2f730f75b914b0f46f86c6fe488390c9f2998bea
[WebKit-https.git] / Source / JavaScriptCore / llint / LLIntSlowPaths.cpp
1 /*
2  * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
24  */
25
26 #include "config.h"
27 #include "LLIntSlowPaths.h"
28 #include "Arguments.h"
29 #include "ArrayConstructor.h"
30 #include "CallFrame.h"
31 #include "CommonSlowPaths.h"
32 #include "CommonSlowPathsExceptions.h"
33 #include "ErrorHandlingScope.h"
34 #include "ExceptionFuzz.h"
35 #include "GetterSetter.h"
36 #include "HostCallReturnValue.h"
37 #include "Interpreter.h"
38 #include "JIT.h"
39 #include "JITExceptions.h"
40 #include "JSActivation.h"
41 #include "JSCJSValue.h"
42 #include "JSGlobalObjectFunctions.h"
43 #include "JSNameScope.h"
44 #include "JSStackInlines.h"
45 #include "JSString.h"
46 #include "JSWithScope.h"
47 #include "LLIntCommon.h"
48 #include "LLIntExceptions.h"
49 #include "LowLevelInterpreter.h"
50 #include "ObjectConstructor.h"
51 #include "JSCInlines.h"
52 #include "ProtoCallFrame.h"
53 #include "StructureRareDataInlines.h"
54 #include <wtf/StringPrintStream.h>
55
56 namespace JSC { namespace LLInt {
57
58 #define LLINT_BEGIN_NO_SET_PC() \
59     VM& vm = exec->vm();      \
60     NativeCallFrameTracer tracer(&vm, exec)
61
62 #ifndef NDEBUG
63 #define LLINT_SET_PC_FOR_STUBS() do { \
64         exec->codeBlock()->bytecodeOffset(pc); \
65         exec->setCurrentVPC(pc + 1); \
66     } while (false)
67 #else
68 #define LLINT_SET_PC_FOR_STUBS() do { \
69         exec->setCurrentVPC(pc + 1); \
70     } while (false)
71 #endif
72
73 #define LLINT_BEGIN()                           \
74     LLINT_BEGIN_NO_SET_PC();                    \
75     LLINT_SET_PC_FOR_STUBS()
76
77 #define LLINT_OP(index) (exec->uncheckedR(pc[index].u.operand))
78 #define LLINT_OP_C(index) (exec->r(pc[index].u.operand))
79
80 #define LLINT_RETURN_TWO(first, second) do {       \
81         return encodeResult(first, second);        \
82     } while (false)
83
84 #define LLINT_END_IMPL() LLINT_RETURN_TWO(pc, 0)
85
86 #define LLINT_THROW(exceptionToThrow) do {                        \
87         vm.throwException(exec, exceptionToThrow);                \
88         pc = returnToThrow(exec);                                 \
89         LLINT_END_IMPL();                                         \
90     } while (false)
91
92 #define LLINT_CHECK_EXCEPTION() do {                    \
93         doExceptionFuzzingIfEnabled(exec, "LLIntSlowPaths", pc);    \
94         if (UNLIKELY(vm.exception())) {                 \
95             pc = returnToThrow(exec);                   \
96             LLINT_END_IMPL();                           \
97         }                                               \
98     } while (false)
99
100 #define LLINT_END() do {                        \
101         LLINT_CHECK_EXCEPTION();                \
102         LLINT_END_IMPL();                       \
103     } while (false)
104
105 #define LLINT_BRANCH(opcode, condition) do {                      \
106         bool __b_condition = (condition);                         \
107         LLINT_CHECK_EXCEPTION();                                  \
108         if (__b_condition)                                        \
109             pc += pc[OPCODE_LENGTH(opcode) - 1].u.operand;        \
110         else                                                      \
111             pc += OPCODE_LENGTH(opcode);                          \
112         LLINT_END_IMPL();                                         \
113     } while (false)
114
115 #define LLINT_RETURN(value) do {                \
116         JSValue __r_returnValue = (value);      \
117         LLINT_CHECK_EXCEPTION();                \
118         LLINT_OP(1) = __r_returnValue;          \
119         LLINT_END_IMPL();                       \
120     } while (false)
121
122 #define LLINT_RETURN_WITH_PC_ADJUSTMENT(value, pcAdjustment) do { \
123         JSValue __r_returnValue = (value);      \
124         LLINT_CHECK_EXCEPTION();                \
125         LLINT_OP(1) = __r_returnValue;          \
126         pc += (pcAdjustment);                   \
127         LLINT_END_IMPL();                       \
128     } while (false)
129
130 #define LLINT_RETURN_PROFILED(opcode, value) do {               \
131         JSValue __rp_returnValue = (value);                     \
132         LLINT_CHECK_EXCEPTION();                                \
133         LLINT_OP(1) = __rp_returnValue;                         \
134         LLINT_PROFILE_VALUE(opcode, __rp_returnValue);          \
135         LLINT_END_IMPL();                                       \
136     } while (false)
137
138 #define LLINT_PROFILE_VALUE(opcode, value) do { \
139         pc[OPCODE_LENGTH(opcode) - 1].u.profile->m_buckets[0] = \
140         JSValue::encode(value);                  \
141     } while (false)
142
143 #define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
144
145 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
146         ExecState* __ct_exec = (exec);                                  \
147         vm.throwException(__ct_exec, exceptionToThrow);                 \
148         LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
149     } while (false)
150
151 #define LLINT_CALL_CHECK_EXCEPTION(exec, execCallee) do {               \
152         ExecState* __cce_exec = (exec);                                 \
153         ExecState* __cce_execCallee = (execCallee);                     \
154         doExceptionFuzzingIfEnabled(__cce_exec, "LLIntSlowPaths/call", nullptr); \
155         if (UNLIKELY(vm.exception()))                                   \
156             LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
157     } while (false)
158
159 #define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
160         ExecState* __cr_exec = (exec);                                  \
161         ExecState* __cr_execCallee = (execCallee);                      \
162         void* __cr_callTarget = (callTarget);                           \
163         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
164         LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
165     } while (false)
166
167 #define LLINT_RETURN_CALLEE_FRAME(execCallee) do {                      \
168         ExecState* __rcf_exec = (execCallee);                           \
169         LLINT_RETURN_TWO(pc, __rcf_exec);                               \
170     } while (false)
171
172 extern "C" SlowPathReturnType llint_trace_operand(ExecState* exec, Instruction* pc, int fromWhere, int operand)
173 {
174     LLINT_BEGIN();
175     dataLogF("%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d\n",
176             exec->codeBlock(),
177             exec,
178             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
179             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
180             fromWhere,
181             operand,
182             pc[operand].u.operand);
183     LLINT_END();
184 }
185
186 extern "C" SlowPathReturnType llint_trace_value(ExecState* exec, Instruction* pc, int fromWhere, int operand)
187 {
188     JSValue value = LLINT_OP_C(operand).jsValue();
189     union {
190         struct {
191             uint32_t tag;
192             uint32_t payload;
193         } bits;
194         EncodedJSValue asValue;
