Changeset 189575 in webkit

Timestamp:

Sep 10, 2015 10:47:16 AM (9 years ago)

Author:

msaboff@apple.com

Message:

Add support for Callee-Saves registers
​https://bugs.webkit.org/show_bug.cgi?id=148666

Reviewed by Filip Pizlo.

We save platform callee save registers right below the call frame header,
in the location(s) starting with VirtualRegister 0. This local space is
allocated in the bytecode compiler. This space is the maximum space
needed for the callee registers that the LLInt and baseline JIT use,
rounded up to a stack aligned number of VirtualRegisters.
The LLInt explicitly saves and restores the registers in the macros
preserveCalleeSavesUsedByLLInt and restoreCalleeSavesUsedByLLInt.
The JITs saves and restores callee saves registers by what registers
are included in m_calleeSaveRegisters in the code block.

Added handling of callee save register restoration to exception handling.
The basic flow is when an exception is thrown or one is recognized to
have been generated in C++ code, we save the current state of all
callee save registers to VM::calleeSaveRegistersBuffer. As we unwind
looking for the corresponding catch, we copy the callee saves from call
frames to the same VM::calleeSaveRegistersBuffer. This is done for all
call frames on the stack up to but not including the call frame that has
the corresponding catch block. When we process the catch, we restore
the callee save registers with the contents of VM::calleeSaveRegistersBuffer.
If there isn't a catch, then handleUncaughtException will restore callee
saves before it returns back to the calling C++.

Eliminated callee saves registers as free registers for various thunk
generators as the callee saves may not have been saved by the function
calling the thunk.

Added code to transition callee saves from one VM's format to the another
as part of OSR entry and OSR exit.

Cleaned up the static RegisterSet's including adding one for LLInt and
baseline JIT callee saves and one to be used to allocate local registers
not including the callee saves or other special registers.

Moved ftl/FTLRegisterAtOffset.{cpp,h} to jit/RegisterAtOffset.{cpp,h}.
Factored out the vector of RegisterAtOffsets in ftl/FTLUnwindInfo.{cpp,h}
into a new class in jit/RegisterAtOffsetList.{cpp,h}.
Eliminted UnwindInfo and changed UnwindInfo::parse() into a standalone
function named parseUnwindInfo. That standalone function now returns
the callee saves RegisterAtOffsetList. This is stored in the CodeBlock
and used instead of UnwindInfo.

Turned off register preservation thunks for outgoing calls from FTL
generated code. THey'll be removed in a subsequent patch.

Changed specialized thinks to save and restore the contents of
tagTypeNumberRegister and tagMaskRegister as they can be called by FTL
compiled functions. We materialize those tag registers for the thunk's
use and then restore the prior contents on function exit.

Also removed the arity check fail return thunk since it is now the
caller's responsibility to restore the stack pointer.

Removed saving of callee save registers and materialization of special
tag registers for 64 bit platforms from vmEntryToJavaScript and
vmEntryToNative.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:
• ftl/FTLJITCode.h:
• ftl/FTLRegisterAtOffset.cpp: Removed.
• ftl/FTLRegisterAtOffset.h: Removed.
• ftl/FTLUnwindInfo.cpp:

(JSC::FTL::parseUnwindInfo):
(JSC::FTL::UnwindInfo::UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::~UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::parse): Deleted.
(JSC::FTL::UnwindInfo::dump): Deleted.
(JSC::FTL::UnwindInfo::find): Deleted.
(JSC::FTL::UnwindInfo::indexOf): Deleted.

• ftl/FTLUnwindInfo.h:

(JSC::RegisterAtOffset::dump):

• jit/RegisterAtOffset.cpp: Added.
• jit/RegisterAtOffset.h: Added.

(JSC::RegisterAtOffset::RegisterAtOffset):
(JSC::RegisterAtOffset::operator!):
(JSC::RegisterAtOffset::reg):
(JSC::RegisterAtOffset::offset):
(JSC::RegisterAtOffset::offsetAsIndex):
(JSC::RegisterAtOffset::operator==):
(JSC::RegisterAtOffset::operator<):
(JSC::RegisterAtOffset::getReg):

• jit/RegisterAtOffsetList.cpp: Added.

(JSC::RegisterAtOffsetList::RegisterAtOffsetList):
(JSC::RegisterAtOffsetList::sort):
(JSC::RegisterAtOffsetList::dump):
(JSC::RegisterAtOffsetList::find):
(JSC::RegisterAtOffsetList::indexOf):

• jit/RegisterAtOffsetList.h: Added.

(JSC::RegisterAtOffsetList::clear):
(JSC::RegisterAtOffsetList::size):
(JSC::RegisterAtOffsetList::at):
(JSC::RegisterAtOffsetList::append):
Move and refactored use of FTLRegisterAtOffset to RegisterAtOffset.
Added RegisterAtOffset and RegisterAtOffsetList to build configurations.
Remove FTLRegisterAtOffset files.

• bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setUpCallFromFTL):
Turned off FTL register preservation thunks.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::setCalleeSaveRegisters):
(JSC::roundCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
(JSC::CodeBlock::calleeSaveRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::numberOfDFGCompiles):
Methods to manage a set of callee save registers. Also to allocate the appropriate
number of VirtualRegisters for callee saves.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::allocateCalleeSaveSpace):

• bytecompiler/BytecodeGenerator.h:

Allocate the appropriate number of VirtualRegisters for callee saves needed by LLInt or baseline JIT.

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compileExceptionHandlers):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

• dfg/DFGJITCompiler.h:
• interpreter/Interpreter.cpp:

(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMCalleeSavesBuffer):

• dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::usedRegisters):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

• ftl/FTLCompile.cpp:

(JSC::FTL::fixFunctionBasedOnStackMaps):
(JSC::FTL::compile):

• ftl/FTLLink.cpp:

(JSC::FTL::link):

• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

• ftl/FTLThunks.cpp:

(JSC::FTL::osrExitGenerationThunkGenerator):

• jit/ArityCheckFailReturnThunks.cpp: Removed.
• jit/ArityCheckFailReturnThunks.h: Removed.
• jit/JIT.cpp:

(JSC::JIT::emitEnterOptimizationCheck):
(JSC::JIT::privateCompile):
(JSC::JIT::privateCompileExceptionHandlers):

• jit/JITCall32_64.cpp:

(JSC::JIT::emit_op_ret):

• jit/JITExceptions.cpp:

(JSC::genericUnwind):

• jit/JITExceptions.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_loop_hint):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):

• jit/JITOperations.cpp:
• jit/Repatch.cpp:

(JSC::generateByIdStub):

• jit/ThunkGenerators.cpp:
• llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:

(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::arityFixupGenerator):

• runtime/CommonSlowPaths.cpp:

(JSC::setupArityCheckData):

• runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):
Emit code to save and restore callee save registers and materialize tagTypeNumberRegister
and tagMaskRegister.
Handle callee saves when tiering up.
Copy callee saves register contents to VM::calleeSaveRegistersBuffer at beginning of
exception processing.
Process callee save registers in frames when unwinding from an exception.
Restore callee saves register contents from VM::calleeSaveRegistersBuffer on catch.
Use appropriate register set to make sure we don't allocate a callee save register when
compiling a thunk.
Helper to populate tagTypeNumberRegister and tagMaskRegister with the appropriate
constants.
Removed arity fixup return thunks.

• dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):

• dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
Restore callee saves from the DFG and save the appropriate ones for the baseline JIT.
Materialize the tag registers on 64 bit platforms.

• jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::restoreCalleeSavesFromVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters):
New helpers to save and restore callee saves as well as materialize the tag registers
contents.

• jit/FPRInfo.h:
• jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):
Updated to include FP callee save registers. Added number of callee saves registers and
cleanup register aliases that collide with callee save registers.

• jit/JITPropertyAccess.cpp:

(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
Uses new stubUnavailableRegisters register set to limit what registers are available for
temporaries.

• jit/RegisterSet.cpp:

(JSC::RegisterSet::stubUnavailableRegisters):
(JSC::RegisterSet::calleeSaveRegisters):
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):

• jit/RegisterSet.h:

New register sets with the callee saves used by various tiers as well as one listing registers
not availble to stub code.

• jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::loadDoubleArgument):
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters):
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):

• jit/ThunkGenerators.cpp:

(JSC::nativeForGenerator):
Changed to save and restore existing tag register contents as the may contain other values.
After saving the existing values, we materialize the tag constants.

• jit/TempRegisterSet.h:

(JSC::TempRegisterSet::getFPRByIndex):
(JSC::TempRegisterSet::getFreeFPR):
(JSC::TempRegisterSet::setByIndex):

• offlineasm/arm64.rb:
• offlineasm/registers.rb:

Added methods for floating point registers to support callee save FP registers.

• jit/JITArithmetic32_64.cpp:

(JSC::JIT::emit_op_mod):
Removed unnecessary #if CPU(X86_64) check to this 32 bit only file.

• offlineasm/x86.rb:

Fixed Windows callee saves naming.

• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:

(JSC::VM::calleeSaveRegistersBufferOffset):
(JSC::VM::getAllCalleeSaveRegistersMap):
Provide a RegisterSaveMap that has all registers that might be saved. Added a callee save buffer to be
used for OSR exit and for exception processing in a future patch.

Location:

trunk/Source/JavaScriptCore

Files:

• CMakeLists.txt (modified) (3 diffs)
• ChangeLog (modified) (1 diff)
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (modified) (6 diffs)
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters (modified) (2 diffs)
• JavaScriptCore.xcodeproj/project.pbxproj (modified) (13 diffs)
• bytecode/CallLinkInfo.h (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (3 diffs)
• bytecode/CodeBlock.h (modified) (5 diffs)
• bytecompiler/BytecodeGenerator.cpp (modified) (5 diffs)
• bytecompiler/BytecodeGenerator.h (modified) (2 diffs)
• dfg/DFGJITCompiler.cpp (modified) (7 diffs)
• dfg/DFGJITCompiler.h (modified) (1 diff)
• dfg/DFGOSREntry.cpp (modified) (1 diff)
• dfg/DFGOSRExitCompiler32_64.cpp (modified) (1 diff)
• dfg/DFGOSRExitCompiler64.cpp (modified) (4 diffs)
• dfg/DFGOSRExitCompilerCommon.cpp (modified) (3 diffs)
• dfg/DFGPlan.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT64.cpp (modified) (2 diffs)
• dfg/DFGStackLayoutPhase.cpp (modified) (1 diff)
• ftl/FTLCompile.cpp (modified) (6 diffs)
• ftl/FTLJITCode.h (modified) (1 diff)
• ftl/FTLLink.cpp (modified) (3 diffs)
• ftl/FTLOSRExitCompiler.cpp (modified) (4 diffs)
• ftl/FTLRegisterAtOffset.cpp (deleted)
• ftl/FTLRegisterAtOffset.h (deleted)
• ftl/FTLThunks.cpp (modified) (1 diff)
• ftl/FTLUnwindInfo.cpp (modified) (8 diffs)
• ftl/FTLUnwindInfo.h (modified) (1 diff)
• interpreter/Interpreter.cpp (modified) (2 diffs)
• jit/ArityCheckFailReturnThunks.cpp (deleted)
• jit/ArityCheckFailReturnThunks.h (deleted)
• jit/AssemblyHelpers.h (modified) (2 diffs)
• jit/FPRInfo.h (modified) (1 diff)
• jit/GPRInfo.h (modified) (13 diffs)
• jit/JIT.cpp (modified) (7 diffs)
• jit/JITArithmetic32_64.cpp (modified) (1 diff)
• jit/JITCall32_64.cpp (modified) (1 diff)
• jit/JITOpcodes.cpp (modified) (6 diffs)
• jit/JITOpcodes32_64.cpp (modified) (3 diffs)
• jit/JITOperations.cpp (modified) (1 diff)
• jit/JITPropertyAccess.cpp (modified) (4 diffs)
• jit/JITPropertyAccess32_64.cpp (modified) (4 diffs)
• jit/RegisterAtOffset.cpp (added)
• jit/RegisterAtOffset.h (added)
• jit/RegisterAtOffsetList.cpp (added)
• jit/RegisterAtOffsetList.h (added)
• jit/RegisterSet.cpp (modified) (2 diffs)
• jit/RegisterSet.h (modified) (1 diff)
• jit/Repatch.cpp (modified) (1 diff)
• jit/SpecializedThunkJIT.h (modified) (8 diffs)
• jit/TempRegisterSet.h (modified) (1 diff)
• jit/ThunkGenerators.cpp (modified) (5 diffs)
• llint/LLIntData.cpp (modified) (2 diffs)
• llint/LLIntSlowPaths.cpp (modified) (1 diff)
• llint/LowLevelInterpreter.asm (modified) (13 diffs)
• llint/LowLevelInterpreter32_64.asm (modified) (4 diffs)
• llint/LowLevelInterpreter64.asm (modified) (9 diffs)
• offlineasm/arm64.rb (modified) (3 diffs)
• offlineasm/registers.rb (modified) (2 diffs)
• offlineasm/x86.rb (modified) (1 diff)
• runtime/CommonSlowPaths.cpp (modified) (2 diffs)
• runtime/CommonSlowPaths.h (modified) (1 diff)
• runtime/VM.cpp (modified) (3 diffs)
• runtime/VM.h (modified) (5 diffs)

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -359 +359 @@
 
     jit/AccessorCallJITStubRoutine.cpp
-    jit/ArityCheckFailReturnThunks.cpp
     jit/AssemblyHelpers.cpp
     jit/BinarySwitch.cpp
@@ -387 +386 @@
     jit/PolymorphicCallStubRoutine.cpp
     jit/Reg.cpp
+    jit/RegisterAtOffset.cpp
+    jit/RegisterAtOffsetList.cpp
     jit/RegisterPreservationWrapperGenerator.cpp
     jit/RegisterSet.cpp
@@ -905 +906 @@
         ftl/FTLOutput.cpp
         ftl/FTLRecoveryOpcode.cpp
-        ftl/FTLRegisterAtOffset.cpp
         ftl/FTLSaveRestore.cpp
         ftl/FTLSlowPathCall.cpp

