Changeset 157411 in webkit

Timestamp:

Oct 14, 2013 11:39:45 AM (11 years ago)

Author:

fpizlo@apple.com

Message:

Baseline JIT should use the DFG's PutById IC
​https://bugs.webkit.org/show_bug.cgi?id=122704

Source/JavaScriptCore:

Reviewed by Mark Hahnenberg.

Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
that JIT to use the DFG's (i.e. JITOperations) PutById IC.

The only complicated part was that the PutById operations assumed that we first did a
cell speculation, which the baseline JIT obviously won't do. So I changed all of those
slow paths to deal with EncodedJSValue's.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resetStubInternal):

• bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFor):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedPutById):

• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

• jit/JIT.cpp:

(JSC::PropertyStubCompilationInfo::copyToStubInfo):

• jit/JIT.h:

(JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
(JSC::PropertyStubCompilationInfo::slowCaseInfo):

• jit/JITInlines.h:

(JSC::JIT::callOperation):

• jit/JITOperationWrappers.h:
• jit/JITOperations.cpp:
• jit/JITOperations.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):

• jit/JITStubs.cpp:
• jit/JITStubs.h:
• jit/Repatch.cpp:

(JSC::appropriateGenericPutByIdFunction):
(JSC::appropriateListBuildingPutByIdFunction):
(JSC::resetPutByID):

LayoutTests:

Reviewed by Mark Hahnenberg.

• js/regress/put-by-id-expected.txt: Added.
• js/regress/put-by-id.html: Added.
• js/regress/script-tests/put-by-id.js: Added.

(foo):
(bar):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/js/regress/put-by-id-expected.txt (added)
• LayoutTests/js/regress/put-by-id.html (added)
• LayoutTests/js/regress/script-tests/put-by-id.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecode/PutByIdStatus.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/CCallHelpers.h (modified) (2 diffs)
• Source/JavaScriptCore/jit/JIT.cpp (modified) (2 diffs)
• Source/JavaScriptCore/jit/JIT.h (modified) (12 diffs)
• Source/JavaScriptCore/jit/JITInlines.h (modified) (2 diffs)
• Source/JavaScriptCore/jit/JITOperationWrappers.h (modified) (13 diffs)
• Source/JavaScriptCore/jit/JITOperations.cpp (modified) (19 diffs)
• Source/JavaScriptCore/jit/JITOperations.h (modified) (2 diffs)
• Source/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (8 diffs)
• Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (modified) (7 diffs)
• Source/JavaScriptCore/jit/JITStubs.cpp (modified) (3 diffs)
• Source/JavaScriptCore/jit/JITStubs.h (modified) (2 diffs)
• Source/JavaScriptCore/jit/Repatch.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-10-14  Filip Pizlo  <fpizlo@apple.com>
+
+        Baseline JIT should use the DFG's PutById IC
+        https://bugs.webkit.org/show_bug.cgi?id=122704
+
+        Reviewed by Mark Hahnenberg.
+
+        * js/regress/put-by-id-expected.txt: Added.
+        * js/regress/put-by-id.html: Added.
+        * js/regress/script-tests/put-by-id.js: Added.
+        (foo):
+        (bar):
+
 2013-10-14  Mihnea Ovidenie  <mihnea@adobe.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-10-14  Filip Pizlo  <fpizlo@apple.com>
+
+        Baseline JIT should use the DFG's PutById IC
+        https://bugs.webkit.org/show_bug.cgi?id=122704
+
+        Reviewed by Mark Hahnenberg.
+        
+        Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
+        that JIT to use the DFG's (i.e. JITOperations) PutById IC.
+        
+        The only complicated part was that the PutById operations assumed that we first did a
+        cell speculation, which the baseline JIT obviously won't do. So I changed all of those
+        slow paths to deal with EncodedJSValue's.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::resetStubInternal):
+        * bytecode/PutByIdStatus.cpp:
+        (JSC::PutByIdStatus::computeFor):
+        * dfg/DFGSpeculativeJIT.h:
+        (JSC::DFG::SpeculativeJIT::callOperation):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::cachedPutById):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::cachedPutById):
+        * jit/CCallHelpers.h:
+        (JSC::CCallHelpers::setupArgumentsWithExecState):
+        * jit/JIT.cpp:
+        (JSC::PropertyStubCompilationInfo::copyToStubInfo):
+        * jit/JIT.h:
+        (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
+        (JSC::PropertyStubCompilationInfo::slowCaseInfo):
+        * jit/JITInlines.h:
+        (JSC::JIT::callOperation):
+        * jit/JITOperationWrappers.h:
+        * jit/JITOperations.cpp:
+        * jit/JITOperations.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+        * jit/Repatch.cpp:
+        (JSC::appropriateGenericPutByIdFunction):
+        (JSC::appropriateListBuildingPutByIdFunction):
+        (JSC::resetPutByID):
+
 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -2383 +2383 @@
         else {
             RELEASE_ASSERT(isPutByIdAccess(accessType));
-            JIT::resetPatchPutById(repatchBuffer, &stubInfo);
+            resetPutByID(repatchBuffer, stubInfo);
         }
         break;

trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.cpp

@@ -142 +142 @@
         
     default:
+        // FIXME: We should handle polymorphic PutById. We probably have some interesting things
+        // we could do about it.
         return PutByIdStatus(TakesSlowPath, 0, 0, 0, invalidOffset);
     }

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@ -1364 +1364 @@
         return appendCallWithExceptionCheck(operation);
     }
-    JITCompiler::Call callOperation(V_JITOperation_EJCI operation, GPRReg arg1, GPRReg arg2, StringImpl* uid)
+    JITCompiler::Call callOperation(V_JITOperation_EJJI operation, GPRReg arg1, GPRReg arg2, StringImpl* uid)
     {
         m_jit.setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(uid));
@@ -1621 +1621 @@
         return appendCallWithExceptionCheck(operation);
     }
-    JITCompiler::Call callOperation(V_JITOperation_EJCI operation, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2, StringImpl* uid)
-    {
-        m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2, TrustedImmPtr(uid));
+    JITCompiler::Call callOperation(V_JITOperation_EJJI operation, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Payload, StringImpl* uid)
+    {
+        m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2Payload, TrustedImm32(JSValue::CellTag), TrustedImmPtr(uid));
         return appendCallWithExceptionCheck(operation);
     }

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -263 +263 @@
 
     JITCompiler::Label doneLabel = m_jit.label();
-    V_JITOperation_EJCI optimizedCall;
+    V_JITOperation_EJJI optimizedCall;
     if (m_jit.strictModeFor(m_currentNode->codeOrigin)) {
         if (putKind == Direct)

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -255 +255 @@
     JITCompiler::Label doneLabel = m_jit.label();
     
-    V_JITOperation_EJCI optimizedCall;
+    V_JITOperation_EJJI optimizedCall;
     if (m_jit.strictModeFor(m_currentNode->codeOrigin)) {
         if (putKind == Direct)

trunk/Source/JavaScriptCore/jit/CCallHelpers.h

@@ -353 +353 @@
     }
 
+    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4)
+    {
+        resetCallArguments();
+        addCallArgument(GPRInfo::callFrameRegister);
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+    }
+
     ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, TrustedImm32 arg2, GPRReg arg3, GPRReg arg4)
     {
@@ -364 +374 @@
 
     ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, GPRReg arg5)
+    {
+        resetCallArguments();
+        addCallArgument(GPRInfo::callFrameRegister);
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+    }
+
+    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, TrustedImmPtr arg5)
+    {
+        resetCallArguments();
+        addCallArgument(GPRInfo::callFrameRegister);
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+    }
+
+    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, TrustedImm32 arg4, TrustedImmPtr arg5)
     {
         resetCallArguments();

