<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[158820] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/158820">158820</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2013-11-06 21:05:03 -0800 (Wed, 06 Nov 2013)</dd>
</dl>

<h3>Log Message</h3>
<pre>IC code should handle the call frame register not being the callFrameRegister
https://bugs.webkit.org/show_bug.cgi?id=123865

Reviewed by Geoffrey Garen.
        
For now, in the FTL, the call frame may be something other than our frame pointer,
since it's an argument passed in according to whatever convention LLVM picks.
        
This is temporary in two ways - pretty soon the callFrameRegister will be the actual
frame pointer and not some other register, and LLVM will not pass the frame pointer
as an argument to IC's.

* bytecode/StructureStubInfo.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfGetById):
(JSC::FTL::sizeOfPutById):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArguments):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/Repatch.cpp:
(JSC::tryBuildGetByIDList):
(JSC::emitPutTransitionStub):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeStructureStubInfoh">trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCompilecpp">trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLInlineCacheSizecpp">trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCCallHelpersh">trunk/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlineCacheGeneratorcpp">trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlineCacheGeneratorh">trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccesscpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitRepatchcpp">trunk/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/ChangeLog        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -1,3 +1,46 @@
</span><ins>+2013-11-06  Filip Pizlo  &lt;fpizlo@apple.com&gt;
+
+        IC code should handle the call frame register not being the callFrameRegister
+        https://bugs.webkit.org/show_bug.cgi?id=123865
+
+        Reviewed by Geoffrey Garen.
+        
+        For now, in the FTL, the call frame may be something other than our frame pointer,
+        since it's an argument passed in according to whatever convention LLVM picks.
+        
+        This is temporary in two ways - pretty soon the callFrameRegister will be the actual
+        frame pointer and not some other register, and LLVM will not pass the frame pointer
+        as an argument to IC's.
+
+        * bytecode/StructureStubInfo.h:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::cachedGetById):
+        (JSC::DFG::SpeculativeJIT::cachedPutById):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::cachedGetById):
+        (JSC::DFG::SpeculativeJIT::cachedPutById):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::fixFunctionBasedOnStackMaps):
+        * ftl/FTLInlineCacheSize.cpp:
+        (JSC::FTL::sizeOfGetById):
+        (JSC::FTL::sizeOfPutById):
+        * jit/CCallHelpers.h:
+        (JSC::CCallHelpers::setupArguments):
+        * jit/JITInlineCacheGenerator.cpp:
+        (JSC::JITByIdGenerator::JITByIdGenerator):
+        (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
+        * jit/JITInlineCacheGenerator.h:
+        (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        * jit/Repatch.cpp:
+        (JSC::tryBuildGetByIDList):
+        (JSC::emitPutTransitionStub):
+
</ins><span class="cx"> 2013-11-06  Daniel Bates  &lt;dabates@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         [iOS] Upstream Letterpress effect
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeStructureStubInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -225,6 +225,7 @@
</span><span class="cx"> 
</span><span class="cx">     struct {
</span><span class="cx">         int8_t registersFlushed;
</span><ins>+        int8_t callFrameRegister;
</ins><span class="cx">         int8_t baseGPR;
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx">         int8_t valueTagGPR;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -198,7 +198,7 @@
</span><span class="cx"> void SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
</span><span class="cx"> {
</span><span class="cx">     JITGetByIdGenerator gen(
</span><del>-        m_jit.codeBlock(), codeOrigin, usedRegisters(),
</del><ins>+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
</ins><span class="cx">         JSValueRegs(baseTagGPROrNone, basePayloadGPR),
</span><span class="cx">         JSValueRegs(resultTagGPR, resultPayloadGPR), spillMode != NeedToSpill);
