<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[203006] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/203006">203006</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2016-07-08 15:58:15 -0700 (Fri, 08 Jul 2016)</dd>
</dl>

<h3>Log Message</h3>
<pre>Move CallFrame header info from JSStack.h to CallFrame.h
https://bugs.webkit.org/show_bug.cgi?id=159549

Reviewed by Geoffrey Garen.

CallFrame.h is a much better location for CallFrame header info.

Replaced CallFrame::init() with ExecState::initGlobalExec() because normal
CallFrames are setup by a different mechanism now.  Only the globalExec is still
using it.  So, might as well change it to be specifically for the globalExec.

Removed the use of JSStack::containsAddress() in ExecState::initGlobalExec()
because it is not relevant to the globalExec.

Also removed some unused code: JSStack::gatherConservativeRoots() and
JSStack::sanitizeStack() is never called for JIT builds.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/VirtualRegister.h:
(JSC::VirtualRegister::isValid):
(JSC::VirtualRegister::isLocal):
(JSC::VirtualRegister::isArgument):
(JSC::VirtualRegister::isHeader):
(JSC::VirtualRegister::isConstant):
(JSC::VirtualRegister::toLocal):
(JSC::VirtualRegister::toArgument):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):
* bytecompiler/BytecodeGenerator.h:
(JSC::CallArguments::thisRegister):
(JSC::CallArguments::argumentRegister):
(JSC::CallArguments::stackOffset):
(JSC::CallArguments::argumentCountIncludingThis):
(JSC::CallArguments::argumentsNode):
(JSC::BytecodeGenerator::registerFor):
* bytecompiler/NodesCodegen.cpp:
(JSC::emitHomeObjectForCallee):
(JSC::emitGetSuperFunctionForConstruct):
(JSC::CallArguments::CallArguments):
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGArgumentsUtilities.cpp:
(JSC::DFG::argumentsInvolveStackSlot):
(JSC::DFG::emitCodeToGetArgumentsArrayLength):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
(JSC::DFG::ByteCodeParser::getArgumentCount):
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::isLiveInBytecode):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::forAllLocalsLiveInBytecode):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
* dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
(JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSRExitCompiler.cpp:
(JSC::DFG::OSRExitCompiler::emitRestoreArguments):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
* dfg/DFGOSRExitCompilerCommon.h:
(JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):
* dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitGetLength):
(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::emitGetArgumentStart):
(JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStackLayoutPhase.cpp:
(JSC::DFG::StackLayoutPhase::run):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileGetCallee):
(JSC::FTL::DFG::LowerDFGToB3::compileGetArgumentCountIncludingThis):
(JSC::FTL::DFG::LowerDFGToB3::compileGetScope):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileLogShadowChickenPrologue):
(JSC::FTL::DFG::LowerDFGToB3::getArgumentsLength):
(JSC::FTL::DFG::LowerDFGToB3::getCurrentCallee):
(JSC::FTL::DFG::LowerDFGToB3::getArgumentsStart):
(JSC::FTL::DFG::LowerDFGToB3::callPreflight):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLSlowPathCall.h:
(JSC::FTL::callOperation):
* interpreter/CallFrame.cpp:
(JSC::ExecState::initGlobalExec):
(JSC::CallFrame::callSiteBitsAreBytecodeOffset):
(JSC::CallFrame::callSiteAsRawBits):
(JSC::CallFrame::unsafeCallSiteAsRawBits):
(JSC::CallFrame::callSiteIndex):
(JSC::CallFrame::setCurrentVPC):
(JSC::CallFrame::callSiteBitsAsBytecodeOffset):
* interpreter/CallFrame.h:
(JSC::CallSiteIndex::CallSiteIndex):
(JSC::ExecState::calleeAsValue):
(JSC::ExecState::callee):
(JSC::ExecState::unsafeCallee):
(JSC::ExecState::codeBlock):
(JSC::ExecState::unsafeCodeBlock):
(JSC::ExecState::scope):
(JSC::ExecState::setCallerFrame):
(JSC::ExecState::setScope):
(JSC::ExecState::argumentCount):
(JSC::ExecState::argumentCountIncludingThis):
(JSC::ExecState::argumentOffset):
(JSC::ExecState::argumentOffsetIncludingThis):
(JSC::ExecState::offsetFor):
(JSC::ExecState::noCaller):
(JSC::ExecState::setArgumentCountIncludingThis):
(JSC::ExecState::setCallee):
(JSC::ExecState::setCodeBlock):
(JSC::ExecState::setReturnPC):
(JSC::ExecState::argIndexForRegister):
(JSC::ExecState::callerFrameAndPC):
(JSC::ExecState::unsafeCallerFrameAndPC):
(JSC::ExecState::init): Deleted.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters):
* interpreter/Interpreter.h:
(JSC::calleeFrameForVarargs):
* interpreter/JSStack.h:
(JSC::JSStack::containsAddress):
(JSC::JSStack::gatherConservativeRoots): Deleted.
(JSC::JSStack::sanitizeStack): Deleted.
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::jitAssertArgumentCountSane):
(JSC::AssemblyHelpers::emitRandomThunk):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::restoreReturnAddressBeforeReturn):
(JSC::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
(JSC::AssemblyHelpers::emitGetFromCallFrameHeader32):
(JSC::AssemblyHelpers::emitGetFromCallFrameHeader64):
(JSC::AssemblyHelpers::emitPutToCallFrameHeader):
(JSC::AssemblyHelpers::emitPutToCallFrameHeaderBeforePrologue):
(JSC::AssemblyHelpers::emitPutPayloadToCallFrameHeaderBeforePrologue):
(JSC::AssemblyHelpers::emitPutTagToCallFrameHeaderBeforePrologue):
(JSC::AssemblyHelpers::calleeFrameSlot):
* jit/CCallHelpers.cpp:
(JSC::CCallHelpers::logShadowChickenProloguePacket):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* jit/CallFrameShuffler.cpp:
(JSC::CallFrameShuffler::CallFrameShuffler):
(JSC::CallFrameShuffler::dump):
(JSC::CallFrameShuffler::extendFrameIfNeeded):
(JSC::CallFrameShuffler::prepareForSlowPath):
(JSC::CallFrameShuffler::prepareForTailCall):
(JSC::CallFrameShuffler::prepareAny):
* jit/CallFrameShuffler.h:
(JSC::CallFrameShuffler::snapshot):
(JSC::CallFrameShuffler::setCalleeJSValueRegs):
(JSC::CallFrameShuffler::assumeCalleeIsCell):
(JSC::CallFrameShuffler::numLocals):
(JSC::CallFrameShuffler::getOld):
(JSC::CallFrameShuffler::setOld):
(JSC::CallFrameShuffler::firstOld):
(JSC::CallFrameShuffler::lastOld):
(JSC::CallFrameShuffler::isValidOld):
(JSC::CallFrameShuffler::argCount):
(JSC::CallFrameShuffler::getNew):
* jit/JIT.cpp:
(JSC::JIT::compileWithoutLinking):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileSetupVarargsFrame):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileSetupVarargsFrame):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
* jit/JITInlines.h:
(JSC::JIT::getConstantOperand):
(JSC::JIT::emitPutIntToCallFrameHeader):
(JSC::JIT::updateTopCallFrame):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_argument_count):
(JSC::JIT::emit_op_get_rest_length):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_scope):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::emitJumpIfNotType):
(JSC::JSInterfaceJIT::emitGetFromCallFrameHeaderPtr):
(JSC::JSInterfaceJIT::emitPutToCallFrameHeader):
(JSC::JSInterfaceJIT::emitPutCellToCallFrameHeader):
* jit/SetupVarargsFrame.cpp:
(JSC::emitSetVarargsFrame):
(JSC::emitSetupVarargsFrameFastCase):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
(JSC::arityFixupGenerator):
(JSC::boundThisNoArgsFunctionCallGenerator):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::genericCall):
(JSC::LLInt::varargsSetup):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObject.h:
* runtime/StackAlignment.h:
(JSC::roundArgumentCountToAlignFrame):
(JSC::roundLocalRegisterCountForFramePointerOffset):
(JSC::logStackAlignmentRegisters):
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::updateTempStackHeightForCall):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePolymorphicAccesscpp">trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeVirtualRegisterh">trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerNodesCodegencpp">trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsEliminationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGArgumentsUtilitiescpp">trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphcpp">trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphh">trunk/Source/JavaScriptCore/dfg/DFGGraph.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGJITCompilercpp">trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGJITCompilerh">trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRAvailabilityAnalysisPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSREntrycpp">trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilercpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommonh">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPreciseLocalClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStackLayoutPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGThunkscpp">trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLinkcpp">trunk/Source/JavaScriptCore/ftl/FTLLink.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLOSRExitCompilercpp">trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLSlowPathCallh">trunk/Source/JavaScriptCore/ftl/FTLSlowPathCall.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterCallFramecpp">trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterCallFrameh">trunk/Source/JavaScriptCore/interpreter/CallFrame.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpretercpp">trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpreterh">trunk/Source/JavaScriptCore/interpreter/Interpreter.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterJSStackh">trunk/Source/JavaScriptCore/interpreter/JSStack.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitAssemblyHelperscpp">trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitAssemblyHelpersh">trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCCallHelperscpp">trunk/Source/JavaScriptCore/jit/CCallHelpers.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCCallHelpersh">trunk/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCallFrameShufflercpp">trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCallFrameShufflerh">trunk/Source/JavaScriptCore/jit/CallFrameShuffler.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITcpp">trunk/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITh">trunk/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCallcpp">trunk/Source/JavaScriptCore/jit/JITCall.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCall32_64cpp">trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlinesh">trunk/Source/JavaScriptCore/jit/JITInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodescpp">trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodes32_64cpp">trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJSInterfaceJITh">trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitSetupVarargsFramecpp">trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitSpecializedThunkJITh">trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitThunkGeneratorscpp">trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntDatacpp">trunk/Source/JavaScriptCore/llint/LLIntData.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntSlowPathscpp">trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeCommonSlowPathsh">trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjecth">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStackAlignmenth">trunk/Source/JavaScriptCore/runtime/StackAlignment.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWASMFunctionCompilerh">trunk/Source/JavaScriptCore/wasm/WASMFunctionCompiler.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWASMFunctionSyntaxCheckerh">trunk/Source/JavaScriptCore/wasm/WASMFunctionSyntaxChecker.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/ChangeLog        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -1,3 +1,257 @@
</span><ins>+2016-07-08  Mark Lam  &lt;mark.lam@apple.com&gt;
+
+        Move CallFrame header info from JSStack.h to CallFrame.h
+        https://bugs.webkit.org/show_bug.cgi?id=159549
+
+        Reviewed by Geoffrey Garen.
+
+        CallFrame.h is a much better location for CallFrame header info.
+
+        Replaced CallFrame::init() with ExecState::initGlobalExec() because normal
+        CallFrames are setup by a different mechanism now.  Only the globalExec is still
+        using it.  So, might as well change it to be specifically for the globalExec.
+
+        Removed the use of JSStack::containsAddress() in ExecState::initGlobalExec()
+        because it is not relevant to the globalExec.
+
+        Also removed some unused code: JSStack::gatherConservativeRoots() and
+        JSStack::sanitizeStack() is never called for JIT builds.
+
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::AccessCase::generateImpl):
+        * bytecode/VirtualRegister.h:
+        (JSC::VirtualRegister::isValid):
+        (JSC::VirtualRegister::isLocal):
+        (JSC::VirtualRegister::isArgument):
+        (JSC::VirtualRegister::isHeader):
+        (JSC::VirtualRegister::isConstant):
+        (JSC::VirtualRegister::toLocal):
+        (JSC::VirtualRegister::toArgument):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitCall):
+        (JSC::BytecodeGenerator::emitConstruct):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::CallArguments::thisRegister):
+        (JSC::CallArguments::argumentRegister):
+        (JSC::CallArguments::stackOffset):
+        (JSC::CallArguments::argumentCountIncludingThis):
+        (JSC::CallArguments::argumentsNode):
+        (JSC::BytecodeGenerator::registerFor):
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::emitHomeObjectForCallee):
+        (JSC::emitGetSuperFunctionForConstruct):
+        (JSC::CallArguments::CallArguments):
+        * dfg/DFGArgumentsEliminationPhase.cpp:
+        * dfg/DFGArgumentsUtilities.cpp:
+        (JSC::DFG::argumentsInvolveStackSlot):
+        (JSC::DFG::emitCodeToGetArgumentsArrayLength):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::get):
+        (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
+        (JSC::DFG::ByteCodeParser::flush):
+        (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
+        (JSC::DFG::ByteCodeParser::getArgumentCount):
+        (JSC::DFG::ByteCodeParser::inlineCall):
+        (JSC::DFG::ByteCodeParser::handleInlining):
+        (JSC::DFG::ByteCodeParser::handleGetById):
+        (JSC::DFG::ByteCodeParser::handlePutById):
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+        * dfg/DFGClobberize.h:
+        (JSC::DFG::clobberize):
+        * dfg/DFGGraph.cpp:
+        (JSC::DFG::Graph::isLiveInBytecode):
+        * dfg/DFGGraph.h:
+        (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileEntry):
+        (JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGJITCompiler.h:
+        (JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
+        * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
+        (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
+        * dfg/DFGOSREntry.cpp:
+        (JSC::DFG::prepareOSREntry):
+        * dfg/DFGOSRExitCompiler.cpp:
+        (JSC::DFG::OSRExitCompiler::emitRestoreArguments):
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        (JSC::DFG::reifyInlinedCallFrames):
+        * dfg/DFGOSRExitCompilerCommon.h:
+        (JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):
+        * dfg/DFGPreciseLocalClobberize.h:
+        (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::emitGetLength):
+        (JSC::DFG::SpeculativeJIT::emitGetCallee):
+        (JSC::DFG::SpeculativeJIT::emitGetArgumentStart):
+        (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGStackLayoutPhase.cpp:
+        (JSC::DFG::StackLayoutPhase::run):
+        * dfg/DFGThunks.cpp:
+        (JSC::DFG::osrEntryThunkGenerator):
+        * ftl/FTLLink.cpp:
+        (JSC::FTL::link):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::lower):
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetCallee):
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetArgumentCountIncludingThis):
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetScope):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
+        (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
+        (JSC::FTL::DFG::LowerDFGToB3::compileLogShadowChickenPrologue):
+        (JSC::FTL::DFG::LowerDFGToB3::getArgumentsLength):
+        (JSC::FTL::DFG::LowerDFGToB3::getCurrentCallee):
+        (JSC::FTL::DFG::LowerDFGToB3::getArgumentsStart):
+        (JSC::FTL::DFG::LowerDFGToB3::callPreflight):
+        * ftl/FTLOSRExitCompiler.cpp:
+        (JSC::FTL::compileStub):
+        * ftl/FTLSlowPathCall.h:
+        (JSC::FTL::callOperation):
+        * interpreter/CallFrame.cpp:
+        (JSC::ExecState::initGlobalExec):
+        (JSC::CallFrame::callSiteBitsAreBytecodeOffset):
+        (JSC::CallFrame::callSiteAsRawBits):
+        (JSC::CallFrame::unsafeCallSiteAsRawBits):
+        (JSC::CallFrame::callSiteIndex):
+        (JSC::CallFrame::setCurrentVPC):
+        (JSC::CallFrame::callSiteBitsAsBytecodeOffset):
+        * interpreter/CallFrame.h:
+        (JSC::CallSiteIndex::CallSiteIndex):
+        (JSC::ExecState::calleeAsValue):
+        (JSC::ExecState::callee):
+        (JSC::ExecState::unsafeCallee):
+        (JSC::ExecState::codeBlock):
+        (JSC::ExecState::unsafeCodeBlock):
+        (JSC::ExecState::scope):
+        (JSC::ExecState::setCallerFrame):
+        (JSC::ExecState::setScope):
+        (JSC::ExecState::argumentCount):
+        (JSC::ExecState::argumentCountIncludingThis):
+        (JSC::ExecState::argumentOffset):
+        (JSC::ExecState::argumentOffsetIncludingThis):
+        (JSC::ExecState::offsetFor):
+        (JSC::ExecState::noCaller):
+        (JSC::ExecState::setArgumentCountIncludingThis):
+        (JSC::ExecState::setCallee):
+        (JSC::ExecState::setCodeBlock):
+        (JSC::ExecState::setReturnPC):
+        (JSC::ExecState::argIndexForRegister):
+        (JSC::ExecState::callerFrameAndPC):
+        (JSC::ExecState::unsafeCallerFrameAndPC):
+        (JSC::ExecState::init): Deleted.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::dumpRegisters):
+        * interpreter/Interpreter.h:
+        (JSC::calleeFrameForVarargs):
+        * interpreter/JSStack.h:
+        (JSC::JSStack::containsAddress):
+        (JSC::JSStack::gatherConservativeRoots): Deleted.
+        (JSC::JSStack::sanitizeStack): Deleted.
