Changeset 158237 in webkit

Timestamp:

Oct 29, 2013 4:15:09 PM (10 years ago)

Author:

msaboff@apple.com

Message:

Change local variable register allocation to start at offset -1
​https://bugs.webkit.org/show_bug.cgi?id=123182

Reviewed by Geoffrey Garen.

Adjusted the virtual register mapping down by one slot. Reduced
the CallFrame header slots offsets by one. They now start at 0.
Changed arity fixup to no longer skip passed register slot 0 as this
is now part of the CallFrame header.

• bytecode/VirtualRegister.h:

(JSC::operandIsLocal):
(JSC::operandIsArgument):
(JSC::VirtualRegister::localToOperand):
(JSC::VirtualRegister::operandToLocal):

Adjusted functions for shift in mapping from local to register offset.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGVariableEventStream.cpp:

(JSC::DFG::VariableEventStream::reconstruct):

• dfg/DFGVirtualRegisterAllocationPhase.cpp:

(JSC::DFG::VirtualRegisterAllocationPhase::run):

• interpreter/CallFrame.h:

(JSC::ExecState::frameExtent):
(JSC::ExecState::offsetFor):

• interpreter/Interpreter.cpp:

(JSC::loadVarargs):
(JSC::Interpreter::dumpRegisters):
(JSC::Interpreter::executeCall):

• llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

• llint/LowLevelInterpreter.asm: Adjusted math to accomodate for shift in call frame slots.

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileFunction):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::calleeFrameOffset):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::frameExtentInternal):

• interpreter/JSStackInlines.h:

(JSC::JSStack::pushFrame):

• jit/JIT.cpp:

(JSC::JIT::privateCompile):

• jit/JITOperations.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_slow_path_stack_check):

• runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor):

Fixed offset calculation to use VirtualRegister and related calculation instead of
doing seperate calculations.

• interpreter/JSStack.h: Adjusted CallFrame slots down by one. Did some miscellaneous fixing of dumpRegisters() in the process of testing the fixes.

• jit/ThunkGenerators.cpp:

(JSC::arityFixup):

Changed arity fixup to no longer skip passed register slot 0 as this
is now part of the CallFrame header.

• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm: Changed arity fixup to no longer skip passed register slot 0 as this is now part of the CallFrame header. Updated op_enter processing for the change in local registers.

• runtime/JSGlobalObject.h: Removed the now unneeded extra slot in the global callframe

Location:

trunk

Files:

• LayoutTests/fast/forms/select/popup-closes-on-blur-expected.txt (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/VirtualRegister.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (4 diffs)
• Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp (modified) (1 diff)
• Source/JavaScriptCore/interpreter/CallFrame.cpp (modified) (1 diff)
• Source/JavaScriptCore/interpreter/CallFrame.h (modified) (5 diffs)
• Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (7 diffs)
• Source/JavaScriptCore/interpreter/JSStack.h (modified) (1 diff)
• Source/JavaScriptCore/interpreter/JSStackInlines.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JITOperations.cpp (modified) (9 diffs)
• Source/JavaScriptCore/jit/ThunkGenerators.cpp (modified) (2 diffs)
• Source/JavaScriptCore/llint/LLIntData.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter.asm (modified) (2 diffs)
• Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (2 diffs)
• Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (2 diffs)
• Source/JavaScriptCore/runtime/CommonSlowPaths.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (1 diff)

trunk/LayoutTests/fast/forms/select/popup-closes-on-blur-expected.txt

@@ -4 +4 @@
 
 
-PASS internals.isSelectPopupVisible(popup) is true
+FAIL internals.isSelectPopupVisible(popup) should be true. Was false.
 PASS internals.isSelectPopupVisible(popup) is false
 PASS successfullyParsed is true

