Add support for setting Function.name from computed properties.
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28
29 #include "ArrayConstructor.h"
30 #include "CallFrame.h"
31 #include "CommonSlowPaths.h"
32 #include "CommonSlowPathsExceptions.h"
33 #include "Error.h"
34 #include "ErrorHandlingScope.h"
35 #include "Exception.h"
36 #include "ExceptionFuzz.h"
37 #include "GetterSetter.h"
38 #include "HostCallReturnValue.h"
39 #include "Interpreter.h"
40 #include "JIT.h"
41 #include "JITExceptions.h"
42 #include "JSLexicalEnvironment.h"
43 #include "JSCInlines.h"
44 #include "JSCJSValue.h"
45 #include "JSGeneratorFunction.h"
46 #include "JSGlobalObjectFunctions.h"
47 #include "JSStackInlines.h"
48 #include "JSString.h"
49 #include "JSWithScope.h"
50 #include "LLIntCommon.h"
51 #include "LLIntExceptions.h"
52 #include "LegacyProfiler.h"
53 #include "LowLevelInterpreter.h"
54 #include "ObjectConstructor.h"
55 #include "ProtoCallFrame.h"
56 #include "StructureRareDataInlines.h"
57 #include "VMInlines.h"
58 #include <wtf/StringPrintStream.h>
59
60 namespace JSC { namespace LLInt {
61
62 #define LLINT_BEGIN_NO_SET_PC() \
63     VM& vm = exec->vm();      \
64     NativeCallFrameTracer tracer(&vm, exec)
65
66 #ifndef NDEBUG
67 #define LLINT_SET_PC_FOR_STUBS() do { \
68         exec->codeBlock()->bytecodeOffset(pc); \
69         exec->setCurrentVPC(pc + 1); \
70     } while (false)
71 #else
72 #define LLINT_SET_PC_FOR_STUBS() do { \
73         exec->setCurrentVPC(pc + 1); \
74     } while (false)
75 #endif
76
77 #define LLINT_BEGIN()                           \
78     LLINT_BEGIN_NO_SET_PC();                    \
79     LLINT_SET_PC_FOR_STUBS()
80
81 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
82 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
83
84 #define LLINT_RETURN_TWO(first, second) do {       \
85         return encodeResult(first, second);        \
86     } while (false)
87
88 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0)
89
90 #define LLINT_THROW(exceptionToThrow) do {                        \
91         vm.throwException(exec, exceptionToThrow);                \
92         pc = returnToThrow(exec);                                 \
93         LLINT_END_IMPL();                                         \
94     } while (false)
95
96 #define LLINT_CHECK_EXCEPTION() do {                    \
97         doExceptionFuzzingIfEnabled(exec, "LLIntSlowPaths", pc);    \
98         if (UNLIKELY(vm.exception())) {                 \
99             pc = returnToThrow(exec);                   \
100             LLINT_END_IMPL();                           \
101         }                                               \
102     } while (false)
103
104 #define LLINT_END() do {                        \
105         LLINT_CHECK_EXCEPTION();                \
106         LLINT_END_IMPL();                       \
107     } while (false)
108
109 #define LLINT_BRANCH(opcode, condition) do {                      \
110         bool __b_condition = (condition);                         \
111         LLINT_CHECK_EXCEPTION();                                  \
112         if (__b_condition)                                        \
113             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
114         else                                                      \
115             pc += OPCODE_LENGTH(opcode);                          \
116         LLINT_END_IMPL();                                         \
117     } while (false)
118
119 #define LLINT_RETURN(value) do {                \
120         JSValue __r_returnValue = (value);      \
121         LLINT_CHECK_EXCEPTION();                \
122         LLINT_OP(1) = __r_returnValue;          \
123         LLINT_END_IMPL();                       \
124     } while (false)
125
126 #define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \
127         JSValue __r_returnValue = (value);      \
128         LLINT_CHECK_EXCEPTION();                \
129         LLINT_OP(1) = __r_returnValue;          \
130         pc += (pcAdjustment);                   \
131         LLINT_END_IMPL();                       \
132     } while (false)
133
134 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
135         JSValue __rp_returnValue = (value);                     \
136         LLINT_CHECK_EXCEPTION();                                \
137         LLINT_OP(1) = __rp_returnValue;                         \
138         LLINT_PROFILE_VALUE(opcode, __rp_returnValue);          \
139         LLINT_END_IMPL();                                       \
140     } while (false)
141
142 #define LLINT_PROFILE_VALUE(opcode, value) do { \
143         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
144         JSValue::encode(value);                  \
145     } while (false)
146
147 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
148
149 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
150         ExecState* __ct_exec = (exec);                                  \
151         vm.throwException(__ct_exec, exceptionToThrow);                 \
152         LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
153     } while (false)
154
155 #define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do {               \
156         ExecState* __cce_exec = (exec);                                 \
157         ExecState* __cce_execCallee = (execCallee);                     \
158         doExceptionFuzzingIfEnabled(__cce_exec, "LLIntSlowPaths/call", nullptr); \
159         if (UNLIKELY(vm.exception()))                                   \
160             LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
161     } while (false)
162
163 #define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
164         ExecState* __cr_exec = (exec);                                  \
165         ExecState* __cr_execCallee = (execCallee);                      \
166         void* __cr_callTarget = (callTarget);                           \
167         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
168         LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
169     } while (false)
170
171 #define LLINT_RETURN_CALLEE_FRAME(execCallee) do {                      \
172         ExecState* __rcf_exec = (execCallee);                           \
173         LLINT_RETURN_TWO(pc, __rcf_exec);                               \
174     } while (false)
175     
176 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
177 {
178     LLINT_BEGIN();
179     dataLogF("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
180             exec->codeBlock(),
181             exec,
182             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
183             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
184             fromWhere,
185             operand,
186             pc[operand].u.operand);
187     LLINT_END();
188 }
189
190 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
191 {
192     JSValue value = LLINT_OP_C(operand).jsValue();
193     union {
194         struct {
195             uint32_t tag;
196             uint32_t payload;
197         } bits;
198         EncodedJSValue asValue;
199     } u;
200     u.asValue = JSValue::encode(value);
201     dataLogF(
202         "%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
203         exec->codeBlock(),
204         exec,
205         static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
206         exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
207         fromWhere,
208         operand,
209         pc[operand].u.operand,
210         u.bits.tag,
211         u.bits.payload,
212         toCString(value).data());
213     LLINT_END_IMPL();
214 }
215
216 LLINT_SLOW_PATH_DECL(trace_prologue)
217 {
218     dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec);
219     LLINT_END_IMPL();
220 }
221
222 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
223 {
224     JSFunction* callee = jsCast<JSFunction*>(exec->callee());
225     FunctionExecutable* executable = callee->jsExecutable();
226     CodeBlock* codeBlock = executable->codeBlockFor(kind);
227     dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeLocals = %u, caller = %p.\n",
228             codeBlock, exec, comment, callee, executable,