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2015-09-10  Michael Saboff  <msaboff@apple.com>
+
+        Add support for Callee-Saves registers
+        https://bugs.webkit.org/show_bug.cgi?id=148666
+
+        Reviewed by Filip Pizlo.
+
+        We save platform callee save registers right below the call frame header,
+        in the location(s) starting with VirtualRegister 0.  This local space is
+        allocated in the bytecode compiler.  This space is the maximum space
+        needed for the callee registers that the LLInt and baseline JIT use,
+        rounded up to a stack aligned number of VirtualRegisters.
+        The LLInt explicitly saves and restores the registers in the macros
+        preserveCalleeSavesUsedByLLInt and restoreCalleeSavesUsedByLLInt.
+        The JITs saves and restores callee saves registers by what registers
+        are included in m_calleeSaveRegisters in the code block.
+
+        Added handling of callee save register restoration to exception handling.
+        The basic flow is when an exception is thrown or one is recognized to
+        have been generated in C++ code, we save the current state of all
+        callee save registers to VM::calleeSaveRegistersBuffer.  As we unwind
+        looking for the corresponding catch, we copy the callee saves from call 
+        frames to the same VM::calleeSaveRegistersBuffer.  This is done for all
+        call frames on the stack up to but not including the call frame that has
+        the corresponding catch block.  When we process the catch, we restore
+        the callee save registers with the contents of VM::calleeSaveRegistersBuffer.
+        If there isn't a catch, then handleUncaughtException will restore callee
+        saves before it returns back to the calling C++.
+
+        Eliminated callee saves registers as free registers for various thunk
+        generators as the callee saves may not have been saved by the function
+        calling the thunk.
+
+        Added code to transition callee saves from one VM's format to the another
+        as part of OSR entry and OSR exit.
+
+        Cleaned up the static RegisterSet's including adding one for LLInt and 
+        baseline JIT callee saves and one to be used to allocate local registers
+        not including the callee saves or other special registers.
+
+        Moved ftl/FTLRegisterAtOffset.{cpp,h} to jit/RegisterAtOffset.{cpp,h}.
+        Factored out the vector of RegisterAtOffsets in ftl/FTLUnwindInfo.{cpp,h}
+        into a new class in jit/RegisterAtOffsetList.{cpp,h}.
+        Eliminted UnwindInfo and changed UnwindInfo::parse() into a standalone
+        function named parseUnwindInfo.  That standalone function now returns
+        the callee saves RegisterAtOffsetList.  This is stored in the CodeBlock
+        and used instead of UnwindInfo.
+
+        Turned off register preservation thunks for outgoing calls from FTL
+        generated code.  THey'll be removed in a subsequent patch.
+
+        Changed specialized thinks to save and restore the contents of
+        tagTypeNumberRegister and tagMaskRegister as they can be called by FTL
+        compiled functions.  We materialize those tag registers for the thunk's
+        use and then restore the prior contents on function exit.
+
+        Also removed the arity check fail return thunk since it is now the
+        caller's responsibility to restore the stack pointer.
+
+        Removed saving of callee save registers and materialization of special
+        tag registers for 64 bit platforms from vmEntryToJavaScript and
+        vmEntryToNative.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * ftl/FTLJITCode.h:
+        * ftl/FTLRegisterAtOffset.cpp: Removed.
+        * ftl/FTLRegisterAtOffset.h: Removed.
+        * ftl/FTLUnwindInfo.cpp:
+        (JSC::FTL::parseUnwindInfo):
+        (JSC::FTL::UnwindInfo::UnwindInfo): Deleted.
+        (JSC::FTL::UnwindInfo::~UnwindInfo): Deleted.
+        (JSC::FTL::UnwindInfo::parse): Deleted.
+        (JSC::FTL::UnwindInfo::dump): Deleted.
+        (JSC::FTL::UnwindInfo::find): Deleted.
+        (JSC::FTL::UnwindInfo::indexOf): Deleted.
+        * ftl/FTLUnwindInfo.h:
+        (JSC::RegisterAtOffset::dump):
+        * jit/RegisterAtOffset.cpp: Added.
+        * jit/RegisterAtOffset.h: Added.
+        (JSC::RegisterAtOffset::RegisterAtOffset):
+        (JSC::RegisterAtOffset::operator!):
+        (JSC::RegisterAtOffset::reg):
+        (JSC::RegisterAtOffset::offset):
+        (JSC::RegisterAtOffset::offsetAsIndex):
+        (JSC::RegisterAtOffset::operator==):
+        (JSC::RegisterAtOffset::operator<):
+        (JSC::RegisterAtOffset::getReg):
+        * jit/RegisterAtOffsetList.cpp: Added.
+        (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
+        (JSC::RegisterAtOffsetList::sort):
+        (JSC::RegisterAtOffsetList::dump):
+        (JSC::RegisterAtOffsetList::find):
+        (JSC::RegisterAtOffsetList::indexOf):
+        * jit/RegisterAtOffsetList.h: Added.
+        (JSC::RegisterAtOffsetList::clear):
+        (JSC::RegisterAtOffsetList::size):
+        (JSC::RegisterAtOffsetList::at):
+        (JSC::RegisterAtOffsetList::append):
+        Move and refactored use of FTLRegisterAtOffset to RegisterAtOffset.
+        Added RegisterAtOffset and RegisterAtOffsetList to build configurations.
+        Remove FTLRegisterAtOffset files.
+
+        * bytecode/CallLinkInfo.h:
+        (JSC::CallLinkInfo::setUpCallFromFTL):
+        Turned off FTL register preservation thunks.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::setCalleeSaveRegisters):
+        (JSC::roundCalleeSaveSpaceAsVirtualRegisters):
+        (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
+        (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
+        (JSC::CodeBlock::calleeSaveRegisters):
+        (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
+        (JSC::CodeBlock::optimizeAfterWarmUp):
+        (JSC::CodeBlock::numberOfDFGCompiles):
+        Methods to manage a set of callee save registers.  Also to allocate the appropriate
+        number of VirtualRegisters for callee saves.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::allocateCalleeSaveSpace):
+        * bytecompiler/BytecodeGenerator.h:
+        Allocate the appropriate number of VirtualRegisters for callee saves needed by LLInt or baseline JIT.
+
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileEntry):
+        (JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
+        (JSC::DFG::JITCompiler::compileBody):
+        (JSC::DFG::JITCompiler::compileExceptionHandlers):
+        (JSC::DFG::JITCompiler::compile):
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGJITCompiler.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::UnwindFunctor::operator()):
+        (JSC::UnwindFunctor::copyCalleeSavesToVMCalleeSavesBuffer):
+        * dfg/DFGPlan.cpp:
+        (JSC::DFG::Plan::compileInThreadImpl):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::usedRegisters):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGStackLayoutPhase.cpp:
+        (JSC::DFG::StackLayoutPhase::run):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::fixFunctionBasedOnStackMaps):
+        (JSC::FTL::compile):
+        * ftl/FTLLink.cpp:
+        (JSC::FTL::link):
+        * ftl/FTLOSRExitCompiler.cpp:
+        (JSC::FTL::compileStub):
+        * ftl/FTLThunks.cpp:
+        (JSC::FTL::osrExitGenerationThunkGenerator):
+        * jit/ArityCheckFailReturnThunks.cpp: Removed.
+        * jit/ArityCheckFailReturnThunks.h: Removed.
+        * jit/JIT.cpp:
+        (JSC::JIT::emitEnterOptimizationCheck):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileExceptionHandlers):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::emit_op_ret):
+        * jit/JITExceptions.cpp:
+        (JSC::genericUnwind):
+        * jit/JITExceptions.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_throw):
+        (JSC::JIT::emit_op_catch):
+        (JSC::JIT::emit_op_enter):
+        (JSC::JIT::emitSlow_op_loop_hint):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_throw):
+        (JSC::JIT::emit_op_catch):
+        * jit/JITOperations.cpp:
+        * jit/Repatch.cpp:
+        (JSC::generateByIdStub):
+        * jit/ThunkGenerators.cpp:
+        * llint/LLIntData.cpp:
+        (JSC::LLInt::Data::performAssertions):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        (JSC::throwExceptionFromCallSlowPathGenerator):
+        (JSC::arityFixupGenerator):
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::setupArityCheckData):
+        * runtime/CommonSlowPaths.h:
+        (JSC::CommonSlowPaths::arityCheckFor):
+        Emit code to save and restore callee save registers and materialize tagTypeNumberRegister
+        and tagMaskRegister.
+        Handle callee saves when tiering up.
+        Copy callee saves register contents to VM::calleeSaveRegistersBuffer at beginning of
+        exception processing.
+        Process callee save registers in frames when unwinding from an exception.
+        Restore callee saves register contents from VM::calleeSaveRegistersBuffer on catch.
+        Use appropriate register set to make sure we don't allocate a callee save register when
+        compiling a thunk.
+        Helper to populate tagTypeNumberRegister and tagMaskRegister with the appropriate
+        constants.
+        Removed arity fixup return thunks.
+
+        * dfg/DFGOSREntry.cpp:
+        (JSC::DFG::prepareOSREntry):
+        * dfg/DFGOSRExitCompiler32_64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOSRExitCompiler64.cpp:
+        (JSC::DFG::OSRExitCompiler::compileExit):
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        (JSC::DFG::reifyInlinedCallFrames):
+        (JSC::DFG::adjustAndJumpToTarget):
+        Restore callee saves from the DFG and save the appropriate ones for the baseline JIT.
+        Materialize the tag registers on 64 bit platforms.
+
+        * jit/AssemblyHelpers.h:
+        (JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
+        (JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
+        (JSC::AssemblyHelpers::emitSaveCalleeSaves):
+        (JSC::AssemblyHelpers::emitRestoreCalleeSaves):
+        (JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
+        (JSC::AssemblyHelpers::restoreCalleeSavesFromVMCalleeSavesBuffer):
+        (JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer):
+        (JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters):
+        New helpers to save and restore callee saves as well as materialize the tag registers
+        contents.
+
+        * jit/FPRInfo.h:
+        * jit/GPRInfo.h:
+        (JSC::GPRInfo::toRegister):
+        Updated to include FP callee save registers.  Added number of callee saves registers and
+        cleanup register aliases that collide with callee save registers.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitGetByValWithCachedId):
+        (JSC::JIT::emitPutByValWithCachedId):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emitGetByValWithCachedId):
+        (JSC::JIT::emitPutByValWithCachedId):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        Uses new stubUnavailableRegisters register set to limit what registers are available for 
+        temporaries.
+
+        * jit/RegisterSet.cpp:
+        (JSC::RegisterSet::stubUnavailableRegisters):
+        (JSC::RegisterSet::calleeSaveRegisters):
+        (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
+        (JSC::RegisterSet::dfgCalleeSaveRegisters):
+        (JSC::RegisterSet::ftlCalleeSaveRegisters):
+        * jit/RegisterSet.h:
+        New register sets with the callee saves used by various tiers as well as one listing registers
+        not availble to stub code.
+
+        * jit/SpecializedThunkJIT.h:
+        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+        (JSC::SpecializedThunkJIT::loadDoubleArgument):
+        (JSC::SpecializedThunkJIT::returnJSValue):
+        (JSC::SpecializedThunkJIT::returnDouble):
+        (JSC::SpecializedThunkJIT::returnInt32):
+        (JSC::SpecializedThunkJIT::returnJSCell):
+        (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
+        (JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters):
+        (JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters):
+        (JSC::SpecializedThunkJIT::tagReturnAsInt32):
+        * jit/ThunkGenerators.cpp:
+        (JSC::nativeForGenerator):
+        Changed to save and restore existing tag register contents as the may contain other values.
+        After saving the existing values, we materialize the tag constants.
+
+        * jit/TempRegisterSet.h:
+        (JSC::TempRegisterSet::getFPRByIndex):
+        (JSC::TempRegisterSet::getFreeFPR):
+        (JSC::TempRegisterSet::setByIndex):
+        * offlineasm/arm64.rb:
+        * offlineasm/registers.rb:
+        Added methods for floating point registers to support callee save FP registers.
+
+        * jit/JITArithmetic32_64.cpp:
+        (JSC::JIT::emit_op_mod):
+        Removed unnecessary #if CPU(X86_64) check to this 32 bit only file.
+
+        * offlineasm/x86.rb:
+        Fixed Windows callee saves naming.
+
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+        (JSC::VM::calleeSaveRegistersBufferOffset):
+        (JSC::VM::getAllCalleeSaveRegistersMap):
+        Provide a RegisterSaveMap that has all registers that might be saved.  Added a callee save buffer to be
+        used for OSR exit and for exception processing in a future patch.
+
 2015-09-10  Yusuke Suzuki  <utatane.tea@gmail.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj

@@ -546 +546 @@
     <ClCompile Include="..\ftl\FTLOutput.cpp" />
     <ClCompile Include="..\ftl\FTLRecoveryOpcode.cpp" />
-    <ClCompile Include="..\ftl\FTLRegisterAtOffset.cpp" />
     <ClCompile Include="..\ftl\FTLSaveRestore.cpp" />
     <ClCompile Include="..\ftl\FTLSlowPathCall.cpp" />
@@ -620 +619 @@
     <ClCompile Include="..\interpreter\StackVisitor.cpp" />
     <ClCompile Include="..\jit\AccessorCallJITStubRoutine.cpp" />
-    <ClCompile Include="..\jit\ArityCheckFailReturnThunks.cpp" />
     <ClCompile Include="..\jit\AssemblyHelpers.cpp" />
     <ClCompile Include="..\jit\BinarySwitch.cpp" />
@@ -650 +648 @@
     <ClCompile Include="..\jit\PolymorphicCallStubRoutine.cpp" />
     <ClCompile Include="..\jit\Reg.cpp" />
+    <ClCompile Include="..\jit\RegisterAtOffset.cpp" />
+    <ClCompile Include="..\jit\RegisterAtOffsetList.cpp" />
     <ClCompile Include="..\jit\RegisterPreservationWrapperGenerator.cpp" />
     <ClCompile Include="..\jit\RegisterSet.cpp" />
@@ -1298 +1298 @@
     <ClInclude Include="..\ftl\FTLOutput.h" />
     <ClInclude Include="..\ftl\FTLRecoveryOpcode.h" />
-    <ClInclude Include="..\ftl\FTLRegisterAtOffset.h" />
     <ClInclude Include="..\ftl\FTLSaveRestore.h" />
     <ClInclude Include="..\ftl\FTLSlowPathCall.h" />
@@ -1420 +1419 @@
     <ClInclude Include="..\interpreter\StackVisitor.h" />
     <ClInclude Include="..\jit\AccessorCallJITStubRoutine.h" />
-    <ClInclude Include="..\jit\ArityCheckFailReturnThunks.h" />
     <ClInclude Include="..\jit\AssemblyHelpers.h" />
     <ClInclude Include="..\jit\BinarySwitch.h" />
@@ -1451 +1449 @@
     <ClInclude Include="..\jit\PolymorphicCallStubRoutine.h" />
     <ClInclude Include="..\jit\Reg.h" />
+    <ClInclude Include="..\jit\RegisterAtOffset.h" />
+    <ClInclude Include="..\jit\RegisterAtOffsetList.h" />
     <ClInclude Include="..\jit\RegisterMap.h" />
     <ClInclude Include="..\jit\RegisterPreservationWrapperGenerator.h" />

trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters

@@ -1492 +1492 @@
       <Filter>Derived Sources</Filter>
     </ClCompile>
-    <ClCompile Include="..\jit\ArityCheckFailReturnThunks.cpp">
-      <Filter>jit</Filter>
-    </ClCompile>
     <ClCompile Include="..\jit\RegisterPreservationWrapperGenerator.cpp">
       <Filter>jit</Filter>
@@ -4038 +4035 @@
     </ClInclude>
     <ClInclude Include="$(ConfigurationBuildDir)\obj$(PlatformArchitecture)\$(ProjectName)\DerivedSources\JSDataViewPrototype.lut.h" />
-    <ClInclude Include="..\jit\ArityCheckFailReturnThunks.h">
-      <Filter>jit</Filter>
-    </ClInclude>
     <ClInclude Include="..\jit\RegisterPreservationWrapperGenerator.h">
       <Filter>jit</Filter>