+        * jit/AssemblyHelpers.cpp:
+        (JSC::AssemblyHelpers::jitAssertArgumentCountSane):
+        (JSC::AssemblyHelpers::emitRandomThunk):
+        * jit/AssemblyHelpers.h:
+        (JSC::AssemblyHelpers::restoreReturnAddressBeforeReturn):
+        (JSC::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
+        (JSC::AssemblyHelpers::emitGetFromCallFrameHeader32):
+        (JSC::AssemblyHelpers::emitGetFromCallFrameHeader64):
+        (JSC::AssemblyHelpers::emitPutToCallFrameHeader):
+        (JSC::AssemblyHelpers::emitPutToCallFrameHeaderBeforePrologue):
+        (JSC::AssemblyHelpers::emitPutPayloadToCallFrameHeaderBeforePrologue):
+        (JSC::AssemblyHelpers::emitPutTagToCallFrameHeaderBeforePrologue):
+        (JSC::AssemblyHelpers::calleeFrameSlot):
+        * jit/CCallHelpers.cpp:
+        (JSC::CCallHelpers::logShadowChickenProloguePacket):
+        * jit/CCallHelpers.h:
+        (JSC::CCallHelpers::prepareForTailCallSlow):
+        * jit/CallFrameShuffler.cpp:
+        (JSC::CallFrameShuffler::CallFrameShuffler):
+        (JSC::CallFrameShuffler::dump):
+        (JSC::CallFrameShuffler::extendFrameIfNeeded):
+        (JSC::CallFrameShuffler::prepareForSlowPath):
+        (JSC::CallFrameShuffler::prepareForTailCall):
+        (JSC::CallFrameShuffler::prepareAny):
+        * jit/CallFrameShuffler.h:
+        (JSC::CallFrameShuffler::snapshot):
+        (JSC::CallFrameShuffler::setCalleeJSValueRegs):
+        (JSC::CallFrameShuffler::assumeCalleeIsCell):
+        (JSC::CallFrameShuffler::numLocals):
+        (JSC::CallFrameShuffler::getOld):
+        (JSC::CallFrameShuffler::setOld):
+        (JSC::CallFrameShuffler::firstOld):
+        (JSC::CallFrameShuffler::lastOld):
+        (JSC::CallFrameShuffler::isValidOld):
+        (JSC::CallFrameShuffler::argCount):
+        (JSC::CallFrameShuffler::getNew):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileWithoutLinking):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileSetupVarargsFrame):
+        (JSC::JIT::compileCallEvalSlowCase):
+        (JSC::JIT::compileOpCall):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileSetupVarargsFrame):
+        (JSC::JIT::compileCallEvalSlowCase):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlines.h:
+        (JSC::JIT::getConstantOperand):
+        (JSC::JIT::emitPutIntToCallFrameHeader):
+        (JSC::JIT::updateTopCallFrame):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_get_scope):
+        (JSC::JIT::emit_op_argument_count):
+        (JSC::JIT::emit_op_get_rest_length):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::privateCompileCTINativeCall):
+        (JSC::JIT::emit_op_get_scope):
+        * jit/JSInterfaceJIT.h:
+        (JSC::JSInterfaceJIT::emitJumpIfNotType):
+        (JSC::JSInterfaceJIT::emitGetFromCallFrameHeaderPtr):
+        (JSC::JSInterfaceJIT::emitPutToCallFrameHeader):
+        (JSC::JSInterfaceJIT::emitPutCellToCallFrameHeader):
+        * jit/SetupVarargsFrame.cpp:
+        (JSC::emitSetVarargsFrame):
+        (JSC::emitSetupVarargsFrameFastCase):
+        * jit/SpecializedThunkJIT.h:
+        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+        * jit/ThunkGenerators.cpp:
+        (JSC::nativeForGenerator):
+        (JSC::arityFixupGenerator):
+        (JSC::boundThisNoArgsFunctionCallGenerator):
+        * llint/LLIntData.cpp:
+        (JSC::LLInt::Data::performAssertions):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::genericCall):
+        (JSC::LLInt::varargsSetup):
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * runtime/CommonSlowPaths.h:
+        (JSC::CommonSlowPaths::arityCheckFor):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * runtime/JSGlobalObject.h:
+        * runtime/StackAlignment.h:
+        (JSC::roundArgumentCountToAlignFrame):
+        (JSC::roundLocalRegisterCountForFramePointerOffset):
+        (JSC::logStackAlignmentRegisters):
+        * wasm/WASMFunctionCompiler.h:
+        (JSC::WASMFunctionCompiler::startFunction):
+        (JSC::WASMFunctionCompiler::endFunction):
+        (JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
+        (JSC::WASMFunctionCompiler::callAndUnboxResult):
+        * wasm/WASMFunctionSyntaxChecker.h:
+        (JSC::WASMFunctionSyntaxChecker::updateTempStackHeightForCall):
+
</ins><span class="cx"> 2016-07-08  Chris Dumez  &lt;cdumez@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         Object.defineProperty() should maintain existing getter / setter if not overridden in the new descriptor
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePolymorphicAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -947,7 +947,7 @@
</span><span class="cx"> 
</span><span class="cx">         jit.store32(
</span><span class="cx">             CCallHelpers::TrustedImm32(state.callSiteIndexForExceptionHandlingOrOriginal().bits()),
</span><del>-            CCallHelpers::tagFor(static_cast&lt;VirtualRegister&gt;(JSStack::ArgumentCount)));
</del><ins>+            CCallHelpers::tagFor(static_cast&lt;VirtualRegister&gt;(CallFrameSlot::argumentCount)));
</ins><span class="cx"> 
</span><span class="cx">         if (m_type == Getter || m_type == Setter) {
</span><span class="cx">             // Create a JS call using a JS call inline cache. Assume that:
</span><span class="lines">@@ -1002,7 +1002,7 @@
</span><span class="cx">             CCallHelpers::Jump returnUndefined = jit.branchTestPtr(
</span><span class="cx">                 CCallHelpers::Zero, loadedValueGPR);
</span><span class="cx"> 
</span><del>-            unsigned numberOfRegsForCall = JSStack::CallFrameHeaderSize + numberOfParameters;
</del><ins>+            unsigned numberOfRegsForCall = CallFrame::headerSizeInRegisters + numberOfParameters;
</ins><span class="cx"> 
</span><span class="cx">             unsigned numberOfBytesForCall =
</span><span class="cx">                 numberOfRegsForCall * sizeof(Register) - sizeof(CallerFrameAndPC);
</span><span class="lines">@@ -1020,10 +1020,10 @@
</span><span class="cx"> 
</span><span class="cx">             jit.store32(
</span><span class="cx">                 CCallHelpers::TrustedImm32(numberOfParameters),
</span><del>-                calleeFrame.withOffset(JSStack::ArgumentCount * sizeof(Register) + PayloadOffset));
</del><ins>+                calleeFrame.withOffset(CallFrameSlot::argumentCount * sizeof(Register) + PayloadOffset));
</ins><span class="cx"> 
</span><span class="cx">             jit.storeCell(
</span><del>-                loadedValueGPR, calleeFrame.withOffset(JSStack::Callee * sizeof(Register)));
</del><ins>+                loadedValueGPR, calleeFrame.withOffset(CallFrameSlot::callee * sizeof(Register)));
</ins><span class="cx"> 
</span><span class="cx">             jit.storeCell(
</span><span class="cx">                 baseForGetGPR,
</span><span class="lines">@@ -1260,7 +1260,7 @@
</span><span class="cx">                 jit.store32(
</span><span class="cx">                     CCallHelpers::TrustedImm32(
</span><span class="cx">                         state.callSiteIndexForExceptionHandlingOrOriginal().bits()),
</span><del>-                    CCallHelpers::tagFor(static_cast&lt;VirtualRegister&gt;(JSStack::ArgumentCount)));
</del><ins>+                    CCallHelpers::tagFor(static_cast&lt;VirtualRegister&gt;(CallFrameSlot::argumentCount)));
</ins><span class="cx">                 
</span><span class="cx">                 jit.makeSpaceOnStackForCCall();
</span><span class="cx">                 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeVirtualRegisterh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx">     bool isValid() const { return (m_virtualRegister != s_invalidVirtualRegister); }
</span><span class="cx">     bool isLocal() const { return operandIsLocal(m_virtualRegister); }
</span><span class="cx">     bool isArgument() const { return operandIsArgument(m_virtualRegister); }
</span><del>-    bool isHeader() const { return m_virtualRegister &gt;= 0 &amp;&amp; m_virtualRegister &lt; JSStack::ThisArgument; }
</del><ins>+    bool isHeader() const { return m_virtualRegister &gt;= 0 &amp;&amp; m_virtualRegister &lt; CallFrameSlot::thisArgument; }
</ins><span class="cx">     bool isConstant() const { return m_virtualRegister &gt;= s_firstConstantRegisterIndex; }
</span><span class="cx">     int toLocal() const { ASSERT(isLocal()); return operandToLocal(m_virtualRegister); }
</span><span class="cx">     int toArgument() const { ASSERT(isArgument()); return operandToArgument(m_virtualRegister); }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -306,7 +306,7 @@
</span><span class="cx"> 
</span><span class="cx">     allocateAndEmitScope();
</span><span class="cx"> 
</span><del>-    m_calleeRegister.setIndex(JSStack::Callee);
</del><ins>+    m_calleeRegister.setIndex(CallFrameSlot::callee);
</ins><span class="cx"> 
</span><span class="cx">     initializeParameters(parameters);
</span><span class="cx">     ASSERT(!(isSimpleParameterList &amp;&amp; m_restParameter));
</span><span class="lines">@@ -742,7 +742,7 @@
</span><span class="cx"> 
</span><span class="cx">     allocateAndEmitScope();
</span><span class="cx"> 
</span><del>-    m_calleeRegister.setIndex(JSStack::Callee);
</del><ins>+    m_calleeRegister.setIndex(CallFrameSlot::callee);
</ins><span class="cx"> 
</span><span class="cx">     m_codeBlock-&gt;setNumParameters(1); // Allocate space for &quot;this&quot;
</span><span class="cx"> 
</span><span class="lines">@@ -3130,8 +3130,8 @@
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     // Reserve space for call frame.
</span><del>-    Vector&lt;RefPtr&lt;RegisterID&gt;, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow&gt; callFrame;
-    for (int i = 0; i &lt; JSStack::CallFrameHeaderSize; ++i)
</del><ins>+    Vector&lt;RefPtr&lt;RegisterID&gt;, CallFrame::headerSizeInRegisters, UnsafeVectorOverflow&gt; callFrame;
+    for (int i = 0; i &lt; CallFrame::headerSizeInRegisters; ++i)
</ins><span class="cx">         callFrame.append(newTemporary());
</span><span class="cx"> 
</span><span class="cx">     emitExpressionInfo(divot, divotStart, divotEnd);
</span><span class="lines">@@ -3315,8 +3315,8 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Reserve space for call frame.
</span><del>-    Vector&lt;RefPtr&lt;RegisterID&gt;, JSStack::CallFrameHeaderSize, UnsafeVectorOverflow&gt; callFrame;
-    for (int i = 0; i &lt; JSStack::CallFrameHeaderSize; ++i)
</del><ins>+    Vector&lt;RefPtr&lt;RegisterID&gt;, CallFrame::headerSizeInRegisters, UnsafeVectorOverflow&gt; callFrame;
+    for (int i = 0; i &lt; CallFrame::headerSizeInRegisters; ++i)
</ins><span class="cx">         callFrame.append(newTemporary());
</span><span class="cx"> 
</span><span class="cx">     emitExpressionInfo(divot, divotStart, divotEnd);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx"> 
</span><span class="cx">         RegisterID* thisRegister() { return m_argv[0].get(); }
</span><span class="cx">         RegisterID* argumentRegister(unsigned i) { return m_argv[i + 1].get(); }
</span><del>-        unsigned stackOffset() { return -m_argv[0]-&gt;index() + JSStack::CallFrameHeaderSize; }
</del><ins>+        unsigned stackOffset() { return -m_argv[0]-&gt;index() + CallFrame::headerSizeInRegisters; }
</ins><span class="cx">         unsigned argumentCountIncludingThis() { return m_argv.size() - m_padding; }
</span><span class="cx">         ArgumentsNode* argumentsNode() { return m_argumentsNode; }
</span><span class="cx"> 
</span><span class="lines">@@ -809,7 +809,7 @@
</span><span class="cx">             if (reg.isLocal())
</span><span class="cx">                 return m_calleeLocals[reg.toLocal()];
</span><span class="cx"> 
</span><del>-            if (reg.offset() == JSStack::Callee)
</del><ins>+            if (reg.offset() == CallFrameSlot::callee)
</ins><span class="cx">                 return m_calleeRegister;
</span><span class="cx"> 
</span><span class="cx">             ASSERT(m_parameters.size());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerNodesCodegencpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -165,7 +165,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     RegisterID callee;
</span><del>-    callee.setIndex(JSStack::Callee);
</del><ins>+    callee.setIndex(CallFrameSlot::callee);
</ins><span class="cx">     return generator.emitGetById(generator.newTemporary(), &amp;callee, generator.propertyNames().builtinNames().homeObjectPrivateName());
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -181,7 +181,7 @@
</span><span class="cx">         return generator.emitGetById(generator.newTemporary(), generator.emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment(), generator.propertyNames().underscoreProto);
</span><span class="cx"> 
</span><span class="cx">     RegisterID callee;
</span><del>-    callee.setIndex(JSStack::Callee);
</del><ins>+    callee.setIndex(CallFrameSlot::callee);
</ins><span class="cx">     return generator.emitGetById(generator.newTemporary(), &amp;callee, generator.propertyNames().underscoreProto);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -724,7 +724,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // We need to ensure that the frame size is stack-aligned
</span><del>-    while ((JSStack::CallFrameHeaderSize + m_argv.size()) % stackAlignmentRegisters()) {
</del><ins>+    while ((CallFrame::headerSizeInRegisters + m_argv.size()) % stackAlignmentRegisters()) {
</ins><span class="cx">         m_argv.insert(0, generator.newTemporary());
</span><span class="cx">         m_padding++;
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsEliminationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -303,12 +303,12 @@
</span><span class="cx">                     if (InlineCallFrame* inlineCallFrame = candidate-&gt;origin.semantic.inlineCallFrame) {
</span><span class="cx">                         if (inlineCallFrame-&gt;isVarargs()) {
</span><span class="cx">                             isClobberedByBlock |= clobberedByThisBlock.operand(
</span><del>-                                inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount);
</del><ins>+                                inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount);
</ins><span class="cx">                         }
</span><span class="cx">                         
</span><span class="cx">                         if (!isClobberedByBlock || inlineCallFrame-&gt;isClosureCall) {
</span><span class="cx">                             isClobberedByBlock |= clobberedByThisBlock.operand(
</span><del>-                                inlineCallFrame-&gt;stackOffset + JSStack::Callee);
</del><ins>+                                inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee);
</ins><span class="cx">                         }
</span><span class="cx">                         
</span><span class="cx">                         if (!isClobberedByBlock) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGArgumentsUtilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGArgumentsUtilities.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -38,11 +38,11 @@
</span><span class="cx">         return (reg.isArgument() &amp;&amp; reg.toArgument()) || reg.isHeader();
</span><span class="cx">     
</span><span class="cx">     if (inlineCallFrame-&gt;isClosureCall
</span><del>-        &amp;&amp; reg == VirtualRegister(inlineCallFrame-&gt;stackOffset + JSStack::Callee))
</del><ins>+        &amp;&amp; reg == VirtualRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee))
</ins><span class="cx">         return true;
</span><span class="cx">     
</span><span class="cx">     if (inlineCallFrame-&gt;isVarargs()
</span><del>-        &amp;&amp; reg == VirtualRegister(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount))
</del><ins>+        &amp;&amp; reg == VirtualRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount))
</ins><span class="cx">         return true;
</span><span class="cx">     
</span><span class="cx">     unsigned numArguments = inlineCallFrame-&gt;arguments.size() - 1;
</span><span class="lines">@@ -78,7 +78,7 @@
</span><span class="cx">     if (!inlineCallFrame)
</span><span class="cx">         argumentCount = insertionSet.insertNode(nodeIndex, SpecInt32Only, GetArgumentCountIncludingThis, origin);
</span><span class="cx">     else {
</span><del>-        VirtualRegister argumentCountRegister(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount);
</del><ins>+        VirtualRegister argumentCountRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount);
</ins><span class="cx">         
</span><span class="cx">         argumentCount = insertionSet.insertNode(
</span><span class="cx">             nodeIndex, SpecInt32Only, GetStack, origin,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -331,10 +331,10 @@
</span><span class="cx">         if (inlineCallFrame()) {
</span><span class="cx">             if (!inlineCallFrame()-&gt;isClosureCall) {
</span><span class="cx">                 JSFunction* callee = inlineCallFrame()-&gt;calleeConstant();
</span><del>-                if (operand.offset() == JSStack::Callee)
</del><ins>+                if (operand.offset() == CallFrameSlot::callee)
</ins><span class="cx">                     return weakJSConstant(callee);
</span><span class="cx">             }
</span><del>-        } else if (operand.offset() == JSStack::Callee) {
</del><ins>+        } else if (operand.offset() == CallFrameSlot::callee) {
</ins><span class="cx">             // We have to do some constant-folding here because this enables CreateThis folding. Note
</span><span class="cx">             // that we don't have such watchpoint-based folding for inlined uses of Callee, since in that
</span><span class="cx">             // case if the function is a singleton then we already know it.
</span><span class="lines">@@ -542,7 +542,7 @@
</span><span class="cx">             InlineCallFrame* inlineCallFrame = stack-&gt;m_inlineCallFrame;
</span><span class="cx">             if (!inlineCallFrame)
</span><span class="cx">                 break;
</span><del>-            if (operand.offset() &lt; static_cast&lt;int&gt;(inlineCallFrame-&gt;stackOffset + JSStack::CallFrameHeaderSize))
</del><ins>+            if (operand.offset() &lt; static_cast&lt;int&gt;(inlineCallFrame-&gt;stackOffset + CallFrame::headerSizeInRegisters))
</ins><span class="cx">                 continue;
</span><span class="cx">             if (operand.offset() == inlineCallFrame-&gt;stackOffset + CallFrame::thisArgumentOffset())
</span><span class="cx">                 continue;
</span><span class="lines">@@ -597,9 +597,9 @@
</span><span class="cx">             ASSERT(!m_hasDebuggerEnabled);
</span><span class="cx">             numArguments = inlineCallFrame-&gt;arguments.size();
</span><span class="cx">             if (inlineCallFrame-&gt;isClosureCall)
</span><del>-                flushDirect(inlineStackEntry-&gt;remapOperand(VirtualRegister(JSStack::Callee)));
</del><ins>+                flushDirect(inlineStackEntry-&gt;remapOperand(VirtualRegister(CallFrameSlot::callee)));
</ins><span class="cx">             if (inlineCallFrame-&gt;isVarargs())
</span><del>-                flushDirect(inlineStackEntry-&gt;remapOperand(VirtualRegister(JSStack::ArgumentCount)));
</del><ins>+                flushDirect(inlineStackEntry-&gt;remapOperand(VirtualRegister(CallFrameSlot::argumentCount)));
</ins><span class="cx">         } else
</span><span class="cx">             numArguments = inlineStackEntry-&gt;m_codeBlock-&gt;numParameters();
</span><span class="cx">         for (unsigned argument = numArguments; argument-- &gt; 1;)
</span><span class="lines">@@ -766,9 +766,9 @@
</span><span class="cx">         OpInfo prediction)
</span><span class="cx">     {
</span><span class="cx">         addVarArgChild(callee);
</span><del>-        size_t frameSize = JSStack::CallFrameHeaderSize + argCount;
</del><ins>+        size_t frameSize = CallFrame::headerSizeInRegisters + argCount;
</ins><span class="cx">         size_t alignedFrameSize = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), frameSize);
</span><del>-        size_t parameterSlots = alignedFrameSize - JSStack::CallerFrameAndPCSize;
</del><ins>+        size_t parameterSlots = alignedFrameSize - CallerFrameAndPC::sizeInRegisters;
</ins><span class="cx"> 
</span><span class="cx">         if (parameterSlots &gt; m_parameterSlots)
</span><span class="cx">             m_parameterSlots = parameterSlots;
</span><span class="lines">@@ -1337,7 +1337,7 @@
</span><span class="cx">     Node* argumentCount;
</span><span class="cx">     if (m_inlineStackTop-&gt;m_inlineCallFrame) {
</span><span class="cx">         if (m_inlineStackTop-&gt;m_inlineCallFrame-&gt;isVarargs())
</span><del>-            argumentCount = get(VirtualRegister(JSStack::ArgumentCount));
</del><ins>+            argumentCount = get(VirtualRegister(CallFrameSlot::argumentCount));
</ins><span class="cx">         else
</span><span class="cx">             argumentCount = jsConstant(m_graph.freeze(jsNumber(m_inlineStackTop-&gt;m_inlineCallFrame-&gt;arguments.size()))-&gt;value());
</span><span class="cx">     } else
</span><span class="lines">@@ -1472,11 +1472,11 @@
</span><span class="cx"> 
</span><span class="cx">     // FIXME: Don't flush constants!
</span><span class="cx">     
</span><del>-    int inlineCallFrameStart = m_inlineStackTop-&gt;remapOperand(VirtualRegister(registerOffset)).offset() + JSStack::CallFrameHeaderSize;
</del><ins>+    int inlineCallFrameStart = m_inlineStackTop-&gt;remapOperand(VirtualRegister(registerOffset)).offset() + CallFrame::headerSizeInRegisters;
</ins><span class="cx">     
</span><span class="cx">     ensureLocals(
</span><span class="cx">         VirtualRegister(inlineCallFrameStart).toLocal() + 1 +
</span><del>-        JSStack::CallFrameHeaderSize + codeBlock-&gt;m_numCalleeLocals);
</del><ins>+        CallFrame::headerSizeInRegisters + codeBlock-&gt;m_numCalleeLocals);
</ins><span class="cx">     
</span><span class="cx">     size_t argumentPositionStart = m_graph.m_argumentPositions.size();
</span><span class="cx"> 
</span><span class="lines">@@ -1487,7 +1487,7 @@
</span><span class="cx">     VariableAccessData* calleeVariable = nullptr;
</span><span class="cx">     if (callee.isClosureCall()) {
</span><span class="cx">         Node* calleeSet = set(
</span><del>-            VirtualRegister(registerOffset + JSStack::Callee), callTargetNode, ImmediateNakedSet);
</del><ins>+            VirtualRegister(registerOffset + CallFrameSlot::callee), callTargetNode, ImmediateNakedSet);
</ins><span class="cx">         
</span><span class="cx">         calleeVariable = calleeSet-&gt;variableAccessData();
</span><span class="cx">         calleeVariable-&gt;mergeShouldNeverUnbox(true);
</span><span class="lines">@@ -1746,7 +1746,7 @@
</span><span class="cx">             
</span><span class="cx">             registerOffset = registerOffsetOrFirstFreeReg + 1;
</span><span class="cx">             registerOffset -= maxNumArguments; // includes &quot;this&quot;
</span><del>-            registerOffset -= JSStack::CallFrameHeaderSize;
</del><ins>+            registerOffset -= CallFrame::headerSizeInRegisters;
</ins><span class="cx">             registerOffset = -WTF::roundUpToMultipleOf(
</span><span class="cx">                 stackAlignmentRegisters(),
</span><span class="cx">                 -registerOffset);
</span><span class="lines">@@ -1766,13 +1766,13 @@
</span><span class="cx">                     
</span><span class="cx">                     ensureLocals(VirtualRegister(remappedRegisterOffset).toLocal());
</span><span class="cx">                     
</span><del>-                    int argumentStart = registerOffset + JSStack::CallFrameHeaderSize;
</del><ins>+                    int argumentStart = registerOffset + CallFrame::headerSizeInRegisters;
</ins><span class="cx">                     int remappedArgumentStart =
</span><span class="cx">                         m_inlineStackTop-&gt;remapOperand(VirtualRegister(argumentStart)).offset();
</span><span class="cx"> 
</span><span class="cx">                     LoadVarargsData* data = m_graph.m_loadVarargsData.add();
</span><span class="cx">                     data-&gt;start = VirtualRegister(remappedArgumentStart + 1);
</span><del>-                    data-&gt;count = VirtualRegister(remappedRegisterOffset + JSStack::ArgumentCount);
</del><ins>+                    data-&gt;count = VirtualRegister(remappedRegisterOffset + CallFrameSlot::argumentCount);
</ins><span class="cx">                     data-&gt;offset = argumentsOffset;
</span><span class="cx">                     data-&gt;limit = maxNumArguments;
</span><span class="cx">                     data-&gt;mandatoryMinimum = mandatoryMinimum;
</span><span class="lines">@@ -1793,7 +1793,7 @@
</span><span class="cx">                     // before SSA.
</span><span class="cx">             
</span><span class="cx">                     VariableAccessData* countVariable = newVariableAccessData(
</span><del>-                        VirtualRegister(remappedRegisterOffset + JSStack::ArgumentCount));
</del><ins>+                        VirtualRegister(remappedRegisterOffset + CallFrameSlot::argumentCount));
</ins><span class="cx">                     // This is pretty lame, but it will force the count to be flushed as an int. This doesn't
</span><span class="cx">                     // matter very much, since our use of a SetArgument and Flushes for this local slot is
</span><span class="cx">                     // mostly just a formality.
</span><span class="lines">@@ -1904,7 +1904,7 @@
</span><span class="cx">     // yet.
</span><span class="cx">     if (verbose)
</span><span class="cx">         dataLog(&quot;Register offset: &quot;, registerOffset);
</span><del>-    VirtualRegister calleeReg(registerOffset + JSStack::Callee);
</del><ins>+    VirtualRegister calleeReg(registerOffset + CallFrameSlot::callee);
</ins><span class="cx">     calleeReg = m_inlineStackTop-&gt;remapOperand(calleeReg);
</span><span class="cx">     if (verbose)
</span><span class="cx">         dataLog(&quot;Callee is going to be &quot;, calleeReg, &quot;\n&quot;);
</span><span class="lines">@@ -3271,7 +3271,7 @@
</span><span class="cx">     int registerOffset = virtualRegisterForLocal(
</span><span class="cx">         m_inlineStackTop-&gt;m_profiledBlock-&gt;m_numCalleeLocals - 1).offset();
</span><span class="cx">     registerOffset -= numberOfParameters;
</span><del>-    registerOffset -= JSStack::CallFrameHeaderSize;
</del><ins>+    registerOffset -= CallFrame::headerSizeInRegisters;
</ins><span class="cx">     
</span><span class="cx">     // Get the alignment right.
