
923     asArray(arrayValue)->putDirectIndex(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
924     LLINT_END();
925 }
926
927 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_id)
928 {
929     LLINT_BEGIN();
930     ASSERT(LLINT_OP(1).jsValue().isObject());
931     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
932
933     unsigned options = pc[3].u.operand;
934
935     JSValue getter = LLINT_OP(4).jsValue();
936     ASSERT(getter.isObject());
937
938     baseObj->putGetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(getter), options);
939     LLINT_END();
940 }
941
942 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_id)
943 {
944     LLINT_BEGIN();
945     ASSERT(LLINT_OP(1).jsValue().isObject());
946     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
947
948     unsigned options = pc[3].u.operand;
949
950     JSValue setter = LLINT_OP(4).jsValue();
951     ASSERT(setter.isObject());
952
953     baseObj->putSetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(setter), options);
954     LLINT_END();
955 }
956
957 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter_by_id)
958 {
959     LLINT_BEGIN();
960     ASSERT(LLINT_OP(1).jsValue().isObject());
961     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
962     
963     GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject());
964     LLINT_CHECK_EXCEPTION();
965
966     JSValue getter = LLINT_OP(4).jsValue();
967     JSValue setter = LLINT_OP(5).jsValue();
968     ASSERT(getter.isObject() || getter.isUndefined());
969     ASSERT(setter.isObject() || setter.isUndefined());
970     ASSERT(getter.isObject() || setter.isObject());
971     
972     if (!getter.isUndefined())
973         accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter));
974     if (!setter.isUndefined())
975         accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter));
976     baseObj->putDirectAccessor(
977         exec,
978         exec->codeBlock()->identifier(pc[2].u.operand),
979         accessor, pc[3].u.operand);
980     LLINT_END();
981 }
982
983 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_val)
984 {
985     LLINT_BEGIN();
986     ASSERT(LLINT_OP(1).jsValue().isObject());
987     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
988     JSValue subscript = LLINT_OP_C(2).jsValue();
989
990     unsigned options = pc[3].u.operand;
991
992     JSValue getter = LLINT_OP(4).jsValue();
993     ASSERT(getter.isObject());
994
995     auto property = subscript.toPropertyKey(exec);
996     LLINT_CHECK_EXCEPTION();
997
998     baseObj->putGetter(exec, property, asObject(getter), options);
999     LLINT_END();
1000 }
1001
1002 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_val)
1003 {
1004     LLINT_BEGIN();
1005     ASSERT(LLINT_OP(1).jsValue().isObject());
1006     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
1007     JSValue subscript = LLINT_OP_C(2).jsValue();
1008
1009     unsigned options = pc[3].u.operand;
1010
1011     JSValue setter = LLINT_OP(4).jsValue();
1012     ASSERT(setter.isObject());
1013
1014     auto property = subscript.toPropertyKey(exec);
1015     LLINT_CHECK_EXCEPTION();
1016
1017     baseObj->putSetter(exec, property, asObject(setter), options);
1018     LLINT_END();
1019 }
1020
1021 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
1022 {
1023     LLINT_BEGIN();
1024     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
1025 }
1026
1027 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
1028 {
1029     LLINT_BEGIN();
1030     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
1031 }
1032
1033 LLINT_SLOW_PATH_DECL(slow_path_jless)
1034 {
1035     LLINT_BEGIN();
1036     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1037 }
1038
1039 LLINT_SLOW_PATH_DECL(slow_path_jnless)
1040 {
1041     LLINT_BEGIN();
1042     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1043 }
1044
1045 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
1046 {
1047     LLINT_BEGIN();
1048     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1049 }
1050
1051 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
1052 {
1053     LLINT_BEGIN();
1054     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1055 }
1056
1057 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
1058 {
1059     LLINT_BEGIN();
1060     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1061 }
1062
1063 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
1064 {
1065     LLINT_BEGIN();
1066     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1067 }
