Changeset 157404 in webkit

Timestamp:

Oct 14, 2013, 9:42:22 AM (11 years ago)

Author:

mark.lam@apple.com

Message:

Transition misc cti_op_* JITStubs to JIT operations.
​https://bugs.webkit.org/show_bug.cgi?id=122645.

Reviewed by Michael Saboff.

Stubs converted:

cti_op_check_has_instance
cti_op_create_arguments
cti_op_del_by_id
cti_op_instanceof
cti_to_object
cti_op_push_activation
cti_op_get_pnames
cti_op_load_varargs

• dfg/DFGOperations.cpp:
• dfg/DFGOperations.h:
• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

• jit/JIT.h:

(JSC::JIT::emitStoreCell):

• jit/JITCall.cpp:

(JSC::JIT::compileLoadVarargs):

• jit/JITCall32_64.cpp:

(JSC::JIT::compileLoadVarargs):

• jit/JITInlines.h:

(JSC::JIT::callOperation):

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_create_activation):
(JSC::JIT::emit_op_create_arguments):
(JSC::JIT::emitSlow_op_check_has_instance):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emitSlow_op_get_argument_by_val):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_check_has_instance):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_create_activation):
(JSC::JIT::emit_op_create_arguments):
(JSC::JIT::emitSlow_op_get_argument_by_val):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_del_by_id):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_del_by_id):

• jit/JITStubs.cpp:
• jit/JITStubs.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGOperations.cpp (modified) (1 diff)
• dfg/DFGOperations.h (modified) (1 diff)
• jit/CCallHelpers.h (modified) (3 diffs)
• jit/JIT.h (modified) (4 diffs)
• jit/JITCall.cpp (modified) (1 diff)
• jit/JITCall32_64.cpp (modified) (1 diff)
• jit/JITInlines.h (modified) (6 diffs)
• jit/JITOpcodes.cpp (modified) (7 diffs)
• jit/JITOpcodes32_64.cpp (modified) (7 diffs)
• jit/JITOperations.cpp (modified) (3 diffs)
• jit/JITOperations.h (modified) (5 diffs)
• jit/JITPropertyAccess.cpp (modified) (1 diff)
• jit/JITPropertyAccess32_64.cpp (modified) (1 diff)
• jit/JITStubs.cpp (modified) (5 diffs)
• jit/JITStubs.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-10-13  Mark Lam  <mark.lam@apple.com>
+
+        Transition misc cti_op_* JITStubs to JIT operations.
+        https://bugs.webkit.org/show_bug.cgi?id=122645.
+
+        Reviewed by Michael Saboff.
+
+        Stubs converted:
+            cti_op_check_has_instance
+            cti_op_create_arguments
+            cti_op_del_by_id
+            cti_op_instanceof
+            cti_to_object
+            cti_op_push_activation
+            cti_op_get_pnames
+            cti_op_load_varargs
+
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGOperations.h:
+        * jit/CCallHelpers.h:
+        (JSC::CCallHelpers::setupArgumentsWithExecState):
+        * jit/JIT.h:
+        (JSC::JIT::emitStoreCell):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileLoadVarargs):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileLoadVarargs):
+        * jit/JITInlines.h:
+        (JSC::JIT::callOperation):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_get_pnames):
+        (JSC::JIT::emit_op_create_activation):
+        (JSC::JIT::emit_op_create_arguments):
+        (JSC::JIT::emitSlow_op_check_has_instance):
+        (JSC::JIT::emitSlow_op_instanceof):
+        (JSC::JIT::emitSlow_op_get_argument_by_val):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emitSlow_op_check_has_instance):
+        (JSC::JIT::emitSlow_op_instanceof):
+        (JSC::JIT::emit_op_get_pnames):
+        (JSC::JIT::emit_op_create_activation):
+        (JSC::JIT::emit_op_create_arguments):
+        (JSC::JIT::emitSlow_op_get_argument_by_val):
+        * jit/JITOperations.cpp:
+        * jit/JITOperations.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_del_by_id):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_del_by_id):
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+
 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -681 +681 @@
 }
 
-JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, int32_t offset)
-{
-    VM& vm = exec->vm();
-    NativeCallFrameTracer tracer(&vm, exec);
-    JSActivation* activation = JSActivation::create(vm, exec, exec->registers() + offset, exec->codeBlock());
-    exec->setScope(activation);
-    return activation;
-}
-
-JSCell* JIT_OPERATION operationCreateArguments(ExecState* exec)
-{
-    VM& vm = exec->vm();
-    NativeCallFrameTracer tracer(&vm, exec);
-    // NB: This needs to be exceedingly careful with top call frame tracking, since it
-    // may be called from OSR exit, while the state of the call stack is bizarre.
-    Arguments* result = Arguments::create(vm, exec);
-    ASSERT(!vm.exception());
-    return result;
-}
-
 JSCell* JIT_OPERATION operationCreateInlinedArguments(
     ExecState* exec, InlineCallFrame* inlineCallFrame)

trunk/Source/JavaScriptCore/dfg/DFGOperations.h

@@ -91 +91 @@
 size_t JIT_OPERATION operationCompareStrictEqCell(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
 size_t JIT_OPERATION operationCompareStrictEq(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationCreateActivation(ExecState*, int32_t offset) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationCreateArguments(ExecState*) WTF_INTERNAL;
 JSCell* JIT_OPERATION operationCreateInlinedArguments(ExecState*, InlineCallFrame*) WTF_INTERNAL;
 void JIT_OPERATION operationTearOffArguments(ExecState*, JSCell*, JSCell*) WTF_INTERNAL;

trunk/Source/JavaScriptCore/jit/CCallHelpers.h

@@ -374 +374 @@
     }
 
+    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, TrustedImm32 arg5)
+    {
+        resetCallArguments();
+        addCallArgument(GPRInfo::callFrameRegister);
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+    }
+
     ALWAYS_INLINE void setupArgumentsWithExecState(FPRReg arg1, GPRReg arg2)
     {
@@ -950 +961 @@
     ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3)
     {
-        move(arg2, GPRInfo::argumentGPR2);
+        move(arg2, GPRInfo::argumentGPR2); // In case arg2 is argumentGPR1.
         move(arg1, GPRInfo::argumentGPR1);
         move(arg3, GPRInfo::argumentGPR3);
@@ -1036 +1047 @@
 
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, GPRReg arg5)
+    {
+        poke(arg5, POKE_ARGUMENT_OFFSET + 1);
+        poke(arg4, POKE_ARGUMENT_OFFSET);
+        setupArgumentsWithExecState(arg1, arg2, arg3);
+    }
+
+    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, TrustedImm32 arg5)
     {
         poke(arg5, POKE_ARGUMENT_OFFSET + 1);

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -57 +57 @@
     class JIT;
     class JSPropertyNameIterator;
+    class Identifier;
     class Interpreter;
     class JSScope;
@@ -616 +617 @@
         void emitPutVirtualRegister(VirtualRegister dst, RegisterID from = regT0);
         void emitStoreCell(int dst, RegisterID payload, bool /* only used in JSValue32_64 */ = false)
+        {
+            emitPutVirtualRegister(dst, payload);
+        }
+        void emitStoreCell(VirtualRegister dst, RegisterID payload)
         {
             emitPutVirtualRegister(dst, payload);
@@ -868 +873 @@
         MacroAssembler::Call appendCallWithCallFrameRollbackOnException(const FunctionPtr&);
         MacroAssembler::Call appendCallWithExceptionCheckSetJSValueResult(const FunctionPtr&, int);
+        MacroAssembler::Call callOperation(C_JITOperation_E);
+        MacroAssembler::Call callOperation(C_JITOperation_EO, GPRReg);
         MacroAssembler::Call callOperation(C_JITOperation_ESt, Structure*);
+        MacroAssembler::Call callOperation(C_JITOperation_EZ, int32_t);
+        MacroAssembler::Call callOperation(F_JITOperation_EJJZ, GPRReg, GPRReg, int32_t);
         MacroAssembler::Call callOperation(J_JITOperation_E, int);
-#if USE(JSVALUE64)
         MacroAssembler::Call callOperation(J_JITOperation_EAapJ, int, ArrayAllocationProfile*, GPRReg);
-#else
-        MacroAssembler::Call callOperation(J_JITOperation_EAapJ, int, ArrayAllocationProfile*, GPRReg, GPRReg);
-#endif
         MacroAssembler::Call callOperation(J_JITOperation_EAapJcpZ, int, ArrayAllocationProfile*, GPRReg, int32_t);
         MacroAssembler::Call callOperation(J_JITOperation_EAapJcpZ, int, ArrayAllocationProfile*, const JSValue*, int32_t);
         MacroAssembler::Call callOperation(J_JITOperation_EC, int, JSCell*);
+        MacroAssembler::Call callOperation(J_JITOperation_EJ, int, GPRReg);
+        MacroAssembler::Call callOperation(J_JITOperation_EJIdc, int, GPRReg, const Identifier*);
+        MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg);
         MacroAssembler::Call callOperation(J_JITOperation_EP, int, void*);
         MacroAssembler::Call callOperation(S_JITOperation_ECC, RegisterID, RegisterID);
@@ -887 +895 @@
         MacroAssembler::Call callOperationWithCallFrameRollbackOnException(Z_JITOperation_E);
 #if USE(JSVALUE32_64)
+        MacroAssembler::Call callOperation(F_JITOperation_EJJZ, GPRReg, GPRReg, GPRReg, GPRReg, int32_t);
+        MacroAssembler::Call callOperation(J_JITOperation_EAapJ, int, ArrayAllocationProfile*, GPRReg, GPRReg);
+        MacroAssembler::Call callOperation(J_JITOperation_EJ, int, GPRReg, GPRReg);
+        MacroAssembler::Call callOperation(J_JITOperation_EJIdc, int, GPRReg, GPRReg, const Identifier*);
+        MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg, GPRReg, GPRReg);
         MacroAssembler::Call callOperation(S_JITOperation_EJ, RegisterID, RegisterID);
         MacroAssembler::Call callOperation(S_JITOperation_EJJ, RegisterID, RegisterID, RegisterID, RegisterID);