</span><span class="cx">     
</span><span class="lines">@@ -232,9 +232,9 @@
</span><span class="cx">     writeBarrier(basePayloadGPR, valueTagGPR, valueUse, WriteBarrierForPropertyAccess, scratchGPR);
</span><span class="cx">     
</span><span class="cx">     JITPutByIdGenerator gen(
</span><del>-        m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs::payloadOnly(basePayloadGPR),
-        JSValueRegs(valueTagGPR, valuePayloadGPR), scratchGPR, false,
-        m_jit.ecmaModeFor(codeOrigin), putKind);
</del><ins>+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
+        JSValueRegs::payloadOnly(basePayloadGPR), JSValueRegs(valueTagGPR, valuePayloadGPR),
+        scratchGPR, false, m_jit.ecmaModeFor(codeOrigin), putKind);
</ins><span class="cx">     
</span><span class="cx">     gen.generateFastPath(m_jit);
</span><span class="cx">     
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -210,8 +210,8 @@
</span><span class="cx"> void SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg resultGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
</span><span class="cx"> {
</span><span class="cx">     JITGetByIdGenerator gen(
</span><del>-        m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs(baseGPR),
-        JSValueRegs(resultGPR), spillMode != NeedToSpill);
</del><ins>+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
+        JSValueRegs(baseGPR), JSValueRegs(resultGPR), spillMode != NeedToSpill);
</ins><span class="cx">     gen.generateFastPath(m_jit);
</span><span class="cx">     
</span><span class="cx">     JITCompiler::JumpList slowCases;
</span><span class="lines">@@ -232,8 +232,9 @@
</span><span class="cx">     writeBarrier(baseGPR, valueGPR, valueUse, WriteBarrierForPropertyAccess, scratchGPR);
</span><span class="cx"> 
</span><span class="cx">     JITPutByIdGenerator gen(
</span><del>-        m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs(baseGPR),
-        JSValueRegs(valueGPR), scratchGPR, false, m_jit.ecmaModeFor(codeOrigin), putKind);
</del><ins>+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
+        JSValueRegs(baseGPR), JSValueRegs(valueGPR), scratchGPR, false,
+        m_jit.ecmaModeFor(codeOrigin), putKind);
</ins><span class="cx">     gen.generateFastPath(m_jit);
</span><span class="cx">     
</span><span class="cx">     JITCompiler::JumpList slowCases;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -198,8 +198,8 @@
</span><span class="cx">             GPRReg result = GPRInfo::returnValueGPR;
</span><span class="cx">             
</span><span class="cx">             JITGetByIdGenerator gen(
</span><del>-                codeBlock, getById.codeOrigin(), usedRegisters, JSValueRegs(base),
-                JSValueRegs(result), false);
</del><ins>+                codeBlock, getById.codeOrigin(), usedRegisters, callFrameRegister,
+                JSValueRegs(base), JSValueRegs(result), false);
</ins><span class="cx">             
</span><span class="cx">             MacroAssembler::Label begin = slowPathJIT.label();
</span><span class="cx">             
</span><span class="lines">@@ -234,9 +234,9 @@
</span><span class="cx">             GPRReg value = GPRInfo::argumentGPR2;
</span><span class="cx">             
</span><span class="cx">             JITPutByIdGenerator gen(
</span><del>-                codeBlock, putById.codeOrigin(), usedRegisters, JSValueRegs(base),
-                JSValueRegs(value), GPRInfo::argumentGPR3, false, putById.ecmaMode(),
-                putById.putKind());
</del><ins>+                codeBlock, putById.codeOrigin(), usedRegisters, callFrameRegister,
+                JSValueRegs(base), JSValueRegs(value), GPRInfo::argumentGPR3, false,
+                putById.ecmaMode(), putById.putKind());
</ins><span class="cx">             
</span><span class="cx">             MacroAssembler::Label begin = slowPathJIT.label();
</span><span class="cx">             
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLInlineCacheSizecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -44,8 +44,8 @@
</span><span class="cx">     MacroAssembler jit;
</span><span class="cx">     
</span><span class="cx">     JITGetByIdGenerator generator(
</span><del>-        0, CodeOrigin(), RegisterSet(), JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7),
-        false);
</del><ins>+        0, CodeOrigin(), RegisterSet(), GPRInfo::callFrameRegister,
+        JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7), false);
</ins><span class="cx">     generator.generateFastPath(jit);
</span><span class="cx">     