1068
1069 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
1070 {
1071     LLINT_BEGIN();
1072     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1073 }
1074
1075 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
1076 {
1077     LLINT_BEGIN();
1078     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1079 }
1080
1081 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
1082 {
1083     LLINT_BEGIN();
1084     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1085     ASSERT(scrutinee.isDouble());
1086     double value = scrutinee.asDouble();
1087     int32_t intValue = static_cast<int32_t>(value);
1088     int defaultOffset = pc[2].u.operand;
1089     if (value == intValue) {
1090         CodeBlock* codeBlock = exec->codeBlock();
1091         pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
1092     } else
1093         pc += defaultOffset;
1094     LLINT_END();
1095 }
1096
1097 LLINT_SLOW_PATH_DECL(slow_path_switch_char)
1098 {
1099     LLINT_BEGIN();
1100     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1101     ASSERT(scrutinee.isString());
1102     JSString* string = asString(scrutinee);
1103     ASSERT(string->length() == 1);
1104     int defaultOffset = pc[2].u.operand;
1105     StringImpl* impl = string->value(exec).impl();
1106     CodeBlock* codeBlock = exec->codeBlock();
1107     pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
1108     LLINT_END();
1109 }
1110
1111 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
1112 {
1113     LLINT_BEGIN();
1114     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1115     int defaultOffset = pc[2].u.operand;
1116     if (!scrutinee.isString())
1117         pc += defaultOffset;
1118     else {
1119         CodeBlock* codeBlock = exec->codeBlock();
1120         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
1121     }
1122     LLINT_END();
1123 }
1124
1125 LLINT_SLOW_PATH_DECL(slow_path_new_func)
1126 {
1127     LLINT_BEGIN();
1128     CodeBlock* codeBlock = exec->codeBlock();
1129     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1130 #if LLINT_SLOW_PATH_TRACING
1131     dataLogF("Creating function!\n");
1132 #endif
1133     LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1134 }
1135
1136 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func)
1137 {
1138     LLINT_BEGIN();
1139     CodeBlock* codeBlock = exec->codeBlock();
1140     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1141 #if LLINT_SLOW_PATH_TRACING
1142     dataLogF("Creating function!\n");
1143 #endif
1144     LLINT_RETURN(JSGeneratorFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1145 }
1146
1147 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1148 {
1149     LLINT_BEGIN();
1150     
1151     CodeBlock* codeBlock = exec->codeBlock();
1152     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1153     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1154     
1155     LLINT_RETURN(JSFunction::create(vm, executable, scope));
1156 }
1157
1158 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func_exp)
1159 {
1160     LLINT_BEGIN();
1161
1162     CodeBlock* codeBlock = exec->codeBlock();
1163     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1164     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1165
1166     LLINT_RETURN(JSGeneratorFunction::create(vm, executable, scope));
1167 }
1168
1169 LLINT_SLOW_PATH_DECL(slow_path_set_function_name)
1170 {
1171     LLINT_BEGIN();
1172     JSFunction* func = jsCast<JSFunction*>(LLINT_OP(1).Register::unboxedCell());
1173     JSValue name = LLINT_OP_C(2).Register::jsValue();
1174     func->setFunctionName(exec, name);
1175     LLINT_END();
1176 }
1177
1178 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1179 {
1180     UNUSED_PARAM(pc);
1181
1182 #if LLINT_SLOW_PATH_TRACING
1183     dataLog("Performing host call.\n");
1184 #endif
1185     
1186     ExecState* exec = execCallee->callerFrame();
1187     VM& vm = exec->vm();
1188
1189     execCallee->setCodeBlock(0);
1190     execCallee->clearReturnPC();
1191
1192     if (kind == CodeForCall) {
1193         CallData callData;
1194         CallType callType = getCallData(callee, callData);
1195     
1196         ASSERT(callType != CallType::JS);
1197     
1198         if (callType == CallType::Host) {
1199             NativeCallFrameTracer tracer(&vm, execCallee);
1200             execCallee->setCallee(asObject(callee));
1201             vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1202             