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -120 +120 @@
         slowCase.link(this);
 
-    JITStubCall stubCall(this, cti_op_load_varargs);
-    stubCall.addArgument(thisValue, regT0);
-    stubCall.addArgument(arguments, regT0);
-    stubCall.addArgument(Imm32(firstFreeRegister));
-    stubCall.call(regT1);
+    emitGetVirtualRegister(thisValue, regT0);
+    emitGetVirtualRegister(arguments, regT1);
+    callOperation(operationLoadVarargs, regT0, regT1, firstFreeRegister);
+    move(returnValueRegister, regT1);
 
     if (canOptimize)

trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp

@@ -191 +191 @@
         slowCase.link(this);
 
-    JITStubCall stubCall(this, cti_op_load_varargs);
-    stubCall.addArgument(thisValue);
-    stubCall.addArgument(arguments);
-    stubCall.addArgument(Imm32(firstFreeRegister));
-    stubCall.call(regT3);
+    emitLoad(thisValue, regT1, regT0);
+    emitLoad(arguments, regT3, regT2);
+    callOperation(operationLoadVarargs, regT1, regT0, regT3, regT2, firstFreeRegister);
+    move(returnValueRegister, regT3);
 
     if (canOptimize)

trunk/Source/JavaScriptCore/jit/JITInlines.h

@@ -232 +232 @@
 }
 
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_E operation)
+{
+    setupArgumentsExecState();
+    return appendCallWithExceptionCheck(operation);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EO operation, GPRReg arg)
+{
+    setupArgumentsWithExecState(arg);
+    return appendCallWithExceptionCheck(operation);
+}
+
 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_ESt operation, Structure* structure)
 {
@@ -238 +250 @@
 }
 
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(C_JITOperation_EZ operation, int32_t arg)
+{
+    setupArgumentsWithExecState(TrustedImm32(arg));
+    return appendCallWithExceptionCheck(operation);
+}
+
+
+#if USE(JSVALUE64)
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(F_JITOperation_EJJZ operation, GPRReg arg1, GPRReg arg2, int32_t arg3)
+{
+    setupArgumentsWithExecState(arg1, arg2, TrustedImm32(arg3));
+    return appendCallWithExceptionCheck(operation);
+}
+#endif
+
 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_E operation, int dst)
 {
@@ -244 +271 @@
 }
 
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EAapJ operation, int dst, ArrayAllocationProfile* arg1, GPRReg arg2)
+{
+    setupArgumentsWithExecState(TrustedImmPtr(arg1), arg2);
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EAapJcpZ operation, int dst, ArrayAllocationProfile* arg1, GPRReg arg2, int32_t arg3)
 {
@@ -259 +292 @@
 {
     setupArgumentsWithExecState(TrustedImmPtr(cell));
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJ operation, int dst, GPRReg arg1)
+{
+    setupArgumentsWithExecState(arg1);
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJIdc operation, int dst, GPRReg arg1, const Identifier* arg2)
+{
+    setupArgumentsWithExecState(arg1, TrustedImmPtr(arg2));
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJ operation, int dst, GPRReg arg1, GPRReg arg2)
+{
+    setupArgumentsWithExecState(arg1, arg2);
     return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
 }
@@ -328 +379 @@
 #endif
 