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -490 +490 @@
     info.codeOrigin = CodeOrigin(bytecodeIndex);
     info.callReturnLocation = linkBuffer.locationOf(callReturnLocation);
-    info.hotPathBegin = linkBuffer.locationOf(hotPathBegin);
 
     switch (m_type) {
     case GetById: {
         CodeLocationLabel hotPathBeginLocation = linkBuffer.locationOf(hotPathBegin);
-        info.patch.baseline.u.get.structureToCompare = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(getStructureToCompare));
-        info.patch.baseline.u.get.structureCheck = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(getStructureCheck));
+        info.hotPathBegin = hotPathBeginLocation;
+        info.patch.baseline.u.get.structureToCompare = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(structureToCompare));
+        info.patch.baseline.u.get.structureCheck = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(structureCheck));
         info.patch.baseline.u.get.propertyStorageLoad = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(propertyStorageLoad));
 #if USE(JSVALUE64)
@@ -504 +504 @@
         info.patch.baseline.u.get.displacementLabel2 = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(getDisplacementLabel2));
 #endif
-        info.patch.baseline.u.get.putResult = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(getPutResult));
-        info.patch.baseline.u.get.coldPathBegin = MacroAssembler::differenceBetweenCodePtr(linkBuffer.locationOf(getColdPathBegin), linkBuffer.locationOf(callReturnLocation));
+        info.patch.baseline.u.get.putResult = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(done));
+        info.patch.baseline.u.get.coldPathBegin = MacroAssembler::differenceBetweenCodePtr(linkBuffer.locationOf(coldPathBegin), linkBuffer.locationOf(callReturnLocation));
         break;
     }
     case PutById:
-        CodeLocationLabel hotPathBeginLocation = linkBuffer.locationOf(hotPathBegin);
-        info.patch.baseline.u.put.structureToCompare = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(putStructureToCompare));
-        info.patch.baseline.u.put.propertyStorageLoad = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(propertyStorageLoad));
+        info.patch.dfg.deltaCheckImmToCall = MacroAssembler::differenceBetweenCodePtr(linkBuffer.locationOf(structureToCompare), info.callReturnLocation);
+        info.patch.dfg.deltaCallToStructCheck = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(structureCheck));
 #if USE(JSVALUE64)
-        info.patch.baseline.u.put.displacementLabel = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(putDisplacementLabel));
+        info.patch.dfg.deltaCallToLoadOrStore = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(putDisplacementLabel));
 #else
-        info.patch.baseline.u.put.displacementLabel1 = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(putDisplacementLabel1));
-        info.patch.baseline.u.put.displacementLabel2 = MacroAssembler::differenceBetweenCodePtr(hotPathBeginLocation, linkBuffer.locationOf(putDisplacementLabel2));
-#endif
+        info.patch.dfg.deltaCallToTagLoadOrStore = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(putDisplacementLabel2));
+        info.patch.dfg.deltaCallToPayloadLoadOrStore = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(putDisplacementLabel1));
+#endif
+        info.patch.dfg.deltaCallToSlowCase = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(coldPathBegin));
+        info.patch.dfg.deltaCallToDone = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(done));
+        info.patch.dfg.deltaCallToStorageLoad = MacroAssembler::differenceBetweenCodePtr(info.callReturnLocation, linkBuffer.locationOf(propertyStorageLoad));
+#if USE(JSVALUE64)
+        info.patch.dfg.baseGPR = GPRInfo::regT0;
+        info.patch.dfg.valueGPR = GPRInfo::regT1;
+        RegisterSet usedRegisters;
+        usedRegisters.set(GPRInfo::regT0);
+        usedRegisters.set(GPRInfo::regT1);
+        usedRegisters.copyInfo(info.patch.dfg.usedRegisters);
+#else
+        info.patch.dfg.baseGPR = GPRInfo::regT0;
+        info.patch.dfg.valueGPR = GPRInfo::regT2;
+        info.patch.dfg.valueTagGPR = GPRInfo::regT3;
+        RegisterSet usedRegisters;
+        usedRegisters.set(GPRInfo::regT0);
+        usedRegisters.set(GPRInfo::regT2);
+        usedRegisters.set(GPRInfo::regT3);
+        usedRegisters.copyInfo(info.patch.dfg.usedRegisters);
+#endif
+        info.patch.dfg.registersFlushed = true;
         break;
     }

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -157 +157 @@
         MacroAssembler::Call callReturnLocation;
         MacroAssembler::Label hotPathBegin;
-        MacroAssembler::DataLabelPtr getStructureToCompare;
-        MacroAssembler::PatchableJump getStructureCheck;
+        MacroAssembler::DataLabelPtr structureToCompare;
+        MacroAssembler::PatchableJump structureCheck;
         MacroAssembler::ConvertibleLoadLabel propertyStorageLoad;
 #if USE(JSVALUE64)
@@ -166 +166 @@
         MacroAssembler::DataLabelCompact getDisplacementLabel2;
 #endif
-        MacroAssembler::Label getPutResult;
-        MacroAssembler::Label getColdPathBegin;
-        MacroAssembler::DataLabelPtr putStructureToCompare;
+        MacroAssembler::Label done;
+        MacroAssembler::Label coldPathBegin;
 #if USE(JSVALUE64)
         MacroAssembler::DataLabel32 putDisplacementLabel;
@@ -195 +194 @@
             MacroAssembler::DataLabelCompact displacementLabel2,
 #endif
-            MacroAssembler::Label putResult)
+            MacroAssembler::Label done)
             : m_type(GetById)
             , bytecodeIndex(bytecodeIndex)
             , hotPathBegin(hotPathBegin)
-            , getStructureToCompare(structureToCompare)
-            , getStructureCheck(structureCheck)
+            , structureToCompare(structureToCompare)
+            , structureCheck(structureCheck)
             , propertyStorageLoad(propertyStorageLoad)
 #if USE(JSVALUE64)
@@ -208 +207 @@
             , getDisplacementLabel2(displacementLabel2)
 #endif
-            , getPutResult(putResult)
+            , done(done)
         {
         }
 
         PropertyStubCompilationInfo(
-            PropertyStubPutById_T, unsigned bytecodeIndex, MacroAssembler::Label hotPathBegin,
+            PropertyStubPutById_T, unsigned bytecodeIndex,
             MacroAssembler::DataLabelPtr structureToCompare,
+            MacroAssembler::PatchableJump structureCheck,
             MacroAssembler::ConvertibleLoadLabel propertyStorageLoad,
 #if USE(JSVALUE64)
-            MacroAssembler::DataLabel32 displacementLabel
+            MacroAssembler::DataLabel32 displacementLabel,
 #else
             MacroAssembler::DataLabel32 displacementLabel1,
-            MacroAssembler::DataLabel32 displacementLabel2
-#endif
-            )
+            MacroAssembler::DataLabel32 displacementLabel2,
+#endif
+            MacroAssembler::Label done)
             : m_type(PutById)
             , bytecodeIndex(bytecodeIndex)
-            , hotPathBegin(hotPathBegin)
+            , structureToCompare(structureToCompare)
+            , structureCheck(structureCheck)
             , propertyStorageLoad(propertyStorageLoad)
-            , putStructureToCompare(structureToCompare)
+            , done(done)
 #if USE(JSVALUE64)
             , putDisplacementLabel(displacementLabel)
@@ -237 +238 @@
         }
 
-        void slowCaseInfo(PropertyStubGetById_T, MacroAssembler::Label coldPathBegin, MacroAssembler::Call call)
-        {
-            ASSERT(m_type == GetById);
+        void slowCaseInfo(MacroAssembler::Label coldPathBegin, MacroAssembler::Call call)
+        {
             callReturnLocation = call;
-            getColdPathBegin = coldPathBegin;
-        }
-
-        void slowCaseInfo(PropertyStubPutById_T, MacroAssembler::Call call)
-        {
-            ASSERT(m_type == PutById);
+            this->coldPathBegin = coldPathBegin;
+        }
+
+        void slowCaseInfo(MacroAssembler::Call call)
+        {
             callReturnLocation = call;
         }
@@ -346 +345 @@
         }
         