1203             LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1204         }
1205         
1206 #if LLINT_SLOW_PATH_TRACING
1207         dataLog("Call callee is not a function: ", callee, "\n");
1208 #endif
1209
1210         ASSERT(callType == CallType::None);
1211         LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee));
1212     }
1213
1214     ASSERT(kind == CodeForConstruct);
1215     
1216     ConstructData constructData;
1217     ConstructType constructType = getConstructData(callee, constructData);
1218     
1219     ASSERT(constructType != ConstructType::JS);
1220     
1221     if (constructType == ConstructType::Host) {
1222         NativeCallFrameTracer tracer(&vm, execCallee);
1223         execCallee->setCallee(asObject(callee));
1224         vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1225
1226         LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1227     }
1228     
1229 #if LLINT_SLOW_PATH_TRACING
1230     dataLog("Constructor callee is not a function: ", callee, "\n");
1231 #endif
1232
1233     ASSERT(constructType == ConstructType::None);
1234     LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1235 }
1236
1237 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1238 {
1239     ExecState* exec = execCallee->callerFrame();
1240
1241 #if LLINT_SLOW_PATH_TRACING
1242     dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC());
1243 #endif
1244     
1245     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1246     if (!calleeAsFunctionCell)
1247         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1248     
1249     JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
1250     JSScope* scope = callee->scopeUnchecked();
1251     VM& vm = *scope->vm();
1252     ExecutableBase* executable = callee->executable();
1253
1254     MacroAssemblerCodePtr codePtr;
1255     CodeBlock* codeBlock = 0;
1256     bool isWebAssemblyExecutable = false;
1257 #if ENABLE(WEBASSEMBLY)
1258     isWebAssemblyExecutable = executable->isWebAssemblyExecutable();
1259 #endif
1260
1261     if (executable->isHostFunction()) {
1262         codePtr = executable->entrypointFor(kind, MustCheckArity);
1263     } else if (!isWebAssemblyExecutable) {
1264         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1265
1266         if (!isCall(kind) && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct)
1267             LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1268
1269         CodeBlock** codeBlockSlot = execCallee->addressOfCodeBlock();
1270         JSObject* error = functionExecutable->prepareForExecution<FunctionExecutable>(execCallee, callee, scope, kind, *codeBlockSlot);
1271         if (error)
1272             LLINT_CALL_THROW(exec, error);
1273         codeBlock = *codeBlockSlot;
1274         ASSERT(codeBlock);
1275         ArityCheckMode arity;
1276         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1277             arity = MustCheckArity;
1278         else
1279             arity = ArityCheckNotRequired;
1280         codePtr = functionExecutable->entrypointFor(kind, arity);
1281     } else {
1282 #if ENABLE(WEBASSEMBLY)
1283         WebAssemblyExecutable* webAssemblyExecutable = static_cast<WebAssemblyExecutable*>(executable);
1284         webAssemblyExecutable->prepareForExecution(execCallee);
1285         codeBlock = webAssemblyExecutable->codeBlockForCall();
1286         ASSERT(codeBlock);
1287         ArityCheckMode arity;
1288         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1289             arity = MustCheckArity;
1290         else
1291             arity = ArityCheckNotRequired;
1292         codePtr = webAssemblyExecutable->entrypointFor(kind, arity);
1293 #endif
1294     }
1295     
1296     ASSERT(!!codePtr);
1297     
1298     if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) {
1299         CodeBlock* callerCodeBlock = exec->codeBlock();
1300
1301         ConcurrentJITLocker locker(callerCodeBlock->m_lock);
1302         
1303         if (callLinkInfo->isOnList())
1304             callLinkInfo->remove();
1305         callLinkInfo->callee.set(vm, callerCodeBlock, callee);
1306         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, callee);
1307         callLinkInfo->machineCodeTarget = codePtr;
1308         if (codeBlock)
1309             codeBlock->linkIncomingCall(exec, callLinkInfo);
1310     }
1311
1312     LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
1313 }
1314
1315 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1316 {
1317     // This needs to:
1318     // - Set up a call frame.