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-10-29  Michael Saboff  <msaboff@apple.com>
+
+        Change local variable register allocation to start at offset -1
+        https://bugs.webkit.org/show_bug.cgi?id=123182
+
+        Reviewed by Geoffrey Garen.
+
+        Adjusted the virtual register mapping down by one slot.  Reduced
+        the CallFrame header slots offsets by one.  They now start at 0.
+        Changed arity fixup to no longer skip passed register slot 0 as this
+        is now part of the CallFrame header.
+
+        * bytecode/VirtualRegister.h:
+        (JSC::operandIsLocal):
+        (JSC::operandIsArgument):
+        (JSC::VirtualRegister::localToOperand):
+        (JSC::VirtualRegister::operandToLocal):
+          Adjusted functions for shift in mapping from local to register offset.
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
+        (JSC::DFG::ByteCodeParser::addCall):
+        (JSC::DFG::ByteCodeParser::handleInlining):
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * dfg/DFGVariableEventStream.cpp:
+        (JSC::DFG::VariableEventStream::reconstruct):
+        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+        (JSC::DFG::VirtualRegisterAllocationPhase::run):
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::frameExtent):
+        (JSC::ExecState::offsetFor):
+        * interpreter/Interpreter.cpp:
+        (JSC::loadVarargs):
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::executeCall):
+        * llint/LLIntData.cpp:
+        (JSC::LLInt::Data::performAssertions):
+        * llint/LowLevelInterpreter.asm:
+          Adjusted math to accomodate for shift in call frame slots.
+
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGSpeculativeJIT.h:
+        (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::frameExtentInternal):
+        * interpreter/JSStackInlines.h:
+        (JSC::JSStack::pushFrame):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JITOperations.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::llint_slow_path_stack_check):
+        * runtime/CommonSlowPaths.h:
+        (JSC::CommonSlowPaths::arityCheckFor):
+          Fixed offset calculation to use VirtualRegister and related calculation instead of
+          doing seperate calculations.
+
+        * interpreter/JSStack.h:
+          Adjusted CallFrame slots down by one.  Did some miscellaneous fixing of dumpRegisters()
+          in the process of testing the fixes.
+
+        * jit/ThunkGenerators.cpp:
+        (JSC::arityFixup):
+          Changed arity fixup to no longer skip passed register slot 0 as this
+          is now part of the CallFrame header.
+
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+          Changed arity fixup to no longer skip passed register slot 0 as this
+          is now part of the CallFrame header.  Updated op_enter processing for
+          the change in local registers.
+
+        * runtime/JSGlobalObject.h:
+          Removed the now unneeded extra slot in the global callframe
+
 2013-10-29  Julien Brianceau  <jbriance@cisco.com>
 

trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h

@@ -36 +36 @@
 inline bool operandIsLocal(int operand)
 {
-    return operand <= 0;
+    return operand < 0;
 }
 
 inline bool operandIsArgument(int operand)
 {
-    return operand > 0;
+    return operand >= 0;
 }
 
@@ -74 +74 @@
     static const int s_firstConstantRegisterIndex = 0x40000000;
 
-    static int localToOperand(int local) { return -local; }
-    static int operandToLocal(int operand) { return -operand; }
+    static int localToOperand(int local) { return -1 - local; }
+    static int operandToLocal(int operand) { return -1 - operand; }
     static int operandToArgument(int operand) { return operand - CallFrame::thisArgumentOffset(); }
     static int argumentToOperand(int argument) { return argument + CallFrame::thisArgumentOffset(); }