195     } u;
196     u.asValue = JSValue::encode(value);
197     dataLogF(
198         "%p / %p: executing bc#%zu, op#%u: Trace(%d): %d: %d: %08x:%08x: %s\n",
199         exec->codeBlock(),
200         exec,
201         static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
202         exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
203         fromWhere,
204         operand,
205         pc[operand].u.operand,
206         u.bits.tag,
207         u.bits.payload,
208         toCString(value).data());
209     LLINT_END_IMPL();
210 }
211
212 LLINT_SLOW_PATH_DECL(trace_prologue)
213 {
214     dataLogF("%p / %p: in prologue.\n", exec->codeBlock(), exec);
215     LLINT_END_IMPL();
216 }
217
218 static void traceFunctionPrologue(ExecState* exec, const char* comment, CodeSpecializationKind kind)
219 {
220     JSFunction* callee = jsCast<JSFunction*>(exec->callee());
221     FunctionExecutable* executable = callee->jsExecutable();
222     CodeBlock* codeBlock = executable->codeBlockFor(kind);
223     dataLogF("%p / %p: in %s of function %p, executable %p; numVars = %u, numParameters = %u, numCalleeRegisters = %u, caller = %p.\n",
224             codeBlock, exec, comment, callee, executable,
225             codeBlock->m_numVars, codeBlock->numParameters(), codeBlock->m_numCalleeRegisters,
226             exec->callerFrame());
227 }
228
229 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_call)
230 {
231     traceFunctionPrologue(exec, "call prologue", CodeForCall);
232     LLINT_END_IMPL();
233 }
234
235 LLINT_SLOW_PATH_DECL(trace_prologue_function_for_construct)
236 {
237     traceFunctionPrologue(exec, "construct prologue", CodeForConstruct);
238     LLINT_END_IMPL();
239 }
240
241 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_call)
242 {
243     traceFunctionPrologue(exec, "call arity check", CodeForCall);
244     LLINT_END_IMPL();
245 }
246
247 LLINT_SLOW_PATH_DECL(trace_arityCheck_for_construct)
248 {
249     traceFunctionPrologue(exec, "construct arity check", CodeForConstruct);
250     LLINT_END_IMPL();
251 }
252
253 LLINT_SLOW_PATH_DECL(trace)
254 {
255     dataLogF("%p / %p: executing bc#%zu, %s, scope %p, pc = %p\n",
256             exec->codeBlock(),
257             exec,
258             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
259             opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)],
260             exec->scope(), pc);
261     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
262         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
263         *bitwise_cast<volatile char*>(exec->returnPC().value());
264     }
265     if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
266         dataLogF("Will be returning to %p\n", exec->returnPC().value());
267         dataLogF("The new cfr will be %p\n", exec->callerFrame());
268     }
269     LLINT_END_IMPL();
270 }
271
272 LLINT_SLOW_PATH_DECL(special_trace)
273 {
274     dataLogF("%p / %p: executing special case bc#%zu, op#%u, return PC is %p\n",
275             exec->codeBlock(),
276             exec,
277             static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
278             exec->vm().interpreter->getOpcodeID(pc[0].u.opcode),
279             exec->returnPC().value());
280     LLINT_END_IMPL();
281 }
282
283 enum EntryKind { Prologue, ArityCheck };
284
285 #if ENABLE(JIT)
286 inline bool shouldJIT(ExecState* exec)
287 {
288     // You can modify this to turn off JITting without rebuilding the world.
289     return exec->vm().canUseJIT();
290 }
291
292 // Returns true if we should try to OSR.
293 inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
294 {
295     VM& vm = exec->vm();
296     DeferGCForAWhile deferGC(vm.heap); // My callers don't set top callframe, so we don't want to GC here at all.
297     
298     codeBlock->updateAllValueProfilePredictions();
299     
300     if (!codeBlock->checkIfJITThresholdReached()) {
301         if (Options::verboseOSR())
302             dataLogF("    JIT threshold should be lifted.\n");
303         return false;
304     }
305     
306     switch (codeBlock->jitType()) {
307     case JITCode::BaselineJIT: {
308         if (Options::verboseOSR())
309             dataLogF("    Code was already compiled.\n");
310         codeBlock->jitSoon();
311         return true;
312     }
313     case JITCode::InterpreterThunk: {
314         CompilationResult result = JIT::compile(&vm, codeBlock, JITCompilationCanFail);
315         switch (result) {
316         case CompilationFailed:
317             if (Options::verboseOSR())
318                 dataLogF("    JIT compilation failed.\n");
319             codeBlock->dontJITAnytimeSoon();
320             return false;
321         case CompilationSuccessful:
322             if (Options::verboseOSR())
323                 dataLogF("    JIT compilation successful.\n");
324             codeBlock->install();
325             codeBlock->jitSoon();
326             return true;
327         default:
328             RELEASE_ASSERT_NOT_REACHED();
329             return false;
330         }
331     }
332     default:
333         RELEASE_ASSERT_NOT_REACHED();
334         return false;
335     }
336 }
337
338 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char *name, EntryKind kind)
339 {
340     if (Options::verboseOSR()) {
341         dataLog(
342             *codeBlock, ": Entered ", name, " with executeCounter = ",
343             codeBlock->llintExecuteCounter(), "\n");
344     }
345     
346     if (!shouldJIT(exec)) {
347         codeBlock->dontJITAnytimeSoon();
348         LLINT_RETURN_TWO(0, 0);
349     }
350     if (!jitCompileAndSetHeuristics(codeBlock, exec))
351         LLINT_RETURN_TWO(0, 0);
352     
353     if (kind == Prologue)
354         LLINT_RETURN_TWO(codeBlock->jitCode()->executableAddress(), 0);
355     ASSERT(kind == ArityCheck);
356     LLINT_RETURN_TWO(codeBlock->jitCode()->addressForCall(
357         *codeBlock->vm(), codeBlock->ownerExecutable(), MustCheckArity,
358         RegisterPreservationNotRequired).executableAddress(), 0);
359 }
360 #else // ENABLE(JIT)
361 static SlowPathReturnType entryOSR(ExecState* exec, Instruction*, CodeBlock* codeBlock, const char*, EntryKind)
362 {
363     codeBlock->dontJITAnytimeSoon();
364     LLINT_RETURN_TWO(0, exec);
365 }
366 #endif // ENABLE(JIT)
367
368 LLINT_SLOW_PATH_DECL(entry_osr)
369 {
370     return entryOSR(exec, pc, exec->codeBlock(), "entry_osr", Prologue);
371 }
372
373 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call)
374 {
375     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call", Prologue);
376 }
377
378 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct)
379 {
380     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct", Prologue);
381 }
382
383 LLINT_SLOW_PATH_DECL(entry_osr_function_for_call_arityCheck)
384 {
385     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForCall(), "entry_osr_function_for_call_arityCheck", ArityCheck);
386 }
387
388 LLINT_SLOW_PATH_DECL(entry_osr_function_for_construct_arityCheck)
389 {
390     return entryOSR(exec, pc, jsCast<JSFunction*>(exec->callee())->jsExecutable()->codeBlockForConstruct(), "entry_osr_function_for_construct_arityCheck", ArityCheck);
391 }
392
393 LLINT_SLOW_PATH_DECL(loop_osr)
394 {
395     CodeBlock* codeBlock = exec->codeBlock();