1319     // - Figure out what to call and compile it if necessary.
1320     // - If possible, link the call's inline cache.
1321     // - Return a tuple of machine code address to call and the new call frame.
1322     
1323     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1324     
1325     ExecState* execCallee = exec - pc[4].u.operand;
1326     
1327     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1328     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1329     execCallee->setCallerFrame(exec);
1330     
1331     ASSERT(pc[5].u.callLinkInfo);
1332     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[5].u.callLinkInfo);
1333 }
1334
1335 LLINT_SLOW_PATH_DECL(slow_path_call)
1336 {
1337     LLINT_BEGIN_NO_SET_PC();
1338     return genericCall(exec, pc, CodeForCall);
1339 }
1340
1341 LLINT_SLOW_PATH_DECL(slow_path_construct)
1342 {
1343     LLINT_BEGIN_NO_SET_PC();
1344     return genericCall(exec, pc, CodeForConstruct);
1345 }
1346
1347 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs)
1348 {
1349     LLINT_BEGIN();
1350     // This needs to:
1351     // - Set up a call frame while respecting the variable arguments.
1352     
1353     unsigned numUsedStackSlots = -pc[5].u.operand;
1354     unsigned length = sizeFrameForVarargs(exec, vm,
1355         LLINT_OP_C(4).jsValue(), numUsedStackSlots, pc[6].u.operand);
1356     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1357     
1358     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, length + 1);
1359     vm.varargsLength = length;
1360     vm.newCallFrameReturnValue = execCallee;
1361
1362     LLINT_RETURN_CALLEE_FRAME(execCallee);
1363 }
1364
1365 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_forward_arguments)
1366 {
1367     LLINT_BEGIN();
1368     // This needs to:
1369     // - Set up a call frame with the same arguments as the current frame.
1370
1371     unsigned numUsedStackSlots = -pc[5].u.operand;
1372
1373     unsigned arguments = sizeFrameForForwardArguments(exec, vm, numUsedStackSlots);
1374     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1375
1376     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, arguments + 1);
1377
1378     vm.varargsLength = arguments;
1379     vm.newCallFrameReturnValue = execCallee;
1380
1381     LLINT_RETURN_CALLEE_FRAME(execCallee);
1382 }
1383
1384 enum class SetArgumentsWith {
1385     Object,
1386     CurrentArguments
1387 };
1388
1389 inline SlowPathReturnType varargsSetup(ExecState* exec, Instruction* pc, CodeSpecializationKind kind, SetArgumentsWith set)
1390 {
1391     LLINT_BEGIN_NO_SET_PC();
1392     // This needs to:
1393     // - Figure out what to call and compile it if necessary.
1394     // - Return a tuple of machine code address to call and the new call frame.