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -383 +383 @@
                 0F6B1CBD1861246A00845D97 /* RegisterPreservationWrapperGenerator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6B1CBB1861246A00845D97 /* RegisterPreservationWrapperGenerator.cpp */; };
                 0F6B1CBE1861246A00845D97 /* RegisterPreservationWrapperGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CBC1861246A00845D97 /* RegisterPreservationWrapperGenerator.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                0F6B1CC31862C47800845D97 /* FTLRegisterAtOffset.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6B1CBF1862C47800845D97 /* FTLRegisterAtOffset.cpp */; };
-                0F6B1CC41862C47800845D97 /* FTLRegisterAtOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CC01862C47800845D97 /* FTLRegisterAtOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 0F6B1CC51862C47800845D97 /* FTLUnwindInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6B1CC11862C47800845D97 /* FTLUnwindInfo.cpp */; };
                 0F6B1CC61862C47800845D97 /* FTLUnwindInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CC21862C47800845D97 /* FTLUnwindInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                0F6B1CC918641DF800845D97 /* ArityCheckFailReturnThunks.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6B1CC718641DF800845D97 /* ArityCheckFailReturnThunks.cpp */; };
-                0F6B1CCA18641DF800845D97 /* ArityCheckFailReturnThunks.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CC818641DF800845D97 /* ArityCheckFailReturnThunks.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 0F6C73501AC9F99F00BE1682 /* VariableWriteFireDetail.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6C734E1AC9F99F00BE1682 /* VariableWriteFireDetail.cpp */; };
                 0F6C73511AC9F99F00BE1682 /* VariableWriteFireDetail.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6C734F1AC9F99F00BE1682 /* VariableWriteFireDetail.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -988 +984 @@
                 6514F21918B3E1670098FF8B /* Bytecodes.h in Headers */ = {isa = PBXBuildFile; fileRef = 6514F21718B3E1670098FF8B /* Bytecodes.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 65303D641447B9E100D3F904 /* ParserTokens.h in Headers */ = {isa = PBXBuildFile; fileRef = 65303D631447B9E100D3F904 /* ParserTokens.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                6540C7A01B82E1C3000F6B79 /* RegisterAtOffset.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 6540C79E1B82D9CE000F6B79 /* RegisterAtOffset.cpp */; };
+                6540C7A11B82E1C3000F6B79 /* RegisterAtOffsetList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 6540C79C1B82D99D000F6B79 /* RegisterAtOffsetList.cpp */; };
                 6546F5211A32B313006F07D5 /* NullGetterFunction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 6546F51F1A32A59C006F07D5 /* NullGetterFunction.cpp */; };
                 65525FC51A6DD801007B5495 /* NullSetterFunction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 65525FC31A6DD3B3007B5495 /* NullSetterFunction.cpp */; };
@@ -2217 +2215 @@
                 0F6B1CBB1861246A00845D97 /* RegisterPreservationWrapperGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RegisterPreservationWrapperGenerator.cpp; sourceTree = "<group>"; };
                 0F6B1CBC1861246A00845D97 /* RegisterPreservationWrapperGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RegisterPreservationWrapperGenerator.h; sourceTree = "<group>"; };
-                0F6B1CBF1862C47800845D97 /* FTLRegisterAtOffset.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLRegisterAtOffset.cpp; path = ftl/FTLRegisterAtOffset.cpp; sourceTree = "<group>"; };
-                0F6B1CC01862C47800845D97 /* FTLRegisterAtOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLRegisterAtOffset.h; path = ftl/FTLRegisterAtOffset.h; sourceTree = "<group>"; };
                 0F6B1CC11862C47800845D97 /* FTLUnwindInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLUnwindInfo.cpp; path = ftl/FTLUnwindInfo.cpp; sourceTree = "<group>"; };
                 0F6B1CC21862C47800845D97 /* FTLUnwindInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLUnwindInfo.h; path = ftl/FTLUnwindInfo.h; sourceTree = "<group>"; };
-                0F6B1CC718641DF800845D97 /* ArityCheckFailReturnThunks.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArityCheckFailReturnThunks.cpp; sourceTree = "<group>"; };
-                0F6B1CC818641DF800845D97 /* ArityCheckFailReturnThunks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArityCheckFailReturnThunks.h; sourceTree = "<group>"; };
                 0F6C734E1AC9F99F00BE1682 /* VariableWriteFireDetail.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VariableWriteFireDetail.cpp; sourceTree = "<group>"; };
                 0F6C734F1AC9F99F00BE1682 /* VariableWriteFireDetail.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VariableWriteFireDetail.h; sourceTree = "<group>"; };
@@ -2802 +2796 @@
                 65303D631447B9E100D3F904 /* ParserTokens.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ParserTokens.h; sourceTree = "<group>"; };
                 65400C100A69BAF200509887 /* PropertyNameArray.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = PropertyNameArray.h; sourceTree = "<group>"; };
+                6540C79C1B82D99D000F6B79 /* RegisterAtOffsetList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RegisterAtOffsetList.cpp; sourceTree = "<group>"; };
+                6540C79D1B82D99D000F6B79 /* RegisterAtOffsetList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RegisterAtOffsetList.h; sourceTree = "<group>"; };
+                6540C79E1B82D9CE000F6B79 /* RegisterAtOffset.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RegisterAtOffset.cpp; sourceTree = "<group>"; };
+                6540C79F1B82D9CE000F6B79 /* RegisterAtOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RegisterAtOffset.h; sourceTree = "<group>"; };
                 6546F51F1A32A59C006F07D5 /* NullGetterFunction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = NullGetterFunction.cpp; sourceTree = "<group>"; xcLanguageSpecificationIdentifier = xcode.lang.cpp; };
                 6546F5201A32A59C006F07D5 /* NullGetterFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NullGetterFunction.h; sourceTree = "<group>"; };
@@ -3973 +3971 @@
                                 0F485325187DFDEC0083B687 /* FTLRecoveryOpcode.cpp */,
                                 0F485326187DFDEC0083B687 /* FTLRecoveryOpcode.h */,
-                                0F6B1CBF1862C47800845D97 /* FTLRegisterAtOffset.cpp */,
-                                0F6B1CC01862C47800845D97 /* FTLRegisterAtOffset.h */,
                                 0FCEFAA91804C13E00472CE4 /* FTLSaveRestore.cpp */,
                                 0FCEFAAA1804C13E00472CE4 /* FTLSaveRestore.h */,
@@ -4105 +4101 @@
                                 0F7576D018E1FEE9002EF4CD /* AccessorCallJITStubRoutine.cpp */,
                                 0F7576D118E1FEE9002EF4CD /* AccessorCallJITStubRoutine.h */,
-                                0F6B1CC718641DF800845D97 /* ArityCheckFailReturnThunks.cpp */,
-                                0F6B1CC818641DF800845D97 /* ArityCheckFailReturnThunks.h */,
                                 0F24E53B17EA9F5900ABB217 /* AssemblyHelpers.cpp */,
                                 0F24E53C17EA9F5900ABB217 /* AssemblyHelpers.h */,
@@ -4159 +4153 @@
                                 A76F54A213B28AAB00EF2BCE /* JITWriteBarrier.h */,
                                 A76C51741182748D00715B05 /* JSInterfaceJIT.h */,
-                                0FEE98421A89227500754E93 /* SetupVarargsFrame.cpp */,
-                                0FEE98401A8865B600754E93 /* SetupVarargsFrame.h */,
                                 0FE834151A6EF97B00D04847 /* PolymorphicCallStubRoutine.cpp */,
                                 0FE834161A6EF97B00D04847 /* PolymorphicCallStubRoutine.h */,
                                 0FA7A8E918B413C80052371D /* Reg.cpp */,
                                 0FA7A8EA18B413C80052371D /* Reg.h */,
+                                6540C79E1B82D9CE000F6B79 /* RegisterAtOffset.cpp */,
+                                6540C79F1B82D9CE000F6B79 /* RegisterAtOffset.h */,
+                                6540C79C1B82D99D000F6B79 /* RegisterAtOffsetList.cpp */,
+                                6540C79D1B82D99D000F6B79 /* RegisterAtOffsetList.h */,
                                 623A37EB1B87A7BD00754209 /* RegisterMap.h */,
                                 0F6B1CBB1861246A00845D97 /* RegisterPreservationWrapperGenerator.cpp */,
@@ -4174 +4170 @@
                                 0FA7A8ED18CE4FD80052371D /* ScratchRegisterAllocator.cpp */,
                                 0F24E54B17EE274900ABB217 /* ScratchRegisterAllocator.h */,
+                                0FEE98421A89227500754E93 /* SetupVarargsFrame.cpp */,
+                                0FEE98401A8865B600754E93 /* SetupVarargsFrame.h */,
                                 A709F2EF17A0AC0400512E98 /* SlowPathCall.h */,
                                 A7386551118697B400540279 /* SpecializedThunkJIT.h */,
@@ -5926 +5924 @@
                                 BCF605140E203EF800B9A64D /* ArgList.h in Headers */,
                                 2A88067919107D5500CB0BBB /* DFGFunctionWhitelist.h in Headers */,
-                                0F6B1CCA18641DF800845D97 /* ArityCheckFailReturnThunks.h in Headers */,
                                 0F6B1CB91861244C00845D97 /* ArityCheckMode.h in Headers */,
                                 A1A009C11831A26E00CF8711 /* ARM64Assembler.h in Headers */,
@@ -6326 +6323 @@
                                 0F48532A187DFDEC0083B687 /* FTLRecoveryOpcode.h in Headers */,
                                 E3794E761B77EB97005543AE /* ModuleAnalyzer.h in Headers */,
-                                0F6B1CC41862C47800845D97 /* FTLRegisterAtOffset.h in Headers */,
                                 0FCEFAAC1804C13E00472CE4 /* FTLSaveRestore.h in Headers */,
                                 0F25F1B2181635F300522F39 /* FTLSlowPathCall.h in Headers */,
@@ -7393 +7389 @@
                                 0F55F0F414D1063900AC7649 /* AbstractPC.cpp in Sources */,
                                 147F39BD107EC37600427A48 /* ArgList.cpp in Sources */,
-                                0F6B1CC918641DF800845D97 /* ArityCheckFailReturnThunks.cpp in Sources */,
                                 797E07A91B8FCFB9008400BA /* JSGlobalLexicalEnvironment.cpp in Sources */,
                                 E3794E751B77EB97005543AE /* ModuleAnalyzer.cpp in Sources */,
@@ -7656 +7651 @@
                                 0FEA0A2A1709629600BB722C /* FTLOutput.cpp in Sources */,
                                 0F485329187DFDEC0083B687 /* FTLRecoveryOpcode.cpp in Sources */,
-                                0F6B1CC31862C47800845D97 /* FTLRegisterAtOffset.cpp in Sources */,
                                 0FCEFAAB1804C13E00472CE4 /* FTLSaveRestore.cpp in Sources */,
                                 0F25F1B1181635F300522F39 /* FTLSlowPathCall.cpp in Sources */,
@@ -7927 +7921 @@
                                 0FF60AC316740F8800029779 /* ReduceWhitespace.cpp in Sources */,
                                 0FA7A8EB18B413C80052371D /* Reg.cpp in Sources */,
+                                6540C7A11B82E1C3000F6B79 /* RegisterAtOffsetList.cpp in Sources */,
+                                6540C7A01B82E1C3000F6B79 /* RegisterAtOffset.cpp in Sources */,
                                 14280841107EC0930013E7B2 /* RegExp.cpp in Sources */,
                                 A1712B3B11C7B212007A5315 /* RegExpCache.cpp in Sources */,

trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h

@@ -118 +118 @@
         CodeLocationNearCall hotPathOther, unsigned calleeGPR)
     {
-        m_registerPreservationMode = static_cast<unsigned>(MustPreserveRegisters);
+        m_registerPreservationMode = static_cast<unsigned>(RegisterPreservationNotRequired);
         m_callType = callType;
         m_codeOrigin = codeOrigin;

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -69 +69 @@
 #include <wtf/StringPrintStream.h>
 #include <wtf/text/UniquedStringImpl.h>
+
+#if ENABLE(JIT)
+#include "RegisterAtOffsetList.h"
+#endif
 
 #if ENABLE(DFG_JIT)
@@ -1887 +1891 @@
     if (size_t size = unlinkedCodeBlock->numberOfObjectAllocationProfiles())
         m_objectAllocationProfiles.resizeToFit(size);
+
+#if ENABLE(JIT)
+    setCalleeSaveRegisters(RegisterSet::llintBaselineCalleeSaveRegisters());
+#endif
 
     // Copy and translate the UnlinkedInstructions
@@ -3330 +3338 @@
 
 #if ENABLE(JIT)
+void CodeBlock::setCalleeSaveRegisters(RegisterSet calleeSaveRegisters)
+{
+    m_calleeSaveRegisters = std::make_unique<RegisterAtOffsetList>(calleeSaveRegisters);
+}
+
+void CodeBlock::setCalleeSaveRegisters(std::unique_ptr<RegisterAtOffsetList> registerAtOffsetList)
+{
+    m_calleeSaveRegisters = WTF::move(registerAtOffsetList);
+}
+    
+static size_t roundCalleeSaveSpaceAsVirtualRegisters(size_t calleeSaveRegisters)
+{
+    static const unsigned cpuRegisterSize = sizeof(void*);
+    return (WTF::roundUpToMultipleOf(sizeof(Register), calleeSaveRegisters * cpuRegisterSize) / sizeof(Register));
+
+}
+
+size_t CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters()
+{
+    return roundCalleeSaveSpaceAsVirtualRegisters(numberOfLLIntBaselineCalleeSaveRegisters());
+}
+
+size_t CodeBlock::calleeSaveSpaceAsVirtualRegisters()
+{
+    return roundCalleeSaveSpaceAsVirtualRegisters(m_calleeSaveRegisters->size());
+}
+
 void CodeBlock::countReoptimization()
 {

trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

@@ -81 +81 @@
 class ExecState;
 class LLIntOffsetsExtractor;
+class RegisterAtOffsetList;
 class TypeLocation;
 class JSModuleEnvironment;
@@ -732 +733 @@
     void countReoptimization();
 #if ENABLE(JIT)
+    static unsigned numberOfLLIntBaselineCalleeSaveRegisters() { return RegisterSet::llintBaselineCalleeSaveRegisters().numberOfSetRegisters(); }
+    static size_t llintBaselineCalleeSaveSpaceAsVirtualRegisters();
+    size_t calleeSaveSpaceAsVirtualRegisters();
+
     unsigned numberOfDFGCompiles();
 
@@ -817 +822 @@
     bool shouldReoptimizeNow();
     bool shouldReoptimizeFromLoopNow();
+
+    void setCalleeSaveRegisters(RegisterSet);
+    void setCalleeSaveRegisters(std::unique_ptr<RegisterAtOffsetList>);
+    
+    RegisterAtOffsetList* calleeSaveRegisters() const { return m_calleeSaveRegisters.get(); }
 #else // No JIT
+    static unsigned numberOfLLIntBaselineCalleeSaveRegisters() { return 0; }
+    static size_t llintBaselineCalleeSaveSpaceAsVirtualRegisters() { return 0; };
     void optimizeAfterWarmUp() { }
     unsigned numberOfDFGCompiles() { return 0; }
@@ -856 +868 @@
     // FIXME: Make these remaining members private.
 
+    int m_numLocalRegistersForCalleeSaves;
     int m_numCalleeRegisters;
     int m_numVars;
@@ -1016 +1029 @@
     RefPtr<JITCode> m_jitCode;
 #if ENABLE(JIT)
+    std::unique_ptr<RegisterAtOffsetList> m_calleeSaveRegisters;
     Bag<StructureStubInfo> m_stubInfos;
     Bag<ByValInfo> m_byValInfos;

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -159 +159 @@
         constantRegister = nullptr;
 
+    allocateCalleeSaveSpace();
+
     m_codeBlock->setNumParameters(1); // Allocate space for "this"
 
@@ -199 +201 @@
     if (m_isBuiltinFunction)
         m_shouldEmitDebugHooks = false;
+
+    allocateCalleeSaveSpace();
     
     SymbolTable* functionSymbolTable = SymbolTable::create(*m_vm);
@@ -494 +498 @@
         constantRegister = nullptr;
 
+    allocateCalleeSaveSpace();
+
     m_codeBlock->setNumParameters(1);
 
@@ -537 +543 @@
     if (m_isBuiltinFunction)
         m_shouldEmitDebugHooks = false;
+
+    allocateCalleeSaveSpace();
 
     SymbolTable* moduleEnvironmentSymbolTable = SymbolTable::create(*m_vm);
@@ -3063 +3071 @@
     }
     return LabelScopePtr::null();
+}
+
+void BytecodeGenerator::allocateCalleeSaveSpace()
+{
+    size_t virtualRegisterCountForCalleeSaves = CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters();
+
+    for (size_t i = 0; i < virtualRegisterCountForCalleeSaves; i++) {
+        RegisterID* localRegister = addVar();
+        localRegister->ref();
+        m_localRegistersForCalleeSaveRegisters.append(localRegister);
+    }
 }
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -698 +698 @@
         ALWAYS_INLINE void rewindUnaryOp();
 
+        void allocateCalleeSaveSpace();
         void allocateAndEmitScope();
         RegisterID* emitLoadArrowFunctionThis(RegisterID*);
@@ -811 +812 @@
         RegisterID* m_linkTimeConstantRegisters[LinkTimeConstantCount];
 
+        SegmentedVector<RegisterID*, 16> m_localRegistersForCalleeSaveRegisters;
         SegmentedVector<RegisterID, 32> m_constantPoolRegisters;
         SegmentedVector<RegisterID, 32> m_calleeRegisters;

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@ -29 +29 @@
 #if ENABLE(DFG_JIT)
 
-#include "ArityCheckFailReturnThunks.h"
 #include "CodeBlock.h"
 #include "DFGFailedFinalizer.h"
@@ -103 +102 @@
     emitFunctionPrologue();
     emitPutImmediateToCallFrameHeader(m_codeBlock, JSStack::CodeBlock);
-    jitAssertTagsInPlace();
+}
+
+void JITCompiler::compileSetupRegistersForEntry()
+{
+    emitSaveCalleeSaves();
+    emitMaterializeTagCheckRegisters();    
 }
 
@@ -119 +123 @@
     if (!m_exceptionChecksWithCallFrameRollback.empty()) {
         m_exceptionChecksWithCallFrameRollback.link(this);
+
+        copyCalleeSavesToVMCalleeSavesBuffer();
 
         // lookupExceptionHandlerFromCallerFrame is passed two arguments, the VM and the exec (the CallFrame*).
@@ -137 +143 @@
     if (!m_exceptionChecks.empty()) {
         m_exceptionChecks.link(this);
+
+        copyCalleeSavesToVMCalleeSavesBuffer();
 
         // lookupExceptionHandler is passed two arguments, the VM and the exec (the CallFrame*).
@@ -295 +303 @@
     addPtr(TrustedImm32(m_graph.stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, stackPointerRegister);
     checkStackPointerAlignment();
+    compileSetupRegistersForEntry();
     compileBody();
     setEndOfMainPath();
@@ -358 +367 @@
     addPtr(TrustedImm32(m_graph.stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, stackPointerRegister);
     checkStackPointerAlignment();
+
+    compileSetupRegistersForEntry();
 
     // === Function body code generation ===
@@ -398 +409 @@
     branchTest32(Zero, GPRInfo::returnValueGPR).linkTo(fromArityCheck, this);
     emitStoreCodeOrigin(CodeOrigin(0));
-    GPRReg thunkReg = GPRInfo::argumentGPR1;
-    CodeLocationLabel* arityThunkLabels =
-        m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters());
-    move(TrustedImmPtr(arityThunkLabels), thunkReg);
-    loadPtr(BaseIndex(thunkReg, GPRInfo::returnValueGPR, timesPtr()), thunkReg);
     move(GPRInfo::returnValueGPR, GPRInfo::argumentGPR0);
     m_callArityFixup = call();

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h

@@ -266 +266 @@
     // Internal implementation to compile.
     void compileEntry();
+    void compileSetupRegistersForEntry();
     void compileBody();
     void link(LinkBuffer&);

trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp

@@ -309 +309 @@
         pivot[i] = JSValue();
     }
-    
-    // 6) Fix the call frame to have the right code block.
+
+    // 6) Copy our callee saves to buffer.
+#if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+    RegisterAtOffsetList* registerSaveLocations = codeBlock->calleeSaveRegisters();
+    RegisterAtOffsetList* allCalleeSaves = vm->getAllCalleeSaveRegisterOffsets();
+    RegisterSet dontSaveRegisters = RegisterSet(RegisterSet::stackRegisters(), RegisterSet::allFPRs());
+
+    unsigned registerCount = registerSaveLocations->size();
+    for (unsigned i = 0; i < registerCount; i++) {
+        RegisterAtOffset currentEntry = registerSaveLocations->at(i);
+        if (dontSaveRegisters.get(currentEntry.reg()))
+            continue;
+        RegisterAtOffset* vmCalleeSavesEntry = allCalleeSaves->find(currentEntry.reg());
+        
+        *(bitwise_cast<intptr_t*>(pivot - 1) - currentEntry.offsetAsIndex()) = vm->calleeSaveRegistersBuffer[vmCalleeSavesEntry->offsetAsIndex()];
+    }
+#endif
+    
+    // 7) Fix the call frame to have the right code block.
     