229             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeLocals,
230             exec->callerFrame());
231 }
232
233 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
234 {
235     traceFunctionPrologue(exec, "call prologue", CodeForCall);
236     LLINT_END_IMPL();
237 }
238
239 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
240 {
241     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
242     LLINT_END_IMPL();
243 }
244
245 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
246 {
247     traceFunctionPrologue(exec, "call arity check", CodeForCall);
248     LLINT_END_IMPL();
249 }
250
251 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
252 {
253     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
254     LLINT_END_IMPL();
255 }
256
257 LLINT_SLOW_PATH_DECL(trace)
258 {
259     dataLogF("%p / %p: executing bc#%zu, %s, pc = %p\n",
260             exec->codeBlock(),
261             exec,
262             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
263             opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], pc);
264     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
265         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
266         *bitwise_cast<volatile char*>(exec->returnPC().value());
267     }
268     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
269         dataLogF("Will be returning to %p\n", exec->returnPC().value());
270         dataLogF("The new cfr will be %p\n", exec->callerFrame());
271     }
272     LLINT_END_IMPL();
273 }
274
275 LLINT_SLOW_PATH_DECL(special_trace)
276 {
277     dataLogF("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
278             exec->codeBlock(),
279             exec,
280             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
281             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
282             exec->returnPC().value());
283     LLINT_END_IMPL();
284 }
285
286 enum EntryKind { Prologue, ArityCheck };
287
288 #if ENABLE(JIT)
289 inline bool shouldJIT(ExecState* exec, CodeBlock*)
290 {
291     // You can modify this to turn off JITting without rebuilding the world.
292     return exec->vm().canUseJIT();
293 }
294
295 // Returns true if we should try to OSR.
296 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
297 {
298     VM& vm = exec->vm();
299     DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all.
300     
301     codeBlock->updateAllValueProfilePredictions();
302
303     if (!codeBlock->checkIfJITThresholdReached()) {
304         if (Options::verboseOSR())
305             dataLogF("    JIT threshold should be lifted.\n");
306         return false;
307     }
308     
309     switch (codeBlock->jitType()) {
310     case JITCode::BaselineJIT: {
311         if (Options::verboseOSR())
312             dataLogF("    Code was already compiled.\n");
313         codeBlock->jitSoon();
314         return true;
315     }
316     case JITCode::InterpreterThunk: {
317         CompilationResult result = JIT::compile(&vm, codeBlock, JITCompilationCanFail);
318         switch (result) {
319         case CompilationFailed:
320             if (Options::verboseOSR())
321                 dataLogF("    JIT compilation failed.\n");
322             codeBlock->dontJITAnytimeSoon();
323             return false;
324         case CompilationSuccessful:
325             if (Options::verboseOSR())
326                 dataLogF("    JIT compilation successful.\n");
327             codeBlock->ownerScriptExecutable()->installCode(codeBlock);
328             codeBlock->jitSoon();
329             return true;
330         default:
331             RELEASE_ASSERT_NOT_REACHED();
332             return false;
333         }
334     }
335     default:
336         dataLog("Unexpected code block in LLInt: ", *codeBlock, "\n");
337         RELEASE_ASSERT_NOT_REACHED();
338         return false;
339     }
340 }
341
342 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char *name, EntryKind kind)
343 {
344     if (Options::verboseOSR()) {
345         dataLog(
346             *codeBlock, ": Entered ", name, " with executeCounter = ",
347             codeBlock->llintExecuteCounter(), "\n");
348     }
349     
350     if (!shouldJIT(exec, codeBlock)) {
351         codeBlock->dontJITAnytimeSoon();
352         LLINT_RETURN_TWO(0, 0);
353     }
354     if (!jitCompileAndSetHeuristics(codeBlock, exec))
355         LLINT_RETURN_TWO(0, 0);
356     
357     if (kind == Prologue)
358         LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0);
359     ASSERT(kind == ArityCheck);
360     LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(MustCheckArity).executableAddress(), 0);
361 }
362 #else // ENABLE(JIT)
363 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind)
364 {
365     codeBlock->dontJITAnytimeSoon();
366     LLINT_RETURN_TWO(0, exec);
367 }
368 #endif // ENABLE(JIT)
369
370 LLINT_SLOW_PATH_DECL(entry_osr)
371 {
372     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
373 }
374
375 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
376 {
377     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue);
378 }
379
380 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
381 {
382     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue);
383 }
384
385 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
386 {
387     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck);
388 }
389
390 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
391 {
392     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck);
393 }
394
395 LLINT_SLOW_PATH_DECL(loop_osr)
396 {
397     CodeBlock* codeBlock = exec->codeBlock();
398
399 #if ENABLE(JIT)
400     if (Options::verboseOSR()) {
401         dataLog(
402             *codeBlock, ": Entered loop_osr with executeCounter = ",
403             codeBlock->llintExecuteCounter(), "\n");
404     }
405     
406     if (!shouldJIT(exec, codeBlock)) {
407         codeBlock->dontJITAnytimeSoon();
408         LLINT_RETURN_TWO(0, 0);
409     }
410     
411     if (!jitCompileAndSetHeuristics(codeBlock, exec))
412         LLINT_RETURN_TWO(0, 0);
413     
414     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
415     
416     Vector<BytecodeAndMachineOffset> map;
417     codeBlock->jitCodeMap()->decode(map);
418     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
419     ASSERT(mapping);
420     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
421     
422     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
423     ASSERT(jumpTarget);
424     
425     LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame());
426 #else // ENABLE(JIT)
427     UNUSED_PARAM(pc);
428     codeBlock->dontJITAnytimeSoon();
429     LLINT_RETURN_TWO(0, 0);
430 #endif // ENABLE(JIT)
431 }
432
433 LLINT_SLOW_PATH_DECL(replace)
434 {
435     CodeBlock* codeBlock = exec->codeBlock();
436
437 #if ENABLE(JIT)
438     if (Options::verboseOSR()) {
439         dataLog(
440             *codeBlock, ": Entered replace with executeCounter = ",
441             codeBlock->llintExecuteCounter(), "\n");
442     }
443     
444     if (shouldJIT(exec, codeBlock))
445         jitCompileAndSetHeuristics(codeBlock, exec);
446     else
447         codeBlock->dontJITAnytimeSoon();
448     LLINT_END_IMPL();
449 #else // ENABLE(JIT)
450     codeBlock->dontJITAnytimeSoon();
451     LLINT_END_IMPL();
452 #endif // ENABLE(JIT)
453 }
454
455 LLINT_SLOW_PATH_DECL(stack_check)
456 {
457     LLINT_BEGIN();
458 #if LLINT_SLOW_PATH_TRACING
459     dataLogF("Checking stack height with exec = %p.\n", exec);
460     dataLogF("CodeBlock = %p.\n", exec->codeBlock());
461     dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeLocals);
462     dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars);
463
464 #if ENABLE(JIT)
465     dataLogF("Current end is at %p.\n", exec->vm().stackLimit());
466 #else
467     dataLogF("Current end is at %p.\n", exec->vm().jsStackLimit());
468 #endif
469
470 #endif
471     // If the stack check succeeds and we don't need to throw the error, then
472     // we'll return 0 instead. The prologue will check for a non-zero value
473     // when determining whether to set the callFrame or not.