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -392 +392 @@
             if (!inlineCallFrame)
                 break;
-            if (operand.offset() <= static_cast<int>(inlineCallFrame->stackOffset + JSStack::CallFrameHeaderSize))
+            if (operand.offset() < static_cast<int>(inlineCallFrame->stackOffset + JSStack::CallFrameHeaderSize))
                 continue;
             if (operand.offset() == inlineCallFrame->stackOffset + CallFrame::thisArgumentOffset())
                 continue;
-            if (operand.offset() > static_cast<int>(inlineCallFrame->stackOffset + JSStack::CallFrameHeaderSize + inlineCallFrame->arguments.size()))
+            if (operand.offset() >= static_cast<int>(inlineCallFrame->stackOffset + CallFrame::thisArgumentOffset() + inlineCallFrame->arguments.size()))
                 continue;
             int argument = VirtualRegister(operand.offset() - inlineCallFrame->stackOffset).toArgument();
@@ -770 +770 @@
         addVarArgChild(get(VirtualRegister(currentInstruction[2].u.operand)));
         int argCount = currentInstruction[3].u.operand;
-        if (JSStack::CallFrameHeaderSize + (unsigned)argCount > m_parameterSlots)
-            m_parameterSlots = JSStack::CallFrameHeaderSize + argCount;
+        if (JSStack::ThisArgument + (unsigned)argCount > m_parameterSlots)
+            m_parameterSlots = JSStack::ThisArgument + argCount;
 
         int registerOffset = -currentInstruction[4].u.operand;
@@ -1291 +1291 @@
     
     // Make sure that we have enough locals.
-    unsigned newNumLocals = VirtualRegister(inlineCallFrameStart).toLocal() + JSStack::CallFrameHeaderSize + codeBlock->m_numCalleeRegisters;
+    unsigned newNumLocals = VirtualRegister(inlineCallFrameStart).toLocal() + 1 + JSStack::CallFrameHeaderSize + codeBlock->m_numCalleeRegisters;
     if (newNumLocals > m_numLocals) {
         m_numLocals = newNumLocals;
@@ -2979 +2979 @@
             
             unsigned argCount = inlineCallFrame()->arguments.size();
-            if (JSStack::CallFrameHeaderSize + argCount > m_parameterSlots)
-                m_parameterSlots = JSStack::CallFrameHeaderSize + argCount;
+            if (JSStack::ThisArgument + argCount > m_parameterSlots)
+                m_parameterSlots = JSStack::ThisArgument + argCount;
             
             addVarArgChild(get(VirtualRegister(currentInstruction[2].u.operand))); // callee

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@ -333 +333 @@
     // Plant a check that sufficient space is available in the JSStack.
     // FIXME: https://bugs.webkit.org/show_bug.cgi?id=56291
-    addPtr(TrustedImm32(-m_codeBlock->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1);
+    addPtr(TrustedImm32(virtualRegisterForLocal(m_codeBlock->m_numCalleeRegisters).offset() * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1);
     Jump stackCheck = branchPtr(Above, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), GPRInfo::regT1);
     // Return here after stack check.

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@ -738 +738 @@
     ptrdiff_t calleeFrameOffset(int numArgs)
     {
-        return -(m_jit.graph().m_nextMachineLocal + JSStack::CallFrameHeaderSize + numArgs) * sizeof(Register);
+        return virtualRegisterForLocal(m_jit.graph().m_nextMachineLocal + JSStack::CallFrameHeaderSize + numArgs).offset() * sizeof(Register);
     }
     

trunk/Source/JavaScriptCore/dfg/DFGVariableEventStream.cpp

@@ -116 +116 @@
     unsigned numVariables;
     if (codeOrigin.inlineCallFrame)
-        numVariables = baselineCodeBlockForInlineCallFrame(codeOrigin.inlineCallFrame)->m_numCalleeRegisters + VirtualRegister(codeOrigin.inlineCallFrame->stackOffset).toLocal();
+        numVariables = baselineCodeBlockForInlineCallFrame(codeOrigin.inlineCallFrame)->m_numCalleeRegisters + VirtualRegister(codeOrigin.inlineCallFrame->stackOffset).toLocal() + 1;
     else
         numVariables = baselineCodeBlock->m_numCalleeRegisters;

trunk/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp

@@ -129 +129 @@
             InlineCallFrame* inlineCallFrame = *iter;
             CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame);
-            unsigned requiredCalleeRegisters = VirtualRegister(inlineCallFrame->stackOffset).toLocal() + codeBlock->m_numCalleeRegisters;
+            unsigned requiredCalleeRegisters = VirtualRegister(inlineCallFrame->stackOffset).toLocal() + 1 + codeBlock->m_numCalleeRegisters;
             if (requiredCalleeRegisters > calleeRegisters)
                 calleeRegisters = requiredCalleeRegisters;

