Introduce the ThrowScope and force every throw site to instantiate a ThrowScope.
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28
29 #include "ArrayConstructor.h"
30 #include "CallFrame.h"
31 #include "CommonSlowPaths.h"
32 #include "CommonSlowPathsExceptions.h"
33 #include "Error.h"
34 #include "ErrorHandlingScope.h"
35 #include "Exception.h"
36 #include "ExceptionFuzz.h"
37 #include "FunctionWhitelist.h"
38 #include "GetterSetter.h"
39 #include "HostCallReturnValue.h"
40 #include "Interpreter.h"
41 #include "JIT.h"
42 #include "JITExceptions.h"
43 #include "JITWorklist.h"
44 #include "JSLexicalEnvironment.h"
45 #include "JSCInlines.h"
46 #include "JSCJSValue.h"
47 #include "JSGeneratorFunction.h"
48 #include "JSGlobalObjectFunctions.h"
49 #include "JSString.h"
50 #include "JSWithScope.h"
51 #include "LLIntCommon.h"
52 #include "LLIntData.h"
53 #include "LLIntExceptions.h"
54 #include "LowLevelInterpreter.h"
55 #include "ObjectConstructor.h"
56 #include "ObjectPropertyConditionSet.h"
57 #include "ProtoCallFrame.h"
58 #include "ShadowChicken.h"
59 #include "StructureRareDataInlines.h"
60 #include "VMInlines.h"
61 #include <wtf/NeverDestroyed.h>
62 #include <wtf/StringPrintStream.h>
63
64 namespace JSC { namespace LLInt {
65
66 #define LLINT_BEGIN_NO_SET_PC() \
67     VM& vm = exec->vm();      \
68     NativeCallFrameTracer tracer(&vm, exec); \
69     auto throwScope = DECLARE_THROW_SCOPE(vm)
70
71 #ifndef NDEBUG
72 #define LLINT_SET_PC_FOR_STUBS() do { \
73         exec->codeBlock()->bytecodeOffset(pc); \
74         exec->setCurrentVPC(pc); \
75     } while (false)
76 #else
77 #define LLINT_SET_PC_FOR_STUBS() do { \
78         exec->setCurrentVPC(pc); \
79     } while (false)
80 #endif
81
82 #define LLINT_BEGIN()                           \
83     LLINT_BEGIN_NO_SET_PC();                    \
84     LLINT_SET_PC_FOR_STUBS()
85
86 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
87 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
88
89 #define LLINT_RETURN_TWO(first, second) do {       \
90         return encodeResult(first, second);        \
91     } while (false)
92
93 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0)
94
95 #define LLINT_THROW(exceptionToThrow) do {                        \
96         throwException(exec, throwScope, exceptionToThrow);       \
97         pc = returnToThrow(exec);                                 \
98         LLINT_END_IMPL();                                         \
99     } while (false)
100
101 #define LLINT_CHECK_EXCEPTION() do {                    \
102         doExceptionFuzzingIfEnabled(exec, "LLIntSlowPaths", pc);    \
103         if (UNLIKELY(throwScope.exception())) {         \
104             pc = returnToThrow(exec);                   \
105             LLINT_END_IMPL();                           \
106         }                                               \
107     } while (false)
108
109 #define LLINT_END() do {                        \
110         LLINT_CHECK_EXCEPTION();                \
111         LLINT_END_IMPL();                       \
112     } while (false)
113
114 #define LLINT_BRANCH(opcode, condition) do {                      \
115         bool __b_condition = (condition);                         \
116         LLINT_CHECK_EXCEPTION();                                  \
117         if (__b_condition)                                        \
118             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
119         else                                                      \
120             pc += OPCODE_LENGTH(opcode);                          \
121         LLINT_END_IMPL();                                         \
122     } while (false)
123
124 #define LLINT_RETURN(value) do {                \
125         JSValue __r_returnValue = (value);      \
126         LLINT_CHECK_EXCEPTION();                \
127         LLINT_OP(1) = __r_returnValue;          \
128         LLINT_END_IMPL();                       \
129     } while (false)
130
131 #define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \
132         JSValue __r_returnValue = (value);      \
133         LLINT_CHECK_EXCEPTION();                \
134         LLINT_OP(1) = __r_returnValue;          \
135         pc += (pcAdjustment);                   \
136         LLINT_END_IMPL();                       \
137     } while (false)
138
139 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
140         JSValue __rp_returnValue = (value);                     \
141         LLINT_CHECK_EXCEPTION();                                \
142         LLINT_OP(1) = __rp_returnValue;                         \
143         LLINT_PROFILE_VALUE(opcode, __rp_returnValue);          \
144         LLINT_END_IMPL();                                       \
145     } while (false)
146
147 #define LLINT_PROFILE_VALUE(opcode, value) do { \
148         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
149         JSValue::encode(value);                  \
150     } while (false)
151
152 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
153
154 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
155         ExecState* __ct_exec = (exec);                                  \
156         throwException(__ct_exec, throwScope, exceptionToThrow);        \
157         LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
158     } while (false)
159
160 #define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do {               \
161         ExecState* __cce_exec = (exec);                                 \
162         ExecState* __cce_execCallee = (execCallee);                     \
163         doExceptionFuzzingIfEnabled(__cce_exec, "LLIntSlowPaths/call", nullptr); \
164         if (UNLIKELY(throwScope.exception()))                           \
165             LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
166     } while (false)
167
168 #define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
169         ExecState* __cr_exec = (exec);                                  \
170         ExecState* __cr_execCallee = (execCallee);                      \
171         void* __cr_callTarget = (callTarget);                           \
172         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
173         LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
174     } while (false)
175
176 #define LLINT_RETURN_CALLEE_FRAME(execCallee) do {                      \
177         ExecState* __rcf_exec = (execCallee);                           \
178         LLINT_RETURN_TWO(pc, __rcf_exec);                               \
179     } while (false)
180     
181 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
182 {
183     LLINT_BEGIN();
184     dataLogF("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
185             exec->codeBlock(),
186             exec,
187             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
188             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
189             fromWhere,
190             operand,
191             pc[operand].u.operand);
192     LLINT_END();
193 }
194
195 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
196 {
197     JSValue value = LLINT_OP_C(operand).jsValue();
198     union {
199         struct {
200             uint32_t tag;
201             uint32_t payload;
202         } bits;
203         EncodedJSValue asValue;
204     } u;
205     u.asValue = JSValue::encode(value);
206     dataLogF(
207         "%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
208         exec->codeBlock(),
209         exec,
210         static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
211         exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
212         fromWhere,
213         operand,
214         pc[operand].u.operand,
215         u.bits.tag,
216         u.bits.payload,
217         toCString(value).data());
218     LLINT_END_IMPL();
219 }
220
221 LLINT_SLOW_PATH_DECL(trace_prologue)
222 {
223     dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec);
224     LLINT_END_IMPL();
225 }
226
227 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
228 {
229     JSFunction* callee = jsCast<JSFunction*>(exec->callee());
230     FunctionExecutable* executable = callee->jsExecutable();
231     CodeBlock* codeBlock = executable->codeBlockFor(kind);
232     dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeLocals = %u, caller = %p.\n",
233             codeBlock, exec, comment, callee, executable,
234             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeLocals,
235             exec->callerFrame());
236 }
237
238 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
239 {
240     traceFunctionPrologue(exec, "call prologue", CodeForCall);
241     LLINT_END_IMPL();