</span><span class="cx">     registerOffset = -WTF::roundUpToMultipleOf(
</span><span class="lines">@@ -3288,7 +3288,7 @@
</span><span class="cx">     //    the dreaded arguments object on the getter, the right things happen. Well, sort of -
</span><span class="cx">     //    since we only really care about 'this' in this case. But we're not going to take that
</span><span class="cx">     //    shortcut.
</span><del>-    int nextRegister = registerOffset + JSStack::CallFrameHeaderSize;
</del><ins>+    int nextRegister = registerOffset + CallFrame::headerSizeInRegisters;
</ins><span class="cx">     set(VirtualRegister(nextRegister++), base, ImmediateNakedSet);
</span><span class="cx"> 
</span><span class="cx">     // We've set some locals, but they are not user-visible. It's still OK to exit from here.
</span><span class="lines">@@ -3440,7 +3440,7 @@
</span><span class="cx">         int registerOffset = virtualRegisterForLocal(
</span><span class="cx">             m_inlineStackTop-&gt;m_profiledBlock-&gt;m_numCalleeLocals - 1).offset();
</span><span class="cx">         registerOffset -= numberOfParameters;
</span><del>-        registerOffset -= JSStack::CallFrameHeaderSize;
</del><ins>+        registerOffset -= CallFrame::headerSizeInRegisters;
</ins><span class="cx">     
</span><span class="cx">         // Get the alignment right.
</span><span class="cx">         registerOffset = -WTF::roundUpToMultipleOf(
</span><span class="lines">@@ -3451,7 +3451,7 @@
</span><span class="cx">             m_inlineStackTop-&gt;remapOperand(
</span><span class="cx">                 VirtualRegister(registerOffset)).toLocal());
</span><span class="cx">     
</span><del>-        int nextRegister = registerOffset + JSStack::CallFrameHeaderSize;
</del><ins>+        int nextRegister = registerOffset + CallFrame::headerSizeInRegisters;
</ins><span class="cx">         set(VirtualRegister(nextRegister++), base, ImmediateNakedSet);
</span><span class="cx">         set(VirtualRegister(nextRegister++), value, ImmediateNakedSet);
</span><span class="cx"> 
</span><span class="lines">@@ -4972,7 +4972,7 @@
</span><span class="cx">             // only helps for the first basic block. It's extremely important not to constant fold
</span><span class="cx">             // loads from the scope register later, as that would prevent the DFG from tracking the
</span><span class="cx">             // bytecode-level liveness of the scope register.
</span><del>-            Node* callee = get(VirtualRegister(JSStack::Callee));
</del><ins>+            Node* callee = get(VirtualRegister(CallFrameSlot::callee));
</ins><span class="cx">             Node* result;
</span><span class="cx">             if (JSFunction* function = callee-&gt;dynamicCastConstant&lt;JSFunction*&gt;())
</span><span class="cx">                 result = weakJSConstant(function-&gt;scope());
</span><span class="lines">@@ -5283,7 +5283,7 @@
</span><span class="cx">         // The owner is the machine code block, and we already have a barrier on that when the
</span><span class="cx">         // plan finishes.
</span><span class="cx">         m_inlineCallFrame-&gt;baselineCodeBlock.setWithoutWriteBarrier(codeBlock-&gt;baselineVersion());
</span><del>-        m_inlineCallFrame-&gt;setStackOffset(inlineCallFrameStart.offset() - JSStack::CallFrameHeaderSize);
</del><ins>+        m_inlineCallFrame-&gt;setStackOffset(inlineCallFrameStart.offset() - CallFrame::headerSizeInRegisters);
</ins><span class="cx">         if (callee) {
</span><span class="cx">             m_inlineCallFrame-&gt;calleeRecovery = ValueRecovery::constant(callee);
</span><span class="cx">             m_inlineCallFrame-&gt;isClosureCall = false;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGClobberize.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGClobberize.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGClobberize.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -113,9 +113,9 @@
</span><span class="cx">     // scan would read. That's what this does.
</span><span class="cx">     for (InlineCallFrame* inlineCallFrame = node-&gt;origin.semantic.inlineCallFrame; inlineCallFrame; inlineCallFrame = inlineCallFrame-&gt;directCaller.inlineCallFrame) {
</span><span class="cx">         if (inlineCallFrame-&gt;isClosureCall)
</span><del>-            read(AbstractHeap(Stack, inlineCallFrame-&gt;stackOffset + JSStack::Callee));
</del><ins>+            read(AbstractHeap(Stack, inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee));
</ins><span class="cx">         if (inlineCallFrame-&gt;isVarargs())
</span><del>-            read(AbstractHeap(Stack, inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount));
</del><ins>+            read(AbstractHeap(Stack, inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount));
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // We don't want to specifically account which nodes can read from the scope
</span><span class="lines">@@ -501,13 +501,13 @@
</span><span class="cx">         return;
</span><span class="cx">         
</span><span class="cx">     case GetCallee:
</span><del>-        read(AbstractHeap(Stack, JSStack::Callee));
-        def(HeapLocation(StackLoc, AbstractHeap(Stack, JSStack::Callee)), LazyNode(node));
</del><ins>+        read(AbstractHeap(Stack, CallFrameSlot::callee));
+        def(HeapLocation(StackLoc, AbstractHeap(Stack, CallFrameSlot::callee)), LazyNode(node));
</ins><span class="cx">         return;
</span><span class="cx">         
</span><span class="cx">     case GetArgumentCountIncludingThis:
</span><del>-        read(AbstractHeap(Stack, JSStack::ArgumentCount));
-        def(HeapLocation(StackPayloadLoc, AbstractHeap(Stack, JSStack::ArgumentCount)), LazyNode(node));
</del><ins>+        read(AbstractHeap(Stack, CallFrameSlot::argumentCount));
+        def(HeapLocation(StackPayloadLoc, AbstractHeap(Stack, CallFrameSlot::argumentCount)), LazyNode(node));
</ins><span class="cx">         return;
</span><span class="cx"> 
</span><span class="cx">     case GetRestLength:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -1012,12 +1012,12 @@
</span><span class="cx">         if (verbose)
</span><span class="cx">             dataLog(&quot;reg = &quot;, reg, &quot;\n&quot;);
</span><span class="cx">         
</span><del>-        if (operand.offset() &lt; codeOriginPtr-&gt;stackOffset() + JSStack::CallFrameHeaderSize) {
</del><ins>+        if (operand.offset() &lt; codeOriginPtr-&gt;stackOffset() + CallFrame::headerSizeInRegisters) {
</ins><span class="cx">             if (reg.isArgument()) {
</span><del>-                RELEASE_ASSERT(reg.offset() &lt; JSStack::CallFrameHeaderSize);
</del><ins>+                RELEASE_ASSERT(reg.offset() &lt; CallFrame::headerSizeInRegisters);
</ins><span class="cx">                 
</span><span class="cx">                 if (codeOriginPtr-&gt;inlineCallFrame-&gt;isClosureCall
</span><del>-                    &amp;&amp; reg.offset() == JSStack::Callee) {
</del><ins>+                    &amp;&amp; reg.offset() == CallFrameSlot::callee) {
</ins><span class="cx">                     if (verbose)
</span><span class="cx">                         dataLog(&quot;Looks like a callee.\n&quot;);
</span><span class="cx">                     return true;
</span><span class="lines">@@ -1024,7 +1024,7 @@
</span><span class="cx">                 }
</span><span class="cx">                 
</span><span class="cx">                 if (codeOriginPtr-&gt;inlineCallFrame-&gt;isVarargs()
</span><del>-                    &amp;&amp; reg.offset() == JSStack::ArgumentCount) {
</del><ins>+                    &amp;&amp; reg.offset() == CallFrameSlot::argumentCount) {
</ins><span class="cx">                     if (verbose)
</span><span class="cx">                         dataLog(&quot;Looks like the argument count.\n&quot;);
</span><span class="cx">                     return true;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -709,9 +709,9 @@
</span><span class="cx">             
</span><span class="cx">             if (inlineCallFrame) {
</span><span class="cx">                 if (inlineCallFrame-&gt;isClosureCall)
</span><del>-                    functor(stackOffset + JSStack::Callee);
</del><ins>+                    functor(stackOffset + CallFrameSlot::callee);
</ins><span class="cx">                 if (inlineCallFrame-&gt;isVarargs())
</span><del>-                    functor(stackOffset + JSStack::ArgumentCount);
</del><ins>+                    functor(stackOffset + CallFrameSlot::argumentCount);
</ins><span class="cx">             }
</span><span class="cx">             
</span><span class="cx">             CodeBlock* codeBlock = baselineCodeBlockFor(inlineCallFrame);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGJITCompilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -108,7 +108,7 @@
</span><span class="cx">     // check) which will be dependent on stack layout. (We'd need to account for this in
</span><span class="cx">     // both normal return code and when jumping to an exception handler).
</span><span class="cx">     emitFunctionPrologue();
</span><del>-    emitPutToCallFrameHeader(m_codeBlock, JSStack::CodeBlock);
</del><ins>+    emitPutToCallFrameHeader(m_codeBlock, CallFrameSlot::codeBlock);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void JITCompiler::compileSetupRegistersForEntry()
</span><span class="lines">@@ -443,7 +443,7 @@
</span><span class="cx">     m_arityCheck = label();
</span><span class="cx">     compileEntry();
</span><span class="cx"> 
</span><del>-    load32(AssemblyHelpers::payloadFor((VirtualRegister)JSStack::ArgumentCount), GPRInfo::regT1);
</del><ins>+    load32(AssemblyHelpers::payloadFor((VirtualRegister)CallFrameSlot::argumentCount), GPRInfo::regT1);
</ins><span class="cx">     branch32(AboveOrEqual, GPRInfo::regT1, TrustedImm32(m_codeBlock-&gt;numParameters())).linkTo(fromArityCheck, this);
</span><span class="cx">     emitStoreCodeOrigin(CodeOrigin(0));
</span><span class="cx">     if (maxFrameExtentForSlowPathCall)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGJITCompilerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -156,7 +156,7 @@
</span><span class="cx"> 
</span><span class="cx">     void emitStoreCallSiteIndex(CallSiteIndex callSite)
</span><span class="cx">     {
</span><del>-        store32(TrustedImm32(callSite.bits()), tagFor(static_cast&lt;VirtualRegister&gt;(JSStack::ArgumentCount)));
</del><ins>+        store32(TrustedImm32(callSite.bits()), tagFor(static_cast&lt;VirtualRegister&gt;(CallFrameSlot::argumentCount)));
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Add a call out from JIT code, without an exception check.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRAvailabilityAnalysisPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRAvailabilityAnalysisPhase.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -177,7 +177,7 @@
</span><span class="cx">         if (inlineCallFrame-&gt;isVarargs()) {
</span><span class="cx">             // Record how to read each argument and the argument count.
</span><span class="cx">             Availability argumentCount =
</span><del>-                m_availability.m_locals.operand(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount);
</del><ins>+                m_availability.m_locals.operand(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount);
</ins><span class="cx">             
</span><span class="cx">             m_availability.m_heap.set(PromotedHeapLocation(ArgumentCountPLoc, node), argumentCount);
</span><span class="cx">         }
</span><span class="lines">@@ -184,7 +184,7 @@
</span><span class="cx">         
</span><span class="cx">         if (inlineCallFrame-&gt;isClosureCall) {
</span><span class="cx">             Availability callee = m_availability.m_locals.operand(
</span><del>-                inlineCallFrame-&gt;stackOffset + JSStack::Callee);
</del><ins>+                inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee);
</ins><span class="cx">             m_availability.m_heap.set(PromotedHeapLocation(ArgumentsCalleePLoc, node), callee);
</span><span class="cx">         }
</span><span class="cx">         
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSREntrycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -264,7 +264,7 @@
</span><span class="cx">     unsigned baselineFrameSize = entry-&gt;m_expectedValues.numberOfLocals();
</span><span class="cx">     unsigned maxFrameSize = std::max(frameSize, baselineFrameSize);
</span><span class="cx"> 
</span><del>-    Register* scratch = bitwise_cast&lt;Register*&gt;(vm-&gt;scratchBufferForSize(sizeof(Register) * (2 + JSStack::CallFrameHeaderSize + maxFrameSize))-&gt;dataBuffer());
</del><ins>+    Register* scratch = bitwise_cast&lt;Register*&gt;(vm-&gt;scratchBufferForSize(sizeof(Register) * (2 + CallFrame::headerSizeInRegisters + maxFrameSize))-&gt;dataBuffer());
</ins><span class="cx">     
</span><span class="cx">     *bitwise_cast&lt;size_t*&gt;(scratch + 0) = frameSize;
</span><span class="cx">     
</span><span class="lines">@@ -274,9 +274,9 @@
</span><span class="cx">     RELEASE_ASSERT(targetPC);
</span><span class="cx">     *bitwise_cast&lt;void**&gt;(scratch + 1) = targetPC;
</span><span class="cx">     
</span><del>-    Register* pivot = scratch + 2 + JSStack::CallFrameHeaderSize;
</del><ins>+    Register* pivot = scratch + 2 + CallFrame::headerSizeInRegisters;
</ins><span class="cx">     
</span><del>-    for (int index = -JSStack::CallFrameHeaderSize; index &lt; static_cast&lt;int&gt;(baselineFrameSize); ++index) {
</del><ins>+    for (int index = -CallFrame::headerSizeInRegisters; index &lt; static_cast&lt;int&gt;(baselineFrameSize); ++index) {
</ins><span class="cx">         VirtualRegister reg(-1 - index);
</span><span class="cx">         
</span><span class="cx">         if (reg.isLocal()) {
</span><span class="lines">@@ -329,7 +329,7 @@
</span><span class="cx">     
</span><span class="cx">     // 7) Fix the call frame to have the right code block.
</span><span class="cx">     
</span><del>-    *bitwise_cast&lt;CodeBlock**&gt;(pivot - 1 - JSStack::CodeBlock) = codeBlock;
</del><ins>+    *bitwise_cast&lt;CodeBlock**&gt;(pivot - 1 - CallFrameSlot::codeBlock) = codeBlock;
</ins><span class="cx">     
</span><span class="cx">     if (Options::verboseOSR())
</span><span class="cx">         dataLogF(&quot;    OSR returning data buffer %p.\n&quot;, scratch);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -70,7 +70,7 @@
</span><span class="cx">         
</span><span class="cx">         if (!inlineCallFrame || inlineCallFrame-&gt;isClosureCall) {
</span><span class="cx">             m_jit.loadPtr(
</span><del>-                AssemblyHelpers::addressFor(stackOffset + JSStack::Callee),
</del><ins>+                AssemblyHelpers::addressFor(stackOffset + CallFrameSlot::callee),
</ins><span class="cx">                 GPRInfo::regT0);
</span><span class="cx">         } else {
</span><span class="cx">             m_jit.move(
</span><span class="lines">@@ -80,7 +80,7 @@
</span><span class="cx">         
</span><span class="cx">         if (!inlineCallFrame || inlineCallFrame-&gt;isVarargs()) {
</span><span class="cx">             m_jit.load32(
</span><del>-                AssemblyHelpers::payloadFor(stackOffset + JSStack::ArgumentCount),
</del><ins>+                AssemblyHelpers::payloadFor(stackOffset + CallFrameSlot::argumentCount),
</ins><span class="cx">                 GPRInfo::regT1);
</span><span class="cx">         } else {
</span><span class="cx">             m_jit.move(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -144,7 +144,7 @@
</span><span class="cx">     // in presence of inlined tail calls.
</span><span class="cx">     // https://bugs.webkit.org/show_bug.cgi?id=147511
</span><span class="cx">     ASSERT(jit.baselineCodeBlock()-&gt;jitType() == JITCode::BaselineJIT);
</span><del>-    jit.storePtr(AssemblyHelpers::TrustedImmPtr(jit.baselineCodeBlock()), AssemblyHelpers::addressFor((VirtualRegister)JSStack::CodeBlock));
</del><ins>+    jit.storePtr(AssemblyHelpers::TrustedImmPtr(jit.baselineCodeBlock()), AssemblyHelpers::addressFor((VirtualRegister)CallFrameSlot::codeBlock));
</ins><span class="cx"> 
</span><span class="cx">     const CodeOrigin* codeOrigin;
</span><span class="cx">     for (codeOrigin = &amp;exit.m_codeOrigin; codeOrigin &amp;&amp; codeOrigin-&gt;inlineCallFrame; codeOrigin = codeOrigin-&gt;inlineCallFrame-&gt;getCallerSkippingTailCalls()) {
</span><span class="lines">@@ -205,7 +205,7 @@
</span><span class="cx">             jit.storePtr(AssemblyHelpers::TrustedImmPtr(jumpTarget), AssemblyHelpers::addressForByteOffset(inlineCallFrame-&gt;returnPCOffset()));
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        jit.storePtr(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::CodeBlock)));
</del><ins>+        jit.storePtr(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::codeBlock)));
</ins><span class="cx"> 
</span><span class="cx">         // Restore the inline call frame's callee save registers.
</span><span class="cx">         // If this inlined frame is a tail call that will return back to the original caller, we need to
</span><span class="lines">@@ -217,21 +217,21 @@
</span><span class="cx">             GPRInfo::regT2);
</span><span class="cx"> 
</span><span class="cx">         if (!inlineCallFrame-&gt;isVarargs())
</span><del>-            jit.store32(AssemblyHelpers::TrustedImm32(inlineCallFrame-&gt;arguments.size()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount)));
</del><ins>+            jit.store32(AssemblyHelpers::TrustedImm32(inlineCallFrame-&gt;arguments.size()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount)));
</ins><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx">         jit.store64(callerFrameGPR, AssemblyHelpers::addressForByteOffset(inlineCallFrame-&gt;callerFrameOffset()));
</span><span class="cx">         uint32_t locationBits = CallSiteIndex(codeOrigin-&gt;bytecodeIndex).bits();
</span><del>-        jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount)));
</del><ins>+        jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount)));
</ins><span class="cx">         if (!inlineCallFrame-&gt;isClosureCall)
</span><del>-            jit.store64(AssemblyHelpers::TrustedImm64(JSValue::encode(JSValue(inlineCallFrame-&gt;calleeConstant()))), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::Callee)));
</del><ins>+            jit.store64(AssemblyHelpers::TrustedImm64(JSValue::encode(JSValue(inlineCallFrame-&gt;calleeConstant()))), AssemblyHelpers::addressFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee)));
</ins><span class="cx"> #else // USE(JSVALUE64) // so this is the 32-bit part
</span><span class="cx">         jit.storePtr(callerFrameGPR, AssemblyHelpers::addressForByteOffset(inlineCallFrame-&gt;callerFrameOffset()));
</span><span class="cx">         Instruction* instruction = baselineCodeBlock-&gt;instructions().begin() + codeOrigin-&gt;bytecodeIndex;
</span><span class="cx">         uint32_t locationBits = CallSiteIndex(instruction).bits();
</span><del>-        jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount)));
-        jit.store32(AssemblyHelpers::TrustedImm32(JSValue::CellTag), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::Callee)));
</del><ins>+        jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount)));
+        jit.store32(AssemblyHelpers::TrustedImm32(JSValue::CellTag), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee)));
</ins><span class="cx">         if (!inlineCallFrame-&gt;isClosureCall)
</span><del>-            jit.storePtr(AssemblyHelpers::TrustedImmPtr(inlineCallFrame-&gt;calleeConstant()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + JSStack::Callee)));
</del><ins>+            jit.storePtr(AssemblyHelpers::TrustedImmPtr(inlineCallFrame-&gt;calleeConstant()), AssemblyHelpers::payloadFor((VirtualRegister)(inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee)));
</ins><span class="cx"> #endif // USE(JSVALUE64) // ending the #else part, so directly above is the 32-bit part
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -243,7 +243,7 @@
</span><span class="cx">         Instruction* instruction = jit.baselineCodeBlock()-&gt;instructions().begin() + codeOrigin-&gt;bytecodeIndex;
</span><span class="cx">         uint32_t locationBits = CallSiteIndex(instruction).bits();
</span><span class="cx"> #endif
</span><del>-        jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(JSStack::ArgumentCount)));
</del><ins>+        jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(CallFrameSlot::argumentCount)));
</ins><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommonh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -86,7 +86,7 @@
</span><span class="cx">     jit.move(GPRInfo::regT0, GPRInfo::callFrameRegister);
</span><span class="cx">     didNotHaveException.link(&amp;jit);
</span><span class="cx">     // We need to make sure SP is correct in case of an exception.
</span><del>-    jit.loadPtr(MacroAssembler::Address(GPRInfo::callFrameRegister, JSStack::CodeBlock * static_cast&lt;int&gt;(sizeof(Register))), GPRInfo::regT0);
</del><ins>+    jit.loadPtr(MacroAssembler::Address(GPRInfo::callFrameRegister, CallFrameSlot::codeBlock * static_cast&lt;int&gt;(sizeof(Register))), GPRInfo::regT0);
</ins><span class="cx">     jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, CodeBlock::jitCodeOffset()), GPRInfo::regT0);
</span><span class="cx">     jit.addPtr(MacroAssembler::TrustedImm32(JITCodeType::commonDataOffset()), GPRInfo::regT0);
</span><span class="cx">     jit.load32(MacroAssembler::Address(GPRInfo::regT0, CommonData::frameRegisterCountOffset()), GPRInfo::regT0);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPreciseLocalClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -125,7 +125,7 @@
</span><span class="cx">                 // Read the outermost arguments and argument count.