396
397 #if ENABLE(JIT)
398     if (Options::verboseOSR()) {
399         dataLog(
400             *codeBlock, ": Entered loop_osr with executeCounter = ",
401             codeBlock->llintExecuteCounter(), "\n");
402     }
403     
404     if (!shouldJIT(exec)) {
405         codeBlock->dontJITAnytimeSoon();
406         LLINT_RETURN_TWO(0, 0);
407     }
408     
409     if (!jitCompileAndSetHeuristics(codeBlock, exec))
410         LLINT_RETURN_TWO(0, 0);
411     
412     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
413     
414     Vector<BytecodeAndMachineOffset> map;
415     codeBlock->jitCodeMap()->decode(map);
416     BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
417     ASSERT(mapping);
418     ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
419     
420     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
421     ASSERT(jumpTarget);
422     
423     LLINT_RETURN_TWO(jumpTarget, exec->topOfFrame());
424 #else // ENABLE(JIT)
425     UNUSED_PARAM(pc);
426     codeBlock->dontJITAnytimeSoon();
427     LLINT_RETURN_TWO(0, 0);
428 #endif // ENABLE(JIT)
429 }
430
431 LLINT_SLOW_PATH_DECL(replace)
432 {
433     CodeBlock* codeBlock = exec->codeBlock();
434
435 #if ENABLE(JIT)
436     if (Options::verboseOSR()) {
437         dataLog(
438             *codeBlock, ": Entered replace with executeCounter = ",
439             codeBlock->llintExecuteCounter(), "\n");
440     }
441     
442     if (shouldJIT(exec))
443         jitCompileAndSetHeuristics(codeBlock, exec);
444     else
445         codeBlock->dontJITAnytimeSoon();
446     LLINT_END_IMPL();
447 #else // ENABLE(JIT)
448     codeBlock->dontJITAnytimeSoon();
449     LLINT_END_IMPL();
450 #endif // ENABLE(JIT)
451 }
452
453 LLINT_SLOW_PATH_DECL(stack_check)
454 {
455     LLINT_BEGIN();
456 #if LLINT_SLOW_PATH_TRACING
457     dataLogF("Checking stack height with exec = %p.\n", exec);
458     dataLogF("CodeBlock = %p.\n", exec->codeBlock());
459     dataLogF("Num callee registers = %u.\n", exec->codeBlock()->m_numCalleeRegisters);
460     dataLogF("Num vars = %u.\n", exec->codeBlock()->m_numVars);
461
462 #if ENABLE(LLINT_C_LOOP)
463     dataLogF("Current end is at %p.\n", exec->vm().jsStackLimit());
464 #else
465     dataLogF("Current end is at %p.\n", exec->vm().stackLimit());
466 #endif
467
468 #endif
469     // This stack check is done in the prologue for a function call, and the
470     // CallFrame is not completely set up yet. For example, if the frame needs
471     // an activation object, the activation object will only be set up after
472     // we start executing the function. If we need to throw a StackOverflowError
473     // here, then we need to tell the prologue to start the stack unwinding from
474     // the caller frame (which is fully set up) instead. To do that, we return
475     // the caller's CallFrame in the second return value.
476     //
477     // If the stack check succeeds and we don't need to throw the error, then
478     // we'll return 0 instead. The prologue will check for a non-zero value
479     // when determining whether to set the callFrame or not.
480
481     // For JIT enabled builds which uses the C stack, the stack is not growable.
482     // Hence, if we get here, then we know a stack overflow is imminent. So, just
483     // throw the StackOverflowError unconditionally.
484 #if !ENABLE(JIT)
485     ASSERT(!vm.interpreter->stack().containsAddress(exec->topOfFrame()));
486     if (LIKELY(vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
487         LLINT_RETURN_TWO(pc, 0);
488 #endif
489
490     exec = exec->callerFrame();
491     vm.topCallFrame = exec;
492     ErrorHandlingScope errorScope(vm);
493     CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
494     pc = returnToThrowForThrownException(exec);
495     LLINT_RETURN_TWO(pc, exec);
496 }
497
498 LLINT_SLOW_PATH_DECL(slow_path_create_activation)
499 {
500     LLINT_BEGIN();
501 #if LLINT_SLOW_PATH_TRACING
502     dataLogF("Creating an activation, exec = %p!\n", exec);
503 #endif
504     JSActivation* activation = JSActivation::create(vm, exec, exec->codeBlock());
505     exec->setScope(activation);
506     LLINT_RETURN(JSValue(activation));
507 }
508
509 LLINT_SLOW_PATH_DECL(slow_path_new_object)
510 {
511     LLINT_BEGIN();
512     LLINT_RETURN(constructEmptyObject(exec, pc[3].u.objectAllocationProfile->structure()));
513 }
514
515 LLINT_SLOW_PATH_DECL(slow_path_new_array)
516 {
517     LLINT_BEGIN();
518     LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));
519 }
520
521 LLINT_SLOW_PATH_DECL(slow_path_new_array_with_size)
522 {
523     LLINT_BEGIN();
524     LLINT_RETURN(constructArrayWithSizeQuirk(exec, pc[3].u.arrayAllocationProfile, exec->lexicalGlobalObject(), LLINT_OP_C(2).jsValue()));
525 }
526
527 LLINT_SLOW_PATH_DECL(slow_path_new_array_buffer)
528 {
529     LLINT_BEGIN();
530     LLINT_RETURN(constructArray(exec, pc[4].u.arrayAllocationProfile, exec->codeBlock()->constantBuffer(pc[2].u.operand), pc[3].u.operand));
531 }
532
533 LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
534 {
535     LLINT_BEGIN();
536     RegExp* regExp = exec->codeBlock()->regexp(pc[2].u.operand);
537     if (!regExp->isValid())
538         LLINT_THROW(createSyntaxError(exec, "Invalid flag supplied to RegExp constructor."));
539     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
540 }
541
542 LLINT_SLOW_PATH_DECL(slow_path_check_has_instance)
543 {
544     LLINT_BEGIN();
545     
546     JSValue value = LLINT_OP_C(2).jsValue();
547     JSValue baseVal = LLINT_OP_C(3).jsValue();
548     if (baseVal.isObject()) {
549         JSObject* baseObject = asObject(baseVal);
550         ASSERT(!baseObject->structure()->typeInfo().implementsDefaultHasInstance());
551         if (baseObject->structure()->typeInfo().implementsHasInstance()) {
552             JSValue result = jsBoolean(baseObject->methodTable()->customHasInstance(baseObject, exec, value));
553             LLINT_RETURN_WITH_PC_ADJUSTMENT(result, pc[4].u.operand);
554         }
555     }
556     LLINT_THROW(createInvalidParameterError(exec, "instanceof", baseVal));
557 }
558
559 LLINT_SLOW_PATH_DECL(slow_path_instanceof)
560 {
561     LLINT_BEGIN();
562     JSValue value = LLINT_OP_C(2).jsValue();
563     JSValue proto = LLINT_OP_C(3).jsValue();
564     ASSERT(!value.isObject() || !proto.isObject());
565     LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
566 }
567
568 LLINT_SLOW_PATH_DECL(slow_path_get_by_id)
569 {
570     LLINT_BEGIN();
571     CodeBlock* codeBlock = exec->codeBlock();
572     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
573     JSValue baseValue = LLINT_OP_C(2).jsValue();
574     PropertySlot slot(baseValue);
575
576     JSValue result = baseValue.get(exec, ident, slot);
577     LLINT_CHECK_EXCEPTION();
578     LLINT_OP(1) = result;
579     
580     if (!LLINT_ALWAYS_ACCESS_SLOW
581         && baseValue.isCell()
582         && slot.isCacheable()
583         && slot.slotBase() == baseValue
584         && slot.isCacheableValue()) {
585         
586         JSCell* baseCell = baseValue.asCell();
587         Structure* structure = baseCell->structure();
588         
589         if (!structure->isUncacheableDictionary()
590             && !structure->typeInfo().prohibitsPropertyCaching()