</span><span class="cx">     return s_sizeOfGetById = jit.m_assembler.codeSize();
</span><span class="lines">@@ -59,8 +59,9 @@
</span><span class="cx">     MacroAssembler jit;
</span><span class="cx">     
</span><span class="cx">     JITPutByIdGenerator generator(
</span><del>-        0, CodeOrigin(), RegisterSet(), JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7),
-        GPRInfo::regT8, false, NotStrictMode, NotDirect);
</del><ins>+        0, CodeOrigin(), RegisterSet(), GPRInfo::callFrameRegister,
+        JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7), GPRInfo::regT8, false,
+        NotStrictMode, NotDirect);
</ins><span class="cx">     generator.generateFastPath(jit);
</span><span class="cx">     
</span><span class="cx">     return s_sizeOfPutById = jit.m_assembler.codeSize();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CCallHelpers.h (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CCallHelpers.h        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/jit/CCallHelpers.h        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -95,6 +95,44 @@
</span><span class="cx">         addCallArgument(arg2);
</span><span class="cx">     }
</span><span class="cx">     
</span><ins>+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, GPRReg arg3)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImmPtr arg4)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5, GPRReg arg6)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+        addCallArgument(arg6);
+    }
+    
</ins><span class="cx">     ALWAYS_INLINE void setupArguments(TrustedImmPtr arg1)
</span><span class="cx">     {
</span><span class="cx">         resetCallArguments();
</span><span class="lines">@@ -906,6 +944,25 @@
</span><span class="cx">         setupTwoStubArgsGPR&lt;GPRInfo::argumentGPR0, GPRInfo::argumentGPR1&gt;(arg1, arg2);
</span><span class="cx">     }
</span><span class="cx">     
</span><ins>+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, GPRReg arg3)
+    {
+        setupThreeStubArgsGPR&lt;GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, GPRInfo::argumentGPR2&gt;(arg1, arg2, arg3);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImmPtr arg4)
+    {
+        setupTwoStubArgsGPR&lt;GPRInfo::argumentGPR0, GPRInfo::argumentGPR1&gt;(arg1, arg2);
+        move(arg3, GPRInfo::argumentGPR2);
+        move(arg4, GPRInfo::argumentGPR3);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
+    {
+        setupThreeStubArgsGPR&lt;GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, GPRInfo::argumentGPR4&gt;(arg1, arg2, arg5);
+        move(arg3, GPRInfo::argumentGPR2);
+        move(arg4, GPRInfo::argumentGPR3);
+    }
+    
</ins><span class="cx">     ALWAYS_INLINE void setupArguments(GPRReg arg1, TrustedImmPtr arg2, GPRReg arg3, TrustedImmPtr arg4)
</span><span class="cx">     {
</span><span class="cx">         setupTwoStubArgsGPR&lt;GPRInfo::argumentGPR0, GPRInfo::argumentGPR2&gt;(arg1, arg3);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlineCacheGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -49,7 +49,7 @@
</span><span class="cx"> 
</span><span class="cx"> JITByIdGenerator::JITByIdGenerator(
</span><span class="cx">     CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet&amp; usedRegisters,
</span><del>-    JSValueRegs base, JSValueRegs value, bool registersFlushed)
</del><ins>+    GPRReg callFrameRegister, JSValueRegs base, JSValueRegs value, bool registersFlushed)
</ins><span class="cx">     : JITInlineCacheGenerator(codeBlock, codeOrigin)
</span><span class="cx">     , m_base(base)
</span><span class="cx">     , m_value(value)
</span><span class="lines">@@ -62,6 +62,7 @@
</span><span class="cx">     m_stubInfo-&gt;patch.usedRegisters.set(base);
</span><span class="cx">     m_stubInfo-&gt;patch.usedRegisters.set(value);
</span><span class="cx">     
</span><ins>+    m_stubInfo-&gt;patch.callFrameRegister = static_cast&lt;int8_t&gt;(callFrameRegister);
</ins><span class="cx">     m_stubInfo-&gt;patch.baseGPR = static_cast&lt;int8_t&gt;(base.payloadGPR());
</span><span class="cx">     m_stubInfo-&gt;patch.valueGPR = static_cast&lt;int8_t&gt;(value.payloadGPR());
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="lines">@@ -129,9 +130,11 @@
</span><span class="cx"> 
</span><span class="cx"> JITPutByIdGenerator::JITPutByIdGenerator(
</span><span class="cx">     CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet&amp; usedRegisters,
</span><del>-    JSValueRegs base, JSValueRegs value, GPRReg scratch, bool registersFlushed,
-    ECMAMode ecmaMode, PutKind putKind)