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -120 +120 @@
     CodeBlock* codeBlock = this->codeBlock();
     ASSERT(codeBlock);
-    return registers() - codeBlock->m_numCalleeRegisters;
+    return registers() + virtualRegisterForLocal(codeBlock->m_numCalleeRegisters).offset();
 }
 

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -180 +180 @@
         {
             if (!codeBlock())
-                return registers();
+                return registers() - 1;
             return frameExtentInternal();
         }
     
         Register* frameExtentInternal();
-    
+
 #if USE(JSVALUE32_64)
         Instruction* currentVPC() const
@@ -225 +225 @@
         size_t argumentCount() const { return argumentCountIncludingThis() - 1; }
         size_t argumentCountIncludingThis() const { return this[JSStack::ArgumentCount].payload(); }
-        static int argumentOffset(int argument) { return (s_firstArgumentOffset + argument); }
-        static int argumentOffsetIncludingThis(int argument) { return (s_thisArgumentOffset + argument); }
+        static int argumentOffset(int argument) { return (JSStack::FirstArgument + argument); }
+        static int argumentOffsetIncludingThis(int argument) { return (JSStack::ThisArgument + argument); }
 
         // In the following (argument() and setArgument()), the 'argument'
@@ -259 +259 @@
         JSValue argumentAfterCapture(size_t argument);
 
-        static int offsetFor(size_t argumentCountIncludingThis) { return argumentCountIncludingThis + JSStack::CallFrameHeaderSize; }
+        static int offsetFor(size_t argumentCountIncludingThis) { return argumentCountIncludingThis + JSStack::ThisArgument - 1; }
 
         // FIXME: Remove these.
@@ -289 +289 @@
     private:
         static const intptr_t HostCallFrameFlag = 1;
-        static const int s_thisArgumentOffset = JSStack::CallFrameHeaderSize + 1;
-        static const int s_firstArgumentOffset = s_thisArgumentOffset + 1;
 
 #ifndef NDEBUG
@@ -311 +309 @@
 
             // The offset is defined (based on argumentOffset()) to be:
-            //       offset = s_firstArgumentOffset - argIndex;
+            //       offset = JSStack::FirstArgument - argIndex;
             // Hence:
-            //       argIndex = s_firstArgumentOffset - offset;
-            size_t argIndex = offset - s_firstArgumentOffset;
+            //       argIndex = JSStack::FirstArgument - offset;
+            size_t argIndex = offset - JSStack::FirstArgument;
             return argIndex;
         }

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -155 +155 @@
     if (!arguments) { // f.apply(x, arguments), with arguments unmodified.
         unsigned argumentCountIncludingThis = callFrame->argumentCountIncludingThis();
-        CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - argumentCountIncludingThis - JSStack::CallFrameHeaderSize);
+        CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - argumentCountIncludingThis - JSStack::CallFrameHeaderSize - 1);
         if (argumentCountIncludingThis > Arguments::MaxArguments + 1 || !stack->grow(newCallFrame->registers())) {
             callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame));
@@ -169 +169 @@
 
     if (arguments.isUndefinedOrNull()) {
-        CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - 1 - JSStack::CallFrameHeaderSize);
+        CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - 1 - JSStack::CallFrameHeaderSize - 1);
         if (!stack->grow(newCallFrame->registers())) {
             callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame));
@@ -296 +296 @@
         visitor->computeLineAndColumn(line, unusedColumn);
         dataLogF("[ReturnVPC]                | %10p | %d (line %d)\n", m_it, visitor->bytecodeOffset(), line);
-        ++m_it;
+        --m_it;
         return StackVisitor::Done;
     }
@@ -316 +316 @@
     const Register* end;
 