474
475     // For JIT enabled builds which uses the C stack, the stack is not growable.
476     // Hence, if we get here, then we know a stack overflow is imminent. So, just
477     // throw the StackOverflowError unconditionally.
478 #if !ENABLE(JIT)
479     ASSERT(!vm.interpreter->stack().containsAddress(exec->topOfFrame()));
480     if (LIKELY(vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
481         LLINT_RETURN_TWO(pc, 0);
482 #endif
483
484     vm.topCallFrame = exec;
485     ErrorHandlingScope errorScope(vm);
486     vm.throwException(exec, createStackOverflowError(exec));
487     pc = returnToThrow(exec);
488     LLINT_RETURN_TWO(pc, exec);
489 }
490
491 LLINT_SLOW_PATH_DECL(slow_path_new_object)
492 {
493     LLINT_BEGIN();
494     LLINT_RETURN(constructEmptyObject(exec, pc[3].u.objectAllocationProfile->structure()));
495 }
496
497 LLINT_SLOW_PATH_DECL(slow_path_new_array)
498 {
499     LLINT_BEGIN();
500     LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
501 }
502
503 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
504 {
505     LLINT_BEGIN();
506     LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
507 }
508
509 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
510 {
511     LLINT_BEGIN();
512     LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
513 }
514
515 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
516 {
517     LLINT_BEGIN();
518     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
519     if (!regExp->isValid())
520         LLINT_THROW(createSyntaxError(exec, "Invalid flag supplied to RegExp constructor."));
521     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
522 }
523
524 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
525 {
526     LLINT_BEGIN();
527     JSValue value = LLINT_OP_C(2).jsValue();
528     JSValue proto = LLINT_OP_C(3).jsValue();
529     LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
530 }
531
532 LLINT_SLOW_PATH_DECL(slow_path_instanceof_custom)
533 {
534     LLINT_BEGIN();
535
536     JSValue value = LLINT_OP_C(2).jsValue();
537     JSValue constructor = LLINT_OP_C(3).jsValue();
538     JSValue hasInstanceValue = LLINT_OP_C(4).jsValue();
539
540     ASSERT(constructor.isObject());
541     ASSERT(hasInstanceValue != exec->lexicalGlobalObject()->functionProtoHasInstanceSymbolFunction() || !constructor.getObject()->structure()->typeInfo().implementsDefaultHasInstance());
542
543     JSValue result = jsBoolean(constructor.getObject()->hasInstance(exec, value, hasInstanceValue));
544     LLINT_RETURN(result);
545 }
546
547 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
548 {
549     LLINT_BEGIN();
550     CodeBlock* codeBlock = exec->codeBlock();
551     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
552     JSValue baseValue = LLINT_OP_C(2).jsValue();
553     PropertySlot slot(baseValue, PropertySlot::PropertySlot::InternalMethodType::Get);
554
555     JSValue result = baseValue.get(exec, ident, slot);
556     LLINT_CHECK_EXCEPTION();
557     LLINT_OP(1) = result;
558     
559     if (!LLINT_ALWAYS_ACCESS_SLOW
560         && baseValue.isCell()
561         && slot.isCacheable()
562         && slot.slotBase() == baseValue
563         && slot.isCacheableValue()) {
564         
565         JSCell* baseCell = baseValue.asCell();
566         Structure* structure = baseCell->structure();
567         
568         // Start out by clearing out the old cache.
569         pc[0].u.opcode = LLInt::getOpcode(op_get_by_id);
570         pc[4].u.pointer = nullptr; // old structure
571         pc[5].u.pointer = nullptr; // offset
572         
573         if (!structure->isUncacheableDictionary()
574             && !structure->typeInfo().prohibitsPropertyCaching()
575             && !structure->typeInfo().newImpurePropertyFiresWatchpoints()) {
576             vm.heap.writeBarrier(codeBlock);
577             
578             ConcurrentJITLocker locker(codeBlock->m_lock);
579
580             pc[4].u.structureID = structure->id();
581             pc[5].u.operand = slot.cachedOffset();
582         }
583     }
584
585     if (!LLINT_ALWAYS_ACCESS_SLOW
586         && isJSArray(baseValue)
587         && ident == exec->propertyNames().length) {
588         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
589         ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
590         arrayProfile->observeStructure(baseValue.asCell()->structure());
591         pc[4].u.arrayProfile = arrayProfile;
592     }
593
594     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
595     LLINT_END();
596 }
597
598 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
599 {
600     LLINT_BEGIN();
601     CodeBlock* codeBlock = exec->codeBlock();
602     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
603     JSValue baseValue = LLINT_OP(2).jsValue();
604     PropertySlot slot(baseValue, PropertySlot::InternalMethodType::Get);
605     LLINT_RETURN(baseValue.get(exec, ident, slot));
606 }
607
608 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
609 {
610     LLINT_BEGIN();
611     CodeBlock* codeBlock = exec->codeBlock();
612     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
613     
614     JSValue baseValue = LLINT_OP_C(1).jsValue();
615     PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext());
616     if (pc[8].u.putByIdFlags & PutByIdIsDirect)
617         asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot);
618     else
619         baseValue.putInline(exec, ident, LLINT_OP_C(3).jsValue(), slot);
620     LLINT_CHECK_EXCEPTION();
621     
622     if (!LLINT_ALWAYS_ACCESS_SLOW
623         && baseValue.isCell()
624         && slot.isCacheablePut()) {
625
626         // Start out by clearing out the old cache.