591             && !structure->typeInfo().newImpurePropertyFiresWatchpoints()) {
592             ConcurrentJITLocker locker(codeBlock->m_lock);
593
594             pc[4].u.structure.set(
595                 vm, codeBlock->ownerExecutable(), structure);
596             if (isInlineOffset(slot.cachedOffset())) {
597                 pc[0].u.opcode = LLInt::getOpcode(op_get_by_id);
598                 pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage();
599             } else {
600                 pc[0].u.opcode = LLInt::getOpcode(op_get_by_id_out_of_line);
601                 pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue);
602             }
603         }
604     }
605
606     if (!LLINT_ALWAYS_ACCESS_SLOW
607         && isJSArray(baseValue)
608         && ident == exec->propertyNames().length) {
609         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
610         ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
611         arrayProfile->observeStructure(baseValue.asCell()->structure());
612         pc[4].u.arrayProfile = arrayProfile;
613     }
614
615     pc[OPCODE_LENGTH(op_get_by_id) - 1].u.profile->m_buckets[0] = JSValue::encode(result);
616     LLINT_END();
617 }
618
619 LLINT_SLOW_PATH_DECL(slow_path_get_arguments_length)
620 {
621     LLINT_BEGIN();
622     CodeBlock* codeBlock = exec->codeBlock();
623     const Identifier& ident = codeBlock->identifier(pc[3].u.operand);
624     JSValue baseValue = LLINT_OP(2).jsValue();
625     PropertySlot slot(baseValue);
626     LLINT_RETURN(baseValue.get(exec, ident, slot));
627 }
628
629 LLINT_SLOW_PATH_DECL(slow_path_put_by_id)
630 {
631     LLINT_BEGIN();
632     CodeBlock* codeBlock = exec->codeBlock();
633     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
634     
635     JSValue baseValue = LLINT_OP_C(1).jsValue();
636     PutPropertySlot slot(baseValue, codeBlock->isStrictMode(), codeBlock->putByIdContext());
637     if (pc[8].u.operand)
638         asObject(baseValue)->putDirect(vm, ident, LLINT_OP_C(3).jsValue(), slot);
639     else
640         baseValue.put(exec, ident, LLINT_OP_C(3).jsValue(), slot);
641     LLINT_CHECK_EXCEPTION();
642     
643     if (!LLINT_ALWAYS_ACCESS_SLOW
644         && baseValue.isCell()
645         && slot.isCacheablePut()) {
646         
647         JSCell* baseCell = baseValue.asCell();
648         Structure* structure = baseCell->structure();
649         
650         if (!structure->isUncacheableDictionary()
651             && !structure->typeInfo().prohibitsPropertyCaching()
652             && baseCell == slot.base()) {
653             
654             if (slot.type() == PutPropertySlot::NewProperty) {
655                 GCSafeConcurrentJITLocker locker(codeBlock->m_lock, vm.heap);
656             
657                 if (!structure->isDictionary() && structure->previousID()->outOfLineCapacity() == structure->outOfLineCapacity()) {
658                     ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
659                     
660                     // This is needed because some of the methods we call
661                     // below may GC.
662                     pc[0].u.opcode = LLInt::getOpcode(op_put_by_id);
663
664                     if (normalizePrototypeChain(exec, baseCell) != InvalidPrototypeChain) {
665                         ASSERT(structure->previousID()->isObject());
666                         pc[4].u.structure.set(
667                             vm, codeBlock->ownerExecutable(), structure->previousID());
668                         if (isInlineOffset(slot.cachedOffset()))
669                             pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage();
670                         else
671                             pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue);
672                         pc[6].u.structure.set(
673                             vm, codeBlock->ownerExecutable(), structure);
674                         StructureChain* chain = structure->prototypeChain(exec);
675                         ASSERT(chain);
676                         pc[7].u.structureChain.set(
677                             vm, codeBlock->ownerExecutable(), chain);
678                     
679                         if (pc[8].u.operand) {
680                             if (isInlineOffset(slot.cachedOffset()))
681                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_direct);
682                             else
683                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_direct_out_of_line);
684                         } else {
685                             if (isInlineOffset(slot.cachedOffset()))
686                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_normal);
687                             else
688                                 pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_transition_normal_out_of_line);
689                         }
690                     }
691                 }
692             } else {
693                 structure->didCachePropertyReplacement(vm, slot.cachedOffset());
694                 pc[4].u.structure.set(
695                     vm, codeBlock->ownerExecutable(), structure);
696                 if (isInlineOffset(slot.cachedOffset())) {
697                     pc[0].u.opcode = LLInt::getOpcode(op_put_by_id);
698                     pc[5].u.operand = offsetInInlineStorage(slot.cachedOffset()) * sizeof(JSValue) + JSObject::offsetOfInlineStorage();
699                 } else {
700                     pc[0].u.opcode = LLInt::getOpcode(op_put_by_id_out_of_line);
701                     pc[5].u.operand = offsetInButterfly(slot.cachedOffset()) * sizeof(JSValue);
702                 }
703             }
704         }
705     }
706     
707     LLINT_END();
708 }
709
710 LLINT_SLOW_PATH_DECL(slow_path_del_by_id)
711 {
712     LLINT_BEGIN();
713     CodeBlock* codeBlock = exec->codeBlock();
714     JSObject* baseObject = LLINT_OP_C(2).jsValue().toObject(exec);
715     bool couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, codeBlock->identifier(pc[3].u.operand));
716     LLINT_CHECK_EXCEPTION();
717     if (!couldDelete && codeBlock->isStrictMode())
718         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
719     LLINT_RETURN(jsBoolean(couldDelete));
720 }
721
722 inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
723 {
724     if (LIKELY(baseValue.isCell() && subscript.isString())) {
725         VM& vm = exec->vm();
726         Structure& structure = *baseValue.asCell()->structure(vm);
727         if (JSCell::canUseFastGetOwnProperty(structure)) {
728             if (AtomicStringImpl* existingAtomicString = asString(subscript)->toExistingAtomicString(exec)) {
729                 if (JSValue result = baseValue.asCell()->fastGetOwnProperty(vm, structure, existingAtomicString))
730                     return result;
731             }
732         }
733     }
734     
735     if (subscript.isUInt32()) {
736         uint32_t i = subscript.asUInt32();
737         if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
738             return asString(baseValue)->getIndex(exec, i);
739         
740         return baseValue.get(exec, i);
741     }
742
743     if (isName(subscript))
744         return baseValue.get(exec, jsCast<NameInstance*>(subscript.asCell())->privateName());