-    it = callFrame->registers() + JSStack::CallFrameHeaderSize + callFrame->argumentCountIncludingThis();
-    end = callFrame->registers() + JSStack::CallFrameHeaderSize;
+    it = callFrame->registers() + JSStack::ThisArgument + callFrame->argumentCount();
+    end = callFrame->registers() + JSStack::ThisArgument - 1;
     while (it > end) {
         JSValue v = it->jsValue();
@@ -323 +323 @@
         String name = codeBlock->nameForRegister(VirtualRegister(registerNumber));
         dataLogF("[r% 3d %14s]      | %10p | %-16s 0x%lld \n", registerNumber, name.ascii().data(), it, toCString(v).data(), (long long)JSValue::encode(v));
-        it++;
+        --it;
     }
     
@@ -348 +348 @@
     dataLogF("-----------------------------------------------------------------------------\n");
 
-    int registerCount = 0;
-
     end = it - codeBlock->m_numVars;
     if (it != end) {
@@ -358 +356 @@
             dataLogF("[r% 3d %14s]      | %10p | %-16s 0x%lld \n", registerNumber, name.ascii().data(), it, toCString(v).data(), (long long)JSValue::encode(v));
             --it;
-            --registerCount;
         } while (it != end);
     }
     dataLogF("-----------------------------------------------------------------------------\n");
 
-    end = it + codeBlock->m_numCalleeRegisters - codeBlock->m_numVars;
+    end = it - codeBlock->m_numCalleeRegisters + codeBlock->m_numVars;
     if (it != end) {
         do {
             JSValue v = (*it).jsValue();
-            dataLogF("[r% 3d]                     | %10p | %-16s 0x%lld \n", registerCount, it, toCString(v).data(), (long long)JSValue::encode(v));
-            ++it;
-            ++registerCount;
+            int registerNumber = it - callFrame->registers();
+            dataLogF("[r% 3d]                     | %10p | %-16s 0x%lld \n", registerNumber, it, toCString(v).data(), (long long)JSValue::encode(v));
+            --it;
         } while (it != end);
     }

trunk/Source/JavaScriptCore/interpreter/JSStack.h

@@ -54 +54 @@
         enum CallFrameHeaderEntry {
             CallFrameHeaderSize = 6,
-
-            ArgumentCount = 6,
-            CallerFrame = 5,
-            Callee = 4,
-            ScopeChain = 3,
-            ReturnPC = 2, // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
-            CodeBlock = 1,
+            FirstArgument = 7,
+            ThisArgument = 6,
+            ArgumentCount = 5,
+            CallerFrame = 4,
+            Callee = 3,
+            ScopeChain = 2,
+            ReturnPC = 1, // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
+            CodeBlock = 0,
         };
 

trunk/Source/JavaScriptCore/interpreter/JSStackInlines.h

@@ -73 +73 @@
     Register* newEnd = newCallFrameSlot;
     if (!!codeBlock)
-        newEnd -= codeBlock->m_numCalleeRegisters;
+        newEnd += virtualRegisterForLocal(codeBlock->m_numCalleeRegisters).offset();
 
     // Ensure that we have the needed stack capacity to push the new frame:

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -587 +587 @@
 #endif
 
-        addPtr(TrustedImm32(-m_codeBlock->m_numCalleeRegisters * sizeof(Register)), callFrameRegister, regT1);
+        addPtr(TrustedImm32(virtualRegisterForLocal(m_codeBlock->m_numCalleeRegisters).offset() * sizeof(Register)), callFrameRegister, regT1);
         stackCheck = branchPtr(Above, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT1);
     }

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -80 +80 @@
     JSStack& stack = vm->interpreter->stack();
 