-    : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, registersFlushed)
</del><ins>+    GPRReg callFrameRegister, JSValueRegs base, JSValueRegs value, GPRReg scratch,
+    bool registersFlushed, ECMAMode ecmaMode, PutKind putKind)
+    : JITByIdGenerator(
+        codeBlock, codeOrigin, usedRegisters, callFrameRegister, base, value,
+        registersFlushed)
</ins><span class="cx">     , m_scratch(scratch)
</span><span class="cx">     , m_ecmaMode(ecmaMode)
</span><span class="cx">     , m_putKind(putKind)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlineCacheGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -56,8 +56,8 @@
</span><span class="cx">     JITByIdGenerator() { }
</span><span class="cx"> 
</span><span class="cx">     JITByIdGenerator(
</span><del>-        CodeBlock*, CodeOrigin, const RegisterSet&amp;, JSValueRegs base, JSValueRegs value,
-        bool registersFlushed);
</del><ins>+        CodeBlock*, CodeOrigin, const RegisterSet&amp;, GPRReg callFrameRegister,
+        JSValueRegs base, JSValueRegs value, bool registersFlushed);
</ins><span class="cx">     
</span><span class="cx"> public:
</span><span class="cx">     void reportSlowPathCall(MacroAssembler::Label slowPathBegin, MacroAssembler::Call call)
</span><span class="lines">@@ -96,8 +96,11 @@
</span><span class="cx"> 
</span><span class="cx">     JITGetByIdGenerator(
</span><span class="cx">         CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet&amp; usedRegisters,
</span><del>-        JSValueRegs base, JSValueRegs value, bool registersFlushed)
-        : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, registersFlushed)
</del><ins>+        GPRReg callFrameRegister, JSValueRegs base, JSValueRegs value,
+        bool registersFlushed)
+        : JITByIdGenerator(
+            codeBlock, codeOrigin, usedRegisters, callFrameRegister, base, value,
+            registersFlushed)
</ins><span class="cx">     {
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -109,8 +112,9 @@
</span><span class="cx">     JITPutByIdGenerator() { }
</span><span class="cx"> 
</span><span class="cx">     JITPutByIdGenerator(
</span><del>-        CodeBlock*, CodeOrigin, const RegisterSet&amp; usedRegisters, JSValueRegs base,
-        JSValueRegs value, GPRReg scratch, bool registersFlushed, ECMAMode, PutKind);
</del><ins>+        CodeBlock*, CodeOrigin, const RegisterSet&amp; usedRegisters, GPRReg callFrameRegister,
+        JSValueRegs base, JSValueRegs value, GPRReg scratch, bool registersFlushed,
+        ECMAMode, PutKind);
</ins><span class="cx">     
</span><span class="cx">     void generateFastPath(MacroAssembler&amp;);
</span><span class="cx">     
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -524,7 +524,7 @@
</span><span class="cx"> 
</span><span class="cx">     JITGetByIdGenerator gen(
</span><span class="cx">         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>-        JSValueRegs(regT0), JSValueRegs(regT0), true);
</del><ins>+        callFrameRegister, JSValueRegs(regT0), JSValueRegs(regT0), true);
</ins><span class="cx">     gen.generateFastPath(*this);
</span><span class="cx">     addSlowCase(gen.slowPathJump());
</span><span class="cx">     m_getByIds.append(gen);
</span><span class="lines">@@ -570,8 +570,8 @@
</span><span class="cx"> 
</span><span class="cx">     JITPutByIdGenerator gen(
</span><span class="cx">         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>-        JSValueRegs(regT0), JSValueRegs(regT1), regT2, true, m_codeBlock-&gt;ecmaMode(),
-        direct ? Direct : NotDirect);
</del><ins>+        callFrameRegister, JSValueRegs(regT0), JSValueRegs(regT1), regT2, true,
+        m_codeBlock-&gt;ecmaMode(), direct ? Direct : NotDirect);
</ins><span class="cx">     
</span><span class="cx">     gen.generateFastPath(*this);
</span><span class="cx">     addSlowCase(gen.slowPathJump());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -484,7 +484,7 @@
</span><span class="cx"> 
</span><span class="cx">     JITGetByIdGenerator gen(
</span><span class="cx">         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>-        JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), true);
</del><ins>+        callFrameRegister, JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), true);
</ins><span class="cx">     gen.generateFastPath(*this);
</span><span class="cx">     addSlowCase(gen.slowPathJump());
</span><span class="cx">     m_getByIds.append(gen);
</span><span class="lines">@@ -530,8 +530,8 @@
</span><span class="cx">     