745     
746     Identifier property = subscript.toString(exec)->toIdentifier(exec);
747     return baseValue.get(exec, property);
748 }
749
750 LLINT_SLOW_PATH_DECL(slow_path_get_by_val)
751 {
752     LLINT_BEGIN();
753     LLINT_RETURN_PROFILED(op_get_by_val, getByVal(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(3).jsValue()));
754 }
755
756 LLINT_SLOW_PATH_DECL(slow_path_get_argument_by_val)
757 {
758     LLINT_BEGIN();
759     JSValue arguments = LLINT_OP(2).jsValue();
760     if (!arguments) {
761         arguments = Arguments::create(vm, exec);
762         LLINT_CHECK_EXCEPTION();
763         LLINT_OP(2) = arguments;
764         exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[2].u.operand)).offset()) = arguments;
765     }
766     
767     LLINT_RETURN_PROFILED(op_get_argument_by_val, getByVal(exec, arguments, LLINT_OP_C(3).jsValue()));
768 }
769
770 LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
771 {
772     LLINT_BEGIN();
773     
774     JSValue baseValue = LLINT_OP_C(1).jsValue();
775     JSValue subscript = LLINT_OP_C(2).jsValue();
776     JSValue value = LLINT_OP_C(3).jsValue();
777     
778     if (LIKELY(subscript.isUInt32())) {
779         uint32_t i = subscript.asUInt32();
780         if (baseValue.isObject()) {
781             JSObject* object = asObject(baseValue);
782             if (object->canSetIndexQuickly(i))
783                 object->setIndexQuickly(vm, i, value);
784             else
785                 object->methodTable()->putByIndex(object, exec, i, value, exec->codeBlock()->isStrictMode());
786             LLINT_END();
787         }
788         baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode());
789         LLINT_END();
790     }
791
792     if (isName(subscript)) {
793         PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
794         baseValue.put(exec, jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot);
795         LLINT_END();
796     }
797
798     Identifier property = subscript.toString(exec)->toIdentifier(exec);
799     LLINT_CHECK_EXCEPTION();
800     PutPropertySlot slot(baseValue, exec->codeBlock()->isStrictMode());
801     baseValue.put(exec, property, value, slot);
802     LLINT_END();
803 }
804
805 LLINT_SLOW_PATH_DECL(slow_path_put_by_val_direct)
806 {
807     LLINT_BEGIN();
808     
809     JSValue baseValue = LLINT_OP_C(1).jsValue();
810     JSValue subscript = LLINT_OP_C(2).jsValue();
811     JSValue value = LLINT_OP_C(3).jsValue();
812     RELEASE_ASSERT(baseValue.isObject());
813     JSObject* baseObject = asObject(baseValue);
814     if (LIKELY(subscript.isUInt32())) {
815         uint32_t i = subscript.asUInt32();
816         baseObject->putDirectIndex(exec, i, value);
817     } else if (isName(subscript)) {
818         PutPropertySlot slot(baseObject, exec->codeBlock()->isStrictMode());
819         baseObject->putDirect(exec->vm(), jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot);
820     } else {
821         Identifier property = subscript.toString(exec)->toIdentifier(exec);
822         if (!exec->vm().exception()) { // Don't put to an object if toString threw an exception.
823             PutPropertySlot slot(baseObject, exec->codeBlock()->isStrictMode());
824             baseObject->putDirect(exec->vm(), property, value, slot);
825         }
826     }
827     LLINT_END();
828 }
829
830 LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
831 {
832     LLINT_BEGIN();
833     JSValue baseValue = LLINT_OP_C(2).jsValue();
834     JSObject* baseObject = baseValue.toObject(exec);
835     
836     JSValue subscript = LLINT_OP_C(3).jsValue();
837     
838     bool couldDelete;
839     
840     uint32_t i;
841     if (subscript.getUInt32(i))
842         couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
843     else if (isName(subscript))
844         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, jsCast<NameInstance*>(subscript.asCell())->privateName());
845     else {
846         LLINT_CHECK_EXCEPTION();
847         Identifier property = subscript.toString(exec)->toIdentifier(exec);
848         LLINT_CHECK_EXCEPTION();
849         couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, property);
850     }
851     
852     if (!couldDelete && exec->codeBlock()->isStrictMode())
853         LLINT_THROW(createTypeError(exec, "Unable to delete property."));
854     
855     LLINT_RETURN(jsBoolean(couldDelete));
856 }
857
858 LLINT_SLOW_PATH_DECL(slow_path_put_by_index)
859 {
860     LLINT_BEGIN();
861     JSValue arrayValue = LLINT_OP_C(1).jsValue();
862     ASSERT(isJSArray(arrayValue));
863     asArray(arrayValue)->putDirectIndex(exec, pc[2].u.operand, LLINT_OP_C(3).jsValue());
864     LLINT_END();
865 }
866
867 LLINT_SLOW_PATH_DECL(slow_path_put_getter_setter)
868 {
869     LLINT_BEGIN();
870     ASSERT(LLINT_OP(1).jsValue().isObject());
871     JSObject* baseObj = asObject(LLINT_OP(1).jsValue());
872     
873     GetterSetter* accessor = GetterSetter::create(vm);
874     LLINT_CHECK_EXCEPTION();
875     
876     JSValue getter = LLINT_OP(3).jsValue();
877     JSValue setter = LLINT_OP(4).jsValue();
878     ASSERT(getter.isObject() || getter.isUndefined());
879     ASSERT(setter.isObject() || setter.isUndefined());
880     ASSERT(getter.isObject() || setter.isObject());
881     
882     if (!getter.isUndefined())
883         accessor->setGetter(vm, asObject(getter));
884     if (!setter.isUndefined())
885         accessor->setSetter(vm, asObject(setter));
886     baseObj->putDirectAccessor(
887         exec,
888         exec->codeBlock()->identifier(pc[2].u.operand),
889         accessor, Accessor);
890     LLINT_END();
891 }
892
893 LLINT_SLOW_PATH_DECL(slow_path_jtrue)
894 {
895     LLINT_BEGIN();
896     LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
897 }
898
899 LLINT_SLOW_PATH_DECL(slow_path_jfalse)
900 {
901     LLINT_BEGIN();
902     LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
903 }
904
905 LLINT_SLOW_PATH_DECL(slow_path_jless)
906 {
907     LLINT_BEGIN();
908     LLINT_BRANCH(op_jless, jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
909 }
910
911 LLINT_SLOW_PATH_DECL(slow_path_jnless)
912 {
913     LLINT_BEGIN();
914     LLINT_BRANCH(op_jnless, !jsLess<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
915 }
916
917 LLINT_SLOW_PATH_DECL(slow_path_jgreater)
918 {
919     LLINT_BEGIN();
920     LLINT_BRANCH(op_jgreater, jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
921 }
922
923 LLINT_SLOW_PATH_DECL(slow_path_jngreater)
924 {
925     LLINT_BEGIN();
926     LLINT_BRANCH(op_jngreater, !jsLess<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
927 }
928
929 LLINT_SLOW_PATH_DECL(slow_path_jlesseq)
930 {
931     LLINT_BEGIN();
932     LLINT_BRANCH(op_jlesseq, jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
933 }
934
935 LLINT_SLOW_PATH_DECL(slow_path_jnlesseq)
936 {
937     LLINT_BEGIN();
938     LLINT_BRANCH(op_jnlesseq, !jsLessEq<true>(exec, LLINT_OP_C(1).jsValue(), LLINT_OP_C(2).jsValue()));
939 }
940
941 LLINT_SLOW_PATH_DECL(slow_path_jgreatereq)
942 {
943     LLINT_BEGIN();
944     LLINT_BRANCH(op_jgreatereq, jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
945 }
946
947 LLINT_SLOW_PATH_DECL(slow_path_jngreatereq)
948 {
949     LLINT_BEGIN();