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(F_JITOperation_EJJZ operation, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload, int32_t arg3)
+{
+    setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, SH4_32BIT_DUMMY_ARG arg2Payload, arg2Tag, TrustedImm32(arg3));
+    return appendCallWithExceptionCheck(operation);
+}
+
 ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EAapJ operation, int dst, ArrayAllocationProfile* arg1, GPRReg arg2Tag, GPRReg arg2Payload)
 {
     setupArgumentsWithExecState(TrustedImmPtr(arg1), EABI_32BIT_DUMMY_ARG arg2Payload, arg2Tag);
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJ operation, int dst, GPRReg arg1Tag, GPRReg arg1Payload)
+{
+    setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag);
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJIdc operation, int dst, GPRReg arg1Tag, GPRReg arg1Payload, const Identifier* arg2)
+{
+    setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, TrustedImmPtr(arg2));
+    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJ operation, int dst, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload)
+{
+    setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, SH4_32BIT_DUMMY_ARG arg2Payload, arg2Tag);
     return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
 }
@@ -348 +423 @@
 #undef EABI_32BIT_DUMMY_ARG
 #undef SH4_32BIT_DUMMY_ARG
-
-#else // USE(JSVALUE32_64)
-
-ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EAapJ operation, int dst, ArrayAllocationProfile* arg1, GPRReg arg2)
-{
-    setupArgumentsWithExecState(TrustedImmPtr(arg1), arg2);
-    return appendCallWithExceptionCheckSetJSValueResult(operation, dst);
-}
 
 #endif // USE(JSVALUE32_64)

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -518 +518 @@
     // this call doesn't seem to be hot.
     Label isObject(this);
-    JITStubCall getPnamesStubCall(this, cti_op_get_pnames);
-    getPnamesStubCall.addArgument(regT0);
-    getPnamesStubCall.call(dst);
+    callOperation(operationGetPNames, regT0);
+    emitStoreCell(dst, returnValueRegister);
     load32(Address(regT0, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStringsSize)), regT3);
     store64(tagTypeNumberRegister, addressFor(i));
@@ -531 +530 @@
     and32(TrustedImm32(~TagBitUndefined), regT1);
     addJump(branch32(Equal, regT1, TrustedImm32(ValueNull)), breakTarget);
-
-    JITStubCall toObjectStubCall(this, cti_to_object);
-    toObjectStubCall.addArgument(regT0);
-    toObjectStubCall.call(base);
+    callOperation(operationToObject, base, regT0);
     jump().linkTo(isObject, this);
     
@@ -841 +837 @@
     
     Jump activationCreated = branchTest64(NonZero, Address(callFrameRegister, sizeof(Register) * dst));
-    JITStubCall(this, cti_op_push_activation).call(dst);
+    callOperation(operationCreateActivation, 0);
+    emitStoreCell(dst, returnValueRegister);
     activationCreated.link(this);
 }
@@ -850 +847 @@
 
     Jump argsCreated = branchTest64(NonZero, Address(callFrameRegister, sizeof(Register) * dst));
-    JITStubCall(this, cti_op_create_arguments).call();
-    emitPutVirtualRegister(dst);
-    emitPutVirtualRegister(unmodifiedArgumentsRegister(VirtualRegister(dst)));
+
+    callOperation(operationCreateArguments);
+    emitStoreCell(dst, returnValueRegister);
+    emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(dst)), returnValueRegister);
+
     argsCreated.link(this);
 }
@@ -1046 +1045 @@
     linkSlowCaseIfNotJSCell(iter, baseVal);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, cti_op_check_has_instance);
-    stubCall.addArgument(value, regT2);
-    stubCall.addArgument(baseVal, regT2);
-    stubCall.call(dst);
+    emitGetVirtualRegister(value, regT0);
+    emitGetVirtualRegister(baseVal, regT1);
+    callOperation(operationCheckHasInstance, dst, regT0, regT1);
 
     emitJumpSlowToHot(jump(), currentInstruction[4].u.operand);
@@ -1063 +1061 @@
     linkSlowCaseIfNotJSCell(iter, proto);
     linkSlowCase(iter);
-    JITStubCall stubCall(this, cti_op_instanceof);
-    stubCall.addArgument(value, regT2);
-    stubCall.addArgument(proto, regT2);
-    stubCall.call(dst);
+    emitGetVirtualRegister(value, regT0);
+    emitGetVirtualRegister(proto, regT1);
+    callOperation(operationInstanceOf, dst, regT0, regT1);
 }
 
@@ -1133 +1130 @@
     linkSlowCase(iter);
     linkSlowCase(iter);
-    JITStubCall(this, cti_op_create_arguments).call();
-    emitPutVirtualRegister(arguments);
-    emitPutVirtualRegister(unmodifiedArgumentsRegister(VirtualRegister(arguments)));
+    callOperation(operationCreateArguments);
+    emitStoreCell(arguments, returnValueRegister);
+    emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(arguments)), returnValueRegister);
     
     skipArgumentsCreation.link(this);