     *bitwise_cast<CodeBlock**>(pivot - 1 - JSStack::CodeBlock) = codeBlock;

trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp

@@ -245 +245 @@
         CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
     
+    // Restore the DFG callee saves and then save the ones the baseline JIT uses.
+    m_jit.emitRestoreCalleeSaves();
+    m_jit.emitSaveCalleeSavesFor(m_jit.baselineCodeBlock());
+
     // Do all data format conversions and store the results into the stack.
     
     for (size_t index = 0; index < operands.size(); ++index) {
         const ValueRecovery& recovery = operands[index];
-        int operand = operands.operandForIndex(index);
-        
+        VirtualRegister reg = operands.virtualRegisterForIndex(index);
+
+        if (reg.isLocal() && reg.toLocal() < static_cast<int>(m_jit.baselineCodeBlock()->calleeSaveSpaceAsVirtualRegisters()))
+            continue;
+
+        int operand = reg.offset();
+
         switch (recovery.technique()) {
         case InPair:

trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp

@@ -203 +203 @@
     
     // And voila, all GPRs are free to reuse.
-    
+
     // Save all state from FPRs into the scratch buffer.
     
@@ -255 +255 @@
         CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
     
+    // Restore the DFG callee saves and then save the ones the baseline JIT uses.
+    m_jit.emitRestoreCalleeSaves();
+    m_jit.emitSaveCalleeSavesFor(m_jit.baselineCodeBlock());
+
+    // The tag registers are needed to materialize recoveries below.
+    m_jit.emitMaterializeTagCheckRegisters();
+
     // Do all data format conversions and store the results into the stack.
     
     for (size_t index = 0; index < operands.size(); ++index) {
         const ValueRecovery& recovery = operands[index];
-        int operand = operands.operandForIndex(index);
-        
+        VirtualRegister reg = operands.virtualRegisterForIndex(index);
+
+        if (reg.isLocal() && reg.toLocal() < static_cast<int>(m_jit.baselineCodeBlock()->calleeSaveSpaceAsVirtualRegisters()))
+            continue;
+
+        int operand = reg.offset();
+
         switch (recovery.technique()) {
         case InGPR:
@@ -321 +333 @@
         }
     }
-    
+
     // Now that things on the stack are recovered, do the arguments recovery. We assume that arguments
     // recoveries don't recursively refer to each other. But, we don't try to assume that they only
@@ -371 +383 @@
     
     reifyInlinedCallFrames(m_jit, exit);
-    
+
     // And finish.
     adjustAndJumpToTarget(m_jit, exit);

trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp

@@ -198 +198 @@
                          
         jit.storePtr(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::CodeBlock)));
+        jit.emitSaveCalleeSavesFor(baselineCodeBlock, static_cast<VirtualRegister>(inlineCallFrame->stackOffset));
         if (!inlineCallFrame->isVarargs())
             jit.store32(AssemblyHelpers::TrustedImm32(inlineCallFrame->arguments.size()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame->stackOffset + JSStack::ArgumentCount)));
@@ -251 +252 @@
 {
 #if ENABLE(GGC) 
-    jit.move(AssemblyHelpers::TrustedImmPtr(jit.codeBlock()->ownerExecutable()), GPRInfo::nonArgGPR0);
-    osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
+    jit.move(AssemblyHelpers::TrustedImmPtr(jit.codeBlock()->ownerExecutable()), GPRInfo::argumentGPR1);
+    osrWriteBarrier(jit, GPRInfo::argumentGPR1, GPRInfo::nonArgGPR0);
     InlineCallFrameSet* inlineCallFrames = jit.codeBlock()->jitCode()->dfgCommon()->inlineCallFrames.get();
     if (inlineCallFrames) {
         for (InlineCallFrame* inlineCallFrame : *inlineCallFrames) {
             ScriptExecutable* ownerExecutable = inlineCallFrame->executable.get();
-            jit.move(AssemblyHelpers::TrustedImmPtr(ownerExecutable), GPRInfo::nonArgGPR0); 
-            osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
+            jit.move(AssemblyHelpers::TrustedImmPtr(ownerExecutable), GPRInfo::argumentGPR1);
+            osrWriteBarrier(jit, GPRInfo::argumentGPR1, GPRInfo::nonArgGPR0);
         }
     }
@@ -278 +279 @@
     jit.addPtr(AssemblyHelpers::TrustedImm32(JIT::stackPointerOffsetFor(baselineCodeBlock) * sizeof(Register)), GPRInfo::callFrameRegister, AssemblyHelpers::stackPointerRegister);
     
-    jit.jitAssertTagsInPlace();
-
     jit.move(AssemblyHelpers::TrustedImmPtr(jumpTarget), GPRInfo::regT2);
     jit.jump(GPRInfo::regT2);

trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp

@@ -243 +243 @@
         return FailPath;
     }
+
+    codeBlock->setCalleeSaveRegisters(RegisterSet::dfgCalleeSaveRegisters());
     
     // By this point the DFG bytecode parser will have potentially mutated various tables

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -312 +312 @@
     }
     
-    result.merge(RegisterSet::specialRegisters());
+    result.merge(RegisterSet::stubUnavailableRegisters());
     
     return result;

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -3132 +3132 @@
         }
 
+        m_jit.emitRestoreCalleeSaves();
         m_jit.emitFunctionEpilogue();
         m_jit.ret();

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -3191 +3191 @@
         m_jit.move(op1.gpr(), GPRInfo::returnValueGPR);
 
+        m_jit.emitRestoreCalleeSaves();
         m_jit.emitFunctionEpilogue();
         m_jit.ret();
@@ -4791 +4792 @@
         appendCallSetResult(triggerOSREntryNow, tempGPR);
         MacroAssembler::Jump dontEnter = m_jit.branchTestPtr(MacroAssembler::Zero, tempGPR);
+        m_jit.emitRestoreCalleeSaves();
         m_jit.jump(tempGPR);
         dontEnter.link(&m_jit);

trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp

@@ -130 +130 @@
         
         Vector<unsigned> allocation(usedLocals.size());
-        m_graph.m_nextMachineLocal = 0;
+        m_graph.m_nextMachineLocal = codeBlock()->calleeSaveSpaceAsVirtualRegisters();
         for (unsigned i = 0; i < usedLocals.size(); ++i) {
             if (!usedLocals.get(i)) {

trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

@@ -330 +330 @@
 static void fixFunctionBasedOnStackMaps(
     State& state, CodeBlock* codeBlock, JITCode* jitCode, GeneratedFunction generatedFunction,
-    StackMaps::RecordMap& recordMap, bool didSeeUnwindInfo)
+    StackMaps::RecordMap& recordMap)
 {
     Graph& graph = state.graph;
@@ -366 +366 @@
         // At this point it's perfectly fair to just blow away all state and restore the
         // JS JIT view of the universe.
+        checkJIT.copyCalleeSavesToVMCalleeSavesBuffer();
         checkJIT.move(MacroAssembler::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
         checkJIT.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);
@@ -372 +373 @@
 
         stackOverflowException = checkJIT.label();
+        checkJIT.copyCalleeSavesToVMCalleeSavesBuffer();
         checkJIT.move(MacroAssembler::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
         checkJIT.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);
@@ -393 +395 @@
     if (exitThunkGenerator.didThings()) {
         RELEASE_ASSERT(state.finalizer->osrExit.size());
-        RELEASE_ASSERT(didSeeUnwindInfo);
         
         auto linkBuffer = std::make_unique<LinkBuffer>(
@@ -815 +816 @@
     }
     
-    bool didSeeUnwindInfo = state.jitCode->unwindInfo.parse(
+    std::unique_ptr<RegisterAtOffsetList> registerOffsets = parseUnwindInfo(
         state.unwindDataSection, state.unwindDataSectionSize,
         state.generatedFunction);
     if (shouldShowDisassembly()) {
         dataLog("Unwind info for ", CodeBlockWithJITType(state.graph.m_codeBlock, JITCode::FTLJIT), ":\n");
-        if (didSeeUnwindInfo)
-            dataLog("    ", state.jitCode->unwindInfo, "\n");
-        else
-            dataLog("    <no unwind info>\n");
-    }
+        dataLog("    ", *registerOffsets, "\n");
+    }
+    state.graph.m_codeBlock->setCalleeSaveRegisters(WTF::move(registerOffsets));
     
     if (state.stackmapsSection && state.stackmapsSection->size()) {
@@ -847 +846 @@
         fixFunctionBasedOnStackMaps(
             state, state.graph.m_codeBlock, state.jitCode.get(), state.generatedFunction,
-            recordMap, didSeeUnwindInfo);
+            recordMap);
         if (state.allocationFailed)
             return;

trunk/Source/JavaScriptCore/ftl/FTLJITCode.h

@@ -85 +85 @@
     SegmentedVector<OSRExit, 8> osrExit;
     StackMaps stackmaps;
-    UnwindInfo unwindInfo;
     
 private:

trunk/Source/JavaScriptCore/ftl/FTLLink.cpp

@@ -29 +29 @@
 #if ENABLE(FTL_JIT)
 
-#include "ArityCheckFailReturnThunks.h"
 #include "CCallHelpers.h"
 #include "CodeBlockWithJITType.h"
@@ -55 +54 @@
     codeBlock->clearSwitchJumpTables();
     
-    // FIXME: Need to know the real frame register count.
-    // https://bugs.webkit.org/show_bug.cgi?id=125727
-    state.jitCode->common.frameRegisterCount = 1000;
+    state.jitCode->common.frameRegisterCount = state.jitCode->stackmaps.stackSizeForLocals() / sizeof(void*);
     
     state.jitCode->common.requiredRegisterCountForExit = graph.requiredRegisterCountForExit();
@@ -170 +167 @@
         mainPathJumps.append(jit.branchTest32(CCallHelpers::Zero, GPRInfo::argumentGPR0));
         jit.emitFunctionPrologue();
-        CodeLocationLabel* arityThunkLabels =
-            vm.arityCheckFailReturnThunks->returnPCsFor(vm, codeBlock->numParameters());
-        jit.move(CCallHelpers::TrustedImmPtr(arityThunkLabels), GPRInfo::argumentGPR1);
-        jit.loadPtr(CCallHelpers::BaseIndex(GPRInfo::argumentGPR1, GPRInfo::argumentGPR0, CCallHelpers::timesPtr()), GPRInfo::argumentGPR1);
         CCallHelpers::Call callArityFixup = jit.call();
         jit.emitFunctionEpilogue();

trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp

@@ -212 +212 @@
             exit.m_values.size() + numMaterializations + maxMaterializationNumArguments) +
         requiredScratchMemorySizeInBytes() +
-        jitCode->unwindInfo.m_registers.size() * sizeof(uint64_t));
+        codeBlock->calleeSaveRegisters()->size() * sizeof(uint64_t));
     EncodedJSValue* scratch = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
     EncodedJSValue* materializationPointers = scratch + exit.m_values.size();
@@ -385 +385 @@
     // Before we start messing with the frame, we need to set aside any registers that the
     // FTL code was preserving.
-    for (unsigned i = jitCode->unwindInfo.m_registers.size(); i--;) {
-        RegisterAtOffset entry = jitCode->unwindInfo.m_registers[i];
+    for (unsigned i = codeBlock->calleeSaveRegisters()->size(); i--;) {
+        RegisterAtOffset entry = codeBlock->calleeSaveRegisters()->at(i);
         jit.load64(
             MacroAssembler::Address(MacroAssembler::framePointerRegister, entry.offset()),
@@ -433 +433 @@
     arityIntact.link(&jit);
 
+    CodeBlock* baselineCodeBlock = jit.baselineCodeBlockFor(exit.m_codeOrigin);
+
     // First set up SP so that our data doesn't get clobbered by signals.
     unsigned conservativeStackDelta =
         registerPreservationOffset() +
-        exit.m_values.numberOfLocals() * sizeof(Register) +
+        (exit.m_values.numberOfLocals() + baselineCodeBlock->calleeSaveSpaceAsVirtualRegisters()) * sizeof(Register) +
         maxFrameExtentForSlowPathCall;
     conservativeStackDelta = WTF::roundUpToMultipleOf(
@@ -458 +460 @@
     jit.addPtr(MacroAssembler::TrustedImm32(sizeof(Register)), GPRInfo::regT1);
     jit.branchTest32(MacroAssembler::NonZero, GPRInfo::regT2).linkTo(loop, &jit);
-    
-    // At this point regT1 points to where we would save our registers. Save them here.
-    ptrdiff_t currentOffset = 0;
+
+    RegisterAtOffsetList* baselineCalleeSaves = baselineCodeBlock->calleeSaveRegisters();
+
     for (Reg reg = Reg::first(); reg <= Reg::last(); reg = reg.next()) {
-        if (!toSave.get(reg))
+        if (!toSave.get(reg) || !reg.isGPR())
             continue;
-        currentOffset += sizeof(Register);
-        unsigned unwindIndex = jitCode->unwindInfo.indexOf(reg);
-        if (unwindIndex == UINT_MAX) {
-            // The FTL compilation didn't preserve this register. This means that it also
-            // didn't use the register. So its value at the beginning of OSR exit should be
-            // preserved by the thunk. Luckily, we saved all registers into the register
-            // scratch buffer, so we can restore them from there.
-            jit.load64(registerScratch + offsetOfReg(reg), GPRInfo::regT0);
+        unsigned unwindIndex = codeBlock->calleeSaveRegisters()->indexOf(reg);
+        RegisterAtOffset* baselineRegisterOffset = baselineCalleeSaves->find(reg);
+
+        if (reg.isGPR()) {
+            GPRReg regToLoad = baselineRegisterOffset ? GPRInfo::regT0 : reg.gpr();
+
+            if (unwindIndex == UINT_MAX) {
+                // The FTL compilation didn't preserve this register. This means that it also
+                // didn't use the register. So its value at the beginning of OSR exit should be
+                // preserved by the thunk. Luckily, we saved all registers into the register
+                // scratch buffer, so we can restore them from there.
+                jit.load64(registerScratch + offsetOfReg(reg), regToLoad);
+            } else {
+                // The FTL compilation preserved the register. Its new value is therefore
+                // irrelevant, but we can get the value that was preserved by using the unwind
+                // data. We've already copied all unwind-able preserved registers into the unwind
+                // scratch buffer, so we can get it from there.
+                jit.load64(unwindScratch + unwindIndex, regToLoad);
+            }
+
+            if (baselineRegisterOffset)
+                jit.store64(regToLoad, MacroAssembler::Address(MacroAssembler::framePointerRegister, baselineRegisterOffset->offset()));
         } else {
-            // The FTL compilation preserved the register. Its new value is therefore
-            // irrelevant, but we can get the value that was preserved by using the unwind
-            // data. We've already copied all unwind-able preserved registers into the unwind
-            // scratch buffer, so we can get it from there.
-            jit.load64(unwindScratch + unwindIndex, GPRInfo::regT0);
+            FPRReg fpRegToLoad = baselineRegisterOffset ? FPRInfo::fpRegT0 : reg.fpr();
+
+            if (unwindIndex == UINT_MAX)
+                jit.loadDouble(MacroAssembler::TrustedImmPtr(registerScratch + offsetOfReg(reg)), fpRegToLoad);
+            else
+                jit.loadDouble(MacroAssembler::TrustedImmPtr(unwindScratch + unwindIndex), fpRegToLoad);
+
+            if (baselineRegisterOffset)
+                jit.storeDouble(fpRegToLoad, MacroAssembler::Address(MacroAssembler::framePointerRegister, baselineRegisterOffset->offset()));
         }
-        jit.store64(GPRInfo::regT0, AssemblyHelpers::Address(GPRInfo::regT1, currentOffset));
-    }
-    
-    // We need to make sure that we return into the register restoration thunk. This works
-    // differently depending on whether or not we had arity issues.
-    MacroAssembler::Jump arityIntactForReturnPC = jit.branch32(
-        MacroAssembler::GreaterThanOrEqual,
-        CCallHelpers::payloadFor(JSStack::ArgumentCount),
-        MacroAssembler::TrustedImm32(codeBlock->numParameters()));
-    
-    // The return PC in the call frame header points at exactly the right arity restoration
-    // thunk. We don't want to change that. But the arity restoration thunk's frame has a
-    // return PC and we want to reroute that to our register restoration thunk. The arity
-    // restoration's return PC just just below regT1, and the register restoration's return PC
-    // is right at regT1.
-    jit.loadPtr(MacroAssembler::Address(GPRInfo::regT1, -static_cast<ptrdiff_t>(sizeof(Register))), GPRInfo::regT0);
-    jit.storePtr(GPRInfo::regT0, GPRInfo::regT1);
-    jit.storePtr(
-        MacroAssembler::TrustedImmPtr(vm->getCTIStub(registerRestorationThunkGenerator).code().executableAddress()),
-        MacroAssembler::Address(GPRInfo::regT1, -static_cast<ptrdiff_t>(sizeof(Register))));
-    
-    MacroAssembler::Jump arityReturnPCReady = jit.jump();
-
-    arityIntactForReturnPC.link(&jit);
-    
-    jit.loadPtr(MacroAssembler::Address(MacroAssembler::framePointerRegister, CallFrame::returnPCOffset()), GPRInfo::regT0);
-    jit.storePtr(GPRInfo::regT0, GPRInfo::regT1);
-    jit.storePtr(
-        MacroAssembler::TrustedImmPtr(vm->getCTIStub(registerRestorationThunkGenerator).code().executableAddress()),
-        MacroAssembler::Address(MacroAssembler::framePointerRegister, CallFrame::returnPCOffset()));
-    
-    arityReturnPCReady.link(&jit);
-    
+    }
+
+    size_t baselineVirtualRegistersForCalleeSaves = baselineCodeBlock->calleeSaveSpaceAsVirtualRegisters();
+
     // Now get state out of the scratch buffer and place it back into the stack. The values are
     // already reboxed so we just move them.
     for (unsigned index = exit.m_values.size(); index--;) {
-        int operand = exit.m_values.operandForIndex(index);
-        
+        VirtualRegister reg = exit.m_values.virtualRegisterForIndex(index);
+
+        if (reg.isLocal() && reg.toLocal() < static_cast<int>(baselineVirtualRegistersForCalleeSaves))
+            continue;
+
         jit.load64(scratch + index, GPRInfo::regT0);
-        jit.store64(GPRInfo::regT0, AssemblyHelpers::addressFor(static_cast<VirtualRegister>(operand)));
+        jit.store64(GPRInfo::regT0, AssemblyHelpers::addressFor(reg));
     }
     

trunk/Source/JavaScriptCore/ftl/FTLThunks.cpp

@@ -67 +67 @@
     
     // Tell GC mark phase how much of the scratch buffer is active during call.
-    jit.move(MacroAssembler::TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::nonArgGPR1);
-    jit.storePtr(MacroAssembler::TrustedImmPtr(requiredScratchMemorySizeInBytes()), GPRInfo::nonArgGPR1);
+    jit.move(MacroAssembler::TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::nonArgGPR0);
+    jit.storePtr(MacroAssembler::TrustedImmPtr(requiredScratchMemorySizeInBytes()), GPRInfo::nonArgGPR0);
 
     jit.loadPtr(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);

trunk/Source/JavaScriptCore/ftl/FTLUnwindInfo.cpp

@@ -95 +95 @@
 #include "FTLUnwindInfo.h"
 