</span><span class="cx">     JITPutByIdGenerator gen(
</span><span class="cx">         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>-        JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2), regT1, true,
-        m_codeBlock-&gt;ecmaMode(), direct ? Direct : NotDirect);
</del><ins>+        callFrameRegister, JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2),
+        regT1, true, m_codeBlock-&gt;ecmaMode(), direct ? Direct : NotDirect);
</ins><span class="cx">     
</span><span class="cx">     gen.generateFastPath(*this);
</span><span class="cx">     addSlowCase(gen.slowPathJump());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/Repatch.cpp (158819 => 158820)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/Repatch.cpp        2013-11-07 04:43:18 UTC (rev 158819)
+++ trunk/Source/JavaScriptCore/jit/Repatch.cpp        2013-11-07 05:05:03 UTC (rev 158820)
</span><span class="lines">@@ -460,6 +460,7 @@
</span><span class="cx">         
</span><span class="cx">         stubInfo.u.getByIdSelfList.listSize++;
</span><span class="cx">         
</span><ins>+        GPRReg callFrameRegister = static_cast&lt;GPRReg&gt;(stubInfo.patch.callFrameRegister);
</ins><span class="cx">         GPRReg baseGPR = static_cast&lt;GPRReg&gt;(stubInfo.patch.baseGPR);
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx">         GPRReg resultTagGPR = static_cast&lt;GPRReg&gt;(stubInfo.patch.valueTagGPR);
</span><span class="lines">@@ -500,11 +501,11 @@
</span><span class="cx">                     stubJit.load32(MacroAssembler::Address(scratchGPR, offsetRelativeToBase(slot.cachedOffset())), scratchGPR);
</span><span class="cx"> #endif
</span><span class="cx">                 }
</span><del>-                stubJit.setupArgumentsWithExecState(baseGPR, scratchGPR);
</del><ins>+                stubJit.setupArguments(callFrameRegister, baseGPR, scratchGPR);
</ins><span class="cx">                 operationFunction = operationCallGetter;
</span><span class="cx">             } else {
</span><del>-                stubJit.setupArgumentsWithExecState(
-                    baseGPR,
</del><ins>+                stubJit.setupArguments(
+                    callFrameRegister, baseGPR,
</ins><span class="cx">                     MacroAssembler::TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()),
</span><span class="cx">                     MacroAssembler::TrustedImmPtr(ident.impl()));
</span><span class="cx">                 operationFunction = operationCallCustomGetter;
</span><span class="lines">@@ -757,6 +758,7 @@
</span><span class="cx"> {
</span><span class="cx">     VM* vm = &amp;exec-&gt;vm();
</span><span class="cx"> 
</span><ins>+    GPRReg callFrameRegister = static_cast&lt;GPRReg&gt;(stubInfo.patch.callFrameRegister);
</ins><span class="cx">     GPRReg baseGPR = static_cast&lt;GPRReg&gt;(stubInfo.patch.baseGPR);
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx">     GPRReg valueTagGPR = static_cast&lt;GPRReg&gt;(stubInfo.patch.valueTagGPR);
</span><span class="lines">@@ -771,7 +773,7 @@
</span><span class="cx">     allocator.lock(valueGPR);
</span><span class="cx">     
</span><span class="cx">     CCallHelpers stubJit(vm);
</span><del>-            
</del><ins>+    
</ins><span class="cx">     GPRReg scratchGPR1 = allocator.allocateScratchGPR();
</span><span class="cx">     ASSERT(scratchGPR1 != baseGPR);
</span><span class="cx">     ASSERT(scratchGPR1 != valueGPR);
</span><span class="lines">@@ -913,9 +915,9 @@
</span><span class="cx">         ScratchBuffer* scratchBuffer = vm-&gt;scratchBufferForSize(allocator.desiredScratchBufferSize());
</span><span class="cx">         allocator.preserveUsedRegistersToScratchBuffer(stubJit, scratchBuffer, scratchGPR1);
</span><span class="cx"> #if USE(JSVALUE64)
</span><del>-        stubJit.setupArgumentsWithExecState(baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR);
</del><ins>+        stubJit.setupArguments(callFrameRegister, baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR);
</ins><span class="cx"> #else
</span><del>-        stubJit.setupArgumentsWithExecState(baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR, valueTagGPR);
</del><ins>+        stubJit.setupArguments(callFrameRegister, baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR, valueTagGPR);
</ins><span class="cx"> #endif
</span><span class="cx">         operationCall = stubJit.call();
</span><span class="cx">         allocator.restoreUsedRegistersFromScratchBuffer(stubJit, scratchBuffer, scratchGPR1);
</span></span></pre>
</div>
</div>

</body>
</html>