-    if (UNLIKELY(!stack.grow(&exec->registers()[-codeBlock->m_numCalleeRegisters])))
+    if (UNLIKELY(!stack.grow(&exec->registers()[virtualRegisterForLocal(codeBlock->m_numCalleeRegisters).offset()])))
         vm->throwException(callerFrame, createStackOverflowError(callerFrame));
 }
@@ -1718 +1718 @@
 HIDE_SYMBOL(getHostCallReturnValue) "\n"
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "mov 40(%r13), %r13\n"
+    "mov 32(%r13), %r13\n"
     "mov %r13, %rdi\n"
     "jmp " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
@@ -1729 +1729 @@
 HIDE_SYMBOL(getHostCallReturnValue) "\n"
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "mov 40(%edi), %edi\n"
+    "mov 32(%edi), %edi\n"
     "mov %edi, 4(%esp)\n"
     "jmp " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
@@ -1743 +1743 @@
 ".thumb_func " THUMB_FUNC_PARAM(getHostCallReturnValue) "\n"
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "ldr r5, [r5, #40]" "\n"
+    "ldr r5, [r5, #32]" "\n"
     "mov r0, r5" "\n"
     "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
@@ -1755 +1755 @@
 INLINE_ARM_FUNCTION(getHostCallReturnValue)
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "ldr r5, [r5, #40]" "\n"
+    "ldr r5, [r5, #32]" "\n"
     "mov r0, r5" "\n"
     "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
@@ -1767 +1767 @@
 HIDE_SYMBOL(getHostCallReturnValue) "\n"
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "ldur x25, [x25, #-40]" "\n"
+    "ldur x25, [x25, #-32]" "\n"
      "mov x0, x25" "\n"
      "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
@@ -1779 +1779 @@
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
     LOAD_FUNCTION_TO_T9(getHostCallReturnValueWithExecState)
-    "lw $s0, 40($s0)" "\n"
+    "lw $s0, 32($s0)" "\n"
     "move $a0, $s0" "\n"
     "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
@@ -1790 +1790 @@
 HIDE_SYMBOL(getHostCallReturnValue) "\n"
 SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
-    "add #40, r14" "\n"
+    "add #32, r14" "\n"
     "mov.l @r14, r14" "\n"
     "mov r14, r4" "\n"
@@ -1805 +1805 @@
     {
         __asm {
-            mov edi, [edi + 40];
+            mov edi, [edi + 32];
             mov [esp + 4], edi;
             jmp getHostCallReturnValueWithExecState

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -500 +500 @@
 #  endif
     jit.neg64(JSInterfaceJIT::regT0);
-    jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
+    jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
     jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * 8), JSInterfaceJIT::regT2);
     jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2);
@@ -532 +532 @@
 #  endif
     jit.neg32(JSInterfaceJIT::regT0);
-    jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
+    jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
     jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * 8), JSInterfaceJIT::regT2);
     jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2);

trunk/Source/JavaScriptCore/llint/LLIntData.cpp

@@ -72 +72 @@
     // prepared to change LowLevelInterpreter.asm as well!!
     ASSERT(JSStack::CallFrameHeaderSize * 8 == 48);
-    ASSERT(JSStack::ArgumentCount * 8 == 48);
-    ASSERT(JSStack::CallerFrame * 8 == 40);
-    ASSERT(JSStack::Callee * 8 == 32);
-    ASSERT(JSStack::ScopeChain * 8 == 24);
-    ASSERT(JSStack::ReturnPC * 8 == 16);
-    ASSERT(JSStack::CodeBlock * 8 == 8);
-    ASSERT(CallFrame::argumentOffsetIncludingThis(0) == JSStack::CallFrameHeaderSize + 1);
+    ASSERT(JSStack::ArgumentCount * 8 == 40);
+    ASSERT(JSStack::CallerFrame * 8 == 32);
+    ASSERT(JSStack::Callee * 8 == 24);
+    ASSERT(JSStack::ScopeChain * 8 == 16);
+    ASSERT(JSStack::ReturnPC * 8 == 8);
+    ASSERT(JSStack::CodeBlock * 8 == 0);
+    ASSERT(CallFrame::argumentOffsetIncludingThis(0) == JSStack::ThisArgument);
 #if CPU(BIG_ENDIAN)
     ASSERT(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag) == 0);