</span><span class="cx">                 for (unsigned i = m_graph.m_codeBlock-&gt;numParameters(); i-- &gt; 1;)
</span><span class="cx">                     m_read(virtualRegisterForArgument(i));
</span><del>-                m_read(VirtualRegister(JSStack::ArgumentCount));
</del><ins>+                m_read(VirtualRegister(CallFrameSlot::argumentCount));
</ins><span class="cx">                 break;
</span><span class="cx">             }
</span><span class="cx">             
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx">             for (unsigned i = inlineCallFrame-&gt;arguments.size(); i-- &gt; 1;)
</span><span class="cx">                 m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + virtualRegisterForArgument(i).offset()));
</span><span class="cx">             if (inlineCallFrame-&gt;isVarargs())
</span><del>-                m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount));
</del><ins>+                m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount));
</ins><span class="cx">             break;
</span><span class="cx">         }
</span><span class="cx">             
</span><span class="lines">@@ -142,7 +142,7 @@
</span><span class="cx">                 m_read(virtualRegisterForArgument(i));
</span><span class="cx">         
</span><span class="cx">             // The stack header is read.
</span><del>-            for (unsigned i = 0; i &lt; JSStack::ThisArgument; ++i)
</del><ins>+            for (unsigned i = 0; i &lt; CallFrameSlot::thisArgument; ++i)
</ins><span class="cx">                 m_read(VirtualRegister(i));
</span><span class="cx">         
</span><span class="cx">             // Read all of the inline arguments and call frame headers that we didn't already capture.
</span><span class="lines">@@ -150,9 +150,9 @@
</span><span class="cx">                 for (unsigned i = inlineCallFrame-&gt;arguments.size(); i-- &gt; 1;)
</span><span class="cx">                     m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + virtualRegisterForArgument(i).offset()));
</span><span class="cx">                 if (inlineCallFrame-&gt;isClosureCall)
</span><del>-                    m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + JSStack::Callee));
</del><ins>+                    m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::callee));
</ins><span class="cx">                 if (inlineCallFrame-&gt;isVarargs())
</span><del>-                    m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount));
</del><ins>+                    m_read(VirtualRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount));
</ins><span class="cx">             }
</span><span class="cx">             break;
</span><span class="cx">         } }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -152,7 +152,7 @@
</span><span class="cx">     else {
</span><span class="cx">         VirtualRegister argumentCountRegister;
</span><span class="cx">         if (!inlineCallFrame)
</span><del>-            argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
</del><ins>+            argumentCountRegister = VirtualRegister(CallFrameSlot::argumentCount);
</ins><span class="cx">         else
</span><span class="cx">             argumentCountRegister = inlineCallFrame-&gt;argumentCountRegister;
</span><span class="cx">         m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), lengthGPR);
</span><span class="lines">@@ -179,7 +179,7 @@
</span><span class="cx">                 calleeGPR);
</span><span class="cx">         }
</span><span class="cx">     } else
</span><del>-        m_jit.loadPtr(JITCompiler::addressFor(JSStack::Callee), calleeGPR);
</del><ins>+        m_jit.loadPtr(JITCompiler::addressFor(CallFrameSlot::callee), calleeGPR);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void SpeculativeJIT::emitGetArgumentStart(CodeOrigin origin, GPRReg startGPR)
</span><span class="lines">@@ -6217,7 +6217,7 @@
</span><span class="cx"> 
</span><span class="cx">         VirtualRegister argumentCountRegister;
</span><span class="cx">         if (!node-&gt;origin.semantic.inlineCallFrame)
</span><del>-            argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
</del><ins>+            argumentCountRegister = VirtualRegister(CallFrameSlot::argumentCount);
</ins><span class="cx">         else
</span><span class="cx">             argumentCountRegister = node-&gt;origin.semantic.inlineCallFrame-&gt;argumentCountRegister;
</span><span class="cx">         m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), lengthGPR);
</span><span class="lines">@@ -6292,7 +6292,7 @@
</span><span class="cx">                 scratch1GPR);
</span><span class="cx">         }
</span><span class="cx">     } else
</span><del>-        m_jit.loadPtr(JITCompiler::addressFor(JSStack::Callee), scratch1GPR);
</del><ins>+        m_jit.loadPtr(JITCompiler::addressFor(CallFrameSlot::callee), scratch1GPR);
</ins><span class="cx"> 
</span><span class="cx">     // Don't need a memory barriers since we just fast-created the activation, so the
</span><span class="cx">     // activation must be young.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -835,7 +835,7 @@
</span><span class="cx">                 shuffleData.args[i] = info.recovery(argEdge-&gt;virtualRegister());
</span><span class="cx">             }
</span><span class="cx">         } else {
</span><del>-            m_jit.store32(MacroAssembler::TrustedImm32(numPassedArgs), m_jit.calleeFramePayloadSlot(JSStack::ArgumentCount));
</del><ins>+            m_jit.store32(MacroAssembler::TrustedImm32(numPassedArgs), m_jit.calleeFramePayloadSlot(CallFrameSlot::argumentCount));
</ins><span class="cx">         
</span><span class="cx">             for (int i = 0; i &lt; numPassedArgs; i++) {
</span><span class="cx">                 Edge argEdge = m_jit.graph().m_varArgChildren[node-&gt;firstChild() + 1 + i];
</span><span class="lines">@@ -855,8 +855,8 @@
</span><span class="cx">         calleeTagGPR = callee.tagGPR();
</span><span class="cx">         calleePayloadGPR = callee.payloadGPR();
</span><span class="cx">         use(calleeEdge);
</span><del>-        m_jit.store32(calleePayloadGPR, m_jit.calleeFramePayloadSlot(JSStack::Callee));
-        m_jit.store32(calleeTagGPR, m_jit.calleeFrameTagSlot(JSStack::Callee));
</del><ins>+        m_jit.store32(calleePayloadGPR, m_jit.calleeFramePayloadSlot(CallFrameSlot::callee));
+        m_jit.store32(calleeTagGPR, m_jit.calleeFrameTagSlot(CallFrameSlot::callee));
</ins><span class="cx"> 
</span><span class="cx">         if (!isTail)
</span><span class="cx">             flushRegisters();
</span><span class="lines">@@ -4116,7 +4116,7 @@
</span><span class="cx"> 
</span><span class="cx">     case GetCallee: {
</span><span class="cx">         GPRTemporary result(this);
</span><del>-        m_jit.loadPtr(JITCompiler::payloadFor(JSStack::Callee), result.gpr());
</del><ins>+        m_jit.loadPtr(JITCompiler::payloadFor(CallFrameSlot::callee), result.gpr());
</ins><span class="cx">         cellResult(result.gpr(), node);
</span><span class="cx">         break;
</span><span class="cx">     }
</span><span class="lines">@@ -4123,7 +4123,7 @@
</span><span class="cx">         
</span><span class="cx">     case GetArgumentCountIncludingThis: {
</span><span class="cx">         GPRTemporary result(this);
</span><del>-        m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), result.gpr());
</del><ins>+        m_jit.load32(JITCompiler::payloadFor(CallFrameSlot::argumentCount), result.gpr());
</ins><span class="cx">         int32Result(result.gpr(), node);
</span><span class="cx">         break;
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -806,7 +806,7 @@
</span><span class="cx"> 
</span><span class="cx">             shuffleData.setupCalleeSaveRegisters(m_jit.codeBlock());
</span><span class="cx">         } else {
</span><del>-            m_jit.store32(MacroAssembler::TrustedImm32(numPassedArgs), JITCompiler::calleeFramePayloadSlot(JSStack::ArgumentCount));
</del><ins>+            m_jit.store32(MacroAssembler::TrustedImm32(numPassedArgs), JITCompiler::calleeFramePayloadSlot(CallFrameSlot::argumentCount));
</ins><span class="cx"> 
</span><span class="cx">             for (int i = 0; i &lt; numPassedArgs; i++) {
</span><span class="cx">                 Edge argEdge = m_jit.graph().m_varArgChildren[node-&gt;firstChild() + 1 + i];
</span><span class="lines">@@ -824,7 +824,7 @@
</span><span class="cx">         JSValueOperand callee(this, calleeEdge);
</span><span class="cx">         calleeGPR = callee.gpr();
</span><span class="cx">         callee.use();
</span><del>-        m_jit.store64(calleeGPR, JITCompiler::calleeFrameSlot(JSStack::Callee));
</del><ins>+        m_jit.store64(calleeGPR, JITCompiler::calleeFrameSlot(CallFrameSlot::callee));
</ins><span class="cx"> 
</span><span class="cx">         flushRegisters();
</span><span class="cx">     }
</span><span class="lines">@@ -4047,7 +4047,7 @@
</span><span class="cx"> 
</span><span class="cx">     case GetCallee: {
</span><span class="cx">         GPRTemporary result(this);
</span><del>-        m_jit.loadPtr(JITCompiler::addressFor(JSStack::Callee), result.gpr());
</del><ins>+        m_jit.loadPtr(JITCompiler::addressFor(CallFrameSlot::callee), result.gpr());
</ins><span class="cx">         cellResult(result.gpr(), node);
</span><span class="cx">         break;
</span><span class="cx">     }
</span><span class="lines">@@ -4054,7 +4054,7 @@
</span><span class="cx">         
</span><span class="cx">     case GetArgumentCountIncludingThis: {
</span><span class="cx">         GPRTemporary result(this);
</span><del>-        m_jit.load32(JITCompiler::payloadFor(JSStack::ArgumentCount), result.gpr());
</del><ins>+        m_jit.load32(JITCompiler::payloadFor(CallFrameSlot::argumentCount), result.gpr());
</ins><span class="cx">         int32Result(result.gpr(), node);
</span><span class="cx">         break;
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStackLayoutPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -118,7 +118,7 @@
</span><span class="cx">             
</span><span class="cx">             if (inlineCallFrame-&gt;isVarargs()) {
</span><span class="cx">                 usedLocals.set(VirtualRegister(
</span><del>-                    JSStack::ArgumentCount + inlineCallFrame-&gt;stackOffset).toLocal());
</del><ins>+                    CallFrameSlot::argumentCount + inlineCallFrame-&gt;stackOffset).toLocal());
</ins><span class="cx">             }
</span><span class="cx">             
</span><span class="cx">             for (unsigned argument = inlineCallFrame-&gt;arguments.size(); argument-- &gt; 1;) {
</span><span class="lines">@@ -184,7 +184,7 @@
</span><span class="cx">             
</span><span class="cx">             if (inlineCallFrame-&gt;isVarargs()) {
</span><span class="cx">                 inlineCallFrame-&gt;argumentCountRegister = assign(
</span><del>-                    allocation, VirtualRegister(inlineCallFrame-&gt;stackOffset + JSStack::ArgumentCount));
</del><ins>+                    allocation, VirtualRegister(inlineCallFrame-&gt;stackOffset + CallFrameSlot::argumentCount));
</ins><span class="cx">             }
</span><span class="cx">             
</span><span class="cx">             for (unsigned argument = inlineCallFrame-&gt;arguments.size(); argument-- &gt; 1;) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGThunkscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -111,7 +111,7 @@
</span><span class="cx">     ptrdiff_t offsetOfFrameSize = 0; // This is the DFG frame count.
</span><span class="cx">     ptrdiff_t offsetOfTargetPC = offsetOfFrameSize + sizeof(EncodedJSValue);
</span><span class="cx">     ptrdiff_t offsetOfPayload = offsetOfTargetPC + sizeof(EncodedJSValue);
</span><del>-    ptrdiff_t offsetOfLocals = offsetOfPayload + sizeof(Register) * JSStack::CallFrameHeaderSize;
</del><ins>+    ptrdiff_t offsetOfLocals = offsetOfPayload + sizeof(Register) * CallFrame::headerSizeInRegisters;
</ins><span class="cx">     
</span><span class="cx">     jit.move(GPRInfo::returnValueGPR2, GPRInfo::regT0);
</span><span class="cx">     jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, offsetOfFrameSize), GPRInfo::regT1); // Load the frame size.
</span><span class="lines">@@ -128,7 +128,7 @@
</span><span class="cx">     jit.load32(MacroAssembler::BaseIndex(GPRInfo::regT0, GPRInfo::regT1, MacroAssembler::TimesEight, offsetOfLocals + sizeof(int32_t)), GPRInfo::regT3);
</span><span class="cx">     jit.store32(GPRInfo::regT2, MacroAssembler::BaseIndex(GPRInfo::callFrameRegister, GPRInfo::regT4, MacroAssembler::TimesEight, -static_cast&lt;intptr_t&gt;(sizeof(Register))));
</span><span class="cx">     jit.store32(GPRInfo::regT3, MacroAssembler::BaseIndex(GPRInfo::callFrameRegister, GPRInfo::regT4, MacroAssembler::TimesEight, -static_cast&lt;intptr_t&gt;(sizeof(Register)) + static_cast&lt;intptr_t&gt;(sizeof(int32_t))));
</span><del>-    jit.branchPtr(MacroAssembler::NotEqual, GPRInfo::regT1, MacroAssembler::TrustedImmPtr(bitwise_cast&lt;void*&gt;(-static_cast&lt;intptr_t&gt;(JSStack::CallFrameHeaderSize)))).linkTo(loop, &amp;jit);
</del><ins>+    jit.branchPtr(MacroAssembler::NotEqual, GPRInfo::regT1, MacroAssembler::TrustedImmPtr(bitwise_cast&lt;void*&gt;(-static_cast&lt;intptr_t&gt;(CallFrame::headerSizeInRegisters)))).linkTo(loop, &amp;jit);
</ins><span class="cx">     
</span><span class="cx">     jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, offsetOfTargetPC), GPRInfo::regT1);
</span><span class="cx">     MacroAssembler::Jump ok = jit.branchPtr(MacroAssembler::Above, GPRInfo::regT1, MacroAssembler::TrustedImmPtr(bitwise_cast&lt;void*&gt;(static_cast&lt;intptr_t&gt;(1000))));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLinkcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLink.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLink.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/ftl/FTLLink.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -130,7 +130,7 @@
</span><span class="cx">         CCallHelpers::JumpList mainPathJumps;
</span><span class="cx">     
</span><span class="cx">         jit.load32(
</span><del>-            frame.withOffset(sizeof(Register) * JSStack::ArgumentCount),
</del><ins>+            frame.withOffset(sizeof(Register) * CallFrameSlot::argumentCount),
</ins><span class="cx">             GPRInfo::regT1);
</span><span class="cx">         mainPathJumps.append(jit.branch32(
</span><span class="cx">             CCallHelpers::AboveOrEqual, GPRInfo::regT1,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -185,7 +185,7 @@
</span><span class="cx">         m_proc.addFastConstant(m_tagTypeNumber-&gt;key());
</span><span class="cx">         m_proc.addFastConstant(m_tagMask-&gt;key());
</span><span class="cx">         
</span><del>-        m_out.storePtr(m_out.constIntPtr(codeBlock()), addressFor(JSStack::CodeBlock));
</del><ins>+        m_out.storePtr(m_out.constIntPtr(codeBlock()), addressFor(CallFrameSlot::codeBlock));
</ins><span class="cx"> 
</span><span class="cx">         // Stack Overflow Check.
</span><span class="cx">         unsigned exitFrameSize = m_graph.requiredRegisterCountForExit() * sizeof(Register);
</span><span class="lines">@@ -212,7 +212,7 @@
</span><span class="cx">                     stackOverflow.link(&amp;jit);
</span><span class="cx">                     jit.store32(
</span><span class="cx">                         MacroAssembler::TrustedImm32(callSiteIndex.bits()),
</span><del>-                        CCallHelpers::tagFor(VirtualRegister(JSStack::ArgumentCount)));
</del><ins>+                        CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCount)));
</ins><span class="cx">                     jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer();
</span><span class="cx"> 
</span><span class="cx">                     jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
</span><span class="lines">@@ -3046,7 +3046,7 @@
</span><span class="cx">         else {
</span><span class="cx">             VirtualRegister argumentCountRegister;
</span><span class="cx">             if (!inlineCallFrame)
</span><del>-                argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
</del><ins>+                argumentCountRegister = VirtualRegister(CallFrameSlot::argumentCount);
</ins><span class="cx">             else
</span><span class="cx">                 argumentCountRegister = inlineCallFrame-&gt;argumentCountRegister;
</span><span class="cx">             limit = m_out.sub(m_out.load32(payloadFor(argumentCountRegister)), m_out.int32One);
</span><span class="lines">@@ -4732,12 +4732,12 @@
</span><span class="cx">     
</span><span class="cx">     void compileGetCallee()
</span><span class="cx">     {
</span><del>-        setJSValue(m_out.loadPtr(addressFor(JSStack::Callee)));
</del><ins>+        setJSValue(m_out.loadPtr(addressFor(CallFrameSlot::callee)));
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     void compileGetArgumentCountIncludingThis()
</span><span class="cx">     {
</span><del>-        setInt32(m_out.load32(payloadFor(JSStack::ArgumentCount)));
</del><ins>+        setInt32(m_out.load32(payloadFor(CallFrameSlot::argumentCount)));
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     void compileGetScope()
</span><span class="lines">@@ -5062,7 +5062,7 @@
</span><span class="cx"> 
</span><span class="cx">         LValue jsCallee = lowJSValue(m_graph.varArgChild(node, 0));
</span><span class="cx"> 
</span><del>-        unsigned frameSize = JSStack::CallFrameHeaderSize + numArgs;
</del><ins>+        unsigned frameSize = CallFrame::headerSizeInRegisters + numArgs;
</ins><span class="cx">         unsigned alignedFrameSize = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), frameSize);
</span><span class="cx"> 
</span><span class="cx">         // JS-&gt;JS calling convention requires that the caller allows this much space on top of stack to
</span><span class="lines">@@ -5085,12 +5085,12 @@
</span><span class="cx"> 
</span><span class="cx">         auto addArgument = [&amp;] (LValue value, VirtualRegister reg, int offset) {
</span><span class="cx">             intptr_t offsetFromSP =
</span><del>-                (reg.offset() - JSStack::CallerFrameAndPCSize) * sizeof(EncodedJSValue) + offset;
</del><ins>+                (reg.offset() - CallerFrameAndPC::sizeInRegisters) * sizeof(EncodedJSValue) + offset;
</ins><span class="cx">             arguments.append(ConstrainedValue(value, ValueRep::stackArgument(offsetFromSP)));
</span><span class="cx">         };
</span><span class="cx"> 
</span><del>-        addArgument(jsCallee, VirtualRegister(JSStack::Callee), 0);
-        addArgument(m_out.constInt32(numArgs), VirtualRegister(JSStack::ArgumentCount), PayloadOffset);
</del><ins>+        addArgument(jsCallee, VirtualRegister(CallFrameSlot::callee), 0);
+        addArgument(m_out.constInt32(numArgs), VirtualRegister(CallFrameSlot::argumentCount), PayloadOffset);
</ins><span class="cx">         for (unsigned i = 0; i &lt; numArgs; ++i)
</span><span class="cx">             addArgument(lowJSValue(m_graph.varArgChild(node, 1 + i)), virtualRegisterForArgument(i), 0);
</span><span class="cx"> 
</span><span class="lines">@@ -5117,7 +5117,7 @@
</span><span class="cx"> 
</span><span class="cx">                 jit.store32(
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><del>-                    CCallHelpers::tagFor(VirtualRegister(JSStack::ArgumentCount)));
</del><ins>+                    CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCount)));
</ins><span class="cx"> 
</span><span class="cx">                 CallLinkInfo* callLinkInfo = jit.codeBlock()-&gt;addCallLinkInfo();
</span><span class="cx"> 
</span><span class="lines">@@ -5235,7 +5235,7 @@
</span><span class="cx">                 // with the call site index of our frame. Bad things happen if it's not set.