950     LLINT_BRANCH(op_jngreatereq, !jsLessEq<false>(exec, LLINT_OP_C(2).jsValue(), LLINT_OP_C(1).jsValue()));
951 }
952
953 LLINT_SLOW_PATH_DECL(slow_path_switch_imm)
954 {
955     LLINT_BEGIN();
956     JSValue scrutinee = LLINT_OP_C(3).jsValue();
957     ASSERT(scrutinee.isDouble());
958     double value = scrutinee.asDouble();
959     int32_t intValue = static_cast<int32_t>(value);
960     int defaultOffset = pc[2].u.operand;
961     if (value == intValue) {
962         CodeBlock* codeBlock = exec->codeBlock();
963         pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue(intValue, defaultOffset);
964     } else
965         pc += defaultOffset;
966     LLINT_END();
967 }
968
969 LLINT_SLOW_PATH_DECL(slow_path_switch_char)
970 {
971     LLINT_BEGIN();
972     JSValue scrutinee = LLINT_OP_C(3).jsValue();
973     ASSERT(scrutinee.isString());
974     JSString* string = asString(scrutinee);
975     ASSERT(string->length() == 1);
976     int defaultOffset = pc[2].u.operand;
977     StringImpl* impl = string->value(exec).impl();
978     CodeBlock* codeBlock = exec->codeBlock();
979     pc += codeBlock->switchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
980     LLINT_END();
981 }
982
983 LLINT_SLOW_PATH_DECL(slow_path_switch_string)
984 {
985     LLINT_BEGIN();
986     JSValue scrutinee = LLINT_OP_C(3).jsValue();
987     int defaultOffset = pc[2].u.operand;
988     if (!scrutinee.isString())
989         pc += defaultOffset;
990     else {
991         CodeBlock* codeBlock = exec->codeBlock();
992         pc += codeBlock->stringSwitchJumpTable(pc[1].u.operand).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset);
993     }
994     LLINT_END();
995 }
996
997 LLINT_SLOW_PATH_DECL(slow_path_new_func)
998 {
999     LLINT_BEGIN();
1000     CodeBlock* codeBlock = exec->codeBlock();
1001     ASSERT(codeBlock->codeType() != FunctionCode || !codeBlock->needsActivation() || exec->hasActivation());
1002 #if LLINT_SLOW_PATH_TRACING
1003     dataLogF("Creating function!\n");
1004 #endif
1005     LLINT_RETURN(JSFunction::create(vm, codeBlock->functionDecl(pc[2].u.operand), exec->scope()));
1006 }
1007
1008 LLINT_SLOW_PATH_DECL(slow_path_new_func_exp)
1009 {
1010     LLINT_BEGIN();
1011     CodeBlock* codeBlock = exec->codeBlock();
1012     FunctionExecutable* function = codeBlock->functionExpr(pc[2].u.operand);
1013     JSFunction* func = JSFunction::create(vm, function, exec->scope());
1014     
1015     LLINT_RETURN(func);
1016 }
1017
1018 static SlowPathReturnType handleHostCall(ExecState* execCallee, Instruction* pc, JSValue callee, CodeSpecializationKind kind)
1019 {
1020     UNUSED_PARAM(pc);
1021
1022 #if LLINT_SLOW_PATH_TRACING
1023     dataLog("Performing host call.\n");
1024 #endif
1025     
1026     ExecState* exec = execCallee->callerFrame();
1027     VM& vm = exec->vm();
1028
1029     execCallee->setScope(exec->scope());
1030     execCallee->setCodeBlock(0);
1031     execCallee->clearReturnPC();
1032
1033     if (kind == CodeForCall) {
1034         CallData callData;
1035         CallType callType = getCallData(callee, callData);
1036     
1037         ASSERT(callType != CallTypeJS);
1038     
1039         if (callType == CallTypeHost) {
1040             NativeCallFrameTracer tracer(&vm, execCallee);
1041             execCallee->setCallee(asObject(callee));
1042             vm.hostCallReturnValue = JSValue::decode(callData.native.function(execCallee));
1043             
1044             LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1045         }
1046         
1047 #if LLINT_SLOW_PATH_TRACING
1048         dataLog("Call callee is not a function: ", callee, "\n");
1049 #endif
1050
1051         ASSERT(callType == CallTypeNone);
1052         LLINT_CALL_THROW(exec, createNotAFunctionError(exec, callee));
1053     }
1054
1055     ASSERT(kind == CodeForConstruct);
1056     
1057     ConstructData constructData;
1058     ConstructType constructType = getConstructData(callee, constructData);
1059     
1060     ASSERT(constructType != ConstructTypeJS);
1061     
1062     if (constructType == ConstructTypeHost) {
1063         NativeCallFrameTracer tracer(&vm, execCallee);
1064         execCallee->setCallee(asObject(callee));
1065         vm.hostCallReturnValue = JSValue::decode(constructData.native.function(execCallee));
1066
1067         LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1068     }
1069     
1070 #if LLINT_SLOW_PATH_TRACING
1071     dataLog("Constructor callee is not a function: ", callee, "\n");
1072 #endif
1073
1074     ASSERT(constructType == ConstructTypeNone);
1075     LLINT_CALL_THROW(exec, createNotAConstructorError(exec, callee));
1076 }
1077
1078 inline SlowPathReturnType setUpCall(ExecState* execCallee, Instruction* pc, CodeSpecializationKind kind, JSValue calleeAsValue, LLIntCallLinkInfo* callLinkInfo = 0)
1079 {
1080     ExecState* exec = execCallee->callerFrame();
1081
1082 #if LLINT_SLOW_PATH_TRACING
1083     dataLogF("Performing call with recorded PC = %p\n", exec->currentVPC());
1084 #endif
1085     
1086     JSCell* calleeAsFunctionCell = getJSFunction(calleeAsValue);
1087     if (!calleeAsFunctionCell)
1088         return handleHostCall(execCallee, pc, calleeAsValue, kind);
1089     
1090     JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
1091     JSScope* scope = callee->scopeUnchecked();
1092     VM& vm = *scope->vm();
1093     execCallee->setScope(scope);
1094     ExecutableBase* executable = callee->executable();
1095     
1096     MacroAssemblerCodePtr codePtr;
1097     CodeBlock* codeBlock = 0;
1098     if (executable->isHostFunction())
1099         codePtr = executable->entrypointFor(vm, kind, MustCheckArity, RegisterPreservationNotRequired);
1100     else {
1101         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
1102         JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
1103         execCallee->setScope(scope);
1104         if (error)
1105             LLINT_CALL_THROW(exec, error);
1106         codeBlock = functionExecutable->codeBlockFor(kind);
1107         ASSERT(codeBlock);
1108         ArityCheckMode arity;
1109         if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
1110             arity = MustCheckArity;
1111         else
1112             arity = ArityCheckNotRequired;
1113         codePtr = functionExecutable->entrypointFor(vm, kind, arity, RegisterPreservationNotRequired);
1114     }
1115     
1116     ASSERT(!!codePtr);
1117     
1118     if (!LLINT_ALWAYS_ACCESS_SLOW && callLinkInfo) {
1119         CodeBlock* callerCodeBlock = exec->codeBlock();
1120
1121         ConcurrentJITLocker locker(callerCodeBlock->m_lock);
1122         
1123         if (callLinkInfo->isOnList())
1124             callLinkInfo->remove();
1125         callLinkInfo->callee.set(vm, callerCodeBlock->ownerExecutable(), callee);
1126         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock->ownerExecutable(), callee);
1127         callLinkInfo->machineCodeTarget = codePtr;
1128         if (codeBlock)
1129             codeBlock->linkIncomingCall(exec, callLinkInfo);
1130     }
1131
1132     LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
1133 }
1134
1135 inline SlowPathReturnType genericCall(ExecState* exec, Instruction* pc, CodeSpecializationKind kind)
1136 {
1137     // This needs to:
1138     // - Set up a call frame.