242 }
243
244 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
245 {
246     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
247     LLINT_END_IMPL();
248 }
249
250 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
251 {
252     traceFunctionPrologue(exec, "call arity check", CodeForCall);
253     LLINT_END_IMPL();
254 }
255
256 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
257 {
258     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
259     LLINT_END_IMPL();
260 }
261
262 LLINT_SLOW_PATH_DECL(trace)
263 {
264     dataLogF("%p / %p: executing bc#%zu, %s, pc = %p\n",
265             exec->codeBlock(),
266             exec,
267             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
268             opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], pc);
269     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
270         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
271         *bitwise_cast<volatile char*>(exec->returnPC().value());
272     }
273     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
274         dataLogF("Will be returning to %p\n", exec->returnPC().value());
275         dataLogF("The new cfr will be %p\n", exec->callerFrame());
276     }
277     LLINT_END_IMPL();
278 }
279
280 LLINT_SLOW_PATH_DECL(special_trace)
281 {
282     dataLogF("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
283             exec->codeBlock(),
284             exec,
285             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
286             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
287             exec->returnPC().value());
288     LLINT_END_IMPL();
289 }
290
291 enum EntryKind { Prologue, ArityCheck };
292
293 #if ENABLE(JIT)
294 static FunctionWhitelist& ensureGlobalJITWhitelist()
295 {
296     static LazyNeverDestroyed<FunctionWhitelist> baselineWhitelist;
297     static std::once_flag initializeWhitelistFlag;
298     std::call_once(initializeWhitelistFlag, [] {
299         const char* functionWhitelistFile = Options::jitWhitelist();
300         baselineWhitelist.construct(functionWhitelistFile);
301     });
302     return baselineWhitelist;
303 }
304
305 inline bool shouldJIT(ExecState* exec, CodeBlock* codeBlock)
306 {
307     if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionCount())
308         || !ensureGlobalJITWhitelist().contains(codeBlock))
309         return false;
310
311     // You can modify this to turn off JITting without rebuilding the world.
312     return exec->vm().canUseJIT();
313 }
314
315 // Returns true if we should try to OSR.
316 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
317 {
318     VM& vm = exec->vm();
319     DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all.
320     
321     codeBlock->updateAllValueProfilePredictions();
322
323     if (!codeBlock->checkIfJITThresholdReached()) {
324         CODEBLOCK_LOG_EVENT(codeBlock, "delayJITCompile", ("threshold not reached, counter = ", codeBlock->llintExecuteCounter()));
325         if (Options::verboseOSR())
326             dataLogF("    JIT threshold should be lifted.\n");
327         return false;
328     }
329     
330     JITWorklist::instance()->poll(vm);
331     
332     switch (codeBlock->jitType()) {
333     case JITCode::BaselineJIT: {
334         if (Options::verboseOSR())
335             dataLogF("    Code was already compiled.\n");
336         codeBlock->jitSoon();
337         return true;
338     }
339     case JITCode::InterpreterThunk: {
340         JITWorklist::instance()->compileLater(codeBlock);
341         return codeBlock->jitType() == JITCode::BaselineJIT;
342     }
343     default:
344         dataLog("Unexpected code block in LLInt: ", *codeBlock, "\n");
345         RELEASE_ASSERT_NOT_REACHED();
346         return false;
347     }
348 }
349
350 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char *name, EntryKind kind)
351 {
352     if (Options::verboseOSR()) {
353         dataLog(
354             *codeBlock, ": Entered ", name, " with executeCounter = ",
355             codeBlock->llintExecuteCounter(), "\n");
356     }
357     
358     if (!shouldJIT(exec, codeBlock)) {
359         codeBlock->dontJITAnytimeSoon();
360         LLINT_RETURN_TWO(0, 0);
361     }
362     if (!jitCompileAndSetHeuristics(codeBlock, exec))
363         LLINT_RETURN_TWO(0, 0);
364     
365     CODEBLOCK_LOG_EVENT(codeBlock, "OSR entry", ("in prologue"));
366     
367     if (kind == Prologue)
368         LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0);
369     ASSERT(kind == ArityCheck);
370     LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(MustCheckArity).executableAddress(), 0);
371 }
372 #else // ENABLE(JIT)
373 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind)
374 {
375     codeBlock->dontJITAnytimeSoon();
376     LLINT_RETURN_TWO(0, exec);
377 }
378 #endif // ENABLE(JIT)
379
380 LLINT_SLOW_PATH_DECL(entry_osr)
381 {
382     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
383 }
384
385 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
386 {
387     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue);
388 }
389
390 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
391 {
392     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue);
393 }
394
395 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
396 {
397     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck);
398 }
399
400 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
401 {
402     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck);
403 }
404
405 LLINT_SLOW_PATH_DECL(loop_osr)
406 {
407     CodeBlock* codeBlock = exec->codeBlock();
408
409 #if ENABLE(JIT)
410     if (Options::verboseOSR()) {
411         dataLog(
412             *codeBlock, ": Entered loop_osr with executeCounter = ",
413             codeBlock->llintExecuteCounter(), "\n");
414     }
415     
416     if (!shouldJIT(exec, codeBlock)) {
417         codeBlock->dontJITAnytimeSoon();
418         LLINT_RETURN_TWO(0, 0);
419     }
420     
421     if (!jitCompileAndSetHeuristics(codeBlock, exec))
422         LLINT_RETURN_TWO(0, 0);
423     
424     CODEBLOCK_LOG_EVENT(codeBlock, "osrEntry", ("at bc#", pc - codeBlock->instructions().begin()));
425
426     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
427     
428     Vector<BytecodeAndMachineOffset> map;
429     codeBlock->jitCodeMap()->decode(map);
430     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
431     ASSERT(mapping);
432     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
433     
434     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
435     ASSERT(jumpTarget);
436     
437     LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame());
438 #else // ENABLE(JIT)
439     UNUSED_PARAM(pc);
440     codeBlock->dontJITAnytimeSoon();
441     LLINT_RETURN_TWO(0, 0);
442 #endif // ENABLE(JIT)
443 }
444
445 LLINT_SLOW_PATH_DECL(replace)
446 {
447     CodeBlock* codeBlock = exec->codeBlock();
448
449 #if ENABLE(JIT)
450     if (Options::verboseOSR()) {
451         dataLog(
452             *codeBlock, ": Entered replace with executeCounter = ",
453             codeBlock->llintExecuteCounter(), "\n");
454     }
455     
456     if (shouldJIT(exec, codeBlock))
457         jitCompileAndSetHeuristics(codeBlock, exec);
458     else
459         codeBlock->dontJITAnytimeSoon();
460     LLINT_END_IMPL();
461 #else // ENABLE(JIT)
462     codeBlock->dontJITAnytimeSoon();
463     LLINT_END_IMPL();
464 #endif // ENABLE(JIT)
465 }
466
467 LLINT_SLOW_PATH_DECL(stack_check)
468 {
469     VM& vm = exec->vm();
470     auto throwScope = DECLARE_THROW_SCOPE(vm);
471
472     VMEntryFrame* vmEntryFrame = vm.topVMEntryFrame;
473     CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
474     if (!callerFrame) {
475         callerFrame = exec;
476         vmEntryFrame = vm.topVMEntryFrame;
477     }
478     NativeCallFrameTracerWithRestore tracer(&vm, vmEntryFrame, callerFrame);
479
480     LLINT_SET_PC_FOR_STUBS();
481
482 #if LLINT_SLOW_PATH_TRACING
483     dataLogF("Checking stack height with exec = %p.\n", exec);
484     dataLogF("CodeBlock = %p.\n", exec->codeBlock());
485     dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeLocals);
486     dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars);
487
488     dataLogF("Current OS stack end is at %p.\n", vm.softStackLimit());
489 #if !ENABLE(JIT)
490     dataLogF("Current C Loop stack end is at %p.\n", vm.cloopStackLimit());
491 #endif
492
493 #endif
494     // If the stack check succeeds and we don't need to throw the error, then
495     // we'll return 0 instead. The prologue will check for a non-zero value
496     // when determining whether to set the callFrame or not.