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -297 +297 @@
     linkSlowCase(iter);
 
-    JITStubCall stubCall(this, cti_op_check_has_instance);
-    stubCall.addArgument(value);
-    stubCall.addArgument(baseVal);
-    stubCall.call(dst);
+    emitLoad(value, regT1, regT0);
+    emitLoad(baseVal, regT3, regT2);
+    callOperation(operationCheckHasInstance, dst, regT1, regT0, regT3, regT2);
 
     emitJumpSlowToHot(jump(), currentInstruction[4].u.operand);
@@ -315 +314 @@
     linkSlowCase(iter);
 
-    JITStubCall stubCall(this, cti_op_instanceof);
-    stubCall.addArgument(value);
-    stubCall.addArgument(proto);
-    stubCall.call(dst);
+    emitLoad(value, regT1, regT0);
+    emitLoad(proto, regT3, regT2);
+    callOperation(operationInstanceOf, dst, regT1, regT0, regT3, regT2);
 }
 
@@ -850 +848 @@
     // this call doesn't seem to be hot.
     Label isObject(this);
-    JITStubCall getPnamesStubCall(this, cti_op_get_pnames);
-    getPnamesStubCall.addArgument(regT0);
-    getPnamesStubCall.call(dst);
+    callOperation(operationGetPNames, regT0);
+    emitStoreCell(dst, returnValueRegister);
     load32(Address(regT0, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStringsSize)), regT3);
     store32(TrustedImm32(Int32Tag), intTagFor(i));
@@ -863 +860 @@
     addJump(branch32(Equal, regT1, TrustedImm32(JSValue::NullTag)), breakTarget);
     addJump(branch32(Equal, regT1, TrustedImm32(JSValue::UndefinedTag)), breakTarget);
-    JITStubCall toObjectStubCall(this, cti_to_object);
-    toObjectStubCall.addArgument(regT1, regT0);
-    toObjectStubCall.call(base);
+    callOperation(operationToObject, base, regT1, regT0);
     jump().linkTo(isObject, this);
 
@@ -1090 +1085 @@
     
     Jump activationCreated = branch32(NotEqual, tagFor(activation), TrustedImm32(JSValue::EmptyValueTag));
-    JITStubCall(this, cti_op_push_activation).call(activation);
+    callOperation(operationCreateActivation, 0);
+    emitStoreCell(activation, returnValueRegister);
     activationCreated.link(this);
 }
@@ -1099 +1095 @@
 
     Jump argsCreated = branch32(NotEqual, tagFor(dst), TrustedImm32(JSValue::EmptyValueTag));
-
-    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_create_arguments);
-    slowPathCall.call();
-
+    callOperation(operationCreateArguments);
+    emitStoreCell(dst, returnValueRegister);
+    emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(dst)).offset(), returnValueRegister);
     argsCreated.link(this);
 }
@@ -1257 +1252 @@
     linkSlowCase(iter);
 
-    JITStubCall(this, cti_op_create_arguments).call();
-    emitStore(arguments, regT1, regT0);
-    emitStore(unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(), regT1, regT0);
+    callOperation(operationCreateArguments);
+    emitStoreCell(arguments, returnValueRegister);
+    emitStoreCell(unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(), returnValueRegister);
     
     skipArgumentsCreation.link(this);

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -28 +28 @@
 #include "JITOperations.h"
 
+#include "Arguments.h"
 #include "ArrayConstructor.h"
 #include "CommonSlowPaths.h"
@@ -35 +36 @@
 #include "JITOperationWrappers.h"
 #include "JSGlobalObjectFunctions.h"
+#include "JSPropertyNameIterator.h"
 #include "ObjectConstructor.h"
 #include "Operations.h"
@@ -797 +799 @@
 }
 
+EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBaseVal)
+{
+    VM* vm = &exec->vm();
+    NativeCallFrameTracer tracer(vm, exec);
+
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue baseVal = JSValue::decode(encodedBaseVal);
+
+    if (baseVal.isObject()) {
+        JSObject* baseObject = asObject(baseVal);
+        ASSERT(!baseObject->structure()->typeInfo().implementsDefaultHasInstance());
+        if (baseObject->structure()->typeInfo().implementsHasInstance()) {
+            bool result = baseObject->methodTable()->customHasInstance(baseObject, exec, value);
+            return JSValue::encode(jsBoolean(result));
+        }
+    }
+
+    vm->throwException(exec, createInvalidParameterError(exec, "instanceof", baseVal));
+    return JSValue::encode(JSValue());
+}
+
+JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, int32_t offset)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+    JSActivation* activation = JSActivation::create(vm, exec, exec->registers() + offset, exec->codeBlock());
+    exec->setScope(activation);
+    return activation;
+}
+
+JSCell* JIT_OPERATION operationCreateArguments(ExecState* exec)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+    // NB: This needs to be exceedingly careful with top call frame tracking, since it
+    // may be called from OSR exit, while the state of the call stack is bizarre.
+    Arguments* result = Arguments::create(vm, exec);
+    ASSERT(!vm.exception());
+    return result;
+}
+
+EncodedJSValue JIT_OPERATION operationDeleteById(ExecState* exec, EncodedJSValue encodedBase, const Identifier* identifier)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+
+    JSObject* baseObj = JSValue::decode(encodedBase).toObject(exec);
+    bool couldDelete = baseObj->methodTable()->deleteProperty(baseObj, exec, *identifier);
+    JSValue result = jsBoolean(couldDelete);
+    if (!couldDelete && exec->codeBlock()->isStrictMode())
+        vm.throwException(exec, createTypeError(exec, "Unable to delete property."));
+    return JSValue::encode(result);
+}
+
+JSCell* JIT_OPERATION operationGetPNames(ExecState* exec, JSObject* obj)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+
+    Structure* structure = obj->structure();
+    JSPropertyNameIterator* jsPropertyNameIterator = structure->enumerationCache();
+    if (!jsPropertyNameIterator || jsPropertyNameIterator->cachedPrototypeChain() != structure->prototypeChain(exec))
+        jsPropertyNameIterator = JSPropertyNameIterator::create(exec, obj);
+    return jsPropertyNameIterator;
+}
+
+EncodedJSValue JIT_OPERATION operationInstanceOf(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedProto)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue proto = JSValue::decode(encodedProto);
+    
+    ASSERT(!value.isObject() || !proto.isObject());
+
+    bool result = JSObject::defaultHasInstance(exec, value, proto);
+    return JSValue::encode(jsBoolean(result));
+}
+
+CallFrame* JIT_OPERATION operationLoadVarargs(ExecState* exec, EncodedJSValue encodedThis, EncodedJSValue encodedArguments, int32_t firstFreeRegister)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+    JSStack* stack = &exec->interpreter()->stack();
+    JSValue thisValue = JSValue::decode(encodedThis);
+    JSValue arguments = JSValue::decode(encodedArguments);
+    CallFrame* newCallFrame = loadVarargs(exec, stack, thisValue, arguments, firstFreeRegister);
+    return newCallFrame;
+}
+
+EncodedJSValue JIT_OPERATION operationToObject(ExecState* exec, EncodedJSValue value)
+{
+    VM& vm = exec->vm();
+    NativeCallFrameTracer tracer(&vm, exec);
+    return JSValue::encode(JSValue::decode(value).toObject(exec));
+}
+
 JITHandlerEncoded JIT_OPERATION lookupExceptionHandler(ExecState* exec)
 {

trunk/Source/JavaScriptCore/jit/JITOperations.h

@@ -53 +53 @@
     D: double
     E: ExecState*
+    F: CallFrame*
     I: StringImpl*
     Icf: InlineCalLFrame*
+    Idc: const Identifier*
     J: EncodedJSValue
     Jcp: const JSValue*
     Jss: JSString*
     O: JSObject*
-    P: pointer (void*)
+    P: pointer (char*)
     R: Register
     S: size_t
@@ -67 +69 @@
     Z: int32_t
 */
+typedef CallFrame* JIT_OPERATION (*F_JITOperation_EJJZ)(ExecState*, EncodedJSValue, EncodedJSValue, int32_t);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_E)(ExecState*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EA)(ExecState*, JSArray*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EAZ)(ExecState*, JSArray*, int32_t);
+typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EAapJ)(ExecState*, ArrayAllocationProfile*, EncodedJSValue);
+typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EAapJcpZ)(ExecState*, ArrayAllocationProfile*, const JSValue*, int32_t);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EC)(ExecState*, JSCell*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_ECC)(ExecState*, JSCell*, JSCell*);
@@ -79 +84 @@
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJA)(ExecState*, EncodedJSValue, JSArray*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJI)(ExecState*, EncodedJSValue, StringImpl*);
+typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJIdc)(ExecState*, EncodedJSValue, const Identifier*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJJ)(ExecState*, EncodedJSValue, EncodedJSValue);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJssZ)(ExecState*, JSString*, int32_t);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EJP)(ExecState*, EncodedJSValue, void*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EP)(ExecState*, void*);
-typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EAapJ)(ExecState*, ArrayAllocationProfile*, EncodedJSValue);
-typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EAapJcpZ)(ExecState*, ArrayAllocationProfile*, const JSValue*, int32_t);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EPP)(ExecState*, void*, void*);
 typedef EncodedJSValue JIT_OPERATION (*J_JITOperation_EPS)(ExecState*, void*, size_t);
@@ -100 +104 @@
 typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssJss)(ExecState*, JSString*, JSString*);
 typedef JSCell* JIT_OPERATION (*C_JITOperation_EJssJssJss)(ExecState*, JSString*, JSString*, JSString*);
+typedef JSCell* JIT_OPERATION (*C_JITOperation_EO)(ExecState*, JSObject*);
 typedef JSCell* JIT_OPERATION (*C_JITOperation_EOZ)(ExecState*, JSObject*, int32_t);
 typedef JSCell* JIT_OPERATION (*C_JITOperation_ESt)(ExecState*, Structure*);
@@ -237 +242 @@
 EncodedJSValue JIT_OPERATION operationNewRegexp(ExecState*, void*) WTF_INTERNAL;
 