</span><span class="cx">                 jit.store32(
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><del>-                    CCallHelpers::tagFor(VirtualRegister(JSStack::ArgumentCount)));
</del><ins>+                    CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCount)));
</ins><span class="cx"> 
</span><span class="cx">                 CallFrameShuffler slowPathShuffler(jit, shuffleData);
</span><span class="cx">                 slowPathShuffler.setCalleeJSValueRegs(JSValueRegs(GPRInfo::regT0));
</span><span class="lines">@@ -5340,7 +5340,7 @@
</span><span class="cx"> 
</span><span class="cx">                 jit.store32(
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><del>-                    CCallHelpers::tagFor(VirtualRegister(JSStack::ArgumentCount)));
</del><ins>+                    CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCount)));
</ins><span class="cx"> 
</span><span class="cx">                 CallLinkInfo* callLinkInfo = jit.codeBlock()-&gt;addCallLinkInfo();
</span><span class="cx">                 CallVarargsData* data = node-&gt;callVarargsData();
</span><span class="lines">@@ -5469,7 +5469,7 @@
</span><span class="cx">                     thisLateRep.emitRestore(jit, thisGPR);
</span><span class="cx">                 }
</span><span class="cx">                 
</span><del>-                jit.store64(GPRInfo::regT0, CCallHelpers::calleeFrameSlot(JSStack::Callee));
</del><ins>+                jit.store64(GPRInfo::regT0, CCallHelpers::calleeFrameSlot(CallFrameSlot::callee));
</ins><span class="cx">                 jit.store64(thisGPR, CCallHelpers::calleeArgumentSlot(0));
</span><span class="cx">                 
</span><span class="cx">                 CallLinkInfo::CallType callType;
</span><span class="lines">@@ -7152,7 +7152,7 @@
</span><span class="cx"> 
</span><span class="cx">         m_out.storePtr(m_callFrame, packet, m_heaps.ShadowChicken_Packet_frame);
</span><span class="cx">         m_out.storePtr(m_out.loadPtr(addressFor(0)), packet, m_heaps.ShadowChicken_Packet_callerFrame);
</span><del>-        m_out.storePtr(m_out.loadPtr(payloadFor(JSStack::Callee)), packet, m_heaps.ShadowChicken_Packet_callee);
</del><ins>+        m_out.storePtr(m_out.loadPtr(payloadFor(CallFrameSlot::callee)), packet, m_heaps.ShadowChicken_Packet_callee);
</ins><span class="cx">         m_out.storePtr(scope, packet, m_heaps.ShadowChicken_Packet_scope);
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -7220,7 +7220,7 @@
</span><span class="cx">             
</span><span class="cx">             VirtualRegister argumentCountRegister;
</span><span class="cx">             if (!inlineCallFrame)
</span><del>-                argumentCountRegister = VirtualRegister(JSStack::ArgumentCount);
</del><ins>+                argumentCountRegister = VirtualRegister(CallFrameSlot::argumentCount);
</ins><span class="cx">             else
</span><span class="cx">                 argumentCountRegister = inlineCallFrame-&gt;argumentCountRegister;
</span><span class="cx">             length.value = m_out.sub(m_out.load32(payloadFor(argumentCountRegister)), m_out.int32One);
</span><span class="lines">@@ -7241,7 +7241,7 @@
</span><span class="cx">                 return m_out.loadPtr(addressFor(frame-&gt;calleeRecovery.virtualRegister()));
</span><span class="cx">             return weakPointer(frame-&gt;calleeRecovery.constant().asCell());
</span><span class="cx">         }
</span><del>-        return m_out.loadPtr(addressFor(JSStack::Callee));
</del><ins>+        return m_out.loadPtr(addressFor(CallFrameSlot::callee));
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     LValue getArgumentsStart(InlineCallFrame* inlineCallFrame)
</span><span class="lines">@@ -10702,7 +10702,7 @@
</span><span class="cx">         CallSiteIndex callSiteIndex = m_ftlState.jitCode-&gt;common.addCodeOrigin(codeOrigin);
</span><span class="cx">         m_out.store32(
</span><span class="cx">             m_out.constInt32(callSiteIndex.bits()),
</span><del>-            tagFor(JSStack::ArgumentCount));
</del><ins>+            tagFor(CallFrameSlot::argumentCount));
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void callPreflight()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLOSRExitCompilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -394,7 +394,7 @@
</span><span class="cx">         jit.store64(GPRInfo::regT0, unwindScratch + i);
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    jit.load32(CCallHelpers::payloadFor(JSStack::ArgumentCount), GPRInfo::regT2);
</del><ins>+    jit.load32(CCallHelpers::payloadFor(CallFrameSlot::argumentCount), GPRInfo::regT2);
</ins><span class="cx">     
</span><span class="cx">     // Let's say that the FTL function had failed its arity check. In that case, the stack will
</span><span class="cx">     // contain some extra stuff.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLSlowPathCallh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLSlowPathCall.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLSlowPathCall.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/ftl/FTLSlowPathCall.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -103,7 +103,7 @@
</span><span class="cx">     if (callSiteIndex) {
</span><span class="cx">         jit.store32(
</span><span class="cx">             CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><del>-            CCallHelpers::tagFor(JSStack::ArgumentCount));
</del><ins>+            CCallHelpers::tagFor(CallFrameSlot::argumentCount));
</ins><span class="cx">     }
</span><span class="cx">     return callOperation(usedRegisters, jit, exceptionTarget, function, resultGPR, arguments...);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterCallFramecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -36,6 +36,15 @@
</span><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><ins>+void ExecState::initGlobalExec(ExecState* globalExec, JSCallee* globalCallee)
+{
+    globalExec-&gt;setCodeBlock(nullptr);
+    globalExec-&gt;setCallerFrame(noCaller());
+    globalExec-&gt;setReturnPC(0);
+    globalExec-&gt;setArgumentCountIncludingThis(0);
+    globalExec-&gt;setCallee(globalCallee);
+}
+
</ins><span class="cx"> bool CallFrame::callSiteBitsAreBytecodeOffset() const
</span><span class="cx"> {
</span><span class="cx">     ASSERT(codeBlock());
</span><span class="lines">@@ -76,12 +85,12 @@
</span><span class="cx"> 
</span><span class="cx"> unsigned CallFrame::callSiteAsRawBits() const
</span><span class="cx"> {
</span><del>-    return this[JSStack::ArgumentCount].tag();
</del><ins>+    return this[CallFrameSlot::argumentCount].tag();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> SUPPRESS_ASAN unsigned CallFrame::unsafeCallSiteAsRawBits() const
</span><span class="cx"> {
</span><del>-    return this[JSStack::ArgumentCount].unsafeTag();
</del><ins>+    return this[CallFrameSlot::argumentCount].unsafeTag();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> CallSiteIndex CallFrame::callSiteIndex() const
</span><span class="lines">@@ -111,7 +120,7 @@
</span><span class="cx"> void CallFrame::setCurrentVPC(Instruction* vpc)
</span><span class="cx"> {
</span><span class="cx">     CallSiteIndex callSite(vpc);
</span><del>-    this[JSStack::ArgumentCount].tag() = callSite.bits();
</del><ins>+    this[CallFrameSlot::argumentCount].tag() = callSite.bits();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> unsigned CallFrame::callSiteBitsAsBytecodeOffset() const
</span><span class="lines">@@ -131,7 +140,7 @@
</span><span class="cx"> void CallFrame::setCurrentVPC(Instruction* vpc)
</span><span class="cx"> {
</span><span class="cx">     CallSiteIndex callSite(vpc - codeBlock()-&gt;instructions().begin());
</span><del>-    this[JSStack::ArgumentCount].tag() = static_cast&lt;int32_t&gt;(callSite.bits());
</del><ins>+    this[CallFrameSlot::argumentCount].tag() = static_cast&lt;int32_t&gt;(callSite.bits());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> unsigned CallFrame::callSiteBitsAsBytecodeOffset() const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterCallFrameh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/CallFrame.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/CallFrame.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/interpreter/CallFrame.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> /*
</span><span class="cx">  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
</span><span class="cx">  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
</span><del>- *  Copyright (C) 2003, 2007, 2008, 2011, 2013-2016 Apple Inc. All rights reserved.
</del><ins>+ *  Copyright (C) 2003, 2007-2008, 2011, 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  *  This library is free software; you can redistribute it and/or
</span><span class="cx">  *  modify it under the terms of the GNU Library General Public
</span><span class="lines">@@ -24,7 +24,6 @@
</span><span class="cx"> #define CallFrame_h
</span><span class="cx"> 
</span><span class="cx"> #include &quot;AbstractPC.h&quot;
</span><del>-#include &quot;JSStack.h&quot;
</del><span class="cx"> #include &quot;MacroAssemblerCodeRef.h&quot;
</span><span class="cx"> #include &quot;Register.h&quot;
</span><span class="cx"> #include &quot;StackVisitor.h&quot;
</span><span class="lines">@@ -34,9 +33,15 @@
</span><span class="cx"> namespace JSC  {
</span><span class="cx"> 
</span><span class="cx">     class Arguments;
</span><ins>+    class ExecState;
</ins><span class="cx">     class Interpreter;
</span><ins>+    class JSCallee;
</ins><span class="cx">     class JSScope;
</span><span class="cx"> 
</span><ins>+    struct Instruction;
+
+    typedef ExecState CallFrame;
+
</ins><span class="cx">     struct CallSiteIndex {
</span><span class="cx">         CallSiteIndex()
</span><span class="cx">             : m_bits(UINT_MAX)
</span><span class="lines">@@ -60,15 +65,32 @@
</span><span class="cx">         uint32_t m_bits;
</span><span class="cx">     };
</span><span class="cx"> 
</span><ins>+    struct CallerFrameAndPC {
+        CallFrame* callerFrame;
+        Instruction* pc;
+        static const int sizeInRegisters = 2 * sizeof(void*) / sizeof(Register);
+    };
+    static_assert(CallerFrameAndPC::sizeInRegisters == sizeof(CallerFrameAndPC) / sizeof(Register), &quot;CallerFrameAndPC::sizeInRegisters is incorrect.&quot;);
+
+    struct CallFrameSlot {
+        static const int codeBlock = CallerFrameAndPC::sizeInRegisters;
+        static const int callee = codeBlock + 1;
+        static const int argumentCount = callee + 1;
+        static const int thisArgument = argumentCount + 1;
+        static const int firstArgument = thisArgument + 1;
+    };
+
</ins><span class="cx">     // Represents the current state of script execution.
</span><span class="cx">     // Passed as the first argument to most functions.
</span><span class="cx">     class ExecState : private Register {
</span><span class="cx">     public:
</span><del>-        JSValue calleeAsValue() const { return this[JSStack::Callee].jsValue(); }
-        JSObject* callee() const { return this[JSStack::Callee].object(); }
-        SUPPRESS_ASAN JSValue unsafeCallee() const { return this[JSStack::Callee].asanUnsafeJSValue(); }
-        CodeBlock* codeBlock() const { return this[JSStack::CodeBlock].Register::codeBlock(); }
-        SUPPRESS_ASAN CodeBlock* unsafeCodeBlock() const { return this[JSStack::CodeBlock].Register::asanUnsafeCodeBlock(); }
</del><ins>+        static const int headerSizeInRegisters = CallFrameSlot::argumentCount + 1;
+
+        JSValue calleeAsValue() const { return this[CallFrameSlot::callee].jsValue(); }
+        JSObject* callee() const { return this[CallFrameSlot::callee].object(); }
+        SUPPRESS_ASAN JSValue unsafeCallee() const { return this[CallFrameSlot::callee].asanUnsafeJSValue(); }
+        CodeBlock* codeBlock() const { return this[CallFrameSlot::codeBlock].Register::codeBlock(); }
+        SUPPRESS_ASAN CodeBlock* unsafeCodeBlock() const { return this[CallFrameSlot::codeBlock].Register::asanUnsafeCodeBlock(); }
</ins><span class="cx">         JSScope* scope(int scopeRegisterOffset) const
</span><span class="cx">         {
</span><span class="cx">             ASSERT(this[scopeRegisterOffset].Register::scope());
</span><span class="lines">@@ -164,18 +186,8 @@
</span><span class="cx">         void setCallerFrame(CallFrame* frame) { callerFrameAndPC().callerFrame = frame; }
</span><span class="cx">         void setScope(int scopeRegisterOffset, JSScope* scope) { static_cast&lt;Register*&gt;(this)[scopeRegisterOffset] = scope; }
</span><span class="cx"> 
</span><del>-        ALWAYS_INLINE void init(CodeBlock* codeBlock, Instruction* vPC,
-            CallFrame* callerFrame, int argc, JSObject* callee) 
-        { 
-            ASSERT(callerFrame == noCaller() || callerFrame-&gt;stack()-&gt;containsAddress(this)); 
</del><ins>+        static void initGlobalExec(ExecState* globalExec, JSCallee* globalCallee);
</ins><span class="cx"> 
</span><del>-            setCodeBlock(codeBlock); 
-            setCallerFrame(callerFrame); 
-            setReturnPC(vPC); // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*. 
-            setArgumentCountIncludingThis(argc); // original argument count (for the sake of the &quot;arguments&quot; object) 
-            setCallee(callee); 
-        }
-
</del><span class="cx">         // Read a register from the codeframe (or constant from the CodeBlock).
</span><span class="cx">         Register&amp; r(int);
</span><span class="cx">         Register&amp; r(VirtualRegister);
</span><span class="lines">@@ -185,9 +197,9 @@
</span><span class="cx"> 
</span><span class="cx">         // Access to arguments as passed. (After capture, arguments may move to a different location.)
</span><span class="cx">         size_t argumentCount() const { return argumentCountIncludingThis() - 1; }
</span><del>-        size_t argumentCountIncludingThis() const { return this[JSStack::ArgumentCount].payload(); }
-        static int argumentOffset(int argument) { return (JSStack::FirstArgument + argument); }
-        static int argumentOffsetIncludingThis(int argument) { return (JSStack::ThisArgument + argument); }
</del><ins>+        size_t argumentCountIncludingThis() const { return this[CallFrameSlot::argumentCount].payload(); }
+        static int argumentOffset(int argument) { return (CallFrameSlot::firstArgument + argument); }
+        static int argumentOffsetIncludingThis(int argument) { return (CallFrameSlot::thisArgument + argument); }
</ins><span class="cx"> 
</span><span class="cx">         // In the following (argument() and setArgument()), the 'argument'
</span><span class="cx">         // parameter is the index of the arguments of the target function of
</span><span class="lines">@@ -233,13 +245,13 @@
</span><span class="cx"> 
</span><span class="cx">         JSValue argumentAfterCapture(size_t argument);
</span><span class="cx"> 
</span><del>-        static int offsetFor(size_t argumentCountIncludingThis) { return argumentCountIncludingThis + JSStack::ThisArgument - 1; }
</del><ins>+        static int offsetFor(size_t argumentCountIncludingThis) { return argumentCountIncludingThis + CallFrameSlot::thisArgument - 1; }
</ins><span class="cx"> 
</span><span class="cx">         static CallFrame* noCaller() { return 0; }
</span><span class="cx"> 
</span><del>-        void setArgumentCountIncludingThis(int count) { static_cast&lt;Register*&gt;(this)[JSStack::ArgumentCount].payload() = count; }
-        void setCallee(JSObject* callee) { static_cast&lt;Register*&gt;(this)[JSStack::Callee] = callee; }
-        void setCodeBlock(CodeBlock* codeBlock) { static_cast&lt;Register*&gt;(this)[JSStack::CodeBlock] = codeBlock; }
</del><ins>+        void setArgumentCountIncludingThis(int count) { static_cast&lt;Register*&gt;(this)[CallFrameSlot::argumentCount].payload() = count; }
+        void setCallee(JSObject* callee) { static_cast&lt;Register*&gt;(this)[CallFrameSlot::callee] = callee; }
+        void setCodeBlock(CodeBlock* codeBlock) { static_cast&lt;Register*&gt;(this)[CallFrameSlot::codeBlock] = codeBlock; }
</ins><span class="cx">         void setReturnPC(void* value) { callerFrameAndPC().pc = reinterpret_cast&lt;Instruction*&gt;(value); }
</span><span class="cx"> 
</span><span class="cx">         String friendlyFunctionName();
</span><span class="lines">@@ -279,10 +291,10 @@
</span><span class="cx">             int offset = reg - this-&gt;registers();
</span><span class="cx"> 
</span><span class="cx">             // The offset is defined (based on argumentOffset()) to be:
</span><del>-            //       offset = JSStack::FirstArgument - argIndex;
</del><ins>+            //       offset = CallFrameSlot::firstArgument - argIndex;
</ins><span class="cx">             // Hence:
</span><del>-            //       argIndex = JSStack::FirstArgument - offset;
-            size_t argIndex = offset - JSStack::FirstArgument;
</del><ins>+            //       argIndex = CallFrameSlot::firstArgument - offset;
+            size_t argIndex = offset - CallFrameSlot::firstArgument;
</ins><span class="cx">             return argIndex;
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -290,7 +302,9 @@
</span><span class="cx">         const CallerFrameAndPC&amp; callerFrameAndPC() const { return *reinterpret_cast&lt;const CallerFrameAndPC*&gt;(this); }
</span><span class="cx">         SUPPRESS_ASAN const CallerFrameAndPC&amp; unsafeCallerFrameAndPC() const { return *reinterpret_cast&lt;const CallerFrameAndPC*&gt;(this); }
</span><span class="cx"> 
</span><ins>+#if !ENABLE(JIT)
</ins><span class="cx">         friend class JSStack;
</span><ins>+#endif
</ins><span class="cx">     };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -401,8 +401,8 @@
</span><span class="cx">     const Register* it;
</span><span class="cx">     const Register* end;
</span><span class="cx"> 
</span><del>-    it = callFrame-&gt;registers() + JSStack::ThisArgument + callFrame-&gt;argumentCount();
-    end = callFrame-&gt;registers() + JSStack::ThisArgument - 1;
</del><ins>+    it = callFrame-&gt;registers() + CallFrameSlot::thisArgument + callFrame-&gt;argumentCount();
+    end = callFrame-&gt;registers() + CallFrameSlot::thisArgument - 1;
</ins><span class="cx">     while (it &gt; end) {
</span><span class="cx">         JSValue v = it-&gt;jsValue();
</span><span class="cx">         int registerNumber = it - callFrame-&gt;registers();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpreterh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -262,12 +262,12 @@
</span><span class="cx">         // aligned size. Align the size here.
</span><span class="cx">         argumentCountIncludingThis = WTF::roundUpToMultipleOf(
</span><span class="cx">             stackAlignmentRegisters(),
</span><del>-            argumentCountIncludingThis + JSStack::CallFrameHeaderSize) - JSStack::CallFrameHeaderSize;
</del><ins>+            argumentCountIncludingThis + CallFrame::headerSizeInRegisters) - CallFrame::headerSizeInRegisters;
</ins><span class="cx"> 
</span><span class="cx">         // Align the frame offset here.
</span><span class="cx">         unsigned paddedCalleeFrameOffset = WTF::roundUpToMultipleOf(
</span><span class="cx">             stackAlignmentRegisters(),
</span><del>-            numUsedStackSlots + argumentCountIncludingThis + JSStack::CallFrameHeaderSize);
</del><ins>+            numUsedStackSlots + argumentCountIncludingThis + CallFrame::headerSizeInRegisters);
</ins><span class="cx">         return CallFrame::create(callFrame-&gt;registers() - paddedCalleeFrameOffset);
</span><span class="cx">     }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterJSStackh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/JSStack.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/JSStack.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/interpreter/JSStack.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #ifndef JSStack_h
</span><span class="cx"> #define JSStack_h
</span><span class="cx"> 
</span><del>-#include &quot;ExecutableAllocator.h&quot;
</del><span class="cx"> #include &quot;Register.h&quot;
</span><span class="cx"> #include &lt;wtf/Noncopyable.h&gt;
</span><span class="cx"> #include &lt;wtf/PageReservation.h&gt;
</span><span class="lines">@@ -39,34 +38,13 @@
</span><span class="cx"> 
</span><span class="cx">     class CodeBlockSet;
</span><span class="cx">     class ConservativeRoots;
</span><del>-    class ExecState;
</del><span class="cx">     class JITStubRoutineSet;
</span><span class="cx">     class VM;
</span><span class="cx">     class LLIntOffsetsExtractor;
</span><span class="cx"> 
</span><del>-    struct Instruction;
-    typedef ExecState CallFrame;
-
-    struct CallerFrameAndPC {
-        CallFrame* callerFrame;
-        Instruction* pc;
-    };
-
</del><span class="cx">     class JSStack {
</span><span class="cx">         WTF_MAKE_NONCOPYABLE(JSStack);
</span><span class="cx">     public:
</span><del>-        enum CallFrameHeaderEntry {
-            CallerFrameAndPCSize = sizeof(CallerFrameAndPC) / sizeof(Register),
-            CodeBlock = CallerFrameAndPCSize,
-            Callee,
-            ArgumentCount,
-            CallFrameHeaderSize,
-
-            // The following entries are not part of the CallFrameHeader but are provided here as a convenience:
-            ThisArgument = CallFrameHeaderSize,
-            FirstArgument,
-        };
-
</del><span class="cx">         // Allow 8k of excess registers before we start trying to reap the stack
</span><span class="cx">         static const ptrdiff_t maxExcessCapacity = 8 * 1024;
</span><span class="cx"> 
</span><span class="lines">@@ -77,10 +55,7 @@
</span><span class="cx">         bool containsAddress(Register* address) { return (lowAddress() &lt;= address &amp;&amp; address &lt; highAddress()); }
</span><span class="cx">         static size_t committedByteCount();
</span><span class="cx"> 
</span><del>-#if ENABLE(JIT)
-        void gatherConservativeRoots(ConservativeRoots&amp;, JITStubRoutineSet&amp;, CodeBlockSet&amp;) { }
-        void sanitizeStack() { }
-#else
</del><ins>+#if !ENABLE(JIT)
</ins><span class="cx">         ~JSStack();
</span><span class="cx"> 
</span><span class="cx">         void gatherConservativeRoots(ConservativeRoots&amp;, JITStubRoutineSet&amp;, CodeBlockSet&amp;);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitAssemblyHelperscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -293,7 +293,7 @@
</span><span class="cx"> 
</span><span class="cx"> void AssemblyHelpers::jitAssertArgumentCountSane()
</span><span class="cx"> {
</span><del>-    Jump ok = branch32(Below, payloadFor(JSStack::ArgumentCount), TrustedImm32(10000000));
</del><ins>+    Jump ok = branch32(Below, payloadFor(CallFrameSlot::argumentCount), TrustedImm32(10000000));
</ins><span class="cx">     abortWithReason(AHInsaneArgumentCount);
</span><span class="cx">     ok.link(this);
</span><span class="cx"> }
</span><span class="lines">@@ -544,7 +544,7 @@
</span><span class="cx"> 
</span><span class="cx"> void AssemblyHelpers::emitRandomThunk(GPRReg scratch0, GPRReg scratch1, GPRReg scratch2, GPRReg scratch3, FPRReg result)
</span><span class="cx"> {
</span><del>-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, scratch3);
</del><ins>+    emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, scratch3);
</ins><span class="cx">     emitLoadStructure(scratch3, scratch3, scratch0);
</span><span class="cx">     loadPtr(Address(scratch3, Structure::globalObjectOffset()), scratch3);
</span><span class="cx">     // Now, scratch3 holds JSGlobalObject*.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -560,26 +560,26 @@
</span><span class="cx">     }
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><del>-    void emitGetFromCallFrameHeaderPtr(JSStack::CallFrameHeaderEntry entry, GPRReg to, GPRReg from = GPRInfo::callFrameRegister)
</del><ins>+    void emitGetFromCallFrameHeaderPtr(int entry, GPRReg to, GPRReg from = GPRInfo::callFrameRegister)
</ins><span class="cx">     {
</span><span class="cx">         loadPtr(Address(from, entry * sizeof(Register)), to);
</span><span class="cx">     }
</span><del>-    void emitGetFromCallFrameHeader32(JSStack::CallFrameHeaderEntry entry, GPRReg to, GPRReg from = GPRInfo::callFrameRegister)
</del><ins>+    void emitGetFromCallFrameHeader32(int entry, GPRReg to, GPRReg from = GPRInfo::callFrameRegister)
</ins><span class="cx">     {
</span><span class="cx">         load32(Address(from, entry * sizeof(Register)), to);
</span><span class="cx">     }
</span><span class="cx"> #if USE(JSVALUE64)
</span><del>-    void emitGetFromCallFrameHeader64(JSStack::CallFrameHeaderEntry entry, GPRReg to, GPRReg from = GPRInfo::callFrameRegister)
</del><ins>+    void emitGetFromCallFrameHeader64(int entry, GPRReg to, GPRReg from = GPRInfo::callFrameRegister)
</ins><span class="cx">     {
</span><span class="cx">         load64(Address(from, entry * sizeof(Register)), to);
</span><span class="cx">     }
</span><span class="cx"> #endif // USE(JSVALUE64)
</span><del>-    void emitPutToCallFrameHeader(GPRReg from, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    void emitPutToCallFrameHeader(GPRReg from, int entry)
</ins><span class="cx">     {
</span><span class="cx">         storePtr(from, Address(GPRInfo::callFrameRegister, entry * sizeof(Register)));
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    void emitPutToCallFrameHeader(void* value, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    void emitPutToCallFrameHeader(void* value, int entry)
</ins><span class="cx">     {
</span><span class="cx">         storePtr(TrustedImmPtr(value), Address(GPRInfo::callFrameRegister, entry * sizeof(Register)));
</span><span class="cx">     }
</span><span class="lines">@@ -609,17 +609,17 @@
</span><span class="cx">     // caller's frame pointer. On some platforms, the callee is responsible for pushing the
</span><span class="cx">     // &quot;link register&quot; containing the return address in the function prologue.