+#include "CodeBlock.h"
+#include "RegisterAtOffsetList.h"
+
 #if ENABLE(FTL_JIT)
 
@@ -103 +106 @@
 
 namespace JSC { namespace FTL {
-
-UnwindInfo::UnwindInfo() { }
-UnwindInfo::~UnwindInfo() { }
-
 
 namespace {
@@ -655 +654 @@
 } // anonymous namespace
 
-bool UnwindInfo::parse(void* section, size_t size, GeneratedFunction generatedFunction)
-{
-    m_registers.clear();
+std::unique_ptr<RegisterAtOffsetList> parseUnwindInfo(void* section, size_t size, GeneratedFunction generatedFunction)
+{
     RELEASE_ASSERT(!!section);
-    if (!section)
-        return false;
+
+    std::unique_ptr<RegisterAtOffsetList> registerOffsets = std::make_unique<RegisterAtOffsetList>();
 
 #if OS(DARWIN)
@@ -690 +688 @@
             
         case UNWIND_X86_64_REG_RBX:
-            m_registers.append(RegisterAtOffset(X86Registers::ebx, offset));
+            registerOffsets->append(RegisterAtOffset(X86Registers::ebx, offset));
             break;
             
         case UNWIND_X86_64_REG_R12:
-            m_registers.append(RegisterAtOffset(X86Registers::r12, offset));
+            registerOffsets->append(RegisterAtOffset(X86Registers::r12, offset));
             break;
             
         case UNWIND_X86_64_REG_R13:
-            m_registers.append(RegisterAtOffset(X86Registers::r13, offset));
+            registerOffsets->append(RegisterAtOffset(X86Registers::r13, offset));
             break;
             
         case UNWIND_X86_64_REG_R14:
-            m_registers.append(RegisterAtOffset(X86Registers::r14, offset));
+            registerOffsets->append(RegisterAtOffset(X86Registers::r14, offset));
             break;
             
         case UNWIND_X86_64_REG_R15:
-            m_registers.append(RegisterAtOffset(X86Registers::r15, offset));
+            registerOffsets->append(RegisterAtOffset(X86Registers::r15, offset));
             break;
             
         case UNWIND_X86_64_REG_RBP:
-            m_registers.append(RegisterAtOffset(X86Registers::ebp, offset));
+            registerOffsets->append(RegisterAtOffset(X86Registers::ebp, offset));
             break;
             
@@ -722 +720 @@
     RELEASE_ASSERT((encoding & UNWIND_ARM64_MODE_MASK) == UNWIND_ARM64_MODE_FRAME);
     
-    m_registers.append(RegisterAtOffset(ARM64Registers::fp, 0));
+    registerOffsets->append(RegisterAtOffset(ARM64Registers::fp, 0));
     
     int32_t offset = 0;
     if (encoding & UNWIND_ARM64_FRAME_X19_X20_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::x19, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::x20, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x19, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x20, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_X21_X22_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::x21, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::x22, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x21, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x22, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_X23_X24_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::x23, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::x24, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x23, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x24, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_X25_X26_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::x25, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::x26, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x25, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x26, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_X27_X28_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::x27, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::x28, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x27, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::x28, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_D8_D9_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::q8, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::q9, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q8, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q9, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_D10_D11_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::q10, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::q11, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q10, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q11, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_D12_D13_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::q12, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::q13, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q12, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q13, offset -= 8));
     }
     if (encoding & UNWIND_ARM64_FRAME_D14_D15_PAIR) {
-        m_registers.append(RegisterAtOffset(ARM64Registers::q14, offset -= 8));
-        m_registers.append(RegisterAtOffset(ARM64Registers::q15, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q14, offset -= 8));
+        registerOffsets->append(RegisterAtOffset(ARM64Registers::q15, offset -= 8));
     }
 #else
@@ -783 +781 @@
             switch (i) {
             case UNW_X86_64_rbx:
-                m_registers.append(RegisterAtOffset(X86Registers::ebx, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(X86Registers::ebx, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_X86_64_r12:
-                m_registers.append(RegisterAtOffset(X86Registers::r12, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(X86Registers::r12, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_X86_64_r13:
-                m_registers.append(RegisterAtOffset(X86Registers::r13, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(X86Registers::r13, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_X86_64_r14:
-                m_registers.append(RegisterAtOffset(X86Registers::r14, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(X86Registers::r14, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_X86_64_r15:
-                m_registers.append(RegisterAtOffset(X86Registers::r15, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(X86Registers::r15, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_X86_64_rbp:
-                m_registers.append(RegisterAtOffset(X86Registers::ebp, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(X86Registers::ebp, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case DW_X86_64_RET_addr:
@@ -817 +815 @@
             switch (i) {
             case UNW_ARM64_x0:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x0, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x0, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x1:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x1, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x1, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x2:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x2, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x2, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x3:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x3, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x3, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x4:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x4, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x4, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x5:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x5, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x5, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x6:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x6, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x6, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x7:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x7, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x7, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x8:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x8, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x8, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x9:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x9, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x9, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x10:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x10, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x10, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x11:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x11, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x11, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x12:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x12, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x12, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x13:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x13, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x13, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x14:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x14, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x14, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x15:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x15, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x15, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x16:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x16, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x16, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x17:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x17, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x17, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x18:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x18, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x18, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x19:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x19, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x19, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x20:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x20, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x20, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x21:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x21, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x21, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x22:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x22, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x22, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x23:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x23, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x23, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x24:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x24, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x24, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x25:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x25, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x25, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x26:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x26, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x26, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x27:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x27, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x27, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x28:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x28, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x28, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_fp:
-                m_registers.append(RegisterAtOffset(ARM64Registers::fp, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::fp, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_x30:
-                m_registers.append(RegisterAtOffset(ARM64Registers::x30, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::x30, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_sp:
-                m_registers.append(RegisterAtOffset(ARM64Registers::sp, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::sp, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v0:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q0, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q0, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v1:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q1, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q1, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v2:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q2, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q2, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v3:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q3, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q3, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v4:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q4, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q4, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v5:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q5, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q5, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v6:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q6, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q6, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v7:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q7, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q7, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v8:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q8, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q8, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v9:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q9, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q9, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v10:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q10, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q10, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v11:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q11, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q11, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v12:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q12, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q12, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v13:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q13, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q13, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v14:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q14, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q14, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v15:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q15, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q15, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v16:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q16, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q16, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v17:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q17, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q17, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v18:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q18, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q18, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v19:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q19, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q19, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v20:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q20, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q20, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v21:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q21, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                append(RegisterAtOffset(ARM64Registers::q21, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v22:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q22, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q22, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v23:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q23, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q23, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v24:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q24, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q24, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v25:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q25, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q25, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v26:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q26, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q26, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v27:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q27, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q27, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v28:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q28, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q28, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v29:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q29, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q29, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v30:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q30, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q30, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             case UNW_ARM64_v31:
-                m_registers.append(RegisterAtOffset(ARM64Registers::q31, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
+                registerOffsets->append(RegisterAtOffset(ARM64Registers::q31, prolog.savedRegisters[i].offset + prolog.cfaRegisterOffset));
                 break;
             default:
@@ -1018 +1016 @@
 
 #endif
-    std::sort(m_registers.begin(), m_registers.end());
-    return true;
-}
-
-void UnwindInfo::dump(PrintStream& out) const
-{
-    out.print(listDump(m_registers));
-}
-
-RegisterAtOffset* UnwindInfo::find(Reg reg) const
-{
-    return tryBinarySearch<RegisterAtOffset, Reg>(m_registers, m_registers.size(), reg, RegisterAtOffset::getReg);
-}
-
-unsigned UnwindInfo::indexOf(Reg reg) const
-{
-    if (RegisterAtOffset* pointer = find(reg))
-        return pointer - m_registers.begin();
-    return UINT_MAX;
+    registerOffsets->sort();
+    return WTF::move(registerOffsets);
 }
 

trunk/Source/JavaScriptCore/ftl/FTLUnwindInfo.h

@@ -32 +32 @@
 
 #include "FTLGeneratedFunction.h"
-#include "FTLRegisterAtOffset.h"
+class RegisterAtOffsetList;
 
 namespace JSC { namespace FTL {
 
-struct UnwindInfo {
-    UnwindInfo();
-    ~UnwindInfo();
-    
-    bool parse(void*, size_t, GeneratedFunction);
-    
-    void dump(PrintStream&) const;
-    
-    RegisterAtOffset* find(Reg) const;
-    unsigned indexOf(Reg) const; // Returns UINT_MAX if not found.
-    
-    Vector<RegisterAtOffset> m_registers;
-};
+std::unique_ptr<RegisterAtOffsetList>  parseUnwindInfo(void*, size_t, GeneratedFunction);
 
 } } // namespace JSC::FTL

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -651 +651 @@
                 if (LegacyProfiler* profiler = vm.enabledProfiler())
                     profiler->exceptionUnwind(m_callFrame);
+
+                copyCalleeSavesToVMCalleeSavesBuffer(visitor);
+
                 return StackVisitor::Done;
             }
@@ -656 +659 @@
             return StackVisitor::Done;
 
+        copyCalleeSavesToVMCalleeSavesBuffer(visitor);
+
         return StackVisitor::Continue;
     }
 
 private:
+    void copyCalleeSavesToVMCalleeSavesBuffer(StackVisitor& visitor)
+    {
+#if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+
+        if (!visitor->isJSFrame())
+            return;
+
+#if ENABLE(DFG_JIT)
+        if (visitor->inlineCallFrame())
+            return;
+#endif
+        RegisterAtOffsetList* currentCalleeSaves = m_codeBlock ? m_codeBlock->calleeSaveRegisters() : nullptr;
+
+        if (!currentCalleeSaves)
+            return;
+
+        VM& vm = m_callFrame->vm();
+        RegisterAtOffsetList* allCalleeSaves = vm.getAllCalleeSaveRegisterOffsets();
+        RegisterSet dontCopyRegisters = RegisterSet::stackRegisters();
+        intptr_t* frame = reinterpret_cast<intptr_t*>(m_callFrame->registers());
+
+        unsigned registerCount = currentCalleeSaves->size();
+        for (unsigned i = 0; i < registerCount; i++) {
+            RegisterAtOffset currentEntry = currentCalleeSaves->at(i);
+            if (dontCopyRegisters.get(currentEntry.reg()))
+                continue;
+            RegisterAtOffset* vmCalleeSavesEntry = allCalleeSaves->find(currentEntry.reg());
+            
+            vm.calleeSaveRegistersBuffer[vmCalleeSavesEntry->offsetAsIndex()] = *(frame + currentEntry.offsetAsIndex());
+        }
+#else
+        UNUSED_PARAM(visitor);
+#endif
+    }
+
     CallFrame*& m_callFrame;
     bool m_isTermination;

trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h

@@ -35 +35 @@
 #include "JITCode.h"
 #include "MacroAssembler.h"
+#include "RegisterAtOffsetList.h"
+#include "RegisterSet.h"
 #include "TypeofType.h"
 #include "VM.h"
@@ -173 +175 @@
         store32(TrustedImm32(value.tag()), address.withOffset(TagOffset));
         store32(TrustedImm32(value.payload()), address.withOffset(PayloadOffset));
+#endif
+    }
+
+    void emitSaveCalleeSavesFor(CodeBlock* codeBlock, VirtualRegister offsetVirtualRegister = static_cast<VirtualRegister>(0))
+    {
+        ASSERT(codeBlock);
+
+        RegisterAtOffsetList* calleeSaves = codeBlock->calleeSaveRegisters();
+        RegisterSet dontSaveRegisters = RegisterSet(RegisterSet::stackRegisters(), RegisterSet::allFPRs());
+        unsigned registerCount = calleeSaves->size();
+
+        for (unsigned i = 0; i < registerCount; i++) {
+            RegisterAtOffset entry = calleeSaves->at(i);
+            if (dontSaveRegisters.get(entry.reg()))
+                continue;
+            storePtr(entry.reg().gpr(), Address(framePointerRegister, offsetVirtualRegister.offsetInBytes() + entry.offset()));
+        }
+    }
+
+    void emitRestoreCalleeSavesFor(CodeBlock* codeBlock)
+    {
+        ASSERT(codeBlock);
+
+        RegisterAtOffsetList* calleeSaves = codeBlock->calleeSaveRegisters();
+        RegisterSet dontRestoreRegisters = RegisterSet(RegisterSet::stackRegisters(), RegisterSet::allFPRs());
+        unsigned registerCount = calleeSaves->size();
+        
+        for (unsigned i = 0; i < registerCount; i++) {
+            RegisterAtOffset entry = calleeSaves->at(i);
+            if (dontRestoreRegisters.get(entry.reg()))
+                continue;
+            loadPtr(Address(framePointerRegister, entry.offset()), entry.reg().gpr());
+        }
+    }
+
+    void emitSaveCalleeSaves()
+    {
+        emitSaveCalleeSavesFor(codeBlock());
+    }
+
+    void emitRestoreCalleeSaves()
+    {
+        emitRestoreCalleeSavesFor(codeBlock());
+    }
+
+    void copyCalleeSavesToVMCalleeSavesBuffer(const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    {
+#if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+        GPRReg temp1 = usedRegisters.getFreeGPR(0);
+
+        move(TrustedImmPtr(m_vm->calleeSaveRegistersBuffer), temp1);
+
+        RegisterAtOffsetList* allCalleeSaves = m_vm->getAllCalleeSaveRegisterOffsets();
+        RegisterSet dontCopyRegisters = RegisterSet::stackRegisters();
+        unsigned registerCount = allCalleeSaves->size();
+        
+        for (unsigned i = 0; i < registerCount; i++) {
+            RegisterAtOffset entry = allCalleeSaves->at(i);
+            if (dontCopyRegisters.get(entry.reg()))
+                continue;
+            if (entry.reg().isGPR())
+                storePtr(entry.reg().gpr(), Address(temp1, entry.offset()));
+            else
+                storeDouble(entry.reg().fpr(), Address(temp1, entry.offset()));
+        }
+#else
+        UNUSED_PARAM(usedRegisters);
+#endif
+    }
+
+    void restoreCalleeSavesFromVMCalleeSavesBuffer(const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    {
+#if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+        GPRReg temp1 = usedRegisters.getFreeGPR(0);
+        
+        move(TrustedImmPtr(m_vm->calleeSaveRegistersBuffer), temp1);
+
+        RegisterAtOffsetList* allCalleeSaves = m_vm->getAllCalleeSaveRegisterOffsets();
+        RegisterSet dontRestoreRegisters = RegisterSet::stackRegisters();
+        unsigned registerCount = allCalleeSaves->size();
+        
+        for (unsigned i = 0; i < registerCount; i++) {
+            RegisterAtOffset entry = allCalleeSaves->at(i);
+            if (dontRestoreRegisters.get(entry.reg()))
+                continue;
+            if (entry.reg().isGPR())
+                loadPtr(Address(temp1, entry.offset()), entry.reg().gpr());
+            else
+                loadDouble(Address(temp1, entry.offset()), entry.reg().fpr());
+        }
+#else
+        UNUSED_PARAM(usedRegisters);
+#endif
+    }
+    
+    void copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer(const TempRegisterSet& usedRegisters = { RegisterSet::stubUnavailableRegisters() })
+    {
+#if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+        GPRReg temp1 = usedRegisters.getFreeGPR(0);
+        GPRReg temp2 = usedRegisters.getFreeGPR(1);
+        FPRReg fpTemp = usedRegisters.getFreeFPR();
+        ASSERT(temp2 != InvalidGPRReg);
+
+        ASSERT(codeBlock());
+
+        // Copy saved calleeSaves on stack or unsaved calleeSaves in register to vm calleeSave buffer
+        move(TrustedImmPtr(m_vm->calleeSaveRegistersBuffer), temp1);
+
+        RegisterAtOffsetList* allCalleeSaves = m_vm->getAllCalleeSaveRegisterOffsets();
+        RegisterAtOffsetList* currentCalleeSaves = codeBlock()->calleeSaveRegisters();
+        RegisterSet dontCopyRegisters = RegisterSet::stackRegisters();
+        unsigned registerCount = allCalleeSaves->size();
+
+        for (unsigned i = 0; i < registerCount; i++) {
+            RegisterAtOffset vmEntry = allCalleeSaves->at(i);
+            if (dontCopyRegisters.get(vmEntry.reg()))
+                continue;
+            RegisterAtOffset* currentFrameEntry = currentCalleeSaves->find(vmEntry.reg());
+
+            if (vmEntry.reg().isGPR()) {
+                GPRReg regToStore;
+                if (currentFrameEntry) {
+                    // Load calleeSave from stack into temp register
+                    regToStore = temp2;
+                    loadPtr(Address(framePointerRegister, currentFrameEntry->offset()), regToStore);
+                } else
+                    // Just store callee save directly
+                    regToStore = vmEntry.reg().gpr();
+
+                storePtr(regToStore, Address(temp1, vmEntry.offset()));
+            } else {
+                FPRReg fpRegToStore;
+                if (currentFrameEntry) {
+                    // Load calleeSave from stack into temp register
+                    fpRegToStore = fpTemp;
+                    loadDouble(Address(framePointerRegister, currentFrameEntry->offset()), fpRegToStore);
+                } else
+                    // Just store callee save directly
+                    fpRegToStore = vmEntry.reg().fpr();
+
+                storeDouble(fpRegToStore, Address(temp1, vmEntry.offset()));
+            }
+        }
+#else
+        UNUSED_PARAM(usedRegisters);
+#endif
+    }
+
+    void emitMaterializeTagCheckRegisters()
+    {
+#if USE(JSVALUE64)
+        move(MacroAssembler::TrustedImm64(TagTypeNumber), GPRInfo::tagTypeNumberRegister);
+        orPtr(MacroAssembler::TrustedImm32(TagBitTypeOther), GPRInfo::tagTypeNumberRegister, GPRInfo::tagMaskRegister);
 #endif
     }