627         pc[4].u.pointer = nullptr; // old structure
628         pc[5].u.pointer = nullptr; // offset
629         pc[6].u.pointer = nullptr; // new structure
630         pc[7].u.pointer = nullptr; // structure chain
631         pc[8].u.putByIdFlags =
632             static_cast<PutByIdFlags>(pc[8].u.putByIdFlags & PutByIdPersistentFlagsMask);
633         
634         JSCell* baseCell = baseValue.asCell();
635         Structure* structure = baseCell->structure();
636         
637         if (!structure->isUncacheableDictionary()
638             && !structure->typeInfo().prohibitsPropertyCaching()
639             && baseCell == slot.base()) {
640
641             vm.heap.writeBarrier(codeBlock);
642             
643             if (slot.type() == PutPropertySlot::NewProperty) {
644                 GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap);
645             
646                 if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) {
647                     ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
648
649                     if (normalizePrototypeChain(exec, structure) != InvalidPrototypeChain) {
650                         ASSERT(structure->previousID()->isObject());
651                         pc[4].u.structureID = structure->previousID()->id();
652                         pc[5].u.operand = slot.cachedOffset();
653                         pc[6].u.structureID = structure->id();
654                         if (!(pc[8].u.putByIdFlags & PutByIdIsDirect)) {
655                             StructureChain* chain = structure->prototypeChain(exec);
656                             ASSERT(chain);
657                             pc[7].u.structureChain.set(
658                                 vm, codeBlock, chain);
659                         }
660                         pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
661                             pc[8].u.putByIdFlags |
662                             structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
663                     }
664                 }
665             } else {
666                 structure->didCachePropertyReplacement(vm, slot.cachedOffset());
667                 pc[4].u.structureID = structure->id();
668                 pc[5].u.operand = slot.cachedOffset();
669                 pc[8].u.putByIdFlags = static_cast<PutByIdFlags>(
670                     pc[8].u.putByIdFlags |
671                     structure->inferredTypeDescriptorFor(ident.impl()).putByIdFlags());
672             }
673         }
674     }
675     
676     LLINT_END();
677 }
678
679 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
680 {
681     LLINT_BEGIN();
682     CodeBlock* codeBlock = exec->codeBlock();
683     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
684     LLINT_CHECK_EXCEPTION();
685     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
686     LLINT_CHECK_EXCEPTION();
687     if (!couldDelete && codeBlock->isStrictMode())
688         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
689     LLINT_RETURN(jsBoolean(couldDelete));
690 }
691
692 inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
693 {
694     if (LIKELY(baseValue.isCell() && subscript.isString())) {
695         VM& vm = exec->vm();
696         Structure& structure = *baseValue.asCell()->structure(vm);
697         if (JSCell::canUseFastGetOwnProperty(structure)) {
698             if (RefPtr<AtomicStringImpl> existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) {
699                 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString.get()))
700                     return result;
701             }
702         }
703     }
704     
705     if (subscript.isUInt32()) {
706         uint32_t i = subscript.asUInt32();
707         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
708             return asString(baseValue)->getIndex(exec, i);
709         
710         return baseValue.get(exec, i);
711     }
712
713     baseValue.requireObjectCoercible(exec);
714     if (exec->hadException())
715         return jsUndefined();
716     auto property = subscript.toPropertyKey(exec);
717     if (exec->hadException())
718         return jsUndefined();
719     return baseValue.get(exec, property);
720 }
721
722 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
723 {
724     LLINT_BEGIN();
725     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
726 }
727
728 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
729 {
730     LLINT_BEGIN();
731     
732     JSValue baseValue = LLINT_OP_C(1).jsValue();
733     JSValue subscript = LLINT_OP_C(2).jsValue();
734     JSValue value = LLINT_OP_C(3).jsValue();
735     
736     if (LIKELY(subscript.isUInt32())) {
737         uint32_t i = subscript.asUInt32();
738         if (baseValue.isObject()) {
739             JSObject* object = asObject(baseValue);
740             if (object->canSetIndexQuickly(i))
741                 object->setIndexQuickly(vm, i, value);
742             else
743                 object->methodTable()->putByIndex(object, exec, i, value, exec->codeBlock()->isStrictMode());
744             LLINT_END();
745         }
746         baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode());
747         LLINT_END();
748     }
749
750     auto property = subscript.toPropertyKey(exec);
751     LLINT_CHECK_EXCEPTION();
752     PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
753     baseValue.put(exec, property, value, slot);
754     LLINT_END();
755 }
756
757 LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct)
758 {
759     LLINT_BEGIN();
760     
761     JSValue baseValue = LLINT_OP_C(1).jsValue();
762     JSValue subscript = LLINT_OP_C(2).jsValue();
763     JSValue value = LLINT_OP_C(3).jsValue();
764     RELEASE_ASSERT(baseValue.isObject());
765     JSObject* baseObject = asObject(baseValue);
766     bool isStrictMode = exec->codeBlock()->isStrictMode();
767     if (LIKELY(subscript.isUInt32())) {
768         // Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices.