497
498     // For JIT enabled builds which uses the C stack, the stack is not growable.
499     // Hence, if we get here, then we know a stack overflow is imminent. So, just
500     // throw the StackOverflowError unconditionally.
501 #if !ENABLE(JIT)
502     ASSERT(!vm.interpreter->cloopStack().containsAddress(exec->topOfFrame()));
503     if (LIKELY(vm.ensureStackCapacityFor(exec->topOfFrame())))
504         LLINT_RETURN_TWO(pc, 0);
505 #endif
506
507     ErrorHandlingScope errorScope(vm);
508     throwStackOverflowError(callerFrame, throwScope);
509     pc = returnToThrow(callerFrame);
510     LLINT_RETURN_TWO(pc, exec);
511 }
512
513 LLINT_SLOW_PATH_DECL(slow_path_new_object)
514 {
515     LLINT_BEGIN();
516     LLINT_RETURN(constructEmptyObject(exec, pc[3].u.objectAllocationProfile->structure()));
517 }
518
519 LLINT_SLOW_PATH_DECL(slow_path_new_array)
520 {
521     LLINT_BEGIN();
522     LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
523 }
524
525 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
526 {
527     LLINT_BEGIN();
528     LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
529 }
530
531 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
532 {
533     LLINT_BEGIN();
534     LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
535 }
536
537 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
538 {
539     LLINT_BEGIN();
540     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
541     if (!regExp->isValid())
542         LLINT_THROW(createSyntaxError(exec, regExp->errorMessage()));
543     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
544 }
545
546 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
547 {
548     LLINT_BEGIN();
549     JSValue value = LLINT_OP_C(2).jsValue();
550     JSValue proto = LLINT_OP_C(3).jsValue();
551     LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
552 }
553
554 LLINT_SLOW_PATH_DECL(slow_path_instanceof_custom)
555 {
556     LLINT_BEGIN();
557
558     JSValue value = LLINT_OP_C(2).jsValue();
559     JSValue constructor = LLINT_OP_C(3).jsValue();
560     JSValue hasInstanceValue = LLINT_OP_C(4).jsValue();
561
562     ASSERT(constructor.isObject());
563     ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure()->typeInfo().implementsDefaultHasInstance());
564
565     JSValue result = jsBoolean(constructor.getObject()->hasInstance(exec, value, hasInstanceValue));
566     LLINT_RETURN(result);
567 }
568
569 LLINT_SLOW_PATH_DECL(slow_path_try_get_by_id)
570 {
571     LLINT_BEGIN();
572     CodeBlock* codeBlock = exec->codeBlock();
573     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
574     JSValue baseValue = LLINT_OP_C(2).jsValue();
575     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::VMInquiry);
576
577     baseValue.getPropertySlot(exec, ident, slot);
578     JSValue result = slot.getPureResult();
579
580     LLINT_RETURN_PROFILED(op_try_get_by_id, result);
581 }
582
583 static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc, JSCell* baseCell, PropertySlot& slot, const Identifier& ident)
584 {
585     CodeBlock* codeBlock = exec->codeBlock();
586     Structure* structure = baseCell->structure();
587
588     if (structure->typeInfo().prohibitsPropertyCaching())
589         return;
590     
591     if (structure->needImpurePropertyWatchpoint())
592         return;
593
594     if (structure->isDictionary()) {
595         if (structure->hasBeenFlattenedBefore())
596             return;
597         structure->flattenDictionaryStructure(vm, jsCast<JSObject*>(baseCell));
598     }
599
600     ObjectPropertyConditionSet conditions;
601     if (slot.isUnset())
602         conditions = generateConditionsForPropertyMiss(vm, codeBlock, exec, structure, ident.impl());
603     else
604         conditions = generateConditionsForPrototypePropertyHit(vm, codeBlock, exec, structure, slot.slotBase(), ident.impl());
605
606     if (!conditions.isValid())
607         return;
608
609     PropertyOffset offset = invalidOffset;
610     CodeBlock::StructureWatchpointMap& watchpointMap = codeBlock->llintGetByIdWatchpointMap();
611     auto result = watchpointMap.add(structure, Bag<LLIntPrototypeLoadAdaptiveStructureWatchpoint>());
612     for (ObjectPropertyCondition condition : conditions) {
613         if (!condition.isWatchable())
614             return;
615         if (condition.condition().kind() == PropertyCondition::Presence)
616             offset = condition.condition().offset();
617         result.iterator->value.add(condition, pc)->install();
618     }
619     ASSERT((offset == invalidOffset) == slot.isUnset());
620
621     ConcurrentJITLocker locker(codeBlock->m_lock);
622
623     if (slot.isUnset()) {
624         pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_unset);
625         pc[4].u.structureID = structure->id();
626         return;
627     }
628     ASSERT(slot.isValue());
629
630     pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_proto_load);
631     pc[4].u.structureID = structure->id();
632     pc[5].u.operand = offset;
633     // We know that this pointer will remain valid because it will be cleared by either a watchpoint fire or
634     // during GC when we clear the LLInt caches.