1139     // - Figure out what to call and compile it if necessary.
1140     // - If possible, link the call's inline cache.
1141     // - Return a tuple of machine code address to call and the new call frame.
1142     
1143     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1144     
1145     ExecState* execCallee = exec - pc[4].u.operand;
1146     
1147     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1148     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1149     execCallee->setCallerFrame(exec);
1150     
1151     ASSERT(pc[5].u.callLinkInfo);
1152     return setUpCall(execCallee, pc, kind, calleeAsValue, pc[5].u.callLinkInfo);
1153 }
1154
1155 LLINT_SLOW_PATH_DECL(slow_path_call)
1156 {
1157     LLINT_BEGIN_NO_SET_PC();
1158     return genericCall(exec, pc, CodeForCall);
1159 }
1160
1161 LLINT_SLOW_PATH_DECL(slow_path_construct)
1162 {
1163     LLINT_BEGIN_NO_SET_PC();
1164     return genericCall(exec, pc, CodeForConstruct);
1165 }
1166
1167 LLINT_SLOW_PATH_DECL(slow_path_size_frame_for_varargs)
1168 {
1169     LLINT_BEGIN();
1170     // This needs to:
1171     // - Set up a call frame while respecting the variable arguments.
1172     
1173     ExecState* execCallee = sizeFrameForVarargs(exec, &vm.interpreter->stack(),
1174         LLINT_OP_C(4).jsValue(), pc[5].u.operand, pc[6].u.operand);
1175     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1176     
1177     vm.newCallFrameReturnValue = execCallee;
1178
1179     LLINT_RETURN_CALLEE_FRAME(execCallee);
1180 }
1181
1182 LLINT_SLOW_PATH_DECL(slow_path_call_varargs)
1183 {
1184     LLINT_BEGIN_NO_SET_PC();
1185     // This needs to:
1186     // - Figure out what to call and compile it if necessary.
1187     // - Return a tuple of machine code address to call and the new call frame.
1188     
1189     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1190     
1191     ExecState* execCallee = vm.newCallFrameReturnValue;
1192
1193     loadVarargs(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand);
1194     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1195     
1196     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1197     execCallee->setCallerFrame(exec);
1198     exec->setCurrentVPC(pc);
1199     
1200     return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1201 }
1202     
1203 LLINT_SLOW_PATH_DECL(slow_path_construct_varargs)
1204 {
1205     LLINT_BEGIN_NO_SET_PC();
1206     // This needs to:
1207     // - Figure out what to call and compile it if necessary.
1208     // - Return a tuple of machine code address to call and the new call frame.
1209     
1210     JSValue calleeAsValue = LLINT_OP_C(2).jsValue();
1211     
1212     ExecState* execCallee = vm.newCallFrameReturnValue;
1213     
1214     loadVarargs(exec, execCallee, LLINT_OP_C(3).jsValue(), LLINT_OP_C(4).jsValue(), pc[6].u.operand);
1215     LLINT_CALL_CHECK_EXCEPTION(exec, exec);
1216     
1217     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1218     execCallee->setCallerFrame(exec);
1219     exec->setCurrentVPC(pc);
1220     
1221     return setUpCall(execCallee, pc, CodeForConstruct, calleeAsValue);
1222 }
1223     
1224 LLINT_SLOW_PATH_DECL(slow_path_call_eval)
1225 {
1226     LLINT_BEGIN_NO_SET_PC();
1227     JSValue calleeAsValue = LLINT_OP(2).jsValue();
1228     
1229     ExecState* execCallee = exec - pc[4].u.operand;
1230     
1231     execCallee->setArgumentCountIncludingThis(pc[3].u.operand);
1232     execCallee->setCallerFrame(exec);
1233     execCallee->uncheckedR(JSStack::Callee) = calleeAsValue;
1234     execCallee->setScope(exec->scope());
1235     execCallee->setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
1236     execCallee->setCodeBlock(0);
1237     exec->setCurrentVPC(pc);
1238     
1239     if (!isHostFunction(calleeAsValue, globalFuncEval))
1240         return setUpCall(execCallee, pc, CodeForCall, calleeAsValue);
1241     
1242     vm.hostCallReturnValue = eval(execCallee);
1243     LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
1244 }
1245
1246 LLINT_SLOW_PATH_DECL(slow_path_tear_off_activation)
1247 {
1248     LLINT_BEGIN();
1249     ASSERT(exec->codeBlock()->needsActivation());
1250     jsCast<JSActivation*>(LLINT_OP(1).jsValue())->tearOff(vm);
1251     LLINT_END();
1252 }
1253
1254 LLINT_SLOW_PATH_DECL(slow_path_tear_off_arguments)
1255 {
1256     LLINT_BEGIN();
1257     ASSERT(exec->codeBlock()->usesArguments());
1258     Arguments* arguments = jsCast<Arguments*>(exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[1].u.operand)).offset()).jsValue());
1259     if (JSValue activationValue = LLINT_OP_C(2).jsValue())
1260         arguments->didTearOffActivation(exec, jsCast<JSActivation*>(activationValue));
1261     else
1262         arguments->tearOff(exec);
1263     LLINT_END();
1264 }
1265
1266 LLINT_SLOW_PATH_DECL(slow_path_strcat)
1267 {
1268     LLINT_BEGIN();
1269     LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand));
1270 }
1271
1272 LLINT_SLOW_PATH_DECL(slow_path_to_primitive)
1273 {
1274     LLINT_BEGIN();
1275     LLINT_RETURN(LLINT_OP_C(2).jsValue().toPrimitive(exec));
1276 }
1277
1278 LLINT_SLOW_PATH_DECL(slow_path_push_with_scope)
1279 {
1280     LLINT_BEGIN();
1281     JSValue v = LLINT_OP_C(1).jsValue();
1282     JSObject* o = v.toObject(exec);
1283     LLINT_CHECK_EXCEPTION();
1284     
1285     exec->setScope(JSWithScope::create(exec, o));
1286     
1287     LLINT_END();
1288 }
1289
1290 LLINT_SLOW_PATH_DECL(slow_path_pop_scope)
1291 {
1292     LLINT_BEGIN();
1293     exec->setScope(exec->scope()->next());
1294     LLINT_END();
1295 }
1296