769         ASSERT(isIndex(subscript.asUInt32()));
770         baseObject->putDirectIndex(exec, subscript.asUInt32(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
771         LLINT_END();
772     }
773
774     if (subscript.isDouble()) {
775         double subscriptAsDouble = subscript.asDouble();
776         uint32_t subscriptAsUInt32 = static_cast<uint32_t>(subscriptAsDouble);
777         if (subscriptAsDouble == subscriptAsUInt32 && isIndex(subscriptAsUInt32)) {
778             baseObject->putDirectIndex(exec, subscriptAsUInt32, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
779             LLINT_END();
780         }
781     }
782
783     // Don't put to an object if toString threw an exception.
784     auto property = subscript.toPropertyKey(exec);
785     if (exec->vm().exception())
786         LLINT_END();
787
788     if (Optional<uint32_t> index = parseIndex(property))
789         baseObject->putDirectIndex(exec, index.value(), value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
790     else {
791         PutPropertySlot slot(baseObject, isStrictMode);
792         baseObject->putDirect(exec->vm(), property, value, slot);
793     }
794     LLINT_END();
795 }
796
797 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
798 {
799     LLINT_BEGIN();
800     JSValue baseValue = LLINT_OP_C(2).jsValue();
801     JSObject* baseObject = baseValue.toObject(exec);
802     LLINT_CHECK_EXCEPTION();
803
804     JSValue subscript = LLINT_OP_C(3).jsValue();
805     
806     bool couldDelete;
807     
808     uint32_t i;
809     if (subscript.getUInt32(i))
810         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
811     else {
812         LLINT_CHECK_EXCEPTION();
813         auto property = subscript.toPropertyKey(exec);
814         LLINT_CHECK_EXCEPTION();
815         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
816     }
817     
818     if (!couldDelete && exec->codeBlock()->isStrictMode())
819         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
820     
821     LLINT_RETURN(jsBoolean(couldDelete));
822 }
823
824 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
825 {
826     LLINT_BEGIN();
827     JSValue arrayValue = LLINT_OP_C(1).jsValue();
828     ASSERT(isJSArray(arrayValue));
829     asArray(arrayValue)->putDirectIndex(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
830     LLINT_END();
831 }
832
833 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_id)
834 {
835     LLINT_BEGIN();
836     ASSERT(LLINT_OP(1).jsValue().isObject());
837     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
838
839     unsigned options = pc[3].u.operand;
840
841     JSValue getter = LLINT_OP(4).jsValue();
842     ASSERT(getter.isObject());
843
844     baseObj->putGetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(getter), options);
845     LLINT_END();
846 }
847
848 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_id)
849 {
850     LLINT_BEGIN();
851     ASSERT(LLINT_OP(1).jsValue().isObject());
852     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
853
854     unsigned options = pc[3].u.operand;
855
856     JSValue setter = LLINT_OP(4).jsValue();
857     ASSERT(setter.isObject());
858
859     baseObj->putSetter(exec, exec->codeBlock()->identifier(pc[2].u.operand), asObject(setter), options);
860     LLINT_END();
861 }
862
863 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter_by_id)
864 {
865     LLINT_BEGIN();
866     ASSERT(LLINT_OP(1).jsValue().isObject());
867     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
868     
869     GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject());
870     LLINT_CHECK_EXCEPTION();
871
872     JSValue getter = LLINT_OP(4).jsValue();
873     JSValue setter = LLINT_OP(5).jsValue();
874     ASSERT(getter.isObject() || getter.isUndefined());
875     ASSERT(setter.isObject() || setter.isUndefined());
876     ASSERT(getter.isObject() || setter.isObject());
877     
878     if (!getter.isUndefined())
879         accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter));
880     if (!setter.isUndefined())
881         accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter));
882     baseObj->putDirectAccessor(
883         exec,
884         exec->codeBlock()->identifier(pc[2].u.operand),
885         accessor, pc[3].u.operand);
886     LLINT_END();
887 }
888
889 LLINT_SLOW_PATH_DECL(slow_path_put_getter_by_val)
890 {
891     LLINT_BEGIN();
892     ASSERT(LLINT_OP(1).jsValue().isObject());
893     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
894     JSValue subscript = LLINT_OP_C(2).jsValue();
895
896     unsigned options = pc[3].u.operand;
897
898     JSValue getter = LLINT_OP(4).jsValue();
899     ASSERT(getter.isObject());
900
901     auto property = subscript.toPropertyKey(exec);
902     LLINT_CHECK_EXCEPTION();
903
904     baseObj->putGetter(exec, property, asObject(getter), options);
905     LLINT_END();
906 }
907
908 LLINT_SLOW_PATH_DECL(slow_path_put_setter_by_val)
909 {
910     LLINT_BEGIN();
911     ASSERT(LLINT_OP(1).jsValue().isObject());
912     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
913     JSValue subscript = LLINT_OP_C(2).jsValue();
914
915     unsigned options = pc[3].u.operand;
916
917     JSValue setter = LLINT_OP(4).jsValue();
918     ASSERT(setter.isObject());
919
920     auto property = subscript.toPropertyKey(exec);
921     LLINT_CHECK_EXCEPTION();
922
923     baseObj->putSetter(exec, property, asObject(setter), options);
924     LLINT_END();
925 }
926
927 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
928 {
929     LLINT_BEGIN();
930     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
931 }
932
933 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
934 {
935     LLINT_BEGIN();
936     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
937 }
938
939 LLINT_SLOW_PATH_DECL(slow_path_jless)
940 {
941     LLINT_BEGIN();
942     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
943 }
944
945 LLINT_SLOW_PATH_DECL(slow_path_jnless)
946 {
947     LLINT_BEGIN();
948     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
949 }
950
951 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
952 {
953     LLINT_BEGIN();
954     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
955 }
956
957 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
958 {
959     LLINT_BEGIN();
960     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
961 }
962
963 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
964 {
965     LLINT_BEGIN();
966     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
967 }
968
969 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
970 {
971     LLINT_BEGIN();
972     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
973 }
974
975 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
976 {
977     LLINT_BEGIN();
978     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
979 }
980
981 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
982 {
983     LLINT_BEGIN();
984     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
985 }
986
987 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
988 {
989     LLINT_BEGIN();
990     JSValue scrutinee = LLINT_OP_C(3).jsValue();
991     ASSERT(scrutinee.isDouble());
992     double value = scrutinee.asDouble();
993     int32_t intValue = static_cast<int32_t>(value);
994     int defaultOffset = pc[2].u.operand;
995     if (value == intValue) {
996         CodeBlock* codeBlock = exec->codeBlock();
997         pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
998     } else
999         pc += defaultOffset;
1000     LLINT_END();
1001 }
1002
1003 LLINT_SLOW_PATH_DECL(slow_path_switch_char)
1004 {
1005     LLINT_BEGIN();
1006     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1007     ASSERT(scrutinee.isString());
1008     JSString* string = asString(scrutinee);
1009     ASSERT(string->length() == 1);
1010     int defaultOffset = pc[2].u.operand;
1011     StringImpl* impl = string->value(exec).impl();
1012     CodeBlock* codeBlock = exec->codeBlock();