-        static void compilePutByIdTransition(VM* vm, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, PropertyOffset cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress, bool direct)
-        {
-            JIT jit(vm, codeBlock);
-            jit.m_bytecodeOffset = stubInfo->codeOrigin.bytecodeIndex;
-            jit.privateCompilePutByIdTransition(stubInfo, oldStructure, newStructure, cachedOffset, chain, returnAddress, direct);
-        }
-        
         static void compileGetByVal(VM* vm, CodeBlock* codeBlock, ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
         {
@@ -381 +373 @@
 
         static void resetPatchGetById(RepatchBuffer&, StructureStubInfo*);
-        static void resetPatchPutById(RepatchBuffer&, StructureStubInfo*);
         static void patchGetByIdSelf(CodeBlock*, StructureStubInfo*, Structure*, PropertyOffset cachedOffset, ReturnAddressPtr);
-        static void patchPutByIdReplace(CodeBlock*, StructureStubInfo*, Structure*, PropertyOffset cachedOffset, ReturnAddressPtr, bool direct);
 
         static void compilePatchGetArrayLength(VM* vm, CodeBlock* codeBlock, ReturnAddressPtr returnAddress)
@@ -415 +405 @@
         void privateCompileGetByIdChainList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, StructureChain*, size_t count, const Identifier&, const PropertySlot&, PropertyOffset cachedOffset, CallFrame*);
         void privateCompileGetByIdChain(StructureStubInfo*, Structure*, StructureChain*, size_t count, const Identifier&, const PropertySlot&, PropertyOffset cachedOffset, ReturnAddressPtr, CallFrame*);
-        void privateCompilePutByIdTransition(StructureStubInfo*, Structure*, Structure*, PropertyOffset cachedOffset, StructureChain*, ReturnAddressPtr, bool direct);
         
         void privateCompileGetByVal(ByValInfo*, ReturnAddressPtr, JITArrayMode);
@@ -448 +437 @@
 
         void privateCompileExceptionHandlers();
-
-        static bool isDirectPutById(StructureStubInfo*);
 
         void addSlowCase(Jump);
@@ -588 +575 @@
         static const int sequenceGetByIdSlowCaseInstructionSpace = 80;
         static const int sequenceGetByIdSlowCaseConstantSpace = 4;
-        // sequencePutById
-        static const int sequencePutByIdInstructionSpace = 36;
-        static const int sequencePutByIdConstantSpace = 4;
 #elif CPU(SH4)
         // sequenceOpCall
@@ -601 +585 @@
         static const int sequenceGetByIdSlowCaseInstructionSpace = 38;
         static const int sequenceGetByIdSlowCaseConstantSpace = 4;
-        // sequencePutById
-        static const int sequencePutByIdInstructionSpace = 36;
-        static const int sequencePutByIdConstantSpace = 5;
 #endif
 
@@ -891 +872 @@
         MacroAssembler::Call callOperation(S_JITOperation_EJJ, RegisterID, RegisterID);
         MacroAssembler::Call callOperation(S_JITOperation_EOJss, RegisterID, RegisterID);
+#if USE(JSVALUE64)
+        MacroAssembler::Call callOperation(V_JITOperation_EJJI, RegisterID, RegisterID, StringImpl*);
+#else
+        MacroAssembler::Call callOperation(V_JITOperation_EJJI, RegisterID, RegisterID, RegisterID, RegisterID, StringImpl*);
+#endif
         MacroAssembler::Call callOperationWithCallFrameRollbackOnException(J_JITOperation_E);
         MacroAssembler::Call callOperationWithCallFrameRollbackOnException(V_JITOperation_ECb, CodeBlock*);

trunk/Source/JavaScriptCore/jit/JITInlines.h

@@ -263 +263 @@
     return appendCallWithExceptionCheck(operation);
 }
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(V_JITOperation_EJJI operation, RegisterID regOp1, RegisterID regOp2, StringImpl* uid)
+{
+    setupArgumentsWithExecState(regOp1, regOp2, TrustedImmPtr(uid));
+    return appendCallWithExceptionCheck(operation);
+}
 #endif
 
@@ -418 +424 @@
 {
     setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, SH4_32BIT_DUMMY_ARG arg2Payload, arg2Tag);
+    return appendCallWithExceptionCheck(operation);
+}
+
+ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(V_JITOperation_EJJI operation, RegisterID regOp1Tag, RegisterID regOp1Payload, RegisterID regOp2Tag, RegisterID regOp2Payload, StringImpl* uid)
+{
+    setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG regOp1Payload, regOp1Tag, regOp2Payload, regOp2Tag, TrustedImmPtr(uid));
     return appendCallWithExceptionCheck(operation);
 }

trunk/Source/JavaScriptCore/jit/JITOperationWrappers.h

@@ -63 +63 @@
 #define _J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, rcx)
 #define _J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, rcx)
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, r8)
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, r8)
 
 #elif COMPILER(GCC) && CPU(X86)
@@ -81 +81 @@
 #define _J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 16)
 #define _J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 20)
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 24)
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 28)
 
 #elif COMPILER(GCC) && CPU(ARM_THUMB2)
@@ -118 +118 @@
 #if COMPILER_SUPPORTS(EABI) && CPU(ARM)
 #define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #4]"
-#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #8]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJJI "str lr, [sp, #12]"
 #else
 #define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #0]"
-#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #4]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJJI "str lr, [sp, #8]"
 #endif
 
@@ -137 +137 @@
     );
 
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) \
     asm ( \
     ".text" "\n" \
@@ -146 +146 @@
     ".thumb_func " THUMB_FUNC_PARAM(function) "\n" \
     SYMBOL_STRING(function) ":" "\n" \
-        INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "\n" \
+        INSTRUCTION_STORE_RETURN_ADDRESS_EJJI "\n" \
         "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
     );
@@ -181 +181 @@
 #if COMPILER_SUPPORTS(EABI) && CPU(ARM)
 #define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #4]"
-#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #8]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJJI "str lr, [sp, #12]"
 #else
 #define INSTRUCTION_STORE_RETURN_ADDRESS_EJI "str lr, [sp, #0]"
-#define INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "str lr, [sp, #4]"
+#define INSTRUCTION_STORE_RETURN_ADDRESS_EJJI "str lr, [sp, #8]"
 #endif
 
@@ -198 +198 @@
     );
 
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) \
     asm ( \
     ".text" "\n" \
@@ -205 +205 @@
     INLINE_ARM_FUNCTION(function) \
     SYMBOL_STRING(function) ":" "\n" \
-        INSTRUCTION_STORE_RETURN_ADDRESS_EJCI "\n" \
+        INSTRUCTION_STORE_RETURN_ADDRESS_EJJI "\n" \
         "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
     );
@@ -247 +247 @@
     );
 
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) \
     asm( \
     ".text" "\n" \
@@ -254 +254 @@
     SYMBOL_STRING(function) ":" "\n" \
     LOAD_FUNCTION_TO_T9(function##WithReturnAddress) \
-        "sw $ra, 24($sp)" "\n" \
+        "sw $ra, 28($sp)" "\n" \
         "b " LOCAL_REFERENCE(function) "WithReturnAddress" "\n" \
     );
@@ -306 +306 @@
 
 #define _J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)  FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 0, SH4_SCRATCH_REGISTER)
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 4, SH4_SCRATCH_REGISTER)
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, 8, SH4_SCRATCH_REGISTER)
 
 #elif COMPILER(MSVC)
@@ -322 +322 @@
     EncodedJSValue JIT_OPERATION function(ExecState* exec, EncodedJSValue value, StringImpl* string) { return function##WithReturnAddress(exec, value, string, ReturnAddressPtr(*(void**)_AddressOfReturnAddress())); }
 
-#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
-    void JIT_OPERATION function(ExecState* exec, EncodedJSValue value, JSCell* cell, StringImpl* string) { return function##WithReturnAddress(exec, value, cell, string, ReturnAddressPtr(*(void**)_AddressOfReturnAddress())); }
+#define _V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) \
+    void JIT_OPERATION function(ExecState* exec, EncodedJSValue value, EncodedJSValue baseValue, StringImpl* string) { return function##WithReturnAddress(exec, value, baseValue, string, ReturnAddressPtr(*(void**)_AddressOfReturnAddress())); }
 
 #endif
@@ -343 +343 @@
 _J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)
 
-#define V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
-void JIT_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, JSCell*, StringImpl*, ReturnAddressPtr) REFERENCED_FROM_ASM WTF_INTERNAL; \
-_V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function)
+#define V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function) \
+void JIT_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, EncodedJSValue, StringImpl*, ReturnAddressPtr) REFERENCED_FROM_ASM WTF_INTERNAL; \
+_V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(function)
 