1297 LLINT_SLOW_PATH_DECL(slow_path_push_name_scope)
1298 {
1299     LLINT_BEGIN();
1300     CodeBlock* codeBlock = exec->codeBlock();
1301     JSNameScope* scope = JSNameScope::create(exec, codeBlock->identifier(pc[1].u.operand), LLINT_OP(2).jsValue(), pc[3].u.operand);
1302     exec->setScope(scope);
1303     LLINT_END();
1304 }
1305
1306 LLINT_SLOW_PATH_DECL(slow_path_throw)
1307 {
1308     LLINT_BEGIN();
1309     LLINT_THROW(LLINT_OP_C(1).jsValue());
1310 }
1311
1312 LLINT_SLOW_PATH_DECL(slow_path_throw_static_error)
1313 {
1314     LLINT_BEGIN();
1315     if (pc[2].u.operand)
1316         LLINT_THROW(createReferenceError(exec, errorDescriptionForValue(exec, LLINT_OP_C(1).jsValue())->value(exec)));
1317     else
1318         LLINT_THROW(createTypeError(exec, errorDescriptionForValue(exec, LLINT_OP_C(1).jsValue())->value(exec)));
1319 }
1320
1321 LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)
1322 {
1323     LLINT_BEGIN_NO_SET_PC();
1324     ASSERT(vm.watchdog);
1325     if (UNLIKELY(vm.watchdog->didFire(exec)))
1326         LLINT_THROW(createTerminatedExecutionException(&vm));
1327     LLINT_RETURN_TWO(0, exec);
1328 }
1329
1330 LLINT_SLOW_PATH_DECL(slow_path_debug)
1331 {
1332     LLINT_BEGIN();
1333     int debugHookID = pc[1].u.operand;
1334     vm.interpreter->debug(exec, static_cast<DebugHookID>(debugHookID));
1335     
1336     LLINT_END();
1337 }
1338
1339 LLINT_SLOW_PATH_DECL(slow_path_profile_will_call)
1340 {
1341     LLINT_BEGIN();
1342     if (LegacyProfiler* profiler = vm.enabledProfiler())
1343         profiler->willExecute(exec, LLINT_OP(1).jsValue());
1344     LLINT_END();
1345 }
1346
1347 LLINT_SLOW_PATH_DECL(slow_path_profile_did_call)
1348 {
1349     LLINT_BEGIN();
1350     if (LegacyProfiler* profiler = vm.enabledProfiler())
1351         profiler->didExecute(exec, LLINT_OP(1).jsValue());
1352     LLINT_END();
1353 }
1354
1355 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
1356 {
1357     LLINT_BEGIN_NO_SET_PC();
1358     ASSERT(vm.exception());
1359     genericUnwind(&vm, exec, vm.exception());
1360     LLINT_END_IMPL();
1361 }
1362
1363 LLINT_SLOW_PATH_DECL(slow_path_resolve_scope)
1364 {
1365     LLINT_BEGIN();
1366     const Identifier& ident = exec->codeBlock()->identifier(pc[2].u.operand);
1367     LLINT_RETURN(JSScope::resolve(exec, exec->scope(), ident));
1368 }
1369
1370 LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
1371 {
1372     LLINT_BEGIN();
1373
1374     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
1375     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
1376     ResolveModeAndType modeAndType(pc[4].u.operand);
1377
1378     PropertySlot slot(scope);
1379     if (!scope->getPropertySlot(exec, ident, slot)) {
1380         if (modeAndType.mode() == ThrowIfNotFound)
1381             LLINT_RETURN(exec->vm().throwException(exec, createUndefinedVariableError(exec, ident)));
1382         LLINT_RETURN(jsUndefined());
1383     }
1384
1385     // Covers implicit globals. Since they don't exist until they first execute, we didn't know how to cache them at compile time.
1386     if (slot.isCacheableValue() && slot.slotBase() == scope && scope->structure()->propertyAccessesAreCacheable()) {
1387         if (modeAndType.type() == GlobalProperty || modeAndType.type() == GlobalPropertyWithVarInjectionChecks) {
1388             CodeBlock* codeBlock = exec->codeBlock();
1389             Structure* structure = scope->structure(vm);
1390             {
1391                 ConcurrentJITLocker locker(codeBlock->m_lock);
1392                 pc[5].u.structure.set(exec->vm(), codeBlock->ownerExecutable(), structure);
1393                 pc[6].u.operand = slot.cachedOffset();
1394             }
1395             structure->startWatchingPropertyForReplacements(vm, slot.cachedOffset());
1396         }
1397     }
1398
1399     LLINT_RETURN(slot.getValue(exec, ident));
1400 }
1401
1402 LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
1403 {
1404     LLINT_BEGIN();
1405
1406     CodeBlock* codeBlock = exec->codeBlock();
1407     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
1408     JSObject* scope = jsCast<JSObject*>(LLINT_OP(1).jsValue());
1409     JSValue value = LLINT_OP_C(3).jsValue();
1410     ResolveModeAndType modeAndType = ResolveModeAndType(pc[4].u.operand);
1411
1412     if (modeAndType.mode() == ThrowIfNotFound && !scope->hasProperty(exec, ident))
1413         LLINT_THROW(createUndefinedVariableError(exec, ident));
1414
1415     PutPropertySlot slot(scope, codeBlock->isStrictMode());
1416     scope->methodTable()->put(scope, exec, ident, value, slot);
1417     
1418     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, modeAndType, slot);
1419
1420     LLINT_END();
1421 }
1422
1423 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM* vm, ProtoCallFrame* protoFrame)
1424 {
1425     ExecState* exec = vm->topCallFrame;
1426     if (!exec)
1427         exec = protoFrame->scope()->globalObject()->globalExec();
1428     throwStackOverflowError(exec);
1429     return encodeResult(0, 0);
1430 }
1431
1432 #if !ENABLE(JIT)
1433 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
1434 {
1435     bool success = vm->interpreter->stack().ensureCapacityFor(newTopOfStack);
1436     return encodeResult(reinterpret_cast<void*>(success), 0);
1437 }
1438 #endif
1439
1440 extern "C" void llint_write_barrier_slow(ExecState* exec, JSCell* cell)
1441 {
1442     VM& vm = exec->vm();
1443     vm.heap.writeBarrier(cell);
1444 }
1445
1446 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash()
1447 {
1448     CRASH();
1449 }
1450
1451 } } // namespace JSC::LLInt