1395
1396     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1397
1398     ExecState* execCallee = vm.newCallFrameReturnValue;
1399
1400     if (set == SetArgumentsWith::Object) {
1401         setupVarargsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand, vm.varargsLength);
1402         LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1403     } else
1404         setupForwardArgumentsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), vm.varargsLength);
1405
1406     execCallee->setCallerFrame(exec);
1407     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1408     exec->setCurrentVPC(pc);
1409
1410     return setUpCall(execCallee, pc, kind, calleeAsValue);
1411 }
1412
1413 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1414 {
1415     return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::Object);
1416 }
1417
1418 LLINT_SLOW_PATH_DECL(slow_path_tail_call_forward_arguments)
1419 {
1420     return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::CurrentArguments);
1421 }
1422
1423 LLINT_SLOW_PATH_DECL(slow_path_construct_varargs)
1424 {
1425     return varargsSetup(exec, pc, CodeForConstruct, SetArgumentsWith::Object);
1426 }
1427
1428     
1429 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1430 {
1431     LLINT_BEGIN_NO_SET_PC();
1432     JSValue calleeAsValue = LLINT_OP(2).jsValue();
1433     
1434     ExecState* execCallee = exec - pc[4].u.operand;
1435     
1436     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1437     execCallee->setCallerFrame(exec);
1438     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1439     execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
1440     execCallee->setCodeBlock(0);
1441     exec->setCurrentVPC(pc);
1442     
1443     if (!isHostFunction(calleeAsValue, globalFuncEval))
1444         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1445     
1446     vm.hostCallReturnValue = eval(execCallee);
1447     LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1448 }
1449
1450 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1451 {
1452     LLINT_BEGIN();
1453     LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand));
1454 }
1455
1456 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1457 {
1458     LLINT_BEGIN();
1459     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1460 }
1461
1462 LLINT_SLOW_PATH_DECL(slow_path_throw)
1463 {
1464     LLINT_BEGIN();
1465     LLINT_THROW(LLINT_OP_C(1).jsValue());
1466 }
1467
1468 LLINT_SLOW_PATH_DECL(slow_path_throw_static_error)
1469 {
1470     LLINT_BEGIN();
1471     JSValue errorMessageValue = LLINT_OP_C(1).jsValue();
1472     RELEASE_ASSERT(errorMessageValue.isString());
1473     String errorMessage = asString(errorMessageValue)->value(exec);
1474     if (pc[2].u.operand)
1475         LLINT_THROW(createReferenceError(exec, errorMessage));
1476     else
1477         LLINT_THROW(createTypeError(exec, errorMessage));
1478 }
1479
1480 LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)
1481 {
1482     LLINT_BEGIN_NO_SET_PC();
1483     ASSERT(vm.watchdog());
1484     if (UNLIKELY(vm.shouldTriggerTermination(exec)))
1485         LLINT_THROW(createTerminatedExecutionException(&vm));
1486     LLINT_RETURN_TWO(0, exec);
1487 }
1488
1489 LLINT_SLOW_PATH_DECL(slow_path_debug)
1490 {
1491     LLINT_BEGIN();
1492     int debugHookID = pc[1].u.operand;
1493     vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID));
1494     
1495     LLINT_END();
1496 }
1497
1498 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
1499 {
1500     LLINT_BEGIN_NO_SET_PC();
1501     genericUnwind(&vm, exec);
1502     LLINT_END_IMPL();
1503 }
1504
1505 LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
1506 {
1507     LLINT_BEGIN();
1508
1509     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
1510     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
1511     GetPutInfo getPutInfo(pc[4].u.operand);
1512
1513     // ModuleVar is always converted to ClosureVar for get_from_scope.
1514     ASSERT(getPutInfo.resolveType() != ModuleVar);
1515
1516     LLINT_RETURN(scope->getPropertySlot(exec, ident, [&] (bool found, PropertySlot& slot) -> JSValue {
1517         if (!found) {
1518             if (getPutInfo.resolveMode() == ThrowIfNotFound)
1519                 return exec->vm().throwException(exec, createUndefinedVariableError(exec, ident));
1520             return jsUndefined();
1521         }
1522
1523         JSValue result = JSValue();
1524         if (scope->isGlobalLexicalEnvironment()) {
1525             // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1526             result = slot.getValue(exec, ident);
1527             if (result == jsTDZValue())
1528                 return exec->vm().throwException(exec, createTDZError(exec));
1529         }
1530
1531         CommonSlowPaths::tryCacheGetFromScopeGlobal(exec, vm, pc, scope, slot, ident);
1532
1533         if (!result)
1534             return slot.getValue(exec, ident);
1535         return result;
1536     }));
1537 }
1538
1539 LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
1540 {
1541     LLINT_BEGIN();
1542
1543     CodeBlock* codeBlock = exec->codeBlock();
1544     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
1545     JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue());
1546     JSValue value = LLINT_OP_C(3).jsValue();
1547     GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand);
1548     if (getPutInfo.resolveType() == LocalClosureVar) {
1549         JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
1550         environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
1551         
1552         // Have to do this *after* the write, because if this puts the set into IsWatched, then we need
1553         // to have already changed the value of the variable. Otherwise we might watch and constant-fold
1554         // to the Undefined value from before the assignment.