 } // namespace JSC

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -226 +226 @@
 }
 
-void JIT_OPERATION operationPutByIdStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+void JIT_OPERATION operationPutByIdStrict(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid)
 {
     VM* vm = &exec->vm();
@@ -233 +233 @@
     Identifier ident(vm, uid);
     PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
-    base->methodTable()->put(base, exec, ident, JSValue::decode(encodedValue), slot);
-}
-
-void JIT_OPERATION operationPutByIdNonStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+    JSValue::decode(encodedBase).put(exec, ident, JSValue::decode(encodedValue), slot);
+}
+
+void JIT_OPERATION operationPutByIdNonStrict(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid)
 {
     VM* vm = &exec->vm();
@@ -243 +243 @@
     Identifier ident(vm, uid);
     PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
-    base->methodTable()->put(base, exec, ident, JSValue::decode(encodedValue), slot);
-}
-
-void JIT_OPERATION operationPutByIdDirectStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+    JSValue::decode(encodedBase).put(exec, ident, JSValue::decode(encodedValue), slot);
+}
+
+void JIT_OPERATION operationPutByIdDirectStrict(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid)
 {
     VM* vm = &exec->vm();
@@ -253 +253 @@
     Identifier ident(vm, uid);
     PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
-    ASSERT(base->isObject());
-    asObject(base)->putDirect(exec->vm(), ident, JSValue::decode(encodedValue), slot);
-}
-
-void JIT_OPERATION operationPutByIdDirectNonStrict(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid)
+    asObject(JSValue::decode(encodedBase))->putDirect(exec->vm(), ident, JSValue::decode(encodedValue), slot);
+}
+
+void JIT_OPERATION operationPutByIdDirectNonStrict(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid)
 {
     VM* vm = &exec->vm();
@@ -264 +263 @@
     Identifier ident(vm, uid);
     PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
-    ASSERT(base->isObject());
-    asObject(base)->putDirect(exec->vm(), ident, JSValue::decode(encodedValue), slot);
-}
-
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdStrictOptimize);
-void JIT_OPERATION operationPutByIdStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+    asObject(JSValue::decode(encodedBase))->putDirect(exec->vm(), ident, JSValue::decode(encodedValue), slot);
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdStrictOptimize);
+void JIT_OPERATION operationPutByIdStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -279 +277 @@
 
     JSValue value = JSValue::decode(encodedValue);
-    JSValue baseValue(base);
+    JSValue baseValue = JSValue::decode(encodedBase);
     PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
     
@@ -293 +291 @@
 }
 
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdNonStrictOptimize);
-void JIT_OPERATION operationPutByIdNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdNonStrictOptimize);
+void JIT_OPERATION operationPutByIdNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -304 +302 @@
 
     JSValue value = JSValue::decode(encodedValue);
-    JSValue baseValue(base);
+    JSValue baseValue = JSValue::decode(encodedBase);
     PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
     
@@ -318 +316 @@
 }
 
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectStrictOptimize);
-void JIT_OPERATION operationPutByIdDirectStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdDirectStrictOptimize);
+void JIT_OPERATION operationPutByIdDirectStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -329 +327 @@
 
     JSValue value = JSValue::decode(encodedValue);
+    JSObject* baseObject = asObject(JSValue::decode(encodedBase));
     PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
     
-    ASSERT(base->isObject());
-    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    baseObject->putDirect(exec->vm(), ident, value, slot);
     
     if (accessType != static_cast<AccessType>(stubInfo.accessType))
@@ -338 +336 @@
     
     if (stubInfo.seen)
-        repatchPutByID(exec, base, ident, slot, stubInfo, Direct);
+        repatchPutByID(exec, baseObject, ident, slot, stubInfo, Direct);
     else
         stubInfo.seen = true;
 }
 
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectNonStrictOptimize);
-void JIT_OPERATION operationPutByIdDirectNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdDirectNonStrictOptimize);
+void JIT_OPERATION operationPutByIdDirectNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -354 +352 @@
 
     JSValue value = JSValue::decode(encodedValue);
+    JSObject* baseObject = asObject(JSValue::decode(encodedBase));
     PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
     
-    ASSERT(base->isObject());
-    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    baseObject->putDirect(exec->vm(), ident, value, slot);
     
     if (accessType != static_cast<AccessType>(stubInfo.accessType))
@@ -363 +361 @@
     
     if (stubInfo.seen)
-        repatchPutByID(exec, base, ident, slot, stubInfo, Direct);
+        repatchPutByID(exec, baseObject, ident, slot, stubInfo, Direct);
     else
         stubInfo.seen = true;
 }
 
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdStrictBuildList);
-void JIT_OPERATION operationPutByIdStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdStrictBuildList);
+void JIT_OPERATION operationPutByIdStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -379 +377 @@
 
     JSValue value = JSValue::decode(encodedValue);
-    JSValue baseValue(base);
+    JSValue baseValue = JSValue::decode(encodedBase);
     PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
     
@@ -390 +388 @@
 }
 
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdNonStrictBuildList);
-void JIT_OPERATION operationPutByIdNonStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdNonStrictBuildList);
+void JIT_OPERATION operationPutByIdNonStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -401 +399 @@
 
     JSValue value = JSValue::decode(encodedValue);
-    JSValue baseValue(base);
+    JSValue baseValue = JSValue::decode(encodedBase);
     PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
     
@@ -412 +410 @@
 }
 
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectStrictBuildList);
-void JIT_OPERATION operationPutByIdDirectStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdDirectStrictBuildList);
+void JIT_OPERATION operationPutByIdDirectStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -423 +421 @@
     
     JSValue value = JSValue::decode(encodedValue);
+    JSObject* baseObject = asObject(JSValue::decode(encodedBase));
     PutPropertySlot slot(true, exec->codeBlock()->putByIdContext());
     
-    ASSERT(base->isObject());
-    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    baseObject->putDirect(exec->vm(), ident, value, slot);
     
     if (accessType != static_cast<AccessType>(stubInfo.accessType))
         return;
     
-    buildPutByIdList(exec, base, ident, slot, stubInfo, Direct);
-}
-
-V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(operationPutByIdDirectNonStrictBuildList);
-void JIT_OPERATION operationPutByIdDirectNonStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, JSCell* base, StringImpl* uid, ReturnAddressPtr returnAddress)
+    buildPutByIdList(exec, baseObject, ident, slot, stubInfo, Direct);
+}
+
+V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJJI(operationPutByIdDirectNonStrictBuildList);
+void JIT_OPERATION operationPutByIdDirectNonStrictBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid, ReturnAddressPtr returnAddress)
 {
     VM* vm = &exec->vm();
@@ -445 +443 @@
 
     JSValue value = JSValue::decode(encodedValue);
+    JSObject* baseObject = asObject(JSValue::decode(encodedBase));
     PutPropertySlot slot(false, exec->codeBlock()->putByIdContext());
     
-    ASSERT(base->isObject());
-    asObject(base)->putDirect(exec->vm(), ident, value, slot);
+    baseObject ->putDirect(exec->vm(), ident, value, slot);
     
     if (accessType != static_cast<AccessType>(stubInfo.accessType))
         return;
     
-    buildPutByIdList(exec, base, ident, slot, stubInfo, Direct);
+    buildPutByIdList(exec, baseObject, ident, slot, stubInfo, Direct);
 }
 

trunk/Source/JavaScriptCore/jit/JITOperations.h

@@ -128 +128 @@
 typedef void JIT_OPERATION (*V_JITOperation_ECZ)(ExecState*, JSCell*, int32_t);
 typedef void JIT_OPERATION (*V_JITOperation_ECC)(ExecState*, JSCell*, JSCell*);
-typedef void JIT_OPERATION (*V_JITOperation_EJCI)(ExecState*, EncodedJSValue, JSCell*, StringImpl*);
+typedef void JIT_OPERATION (*V_JITOperation_EJJI)(ExecState*, EncodedJSValue, EncodedJSValue, StringImpl*);
 typedef void JIT_OPERATION (*V_JITOperation_EJJJ)(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue);
 typedef void JIT_OPERATION (*V_JITOperation_EJPP)(ExecState*, EncodedJSValue, void*, void*);
@@ -204 +204 @@
 EncodedJSValue JIT_OPERATION operationCallCustomGetter(ExecState*, JSCell*, PropertySlot::GetValueFunc, StringImpl*) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationCallGetter(ExecState*, JSCell*, JSCell*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdStrict(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdNonStrict(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdDirectStrict(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdDirectNonStrict(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdStrictOptimize(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdNonStrictOptimize(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdDirectStrictOptimize(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdDirectNonStrictOptimize(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdStrictBuildList(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdNonStrictBuildList(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdDirectStrictBuildList(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
-void JIT_OPERATION operationPutByIdDirectNonStrictBuildList(ExecState*, EncodedJSValue encodedValue, JSCell* base, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdStrict(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdNonStrict(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdDirectStrict(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdDirectNonStrict(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdNonStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdDirectStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdDirectNonStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdStrictBuildList(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdNonStrictBuildList(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdDirectStrictBuildList(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
+void JIT_OPERATION operationPutByIdDirectNonStrictBuildList(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl*) WTF_INTERNAL;
 void JIT_OPERATION operationReallocateStorageAndFinishPut(ExecState*, JSObject*, Structure*, PropertyOffset, EncodedJSValue) WTF_INTERNAL;
 EncodedJSValue JIT_OPERATION operationCallEval(ExecState*) WTF_INTERNAL;