-}
+EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState*, EncodedJSValue, EncodedJSValue baseVal) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationCreateActivation(ExecState*, int32_t offset) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationCreateArguments(ExecState*) WTF_INTERNAL;
+EncodedJSValue JIT_OPERATION operationDeleteById(ExecState*, EncodedJSValue base, const Identifier*) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationGetPNames(ExecState*, JSObject*) WTF_INTERNAL;
+EncodedJSValue JIT_OPERATION operationInstanceOf(ExecState*, EncodedJSValue, EncodedJSValue proto) WTF_INTERNAL;
+CallFrame* JIT_OPERATION operationLoadVarargs(ExecState*, EncodedJSValue thisValue, EncodedJSValue arguments, int32_t firstFreeRegister) WTF_INTERNAL;
+EncodedJSValue JIT_OPERATION operationToObject(ExecState*, EncodedJSValue) WTF_INTERNAL;
+
+} // extern "C"
 
 } // namespace JSC

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -509 +509 @@
 void JIT::emit_op_del_by_id(Instruction* currentInstruction)
 {
-    JITStubCall stubCall(this, cti_op_del_by_id);
-    stubCall.addArgument(currentInstruction[2].u.operand, regT2);
-    stubCall.addArgument(TrustedImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
-    stubCall.call(currentInstruction[1].u.operand);
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int property = currentInstruction[3].u.operand;
+    emitGetVirtualRegister(base, regT0);
+    callOperation(operationDeleteById, dst, regT0, &m_codeBlock->identifier(property));
 }
 

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -86 +86 @@
     int base = currentInstruction[2].u.operand;
     int property = currentInstruction[3].u.operand;
-    
-    JITStubCall stubCall(this, cti_op_del_by_id);
-    stubCall.addArgument(base);
-    stubCall.addArgument(TrustedImmPtr(&m_codeBlock->identifier(property)));
-    stubCall.call(dst);
+    emitLoad(base, regT1, regT0);
+    callOperation(operationDeleteById, dst, regT1, regT0, &m_codeBlock->identifier(property));
 }
 

trunk/Source/JavaScriptCore/jit/JITStubs.cpp

@@ -842 +842 @@
 }
 
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_check_has_instance)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    JSValue value = stackFrame.args[0].jsValue();
-    JSValue baseVal = stackFrame.args[1].jsValue();
-
-    if (baseVal.isObject()) {
-        JSObject* baseObject = asObject(baseVal);
-        ASSERT(!baseObject->structure()->typeInfo().implementsDefaultHasInstance());
-        if (baseObject->structure()->typeInfo().implementsHasInstance()) {
-            bool result = baseObject->methodTable()->customHasInstance(baseObject, callFrame, value);
-            CHECK_FOR_EXCEPTION_AT_END();
-            return JSValue::encode(jsBoolean(result));
-        }
-    }
-
-    stackFrame.vm->throwException(callFrame, createInvalidParameterError(callFrame, "instanceof", baseVal));
-    VM_THROW_EXCEPTION_AT_END();
-    return JSValue::encode(JSValue());
-}
-
 #if ENABLE(DFG_JIT)
 DEFINE_STUB_FUNCTION(void, optimize)
@@ -1101 +1078 @@
 #endif // ENABLE(DFG_JIT)
 