635     pc[6].u.pointer = slot.slotBase();
636 }
637
638
639 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
640 {
641     LLINT_BEGIN();
642     CodeBlock* codeBlock = exec->codeBlock();
643     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
644     JSValue baseValue = LLINT_OP_C(2).jsValue();
645     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::Get);
646
647     JSValue result = baseValue.get(exec, ident, slot);
648     LLINT_CHECK_EXCEPTION();
649     LLINT_OP(1) = result;
650     
651     if (!LLINT_ALWAYS_ACCESS_SLOW
652         && baseValue.isCell()
653         && slot.isCacheable()) {
654
655         JSCell* baseCell = baseValue.asCell();
656         Structure* structure = baseCell->structure();
657         if (slot.isValue() && slot.slotBase() == baseValue) {
658             // Start out by clearing out the old cache.
659             pc[0].u.opcode = LLInt::getOpcode(op_get_by_id);
660             pc[4].u.pointer = nullptr; // old structure
661             pc[5].u.pointer = nullptr; // offset
662
663             // Prevent the prototype cache from ever happening.
664             pc[7].u.operand = 0;
665         
666             if (structure->propertyAccessesAreCacheable()) {
667                 vm.heap.writeBarrier(codeBlock);
668                 
669                 ConcurrentJITLocker locker(codeBlock->m_lock);
670
671                 pc[4].u.structureID = structure->id();
672                 pc[5].u.operand = slot.cachedOffset();
673             }
674         } else if (UNLIKELY(pc[7].u.operand && (slot.isValue() || slot.isUnset()))) {
675             ASSERT(slot.slotBase() != baseValue);
676
677             if (!(--pc[7].u.operand))
678                 setupGetByIdPrototypeCache(exec, vm, pc, baseCell, slot, ident);
679         }
680     } else if (!LLINT_ALWAYS_ACCESS_SLOW
681         && isJSArray(baseValue)
682         && ident == exec->propertyNames().length) {
683         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
684         ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
685         arrayProfile->observeStructure(baseValue.asCell()->structure());
686         pc[4].u.arrayProfile = arrayProfile;
687
688         // Prevent the prototype cache from ever happening.
689         pc[7].u.operand = 0;
690     }
691
692     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
693     LLINT_END();
694 }
695
696 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
697 {
698     LLINT_BEGIN();
699     CodeBlock* codeBlock = exec->codeBlock();
700     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
701     JSValue baseValue = LLINT_OP(2).jsValue();
702     PropertySlot slot(baseValue, PropertySlot::InternalMethodType::Get);
703     LLINT_RETURN(baseValue.get(exec, ident, slot));
704 }
705
706 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
707 {
708     LLINT_BEGIN();
709     CodeBlock* codeBlock = exec->codeBlock();
710     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
711     
712     JSValue baseValue = LLINT_OP_C(1).jsValue();
713     PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext());
714     if (pc[8].u.putByIdFlags & PutByIdIsDirect)
715         asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot);
716     else
717         baseValue.putInline(exec, ident, LLINT_OP_C(3).jsValue(), slot);
718     LLINT_CHECK_EXCEPTION();
719     
720     if (!LLINT_ALWAYS_ACCESS_SLOW
721         && baseValue.isCell()
722         && slot.isCacheablePut()) {
723
724         // Start out by clearing out the old cache.
725         pc[4].u.pointer = nullptr; // old structure
726         pc[5].u.pointer = nullptr; // offset
727         pc[6].u.pointer = nullptr; // new structure
728         pc[7].u.pointer = nullptr; // structure chain
729         pc[8].u.putByIdFlags =
730             static_cast<PutByIdFlags>(pc[8].u.putByIdFlags & PutByIdPersistentFlagsMask);
731         
732         JSCell* baseCell = baseValue.asCell();
733         Structure* structure = baseCell->structure();
734         
735         if (!structure->isUncacheableDictionary()
736             && !structure->typeInfo().prohibitsPropertyCaching()
737             && baseCell == slot.base()) {
738
739             vm.heap.writeBarrier(codeBlock);
740             
741             if (slot.type() == PutPropertySlot::NewProperty) {
742                 GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap);
743             
744                 if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) {
745                     ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
746
747                     if (normalizePrototypeChain(exec, structure) != InvalidPrototypeChain) {
748                         ASSERT(structure->previousID()->isObject());
749                         pc[4].u.structureID = structure->previousID()->id();
750                         pc[5].u.operand = slot.cachedOffset();
751                         pc[6].u.structureID = structure->id();
752                         if (!(pc[8].u.putByIdFlags & PutByIdIsDirect)) {
753                             StructureChain* chain = structure->prototypeChain(exec);
754                             ASSERT(chain);
755                             pc[7].u.structureChain.set(
756                                 vm, codeBlock, chain);
757                         }
758                         pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
759                             pc[8].u.putByIdFlags |
760                             structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
761                     }
762                 }
763             } else {
764                 structure->didCachePropertyReplacement(vm, slot.cachedOffset());
765                 pc[4].u.structureID = structure->id();
766                 pc[5].u.operand = slot.cachedOffset();
767                 pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
768                     pc[8].u.putByIdFlags |
769                     structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
770             }
771         }
772     }
773     
774     LLINT_END();
775 }
776
777 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
778 {
779     LLINT_BEGIN();
780     CodeBlock* codeBlock = exec->codeBlock();
781     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
782     LLINT_CHECK_EXCEPTION();
783     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
784     LLINT_CHECK_EXCEPTION();
785     if (!couldDelete && codeBlock->isStrictMode())
786         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
787     LLINT_RETURN(jsBoolean(couldDelete));
788 }
789
790 static ALWAYS_INLINE JSValue getByVal(VM& vm, ExecState* exec, JSValue baseValue, JSValue subscript)
791 {
792     auto scope = DECLARE_THROW_SCOPE(vm);
793
794     if (LIKELY(baseValue.isCell() && subscript.isString())) {
795         Structure& structure = *baseValue.asCell()->structure(vm);
796         if (JSCell::canUseFastGetOwnProperty(structure)) {
797             if (RefPtr<AtomicStringImpl> existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) {
798                 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get()))
799                     return result;
800             }
801         }
802     }
803     
804     if (subscript.isUInt32()) {
805         uint32_t i = subscript.asUInt32();
806         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
807             return asString(baseValue)->getIndex(exec, i);
808         
809         return baseValue.get(exec, i);
810     }
811
812     baseValue.requireObjectCoercible(exec);
813     if (scope.exception())
814         return jsUndefined();
815     auto property = subscript.toPropertyKey(exec);
816     if (scope.exception())
817         return jsUndefined();
818     return baseValue.get(exec, property);
819 }
820
821 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
822 {
823     LLINT_BEGIN();
824     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(vm, exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
825 }
826
827 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
828 {
829     LLINT_BEGIN();
830     
831     JSValue baseValue = LLINT_OP_C(1).jsValue();
832     JSValue subscript = LLINT_OP_C(2).jsValue();
833     JSValue value = LLINT_OP_C(3).jsValue();
834     bool isStrictMode = exec->codeBlock()->isStrictMode();
835     
836     if (LIKELY(subscript.isUInt32())) {
837         uint32_t i = subscript.asUInt32();
838         if (baseValue.isObject()) {
839             JSObject* object = asObject(baseValue);
840             if (object->canSetIndexQuickly(i))
841                 object->setIndexQuickly(vm, i, value);
842             else
843                 object->methodTable()->putByIndex(object, exec, i, value, isStrictMode);
844             LLINT_END();
845         }
846         baseValue.putByIndex(exec, i, value, isStrictMode);
847         LLINT_END();
848     }
849
850     auto property = subscript.toPropertyKey(exec);
851     LLINT_CHECK_EXCEPTION();
852     PutPropertySlot slot(baseValue, isStrictMode);
853     baseValue.put(exec, property, value, slot);
854     LLINT_END();
855 }
856
857 LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct)
858 {
859     LLINT_BEGIN();
860     
861     JSValue baseValue = LLINT_OP_C(1).jsValue();
862     JSValue subscript = LLINT_OP_C(2).jsValue();
863     JSValue value = LLINT_OP_C(3).jsValue();
864     RELEASE_ASSERT(baseValue.isObject());
865     JSObject* baseObject = asObject(baseValue);
866     bool isStrictMode = exec->codeBlock()->isStrictMode();
867     if (LIKELY(subscript.isUInt32())) {
868         // Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices.