</span><span class="cx"> #if USE(JSVALUE64)
</span><del>-    void emitPutToCallFrameHeaderBeforePrologue(GPRReg from, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    void emitPutToCallFrameHeaderBeforePrologue(GPRReg from, int entry)
</ins><span class="cx">     {
</span><span class="cx">         storePtr(from, Address(stackPointerRegister, entry * static_cast&lt;ptrdiff_t&gt;(sizeof(Register)) - prologueStackPointerDelta()));
</span><span class="cx">     }
</span><span class="cx"> #else
</span><del>-    void emitPutPayloadToCallFrameHeaderBeforePrologue(GPRReg from, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    void emitPutPayloadToCallFrameHeaderBeforePrologue(GPRReg from, int entry)
</ins><span class="cx">     {
</span><span class="cx">         storePtr(from, Address(stackPointerRegister, entry * static_cast&lt;ptrdiff_t&gt;(sizeof(Register)) - prologueStackPointerDelta() + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    void emitPutTagToCallFrameHeaderBeforePrologue(TrustedImm32 tag, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    void emitPutTagToCallFrameHeaderBeforePrologue(TrustedImm32 tag, int entry)
</ins><span class="cx">     {
</span><span class="cx">         storePtr(tag, Address(stackPointerRegister, entry * static_cast&lt;ptrdiff_t&gt;(sizeof(Register)) - prologueStackPointerDelta() + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
</span><span class="cx">     }
</span><span class="lines">@@ -933,8 +933,8 @@
</span><span class="cx">     // Access to our fixed callee CallFrame.
</span><span class="cx">     static Address calleeFrameSlot(int slot)
</span><span class="cx">     {
</span><del>-        ASSERT(slot &gt;= JSStack::CallerFrameAndPCSize);
-        return Address(stackPointerRegister, sizeof(Register) * (slot - JSStack::CallerFrameAndPCSize));
</del><ins>+        ASSERT(slot &gt;= CallerFrameAndPC::sizeInRegisters);
+        return Address(stackPointerRegister, sizeof(Register) * (slot - CallerFrameAndPC::sizeInRegisters));
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Access to our fixed callee CallFrame.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCCallHelperscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CCallHelpers.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CCallHelpers.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/CCallHelpers.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -37,7 +37,7 @@
</span><span class="cx">     storePtr(GPRInfo::callFrameRegister, Address(shadowPacket, OBJECT_OFFSETOF(ShadowChicken::Packet, frame)));
</span><span class="cx">     loadPtr(Address(GPRInfo::callFrameRegister, OBJECT_OFFSETOF(CallerFrameAndPC, callerFrame)), scratch1);
</span><span class="cx">     storePtr(scratch1, Address(shadowPacket, OBJECT_OFFSETOF(ShadowChicken::Packet, callerFrame)));
</span><del>-    loadPtr(addressFor(JSStack::Callee), scratch1);
</del><ins>+    loadPtr(addressFor(CallFrameSlot::callee), scratch1);
</ins><span class="cx">     storePtr(scratch1, Address(shadowPacket, OBJECT_OFFSETOF(ShadowChicken::Packet, callee)));
</span><span class="cx">     storePtr(scope, Address(shadowPacket, OBJECT_OFFSETOF(ShadowChicken::Packet, scope)));
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CCallHelpers.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CCallHelpers.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/CCallHelpers.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -2278,13 +2278,13 @@
</span><span class="cx">             GPRReg oldFrameSizeGPR = temp2;
</span><span class="cx">             {
</span><span class="cx">                 GPRReg argCountGPR = oldFrameSizeGPR;
</span><del>-                load32(Address(framePointerRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), argCountGPR);
</del><ins>+                load32(Address(framePointerRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), argCountGPR);
</ins><span class="cx"> 
</span><span class="cx">                 {
</span><span class="cx">                     GPRReg numParametersGPR = temp1;
</span><span class="cx">                     {
</span><span class="cx">                         GPRReg codeBlockGPR = numParametersGPR;
</span><del>-                        loadPtr(Address(framePointerRegister, JSStack::CodeBlock * static_cast&lt;int&gt;(sizeof(Register))), codeBlockGPR);
</del><ins>+                        loadPtr(Address(framePointerRegister, CallFrameSlot::codeBlock * static_cast&lt;int&gt;(sizeof(Register))), codeBlockGPR);
</ins><span class="cx">                         load32(Address(codeBlockGPR, CodeBlock::offsetOfNumParameters()), numParametersGPR);
</span><span class="cx">                     }
</span><span class="cx"> 
</span><span class="lines">@@ -2294,7 +2294,7 @@
</span><span class="cx">                     argumentCountWasNotFixedUp.link(this);
</span><span class="cx">                 }
</span><span class="cx"> 
</span><del>-                add32(TrustedImm32(stackAlignmentRegisters() + JSStack::CallFrameHeaderSize - 1), argCountGPR, oldFrameSizeGPR);
</del><ins>+                add32(TrustedImm32(stackAlignmentRegisters() + CallFrame::headerSizeInRegisters - 1), argCountGPR, oldFrameSizeGPR);
</ins><span class="cx">                 and32(TrustedImm32(-stackAlignmentRegisters()), oldFrameSizeGPR);
</span><span class="cx">                 // We assume &lt; 2^28 arguments
</span><span class="cx">                 mul32(TrustedImm32(sizeof(Register)), oldFrameSizeGPR, oldFrameSizeGPR);
</span><span class="lines">@@ -2307,9 +2307,9 @@
</span><span class="cx">             // The new frame size is just the number of arguments plus the
</span><span class="cx">             // frame header size, aligned
</span><span class="cx">             ASSERT(newFrameSizeGPR != newFramePointer);
</span><del>-            load32(Address(stackPointerRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)),
</del><ins>+            load32(Address(stackPointerRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)),
</ins><span class="cx">                 newFrameSizeGPR);
</span><del>-            add32(TrustedImm32(stackAlignmentRegisters() + JSStack::CallFrameHeaderSize - 1), newFrameSizeGPR);
</del><ins>+            add32(TrustedImm32(stackAlignmentRegisters() + CallFrame::headerSizeInRegisters - 1), newFrameSizeGPR);
</ins><span class="cx">             and32(TrustedImm32(-stackAlignmentRegisters()), newFrameSizeGPR);
</span><span class="cx">             // We assume &lt; 2^28 arguments
</span><span class="cx">             mul32(TrustedImm32(sizeof(Register)), newFrameSizeGPR, newFrameSizeGPR);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCallFrameShufflercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -36,11 +36,11 @@
</span><span class="cx"> 
</span><span class="cx"> CallFrameShuffler::CallFrameShuffler(CCallHelpers&amp; jit, const CallFrameShuffleData&amp; data)
</span><span class="cx">     : m_jit(jit)
</span><del>-    , m_oldFrame(data.numLocals + JSStack::CallerFrameAndPCSize, nullptr)
-    , m_newFrame(data.args.size() + JSStack::CallFrameHeaderSize, nullptr)
-    , m_alignedOldFrameSize(JSStack::CallFrameHeaderSize
</del><ins>+    , m_oldFrame(data.numLocals + CallerFrameAndPC::sizeInRegisters, nullptr)
+    , m_newFrame(data.args.size() + CallFrame::headerSizeInRegisters, nullptr)
+    , m_alignedOldFrameSize(CallFrame::headerSizeInRegisters
</ins><span class="cx">         + roundArgumentCountToAlignFrame(jit.codeBlock()-&gt;numParameters()))
</span><del>-    , m_alignedNewFrameSize(JSStack::CallFrameHeaderSize
</del><ins>+    , m_alignedNewFrameSize(CallFrame::headerSizeInRegisters
</ins><span class="cx">         + roundArgumentCountToAlignFrame(data.args.size()))
</span><span class="cx">     , m_frameDelta(m_alignedNewFrameSize - m_alignedOldFrameSize)
</span><span class="cx">     , m_lockedRegisters(RegisterSet::allRegisters())
</span><span class="lines">@@ -54,7 +54,7 @@
</span><span class="cx">     m_lockedRegisters.exclude(RegisterSet::vmCalleeSaveRegisters());
</span><span class="cx"> 
</span><span class="cx">     ASSERT(!data.callee.isInJSStack() || data.callee.virtualRegister().isLocal());
</span><del>-    addNew(VirtualRegister(JSStack::Callee), data.callee);
</del><ins>+    addNew(VirtualRegister(CallFrameSlot::callee), data.callee);
</ins><span class="cx"> 
</span><span class="cx">     for (size_t i = 0; i &lt; data.args.size(); ++i) {
</span><span class="cx">         ASSERT(!data.args[i].isInJSStack() || data.args[i].virtualRegister().isLocal());
</span><span class="lines">@@ -145,7 +145,7 @@
</span><span class="cx">                     out.printf(&quot; %c%8s &lt;- %18s %c &quot;, d, str.data(),
</span><span class="cx">                         recoveryStr.data(), d);
</span><span class="cx">                 }
</span><del>-            } else if (newReg == VirtualRegister { JSStack::ArgumentCount })
</del><ins>+            } else if (newReg == VirtualRegister { CallFrameSlot::argumentCount })
</ins><span class="cx">                 out.printf(&quot; %c%8s &lt;- %18zu %c &quot;, d, str.data(), argCount(), d);
</span><span class="cx">             else
</span><span class="cx">                 out.printf(&quot; %c%30s %c &quot;, d, &quot;&quot;, d);
</span><span class="lines">@@ -323,7 +323,7 @@
</span><span class="cx">         m_jit.subPtr(MacroAssembler::TrustedImm32(delta * sizeof(Register)), MacroAssembler::stackPointerRegister);
</span><span class="cx"> 
</span><span class="cx">         if (isSlowPath())
</span><del>-            m_frameDelta = numLocals() + JSStack::CallerFrameAndPCSize;
</del><ins>+            m_frameDelta = numLocals() + CallerFrameAndPC::sizeInRegisters;
</ins><span class="cx">         else
</span><span class="cx">             m_oldFrameOffset = numLocals();
</span><span class="cx"> 
</span><span class="lines">@@ -339,9 +339,9 @@
</span><span class="cx">     ASSERT(isUndecided());
</span><span class="cx">     emitDeltaCheck();
</span><span class="cx"> 
</span><del>-    m_frameDelta = numLocals() + JSStack::CallerFrameAndPCSize;
</del><ins>+    m_frameDelta = numLocals() + CallerFrameAndPC::sizeInRegisters;
</ins><span class="cx">     m_newFrameBase = MacroAssembler::stackPointerRegister;
</span><del>-    m_newFrameOffset = -JSStack::CallerFrameAndPCSize;
</del><ins>+    m_newFrameOffset = -CallerFrameAndPC::sizeInRegisters;
</ins><span class="cx"> 
</span><span class="cx">     if (verbose)
</span><span class="cx">         dataLog(&quot;\n\nPreparing frame for slow path call:\n&quot;);
</span><span class="lines">@@ -423,11 +423,11 @@
</span><span class="cx">     // old frame (taking into account an argument count higher than
</span><span class="cx">     // the number of parameters), then substracting to it the aligned
</span><span class="cx">     // new frame size (adjusted).
</span><del>-    m_jit.load32(MacroAssembler::Address(GPRInfo::callFrameRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), m_newFrameBase);
</del><ins>+    m_jit.load32(MacroAssembler::Address(GPRInfo::callFrameRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), m_newFrameBase);
</ins><span class="cx">     MacroAssembler::Jump argumentCountOK =
</span><span class="cx">         m_jit.branch32(MacroAssembler::BelowOrEqual, m_newFrameBase,
</span><span class="cx">             MacroAssembler::TrustedImm32(m_jit.codeBlock()-&gt;numParameters()));
</span><del>-    m_jit.add32(MacroAssembler::TrustedImm32(stackAlignmentRegisters() - 1 + JSStack::CallFrameHeaderSize), m_newFrameBase);
</del><ins>+    m_jit.add32(MacroAssembler::TrustedImm32(stackAlignmentRegisters() - 1 + CallFrame::headerSizeInRegisters), m_newFrameBase);
</ins><span class="cx">     m_jit.and32(MacroAssembler::TrustedImm32(-stackAlignmentRegisters()), m_newFrameBase);
</span><span class="cx">     m_jit.mul32(MacroAssembler::TrustedImm32(sizeof(Register)), m_newFrameBase, m_newFrameBase);
</span><span class="cx">     MacroAssembler::Jump done = m_jit.jump();
</span><span class="lines">@@ -743,11 +743,11 @@
</span><span class="cx">     // We need to handle 4) first because it implies releasing
</span><span class="cx">     // m_newFrameBase, which could be a wanted register.
</span><span class="cx">     if (verbose)
</span><del>-        dataLog(&quot;   * Storing the argument count into &quot;, VirtualRegister { JSStack::ArgumentCount }, &quot;\n&quot;);
</del><ins>+        dataLog(&quot;   * Storing the argument count into &quot;, VirtualRegister { CallFrameSlot::argumentCount }, &quot;\n&quot;);
</ins><span class="cx">     m_jit.store32(MacroAssembler::TrustedImm32(0),
</span><del>-        addressForNew(VirtualRegister { JSStack::ArgumentCount }).withOffset(TagOffset));
</del><ins>+        addressForNew(VirtualRegister { CallFrameSlot::argumentCount }).withOffset(TagOffset));
</ins><span class="cx">     m_jit.store32(MacroAssembler::TrustedImm32(argCount()),
</span><del>-        addressForNew(VirtualRegister { JSStack::ArgumentCount }).withOffset(PayloadOffset));
</del><ins>+        addressForNew(VirtualRegister { CallFrameSlot::argumentCount }).withOffset(PayloadOffset));
</ins><span class="cx"> 
</span><span class="cx">     if (!isSlowPath()) {
</span><span class="cx">         ASSERT(m_newFrameBase != MacroAssembler::stackPointerRegister);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCallFrameShufflerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CallFrameShuffler.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CallFrameShuffler.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/CallFrameShuffler.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -103,7 +103,7 @@
</span><span class="cx"> 
</span><span class="cx">         CallFrameShuffleData data;
</span><span class="cx">         data.numLocals = numLocals();
</span><del>-        data.callee = getNew(VirtualRegister { JSStack::Callee })-&gt;recovery();
</del><ins>+        data.callee = getNew(VirtualRegister { CallFrameSlot::callee })-&gt;recovery();
</ins><span class="cx">         data.args.resize(argCount());
</span><span class="cx">         for (size_t i = 0; i &lt; argCount(); ++i)
</span><span class="cx">             data.args[i] = getNew(virtualRegisterForArgument(i))-&gt;recovery();
</span><span class="lines">@@ -129,7 +129,7 @@
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isUndecided());
</span><span class="cx">         ASSERT(!getNew(jsValueRegs));
</span><del>-        CachedRecovery* cachedRecovery { getNew(VirtualRegister(JSStack::Callee)) };
</del><ins>+        CachedRecovery* cachedRecovery { getNew(VirtualRegister(CallFrameSlot::callee)) };
</ins><span class="cx">         ASSERT(cachedRecovery);
</span><span class="cx">         addNew(jsValueRegs, cachedRecovery-&gt;recovery());
</span><span class="cx">     }
</span><span class="lines">@@ -142,7 +142,7 @@
</span><span class="cx">     void assumeCalleeIsCell()
</span><span class="cx">     {
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><del>-        CachedRecovery&amp; calleeCachedRecovery = *getNew(VirtualRegister(JSStack::Callee));
</del><ins>+        CachedRecovery&amp; calleeCachedRecovery = *getNew(VirtualRegister(CallFrameSlot::callee));
</ins><span class="cx">         switch (calleeCachedRecovery.recovery().technique()) {
</span><span class="cx">         case InPair:
</span><span class="cx">             updateRecovery(
</span><span class="lines">@@ -297,17 +297,17 @@
</span><span class="cx"> 
</span><span class="cx">     int numLocals() const
</span><span class="cx">     {
</span><del>-        return m_oldFrame.size() - JSStack::CallerFrameAndPCSize;
</del><ins>+        return m_oldFrame.size() - CallerFrameAndPC::sizeInRegisters;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     CachedRecovery* getOld(VirtualRegister reg) const
</span><span class="cx">     {
</span><del>-        return m_oldFrame[JSStack::CallerFrameAndPCSize - reg.offset() - 1];
</del><ins>+        return m_oldFrame[CallerFrameAndPC::sizeInRegisters - reg.offset() - 1];
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void setOld(VirtualRegister reg, CachedRecovery* cachedRecovery)
</span><span class="cx">     {
</span><del>-        m_oldFrame[JSStack::CallerFrameAndPCSize - reg.offset() - 1] = cachedRecovery;
</del><ins>+        m_oldFrame[CallerFrameAndPC::sizeInRegisters - reg.offset() - 1] = cachedRecovery;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     VirtualRegister firstOld() const
</span><span class="lines">@@ -317,7 +317,7 @@
</span><span class="cx"> 
</span><span class="cx">     VirtualRegister lastOld() const
</span><span class="cx">     {
</span><del>-        return VirtualRegister { JSStack::CallerFrameAndPCSize - 1 };
</del><ins>+        return VirtualRegister { CallerFrameAndPC::sizeInRegisters - 1 };
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     bool isValidOld(VirtualRegister reg) const
</span><span class="lines">@@ -339,7 +339,7 @@
</span><span class="cx"> 
</span><span class="cx">     size_t argCount() const
</span><span class="cx">     {
</span><del>-        return m_newFrame.size() - JSStack::CallFrameHeaderSize;
</del><ins>+        return m_newFrame.size() - CallFrame::headerSizeInRegisters;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     CachedRecovery* getNew(VirtualRegister newRegister) const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JIT.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -569,7 +569,7 @@
</span><span class="cx">         nop();
</span><span class="cx"> 
</span><span class="cx">     emitFunctionPrologue();
</span><del>-    emitPutToCallFrameHeader(m_codeBlock, JSStack::CodeBlock);
</del><ins>+    emitPutToCallFrameHeader(m_codeBlock, CallFrameSlot::codeBlock);
</ins><span class="cx"> 
</span><span class="cx">     Label beginLabel(this);
</span><span class="cx"> 
</span><span class="lines">@@ -627,9 +627,9 @@
</span><span class="cx">         m_arityCheck = label();
</span><span class="cx">         store8(TrustedImm32(0), &amp;m_codeBlock-&gt;m_shouldAlwaysBeInlined);
</span><span class="cx">         emitFunctionPrologue();
</span><del>-        emitPutToCallFrameHeader(m_codeBlock, JSStack::CodeBlock);
</del><ins>+        emitPutToCallFrameHeader(m_codeBlock, CallFrameSlot::codeBlock);
</ins><span class="cx"> 
</span><del>-        load32(payloadFor(JSStack::ArgumentCount), regT1);
</del><ins>+        load32(payloadFor(CallFrameSlot::argumentCount), regT1);
</ins><span class="cx">         branch32(AboveOrEqual, regT1, TrustedImm32(m_codeBlock-&gt;m_numParameters)).linkTo(beginLabel, this);
</span><span class="cx"> 
</span><span class="cx">         m_bytecodeOffset = 0;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JIT.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -706,7 +706,7 @@
</span><span class="cx"> 
</span><span class="cx">         void emitInitRegister(int dst);
</span><span class="cx"> 
</span><del>-        void emitPutIntToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry);
</del><ins>+        void emitPutIntToCallFrameHeader(RegisterID from, int entry);
</ins><span class="cx"> 
</span><span class="cx">         JSValue getConstantOperand(int src);
</span><span class="cx">         bool isOperandConstantInt(int src);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCallcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCall.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCall.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JITCall.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -80,7 +80,7 @@
</span><span class="cx">     move(returnValueGPR, regT1);
</span><span class="cx"> 
</span><span class="cx">     // Profile the argument count.