1013     pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
1014     LLINT_END();
1015 }
1016
1017 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
1018 {
1019     LLINT_BEGIN();
1020     JSValue scrutinee = LLINT_OP_C(3).jsValue();
1021     int defaultOffset = pc[2].u.operand;
1022     if (!scrutinee.isString())
1023         pc += defaultOffset;
1024     else {
1025         CodeBlock* codeBlock = exec->codeBlock();
1026         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
1027     }
1028     LLINT_END();
1029 }
1030
1031 LLINT_SLOW_PATH_DECL(slow_path_new_func)
1032 {
1033     LLINT_BEGIN();
1034     CodeBlock* codeBlock = exec->codeBlock();
1035     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1036 #if LLINT_SLOW_PATH_TRACING
1037     dataLogF("Creating function!\n");
1038 #endif
1039     LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1040 }
1041
1042 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func)
1043 {
1044     LLINT_BEGIN();
1045     CodeBlock* codeBlock = exec->codeBlock();
1046     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1047 #if LLINT_SLOW_PATH_TRACING
1048     dataLogF("Creating function!\n");
1049 #endif
1050     LLINT_RETURN(JSGeneratorFunction::create(vm, codeBlock->functionDecl(pc[3].u.operand), scope));
1051 }
1052
1053 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1054 {
1055     LLINT_BEGIN();
1056     
1057     CodeBlock* codeBlock = exec->codeBlock();
1058     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1059     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1060     
1061     LLINT_RETURN(JSFunction::create(vm, executable, scope));
1062 }
1063
1064 LLINT_SLOW_PATH_DECL(slow_path_new_generator_func_exp)
1065 {
1066     LLINT_BEGIN();
1067
1068     CodeBlock* codeBlock = exec->codeBlock();
1069     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1070     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1071
1072     LLINT_RETURN(JSGeneratorFunction::create(vm, executable, scope));
1073 }
1074
1075 LLINT_SLOW_PATH_DECL(slow_path_new_arrow_func_exp)
1076 {
1077     LLINT_BEGIN();
1078     
1079     CodeBlock* codeBlock = exec->codeBlock();
1080     JSScope* scope = exec->uncheckedR(pc[2].u.operand).Register::scope();
1081     FunctionExecutable* executable = codeBlock->functionExpr(pc[3].u.operand);
1082     
1083     LLINT_RETURN(JSFunction::create(vm, executable, scope));
1084 }
1085
1086 LLINT_SLOW_PATH_DECL(slow_path_set_function_name)
1087 {
1088     LLINT_BEGIN();
1089     JSFunction* func = jsCast<JSFunction*>(LLINT_OP(1).Register::unboxedCell());
1090     JSValue name = LLINT_OP_C(2).Register::jsValue();
1091     func->setFunctionName(exec, name);
1092     LLINT_END();
1093 }
1094
1095 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1096 {
1097     UNUSED_PARAM(pc);
1098
1099 #if LLINT_SLOW_PATH_TRACING
1100     dataLog("Performing host call.\n");
1101 #endif
1102     
1103     ExecState* exec = execCallee->callerFrame();
1104     VM& vm = exec->vm();
1105
1106     execCallee->setCodeBlock(0);
1107     execCallee->clearReturnPC();
1108
1109     if (kind == CodeForCall) {
1110         CallData callData;
1111         CallType callType = getCallData(callee, callData);
1112     
1113         ASSERT(callType != CallType::JS);
1114     
1115         if (callType == CallType::Host) {
1116             NativeCallFrameTracer tracer(&vm, execCallee);
1117             execCallee->setCallee(asObject(callee));
1118             vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1119             
1120             LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1121         }
1122         
1123 #if LLINT_SLOW_PATH_TRACING
1124         dataLog("Call callee is not a function: ", callee, "\n");
1125 #endif
1126
1127         ASSERT(callType == CallType::None);
1128         LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee));
1129     }
1130
1131     ASSERT(kind == CodeForConstruct);
1132     
1133     ConstructData constructData;
1134     ConstructType constructType = getConstructData(callee, constructData);
1135     
1136     ASSERT(constructType != ConstructType::JS);
1137     
1138     if (constructType == ConstructType::Host) {
1139         NativeCallFrameTracer tracer(&vm, execCallee);
1140         execCallee->setCallee(asObject(callee));
1141         vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1142
1143         LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1144     }
1145     
1146 #if LLINT_SLOW_PATH_TRACING
1147     dataLog("Constructor callee is not a function: ", callee, "\n");
1148 #endif
1149
1150     ASSERT(constructType == ConstructType::None);
1151     LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1152 }
1153
1154 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1155 {
1156     ExecState* exec = execCallee->callerFrame();
1157
1158 #if LLINT_SLOW_PATH_TRACING
1159     dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC());
1160 #endif
1161     
1162     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1163     if (!calleeAsFunctionCell)
1164         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1165     
1166     JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
1167     JSScope* scope = callee->scopeUnchecked();
1168     VM& vm = *scope->vm();
1169     ExecutableBase* executable = callee->executable();
1170
1171     MacroAssemblerCodePtr codePtr;
1172     CodeBlock* codeBlock = 0;
1173     bool isWebAssemblyExecutable = false;
1174 #if ENABLE(WEBASSEMBLY)
1175     isWebAssemblyExecutable = executable->isWebAssemblyExecutable();
1176 #endif
1177
1178     if (executable->isHostFunction()) {
1179         codePtr = executable->entrypointFor(kind, MustCheckArity);
1180     } else if (!isWebAssemblyExecutable) {
1181         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1182
1183         if (!isCall(kind) && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct)
1184             LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1185
1186         JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, scope, kind);
1187         if (error)
1188             LLINT_CALL_THROW(exec, error);
1189         codeBlock = functionExecutable->codeBlockFor(kind);
1190         ASSERT(codeBlock);
1191         ArityCheckMode arity;
1192         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1193             arity = MustCheckArity;
1194         else
1195             arity = ArityCheckNotRequired;
1196         codePtr = functionExecutable->entrypointFor(kind, arity);
1197     } else {
1198 #if ENABLE(WEBASSEMBLY)
1199         WebAssemblyExecutable* webAssemblyExecutable = static_cast<WebAssemblyExecutable*>(executable);
1200         webAssemblyExecutable->prepareForExecution(execCallee);
1201         codeBlock = webAssemblyExecutable->codeBlockForCall();
1202         ASSERT(codeBlock);
1203         ArityCheckMode arity;
1204         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1205             arity = MustCheckArity;
1206         else
1207             arity = ArityCheckNotRequired;
1208         codePtr = webAssemblyExecutable->entrypointFor(kind, arity);
1209 #endif
1210     }
1211     
1212     ASSERT(!!codePtr);
1213     
1214     if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) {
1215         CodeBlock* callerCodeBlock = exec->codeBlock();
1216
1217         ConcurrentJITLocker locker(callerCodeBlock->m_lock);
1218         
1219         if (callLinkInfo->isOnList())
1220             callLinkInfo->remove();
1221         callLinkInfo->callee.set(vm, callerCodeBlock, callee);
1222         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, callee);
1223         callLinkInfo->machineCodeTarget = codePtr;
1224         if (codeBlock)
1225             codeBlock->linkIncomingCall(exec, callLinkInfo);
1226     }
1227
1228     LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
1229 }
1230
1231 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1232 {
1233     // This needs to:
1234     // - Set up a call frame.