869         ASSERT(isIndex(subscript.asUInt32()));
870         baseObject->putDirectIndex(exec, subscript.asUInt32(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
871         LLINT_END();
872     }
873
874     if (subscript.isDouble()) {
875         double subscriptAsDouble = subscript.asDouble();
876         uint32_t subscriptAsUInt32 = static_cast<uint32_t>(subscriptAsDouble);
877         if (subscriptAsDouble == subscriptAsUInt32 && isIndex(subscriptAsUInt32)) {
878             baseObject->putDirectIndex(exec, subscriptAsUInt32, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
879             LLINT_END();
880         }
881     }
882
883     // Don't put to an object if toString threw an exception.
884     auto property = subscript.toPropertyKey(exec);
885     if (exec->vm().exception())
886         LLINT_END();
887
888     if (Optional<uint32_t> index = parseIndex(property))
889         baseObject->putDirectIndex(exec, index.value(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
890     else {
891         PutPropertySlot slot(baseObject, isStrictMode);
892         baseObject->putDirect(exec->vm(), property, value, slot);
893     }
894     LLINT_END();
895 }
896
897 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
898 {
899     LLINT_BEGIN();
900     JSValue baseValue = LLINT_OP_C(2).jsValue();
901     JSObject* baseObject = baseValue.toObject(exec);
902     LLINT_CHECK_EXCEPTION();
903
904     JSValue subscript = LLINT_OP_C(3).jsValue();
905     
906     bool couldDelete;
907     
908     uint32_t i;
909     if (subscript.getUInt32(i))
910         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
911     else {
912         LLINT_CHECK_EXCEPTION();
913         auto property = subscript.toPropertyKey(exec);
914         LLINT_CHECK_EXCEPTION();
915         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
916     }
917     
918     if (!couldDelete && exec->codeBlock()->isStrictMode())
919         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
920     
921     LLINT_RETURN(jsBoolean(couldDelete));
922 }
923
924 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
925 {
926     LLINT_BEGIN();
927     JSValue arrayValue = LLINT_OP_C(1).jsValue();
928     ASSERT(isJSArray(arrayValue));
929     asArray(arrayValue)->putDirectIndex(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
930     LLINT_END();
931 }
932
933 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_id)
934 {
935     LLINT_BEGIN();
936     ASSERT(LLINT_OP(1).jsValue().isObject());
937     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
938
939     unsigned options = pc[3].u.operand;
940
941     JSValue getter = LLINT_OP(4).jsValue();
942     ASSERT(getter.isObject());
943
944     baseObj->putGetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(getter), options);
945     LLINT_END();
946 }
947
948 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_id)
949 {
950     LLINT_BEGIN();
951     ASSERT(LLINT_OP(1).jsValue().isObject());
952     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
953
954     unsigned options = pc[3].u.operand;
955
956     JSValue setter = LLINT_OP(4).jsValue();
957     ASSERT(setter.isObject());
958
959     baseObj->putSetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(setter), options);
960     LLINT_END();
961 }
962
963 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter_by_id)
964 {
965     LLINT_BEGIN();
966     ASSERT(LLINT_OP(1).jsValue().isObject());
967     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
968     
969     GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject());
970     LLINT_CHECK_EXCEPTION();
971
972     JSValue getter = LLINT_OP(4).jsValue();
973     JSValue setter = LLINT_OP(5).jsValue();
974     ASSERT(getter.isObject() || getter.isUndefined());
975     ASSERT(setter.isObject() || setter.isUndefined());
976     ASSERT(getter.isObject() || setter.isObject());
977     
978     if (!getter.isUndefined())
979         accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter));
980     if (!setter.isUndefined())
981         accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter));
982     baseObj->putDirectAccessor(
983         exec,
984         exec->codeBlock()->identifier(pc[2].u.operand),
985         accessor, pc[3].u.operand);
986     LLINT_END();
987 }
988
989 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_val)
990 {
991     LLINT_BEGIN();
992     ASSERT(LLINT_OP(1).jsValue().isObject());
993     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
994     JSValue subscript = LLINT_OP_C(2).jsValue();
995
996     unsigned options = pc[3].u.operand;
997
998     JSValue getter = LLINT_OP(4).jsValue();
999     ASSERT(getter.isObject());
1000
1001     auto property = subscript.toPropertyKey(exec);
1002     LLINT_CHECK_EXCEPTION();
1003
1004     baseObj->putGetter(exec, property, asObject(getter), options);
1005     LLINT_END();
1006 }
1007
1008 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_val)
1009 {
1010     LLINT_BEGIN();
1011     ASSERT(LLINT_OP(1).jsValue().isObject());
1012     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
1013     JSValue subscript = LLINT_OP_C(2).jsValue();
1014
1015     unsigned options = pc[3].u.operand;
1016
1017     JSValue setter = LLINT_OP(4).jsValue();
1018     ASSERT(setter.isObject());
1019
1020     auto property = subscript.toPropertyKey(exec);
1021     LLINT_CHECK_EXCEPTION();
1022
1023     baseObj->putSetter(exec, property, asObject(setter), options);
1024     LLINT_END();
1025 }
1026
1027 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
1028 {
1029     LLINT_BEGIN();
1030     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
1031 }
1032
1033 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
1034 {
1035     LLINT_BEGIN();
1036     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
1037 }
1038
1039 LLINT_SLOW_PATH_DECL(slow_path_jless)
1040 {
1041     LLINT_BEGIN();
1042     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1043 }
1044
1045 LLINT_SLOW_PATH_DECL(slow_path_jnless)
1046 {
1047     LLINT_BEGIN();
1048     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1049 }
1050
1051 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
1052 {
1053     LLINT_BEGIN();
1054     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1055 }
1056
1057 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
1058 {
1059     LLINT_BEGIN();
1060     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1061 }
1062
1063 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
1064 {
1065     LLINT_BEGIN();
1066     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1067 }
1068
1069 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
1070 {
1071     LLINT_BEGIN();
1072     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
1073 }
1074
1075 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
1076 {
1077     LLINT_BEGIN();
1078     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1079 }
1080
1081 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
1082 {
1083     LLINT_BEGIN();
1084     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
1085 }
1086
1087 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
1088 {
1089     LLINT_BEGIN();
1090     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1091     ASSERT(scrutinee.isDouble());
1092     double value = scrutinee.asDouble();
1093     int32_t intValue = static_cast<int32_t>(value);
1094     int defaultOffset = pc[2].u.operand;
1095     if (value == intValue) {
1096         CodeBlock* codeBlock = exec->codeBlock();
1097         pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
1098     } else
1099         pc += defaultOffset;
1100     LLINT_END();
1101 }
1102
1103 LLINT_SLOW_PATH_DECL(slow_path_switch_char)
1104 {
1105     LLINT_BEGIN();
1106     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1107     ASSERT(scrutinee.isString());
1108     JSString* string = asString(scrutinee);
1109     ASSERT(string->length() == 1);