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -553 +553 @@
     DataLabelCompact displacementLabel = load64WithCompactAddressOffsetPatch(Address(regT0, patchGetByIdDefaultOffset), regT0);
 
-    Label putResult(this);
+    Label done(this);
 
     END_UNINTERRUPTED_SEQUENCE(sequenceGetByIdHotPath);
 
-    m_propertyAccessCompilationInfo.append(PropertyStubCompilationInfo(PropertyStubGetById, m_bytecodeOffset, hotPathBegin, structureToCompare, structureCheck, propertyStorageLoad, displacementLabel, putResult));
+    m_propertyAccessCompilationInfo.append(PropertyStubCompilationInfo(PropertyStubGetById, m_bytecodeOffset, hotPathBegin, structureToCompare, structureCheck, propertyStorageLoad, displacementLabel, done));
 }
 
@@ -592 +592 @@
 
     // Track the location of the call; this will be used to recover patch information.
-    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(PropertyStubGetById, coldPathBegin, call);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(coldPathBegin, call);
 }
 
@@ -609 +609 @@
     emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
 
-    BEGIN_UNINTERRUPTED_SEQUENCE(sequencePutById);
-
-    Label hotPathBegin(this);
-
-    // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
     DataLabelPtr structureToCompare;
-    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, TrustedImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
-
-    ConvertibleLoadLabel propertyStorageLoad = convertibleLoadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
-    DataLabel32 displacementLabel = store64WithAddressOffsetPatch(regT1, Address(regT2, patchPutByIdDefaultOffset));
-
-    END_UNINTERRUPTED_SEQUENCE(sequencePutById);
-
+    PatchableJump structureCheck = patchableBranchPtrWithPatch(
+        NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare,
+        TrustedImmPtr(reinterpret_cast<void*>(unusedPointer)));
+    
+    addSlowCase(structureCheck);
+    
     emitWriteBarrier(regT0, regT1, regT2, regT3, ShouldFilterImmediates, WriteBarrierForPropertyAccess);
 
-    m_propertyAccessCompilationInfo.append(PropertyStubCompilationInfo(PropertyStubPutById, m_bytecodeOffset, hotPathBegin, structureToCompare, propertyStorageLoad, displacementLabel));
+    ConvertibleLoadLabel propertyStorageLoad =
+        convertibleLoadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
+    
+    DataLabel32 storeWithPatch =
+        store64WithAddressOffsetPatch(regT1, Address(regT2, patchPutByIdDefaultOffset));
+    
+    Label done = label();
+    
+    m_propertyAccessCompilationInfo.append(
+        PropertyStubCompilationInfo(
+            PropertyStubPutById, m_bytecodeOffset, structureToCompare, structureCheck,
+            propertyStorageLoad, storeWithPatch, done));
 }
 
@@ -636 +641 @@
     linkSlowCase(iter);
 
-    JITStubCall stubCall(this, direct ? cti_op_put_by_id_direct : cti_op_put_by_id);
-    stubCall.addArgument(regT0);
-    stubCall.addArgument(TrustedImmPtr(ident));
-    stubCall.addArgument(regT1);
-    move(regT0, nonArgGPR1);
-    Call call = stubCall.call();
+    Label coldPathBegin(this);
+    
+    V_JITOperation_EJJI optimizedCall;
+    if (m_codeBlock->isStrictMode()) {
+        if (direct)
+            optimizedCall = operationPutByIdDirectStrictOptimize;
+        else
+            optimizedCall = operationPutByIdStrictOptimize;
+    } else {
+        if (direct)
+            optimizedCall = operationPutByIdDirectNonStrictOptimize;
+        else
+            optimizedCall = operationPutByIdNonStrictOptimize;
+    }
+    
+    Call call = callOperation(optimizedCall, regT1, regT0, ident->impl());
 
     // Track the location of the call; this will be used to recover patch information.
-    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(PropertyStubPutById, call);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(coldPathBegin, call);
 }
 
@@ -681 +696 @@
     loadPtr(base->butterflyAddress(), result);
     load64(Address(result, offsetInButterfly(cachedOffset) * sizeof(WriteBarrier<Unknown>)), result);
-}
-
-void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, PropertyOffset cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress, bool direct)
-{
-    move(nonArgGPR1, regT0);
-
-    JumpList failureCases;
-    // Check eax is an object of the right Structure.
-    failureCases.append(emitJumpIfNotJSCell(regT0));
-    failureCases.append(branchPtr(NotEqual, Address(regT0, JSCell::structureOffset()), TrustedImmPtr(oldStructure)));
-    
-    testPrototype(oldStructure->storedPrototype(), failureCases, stubInfo);
-    
-    ASSERT(oldStructure->storedPrototype().isNull() || oldStructure->storedPrototype().asCell()->structure() == chain->head()->get());
-
-    // ecx = baseObject->m_structure
-    if (!direct) {
-        for (WriteBarrier<Structure>* it = chain->head(); *it; ++it) {
-            ASSERT((*it)->storedPrototype().isNull() || (*it)->storedPrototype().asCell()->structure() == it[1].get());
-            testPrototype((*it)->storedPrototype(), failureCases, stubInfo);
-        }
-    }
-
-    // If we succeed in all of our checks, and the code was optimizable, then make sure we
-    // decrement the rare case counter.
-#if ENABLE(VALUE_PROFILER)
-    if (m_codeBlock->capabilityLevelState() != DFG::CannotCompile) {
-        sub32(
-            TrustedImm32(1),
-            AbsoluteAddress(&m_codeBlock->rareCaseProfileForBytecodeOffset(stubInfo->codeOrigin.bytecodeIndex)->m_counter));
-    }
-#endif
-    
-    // emit a call only if storage realloc is needed
-    bool willNeedStorageRealloc = oldStructure->outOfLineCapacity() != newStructure->outOfLineCapacity();
-    if (willNeedStorageRealloc) {
-        // This trampoline was called to like a JIT stub; before we can can call again we need to
-        // remove the return address from the stack, to prevent the stack from becoming misaligned.
-        preserveReturnAddressAfterCall(regT3);
- 
-        JITStubCall stubCall(this, cti_op_put_by_id_transition_realloc);
-        stubCall.skipArgument(); // base
-        stubCall.skipArgument(); // ident
-        stubCall.skipArgument(); // value
-        stubCall.addArgument(TrustedImm32(oldStructure->outOfLineCapacity()));
-        stubCall.addArgument(TrustedImmPtr(newStructure));
-        stubCall.call(regT0);
-        emitGetJITStubArg(2, regT1);
-
-        restoreReturnAddressBeforeReturn(regT3);
-    }
-
-    // Planting the new structure triggers the write barrier so we need
-    // an unconditional barrier here.
-    emitWriteBarrier(regT0, regT1, regT2, regT3, UnconditionalWriteBarrier, WriteBarrierForPropertyAccess);
-
-    ASSERT(newStructure->classInfo() == oldStructure->classInfo());
-    storePtr(TrustedImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
-    compilePutDirectOffset(regT0, regT1, cachedOffset);
-
-    ret();
-    
-    ASSERT(!failureCases.empty());
-    failureCases.link(this);
-    restoreArgumentReferenceForTrampoline();
-    Call failureCall = tailRecursiveCall();
-
-    LinkBuffer patchBuffer(*m_vm, this, m_codeBlock);
-
-    patchBuffer.link(failureCall, FunctionPtr(direct ? cti_op_put_by_id_direct_fail : cti_op_put_by_id_fail));
-
-    if (willNeedStorageRealloc) {
-        ASSERT(m_calls.size() == 1);
-        patchBuffer.link(m_calls[0].from, FunctionPtr(cti_op_put_by_id_transition_realloc));
-    }
-    
-    stubInfo->stubRoutine = createJITStubRoutine(
-        FINALIZE_CODE(
-            patchBuffer,
-            ("Baseline put_by_id transition for %s, return point %p",
-                toCString(*m_codeBlock).data(), returnAddress.value())),
-        *m_vm,
-        m_codeBlock->ownerExecutable(),
-        willNeedStorageRealloc,
-        newStructure);
-    RepatchBuffer repatchBuffer(m_codeBlock);
-    repatchBuffer.relinkCallerToTrampoline(returnAddress, CodeLocationLabel(stubInfo->stubRoutine->code().code()));
 }
 