1235     // - Figure out what to call and compile it if necessary.
1236     // - If possible, link the call's inline cache.
1237     // - Return a tuple of machine code address to call and the new call frame.
1238     
1239     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1240     
1241     ExecState* execCallee = exec - pc[4].u.operand;
1242     
1243     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1244     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1245     execCallee->setCallerFrame(exec);
1246     
1247     ASSERT(pc[5].u.callLinkInfo);
1248     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[5].u.callLinkInfo);
1249 }
1250
1251 LLINT_SLOW_PATH_DECL(slow_path_call)
1252 {
1253     LLINT_BEGIN_NO_SET_PC();
1254     return genericCall(exec, pc, CodeForCall);
1255 }
1256
1257 LLINT_SLOW_PATH_DECL(slow_path_construct)
1258 {
1259     LLINT_BEGIN_NO_SET_PC();
1260     return genericCall(exec, pc, CodeForConstruct);
1261 }
1262
1263 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs)
1264 {
1265     LLINT_BEGIN();
1266     // This needs to:
1267     // - Set up a call frame while respecting the variable arguments.
1268     
1269     unsigned numUsedStackSlots = -pc[5].u.operand;
1270     unsigned length = sizeFrameForVarargs(exec, &vm.interpreter->stack(),
1271         LLINT_OP_C(4).jsValue(), numUsedStackSlots, pc[6].u.operand);
1272     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1273     
1274     ExecState* execCallee = calleeFrameForVarargs(exec, numUsedStackSlots, length + 1);
1275     vm.varargsLength = length;
1276     vm.newCallFrameReturnValue = execCallee;
1277
1278     LLINT_RETURN_CALLEE_FRAME(execCallee);
1279 }
1280
1281 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1282 {
1283     LLINT_BEGIN_NO_SET_PC();
1284     // This needs to:
1285     // - Figure out what to call and compile it if necessary.
1286     // - Return a tuple of machine code address to call and the new call frame.
1287     
1288     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1289     
1290     ExecState* execCallee = vm.newCallFrameReturnValue;
1291
1292     setupVarargsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand, vm.varargsLength);
1293     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1294     
1295     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1296     execCallee->setCallerFrame(exec);
1297     exec->setCurrentVPC(pc);
1298     
1299     return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1300 }
1301     
1302 LLINT_SLOW_PATH_DECL(slow_path_construct_varargs)
1303 {
1304     LLINT_BEGIN_NO_SET_PC();
1305     // This needs to:
1306     // - Figure out what to call and compile it if necessary.
1307     // - Return a tuple of machine code address to call and the new call frame.