1110     int defaultOffset = pc[2].u.operand;
1111     StringImpl* impl = string->value(exec).impl();
1112     CodeBlock* codeBlock = exec->codeBlock();
1113     pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
1114     LLINT_END();
1115 }
1116
1117 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
1118 {
1119     LLINT_BEGIN();
1120     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1121     int defaultOffset = pc[2].u.operand;
1122     if (!scrutinee.isString())
1123         pc += defaultOffset;
1124     else {
1125         CodeBlock* codeBlock = exec->codeBlock();
1126         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
1127     }
1128     LLINT_END();
1129 }
1130
1131 LLINT_SLOW_PATH_DECL(slow_path_new_func)
1132 {
1133     LLINT_BEGIN();
1134     CodeBlock* codeBlock = exec->codeBlock();
1135     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1136 #if LLINT_SLOW_PATH_TRACING
1137     dataLogF("Creating function!\n");
1138 #endif
1139     LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1140 }
1141
1142 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func)
1143 {
1144     LLINT_BEGIN();
1145     CodeBlock* codeBlock = exec->codeBlock();
1146     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1147 #if LLINT_SLOW_PATH_TRACING
1148     dataLogF("Creating function!\n");
1149 #endif
1150     LLINT_RETURN(JSGeneratorFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1151 }
1152
1153 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1154 {
1155     LLINT_BEGIN();
1156     
1157     CodeBlock* codeBlock = exec->codeBlock();
1158     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1159     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1160     
1161     LLINT_RETURN(JSFunction::create(vm, executable, scope));
1162 }
1163
1164 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func_exp)
1165 {
1166     LLINT_BEGIN();
1167
1168     CodeBlock* codeBlock = exec->codeBlock();
1169     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1170     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1171
1172     LLINT_RETURN(JSGeneratorFunction::create(vm, executable, scope));
1173 }
1174
1175 LLINT_SLOW_PATH_DECL(slow_path_set_function_name)
1176 {
1177     LLINT_BEGIN();
1178     JSFunction* func = jsCast<JSFunction*>(LLINT_OP(1).Register::unboxedCell());
1179     JSValue name = LLINT_OP_C(2).Register::jsValue();
1180     func->setFunctionName(exec, name);
1181     LLINT_END();
1182 }
1183
1184 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1185 {
1186     UNUSED_PARAM(pc);
1187
1188 #if LLINT_SLOW_PATH_TRACING
1189     dataLog("Performing host call.\n");
1190 #endif
1191     
1192     ExecState* exec = execCallee->callerFrame();
1193     VM& vm = exec->vm();
1194     auto throwScope = DECLARE_THROW_SCOPE(vm);
1195
1196     execCallee->setCodeBlock(0);
1197     execCallee->clearReturnPC();
1198
1199     if (kind == CodeForCall) {
1200         CallData callData;
1201         CallType callType = getCallData(callee, callData);
1202     
1203         ASSERT(callType != CallType::JS);
1204     
1205         if (callType == CallType::Host) {
1206             NativeCallFrameTracer tracer(&vm, execCallee);
1207             execCallee->setCallee(asObject(callee));
1208             vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1209             
1210             LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1211         }
1212         
1213 #if LLINT_SLOW_PATH_TRACING
1214         dataLog("Call callee is not a function: ", callee, "\n");
1215 #endif
1216
1217         ASSERT(callType == CallType::None);
1218         LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee));
1219     }
1220
1221     ASSERT(kind == CodeForConstruct);
1222     
1223     ConstructData constructData;
1224     ConstructType constructType = getConstructData(callee, constructData);
1225     
1226     ASSERT(constructType != ConstructType::JS);
1227     
1228     if (constructType == ConstructType::Host) {
1229         NativeCallFrameTracer tracer(&vm, execCallee);
1230         execCallee->setCallee(asObject(callee));
1231         vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1232
1233         LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1234     }
1235     
1236 #if LLINT_SLOW_PATH_TRACING
1237     dataLog("Constructor callee is not a function: ", callee, "\n");
1238 #endif
1239
1240     ASSERT(constructType == ConstructType::None);
1241     LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1242 }
1243
1244 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1245 {
1246     ExecState* exec = execCallee->callerFrame();
1247     VM& vm = exec->vm();
1248     auto throwScope = DECLARE_THROW_SCOPE(vm);
1249
1250 #if LLINT_SLOW_PATH_TRACING
1251     dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC());
1252 #endif
1253     
1254     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1255     if (!calleeAsFunctionCell) {
1256         throwScope.release();
1257         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1258     }
1259     JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
1260     JSScope* scope = callee->scopeUnchecked();
1261     ExecutableBase* executable = callee->executable();
1262
1263     MacroAssemblerCodePtr codePtr;
1264     CodeBlock* codeBlock = 0;
1265     bool isWebAssemblyExecutable = false;
1266 #if ENABLE(WEBASSEMBLY)
1267     isWebAssemblyExecutable = executable->isWebAssemblyExecutable();
1268 #endif
1269
1270     if (executable->isHostFunction()) {
1271         codePtr = executable->entrypointFor(kind, MustCheckArity);
1272     } else if (!isWebAssemblyExecutable) {
1273         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1274
1275         if (!isCall(kind) && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct)
1276             LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1277
1278         CodeBlock** codeBlockSlot = execCallee->addressOfCodeBlock();
1279         JSObject* error = functionExecutable->prepareForExecution<FunctionExecutable>(execCallee, callee, scope, kind, *codeBlockSlot);
1280         if (error)
1281             LLINT_CALL_THROW(exec, error);
1282         codeBlock = *codeBlockSlot;
1283         ASSERT(codeBlock);
1284         ArityCheckMode arity;
1285         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1286             arity = MustCheckArity;
1287         else
1288             arity = ArityCheckNotRequired;
1289         codePtr = functionExecutable->entrypointFor(kind, arity);
1290     } else {
1291 #if ENABLE(WEBASSEMBLY)
1292         WebAssemblyExecutable* webAssemblyExecutable = static_cast<WebAssemblyExecutable*>(executable);
1293         codeBlock = webAssemblyExecutable->codeBlockForCall();
1294         ASSERT(codeBlock);
1295         ArityCheckMode arity;
1296         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1297             arity = MustCheckArity;
1298         else
1299             arity = ArityCheckNotRequired;
1300         codePtr = webAssemblyExecutable->entrypointFor(kind, arity);
1301 #endif
1302     }
1303     
1304     ASSERT(!!codePtr);
1305     
1306     if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) {
1307         CodeBlock* callerCodeBlock = exec->codeBlock();
1308
1309         ConcurrentJITLocker locker(callerCodeBlock->m_lock);
1310         
1311         if (callLinkInfo->isOnList())
1312             callLinkInfo->remove();
1313         callLinkInfo->callee.set(vm, callerCodeBlock, callee);
1314         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, callee);
1315         callLinkInfo->machineCodeTarget = codePtr;
1316         if (codeBlock)
1317             codeBlock->linkIncomingCall(exec, callLinkInfo);
1318     }
1319
1320     LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
1321 }
1322
1323 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1324 {
1325     // This needs to:
1326     // - Set up a call frame.