trunk/Source/JavaScriptCore/jit/FPRInfo.h

@@ -209 +209 @@
     static const FPRReg fpRegT21 = ARM64Registers::q29;
     static const FPRReg fpRegT22 = ARM64Registers::q30;
+    static const FPRReg fpRegCS0 = ARM64Registers::q8;
+    static const FPRReg fpRegCS1 = ARM64Registers::q9;
+    static const FPRReg fpRegCS2 = ARM64Registers::q10;
+    static const FPRReg fpRegCS3 = ARM64Registers::q11;
+    static const FPRReg fpRegCS4 = ARM64Registers::q12;
+    static const FPRReg fpRegCS5 = ARM64Registers::q13;
+    static const FPRReg fpRegCS6 = ARM64Registers::q14;
+    static const FPRReg fpRegCS7 = ARM64Registers::q15;
 
     static const FPRReg argumentFPR0 = ARM64Registers::q0; // fpRegT0

trunk/Source/JavaScriptCore/jit/GPRInfo.h

@@ -316 +316 @@
 #if CPU(X86)
 #define NUMBER_OF_ARGUMENT_REGISTERS 0u
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 0u
 
 class GPRInfo {
@@ -337 +338 @@
     static const GPRReg argumentGPR3 = X86Registers::ebx; // regT3
     static const GPRReg nonArgGPR0 = X86Registers::esi; // regT4
-    static const GPRReg nonArgGPR1 = X86Registers::edi; // regT5
     static const GPRReg returnValueGPR = X86Registers::eax; // regT0
     static const GPRReg returnValueGPR2 = X86Registers::edx; // regT1
@@ -383 +383 @@
 #if !OS(WINDOWS)
 #define NUMBER_OF_ARGUMENT_REGISTERS 6u
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 5u
 #else
 #define NUMBER_OF_ARGUMENT_REGISTERS 4u
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 7u
 #endif
 
@@ -446 +448 @@
 #endif
     static const GPRReg nonArgGPR0 = X86Registers::r10; // regT5 (regT4 on Windows)
-    static const GPRReg nonArgGPR1 = X86Registers::ebx; // Callee save
     static const GPRReg returnValueGPR = X86Registers::eax; // regT0
     static const GPRReg returnValueGPR2 = X86Registers::edx; // regT1 or regT2
@@ -507 +508 @@
 #if CPU(ARM)
 #define NUMBER_OF_ARGUMENT_REGISTERS 4u
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 0u
 
 class GPRInfo {
@@ -537 +539 @@
     static const GPRReg nonArgGPR0 = ARMRegisters::r4; // regT8
     static const GPRReg nonArgGPR1 = ARMRegisters::r8; // regT4
-    static const GPRReg nonArgGPR2 = ARMRegisters::r9; // regT5
     static const GPRReg returnValueGPR = ARMRegisters::r0; // regT0
     static const GPRReg returnValueGPR2 = ARMRegisters::r1; // regT1
@@ -590 +591 @@
 #if CPU(ARM64)
 #define NUMBER_OF_ARGUMENT_REGISTERS 8u
+// Callee Saves includes x19..x28 and FP registers q8..q15
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 18u
 
 class GPRInfo {
@@ -618 +621 @@
     static const GPRReg regT14 = ARM64Registers::x14;
     static const GPRReg regT15 = ARM64Registers::x15;
-    static const GPRReg regCS0 = ARM64Registers::x26; // Used by LLInt only
-    static const GPRReg regCS1 = ARM64Registers::x27; // tagTypeNumber
-    static const GPRReg regCS2 = ARM64Registers::x28; // tagMask
+    static const GPRReg regCS0 = ARM64Registers::x19; // Used by FTL only
+    static const GPRReg regCS1 = ARM64Registers::x20; // Used by FTL only
+    static const GPRReg regCS2 = ARM64Registers::x21; // Used by FTL only
+    static const GPRReg regCS3 = ARM64Registers::x22; // Used by FTL only
+    static const GPRReg regCS4 = ARM64Registers::x23; // Used by FTL only
+    static const GPRReg regCS5 = ARM64Registers::x24; // Used by FTL only
+    static const GPRReg regCS6 = ARM64Registers::x25; // Used by FTL only
+    static const GPRReg regCS7 = ARM64Registers::x26;
+    static const GPRReg regCS8 = ARM64Registers::x27; // tagTypeNumber
+    static const GPRReg regCS9 = ARM64Registers::x28; // tagMask
     // These constants provide the names for the general purpose argument & return value registers.
     static const GPRReg argumentGPR0 = ARM64Registers::x0; // regT0
@@ -638 +648 @@
     static const GPRReg patchpointScratchRegister = ARM64Registers::ip0;
 
-    // GPRReg mapping is direct, the machine regsiter numbers can
+    // GPRReg mapping is direct, the machine register numbers can
     // be used directly as indices into the GPR RegisterBank.
     COMPILE_ASSERT(ARM64Registers::q0 == 0, q0_is_0);
@@ -693 +703 @@
 #if CPU(MIPS)
 #define NUMBER_OF_ARGUMENT_REGISTERS 4u
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 0u
 
 class GPRInfo {
@@ -720 +731 @@
     static const GPRReg argumentGPR3 = MIPSRegisters::a3;
     static const GPRReg nonArgGPR0 = regT0;
-    static const GPRReg nonArgGPR1 = regT1;
     static const GPRReg returnValueGPR = regT0;
     static const GPRReg returnValueGPR2 = regT1;
@@ -765 +775 @@
 #if CPU(SH4)
 #define NUMBER_OF_ARGUMENT_REGISTERS 4u
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 0u
 
 class GPRInfo {
@@ -794 +805 @@
     static const GPRReg argumentGPR3 = SH4Registers::r7; // regT3
     static const GPRReg nonArgGPR0 = regT4;
-    static const GPRReg nonArgGPR1 = regT5;
     static const GPRReg returnValueGPR = regT0;
     static const GPRReg returnValueGPR2 = regT1;

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -30 +30 @@
 #include "JIT.h"
 
-#include "ArityCheckFailReturnThunks.h"
 #include "CodeBlock.h"
 #include "CodeBlockWithJITType.h"
@@ -86 +85 @@
     skipOptimize.append(branchAdd32(Signed, TrustedImm32(Options::executionCounterIncrementForEntry()), AbsoluteAddress(m_codeBlock->addressOfJITExecuteCounter())));
     ASSERT(!m_bytecodeOffset);
+
+    copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer();
+
     callOperation(operationOptimize, m_bytecodeOffset);
     skipOptimize.append(branchTestPtr(Zero, returnValueGPR));
@@ -493 +495 @@
     }
 
+    m_codeBlock->setCalleeSaveRegisters(RegisterSet::llintBaselineCalleeSaveRegisters()); // Might be able to remove as this is probably already set to this value.
+
     // This ensures that we have the most up to date type information when performing typecheck optimizations for op_profile_type.
     if (m_vm->typeProfiler())
@@ -550 +554 @@
     checkStackPointerAlignment();
 
+    emitSaveCalleeSaves();
+    emitMaterializeTagCheckRegisters();
+
     privateCompileMainPass();
     privateCompileLinkPass();
@@ -581 +588 @@
             addPtr(TrustedImm32(maxFrameExtentForSlowPathCall), stackPointerRegister);
         branchTest32(Zero, returnValueGPR).linkTo(beginLabel, this);
-        GPRReg thunkReg = GPRInfo::argumentGPR1;
-        CodeLocationLabel* failThunkLabels =
-            m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters());
-        move(TrustedImmPtr(failThunkLabels), thunkReg);
-        loadPtr(BaseIndex(thunkReg, returnValueGPR, timesPtr()), thunkReg);
         move(returnValueGPR, GPRInfo::argumentGPR0);
         emitNakedCall(m_vm->getCTIStub(arityFixupGenerator).code());
@@ -723 +725 @@
         m_exceptionChecksWithCallFrameRollback.link(this);
 
+        copyCalleeSavesToVMCalleeSavesBuffer();
+
         // lookupExceptionHandlerFromCallerFrame is passed two arguments, the VM and the exec (the CallFrame*).
 
@@ -740 +744 @@
         m_exceptionChecks.link(this);
 
+        copyCalleeSavesToVMCalleeSavesBuffer();
+
         // lookupExceptionHandler is passed two arguments, the VM and the exec (the CallFrame*).
         move(TrustedImmPtr(vm()), GPRInfo::argumentGPR0);

trunk/Source/JavaScriptCore/jit/JITArithmetic32_64.cpp

@@ -1070 +1070 @@
 void JIT::emit_op_mod(Instruction* currentInstruction)
 {
-#if CPU(X86) || CPU(X86_64)
+#if CPU(X86)
     int dst = currentInstruction[1].u.operand;
     int op1 = currentInstruction[2].u.operand;

trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp

@@ -60 +60 @@
 
     checkStackPointerAlignment();
+    emitRestoreCalleeSaves();
     emitFunctionEpilogue();
     ret();

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -71 +71 @@
     RELEASE_ASSERT(returnValueGPR != callFrameRegister);
     emitGetVirtualRegister(currentInstruction[1].u.operand, returnValueGPR);
+    emitRestoreCalleeSaves();
     emitFunctionEpilogue();
     ret();
@@ -256 +257 @@
 
     checkStackPointerAlignment();
+    emitRestoreCalleeSaves();
     emitFunctionEpilogue();
     ret();
@@ -420 +422 @@
 {
     ASSERT(regT0 == returnValueGPR);
+    copyCalleeSavesToVMCalleeSavesBuffer();
     emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
     callOperationNoExceptionCheck(operationThrow, regT0);
@@ -495 +498 @@
 void JIT::emit_op_catch(Instruction* currentInstruction)
 {
-    // Gotta restore the tag registers. We could be throwing from FTL, which may
-    // clobber them.
-    move(TrustedImm64(TagTypeNumber), tagTypeNumberRegister);
-    move(TrustedImm64(TagMask), tagMaskRegister);
-    
+    restoreCalleeSavesFromVMCalleeSavesBuffer();
+
     move(TrustedImmPtr(m_vm), regT3);
     load64(Address(regT3, VM::callFrameForThrowOffset()), callFrameRegister);
@@ -657 +657 @@
     // object lifetime and increasing GC pressure.
     size_t count = m_codeBlock->m_numVars;
-    for (size_t j = 0; j < count; ++j)
+    for (size_t j = CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters(); j < count; ++j)
         emitInitRegister(virtualRegisterForLocal(j).offset());
 
@@ -923 +923 @@
     if (canBeOptimized()) {
         linkSlowCase(iter);
-        
+
+        copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer();
+
         callOperation(operationOptimize, m_bytecodeOffset);
         Jump noOptimizedEntry = branchTestPtr(Zero, returnValueGPR);

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -149 +149 @@
     ASSERT(returnValueGPR != callFrameRegister);
     emitLoad(currentInstruction[1].u.operand, regT1, returnValueGPR);
+    emitRestoreCalleeSaves();
     emitFunctionEpilogue();
     ret();
@@ -742 +743 @@
 {
     ASSERT(regT0 == returnValueGPR);
+    copyCalleeSavesToVMCalleeSavesBuffer();
     emitLoad(currentInstruction[1].u.operand, regT1, regT0);
     callOperationNoExceptionCheck(operationThrow, regT1, regT0);
@@ -801 +803 @@
 void JIT::emit_op_catch(Instruction* currentInstruction)
 {
+    restoreCalleeSavesFromVMCalleeSavesBuffer();
+
     move(TrustedImmPtr(m_vm), regT3);
     // operationThrow returns the callFrame for the handler.

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -1335 +1335 @@
             numVarsWithValues = 0;
         Operands<JSValue> mustHandleValues(codeBlock->numParameters(), numVarsWithValues);
+        int localsUsedForCalleeSaves = static_cast<int>(CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters());
         for (size_t i = 0; i < mustHandleValues.size(); ++i) {
             int operand = mustHandleValues.operandForIndex(i);
+            if (operandIsLocal(operand) && VirtualRegister(operand).toLocal() < localsUsedForCalleeSaves)
+                continue;
             mustHandleValues[i] = exec->uncheckedR(operand).jsValue();
         }

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -214 +214 @@
 
     JITGetByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs(regT0), JSValueRegs(regT0), DontSpill);
     gen.generateFastPath(*this);
@@ -447 +447 @@
 
     JITPutByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs(regT0), JSValueRegs(regT1), regT2, DontSpill, m_codeBlock->ecmaMode(), putKind);
     gen.generateFastPath(*this);
@@ -575 +575 @@
 
     JITGetByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs(regT0), JSValueRegs(regT0), DontSpill);
     gen.generateFastPath(*this);
@@ -622 +622 @@
 
     JITPutByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(m_bytecodeOffset), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs(regT0), JSValueRegs(regT1), regT2, DontSpill, m_codeBlock->ecmaMode(),
         direct ? Direct : NotDirect);

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -283 +283 @@
 
     JITGetByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), DontSpill);
     gen.generateFastPath(*this);
@@ -495 +495 @@
 
     JITPutByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2), regT1, DontSpill, m_codeBlock->ecmaMode(), putKind);
     gen.generateFastPath(*this);
@@ -588 +588 @@
 
     JITGetByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), DontSpill);
     gen.generateFastPath(*this);
@@ -633 +633 @@
 
     JITPutByIdGenerator gen(
-        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::specialRegisters(),
+        m_codeBlock, CodeOrigin(m_bytecodeOffset), CallSiteIndex(currentInstruction), RegisterSet::stubUnavailableRegisters(),
         JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2),
         regT1, DontSpill, m_codeBlock->ecmaMode(), direct ? Direct : NotDirect);

trunk/Source/JavaScriptCore/jit/RegisterSet.cpp

@@ -67 +67 @@
 }
 
+RegisterSet RegisterSet::stubUnavailableRegisters()
+{
+    return RegisterSet(specialRegisters(), vmCalleeSaveRegisters());
+}
+
 RegisterSet RegisterSet::calleeSaveRegisters()
 {
@@ -123 +128 @@
 }
 