1308     
1309     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1310     
1311     ExecState* execCallee = vm.newCallFrameReturnValue;
1312     
1313     setupVarargsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand, vm.varargsLength);
1314     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1315     
1316     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1317     execCallee->setCallerFrame(exec);
1318     exec->setCurrentVPC(pc);
1319     
1320     return setUpCall(execCallee, pc, CodeForConstruct, calleeAsValue);
1321 }
1322     
1323 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1324 {
1325     LLINT_BEGIN_NO_SET_PC();
1326     JSValue calleeAsValue = LLINT_OP(2).jsValue();
1327     
1328     ExecState* execCallee = exec - pc[4].u.operand;
1329     
1330     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1331     execCallee->setCallerFrame(exec);
1332     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1333     execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
1334     execCallee->setCodeBlock(0);
1335     exec->setCurrentVPC(pc);
1336     
1337     if (!isHostFunction(calleeAsValue, globalFuncEval))
1338         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1339     
1340     vm.hostCallReturnValue = eval(execCallee);
1341     LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1342 }
1343
1344 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1345 {
1346     LLINT_BEGIN();
1347     LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand));
1348 }
1349
1350 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1351 {
1352     LLINT_BEGIN();
1353     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1354 }
1355
1356 LLINT_SLOW_PATH_DECL(slow_path_throw)
1357 {
1358     LLINT_BEGIN();
1359     LLINT_THROW(LLINT_OP_C(1).jsValue());
1360 }
1361
1362 LLINT_SLOW_PATH_DECL(slow_path_throw_static_error)
1363 {
1364     LLINT_BEGIN();
1365     JSValue errorMessageValue = LLINT_OP_C(1).jsValue();
1366     RELEASE_ASSERT(errorMessageValue.isString());
1367     String errorMessage = asString(errorMessageValue)->value(exec);
1368     if (pc[2].u.operand)
1369         LLINT_THROW(createReferenceError(exec, errorMessage));
1370     else
1371         LLINT_THROW(createTypeError(exec, errorMessage));
1372 }
1373
1374 LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)
1375 {
1376     LLINT_BEGIN_NO_SET_PC();
1377     ASSERT(vm.watchdog());
1378     if (UNLIKELY(vm.shouldTriggerTermination(exec)))
1379         LLINT_THROW(createTerminatedExecutionException(&vm));
1380     LLINT_RETURN_TWO(0, exec);
1381 }
1382
1383 LLINT_SLOW_PATH_DECL(slow_path_debug)
1384 {
1385     LLINT_BEGIN();
1386     int debugHookID = pc[1].u.operand;
1387     vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID));
1388     
1389     LLINT_END();
1390 }
1391
1392 LLINT_SLOW_PATH_DECL(slow_path_profile_will_call)
1393 {
1394     LLINT_BEGIN();
1395     if (LegacyProfiler* profiler = vm.enabledProfiler())
1396         profiler->willExecute(exec, LLINT_OP(1).jsValue());
1397     LLINT_END();
1398 }
1399
1400 LLINT_SLOW_PATH_DECL(slow_path_profile_did_call)
1401 {
1402     LLINT_BEGIN();
1403     if (LegacyProfiler* profiler = vm.enabledProfiler())
1404         profiler->didExecute(exec, LLINT_OP(1).jsValue());
1405     LLINT_END();
1406 }
1407
1408 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
1409 {
1410     LLINT_BEGIN_NO_SET_PC();
1411     genericUnwind(&vm, exec);
1412     LLINT_END_IMPL();
1413 }
1414
1415 LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
1416 {
1417     LLINT_BEGIN();
1418
1419     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
1420     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
1421     GetPutInfo getPutInfo(pc[4].u.operand);
1422
1423     // ModuleVar is always converted to ClosureVar for get_from_scope.
1424     ASSERT(getPutInfo.resolveType() != ModuleVar);
1425
1426     PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
1427     if (!scope->getPropertySlot(exec, ident, slot)) {
1428         if (getPutInfo.resolveMode() == ThrowIfNotFound)
1429             LLINT_RETURN(exec->vm().throwException(exec, createUndefinedVariableError(exec, ident)));
1430         LLINT_RETURN(jsUndefined());
1431     }
1432
1433     JSValue result = JSValue();
1434     if (scope->isGlobalLexicalEnvironment()) {
1435         // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1436         result = slot.getValue(exec, ident);
1437         if (result == jsTDZValue())
1438             LLINT_THROW(createTDZError(exec));
1439     }
1440
1441     CommonSlowPaths::tryCacheGetFromScopeGlobal(exec, vm, pc, scope, slot, ident);
1442
1443     if (!result)
1444         result = slot.getValue(exec, ident);
1445     LLINT_RETURN(result);
1446 }
1447
1448 LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
1449 {
1450     LLINT_BEGIN();
1451
1452     CodeBlock* codeBlock = exec->codeBlock();
1453     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
1454     JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue());
1455     JSValue value = LLINT_OP_C(3).jsValue();
1456     GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand);
1457     if (getPutInfo.resolveType() == LocalClosureVar) {
1458         JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
1459         environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
1460         
1461         // Have to do this *after* the write, because if this puts the set into IsWatched, then we need
1462         // to have already changed the value of the variable. Otherwise we might watch and constant-fold
1463         // to the Undefined value from before the assignment.
1464         if (WatchpointSet* set = pc[5].u.watchpointSet)
1465             set->touch("Executed op_put_scope<LocalClosureVar>");
1466         LLINT_END();
1467     }
1468
1469     bool hasProperty = scope->hasProperty(exec, ident);
1470     if (hasProperty
1471         && scope->isGlobalLexicalEnvironment()
1472         && getPutInfo.initializationMode() != Initialization) {
1473         // When we can't statically prove we need a TDZ check, we must perform the check on the slow path.
1474         PropertySlot slot(scope, PropertySlot::InternalMethodType::Get);
1475         JSGlobalLexicalEnvironment::getOwnPropertySlot(scope, exec, ident, slot);
1476         if (slot.getValue(exec, ident) == jsTDZValue())
1477             LLINT_THROW(createTDZError(exec));
1478     }
1479
1480     if (getPutInfo.resolveMode() == ThrowIfNotFound && !hasProperty)
1481         LLINT_THROW(createUndefinedVariableError(exec, ident));
1482
1483     PutPropertySlot slot(scope, codeBlock->isStrictMode(), PutPropertySlot::UnknownContext, getPutInfo.initializationMode() == Initialization);
1484     scope->methodTable()->put(scope, exec, ident, value, slot);
1485     
1486     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, getPutInfo, slot, ident);
1487
1488     LLINT_END();
1489 }
1490
1491 LLINT_SLOW_PATH_DECL(slow_path_check_if_exception_is_uncatchable_and_notify_profiler)
1492 {
1493     LLINT_BEGIN();
1494     RELEASE_ASSERT(!!vm.exception());
1495
1496     if (LegacyProfiler* profiler = vm.enabledProfiler())
1497         profiler->exceptionUnwind(exec);
1498
1499     if (isTerminatedExecutionException(vm.exception()))
1500         LLINT_RETURN_TWO(pc, bitwise_cast<void*>(static_cast<uintptr_t>(1)));
1501     LLINT_RETURN_TWO(pc, 0);
1502 }
1503
1504 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame)
1505 {
1506     ExecState* exec = vm->topCallFrame;
1507     if (!exec)
1508         exec = protoFrame->callee()->globalObject()->globalExec();
1509     throwStackOverflowError(exec);
1510     return encodeResult(0, 0);
1511 }
1512
1513 #if !ENABLE(JIT)
1514 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
1515 {
1516     bool success = vm->interpreter->stack().ensureCapacityFor(newTopOfStack);
1517     return encodeResult(reinterpret_cast<void*>(success), 0);
1518 }
1519 #endif
1520
1521 extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell)
1522 {
1523     VM& vm = exec->vm();
1524     vm.heap.writeBarrier(cell);
1525 }
1526
1527 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash()
1528 {
1529     CRASH();
1530 }
1531
1532 } } // namespace JSC::LLInt