1327     // - Figure out what to call and compile it if necessary.
1328     // - If possible, link the call's inline cache.
1329     // - Return a tuple of machine code address to call and the new call frame.
1330     
1331     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1332     
1333     ExecState* execCallee = exec - pc[4].u.operand;
1334     
1335     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1336     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1337     execCallee->setCallerFrame(exec);
1338     
1339     ASSERT(pc[5].u.callLinkInfo);
1340     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[5].u.callLinkInfo);
1341 }
1342
1343 LLINT_SLOW_PATH_DECL(slow_path_call)
1344 {
1345     LLINT_BEGIN_NO_SET_PC();
1346     throwScope.release();
1347     return genericCall(exec, pc, CodeForCall);
1348 }
1349
1350 LLINT_SLOW_PATH_DECL(slow_path_construct)
1351 {
1352     LLINT_BEGIN_NO_SET_PC();
1353     throwScope.release();
1354     return genericCall(exec, pc, CodeForConstruct);
1355 }
1356
1357 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs)
1358 {
1359     LLINT_BEGIN();
1360     // This needs to:
1361     // - Set up a call frame while respecting the variable arguments.
1362     
1363     unsigned numUsedStackSlots = -pc[5].u.operand;
1364     unsigned length = sizeFrameForVarargs(exec, vm,
1365         LLINT_OP_C(4).jsValue(), numUsedStackSlots, pc[6].u.operand);
1366     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1367     
1368     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, length + 1);
1369     vm.varargsLength = length;
1370     vm.newCallFrameReturnValue = execCallee;
1371
1372     LLINT_RETURN_CALLEE_FRAME(execCallee);
1373 }
1374
1375 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_forward_arguments)
1376 {
1377     LLINT_BEGIN();
1378     // This needs to:
1379     // - Set up a call frame with the same arguments as the current frame.
1380
1381     unsigned numUsedStackSlots = -pc[5].u.operand;
1382
1383     unsigned arguments = sizeFrameForForwardArguments(exec, vm, numUsedStackSlots);
1384     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1385
1386     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, arguments + 1);
1387
1388     vm.varargsLength = arguments;
1389     vm.newCallFrameReturnValue = execCallee;
1390
1391     LLINT_RETURN_CALLEE_FRAME(execCallee);
1392 }
1393
1394 enum class SetArgumentsWith {
1395     Object,
1396     CurrentArguments
1397 };
1398
1399 inline SlowPathReturnType varargsSetup(ExecState* exec, Instruction* pc, CodeSpecializationKind kind, SetArgumentsWith set)
1400 {
1401     LLINT_BEGIN_NO_SET_PC();
1402     // This needs to:
1403     // - Figure out what to call and compile it if necessary.
1404     // - Return a tuple of machine code address to call and the new call frame.
1405
1406     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1407
1408     ExecState* execCallee = vm.newCallFrameReturnValue;
1409
1410     if (set == SetArgumentsWith::Object) {
1411         setupVarargsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand, vm.varargsLength);
1412         LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1413     } else
1414         setupForwardArgumentsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), vm.varargsLength);
1415
1416     execCallee->setCallerFrame(exec);
1417     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1418     exec->setCurrentVPC(pc);
1419
1420     return setUpCall(execCallee, pc, kind, calleeAsValue);
1421 }
1422
1423 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1424 {
1425     return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::Object);
1426 }
1427
1428 LLINT_SLOW_PATH_DECL(slow_path_tail_call_forward_arguments)
1429 {
1430     return varargsSetup(exec, pc, CodeForCall, SetArgumentsWith::CurrentArguments);
1431 }
1432
1433 LLINT_SLOW_PATH_DECL(slow_path_construct_varargs)
1434 {
1435     return varargsSetup(exec, pc, CodeForConstruct, SetArgumentsWith::Object);
1436 }
1437
1438     
1439 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1440 {
1441     LLINT_BEGIN_NO_SET_PC();
1442     JSValue calleeAsValue = LLINT_OP(2).jsValue();
1443     
1444     ExecState* execCallee = exec - pc[4].u.operand;
1445     
1446     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1447     execCallee->setCallerFrame(exec);
1448     execCallee->uncheckedR(CallFrameSlot::callee) = calleeAsValue;
1449     execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
1450     execCallee->setCodeBlock(0);
1451     exec->setCurrentVPC(pc);
1452     
1453     if (!isHostFunction(calleeAsValue, globalFuncEval))
1454         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1455     
1456     vm.hostCallReturnValue = eval(execCallee);
1457     LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1458 }
1459
1460 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1461 {
1462     LLINT_BEGIN();
1463     LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand));
1464 }
1465
1466 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1467 {
1468     LLINT_BEGIN();
1469     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1470 }
1471
1472 LLINT_SLOW_PATH_DECL(slow_path_throw)
1473 {
1474     LLINT_BEGIN();
1475     LLINT_THROW(LLINT_OP_C(1).jsValue());
1476 }
1477
1478 LLINT_SLOW_PATH_DECL(slow_path_throw_static_error)
1479 {
1480     LLINT_BEGIN();
1481     JSValue errorMessageValue = LLINT_OP_C(1).jsValue();
1482     RELEASE_ASSERT(errorMessageValue.isString());
1483     String errorMessage = asString(errorMessageValue)->value(exec);
1484     if (pc[2].u.operand)
1485         LLINT_THROW(createReferenceError(exec, errorMessage));
1486     else
1487         LLINT_THROW(createTypeError(exec, errorMessage));
1488 }
1489
1490 LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)
1491 {
1492     LLINT_BEGIN_NO_SET_PC();
1493     ASSERT(vm.watchdog());
1494     if (UNLIKELY(vm.shouldTriggerTermination(exec)))
1495         LLINT_THROW(createTerminatedExecutionException(&vm));
1496     LLINT_RETURN_TWO(0, exec);
1497 }
1498
1499 LLINT_SLOW_PATH_DECL(slow_path_debug)
1500 {
1501     LLINT_BEGIN();
1502     int debugHookID = pc[1].u.operand;
1503     vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID));
1504     
1505     LLINT_END();
1506 }
1507
1508 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
1509 {
1510     LLINT_BEGIN_NO_SET_PC();
1511     UNUSED_PARAM(throwScope);
1512     genericUnwind(&vm, exec);
1513     LLINT_END_IMPL();
1514 }
1515
1516 LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
1517 {
1518     LLINT_BEGIN();
1519     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
1520     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
1521     GetPutInfo getPutInfo(pc[4].u.operand);
1522
1523     // ModuleVar is always converted to ClosureVar for get_from_scope.