@@ -782 +710 @@
     repatchBuffer.setLoadInstructionIsActive(stubInfo->hotPathBegin.convertibleLoadAtOffset(stubInfo->patch.baseline.u.get.propertyStorageLoad), isOutOfLineOffset(cachedOffset));
     repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelCompactAtOffset(stubInfo->patch.baseline.u.get.displacementLabel), offsetRelativeToPatchedStorage(cachedOffset));
-}
-
-void JIT::patchPutByIdReplace(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, PropertyOffset cachedOffset, ReturnAddressPtr returnAddress, bool direct)
-{
-    RepatchBuffer repatchBuffer(codeBlock);
-
-    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
-    // Should probably go to cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-
-    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(stubInfo->patch.baseline.u.put.structureToCompare), structure);
-    repatchBuffer.setLoadInstructionIsActive(stubInfo->hotPathBegin.convertibleLoadAtOffset(stubInfo->patch.baseline.u.put.propertyStorageLoad), isOutOfLineOffset(cachedOffset));
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(stubInfo->patch.baseline.u.put.displacementLabel), offsetRelativeToPatchedStorage(cachedOffset));
 }
 
@@ -1429 +1343 @@
 }
 
-void JIT::resetPatchPutById(RepatchBuffer& repatchBuffer, StructureStubInfo* stubInfo)
-{
-    if (isDirectPutById(stubInfo))
-        repatchBuffer.relink(stubInfo->callReturnLocation, cti_op_put_by_id_direct);
-    else
-        repatchBuffer.relink(stubInfo->callReturnLocation, cti_op_put_by_id);
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(stubInfo->patch.baseline.u.put.structureToCompare), reinterpret_cast<void*>(unusedPointer));
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(stubInfo->patch.baseline.u.put.displacementLabel), 0);
-}
-
 #endif // USE(JSVALUE64)
 
@@ -1504 +1408 @@
     ASSERT(prototype.isCell());
     addStructureTransitionCheck(prototype.asCell(), prototype.asCell()->structure(), stubInfo, failureCases, regT3);
-}
-
-bool JIT::isDirectPutById(StructureStubInfo* stubInfo)
-{
-    switch (stubInfo->accessType) {
-    case access_put_by_id_transition_normal:
-        return false;
-    case access_put_by_id_transition_direct:
-        return true;
-    case access_put_by_id_replace:
-    case access_put_by_id_generic: {
-        void* oldCall = MacroAssembler::readCallTarget(stubInfo->callReturnLocation).executableAddress();
-        if (oldCall == bitwise_cast<void*>(cti_op_put_by_id_direct)
-            || oldCall == bitwise_cast<void*>(cti_op_put_by_id_direct_generic)
-            || oldCall == bitwise_cast<void*>(cti_op_put_by_id_direct_fail))
-            return true;
-        ASSERT(oldCall == bitwise_cast<void*>(cti_op_put_by_id)
-               || oldCall == bitwise_cast<void*>(cti_op_put_by_id_generic)
-               || oldCall == bitwise_cast<void*>(cti_op_put_by_id_fail));
-        return false;
-    }
-    default:
-        RELEASE_ASSERT_NOT_REACHED();
-        return false;
-    }
 }
 

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -530 +530 @@
     
     // Track the location of the call; this will be used to recover patch information.
-    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(PropertyStubGetById, coldPathBegin, call);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(coldPathBegin, call);
 }
 
@@ -546 +546 @@
     emitJumpSlowCaseIfNotJSCell(base, regT1);
     
+    DataLabelPtr structureToCompare;
+    PatchableJump structureCheck = patchableBranchPtrWithPatch(
+        NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare,
+        TrustedImmPtr(reinterpret_cast<void*>(unusedPointer)));
+    
+    addSlowCase(structureCheck);
+    
+    emitWriteBarrier(regT0, regT2, regT1, regT2, ShouldFilterImmediates, WriteBarrierForPropertyAccess);
+
+    ConvertibleLoadLabel propertyStorageLoad =
+        convertibleLoadPtr(Address(regT0, JSObject::butterflyOffset()), regT1);
+    
+    // Payload.
+    DataLabel32 storeWithPatch1 =
+        store32WithAddressOffsetPatch(regT2, Address(regT1, patchPutByIdDefaultOffset));
+    // Tag.
+    DataLabel32 storeWithPatch2 =
+        store32WithAddressOffsetPatch(regT3, Address(regT1, patchPutByIdDefaultOffset));
+    
+    Label done = label();
+    
+    m_propertyAccessCompilationInfo.append(
+        PropertyStubCompilationInfo(
+            PropertyStubPutById, m_bytecodeOffset, structureToCompare, structureCheck,
+            propertyStorageLoad, storeWithPatch1, storeWithPatch2, done));
     BEGIN_UNINTERRUPTED_SEQUENCE(sequencePutById);
-    
-    Label hotPathBegin(this);
-    
-    // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
-    DataLabelPtr structureToCompare;
-    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, JSCell::structureOffset()), structureToCompare, TrustedImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
-    
-    ConvertibleLoadLabel propertyStorageLoad = convertibleLoadPtr(Address(regT0, JSObject::butterflyOffset()), regT1);
-    DataLabel32 displacementLabel1 = storePtrWithAddressOffsetPatch(regT2, Address(regT1, patchPutByIdDefaultOffset)); // payload
-    DataLabel32 displacementLabel2 = storePtrWithAddressOffsetPatch(regT3, Address(regT1, patchPutByIdDefaultOffset)); // tag
-    
-    END_UNINTERRUPTED_SEQUENCE(sequencePutById);
-
-    emitWriteBarrier(regT0, regT2, regT1, regT2, ShouldFilterImmediates, WriteBarrierForPropertyAccess);
-
-    m_propertyAccessCompilationInfo.append(PropertyStubCompilationInfo(PropertyStubPutById, m_bytecodeOffset, hotPathBegin, structureToCompare, propertyStorageLoad, displacementLabel1, displacementLabel2));
 }
 
@@ -568 +577 @@
 {
     int base = currentInstruction[1].u.operand;
-    int ident = currentInstruction[2].u.operand;
+    const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[2].u.operand));
     int direct = currentInstruction[8].u.operand;
 
@@ -574 +583 @@
     linkSlowCase(iter);
     
-    JITStubCall stubCall(this, direct ? cti_op_put_by_id_direct : cti_op_put_by_id);
-    stubCall.addArgument(base);
-    stubCall.addArgument(TrustedImmPtr(&(m_codeBlock->identifier(ident))));
-    stubCall.addArgument(regT3, regT2); 
-    Call call = stubCall.call();
-    
+    Label coldPathBegin(this);
+    
+    V_JITOperation_EJJI optimizedCall;
+    if (m_codeBlock->isStrictMode()) {
+        if (direct)
+            optimizedCall = operationPutByIdDirectStrictOptimize;
+        else
+            optimizedCall = operationPutByIdStrictOptimize;
+    } else {
+        if (direct)
+            optimizedCall = operationPutByIdDirectNonStrictOptimize;
+        else
+            optimizedCall = operationPutByIdNonStrictOptimize;
+    }
+    
+    Call call = callOperation(optimizedCall, regT3, regT2, regT1, regT0, ident->impl());
+
     // Track the location of the call; this will be used to recover patch information.
-    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(PropertyStubPutById, call);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex++].slowCaseInfo(coldPathBegin, call);
 }
 