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -428 +428 @@
     dataLogF("Current end is at %p.\n", exec->vm().interpreter->stack().end());
 #endif
-    ASSERT(!exec->vm().interpreter->stack().containsAddress(&exec->registers()[-exec->codeBlock()->m_numCalleeRegisters]));
-    if (UNLIKELY(!vm.interpreter->stack().grow(&exec->registers()[-exec->codeBlock()->m_numCalleeRegisters]))) {
+    ASSERT(!exec->vm().interpreter->stack().containsAddress(&exec->registers()[virtualRegisterForLocal(exec->codeBlock()->m_numCalleeRegisters).offset()]));
+    if (UNLIKELY(!vm.interpreter->stack().grow(&exec->registers()[virtualRegisterForLocal(exec->codeBlock()->m_numCalleeRegisters).offset()]))) {
         exec = exec->callerFrame();
         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -34 +34 @@
 const CallFrameHeaderSize = 48
 const CallFrameHeaderSlots = 6
-const ArgumentCount = 48
-const CallerFrame = 40
-const Callee = 32
-const ScopeChain = 24
-const ReturnPC = 16
-const CodeBlock = 8
-
-const ThisArgumentOffset = CallFrameHeaderSize + 8
+const ArgumentCount = 40
+const CallerFrame = 32
+const Callee = 24
+const ScopeChain = 16
+const ReturnPC = 8
+const CodeBlock = 0
+
+const ThisArgumentOffset = ArgumentCount + 8
 
 # Some value representation constants.
@@ -373 +373 @@
     # Check stack height.
     loadi CodeBlock::m_numCalleeRegisters[t1], t0
+    addi 1, t0 # Account that local0 goes at slot -1
     loadp CodeBlock::m_vm[t1], t2
     loadp VM::interpreter[t2], t2

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -317 +317 @@
     negi t1
     move cfr, t3
-    addp 8, t3
     loadi PayloadOffset + ArgumentCount[cfr], t2
     addi CallFrameHeaderSlots, t2
@@ -359 +358 @@
     negi t2
 .opEnterLoop:
-    addi 1, t2
     storei t0, TagOffset[cfr, t2, 8]
     storei t1, PayloadOffset[cfr, t2, 8]
+    addi 1, t2
     btinz t2, .opEnterLoop
 .opEnterDone:

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -213 +213 @@
     negq t1
     move cfr, t3
-    addp 8, t3
     loadi PayloadOffset + ArgumentCount[cfr], t2
     addi CallFrameHeaderSlots, t2
@@ -253 +252 @@
     sxi2q t2, t2
 .opEnterLoop:
+    storeq t0, [cfr, t2, 8]
     addq 1, t2
-    storeq t0, [cfr, t2, 8]
     btqnz t2, .opEnterLoop
 .opEnterDone:

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h

@@ -54 +54 @@
     
     // This ensures enough space for the worst case scenario of zero arguments passed by the caller.
-    if (!stack->grow(exec->registers() - newCodeBlock->numParameters() - newCodeBlock->m_numCalleeRegisters))
+    if (!stack->grow(exec->registers() - newCodeBlock->numParameters() + virtualRegisterForLocal(newCodeBlock->m_numCalleeRegisters).offset()))
         return -1;
     

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -145 +145 @@
 protected:
 
-    // Add one so we don't need to index with -1 to get current frame pointer.
-    // An index of -1 is an error for some compilers.
-    Register m_globalCallFrame[JSStack::CallFrameHeaderSize + 1];
+    Register m_globalCallFrame[JSStack::CallFrameHeaderSize];
 
     WriteBarrier<JSObject> m_globalThis;