1524     ASSERT(getPutInfo.resolveType() != ModuleVar);
1525
1526     LLINT_RETURN(scope->getPropertySlot(exec, ident, [&] (bool found, PropertySlot& slot) -> JSValue {
1527         if (!found) {
1528             if (getPutInfo.resolveMode() == ThrowIfNotFound)
1529                 return throwException(exec, throwScope, createUndefinedVariableError(exec, ident));
1530             return jsUndefined();
1531         }
1532
1533         JSValue result = JSValue();
1534         if (scope->isGlobalLexicalEnvironment()) {
1535             // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1536             result = slot.getValue(exec, ident);
1537             if (result == jsTDZValue())
1538                 return throwException(exec, throwScope, createTDZError(exec));
1539         }
1540
1541         CommonSlowPaths::tryCacheGetFromScopeGlobal(exec, vm, pc, scope, slot, ident);
1542
1543         if (!result)
1544             return slot.getValue(exec, ident);
1545         return result;
1546     }));
1547 }
1548
1549 LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
1550 {
1551     LLINT_BEGIN();
1552
1553     CodeBlock* codeBlock = exec->codeBlock();
1554     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
1555     JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue());
1556     JSValue value = LLINT_OP_C(3).jsValue();
1557     GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand);
1558     if (getPutInfo.resolveType() == LocalClosureVar) {
1559         JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
1560         environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
1561         
1562         // Have to do this *after* the write, because if this puts the set into IsWatched, then we need
1563         // to have already changed the value of the variable. Otherwise we might watch and constant-fold
1564         // to the Undefined value from before the assignment.
1565         if (WatchpointSet* set = pc[5].u.watchpointSet)
1566             set->touch(vm, "Executed op_put_scope<LocalClosureVar>");
1567         LLINT_END();
1568     }
1569
1570     bool hasProperty = scope->hasProperty(exec, ident);
1571     if (hasProperty
1572         && scope->isGlobalLexicalEnvironment()
1573         && !isInitialization(getPutInfo.initializationMode())) {
1574         // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1575         PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
1576         JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
1577         if (slot.getValue(exec, ident) == jsTDZValue())
1578             LLINT_THROW(createTDZError(exec));
1579     }
1580
1581     if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty)
1582         LLINT_THROW(createUndefinedVariableError(exec, ident));
1583
1584     PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
1585     scope->methodTable()->put(scope, exec, ident, value, slot);
1586     
1587     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, getPutInfo, slot, ident);
1588
1589     LLINT_END();
1590 }
1591
1592 LLINT_SLOW_PATH_DECL(slow_path_check_if_exception_is_uncatchable_and_notify_profiler)
1593 {
1594     LLINT_BEGIN();
1595     RELEASE_ASSERT(!!throwScope.exception());
1596
1597     if (isTerminatedExecutionException(throwScope.exception()))
1598         LLINT_RETURN_TWO(pc, bitwise_cast<void*>(static_cast<uintptr_t>(1)));
1599     LLINT_RETURN_TWO(pc, 0);
1600 }
1601
1602 LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_prologue)
1603 {
1604     LLINT_BEGIN();
1605     
1606     JSScope* scope = exec->uncheckedR(pc[1].u.operand).Register::scope();
1607     vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::prologue(exec->callee(), exec, exec->callerFrame(), scope));
1608     
1609     LLINT_END();
1610 }
1611
1612 LLINT_SLOW_PATH_DECL(slow_path_log_shadow_chicken_tail)
1613 {
1614     LLINT_BEGIN();
1615
1616     JSValue thisValue = LLINT_OP(1).jsValue();
1617     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1618     
1619 #if USE(JSVALUE64)
1620     CallSiteIndex callSiteIndex(exec->codeBlock()->bytecodeOffset(pc));
1621 #else
1622     CallSiteIndex callSiteIndex(pc);
1623 #endif
1624     vm.shadowChicken().log(vm, exec, ShadowChicken::Packet::tail(exec, thisValue, scope, exec->codeBlock(), callSiteIndex));
1625     
1626     LLINT_END();
1627 }
1628
1629 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame)
1630 {
1631     ExecState* exec = vm->topCallFrame;
1632     auto scope = DECLARE_THROW_SCOPE(*vm);
1633
1634     if (!exec)
1635         exec = protoFrame->callee()->globalObject()->globalExec();
1636     throwStackOverflowError(exec, scope);
1637     return encodeResult(0, 0);
1638 }
1639
1640 #if !ENABLE(JIT)
1641 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
1642 {
1643     bool success = vm->ensureStackCapacityFor(newTopOfStack);
1644     return encodeResult(reinterpret_cast<void*>(success), 0);
1645 }
1646 #endif
1647
1648 extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell)
1649 {
1650     VM& vm = exec->vm();
1651     vm.heap.writeBarrier(cell);
1652 }
1653
1654 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash()
1655 {
1656     CRASH();
1657 }
1658
1659 #if ENABLE(LLINT_STATS)
1660
1661 LLINT_SLOW_PATH_DECL(count_opcode)
1662 {
1663     OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode);
1664     Data::opcodeStats(opcodeID).count++;
1665     LLINT_END_IMPL();
1666 }
1667
1668 LLINT_SLOW_PATH_DECL(count_opcode_slow_path)
1669 {
1670     OpcodeID opcodeID = exec->vm().interpreter->getOpcodeID(pc[0].u.opcode);
1671     Data::opcodeStats(opcodeID).slowPathCount++;
1672     LLINT_END_IMPL();
1673 }
1674
1675 #endif // ENABLE(LLINT_STATS)
1676
1677 } } // namespace JSC::LLInt