+RegisterSet RegisterSet::vmCalleeSaveRegisters()
+{
+    RegisterSet result;
+#if CPU(X86_64)
+    result.set(GPRInfo::regCS0);
+    result.set(GPRInfo::regCS1);
+    result.set(GPRInfo::regCS2);
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+#if OS(WINDOWS)
+    result.set(GPRInfo::regCS5);
+    result.set(GPRInfo::regCS6);
+#endif
+#elif CPU(ARM64)
+    result.set(GPRInfo::regCS0);
+    result.set(GPRInfo::regCS1);
+    result.set(GPRInfo::regCS2);
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+    result.set(GPRInfo::regCS5);
+    result.set(GPRInfo::regCS6);
+    result.set(GPRInfo::regCS7);
+    result.set(GPRInfo::regCS8);
+    result.set(GPRInfo::regCS9);
+    result.set(FPRInfo::fpRegCS0);
+    result.set(FPRInfo::fpRegCS1);
+    result.set(FPRInfo::fpRegCS2);
+    result.set(FPRInfo::fpRegCS3);
+    result.set(FPRInfo::fpRegCS4);
+    result.set(FPRInfo::fpRegCS5);
+    result.set(FPRInfo::fpRegCS6);
+    result.set(FPRInfo::fpRegCS7);
+#endif
+    return result;
+}
+
+RegisterSet RegisterSet::llintBaselineCalleeSaveRegisters()
+{
+    RegisterSet result;
+#if CPU(X86)
+#elif CPU(X86_64)
+#if !OS(WINDOWS)
+    result.set(GPRInfo::regCS2);
+    ASSERT(GPRInfo::regCS3 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS4 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+#else
+    result.set(GPRInfo::regCS4);
+    ASSERT(GPRInfo::regCS5 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS6 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS5);
+    result.set(GPRInfo::regCS6);
+#endif
+#elif CPU(ARM_THUMB2)
+#elif CPU(ARM_TRADITIONAL)
+#elif CPU(ARM64)
+    result.set(GPRInfo::regCS7);
+    ASSERT(GPRInfo::regCS8 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS9 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS8);
+    result.set(GPRInfo::regCS9);
+#elif CPU(MIPS)
+#elif CPU(SH4)
+#else
+    UNREACHABLE_FOR_PLATFORM();
+#endif
+    return result;
+}
+
+RegisterSet RegisterSet::dfgCalleeSaveRegisters()
+{
+    RegisterSet result;
+#if CPU(X86)
+#elif CPU(X86_64)
+    result.set(GPRInfo::regCS0);
+    result.set(GPRInfo::regCS1);
+    result.set(GPRInfo::regCS2);
+#if !OS(WINDOWS)
+    ASSERT(GPRInfo::regCS3 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS4 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+#else
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+    ASSERT(GPRInfo::regCS5 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS6 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS5);
+    result.set(GPRInfo::regCS6);
+#endif
+#elif CPU(ARM_THUMB2)
+#elif CPU(ARM_TRADITIONAL)
+#elif CPU(ARM64)
+    ASSERT(GPRInfo::regCS8 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS9 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS8);
+    result.set(GPRInfo::regCS9);
+#elif CPU(MIPS)
+#elif CPU(SH4)
+#else
+    UNREACHABLE_FOR_PLATFORM();
+#endif
+    return result;
+}
+
+RegisterSet RegisterSet::ftlCalleeSaveRegisters()
+{
+    RegisterSet result;
+#if ENABLE(FTL_JIT)
+#if CPU(X86_64) && !OS(WINDOWS)
+    result.set(GPRInfo::regCS0);
+    result.set(GPRInfo::regCS1);
+    result.set(GPRInfo::regCS2);
+    ASSERT(GPRInfo::regCS3 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS4 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+#elif CPU(ARM64)
+    // LLVM might save and use all ARM64 callee saves specified in the ABI.
+    result.set(GPRInfo::regCS0);
+    result.set(GPRInfo::regCS1);
+    result.set(GPRInfo::regCS2);
+    result.set(GPRInfo::regCS3);
+    result.set(GPRInfo::regCS4);
+    result.set(GPRInfo::regCS5);
+    result.set(GPRInfo::regCS6);
+    result.set(GPRInfo::regCS7);
+    ASSERT(GPRInfo::regCS8 == GPRInfo::tagTypeNumberRegister);
+    ASSERT(GPRInfo::regCS9 == GPRInfo::tagMaskRegister);
+    result.set(GPRInfo::regCS8);
+    result.set(GPRInfo::regCS9);
+    result.set(FPRInfo::fpRegCS0);
+    result.set(FPRInfo::fpRegCS1);
+    result.set(FPRInfo::fpRegCS2);
+    result.set(FPRInfo::fpRegCS3);
+    result.set(FPRInfo::fpRegCS4);
+    result.set(FPRInfo::fpRegCS5);
+    result.set(FPRInfo::fpRegCS6);
+    result.set(FPRInfo::fpRegCS7);
+#else
+    UNREACHABLE_FOR_PLATFORM();
+#endif
+#endif
+    return result;
+}
+
 RegisterSet RegisterSet::allGPRs()
 {

trunk/Source/JavaScriptCore/jit/RegisterSet.h

@@ -51 +51 @@
     static RegisterSet specialRegisters(); // The union of stack, reserved hardware, and runtime registers.
     static RegisterSet calleeSaveRegisters();
+    static RegisterSet vmCalleeSaveRegisters(); // Callee save registers that might be saved and used by any tier.
+    static RegisterSet llintBaselineCalleeSaveRegisters(); // Registers saved and used by the LLInt.
+    static RegisterSet dfgCalleeSaveRegisters(); // Registers saved and used by the DFG JIT.
+    static RegisterSet ftlCalleeSaveRegisters(); // Registers that might be saved and used by the FTL JIT.
+    static RegisterSet stubUnavailableRegisters(); // The union of callee saves and special registers.
     static RegisterSet allGPRs();
     static RegisterSet allFPRs();

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -556 +556 @@
                 stubJit.setupResults(valueRegs);
             MacroAssembler::Jump noException = stubJit.emitExceptionCheck(CCallHelpers::InvertedExceptionCheck);
-            
+
+            stubJit.copyCalleeSavesToVMCalleeSavesBuffer();
+
             stubJit.setupArguments(CCallHelpers::TrustedImmPtr(vm), GPRInfo::callFrameRegister);
             handlerCall = stubJit.call();

trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

@@ -45 +45 @@
         {
             emitFunctionPrologue();
+            emitSaveThenMaterializeTagRegisters();
             // Check that we have the expected number of arguments
             m_failures.append(branch32(NotEqual, payloadFor(JSStack::ArgumentCount), TrustedImm32(expectedArgCount + 1)));
@@ -53 +54 @@
         {
             emitFunctionPrologue();
+            emitSaveThenMaterializeTagRegisters();
         }
         
@@ -106 +108 @@
             if (src != regT0)
                 move(src, regT0);
+            
+            emitRestoreSavedTagRegisters();
             emitFunctionEpilogue();
             ret();
@@ -114 +118 @@
             ASSERT_UNUSED(payload, payload == regT0);
             ASSERT_UNUSED(tag, tag == regT1);
+            emitRestoreSavedTagRegisters();
             emitFunctionEpilogue();
             ret();
@@ -138 +143 @@
             highNonZero.link(this);
 #endif
+            emitRestoreSavedTagRegisters();
             emitFunctionEpilogue();
             ret();
@@ -147 +153 @@
                 move(src, regT0);
             tagReturnAsInt32();
+            emitRestoreSavedTagRegisters();
             emitFunctionEpilogue();
             ret();
@@ -156 +163 @@
                 move(src, regT0);
             tagReturnAsJSCell();
+            emitRestoreSavedTagRegisters();
             emitFunctionEpilogue();
             ret();
@@ -186 +194 @@
 
     private:
-
+        void emitSaveThenMaterializeTagRegisters()
+        {
+#if USE(JSVALUE64)
+#if CPU(ARM64)
+            pushPair(tagTypeNumberRegister, tagMaskRegister);
+#else
+            push(tagTypeNumberRegister);
+            push(tagMaskRegister);
+#endif
+            emitMaterializeTagCheckRegisters();
+#endif
+        }
+
+        void emitRestoreSavedTagRegisters()
+        {
+#if USE(JSVALUE64)
+#if CPU(ARM64)
+            popPair(tagTypeNumberRegister, tagMaskRegister);
+#else
+            pop(tagMaskRegister);
+            pop(tagTypeNumberRegister);
+#endif
+#endif
+        }
+        
         void tagReturnAsInt32()
         {

trunk/Source/JavaScriptCore/jit/TempRegisterSet.h

@@ -116 +116 @@
     }
     
+    // Return the index'th free FPR.
+    FPRReg getFreeFPR(unsigned index = 0) const
+    {
+        for (unsigned i = FPRInfo::numberOfRegisters; i--;) {
+            if (!getFPRByIndex(i) && !index--)
+                return FPRInfo::toRegister(i);
+        }
+        return InvalidFPRReg;
+    }
+
     template<typename BankInfo>
     void setByIndex(unsigned index)

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -67 +67 @@
     jit.preserveReturnAddressAfterCall(GPRInfo::nonPreservedNonReturnGPR);
 
+    jit.copyCalleeSavesToVMCalleeSavesBuffer();
+
     jit.setupArguments(CCallHelpers::TrustedImmPtr(vm), GPRInfo::callFrameRegister);
     jit.move(CCallHelpers::TrustedImmPtr(bitwise_cast<void*>(lookupExceptionHandler)), GPRInfo::nonArgGPR0);
@@ -210 +212 @@
     if (entryType == EnterViaCall)
         jit.emitFunctionPrologue();
+#if USE(JSVALUE64)
+    else if (entryType == EnterViaJump) {
+        // We're coming from a specialized thunk that has saved the prior tag registers' contents.
+        // Restore them now.
+#if CPU(ARM64)
+        jit.popPair(JSInterfaceJIT::tagTypeNumberRegister, JSInterfaceJIT::tagMaskRegister);
+#else
+        jit.pop(JSInterfaceJIT::tagMaskRegister);
+        jit.pop(JSInterfaceJIT::tagTypeNumberRegister);
+#endif
+    }
+#endif
 
     jit.emitPutImmediateToCallFrameHeader(0, JSStack::CodeBlock);
@@ -307 +321 @@
     exceptionHandler.link(&jit);
 
+    jit.copyCalleeSavesToVMCalleeSavesBuffer();
     jit.storePtr(JSInterfaceJIT::callFrameRegister, &vm->topCallFrame);
 
@@ -392 +407 @@
     jit.addPtr(extraTemp, JSInterfaceJIT::stackPointerRegister);
 
-    // Save the original return PC.
-    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()), extraTemp);
-    jit.storePtr(extraTemp, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight));
-
-    // Install the new return PC.
-    jit.storePtr(GPRInfo::argumentGPR1, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()));
-
 #  if CPU(X86_64)
     jit.push(JSInterfaceJIT::regT4);
@@ -440 +448 @@
     jit.addPtr(JSInterfaceJIT::regT5, JSInterfaceJIT::stackPointerRegister);
 
-    // Save the original return PC.
-    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()), GPRInfo::regT5);
-    jit.storePtr(GPRInfo::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight));
-    
-    // Install the new return PC.
-    jit.storePtr(GPRInfo::argumentGPR1, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()));
-    
 #  if CPU(X86)
     jit.push(JSInterfaceJIT::regT4);

trunk/Source/JavaScriptCore/llint/LLIntData.cpp

@@ -27 +27 @@
 #include "LLIntData.h"
 #include "BytecodeConventions.h"
+#include "CodeBlock.h"
 #include "CodeType.h"
 #include "Instruction.h"
@@ -132 +133 @@
     ASSERT(maxFrameExtentForSlowPathCall == 64);
 #endif
+
+#if !ENABLE(JIT) || USE(JSVALUE32_64)
+    ASSERT(!CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters());
+#elif (CPU(X86_64) && !OS(WINDOWS))  || CPU(ARM64)
+    ASSERT(CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters() == 3);
+#elif (CPU(X86_64) && OS(WINDOWS))
+    ASSERT(CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters() == 3);
+#endif
+    
     ASSERT(StringType == 6);
     ASSERT(ObjectType == 21);

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -486 +486 @@
     vm.topCallFrame = exec;
     ErrorHandlingScope errorScope(vm);
-    CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
-    pc = returnToThrowForThrownException(exec);
+    vm.throwException(exec, createStackOverflowError(exec));
+    pc = returnToThrow(exec);
     LLINT_RETURN_TWO(pc, exec);
 }

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -108 +108 @@
 #  a1; but t0 and t2 can be either a0 or a2.
 #
-#  - On 64 bits, csr0, csr1, csr2 and optionally csr3, csr4, csr5 and csr6
-#  are available as callee-save registers.
-#  csr0 is used to store the PC base, while the last two csr registers are used
-#  to store special tag values. Don't use them for anything else.
+#  - On 64 bits, there are callee-save registers named csr0, csr1, ... csrN.
+#  The last three csr registers are used used to store the PC base and
+#  two special tag values. Don't use them for anything else.
 #
 # Additional platform-specific details (you shouldn't rely on this remaining
@@ -219 +218 @@
 end
 
+if X86_64 or X86_64_WIN or ARM64
+    const CalleeSaveSpaceAsVirtualRegisters = 3
+else
+    const CalleeSaveSpaceAsVirtualRegisters = 0
+end
+
+const CalleeSaveSpaceStackAligned = (CalleeSaveSpaceAsVirtualRegisters * SlotSize + StackAlignment - 1) & ~StackAlignmentMask
+
+
 # Watchpoint states
 const ClearWatchpoint = 0
@@ -232 +240 @@
     #   This requires an add before the call, and a sub after.
     const PC = t4
-    const PB = csr0
     if ARM64
-        const tagTypeNumber = csr1
-        const tagMask = csr2
+        const PB = csr7
+        const tagTypeNumber = csr8
+        const tagMask = csr9
     elsif X86_64
+        const PB = csr2
         const tagTypeNumber = csr3
         const tagMask = csr4
     elsif X86_64_WIN
+        const PB = csr4
         const tagTypeNumber = csr5
         const tagMask = csr6
     elsif C_LOOP
+        const PB = csr0
         const tagTypeNumber = csr1
         const tagMask = csr2
@@ -399 +410 @@
 end
 
-if C_LOOP
+if C_LOOP or ARM64 or X86_64 or X86_64_WIN
     const CalleeSaveRegisterCount = 0
 elsif ARM or ARMv7_TRADITIONAL or ARMv7
     const CalleeSaveRegisterCount = 7
-elsif ARM64
-    const CalleeSaveRegisterCount = 10
-elsif SH4 or X86_64 or MIPS
+elsif SH4 or MIPS
     const CalleeSaveRegisterCount = 5
 elsif X86 or X86_WIN
     const CalleeSaveRegisterCount = 3
-elsif X86_64_WIN
-    const CalleeSaveRegisterCount = 7
 end
 
@@ -420 +427 @@
 
 macro pushCalleeSaves()
-    if C_LOOP
+    if C_LOOP or ARM64 or X86_64 or X86_64_WIN
     elsif ARM or ARMv7_TRADITIONAL
         emit "push {r4-r10}"
     elsif ARMv7
         emit "push {r4-r6, r8-r11}"
-    elsif ARM64
-        emit "stp x20, x19, [sp, #-16]!"
-        emit "stp x22, x21, [sp, #-16]!"
-        emit "stp x24, x23, [sp, #-16]!"
-        emit "stp x26, x25, [sp, #-16]!"
-        emit "stp x28, x27, [sp, #-16]!"
     elsif MIPS
         emit "addiu $sp, $sp, -20"
@@ -452 +453 @@
         emit "push edi"
         emit "push ebx"
-    elsif X86_64
-        emit "push %r12"
-        emit "push %r13"
-        emit "push %r14"
-        emit "push %r15"
-        emit "push %rbx"
-    elsif X86_64_WIN
-        emit "push r12"
-        emit "push r13"
-        emit "push r14"
-        emit "push r15"
-        emit "push rbx"
-        emit "push rdi"
-        emit "push rsi"
     end
 end
 
 macro popCalleeSaves()
-    if C_LOOP
+    if C_LOOP or ARM64 or X86_64 or X86_64_WIN
     elsif ARM or ARMv7_TRADITIONAL
         emit "pop {r4-r10}"
     elsif ARMv7
         emit "pop {r4-r6, r8-r11}"
-    elsif ARM64
-        emit "ldp x28, x27, [sp], #16"
-        emit "ldp x26, x25, [sp], #16"
-        emit "ldp x24, x23, [sp], #16"
-        emit "ldp x22, x21, [sp], #16"
-        emit "ldp x20, x19, [sp], #16"
     elsif MIPS
         emit "lw $16, 0($sp)"
@@ -502 +483 @@
         emit "pop edi"
         emit "pop esi"
-    elsif X86_64
-        emit "pop %rbx"
-        emit "pop %r15"
-        emit "pop %r14"
-        emit "pop %r13"
-        emit "pop %r12"
-    elsif X86_64_WIN
-        emit "pop rsi"
-        emit "pop rdi"
-        emit "pop rbx"
-        emit "pop r15"
-        emit "pop r14"
-        emit "pop r13"
-        emit "pop r12"
     end
 end
@@ -545 +512 @@
 end
 