</span><del>-    load32(Address(regT1, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), regT2);
</del><ins>+    load32(Address(regT1, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), regT2);
</ins><span class="cx">     load8(info-&gt;addressOfMaxNumArguments(), regT0);
</span><span class="cx">     Jump notBiggest = branch32(Above, regT0, regT2);
</span><span class="cx">     Jump notSaturated = branch32(BelowOrEqual, regT2, TrustedImm32(255));
</span><span class="lines">@@ -123,7 +123,7 @@
</span><span class="cx"> 
</span><span class="cx">     addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
</span><span class="cx"> 
</span><del>-    load64(Address(stackPointerRegister, sizeof(Register) * JSStack::Callee - sizeof(CallerFrameAndPC)), regT0);
</del><ins>+    load64(Address(stackPointerRegister, sizeof(Register) * CallFrameSlot::callee - sizeof(CallerFrameAndPC)), regT0);
</ins><span class="cx">     move(TrustedImmPtr(info), regT2);
</span><span class="cx">     Call call = emitNakedCall();
</span><span class="cx">     addLinkTask(
</span><span class="lines">@@ -181,15 +181,15 @@
</span><span class="cx">         }
</span><span class="cx">     
</span><span class="cx">         addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
</span><del>-        store32(TrustedImm32(argCount), Address(stackPointerRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
</del><ins>+        store32(TrustedImm32(argCount), Address(stackPointerRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
</ins><span class="cx">     } // SP holds newCallFrame + sizeof(CallerFrameAndPC), with ArgumentCount initialized.
</span><span class="cx">     
</span><span class="cx">     uint32_t bytecodeOffset = instruction - m_codeBlock-&gt;instructions().begin();
</span><span class="cx">     uint32_t locationBits = CallSiteIndex(bytecodeOffset).bits();
</span><del>-    store32(TrustedImm32(locationBits), Address(callFrameRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + TagOffset));
</del><ins>+    store32(TrustedImm32(locationBits), Address(callFrameRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + TagOffset));
</ins><span class="cx"> 
</span><span class="cx">     emitGetVirtualRegister(callee, regT0); // regT0 holds callee.
</span><del>-    store64(regT0, Address(stackPointerRegister, JSStack::Callee * static_cast&lt;int&gt;(sizeof(Register)) - sizeof(CallerFrameAndPC)));
</del><ins>+    store64(regT0, Address(stackPointerRegister, CallFrameSlot::callee * static_cast&lt;int&gt;(sizeof(Register)) - sizeof(CallerFrameAndPC)));
</ins><span class="cx"> 
</span><span class="cx">     if (opcodeID == op_call_eval) {
</span><span class="cx">         compileCallEval(instruction);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCall32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -170,7 +170,7 @@
</span><span class="cx">     move(returnValueGPR, regT1);
</span><span class="cx"> 
</span><span class="cx">     // Profile the argument count.
</span><del>-    load32(Address(regT1, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), regT2);
</del><ins>+    load32(Address(regT1, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset), regT2);
</ins><span class="cx">     load8(info-&gt;addressOfMaxNumArguments(), regT0);
</span><span class="cx">     Jump notBiggest = branch32(Above, regT0, regT2);
</span><span class="cx">     Jump notSaturated = branch32(BelowOrEqual, regT2, TrustedImm32(255));
</span><span class="lines">@@ -214,11 +214,11 @@
</span><span class="cx"> 
</span><span class="cx">     addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
</span><span class="cx"> 
</span><del>-    loadPtr(Address(stackPointerRegister, sizeof(Register) * JSStack::Callee - sizeof(CallerFrameAndPC)), regT0);
-    loadPtr(Address(stackPointerRegister, sizeof(Register) * JSStack::Callee - sizeof(CallerFrameAndPC)), regT1);
</del><ins>+    loadPtr(Address(stackPointerRegister, sizeof(Register) * CallFrameSlot::callee - sizeof(CallerFrameAndPC)), regT0);
+    loadPtr(Address(stackPointerRegister, sizeof(Register) * CallFrameSlot::callee - sizeof(CallerFrameAndPC)), regT1);
</ins><span class="cx">     move(TrustedImmPtr(info), regT2);
</span><span class="cx"> 
</span><del>-    emitLoad(JSStack::Callee, regT1, regT0);
</del><ins>+    emitLoad(CallFrameSlot::callee, regT1, regT0);
</ins><span class="cx">     MacroAssemblerCodeRef virtualThunk = virtualThunkFor(m_vm, *info);
</span><span class="cx">     info-&gt;setSlowStub(createJITStubRoutine(virtualThunk, *m_vm, nullptr, true));
</span><span class="cx">     emitNakedCall(virtualThunk.code());
</span><span class="lines">@@ -265,15 +265,15 @@
</span><span class="cx">     
</span><span class="cx">         addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
</span><span class="cx"> 
</span><del>-        store32(TrustedImm32(argCount), Address(stackPointerRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
</del><ins>+        store32(TrustedImm32(argCount), Address(stackPointerRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
</ins><span class="cx">     } // SP holds newCallFrame + sizeof(CallerFrameAndPC), with ArgumentCount initialized.
</span><span class="cx">     
</span><span class="cx">     uint32_t locationBits = CallSiteIndex(instruction).bits();
</span><del>-    store32(TrustedImm32(locationBits), tagFor(JSStack::ArgumentCount, callFrameRegister));
</del><ins>+    store32(TrustedImm32(locationBits), tagFor(CallFrameSlot::argumentCount, callFrameRegister));
</ins><span class="cx">     emitLoad(callee, regT1, regT0); // regT1, regT0 holds callee.
</span><span class="cx"> 
</span><del>-    store32(regT0, Address(stackPointerRegister, JSStack::Callee * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
-    store32(regT1, Address(stackPointerRegister, JSStack::Callee * static_cast&lt;int&gt;(sizeof(Register)) + TagOffset - sizeof(CallerFrameAndPC)));
</del><ins>+    store32(regT0, Address(stackPointerRegister, CallFrameSlot::callee * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
+    store32(regT1, Address(stackPointerRegister, CallFrameSlot::callee * static_cast&lt;int&gt;(sizeof(Register)) + TagOffset - sizeof(CallerFrameAndPC)));
</ins><span class="cx"> 
</span><span class="cx">     if (opcodeID == op_call_eval) {
</span><span class="cx">         compileCallEval(instruction);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlines.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlines.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JITInlines.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -88,7 +88,7 @@
</span><span class="cx">     return m_codeBlock-&gt;getConstant(src);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-ALWAYS_INLINE void JIT::emitPutIntToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
</del><ins>+ALWAYS_INLINE void JIT::emitPutIntToCallFrameHeader(RegisterID from, int entry)
</ins><span class="cx"> {
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx">     store32(TrustedImm32(Int32Tag), intTagFor(entry, callFrameRegister));
</span><span class="lines">@@ -142,7 +142,7 @@
</span><span class="cx"> #else
</span><span class="cx">     uint32_t locationBits = CallSiteIndex(m_bytecodeOffset + 1).bits();
</span><span class="cx"> #endif
</span><del>-    store32(TrustedImm32(locationBits), intTagFor(JSStack::ArgumentCount));
</del><ins>+    store32(TrustedImm32(locationBits), intTagFor(CallFrameSlot::argumentCount));
</ins><span class="cx">     
</span><span class="cx">     // FIXME: It's not clear that this is needed. JITOperations tend to update the top call frame on
</span><span class="cx">     // the C++ side.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -723,7 +723,7 @@
</span><span class="cx"> void JIT::emit_op_get_scope(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     int dst = currentInstruction[1].u.operand;
</span><del>-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, regT0);
</del><ins>+    emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, regT0);
</ins><span class="cx">     loadPtr(Address(regT0, JSFunction::offsetOfScopeChain()), regT0);
</span><span class="cx">     emitStoreCell(dst, regT0);
</span><span class="cx"> }
</span><span class="lines">@@ -1444,7 +1444,7 @@
</span><span class="cx"> void JIT::emit_op_argument_count(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     int dst = currentInstruction[1].u.operand;
</span><del>-    load32(payloadFor(JSStack::ArgumentCount), regT0);
</del><ins>+    load32(payloadFor(CallFrameSlot::argumentCount), regT0);
</ins><span class="cx">     sub32(TrustedImm32(1), regT0);
</span><span class="cx">     JSValueRegs result = JSValueRegs::withTwoAvailableRegs(regT0, regT1);
</span><span class="cx">     boxInt32(regT0, result);
</span><span class="lines">@@ -1461,7 +1461,7 @@
</span><span class="cx"> {
</span><span class="cx">     int dst = currentInstruction[1].u.operand;
</span><span class="cx">     unsigned numParamsToSkip = currentInstruction[2].u.unsignedValue;
</span><del>-    load32(payloadFor(JSStack::ArgumentCount), regT0);
</del><ins>+    load32(payloadFor(CallFrameSlot::argumentCount), regT0);
</ins><span class="cx">     sub32(TrustedImm32(1), regT0);
</span><span class="cx">     Jump zeroLength = branch32(LessThanOrEqual, regT0, Imm32(numParamsToSkip));
</span><span class="cx">     sub32(Imm32(numParamsToSkip), regT0);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -55,7 +55,7 @@
</span><span class="cx">     Call nativeCall;
</span><span class="cx"> 
</span><span class="cx">     emitFunctionPrologue();
</span><del>-    emitPutToCallFrameHeader(0, JSStack::CodeBlock);
</del><ins>+    emitPutToCallFrameHeader(0, CallFrameSlot::codeBlock);
</ins><span class="cx">     storePtr(callFrameRegister, &amp;m_vm-&gt;topCallFrame);
</span><span class="cx"> 
</span><span class="cx"> #if CPU(X86)
</span><span class="lines">@@ -81,7 +81,7 @@
</span><span class="cx">     // Host function signature is f(ExecState*).
</span><span class="cx">     move(callFrameRegister, argumentGPR0);
</span><span class="cx"> 
</span><del>-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, argumentGPR1);
</del><ins>+    emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, argumentGPR1);
</ins><span class="cx">     loadPtr(Address(argumentGPR1, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
</span><span class="cx"> 
</span><span class="cx">     // call the function
</span><span class="lines">@@ -997,7 +997,7 @@
</span><span class="cx"> void JIT::emit_op_get_scope(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     int dst = currentInstruction[1].u.operand;
</span><del>-    emitGetFromCallFrameHeaderPtr(JSStack::Callee, regT0);
</del><ins>+    emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, regT0);
</ins><span class="cx">     loadPtr(Address(regT0, JSFunction::offsetOfScopeChain()), regT0);
</span><span class="cx">     emitStoreCell(dst, regT0);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJSInterfaceJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -71,10 +71,10 @@
</span><span class="cx"> 
</span><span class="cx">         Jump emitJumpIfNotType(RegisterID baseReg, JSType);
</span><span class="cx"> 
</span><del>-        void emitGetFromCallFrameHeaderPtr(JSStack::CallFrameHeaderEntry, RegisterID to, RegisterID from = callFrameRegister);
-        void emitPutToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry);
-        void emitPutToCallFrameHeader(void* value, JSStack::CallFrameHeaderEntry);
-        void emitPutCellToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry);
</del><ins>+        void emitGetFromCallFrameHeaderPtr(int entry, RegisterID to, RegisterID from = callFrameRegister);
+        void emitPutToCallFrameHeader(RegisterID from, int entry);
+        void emitPutToCallFrameHeader(void* value, int entry);
+        void emitPutCellToCallFrameHeader(RegisterID from, int entry);
</ins><span class="cx"> 
</span><span class="cx">         inline Address payloadFor(int index, RegisterID base = callFrameRegister);
</span><span class="cx">         inline Address intPayloadFor(int index, RegisterID base = callFrameRegister);
</span><span class="lines">@@ -221,12 +221,12 @@
</span><span class="cx">         return branch8(NotEqual, Address(baseReg, JSCell::typeInfoTypeOffset()), TrustedImm32(type));
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    ALWAYS_INLINE void JSInterfaceJIT::emitGetFromCallFrameHeaderPtr(JSStack::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
</del><ins>+    ALWAYS_INLINE void JSInterfaceJIT::emitGetFromCallFrameHeaderPtr(int entry, RegisterID to, RegisterID from)
</ins><span class="cx">     {
</span><span class="cx">         loadPtr(Address(from, entry * sizeof(Register)), to);
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    ALWAYS_INLINE void JSInterfaceJIT::emitPutToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    ALWAYS_INLINE void JSInterfaceJIT::emitPutToCallFrameHeader(RegisterID from, int entry)
</ins><span class="cx">     {
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx">         storePtr(from, payloadFor(entry, callFrameRegister));
</span><span class="lines">@@ -235,12 +235,12 @@
</span><span class="cx"> #endif
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    ALWAYS_INLINE void JSInterfaceJIT::emitPutToCallFrameHeader(void* value, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    ALWAYS_INLINE void JSInterfaceJIT::emitPutToCallFrameHeader(void* value, int entry)
</ins><span class="cx">     {
</span><span class="cx">         storePtr(TrustedImmPtr(value), Address(callFrameRegister, entry * sizeof(Register)));
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    ALWAYS_INLINE void JSInterfaceJIT::emitPutCellToCallFrameHeader(RegisterID from, JSStack::CallFrameHeaderEntry entry)
</del><ins>+    ALWAYS_INLINE void JSInterfaceJIT::emitPutCellToCallFrameHeader(RegisterID from, int entry)
</ins><span class="cx">     {
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx">         store32(TrustedImm32(JSValue::CellTag), tagFor(entry, callFrameRegister));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitSetupVarargsFramecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/SetupVarargsFrame.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -47,7 +47,7 @@
</span><span class="cx">     jit.andPtr(CCallHelpers::TrustedImm32(~(stackAlignmentRegisters() - 1)), resultGPR);
</span><span class="cx"> 
</span><span class="cx">     jit.addPtr(lengthGPR, resultGPR);
</span><del>-    jit.addPtr(CCallHelpers::TrustedImm32(JSStack::CallFrameHeaderSize + (lengthIncludesThis? 0 : 1)), resultGPR);
</del><ins>+    jit.addPtr(CCallHelpers::TrustedImm32(CallFrame::headerSizeInRegisters + (lengthIncludesThis? 0 : 1)), resultGPR);
</ins><span class="cx">     
</span><span class="cx">     // resultGPR now has the required frame size in Register units
</span><span class="cx">     // Round resultGPR to next multiple of stackAlignmentRegisters()
</span><span class="lines">@@ -85,7 +85,7 @@
</span><span class="cx">     slowCase.append(jit.branchPtr(CCallHelpers::Above, CCallHelpers::AbsoluteAddress(jit.vm()-&gt;osStackLimitWithReserve()), scratchGPR2));
</span><span class="cx"> 
</span><span class="cx">     // Initialize ArgumentCount.
</span><del>-    jit.store32(scratchGPR1, CCallHelpers::Address(scratchGPR2, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset));
</del><ins>+    jit.store32(scratchGPR1, CCallHelpers::Address(scratchGPR2, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset));
</ins><span class="cx"> 
</span><span class="cx">     // Copy arguments.
</span><span class="cx">     jit.signExtend32ToPtr(scratchGPR1, scratchGPR1);
</span><span class="lines">@@ -131,7 +131,7 @@
</span><span class="cx">             firstArgumentReg = VirtualRegister(0);
</span><span class="cx">     } else {
</span><span class="cx">         argumentCountRecovery = ValueRecovery::displacedInJSStack(
</span><del>-            VirtualRegister(JSStack::ArgumentCount), DataFormatInt32);
</del><ins>+            VirtualRegister(CallFrameSlot::argumentCount), DataFormatInt32);
</ins><span class="cx">         firstArgumentReg = VirtualRegister(CallFrame::argumentOffset(0));
</span><span class="cx">     }
</span><span class="cx">     emitSetupVarargsFrameFastCase(jit, numUsedSlotsGPR, scratchGPR1, scratchGPR2, scratchGPR3, argumentCountRecovery, firstArgumentReg, firstVarArgOffset, slowCase);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitSpecializedThunkJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx">             emitFunctionPrologue();
</span><span class="cx">             emitSaveThenMaterializeTagRegisters();
</span><span class="cx">             // Check that we have the expected number of arguments
</span><del>-            m_failures.append(branch32(NotEqual, payloadFor(JSStack::ArgumentCount), TrustedImm32(expectedArgCount + 1)));
</del><ins>+            m_failures.append(branch32(NotEqual, payloadFor(CallFrameSlot::argumentCount), TrustedImm32(expectedArgCount + 1)));
</ins><span class="cx">         }
</span><span class="cx">         
</span><span class="cx">         explicit SpecializedThunkJIT(VM* vm)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -259,7 +259,7 @@
</span><span class="cx">         break;
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    jit.emitPutToCallFrameHeader(0, JSStack::CodeBlock);
</del><ins>+    jit.emitPutToCallFrameHeader(0, CallFrameSlot::codeBlock);
</ins><span class="cx">     jit.storePtr(JSInterfaceJIT::callFrameRegister, &amp;vm-&gt;topCallFrame);
</span><span class="cx"> 
</span><span class="cx"> #if CPU(X86)
</span><span class="lines">@@ -270,7 +270,7 @@
</span><span class="cx">     jit.subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::stackPointerRegister); // Align stack after prologue.
</span><span class="cx"> 
</span><span class="cx">     // call the function
</span><del>-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1);
</del><ins>+    jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, JSInterfaceJIT::regT1);
</ins><span class="cx">     jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT1);
</span><span class="cx">     jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, executableOffsetToFunction));
</span><span class="cx"> 
</span><span class="lines">@@ -282,7 +282,7 @@
</span><span class="cx">     // Host function signature: f(ExecState*);
</span><span class="cx">     jit.move(JSInterfaceJIT::callFrameRegister, X86Registers::edi);
</span><span class="cx"> 
</span><del>-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, X86Registers::esi);
</del><ins>+    jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, X86Registers::esi);
</ins><span class="cx">     jit.loadPtr(JSInterfaceJIT::Address(X86Registers::esi, JSFunction::offsetOfExecutable()), X86Registers::r9);
</span><span class="cx">     jit.call(JSInterfaceJIT::Address(X86Registers::r9, executableOffsetToFunction));
</span><span class="cx"> 
</span><span class="lines">@@ -295,7 +295,7 @@
</span><span class="cx">     // At this point the stack is aligned to 16 bytes, but if this changes at some point, we need to emit code to align it.
</span><span class="cx">     jit.subPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister);
</span><span class="cx"> 
</span><del>-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, X86Registers::edx);
</del><ins>+    jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, X86Registers::edx);
</ins><span class="cx">     jit.loadPtr(JSInterfaceJIT::Address(X86Registers::edx, JSFunction::offsetOfExecutable()), X86Registers::r9);
</span><span class="cx">     jit.call(JSInterfaceJIT::Address(X86Registers::r9, executableOffsetToFunction));
</span><span class="cx"> 
</span><span class="lines">@@ -310,7 +310,7 @@
</span><span class="cx">     // Host function signature: f(ExecState*);
</span><span class="cx">     jit.move(JSInterfaceJIT::callFrameRegister, ARM64Registers::x0);
</span><span class="cx"> 
</span><del>-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, ARM64Registers::x1);
</del><ins>+    jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, ARM64Registers::x1);
</ins><span class="cx">     jit.loadPtr(JSInterfaceJIT::Address(ARM64Registers::x1, JSFunction::offsetOfExecutable()), ARM64Registers::x2);
</span><span class="cx">     jit.call(JSInterfaceJIT::Address(ARM64Registers::x2, executableOffsetToFunction));
</span><span class="cx"> #elif CPU(ARM) || CPU(SH4) || CPU(MIPS)
</span><span class="lines">@@ -323,7 +323,7 @@
</span><span class="cx">     // Host function signature is f(ExecState*).