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_instanceof)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    JSValue value = stackFrame.args[0].jsValue();
-    JSValue proto = stackFrame.args[1].jsValue();
-    
-    ASSERT(!value.isObject() || !proto.isObject());
-
-    bool result = JSObject::defaultHasInstance(callFrame, value, proto);
-    CHECK_FOR_EXCEPTION_AT_END();
-    return JSValue::encode(jsBoolean(result));
-}
-
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_del_by_id)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    
-    JSObject* baseObj = stackFrame.args[0].jsValue().toObject(callFrame);
-
-    bool couldDelete = baseObj->methodTable()->deleteProperty(baseObj, callFrame, stackFrame.args[1].identifier());
-    JSValue result = jsBoolean(couldDelete);
-    if (!couldDelete && callFrame->codeBlock()->isStrictMode())
-        stackFrame.vm->throwException(stackFrame.callFrame, createTypeError(stackFrame.callFrame, "Unable to delete property."));
-
-    CHECK_FOR_EXCEPTION_AT_END();
-    return JSValue::encode(result);
-}
-
-DEFINE_STUB_FUNCTION(JSObject*, op_push_activation)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    JSActivation* activation = JSActivation::create(stackFrame.callFrame->vm(), stackFrame.callFrame, stackFrame.callFrame->codeBlock());
-    stackFrame.callFrame->setScope(activation);
-    return activation;
-}
-
-DEFINE_STUB_FUNCTION(EncodedJSValue, op_create_arguments)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    Arguments* arguments = Arguments::create(*stackFrame.vm, stackFrame.callFrame);
-    return JSValue::encode(JSValue(arguments));
-}
-
 DEFINE_STUB_FUNCTION(void, op_tear_off_activation)
 {
@@ -1393 +1321 @@
 }
 
-DEFINE_STUB_FUNCTION(void*, op_load_varargs)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    JSStack* stack = stackFrame.stack;
-    JSValue thisValue = stackFrame.args[0].jsValue();
-    JSValue arguments = stackFrame.args[1].jsValue();
-    int firstFreeRegister = stackFrame.args[2].int32();
-
-    CallFrame* newCallFrame = loadVarargs(callFrame, stack, thisValue, arguments, firstFreeRegister);
-    if (!newCallFrame)
-        VM_THROW_EXCEPTION();
-    return newCallFrame;
-}
-
 DEFINE_STUB_FUNCTION(void*, op_throw)
 {
@@ -1416 +1328 @@
     STUB_SET_RETURN_ADDRESS(handler.catchRoutine);
     return handler.callFrame;
-}
-
-DEFINE_STUB_FUNCTION(JSPropertyNameIterator*, op_get_pnames)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    JSObject* o = stackFrame.args[0].jsObject();
-    Structure* structure = o->structure();
-    JSPropertyNameIterator* jsPropertyNameIterator = structure->enumerationCache();
-    if (!jsPropertyNameIterator || jsPropertyNameIterator->cachedPrototypeChain() != structure->prototypeChain(callFrame))
-        jsPropertyNameIterator = JSPropertyNameIterator::create(callFrame, o);
-    return jsPropertyNameIterator;
 }
 
@@ -1610 +1509 @@
 }
 #endif
-
-DEFINE_STUB_FUNCTION(EncodedJSValue, to_object)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    return JSValue::encode(stackFrame.args[0].jsValue().toObject(callFrame));
-}
 
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_scope)

trunk/Source/JavaScriptCore/jit/JITStubs.h

@@ -331 +331 @@
 
 extern "C" {
-EncodedJSValue JIT_STUB cti_op_check_has_instance(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-EncodedJSValue JIT_STUB cti_op_create_arguments(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-EncodedJSValue JIT_STUB cti_op_del_by_id(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 EncodedJSValue JIT_STUB cti_op_get_by_id(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 EncodedJSValue JIT_STUB cti_op_get_by_id_array_fail(STUB_ARGS_DECLARATION) WTF_INTERNAL;
@@ -347 +344 @@
 EncodedJSValue JIT_STUB cti_op_get_by_val_generic(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 EncodedJSValue JIT_STUB cti_op_get_by_val_string(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-EncodedJSValue JIT_STUB cti_op_instanceof(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-EncodedJSValue JIT_STUB cti_to_object(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-JSObject* JIT_STUB cti_op_push_activation(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_push_name_scope(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_push_with_scope(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 JSObject* JIT_STUB cti_op_put_by_id_transition_realloc(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-JSPropertyNameIterator* JIT_STUB cti_op_get_pnames(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void* JIT_STUB cti_op_load_varargs(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_handle_watchdog_timer(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_debug(STUB_ARGS_DECLARATION) WTF_INTERNAL;