+macro preserveCalleeSavesUsedByLLInt()
+    subp CalleeSaveSpaceStackAligned, sp
+    if C_LOOP
+    elsif ARM or ARMv7_TRADITIONAL
+    elsif ARMv7
+    elsif ARM64
+        emit "stp x27, x28, [fp, #-16]"
+        emit "stp xzr, x26, [fp, #-32]"
+    elsif MIPS
+    elsif SH4
+    elsif X86
+    elsif X86_WIN
+    elsif X86_64
+        storep csr4, -8[cfr]
+        storep csr3, -16[cfr]
+        storep csr2, -24[cfr]
+    elsif X86_64_WIN
+        storep csr6, -8[cfr]
+        storep csr5, -16[cfr]
+        storep csr4, -24[cfr]
+    end
+end
+
+macro restoreCalleeSavesUsedByLLInt()
+    if C_LOOP
+    elsif ARM or ARMv7_TRADITIONAL
+    elsif ARMv7
+    elsif ARM64
+        emit "ldp xzr, x26, [fp, #-32]"
+        emit "ldp x27, x28, [fp, #-16]"
+    elsif MIPS
+    elsif SH4
+    elsif X86
+    elsif X86_WIN
+    elsif X86_64
+        loadp -24[cfr], csr2
+        loadp -16[cfr], csr3
+        loadp -8[cfr], csr4
+    elsif X86_64_WIN
+        loadp -24[cfr], csr4
+        loadp -16[cfr], csr5
+        loadp -8[cfr], csr6
+    end
+end
+
+macro copyCalleeSavesToVMCalleeSavesBuffer(vm, temp)
+    if ARM64 or X86_64 or X86_64_WIN
+        leap VM::calleeSaveRegistersBuffer[vm], temp
+        if ARM64
+            storep csr0, [temp]
+            storep csr1, 8[temp]
+            storep csr2, 16[temp]
+            storep csr3, 24[temp]
+            storep csr4, 32[temp]
+            storep csr5, 40[temp]
+            storep csr6, 48[temp]
+            storep csr7, 56[temp]
+            storep csr8, 64[temp]
+            storep csr9, 72[temp]
+            stored csfr0, 80[temp]
+            stored csfr1, 88[temp]
+            stored csfr2, 96[temp]
+            stored csfr3, 104[temp]
+            stored csfr4, 112[temp]
+            stored csfr5, 120[temp]
+            stored csfr6, 128[temp]
+            stored csfr7, 136[temp]
+        elsif X86_64
+            storep csr0, [temp]
+            storep csr1, 8[temp]
+            storep csr2, 16[temp]
+            storep csr3, 24[temp]
+            storep csr4, 32[temp]
+        elsif X86_64_WIN
+            storep csr0, [temp]
+            storep csr1, 8[temp]
+            storep csr2, 16[temp]
+            storep csr3, 24[temp]
+            storep csr4, 32[temp]
+            storep csr5, 40[temp]
+            storep csr6, 48[temp]
+        end
+    end
+end
+
+macro restoreCalleeSavesFromVMCalleeSavesBuffer(vm, temp)
+    if ARM64 or X86_64 or X86_64_WIN
+        leap VM::calleeSaveRegistersBuffer[vm], temp
+        if ARM64
+            loadp [temp], csr0
+            loadp 8[temp], csr1
+            loadp 16[temp], csr2
+            loadp 24[temp], csr3
+            loadp 32[temp], csr4
+            loadp 40[temp], csr5
+            loadp 48[temp], csr6
+            loadp 56[temp], csr7
+            loadp 64[temp], csr8
+            loadp 72[temp], csr9
+            loadd 80[temp], csfr0
+            loadd 88[temp], csfr1
+            loadd 96[temp], csfr2
+            loadd 104[temp], csfr3
+            loadd 112[temp], csfr4
+            loadd 120[temp], csfr5
+            loadd 128[temp], csfr6
+            loadd 136[temp], csfr7
+        elsif X86_64
+            loadp [temp], csr0
+            loadp 8[temp], csr1
+            loadp 16[temp], csr2
+            loadp 24[temp], csr3
+            loadp 32[temp], csr4
+        elsif X86_64_WIN
+            loadp [temp], csr0
+            loadp 8[temp], csr1
+            loadp 16[temp], csr2
+            loadp 24[temp], csr3
+            loadp 32[temp], csr4
+            loadp 40[temp], csr5
+            loadp 48[temp], csr6
+        end
+    end
+end
+
 macro preserveReturnAddressAfterCall(destinationRegister)
     if C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or ARM64 or MIPS or SH4
@@ -551 +643 @@
     elsif X86 or X86_WIN or X86_64 or X86_64_WIN
         pop destinationRegister
-    else
-        error
-    end
-end
-
-macro restoreReturnAddressBeforeReturn(sourceRegister)
-    if C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or ARM64 or MIPS or SH4
-        # In C_LOOP case, we're only restoring the bytecode vPC.
-        move sourceRegister, lr
-    elsif X86 or X86_WIN or X86_64 or X86_64_WIN
-        push sourceRegister
     else
         error
@@ -764 +845 @@
     codeBlockSetter(t1)
 
+    preserveCalleeSavesUsedByLLInt()
+
     # Set up the PC.
     if JSVALUE64
@@ -779 +862 @@
 
     # Stack height check failed - need to call a slow_path.
-    subp maxFrameExtentForSlowPathCall, sp # Set up temporary stack pointer for call
+    # Set up temporary stack pointer for call including callee saves
+    subp maxFrameExtentForSlowPathCall, sp
     callSlowPath(_llint_stack_check)
     bpeq r1, 0, .stackHeightOKGetCodeBlock
@@ -794 +878 @@
 .stackHeightOK:
     move t0, sp
+
+    if JSVALUE64
+        move TagTypeNumber, tagTypeNumber
+        addp TagBitTypeOther, tagTypeNumber, tagMask
+    end
 end
 
@@ -849 +938 @@
 
 macro doReturn()
+    restoreCalleeSavesUsedByLLInt()
     restoreCallerPCAndCFR()
     ret

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -303 +303 @@
     andp MarkedBlockMask, t3
     loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
+    restoreCalleeSavesFromVMCalleeSavesBuffer(t3, t0)
     loadp VM::callFrameForThrow[t3], cfr
 
@@ -592 +593 @@
     
     loadp CommonSlowPaths::ArityCheckData::paddedStackSpace[r1], a0
-    loadp CommonSlowPaths::ArityCheckData::returnPC[r1], a1
     call t3
     if ASSERT_ENABLED
@@ -1879 +1879 @@
     andp MarkedBlockMask, t3
     loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
+    restoreCalleeSavesFromVMCalleeSavesBuffer(t3, t0)
     loadp VM::callFrameForThrow[t3], cfr
     restoreStackPointerAfterCall()
@@ -1917 +1918 @@
     andp MarkedBlockMask, t1
     loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
+    copyCalleeSavesToVMCalleeSavesBuffer(t1, t2)
     jmp VM::targetMachinePCForThrow[t1]
 

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -216 +216 @@
     storep cfr, VM::topVMEntryFrame[vm]
 
-    move TagTypeNumber, tagTypeNumber
-    addp TagBitTypeOther, tagTypeNumber, tagMask
-
     checkStackPointerAlignment(extraTempReg, 0xbad0dc02)
 
@@ -278 +275 @@
     andp MarkedBlockMask, t3
     loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
+    restoreCalleeSavesFromVMCalleeSavesBuffer(t3, t0)
     loadp VM::callFrameForThrow[t3], cfr
 
@@ -510 +508 @@
 
 .noError:
-    # r1 points to ArityCheckData.
-    loadp CommonSlowPaths::ArityCheckData::thunkToCall[r1], t3
-    btpz t3, .proceedInline
-    
-    loadp CommonSlowPaths::ArityCheckData::paddedStackSpace[r1], a0
-    loadp CommonSlowPaths::ArityCheckData::returnPC[r1], a1
-    call t3
-    if ASSERT_ENABLED
-        loadp ReturnPC[cfr], t0
-        loadp [t0], t0
-    end
-    jmp .continue
-
-.proceedInline:
     loadi CommonSlowPaths::ArityCheckData::paddedStackSpace[r1], t1
     btiz t1, .continue
@@ -531 +515 @@
     negq t1
     move cfr, t3
+    subp CalleeSaveSpaceAsVirtualRegisters * 8, t3
     loadi PayloadOffset + ArgumentCount[cfr], t2
-    addi CallFrameHeaderSlots, t2
+    addi CallFrameHeaderSlots + CalleeSaveSpaceAsVirtualRegisters, t2
 .copyLoop:
     loadq [t3], t0
@@ -575 +560 @@
     loadp CodeBlock[cfr], t2                // t2<CodeBlock> = cfr.CodeBlock
     loadi CodeBlock::m_numVars[t2], t2      // t2<size_t> = t2<CodeBlock>.m_numVars
+    subq CalleeSaveSpaceAsVirtualRegisters, t2
+    move cfr, t1
+    subq CalleeSaveSpaceAsVirtualRegisters * 8, t1
     btiz t2, .opEnterDone
     move ValueUndefined, t0
@@ -580 +568 @@
     sxi2q t2, t2
 .opEnterLoop:
-    storeq t0, [cfr, t2, 8]
+    storeq t0, [t1, t2, 8]
     addq 1, t2
     btqnz t2, .opEnterLoop
@@ -1762 +1750 @@
 
 _llint_op_catch:
-    # Gotta restore the tag registers. We could be throwing from FTL, which may
-    # clobber them.
-    move TagTypeNumber, tagTypeNumber
-    move TagMask, tagMask
-    
     # This is where we end up from the JIT's throw trampoline (because the
     # machine code return address will be set to _llint_op_catch), and from
@@ -1775 +1758 @@
     andp MarkedBlockMask, t3
     loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
+    restoreCalleeSavesFromVMCalleeSavesBuffer(t3, t0)
     loadp VM::callFrameForThrow[t3], cfr
     restoreStackPointerAfterCall()
@@ -1807 +1791 @@
 
 _llint_throw_from_slow_path_trampoline:
+    loadp Callee[cfr], t1
+    andp MarkedBlockMask, t1
+    loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
+    copyCalleeSavesToVMCalleeSavesBuffer(t1, t2)
+
     callSlowPath(_llint_slow_path_handle_exception)
 

trunk/Source/JavaScriptCore/offlineasm/arm64.rb

@@ -62 +62 @@
 #  q4  => ft4          (unused in baseline)
 #  q5  => ft5          (unused in baseline)
+#  q8  => csfr0        (Only the lower 64 bits)
+#  q9  => csfr1        (Only the lower 64 bits)
+# q10  => csfr2        (Only the lower 64 bits)
+# q11  => csfr3        (Only the lower 64 bits)
+# q12  => csfr4        (Only the lower 64 bits)
+# q13  => csfr5        (Only the lower 64 bits)
+# q14  => csfr6        (Only the lower 64 bits)
+# q15  => csfr7        (Only the lower 64 bits)
 # q31  => scratch
 
@@ -117 +125 @@
             arm64GPRName('x29', kind)
         when 'csr0'
+            arm64GPRName('x19', kind)
+        when 'csr1'
+            arm64GPRName('x20', kind)
+        when 'csr2'
+            arm64GPRName('x21', kind)
+        when 'csr3'
+            arm64GPRName('x22', kind)
+        when 'csr4'
+            arm64GPRName('x23', kind)
+        when 'csr5'
+            arm64GPRName('x24', kind)
+        when 'csr6'
+            arm64GPRName('x25', kind)
+        when 'csr7'
             arm64GPRName('x26', kind)
-        when 'csr1'
+        when 'csr8'
             arm64GPRName('x27', kind)
-        when 'csr2'
+        when 'csr9'
             arm64GPRName('x28', kind)
         when 'sp'
@@ -147 +169 @@
         when 'ft5'
             arm64FPRName('q5', kind)
+        when 'csfr0'
+            arm64FPRName('q8', kind)
+        when 'csfr1'
+            arm64FPRName('q9', kind)
+        when 'csfr2'
+            arm64FPRName('q10', kind)
+        when 'csfr3'
+            arm64FPRName('q11', kind)
+        when 'csfr4'
+            arm64FPRName('q12', kind)
+        when 'csfr5'
+            arm64FPRName('q13', kind)
+        when 'csfr6'
+            arm64FPRName('q14', kind)
+        when 'csfr7'
+            arm64FPRName('q15', kind)
         else "Bad register name #{@name} at #{codeOriginString}"
         end

trunk/Source/JavaScriptCore/offlineasm/registers.rb

@@ -49 +49 @@
      "csr4",
      "csr5",
-     "csr6"
+     "csr6",
+     "csr7",
+     "csr8",
+     "csr9"
     ]
 
@@ -64 +67 @@
      "fa2",
      "fa3",
+     "csfr0",
+     "csfr1",
+     "csfr2",
+     "csfr3",
+     "csfr4",
+     "csfr5",
+     "csfr6",
+     "csfr7",
      "fr"
     ]

trunk/Source/JavaScriptCore/offlineasm/x86.rb

@@ -291 +291 @@
                 "ebx"
             when "csr1"
-                "r12"
+                isWin ? "esi" : "r12"
             when "csr2"
-                "r13"
+                isWin ? "edi" : "r13"
             when "csr3"
-                isWin ? "esi" : "r14"
+                isWin ? "r12" : "r14"
             when "csr4"
-                isWin ? "edi" : "r15"
-                "r15"
+                isWin ? "r13" : "r15"
             when "csr5"
                 raise "cannot use register #{name} on X86-64" unless isWin

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

@@ -26 +26 @@
 #include "config.h"
 #include "CommonSlowPaths.h"
-#include "ArityCheckFailReturnThunks.h"
 #include "ArrayConstructor.h"
 #include "CallFrame.h"
@@ -167 +166 @@
     result->paddedStackSpace = slotsToAdd;
 #if ENABLE(JIT)
-    if (vm.canUseJIT()) {
+    if (vm.canUseJIT())
         result->thunkToCall = vm.getCTIStub(arityFixupGenerator).code().executableAddress();
-        result->returnPC = vm.arityCheckFailReturnThunks->returnPCFor(vm, slotsToAdd * stackAlignmentRegisters()).executableAddress();
-    } else
+    else
 #endif
-    {
         result->thunkToCall = 0;
-        result->returnPC = 0;
-    }
     return result;
 }

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h

@@ -50 +50 @@
     unsigned paddedStackSpace;
     void* thunkToCall;
-    void* returnPC;
 };
 

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -31 +31 @@
 
 #include "ArgList.h"
-#include "ArityCheckFailReturnThunks.h"
 #include "ArrayBufferNeuteringWatchpoint.h"
 #include "BuiltinExecutables.h"
@@ -78 +77 @@
 #include "RegExpCache.h"
 #include "RegExpObject.h"
+#include "RegisterAtOffsetList.h"
 #include "RuntimeType.h"
 #include "SimpleTypedArrayController.h"
@@ -254 +254 @@
 #if ENABLE(JIT)
     jitStubs = std::make_unique<JITThunks>();
-    arityCheckFailReturnThunks = std::make_unique<ArityCheckFailReturnThunks>();
+    allCalleeSaveRegisterOffsets = std::make_unique<RegisterAtOffsetList>(RegisterSet::vmCalleeSaveRegisters(), RegisterAtOffsetList::ZeroBased);
 #endif
     arityCheckData = std::make_unique<CommonSlowPaths::ArityCheckData>();

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -34 +34 @@
 #include "ExecutableAllocator.h"
 #include "FunctionHasExecutedCache.h"
+#if ENABLE(JIT)
+#include "GPRInfo.h"
+#endif
 #include "Heap.h"
 #include "Intrinsic.h"
@@ -73 +76 @@
 namespace JSC {
 
-class ArityCheckFailReturnThunks;
 class BuiltinExecutables;
 class CodeBlock;
@@ -91 +93 @@
 class NativeExecutable;
 class RegExpCache;
+class RegisterAtOffsetList;
 class ScriptExecutable;
 class SourceProvider;
@@ -358 +361 @@
     Interpreter* interpreter;
 #if ENABLE(JIT)
+#if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+    intptr_t calleeSaveRegistersBuffer[NUMBER_OF_CALLEE_SAVES_REGISTERS];
+
+    static ptrdiff_t calleeSaveRegistersBufferOffset()
+    {
+        return OBJECT_OFFSETOF(VM, calleeSaveRegistersBuffer);
+    }
+#endif // NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
+
     std::unique_ptr<JITThunks> jitStubs;
     MacroAssemblerCodeRef getCTIStub(ThunkGenerator generator)
@@ -364 +376 @@
     }
     NativeExecutable* getHostFunction(NativeFunction, Intrinsic);
-
-    std::unique_ptr<ArityCheckFailReturnThunks> arityCheckFailReturnThunks;
+    
+    std::unique_ptr<RegisterAtOffsetList> allCalleeSaveRegisterOffsets;
+    
+    RegisterAtOffsetList* getAllCalleeSaveRegisterOffsets() { return allCalleeSaveRegisterOffsets.get(); }
+
 #endif // ENABLE(JIT)
     std::unique_ptr<CommonSlowPaths::ArityCheckData> arityCheckData;