@@ -619 +639 @@
 }
 
-void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, PropertyOffset cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress, bool direct)
-{
-    // The code below assumes that regT0 contains the basePayload and regT1 contains the baseTag. Restore them from the stack.
-#if CPU(MIPS) || CPU(SH4) || CPU(ARM)
-    // For MIPS, we don't add sizeof(void*) to the stack offset.
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT0);
-    // For MIPS, we don't add sizeof(void*) to the stack offset.
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT1);
-#else
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + sizeof(void*) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT0);
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + sizeof(void*) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT1);
-#endif
-
-    JumpList failureCases;
-    failureCases.append(branch32(NotEqual, regT1, TrustedImm32(JSValue::CellTag)));
-    failureCases.append(branchPtr(NotEqual, Address(regT0, JSCell::structureOffset()), TrustedImmPtr(oldStructure)));
-    testPrototype(oldStructure->storedPrototype(), failureCases, stubInfo);
-    
-    if (!direct) {
-        // Verify that nothing in the prototype chain has a setter for this property. 
-        for (WriteBarrier<Structure>* it = chain->head(); *it; ++it)
-            testPrototype((*it)->storedPrototype(), failureCases, stubInfo);
-    }
-
-    // If we succeed in all of our checks, and the code was optimizable, then make sure we
-    // decrement the rare case counter.
-#if ENABLE(VALUE_PROFILER)
-    if (m_codeBlock->capabilityLevelState() != DFG::CannotCompile) {
-        sub32(
-            TrustedImm32(1),
-            AbsoluteAddress(&m_codeBlock->rareCaseProfileForBytecodeOffset(stubInfo->codeOrigin.bytecodeIndex)->m_counter));
-    }
-#endif
-    
-    // Reallocate property storage if needed.
-    Call callTarget;
-    bool willNeedStorageRealloc = oldStructure->outOfLineCapacity() != newStructure->outOfLineCapacity();
-    if (willNeedStorageRealloc) {
-        // This trampoline was called to like a JIT stub; before we can can call again we need to
-        // remove the return address from the stack, to prevent the stack from becoming misaligned.
-        preserveReturnAddressAfterCall(regT3);
-        
-        JITStubCall stubCall(this, cti_op_put_by_id_transition_realloc);
-        stubCall.skipArgument(); // base
-        stubCall.skipArgument(); // ident
-        stubCall.skipArgument(); // value
-        stubCall.addArgument(TrustedImm32(oldStructure->outOfLineCapacity()));
-        stubCall.addArgument(TrustedImmPtr(newStructure));
-        stubCall.call(regT0);
-
-        restoreReturnAddressBeforeReturn(regT3);
-
-#if CPU(MIPS) || CPU(SH4) || CPU(ARM)
-        // For MIPS, we don't add sizeof(void*) to the stack offset.
-        load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT0);
-        // For MIPS, we don't add sizeof(void*) to the stack offset.
-        load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT1);
-#else
-        load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + sizeof(void*) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT0);
-        load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[0]) + sizeof(void*) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT1);
-#endif
-    }
-
-    emitWriteBarrier(regT0, regT1, regT1, regT3, UnconditionalWriteBarrier, WriteBarrierForPropertyAccess);
-
-    storePtr(TrustedImmPtr(newStructure), Address(regT0, JSCell::structureOffset()));
-#if CPU(MIPS) || CPU(SH4) || CPU(ARM)
-    // For MIPS, we don't add sizeof(void*) to the stack offset.
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[2]) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT3);
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[2]) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT2);
-#else
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[2]) + sizeof(void*) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT3);
-    load32(Address(stackPointerRegister, OBJECT_OFFSETOF(JITStackFrame, args[2]) + sizeof(void*) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT2);
-#endif
-    compilePutDirectOffset(regT0, regT2, regT3, cachedOffset);
-    
-    ret();
-    
-    ASSERT(!failureCases.empty());
-    failureCases.link(this);
-    restoreArgumentReferenceForTrampoline();
-    Call failureCall = tailRecursiveCall();
-    
-    LinkBuffer patchBuffer(*m_vm, this, m_codeBlock);
-    
-    patchBuffer.link(failureCall, FunctionPtr(direct ? cti_op_put_by_id_direct_fail : cti_op_put_by_id_fail));
-    
-    if (willNeedStorageRealloc) {
-        ASSERT(m_calls.size() == 1);
-        patchBuffer.link(m_calls[0].from, FunctionPtr(cti_op_put_by_id_transition_realloc));
-    }
-    
-    stubInfo->stubRoutine = createJITStubRoutine(
-        FINALIZE_CODE(
-            patchBuffer,
-            ("Baseline put_by_id transition stub for %s, return point %p",
-                toCString(*m_codeBlock).data(), returnAddress.value())),
-        *m_vm,
-        m_codeBlock->ownerExecutable(),
-        willNeedStorageRealloc,
-        newStructure);
-    RepatchBuffer repatchBuffer(m_codeBlock);
-    repatchBuffer.relinkCallerToTrampoline(returnAddress, CodeLocationLabel(stubInfo->stubRoutine->code().code()));
-}
-
 void JIT::patchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, PropertyOffset cachedOffset, ReturnAddressPtr returnAddress)
 {
@@ -737 +652 @@
     repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelCompactAtOffset(stubInfo->patch.baseline.u.get.displacementLabel1), offsetRelativeToPatchedStorage(cachedOffset) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)); // payload
     repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelCompactAtOffset(stubInfo->patch.baseline.u.get.displacementLabel2), offsetRelativeToPatchedStorage(cachedOffset) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)); // tag
-}
-
-void JIT::patchPutByIdReplace(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, PropertyOffset cachedOffset, ReturnAddressPtr returnAddress, bool direct)
-{
-    RepatchBuffer repatchBuffer(codeBlock);
-    
-    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
-    // Should probably go to cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
-    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-    
-    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(stubInfo->patch.baseline.u.put.structureToCompare), structure);
-    repatchBuffer.setLoadInstructionIsActive(stubInfo->hotPathBegin.convertibleLoadAtOffset(stubInfo->patch.baseline.u.put.propertyStorageLoad), isOutOfLineOffset(cachedOffset));
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(stubInfo->patch.baseline.u.put.displacementLabel1), offsetRelativeToPatchedStorage(cachedOffset) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)); // payload
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(stubInfo->patch.baseline.u.put.displacementLabel2), offsetRelativeToPatchedStorage(cachedOffset) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)); // tag
 }
 
@@ -1484 +1384 @@
 }
 
-void JIT::resetPatchPutById(RepatchBuffer& repatchBuffer, StructureStubInfo* stubInfo)
-{
-    if (isDirectPutById(stubInfo))
-        repatchBuffer.relink(stubInfo->callReturnLocation, cti_op_put_by_id_direct);
-    else
-        repatchBuffer.relink(stubInfo->callReturnLocation, cti_op_put_by_id);
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(stubInfo->patch.baseline.u.put.structureToCompare), reinterpret_cast<void*>(unusedPointer));
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(stubInfo->patch.baseline.u.put.displacementLabel1), 0);
-    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(stubInfo->patch.baseline.u.put.displacementLabel2), 0);
-}
-
 } // namespace JSC
 

trunk/Source/JavaScriptCore/jit/JITStubs.cpp

@@ -124 +124 @@
 }
 
-NEVER_INLINE static void tryCachePutByID(CallFrame* callFrame, CodeBlock* codeBlock, ReturnAddressPtr returnAddress, JSValue baseValue, const PutPropertySlot& slot, StructureStubInfo* stubInfo, bool direct)
-{
-    ConcurrentJITLocker locker(codeBlock->m_lock);
-    
-    // The interpreter checks for recursion here; I do not believe this can occur in CTI.
-
-    if (!baseValue.isCell())
-        return;
-
-    // Uncacheable: give up.
-    if (!slot.isCacheable()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-        return;
-    }
-    
-    JSCell* baseCell = baseValue.asCell();
-    Structure* structure = baseCell->structure();
-
-    if (structure->isUncacheableDictionary() || structure->typeInfo().prohibitsPropertyCaching()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-        return;
-    }
-
-    // If baseCell != base, then baseCell must be a proxy for another object.
-    if (baseCell != slot.base()) {
-        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-        return;
-    }
-
-    // Cache hit: Specialize instruction and ref Structures.
-
-    // Structure transition, cache transition info
-    if (slot.type() == PutPropertySlot::NewProperty) {
-        if (structure->isDictionary()) {
-            ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-            return;
-        }
-
-        // put_by_id_transition checks the prototype chain for setters.
-        if (normalizePrototypeChain(callFrame, baseCell) == InvalidPrototypeChain) {
-            ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(direct ? cti_op_put_by_id_direct_generic : cti_op_put_by_id_generic));
-            return;
-        }
-
-        StructureChain* prototypeChain = structure->prototypeChain(callFrame);
-        ASSERT(structure->previousID()->transitionWatchpointSetHasBeenInvalidated());
-        stubInfo->initPutByIdTransition(callFrame->vm(), codeBlock->ownerExecutable(), structure->previousID(), structure, prototypeChain, direct);
-        JIT::compilePutByIdTransition(callFrame->scope()->vm(), codeBlock, stubInfo, structure->previousID(), structure, slot.cachedOffset(), prototypeChain, returnAddress, direct);
-        return;
-    }
-    
-    stubInfo->initPutByIdReplace(callFrame->vm(), codeBlock->ownerExecutable(), structure);
-
-    JIT::patchPutByIdReplace(codeBlock, stubInfo, structure, slot.cachedOffset(), returnAddress, direct);
-}
-
 NEVER_INLINE static void tryCacheGetByID(CallFrame* callFrame, CodeBlock* codeBlock, ReturnAddressPtr returnAddress, JSValue baseValue, const Identifier& propertyName, const PropertySlot& slot, StructureStubInfo* stubInfo)
 {
@@ -437 +381 @@
 }
 