</span><span class="cx">     jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::argumentGPR0);
</span><span class="cx"> 
</span><del>-    jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::argumentGPR1);
</del><ins>+    jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, JSInterfaceJIT::argumentGPR1);
</ins><span class="cx">     jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::argumentGPR1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT2);
</span><span class="cx">     jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT2, executableOffsetToFunction));
</span><span class="cx"> 
</span><span class="lines">@@ -419,8 +419,8 @@
</span><span class="cx">     jit.pop(JSInterfaceJIT::regT4);
</span><span class="cx"> #  endif
</span><span class="cx">     jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
</span><del>-    jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::argumentGPR2);
-    jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::argumentGPR2);
</del><ins>+    jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrameSlot::argumentCount * sizeof(Register)), JSInterfaceJIT::argumentGPR2);
+    jit.add32(JSInterfaceJIT::TrustedImm32(CallFrame::headerSizeInRegisters), JSInterfaceJIT::argumentGPR2);
</ins><span class="cx"> 
</span><span class="cx">     // Check to see if we have extra slots we can use
</span><span class="cx">     jit.move(JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::argumentGPR1);
</span><span class="lines">@@ -469,8 +469,8 @@
</span><span class="cx">     jit.pop(JSInterfaceJIT::regT4);
</span><span class="cx"> #  endif
</span><span class="cx">     jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
</span><del>-    jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::argumentGPR2);
-    jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::argumentGPR2);
</del><ins>+    jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrameSlot::argumentCount * sizeof(Register)), JSInterfaceJIT::argumentGPR2);
+    jit.add32(JSInterfaceJIT::TrustedImm32(CallFrame::headerSizeInRegisters), JSInterfaceJIT::argumentGPR2);
</ins><span class="cx"> 
</span><span class="cx">     // Check to see if we have extra slots we can use
</span><span class="cx">     jit.move(JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::argumentGPR1);
</span><span class="lines">@@ -1043,8 +1043,8 @@
</span><span class="cx">     jit.emitFunctionPrologue();
</span><span class="cx">     
</span><span class="cx">     // Set up our call frame.
</span><del>-    jit.storePtr(CCallHelpers::TrustedImmPtr(nullptr), CCallHelpers::addressFor(JSStack::CodeBlock));
-    jit.store32(CCallHelpers::TrustedImm32(0), CCallHelpers::tagFor(JSStack::ArgumentCount));
</del><ins>+    jit.storePtr(CCallHelpers::TrustedImmPtr(nullptr), CCallHelpers::addressFor(CallFrameSlot::codeBlock));
+    jit.store32(CCallHelpers::TrustedImm32(0), CCallHelpers::tagFor(CallFrameSlot::argumentCount));
</ins><span class="cx"> 
</span><span class="cx">     unsigned extraStackNeeded = 0;
</span><span class="cx">     if (unsigned stackMisalignment = sizeof(CallerFrameAndPC) % stackAlignmentBytes())
</span><span class="lines">@@ -1065,8 +1065,8 @@
</span><span class="cx">     //
</span><span class="cx">     // That's really all there is to this. We have all the registers we need to do it.
</span><span class="cx">     
</span><del>-    jit.load32(CCallHelpers::payloadFor(JSStack::ArgumentCount), GPRInfo::regT1);
-    jit.add32(CCallHelpers::TrustedImm32(JSStack::CallFrameHeaderSize - JSStack::CallerFrameAndPCSize), GPRInfo::regT1, GPRInfo::regT2);
</del><ins>+    jit.load32(CCallHelpers::payloadFor(CallFrameSlot::argumentCount), GPRInfo::regT1);
+    jit.add32(CCallHelpers::TrustedImm32(CallFrame::headerSizeInRegisters - CallerFrameAndPC::sizeInRegisters), GPRInfo::regT1, GPRInfo::regT2);
</ins><span class="cx">     jit.lshift32(CCallHelpers::TrustedImm32(3), GPRInfo::regT2);
</span><span class="cx">     jit.add32(CCallHelpers::TrustedImm32(stackAlignmentBytes() - 1), GPRInfo::regT2);
</span><span class="cx">     jit.and32(CCallHelpers::TrustedImm32(-stackAlignmentBytes()), GPRInfo::regT2);
</span><span class="lines">@@ -1081,9 +1081,9 @@
</span><span class="cx"> 
</span><span class="cx">     // Do basic callee frame setup, including 'this'.
</span><span class="cx">     
</span><del>-    jit.loadCell(CCallHelpers::addressFor(JSStack::Callee), GPRInfo::regT3);
</del><ins>+    jit.loadCell(CCallHelpers::addressFor(CallFrameSlot::callee), GPRInfo::regT3);
</ins><span class="cx"> 
</span><del>-    jit.store32(GPRInfo::regT1, CCallHelpers::calleeFramePayloadSlot(JSStack::ArgumentCount));
</del><ins>+    jit.store32(GPRInfo::regT1, CCallHelpers::calleeFramePayloadSlot(CallFrameSlot::argumentCount));
</ins><span class="cx">     
</span><span class="cx">     JSValueRegs valueRegs = JSValueRegs::withTwoAvailableRegs(GPRInfo::regT0, GPRInfo::regT2);
</span><span class="cx">     jit.loadValue(CCallHelpers::Address(GPRInfo::regT3, JSBoundFunction::offsetOfBoundThis()), valueRegs);
</span><span class="lines">@@ -1090,7 +1090,7 @@
</span><span class="cx">     jit.storeValue(valueRegs, CCallHelpers::calleeArgumentSlot(0));
</span><span class="cx"> 
</span><span class="cx">     jit.loadPtr(CCallHelpers::Address(GPRInfo::regT3, JSBoundFunction::offsetOfTargetFunction()), GPRInfo::regT3);
</span><del>-    jit.storeCell(GPRInfo::regT3, CCallHelpers::calleeFrameSlot(JSStack::Callee));
</del><ins>+    jit.storeCell(GPRInfo::regT3, CCallHelpers::calleeFrameSlot(CallFrameSlot::callee));
</ins><span class="cx">     
</span><span class="cx">     // OK, now we can start copying. This is a simple matter of copying parameters from the caller's
</span><span class="cx">     // frame to the callee's frame. Note that we know that regT1 (the argument count) must be at
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntData.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntData.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/llint/LLIntData.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -96,18 +96,18 @@
</span><span class="cx"> 
</span><span class="cx">     STATIC_ASSERT(sizeof(void*) == PtrSize);
</span><span class="cx">     STATIC_ASSERT(sizeof(Register) == SlotSize);
</span><del>-    STATIC_ASSERT(JSStack::CallFrameHeaderSize == CallFrameHeaderSlots);
</del><ins>+    STATIC_ASSERT(CallFrame::headerSizeInRegisters == CallFrameHeaderSlots);
</ins><span class="cx"> 
</span><span class="cx">     ASSERT(!CallFrame::callerFrameOffset());
</span><del>-    STATIC_ASSERT(JSStack::CallerFrameAndPCSize == (PtrSize * 2) / SlotSize);
</del><ins>+    STATIC_ASSERT(CallerFrameAndPC::sizeInRegisters == (PtrSize * 2) / SlotSize);
</ins><span class="cx">     ASSERT(CallFrame::returnPCOffset() == CallFrame::callerFrameOffset() + PtrSize);
</span><del>-    ASSERT(JSStack::CodeBlock * sizeof(Register) == CallFrame::returnPCOffset() + PtrSize);
-    STATIC_ASSERT(JSStack::Callee * sizeof(Register) == JSStack::CodeBlock * sizeof(Register) + SlotSize);
-    STATIC_ASSERT(JSStack::ArgumentCount * sizeof(Register) == JSStack::Callee * sizeof(Register) + SlotSize);
-    STATIC_ASSERT(JSStack::ThisArgument * sizeof(Register) == JSStack::ArgumentCount * sizeof(Register) + SlotSize);
-    STATIC_ASSERT(JSStack::CallFrameHeaderSize == JSStack::ThisArgument);
</del><ins>+    ASSERT(CallFrameSlot::codeBlock * sizeof(Register) == CallFrame::returnPCOffset() + PtrSize);
+    STATIC_ASSERT(CallFrameSlot::callee * sizeof(Register) == CallFrameSlot::codeBlock * sizeof(Register) + SlotSize);
+    STATIC_ASSERT(CallFrameSlot::argumentCount * sizeof(Register) == CallFrameSlot::callee * sizeof(Register) + SlotSize);
+    STATIC_ASSERT(CallFrameSlot::thisArgument * sizeof(Register) == CallFrameSlot::argumentCount * sizeof(Register) + SlotSize);
+    STATIC_ASSERT(CallFrame::headerSizeInRegisters == CallFrameSlot::thisArgument);
</ins><span class="cx"> 
</span><del>-    ASSERT(CallFrame::argumentOffsetIncludingThis(0) == JSStack::ThisArgument);
</del><ins>+    ASSERT(CallFrame::argumentOffsetIncludingThis(0) == CallFrameSlot::thisArgument);
</ins><span class="cx"> 
</span><span class="cx"> #if CPU(BIG_ENDIAN)
</span><span class="cx">     ASSERT(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag) == 0);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -1326,7 +1326,7 @@
</span><span class="cx">     ExecState* execCallee = exec - pc[4].u.operand;
</span><span class="cx">     
</span><span class="cx">     execCallee-&gt;setArgumentCountIncludingThis(pc[3].u.operand);
</span><del>-    execCallee-&gt;uncheckedR(JSStack::Callee) = calleeAsValue;
</del><ins>+    execCallee-&gt;uncheckedR(CallFrameSlot::callee) = calleeAsValue;
</ins><span class="cx">     execCallee-&gt;setCallerFrame(exec);
</span><span class="cx">     
</span><span class="cx">     ASSERT(pc[5].u.callLinkInfo);
</span><span class="lines">@@ -1405,7 +1405,7 @@
</span><span class="cx">         setupForwardArgumentsFrameAndSetThis(exec, execCallee, LLINT_OP_C(3).jsValue(), vm.varargsLength);
</span><span class="cx"> 
</span><span class="cx">     execCallee-&gt;setCallerFrame(exec);
</span><del>-    execCallee-&gt;uncheckedR(JSStack::Callee) = calleeAsValue;
</del><ins>+    execCallee-&gt;uncheckedR(CallFrameSlot::callee) = calleeAsValue;
</ins><span class="cx">     exec-&gt;setCurrentVPC(pc);
</span><span class="cx"> 
</span><span class="cx">     return setUpCall(execCallee, pc, kind, calleeAsValue);
</span><span class="lines">@@ -1436,7 +1436,7 @@
</span><span class="cx">     
</span><span class="cx">     execCallee-&gt;setArgumentCountIncludingThis(pc[3].u.operand);
</span><span class="cx">     execCallee-&gt;setCallerFrame(exec);
</span><del>-    execCallee-&gt;uncheckedR(JSStack::Callee) = calleeAsValue;
</del><ins>+    execCallee-&gt;uncheckedR(CallFrameSlot::callee) = calleeAsValue;
</ins><span class="cx">     execCallee-&gt;setReturnPC(LLInt::getCodePtr(llint_generic_return_point));
</span><span class="cx">     execCallee-&gt;setCodeBlock(0);
</span><span class="cx">     exec-&gt;setCurrentVPC(pc);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeCommonSlowPathsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -60,9 +60,9 @@
</span><span class="cx">     int argumentCountIncludingThis = exec-&gt;argumentCountIncludingThis();
</span><span class="cx">     
</span><span class="cx">     ASSERT(argumentCountIncludingThis &lt; newCodeBlock-&gt;numParameters());
</span><del>-    int frameSize = argumentCountIncludingThis + JSStack::CallFrameHeaderSize;
</del><ins>+    int frameSize = argumentCountIncludingThis + CallFrame::headerSizeInRegisters;
</ins><span class="cx">     int alignedFrameSizeForParameters = WTF::roundUpToMultipleOf(stackAlignmentRegisters(),
</span><del>-        newCodeBlock-&gt;numParameters() + JSStack::CallFrameHeaderSize);
</del><ins>+        newCodeBlock-&gt;numParameters() + CallFrame::headerSizeInRegisters);
</ins><span class="cx">     int paddedStackSpace = alignedFrameSizeForParameters - frameSize;
</span><span class="cx"> 
</span><span class="cx">     if (!stack-&gt;ensureCapacityFor(exec-&gt;registers() - paddedStackSpace % stackAlignmentRegisters()))
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -320,8 +320,6 @@
</span><span class="cx"> 
</span><span class="cx">     Base::setStructure(vm, Structure::toCacheableDictionaryTransition(vm, structure()));
</span><span class="cx"> 
</span><del>-    JSGlobalObject::globalExec()-&gt;init(0, 0, CallFrame::noCaller(), 0, 0);
-
</del><span class="cx">     m_debugger = 0;
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(REMOTE_INSPECTOR)
</span><span class="lines">@@ -331,16 +329,17 @@
</span><span class="cx">     m_consoleClient = m_inspectorController-&gt;consoleClient();
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><del>-    ExecState* exec = JSGlobalObject::globalExec();
-
</del><span class="cx">     m_functionPrototype.set(vm, this, FunctionPrototype::create(vm, FunctionPrototype::createStructure(vm, this, jsNull()))); // The real prototype will be set once ObjectPrototype is created.
</span><span class="cx">     m_calleeStructure.set(vm, this, JSCallee::createStructure(vm, this, jsNull()));
</span><span class="cx"> 
</span><span class="cx">     m_globalLexicalEnvironment.set(vm, this, JSGlobalLexicalEnvironment::create(vm, JSGlobalLexicalEnvironment::createStructure(vm, this), this));
</span><span class="cx">     // Need to create the callee structure (above) before creating the callee.
</span><del>-    m_globalCallee.set(vm, this, JSCallee::create(vm, this, globalScope()));
-    exec-&gt;setCallee(m_globalCallee.get());
</del><ins>+    JSCallee* globalCallee = JSCallee::create(vm, this, globalScope());
+    m_globalCallee.set(vm, this, globalCallee);
</ins><span class="cx"> 
</span><ins>+    ExecState::initGlobalExec(JSGlobalObject::globalExec(), globalCallee);
+    ExecState* exec = JSGlobalObject::globalExec();
+
</ins><span class="cx">     m_functionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
</span><span class="cx">     m_customGetterSetterFunctionStructure.initLater(
</span><span class="cx">         [] (const Initializer&lt;Structure&gt;&amp; init) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -209,7 +209,7 @@
</span><span class="cx"> public:
</span><span class="cx">     template&lt;typename T&gt; using Initializer = typename LazyProperty&lt;JSGlobalObject, T&gt;::Initializer;
</span><span class="cx">     
</span><del>-    Register m_globalCallFrame[JSStack::CallFrameHeaderSize];
</del><ins>+    Register m_globalCallFrame[CallFrame::headerSizeInRegisters];
</ins><span class="cx"> 
</span><span class="cx">     WriteBarrier&lt;JSObject&gt; m_globalThis;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStackAlignmenth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StackAlignment.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StackAlignment.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/runtime/StackAlignment.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -44,14 +44,14 @@
</span><span class="cx"> // an &quot;unaligned&quot; count of registers.
</span><span class="cx"> inline unsigned roundArgumentCountToAlignFrame(unsigned argumentCount)
</span><span class="cx"> {
</span><del>-    return WTF::roundUpToMultipleOf(stackAlignmentRegisters(), argumentCount + JSStack::CallFrameHeaderSize) - JSStack::CallFrameHeaderSize;
</del><ins>+    return WTF::roundUpToMultipleOf(stackAlignmentRegisters(), argumentCount + CallFrame::headerSizeInRegisters) - CallFrame::headerSizeInRegisters;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // Align local register count to make the last local end on a stack aligned address given the
</span><del>-// CallFrame is at an address that is stack aligned minus JSStack::CallerFrameAndPCSize
</del><ins>+// CallFrame is at an address that is stack aligned minus CallerFrameAndPC::sizeInRegisters
</ins><span class="cx"> inline unsigned roundLocalRegisterCountForFramePointerOffset(unsigned localRegisterCount)
</span><span class="cx"> {
</span><del>-    return WTF::roundUpToMultipleOf(stackAlignmentRegisters(), localRegisterCount + JSStack::CallerFrameAndPCSize) - JSStack::CallerFrameAndPCSize;
</del><ins>+    return WTF::roundUpToMultipleOf(stackAlignmentRegisters(), localRegisterCount + CallerFrameAndPC::sizeInRegisters) - CallerFrameAndPC::sizeInRegisters;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> inline unsigned logStackAlignmentRegisters()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWASMFunctionCompilerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WASMFunctionCompiler.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WASMFunctionCompiler.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/wasm/WASMFunctionCompiler.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -130,7 +130,7 @@
</span><span class="cx">         m_codeBlock-&gt;setCalleeSaveRegisters(RegisterSet::webAssemblyCalleeSaveRegisters());
</span><span class="cx"> 
</span><span class="cx">         emitFunctionPrologue();
</span><del>-        emitPutToCallFrameHeader(m_codeBlock, JSStack::CodeBlock);
</del><ins>+        emitPutToCallFrameHeader(m_codeBlock, CallFrameSlot::codeBlock);
</ins><span class="cx"> 
</span><span class="cx">         m_beginLabel = label();
</span><span class="cx"> 
</span><span class="lines">@@ -217,7 +217,7 @@
</span><span class="cx">         // FIXME: Implement arity check.
</span><span class="cx">         Label arityCheck = label();
</span><span class="cx">         emitFunctionPrologue();
</span><del>-        emitPutToCallFrameHeader(m_codeBlock, JSStack::CodeBlock);
</del><ins>+        emitPutToCallFrameHeader(m_codeBlock, CallFrameSlot::codeBlock);
</ins><span class="cx">         jump(m_beginLabel);
</span><span class="cx"> 
</span><span class="cx">         if (!m_divideErrorJumpList.empty()) {
</span><span class="lines">@@ -1347,7 +1347,7 @@
</span><span class="cx">     void boxArgumentsAndAdjustStackPointer(const Vector&lt;WASMType&gt;&amp; arguments)
</span><span class="cx">     {
</span><span class="cx">         size_t argumentCount = arguments.size();
</span><del>-        int stackOffset = -m_calleeSaveSpace - WTF::roundUpToMultipleOf(stackAlignmentRegisters(), m_numberOfLocals + m_tempStackTop + argumentCount + 1 + JSStack::CallFrameHeaderSize);
</del><ins>+        int stackOffset = -m_calleeSaveSpace - WTF::roundUpToMultipleOf(stackAlignmentRegisters(), m_numberOfLocals + m_tempStackTop + argumentCount + 1 + CallFrame::headerSizeInRegisters);
</ins><span class="cx"> 
</span><span class="cx">         storeTrustedValue(jsUndefined(), Address(GPRInfo::callFrameRegister, (stackOffset + CallFrame::thisArgumentOffset()) * sizeof(Register)));
</span><span class="cx"> 
</span><span class="lines">@@ -1384,7 +1384,7 @@
</span><span class="cx">         m_tempStackTop -= argumentCount;
</span><span class="cx"> 
</span><span class="cx">         addPtr(TrustedImm32(stackOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), GPRInfo::callFrameRegister, stackPointerRegister);
</span><del>-        store32(TrustedImm32(argumentCount + 1), Address(stackPointerRegister, JSStack::ArgumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
</del><ins>+        store32(TrustedImm32(argumentCount + 1), Address(stackPointerRegister, CallFrameSlot::argumentCount * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void callAndUnboxResult(WASMExpressionType returnType)
</span><span class="lines">@@ -1391,10 +1391,10 @@
</span><span class="cx">     {
</span><span class="cx">         // regT0 holds callee.
</span><span class="cx"> #if USE(JSVALUE64)
</span><del>-        store64(GPRInfo::regT0, Address(stackPointerRegister, JSStack::Callee * static_cast&lt;int&gt;(sizeof(Register)) - sizeof(CallerFrameAndPC)));
</del><ins>+        store64(GPRInfo::regT0, Address(stackPointerRegister, CallFrameSlot::callee * static_cast&lt;int&gt;(sizeof(Register)) - sizeof(CallerFrameAndPC)));
</ins><span class="cx"> #else
</span><del>-        store32(GPRInfo::regT0, Address(stackPointerRegister, JSStack::Callee * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
-        store32(TrustedImm32(JSValue::CellTag), Address(stackPointerRegister, JSStack::Callee * static_cast&lt;int&gt;(sizeof(Register)) + TagOffset - sizeof(CallerFrameAndPC)));
</del><ins>+        store32(GPRInfo::regT0, Address(stackPointerRegister, CallFrameSlot::callee * static_cast&lt;int&gt;(sizeof(Register)) + PayloadOffset - sizeof(CallerFrameAndPC)));
+        store32(TrustedImm32(JSValue::CellTag), Address(stackPointerRegister, CallFrameSlot::callee * static_cast&lt;int&gt;(sizeof(Register)) + TagOffset - sizeof(CallerFrameAndPC)));
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx">         DataLabelPtr addressOfLinkedFunctionCheck;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWASMFunctionSyntaxCheckerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WASMFunctionSyntaxChecker.h (203005 => 203006)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WASMFunctionSyntaxChecker.h        2016-07-08 21:06:33 UTC (rev 203005)
+++ trunk/Source/JavaScriptCore/wasm/WASMFunctionSyntaxChecker.h        2016-07-08 22:58:15 UTC (rev 203006)
</span><span class="lines">@@ -270,9 +270,9 @@
</span><span class="cx">     void updateTempStackHeightForCall(size_t argumentCount)
</span><span class="cx">     {
</span><span class="cx">         // Boxed arguments + this argument + call frame header + maximum padding.
</span><del>-        m_tempStackTop += argumentCount + 1 + JSStack::CallFrameHeaderSize + 1;
</del><ins>+        m_tempStackTop += argumentCount + 1 + CallFrame::headerSizeInRegisters + 1;
</ins><span class="cx">         updateTempStackHeight();
</span><del>-        m_tempStackTop -= argumentCount + 1 + JSStack::CallFrameHeaderSize + 1;
</del><ins>+        m_tempStackTop -= argumentCount + 1 + CallFrame::headerSizeInRegisters + 1;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     unsigned m_numberOfLocals;
</span></span></pre>
</div>
</div>

</body>
</html>