1555         if (WatchpointSet* set = pc[5].u.watchpointSet)
1556             set->touch(vm, "Executed op_put_scope<LocalClosureVar>");
1557         LLINT_END();
1558     }
1559
1560     bool hasProperty = scope->hasProperty(exec, ident);
1561     if (hasProperty
1562         && scope->isGlobalLexicalEnvironment()
1563         && !isInitialization(getPutInfo.initializationMode())) {
1564         // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1565         PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
1566         JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
1567         if (slot.getValue(exec, ident) == jsTDZValue())
1568             LLINT_THROW(createTDZError(exec));
1569     }
1570
1571     if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty)
1572         LLINT_THROW(createUndefinedVariableError(exec, ident));
1573
1574     PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
1575     scope->methodTable()->put(scope, exec, ident, value, slot);
1576     
1577     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, getPutInfo, slot, ident);
1578
1579     LLINT_END();
1580 }
1581
1582 LLINT_SLOW_PATH_DECL(slow_path_check_if_exception_is_uncatchable_and_notify_profiler)
1583 {
1584     LLINT_BEGIN();
1585     RELEASE_ASSERT(!!vm.exception());
1586
1587     if (isTerminatedExecutionException(vm.exception()))
1588         LLINT_RETURN_TWO(pc, bitwise_cast<void*>(static_cast<uintptr_t>(1)));
1589     LLINT_RETURN_TWO(pc, 0);
1590 }
1591
1592 LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_prologue)
1593 {
1594     LLINT_BEGIN();
1595     
1596     JSScope* scope = exec->uncheckedR(pc[1].u.operand).Register::scope();
1597     vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::prologue(exec->callee(), exec, exec->callerFrame(), scope));
1598     
1599     LLINT_END();
1600 }
1601
1602 LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_tail)
1603 {
1604     LLINT_BEGIN();
1605
1606     JSValue thisValue = LLINT_OP(1).jsValue();
1607     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1608     
1609 #if USE(JSVALUE64)
1610     CallSiteIndex callSiteIndex(exec->codeBlock()->bytecodeOffset(pc));
1611 #else
1612     CallSiteIndex callSiteIndex(pc);
1613 #endif
1614     vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::tail(exec, thisValue, scope, exec->codeBlock(), callSiteIndex));
1615     
1616     LLINT_END();
1617 }
1618
1619 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame)
1620 {
1621     ExecState* exec = vm->topCallFrame;
1622     if (!exec)
1623         exec = protoFrame->callee()->globalObject()->globalExec();
1624     throwStackOverflowError(exec);
1625     return encodeResult(0, 0);
1626 }
1627
1628 #if !ENABLE(JIT)
1629 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
1630 {
1631     bool success = vm->ensureStackCapacityFor(newTopOfStack);
1632     return encodeResult(reinterpret_cast<void*>(success), 0);
1633 }
1634 #endif
1635
1636 extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell)
1637 {
1638     VM& vm = exec->vm();
1639     vm.heap.writeBarrier(cell);
1640 }
1641
1642 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash()
1643 {
1644     CRASH();
1645 }
1646
1647 #if ENABLE(LLINT_STATS)
1648
1649 LLINT_SLOW_PATH_DECL(count_opcode)
1650 {
1651     OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode);
1652     Data::opcodeStats(opcodeID).count++;
1653     LLINT_END_IMPL();
1654 }
1655
1656 LLINT_SLOW_PATH_DECL(count_opcode_slow_path)
1657 {
1658     OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode);
1659     Data::opcodeStats(opcodeID).slowPathCount++;
1660     LLINT_END_IMPL();
1661 }
1662
1663 #endif // ENABLE(LLINT_STATS)
1664
1665 } } // namespace JSC::LLInt