-DEFINE_STUB_FUNCTION(void, op_put_by_id_generic)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    PutPropertySlot slot(
-        stackFrame.callFrame->codeBlock()->isStrictMode(),
-        stackFrame.callFrame->codeBlock()->putByIdContext());
-    stackFrame.args[0].jsValue().put(stackFrame.callFrame, stackFrame.args[1].identifier(), stackFrame.args[2].jsValue(), slot);
-    CHECK_FOR_EXCEPTION_AT_END();
-}
-
-DEFINE_STUB_FUNCTION(void, op_put_by_id_direct_generic)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-    
-    PutPropertySlot slot(
-        stackFrame.callFrame->codeBlock()->isStrictMode(),
-        stackFrame.callFrame->codeBlock()->putByIdContext());
-    JSValue baseValue = stackFrame.args[0].jsValue();
-    ASSERT(baseValue.isObject());
-    asObject(baseValue)->putDirect(stackFrame.callFrame->vm(), stackFrame.args[1].identifier(), stackFrame.args[2].jsValue(), slot);
-    CHECK_FOR_EXCEPTION_AT_END();
-}
-
 DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_generic)
 {
@@ -474 +394 @@
     CHECK_FOR_EXCEPTION_AT_END();
     return JSValue::encode(result);
-}
-
-DEFINE_STUB_FUNCTION(void, op_put_by_id)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-    CallFrame* callFrame = stackFrame.callFrame;
-    Identifier& ident = stackFrame.args[1].identifier();
-    
-    CodeBlock* codeBlock = stackFrame.callFrame->codeBlock();
-    StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
-    AccessType accessType = static_cast<AccessType>(stubInfo->accessType);
-
-    PutPropertySlot slot(
-        callFrame->codeBlock()->isStrictMode(),
-        callFrame->codeBlock()->putByIdContext());
-    stackFrame.args[0].jsValue().put(callFrame, ident, stackFrame.args[2].jsValue(), slot);
-    
-    if (accessType == static_cast<AccessType>(stubInfo->accessType)) {
-        stubInfo->setSeen();
-        tryCachePutByID(callFrame, codeBlock, STUB_RETURN_ADDRESS, stackFrame.args[0].jsValue(), slot, stubInfo, false);
-    }
-    
-    CHECK_FOR_EXCEPTION_AT_END();
-}
-
-DEFINE_STUB_FUNCTION(void, op_put_by_id_direct)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-    CallFrame* callFrame = stackFrame.callFrame;
-    Identifier& ident = stackFrame.args[1].identifier();
-    
-    CodeBlock* codeBlock = stackFrame.callFrame->codeBlock();
-    StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
-    AccessType accessType = static_cast<AccessType>(stubInfo->accessType);
-
-    PutPropertySlot slot(
-        callFrame->codeBlock()->isStrictMode(),
-        callFrame->codeBlock()->putByIdContext());
-    JSValue baseValue = stackFrame.args[0].jsValue();
-    ASSERT(baseValue.isObject());
-    
-    asObject(baseValue)->putDirect(callFrame->vm(), ident, stackFrame.args[2].jsValue(), slot);
-    
-    if (accessType == static_cast<AccessType>(stubInfo->accessType)) {
-        stubInfo->setSeen();
-        tryCachePutByID(callFrame, codeBlock, STUB_RETURN_ADDRESS, stackFrame.args[0].jsValue(), slot, stubInfo, true);
-    }
-    
-    CHECK_FOR_EXCEPTION_AT_END();
-}
-
-DEFINE_STUB_FUNCTION(void, op_put_by_id_fail)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    CallFrame* callFrame = stackFrame.callFrame;
-    Identifier& ident = stackFrame.args[1].identifier();
-    
-    PutPropertySlot slot(
-        callFrame->codeBlock()->isStrictMode(),
-        callFrame->codeBlock()->putByIdContext());
-    stackFrame.args[0].jsValue().put(callFrame, ident, stackFrame.args[2].jsValue(), slot);
-
-    CHECK_FOR_EXCEPTION_AT_END();
-}
-
-DEFINE_STUB_FUNCTION(void, op_put_by_id_direct_fail)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-    
-    CallFrame* callFrame = stackFrame.callFrame;
-    Identifier& ident = stackFrame.args[1].identifier();
-    
-    PutPropertySlot slot(
-        callFrame->codeBlock()->isStrictMode(),
-        callFrame->codeBlock()->putByIdContext());
-    JSValue baseValue = stackFrame.args[0].jsValue();
-    ASSERT(baseValue.isObject());
-    asObject(baseValue)->putDirect(callFrame->vm(), ident, stackFrame.args[2].jsValue(), slot);
-    
-    CHECK_FOR_EXCEPTION_AT_END();
-}
-
-DEFINE_STUB_FUNCTION(JSObject*, op_put_by_id_transition_realloc)
-{
-    STUB_INIT_STACK_FRAME(stackFrame);
-
-    JSValue baseValue = stackFrame.args[0].jsValue();
-    int32_t oldSize = stackFrame.args[3].int32();
-    Structure* newStructure = stackFrame.args[4].structure();
-    int32_t newSize = newStructure->outOfLineCapacity();
-    
-    ASSERT(oldSize >= 0);
-    ASSERT(newSize > oldSize);
-
-    ASSERT(baseValue.isObject());
-    JSObject* base = asObject(baseValue);
-    VM& vm = *stackFrame.vm;
-    Butterfly* butterfly = base->growOutOfLineStorage(vm, oldSize, newSize);
-    base->setStructureAndButterfly(vm, newStructure, butterfly);
-
-    return base;
 }
 

trunk/Source/JavaScriptCore/jit/JITStubs.h

@@ -346 +346 @@
 void JIT_STUB cti_op_push_name_scope(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_push_with_scope(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-JSObject* JIT_STUB cti_op_put_by_id_transition_realloc(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_handle_watchdog_timer(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_debug(STUB_ARGS_DECLARATION) WTF_INTERNAL;
@@ -352 +351 @@
 void JIT_STUB cti_op_profile_did_call(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_profile_will_call(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void JIT_STUB cti_op_put_by_id(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void JIT_STUB cti_op_put_by_id_fail(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void JIT_STUB cti_op_put_by_id_generic(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void JIT_STUB cti_op_put_by_id_direct(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void JIT_STUB cti_op_put_by_id_direct_fail(STUB_ARGS_DECLARATION) WTF_INTERNAL;
-void JIT_STUB cti_op_put_by_id_direct_generic(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_put_by_index(STUB_ARGS_DECLARATION) WTF_INTERNAL;
 void JIT_STUB cti_op_put_by_val(STUB_ARGS_DECLARATION) WTF_INTERNAL;

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -605 +605 @@
 }
 
-static V_JITOperation_EJCI appropriateGenericPutByIdFunction(const PutPropertySlot &slot, PutKind putKind)
+static V_JITOperation_EJJI appropriateGenericPutByIdFunction(const PutPropertySlot &slot, PutKind putKind)
 {
     if (slot.isStrictMode()) {
@@ -617 +617 @@
 }
 
-static V_JITOperation_EJCI appropriateListBuildingPutByIdFunction(const PutPropertySlot &slot, PutKind putKind)
+static V_JITOperation_EJJI appropriateListBuildingPutByIdFunction(const PutPropertySlot &slot, PutKind putKind)
 {
     if (slot.isStrictMode()) {
@@ -1376 +1376 @@
 void resetPutByID(RepatchBuffer& repatchBuffer, StructureStubInfo& stubInfo)
 {
-    V_JITOperation_EJCI unoptimizedFunction = bitwise_cast<V_JITOperation_EJCI>(MacroAssembler::readCallTarget(stubInfo.callReturnLocation).executableAddress());
-    V_JITOperation_EJCI optimizedFunction;
+    V_JITOperation_EJJI unoptimizedFunction = bitwise_cast<V_JITOperation_EJJI>(MacroAssembler::readCallTarget(stubInfo.callReturnLocation).executableAddress());
+    V_JITOperation_EJJI optimizedFunction;
     if (unoptimizedFunction == operationPutByIdStrict || unoptimizedFunction == operationPutByIdStrictBuildList)
         optimizedFunction = operationPutByIdStrictOptimize;